security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

gpg: Lookup key for merging/inserting only beu primary key.

Browse Source 
* g10/getkey.c (get_keyblock_byfpr_fast): Add arg primary_only and
implement.
* g10/import.c (import_one_real): Simplify filling the fpr buffer with
zeroes.
(import_one_real): Find key only by primary fingerprint.
--

This should have been done early: When looking up the original
keyblock we want to update, we need to lookup it up only using the
primary key.  This avoids to find a key which has the primary key also
has a subkey.

GnuPG-bug-id: 7527
This commit is contained in:
Werner Koch 2025-02-11 14:44:23 +01:00
parent ef4acfd77b
commit 70049e5f16
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
g10/getkey.c
View File

@ -1945,7 +1945,7 @@ get_pubkey_byfpr_fast (ctrl_t ctrl, PKT_public_key * pk,
gpg_error_t err; gpg_error_t err;
KBNODE keyblock; KBNODE keyblock;
err = get_keyblock_byfpr_fast (ctrl, &keyblock, NULL, fpr, fprlen, 0); err = get_keyblock_byfpr_fast (ctrl, &keyblock, NULL, 0, fpr, fprlen, 0);
if (!err) if (!err)
{ {
if (pk) if (pk)
@ -1962,11 +1962,14 @@ get_pubkey_byfpr_fast (ctrl_t ctrl, PKT_public_key * pk,
* R_HD may be NULL. If LOCK is set the handle has been opend in * R_HD may be NULL. If LOCK is set the handle has been opend in
* locked mode and keydb_disable_caching () has been called. On error * locked mode and keydb_disable_caching () has been called. On error
* R_KEYBLOCK is set to NULL but R_HD must be released by the caller; * R_KEYBLOCK is set to NULL but R_HD must be released by the caller;
* it may have a value of NULL, though. This allows one to do an insert * it may have a value of NULL, though. This allows one to do an
* operation on a locked keydb handle. */ * insert operation on a locked keydb handle. If PRIMARY_ONLY is set
* the function returns a keyblock which has the requested fingerprint
* has primary key. */
gpg_error_t gpg_error_t
get_keyblock_byfpr_fast (ctrl_t ctrl, get_keyblock_byfpr_fast (ctrl_t ctrl,
kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd, kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd,
int primary_only,
const byte *fpr, size_t fprlen, int lock) const byte *fpr, size_t fprlen, int lock)
{ {
gpg_error_t err; gpg_error_t err;
@ -1974,6 +1977,8 @@ get_keyblock_byfpr_fast (ctrl_t ctrl,
kbnode_t keyblock; kbnode_t keyblock;
byte fprbuf[MAX_FINGERPRINT_LEN]; byte fprbuf[MAX_FINGERPRINT_LEN];
int i; int i;
byte tmpfpr[MAX_FINGERPRINT_LEN];
size_t tmpfprlen;
if (r_keyblock) if (r_keyblock)
*r_keyblock = NULL; *r_keyblock = NULL;
@ -2005,6 +2010,7 @@ get_keyblock_byfpr_fast (ctrl_t ctrl,
if (r_hd) if (r_hd)
*r_hd = hd; *r_hd = hd;
again:
err = keydb_search_fpr (hd, fprbuf, fprlen); err = keydb_search_fpr (hd, fprbuf, fprlen);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
{ {
@ -2024,6 +2030,17 @@ get_keyblock_byfpr_fast (ctrl_t ctrl,
log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
|| keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY); || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY);
if (primary_only)
{
fingerprint_from_pk (keyblock->pkt->pkt.public_key, tmpfpr, &tmpfprlen);
if (fprlen != tmpfprlen || memcmp (fpr, tmpfpr, fprlen))
{
release_kbnode (keyblock);
keyblock = NULL;
goto again;
}
}
/* Not caching key here since it won't have all of the fields /* Not caching key here since it won't have all of the fields
properly set. */ properly set. */

6
g10/import.c
View File

@ -1994,7 +1994,6 @@ import_one_real (ctrl_t ctrl,
int mod_key = 0; int mod_key = 0;
int same_key = 0; int same_key = 0;
int non_self_or_utk = 0; int non_self_or_utk = 0;
size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE]; char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0; int merge_keys_done = 0;
int any_filter = 0; int any_filter = 0;
@ -2015,8 +2014,8 @@ import_one_real (ctrl_t ctrl,
pk = node->pkt->pkt.public_key; pk = node->pkt->pkt.public_key;
fingerprint_from_pk (pk, fpr2, &fpr2len); fingerprint_from_pk (pk, fpr2, &fpr2len);
for (an = fpr2len; an < MAX_FINGERPRINT_LEN; an++) if (MAX_FINGERPRINT_LEN > fpr2len)
fpr2[an] = 0; memset (fpr2+fpr2len, 0, MAX_FINGERPRINT_LEN - fpr2len);
keyid_from_pk( pk, keyid ); keyid_from_pk( pk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
@ -2215,6 +2214,7 @@ import_one_real (ctrl_t ctrl,
/* Do we have this key already in one of our pubrings ? */ /* Do we have this key already in one of our pubrings ? */
err = get_keyblock_byfpr_fast (ctrl, &keyblock_orig, &hd, err = get_keyblock_byfpr_fast (ctrl, &keyblock_orig, &hd,
1 /*primary only */,
fpr2, fpr2len, 1/*locked*/); fpr2, fpr2len, 1/*locked*/);
if ((err if ((err
&& gpg_err_code (err) != GPG_ERR_NO_PUBKEY && gpg_err_code (err) != GPG_ERR_NO_PUBKEY

1
g10/keydb.h
View File

@ -422,6 +422,7 @@ gpg_error_t get_pubkey_byfpr_fast (ctrl_t ctrl, PKT_public_key *pk,
gpg_error_t get_keyblock_byfpr_fast (ctrl_t ctrl, gpg_error_t get_keyblock_byfpr_fast (ctrl_t ctrl,
kbnode_t *r_keyblock, kbnode_t *r_keyblock,
KEYDB_HANDLE *r_hd, KEYDB_HANDLE *r_hd,
int primary_only,
const byte *fpr, size_t fprlen, const byte *fpr, size_t fprlen,
int lock); int lock);