1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Ignore personal_digest_prefs for ECDSA keys.

* g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
--

GnuPG-bug-id: 5021
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-08-13 11:19:22 +02:00
parent d516ae685e
commit 53d84f9815
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -597,7 +597,7 @@ openpgp_card_v1_p (PKT_public_key *pk)
} }
/* Get a matching hash algorithm for DSA and ECDSA. */
static int static int
match_dsa_hash (unsigned int qbytes) match_dsa_hash (unsigned int qbytes)
{ {
@ -674,9 +674,13 @@ hash_for (PKT_public_key *pk)
160-bit hash unless --enable-dsa2 is set, in which case act 160-bit hash unless --enable-dsa2 is set, in which case act
like a new DSA key that just happens to have a 160-bit q like a new DSA key that just happens to have a 160-bit q
(i.e. allow truncation). If q is not 160, by definition it (i.e. allow truncation). If q is not 160, by definition it
must be a new DSA key. */ must be a new DSA key. We ignore the personal_digest_prefs
for ECDSA because they should always macth the curve and
truncated hashes are not useful either. Even worse,
smartcards may reject non matching hash lengths for curves
(e.g. using SHA-512 with brainpooolP385r1 on a Yubikey). */
if (opt.personal_digest_prefs) if (pk->pubkey_algo == PUBKEY_ALGO_DSA && opt.personal_digest_prefs)
{ {
prefitem_t *prefs; prefitem_t *prefs;