1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-08 23:37:47 +02:00

sm: Revert to use SHA-1 for CSR generation.

* sm/certreqgen.c (create_request): Revert to use SHA-1 but change to
set it only at one place.
--

Regression-due-to: bdf439035d
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-07-27 11:28:31 +02:00
parent 376417ab63
commit 35d3ced4fd
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -587,7 +587,13 @@ proc_parameters (ctrl_t ctrl,
/* Parameters are checked, the key pair has been created. Now /* Parameters are checked, the key pair has been created. Now
generate the request and write it out */ generate the request and write it out.
Note: We use SHA-1 here because Libksba hash a shortcut to use
assume that if SIG_VAL uses as algo the string "rsa". To fix that
we would need to replace that string by an appropriate OID. We
leave this change for 2.1.
*/
static int static int
create_request (ctrl_t ctrl, create_request (ctrl_t ctrl,
struct para_data_s *para, struct para_data_s *para,
@ -597,6 +603,7 @@ create_request (ctrl_t ctrl,
{ {
ksba_certreq_t cr; ksba_certreq_t cr;
gpg_error_t err; gpg_error_t err;
int hashalgo = GCRY_MD_SHA1;
gcry_md_hd_t md; gcry_md_hd_t md;
ksba_stop_reason_t stopreason; ksba_stop_reason_t stopreason;
int rc = 0; int rc = 0;
@ -611,7 +618,7 @@ create_request (ctrl_t ctrl,
if (err) if (err)
return err; return err;
rc = gcry_md_open (&md, GCRY_MD_SHA256, 0); rc = gcry_md_open (&md, hashalgo, 0);
if (rc) if (rc)
{ {
log_error ("md_open failed: %s\n", gpg_strerror (rc)); log_error ("md_open failed: %s\n", gpg_strerror (rc));
@ -792,10 +799,10 @@ create_request (ctrl_t ctrl,
if (carddirect) if (carddirect)
rc = gpgsm_scd_pksign (ctrl, carddirect, NULL, rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
gcry_md_read(md, GCRY_MD_SHA1), gcry_md_read (md, hashalgo),
gcry_md_get_algo_dlen (GCRY_MD_SHA1), gcry_md_get_algo_dlen (hashalgo),
GCRY_MD_SHA1, hashalgo,
&sigval, &siglen); &sigval, &siglen);
else else
{ {
char *orig_codeset; char *orig_codeset;
@ -808,9 +815,9 @@ create_request (ctrl_t ctrl,
" more.\n")); " more.\n"));
i18n_switchback (orig_codeset); i18n_switchback (orig_codeset);
rc = gpgsm_agent_pksign (ctrl, hexgrip, desc, rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
gcry_md_read(md, GCRY_MD_SHA1), gcry_md_read(md, hashalgo),
gcry_md_get_algo_dlen (GCRY_MD_SHA1), gcry_md_get_algo_dlen (hashalgo),
GCRY_MD_SHA1, hashalgo,
&sigval, &siglen); &sigval, &siglen);
xfree (desc); xfree (desc);
} }