On 7/21/2017 7:19 AM, Johannes Bauer wrote:
On 21.07.2017 14:00, Douglas E Engert wrote:
It uses either:
ops = ECDSA_METHOD_new((ECDSA_METHOD *)ECDSA_OpenSSL());
or
ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL());
which copy the default structure to the new opaque structure.
It then sets the routines it wants to change.
Ah, I missed this. Works perfectly, thank you very much for the tip.
I've also ported the engine to work on both OpenSSL 1.0 and 1.1 --
however the cast to a (mutable) EC_KEY_METHOD* isn't necessary for 1.1
(where the prototype accepts a const EC_KEY_METHOD*).
However, when I want to set the sign function for v1.1, I want to
override sig_sign, but use the OpenSSL default sign and sign_setup
functions. For this, I use EC_KEY_METHOD_get_sign. Unfortunately, for no
obvious reason, EC_KEY_METHOD_get_sign requires a EC_KEY_METHOD* instead
of a const EC_KEY_METHOD*. Do you happen to know why this is? Looking at
the code, there doesn't seem to be a reason for it. Gives an ugly
compile-time warning.
I don't see your problem with OpenSSL-1.1.0f. I don't recall seeing it with
earlier version either. p11_ec.c does:
647 static EC_KEY_METHOD *ops = NULL;
648 int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
649 unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) =
NULL;
653 ops = EC_KEY_METHOD_new((EC_KEY_METHOD *)EC_KEY_OpenSSL());
654 EC_KEY_METHOD_get_sign(ops, &orig_sign, NULL, NULL);
655 EC_KEY_METHOD_set_sign(ops, orig_sign, NULL,
pkcs11_ecdsa_sign_sig);
Cheers,
Johannes
--
Douglas E. Engert <deeng...@gmail.com>
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev