Fwd: EccGnuPG Bug Report
Sergi Blanch i Torne
sbt at megacceso.com
Fri Mar 30 23:19:22 CEST 2007
Hi,
To day I receive a bug report. The affected functions are not in the Libgcrypt
port. The solution was discussed also to day with Timo, but the patch is not
yet. Sorry, I will do as soon as possible.
This bad use of the wipememory() function can be found in sha256_hashing() and
aes256_{encrypting,decrypting}() functions.
Oh, this bug affect also the other branch, the 0.1.
Thanks Timo
/Sergi.
---------- Missatge reenviat ----------
Subject: EccGnuPG Bug Report
Date: Divendres, 30 de Març de 2007 13:20
From: Timo Schulz <twoaday at gmx.net>
To: d4372211 at alumnes.eup.udl.es
Hi,
based on your 0.2.0beta1 patch, I'm couldn't find any information
that this problem has been reported before, there is a 'bug' in
the way you use the wipememory function:
byte *hash_input_buf;
wipememory( hash_inp_buf, sizeof hash_inp_buf );
actually it should be
wipememory (hash_inp_buf, nbytes);
otherwise only sizeof (unsigned char *) == (4 or 8)
bytes would be overwritten.
Timo
-------------------------------------------------------
More information about the Gnupg-devel
mailing list