From d8be4a97cc18b33978df789adfc676cd5d748a10 Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Sun, 29 Sep 2013
Subject: Fix problem when using libgcrypt 1.5.0+
Fix GnuTLS to not rely on a bug present in libgcrypt before 1.5.0
in gcry_sexp_nth_mpi().
Relevant discussion:
--------------------
https://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00006.html
---
pk-libgcrypt.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
--- a/lib/pk-libgcrypt.c 2013-09-27
+++ b/lib/pk-libgcrypt.c 2013-09-27
@@ -112,7 +112,7 @@ _wrap_gcry_pk_encrypt (gnutls_pk_algorit
goto cleanup;
}
- res = gcry_sexp_nth_mpi (list, 1, 0);
+ res = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
if (res == NULL)
{
@@ -202,7 +202,7 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorit
goto cleanup;
}
- res = gcry_sexp_nth_mpi (s_plain, 0, 0);
+ res = gcry_sexp_nth_mpi (s_plain, 0, GCRYMPI_FMT_USG);
if (res == NULL)
{
gnutls_assert ();
@@ -327,7 +327,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_
goto cleanup;
}
- res[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ res[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (s_sig, "s", 0);
@@ -338,7 +338,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_
goto cleanup;
}
- res[1] = gcry_sexp_nth_mpi (list, 1, 0);
+ res[1] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
ret = _gnutls_encode_ber_rs (signature, res[0], res[1]);
@@ -360,7 +360,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_
goto cleanup;
}
- res[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ res[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
ret = _gnutls_mpi_dprint (res[0], signature);
@@ -559,7 +559,7 @@ _dsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "q", 0);
@@ -570,7 +570,7 @@ _dsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[1] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "g", 0);
@@ -581,7 +581,7 @@ _dsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[2] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "y", 0);
@@ -592,7 +592,7 @@ _dsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[3] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
@@ -604,7 +604,7 @@ _dsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[4] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
gcry_sexp_release (key);
@@ -653,7 +653,7 @@ _rsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "e", 0);
@@ -664,7 +664,7 @@ _rsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[1] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "d", 0);
@@ -675,7 +675,7 @@ _rsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[2] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "p", 0);
@@ -686,7 +686,7 @@ _rsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[3] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
@@ -698,7 +698,7 @@ _rsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[4] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
@@ -710,7 +710,7 @@ _rsa_generate_params (bigint_t * resarr,
return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[5] = gcry_sexp_nth_mpi (list, 1, 0);
+ resarr[5] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
gcry_sexp_release (key);