mirror of
git://git.gnupg.org/gnupg.git
synced 2025-03-28 22:49:59 +01:00
gpg: Print a warning when importing a bad cv25519 secret key.
* g10/import.c (transfer_secret_keys): Add simple check. -- Note that the requirement for a set high bit is not yet checked. GnuPG-bug-id: 5464
This commit is contained in:
Werner Koch
parent
18e94c7229
commit
dbfb7f809b
18
g10/import.c
18
g10/import.c
@ -2566,7 +2566,6 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
|
|||||||
gcry_sexp_release (curve);
|
gcry_sexp_release (curve);
|
||||||
err = gcry_sexp_build (&curve, NULL, "(curve %s)",
|
err = gcry_sexp_build (&curve, NULL, "(curve %s)",
|
||||||
curvename?curvename:curvestr);
|
curvename?curvename:curvestr);
|
||||||
xfree (curvestr);
|
|
||||||
if (!err)
|
if (!err)
|
||||||
{
|
{
|
||||||
j = 0;
|
j = 0;
|
||||||
@ -2583,7 +2582,24 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
|
|||||||
else
|
else
|
||||||
put_membuf_str (&mbuf, " _ %m");
|
put_membuf_str (&mbuf, " _ %m");
|
||||||
format_args[j++] = pk->pkey + i;
|
format_args[j++] = pk->pkey + i;
|
||||||
|
|
||||||
|
/* Simple hack to print a warning for an invalid key
|
||||||
|
* in case of cv25519. We have only opaque MPIs here. */
|
||||||
|
if (pk->pubkey_algo == PUBKEY_ALGO_ECDH
|
||||||
|
&& !strcmp (curvestr, "1.3.6.1.4.1.3029.1.5.1")
|
||||||
|
&& gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
|
||||||
|
{
|
||||||
|
const unsigned char *pp;
|
||||||
|
unsigned int nn;
|
||||||
|
|
||||||
|
pp = gcry_mpi_get_opaque (pk->pkey[i], &nn);
|
||||||
|
nn = (nn+7)/8;
|
||||||
|
if (pp && nn && (pp[nn-1] & 7))
|
||||||
|
log_info ("warning: lower 3 bits of the secret key"
|
||||||
|
" are not cleared\n");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
xfree (curvestr);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user