diff options
| author | Andrey Jivsov <openpgp@brainhub.org> | 2011-01-13 06:14:45 +0100 |
|---|---|---|
| committer | Andrey Jivsov <openpgp@brainhub.org> | 2011-01-13 06:14:45 +0100 |
| commit | b73d8ed06ffef8d2fd70ab2e48da9ef515472fe9 (patch) | |
| tree | 1f9b06bf3bbf7647235f6080dca2abcb013f35b5 /g10/seskey.c | |
| parent | 'g10/gpg2 --encrypt --debug 15 -r ecdsa -a -o _e.asc _' and 'g10/gpg2 --deb... (diff) | |
| download | gnupg2-b73d8ed06ffef8d2fd70ab2e48da9ef515472fe9.tar.xz gnupg2-b73d8ed06ffef8d2fd70ab2e48da9ef515472fe9.zip | |
Fixed key generation with P-521. Confirmed that signature generation and verification work.
Diffstat (limited to 'g10/seskey.c')
| -rw-r--r-- | g10/seskey.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/g10/seskey.c b/g10/seskey.c index 4cc9158c9..e50cf5c02 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -288,7 +288,6 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) * Therefore, relax the check, but only for ECDSA keys. We may need to adjust it later for general case. * ( Note that the check will never pass for ECDSA 521 anyway as the only hash that intended to match it is SHA 512, but 512 < 521 ). */ - //if (gcry_md_get_algo_dlen (hash_algo) < qbytes ) if (gcry_md_get_algo_dlen (hash_algo) < ((gcry_pkalgo==GCRY_PK_ECDSA && qbytes>(521)/8) ? 512/8 : qbytes) ) { log_error (_("%s key %s requires a %zu bit or larger hash, used hash-algo=%d\n"), @@ -297,8 +296,9 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) return NULL; } + /* Note that in case of ECDSA 521 hash is always smaller than the key size */ if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG, - gcry_md_read (md, hash_algo), qbytes, &qbytes)) + gcry_md_read (md, hash_algo), gcry_md_get_algo_dlen (hash_algo), &qbytes)) BUG(); } else |