Hi Steve, I see. The 1.0.2 didn't work off-the-shelve but we found few fixes that made the engine working. Will it be acceptable to submit patches against the stable version? But I agree that the code was odd and probably our fixes will look odd as well.
Thank you, Alex Sent from my iPhone > On Dec 19, 2015, at 12:49 PM, Dr. Stephen Henson <[email protected]> wrote: > >> On Fri, Dec 18, 2015, Alexander Gostrer wrote: >> >> Hi Steve, >> >> John and I completed writing an ECDH engine based on the >> OpenSSL_1_0_2-stable branch. We were planning to expand it to the master >> but found some major changes made by you recently. What is the status of >> this task? Is it stable enough to follow it? Are you planning another >> changes? Is there a design document that we can use in our work? > > The version in master shouldn't change much any more. Documentation will be > available in the near future. The changes were meant to remove some of the > weird "quirks" of ECC compared to other algortihms and to permit future > expansion to a wider range of curves. > > In the meantime it shouldn't be too hard to follow how the new code works. > Instead of separate ECDH/ECDSA methods with weird locking and ex_data and > minimal ENGINE support everything is combined into a single EC_KEY_METHOD > which can contain ECDSA, ECDH and key generation (something which was > impossible with the old code) and be tied directly to an ENGINE. > > Most of the primary APIs such as ECDH_compute_key can be redirected directly > through an engine supplied function in EC_KEY_METHOD. > > Having said that the code is very new and may have the odd bug that needs to > be fixed. If you have any problems let me know and I'll look into them. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
