gpgsm --gen-key segfault with ECC key on smartcard

Bertrand Jacquin bertrand at jacquin.bzh
Fri Oct 30 22:22:34 CET 2015


Hi Werner,

On Wed, Oct 28, 2015 at 11:28:34AM +0100, Werner Koch wrote:
> On Mon, 26 Oct 2015 15:34, bertrand at jacquin.bzh said:
> > On 19/08/2015 22:27, Bertrand Jacquin wrote:
> 
> >> I'm getting a SEGV running gpgsm --gen-key with GnuPG 2.1.6. The issue
> >> comes from libksba. Here is a backtrace:
> 
> Thanks for the data.  I can't replicate this right now but the backtrace
> was helpful enough.  The attached patch to libksba should fix the segv.
> I look into extending the table of curve names.

Thanks for this. I've just tested that and in fact I'm not getting a
SEGV anymore. Instead, I'm getting the following error:

  Proceed with creation? (y/N) y
  Now creating self-signed certificate.  This may take a while ...
  gpgsm: error setting the siginfo: Wrong public key algorithm
  gpgsm: error creating certificate request: Wrong public key algorithm
  <GpgSM>

Is this expected for EdDSA keys ?

Cheers,

> Shalom-Salam,
> 
>    Werner
> 
> ========
> From 9df0ac3a4afa0272dbff08d17e9064f13be95814 Mon Sep 17 00:00:00 2001
> From: Werner Koch <wk at gnupg.org>
> Date: Wed, 28 Oct 2015 11:18:59 +0100
> Subject: [PATCH] Fix lookup of ECC OIDs by name.
> 
> * src/keyinfo.c (get_ecc_curve_oid): Fix obviously never tested table
> lookup.
> --
> 
> This led to a crash see
>  https://lists.gnupg.org/pipermail/gnupg-devel/2015-October/030445.html
> 
> The fix is obvious but I do not have test data for this.
> 
> Signed-off-by: Werner Koch <wk at gnupg.org>
> ---
>  src/keyinfo.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/src/keyinfo.c b/src/keyinfo.c
> index 02dc7ae..3ea0cfa 100644
> --- a/src/keyinfo.c
> +++ b/src/keyinfo.c
> @@ -322,10 +322,10 @@ get_ecc_curve_oid (const unsigned char *buf, size_t buflen, size_t *r_oidlen)
>          if (buflen == strlen (curve_names[i].name)
>              && !memcmp (buf, curve_names[i].name, buflen))
>            break;
> -      if (curve_names[i].oid)
> +      if (!curve_names[i].oid)
>          return NULL; /* Not found.  */
> -      buf = curve_names[i].name;
> -      buflen = strlen (curve_names[i].name);
> +      buf = curve_names[i].oid;
> +      buflen = strlen (curve_names[i].oid);
>      }
>  
>    if (_ksba_oid_from_buf (buf, buflen, &der_oid, r_oidlen))
> -- 
> 2.1.4
> 
> 
> -- 
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> 

-- 
Bertrand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Digital signature
URL: </pipermail/attachments/20151030/9556d136/attachment-0001.sig>


More information about the Gnupg-devel mailing list