commit 2056d7290a05c9cfd98889ef8b5519ddc81bd4d8
author David Benjamin <davidben@google.com> Tue Nov 21 12:58:36 2017 -0500
committer Adam Langley <agl@google.com> Wed Nov 22 21:01:11 2017 +0000
tree 7efedcc8bacc1ff38f06fafe876d70324991fe0e
parent 42a8cbe37c18f2b4be6f65e3077bb799ea104190

Remove DSA_sign_setup too.

Change-Id: Ib406e7d1653fa57a863dbd5d4eb04401caf5de0a
Reviewed-on: https://boringssl-review.googlesource.com/23284
Reviewed-by: Adam Langley <agl@google.com>

crypto/dsa/dsa.c

diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c
index 61f0c6c..f3d4f85 100644
--- a/crypto/dsa/dsa.c
+++ b/crypto/dsa/dsa.c
@@ -82,6 +82,9 @@
 // Rabin-Miller
 #define DSS_prime_checks 50
 
+static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
+                          BIGNUM **out_r);
+
 static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
 
 DSA *DSA_new(void) {
@@ -117,8 +120,6 @@
   BN_clear_free(dsa->g);
   BN_clear_free(dsa->pub_key);
   BN_clear_free(dsa->priv_key);
-  BN_clear_free(dsa->kinv);
-  BN_clear_free(dsa->r);
   BN_MONT_CTX_free(dsa->method_mont_p);
   BN_MONT_CTX_free(dsa->method_mont_q);
   CRYPTO_MUTEX_cleanup(&dsa->method_mont_lock);
@@ -544,14 +545,13 @@
   OPENSSL_free(sig);
 }
 
-DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, DSA *dsa) {
+DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, const DSA *dsa) {
   BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
   BIGNUM m;
   BIGNUM xr;
   BN_CTX *ctx = NULL;
   int reason = ERR_R_BN_LIB;
   DSA_SIG *ret = NULL;
-  int noredo = 0;
 
   BN_init(&m);
   BN_init(&xr);
@@ -571,16 +571,8 @@
   }
 
 redo:
-  if (dsa->kinv == NULL || dsa->r == NULL) {
-    if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) {
-      goto err;
-    }
-  } else {
-    kinv = dsa->kinv;
-    dsa->kinv = NULL;
-    r = dsa->r;
-    dsa->r = NULL;
-    noredo = 1;
+  if (!dsa_sign_setup(dsa, ctx, &kinv, &r)) {
+    goto err;
   }
 
   if (digest_len > BN_num_bytes(dsa->q)) {
@@ -613,10 +605,6 @@
   // Redo if r or s is zero as required by FIPS 186-3: this is
   // very unlikely.
   if (BN_is_zero(r) || BN_is_zero(s)) {
-    if (noredo) {
-      reason = DSA_R_NEED_NEW_SETUP_VALUES;
-      goto err;
-    }
     goto redo;
   }
   ret = DSA_SIG_new();
@@ -758,7 +746,7 @@
 }
 
 int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
-             uint8_t *out_sig, unsigned int *out_siglen, DSA *dsa) {
+             uint8_t *out_sig, unsigned int *out_siglen, const DSA *dsa) {
   DSA_SIG *s;
 
   s = DSA_do_sign(digest, digest_len, dsa);
@@ -848,8 +836,8 @@
   return ret;
 }
 
-int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
-                   BIGNUM **out_r) {
+static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv,
+                          BIGNUM **out_r) {
   BN_CTX *ctx;
   BIGNUM k, kq, *kinv = NULL, *r = NULL;
   int ret = 0;

include/openssl/dsa.h

diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
index 315e7ca..2966f9d 100644
--- a/include/openssl/dsa.h
+++ b/include/openssl/dsa.h
@@ -172,7 +172,7 @@
 // DSA_do_sign returns a signature of the hash in |digest| by the key in |dsa|
 // and returns an allocated, DSA_SIG structure, or NULL on error.
 OPENSSL_EXPORT DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len,
-                                    DSA *dsa);
+                                    const DSA *dsa);
 
 // DSA_do_verify verifies that |sig| is a valid signature, by the public key in
 // |dsa|, of the hash in |digest|. It returns one if so, zero if invalid and -1
@@ -212,7 +212,7 @@
 // (The |type| argument is ignored.)
 OPENSSL_EXPORT int DSA_sign(int type, const uint8_t *digest, size_t digest_len,
                             uint8_t *out_sig, unsigned int *out_siglen,
-                            DSA *dsa);
+                            const DSA *dsa);
 
 // DSA_verify verifies that |sig| is a valid, ASN.1 signature, by the public
 // key in |dsa|, of the hash in |digest|. It returns one if so, zero if invalid
@@ -284,19 +284,6 @@
 OPENSSL_EXPORT int DSA_marshal_parameters(CBB *cbb, const DSA *dsa);
 
 
-// Precomputation.
-
-// DSA_sign_setup precomputes the message independent part of the DSA signature
-// and writes them to |*out_kinv| and |*out_r|. Returns one on success, zero on
-// error.
-//
-// TODO(fork): decide what to do with this. Since making DSA* opaque there's no
-// way for the user to install them. Also, it forces the DSA* not to be const
-// when passing to the signing function.
-OPENSSL_EXPORT int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx,
-                                  BIGNUM **out_kinv, BIGNUM **out_r);
-
-
 // Conversion.
 
 // DSA_dup_DH returns a |DH| constructed from the parameters of |dsa|. This is
@@ -411,9 +398,6 @@
   BIGNUM *pub_key;   // y public key
   BIGNUM *priv_key;  // x private key
 
-  BIGNUM *kinv;  // Signing pre-calc
-  BIGNUM *r;     // Signing pre-calc
-
   int flags;
   // Normally used to cache montgomery values
   CRYPTO_MUTEX method_mont_lock;