Check rng return value when generating DH secrets and primes in gmp plugin
authorTobias Brunner <tobias@strongswan.org>
Mon, 25 Jun 2012 14:09:00 +0000 (16:09 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:35 +0000 (14:53 +0200)
src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c

index e99502b..7d232e4 100644 (file)
@@ -230,8 +230,13 @@ static gmp_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
                destroy(this);
                return NULL;
        }
-
-       rng->allocate_bytes(rng, exp_len, &random);
+       if (!rng->allocate_bytes(rng, exp_len, &random))
+       {
+               DBG1(DBG_LIB, "failed to allocate DH secret");
+               rng->destroy(rng);
+               destroy(this);
+               return NULL;
+       }
        rng->destroy(rng);
 
        if (exp_len == this->p_len)
index 1b6c208..acd9ae2 100644 (file)
@@ -149,7 +149,12 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this,
        mpz_init(*prime);
        do
        {
-               rng->allocate_bytes(rng, prime_size, &random_bytes);
+               if (!rng->allocate_bytes(rng, prime_size, &random_bytes))
+               {
+                       DBG1(DBG_LIB, "failed to allocate random prime");
+                       rng->destroy(rng);
+                       return FAILED;
+               }
                /* make sure the two most significant bits are set */
                random_bytes.ptr[0] = random_bytes.ptr[0] | 0xC0;
 
index 898892f..db7b8e4 100644 (file)
@@ -314,7 +314,7 @@ METHOD(public_key_t, encrypt_, bool,
 {
        chunk_t em;
        u_char *pos;
-       int padding, i;
+       int padding;
        rng_t *rng;
 
        if (scheme != ENCRYPT_RSA_PKCS1)
@@ -348,16 +348,12 @@ METHOD(public_key_t, encrypt_, bool,
        *pos++ = 0x02;
 
        /* fill with pseudo random octets */
-       rng->get_bytes(rng, padding, pos);
-
-       /* replace zero-valued random octets */
-       for (i = 0; i < padding; i++)
+       if (!rng_get_bytes_not_zero(rng, padding, pos, TRUE))
        {
-               while (*pos == 0)
-               {
-                       rng->get_bytes(rng, 1, pos);
-               }
-               pos++;
+               DBG1(DBG_LIB, "failed to allocate padding");
+               chunk_clear(&em);
+               rng->destroy(rng);
+               return FALSE;
        }
        rng->destroy(rng);