security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

gpg: Rework the signature subpacket iteration function.

Browse Source 
* g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args
so that the entire signature packet is available.  Change all callers.
(parse_sig_subpkt): Ditto.
--

This patch is a prerequisite to support the new attestation key
signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2019-09-05 20:36:38 +02:00
parent 7febb4f247
commit e1d9be730c
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
12 changed files with 114 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
g10/build-packet.c
View File

@ -1527,7 +1527,7 @@ sig_to_notation(PKT_signature *sig)
- n1 bytes of name data - n1 bytes of name data
- n2 bytes of value data - n2 bytes of value data
*/ */
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit))) while((p=enum_sig_subpkt (sig, 1, SIGSUBPKT_NOTATION, &len, &seq, &crit)))
{ {
int n1,n2; int n1,n2;
struct notation *n=NULL; struct notation *n=NULL;

31
g10/getkey.c
View File

@ -2149,7 +2149,7 @@ parse_key_usage (PKT_signature * sig)
size_t n; size_t n;
byte flags; byte flags;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_FLAGS, &n);
if (p && n) if (p && n)
{ {
/* First octet of the keyflags. */ /* First octet of the keyflags. */
@ -2247,7 +2247,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
uid->help_key_usage = parse_key_usage (sig); uid->help_key_usage = parse_key_usage (sig);
/* Ditto for the key expiration. */ /* Ditto for the key expiration. */
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
if (p && buf32_to_u32 (p)) if (p && buf32_to_u32 (p))
uid->help_key_expire = keycreated + buf32_to_u32 (p); uid->help_key_expire = keycreated + buf32_to_u32 (p);
else else
@ -2256,7 +2256,7 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
/* Set the primary user ID flag - we will later wipe out some /* Set the primary user ID flag - we will later wipe out some
* of them to only have one in our keyblock. */ * of them to only have one in our keyblock. */
uid->flags.primary = 0; uid->flags.primary = 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PRIMARY_UID, NULL);
if (p && *p) if (p && *p)
uid->flags.primary = 2; uid->flags.primary = 2;
@ -2268,16 +2268,16 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
/* Now build the preferences list. These must come from the /* Now build the preferences list. These must come from the
hashed section so nobody can modify the ciphers a key is hashed section so nobody can modify the ciphers a key is
willing to accept. */ willing to accept. */
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM, &n); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_SYM, &n);
sym = p; sym = p;
nsym = p ? n : 0; nsym = p ? n : 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_AEAD, &n); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_AEAD, &n);
aead = p; aead = p;
naead = p ? n : 0; naead = p ? n : 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH, &n); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_HASH, &n);
hash = p; hash = p;
nhash = p ? n : 0; nhash = p ? n : 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR, &n); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_COMPR, &n);
zip = p; zip = p;
nzip = p ? n : 0; nzip = p ? n : 0;
if (uid->prefs) if (uid->prefs)
@ -2315,19 +2315,19 @@ fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
/* See whether we have the MDC feature. */ /* See whether we have the MDC feature. */
uid->flags.mdc = 0; uid->flags.mdc = 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n);
if (p && n && (p[0] & 0x01)) if (p && n && (p[0] & 0x01))
uid->flags.mdc = 1; uid->flags.mdc = 1;
/* See whether we have the AEAD feature. */ /* See whether we have the AEAD feature. */
uid->flags.aead = 0; uid->flags.aead = 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n);
if (p && n && (p[0] & 0x02)) if (p && n && (p[0] & 0x02))
uid->flags.aead = 1; uid->flags.aead = 1;
/* And the keyserver modify flag. */ /* And the keyserver modify flag. */
uid->flags.ks_modify = 1; uid->flags.ks_modify = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KS_FLAGS, &n);
if (p && n && (p[0] & 0x80)) if (p && n && (p[0] & 0x80))
uid->flags.ks_modify = 0; uid->flags.ks_modify = 0;
} }
@ -2562,7 +2562,7 @@ merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked,
key_usage = parse_key_usage (sig); key_usage = parse_key_usage (sig);
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
if (p && buf32_to_u32 (p)) if (p && buf32_to_u32 (p))
{ {
key_expire = keytimestamp + buf32_to_u32 (p); key_expire = keytimestamp + buf32_to_u32 (p);
@ -3050,7 +3050,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
subpk->pubkey_usage = key_usage; subpk->pubkey_usage = key_usage;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
if (p && buf32_to_u32 (p)) if (p && buf32_to_u32 (p))
key_expire = keytimestamp + buf32_to_u32 (p); key_expire = keytimestamp + buf32_to_u32 (p);
else else
@ -3077,8 +3077,8 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
/* We do this while() since there may be other embedded /* We do this while() since there may be other embedded
* signatures in the future. We only want 0x19 here. */ * signatures in the future. We only want 0x19 here. */
while ((p = enum_sig_subpkt (sig->hashed, while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_SIGNATURE,
SIGSUBPKT_SIGNATURE, &n, &seq, NULL))) &n, &seq, NULL)))
if (n > 3 if (n > 3
&& ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19))) && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
{ {
@ -3102,8 +3102,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
/* It is safe to have this in the unhashed area since the 0x19 /* It is safe to have this in the unhashed area since the 0x19
* is located on the selfsig for convenience, not security. */ * is located on the selfsig for convenience, not security. */
while ((p = enum_sig_subpkt (sig, 0, SIGSUBPKT_SIGNATURE,
while ((p = enum_sig_subpkt (sig->unhashed, SIGSUBPKT_SIGNATURE,
&n, &seq, NULL))) &n, &seq, NULL)))
if (n > 3 if (n > 3
&& ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19))) && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))

2
g10/import.c
View File

@ -3151,7 +3151,7 @@ get_revocation_reason (PKT_signature *sig, char **r_reason,
*r_comment = NULL; *r_comment = NULL;
/* Skip over empty reason packets. */ /* Skip over empty reason packets. */
while ((reason_p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON, while ((reason_p = enum_sig_subpkt (sig, 1, SIGSUBPKT_REVOC_REASON,
&reason_n, &reason_seq, NULL)) &reason_n, &reason_seq, NULL))
&& !reason_n) && !reason_n)
; ;

2
g10/key-clean.c
View File

@ -192,7 +192,7 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
const byte *p; const byte *p;
u32 expire; u32 expire;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL ); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_EXPIRE, NULL );
expire = p? sig->timestamp + buf32_to_u32(p) : 0; expire = p? sig->timestamp + buf32_to_u32(p) : 0;
if (expire==0 || expire > curtime ) if (expire==0 || expire > curtime )

14
g10/keyedit.c
View File

@ -299,11 +299,11 @@ keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
PKT_public_key *pk = keyblock->pkt->pkt.public_key; PKT_public_key *pk = keyblock->pkt->pkt.public_key;
const unsigned char *s; const unsigned char *s;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL); s = parse_sig_subpkt (sig, 1, SIGSUBPKT_PRIMARY_UID, NULL);
if (s && *s) if (s && *s)
tty_fprintf (fp, " [primary]\n"); tty_fprintf (fp, " [primary]\n");
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); s = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_EXPIRE, NULL);
if (s && buf32_to_u32 (s)) if (s && buf32_to_u32 (s))
tty_fprintf (fp, " [expires: %s]\n", tty_fprintf (fp, " [expires: %s]\n",
isotimestamp (pk->timestamp + buf32_to_u32 (s))); isotimestamp (pk->timestamp + buf32_to_u32 (s)));
@ -3158,8 +3158,8 @@ show_prefs (PKT_user_id * uid, PKT_signature * selfsig, int verbose)
const byte *pref_ks; const byte *pref_ks;
size_t pref_ks_len; size_t pref_ks_len;
pref_ks = parse_sig_subpkt (selfsig->hashed, pref_ks = parse_sig_subpkt (selfsig, 1,
SIGSUBPKT_PREF_KS, &pref_ks_len); SIGSUBPKT_PREF_KS, &pref_ks_len);
if (pref_ks && pref_ks_len) if (pref_ks && pref_ks_len)
{ {
tty_printf (" "); tty_printf (" ");
@ -4870,10 +4870,10 @@ menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock)
int action; int action;
/* See whether this signature has the primary UID flag. */ /* See whether this signature has the primary UID flag. */
p = parse_sig_subpkt (sig->hashed, p = parse_sig_subpkt (sig, 1,
SIGSUBPKT_PRIMARY_UID, NULL); SIGSUBPKT_PRIMARY_UID, NULL);
if (!p) if (!p)
p = parse_sig_subpkt (sig->unhashed, p = parse_sig_subpkt (sig, 0,
SIGSUBPKT_PRIMARY_UID, NULL); SIGSUBPKT_PRIMARY_UID, NULL);
if (p && *p) /* yes */ if (p && *p) /* yes */
action = selected ? 0 : -1; action = selected ? 0 : -1;
@ -5086,7 +5086,7 @@ menu_set_keyserver_url (ctrl_t ctrl, const char *url, kbnode_t pub_keyblock)
const byte *p; const byte *p;
size_t plen; size_t plen;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &plen); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &plen);
if (p && plen) if (p && plen)
{ {
tty_printf ("Current preferred keyserver for user" tty_printf ("Current preferred keyserver for user"

8
g10/keygen.c
View File

@ -692,7 +692,7 @@ add_feature_mdc (PKT_signature *sig,int enabled)
int i; int i;
char *buf; char *buf;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n ); s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n );
/* Already set or cleared */ /* Already set or cleared */
if (s && n && if (s && n &&
((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01)))) ((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01))))
@ -734,7 +734,7 @@ add_feature_aead (PKT_signature *sig, int enabled)
int i; int i;
char *buf; char *buf;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n ); s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n );
if (s && n && ((enabled && (s[0] & 0x02)) || (!enabled && !(s[0] & 0x02)))) if (s && n && ((enabled && (s[0] & 0x02)) || (!enabled && !(s[0] & 0x02))))
return; /* Already set or cleared */ return; /* Already set or cleared */
@ -776,7 +776,7 @@ add_feature_v5 (PKT_signature *sig, int enabled)
int i; int i;
char *buf; char *buf;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n ); s = parse_sig_subpkt (sig, 1, SIGSUBPKT_FEATURES, &n );
if (s && n && ((enabled && (s[0] & 0x04)) || (!enabled && !(s[0] & 0x04)))) if (s && n && ((enabled && (s[0] & 0x04)) || (!enabled && !(s[0] & 0x04))))
return; /* Already set or cleared */ return; /* Already set or cleared */
@ -821,7 +821,7 @@ add_keyserver_modify (PKT_signature *sig,int enabled)
/* The keyserver modify flag is a negative flag (i.e. no-modify) */ /* The keyserver modify flag is a negative flag (i.e. no-modify) */
enabled=!enabled; enabled=!enabled;
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n ); s = parse_sig_subpkt (sig, 1, SIGSUBPKT_KS_FLAGS, &n );
/* Already set or cleared */ /* Already set or cleared */
if (s && n && if (s && n &&
((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80)))) ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80))))

11
g10/keylist.c
View File

@ -338,8 +338,7 @@ show_policy_url (PKT_signature * sig, int indent, int mode)
int seq = 0, crit; int seq = 0, crit;
estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
while ((p = while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, &len, &seq, &crit)))
enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
{ {
if (mode != 2) if (mode != 2)
{ {
@ -379,9 +378,7 @@ show_keyserver_url (PKT_signature * sig, int indent, int mode)
int seq = 0, crit; int seq = 0, crit;
estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
while ((p = while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &len, &seq, &crit)))
enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
&crit)))
{ {
if (mode != 2) if (mode != 2)
{ {
@ -874,12 +871,12 @@ print_subpackets_colon (PKT_signature * sig)
seq = 0; seq = 0;
while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit))) while ((p = enum_sig_subpkt (sig, 1, *i, &len, &seq, &crit)))
print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p); print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
seq = 0; seq = 0;
while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit))) while ((p = enum_sig_subpkt (sig, 0, *i, &len, &seq, &crit)))
print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p); print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
} }
} }

2
g10/keyserver.c
View File

@ -452,7 +452,7 @@ parse_preferred_keyserver(PKT_signature *sig)
const byte *p; const byte *p;
size_t plen; size_t plen;
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&plen); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &plen);
if(p && plen) if(p && plen)
{ {
byte *dupe=xmalloc(plen+1); byte *dupe=xmalloc(plen+1);

4
g10/mainproc.c
View File

@ -1784,7 +1784,7 @@ issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
const byte *p; const byte *p;
size_t n; size_t n;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &n);
if (p && ((n == 21 && p[0] == 4) || (n == 33 && p[0] == 5))) if (p && ((n == 21 && p[0] == 4) || (n == 33 && p[0] == 5)))
{ {
*r_len = n - 1; *r_len = n - 1;
@ -2017,7 +2017,7 @@ check_sig_and_print (CTX c, kbnode_t node)
size_t n; size_t n;
int any_pref_ks = 0; int any_pref_ks = 0;
while ((p=enum_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL))) while ((p=enum_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, &n, &seq, NULL)))
{ {
/* According to my favorite copy editor, in English grammar, /* According to my favorite copy editor, in English grammar,
you say "at" if the key is located on a web page, but you say "at" if the key is located on a web page, but

99
g10/packet.h
View File

@ -775,58 +775,61 @@ int skip_some_packets (iobuf_t inp, unsigned int n);
int parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen, int parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen,
PKT_signature *sig ); PKT_signature *sig );
/* Given a subpacket area (typically either PKT_signature.hashed or /* Given a signature packet, either:
PKT_signature.unhashed), either: *
* - test whether there are any subpackets with the critical bit set
- test whether there are any subpackets with the critical bit set * that we don't understand,
that we don't understand, *
* - list the subpackets, or,
- list the subpackets, or, *
* - find a subpacket with a specific type.
- find a subpacket with a specific type. *
* The WANT_HASHED flag indicates that the hashed area shall be
REQTYPE indicates the type of operation. * considered.
*
If REQTYPE is SIGSUBPKT_TEST_CRITICAL, then this function checks * REQTYPE indicates the type of operation.
whether there are any subpackets that have the critical bit and *
which GnuPG cannot handle. If GnuPG understands all subpackets * If REQTYPE is SIGSUBPKT_TEST_CRITICAL, then this function checks
whose critical bit is set, then this function returns simply * whether there are any subpackets that have the critical bit and
returns SUBPKTS. If there is a subpacket whose critical bit is set * which GnuPG cannot handle. If GnuPG understands all subpackets
and which GnuPG does not understand, then this function returns * whose critical bit is set, then this function returns simply
NULL and, if START is not NULL, sets *START to the 1-based index of * returns SUBPKTS. If there is a subpacket whose critical bit is set
the subpacket that violates the constraint. * and which GnuPG does not understand, then this function returns
* NULL and, if START is not NULL, sets *START to the 1-based index of
If REQTYPE is SIGSUBPKT_LIST_HASHED or SIGSUBPKT_LIST_UNHASHED, the * the subpacket that violates the constraint.
packets are dumped. Note: if REQTYPE is SIGSUBPKT_LIST_HASHED, *
this function does not check whether the hash is correct; this is * If REQTYPE is SIGSUBPKT_LIST_HASHED or SIGSUBPKT_LIST_UNHASHED, the
merely an indication of the section that the subpackets came from. * packets are dumped. Note: if REQTYPE is SIGSUBPKT_LIST_HASHED,
* this function does not check whether the hash is correct; this is
If REQTYPE is anything else, then this function interprets the * merely an indication of the section that the subpackets came from.
values as a subpacket type and looks for the first subpacket with *
that type. If such a packet is found, *CRITICAL (if not NULL) is * If REQTYPE is anything else, then this function interprets the
set if the critical bit was set, *RET_N is set to the offset of the * values as a subpacket type and looks for the first subpacket with
subpacket's content within the SUBPKTS buffer, *START is set to the * that type. If such a packet is found, *CRITICAL (if not NULL) is
1-based index of the subpacket within the buffer, and returns * set if the critical bit was set, *RET_N is set to the offset of the
&SUBPKTS[*RET_N]. * subpacket's content within the SUBPKTS buffer, *START is set to the
* 1-based index of the subpacket within the buffer, and returns
*START is the number of initial subpackets to not consider. Thus, * &SUBPKTS[*RET_N].
if *START is 2, then the first 2 subpackets are ignored. */ *
const byte *enum_sig_subpkt ( const subpktarea_t *subpkts, * *START is the number of initial subpackets to not consider. Thus,
sigsubpkttype_t reqtype, * if *START is 2, then the first 2 subpackets are ignored.
size_t *ret_n, int *start, int *critical ); */
const byte *enum_sig_subpkt (PKT_signature *sig, int want_hashed,
sigsubpkttype_t reqtype,
size_t *ret_n, int *start, int *critical );
/* Shorthand for: /* Shorthand for:
*
enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL); */ * enum_sig_subpkt (sig, want_hashed, reqtype, ret_n, NULL, NULL);
const byte *parse_sig_subpkt ( const subpktarea_t *buffer, */
sigsubpkttype_t reqtype, const byte *parse_sig_subpkt (PKT_signature *sig, int want_hashed,
size_t *ret_n ); sigsubpkttype_t reqtype,
size_t *ret_n );
/* This calls parse_sig_subpkt first on the hashed signature area in /* This calls parse_sig_subpkt first on the hashed signature area in
SIG and then, if that returns NULL, calls parse_sig_subpkt on the * SIG and then, if that returns NULL, calls parse_sig_subpkt on the
unhashed subpacket area in SIG. */ * unhashed subpacket area in SIG. */
const byte *parse_sig_subpkt2 ( PKT_signature *sig, const byte *parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype);
sigsubpkttype_t reqtype);
/* Returns whether the N byte large buffer BUFFER is sufficient to /* Returns whether the N byte large buffer BUFFER is sufficient to
hold a subpacket of type TYPE. Note: the buffer refers to the hold a subpacket of type TYPE. Note: the buffer refers to the

49
g10/parse-packet.c
View File

@ -1734,8 +1734,8 @@ can_handle_critical (const byte * buffer, size_t n, int type)
const byte * const byte *
enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype, enum_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype,
size_t * ret_n, int *start, int *critical) size_t *ret_n, int *start, int *critical)
{ {
const byte *buffer; const byte *buffer;
int buflen; int buflen;
@ -1743,6 +1743,7 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
int critical_dummy; int critical_dummy;
int offset; int offset;
size_t n; size_t n;
const subpktarea_t *pktbuf = want_hashed? sig->hashed : sig->unhashed;
int seq = 0; int seq = 0;
int reqseq = start ? *start : 0; int reqseq = start ? *start : 0;
@ -1867,21 +1868,21 @@ enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
const byte * const byte *
parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype, parse_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype,
size_t * ret_n) size_t *ret_n)
{ {
return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL); return enum_sig_subpkt (sig, want_hashed, reqtype, ret_n, NULL, NULL);
} }
const byte * const byte *
parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype) parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype)
{ {
const byte *p; const byte *p;
p = parse_sig_subpkt (sig->hashed, reqtype, NULL); p = parse_sig_subpkt (sig, 1, reqtype, NULL);
if (!p) if (!p)
p = parse_sig_subpkt (sig->unhashed, reqtype, NULL); p = parse_sig_subpkt (sig, 0, reqtype, NULL);
return p; return p;
} }
@ -1897,8 +1898,8 @@ parse_revkeys (PKT_signature * sig)
if (sig->sig_class != 0x1F) if (sig->sig_class != 0x1F)
return; return;
while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY, while ((revkey = enum_sig_subpkt (sig, 1, SIGSUBPKT_REV_KEY,
&len, &seq, NULL))) &len, &seq, NULL)))
{ {
/* Consider only valid packets. They must have a length of /* Consider only valid packets. They must have a length of
* either 2+20 or 2+32 octets and bit 7 of the class octet must * either 2+20 or 2+32 octets and bit 7 of the class octet must
@ -2062,11 +2063,11 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
/* Set sig->flags.unknown_critical if there is a critical bit /* Set sig->flags.unknown_critical if there is a critical bit
* set for packets which we do not understand. */ * set for packets which we do not understand. */
if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL) if (!parse_sig_subpkt (sig, 1, SIGSUBPKT_TEST_CRITICAL, NULL)
|| !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL)) || !parse_sig_subpkt (sig, 0, SIGSUBPKT_TEST_CRITICAL, NULL))
sig->flags.unknown_critical = 1; sig->flags.unknown_critical = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_CREATED, NULL);
if (p) if (p)
sig->timestamp = buf32_to_u32 (p); sig->timestamp = buf32_to_u32 (p);
else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110) else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
@ -2076,7 +2077,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
/* Set the key id. We first try the issuer fingerprint and if /* Set the key id. We first try the issuer fingerprint and if
* it is a v4 signature the fallback to the issuer. Note that * it is a v4 signature the fallback to the issuer. Note that
* only the issuer packet is also searched in the unhashed area. */ * only the issuer packet is also searched in the unhashed area. */
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &len); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &len);
if (p && len == 21 && p[0] == 4) if (p && len == 21 && p[0] == 4)
{ {
sig->keyid[0] = buf32_to_u32 (p + 1 + 12); sig->keyid[0] = buf32_to_u32 (p + 1 + 12);
@ -2096,21 +2097,21 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
&& opt.verbose && !glo_ctrl.silence_parse_warnings) && opt.verbose && !glo_ctrl.silence_parse_warnings)
log_info ("signature packet without keyid\n"); log_info ("signature packet without keyid\n");
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_EXPIRE, NULL);
if (p && buf32_to_u32 (p)) if (p && buf32_to_u32 (p))
sig->expiredate = sig->timestamp + buf32_to_u32 (p); sig->expiredate = sig->timestamp + buf32_to_u32 (p);
if (sig->expiredate && sig->expiredate <= make_timestamp ()) if (sig->expiredate && sig->expiredate <= make_timestamp ())
sig->flags.expired = 1; sig->flags.expired = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, NULL);
if (p) if (p)
sig->flags.policy_url = 1; sig->flags.policy_url = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, NULL);
if (p) if (p)
sig->flags.pref_ks = 1; sig->flags.pref_ks = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIGNERS_UID, &len);
if (p && len) if (p && len)
{ {
char *mbox; char *mbox;
@ -2129,15 +2130,15 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
} }
} }
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_NOTATION, NULL);
if (p) if (p)
sig->flags.notation = 1; sig->flags.notation = 1;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_REVOCABLE, NULL);
if (p && *p == 0) if (p && *p == 0)
sig->flags.revocable = 0; sig->flags.revocable = 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len); p = parse_sig_subpkt (sig, 1, SIGSUBPKT_TRUST, &len);
if (p && len == 2) if (p && len == 2)
{ {
sig->trust_depth = p[0]; sig->trust_depth = p[0];
@ -2146,7 +2147,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
/* Only look for a regexp if there is also a trust /* Only look for a regexp if there is also a trust
subpacket. */ subpacket. */
sig->trust_regexp = sig->trust_regexp =
parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len); parse_sig_subpkt (sig, 1, SIGSUBPKT_REGEXP, &len);
/* If the regular expression is of 0 length, there is no /* If the regular expression is of 0 length, there is no
regular expression. */ regular expression. */
@ -2179,8 +2180,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
sig->digest_algo, sig->digest_start[0], sig->digest_start[1]); sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
if (is_v4or5) if (is_v4or5)
{ {
parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL); parse_sig_subpkt (sig, 1, SIGSUBPKT_LIST_HASHED, NULL);
parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL); parse_sig_subpkt (sig, 0, SIGSUBPKT_LIST_UNHASHED, NULL);
} }
} }

4
g10/pkclist.c
View File

@ -63,8 +63,8 @@ do_show_revocation_reason( PKT_signature *sig )
int seq = 0; int seq = 0;
const char *text; const char *text;
while( (p = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REVOC_REASON, while ((p = enum_sig_subpkt (sig, 1, SIGSUBPKT_REVOC_REASON,
&n, &seq, NULL )) ) { &n, &seq, NULL)) ) {
if( !n ) if( !n )
continue; /* invalid - just skip it */ continue; /* invalid - just skip it */