#include "silcincludes.h"
#include "silcpkcs1.h"
+/* Minimum padding in block */
+#define SILC_PKCS1_MIN_PADDING 8
+
/* Encodes PKCS#1 data block from the `data' according to the block type
indicated by `bt'. When encoding signatures the `bt' must be
SILC_PKCS1_BT_PRV1 and when encoding encryption blocks the `bt' must
dest_data[1] = (unsigned char)bt;
padlen = (SilcInt32)dest_data_size - (SilcInt32)data_len - 3;
- if (padlen < 8) {
+ if (padlen < SILC_PKCS1_MIN_PADDING) {
SILC_LOG_DEBUG(("Data to be encoded is too long"));
return FALSE;
}
case SILC_PKCS1_BT_PUB:
/* Encryption */
- for (i = 2; i < padlen; i++) {
- /* It is guaranteed this routine does not return zero byte. */
- if (rng)
+
+ /* It is guaranteed this routine does not return zero byte. */
+ if (rng)
+ for (i = 2; i < padlen; i++)
dest_data[i] = silc_rng_get_byte_fast(rng);
- else
+ else
+ for (i = 2; i < padlen; i++)
dest_data[i] = silc_rng_global_get_byte_fast();
- }
-
break;
}
}
/* Sanity checks */
- if (data[i] != 0x00 || i < 10 - 2)
+ if (data[i++] != 0x00) {
+ SILC_LOG_DEBUG(("Malformed block"));
return FALSE;
- i++;
- if (dest_data_size < data_len - i)
+ }
+ if (i - 1 < SILC_PKCS1_MIN_PADDING) {
+ SILC_LOG_DEBUG(("Malformed block"));
+ return FALSE;
+ }
+ if (dest_data_size < data_len - i) {
+ SILC_LOG_DEBUG(("Destination buffer too small"));
return FALSE;
+ }
/* Copy the data */
memcpy(dest_data, data + i, data_len - i);
projects / silc.git / commitdiff