From 998065599c66055dcffa1ef1ddebb947ccd68248 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Tomasz=20Mi=C4=85sko?= <tomasz.miasko@gmail.com>

Date: Thu, 9 Feb 2017 09:45:01 +0100

Subject: DH: Ensure that generated secret occupies the same number of bytes as

 prime.

https://bugzilla.gnome.org/show_bug.cgi?id=778357

---

 egg/egg-dh.c | 15 +++++++++++----

 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/egg/egg-dh.c b/egg/egg-dh.c

index e869c99..b190488 100644

--- a/egg/egg-dh.c

+++ b/egg/egg-dh.c

@@ -314,6 +314,7 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,

 {

 	gcry_error_t gcry;

 	guchar *value;

+	gsize n_prime;

 	gsize n_value;

 	gcry_mpi_t k;

 	gint bits;

@@ -330,19 +331,25 @@ egg_dh_gen_secret (gcry_mpi_t peer, gcry_mpi_t priv,

 	gcry_mpi_powm (k, peer, priv, prime);

 	/* Write out the secret */

-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_value, k);

+	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n_prime, prime);

 	g_return_val_if_fail (gcry == 0, NULL);

-	value = egg_secure_alloc (n_value);

-	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_value, &n_value, k);

+	value = egg_secure_alloc (n_prime);

+	gcry = gcry_mpi_print (GCRYMPI_FMT_USG, value, n_prime, &n_value, k);

 	g_return_val_if_fail (gcry == 0, NULL);

+	/* Pad the secret with zero bytes to match length of prime in bytes. */

+	if (n_value < n_prime) {

+		memmove (value + (n_prime - n_value), value, n_value);

+		memset (value, 0, (n_prime - n_value));

+	}

+

 #if DEBUG_DH_SECRET

 	g_printerr ("DH SECRET: ");

 	gcry_mpi_dump (k);

 #endif

 	gcry_mpi_release (k);

-	*bytes = n_value;

+	*bytes = n_prime;

 #if DEBUG_DH_SECRET

 	gcry_mpi_scan (&k, GCRYMPI_FMT_USG, value, bytes, NULL);

-- 

cgit v0.12