security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-11 23:59:50 +02:00
Code Activity

agent: Fix RSA verification for card.

Browse Source 
* agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
of shadowed key.

--

Reported-by: Justus Winter
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2016-01-05 10:15:49 +09:00
parent 575c15a090
commit ff3b607fc8
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
agent/pksign.c
View File

@ -492,21 +492,20 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
* for RSA internally there is no need to do it here again. */ * for RSA internally there is no need to do it here again. */
if (check_signature) if (check_signature)
{ {
gcry_sexp_t sexp_key = s_pkey? s_pkey: s_skey;
if (s_hash == NULL) if (s_hash == NULL)
{ {
if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1) if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
rc = do_encode_raw_pkcs1 (data, datalen, rc = do_encode_raw_pkcs1 (data, datalen,
gcry_pk_get_nbits (s_skey), gcry_pk_get_nbits (sexp_key), &s_hash);
&s_hash);
else else
rc = do_encode_md (data, datalen, rc = do_encode_md (data, datalen, ctrl->digest.algo, &s_hash,
ctrl->digest.algo,
&s_hash,
ctrl->digest.raw_value); ctrl->digest.raw_value);
} }
if (! rc) if (! rc)
rc = gcry_pk_verify (s_sig, s_hash, s_pkey? s_pkey: s_skey); rc = gcry_pk_verify (s_sig, s_hash, sexp_key);
if (rc) if (rc)
{ {