[gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt

Robey Pointer robey at danger.com
Wed Aug 18 22:58:49 CEST 2004


Matthias Urlichs wrote:

>Hi,
>
>Werner Koch:
>  
>
>>>This line doesn't make sense, IMHO.
>>>      
>>>
>>The idea is that when requesting K new random bytes to replace zero
>>bytes of the initial random string, we request a few bytes more so
>>that we have some spare random bytes in case the K new bytes contain
>>zero bytes.
>>
>>    
>>
>I thought so.
>
>However, it would help a great deal if you'd actually skip zero bytes in
>the new string when you replace the zeroes in the old string.  ;-)
>
>  
>
>>Agreed, requesting just one extra byte for replacing 128 zero bytes is
>>too less. 
>>    
>>
>
>s/is too less/isn't enough/.  (OK, OK, I'll shut up now.)
>
>To be reasonably safe, add three more bytes.
>  
>

IMHO, best to just leave the loop as-is and not bother to fetch the 
extra k/128 byte(s).  The simplicity outweighs the very very small 
chance that you might avoid an extra loop iteration by obsessively 
checking for (and skipping) zeros in the replacement buffer.

robey





More information about the Gnutls-devel mailing list