Menu
▾
▴
Re: [Opensc-devel] ECDSA, engine_pkcs11, libp11 and OpenSSL
|
From: Douglas E. E. <dee...@an...> - 2013-09-19 21:51:27
|
On 9/19/2013 4:02 PM, Alon Bar-Lev wrote: > On Thu, Sep 19, 2013 at 11:31 PM, Douglas E. Engert <dee...@an...> wrote: >> Modifications to engine_pkcs11 and libp11 to support ECDSA >> are available at github for testing, and I am looking for >> comments. >> >> https://github.com/dengert/libp11 >> >> https://github.com/dengert/engine_pkcs11 >> > > Hi, > > This is great, I also recently updated pkcs11-helper[1] to support > ecdsa as well. > > What I am missing in the new solution[2] is finish method as in other > methods, this will allow cleanup method instance resources. Yes, OpenSSL had the init and finish with "#if 0". and yes they may be needed, I think that is why they left them in the code, but commented out, and why they do not want to expose the ECDSA_METHOD structure. > > I am far from being openssl expert, but I did expect to see these > do_sign and sign_setup to accept ecdsa as parameter and not ec... Since both ECDSA and ECDH methods can use EC keys, they split up some of that. Look at the ecdsa_check() "checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure" That then points to the ECDSA_METHOD. and the ecdh_check() It might be the ecdsa_data_st, need to have the finish It has an init. the inti or finish might depend on how the key is used last. I don't thing the OpenSSL developers have a good handle on what the engine might need. My ecdsa code may also have memory leaks too... > > Regards, > Alon > > [1] https://github.com/alonbl/pkcs11-helper/commits/ec > [2] http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=HEAD;hp=96006022671b4db342a4dcfc3d96edbb3337bb4e > -- Douglas E. Engert <DEE...@an...> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 |
