Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
+ *) Change the "progress" mechanism used in key-generation and
+ primality testing to functions that take a new BN_GENCB pointer in
+ place of callback/argument pairs. The new API functions have "_ex"
+ postfixes and the older functions are reimplemented as wrappers for
+ the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
+ declarations of the old functions to help (graceful) attempts to
+ migrate to the new functions. Also, the new key-generation API
+ functions operate on a caller-supplied key-structure and return
+ success/failure rather than returning a key or NULL - this is to
+ help make "keygen" another member function of RSA_METHOD etc.
+ [Geoff Thorpe]
+
*) Add the ASN.1 structures and functions for CertificatePair, which
is defined as follows (according to X.509_4thEditionDraftV6.pdf):
LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
- bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c
+ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
+ bn_depr.c
LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
- bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o
+ bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
+ bn_depr.o
SRC= $(LIBSRC)
int flags;
} BN_RECP_CTX;
+/* Used for slow "generation" functions. */
+typedef struct bn_gencb_st BN_GENCB;
+struct bn_gencb_st
+ {
+ unsigned int ver; /* To handle binary (in)compatibility */
+ void *arg; /* callback-specific data */
+ union
+ {
+ /* if(ver==1) - handles old style callbacks */
+ void (*cb_1)(int, int, void *);
+ /* if(ver==2) - new callback style */
+ int (*cb_2)(int, int, BN_GENCB *);
+ };
+ };
+/* Wrapper function to make using BN_GENCB easier, */
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+
#define BN_prime_checks 0 /* default: select number of iterations
based on the size of the number */
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
BIGNUM *BN_mod_sqrt(BIGNUM *ret,
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+
+/* Deprecated versions */
+#ifndef OPENSSL_NO_DEPRECATED
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
const BIGNUM *add, const BIGNUM *rem,
void (*callback)(int,int,void *),void *cb_arg);
int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
int do_trial_division);
+#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* Newer versions */
+int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
+ const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
+ int do_trial_division, BN_GENCB *cb);
BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
--- /dev/null
+/* crypto/bn/bn_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Support for deprecated functions goes here - static linkage will only slurp
+ * this code if applications are using them directly. */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem,
+ void (*callback)(int,int,void *), void *cb_arg)
+ {
+ BN_GENCB cb;
+ BIGNUM *rnd=NULL;
+ int found = 0;
+
+ cb.ver = 1;
+ cb.arg = cb_arg;
+ cb.cb_1 = callback;
+
+ if (ret == NULL)
+ {
+ if ((rnd=BN_new()) == NULL) goto err;
+ }
+ else
+ rnd=ret;
+ if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
+ goto err;
+
+ /* we have a prime :-) */
+ found = 1;
+err:
+ if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
+ return(found ? rnd : NULL);
+ }
+
+int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
+ BN_CTX *ctx_passed, void *cb_arg)
+ {
+ BN_GENCB cb;
+ cb.ver = 1;
+ cb.arg = cb_arg;
+ cb.cb_1 = callback;
+ return BN_is_prime_ex(a, checks, ctx_passed, &cb);
+ }
+
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+ void (*callback)(int,int,void *),
+ BN_CTX *ctx_passed, void *cb_arg,
+ int do_trial_division)
+ {
+ BN_GENCB cb;
+ cb.ver = 1;
+ cb.arg = cb_arg;
+ cb.cb_1 = callback;
+ return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
+ do_trial_division, &cb);
+ }
#include "bn_lcl.h"
#include <openssl/rand.h>
+/* NB: these functions have been "upgraded", the deprecated versions (which are
+ * compatibility wrappers using these functions) are in bn_depr.c.
+ * - Geoff
+ */
+
/* The quick sieve algorithm approach to weeding out primes is
* Philip Zimmermann's, as implemented in PGP. I have had a read of
* his comments and implemented my own version.
static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem,
- void (*callback)(int,int,void *), void *cb_arg)
+int BN_GENCB_call(BN_GENCB *cb, int a, int b)
+ {
+ /* No callback means continue */
+ if(!cb) return 1;
+ switch(cb->ver)
+ {
+ case 1:
+ /* Deprecated-style callbacks */
+ cb->cb_1(a, b, cb->arg);
+ return 1;
+ case 2:
+ /* New-style callbacks */
+ return cb->cb_2(a, b, cb);
+ default:
+ break;
+ }
+ /* Unrecognised callback type */
+ return 0;
+ }
+
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
{
- BIGNUM *rnd=NULL;
BIGNUM t;
int found=0;
int i,j,c1=0;
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
- if (ret == NULL)
- {
- if ((rnd=BN_new()) == NULL) goto err;
- }
- else
- rnd=ret;
BN_init(&t);
loop:
/* make a random number and set the top and bottom bits */
if (add == NULL)
{
- if (!probable_prime(rnd,bits)) goto err;
+ if (!probable_prime(ret,bits)) goto err;
}
else
{
if (safe)
{
- if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx))
+ if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
goto err;
}
else
{
- if (!probable_prime_dh(rnd,bits,add,rem,ctx))
+ if (!probable_prime_dh(ret,bits,add,rem,ctx))
goto err;
}
}
- /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
- if (callback != NULL) callback(0,c1++,cb_arg);
+ /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
+ if(!BN_GENCB_call(cb, 0, c1++))
+ /* aborted */
+ goto err;
if (!safe)
{
- i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0);
+ i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
if (i == -1) goto err;
if (i == 0) goto loop;
}
* check that (p-1)/2 is prime.
* Since a prime is odd, We just
* need to divide by 2 */
- if (!BN_rshift1(&t,rnd)) goto err;
+ if (!BN_rshift1(&t,ret)) goto err;
for (i=0; i<checks; i++)
{
- j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0);
+ j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
if (j == -1) goto err;
if (j == 0) goto loop;
- j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0);
+ j=BN_is_prime_fasttest_ex(&t,1,ctx,0,cb);
if (j == -1) goto err;
if (j == 0) goto loop;
- if (callback != NULL) callback(2,c1-1,cb_arg);
+ if(!BN_GENCB_call(cb, 2, c1-1))
+ goto err;
/* We have a safe prime test pass */
}
}
/* we have a prime :-) */
found = 1;
err:
- if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
BN_free(&t);
if (ctx != NULL) BN_CTX_free(ctx);
- return(found ? rnd : NULL);
+ return found;
}
-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg)
+int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
{
- return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0);
+ return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
}
-int BN_is_prime_fasttest(const BIGNUM *a, int checks,
- void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg,
- int do_trial_division)
+int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+ int do_trial_division, BN_GENCB *cb)
{
int i, j, ret = -1;
int k;
for (i = 1; i < NUMPRIMES; i++)
if (BN_mod_word(a, primes[i]) == 0)
return 0;
- if (callback != NULL) callback(1, -1, cb_arg);
+ if(!BN_GENCB_call(cb, 1, -1))
+ goto err;
}
if (ctx_passed != NULL)
ret=0;
goto err;
}
- if (callback != NULL) callback(1,i,cb_arg);
+ if(!BN_GENCB_call(cb, 1, i))
+ goto err;
}
ret=1;
err:
*
*/
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
-LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o
SRC= $(LIBSRC)
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int DH_set_ex_data(DH *d, int idx, void *arg);
void *DH_get_ex_data(DH *d, int idx);
+
+/* Deprecated version */
+#ifndef OPENSSL_NO_DEPRECATED
DH * DH_generate_parameters(int prime_len,int generator,
void (*callback)(int,int,void *),void *cb_arg);
+#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* New version */
+int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
+
int DH_check(const DH *dh,int *codes);
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
else
*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
- if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
+ if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
*ret|=DH_CHECK_P_NOT_PRIME;
else
{
if (!BN_rshift1(q,dh->p)) goto err;
- if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
+ if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
*ret|=DH_CHECK_P_NOT_SAFE_PRIME;
}
ok=1;
--- /dev/null
+/* crypto/dh/dh_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/* This file contains deprecated functions as wrappers to the new ones */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback)(int,int,void *), void *cb_arg)
+ {
+ BN_GENCB cb;
+ DH *ret=NULL;
+
+ if((ret=DH_new()) == NULL)
+ return NULL;
+
+ cb.ver = 1;
+ cb.arg = cb_arg;
+ cb.cb_1 = callback;
+
+ if(DH_generate_parameters_ex(ret, prime_len, generator, &cb))
+ return ret;
+ DH_free(ret);
+ return NULL;
+ }
* [including the GNU Public Licence.]
*/
+/* NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones.
+ * - Geoff
+ */
+
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
* It's just as OK (and in some sense better) to use a generator of the
* order-q subgroup.
*/
-DH *DH_generate_parameters(int prime_len, int generator,
- void (*callback)(int,int,void *), void *cb_arg)
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
{
- BIGNUM *p=NULL,*t1,*t2;
- DH *ret=NULL;
+ BIGNUM *t1,*t2;
int g,ok= -1;
BN_CTX *ctx=NULL;
- ret=DH_new();
- if (ret == NULL) goto err;
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
BN_CTX_start(ctx);
t1 = BN_CTX_get(ctx);
t2 = BN_CTX_get(ctx);
if (t1 == NULL || t2 == NULL) goto err;
+
+ /* Make sure 'ret' has the necessary elements */
+ if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
+ if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
if (generator <= 1)
{
g=generator;
}
- p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
- if (p == NULL) goto err;
- if (callback != NULL) callback(3,0,cb_arg);
- ret->p=p;
- ret->g=BN_new();
+ if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
+ if(!BN_GENCB_call(cb, 3, 0)) goto err;
if (!BN_set_word(ret->g,g)) goto err;
ok=1;
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
- if (!ok && (ret != NULL))
- {
- DH_free(ret);
- ret=NULL;
- }
- return(ret);
+ return ok;
}
* [including the GNU Public Licence.]
*/
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
LIB=$(TOP)/libcrypto.a
LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
- dsa_err.c dsa_ossl.c
+ dsa_err.c dsa_ossl.c dsa_depr.c
LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
- dsa_err.o dsa_ossl.o
+ dsa_err.o dsa_ossl.o dsa_depr.o
SRC= $(LIBSRC)
DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+/* Deprecated version */
+#ifndef OPENSSL_NO_DEPRECATED
DSA * DSA_generate_parameters(int bits,
unsigned char *seed,int seed_len,
int *counter_ret, unsigned long *h_ret,void
(*callback)(int, int, void *),void *cb_arg);
+#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* New version */
+int DSA_generate_parameters_ex(DSA *dsa, int bits,
+ unsigned char *seed,int seed_len,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
int DSA_generate_key(DSA *a);
int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
--- /dev/null
+/* crypto/dsa/dsa_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* This file contains deprecated function(s) that are now wrappers to the new
+ * version(s). */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/* Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
+#define HASH EVP_sha()
+#else
+/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
+ * FIPS PUB 180-1) */
+#define HASH EVP_sha1()
+#endif
+
+#ifndef OPENSSL_NO_SHA
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+DSA *DSA_generate_parameters(int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ void (*callback)(int, int, void *),
+ void *cb_arg)
+ {
+ BN_GENCB cb;
+ DSA *ret;
+
+ if ((ret=DSA_new()) == NULL) return NULL;
+
+ cb.ver = 1;
+ cb.arg = cb_arg;
+ cb.cb_1 = callback;
+
+ if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
+ counter_ret, h_ret, &cb))
+ return ret;
+ DSA_free(ret);
+ return NULL;
+ }
+#endif
#include <openssl/rand.h>
#include <openssl/sha.h>
-DSA *DSA_generate_parameters(int bits,
+int DSA_generate_parameters_ex(DSA *ret, int bits,
unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret,
- void (*callback)(int, int, void *),
- void *cb_arg)
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
{
int ok=0;
unsigned char seed[SHA_DIGEST_LENGTH];
int r=0;
BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
unsigned int h=2;
- DSA *ret=NULL;
if (bits < 512) bits=512;
bits=(bits+63)/64*64;
if ((ctx=BN_CTX_new()) == NULL) goto err;
if ((ctx2=BN_CTX_new()) == NULL) goto err;
if ((ctx3=BN_CTX_new()) == NULL) goto err;
- if ((ret=DSA_new()) == NULL) goto err;
if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
int seed_is_random;
/* step 1 */
- if (callback != NULL) callback(0,m++,cb_arg);
+ if(!BN_GENCB_call(cb, 0, m++))
+ goto err;
if (!seed_len)
{
if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
/* step 4 */
- r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
+ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx3,
+ seed_is_random, cb);
if (r > 0)
break;
if (r != 0)
/* step 5 */
}
- if (callback != NULL) callback(2,0,cb_arg);
- if (callback != NULL) callback(3,0,cb_arg);
+ if(!BN_GENCB_call(cb, 2, 0)) goto err;
+ if(!BN_GENCB_call(cb, 3, 0)) goto err;
/* step 6 */
counter=0;
for (;;)
{
- if (callback != NULL && counter != 0)
- callback(0,counter,cb_arg);
+ if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+ goto err;
/* step 7 */
BN_zero(W);
if (BN_cmp(p,test) >= 0)
{
/* step 11 */
- r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
+ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
+ ctx3, 1, cb);
if (r > 0)
goto end; /* found it */
if (r != 0)
}
}
end:
- if (callback != NULL) callback(2,1,cb_arg);
+ if(!BN_GENCB_call(cb, 2, 1))
+ goto err;
/* We now need to generate g */
/* Set r0=(p-1)/q */
h++;
}
- if (callback != NULL) callback(3,1,cb_arg);
+ if(!BN_GENCB_call(cb, 3, 1))
+ goto err;
ok=1;
err:
- if (!ok)
- {
- if (ret != NULL) DSA_free(ret);
- }
- else
+ if (ok)
{
+ if(ret->p) BN_free(ret->p);
+ if(ret->q) BN_free(ret->q);
+ if(ret->g) BN_free(ret->g);
ret->p=BN_dup(p);
ret->q=BN_dup(q);
ret->g=BN_dup(g);
}
if (ctx3 != NULL) BN_CTX_free(ctx3);
if (mont != NULL) BN_MONT_CTX_free(mont);
- return(ok?ret:NULL);
+ return ok;
}
#endif
* [including the GNU Public Licence.]
*/
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
/* Curve P-192 (FIPS PUB 186-2, App. 6) */
if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
- if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
/* Curve P-224 (FIPS PUB 186-2, App. 6) */
if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
- if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
/* Curve P-256 (FIPS PUB 186-2, App. 6) */
if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
- if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
- if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
- if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
*
*/
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
size_t crv_len = 0, n = 0;
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
unsigned char digest[20], wrong_digest[20];
- unsigned char *signature;
+ unsigned char *signature = NULL;
unsigned int sig_len;
int nid, ret = 0;
LIB=$(TOP)/libcrypto.a
LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
- rsa_asn1.c
+ rsa_asn1.c rsa_depr.c
LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
- rsa_asn1.o
+ rsa_asn1.o rsa_depr.o
SRC= $(LIBSRC)
RSA * RSA_new(void);
RSA * RSA_new_method(ENGINE *engine);
int RSA_size(const RSA *);
+
+/* Deprecated version */
+#ifndef OPENSSL_NO_DEPRECATED
RSA * RSA_generate_key(int bits, unsigned long e,void
(*callback)(int,int,void *),void *cb_arg);
+#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* New version */
+int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e, BN_GENCB *cb);
+
int RSA_check_key(const RSA *);
/* next 4 return -1 on error */
int RSA_public_encrypt(int flen, const unsigned char *from,
}
/* p prime? */
- r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
+ r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
if (r != 1)
{
ret = r;
}
/* q prime? */
- r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
+ r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
if (r != 1)
{
ret = r;
--- /dev/null
+/* crypto/rsa/rsa_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NB: This file contains deprecated functions (compatibility wrappers to the
+ * "new" versions). */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+RSA *RSA_generate_key(int bits, unsigned long e_value,
+ void (*callback)(int,int,void *), void *cb_arg)
+ {
+ BN_GENCB cb;
+ RSA *rsa;
+
+ if((rsa=RSA_new()) == NULL)
+ return 0;
+
+ cb.ver = 1;
+ cb.arg = cb_arg;
+ cb.cb_1 = callback;
+
+ if(RSA_generate_key_ex(rsa, bits, e_value, &cb))
+ return rsa;
+ RSA_free(rsa);
+ return 0;
+ }
+
* [including the GNU Public Licence.]
*/
+
+/* NB: these functions have been "upgraded", the deprecated versions (which are
+ * compatibility wrappers using these functions) are in rsa_depr.c.
+ * - Geoff
+ */
+
#include <stdio.h>
#include <time.h>
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
-RSA *RSA_generate_key(int bits, unsigned long e_value,
- void (*callback)(int,int,void *), void *cb_arg)
+int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb)
{
- RSA *rsa=NULL;
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
int bitsp,bitsq,ok= -1,n=0,i;
BN_CTX *ctx=NULL,*ctx2=NULL;
bitsp=(bits+1)/2;
bitsq=bits-bitsp;
- rsa=RSA_new();
- if (rsa == NULL) goto err;
- /* set e */
- rsa->e=BN_new();
- if (rsa->e == NULL) goto err;
+ /* We need the RSA components non-NULL */
+ if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
+ if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
+ if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
+ if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
+ if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
+ if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
+ if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
+ if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
#if 1
/* The problem is when building with 8, 16, or 32 BN_ULONG,
/* generate p and q */
for (;;)
{
- rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
- if (rsa->p == NULL) goto err;
+ if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
+ goto err;
if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
if (BN_is_one(r1)) break;
- if (callback != NULL) callback(2,n++,cb_arg);
- BN_free(rsa->p);
+ if(!BN_GENCB_call(cb, 2, n++))
+ goto err;
}
- if (callback != NULL) callback(3,0,cb_arg);
+ if(!BN_GENCB_call(cb, 3, 0))
+ goto err;
for (;;)
{
- rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
- if (rsa->q == NULL) goto err;
+ if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+ goto err;
if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
break;
- if (callback != NULL) callback(2,n++,cb_arg);
- BN_free(rsa->q);
+ if(!BN_GENCB_call(cb, 2, n++))
+ goto err;
}
- if (callback != NULL) callback(3,1,cb_arg);
+ if(!BN_GENCB_call(cb, 3, 1))
+ goto err;
if (BN_cmp(rsa->p,rsa->q) < 0)
{
tmp=rsa->p;
}
/* calculate n */
- rsa->n=BN_new();
- if (rsa->n == NULL) goto err;
if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
/* calculate d */
BN_CTX_end(ctx);
BN_CTX_free(ctx);
BN_CTX_free(ctx2);
-
- if (!ok)
- {
- if (rsa != NULL) RSA_free(rsa);
- return(NULL);
- }
- else
- return(rsa);
+
+ return ok;
}
{
if (rsa_tmp == NULL)
{
+ rsa_tmp = RSA_new();
+ if(!rsa_tmp)
+ {
+ BIO_printf(bio_err, "Memory error...");
+ goto end;
+ }
BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
(void)BIO_flush(bio_err);
- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+ if(!RSA_generate_key_ex(rsa_tmp,keylength,RSA_F4,NULL))
+ {
+ BIO_printf(bio_err, "Error generating key.", keylength);
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+end:
BIO_printf(bio_err,"\n");
(void)BIO_flush(bio_err);
}