security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00
Code Activity

Make most of the selftests work.

Browse Source 
Note that there is still a problem with tests/openpgp/sigs.test while
using the option --digest-algo SHA256.
This commit is contained in:
Werner Koch 2011-01-21 15:22:41 +01:00
parent 90b0ff23b7
commit 27929981fc
6 changed files with 29 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/ChangeLog
View File

@ -1,5 +1,7 @@
2011-01-21 Werner Koch <wk@g10code.com> 2011-01-21 Werner Koch <wk@g10code.com>
* pksign.c (do_encode_dsa): Compare MDLEN to bytes.
* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New. * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.
2010-12-02 Werner Koch <wk@g10code.com> 2010-12-02 Werner Koch <wk@g10code.com>

31
agent/pksign.c
View File

@ -119,15 +119,15 @@ do_encode_dsa (const byte * md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey,
gpg_error_t err; gpg_error_t err;
gcry_sexp_t hash; gcry_sexp_t hash;
unsigned int qbits; unsigned int qbits;
int gcry_pkalgo; int pkalgo;
*r_hash = NULL; *r_hash = NULL;
gcry_pkalgo = map_pk_openpgp_to_gcry( dsaalgo ); pkalgo = map_pk_openpgp_to_gcry (dsaalgo);
if (gcry_pkalgo == GCRY_PK_ECDSA) if (pkalgo == GCRY_PK_ECDSA)
qbits = gcry_pk_get_nbits (pkey); qbits = gcry_pk_get_nbits (pkey);
else if (gcry_pkalgo == GCRY_PK_DSA) else if (pkalgo == GCRY_PK_DSA)
qbits = get_dsa_qbits (pkey); qbits = get_dsa_qbits (pkey);
else else
return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
@ -146,25 +146,28 @@ do_encode_dsa (const byte * md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey,
if (qbits < 160) if (qbits < 160)
{ {
log_error (_("%s key uses an unsafe (%u bit) hash\n"), log_error (_("%s key uses an unsafe (%u bit) hash\n"),
gcry_pk_algo_name (gcry_pkalgo), qbits); gcry_pk_algo_name (pkalgo), qbits);
return gpg_error (GPG_ERR_INV_LENGTH); return gpg_error (GPG_ERR_INV_LENGTH);
} }
/* Check if we're too short. Too long is safe as we'll /* Check if we're too short. Too long is safe as we'll
automatically left-truncate. */ * automatically left-truncate.
*
/* This check would require the use of SHA512 with ECDSA 512. I think this is overkill to fail in this case. * This check would require the use of SHA512 with ECDSA 512. I
* Therefore, relax the check, but only for ECDSA keys. We may need to adjust it later for general case. * think this is overkill to fail in this case. Therefore, relax
* ( Note that the check is really a bug for ECDSA 521 as the only hash that matches it is SHA 512, but 512 < 521 ). * the check, but only for ECDSA keys. We may need to adjust it
* later for general case. (Note that the check is really a bug for
* ECDSA 521 as the only hash that matches it is SHA 512, but 512 <
* 521 ).
*/ */
if( mdlen < ((gcry_pkalgo==GCRY_PK_ECDSA && qbits>521) ? 512 : qbits) ) if (mdlen < ((pkalgo==GCRY_PK_ECDSA && qbits > 521) ? 512 : qbits)/8)
{ {
log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"), log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"),
mdlen, mdlen*8,
gcry_pk_get_nbits (pkey), gcry_pk_get_nbits (pkey),
gcry_pk_algo_name (gcry_pkalgo)); gcry_pk_algo_name (pkalgo));
/* FIXME: we need to check the requirements for ECDSA. */ /* FIXME: we need to check the requirements for ECDSA. */
if (mdlen < 20 || gcry_pkalgo == GCRY_PK_DSA) if (mdlen < 20 || pkalgo == GCRY_PK_DSA)
return gpg_error (GPG_ERR_INV_LENGTH); return gpg_error (GPG_ERR_INV_LENGTH);
} }

4
g10/ChangeLog
View File

@ -1,3 +1,7 @@
2011-01-21 Werner Koch <wk@g10code.com>
* misc.c (openpgp_pk_algo_name): Always use the gcrypt function.
2010-12-09 Werner Koch <wk@g10code.com> 2010-12-09 Werner Koch <wk@g10code.com>
* tdbio.c (tdbio_set_dbname) [W32CE]: Take care of missing errno. * tdbio.c (tdbio_set_dbname) [W32CE]: Take care of missing errno.

20
g10/misc.c
View File

@ -503,25 +503,7 @@ openpgp_pk_algo_usage ( int algo )
const char * const char *
openpgp_pk_algo_name (int algo) openpgp_pk_algo_name (int algo)
{ {
/* We use fixed strings to have pretty names instead of those from return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
libgcrypt. */
switch (algo)
{
case PUBKEY_ALGO_RSA:
case PUBKEY_ALGO_RSA_E:
case PUBKEY_ALGO_RSA_S: return "rsa";
case PUBKEY_ALGO_ELGAMAL:
case PUBKEY_ALGO_ELGAMAL_E: return "elg";
case PUBKEY_ALGO_DSA: return "dsa";
case PUBKEY_ALGO_ECDSA:return "ecdsa";
case PUBKEY_ALGO_ECDH: return "ecdh";
default: gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
}
} }

3
g10/sign.c
View File

@ -298,6 +298,9 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
{ {
PKT_public_key *pk = xmalloc_clear (sizeof *pk); PKT_public_key *pk = xmalloc_clear (sizeof *pk);
log_debug ("checking created signature algo=%d\n", mdalgo);
log_printhex ("md:", dp, gcry_md_get_algo_dlen (mdalgo));
if (get_pubkey (pk, sig->keyid )) if (get_pubkey (pk, sig->keyid ))
err = gpg_error (GPG_ERR_NO_PUBKEY); err = gpg_error (GPG_ERR_NO_PUBKEY);
else else

2
include/ChangeLog
View File

@ -1,6 +1,6 @@
2011-01-21 Werner Koch <wk@g10code.com> 2011-01-21 Werner Koch <wk@g10code.com>
* cipher.h (GCRY_PK_USAGE_CERT): Remove comaptibility macros * cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
because we now require libgcrypt 1.4.6. because we now require libgcrypt 1.4.6.
(GCRY_PK_ECDH): Add replacement. (GCRY_PK_ECDH): Add replacement.