X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Frsa%2Frsa_ssl.c;h=ea72629494cffd952d15eff4098b3f554c9ff723;hp=e1bbbe794902f4f598ad87bde929f46232e5532e;hb=42ba5d2329a2705d45417db3dd374c677eb47e05;hpb=6b691a5c85ddc4e407e32781841fee5c029506cd

diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index e1bbbe7949..ea72629494 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -58,12 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
 
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
-	     int flen)
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+	const unsigned char *from, int flen)
 	{
 	int i,j;
 	unsigned char *p;
@@ -82,12 +82,14 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
 	/* pad out with non-zero random data */
 	j=tlen-3-8-flen;
 
-	RAND_bytes(p,j);
+	if (RAND_bytes(p,j) <= 0)
+		return(0);
 	for (i=0; i<j; i++)
 		{
 		if (*p == '\0')
 			do	{
-				RAND_bytes(p,1);
+				if (RAND_bytes(p,1) <= 0)
+					return(0);
 				} while (*p == '\0');
 		p++;
 		}
@@ -100,11 +102,11 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
 	return(1);
 	}
 
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
-	     int flen, int num)
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+	const unsigned char *from, int flen, int num)
 	{
 	int i,j,k;
-	unsigned char *p;
+	const unsigned char *p;
 
 	p=from;
 	if (flen < 10)
@@ -132,7 +134,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
 		{
 		if (p[k] !=  0x03) break;
 		}
-	if (k == 0)
+	if (k == -1)
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
 		return(-1);
@@ -140,6 +142,11 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
 
 	i++; /* Skip over the '\0' */
 	j-=i;
+	if (j > tlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
+		return(-1);
+		}
 	memcpy(to,p,(unsigned int)j);
 
 	return(j);