As with RSA, which was modified recently, this change makes it possible to

[oweals/openssl.git] / crypto / rsa / rsa_saos.c

diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index 85adacc08fdece5ae290e4cf626243fd4349cdf0..f462716a57f2f6d6a50cbfc97eee309272f4120b 100644 (file)
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -77,7 +77,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
 
        i=i2d_ASN1_OCTET_STRING(&sig,NULL);
        j=RSA_size(rsa);
-       if ((i-RSA_PKCS1_PADDING) > j)
+       if (i > (j-RSA_PKCS1_PADDING_SIZE))
                {
                RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                return(0);
@@ -96,7 +96,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
        else
                *siglen=i;
 
-       memset(s,0,(unsigned int)j+1);
+       OPENSSL_cleanse(s,(unsigned int)j+1);
        OPENSSL_free(s);
        return(ret);
        }
@@ -139,7 +139,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
                ret=1;
 err:
        if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-       memset(s,0,(unsigned int)siglen);
+       OPENSSL_cleanse(s,(unsigned int)siglen);
        OPENSSL_free(s);
        return(ret);
        }