diff options
| author | Geoff Thorpe <geoff@openssl.org> | 2002-12-08 05:24:31 +0000 |
|---|---|---|
| committer | Geoff Thorpe <geoff@openssl.org> | 2002-12-08 05:24:31 +0000 |
| commit | e9224c717711eefb30038c9b37c69795dda93c9a (patch) | |
| tree | cdb7a95f6ef21a6434008c494c38d530b629def0 /crypto/bn/bn.h | |
| parent | e90e7197398ce87786e92468e946d50f3c6728b7 (diff) | |
| download | openssl-e9224c717711eefb30038c9b37c69795dda93c9a.tar.gz | |
This is a first-cut at improving the callback mechanisms used in
key-generation and prime-checking functions. Rather than explicitly passing
callback functions and caller-defined context data for the callbacks, a new
structure BN_GENCB is defined that encapsulates this; a pointer to the
structure is passed to all such functions instead.
This wrapper structure allows the encapsulation of "old" and "new" style
callbacks - "new" callbacks return a boolean result on the understanding
that returning FALSE should terminate keygen/primality processing. The
BN_GENCB abstraction will allow future callback modifications without
needing to break binary compatibility nor change the API function
prototypes. The new API functions have been given names ending in "_ex" and
the old functions are implemented as wrappers to the new ones. The
OPENSSL_NO_DEPRECATED symbol has been introduced so that, if defined,
declaration of the older functions will be skipped. NB: Some
openssl-internal code will stick with the older callbacks for now, so
appropriate "#undef" logic will be put in place - this is in case the user
is *building* openssl (rather than *including* its headers) with this
symbol defined.
There is another change in the new _ex functions; the key-generation
functions do not return key structures but operate on structures passed by
the caller, the return value is a boolean. This will allow for a smoother
transition to having key-generation as "virtual function" in the various
***_METHOD tables.
Diffstat (limited to 'crypto/bn/bn.h')
| -rw-r--r-- | crypto/bn/bn.h | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 403add94b0..c1b5b41935 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -287,6 +287,23 @@ typedef struct bn_recp_ctx_st int flags; } BN_RECP_CTX; +/* Used for slow "generation" functions. */ +typedef struct bn_gencb_st BN_GENCB; +struct bn_gencb_st + { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union + { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1)(int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2)(int, int, BN_GENCB *); + }; + }; +/* Wrapper function to make using BN_GENCB easier, */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + #define BN_prime_checks 0 /* default: select number of iterations based on the size of the number */ @@ -431,6 +448,9 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); + +/* Deprecated versions */ +#ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, const BIGNUM *add, const BIGNUM *rem, void (*callback)(int,int,void *),void *cb_arg); @@ -440,6 +460,14 @@ int BN_is_prime(const BIGNUM *p,int nchecks, int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, int do_trial_division); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); |