[git] GnuPG - branch, master, updated. gnupg-2.1.9-141-g58e4a49
by Neal H. Walfield
cvs at cvs.gnupg.org
Tue Nov 17 14:56:40 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 58e4a492e2c8e908d16135486ed601f602f1e38d (commit)
via 848726f5c02faddb0b0fd24ce1a66893f5325675 (commit)
via ad9befab12376b3a49cde410996ac9f0013d0871 (commit)
via 8f6099ac510526d89be50309dbeb52f62bbaa7d1 (commit)
via 11ec4785df1646643966d872b1b53ef675092c98 (commit)
via a052c30d31c0f6b532fea081f4a9bee083f5440f (commit)
via eae982ed6d69644258afe9c4ad1be553853d8403 (commit)
from a9e0905342e847e8961ec4fe9b3aaedf05e33423 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 58e4a492e2c8e908d16135486ed601f602f1e38d
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Nov 17 14:38:03 2015 +0100
gpg: Change keydb_search to not return legacy keys.
* g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
If set, skip any legacy keys. Update callers.
* g10/keydb.c (keydb_search): Skip any legacy keys.
(keydb_search_first): Don't skip legacy keys. Treat them
as an error.
(keydb_search_next): Likewise.
(keydb_search_fpr): Likewise.
* g10/export.c (do_export_stream): Likewise.
* g10/getkey.c (lookup): Likewise.
(have_secret_key_with_kid): Likewise.
* g10/keylist.c (list_all): Likewise.
(keyring_rebuild_cache): Likewise.
* g10/keyserver.c (keyidlist): Likewise.
* g10/trustdb.c (validate_key_list): Likewise.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/export.c b/g10/export.c
index 3c2aa57..1d71c1c 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -940,8 +940,6 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
err = keydb_search (kdbhd, desc, ndesc, &descindex);
if (!users)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
- if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY)
- continue; /* Skip PGP2 keys. */
if (err)
break;
@@ -949,8 +947,6 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
release_kbnode (keyblock);
keyblock = NULL;
err = keydb_get_keyblock (kdbhd, &keyblock);
- if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY)
- continue; /* Skip PGP2 keys. */
if (err)
{
log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
diff --git a/g10/getkey.c b/g10/getkey.c
index dd6820b..88d8c65 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -2679,29 +2679,6 @@ found:
}
-/* Return true if all the search modes are fingerprints. */
-static int
-search_modes_are_fingerprint (getkey_ctx_t ctx)
-{
- size_t n, found;
-
- for (n=found=0; n < ctx->nitems; n++)
- {
- switch (ctx->items[n].mode)
- {
- case KEYDB_SEARCH_MODE_FPR16:
- case KEYDB_SEARCH_MODE_FPR20:
- case KEYDB_SEARCH_MODE_FPR:
- found++;
- break;
- default:
- break;
- }
- }
- return found && found == ctx->nitems;
-}
-
-
/* A high-level function to lookup keys.
This function builds on top of the low-level keydb API. It first
@@ -2709,10 +2686,6 @@ search_modes_are_fingerprint (getkey_ctx_t ctx)
then it filters the results using CTX and, finally, if WANT_SECRET
is set, it ignores any keys for which no secret key is available.
- Note: this function skips any legacy keys unless the search mode is
- KEYDB_SEARCH_MODE_FIRST or KEYDB_SEARCH_MODE_NEXT or we are
- searching by fingerprint.
-
Unlike the low-level search functions, this function also merges
all of the self-signed data into the keys, subkeys and user id
packets (see the merge_selfsigs for details).
@@ -2730,18 +2703,6 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
for (;;)
{
rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL);
-
- /* Skip over all legacy keys unless we are iterating over all
- keys in the DB or the key was requested by its fingerprint.
-
- Fixme: The lower level keydb code should actually do that but
- then it would be harder to report the number of skipped
- legacy keys during import. */
- if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
- && !(ctx->nitems && (ctx->items->mode == KEYDB_SEARCH_MODE_FIRST
- || ctx->items->mode == KEYDB_SEARCH_MODE_NEXT))
- && !search_modes_are_fingerprint (ctx))
- continue;
if (rc)
break;
@@ -2789,8 +2750,7 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
}
found:
- if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND
- && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY)
+ if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
if (!rc)
@@ -2798,8 +2758,7 @@ found:
*ret_keyblock = keyblock; /* Return the keyblock. */
keyblock = NULL;
}
- else if ((gpg_err_code (rc) == GPG_ERR_NOT_FOUND
- || gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) && no_suitable_key)
+ else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND && no_suitable_key)
rc = want_secret? GPG_ERR_UNUSABLE_SECKEY : GPG_ERR_UNUSABLE_PUBKEY;
else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
rc = want_secret? GPG_ERR_NO_SECKEY : GPG_ERR_NO_PUBKEY;
@@ -3207,8 +3166,6 @@ have_secret_key_with_kid (u32 *keyid)
while (!result)
{
err = keydb_search (kdbhd, &desc, 1, NULL);
- if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY)
- continue;
if (err)
break;
diff --git a/g10/keydb.c b/g10/keydb.c
index 40fb4c7..8a68980 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1708,12 +1708,14 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
break;
case KEYDB_RESOURCE_TYPE_KEYRING:
rc = keyring_search (hd->active[hd->current].u.kr, desc,
- ndesc, descindex);
+ ndesc, descindex, 1);
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
- rc = keybox_search (hd->active[hd->current].u.kb, desc,
- ndesc, KEYBOX_BLOBTYPE_PGP,
- descindex, &hd->skipped_long_blobs);
+ do
+ rc = keybox_search (hd->active[hd->current].u.kb, desc,
+ ndesc, KEYBOX_BLOBTYPE_PGP,
+ descindex, &hd->skipped_long_blobs);
+ while (rc == GPG_ERR_LEGACY_KEY);
break;
}
@@ -1776,28 +1778,18 @@ keydb_search_first (KEYDB_HANDLE hd)
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FIRST;
- err = keydb_search (hd, &desc, 1, NULL);
- if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY)
- err = keydb_search_next (hd);
- return err;
+ return keydb_search (hd, &desc, 1, NULL);
}
gpg_error_t
keydb_search_next (KEYDB_HANDLE hd)
{
- gpg_error_t err;
KEYDB_SEARCH_DESC desc;
- do
- {
- memset (&desc, 0, sizeof desc);
- desc.mode = KEYDB_SEARCH_MODE_NEXT;
- err = keydb_search (hd, &desc, 1, NULL);
- }
- while (gpg_err_code (err) == GPG_ERR_LEGACY_KEY);
-
- return err;
+ memset (&desc, 0, sizeof desc);
+ desc.mode = KEYDB_SEARCH_MODE_NEXT;
+ return keydb_search (hd, &desc, 1, NULL);
}
gpg_error_t
@@ -1815,17 +1807,10 @@ keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
gpg_error_t
keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
{
- gpg_error_t err;
KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FPR;
memcpy (desc.u.fpr, fpr, MAX_FINGERPRINT_LEN);
- do
- {
- err = keydb_search (hd, &desc, 1, NULL);
- }
- while (gpg_err_code (err) == GPG_ERR_LEGACY_KEY);
-
- return err;
+ return keydb_search (hd, &desc, 1, NULL);
}
diff --git a/g10/keydb.h b/g10/keydb.h
index 203c7ec..1848316 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -296,7 +296,8 @@ unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd);
(Currently, this function always returns 0 if HD is valid.) */
gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
-/* Search the database for keys matching the search description.
+/* Search the database for keys matching the search description. If
+ the DB contains any legacy keys, these are silently ignored.
DESC is an array of search terms with NDESC entries. The search
terms are or'd together. That is, the next entry in the DB that
@@ -338,7 +339,7 @@ gpg_error_t keydb_search_next (KEYDB_HANDLE hd);
gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid);
/* This is a convenience function for searching for keys with a long
- (20 byte) fingerprint. This function ignores legacy keys.
+ (20 byte) fingerprint.
Note: this function resumes searching where the last search left
off. If you want to search the whole database, then you need to
diff --git a/g10/keyring.c b/g10/keyring.c
index cd569fd..5ebea99 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -429,7 +429,8 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
}
else
/* Upper layer needs to handle this. */
- ;
+ {
+ }
break;
}
if (rc) {
@@ -967,7 +968,7 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
*/
int
keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
- size_t ndesc, size_t *descindex)
+ size_t ndesc, size_t *descindex, int ignore_legacy)
{
int rc;
PACKET pkt;
@@ -1106,11 +1107,20 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
if (DBG_LOOKUP)
log_debug ("%s: %ssearching from start of resource.\n",
__func__, scanned_from_start ? "" : "not ");
- while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid)))
+ while (1)
{
byte afp[MAX_FINGERPRINT_LEN];
size_t an;
+ rc = search_packet (hd->current.iobuf, &pkt, &offset, need_uid);
+ if (ignore_legacy && gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
+ {
+ free_packet (&pkt);
+ continue;
+ }
+ if (rc)
+ break;
+
if (pkt.pkttype == PKT_PUBLIC_KEY || pkt.pkttype == PKT_SECRET_KEY)
{
main_offset = offset;
@@ -1486,8 +1496,8 @@ keyring_rebuild_cache (void *token,int noisy)
for (;;)
{
- rc = keyring_search (hd, &desc, 1, NULL);
- if (rc && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY)
+ rc = keyring_search (hd, &desc, 1, NULL, 0);
+ if (rc)
break; /* ready. */
desc.mode = KEYDB_SEARCH_MODE_NEXT;
diff --git a/g10/keyring.h b/g10/keyring.h
index d97bd4c..14d9f42 100644
--- a/g10/keyring.h
+++ b/g10/keyring.h
@@ -39,7 +39,7 @@ int keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb);
int keyring_delete_keyblock (KEYRING_HANDLE hd);
int keyring_search_reset (KEYRING_HANDLE hd);
int keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
- size_t ndesc, size_t *descindex);
+ size_t ndesc, size_t *descindex, int skip_legacy);
int keyring_rebuild_cache (void *token,int noisy);
#endif /*GPG_KEYRING_H*/
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 72c244a..ab0eb62 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -1229,21 +1229,16 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
for (;;)
{
rc = keydb_search (kdbhd, desc, ndesc, NULL);
- if (rc && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY)
+ if (rc)
break; /* ready. */
if (!users)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
- if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
- continue;
-
/* read the keyblock */
rc = keydb_get_keyblock (kdbhd, &keyblock );
if( rc )
{
- if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
- continue;
log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) );
goto leave;
}
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 943357c..386796c 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1732,9 +1732,6 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
{
PKT_public_key *pk;
- if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
- continue;
-
rc = keydb_get_keyblock (hd, &keyblock);
if (rc)
{
@@ -1790,8 +1787,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
release_kbnode (keyblock);
keyblock = NULL;
}
- while (!(rc = keydb_search (hd, &desc, 1, NULL))
- || gpg_err_code (rc) == GPG_ERR_LEGACY_KEY);
+ while (!(rc = keydb_search (hd, &desc, 1, NULL)));
if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
{
commit 848726f5c02faddb0b0fd24ce1a66893f5325675
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Nov 17 12:56:55 2015 +0100
gpg: Correctly handle an error.
* g10/keyring.c (keyring_search): If a compare function returns an
error, treat it as an error.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/keyring.c b/g10/keyring.c
index e9e3ffc..cd569fd 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -1202,6 +1202,9 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
free_packet (&pkt);
continue;
found:
+ if (rc)
+ goto real_found;
+
if (DBG_LOOKUP)
log_debug ("%s: packet starting at offset %zx matched descriptor %zd\n",
__func__, offset, n);
commit ad9befab12376b3a49cde410996ac9f0013d0871
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Nov 17 12:55:42 2015 +0100
gpg: Correctly handle keyblocks followed by legacy keys.
* g10/keyring.c (keyring_get_keyblock): If we encounter a legacy
packet after already having some non-legacy packets, then treat the
legacy packet as a keyblock boundary, not as part of the keyblock.
* g10/t-keydb-get-keyblock.c: New file.
* g10/t-keydb-get-keyblock.gpg: New file.
* g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg.
(module_tests): Add t-keydb-get-keyblock.
(t_keydb_get_keyblock_SOURCES): New variable.
(t_keydb_get_keyblock_LDADD): Likewise.
--
Signed-off-by: Neal H. Walfield
GnuPG-bug-id: 2151
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 2fe5c9a..10714f6 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -20,7 +20,8 @@
EXTRA_DIST = options.skel dirmngr-conf.skel distsigkey.gpg \
ChangeLog-2011 gpg-w32info.rc \
- gpg.w32-manifest.in test.c t-keydb-keyring.kbx
+ gpg.w32-manifest.in test.c t-keydb-keyring.kbx \
+ t-keydb-get-keyblock.gpg
AM_CPPFLAGS = -I$(top_srcdir)/common
@@ -157,12 +158,16 @@ gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
gpgv2_LDFLAGS = $(extra_bin_ldflags)
t_common_ldadd =
-module_tests = t-rmd160 t-keydb
+module_tests = t-rmd160 t-keydb t-keydb-get-keyblock
t_rmd160_SOURCES = t-rmd160.c rmd160.c
t_rmd160_LDADD = $(t_common_ldadd)
t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source)
t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
$(LIBICONV) $(t_common_ldadd)
+t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \
+ $(common_source)
+t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
+ $(LIBICONV) $(t_common_ldadd)
$(PROGRAMS): $(needed_libs) ../common/libgpgrl.a
diff --git a/g10/keyring.c b/g10/keyring.c
index 9a3638b..e9e3ffc 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -419,7 +419,19 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
continue;
}
if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY)
- break; /* Upper layer needs to handle this. */
+ {
+ if (in_cert)
+ /* It is not this key that is problematic, but the
+ following key. */
+ {
+ rc = 0;
+ hd->found.n_packets --;
+ }
+ else
+ /* Upper layer needs to handle this. */
+ ;
+ break;
+ }
if (rc) {
log_error ("keyring_get_keyblock: read error: %s\n",
gpg_strerror (rc) );
diff --git a/g10/t-keydb-get-keyblock.c b/g10/t-keydb-get-keyblock.c
new file mode 100644
index 0000000..2fbcb73
--- /dev/null
+++ b/g10/t-keydb-get-keyblock.c
@@ -0,0 +1,60 @@
+/* t-keydb-get-keyblock.c - Tests for keydb.c.
+ * Copyright (C) 2015 g10 Code GmbH
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "test.c"
+
+#include "keydb.h"
+
+static void
+do_test (int argc, char *argv[])
+{
+ char *fname;
+ int rc;
+ KEYDB_HANDLE hd1;
+ KEYDB_SEARCH_DESC desc1;
+ KBNODE kb1;
+
+ (void) argc;
+ (void) argv;
+
+ /* t-keydb-get-keyblock.gpg contains two keys: a modern key followed
+ by a legacy key. If we get the keyblock for the modern key, we
+ shouldn't get
+
+ - */
+ fname = prepend_srcdir ("t-keydb-get-keyblock.gpg");
+ rc = keydb_add_resource (fname, 0);
+ test_free (fname);
+ if (rc)
+ ABORT ("Failed to open keyring.");
+
+ hd1 = keydb_new ();
+
+ rc = classify_user_id ("8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367",
+ &desc1, 0);
+ if (rc)
+ ABORT ("Failed to convert fingerprint for 1E42B367");
+
+ rc = keydb_search (hd1, &desc1, 1, NULL);
+ if (rc)
+ ABORT ("Failed to lookup key associated with 1E42B367");
+
+ rc = keydb_get_keyblock (hd1, &kb1);
+ TEST_P ("", ! rc);
+}
diff --git a/g10/t-keydb-get-keyblock.gpg b/g10/t-keydb-get-keyblock.gpg
new file mode 100644
index 0000000..521487e
Binary files /dev/null and b/g10/t-keydb-get-keyblock.gpg differ
commit 8f6099ac510526d89be50309dbeb52f62bbaa7d1
Author: Neal H. Walfield <neal at g10code.com>
Date: Mon Nov 16 20:55:34 2015 +0100
gpg: Add some debugging output.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/gpg.c b/g10/gpg.c
index 0cc7038..5ba3a20 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2124,6 +2124,12 @@ check_user_ids (strlist_t *sp,
default: log_bug ("Unsupport option: %d\n", t->flags >> 2);
}
+ if (DBG_LOOKUP)
+ {
+ log_debug ("\n");
+ log_debug ("%s: Checking %s=%s\n", __func__, option, t->d);
+ }
+
err = classify_user_id (t->d, &desc, 1);
if (err)
{
@@ -2153,6 +2159,9 @@ check_user_ids (strlist_t *sp,
err = keydb_search (hd, &desc, 1, NULL);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
{
+ if (DBG_LOOKUP)
+ log_debug ("%s: '%s' not found.\n", __func__, t->d);
+
if (error_if_not_found)
{
if (! rc)
@@ -2195,6 +2204,9 @@ check_user_ids (strlist_t *sp,
release_kbnode (kb);
/* Continue the search. */
+ if (DBG_LOOKUP)
+ log_debug ("%s: Check for duplicates for %s='%s'\n",
+ __func__, option, t->d);
err = keydb_search (hd, &desc, 1, NULL);
if (! err)
/* Another result! */
diff --git a/g10/keydb.c b/g10/keydb.c
index 22fec24..40fb4c7 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1692,7 +1692,16 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
while ((rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
&& hd->current >= 0 && hd->current < hd->used)
{
- switch (hd->active[hd->current].type)
+ if (DBG_LOOKUP)
+ log_debug ("%s: searching %s (resource %d of %d)\n",
+ __func__,
+ hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYRING
+ ? "keyring"
+ : (hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX
+ ? "keybox" : "unknown type"),
+ hd->current, hd->used);
+
+ switch (hd->active[hd->current].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
BUG(); /* we should never see it here */
@@ -1707,6 +1716,17 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
descindex, &hd->skipped_long_blobs);
break;
}
+
+ if (DBG_LOOKUP)
+ log_debug ("%s: searched %s (resource %d of %d) => %s\n",
+ __func__,
+ hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYRING
+ ? "keyring"
+ : (hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX
+ ? "keybox" : "unknown type"),
+ hd->current, hd->used,
+ rc == -1 ? "EOF" : gpg_strerror (rc));
+
if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
{
/* EOF -> switch to next resource */
diff --git a/g10/keyring.c b/g10/keyring.c
index 8ebc2e4..9a3638b 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -699,29 +699,51 @@ prepare_search (KEYRING_HANDLE hd)
/* If the last key was a legacy key, we simply ignore the error so that
we can easily use search_next. */
if (gpg_err_code (hd->current.error) == GPG_ERR_LEGACY_KEY)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("%s: last error was GPG_ERR_LEGACY_KEY, clearing\n",
+ __func__);
hd->current.error = 0;
+ }
else
+ {
+ if (DBG_LOOKUP)
+ log_debug ("%s: returning last error: %s\n",
+ __func__, gpg_strerror (hd->current.error));
return hd->current.error; /* still in error state */
+ }
}
if (hd->current.kr && !hd->current.eof) {
if ( !hd->current.iobuf )
+ {
+ if (DBG_LOOKUP)
+ log_debug ("%s: missing iobuf!\n", __func__);
return GPG_ERR_GENERAL; /* Position invalid after a modify. */
+ }
return 0; /* okay */
}
if (!hd->current.kr && hd->current.eof)
+ {
+ if (DBG_LOOKUP)
+ log_debug ("%s: EOF!\n", __func__);
return -1; /* still EOF */
+ }
if (!hd->current.kr) { /* start search with first keyring */
hd->current.kr = hd->resource;
if (!hd->current.kr) {
+ if (DBG_LOOKUP)
+ log_debug ("%s: keyring not available!\n", __func__);
hd->current.eof = 1;
return -1; /* keyring not available */
}
assert (!hd->current.iobuf);
}
else { /* EOF */
+ if (DBG_LOOKUP)
+ log_debug ("%s: EOF\n", __func__);
iobuf_close (hd->current.iobuf);
hd->current.iobuf = NULL;
hd->current.kr = NULL;
@@ -988,22 +1010,44 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
}
}
+ if (DBG_LOOKUP)
+ log_debug ("%s: need_uid = %d; need_words = %d; need_keyid = %d; need_fpr = %d; any_skip = %d\n",
+ __func__, need_uid, need_words, need_keyid, need_fpr, any_skip);
+
rc = prepare_search (hd);
if (rc)
- return rc;
+ {
+ if (DBG_LOOKUP)
+ log_debug ("%s: prepare_search failed: %s (%d)\n",
+ __func__, gpg_strerror (rc), gpg_err_code (rc));
+ return rc;
+ }
use_offtbl = !!kr_offtbl;
if (!use_offtbl)
- ;
+ {
+ if (DBG_LOOKUP)
+ log_debug ("%s: no offset table.\n", __func__);
+ }
else if (!kr_offtbl_ready)
- need_keyid = 1;
+ {
+ if (DBG_LOOKUP)
+ log_debug ("%s: initializing offset table. (need_keyid: %d => 1)\n",
+ __func__, need_keyid);
+ need_keyid = 1;
+ }
else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
{
struct off_item *oi;
+ if (DBG_LOOKUP)
+ log_debug ("%s: look up by long key id, checking cache\n", __func__);
+
oi = lookup_offset_hash_table (kr_offtbl, desc[0].u.kid);
if (!oi)
{ /* We know that we don't have this key */
+ if (DBG_LOOKUP)
+ log_debug ("%s: cache says not present\n", __func__);
hd->found.kr = NULL;
hd->current.eof = 1;
return -1;
@@ -1047,6 +1091,9 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
pk_no = uid_no = 0;
initial_skip = 1; /* skip until we see the start of a keyblock */
scanned_from_start = iobuf_tell (hd->current.iobuf) == 0;
+ if (DBG_LOOKUP)
+ log_debug ("%s: %ssearching from start of resource.\n",
+ __func__, scanned_from_start ? "" : "not ");
while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid)))
{
byte afp[MAX_FINGERPRINT_LEN];
@@ -1143,6 +1190,10 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
free_packet (&pkt);
continue;
found:
+ if (DBG_LOOKUP)
+ log_debug ("%s: packet starting at offset %zx matched descriptor %zd\n",
+ __func__, offset, n);
+
/* Record which desc we matched on. Note this value is only
meaningful if this function returns with no errors. */
if(descindex)
@@ -1151,7 +1202,12 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
{
if (desc[n].skipfnc
&& desc[n].skipfnc (desc[n].skipfncvalue, aki, uid_no))
- break;
+ {
+ if (DBG_LOOKUP)
+ log_debug ("%s: skipping match: desc %zd's skip function returned TRUE\n",
+ __func__, n);
+ break;
+ }
}
if (n == ndesc)
goto real_found;
@@ -1160,6 +1216,8 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
real_found:
if (!rc)
{
+ if (DBG_LOOKUP)
+ log_debug ("%s: returing success\n", __func__);
hd->found.offset = main_offset;
hd->found.kr = hd->current.kr;
hd->found.pk_no = pk? pk_no : 0;
@@ -1167,6 +1225,9 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
}
else if (rc == -1)
{
+ if (DBG_LOOKUP)
+ log_debug ("%s: no matches (EOF)\n", __func__);
+
hd->current.eof = 1;
/* if we scanned all keyrings, we are sure that
* all known key IDs are in our offtbl, mark that. */
@@ -1195,7 +1256,12 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
}
}
else
- hd->current.error = rc;
+ {
+ if (DBG_LOOKUP)
+ log_debug ("%s: error encountered during search: %s (%d)\n",
+ __func__, gpg_strerror (rc), rc);
+ hd->current.error = rc;
+ }
free_packet(&pkt);
set_packet_list_mode(save_mode);
commit 11ec4785df1646643966d872b1b53ef675092c98
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Nov 17 11:36:38 2015 +0100
gpg: Make debugging search descriptors easier.
* g10/keydb.c (dump_search_desc): Rename from this...
(keydb_search_desc_dump): ... to this. Only process a single search
descriptor. Improve output. Don't mark as static. Update callers.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/keydb.c b/g10/keydb.c
index 1705c71..22fec24 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -465,8 +465,70 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp)
return rt;
}
+
+char *
+keydb_search_desc_dump (struct keydb_search_desc *desc)
+{
+ char b[MAX_FORMATTED_FINGERPRINT_LEN + 1];
+ char fpr[MAX_FINGERPRINT_LEN + 1];
-
+ switch (desc->mode)
+ {
+ case KEYDB_SEARCH_MODE_EXACT:
+ return xasprintf ("EXACT: '%s'", desc->u.name);
+ case KEYDB_SEARCH_MODE_SUBSTR:
+ return xasprintf ("SUBSTR: '%s'", desc->u.name);
+ case KEYDB_SEARCH_MODE_MAIL:
+ return xasprintf ("MAIL: '%s'", desc->u.name);
+ case KEYDB_SEARCH_MODE_MAILSUB:
+ return xasprintf ("MAILSUB: '%s'", desc->u.name);
+ case KEYDB_SEARCH_MODE_MAILEND:
+ return xasprintf ("MAILEND: '%s'", desc->u.name);
+ case KEYDB_SEARCH_MODE_WORDS:
+ return xasprintf ("WORDS: '%s'", desc->u.name);
+ case KEYDB_SEARCH_MODE_SHORT_KID:
+ return xasprintf ("SHORT_KID: '%s'",
+ format_keyid (desc->u.kid, KF_SHORT, b, sizeof (b)));
+ case KEYDB_SEARCH_MODE_LONG_KID:
+ return xasprintf ("LONG_KID: '%s'",
+ format_keyid (desc->u.kid, KF_LONG, b, sizeof (b)));
+ case KEYDB_SEARCH_MODE_FPR16:
+ bin2hex (desc->u.fpr, 16, fpr);
+ return xasprintf ("FPR16: '%s'",
+ format_hexfingerprint (fpr, b, sizeof (b)));
+ case KEYDB_SEARCH_MODE_FPR20:
+ bin2hex (desc->u.fpr, 20, fpr);
+ return xasprintf ("FPR20: '%s'",
+ format_hexfingerprint (fpr, b, sizeof (b)));
+ case KEYDB_SEARCH_MODE_FPR:
+ bin2hex (desc->u.fpr, 20, fpr);
+ return xasprintf ("FPR: '%s'",
+ format_hexfingerprint (fpr, b, sizeof (b)));
+ case KEYDB_SEARCH_MODE_ISSUER:
+ return xasprintf ("ISSUER: '%s'", desc->u.name);
+ case KEYDB_SEARCH_MODE_ISSUER_SN:
+ return xasprintf ("ISSUER_SN: '%*s'",
+ (int) (desc->snlen == -1
+ ? strlen (desc->sn) : desc->snlen),
+ desc->sn);
+ case KEYDB_SEARCH_MODE_SN:
+ return xasprintf ("SN: '%*s'",
+ (int) (desc->snlen == -1
+ ? strlen (desc->sn) : desc->snlen),
+ desc->sn);
+ case KEYDB_SEARCH_MODE_SUBJECT:
+ return xasprintf ("SUBJECT: '%s'", desc->u.name);
+ case KEYDB_SEARCH_MODE_KEYGRIP:
+ return xasprintf ("KEYGRIP: %s", desc->u.grip);
+ case KEYDB_SEARCH_MODE_FIRST:
+ return xasprintf ("FIRST");
+ case KEYDB_SEARCH_MODE_NEXT:
+ return xasprintf ("NEXT");
+ default:
+ return xasprintf ("Bad search mode (%d)", desc->mode);
+ }
+}
+
gpg_error_t
keydb_add_resource (const char *url, unsigned int flags)
{
@@ -1571,57 +1633,11 @@ keydb_search_reset (KEYDB_HANDLE hd)
}
-static void
-dump_search_desc (KEYDB_HANDLE hd, const char *text,
- KEYDB_SEARCH_DESC *desc, size_t ndesc)
-{
- int n;
- const char *s;
-
- for (n=0; n < ndesc; n++)
- {
- switch (desc[n].mode)
- {
- case KEYDB_SEARCH_MODE_NONE: s = "none"; break;
- case KEYDB_SEARCH_MODE_EXACT: s = "exact"; break;
- case KEYDB_SEARCH_MODE_SUBSTR: s = "substr"; break;
- case KEYDB_SEARCH_MODE_MAIL: s = "mail"; break;
- case KEYDB_SEARCH_MODE_MAILSUB: s = "mailsub"; break;
- case KEYDB_SEARCH_MODE_MAILEND: s = "mailend"; break;
- case KEYDB_SEARCH_MODE_WORDS: s = "words"; break;
- case KEYDB_SEARCH_MODE_SHORT_KID: s = "short_kid"; break;
- case KEYDB_SEARCH_MODE_LONG_KID: s = "long_kid"; break;
- case KEYDB_SEARCH_MODE_FPR16: s = "fpr16"; break;
- case KEYDB_SEARCH_MODE_FPR20: s = "fpr20"; break;
- case KEYDB_SEARCH_MODE_FPR: s = "fpr"; break;
- case KEYDB_SEARCH_MODE_ISSUER: s = "issuer"; break;
- case KEYDB_SEARCH_MODE_ISSUER_SN: s = "issuer_sn"; break;
- case KEYDB_SEARCH_MODE_SN: s = "sn"; break;
- case KEYDB_SEARCH_MODE_SUBJECT: s = "subject"; break;
- case KEYDB_SEARCH_MODE_KEYGRIP: s = "keygrip"; break;
- case KEYDB_SEARCH_MODE_FIRST: s = "first"; break;
- case KEYDB_SEARCH_MODE_NEXT: s = "next"; break;
- default: s = "?"; break;
- }
- if (!n)
- log_debug ("%s: mode=%s (hd=%p)", text, s, hd);
- else
- log_debug ("%*s mode=%s", (int)strlen (text), "", s);
- if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
- log_printf (" %08lX%08lX", (unsigned long)desc[n].u.kid[0],
- (unsigned long)desc[n].u.kid[1]);
- else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
- log_printf (" %08lX", (unsigned long)desc[n].u.kid[1]);
- else if (desc[n].mode == KEYDB_SEARCH_MODE_SUBSTR)
- log_printf (" '%s'", desc[n].u.name);
- }
-}
-
-
gpg_error_t
keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
size_t ndesc, size_t *descindex)
{
+ int i;
gpg_error_t rc;
int was_reset = hd->is_reset;
/* If an entry is already in the cache, then don't add it again. */
@@ -1636,8 +1652,16 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
if (DBG_CLOCK)
log_clock ("keydb_search enter");
- if (DBG_CACHE)
- dump_search_desc (hd, "keydb_search", desc, ndesc);
+ if (DBG_LOOKUP)
+ {
+ log_debug ("%s: %zd search descriptions:\n", __func__, ndesc);
+ for (i = 0; i < ndesc; i ++)
+ {
+ char *t = keydb_search_desc_dump (&desc[i]);
+ log_debug ("%s %d: %s\n", __func__, i, t);
+ xfree (t);
+ }
+ }
if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID
diff --git a/g10/keydb.h b/g10/keydb.h
index b1dfa08..203c7ec 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -133,6 +133,10 @@ union pref_hint
#define KEYDB_RESOURCE_FLAG_READONLY 8 /* Open in read only mode. */
#define KEYDB_RESOURCE_FLAG_GPGVDEF 16 /* Default file for gpgv. */
+/* Format a search term for debugging output. The caller must free
+ the result. */
+char *keydb_search_desc_dump (struct keydb_search_desc *desc);
+
/* Register a resource (keyring or keybox). The first keyring or
keybox that is added using this function is created if it does not
already exist and the KEYDB_RESOURCE_FLAG_READONLY is not set.
commit a052c30d31c0f6b532fea081f4a9bee083f5440f
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Nov 17 11:47:43 2015 +0100
gpg: Add function format_keyid.
* g10/options.h (opt.keyid_format): Add new value KF_DEFAULT.
* g10/keyid.c (format_keyid): New function.
(keystr): Use it.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/keydb.h b/g10/keydb.h
index 882af35..b1dfa08 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -786,6 +786,7 @@ char *pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize);
#define PUBKEY_STRING_SIZE 32
u32 v3_keyid (gcry_mpi_t a, u32 *ki);
void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk );
+const char *format_keyid (u32 *keyid, int format, char *buffer, int len);
size_t keystrlen(void);
const char *keystr(u32 *keyid);
const char *keystr_with_sub (u32 *main_kid, u32 *sub_kid);
diff --git a/g10/keyid.c b/g10/keyid.c
index d716985..cb237ef 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -274,65 +274,81 @@ v3_keyid (gcry_mpi_t a, u32 *ki)
}
-size_t
-keystrlen(void)
+const char *
+format_keyid (u32 *keyid, int format, char *buffer, int len)
{
- switch(opt.keyid_format)
+ char tmp[KEYID_STR_SIZE];
+ if (! buffer)
+ buffer = tmp;
+
+ if (format == KF_DEFAULT)
+ format = opt.keyid_format;
+ if (format == KF_DEFAULT)
+ format = KF_0xLONG;
+
+ switch (format)
{
case KF_SHORT:
- return 8;
+ snprintf (buffer, len, "%08lX", (ulong)keyid[1]);
+ break;
case KF_LONG:
- return 16;
+ if (keyid[0])
+ snprintf (buffer, len, "%08lX%08lX",
+ (ulong)keyid[0], (ulong)keyid[1]);
+ else
+ snprintf (buffer, len, "%08lX", (ulong)keyid[1]);
+ break;
case KF_0xSHORT:
- return 10;
+ snprintf (buffer, len, "0x%08lX", (ulong)keyid[1]);
+ break;
case KF_0xLONG:
- return 18;
+ if(keyid[0])
+ snprintf (buffer, len, "0x%08lX%08lX",
+ (ulong)keyid[0],(ulong)keyid[1]);
+ else
+ snprintf (buffer, len, "0x%08lX", (ulong)keyid[1]);
+ break;
default:
BUG();
}
-}
+ if (buffer == tmp)
+ return xstrdup (buffer);
+ return buffer;
+}
-const char *
-keystr (u32 *keyid)
+size_t
+keystrlen(void)
{
- static char keyid_str[KEYID_STR_SIZE];
-
- switch (opt.keyid_format)
+ switch(opt.keyid_format)
{
case KF_SHORT:
- snprintf (keyid_str, sizeof keyid_str, "%08lX", (ulong)keyid[1]);
- break;
+ return 8;
case KF_LONG:
- if (keyid[0])
- snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX",
- (ulong)keyid[0], (ulong)keyid[1]);
- else
- snprintf (keyid_str, sizeof keyid_str, "%08lX", (ulong)keyid[1]);
- break;
+ return 16;
case KF_0xSHORT:
- snprintf (keyid_str, sizeof keyid_str, "0x%08lX", (ulong)keyid[1]);
- break;
+ return 10;
case KF_0xLONG:
- if(keyid[0])
- snprintf (keyid_str, sizeof keyid_str, "0x%08lX%08lX",
- (ulong)keyid[0],(ulong)keyid[1]);
- else
- snprintf (keyid_str, sizeof keyid_str, "0x%08lX", (ulong)keyid[1]);
- break;
+ return 18;
default:
BUG();
}
+}
+
- return keyid_str;
+const char *
+keystr (u32 *keyid)
+{
+ static char keyid_str[KEYID_STR_SIZE];
+ return format_keyid (keyid, opt.keyid_format, keyid_str, sizeof (keyid_str));
}
diff --git a/g10/options.h b/g10/options.h
index 6fca714..0bb2aae 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -136,7 +136,7 @@ struct
} compliance;
enum
{
- KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG
+ KF_DEFAULT, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG
} keyid_format;
int shm_coprocess;
const char *set_filename;
commit eae982ed6d69644258afe9c4ad1be553853d8403
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Nov 17 13:42:43 2015 +0100
gpg: Use a more appropriate error code.
* g10/gpg.c (check_user_ids): Return a more appropriate error code if
a user id is ambiguous.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/gpg.c b/g10/gpg.c
index dacfa74..0cc7038 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2209,7 +2209,7 @@ check_user_ids (strlist_t *sp,
log_info (_("(check argument of option '%s')\n"), option);
if (! rc)
- rc = GPG_ERR_CONFLICT;
+ rc = GPG_ERR_AMBIGUOUS_NAME;
err = keydb_get_keyblock (hd, &kb);
if (err)
-----------------------------------------------------------------------
Summary of changes:
g10/Makefile.am | 9 ++-
g10/export.c | 4 -
g10/getkey.c | 47 +----------
g10/gpg.c | 14 +++-
g10/keydb.c | 183 +++++++++++++++++++++++++------------------
g10/keydb.h | 10 ++-
g10/keyid.c | 76 +++++++++++-------
g10/keyring.c | 111 +++++++++++++++++++++++---
g10/keyring.h | 2 +-
g10/keyserver.c | 7 +-
g10/options.h | 2 +-
g10/t-keydb-get-keyblock.c | 60 ++++++++++++++
g10/t-keydb-get-keyblock.gpg | Bin 0 -> 138824 bytes
g10/trustdb.c | 6 +-
14 files changed, 347 insertions(+), 184 deletions(-)
create mode 100644 g10/t-keydb-get-keyblock.c
create mode 100644 g10/t-keydb-get-keyblock.gpg
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list