[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt
|
From: |
Werner Koch |
|
Subject: |
Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt |
|
Date: |
Tue, 17 Aug 2004 13:56:57 +0200 |
|
User-agent: |
Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux) |
On Mon, 16 Aug 2004 17:46:23 -0700, Robey Pointer said:
> and almost always only the 3rd byte is used. This seems like a waste
> of the random pool, and my hunch is that the fetch of 3 random bytes
> was meant to go OUTSIDE the loop.
FWIW, here is how GnuPG does it:
p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
/* replace zero bytes by new values */
for(;;) {
int j, k;
byte *pp;
/* count the zero bytes */
for(j=k=0; j < i; j++ )
if( !p[j] )
k++;
if( !k )
break; /* okay: no zero bytes */
k += k/128; /* better get some more */
pp = gcry_random_bytes_secure( k, GCRY_STRONG_RANDOM);
for(j=0; j < i && k ; j++ )
if( !p[j] )
p[j] = pp[--k];
xfree (pp);
}
Libgcrypt also provides pkcs#1 handling. The code above has not yet
been converted to this new Libgcrypt feature.
Salam-Shalom,
Werner
- [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt, Robey Pointer, 2004/08/16
- [gnutls-dev] Re: bug in _gnutls_pkcs1_rsa_encrypt, Simon Josefsson, 2004/08/17
- Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt,
Werner Koch <=
- Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt, Matthias Urlichs, 2004/08/17
- Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt, Werner Koch, 2004/08/18
- Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt, Matthias Urlichs, 2004/08/18
- Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt, Robey Pointer, 2004/08/18
- Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt, Werner Koch, 2004/08/19
- Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt, Matthias Urlichs, 2004/08/19
- Re: [gnutls-dev] bug in _gnutls_pkcs1_rsa_encrypt, Werner Koch, 2004/08/19