From 1d472e4934b889c3ccd99ce61d8b5bdc1bf0d5ee Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 23 Nov 2023 16:04:52 +0100 Subject: [PATCH] scd:openpgp: Print a diagnostic for the use of default ECDH params. * scd/app-openpgp.c (ecc_writekey): Remove the useless check and print a diagnostic if the default params are used. -- Note that here in 2.2 we use different default ECDH parameters than in 2.4 (AES192 instead of AES256 for 384 bit curves). GnuPG-bug-id: 6378 --- scd/app-openpgp.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index f2f99333a..6e4aa5808 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -355,6 +355,7 @@ do_deinit (app_t app) * we do not need this if the buffer has been allocated in secure * memory. However at some places we can't make that sure and thus we * better to an extra wipe here. */ +#if 0 /* Not yet used. */ static void wipe_and_free (void *p, size_t len) { @@ -365,10 +366,11 @@ wipe_and_free (void *p, size_t len) xfree (p); } } - +#endif /* Similar to wipe_and_free but assumes P is eitehr NULL or a proper * string. */ +#if 0 /* Not yet used. */ static void wipe_and_free_string (char *p) { @@ -378,7 +380,7 @@ wipe_and_free_string (char *p) xfree (p); } } - +#endif /* Wrapper around iso7816_get_data which first tries to get the data from the cache. With GET_IMMEDIATE passed as true, the cache is @@ -4487,20 +4489,15 @@ ecc_writekey (app_t app, ctrl_t ctrl, else algo = PUBKEY_ALGO_ECDSA; - /* Not provided by GnuPG 2.2 - take the default value. */ if (algo == PUBKEY_ALGO_ECDH && !ecdh_param) { + /* In case this is used by older clients we fallback to our + * default ecc parameters. */ + log_info ("opgp: using default ecdh parameters\n"); ecdh_param = ecdh_params (curve); ecdh_param_len = 4; } - if (algo == PUBKEY_ALGO_ECDH && !ecdh_param) - { - log_error ("opgp: ecdh parameters missing\n"); - err = gpg_error (GPG_ERR_INV_VALUE); - goto leave; - } - oidstr = openpgp_curve_to_oid (curve, &n, NULL); ecc_d_fixed_len = (n+7)/8; err = openpgp_oid_from_str (oidstr, &oid);