Add FFC param/key validation

Embed libctx in dsa and dh objects and cleanup internal methods to not pass libctx (This makes it consistent with the rsa changes) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10910)
author: Shane Lontis <shane.lontis@oracle.com> 2020-02-16 13:03:46 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2020-02-16 13:03:46 +1000
commit: 8083fd3a183d4c881d6b15727cbc6cb7faeb3280 (patch)
tree: 82e998aa30cc9dc610b4f262df1f7ef73b23edad /crypto/dsa/dsa_lib.c
parent: 98ad3fe82bd3e7e7f929dd1fa4ef3915426002c0 (diff)
1 files changed, 18 insertions, 8 deletions
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 11f09891b2..4b048d48c5 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -23,6 +23,8 @@
 #include "crypto/dsa.h"
 #include "crypto/dh.h" /* required by DSA_dup_DH() */
 
+static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
+
 #ifndef FIPS_MODE
 
 int DSA_set_ex_data(DSA *d, int idx, void *arg)
@@ -128,29 +130,30 @@ const DSA_METHOD *DSA_get_method(DSA *d)
     return d->meth;
 }
 
-static DSA *dsa_new_method(OPENSSL_CTX *libctx, ENGINE *engine)
+static DSA *dsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
 {
     DSA *ret = OPENSSL_zalloc(sizeof(*ret));
 
     if (ret == NULL) {
-        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        DSAerr(0, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
     ret->references = 1;
     ret->lock = CRYPTO_THREAD_lock_new();
     if (ret->lock == NULL) {
-        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        DSAerr(0, ERR_R_MALLOC_FAILURE);
         OPENSSL_free(ret);
         return NULL;
     }
 
+    ret->libctx = libctx;
     ret->meth = DSA_get_default_method();
 #if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
     ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
     if (engine) {
         if (!ENGINE_init(engine)) {
-            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            DSAerr(0, ERR_R_ENGINE_LIB);
             goto err;
         }
         ret->engine = engine;
@@ -159,7 +162,7 @@ static DSA *dsa_new_method(OPENSSL_CTX *libctx, ENGINE *engine)
     if (ret->engine) {
         ret->meth = ENGINE_get_DSA(ret->engine);
         if (ret->meth == NULL) {
-            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            DSAerr(0, ERR_R_ENGINE_LIB);
             goto err;
         }
     }
@@ -173,7 +176,7 @@ static DSA *dsa_new_method(OPENSSL_CTX *libctx, ENGINE *engine)
 #endif
 
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
-        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
+        DSAerr(0, ERR_R_INIT_FAIL);
         goto err;
     }
 
@@ -186,13 +189,20 @@ static DSA *dsa_new_method(OPENSSL_CTX *libctx, ENGINE *engine)
 
 DSA *DSA_new_method(ENGINE *engine)
 {
-    return dsa_new_method(NULL, engine);
+    return dsa_new_intern(engine, NULL);
+}
+
+DSA *dsa_new_with_ctx(OPENSSL_CTX *libctx)
+{
+    return dsa_new_intern(NULL, libctx);
 }
 
+#ifndef FIPS_MODE
 DSA *DSA_new(void)
 {
-    return DSA_new_method(NULL);
+    return dsa_new_intern(NULL, NULL);
 }
+#endif
 
 void DSA_free(DSA *r)
 {
author	Shane Lontis <shane.lontis@oracle.com>	2020-02-16 13:03:46 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2020-02-16 13:03:46 +1000
commit	8083fd3a183d4c881d6b15727cbc6cb7faeb3280 (patch)
tree	82e998aa30cc9dc610b4f262df1f7ef73b23edad /crypto/dsa/dsa_lib.c
parent	98ad3fe82bd3e7e7f929dd1fa4ef3915426002c0 (diff)