From b817e792ee453485b117eefad128971c59ea576f Mon Sep 17 00:00:00 2001 From: Jonathan McDowell Date: Sat, 2 Jan 2021 11:31:27 +0000 Subject: [PATCH] Don't take creation time from unhashed subpackets When looking at the subpackets for a signature don't use the unhashed set to obtain the creation time, and only use them for the keyid if it wasn't present in the hashed section. Fixes #3 --- decodekey.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/decodekey.c b/decodekey.c index 481b8aa..f8cc407 100644 --- a/decodekey.c +++ b/decodekey.c @@ -230,17 +230,27 @@ onak_status_t sig_info(struct openpgp_packet *packet, uint64_t *keyid, break; case 4: case 5: + if (keyid != NULL) { + *keyid = 0; + } res = parse_subpackets(&packet->data[4], packet->length - 4, &length, keyid, creation); if (res != ONAK_E_OK) { return res; } - res = parse_subpackets(&packet->data[length + 4], - packet->length - (4 + length), - &length, keyid, creation); - if (res != ONAK_E_OK) { - return res; + /* + * Only look at the unhashed subpackets if we want the + * keyid and it wasn't in the signed subpacket + * section. + */ + if (keyid != NULL && *keyid == 0) { + res = parse_subpackets(&packet->data[length + 4], + packet->length - (4 + length), + &length, keyid, NULL); + if (res != ONAK_E_OK) { + return res; + } } break; default: -- 2.39.5