This hooks the DH code into the engine framework in the same way that has

already been done for RSA. The others (DSA + RAND) will probably follow
in the near future too, but DH is easiest to test with RSA because one
can just force the use of the EDH cipher-suites.

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 19bd570309eda8a602dde36fcb9bdc32d2586773..8cad19e89b6b65912256219c8ed6f9fff84fcd23 100644 (file)
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -112,7 +112,11 @@ struct dh_st
 
        int references;
        CRYPTO_EX_DATA ex_data;
+#if 0
        DH_METHOD *meth;
+#else
+       struct engine_st *handle;
+#endif
        };
 
 #define DH_GENERATOR_2         2
@@ -147,10 +151,15 @@ struct dh_st
 
 DH_METHOD *DH_OpenSSL(void);
 
-void DH_set_default_method(DH_METHOD *meth);
-DH_METHOD *DH_get_default_method(void);
+void DH_set_default_openssl_method(DH_METHOD *meth);
+DH_METHOD *DH_get_default_openssl_method(void);
+#if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth);
 DH *DH_new_method(DH_METHOD *meth);
+#else
+int DH_set_method(DH *dh, struct engine_st *h);
+DH *DH_new_method(struct engine_st *handle);
+#endif
 
 DH *   DH_new(void);
 void   DH_free(DH *dh);

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 0c7eeaf260b359e8a017cf7249f53bab239f80f0..d74441c1de6a5a6f0b2f8ef930f036e1ef4183d0 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -61,6 +61,7 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/dh.h>
+#include <openssl/engine.h>
 
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
@@ -72,12 +73,12 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
        {
-       return dh->meth->generate_key(dh);
+       return ENGINE_get_DH(dh->handle)->generate_key(dh);
        }
 
 int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
        {
-       return dh->meth->compute_key(key, pub_key, dh);
+       return ENGINE_get_DH(dh->handle)->compute_key(key, pub_key, dh);
        }
 
 static DH_METHOD dh_ossl = {
@@ -137,8 +138,9 @@ static int generate_key(DH *dh)
                }
        mont=(BN_MONT_CTX *)dh->method_mont_p;
 
-       if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
-                                                               goto err;
+       if (!ENGINE_get_DH(dh->handle)->bn_mod_exp(dh, pub_key, dh->g,
+                               priv_key,dh->p,&ctx,mont))
+               goto err;
                
        dh->pub_key=pub_key;
        dh->priv_key=priv_key;
@@ -177,7 +179,8 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh)
                }
 
        mont=(BN_MONT_CTX *)dh->method_mont_p;
-       if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
+       if (!ENGINE_get_DH(dh->handle)->bn_mod_exp(dh, tmp, pub_key,
+                               dh->priv_key,dh->p,&ctx,mont))
                {
                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
                goto err;

diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index be00ceee2ff294ef39922d4c37b6671db491ca55..9a2462b943e05553fa71b4c159e2c17028ce85d3 100644 (file)
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
+#include <openssl/engine.h>
 
 const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
@@ -67,17 +68,32 @@ static DH_METHOD *default_DH_method;
 static int dh_meth_num = 0;
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
 
-void DH_set_default_method(DH_METHOD *meth)
+void DH_set_default_openssl_method(DH_METHOD *meth)
 {
-       default_DH_method = meth;
+       ENGINE *e;
+       /* We'll need to notify the "openssl" ENGINE of this
+        * change too. We won't bother locking things down at
+        * our end as there was never any locking in these
+        * functions! */
+       if(default_DH_method != meth)
+               {
+               default_DH_method = meth;
+               e = ENGINE_by_id("openssl");
+               if(e)
+                       {
+                       ENGINE_set_DH(e, meth);
+                       ENGINE_free(e);
+                       }
+               }
 }
 
-DH_METHOD *DH_get_default_method(void)
+DH_METHOD *DH_get_default_openssl_method(void)
 {
        if(!default_DH_method) default_DH_method = DH_OpenSSL();
        return default_DH_method;
 }
 
+#if 0
 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
 {
         DH_METHOD *mtmp;
@@ -87,14 +103,37 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth)
         if (meth->init) meth->init(dh);
         return mtmp;
 }
+#else
+int DH_set_method(DH *dh, ENGINE *h)
+{
+       ENGINE *mtmp;
+       DH_METHOD *meth;
+       mtmp = dh->handle;
+       meth = ENGINE_get_DH(mtmp);
+       if (!ENGINE_init(h))
+               return 0;
+       if (meth->finish) meth->finish(dh);
+       dh->handle = h;
+       meth = ENGINE_get_DH(h);
+       if (meth->init) meth->init(dh);
+       /* SHOULD ERROR CHECK THIS!!! */
+       ENGINE_finish(mtmp);
+       return 1;
+}
+#endif
 
 DH *DH_new(void)
 {
        return DH_new_method(NULL);
 }
 
+#if 0
 DH *DH_new_method(DH_METHOD *meth)
+#else
+DH *DH_new_method(ENGINE *handle)
+#endif
        {
+       DH_METHOD *meth;
        DH *ret;
        ret=(DH *)Malloc(sizeof(DH));
 
@@ -103,8 +142,17 @@ DH *DH_new_method(DH_METHOD *meth)
                DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
-       if(meth) ret->meth = meth;
-       else ret->meth = DH_get_default_method();
+       if(handle)
+               ret->handle = handle;
+       else
+               {
+               if((ret->handle=ENGINE_get_default_DH()) == NULL)
+                       {
+                       Free(ret);
+                       return NULL;
+                       }
+               }
+       meth = ENGINE_get_DH(ret->handle);
        ret->pad=0;
        ret->version=0;
        ret->p=NULL;
@@ -119,8 +167,8 @@ DH *DH_new_method(DH_METHOD *meth)
        ret->counter = NULL;
        ret->method_mont_p=NULL;
        ret->references = 1;
-       ret->flags=ret->meth->flags;
-       if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+       ret->flags=meth->flags;
+       if ((meth->init != NULL) && !meth->init(ret))
                {
                Free(ret);
                ret=NULL;
@@ -132,6 +180,7 @@ DH *DH_new_method(DH_METHOD *meth)
 
 void DH_free(DH *r)
        {
+       DH_METHOD *meth;
        int i;
        if(r == NULL) return;
        i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
@@ -149,7 +198,9 @@ void DH_free(DH *r)
 
        CRYPTO_free_ex_data(dh_meth, r, &r->ex_data);
 
-       if(r->meth->finish) r->meth->finish(r);
+       meth = ENGINE_get_DH(r->handle);
+       if(meth->finish) meth->finish(r);
+       ENGINE_finish(r->handle);
 
        if (r->p != NULL) BN_clear_free(r->p);
        if (r->g != NULL) BN_clear_free(r->g);

diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c
index 8ecd91a6ac5155633f1f1fe4900559743508996b..70512cb8513a28cf8499fbd688839f66b8b9652d 100644 (file)
--- a/crypto/engine/engine_openssl.c
+++ b/crypto/engine/engine_openssl.c
@@ -102,7 +102,7 @@ ENGINE *ENGINE_openssl()
         * that we want to steal. */
        engine_openssl.rsa_meth = RSA_get_default_openssl_method();
        engine_openssl.dsa_meth = DSA_get_default_method();
-       engine_openssl.dh_meth = DH_get_default_method();
+       engine_openssl.dh_meth = DH_get_default_openssl_method();
        engine_openssl.rand_meth = RAND_SSLeay();
        engine_openssl.bn_mod_exp = BN_mod_exp;
        return &engine_openssl;