Pass a keydb context into cleankeys in preparation for signature checks

[onak.git] / cleankey.c

diff --git a/cleankey.c b/cleankey.c
index c7a69be28e78d2f124acb6a880573ccdcc429e32..55e3161d0d87bb35ebb7d6be2826c919a6571fff 100644 (file)
--- a/cleankey.c
+++ b/cleankey.c
@@ -137,10 +137,28 @@ int clean_sighashes(struct openpgp_publickey *key,
                struct openpgp_packet_list **sigs)
 {
        struct openpgp_packet_list *tmpsig;
+       onak_status_t ret;
+       uint8_t hashtype;
+       uint8_t hash[64];
+       uint8_t *sighash;
        int removed = 0;
+       uint64_t keyid;
 
        while (*sigs != NULL) {
-               if (check_packet_sighash(key, sigdata, (*sigs)->packet) == 0) {
+               ret = calculate_packet_sighash(key, sigdata, (*sigs)->packet,
+                               &hashtype, hash, &sighash);
+
+               if (ret == ONAK_E_UNSUPPORTED_FEATURE) {
+                       get_keyid(key, &keyid);
+                       logthing(LOGTHING_ERROR,
+                               "Unsupported signature hash type %d on 0x%016"
+                               PRIX64,
+                               hashtype,
+                               keyid);
+                       sigs = &(*sigs)->next;
+               } else if (ret != ONAK_E_OK ||
+                               !(hash[0] == sighash[0] &&
+                                       hash[1] == sighash[1])) {
                        tmpsig = *sigs;
                        *sigs = (*sigs)->next;
                        tmpsig->next = NULL;
@@ -237,7 +255,8 @@ int clean_large_packets(struct openpgp_publickey *key)
  *     made, otherwise the number of keys cleaned. Note that some options
  *     may result in keys being removed entirely from the list.
  */
-int cleankeys(struct openpgp_publickey **keys, uint64_t policies)
+int cleankeys(struct onak_dbctx *dbctx, struct openpgp_publickey **keys,
+               uint64_t policies)
 {
        struct openpgp_publickey **curkey, *tmp;
        int changed = 0, count = 0;