Redirect FIPS memory allocation to FIPS_malloc() routine, remove
authorDr. Stephen Henson <steve@openssl.org>
Thu, 27 Jan 2011 17:23:43 +0000 (17:23 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 27 Jan 2011 17:23:43 +0000 (17:23 +0000)
OpenSSL malloc dependencies.

23 files changed:
Makefile.org
crypto/bn/bn_blind.c
crypto/bn/bn_ctx.c
crypto/bn/bn_exp.c
crypto/bn/bn_lib.c
crypto/bn/bn_rand.c
crypto/bn/bn_recp.c
crypto/buffer/buf_str.c
crypto/dsa/dsa_sign.c
crypto/rsa/rsa_gen.c
crypto/rsa/rsa_oaep.c
crypto/rsa/rsa_pss.c
fips/dh/fips_dh_lib.c
fips/dsa/fips_dsa_lib.c
fips/fips.h
fips/fips_utl.h
fips/hmac/fips_hmactest.c
fips/rand/fips_randtest.c
fips/rsa/fips_rsa_lib.c
fips/rsa/fips_rsa_sign.c
fips/utl/Makefile
fips/utl/fips_enc.c
fips/utl/fips_md.c

index 4160f59..8e7a77d 100644 (file)
@@ -313,7 +313,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
        ../crypto/evp/e_des3.o \
        ../crypto/evp/m_sha1.o \
        ../crypto/hmac/hmac.o \
-       ../crypto/mem.o \
        ../crypto/modes/cfb128.o \
        ../crypto/modes/ctr128.o \
        ../crypto/modes/ofb128.o \
index 6e00f43..d2bba48 100644 (file)
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#define OPENSSL_FIPSAPI
+
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #define BN_BLINDING_COUNTER    32
 
 struct bn_blinding_st
index 3f2256f..f16fb35 100644 (file)
 #endif
 #endif
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <assert.h>
 
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 /* TODO list
  *
  * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
index d9b6c73..2267367 100644 (file)
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 /* maximum precomputation table size for *variable* sliding windows */
 #define TABLE_SIZE     32
 
index 7a5676d..503762b 100644 (file)
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
 
 /* This stuff appears to be completely unused, so is deprecated */
index b376c28..070b1e4 100644 (file)
 #include "bn_lcl.h"
 #include <openssl/rand.h>
 
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
        {
        unsigned char *buf=NULL;
index 2e8efb8..dde27ae 100644 (file)
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 void BN_RECP_CTX_init(BN_RECP_CTX *recp)
        {
        BN_init(&(recp->N));
index 151f5ea..6d94942 100644 (file)
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 char *BUF_strdup(const char *str)
        {
        if (str == NULL) return(NULL);
index e02365a..3684960 100644 (file)
 #include <openssl/rand.h>
 #include <openssl/bn.h>
 
+#define OPENSSL_FIPSAPI
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
index b8676ad..e82a81b 100644 (file)
@@ -70,6 +70,8 @@
 
 #ifdef OPENSSL_FIPS
 
+#define OPENSSL_FIPSAPI
+
 #include <openssl/fips.h>
 #include <openssl/evp.h>
 
index eaae712..48cd89d 100644 (file)
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 static int MGF1(unsigned char *mask, long len,
        const unsigned char *seed, long seedlen);
 
index e8f6798..0d008c3 100644 (file)
 #include <openssl/sha.h>
 #include "rsa_locl.h"
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
 
 #if defined(_MSC_VER) && defined(_ARM_)
index 4a822cf..747d949 100644 (file)
  *
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <string.h>
 #include <openssl/bn.h>
 #include <openssl/dh.h>
+#include <openssl/fips.h>
 
 /* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to
  * reduce external dependencies. 
index 2545966..06f8cab 100644 (file)
  *
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <string.h>
 #include <openssl/dsa.h>
 #include <openssl/bn.h>
+#include <openssl/fips.h>
 
 /* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
  * reduce external dependencies. 
index 2ef955a..5452db9 100644 (file)
@@ -113,8 +113,13 @@ void FIPS_lock(int mode, int type,const char *file,int line);
 void FIPS_set_locking_callback (void (*func)(int mode, int type,
                                const char *file,int line));
 
+void *FIPS_malloc(int num, const char *file, int line);
+void FIPS_free(void *);
+
 #if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
 #define CRYPTO_lock FIPS_lock
+#define CRYPTO_malloc FIPS_malloc
+#define CRYPTO_free FIPS_free
 #endif
 
 /* BEGIN ERROR CODES */
index b3162d6..76ae4f8 100644 (file)
@@ -47,6 +47,9 @@
  *
  */
 
+#define OPENSSL_FIPSAPI
+#include <openssl/fips.h>
+
 int hex2bin(const char *in, unsigned char *out);
 unsigned char *hex2bin_m(const char *in, long *plen);
 int do_hex2bn(BIGNUM **pr, const char *in);
index 575f652..8c51fe5 100644 (file)
@@ -77,7 +77,6 @@ int main(int argc, char *argv[])
 
 #else
 
-#include <openssl/fips.h>
 #include "fips_utl.h"
 
 static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
index 88fb860..31c51d3 100644 (file)
@@ -123,6 +123,8 @@ int main(int argc, char *argv[])
 
 #else
 
+#define OPENSSL_FIPSAPI
+
 #include <openssl/fips.h>
 #include "fips_utl.h"
 
index a37ad3e..77c0cb8 100644 (file)
  *
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <string.h>
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
 #include <openssl/bn.h>
 #include <openssl/err.h>
+#include <openssl/fips.h>
 
 /* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to
  * reduce external dependencies. 
@@ -95,7 +98,6 @@ void FIPS_rsa_free(RSA *r)
        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
        if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
-       if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
        OPENSSL_free(r);
        }
 
index d07111b..4e5b4bf 100644 (file)
@@ -63,6 +63,7 @@
 #include <openssl/rsa.h>
 #include <openssl/err.h>
 #include <openssl/sha.h>
+#include <openssl/fips.h>
 
 #ifdef OPENSSL_FIPS
 
index 577578e..8542b32 100644 (file)
@@ -22,8 +22,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_err.c fips_md.c fips_enc.c fips_lck.c
-LIBOBJ= fips_err.o fips_md.o fips_enc.o fips_lck.o
+LIBSRC= fips_err.c fips_md.c fips_enc.c fips_lck.c fips_mem.c
+LIBOBJ= fips_err.o fips_md.o fips_enc.o fips_lck.o fips_mem.o
 
 SRC= $(LIBSRC)
 
index 23ba5dd..93647a0 100644 (file)
  * [including the GNU Public Licence.]
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <string.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
+#include <openssl/fips.h>
 
 void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx)
        {
index 6e33e84..0038646 100644 (file)
 
 /* Minimal standalone FIPS versions of Digest operations */
 
+#define OPENSSL_FIPSAPI
+
 #include <stdio.h>
 #include <string.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/fips.h>
 
 void FIPS_md_ctx_init(EVP_MD_CTX *ctx)
        {