From 25918381ad4375f71836a44e3cc2b6a653c8979c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 21 Feb 2009 12:45:18 +1100 Subject: - djm@cvs.openbsd.org 2009/02/18 04:31:21 [schnorr.c] signature should hash over the entire group, not just the generator (this is still disabled code) --- ChangeLog | 6 +++++- schnorr.c | 6 ++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a659a62a3..3bad0fc03 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,10 @@ - djm@cvs.openbsd.org 2009/02/17 01:28:32 [ssh_config] sync with revised default ciphers; pointed out by dkrause@ + - djm@cvs.openbsd.org 2009/02/18 04:31:21 + [schnorr.c] + signature should hash over the entire group, not just the generator + (this is still disabled code) 20090216 - (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh] @@ -5177,5 +5181,5 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5198 2009/02/21 01:45:02 djm Exp $ +$Id: ChangeLog,v 1.5199 2009/02/21 01:45:18 djm Exp $ diff --git a/schnorr.c b/schnorr.c index e3abe5702..546975072 100644 --- a/schnorr.c +++ b/schnorr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: schnorr.c,v 1.1 2008/11/04 08:22:13 djm Exp $ */ +/* $OpenBSD: schnorr.c,v 1.2 2009/02/18 04:31:21 djm Exp $ */ /* * Copyright (c) 2008 Damien Miller. All rights reserved. * @@ -81,8 +81,10 @@ schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g, buffer_init(&b); EVP_MD_CTX_init(&evp_md_ctx); - /* h = H(g || g^v || g^x || id) */ + /* h = H(g || p || q || g^v || g^x || id) */ buffer_put_bignum2(&b, g); + buffer_put_bignum2(&b, p); + buffer_put_bignum2(&b, q); buffer_put_bignum2(&b, g_v); buffer_put_bignum2(&b, g_x); buffer_put_string(&b, id, idlen); -- cgit v1.2.3