Remove DSA_sign_setup too.
Change-Id: Ib406e7d1653fa57a863dbd5d4eb04401caf5de0a
Reviewed-on: https://boringssl-review.googlesource.com/23284
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c
index 61f0c6c..f3d4f85 100644
--- a/crypto/dsa/dsa.c
+++ b/crypto/dsa/dsa.c
@@ -82,6 +82,9 @@
// Rabin-Miller
#define DSS_prime_checks 50
+static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
+ BIGNUM **out_r);
+
static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
DSA *DSA_new(void) {
@@ -117,8 +120,6 @@
BN_clear_free(dsa->g);
BN_clear_free(dsa->pub_key);
BN_clear_free(dsa->priv_key);
- BN_clear_free(dsa->kinv);
- BN_clear_free(dsa->r);
BN_MONT_CTX_free(dsa->method_mont_p);
BN_MONT_CTX_free(dsa->method_mont_q);
CRYPTO_MUTEX_cleanup(&dsa->method_mont_lock);
@@ -544,14 +545,13 @@
OPENSSL_free(sig);
}
-DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, DSA *dsa) {
+DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, const DSA *dsa) {
BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
BIGNUM m;
BIGNUM xr;
BN_CTX *ctx = NULL;
int reason = ERR_R_BN_LIB;
DSA_SIG *ret = NULL;
- int noredo = 0;
BN_init(&m);
BN_init(&xr);
@@ -571,16 +571,8 @@
}
redo:
- if (dsa->kinv == NULL || dsa->r == NULL) {
- if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) {
- goto err;
- }
- } else {
- kinv = dsa->kinv;
- dsa->kinv = NULL;
- r = dsa->r;
- dsa->r = NULL;
- noredo = 1;
+ if (!dsa_sign_setup(dsa, ctx, &kinv, &r)) {
+ goto err;
}
if (digest_len > BN_num_bytes(dsa->q)) {
@@ -613,10 +605,6 @@
// Redo if r or s is zero as required by FIPS 186-3: this is
// very unlikely.
if (BN_is_zero(r) || BN_is_zero(s)) {
- if (noredo) {
- reason = DSA_R_NEED_NEW_SETUP_VALUES;
- goto err;
- }
goto redo;
}
ret = DSA_SIG_new();
@@ -758,7 +746,7 @@
}
int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
- uint8_t *out_sig, unsigned int *out_siglen, DSA *dsa) {
+ uint8_t *out_sig, unsigned int *out_siglen, const DSA *dsa) {
DSA_SIG *s;
s = DSA_do_sign(digest, digest_len, dsa);
@@ -848,8 +836,8 @@
return ret;
}
-int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
- BIGNUM **out_r) {
+static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
+ BIGNUM **out_r) {
BN_CTX *ctx;
BIGNUM k, kq, *kinv = NULL, *r = NULL;
int ret = 0;
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 315e7ca..2966f9d 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -172,7 +172,7 @@
// DSA_do_sign returns a signature of the hash in |digest| by the key in |dsa|
// and returns an allocated, DSA_SIG structure, or NULL on error.
OPENSSL_EXPORT DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len,
- DSA *dsa);
+ const DSA *dsa);
// DSA_do_verify verifies that |sig| is a valid signature, by the public key in
// |dsa|, of the hash in |digest|. It returns one if so, zero if invalid and -1
@@ -212,7 +212,7 @@
// (The |type| argument is ignored.)
OPENSSL_EXPORT int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
uint8_t *out_sig, unsigned int *out_siglen,
- DSA *dsa);
+ const DSA *dsa);
// DSA_verify verifies that |sig| is a valid, ASN.1 signature, by the public
// key in |dsa|, of the hash in |digest|. It returns one if so, zero if invalid
@@ -284,19 +284,6 @@
OPENSSL_EXPORT int DSA_marshal_parameters(CBB *cbb, const DSA *dsa);
-// Precomputation.
-
-// DSA_sign_setup precomputes the message independent part of the DSA signature
-// and writes them to |*out_kinv| and |*out_r|. Returns one on success, zero on
-// error.
-//
-// TODO(fork): decide what to do with this. Since making DSA* opaque there's no
-// way for the user to install them. Also, it forces the DSA* not to be const
-// when passing to the signing function.
-OPENSSL_EXPORT int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx,
- BIGNUM **out_kinv, BIGNUM **out_r);
-
-
// Conversion.
// DSA_dup_DH returns a |DH| constructed from the parameters of |dsa|. This is
@@ -411,9 +398,6 @@
BIGNUM *pub_key; // y public key
BIGNUM *priv_key; // x private key
- BIGNUM *kinv; // Signing pre-calc
- BIGNUM *r; // Signing pre-calc
-
int flags;
// Normally used to cache montgomery values
CRYPTO_MUTEX method_mont_lock;