diff --git a/CHANGES b/CHANGES index 404f76bd082b9ebb703047738ac49484838e22c6..4b11fc9c5342d749f8cb3840c26b5485c59cebd9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD + and DH_METHOD (eg. by ENGINE implementations) to override the normal + software implementations. For DSA and DH, parameter generation can + also be overriden by providing the appropriate method callbacks. + [Geoff Thorpe] + *) Change the "progress" mechanism used in key-generation and primality testing to functions that take a new BN_GENCB pointer in place of callback/argument pairs. The new API functions have "_ex" diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index cab9b1493dc971a5992331c16cf3b35a48724f80..62dba4055c7fc84e7ec77fa276c2684546ad0906 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -91,6 +91,8 @@ typedef struct dh_method { int (*finish)(DH *dh); int flags; char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); } DH_METHOD; struct dh_st diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index a929a0f0648000ab0e80d7ad444b9842ce113260..1f805073cf301a6d86c815452944d1b3695d3bb9 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -66,6 +66,15 @@ #include #include +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); + +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) + { + if(ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); + } + /* We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q @@ -91,7 +100,7 @@ * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ -int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) { BIGNUM *t1,*t2; int g,ok= -1; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 1a0efca2c4c19c0eb319e48b2ac30d3371cac7df..5e58e0032f559a289464a4782f0e1d6027172b9a 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -90,6 +90,7 @@ dh_bn_mod_exp, dh_init, dh_finish, 0, +NULL, NULL }; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 7a126e486b6fa6f6f45b021df937fd849665a594..6ba79b01dfe853d6cb2ecd6100b13cb3a918c1c5 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -110,6 +110,13 @@ typedef struct dsa_method { int (*finish)(DSA *dsa); int flags; char *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen)(DSA *dsa, int bits, + unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); } DSA_METHOD; struct dsa_st diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index ca2c8670897079e526a9029eef97acb00d575995..4b9aff3689c55d4b4a2dc46ee2c3914ff23a445e 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -80,10 +80,25 @@ #include #include +static int dsa_builtin_paramgen(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + int DSA_generate_parameters_ex(DSA *ret, int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { + if(ret->meth->dsa_paramgen) + return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + } + +static int dsa_builtin_paramgen(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) + { int ok=0; unsigned char seed[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH]; diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index ef87c3e6372e6cf1eb631498c428bedc86e25243..48ff1f423cf09300cd62065579dcff237a5244df 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -64,7 +64,16 @@ #include #include +static int dsa_builtin_keygen(DSA *dsa); + int DSA_generate_key(DSA *dsa) + { + if(dsa->meth->dsa_keygen) + return dsa->meth->dsa_keygen(dsa); + return dsa_builtin_keygen(dsa); + } + +static int dsa_builtin_keygen(DSA *dsa) { int ok=0; BN_CTX *ctx=NULL; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index fc35dfe1f6530f42d138cbd6675638aa5a87e287..313c06fa3ff00bff9fb92d93999a01dd11ccfcf9 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -89,6 +89,8 @@ dsa_bn_mod_exp, dsa_init, dsa_finish, 0, +NULL, +NULL, NULL }; diff --git a/engines/e_aep.c b/engines/e_aep.c index 3bb979a5f1560fbc4a6da803026445a38e0ca720..46ccac2823d1fa9cb8c10367674c25eccecfa211 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -190,7 +190,9 @@ static DSA_METHOD aep_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -205,6 +207,7 @@ static DH_METHOD aep_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 6807e8400c221eca368a0bf3d4d5722477afc7ce..64dcc046e89f151f836313ab87ec6c19f50a4d03 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -154,7 +154,9 @@ static DSA_METHOD atalla_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -169,6 +171,7 @@ static DH_METHOD atalla_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_cswift.c b/engines/e_cswift.c index d3bd9c657d7bdc06d9a4b7b860f90e42e395a7eb..28a51d1bfd5b57d484ff1ba74e62098d3bc9503d 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -172,7 +172,9 @@ static DSA_METHOD cswift_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -187,6 +189,7 @@ static DH_METHOD cswift_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index 8e8344379e73752236b116fc1a81fa7d64357022..bf95ca8612e7324a45f0dea0a47c27e98fe6b0a7 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -201,6 +201,7 @@ static DH_METHOD hwcrhk_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_nuron.c b/engines/e_nuron.c index 2d3f84b041674780c424a4085b9e29446a462c30..f9c3795033354e68ce4fcde21f5b942a01cdaef1 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -287,7 +287,9 @@ static DSA_METHOD nuron_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -301,6 +303,7 @@ static DH_METHOD nuron_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_sureware.c b/engines/e_sureware.c index ee7182cd0c730f895a4017e34cfe3e3b3fa07c76..cae8bf48565cb751edde54c9c3e78332b9449d3f 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -145,7 +145,8 @@ static DH_METHOD surewarehk_dh = NULL, /* init*/ NULL, /* finish*/ 0, /* flags*/ - NULL + NULL, + NULL }; #endif @@ -194,6 +195,8 @@ static DSA_METHOD surewarehk_dsa = NULL,/*finish*/ 0, NULL, + NULL, + NULL }; #endif diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index afb0c9ece6618249abcf68aeede471fe780c92ac..02927d7b387c733a0d885e2086f4b25be6b6060f 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -162,7 +162,9 @@ static DSA_METHOD ubsec_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -177,6 +179,7 @@ static DH_METHOD ubsec_dh = NULL, NULL, 0, + NULL, NULL }; #endif