2

I am trying to write an OpenSSL Engine with ECDH support. I am following this page on the OpenSSL wiki : https://wiki.openssl.org/index.php/Creating_an_OpenSSL_Engine_to_use_indigenous_ECDH_ECDSA_and_HASH_Algorithms.

However it is based on version 1.0.2 and I need to use OpenSSL 1.1.1. In the wiki they register the ECDH method by using the ENGINE_set_ECDH(ENGINE *e, ECDH_METHOD * ecdh) function but this function is not available with OpenSSL 1.1.1.

I looked the documentation but i didn’t find the equivalent for version 1.1.1. The same problem also applied for the ECDSA method with ENGINE_set_ECDSA not being available. How should I proceed to make the engine implementing ECDH, how can I replace the ENGINE_set_ECDH function ?

runnenolleb
  • 21
  • 2
  • 1
    Unfortunately this can't be done in OpenSSL 1.1.1. In fact it never really could be done properly even in 1.0.2. It required you to know the structure of the ECDH_METHOD object - but that was never in the OpenSSL public header files. You had to dive into the internal header files in order to find it. Since the internal header files could change from one patch release to the next (there is no stability guarantee for them) you could suddenly find your engine was broken at any point. It was for this reason that this function was removed in OpenSSL 1.1.0 and there is no replacement for it. – Matt Caswell Jun 05 '19 at 16:10
  • 1
    FYI, OpenSSL 3.0 (currently in development) will be able to do something similar with the new "provider" architecture (which replaces engines). But the code for EC hasn't been implemented yet. – Matt Caswell Jun 05 '19 at 16:11

0 Answers0