Fwd: EccGnuPG Bug Report

Hi,

To day I receive a bug report. The affected functions are
not in the Libgcrypt 
port. The solution was discussed also to day with Timo, but
the patch is not 
yet. Sorry, I will do as soon as possible.

This bad use of the wipememory() function can be found in
sha256_hashing() and 
aes256_{encrypting,decrypting}() functions.

Oh, this bug affect also the other branch, the 0.1.

Thanks Timo

/Sergi.

----------  Missatge reenviat  ----------

Subject: EccGnuPG Bug Report
Date: Divendres, 30 de Març de 2007 13:20
From: Timo Schulz <twoadaygmx.net>
To: d4372211alumnes.eup.udl.es

Hi,

based on your 0.2.0beta1 patch, I'm couldn't find any
information
that this problem has been reported before, there is a 'bug'
in
the way you use the wipememory function:

byte *hash_input_buf;

wipememory( hash_inp_buf, sizeof hash_inp_buf );


actually it should be
wipememory (hash_inp_buf, nbytes);
otherwise only sizeof (unsigned char *) == (4 or 8)
bytes would be overwritten.


	Timo

-------------------------------------------------------


_______________________________________________
Gnupg-devel mailing list
Gnupg-develgnupg.org
h
ttp://lists.gnupg.org/mailman/listinfo/gnupg-devel

Maybe, is there a solution (or this is what I want to try).

The problem was in the call to wipememory(_ptr,_len),
exactly in the _len 
parameter. With an 'sizeof _ptr', could be some
architectures where it does 
not work fine.

A candidate to patch is:
http://www.calcurco.cat/eccGnuPG/src/gnupg
-1.4.7-ecc0.2.0beta2rc1.diff
http://www.calcurco.cat/eccGnuPG/src/gnupg-1.4.
7-ecc0.1.7rc1.diff

As far as I know, the call to 'mpi_get_secure_buffer(MPI
a,unsigned 
*nbytes,int *sign)' that returns the pointer that will be
wiped, also show 
the size with in 'nbytes'. Then a call like
'wipememory(hash_inp_buf,nbytes)' 
had the data from a previous call 
like
'hash_inp_buf=mpi_get_secure_buffer(input,&nbytes,&s
ign);', isn't it?

Only one doubt. In the function 'sha256_hashing()' use two
vbles related with 
this problem: 'byte *hash_inp_buf;' and 'byte
hash_out_buf[32];'. The first 
one, use this call to 'mpi_get_secure_buffer()' does not
need it. IMHO I 
should be enough with
'wipememory(hash_out_buf,32*sizeof(byte));', isn't it?

I will wait for your comments

/Sergi.

A Divendres, 30 de Març de 2007 23:19, Sergi Blanch i Torne
va escriure:
> Hi,
>
> To day I receive a bug report. The affected functions
are not in the
> Libgcrypt port. The solution was discussed also to day
with Timo, but the
> patch is not yet. Sorry, I will do as soon as
possible.
>
> This bad use of the wipememory() function can be found
in sha256_hashing()
> and aes256_{encrypting,decrypting}() functions.
>
> Oh, this bug affect also the other branch, the 0.1.
>
> Thanks Timo
>
> /Sergi.
>
> ----------  Missatge reenviat  ----------
>
> Subject: EccGnuPG Bug Report
> Date: Divendres, 30 de Març de 2007 13:20
> From: Timo Schulz <twoadaygmx.net>
> To: d4372211alumnes.eup.udl.es
>
> Hi,
>
> based on your 0.2.0beta1 patch, I'm couldn't find any
information
> that this problem has been reported before, there is a
'bug' in
> the way you use the wipememory function:
>
> byte *hash_input_buf;
>
> wipememory( hash_inp_buf, sizeof hash_inp_buf );
>
>
> actually it should be
> wipememory (hash_inp_buf, nbytes);
> otherwise only sizeof (unsigned char *) == (4 or 8)
> bytes would be overwritten.
>
>
> 	Timo
>
>
-------------------------------------------------------
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-develgnupg.org
> h
ttp://lists.gnupg.org/mailman/listinfo/gnupg-devel

_______________________________________________
Gnupg-devel mailing list
Gnupg-develgnupg.org
h
ttp://lists.gnupg.org/mailman/listinfo/gnupg-devel