1 files changed, 33 insertions, 42 deletions
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pk1.c b/src/lib/libssl/src/crypto/rsa/rsa_pk1.c
index 2791291b94..c1edd6764f 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pk1.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pk1.c
@@ -58,27 +58,12 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
+#include <openssl/bn.h>
-#include "rsa.h"
+#include <openssl/rsa.h>
-#include "rand.h"
+#include <openssl/rand.h>
-#ifndef NOPROTO
-int RSA_padding_add_PKCS1_type_1();
-int RSA_padding_check_PKCS1_type_1();
-int RSA_padding_add_PKCS1_type_2();
-int RSA_padding_check_PKCS1_type_2();
-int RSA_padding_add_SSLv23();
-int RSA_padding_check_SSLv23();
-int RSA_padding_add_none();
-int RSA_padding_check_none();
-#endif
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+             const unsigned char *from, int flen)
-int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
        {
        int j;
        unsigned char *p;
@@ -94,7 +79,7 @@ int flen;
        *(p++)=0;
        *(p++)=1; /* Private Key BT (Block Type) */
-        /* padd out with 0xff data */
+        /* pad out with 0xff data */
        j=tlen-3-flen;
        memset(p,0xff,j);
        p+=j;
@@ -103,17 +88,14 @@ int flen;
        return(1);
        }
-int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen)
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-unsigned char *to;
+             const unsigned char *from, int flen, int num)
-int tlen;
-unsigned char *from;
-int flen;
        {
        int i,j;
-        unsigned char *p;
+        const unsigned char *p;
        p=from;
-        if (*(p++) != 01)
+        if ((num != (flen+1)) || (*(p++) != 01))
                {
                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
                return(-1);
@@ -148,16 +130,18 @@ int flen;
                }
        i++; /* Skip over the '\0' */
        j-=i;
+        if (j > tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
+                return(-1);
+                }
        memcpy(to,p,(unsigned int)j);
        return(j);
        }
-int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen)
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-unsigned char *to;
+             const unsigned char *from, int flen)
-int tlen;
-unsigned char *from;
-int flen;
        {
        int i,j;
        unsigned char *p;
@@ -176,12 +160,14 @@ int flen;
        /* pad out with non-zero random data */
        j=tlen-3-flen;
-        RAND_bytes(p,j);
+        if (RAND_bytes(p,j) <= 0)
+                return(0);
        for (i=0; i<j; i++)
                {
                if (*p == '\0')
                        do      {
-                                RAND_bytes(p,1);
+                                if (RAND_bytes(p,1) <= 0)
+                                        return(0);
                                } while (*p == '\0');
                p++;
                }
@@ -192,21 +178,21 @@ int flen;
        return(1);
        }
-int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen)
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-unsigned char *to;
+             const unsigned char *from, int flen, int num)
-int tlen;
-unsigned char *from;
-int flen;
        {
        int i,j;
-        unsigned char *p;
+        const unsigned char *p;
        p=from;
-        if (*(p++) != 02)
+        if ((num != (flen+1)) || (*(p++) != 02))
                {
                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
                return(-1);
                }
+#ifdef PKCS1_CHECK
+        return(num-11);
+#endif
        /* scan over padding data */
        j=flen-1; /* one for type. */
@@ -226,6 +212,11 @@ int flen;
                }
        i++; /* Skip over the '\0' */
        j-=i;
+        if (j > tlen)
+                {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
+                return(-1);
+                }
        memcpy(to,p,(unsigned int)j);
        return(j);

diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pk1.c b/src/lib/libssl/src/crypto/rsa/rsa_pk1.c index 2791291b94..c1edd6764f 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_pk1.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_pk1.c
@@ -58,27 +58,12 @@
58		58
59	#include <stdio.h>	59	#include <stdio.h>
60	#include "cryptlib.h"	60	#include "cryptlib.h"
61	#include "bn.h"	61	#include <openssl/bn.h>
62	#include "rsa.h"	62	#include <openssl/rsa.h>
63	#include "rand.h"	63	#include <openssl/rand.h>
64
65	#ifndef NOPROTO
66	int RSA_padding_add_PKCS1_type_1();
67	int RSA_padding_check_PKCS1_type_1();
68	int RSA_padding_add_PKCS1_type_2();
69	int RSA_padding_check_PKCS1_type_2();
70	int RSA_padding_add_SSLv23();
71	int RSA_padding_check_SSLv23();
72	int RSA_padding_add_none();
73	int RSA_padding_check_none();
74		64
75	#endif	65	int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
76		66	const unsigned char *from, int flen)
77	int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen)
78	unsigned char *to;
79	int tlen;
80	unsigned char *from;
81	int flen;
82	{	67	{
83	int j;	68	int j;
84	unsigned char *p;	69	unsigned char *p;
@@ -94,7 +79,7 @@ int flen;
94	*(p++)=0;	79	*(p++)=0;
95	(p++)=1; / Private Key BT (Block Type) */	80	(p++)=1; / Private Key BT (Block Type) */
96		81
97	/* padd out with 0xff data */	82	/* pad out with 0xff data */
98	j=tlen-3-flen;	83	j=tlen-3-flen;
99	memset(p,0xff,j);	84	memset(p,0xff,j);
100	p+=j;	85	p+=j;
@@ -103,17 +88,14 @@ int flen;
103	return(1);	88	return(1);
104	}	89	}
105		90
106	int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen)	91	int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
107	unsigned char *to;	92	const unsigned char *from, int flen, int num)
108	int tlen;
109	unsigned char *from;
110	int flen;
111	{	93	{
112	int i,j;	94	int i,j;
113	unsigned char *p;	95	const unsigned char *p;
114		96
115	p=from;	97	p=from;
116	if (*(p++) != 01)	98	if ((num != (flen+1)) \|\| (*(p++) != 01))
117	{	99	{
118	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);	100	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
119	return(-1);	101	return(-1);
@@ -148,16 +130,18 @@ int flen;
148	}	130	}
149	i++; /* Skip over the '\0' */	131	i++; /* Skip over the '\0' */
150	j-=i;	132	j-=i;
		133	if (j > tlen)
		134	{
		135	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
		136	return(-1);
		137	}
151	memcpy(to,p,(unsigned int)j);	138	memcpy(to,p,(unsigned int)j);
152		139
153	return(j);	140	return(j);
154	}	141	}
155		142
156	int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen)	143	int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
157	unsigned char *to;	144	const unsigned char *from, int flen)
158	int tlen;
159	unsigned char *from;
160	int flen;
161	{	145	{
162	int i,j;	146	int i,j;
163	unsigned char *p;	147	unsigned char *p;
@@ -176,12 +160,14 @@ int flen;
176	/* pad out with non-zero random data */	160	/* pad out with non-zero random data */
177	j=tlen-3-flen;	161	j=tlen-3-flen;
178		162
179	RAND_bytes(p,j);	163	if (RAND_bytes(p,j) <= 0)
		164	return(0);
180	for (i=0; i<j; i++)	165	for (i=0; i<j; i++)
181	{	166	{
182	if (*p == '\0')	167	if (*p == '\0')
183	do {	168	do {
184	RAND_bytes(p,1);	169	if (RAND_bytes(p,1) <= 0)
		170	return(0);
185	} while (*p == '\0');	171	} while (*p == '\0');
186	p++;	172	p++;
187	}	173	}
@@ -192,21 +178,21 @@ int flen;
192	return(1);	178	return(1);
193	}	179	}
194		180
195	int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen)	181	int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
196	unsigned char *to;	182	const unsigned char *from, int flen, int num)
197	int tlen;
198	unsigned char *from;
199	int flen;
200	{	183	{
201	int i,j;	184	int i,j;
202	unsigned char *p;	185	const unsigned char *p;
203		186
204	p=from;	187	p=from;
205	if (*(p++) != 02)	188	if ((num != (flen+1)) \|\| (*(p++) != 02))
206	{	189	{
207	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);	190	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
208	return(-1);	191	return(-1);
209	}	192	}
		193	#ifdef PKCS1_CHECK
		194	return(num-11);
		195	#endif
210		196
211	/* scan over padding data */	197	/* scan over padding data */
212	j=flen-1; /* one for type. */	198	j=flen-1; /* one for type. */
@@ -226,6 +212,11 @@ int flen;
226	}	212	}
227	i++; /* Skip over the '\0' */	213	i++; /* Skip over the '\0' */
228	j-=i;	214	j-=i;
		215	if (j > tlen)
		216	{
		217	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
		218	return(-1);
		219	}
229	memcpy(to,p,(unsigned int)j);	220	memcpy(to,p,(unsigned int)j);
230		221
231	return(j);	222	return(j);