From d8be4a97cc18b33978df789adfc676cd5d748a10 Mon Sep 17 00:00:00 2001 From: mancha Date: Sun, 29 Sep 2013 Subject: Fix problem when using libgcrypt 1.5.0+ Fix GnuTLS to not rely on a bug present in libgcrypt before 1.5.0 in gcry_sexp_nth_mpi(). Relevant discussion: -------------------- https://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00006.html --- pk-libgcrypt.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) --- a/lib/pk-libgcrypt.c 2013-09-27 +++ b/lib/pk-libgcrypt.c 2013-09-27 @@ -112,7 +112,7 @@ _wrap_gcry_pk_encrypt (gnutls_pk_algorit goto cleanup; } - res = gcry_sexp_nth_mpi (list, 1, 0); + res = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); if (res == NULL) { @@ -202,7 +202,7 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorit goto cleanup; } - res = gcry_sexp_nth_mpi (s_plain, 0, 0); + res = gcry_sexp_nth_mpi (s_plain, 0, GCRYMPI_FMT_USG); if (res == NULL) { gnutls_assert (); @@ -327,7 +327,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_ goto cleanup; } - res[0] = gcry_sexp_nth_mpi (list, 1, 0); + res[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); list = gcry_sexp_find_token (s_sig, "s", 0); @@ -338,7 +338,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_ goto cleanup; } - res[1] = gcry_sexp_nth_mpi (list, 1, 0); + res[1] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); ret = _gnutls_encode_ber_rs (signature, res[0], res[1]); @@ -360,7 +360,7 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_ goto cleanup; } - res[0] = gcry_sexp_nth_mpi (list, 1, 0); + res[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); ret = _gnutls_mpi_dprint (res[0], signature); @@ -559,7 +559,7 @@ _dsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[0] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); list = gcry_sexp_find_token (key, "q", 0); @@ -570,7 +570,7 @@ _dsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[1] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[1] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); list = gcry_sexp_find_token (key, "g", 0); @@ -581,7 +581,7 @@ _dsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[2] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[2] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); list = gcry_sexp_find_token (key, "y", 0); @@ -592,7 +592,7 @@ _dsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[3] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[3] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); @@ -604,7 +604,7 @@ _dsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[4] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[4] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); gcry_sexp_release (key); @@ -653,7 +653,7 @@ _rsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[0] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); list = gcry_sexp_find_token (key, "e", 0); @@ -664,7 +664,7 @@ _rsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[1] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[1] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); list = gcry_sexp_find_token (key, "d", 0); @@ -675,7 +675,7 @@ _rsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[2] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[2] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); list = gcry_sexp_find_token (key, "p", 0); @@ -686,7 +686,7 @@ _rsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[3] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[3] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); @@ -698,7 +698,7 @@ _rsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[4] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[4] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); @@ -710,7 +710,7 @@ _rsa_generate_params (bigint_t * resarr, return GNUTLS_E_INTERNAL_ERROR; } - resarr[5] = gcry_sexp_nth_mpi (list, 1, 0); + resarr[5] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); gcry_sexp_release (key);