[libsecret] DH: Ensure that generated secret occupies the same number of bytes as prime.
- From: Stefan Walter <stefw src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libsecret] DH: Ensure that generated secret occupies the same number of bytes as prime.
- Date: Tue, 28 Feb 2017 11:40:42 +0000 (UTC)
commit 998065599c66055dcffa1ef1ddebb947ccd68248
Author: Tomasz Miąsko <tomasz miasko gmail com>
Date: Thu Feb 9 09:45:01 2017 +0100
DH: Ensure that generated secret occupies the same number of bytes as prime.
https://bugzilla.gnome.org/show_bug.cgi?id=778357
egg/egg-dh.c | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)
---
diff --git a/egg/egg-dh.c b/egg/egg-dh.c
index e869c99..b190488 100644
--- a/egg/egg-dh.c
+++ b/egg/egg-dh.c
@@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
{
gcry_error_t gcry;
guchar *value;
+ gsize n_prime;
gsize n_value;
gcry_mpi_t k;
gint bits;
@@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
gcry_mpi_powm (k, peer, priv, prime);
/* Write out the secret */
- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
+ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
g_return_val_if_fail (gcry == 0, NULL);
- value = egg_secure_alloc (n_value);
- gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
+ value = egg_secure_alloc (n_prime);
+ gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
g_return_val_if_fail (gcry == 0, NULL);
+ /* Pad the secret with zero bytes to match length of prime in bytes. */
+ if (n_value < n_prime) {
+ memmove (value + (n_prime - n_value), value, n_value);
+ memset (value, 0, (n_prime - n_value));
+ }
+
#if DEBUG_DH_SECRET
g_printerr ("DH SECRET: ");
gcry_mpi_dump (k);
#endif
gcry_mpi_release (k);
- *bytes = n_value;
+ *bytes = n_prime;
#if DEBUG_DH_SECRET
gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]