Initial support for DH_METHOD. Also added a DH lock. A few changes made to (13066cee) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,11 @@

		Changes between 0.9.4 and 0.9.5 [xx XXX 1999]

		*) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
		a few extra parameters to the DH structure: these will be useful if
		for example we want the value of 'q' or implement X9.42 DH.
		[Steve Henson]

		*) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
		provides hooks that allow the default DSA functions or functions on a
		"per key" basis to be replaced. This allows hardware acceleration and

crypto/cryptlib.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -92,7 +92,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
		"getservbyname",
		"readdir",
		"RSA_blinding",
		#if CRYPTO_NUM_LOCKS != 24
		"dh",
		#if CRYPTO_NUM_LOCKS != 25
		# error "Inconsistency between crypto.h and cryptlib.c"
		#endif
		};

crypto/crypto.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -111,7 +111,8 @@ extern "C" {
		#define CRYPTO_LOCK_GETSERVBYNAME 21
		#define CRYPTO_LOCK_READDIR 22
		#define CRYPTO_LOCK_RSA_BLINDING 23
		#define CRYPTO_NUM_LOCKS 24
		#define CRYPTO_LOCK_DH 24
		#define CRYPTO_NUM_LOCKS 25

		#define CRYPTO_LOCK 1
		#define CRYPTO_UNLOCK 2

crypto/dh/dh.h

+41 −2

Original line number	Diff line number	Diff line
		@@ -68,10 +68,28 @@ extern "C" {
		#endif

		#include <openssl/bn.h>
		#include <openssl/crypto.h>

		#define DH_FLAG_CACHE_MONT_P 0x01

		typedef struct dh_st
		typedef struct dh_st DH;

		typedef struct dh_method {
		const char *name;
		/* Methods here */
		int (generate_key)(DH dh);
		int (compute_key)(unsigned char key,BIGNUM pub_key,DH dh);
		int (bn_mod_exp)(DH dh, BIGNUM r, BIGNUM a, const BIGNUM *p,
		const BIGNUM m, BN_CTX ctx,
		BN_MONT_CTX m_ctx); / Can be null */

		int (init)(DH dh);
		int (finish)(DH dh);
		int flags;
		char *app_data;
		} DH_METHOD;

		struct dh_st
		{
		/* This first argument is used to pick up errors when
		* a DH is passed instead of a EVP_PKEY */
		@@ -85,7 +103,17 @@ typedef struct dh_st

		int flags;
		char *method_mont_p;
		} DH;
		/* Place holders if we want to do X9.42 DH */
		BIGNUM *q;
		BIGNUM *j;
		unsigned *seed;
		int seedlen;
		BIGNUM *counter;

		int references;
		CRYPTO_EX_DATA ex_data;
		DH_METHOD *meth;
		};

		#define DH_GENERATOR_2 2
		/* #define DH_GENERATOR_3 3 */
		@@ -113,9 +141,20 @@ typedef struct dh_st
		(unsigned char *)(x))
		#endif

		DH_METHOD *DH_OpenSSL(void);

		void DH_set_default_method(DH_METHOD *meth);
		DH_METHOD *DH_get_default_method(void);
		DH_METHOD DH_set_method(DH dh, DH_METHOD *meth);
		DH DH_new_method(DH_METHOD meth);

		DH * DH_new(void);
		void DH_free(DH *dh);
		int DH_size(DH *dh);
		int DH_get_ex_new_index(long argl, char argp, int (new_func)(),
		int (dup_func)(), void (free_func)());
		int DH_set_ex_data(DH d, int idx, char arg);
		char DH_get_ex_data(DH d, int idx);
		DH * DH_generate_parameters(int prime_len,int generator,
		void (callback)(int,int,void ),void *cb_arg);
		int DH_check(DH dh,int codes);

crypto/dh/dh_key.c

+58 −3

Original line number	Diff line number	Diff line
		@@ -62,7 +62,41 @@
		#include <openssl/rand.h>
		#include <openssl/dh.h>

		static int generate_key(DH *dh);
		static int compute_key(unsigned char key, BIGNUM pub_key, DH *dh);
		static int dh_bn_mod_exp(DH dh, BIGNUM r, BIGNUM a, const BIGNUM p,
		const BIGNUM m, BN_CTX ctx,
		BN_MONT_CTX *m_ctx);
		static int dh_init(DH *dh);
		static int dh_finish(DH *dh);

		int DH_generate_key(DH *dh)
		{
		return dh->meth->generate_key(dh);
		}

		int DH_compute_key(unsigned char key, BIGNUM pub_key, DH *dh)
		{
		return dh->meth->compute_key(key, pub_key, dh);
		}

		static DH_METHOD dh_ossl = {
		"OpenSSL DH Method",
		generate_key,
		compute_key,
		dh_bn_mod_exp,
		dh_init,
		dh_finish,
		0,
		NULL
		};

		DH_METHOD *DH_OpenSSL(void)
		{
		return &dh_ossl;
		}

		static int generate_key(DH *dh)
		{
		int ok=0;
		unsigned int i;
		@@ -103,7 +137,8 @@ int DH_generate_key(DH *dh)
		}
		mont=(BN_MONT_CTX *)dh->method_mont_p;

		if (!BN_mod_exp_mont(pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
		if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
		goto err;

		dh->pub_key=pub_key;
		dh->priv_key=priv_key;
		@@ -118,7 +153,7 @@ err:
		return(ok);
		}

		int DH_compute_key(unsigned char key, BIGNUM pub_key, DH *dh)
		static int compute_key(unsigned char key, BIGNUM pub_key, DH *dh)
		{
		BN_CTX ctx;
		BN_MONT_CTX *mont;
		@@ -141,7 +176,7 @@ int DH_compute_key(unsigned char key, BIGNUM pub_key, DH *dh)
		}

		mont=(BN_MONT_CTX *)dh->method_mont_p;
		if (!BN_mod_exp_mont(tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
		if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
		{
		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
		goto err;
		@@ -152,3 +187,23 @@ err:
		BN_CTX_free(&ctx);
		return(ret);
		}

		static int dh_bn_mod_exp(DH dh, BIGNUM r, BIGNUM a, const BIGNUM p,
		const BIGNUM m, BN_CTX ctx,
		BN_MONT_CTX *m_ctx)
		{
		return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
		}

		static int dh_init(DH *dh)
		{
		dh->flags \|= DH_FLAG_CACHE_MONT_P;
		return(1);
		}

		static int dh_finish(DH *dh)
		{
		if(dh->method_mont_p)
		BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
		return(1);
		}