From 835475a2d61e93fb5a698ae466130e342fff4d15 Mon Sep 17 00:00:00 2001
From: Geoff Thorpe <geoff@openssl.org>
Date: Mon, 29 May 2000 11:07:38 +0000
Subject: [PATCH] Tie DSA into the engine framework as with RSA and DH so far.
I've verified this integration with a web-server using CryptoSwift engine
code with RSA and DSA certificates (and with EDH cipher suites).
---
crypto/dsa/dsa.h | 16 +++++++-
crypto/dsa/dsa_lib.c | 73 +++++++++++++++++++++++++++++-----
crypto/dsa/dsa_ossl.c | 5 ++-
crypto/dsa/dsa_sign.c | 5 ++-
crypto/dsa/dsa_vrf.c | 3 +-
crypto/engine/engine_openssl.c | 2 +-
6 files changed, 85 insertions(+), 19 deletions(-)
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index ca301c533..4339d6ada 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -130,7 +130,11 @@ struct dsa_st
char *method_mont_p;
int references;
CRYPTO_EX_DATA ex_data;
+#if 0
DSA_METHOD *meth;
+#else
+ struct engine_st *handle;
+#endif
};
#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
@@ -156,12 +160,20 @@ int DSA_do_verify(const unsigned char *dgst,int dgst_len,
DSA_METHOD *DSA_OpenSSL(void);
-void DSA_set_default_method(DSA_METHOD *);
-DSA_METHOD *DSA_get_default_method(void);
+void DSA_set_default_openssl_method(DSA_METHOD *);
+DSA_METHOD *DSA_get_default_openssl_method(void);
+#if 0
DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *);
+#else
+int DSA_set_method(DSA *dsa, struct engine_st *);
+#endif
DSA * DSA_new(void);
+#if 0
DSA * DSA_new_method(DSA_METHOD *meth);
+#else
+DSA * DSA_new_method(struct engine_st *handle);
+#endif
int DSA_size(DSA *);
/* next 4 return -1 on error */
int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 9c106b2b1..a7113c828 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -63,6 +63,7 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/asn1.h>
+#include <openssl/engine.h>
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
@@ -70,12 +71,26 @@ static DSA_METHOD *default_DSA_method;
static int dsa_meth_num = 0;
static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
-void DSA_set_default_method(DSA_METHOD *meth)
+void DSA_set_default_openssl_method(DSA_METHOD *meth)
{
- default_DSA_method = meth;
+ ENGINE *e;
+ /* We'll need to notify the "openssl" ENGINE of this
+ * change too. We won't bother locking things down at
+ * our end as there was never any locking in these
+ * functions! */
+ if(default_DSA_method != meth)
+ {
+ default_DSA_method = meth;
+ e = ENGINE_by_id("openssl");
+ if(e)
+ {
+ ENGINE_set_DSA(e, meth);
+ ENGINE_free(e);
+ }
+ }
}
-DSA_METHOD *DSA_get_default_method(void)
+DSA_METHOD *DSA_get_default_openssl_method(void)
{
if(!default_DSA_method) default_DSA_method = DSA_OpenSSL();
return default_DSA_method;
@@ -86,6 +101,7 @@ DSA *DSA_new(void)
return DSA_new_method(NULL);
}
+#if 0
DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
{
DSA_METHOD *mtmp;
@@ -95,10 +111,33 @@ DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth)
if (meth->init) meth->init(dsa);
return mtmp;
}
-
-
-DSA *DSA_new_method(DSA_METHOD *meth)
+#else
+int DSA_set_method(DSA *dsa, ENGINE *h)
{
+ ENGINE *mtmp;
+ DSA_METHOD *meth;
+ mtmp = dsa->handle;
+ meth = ENGINE_get_DSA(mtmp);
+ if (!ENGINE_init(h))
+ return 0;
+ if (meth->finish) meth->finish(dsa);
+ dsa->handle = h;
+ meth = ENGINE_get_DSA(h);
+ if (meth->init) meth->init(dsa);
+ /* SHOULD ERROR CHECK THIS!!! */
+ ENGINE_finish(mtmp);
+ return 1;
+ }
+#endif
+
+
+#if 0
+DSA *DSA_new_method(DSA_METHOD *meth)
+#else
+DSA *DSA_new_method(ENGINE *handle)
+#endif
+ {
+ DSA_METHOD *meth;
DSA *ret;
ret=(DSA *)Malloc(sizeof(DSA));
@@ -107,8 +146,17 @@ DSA *DSA_new_method(DSA_METHOD *meth)
DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
- if(meth) ret->meth = meth;
- else ret->meth = DSA_get_default_method();
+ if(handle)
+ ret->handle = handle;
+ else
+ {
+ if((ret->handle=ENGINE_get_default_DSA()) == NULL)
+ {
+ Free(ret);
+ return NULL;
+ }
+ }
+ meth = ENGINE_get_DSA(ret->handle);
ret->pad=0;
ret->version=0;
ret->write_params=1;
@@ -124,8 +172,8 @@ DSA *DSA_new_method(DSA_METHOD *meth)
ret->method_mont_p=NULL;
ret->references=1;
- ret->flags=ret->meth->flags;
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+ ret->flags=meth->flags;
+ if ((meth->init != NULL) && !meth->init(ret))
{
Free(ret);
ret=NULL;
@@ -138,6 +186,7 @@ DSA *DSA_new_method(DSA_METHOD *meth)
void DSA_free(DSA *r)
{
+ DSA_METHOD *meth;
int i;
if (r == NULL) return;
@@ -157,7 +206,9 @@ void DSA_free(DSA *r)
CRYPTO_free_ex_data(dsa_meth, r, &r->ex_data);
- if(r->meth->finish) r->meth->finish(r);
+ meth = ENGINE_get_DSA(r->handle);
+ if(meth->finish) meth->finish(r);
+ ENGINE_finish(r->handle);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index b51cf6ad8..64f5c12ab 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -64,6 +64,7 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#include <openssl/engine.h>
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -195,7 +196,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
}
/* Compute r = (g^k mod p) mod q */
- if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+ if (!ENGINE_get_DSA(dsa->handle)->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
@@ -273,7 +274,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
#else
{
- if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+ if (!ENGINE_get_DSA(dsa->handle)->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
dsa->p,ctx,mont)) goto err;
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 89205026f..de909f884 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -64,10 +64,11 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#include <openssl/engine.h>
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
- return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+ return ENGINE_get_DSA(dsa->handle)->dsa_do_sign(dgst, dlen, dsa);
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
@@ -87,6 +88,6 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
- return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+ return ENGINE_get_DSA(dsa->handle)->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
}
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index 03277f80f..b82dd4421 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -65,11 +65,12 @@
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
+#include <openssl/engine.h>
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
{
- return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+ return ENGINE_get_DSA(dsa->handle)->dsa_do_verify(dgst, dgst_len, sig, dsa);
}
/* data has already been hashed (probably with SHA or SHA-1). */
diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c
index 70512cb85..0747f1058 100644
--- a/crypto/engine/engine_openssl.c
+++ b/crypto/engine/engine_openssl.c
@@ -101,7 +101,7 @@ ENGINE *ENGINE_openssl()
/* We need to populate our structure with the software pointers
* that we want to steal. */
engine_openssl.rsa_meth = RSA_get_default_openssl_method();
- engine_openssl.dsa_meth = DSA_get_default_method();
+ engine_openssl.dsa_meth = DSA_get_default_openssl_method();
engine_openssl.dh_meth = DH_get_default_openssl_method();
engine_openssl.rand_meth = RAND_SSLeay();
engine_openssl.bn_mod_exp = BN_mod_exp;