new testsuite errors with gcrypt 1.5 and gnutls 2.17.1
wk at gnupg.org
Mon Jul 4 09:18:06 CEST 2011
I see this in gnutls/lib/pk-libgcrypt.c:_wrap_gcry_pk_decrypt
res = gcry_sexp_nth_mpi (s_plain, 0, 0);
This is wrong and worked only because of a bug in Libgcrypt < 1.5.0.
-- Function: gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t LIST,
int NUMBER, int MPIFMT)
This function is used to get and convert data from a LIST. This
data is assumed to be an MPI stored in the format described by
MPIFMT and returned as a standard Libgcrypt MPI. The caller must
release this returned value using `gcry_mpi_release'. If there is
no data at the given index, the index represents a list or the
value can't be converted to an MPI, `NULL' is returned.
[added in 1.5:]
If you use this function to parse results of a public key function,
you most likely want to use `GCRYMPI_FMT_USG'.]
If 0 is passed for MPIFMT a default is used, which is and has always
been GCRYMPI_FMT_STD. This introduces a leading zero byte so that the
integer does not start with the MSB set.
Note that some other code uses gcry_sexp_nth_data and is thus not
affected by this bug fix.
It is the same bug I introduced in GnuPG, thus it is not a surprise that
you find it also in gnutls. I did a web search to check the use of this
function and found that most projects correctly specified the format
they want. I am sorry that I missed to push and update for GnuPG and
didn't notified the gnutls hackers.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel