Redirect FIPS memory allocation to FIPS_malloc() routine, remove

OpenSSL malloc dependencies.
2011-01-27 17:23:43 +00:00 · 2011-01-27 17:23:43 +00:00 · 7cc684f4f7
commit 7cc684f4f7
parent e36d6b8f79
23 changed files with 80 additions and 6 deletions
--- a/Makefile.org
+++ b/Makefile.org
@ -313,7 +313,6 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
 	../crypto/evp/e_des3.o \
 	../crypto/evp/m_sha1.o \
 	../crypto/hmac/hmac.o \
 	../crypto/mem.o \
 	../crypto/modes/cfb128.o \
 	../crypto/modes/ctr128.o \
 	../crypto/modes/ofb128.o \
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@ -113,6 +113,12 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #define OPENSSL_FIPSAPI
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 #define BN_BLINDING_COUNTER	32
 struct bn_blinding_st
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@ -60,12 +60,18 @@
 #endif
 #endif
 #define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <assert.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 /* TODO list
 *
 * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@ -113,6 +113,11 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #define OPENSSL_FIPSAPI
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 /* maximum precomputation table size for *variable* sliding windows */
 #define TABLE_SIZE	32
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@ -67,6 +67,11 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #define OPENSSL_FIPSAPI
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
 /* This stuff appears to be completely unused, so is deprecated */
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@ -115,6 +115,11 @@
 #include "bn_lcl.h"
 #include <openssl/rand.h>
 #define OPENSSL_FIPSAPI
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	unsigned char *buf=NULL;
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@ -60,6 +60,11 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 #define OPENSSL_FIPSAPI
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 void BN_RECP_CTX_init(BN_RECP_CTX *recp)
 	{
 	BN_init(&(recp->N));
--- a/crypto/buffer/buf_str.c
+++ b/crypto/buffer/buf_str.c
@ -60,6 +60,11 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #define OPENSSL_FIPSAPI
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 char *BUF_strdup(const char *str)
 	{
 	if (str == NULL) return(NULL);
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@ -63,6 +63,11 @@
 #include <openssl/rand.h>
 #include <openssl/bn.h>
 #define OPENSSL_FIPSAPI
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
 	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@ -70,6 +70,8 @@
 #ifdef OPENSSL_FIPS
 #define OPENSSL_FIPSAPI
 #include <openssl/fips.h>
 #include <openssl/evp.h>
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@ -30,6 +30,10 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 static int MGF1(unsigned char *mask, long len,
 	const unsigned char *seed, long seedlen);
--- a/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
@ -67,6 +67,10 @@
 #include <openssl/sha.h>
 #include "rsa_locl.h"
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
 #endif
 static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
 #if defined(_MSC_VER) && defined(_ARM_)
--- a/fips/dh/fips_dh_lib.c
+++ b/fips/dh/fips_dh_lib.c
@ -56,9 +56,12 @@
 *
 */
 #define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 #include <openssl/fips.h>
 /* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to
 * reduce external dependencies. 
--- a/fips/dsa/fips_dsa_lib.c
+++ b/fips/dsa/fips_dsa_lib.c
@ -56,9 +56,12 @@
 *
 */
 #define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/dsa.h>
 #include <openssl/bn.h>
 #include <openssl/fips.h>
 /* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
 * reduce external dependencies. 
--- a/fips/fips.h
+++ b/fips/fips.h
@ -113,8 +113,13 @@ void FIPS_lock(int mode, int type,const char *file,int line);
 void FIPS_set_locking_callback (void (*func)(int mode, int type,
 				const char *file,int line));
 void *FIPS_malloc(int num, const char *file, int line);
 void FIPS_free(void *);
 #if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
 #define CRYPTO_lock FIPS_lock
 #define CRYPTO_malloc FIPS_malloc
 #define CRYPTO_free FIPS_free
 #endif
 /* BEGIN ERROR CODES */
--- a/fips/fips_utl.h
+++ b/fips/fips_utl.h
@ -47,6 +47,9 @@
 *
 */
 #define OPENSSL_FIPSAPI
 #include <openssl/fips.h>
 int hex2bin(const char *in, unsigned char *out);
 unsigned char *hex2bin_m(const char *in, long *plen);
 int do_hex2bn(BIGNUM **pr, const char *in);
--- a/fips/hmac/fips_hmactest.c
+++ b/fips/hmac/fips_hmactest.c
@ -77,7 +77,6 @@ int main(int argc, char *argv[])
 #else
 #include <openssl/fips.h>
 #include "fips_utl.h"
 static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@ -123,6 +123,8 @@ int main(int argc, char *argv[])
 #else
 #define OPENSSL_FIPSAPI
 #include <openssl/fips.h>
 #include "fips_utl.h"
--- a/fips/rsa/fips_rsa_lib.c
+++ b/fips/rsa/fips_rsa_lib.c
@ -56,11 +56,14 @@
 *
 */
 #define OPENSSL_FIPSAPI
 #include <string.h>
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
 /* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to
 * reduce external dependencies. 
@ -95,7 +98,6 @@ void FIPS_rsa_free(RSA *r)
 	if (r->iqmp != NULL) BN_clear_free(r->iqmp);
 	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
 	if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
 	if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
 	OPENSSL_free(r);
 	}
--- a/fips/rsa/fips_rsa_sign.c
+++ b/fips/rsa/fips_rsa_sign.c
@ -63,6 +63,7 @@
 #include <openssl/rsa.h>
 #include <openssl/err.h>
 #include <openssl/sha.h>
 #include <openssl/fips.h>
 #ifdef OPENSSL_FIPS
--- a/fips/utl/Makefile
+++ b/fips/utl/Makefile
@ -22,8 +22,8 @@ TEST=
 APPS=
 LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_err.c fips_md.c fips_enc.c fips_lck.c
+LIBSRC= fips_err.c fips_md.c fips_enc.c fips_lck.c fips_mem.c
-LIBOBJ= fips_err.o fips_md.o fips_enc.o fips_lck.o
+LIBOBJ= fips_err.o fips_md.o fips_enc.o fips_lck.o fips_mem.o
 SRC= $(LIBSRC)
--- a/fips/utl/fips_enc.c
+++ b/fips/utl/fips_enc.c
@ -56,11 +56,13 @@
 * [including the GNU Public Licence.]
 */
 #define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <string.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
+#include <openssl/fips.h>
 void FIPS_cipher_ctx_init(EVP_CIPHER_CTX *ctx)
 	{
--- a/fips/utl/fips_md.c
+++ b/fips/utl/fips_md.c
@ -111,11 +111,14 @@
 /* Minimal standalone FIPS versions of Digest operations */
 #define OPENSSL_FIPSAPI
 #include <stdio.h>
 #include <string.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
 void FIPS_md_ctx_init(EVP_MD_CTX *ctx)
 	{