security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Rework the signature subpacket iteration function. 

* g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args
so that the entire signature packet is available.  Change all callers.
(parse_sig_subpkt): Ditto.
--

This patch is a prerequisite to support the new attestation key
signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-09-05 20:36:38 +02:00
parent 7febb4f247
commit e1d9be730c
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
12 changed files with 114 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
g10/build-packet.c
View File

@ -1527,7 +1527,7 @@ sig_to_notation(PKT_signature *sig)
- n1 bytes of name data
- n2 bytes of value data
*/
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
while((p=enum_sig_subpkt (sig, 1, SIGSUBPKT_NOTATION, &len, &seq, &crit)))
{
int n1,n2;
struct notation *n=NULL;

31
g10/getkey.c
View File

@ -2149,7 +2149,7 @@ parse_key_usage (PKT_signature * sig)
size_t n;
byte flags;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_FLAGS, &n);
if (p && n)
{
/* First octet of the keyflags. */
@ -2247,7 +2247,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
uid->help_key_usage = parse_key_usage (sig);
/* Ditto for the key expiration. */
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
if (p && buf32_to_u32 (p))
uid->help_key_expire = keycreated + buf32_to_u32 (p);
else
@ -2256,7 +2256,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
/* Set the primary user ID flag - we will later wipe out some
* of them to only have one in our keyblock. */
uid->flags.primary = 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PRIMARY_UID, NULL);
if (p && *p)
uid->flags.primary = 2;
@ -2268,16 +2268,16 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
/* Now build the preferences list. These must come from the
hashed section so nobody can modify the ciphers a key is
willing to accept. */
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM, &n);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_SYM, &n);
sym = p;
nsym = p ? n : 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_AEAD, &n);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_AEAD, &n);
aead = p;
naead = p ? n : 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH, &n);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_HASH, &n);
hash = p;
nhash = p ? n : 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR, &n);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_COMPR, &n);
zip = p;
nzip = p ? n : 0;
if (uid->prefs)
@ -2315,19 +2315,19 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
/* See whether we have the MDC feature. */
uid->flags.mdc = 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n);
if (p && n && (p[0] & 0x01))
uid->flags.mdc = 1;
/* See whether we have the AEAD feature. */
uid->flags.aead = 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n);
if (p && n && (p[0] & 0x02))
uid->flags.aead = 1;
/* And the keyserver modify flag. */
uid->flags.ks_modify = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KS_FLAGS, &n);
if (p && n && (p[0] & 0x80))
uid->flags.ks_modify = 0;
}
@ -2562,7 +2562,7 @@ merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked,
key_usage = parse_key_usage (sig);
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
if (p && buf32_to_u32 (p))
{
key_expire = keytimestamp + buf32_to_u32 (p);
@ -3050,7 +3050,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
subpk->pubkey_usage = key_usage;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
if (p && buf32_to_u32 (p))
key_expire = keytimestamp + buf32_to_u32 (p);
else
@ -3077,8 +3077,8 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
/* We do this while() since there may be other embedded
* signatures in the future. We only want 0x19 here. */
while ((p = enum_sig_subpkt (sig->hashed,
SIGSUBPKT_SIGNATURE, &n, &seq, NULL)))
while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_SIGNATURE,
&n, &seq, NULL)))
if (n > 3
&& ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
{
@ -3102,8 +3102,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
/* It is safe to have this in the unhashed area since the 0x19
* is located on the selfsig for convenience, not security. */
while ((p = enum_sig_subpkt (sig->unhashed, SIGSUBPKT_SIGNATURE,
while ((p = enum_sig_subpkt (sig, 0, SIGSUBPKT_SIGNATURE,
&n, &seq, NULL)))
if (n > 3
&& ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))

2
g10/import.c
View File

@ -3151,7 +3151,7 @@ get_revocation_reason (PKT_signature *sig, char **r_reason,
*r_comment = NULL;
/* Skip over empty reason packets. */
while ((reason_p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
while ((reason_p = enum_sig_subpkt (sig, 1, SIGSUBPKT_REVOC_REASON,
&reason_n, &reason_seq, NULL))
&& !reason_n)
;

2
g10/key-clean.c
View File

@ -192,7 +192,7 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
const byte *p;
u32 expire;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_EXPIRE, NULL );
expire = p? sig->timestamp + buf32_to_u32(p) : 0;
if (expire==0 || expire > curtime )

14
g10/keyedit.c
View File

@ -299,11 +299,11 @@ keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
PKT_public_key *pk = keyblock->pkt->pkt.public_key;
const unsigned char *s;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
s = parse_sig_subpkt (sig, 1, SIGSUBPKT_PRIMARY_UID, NULL);
if (s && *s)
tty_fprintf (fp, " [primary]\n");
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
s = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
if (s && buf32_to_u32 (s))
tty_fprintf (fp, " [expires: %s]\n",
isotimestamp (pk->timestamp + buf32_to_u32 (s)));
@ -3158,8 +3158,8 @@ show_prefs (PKT_user_id * uid, PKT_signature * selfsig, int verbose)
const byte *pref_ks;
size_t pref_ks_len;
pref_ks = parse_sig_subpkt (selfsig->hashed,
SIGSUBPKT_PREF_KS, &pref_ks_len);
pref_ks = parse_sig_subpkt (selfsig, 1,
SIGSUBPKT_PREF_KS, &pref_ks_len);
if (pref_ks && pref_ks_len)
{
tty_printf (" ");
@ -4870,10 +4870,10 @@ menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock)
int action;
/* See whether this signature has the primary UID flag. */
p = parse_sig_subpkt (sig->hashed,
p = parse_sig_subpkt (sig, 1,
SIGSUBPKT_PRIMARY_UID, NULL);
if (!p)
p = parse_sig_subpkt (sig->unhashed,
p = parse_sig_subpkt (sig, 0,
SIGSUBPKT_PRIMARY_UID, NULL);
if (p && *p) /* yes */
action = selected ? 0 : -1;
@ -5086,7 +5086,7 @@ menu_set_keyserver_url (ctrl_t ctrl, const char *url, kbnode_t pub_keyblock)
const byte *p;
size_t plen;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &plen);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &plen);
if (p && plen)
{
tty_printf ("Current preferred keyserver for user"

8
g10/keygen.c
View File

@ -692,7 +692,7 @@ add_feature_mdc (PKT_signature *sig,int enabled)
int i;
char *buf;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n );
s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n );
/* Already set or cleared */
if (s && n &&
((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01))))
@ -734,7 +734,7 @@ add_feature_aead (PKT_signature *sig, int enabled)
int i;
char *buf;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n );
s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n );
if (s && n && ((enabled && (s[0] & 0x02)) || (!enabled && !(s[0] & 0x02))))
return; /* Already set or cleared */
@ -776,7 +776,7 @@ add_feature_v5 (PKT_signature *sig, int enabled)
int i;
char *buf;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n );
s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n );
if (s && n && ((enabled && (s[0] & 0x04)) || (!enabled && !(s[0] & 0x04))))
return; /* Already set or cleared */
@ -821,7 +821,7 @@ add_keyserver_modify (PKT_signature *sig,int enabled)
/* The keyserver modify flag is a negative flag (i.e. no-modify) */
enabled=!enabled;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n );
s = parse_sig_subpkt (sig, 1, SIGSUBPKT_KS_FLAGS, &n );
/* Already set or cleared */
if (s && n &&
((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80))))

11
g10/keylist.c
View File

@ -338,8 +338,7 @@ show_policy_url (PKT_signature * sig, int indent, int mode)
int seq = 0, crit;
estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
while ((p =
enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, &len, &seq, &crit)))
{
if (mode != 2)
{
@ -379,9 +378,7 @@ show_keyserver_url (PKT_signature * sig, int indent, int mode)
int seq = 0, crit;
estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
while ((p =
enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
&crit)))
while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &len, &seq, &crit)))
{
if (mode != 2)
{
@ -874,12 +871,12 @@ print_subpackets_colon (PKT_signature * sig)
seq = 0;
while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
while ((p = enum_sig_subpkt (sig, 1, *i, &len, &seq, &crit)))
print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
seq = 0;
while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
while ((p = enum_sig_subpkt (sig, 0, *i, &len, &seq, &crit)))
print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
}
}

2
g10/keyserver.c
View File

@ -452,7 +452,7 @@ parse_preferred_keyserver(PKT_signature *sig)
const byte *p;
size_t plen;
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &plen);
if(p && plen)
{
byte *dupe=xmalloc(plen+1);

4
g10/mainproc.c
View File

@ -1784,7 +1784,7 @@ issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
const byte *p;
size_t n;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &n);
if (p && ((n == 21 && p[0] == 4) || (n == 33 && p[0] == 5)))
{
*r_len = n - 1;
@ -2017,7 +2017,7 @@ check_sig_and_print (CTX c, kbnode_t node)
size_t n;
int any_pref_ks = 0;
while ((p=enum_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
while ((p=enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &n, &seq, NULL)))
{
/* According to my favorite copy editor, in English grammar,
you say "at" if the key is located on a web page, but

99
g10/packet.h
View File

@ -775,58 +775,61 @@ int skip_some_packets (iobuf_t inp, unsigned int n);
int parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen,
PKT_signature *sig );
/* Given a subpacket area (typically either PKT_signature.hashed or
PKT_signature.unhashed), either:
- test whether there are any subpackets with the critical bit set
that we don't understand,
- list the subpackets, or,
- find a subpacket with a specific type.
REQTYPE indicates the type of operation.
If REQTYPE is SIGSUBPKT_TEST_CRITICAL, then this function checks
whether there are any subpackets that have the critical bit and
which GnuPG cannot handle. If GnuPG understands all subpackets
whose critical bit is set, then this function returns simply
returns SUBPKTS. If there is a subpacket whose critical bit is set
and which GnuPG does not understand, then this function returns
NULL and, if START is not NULL, sets *START to the 1-based index of
the subpacket that violates the constraint.
If REQTYPE is SIGSUBPKT_LIST_HASHED or SIGSUBPKT_LIST_UNHASHED, the
packets are dumped. Note: if REQTYPE is SIGSUBPKT_LIST_HASHED,
this function does not check whether the hash is correct; this is
merely an indication of the section that the subpackets came from.
If REQTYPE is anything else, then this function interprets the
values as a subpacket type and looks for the first subpacket with
that type. If such a packet is found, *CRITICAL (if not NULL) is
set if the critical bit was set, *RET_N is set to the offset of the
subpacket's content within the SUBPKTS buffer, *START is set to the
1-based index of the subpacket within the buffer, and returns
&SUBPKTS[*RET_N].
*START is the number of initial subpackets to not consider. Thus,
if *START is 2, then the first 2 subpackets are ignored. */
const byte *enum_sig_subpkt ( const subpktarea_t *subpkts,
sigsubpkttype_t reqtype,
size_t *ret_n, int *start, int *critical );
/* Given a signature packet, either:
*
* - test whether there are any subpackets with the critical bit set
* that we don't understand,
*
* - list the subpackets, or,
*
* - find a subpacket with a specific type.
*
* The WANT_HASHED flag indicates that the hashed area shall be
* considered.
*
* REQTYPE indicates the type of operation.
*
* If REQTYPE is SIGSUBPKT_TEST_CRITICAL, then this function checks
* whether there are any subpackets that have the critical bit and
* which GnuPG cannot handle. If GnuPG understands all subpackets
* whose critical bit is set, then this function returns simply
* returns SUBPKTS. If there is a subpacket whose critical bit is set
* and which GnuPG does not understand, then this function returns
* NULL and, if START is not NULL, sets *START to the 1-based index of
* the subpacket that violates the constraint.
*
* If REQTYPE is SIGSUBPKT_LIST_HASHED or SIGSUBPKT_LIST_UNHASHED, the
* packets are dumped. Note: if REQTYPE is SIGSUBPKT_LIST_HASHED,
* this function does not check whether the hash is correct; this is
* merely an indication of the section that the subpackets came from.
*
* If REQTYPE is anything else, then this function interprets the
* values as a subpacket type and looks for the first subpacket with
* that type. If such a packet is found, *CRITICAL (if not NULL) is
* set if the critical bit was set, *RET_N is set to the offset of the
* subpacket's content within the SUBPKTS buffer, *START is set to the
* 1-based index of the subpacket within the buffer, and returns
* &SUBPKTS[*RET_N].
*
* *START is the number of initial subpackets to not consider. Thus,
* if *START is 2, then the first 2 subpackets are ignored.
*/
const byte *enum_sig_subpkt (PKT_signature *sig, int want_hashed,
sigsubpkttype_t reqtype,
size_t *ret_n, int *start, int *critical );
/* Shorthand for:
enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL); */
const byte *parse_sig_subpkt ( const subpktarea_t *buffer,
sigsubpkttype_t reqtype,
size_t *ret_n );
*
* enum_sig_subpkt (sig, want_hashed, reqtype, ret_n, NULL, NULL);
*/
const byte *parse_sig_subpkt (PKT_signature *sig, int want_hashed,
sigsubpkttype_t reqtype,
size_t *ret_n );
/* This calls parse_sig_subpkt first on the hashed signature area in
SIG and then, if that returns NULL, calls parse_sig_subpkt on the
unhashed subpacket area in SIG. */
const byte *parse_sig_subpkt2 ( PKT_signature *sig,
sigsubpkttype_t reqtype);
* SIG and then, if that returns NULL, calls parse_sig_subpkt on the
* unhashed subpacket area in SIG. */
const byte *parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype);
/* Returns whether the N byte large buffer BUFFER is sufficient to
hold a subpacket of type TYPE. Note: the buffer refers to the

49
g10/parse-packet.c
View File

@ -1734,8 +1734,8 @@ can_handle_critical (const byte * buffer, size_t n, int type)
const byte *
enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
size_t * ret_n, int *start, int *critical)
enum_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype,
size_t *ret_n, int *start, int *critical)
{
const byte *buffer;
int buflen;
@ -1743,6 +1743,7 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
int critical_dummy;
int offset;
size_t n;
const subpktarea_t *pktbuf = want_hashed? sig->hashed : sig->unhashed;
int seq = 0;
int reqseq = start ? *start : 0;
@ -1867,21 +1868,21 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
const byte *
parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
size_t * ret_n)
parse_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype,
size_t *ret_n)
{
return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
return enum_sig_subpkt (sig, want_hashed, reqtype, ret_n, NULL, NULL);
}
const byte *
parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype)
{
const byte *p;
p = parse_sig_subpkt (sig->hashed, reqtype, NULL);
p = parse_sig_subpkt (sig, 1, reqtype, NULL);
if (!p)
p = parse_sig_subpkt (sig->unhashed, reqtype, NULL);
p = parse_sig_subpkt (sig, 0, reqtype, NULL);
return p;
}
@ -1897,8 +1898,8 @@ parse_revkeys (PKT_signature * sig)
if (sig->sig_class != 0x1F)
return;
while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
&len, &seq, NULL)))
while ((revkey = enum_sig_subpkt (sig, 1, SIGSUBPKT_REV_KEY,
&len, &seq, NULL)))
{
/* Consider only valid packets. They must have a length of
* either 2+20 or 2+32 octets and bit 7 of the class octet must
@ -2062,11 +2063,11 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
/* Set sig->flags.unknown_critical if there is a critical bit
* set for packets which we do not understand. */
if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
|| !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
if (!parse_sig_subpkt (sig, 1, SIGSUBPKT_TEST_CRITICAL, NULL)
|| !parse_sig_subpkt (sig, 0, SIGSUBPKT_TEST_CRITICAL, NULL))
sig->flags.unknown_critical = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_CREATED, NULL);
if (p)
sig->timestamp = buf32_to_u32 (p);
else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
@ -2076,7 +2077,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
/* Set the key id. We first try the issuer fingerprint and if
* it is a v4 signature the fallback to the issuer. Note that
* only the issuer packet is also searched in the unhashed area. */
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &len);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &len);
if (p && len == 21 && p[0] == 4)
{
sig->keyid[0] = buf32_to_u32 (p + 1 + 12);
@ -2096,21 +2097,21 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
&& opt.verbose && !glo_ctrl.silence_parse_warnings)
log_info ("signature packet without keyid\n");
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_EXPIRE, NULL);
if (p && buf32_to_u32 (p))
sig->expiredate = sig->timestamp + buf32_to_u32 (p);
if (sig->expiredate && sig->expiredate <= make_timestamp ())
sig->flags.expired = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, NULL);
if (p)
sig->flags.policy_url = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, NULL);
if (p)
sig->flags.pref_ks = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIGNERS_UID, &len);
if (p && len)
{
char *mbox;
@ -2129,15 +2130,15 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
}
}
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_NOTATION, NULL);
if (p)
sig->flags.notation = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_REVOCABLE, NULL);
if (p && *p == 0)
sig->flags.revocable = 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
p = parse_sig_subpkt (sig, 1, SIGSUBPKT_TRUST, &len);
if (p && len == 2)
{
sig->trust_depth = p[0];
@ -2146,7 +2147,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
/* Only look for a regexp if there is also a trust
subpacket. */
sig->trust_regexp =
parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
parse_sig_subpkt (sig, 1, SIGSUBPKT_REGEXP, &len);
/* If the regular expression is of 0 length, there is no
regular expression. */
@ -2179,8 +2180,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
if (is_v4or5)
{
parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
parse_sig_subpkt (sig, 1, SIGSUBPKT_LIST_HASHED, NULL);
parse_sig_subpkt (sig, 0, SIGSUBPKT_LIST_UNHASHED, NULL);
}
}

4
g10/pkclist.c
View File

@ -63,8 +63,8 @@ do_show_revocation_reason( PKT_signature *sig )
int seq = 0;
const char *text;
while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON,
&n, &seq, NULL )) ) {
while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_REVOC_REASON,
&n, &seq, NULL)) ) {
if( !n )
continue; /* invalid - just skip it */