diff options
author | Geoff Thorpe <geoff@openssl.org> | 2001-09-25 20:00:51 +0000 |
---|---|---|
committer | Geoff Thorpe <geoff@openssl.org> | 2001-09-25 20:00:51 +0000 |
commit | b6d1e52d454bb321153c70cf763945d4b0d4f78e (patch) | |
tree | c13376b1794f1605a8f9e84ad9b74ca4dcf9177f /crypto/engine/eng_openssl.c | |
parent | f185e725a00a76cee0bcd0a3beb92a257d2b6325 (diff) |
This change replaces the ENGINE's underlying mechanics with the new
ENGINE_TABLE-based stuff - as described in crypto/engine/README.
Associated miscellaneous changes;
- the previous cipher/digest hooks that hardwired directly to EVP's
OBJ_NAME-based storage have been backed out. New cipher/digest support
has been constructed and will be committed shortly.
- each implementation defines its own ENGINE_load_<name> function now.
- the "openssl" ENGINE isn't needed or loaded any more.
- core (not algorithm or class specific) ENGINE code has been split into
multiple files to increase readability and decrease linker bloat.
- ENGINE_cpy() has been removed as it wasn't really a good idea in the
first place and now, because of registration issues, can't be
meaningfully defined any more.
- BN_MOD_EXP[_CRT] support is removed as per the README.
- a bug in enginetest.c has been fixed.
NB: This commit almost certainly breaks compilation until subsequent
changes are committed.
Diffstat (limited to 'crypto/engine/eng_openssl.c')
-rw-r--r-- | crypto/engine/eng_openssl.c | 81 |
1 files changed, 5 insertions, 76 deletions
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 7bf7b9d2b9..6def06582d 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -63,16 +63,9 @@ #include <openssl/engine.h> #include <openssl/dso.h> -/* This is the only function we need to implement as OpenSSL - * doesn't have a native CRT mod_exp. Perhaps this should be - * BN_mod_exp_crt and moved into crypto/bn/ ?? ... dunno. */ -static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, - const BIGNUM *iqmp, BN_CTX *ctx); - /* The constants used when creating the ENGINE */ static const char *engine_openssl_id = "openssl"; -static const char *engine_openssl_name = "Software default engine support"; +static const char *engine_openssl_name = "Software engine support"; /* As this is only ever called once, there's no need for locking * (indeed - the lock will already be held by our caller!!!) */ @@ -84,82 +77,18 @@ ENGINE *ENGINE_openssl(void) if(!ENGINE_set_id(ret, engine_openssl_id) || !ENGINE_set_name(ret, engine_openssl_name) || #ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(ret, RSA_get_default_openssl_method()) || + !ENGINE_set_RSA(ret, RSA_get_default_method()) || #endif #ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(ret, DSA_get_default_openssl_method()) || + !ENGINE_set_DSA(ret, DSA_get_default_method()) || #endif #ifndef OPENSSL_NO_DH - !ENGINE_set_DH(ret, DH_get_default_openssl_method()) || + !ENGINE_set_DH(ret, DH_get_default_method()) || #endif - !ENGINE_set_RAND(ret, RAND_SSLeay()) || - !ENGINE_set_BN_mod_exp(ret, BN_mod_exp) || - !ENGINE_set_BN_mod_exp_crt(ret, openssl_mod_exp_crt)) + !ENGINE_set_RAND(ret, RAND_SSLeay())) { ENGINE_free(ret); return NULL; } return ret; } - -/* Chinese Remainder Theorem, taken and adapted from rsa_eay.c */ -static int openssl_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, - const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx) - { - BIGNUM r1,m1; - int ret=0; - BN_CTX *bn_ctx; - BIGNUM *temp_bn = NULL; - - if (ctx) - bn_ctx = ctx; - else - if ((bn_ctx=BN_CTX_new()) == NULL) goto err; - BN_init(&m1); - BN_init(&r1); - /* BN_mul() cannot accept const BIGNUMs so I use the BN_CTX - * to duplicate what I need. <sigh> */ - BN_CTX_start(bn_ctx); - if ((temp_bn = BN_CTX_get(bn_ctx)) == NULL) goto err; - if (!BN_copy(temp_bn, iqmp)) goto err; - - if (!BN_mod(&r1, a, q, bn_ctx)) goto err; - if (!BN_mod_exp(&m1, &r1, dmq1, q, bn_ctx)) - goto err; - - if (!BN_mod(&r1, a, p, bn_ctx)) goto err; - if (!BN_mod_exp(r, &r1, dmp1, p, bn_ctx)) - goto err; - - if (!BN_sub(r, r, &m1)) goto err; - /* This will help stop the size of r0 increasing, which does - * affect the multiply if it optimised for a power of 2 size */ - if (r->neg) - if (!BN_add(r, r, p)) goto err; - - if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err; - if (!BN_mod(r, &r1, p, bn_ctx)) goto err; - /* If p < q it is occasionally possible for the correction of - * adding 'p' if r is negative above to leave the result still - * negative. This can break the private key operations: the following - * second correction should *always* correct this rare occurrence. - * This will *never* happen with OpenSSL generated keys because - * they ensure p > q [steve] - */ - if (r->neg) - if (!BN_add(r, r, p)) goto err; - /* Again, BN_mul() will need non-const values. */ - if (!BN_copy(temp_bn, q)) goto err; - if (!BN_mul(&r1, r, temp_bn, bn_ctx)) goto err; - if (!BN_add(r, &r1, &m1)) goto err; - - ret=1; -err: - BN_clear_free(&m1); - BN_clear_free(&r1); - BN_CTX_end(ctx); - if (!ctx) - BN_CTX_free(bn_ctx); - return(ret); - } |