security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-22 14:57:02 +01:00
Code Activity

gpgsm: Remove restriction of key generation (only RSA).

Browse Source 
* sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA.

--

This is an initial change to support ECC key generation.

GnuPG-bug-id: 4888, 6253
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 238707db8b05a385af5419e606ea5110ace31d2b
This commit is contained in:
NIIBE Yutaka 2020-03-26 11:30:58 +09:00 committed by Werner Koch
parent 1e69676981
commit 8b2c55d3c5
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
sm/certreqgen.c
View File

@ -433,6 +433,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
struct para_data_s *r;
const char *s, *string;
int i;
int algo;
unsigned int nbits;
char numbuf[20];
unsigned char keyparms[100];
@ -446,30 +447,27 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
/* Check that we have all required parameters; */
assert (get_parameter (para, pKEYTYPE, 0));
/* We can only use RSA for now. There is a problem with pkcs-10 on
how to use ElGamal because it is expected that a PK algorithm can
always be used for signing. Another problem is that on-card
generated encryption keys may not be used for signing. */
i = get_parameter_algo (para, pKEYTYPE);
if (!i && (s = get_parameter_value (para, pKEYTYPE, 0)) && *s)
/* There is a problem with pkcs-10 on how to use ElGamal because it
is expected that a PK algorithm can always be used for
signing. Another problem is that on-card generated encryption
keys may not be used for signing. */
algo = get_parameter_algo (para, pKEYTYPE);
if (!algo && (s = get_parameter_value (para, pKEYTYPE, 0)) && *s)
{
/* Hack to allow creation of certificates directly from a smart
card. For example: "Key-Type: card:OPENPGP.3". */
if (!strncmp (s, "card:", 5) && s[5])
cardkeyid = xtrystrdup (s+5);
}
if ( (i < 1 || i != GCRY_PK_RSA) && !cardkeyid )
if (algo < 1 && !cardkeyid)
{
r = get_parameter (para, pKEYTYPE, 0);
if (r)
log_error (_("line %d: invalid algorithm\n"), r?r->lnr:0);
else
log_error ("No Key-Type specified\n");
log_error (_("line %d: invalid algorithm\n"), r ? r->lnr: -1);
return gpg_error (GPG_ERR_INV_PARAMETER);
}
/* Check the keylength. NOTE: If you change this make sure that it
macthes the gpgconflist item in gpgsm.c */
matches the gpgconflist item in gpgsm.c */
if (!get_parameter (para, pKEYLENGTH, 0))
nbits = 3072;
else