[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Wed Jul 20 13:05:09 UTC 2016
The branch master has been updated
via 8cc44d970ced1004db0727d7a7b3e2709c442e55 (commit)
from 36b53720eb4cd23eb7e6c0b3a3fed94f757f27ef (commit)
- Log -----------------------------------------------------------------
commit 8cc44d970ced1004db0727d7a7b3e2709c442e55
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Jul 19 18:57:15 2016 +0100
Don't allocate r/s in DSA_SIG and ECDSA_SIG
To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().
RT#4590
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_asn1.c | 19 ++++++++++++++++++-
crypto/dsa/dsa_err.c | 1 +
crypto/dsa/dsa_ossl.c | 4 ++++
crypto/ec/ec_asn1.c | 19 ++++++++++++++++++-
crypto/ec/ec_err.c | 1 +
crypto/ec/ecdsa_ossl.c | 6 ++++++
include/openssl/dsa.h | 1 +
include/openssl/ec.h | 1 +
8 files changed, 50 insertions(+), 2 deletions(-)
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 540d01f..551c107 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -19,7 +19,24 @@ ASN1_SEQUENCE(DSA_SIG) = {
ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
} static_ASN1_SEQUENCE_END(DSA_SIG)
-IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
+
+DSA_SIG *DSA_SIG_new(void)
+{
+ DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+ if (sig == NULL)
+ DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+ return sig;
+}
+
+void DSA_SIG_free(DSA_SIG *sig)
+{
+ if (sig == NULL)
+ return;
+ BN_clear_free(sig->r);
+ BN_clear_free(sig->s);
+ OPENSSL_free(sig);
+}
void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
{
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index 96bd4d3..028f79f 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -37,6 +37,7 @@ static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "dsa_pub_encode"},
{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
+ {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"},
{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"},
{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"},
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 8913fcc..f9f6a13 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -69,6 +69,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
ret = DSA_SIG_new();
if (ret == NULL)
goto err;
+ ret->r = BN_new();
+ ret->s = BN_new();
+ if (ret->r == NULL || ret->s == NULL)
+ goto err;
ctx = BN_CTX_new();
if (ctx == NULL)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index be7a96b..8714a4b 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1170,7 +1170,24 @@ ASN1_SEQUENCE(ECDSA_SIG) = {
DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
-IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG)
+
+ECDSA_SIG *ECDSA_SIG_new(void)
+{
+ ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+ if (sig == NULL)
+ ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+ return sig;
+}
+
+void ECDSA_SIG_free(ECDSA_SIG *sig)
+{
+ if (sig == NULL)
+ return;
+ BN_clear_free(sig->r);
+ BN_clear_free(sig->s);
+ OPENSSL_free(sig);
+}
void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
{
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
index 56aacd4..25dea23 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -32,6 +32,7 @@ static ERR_STRING_DATA EC_str_functs[] = {
{ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
{ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"},
{ERR_FUNC(EC_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
+ {ERR_FUNC(EC_F_ECDSA_SIG_NEW), "ECDSA_SIG_new"},
{ERR_FUNC(EC_F_ECDSA_VERIFY), "ECDSA_verify"},
{ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"},
{ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"},
diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c
index 6ff5a46..d67c485 100644
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@@ -221,6 +221,12 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
return NULL;
}
+ ret->r = BN_new();
+ ret->s = BN_new();
+ if (ret->r == NULL || ret->s == NULL) {
+ ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
s = ret->s;
if ((ctx = BN_CTX_new()) == NULL ||
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 3b1e1a6..11ddd39 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -256,6 +256,7 @@ void ERR_load_DSA_strings(void);
# define DSA_F_DSA_PUB_ENCODE 118
# define DSA_F_DSA_SIGN 106
# define DSA_F_DSA_SIGN_SETUP 107
+# define DSA_F_DSA_SIG_NEW 102
# define DSA_F_OLD_DSA_PRIV_DECODE 122
# define DSA_F_PKEY_DSA_CTRL 120
# define DSA_F_PKEY_DSA_KEYGEN 121
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index 0e50296..03942ed 100644
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -1378,6 +1378,7 @@ void ERR_load_EC_strings(void);
# define EC_F_ECDSA_DO_VERIFY 252
# define EC_F_ECDSA_SIGN_EX 254
# define EC_F_ECDSA_SIGN_SETUP 248
+# define EC_F_ECDSA_SIG_NEW 265
# define EC_F_ECDSA_VERIFY 253
# define EC_F_ECKEY_PARAM2TYPE 223
# define EC_F_ECKEY_PARAM_DECODE 212
More information about the openssl-commits
mailing list