Commit 33dc46b0 authored by Paul Bakker's avatar Paul Bakker
Browse files

Fix bug with mpi_fill_random() on big-endian

parent f96f7b60
......@@ -25,6 +25,8 @@ Bugfix
ServerHello when no extensions are present (found by Matthew Page)
* rsa_check_pubkey() now allows an E up to N
* On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
* mpi_fill_random() was creating numbers larger than requested on
big-endian platform when size was not an integer number of limbs
= PolarSSL 1.3.6 released on 2014-04-11
......
......@@ -1773,16 +1773,28 @@ cleanup:
return( ret );
}
/*
* Fill X with size bytes of random.
*
* Use a temporary bytes representation to make sure the result is the same
* regardless of the platform endianness (usefull when f_rng is actually
* deterministic, eg for tests).
*/
int mpi_fill_random( mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
if( size > POLARSSL_MPI_MAX_SIZE )
return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( size ) ) );
MPI_CHK( mpi_lset( X, 0 ) );
MPI_CHK( f_rng( p_rng, (unsigned char *) X->p, size ) );
MPI_CHK( f_rng( p_rng, buf, size ) );
MPI_CHK( mpi_read_binary( X, buf, size ) );
cleanup:
return( ret );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment