diff options
| author | Christian Grothoff <christian@grothoff.org> | 2018-05-31 08:16:17 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2018-05-31 08:17:18 +0200 |
| commit | 2b99bddcb6961cfda34087138acdda4b8b9ccb9f (patch) | |
| tree | 09c8e161749e7905124479d8354ca2d8fdc31d71 | |
| parent | a243bee79d6a3e1d769abef9cdd159d7645e3f0f (diff) | |
| download | gnunet-2b99bddcb6961cfda34087138acdda4b8b9ccb9f.tar.gz gnunet-2b99bddcb6961cfda34087138acdda4b8b9ccb9f.zip | |
Niibe writes:
Sorry, I was not reading the code of GNUnet well. I overlooked how the
eddsa_d_to_a function was written and its intention. I read it again.
Indeed, the eddsa_d_to_a function tries to handle the case where
gcry_mpi_print returns rawmpilen < 32, putting "left pad" by DIGEST.
The problem is:
DIGEST is not cleared (although comment says so).
I think that the stack had zero-byte for some reason on your 32-bit
machine.
Here is the correction. Clear DIGEST, as comment says.
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 8d9091b23..280603234 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -1273,24 +1273,15 @@ eddsa_d_to_a (gcry_mpi_t d)
b = 256 / 8; /* number of bytes in `d` */
+ memset (hvec, 0, sizeof hvec);
/* Note that we clear DIGEST so we can use it as input to left pad
the key with zeroes for hashing. */
- memset (hvec, 0, sizeof hvec);
+ memset (digest, 0, sizeof digest);
rawmpilen = sizeof (rawmpi);
GNUNET_assert (0 ==
gcry_mpi_print (GCRYMPI_FMT_USG,
rawmpi, rawmpilen, &rawmpilen,
d));
- if (rawmpilen < 32)
- {
- memmove (rawmpi + 32 - rawmpilen,
- rawmpi,
- rawmpilen);
- memset (rawmpi,
- 0,
- 32 - rawmpilen);
- rawmpilen = 32;
- }
hvec[0].data = digest;
hvec[0].off = 0;
hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0;
--
| -rw-r--r-- | src/util/crypto_ecc.c | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 8d9091b23..200371cd7 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
| @@ -1275,22 +1275,13 @@ eddsa_d_to_a (gcry_mpi_t d) | |||
| 1275 | 1275 | ||
| 1276 | /* Note that we clear DIGEST so we can use it as input to left pad | 1276 | /* Note that we clear DIGEST so we can use it as input to left pad |
| 1277 | the key with zeroes for hashing. */ | 1277 | the key with zeroes for hashing. */ |
| 1278 | memset (digest, 0, sizeof digest); | ||
| 1278 | memset (hvec, 0, sizeof hvec); | 1279 | memset (hvec, 0, sizeof hvec); |
| 1279 | rawmpilen = sizeof (rawmpi); | 1280 | rawmpilen = sizeof (rawmpi); |
| 1280 | GNUNET_assert (0 == | 1281 | GNUNET_assert (0 == |
| 1281 | gcry_mpi_print (GCRYMPI_FMT_USG, | 1282 | gcry_mpi_print (GCRYMPI_FMT_USG, |
| 1282 | rawmpi, rawmpilen, &rawmpilen, | 1283 | rawmpi, rawmpilen, &rawmpilen, |
| 1283 | d)); | 1284 | d)); |
| 1284 | if (rawmpilen < 32) | ||
| 1285 | { | ||
| 1286 | memmove (rawmpi + 32 - rawmpilen, | ||
| 1287 | rawmpi, | ||
| 1288 | rawmpilen); | ||
| 1289 | memset (rawmpi, | ||
| 1290 | 0, | ||
| 1291 | 32 - rawmpilen); | ||
| 1292 | rawmpilen = 32; | ||
| 1293 | } | ||
| 1294 | hvec[0].data = digest; | 1285 | hvec[0].data = digest; |
| 1295 | hvec[0].off = 0; | 1286 | hvec[0].off = 0; |
| 1296 | hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0; | 1287 | hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0; |