nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 20:33:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

note another potential security problem with generating key material

Browse Source 
from our DH handshake.


svn:r4724
This commit is contained in:
Roger Dingledine 2005-08-06 16:50:51 +00:00
parent 261bf4c4d4
commit b9a7482c02
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/common/crypto.c
View File

@ -1458,6 +1458,12 @@ int crypto_dh_compute_secret(crypto_dh_env_t *dh,
} }
secret_len = result; secret_len = result;
/* sometimes secret_len might be less than 128, e.g., 127. that's ok. */ /* sometimes secret_len might be less than 128, e.g., 127. that's ok. */
/* Actually, http://www.faqs.org/rfcs/rfc2631.html says:
* Leading zeros MUST be preserved, so that ZZ occupies as many
* octets as p. For instance, if p is 1024 bits, ZZ should be 128
* bytes long.
* What are the security implications here?
*/
for (i = 0; i < secret_bytes_out; i += DIGEST_LEN) { for (i = 0; i < secret_bytes_out; i += DIGEST_LEN) {
secret_tmp[secret_len] = (unsigned char) i/DIGEST_LEN; secret_tmp[secret_len] = (unsigned char) i/DIGEST_LEN;
if (crypto_digest(hash, secret_tmp, secret_len+1)) if (crypto_digest(hash, secret_tmp, secret_len+1))