On 9/11/2013 2:01 PM, Stephen Henson via RT wrote:
> On Wed Sep 11 17:52:03 2013, [email protected] wrote:
>>
>> Attached is a patch to move the definition of ecdsa_method
>> from src/crypto/ecdsa/ecs_locl.h to ecdsa.h
>> and move the definition if ecdh_method
>> from src/crypto/ecdh/ech_locl.h to ecdh.h
>>
>
> It's been policy that we should avoiding direct structure access in
> applications code and use opaque structures where possible.
>
> I had to change ecdsa_method for the FIPS builds (add the flags field) and if
> it had been public would've meant that it would no longer be binary compatible
> across minor versions (1.0.0 incompatible with 1.0.1 and later) which would be
> a major headache.
>
> The preferred technique would be to create a function to allocate and
> initialise the structure without exposing it in a public header. See the
> EVP_PKEY_METHOD structure for example.
Is the following something like what you are looking for?
It has not been been tested, and it needs some error handling...
The 3 _put_ routines could be combined with the _new routine.
Add to ecdsa.h:
ECDSA_METHOD *ECDSA_METHOD_new();
void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);
int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method,
ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
const ECDSA_SIG *sig, EC_KEY *eckey));
int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey);
add to ecs_ossl.c or some other file:
ECDSA_METHOD *ECDSA_METHOD_new()
{
ECDSA_METHOD *ret;
ret=(ECDSA_METHOD *)OPENSSL_malloc(sizeof(ECDSA_METHOD));
if (ret == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE);
return(NULL);
}
#if do_you_like_this
/* copy the structure */
*ret = *ECDSA_get_default_method();
#else
ret->name = "Cloned OpenSSL ECDSA method";
/* set the defaults as the functions in ecs_ossl.c */
ret->ecdsa_do_sign = ecdsa_do_sign;
ret->ecdsa_sign_setup = ecdsa_sign_setup;
ret->ecdsa_do_verify = ecdsa_do_verify;
ret->flags = 0
ret->app_data = NULL;
#endif
return ret;
}
int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method,
ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)
{
ecdsa_method->ecdsa_do_sign = ecdsa_do_sign;
}
int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
const ECDSA_SIG *sig, EC_KEY *eckey))
{
ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup;
}
int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey)
{
ecdsa_method->ecdsa_do_verify = ecdsa_do_verify;
}
void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method)
{
OPENSSL_free(ecdsa_method);
}
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [email protected]
> Automated List Manager [email protected]
>
--
Douglas E. Engert <[email protected]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Add to ecdsa.h:
ECDSA_METHOD *ECDSA_METHOD_new();
void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);
int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method,
ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
const ECDSA_SIG *sig, EC_KEY *eckey));
int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey);
add to ecs_ossl.c:
ECDSA_METHOD *ECDSA_METHOD_new()
{
ECDSA_METHOD *ret;
ret=(ECDSA_METHOD *)OPENSSL_malloc(sizeof(ECDSA_METHOD));
if (ret == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE);
return(NULL);
}
#if do_you_like_this
/* copy the structure */
*ret = *ECDSA_get_default_method();
#else
ret->name = "Cloned OpenSSL ECDSA method";
/* set the defaults as the functions in ecs_ossl.c */
ret->ecdsa_do_sign = ecdsa_do_sign;
ret->ecdsa_sign_setup = ecdsa_sign_setup;
ret->ecdsa_do_verify = ecdsa_do_verify;
ret->flags = 0
ret->app_data = NULL;
#endif
return ret;
}
int ECDSA_METHOD_put_ECDSA_do_sign(ECDSA_METHOD *ecdsa_method,
ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)
{
ecdsa_method->ecdsa_do_sign = ecdsa_do_sign;
}
int ECDSA_METHOD_put_ECDSA_sign_setup(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
const ECDSA_SIG *sig, EC_KEY *eckey))
{
ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup;
}
int ECDSA_METHOD_put_ECDSA_do_verify(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey)
{
ecdsa_method->ecdsa_do_verify = ecdsa_do_verify;
}
void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method)
{
OPENSSL_free(ecdsa_method);
}
