Re: Wanted: smartcard with ECDSA support

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 





On 3/31/2015 4:23 AM, Thomas Calderon wrote:
Hi list,

I have no idea if Damien Miller had the time to work on that.

I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
required interfaces to override the signature function pointer for ECDSA.
The only limitation is that the OpenSSL API misses some cleanup function
(finish, for instance), hence I have yet to find a way to properly free the
PKCS#11 resources.

OpenSC, engine_opensc and libp11 versions on github can use OpenSSL-1.0.2 with ECDSA.
They have the similar problems with memory leaks and ECDSA. But they do work,
if you can live with the memory leaks,for example to sign a certificate request
with ECDSA.


Is this a contribution you might be interested in ?

Any OpenSSL code to call PKCS#11 directly and eliminate the need for the engine_opensc
would welcome.



Cheers,

Thomas Calderon
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


--

 Douglas E. Engert  <DEEngert@xxxxxxxxx>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux