On 9/11/2013 2:01 PM, Stephen Henson via RT wrote: > On Wed Sep 11 17:52:03 2013, deeng...@anl.gov wrote: >> >> Attached is a patch to move the definition of ecdsa_method >> from src/crypto/ecdsa/ecs_locl.h to ecdsa.h >> and move the definition if ecdh_method >> from src/crypto/ecdh/ech_locl.h to ecdh.h >> > > It's been policy that we should avoiding direct structure access in > applications code and use opaque structures where possible. > > I had to change ecdsa_method for the FIPS builds (add the flags field) and if > it had been public would've meant that it would no longer be binary compatible > across minor versions (1.0.0 incompatible with 1.0.1 and later) which would be > a major headache. > > The preferred technique would be to create a function to allocate and > initialise the structure without exposing it in a public header. See the > EVP_PKEY_METHOD structure for example.
Would you accept a modification to do that? If yes, I will get a modification for ECDSA. The current code in libp11 needs to change the do_sign and do_sign_setup. ECDSA_METHOD *PKCS11_get_ecdsa_method(void) { static ECDSA_METHOD ops; if (!ops.ecdsa_do_sign) { ops = *ECDSA_get_default_method(); ops.ecdsa_do_sign = pkcs11_ecdsa_do_sign; ops.ecdsa_sign_setup = pkcs11_ecdsa_do_sign_setup; } return &ops; } Copies the existing structure and sets the ecdsa_do_sign and ecdsa_do_sign_setup. The RSA_METHOD structure is exposed, and I suspect other engines take advantage of that. The libp11 does: RSA_METHOD *PKCS11_get_rsa_method(void) { static RSA_METHOD ops; if (!ops.rsa_priv_enc) { ops = *RSA_get_default_method(); ops.rsa_priv_enc = pkcs11_rsa_encrypt; ops.rsa_priv_dec = pkcs11_rsa_decrypt; ops.rsa_sign = pkcs11_rsa_sign; ops.rsa_verify = pkcs11_rsa_verify; } return &ops; } Are there any plans to hide the RSA_METHOD? > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org