Port from stable branch.

[openssl.git] / crypto / asn1 / a_verify.c

diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index bf41de5146dfd2f752e05d97190f64d187714784..05329277a2df0da4a39d5721cdd8029d38ed6454 100644 (file)
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -73,8 +73,8 @@
 
 #ifndef NO_ASN1_OLD
 
-int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
-            char *data, EVP_PKEY *pkey)
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+               char *data, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
        const EVP_MD *type;
@@ -103,7 +103,7 @@ int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
        EVP_VerifyInit_ex(&ctx,type, NULL);
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-       memset(buf_in,0,(unsigned int)inl);
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
 
        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
@@ -142,6 +142,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
                goto err;
                }
 
+       if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+               ret=0;
+               goto err;
+               }
+
        inl = ASN1_item_i2d(asn, &buf_in, it);
        
        if (buf_in == NULL)
@@ -150,10 +157,9 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
                goto err;
                }
 
-       EVP_VerifyInit_ex(&ctx,type, NULL);
        EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-       memset(buf_in,0,(unsigned int)inl);
+       OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
 
        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,