Re: [openssl.org #2459] ecdsa_method declaration prevents use in implementing a dynamic engine

Thu, 12 Sep 2013 10:43:38 -0700 


On 9/11/2013 2:01 PM, Stephen Henson via RT wrote:

On Wed Sep 11 17:52:03 2013, deeng...@anl.gov wrote:


Attached is a patch to move the definition of ecdsa_method
from src/crypto/ecdsa/ecs_locl.h to ecdsa.h
and move the definition if ecdh_method
from src/crypto/ecdh/ech_locl.h to ecdh.h



It's been policy that we should avoiding direct structure access in
applications code and use opaque structures where possible.

I had to change ecdsa_method for the FIPS builds (add the flags field) and if
it had been public would've meant that it would no longer be binary compatible
across minor versions (1.0.0 incompatible with 1.0.1 and later) which would be
a major headache.

The preferred technique would be to create a function to allocate and
initialise the structure without exposing it in a public header. See the
EVP_PKEY_METHOD structure for example.


Is the following something like what you are looking for?

It has not been been tested, and it needs some error handling...
The 3 _put_ routines could be combined with the _new routine.

Add to ecdsa.h:

ECDSA_METHOD *ECDSA_METHOD_new();

void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);

int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method,
        ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
                const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);

int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method,
        int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
                const ECDSA_SIG *sig, EC_KEY *eckey));

int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method,
        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
                const ECDSA_SIG *sig, EC_KEY *eckey);


add to ecs_ossl.c or some other file:

ECDSA_METHOD *ECDSA_METHOD_new()
{
        ECDSA_METHOD  *ret;

        ret=(ECDSA_METHOD *)OPENSSL_malloc(sizeof(ECDSA_METHOD));
        if (ret == NULL)
        {
                ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE);
                return(NULL);
        }

#if do_you_like_this
        /* copy the structure */
        *ret = *ECDSA_get_default_method();
#else
        ret->name = "Cloned OpenSSL ECDSA method";
        /* set the defaults as the functions in ecs_ossl.c */
        ret->ecdsa_do_sign =  ecdsa_do_sign;
        ret->ecdsa_sign_setup = ecdsa_sign_setup;
        ret->ecdsa_do_verify = ecdsa_do_verify;
        ret->flags = 0
        ret->app_data = NULL;
#endif

        return ret;
}


int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method,
        ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
                const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)
{
        ecdsa_method->ecdsa_do_sign = ecdsa_do_sign;
}

int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method,
        int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
                const ECDSA_SIG *sig, EC_KEY *eckey))
{
        ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup;

}

int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method,
        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
                const ECDSA_SIG *sig, EC_KEY *eckey)
{
     ecdsa_method->ecdsa_do_verify = ecdsa_do_verify;
}

void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method)
{
        OPENSSL_free(ecdsa_method);
}




Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org



--

 Douglas E. Engert  <deeng...@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444

Add to ecdsa.h:

ECDSA_METHOD *ECDSA_METHOD_new();

void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);

int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method,
        ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
                const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);

int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method,
        int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
                const ECDSA_SIG *sig, EC_KEY *eckey));

int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method,
        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
                const ECDSA_SIG *sig, EC_KEY *eckey);



add to ecs_ossl.c:

ECDSA_METHOD *ECDSA_METHOD_new()
{
        ECDSA_METHOD  *ret;

        ret=(ECDSA_METHOD *)OPENSSL_malloc(sizeof(ECDSA_METHOD));
        if (ret == NULL)
        {
                ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE);
                return(NULL);
        }

#if do_you_like_this
        /* copy the structure */
        *ret = *ECDSA_get_default_method();
#else
        ret->name = "Cloned OpenSSL ECDSA method"; 
        /* set the defaults as the functions in ecs_ossl.c */
        ret->ecdsa_do_sign =  ecdsa_do_sign;
        ret->ecdsa_sign_setup = ecdsa_sign_setup;
        ret->ecdsa_do_verify = ecdsa_do_verify;
        ret->flags = 0
        ret->app_data = NULL;
#endif

        return ret;
}


int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method,
        ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
                const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)
{
        ecdsa_method->ecdsa_do_sign = ecdsa_do_sign;
}

int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method,
        int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
                const ECDSA_SIG *sig, EC_KEY *eckey))
{
        ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup;

}

int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method,
        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
                const ECDSA_SIG *sig, EC_KEY *eckey)
{
     ecdsa_method->ecdsa_do_verify = ecdsa_do_verify;
}

void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method)
{
        OPENSSL_free(ecdsa_method);
}























					Reply via email to