[PATCH gnupg] sm: Fix a wrong key parameter in an exported private key file

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH gnupg] sm: Fix a wrong key parameter in an exported private key file

Katsuhiro Ueno
* sm/export.c (sexp_to_kparms): Fix the computation of array[6],
which must be 'd mod (q-1)' but was 'p mod (q-1)'.
--

This bug is not serious but makes some consistency checks fail.
For example, 'openssl rsa -check' reports the following error:

$ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX
$ openssl rsa -check -noout -inform DER -in my.key
RSA key error: dmq1 not congruent to d
---
 sm/export.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sm/export.c b/sm/export.c
index 29a5ac3..a8c9a4a 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -603,7 +603,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
 
   array[6] = gcry_mpi_snew (0);  /* compute d mod (p-1) */
   gcry_mpi_sub_ui (array[6], array[4], 1);
-  gcry_mpi_mod (array[6], array[3], array[6]);
+  gcry_mpi_mod (array[6], array[2], array[6]);
 
   return array;
 }
--
2.16.1


_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH gnupg] sm: Fix a wrong key parameter in an exported private key file

Werner Koch
On Wed,  7 Feb 2018 10:46, [hidden email] said:
> * sm/export.c (sexp_to_kparms): Fix the computation of array[6],
> which must be 'd mod (q-1)' but was 'p mod (q-1)'.

Very good catch.  Thanks.  I added this comment:

    This bug was introduced with
    Fixes-commit: 91056b1976bfb7b755e53b1302f4ede2b5cbc05d
    right at the start of GnuPG 2.1 in July 2010.  Before that (in 2.0) we
    used gpg-protect-tool which got it right.  We probably never noticed
    this because gpgsm, and maybe other tools too, fix things up during
    import.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

attachment0 (233 bytes) Download Attachment