Enc doesn't support AEAD ciphers.

[openssl.git] / crypto / dsa / dsa_lib.c

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 9fe002cb0adb8c3854cc89a902817476d1ac3e96..b78fadd46792b8be65cc95073f8f6ae76503a843 100644 (file)
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -63,9 +63,14 @@
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
 
-const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
 
@@ -93,11 +98,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
         const DSA_METHOD *mtmp;
         mtmp = dsa->meth;
         if (mtmp->finish) mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
        if (dsa->engine)
                {
                ENGINE_finish(dsa->engine);
                dsa->engine = NULL;
                }
+#endif
         dsa->meth = meth;
         if (meth->init) meth->init(dsa);
         return 1;
@@ -114,6 +121,7 @@ DSA *DSA_new_method(ENGINE *engine)
                return(NULL);
                }
        ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
        if (engine)
                {
                if (!ENGINE_init(engine))
@@ -138,6 +146,7 @@ DSA *DSA_new_method(ENGINE *engine)
                        return NULL;
                        }
                }
+#endif
 
        ret->pad=0;
        ret->version=0;
@@ -154,12 +163,14 @@ DSA *DSA_new_method(ENGINE *engine)
        ret->method_mont_p=NULL;
 
        ret->references=1;
-       ret->flags=ret->meth->flags;
+       ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
+#ifndef OPENSSL_NO_ENGINE
                if (ret->engine)
                        ENGINE_finish(ret->engine);
+#endif
                CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
                OPENSSL_free(ret);
                ret=NULL;
@@ -189,8 +200,10 @@ void DSA_free(DSA *r)
 
        if(r->meth->finish)
                r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
        if(r->engine)
                ENGINE_finish(r->engine);
+#endif
 
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 
@@ -224,11 +237,13 @@ int DSA_size(const DSA *r)
        {
        int ret,i;
        ASN1_INTEGER bs;
-       unsigned char buf[4];
+       unsigned char buf[4];   /* 4 bytes looks really small.
+                                  However, i2d_ASN1_INTEGER() will not look
+                                  beyond the first byte, as long as the second
+                                  parameter is NULL. */
 
        i=BN_num_bits(r->q);
        bs.length=(i+7)/8;
-       OPENSSL_assert(bs.length <= sizeof buf);
        bs.data=buf;
        bs.type=V_ASN1_INTEGER;
        /* If the top bit is set the asn1 encoding is 1 larger. */
@@ -257,11 +272,17 @@ void *DSA_get_ex_data(DSA *d, int idx)
        return(CRYPTO_get_ex_data(&d->ex_data,idx));
        }
 
+int DSA_security_bits(const DSA *d)
+       {
+       return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+       }
+
 #ifndef OPENSSL_NO_DH
 DH *DSA_dup_DH(const DSA *r)
        {
        /* DSA has p, q, g, optional pub_key, optional priv_key.
-        * DH has p, optional length, g, optional pub_key, optional priv_key.
+        * DH has p, optional length, g, optional pub_key, optional priv_key,
+        * optional q.
         */ 
 
        DH *ret = NULL;
@@ -275,7 +296,11 @@ DH *DSA_dup_DH(const DSA *r)
                if ((ret->p = BN_dup(r->p)) == NULL)
                        goto err;
        if (r->q != NULL)
+               {
                ret->length = BN_num_bits(r->q);
+               if ((ret->q = BN_dup(r->q)) == NULL)
+                       goto err;
+               }
        if (r->g != NULL)
                if ((ret->g = BN_dup(r->g)) == NULL)
                        goto err;