|
|
@@ -301,105 +301,6 @@ int RSA_padding_check_none(uint8_t *to, unsigned tlen, const uint8_t *from, |
|
|
|
return flen; |
|
|
|
} |
|
|
|
|
|
|
|
int RSA_padding_add_SSLv23(uint8_t *to, unsigned tlen, const uint8_t *from, |
|
|
|
unsigned flen) { |
|
|
|
unsigned i, j; |
|
|
|
uint8_t *p; |
|
|
|
|
|
|
|
if (tlen < RSA_PKCS1_PADDING_SIZE) { |
|
|
|
OPENSSL_PUT_ERROR(RSA, RSA_padding_add_PKCS1_type_2, |
|
|
|
RSA_R_KEY_SIZE_TOO_SMALL); |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
if (flen > tlen - RSA_PKCS1_PADDING_SIZE) { |
|
|
|
OPENSSL_PUT_ERROR(RSA, RSA_padding_add_SSLv23, |
|
|
|
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
p = to; |
|
|
|
|
|
|
|
*(p++) = 0; |
|
|
|
*(p++) = 2; /* Public Key BT (Block Type) */ |
|
|
|
|
|
|
|
/* pad out with non-zero random data */ |
|
|
|
j = tlen - 3 - 8 - flen; |
|
|
|
|
|
|
|
if (RAND_pseudo_bytes(p, j) <= 0) { |
|
|
|
return 0; |
|
|
|
} |
|
|
|
|
|
|
|
for (i = 0; i < j; i++) { |
|
|
|
while (*p == '\0') { |
|
|
|
if (RAND_pseudo_bytes(p, 1) <= 0) |
|
|
|
return 0; |
|
|
|
} |
|
|
|
p++; |
|
|
|
} |
|
|
|
|
|
|
|
memset(p, 3, 8); |
|
|
|
p += 8; |
|
|
|
*(p++) = '\0'; |
|
|
|
|
|
|
|
memcpy(p, from, flen); |
|
|
|
return 1; |
|
|
|
} |
|
|
|
|
|
|
|
int RSA_padding_check_SSLv23(uint8_t *to, unsigned tlen, const uint8_t *from, |
|
|
|
unsigned flen) { |
|
|
|
unsigned i, j; |
|
|
|
int k; |
|
|
|
const uint8_t *p; |
|
|
|
|
|
|
|
p = from; |
|
|
|
if (flen < 10) { |
|
|
|
OPENSSL_PUT_ERROR(RSA, RSA_padding_check_SSLv23, RSA_R_DATA_TOO_SMALL); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
if ((*(p++) != 0) || (*(p++) != 2)) { |
|
|
|
OPENSSL_PUT_ERROR(RSA, RSA_padding_check_SSLv23, |
|
|
|
RSA_R_BLOCK_TYPE_IS_NOT_02); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
/* scan over padding data */ |
|
|
|
j = flen - 2; /* one for leading 00, one for type */ |
|
|
|
for (i = 0; i < j; i++) { |
|
|
|
if (*(p++) == 0) { |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if (i == j || i < 8) { |
|
|
|
OPENSSL_PUT_ERROR(RSA, RSA_padding_check_SSLv23, |
|
|
|
RSA_R_NULL_BEFORE_BLOCK_MISSING); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
for (k = -9; k < -1; k++) { |
|
|
|
if (p[k] != 0x03) { |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if (k == -1) { |
|
|
|
OPENSSL_PUT_ERROR(RSA, RSA_padding_check_SSLv23, |
|
|
|
RSA_R_SSLV3_ROLLBACK_ATTACK); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
|
|
|
|
i++; /* Skip over the '\0' */ |
|
|
|
j -= i; |
|
|
|
if (j > tlen) { |
|
|
|
OPENSSL_PUT_ERROR(RSA, RSA_padding_check_SSLv23, RSA_R_DATA_TOO_LARGE); |
|
|
|
return -1; |
|
|
|
} |
|
|
|
memcpy(to, p, j); |
|
|
|
|
|
|
|
return j; |
|
|
|
} |
|
|
|
|
|
|
|
int PKCS1_MGF1(uint8_t *mask, unsigned len, const uint8_t *seed, |
|
|
|
unsigned seedlen, const EVP_MD *dgst) { |
|
|
|
unsigned outlen = 0; |
|
|
|