« back to all changes in this revision
Viewing changes to g10/import.c
- browse files at revision 14.1.12
- compare with another revision
- download diff
- download tarball
- view history from revision 14.1.12
- Committer: Package Import Robot
- Author(s): Eric Dorland
- Date: 2014-06-25 00:11:19 UTC
- mfrom: (1.1.22)
- mto: This revision was merged to the branch mainline in revision 26.
- Revision ID: package-import@ubuntu.com-20140625001119-3ixctkx7b8eobuka
Tags: 2.0.24-1
* New upstream release. Fixes CVE-2014-4617 "infinite loop when
decompressing data packets". (Closes: #752498)
* debian/patches/02-gpgv2-dont-link-libassuan.diff: Drop, now
upstreamed.
decompressing data packets". (Closes: #752498)
* debian/patches/02-gpgv2-dont-link-libassuan.diff: Drop, now
upstreamed.
- files removed:
- .pc/02-gpgv2-dont-link-libassuan.diff
- .pc/02-gpgv2-dont-link-libassuan.diff/g10
- files modified:
- .pc/01-gnupg2-rename.diff/configure.ac
added
removed
g10/import.c
59
59
60
60
61
61
static int import( IOBUF inp, const char* fname,struct stats_s *stats,
62
unsigned char **fpr,size_t *fpr_len,unsigned int options );
62
unsigned char **fpr,size_t *fpr_len,unsigned int options,
63
import_filter_t filter, void *filter_arg );
63
64
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
64
65
static void revocation_present(KBNODE keyblock);
65
66
static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
66
67
unsigned char **fpr,size_t *fpr_len,
67
unsigned int options,int from_sk);
68
unsigned int options,int from_sk,
69
import_filter_t filter, void *filter_arg);
68
70
static int import_secret_one( const char *fname, KBNODE keyblock,
69
struct stats_s *stats, unsigned int options);
71
struct stats_s *stats, unsigned int options,
72
import_filter_t filter, void *filter_arg);
70
73
static int import_revoke_cert( const char *fname, KBNODE node,
71
74
struct stats_s *stats);
72
75
static int chk_self_sigs( const char *fname, KBNODE keyblock,
163
166
static int
164
167
import_keys_internal( IOBUF inp, char **fnames, int nnames,
165
168
void *stats_handle, unsigned char **fpr, size_t *fpr_len,
166
unsigned int options )
169
unsigned int options,
170
import_filter_t filter, void *filter_arg)
167
171
{
168
172
int i, rc = 0;
169
173
struct stats_s *stats = stats_handle;
172
176
stats = import_new_stats_handle ();
173
177
174
178
if (inp) {
175
rc = import( inp, "[stream]", stats, fpr, fpr_len, options);
179
rc = import (inp, "[stream]", stats, fpr, fpr_len, options,
180
filter, filter_arg);
176
181
}
177
182
else {
178
183
int once = (!fnames && !nnames);
192
197
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
193
198
else
194
199
{
195
rc = import( inp2, fname, stats, fpr, fpr_len, options );
200
rc = import (inp2, fname, stats, fpr, fpr_len, options,
201
NULL, NULL);
196
202
iobuf_close(inp2);
197
203
/* Must invalidate that ugly cache to actually close it. */
198
204
iobuf_ioctl (NULL, 2, 0, (char*)fname);
223
229
import_keys( char **fnames, int nnames,
224
230
void *stats_handle, unsigned int options )
225
231
{
226
import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options);
232
import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL,
233
options, NULL, NULL);
227
234
}
228
235
229
236
int
230
237
import_keys_stream( IOBUF inp, void *stats_handle,
231
unsigned char **fpr, size_t *fpr_len,unsigned int options )
238
unsigned char **fpr, size_t *fpr_len,unsigned int options,
239
import_filter_t filter, void *filter_arg)
232
240
{
233
return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options);
241
return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len,
242
options, filter, filter_arg);
234
243
}
235
244
245
236
246
static int
237
import( IOBUF inp, const char* fname,struct stats_s *stats,
238
unsigned char **fpr,size_t *fpr_len,unsigned int options )
247
import (IOBUF inp, const char* fname,struct stats_s *stats,
248
unsigned char **fpr, size_t *fpr_len, unsigned int options,
249
import_filter_t filter, void *filter_arg)
239
250
{
240
251
PACKET *pending_pkt = NULL;
241
KBNODE keyblock = NULL; /* Need to initialize because gcc can't
242
grasp the return semantics of
243
read_block. */
252
KBNODE keyblock = NULL;
244
253
int rc = 0;
245
254
246
255
getkey_disable_caches();
256
265
257
266
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
258
267
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
259
rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0);
260
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
261
rc = import_secret_one( fname, keyblock, stats, options );
268
rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0,
269
filter, filter_arg);
270
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
271
rc = import_secret_one (fname, keyblock, stats, options,
272
filter, filter_arg);
262
273
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
263
274
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
264
275
rc = import_revoke_cert( fname, keyblock, stats );
634
645
KBNODE node;
635
646
PKT_public_key *pk;
636
647
int problem=0;
637
648
638
649
merge_keys_and_selfsig(keyblock);
639
650
pk=keyblock->pkt->pkt.public_key;
640
651
659
670
{
660
671
if (openpgp_cipher_test_algo (prefs->value))
661
672
{
662
const char *algo =
673
const char *algo =
663
674
(openpgp_cipher_test_algo (prefs->value)
664
? num
675
? num
665
676
: openpgp_cipher_algo_name (prefs->value));
666
677
if(!problem)
667
678
check_prefs_warning(pk);
676
687
{
677
688
const char *algo =
678
689
(gcry_md_test_algo (prefs->value)
679
? num
690
? num
680
691
: gcry_md_algo_name (prefs->value));
681
692
if(!problem)
682
693
check_prefs_warning(pk);
745
756
static int
746
757
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
747
758
unsigned char **fpr,size_t *fpr_len,unsigned int options,
748
int from_sk )
759
int from_sk, import_filter_t filter, void *filter_arg)
749
760
{
750
761
PKT_public_key *pk;
751
762
PKT_public_key *pk_orig;
787
798
log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
788
799
return 0;
789
800
}
790
801
802
if (filter && filter (pk, NULL, filter_arg))
803
{
804
log_error (_("key %s: %s\n"), keystr_from_pk(pk),
805
_("rejected by import filter"));
806
return 0;
807
}
808
791
809
if (opt.interactive) {
792
810
if(is_status_enabled())
793
811
print_import_check (pk, uidnode->pkt->pkt.user_id);
924
942
size_t an;
925
943
926
944
fingerprint_from_pk (pk_orig, afp, &an);
927
while (an < MAX_FINGERPRINT_LEN)
945
while (an < MAX_FINGERPRINT_LEN)
928
946
afp[an++] = 0;
929
947
rc = keydb_search_fpr (hd, afp);
930
948
}
948
966
n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
949
967
if (n_sigs_cleaned)
950
968
commit_kbnode (&keyblock_orig);
951
969
952
970
/* and try to merge the block */
953
971
clear_kbnode_flags( keyblock_orig );
954
972
clear_kbnode_flags( keyblock );
1018
1036
stats->n_sigs_cleaned +=n_sigs_cleaned;
1019
1037
stats->n_uids_cleaned +=n_uids_cleaned;
1020
1038
1021
if (is_status_enabled ())
1039
if (is_status_enabled ())
1022
1040
print_import_ok (pk, NULL,
1023
1041
((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
1024
1042
}
1025
1043
else
1026
1044
{
1027
1045
same_key = 1;
1028
if (is_status_enabled ())
1046
if (is_status_enabled ())
1029
1047
print_import_ok (pk, NULL, 0);
1030
1048
1031
1049
if( !opt.quiet )
1165
1183
* with the trust calculation.
1166
1184
*/
1167
1185
static int
1168
import_secret_one( const char *fname, KBNODE keyblock,
1169
struct stats_s *stats, unsigned int options)
1186
import_secret_one (const char *fname, KBNODE keyblock,
1187
struct stats_s *stats, unsigned int options,
1188
import_filter_t filter, void *filter_arg)
1170
1189
{
1171
1190
PKT_secret_key *sk;
1172
1191
KBNODE node, uidnode;
1173
1192
u32 keyid[2];
1174
1193
int rc = 0;
1175
1194
1176
/* get the key and print some info about it */
1195
/* Get the key and print some info about it. */
1177
1196
node = find_kbnode( keyblock, PKT_SECRET_KEY );
1178
1197
if( !node )
1179
1198
BUG();
1182
1201
keyid_from_sk( sk, keyid );
1183
1202
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
1184
1203
1204
if (filter && filter (NULL, sk, filter_arg)) {
1205
log_error (_("secret key %s: %s\n"), keystr_from_sk(sk),
1206
_("rejected by import filter"));
1207
return 0;
1208
}
1209
1185
1210
if( opt.verbose )
1186
1211
{
1187
1212
log_info( "sec %4u%c/%s %s ",
1223
1248
log_error (_("importing secret keys not allowed\n"));
1224
1249
return 0;
1225
1250
}
1226
#endif
1227
1251
#endif
1252
1228
1253
clear_kbnode_flags( keyblock );
1229
1254
1230
1255
/* do we have this key already in one of our secrings ? */
1250
1275
if( !opt.quiet )
1251
1276
log_info( _("key %s: secret key imported\n"), keystr_from_sk(sk));
1252
1277
stats->secret_imported++;
1253
if (is_status_enabled ())
1278
if (is_status_enabled ())
1254
1279
print_import_ok (NULL, sk, 1|16);
1255
1280
1256
1281
if(options&IMPORT_SK2PK)
1260
1285
KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock);
1261
1286
if(pub_keyblock)
1262
1287
{
1263
import_one(fname,pub_keyblock,stats,
1264
NULL,NULL,opt.import_options,1);
1288
import_one (fname, pub_keyblock, stats,
1289
NULL, NULL, opt.import_options, 1,
1290
NULL, NULL);
1265
1291
release_kbnode(pub_keyblock);
1266
1292
}
1267
1293
}
1281
1307
log_error( _("key %s: already in secret keyring\n"),
1282
1308
keystr_from_sk(sk));
1283
1309
stats->secret_dups++;
1284
if (is_status_enabled ())
1310
if (is_status_enabled ())
1285
1311
print_import_ok (NULL, sk, 16);
1286
1312
1287
1313
/* TODO: if we ever do merge secret keys, make sure to handle
1337
1363
{
1338
1364
byte afp[MAX_FINGERPRINT_LEN];
1339
1365
size_t an;
1340
1366
1341
1367
fingerprint_from_pk (pk, afp, &an);
1342
while (an < MAX_FINGERPRINT_LEN)
1368
while (an < MAX_FINGERPRINT_LEN)
1343
1369
afp[an++] = 0;
1344
1370
rc = keydb_search_fpr (hd, afp);
1345
1371
}
1435
1461
int rc;
1436
1462
u32 bsdate=0,rsdate=0;
1437
1463
KBNODE bsnode = NULL, rsnode = NULL;
1438
1464
1439
1465
(void)fname;
1440
1466
(void)pk;
1441
1467
1442
for (n=keyblock; (n = find_next_kbnode (n, 0)); )
1468
for (n=keyblock; (n = find_next_kbnode (n, 0)); )
1443
1469
{
1444
1470
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1445
1471
{
1453
1479
1454
1480
if ( n->pkt->pkttype != PKT_SIGNATURE )
1455
1481
continue;
1456
1482
1457
1483
sig = n->pkt->pkt.signature;
1458
1484
if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
1459
1485
{
1465
1491
import a fully-cached key which speeds things up. */
1466
1492
if (!opt.no_sig_cache)
1467
1493
check_key_signature (keyblock, n, NULL);
1468
1494
1469
1495
if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
1470
1496
{
1471
1497
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
1475
1501
keystr(keyid));
1476
1502
return -1; /* The complete keyblock is invalid. */
1477
1503
}
1478
1504
1479
1505
/* If it hasn't been marked valid yet, keep trying. */
1480
if (!(unode->flag&1))
1506
if (!(unode->flag&1))
1481
1507
{
1482
1508
rc = check_key_signature (keyblock, n, NULL);
1483
1509
if ( rc )
1484
1510
{
1485
1511
if ( opt.verbose )
1486
1512
{
1487
char *p = utf8_to_native
1513
char *p = utf8_to_native
1488
1514
(unode->pkt->pkt.user_id->name,
1489
1515
strlen (unode->pkt->pkt.user_id->name),0);
1490
1516
log_info (gpg_err_code(rc) == G10ERR_PUBKEY_ALGO ?
1513
1539
n->flag |= 4;
1514
1540
}
1515
1541
}
1516
else if ( IS_SUBKEY_SIG (sig) )
1542
else if ( IS_SUBKEY_SIG (sig) )
1517
1543
{
1518
1544
/* Note that this works based solely on the timestamps like
1519
1545
the rest of gpg. If the standard gets revocation
1542
1568
else
1543
1569
{
1544
1570
/* It's valid, so is it newer? */
1545
if (sig->timestamp >= bsdate)
1571
if (sig->timestamp >= bsdate)
1546
1572
{
1547
1573
knode->flag |= 1; /* The subkey is valid. */
1548
1574
if (bsnode)
1549
1575
{
1550
1576
/* Delete the last binding sig since this
1551
1577
one is newer */
1552
bsnode->flag |= 4;
1578
bsnode->flag |= 4;
1553
1579
if (opt.verbose)
1554
1580
log_info (_("key %s: removed multiple subkey"
1555
1581
" binding\n"),keystr(keyid));
1556
1582
}
1557
1583
1558
1584
bsnode = n;
1559
1585
bsdate = sig->timestamp;
1560
1586
}
1599
1625
{
1600
1626
/* Delete the last revocation sig since
1601
1627
this one is newer. */
1602
rsnode->flag |= 4;
1628
rsnode->flag |= 4;
1603
1629
if (opt.verbose)
1604
1630
log_info (_("key %s: removed multiple subkey"
1605
1631
" revocation\n"),keystr(keyid));
1606
1632
}
1607
1633
1608
1634
rsnode = n;
1609
1635
rsdate = sig->timestamp;
1610
1636
}
2345
2371
PACKET *pkt = xmalloc_clear (sizeof *pkt);
2346
2372
PKT_secret_key *sk = xmalloc_clear (sizeof *sk);
2347
2373
int i, n;
2348
2374
2349
2375
if (pubnode->pkt->pkttype == PKT_PUBLIC_KEY)
2350
2376
pkt->pkttype = PKT_SECRET_KEY;
2351
2377
else
2352
2378
pkt->pkttype = PKT_SECRET_SUBKEY;
2353
2379
2354
2380
pkt->pkt.secret_key = sk;
2355
2381
2356
2382
copy_public_parts_to_secret_key ( pk, sk );
2357
2383
sk->version = pk->version;
2358
2384
sk->timestamp = pk->timestamp;
2359
2385
2360
2386
n = pubkey_get_npkey (pk->pubkey_algo);
2361
2387
if (!n)
2362
2388
n = 1; /* Unknown number of parameters, however the data
2363
2389
is stored in the first mpi. */
2364
2390
for (i=0; i < n; i++ )
2365
2391
sk->skey[i] = mpi_copy (pk->pkey[i]);
2366
2392
2367
2393
sk->is_protected = 1;
2368
2394
sk->protect.s2k.mode = 1001;
2369
2395
2370
2396
secnode = new_kbnode (pkt);
2371
2397
}
2372
2398
else
2373
2399
{
2374
2400
secnode = clone_kbnode (pubnode);
2375
2401
}
2376
2402
2377
2403
if(!sec_keyblock)
2378
2404
sec_keyblock = secnode;
2379
2405
else
2387
2413
/* Walk over the secret keyring SEC_KEYBLOCK and update any simple
2388
2414
stub keys with the serial number SNNUM of the card if one of the
2389
2415
fingerprints FPR1, FPR2 or FPR3 match. Print a note if the key is
2390
a duplicate (may happen in case of backed uped keys).
2391
2416
a duplicate (may happen in case of backed uped keys).
2417
2392
2418
Returns: True if anything changed.
2393
2419
*/
2394
2420
static int
2395
update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
2421
update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
2396
2422
const unsigned char *fpr1,
2397
2423
const unsigned char *fpr2,
2398
2424
const unsigned char *fpr3,
2412
2438
&& node->pkt->pkttype != PKT_SECRET_SUBKEY)
2413
2439
continue;
2414
2440
sk = node->pkt->pkt.secret_key;
2415
2441
2416
2442
fingerprint_from_sk (sk, array, &n);
2417
2443
if (n != 20)
2418
2444
continue; /* Can't be a card key. */
2462
2488
exists, add appropriate subkey stubs and update the secring.
2463
2489
Return 0 if the key could be created. */
2464
2490
int
2465
auto_create_card_key_stub ( const char *serialnostr,
2491
auto_create_card_key_stub ( const char *serialnostr,
2466
2492
const unsigned char *fpr1,
2467
2493
const unsigned char *fpr2,
2468
2494
const unsigned char *fpr3)
2473
2499
int rc;
2474
2500
2475
2501
/* We only want to do this for an OpenPGP card. */
2476
if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
2502
if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
2477
2503
|| strlen (serialnostr) != 32 )
2478
2504
return G10ERR_GENERAL;
2479
2505
2484
2510
;
2485
2511
else
2486
2512
return G10ERR_GENERAL;
2487
2513
2488
2514
hd = keydb_new (1);
2489
2515
2490
2516
/* Now check whether there is a secret keyring. */
2510
2536
else
2511
2537
{
2512
2538
merge_keys_and_selfsig (sec_keyblock);
2513
2539
2514
2540
/* FIXME: We need to add new subkeys first. */
2515
2541
if (update_sec_keyblock_with_cardinfo (sec_keyblock,
2516
2542
fpr1, fpr2, fpr3,
2544
2570
keydb_get_resource_name (hd), g10_errstr(rc) );
2545
2571
}
2546
2572
}
2547
2573
2548
2574
release_kbnode (sec_keyblock);
2549
2575
release_kbnode (pub_keyblock);
2550
2576
keydb_release (hd);
Loggerhead is a web-based interface for Breezy
Version: 2.0.1