[git] KSBA - branch, master, updated. libksba-1.3.5-36-g5d9278f
by NIIBE Yutaka
cvs at cvs.gnupg.org
Tue Feb 26 07:11:44 CET 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".
The branch, master has been updated
via 5d9278f3d13050eddd68d8a1c490274a4f631f5f (commit)
from 98882064f45778927d38c6fdbe008f5858b36813 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5d9278f3d13050eddd68d8a1c490274a4f631f5f
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Tue Feb 26 15:01:25 2019 +0900
Fixing ECDSA, support EdDSA signatures in CSRs.
* src/certreq.c (ksba_certreq_set_sig_val): Remove MSB handling of
0x80 for ECDSA, because it is done by GnuPG.
Distinguishing EdDSA signature in libgcrypt format, make a signature
simply concatinate r and s.
--
RFC 8410 specifies EdDSA signature is just concatination of R and S.
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
diff --git a/src/certreq.c b/src/certreq.c
index 5c730a7..ff0ea0a 100644
--- a/src/certreq.c
+++ b/src/certreq.c
@@ -411,6 +411,7 @@ ksba_certreq_set_sig_val (ksba_certreq_t cr, ksba_const_sexp_t sigval)
char *buf = NULL;
unsigned long n, len;
int pass, nparam;
+ int is_EdDSA = 0;
if (!cr)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -445,6 +446,8 @@ ksba_certreq_set_sig_val (ksba_certreq_t cr, ksba_const_sexp_t sigval)
return gpg_error (GPG_ERR_ENOMEM);
memcpy (cr->sig_val.algo, s, n);
cr->sig_val.algo[n] = 0;
+ if (!memcmp (s, "eddsa", 5))
+ is_EdDSA = 1;
}
s += n;
@@ -465,7 +468,7 @@ ksba_certreq_set_sig_val (ksba_certreq_t cr, ksba_const_sexp_t sigval)
if (pass == 3)
{
size_t needed = len;
- if (nparam > 1)
+ if (!is_EdDSA && nparam > 1)
needed += _ksba_ber_count_tl (TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, len);
xfree (cr->sig_val.value);
@@ -475,7 +478,7 @@ ksba_certreq_set_sig_val (ksba_certreq_t cr, ksba_const_sexp_t sigval)
cr->sig_val.valuelen = needed;
buf = cr->sig_val.value;
- if (nparam > 1)
+ if (!is_EdDSA && nparam > 1)
buf += _ksba_ber_encode_tl (buf, TYPE_SEQUENCE,
CLASS_UNIVERSAL, 1, len);
}
@@ -498,26 +501,25 @@ ksba_certreq_set_sig_val (ksba_certreq_t cr, ksba_const_sexp_t sigval)
nparam++;
else if (pass == 2)
{
- if (nparam > 1)
- len += _ksba_ber_count_tl (TYPE_INTEGER, CLASS_UNIVERSAL, 0,
- *s >= 0x80? n + 1 : n)
- + (*s >= 0x80? n + 1 : n);
+ if (is_EdDSA)
+ len += n;
+ else if (nparam > 1)
+ len += _ksba_ber_count_tl (TYPE_INTEGER, CLASS_UNIVERSAL, 0, n)
+ + n;
else
len += (n > 1 && !*s)? n - 1 : n;
}
else if (pass == 3)
{
- if (nparam > 1)
+ if (is_EdDSA)
{
- if (*s >= 0x80)
- { /* Add leading zero byte. */
- buf += _ksba_ber_encode_tl (buf, TYPE_INTEGER,
- CLASS_UNIVERSAL, 0, n + 1);
- *buf++ = 0;
- }
- else
- buf += _ksba_ber_encode_tl (buf, TYPE_INTEGER,
- CLASS_UNIVERSAL, 0, n);
+ memcpy (buf, s, n);
+ buf += n;
+ }
+ else if (nparam > 1)
+ {
+ buf += _ksba_ber_encode_tl (buf, TYPE_INTEGER,
+ CLASS_UNIVERSAL, 0, n);
memcpy (buf, s, n);
buf += n;
}
-----------------------------------------------------------------------
Summary of changes:
src/certreq.c | 34 ++++++++++++++++++----------------
1 file changed, 18 insertions(+), 16 deletions(-)
hooks/post-receive
--
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org
More information about the Gnupg-commits
mailing list