More secure storage of key material.

[openssl.git] / crypto / dsa / dsa_key.c

diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 8584963609833ad6399918eca68aa7d1805cc57b..19d21eacf72f1dddaf2c8314891d357247cc099c 100644 (file)
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -58,11 +58,10 @@
 
 #include <stdio.h>
 #include <time.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/rand.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
 
 static int dsa_builtin_keygen(DSA *dsa);
 
@@ -83,7 +82,7 @@ static int dsa_builtin_keygen(DSA *dsa)
         goto err;
 
     if (dsa->priv_key == NULL) {
-        if ((priv_key = BN_new()) == NULL)
+        if ((priv_key = BN_secure_new()) == NULL)
             goto err;
     } else
         priv_key = dsa->priv_key;
@@ -112,12 +111,10 @@ static int dsa_builtin_keygen(DSA *dsa)
             prk = priv_key;
 
         if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
-            if (local_prk != NULL)
-                BN_free(local_prk);
+            BN_free(local_prk);
             goto err;
         }
-        if (local_prk != NULL)
-            BN_free(local_prk);
+        BN_free(local_prk);
     }
 
     dsa->priv_key = priv_key;
@@ -125,12 +122,10 @@ static int dsa_builtin_keygen(DSA *dsa)
     ok = 1;
 
  err:
-    if ((pub_key != NULL) && (dsa->pub_key == NULL))
+    if (pub_key != dsa->pub_key)
         BN_free(pub_key);
-    if ((priv_key != NULL) && (dsa->priv_key == NULL))
+    if (priv_key != dsa->priv_key)
         BN_free(priv_key);
-    if (ctx != NULL)
-        BN_CTX_free(ctx);
+    BN_CTX_free(ctx);
     return (ok);
 }
-#endif