diff options
author | Richard Levitte <levitte@openssl.org> | 2020-01-14 02:32:42 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-01-15 23:45:41 +0100 |
commit | a3327784d9526fd69649089ea5c78a55906e9b2c (patch) | |
tree | 8ca8921d5d7a6e3d9445f122e5fb026282f9d007 /crypto/dsa | |
parent | 62c3fed0cd52316259e4e2c0e5878bcfa69b38f9 (diff) |
CRYPTO: Remove support for ex_data fields when building the FIPS module
These fields are purely application data, and applications don't reach
into the bowels of the FIPS module, so these fields are never used
there.
Fixes #10835
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10837)
Diffstat (limited to 'crypto/dsa')
-rw-r--r-- | crypto/dsa/dsa_lib.c | 13 | ||||
-rw-r--r-- | crypto/dsa/dsa_local.h | 2 |
2 files changed, 8 insertions, 7 deletions
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 2a97c0852c..10e88c16bf 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -19,11 +19,6 @@ #ifndef FIPS_MODE -DSA *DSA_new(void) -{ - return DSA_new_method(NULL); -} - int DSA_set_ex_data(DSA *d, int idx, void *arg) { return CRYPTO_set_ex_data(&d->ex_data, idx, arg); @@ -215,8 +210,10 @@ static DSA *dsa_new_method(OPENSSL_CTX *libctx, ENGINE *engine) ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; +#ifndef FIPS_MODE if (!crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data)) goto err; +#endif if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL); @@ -235,9 +232,9 @@ DSA *DSA_new_method(ENGINE *engine) return dsa_new_method(NULL, engine); } -DSA *dsa_new(OPENSSL_CTX *libctx) +DSA *DSA_new(void) { - return dsa_new_method(libctx, NULL); + return DSA_new_method(NULL); } void DSA_free(DSA *r) @@ -259,7 +256,9 @@ void DSA_free(DSA *r) ENGINE_finish(r->engine); #endif +#ifndef FIPS_MODE CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); +#endif CRYPTO_THREAD_lock_free(r->lock); diff --git a/crypto/dsa/dsa_local.h b/crypto/dsa/dsa_local.h index 13a3007ff0..f0ec73410b 100644 --- a/crypto/dsa/dsa_local.h +++ b/crypto/dsa/dsa_local.h @@ -26,7 +26,9 @@ struct dsa_st { /* Normally used to cache montgomery values */ BN_MONT_CTX *method_mont_p; CRYPTO_REF_COUNT references; +#ifndef FIPS_MODE CRYPTO_EX_DATA ex_data; +#endif const DSA_METHOD *meth; /* functional reference if 'meth' is ENGINE-provided */ ENGINE *engine; |