mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
sm: Support verification of nistp521 signatures.
* sm/certcheck.c (do_encode_md): Take care of nistp521. -- That curve is a bit odd in that it does not match a common hash digest length. We fix that here for just this case instead of writing more general code to support all allowed cases (i.e. hash shorter than Q). Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
eeb599c9e2
commit
596212e71a
@ -77,12 +77,15 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
|
|||||||
|
|
||||||
if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC)
|
if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC)
|
||||||
{
|
{
|
||||||
unsigned int qbits;
|
unsigned int qbits0, qbits;
|
||||||
|
|
||||||
if ( pkalgo == GCRY_PK_ECC )
|
if ( pkalgo == GCRY_PK_ECC )
|
||||||
qbits = gcry_pk_get_nbits (pkey);
|
{
|
||||||
|
qbits0 = gcry_pk_get_nbits (pkey);
|
||||||
|
qbits = qbits0 == 521? 512 : qbits;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
qbits = get_dsa_qbits (pkey);
|
qbits0 = qbits = get_dsa_qbits (pkey);
|
||||||
|
|
||||||
if ( (qbits%8) )
|
if ( (qbits%8) )
|
||||||
{
|
{
|
||||||
@ -99,7 +102,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
|
|||||||
if (qbits < 160)
|
if (qbits < 160)
|
||||||
{
|
{
|
||||||
log_error (_("%s key uses an unsafe (%u bit) hash\n"),
|
log_error (_("%s key uses an unsafe (%u bit) hash\n"),
|
||||||
gcry_pk_algo_name (pkalgo), qbits);
|
gcry_pk_algo_name (pkalgo), qbits0);
|
||||||
return gpg_error (GPG_ERR_INTERNAL);
|
return gpg_error (GPG_ERR_INTERNAL);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -110,7 +113,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
|
|||||||
{
|
{
|
||||||
log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
|
log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
|
||||||
(unsigned int)nframe*8,
|
(unsigned int)nframe*8,
|
||||||
gcry_pk_get_nbits (pkey),
|
qbits0,
|
||||||
gcry_pk_algo_name (pkalgo));
|
gcry_pk_algo_name (pkalgo));
|
||||||
/* FIXME: we need to check the requirements for ECDSA. */
|
/* FIXME: we need to check the requirements for ECDSA. */
|
||||||
if (nframe < 20 || pkalgo == GCRY_PK_DSA )
|
if (nframe < 20 || pkalgo == GCRY_PK_DSA )
|
||||||
|
Loading…
x
Reference in New Issue
Block a user