[PATCH] g10: fix cmp_public_key and cmp_secret_keys
NIIBE Yutaka
gniibe at fsij.org
Thu Apr 30 07:13:41 CEST 2015
Hello,
This patch is my attempt to fix GnuPG 1.4.x and 2.0.x for the issue
1962.
https://bugs.gnupg.org/gnupg/issue1962
The specific problem of issue 1962 is that comparison of subkeys
always fails in merge_blocks and it results calling append_key always.
Following patch is for 2.0.x but similar can be applied to 1.4.x, too.
This patch basically intend to fix a problem of ECC key handling with
1.4 and 2.0, but the patch itself can also be applied to 2.1.
When the public key algorithm is not known, pkey[0] field is set with
opaque MPI in the parse_key function. Thus, I think that the key can
be compared.
Actually, I got a report to me, my repeated subkey of secp256k1. I
think that this was the cause.
diff --git a/g10/free-packet.c b/g10/free-packet.c
index 85f23ce..9b42cfd 100644
--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@@ -452,11 +452,14 @@ cmp_public_keys( PKT_public_key *a, PKT_public_key *b )
return -1;
n = pubkey_get_npkey( b->pubkey_algo );
- if( !n )
- return -1; /* can't compare due to unknown algorithm */
- for(i=0; i < n; i++ ) {
- if( mpi_cmp( a->pkey[i], b->pkey[i] ) )
- return -1;
+ if( !n ) { /* unknown algorithm, rest is in opaque MPI */
+ if( mpi_cmp( a->pkey[0], b->pkey[0] ) )
+ return -1; /* can't compare due to unknown algorithm */
+ } else {
+ for(i=0; i < n; i++ ) {
+ if( mpi_cmp( a->pkey[i], b->pkey[i] ) )
+ return -1;
+ }
}
return 0;
@@ -479,11 +482,14 @@ cmp_secret_keys( PKT_secret_key *a, PKT_secret_key *b )
return -1;
n = pubkey_get_npkey( b->pubkey_algo );
- if( !n )
- return -1; /* can't compare due to unknown algorithm */
- for(i=0; i < n; i++ ) {
- if( mpi_cmp( a->skey[i], b->skey[i] ) )
+ if( !n ) { /* unknown algorithm, rest is in opaque MPI */
+ if( mpi_cmp( a->skey[0], b->skey[0] ) )
return -1;
+ } else {
+ for(i=0; i < n; i++ ) {
+ if( mpi_cmp( a->skey[i], b->skey[i] ) )
+ return -1;
+ }
}
return 0;
--
More information about the Gnupg-devel
mailing list