Mailing List Archive: GnuPG: devel

[solved] Re: Unable to compile GnuPG 2.1 beta 3

Index | Next | Previous | View Threaded

wk at gnupg

Jan 11, 2012, 11:20 AM

Post #1 of 3 (167 views)
Permalink

[solved] Re: Unable to compile GnuPG 2.1 beta 3

Hi,

after some private mails, we finally found the bug:

commit 30ec869b8c63f1edcc58110ed20b83b0e77248f8

gpg: Fix segv with RSA_S keys.

* g10/misc.c (pubkey_get_npkey, pubkey_get_nskey)
(pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to
GCRY_PK_RSA.
--

The problem is that Libgcrypt has no more support for the alternate
RSA ids and thus if asking for the number of parameters, they will
return zero. Now, this leads to packing the key parameters into an
opaque MPI but because the algorithm id is actually known to GPG, it
assumes valid RSA parameters.

An example key with RSA_S is 0x5434509D.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

alphazo at gmail

Jan 11, 2012, 1:48 PM

Post #2 of 3 (155 views)
Permalink

Re: [solved] Re: Unable to compile GnuPG 2.1 beta 3 [In reply to]

Proposed patch fixes the problem. Thanks.

As a side note, thread is marked as solved but I still have to compile
gnupg2 with "--disable-dirmngr" ;)

I don't use X.509 certificates (yet) under GnuPG so I guess I can
leave without it.

Alphazo

On Wed, Jan 11, 2012 at 8:20 PM, Werner Koch <wk [at] gnupg> wrote:
> Hi,
>
> after some private mails, we finally found the bug:
>
> commit 30ec869b8c63f1edcc58110ed20b83b0e77248f8
>
> gpg: Fix segv with RSA_S keys.
>
> * g10/misc.c (pubkey_get_npkey, pubkey_get_nskey)
> (pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to
> GCRY_PK_RSA.
> --
>
> The problem is that Libgcrypt has no more support for the alternate
> RSA ids and thus if asking for the number of parameters, they will
> return zero. Now, this leads to packing the key parameters into an
> opaque MPI but because the algorithm id is actually known to GPG, it
> assumes valid RSA parameters.
>
> An example key with RSA_S is 0x5434509D.
>
>
> Salam-Shalom,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

Jan 12, 2012, 1:21 AM

Post #3 of 3 (163 views)
Permalink

Re: [solved] Re: Unable to compile GnuPG 2.1 beta 3 [In reply to]

On Wed, 11 Jan 2012 22:48, alphazo [at] gmail said:

> As a side note, thread is marked as solved but I still have to compile
> gnupg2 with "--disable-dirmngr" ;)

I know.

> I don't use X.509 certificates (yet) under GnuPG so I guess I can
> leave without it.

The dirmngr is also used to access keyservers in 2.1. Thus I am bretty
sure you want it.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads