* more details.
*
* You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <stdint.h>
-#include "config.h"
+#include "build-config.h"
#include "decodekey.h"
#include "keyid.h"
#include "keystructs.h"
struct sha1_ctx sha1_context;
struct sha1x_ctx sha1x_context;
struct md5_ctx md5_context;
-#ifdef NETTLE_WITH_RIPEMD160
+#ifdef HAVE_NETTLE
struct ripemd160_ctx ripemd160_context;
-#endif
-#ifdef NETTLE_WITH_SHA224
struct sha224_ctx sha224_context;
-#endif
-#ifdef NETTLE_WITH_SHA256
struct sha256_ctx sha256_context;
-#endif
-#ifdef NETTLE_WITH_SHA384
struct sha384_ctx sha384_context;
-#endif
-#ifdef NETTLE_WITH_SHA512
struct sha512_ctx sha512_context;
#endif
uint8_t keyheader[3];
size_t hashlen[8];
int chunks, i;
uint64_t keyid;
+ onak_status_t res;
keyheader[0] = 0x99;
keyheader[1] = key->publickey->length >> 8;
size_t len;
keyid = 0;
- len = parse_subpackets(&sig->data[4], &keyid, NULL);
+ res = parse_subpackets(&sig->data[4],
+ sig->length - 4, &len,
+ &keyid, NULL);
+ if (res != ONAK_E_OK) {
+ /* If it parses badly, reject it */
+ return 0;
+ }
if (keyid == 0 &&
/* No unhashed data */
sig->data[4 + len] == 0 &&
hashdata[chunks] = sig->data;
hashlen[chunks] = siglen = (sig->data[4] << 8) +
sig->data[5] + 6;;
+ if (siglen > sig->length) {
+ /* Signature data exceed packet length, bogus */
+ return 0;
+ }
chunks++;
v4trailer[0] = 4;
}
sha1_digest(&sha1_context, 20, hash);
break;
+ case OPENPGP_HASH_SHA1X:
+ sha1x_init(&sha1x_context);
+ for (i = 0; i < chunks; i++) {
+ sha1x_update(&sha1x_context, hashlen[i], hashdata[i]);
+ }
+ sha1x_digest(&sha1x_context, 20, hash);
+ break;
+#ifdef HAVE_NETTLE
case OPENPGP_HASH_RIPEMD160:
-#ifdef NETTLE_WITH_RIPEMD160
ripemd160_init(&ripemd160_context);
for (i = 0; i < chunks; i++) {
ripemd160_update(&ripemd160_context, hashlen[i],
ripemd160_digest(&ripemd160_context, RIPEMD160_DIGEST_SIZE,
hash);
break;
-#else
- logthing(LOGTHING_INFO, "RIPEMD160 support not available.");
- return -1;
-#endif
- case OPENPGP_HASH_SHA1X:
- sha1x_init(&sha1x_context);
- for (i = 0; i < chunks; i++) {
- sha1x_update(&sha1x_context, hashlen[i], hashdata[i]);
- }
- sha1x_digest(&sha1x_context, 20, hash);
- break;
case OPENPGP_HASH_SHA224:
-#ifdef NETTLE_WITH_SHA224
sha224_init(&sha224_context);
for (i = 0; i < chunks; i++) {
sha224_update(&sha224_context, hashlen[i],
}
sha224_digest(&sha224_context, SHA224_DIGEST_SIZE, hash);
break;
-#else
- logthing(LOGTHING_INFO, "SHA224 support not available.");
- return -1;
-#endif
case OPENPGP_HASH_SHA256:
-#ifdef NETTLE_WITH_SHA256
sha256_init(&sha256_context);
for (i = 0; i < chunks; i++) {
sha256_update(&sha256_context, hashlen[i],
}
sha256_digest(&sha256_context, SHA256_DIGEST_SIZE, hash);
break;
-#else
- logthing(LOGTHING_INFO, "SHA256 support not available.");
- return -1;
-#endif
case OPENPGP_HASH_SHA384:
-#ifdef NETTLE_WITH_SHA384
sha384_init(&sha384_context);
for (i = 0; i < chunks; i++) {
sha384_update(&sha384_context, hashlen[i],
}
sha384_digest(&sha384_context, SHA384_DIGEST_SIZE, hash);
break;
-#else
- logthing(LOGTHING_INFO, "SHA384 support not available.");
- return -1;
-#endif
case OPENPGP_HASH_SHA512:
-#ifdef NETTLE_WITH_SHA512
sha512_init(&sha512_context);
for (i = 0; i < chunks; i++) {
sha512_update(&sha512_context, hashlen[i],
}
sha512_digest(&sha512_context, SHA512_DIGEST_SIZE, hash);
break;
-#else
- logthing(LOGTHING_INFO, "SHA512 support not available.");
- return -1;
#endif
default:
get_keyid(key, &keyid);
projects / onak.git / blobdiff