libgcrypt 1.7.0 segfault (libcrypt-gcrypt-perl)
Werner Koch
wk at gnupg.org
Fri Apr 22 09:23:25 CEST 2016
On Fri, 22 Apr 2016 02:33, gniibe at fsij.org said:
> For me, easier fix on the libgcrypt side would be:
>
> at encryption, let it return an error for not-initialized key (no
> setkey called before encryption).
I concur. We do this at other places as well, for example in
cipher-ocb.c:
if (!c->marks.key)
return GPG_ERR_INV_STATE; /* Key must have been set first. */
> I don't think modification for encryption by ZERO (which was done in
> older libgcrypt) should be done to keep (undocumented?) backward
> compatibility.
If that was possible, it was clearly a bug. I do not see a problem to
fix it. The fix may actually reveal improper use, for example always
using a ZERO key instead of the desired key.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list