Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / dd42a613176ed39d12be02cf21aeae057d9ef6e6^! / . / src / crypto / dsa
commitdd42a613176ed39d12be02cf21aeae057d9ef6e6[log] [tgz]
authorSrinivas Paladugu <srnvs@google.com>Fri Aug 09 19:30:39 2019 +0000
committerSrinivas Paladugu <srnvs@google.com>Fri Aug 09 19:30:39 2019 +0000
treeb178584cd6074879284532ebf5f91db100ff119c
parenta5c947b7c91bac52eeb5086507b67e52a59ef980 [diff]
Revert "Revert "Revert "external/boringssl: Sync to 81080a729af568f7b5fde92b9170cc17065027c9."""

This reverts commit a5c947b7c91bac52eeb5086507b67e52a59ef980.

Reason for revert: Breaks blueline target on qt-dev-plus-aosp and pi-dev-plus-aosp

Change-Id: Ib3f71674ce7f7114e5925043ead7e8e51e9bc31e

diff --git a/src/crypto/dsa/dsa.c b/src/crypto/dsa/dsa.c
index 51dca7f..288e2c8 100644
--- a/src/crypto/dsa/dsa.c
+++ b/src/crypto/dsa/dsa.c

@@ -558,34 +558,29 @@
 }
 
 DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, const DSA *dsa) {
-  if (!dsa->p || !dsa->q || !dsa->g) {
-    OPENSSL_PUT_ERROR(DSA, DSA_R_MISSING_PARAMETERS);
-    return NULL;
-  }
+  BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+  BIGNUM m;
+  BIGNUM xr;
+  BN_CTX *ctx = NULL;
+  int reason = ERR_R_BN_LIB;
+  DSA_SIG *ret = NULL;
 
-  // Reject invalid parameters. In particular, the algorithm will infinite loop
-  // if |g| is zero.
-  if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
-    OPENSSL_PUT_ERROR(DSA, DSA_R_INVALID_PARAMETERS);
-    return NULL;
+  BN_init(&m);
+  BN_init(&xr);
+
+  if (!dsa->p || !dsa->q || !dsa->g) {
+    reason = DSA_R_MISSING_PARAMETERS;
+    goto err;
   }
 
   // We only support DSA keys that are a multiple of 8 bits. (This is a weaker
   // check than the one in |DSA_do_check_signature|, which only allows 160-,
   // 224-, and 256-bit keys.
   if (BN_num_bits(dsa->q) % 8 != 0) {
-    OPENSSL_PUT_ERROR(DSA, DSA_R_BAD_Q_VALUE);
-    return NULL;
+    reason = DSA_R_BAD_Q_VALUE;
+    goto err;
   }
 
-  BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
-  BIGNUM m;
-  BIGNUM xr;
-  BN_CTX *ctx = NULL;
-  DSA_SIG *ret = NULL;
-
-  BN_init(&m);
-  BN_init(&xr);
   s = BN_new();
   if (s == NULL) {
     goto err;
@@ -645,7 +640,7 @@
 
 err:
   if (ret == NULL) {
-    OPENSSL_PUT_ERROR(DSA, ERR_R_BN_LIB);
+    OPENSSL_PUT_ERROR(DSA, reason);
     BN_free(r);
     BN_free(s);
   }

diff --git a/src/crypto/dsa/dsa_test.cc b/src/crypto/dsa/dsa_test.cc
index 4682131..295a7fd 100644
--- a/src/crypto/dsa/dsa_test.cc
+++ b/src/crypto/dsa/dsa_test.cc

@@ -62,8 +62,6 @@
 #include <stdio.h>
 #include <string.h>
 
-#include <vector>
-
 #include <gtest/gtest.h>
 
 #include <openssl/bn.h>
@@ -317,18 +315,3 @@
     ADD_FAILURE() << "Tests failed";
   }
 }
-
-TEST(DSATest, InvalidGroup) {
-  bssl::UniquePtr<DSA> dsa = GetFIPSDSA();
-  ASSERT_TRUE(dsa);
-  BN_zero(dsa->g);
-
-  std::vector<uint8_t> sig(DSA_size(dsa.get()));
-  unsigned sig_len;
-  static const uint8_t kDigest[32] = {0};
-  EXPECT_FALSE(
-      DSA_sign(0, kDigest, sizeof(kDigest), sig.data(), &sig_len, dsa.get()));
-  uint32_t err = ERR_get_error();
-  EXPECT_EQ(ERR_LIB_DSA, ERR_GET_LIB(err));
-  EXPECT_EQ(DSA_R_INVALID_PARAMETERS, ERR_GET_REASON(err));
-}