Page MenuHome GnuPG

agent_pksign_do ignores do_encode_raw_pkcs1 do_encode_md return values
Closed, ResolvedPublic

Description

after "if (check_signature)" ... , if there is good reason to ignore return
values, please add a good comment about that.

Event Timeline

Thank you for your audit.

It ignores the calculated value if it detects failure of gcry_pk_verify.
This is now a kind of standard practice to avoid possible attacks.

Here is a reference:
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/

I am not sure about which code part you are talking. Please can one of you
explain. If this is what I assume, please have a look at commit 25f0f05.