 Up to PGP -- Pretty Good Privacy 


Serious Bug in MIT PGP 2.6.2

ViaCrypt discovered this serious bug affecting digital signatures generated by MIT PGP 2.6.2,
2.6.1, and 2.6. This bug is fixed in ViaCrypt PGP 2.7.1. 

Francis Litterio (franl@centerline.com) 


From: barnhart@crl.com (David A. Barnhart)
Newsgroups: alt.security.pgp
Subject: New 2048-bit key bug found
Date: 2 Mar 1995 15:05:53 -0800
Organization: CRL Dialup Internet Access        (415) 705-6060  [Login: guest]
Lines: 66
Message-ID: <3j5j0h$29j@crl6.crl.com>
NNTP-Posting-Host: crl6.crl.com

-----BEGIN PGP SIGNED MESSAGE-----

During the QA process for version 2.7.1 of ViaCrypt PGP,
we discovered a bug we consider to be serious.  This
bug is present in the MIT PGP versions 2.3a, 2.6, 2.6.1, 
and 2.6.2.  Because it was discovered before release, this
bug is NOT in ViaCrypt PGP version 2.7.1.

If you digitally-sign a file or a key using a key that is
2034 - 2048 bits in length, the resulting digital signature
may be corrupt.  If the signature is corrupt, the symptoms
are the same as any other signature verification failure:

    "Bad signature from user . . ."

This bug made itself apparent while were were performing
the QA on the SunOS and Solaris (SPARC) versions of
ViaCrypt PGP.  Due to the idiosyncrasies of compilers and
automatic storage layout, the bug did not manifest itself
when the MS-DOS, Windows, Macintosh, or other UNIX platforms 
were tested.

The offending line of code is in the make_signature_certificate
function in crypto.c  The line:

    byte . . . outbuf[MAX_BYTE_PRECISION];

should be changed to:

    byte . . . outbuf[MAX_BYTE_PRECISION+2];

This is because of the way that outbuf is later
used in this function:

    /* bytecount does not include the 2 prefix bytes */
    bytecount = reg2mpi(outbuf,(unitptr)outbuf);
                .
                .
                .
    for (i = 0; i < bytecount+2; i++)
        certificate[certificate_length++] = outbuf[i];


If there are any questions, please contact me at ViaCrypt.

Best Regards,
David A. Barnhart
Product Manager
ViaCrypt
9033 N. 24th Ave, Suite 7
Phoenix, AZ  85021
Phone: 602-944-0773
FAX:   602-943-2601
Orders: 800-536-2664
Internet: viacrypt@acm.org
CompuServe: 70304,41

-----BEGIN PGP SIGNATURE-----
Version: 2.7

iQCVAwUBL1ZMzWhHpCDLdoUBAQEKsAP/R/FsABgnMR47Lo4IjWFq0jKXQkERSbZr
ox7n2HbNf1CIJrVUU61t6QUOxFxU634oetvuMdY6piqOBCJliuiTyxuRrDwkg/0p
4GqdN1Nnk+bmnD5+u4dpatLRhghaW65pmLCeOsu6CrlvM9C7s+yaNUkMEZ6EtrS5
TIXwbbjMWaE=
=08VR
-----END PGP SIGNATURE-----

