From 706a13f112d864b42f28a59f4a207e296fa1be08 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 4 Mar 2016 02:39:50 +0000
Subject: [PATCH] Make DSA_SIG opaque.

This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/dsa/dsa_ameth.c     |  7 +++--
 crypto/dsa/dsa_asn1.c      | 30 ++++++--------------
 crypto/dsa/dsa_locl.h      |  5 ++++
 crypto/dsa/dsa_ossl.c      | 56 ++++++++++++++++++--------------------
 doc/crypto/DSA_SIG_new.pod |  7 +++--
 include/openssl/dsa.h      |  6 ++--
 6 files changed, 53 insertions(+), 58 deletions(-)

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index e046fe79d3..5661af57b1 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -488,13 +488,16 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
     dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
     if (dsa_sig) {
         int rv = 0;
+        BIGNUM *r, *s;
+
+        DSA_SIG_get0(&r, &s, dsa_sig);
 
         if (BIO_write(bp, "\n", 1) != 1)
             goto err;
 
-        if (!ASN1_bn_print(bp, "r:   ", dsa_sig->r, NULL, indent))
+        if (!ASN1_bn_print(bp, "r:   ", r, NULL, indent))
             goto err;
-        if (!ASN1_bn_print(bp, "s:   ", dsa_sig->s, NULL, indent))
+        if (!ASN1_bn_print(bp, "s:   ", s, NULL, indent))
             goto err;
         rv = 1;
  err:
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 44696c372f..ddf3259f0e 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -62,33 +62,21 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/rand.h>
+#include "dsa_locl.h"
 
-/* Override the default new methods */
-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                  void *exarg)
-{
-    if (operation == ASN1_OP_NEW_PRE) {
-        DSA_SIG *sig;
-        sig = OPENSSL_malloc(sizeof(*sig));
-        if (sig == NULL) {
-            DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
-            return 0;
-        }
-        sig->r = NULL;
-        sig->s = NULL;
-        *pval = (ASN1_VALUE *)sig;
-        return 2;
-    }
-    return 1;
-}
-
-ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
+ASN1_SEQUENCE(DSA_SIG) = {
         ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
         ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
-} static_ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
+} static_ASN1_SEQUENCE_END(DSA_SIG)
 
 IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
 
+void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig)
+{
+    *pr = sig->r;
+    *ps = sig->s;
+}
+
 /* Override the default free and new methods */
 static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                   void *exarg)
diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
index 6182495848..7767e74ef9 100644
--- a/crypto/dsa/dsa_locl.h
+++ b/crypto/dsa/dsa_locl.h
@@ -65,3 +65,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
                           size_t seed_len, int idx, unsigned char *seed_out,
                           int *counter_ret, unsigned long *h_ret,
                           BN_GENCB *cb);
+
+struct DSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index f8b4647f04..31a6d53c9a 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -133,13 +133,15 @@ const DSA_METHOD *DSA_OpenSSL(void)
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 {
-    BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+    BIGNUM *kinv = NULL;
     BIGNUM *m;
     BIGNUM *xr;
+    BIGNUM *r, *s;
     BN_CTX *ctx = NULL;
     int reason = ERR_R_BN_LIB;
     DSA_SIG *ret = NULL;
     int noredo = 0;
+    int rv = 0;
 
     m = BN_new();
     xr = BN_new();
@@ -151,9 +153,12 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         goto err;
     }
 
-    s = BN_new();
-    if (s == NULL)
+    ret = DSA_SIG_new();
+    if (ret == NULL)
         goto err;
+
+    DSA_SIG_get0(&r, &s, ret);
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;
@@ -193,23 +198,20 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         }
         goto redo;
     }
-    ret = DSA_SIG_new();
-    if (ret == NULL)
-        goto err;
-    ret->r = r;
-    ret->s = s;
+
+    rv = 1;
 
  err:
-    if (ret == NULL) {
+    if (rv == 0) {
         DSAerr(DSA_F_DSA_DO_SIGN, reason);
-        BN_free(r);
-        BN_free(s);
+        DSA_SIG_free(ret);
+        ret = NULL;
     }
     BN_CTX_free(ctx);
     BN_clear_free(m);
     BN_clear_free(xr);
     BN_clear_free(kinv);
-    return (ret);
+    return ret;
 }
 
 static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in,
@@ -223,7 +225,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
                           const unsigned char *dgst, int dlen)
 {
     BN_CTX *ctx = NULL;
-    BIGNUM *k, *kq, *K, *kinv = NULL, *r = NULL;
+    BIGNUM *k, *kq, *K, *kinv = NULL, *r = *rp;
     int ret = 0;
 
     if (!dsa->p || !dsa->q || !dsa->g) {
@@ -242,9 +244,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
     } else
         ctx = ctx_in;
 
-    if ((r = BN_new()) == NULL)
-        goto err;
-
     /* Get random k */
     do {
         if (dgst != NULL) {
@@ -305,19 +304,15 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
     BN_clear_free(*kinvp);
     *kinvp = kinv;
     kinv = NULL;
-    BN_clear_free(*rp);
-    *rp = r;
     ret = 1;
  err:
-    if (!ret) {
+    if (!ret)
         DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
-        BN_clear_free(r);
-    }
     if (ctx != ctx_in)
         BN_CTX_free(ctx);
     BN_clear_free(k);
     BN_clear_free(kq);
-    return (ret);
+    return ret;
 }
 
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
@@ -326,6 +321,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     BN_CTX *ctx;
     BIGNUM *u1, *u2, *t1;
     BN_MONT_CTX *mont = NULL;
+    BIGNUM *r, *s;
     int ret = -1, i;
     if (!dsa->p || !dsa->q || !dsa->g) {
         DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
@@ -350,13 +346,15 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
         goto err;
 
-    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
-        BN_ucmp(sig->r, dsa->q) >= 0) {
+    DSA_SIG_get0(&r, &s, sig);
+
+    if (BN_is_zero(r) || BN_is_negative(r) ||
+        BN_ucmp(r, dsa->q) >= 0) {
         ret = 0;
         goto err;
     }
-    if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
-        BN_ucmp(sig->s, dsa->q) >= 0) {
+    if (BN_is_zero(s) || BN_is_negative(s) ||
+        BN_ucmp(s, dsa->q) >= 0) {
         ret = 0;
         goto err;
     }
@@ -364,7 +362,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     /*
      * Calculate W = inv(S) mod Q save W in u2
      */
-    if ((BN_mod_inverse(u2, sig->s, dsa->q, ctx)) == NULL)
+    if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL)
         goto err;
 
     /* save M in u1 */
@@ -383,7 +381,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
         goto err;
 
     /* u2 = r * w mod q */
-    if (!BN_mod_mul(u2, sig->r, u2, dsa->q, ctx))
+    if (!BN_mod_mul(u2, r, u2, dsa->q, ctx))
         goto err;
 
     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
@@ -403,7 +401,7 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
     /*
      * V is now in u1.  If the signature is correct, it will be equal to R.
      */
-    ret = (BN_ucmp(u1, sig->r) == 0);
+    ret = (BN_ucmp(u1, r) == 0);
 
  err:
     if (ret < 0)
diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod
index 91bb513a0b..2d9e2729ed 100644
--- a/doc/crypto/DSA_SIG_new.pod
+++ b/doc/crypto/DSA_SIG_new.pod
@@ -9,8 +9,8 @@ DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
  #include <openssl/dsa.h>
 
  DSA_SIG *DSA_SIG_new(void);
-
- void	DSA_SIG_free(DSA_SIG *a);
+ void DSA_SIG_free(DSA_SIG *a);
+ void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig);
 
 =head1 DESCRIPTION
 
@@ -19,6 +19,9 @@ DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
 DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
 values are erased before the memory is returned to the system.
 
+DSA_SIG_get0() returns internal pointers the B<r> and B<s> values contained
+in B<sig>. The values can then be examined or initialised.
+
 =head1 RETURN VALUES
 
 If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index f10e1c2504..3346853152 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -121,10 +121,7 @@ extern "C" {
 /* typedef struct dsa_st DSA; */
 /* typedef struct dsa_method DSA_METHOD; */
 
-typedef struct DSA_SIG_st {
-    BIGNUM *r;
-    BIGNUM *s;
-} DSA_SIG;
+typedef struct DSA_SIG_st DSA_SIG;
 
 struct dsa_method {
     const char *name;
@@ -187,6 +184,7 @@ DSA_SIG *DSA_SIG_new(void);
 void DSA_SIG_free(DSA_SIG *a);
 int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
 DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig);
 
 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 int DSA_do_verify(const unsigned char *dgst, int dgst_len,
-- 
2.34.1