merge 0.9.7b with local changes; crank majors for libssl/libcrypto

8 files changed, 195 insertions, 66 deletions

diff --git a/src/lib/libcrypto/rsa/Makefile.ssl b/src/lib/libcrypto/rsa/Makefile.ssl
index 8c44b7f142..8089344a04 100644
--- a/src/lib/libcrypto/rsa/Makefile.ssl
+++ b/src/lib/libcrypto/rsa/Makefile.ssl
@@ -72,7 +72,7 @@ lint:
         lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-        $(MAKEDEPEND) $(CFLAG) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
         $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -104,14 +104,12 @@ rsa_chk.o: rsa_chk.c
 rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
-rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
-rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_eay.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_eay.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_eay.o: ../../include/openssl/ui.h ../cryptlib.h rsa_eay.c
+rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
 rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -217,21 +215,21 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
 rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
 rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
 rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-rsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-rsa_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-rsa_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
-rsa_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
-rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_sign.o: ../../include/openssl/opensslconf.h
 rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
-rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
-rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-rsa_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_sign.c
+rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_sign.o: ../cryptlib.h rsa_sign.c
 rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 98b3bd7cc5..e26a68b482 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -158,6 +158,11 @@ struct rsa_st
 #define RSA_FLAG_CACHE_PUBLIC           0x02
 #define RSA_FLAG_CACHE_PRIVATE          0x04
 #define RSA_FLAG_BLINDING               0x08
+#define RSA_FLAG_NO_BLINDING            0x80 /* new with 0.9.6j and 0.9.7b; the built-in
+                                              * RSA implementation now uses blinding by
+                                              * default (ignoring RSA_FLAG_BLINDING),
+                                              * but other engines might not need it
+                                              */
 #define RSA_FLAG_THREAD_SAFE            0x10
 /* This flag means the private key operations will be handled by rsa_mod_exp
  * and that they do not depend on the private key components being present:
@@ -170,11 +175,15 @@ struct rsa_st
  */
 #define RSA_FLAG_SIGN_VER               0x40
 
+#define RSA_FLAG_NO_BLINDING            0x80
+
 #define RSA_PKCS1_PADDING       1
 #define RSA_SSLV23_PADDING      2
 #define RSA_NO_PADDING          3
 #define RSA_PKCS1_OAEP_PADDING  4
 
+#define RSA_PKCS1_PADDING_SIZE  11
+
 #define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
 #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index a3f549d8e6..027b4dc754 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -61,7 +61,6 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
-#include <openssl/engine.h>
 
 #ifndef RSA_NULL
 
@@ -187,7 +186,7 @@ err:
         BN_clear_free(&ret);
         if (buf != NULL) 
                 {
-                memset(buf,0,num);
+                OPENSSL_cleanse(buf,num);
                 OPENSSL_free(buf);
                 }
         return(r);
@@ -206,12 +205,46 @@ static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
 
 #define BLINDING_HELPER(rsa, ctx, err_instr) \
         do { \
-                if(((rsa)->flags & RSA_FLAG_BLINDING) && \
-                                ((rsa)->blinding == NULL) && \
-                                !rsa_eay_blinding(rsa, ctx)) \
-                        err_instr \
+                if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
+                    ((rsa)->blinding == NULL) && \
+                    !rsa_eay_blinding(rsa, ctx)) \
+                    err_instr \
         } while(0)
 
+static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
+        {
+        BIGNUM *A, *Ai;
+        BN_BLINDING *ret = NULL;
+
+        /* added in OpenSSL 0.9.6j and 0.9.7b */
+
+        /* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
+         * this should be placed in a new function of its own, but for reasons
+         * of binary compatibility can't */
+
+        BN_CTX_start(ctx);
+        A = BN_CTX_get(ctx);
+        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+                {
+                /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
+                if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+                }
+        else
+                {
+                if (!BN_rand_range(A,rsa->n)) goto err;
+                }
+        if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
+
+        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+                goto err;
+        ret = BN_BLINDING_new(A,Ai,rsa->n);
+        BN_free(Ai);
+err:
+        BN_CTX_end(ctx);
+        return ret;
+        }
+
 /* signing */
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
@@ -220,6 +253,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
         int i,j,k,num=0,r= -1;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
+        int local_blinding = 0;
+        BN_BLINDING *blinding = NULL;
 
         BN_init(&f);
         BN_init(&ret);
@@ -257,9 +292,38 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                 }
 
         BLINDING_HELPER(rsa, ctx, goto err;);
+        blinding = rsa->blinding;
+        
+        /* Now unless blinding is disabled, 'blinding' is non-NULL.
+         * But the BN_BLINDING object may be owned by some other thread
+         * (we don't want to keep it constant and we don't want to use
+         * lots of locking to avoid race conditions, so only a single
+         * thread can use it; other threads have to use local blinding
+         * factors) */
+        if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+                {
+                if (blinding == NULL)
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                }
+        
+        if (blinding != NULL)
+                {
+                if (blinding->thread_id != CRYPTO_thread_id())
+                        {
+                        /* we need a local one-time blinding factor */
+
+                        blinding = setup_blinding(rsa, ctx);
+                        if (blinding == NULL)
+                                goto err;
+                        local_blinding = 1;
+                        }
+                }
 
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+        if (blinding)
+                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
 
         if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
                 ((rsa->p != NULL) &&
@@ -273,8 +337,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
                 }
 
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
+        if (blinding)
+                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
 
         /* put in leading 0 bytes if the number is less than the
          * length of the modulus */
@@ -288,9 +352,11 @@ err:
         if (ctx != NULL) BN_CTX_free(ctx);
         BN_clear_free(&ret);
         BN_clear_free(&f);
+        if (local_blinding)
+                BN_BLINDING_free(blinding);
         if (buf != NULL)
                 {
-                memset(buf,0,num);
+                OPENSSL_cleanse(buf,num);
                 OPENSSL_free(buf);
                 }
         return(r);
@@ -304,6 +370,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
         unsigned char *p;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
+        int local_blinding = 0;
+        BN_BLINDING *blinding = NULL;
 
         BN_init(&f);
         BN_init(&ret);
@@ -336,9 +404,38 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                 }
 
         BLINDING_HELPER(rsa, ctx, goto err;);
+        blinding = rsa->blinding;
+        
+        /* Now unless blinding is disabled, 'blinding' is non-NULL.
+         * But the BN_BLINDING object may be owned by some other thread
+         * (we don't want to keep it constant and we don't want to use
+         * lots of locking to avoid race conditions, so only a single
+         * thread can use it; other threads have to use local blinding
+         * factors) */
+        if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
+                {
+                if (blinding == NULL)
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                        }
+                }
+        
+        if (blinding != NULL)
+                {
+                if (blinding->thread_id != CRYPTO_thread_id())
+                        {
+                        /* we need a local one-time blinding factor */
+
+                        blinding = setup_blinding(rsa, ctx);
+                        if (blinding == NULL)
+                                goto err;
+                        local_blinding = 1;
+                        }
+                }
 
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+        if (blinding)
+                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
 
         /* do the decrypt */
         if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -354,8 +451,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                         goto err;
                 }
 
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
+        if (blinding)
+                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
 
         p=buf;
         j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
@@ -389,7 +486,7 @@ err:
         BN_clear_free(&ret);
         if (buf != NULL)
                 {
-                memset(buf,0,num);
+                OPENSSL_cleanse(buf,num);
                 OPENSSL_free(buf);
                 }
         return(r);
@@ -486,7 +583,7 @@ err:
         BN_clear_free(&ret);
         if (buf != NULL)
                 {
-                memset(buf,0,num);
+                OPENSSL_cleanse(buf,num);
                 OPENSSL_free(buf);
                 }
         return(r);
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 37fff8bce3..53c5092014 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -62,7 +62,10 @@
 #include <openssl/lhash.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 
 const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
 
@@ -72,10 +75,6 @@ RSA *RSA_new(void)
         {
         RSA *r=RSA_new_method(NULL);
 
-#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
-        r->flags|=RSA_FLAG_BLINDING;
-#endif
-
         return r;
         }
 
@@ -114,11 +113,13 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
         const RSA_METHOD *mtmp;
         mtmp = rsa->meth;
         if (mtmp->finish) mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
         if (rsa->engine)
                 {
                 ENGINE_finish(rsa->engine);
                 rsa->engine = NULL;
                 }
+#endif
         rsa->meth = meth;
         if (meth->init) meth->init(rsa);
         return 1;
@@ -136,6 +137,7 @@ RSA *RSA_new_method(ENGINE *engine)
                 }
 
         ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
         if (engine)
                 {
                 if (!ENGINE_init(engine))
@@ -160,6 +162,7 @@ RSA *RSA_new_method(ENGINE *engine)
                         return NULL;
                         }
                 }
+#endif
 
         ret->pad=0;
         ret->version=0;
@@ -181,8 +184,10 @@ RSA *RSA_new_method(ENGINE *engine)
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
         if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                 {
+#ifndef OPENSSL_NO_ENGINE
                 if (ret->engine)
                         ENGINE_finish(ret->engine);
+#endif
                 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
                 OPENSSL_free(ret);
                 ret=NULL;
@@ -211,8 +216,10 @@ void RSA_free(RSA *r)
 
         if (r->meth->finish)
                 r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
         if (r->engine)
                 ENGINE_finish(r->engine);
+#endif
 
         CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 
@@ -303,7 +310,8 @@ void RSA_blinding_off(RSA *rsa)
                 BN_BLINDING_free(rsa->blinding);
                 rsa->blinding=NULL;
                 }
-        rsa->flags&= ~RSA_FLAG_BLINDING;
+        rsa->flags &= ~RSA_FLAG_BLINDING;
+        rsa->flags |= RSA_FLAG_NO_BLINDING;
         }
 
 int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
@@ -322,15 +330,32 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
         if (rsa->blinding != NULL)
                 BN_BLINDING_free(rsa->blinding);
 
+        /* NB: similar code appears in setup_blinding (rsa_eay.c);
+         * this should be placed in a new function of its own, but for reasons
+         * of binary compatibility can't */
+
         BN_CTX_start(ctx);
         A = BN_CTX_get(ctx);
-        if (!BN_rand_range(A,rsa->n)) goto err;
+        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+                {
+                /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
+                if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
+                }
+        else
+                {
+                if (!BN_rand_range(A,rsa->n)) goto err;
+                }
         if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
         if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
-            goto err;
-        rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
-        rsa->flags|=RSA_FLAG_BLINDING;
+                goto err;
+        if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
+        /* to make things thread-safe without excessive locking,
+         * rsa->blinding will be used just by the current thread: */
+        rsa->blinding->thread_id = CRYPTO_thread_id();
+        rsa->flags |= RSA_FLAG_BLINDING;
+        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
         BN_free(Ai);
         ret=1;
 err:
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c
index c1edd6764f..8560755f1d 100644
--- a/src/lib/libcrypto/rsa/rsa_pk1.c
+++ b/src/lib/libcrypto/rsa/rsa_pk1.c
@@ -68,7 +68,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
         int j;
         unsigned char *p;
 
-        if (flen > (tlen-11))
+        if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
                 {
                 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return(0);
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
index 85adacc08f..f462716a57 100644
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -77,7 +77,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
 
         i=i2d_ASN1_OCTET_STRING(&sig,NULL);
         j=RSA_size(rsa);
-        if ((i-RSA_PKCS1_PADDING) > j)
+        if (i > (j-RSA_PKCS1_PADDING_SIZE))
                 {
                 RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                 return(0);
@@ -96,7 +96,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
         else
                 *siglen=i;
 
-        memset(s,0,(unsigned int)j+1);
+        OPENSSL_cleanse(s,(unsigned int)j+1);
         OPENSSL_free(s);
         return(ret);
         }
@@ -139,7 +139,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
                 ret=1;
 err:
         if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-        memset(s,0,(unsigned int)siglen);
+        OPENSSL_cleanse(s,(unsigned int)siglen);
         OPENSSL_free(s);
         return(ret);
         }
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 2a440901de..8a1e642183 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -62,7 +62,6 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include <openssl/engine.h>
 
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH  36
@@ -77,10 +76,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
         const unsigned char *s = NULL;
         X509_ALGOR algor;
         ASN1_OCTET_STRING digest;
-        if((rsa->flags & RSA_FLAG_SIGN_VER)
-              && ENGINE_get_RSA(rsa->engine)->rsa_sign)
-              return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
-                        m, m_len, sigret, siglen, rsa);
+        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
+                {
+                return rsa->meth->rsa_sign(type, m, m_len,
+                        sigret, siglen, rsa);
+                }
         /* Special case: SSL signature, just check the length */
         if(type == NID_md5_sha1) {
                 if(m_len != SSL_SIG_LENGTH) {
@@ -113,7 +113,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
                 i=i2d_X509_SIG(&sig,NULL);
         }
         j=RSA_size(rsa);
-        if ((i-RSA_PKCS1_PADDING) > j)
+        if (i > (j-RSA_PKCS1_PADDING_SIZE))
                 {
                 RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                 return(0);
@@ -136,7 +136,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
                 *siglen=i;
 
         if(type != NID_md5_sha1) {
-                memset(tmps,0,(unsigned int)j+1);
+                OPENSSL_cleanse(tmps,(unsigned int)j+1);
                 OPENSSL_free(tmps);
         }
         return(ret);
@@ -155,10 +155,11 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                 return(0);
                 }
 
-        if((rsa->flags & RSA_FLAG_SIGN_VER)
-            && ENGINE_get_RSA(rsa->engine)->rsa_verify)
-            return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
-                        m, m_len, sigbuf, siglen, rsa);
+        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+                {
+                return rsa->meth->rsa_verify(dtype, m, m_len,
+                        sigbuf, siglen, rsa);
+                }
 
         s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
         if (s == NULL)
@@ -221,7 +222,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
         }
 err:
         if (sig != NULL) X509_SIG_free(sig);
-        memset(s,0,(unsigned int)siglen);
+        OPENSSL_cleanse(s,(unsigned int)siglen);
         OPENSSL_free(s);
         return(ret);
         }
diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c
index b8b462d33b..924e9ad1f6 100644
--- a/src/lib/libcrypto/rsa/rsa_test.c
+++ b/src/lib/libcrypto/rsa/rsa_test.c
@@ -16,7 +16,6 @@ int main(int argc, char *argv[])
 }
 #else
 #include <openssl/rsa.h>
-#include <openssl/engine.h>
 
 #define SetKey \
   key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \