On 7/21/2017 7:19 AM, Johannes Bauer wrote:
On 21.07.2017 14:00, Douglas E Engert wrote:It uses either: ops = ECDSA_METHOD_new((ECDSA_METHOD *)ECDSA_OpenSSL()); or ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL()); which copy the default structure to the new opaque structure. It then sets the routines it wants to change.Ah, I missed this. Works perfectly, thank you very much for the tip. I've also ported the engine to work on both OpenSSL 1.0 and 1.1 -- however the cast to a (mutable) EC_KEY_METHOD* isn't necessary for 1.1 (where the prototype accepts a const EC_KEY_METHOD*). However, when I want to set the sign function for v1.1, I want to override sig_sign, but use the OpenSSL default sign and sign_setup functions. For this, I use EC_KEY_METHOD_get_sign. Unfortunately, for no obvious reason, EC_KEY_METHOD_get_sign requires a EC_KEY_METHOD* instead of a const EC_KEY_METHOD*. Do you happen to know why this is? Looking at the code, there doesn't seem to be a reason for it. Gives an ugly compile-time warning.
I don't see your problem with OpenSSL-1.1.0f. I don't recall seeing it with earlier version either. p11_ec.c does: 647 static EC_KEY_METHOD *ops = NULL; 648 int (*orig_sign)(int, const unsigned char *, int, unsigned char *, 649 unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; 653 ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL()); 654 EC_KEY_METHOD_get_sign(ops, &orig_sign, NULL, NULL); 655 EC_KEY_METHOD_set_sign(ops, orig_sign, NULL, pkcs11_ecdsa_sign_sig);
Cheers, Johannes
-- Douglas E. Engert <[email protected]> -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
