gcry_mpi_invm succeeds if the inverse does not exist

Guido Vranken guidovranken at gmail.com
Tue Jan 26 08:40:53 CET 2021


Reminder that invmod is still broken and has been for a long time.

On Thu, Sep 3, 2020 at 2:19 PM Guido Vranken <guidovranken at gmail.com> wrote:

> The following inputs to gcry_mpi_invm():
>
>
> 36fb5bdb5daa9864113ad8a49a41722fc7003a40b02a13daca6997859c2d8534192ff6c02447
> 25c88352cfa171fc728503df037c355a6d5588b22e3510b08f10848ad7c0980b400
>
> produces the number:
>
> 66CAF1A9A03478A288760C2E05E237F11432BA70BECEE56D942ACCD337470E5D77
>
> But this is incorrect (another library reports the modular inverse does
> not exist).
>
> ----------
>
> The following inputs to gcry_mpi_invm():
>
> 12cf3a8ca3d97bea2f080362600cee355
> 1c3fddf62aee0be2f6dc2ef8471f1be2e
>
> produces the number:
>
> 60A6520F494E6EE6EE436283FB34B945
>
> but it should produce:
>
> 1339462644931fd624528ea6b3fb1f985
>
> On Mon, Jun 1, 2020 at 9:39 AM NIIBE Yutaka <gniibe at fsij.org> wrote:
>
>> Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
>> > Cryptofuzz is reporting another heap-buffer-overflow issue in
>> > _gcry_mpi_invm. I've attached reproducer, original from Guido and
>> > as patch applied to tests/basic.c.
>>
>> My fix of 69b55f87053ce2494cd4b38dc600f867bc4355be was not enough.
>> I just push another change:
>>
>>         6f8b1d4cb798375e6d830fd6b73c71da93ee5f3f
>>
>> Thank you for your report.
>> --
>>
>> _______________________________________________
>> Gcrypt-devel mailing list
>> Gcrypt-devel at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20210126/c7e834cc/attachment.html>


More information about the Gcrypt-devel mailing list