summaryrefslogtreecommitdiff
path: root/g10/keyring.c
diff options
context:
space:
mode:
authorDongHun Kwak <dh0128.kwak@samsung.com>2021-02-09 15:59:56 +0900
committerDongHun Kwak <dh0128.kwak@samsung.com>2021-02-09 15:59:56 +0900
commitc399f09830e89ea0ae248ed78502f6c0e6b632c1 (patch)
tree4a6c4ceb1045e6d87cfa2b6094ff2a9c661e503e /g10/keyring.c
parent979221d85a7560cff764e23c0d97554ab9c3d853 (diff)
downloadgpg2-c399f09830e89ea0ae248ed78502f6c0e6b632c1.tar.gz
gpg2-c399f09830e89ea0ae248ed78502f6c0e6b632c1.tar.bz2
gpg2-c399f09830e89ea0ae248ed78502f6c0e6b632c1.zip
Imported Upstream version 2.1.2upstream/2.1.2
Diffstat (limited to 'g10/keyring.c')
-rw-r--r--g10/keyring.c98
1 files changed, 68 insertions, 30 deletions
diff --git a/g10/keyring.c b/g10/keyring.c
index a1936b3..ee76e8a 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -309,7 +309,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
kr->lockhd = dotlock_create (kr->fname, 0);
if (!kr->lockhd) {
log_info ("can't allocate lock for '%s'\n", kr->fname );
- rc = G10ERR_GENERAL;
+ rc = GPG_ERR_GENERAL;
}
}
}
@@ -324,7 +324,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
;
else if (dotlock_take (kr->lockhd, -1) ) {
log_info ("can't lock '%s'\n", kr->fname );
- rc = G10ERR_GENERAL;
+ rc = GPG_ERR_GENERAL;
}
else
kr->is_locked = 1;
@@ -350,7 +350,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
/*
- * Return the last found keyring. Caller must free it.
+ * Return the last found keyblock. Caller must free it.
* The returned keyblock has the kbode flag bit 0 set for the node with
* the public key used to locate the keyblock or flag bit 1 set for
* the user ID node.
@@ -377,13 +377,13 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
if (!a)
{
log_error(_("can't open '%s'\n"), hd->found.kr->fname);
- return G10ERR_KEYRING_OPEN;
+ return GPG_ERR_KEYRING_OPEN;
}
if (iobuf_seek (a, hd->found.offset) ) {
log_error ("can't seek '%s'\n", hd->found.kr->fname);
iobuf_close(a);
- return G10ERR_KEYRING_OPEN;
+ return GPG_ERR_KEYRING_OPEN;
}
pkt = xmalloc (sizeof *pkt);
@@ -393,23 +393,44 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
save_mode = set_packet_list_mode(0);
while ((rc=parse_packet (a, pkt)) != -1) {
hd->found.n_packets++;
- if (rc == G10ERR_UNKNOWN_PACKET) {
+ if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
free_packet (pkt);
init_packet (pkt);
continue;
}
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ break; /* Upper layer needs to handle this. */
if (rc) {
log_error ("keyring_get_keyblock: read error: %s\n",
- g10_errstr(rc) );
- rc = G10ERR_INV_KEYRING;
+ gpg_strerror (rc) );
+ rc = GPG_ERR_INV_KEYRING;
break;
}
- if (pkt->pkttype == PKT_COMPRESSED) {
- log_error ("skipped compressed packet in keyring\n");
+
+ /* Filter allowed packets. */
+ switch (pkt->pkttype)
+ {
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ case PKT_USER_ID:
+ case PKT_ATTRIBUTE:
+ case PKT_SIGNATURE:
+ break; /* Allowed per RFC. */
+ case PKT_RING_TRUST:
+ case PKT_OLD_COMMENT:
+ case PKT_COMMENT:
+ case PKT_GPG_CONTROL:
+ break; /* Allowed by us. */
+
+ default:
+ log_error ("skipped packet of type %d in keyring\n",
+ (int)pkt->pkttype);
free_packet(pkt);
init_packet(pkt);
continue;
- }
+ }
if (in_cert && (pkt->pkttype == PKT_PUBLIC_KEY
|| pkt->pkttype == PKT_SECRET_KEY)) {
@@ -476,7 +497,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
if (rc || !ret_kb)
release_kbnode (keyblock);
else {
- /*(duplicated form the loop body)*/
+ /*(duplicated from the loop body)*/
if ( pkt && pkt->pkttype == PKT_RING_TRUST
&& lastnode
&& lastnode->pkt->pkttype == PKT_SIGNATURE
@@ -494,7 +515,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
/* Make sure that future search operations fail immediately when
* we know that we are working on a invalid keyring
*/
- if (rc == G10ERR_INV_KEYRING)
+ if (gpg_err_code (rc) == GPG_ERR_INV_KEYRING)
hd->current.error = rc;
return rc;
@@ -515,7 +536,7 @@ keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb)
/* need to know the number of packets - do a dummy get_keyblock*/
rc = keyring_get_keyblock (hd, NULL);
if (rc) {
- log_error ("re-reading keyblock failed: %s\n", g10_errstr (rc));
+ log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
return rc;
}
if (!hd->found.n_packets)
@@ -567,7 +588,7 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
fname = hd->resource? hd->resource->fname:NULL;
if (!fname)
- return G10ERR_GENERAL;
+ return GPG_ERR_GENERAL;
/* Close this one otherwise we will lose the position for
* a next search. Fixme: it would be better to adjust the position
@@ -602,7 +623,7 @@ keyring_delete_keyblock (KEYRING_HANDLE hd)
/* need to know the number of packets - do a dummy get_keyblock*/
rc = keyring_get_keyblock (hd, NULL);
if (rc) {
- log_error ("re-reading keyblock failed: %s\n", g10_errstr (rc));
+ log_error ("re-reading keyblock failed: %s\n", gpg_strerror (rc));
return rc;
}
if (!hd->found.n_packets)
@@ -654,12 +675,18 @@ keyring_search_reset (KEYRING_HANDLE hd)
static int
prepare_search (KEYRING_HANDLE hd)
{
- if (hd->current.error)
- return hd->current.error; /* still in error state */
+ if (hd->current.error) {
+ /* If the last key was a legacy key, we simply ignore the error so that
+ we can easily use search_next. */
+ if (gpg_err_code (hd->current.error) == GPG_ERR_LEGACY_KEY)
+ hd->current.error = 0;
+ else
+ return hd->current.error; /* still in error state */
+ }
if (hd->current.kr && !hd->current.eof) {
if ( !hd->current.iobuf )
- return G10ERR_GENERAL; /* position invalid after a modify */
+ return GPG_ERR_GENERAL; /* Position invalid after a modify. */
return 0; /* okay */
}
@@ -1087,7 +1114,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
goto found;
break;
default:
- rc = G10ERR_INV_ARG;
+ rc = GPG_ERR_INV_ARG;
goto found;
}
}
@@ -1300,7 +1327,7 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
if ( (rc = build_packet (fp, node->pkt) ))
{
log_error ("build_packet(%d) failed: %s\n",
- node->pkt->pkttype, g10_errstr(rc) );
+ node->pkt->pkttype, gpg_strerror (rc) );
return rc;
}
if (node->pkt->pkttype == PKT_SIGNATURE)
@@ -1354,8 +1381,12 @@ keyring_rebuild_cache (void *token,int noisy)
if(rc)
goto leave;
- while ( !(rc = keyring_search (hd, &desc, 1, NULL)) )
+ for (;;)
{
+ rc = keyring_search (hd, &desc, 1, NULL);
+ if (rc && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY)
+ break; /* ready. */
+
desc.mode = KEYDB_SEARCH_MODE_NEXT;
resname = keyring_get_resource_name (hd);
if (lastresname != resname )
@@ -1387,11 +1418,16 @@ keyring_rebuild_cache (void *token,int noisy)
goto leave;
}
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ continue;
+
release_kbnode (keyblock);
rc = keyring_get_keyblock (hd, &keyblock);
if (rc)
{
- log_error ("keyring_get_keyblock failed: %s\n", g10_errstr(rc));
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ continue; /* Skip legacy keys. */
+ log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc));
goto leave;
}
if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
@@ -1416,7 +1452,9 @@ keyring_rebuild_cache (void *token,int noisy)
The code required to keep them in the keyring would be
too complicated. Given that we do not touch the old
secring.gpg a suitable backup for decryption of v3 stuff
- using an older gpg version will always be available. */
+ using an older gpg version will always be available.
+ Note: This test is actually superfluous because we
+ already acted upon GPG_ERR_LEGACY_KEY. */
}
else
{
@@ -1459,7 +1497,7 @@ keyring_rebuild_cache (void *token,int noisy)
rc = 0;
if (rc)
{
- log_error ("keyring_search failed: %s\n", g10_errstr(rc));
+ log_error ("keyring_search failed: %s\n", gpg_strerror (rc));
goto leave;
}
if(noisy || opt.verbose)
@@ -1541,7 +1579,7 @@ do_copy (int mode, const char *fname, KBNODE root,
while ( (node = walk_kbnode( root, &kbctx, 0 )) ) {
if( (rc = build_packet( newfp, node->pkt )) ) {
log_error("build_packet(%d) failed: %s\n",
- node->pkt->pkttype, g10_errstr(rc) );
+ node->pkt->pkttype, gpg_strerror (rc) );
iobuf_cancel(newfp);
return rc;
}
@@ -1573,7 +1611,7 @@ do_copy (int mode, const char *fname, KBNODE root,
rc = copy_all_packets (fp, newfp);
if( rc != -1 ) {
log_error("%s: copy to '%s' failed: %s\n",
- fname, tmpfname, g10_errstr(rc) );
+ fname, tmpfname, gpg_strerror (rc) );
iobuf_close(fp);
iobuf_cancel(newfp);
goto leave;
@@ -1586,7 +1624,7 @@ do_copy (int mode, const char *fname, KBNODE root,
rc = copy_some_packets( fp, newfp, start_offset );
if( rc ) { /* should never get EOF here */
log_error ("%s: copy to '%s' failed: %s\n",
- fname, tmpfname, g10_errstr(rc) );
+ fname, tmpfname, gpg_strerror (rc) );
iobuf_close(fp);
iobuf_cancel(newfp);
goto leave;
@@ -1596,7 +1634,7 @@ do_copy (int mode, const char *fname, KBNODE root,
rc = skip_some_packets( fp, n_packets );
if( rc ) {
log_error("%s: skipping %u packets failed: %s\n",
- fname, n_packets, g10_errstr(rc));
+ fname, n_packets, gpg_strerror (rc));
iobuf_close(fp);
iobuf_cancel(newfp);
goto leave;
@@ -1617,7 +1655,7 @@ do_copy (int mode, const char *fname, KBNODE root,
rc = copy_all_packets( fp, newfp );
if( rc != -1 ) {
log_error("%s: copy to '%s' failed: %s\n",
- fname, tmpfname, g10_errstr(rc) );
+ fname, tmpfname, gpg_strerror (rc) );
iobuf_close(fp);
iobuf_cancel(newfp);
goto leave;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 08:41:01 +0000