[xmlsec] Patch Submission

Mak Kolybabi mak at kolybabi.com
Fri Jan 18 09:03:53 PST 2013


On 2013-01-18 08:52, Aleksey Sanin wrote:
> Could you please send your patches as diff attachments to the email?

Done, see attached. One patch per branch.

-- 
Mak Kolybabi
<mak at kolybabi.com>

() ASCII Ribbon Campaign | Against HTML e-mail
/\  www.asciiribbon.org  | Against proprietary extensions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: text-corrections.diff
Type: text/x-diff
Size: 26117 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20130118/6b29490c/attachment-0001.diff>
-------------- next part --------------
diff --git a/configure.in b/configure.in
index 7120258..6819c83 100644
--- a/configure.in
+++ b/configure.in
@@ -1234,6 +1234,22 @@ AM_CONDITIONAL(XMLSEC_NO_DSA, test "z$XMLSEC_NO_DSA" = "z1")
 AC_SUBST(XMLSEC_NO_DSA)
 
 dnl ==========================================================================
+dnl See do we need ECDSA support
+dnl ==========================================================================
+AC_MSG_CHECKING(for ECDSA support)
+AC_ARG_ENABLE(ecdsa,   [  --enable-ecdsa          enable ECDSA support (yes)])
+if test "z$enable_ecdsa" = "zno" ; then
+    XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_ECDSA=1"
+    XMLSEC_NO_ECDSA="1"
+    AC_MSG_RESULT(no)
+else
+    XMLSEC_NO_ECDSA="0"
+    AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_ECDSA, test "z$XMLSEC_NO_ECDSA" = "z1")
+AC_SUBST(XMLSEC_NO_ECDSA)
+
+dnl ==========================================================================
 dnl See do we need RSA suport
 dnl ==========================================================================
 AC_MSG_CHECKING(for RSA support) 
diff --git a/include/xmlsec/app.h b/include/xmlsec/app.h
index 7f61ac6..5fe572a 100644
--- a/include/xmlsec/app.h
+++ b/include/xmlsec/app.h
@@ -66,6 +66,13 @@ XMLSEC_EXPORT xmlSecKeyDataId                   xmlSecKeyDataDesGetKlass
 #define xmlSecKeyDataDsaId                      xmlSecKeyDataDsaGetKlass()
 XMLSEC_EXPORT xmlSecKeyDataId                   xmlSecKeyDataDsaGetKlass        (void);
 /**
+ * xmlSecKeyDataEcdsaId:
+ *
+ * The ECDSA key klass.
+ */
+#define xmlSecKeyDataEcdsaId                    xmlSecKeyDataEcdsaGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId                   xmlSecKeyDataEcdsaGetKlass      (void);
+/**
  * xmlSecKeyDataGost2001Id:
  *
  * The GOST2001 key klass.
@@ -182,6 +189,48 @@ XMLSEC_EXPORT xmlSecTransformId                 xmlSecTransformKWDes3GetKlass
  */
 #define xmlSecTransformDsaSha1Id                xmlSecTransformDsaSha1GetKlass()
 XMLSEC_EXPORT xmlSecTransformId                 xmlSecTransformDsaSha1GetKlass  (void);
+/**
+ * xmlSecTransformDsaSha256Id:
+ *
+ * The DSA-SHA256 signature transform klass.
+ */
+#define xmlSecTransformDsaSha256Id              xmlSecTransformDsaSha256GetKlass()
+XMLSEC_EXPORT xmlSecTransformId                 xmlSecTransformDsaSha256GetKlass  (void);
+/**
+ * xmlSecTransformEcdsaSha1Id:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha1Id              xmlSecTransformEcdsaSha1GetKlass()
+XMLSEC_EXPORT xmlSecTransformId                 xmlSecTransformEcdsaSha1GetKlass  (void);
+/**
+ * xmlSecTransformEcdsaSha224Id:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha224Id            xmlSecTransformEcdsaSha224GetKlass()
+XMLSEC_EXPORT xmlSecTransformId                 xmlSecTransformEcdsaSha224GetKlass  (void);
+/**
+ * xmlSecTransformEcdsaSha256Id:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha256Id            xmlSecTransformEcdsaSha256GetKlass()
+XMLSEC_EXPORT xmlSecTransformId                 xmlSecTransformEcdsaSha256GetKlass  (void);
+/**
+ * xmlSecTransformEcdsaSha384Id:
+ *
+ * The ECDS-SHA384 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha384Id            xmlSecTransformEcdsaSha384GetKlass()
+XMLSEC_EXPORT xmlSecTransformId                 xmlSecTransformEcdsaSha384GetKlass  (void);
+/**
+ * xmlSecTransformEcdsaSha512Id:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ */
+#define xmlSecTransformEcdsaSha512Id            xmlSecTransformEcdsaSha512GetKlass()
+XMLSEC_EXPORT xmlSecTransformId                 xmlSecTransformEcdsaSha512GetKlass  (void);
 
 /**
  * xmlSecTransformGost2001GostR3411_94Id:
diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h
index 7ceace3..aec5fb3 100644
--- a/include/xmlsec/openssl/crypto.h
+++ b/include/xmlsec/openssl/crypto.h
@@ -182,10 +182,102 @@ XMLSEC_CRYPTO_EXPORT EVP_PKEY*          xmlSecOpenSSLKeyDataDsaGetEvp   (xmlSecK
 XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDsaSha1GetKlass(void);
 #endif /* XMLSEC_NO_SHA1 */
 
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecOpenSSLTransformDsaSha256Id:
+ *
+ * The DSA SHA256 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformDsaSha256Id \
+        xmlSecOpenSSLTransformDsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
 #endif /* XMLSEC_NO_DSA */
 
 /********************************************************************
  *
+ * ECDSA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_ECDSA
+#include <openssl/ecdsa.h>
+#include <openssl/evp.h>
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaId:
+ *
+ * The ECDSA key klass.
+ */
+#define xmlSecOpenSSLKeyDataEcdsaId \
+        xmlSecOpenSSLKeyDataEcdsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId    xmlSecOpenSSLKeyDataEcdsaGetKlass   (void);
+XMLSEC_CRYPTO_EXPORT int                xmlSecOpenSSLKeyDataEcdsaAdoptEcdsa (xmlSecKeyDataPtr data,
+                                                                             EC_KEY* ecdsa);
+XMLSEC_CRYPTO_EXPORT EC_KEY*            xmlSecOpenSSLKeyDataEcdsaGetEcdsa   (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT int                xmlSecOpenSSLKeyDataEcdsaAdoptEvp   (xmlSecKeyDataPtr data,
+                                                                             EVP_PKEY* pKey);
+XMLSEC_CRYPTO_EXPORT EVP_PKEY*          xmlSecOpenSSLKeyDataEcdsaGetEvp     (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecOpenSSLTransformEcdsaSha1Id:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha1Id \
+        xmlSecOpenSSLTransformEcdsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/**
+ * xmlSecOpenSSLTransformEcdsaSha224Id:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha224Id \
+        xmlSecOpenSSLTransformEcdsaSha224GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha224GetKlass(void);
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecOpenSSLTransformEcdsaSha256Id:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha256Id \
+        xmlSecOpenSSLTransformEcdsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecOpenSSLTransformEcdsaSha384Id:
+ *
+ * The ECDSA-SHA384 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha384Id \
+        xmlSecOpenSSLTransformEcdsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecOpenSSLTransformEcdsaSha512Id:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformEcdsaSha512Id \
+        xmlSecOpenSSLTransformEcdsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformEcdsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
+/********************************************************************
+ *
  * GOST2001 transform
  *
  *******************************************************************/
diff --git a/include/xmlsec/openssl/symbols.h b/include/xmlsec/openssl/symbols.h
index 9fb9153..15ae9b9 100644
--- a/include/xmlsec/openssl/symbols.h
+++ b/include/xmlsec/openssl/symbols.h
@@ -37,6 +37,7 @@ extern "C" {
 #define xmlSecKeyDataAesId                      xmlSecOpenSSLKeyDataAesId
 #define xmlSecKeyDataDesId                      xmlSecOpenSSLKeyDataDesId
 #define xmlSecKeyDataDsaId                      xmlSecOpenSSLKeyDataDsaId
+#define xmlSecKeyDataEcdsaId                    xmlSecOpenSSLKeyDataEcdsaId
 #define xmlSecKeyDataHmacId                     xmlSecOpenSSLKeyDataHmacId
 #define xmlSecKeyDataRsaId                      xmlSecOpenSSLKeyDataRsaId
 #define xmlSecKeyDataX509Id                     xmlSecOpenSSLKeyDataX509Id
@@ -63,6 +64,12 @@ extern "C" {
 #define xmlSecTransformDes3CbcId                xmlSecOpenSSLTransformDes3CbcId
 #define xmlSecTransformKWDes3Id                 xmlSecOpenSSLTransformKWDes3Id
 #define xmlSecTransformDsaSha1Id                xmlSecOpenSSLTransformDsaSha1Id
+#define xmlSecTransformDsaSha256Id              xmlSecOpenSSLTransformDsaSha256Id
+#define xmlSecTransformEcdsaSha1Id              xmlSecOpenSSLTransformEcdsaSha1Id
+#define xmlSecTransformEcdsaSha224Id            xmlSecOpenSSLTransformEcdsaSha224Id
+#define xmlSecTransformEcdsaSha256Id            xmlSecOpenSSLTransformEcdsaSha256Id
+#define xmlSecTransformEcdsaSha384Id            xmlSecOpenSSLTransformEcdsaSha384Id
+#define xmlSecTransformEcdsaSha512Id            xmlSecOpenSSLTransformEcdsaSha512Id
 #define xmlSecTransformHmacMd5Id                xmlSecOpenSSLTransformHmacMd5Id
 #define xmlSecTransformHmacRipemd160Id          xmlSecOpenSSLTransformHmacRipemd160Id
 #define xmlSecTransformHmacSha1Id               xmlSecOpenSSLTransformHmacSha1Id
diff --git a/include/xmlsec/private.h b/include/xmlsec/private.h
index 3e3bbc9..74e6de1 100644
--- a/include/xmlsec/private.h
+++ b/include/xmlsec/private.h
@@ -334,6 +334,7 @@ typedef int                     (*xmlSecCryptoAppKeyCertLoadMemoryMethod)(xmlSec
  * @keyDataAesGetKlass:         the method to get pointer to AES key data klass.
  * @keyDataDesGetKlass:         the method to get pointer to DES key data klass.
  * @keyDataDsaGetKlass:         the method to get pointer to DSA key data klass.
+ * @keyDataEcdsaGetKlass:       the method to get pointer to ECDSA key data klass.
  * @keyDataGost2001GetKlass:    the method to get pointer to GOST 2001 key data klass.
  * @keyDataHmacGetKlass:        the method to get pointer to HMAC key data klass.
  * @keyDataRsaGetKlass:         the method to get pointer to RSA key data klass.
@@ -349,6 +350,12 @@ typedef int                     (*xmlSecCryptoAppKeyCertLoadMemoryMethod)(xmlSec
  * @transformDes3CbcGetKlass:   the method to get pointer to Triple DES encryption transform.
  * @transformKWDes3GetKlass:    the method to get pointer to Triple DES key wrapper transform.
  * @transformDsaSha1GetKlass:   the method to get pointer to DSA-SHA1 signature transform.
+ * @transformDsaSha256GetKlass: the method to get pointer to DSA-SHA256 signature transform.
+ * @transformEcdsaSha1GetKlass: the method to get pointer to ECDSA-SHA1 signature transform.
+ * @transformEcdsaSha224GetKlass: the method to get pointer to ECDSA-SHA224 signature transform.
+ * @transformEcdsaSha256GetKlass: the method to get pointer to ECDSA-SHA256 signature transform.
+ * @transformEcdsaSha384GetKlass: the method to get pointer to ECDSA-SHA384 signature transform.
+ * @transformEcdsaSha512GetKlass: the method to get pointer to ECDSA-SHA512 signature transform.
  * @transformGost2001GostR3411_94GetKlass: the method to get pointer to GOST2001 transform.
  * @transformHmacMd5GetKlass:   the method to get pointer to HMAC-MD5 transform.
  * @transformHmacRipemd160GetKlass: the method to get pointer to HMAC-RIPEMD160 transform.
@@ -402,6 +409,7 @@ struct _xmlSecCryptoDLFunctions {
     xmlSecCryptoKeyDataGetKlassMethod            keyDataAesGetKlass;
     xmlSecCryptoKeyDataGetKlassMethod            keyDataDesGetKlass;
     xmlSecCryptoKeyDataGetKlassMethod            keyDataDsaGetKlass;
+    xmlSecCryptoKeyDataGetKlassMethod            keyDataEcdsaGetKlass;
     xmlSecCryptoKeyDataGetKlassMethod            keyDataGost2001GetKlass;
     xmlSecCryptoKeyDataGetKlassMethod            keyDataHmacGetKlass;
     xmlSecCryptoKeyDataGetKlassMethod            keyDataRsaGetKlass;
@@ -421,6 +429,12 @@ struct _xmlSecCryptoDLFunctions {
     xmlSecCryptoTransformGetKlassMethod          transformDes3CbcGetKlass;
     xmlSecCryptoTransformGetKlassMethod          transformKWDes3GetKlass;
     xmlSecCryptoTransformGetKlassMethod          transformDsaSha1GetKlass;
+    xmlSecCryptoTransformGetKlassMethod          transformDsaSha256GetKlass;
+    xmlSecCryptoTransformGetKlassMethod          transformEcdsaSha1GetKlass;
+    xmlSecCryptoTransformGetKlassMethod          transformEcdsaSha224GetKlass;
+    xmlSecCryptoTransformGetKlassMethod          transformEcdsaSha256GetKlass;
+    xmlSecCryptoTransformGetKlassMethod          transformEcdsaSha384GetKlass;
+    xmlSecCryptoTransformGetKlassMethod          transformEcdsaSha512GetKlass;
     xmlSecCryptoTransformGetKlassMethod          transformGost2001GostR3411_94GetKlass;
     xmlSecCryptoTransformGetKlassMethod          transformHmacMd5GetKlass;
     xmlSecCryptoTransformGetKlassMethod          transformHmacRipemd160GetKlass;
diff --git a/include/xmlsec/skeleton/symbols.h b/include/xmlsec/skeleton/symbols.h
index 7be57a4..9902d3f 100644
--- a/include/xmlsec/skeleton/symbols.h
+++ b/include/xmlsec/skeleton/symbols.h
@@ -37,6 +37,7 @@ extern "C" {
 #define xmlSecKeyDataAesId                      xmlSecSkeletonKeyDataAesId
 #define xmlSecKeyDataDesId                      xmlSecSkeletonKeyDataDesId
 #define xmlSecKeyDataDsaId                      xmlSecSkeletonKeyDataDsaId
+#define xmlSecKeyDataEcdsaId                    xmlSecSkeletonKeyDataEcdsaId
 #define xmlSecKeyDataHmacId                     xmlSecSkeletonKeyDataHmacId
 #define xmlSecKeyDataRsaId                      xmlSecSkeletonKeyDataRsaId
 #define xmlSecKeyDataX509Id                     xmlSecSkeletonKeyDataX509Id
@@ -63,6 +64,12 @@ extern "C" {
 #define xmlSecTransformDes3CbcId                xmlSecSkeletonTransformDes3CbcId
 #define xmlSecTransformKWDes3Id                 xmlSecSkeletonTransformKWDes3Id
 #define xmlSecTransformDsaSha1Id                xmlSecSkeletonTransformDsaSha1Id
+#define xmlSecTransformDsaSha256Id              xmlSecSkeletonTransformDsaSha256Id
+#define xmlSecTransformEcdsaSha1Id              xmlSecSkeletonTransformEcdsaSha1Id
+#define xmlSecTransformEcdsaSha224Id            xmlSecSkeletonTransformEcdsaSha224Id
+#define xmlSecTransformEcdsaSha256Id            xmlSecSkeletonTransformEcdsaSha256Id
+#define xmlSecTransformEcdsaSha384Id            xmlSecSkeletonTransformEcdsaSha384Id
+#define xmlSecTransformEcdsaSha512Id            xmlSecSkeletonTransformEcdsaSha512Id
 #define xmlSecTransformHmacMd5Id                xmlSecSkeletonTransformHmacMd5Id
 #define xmlSecTransformHmacRipemd160Id          xmlSecSkeletonTransformHmacRipemd160Id
 #define xmlSecTransformHmacSha1Id               xmlSecSkeletonTransformHmacSha1Id
diff --git a/include/xmlsec/strings.h b/include/xmlsec/strings.h
index 98650bf..5e3f6a1 100644
--- a/include/xmlsec/strings.h
+++ b/include/xmlsec/strings.h
@@ -318,6 +318,43 @@ XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAPgenCounter[];
 XMLSEC_EXPORT_VAR const xmlChar xmlSecNameDsaSha1[];
 XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefDsaSha1[];
 
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameDsaSha256[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefDsaSha256[];
+
+/*************************************************************************
+ *
+ * ECDSA strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameECDSAKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefECDSAKeyValue[];
+
+/* XXX-MAK: More constants will be needed later. */
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAP[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAQ[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAG[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAJ[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAX[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAY[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSASeed[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeECDSAPgenCounter[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha1[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha1[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha224[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha224[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha256[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha256[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha384[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha384[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEcdsaSha512[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEcdsaSha512[];
+
 /*************************************************************************
  *
  * GOST2001 strings
diff --git a/src/app.c b/src/app.c
index 925c24b..f36e9fc 100644
--- a/src/app.c
+++ b/src/app.c
@@ -174,6 +174,29 @@ xmlSecKeyDataDsaGetKlass(void) {
 }
 
 /**
+ * xmlSecKeyDataEcdsaGetKlass:
+ *
+ * The ECDSA key data klass.
+ *
+ * Returns: ECDSA key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the ECDSA key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataEcdsaGetKlass(void) {
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataEcdsaGetKlass == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "keyDataEcdsaId",
+                    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecKeyDataIdUnknown);
+    }
+
+    return(xmlSecCryptoDLGetFunctions()->keyDataEcdsaGetKlass());
+}
+
+/**
  * xmlSecKeyDataGost2001GetKlass:
  *
  * The GOST2001 key data klass.
@@ -529,6 +552,144 @@ xmlSecTransformDsaSha1GetKlass(void) {
 }
 
 /**
+ * xmlSecTransformDsaSha256GetKlass:
+ *
+ * The DSA-SHA256 signature transform klass.
+ *
+ * Returns: DSA-SHA256 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformDsaSha256GetKlass(void) {
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDsaSha256GetKlass == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "transformDsaSha256Id",
+                    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecTransformIdUnknown);
+    }
+
+    return(xmlSecCryptoDLGetFunctions()->transformDsaSha256!GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha1GetKlass:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ *
+ * Returns: ECDSA-SHA1 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha1GetKlass(void) {
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha1GetKlass == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "transformEcdsaSha1Id",
+                    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecTransformIdUnknown);
+    }
+
+    return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha1GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha224GetKlass:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ *
+ * Returns: ECDSA-SHA224 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha224GetKlass(void) {
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha224GetKlass == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "transformEcdsaSha224Id",
+                    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecTransformIdUnknown);
+    }
+
+    return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha224GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha256GetKlass:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ *
+ * Returns: ECDSA-SHA256 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha256GetKlass(void) {
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha256GetKlass == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "transformEcdsaSha256Id",
+                    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecTransformIdUnknown);
+    }
+
+    return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha256GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha384GetKlass:
+ *
+ * The ECDSA-SHA384 signature transform klass.
+ *
+ * Returns: ECDSA-SHA384 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha384GetKlass(void) {
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha384GetKlass == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "transformEcdsaSha384Id",
+                    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecTransformIdUnknown);
+    }
+
+    return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha384GetKlass());
+}
+
+/**
+ * xmlSecTransformEcdsaSha512GetKlass:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ *
+ * Returns: ECDSA-SHA512 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformEcdsaSha512GetKlass(void) {
+    if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha512GetKlass == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "transformEcdsaSha512Id",
+                    XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(xmlSecTransformIdUnknown);
+    }
+
+    return(xmlSecCryptoDLGetFunctions()->transformEcdsaSha512GetKlass());
+}
+
+/**
  * xmlSecTransformGost2001GostR3411_94GetKlass:
  *
  * The GOST2001-GOSTR3411_94 signature transform klass.
diff --git a/src/dl.c b/src/dl.c
index 6e8a56a..5ffc2ff 100644
--- a/src/dl.c
+++ b/src/dl.c
@@ -634,6 +634,14 @@ xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFuncti
                     XMLSEC_ERRORS_NO_MESSAGE);
         return(-1);
     }
+    if((functions->keyDataEcdsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataEcdsaGetKlass()) < 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataEcdsaGetKlass())),
+                    "xmlSecKeyDataIdsRegister",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
     if((functions->keyDataGost2001GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGost2001GetKlass()) < 0)) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGost2001GetKlass())),
@@ -771,6 +779,60 @@ xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFuncti
         return(-1);
     }
 
+    if((functions->transformDsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDsaSha256GetKlass()) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha256GetKlass())),
+                    "xmlSecTransformIdsRegister",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    if((functions->transformEcdsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha1GetKlass()) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha1GetKlass())),
+                    "xmlSecTransformIdsRegister",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    if((functions->transformEcdsaSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha224GetKlass()) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha224GetKlass())),
+                    "xmlSecTransformIdsRegister",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    if((functions->transformEcdsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha256GetKlass()) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha256GetKlass())),
+                    "xmlSecTransformIdsRegister",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    if((functions->transformEcdsaSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha384GetKlass()) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha384GetKlass())),
+                    "xmlSecTransformIdsRegister",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
+    if((functions->transformEcdsaSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha512GetKlass()) < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha512GetKlass())),
+                    "xmlSecTransformIdsRegister",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+
     if((functions->transformHmacMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacMd5GetKlass()) < 0) {
         xmlSecError(XMLSEC_ERRORS_HERE,
                     xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacMd5GetKlass())),
diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c
index d141a5c..eba1a32 100644
--- a/src/openssl/crypto.c
+++ b/src/openssl/crypto.c
@@ -74,6 +74,10 @@ xmlSecCryptoGetFunctions_openssl(void) {
     gXmlSecOpenSSLFunctions->keyDataDsaGetKlass         = xmlSecOpenSSLKeyDataDsaGetKlass;
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_ECDSA
+    gXmlSecOpenSSLFunctions->keyDataEcdsaGetKlass       = xmlSecOpenSSLKeyDataEcdsaGetKlass;
+#endif /* XMLSEC_NO_ECDSA */
+
 #ifndef XMLSEC_NO_GOST
     gXmlSecOpenSSLFunctions->keyDataGost2001GetKlass           = xmlSecOpenSSLKeyDataGost2001GetKlass;
 #endif /* XMLSEC_NO_GOST*/
@@ -129,8 +133,37 @@ xmlSecCryptoGetFunctions_openssl(void) {
     gXmlSecOpenSSLFunctions->transformDsaSha1GetKlass           = xmlSecOpenSSLTransformDsaSha1GetKlass;
 #endif /* XMLSEC_NO_SHA1 */
 
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecOpenSSLFunctions->transformDsaSha256GetKlass         = xmlSecOpenSSLTransformDsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
 #endif /* XMLSEC_NO_DSA */
 
+    /******************************* ECDSA ********************************/
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecOpenSSLFunctions->transformEcdsaSha1GetKlass         = xmlSecOpenSSLTransformEcdsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+    gXmlSecOpenSSLFunctions->transformEcdsaSha224GetKlass       = xmlSecOpenSSLTransformEcdsaSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecOpenSSLFunctions->transformEcdsaSha256GetKlass       = xmlSecOpenSSLTransformEcdsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecOpenSSLFunctions->transformEcdsaSha384GetKlass       = xmlSecOpenSSLTransformEcdsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecOpenSSLFunctions->transformEcdsaSha512GetKlass       = xmlSecOpenSSLTransformEcdsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
     /******************************* GOST ********************************/
 #ifndef XMLSEC_NO_GOST
     gXmlSecOpenSSLFunctions->transformGost2001GostR3411_94GetKlass             = xmlSecOpenSSLTransformGost2001GostR3411_94GetKlass;
diff --git a/src/openssl/evp.c b/src/openssl/evp.c
index a23de38..54218a4 100644
--- a/src/openssl/evp.c
+++ b/src/openssl/evp.c
@@ -237,6 +237,19 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) {
         }
         break;
 #endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+    case EVP_PKEY_EC:
+        data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataEcdsaId);
+        if(data == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlSecKeyDataCreate",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "xmlSecOpenSSLKeyDataEcdsaId");
+            return(NULL);
+        }
+        break;
+#endif /* XMLSEC_NO_ECDSA */
 #ifndef XMLSEC_NO_GOST
     case NID_id_GostR3410_2001:
         data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGost2001Id);
@@ -997,6 +1010,283 @@ xmlSecOpenSSLKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
 
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_ECDSA
+/**************************************************************************
+ *
+ * ECDSA XML key representation processing.
+ *
+ * http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7802
+ *
+ * RFC 4050 [RFC4050] describes a possible <dsig:KeyValue> representation
+ * for an ECDSA key. The representation and processing instructions
+ * described in [RFC4050] are not completely compatible with [XMLDSIG-11];
+ * therefore, ECDSA keys SHOULD NOT be provided through a <dsig:KeyValue>
+ * element.
+ *
+ *************************************************************************/
+static int              xmlSecOpenSSLKeyDataEcdsaInitialize(xmlSecKeyDataPtr data);
+static int              xmlSecOpenSSLKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst,
+                                                           xmlSecKeyDataPtr src);
+static void             xmlSecOpenSSLKeyDataEcdsaFinalize(xmlSecKeyDataPtr data);
+static int              xmlSecOpenSSLKeyDataEcdsaXmlRead(xmlSecKeyDataId id,
+                                                         xmlSecKeyPtr key,
+                                                         xmlNodePtr node,
+                                                         xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecOpenSSLKeyDataEcdsaXmlWrite(xmlSecKeyDataId id,
+                                                          xmlSecKeyPtr key,
+                                                          xmlNodePtr node,
+                                                          xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int              xmlSecOpenSSLKeyDataEcdsaGenerate(xmlSecKeyDataPtr data,
+                                                          xmlSecSize sizeBits,
+                                                          xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataEcdsaGetType(xmlSecKeyDataPtr data);
+static xmlSecSize        xmlSecOpenSSLKeyDataEcdsaGetSize(xmlSecKeyDataPtr data);
+static void              xmlSecOpenSSLKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data,
+                                                         FILE* output);
+static void             xmlSecOpenSSLKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data,
+                                                         FILE* output);
+
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataEcdsaKlass = {
+    sizeof(xmlSecKeyDataKlass),
+    xmlSecOpenSSLEvpKeyDataSize,
+
+    /* data */
+    xmlSecNameECDSAKeyValue,
+    xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+                                                /* xmlSecKeyDataUsage usage; */
+    xmlSecHrefECDSAKeyValue,                    /* const xmlChar* href; */
+    xmlSecNodeECDSAKeyValue,                    /* const xmlChar* dataNodeName; */
+    xmlSecDSigNs,                               /* const xmlChar* dataNodeNs; */
+
+    /* constructors/destructor */
+    xmlSecOpenSSLKeyDataEcdsaInitialize,        /* xmlSecKeyDataInitializeMethod initialize; */
+    xmlSecOpenSSLKeyDataEcdsaDuplicate,         /* xmlSecKeyDataDuplicateMethod duplicate; */
+    xmlSecOpenSSLKeyDataEcdsaFinalize,          /* xmlSecKeyDataFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecKeyDataGenerateMethod generate; */
+
+    /* get info */
+    xmlSecOpenSSLKeyDataEcdsaGetType,           /* xmlSecKeyDataGetTypeMethod getType; */
+    xmlSecOpenSSLKeyDataEcdsaGetSize,           /* xmlSecKeyDataGetSizeMethod getSize; */
+    NULL,                                       /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+    /* read/write */
+    NULL,           				/* xmlSecKeyDataXmlReadMethod xmlRead; */
+    NULL,           				/* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+    NULL,                                       /* xmlSecKeyDataBinReadMethod binRead; */
+    NULL,                                       /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+    /* debug */
+    xmlSecOpenSSLKeyDataEcdsaDebugDump,         /* xmlSecKeyDataDebugDumpMethod debugDump; */
+    xmlSecOpenSSLKeyDataEcdsaDebugXmlDump,      /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+    /* reserved for the future */
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaGetKlass:
+ *
+ * The ECDSA key data klass.
+ *
+ * Returns: pointer to ECDSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataEcdsaGetKlass(void) {
+    return(&xmlSecOpenSSLKeyDataEcdsaKlass);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaAdoptEcdsa:
+ * @data:               the pointer to ECDSA key data.
+ * @ecdsa:              the pointer to OpenSSL ECDSA key.
+ *
+ * Sets the value of ECDSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataEcdsaAdoptEcdsa(xmlSecKeyDataPtr data, EC_KEY* ecdsa) {
+    EVP_PKEY* pKey = NULL;
+    int ret;
+
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1);
+
+    /* construct new EVP_PKEY */
+    if(ecdsa != NULL) {
+        pKey = EVP_PKEY_new();
+        if(pKey == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                        "EVP_PKEY_new",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            return(-1);
+        }
+
+        ret = EVP_PKEY_assign_EC_KEY(pKey, ecdsa);
+        if(ret != 1) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                        "EVP_PKEY_assign_EC_KEY",
+                        XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            return(-1);
+        }
+    }
+
+    ret = xmlSecOpenSSLKeyDataEcdsaAdoptEvp(data, pKey);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+                    "xmlSecOpenSSLKeyDataEcdsaAdoptEvp",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        if(pKey != NULL) {
+            EVP_PKEY_free(pKey);
+        }
+        return(-1);
+    }
+    return(0);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaGetEcdsa:
+ * @data:               the pointer to ECDSA key data.
+ *
+ * Gets the OpenSSL ECDSA key from ECDSA key data.
+ *
+ * Returns: pointer to OpenSSL ECDSA key or NULL if an error occurs.
+ */
+EC_KEY*
+xmlSecOpenSSLKeyDataEcdsaGetEcdsa(xmlSecKeyDataPtr data) {
+    EVP_PKEY* pKey;
+
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), NULL);
+
+    pKey = xmlSecOpenSSLKeyDataEcdsaGetEvp(data);
+    xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_EC), NULL);
+
+    return((pKey != NULL) ? pKey->pkey.ec : (EC_KEY*)NULL);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaAdoptEvp:
+ * @data:               the pointer to ECDSA key data.
+ * @pKey:               the pointer to OpenSSL EVP key.
+ *
+ * Sets the ECDSA key data value to OpenSSL EVP key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataEcdsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1);
+    xmlSecAssert2(pKey != NULL, -1);
+    xmlSecAssert2(pKey->type == EVP_PKEY_EC, -1);
+
+    return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey));
+}
+
+/**
+ * xmlSecOpenSSLKeyDataEcdsaGetEvp:
+ * @data:               the pointer to ECDSA key data.
+ *
+ * Gets the OpenSSL EVP key from ECDSA key data.
+ *
+ * Returns: pointer to OpenSSL EVP key or NULL if an error occurs.
+ */
+EVP_PKEY*
+xmlSecOpenSSLKeyDataEcdsaGetEvp(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), NULL);
+
+    return(xmlSecOpenSSLEvpKeyDataGetEvp(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataEcdsaInitialize(xmlSecKeyDataPtr data) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1);
+
+    return(xmlSecOpenSSLEvpKeyDataInitialize(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+    xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataEcdsaId), -1);
+    xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataEcdsaId), -1);
+
+    return(xmlSecOpenSSLEvpKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecOpenSSLKeyDataEcdsaFinalize(xmlSecKeyDataPtr data) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId));
+
+    xmlSecOpenSSLEvpKeyDataFinalize(data);
+}
+
+static xmlSecKeyDataType
+xmlSecOpenSSLKeyDataEcdsaGetType(xmlSecKeyDataPtr data ATTRIBUTE_UNUSED) {
+    /* XXX-MAK: Fix this. */
+    return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+}
+
+static xmlSecSize
+xmlSecOpenSSLKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) {
+    const EC_GROUP *group;
+    const EC_KEY *ecdsa;
+    BIGNUM order;
+
+    xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), 0);
+
+    ecdsa = xmlSecOpenSSLKeyDataEcdsaGetEcdsa(data);
+    if((ecdsa == NULL)) {
+        return(0);
+    }
+
+    group = EC_KEY_get0_group(ecdsa);
+    if(group == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "EC_KEY_get0_group",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(0);
+    }
+
+    if(EC_GROUP_get_order(group, &order, NULL) != 1) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "EC_GROUP_get_order",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(0);
+    }
+
+    return(BN_num_bytes(&order));
+}
+
+static void
+xmlSecOpenSSLKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId));
+    xmlSecAssert(output != NULL);
+
+    fprintf(output, "=== ecdsa key: size = %d\n",
+            xmlSecOpenSSLKeyDataEcdsaGetSize(data));
+}
+
+static void
+xmlSecOpenSSLKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+    xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId));
+    xmlSecAssert(output != NULL);
+
+    fprintf(output, "<ECDSAKeyValue size=\"%d\" />\n",
+            xmlSecOpenSSLKeyDataEcdsaGetSize(data));
+}
+
+#endif /* XMLSEC_NO_ECDSA */
+
 #ifndef XMLSEC_NO_RSA
 /**************************************************************************
  *
diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c
index 1fc4ff3..8a47ef7 100644
--- a/src/openssl/signatures.c
+++ b/src/openssl/signatures.c
@@ -23,10 +23,45 @@
 #include <xmlsec/openssl/evp.h>
 
 #ifndef XMLSEC_NO_DSA
-#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE                       40
+
+#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE                       (20 * 2)
+
+#ifndef XMLSEC_NO_SHA1
 static const EVP_MD *xmlSecOpenSSLDsaSha1Evp                    (void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+static const EVP_MD *xmlSecOpenSSLDsaSha256Evp                  (void);
+#endif /* XMLSEC_NO_SHA256 */
+
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_ECDSA
+
+#define XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE                     ((512 / 8) * 2)
+
+#ifndef XMLSEC_NO_SHA1
+static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp                  (void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp                (void);
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp                (void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp                (void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp                (void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
 
 /**************************************************************************
  *
@@ -79,8 +114,48 @@ xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) {
     } else
 #endif /* XMLSEC_NO_SHA1 */
 
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha256Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha1Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha224Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha256Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha384Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha512Id)) {
+        return(1);
+    } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
 #ifndef XMLSEC_NO_RSA
 
 #ifndef XMLSEC_NO_MD5
@@ -161,8 +236,54 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) {
     } else
 #endif /* XMLSEC_NO_SHA1 */
 
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha256Id)) {
+        ctx->digest     = xmlSecOpenSSLDsaSha256Evp();
+        ctx->keyId      = xmlSecOpenSSLKeyDataDsaId;
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha1Id)) {
+        ctx->digest     = xmlSecOpenSSLEcdsaSha1Evp();
+        ctx->keyId      = xmlSecOpenSSLKeyDataEcdsaId;
+    } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha224Id)) {
+        ctx->digest     = xmlSecOpenSSLEcdsaSha224Evp();
+        ctx->keyId      = xmlSecOpenSSLKeyDataEcdsaId;
+    } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha256Id)) {
+        ctx->digest     = xmlSecOpenSSLEcdsaSha256Evp();
+        ctx->keyId      = xmlSecOpenSSLKeyDataEcdsaId;
+    } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha384Id)) {
+        ctx->digest     = xmlSecOpenSSLEcdsaSha384Evp();
+        ctx->keyId      = xmlSecOpenSSLKeyDataEcdsaId;
+    } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformEcdsaSha512Id)) {
+        ctx->digest     = xmlSecOpenSSLEcdsaSha512Evp();
+        ctx->keyId      = xmlSecOpenSSLKeyDataEcdsaId;
+    } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
 #ifndef XMLSEC_NO_RSA
 
 #ifndef XMLSEC_NO_MD5
@@ -497,6 +618,11 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
                 signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
             }
 #endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_ECDSA
+            if(signSize < XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE) {
+                signSize = XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE;
+            }
+#endif /* XMLSEC_NO_ECDSA */
 
             ret = xmlSecBufferSetMaxSize(out, signSize);
             if(ret < 0) {
@@ -547,58 +673,11 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT
 }
 
 #ifndef XMLSEC_NO_DSA
-
-#ifndef XMLSEC_NO_SHA1
-/****************************************************************************
- *
- * DSA-SHA1 signature transform
- *
- ***************************************************************************/
-
-static xmlSecTransformKlass xmlSecOpenSSLDsaSha1Klass = {
-    /* klass/object sizes */
-    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
-    xmlSecOpenSSLEvpSignatureSize,              /* xmlSecSize objSize */
-
-    xmlSecNameDsaSha1,                          /* const xmlChar* name; */
-    xmlSecHrefDsaSha1,                          /* const xmlChar* href; */
-    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
-
-    xmlSecOpenSSLEvpSignatureInitialize,        /* xmlSecTransformInitializeMethod initialize; */
-    xmlSecOpenSSLEvpSignatureFinalize,          /* xmlSecTransformFinalizeMethod finalize; */
-    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
-    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
-    xmlSecOpenSSLEvpSignatureSetKeyReq,         /* xmlSecTransformSetKeyReqMethod setKeyReq; */
-    xmlSecOpenSSLEvpSignatureSetKey,            /* xmlSecTransformSetKeyMethod setKey; */
-    xmlSecOpenSSLEvpSignatureVerify,            /* xmlSecTransformVerifyMethod verify; */
-    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
-    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
-    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
-    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
-    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
-    xmlSecOpenSSLEvpSignatureExecute,           /* xmlSecTransformExecuteMethod execute; */
-
-    NULL,                                       /* void* reserved0; */
-    NULL,                                       /* void* reserved1; */
-};
-
-/**
- * xmlSecOpenSSLTransformDsaSha1GetKlass:
- *
- * The DSA-SHA1 signature transform klass.
- *
- * Returns: DSA-SHA1 signature transform klass.
- */
-xmlSecTransformId
-xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
-    return(&xmlSecOpenSSLDsaSha1Klass);
-}
-
 /****************************************************************************
  *
- * DSA-SHA1 EVP
+ * DSA EVP
  *
- * XMLDSig specifies dsa signature packing not supported by OpenSSL so
+ * XMLDSig specifies DSA signature packing not supported by OpenSSL so
  * we created our own EVP_MD.
  *
  * http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg:
@@ -620,28 +699,8 @@ xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
  * <SignatureValue>i6watmQQQ1y3GB+VsWq5fJKzQcBB4jRfH1bfJFj0JtFVtLotttzYyA==</SignatureValue>
  *
  ***************************************************************************/
-#ifndef XMLSEC_OPENSSL_096
-static int
-xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx)
-{
-    return SHA1_Init(ctx->md_data);
-}
-
-static int
-xmlSecOpenSSLDsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-    return SHA1_Update(ctx->md_data,data,count);
-}
-
-static int
-xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
-{
-    return SHA1_Final(md,ctx->md_data);
-}
-#endif /* XMLSEC_OPENSSL_096 */
-
 static int
-xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
+xmlSecOpenSSLDsaEvpSign(int type ATTRIBUTE_UNUSED,
                         const unsigned char *dgst, unsigned int dlen,
                         unsigned char *sig, unsigned int *siglen, void *dsa) {
     DSA_SIG *s;
@@ -657,7 +716,6 @@ xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
     sSize = BN_num_bytes(s->s);
     if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||
        (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {
-
         xmlSecError(XMLSEC_ERRORS_HERE,
                     NULL,
                     NULL,
@@ -678,7 +736,7 @@ xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
 }
 
 static int
-xmlSecOpenSSLDsaSha1EvpVerify(int type ATTRIBUTE_UNUSED,
+xmlSecOpenSSLDsaEvpVerify(int type ATTRIBUTE_UNUSED,
                         const unsigned char *dgst, unsigned int dgst_len,
                         const unsigned char *sigbuf, unsigned int siglen,
                         void *dsa) {
@@ -719,7 +777,73 @@ err:
     return(ret);
 }
 
-static const EVP_MD xmlSecOpenSSLDsaMdEvp = {
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * DSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLDsaSha1Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecOpenSSLEvpSignatureSize,              /* xmlSecSize objSize */
+
+    xmlSecNameDsaSha1,                          /* const xmlChar* name; */
+    xmlSecHrefDsaSha1,                          /* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecOpenSSLEvpSignatureInitialize,        /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecOpenSSLEvpSignatureFinalize,          /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecOpenSSLEvpSignatureSetKeyReq,         /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecOpenSSLEvpSignatureSetKey,            /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecOpenSSLEvpSignatureVerify,            /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecOpenSSLEvpSignatureExecute,           /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
+    return(&xmlSecOpenSSLDsaSha1Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx)
+{
+    return SHA1_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLDsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA1_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA1_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLDsaSha1MdEvp = {
     NID_dsaWithSHA,
     NID_dsaWithSHA,
     SHA_DIGEST_LENGTH,
@@ -735,8 +859,8 @@ static const EVP_MD xmlSecOpenSSLDsaMdEvp = {
     SHA1_Update,
     SHA1_Final,
 #endif /* XMLSEC_OPENSSL_096 */
-    xmlSecOpenSSLDsaSha1EvpSign,
-    xmlSecOpenSSLDsaSha1EvpVerify,
+    xmlSecOpenSSLDsaEvpSign,
+    xmlSecOpenSSLDsaEvpVerify,
     {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0},
     SHA_CBLOCK,
     sizeof(EVP_MD *)+sizeof(SHA_CTX),
@@ -744,11 +868,760 @@ static const EVP_MD xmlSecOpenSSLDsaMdEvp = {
 
 static const EVP_MD *xmlSecOpenSSLDsaSha1Evp(void)
 {
-    return(&xmlSecOpenSSLDsaMdEvp);
+    return(&xmlSecOpenSSLDsaSha1MdEvp);
 }
+
 #endif /* XMLSEC_NO_SHA1 */
 
-#endif /* XMLSEC_NO_DSA */
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * DSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLDsaSha256Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecOpenSSLEvpSignatureSize,              /* xmlSecSize objSize */
+
+    xmlSecNameDsaSha256,                        /* const xmlChar* name; */
+    xmlSecHrefDsaSha256,                        /* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecOpenSSLEvpSignatureInitialize,        /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecOpenSSLEvpSignatureFinalize,          /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecOpenSSLEvpSignatureSetKeyReq,         /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecOpenSSLEvpSignatureSetKey,            /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecOpenSSLEvpSignatureVerify,            /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecOpenSSLEvpSignatureExecute,           /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformDsaSha256GetKlass:
+ *
+ * The DSA-SHA256 signature transform klass.
+ *
+ * Returns: DSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformDsaSha256GetKlass(void) {
+    return(&xmlSecOpenSSLDsaSha256Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLDsaSha256EvpInit(EVP_MD_CTX *ctx)
+{
+    return SHA256_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLDsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA256_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLDsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA256_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLDsaSha256MdEvp = {
+    NID_dsa_with_SHA256,
+    NID_dsa_with_SHA256,
+    SHA256_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+    0,
+    xmlSecOpenSSLDsaSha256EvpInit,
+    xmlSecOpenSSLDsaSha256EvpUpdate,
+    xmlSecOpenSSLDsaSha256EvpFinal,
+    NULL,
+    NULL,
+#else /* XMLSEC_OPENSSL_096 */
+    SHA256_Init,
+    SHA256_Update,
+    SHA256_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+    xmlSecOpenSSLDsaEvpSign,
+    xmlSecOpenSSLDsaEvpVerify,
+    /* XXX-MAK: This worries me, not sure that the keys are right. */
+    {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0},
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLDsaSha256Evp(void)
+{
+    return(&xmlSecOpenSSLDsaSha256MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_ECDSA
+/****************************************************************************
+ *
+ * ECDSA EVP
+ *
+ * NIST-IR-7802 (TMSAD) specifies ECDSA signature packing not supported by
+ * OpenSSL so we created our own EVP_MD.
+ *
+ * http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7802
+ *
+ * The ECDSA algorithm signature is a pair of integers referred to as (r, s).
+ * The <dsig:SignatureValue> consists of the base64 [RFC2045] encoding of the
+ * concatenation of two octet-streams that respectively result from the
+ * octet-encoding of the values r and s, in that order. Integer to
+ * octet-stream conversion MUST be done according to the I2OSP operation
+ * defined in Section 4.1 of RFC 3447 [PKCS1] with the xLen parameter equal
+ * to the size of the base point order of the curve in bytes (32 for the
+ * P-256 curve).
+ *
+ ***************************************************************************/
+static int
+xmlSecOpenSSLEcdsaEvpSign(int type ATTRIBUTE_UNUSED,
+                        const unsigned char *dgst, unsigned int dlen,
+                        unsigned char *sig, unsigned int *siglen, void *ecdsa) {
+    int rSize, sSize, xLen;
+    const EC_GROUP *group;
+    BIGNUM order;
+    ECDSA_SIG *s;
+
+    s = ECDSA_do_sign(dgst, dlen, ecdsa);
+    if(s == NULL) {
+        *siglen=0;
+        return(0);
+    }
+
+    group = EC_KEY_get0_group(ecdsa);
+    if(group == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "EC_KEY_get0_group",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        ECDSA_SIG_free(s);
+        return(0);
+    }
+
+    if(EC_GROUP_get_order(group, &order, NULL) != 1) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "EC_GROUP_get_order",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        ECDSA_SIG_free(s);
+        return(0);
+    }
+
+    xLen = BN_num_bytes(&order);
+    if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_SIZE,
+                    "xLen=%d > %d",
+                    xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2);
+        ECDSA_SIG_free(s);
+        return(0);
+    }
+
+    rSize = BN_num_bytes(s->r);
+    sSize = BN_num_bytes(s->s);
+    if((rSize > xLen) || (sSize > xLen)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_SIZE,
+                    "size(r)=%d or size(s)=%d > %d",
+                    rSize, sSize, xLen);
+        ECDSA_SIG_free(s);
+        return(0);
+    }
+
+    memset(sig, 0, xLen * 2);
+    BN_bn2bin(s->r, sig + xLen - rSize);
+    BN_bn2bin(s->s, sig + (xLen * 2) - sSize);
+    *siglen = xLen * 2;
+
+    ECDSA_SIG_free(s);
+    return(1);
+}
+
+static int
+xmlSecOpenSSLEcdsaEvpVerify(int type ATTRIBUTE_UNUSED,
+                        const unsigned char *dgst, unsigned int dgst_len,
+                        const unsigned char *sigbuf, unsigned int siglen,
+                        void *ecdsa) {
+    const EC_GROUP *group;
+    unsigned int xLen;
+    BIGNUM order;
+    ECDSA_SIG *s;
+    int ret = -1;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL) {
+        return(ret);
+    }
+
+    group = EC_KEY_get0_group(ecdsa);
+    if(group == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "EC_KEY_get0_group",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto err;
+    }
+
+    if(EC_GROUP_get_order(group, &order, NULL) != 1) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "EC_GROUP_get_order",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto err;
+    }
+
+    xLen = BN_num_bytes(&order);
+    if(xLen > (XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_SIZE,
+                    "xLen=%d > %d",
+                    xLen, XMLSEC_OPENSSL_ECDSA_SIGNATURE_SIZE / 2);
+        goto err;
+    }
+
+    if(siglen != xLen * 2) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    NULL,
+                    XMLSEC_ERRORS_R_INVALID_SIZE,
+                    "invalid length %d (%d expected)",
+                    siglen, xLen * 2);
+        goto err;
+    }
+
+    s->r = BN_bin2bn(sigbuf, xLen, NULL);
+    s->s = BN_bin2bn(sigbuf + xLen, xLen, NULL);
+    if((s->r == NULL) || (s->s == NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "BN_bin2bn",
+                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        goto err;
+    }
+
+    ret = ECDSA_do_verify(dgst, dgst_len, s, ecdsa);
+
+err:
+    ECDSA_SIG_free(s);
+    return(ret);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * ECDSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha1Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecOpenSSLEvpSignatureSize,              /* xmlSecSize objSize */
+
+    xmlSecNameEcdsaSha1,                        /* const xmlChar* name; */
+    xmlSecHrefEcdsaSha1,                        /* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecOpenSSLEvpSignatureInitialize,        /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecOpenSSLEvpSignatureFinalize,          /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecOpenSSLEvpSignatureSetKeyReq,         /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecOpenSSLEvpSignatureSetKey,            /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecOpenSSLEvpSignatureVerify,            /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecOpenSSLEvpSignatureExecute,           /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha1GetKlass:
+ *
+ * The ECDSA-SHA1 signature transform klass.
+ *
+ * Returns: ECDSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha1GetKlass(void) {
+    return(&xmlSecOpenSSLEcdsaSha1Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha1EvpInit(EVP_MD_CTX *ctx)
+{
+    return SHA1_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA1_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA1_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha1MdEvp = {
+    NID_ecdsa_with_SHA1,
+    NID_ecdsa_with_SHA1,
+    SHA_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+    0,
+    xmlSecOpenSSLEcdsaSha1EvpInit,
+    xmlSecOpenSSLEcdsaSha1EvpUpdate,
+    xmlSecOpenSSLEcdsaSha1EvpFinal,
+    NULL,
+    NULL,
+#else /* XMLSEC_OPENSSL_096 */
+    SHA1_Init,
+    SHA1_Update,
+    SHA1_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+    xmlSecOpenSSLEcdsaEvpSign,
+    xmlSecOpenSSLEcdsaEvpVerify,
+    /* XXX-MAK: This worries me, not sure that the keys are right. */
+    {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA1,0,0,0},
+    SHA_CBLOCK,
+    sizeof(EVP_MD *)+sizeof(SHA_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha1Evp(void)
+{
+    return(&xmlSecOpenSSLEcdsaSha1MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/****************************************************************************
+ *
+ * ECDSA-SHA224 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha224Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecOpenSSLEvpSignatureSize,              /* xmlSecSize objSize */
+
+    xmlSecNameEcdsaSha224,                      /* const xmlChar* name; */
+    xmlSecHrefEcdsaSha224,                      /* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecOpenSSLEvpSignatureInitialize,        /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecOpenSSLEvpSignatureFinalize,          /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecOpenSSLEvpSignatureSetKeyReq,         /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecOpenSSLEvpSignatureSetKey,            /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecOpenSSLEvpSignatureVerify,            /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecOpenSSLEvpSignatureExecute,           /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha224GetKlass:
+ *
+ * The ECDSA-SHA224 signature transform klass.
+ *
+ * Returns: ECDSA-SHA224 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha224GetKlass(void) {
+    return(&xmlSecOpenSSLEcdsaSha224Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha224EvpInit(EVP_MD_CTX *ctx)
+{
+    return SHA224_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha224EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA224_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha224EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA224_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha224MdEvp = {
+    NID_ecdsa_with_SHA224,
+    NID_ecdsa_with_SHA224,
+    SHA224_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+    0,
+    xmlSecOpenSSLEcdsaSha224EvpInit,
+    xmlSecOpenSSLEcdsaSha224EvpUpdate,
+    xmlSecOpenSSLEcdsaSha224EvpFinal,
+    NULL,
+    NULL,
+#else /* XMLSEC_OPENSSL_096 */
+    SHA224_Init,
+    SHA224_Update,
+    SHA224_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+    xmlSecOpenSSLEcdsaEvpSign,
+    xmlSecOpenSSLEcdsaEvpVerify,
+    /* XXX-MAK: This worries me, not sure that the keys are right. */
+    {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA224,0,0,0,0},
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha224Evp(void)
+{
+    return(&xmlSecOpenSSLEcdsaSha224MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * ECDSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha256Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecOpenSSLEvpSignatureSize,              /* xmlSecSize objSize */
+
+    xmlSecNameEcdsaSha256,                      /* const xmlChar* name; */
+    xmlSecHrefEcdsaSha256,                      /* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecOpenSSLEvpSignatureInitialize,        /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecOpenSSLEvpSignatureFinalize,          /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecOpenSSLEvpSignatureSetKeyReq,         /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecOpenSSLEvpSignatureSetKey,            /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecOpenSSLEvpSignatureVerify,            /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecOpenSSLEvpSignatureExecute,           /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha256GetKlass:
+ *
+ * The ECDSA-SHA256 signature transform klass.
+ *
+ * Returns: ECDSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha256GetKlass(void) {
+    return(&xmlSecOpenSSLEcdsaSha256Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha256EvpInit(EVP_MD_CTX *ctx)
+{
+    return SHA256_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha256EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA256_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha256EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA256_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha256MdEvp = {
+    NID_ecdsa_with_SHA256,
+    NID_ecdsa_with_SHA256,
+    SHA256_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+    0,
+    xmlSecOpenSSLEcdsaSha256EvpInit,
+    xmlSecOpenSSLEcdsaSha256EvpUpdate,
+    xmlSecOpenSSLEcdsaSha256EvpFinal,
+    NULL,
+    NULL,
+#else /* XMLSEC_OPENSSL_096 */
+    SHA256_Init,
+    SHA256_Update,
+    SHA256_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+    xmlSecOpenSSLEcdsaEvpSign,
+    xmlSecOpenSSLEcdsaEvpVerify,
+    /* XXX-MAK: This worries me, not sure that the keys are right. */
+    {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA256,0,0,0,0},
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *)+sizeof(SHA256_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha256Evp(void)
+{
+    return(&xmlSecOpenSSLEcdsaSha256MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * ECDSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha384Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecOpenSSLEvpSignatureSize,              /* xmlSecSize objSize */
+
+    xmlSecNameEcdsaSha384,                      /* const xmlChar* name; */
+    xmlSecHrefEcdsaSha384,                      /* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecOpenSSLEvpSignatureInitialize,        /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecOpenSSLEvpSignatureFinalize,          /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecOpenSSLEvpSignatureSetKeyReq,         /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecOpenSSLEvpSignatureSetKey,            /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecOpenSSLEvpSignatureVerify,            /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecOpenSSLEvpSignatureExecute,           /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha384GetKlass:
+ *
+ * The ECDSA-SHA384 signature transform klass.
+ *
+ * Returns: ECDSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha384GetKlass(void) {
+    return(&xmlSecOpenSSLEcdsaSha384Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha384EvpInit(EVP_MD_CTX *ctx)
+{
+    return SHA384_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha384EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA384_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha384EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA384_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha384MdEvp = {
+    NID_ecdsa_with_SHA384,
+    NID_ecdsa_with_SHA384,
+    SHA384_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+    0,
+    xmlSecOpenSSLEcdsaSha384EvpInit,
+    xmlSecOpenSSLEcdsaSha384EvpUpdate,
+    xmlSecOpenSSLEcdsaSha384EvpFinal,
+    NULL,
+    NULL,
+#else /* XMLSEC_OPENSSL_096 */
+    SHA384_Init,
+    SHA384_Update,
+    SHA384_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+    xmlSecOpenSSLEcdsaEvpSign,
+    xmlSecOpenSSLEcdsaEvpVerify,
+    /* XXX-MAK: This worries me, not sure that the keys are right. */
+    {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA384,0,0,0,0},
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha384Evp(void)
+{
+    return(&xmlSecOpenSSLEcdsaSha384MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * ECDSA-SHA512 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLEcdsaSha512Klass = {
+    /* klass/object sizes */
+    sizeof(xmlSecTransformKlass),               /* xmlSecSize klassSize */
+    xmlSecOpenSSLEvpSignatureSize,              /* xmlSecSize objSize */
+
+    xmlSecNameEcdsaSha512,                      /* const xmlChar* name; */
+    xmlSecHrefEcdsaSha512,                      /* const xmlChar* href; */
+    xmlSecTransformUsageSignatureMethod,        /* xmlSecTransformUsage usage; */
+
+    xmlSecOpenSSLEvpSignatureInitialize,        /* xmlSecTransformInitializeMethod initialize; */
+    xmlSecOpenSSLEvpSignatureFinalize,          /* xmlSecTransformFinalizeMethod finalize; */
+    NULL,                                       /* xmlSecTransformNodeReadMethod readNode; */
+    NULL,                                       /* xmlSecTransformNodeWriteMethod writeNode; */
+    xmlSecOpenSSLEvpSignatureSetKeyReq,         /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+    xmlSecOpenSSLEvpSignatureSetKey,            /* xmlSecTransformSetKeyMethod setKey; */
+    xmlSecOpenSSLEvpSignatureVerify,            /* xmlSecTransformVerifyMethod verify; */
+    xmlSecTransformDefaultGetDataType,          /* xmlSecTransformGetDataTypeMethod getDataType; */
+    xmlSecTransformDefaultPushBin,              /* xmlSecTransformPushBinMethod pushBin; */
+    xmlSecTransformDefaultPopBin,               /* xmlSecTransformPopBinMethod popBin; */
+    NULL,                                       /* xmlSecTransformPushXmlMethod pushXml; */
+    NULL,                                       /* xmlSecTransformPopXmlMethod popXml; */
+    xmlSecOpenSSLEvpSignatureExecute,           /* xmlSecTransformExecuteMethod execute; */
+
+    NULL,                                       /* void* reserved0; */
+    NULL,                                       /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformEcdsaSha512GetKlass:
+ *
+ * The ECDSA-SHA512 signature transform klass.
+ *
+ * Returns: ECDSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformEcdsaSha512GetKlass(void) {
+    return(&xmlSecOpenSSLEcdsaSha512Klass);
+}
+
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLEcdsaSha512EvpInit(EVP_MD_CTX *ctx)
+{
+    return SHA512_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha512EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA512_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLEcdsaSha512EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA512_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static const EVP_MD xmlSecOpenSSLEcdsaSha512MdEvp = {
+    NID_ecdsa_with_SHA512,
+    NID_ecdsa_with_SHA512,
+    SHA512_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+    0,
+    xmlSecOpenSSLEcdsaSha512EvpInit,
+    xmlSecOpenSSLEcdsaSha512EvpUpdate,
+    xmlSecOpenSSLEcdsaSha512EvpFinal,
+    NULL,
+    NULL,
+#else /* XMLSEC_OPENSSL_096 */
+    SHA512_Init,
+    SHA512_Update,
+    SHA512_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+    xmlSecOpenSSLEcdsaEvpSign,
+    xmlSecOpenSSLEcdsaEvpVerify,
+    /* XXX-MAK: This worries me, not sure that the keys are right. */
+    {NID_X9_62_id_ecPublicKey,NID_ecdsa_with_SHA512,0,0,0,0},
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *)+sizeof(SHA512_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLEcdsaSha512Evp(void)
+{
+    return(&xmlSecOpenSSLEcdsaSha512MdEvp);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
 
 #ifndef XMLSEC_NO_RSA
 
diff --git a/src/skeleton/crypto.c b/src/skeleton/crypto.c
index f52d4ac..3be2064 100644
--- a/src/skeleton/crypto.c
+++ b/src/skeleton/crypto.c
@@ -68,6 +68,10 @@ xmlSecCryptoGetFunctions_skeleton(void) {
     gXmlSecSkeletonFunctions->keyDataDsaGetKlass        = xmlSecSkeletonKeyDataDsaGetKlass;
 #endif /* XMLSEC_NO_DSA */
 
+#ifndef XMLSEC_NO_ECDSA
+    gXmlSecSkeletonFunctions->keyDataEcdsaGetKlass      = xmlSecSkeletonKeyDataEcdsaGetKlass;
+#endif /* XMLSEC_NO_ECDSA */
+
 #ifndef XMLSEC_NO_GOST
     gXmlSecSkeletonFunctions->keyDataGost2001GetKlass   = xmlSecSkeletonKeyDataGost2001GetKlass;
 #endif /* XMLSEC_NO_GOST */
@@ -123,8 +127,37 @@ xmlSecCryptoGetFunctions_skeleton(void) {
     gXmlSecSkeletonFunctions->transformDsaSha1GetKlass          = xmlSecSkeletonTransformDsaSha1GetKlass;
 #endif /* XMLSEC_NO_SHA1 */
 
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecSkeletonFunctions->transformDsaSha256GetKlass        = xmlSecSkeletonTransformDsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
 #endif /* XMLSEC_NO_DSA */
 
+    /******************************* ECDSA ********************************/
+#ifndef XMLSEC_NO_ECDSA
+
+#ifndef XMLSEC_NO_SHA1
+    gXmlSecSkeletonFunctions->transformEcdsaSha1GetKlass        = xmlSecSkeletonTransformEcdsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+    gXmlSecSkeletonFunctions->transformEcdsaSha224GetKlass      = xmlSecSkeletonTransformEcdsaSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+    gXmlSecSkeletonFunctions->transformEcdsaSha256GetKlass      = xmlSecSkeletonTransformEcdsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+    gXmlSecSkeletonFunctions->transformEcdsaSha384GetKlass      = xmlSecSkeletonTransformEcdsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+    gXmlSecSkeletonFunctions->transformEcdsaSha512GetKlass      = xmlSecSkeletonTransformEcdsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_ECDSA */
+
     /******************************* GOST ********************************/
 #ifndef XMLSEC_NO_GOST
     gXmlSecSkeletonFunctions->transformGost2001GostR3411_94GetKlass             = xmlSecSkeletonTransformGost2001GostR3411_94GetKlass;
diff --git a/src/strings.c b/src/strings.c
index 99ee316..f746f4d 100644
--- a/src/strings.c
+++ b/src/strings.c
@@ -322,6 +322,42 @@ const xmlChar xmlSecNodeDSAPgenCounter[]        = "PgenCounter";
 const xmlChar xmlSecNameDsaSha1[]               = "dsa-sha1";
 const xmlChar xmlSecHrefDsaSha1[]               = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
 
+const xmlChar xmlSecNameDsaSha256[]             = "dsa-sha256";
+const xmlChar xmlSecHrefDsaSha256[]             = "http://www.w3.org/2009/xmldsig11#dsa-sha256";
+
+/*************************************************************************
+ *
+ * ECDSA strings
+ *
+ ************************************************************************/
+/* XXX-MAK: More constants will be needed later. */
+const xmlChar xmlSecNameECDSAKeyValue[]         = "ecdsa";
+const xmlChar xmlSecNodeECDSAKeyValue[]         = "ECDSAKeyValue";
+const xmlChar xmlSecHrefECDSAKeyValue[]         = "http://scap.nist.gov/specifications/tmsad/#resource-1.0";
+const xmlChar xmlSecNodeECDSAP[]                = "P";
+const xmlChar xmlSecNodeECDSAQ[]                = "Q";
+const xmlChar xmlSecNodeECDSAG[]                = "G";
+const xmlChar xmlSecNodeECDSAJ[]                = "J";
+const xmlChar xmlSecNodeECDSAX[]                = "X";
+const xmlChar xmlSecNodeECDSAY[]                = "Y";
+const xmlChar xmlSecNodeECDSASeed[]             = "Seed";
+const xmlChar xmlSecNodeECDSAPgenCounter[]      = "PgenCounter";
+
+const xmlChar xmlSecNameEcdsaSha1[]             = "ecdsa-sha1";
+const xmlChar xmlSecHrefEcdsaSha1[]             = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1";
+
+const xmlChar xmlSecNameEcdsaSha224[]           = "ecdsa-sha224";
+const xmlChar xmlSecHrefEcdsaSha224[]           = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224";
+
+const xmlChar xmlSecNameEcdsaSha256[]           = "ecdsa-sha256";
+const xmlChar xmlSecHrefEcdsaSha256[]           = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
+
+const xmlChar xmlSecNameEcdsaSha384[]           = "ecdsa-sha384";
+const xmlChar xmlSecHrefEcdsaSha384[]           = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384";
+
+const xmlChar xmlSecNameEcdsaSha512[]           = "ecdsa-sha512";
+const xmlChar xmlSecHrefEcdsaSha512[]           = "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512";
+
 /*************************************************************************
  *
  * EncryptedKey


More information about the xmlsec mailing list