]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Use _gnutls_dsa_q_to_hash() only for warning reasons.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 26 Aug 2012 18:04:47 +0000 (20:04 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 26 Aug 2012 18:04:47 +0000 (20:04 +0200)
lib/nettle/pk.c

index 41a0fb1af1fafc629f34f3fba3757b3b06c896f9..126374b16984e596a34f10533ae263cf0f884100 100644 (file)
@@ -481,10 +481,15 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
         memcpy (&sig.s, tmp[1], sizeof (sig.s));
 
         _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
+
         if (hash_len > vdata->size)
-          hash_len = vdata->size;
+          {
+            gnutls_assert ();
+            _gnutls_debug_log("Security level of algorithm requires a hash of %d bytes or better (have %d)\n", hash_len, (int)vdata->size);
+            hash_len = vdata->size;
+          }
 
-        ret = ecc_verify_hash(&sig, vdata->data, hash_len, &stat, &pub);
+        ret = ecc_verify_hash(&sig, vdata->data, vdata->size, &stat, &pub);
         if (ret != 0 || stat != 1)
           {
             gnutls_assert();
@@ -516,9 +521,13 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
 
         _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
         if (hash_len > vdata->size)
-          hash_len = vdata->size;
+          {
+            gnutls_assert ();
+            _gnutls_debug_log("Security level of algorithm requires a hash of %d bytes or better (have %d)\n", hash_len, (int)vdata->size);
+            hash_len = vdata->size;
+          }
 
-        ret = _dsa_verify (&pub, hash_len, vdata->data, &sig);
+        ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig);
         if (ret == 0)
           {
             gnutls_assert();