Attached is a patch to move the definition of ecdsa_method from src/crypto/ecdsa/ecs_locl.h to ecdsa.h and move the definition if ecdh_method from src/crypto/ecdh/ech_locl.h to ecdh.h
These mods expose the EC method definitions similar to how the RSA method (rsa_meth_st) is defined in rsa.h. This will assist in building dynamic engines that support EDCDA and ECDH without having to compile against the OpenSSL source. We have working an OpenSC engine_pkcs11 and libp11 to support ECDSA that has been tested using libsofthsm.so and opensc-pkcs11.so PKCS#11 modules. The opensc-pkcs11 is using smart cards that support ECC. The libp11 has being built by including the ecs_locl.h. (It was also tested using these patches.) This bug is now 2.5 years old. ECC is becoming more important, and engine support of ECC is required. The patch is against OpenSSL-1.0.1e. I do see in the commit 8a99cb29d1f0013243a532bccc1dc70ed678eebe modifed the ecdsa_method structure, but commit 190c615d4398cc6c8b61eb7881d7409314529a75 reverted the changes. 190c615d... says: "It also reverts the changes to (EC)DSA_METHOD structure." -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444
--- openssl-1.0.1e/crypto/ecdh/,ech_locl.h Mon Feb 11 09:26:04 2013 +++ openssl-1.0.1e/crypto/ecdh/ech_locl.h Tue Sep 10 13:24:20 2013 @@ -62,19 +62,6 @@ extern "C" { #endif -struct ecdh_method - { - const char *name; - int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); -#if 0 - int (*init)(EC_KEY *eckey); - int (*finish)(EC_KEY *eckey); -#endif - int flags; - char *app_data; - }; - /* If this flag is set the ECDH method is FIPS compliant and can be used * in FIPS mode. This is set in the validated module method. If an * application sets this flag in its own methods it is its responsibility --- openssl-1.0.1e/crypto/ecdh/,ecdh.h Mon Feb 11 09:26:04 2013 +++ openssl-1.0.1e/crypto/ecdh/ecdh.h Tue Sep 10 13:24:24 2013 @@ -85,6 +85,19 @@ extern "C" { #endif +struct ecdh_method + { + const char *name; + int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); +#if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +#endif + int flags; + char *app_data; + }; + const ECDH_METHOD *ECDH_OpenSSL(void); void ECDH_set_default_method(const ECDH_METHOD *); --- openssl-1.0.1e/crypto/ecdsa/,ecdsa.h Mon Feb 11 09:26:04 2013 +++ openssl-1.0.1e/crypto/ecdsa/ecdsa.h Tue Sep 10 14:22:35 2013 @@ -81,6 +81,23 @@ BIGNUM *s; } ECDSA_SIG; +struct ecdsa_method + { + const char *name; + ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, + const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey); + int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **r); + int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); +#if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +#endif + int flags; + char *app_data; + }; + /** Allocates and initialize a ECDSA_SIG structure * \return pointer to a ECDSA_SIG structure or NULL if an error occurred */ --- openssl-1.0.1e/crypto/ecdsa/,ecs_locl.h Mon Feb 11 09:26:04 2013 +++ openssl-1.0.1e/crypto/ecdsa/ecs_locl.h Tue Sep 10 13:20:55 2013 @@ -65,23 +65,6 @@ extern "C" { #endif -struct ecdsa_method - { - const char *name; - ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, - const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey); - int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, - BIGNUM **r); - int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); -#if 0 - int (*init)(EC_KEY *eckey); - int (*finish)(EC_KEY *eckey); -#endif - int flags; - char *app_data; - }; - /* If this flag is set the ECDSA method is FIPS compliant and can be used * in FIPS mode. This is set in the validated module method. If an * application sets this flag in its own methods it is its responsibility