提交 94c2f77a 编写于 作者: D Dr. Stephen Henson

Add functions to set ECDSA_METHOD structure.

Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
上级 96006022
......@@ -277,6 +277,10 @@
Changes between 1.0.1e and 1.0.2 [xx XXX xxxx]
*) Add functions to allocate and set the fields of an ECDSA_METHOD
structure.
[Douglas E. Engert, Steve Henson]
*) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
avoids preferring ECDHE-ECDSA ciphers when the client appears to be
Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
......
......@@ -244,6 +244,59 @@ ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
#endif
/** Allocates and initialize a ECDSA_METHOD structure
* \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL)
* \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
*/
ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_method);
/** frees a ECDSA_METHOD structure
* \param ecdsa_method pointer to the ECDSA_METHOD structure
*/
void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);
/** Set the ECDSA_do_sign function in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param ecdsa_do_sign a funtion of type ECDSA_do_sign
*/
void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey));
/** Set the ECDSA_sign_setup function in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup
*/
void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
BIGNUM **r));
/** Set the ECDSA_do_verify function in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param ecdsa_do_verify a funtion of type ECDSA_do_verify
*/
void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey));
void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags);
/** Set the flags field in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param flags flags value to set
*/
void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name);
/** Set the name field in the ECDSA_METHOD
* \param ecdsa_method pointer to existing ECDSA_METHOD
* \param name name to set
*/
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
......@@ -256,6 +309,7 @@ void ERR_load_ECDSA_strings(void);
#define ECDSA_F_ECDSA_DATA_NEW_METHOD 100
#define ECDSA_F_ECDSA_DO_SIGN 101
#define ECDSA_F_ECDSA_DO_VERIFY 102
#define ECDSA_F_ECDSA_METHOD_NEW 105
#define ECDSA_F_ECDSA_SIGN_SETUP 103
/* Reason codes. */
......
......@@ -73,6 +73,7 @@ static ERR_STRING_DATA ECDSA_str_functs[]=
{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"},
{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"},
{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
{ERR_FUNC(ECDSA_F_ECDSA_METHOD_NEW), "ECDSA_METHOD_new"},
{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
{0,NULL}
};
......
......@@ -264,3 +264,68 @@ void *ECDSA_get_ex_data(EC_KEY *d, int idx)
return NULL;
return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx));
}
ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_meth)
{
ECDSA_METHOD *ret;
ret = OPENSSL_malloc(sizeof(ECDSA_METHOD));
if (ret == NULL)
{
ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (ecdsa_meth)
*ret = *ecdsa_meth;
else
{
ret->ecdsa_sign_setup = 0;
ret->ecdsa_do_sign = 0;
ret->ecdsa_do_verify = 0;
ret->name = NULL;
ret->flags = 0;
}
ret->flags |= ECDSA_METHOD_FLAG_ALLOCATED;
return ret;
}
void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey))
{
ecdsa_method->ecdsa_do_sign = ecdsa_do_sign;
}
void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
BIGNUM **r))
{
ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup;
}
void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey))
{
ecdsa_method->ecdsa_do_verify = ecdsa_do_verify;
}
void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags)
{
ecdsa_method->flags = flags | ECDSA_METHOD_FLAG_ALLOCATED;
}
void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name)
{
ecdsa_method->name = name;
}
void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method)
{
if (ecdsa_method->flags & ECDSA_METHOD_FLAG_ALLOCATED)
OPENSSL_free(ecdsa_method);
}
......@@ -82,6 +82,11 @@ struct ecdsa_method
char *app_data;
};
/* The ECDSA_METHOD was allocated and can be freed */
#define ECDSA_METHOD_FLAG_ALLOCATED 0x2
/* If this flag is set the ECDSA method is FIPS compliant and can be used
* in FIPS mode. This is set in the validated module method. If an
* application sets this flag in its own methods it is its responsibility
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册