Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 113521

Summary: gnupg's gpg aborts with mpi errors on valid keys, declaring keyring invalid
Product: Gentoo Linux Reporter: Phil Pennock <gentoo>
Component: Current packagesAssignee: Crypto team [DISABLED] <crypto+disabled>
Status: RESOLVED FIXED    
Severity: critical    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://marc.theaimsgroup.com/?l=gnupg-devel&m=112554412404623&w=2
Whiteboard:
Package list:
Runtime testing required: ---

Description Phil Pennock 2005-11-24 16:11:38 UTC 
"gpg --check-trustdb" fails with a keyring which worked before gnupg was updated
to 1.4.2-r2, with:
 gpg: mpi larger than indicated length (2 bytes)
 gpg: keyring_get_keyblock: read error: invalid packet
 gpg: keydb_get_keyblock failed: invalid keyring

Unfortunately, there's not enough diagnostics, even with --debug-all, to
determine which key causes the problem, but it's actually a known gnupg bug.

One of the gnupg developers has provided a fix.

Reproducible: Always
Steps to Reproduce:
1. gpg --check-trustdb    or     gpg --list-keys
2.
3.

Actual Results:  
[many fine keys, then:]
gpg: mpi larger than indicated length (2 bytes)
gpg: keyring_get_keyblock: read error: invalid packet
gpg: keydb_get_keyblock failed: invalid keyring


Expected Results:  
Listed all of the keys.

David Shaw has provided a patch: 
http://marc.theaimsgroup.com/?l=gnupg-devel&m=112554412404623&w=2

There's an attachment there, patching gnupg-1.4.2/mpi/mpicoder.c (but without
the path information) to fix this problem.

After munging that into an ebuild, I now have a gpg which works.
Comment 1 Daniel Black (RETIRED) gentoo-dev 2005-11-24 23:57:40 UTC 
interesting how its not in the cvs. grr - still looking.
Comment 2 Daniel Black (RETIRED) gentoo-dev 2005-11-25 01:35:54 UTC 
debian unstable uses same patch. 
 
added to gnupg-1.4.2-r3. Thanks Phil
Comment 3 Daniel Black (RETIRED) gentoo-dev 2005-11-25 03:36:40 UTC 
Phil I'm assuming this was a new bug in 1.4.2 that didn't exist in 1.4.1?
Comment 4 Phil Pennock 2005-11-25 05:04:02 UTC 
Correct; had 1.4.1 installed until 2005-11-23.

Under 1.4.1, some keys would be refused as part of --recv-key, with a similar
error, but everything which made it past that check onto my public keyring would
be fine.

Thanks for the prompt fix.
Comment 5 Stefano 2005-11-27 06:22:31 UTC 
I had pretty much the same problem with 1.4.2-r2:

gpg: mpi larger than indicated length (2 bytes)
gpg: keyring_get_keyblock: read error: invalid packet
gpg: keydb_get_keyblock failed: invalid keyring

I confirm it wasn't there in 1.4.1, and that upgrading to 1.4.2-r3 resolved the
problem admirably :)