From ae5b0e1fc190118957e2eaa4f4c71424adbf9c6e Mon Sep 17 00:00:00 2001
From: Fedor Indutny <fedor.indutny@gmail.com>
Date: Mon, 18 Jun 2012 00:14:20 +0400
Subject: [PATCH] crypto: add padding to diffie-hellman key

DH_size returns number of bytes in a prime number, DH_compute_key returns number
of bytes in a remainder of exponent, which may have less bytes than a prime
number. Therefore add 0-padding to the allocated buffer.

Fixes #3372
---
 src/node_crypto.cc          |  9 ++++++++
 test/pummel/test-dh-regr.js | 41 +++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 test/pummel/test-dh-regr.js

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index e58981b330..2311aa9614 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -3959,6 +3959,15 @@ class DiffieHellman : public ObjectWrap {
 
     Local<Value> outString;
 
+    // DH_size returns number of bytes in a prime number
+    // DH_compute_key returns number of bytes in a remainder of exponent, which
+    // may have less bytes than a prime number. Therefore add 0-padding to the
+    // allocated buffer.
+    if (size != dataSize) {
+      assert(dataSize > size);
+      memset(data + size, 0, dataSize - size);
+    }
+
     if (size == -1) {
       int checkResult;
       if (!DH_check_pub_key(diffieHellman->dh, key, &checkResult)) {
diff --git a/test/pummel/test-dh-regr.js b/test/pummel/test-dh-regr.js
new file mode 100644
index 0000000000..2e626bd0b7
--- /dev/null
+++ b/test/pummel/test-dh-regr.js
@@ -0,0 +1,41 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+var common = require('../common');
+var assert = require('assert');
+
+var crypto = require('crypto');
+
+var p = crypto.createDiffieHellman(256).getPrime();
+
+for (var i = 0; i < 2000; i++) {
+  var a = crypto.createDiffieHellman(p),
+      b = crypto.createDiffieHellman(p);
+
+  a.generateKeys();
+  b.generateKeys();
+
+  assert.equal(
+    a.computeSecret(b.getPublicKey()),
+    b.computeSecret(a.getPublicKey()),
+    'secrets should be equal!'
+  );
+}