Make BIO opaque

[openssl.git] / crypto / rsa / rsa_sign.c

diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index ec1575ac30b81de47358e4a2bb526d52b128bba8..439d699f789dec31ef0de7a0aae6e3465eb7473a 100644 (file)
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -1,4 +1,3 @@
-/* crypto/rsa/rsa_sign.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -57,11 +56,12 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "internal/x509_int.h"
 #include "rsa_locl.h"
 
 /* Size of an SSL signature: MD5+SHA1 */
@@ -77,7 +77,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
     const unsigned char *s = NULL;
     X509_ALGOR algor;
     ASN1_OCTET_STRING digest;
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+    if (rsa->meth->rsa_sign) {
         return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
     }
     /* Special case: SSL signature, just check the length */
@@ -131,10 +131,8 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
     else
         *siglen = i;
 
-    if (type != NID_md5_sha1) {
-        OPENSSL_cleanse(tmps, (unsigned int)j + 1);
-        OPENSSL_free(tmps);
-    }
+    if (type != NID_md5_sha1)
+        OPENSSL_clear_free(tmps, (unsigned int)j + 1);
     return (ret);
 }
 
@@ -153,8 +151,7 @@ static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo,
         return 0;
     if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
         ret = 1;
-    OPENSSL_cleanse(der, derlen);
-    OPENSSL_free(der);
+    OPENSSL_clear_free(der, derlen);
     return ret;
 }
 
@@ -203,14 +200,13 @@ int int_rsa_verify(int dtype, const unsigned char *m,
             memcpy(rm, s + 2, 16);
             *prm_len = 16;
             ret = 1;
-        } else if (memcmp(m, s + 2, 16))
+        } else if (memcmp(m, s + 2, 16)) {
             RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
-        else
+        } else {
             ret = 1;
-    }
-
-    /* Special case: SSL signature */
-    if (dtype == NID_md5_sha1) {
+        }
+    } else if (dtype == NID_md5_sha1) {
+        /* Special case: SSL signature */
         if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
             RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
         else
@@ -240,11 +236,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
 
         sigtype = OBJ_obj2nid(sig->algor->algorithm);
 
-#ifdef RSA_DEBUG
-        /* put a backward compatibility flag in EAY */
-        fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
-                OBJ_nid2ln(dtype));
-#endif
         if (sigtype != dtype) {
             RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
             goto err;
@@ -266,12 +257,8 @@ int int_rsa_verify(int dtype, const unsigned char *m,
             ret = 1;
     }
  err:
-    if (sig != NULL)
-        X509_SIG_free(sig);
-    if (s != NULL) {
-        OPENSSL_cleanse(s, (unsigned int)siglen);
-        OPENSSL_free(s);
-    }
+    X509_SIG_free(sig);
+    OPENSSL_clear_free(s, (unsigned int)siglen);
     return (ret);
 }
 
@@ -279,7 +266,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 {
 
-    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+    if (rsa->meth->rsa_verify) {
         return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
     }