mpi_swap_cond: different sizes error on eddsa key generation
Werner Koch
wk at gnupg.org
Tue Dec 20 19:01:43 CET 2016
On Tue, 20 Dec 2016 05:53, gniibe at fsij.org said:
> If such a thing could occur, we need to change libgcrypt so that
> _gcry_mpi_assign_limb_space should be always called with memory of
> no-smaller size than the original.
I guess that will be quite some work. For robustness this would be a
good thing but it has the drawbacks
a) we add new code and thus may introduce bugs
b) we may need more secure memory
Given that 1.7.4 enlarges the secmem as needed, it might be easier if
OTR drops their own memory handler. The code is also questionable
because the wiping does not work - the memset calls will be elided by
the compiler.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161220/3a0e9f5c/attachment.sig>
More information about the Gcrypt-devel
mailing list