security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

Change SIG_ID computation to m

Browse Source
This commit is contained in:
Werner Koch 2008-12-11 17:46:16 +00:00
parent 09176a79b9
commit 7fd24253c1
2 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
g10/ChangeLog
View File

@ -1,6 +1,8 @@
2008-12-11 Werner Koch <wk@g10code.com> 2008-12-11 Werner Koch <wk@g10code.com>
* sig-check.c (check_revocation_keys): Close message digest. * sig-check.c (check_revocation_keys): Close message digest.
(signature_check2): Switch to SHA-1 for SIG_ID computation. This
is to match 2.0.10.
2008-12-09 Werner Koch <wk@g10code.com> 2008-12-09 Werner Koch <wk@g10code.com>

28
g10/sig-check.c
View File

@ -124,19 +124,31 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
* and the timestamp, but the drawback of this is, that it is * and the timestamp, but the drawback of this is, that it is
* not possible to sign more than one identical document within * not possible to sign more than one identical document within
* one second. Some remote batch processing applications might * one second. Some remote batch processing applications might
* like this feature here */ * like this feature here.
*
* Note that before 1.4.10, we used RIPE-MD160 for the hash
* and accidently didn't include the timestamp and algorithm
* information in the hash. Given that this feature is not
* commonly used and that a replay attacks detection should
* not solely be based on this feature (because it does not
* work with RSA), we take the freedom and switch to SHA-1
* with 1.4.10 to take advantage of hardware supported SHA-1
* implementations and to match the 2.0.10 behaviour. We also
* include the missing information in the hash. Note also the
* SIG_ID as computed by gpg 1.x and gpg 2.x didn't matched
* either because 2.x used to print MPIs not in PGP format. */
MD_HANDLE md; MD_HANDLE md;
u32 a = sig->timestamp; u32 a = sig->timestamp;
int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); int i, nsig = pubkey_get_nsig( sig->pubkey_algo );
byte *p, *buffer; byte *p, *buffer;
md = md_open( DIGEST_ALGO_RMD160, 0); md = md_open (DIGEST_ALGO_SHA1, 0);
md_putc( digest, sig->pubkey_algo ); md_putc (md, sig->pubkey_algo);
md_putc( digest, sig->digest_algo ); md_putc (md, sig->digest_algo);
md_putc( digest, (a >> 24) & 0xff ); md_putc (md, (a >> 24) & 0xff);
md_putc( digest, (a >> 16) & 0xff ); md_putc (md, (a >> 16) & 0xff);
md_putc( digest, (a >> 8) & 0xff ); md_putc (md, (a >> 8) & 0xff);
md_putc( digest, a & 0xff ); md_putc (md, a & 0xff);
for(i=0; i < nsig; i++ ) { for(i=0; i < nsig; i++ ) {
unsigned n = mpi_get_nbits( sig->data[i]); unsigned n = mpi_get_nbits( sig->data[i]);