security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-25 22:19:59 +01:00
Code Activity

gpgsm: Support verification of nistp521 signatures.

Browse Source 
* sm/certcheck.c (do_encode_md): Take care of nistp521.
--

This curve is a bit odd in that it does not match a common hash digest
length.  We fix that here for just this case instead of writing more
general code to support all allowed cases (i.e. hash shorter than Q).

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 596212e71abf33b30608348b782c093dace83110
This commit is contained in:
Werner Koch 2022-11-15 10:46:03 +01:00
parent 88335b2d5b
commit 4aed853f2b
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sm/certcheck.c
View File

@ -76,12 +76,15 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC)
{
unsigned int qbits;
unsigned int qbits0, qbits;
if ( pkalgo == GCRY_PK_ECC )
qbits = gcry_pk_get_nbits (pkey);
{
qbits0 = gcry_pk_get_nbits (pkey);
qbits = qbits0 == 521? 512 : qbits0;
}
else
qbits = get_dsa_qbits (pkey);
qbits0 = qbits = get_dsa_qbits (pkey);
if ( (qbits%8) )
{
@ -98,7 +101,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
if (qbits < 160)
{
log_error (_("%s key uses an unsafe (%u bit) hash\n"),
gcry_pk_algo_name (pkalgo), qbits);
gcry_pk_algo_name (pkalgo), qbits0);
return gpg_error (GPG_ERR_INTERNAL);
}
@ -109,7 +112,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
{
log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
(unsigned int)nframe*8,
gcry_pk_get_nbits (pkey),
qbits0,
gcry_pk_algo_name (pkalgo));
/* FIXME: we need to check the requirements for ECDSA. */
if (nframe < 20 || pkalgo == GCRY_PK_DSA )