security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-22 19:58:29 +01:00
Code Activity

dirmngr: Fix verification of ECDSA signed CRLs.

Browse Source 
* dirmngr/crlcache.c (finish_sig_check): Use raw value for the data.
--

This had the usual signed/unsigned problem.  By using the modern form
we enforce Libgcrypt internal parsing as unsigned integer.

(cherry picked from commit 868dabb4027a03f4ce39be3c143b480bccde1a63)
This commit is contained in:
Werner Koch 2022-11-15 09:56:13 +01:00
parent afaed3c122
commit 1307081dc0
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dirmngr/crlcache.c
View File

@ -1841,9 +1841,10 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
if (n > qbits/8)
n = qbits/8;
err = gcry_sexp_build (&s_hash, NULL, "%b",
err = gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))",
(int)n,
gcry_md_read (md, algo));
}
else
{
@ -1862,7 +1863,7 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
/* Pass this on to the signature verification. */
err = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (DBG_X509)
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err));
log_debug ("%s: gcry_pk_verify: %s\n", __func__, gpg_strerror (err));
leave:
xfree (sigval);

2
dirmngr/validate.c
View File

@ -1172,7 +1172,7 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
if (!err)
err = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (DBG_X509)
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err));
log_debug ("%s: gcry_pk_verify: %s\n", __func__, gpg_strerror (err));
leave:
gcry_md_close (md);