LTC_ARGCHK 'ltc_mp.name != NULL' failure on line 34 of file src/pk/rsa/rsa_import.c

libtom / libtomcrypt

LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.

Other

1.51k stars 449 forks source link

Prerequisites

[x] Checked the developer manual
[x] Checked that your issue isn't already filed: https://github.com/issues?utf8=✓&q=repo%3Alibtom%2Flibtomcrypt
[x] Checked that your issue isn't related to TomsFastMath's limitation that PK operations can by default only be done with max. 2048bit keys

Description

The function rsa_import aborts the program with the error LTC_ARGCHK 'ltc_mp.name != NULL' failure on line 34 of file src/pk/rsa/rsa_import.c. The issue may and probably affects other functions.

Steps to Reproduce

compile a program using rsa_import with gcc prog.c -o prog -ltomcrypt

run the program and the output is :

LTC_ARGCHK 'ltc_mp.name != NULL' failure on line 34 of file src/pk/rsa/rsa_import.c
Aborted

Example of basic C program that is affected by the issue :

#include <stdio.h>
#include <string.h>
#include <tomcrypt.h>

int main(void) {
    char pub_key_base64[] = "public key goes here as base64";

    unsigned long key_size = 294;
    unsigned char pub_key_bytes[key_size];

    base64_decode(pub_key_base64, strlen(pub_key_base64), pub_key_bytes, &key_size);

    rsa_key pub_key;
    rsa_import(pub_key_bytes, key_size, &pub_key); // abort occurs here

    return 0;
}

Version

1.18.2

Additionnal information

The issue was tested on Debian with the library installed via both a sudo apt install libtomcrypt-dev and a clone of the repo followed by a make install.

You forgot to link to an MPI provider resp. set it at runtime.

sudo apt install libtomcrypt-dev

https://packages.debian.org/source/sid/libtomcrypt lists dependencies to libgmp-dev resp. libtommath-dev, i.e. if you want to use the debian default version you have to make sure that one of the two is installed, then also link your application to it and set the MPI provider at runtime in your source code as shown in the developer manual.

a clone of the repo followed by a make install

In case you simply clone this repo and run make install no MPI provider will be enabled. Please check the developer manual for further details on how to enable one (or multiple) MPI provider(s) and also how to set it at runtime.

libtom / libtomcrypt