[git] GnuPG - branch, master, updated. gnupg-2.1.1-41-g09e8f35
by Werner Koch
cvs at cvs.gnupg.org
Thu Jan 22 16:42:33 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 09e8f35d3808d6e49f891360c341aae3869e8650 (commit)
via 6f3d11d8837b00e3a1c4fa881066855c0321d6b2 (commit)
from 11142e0ad7bc9a9e3c3dccf958d8dbd3312cb993 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 09e8f35d3808d6e49f891360c341aae3869e8650
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 22 16:36:28 2015 +0100
gpg: Improve skipping of PGP-2 keys.
* g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy
keys.
* g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY.
(prepare_search): Ditto.
(keyring_rebuild_cache): Skip legacy keys.
* g10/keyserver.c (keyidlist): Ditto.
* g10/trustdb.c (validate_key_list): Ditto.
--
This is not the most elegant way to handle it but it reduces the
chance for unwanted side effects.
GnuPG-bug-id: 1816
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/keydb.c b/g10/keydb.c
index 263b504..401478a 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1489,24 +1489,40 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
}
+/* Note that in contrast to using keydb_search in search first mode,
+ this function skips legacy keys. */
gpg_error_t
keydb_search_first (KEYDB_HANDLE hd)
{
+ gpg_error_t err;
KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FIRST;
- return keydb_search (hd, &desc, 1, NULL);
+ err = keydb_search (hd, &desc, 1, NULL);
+ if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY)
+ err = keydb_search_next (hd);
+ return err;
}
+
+/* Note that in contrast to using keydb_search in search next mode,
+ this fucntion skips legacy keys. */
gpg_error_t
keydb_search_next (KEYDB_HANDLE hd)
{
+ gpg_error_t err;
KEYDB_SEARCH_DESC desc;
- memset (&desc, 0, sizeof desc);
- desc.mode = KEYDB_SEARCH_MODE_NEXT;
- return keydb_search (hd, &desc, 1, NULL);
+ do
+ {
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_NEXT;
+ err = keydb_search (hd, &desc, 1, NULL);
+ }
+ while (gpg_err_code (err) == GPG_ERR_LEGACY_KEY);
+
+ return err;
}
gpg_error_t
diff --git a/g10/keylist.c b/g10/keylist.c
index daabc7d..5fd9eb8 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -466,6 +466,8 @@ list_all (int secret, int mark_secret)
rc = keydb_get_keyblock (hd, &keyblock);
if (rc)
{
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ continue; /* Skip legacy keys. */
log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
goto leave;
}
diff --git a/g10/keyring.c b/g10/keyring.c
index 34829e7..6060f08 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -398,6 +398,8 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
init_packet (pkt);
continue;
}
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ break; /* Upper layer needs to handle this. */
if (rc) {
log_error ("keyring_get_keyblock: read error: %s\n",
gpg_strerror (rc) );
@@ -654,8 +656,14 @@ keyring_search_reset (KEYRING_HANDLE hd)
static int
prepare_search (KEYRING_HANDLE hd)
{
- if (hd->current.error)
- return hd->current.error; /* still in error state */
+ if (hd->current.error) {
+ /* If the last key was a legacy key, we simply ignore the error so that
+ we can easily use search_next. */
+ if (gpg_err_code (hd->current.error) == GPG_ERR_LEGACY_KEY)
+ hd->current.error = 0;
+ else
+ return hd->current.error; /* still in error state */
+ }
if (hd->current.kr && !hd->current.eof) {
if ( !hd->current.iobuf )
@@ -1354,8 +1362,12 @@ keyring_rebuild_cache (void *token,int noisy)
if(rc)
goto leave;
- while ( !(rc = keyring_search (hd, &desc, 1, NULL)) )
+ for (;;)
{
+ rc = keyring_search (hd, &desc, 1, NULL);
+ if (rc && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY)
+ break; /* ready. */
+
desc.mode = KEYDB_SEARCH_MODE_NEXT;
resname = keyring_get_resource_name (hd);
if (lastresname != resname )
@@ -1387,10 +1399,15 @@ keyring_rebuild_cache (void *token,int noisy)
goto leave;
}
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ continue;
+
release_kbnode (keyblock);
rc = keyring_get_keyblock (hd, &keyblock);
if (rc)
{
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ continue; /* Skip legacy keys. */
log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc));
goto leave;
}
@@ -1416,7 +1433,9 @@ keyring_rebuild_cache (void *token,int noisy)
The code required to keep them in the keyring would be
too complicated. Given that we do not touch the old
secring.gpg a suitable backup for decryption of v3 stuff
- using an older gpg version will always be available. */
+ using an older gpg version will always be available.
+ Note: This test is actually superfluous because we
+ already acted upon GPG_ERR_LEGACY_KEY. */
}
else
{
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 0530907..035cd03 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1248,16 +1248,25 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
}
}
- while (!(rc = keydb_search (kdbhd, desc, ndesc, NULL)))
+ for (;;)
{
+ rc = keydb_search (kdbhd, desc, ndesc, NULL);
+ if (rc && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY)
+ break; /* ready. */
+
if (!users)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ continue;
+
/* read the keyblock */
rc = keydb_get_keyblock (kdbhd, &keyblock );
if( rc )
{
- log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ continue;
+ log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
goto leave;
}
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 84179f0..08f6cf4 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1604,6 +1604,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
{
PKT_public_key *pk;
+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ continue;
+
rc = keydb_get_keyblock (hd, &keyblock);
if (rc)
{
@@ -1660,7 +1663,8 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
release_kbnode (keyblock);
keyblock = NULL;
}
- while (!(rc = keydb_search (hd, &desc, 1, NULL)));
+ while (!(rc = keydb_search (hd, &desc, 1, NULL))
+ || gpg_err_code (rc) == GPG_ERR_LEGACY_KEY);
if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
{
commit 6f3d11d8837b00e3a1c4fa881066855c0321d6b2
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 22 12:14:48 2015 +0100
gpg: Add dedicated error code for PGP-2 keys.
* g10/parse-packet.c (parse_key): Return GPG_ERR_LEGACY_KEY for PGP2
keys.
* g10/import.c (read_block): Simplify by checking GPG_ERR_LEGACY_KEY.
* g10/getkey.c (lookup): Silence error message for PGP-2 keys.
* common/util.h (GPG_ERR_LEGACY_KEY): Add replacement for older
libgpg-error.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/util.h b/common/util.h
index 94878bc..24107f5 100644
--- a/common/util.h
+++ b/common/util.h
@@ -38,6 +38,7 @@
/* These error codes are used but not defined in the required
libgpg-error version. Define them here. */
#if GPG_ERROR_VERSION_NUMBER < 0x011200 /* 1.18 */
+# define GPG_ERR_LEGACY_KEY 222
# define GPG_ERR_OBJ_TERM_STATE 225
# define GPG_ERR_FORBIDDEN 251
#endif
diff --git a/g10/getkey.c b/g10/getkey.c
index d240dd7..62d2d33 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -403,8 +403,6 @@ get_pubkey (PKT_public_key * pk, u32 * keyid)
if (!rc)
goto leave;
- log_debug ("looking up key %08X%08X failed: %s\n", keyid[0], keyid[1],
- gpg_strerror (rc));
rc = GPG_ERR_NO_PUBKEY;
leave:
@@ -2573,7 +2571,8 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret)
}
found:
- if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
+ if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND
+ && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY)
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
if (!rc)
diff --git a/g10/import.c b/g10/import.c
index 56121db..de22520 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -544,11 +544,9 @@ read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
in_v3key = 0;
while ((rc=parse_packet(a, pkt)) != -1)
{
- if (rc && (gpg_err_code (rc) == GPG_ERR_INV_PACKET
+ if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
&& (pkt->pkttype == PKT_PUBLIC_KEY
- || pkt->pkttype == PKT_SECRET_KEY)
- && (pkt->pkt.public_key->version == 2
- || pkt->pkt.public_key->version == 3)))
+ || pkt->pkttype == PKT_SECRET_KEY)))
{
in_v3key = 1;
++*r_v3keys;
diff --git a/g10/keyring.c b/g10/keyring.c
index 7ac3478..34829e7 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -350,7 +350,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
/*
- * Return the last found keyring. Caller must free it.
+ * Return the last found keyblock. Caller must free it.
* The returned keyblock has the kbode flag bit 0 set for the node with
* the public key used to locate the keyblock or flag bit 1 set for
* the user ID node.
@@ -1409,8 +1409,6 @@ keyring_rebuild_cache (void *token,int noisy)
goto leave;
}
- log_debug ("keblock with version %d\n",
- keyblock->pkt->pkt.public_key->version);
if (keyblock->pkt->pkt.public_key->version < 4)
{
/* We do not copy/cache v3 keys or any other unknown
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index ae215c4..73c4434 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1963,7 +1963,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
if (list_mode)
es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
pk->version = version;
- err = gpg_error (GPG_ERR_INV_PACKET);
+ err = gpg_error (GPG_ERR_LEGACY_KEY);
goto leave;
}
else
-----------------------------------------------------------------------
Summary of changes:
common/util.h | 1 +
g10/getkey.c | 5 ++---
g10/import.c | 6 ++----
g10/keydb.c | 24 ++++++++++++++++++++----
g10/keylist.c | 2 ++
g10/keyring.c | 31 ++++++++++++++++++++++++-------
g10/keyserver.c | 13 +++++++++++--
g10/parse-packet.c | 2 +-
g10/trustdb.c | 6 +++++-
9 files changed, 68 insertions(+), 22 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list