Commit 0e4aa0d2 authored by Geoff Thorpe's avatar Geoff Thorpe
Browse files

As with RSA, which was modified recently, this change makes it possible to 

override key-generation implementations by placing handlers in the methods
for DSA and DH. Also, parameter generation for DSA and DH is possible by
another new handler for each method.
parent 08cb96bb

CHANGES

+6 −0
Original line number Diff line number Diff line
@@ -4,6 +4,12 @@ 


 Changes between 0.9.7 and 0.9.8  [xx XXX xxxx]



  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD

     and DH_METHOD (eg. by ENGINE implementations) to override the normal

     software implementations. For DSA and DH, parameter generation can

     also be overriden by providing the appropriate method callbacks.

     [Geoff Thorpe]



  *) Change the "progress" mechanism used in key-generation and

     primality testing to functions that take a new BN_GENCB pointer in

     place of callback/argument pairs. The new API functions have "_ex"

crypto/dh/dh.h

+2 −0
Original line number Diff line number Diff line
@@ -91,6 +91,8 @@ typedef struct dh_method { 
	int (*finish)(DH *dh);

	int flags;

	char *app_data;

	/* If this is non-NULL, it will be used to generate parameters */

	int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);

} DH_METHOD;



struct dh_st

crypto/dh/dh_gen.c

+10 −1
Original line number Diff line number Diff line
@@ -66,6 +66,15 @@ 
#include <openssl/bn.h>

#include <openssl/dh.h>



static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);



int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)

	{

	if(ret->meth->generate_params)

		return ret->meth->generate_params(ret, prime_len, generator, cb);

	return dh_builtin_genparams(ret, prime_len, generator, cb);

	}



/* We generate DH parameters as follows

 * find a prime q which is prime_len/2 bits long.

 * p=(2*q)+1 or (p-1)/2 = q
@@ -91,7 +100,7 @@ 
 * It's just as OK (and in some sense better) to use a generator of the

 * order-q subgroup.

 */

int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)

static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)

	{

	BIGNUM *t1,*t2;

	int g,ok= -1;

crypto/dh/dh_key.c

+1 −0
Original line number Diff line number Diff line
@@ -90,6 +90,7 @@ dh_bn_mod_exp, 
dh_init,

dh_finish,

0,

NULL,

NULL

};

crypto/dsa/dsa.h

+7 −0
Original line number Diff line number Diff line
@@ -110,6 +110,13 @@ typedef struct dsa_method { 
	int (*finish)(DSA *dsa);

	int flags;

	char *app_data;

	/* If this is non-NULL, it is used to generate DSA parameters */

	int (*dsa_paramgen)(DSA *dsa, int bits,

			unsigned char *seed, int seed_len,

			int *counter_ret, unsigned long *h_ret,

			BN_GENCB *cb);

	/* If this is non-NULL, it is used to generate DSA keys */

	int (*dsa_keygen)(DSA *dsa);

} DSA_METHOD;



struct dsa_st