Home GnuPG
Diffusion GnuPG e37c2e184448

gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.

Description

gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.

* g10/keydb.h (pref_hint): Change from union to struct and add field
'exact'.  Adjust callers.
* g10/pkclist.c (algo_available): Take care of the exact hint.
* g10/sign.c (sign_file): Rework the hash detection from
recipient prefs.

This fixes a encrypt+sign case like: One recipient key has SHA512 as
highest ranked hash preference but the the signing key is a 256 bit
curve. Because we don't want to use a truncated hash with ECDSA, we
need to have an exact match - this is in particular important for
smartcard which check that the hash matches the curves.

Ported-from-stable: aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Nov 13 2020, 3:43 PM
Parents
rGe546cc78b759: gpgconf: Yet another fix for --apply-profile.
Branches
Unknown
Tags
Unknown