pki: Refactor _RSA_do_sign().

src/pki_crypto.c

@@ -488,34 +488,50 @@ fail:
     return NULL;
 }
 
-static ssh_string _RSA_do_sign(const unsigned char *payload,
+/**
-                               int len,
+ * @internal
+ *
+ * @brief Compute a digital signature.
+ *
+ * @param[in]  digest    The message digest.
+ *
+ * @param[in]  dlen      The length of the digest.
+ *
+ * @param[in]  privkey   The private rsa key to use for signing.
+ *
+ * @return               A newly allocated rsa sig blob or NULL on error.
+ */
+static ssh_string _RSA_do_sign(const unsigned char *digest,
+                               int dlen,
                                RSA *privkey)
 {
-    ssh_string sign = NULL;
+    ssh_string sig_blob;
-    unsigned char *buffer = NULL;
+    unsigned char *sig;
-    unsigned int size;
+    unsigned int slen;
+    int ok;
 
-    buffer = malloc(RSA_size(privkey));
+    sig = malloc(RSA_size(privkey));
-    if (buffer == NULL) {
+    if (sig == NULL) {
         return NULL;
     }
 
-    if (RSA_sign(NID_sha1, payload, len, buffer, &size, privkey) == 0) {
+    ok = RSA_sign(NID_sha1, digest, dlen, sig, &slen, privkey);
-        SAFE_FREE(buffer);
+    if (!ok) {
+        SAFE_FREE(sig);
         return NULL;
     }
 
-    sign = ssh_string_new(size);
+    sig_blob = ssh_string_new(slen);
-    if (sign == NULL) {
+    if (sig_blob == NULL) {
-        SAFE_FREE(buffer);
+        SAFE_FREE(sig);
         return NULL;
     }
 
-    ssh_string_fill(sign, buffer, size);
+    ssh_string_fill(sig_blob, sig, slen);
-    SAFE_FREE(buffer);
+    memset(sig, 'd', slen);
+    SAFE_FREE(sig);
 
-    return sign;
+    return sig_blob;
 }
 
 ssh_string pki_signature_to_blob(const ssh_signature sig)