On 9/11/2013 2:01 PM, Stephen Henson via RT wrote: > On Wed Sep 11 17:52:03 2013, deeng...@anl.gov wrote: >> >> Attached is a patch to move the definition of ecdsa_method >> from src/crypto/ecdsa/ecs_locl.h to ecdsa.h >> and move the definition if ecdh_method >> from src/crypto/ecdh/ech_locl.h to ecdh.h >> > > It's been policy that we should avoiding direct structure access in > applications code and use opaque structures where possible. > > I had to change ecdsa_method for the FIPS builds (add the flags field) and if > it had been public would've meant that it would no longer be binary compatible > across minor versions (1.0.0 incompatible with 1.0.1 and later) which would be > a major headache. > > The preferred technique would be to create a function to allocate and > initialise the structure without exposing it in a public header. See the > EVP_PKEY_METHOD structure for example.
Is the following something like what you are looking for? It has not been been tested, and it needs some error handling... The 3 _put_ routines could be combined with the _new routine. Add to ecdsa.h: ECDSA_METHOD *ECDSA_METHOD_new(); void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method, ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey); int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method, int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, const ECDSA_SIG *sig, EC_KEY *eckey)); int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method, int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); add to ecs_ossl.c or some other file: ECDSA_METHOD *ECDSA_METHOD_new() { ECDSA_METHOD *ret; ret=(ECDSA_METHOD *)OPENSSL_malloc(sizeof(ECDSA_METHOD)); if (ret == NULL) { ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE); return(NULL); } #if do_you_like_this /* copy the structure */ *ret = *ECDSA_get_default_method(); #else ret->name = "Cloned OpenSSL ECDSA method"; /* set the defaults as the functions in ecs_ossl.c */ ret->ecdsa_do_sign = ecdsa_do_sign; ret->ecdsa_sign_setup = ecdsa_sign_setup; ret->ecdsa_do_verify = ecdsa_do_verify; ret->flags = 0 ret->app_data = NULL; #endif return ret; } int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method, ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey) { ecdsa_method->ecdsa_do_sign = ecdsa_do_sign; } int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method, int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, const ECDSA_SIG *sig, EC_KEY *eckey)) { ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup; } int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method, int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { ecdsa_method->ecdsa_do_verify = ecdsa_do_verify; } void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method) { OPENSSL_free(ecdsa_method); } > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444
Add to ecdsa.h: ECDSA_METHOD *ECDSA_METHOD_new(); void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method, ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey); int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method, int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, const ECDSA_SIG *sig, EC_KEY *eckey)); int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method, int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); add to ecs_ossl.c: ECDSA_METHOD *ECDSA_METHOD_new() { ECDSA_METHOD *ret; ret=(ECDSA_METHOD *)OPENSSL_malloc(sizeof(ECDSA_METHOD)); if (ret == NULL) { ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE); return(NULL); } #if do_you_like_this /* copy the structure */ *ret = *ECDSA_get_default_method(); #else ret->name = "Cloned OpenSSL ECDSA method"; /* set the defaults as the functions in ecs_ossl.c */ ret->ecdsa_do_sign = ecdsa_do_sign; ret->ecdsa_sign_setup = ecdsa_sign_setup; ret->ecdsa_do_verify = ecdsa_do_verify; ret->flags = 0 ret->app_data = NULL; #endif return ret; } int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method, ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey) { ecdsa_method->ecdsa_do_sign = ecdsa_do_sign; } int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method, int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, const ECDSA_SIG *sig, EC_KEY *eckey)) { ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup; } int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method, int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey) { ecdsa_method->ecdsa_do_verify = ecdsa_do_verify; } void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method) { OPENSSL_free(ecdsa_method); }