new testsuite errors with gcrypt 1.5 and gnutls 2.17.1
Andreas Metzler
ametzler at downhill.at.eu.org
Mon Jul 4 19:51:46 CEST 2011
On 2011-07-04 Werner Koch <wk at gnupg.org> wrote:
> I see this in gnutls/lib/pk-libgcrypt.c:_wrap_gcry_pk_decrypt
> bigint_t res;
> res = gcry_sexp_nth_mpi (s_plain, 0, 0);
> gcry_sexp_release (s_plain);
> This is wrong and worked only because of a bug in Libgcrypt < 1.5.0.
[...]
> If you use this function to parse results of a public key function,
> you most likely want to use `GCRYMPI_FMT_USG'.]
> If 0 is passed for MPIFMT a default is used, which is and has always
> been GCRYMPI_FMT_STD. This introduces a leading zero byte so that the
> integer does not start with the MSB set.
> Note that some other code uses gcry_sexp_nth_data and is thus not
> affected by this bug fix.
Hello,
thanks.
For 2.12.7 [1] and 2.10.5 [2] this fixes one test failure
(x509self for 2.12 and x509dn for 2.10) while the other errors remain.
Sorry I am not more helpful than that, I am not a programmer.
> It is the same bug I introduced in GnuPG, thus it is not a surprise that
> you find it also in gnutls. I did a web search to check the use of this
> function and found that most projects correctly specified the format
> they want.
[...]
If you were wondering what projects were using gcry_sexp_nth_mpi, here
is the list of packages build-depending on libgcrypt11-dev and using
the function:
gnome-keyring-3.0.3 libotr-3.2.0 openvas-libnasl-2.0.2 gnunet-0.8.1b
libspectrum-1.0.0 libgwenhywfar-4.1.0 gnupg2-2.0.17 forked-daapd-0.17
teleport-0.34 libdisplaymigration-0.28 and gnutls.
cu andreas
[1]
---------------
--- gnutls26-2.12.7.orig/lib/gcrypt/pk.c
+++ gnutls26-2.12.7/lib/gcrypt/pk.c
@@ -202,7 +202,7 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorit
goto cleanup;
}
- res = gcry_sexp_nth_mpi (s_plain, 0, 0);
+ res = gcry_sexp_nth_mpi (s_plain, 0, GCRYMPI_FMT_USG);
if (res == NULL)
{
gnutls_assert ();
---------------
[2]
---------------
--- gnutls26-2.10.5.orig/lib/pk-libgcrypt.c
+++ gnutls26-2.10.5/lib/pk-libgcrypt.c
@@ -202,7 +202,7 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorit
goto cleanup;
}
- res = gcry_sexp_nth_mpi (s_plain, 0, 0);
+ res = gcry_sexp_nth_mpi (s_plain, 0, GCRYMPI_FMT_USG);
if (res == NULL)
{
gnutls_assert ();
---------------
More information about the Gcrypt-devel
mailing list