mpi_swap_cond: different sizes error on eddsa key generation
Kostis Andrikopoulos
el11151 at mail.ntua.gr
Sun Dec 18 22:55:14 CET 2016
Hello again,
Thanks for the thorough explanation of the code related to the bug. I
think i have isolated the buggy code enough to be able to reach some
conclusions.
To give some context, our library is a fork of the libotr library. So
there is a possibility that it is not an actual bug of the gcrypt but an
error in libotr (however it worked correctly with an older gcrypt version).
The bug appears to be introduced when libotr sets a custom allocation
handler for the secure memory. This might explain why either
a->nlimbs > b->alloced
or
b->nlimbs > a->alloced
when it shouldn't, since it might change the way those objects are
stored in memory from how gcrypt excepts them to be.
In any case i included a not-so-minimal testcase that might help you. I
ran the code in libgcrypt version 1.7.3 and compiled with
gcc -o test main.c chat_sign.c mem.c `libgcrypt-config --libs`
When i run ./test the following error appears
Ohhhh jeeee: mpi_swap_cond: different sizes
[1] 16198 abort (core dumped) ./test
When you remove the call to otrl_mem_init() and compile, the programme
should finish with no errors.
Hope this helps.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gcry.tar
Type: application/x-tar
Size: 20480 bytes
Desc: not available
URL: </pipermail/attachments/20161218/93d2aa0e/attachment-0001.tar>
More information about the Gcrypt-devel
mailing list