Blame SOURCES/libsecret-0.18.5-fix-invalid-secret-transfer-error.patch

b46b7f
From 998065599c66055dcffa1ef1ddebb947ccd68248 Mon Sep 17 00:00:00 2001
b46b7f
From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= <tomasz.miasko@gmail.com>
b46b7f
Date: Thu, 9 Feb 2017 09:45:01 +0100
b46b7f
Subject: DH: Ensure that generated secret occupies the same number of bytes as
b46b7f
 prime.
b46b7f
b46b7f
https://bugzilla.gnome.org/show_bug.cgi?id=778357
b46b7f
---
b46b7f
 egg/egg-dh.c | 15 +++++++++++----
b46b7f
 1 file changed, 11 insertions(+), 4 deletions(-)
b46b7f
b46b7f
diff --git a/egg/egg-dh.c b/egg/egg-dh.c
b46b7f
index e869c99..b190488 100644
b46b7f
--- a/egg/egg-dh.c
b46b7f
+++ b/egg/egg-dh.c
b46b7f
@@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
b46b7f
 {
b46b7f
 	gcry_error_t gcry;
b46b7f
 	guchar *value;
b46b7f
+	gsize n_prime;
b46b7f
 	gsize n_value;
b46b7f
 	gcry_mpi_t k;
b46b7f
 	gint bits;
b46b7f
@@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,
b46b7f
 	gcry_mpi_powm (k, peer, priv, prime);
b46b7f
 
b46b7f
 	/* Write out the secret */
b46b7f
-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);
b46b7f
+	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);
b46b7f
 	g_return_val_if_fail (gcry == 0, NULL);
b46b7f
-	value = egg_secure_alloc (n_value);
b46b7f
-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);
b46b7f
+	value = egg_secure_alloc (n_prime);
b46b7f
+	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);
b46b7f
 	g_return_val_if_fail (gcry == 0, NULL);
b46b7f
 
b46b7f
+	/* Pad the secret with zero bytes to match length of prime in bytes. */
b46b7f
+	if (n_value < n_prime) {
b46b7f
+		memmove (value + (n_prime - n_value), value, n_value);
b46b7f
+		memset (value, 0, (n_prime - n_value));
b46b7f
+	}
b46b7f
+
b46b7f
 #if DEBUG_DH_SECRET
b46b7f
 	g_printerr ("DH SECRET: ");
b46b7f
 	gcry_mpi_dump (k);
b46b7f
 #endif
b46b7f
 	gcry_mpi_release (k);
b46b7f
 
b46b7f
-	*bytes = n_value;
b46b7f
+	*bytes = n_prime;
b46b7f
 
b46b7f
 #if DEBUG_DH_SECRET
b46b7f
 	gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);
b46b7f
-- 
b46b7f
cgit v0.12
b46b7f