new libgcrypt

[Nikos Mavroyanopoulos]

On Thu, Aug 07, 2003 at 01:45:42PM +0200, Moritz Schulte wrote:

> > This fixes the segmentation fault, but the RSA decryption is not
> > done correctly so gnutls no longer works.
> Could you provide the S-Expressions that did not work - or maybe even
> a small test program that triggers the bug?

The code that fails is:

static 
int _gnutls_pk_decrypt(int algo, GNUTLS_MPI * resarr, GNUTLS_MPI data, GNUTLS_MPI * pkey, int pkey_len)
{
	gcry_sexp_t s_plain, s_data, s_pkey;
	int rc=-1;

	/* make a sexp from pkey */
	switch (algo) {
	case GCRY_PK_RSA:
		if (pkey_len >=6)
			rc = gcry_sexp_build(&s_pkey, NULL,
				     "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
				     pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]);

		break;

	default:
		gnutls_assert();
		return GNUTLS_E_INTERNAL_ERROR;
	}

	if (rc != 0) {
		gnutls_assert();
		return GNUTLS_E_INTERNAL_ERROR;
	}

	/* put the data into a simple list */
	if (gcry_sexp_build(&s_data, NULL, "(enc-val(rsa(a%m)))", data)) {
		gnutls_assert();
		gcry_sexp_release(s_pkey);
		return GNUTLS_E_INTERNAL_ERROR;
	}

	/* pass it to libgcrypt */
	rc = gcry_pk_decrypt(&s_plain, s_data, s_pkey);
	gcry_sexp_release(s_data);
	gcry_sexp_release(s_pkey);

---->Here the strerror on rc shows: "Missing item in object"
	if (rc != 0) {
		gnutls_assert();
		return GNUTLS_E_PK_ENCRYPTION_FAILED;

	} else { /* add better error handling or make gnupg use S-Exp directly */
		resarr[0] = gcry_sexp_nth_mpi(s_plain, 0, 0);

		if (resarr[0] == NULL) {
			gnutls_assert();
			gcry_sexp_release(s_plain);
			return GNUTLS_E_INTERNAL_ERROR;
		}
	}

	gcry_sexp_release(s_plain);
	return rc;
}



> Thanks,
> 		moritz
> -- 
> ((gpg-key-id . "6F984199")
>  (email      . "moritz@duesseldorf.ccc.de")
>  (webpage    . "http://duesseldorf.ccc.de/~moritz/"))

-- 
Nikos Mavroyanopoulos