From e1d9be730ca07e10a20df5ef60d7562030f10676 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 5 Sep 2019 20:36:38 +0200 Subject: [PATCH] gpg: Rework the signature subpacket iteration function. * g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args so that the entire signature packet is available. Change all callers. (parse_sig_subpkt): Ditto. -- This patch is a prerequisite to support the new attestation key signatures. Signed-off-by: Werner Koch --- g10/build-packet.c | 2 +- g10/getkey.c | 31 +++++++-------- g10/import.c | 2 +- g10/key-clean.c | 2 +- g10/keyedit.c | 14 +++---- g10/keygen.c | 8 ++-- g10/keylist.c | 11 ++---- g10/keyserver.c | 2 +- g10/mainproc.c | 4 +- g10/packet.h | 99 ++++++++++++++++++++++++---------------------- g10/parse-packet.c | 49 ++++++++++++----------- g10/pkclist.c | 4 +- 12 files changed, 114 insertions(+), 114 deletions(-) diff --git a/g10/build-packet.c b/g10/build-packet.c index 2a95df694..865f2b500 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -1527,7 +1527,7 @@ sig_to_notation(PKT_signature *sig) - n1 bytes of name data - n2 bytes of value data */ - while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit))) + while((p=enum_sig_subpkt (sig, 1, SIGSUBPKT_NOTATION, &len, &seq, &crit))) { int n1,n2; struct notation *n=NULL; diff --git a/g10/getkey.c b/g10/getkey.c index dc3dc4844..55cb6d090 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2149,7 +2149,7 @@ parse_key_usage (PKT_signature * sig) size_t n; byte flags; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_FLAGS, &n); if (p && n) { /* First octet of the keyflags. */ @@ -2247,7 +2247,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated) uid->help_key_usage = parse_key_usage (sig); /* Ditto for the key expiration. */ - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL); if (p && buf32_to_u32 (p)) uid->help_key_expire = keycreated + buf32_to_u32 (p); else @@ -2256,7 +2256,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated) /* Set the primary user ID flag - we will later wipe out some * of them to only have one in our keyblock. */ uid->flags.primary = 0; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PRIMARY_UID, NULL); if (p && *p) uid->flags.primary = 2; @@ -2268,16 +2268,16 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated) /* Now build the preferences list. These must come from the hashed section so nobody can modify the ciphers a key is willing to accept. */ - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM, &n); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_SYM, &n); sym = p; nsym = p ? n : 0; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_AEAD, &n); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_AEAD, &n); aead = p; naead = p ? n : 0; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH, &n); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_HASH, &n); hash = p; nhash = p ? n : 0; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR, &n); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_COMPR, &n); zip = p; nzip = p ? n : 0; if (uid->prefs) @@ -2315,19 +2315,19 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated) /* See whether we have the MDC feature. */ uid->flags.mdc = 0; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n); if (p && n && (p[0] & 0x01)) uid->flags.mdc = 1; /* See whether we have the AEAD feature. */ uid->flags.aead = 0; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n); if (p && n && (p[0] & 0x02)) uid->flags.aead = 1; /* And the keyserver modify flag. */ uid->flags.ks_modify = 1; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KS_FLAGS, &n); if (p && n && (p[0] & 0x80)) uid->flags.ks_modify = 0; } @@ -2562,7 +2562,7 @@ merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked, key_usage = parse_key_usage (sig); - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL); if (p && buf32_to_u32 (p)) { key_expire = keytimestamp + buf32_to_u32 (p); @@ -3050,7 +3050,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode) subpk->pubkey_usage = key_usage; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL); if (p && buf32_to_u32 (p)) key_expire = keytimestamp + buf32_to_u32 (p); else @@ -3077,8 +3077,8 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode) /* We do this while() since there may be other embedded * signatures in the future. We only want 0x19 here. */ - while ((p = enum_sig_subpkt (sig->hashed, - SIGSUBPKT_SIGNATURE, &n, &seq, NULL))) + while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_SIGNATURE, + &n, &seq, NULL))) if (n > 3 && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19))) { @@ -3102,8 +3102,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode) /* It is safe to have this in the unhashed area since the 0x19 * is located on the selfsig for convenience, not security. */ - - while ((p = enum_sig_subpkt (sig->unhashed, SIGSUBPKT_SIGNATURE, + while ((p = enum_sig_subpkt (sig, 0, SIGSUBPKT_SIGNATURE, &n, &seq, NULL))) if (n > 3 && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19))) diff --git a/g10/import.c b/g10/import.c index c32dbf059..867a9de29 100644 --- a/g10/import.c +++ b/g10/import.c @@ -3151,7 +3151,7 @@ get_revocation_reason (PKT_signature *sig, char **r_reason, *r_comment = NULL; /* Skip over empty reason packets. */ - while ((reason_p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON, + while ((reason_p = enum_sig_subpkt (sig, 1, SIGSUBPKT_REVOC_REASON, &reason_n, &reason_seq, NULL)) && !reason_n) ; diff --git a/g10/key-clean.c b/g10/key-clean.c index d701a6665..496d0194e 100644 --- a/g10/key-clean.c +++ b/g10/key-clean.c @@ -192,7 +192,7 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode, const byte *p; u32 expire; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL ); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_EXPIRE, NULL ); expire = p? sig->timestamp + buf32_to_u32(p) : 0; if (expire==0 || expire > curtime ) diff --git a/g10/keyedit.c b/g10/keyedit.c index 1bf5de9b2..b66ae9548 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -299,11 +299,11 @@ keyedit_print_one_sig (ctrl_t ctrl, estream_t fp, PKT_public_key *pk = keyblock->pkt->pkt.public_key; const unsigned char *s; - s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL); + s = parse_sig_subpkt (sig, 1, SIGSUBPKT_PRIMARY_UID, NULL); if (s && *s) tty_fprintf (fp, " [primary]\n"); - s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); + s = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL); if (s && buf32_to_u32 (s)) tty_fprintf (fp, " [expires: %s]\n", isotimestamp (pk->timestamp + buf32_to_u32 (s))); @@ -3158,8 +3158,8 @@ show_prefs (PKT_user_id * uid, PKT_signature * selfsig, int verbose) const byte *pref_ks; size_t pref_ks_len; - pref_ks = parse_sig_subpkt (selfsig->hashed, - SIGSUBPKT_PREF_KS, &pref_ks_len); + pref_ks = parse_sig_subpkt (selfsig, 1, + SIGSUBPKT_PREF_KS, &pref_ks_len); if (pref_ks && pref_ks_len) { tty_printf (" "); @@ -4870,10 +4870,10 @@ menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock) int action; /* See whether this signature has the primary UID flag. */ - p = parse_sig_subpkt (sig->hashed, + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PRIMARY_UID, NULL); if (!p) - p = parse_sig_subpkt (sig->unhashed, + p = parse_sig_subpkt (sig, 0, SIGSUBPKT_PRIMARY_UID, NULL); if (p && *p) /* yes */ action = selected ? 0 : -1; @@ -5086,7 +5086,7 @@ menu_set_keyserver_url (ctrl_t ctrl, const char *url, kbnode_t pub_keyblock) const byte *p; size_t plen; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &plen); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &plen); if (p && plen) { tty_printf ("Current preferred keyserver for user" diff --git a/g10/keygen.c b/g10/keygen.c index 5be251e38..1e5722fb2 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -692,7 +692,7 @@ add_feature_mdc (PKT_signature *sig,int enabled) int i; char *buf; - s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n ); + s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n ); /* Already set or cleared */ if (s && n && ((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01)))) @@ -734,7 +734,7 @@ add_feature_aead (PKT_signature *sig, int enabled) int i; char *buf; - s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n ); + s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n ); if (s && n && ((enabled && (s[0] & 0x02)) || (!enabled && !(s[0] & 0x02)))) return; /* Already set or cleared */ @@ -776,7 +776,7 @@ add_feature_v5 (PKT_signature *sig, int enabled) int i; char *buf; - s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n ); + s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n ); if (s && n && ((enabled && (s[0] & 0x04)) || (!enabled && !(s[0] & 0x04)))) return; /* Already set or cleared */ @@ -821,7 +821,7 @@ add_keyserver_modify (PKT_signature *sig,int enabled) /* The keyserver modify flag is a negative flag (i.e. no-modify) */ enabled=!enabled; - s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n ); + s = parse_sig_subpkt (sig, 1, SIGSUBPKT_KS_FLAGS, &n ); /* Already set or cleared */ if (s && n && ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80)))) diff --git a/g10/keylist.c b/g10/keylist.c index 801568adb..bbe66831c 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -338,8 +338,7 @@ show_policy_url (PKT_signature * sig, int indent, int mode) int seq = 0, crit; estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; - while ((p = - enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit))) + while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, &len, &seq, &crit))) { if (mode != 2) { @@ -379,9 +378,7 @@ show_keyserver_url (PKT_signature * sig, int indent, int mode) int seq = 0, crit; estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; - while ((p = - enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq, - &crit))) + while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &len, &seq, &crit))) { if (mode != 2) { @@ -874,12 +871,12 @@ print_subpackets_colon (PKT_signature * sig) seq = 0; - while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit))) + while ((p = enum_sig_subpkt (sig, 1, *i, &len, &seq, &crit))) print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p); seq = 0; - while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit))) + while ((p = enum_sig_subpkt (sig, 0, *i, &len, &seq, &crit))) print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p); } } diff --git a/g10/keyserver.c b/g10/keyserver.c index 8655919a0..d7dfcfd22 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -452,7 +452,7 @@ parse_preferred_keyserver(PKT_signature *sig) const byte *p; size_t plen; - p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &plen); if(p && plen) { byte *dupe=xmalloc(plen+1); diff --git a/g10/mainproc.c b/g10/mainproc.c index 5b43b378a..c12039e6d 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1784,7 +1784,7 @@ issuer_fpr_raw (PKT_signature *sig, size_t *r_len) const byte *p; size_t n; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &n); if (p && ((n == 21 && p[0] == 4) || (n == 33 && p[0] == 5))) { *r_len = n - 1; @@ -2017,7 +2017,7 @@ check_sig_and_print (CTX c, kbnode_t node) size_t n; int any_pref_ks = 0; - while ((p=enum_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL))) + while ((p=enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &n, &seq, NULL))) { /* According to my favorite copy editor, in English grammar, you say "at" if the key is located on a web page, but diff --git a/g10/packet.h b/g10/packet.h index 479f25044..5023903d2 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -775,58 +775,61 @@ int skip_some_packets (iobuf_t inp, unsigned int n); int parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen, PKT_signature *sig ); -/* Given a subpacket area (typically either PKT_signature.hashed or - PKT_signature.unhashed), either: - - - test whether there are any subpackets with the critical bit set - that we don't understand, - - - list the subpackets, or, - - - find a subpacket with a specific type. - - REQTYPE indicates the type of operation. - - If REQTYPE is SIGSUBPKT_TEST_CRITICAL, then this function checks - whether there are any subpackets that have the critical bit and - which GnuPG cannot handle. If GnuPG understands all subpackets - whose critical bit is set, then this function returns simply - returns SUBPKTS. If there is a subpacket whose critical bit is set - and which GnuPG does not understand, then this function returns - NULL and, if START is not NULL, sets *START to the 1-based index of - the subpacket that violates the constraint. - - If REQTYPE is SIGSUBPKT_LIST_HASHED or SIGSUBPKT_LIST_UNHASHED, the - packets are dumped. Note: if REQTYPE is SIGSUBPKT_LIST_HASHED, - this function does not check whether the hash is correct; this is - merely an indication of the section that the subpackets came from. - - If REQTYPE is anything else, then this function interprets the - values as a subpacket type and looks for the first subpacket with - that type. If such a packet is found, *CRITICAL (if not NULL) is - set if the critical bit was set, *RET_N is set to the offset of the - subpacket's content within the SUBPKTS buffer, *START is set to the - 1-based index of the subpacket within the buffer, and returns - &SUBPKTS[*RET_N]. - - *START is the number of initial subpackets to not consider. Thus, - if *START is 2, then the first 2 subpackets are ignored. */ -const byte *enum_sig_subpkt ( const subpktarea_t *subpkts, - sigsubpkttype_t reqtype, - size_t *ret_n, int *start, int *critical ); +/* Given a signature packet, either: + * + * - test whether there are any subpackets with the critical bit set + * that we don't understand, + * + * - list the subpackets, or, + * + * - find a subpacket with a specific type. + * + * The WANT_HASHED flag indicates that the hashed area shall be + * considered. + * + * REQTYPE indicates the type of operation. + * + * If REQTYPE is SIGSUBPKT_TEST_CRITICAL, then this function checks + * whether there are any subpackets that have the critical bit and + * which GnuPG cannot handle. If GnuPG understands all subpackets + * whose critical bit is set, then this function returns simply + * returns SUBPKTS. If there is a subpacket whose critical bit is set + * and which GnuPG does not understand, then this function returns + * NULL and, if START is not NULL, sets *START to the 1-based index of + * the subpacket that violates the constraint. + * + * If REQTYPE is SIGSUBPKT_LIST_HASHED or SIGSUBPKT_LIST_UNHASHED, the + * packets are dumped. Note: if REQTYPE is SIGSUBPKT_LIST_HASHED, + * this function does not check whether the hash is correct; this is + * merely an indication of the section that the subpackets came from. + * + * If REQTYPE is anything else, then this function interprets the + * values as a subpacket type and looks for the first subpacket with + * that type. If such a packet is found, *CRITICAL (if not NULL) is + * set if the critical bit was set, *RET_N is set to the offset of the + * subpacket's content within the SUBPKTS buffer, *START is set to the + * 1-based index of the subpacket within the buffer, and returns + * &SUBPKTS[*RET_N]. + * + * *START is the number of initial subpackets to not consider. Thus, + * if *START is 2, then the first 2 subpackets are ignored. + */ +const byte *enum_sig_subpkt (PKT_signature *sig, int want_hashed, + sigsubpkttype_t reqtype, + size_t *ret_n, int *start, int *critical ); /* Shorthand for: - - enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL); */ -const byte *parse_sig_subpkt ( const subpktarea_t *buffer, - sigsubpkttype_t reqtype, - size_t *ret_n ); + * + * enum_sig_subpkt (sig, want_hashed, reqtype, ret_n, NULL, NULL); + */ +const byte *parse_sig_subpkt (PKT_signature *sig, int want_hashed, + sigsubpkttype_t reqtype, + size_t *ret_n ); /* This calls parse_sig_subpkt first on the hashed signature area in - SIG and then, if that returns NULL, calls parse_sig_subpkt on the - unhashed subpacket area in SIG. */ -const byte *parse_sig_subpkt2 ( PKT_signature *sig, - sigsubpkttype_t reqtype); + * SIG and then, if that returns NULL, calls parse_sig_subpkt on the + * unhashed subpacket area in SIG. */ +const byte *parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype); /* Returns whether the N byte large buffer BUFFER is sufficient to hold a subpacket of type TYPE. Note: the buffer refers to the diff --git a/g10/parse-packet.c b/g10/parse-packet.c index b8dd8f1b3..6b8831493 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1734,8 +1734,8 @@ can_handle_critical (const byte * buffer, size_t n, int type) const byte * -enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype, - size_t * ret_n, int *start, int *critical) +enum_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype, + size_t *ret_n, int *start, int *critical) { const byte *buffer; int buflen; @@ -1743,6 +1743,7 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype, int critical_dummy; int offset; size_t n; + const subpktarea_t *pktbuf = want_hashed? sig->hashed : sig->unhashed; int seq = 0; int reqseq = start ? *start : 0; @@ -1867,21 +1868,21 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype, const byte * -parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype, - size_t * ret_n) +parse_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype, + size_t *ret_n) { - return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL); + return enum_sig_subpkt (sig, want_hashed, reqtype, ret_n, NULL, NULL); } const byte * -parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype) +parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype) { const byte *p; - p = parse_sig_subpkt (sig->hashed, reqtype, NULL); + p = parse_sig_subpkt (sig, 1, reqtype, NULL); if (!p) - p = parse_sig_subpkt (sig->unhashed, reqtype, NULL); + p = parse_sig_subpkt (sig, 0, reqtype, NULL); return p; } @@ -1897,8 +1898,8 @@ parse_revkeys (PKT_signature * sig) if (sig->sig_class != 0x1F) return; - while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY, - &len, &seq, NULL))) + while ((revkey = enum_sig_subpkt (sig, 1, SIGSUBPKT_REV_KEY, + &len, &seq, NULL))) { /* Consider only valid packets. They must have a length of * either 2+20 or 2+32 octets and bit 7 of the class octet must @@ -2062,11 +2063,11 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, /* Set sig->flags.unknown_critical if there is a critical bit * set for packets which we do not understand. */ - if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL) - || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL)) + if (!parse_sig_subpkt (sig, 1, SIGSUBPKT_TEST_CRITICAL, NULL) + || !parse_sig_subpkt (sig, 0, SIGSUBPKT_TEST_CRITICAL, NULL)) sig->flags.unknown_critical = 1; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_CREATED, NULL); if (p) sig->timestamp = buf32_to_u32 (p); else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110) @@ -2076,7 +2077,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, /* Set the key id. We first try the issuer fingerprint and if * it is a v4 signature the fallback to the issuer. Note that * only the issuer packet is also searched in the unhashed area. */ - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &len); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &len); if (p && len == 21 && p[0] == 4) { sig->keyid[0] = buf32_to_u32 (p + 1 + 12); @@ -2096,21 +2097,21 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, && opt.verbose && !glo_ctrl.silence_parse_warnings) log_info ("signature packet without keyid\n"); - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_EXPIRE, NULL); if (p && buf32_to_u32 (p)) sig->expiredate = sig->timestamp + buf32_to_u32 (p); if (sig->expiredate && sig->expiredate <= make_timestamp ()) sig->flags.expired = 1; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, NULL); if (p) sig->flags.policy_url = 1; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, NULL); if (p) sig->flags.pref_ks = 1; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIGNERS_UID, &len); if (p && len) { char *mbox; @@ -2129,15 +2130,15 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, } } - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_NOTATION, NULL); if (p) sig->flags.notation = 1; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_REVOCABLE, NULL); if (p && *p == 0) sig->flags.revocable = 0; - p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len); + p = parse_sig_subpkt (sig, 1, SIGSUBPKT_TRUST, &len); if (p && len == 2) { sig->trust_depth = p[0]; @@ -2146,7 +2147,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, /* Only look for a regexp if there is also a trust subpacket. */ sig->trust_regexp = - parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len); + parse_sig_subpkt (sig, 1, SIGSUBPKT_REGEXP, &len); /* If the regular expression is of 0 length, there is no regular expression. */ @@ -2179,8 +2180,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, sig->digest_algo, sig->digest_start[0], sig->digest_start[1]); if (is_v4or5) { - parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL); - parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL); + parse_sig_subpkt (sig, 1, SIGSUBPKT_LIST_HASHED, NULL); + parse_sig_subpkt (sig, 0, SIGSUBPKT_LIST_UNHASHED, NULL); } } diff --git a/g10/pkclist.c b/g10/pkclist.c index 1fd23a3e4..36ec4757e 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -63,8 +63,8 @@ do_show_revocation_reason( PKT_signature *sig ) int seq = 0; const char *text; - while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON, - &n, &seq, NULL )) ) { + while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_REVOC_REASON, + &n, &seq, NULL)) ) { if( !n ) continue; /* invalid - just skip it */