X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Frsa%2Frsa_saos.c;h=f98e0a80a6c20fbee1b97ffdc45e588772c41363;hp=61efb0b00fd71153f5a16375333dd4a48a09a3cb;hb=c553721e8ba2a79c9ee14bf17814271ce1f33d9e;hpb=08e9c1af6c26f74ef7f7524be4b89241ff232a8c

diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index 61efb0b00f..f98e0a80a6 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -63,8 +63,9 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
-	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+int RSA_sign_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_len,
+	unsigned char *sigret, unsigned int *siglen, RSA *rsa)
 	{
 	ASN1_OCTET_STRING sig;
 	int i,j,ret=1;
@@ -72,16 +73,16 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 
 	sig.type=V_ASN1_OCTET_STRING;
 	sig.length=m_len;
-	sig.data=m;
+	sig.data=(unsigned char *)m;
 
 	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
 	j=RSA_size(rsa);
-	if ((i-RSA_PKCS1_PADDING) > j)
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
 		return(0);
 		}
-	s=(unsigned char *)Malloc((unsigned int)j+1);
+	s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
 	if (s == NULL)
 		{
 		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
@@ -95,17 +96,19 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
 	else
 		*siglen=i;
 
-	memset(s,0,(unsigned int)j+1);
-	Free(s);
+	OPENSSL_cleanse(s,(unsigned int)j+1);
+	OPENSSL_free(s);
 	return(ret);
 	}
 
-int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
-	     unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-	     RSA *rsa)
+int RSA_verify_ASN1_OCTET_STRING(int dtype,
+	const unsigned char *m,
+	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+	RSA *rsa)
 	{
 	int i,ret=0;
-	unsigned char *p,*s;
+	unsigned char *s;
+	const unsigned char *p;
 	ASN1_OCTET_STRING *sig=NULL;
 
 	if (siglen != (unsigned int)RSA_size(rsa))
@@ -114,7 +117,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
 		return(0);
 		}
 
-	s=(unsigned char *)Malloc((unsigned int)siglen);
+	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
 	if (s == NULL)
 		{
 		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
@@ -137,8 +140,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
 		ret=1;
 err:
 	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-	memset(s,0,(unsigned int)siglen);
-	Free(s);
+	if (s != NULL)
+		{
+		OPENSSL_cleanse(s,(unsigned int)siglen);
+		OPENSSL_free(s);
+		}
 	return(ret);
 	}