new testsuite errors with gcrypt 1.5 and gnutls 2.17.1

Andreas Metzler ametzler at downhill.at.eu.org
Sun Jul 24 16:36:02 CEST 2011


On 2011-07-04 Andreas Metzler <ametzler at downhill.at.eu.org> wrote:
> On 2011-07-04 Werner Koch <wk at gnupg.org> wrote:
> > I see this in gnutls/lib/pk-libgcrypt.c:_wrap_gcry_pk_decrypt

> >       bigint_t res;
> >       res = gcry_sexp_nth_mpi (s_plain, 0, 0);
> >       gcry_sexp_release (s_plain);

> > This is wrong and worked only because of a bug in Libgcrypt < 1.5.0.
> [...]
> >      If you use this function to parse results of a public key function,
> >      you most likely want to use `GCRYMPI_FMT_USG'.]
[...]
> > Note that some other code uses gcry_sexp_nth_data and is thus not
> > affected by this bug fix.
[...]
> For 2.12.7 [1] and 2.10.5 [2] this fixes one test failure
> (x509self for 2.12 and x509dn for 2.10) while the other errors remain.
> Sorry I am not more helpful than that, I am not a programmer.

> [2]
> ---------------
> --- gnutls26-2.10.5.orig/lib/pk-libgcrypt.c
> +++ gnutls26-2.10.5/lib/pk-libgcrypt.c
> @@ -202,7 +202,7 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorit
>        goto cleanup;
>      }

> -  res = gcry_sexp_nth_mpi (s_plain, 0, 0);
> +  res = gcry_sexp_nth_mpi (s_plain, 0, GCRYMPI_FMT_USG);
>    if (res == NULL)
>      {
>        gnutls_assert ();
> ---------------
[...]

Hello,
Well, simply replacing all occurences of gcry_sexp_nth_mpi (..., 0) with
gcry_sexp_nth_mpi (..., GCRYMPI_FMT_USG) fixes the testsuite errors of
both gnutls 2.10.5 and 2.12.7. The other occurences of
gcry_sexp_nth_mpi are all similar to this one:

----------------------------
static int
_wrap_gcry_pk_encrypt([...])
[...]
  gcry_sexp_t s_ciph = NULL, s_data = NULL, s_pkey = NULL;
[...]
  gcry_sexp_t list;
[use gcry_sexp_build to fill s_pkey, s_ciph, s_data ]
/* pass it to libgcrypt */
  rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
[...]
  list = gcry_sexp_find_token (s_ciph, "a", 0);
  res = gcry_sexp_nth_mpi (list, 1, 0)
----------------------------

Is changing this to "res = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);"
the proper fix, or does it just seem to work accidentally?

cu andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls-2.10.5+gcrypt1.5.patch
Type: text/x-diff
Size: 4448 bytes
Desc: not available
URL: </pipermail/attachments/20110724/59552779/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls-2.12.7+gcrypt1.5.patch
Type: text/x-diff
Size: 4568 bytes
Desc: not available
URL: </pipermail/attachments/20110724/59552779/attachment-0001.patch>


More information about the Gnutls-devel mailing list