security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Code Activity

reworked the way hased data is stored and added a "primary" command

Browse Source 
DCVS: ----------------------------------------------------------------------
This commit is contained in:
Werner Koch 2001-08-09 09:34:25 +00:00
parent 0fa9ffe75c
commit aa9da2b07e
14 changed files with 244 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -12,6 +12,9 @@
* There is no default comment string with ascii armors anymore * There is no default comment string with ascii armors anymore
except for revocation certificates and --enarmor mode. except for revocation certificates and --enarmor mode.
* The command "primary" in the edit menu can be used to change the
primary UID.
Noteworthy changes in version 1.0.6 (2001-05-29) Noteworthy changes in version 1.0.6 (2001-05-29)
------------------------------------------------ ------------------------------------------------

17
g10/ChangeLog
View File

@ -1,5 +1,22 @@
2001-08-08 Werner Koch <wk@gnupg.org> 2001-08-08 Werner Koch <wk@gnupg.org>
* packet.h (subpktarea_t): New.
(PKT_signature): Use that type for hashed_data and unhashed_data and
removed the _data prefix from those fields. Changed all users.
* parse-packet.c (parse_signature): Changed allocation for that.
(parse_sig_subpkt): Changed declaration
(enum_sig_subpkt): Ditto and changed implementation accordingly.
* free-packet.c (cp_subpktarea): Renamed from cp_data_block and
adjusted implementation. Changed caller.
* sig-check.c (mdc_kludge_check): Adjusted the hashing.
(do_check): Ditto.
* sign.c (sign_file, clearsign_file, make_keysig_packet,
update_keysig_packet): Ditto.
* build-packet.c (build_sig_subpkt): Partial rewrite.
(find_subpkt): Adjusted and made static.
(delete_sig_subpkt): Adjusted.
(do_signature): Ditto.
* keygen.c (ask_keysize): Do not print the notes about suggested * keygen.c (ask_keysize): Do not print the notes about suggested
key sizes if just a DSA key is generated. key sizes if just a DSA key is generated.

226
g10/build-packet.c
View File

@ -589,24 +589,25 @@ do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
/**************** /****************
* Find a subpacket of type REQTYPE in BUFFER and a return a pointer * Find a subpacket of type REQTYPE in AREA and a return a pointer
* to the first byte of that subpacket data. * to the first byte of that subpacket data.
* And return the length of the packet in RET_N and the number of * And return the length of the packet in RET_N and the number of
* header bytes in RET_HLEN (length header and type byte). * header bytes in RET_HLEN (length header and type byte).
*/ */
byte * static byte *
find_subpkt( byte *buffer, sigsubpkttype_t reqtype, find_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype,
size_t *ret_hlen, size_t *ret_n ) size_t *ret_hlen, size_t *ret_n )
{ {
byte *buffer;
int buflen; int buflen;
sigsubpkttype_t type; sigsubpkttype_t type;
byte *bufstart; byte *bufstart;
size_t n; size_t n;
if( !buffer ) if( !area )
return NULL; return NULL;
buflen = (*buffer << 8) | buffer[1]; buflen = area->len;
buffer += 2; buffer = area->data;
for(;;) { for(;;) {
if( !buflen ) if( !buflen )
return NULL; /* end of packets; not found */ return NULL; /* end of packets; not found */
@ -616,7 +617,7 @@ find_subpkt( byte *buffer, sigsubpkttype_t reqtype,
if( buflen < 4 ) if( buflen < 4 )
break; break;
n = (buffer[0] << 24) | (buffer[1] << 16) n = (buffer[0] << 24) | (buffer[1] << 16)
| (buffer[2] << 8) | buffer[3]; | (buffer[2] << 8) | buffer[3];
buffer += 4; buffer += 4;
buflen -= 4; buflen -= 4;
} }
@ -649,25 +650,23 @@ find_subpkt( byte *buffer, sigsubpkttype_t reqtype,
} }
/**************** /****************
* Delete all subpackets of type REQTYPE and return the number of bytes * Delete all subpackets of type REQTYPE and return a bool whether a packet
* which are now unused at the end of the buffer. * was deleted.
*/ */
size_t int
delete_sig_subpkt( byte *buffer, sigsubpkttype_t reqtype ) delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
{ {
int buflen, orig_buflen; int buflen;
sigsubpkttype_t type; sigsubpkttype_t type;
byte *bufstart, *orig_buffer; byte *buffer, *bufstart;
size_t n; size_t n;
size_t unused = 0; size_t unused = 0;
int okay = 0; int okay = 0;
if( !buffer ) if( !area )
return 0; return 0;
orig_buffer = buffer; buflen = area->len;
buflen = (*buffer << 8) | buffer[1]; buffer = area->data;
buffer += 2;
orig_buflen = buflen;
for(;;) { for(;;) {
if( !buflen ) { if( !buflen ) {
okay = 1; okay = 1;
@ -679,7 +678,7 @@ delete_sig_subpkt( byte *buffer, sigsubpkttype_t reqtype )
if( buflen < 4 ) if( buflen < 4 )
break; break;
n = (buffer[0] << 24) | (buffer[1] << 16) n = (buffer[0] << 24) | (buffer[1] << 16)
| (buffer[2] << 8) | buffer[3]; | (buffer[2] << 8) | buffer[3];
buffer += 4; buffer += 4;
buflen -= 4; buflen -= 4;
} }
@ -692,6 +691,7 @@ delete_sig_subpkt( byte *buffer, sigsubpkttype_t reqtype )
} }
if( buflen < n ) if( buflen < n )
break; break;
type = *buffer & 0x7f; type = *buffer & 0x7f;
if( type == reqtype ) { if( type == reqtype ) {
buffer++; buffer++;
@ -699,10 +699,11 @@ delete_sig_subpkt( byte *buffer, sigsubpkttype_t reqtype )
n--; n--;
if( n > buflen ) if( n > buflen )
break; break;
memmove (bufstart, buffer + n, n + (buffer-bufstart)); /* shift */ buffer += n; /* point to next subpkt */
unused += n + (buffer-bufstart);
buffer = bufstart;
buflen -= n; buflen -= n;
memmove (bufstart, buffer, buflen); /* shift */
unused += buffer - bufstart;
buffer = bufstart;
} }
else { else {
buffer += n; buflen -=n; buffer += n; buflen -=n;
@ -710,65 +711,62 @@ delete_sig_subpkt( byte *buffer, sigsubpkttype_t reqtype )
} }
if (!okay) if (!okay)
log_error("delete_subpkt: buffer shorter than subpacket\n"); log_error ("delete_subpkt: buffer shorter than subpacket\n");
assert (unused <= orig_buflen); assert (unused <= area->len);
orig_buflen -= unused; area->len -= unused;
orig_buffer[0] = (orig_buflen >> 8) & 0xff; return !!unused;
orig_buffer[1] = orig_buflen & 0xff;
return unused;
} }
/**************** /****************
* Create or update a signature subpacket for SIG of TYPE. * Create or update a signature subpacket for SIG of TYPE. This
* This functions knows where to put the data (hashed or unhashed). * functions knows where to put the data (hashed or unhashed). The
* The function may move data from the unhashed part to the hashed one. * function may move data from the unhashed part to the hashed one.
* Note: All pointers into sig->[un]hashed are not valid after a call * Note: All pointers into sig->[un]hashed (e.g. returned by
* to this function. The data to put into the subpaket should be * parse_sig_subpkt) are not valid after a call to this function. The
* in buffer with a length of buflen. * data to put into the subpaket should be in a buffer with a length
* of buflen.
*/ */
void void
build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type, build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
const byte *buffer, size_t buflen ) const byte *buffer, size_t buflen )
{ {
byte *data; byte *p;
size_t hlen, dlen, nlen; int critical, hashed;
int found=0; subpktarea_t *oldarea, *newarea;
int critical, hashed, realloced; size_t nlen, n, n0;
size_t n, n0;
size_t unused = 0;
critical = (type & SIGSUBPKT_FLAG_CRITICAL); critical = (type & SIGSUBPKT_FLAG_CRITICAL);
type &= ~SIGSUBPKT_FLAG_CRITICAL; type &= ~SIGSUBPKT_FLAG_CRITICAL;
if( type == SIGSUBPKT_NOTATION ) if( type == SIGSUBPKT_NOTATION )
; /* we allow multiple packets */ ; /* we allow multiple packets */
else if( (data = find_subpkt( sig->hashed_data, type, &hlen, &dlen )) ) else if (find_subpkt (sig->hashed, type, NULL, NULL) ) {
found = 1; switch (type) {
else if( (data = find_subpkt( sig->unhashed_data, type, &hlen, &dlen ))) case SIGSUBPKT_SIG_CREATED:
found = 2; delete_sig_subpkt (sig->hashed, type);
break;
if (found==1 && (type == SIGSUBPKT_SIG_CREATED) ) { default:
unused = delete_sig_subpkt (sig->hashed_data, type); log_bug("build_sig_packet: update of hashed type %d nyi\n", type);
assert (unused); }
found = 0;
} }
else if (found==2 && ( type == SIGSUBPKT_PRIV_VERIFY_CACHE else if (find_subpkt (sig->unhashed, type, NULL, NULL)) {
|| type == SIGSUBPKT_ISSUER switch (type) {
) ) { case SIGSUBPKT_PRIV_VERIFY_CACHE:
unused = delete_sig_subpkt (sig->unhashed_data, type); case SIGSUBPKT_ISSUER:
assert (unused); delete_sig_subpkt (sig->unhashed, type);
found = 0; break;
default:
log_bug("build_sig_packet: update of unhashed type %d nyi\n",type);
}
} }
if( found )
log_bug("build_sig_packet: update nyi\n");
if( (buflen+1) >= 8384 ) if( (buflen+1) >= 8384 )
nlen = 5; nlen = 5; /* write 5 byte length header */
else if( (buflen+1) >= 192 ) else if( (buflen+1) >= 192 )
nlen = 2; nlen = 2; /* write 2 byte length header */
else else
nlen = 1; nlen = 1; /* just a 1 byte length header */
switch( type ) { switch( type ) {
case SIGSUBPKT_SIG_CREATED: case SIGSUBPKT_SIG_CREATED:
@ -785,67 +783,55 @@ build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
default: hashed = 0; break; default: hashed = 0; break;
} }
if( hashed ) {
n0 = sig->hashed_data ? ((*sig->hashed_data << 8)
| sig->hashed_data[1]) : 0;
n = n0 + nlen + 1 + buflen; /* length, type, buffer */
realloced = !!sig->hashed_data;
data = sig->hashed_data ? m_realloc( sig->hashed_data, n+2 )
: m_alloc( n+2 );
}
else {
n0 = sig->unhashed_data ? ((*sig->unhashed_data << 8)
| sig->unhashed_data[1]) : 0;
n = n0 + nlen + 1 + buflen; /* length, type, buffer */
if ( sig->unhashed_data && (nlen + 1 + buflen) <= unused ) {
/* does fit into the freed area */
data = sig->unhashed_data;
realloced = 1;
log_debug ("updating area of type %d\n", type );
}
else {
realloced = !!sig->unhashed_data;
data = sig->unhashed_data ? m_realloc( sig->unhashed_data, n+2 )
: m_alloc( n+2 );
}
}
if( critical ) if( critical )
type |= SIGSUBPKT_FLAG_CRITICAL; type |= SIGSUBPKT_FLAG_CRITICAL;
data[0] = (n >> 8) & 0xff; oldarea = hashed? sig->hashed : sig->unhashed;
data[1] = n & 0xff;
if( nlen == 5 ) { /* Calculate new size of the area and allocate */
data[n0+2] = 255; n0 = oldarea? oldarea->len : 0;
data[n0+3] = (buflen+1) >> 24; n = n0 + nlen + 1 + buflen; /* length, type, buffer */
data[n0+4] = (buflen+1) >> 16; if (oldarea && n <= oldarea->size) { /* fits into the unused space */
data[n0+5] = (buflen+1) >> 8; newarea = oldarea;
data[n0+6] = (buflen+1); /*log_debug ("updating area for type %d\n", type );*/
data[n0+7] = type;
memcpy(data+n0+8, buffer, buflen );
} }
else if( nlen == 2 ) { else if (oldarea) {
data[n0+2] = (buflen+1-192) / 256 + 192; newarea = m_realloc (oldarea, sizeof (*newarea) + n - 1);
data[n0+3] = (buflen+1-192) % 256; newarea->size = sizeof (*newarea) + n - 1;
data[n0+4] = type; /*log_debug ("reallocating area for type %d\n", type );*/
memcpy(data+n0+5, buffer, buflen );
} }
else { else {
data[n0+2] = buflen+1; newarea = m_alloc (sizeof (*newarea) + n - 1);
data[n0+3] = type; /*log_debug ("allocating area for type %d\n", type );*/
memcpy(data+n0+4, buffer, buflen ); }
newarea->len = n;
p = newarea->data + n0;
if (nlen == 5) {
*p++ = 255;
*p++ = (buflen+1) >> 24;
*p++ = (buflen+1) >> 16;
*p++ = (buflen+1) >> 8;
*p++ = (buflen+1);
*p++ = type;
memcpy (p, buffer, buflen);
}
else if (nlen == 2) {
*p++ = (buflen+1-192) / 256 + 192;
*p++ = (buflen+1-192) % 256;
*p++ = type;
memcpy (p, buffer, buflen);
}
else {
*p++ = buflen+1;
*p++ = type;
memcpy (p, buffer, buflen);
} }
if( hashed ) { if (hashed)
if( !realloced ) sig->hashed = newarea;
m_free(sig->hashed_data); else
sig->hashed_data = data; sig->unhashed = newarea;
}
else {
if( !realloced )
m_free(sig->unhashed_data);
sig->unhashed_data = data;
}
} }
/**************** /****************
@ -905,16 +891,14 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
/* timestamp and keyid must have been packed into the /* timestamp and keyid must have been packed into the
* subpackets prior to the call of this function, because * subpackets prior to the call of this function, because
* these subpackets are hashed */ * these subpackets are hashed */
nn = sig->hashed_data?((sig->hashed_data[0]<<8) nn = sig->hashed? sig->hashed->len : 0;
|sig->hashed_data[1]) :0;
write_16(a, nn); write_16(a, nn);
if( nn ) if( nn )
iobuf_write( a, sig->hashed_data+2, nn ); iobuf_write( a, sig->hashed->data, nn );
nn = sig->unhashed_data?((sig->unhashed_data[0]<<8) nn = sig->unhashed? sig->unhashed->len : 0;
|sig->unhashed_data[1]) :0;
write_16(a, nn); write_16(a, nn);
if( nn ) if( nn )
iobuf_write( a, sig->unhashed_data+2, nn ); iobuf_write( a, sig->unhashed->data, nn );
} }
iobuf_put(a, sig->digest_start[0] ); iobuf_put(a, sig->digest_start[0] );
iobuf_put(a, sig->digest_start[1] ); iobuf_put(a, sig->digest_start[1] );

4
g10/export.c
View File

@ -199,8 +199,8 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any )
continue; /* not exportable */ continue; /* not exportable */
/* delete our verification cache */ /* delete our verification cache */
delete_sig_subpkt (node->pkt->pkt.signature->unhashed_data, delete_sig_subpkt (node->pkt->pkt.signature->unhashed,
SIGSUBPKT_PRIV_VERIFY_CACHE); SIGSUBPKT_PRIV_VERIFY_CACHE);
} }
if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY ) { if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY ) {

22
g10/free-packet.c
View File

@ -59,8 +59,8 @@ free_seckey_enc( PKT_signature *sig )
mpi_free(sig->data[0]); mpi_free(sig->data[0]);
for(i=0; i < n; i++ ) for(i=0; i < n; i++ )
mpi_free( sig->data[i] ); mpi_free( sig->data[i] );
m_free(sig->hashed_data); m_free(sig->hashed);
m_free(sig->unhashed_data); m_free(sig->unhashed);
m_free(sig); m_free(sig);
} }
@ -92,17 +92,17 @@ free_public_key( PKT_public_key *pk )
} }
static void * static subpktarea_t *
cp_data_block( byte *s ) cp_subpktarea (subpktarea_t *s )
{ {
byte *d; subpktarea_t *d;
u16 len;
if( !s ) if( !s )
return NULL; return NULL;
len = (s[0] << 8) | s[1]; d = m_alloc (sizeof (*d) + s->size - 1 );
d = m_alloc( len+2 ); d->size = s->size;
memcpy(d, s, len+2); d->len = s->len;
memcpy (d->data, s->data, s->len);
return d; return d;
} }
@ -177,8 +177,8 @@ copy_signature( PKT_signature *d, PKT_signature *s )
for(i=0; i < n; i++ ) for(i=0; i < n; i++ )
d->data[i] = mpi_copy( s->data[i] ); d->data[i] = mpi_copy( s->data[i] );
} }
d->hashed_data = cp_data_block(s->hashed_data); d->hashed = cp_subpktarea (s->hashed);
d->unhashed_data = cp_data_block(s->unhashed_data); d->unhashed = cp_subpktarea (s->unhashed);
return d; return d;
} }

23
g10/getkey.c
View File

@ -1380,7 +1380,7 @@ merge_keys_and_selfsig( KBNODE keyblock )
const byte *p; const byte *p;
u32 ed; u32 ed;
p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL ); p = parse_sig_subpkt( sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL );
if( pk ) { if( pk ) {
ed = p? pk->timestamp + buffer_to_u32(p):0; ed = p? pk->timestamp + buffer_to_u32(p):0;
if( sig->timestamp > sigdate ) { if( sig->timestamp > sigdate ) {
@ -1418,7 +1418,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
/* store the key flags in the helper variable for later processing */ /* store the key flags in the helper variable for later processing */
uid->help_key_usage = 0; uid->help_key_usage = 0;
p = parse_sig_subpkt ( sig->hashed_data, SIGSUBPKT_KEY_FLAGS, &n ); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
if ( p && n ) { if ( p && n ) {
/* first octet of the keyflags */ /* first octet of the keyflags */
if ( (*p & 3) ) if ( (*p & 3) )
@ -1429,7 +1429,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
/* ditto or the key expiration */ /* ditto or the key expiration */
uid->help_key_expire = 0; uid->help_key_expire = 0;
p = parse_sig_subpkt ( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p ) { if ( p ) {
uid->help_key_expire = keycreated + buffer_to_u32(p); uid->help_key_expire = keycreated + buffer_to_u32(p);
} }
@ -1437,7 +1437,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
/* Set the primary user ID flag - we will later wipe out some /* Set the primary user ID flag - we will later wipe out some
* of them to only have one in out keyblock */ * of them to only have one in out keyblock */
uid->is_primary = 0; uid->is_primary = 0;
p = parse_sig_subpkt ( sig->hashed_data, SIGSUBPKT_PRIMARY_UID, NULL ); p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL );
if ( p && *p ) if ( p && *p )
uid->is_primary = 1; uid->is_primary = 1;
/* We could also query this from the unhashed area if it is not in /* We could also query this from the unhashed area if it is not in
@ -1505,7 +1505,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
else if ( IS_KEY_SIG (sig) && sig->timestamp >= sigdate ) { else if ( IS_KEY_SIG (sig) && sig->timestamp >= sigdate ) {
const byte *p; const byte *p;
p = parse_sig_subpkt( sig->hashed_data, p = parse_sig_subpkt( sig->hashed,
SIGSUBPKT_SIG_EXPIRE, NULL ); SIGSUBPKT_SIG_EXPIRE, NULL );
if ( p && (sig->timestamp + buffer_to_u32(p)) >= curtime ) if ( p && (sig->timestamp + buffer_to_u32(p)) >= curtime )
; /* signature has expired - ignore it */ ; /* signature has expired - ignore it */
@ -1526,7 +1526,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
const byte *p; const byte *p;
size_t n; size_t n;
p = parse_sig_subpkt ( sig->hashed_data, SIGSUBPKT_KEY_FLAGS, &n ); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
if ( p && n ) { if ( p && n ) {
/* first octet of the keyflags */ /* first octet of the keyflags */
if ( (*p & 3) ) if ( (*p & 3) )
@ -1536,8 +1536,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
} }
if ( pk->version > 3 ) { if ( pk->version > 3 ) {
p = parse_sig_subpkt ( sig->hashed_data, p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p ) { if ( p ) {
key_expire = keytimestamp + buffer_to_u32(p); key_expire = keytimestamp + buffer_to_u32(p);
key_expire_seen = 1; key_expire_seen = 1;
@ -1580,7 +1579,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
*/ */
const byte *p; const byte *p;
p = parse_sig_subpkt( sig->hashed_data, p = parse_sig_subpkt (sig->hashed,
SIGSUBPKT_SIG_EXPIRE, NULL ); SIGSUBPKT_SIG_EXPIRE, NULL );
if ( p && (sig->timestamp + buffer_to_u32(p)) >= curtime ) if ( p && (sig->timestamp + buffer_to_u32(p)) >= curtime )
; /* signature/revocation has expired - ignore it */ ; /* signature/revocation has expired - ignore it */
@ -1733,7 +1732,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
* time */ * time */
} }
else if ( IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate ) { else if ( IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate ) {
p = parse_sig_subpkt( sig->hashed_data, p = parse_sig_subpkt (sig->hashed,
SIGSUBPKT_SIG_EXPIRE, NULL ); SIGSUBPKT_SIG_EXPIRE, NULL );
if ( p && (sig->timestamp + buffer_to_u32(p)) >= curtime ) if ( p && (sig->timestamp + buffer_to_u32(p)) >= curtime )
; /* signature has expired - ignore it */ ; /* signature has expired - ignore it */
@ -1753,7 +1752,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
subpk->is_valid = 1; subpk->is_valid = 1;
sig = signode->pkt->pkt.signature; sig = signode->pkt->pkt.signature;
p = parse_sig_subpkt ( sig->hashed_data, SIGSUBPKT_KEY_FLAGS, &n ); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n );
if ( p && n ) { if ( p && n ) {
/* first octet of the keyflags */ /* first octet of the keyflags */
if ( (*p & 3) ) if ( (*p & 3) )
@ -1771,7 +1770,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
} }
subpk->pubkey_usage = key_usage; subpk->pubkey_usage = key_usage;
p = parse_sig_subpkt ( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p ) if ( p )
key_expire = keytimestamp + buffer_to_u32(p); key_expire = keytimestamp + buffer_to_u32(p);

2
g10/import.c
View File

@ -359,7 +359,7 @@ remove_bad_stuff (KBNODE keyblock)
for (node=keyblock; node; node = node->next ) { for (node=keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_SIGNATURE ) { if( node->pkt->pkttype == PKT_SIGNATURE ) {
/* delete the subpackets we use for the verification cache */ /* delete the subpackets we use for the verification cache */
delete_sig_subpkt (node->pkt->pkt.signature->unhashed_data, delete_sig_subpkt (node->pkt->pkt.signature->unhashed,
SIGSUBPKT_PRIV_VERIFY_CACHE); SIGSUBPKT_PRIV_VERIFY_CACHE);
} }
} }

8
g10/keyedit.c
View File

@ -1653,8 +1653,8 @@ change_primary_uid_cb ( PKT_signature *sig, void *opaque )
/* first clear all primary uid flags so that we are sure none are /* first clear all primary uid flags so that we are sure none are
* lingering around */ * lingering around */
delete_sig_subpkt (sig->hashed_data, SIGSUBPKT_PRIMARY_UID); delete_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID);
delete_sig_subpkt (sig->unhashed_data, SIGSUBPKT_PRIMARY_UID); delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PRIMARY_UID);
/* if opaque is set,we want to set the primary id */ /* if opaque is set,we want to set the primary id */
if (opaque) { if (opaque) {
@ -1725,10 +1725,10 @@ menu_set_primary_uid ( KBNODE pub_keyblock, KBNODE sec_keyblock )
int action; int action;
/* see whether this signature has the primary UID flag */ /* see whether this signature has the primary UID flag */
p = parse_sig_subpkt (sig->hashed_data, p = parse_sig_subpkt (sig->hashed,
SIGSUBPKT_PRIMARY_UID, NULL ); SIGSUBPKT_PRIMARY_UID, NULL );
if ( !p ) if ( !p )
p = parse_sig_subpkt (sig->unhashed_data, p = parse_sig_subpkt (sig->unhashed,
SIGSUBPKT_PRIMARY_UID, NULL ); SIGSUBPKT_PRIMARY_UID, NULL );
if ( p && *p ) /* yes */ if ( p && *p ) /* yes */
action = selected? 0 : -1; action = selected? 0 : -1;

5
g10/mainproc.c
View File

@ -715,8 +715,7 @@ print_notation_data( PKT_signature *sig )
const byte *p; const byte *p;
int seq = 0; int seq = 0;
while( (p = enum_sig_subpkt( sig->hashed_data, SIGSUBPKT_NOTATION, while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, &n, &seq))) {
&n, &seq )) ) {
if( n < 8 ) { if( n < 8 ) {
log_info(_("WARNING: invalid notation data found\n")); log_info(_("WARNING: invalid notation data found\n"));
return; return;
@ -738,7 +737,7 @@ print_notation_data( PKT_signature *sig )
write_status_buffer ( STATUS_NOTATION_NAME, p , n1, 0 ); write_status_buffer ( STATUS_NOTATION_NAME, p , n1, 0 );
write_status_buffer ( STATUS_NOTATION_DATA, p+n1, n2, 20 ); write_status_buffer ( STATUS_NOTATION_DATA, p+n1, n2, 20 );
} }
if( (p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_POLICY, &n ) )) { if( (p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &n ) )) {
log_info(_("Policy: ") ); log_info(_("Policy: ") );
print_string( log_stream(), p, n, 0 ); print_string( log_stream(), p, n, 0 );
putc( '\n', log_stream() ); putc( '\n', log_stream() );

30
g10/packet.h
View File

@ -96,6 +96,12 @@ typedef struct {
} PKT_onepass_sig; } PKT_onepass_sig;
typedef struct {
size_t size; /* allocated */
size_t len; /* used */
byte data[1];
} subpktarea_t;
typedef struct { typedef struct {
ulong local_id; /* internal use, valid if > 0 */ ulong local_id; /* internal use, valid if > 0 */
struct { struct {
@ -110,8 +116,8 @@ typedef struct {
byte pubkey_algo; /* algorithm used for public key scheme */ byte pubkey_algo; /* algorithm used for public key scheme */
/* (PUBKEY_ALGO_xxx) */ /* (PUBKEY_ALGO_xxx) */
byte digest_algo; /* algorithm used for digest (DIGEST_ALGO_xxxx) */ byte digest_algo; /* algorithm used for digest (DIGEST_ALGO_xxxx) */
byte *hashed_data; /* all subpackets with hashed data (v4 only) */ subpktarea_t *hashed; /* all subpackets with hashed data (v4 only) */
byte *unhashed_data; /* ditto for unhashed data */ subpktarea_t *unhashed; /* ditto for unhashed data */
byte digest_start[2]; /* first 2 bytes of the digest */ byte digest_start[2]; /* first 2 bytes of the digest */
MPI data[PUBKEY_MAX_NSIG]; MPI data[PUBKEY_MAX_NSIG];
} PKT_signature; } PKT_signature;
@ -325,14 +331,18 @@ int copy_some_packets( IOBUF inp, IOBUF out, off_t stopoff );
int skip_some_packets( IOBUF inp, unsigned n ); int skip_some_packets( IOBUF inp, unsigned n );
#endif #endif
const byte *enum_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, const byte *enum_sig_subpkt ( const subpktarea_t *subpkts,
size_t *ret_n, int *start ); sigsubpkttype_t reqtype,
const byte *parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n, int *start );
size_t *ret_n ); const byte *parse_sig_subpkt ( const subpktarea_t *buffer,
const byte *parse_sig_subpkt2( PKT_signature *sig, sigsubpkttype_t reqtype,
sigsubpkttype_t reqtype, size_t *ret_n ); size_t *ret_n );
const byte *parse_sig_subpkt2 ( PKT_signature *sig,
sigsubpkttype_t reqtype,
size_t *ret_n );
PACKET *create_gpg_control ( ctrlpkttype_t type, PACKET *create_gpg_control ( ctrlpkttype_t type,
const byte *data, size_t datalen ); const byte *data,
size_t datalen );
/*-- build-packet.c --*/ /*-- build-packet.c --*/
int build_packet( IOBUF inp, PACKET *pkt ); int build_packet( IOBUF inp, PACKET *pkt );
@ -341,7 +351,7 @@ void hash_public_key( MD_HANDLE md, PKT_public_key *pk );
void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type, void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
const byte *buffer, size_t buflen ); const byte *buffer, size_t buflen );
void build_sig_subpkt_from_sig( PKT_signature *sig ); void build_sig_subpkt_from_sig( PKT_signature *sig );
size_t delete_sig_subpkt( byte *buffer, sigsubpkttype_t type ); int delete_sig_subpkt(subpktarea_t *buffer, sigsubpkttype_t type );
/*-- free-packet.c --*/ /*-- free-packet.c --*/
void free_symkey_enc( PKT_symkey_enc *enc ); void free_symkey_enc( PKT_symkey_enc *enc );

65
g10/parse-packet.c
View File

@ -954,9 +954,10 @@ can_handle_critical( const byte *buffer, size_t n, int type )
const byte * const byte *
enum_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, enum_sig_subpkt( const subpktarea_t *pktbuf, sigsubpkttype_t reqtype,
size_t *ret_n, int *start ) size_t *ret_n, int *start )
{ {
const byte *buffer;
int buflen; int buflen;
int type; int type;
int critical; int critical;
@ -965,26 +966,25 @@ enum_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype,
int seq = 0; int seq = 0;
int reqseq = start? *start: 0; int reqseq = start? *start: 0;
if( !buffer || reqseq == -1 ) { if( !pktbuf || reqseq == -1 ) {
/* return some value different from NULL to indicate that /* return some value different from NULL to indicate that
* there is no crtitical bit we do not understand. The caller * there is no critical bit we do not understand. The caller
* will never use the value. Yes I know, it is an ugly hack */ * will never use the value. Yes I know, it is an ugly hack */
return reqtype == SIGSUBPKT_TEST_CRITICAL? (const byte*)&buffer : NULL; return reqtype == SIGSUBPKT_TEST_CRITICAL? (const byte*)&pktbuf : NULL;
} }
buflen = (*buffer << 8) | buffer[1]; buffer = pktbuf->data;
buffer += 2; buflen = pktbuf->len;
while( buflen ) { while( buflen ) {
n = *buffer++; buflen--; n = *buffer++; buflen--;
if( n == 255 ) { if( n == 255 ) { /* 4 byte length header */
if( buflen < 4 ) if( buflen < 4 )
goto too_short; goto too_short;
n = (buffer[0] << 24) | (buffer[1] << 16) n = (buffer[0] << 24) | (buffer[1] << 16)
| (buffer[2] << 8) | buffer[3]; | (buffer[2] << 8) | buffer[3];
buffer += 4; buffer += 4;
buflen -= 4; buflen -= 4;
} }
else if( n >= 192 ) { else if( n >= 192 ) { /* 2 byte special encoded length header */
if( buflen < 2 ) if( buflen < 2 )
goto too_short; goto too_short;
n = (( n - 192 ) << 8) + *buffer + 192; n = (( n - 192 ) << 8) + *buffer + 192;
@ -1059,19 +1059,21 @@ enum_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype,
const byte * const byte *
parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n ) parse_sig_subpkt (const subpktarea_t *buffer, sigsubpkttype_t reqtype,
size_t *ret_n)
{ {
return enum_sig_subpkt( buffer, reqtype, ret_n, NULL ); return enum_sig_subpkt( buffer, reqtype, ret_n, NULL );
} }
const byte * const byte *
parse_sig_subpkt2( PKT_signature *sig, sigsubpkttype_t reqtype, size_t *ret_n ) parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype,
size_t *ret_n )
{ {
const byte *p; const byte *p;
p = parse_sig_subpkt( sig->hashed_data, reqtype, ret_n ); p = parse_sig_subpkt (sig->hashed, reqtype, ret_n );
if( !p ) if( !p )
p = parse_sig_subpkt( sig->unhashed_data, reqtype, ret_n ); p = parse_sig_subpkt (sig->unhashed, reqtype, ret_n );
return p; return p;
} }
@ -1119,11 +1121,12 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
goto leave; goto leave;
} }
if( n ) { if( n ) {
sig->hashed_data = m_alloc( n + 2 ); sig->hashed = m_alloc (sizeof (*sig->hashed) + n - 1 );
sig->hashed_data[0] = n >> 8; sig->hashed->size = n;
sig->hashed_data[1] = n; sig->hashed->len = n;
if( iobuf_read(inp, sig->hashed_data+2, n ) != n ) { if( iobuf_read (inp, sig->hashed->data, n ) != n ) {
log_error("premature eof while reading hashed signature data\n"); log_error ("premature eof while reading "
"hashed signature data\n");
rc = -1; rc = -1;
goto leave; goto leave;
} }
@ -1136,11 +1139,15 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
goto leave; goto leave;
} }
if( n ) { if( n ) {
sig->unhashed_data = m_alloc( n + 2 ); /* we add 6 extra bytes so that we have space for the signature
sig->unhashed_data[0] = n >> 8; * status cache. Well we are wastin this if there is a cache
sig->unhashed_data[1] = n; * packet already, but in the other case it avoids an realloc */
if( iobuf_read(inp, sig->unhashed_data+2, n ) != n ) { sig->unhashed = m_alloc (sizeof(*sig->unhashed) + n + 8 - 1 );
log_error("premature eof while reading unhashed signature data\n"); sig->unhashed->size = n + 8;
sig->unhashed->len = n;
if( iobuf_read(inp, sig->unhashed->data, n ) != n ) {
log_error("premature eof while reading "
"unhashed signature data\n");
rc = -1; rc = -1;
goto leave; goto leave;
} }
@ -1162,14 +1169,14 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
/* set sig->flags.unknown_critical if there is a /* set sig->flags.unknown_critical if there is a
* critical bit set for packets which we do not understand */ * critical bit set for packets which we do not understand */
if( !parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_TEST_CRITICAL, NULL) if( !parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
|| !parse_sig_subpkt( sig->unhashed_data, SIGSUBPKT_TEST_CRITICAL, || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL,
NULL) ) NULL) )
{ {
sig->flags.unknown_critical = 1; sig->flags.unknown_critical = 1;
} }
p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_SIG_CREATED, NULL ); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL );
if( !p ) if( !p )
log_error("signature packet without timestamp\n"); log_error("signature packet without timestamp\n");
else else
@ -1193,8 +1200,8 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
sig->digest_algo, sig->digest_algo,
sig->digest_start[0], sig->digest_start[1] ); sig->digest_start[0], sig->digest_start[1] );
if( is_v4 ) { if( is_v4 ) {
parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_LIST_HASHED, NULL ); parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL );
parse_sig_subpkt( sig->unhashed_data,SIGSUBPKT_LIST_UNHASHED, NULL); parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
} }
} }

2
g10/pkclist.c
View File

@ -107,7 +107,7 @@ do_show_revocation_reason( PKT_signature *sig )
int seq = 0; int seq = 0;
const char *text; const char *text;
while( (p = enum_sig_subpkt( sig->hashed_data, SIGSUBPKT_REVOC_REASON, while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
&n, &seq )) ) { &n, &seq )) ) {
if( !n ) if( !n )
continue; /* invalid - just skip it */ continue; /* invalid - just skip it */

18
g10/sig-check.c
View File

@ -153,9 +153,11 @@ mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest )
size_t n; size_t n;
md_putc( digest, sig->pubkey_algo ); md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo ); md_putc( digest, sig->digest_algo );
if( sig->hashed_data ) { if( sig->hashed ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; n = sig->hashed->len;
md_write( digest, sig->hashed_data, n+2 ); md_putc (digest, (n >> 8) );
md_putc (digest, n );
md_write (digest, sig->hashed->data, n);
n += 6; n += 6;
} }
else else
@ -357,9 +359,11 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
size_t n; size_t n;
md_putc( digest, sig->pubkey_algo ); md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo ); md_putc( digest, sig->digest_algo );
if( sig->hashed_data ) { if( sig->hashed ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; n = sig->hashed->len;
md_write( digest, sig->hashed_data, n+2 ); md_putc (digest, (n >> 8) );
md_putc (digest, n );
md_write (digest, sig->hashed->data, n);
n += 6; n += 6;
} }
else else
@ -510,7 +514,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig,
const byte *p; const byte *p;
size_t len; size_t len;
p = parse_sig_subpkt( sig->unhashed_data, p = parse_sig_subpkt( sig->unhashed,
SIGSUBPKT_PRIV_VERIFY_CACHE, &len ); SIGSUBPKT_PRIV_VERIFY_CACHE, &len );
if ( p && len >= 2 && p[0] == 1 ) { /* cache hit */ if ( p && len >= 2 && p[0] == 1 ) { /* cache hit */
if( is_selfsig ) { if( is_selfsig ) {

32
g10/sign.c
View File

@ -536,9 +536,11 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
md_putc( md, sig->pubkey_algo ); md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo ); md_putc( md, sig->digest_algo );
if( sig->hashed_data ) { if( sig->hashed ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; n = sig->hashed->len;
md_write( md, sig->hashed_data, n+2 ); md_putc (md, (n >> 8) );
md_putc (md, n );
md_write (md, sig->hashed->data, n );
n += 6; n += 6;
} }
else { else {
@ -740,9 +742,11 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
md_putc( md, sig->pubkey_algo ); md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo ); md_putc( md, sig->digest_algo );
if( sig->hashed_data ) { if( sig->hashed ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; n = sig->hashed->len;
md_write( md, sig->hashed_data, n+2 ); md_putc (md, (n >> 8) );
md_putc (md, n );
md_write (md, sig->hashed->data, n);
n += 6; n += 6;
} }
else { else {
@ -882,9 +886,11 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
md_putc( md, sig->pubkey_algo ); md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo ); md_putc( md, sig->digest_algo );
if( sig->hashed_data ) { if( sig->hashed ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; n = sig->hashed->len;
md_write( md, sig->hashed_data, n+2 ); md_putc (md, (n >> 8) );
md_putc (md, n );
md_write (md, sig->hashed->data, n );
n += 6; n += 6;
} }
else { else {
@ -988,9 +994,11 @@ update_keysig_packet( PKT_signature **ret_sig,
md_putc( md, sig->pubkey_algo ); md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo ); md_putc( md, sig->digest_algo );
if( sig->hashed_data ) { if( sig->hashed ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; n = sig->hashed->len;
md_write( md, sig->hashed_data, n+2 ); md_putc (md, (n >> 8) );
md_putc (md, n );
md_write (md, sig->hashed->data, n );
n += 6; n += 6;
} }
else { else {