gnupg2/backport-0002-CVE-2025-30258-gpg-Remove-a-signature-check-function-wrapper.patch

From b54b7f5934b23dac80220f2c34e54fd6c71e689c Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 20 Feb 2025 14:50:20 +0100
Subject: [PATCH 2/4] gpg: Remove a signature check function wrapper.

* g10/sig-check.c (check_signature2): Rename to
(check_signature): this and remove the old wrapper. Adjust all
callers.

(cherry picked by dkg from commit 9cd371b12d80cfc5bc85cb6e5f5eebb4decbe94f)

Reference link:
https://salsa.debian.org/debian/gnupg2/-/blob/debian/2.2.46-6/debian/patches/from-2.4/gpg-Remove-a-signature-check-function-wrapper.patch

Signed-off-by: baogen shang <baogen.shang@windriver.com>
---
 g10/mainproc.c  |  5 ++---
 g10/packet.h    |  6 +-----
 g10/sig-check.c | 15 +++------------
 3 files changed, 6 insertions(+), 20 deletions(-)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index d1c980b..8e788c3 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1167,7 +1167,7 @@ do_check_sig (CTX c, kbnode_t node,
 
   /* We only get here if we are checking the signature of a binary
      (0x00) or text document (0x01).  */
-  rc = check_signature2 (c->ctrl, sig, md,
+  rc = check_signature (c->ctrl, sig, md,
                          forced_pk,
                          NULL, is_expkey, is_revkey, r_pk);
   if (! rc)
@@ -1176,7 +1176,7 @@ do_check_sig (CTX c, kbnode_t node,
     {
       PKT_public_key *pk2;
 
-      rc = check_signature2 (c->ctrl, sig, md2,
+      rc = check_signature (c->ctrl, sig, md2,
                              forced_pk,
                              NULL, is_expkey, is_revkey,
                              r_pk? &pk2 : NULL);
@@ -1837,7 +1837,6 @@ issuer_fpr_string (PKT_signature *sig)
   return p? bin2hex (p, n, NULL) : NULL;
 }
 
-
 static void
 print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
                           PKT_signature *sig, int rc)
diff --git a/g10/packet.h b/g10/packet.h
index 187fffc..c40401a 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -882,16 +882,12 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
 
 
 /*-- sig-check.c --*/
-/* Check a signature.  This is shorthand for check_signature2 with
-   the unnamed arguments passed as NULL.  */
-int check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest);
-
 /* Check a signature.  Looks up the public key from the key db.  (If
  * R_PK is not NULL, it is stored at RET_PK.)  DIGEST contains a
  * valid hash context that already includes the signed data.  This
  * function adds the relevant meta-data to the hash before finalizing
  * it and verifying the signature.  FOCRED_PK is usually NULL. */
-gpg_error_t check_signature2 (ctrl_t ctrl,
+gpg_error_t check_signature (ctrl_t ctrl,
                               PKT_signature *sig, gcry_md_hd_t digest,
                               PKT_public_key *forced_pk,
                               u32 *r_expiredate, int *r_expired, int *r_revoked,
diff --git a/g10/sig-check.c b/g10/sig-check.c
index afaa90a..a29470f 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -63,16 +63,6 @@ sig_check_dump_stats (void)
             cache_stats.goodsig, cache_stats.badsig);
 }
 
-
-/* Check a signature.  This is shorthand for check_signature2 with
-   the unnamed arguments passed as NULL.  */
-int
-check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)
-{
-  return check_signature2 (ctrl, sig, digest, NULL, NULL, NULL, NULL, NULL);
-}
-
-
 /* Check a signature.
  *
  * Looks up the public key that created the signature (SIG->KEYID)
@@ -114,7 +104,7 @@ check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)
  *
  * Returns 0 on success.  An error code otherwise.  */
 gpg_error_t
-check_signature2 (ctrl_t ctrl,
+check_signature (ctrl_t ctrl,
                   PKT_signature *sig, gcry_md_hd_t digest,
                   PKT_public_key *forced_pk,
                   u32 *r_expiredate,
@@ -721,7 +711,8 @@ check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig)
               hash_public_key(md,pk);
 	      /* Note: check_signature only checks that the signature
 		 is good.  It does not fail if the key is revoked.  */
-              rc = check_signature (ctrl, sig, md);
+              rc = check_signature (ctrl, sig, md, NULL, 0, NULL,
+                                    NULL, NULL, NULL, NULL);
 	      cache_sig_result(sig,rc);
               gcry_md_close (md);
 	      break;
-- 
2.33.0