Move DH code into the FIPS module.

This change also drops ex_data from DH objects. The global would need special handling in the FIPS module, which isn't hard, but just dropping it saves some of the code-size costs of this change and I cannot find any signs of use of this functionality. Change-Id: I984bd70698c2ec329f340d294b3b9ec169cd0c4e Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44524 Reviewed-by: David Benjamin <davidben@google.com>
4 years ago · ce7f08827d
parent 49587b2c10
commit ce7f08827d
8 changed files with 6 additions and 44 deletions
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@ -265,10 +265,8 @@ add_library(
  crypto.c
  curve25519/curve25519.c
  curve25519/spake25519.c
-  dh/dh.c
-  dh/params.c
-  dh/check.c
-  dh/dh_asn1.c
+  dh_extra/params.c
+  dh_extra/dh_asn1.c
  digest_extra/digest_extra.c
  dsa/dsa.c
  dsa/dsa_asn1.c
@ -502,7 +500,7 @@ add_executable(
  curve25519/spake25519_test.cc
  curve25519/x25519_test.cc
  ecdh_extra/ecdh_test.cc
-  dh/dh_test.cc
+  dh_extra/dh_test.cc
  digest_extra/digest_test.cc
  dsa/dsa_test.cc
  err/err_test.cc
--- a/crypto/dh_extra/dh_asn1.c
+++ b/crypto/dh_extra/dh_asn1.c
--- a/crypto/dh_extra/dh_test.cc
+++ b/crypto/dh_extra/dh_test.cc
--- a/crypto/dh_extra/params.c
+++ b/crypto/dh_extra/params.c
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@ -60,6 +60,8 @@
 #include "cipher/e_aes.c"
 #include "cipher/e_des.c"
 #include "des/des.c"
+#include "dh/check.c"
+#include "dh/dh.c"
 #include "digest/digest.c"
 #include "digest/digests.c"
 #include "ecdh/ecdh.c"
--- a/crypto/fipsmodule/dh/check.c
+++ b/crypto/fipsmodule/dh/check.c
--- a/crypto/fipsmodule/dh/dh.c
+++ b/crypto/fipsmodule/dh/dh.c
@ -60,17 +60,14 @@

 #include <openssl/bn.h>
 #include <openssl/err.h>
-#include <openssl/ex_data.h>
 #include <openssl/mem.h>
 #include <openssl/thread.h>

-#include "../internal.h"
+#include "../../internal.h"


 #define OPENSSL_DH_MAX_MODULUS_BITS 10000

-static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
-
 DH *DH_new(void) {
  DH *dh = OPENSSL_malloc(sizeof(DH));
  if (dh == NULL) {
@ -83,7 +80,6 @@ DH *DH_new(void) {
  CRYPTO_MUTEX_init(&dh->method_mont_p_lock);

  dh->references = 1;
-  CRYPTO_new_ex_data(&dh->ex_data);

  return dh;
 }
@ -97,8 +93,6 @@ void DH_free(DH *dh) {
    return;
  }

-  CRYPTO_free_ex_data(&g_ex_data_class, dh, &dh->ex_data);
-
  BN_MONT_CTX_free(dh->method_mont_p);
  BN_clear_free(dh->p);
  BN_clear_free(dh->g);
@ -513,21 +507,3 @@ DH *DHparams_dup(const DH *dh) {

  return ret;
 }
-
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
-                        CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) {
-  int index;
-  if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
-                               free_func)) {
-    return -1;
-  }
-  return index;
-}
-
-int DH_set_ex_data(DH *d, int idx, void *arg) {
-  return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
-}
-
-void *DH_get_ex_data(DH *d, int idx) {
-  return CRYPTO_get_ex_data(&d->ex_data, idx);
-}
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@ -59,7 +59,6 @@

 #include <openssl/base.h>

-#include <openssl/ex_data.h>
 #include <openssl/thread.h>

 #if defined(__cplusplus)
@ -237,18 +236,6 @@ OPENSSL_EXPORT DH *DH_parse_parameters(CBS *cbs);
 OPENSSL_EXPORT int DH_marshal_parameters(CBB *cbb, const DH *dh);


-// ex_data functions.
-//
-// See |ex_data.h| for details.
-
-OPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp,
-                                       CRYPTO_EX_unused *unused,
-                                       CRYPTO_EX_dup *dup_unused,
-                                       CRYPTO_EX_free *free_func);
-OPENSSL_EXPORT int DH_set_ex_data(DH *d, int idx, void *arg);
-OPENSSL_EXPORT void *DH_get_ex_data(DH *d, int idx);
-
-
 // Deprecated functions.

 // DH_generate_parameters behaves like |DH_generate_parameters_ex|, which is
@ -301,7 +288,6 @@ struct dh_st {

  int flags;
  CRYPTO_refcount_t references;
-  CRYPTO_EX_DATA ex_data;
 };