diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 19bd57030..8cad19e89 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -112,7 +112,11 @@ struct dh_st int references; CRYPTO_EX_DATA ex_data; +#if 0 DH_METHOD *meth; +#else + struct engine_st *handle; +#endif }; #define DH_GENERATOR_2 2 @@ -147,10 +151,15 @@ struct dh_st DH_METHOD *DH_OpenSSL(void); -void DH_set_default_method(DH_METHOD *meth); -DH_METHOD *DH_get_default_method(void); +void DH_set_default_openssl_method(DH_METHOD *meth); +DH_METHOD *DH_get_default_openssl_method(void); +#if 0 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); DH *DH_new_method(DH_METHOD *meth); +#else +int DH_set_method(DH *dh, struct engine_st *h); +DH *DH_new_method(struct engine_st *handle); +#endif DH * DH_new(void); void DH_free(DH *dh); diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 0c7eeaf26..d74441c1d 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -61,6 +61,7 @@ #include #include #include +#include static int generate_key(DH *dh); static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); @@ -72,12 +73,12 @@ static int dh_finish(DH *dh); int DH_generate_key(DH *dh) { - return dh->meth->generate_key(dh); + return ENGINE_get_DH(dh->handle)->generate_key(dh); } int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) { - return dh->meth->compute_key(key, pub_key, dh); + return ENGINE_get_DH(dh->handle)->compute_key(key, pub_key, dh); } static DH_METHOD dh_ossl = { @@ -137,8 +138,9 @@ static int generate_key(DH *dh) } mont=(BN_MONT_CTX *)dh->method_mont_p; - if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) - goto err; + if (!ENGINE_get_DH(dh->handle)->bn_mod_exp(dh, pub_key, dh->g, + priv_key,dh->p,&ctx,mont)) + goto err; dh->pub_key=pub_key; dh->priv_key=priv_key; @@ -177,7 +179,8 @@ static int compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh) } mont=(BN_MONT_CTX *)dh->method_mont_p; - if (!dh->meth->bn_mod_exp(dh, tmp,pub_key,dh->priv_key,dh->p,&ctx,mont)) + if (!ENGINE_get_DH(dh->handle)->bn_mod_exp(dh, tmp, pub_key, + dh->priv_key,dh->p,&ctx,mont)) { DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); goto err; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index be00ceee2..9a2462b94 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -60,6 +60,7 @@ #include "cryptlib.h" #include #include +#include const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; @@ -67,17 +68,32 @@ static DH_METHOD *default_DH_method; static int dh_meth_num = 0; static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL; -void DH_set_default_method(DH_METHOD *meth) +void DH_set_default_openssl_method(DH_METHOD *meth) { - default_DH_method = meth; + ENGINE *e; + /* We'll need to notify the "openssl" ENGINE of this + * change too. We won't bother locking things down at + * our end as there was never any locking in these + * functions! */ + if(default_DH_method != meth) + { + default_DH_method = meth; + e = ENGINE_by_id("openssl"); + if(e) + { + ENGINE_set_DH(e, meth); + ENGINE_free(e); + } + } } -DH_METHOD *DH_get_default_method(void) +DH_METHOD *DH_get_default_openssl_method(void) { if(!default_DH_method) default_DH_method = DH_OpenSSL(); return default_DH_method; } +#if 0 DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth) { DH_METHOD *mtmp; @@ -87,14 +103,37 @@ DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth) if (meth->init) meth->init(dh); return mtmp; } +#else +int DH_set_method(DH *dh, ENGINE *h) +{ + ENGINE *mtmp; + DH_METHOD *meth; + mtmp = dh->handle; + meth = ENGINE_get_DH(mtmp); + if (!ENGINE_init(h)) + return 0; + if (meth->finish) meth->finish(dh); + dh->handle = h; + meth = ENGINE_get_DH(h); + if (meth->init) meth->init(dh); + /* SHOULD ERROR CHECK THIS!!! */ + ENGINE_finish(mtmp); + return 1; +} +#endif DH *DH_new(void) { return DH_new_method(NULL); } +#if 0 DH *DH_new_method(DH_METHOD *meth) +#else +DH *DH_new_method(ENGINE *handle) +#endif { + DH_METHOD *meth; DH *ret; ret=(DH *)Malloc(sizeof(DH)); @@ -103,8 +142,17 @@ DH *DH_new_method(DH_METHOD *meth) DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } - if(meth) ret->meth = meth; - else ret->meth = DH_get_default_method(); + if(handle) + ret->handle = handle; + else + { + if((ret->handle=ENGINE_get_default_DH()) == NULL) + { + Free(ret); + return NULL; + } + } + meth = ENGINE_get_DH(ret->handle); ret->pad=0; ret->version=0; ret->p=NULL; @@ -119,8 +167,8 @@ DH *DH_new_method(DH_METHOD *meth) ret->counter = NULL; ret->method_mont_p=NULL; ret->references = 1; - ret->flags=ret->meth->flags; - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + ret->flags=meth->flags; + if ((meth->init != NULL) && !meth->init(ret)) { Free(ret); ret=NULL; @@ -132,6 +180,7 @@ DH *DH_new_method(DH_METHOD *meth) void DH_free(DH *r) { + DH_METHOD *meth; int i; if(r == NULL) return; i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); @@ -149,7 +198,9 @@ void DH_free(DH *r) CRYPTO_free_ex_data(dh_meth, r, &r->ex_data); - if(r->meth->finish) r->meth->finish(r); + meth = ENGINE_get_DH(r->handle); + if(meth->finish) meth->finish(r); + ENGINE_finish(r->handle); if (r->p != NULL) BN_clear_free(r->p); if (r->g != NULL) BN_clear_free(r->g); diff --git a/crypto/engine/engine_openssl.c b/crypto/engine/engine_openssl.c index 8ecd91a6a..70512cb85 100644 --- a/crypto/engine/engine_openssl.c +++ b/crypto/engine/engine_openssl.c @@ -102,7 +102,7 @@ ENGINE *ENGINE_openssl() * that we want to steal. */ engine_openssl.rsa_meth = RSA_get_default_openssl_method(); engine_openssl.dsa_meth = DSA_get_default_method(); - engine_openssl.dh_meth = DH_get_default_method(); + engine_openssl.dh_meth = DH_get_default_openssl_method(); engine_openssl.rand_meth = RAND_SSLeay(); engine_openssl.bn_mod_exp = BN_mod_exp; return &engine_openssl;