[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Tue Mar 8 17:04:53 UTC 2016
The branch master has been updated
via 939bd84090499f646ff43304682c1fb5f15483b6 (commit)
via 706a13f112d864b42f28a59f4a207e296fa1be08 (commit)
from 9cae86d56faec7bdbf97a5b241e53052adc535ce (commit)
- Log -----------------------------------------------------------------
commit 939bd84090499f646ff43304682c1fb5f15483b6
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Mar 8 17:02:49 2016 +0000
make update
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 706a13f112d864b42f28a59f4a207e296fa1be08
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Mar 4 02:39:50 2016 +0000
Make DSA_SIG opaque.
This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_ameth.c | 7 ++++--
crypto/dsa/dsa_asn1.c | 30 ++++++++-----------------
crypto/dsa/dsa_locl.h | 5 +++++
crypto/dsa/dsa_ossl.c | 56 ++++++++++++++++++++++------------------------
doc/crypto/DSA_SIG_new.pod | 7 ++++--
include/openssl/dsa.h | 6 ++---
util/libcrypto.num | 13 ++++++-----
7 files changed, 60 insertions(+), 64 deletions(-)
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index e046fe7..5661af5 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -488,13 +488,16 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
if (dsa_sig) {
int rv = 0;
+ BIGNUM *r, *s;
+
+ DSA_SIG_get0(&r, &s, dsa_sig);
if (BIO_write(bp, "\n", 1) != 1)
goto err;
- if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, NULL, indent))
+ if (!ASN1_bn_print(bp, "r: ", r, NULL, indent))
goto err;
- if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, NULL, indent))
+ if (!ASN1_bn_print(bp, "s: ", s, NULL, indent))
goto err;
rv = 1;
err:
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 44696c3..ddf3259 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -62,33 +62,21 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/rand.h>
+#include "dsa_locl.h"
-/* Override the default new methods */
-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
- void *exarg)
-{
- if (operation == ASN1_OP_NEW_PRE) {
- DSA_SIG *sig;
- sig = OPENSSL_malloc(sizeof(*sig));
- if (sig == NULL) {
- DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- sig->r = NULL;
- sig->s = NULL;
- *pval = (ASN1_VALUE *)sig;
- return 2;
- }
- return 1;
-}
-
-ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
+ASN1_SEQUENCE(DSA_SIG) = {
ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
-} static_ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
+} static_ASN1_SEQUENCE_END(DSA_SIG)
IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
+void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig)
+{
+ *pr = sig->r;
+ *ps = sig->s;
+}
+
/* Override the default free and new methods */
static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
index 6182495..7767e74 100644
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -65,3 +65,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
size_t seed_len, int idx, unsigned char *seed_out,
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb);
+
+struct DSA_SIG_st {
+ BIGNUM *r;
+ BIGNUM *s;
+};
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index f8b4647..31a6d53 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -133,13 +133,15 @@ const DSA_METHOD *DSA_OpenSSL(void)
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
- BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+ BIGNUM *kinv = NULL;
BIGNUM *m;
BIGNUM *xr;
+ BIGNUM *r, *s;
BN_CTX *ctx = NULL;
int reason = ERR_R_BN_LIB;
DSA_SIG *ret = NULL;
int noredo = 0;
+ int rv = 0;
m = BN_new();
xr = BN_new();
@@ -151,9 +153,12 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
goto err;
}
- s = BN_new();
- if (s == NULL)
+ ret = DSA_SIG_new();
+ if (ret == NULL)
goto err;
+
+ DSA_SIG_get0(&r, &s, ret);
+
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
@@ -193,23 +198,20 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
}
goto redo;
}
- ret = DSA_SIG_new();
- if (ret == NULL)
- goto err;
- ret->r = r;
- ret->s = s;
+
+ rv = 1;
err:
- if (ret == NULL) {
+ if (rv == 0) {
DSAerr(DSA_F_DSA_DO_SIGN, reason);
- BN_free(r);
- BN_free(s);
+ DSA_SIG_free(ret);
+ ret = NULL;
}
BN_CTX_free(ctx);
BN_clear_free(m);
BN_clear_free(xr);
BN_clear_free(kinv);
- return (ret);
+ return ret;
}
static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in,
@@ -223,7 +225,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
const unsigned char *dgst, int dlen)
{
BN_CTX *ctx = NULL;
- BIGNUM *k, *kq, *K, *kinv = NULL, *r = NULL;
+ BIGNUM *k, *kq, *K, *kinv = NULL, *r = *rp;
int ret = 0;
if (!dsa->p || !dsa->q || !dsa->g) {
@@ -242,9 +244,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
} else
ctx = ctx_in;
- if ((r = BN_new()) == NULL)
- goto err;
-
/* Get random k */
do {
if (dgst != NULL) {
@@ -305,19 +304,15 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
BN_clear_free(*kinvp);
*kinvp = kinv;
kinv = NULL;
- BN_clear_free(*rp);
- *rp = r;
ret = 1;
err:
- if (!ret) {
+ if (!ret)
DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
- BN_clear_free(r);
- }
if (ctx != ctx_in)
BN_CTX_free(ctx);
BN_clear_free(k);
BN_clear_free(kq);
- return (ret);
+ return ret;
}
static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
@@ -326,6 +321,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
BN_CTX *ctx;
BIGNUM *u1, *u2, *t1;
BN_MONT_CTX *mont = NULL;
+ BIGNUM *r, *s;
int ret = -1, i;
if (!dsa->p || !dsa->q || !dsa->g) {
DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
@@ -350,13 +346,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
goto err;
- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
- BN_ucmp(sig->r, dsa->q) >= 0) {
+ DSA_SIG_get0(&r, &s, sig);
+
+ if (BN_is_zero(r) || BN_is_negative(r) ||
+ BN_ucmp(r, dsa->q) >= 0) {
ret = 0;
goto err;
}
- if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
- BN_ucmp(sig->s, dsa->q) >= 0) {
+ if (BN_is_zero(s) || BN_is_negative(s) ||
+ BN_ucmp(s, dsa->q) >= 0) {
ret = 0;
goto err;
}
@@ -364,7 +362,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
/*
* Calculate W = inv(S) mod Q save W in u2
*/
- if ((BN_mod_inverse(u2, sig->s, dsa->q, ctx)) == NULL)
+ if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL)
goto err;
/* save M in u1 */
@@ -383,7 +381,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
goto err;
/* u2 = r * w mod q */
- if (!BN_mod_mul(u2, sig->r, u2, dsa->q, ctx))
+ if (!BN_mod_mul(u2, r, u2, dsa->q, ctx))
goto err;
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
@@ -403,7 +401,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
/*
* V is now in u1. If the signature is correct, it will be equal to R.
*/
- ret = (BN_ucmp(u1, sig->r) == 0);
+ ret = (BN_ucmp(u1, r) == 0);
err:
if (ret < 0)
diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod
index 91bb513..2d9e272 100644
--- a/doc/crypto/DSA_SIG_new.pod
+++ b/doc/crypto/DSA_SIG_new.pod
@@ -9,8 +9,8 @@ DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
#include <openssl/dsa.h>
DSA_SIG *DSA_SIG_new(void);
-
- void DSA_SIG_free(DSA_SIG *a);
+ void DSA_SIG_free(DSA_SIG *a);
+ void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig);
=head1 DESCRIPTION
@@ -19,6 +19,9 @@ DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
values are erased before the memory is returned to the system.
+DSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained
+in B<sig>. The values can then be examined or initialised.
+
=head1 RETURN VALUES
If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index f10e1c2..3346853 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -121,10 +121,7 @@ extern "C" {
/* typedef struct dsa_st DSA; */
/* typedef struct dsa_method DSA_METHOD; */
-typedef struct DSA_SIG_st {
- BIGNUM *r;
- BIGNUM *s;
-} DSA_SIG;
+typedef struct DSA_SIG_st DSA_SIG;
struct dsa_method {
const char *name;
@@ -187,6 +184,7 @@ DSA_SIG *DSA_SIG_new(void);
void DSA_SIG_free(DSA_SIG *a);
int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig);
DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
int DSA_do_verify(const unsigned char *dgst, int dgst_len,
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 96b87ce..eec16a7 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -87,7 +87,7 @@ EVP_des_ede 84 1_1_0 EXIST::FUNCTION:DES
EVP_PKEY_add1_attr_by_OBJ 85 1_1_0 EXIST::FUNCTION:
ASYNC_WAIT_CTX_get_all_fds 86 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_meth_set_do_cipher 87 1_1_0 EXIST::FUNCTION:
-EVP_set_pw_prompt 88 1_1_0 EXIST::FUNCTION:
+EVP_set_pw_prompt 88 1_1_0 EXIST::FUNCTION:UI
d2i_OCSP_RESPBYTES 89 1_1_0 EXIST::FUNCTION:
TS_REQ_get_ext_by_NID 90 1_1_0 EXIST::FUNCTION:
ASN1_item_ndef_i2d 91 1_1_0 EXIST::FUNCTION:
@@ -931,7 +931,7 @@ PKCS5_pbe2_set_iv 905 1_1_0 EXIST::FUNCTION:
ASN1_add_stable_module 906 1_1_0 EXIST::FUNCTION:
EVP_camellia_128_cbc 907 1_1_0 EXIST::FUNCTION:CAMELLIA
COMP_zlib 908 1_1_0 EXIST::FUNCTION:
-EVP_read_pw_string 909 1_1_0 EXIST::FUNCTION:
+EVP_read_pw_string 909 1_1_0 EXIST::FUNCTION:UI
i2d_ASN1_NULL 910 1_1_0 EXIST::FUNCTION:
DES_encrypt1 911 1_1_0 EXIST::FUNCTION:DES
BN_mod_lshift1_quick 912 1_1_0 EXIST::FUNCTION:
@@ -1513,7 +1513,7 @@ BN_gcd 1465 1_1_0 EXIST::FUNCTION:
CMS_dataInit 1466 1_1_0 EXIST::FUNCTION:CMS
TS_CONF_get_tsa_section 1467 1_1_0 EXIST::FUNCTION:
i2d_PKCS7_SIGNER_INFO 1468 1_1_0 EXIST::FUNCTION:
-EVP_get_pw_prompt 1469 1_1_0 EXIST::FUNCTION:
+EVP_get_pw_prompt 1469 1_1_0 EXIST::FUNCTION:UI
BN_bn2bin 1470 1_1_0 EXIST::FUNCTION:
d2i_ASN1_BIT_STRING 1471 1_1_0 EXIST::FUNCTION:
OCSP_CERTSTATUS_new 1472 1_1_0 EXIST::FUNCTION:
@@ -2250,7 +2250,7 @@ TS_RESP_CTX_set_accuracy 2174 1_1_0 EXIST::FUNCTION:
NETSCAPE_SPKI_get_pubkey 2175 1_1_0 EXIST::FUNCTION:
ECDSA_do_sign_ex 2176 1_1_0 EXIST::FUNCTION:EC
OCSP_ONEREQ_get_ext 2177 1_1_0 EXIST::FUNCTION:
-DES_read_password 2178 1_1_0 EXIST::FUNCTION:DES
+DES_read_password 2178 1_1_0 EXIST::FUNCTION:DES,UI
get_rfc3526_prime_4096 2179 1_1_0 EXIST::FUNCTION:
d2i_PKCS7_fp 2180 1_1_0 EXIST::FUNCTION:STDIO
PEM_write_bio_NETSCAPE_CERT_SEQUENCE 2181 1_1_0 EXIST::FUNCTION:
@@ -3364,7 +3364,7 @@ CMS_set1_eContentType 3251 1_1_0 EXIST::FUNCTION:CMS
EVP_des_ede3_wrap 3252 1_1_0 EXIST::FUNCTION:DES
GENERAL_SUBTREE_it 3253 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
GENERAL_SUBTREE_it 3253 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_read_pw_string_min 3254 1_1_0 EXIST::FUNCTION:
+EVP_read_pw_string_min 3254 1_1_0 EXIST::FUNCTION:UI
X509_set_notBefore 3255 1_1_0 EXIST::FUNCTION:
MD4 3256 1_1_0 EXIST::FUNCTION:MD4
EVP_PKEY_CTX_dup 3257 1_1_0 EXIST::FUNCTION:
@@ -3500,7 +3500,7 @@ X509_CINF_new 3382 1_1_0 EXIST::FUNCTION:
EVP_PKEY_keygen_init 3383 1_1_0 EXIST::FUNCTION:
EVP_aes_192_ocb 3384 1_1_0 EXIST::FUNCTION:AES,OCB
EVP_camellia_256_cfb1 3385 1_1_0 EXIST::FUNCTION:CAMELLIA
-DES_read_2passwords 3386 1_1_0 EXIST::FUNCTION:DES
+DES_read_2passwords 3386 1_1_0 EXIST::FUNCTION:DES,UI
CRYPTO_secure_actual_size 3387 1_1_0 EXIST::FUNCTION:
COMP_CTX_free 3388 1_1_0 EXIST::FUNCTION:
i2d_PBE2PARAM 3389 1_1_0 EXIST::FUNCTION:
@@ -4045,3 +4045,4 @@ EVP_CIPHER_CTX_set_cipher_data 3910 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_CTX_get_cipher_data 3911 1_1_0 EXIST::FUNCTION:
BIO_up_ref 3912 1_1_0 EXIST::FUNCTION:
X509_STORE_up_ref 3913 1_1_0 EXIST::FUNCTION:
+DSA_SIG_get0 3914 1_1_0 EXIST::FUNCTION:DSA
More information about the openssl-commits
mailing list