Home GnuPG
Diffusion GnuPG aeed0b93ff66

gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.

Description

gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.

* g10/keydb.h (pref_hint): Change from union to struct and add field
'exact'.  Adjust callers.
* g10/pkclist.c (algo_available): Take care of the exact hint.
* g10/sign.c (sign_file): Fix indentation.  Rework the hash from
recipient prefs.

This fixes a encrypt+sign case like: One recipient key has SHA512 as
highest ranked hash preference but the the signing key is a 256 bit
curve. Because we don't want to use a truncated hash with ECDSA, we
need to have an exact match - this is in particular important for
smartcard which check that the hash matches the curves.

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Nov 13 2020, 3:43 PM
Parents
rGf400ff4e7dfb: gpgconf: Yet another fix for --apply-profile.
Branches
Unknown
Tags
Unknown