[gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt
Werner Koch
wk at gnupg.org
Tue Aug 17 13:56:57 CEST 2004
On Mon, 16 Aug 2004 17:46:23 -0700, Robey Pointer said:
> and almost always only the 3rd byte is used. This seems like a waste
> of the random pool, and my hunch is that the fetch of 3 random bytes
> was meant to go OUTSIDE the loop.
FWIW, here is how GnuPG does it:
p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
/* replace zero bytes by new values */
for(;;) {
int j, k;
byte *pp;
/* count the zero bytes */
for(j=k=0; j < i; j++ )
if( !p[j] )
k++;
if( !k )
break; /* okay: no zero bytes */
k += k/128; /* better get some more */
pp = gcry_random_bytes_secure( k, GCRY_STRONG_RANDOM);
for(j=0; j < i && k ; j++ )
if( !p[j] )
p[j] = pp[--k];
xfree (pp);
}
Libgcrypt also provides pkcs#1 handling. The code above has not yet
been converted to this new Libgcrypt feature.
Salam-Shalom,
Werner
More information about the Gnutls-dev
mailing list