[Rpm-maint] digest_beecrypt cleanup

Michael Schroeder mls at suse.de
Tue Aug 27 15:41:42 UTC 2013


Hi Panu & al,

the attached patch cleans up the code in digest_beecrypt:

- free all MPIs, no more memory leaks
- do not use mp?sethex, use mp?setbin instead
- check return values of mp?setbin
- do DSA2 hash truncation (untested though)
- when doing RSA padding, use the length of the key instead
  of the sig, as the sig can start with zeros

I also changed the internal interface a bit, the length of the
MPIs os now checked before calling ->setmpi. Thus there's no
longer the need to have an "pend" parameter everywhere in the
digest code.

While I did that change i noticed a potential problem in digest_nss'
pgpSetSigMpiDSA function: it calculates "qbits" from the signature MPIs.
This is IMHO wrong, as the signature MPIs can be smaller. So there's
a small chance that qbits is < DSA_MIN_Q_BITS. I don't think there should
be a check at all (there's no check in pgpSetSigMpiRSA()), if there's a
check it should only check against the max size.
(Of course the nss interface assumes that the two DSA's signature
MPIs have the same size, so there must be some padding if one is smaller.)

(The check was added with commit #fe5a1e5d)

Cheers,
  Michael.

-- 
Michael Schroeder                                   mls at suse.de
SUSE LINUX Products GmbH,  GF Jeff Hawn, HRB 16746 AG Nuernberg
main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: beedigest.diff
Type: text/x-patch
Size: 14461 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20130827/765209b8/attachment.bin>


More information about the Rpm-maint mailing list