security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpgsm: Strip trailing zeroes from detached signatures.

Browse source 
* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(starts_with_sequence): New.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
signatures.
--

Note that this works only if --assume-binary is given.  The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.
This commit is contained in:
Werner Koch 2023-03-08 10:57:25 +01:00
parent 4e391d95e0
commit 2a13f7f9dc
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 120 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
sm/verify.c
View file

@ -105,12 +105,17 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
int signer;
const char *algoid;
int algo;
int is_detached;
int is_detached, maybe_detached;
estream_t in_fp = NULL;
char *p;
audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
/* Although we detect detached signatures during the parsing phase,
* we need to know it earlier and thus accept the caller idea of
* what to verify. */
maybe_detached = (data_fd != -1);
kh = keydb_new (ctrl);
if (!kh)
{
@ -131,7 +136,8 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
rc = gnupg_ksba_create_reader
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
| (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)),
| (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)
| (maybe_detached? GNUPG_KSBA_IO_STRIP : 0)),
in_fp, &reader);
if (rc)
{