mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-09 23:39:51 +02:00
dirmngr: Fix verification of ECDSA signed CRLs.
* dirmngr/crlcache.c (finish_sig_check): Use raw value for the data.
--
This had the usual signed/unsigned problem. By using the modern form
we enforce Libgcrypt internal parsing as unsigned integer.
(cherry picked from commit 868dabb402
)
This commit is contained in:
parent
afaed3c122
commit
1307081dc0
|
@ -1841,9 +1841,10 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
|
|||
if (n > qbits/8)
|
||||
n = qbits/8;
|
||||
|
||||
err = gcry_sexp_build (&s_hash, NULL, "%b",
|
||||
err = gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))",
|
||||
(int)n,
|
||||
gcry_md_read (md, algo));
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -1862,7 +1863,7 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
|
|||
/* Pass this on to the signature verification. */
|
||||
err = gcry_pk_verify (s_sig, s_hash, s_pkey);
|
||||
if (DBG_X509)
|
||||
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err));
|
||||
log_debug ("%s: gcry_pk_verify: %s\n", __func__, gpg_strerror (err));
|
||||
|
||||
leave:
|
||||
xfree (sigval);
|
||||
|
|
|
@ -1172,7 +1172,7 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
|
|||
if (!err)
|
||||
err = gcry_pk_verify (s_sig, s_hash, s_pkey);
|
||||
if (DBG_X509)
|
||||
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err));
|
||||
log_debug ("%s: gcry_pk_verify: %s\n", __func__, gpg_strerror (err));
|
||||
|
||||
leave:
|
||||
gcry_md_close (md);
|
||||
|
|
Loading…
Reference in New Issue
Block a user