From e990b4f838eaa649a1849d25db5be2236632fe34 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 13 Feb 2011 18:45:41 +0000 Subject: [PATCH] Remove dependency of dsa_sign.o and dsa_vrf.o: new functions FIPS_dsa_sig_new and FIPS_dsa_sig_free, reimplment DSA_SIG_new and DSA_SIG_free from ASN1 library. --- Makefile.fips | 2 -- Makefile.org | 2 -- crypto/dsa/dsa_asn1.c | 2 +- crypto/dsa/dsa_ossl.c | 3 +-- crypto/dsa/dsa_sign.c | 24 ------------------------ fips/dsa/fips_dsa_lib.c | 23 +++++++++++++++++++++++ fips/dsa/fips_dsa_selftest.c | 2 +- fips/dsa/fips_dsatest.c | 2 +- fips/dsa/fips_dssvs.c | 2 +- fips/fips.c | 2 +- fips/fips.h | 3 +++ fips/fips_test_suite.c | 2 +- 12 files changed, 33 insertions(+), 36 deletions(-) diff --git a/Makefile.fips b/Makefile.fips index d6d373fed7..f9cc5afab6 100644 --- a/Makefile.fips +++ b/Makefile.fips @@ -308,8 +308,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ ../crypto/dsa/dsa_gen.o \ ../crypto/dsa/dsa_key.o \ ../crypto/dsa/dsa_ossl.o \ - ../crypto/dsa/dsa_sign.o \ - ../crypto/dsa/dsa_vrf.o \ ../crypto/evp/e_aes.o \ ../crypto/evp/e_des3.o \ ../crypto/evp/m_sha1.o \ diff --git a/Makefile.org b/Makefile.org index 89fa394546..4cdd60bc04 100644 --- a/Makefile.org +++ b/Makefile.org @@ -307,8 +307,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ ../crypto/dsa/dsa_gen.o \ ../crypto/dsa/dsa_key.o \ ../crypto/dsa/dsa_ossl.o \ - ../crypto/dsa/dsa_sign.o \ - ../crypto/dsa/dsa_vrf.o \ ../crypto/evp/e_aes.o \ ../crypto/evp/e_des3.o \ ../crypto/evp/m_sha1.o \ diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 6058534374..9e441fa0db 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -88,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG) +IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) /* Override the default free and new methods */ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 8fa39e9281..f1512a40dd 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -173,7 +173,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) redo: if ((dsa->kinv == NULL) || (dsa->r == NULL)) { - if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; + if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r)) goto err; } else { @@ -199,7 +199,6 @@ redo: if (BN_cmp(s,dsa->q) > 0) if (!BN_sub(s,s,dsa->q)) goto err; if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; - ret=DSA_SIG_new(); if (ret == NULL) goto err; /* Redo if r or s is zero as required by FIPS 186-3: this is diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index d983471e3b..599093a4a8 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -74,27 +74,3 @@ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } - -DSA_SIG *DSA_SIG_new(void) - { - DSA_SIG *sig; - sig = OPENSSL_malloc(sizeof(DSA_SIG)); - if (!sig) - return NULL; - sig->r = NULL; - sig->s = NULL; - return sig; - } - -void DSA_SIG_free(DSA_SIG *sig) - { - if (sig) - { - if (sig->r) - BN_free(sig->r); - if (sig->s) - BN_free(sig->s); - OPENSSL_free(sig); - } - } - diff --git a/fips/dsa/fips_dsa_lib.c b/fips/dsa/fips_dsa_lib.c index 06f8cabfee..2e2f192aff 100644 --- a/fips/dsa/fips_dsa_lib.c +++ b/fips/dsa/fips_dsa_lib.c @@ -96,3 +96,26 @@ void FIPS_dsa_free(DSA *r) OPENSSL_free(r); } +DSA_SIG *FIPS_dsa_sig_new(void) + { + DSA_SIG *sig; + sig = OPENSSL_malloc(sizeof(DSA_SIG)); + if (!sig) + return NULL; + sig->r = NULL; + sig->s = NULL; + return sig; + } + +void FIPS_dsa_sig_free(DSA_SIG *sig) + { + if (sig) + { + if (sig->r) + BN_free(sig->r); + if (sig->s) + BN_free(sig->s); + OPENSSL_free(sig); + } + } + diff --git a/fips/dsa/fips_dsa_selftest.c b/fips/dsa/fips_dsa_selftest.c index 2fbdad5d47..ee225906bd 100644 --- a/fips/dsa/fips_dsa_selftest.c +++ b/fips/dsa/fips_dsa_selftest.c @@ -156,7 +156,7 @@ int FIPS_selftest_dsa() if (dsa) FIPS_dsa_free(dsa); if (dsig) - DSA_SIG_free(dsig); + FIPS_dsa_sig_free(dsig); if (ret == 0) FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED); return ret; diff --git a/fips/dsa/fips_dsatest.c b/fips/dsa/fips_dsatest.c index 9294286c75..3e773687a1 100644 --- a/fips/dsa/fips_dsatest.c +++ b/fips/dsa/fips_dsatest.c @@ -231,7 +231,7 @@ int main(int argc, char **argv) end: if (sig) - DSA_SIG_free(sig); + FIPS_dsa_sig_free(sig); if (dsa != NULL) FIPS_dsa_free(dsa); FIPS_md_ctx_cleanup(&mctx); #if 0 diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c index 9ee0ccc95f..ff7f8139b3 100644 --- a/fips/dsa/fips_dssvs.c +++ b/fips/dsa/fips_dssvs.c @@ -548,7 +548,7 @@ static void siggen() pbn("R",sig->r); pbn("S",sig->s); putc('\n',stdout); - DSA_SIG_free(sig); + FIPS_dsa_sig_free(sig); FIPS_md_ctx_cleanup(&mctx); } } diff --git a/fips/fips.c b/fips/fips.c index 3d745557fc..51696b5e7c 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -498,7 +498,7 @@ int fips_pkey_signature_test(EVP_PKEY *pkey, error: if (dsig != NULL) - DSA_SIG_free(dsig); + FIPS_dsa_sig_free(dsig); if (sig != sigtmp) OPENSSL_free(sig); FIPS_md_ctx_cleanup(&mctx); diff --git a/fips/fips.h b/fips/fips.h index 9d7c37096d..facdbc725c 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -147,6 +147,9 @@ void FIPS_set_locking_callback(void (*func)(int mode, int type, #define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new #define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free +#define DSA_SIG_new FIPS_dsa_sig_new +#define DSA_SIG_free FIPS_dsa_sig_free + #endif /* BEGIN ERROR CODES */ diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index a06c86260f..392a889ca0 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -131,7 +131,7 @@ static int FIPS_dsa_test(int bad) r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); end: if (sig) - DSA_SIG_free(sig); + FIPS_dsa_sig_free(sig); FIPS_md_ctx_cleanup(&mctx); if (dsa) FIPS_dsa_free(dsa); -- 2.25.1