mark all block comments that need format preserving so that
[openssl.git] / crypto / dsa / dsa_lib.c
index 900e009..b78fadd 100644 (file)
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
 
-const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
 
@@ -93,11 +98,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
         const DSA_METHOD *mtmp;
         mtmp = dsa->meth;
         if (mtmp->finish) mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
        if (dsa->engine)
                {
                ENGINE_finish(dsa->engine);
                dsa->engine = NULL;
                }
+#endif
         dsa->meth = meth;
         if (meth->init) meth->init(dsa);
         return 1;
@@ -110,25 +117,36 @@ DSA *DSA_new_method(ENGINE *engine)
        ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
        if (ret == NULL)
                {
-               DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+               DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
        ret->meth = DSA_get_default_method();
-       ret->engine = engine;
-       if(!ret->engine)
+#ifndef OPENSSL_NO_ENGINE
+       if (engine)
+               {
+               if (!ENGINE_init(engine))
+                       {
+                       DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+                       OPENSSL_free(ret);
+                       return NULL;
+                       }
+               ret->engine = engine;
+               }
+       else
                ret->engine = ENGINE_get_default_DSA();
        if(ret->engine)
                {
                ret->meth = ENGINE_get_DSA(ret->engine);
                if(!ret->meth)
                        {
-                       DSAerr(DSA_F_DSA_NEW,
+                       DSAerr(DSA_F_DSA_NEW_METHOD,
                                ERR_R_ENGINE_LIB);
                        ENGINE_finish(ret->engine);
                        OPENSSL_free(ret);
                        return NULL;
                        }
                }
+#endif
 
        ret->pad=0;
        ret->version=0;
@@ -145,10 +163,14 @@ DSA *DSA_new_method(ENGINE *engine)
        ret->method_mont_p=NULL;
 
        ret->references=1;
-       ret->flags=ret->meth->flags;
+       ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
+#ifndef OPENSSL_NO_ENGINE
+               if (ret->engine)
+                       ENGINE_finish(ret->engine);
+#endif
                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
                OPENSSL_free(ret);
                ret=NULL;
@@ -178,8 +200,10 @@ void DSA_free(DSA *r)
 
        if(r->meth->finish)
                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
        if(r->engine)
                ENGINE_finish(r->engine);
+#endif
 
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 
@@ -213,7 +237,10 @@ int DSA_size(const DSA *r)
        {
        int ret,i;
        ASN1_INTEGER bs;
-       unsigned char buf[4];
+       unsigned char buf[4];   /* 4 bytes looks really small.
+                                  However, i2d_ASN1_INTEGER() will not look
+                                  beyond the first byte, as long as the second
+                                  parameter is NULL. */
 
        i=BN_num_bits(r->q);
        bs.length=(i+7)/8;
@@ -245,11 +272,17 @@ void *DSA_get_ex_data(DSA *d, int idx)
        return(CRYPTO_get_ex_data(&d->ex_data,idx));
        }
 
+int DSA_security_bits(const DSA *d)
+       {
+       return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+       }
+
 #ifndef OPENSSL_NO_DH
 DH *DSA_dup_DH(const DSA *r)
        {
        /* DSA has p, q, g, optional pub_key, optional priv_key.
-        * DH has p, optional length, g, optional pub_key, optional priv_key.
+        * DH has p, optional length, g, optional pub_key, optional priv_key,
+        * optional q.
         */ 
 
        DH *ret = NULL;
@@ -263,7 +296,11 @@ DH *DSA_dup_DH(const DSA *r)
                if ((ret->p = BN_dup(r->p)) == NULL)
                        goto err;
        if (r->q != NULL)
+               {
                ret->length = BN_num_bits(r->q);
+               if ((ret->q = BN_dup(r->q)) == NULL)
+                       goto err;
+               }
        if (r->g != NULL)
                if ((ret->g = BN_dup(r->g)) == NULL)
                        goto err;