X-Git-Url: http://the.earth.li/gitweb/?a=blobdiff_plain;f=sigcheck.c;h=c1a7ce541f3931aaa40640919dec99b810b8f794;hb=refs%2Fheads%2Fmain;hp=29ab652e71dda830273b4f45c1bd994094ece9e0;hpb=3a9aaa4369f8078b801cddd2353db5730d2388c8;p=onak.git

diff --git a/sigcheck.c b/sigcheck.c
index 29ab652..c1a7ce5 100644
--- a/sigcheck.c
+++ b/sigcheck.c
@@ -116,7 +116,7 @@ static void onak_free_key_material(struct onak_key_material *key)
 static onak_status_t onak_parse_key_material(struct openpgp_packet *pk,
 		struct onak_key_material *key)
 {
-	int i, len, ofs;
+	int len, ofs;
 	enum onak_oid oid;
 	mpz_t x, y;
 	onak_status_t ret = ONAK_E_OK;
@@ -263,6 +263,12 @@ static onak_status_t onak_parse_key_material(struct openpgp_packet *pk,
 		return ONAK_E_UNSUPPORTED_FEATURE;
 	}
 
+	/*
+	 * Keep scan-build happy; we bump this in MPI_TO_MPZ and then don't use
+	 * it again the last time we do so.
+	 */
+	(void)ofs;
+
 	key->type = pk->data[5];
 
 	if (ret != ONAK_E_OK) {
@@ -272,7 +278,7 @@ static onak_status_t onak_parse_key_material(struct openpgp_packet *pk,
 	return ret;
 }
 
-onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey,
+onak_status_t onak_check_hash_sig(struct openpgp_packet *sigkey,
 		struct openpgp_packet *sig,
 		uint8_t *hash,
 		uint8_t hashtype)
@@ -282,11 +288,11 @@ onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey,
 	struct dsa_signature dsasig;
 	uint8_t sigkeytype;
 	uint8_t edsig[64];
-	uint64_t keyid;
 	int len, ofs;
+	size_t count;
 	mpz_t s;
 
-	ret = onak_parse_key_material(sigkey->publickey, &pubkey);
+	ret = onak_parse_key_material(sigkey, &pubkey);
 	if (ret != ONAK_E_OK) {
 		return ret;
 	}
@@ -311,7 +317,7 @@ onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey,
 		}
 
 		/* Skip to the signature material */
-		ofs += 19;
+		ofs = 19;
 		sigkeytype = sig->data[15];
 	} else if (sig->data[0] >= 4) {
 		/* Skip the hashed data */
@@ -356,8 +362,22 @@ onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey,
 		MPI_TO_MPZ(sig, dsasig.r);
 		if (ret == ONAK_E_OK)
 			MPI_TO_MPZ(sig, dsasig.s);
-		mpz_export(edsig, NULL, 1, 1, 0, 0, dsasig.r);
-		mpz_export(&edsig[32], NULL, 1, 1, 0, 0, dsasig.s);
+		mpz_export(edsig, &count, 1, 1, 0, 0, dsasig.r);
+		if (count < 32) {
+			memmove(&edsig[32 - count], edsig, count);
+			while (count < 32) {
+				count++;
+				edsig[32 - count] = 0;
+			}
+		}
+		mpz_export(&edsig[32], &count, 1, 1, 0, 0, dsasig.s);
+		if (count < 32) {
+			memmove(&edsig[32 - count], edsig, count);
+			while (count < 32) {
+				count++;
+				edsig[32 - count] = 0;
+			}
+		}
 		break;
 	case OPENPGP_PKALGO_RSA:
 	case OPENPGP_PKALGO_RSA_SIGN:
@@ -524,7 +544,6 @@ onak_status_t calculate_packet_sighash(struct openpgp_publickey *key,
 	uint8_t keyheader[5];
 	uint8_t packetheader[5];
 	uint8_t trailer[10];
-	int i;
 	uint64_t keyid;
 	onak_status_t res;