Ben confirms that the MUST in rfc2631 is only for compatibility with X9.42, and isn't actually a security thing.

svn:r17685
2024-11-10 21:23:58 +01:00 · 2008-12-18 16:11:16 +00:00 · 2008-12-18 16:11:16 +00:00 · 6c6b0283cb
commit 6c6b0283cb
parent 8d5a9d762c
1 changed files with 0 additions and 7 deletions
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -1643,13 +1643,6 @@ crypto_dh_compute_secret(crypto_dh_env_t *dh,
    goto error;
  }
  secret_len = result;
-  /* sometimes secret_len might be less than 128, e.g., 127. that's ok. -RD */
-  /* Actually, http://www.faqs.org/rfcs/rfc2631.html says:
-   *   Leading zeros MUST be preserved, so that ZZ occupies as many
-   *   octets as p. For instance, if p is 1024 bits, ZZ should be 128
-   *   bytes long.
-   * XXX021 What are the security implications here? -NM
-   */
  if (crypto_expand_key_material(secret_tmp, secret_len,
                                 secret_out, secret_bytes_out)<0)
    goto error;