[gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt

Werner Koch wk at gnupg.org
Thu Aug 19 09:22:23 CEST 2004


On Wed, 18 Aug 2004 13:58:49 -0700, Robey Pointer said:

> extra k/128 byte(s).  The simplicity outweighs the very very small
> chance that you might avoid an extra loop iteration by obsessively
> checking for (and skipping) zeros in the replacement buffer.

The thing is that each call to the random function turns out to be a
real performance hog; asking for a few bytes more in one call is far
cheaper.

The loop does now read:

    for(;;) {
	int j, k;
	byte *pp;

	/* count the zero bytes */
	for(j=k=0; j < i; j++ )
	    if( !p[j] )
		k++;
	if( !k )
	    break; /* okay: no zero bytes */
	k += 3; /* better get some more */  /* <========= */
	pp = get_random_bits( k*8, 1, 1);
	for(j=0; j < i && k ; j++ )
	    if( !p[j] && pp[k-1] )          /* <========= */
		p[j] = pp[--k];
	m_free(pp);
    }

Does this look better?

  Werner








More information about the Gnutls-devel mailing list