gcry_mpi_invm succeeds if the inverse does not exist

Guido Vranken guidovranken at gmail.com
Thu Sep 3 14:19:22 CEST 2020


The following inputs to gcry_mpi_invm():

36fb5bdb5daa9864113ad8a49a41722fc7003a40b02a13daca6997859c2d8534192ff6c02447
25c88352cfa171fc728503df037c355a6d5588b22e3510b08f10848ad7c0980b400

produces the number:

66CAF1A9A03478A288760C2E05E237F11432BA70BECEE56D942ACCD337470E5D77

But this is incorrect (another library reports the modular inverse does not
exist).

----------

The following inputs to gcry_mpi_invm():

12cf3a8ca3d97bea2f080362600cee355
1c3fddf62aee0be2f6dc2ef8471f1be2e

produces the number:

60A6520F494E6EE6EE436283FB34B945

but it should produce:

1339462644931fd624528ea6b3fb1f985

On Mon, Jun 1, 2020 at 9:39 AM NIIBE Yutaka <gniibe at fsij.org> wrote:

> Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
> > Cryptofuzz is reporting another heap-buffer-overflow issue in
> > _gcry_mpi_invm. I've attached reproducer, original from Guido and
> > as patch applied to tests/basic.c.
>
> My fix of 69b55f87053ce2494cd4b38dc600f867bc4355be was not enough.
> I just push another change:
>
>         6f8b1d4cb798375e6d830fd6b73c71da93ee5f3f
>
> Thank you for your report.
> --
>
> _______________________________________________
> Gcrypt-devel mailing list
> Gcrypt-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20200903/bf2ab177/attachment.html>


More information about the Gcrypt-devel mailing list