Bug in g10/build-packet.c:gpg_mpi_write()

Werner Koch wk at gnupg.org
Wed Feb 21 16:25:26 CET 2024


> call to gcry_mpi_get_opaque() already sets the correct bit length
> (i.e. accounting for the highest 5 bits to be zero). Then the
> subsequent code again subtracts 5 from nbits, effectively reducing the

Good catch and my fault from 2015.  That code is not anymore used
because we switched to sos_write for ECC parameters in 2020.

However, in theory GnuPG versions 2.1.5 to 2.2.20 may have produced
produced incorrect MPIs when writing ECC parameters.

Fortunately the mpi read function has always rounded up to full bytes,
the gcry_sexp_nth_mpi, used to parse the s-expressions, either produced
a plain MPI or when requested to create an opaque MPI, the bit value was
also rounded up to full bytes.

> byte count by one. The written MPI is thus one byte too short.

I am pretty sure this would have been noticed ;-)

Fixed with:



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20240221/31fdecad/attachment.sig>

More information about the Gnupg-devel mailing list