projects / oweals / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
[oweals/openssl.git] / crypto / rsa / rsa_saos.c
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index 423cb50652235d3c2fa0687177f525e64dcfc1a6..f98e0a80a6c20fbee1b97ffdc45e588772c41363 100644 (file)
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -96,7 +96,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
        else
                *siglen=i;
 
-       memset(s,0,(unsigned int)j+1);
+       OPENSSL_cleanse(s,(unsigned int)j+1);
        OPENSSL_free(s);
        return(ret);
        }
@@ -107,7 +107,8 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
        RSA *rsa)
        {
        int i,ret=0;
-       unsigned char *p,*s;
+       unsigned char *s;
+       const unsigned char *p;
        ASN1_OCTET_STRING *sig=NULL;
 
        if (siglen != (unsigned int)RSA_size(rsa))
@@ -139,8 +140,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
                ret=1;
 err:
        if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-       memset(s,0,(unsigned int)siglen);
-       OPENSSL_free(s);
+       if (s != NULL)
+               {
+               OPENSSL_cleanse(s,(unsigned int)siglen);
+               OPENSSL_free(s);
+               }
        return(ret);
        }
 
Unnamed repository; edit this file 'description' to name the repository.