[or-cvs] r17685: {tor} Ben confirms that the MUST in rfc2631 is only for compatibil (tor/trunk/src/common)

nickm at seul.org nickm at seul.org
Thu Dec 18 16:11:17 UTC 2008


Author: nickm
Date: 2008-12-18 11:11:16 -0500 (Thu, 18 Dec 2008)
New Revision: 17685

Modified:
   tor/trunk/src/common/crypto.c
Log:
Ben confirms that the MUST in rfc2631 is only for compatibility with X9.42, and isn't actually a security thing.

Modified: tor/trunk/src/common/crypto.c
===================================================================
--- tor/trunk/src/common/crypto.c	2008-12-18 16:11:12 UTC (rev 17684)
+++ tor/trunk/src/common/crypto.c	2008-12-18 16:11:16 UTC (rev 17685)
@@ -1643,13 +1643,6 @@
     goto error;
   }
   secret_len = result;
-  /* sometimes secret_len might be less than 128, e.g., 127. that's ok. -RD */
-  /* Actually, http://www.faqs.org/rfcs/rfc2631.html says:
-   *   Leading zeros MUST be preserved, so that ZZ occupies as many
-   *   octets as p. For instance, if p is 1024 bits, ZZ should be 128
-   *   bytes long.
-   * XXX021 What are the security implications here? -NM
-   */
   if (crypto_expand_key_material(secret_tmp, secret_len,
                                  secret_out, secret_bytes_out)<0)
     goto error;



More information about the tor-commits mailing list