1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Verify created signatures.

This commit is contained in:
Werner Koch 2001-03-24 16:29:31 +00:00
parent f3b2ef0b93
commit 3b866e74a8
11 changed files with 73 additions and 8 deletions

5
TODO
View File

@ -1,4 +1,7 @@
* Check that no secret temporary results are stored in the result parameter
of the mpi functions. We have already done this for mpi-mul.c
* Dlopen does not yet work under W32.
* check whether we can remove all the expire stuff in trustdb because this
@ -42,6 +45,8 @@
* Add an is_valid flag to each user ID.
* Make --pipemode work.
Scheduled for 1.1
-----------------
* David C Niemi pointed out that the code for --no-default-keyring does not

View File

@ -1,3 +1,7 @@
2001-03-23 Werner Koch <wk@gnupg.org>
* DETAILS: New status UNEXPECTED.
2001-03-13 Werner Koch <wk@gnupg.org>
* gpg.sgml: Described --fixed-list-mode.

View File

@ -119,6 +119,11 @@ more arguments in future versions.
3 - Invalid packet found, this may indicate a non OpenPGP message.
You may see more than one of these status lines.
UNEXPECTED <what>
Unexpected data has been encountered
0 - not further specified 1
TRUST_UNDEFINED
TRUST_NEVER
TRUST_MARGINAL

View File

@ -1,3 +1,12 @@
2001-03-24 Werner Koch <wk@gnupg.org>
* sign.c (do_sign): Verify the signature right after creation.
2001-03-23 Werner Koch <wk@gnupg.org>
* status.c, status.h (STATUS_UNEXPECTED): New.
* mainproc.c (do_proc_packets): And emit it here.
2001-03-21 Werner Koch <wk@gnupg.org>
* status.c: Add sys/types.h so that it runs on Ultrix. Reported

View File

@ -1067,6 +1067,7 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_PUBKEY_ENC:
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC:
write_status_text( STATUS_UNEXPECTED, "0" );
rc = G10ERR_UNEXPECTED;
goto leave;
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
@ -1082,6 +1083,7 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
case PKT_USER_ID:
write_status_text( STATUS_UNEXPECTED, "0" );
rc = G10ERR_UNEXPECTED;
goto leave;
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;

View File

@ -108,7 +108,7 @@ pipemode_filter( void *opaque, int control,
/* FIXME: we have to make sure that we have a large enough
* buffer for a control packet even after we already read
* something. The easest way to do this is probably by ungetting
* the control sequenceand and returning the buffer we have
* the control sequence and returning the buffer we have
* already assembled */
int c = iobuf_get (a);
if (c == -1) {

View File

@ -132,6 +132,27 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
digest_algo, mpi_get_nbits(sk->skey[0]), 0 );
rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
mpi_free(frame);
if (!rc) {
/* check that the signature verification worked and nothing is
* fooling us e.g. by a bug in the signature create
* code or by deliberately introduced faults. */
PKT_public_key *pk = m_alloc_clear (sizeof *pk);
if( get_pubkey( pk, sig->keyid ) )
rc = G10ERR_NO_PUBKEY;
else {
frame = encode_md_value (pk->pubkey_algo, md,
sig->digest_algo,
mpi_get_nbits(pk->pkey[0]), 0);
rc = pubkey_verify (pk->pubkey_algo, frame, sig->data, pk->pkey,
NULL, NULL );
mpi_free (frame);
}
if (rc)
log_error (_("checking created signature failed: %s\n"),
g10_errstr (rc));
free_public_key (pk);
}
if( rc )
log_error(_("signing failed: %s\n"), g10_errstr(rc) );
else {
@ -154,10 +175,6 @@ complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md )
if( !(rc=check_secret_key( sk, 0 )) )
rc = do_sign( sk, sig, md, 0 );
/* fixme: should we check whether the signature is okay?
* maybe by using an option */
return rc;
}

View File

@ -139,6 +139,7 @@ get_status_string ( int no )
case STATUS_END_STREAM : s = "END_STREAM"; break;
case STATUS_KEY_CREATED : s = "KEY_CREATED"; break;
case STATUS_USERID_HINT : s = "USERID_HINT"; break;
case STATUS_UNEXPECTED : s = "UNEXPECTED"; break;
default: s = "?"; break;
}
return s;

View File

@ -89,7 +89,7 @@
#define STATUS_END_STREAM 57
#define STATUS_KEY_CREATED 58
#define STATUS_USERID_HINT 59
#define STATUS_UNEXPECTED 60
/*-- status.c --*/
void set_status_fd ( int fd );

View File

@ -1,3 +1,8 @@
2001-03-24 Werner Koch <wk@gnupg.org>
* mpi-mul.c (mpi_mul): Make sure that secret temporary results are
not stored in w. Suggested by Florian Weimer.
2001-03-18 Werner Koch <wk@gnupg.org>
* config.links (mpi_sflags): Use i386 code for i386. According to

View File

@ -120,6 +120,7 @@ mpi_mul( MPI w, MPI u, MPI v)
int assign_wp=0;
mpi_ptr_t tmp_limb=NULL;
if( u->nlimbs < v->nlimbs ) { /* Swap U and V. */
usize = v->nlimbs;
usign = v->sign;
@ -145,7 +146,15 @@ mpi_mul( MPI w, MPI u, MPI v)
/* Ensure W has space enough to store the result. */
wsize = usize + vsize;
if( w->alloced < wsize ) {
if ( !mpi_is_secure (w) && (mpi_is_secure (u) || mpi_is_secure (v)) ) {
/* w is not allocated in secure space but u or v is. To make sure
* that no temporray results are stored in w, we temporary use
* a newly allocated limb space for w */
wp = mpi_alloc_limb_space( wsize, 1 );
assign_wp = 2; /* mark it as 2 so that we can later copy it back to
* mormal memory */
}
else if( w->alloced < wsize ) {
if( wp == up || wp == vp ) {
wp = mpi_alloc_limb_space( wsize, mpi_is_secure(w) );
assign_wp = 1;
@ -180,8 +189,16 @@ mpi_mul( MPI w, MPI u, MPI v)
wsize -= cy? 0:1;
}
if( assign_wp )
if( assign_wp ) {
if (assign_wp == 2) {
/* copy the temp wp from secure memory back to normal memory */
mpi_ptr_t tmp_wp = mpi_alloc_limb_space (wsize, 0);
MPN_COPY (tmp_wp, wp, wsize);
mpi_free_limb_space (wp);
wp = tmp_wp;
}
mpi_assign_limb_space( w, wp, wsize );
}
w->nlimbs = wsize;
w->sign = sign_product;
if( tmp_limb )