Fix for padding X9.31 padding check and zero padding bytes.

[openssl.git] / crypto / rsa / rsa_x931.c

diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c
index 7d77213d1300d4722806db030417aac72b619cb8..e918654176268c728a77825b8edc470691c88bb2 100644 (file)
--- a/crypto/rsa/rsa_x931.c
+++ b/crypto/rsa/rsa_x931.c
@@ -115,9 +115,9 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
                return -1;
                }
 
                return -1;
                }
 

-       j=flen-3;

        if (*p++ == 0x6B)
                {
        if (*p++ == 0x6B)
                {

+               j=flen-3;

                for (i = 0; i < j; i++)
                        {
                        unsigned char c = *p++;
                for (i = 0; i < j; i++)
                        {
                        unsigned char c = *p++;


@@ -130,15 +130,17 @@ int RSA_padding_check_X931(unsigned char *to, int tlen,
                                return -1;
                                }
                        }
                                return -1;
                                }
                        }

-               }

 
 

-       j -= i;
+               j -= i;
+
+               if (i == 0)
+                       {
+                       RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+                       return -1;
+                       }

 
 

-       if (i == 0)
-               {
-               RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
-               return -1;

                }
                }

+       else j = flen - 2;

 
        if (p[j] != 0xCC)
                {
 
        if (p[j] != 0xCC)
                {