Giters

libtom / libtomcrypt

LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.

Home Page:https://www.libtom.net

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

LTC_ARGCHK 'ltc_mp.name != NULL' failure on line 34 of file src/pk/rsa/rsa_import.c

CypElf opened this issue · comments

commented

Prerequisites

Description

The function rsa_import aborts the program with the error LTC_ARGCHK 'ltc_mp.name != NULL' failure on line 34 of file src/pk/rsa/rsa_import.c. The issue may and probably affects other functions.

Steps to Reproduce

  • compile a program using rsa_import with gcc prog.c -o prog -ltomcrypt
  • run the program and the output is :
LTC_ARGCHK 'ltc_mp.name != NULL' failure on line 34 of file src/pk/rsa/rsa_import.c
Aborted

Example of basic C program that is affected by the issue :

#include <stdio.h>
#include <string.h>
#include <tomcrypt.h>

int main(void) {
    char pub_key_base64[] = "public key goes here as base64";

    unsigned long key_size = 294;
    unsigned char pub_key_bytes[key_size];

    base64_decode(pub_key_base64, strlen(pub_key_base64), pub_key_bytes, &key_size);

    rsa_key pub_key;
    rsa_import(pub_key_bytes, key_size, &pub_key); // abort occurs here

    return 0;
}

Version

1.18.2

Additionnal information

The issue was tested on Debian with the library installed via both a sudo apt install libtomcrypt-dev and a clone of the repo followed by a make install.

commented

You forgot to link to an MPI provider resp. set it at runtime.

sudo apt install libtomcrypt-dev

https://packages.debian.org/source/sid/libtomcrypt lists dependencies to libgmp-dev resp. libtommath-dev, i.e. if you want to use the debian default version you have to make sure that one of the two is installed, then also link your application to it and set the MPI provider at runtime in your source code as shown in the developer manual.

a clone of the repo followed by a make install

In case you simply clone this repo and run make install no MPI provider will be enabled. Please check the developer manual for further details on how to enable one (or multiple) MPI provider(s) and also how to set it at runtime.

commented

As soon as #606 is merged you can find the latest version of the developer manual as artifact of the latest CI run.