* seskey.c (encode_md_value): Print an error message if a wrong

digest algorithm is used with DSA. Changed all callers to cope with a NULL return. Problem noted by Imad R. Faiad.
2025-01-10 13:04:23 +01:00 · 2002-04-18 19:38:34 +00:00 · 2002-04-18 19:38:34 +00:00 · aedeefcc5f
commit aedeefcc5f
parent 30c8d23aff
4 changed files with 30 additions and 6 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,9 @@
+2002-04-18  Werner Koch  <wk@gnupg.org>
+
+	* seskey.c (encode_md_value): Print an error message if a wrong
+	digest algorithm is used with DSA.  Changed all callers to cope
+	with a NULL return.  Problem noted by Imad R. Faiad.
+
 2002-04-18  David Shaw  <dshaw@jabberwocky.com>

 	* trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable
--- a/g10/seskey.c
+++ b/g10/seskey.c
@ -195,6 +195,12 @@ encode_md_value( int pubkey_algo, MD_HANDLE md, int hash_algo,
    MPI frame;

    if( pubkey_algo == PUBKEY_ALGO_DSA ) {
+        mdlen = md_digest_length (hash_algo);
+        if (mdlen != 20) {
+            log_error (_("DSA requires the use of a 160 bit hash algorithm\n"));
+            return NULL;
+        }
+
 	frame = md_is_secure(md)? mpi_alloc_secure((md_digest_length(hash_algo)
 				 +BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB )
 				: mpi_alloc((md_digest_length(hash_algo)
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -291,6 +291,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,

    result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
 			      mpi_get_nbits(pk->pkey[0]), 0 );
+    if (!result)
+        return G10ERR_GENERAL;
    ctx.sig = sig;
    ctx.md = digest;
    rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
@ -302,10 +304,14 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
 	 * the hash right. There is no problem with DSA however  */
 	result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
 			      mpi_get_nbits(pk->pkey[0]), (sig->version < 5) );
-	ctx.sig = sig;
-	ctx.md = digest;
-	rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
-			    cmp_help, &ctx );
+        if (!result)
+            rc = G10ERR_GENERAL;
+        else {
+            ctx.sig = sig;
+            ctx.md = digest;
+            rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
+                                cmp_help, &ctx );
+        }
    }

    if( !rc && sig->flags.unknown_critical ) {
--- a/g10/sign.c
+++ b/g10/sign.c
@ -246,6 +246,8 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
    sig->digest_start[1] = dp[1];
    frame = encode_md_value( sk->pubkey_algo, md,
 			     digest_algo, mpi_get_nbits(sk->skey[0]), 0 );
+    if (!frame)
+        return G10ERR_GENERAL;
    rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
    mpi_free(frame);
    if (!rc && !opt.no_sig_create_check) {
@ -260,8 +262,12 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
            frame = encode_md_value (pk->pubkey_algo, md,
                                     sig->digest_algo,
                                     mpi_get_nbits(pk->pkey[0]), 0);
-            rc = pubkey_verify (pk->pubkey_algo, frame, sig->data, pk->pkey,
-                                NULL, NULL );
+            if (!frame)
+                rc = G10ERR_GENERAL;
+            else
+                rc = pubkey_verify (pk->pubkey_algo, frame,
+                                    sig->data, pk->pkey,
+                                    NULL, NULL );
            mpi_free (frame);
        }
        if (rc)