aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan')
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c9
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c7
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c16
3 files changed, 19 insertions, 13 deletions
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index e99502b27..7d232e4f1 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -230,8 +230,13 @@ static gmp_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
destroy(this);
return NULL;
}
-
- rng->allocate_bytes(rng, exp_len, &random);
+ if (!rng->allocate_bytes(rng, exp_len, &random))
+ {
+ DBG1(DBG_LIB, "failed to allocate DH secret");
+ rng->destroy(rng);
+ destroy(this);
+ return NULL;
+ }
rng->destroy(rng);
if (exp_len == this->p_len)
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index 1b6c20817..acd9ae2b7 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -149,7 +149,12 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this,
mpz_init(*prime);
do
{
- rng->allocate_bytes(rng, prime_size, &random_bytes);
+ if (!rng->allocate_bytes(rng, prime_size, &random_bytes))
+ {
+ DBG1(DBG_LIB, "failed to allocate random prime");
+ rng->destroy(rng);
+ return FAILED;
+ }
/* make sure the two most significant bits are set */
random_bytes.ptr[0] = random_bytes.ptr[0] | 0xC0;
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 898892f5b..db7b8e49a 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -314,7 +314,7 @@ METHOD(public_key_t, encrypt_, bool,
{
chunk_t em;
u_char *pos;
- int padding, i;
+ int padding;
rng_t *rng;
if (scheme != ENCRYPT_RSA_PKCS1)
@@ -348,16 +348,12 @@ METHOD(public_key_t, encrypt_, bool,
*pos++ = 0x02;
/* fill with pseudo random octets */
- rng->get_bytes(rng, padding, pos);
-
- /* replace zero-valued random octets */
- for (i = 0; i < padding; i++)
+ if (!rng_get_bytes_not_zero(rng, padding, pos, TRUE))
{
- while (*pos == 0)
- {
- rng->get_bytes(rng, 1, pos);
- }
- pos++;
+ DBG1(DBG_LIB, "failed to allocate padding");
+ chunk_clear(&em);
+ rng->destroy(rng);
+ return FALSE;
}
rng->destroy(rng);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 08:35:57 +0000