Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new

and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1
library.

diff --git a/Makefile.fips b/Makefile.fips
index d6d373fed7d12d654a6b32738f55e174944ff246..f9cc5afab6e3d2f1164fa730282ab9b4f60242df 100644 (file)
--- a/Makefile.fips
+++ b/Makefile.fips
@@ -308,8 +308,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
        ../crypto/dsa/dsa_gen.o \
        ../crypto/dsa/dsa_key.o \
        ../crypto/dsa/dsa_ossl.o \
-       ../crypto/dsa/dsa_sign.o \
-       ../crypto/dsa/dsa_vrf.o \
        ../crypto/evp/e_aes.o \
        ../crypto/evp/e_des3.o \
        ../crypto/evp/m_sha1.o \

diff --git a/Makefile.org b/Makefile.org
index 89fa394546050de9d2d2570cfe321a8cf8e102a8..4cdd60bc04bf2e32ea223c30621e19863e379a36 100644 (file)
--- a/Makefile.org
+++ b/Makefile.org
@@ -307,8 +307,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
        ../crypto/dsa/dsa_gen.o \
        ../crypto/dsa/dsa_key.o \
        ../crypto/dsa/dsa_ossl.o \
-       ../crypto/dsa/dsa_sign.o \
-       ../crypto/dsa/dsa_vrf.o \
        ../crypto/evp/e_aes.o \
        ../crypto/evp/e_des3.o \
        ../crypto/evp/m_sha1.o \

diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 60585343746d97d64c0d2e26dea335b69c763f0f..9e441fa0db1831f0ec9b2949d22a5aa0ecdfae86 100644 (file)
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -88,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
 } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
 
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
+IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
 
 /* Override the default free and new methods */
 static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 8fa39e92812765e2729da672ef0a09cebfe8e0bf..f1512a40dd0fcc335c40086522d9c333fc9c3352 100644 (file)
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -173,7 +173,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 redo:
        if ((dsa->kinv == NULL) || (dsa->r == NULL))
                {
-               if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+               if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r)) goto err;
                }
        else
                {
@@ -199,7 +199,6 @@ redo:
        if (BN_cmp(s,dsa->q) > 0)
                if (!BN_sub(s,s,dsa->q)) goto err;
        if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
-
        ret=DSA_SIG_new();
        if (ret == NULL) goto err;
        /* Redo if r or s is zero as required by FIPS 186-3: this is

diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index d983471e3bc6ffed0510042e40dec32aed2aa43e..599093a4a86d647b9271060583d22e57fcd7fd2b 100644 (file)
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -74,27 +74,3 @@ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
-
-DSA_SIG *DSA_SIG_new(void)
-       {
-       DSA_SIG *sig;
-       sig = OPENSSL_malloc(sizeof(DSA_SIG));
-       if (!sig)
-               return NULL;
-       sig->r = NULL;
-       sig->s = NULL;
-       return sig;
-       }
-
-void DSA_SIG_free(DSA_SIG *sig)
-       {
-       if (sig)
-               {
-               if (sig->r)
-                       BN_free(sig->r);
-               if (sig->s)
-                       BN_free(sig->s);
-               OPENSSL_free(sig);
-               }
-       }
-

diff --git a/fips/dsa/fips_dsa_lib.c b/fips/dsa/fips_dsa_lib.c
index 06f8cabfee31286f4cafd2b51dc5e67d37792c89..2e2f192aff3be0b0517b3f8e5c89bf129d1abc65 100644 (file)
--- a/fips/dsa/fips_dsa_lib.c
+++ b/fips/dsa/fips_dsa_lib.c
@@ -96,3 +96,26 @@ void FIPS_dsa_free(DSA *r)
        OPENSSL_free(r);
        }
 
+DSA_SIG *FIPS_dsa_sig_new(void)
+       {
+       DSA_SIG *sig;
+       sig = OPENSSL_malloc(sizeof(DSA_SIG));
+       if (!sig)
+               return NULL;
+       sig->r = NULL;
+       sig->s = NULL;
+       return sig;
+       }
+
+void FIPS_dsa_sig_free(DSA_SIG *sig)
+       {
+       if (sig)
+               {
+               if (sig->r)
+                       BN_free(sig->r);
+               if (sig->s)
+                       BN_free(sig->s);
+               OPENSSL_free(sig);
+               }
+       }
+

diff --git a/fips/dsa/fips_dsa_selftest.c b/fips/dsa/fips_dsa_selftest.c
index 2fbdad5d4759d0a4471c2612847c98176045f5b3..ee225906bd095fc6758dbd3e5496c21291a74757 100644 (file)
--- a/fips/dsa/fips_dsa_selftest.c
+++ b/fips/dsa/fips_dsa_selftest.c
@@ -156,7 +156,7 @@ int FIPS_selftest_dsa()
     if (dsa)
        FIPS_dsa_free(dsa);
     if (dsig)
-       DSA_SIG_free(dsig);
+       FIPS_dsa_sig_free(dsig);
     if (ret == 0)
            FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
     return ret;

diff --git a/fips/dsa/fips_dsatest.c b/fips/dsa/fips_dsatest.c
index 9294286c75440ee2d8d6a0291530a4ad13d2f9ae..3e773687a12f9dd1ac53f9e32e85bd6f62a5d83b 100644 (file)
--- a/fips/dsa/fips_dsatest.c
+++ b/fips/dsa/fips_dsatest.c
@@ -231,7 +231,7 @@ int main(int argc, char **argv)
 
 end:
        if (sig)
-               DSA_SIG_free(sig);
+               FIPS_dsa_sig_free(sig);
        if (dsa != NULL) FIPS_dsa_free(dsa);
        FIPS_md_ctx_cleanup(&mctx);
 #if 0

diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c
index 9ee0ccc95fc5858d6cc204d32b46ee10cf63d4d1..ff7f8139b3e2022114f00c388484dd2004dc993c 100644 (file)
--- a/fips/dsa/fips_dssvs.c
+++ b/fips/dsa/fips_dssvs.c
@@ -548,7 +548,7 @@ static void siggen()
            pbn("R",sig->r);
            pbn("S",sig->s);
            putc('\n',stdout);
-           DSA_SIG_free(sig);
+           FIPS_dsa_sig_free(sig);
            FIPS_md_ctx_cleanup(&mctx);
            }
        }

diff --git a/fips/fips.c b/fips/fips.c
index 3d745557fcb070315ae2ae1c598b80cd4ab8d480..51696b5e7cf4fc733d7cb234288510cb93545083 100644 (file)
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -498,7 +498,7 @@ int fips_pkey_signature_test(EVP_PKEY *pkey,
 
        error:
        if (dsig != NULL)
-               DSA_SIG_free(dsig);
+               FIPS_dsa_sig_free(dsig);
        if (sig != sigtmp)
                OPENSSL_free(sig);
        FIPS_md_ctx_cleanup(&mctx);

diff --git a/fips/fips.h b/fips/fips.h
index 9d7c37096d84703ec378ab549c961dc875e35224..facdbc725c1d1919f9c8e57fc51fccbd01e23d0f 100644 (file)
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -147,6 +147,9 @@ void FIPS_set_locking_callback(void (*func)(int mode, int type,
 #define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new
 #define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free
 
+#define DSA_SIG_new FIPS_dsa_sig_new
+#define DSA_SIG_free FIPS_dsa_sig_free
+
 #endif
 
 /* BEGIN ERROR CODES */

diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c
index a06c86260f26bdc4bb928af6fb9910bae889a1c5..392a889ca0517d872f5befc61bbfa3fa369da2da 100644 (file)
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@@ -131,7 +131,7 @@ static int FIPS_dsa_test(int bad)
     r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
     end:
     if (sig)
-       DSA_SIG_free(sig);
+       FIPS_dsa_sig_free(sig);
     FIPS_md_ctx_cleanup(&mctx);
     if (dsa)
          FIPS_dsa_free(dsa);