gpgsm: Strip trailing zeroes from detached signatures.

* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(starts_with_sequence): New.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
signatures.
--

Note that this works only if --assume-binary is given.  The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.

1 files changed, 8 insertions, 2 deletions

diff --git a/sm/verify.c b/sm/verify.c
index 9f1216f83..a07d1c9c7 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -105,12 +105,17 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
   int signer;
   const char *algoid;
   int algo;
-  int is_detached;
+  int is_detached, maybe_detached;
   estream_t in_fp = NULL;
   char *p;
 
   audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
 
+  /* Although we detect detached signatures during the parsing phase,
+   * we need to know it earlier and thus accept the caller idea of
+   * what to verify.  */
+  maybe_detached = (data_fd != -1);
+
   kh = keydb_new (ctrl);
   if (!kh)
     {
@@ -131,7 +136,8 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
   rc = gnupg_ksba_create_reader
     (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
                   | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
-                  | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)),
+                  | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)
+                  | (maybe_detached? GNUPG_KSBA_IO_STRIP : 0)),
      in_fp, &reader);
   if (rc)
     {