Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
libgcrypt
libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgcrypt-fipsdrv-enable-algo-for-dsa-verify.patch of Package libgcrypt
--- libgcrypt-1.6.1-orig/tests/fipsdrv.c 2017-10-20 10:39:56.080098385 +0000 +++ libgcrypt-1.6.1-orig/tests/fipsdrv.c 2017-10-20 10:41:15.780098385 +0000 @@ -2288,7 +2288,7 @@ run_dsa_sign (const void *data, size_t d S-expression in KEYFILE against the S-expression formatted signature in SIGFILE. */ static void -run_dsa_verify (const void *data, size_t datalen, +run_dsa_verify (const void *data, size_t datalen, int hashalgo, const char *keyfile, const char *sigfile) { @@ -2297,15 +2297,23 @@ run_dsa_verify (const void *data, size_t char hash[128]; gcry_mpi_t tmpmpi; int algo; + int algo_len; + int hashalgo_len; s_key = read_sexp_from_file (keyfile); algo = dsa_hash_from_key(s_key); - gcry_md_hash_buffer (algo, hash, data, datalen); + algo_len = gcry_md_get_algo_dlen(algo); + hashalgo_len = gcry_md_get_algo_dlen(hashalgo); + + if (hashalgo_len < algo_len) + algo_len = hashalgo_len; + + gcry_md_hash_buffer (hashalgo, hash, data, datalen); /* Note that we can't simply use %b with HASH to build the S-expression, because that might yield a negative value. */ err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, - gcry_md_get_algo_dlen(algo), NULL); + algo_len, NULL); if (!err) { err = gcry_sexp_build (&s_data, NULL, @@ -3011,10 +3019,17 @@ main (int argc, char **argv) } else if (!strcmp (mode_string, "dsa-verify")) { + int algo; + if (!key_string) die ("option --key is required in this mode\n"); if (access (key_string, R_OK)) die ("option --key needs to specify an existing keyfile\n"); + if (!algo_string) + die ("option --algo is required in this mode\n"); + algo = gcry_md_map_name (algo_string); + if (!algo) + die ("digest algorithm `%s' is not supported\n", algo_string); if (!data) die ("no data available (do not use --chunk)\n"); if (!signature_string) @@ -3022,7 +3037,7 @@ main (int argc, char **argv) if (access (signature_string, R_OK)) die ("option --signature needs to specify an existing file\n"); - run_dsa_verify (data, datalen, key_string, signature_string); + run_dsa_verify (data, datalen, algo, key_string, signature_string); } else if (!strcmp (mode_string, "ecdsa-gen-key")) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor