Problem with gcry_sexp_build

Rüdiger Sonderfeld cplusplushelp@gmx.net
Sat, 3 Aug 2002 13:37:00 +0200 

On Friday, 2. August 2002 11:35, you wrote:
> You are dereferencing a pad pointer, either pkey[0] or pkey[1]. 

Now I have another problem.

I'm using the key_from_sexp function (see gnupg-1.1.2/g10/keygen.c) to 
extract the private RSA Key

wcrypt_key_from_sexp(key->prikey,key_,"private-key","nedpqu");

then I use this function

int wcrypt_pkencrypt(enum pkalgo alg,unsigned char*sdata,size_t
ndata,unsigned char*to,size_t nto,pkkey key)
{
  GCRY_SEXP list,s_pkey,s_data,s_ciph;
  GCRY_MPI* pkey=key.pubkey;
  GCRY_MPI data,resarr[2];

  gcry_mpi_scan(&data,GCRYMPI_FMT_USG,sdata,&ndata);
  switch(alg)
  {
  case GCRY_PK_ELG:
  case GCRY_PK_ELG_E:
    if(gcry_sexp_build ( &s_pkey, NULL,
                         "(public-key(elg(p%m)(g%m)(y%m)))",
                         pkey[0], pkey[1], pkey[2] ))
      return 1;
    break;
  case GCRY_PK_RSA:
    if(gcry_sexp_build( &s_pkey, NULL, 
                        "(public-key(rsa(n%m)(e%m)))",
                        pkey[0] /* n */, pkey[1] /* e */ )) /*here the 
SEGFAULT happens!*/
      return 1;
    break;
  default:
    return 1;
  }
  /* put the data into a simple list */
  if ( gcry_sexp_build( &s_data, NULL, "%m", data ) )
    return 1;
  
  /* pass it to libgcrypt */
  gcry_pk_encrypt( &s_ciph, s_data, s_pkey ); //here
  gcry_sexp_release( s_data );
  gcry_sexp_release( s_pkey );
  
  /* extract the MPI values */        
  list = gcry_sexp_find_token( s_ciph, "a" , 0 );
  if(!list)
    return 1;
  resarr[0] = gcry_sexp_nth_mpi( list, 1, 0 );
  if(!resarr[0])
    return 1;
  gcry_sexp_release ( list );
  
  list = gcry_sexp_find_token( s_ciph, "b" , 0 );
  if(!list)
    return 1;
  resarr[1] = gcry_sexp_nth_mpi( list, 1, 0 );
  if(!resarr[1])
    return 1;
  gcry_sexp_release ( list );
  gcry_mpi_print(GCRYMPI_FMT_USG,to,&nto,resarr[0]);
  return 0;
}

to encrypt some data. But I recive a segmentation fault 

Program received signal SIGSEGV, Segmentation fault.
0x4008e9bb in malloc () from /lib/libc.so.6
(gdb) where
#0  0x4008e9bb in malloc () from /lib/libc.so.6
#1  0x4008e074 in malloc () from /lib/libc.so.6
#2  0x401469ba in _gcry_private_malloc (n=136) at stdmem.c:68
#3  0x40144155 in gcry_malloc (n=136) at global.c:367
#4  0x4014435d in gcry_xmalloc (n=136) at global.c:457
#5  0x4016c715 in _gcry_mpi_alloc_limb_space (nlimbs=34, secure=0)
    at mpiutil.c:84
#6  0x4016994e in gcry_mpi_powm (res=0x804a37c, base=0x804a80c, 
exp=0x804a7dc, 
    mod=0x804a754) at mpi-pow.c:156
#7  0x401612d6 in public (output=0x804a37c, input=0x804a80c, pkey=0xbffff448)
    at rsa.c:227
#8  0x40161557 in _gcry_rsa_encrypt (algo=1, resarr=0x804a82c, 
data=0x804a80c, 
    pkey=0x804a6e4) at rsa.c:403
#9  0x40149a1a in pubkey_encrypt (algo=1, resarr=0x804a82c, data=0x804a80c, 
    pkey=0x804a6e4) at pubkey.c:540
#10 0x4014a622 in gcry_pk_encrypt (r_ciph=0xbffff508, s_data=0x804a4c4, 
    s_pkey=0x804a4ec) at pubkey.c:982
#11 0x4001e379 in wcrypt_pkencrypt () from /usr/lib/libwcrypt.so
#12 0x08048888 in main (argc=2, argv=0xbffffdc4) at ppd1.c:23

if I change the string "nedpqu" to "ne" I recive a segmentation fault because 
I'm dereferencing a bad pointer in the decrypt function

rc = gcry_sexp_build ( &s_skey, NULL,
			   "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
			   skey[0], skey[1], skey[2], skey[3], skey[4], skey[5] );

What is wrong?