OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2
if you are using the ssl26 packages for ssh and other things to work you will
need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

1 files changed, 9 insertions, 2 deletions

diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
index 1050844f8d..81a857c813 100644
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -82,12 +82,14 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
         /* pad out with non-zero random data */
         j=tlen-3-8-flen;
 
-        RAND_bytes(p,j);
+        if (RAND_bytes(p,j) <= 0)
+                return(0);
         for (i=0; i<j; i++)
                 {
                 if (*p == '\0')
                         do      {
-                                RAND_bytes(p,1);
+                                if (RAND_bytes(p,1) <= 0)
+                                        return(0);
                                 } while (*p == '\0');
                 p++;
                 }
@@ -140,6 +142,11 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
 
         i++; /* Skip over the '\0' */
         j-=i;
+        if (j > tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
+                return(-1);
+                }
         memcpy(to,p,(unsigned int)j);
 
         return(j);