-/* crypto/rsa/rsa_sign.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
*/
#include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include "internal/x509_int.h"
#include "rsa_locl.h"
/* Size of an SSL signature: MD5+SHA1 */
const unsigned char *s = NULL;
X509_ALGOR algor;
ASN1_OCTET_STRING digest;
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+ if (rsa->meth->rsa_sign) {
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
}
/* Special case: SSL signature, just check the length */
else
*siglen = i;
- if (type != NID_md5_sha1) {
- OPENSSL_cleanse(tmps, (unsigned int)j + 1);
- OPENSSL_free(tmps);
- }
+ if (type != NID_md5_sha1)
+ OPENSSL_clear_free(tmps, (unsigned int)j + 1);
return (ret);
}
return 0;
if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
ret = 1;
- OPENSSL_cleanse(der, derlen);
- OPENSSL_free(der);
+ OPENSSL_clear_free(der, derlen);
return ret;
}
memcpy(rm, s + 2, 16);
*prm_len = 16;
ret = 1;
- } else if (memcmp(m, s + 2, 16))
+ } else if (memcmp(m, s + 2, 16)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
- else
+ } else {
ret = 1;
- }
-
- /* Special case: SSL signature */
- if (dtype == NID_md5_sha1) {
+ }
+ } else if (dtype == NID_md5_sha1) {
+ /* Special case: SSL signature */
if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
else
sigtype = OBJ_obj2nid(sig->algor->algorithm);
-#ifdef RSA_DEBUG
- /* put a backward compatibility flag in EAY */
- fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
- OBJ_nid2ln(dtype));
-#endif
if (sigtype != dtype) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
goto err;
ret = 1;
}
err:
- if (sig != NULL)
- X509_SIG_free(sig);
- if (s != NULL) {
- OPENSSL_cleanse(s, (unsigned int)siglen);
- OPENSSL_free(s);
- }
+ X509_SIG_free(sig);
+ OPENSSL_clear_free(s, (unsigned int)siglen);
return (ret);
}
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+ if (rsa->meth->rsa_verify) {
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}