[svn] GnuPG - r4900 - branches/STABLE-BRANCH-1-4/g10

Thu Dec 11 18:46:17 CET 2008

Author: wk
Date: 2008-12-11 18:46:16 +0100 (Thu, 11 Dec 2008)
New Revision: 4900

Modified:
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/sig-check.c
Log:
Change SIG_ID computation to m


Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================

--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2008-12-11 17:44:52 UTC (rev 4899)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2008-12-11 17:46:16 UTC (rev 4900)
@@ -1,6 +1,8 @@
 2008-12-11  Werner Koch  <wk at g10code.com>
 
 	* sig-check.c (check_revocation_keys): Close message digest.
+	(signature_check2): Switch to SHA-1 for SIG_ID computation.  This
+	is to match 2.0.10.
 
 2008-12-09  Werner Koch  <wk at g10code.com>
 

Modified: branches/STABLE-BRANCH-1-4/g10/sig-check.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/sig-check.c	2008-12-11 17:44:52 UTC (rev 4899)
+++ branches/STABLE-BRANCH-1-4/g10/sig-check.c	2008-12-11 17:46:16 UTC (rev 4900)
@@ -124,19 +124,31 @@
 	 * and the timestamp, but the drawback of this is, that it is
 	 * not possible to sign more than one identical document within
 	 * one second.	Some remote batch processing applications might
-	 * like this feature here */
+	 * like this feature here.
+         *
+         * Note that before 1.4.10, we used RIPE-MD160 for the hash
+         * and accidently didn't include the timestamp and algorithm
+         * information in the hash.  Given that this feature is not
+         * commonly used and that a replay attacks detection should
+         * not solely be based on this feature (because it does not
+         * work with RSA), we take the freedom and switch to SHA-1
+         * with 1.4.10 to take advantage of hardware supported SHA-1
+         * implementations and to match the 2.0.10 behaviour.  We also
+         * include the missing information in the hash.  Note also the
+         * SIG_ID as computed by gpg 1.x and gpg 2.x didn't matched
+         * either because 2.x used to print MPIs not in PGP format.  */
 	MD_HANDLE md;
 	u32 a = sig->timestamp;
 	int i, nsig = pubkey_get_nsig( sig->pubkey_algo );
 	byte *p, *buffer;
 
-	md = md_open( DIGEST_ALGO_RMD160, 0);
-	md_putc( digest, sig->pubkey_algo );
-	md_putc( digest, sig->digest_algo );
-	md_putc( digest, (a >> 24) & 0xff );
-	md_putc( digest, (a >> 16) & 0xff );
-	md_putc( digest, (a >>	8) & 0xff );
-	md_putc( digest,  a	   & 0xff );
+	md = md_open (DIGEST_ALGO_SHA1, 0);
+	md_putc (md, sig->pubkey_algo);
+	md_putc (md, sig->digest_algo);
+	md_putc (md, (a >> 24) & 0xff);
+	md_putc (md, (a >> 16) & 0xff);
+	md_putc (md, (a >>	8) & 0xff);
+	md_putc (md,  a	& 0xff);
 	for(i=0; i < nsig; i++ ) {
 	    unsigned n = mpi_get_nbits( sig->data[i]);
 


