|
Bernhard M. Wiedemann |
4b0d85 |
--- ./rpmio/digest_libgcrypt.c.orig
|
|
Bernhard M. Wiedemann |
4b0d85 |
+++ ./rpmio/digest_libgcrypt.c
|
|
Bernhard M. Wiedemann |
4b0d85 |
@@ -302,10 +302,16 @@ static int pgpVerifySigDSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, uint8_t *hash, si
|
|
Bernhard M. Wiedemann |
4b0d85 |
struct pgpDigSigDSA_s *sig = pgpsig->data;
|
|
Bernhard M. Wiedemann |
4b0d85 |
gcry_sexp_t sexp_sig = NULL, sexp_data = NULL, sexp_pkey = NULL;
|
|
Bernhard M. Wiedemann |
4b0d85 |
int rc = 1;
|
|
Bernhard M. Wiedemann |
4b0d85 |
+ size_t qlen;
|
|
Bernhard M. Wiedemann |
4b0d85 |
|
|
Bernhard M. Wiedemann |
4b0d85 |
if (!sig || !key)
|
|
Bernhard M. Wiedemann |
4b0d85 |
return rc;
|
|
Bernhard M. Wiedemann |
4b0d85 |
|
|
Bernhard M. Wiedemann |
4b0d85 |
+ qlen = (mpi_get_nbits(key->q) + 7) / 8;
|
|
Bernhard M. Wiedemann |
4b0d85 |
+ if (qlen < 20)
|
|
Bernhard M. Wiedemann |
4b0d85 |
+ qlen = 20; /* sanity */
|
|
Bernhard M. Wiedemann |
4b0d85 |
+ if (hashlen > qlen)
|
|
Bernhard M. Wiedemann |
4b0d85 |
+ hashlen = qlen; /* dsa2: truncate hash to qlen */
|
|
Bernhard M. Wiedemann |
4b0d85 |
gcry_sexp_build(&sexp_sig, NULL, "(sig-val (dsa (r %M) (s %M)))", sig->r, sig->s);
|
|
Bernhard M. Wiedemann |
4b0d85 |
gcry_sexp_build(&sexp_data, NULL, "(data (flags raw) (value %b))", (int)hashlen, (const char *)hash);
|
|
Bernhard M. Wiedemann |
4b0d85 |
gcry_sexp_build(&sexp_pkey, NULL, "(public-key (dsa (p %M) (q %M) (g %M) (y %M)))", key->p, key->q, key->g, key->y);
|