[openssl-dev] Comments on the new ECDSA_METHOD_*() and RSA_METHOD_*() APIs
Dr. Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Mon Jun 22 11:11:07 UTC 2015
Hello,
first of all, I'd like to say that I agree with the core developers that it's a good idea to make
all these OpenSSL structs opaque and provide an API for creation/desruction and member access instead.
I have two comments on the new ECDSA_METHOD_*() and RSA_METHOD_*() APIs in particular,
and a general question concerning the *_METHOD_*() API in general.
1) The ECDSA_METHOD_*() api is not const correct: the "copy constructor" and the name setter
are lacking a 'const' in the last argument.
ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_meth)
void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name)
Instead, I should be
ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_meth)
void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, const char *name)
I have prepared a patch fixing the const-correctness, which I'll post to the request tracker.
It would be nice if the change could be added to the 1.0.2 stable branch. Although it's a header change
it would not break the ABI and force no recompilation of existing code, as far as I understand it,
since there is no name decoration in C. This opion was also shared by Rich Salz recently:
Re: [openssl-dev] Missing API features
On 04/20/2015 10:25 PM, Salz, Rich wrote:>
> Changing the return type here should be binary compatible on any sane platform, but it might cause source incompatibilities.
I think it would be better to correct the error right away, before people start working around it
by casting away the const's in their code.
2) A corresponding RSA_METHOD_*() api is still completely missing (even on master) and the 'struct rsa_meth_st'
members are still publicly visible.
Are there any plans to add it in the near future?
3) Looking at the set of exported functions in util/libeay.num, one sees that the *_METHOD_*() API is still
rather rudimentary. Are there any plans to change this?
util/libeay.num:
DSO_METHOD_null 2270 EXIST::FUNCTION:
DSO_METHOD_openssl 2271 EXIST::FUNCTION:
DSO_METHOD_dlfcn 2272 EXIST::FUNCTION:
DSO_METHOD_win32 2273 EXIST::FUNCTION:
DSO_METHOD_dl 2275 EXIST::FUNCTION:
DSO_METHOD_vms 2462 EXIST::FUNCTION:
EC_METHOD_get_field_type 3528 EXIST::FUNCTION:EC
DSO_METHOD_beos 4122 NOEXIST::FUNCTION:
X509_CRL_METHOD_free 4241 EXIST::FUNCTION:
X509_CRL_METHOD_new 4371 EXIST::FUNCTION:
ECDSA_METHOD_set_name 4723 EXIST::FUNCTION:EC
ECDSA_METHOD_set_flags 4726 EXIST::FUNCTION:EC
ECDSA_METHOD_set_sign_setup 4727 EXIST::FUNCTION:EC
ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:EC
ECDSA_METHOD_new 4751 EXIST::FUNCTION:EC
ECDSA_METHOD_set_verify 4755 EXIST::FUNCTION:EC
ECDSA_METHOD_free 4759 EXIST::FUNCTION:EC
ECDSA_METHOD_set_app_data 4768 EXIST::FUNCTION:EC
ECDSA_METHOD_get_app_data 4770 EXIST::FUNCTION:EC
More information about the openssl-dev
mailing list