mpi_swap_cond: different sizes error on eddsa key generation

NIIBE Yutaka gniibe at fsij.org
Sat Nov 26 00:11:04 CET 2016


Hello,

Since mpi_swap_cond was introduced by me, it is highly likely it's my
bug.

Please note that it has been used by GnuPG 2.1.

On 11/25/2016 11:15 PM, Kostis Andrikopoulos wrote:
> Thanks for the quick reply! I just compiled our library with the fix you
> suggested. Unfortunately it made no difference. We still get the same
> error message at the same function call.
> 
> I should note again that what we did (before the fix) was working in
> version 1.6.5. It also worked in version 1.7.3 when we isolated the code
> from the rest of the library. The fix you suggested unfortunately made
> no difference.

I see.

I check the code again.  The point I suggested does not matter, because
parsing flags by the function ecc_generate in ecc.c is tolerant enough.

> Should the version before the fix even work in the first place?

Yes.

> Is the code portion we provided enough or should we send more
> information?

We need a reproducible test case.  The smaller is the better, but it
is OK to be large if it is reproducible.

If it's difficult, please run your application on debugger and show
stack trace on the error (e.g., bt command in GDB).

Or..., could you give me information on:
Is the call sequence following?

    ...
    -> ecc_generate
    -> _gcry_ecc_eddsa_genkey
    -> _gcry_mpi_ec_mul_point
    -> point_swap_cond
    -> mpi_swap_cond
    -> log_bug
-- 



More information about the Gcrypt-devel mailing list