diff options
author | Richard Levitte <levitte@openssl.org> | 2020-01-14 02:32:42 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-01-15 23:45:41 +0100 |
commit | a3327784d9526fd69649089ea5c78a55906e9b2c (patch) | |
tree | 8ca8921d5d7a6e3d9445f122e5fb026282f9d007 /crypto/dh | |
parent | 62c3fed0cd52316259e4e2c0e5878bcfa69b38f9 (diff) | |
download | openssl-a3327784d9526fd69649089ea5c78a55906e9b2c.zip openssl-a3327784d9526fd69649089ea5c78a55906e9b2c.tar.gz openssl-a3327784d9526fd69649089ea5c78a55906e9b2c.tar.bz2 |
CRYPTO: Remove support for ex_data fields when building the FIPS module
These fields are purely application data, and applications don't reach
into the bowels of the FIPS module, so these fields are never used
there.
Fixes #10835
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10837)
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh_lib.c | 6 | ||||
-rw-r--r-- | crypto/dh/dh_local.h | 2 |
2 files changed, 8 insertions, 0 deletions
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 670ba1f..65c2154 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -78,8 +78,10 @@ DH *DH_new_method(ENGINE *engine) ret->flags = ret->meth->flags; +#ifndef FIPS_MODE if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data)) goto err; +#endif if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL); @@ -112,7 +114,9 @@ void DH_free(DH *r) ENGINE_finish(r->engine); #endif +#ifndef FIPS_MODE CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); +#endif CRYPTO_THREAD_lock_free(r->lock); @@ -139,6 +143,7 @@ int DH_up_ref(DH *r) return ((i > 1) ? 1 : 0); } +#ifndef FIPS_MODE int DH_set_ex_data(DH *d, int idx, void *arg) { return CRYPTO_set_ex_data(&d->ex_data, idx, arg); @@ -148,6 +153,7 @@ void *DH_get_ex_data(DH *d, int idx) { return CRYPTO_get_ex_data(&d->ex_data, idx); } +#endif int DH_bits(const DH *dh) { diff --git a/crypto/dh/dh_local.h b/crypto/dh/dh_local.h index a9041e9..378cf5c 100644 --- a/crypto/dh/dh_local.h +++ b/crypto/dh/dh_local.h @@ -33,7 +33,9 @@ struct dh_st { int seedlen; BIGNUM *counter; CRYPTO_REF_COUNT references; +#ifndef FIPS_MODE CRYPTO_EX_DATA ex_data; +#endif const DH_METHOD *meth; ENGINE *engine; CRYPTO_RWLOCK *lock; |