gcry_mpi_ec_p_new and its parameter checking

NIIBE Yutaka gniibe at fsij.org
Tue Jan 14 03:28:12 CET 2014

Coefficient a=0 is valid (as secp256k1), but the internal function
_gcry_mpi_ec_p_new doesn't allow me to create the context.

I don't know how much checking of parameters should be done with it,
but checking against a=0 (to be failed) is wrong.

I wrote following patch, as a possible fix.  This will cause two
failures of tests/t-mpi-point.c:

  t-mpi-point: context_alloc: ec_p_new: bad parameter detection failed (1)
  t-mpi-point: context_alloc: ec_p_new: bad parameter detection failed (2)

Adding checking like:

 || !mpi_cmp_ui (p, 0) || !mpi_cmp_ui (p, 1)

makes sense and fix those failures.  But I know that p=2 and p=3 are
also not good, and I wonder.

As it's internal function, I think that it is not expected to check
all wrong combinations of p and a, but some typical failures.

I'd propose just removing checking a==0 and adding checking p==0 and p==1.
Or should we change tests/t-mpi-point.c?

diff --git a/mpi/ec.c b/mpi/ec.c
index 9e007cd..4f35de0 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -495,7 +495,7 @@ _gcry_mpi_ec_p_new (gcry_ctx_t *r_ctx,
   mpi_ec_t ec;
   *r_ctx = NULL;
-  if (!p || !a || !mpi_cmp_ui (a, 0))
+  if (!p || !a)
     return GPG_ERR_EINVAL;
   ctx = _gcry_ctx_alloc (CONTEXT_TYPE_EC, sizeof *ec, ec_deinit);

More information about the Gcrypt-devel mailing list