z/OS support: Lengths

Finally returning the correct lengths

src/signature.c

@@ -167,7 +167,6 @@ rsa_sign(pgp_hash_t *hash,
 #elif defined(HAVE_GSKSSL)
     gsk_buffer bn;
 #endif
-
     if (strcmp(hash->name, "SHA1") == 0) {
         hashsize = PGP_SHA1_HASH_SIZE + sizeof(prefix_sha1);
         prefix = prefix_sha1;
@@ -187,7 +186,7 @@ rsa_sign(pgp_hash_t *hash,
 #if defined(HAVE_OPENSSL)
     keysize = (BN_num_bits(pubrsa->n) + 7) / 8;
 #elif defined(HAVE_GSKSSL)
-    keysize = ((pubrsa->n.length*8)+7)/8;
+    keysize = pubrsa->n->length;
 #endif
 
     if (keysize > sizeof(hashbuf)) {
@@ -232,9 +231,11 @@ rsa_sign(pgp_hash_t *hash,
     bn.length=t;
     memcpy(bn.data,sigbuf,t);
 #endif
-    pgp_write_mpi(out, bn);
-#ifdef HAVE_OPENSSL
+    pgp_write_mpi(out, &bn);
+#if defined(HAVE_OPENSSL)
     BN_free(bn);
+#elif defined(HAVE_GSKSSL)
+    gsk_free_buffer(&bn);
 #endif
     return 1;
 }
@@ -275,9 +276,12 @@ dsa_sign(pgp_hash_t *hash,
     pgp_write_mpi(output, pgpdsasig->r);
     pgp_write_mpi(output, pgpdsasig->s);
 
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL)
     BN_free(pgpdsasig->r);
     BN_free(pgpdsasig->s);
+#elif defined(HAVE_GSKSSL)
+    gsk_free_buffer(pgpdsasig->r);
+    gsk_free_buffer(pgpdsasig->s);
 #endif
     free(pgpdsasig);
     return 1;
@@ -302,7 +306,7 @@ rsa_verify(pgp_hash_alg_t type,
 #if defined(HAVE_OPENSSL)
     keysize = BN_num_bytes(pubrsa->n);
 #elif defined(HAVE_GSKSSL)
-    keysize = pubrsa->n.length;
+    keysize = pubrsa->n->length;
 #endif
     /* RSA key can't be bigger than 65535 bits, so... */
     if (keysize > sizeof(hashbuf_from_sig)) {
@@ -315,23 +319,18 @@ rsa_verify(pgp_hash_alg_t type,
         return 0;
     }
     BN_bn2bin(sig->sig, sigbuf);
-    n = pgp_rsa_public_decrypt(hashbuf_from_sig, sigbuf,
-        (unsigned)(BN_num_bits(sig->sig) + 7) / 8, pubrsa);
+    n = pgp_rsa_public_decrypt(hashbuf_from_sig, sigbuf, (unsigned)(BN_num_bits(sig->sig) + 7) / 8, pubrsa);
 #elif defined(HAVE_GSKSSL)
-    if ((unsigned) sig->sig.length > sizeof(sigbuf)) {
+    if ((unsigned) sig->sig->length > sizeof(sigbuf)) {
         (void) fprintf(stderr, "rsa_verify: numbits too big\n");
         return 0;
     }
-    memcpy(sigbuf, sig->sig.data, sig->sig.length);
+    memcpy(sigbuf, sig->sig->data, sig->sig->length);
     memcpy(hashbuf_from_sig, hash, hash_length);
-
-    n = pgp_rsa_public_decrypt(hashbuf_from_sig, sigbuf, sig->sig.length, pubrsa);
-
+    n = pgp_rsa_public_decrypt(hashbuf_from_sig, sigbuf, sig->sig->length, pubrsa);
 #endif
-
     debug_len_decrypted = n;
 
-#if 0
     if (n != keysize) {
         /* obviously, this includes error returns */
         (void) fprintf(stderr, "hashbuf size (%d) != hashsize (%d) \n",n,keysize);
@@ -343,7 +342,6 @@ rsa_verify(pgp_hash_alg_t type,
     if (hashbuf_from_sig[0] != 0 || hashbuf_from_sig[1] != 1) {
         return 0;
     }
-#endif
 
     switch (type) {
     case PGP_HASH_MD5:
@@ -368,21 +366,18 @@ rsa_verify(pgp_hash_alg_t type,
     }
 
     if (keysize - plen - hash_length < 10) {
-        printf("%s, %s:%d\n",__FUNCTION__,__FILE__,__LINE__);
         return 0;
     }
 
-    /*for (n = 2; n < keysize - plen - hash_length - 1; ++n) {
+    for (n = 2; n < keysize - plen - hash_length - 1; ++n) {
         if (hashbuf_from_sig[n] != 0xff) {
-            printf("%s, %s:%d\n",__FUNCTION__,__FILE__,__LINE__);
             return 0;
         }
-    }*/
+    }
 
-    /*if (hashbuf_from_sig[n++] != 0) {
-        printf("%s, %s:%d\n",__FUNCTION__,__FILE__,__LINE__);
+    if (hashbuf_from_sig[n++] != 0) {
         return 0;
-    }*/
+    }
 
     if (pgp_get_debug_level(__FILE__)) {
         hexdump(stderr, "sig hashbuf", hashbuf_from_sig, debug_len_decrypted);
@@ -390,9 +385,8 @@ rsa_verify(pgp_hash_alg_t type,
         hexdump(stderr, "sig hash", &hashbuf_from_sig[n + plen], hash_length);
         hexdump(stderr, "input hash", hash, hash_length);
     }
-    //return (memcmp(&hashbuf_from_sig[n], prefix, plen) == 0 &&
-    //        memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) == 0);
-    return 1;
+    return (memcmp(&hashbuf_from_sig[n], prefix, plen) == 0 &&
+            memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) == 0);
 }
 
 static void 
@@ -527,8 +521,8 @@ pgp_check_useridcert_sig(const pgp_pubkey_t *key,
               const pgp_sig_t *sig,
               const pgp_pubkey_t *signer)
 {
-    pgp_hash_t    hash;
-    size_t          userid_len;
+    pgp_hash_t hash;
+    size_t userid_len;
 
     userid_len = strlen((const char *) id);
     init_key_sig(&hash, sig, key);
@@ -558,8 +552,7 @@ pgp_check_userattrcert_sig(const pgp_pubkey_t *key,
                 const pgp_sig_t *sig,
                 const pgp_pubkey_t *signer)
 {
-    pgp_hash_t      hash;
-
+    pgp_hash_t hash;
     init_key_sig(&hash, sig, key);
     if (sig->info.version == PGP_V4) {
         pgp_hash_add_int(&hash, 0xd1, 1);
@@ -809,7 +802,7 @@ pgp_write_sig(pgp_output_t *output,
 #if defined(HAVE_OPENSSL)
         if (seckey->key.rsa.d == NULL) {
 #elif defined(HAVE_GSKSSL)
-        if (seckey->key.rsa.d.length == 0) {
+        if (seckey->key.rsa.d->length == 0) {
 #endif
             (void) fprintf(stderr, "pgp_write_sig: null rsa.d\n");
             return 0;
@@ -820,7 +813,7 @@ pgp_write_sig(pgp_output_t *output,
 #if defined(HAVE_OPENSSL)
         if (seckey->key.dsa.x == NULL) {
 #elif defined(HAVE_GSKSSL)
-        if (seckey->key.dsa.x.length == 0) {
+        if (seckey->key.dsa.x->length == 0) {
 #endif
             (void) fprintf(stderr, "pgp_write_sig: null dsa.x\n");
             return 0;
@@ -1007,12 +1000,9 @@ pgp_add_key_features(pgp_create_sig_t *sig)
  */
 
 unsigned 
-pgp_add_issuer_keyid(pgp_create_sig_t *sig,
-                const uint8_t keyid[PGP_KEY_ID_SIZE])
+pgp_add_issuer_keyid(pgp_create_sig_t *sig, const uint8_t keyid[PGP_KEY_ID_SIZE])
 {
-    return pgp_write_ss_header(sig->output, PGP_KEY_ID_SIZE + 1,
-                PGP_PTAG_SS_ISSUER_KEY_ID) &&
-        pgp_write(sig->output, keyid, PGP_KEY_ID_SIZE);
+    return pgp_write_ss_header(sig->output, PGP_KEY_ID_SIZE + 1, PGP_PTAG_SS_ISSUER_KEY_ID) && pgp_write(sig->output, keyid, PGP_KEY_ID_SIZE);
 }
 
 /**