Hash bug in GnuPG !

disastry at saiknes.lv disastry at saiknes.lv
Mon Mar 26 17:42:08 CEST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

Hash bug in GnuPG !

Hashes in GnuPG are calculated incorrectly for some file sizes,
for example if you sign file with binary sizes:
XXXX XXXX  XX10 00XX  XXXX XXXX  XXXX XXXX  XXXX XXXX
and
XXXX XXX1  00X0 00XX  XXXX XXXX  XXXX XXXX  XXXX XXXX
(X = 1 or 0)
then signature is bad when verified with PGP (2.6.3, 6.5.8, 7.0.3)

this bug is for all hashes: MD5, SHA1, RIPEMD160 (and
probably TIGER - I did not  tested it).


I found it while testing how my modified PGP 2.6.3 with RIPEMD-160 works
with files larger than 4 GB (file was 4294973952 bites)
PGP 2.6.3 signed file correctly but GnuPG said "BAD signature"
Of course I first suspected that fault is in my RIPEMD implementation,
but the same was with MD5 and SHA1 and PGP6.5.8 and 7.0.3 verified
the signatures and did not verified GnuPG, so the bug is in GnuPG !
I tested also "gpg --print-md MD5 file" - it is different than
hash calculated by any other program.


Actually I think I have found and fixed the bug - here is the path:


diff -ur gnupg-1.0.4/cipher/old/md5.c gnupg-1.0.4/cipher/md5.c
--- gnupg-1.0.4/cipher/old/md5.c	Fri Jan 14 19:25:56 2000
+++ gnupg-1.0.4/cipher/md5.c	Mon Mar 26 16:55:52 2001
@@ -260,15 +260,13 @@
 
     msb = 0;
     t = hd->nblocks;
-    if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */
-	msb++;
+    lsb = t << 6; /* multiply by 64 to make a byte count */
     msb += t >> 26;
     t = lsb;
     if( (lsb = t + hd->count) < t ) /* add the count */
 	msb++;
     t = lsb;
-    if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */
-	msb++;
+    lsb = t << 3; /* multiply by 8 to make a bit count */
     msb += t >> 29;
 
     if( hd->count < 56 ) { /* enough room */
diff -ur gnupg-1.0.4/cipher/old/rmd160.c gnupg-1.0.4/cipher/rmd160.c
--- gnupg-1.0.4/cipher/old/rmd160.c	Fri Jan 14 19:25:56 2000
+++ gnupg-1.0.4/cipher/rmd160.c	Mon Mar 26 16:55:24 2001
@@ -463,15 +463,13 @@
 
     msb = 0;
     t = hd->nblocks;
-    if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */
-	msb++;
+    lsb = t << 6; /* multiply by 64 to make a byte count */
     msb += t >> 26;
     t = lsb;
     if( (lsb = t + hd->count) < t ) /* add the count */
 	msb++;
     t = lsb;
-    if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */
-	msb++;
+    lsb = t << 3; /* multiply by 8 to make a bit count */
     msb += t >> 29;
 
     if( hd->count < 56 ) { /* enough room */
diff -ur gnupg-1.0.4/cipher/old/sha1.c gnupg-1.0.4/cipher/sha1.c
--- gnupg-1.0.4/cipher/old/sha1.c	Wed Oct  4 16:50:34 2000
+++ gnupg-1.0.4/cipher/sha1.c	Mon Mar 26 16:54:51 2001
@@ -256,15 +256,13 @@
 
     msb = 0;
     t = hd->nblocks;
-    if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */
-	msb++;
+    lsb = t << 6; /* multiply by 64 to make a byte count */
     msb += t >> 26;
     t = lsb;
     if( (lsb = t + hd->count) < t ) /* add the count */
 	msb++;
     t = lsb;
-    if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */
-	msb++;
+    lsb = t << 3; /* multiply by 8 to make a bit count */
     msb += t >> 29;
 
     if( hd->count < 56 ) { /* enough room */
diff -ur gnupg-1.0.4/cipher/old/tiger.c gnupg-1.0.4/cipher/tiger.c
--- gnupg-1.0.4/cipher/old/tiger.c	Fri Jan 14 19:25:56 2000
+++ gnupg-1.0.4/cipher/tiger.c	Mon Mar 26 16:54:16 2001
@@ -807,15 +807,13 @@
 
     msb = 0;
     t = hd->nblocks;
-    if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */
-	msb++;
+    lsb = t << 6; /* multiply by 64 to make a byte count */
     msb += t >> 26;
     t = lsb;
     if( (lsb = t + hd->count) < t ) /* add the count */
 	msb++;
     t = lsb;
-    if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */
-	msb++;
+    lsb = t << 3; /* multiply by 8 to make a bit count */
     msb += t >> 29;
 
     if( hd->count < 56 ) { /* enough room */
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (WIN32/Cygwin)

iEYEARECAAYFAjq/UvkACgkQMFpNUS4lDGSKmQCfcueSoQCJplH8vCGaC9OYFZeJ
dE4AnimQDYY1zFVQSzwZzMhAoBwOzwwH
=7DXR
-----END PGP SIGNATURE-----

== <EOF> ==
Disastry  http://i.am/disastry/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
 ^-GPG for Win32 (supports loadable modules and IDEA)
 ^-PGP 2.6.3ia-multi02 (supports IDEA,CAST5,BLOWFISH,TWOFISH,AES,3DES,MD5,SHA1)



More information about the Gnupg-devel mailing list