From 835475a2d61e93fb5a698ae466130e342fff4d15 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Mon, 29 May 2000 11:07:38 +0000 Subject: [PATCH] Tie DSA into the engine framework as with RSA and DH so far. I've verified this integration with a web-server using CryptoSwift engine code with RSA and DSA certificates (and with EDH cipher suites). --- crypto/dsa/dsa.h | 16 +++++++- crypto/dsa/dsa_lib.c | 67 ++++++++++++++++++++++++++++++---- crypto/dsa/dsa_ossl.c | 5 ++- crypto/dsa/dsa_sign.c | 5 ++- crypto/dsa/dsa_vrf.c | 3 +- crypto/engine/engine_openssl.c | 2 +- 6 files changed, 82 insertions(+), 16 deletions(-) diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index ca301c5336..4339d6adac 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -130,7 +130,11 @@ struct dsa_st char *method_mont_p; int references; CRYPTO_EX_DATA ex_data; +#if 0 DSA_METHOD *meth; +#else + struct engine_st *handle; +#endif }; #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ @@ -156,12 +160,20 @@ int DSA_do_verify(const unsigned char *dgst,int dgst_len, DSA_METHOD *DSA_OpenSSL(void); -void DSA_set_default_method(DSA_METHOD *); -DSA_METHOD *DSA_get_default_method(void); +void DSA_set_default_openssl_method(DSA_METHOD *); +DSA_METHOD *DSA_get_default_openssl_method(void); +#if 0 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *); +#else +int DSA_set_method(DSA *dsa, struct engine_st *); +#endif DSA * DSA_new(void); +#if 0 DSA * DSA_new_method(DSA_METHOD *meth); +#else +DSA * DSA_new_method(struct engine_st *handle); +#endif int DSA_size(DSA *); /* next 4 return -1 on error */ int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 9c106b2b16..a7113c828c 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -63,6 +63,7 @@ #include #include #include +#include const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; @@ -70,12 +71,26 @@ static DSA_METHOD *default_DSA_method; static int dsa_meth_num = 0; static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL; -void DSA_set_default_method(DSA_METHOD *meth) +void DSA_set_default_openssl_method(DSA_METHOD *meth) { - default_DSA_method = meth; + ENGINE *e; + /* We'll need to notify the "openssl" ENGINE of this + * change too. We won't bother locking things down at + * our end as there was never any locking in these + * functions! */ + if(default_DSA_method != meth) + { + default_DSA_method = meth; + e = ENGINE_by_id("openssl"); + if(e) + { + ENGINE_set_DSA(e, meth); + ENGINE_free(e); + } + } } -DSA_METHOD *DSA_get_default_method(void) +DSA_METHOD *DSA_get_default_openssl_method(void) { if(!default_DSA_method) default_DSA_method = DSA_OpenSSL(); return default_DSA_method; @@ -86,6 +101,7 @@ DSA *DSA_new(void) return DSA_new_method(NULL); } +#if 0 DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth) { DSA_METHOD *mtmp; @@ -95,10 +111,33 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth) if (meth->init) meth->init(dsa); return mtmp; } +#else +int DSA_set_method(DSA *dsa, ENGINE *h) + { + ENGINE *mtmp; + DSA_METHOD *meth; + mtmp = dsa->handle; + meth = ENGINE_get_DSA(mtmp); + if (!ENGINE_init(h)) + return 0; + if (meth->finish) meth->finish(dsa); + dsa->handle = h; + meth = ENGINE_get_DSA(h); + if (meth->init) meth->init(dsa); + /* SHOULD ERROR CHECK THIS!!! */ + ENGINE_finish(mtmp); + return 1; + } +#endif +#if 0 DSA *DSA_new_method(DSA_METHOD *meth) +#else +DSA *DSA_new_method(ENGINE *handle) +#endif { + DSA_METHOD *meth; DSA *ret; ret=(DSA *)Malloc(sizeof(DSA)); @@ -107,8 +146,17 @@ DSA *DSA_new_method(DSA_METHOD *meth) DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } - if(meth) ret->meth = meth; - else ret->meth = DSA_get_default_method(); + if(handle) + ret->handle = handle; + else + { + if((ret->handle=ENGINE_get_default_DSA()) == NULL) + { + Free(ret); + return NULL; + } + } + meth = ENGINE_get_DSA(ret->handle); ret->pad=0; ret->version=0; ret->write_params=1; @@ -124,8 +172,8 @@ DSA *DSA_new_method(DSA_METHOD *meth) ret->method_mont_p=NULL; ret->references=1; - ret->flags=ret->meth->flags; - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + ret->flags=meth->flags; + if ((meth->init != NULL) && !meth->init(ret)) { Free(ret); ret=NULL; @@ -138,6 +186,7 @@ DSA *DSA_new_method(DSA_METHOD *meth) void DSA_free(DSA *r) { + DSA_METHOD *meth; int i; if (r == NULL) return; @@ -157,7 +206,9 @@ void DSA_free(DSA *r) CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data); - if(r->meth->finish) r->meth->finish(r); + meth = ENGINE_get_DSA(r->handle); + if(meth->finish) meth->finish(r); + ENGINE_finish(r->handle); if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index b51cf6ad8d..64f5c12ab7 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -64,6 +64,7 @@ #include #include #include +#include static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); @@ -195,7 +196,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) } /* Compute r = (g^k mod p) mod q */ - if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, + if (!ENGINE_get_DSA(dsa->handle)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, (BN_MONT_CTX *)dsa->method_mont_p)) goto err; if (!BN_mod(r,r,dsa->q,ctx)) goto err; @@ -273,7 +274,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; #else { - if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, + if (!ENGINE_get_DSA(dsa->handle)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, dsa->p,ctx,mont)) goto err; /* BN_copy(&u1,&t1); */ /* let u1 = u1 mod q */ diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 89205026f0..de909f8840 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -64,10 +64,11 @@ #include #include #include +#include DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { - return dsa->meth->dsa_do_sign(dgst, dlen, dsa); + return ENGINE_get_DSA(dsa->handle)->dsa_do_sign(dgst, dlen, dsa); } int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, @@ -87,6 +88,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { - return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); + return ENGINE_get_DSA(dsa->handle)->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 03277f80fd..b82dd4421d 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -65,11 +65,12 @@ #include #include #include +#include int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { - return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); + return ENGINE_get_DSA(dsa->handle)->dsa_do_verify(dgst, dgst_len, sig, dsa); } /* data has already been hashed (probably with SHA or SHA-1). */ diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c index 70512cb851..0747f1058c 100644 --- a/crypto/engine/engine_openssl.c +++ b/crypto/engine/engine_openssl.c @@ -101,7 +101,7 @@ ENGINE *ENGINE_openssl() /* We need to populate our structure with the software pointers * that we want to steal. */ engine_openssl.rsa_meth = RSA_get_default_openssl_method(); - engine_openssl.dsa_meth = DSA_get_default_method(); + engine_openssl.dsa_meth = DSA_get_default_openssl_method(); engine_openssl.dh_meth = DH_get_default_openssl_method(); engine_openssl.rand_meth = RAND_SSLeay(); engine_openssl.bn_mod_exp = BN_mod_exp; -- 2.25.1