1 files changed, 48 insertions, 45 deletions

diff --git a/g10/sig-check.c b/g10/sig-check.c
index e5de025ca..fc6983993 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -210,33 +210,32 @@ check_signature2 (ctrl_t ctrl,
 
     }
 
-  if (!rc && sig->sig_class < 2 && is_status_enabled ())
-    {
-      /* This signature id works best with DLP algorithms because
-       * they use a random parameter for every signature.  Instead of
-       * this sig-id we could have also used the hash of the document
-       * and the timestamp, but the drawback of this is, that it is
-       * not possible to sign more than one identical document within
-       * one second.	Some remote batch processing applications might
-       * like this feature here.
-       *
-       * Note that before 2.0.10, we used RIPE-MD160 for the hash
-       * and accidentally didn't include the timestamp and algorithm
-       * information in the hash.  Given that this feature is not
-       * commonly used and that a replay attacks detection should
-       * not solely be based on this feature (because it does not
-       * work with RSA), we take the freedom and switch to SHA-1
-       * with 2.0.10 to take advantage of hardware supported SHA-1
-       * implementations.  We also include the missing information
-       * in the hash.  Note also the SIG_ID as computed by gpg 1.x
-       * and gpg 2.x didn't matched either because 2.x used to print
-       * MPIs not in PGP format.  */
-      u32 a = sig->timestamp;
-      int nsig = pubkey_get_nsig (sig->pubkey_algo);
-      unsigned char *p, *buffer;
-      size_t n, nbytes;
-      int i;
-      char hashbuf[20];
+    if( !rc && sig->sig_class < 2 && is_status_enabled() ) {
+	/* This signature id works best with DLP algorithms because
+	 * they use a random parameter for every signature.  Instead of
+	 * this sig-id we could have also used the hash of the document
+	 * and the timestamp, but the drawback of this is, that it is
+	 * not possible to sign more than one identical document within
+	 * one second.	Some remote batch processing applications might
+	 * like this feature here.
+         *
+         * Note that before 2.0.10, we used RIPE-MD160 for the hash
+         * and accidentally didn't include the timestamp and algorithm
+         * information in the hash.  Given that this feature is not
+         * commonly used and that a replay attacks detection should
+         * not solely be based on this feature (because it does not
+         * work with RSA), we take the freedom and switch to SHA-1
+         * with 2.0.10 to take advantage of hardware supported SHA-1
+         * implementations.  We also include the missing information
+         * in the hash.  Note also the SIG_ID as computed by gpg 1.x
+         * and gpg 2.x didn't matched either because 2.x used to print
+         * MPIs not in PGP format.  */
+	u32 a = sig->timestamp;
+	int nsig = pubkey_get_nsig( sig->pubkey_algo );
+	unsigned char *p, *buffer;
+        size_t n, nbytes;
+        int i;
+        char hashbuf[20];  /* We use SHA-1 here.  */
 
       nbytes = 6;
       for (i=0; i < nsig; i++ )
@@ -521,25 +520,29 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
 	  gcry_md_putc (digest, 0);
 	  n = 6;
 	}
-      /* Add some magic per Section 5.2.4 of RFC 4880.  */
-      buf[0] = sig->version;
-      buf[1] = 0xff;
-      buf[2] = n >> 24;
-      buf[3] = n >> 16;
-      buf[4] = n >>  8;
-      buf[5] = n;
-      gcry_md_write( digest, buf, 6 );
+	/* add some magic per Section 5.2.4 of RFC 4880.  */
+	buf[0] = sig->version;
+	buf[1] = 0xff;
+	buf[2] = n >> 24;
+	buf[3] = n >> 16;
+	buf[4] = n >>  8;
+	buf[5] = n;
+	gcry_md_write( digest, buf, 6 );
     }
-  gcry_md_final( digest );
-
-  /* Convert the digest to an MPI.  */
-  result = encode_md_value (pk, digest, sig->digest_algo );
-  if (!result)
-    return GPG_ERR_GENERAL;
-
-  /* Verify the signature.  */
-  rc = pk_verify (pk->pubkey_algo, result, sig->data, pk->pkey);
-  gcry_mpi_release (result);
+    gcry_md_final( digest );
+
+    /* Convert the digest to an MPI.  */
+    result = encode_md_value (pk, digest, sig->digest_algo );
+    if (!result)
+        return GPG_ERR_GENERAL;
+
+    /* Verify the signature.  */
+    if (DBG_CLOCK && sig->sig_class <= 0x01)
+      log_clock ("enter pk_verify");
+    rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
+    if (DBG_CLOCK && sig->sig_class <= 0x01)
+      log_clock ("leave pk_verify");
+    gcry_mpi_release (result);
 
   if (!rc && sig->flags.unknown_critical)
     {