Add functions to set ECDSA_METHOD structure. (94c2f77a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -277,6 +277,10 @@

		Changes between 1.0.1e and 1.0.2 [xx XXX xxxx]

		*) Add functions to allocate and set the fields of an ECDSA_METHOD
		structure.
		[Douglas E. Engert, Steve Henson]

		*) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
		avoids preferring ECDHE-ECDSA ciphers when the client appears to be
		Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for

crypto/ecdsa/ecdsa.h

+54 −0

Original line number	Diff line number	Diff line
		@@ -244,6 +244,59 @@ ECDSA_SIG * FIPS_ecdsa_sign(EC_KEY *key,
		#endif


		/** Allocates and initialize a ECDSA_METHOD structure
		* \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL)
		* \return pointer to a ECDSA_METHOD structure or NULL if an error occurred
		*/

		ECDSA_METHOD ECDSA_METHOD_new(ECDSA_METHOD ecdsa_method);

		/** frees a ECDSA_METHOD structure
		* \param ecdsa_method pointer to the ECDSA_METHOD structure
		*/
		void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method);

		/** Set the ECDSA_do_sign function in the ECDSA_METHOD
		* \param ecdsa_method pointer to existing ECDSA_METHOD
		* \param ecdsa_do_sign a funtion of type ECDSA_do_sign
		*/

		void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
		ECDSA_SIG (ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
		const BIGNUM inv, const BIGNUM rp, EC_KEY *eckey));

		/** Set the ECDSA_sign_setup function in the ECDSA_METHOD
		* \param ecdsa_method pointer to existing ECDSA_METHOD
		* \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup
		*/

		void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
		int (ecdsa_sign_setup)(EC_KEY eckey, BN_CTX ctx, BIGNUM *kinv,
		BIGNUM **r));

		/** Set the ECDSA_do_verify function in the ECDSA_METHOD
		* \param ecdsa_method pointer to existing ECDSA_METHOD
		* \param ecdsa_do_verify a funtion of type ECDSA_do_verify
		*/

		void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
		int (ecdsa_do_verify)(const unsigned char dgst, int dgst_len,
		const ECDSA_SIG sig, EC_KEY eckey));

		void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags);

		/** Set the flags field in the ECDSA_METHOD
		* \param ecdsa_method pointer to existing ECDSA_METHOD
		* \param flags flags value to set
		*/

		void ECDSA_METHOD_set_name(ECDSA_METHOD ecdsa_method, char name);

		/** Set the name field in the ECDSA_METHOD
		* \param ecdsa_method pointer to existing ECDSA_METHOD
		* \param name name to set
		*/

		/* BEGIN ERROR CODES */
		/* The following lines are auto generated by the script mkerr.pl. Any changes
		* made after this point may be overwritten when the script is next run.
		@@ -256,6 +309,7 @@ void ERR_load_ECDSA_strings(void);
		#define ECDSA_F_ECDSA_DATA_NEW_METHOD 100
		#define ECDSA_F_ECDSA_DO_SIGN 101
		#define ECDSA_F_ECDSA_DO_VERIFY 102
		#define ECDSA_F_ECDSA_METHOD_NEW 105
		#define ECDSA_F_ECDSA_SIGN_SETUP 103

		/* Reason codes. */

crypto/ecdsa/ecs_err.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -73,6 +73,7 @@ static ERR_STRING_DATA ECDSA_str_functs[]=
		{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"},
		{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"},
		{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
		{ERR_FUNC(ECDSA_F_ECDSA_METHOD_NEW), "ECDSA_METHOD_new"},
		{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
		{0,NULL}
		};

crypto/ecdsa/ecs_lib.c

+65 −0

Original line number	Diff line number	Diff line
		@@ -264,3 +264,68 @@ void ECDSA_get_ex_data(EC_KEY d, int idx)
		return NULL;
		return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx));
		}

		ECDSA_METHOD ECDSA_METHOD_new(ECDSA_METHOD ecdsa_meth)
		{
		ECDSA_METHOD *ret;

		ret = OPENSSL_malloc(sizeof(ECDSA_METHOD));
		if (ret == NULL)
		{
		ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
		}

		if (ecdsa_meth)
		ret = ecdsa_meth;
		else
		{
		ret->ecdsa_sign_setup = 0;
		ret->ecdsa_do_sign = 0;
		ret->ecdsa_do_verify = 0;
		ret->name = NULL;
		ret->flags = 0;
		}
		ret->flags \|= ECDSA_METHOD_FLAG_ALLOCATED;
		return ret;
		}


		void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
		ECDSA_SIG (ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
		const BIGNUM inv, const BIGNUM rp, EC_KEY *eckey))
		{
		ecdsa_method->ecdsa_do_sign = ecdsa_do_sign;
		}

		void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method,
		int (ecdsa_sign_setup)(EC_KEY eckey, BN_CTX ctx, BIGNUM *kinv,
		BIGNUM **r))
		{
		ecdsa_method->ecdsa_sign_setup = ecdsa_sign_setup;
		}

		void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
		int (ecdsa_do_verify)(const unsigned char dgst, int dgst_len,
		const ECDSA_SIG sig, EC_KEY eckey))
		{
		ecdsa_method->ecdsa_do_verify = ecdsa_do_verify;
		}

		void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags)
		{
		ecdsa_method->flags = flags \| ECDSA_METHOD_FLAG_ALLOCATED;
		}

		void ECDSA_METHOD_set_name(ECDSA_METHOD ecdsa_method, char name)
		{
		ecdsa_method->name = name;
		}

		void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method)
		{
		if (ecdsa_method->flags & ECDSA_METHOD_FLAG_ALLOCATED)
		OPENSSL_free(ecdsa_method);
		}

crypto/ecdsa/ecs_locl.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -82,6 +82,11 @@ struct ecdsa_method
		char *app_data;
		};

		/* The ECDSA_METHOD was allocated and can be freed */

		#define ECDSA_METHOD_FLAG_ALLOCATED 0x2


		/* If this flag is set the ECDSA method is FIPS compliant and can be used
		* in FIPS mode. This is set in the validated module method. If an
		* application sets this flag in its own methods it is its responsibility