DH: Ensure that generated secret occupies the same number of bytes as prime.

https://bugzilla.gnome.org/show_bug.cgi?id=778357

1 files changed, 11 insertions, 4 deletions

diff --git a/egg/egg-dh.c b/egg/egg-dh.c
index ff9ded67..e968bafd 100644
--- a/egg/egg-dh.c
+++ b/egg/egg-dh.c
@@ -311,6 +311,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
 {
 	gcry_error_t gcry;
 	guchar *value;
+	gsize n_prime;
 	gsize n_value;
 	gcry_mpi_t k;
 	gint bits;
@@ -327,19 +328,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
 	gcry_mpi_powm (k, peer, priv, prime);
 
 	/* Write out the secret */
-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
+	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
 	g_return_val_if_fail (gcry == 0, NULL);
-	value = egg_secure_alloc (n_value);
-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
+	value = egg_secure_alloc (n_prime);
+	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
 	g_return_val_if_fail (gcry == 0, NULL);
 
+	/* Pad the secret with zero bytes to match length of prime in bytes. */
+	if (n_value < n_prime) {
+		memmove (value + (n_prime - n_value), value, n_value);
+		memset (value, 0, (n_prime - n_value));
+	}
+
 #if DEBUG_DH_SECRET
 	g_printerr ("DH SECRET: ");
 	gcry_mpi_dump (k);
 	gcry_mpi_release (k);
 #endif
 
-	*bytes = n_value;
+	*bytes = n_prime;
 
 #if DEBUG_DH_SECRET
 	gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);