new testsuite errors with gcrypt 1.5 and gnutls 2.17.1

Werner Koch wk at
Mon Jul 4 09:18:06 CEST 2011


I see this in gnutls/lib/pk-libgcrypt.c:_wrap_gcry_pk_decrypt

      bigint_t res;
      res = gcry_sexp_nth_mpi (s_plain, 0, 0);
      gcry_sexp_release (s_plain);

This is wrong and worked only because of a bug in Libgcrypt < 1.5.0.

 -- Function: gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t LIST,
          int NUMBER, int MPIFMT)
     This function is used to get and convert data from a LIST. This
     data is assumed to be an MPI stored in the format described by
     MPIFMT and returned as a standard Libgcrypt MPI.  The caller must
     release this returned value using `gcry_mpi_release'.  If there is
     no data at the given index, the index represents a list or the
     value can't be converted to an MPI, `NULL' is returned. 
     [added in 1.5:]
     If you use this function to parse results of a public key function,
     you most likely want to use `GCRYMPI_FMT_USG'.]

If 0 is passed for MPIFMT a default is used, which is and has always
been GCRYMPI_FMT_STD.  This introduces a leading zero byte so that the
integer does not start with the MSB set.

Note that some other code uses gcry_sexp_nth_data and is thus not
affected by this bug fix.

It is the same bug I introduced in GnuPG, thus it is not a surprise that
you find it also in gnutls.  I did a web search to check the use of this
function and found that most projects correctly specified the format
they want.  I am sorry that I missed to push and update for GnuPG and
didn't notified the gnutls hackers.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list