dirmngr: Support rsaPSS also in the general validate module.

* dirmngr/validate.c (hash_algo_from_buffer): New.
(uint_from_buffer): New.
(check_cert_sig): Support rsaPSS.
* sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on
error.
--

Yes, I know that there is a lot of code duplication.  In fact some of
the code is ugly and it would be better if we enhance Libgcrypt to
guarantee that returned memory buffers via gcry_sexp_extract_param are
allways Nul terminated and we should also enhance that function to
directly extract into an unsigned int or char *.

GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <[email protected]>

1 files changed, 5 insertions, 1 deletions

diff --git a/sm/certcheck.c b/sm/certcheck.c
index 521f775ea..effab9ab9 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -340,10 +340,14 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
       if (saltlen < 20)
         {
           log_error ("length of PSS salt too short\n");
+          gcry_sexp_release (s_sig);
           return gpg_error (GPG_ERR_DIGEST_ALGO);
         }
       if (!algo)
-        return gpg_error (GPG_ERR_DIGEST_ALGO);
+        {
+          gcry_sexp_release (s_sig);
+          return gpg_error (GPG_ERR_DIGEST_ALGO);
+        }
       /* log_debug ("PSS hash=%d saltlen=%u\n", algo, saltlen); */
     }