ECDH loads parameters as signed

Ján Jančár jancar.jj at
Wed Oct 31 12:10:52 CET 2018

On 31/10/2018 00:32, Ján Jančár wrote:
> On 29/10/2018 17:44, Werner Koch wrote:
>> On Mon, 29 Oct 2018 15:41, jancar.jj at said:
>>> Any updates on this? Such exporting and loading parameters back should
>>> work. The same problem appears in ECDSA.
>> I considered to include this in 1.8.4 but given that I have seen no
>> further comments your patch first needs closer investigations.  We need
>> to check the history to see why the code was written this way.  Even if
>> your issue is a bug (in the sense of a wrong/different implementation)
>> we can't simply change it and risk that other applications break.
> The use of sexp_extract_param with the signed prefix was introduced in
> 6bd5d18c, which moved the sexp parsing from gcry_pk_encrypt to
> ecc_encrypt_raw. Previously the keyparams S-exp was parsed using a loop and:
> gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_STD);
> as in 6bd5d18c: cipher/pubkey.c (sexp_elements_extract_ecc).
> However, before 6bd5d18c, which introduced eddsa, this was done using:

Sorry, the eddsa introduction should have been commit 63cd34744,
mis-copied the id.

Ján Jančár

More information about the Gcrypt-devel mailing list