security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-13 22:21:09 +02:00
Code Activity

* sig-check.c (do_check): Move the signing algo and hash checks from

Browse Source 
here... (signature_check2): ... to here. (check_key_signature2): ... and
here.  This is a minor optimization to avoid fetching a key (which can be
expensive, especially if it is not self-signed, and there are many key
signatures on it which need to be checked for ultimate trust) if the
signature would have failed anyway because of algorithm or hash problems.
This commit is contained in:
David Shaw 2003-12-13 03:53:27 +00:00
parent db5ab5e730
commit f5d4b8dc06
2 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
g10/ChangeLog
View File

@ -1,3 +1,15 @@
2003-12-12 David Shaw <dshaw@jabberwocky.com>
* sig-check.c (do_check): Move the signing algo and hash checks
from here...
(signature_check2): ... to here.
(check_key_signature2): ... and here. This is a minor
optimization to avoid fetching a key (which can be expensive,
especially if it is not self-signed, and there are many key
signatures on it which need to be checked for ultimate trust) if
the signature would have failed anyway because of algorithm or
hash problems.
2003-12-10 David Shaw <dshaw@jabberwocky.com> 2003-12-10 David Shaw <dshaw@jabberwocky.com>
* packet.h, build-packet.c (hash_public_key): Remove function ... * packet.h, build-packet.c (hash_public_key): Remove function ...

27
g10/sig-check.c
View File

@ -1,6 +1,6 @@
/* sig-check.c - Check a signature /* sig-check.c - Check a signature
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 * Copyright (C) 1998, 1999, 2000, 2001, 2002,
* Free Software Foundation, Inc. * 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -61,15 +61,20 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
PKT_public_key *pk = m_alloc_clear( sizeof *pk ); PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0; int rc=0;
/* Sanity check that the md has a context for the hash that the if( (rc=check_digest_algo(sig->digest_algo)) )
sig is expecting. This can happen if a onepass sig header does ; /* we don't have this digest */
not match the actual sig, and also if the clearsign "Hash:" else if((rc=check_pubkey_algo(sig->pubkey_algo)))
header is missing or does not match the actual sig. */ ; /* we don't have this pubkey algo */
else if(!md_algo_present(digest,sig->digest_algo))
{
/* Sanity check that the md has a context for the hash that the
sig is expecting. This can happen if a onepass sig header does
not match the actual sig, and also if the clearsign "Hash:"
header is missing or does not match the actual sig. */
if(!md_algo_present(digest,sig->digest_algo)) {
log_info(_("WARNING: signature digest conflict in message\n")); log_info(_("WARNING: signature digest conflict in message\n"));
rc=G10ERR_GENERAL; rc=G10ERR_GENERAL;
} }
else if( get_pubkey( pk, sig->keyid ) ) else if( get_pubkey( pk, sig->keyid ) )
rc = G10ERR_NO_PUBKEY; rc = G10ERR_NO_PUBKEY;
else if(!pk->is_valid && !pk->is_primary) else if(!pk->is_valid && !pk->is_primary)
@ -274,10 +279,6 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) ) if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
return rc; return rc;
if( (rc=check_digest_algo(sig->digest_algo)) )
return rc;
if( (rc=check_pubkey_algo(sig->pubkey_algo)) )
return rc;
/* make sure the digest algo is enabled (in case of a detached signature)*/ /* make sure the digest algo is enabled (in case of a detached signature)*/
md_enable( digest, sig->digest_algo ); md_enable( digest, sig->digest_algo );
@ -518,6 +519,8 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
} }
} }
if( (rc=check_pubkey_algo(sig->pubkey_algo)) )
return rc;
if( (rc=check_digest_algo(algo)) ) if( (rc=check_digest_algo(algo)) )
return rc; return rc;