/* pad out with non-zero random data */
j=tlen-3-8-flen;
- RAND_bytes(p,j);
+ if (RAND_bytes(p,j) <= 0)
+ return(0);
for (i=0; i<j; i++)
{
if (*p == '\0')
do {
- RAND_bytes(p,1);
+ if (RAND_bytes(p,1) <= 0)
+ return(0);
} while (*p == '\0');
p++;
}
{
if (p[k] != 0x03) break;
}
- if (k == 0)
+ if (k == -1)
{
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
return(-1);
i++; /* Skip over the '\0' */
j-=i;
+ if (j > tlen)
+ {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
+ return(-1);
+ }
memcpy(to,p,(unsigned int)j);
return(j);