Page MenuHome GnuPG
Create Task
Maniphest T864

rsa.c:secret() may use unavailable fields
Closed, ResolvedPublic
Actions

Description

The CRT-calculation for an RSA secret key operation can only be used when the
prime factors and inverse value are available, i.e. (p && q && u). The logical
inverse of this condition is (!p || !q || !u). Seems De Morgan's wasn't
applied properly here.

Test case:
Create an RSA private key with a proper subset of {p, q, u} missing, but
otherwise complete. Call secret() (or the public interfaces that use secret)
with this key.

Details

Version
r1275

Related Objects

Event Timeline

p00ya added a subscriber: p00ya.Dec 5 2007, 3:48 AM

D49: 147_libgcrypt-rsasecret.patch

p00ya added projects: libgcrypt, Bug Report.Dec 5 2007, 3:48 AM
p00ya set Version to r1275.
werner added a subscriber: werner.Dec 5 2007, 9:56 AM

You are obviously right.

However I can't replicate the problem because the driver code in pubkey.c checks
that all required elements are available. Thus it is not possible to use RSA
without P, Q and U. I detected this while writing a regression test and will
now see how to solve the problem and allow the use of RSA with just N, E and D.

werner closed this task as Resolved.Dec 5 2007, 10:59 AM
werner claimed this task.

Okay, fixed in the trunk (r1276). Thanks.