From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Mon, 8 Nov 2021 18:29:28 +0000 (+0100)
Subject: wolfssl: Support OAEP labels
X-Git-Tag: 5.9.5dr2~5^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9cfdc3259747257a5b699218227779d2f701c564;p=thirdparty%2Fstrongswan.git

wolfssl: Support OAEP labels
---

diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c
index 03b6c9326f..c279169799 100644
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_private_key.c
@@ -247,6 +247,12 @@ METHOD(private_key_t, decrypt, bool,
 {
 	int padding, mgf, len;
 	enum wc_HashType hash;
+	chunk_t label = chunk_empty;
+
+	if (params)
+	{
+		label = *(chunk_t *)params;
+	}
 
 	switch (scheme)
 	{
@@ -300,7 +306,8 @@ METHOD(private_key_t, decrypt, bool,
 	len = wc_RsaEncryptSize(&this->rsa);
 	*plain = chunk_alloc(len);
 	len = wc_RsaPrivateDecrypt_ex(crypto.ptr, crypto.len, plain->ptr, len,
-								  &this->rsa, padding, hash, mgf, NULL, 0);
+								  &this->rsa, padding, hash, mgf,
+								  label.ptr, label.len);
 	if (len < 0)
 	{
 		DBG1(DBG_LIB, "RSA decryption failed");
diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c
index 5329b59539..72df115fe9 100644
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c
@@ -222,6 +222,12 @@ METHOD(public_key_t, encrypt, bool,
 {
 	int padding, mgf, len;
 	enum wc_HashType hash;
+	chunk_t label = chunk_empty;
+
+	if (params)
+	{
+		label = *(chunk_t *)params;
+	}
 
 	switch (scheme)
 	{
@@ -276,7 +282,7 @@ METHOD(public_key_t, encrypt, bool,
 	*crypto = chunk_alloc(len);
 	len = wc_RsaPublicEncrypt_ex(plain.ptr, plain.len, crypto->ptr, len,
 								 &this->rsa, &this->rng, padding, hash, mgf,
-								 NULL, 0);
+								 label.ptr, label.len);
 	if (len < 0)
 	{
 		DBG1(DBG_LIB, "RSA encryption failed");