Hi! > call to gcry_mpi_get_opaque() already sets the correct bit length > (i.e. accounting for the highest 5 bits to be zero). Then the > subsequent code again subtracts 5 from nbits, effectively reducing the
Good catch and my fault from 2015. That code is not anymore used because we switched to sos_write for ECC parameters in 2020. However, in theory GnuPG versions 2.1.5 to 2.2.20 may have produced produced incorrect MPIs when writing ECC parameters. Fortunately the mpi read function has always rounded up to full bytes, the gcry_sexp_nth_mpi, used to parse the s-expressions, either produced a plain MPI or when requested to create an opaque MPI, the bit value was also rounded up to full bytes. > byte count by one. The written MPI is thus one byte too short. I am pretty sure this would have been noticed ;-) Fixed with: https://dev.gnupg.org/rG2372f6a4035cefd5ac1852e95dc50de89cc73af6 Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
