RSA: PSS + all encryption needs a PRNG

karel-m · sjaeckel · commit d2829aa10faf · 2026-04-15T11:12:30.000+02:00
diff --git a/src/pk/rsa/rsa_key.c b/src/pk/rsa/rsa_key.c
@@ -189,9 +189,12 @@ static LTC_INLINE int s_rsa_key_valid_crypt(ltc_rsa_op_checked *check)
    return s_rsa_key_valid_rsa_params(check);
 }
 
-static LTC_INLINE int s_rsa_check_prng(ltc_rsa_op_parameters *params)
+static LTC_INLINE int s_rsa_check_prng(ltc_rsa_op op, ltc_rsa_op_parameters *params)
 {
-   if (params->padding != LTC_PKCS_1_PSS)
+   /* Only PSS signing needs a PRNG, v1.5 signing is deterministic.
+    * All encryption needs a PRNG (OAEP seed, v1.5 EME random padding). */
+   if ((op & LTC_RSA_OP_SIGN) == LTC_RSA_OP_SIGN
+         && params->padding != LTC_PKCS_1_PSS)
       return CRYPT_OK;
    if (params->prng == NULL)
       return CRYPT_INVALID_PRNG;
@@ -211,7 +214,7 @@ int rsa_key_valid_op(ltc_rsa_op op, ltc_rsa_op_checked *check)
    check->params->params.pss_oaep = check->params->padding == LTC_PKCS_1_OAEP
          || check->params->padding == LTC_PKCS_1_PSS;
    if ((op & LTC_RSA_OP_SEND) == LTC_RSA_OP_SEND) {
-      if ((err = s_rsa_check_prng(check->params)) != CRYPT_OK) {
+      if ((err = s_rsa_check_prng(op, check->params)) != CRYPT_OK) {
          return err;
       }
    }

Original file line number	Diff line number	Diff line change
`@@ -189,9 +189,12 @@ static LTC_INLINE int s_rsa_key_valid_crypt(ltc_rsa_op_checked *check)`
`189`	`189`	`return s_rsa_key_valid_rsa_params(check);`
`190`	`190`	`}`
`191`	`191`
`192`		`-static LTC_INLINE int s_rsa_check_prng(ltc_rsa_op_parameters *params)`
	`192`	`+static LTC_INLINE int s_rsa_check_prng(ltc_rsa_op op, ltc_rsa_op_parameters *params)`
`193`	`193`	`{`
`194`		`- if (params->padding != LTC_PKCS_1_PSS)`
	`194`	`+ /* Only PSS signing needs a PRNG, v1.5 signing is deterministic.`
	`195`	`+ * All encryption needs a PRNG (OAEP seed, v1.5 EME random padding). */`
	`196`	`+ if ((op & LTC_RSA_OP_SIGN) == LTC_RSA_OP_SIGN`
	`197`	`+ && params->padding != LTC_PKCS_1_PSS)`
`195`	`198`	`return CRYPT_OK;`
`196`	`199`	`if (params->prng == NULL)`
`197`	`200`	`return CRYPT_INVALID_PRNG;`
`@@ -211,7 +214,7 @@ int rsa_key_valid_op(ltc_rsa_op op, ltc_rsa_op_checked *check)`
`211`	`214`	`check->params->params.pss_oaep = check->params->padding == LTC_PKCS_1_OAEP`
`212`	`215`	`\|\| check->params->padding == LTC_PKCS_1_PSS;`
`213`	`216`	`if ((op & LTC_RSA_OP_SEND) == LTC_RSA_OP_SEND) {`
`214`		`- if ((err = s_rsa_check_prng(check->params)) != CRYPT_OK) {`
	`217`	`+ if ((err = s_rsa_check_prng(op, check->params)) != CRYPT_OK) {`
`215`	`218`	`return err;`
`216`	`219`	`}`
`217`	`220`	`}`