As with RSA, which was modified recently, this change makes it possible to

override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method.
2003-01-15 02:01:55 +00:00
parent 08cb96bba2
commit 0e4aa0d2d2
15 changed files with 77 additions and 7 deletions
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -91,6 +91,8 @@ typedef struct dh_method {
 	int (*finish)(DH *dh);
 	int flags;
 	char *app_data;
+	/* If this is non-NULL, it will be used to generate parameters */
+	int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
 } DH_METHOD;

 struct dh_st
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -66,6 +66,15 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>

+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+	{
+	if(ret->meth->generate_params)
+		return ret->meth->generate_params(ret, prime_len, generator, cb);
+	return dh_builtin_genparams(ret, prime_len, generator, cb);
+	}
+
 /* We generate DH parameters as follows
 * find a prime q which is prime_len/2 bits long.
 * p=(2*q)+1 or (p-1)/2 = q
@@ -91,7 +100,7 @@
 * It's just as OK (and in some sense better) to use a generator of the
 * order-q subgroup.
 */
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
 	{
 	BIGNUM *t1,*t2;
 	int g,ok= -1;
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -90,6 +90,7 @@ dh_bn_mod_exp,
 dh_init,
 dh_finish,
 0,
+NULL,
 NULL
 };