From 6344fec232cdd0e9d821a0b17e480494f4dcfd4b Mon Sep 17 00:00:00 2001 From: Michael Schroeder Date: Mon, 22 Apr 2024 12:54:32 +0200 Subject: [PATCH] Support NIST P-521 Conflict:don't modify digest_libgcrypt.c;modify digest_openssl.c in rpmio; Reference:https://github.com/rpm-software-management/rpmpgp_legacy/commit/6344fec232cdd0e9d821a0b17e480494f4dcfd4b Because the standard says we SHOULD. --- rpmio/digest_openssl.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c index 662b469..42eec66 100644 --- a/rpmio/digest_openssl.c +++ b/rpmio/digest_openssl.c @@ -556,6 +556,13 @@ static int constructECDSASigningKey(struct pgpDigKeyECDSA_s *key, int curve) OSSL_PARAM_END }; key->evp_pkey = construct_pkey_from_param(EVP_PKEY_EC, params); + } else if (curve == PGPCURVE_NIST_P_521) { + OSSL_PARAM params[] = { + OSSL_PARAM_utf8_string("group", "P-521", 5), + OSSL_PARAM_octet_string("pub", key->q, key->qlen), + OSSL_PARAM_END + }; + key->evp_pkey = construct_pkey_from_param(EVP_PKEY_EC, params); } return key->evp_pkey ? 1 : 0; #else @@ -565,6 +572,8 @@ static int constructECDSASigningKey(struct pgpDigKeyECDSA_s *key, int curve) ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); else if (curve == PGPCURVE_NIST_P_384) ec = EC_KEY_new_by_curve_name(NID_secp384r1); + else if (curve == PGPCURVE_NIST_P_521) + ec = EC_KEY_new_by_curve_name(NID_secp521r1); if (!ec) return 0; @@ -817,6 +826,8 @@ static int pgpSupportedCurve(int algo, int curve) return 1; if (algo == PGPPUBKEYALGO_ECDSA && curve == PGPCURVE_NIST_P_384) return 1; + if (algo == PGPPUBKEYALGO_ECDSA && curve == PGPCURVE_NIST_P_521) + return 1; return 0; } -- 2.23.0