mirror of
git://git.gnupg.org/gnupg.git
synced 2025-03-20 21:29:58 +01:00
gpgsm: Support verification of nistp521 signatures.
* sm/certcheck.c (do_encode_md): Take care of nistp521. -- This curve is a bit odd in that it does not match a common hash digest length. We fix that here for just this case instead of writing more general code to support all allowed cases (i.e. hash shorter than Q). Signed-off-by: Werner Koch <wk@gnupg.org> Backported-from-master: 596212e71abf33b30608348b782c093dace83110
This commit is contained in:
parent
88335b2d5b
commit
4aed853f2b
@ -76,12 +76,15 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
|
||||
|
||||
if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC)
|
||||
{
|
||||
unsigned int qbits;
|
||||
unsigned int qbits0, qbits;
|
||||
|
||||
if ( pkalgo == GCRY_PK_ECC )
|
||||
qbits = gcry_pk_get_nbits (pkey);
|
||||
{
|
||||
qbits0 = gcry_pk_get_nbits (pkey);
|
||||
qbits = qbits0 == 521? 512 : qbits0;
|
||||
}
|
||||
else
|
||||
qbits = get_dsa_qbits (pkey);
|
||||
qbits0 = qbits = get_dsa_qbits (pkey);
|
||||
|
||||
if ( (qbits%8) )
|
||||
{
|
||||
@ -98,7 +101,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
|
||||
if (qbits < 160)
|
||||
{
|
||||
log_error (_("%s key uses an unsafe (%u bit) hash\n"),
|
||||
gcry_pk_algo_name (pkalgo), qbits);
|
||||
gcry_pk_algo_name (pkalgo), qbits0);
|
||||
return gpg_error (GPG_ERR_INTERNAL);
|
||||
}
|
||||
|
||||
@ -109,7 +112,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
|
||||
{
|
||||
log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
|
||||
(unsigned int)nframe*8,
|
||||
gcry_pk_get_nbits (pkey),
|
||||
qbits0,
|
||||
gcry_pk_algo_name (pkalgo));
|
||||
/* FIXME: we need to check the requirements for ECDSA. */
|
||||
if (nframe < 20 || pkalgo == GCRY_PK_DSA )
|
||||
|
Loading…
x
Reference in New Issue
Block a user