From 02fe4b0185c1b8734eb1a96412c3103f9b5ee521 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Mon, 4 Feb 2002 21:49:08 +0000 Subject: [PATCH] Workaround for the pksd and OKS keyserver bug that calculates v4 RSA keyids as if they were v3. The workaround/hack is to fetch both the v4 (e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This only happens for key refresh while using the HKP scheme and the refresh-add-fake-v3-keyids keyserver option must be set. This should stay off by default. --- g10/ChangeLog | 10 ++++++++++ g10/keyserver.c | 41 +++++++++++++++++++++++++++++++++++++---- g10/options.h | 1 + 3 files changed, 48 insertions(+), 4 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 6afd2d04e..ce5c0a88f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,13 @@ +2002-02-04 David Shaw + + * keyserver.c, options.h (parse_keyserver_options, keyidlist): + Workaround for the pksd and OKS keyserver bug that calculates v4 + RSA keyids as if they were v3. The workaround/hack is to fetch + both the v4 (e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This + only happens for key refresh while using the HKP scheme and the + refresh-add-fake-v3-keyids keyserver option must be set. This + should stay off by default. + 2002-02-03 David Shaw * keyserver.c (keyserver_spawn): Bug fix - do not append keys to diff --git a/g10/keyserver.c b/g10/keyserver.c index 764a969b1..2dcd098c0 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -86,6 +86,10 @@ parse_keyserver_options(char *options) opt.honor_http_proxy=1; else if(strcasecmp(tok,"no-honor-http-proxy")==0) opt.honor_http_proxy=0; + else if(strcasecmp(tok,"refresh-add-fake-v3-keyids")==0) + opt.keyserver_options.refresh_add_fake_v3_keyids=1; + else if(strcasecmp(tok,"no-refresh-add-fake-v3-keyids")==0) + opt.keyserver_options.refresh_add_fake_v3_keyids=0; else if(strlen(tok)>0) add_to_strlist(&opt.keyserver_options.other,tok); @@ -660,7 +664,7 @@ keyserver_import_keyid(u32 *keyid) /* code mostly stolen from do_export_stream */ static int -keyidlist(STRLIST users,u32 (**kidlist)[2],int *count) +keyidlist(STRLIST users,u32 (**kidlist)[2],int *count,int fakev3) { int rc=0,ndesc,num=100; KBNODE keyblock=NULL,node; @@ -711,6 +715,27 @@ keyidlist(STRLIST users,u32 (**kidlist)[2],int *count) if((node=find_kbnode(keyblock,PKT_PUBLIC_KEY))) { + /* This is to work around a bug in some keyservers (pksd and + OKS) that calculate v4 RSA keyids as if they were v3 RSA. + The answer is to refresh both the correct v4 keyid + (e.g. 99242560) and the fake v3 keyid (e.g. 68FDDBC7). + This only happens for key refresh using the HKP scheme + and if the refresh-add-fake-v3-keyids keyserver option is + set. */ + if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) && + node->pkt->pkt.public_key->version>=4) + { + mpi_get_keyid(node->pkt->pkt.public_key->pkey[0], + (*kidlist)[*count]); + (*count)++; + + if(*count==num) + { + num+=100; + *kidlist=m_realloc(*kidlist,sizeof(u32)*2*num); + } + } + keyid_from_pk(node->pkt->pkt.public_key,(*kidlist)[*count]); (*count)++; @@ -739,11 +764,19 @@ keyidlist(STRLIST users,u32 (**kidlist)[2],int *count) int keyserver_refresh(STRLIST users) { - int rc; + int rc,count,fakev3=0; u32 (*kidlist)[2]; - int count; - rc=keyidlist(users,&kidlist,&count); + /* If refresh_add_fake_v3_keyids is on and it's a HKP scheme, then + enable fake v3 keyid generation. */ + if(opt.keyserver_options.refresh_add_fake_v3_keyids && + opt.keyserver_scheme && + (strcasecmp(opt.keyserver_scheme,"x-hkp")==0 || + strcasecmp(opt.keyserver_scheme,"hkp")==0 || + strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0)) + fakev3=1; + + rc=keyidlist(users,&kidlist,&count,fakev3); if(rc) return rc; diff --git a/g10/options.h b/g10/options.h index dd14d5345..563f7ef1a 100644 --- a/g10/options.h +++ b/g10/options.h @@ -107,6 +107,7 @@ struct { int include_disabled:1; int use_temp_files:1; int keep_temp_files:1; + int refresh_add_fake_v3_keyids:1; STRLIST other; } keyserver_options; int exec_disable;