mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
* sig-check.c (do_check): Code to try both the incorrect and correct
SHA-224 DER prefixes when verifying a signature. See the change itself for more discussion. * main.h, seskey.c (do_encode_md): Rename to pkcs1_encode_md and make non-static.
This commit is contained in:
parent
154407fd38
commit
a92fa61c48
@ -1,5 +1,12 @@
|
|||||||
2007-11-28 David Shaw <dshaw@jabberwocky.com>
|
2007-11-28 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* sig-check.c (do_check): Code to try both the incorrect and
|
||||||
|
correct SHA-224 DER prefixes when verifying a signature. See the
|
||||||
|
change itself for more discussion.
|
||||||
|
|
||||||
|
* main.h, seskey.c (do_encode_md): Rename to pkcs1_encode_md and
|
||||||
|
make non-static.
|
||||||
|
|
||||||
* gpg.c (print_algo_names): New.
|
* gpg.c (print_algo_names): New.
|
||||||
(list_config): Use it here for the "ciphername" and "digestname"
|
(list_config): Use it here for the "ciphername" and "digestname"
|
||||||
config items so we can get a script-parseable list of the names.
|
config items so we can get a script-parseable list of the names.
|
||||||
@ -13210,8 +13217,8 @@ Thu Feb 12 22:24:42 1998 Werner Koch (wk@frodo)
|
|||||||
* pubkey-enc.c (get_session_key): rewritten
|
* pubkey-enc.c (get_session_key): rewritten
|
||||||
|
|
||||||
|
|
||||||
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
|
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
||||||
2004, 2005, 2006 Free Software Foundation, Inc.
|
2007 Free Software Foundation, Inc.
|
||||||
|
|
||||||
This file is free software; as a special exception the author gives
|
This file is free software; as a special exception the author gives
|
||||||
unlimited permission to copy and/or distribute it, with or without
|
unlimited permission to copy and/or distribute it, with or without
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/* main.h
|
/* main.h
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
||||||
* 2006 Free Software Foundation, Inc.
|
* 2007 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -200,6 +200,8 @@ void try_make_homedir( const char *fname );
|
|||||||
/*-- seskey.c --*/
|
/*-- seskey.c --*/
|
||||||
void make_session_key( DEK *dek );
|
void make_session_key( DEK *dek );
|
||||||
MPI encode_session_key( DEK *dek, unsigned nbits );
|
MPI encode_session_key( DEK *dek, unsigned nbits );
|
||||||
|
MPI pkcs1_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
|
||||||
|
const byte *asn, size_t asnlen );
|
||||||
MPI encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
|
MPI encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
|
||||||
MD_HANDLE md, int hash_algo );
|
MD_HANDLE md, int hash_algo );
|
||||||
|
|
||||||
|
12
g10/seskey.c
12
g10/seskey.c
@ -1,6 +1,6 @@
|
|||||||
/* seskey.c - make sesssion keys etc.
|
/* seskey.c - make sesssion keys etc.
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006,
|
||||||
* 2006 Free Software Foundation, Inc.
|
* 2007 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -29,7 +29,6 @@
|
|||||||
#include "main.h"
|
#include "main.h"
|
||||||
#include "i18n.h"
|
#include "i18n.h"
|
||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Make a session key and put it into DEK
|
* Make a session key and put it into DEK
|
||||||
*/
|
*/
|
||||||
@ -142,9 +141,8 @@ encode_session_key( DEK *dek, unsigned nbits )
|
|||||||
return a;
|
return a;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
MPI
|
||||||
static MPI
|
pkcs1_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
|
||||||
do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
|
|
||||||
const byte *asn, size_t asnlen )
|
const byte *asn, size_t asnlen )
|
||||||
{
|
{
|
||||||
int nframe = (nbits+7) / 8;
|
int nframe = (nbits+7) / 8;
|
||||||
@ -260,7 +258,7 @@ encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
|
|||||||
size_t asnlen,mdlen;
|
size_t asnlen,mdlen;
|
||||||
|
|
||||||
asn = md_asn_oid( hash_algo, &asnlen, &mdlen );
|
asn = md_asn_oid( hash_algo, &asnlen, &mdlen );
|
||||||
frame = do_encode_md( md, hash_algo, mdlen,
|
frame = pkcs1_encode_md( md, hash_algo, mdlen,
|
||||||
mpi_get_nbits(pk?pk->pkey[0]:sk->skey[0]),
|
mpi_get_nbits(pk?pk->pkey[0]:sk->skey[0]),
|
||||||
asn, asnlen );
|
asn, asnlen );
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/* sig-check.c - Check a signature
|
/* sig-check.c - Check a signature
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
||||||
* 2004 Free Software Foundation, Inc.
|
* 2007 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -280,6 +280,32 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
|||||||
rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
|
rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
|
||||||
mpi_free( result );
|
mpi_free( result );
|
||||||
|
|
||||||
|
if(rc==G10ERR_BAD_SIGN && is_RSA(pk->pubkey_algo)
|
||||||
|
&& sig->digest_algo==DIGEST_ALGO_SHA224)
|
||||||
|
{
|
||||||
|
/* This code is to work around a SHA-224 problem. RFC-4880
|
||||||
|
and the drafts leading up to it were published with the
|
||||||
|
wrong DER prefix for SHA-224. Unfortunately, GPG pre-1.4.8
|
||||||
|
used this wrong prefix. What this code does is take all
|
||||||
|
bad RSA signatures that use SHA-224, and re-checks them
|
||||||
|
using the old, incorrect, DER prefix. Someday we should
|
||||||
|
remove this code, and when we do remove it, pkcs1_encode_md
|
||||||
|
can be made into a static function again. Note that GPG2
|
||||||
|
does not have this issue as it uses libgcrypt, which is
|
||||||
|
being fixed while it is still a development version. */
|
||||||
|
|
||||||
|
/* The incorrect SHA-224 DER prefix used in pre-1.4.8 */
|
||||||
|
static byte asn[]={0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
|
||||||
|
0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,
|
||||||
|
0x00, 0x04, 0x20};
|
||||||
|
|
||||||
|
result=pkcs1_encode_md(digest,DIGEST_ALGO_SHA224,28,
|
||||||
|
mpi_get_nbits(pk->pkey[0]),asn,DIM(asn));
|
||||||
|
|
||||||
|
rc=pubkey_verify(pk->pubkey_algo,result,sig->data,pk->pkey);
|
||||||
|
mpi_free(result);
|
||||||
|
}
|
||||||
|
|
||||||
if( !rc && sig->flags.unknown_critical )
|
if( !rc && sig->flags.unknown_critical )
|
||||||
{
|
{
|
||||||
log_info(_("assuming bad signature from key %s"
|
log_info(_("assuming bad signature from key %s"
|
||||||
|
Loading…
x
Reference in New Issue
Block a user