DH: Ensure that generated secret occupies the same number of bytes as prime.

https://bugzilla.gnome.org/show_bug.cgi?id=778357
This commit is contained in:
Tomasz Miąsko 2017-02-09 09:45:01 +01:00 committed by Stef Walter
parent 455b70968a
commit 998065599c

View File

@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
{ {
gcry_error_t gcry; gcry_error_t gcry;
guchar *value; guchar *value;
gsize n_prime;
gsize n_value; gsize n_value;
gcry_mpi_t k; gcry_mpi_t k;
gint bits; gint bits;
@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
gcry_mpi_powm (k, peer, priv, prime); gcry_mpi_powm (k, peer, priv, prime);
/* Write out the secret */ /* Write out the secret */
gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k); gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
g_return_val_if_fail (gcry == 0, NULL); g_return_val_if_fail (gcry == 0, NULL);
value = egg_secure_alloc (n_value); value = egg_secure_alloc (n_prime);
gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k); gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
g_return_val_if_fail (gcry == 0, NULL); g_return_val_if_fail (gcry == 0, NULL);
/* Pad the secret with zero bytes to match length of prime in bytes. */
if (n_value < n_prime) {
memmove (value + (n_prime - n_value), value, n_value);
memset (value, 0, (n_prime - n_value));
}
#if DEBUG_DH_SECRET #if DEBUG_DH_SECRET
g_printerr ("DH SECRET: "); g_printerr ("DH SECRET: ");
gcry_mpi_dump (k); gcry_mpi_dump (k);
#endif #endif
gcry_mpi_release (k); gcry_mpi_release (k);
*bytes = n_value; *bytes = n_prime;
#if DEBUG_DH_SECRET #if DEBUG_DH_SECRET
gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL); gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);