1 files changed, 140 insertions, 159 deletions
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eng.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 383a7045b2..96d8d0c4b4 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eng.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -1,4 +1,4 @@
-/* crypto/rsa/rsa_lib.c */
+/* crypto/dsa/dsa_lib.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -56,120 +56,103 @@
 * [including the GNU Public Licence.]
 */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 #include <stdio.h>
-#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include <openssl/lhash.h>
 #include <openssl/bn.h>
-#include <openssl/rsa.h>
+#include <openssl/dsa.h>
-#include <openssl/rand.h>
+#include <openssl/asn1.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
-const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
-static const RSA_METHOD *default_RSA_meth=NULL;
+#endif
-RSA *RSA_new(void)
+const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
-        {
-        RSA *r=RSA_new_method(NULL);
-        return r;
+static const DSA_METHOD *default_DSA_method = NULL;
-        }
-void RSA_set_default_method(const RSA_METHOD *meth)
+void DSA_set_default_method(const DSA_METHOD *meth)
        {
-#ifdef OPENSSL_FIPS
+        default_DSA_method = meth;
-        if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
-                {
-                RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
-                return;
-                }
-#endif
-        default_RSA_meth = meth;
        }
-const RSA_METHOD *RSA_get_default_method(void)
+const DSA_METHOD *DSA_get_default_method(void)
        {
-        if (default_RSA_meth == NULL)
+        if(!default_DSA_method)
                {
-#ifdef RSA_NULL
+#ifdef OPENSSL_FIPS
-                default_RSA_meth=RSA_null_method();
+                if (FIPS_mode())
-#else
+                        return FIPS_dsa_openssl();
-#if 0 /* was: #ifdef RSAref */
+                else
-                default_RSA_meth=RSA_PKCS1_RSAref();
+                        return DSA_OpenSSL();
 #else
-                default_RSA_meth=RSA_PKCS1_SSLeay();
+                default_DSA_method = DSA_OpenSSL();
-#endif
 #endif
                }
+        return default_DSA_method;
-        return default_RSA_meth;
        }
-const RSA_METHOD *RSA_get_method(const RSA *rsa)
+DSA *DSA_new(void)
        {
-        return rsa->meth;
+        return DSA_new_method(NULL);
        }
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
        {
        /* NB: The caller is specifically setting a method, so it's not up to us
         * to deal with which ENGINE it comes from. */
-        const RSA_METHOD *mtmp;
+        const DSA_METHOD *mtmp;
-#ifdef OPENSSL_FIPS
+        mtmp = dsa->meth;
-        if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
+        if (mtmp->finish) mtmp->finish(dsa);
-                {
-                RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
-        mtmp = rsa->meth;
-        if (mtmp->finish) mtmp->finish(rsa);
 #ifndef OPENSSL_NO_ENGINE
-        if (rsa->engine)
+        if (dsa->engine)
                {
-                ENGINE_finish(rsa->engine);
+                ENGINE_finish(dsa->engine);
-                rsa->engine = NULL;
+                dsa->engine = NULL;
                }
 #endif
-        rsa->meth = meth;
+        dsa->meth = meth;
-        if (meth->init) meth->init(rsa);
+        if (meth->init) meth->init(dsa);
-        return 1;
+        return 1;
        }
-RSA *RSA_new_method(ENGINE *engine)
+DSA *DSA_new_method(ENGINE *engine)
        {
-        RSA *ret;
+        DSA *ret;
-        ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
+        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
        if (ret == NULL)
                {
-                RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-                return NULL;
+                return(NULL);
                }
+        ret->meth = DSA_get_default_method();
-        ret->meth = RSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
        if (engine)
                {
                if (!ENGINE_init(engine))
                        {
-                        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
                        OPENSSL_free(ret);
                        return NULL;
                        }
                ret->engine = engine;
                }
        else
-                ret->engine = ENGINE_get_default_RSA();
+                ret->engine = ENGINE_get_default_DSA();
        if(ret->engine)
                {
-                ret->meth = ENGINE_get_RSA(ret->engine);
+                ret->meth = ENGINE_get_DSA(ret->engine);
                if(!ret->meth)
                        {
-                        RSAerr(RSA_F_RSA_NEW_METHOD,
+                        DSAerr(DSA_F_DSA_NEW_METHOD,
                                ERR_R_ENGINE_LIB);
                        ENGINE_finish(ret->engine);
                        OPENSSL_free(ret);
@@ -177,172 +160,170 @@ RSA *RSA_new_method(ENGINE *engine)
                        }
                }
 #endif
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
-                {
-                RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
-#ifndef OPENSSL_NO_ENGINE
-                if (ret->engine)
-                        ENGINE_finish(ret->engine);
-#endif
-                OPENSSL_free(ret);
-                return NULL;
-                }
-#endif
        ret->pad=0;
        ret->version=0;
-        ret->n=NULL;
+        ret->write_params=1;
-        ret->e=NULL;
-        ret->d=NULL;
        ret->p=NULL;
        ret->q=NULL;
-        ret->dmp1=NULL;
+        ret->g=NULL;
-        ret->dmq1=NULL;
-        ret->iqmp=NULL;
+        ret->pub_key=NULL;
+        ret->priv_key=NULL;
+        ret->kinv=NULL;
+        ret->r=NULL;
+        ret->method_mont_p=NULL;
        ret->references=1;
-        ret->_method_mod_n=NULL;
+        ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
-        ret->_method_mod_p=NULL;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-        ret->_method_mod_q=NULL;
-        ret->blinding=NULL;
-        ret->mt_blinding=NULL;
-        ret->bignum_data=NULL;
-        ret->flags=ret->meth->flags;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
 #ifndef OPENSSL_NO_ENGINE
                if (ret->engine)
                        ENGINE_finish(ret->engine);
 #endif
-                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
                OPENSSL_free(ret);
                ret=NULL;
                }
+        
        return(ret);
        }
-void RSA_free(RSA *r)
+void DSA_free(DSA *r)
        {
        int i;
        if (r == NULL) return;
-        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+        i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
 #ifdef REF_PRINT
-        REF_PRINT("RSA",r);
+        REF_PRINT("DSA",r);
 #endif
        if (i > 0) return;
 #ifdef REF_CHECK
        if (i < 0)
                {
-                fprintf(stderr,"RSA_free, bad reference count\n");
+                fprintf(stderr,"DSA_free, bad reference count\n");
                abort();
                }
 #endif
-        if (r->meth->finish)
+        if(r->meth->finish)
                r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
-        if (r->engine)
+        if(r->engine)
                ENGINE_finish(r->engine);
 #endif
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
-        if (r->n != NULL) BN_clear_free(r->n);
-        if (r->e != NULL) BN_clear_free(r->e);
-        if (r->d != NULL) BN_clear_free(r->d);
        if (r->p != NULL) BN_clear_free(r->p);
        if (r->q != NULL) BN_clear_free(r->q);
-        if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+        if (r->g != NULL) BN_clear_free(r->g);
-        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+        if (r->pub_key != NULL) BN_clear_free(r->pub_key);
-        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+        if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+        if (r->kinv != NULL) BN_clear_free(r->kinv);
-        if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
+        if (r->r != NULL) BN_clear_free(r->r);
-        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
        OPENSSL_free(r);
        }
-int RSA_up_ref(RSA *r)
+int DSA_up_ref(DSA *r)
        {
-        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+        int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
 #ifdef REF_PRINT
-        REF_PRINT("RSA",r);
+        REF_PRINT("DSA",r);
 #endif
 #ifdef REF_CHECK
        if (i < 2)
                {
-                fprintf(stderr, "RSA_up_ref, bad reference count\n");
+                fprintf(stderr, "DSA_up_ref, bad reference count\n");
                abort();
                }
 #endif
        return ((i > 1) ? 1 : 0);
        }
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+int DSA_size(const DSA *r)
+        {
+        int ret,i;
+        ASN1_INTEGER bs;
+        unsigned char buf[4];   /* 4 bytes looks really small.
+                                   However, i2d_ASN1_INTEGER() will not look
+                                   beyond the first byte, as long as the second
+                                   parameter is NULL. */
+        i=BN_num_bits(r->q);
+        bs.length=(i+7)/8;
+        bs.data=buf;
+        bs.type=V_ASN1_INTEGER;
+        /* If the top bit is set the asn1 encoding is 1 larger. */
+        buf[0]=0xff;    
+        i=i2d_ASN1_INTEGER(&bs,NULL);
+        i+=i; /* r and s */
+        ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        return(ret);
+        }
+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
        {
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
                                new_func, dup_func, free_func);
        }
-int RSA_set_ex_data(RSA *r, int idx, void *arg)
+int DSA_set_ex_data(DSA *d, int idx, void *arg)
        {
-        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
        }
-void *RSA_get_ex_data(const RSA *r, int idx)
+void *DSA_get_ex_data(DSA *d, int idx)
        {
-        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        return(CRYPTO_get_ex_data(&d->ex_data,idx));
        }
-int RSA_flags(const RSA *r)
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
        {
-        return((r == NULL)?0:r->meth->flags);
+        /* DSA has p, q, g, optional pub_key, optional priv_key.
-        }
+         * DH has p, optional length, g, optional pub_key, optional priv_key,
+         * optional q.
+         */ 
-int RSA_memory_lock(RSA *r)
+        DH *ret = NULL;
-        {
-        int i,j,k,off;
+        if (r == NULL)
-        char *p;
+                goto err;
-        BIGNUM *bn,**t[6],*b;
+        ret = DH_new();
-        BN_ULONG *ul;
+        if (ret == NULL)
+                goto err;
-        if (r->d == NULL) return(1);
+        if (r->p != NULL) 
-        t[0]= &r->d;
+                if ((ret->p = BN_dup(r->p)) == NULL)
-        t[1]= &r->p;
+                        goto err;
-        t[2]= &r->q;
+        if (r->q != NULL)
-        t[3]= &r->dmp1;
-        t[4]= &r->dmq1;
-        t[5]= &r->iqmp;
-        k=sizeof(BIGNUM)*6;
-        off=k/sizeof(BN_ULONG)+1;
-        j=1;
-        for (i=0; i<6; i++)
-                j+= (*t[i])->top;
-        if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
-                {
-                RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        bn=(BIGNUM *)p;
-        ul=(BN_ULONG *)&(p[off]);
-        for (i=0; i<6; i++)
                {
-                b= *(t[i]);
+                ret->length = BN_num_bits(r->q);
-                *(t[i])= &(bn[i]);
+                if ((ret->q = BN_dup(r->q)) == NULL)
-                memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
+                        goto err;
-                bn[i].flags=BN_FLG_STATIC_DATA;
-                bn[i].d=ul;
-                memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
-                ul+=b->top;
-                BN_clear_free(b);
                }
-        
+        if (r->g != NULL)
-        /* I should fix this so it can still be done */
+                if ((ret->g = BN_dup(r->g)) == NULL)
-        r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+                        goto err;
+        if (r->pub_key != NULL)
+                if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+                        goto err;
+        if (r->priv_key != NULL)
+                if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+                        goto err;
+        return ret;
-        r->bignum_data=p;
+ err:
-        return(1);
+        if (ret != NULL)
+                DH_free(ret);
+        return NULL;
        }
+#endif

diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eng.c b/src/lib/libcrypto/dsa/dsa_lib.c index 383a7045b2..96d8d0c4b4 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_eng.c +++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -1,4 +1,4 @@
1	/* crypto/rsa/rsa_lib.c */	1	/* crypto/dsa/dsa_lib.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -56,120 +56,103 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
		59	/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
		60
59	#include <stdio.h>	61	#include <stdio.h>
60	#include <openssl/crypto.h>
61	#include "cryptlib.h"	62	#include "cryptlib.h"
62	#include <openssl/lhash.h>
63	#include <openssl/bn.h>	63	#include <openssl/bn.h>
64	#include <openssl/rsa.h>	64	#include <openssl/dsa.h>
65	#include <openssl/rand.h>	65	#include <openssl/asn1.h>
66	#ifndef OPENSSL_NO_ENGINE	66	#ifndef OPENSSL_NO_ENGINE
67	#include <openssl/engine.h>	67	#include <openssl/engine.h>
68	#endif	68	#endif
		69	#ifndef OPENSSL_NO_DH
		70	#include <openssl/dh.h>
		71	#endif
69		72
70	const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;	73	#ifdef OPENSSL_FIPS
71		74	#include <openssl/fips.h>
72	static const RSA_METHOD *default_RSA_meth=NULL;	75	#endif
73		76
74	RSA *RSA_new(void)	77	const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
75	{
76	RSA *r=RSA_new_method(NULL);
77		78
78	return r;	79	static const DSA_METHOD *default_DSA_method = NULL;
79	}
80		80
81	void RSA_set_default_method(const RSA_METHOD *meth)	81	void DSA_set_default_method(const DSA_METHOD *meth)
82	{	82	{
83	#ifdef OPENSSL_FIPS	83	default_DSA_method = meth;
84	if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
85	{
86	RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
87	return;
88	}
89	#endif
90	default_RSA_meth = meth;
91	}	84	}
92		85
93	const RSA_METHOD *RSA_get_default_method(void)	86	const DSA_METHOD *DSA_get_default_method(void)
94	{	87	{
95	if (default_RSA_meth == NULL)	88	if(!default_DSA_method)
96	{	89	{
97	#ifdef RSA_NULL	90	#ifdef OPENSSL_FIPS
98	default_RSA_meth=RSA_null_method();	91	if (FIPS_mode())
99	#else	92	return FIPS_dsa_openssl();
100	#if 0 /* was: #ifdef RSAref */	93	else
101	default_RSA_meth=RSA_PKCS1_RSAref();	94	return DSA_OpenSSL();
102	#else	95	#else
103	default_RSA_meth=RSA_PKCS1_SSLeay();	96	default_DSA_method = DSA_OpenSSL();
104	#endif
105	#endif	97	#endif
106	}	98	}
107		99	return default_DSA_method;
108	return default_RSA_meth;
109	}	100	}
110		101
111	const RSA_METHOD RSA_get_method(const RSA rsa)	102	DSA *DSA_new(void)
112	{	103	{
113	return rsa->meth;	104	return DSA_new_method(NULL);
114	}	105	}
115		106
116	int RSA_set_method(RSA rsa, const RSA_METHOD meth)	107	int DSA_set_method(DSA dsa, const DSA_METHOD meth)
117	{	108	{
118	/* NB: The caller is specifically setting a method, so it's not up to us	109	/* NB: The caller is specifically setting a method, so it's not up to us
119	* to deal with which ENGINE it comes from. */	110	* to deal with which ENGINE it comes from. */
120	const RSA_METHOD *mtmp;	111	const DSA_METHOD *mtmp;
121	#ifdef OPENSSL_FIPS	112	mtmp = dsa->meth;
122	if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))	113	if (mtmp->finish) mtmp->finish(dsa);
123	{
124	RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
125	return 0;
126	}
127	#endif
128	mtmp = rsa->meth;
129	if (mtmp->finish) mtmp->finish(rsa);
130	#ifndef OPENSSL_NO_ENGINE	114	#ifndef OPENSSL_NO_ENGINE
131	if (rsa->engine)	115	if (dsa->engine)
132	{	116	{
133	ENGINE_finish(rsa->engine);	117	ENGINE_finish(dsa->engine);
134	rsa->engine = NULL;	118	dsa->engine = NULL;
135	}	119	}
136	#endif	120	#endif
137	rsa->meth = meth;	121	dsa->meth = meth;
138	if (meth->init) meth->init(rsa);	122	if (meth->init) meth->init(dsa);
139	return 1;	123	return 1;
140	}	124	}
141		125
142	RSA RSA_new_method(ENGINE engine)	126	DSA DSA_new_method(ENGINE engine)
143	{	127	{
144	RSA *ret;	128	DSA *ret;
145		129
146	ret=(RSA *)OPENSSL_malloc(sizeof(RSA));	130	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
147	if (ret == NULL)	131	if (ret == NULL)
148	{	132	{
149	RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);	133	DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
150	return NULL;	134	return(NULL);
151	}	135	}
152		136	ret->meth = DSA_get_default_method();
153	ret->meth = RSA_get_default_method();
154	#ifndef OPENSSL_NO_ENGINE	137	#ifndef OPENSSL_NO_ENGINE
155	if (engine)	138	if (engine)
156	{	139	{
157	if (!ENGINE_init(engine))	140	if (!ENGINE_init(engine))
158	{	141	{
159	RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);	142	DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
160	OPENSSL_free(ret);	143	OPENSSL_free(ret);
161	return NULL;	144	return NULL;
162	}	145	}
163	ret->engine = engine;	146	ret->engine = engine;
164	}	147	}
165	else	148	else
166	ret->engine = ENGINE_get_default_RSA();	149	ret->engine = ENGINE_get_default_DSA();
167	if(ret->engine)	150	if(ret->engine)
168	{	151	{
169	ret->meth = ENGINE_get_RSA(ret->engine);	152	ret->meth = ENGINE_get_DSA(ret->engine);
170	if(!ret->meth)	153	if(!ret->meth)
171	{	154	{
172	RSAerr(RSA_F_RSA_NEW_METHOD,	155	DSAerr(DSA_F_DSA_NEW_METHOD,
173	ERR_R_ENGINE_LIB);	156	ERR_R_ENGINE_LIB);
174	ENGINE_finish(ret->engine);	157	ENGINE_finish(ret->engine);
175	OPENSSL_free(ret);	158	OPENSSL_free(ret);
@@ -177,172 +160,170 @@ RSA RSA_new_method(ENGINE engine)
177	}	160	}
178	}	161	}
179	#endif	162	#endif
180	#ifdef OPENSSL_FIPS
181	if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
182	{
183	RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
184	#ifndef OPENSSL_NO_ENGINE
185	if (ret->engine)
186	ENGINE_finish(ret->engine);
187	#endif
188	OPENSSL_free(ret);
189	return NULL;
190	}
191	#endif
192		163
193	ret->pad=0;	164	ret->pad=0;
194	ret->version=0;	165	ret->version=0;
195	ret->n=NULL;	166	ret->write_params=1;
196	ret->e=NULL;
197	ret->d=NULL;
198	ret->p=NULL;	167	ret->p=NULL;
199	ret->q=NULL;	168	ret->q=NULL;
200	ret->dmp1=NULL;	169	ret->g=NULL;
201	ret->dmq1=NULL;	170
202	ret->iqmp=NULL;	171	ret->pub_key=NULL;
		172	ret->priv_key=NULL;
		173
		174	ret->kinv=NULL;
		175	ret->r=NULL;
		176	ret->method_mont_p=NULL;
		177
203	ret->references=1;	178	ret->references=1;
204	ret->_method_mod_n=NULL;	179	ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
205	ret->_method_mod_p=NULL;	180	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
206	ret->_method_mod_q=NULL;
207	ret->blinding=NULL;
208	ret->mt_blinding=NULL;
209	ret->bignum_data=NULL;
210	ret->flags=ret->meth->flags;
211	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
212	if ((ret->meth->init != NULL) && !ret->meth->init(ret))	181	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
213	{	182	{
214	#ifndef OPENSSL_NO_ENGINE	183	#ifndef OPENSSL_NO_ENGINE
215	if (ret->engine)	184	if (ret->engine)
216	ENGINE_finish(ret->engine);	185	ENGINE_finish(ret->engine);
217	#endif	186	#endif
218	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);	187	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
219	OPENSSL_free(ret);	188	OPENSSL_free(ret);
220	ret=NULL;	189	ret=NULL;
221	}	190	}
		191
222	return(ret);	192	return(ret);
223	}	193	}
224		194
225	void RSA_free(RSA *r)	195	void DSA_free(DSA *r)
226	{	196	{
227	int i;	197	int i;
228		198
229	if (r == NULL) return;	199	if (r == NULL) return;
230		200
231	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);	201	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
232	#ifdef REF_PRINT	202	#ifdef REF_PRINT
233	REF_PRINT("RSA",r);	203	REF_PRINT("DSA",r);
234	#endif	204	#endif
235	if (i > 0) return;	205	if (i > 0) return;
236	#ifdef REF_CHECK	206	#ifdef REF_CHECK
237	if (i < 0)	207	if (i < 0)
238	{	208	{
239	fprintf(stderr,"RSA_free, bad reference count\n");	209	fprintf(stderr,"DSA_free, bad reference count\n");
240	abort();	210	abort();
241	}	211	}
242	#endif	212	#endif
243		213
244	if (r->meth->finish)	214	if(r->meth->finish)
245	r->meth->finish(r);	215	r->meth->finish(r);
246	#ifndef OPENSSL_NO_ENGINE	216	#ifndef OPENSSL_NO_ENGINE
247	if (r->engine)	217	if(r->engine)
248	ENGINE_finish(r->engine);	218	ENGINE_finish(r->engine);
249	#endif	219	#endif
250		220
251	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);	221	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
252		222
253	if (r->n != NULL) BN_clear_free(r->n);
254	if (r->e != NULL) BN_clear_free(r->e);
255	if (r->d != NULL) BN_clear_free(r->d);
256	if (r->p != NULL) BN_clear_free(r->p);	223	if (r->p != NULL) BN_clear_free(r->p);
257	if (r->q != NULL) BN_clear_free(r->q);	224	if (r->q != NULL) BN_clear_free(r->q);
258	if (r->dmp1 != NULL) BN_clear_free(r->dmp1);	225	if (r->g != NULL) BN_clear_free(r->g);
259	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);	226	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
260	if (r->iqmp != NULL) BN_clear_free(r->iqmp);	227	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
261	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);	228	if (r->kinv != NULL) BN_clear_free(r->kinv);
262	if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);	229	if (r->r != NULL) BN_clear_free(r->r);
263	if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
264	OPENSSL_free(r);	230	OPENSSL_free(r);
265	}	231	}
266		232
267	int RSA_up_ref(RSA *r)	233	int DSA_up_ref(DSA *r)
268	{	234	{
269	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);	235	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
270	#ifdef REF_PRINT	236	#ifdef REF_PRINT
271	REF_PRINT("RSA",r);	237	REF_PRINT("DSA",r);
272	#endif	238	#endif
273	#ifdef REF_CHECK	239	#ifdef REF_CHECK
274	if (i < 2)	240	if (i < 2)
275	{	241	{
276	fprintf(stderr, "RSA_up_ref, bad reference count\n");	242	fprintf(stderr, "DSA_up_ref, bad reference count\n");
277	abort();	243	abort();
278	}	244	}
279	#endif	245	#endif
280	return ((i > 1) ? 1 : 0);	246	return ((i > 1) ? 1 : 0);
281	}	247	}
282		248
283	int RSA_get_ex_new_index(long argl, void argp, CRYPTO_EX_new new_func,	249	int DSA_size(const DSA *r)
		250	{
		251	int ret,i;
		252	ASN1_INTEGER bs;
		253	unsigned char buf[4]; /* 4 bytes looks really small.
		254	However, i2d_ASN1_INTEGER() will not look
		255	beyond the first byte, as long as the second
		256	parameter is NULL. */
		257
		258	i=BN_num_bits(r->q);
		259	bs.length=(i+7)/8;
		260	bs.data=buf;
		261	bs.type=V_ASN1_INTEGER;
		262	/* If the top bit is set the asn1 encoding is 1 larger. */
		263	buf[0]=0xff;
		264
		265	i=i2d_ASN1_INTEGER(&bs,NULL);
		266	i+=i; /* r and s */
		267	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
		268	return(ret);
		269	}
		270
		271	int DSA_get_ex_new_index(long argl, void argp, CRYPTO_EX_new new_func,
284	CRYPTO_EX_dup dup_func, CRYPTO_EX_free free_func)	272	CRYPTO_EX_dup dup_func, CRYPTO_EX_free free_func)
285	{	273	{
286	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,	274	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
287	new_func, dup_func, free_func);	275	new_func, dup_func, free_func);
288	}	276	}
289		277
290	int RSA_set_ex_data(RSA r, int idx, void arg)	278	int DSA_set_ex_data(DSA d, int idx, void arg)
291	{	279	{
292	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));	280	return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
293	}	281	}
294		282
295	void RSA_get_ex_data(const RSA r, int idx)	283	void DSA_get_ex_data(DSA d, int idx)
296	{	284	{
297	return(CRYPTO_get_ex_data(&r->ex_data,idx));	285	return(CRYPTO_get_ex_data(&d->ex_data,idx));
298	}	286	}
299		287
300	int RSA_flags(const RSA *r)	288	#ifndef OPENSSL_NO_DH
		289	DH DSA_dup_DH(const DSA r)
301	{	290	{
302	return((r == NULL)?0:r->meth->flags);	291	/* DSA has p, q, g, optional pub_key, optional priv_key.
303	}	292	* DH has p, optional length, g, optional pub_key, optional priv_key,
		293	* optional q.
		294	*/
304		295
305	int RSA_memory_lock(RSA *r)	296	DH *ret = NULL;
306	{	297
307	int i,j,k,off;	298	if (r == NULL)
308	char *p;	299	goto err;
309	BIGNUM bn,t[6],b;	300	ret = DH_new();
310	BN_ULONG *ul;	301	if (ret == NULL)
311		302	goto err;
312	if (r->d == NULL) return(1);	303	if (r->p != NULL)
313	t[0]= &r->d;	304	if ((ret->p = BN_dup(r->p)) == NULL)
314	t[1]= &r->p;	305	goto err;
315	t[2]= &r->q;	306	if (r->q != NULL)
316	t[3]= &r->dmp1;
317	t[4]= &r->dmq1;
318	t[5]= &r->iqmp;
319	k=sizeof(BIGNUM)*6;
320	off=k/sizeof(BN_ULONG)+1;
321	j=1;
322	for (i=0; i<6; i++)
323	j+= (*t[i])->top;
324	if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
325	{
326	RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
327	return(0);
328	}
329	bn=(BIGNUM *)p;
330	ul=(BN_ULONG *)&(p[off]);
331	for (i=0; i<6; i++)
332	{	307	{
333	b= *(t[i]);	308	ret->length = BN_num_bits(r->q);
334	*(t[i])= &(bn[i]);	309	if ((ret->q = BN_dup(r->q)) == NULL)
335	memcpy((char )&(bn[i]),(char )b,sizeof(BIGNUM));	310	goto err;
336	bn[i].flags=BN_FLG_STATIC_DATA;
337	bn[i].d=ul;
338	memcpy((char )ul,b->d,sizeof(BN_ULONG)b->top);
339	ul+=b->top;
340	BN_clear_free(b);
341	}	311	}
342		312	if (r->g != NULL)
343	/* I should fix this so it can still be done */	313	if ((ret->g = BN_dup(r->g)) == NULL)
344	r->flags&= ~(RSA_FLAG_CACHE_PRIVATE\|RSA_FLAG_CACHE_PUBLIC);	314	goto err;
		315	if (r->pub_key != NULL)
		316	if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
		317	goto err;
		318	if (r->priv_key != NULL)
		319	if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
		320	goto err;
		321
		322	return ret;
345		323
346	r->bignum_data=p;	324	err:
347	return(1);	325	if (ret != NULL)
		326	DH_free(ret);
		327	return NULL;
348	}	328	}
		329	#endif