On Thu, Sep 12, 2013, Douglas E. Engert wrote: > > > On 9/11/2013 2:01 PM, Stephen Henson via RT wrote: > >On Wed Sep 11 17:52:03 2013, deeng...@anl.gov wrote: > >> > >>Attached is a patch to move the definition of ecdsa_method > >>from src/crypto/ecdsa/ecs_locl.h to ecdsa.h > >>and move the definition if ecdh_method > >>from src/crypto/ecdh/ech_locl.h to ecdh.h > >> > > > >It's been policy that we should avoiding direct structure access in > >applications code and use opaque structures where possible. > > > >I had to change ecdsa_method for the FIPS builds (add the flags field) and if > >it had been public would've meant that it would no longer be binary > >compatible > >across minor versions (1.0.0 incompatible with 1.0.1 and later) which would > >be > >a major headache. > > > >The preferred technique would be to create a function to allocate and > >initialise the structure without exposing it in a public header. See the > >EVP_PKEY_METHOD structure for example. > > Is the following something like what you are looking for? > > It has not been been tested, and it needs some error handling... > The 3 _put_ routines could be combined with the _new routine. >
[snip] Yes similar to that but with a few minor changes. The analogous functions for EVP_PKEY_METHOD are called "set" and not "put". For consistency we could use something like ECDSA_METHOD_set_sign() and so on. I'd suggest a flag to indicate the structure has been malloced so a call to ECDSA_METHOD_free with a static structure ends up a no op instead of undefined. ECDSA_METHOD_new could take a ECDSA_METHOD * argument which is an optional method which is copied into the result. If things like crypto accelerators start implementing their own default methods then ECDSA_get_default_method might not be what you expect (it can already change for the FIPS versions of OpenSSL). Applications could use ECDSA_OpenSSL() to avoid such surprises. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org