Add functions to set ECDSA_METHOD structure.

Add various functions to allocate and set the fields of an ECDSA_METHOD structure.
2013-09-18 00:50:15 +01:00 · 2013-09-18 00:50:15 +01:00 · 94c2f77a62
parent 9600602267
commit 94c2f77a62
5 changed files with 129 additions and 0 deletions
--- a/4
+++ b/4
@ -277,6 +277,10 @@

 Changes between 1.0.1e and 1.0.2 [xx XXX xxxx]

+  *) Add functions to allocate and set the fields of an ECDSA_METHOD
+     structure.
+     [Douglas E. Engert, Steve Henson]
+
  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
--- a/crypto/ecdsa/ecdsa.h
+++ b/crypto/ecdsa/ecdsa.h
@ -244,6 +244,59 @@ ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
 #endif


+/** Allocates and initialize a ECDSA_METHOD structure
+ *  \param ecdsa_method pointer to ECDSA_METHOD to copy.  (May be NULL)
+ *  \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
+ */
+
+ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method);
+
+/** frees a ECDSA_METHOD structure
+ *  \param  ecdsa_method  pointer to the ECDSA_METHOD structure
+ */
+void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);
+
+/**  Set the ECDSA_do_sign function in the ECDSA_METHOD
+ *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
+ *   \param  ecdsa_do_sign a funtion of type ECDSA_do_sign
+ */
+
+void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
+        ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
+                const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey));
+
+/**  Set the  ECDSA_sign_setup function in the ECDSA_METHOD
+ *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
+ *   \param  ecdsa_sign_setup a funtion of type ECDSA_sign_setup
+ */
+
+void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
+        int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
+                BIGNUM **r));
+
+/**  Set the ECDSA_do_verify function in the ECDSA_METHOD
+ *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
+ *   \param  ecdsa_do_verify a funtion of type ECDSA_do_verify
+ */
+
+void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
+        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
+                const ECDSA_SIG *sig, EC_KEY *eckey));
+
+void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags);
+
+/**  Set the flags field in the ECDSA_METHOD
+ *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
+ *   \param  flags flags value to set
+ */
+
+void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name);
+
+/**  Set the name field in the ECDSA_METHOD
+ *   \param  ecdsa_method  pointer to existing ECDSA_METHOD
+ *   \param  name name to set
+ */
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@ -256,6 +309,7 @@ void ERR_load_ECDSA_strings(void);
 #define ECDSA_F_ECDSA_DATA_NEW_METHOD			 100
 #define ECDSA_F_ECDSA_DO_SIGN				 101
 #define ECDSA_F_ECDSA_DO_VERIFY				 102
+#define ECDSA_F_ECDSA_METHOD_NEW			 105
 #define ECDSA_F_ECDSA_SIGN_SETUP			 103

 /* Reason codes. */
--- a/crypto/ecdsa/ecs_err.c
+++ b/crypto/ecdsa/ecs_err.c
@ -73,6 +73,7 @@ static ERR_STRING_DATA ECDSA_str_functs[]=
 {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD),	"ECDSA_DATA_NEW_METHOD"},
 {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN),	"ECDSA_do_sign"},
 {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY),	"ECDSA_do_verify"},
+{ERR_FUNC(ECDSA_F_ECDSA_METHOD_NEW),	"ECDSA_METHOD_new"},
 {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP),	"ECDSA_sign_setup"},
 {0,NULL}
 	};
--- a/crypto/ecdsa/ecs_lib.c
+++ b/crypto/ecdsa/ecs_lib.c
@ -264,3 +264,68 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx)
 		return NULL;
 	return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx));
 }
+
+ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_meth)
+	{
+	ECDSA_METHOD  *ret;
+
+	ret = OPENSSL_malloc(sizeof(ECDSA_METHOD));
+	if (ret == NULL)
+		{
+		ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+        	}
+
+	if (ecdsa_meth)
+		*ret = *ecdsa_meth;
+	else
+		{
+		ret->ecdsa_sign_setup = 0;
+		ret->ecdsa_do_sign = 0;
+		ret->ecdsa_do_verify = 0;
+		ret->name = NULL;
+		ret->flags = 0;
+		}
+	ret->flags |= ECDSA_METHOD_FLAG_ALLOCATED;
+	return ret;
+	}
+
+
+void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
+	ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
+		const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey))
+	{
+	ecdsa_method->ecdsa_do_sign = ecdsa_do_sign;
+	}
+
+void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
+	int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
+		BIGNUM **r))
+	{
+	ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup;
+	}
+
+void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
+	int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
+		const ECDSA_SIG *sig, EC_KEY *eckey))
+	{
+	ecdsa_method->ecdsa_do_verify = ecdsa_do_verify;
+	}
+
+void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags)
+	{
+	ecdsa_method->flags = flags | ECDSA_METHOD_FLAG_ALLOCATED;
+	}
+
+void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name)
+	{
+	ecdsa_method->name = name;
+	}
+
+void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method)
+	{
+	if (ecdsa_method->flags & ECDSA_METHOD_FLAG_ALLOCATED)
+		OPENSSL_free(ecdsa_method);
+	}
+
+
--- a/crypto/ecdsa/ecs_locl.h
+++ b/crypto/ecdsa/ecs_locl.h
@ -82,6 +82,11 @@ struct ecdsa_method
 	char *app_data;
 	};

+/* The ECDSA_METHOD was allocated and can be freed */
+
+#define ECDSA_METHOD_FLAG_ALLOCATED 0x2
+
+
 /* If this flag is set the ECDSA method is FIPS compliant and can be used
 * in FIPS mode. This is set in the validated module method. If an
 * application sets this flag in its own methods it is its responsibility