Niibe writes:
Sorry, I was not reading the code of GNUnet well. I overlooked how the
eddsa_d_to_a function was written and its intention. I read it again.
Indeed, the eddsa_d_to_a function tries to handle the case where
gcry_mpi_print returns rawmpilen < 32, putting "left pad" by DIGEST.
The problem is:
DIGEST is not cleared (although comment says so).
I think that the stack had zero-byte for some reason on your 32-bit
machine.
Here is the correction. Clear DIGEST, as comment says.
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index
8d9091b23..
280603234 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -1273,24 +1273,15 @@ eddsa_d_to_a (gcry_mpi_t d)
b = 256 / 8; /* number of bytes in `d` */
+ memset (hvec, 0, sizeof hvec);
/* Note that we clear DIGEST so we can use it as input to left pad
the key with zeroes for hashing. */
- memset (hvec, 0, sizeof hvec);
+ memset (digest, 0, sizeof digest);
rawmpilen = sizeof (rawmpi);
GNUNET_assert (0 ==
gcry_mpi_print (GCRYMPI_FMT_USG,
rawmpi, rawmpilen, &rawmpilen,
d));
- if (rawmpilen < 32)
- {
- memmove (rawmpi + 32 - rawmpilen,
- rawmpi,
- rawmpilen);
- memset (rawmpi,
- 0,
- 32 - rawmpilen);
- rawmpilen = 32;
- }
hvec[0].data = digest;
hvec[0].off = 0;
hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0;
--