#include <openssl/rsa.h>
#include <openssl/rand.h>
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
- int flen)
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *from, int flen)
{
int i,j;
unsigned char *p;
return(1);
}
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
- int flen, int num)
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *from, int flen, int num)
{
int i,j,k;
- unsigned char *p;
+ const unsigned char *p;
p=from;
if (flen < 10)
{
if (p[k] != 0x03) break;
}
- if (k == 0)
+ if (k == -1)
{
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
return(-1);
i++; /* Skip over the '\0' */
j-=i;
+ if (j > tlen)
+ {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
+ return(-1);
+ }
memcpy(to,p,(unsigned int)j);
return(j);