diff options
| author | Katsuhiro Ueno <uenobk@gmail.com> | 2018-02-07 10:46:54 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2018-02-14 14:49:47 +0100 |
| commit | 29aac7798085ee38da5107698618890ae7593c96 (patch) | |
| tree | 6bacacbfae81c75109528c55075895aa6374ca66 /sm/export.c | |
| parent | common: Use new function to print status strings. (diff) | |
| download | gnupg2-29aac7798085ee38da5107698618890ae7593c96.tar.xz gnupg2-29aac7798085ee38da5107698618890ae7593c96.zip | |
sm: Fix a wrong key parameter in an exported private key file
* sm/export.c (sexp_to_kparms): Fix the computation of array[6],
which must be 'd mod (q-1)' but was 'p mod (q-1)'.
--
This bug is not serious but makes some consistency checks fail.
For example, 'openssl rsa -check' reports the following error:
$ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX
$ openssl rsa -check -noout -inform DER -in my.key
RSA key error: dmq1 not congruent to d
--
Let me(wk) add this:
This bug was introduced with
Fixes-commit: 91056b1976bfb7b755e53b1302f4ede2b5cbc05d
right at the start of GnuPG 2.1 in July 2010. Before that (in 2.0) we
used gpg-protect-tool which got it right. We probably never noticed
this because gpgsm, and maybe other tools too, fix things up during
import.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to '')
| -rw-r--r-- | sm/export.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sm/export.c b/sm/export.c index 29a5ac32e..a8c9a4afc 100644 --- a/sm/export.c +++ b/sm/export.c @@ -603,7 +603,7 @@ sexp_to_kparms (gcry_sexp_t sexp) array[6] = gcry_mpi_snew (0); /* compute d mod (p-1) */ gcry_mpi_sub_ui (array[6], array[4], 1); - gcry_mpi_mod (array[6], array[3], array[6]); + gcry_mpi_mod (array[6], array[2], array[6]); return array; } |