diff options
author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 15:59:56 +0900 |
---|---|---|
committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 15:59:56 +0900 |
commit | c399f09830e89ea0ae248ed78502f6c0e6b632c1 (patch) | |
tree | 4a6c4ceb1045e6d87cfa2b6094ff2a9c661e503e /g10/keyring.c | |
parent | 979221d85a7560cff764e23c0d97554ab9c3d853 (diff) | |
download | gpg2-c399f09830e89ea0ae248ed78502f6c0e6b632c1.tar.gz gpg2-c399f09830e89ea0ae248ed78502f6c0e6b632c1.tar.bz2 gpg2-c399f09830e89ea0ae248ed78502f6c0e6b632c1.zip |
Imported Upstream version 2.1.2upstream/2.1.2
Diffstat (limited to 'g10/keyring.c')
-rw-r--r-- | g10/keyring.c | 98 |
1 files changed, 68 insertions, 30 deletions
diff --git a/g10/keyring.c b/g10/keyring.c index a1936b3..ee76e8a 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -309,7 +309,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes) kr->lockhd = dotlock_create (kr->fname, 0); if (!kr->lockhd) { log_info ("can't allocate lock for '%s'\n", kr->fname ); - rc = G10ERR_GENERAL; + rc = GPG_ERR_GENERAL; } } } @@ -324,7 +324,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes) ; else if (dotlock_take (kr->lockhd, -1) ) { log_info ("can't lock '%s'\n", kr->fname ); - rc = G10ERR_GENERAL; + rc = GPG_ERR_GENERAL; } else kr->is_locked = 1; @@ -350,7 +350,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes) /* - * Return the last found keyring. Caller must free it. + * Return the last found keyblock. Caller must free it. * The returned keyblock has the kbode flag bit 0 set for the node with * the public key used to locate the keyblock or flag bit 1 set for * the user ID node. @@ -377,13 +377,13 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) if (!a) { log_error(_("can't open '%s'\n"), hd->found.kr->fname); - return G10ERR_KEYRING_OPEN; + return GPG_ERR_KEYRING_OPEN; } if (iobuf_seek (a, hd->found.offset) ) { log_error ("can't seek '%s'\n", hd->found.kr->fname); iobuf_close(a); - return G10ERR_KEYRING_OPEN; + return GPG_ERR_KEYRING_OPEN; } pkt = xmalloc (sizeof *pkt); @@ -393,23 +393,44 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) save_mode = set_packet_list_mode(0); while ((rc=parse_packet (a, pkt)) != -1) { hd->found.n_packets++; - if (rc == G10ERR_UNKNOWN_PACKET) { + if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) { free_packet (pkt); init_packet (pkt); continue; } + if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) + break; /* Upper layer needs to handle this. */ if (rc) { log_error ("keyring_get_keyblock: read error: %s\n", - g10_errstr(rc) ); - rc = G10ERR_INV_KEYRING; + gpg_strerror (rc) ); + rc = GPG_ERR_INV_KEYRING; break; } - if (pkt->pkttype == PKT_COMPRESSED) { - log_error ("skipped compressed packet in keyring\n"); + + /* Filter allowed packets. */ + switch (pkt->pkttype) + { + case PKT_PUBLIC_KEY: + case PKT_PUBLIC_SUBKEY: + case PKT_SECRET_KEY: + case PKT_SECRET_SUBKEY: + case PKT_USER_ID: + case PKT_ATTRIBUTE: + case PKT_SIGNATURE: + break; /* Allowed per RFC. */ + case PKT_RING_TRUST: + case PKT_OLD_COMMENT: + case PKT_COMMENT: + case PKT_GPG_CONTROL: + break; /* Allowed by us. */ + + default: + log_error ("skipped packet of type %d in keyring\n", + (int)pkt->pkttype); free_packet(pkt); init_packet(pkt); continue; - } + } if (in_cert && (pkt->pkttype == PKT_PUBLIC_KEY || pkt->pkttype == PKT_SECRET_KEY)) { @@ -476,7 +497,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) if (rc || !ret_kb) release_kbnode (keyblock); else { - /*(duplicated form the loop body)*/ + /*(duplicated from the loop body)*/ if ( pkt && pkt->pkttype == PKT_RING_TRUST && lastnode && lastnode->pkt->pkttype == PKT_SIGNATURE @@ -494,7 +515,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) /* Make sure that future search operations fail immediately when * we know that we are working on a invalid keyring */ - if (rc == G10ERR_INV_KEYRING) + if (gpg_err_code (rc) == GPG_ERR_INV_KEYRING) hd->current.error = rc; return rc; @@ -515,7 +536,7 @@ keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb) /* need to know the number of packets - do a dummy get_keyblock*/ rc = keyring_get_keyblock (hd, NULL); if (rc) { - log_error ("re-reading keyblock failed: %s\n", g10_errstr (rc)); + log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc)); return rc; } if (!hd->found.n_packets) @@ -567,7 +588,7 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb) fname = hd->resource? hd->resource->fname:NULL; if (!fname) - return G10ERR_GENERAL; + return GPG_ERR_GENERAL; /* Close this one otherwise we will lose the position for * a next search. Fixme: it would be better to adjust the position @@ -602,7 +623,7 @@ keyring_delete_keyblock (KEYRING_HANDLE hd) /* need to know the number of packets - do a dummy get_keyblock*/ rc = keyring_get_keyblock (hd, NULL); if (rc) { - log_error ("re-reading keyblock failed: %s\n", g10_errstr (rc)); + log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc)); return rc; } if (!hd->found.n_packets) @@ -654,12 +675,18 @@ keyring_search_reset (KEYRING_HANDLE hd) static int prepare_search (KEYRING_HANDLE hd) { - if (hd->current.error) - return hd->current.error; /* still in error state */ + if (hd->current.error) { + /* If the last key was a legacy key, we simply ignore the error so that + we can easily use search_next. */ + if (gpg_err_code (hd->current.error) == GPG_ERR_LEGACY_KEY) + hd->current.error = 0; + else + return hd->current.error; /* still in error state */ + } if (hd->current.kr && !hd->current.eof) { if ( !hd->current.iobuf ) - return G10ERR_GENERAL; /* position invalid after a modify */ + return GPG_ERR_GENERAL; /* Position invalid after a modify. */ return 0; /* okay */ } @@ -1087,7 +1114,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, goto found; break; default: - rc = G10ERR_INV_ARG; + rc = GPG_ERR_INV_ARG; goto found; } } @@ -1300,7 +1327,7 @@ write_keyblock (IOBUF fp, KBNODE keyblock) if ( (rc = build_packet (fp, node->pkt) )) { log_error ("build_packet(%d) failed: %s\n", - node->pkt->pkttype, g10_errstr(rc) ); + node->pkt->pkttype, gpg_strerror (rc) ); return rc; } if (node->pkt->pkttype == PKT_SIGNATURE) @@ -1354,8 +1381,12 @@ keyring_rebuild_cache (void *token,int noisy) if(rc) goto leave; - while ( !(rc = keyring_search (hd, &desc, 1, NULL)) ) + for (;;) { + rc = keyring_search (hd, &desc, 1, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY) + break; /* ready. */ + desc.mode = KEYDB_SEARCH_MODE_NEXT; resname = keyring_get_resource_name (hd); if (lastresname != resname ) @@ -1387,11 +1418,16 @@ keyring_rebuild_cache (void *token,int noisy) goto leave; } + if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) + continue; + release_kbnode (keyblock); rc = keyring_get_keyblock (hd, &keyblock); if (rc) { - log_error ("keyring_get_keyblock failed: %s\n", g10_errstr(rc)); + if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) + continue; /* Skip legacy keys. */ + log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc)); goto leave; } if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY) @@ -1416,7 +1452,9 @@ keyring_rebuild_cache (void *token,int noisy) The code required to keep them in the keyring would be too complicated. Given that we do not touch the old secring.gpg a suitable backup for decryption of v3 stuff - using an older gpg version will always be available. */ + using an older gpg version will always be available. + Note: This test is actually superfluous because we + already acted upon GPG_ERR_LEGACY_KEY. */ } else { @@ -1459,7 +1497,7 @@ keyring_rebuild_cache (void *token,int noisy) rc = 0; if (rc) { - log_error ("keyring_search failed: %s\n", g10_errstr(rc)); + log_error ("keyring_search failed: %s\n", gpg_strerror (rc)); goto leave; } if(noisy || opt.verbose) @@ -1541,7 +1579,7 @@ do_copy (int mode, const char *fname, KBNODE root, while ( (node = walk_kbnode( root, &kbctx, 0 )) ) { if( (rc = build_packet( newfp, node->pkt )) ) { log_error("build_packet(%d) failed: %s\n", - node->pkt->pkttype, g10_errstr(rc) ); + node->pkt->pkttype, gpg_strerror (rc) ); iobuf_cancel(newfp); return rc; } @@ -1573,7 +1611,7 @@ do_copy (int mode, const char *fname, KBNODE root, rc = copy_all_packets (fp, newfp); if( rc != -1 ) { log_error("%s: copy to '%s' failed: %s\n", - fname, tmpfname, g10_errstr(rc) ); + fname, tmpfname, gpg_strerror (rc) ); iobuf_close(fp); iobuf_cancel(newfp); goto leave; @@ -1586,7 +1624,7 @@ do_copy (int mode, const char *fname, KBNODE root, rc = copy_some_packets( fp, newfp, start_offset ); if( rc ) { /* should never get EOF here */ log_error ("%s: copy to '%s' failed: %s\n", - fname, tmpfname, g10_errstr(rc) ); + fname, tmpfname, gpg_strerror (rc) ); iobuf_close(fp); iobuf_cancel(newfp); goto leave; @@ -1596,7 +1634,7 @@ do_copy (int mode, const char *fname, KBNODE root, rc = skip_some_packets( fp, n_packets ); if( rc ) { log_error("%s: skipping %u packets failed: %s\n", - fname, n_packets, g10_errstr(rc)); + fname, n_packets, gpg_strerror (rc)); iobuf_close(fp); iobuf_cancel(newfp); goto leave; @@ -1617,7 +1655,7 @@ do_copy (int mode, const char *fname, KBNODE root, rc = copy_all_packets( fp, newfp ); if( rc != -1 ) { log_error("%s: copy to '%s' failed: %s\n", - fname, tmpfname, g10_errstr(rc) ); + fname, tmpfname, gpg_strerror (rc) ); iobuf_close(fp); iobuf_cancel(newfp); goto leave; |