From: Dr. Stephen Henson Date: Tue, 17 Sep 2013 23:50:15 +0000 (+0100) Subject: Add functions to set ECDSA_METHOD structure. X-Git-Tag: master-post-reformat~1169 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=94c2f77a62be7079ab1893ab14b18a30157c4532;p=oweals%2Fopenssl.git Add functions to set ECDSA_METHOD structure. Add various functions to allocate and set the fields of an ECDSA_METHOD structure. --- diff --git a/CHANGES b/CHANGES index 2ad78e95e4..46384f093c 100644 --- a/CHANGES +++ b/CHANGES @@ -277,6 +277,10 @@ Changes between 1.0.1e and 1.0.2 [xx XXX xxxx] + *) Add functions to allocate and set the fields of an ECDSA_METHOD + structure. + [Douglas E. Engert, Steve Henson] + *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index cd6d19ccde..746c020605 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -244,6 +244,59 @@ ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key, #endif +/** Allocates and initialize a ECDSA_METHOD structure + * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) + * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred + */ + +ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method); + +/** frees a ECDSA_METHOD structure + * \param ecdsa_method pointer to the ECDSA_METHOD structure + */ +void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); + +/** Set the ECDSA_do_sign function in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param ecdsa_do_sign a funtion of type ECDSA_do_sign + */ + +void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, + ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, + const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)); + +/** Set the ECDSA_sign_setup function in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup + */ + +void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, + int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **r)); + +/** Set the ECDSA_do_verify function in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param ecdsa_do_verify a funtion of type ECDSA_do_verify + */ + +void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, + int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)); + +void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); + +/** Set the flags field in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param flags flags value to set + */ + +void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); + +/** Set the name field in the ECDSA_METHOD + * \param ecdsa_method pointer to existing ECDSA_METHOD + * \param name name to set + */ + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -256,6 +309,7 @@ void ERR_load_ECDSA_strings(void); #define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 #define ECDSA_F_ECDSA_DO_SIGN 101 #define ECDSA_F_ECDSA_DO_VERIFY 102 +#define ECDSA_F_ECDSA_METHOD_NEW 105 #define ECDSA_F_ECDSA_SIGN_SETUP 103 /* Reason codes. */ diff --git a/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c index d549ee5323..919cced040 100644 --- a/crypto/ecdsa/ecs_err.c +++ b/crypto/ecdsa/ecs_err.c @@ -73,6 +73,7 @@ static ERR_STRING_DATA ECDSA_str_functs[]= {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, +{ERR_FUNC(ECDSA_F_ECDSA_METHOD_NEW), "ECDSA_METHOD_new"}, {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, {0,NULL} }; diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 81082c9727..d559c9e1cb 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -264,3 +264,68 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx) return NULL; return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); } + +ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_meth) + { + ECDSA_METHOD *ret; + + ret = OPENSSL_malloc(sizeof(ECDSA_METHOD)); + if (ret == NULL) + { + ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (ecdsa_meth) + *ret = *ecdsa_meth; + else + { + ret->ecdsa_sign_setup = 0; + ret->ecdsa_do_sign = 0; + ret->ecdsa_do_verify = 0; + ret->name = NULL; + ret->flags = 0; + } + ret->flags |= ECDSA_METHOD_FLAG_ALLOCATED; + return ret; + } + + +void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, + ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, + const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)) + { + ecdsa_method->ecdsa_do_sign = ecdsa_do_sign; + } + +void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, + int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **r)) + { + ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup; + } + +void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, + int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)) + { + ecdsa_method->ecdsa_do_verify = ecdsa_do_verify; + } + +void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags) + { + ecdsa_method->flags = flags | ECDSA_METHOD_FLAG_ALLOCATED; + } + +void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name) + { + ecdsa_method->name = name; + } + +void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method) + { + if (ecdsa_method->flags & ECDSA_METHOD_FLAG_ALLOCATED) + OPENSSL_free(ecdsa_method); + } + + diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h index ad466e2b61..4b10530ad6 100644 --- a/crypto/ecdsa/ecs_locl.h +++ b/crypto/ecdsa/ecs_locl.h @@ -82,6 +82,11 @@ struct ecdsa_method char *app_data; }; +/* The ECDSA_METHOD was allocated and can be freed */ + +#define ECDSA_METHOD_FLAG_ALLOCATED 0x2 + + /* If this flag is set the ECDSA method is FIPS compliant and can be used * in FIPS mode. This is set in the validated module method. If an * application sets this flag in its own methods it is its responsibility