Bug in g10/build-packet.c:gpg_mpi_write()

Falko Strenzke falko.strenzke at mtg.de
Wed Feb 21 11:01:54 CET 2024


I think there is a bug in GnuPG the function 

The case I observed is an opaque MPI with a leading byte 0x04. The call 
to gcry_mpi_get_opaque() already sets the correct bit length (i.e. 
accounting for the highest 5 bits to be zero). Then the subsequent code 
again subtracts 5 from nbits, effectively reducing the byte count by 
one. The written MPI is thus one byte too short.

- Falko

gpg_mpi_write (iobuf_t out, gcry_mpi_t a, unsigned int *r_nwritten)
   gpg_error_t err;
   unsigned int nwritten = 0;

   if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
       unsigned int nbits;
       const unsigned char *p;
       unsigned char lenhdr[2];

       /* gcry_log_debugmpi ("a", a); */
       p = gcry_mpi_get_opaque (a, &nbits);
       if (p)
           /* Strip leading zero bits.  */
           for (; nbits >= 8 && !*p; p++, nbits -= 8)
           if (nbits >= 8 && !(*p & 0x80))
             if (--nbits >= 7 && !(*p & 0x40))
               if (--nbits >= 6 && !(*p & 0x20))
                 if (--nbits >= 5 && !(*p & 0x10))
                   if (--nbits >= 4 && !(*p & 0x08))
                     if (--nbits >= 3 && !(*p & 0x04))
                       if (--nbits >= 2 && !(*p & 0x02))
                         if (--nbits >= 1 && !(*p & 0x01))


Dr. Falko Strenzke
Executive System Architect

Phone: +49 6151 8000 24
E-Mail: falko.strenzke at mtg.de
Web: mtg.de <https://www.mtg.de>

MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany
Commercial register: HRB 8901
Register Court: Amtsgericht Darmstadt
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz
Chairman of the Supervisory Board: Dr. Thomas Milde

This email may contain confidential and/or privileged information. If 
you are not the correct recipient or have received this email in error,
please inform the sender immediately and delete this email.Unauthorised 
copying or distribution of this email is not permitted.

Data protection information: Privacy policy 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240221/c6f81417/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240221/c6f81417/attachment.bin>

More information about the Gnupg-devel mailing list