mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Make most of the selftests work.
Note that there is still a problem with tests/openpgp/sigs.test while using the option --digest-algo SHA256.
This commit is contained in:
Werner Koch
parent
90b0ff23b7
commit
27929981fc
@ -1,5 +1,7 @@
|
||||
2011-01-21 Werner Koch <wk@g10code.com>
|
||||
|
||||
* pksign.c (do_encode_dsa): Compare MDLEN to bytes.
|
||||
|
||||
* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.
|
||||
|
||||
2010-12-02 Werner Koch <wk@g10code.com>
|
||||
|
||||
@ -113,21 +113,21 @@ get_dsa_qbits (gcry_sexp_t key)
|
||||
|
||||
/* Encode a message digest for use with an DSA algorithm. */
|
||||
static gpg_error_t
|
||||
do_encode_dsa (const byte * md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey,
|
||||
do_encode_dsa (const byte *md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey,
|
||||
gcry_sexp_t *r_hash)
|
||||
{
|
||||
gpg_error_t err;
|
||||
gcry_sexp_t hash;
|
||||
unsigned int qbits;
|
||||
int gcry_pkalgo;
|
||||
int pkalgo;
|
||||
|
||||
*r_hash = NULL;
|
||||
|
||||
gcry_pkalgo = map_pk_openpgp_to_gcry( dsaalgo );
|
||||
pkalgo = map_pk_openpgp_to_gcry (dsaalgo);
|
||||
|
||||
if (gcry_pkalgo == GCRY_PK_ECDSA)
|
||||
if (pkalgo == GCRY_PK_ECDSA)
|
||||
qbits = gcry_pk_get_nbits (pkey);
|
||||
else if (gcry_pkalgo == GCRY_PK_DSA)
|
||||
else if (pkalgo == GCRY_PK_DSA)
|
||||
qbits = get_dsa_qbits (pkey);
|
||||
else
|
||||
return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
|
||||
@ -146,25 +146,28 @@ do_encode_dsa (const byte * md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey,
|
||||
if (qbits < 160)
|
||||
{
|
||||
log_error (_("%s key uses an unsafe (%u bit) hash\n"),
|
||||
gcry_pk_algo_name (gcry_pkalgo), qbits);
|
||||
gcry_pk_algo_name (pkalgo), qbits);
|
||||
return gpg_error (GPG_ERR_INV_LENGTH);
|
||||
}
|
||||
|
||||
/* Check if we're too short. Too long is safe as we'll
|
||||
automatically left-truncate. */
|
||||
|
||||
/* This check would require the use of SHA512 with ECDSA 512. I think this is overkill to fail in this case.
|
||||
* Therefore, relax the check, but only for ECDSA keys. We may need to adjust it later for general case.
|
||||
* ( Note that the check is really a bug for ECDSA 521 as the only hash that matches it is SHA 512, but 512 < 521 ).
|
||||
* automatically left-truncate.
|
||||
*
|
||||
* This check would require the use of SHA512 with ECDSA 512. I
|
||||
* think this is overkill to fail in this case. Therefore, relax
|
||||
* the check, but only for ECDSA keys. We may need to adjust it
|
||||
* later for general case. (Note that the check is really a bug for
|
||||
* ECDSA 521 as the only hash that matches it is SHA 512, but 512 <
|
||||
* 521 ).
|
||||
*/
|
||||
if( mdlen < ((gcry_pkalgo==GCRY_PK_ECDSA && qbits>521) ? 512 : qbits) )
|
||||
if (mdlen < ((pkalgo==GCRY_PK_ECDSA && qbits > 521) ? 512 : qbits)/8)
|
||||
{
|
||||
log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"),
|
||||
mdlen,
|
||||
mdlen*8,
|
||||
gcry_pk_get_nbits (pkey),
|
||||
gcry_pk_algo_name (gcry_pkalgo));
|
||||
gcry_pk_algo_name (pkalgo));
|
||||
/* FIXME: we need to check the requirements for ECDSA. */
|
||||
if (mdlen < 20 || gcry_pkalgo == GCRY_PK_DSA)
|
||||
if (mdlen < 20 || pkalgo == GCRY_PK_DSA)
|
||||
return gpg_error (GPG_ERR_INV_LENGTH);
|
||||
}
|
||||
|
||||
|
||||
@ -1,3 +1,7 @@
|
||||
2011-01-21 Werner Koch <wk@g10code.com>
|
||||
|
||||
* misc.c (openpgp_pk_algo_name): Always use the gcrypt function.
|
||||
|
||||
2010-12-09 Werner Koch <wk@g10code.com>
|
||||
|
||||
* tdbio.c (tdbio_set_dbname) [W32CE]: Take care of missing errno.
|
||||
|
||||
20
g10/misc.c
20
g10/misc.c
@ -503,25 +503,7 @@ openpgp_pk_algo_usage ( int algo )
|
||||
const char *
|
||||
openpgp_pk_algo_name (int algo)
|
||||
{
|
||||
/* We use fixed strings to have pretty names instead of those from
|
||||
libgcrypt. */
|
||||
switch (algo)
|
||||
{
|
||||
case PUBKEY_ALGO_RSA:
|
||||
case PUBKEY_ALGO_RSA_E:
|
||||
case PUBKEY_ALGO_RSA_S: return "rsa";
|
||||
|
||||
case PUBKEY_ALGO_ELGAMAL:
|
||||
case PUBKEY_ALGO_ELGAMAL_E: return "elg";
|
||||
|
||||
case PUBKEY_ALGO_DSA: return "dsa";
|
||||
|
||||
case PUBKEY_ALGO_ECDSA:return "ecdsa";
|
||||
|
||||
case PUBKEY_ALGO_ECDH: return "ecdh";
|
||||
|
||||
default: gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
|
||||
}
|
||||
return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -298,6 +298,9 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
|
||||
{
|
||||
PKT_public_key *pk = xmalloc_clear (sizeof *pk);
|
||||
|
||||
log_debug ("checking created signature algo=%d\n", mdalgo);
|
||||
log_printhex ("md:", dp, gcry_md_get_algo_dlen (mdalgo));
|
||||
|
||||
if (get_pubkey (pk, sig->keyid ))
|
||||
err = gpg_error (GPG_ERR_NO_PUBKEY);
|
||||
else
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
2011-01-21 Werner Koch <wk@g10code.com>
|
||||
|
||||
* cipher.h (GCRY_PK_USAGE_CERT): Remove comaptibility macros
|
||||
* cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
|
||||
because we now require libgcrypt 1.4.6.
|
||||
(GCRY_PK_ECDH): Add replacement.
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user