diff options
author | Tomasz Miąsko <tomasz.miasko@gmail.com> | 2017-02-09 09:45:01 +0100 |
---|---|---|
committer | Stef Walter <stefw@gnome.org> | 2017-02-28 12:40:34 +0100 |
commit | 61bceb62ae7962d3507fcddaa3a904e4efa477d6 (patch) | |
tree | 8bacf00c82970d1b5789b33af6a6fcee60dbc765 /egg | |
parent | f0fa0b05a242114fd04b63b07e5e78de2ac36443 (diff) | |
download | gnome-keyring-61bceb62ae7962d3507fcddaa3a904e4efa477d6.tar.gz |
DH: Ensure that generated secret occupies the same number of bytes as prime.
https://bugzilla.gnome.org/show_bug.cgi?id=778357
Diffstat (limited to 'egg')
-rw-r--r-- | egg/egg-dh.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/egg/egg-dh.c b/egg/egg-dh.c index ff9ded67..e968bafd 100644 --- a/egg/egg-dh.c +++ b/egg/egg-dh.c @@ -311,6 +311,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, { gcry_error_t gcry; guchar *value; + gsize n_prime; gsize n_value; gcry_mpi_t k; gint bits; @@ -327,19 +328,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv, gcry_mpi_powm (k, peer, priv, prime); /* Write out the secret */ - gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k); + gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime); g_return_val_if_fail (gcry == 0, NULL); - value = egg_secure_alloc (n_value); - gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k); + value = egg_secure_alloc (n_prime); + gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k); g_return_val_if_fail (gcry == 0, NULL); + /* Pad the secret with zero bytes to match length of prime in bytes. */ + if (n_value < n_prime) { + memmove (value + (n_prime - n_value), value, n_value); + memset (value, 0, (n_prime - n_value)); + } + #if DEBUG_DH_SECRET g_printerr ("DH SECRET: "); gcry_mpi_dump (k); gcry_mpi_release (k); #endif - *bytes = n_value; + *bytes = n_prime; #if DEBUG_DH_SECRET gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL); |