add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS

[openssl.git] / crypto / rsa / rsa_saos.c

diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index 85adacc08fdece5ae290e4cf626243fd4349cdf0..f98e0a80a6c20fbee1b97ffdc45e588772c41363 100644 (file)
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -77,7 +77,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
 
        i=i2d_ASN1_OCTET_STRING(&sig,NULL);
        j=RSA_size(rsa);
-       if ((i-RSA_PKCS1_PADDING) > j)
+       if (i > (j-RSA_PKCS1_PADDING_SIZE))
                {
                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                return(0);
@@ -96,7 +96,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
        else
                *siglen=i;
 
-       memset(s,0,(unsigned int)j+1);
+       OPENSSL_cleanse(s,(unsigned int)j+1);
        OPENSSL_free(s);
        return(ret);
        }
@@ -107,7 +107,8 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
        RSA *rsa)
        {
        int i,ret=0;
-       unsigned char *p,*s;
+       unsigned char *s;
+       const unsigned char *p;
        ASN1_OCTET_STRING *sig=NULL;
 
        if (siglen != (unsigned int)RSA_size(rsa))
@@ -139,8 +140,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
                ret=1;
 err:
        if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-       memset(s,0,(unsigned int)siglen);
-       OPENSSL_free(s);
+       if (s != NULL)
+               {
+               OPENSSL_cleanse(s,(unsigned int)siglen);
+               OPENSSL_free(s);
+               }
        return(ret);
        }