From c35f549e8be6e3ceaf5bfc2536103d763234135b Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 2 Jan 1999 01:53:06 +0000
Subject: [PATCH] Move DSA test in ca.c inside #ifdef and make pubkey BIT
 STRING always have zero unused bits.

---
 CHANGES                | 4 ++++
 apps/ca.c              | 2 +-
 crypto/asn1/x_pubkey.c | 4 ++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index a7bc4a0ffc..f37ba45411 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+     BIT STRING wrapper always have zero unused bits.
+     [Steve Henson]
+
   *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
      [Steve Henson]
 
diff --git a/apps/ca.c b/apps/ca.c
index 67b7561c4f..21592412ba 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1694,9 +1694,9 @@ again2:
 			}
 		}
 
-	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
 
 #ifndef NO_DSA
+	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
         pktmp=X509_get_pubkey(ret);
         if (EVP_PKEY_missing_parameters(pktmp) &&
 		!EVP_PKEY_missing_parameters(pkey))
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index b8e6d0e00e..200817bf5b 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -188,6 +188,10 @@ EVP_PKEY *pkey;
 	p=s;
 	i2d_PublicKey(pkey,&p);
 	if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+	/* Set number of unused bits to zero */
+	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+
 	Free(s);
 
 	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-- 
2.25.1