mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-14 07:03:44 +01:00
Ben confirms that the MUST in rfc2631 is only for compatibility with X9.42, and isn't actually a security thing.
svn:r17685
This commit is contained in:
parent
8d5a9d762c
commit
6c6b0283cb
@ -1643,13 +1643,6 @@ crypto_dh_compute_secret(crypto_dh_env_t *dh,
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
secret_len = result;
|
secret_len = result;
|
||||||
/* sometimes secret_len might be less than 128, e.g., 127. that's ok. -RD */
|
|
||||||
/* Actually, http://www.faqs.org/rfcs/rfc2631.html says:
|
|
||||||
* Leading zeros MUST be preserved, so that ZZ occupies as many
|
|
||||||
* octets as p. For instance, if p is 1024 bits, ZZ should be 128
|
|
||||||
* bytes long.
|
|
||||||
* XXX021 What are the security implications here? -NM
|
|
||||||
*/
|
|
||||||
if (crypto_expand_key_material(secret_tmp, secret_len,
|
if (crypto_expand_key_material(secret_tmp, secret_len,
|
||||||
secret_out, secret_bytes_out)<0)
|
secret_out, secret_bytes_out)<0)
|
||||||
goto error;
|
goto error;
|
||||||
|
Loading…
Reference in New Issue
Block a user