From e90e7197398ce87786e92468e946d50f3c6728b7 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 8 Dec 2002 05:19:43 +0000 Subject: Fix a warning, and do some constification as a lucky side-effect :-) --- ssl/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index 82f4b0f848..5177a8a126 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -587,7 +587,7 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, typedef struct ssl_comp_st { int id; - char *name; + const char *name; #ifndef OPENSSL_NO_COMP COMP_METHOD *method; #else -- cgit v1.2.3 From e9224c717711eefb30038c9b37c69795dda93c9a Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 8 Dec 2002 05:24:31 +0000 Subject: This is a first-cut at improving the callback mechanisms used in key-generation and prime-checking functions. Rather than explicitly passing callback functions and caller-defined context data for the callbacks, a new structure BN_GENCB is defined that encapsulates this; a pointer to the structure is passed to all such functions instead. This wrapper structure allows the encapsulation of "old" and "new" style callbacks - "new" callbacks return a boolean result on the understanding that returning FALSE should terminate keygen/primality processing. The BN_GENCB abstraction will allow future callback modifications without needing to break binary compatibility nor change the API function prototypes. The new API functions have been given names ending in "_ex" and the old functions are implemented as wrappers to the new ones. The OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined, declaration of the older functions will be skipped. NB: Some openssl-internal code will stick with the older callbacks for now, so appropriate "#undef" logic will be put in place - this is in case the user is *building* openssl (rather than *including* its headers) with this symbol defined. There is another change in the new _ex functions; the key-generation functions do not return key structures but operate on structures passed by the caller, the return value is a boolean. This will allow for a smoother transition to having key-generation as "virtual function" in the various ***_METHOD tables. --- CHANGES | 12 +++++ crypto/bn/Makefile.ssl | 6 ++- crypto/bn/bn.h | 28 ++++++++++++ crypto/bn/bn_depr.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++ crypto/bn/bn_prime.c | 80 ++++++++++++++++++++------------- crypto/bn/bntest.c | 6 +++ crypto/dh/Makefile.ssl | 4 +- crypto/dh/dh.h | 8 ++++ crypto/dh/dh_check.c | 4 +- crypto/dh/dh_depr.c | 81 +++++++++++++++++++++++++++++++++ crypto/dh/dh_gen.c | 31 ++++++------- crypto/dh/dhtest.c | 6 +++ crypto/dsa/Makefile.ssl | 4 +- crypto/dsa/dsa.h | 10 +++++ crypto/dsa/dsa_depr.c | 104 ++++++++++++++++++++++++++++++++++++++++++ crypto/dsa/dsa_gen.c | 42 ++++++++--------- crypto/dsa/dsatest.c | 6 +++ crypto/ec/ectest.c | 10 ++--- crypto/ecdsa/ecdsatest.c | 8 +++- crypto/rsa/Makefile.ssl | 4 +- crypto/rsa/rsa.h | 8 ++++ crypto/rsa/rsa_chk.c | 4 +- crypto/rsa/rsa_depr.c | 83 ++++++++++++++++++++++++++++++++++ crypto/rsa/rsa_gen.c | 58 ++++++++++++------------ ssl/ssltest.c | 14 +++++- 25 files changed, 619 insertions(+), 116 deletions(-) create mode 100644 crypto/bn/bn_depr.c create mode 100644 crypto/dh/dh_depr.c create mode 100644 crypto/dsa/dsa_depr.c create mode 100644 crypto/rsa/rsa_depr.c diff --git a/CHANGES b/CHANGES index 8d47c0e171..f0fd7ac861 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,18 @@ Changes between 0.9.7 and 0.9.8 [xx XXX 2002] + *) Change the "progress" mechanism used in key-generation and + primality testing to functions that take a new BN_GENCB pointer in + place of callback/argument pairs. The new API functions have "_ex" + postfixes and the older functions are reimplemented as wrappers for + the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide + declarations of the old functions to help (graceful) attempts to + migrate to the new functions. Also, the new key-generation API + functions operate on a caller-supplied key-structure and return + success/failure rather than returning a key or NULL - this is to + help make "keygen" another member function of RSA_METHOD etc. + [Geoff Thorpe] + *) Add the ASN.1 structures and functions for CertificatePair, which is defined as follows (according to X.509_4thEditionDraftV6.pdf): diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl index d0b64585ed..459a0693ed 100644 --- a/crypto/bn/Makefile.ssl +++ b/crypto/bn/Makefile.ssl @@ -39,12 +39,14 @@ LIB=$(TOP)/libcrypto.a LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ - bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c + bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ + bn_depr.c LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ - bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o + bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \ + bn_depr.o SRC= $(LIBSRC) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 403add94b0..c1b5b41935 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -287,6 +287,23 @@ typedef struct bn_recp_ctx_st int flags; } BN_RECP_CTX; +/* Used for slow "generation" functions. */ +typedef struct bn_gencb_st BN_GENCB; +struct bn_gencb_st + { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union + { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1)(int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2)(int, int, BN_GENCB *); + }; + }; +/* Wrapper function to make using BN_GENCB easier, */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + #define BN_prime_checks 0 /* default: select number of iterations based on the size of the number */ @@ -431,6 +448,9 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); + +/* Deprecated versions */ +#ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback)(int,int,void *),void *cb_arg); @@ -440,6 +460,14 @@ int BN_is_prime(const BIGNUM *p,int nchecks, int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, int do_trial_division); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c new file mode 100644 index 0000000000..76c349833c --- /dev/null +++ b/crypto/bn/bn_depr.c @@ -0,0 +1,114 @@ +/* crypto/bn/bn_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Support for deprecated functions goes here - static linkage will only slurp + * this code if applications are using them directly. */ + +#include +#include +#include "cryptlib.h" +#include "bn_lcl.h" +#include + +BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int,int,void *), void *cb_arg) + { + BN_GENCB cb; + BIGNUM *rnd=NULL; + int found = 0; + + cb.ver = 1; + cb.arg = cb_arg; + cb.cb_1 = callback; + + if (ret == NULL) + { + if ((rnd=BN_new()) == NULL) goto err; + } + else + rnd=ret; + if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) + goto err; + + /* we have a prime :-) */ + found = 1; +err: + if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); + return(found ? rnd : NULL); + } + +int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), + BN_CTX *ctx_passed, void *cb_arg) + { + BN_GENCB cb; + cb.ver = 1; + cb.arg = cb_arg; + cb.cb_1 = callback; + return BN_is_prime_ex(a, checks, ctx_passed, &cb); + } + +int BN_is_prime_fasttest(const BIGNUM *a, int checks, + void (*callback)(int,int,void *), + BN_CTX *ctx_passed, void *cb_arg, + int do_trial_division) + { + BN_GENCB cb; + cb.ver = 1; + cb.arg = cb_arg; + cb.cb_1 = callback; + return BN_is_prime_fasttest_ex(a, checks, ctx_passed, + do_trial_division, &cb); + } diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 918b9237c6..a9ec01d916 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -115,6 +115,11 @@ #include "bn_lcl.h" #include +/* NB: these functions have been "upgraded", the deprecated versions (which are + * compatibility wrappers using these functions) are in bn_depr.c. + * - Geoff + */ + /* The quick sieve algorithm approach to weeding out primes is * Philip Zimmermann's, as implemented in PGP. I have had a read of * his comments and implemented my own version. @@ -129,11 +134,29 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback)(int,int,void *), void *cb_arg) +int BN_GENCB_call(BN_GENCB *cb, int a, int b) + { + /* No callback means continue */ + if(!cb) return 1; + switch(cb->ver) + { + case 1: + /* Deprecated-style callbacks */ + cb->cb_1(a, b, cb->arg); + return 1; + case 2: + /* New-style callbacks */ + return cb->cb_2(a, b, cb); + default: + break; + } + /* Unrecognised callback type */ + return 0; + } + +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) { - BIGNUM *rnd=NULL; BIGNUM t; int found=0; int i,j,c1=0; @@ -142,38 +165,34 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, ctx=BN_CTX_new(); if (ctx == NULL) goto err; - if (ret == NULL) - { - if ((rnd=BN_new()) == NULL) goto err; - } - else - rnd=ret; BN_init(&t); loop: /* make a random number and set the top and bottom bits */ if (add == NULL) { - if (!probable_prime(rnd,bits)) goto err; + if (!probable_prime(ret,bits)) goto err; } else { if (safe) { - if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx)) + if (!probable_prime_dh_safe(ret,bits,add,rem,ctx)) goto err; } else { - if (!probable_prime_dh(rnd,bits,add,rem,ctx)) + if (!probable_prime_dh(ret,bits,add,rem,ctx)) goto err; } } - /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */ - if (callback != NULL) callback(0,c1++,cb_arg); + /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ + if(!BN_GENCB_call(cb, 0, c1++)) + /* aborted */ + goto err; if (!safe) { - i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0); + i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb); if (i == -1) goto err; if (i == 0) goto loop; } @@ -183,41 +202,38 @@ loop: * check that (p-1)/2 is prime. * Since a prime is odd, We just * need to divide by 2 */ - if (!BN_rshift1(&t,rnd)) goto err; + if (!BN_rshift1(&t,ret)) goto err; for (i=0; i #include #include diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl index e1cb248db5..c1ed5ad920 100644 --- a/crypto/dh/Makefile.ssl +++ b/crypto/dh/Makefile.ssl @@ -23,8 +23,8 @@ TEST= dhtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c -LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o +LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c +LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o SRC= $(LIBSRC) diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 05851f8429..cab9b1493d 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -165,8 +165,16 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED DH * DH_generate_parameters(int prime_len,int generator, void (*callback)(int,int,void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); + int DH_check(const DH *dh,int *codes); int DH_generate_key(DH *dh); int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index f0373f7d68..bfc9c3ad76 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -104,12 +104,12 @@ int DH_check(const DH *dh, int *ret) else *ret|=DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL)) + if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) *ret|=DH_CHECK_P_NOT_PRIME; else { if (!BN_rshift1(q,dh->p)) goto err; - if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) + if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) *ret|=DH_CHECK_P_NOT_SAFE_PRIME; } ok=1; diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c new file mode 100644 index 0000000000..8a909b1959 --- /dev/null +++ b/crypto/dh/dh_depr.c @@ -0,0 +1,81 @@ +/* crypto/dh/dh_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +/* This file contains deprecated functions as wrappers to the new ones */ + +#include +#include "cryptlib.h" +#include +#include + +DH *DH_generate_parameters(int prime_len, int generator, + void (*callback)(int,int,void *), void *cb_arg) + { + BN_GENCB cb; + DH *ret=NULL; + + if((ret=DH_new()) == NULL) + return NULL; + + cb.ver = 1; + cb.arg = cb_arg; + cb.cb_1 = callback; + + if(DH_generate_parameters_ex(ret, prime_len, generator, &cb)) + return ret; + DH_free(ret); + return NULL; + } diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 06f78b35ab..a929a0f064 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -56,6 +56,11 @@ * [including the GNU Public Licence.] */ +/* NB: These functions have been upgraded - the previous prototypes are in + * dh_depr.c as wrappers to these ones. + * - Geoff + */ + #include #include "cryptlib.h" #include @@ -86,22 +91,22 @@ * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ -DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int,int,void *), void *cb_arg) +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) { - BIGNUM *p=NULL,*t1,*t2; - DH *ret=NULL; + BIGNUM *t1,*t2; int g,ok= -1; BN_CTX *ctx=NULL; - ret=DH_new(); - if (ret == NULL) goto err; ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); t1 = BN_CTX_get(ctx); t2 = BN_CTX_get(ctx); if (t1 == NULL || t2 == NULL) goto err; + + /* Make sure 'ret' has the necessary elements */ + if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; + if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; if (generator <= 1) { @@ -141,11 +146,8 @@ DH *DH_generate_parameters(int prime_len, int generator, g=generator; } - p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); - if (p == NULL) goto err; - if (callback != NULL) callback(3,0,cb_arg); - ret->p=p; - ret->g=BN_new(); + if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; + if(!BN_GENCB_call(cb, 3, 0)) goto err; if (!BN_set_word(ret->g,g)) goto err; ok=1; err: @@ -160,10 +162,5 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); } - if (!ok && (ret != NULL)) - { - DH_free(ret); - ret=NULL; - } - return(ret); + return ok; } diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 27237741da..33a49f2d7d 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl index 306a3f2001..93808285f7 100644 --- a/crypto/dsa/Makefile.ssl +++ b/crypto/dsa/Makefile.ssl @@ -24,9 +24,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ - dsa_err.c dsa_ossl.c + dsa_err.c dsa_ossl.c dsa_depr.c LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ - dsa_err.o dsa_ossl.o + dsa_err.o dsa_ossl.o dsa_depr.o SRC= $(LIBSRC) diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 9b3baadf2c..7a126e486b 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -186,10 +186,20 @@ void *DSA_get_ex_data(DSA *d, int idx); DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, int *counter_ret, unsigned long *h_ret,void (*callback)(int, int, void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + unsigned char *seed,int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + int DSA_generate_key(DSA *a); int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c new file mode 100644 index 0000000000..c16315389b --- /dev/null +++ b/crypto/dsa/dsa_depr.c @@ -0,0 +1,104 @@ +/* crypto/dsa/dsa_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* This file contains deprecated function(s) that are now wrappers to the new + * version(s). */ + +#undef GENUINE_DSA + +#ifdef GENUINE_DSA +/* Parameter generation follows the original release of FIPS PUB 186, + * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ +#define HASH EVP_sha() +#else +/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, + * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in + * FIPS PUB 180-1) */ +#define HASH EVP_sha1() +#endif + +#ifndef OPENSSL_NO_SHA + +#include +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include + +DSA *DSA_generate_parameters(int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, + void (*callback)(int, int, void *), + void *cb_arg) + { + BN_GENCB cb; + DSA *ret; + + if ((ret=DSA_new()) == NULL) return NULL; + + cb.ver = 1; + cb.arg = cb_arg; + cb.cb_1 = callback; + + if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, + counter_ret, h_ret, &cb)) + return ret; + DSA_free(ret); + return NULL; + } +#endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index dc9c249310..ca2c867089 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -80,11 +80,9 @@ #include #include -DSA *DSA_generate_parameters(int bits, +int DSA_generate_parameters_ex(DSA *ret, int bits, unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), - void *cb_arg) + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { int ok=0; unsigned char seed[SHA_DIGEST_LENGTH]; @@ -98,7 +96,6 @@ DSA *DSA_generate_parameters(int bits, int r=0; BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; unsigned int h=2; - DSA *ret=NULL; if (bits < 512) bits=512; bits=(bits+63)/64*64; @@ -114,7 +111,6 @@ DSA *DSA_generate_parameters(int bits, if ((ctx=BN_CTX_new()) == NULL) goto err; if ((ctx2=BN_CTX_new()) == NULL) goto err; if ((ctx3=BN_CTX_new()) == NULL) goto err; - if ((ret=DSA_new()) == NULL) goto err; if ((mont=BN_MONT_CTX_new()) == NULL) goto err; @@ -137,7 +133,8 @@ DSA *DSA_generate_parameters(int bits, int seed_is_random; /* step 1 */ - if (callback != NULL) callback(0,m++,cb_arg); + if(!BN_GENCB_call(cb, 0, m++)) + goto err; if (!seed_len) { @@ -170,7 +167,8 @@ DSA *DSA_generate_parameters(int bits, if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; /* step 4 */ - r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random); + r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx3, + seed_is_random, cb); if (r > 0) break; if (r != 0) @@ -180,8 +178,8 @@ DSA *DSA_generate_parameters(int bits, /* step 5 */ } - if (callback != NULL) callback(2,0,cb_arg); - if (callback != NULL) callback(3,0,cb_arg); + if(!BN_GENCB_call(cb, 2, 0)) goto err; + if(!BN_GENCB_call(cb, 3, 0)) goto err; /* step 6 */ counter=0; @@ -192,8 +190,8 @@ DSA *DSA_generate_parameters(int bits, for (;;) { - if (callback != NULL && counter != 0) - callback(0,counter,cb_arg); + if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) + goto err; /* step 7 */ BN_zero(W); @@ -231,7 +229,8 @@ DSA *DSA_generate_parameters(int bits, if (BN_cmp(p,test) >= 0) { /* step 11 */ - r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); + r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, + ctx3, 1, cb); if (r > 0) goto end; /* found it */ if (r != 0) @@ -247,7 +246,8 @@ DSA *DSA_generate_parameters(int bits, } } end: - if (callback != NULL) callback(2,1,cb_arg); + if(!BN_GENCB_call(cb, 2, 1)) + goto err; /* We now need to generate g */ /* Set r0=(p-1)/q */ @@ -266,16 +266,16 @@ end: h++; } - if (callback != NULL) callback(3,1,cb_arg); + if(!BN_GENCB_call(cb, 3, 1)) + goto err; ok=1; err: - if (!ok) - { - if (ret != NULL) DSA_free(ret); - } - else + if (ok) { + if(ret->p) BN_free(ret->p); + if(ret->q) BN_free(ret->q); + if(ret->g) BN_free(ret->g); ret->p=BN_dup(p); ret->q=BN_dup(q); ret->g=BN_dup(g); @@ -291,6 +291,6 @@ err: } if (ctx3 != NULL) BN_CTX_free(ctx3); if (mont != NULL) BN_MONT_CTX_free(mont); - return(ok?ret:NULL); + return ok; } #endif diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 1ab90cfd7e..c341c1b49c 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index d7e606db71..e292da3384 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -333,7 +333,7 @@ void prime_field_tests() /* Curve P-192 (FIPS PUB 186-2, App. 6) */ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT; if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT; if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; @@ -377,7 +377,7 @@ void prime_field_tests() /* Curve P-224 (FIPS PUB 186-2, App. 6) */ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT; if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT; if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; @@ -421,7 +421,7 @@ void prime_field_tests() /* Curve P-256 (FIPS PUB 186-2, App. 6) */ if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT; if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; @@ -467,7 +467,7 @@ void prime_field_tests() if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT; if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" @@ -518,7 +518,7 @@ void prime_field_tests() if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; + if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT; if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index 3f284125a2..402e988f46 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -69,6 +69,12 @@ * */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include @@ -283,7 +289,7 @@ int test_builtin(BIO *out) size_t crv_len = 0, n = 0; EC_KEY *eckey = NULL, *wrong_eckey = NULL; unsigned char digest[20], wrong_digest[20]; - unsigned char *signature; + unsigned char *signature = NULL; unsigned int sig_len; int nid, ret = 0; diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index 7e4c6db986..eeb0c9115c 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -25,10 +25,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \ - rsa_asn1.c + rsa_asn1.c rsa_depr.c LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \ - rsa_asn1.o + rsa_asn1.o rsa_depr.o SRC= $(LIBSRC) diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b2e25e4e7c..cdf514c009 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -183,8 +183,16 @@ struct rsa_st RSA * RSA_new(void); RSA * RSA_new_method(ENGINE *engine); int RSA_size(const RSA *); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED RSA * RSA_generate_key(int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e, BN_GENCB *cb); + int RSA_check_key(const RSA *); /* next 4 return -1 on error */ int RSA_public_encrypt(int flen, const unsigned char *from, diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 002f2cb487..9d848db8c6 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -75,7 +75,7 @@ int RSA_check_key(const RSA *key) } /* p prime? */ - r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL); + r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); if (r != 1) { ret = r; @@ -85,7 +85,7 @@ int RSA_check_key(const RSA *key) } /* q prime? */ - r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL); + r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); if (r != 1) { ret = r; diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c new file mode 100644 index 0000000000..25fa954393 --- /dev/null +++ b/crypto/rsa/rsa_depr.c @@ -0,0 +1,83 @@ +/* crypto/rsa/rsa_depr.c */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NB: This file contains deprecated functions (compatibility wrappers to the + * "new" versions). */ + +#include +#include +#include "cryptlib.h" +#include +#include + +RSA *RSA_generate_key(int bits, unsigned long e_value, + void (*callback)(int,int,void *), void *cb_arg) + { + BN_GENCB cb; + RSA *rsa; + + if((rsa=RSA_new()) == NULL) + return 0; + + cb.ver = 1; + cb.arg = cb_arg; + cb.cb_1 = callback; + + if(RSA_generate_key_ex(rsa, bits, e_value, &cb)) + return rsa; + RSA_free(rsa); + return 0; + } + diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 00c25adbc5..a45b9aab5c 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -56,16 +56,20 @@ * [including the GNU Public Licence.] */ + +/* NB: these functions have been "upgraded", the deprecated versions (which are + * compatibility wrappers using these functions) are in rsa_depr.c. + * - Geoff + */ + #include #include #include "cryptlib.h" #include #include -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback)(int,int,void *), void *cb_arg) +int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb) { - RSA *rsa=NULL; BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; int bitsp,bitsq,ok= -1,n=0,i; BN_CTX *ctx=NULL,*ctx2=NULL; @@ -83,12 +87,16 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, bitsp=(bits+1)/2; bitsq=bits-bitsp; - rsa=RSA_new(); - if (rsa == NULL) goto err; - /* set e */ - rsa->e=BN_new(); - if (rsa->e == NULL) goto err; + /* We need the RSA components non-NULL */ + if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; + if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; + if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; + if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; + if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; + if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; + if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; + if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; #if 1 /* The problem is when building with 8, 16, or 32 BN_ULONG, @@ -105,27 +113,29 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, /* generate p and q */ for (;;) { - rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg); - if (rsa->p == NULL) goto err; + if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) + goto err; if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; if (BN_is_one(r1)) break; - if (callback != NULL) callback(2,n++,cb_arg); - BN_free(rsa->p); + if(!BN_GENCB_call(cb, 2, n++)) + goto err; } - if (callback != NULL) callback(3,0,cb_arg); + if(!BN_GENCB_call(cb, 3, 0)) + goto err; for (;;) { - rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg); - if (rsa->q == NULL) goto err; + if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) + goto err; if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) break; - if (callback != NULL) callback(2,n++,cb_arg); - BN_free(rsa->q); + if(!BN_GENCB_call(cb, 2, n++)) + goto err; } - if (callback != NULL) callback(3,1,cb_arg); + if(!BN_GENCB_call(cb, 3, 1)) + goto err; if (BN_cmp(rsa->p,rsa->q) < 0) { tmp=rsa->p; @@ -134,8 +144,6 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, } /* calculate n */ - rsa->n=BN_new(); - if (rsa->n == NULL) goto err; if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; /* calculate d */ @@ -185,13 +193,7 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); BN_CTX_free(ctx2); - - if (!ok) - { - if (rsa != NULL) RSA_free(rsa); - return(NULL); - } - else - return(rsa); + + return ok; } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 8ff076250f..e384599fb1 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1580,9 +1580,21 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) { if (rsa_tmp == NULL) { + rsa_tmp = RSA_new(); + if(!rsa_tmp) + { + BIO_printf(bio_err, "Memory error..."); + goto end; + } BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); (void)BIO_flush(bio_err); - rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); + if(!RSA_generate_key_ex(rsa_tmp,keylength,RSA_F4,NULL)) + { + BIO_printf(bio_err, "Error generating key.", keylength); + RSA_free(rsa_tmp); + rsa_tmp = NULL; + } +end: BIO_printf(bio_err,"\n"); (void)BIO_flush(bio_err); } -- cgit v1.2.3 From 5daec7ea0ed73def95c65d4e23d1a22839355332 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Sun, 8 Dec 2002 05:38:44 +0000 Subject: Undefine OPENSSL_NO_DEPRECATED inside openssl application code if we are being built with it defined - it is not a symbol to affect how openssl itself builds, but to alter the way openssl headers can be used from an API point of view. The "deprecated" function wrappers will always remain inside OpenSSL at least as long as they're still being used internally. :-) The exception is dsaparam which has been updated to the BN_GENCB-based functions to test the new functionality. If GENCB_TEST is defined, dsaparam will support a "-timebomb " switch to cancel parameter-generation if it gets as far as 'n' seconds without completion. --- apps/dsaparam.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- apps/gendh.c | 6 ++++ apps/genrsa.c | 6 ++++ apps/req.c | 6 ++++ apps/s_server.c | 6 ++++ 5 files changed, 107 insertions(+), 5 deletions(-) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 320d76f632..63e2cab45f 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_DSA #include #include @@ -82,9 +88,23 @@ * -C * -noout * -genkey + * #ifdef GENCB_TEST + * -timebomb n - interrupt keygen after seconds + * #endif */ -static void MS_CALLBACK dsa_cb(int p, int n, void *arg); +#ifdef GENCB_TEST + +static int stop_keygen_flag = 0; + +void timebomb_sigalarm(int foo) + { + stop_keygen_flag = 1; + } + +#endif + +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -99,6 +119,9 @@ int MAIN(int argc, char **argv) int numbits= -1,num,genkey=0; int need_rand=0; char *engine=NULL; +#ifdef GENCB_TEST + int timebomb=0; +#endif apps_startup(); @@ -144,6 +167,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; engine = *(++argv); } +#ifdef GENCB_TEST + else if(strcmp(*argv, "-timebomb") == 0) + { + if (--argc < 1) goto bad; + timebomb = atoi(*(++argv)); + } +#endif else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-C") == 0) @@ -192,6 +222,9 @@ bad: BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#ifdef GENCB_TEST + BIO_printf(bio_err," -timebomb n interrupt keygen after seconds\n"); +#endif BIO_printf(bio_err," number number of bits to use for generating private key\n"); goto end; } @@ -247,10 +280,50 @@ bad: if (numbits > 0) { + BN_GENCB cb; + cb.ver = 2; + cb.cb_2 = dsa_cb; + cb.arg = bio_err; + assert(need_rand); + dsa = DSA_new(); + if(!dsa) + { + BIO_printf(bio_err,"Error allocating DSA object\n"); + goto end; + } BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); - dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err); +#ifdef GENCB_TEST + if(timebomb > 0) + { + struct sigaction act; + act.sa_handler = timebomb_sigalarm; + act.sa_flags = 0; + BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", + timebomb); + if(sigaction(SIGALRM, &act, NULL) != 0) + { + BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n"); + goto end; + } + alarm(timebomb); + } +#endif + if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb)) + { +#ifdef GENCB_TEST + if(stop_keygen_flag) + { + BIO_printf(bio_err,"DSA key generation time-stopped\n"); + /* This is an asked-for behaviour! */ + ret = 0; + goto end; + } +#endif + BIO_printf(bio_err,"Error, DSA key generation failed\n"); + goto end; + } } else if (informat == FORMAT_ASN1) dsa=d2i_DSAparams_bio(in,NULL); @@ -375,7 +448,7 @@ end: OPENSSL_EXIT(ret); } -static void MS_CALLBACK dsa_cb(int p, int n, void *arg) +static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; @@ -383,10 +456,15 @@ static void MS_CALLBACK dsa_cb(int p, int n, void *arg) if (p == 1) c='+'; if (p == 2) c='*'; if (p == 3) c='\n'; - BIO_write(arg,&c,1); - (void)BIO_flush(arg); + BIO_write(cb->arg,&c,1); + (void)BIO_flush(cb->arg); #ifdef LINT p=n; #endif +#ifdef GENCB_TEST + if(stop_keygen_flag) + return 0; +#endif + return 1; } #endif diff --git a/apps/gendh.c b/apps/gendh.c index 98ee413c74..574a13a57a 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -57,6 +57,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_DH #include #include diff --git a/apps/genrsa.c b/apps/genrsa.c index dbc23e40aa..6079688ce9 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #ifndef OPENSSL_NO_RSA #include #include diff --git a/apps/req.c b/apps/req.c index a582e69775..4dca798e4a 100644 --- a/apps/req.c +++ b/apps/req.c @@ -56,6 +56,12 @@ * [including the GNU Public Licence.] */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include diff --git a/apps/s_server.c b/apps/s_server.c index aa7ff66b70..39013c2b0b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -114,6 +114,12 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ +/* Until the key-gen callbacks are modified to use newer prototypes, we allow + * deprecated functions for openssl-internal code */ +#ifdef OPENSSL_NO_DEPRECATED +#undef OPENSSL_NO_DEPRECATED +#endif + #include #include #include -- cgit v1.2.3 From fdaea9ed2e5644b98baae983ce7a55100c956999 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 8 Dec 2002 09:31:41 +0000 Subject: Since it's defined in draft-ietf-tls-compression-04.txt, let's make ZLIB a known compression method, with the identity 1. --- CHANGES | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index f0fd7ac861..c466dd4a95 100644 --- a/CHANGES +++ b/CHANGES @@ -16,6 +16,11 @@ help make "keygen" another member function of RSA_METHOD etc. [Geoff Thorpe] + *) Change the ZLIB compression method to be stateful, and make it + available to TLS with the number defined in + draft-ietf-tls-compression-04.txt. + [Richard Levitte] + *) Add the ASN.1 structures and functions for CertificatePair, which is defined as follows (according to X.509_4thEditionDraftV6.pdf): -- cgit v1.2.3