diff options
| author | Werner Koch <[email protected]> | 2002-04-18 19:38:34 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2002-04-18 19:38:34 +0000 |
| commit | aedeefcc5f7020a2e73e73c0eef23f05e94d3245 (patch) | |
| tree | 5755cc708c9a95848a7248332098668cbc4199ce | |
| parent | * rndlinux.c, rndegd.c, rndunix.c (func_table): Made func a (diff) | |
| download | gnupg-aedeefcc5f7020a2e73e73c0eef23f05e94d3245.tar.gz gnupg-aedeefcc5f7020a2e73e73c0eef23f05e94d3245.zip | |
* seskey.c (encode_md_value): Print an error message if a wrong
digest algorithm is used with DSA. Changed all callers to cope
with a NULL return. Problem noted by Imad R. Faiad.
| -rw-r--r-- | g10/ChangeLog | 6 | ||||
| -rw-r--r-- | g10/seskey.c | 6 | ||||
| -rw-r--r-- | g10/sig-check.c | 14 | ||||
| -rw-r--r-- | g10/sign.c | 10 |
4 files changed, 30 insertions, 6 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index e7714cc1e..8527827d8 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2002-04-18 Werner Koch <[email protected]> + + * seskey.c (encode_md_value): Print an error message if a wrong + digest algorithm is used with DSA. Changed all callers to cope + with a NULL return. Problem noted by Imad R. Faiad. + 2002-04-18 David Shaw <[email protected]> * trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable diff --git a/g10/seskey.c b/g10/seskey.c index 844f2e4c1..fc912eeb5 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -195,6 +195,12 @@ encode_md_value( int pubkey_algo, MD_HANDLE md, int hash_algo, MPI frame; if( pubkey_algo == PUBKEY_ALGO_DSA ) { + mdlen = md_digest_length (hash_algo); + if (mdlen != 20) { + log_error (_("DSA requires the use of a 160 bit hash algorithm\n")); + return NULL; + } + frame = md_is_secure(md)? mpi_alloc_secure((md_digest_length(hash_algo) +BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ) : mpi_alloc((md_digest_length(hash_algo) diff --git a/g10/sig-check.c b/g10/sig-check.c index fd7cb379e..6920b8c13 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -291,6 +291,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest, result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo, mpi_get_nbits(pk->pkey[0]), 0 ); + if (!result) + return G10ERR_GENERAL; ctx.sig = sig; ctx.md = digest; rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey, @@ -302,10 +304,14 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest, * the hash right. There is no problem with DSA however */ result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo, mpi_get_nbits(pk->pkey[0]), (sig->version < 5) ); - ctx.sig = sig; - ctx.md = digest; - rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey, - cmp_help, &ctx ); + if (!result) + rc = G10ERR_GENERAL; + else { + ctx.sig = sig; + ctx.md = digest; + rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey, + cmp_help, &ctx ); + } } if( !rc && sig->flags.unknown_critical ) { diff --git a/g10/sign.c b/g10/sign.c index c1a09bae4..155dab6dc 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -246,6 +246,8 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, sig->digest_start[1] = dp[1]; frame = encode_md_value( sk->pubkey_algo, md, digest_algo, mpi_get_nbits(sk->skey[0]), 0 ); + if (!frame) + return G10ERR_GENERAL; rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey ); mpi_free(frame); if (!rc && !opt.no_sig_create_check) { @@ -260,8 +262,12 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, frame = encode_md_value (pk->pubkey_algo, md, sig->digest_algo, mpi_get_nbits(pk->pkey[0]), 0); - rc = pubkey_verify (pk->pubkey_algo, frame, sig->data, pk->pkey, - NULL, NULL ); + if (!frame) + rc = G10ERR_GENERAL; + else + rc = pubkey_verify (pk->pubkey_algo, frame, + sig->data, pk->pkey, + NULL, NULL ); mpi_free (frame); } if (rc) |