From 24bf6f3c7fccd91b5a9d3ab722c712ef4b0530f9 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Fri, 24 Jun 2016 13:34:51 +0100 Subject: [PATCH] Deal with API changes. Reviewed-by: Rich Salz --- crypto/dsa/dsa_locl.h | 8 ++-- crypto/dsa/dsa_meth.c | 13 ++++--- crypto/engine/eng_cryptodev.c | 69 +++++++++++++++++++---------------- include/openssl/dsa.h | 15 ++++---- 4 files changed, 57 insertions(+), 48 deletions(-) diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h index 5f9fc1ebf8..9021fce0bf 100644 --- a/crypto/dsa/dsa_locl.h +++ b/crypto/dsa/dsa_locl.h @@ -44,11 +44,11 @@ struct dsa_method { BIGNUM **rp); int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); - int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); + int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1, + const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); /* Can be null */ - int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); int (*init) (DSA *dsa); int (*finish) (DSA *dsa); diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c index 1d27ceae1c..a8cee06fc3 100644 --- a/crypto/dsa/dsa_meth.c +++ b/crypto/dsa/dsa_meth.c @@ -146,29 +146,30 @@ int DSA_meth_set_verify(DSA_METHOD *dsam, } int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - BN_CTX *, BN_MONT_CTX *) + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *) { return dsam->dsa_mod_exp; } int DSA_meth_set_mod_exp(DSA_METHOD *dsam, - int (*mod_exp) (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - BIGNUM *, BN_CTX *, BN_MONT_CTX *)) + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)) { dsam->dsa_mod_exp = mod_exp; return 1; } int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *) { return dsam->bn_mod_exp; } int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, - int (*bn_mod_exp) (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) { dsam->bn_mod_exp = bn_mod_exp; diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index a2acabeeb1..cd362bee89 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -133,13 +133,13 @@ static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); #ifndef OPENSSL_NO_DSA -static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, +static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, - BIGNUM *p, BN_CTX *ctx, - BN_MONT_CTX *mont); +static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g, + const BIGNUM *u1, const BIGNUM *pub_key, + const BIGNUM *u2, const BIGNUM *p, + BN_CTX *ctx, BN_MONT_CTX *mont); static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, @@ -1353,8 +1353,8 @@ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { int r; - BIGNUM *n = NULL; - BIGNUM *d = NULL; + const BIGNUM *n = NULL; + const BIGNUM *d = NULL; ctx = BN_CTX_new(); RSA_get0_key(rsa, &n, NULL, &d); @@ -1368,12 +1368,12 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { struct crypt_kop kop; int ret = 1; - BIGNUM *p = NULL; - BIGNUM *q = NULL; - BIGNUM *dmp1 = NULL; - BIGNUM *dmq1 = NULL; - BIGNUM *iqmp = NULL; - BIGNUM *n = NULL; + const BIGNUM *p = NULL; + const BIGNUM *q = NULL; + const BIGNUM *dmp1 = NULL; + const BIGNUM *dmq1 = NULL; + const BIGNUM *iqmp = NULL; + const BIGNUM *n = NULL; RSA_get0_factors(rsa, &p, &q); RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); @@ -1420,21 +1420,23 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) #ifndef OPENSSL_NO_DSA static int -cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); + return cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx); } static int -cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, - BN_CTX *ctx, BN_MONT_CTX *mont) +cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, const BIGNUM *g, + const BIGNUM *u1, const BIGNUM *pub_key, + const BIGNUM *u2, const BIGNUM *p, BN_CTX *ctx, + BN_MONT_CTX *mont) { - BIGNUM *t2, *dsag, *dsap, *dsapub_key; + const BIGNUM *dsag, *dsap, *dsapub_key; + BIGNUM *t2; int ret = 0; const DSA_METHOD *meth; - int (*bn_mod_exp)(DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, + int (*bn_mod_exp)(DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); t2 = BN_new(); @@ -1461,12 +1463,10 @@ cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, /* let t2 = y ^ u2 mod p */ if (!bn_mod_exp(dsa, t2, dsapub_key, u2, dsap, ctx, mont)) goto err; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(u1, t1, t2, dsap, ctx)) + /* let t1 = t1 * t2 mod p */ + if (!BN_mod_mul(t1, t1, t2, dsap, ctx)) goto err; - BN_copy(t1, u1); - ret = 1; err: BN_free(t2); @@ -1477,14 +1477,14 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { struct crypt_kop kop; - BIGNUM *r = NULL, *s = NULL, *dsap = NULL, *dsaq = NULL, *dsag = NULL; - BIGNUM *priv_key = NULL; + BIGNUM *r, *s; + const BIGNUM *dsap = NULL, *dsaq = NULL, *dsag = NULL; + const BIGNUM *priv_key = NULL; DSA_SIG *dsasig, *dsaret = NULL; dsasig = DSA_SIG_new(); if (dsasig == NULL) goto err; - DSA_SIG_get0(&r, &s, dsasig); memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_SIGN; @@ -1504,8 +1504,15 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, goto err; kop.crk_iparams = 5; + r = BN_new(); + if (r == NULL) + goto err; + s = BN_new(); + if (s == NULL) + goto err; if (cryptodev_asym(&kop, BN_num_bytes(dsaq), r, BN_num_bytes(dsaq), s) == 0) { + DSA_SIG_set0(dsasig, r, s); dsaret = dsasig; } else { dsaret = DSA_meth_get_sign(DSA_OpenSSL())(dgst, dlen, dsa); @@ -1524,7 +1531,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, { struct crypt_kop kop; int dsaret = 1; - BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL; + const BIGNUM *pr, *ps, *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL; memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_VERIFY; @@ -1542,7 +1549,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, DSA_get0_key(dsa, &pub_key, NULL); if (bn2crparam(pub_key, &kop.crk_param[4])) goto err; - DSA_SIG_get0(&pr, &ps, sig); + DSA_SIG_get0(sig, &pr, &ps); if (bn2crparam(pr, &kop.crk_param[5])) goto err; if (bn2crparam(ps, &kop.crk_param[6])) @@ -1580,8 +1587,8 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) struct crypt_kop kop; int dhret = 1; int fd, keylen; - BIGNUM *p = NULL; - BIGNUM *priv_key = NULL; + const BIGNUM *p = NULL; + const BIGNUM *priv_key = NULL; if ((fd = get_asym_dev_crypto()) < 0) { const DH_METHOD *meth = DH_OpenSSL(); diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 90f2eae7ce..3b1e1a6edc 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -202,16 +202,17 @@ int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - BN_CTX *, BN_MONT_CTX *); + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); int DSA_meth_set_mod_exp(DSA_METHOD *dsam, - int (*mod_exp) (DSA *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, - BIGNUM *, BN_CTX *, BN_MONT_CTX *)); + int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, + const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, + BN_MONT_CTX *)); int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, - BN_MONT_CTX *); + (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, + BN_CTX *, BN_MONT_CTX *); int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, - int (*bn_mod_exp) (DSA *, BIGNUM *, BIGNUM *, const BIGNUM *, + int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); -- 2.39.2