[git] GnuPG - branch, master, updated. gnupg-2.1.15-165-g98bc6f4

by NIIBE Yutaka cvs at cvs.gnupg.org
Tue Sep 27 07:08:22 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  98bc6f480ac973dccce90378dc021a2e24e58704 (commit)
      from  df5353b95eefc13135e7df50a7c197f270d6080d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 98bc6f480ac973dccce90378dc021a2e24e58704
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Sep 27 14:01:18 2016 +0900

    agent: Allow only specific digest size for ECDSA.
    
    * agent/pksign.c (do_encode_dsa): Fix validation of digest size.
    
    --
    
    Thanks to Steven Noonan <steven at uplinklabs.net> who offers patches
    and a test case.
    
    GnuPG-bug-id: 2702
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/agent/pksign.c b/agent/pksign.c
index 9011be2..17f2704 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -189,25 +189,21 @@ do_encode_dsa (const byte *md, size_t mdlen, int pkalgo, gcry_sexp_t pkey,
       return gpg_error (GPG_ERR_INV_LENGTH);
     }
 
+  /* ECDSA 521 is special has it is larger than the largest hash
+     we have (SHA-512).  Thus we chnage the size for further
+     processing to 512.  */
+  if (pkalgo == GCRY_PK_ECDSA && qbits > 512)
+    qbits = 512;
+
   /* Check if we're too short.  Too long is safe as we'll
-   * automatically left-truncate.
-   *
-   * This check would require the use of SHA512 with ECDSA 512. I
-   * think this is overkill to fail in this case.  Therefore, relax
-   * the check, but only for ECDSA keys.  We may need to adjust it
-   * later for general case.  (Note that the check is really a bug for
-   * ECDSA 521 as the only hash that matches it is SHA 512, but 512 <
-   * 521 ).
-   */
-  if (mdlen < ((pkalgo==GCRY_PK_ECDSA && qbits > 521) ? 512 : qbits)/8)
+     automatically left-truncate.  */
+  if (mdlen < qbits/8)
     {
       log_error (_("a %zu bit hash is not valid for a %u bit %s key\n"),
                  mdlen*8,
                  gcry_pk_get_nbits (pkey),
                  gcry_pk_algo_name (pkalgo));
-      /* FIXME: we need to check the requirements for ECDSA.  */
-      if (mdlen < 20 || pkalgo == GCRY_PK_DSA)
-        return gpg_error (GPG_ERR_INV_LENGTH);
+      return gpg_error (GPG_ERR_INV_LENGTH);
     }
 
   /* Truncate.  */

-----------------------------------------------------------------------

Summary of changes:
 agent/pksign.c | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list