security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

Fix the previous commit. 

* g10/ecdh.c (kek_params_table): Revert the change.
* scd/app-openpgp.c (ecdh_params): Use CIPHER_ALGO_AES256
for 384-bit key.

--

Avoiding CIPHER_ALGO_AES192 is intentional here.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2019-03-14 08:23:38 +09:00
parent af3efd149f
commit f199b627ce
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
g10/ecdh.c
View File

@ -39,7 +39,7 @@ static const struct
/* Note: Must be sorted by ascending values for QBITS. */ /* Note: Must be sorted by ascending values for QBITS. */
{ {
{ 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES }, { 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES },
{ 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES192 }, { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 },
/* Note: 528 is 521 rounded to the 8 bit boundary */ /* Note: 528 is 521 rounded to the 8 bit boundary */
{ 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 } { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 }

6
scd/app-openpgp.c
View File

@ -1448,13 +1448,13 @@ ecdh_params (const char *curve)
/* See RFC-6637 for those constants. /* See RFC-6637 for those constants.
0x03: Number of bytes 0x03: Number of bytes
0x01: Version for this parameter format 0x01: Version for this parameter format
KDF hash algo KEK digest algorithm
KEK symmetric cipher algo KEK cipher algorithm
*/ */
if (nbits <= 256) if (nbits <= 256)
return (const unsigned char*)"\x03\x01\x08\x07"; return (const unsigned char*)"\x03\x01\x08\x07";
else if (nbits <= 384) else if (nbits <= 384)
return (const unsigned char*)"\x03\x01\x09\x08"; return (const unsigned char*)"\x03\x01\x09\x09";
else else
return (const unsigned char*)"\x03\x01\x0a\x09"; return (const unsigned char*)"\x03\x01\x0a\x09";
} }