aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/gmp
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins/gmp')
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c9
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c16
2 files changed, 19 insertions, 6 deletions
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index a07ace296..e21e7131d 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -314,11 +314,18 @@ METHOD(private_key_t, sign, bool,
}
METHOD(private_key_t, decrypt, bool,
- private_gmp_rsa_private_key_t *this, chunk_t crypto, chunk_t *plain)
+ private_gmp_rsa_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
chunk_t em, stripped;
bool success = FALSE;
+ if (scheme != ENCRYPT_RSA_PKCS1)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
/* rsa decryption using PKCS#1 RSADP */
stripped = em = rsadp(this, crypto);
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 369021a73..762238f49 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -309,20 +309,20 @@ METHOD(public_key_t, verify, bool,
#define MIN_PS_PADDING 8
METHOD(public_key_t, encrypt_, bool,
- private_gmp_rsa_public_key_t *this, chunk_t plain, chunk_t *crypto)
+ private_gmp_rsa_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto)
{
chunk_t em;
u_char *pos;
int padding, i;
rng_t *rng;
- rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (rng == NULL)
+ if (scheme != ENCRYPT_RSA_PKCS1)
{
- DBG1(DBG_LIB, "no random generator available");
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
return FALSE;
}
-
/* number of pseudo-random padding octets */
padding = this->k - plain.len - 3;
if (padding < MIN_PS_PADDING)
@@ -331,6 +331,12 @@ METHOD(public_key_t, encrypt_, bool,
MIN_PS_PADDING);
return FALSE;
}
+ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (rng == NULL)
+ {
+ DBG1(DBG_LIB, "no random generator available");
+ return FALSE;
+ }
/* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */
DBG2(DBG_LIB, "padding %u bytes of data to the rsa modulus size of"
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-24 16:31:16 +0000