From 706a13f112d864b42f28a59f4a207e296fa1be08 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 4 Mar 2016 02:39:50 +0000
Subject: Make DSA_SIG opaque.

This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/dsa/dsa_ossl.c | 56 +++++++++++++++++++++++++--------------------------
 1 file changed, 27 insertions(+), 29 deletions(-)

(limited to 'crypto/dsa/dsa_ossl.c')

diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index f8b4647f04..31a6d53c9a 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -133,13 +133,15 @@ const DSA_METHOD *DSA_OpenSSL(void)
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 {
-    BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+    BIGNUM *kinv = NULL;
     BIGNUM *m;
     BIGNUM *xr;
+    BIGNUM *r, *s;
     BN_CTX *ctx = NULL;
     int reason = ERR_R_BN_LIB;
     DSA_SIG *ret = NULL;
     int noredo = 0;
+    int rv = 0;
 
     m = BN_new();
     xr = BN_new();
@@ -151,9 +153,12 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         goto err;
     }
 
-    s = BN_new();
-    if (s == NULL)
+    ret = DSA_SIG_new();
+    if (ret == NULL)
         goto err;
+
+    DSA_SIG_get0(&r, &s, ret);
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -193,23 +198,20 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         }
         goto redo;
     }
-    ret = DSA_SIG_new();
-    if (ret == NULL)
-        goto err;
-    ret->r = r;
-    ret->s = s;
+
+    rv = 1;
 
  err:
-    if (ret == NULL) {
+    if (rv == 0) {
         DSAerr(DSA_F_DSA_DO_SIGN, reason);
-        BN_free(r);
-        BN_free(s);
+        DSA_SIG_free(ret);
+        ret = NULL;
     }
     BN_CTX_free(ctx);
     BN_clear_free(m);
     BN_clear_free(xr);
     BN_clear_free(kinv);
-    return (ret);
+    return ret;
 }
 
 static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in,
@@ -223,7 +225,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
                           const unsigned char *dgst, int dlen)
 {
     BN_CTX *ctx = NULL;
-    BIGNUM *k, *kq, *K, *kinv = NULL, *r = NULL;
+    BIGNUM *k, *kq, *K, *kinv = NULL, *r = *rp;
     int ret = 0;
 
     if (!dsa->p || !dsa->q || !dsa->g) {
@@ -242,9 +244,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
     } else
         ctx = ctx_in;
 
-    if ((r = BN_new()) == NULL)
-        goto err;
-
     /* Get random k */
     do {
         if (dgst != NULL) {
@@ -305,19 +304,15 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
     BN_clear_free(*kinvp);
     *kinvp = kinv;
     kinv = NULL;
-    BN_clear_free(*rp);
-    *rp = r;
     ret = 1;
  err:
-    if (!ret) {
+    if (!ret)
         DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
-        BN_clear_free(r);
-    }
     if (ctx != ctx_in)
         BN_CTX_free(ctx);
     BN_clear_free(k);
     BN_clear_free(kq);
-    return (ret);
+    return ret;
 }
 
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
@@ -326,6 +321,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     BN_CTX *ctx;
     BIGNUM *u1, *u2, *t1;
     BN_MONT_CTX *mont = NULL;
+    BIGNUM *r, *s;
     int ret = -1, i;
     if (!dsa->p || !dsa->q || !dsa->g) {
         DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
@@ -350,13 +346,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
         goto err;
 
-    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
-        BN_ucmp(sig->r, dsa->q) >= 0) {
+    DSA_SIG_get0(&r, &s, sig);
+
+    if (BN_is_zero(r) || BN_is_negative(r) ||
+        BN_ucmp(r, dsa->q) >= 0) {
         ret = 0;
         goto err;
     }
-    if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
-        BN_ucmp(sig->s, dsa->q) >= 0) {
+    if (BN_is_zero(s) || BN_is_negative(s) ||
+        BN_ucmp(s, dsa->q) >= 0) {
         ret = 0;
         goto err;
     }
@@ -364,7 +362,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     /*
      * Calculate W = inv(S) mod Q save W in u2
      */
-    if ((BN_mod_inverse(u2, sig->s, dsa->q, ctx)) == NULL)
+    if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL)
         goto err;
 
     /* save M in u1 */
@@ -383,7 +381,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
         goto err;
 
     /* u2 = r * w mod q */
-    if (!BN_mod_mul(u2, sig->r, u2, dsa->q, ctx))
+    if (!BN_mod_mul(u2, r, u2, dsa->q, ctx))
         goto err;
 
     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
@@ -403,7 +401,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     /*
      * V is now in u1.  If the signature is correct, it will be equal to R.
      */
-    ret = (BN_ucmp(u1, sig->r) == 0);
+    ret = (BN_ucmp(u1, r) == 0);
 
  err:
     if (ret < 0)
-- 
cgit v1.2.3