M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
}
OPENSSL_free(tmp);
- memset(key, 0, keylen);
+ OPENSSL_cleanse(key, keylen);
if (out == NULL)
out=btmp;
}
EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
- memset(tmp,0,jj);
+ OPENSSL_cleanse(tmp,jj);
if (out == NULL)
out=etmp;
/* We now have the EVP_MD_CTX, lets do the
* signing. */
EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
- if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+ if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
{
PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
goto err;
ctx_tmp.digest=EVP_dss1();
#endif
#ifndef OPENSSL_NO_ECDSA
- if (si->pkey->type == EVP_PKEY_ECDSA)
+ if (si->pkey->type == EVP_PKEY_EC)
ctx_tmp.digest=EVP_ecdsa();
#endif
}
if (EVP_MD_CTX_type(mdc) == md_type)
break;
+ /* Workaround for some broken clients that put the signature
+ * OID instead of the digest OID in digest_alg->algorithm
+ */
+ if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+ break;
btmp=BIO_next(btmp);
}
if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
#endif
#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_ECDSA) mdc_tmp.digest=EVP_ecdsa();
+ if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
#endif
i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);