Hi list, I'm having the *exact* same issue that Jacques had 2 years ago: https://mta.openssl.org/pipermail/openssl-users/2015-June/001584.html
I.e., I'm writing an OpenSSL 1.0.2 engine that does ECDSA signing. In my signing function, I want to verify the signature before leaving the callback. For that I need to use the *default* verification function. The problem is that ECDSA_METHOD is an opaque structure. It's only ever passed through reference (and has been forward-declared), but it's internal structure is defined in a localized crypto/ecdsa/ecs_locl.h header file. So two questions: When OpenSSL sees that the do_verify function in the callback has not been set, why does it not default to the internal definition instead of segfaulting? How do I get the function pointer to the default method do_verify? I.e., how do I do something like: ECDSA_METHOD_set_verify(ecdsa_method, ECDSA_get_default_method()->ecdsa_do_verify); Which currently (because of the opaque structure) results in: usockeng.c: In function ‘bind_fn’: usockeng.c:341:66: error: dereferencing pointer to incomplete type ‘ECDSA_METHOD {aka const struct ecdsa_method}’ There were two replies two years ago, both which don't help me: Rémy suggests (https://mta.openssl.org/pipermail/openssl-users/2015-June/001585.html) to define the engine's ECDSA_METHOD structure explicitly, like so: static ECDSA_METHOD my_own_openssl_ecdsa_meth = { "OpenSSL ECDSA method", my_own_ecdsa_do_sign_function, ecdsa_sign_setup_no_digest, ecdsa_do_verify, ... } This does not work (anymore?) because the stucture is opaque. Dmitry suggests (https://mta.openssl.org/pipermail/openssl-users/2015-June/001586.html) to use ECDSA_METHOD_set_sign_setup/ECDSA_METHOD_set_sign -- I don't understand this, since I did define set_sign (and it already works), but I need *verification*. Of course, the butt-ugly workaround would be to copy/paste the local structure definition in my engine code, creating a horribly unportable mess. But what's the *intended* way to solve this issue? Best regards, Johannes -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev