FFC cleanups

Discovered during coverage testing. Remove unneccesary check when using ossl_dh_get0_params() and ossl_dsa_get0_params(). These point to addresses and can not fail for any existing calls. Make dsa keygen tests only available in the FIPS module - as they are not used in the default provider. Change ossl_ffc_set_digest() to return void as it cannot fail. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20359)
author: slontis <shane.lontis@oracle.com> 2023-02-22 14:16:05 +1000
committer: Tomas Mraz <tomas@openssl.org> 2023-04-03 10:31:04 +0200
commit: a76ccb9d0ddc24f6551afbc220b41fb3c4e64c6a (patch)
tree: 93935d36fb68f37c5f3ad61797ba69d6a0cc756a /crypto/dsa
parent: eb52450f5151e8e78743ab05de21a344823316f5 (diff)
2 files changed, 45 insertions, 52 deletions
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index e8c8359634..7fc762880b 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -28,8 +28,7 @@
 # define MIN_STRENGTH 80
 #endif
 
-static int dsa_keygen(DSA *dsa, int pairwise_test);
-static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg);
+static int dsa_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
 {
@@ -37,7 +36,7 @@ int DSA_generate_key(DSA *dsa)
     if (dsa->meth->dsa_keygen != NULL)
         return dsa->meth->dsa_keygen(dsa);
 #endif
-    return dsa_keygen(dsa, 0);
+    return dsa_keygen(dsa);
 }
 
 int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa,
@@ -59,6 +58,7 @@ err:
     return ret;
 }
 
+#ifdef FIPS_MODULE
 /*
  * Refer: FIPS 140-3 IG 10.3.A Additional Comment 1
  * Perform a KAT by duplicating the public key generation.
@@ -107,7 +107,44 @@ err:
     return ret;
 }
 
-static int dsa_keygen(DSA *dsa, int pairwise_test)
+/*
+ * FIPS 140-2 IG 9.9 AS09.33
+ * Perform a sign/verify operation.
+ */
+static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg)
+{
+    int ret = 0;
+    unsigned char dgst[16] = {0};
+    unsigned int dgst_len = (unsigned int)sizeof(dgst);
+    DSA_SIG *sig = NULL;
+    OSSL_SELF_TEST *st = NULL;
+
+    st = OSSL_SELF_TEST_new(cb, cbarg);
+    if (st == NULL)
+        goto err;
+
+    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
+                           OSSL_SELF_TEST_DESC_PCT_DSA);
+
+    sig = DSA_do_sign(dgst, (int)dgst_len, dsa);
+    if (sig == NULL)
+        goto err;
+
+    OSSL_SELF_TEST_oncorrupt_byte(st, dgst);
+
+    if (DSA_do_verify(dgst, dgst_len, sig, dsa) != 1)
+        goto err;
+
+    ret = 1;
+err:
+    OSSL_SELF_TEST_onend(st, ret);
+    OSSL_SELF_TEST_free(st);
+    DSA_SIG_free(sig);
+    return ret;
+}
+#endif /* FIPS_MODULE */
+
+static int dsa_keygen(DSA *dsa)
 {
     int ok = 0;
     BN_CTX *ctx = NULL;
@@ -151,12 +188,9 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
     dsa->priv_key = priv_key;
     dsa->pub_key = pub_key;
 
-#ifdef FIPS_MODULE
-    pairwise_test = 1;
-#endif /* FIPS_MODULE */
-
     ok = 1;
-    if (pairwise_test) {
+#ifdef FIPS_MODULE
+    {
         OSSL_CALLBACK *cb = NULL;
         void *cbarg = NULL;
 
@@ -173,6 +207,7 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
             return ok;
         }
     }
+#endif
     dsa->dirty_cnt++;
 
  err:
@@ -184,39 +219,3 @@ static int dsa_keygen(DSA *dsa, int pairwise_test)
 
     return ok;
 }
-
-/*
- * FIPS 140-2 IG 9.9 AS09.33
- * Perform a sign/verify operation.
- */
-static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg)
-{
-    int ret = 0;
-    unsigned char dgst[16] = {0};
-    unsigned int dgst_len = (unsigned int)sizeof(dgst);
-    DSA_SIG *sig = NULL;
-    OSSL_SELF_TEST *st = NULL;
-
-    st = OSSL_SELF_TEST_new(cb, cbarg);
-    if (st == NULL)
-        goto err;
-
-    OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
-                           OSSL_SELF_TEST_DESC_PCT_DSA);
-
-    sig = DSA_do_sign(dgst, (int)dgst_len, dsa);
-    if (sig == NULL)
-        goto err;
-
-    OSSL_SELF_TEST_oncorrupt_byte(st, dgst);
-
-    if (DSA_do_verify(dgst, dgst_len, sig, dsa) != 1)
-        goto err;
-
-    ret = 1;
-err:
-    OSSL_SELF_TEST_onend(st, ret);
-    OSSL_SELF_TEST_free(st);
-    DSA_SIG_free(sig);
-    return ret;
-}
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 333885a01a..bcfd467b1c 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -345,13 +345,7 @@ FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa)
 int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[])
 {
     int ret;
-    FFC_PARAMS *ffc;
-
-    if (dsa == NULL)
-        return 0;
-    ffc = ossl_dsa_get0_params(dsa);
-    if (ffc == NULL)
-        return 0;
+    FFC_PARAMS *ffc = ossl_dsa_get0_params(dsa);
 
     ret = ossl_ffc_params_fromdata(ffc, params);
     if (ret)
author	slontis <shane.lontis@oracle.com>	2023-02-22 14:16:05 +1000
committer	Tomas Mraz <tomas@openssl.org>	2023-04-03 10:31:04 +0200
commit	a76ccb9d0ddc24f6551afbc220b41fb3c4e64c6a (patch)
tree	93935d36fb68f37c5f3ad61797ba69d6a0cc756a /crypto/dsa
parent	eb52450f5151e8e78743ab05de21a344823316f5 (diff)