From 8cc44d970ced1004db0727d7a7b3e2709c442e55 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 19 Jul 2016 18:57:15 +0100 Subject: [PATCH] Don't allocate r/s in DSA_SIG and ECDSA_SIG To avoid having to immediately free up r/s when setting them don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new(). RT#4590 Reviewed-by: Richard Levitte --- crypto/dsa/dsa_asn1.c | 19 ++++++++++++++++++- crypto/dsa/dsa_err.c | 1 + crypto/dsa/dsa_ossl.c | 4 ++++ crypto/ec/ec_asn1.c | 19 ++++++++++++++++++- crypto/ec/ec_err.c | 1 + crypto/ec/ecdsa_ossl.c | 6 ++++++ include/openssl/dsa.h | 1 + include/openssl/ec.h | 1 + 8 files changed, 50 insertions(+), 2 deletions(-) diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 540d01fdce..551c107506 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -19,7 +19,24 @@ ASN1_SEQUENCE(DSA_SIG) = { ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) } static_ASN1_SEQUENCE_END(DSA_SIG) -IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG) + +DSA_SIG *DSA_SIG_new(void) +{ + DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); + if (sig == NULL) + DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE); + return sig; +} + +void DSA_SIG_free(DSA_SIG *sig) +{ + if (sig == NULL) + return; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + OPENSSL_free(sig); +} void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index 96bd4d3a8f..028f79f32a 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -37,6 +37,7 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "dsa_pub_encode"}, {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, + {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"}, {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"}, {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"}, diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 8913fcccd3..f9f6a136fb 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -69,6 +69,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ret = DSA_SIG_new(); if (ret == NULL) goto err; + ret->r = BN_new(); + ret->s = BN_new(); + if (ret->r == NULL || ret->s == NULL) + goto err; ctx = BN_CTX_new(); if (ctx == NULL) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index be7a96b74b..8714a4b1d8 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1170,7 +1170,24 @@ ASN1_SEQUENCE(ECDSA_SIG) = { DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG) DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG) -IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG) + +ECDSA_SIG *ECDSA_SIG_new(void) +{ + ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); + if (sig == NULL) + ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE); + return sig; +} + +void ECDSA_SIG_free(ECDSA_SIG *sig) +{ + if (sig == NULL) + return; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + OPENSSL_free(sig); +} void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 56aacd4a00..25dea231b8 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -32,6 +32,7 @@ static ERR_STRING_DATA EC_str_functs[] = { {ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, {ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"}, {ERR_FUNC(EC_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, + {ERR_FUNC(EC_F_ECDSA_SIG_NEW), "ECDSA_SIG_new"}, {ERR_FUNC(EC_F_ECDSA_VERIFY), "ECDSA_verify"}, {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"}, {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"}, diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index 6ff5a462d3..d67c48524a 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -221,6 +221,12 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); return NULL; } + ret->r = BN_new(); + ret->s = BN_new(); + if (ret->r == NULL || ret->s == NULL) { + ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); + goto err; + } s = ret->s; if ((ctx = BN_CTX_new()) == NULL || diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index 3b1e1a6edc..11ddd397b3 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -256,6 +256,7 @@ void ERR_load_DSA_strings(void); # define DSA_F_DSA_PUB_ENCODE 118 # define DSA_F_DSA_SIGN 106 # define DSA_F_DSA_SIGN_SETUP 107 +# define DSA_F_DSA_SIG_NEW 102 # define DSA_F_OLD_DSA_PRIV_DECODE 122 # define DSA_F_PKEY_DSA_CTRL 120 # define DSA_F_PKEY_DSA_KEYGEN 121 diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 0e50296463..03942eda84 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1378,6 +1378,7 @@ void ERR_load_EC_strings(void); # define EC_F_ECDSA_DO_VERIFY 252 # define EC_F_ECDSA_SIGN_EX 254 # define EC_F_ECDSA_SIGN_SETUP 248 +# define EC_F_ECDSA_SIG_NEW 265 # define EC_F_ECDSA_VERIFY 253 # define EC_F_ECKEY_PARAM2TYPE 223 # define EC_F_ECKEY_PARAM_DECODE 212 -- GitLab