X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Frsa%2Frsa_sign.c;h=4ac2de34079090b1d45e0c4378faba2db9824dfb;hb=0edad88a31dea971b0275b759bd72838f4241984;hp=2a440901de3ee94f76b93ffe0e843a25a50fd222;hpb=f2a253e0ddd23c9a7601276f37b536fff53f3f8f;p=oweals%2Fopenssl.git

diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 2a440901de..4ac2de3407 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -113,7 +113,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 		i=i2d_X509_SIG(&sig,NULL);
 	}
 	j=RSA_size(rsa);
-	if ((i-RSA_PKCS1_PADDING) > j)
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
 		return(0);
@@ -136,7 +136,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
 		*siglen=i;
 
 	if(type != NID_md5_sha1) {
-		memset(tmps,0,(unsigned int)j+1);
+		OPENSSL_cleanse(tmps,(unsigned int)j+1);
 		OPENSSL_free(tmps);
 	}
 	return(ret);
@@ -221,7 +221,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
 	}
 err:
 	if (sig != NULL) X509_SIG_free(sig);
-	memset(s,0,(unsigned int)siglen);
+	OPENSSL_cleanse(s,(unsigned int)siglen);
 	OPENSSL_free(s);
 	return(ret);
 	}