[libsecret] DH: Ensure that generated secret occupies the same number of bytes as prime.

[Stefan Walter <stefw src gnome org>]

commit 998065599c66055dcffa1ef1ddebb947ccd68248
Author: Tomasz Miąsko <tomasz miasko gmail com>
Date:   Thu Feb 9 09:45:01 2017 +0100

    DH: Ensure that generated secret occupies the same number of bytes as prime.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=778357

 egg/egg-dh.c |   15 +++++++++++----
 1 files changed, 11 insertions(+), 4 deletions(-)
---
diff --git a/egg/egg-dh.c b/egg/egg-dh.c
index e869c99..b190488 100644
--- a/egg/egg-dh.c
+++ b/egg/egg-dh.c
@@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
 {
        gcry_error_t gcry;
        guchar *value;
+       gsize n_prime;
        gsize n_value;
        gcry_mpi_t k;
        gint bits;
@@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
        gcry_mpi_powm (k, peer, priv, prime);
 
        /* Write out the secret */
-       gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
+       gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
        g_return_val_if_fail (gcry == 0, NULL);
-       value = egg_secure_alloc (n_value);
-       gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
+       value = egg_secure_alloc (n_prime);
+       gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
        g_return_val_if_fail (gcry == 0, NULL);
 
+       /* Pad the secret with zero bytes to match length of prime in bytes. */
+       if (n_value < n_prime) {
+               memmove (value + (n_prime - n_value), value, n_value);
+               memset (value, 0, (n_prime - n_value));
+       }
+
 #if DEBUG_DH_SECRET
        g_printerr ("DH SECRET: ");
        gcry_mpi_dump (k);
 #endif
        gcry_mpi_release (k);
 
-       *bytes = n_value;
+       *bytes = n_prime;
 
 #if DEBUG_DH_SECRET
        gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);