As with RSA, which was modified recently, this change makes it possible to
authorGeoff Thorpe <geoff@openssl.org>
Wed, 15 Jan 2003 02:01:55 +0000 (02:01 +0000)
committerGeoff Thorpe <geoff@openssl.org>
Wed, 15 Jan 2003 02:01:55 +0000 (02:01 +0000)
override key-generation implementations by placing handlers in the methods
for DSA and DH. Also, parameter generation for DSA and DH is possible by
another new handler for each method.

15 files changed:
CHANGES
crypto/dh/dh.h
crypto/dh/dh_gen.c
crypto/dh/dh_key.c
crypto/dsa/dsa.h
crypto/dsa/dsa_gen.c
crypto/dsa/dsa_key.c
crypto/dsa/dsa_ossl.c
engines/e_aep.c
engines/e_atalla.c
engines/e_cswift.c
engines/e_ncipher.c
engines/e_nuron.c
engines/e_sureware.c
engines/e_ubsec.c

diff --git a/CHANGES b/CHANGES
index 404f76b..4b11fc9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.7 and 0.9.8  [xx XXX xxxx]
 
+  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
+     and DH_METHOD (eg. by ENGINE implementations) to override the normal
+     software implementations. For DSA and DH, parameter generation can
+     also be overriden by providing the appropriate method callbacks.
+     [Geoff Thorpe]
+
   *) Change the "progress" mechanism used in key-generation and
      primality testing to functions that take a new BN_GENCB pointer in
      place of callback/argument pairs. The new API functions have "_ex"
index cab9b14..62dba40 100644 (file)
@@ -91,6 +91,8 @@ typedef struct dh_method {
        int (*finish)(DH *dh);
        int flags;
        char *app_data;
+       /* If this is non-NULL, it will be used to generate parameters */
+       int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
 } DH_METHOD;
 
 struct dh_st
index a929a0f..1f80507 100644 (file)
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+       {
+       if(ret->meth->generate_params)
+               return ret->meth->generate_params(ret, prime_len, generator, cb);
+       return dh_builtin_genparams(ret, prime_len, generator, cb);
+       }
+
 /* We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
  * p=(2*q)+1 or (p-1)/2 = q
  * It's just as OK (and in some sense better) to use a generator of the
  * order-q subgroup.
  */
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
        {
        BIGNUM *t1,*t2;
        int g,ok= -1;
index 1a0efca..5e58e00 100644 (file)
@@ -90,6 +90,7 @@ dh_bn_mod_exp,
 dh_init,
 dh_finish,
 0,
+NULL,
 NULL
 };
 
index 7a126e4..6ba79b0 100644 (file)
@@ -110,6 +110,13 @@ typedef struct dsa_method {
        int (*finish)(DSA *dsa);
        int flags;
        char *app_data;
+       /* If this is non-NULL, it is used to generate DSA parameters */
+       int (*dsa_paramgen)(DSA *dsa, int bits,
+                       unsigned char *seed, int seed_len,
+                       int *counter_ret, unsigned long *h_ret,
+                       BN_GENCB *cb);
+       /* If this is non-NULL, it is used to generate DSA keys */
+       int (*dsa_keygen)(DSA *dsa);
 } DSA_METHOD;
 
 struct dsa_st
index ca2c867..4b9aff3 100644 (file)
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+               unsigned char *seed_in, int seed_len,
+               int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
+       if(ret->meth->dsa_paramgen)
+               return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+                               counter_ret, h_ret, cb);
+       return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+                       counter_ret, h_ret, cb);
+       }
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+               unsigned char *seed_in, int seed_len,
+               int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+       {
        int ok=0;
        unsigned char seed[SHA_DIGEST_LENGTH];
        unsigned char md[SHA_DIGEST_LENGTH];
index ef87c3e..48ff1f4 100644 (file)
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
+static int dsa_builtin_keygen(DSA *dsa);
+
 int DSA_generate_key(DSA *dsa)
+       {
+       if(dsa->meth->dsa_keygen)
+               return dsa->meth->dsa_keygen(dsa);
+       return dsa_builtin_keygen(dsa);
+       }
+
+static int dsa_builtin_keygen(DSA *dsa)
        {
        int ok=0;
        BN_CTX *ctx=NULL;
index fc35dfe..313c06f 100644 (file)
@@ -89,6 +89,8 @@ dsa_bn_mod_exp,
 dsa_init,
 dsa_finish,
 0,
+NULL,
+NULL,
 NULL
 };
 
index 3bb979a..46ccac2 100644 (file)
@@ -190,7 +190,9 @@ static DSA_METHOD aep_dsa =
        NULL,                /* init */
        NULL,                /* finish */
        0,                   /* flags */
-       NULL                 /* app_data */
+       NULL,                /* app_data */
+       NULL,                /* dsa_paramgen */
+       NULL                 /* dsa_keygen */
        };
 #endif
 
@@ -205,6 +207,7 @@ static DH_METHOD aep_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif
index 6807e84..64dcc04 100644 (file)
@@ -154,7 +154,9 @@ static DSA_METHOD atalla_dsa =
        NULL, /* init */
        NULL, /* finish */
        0, /* flags */
-       NULL /* app_data */
+       NULL, /* app_data */
+       NULL, /* dsa_paramgen */
+       NULL /* dsa_keygen */
        };
 #endif
 
@@ -169,6 +171,7 @@ static DH_METHOD atalla_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif
index d3bd9c6..28a51d1 100644 (file)
@@ -172,7 +172,9 @@ static DSA_METHOD cswift_dsa =
        NULL, /* init */
        NULL, /* finish */
        0, /* flags */
-       NULL /* app_data */
+       NULL, /* app_data */
+       NULL, /* dsa_paramgen */
+       NULL /* dsa_keygen */
        };
 #endif
 
@@ -187,6 +189,7 @@ static DH_METHOD cswift_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif
index 8e83443..bf95ca8 100644 (file)
@@ -201,6 +201,7 @@ static DH_METHOD hwcrhk_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif
index 2d3f84b..f9c3795 100644 (file)
@@ -287,7 +287,9 @@ static DSA_METHOD nuron_dsa =
        NULL, /* init */
        NULL, /* finish */
        0, /* flags */
-       NULL /* app_data */
+       NULL, /* app_data */
+       NULL, /* dsa_paramgen */
+       NULL /* dsa_keygen */
        };
 #endif
 
@@ -301,6 +303,7 @@ static DH_METHOD nuron_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif
index ee7182c..cae8bf4 100644 (file)
@@ -145,7 +145,8 @@ static DH_METHOD surewarehk_dh =
        NULL, /* init*/
        NULL, /* finish*/
        0,    /* flags*/
-       NULL 
+       NULL,
+       NULL
        };
 #endif
 
@@ -194,6 +195,8 @@ static DSA_METHOD surewarehk_dsa =
        NULL,/*finish*/
        0,
        NULL,
+       NULL,
+       NULL
        };
 #endif
 
index afb0c9e..02927d7 100644 (file)
@@ -162,7 +162,9 @@ static DSA_METHOD ubsec_dsa =
        NULL, /* init */
        NULL, /* finish */
        0, /* flags */
-       NULL /* app_data */
+       NULL, /* app_data */
+       NULL, /* dsa_paramgen */
+       NULL /* dsa_keygen */
        };
 #endif
 
@@ -177,6 +179,7 @@ static DH_METHOD ubsec_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif