diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-08-26 20:04:47 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-08-26 20:04:47 +0200 |
commit | 8bb82a3d386abc1c59cb16d3a6d8c68fb66a2170 (patch) | |
tree | 757172bac89f74881520800e65baf1a486f1c69b | |
parent | 19c9b16e562a00b8aa9bcc4e39599ad41a049b2d (diff) | |
download | gnutls-8bb82a3d386abc1c59cb16d3a6d8c68fb66a2170.tar.gz |
Use _gnutls_dsa_q_to_hash() only for warning reasons.
-rw-r--r-- | lib/nettle/pk.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 41a0fb1af1..126374b169 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -481,10 +481,15 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, memcpy (&sig.s, tmp[1], sizeof (sig.s)); _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len); + if (hash_len > vdata->size) - hash_len = vdata->size; + { + gnutls_assert (); + _gnutls_debug_log("Security level of algorithm requires a hash of %d bytes or better (have %d)\n", hash_len, (int)vdata->size); + hash_len = vdata->size; + } - ret = ecc_verify_hash(&sig, vdata->data, hash_len, &stat, &pub); + ret = ecc_verify_hash(&sig, vdata->data, vdata->size, &stat, &pub); if (ret != 0 || stat != 1) { gnutls_assert(); @@ -516,9 +521,13 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len); if (hash_len > vdata->size) - hash_len = vdata->size; + { + gnutls_assert (); + _gnutls_debug_log("Security level of algorithm requires a hash of %d bytes or better (have %d)\n", hash_len, (int)vdata->size); + hash_len = vdata->size; + } - ret = _dsa_verify (&pub, hash_len, vdata->data, &sig); + ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig); if (ret == 0) { gnutls_assert(); |