As with RSA, which was modified recently, this change makes it possible to

override key-generation implementations by placing handlers in the methods
for DSA and DH. Also, parameter generation for DSA and DH is possible by
another new handler for each method.

diff --git a/CHANGES b/CHANGES
index 404f76bd082b9ebb703047738ac49484838e22c6..4b11fc9c5342d749f8cb3840c26b5485c59cebd9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.7 and 0.9.8  [xx XXX xxxx]
 
+  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
+     and DH_METHOD (eg. by ENGINE implementations) to override the normal
+     software implementations. For DSA and DH, parameter generation can
+     also be overriden by providing the appropriate method callbacks.
+     [Geoff Thorpe]
+
   *) Change the "progress" mechanism used in key-generation and
      primality testing to functions that take a new BN_GENCB pointer in
      place of callback/argument pairs. The new API functions have "_ex"

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index cab9b1493dc971a5992331c16cf3b35a48724f80..62dba4055c7fc84e7ec77fa276c2684546ad0906 100644 (file)
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -91,6 +91,8 @@ typedef struct dh_method {
        int (*finish)(DH *dh);
        int flags;
        char *app_data;
+       /* If this is non-NULL, it will be used to generate parameters */
+       int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
 } DH_METHOD;
 
 struct dh_st

diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index a929a0f0648000ab0e80d7ad444b9842ce113260..1f805073cf301a6d86c815452944d1b3695d3bb9 100644 (file)
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -66,6 +66,15 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+       {
+       if(ret->meth->generate_params)
+               return ret->meth->generate_params(ret, prime_len, generator, cb);
+       return dh_builtin_genparams(ret, prime_len, generator, cb);
+       }
+
 /* We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
  * p=(2*q)+1 or (p-1)/2 = q
@@ -91,7 +100,7 @@
  * It's just as OK (and in some sense better) to use a generator of the
  * order-q subgroup.
  */
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
        {
        BIGNUM *t1,*t2;
        int g,ok= -1;

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 1a0efca2c4c19c0eb319e48b2ac30d3371cac7df..5e58e0032f559a289464a4782f0e1d6027172b9a 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -90,6 +90,7 @@ dh_bn_mod_exp,
 dh_init,
 dh_finish,
 0,
+NULL,
 NULL
 };
 

diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 7a126e486b6fa6f6f45b021df937fd849665a594..6ba79b01dfe853d6cb2ecd6100b13cb3a918c1c5 100644 (file)
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -110,6 +110,13 @@ typedef struct dsa_method {
        int (*finish)(DSA *dsa);
        int flags;
        char *app_data;
+       /* If this is non-NULL, it is used to generate DSA parameters */
+       int (*dsa_paramgen)(DSA *dsa, int bits,
+                       unsigned char *seed, int seed_len,
+                       int *counter_ret, unsigned long *h_ret,
+                       BN_GENCB *cb);
+       /* If this is non-NULL, it is used to generate DSA keys */
+       int (*dsa_keygen)(DSA *dsa);
 } DSA_METHOD;
 
 struct dsa_st

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index ca2c8670897079e526a9029eef97acb00d575995..4b9aff3689c55d4b4a2dc46ee2c3914ff23a445e 100644 (file)
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -80,10 +80,25 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+               unsigned char *seed_in, int seed_len,
+               int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
+       if(ret->meth->dsa_paramgen)
+               return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+                               counter_ret, h_ret, cb);
+       return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+                       counter_ret, h_ret, cb);
+       }
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+               unsigned char *seed_in, int seed_len,
+               int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+       {
        int ok=0;
        unsigned char seed[SHA_DIGEST_LENGTH];
        unsigned char md[SHA_DIGEST_LENGTH];

diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index ef87c3e6372e6cf1eb631498c428bedc86e25243..48ff1f423cf09300cd62065579dcff237a5244df 100644 (file)
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -64,7 +64,16 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
+static int dsa_builtin_keygen(DSA *dsa);
+
 int DSA_generate_key(DSA *dsa)
+       {
+       if(dsa->meth->dsa_keygen)
+               return dsa->meth->dsa_keygen(dsa);
+       return dsa_builtin_keygen(dsa);
+       }
+
+static int dsa_builtin_keygen(DSA *dsa)
        {
        int ok=0;
        BN_CTX *ctx=NULL;

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index fc35dfe1f6530f42d138cbd6675638aa5a87e287..313c06fa3ff00bff9fb92d93999a01dd11ccfcf9 100644 (file)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -89,6 +89,8 @@ dsa_bn_mod_exp,
 dsa_init,
 dsa_finish,
 0,
+NULL,
+NULL,
 NULL
 };
 

diff --git a/engines/e_aep.c b/engines/e_aep.c
index 3bb979a5f1560fbc4a6da803026445a38e0ca720..46ccac2823d1fa9cb8c10367674c25eccecfa211 100644 (file)
--- a/engines/e_aep.c
+++ b/engines/e_aep.c
@@ -190,7 +190,9 @@ static DSA_METHOD aep_dsa =
        NULL,                /* init */
        NULL,                /* finish */
        0,                   /* flags */
-       NULL                 /* app_data */
+       NULL,                /* app_data */
+       NULL,                /* dsa_paramgen */
+       NULL                 /* dsa_keygen */
        };
 #endif
 
@@ -205,6 +207,7 @@ static DH_METHOD aep_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif

diff --git a/engines/e_atalla.c b/engines/e_atalla.c
index 6807e8400c221eca368a0bf3d4d5722477afc7ce..64dcc046e89f151f836313ab87ec6c19f50a4d03 100644 (file)
--- a/engines/e_atalla.c
+++ b/engines/e_atalla.c
@@ -154,7 +154,9 @@ static DSA_METHOD atalla_dsa =
        NULL, /* init */
        NULL, /* finish */
        0, /* flags */
-       NULL /* app_data */
+       NULL, /* app_data */
+       NULL, /* dsa_paramgen */
+       NULL /* dsa_keygen */
        };
 #endif
 
@@ -169,6 +171,7 @@ static DH_METHOD atalla_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif

diff --git a/engines/e_cswift.c b/engines/e_cswift.c
index d3bd9c657d7bdc06d9a4b7b860f90e42e395a7eb..28a51d1bfd5b57d484ff1ba74e62098d3bc9503d 100644 (file)
--- a/engines/e_cswift.c
+++ b/engines/e_cswift.c
@@ -172,7 +172,9 @@ static DSA_METHOD cswift_dsa =
        NULL, /* init */
        NULL, /* finish */
        0, /* flags */
-       NULL /* app_data */
+       NULL, /* app_data */
+       NULL, /* dsa_paramgen */
+       NULL /* dsa_keygen */
        };
 #endif
 
@@ -187,6 +189,7 @@ static DH_METHOD cswift_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif

diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c
index 8e8344379e73752236b116fc1a81fa7d64357022..bf95ca8612e7324a45f0dea0a47c27e98fe6b0a7 100644 (file)
--- a/engines/e_ncipher.c
+++ b/engines/e_ncipher.c
@@ -201,6 +201,7 @@ static DH_METHOD hwcrhk_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif

diff --git a/engines/e_nuron.c b/engines/e_nuron.c
index 2d3f84b041674780c424a4085b9e29446a462c30..f9c3795033354e68ce4fcde21f5b942a01cdaef1 100644 (file)
--- a/engines/e_nuron.c
+++ b/engines/e_nuron.c
@@ -287,7 +287,9 @@ static DSA_METHOD nuron_dsa =
        NULL, /* init */
        NULL, /* finish */
        0, /* flags */
-       NULL /* app_data */
+       NULL, /* app_data */
+       NULL, /* dsa_paramgen */
+       NULL /* dsa_keygen */
        };
 #endif
 
@@ -301,6 +303,7 @@ static DH_METHOD nuron_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif

diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index ee7182cd0c730f895a4017e34cfe3e3b3fa07c76..cae8bf48565cb751edde54c9c3e78332b9449d3f 100644 (file)
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -145,7 +145,8 @@ static DH_METHOD surewarehk_dh =
        NULL, /* init*/
        NULL, /* finish*/
        0,    /* flags*/
-       NULL 
+       NULL,
+       NULL
        };
 #endif
 
@@ -194,6 +195,8 @@ static DSA_METHOD surewarehk_dsa =
        NULL,/*finish*/
        0,
        NULL,
+       NULL,
+       NULL
        };
 #endif
 

diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c
index afb0c9ece6618249abcf68aeede471fe780c92ac..02927d7b387c733a0d885e2086f4b25be6b6060f 100644 (file)
--- a/engines/e_ubsec.c
+++ b/engines/e_ubsec.c
@@ -162,7 +162,9 @@ static DSA_METHOD ubsec_dsa =
        NULL, /* init */
        NULL, /* finish */
        0, /* flags */
-       NULL /* app_data */
+       NULL, /* app_data */
+       NULL, /* dsa_paramgen */
+       NULL /* dsa_keygen */
        };
 #endif
 
@@ -177,6 +179,7 @@ static DH_METHOD ubsec_dh =
        NULL,
        NULL,
        0,
+       NULL,
        NULL
        };
 #endif