gcry_mpi_ec_p_new and its parameter checking
gniibe at fsij.org
Tue Jan 14 03:28:12 CET 2014
Coefficient a=0 is valid (as secp256k1), but the internal function
_gcry_mpi_ec_p_new doesn't allow me to create the context.
I don't know how much checking of parameters should be done with it,
but checking against a=0 (to be failed) is wrong.
I wrote following patch, as a possible fix. This will cause two
failures of tests/t-mpi-point.c:
t-mpi-point: context_alloc: ec_p_new: bad parameter detection failed (1)
t-mpi-point: context_alloc: ec_p_new: bad parameter detection failed (2)
Adding checking like:
|| !mpi_cmp_ui (p, 0) || !mpi_cmp_ui (p, 1)
makes sense and fix those failures. But I know that p=2 and p=3 are
also not good, and I wonder.
As it's internal function, I think that it is not expected to check
all wrong combinations of p and a, but some typical failures.
I'd propose just removing checking a==0 and adding checking p==0 and p==1.
Or should we change tests/t-mpi-point.c?
diff --git a/mpi/ec.c b/mpi/ec.c
index 9e007cd..4f35de0 100644
@@ -495,7 +495,7 @@ _gcry_mpi_ec_p_new (gcry_ctx_t *r_ctx,
*r_ctx = NULL;
- if (!p || !a || !mpi_cmp_ui (a, 0))
+ if (!p || !a)
ctx = _gcry_ctx_alloc (CONTEXT_TYPE_EC, sizeof *ec, ec_deinit);
More information about the Gcrypt-devel