diff options
| author | Werner Koch <[email protected]> | 2008-12-11 17:46:16 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2008-12-11 17:46:16 +0000 |
| commit | 7fd24253c169b60cd1b1fe067b6e4ef03b098362 (patch) | |
| tree | a56e039e097fc039ec99cdcd1a46f5a09766757b | |
| parent | Close message digest; fixes memory leak. (diff) | |
| download | gnupg-7fd24253c169b60cd1b1fe067b6e4ef03b098362.tar.gz gnupg-7fd24253c169b60cd1b1fe067b6e4ef03b098362.zip | |
Change SIG_ID computation to m
| -rw-r--r-- | g10/ChangeLog | 2 | ||||
| -rw-r--r-- | g10/sig-check.c | 28 |
2 files changed, 22 insertions, 8 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 4d977b443..0ac894f1c 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,6 +1,8 @@ 2008-12-11 Werner Koch <[email protected]> * sig-check.c (check_revocation_keys): Close message digest. + (signature_check2): Switch to SHA-1 for SIG_ID computation. This + is to match 2.0.10. 2008-12-09 Werner Koch <[email protected]> diff --git a/g10/sig-check.c b/g10/sig-check.c index 834bf98db..8107ba23e 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -124,19 +124,31 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate, * and the timestamp, but the drawback of this is, that it is * not possible to sign more than one identical document within * one second. Some remote batch processing applications might - * like this feature here */ + * like this feature here. + * + * Note that before 1.4.10, we used RIPE-MD160 for the hash + * and accidently didn't include the timestamp and algorithm + * information in the hash. Given that this feature is not + * commonly used and that a replay attacks detection should + * not solely be based on this feature (because it does not + * work with RSA), we take the freedom and switch to SHA-1 + * with 1.4.10 to take advantage of hardware supported SHA-1 + * implementations and to match the 2.0.10 behaviour. We also + * include the missing information in the hash. Note also the + * SIG_ID as computed by gpg 1.x and gpg 2.x didn't matched + * either because 2.x used to print MPIs not in PGP format. */ MD_HANDLE md; u32 a = sig->timestamp; int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); byte *p, *buffer; - md = md_open( DIGEST_ALGO_RMD160, 0); - md_putc( digest, sig->pubkey_algo ); - md_putc( digest, sig->digest_algo ); - md_putc( digest, (a >> 24) & 0xff ); - md_putc( digest, (a >> 16) & 0xff ); - md_putc( digest, (a >> 8) & 0xff ); - md_putc( digest, a & 0xff ); + md = md_open (DIGEST_ALGO_SHA1, 0); + md_putc (md, sig->pubkey_algo); + md_putc (md, sig->digest_algo); + md_putc (md, (a >> 24) & 0xff); + md_putc (md, (a >> 16) & 0xff); + md_putc (md, (a >> 8) & 0xff); + md_putc (md, a & 0xff); for(i=0; i < nsig; i++ ) { unsigned n = mpi_get_nbits( sig->data[i]); |