rsa/*: switch to BN_bn2binpad.

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5254) (cherry picked from commit 582ad5d4d9b7703eb089016935133e3a18ea8205)
author: Andy Polyakov <appro@openssl.org> 2018-02-04 15:24:54 +0100
committer: Andy Polyakov <appro@openssl.org> 2018-07-14 13:40:37 +0200
commit: 0b139e41b4ca03c1d36f4c93c6e9147e497029ca (patch)
tree: 54fc9e6403eccd7c60ef58ee27a2a138d2235ec2 /crypto/rsa/rsa_ssl.c
parent: 75a67a036a041d9fdac0fd7fd5a461f48709a3d3 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index 9ef6b80ea8..cb5c319ebc 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -63,6 +63,14 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
         return (-1);
     }
+    /* Accept even zero-padded input */
+    if (flen == num) {
+        if (*(p++) != 0) {
+            RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
+            return -1;
+        }
+        flen--;
+    }
     if ((num != (flen + 1)) || (*(p++) != 02)) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
         return (-1);
author	Andy Polyakov <appro@openssl.org>	2018-02-04 15:24:54 +0100
committer	Andy Polyakov <appro@openssl.org>	2018-07-14 13:40:37 +0200
commit	0b139e41b4ca03c1d36f4c93c6e9147e497029ca (patch)
tree	54fc9e6403eccd7c60ef58ee27a2a138d2235ec2 /crypto/rsa/rsa_ssl.c
parent	75a67a036a041d9fdac0fd7fd5a461f48709a3d3 (diff)