diff options
| author | David Shaw <[email protected]> | 2003-12-13 03:53:27 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2003-12-13 03:53:27 +0000 |
| commit | f5d4b8dc0687c2e818881d9214a38771b491d5e6 (patch) | |
| tree | 2e7fcf379ece4911bef56ec7d882615c493005f7 | |
| parent | * packet.h, build-packet.c (hash_public_key): Remove function ... (diff) | |
| download | gnupg-f5d4b8dc0687c2e818881d9214a38771b491d5e6.tar.gz gnupg-f5d4b8dc0687c2e818881d9214a38771b491d5e6.zip | |
* sig-check.c (do_check): Move the signing algo and hash checks from
here... (signature_check2): ... to here. (check_key_signature2): ... and
here. This is a minor optimization to avoid fetching a key (which can be
expensive, especially if it is not self-signed, and there are many key
signatures on it which need to be checked for ultimate trust) if the
signature would have failed anyway because of algorithm or hash problems.
| -rw-r--r-- | g10/ChangeLog | 12 | ||||
| -rw-r--r-- | g10/sig-check.c | 27 |
2 files changed, 27 insertions, 12 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 07cc6f5a2..6285f73ee 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,15 @@ +2003-12-12 David Shaw <[email protected]> + + * sig-check.c (do_check): Move the signing algo and hash checks + from here... + (signature_check2): ... to here. + (check_key_signature2): ... and here. This is a minor + optimization to avoid fetching a key (which can be expensive, + especially if it is not self-signed, and there are many key + signatures on it which need to be checked for ultimate trust) if + the signature would have failed anyway because of algorithm or + hash problems. + 2003-12-10 David Shaw <[email protected]> * packet.h, build-packet.c (hash_public_key): Remove function ... diff --git a/g10/sig-check.c b/g10/sig-check.c index 403d07d95..a1287101d 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -1,6 +1,6 @@ /* sig-check.c - Check a signature - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 - * Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, + * 2003 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -61,15 +61,20 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate, PKT_public_key *pk = m_alloc_clear( sizeof *pk ); int rc=0; - /* Sanity check that the md has a context for the hash that the - sig is expecting. This can happen if a onepass sig header does - not match the actual sig, and also if the clearsign "Hash:" - header is missing or does not match the actual sig. */ + if( (rc=check_digest_algo(sig->digest_algo)) ) + ; /* we don't have this digest */ + else if((rc=check_pubkey_algo(sig->pubkey_algo))) + ; /* we don't have this pubkey algo */ + else if(!md_algo_present(digest,sig->digest_algo)) + { + /* Sanity check that the md has a context for the hash that the + sig is expecting. This can happen if a onepass sig header does + not match the actual sig, and also if the clearsign "Hash:" + header is missing or does not match the actual sig. */ - if(!md_algo_present(digest,sig->digest_algo)) { log_info(_("WARNING: signature digest conflict in message\n")); rc=G10ERR_GENERAL; - } + } else if( get_pubkey( pk, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; else if(!pk->is_valid && !pk->is_primary) @@ -274,10 +279,6 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest, if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) ) return rc; - if( (rc=check_digest_algo(sig->digest_algo)) ) - return rc; - if( (rc=check_pubkey_algo(sig->pubkey_algo)) ) - return rc; /* make sure the digest algo is enabled (in case of a detached signature)*/ md_enable( digest, sig->digest_algo ); @@ -518,6 +519,8 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk, } } + if( (rc=check_pubkey_algo(sig->pubkey_algo)) ) + return rc; if( (rc=check_digest_algo(algo)) ) return rc; |