Hi,
I'm one of the upstream developers.
We believe we fixed this in our development branch for the next release, which
should be out in a few days. In case you want to test the fix right now, the
patch is attached.
We plan to add a big-endian machine to our buildbot installation in the next
future, in order to catch this kind of problem before the code is released.
Thanks for your report,
Manuel.
diff --git a/library/bignum.c b/library/bignum.c
index 012e9e3..af04883 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1773,16 +1773,27 @@ cleanup:
return( ret );
}
+/*
+ * Fill X with size bytes of random.
+ *
+ * Use a temporary bytes representation to make sure the result is the same
+ * regardless of the platform endianness (usefull when f_rng is actually
+ * deterministic, eg for tests).
+ */
int mpi_fill_random( mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
+ unsigned char *buf;
- MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( size ) ) );
- MPI_CHK( mpi_lset( X, 0 ) );
+ if( ( buf = polarssl_malloc( size ) ) == NULL )
+ return( POLARSSL_ERR_MPI_MALLOC_FAILED );
+
+ MPI_CHK( f_rng( p_rng, buf, size ) );
+ MPI_CHK( mpi_read_binary( X, buf, size ) );
- MPI_CHK( f_rng( p_rng, (unsigned char *) X->p, size ) );
+ polarssl_free( buf );
cleanup:
return( ret );
