mirror of
git://git.gnupg.org/gnupg.git
synced 2024-07-06 03:19:21 +02:00
* seskey.c (encode_md_value): Print an error message if a wrong
digest algorithm is used with DSA. Changed all callers to cope with a NULL return. Problem noted by Imad R. Faiad.
This commit is contained in:
parent
30c8d23aff
commit
aedeefcc5f
@ -1,3 +1,9 @@
|
|||||||
|
2002-04-18 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* seskey.c (encode_md_value): Print an error message if a wrong
|
||||||
|
digest algorithm is used with DSA. Changed all callers to cope
|
||||||
|
with a NULL return. Problem noted by Imad R. Faiad.
|
||||||
|
|
||||||
2002-04-18 David Shaw <dshaw@jabberwocky.com>
|
2002-04-18 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable
|
* trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable
|
||||||
|
@ -195,6 +195,12 @@ encode_md_value( int pubkey_algo, MD_HANDLE md, int hash_algo,
|
|||||||
MPI frame;
|
MPI frame;
|
||||||
|
|
||||||
if( pubkey_algo == PUBKEY_ALGO_DSA ) {
|
if( pubkey_algo == PUBKEY_ALGO_DSA ) {
|
||||||
|
mdlen = md_digest_length (hash_algo);
|
||||||
|
if (mdlen != 20) {
|
||||||
|
log_error (_("DSA requires the use of a 160 bit hash algorithm\n"));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
frame = md_is_secure(md)? mpi_alloc_secure((md_digest_length(hash_algo)
|
frame = md_is_secure(md)? mpi_alloc_secure((md_digest_length(hash_algo)
|
||||||
+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB )
|
+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB )
|
||||||
: mpi_alloc((md_digest_length(hash_algo)
|
: mpi_alloc((md_digest_length(hash_algo)
|
||||||
|
@ -291,6 +291,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
|||||||
|
|
||||||
result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
|
result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
|
||||||
mpi_get_nbits(pk->pkey[0]), 0 );
|
mpi_get_nbits(pk->pkey[0]), 0 );
|
||||||
|
if (!result)
|
||||||
|
return G10ERR_GENERAL;
|
||||||
ctx.sig = sig;
|
ctx.sig = sig;
|
||||||
ctx.md = digest;
|
ctx.md = digest;
|
||||||
rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
|
rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
|
||||||
@ -302,10 +304,14 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
|||||||
* the hash right. There is no problem with DSA however */
|
* the hash right. There is no problem with DSA however */
|
||||||
result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
|
result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
|
||||||
mpi_get_nbits(pk->pkey[0]), (sig->version < 5) );
|
mpi_get_nbits(pk->pkey[0]), (sig->version < 5) );
|
||||||
ctx.sig = sig;
|
if (!result)
|
||||||
ctx.md = digest;
|
rc = G10ERR_GENERAL;
|
||||||
rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
|
else {
|
||||||
cmp_help, &ctx );
|
ctx.sig = sig;
|
||||||
|
ctx.md = digest;
|
||||||
|
rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
|
||||||
|
cmp_help, &ctx );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if( !rc && sig->flags.unknown_critical ) {
|
if( !rc && sig->flags.unknown_critical ) {
|
||||||
|
10
g10/sign.c
10
g10/sign.c
@ -246,6 +246,8 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
|
|||||||
sig->digest_start[1] = dp[1];
|
sig->digest_start[1] = dp[1];
|
||||||
frame = encode_md_value( sk->pubkey_algo, md,
|
frame = encode_md_value( sk->pubkey_algo, md,
|
||||||
digest_algo, mpi_get_nbits(sk->skey[0]), 0 );
|
digest_algo, mpi_get_nbits(sk->skey[0]), 0 );
|
||||||
|
if (!frame)
|
||||||
|
return G10ERR_GENERAL;
|
||||||
rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
|
rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
|
||||||
mpi_free(frame);
|
mpi_free(frame);
|
||||||
if (!rc && !opt.no_sig_create_check) {
|
if (!rc && !opt.no_sig_create_check) {
|
||||||
@ -260,8 +262,12 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
|
|||||||
frame = encode_md_value (pk->pubkey_algo, md,
|
frame = encode_md_value (pk->pubkey_algo, md,
|
||||||
sig->digest_algo,
|
sig->digest_algo,
|
||||||
mpi_get_nbits(pk->pkey[0]), 0);
|
mpi_get_nbits(pk->pkey[0]), 0);
|
||||||
rc = pubkey_verify (pk->pubkey_algo, frame, sig->data, pk->pkey,
|
if (!frame)
|
||||||
NULL, NULL );
|
rc = G10ERR_GENERAL;
|
||||||
|
else
|
||||||
|
rc = pubkey_verify (pk->pubkey_algo, frame,
|
||||||
|
sig->data, pk->pkey,
|
||||||
|
NULL, NULL );
|
||||||
mpi_free (frame);
|
mpi_free (frame);
|
||||||
}
|
}
|
||||||
if (rc)
|
if (rc)
|
||||||
|
Loading…
Reference in New Issue
Block a user