merge of '17ebb8fd6cdfe0a743092b2bf5b039a351cc23be'

     and '76da4a953201fc0f0b510ea82d5a3986ec8ab44a'

4 files changed, 19 insertions, 6 deletions

diff --git a/src/entropy/unix_procs/es_unix.cpp b/src/entropy/unix_procs/es_unix.cpp
index cf7e0a8e5..124a08da7 100644
--- a/src/entropy/unix_procs/es_unix.cpp
+++ b/src/entropy/unix_procs/es_unix.cpp
@@ -68,6 +68,7 @@ u32bit Unix_EntropySource::fast_poll(byte buf[], u32bit length)
    for(u32bit j = 0; stat_targets[j]; j++)
       {
       struct stat statbuf;
+      clear_mem(&statbuf, 1);
       ::stat(stat_targets[j], &statbuf);
       buf_i = xor_into_buf(buf, buf_i, length, statbuf);
       }
diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp
index b5f2af6d3..e5db17df6 100644
--- a/src/pk_pad/eme1/eme1.cpp
+++ b/src/pk_pad/eme1/eme1.cpp
@@ -42,6 +42,14 @@ SecureVector<byte> EME1::pad(const byte in[], u32bit in_length,
 SecureVector<byte> EME1::unpad(const byte in[], u32bit in_length,
                                u32bit key_length) const
    {
+   /*
+   Must be careful about error messages here; if an attacker can
+   distinguish them, it is easy to use the differences as an oracle to
+   find the secret key, as described in "A Chosen Ciphertext Attack on
+   RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in
+   PKCS #1 v2.0", James Manger, Crypto 2001
+   */
+
    key_length /= 8;
    if(in_length > key_length)
       throw Decoding_Error("Invalid EME1 encoding");
diff --git a/src/pubkey/dl_group/dl_group.h b/src/pubkey/dl_group/dl_group.h
index b999a8c04..2f59f86d9 100644
--- a/src/pubkey/dl_group/dl_group.h
+++ b/src/pubkey/dl_group/dl_group.h
@@ -145,7 +145,7 @@ class BOTAN_DLL DL_Group
       * @param q the prime q
       * @param g the base g
       */
-      DL_Group(const BigInt& p, const BigInt& g, const BigInt& q);
+      DL_Group(const BigInt& p, const BigInt& q, const BigInt& g);
    private:
       static BigInt make_dsa_generator(const BigInt&, const BigInt&);
 
diff --git a/src/pubkey/pubkey/pkcs8.cpp b/src/pubkey/pubkey/pkcs8.cpp
index a79a616a2..179be57fe 100644
--- a/src/pubkey/pubkey/pkcs8.cpp
+++ b/src/pubkey/pubkey/pkcs8.cpp
@@ -87,7 +87,7 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui,
          if(is_encrypted)
             {
             DataSource_Memory params(pbe_alg_id.parameters);
-            PBE* pbe = get_pbe(pbe_alg_id.oid, params);
+            std::auto_ptr<PBE> pbe(get_pbe(pbe_alg_id.oid, params));
 
             User_Interface::UI_Result result = User_Interface::OK;
             const std::string passphrase =
@@ -97,7 +97,8 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui,
                break;
 
             pbe->set_key(passphrase);
-            Pipe decryptor(pbe);
+            Pipe decryptor(pbe.release());
+
             decryptor.process_msg(key_data, key_data.size());
             key = decryptor.read_all();
             }
@@ -172,17 +173,20 @@ void encrypt_key(const Private_Key& key,
    encode(key, raw_key, RAW_BER);
    raw_key.end_msg();
 
-   PBE* pbe = get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE));
+   std::auto_ptr<PBE> pbe(get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE)));
+
    pbe->new_params(rng);
    pbe->set_key(pass);
 
-   Pipe key_encrytor(pbe);
+   AlgorithmIdentifier pbe_algid(pbe->get_oid(), pbe->encode_params());
+
+   Pipe key_encrytor(pbe.release());
    key_encrytor.process_msg(raw_key);
 
    SecureVector<byte> enc_key =
       DER_Encoder()
          .start_cons(SEQUENCE)
-            .encode(AlgorithmIdentifier(pbe->get_oid(), pbe->encode_params()))
+            .encode(pbe_algid)
             .encode(key_encrytor.read_all(), OCTET_STRING)
          .end_cons()
       .get_contents();