From 98bc6f480ac973dccce90378dc021a2e24e58704 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Tue, 27 Sep 2016 14:01:18 +0900 Subject: [PATCH] agent: Allow only specific digest size for ECDSA. * agent/pksign.c (do_encode_dsa): Fix validation of digest size. -- Thanks to Steven Noonan who offers patches and a test case. GnuPG-bug-id: 2702 Signed-off-by: NIIBE Yutaka --- agent/pksign.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/agent/pksign.c b/agent/pksign.c index 9011be2e9..17f270490 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -189,25 +189,21 @@ do_encode_dsa (const byte *md, size_t mdlen, int pkalgo, gcry_sexp_t pkey, return gpg_error (GPG_ERR_INV_LENGTH); } + /* ECDSA 521 is special has it is larger than the largest hash + we have (SHA-512). Thus we chnage the size for further + processing to 512. */ + if (pkalgo == GCRY_PK_ECDSA && qbits > 512) + qbits = 512; + /* Check if we're too short. Too long is safe as we'll - * automatically left-truncate. - * - * This check would require the use of SHA512 with ECDSA 512. I - * think this is overkill to fail in this case. Therefore, relax - * the check, but only for ECDSA keys. We may need to adjust it - * later for general case. (Note that the check is really a bug for - * ECDSA 521 as the only hash that matches it is SHA 512, but 512 < - * 521 ). - */ - if (mdlen < ((pkalgo==GCRY_PK_ECDSA && qbits > 521) ? 512 : qbits)/8) + automatically left-truncate. */ + if (mdlen < qbits/8) { log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"), mdlen*8, gcry_pk_get_nbits (pkey), gcry_pk_algo_name (pkalgo)); - /* FIXME: we need to check the requirements for ECDSA. */ - if (mdlen < 20 || pkalgo == GCRY_PK_DSA) - return gpg_error (GPG_ERR_INV_LENGTH); + return gpg_error (GPG_ERR_INV_LENGTH); } /* Truncate. */