agent: Fix RSA verification for card.
authorNIIBE Yutaka <gniibe@fsij.org>
Tue, 5 Jan 2016 01:15:49 +0000 (10:15 +0900)
committerNIIBE Yutaka <gniibe@fsij.org>
Tue, 5 Jan 2016 01:15:49 +0000 (10:15 +0900)
* agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
of shadowed key.

--

Reported-by: Justus Winter
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
agent/pksign.c

index 7b498d4..9011be2 100644 (file)
@@ -492,21 +492,20 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
    * for RSA internally there is no need to do it here again.  */
   if (check_signature)
     {
+      gcry_sexp_t sexp_key = s_pkey? s_pkey: s_skey;
+
       if (s_hash == NULL)
         {
           if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1)
             rc = do_encode_raw_pkcs1 (data, datalen,
-                                      gcry_pk_get_nbits (s_skey),
-                                      &s_hash);
+                                      gcry_pk_get_nbits (sexp_key), &s_hash);
           else
-            rc = do_encode_md (data, datalen,
-                               ctrl->digest.algo,
-                               &s_hash,
+            rc = do_encode_md (data, datalen, ctrl->digest.algo, &s_hash,
                                ctrl->digest.raw_value);
         }
 
       if (! rc)
-        rc = gcry_pk_verify (s_sig, s_hash, s_pkey? s_pkey: s_skey);
+        rc = gcry_pk_verify (s_sig, s_hash, sexp_key);
 
       if (rc)
         {