commit ce7f08827d291a138b68d962fd81704ce76c68d5
author Adam Langley <alangley@gmail.com> Thu Dec 10 13:13:44 2020 -0800
committer Adam Langley <agl@google.com> Mon Dec 14 21:30:19 2020 +0000
tree 60992f1cce5e2d1182a1ca817799cd3d19f2e58c
parent 49587b2c10482d8f949b616ed4f42f130c9ebbaf

Move DH code into the FIPS module.

This change also drops ex_data from DH objects. The global would need
special handling in the FIPS module, which isn't hard, but just dropping
it saves some of the code-size costs of this change and I cannot find
any signs of use of this functionality.

Change-Id: I984bd70698c2ec329f340d294b3b9ec169cd0c4e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44524
Reviewed-by: David Benjamin <davidben@google.com>

crypto/CMakeLists.txt

diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index 108887c..d23c02e 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -265,10 +265,8 @@
   crypto.c
   curve25519/curve25519.c
   curve25519/spake25519.c
-  dh/dh.c
-  dh/params.c
-  dh/check.c
-  dh/dh_asn1.c
+  dh_extra/params.c
+  dh_extra/dh_asn1.c
   digest_extra/digest_extra.c
   dsa/dsa.c
   dsa/dsa_asn1.c
@@ -502,7 +500,7 @@
   curve25519/spake25519_test.cc
   curve25519/x25519_test.cc
   ecdh_extra/ecdh_test.cc
-  dh/dh_test.cc
+  dh_extra/dh_test.cc
   digest_extra/digest_test.cc
   dsa/dsa_test.cc
   err/err_test.cc

crypto/dh_extra/dh_asn1.c

diff --git a/crypto/dh/dh_asn1.c b/crypto/dh_extra/dh_asn1.c
similarity index 100%
rename from crypto/dh/dh_asn1.c
rename to crypto/dh_extra/dh_asn1.c

crypto/dh_extra/dh_test.cc

diff --git a/crypto/dh/dh_test.cc b/crypto/dh_extra/dh_test.cc
similarity index 100%
rename from crypto/dh/dh_test.cc
rename to crypto/dh_extra/dh_test.cc

crypto/dh_extra/params.c

diff --git a/crypto/dh/params.c b/crypto/dh_extra/params.c
similarity index 100%
rename from crypto/dh/params.c
rename to crypto/dh_extra/params.c

crypto/fipsmodule/bcm.c

diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index 1d9a919..083e2df 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -60,6 +60,8 @@
 #include "cipher/e_aes.c"
 #include "cipher/e_des.c"
 #include "des/des.c"
+#include "dh/check.c"
+#include "dh/dh.c"
 #include "digest/digest.c"
 #include "digest/digests.c"
 #include "ecdh/ecdh.c"

crypto/fipsmodule/dh/check.c

diff --git a/crypto/dh/check.c b/crypto/fipsmodule/dh/check.c
similarity index 100%
rename from crypto/dh/check.c
rename to crypto/fipsmodule/dh/check.c

crypto/fipsmodule/dh/dh.c

diff --git a/crypto/dh/dh.c b/crypto/fipsmodule/dh/dh.c
similarity index 94%
rename from crypto/dh/dh.c
rename to crypto/fipsmodule/dh/dh.c
index 3df9a80..8194caa 100644
--- a/crypto/dh/dh.c
+++ b/crypto/fipsmodule/dh/dh.c
@@ -60,17 +60,14 @@
 
 #include <openssl/bn.h>
 #include <openssl/err.h>
-#include <openssl/ex_data.h>
 #include <openssl/mem.h>
 #include <openssl/thread.h>
 
-#include "../internal.h"
+#include "../../internal.h"
 
 
 #define OPENSSL_DH_MAX_MODULUS_BITS 10000
 
-static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
-
 DH *DH_new(void) {
   DH *dh = OPENSSL_malloc(sizeof(DH));
   if (dh == NULL) {
@@ -83,7 +80,6 @@
   CRYPTO_MUTEX_init(&dh->method_mont_p_lock);
 
   dh->references = 1;
-  CRYPTO_new_ex_data(&dh->ex_data);
 
   return dh;
 }
@@ -97,8 +93,6 @@
     return;
   }
 
-  CRYPTO_free_ex_data(&g_ex_data_class, dh, &dh->ex_data);
-
   BN_MONT_CTX_free(dh->method_mont_p);
   BN_clear_free(dh->p);
   BN_clear_free(dh->g);
@@ -513,21 +507,3 @@
 
   return ret;
 }
-
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
-                        CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) {
-  int index;
-  if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
-                               free_func)) {
-    return -1;
-  }
-  return index;
-}
-
-int DH_set_ex_data(DH *d, int idx, void *arg) {
-  return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
-}
-
-void *DH_get_ex_data(DH *d, int idx) {
-  return CRYPTO_get_ex_data(&d->ex_data, idx);
-}

include/openssl/dh.h

diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 34e70c9..ef3c481 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -59,7 +59,6 @@
 
 #include <openssl/base.h>
 
-#include <openssl/ex_data.h>
 #include <openssl/thread.h>
 
 #if defined(__cplusplus)
@@ -237,18 +236,6 @@
 OPENSSL_EXPORT int DH_marshal_parameters(CBB *cbb, const DH *dh);
 
 
-// ex_data functions.
-//
-// See |ex_data.h| for details.
-
-OPENSSL_EXPORT int DH_get_ex_new_index(long argl, void *argp,
-                                       CRYPTO_EX_unused *unused,
-                                       CRYPTO_EX_dup *dup_unused,
-                                       CRYPTO_EX_free *free_func);
-OPENSSL_EXPORT int DH_set_ex_data(DH *d, int idx, void *arg);
-OPENSSL_EXPORT void *DH_get_ex_data(DH *d, int idx);
-
-
 // Deprecated functions.
 
 // DH_generate_parameters behaves like |DH_generate_parameters_ex|, which is
@@ -301,7 +288,6 @@
 
   int flags;
   CRYPTO_refcount_t references;
-  CRYPTO_EX_DATA ex_data;
 };