Page MenuHome GnuPG

ntbtls: use of shorter hash for ECC
Closed, ResolvedPublic

Description

Need to check the TLS protocol spec., but it seems that rejecting shorter hash algo for ECC may be wrong.

The point in question is:

diff --git a/src/pkglue.c b/src/pkglue.c
index af8cf92..44de028 100644
--- a/src/pkglue.c
+++ b/src/pkglue.c
@@ -152,8 +152,10 @@ _ntbtls_pk_verify (x509_cert_t chain, pk_algo_t pk_alg, md_algo_t md_alg,
           {
             debug_msg (1, "a %u bit hash is not valid for a %u bit ECC key",
                        (unsigned int)hashlen*8, qbits);
+#if 0
             err = gpg_error (GPG_ERR_DIGEST_ALGO);
             goto leave;
+#endif
           }
 
         if (hashlen > qbits/8)

I ran the command ntbtls-cli --debug 999 dev.gnupg.org which has ECDSA key with NIST P-384, and it fails without the change above.

Event Timeline

gniibe triaged this task as Normal priority.Jul 6 2022, 6:57 AM
gniibe created this task.

There is a description: https://datatracker.ietf.org/doc/html/rfc8422#section-5.10

It seems that it's OK to use SHA256 for ECDSA with secpr384 (as dev.gnupg.org does).

So, I'm going to remove the restriction from NtbTLS.

Pushed the change.

werner changed the task status from Open to Testing.Sep 22 2022, 10:53 AM
werner removed a project: Restricted Project.
werner added a subscriber: werner.

Well, even out new versions.gnupg.org uses a shorter hash. Better get that released asap.

werner moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Sep 18 2023, 4:03 PM
aheinecke added a subscriber: aheinecke.

So the last thing to do here would be an NTBTLS release? Then we should make sure not to forget to do that?

Yeah we should do an ntbtls release. As a core library it does no matter much which workboard we use. Let's remove it the vsd tag.