diff options
| author | Werner Koch <[email protected]> | 2024-11-22 15:46:15 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-11-22 15:57:49 +0000 |
| commit | 8e9769337f59fd1b8f47eac5f79cb1cb569b1fe5 (patch) | |
| tree | c4c48cf1f848163e1d8851cc59e6a4c01adada79 | |
| parent | doc: Explain that qualified.txt is a legacy method. (diff) | |
| download | gnupg-8e9769337f59fd1b8f47eac5f79cb1cb569b1fe5.tar.gz gnupg-8e9769337f59fd1b8f47eac5f79cb1cb569b1fe5.zip | |
gpg: Fix comparing ed448 vs ed25519 with --assert-pubkey-algo.
* g10/keyid.c (extra_algo_strength_offset): New.
(compare_pubkey_string_part): Use the mapping.
--
GnuPG-bug-id: 7425
| -rw-r--r-- | g10/keyid.c | 19 | ||||
| -rw-r--r-- | g10/t-keyid.c | 5 |
2 files changed, 24 insertions, 0 deletions
diff --git a/g10/keyid.c b/g10/keyid.c index fab1e3a36..cf02b6f94 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -190,6 +190,23 @@ parse_one_algo_string (const char *str, size_t *pfxlen, unsigned int *number, return result; } + +/* Return an extra algo strength offset to handle peculiarities like + * ed448 > ed25519. */ +static size_t +extra_algo_strength_offset (const char *string) +{ + if (!string || !*string) + return 0; + if (!ascii_strcasecmp (string, "ed448")) + return 50000; /* (ed)50448 is larger (ed)25519. */ + if (!ascii_strcasecmp (string, "cv448")) + return 50000; /* (cv)50448 is larger (cv)25519. */ + return 0; +} + + + /* Helper for compare_pubkey_string. If BPARSED is set to 0 on * return, an error in ASTR or BSTR was found and further checks are * not possible. */ @@ -206,9 +223,11 @@ compare_pubkey_string_part (const char *astr, const char *bstr_arg, astr = parse_one_algo_string (astr, &apfxlen, &anumber, &alen, &condition); if (!astr) return 0; /* Invalid algorithm name. */ + anumber += extra_algo_strength_offset (astr); bstr = parse_one_algo_string (bstr, &bpfxlen, &bnumber, &blen, &condition); if (!bstr) return 0; /* Invalid algorithm name. */ + bnumber += extra_algo_strength_offset (bstr); *bparsed = blen + (bstr - bstr_arg); if (apfxlen != bpfxlen || ascii_strncasecmp (astr, bstr, apfxlen)) return 0; /* false. */ diff --git a/g10/t-keyid.c b/g10/t-keyid.c index d42399027..b1ae9f691 100644 --- a/g10/t-keyid.c +++ b/g10/t-keyid.c @@ -60,6 +60,11 @@ test_compare_pubkey_string (void) { "brainpoolP384r1", ">brainpoolp384r1" , 0 }, { "brainpoolP384r1", ">=brainpoolp384r1", 1 }, { "brainpoolP384r1", ">=brainpoolp384" , 1 }, + { "ed25519", ">ed448", 0 }, + { "cv25519", ">cv448", 0 }, + { "ed448", ">ed25519", 1 }, + { "ed448", ">=ed25519", 1 }, + { "cv448", ">cv25519", 1 }, { "", "", 0} }; int idx; |