security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

dirmngr: Support rsaPSS also in the general validate module.

Browse source 
* dirmngr/validate.c (hash_algo_from_buffer): New.
(uint_from_buffer): New.
(check_cert_sig): Support rsaPSS.
* sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on
error.
--

Yes, I know that there is a lot of code duplication.  In fact some of
the code is ugly and it would be better if we enhance Libgcrypt to
guarantee that returned memory buffers via gcry_sexp_extract_param are
allways Nul terminated and we should also enhance that function to
directly extract into an unsigned int or char *.

GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-04-09 13:05:55 +02:00
parent b45ab0ca08
commit ba34f14153
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
2 changed files with 133 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

6
sm/certcheck.c
View file

@ -340,10 +340,14 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
if (saltlen < 20)
{
log_error ("length of PSS salt too short\n");
gcry_sexp_release (s_sig);
return gpg_error (GPG_ERR_DIGEST_ALGO);
}
if (!algo)
return gpg_error (GPG_ERR_DIGEST_ALGO);
{
gcry_sexp_release (s_sig);
return gpg_error (GPG_ERR_DIGEST_ALGO);
}
/* log_debug ("PSS hash=%d saltlen=%u\n", algo, saltlen); */
}