new testsuite errors with gcrypt 1.5 and gnutls 2.17.1
Andreas Metzler
ametzler at downhill.at.eu.org
Sun Jul 24 16:36:02 CEST 2011
On 2011-07-04 Andreas Metzler <ametzler at downhill.at.eu.org> wrote:
> On 2011-07-04 Werner Koch <wk at gnupg.org> wrote:
> > I see this in gnutls/lib/pk-libgcrypt.c:_wrap_gcry_pk_decrypt
> > bigint_t res;
> > res = gcry_sexp_nth_mpi (s_plain, 0, 0);
> > gcry_sexp_release (s_plain);
> > This is wrong and worked only because of a bug in Libgcrypt < 1.5.0.
> [...]
> > If you use this function to parse results of a public key function,
> > you most likely want to use `GCRYMPI_FMT_USG'.]
[...]
> > Note that some other code uses gcry_sexp_nth_data and is thus not
> > affected by this bug fix.
[...]
> For 2.12.7 [1] and 2.10.5 [2] this fixes one test failure
> (x509self for 2.12 and x509dn for 2.10) while the other errors remain.
> Sorry I am not more helpful than that, I am not a programmer.
> [2]
> ---------------
> --- gnutls26-2.10.5.orig/lib/pk-libgcrypt.c
> +++ gnutls26-2.10.5/lib/pk-libgcrypt.c
> @@ -202,7 +202,7 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorit
> goto cleanup;
> }
> - res = gcry_sexp_nth_mpi (s_plain, 0, 0);
> + res = gcry_sexp_nth_mpi (s_plain, 0, GCRYMPI_FMT_USG);
> if (res == NULL)
> {
> gnutls_assert ();
> ---------------
[...]
Hello,
Well, simply replacing all occurences of gcry_sexp_nth_mpi (..., 0) with
gcry_sexp_nth_mpi (..., GCRYMPI_FMT_USG) fixes the testsuite errors of
both gnutls 2.10.5 and 2.12.7. The other occurences of
gcry_sexp_nth_mpi are all similar to this one:
----------------------------
static int
_wrap_gcry_pk_encrypt([...])
[...]
gcry_sexp_t s_ciph = NULL, s_data = NULL, s_pkey = NULL;
[...]
gcry_sexp_t list;
[use gcry_sexp_build to fill s_pkey, s_ciph, s_data ]
/* pass it to libgcrypt */
rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
[...]
list = gcry_sexp_find_token (s_ciph, "a", 0);
res = gcry_sexp_nth_mpi (list, 1, 0)
----------------------------
Is changing this to "res = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);"
the proper fix, or does it just seem to work accidentally?
cu andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls-2.10.5+gcrypt1.5.patch
Type: text/x-diff
Size: 4448 bytes
Desc: not available
URL: </pipermail/attachments/20110724/59552779/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls-2.12.7+gcrypt1.5.patch
Type: text/x-diff
Size: 4568 bytes
Desc: not available
URL: </pipermail/attachments/20110724/59552779/attachment-0001.patch>
More information about the Gcrypt-devel
mailing list