security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Merge branch 'master' into switch-to-gpgk

Browse source
This commit is contained in:
Werner Koch 2019-07-12 13:57:00 +02:00
commit a5118b19c1
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
142 changed files with 7869 additions and 3007 deletions
Download patch file Download diff file Expand all files Collapse all files

4
kbx/keybox-blob.c
View file

@ -134,7 +134,7 @@
Note that this value matches TRUST_FLAG_REVOKED
- u16 RFU
- u32 Recheck_after
- u32 Latest timestamp in the keyblock (useful for KS syncronsiation?)
- u32 Latest timestamp in the keyblock (useful for KS synchronization?)
- u32 Blob created at
- u32 [NRES] Size of reserved space (not including this field)
- bN Reserved space of size NRES for future use.
@ -144,7 +144,7 @@
- bN Space for the keyblock or certificate.
- bN RFU. This is the remaining space after keyblock and before
the checksum. It is not covered by the checksum.
- b20 SHA-1 checksum (useful for KS syncronisation?)
- b20 SHA-1 checksum (useful for KS synchronization?)
Note, that KBX versions before GnuPG 2.1 used an MD5
checksum. However it was only created but never checked.
Thus we do not expect problems if we switch to SHA-1. If

33
kbx/keybox-init.c
View file

@ -261,10 +261,12 @@ _keybox_close_file (KEYBOX_HANDLE hd)
/*
* Lock the keybox at handle HD, or unlock if YES is false.
* Lock the keybox at handle HD, or unlock if YES is false. TIMEOUT
* is the value used for dotlock_take. In general -1 should be used
* when taking a lock; use 0 when releasing a lock.
*/
gpg_error_t
keybox_lock (KEYBOX_HANDLE hd, int yes)
keybox_lock (KEYBOX_HANDLE hd, int yes, long timeout)
{
gpg_error_t err = 0;
KB_NAME kb = hd->kb;
@ -289,23 +291,22 @@ keybox_lock (KEYBOX_HANDLE hd, int yes)
if (!kb->is_locked)
{
#ifdef HAVE_W32_SYSTEM
/* Under Windows we need to close the file before we try
* to lock it. This is because another process might have
* taken the lock and is using keybox_file_rename to
* rename the base file. How if our dotlock_take below is
* waiting for the lock but we have the base file still
* open, keybox_file_rename will never succeed as we are
* in a deadlock. */
if (hd->fp)
{
fclose (hd->fp);
hd->fp = NULL;
}
/* Under Windows we need to close the file before we try
* to lock it. This is because another process might have
* taken the lock and is using keybox_file_rename to
* rename the base file. Now if our dotlock_take below is
* waiting for the lock but we have the base file still
* open, keybox_file_rename will never succeed as we are
* in a deadlock. */
_keybox_close_file (hd);
#endif /*HAVE_W32_SYSTEM*/
if (dotlock_take (kb->lockhd, -1))
if (dotlock_take (kb->lockhd, timeout))
{
err = gpg_error_from_syserror ();
log_info ("can't lock '%s'\n", kb->fname );
if (!timeout && gpg_err_code (err) == GPG_ERR_EACCES)
; /* No diagnostic if we only tried to lock. */
else
log_info ("can't lock '%s'\n", kb->fname );
}
else
kb->is_locked = 1;

34
kbx/keybox-search.c
View file

@ -873,16 +873,21 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
KEYBOXBLOB blob = NULL;
struct sn_array_s *sn_array = NULL;
int pk_no, uid_no;
off_t lastfoundoff;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
/* clear last found result */
/* Clear last found result but reord the offset of the last found
* blob which we may need later. */
if (hd->found.blob)
{
lastfoundoff = _keybox_get_blob_fileoffset (hd->found.blob);
_keybox_release_blob (hd->found.blob);
hd->found.blob = NULL;
}
else
lastfoundoff = 0;
if (hd->error)
return hd->error; /* still in error state */
@ -901,6 +906,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
case KEYDB_SEARCH_MODE_FIRST:
/* always restart the search in this mode */
keybox_search_reset (hd);
lastfoundoff = 0;
break;
default:
break;
@ -925,6 +931,32 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
xfree (sn_array);
return rc;
}
/* log_debug ("%s: re-opened file\n", __func__); */
if (ndesc && desc[0].mode != KEYDB_SEARCH_MODE_FIRST && lastfoundoff)
{
/* Search mode is not first and the last search operation
* returned a blob which also was not the first one. We now
* need to skip over that blob and hope that the file has
* not changed. */
if (fseeko (hd->fp, lastfoundoff, SEEK_SET))
{
rc = gpg_error_from_syserror ();
log_debug ("%s: seeking to last found offset failed: %s\n",
__func__, gpg_strerror (rc));
xfree (sn_array);
return gpg_error (GPG_ERR_NOTHING_FOUND);
}
/* log_debug ("%s: re-opened file and sought to last offset\n", */
/* __func__); */
rc = _keybox_read_blob (NULL, hd->fp, NULL);
if (rc)
{
log_debug ("%s: skipping last found blob failed: %s\n",
__func__, gpg_strerror (rc));
xfree (sn_array);
return gpg_error (GPG_ERR_NOTHING_FOUND);
}
}
}
/* Kludge: We need to convert an SN given as hexstring to its binary

2
kbx/keybox-update.c
View file

@ -423,7 +423,7 @@ keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen)
if (off == (off_t)-1)
return gpg_error (GPG_ERR_GENERAL);
/* Close this the file so that we do no mess up the position for a
/* Close the file so that we do no mess up the position for a
next search. */
_keybox_close_file (hd);

2
kbx/keybox.h
View file

@ -76,7 +76,7 @@ void keybox_pop_found_state (KEYBOX_HANDLE hd);
const char *keybox_get_resource_name (KEYBOX_HANDLE hd);
int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
gpg_error_t keybox_lock (KEYBOX_HANDLE hd, int yes);
gpg_error_t keybox_lock (KEYBOX_HANDLE hd, int yes, long timeout);
/*-- keybox-file.c --*/
/* Fixme: This function does not belong here: Provide a better