gpg --import segfaults on a specific key

[Werner Koch]

On Wed, 16 Apr 2014 12:53, hanno at hboeck.de said:

> I already posted this to the gcrypt-devel list, but seems there isn't
> much activity and I don't know if this is a bug in libgcrypt or gnupg,

Sorry for delaying this.  I just looked at it and found a fix.  See below.

> I can reproduce it on another system with libgcrypt 1.5.3. Both are

I have not yet analyzed why it also crashes with libgcrypt 1.5.3.  1.5.3
still knows about RSA_S (3).  Anyway the patch to GnupG 2.0 fixes it.
GnuPG master is not affected due to an explict OpenPGP/Libgcrypt
algorithm mapping table.


Salam-Shalom,

   Werner


====
>From efecbb7a3f0c32ea40db3a050c89f288550b05c2 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk at gnupg.org>
Date: Tue, 15 Apr 2014 16:40:48 +0200
Subject: [PATCH] gpg: Fix use of deprecated RSA_E and RSA_E with newer
 libgcrypts.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/misc.c (pubkey_get_npkey): Map RSA_E and RSA_S to RSA.
(pubkey_get_nskey): Ditto.
(pubkey_get_nsig): Ditto.
(pubkey_get_nenc): Ditto.
(pubkey_nbits): Take care of RSA_E and RSA_S.
--

The problem was that parse_key did not know about RSA_S and thus used
an opaque MPI which later crashed Libgcrypt. It is possible to fix
that also in Libgcrypt but we better do it here as well.

A test key using RSA_S is 0x98EEB6F7D87171CF.

Reported-by: Hanno Böck
---
 g10/misc.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/g10/misc.c b/g10/misc.c
index 9b7c8ab..82a13aa 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1359,6 +1359,9 @@ pubkey_get_npkey( int algo )
 
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
+  else if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
+    algo = GCRY_PK_RSA;
+
   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
                          GCRYCTL_GET_ALGO_NPKEY, NULL, &n))
     n = 0;
@@ -1379,6 +1382,9 @@ pubkey_get_nskey( int algo )
 
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
+  else if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
+    algo = GCRY_PK_RSA;
+
   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
                          GCRYCTL_GET_ALGO_NSKEY, NULL, &n ))
     n = 0;
@@ -1399,6 +1405,9 @@ pubkey_get_nsig( int algo )
 
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
+  else if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
+    algo = GCRY_PK_RSA;
+
   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
                          GCRYCTL_GET_ALGO_NSIGN, NULL, &n))
     n = 0;
@@ -1419,6 +1428,9 @@ pubkey_get_nenc( int algo )
 
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
+  else if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
+    algo = GCRY_PK_RSA;
+
   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
                          GCRYCTL_GET_ALGO_NENCR, NULL, &n ))
     n = 0;
@@ -1443,7 +1455,9 @@ pubkey_nbits( int algo, gcry_mpi_t *key )
 			      "(public-key(elg(p%m)(g%m)(y%m)))",
 				  key[0], key[1], key[2] );
     }
-    else if( algo == GCRY_PK_RSA ) {
+    else if (algo == GCRY_PK_RSA
+             || algo == GCRY_PK_RSA_S
+             || algo == GCRY_PK_RSA_E ) {
 	rc = gcry_sexp_build ( &sexp, NULL,
 			      "(public-key(rsa(n%m)(e%m)))",
 				  key[0], key[1] );
-- 
1.8.4.3


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.