diff options
| author | Werner Koch <wk@gnupg.org> | 2017-03-30 15:18:45 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2017-03-30 16:01:55 +0200 |
| commit | a6142dbdbc5783043deb847dc64998c421860941 (patch) | |
| tree | 15818cfb9c55f560021223162ced17b7e36d3d10 /kbx | |
| parent | gpg: Fix actual leak and possible leaks in the packet parser. (diff) | |
| download | gnupg2-a6142dbdbc5783043deb847dc64998c421860941.tar.xz gnupg2-a6142dbdbc5783043deb847dc64998c421860941.zip | |
gpg: Remove the use of the signature information from a KBX.
* g10/keydb.c (keyblock_cache): Remove field SIGSTATUS.
(keyblock_cache_clear): Adjust for that removal.
(parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature
cache setting; this is now done in the parser.
(keydb_get_keyblock): Do not set SIGSTATUS.
(build_keyblock_image): Remove arg SIGSTATUS and simplify. Change
caller.
* kbx/keybox-blob.c: Explain that the signature information is not
anymore used.
(_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change
callers.
* kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS
and change callers.
* kbx/keybox-update.c (keybox_insert_keyblock): Likewise.
--
This thing was too complicated and has been replaced by the new ring
trust packet code.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'kbx')
| -rw-r--r-- | kbx/kbxutil.c | 3 | ||||
| -rw-r--r-- | kbx/keybox-blob.c | 12 | ||||
| -rw-r--r-- | kbx/keybox-defs.h | 1 | ||||
| -rw-r--r-- | kbx/keybox-search.c | 23 | ||||
| -rw-r--r-- | kbx/keybox-update.c | 11 | ||||
| -rw-r--r-- | kbx/keybox.h | 5 |
6 files changed, 16 insertions, 39 deletions
diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c index 609429884..08892310f 100644 --- a/kbx/kbxutil.c +++ b/kbx/kbxutil.c @@ -411,8 +411,7 @@ import_openpgp (const char *filename, int dryrun) dump_openpgp_key (&info, p); else { - err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed, - NULL, 0); + err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed, 0); if (err) { fflush (stdout); diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c index f3bdceb3e..82f1cfec3 100644 --- a/kbx/keybox-blob.c +++ b/kbx/keybox-blob.c @@ -101,7 +101,9 @@ - u16 [NSIGS] Number of signatures - u16 Size of signature information (4) - NSIGS times: - - u32 Expiration time of signature with some special values: + - u32 Expiration time of signature with some special values. + Since version 2.1.20 these special valuesare not anymore + used for OpenPGP: - 0x00000000 = not checked - 0x00000001 = missing key - 0x00000002 = bad signature @@ -705,7 +707,6 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob, keybox_openpgp_info_t info, const unsigned char *image, size_t imagelen, - u32 *sigstatus, int as_ephemeral) { gpg_error_t err; @@ -713,11 +714,6 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob, *r_blob = NULL; - /* If we have a signature status vector, check that the number of - elements matches the actual number of signatures. */ - if (sigstatus && sigstatus[0] != info->nsigs) - return gpg_error (GPG_ERR_INTERNAL); - blob = xtrycalloc (1, sizeof *blob); if (!blob) return gpg_error_from_syserror (); @@ -756,7 +752,7 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob, if (err) goto leave; pgp_create_uid_part (blob, info); - pgp_create_sig_part (blob, sigstatus); + pgp_create_sig_part (blob, NULL); init_membuf (&blob->bufbuf, 1024); blob->buf = &blob->bufbuf; diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h index d9c3d3afe..b8b83771a 100644 --- a/kbx/keybox-defs.h +++ b/kbx/keybox-defs.h @@ -155,7 +155,6 @@ gpg_error_t _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob, keybox_openpgp_info_t info, const unsigned char *image, size_t imagelen, - u32 *sigstatus, int as_ephemeral); #ifdef KEYBOX_WITH_X509 int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert, diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index cc114c64c..56515d16a 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -1048,23 +1048,20 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc, /* Return the last found keyblock. Returns 0 on success and stores a - new iobuf at R_IOBUF and a signature status vector at R_SIGSTATUS - in that case. R_UID_NO and R_PK_NO are used to retun the number of - the key or user id which was matched the search criteria; if not - known they are set to 0. */ + * new iobuf at R_IOBUF. R_UID_NO and R_PK_NO are used to retun the + * number of the key or user id which was matched the search criteria; + * if not known they are set to 0. */ gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf, - int *r_pk_no, int *r_uid_no, u32 **r_sigstatus) + int *r_pk_no, int *r_uid_no) { gpg_error_t err; - const unsigned char *buffer, *p; + const unsigned char *buffer; size_t length; size_t image_off, image_len; size_t siginfo_off, siginfo_len; - u32 *sigstatus, n, n_sigs, sigilen; *r_iobuf = NULL; - *r_sigstatus = NULL; if (!hd) return gpg_error (GPG_ERR_INV_VALUE); @@ -1086,19 +1083,9 @@ keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf, &siginfo_off, &siginfo_len); if (err) return err; - n_sigs = get16 (buffer + siginfo_off); - sigilen = get16 (buffer + siginfo_off + 2); - p = buffer + siginfo_off + 4; - sigstatus = xtrymalloc ((1+n_sigs) * sizeof *sigstatus); - if (!sigstatus) - return gpg_error_from_syserror (); - sigstatus[0] = n_sigs; - for (n=1; n <= n_sigs; n++, p += sigilen) - sigstatus[n] = get32 (p); *r_pk_no = hd->found.pk_no; *r_uid_no = hd->found.uid_no; - *r_sigstatus = sigstatus; *r_iobuf = iobuf_temp_with_content (buffer+image_off, image_len); return 0; } diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index 31171dea4..0b0f56bce 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -353,12 +353,9 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob, } -/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD. SIGSTATUS is - a vector describing the status of the signatures; its first element - gives the number of following elements. */ +/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD. */ gpg_error_t -keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen, - u32 *sigstatus) +keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen) { gpg_error_t err; const char *fname; @@ -385,7 +382,7 @@ keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen, return err; assert (nparsed <= imagelen); err = _keybox_create_openpgp_blob (&blob, &info, image, imagelen, - sigstatus, hd->ephemeral); + hd->ephemeral); _keybox_destroy_openpgp_info (&info); if (!err) { @@ -436,7 +433,7 @@ keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen) return err; assert (nparsed <= imagelen); err = _keybox_create_openpgp_blob (&blob, &info, image, imagelen, - NULL, hd->ephemeral); + hd->ephemeral); _keybox_destroy_openpgp_info (&info); /* Update the keyblock. */ diff --git a/kbx/keybox.h b/kbx/keybox.h index 5c2824a7f..29884b05f 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -85,7 +85,7 @@ int _keybox_write_header_blob (FILE *fp, int openpgp_flag); /*-- keybox-search.c --*/ gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf, - int *r_uid_no, int *r_pk_no, u32 **sigstatus); + int *r_uid_no, int *r_pk_no); #ifdef KEYBOX_WITH_X509 int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert); #endif /*KEYBOX_WITH_X509*/ @@ -102,8 +102,7 @@ gpg_error_t keybox_seek (KEYBOX_HANDLE hd, off_t offset); /*-- keybox-update.c --*/ gpg_error_t keybox_insert_keyblock (KEYBOX_HANDLE hd, - const void *image, size_t imagelen, - u32 *sigstatus); + const void *image, size_t imagelen); gpg_error_t keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen); |