From 99f6fd8450ac9286eb3f6018e4d88ab935b1bf78 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Wed, 16 Jul 2014 13:52:31 -0700
Subject: [PATCH] have explicit Rsa Padding error

---
 ctaocrypt/src/error.c          |  3 +++
 ctaocrypt/src/rsa.c            | 34 +++++++++++++++-------------------
 cyassl/ctaocrypt/error-crypt.h |  4 ++--
 3 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c
index 00bfe309b..be625ad16 100644
--- a/ctaocrypt/src/error.c
+++ b/ctaocrypt/src/error.c
@@ -280,6 +280,9 @@ const char* CTaoCryptGetErrorString(int error)
     case HMAC_MIN_KEYLEN_E:
         return "FIPS Mode HMAC Minimum Key Length error";
 
+    case RSA_PAD_E:
+        return "Rsa Padding error";
+
     default:
         return "unknown error number";
 
diff --git a/ctaocrypt/src/rsa.c b/ctaocrypt/src/rsa.c
index 648d56f1b..af56f9bac 100644
--- a/ctaocrypt/src/rsa.c
+++ b/ctaocrypt/src/rsa.c
@@ -157,7 +157,9 @@ static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
 }
 
 
-static word32 RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
+/* UnPad plaintext, set start to *output, return length of plaintext,
+ * < 0 on error */
+static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
                        byte **output, byte padValue)
 {
     word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0,
@@ -177,7 +179,7 @@ static word32 RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
         }
     if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
         CYASSL_MSG("RsaUnPad error, bad formatting");
-        return 0;
+        return RSA_PAD_E;
     }
 
     outputLen = pkcsBlockLen - i;
@@ -185,7 +187,7 @@ static word32 RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
 
     if (invalid) {
         CYASSL_MSG("RsaUnPad error, bad formatting");
-        return 0;
+        return RSA_PAD_E;
     }
 
     *output = (byte *)(pkcsBlock + i);
@@ -316,7 +318,7 @@ int RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
 
 int RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
 {
-    int plainLen, ret;
+    int ret;
 
 #ifdef HAVE_CAVIUM
     if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) {
@@ -332,16 +334,14 @@ int RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
         return ret;
     }
  
-    plainLen = RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2);
-
-    return plainLen;
+    return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2);
 }
 
 
 int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
                      RsaKey* key)
 {
-    int plainLen, ret;
+    int plainLen;
     byte*  tmp;
     byte*  pad = 0;
 
@@ -357,10 +357,9 @@ int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
 
     XMEMCPY(tmp, in, inLen);
 
-    if ((ret = plainLen = RsaPrivateDecryptInline(tmp, inLen, &pad, key))
-            < 0) {
+    if ( (plainLen = RsaPrivateDecryptInline(tmp, inLen, &pad, key) ) < 0) {
         XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
-        return ret;
+        return plainLen;
     }
     if (plainLen > (int)outLen)
         plainLen = BAD_FUNC_ARG;
@@ -376,7 +375,7 @@ int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
 /* for Rsa Verify */
 int RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
 {
-    int plainLen, ret;
+    int ret;
 
 #ifdef HAVE_CAVIUM
     if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) {
@@ -392,16 +391,14 @@ int RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
         return ret;
     }
   
-    plainLen = RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1);
-
-    return plainLen;
+    return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1);
 }
 
 
 int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
                      RsaKey* key)
 {
-    int plainLen, ret;
+    int plainLen;
     byte*  tmp;
     byte*  pad = 0;
 
@@ -417,10 +414,9 @@ int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
 
     XMEMCPY(tmp, in, inLen);
 
-    if ((ret = plainLen = RsaSSL_VerifyInline(tmp, inLen, &pad, key))
-            < 0) {
+    if ( (plainLen = RsaSSL_VerifyInline(tmp, inLen, &pad, key) ) < 0) {
         XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
-        return ret;
+        return plainLen;
     }
 
     if (plainLen > (int)outLen)
diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h
index c75d37ceb..31489958d 100644
--- a/cyassl/ctaocrypt/error-crypt.h
+++ b/cyassl/ctaocrypt/error-crypt.h
@@ -126,10 +126,10 @@ enum {
     ASN_NAME_INVALID_E  = -198,  /* ASN name constraint error */
 
     RNG_FAILURE_E       = -199,  /* RNG Failed, Reinitialize */
-
     HMAC_MIN_KEYLEN_E   = -200,  /* FIPS Mode HMAC Minimum Key Length error */
+    RSA_PAD_E           = -201,  /* RSA Padding Error */
 
-    MIN_CODE_E         = -300   /* errors -101 - -299 */
+    MIN_CODE_E          = -300   /* errors -101 - -299 */
 };