提交 8cc44d97 编写于 作者: D Dr. Stephen Henson

Don't allocate r/s in DSA_SIG and ECDSA_SIG

To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().

RT#4590
Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 36b53720
...@@ -19,7 +19,24 @@ ASN1_SEQUENCE(DSA_SIG) = { ...@@ -19,7 +19,24 @@ ASN1_SEQUENCE(DSA_SIG) = {
ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
} static_ASN1_SEQUENCE_END(DSA_SIG) } static_ASN1_SEQUENCE_END(DSA_SIG)
IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
DSA_SIG *DSA_SIG_new(void)
{
DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
if (sig == NULL)
DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
return sig;
}
void DSA_SIG_free(DSA_SIG *sig)
{
if (sig == NULL)
return;
BN_clear_free(sig->r);
BN_clear_free(sig->s);
OPENSSL_free(sig);
}
void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
{ {
......
...@@ -37,6 +37,7 @@ static ERR_STRING_DATA DSA_str_functs[] = { ...@@ -37,6 +37,7 @@ static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "dsa_pub_encode"}, {ERR_FUNC(DSA_F_DSA_PUB_ENCODE), "dsa_pub_encode"},
{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"}, {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"},
{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"}, {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"},
{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"}, {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"},
......
...@@ -69,6 +69,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ...@@ -69,6 +69,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
ret = DSA_SIG_new(); ret = DSA_SIG_new();
if (ret == NULL) if (ret == NULL)
goto err; goto err;
ret->r = BN_new();
ret->s = BN_new();
if (ret->r == NULL || ret->s == NULL)
goto err;
ctx = BN_CTX_new(); ctx = BN_CTX_new();
if (ctx == NULL) if (ctx == NULL)
......
...@@ -1170,7 +1170,24 @@ ASN1_SEQUENCE(ECDSA_SIG) = { ...@@ -1170,7 +1170,24 @@ ASN1_SEQUENCE(ECDSA_SIG) = {
DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG) DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG) DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG)
ECDSA_SIG *ECDSA_SIG_new(void)
{
ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
if (sig == NULL)
ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
return sig;
}
void ECDSA_SIG_free(ECDSA_SIG *sig)
{
if (sig == NULL)
return;
BN_clear_free(sig->r);
BN_clear_free(sig->s);
OPENSSL_free(sig);
}
void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
{ {
......
...@@ -32,6 +32,7 @@ static ERR_STRING_DATA EC_str_functs[] = { ...@@ -32,6 +32,7 @@ static ERR_STRING_DATA EC_str_functs[] = {
{ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, {ERR_FUNC(EC_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
{ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"}, {ERR_FUNC(EC_F_ECDSA_SIGN_EX), "ECDSA_sign_ex"},
{ERR_FUNC(EC_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, {ERR_FUNC(EC_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
{ERR_FUNC(EC_F_ECDSA_SIG_NEW), "ECDSA_SIG_new"},
{ERR_FUNC(EC_F_ECDSA_VERIFY), "ECDSA_verify"}, {ERR_FUNC(EC_F_ECDSA_VERIFY), "ECDSA_verify"},
{ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"}, {ERR_FUNC(EC_F_ECKEY_PARAM2TYPE), "eckey_param2type"},
{ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"}, {ERR_FUNC(EC_F_ECKEY_PARAM_DECODE), "eckey_param_decode"},
......
...@@ -221,6 +221,12 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ...@@ -221,6 +221,12 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
ret->r = BN_new();
ret->s = BN_new();
if (ret->r == NULL || ret->s == NULL) {
ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
goto err;
}
s = ret->s; s = ret->s;
if ((ctx = BN_CTX_new()) == NULL || if ((ctx = BN_CTX_new()) == NULL ||
......
...@@ -256,6 +256,7 @@ void ERR_load_DSA_strings(void); ...@@ -256,6 +256,7 @@ void ERR_load_DSA_strings(void);
# define DSA_F_DSA_PUB_ENCODE 118 # define DSA_F_DSA_PUB_ENCODE 118
# define DSA_F_DSA_SIGN 106 # define DSA_F_DSA_SIGN 106
# define DSA_F_DSA_SIGN_SETUP 107 # define DSA_F_DSA_SIGN_SETUP 107
# define DSA_F_DSA_SIG_NEW 102
# define DSA_F_OLD_DSA_PRIV_DECODE 122 # define DSA_F_OLD_DSA_PRIV_DECODE 122
# define DSA_F_PKEY_DSA_CTRL 120 # define DSA_F_PKEY_DSA_CTRL 120
# define DSA_F_PKEY_DSA_KEYGEN 121 # define DSA_F_PKEY_DSA_KEYGEN 121
......
...@@ -1378,6 +1378,7 @@ void ERR_load_EC_strings(void); ...@@ -1378,6 +1378,7 @@ void ERR_load_EC_strings(void);
# define EC_F_ECDSA_DO_VERIFY 252 # define EC_F_ECDSA_DO_VERIFY 252
# define EC_F_ECDSA_SIGN_EX 254 # define EC_F_ECDSA_SIGN_EX 254
# define EC_F_ECDSA_SIGN_SETUP 248 # define EC_F_ECDSA_SIGN_SETUP 248
# define EC_F_ECDSA_SIG_NEW 265
# define EC_F_ECDSA_VERIFY 253 # define EC_F_ECDSA_VERIFY 253
# define EC_F_ECKEY_PARAM2TYPE 223 # define EC_F_ECKEY_PARAM2TYPE 223
# define EC_F_ECKEY_PARAM_DECODE 212 # define EC_F_ECKEY_PARAM_DECODE 212
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册