This is the first step in allowing RSA_METHODs to implement their own key

generation. This prototype matches the new API function RSA_generate_key_ex(), though both may be subject to change during development before 0.9.8.

This is the first step in allowing RSA_METHODs to implement their own key
generation. This prototype matches the new API function RSA_generate_key_ex(), though both may be subject to change during development before 0.9.8.
2814c629 · Geoff Thorpe · 876e96fd · 2814c629 · 2814c629 · 2814c629
Showing with 24 addition and 2 deletion

crypto/rsa/rsa.h crypto/rsa/rsa.h +5 -1

crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c +2 -1

crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c +14 -0

crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c +3 -0

未找到文件。
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -114,7 +114,11 @@ typedef struct rsa_meth_st
 	int (*rsa_verify)(int dtype,
 		const unsigned char *m, unsigned int m_length,
 		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
-
+/* If this callback is NULL, the builtin software RSA key-gen will be used. This
+ * is for behavioural compatibility whilst the code gets rewired, but one day
+ * it would be nice to assume there are no such things as "builtin software"
+ * implementations. */
+	int (*rsa_keygen)(RSA *rsa, int bits, unsigned long e, BN_GENCB *cb);
 	} RSA_METHOD;

 struct rsa_st

--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -89,7 +89,8 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
 	0, /* flags */
 	NULL,
 	0, /* rsa_sign */
-	0  /* rsa_verify */
+	0, /* rsa_verify */
+	NULL /* rsa_keygen */
 	};

 const RSA_METHOD *RSA_PKCS1_SSLeay(void)

--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -68,7 +68,21 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>

+static int rsa_builtin_keygen(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb);
+
+/* NB: this wrapper would normally be placed in rsa_lib.c and the static
+ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
+ * that we don't introduce a new linker dependency. Eg. any application that
+ * wasn't previously linking object code related to key-generation won't have to
+ * now just because key-generation is part of RSA_METHOD. */
 int RSA_generate_key_ex(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb)
+	{
+	if(rsa->meth->rsa_keygen)
+		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+	return rsa_builtin_keygen(rsa, bits, e_value, cb);
+	}
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, unsigned long e_value, BN_GENCB *cb)
 	{
 	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
 	int bitsp,bitsq,ok= -1,n=0,i;

--- a/crypto/rsa/rsa_null.c
+++ b/crypto/rsa/rsa_null.c
@@ -94,6 +94,9 @@ static RSA_METHOD rsa_null_meth={
 	RSA_null_finish,
 	0,
 	NULL,
+	NULL,
+	NULL,
+	NULL
 	};

 const RSA_METHOD *RSA_null_method(void)