fixes after rebasing

TJ-91 · TJ-91 · commit ae08ba230580 · 2025-07-14T12:09:17.000+02:00
diff --git a/slhdsa_pk_tmp b/slhdsa_pk_tmp
diff --git a/slhdsa_sk_tmp b/slhdsa_sk_tmp
diff --git a/src/lib/crypto/ec_curves.cpp b/src/lib/crypto/ec_curves.cpp
@@ -259,29 +259,38 @@ static const Curve ec_curves[] = {
   {PGP_CURVE_ED448,
    255,
    {0x2B, 0x65, 0x71},
-   "Ed25519",
-   "Ed25519",
+   "Ed448",
+   "Ed448",
    true,
-   "",
-   "",
-   "",
-   "",
-   "",
-   "",
-   ""},
+   "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+   "FFFFFFFFFFFFFFFFFFFFFFFF",
+   "0x01",
+   "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+   "FFFFFFFFFFFFFFFFFFFF6756",
+   "0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7CCA23E9C44EDB49AED63690216CC272"
+   "8DC58F552378C292AB5844F3",
+   "0x4F1970C66BED0DED221D15A622BF36DA9E146570470F1767EA6DE324A3D3A46412AE1AF72AB66511433B80E1"
+   "8B00938E2626A82BC70CC05E",
+   "0x693F46716EB6BC248876203756C9C7624BEA73736CA3984087789C1E05A0C2D73AD3FF1CE67C39C4FDBD132C"
+   "4ED7C8AD9808795BF230FA14",
+   "0x08"},
   {PGP_CURVE_448,
    448,
    {0x2B, 0x65, 0x6F},
    "curve25519",
    "Curve25519",
    true,
-   "",
-   "",
-   "",
-   "",
-   "",
-   "",
-   ""},
+   "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+   "FFFFFFFFFFFFFFFFFFFFFFFF",
+   "0x98A9",
+   "0x01",
+   "0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7CCA23E9C44EDB49AED63690216CC272"
+   "8DC58F552378C292AB5844F3",
+   "0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+   "000000000000000000000005",
+   "0x7D235D1295F5B1F66C98AB6E58326FCECBAE5D34F55545D060F75DC28DF3F6EDB8027E2346430D211312C4B1"
+   "50677AF76FD7223D457B5B1A",
+   "0x04"},
 #endif
 };
 
diff --git a/src/lib/crypto/exdsa_ecdhkem.cpp b/src/lib/crypto/exdsa_ecdhkem.cpp
@@ -80,7 +80,7 @@ ecdh_kem_public_key_t::botan_key_ecdh(rnp::RNG *rng) const
     assert(curve_ >= PGP_CURVE_NIST_P_256 && curve_ <= PGP_CURVE_P256K1);
 
     auto            ec_desc = pgp::ec::Curve::get(curve_);
-    Botan::EC_Group group   = Botan::EC_Group::from_name(ec_desc->botan_name);
+    Botan::EC_Group group = Botan::EC_Group::from_name(ec_desc->botan_name);
     return Botan::ECDH_PublicKey(group, Botan::EC_AffinePoint(group, key_).to_legacy_point());
 }
 
@@ -263,7 +263,7 @@ exdsa_public_key_t::botan_key() const
 {
     // format: 04 | X | Y
     auto            ec_desc = pgp::ec::Curve::get(curve_);
-    Botan::EC_Group group   = Botan::EC_Group::from_name(ec_desc->botan_name);
+    Botan::EC_Group group = Botan::EC_Group::from_name(ec_desc->botan_name);
     return Botan::ECDSA_PublicKey(group, Botan::EC_AffinePoint(group, key_).to_legacy_point());
 }
 
diff --git a/src/lib/crypto/signatures.cpp b/src/lib/crypto/signatures.cpp
@@ -175,7 +175,7 @@ signature_validate(const pgp::pkt::Signature & sig,
     if (!key.sig_hash_allowed(hash.alg())) {
         RNP_LOG("The signature's digest size is below the minimum digest size required for "
                 "that key.");
-        return RNP_ERROR_SIGNATURE_INVALID;
+        res.add_error(RNP_ERROR_SIG_HASH_ALG_MISMATCH);
     }
 
     /* Finalize hash */
diff --git a/src/lib/enc_material.cpp b/src/lib/enc_material.cpp
@@ -180,36 +180,35 @@ X25519EncMaterial::write(pgp_packet_body_t &pkt) const
 bool
 X448EncMaterial::parse(pgp_packet_body_t &pkt) noexcept
 {
-        auto ec_desc = ec::Curve::get(PGP_CURVE_448);
-        enc.eph_key.resize(BITS_TO_BYTES(ec_desc->bitlen));
-        if (!pkt.get(enc.eph_key.data(), enc.eph_key.size())) {
-            RNP_LOG("failed to parse X448 PKESK (eph. pubkey)");
-            return false;
-        }
-        uint8_t sess_len;
-        if (!pkt.get(sess_len)) {
-            RNP_LOG("failed to parse X448 PKESK (enc sesskey length)");
-            return false;
-        }
-        /* get plaintext salg if PKESKv3 */
-        if (version == PGP_PKSK_V3) {
-            uint8_t                bt = 0;
-            if (!pkt.get(bt)) {
-                RNP_LOG("failed to get salg");
-                return false;
-            }
-            sess_len--;
-            salg = (pgp_symm_alg_t) bt;
-        }
-        enc.enc_sess_key.resize(sess_len);
-        if (!pkt.get(enc.enc_sess_key.data(), sess_len)) {
-            RNP_LOG("failed to parse X448 PKESK (enc sesskey)");
+    auto ec_desc = ec::Curve::get(PGP_CURVE_448);
+    enc.eph_key.resize(BITS_TO_BYTES(ec_desc->bitlen));
+    if (!pkt.get(enc.eph_key.data(), enc.eph_key.size())) {
+        RNP_LOG("failed to parse X448 PKESK (eph. pubkey)");
+        return false;
+    }
+    uint8_t sess_len;
+    if (!pkt.get(sess_len)) {
+        RNP_LOG("failed to parse X448 PKESK (enc sesskey length)");
+        return false;
+    }
+    /* get plaintext salg if PKESKv3 */
+    if (version == PGP_PKSK_V3) {
+        uint8_t bt = 0;
+        if (!pkt.get(bt)) {
+            RNP_LOG("failed to get salg");
             return false;
         }
-        return true;
+        sess_len--;
+        salg = (pgp_symm_alg_t) bt;
+    }
+    enc.enc_sess_key.resize(sess_len);
+    if (!pkt.get(enc.enc_sess_key.data(), sess_len)) {
+        RNP_LOG("failed to parse X448 PKESK (enc sesskey)");
+        return false;
+    }
+    return true;
 }
 
-
 void
 X448EncMaterial::write(pgp_packet_body_t &pkt) const
 {
diff --git a/src/lib/fingerprint.cpp b/src/lib/fingerprint.cpp
@@ -109,9 +109,9 @@ Fingerprint::size_valid(size_t size) noexcept
     return (size == PGP_FINGERPRINT_V4_SIZE) || (size == PGP_FINGERPRINT_V3_SIZE) ||
            (size == PGP_FINGERPRINT_V5_SIZE)
 #if defined(ENABLE_CRYPTO_REFRESH)
-            || PGP_FINGERPRINT_V6_SIZE
+           || (size == PGP_FINGERPRINT_V6_SIZE)
 #endif
-        ;
+      ;
 }
 
 const KeyID &
diff --git a/src/lib/generate-key.cpp b/src/lib/generate-key.cpp
@@ -44,61 +44,6 @@ static const uint8_t DEFAULT_COMPRESS_ALGS[] = {
 static const uint8_t DEFAULT_AEAD_ALGS[] = {PGP_AEAD_OCB};
 #endif
 
-static const id_str_pair pubkey_alg_map[] = {
-  {PGP_PKA_RSA, "RSA (Encrypt or Sign)"},
-  {PGP_PKA_RSA_ENCRYPT_ONLY, "RSA Encrypt-Only"},
-  {PGP_PKA_RSA_SIGN_ONLY, "RSA Sign-Only"},
-  {PGP_PKA_ELGAMAL, "Elgamal (Encrypt-Only)"},
-  {PGP_PKA_DSA, "DSA"},
-  {PGP_PKA_ECDH, "ECDH"},
-  {PGP_PKA_ECDSA, "ECDSA"},
-  {PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN, "Reserved (formerly Elgamal Encrypt or Sign"},
-  {PGP_PKA_RESERVED_DH, "Reserved for Diffie-Hellman (X9.42)"},
-  {PGP_PKA_EDDSA, "EdDSA"},
-  {PGP_PKA_SM2, "SM2"},
-#if defined(ENABLE_CRYPTO_REFRESH)
-  {PGP_PKA_ED25519, "ED25519"},
-  {PGP_PKA_X25519, "X25519"},
-  {PGP_PKA_ED448, "ED448"},
-  {PGP_PKA_X448, "X448"},
-#endif
-#if defined(ENABLE_PQC)
-  {PGP_PKA_KYBER768_X25519, "ML-KEM-768_X25519"},
-  {PGP_PKA_KYBER1024_X448, "ML-KEM-1024_X448"},
-  {PGP_PKA_KYBER768_P256, "ML-KEM-768_P256"},
-  {PGP_PKA_KYBER1024_P384, "ML-KEM-1024_P384"},
-  {PGP_PKA_KYBER768_BP256, "ML-KEM-768_BP256"},
-  {PGP_PKA_KYBER1024_BP384, "ML-KEM-1024_BP384"},
-  {PGP_PKA_DILITHIUM3_ED25519, "ML-DSA-65_ED25519"},
-  {PGP_PKA_DILITHIUM5_ED448, "ML-DSA-87_ED448"},
-  {PGP_PKA_DILITHIUM3_P256, "ML-DSA-65_P256"},
-  {PGP_PKA_DILITHIUM5_P384, "ML-DSA-87_P384"},
-  {PGP_PKA_DILITHIUM3_BP256, "ML-DSA-65_BP256"},
-  {PGP_PKA_DILITHIUM5_BP384, "ML-DSA-87_BP384"},
-  {PGP_PKA_SPHINCSPLUS_SHAKE_128f, "SLH-DSA-SHAKE-128f"},
-  {PGP_PKA_SPHINCSPLUS_SHAKE_128s, "SLH-DSA-SHAKE-128s"},
-  {PGP_PKA_SPHINCSPLUS_SHAKE_256s, "SLH-DSA-SHAKE-256s"},
-  {PGP_PKA_PRIVATE00, "Private/Experimental"},
-  {PGP_PKA_PRIVATE01, "Private/Experimental"},
-  {PGP_PKA_PRIVATE02, "Private/Experimental"},
-  {PGP_PKA_PRIVATE03, "Private/Experimental"},
-  {PGP_PKA_PRIVATE04, "Private/Experimental"},
-  {PGP_PKA_PRIVATE10, "Private/Experimental"},
-#else
-  {PGP_PKA_PRIVATE00, "Private/Experimental"},
-  {PGP_PKA_PRIVATE01, "Private/Experimental"},
-  {PGP_PKA_PRIVATE02, "Private/Experimental"},
-  {PGP_PKA_PRIVATE03, "Private/Experimental"},
-  {PGP_PKA_PRIVATE04, "Private/Experimental"},
-  {PGP_PKA_PRIVATE05, "Private/Experimental"},
-  {PGP_PKA_PRIVATE06, "Private/Experimental"},
-  {PGP_PKA_PRIVATE07, "Private/Experimental"},
-  {PGP_PKA_PRIVATE08, "Private/Experimental"},
-  {PGP_PKA_PRIVATE09, "Private/Experimental"},
-  {PGP_PKA_PRIVATE10, "Private/Experimental"},
-#endif
-  {0, NULL}};
-
 static bool
 load_generated_g10_key(pgp_key_t *           dst,
                        pgp_key_pkt_t *       newkey,
diff --git a/src/lib/key.cpp b/src/lib/key.cpp
@@ -115,15 +115,6 @@ pgp_decrypt_seckey(const Key &                    key,
     }
 }
 
-static const id_str_pair ss_rr_code_map[] = {
-  {PGP_REVOCATION_NO_REASON, "No reason specified"},
-  {PGP_REVOCATION_SUPERSEDED, "Key is superseded"},
-  {PGP_REVOCATION_COMPROMISED, "Key material has been compromised"},
-  {PGP_REVOCATION_RETIRED, "Key is retired and no longer used"},
-  {PGP_REVOCATION_NO_LONGER_VALID, "User ID information is no longer valid"},
-  {0x00, NULL},
-};
-
 bool
 Key::write_sec_pgp(pgp_dest_t &       dst,
                    pgp_key_pkt_t &    seckey,
diff --git a/src/lib/key.hpp b/src/lib/key.hpp
@@ -142,8 +142,8 @@ class Key {
     bool             can_encrypt() const noexcept;
     bool             has_secret() const noexcept;
 #if defined(ENABLE_PQC)
-    bool             is_pqc() const noexcept;
-    static bool      is_pqc_alg(pgp_pubkey_alg_t alg);
+    bool        is_pqc() const noexcept;
+    static bool is_pqc_alg(pgp_pubkey_alg_t alg);
 #endif
     /**
      * @brief Check whether key is usable for the specified operation.
diff --git a/src/lib/key_material.hpp b/src/lib/key_material.hpp
@@ -472,12 +472,12 @@ class Ed25519KeyMaterial : public KeyMaterial {
     void           write(pgp_packet_body_t &pkt) const override;
     void           write_secret(pgp_packet_body_t &pkt) const override;
     bool           generate(rnp::SecurityContext &ctx, const KeyParams &params) override;
-    rnp_result_t   verify(const rnp::SecurityContext &       ctx,
-                          const pgp_signature_material_t &   sig,
-                          const rnp::secure_vector<uint8_t> &hash) const override;
-    rnp_result_t   sign(rnp::SecurityContext &             ctx,
-                        pgp_signature_material_t &         sig,
-                        const rnp::secure_vector<uint8_t> &hash) const override;
+    rnp_result_t   verify(const rnp::SecurityContext &ctx,
+                          const SigMaterial &         sig,
+                          const rnp::secure_bytes &   hash) const override;
+    rnp_result_t   sign(rnp::SecurityContext &   ctx,
+                        SigMaterial &            sig,
+                        const rnp::secure_bytes &hash) const override;
     pgp_hash_alg_t adjust_hash(pgp_hash_alg_t hash) const override;
     bool           sig_hash_allowed(pgp_hash_alg_t hash) const override;
     size_t         bits() const noexcept override;
@@ -534,12 +534,12 @@ class Ed448KeyMaterial : public KeyMaterial {
     void           write(pgp_packet_body_t &pkt) const override;
     void           write_secret(pgp_packet_body_t &pkt) const override;
     bool           generate(rnp::SecurityContext &ctx, const KeyParams &params) override;
-    rnp_result_t   verify(const rnp::SecurityContext &       ctx,
-                          const pgp_signature_material_t &   sig,
-                          const rnp::secure_vector<uint8_t> &hash) const override;
-    rnp_result_t   sign(rnp::SecurityContext &             ctx,
-                        pgp_signature_material_t &         sig,
-                        const rnp::secure_vector<uint8_t> &hash) const override;
+    rnp_result_t   verify(const rnp::SecurityContext &ctx,
+                          const SigMaterial &         sig,
+                          const rnp::secure_bytes &   hash) const override;
+    rnp_result_t   sign(rnp::SecurityContext &   ctx,
+                        SigMaterial &            sig,
+                        const rnp::secure_bytes &hash) const override;
     pgp_hash_alg_t adjust_hash(pgp_hash_alg_t hash) const override;
     bool           sig_hash_allowed(pgp_hash_alg_t hash) const override;
 
@@ -630,12 +630,12 @@ class DilithiumEccKeyMaterial : public KeyMaterial {
     void           write(pgp_packet_body_t &pkt) const override;
     void           write_secret(pgp_packet_body_t &pkt) const override;
     bool           generate(rnp::SecurityContext &ctx, const KeyParams &params) override;
-    rnp_result_t   verify(const rnp::SecurityContext &       ctx,
-                          const pgp_signature_material_t &   sig,
-                          const rnp::secure_vector<uint8_t> &hash) const override;
-    rnp_result_t   sign(rnp::SecurityContext &             ctx,
-                        pgp_signature_material_t &         sig,
-                        const rnp::secure_vector<uint8_t> &hash) const override;
+    rnp_result_t   verify(const rnp::SecurityContext &ctx,
+                          const SigMaterial &         sig,
+                          const rnp::secure_bytes &   hash) const override;
+    rnp_result_t   sign(rnp::SecurityContext &   ctx,
+                        SigMaterial &            sig,
+                        const rnp::secure_bytes &hash) const override;
     pgp_hash_alg_t adjust_hash(pgp_hash_alg_t hash) const override;
     bool           sig_hash_allowed(pgp_hash_alg_t hash) const override;
     size_t         bits() const noexcept override;
@@ -661,12 +661,12 @@ class SlhdsaKeyMaterial : public KeyMaterial {
     void           write(pgp_packet_body_t &pkt) const override;
     void           write_secret(pgp_packet_body_t &pkt) const override;
     bool           generate(rnp::SecurityContext &ctx, const KeyParams &params) override;
-    rnp_result_t   verify(const rnp::SecurityContext &       ctx,
-                          const pgp_signature_material_t &   sig,
-                          const rnp::secure_vector<uint8_t> &hash) const override;
-    rnp_result_t   sign(rnp::SecurityContext &             ctx,
-                        pgp_signature_material_t &         sig,
-                        const rnp::secure_vector<uint8_t> &hash) const override;
+    rnp_result_t   verify(const rnp::SecurityContext &ctx,
+                          const SigMaterial &         sig,
+                          const rnp::secure_bytes &   hash) const override;
+    rnp_result_t   sign(rnp::SecurityContext &   ctx,
+                        SigMaterial &            sig,
+                        const rnp::secure_bytes &hash) const override;
     pgp_hash_alg_t adjust_hash(pgp_hash_alg_t hash) const override;
     bool           sig_hash_allowed(pgp_hash_alg_t hash) const override;
     size_t         bits() const noexcept override;
diff --git a/src/lib/sec_profile.cpp b/src/lib/sec_profile.cpp
@@ -204,8 +204,9 @@ SecurityContext::SecurityContext() : time_(0), prov_state_(NULL), rng(RNG::Type:
     profile.add_rule(
       {FeatureType::Cipher, PGP_SA_BLOWFISH, SecurityLevel::Insecure, 1727730000});
 #if defined(ENABLE_CRYPTO_REFRESH)
-    /* Mark RIPEMD insecure */
-    profile.add_rule({FeatureType::Hash, PGP_HASH_RIPEMD, SecurityLevel::Insecure, 1727730000});
+    /* Mark RIPEMD insecure since 2024-01-19 by default */
+    profile.add_rule(
+      {FeatureType::Hash, PGP_HASH_RIPEMD, SecurityLevel::Insecure, 1705629600});
 #endif
 }
 
diff --git a/src/lib/sig_material.hpp b/src/lib/sig_material.hpp
@@ -118,8 +118,9 @@ class DilithiumSigMaterial : public SigMaterial {
 class SlhdsaSigMaterial : public SigMaterial {
   public:
     pgp_sphincsplus_signature_t sig;
-    pgp_pubkey_alg_t palg;
-    SlhdsaSigMaterial(pgp_pubkey_alg_t apalg, pgp_hash_alg_t ahalg) : SigMaterial(ahalg), palg(apalg){};
+    pgp_pubkey_alg_t            palg;
+    SlhdsaSigMaterial(pgp_pubkey_alg_t apalg, pgp_hash_alg_t ahalg)
+        : SigMaterial(ahalg), palg(apalg){};
 
     bool parse(pgp_packet_body_t &pkt) noexcept override;
     void write(pgp_packet_body_t &pkt) const override;
diff --git a/src/librepgp/stream-dump.cpp b/src/librepgp/stream-dump.cpp
@@ -1277,8 +1277,7 @@ DumpContextDst::dump_pk_session_key()
     case PGP_PKA_X448: {
         auto &x448 = dynamic_cast<const X448EncMaterial &>(*material).enc;
         dst_print_vec(dst, "x448 ephemeral public key", x448.eph_key, dump_mpi);
-        dst_print_vec(
-          dst, "x448 encrypted session key", x448.enc_sess_key, dump_mpi);
+        dst_print_vec(dst, "x448 encrypted session key", x448.enc_sess_key, dump_mpi);
         break;
     }
 #endif
diff --git a/src/librepgp/stream-packet.h b/src/librepgp/stream-packet.h
@@ -222,7 +222,7 @@ typedef struct pgp_one_pass_sig_t {
     pgp_pubkey_alg_t palg{};
     pgp::KeyID       keyid{};
 #if defined(ENABLE_CRYPTO_REFRESH)
-    pgp::Fingerprint    fp{};
+    pgp::Fingerprint     fp{};
     std::vector<uint8_t> salt{};
 #endif
     unsigned nested{};
diff --git a/src/librepgp/stream-write.cpp b/src/librepgp/stream-write.cpp
@@ -1023,7 +1023,8 @@ init_encrypted_dst(rnp_ctx_t &ctx, pgp_dest_t &dst, pgp_dest_t &writedst)
 #if defined(ENABLE_CRYPTO_REFRESH)
     /* in the case of PKESK (pkeycount > 0) and all keys are PKESKv6/SEIPDv2 capable, upgrade
      * to AEADv2 */
-    if (ctx.enable_pkesk_v6 && ctx.pkeskv6_capable(&ctx.key_provider) && !ctx.recipients.empty()) {
+    if (ctx.enable_pkesk_v6 && ctx.pkeskv6_capable(&ctx.key_provider) &&
+        !ctx.recipients.empty()) {
         param->auth_type = rnp::AuthType::AEADv2;
     }
 #endif
@@ -1556,8 +1557,8 @@ init_signed_dst(rnp_ctx_t &ctx, pgp_dest_t &dst, pgp_dest_t &writedst)
 
     /* Getting signer's infos, writing one-pass signatures if needed */
     for (auto &sg : ctx.signers) {
-        ret = signed_add_signer(
-          *param, sg, param->ctx->sec_ctx.rng, &sg == &ctx.signers.back());
+        ret =
+          signed_add_signer(*param, sg, param->ctx->sec_ctx.rng, &sg == &ctx.signers.back());
         if (ret) {
             RNP_LOG("failed to add one-pass signature for signer");
             goto finish;
diff --git a/src/tests/cipher.cpp b/src/tests/cipher.cpp
diff --git a/src/tests/ffi-key.cpp b/src/tests/ffi-key.cpp

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ ecdh_kem_public_key_t::botan_key_ecdh(rnp::RNG *rng) const`
`80`	`80`	`assert(curve_ >= PGP_CURVE_NIST_P_256 && curve_ <= PGP_CURVE_P256K1);`
`81`	`81`
`82`	`82`	`auto ec_desc = pgp::ec::Curve::get(curve_);`
`83`		`- Botan::EC_Group group = Botan::EC_Group::from_name(ec_desc->botan_name);`
	`83`	`+ Botan::EC_Group group = Botan::EC_Group::from_name(ec_desc->botan_name);`
`84`	`84`	`return Botan::ECDH_PublicKey(group, Botan::EC_AffinePoint(group, key_).to_legacy_point());`
`85`	`85`	`}`
`86`	`86`
`@@ -263,7 +263,7 @@ exdsa_public_key_t::botan_key() const`
`263`	`263`	`{`
`264`	`264`	`// format: 04 \| X \| Y`
`265`	`265`	`auto ec_desc = pgp::ec::Curve::get(curve_);`
`266`		`- Botan::EC_Group group = Botan::EC_Group::from_name(ec_desc->botan_name);`
	`266`	`+ Botan::EC_Group group = Botan::EC_Group::from_name(ec_desc->botan_name);`
`267`	`267`	`return Botan::ECDSA_PublicKey(group, Botan::EC_AffinePoint(group, key_).to_legacy_point());`
`268`	`268`	`}`
`269`	`269`
Original file line number	Diff line number	Diff line change
`@@ -175,7 +175,7 @@ signature_validate(const pgp::pkt::Signature & sig,`
`175`	`175`	`if (!key.sig_hash_allowed(hash.alg())) {`
`176`	`176`	`RNP_LOG("The signature's digest size is below the minimum digest size required for "`
`177`	`177`	`"that key.");`
`178`		`- return RNP_ERROR_SIGNATURE_INVALID;`
	`178`	`+ res.add_error(RNP_ERROR_SIG_HASH_ALG_MISMATCH);`
`179`	`179`	`}`
`180`	`180`
`181`	`181`	`/* Finalize hash */`