rbxii3/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2026-01-05 01:20:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

log the nonce value at DEBUG instead of INFO (#6001)

Browse Source 
you're leaking the nonce to stdout, if your logs are routed to a folder, this logs the nonce every time, leading to replay attack surface area being higher. Changed to debug.
This commit is contained in:
lizthedeveloper
2025-02-06 16:29:48 -08:00
committed by GitHub
parent cb0519dd9c
commit 4a6a0efcfd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/mesh/CryptoEngine.cpp
View File

@@ -74,7 +74,7 @@ bool CryptoEngine::encryptCurve25519(uint32_t toNode, uint32_t fromNode, meshtas
auth = bytesOut + numBytes; auth = bytesOut + numBytes;
memcpy((uint8_t *)(auth + 8), &extraNonceTmp, memcpy((uint8_t *)(auth + 8), &extraNonceTmp,
sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : *extraNonce = extraNonceTmp; sizeof(uint32_t)); // do not use dereference on potential non aligned pointers : *extraNonce = extraNonceTmp;
LOG_INFO("Random nonce value: %d", extraNonceTmp); LOG_DEBUG("Random nonce value: %d", extraNonceTmp);
if (remotePublic.size == 0) { if (remotePublic.size == 0) {
LOG_DEBUG("Node %d or their public_key not found", toNode); LOG_DEBUG("Node %d or their public_key not found", toNode);
return false; return false;