diff options
| -rw-r--r-- | g10/build-packet.c | 2 | ||||
| -rw-r--r-- | g10/parse-packet.c | 16 | ||||
| -rw-r--r-- | g10/sig-check.c | 29 | ||||
| -rw-r--r-- | g10/sign.c | 47 |
4 files changed, 54 insertions, 40 deletions
diff --git a/g10/build-packet.c b/g10/build-packet.c index 3c500d34f..dd4ad54bf 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -1536,7 +1536,7 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig ) else iobuf_put( a, sig->version ); if ( sig->version < 4 ) - iobuf_put (a, 5 ); /* Constant */ + iobuf_put (a, 5 ); /* Constant used by pre-v4 signatures. */ iobuf_put (a, sig->sig_class ); if ( sig->version < 4 ) { diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 92c65294a..78413e49a 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1932,7 +1932,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, { int md5_len = 0; unsigned n; - int is_v4 = 0; + int is_v4or5 = 0; int rc = 0; int i, ndata; @@ -1945,8 +1945,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, } sig->version = iobuf_get_noeof (inp); pktlen--; - if (sig->version == 4) - is_v4 = 1; + if (sig->version == 4 || sig->version == 5) + is_v4or5 = 1; else if (sig->version != 2 && sig->version != 3) { log_error ("packet(%d) with unknown version %d\n", @@ -1957,7 +1957,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, goto leave; } - if (!is_v4) + if (!is_v4or5) { if (pktlen == 0) goto underflow; @@ -1968,7 +1968,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, goto underflow; sig->sig_class = iobuf_get_noeof (inp); pktlen--; - if (!is_v4) + if (!is_v4or5) { if (pktlen < 12) goto underflow; @@ -1987,7 +1987,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, pktlen--; sig->flags.exportable = 1; sig->flags.revocable = 1; - if (is_v4) /* Read subpackets. */ + if (is_v4or5) /* Read subpackets. */ { if (pktlen < 2) goto underflow; @@ -2058,7 +2058,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, sig->digest_start[1] = iobuf_get_noeof (inp); pktlen--; - if (is_v4 && sig->pubkey_algo) /* Extract required information. */ + if (is_v4or5 && sig->pubkey_algo) /* Extract required information. */ { const byte *p; size_t len; @@ -2159,7 +2159,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, (ulong) sig->keyid[0], (ulong) sig->keyid[1], sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class, sig->digest_algo, sig->digest_start[0], sig->digest_start[1]); - if (is_v4) + if (is_v4or5) { parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL); parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL); diff --git a/g10/sig-check.c b/g10/sig-check.c index 9c32d4d12..6d7f1afbd 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -510,7 +510,8 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, } else { - byte buf[6]; + byte buf[10]; + int i; size_t n; gcry_md_putc (digest, sig->pubkey_algo); gcry_md_putc (digest, sig->digest_algo); @@ -531,13 +532,21 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, n = 6; } /* add some magic per Section 5.2.4 of RFC 4880. */ - buf[0] = sig->version; - buf[1] = 0xff; - buf[2] = n >> 24; - buf[3] = n >> 16; - buf[4] = n >> 8; - buf[5] = n; - gcry_md_write( digest, buf, 6 ); + i = 0; + buf[i++] = sig->version; + buf[i++] = 0xff; + if (sig->version >= 5) + { + buf[i++] = 0; + buf[i++] = 0; + buf[i++] = 0; + buf[i++] = 0; + } + buf[i++] = n >> 24; + buf[i++] = n >> 16; + buf[i++] = n >> 8; + buf[i++] = n; + gcry_md_write (digest, buf, i); } gcry_md_final( digest ); @@ -572,7 +581,7 @@ hash_uid_packet (PKT_user_id *uid, gcry_md_hd_t md, PKT_signature *sig ) { if (uid->attrib_data) { - if (sig->version >=4) + if (sig->version >= 4) { byte buf[5]; buf[0] = 0xd1; /* packet of type 17 */ @@ -586,7 +595,7 @@ hash_uid_packet (PKT_user_id *uid, gcry_md_hd_t md, PKT_signature *sig ) } else { - if (sig->version >=4) + if (sig->version >= 4) { byte buf[5]; buf[0] = 0xb4; /* indicates a userid packet */ diff --git a/g10/sign.c b/g10/sign.c index 83f455122..213fd0145 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -220,7 +220,8 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid) static void hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) { - byte buf[6]; + byte buf[10]; + int i; size_t n; gcry_md_putc (md, sig->version); @@ -242,13 +243,21 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) n = 6; } /* Add some magic. */ - buf[0] = sig->version; - buf[1] = 0xff; - buf[2] = n >> 24; /* (n is only 16 bit, so this is always 0) */ - buf[3] = n >> 16; - buf[4] = n >> 8; - buf[5] = n; - gcry_md_write (md, buf, 6); + i = 0; + buf[i++] = sig->version; + buf[i++] = 0xff; + if (sig->version >= 5) + { + buf[i++] = 0; + buf[i++] = 0; + buf[i++] = 0; + buf[i++] = 0; + } + buf[i++] = n >> 24; /* (n is only 16 bit, so this is always 0) */ + buf[i++] = n >> 16; + buf[i++] = n >> 8; + buf[i++] = n; + gcry_md_write (md, buf, i); } @@ -731,11 +740,10 @@ write_signature_packets (ctrl_t ctrl, if (!sig) return gpg_error_from_syserror (); - if (duration || opt.sig_policy_url - || opt.sig_notations || opt.sig_keyserver_url) - sig->version = 4; + if (pk->version >= 5) + sig->version = 5; /* Required for v5 keys. */ else - sig->version = pk->version; + sig->version = 4; /*Required. */ keyid_from_pk (pk, sig->keyid); sig->digest_algo = hash_for (pk); @@ -751,12 +759,8 @@ write_signature_packets (ctrl_t ctrl, if (gcry_md_copy (&md, hash)) BUG (); - if (sig->version >= 4) - { - build_sig_subpkt_from_sig (sig, pk); - mk_notation_policy_etc (sig, NULL, pk); - } - + build_sig_subpkt_from_sig (sig, pk); + mk_notation_policy_etc (sig, NULL, pk); hash_sigversion_to_magic (md, sig); gcry_md_final (md); @@ -1523,9 +1527,10 @@ make_keysig_packet (ctrl_t ctrl, || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x30 || sigclass == 0x28 ); - sigversion = 4; - if (sigversion < pksk->version) - sigversion = pksk->version; + if (pksk->version >= 5) + sigversion = 5; + else + sigversion = 4; if (!digest_algo) { |