4 files changed, 23 insertions, 8 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index da2cdfa3d6..4171af24c6 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -63,7 +63,9 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
 const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
@@ -93,11 +95,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
        const DSA_METHOD *mtmp;
        mtmp = dsa->meth;
        if (mtmp->finish) mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
        if (dsa->engine)
                {
                ENGINE_finish(dsa->engine);
                dsa->engine = NULL;
                }
+#endif
        dsa->meth = meth;
        if (meth->init) meth->init(dsa);
        return 1;
@@ -114,6 +118,7 @@ DSA *DSA_new_method(ENGINE *engine)
                return(NULL);
                }
        ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
        if (engine)
                {
                if (!ENGINE_init(engine))
@@ -138,6 +143,7 @@ DSA *DSA_new_method(ENGINE *engine)
                        return NULL;
                        }
                }
+#endif
        ret->pad=0;
        ret->version=0;
@@ -158,8 +164,10 @@ DSA *DSA_new_method(ENGINE *engine)
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
+#ifndef OPENSSL_NO_ENGINE
                if (ret->engine)
                        ENGINE_finish(ret->engine);
+#endif
                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
                OPENSSL_free(ret);
                ret=NULL;
@@ -189,8 +197,10 @@ void DSA_free(DSA *r)
        if(r->meth->finish)
                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
        if(r->engine)
                ENGINE_finish(r->engine);
+#endif
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
@@ -224,7 +234,10 @@ int DSA_size(const DSA *r)
        {
        int ret,i;
        ASN1_INTEGER bs;
-        unsigned char buf[4];
+        unsigned char buf[4];   /* 4 bytes looks really small.
+                                   However, i2d_ASN1_INTEGER() will not look
+                                   beyond the first byte, as long as the second
+                                   parameter is NULL. */
        i=BN_num_bits(r->q);
        bs.length=(i+7)/8;
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 37dd5fc994..b9e7f3ea5c 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -64,7 +64,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#include <openssl/engine.h>
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -106,13 +105,15 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        int i,reason=ERR_R_BN_LIB;
        DSA_SIG *ret=NULL;
+        BN_init(&m);
+        BN_init(&xr);
        if (!dsa->p || !dsa->q || !dsa->g)
                {
                reason=DSA_R_MISSING_PARAMETERS;
                goto err;
                }
-        BN_init(&m);
-        BN_init(&xr);
        s=BN_new();
        if (s == NULL) goto err;
@@ -178,6 +179,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
                return 0;
                }
+        BN_init(&k);
        if (ctx_in == NULL)
                {
                if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -185,7 +189,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        else
                ctx=ctx_in;
-        BN_init(&k);
        if ((r=BN_new()) == NULL) goto err;
        kinv=NULL;
@@ -241,11 +244,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                return -1;
                }
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
        BN_init(&u1);
        BN_init(&u2);
        BN_init(&t1);
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
        if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
                {
                ret = 0;
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index e9469ca62f..89205026f0 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -64,7 +64,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
-#include <openssl/engine.h>
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index 066c6b5b28..c4aeddd056 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -65,7 +65,6 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
-#include <openssl/engine.h>
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)

diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c index da2cdfa3d6..4171af24c6 100644 --- a/src/lib/libcrypto/dsa/dsa_lib.c +++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -63,7 +63,9 @@
63	#include <openssl/bn.h>	63	#include <openssl/bn.h>
64	#include <openssl/dsa.h>	64	#include <openssl/dsa.h>
65	#include <openssl/asn1.h>	65	#include <openssl/asn1.h>
		66	#ifndef OPENSSL_NO_ENGINE
66	#include <openssl/engine.h>	67	#include <openssl/engine.h>
		68	#endif
67		69
68	const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;	70	const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
69		71
@@ -93,11 +95,13 @@ int DSA_set_method(DSA dsa, const DSA_METHOD meth)
93	const DSA_METHOD *mtmp;	95	const DSA_METHOD *mtmp;
94	mtmp = dsa->meth;	96	mtmp = dsa->meth;
95	if (mtmp->finish) mtmp->finish(dsa);	97	if (mtmp->finish) mtmp->finish(dsa);
		98	#ifndef OPENSSL_NO_ENGINE
96	if (dsa->engine)	99	if (dsa->engine)
97	{	100	{
98	ENGINE_finish(dsa->engine);	101	ENGINE_finish(dsa->engine);
99	dsa->engine = NULL;	102	dsa->engine = NULL;
100	}	103	}
		104	#endif
101	dsa->meth = meth;	105	dsa->meth = meth;
102	if (meth->init) meth->init(dsa);	106	if (meth->init) meth->init(dsa);
103	return 1;	107	return 1;
@@ -114,6 +118,7 @@ DSA DSA_new_method(ENGINE engine)
114	return(NULL);	118	return(NULL);
115	}	119	}
116	ret->meth = DSA_get_default_method();	120	ret->meth = DSA_get_default_method();
		121	#ifndef OPENSSL_NO_ENGINE
117	if (engine)	122	if (engine)
118	{	123	{
119	if (!ENGINE_init(engine))	124	if (!ENGINE_init(engine))
@@ -138,6 +143,7 @@ DSA DSA_new_method(ENGINE engine)
138	return NULL;	143	return NULL;
139	}	144	}
140	}	145	}
		146	#endif
141		147
142	ret->pad=0;	148	ret->pad=0;
143	ret->version=0;	149	ret->version=0;
@@ -158,8 +164,10 @@ DSA DSA_new_method(ENGINE engine)
158	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);	164	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
159	if ((ret->meth->init != NULL) && !ret->meth->init(ret))	165	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
160	{	166	{
		167	#ifndef OPENSSL_NO_ENGINE
161	if (ret->engine)	168	if (ret->engine)
162	ENGINE_finish(ret->engine);	169	ENGINE_finish(ret->engine);
		170	#endif
163	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);	171	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
164	OPENSSL_free(ret);	172	OPENSSL_free(ret);
165	ret=NULL;	173	ret=NULL;
@@ -189,8 +197,10 @@ void DSA_free(DSA *r)
189		197
190	if(r->meth->finish)	198	if(r->meth->finish)
191	r->meth->finish(r);	199	r->meth->finish(r);
		200	#ifndef OPENSSL_NO_ENGINE
192	if(r->engine)	201	if(r->engine)
193	ENGINE_finish(r->engine);	202	ENGINE_finish(r->engine);
		203	#endif
194		204
195	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);	205	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
196		206
@@ -224,7 +234,10 @@ int DSA_size(const DSA *r)
224	{	234	{
225	int ret,i;	235	int ret,i;
226	ASN1_INTEGER bs;	236	ASN1_INTEGER bs;
227	unsigned char buf[4];	237	unsigned char buf[4]; /* 4 bytes looks really small.
		238	However, i2d_ASN1_INTEGER() will not look
		239	beyond the first byte, as long as the second
		240	parameter is NULL. */
228		241
229	i=BN_num_bits(r->q);	242	i=BN_num_bits(r->q);
230	bs.length=(i+7)/8;	243	bs.length=(i+7)/8;


diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 37dd5fc994..b9e7f3ea5c 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -64,7 +64,6 @@
64	#include <openssl/dsa.h>	64	#include <openssl/dsa.h>
65	#include <openssl/rand.h>	65	#include <openssl/rand.h>
66	#include <openssl/asn1.h>	66	#include <openssl/asn1.h>
67	#include <openssl/engine.h>
68		67
69	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);	68	static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa);
70	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);	69	static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp);
@@ -106,13 +105,15 @@ static DSA_SIG dsa_do_sign(const unsigned char dgst, int dlen, DSA *dsa)
106	int i,reason=ERR_R_BN_LIB;	105	int i,reason=ERR_R_BN_LIB;
107	DSA_SIG *ret=NULL;	106	DSA_SIG *ret=NULL;
108		107
		108	BN_init(&m);
		109	BN_init(&xr);
		110
109	if (!dsa->p \|\| !dsa->q \|\| !dsa->g)	111	if (!dsa->p \|\| !dsa->q \|\| !dsa->g)
110	{	112	{
111	reason=DSA_R_MISSING_PARAMETERS;	113	reason=DSA_R_MISSING_PARAMETERS;
112	goto err;	114	goto err;
113	}	115	}
114	BN_init(&m);	116
115	BN_init(&xr);
116	s=BN_new();	117	s=BN_new();
117	if (s == NULL) goto err;	118	if (s == NULL) goto err;
118		119
@@ -178,6 +179,9 @@ static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
178	DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);	179	DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
179	return 0;	180	return 0;
180	}	181	}
		182
		183	BN_init(&k);
		184
181	if (ctx_in == NULL)	185	if (ctx_in == NULL)
182	{	186	{
183	if ((ctx=BN_CTX_new()) == NULL) goto err;	187	if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -185,7 +189,6 @@ static int dsa_sign_setup(DSA dsa, BN_CTX ctx_in, BIGNUM kinvp, BIGNUM rp)
185	else	189	else
186	ctx=ctx_in;	190	ctx=ctx_in;
187		191
188	BN_init(&k);
189	if ((r=BN_new()) == NULL) goto err;	192	if ((r=BN_new()) == NULL) goto err;
190	kinv=NULL;	193	kinv=NULL;
191		194
@@ -241,11 +244,12 @@ static int dsa_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
241	return -1;	244	return -1;
242	}	245	}
243		246
244	if ((ctx=BN_CTX_new()) == NULL) goto err;
245	BN_init(&u1);	247	BN_init(&u1);
246	BN_init(&u2);	248	BN_init(&u2);
247	BN_init(&t1);	249	BN_init(&t1);
248		250
		251	if ((ctx=BN_CTX_new()) == NULL) goto err;
		252
249	if (BN_is_zero(sig->r) \|\| sig->r->neg \|\| BN_ucmp(sig->r, dsa->q) >= 0)	253	if (BN_is_zero(sig->r) \|\| sig->r->neg \|\| BN_ucmp(sig->r, dsa->q) >= 0)
250	{	254	{
251	ret = 0;	255	ret = 0;


diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c index e9469ca62f..89205026f0 100644 --- a/src/lib/libcrypto/dsa/dsa_sign.c +++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -64,7 +64,6 @@
64	#include <openssl/dsa.h>	64	#include <openssl/dsa.h>
65	#include <openssl/rand.h>	65	#include <openssl/rand.h>
66	#include <openssl/asn1.h>	66	#include <openssl/asn1.h>
67	#include <openssl/engine.h>
68		67
69	DSA_SIG * DSA_do_sign(const unsigned char dgst, int dlen, DSA dsa)	68	DSA_SIG * DSA_do_sign(const unsigned char dgst, int dlen, DSA dsa)
70	{	69	{


diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c index 066c6b5b28..c4aeddd056 100644 --- a/src/lib/libcrypto/dsa/dsa_vrf.c +++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -65,7 +65,6 @@
65	#include <openssl/rand.h>	65	#include <openssl/rand.h>
66	#include <openssl/asn1.h>	66	#include <openssl/asn1.h>
67	#include <openssl/asn1_mac.h>	67	#include <openssl/asn1_mac.h>
68	#include <openssl/engine.h>
69		68
70	int DSA_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,	69	int DSA_do_verify(const unsigned char dgst, int dgst_len, DSA_SIG sig,
71	DSA *dsa)	70	DSA *dsa)