Werner Koch wk at
Wed Nov 12 15:12:14 CET 2014

On Wed, 12 Nov 2014 14:28, peter at said:

> After browsing a bit in the source, I conclude that RFC 6979 is used for
> both classic DSA and ECDSA; something not immediately apparent from the
> commit message when you don't know the code.

Right.  And actually it can also be used for 2.0.  This requires a
runtime check for the libgcrypt version and to add the rfc6979 flag for
libgcrypt 1.6.  In 2.0 we have use this in g10/pkglue.c:

  if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
    BUG (); /* gcry_sexp_build should never fail.  */

it needs to be replaced with something like

  if (gcry_check_version ("1.6.0")
      err = gcry_sexp_build (&hash, NULL,
                             "(data (flags rfc6979) (hash %s %b))",
                             rfc6979_hash_algo_string (mdlen),
                             (int)mdlen, md);
    err = gcry_sexp_build (&s_hash, NULL, "%m", hash);

but the callers of that pk_sign function need to provide the hash
algorithm as well.  Thus more than a few lines need to be changed.  it
would be useful to have this for plain DSA, though.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list