Index: libgcrypt-1.8.2/cipher/pubkey-internal.h =================================================================== --- libgcrypt-1.8.2.orig/cipher/pubkey-internal.h +++ libgcrypt-1.8.2/cipher/pubkey-internal.h @@ -43,6 +43,7 @@ void _gcry_pk_util_free_encoding_ctx (st gcry_err_code_t _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi, struct pk_encoding_ctx *ctx); +gcry_err_code_t _gcry_pk_util_get_algo (gcry_sexp_t input, int *algo); Index: libgcrypt-1.8.2/cipher/pubkey-util.c =================================================================== --- libgcrypt-1.8.2.orig/cipher/pubkey-util.c +++ libgcrypt-1.8.2/cipher/pubkey-util.c @@ -1119,3 +1119,50 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t i return rc; } + + +gcry_err_code_t +_gcry_pk_util_get_algo (gcry_sexp_t input, int *algo) +{ + gcry_err_code_t rc = 0; + gcry_sexp_t ldata, list = NULL; + const char *s; + size_t n; + int lalgo; + + ldata = sexp_find_token (input, "data", 0); + if (!ldata) + { + rc = GPG_ERR_INV_OBJ; + goto leave; + } + + list = sexp_find_token (ldata, "hash-algo", 0); + if (!list) + { + rc = GPG_ERR_INV_OBJ; + goto leave; + } + + s = sexp_nth_data (list, 1, &n); + if (!s) + { + rc = GPG_ERR_NO_OBJ; + goto leave; + } + + lalgo = get_hash_algo (s, n); + if (!lalgo) + { + rc = GPG_ERR_DIGEST_ALGO; + goto leave; + } + + *algo = lalgo; + + leave: + sexp_release (ldata); + sexp_release (list); + + return rc; +} Index: libgcrypt-1.8.2/cipher/pubkey.c =================================================================== --- libgcrypt-1.8.2.orig/cipher/pubkey.c +++ libgcrypt-1.8.2/cipher/pubkey.c @@ -383,6 +383,33 @@ _gcry_pk_decrypt (gcry_sexp_t *r_plain, return rc; } +static gcry_err_code_t +calculate_hash (gcry_md_hd_t hd, gcry_sexp_t s_hash) +{ + gcry_err_code_t rc; + const unsigned char *digest; + int algo; + + if (!hd) + return 0; + + rc = _gcry_pk_util_get_algo (s_hash, &algo); + if (rc) + return rc; + + digest = _gcry_md_read(hd, algo); + if (!digest) + return GPG_ERR_DIGEST_ALGO; + + rc = _gcry_sexp_build (&s_hash, NULL, + "(data (flags pkcs1)(hash %s %b))", + _gcry_md_algo_name(algo), (int) _gcry_md_get_algo_dlen(algo), digest); + + return rc; +} + + + /* @@ -414,7 +442,8 @@ _gcry_pk_decrypt (gcry_sexp_t *r_plain, Note that (hash algo) in R_SIG is not used. */ gcry_err_code_t -_gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) +_gcry_pk_sign_md (gcry_sexp_t *r_sig, gcry_md_hd_t hd, gcry_sexp_t s_hash, + gcry_sexp_t s_skey) { gcry_err_code_t rc; gcry_pk_spec_t *spec; @@ -426,6 +455,10 @@ _gcry_pk_sign (gcry_sexp_t *r_sig, gcry_ if (rc) goto leave; + rc = calculate_hash (hd, s_hash); + if (rc) + goto leave; + if (spec->sign) rc = spec->sign (r_sig, s_hash, keyparms); else @@ -436,6 +469,13 @@ _gcry_pk_sign (gcry_sexp_t *r_sig, gcry_ return rc; } +gcry_err_code_t +_gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) +{ + return _gcry_pk_sign_md (r_sig, NULL, s_hash, s_skey); +} + + /* Verify a signature. @@ -445,7 +485,8 @@ _gcry_pk_sign (gcry_sexp_t *r_sig, gcry_ as an S-Exp, sig is a S-Exp as returned from gcry_pk_sign and data must be an S-Exp like the one in sign too. */ gcry_err_code_t -_gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) +_gcry_pk_verify_md (gcry_sexp_t s_sig, gcry_md_hd_t hd, gcry_sexp_t s_hash, + gcry_sexp_t s_pkey) { gcry_err_code_t rc; gcry_pk_spec_t *spec; @@ -455,6 +496,10 @@ _gcry_pk_verify (gcry_sexp_t s_sig, gcry if (rc) goto leave; + rc = calculate_hash (hd, s_hash); + if (rc) + goto leave; + if (spec->verify) rc = spec->verify (s_sig, s_hash, keyparms); else @@ -465,6 +510,12 @@ _gcry_pk_verify (gcry_sexp_t s_sig, gcry return rc; } +gcry_err_code_t +_gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) +{ + return _gcry_pk_verify_md (s_sig, NULL, s_hash, s_pkey); +} + /* Test a key. @@ -497,6 +548,7 @@ _gcry_pk_testkey (gcry_sexp_t s_key) } + /* Create a public key pair and return it in r_key. How the key is created depends on s_parms: Index: libgcrypt-1.8.2/src/visibility.c =================================================================== --- libgcrypt-1.8.2.orig/src/visibility.c +++ libgcrypt-1.8.2/src/visibility.c @@ -992,6 +992,18 @@ gcry_pk_decrypt (gcry_sexp_t *result, gc } gcry_error_t +gcry_pk_sign_md (gcry_sexp_t *result, gcry_md_hd_t hd, gcry_sexp_t data, + gcry_sexp_t skey) +{ + if (!fips_is_operational ()) + { + *result = NULL; + return gpg_error (fips_not_operational ()); + } + return gpg_error (_gcry_pk_sign_md (result, hd, data, skey)); +} + +gcry_error_t gcry_pk_sign (gcry_sexp_t *result, gcry_sexp_t data, gcry_sexp_t skey) { if (!fips_is_operational ()) @@ -1003,6 +1015,15 @@ gcry_pk_sign (gcry_sexp_t *result, gcry_ } gcry_error_t +gcry_pk_verify_md (gcry_sexp_t sigval, gcry_md_hd_t hd, gcry_sexp_t data, + gcry_sexp_t pkey) +{ + if (!fips_is_operational ()) + return gpg_error (fips_not_operational ()); + return gpg_error (_gcry_pk_verify_md (sigval, hd, data, pkey)); +} + +gcry_error_t gcry_pk_verify (gcry_sexp_t sigval, gcry_sexp_t data, gcry_sexp_t pkey) { if (!fips_is_operational ())