diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 9 | ||||
| -rw-r--r-- | g10/mainproc.c | 2 | ||||
| -rw-r--r-- | g10/pipemode.c | 2 | ||||
| -rw-r--r-- | g10/sign.c | 25 | ||||
| -rw-r--r-- | g10/status.c | 1 | ||||
| -rw-r--r-- | g10/status.h | 2 |
6 files changed, 35 insertions, 6 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index dd94799ce..adaabc9b9 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +2001-03-24 Werner Koch <[email protected]> + + * sign.c (do_sign): Verify the signature right after creation. + +2001-03-23 Werner Koch <[email protected]> + + * status.c, status.h (STATUS_UNEXPECTED): New. + * mainproc.c (do_proc_packets): And emit it here. + 2001-03-21 Werner Koch <[email protected]> * status.c: Add sys/types.h so that it runs on Ultrix. Reported diff --git a/g10/mainproc.c b/g10/mainproc.c index c307b2702..40d6258b1 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1067,6 +1067,7 @@ do_proc_packets( CTX c, IOBUF a ) case PKT_PUBKEY_ENC: case PKT_ENCRYPTED: case PKT_ENCRYPTED_MDC: + write_status_text( STATUS_UNEXPECTED, "0" ); rc = G10ERR_UNEXPECTED; goto leave; case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; @@ -1082,6 +1083,7 @@ do_proc_packets( CTX c, IOBUF a ) case PKT_PUBLIC_KEY: case PKT_SECRET_KEY: case PKT_USER_ID: + write_status_text( STATUS_UNEXPECTED, "0" ); rc = G10ERR_UNEXPECTED; goto leave; case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; diff --git a/g10/pipemode.c b/g10/pipemode.c index e2a318e29..54e461f46 100644 --- a/g10/pipemode.c +++ b/g10/pipemode.c @@ -108,7 +108,7 @@ pipemode_filter( void *opaque, int control, /* FIXME: we have to make sure that we have a large enough * buffer for a control packet even after we already read * something. The easest way to do this is probably by ungetting - * the control sequenceand and returning the buffer we have + * the control sequence and returning the buffer we have * already assembled */ int c = iobuf_get (a); if (c == -1) { diff --git a/g10/sign.c b/g10/sign.c index 6b603ebf7..4388a56a2 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -132,6 +132,27 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, digest_algo, mpi_get_nbits(sk->skey[0]), 0 ); rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey ); mpi_free(frame); + if (!rc) { + /* check that the signature verification worked and nothing is + * fooling us e.g. by a bug in the signature create + * code or by deliberately introduced faults. */ + PKT_public_key *pk = m_alloc_clear (sizeof *pk); + + if( get_pubkey( pk, sig->keyid ) ) + rc = G10ERR_NO_PUBKEY; + else { + frame = encode_md_value (pk->pubkey_algo, md, + sig->digest_algo, + mpi_get_nbits(pk->pkey[0]), 0); + rc = pubkey_verify (pk->pubkey_algo, frame, sig->data, pk->pkey, + NULL, NULL ); + mpi_free (frame); + } + if (rc) + log_error (_("checking created signature failed: %s\n"), + g10_errstr (rc)); + free_public_key (pk); + } if( rc ) log_error(_("signing failed: %s\n"), g10_errstr(rc) ); else { @@ -154,10 +175,6 @@ complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md ) if( !(rc=check_secret_key( sk, 0 )) ) rc = do_sign( sk, sig, md, 0 ); - - /* fixme: should we check whether the signature is okay? - * maybe by using an option */ - return rc; } diff --git a/g10/status.c b/g10/status.c index 44b858761..5bbdb19b8 100644 --- a/g10/status.c +++ b/g10/status.c @@ -139,6 +139,7 @@ get_status_string ( int no ) case STATUS_END_STREAM : s = "END_STREAM"; break; case STATUS_KEY_CREATED : s = "KEY_CREATED"; break; case STATUS_USERID_HINT : s = "USERID_HINT"; break; + case STATUS_UNEXPECTED : s = "UNEXPECTED"; break; default: s = "?"; break; } return s; diff --git a/g10/status.h b/g10/status.h index 0da063ff1..51a39f0a7 100644 --- a/g10/status.h +++ b/g10/status.h @@ -89,7 +89,7 @@ #define STATUS_END_STREAM 57 #define STATUS_KEY_CREATED 58 #define STATUS_USERID_HINT 59 - +#define STATUS_UNEXPECTED 60 /*-- status.c --*/ void set_status_fd ( int fd ); |