diff options
| author | Nick Mathewson <nickm@torproject.org> | 2008-12-18 16:11:16 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2008-12-18 16:11:16 +0000 |
| commit | 6c6b0283cbc24f2d3d3bb7139e1cbeb5a35cfedd (patch) | |
| tree | 7ecb926596ac61a54b91c56e137a0641ad933fb0 /src | |
| parent | 8d5a9d762c94b481d2f1326a14bba5b9c50624a8 (diff) | |
| download | tor-6c6b0283cbc24f2d3d3bb7139e1cbeb5a35cfedd.tar.gz tor-6c6b0283cbc24f2d3d3bb7139e1cbeb5a35cfedd.zip | |
Ben confirms that the MUST in rfc2631 is only for compatibility with X9.42, and isn't actually a security thing.
svn:r17685
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/crypto.c | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index f35620a7a6..fdccfe1d7b 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1643,13 +1643,6 @@ crypto_dh_compute_secret(crypto_dh_env_t *dh, goto error; } secret_len = result; - /* sometimes secret_len might be less than 128, e.g., 127. that's ok. -RD */ - /* Actually, http://www.faqs.org/rfcs/rfc2631.html says: - * Leading zeros MUST be preserved, so that ZZ occupies as many - * octets as p. For instance, if p is 1024 bits, ZZ should be 128 - * bytes long. - * XXX021 What are the security implications here? -NM - */ if (crypto_expand_key_material(secret_tmp, secret_len, secret_out, secret_bytes_out)<0) goto error; |