summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
0d9974b)
The return value from `mpmask' wasn't being used, and callers expected a
broken buffer on failure, so that's the official story now.
The return value from `mpunmask' was advertised properly, but not
checked, so fix that.
* @const octet *k@ = pointer to key material
* @size_t ksz@ = size of the key
*
* @const octet *k@ = pointer to key material
* @size_t ksz@ = size of the key
*
- * Returns: Pointer to the output.
*
* Use: Masks a multiprecision integer: returns %$x \xor H(k)$%, so
* it's a random oracle thing rather than an encryption thing.
*
* Use: Masks a multiprecision integer: returns %$x \xor H(k)$%, so
* it's a random oracle thing rather than an encryption thing.
+ * Breaks the output buffer on error.
-static octet *mpmask(buf *b, mp *x, size_t n,
- const gccipher *mgfc, const octet *k, size_t ksz)
+static void mpmask(buf *b, mp *x, size_t n,
+ const gccipher *mgfc, const octet *k, size_t ksz)
{
gcipher *mgf;
octet *p;
{
gcipher *mgf;
octet *p;
- if ((p = buf_get(b, n)) == 0)
- return (0);
+ if ((p = buf_get(b, n)) == 0) return;
mgf = GC_INIT(mgfc, k, ksz);
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
trace(T_CRYPTO, "crypto: masking index = %s", mpstr(x));
mgf = GC_INIT(mgfc, k, ksz);
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
trace(T_CRYPTO, "crypto: masking index = %s", mpstr(x));
trace_block(T_CRYPTO, "crypto: masked ciphertext", p, n);
}))
GC_DESTROY(mgf);
trace_block(T_CRYPTO, "crypto: masked ciphertext", p, n);
}))
GC_DESTROY(mgf);
}
/* --- @mpunmask@ --- *
}
/* --- @mpunmask@ --- *
/* --- Compute the reply, and check the magic --- */
G_EXP(g, r, c, kx->kpriv->kpriv);
/* --- Compute the reply, and check the magic --- */
G_EXP(g, r, c, kx->kpriv->kpriv);
- cv = mpunmask(MP_NEW, ck, ixsz, algs->mgf,
- hashcheck(kx, kx->kpub->kpub, kx->c, c, r),
- algs->hashsz);
+ if ((cv = mpunmask(MP_NEW, ck, ixsz, algs->mgf,
+ hashcheck(kx, kx->kpub->kpub, kx->c, c, r),
+ algs->hashsz)) == 0)
+ goto badcheck;
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
trace(T_CRYPTO, "crypto: computed reply = %s", gestr(g, r));
trace(T_CRYPTO, "crypto: recovered log = %s", mpstr(cv));
IF_TRACING(T_KEYEXCH, IF_TRACING(T_CRYPTO, {
trace(T_CRYPTO, "crypto: computed reply = %s", gestr(g, r));
trace(T_CRYPTO, "crypto: recovered log = %s", mpstr(cv));