gpgsm: Support verification of nistp521 signatures.

* sm/certcheck.c (do_encode_md): Take care of nistp521.
--

This curve is a bit odd in that it does not match a common hash digest
length.  We fix that here for just this case instead of writing more
general code to support all allowed cases (i.e. hash shorter than Q).

Signed-off-by: Werner Koch <[email protected]>
Backported-from-master: 596212e71abf33b30608348b782c093dace83110

1 files changed, 8 insertions, 5 deletions

diff --git a/sm/certcheck.c b/sm/certcheck.c
index badad2fad..534f47c1b 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -76,12 +76,15 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
 
   if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECC)
     {
-      unsigned int qbits;
+      unsigned int qbits0, qbits;
 
       if ( pkalgo == GCRY_PK_ECC )
-        qbits = gcry_pk_get_nbits (pkey);
+        {
+          qbits0 = gcry_pk_get_nbits (pkey);
+          qbits = qbits0 == 521? 512 : qbits0;
+        }
       else
-        qbits = get_dsa_qbits (pkey);
+        qbits0 = qbits = get_dsa_qbits (pkey);
 
       if ( (qbits%8) )
 	{
@@ -98,7 +101,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
       if (qbits < 160)
 	{
 	  log_error (_("%s key uses an unsafe (%u bit) hash\n"),
-                     gcry_pk_algo_name (pkalgo), qbits);
+                     gcry_pk_algo_name (pkalgo), qbits0);
 	  return gpg_error (GPG_ERR_INTERNAL);
 	}
 
@@ -109,7 +112,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
         {
 	  log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
                      (unsigned int)nframe*8,
-                     gcry_pk_get_nbits (pkey),
+                     qbits0,
                      gcry_pk_algo_name (pkalgo));
           /* FIXME: we need to check the requirements for ECDSA.  */
           if (nframe < 20 || pkalgo == GCRY_PK_DSA  )