mpi_swap_cond: different sizes error on eddsa key generation

Werner Koch wk at
Tue Dec 20 19:01:43 CET 2016

On Tue, 20 Dec 2016 05:53, gniibe at said:

> If such a thing could occur, we need to change libgcrypt so that
> _gcry_mpi_assign_limb_space should be always called with memory of
> no-smaller size than the original.

I guess that will be quite some work.  For robustness this would be a
good thing but it has the drawbacks

 a) we add new code and thus may introduce bugs
 b) we may need more secure memory

Given that 1.7.4 enlarges the secmem as needed, it might be easier if
OTR drops their own memory handler.  The code is also questionable
because the wiping does not work - the memset calls will be elided by
the compiler.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161220/3a0e9f5c/attachment.sig>

More information about the Gcrypt-devel mailing list