1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

* getkey.c (get_pubkey_fast): This one is sort of obscure. get_pubkey_fast

returns the primary key when requesting a subkey, so if a user has a key
signed by a subkey (we don't do this, but used to), AND that key is not
self-signed, AND the algorithm of the subkey in question is not present in
GnuPG, AND the algorithm of the primary key that owns the subkey in
question is present in GnuPG, then we will try and verify the subkey
signature using the primary key algorithm and hit a BUG().  The fix is to
not return a hit if the keyid is not the primary.  All other users of
get_pubkey_fast already expect a primary only.
This commit is contained in:
David Shaw 2003-12-10 14:57:38 +00:00
parent 34b2ea2bf6
commit c6f07b53b2
2 changed files with 25 additions and 5 deletions

View File

@ -1,3 +1,16 @@
2003-12-10 David Shaw <dshaw@jabberwocky.com>
* getkey.c (get_pubkey_fast): This one is sort of obscure.
get_pubkey_fast returns the primary key when requesting a subkey,
so if a user has a key signed by a subkey (we don't do this, but
used to), AND that key is not self-signed, AND the algorithm of
the subkey in question is not present in GnuPG, AND the algorithm
of the primary key that owns the subkey in question is present in
GnuPG, then we will try and verify the subkey signature using the
primary key algorithm and hit a BUG(). The fix is to not return a
hit if the keyid is not the primary. All other users of
get_pubkey_fast already expect a primary only.
2003-12-04 David Shaw <dshaw@jabberwocky.com> 2003-12-04 David Shaw <dshaw@jabberwocky.com>
* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,

View File

@ -375,13 +375,15 @@ get_pubkey( PKT_public_key *pk, u32 *keyid )
/* Get a public key and store it into the allocated pk. This function /* Get a public key and store it into the allocated pk. This function
differs from get_pubkey() in that it does not do a check of the key differs from get_pubkey() in that it does not do a check of the key
to avoid recursion. It should be used only in very certain cases. */ to avoid recursion. It should be used only in very certain cases.
It will only retrieve primary keys. */
int int
get_pubkey_fast (PKT_public_key *pk, u32 *keyid) get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
{ {
int rc = 0; int rc = 0;
KEYDB_HANDLE hd; KEYDB_HANDLE hd;
KBNODE keyblock; KBNODE keyblock;
u32 pkid[2];
assert (pk); assert (pk);
#if MAX_PK_CACHE_ENTRIES #if MAX_PK_CACHE_ENTRIES
@ -414,20 +416,25 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc)); log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
return G10ERR_NO_PUBKEY; return G10ERR_NO_PUBKEY;
} }
assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
|| keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY ); || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
copy_public_key (pk, keyblock->pkt->pkt.public_key );
keyid_from_pk(keyblock->pkt->pkt.public_key,pkid);
if(keyid[0]==pkid[0] && keyid[1]==pkid[1])
copy_public_key (pk, keyblock->pkt->pkt.public_key );
else
rc=G10ERR_NO_PUBKEY;
release_kbnode (keyblock); release_kbnode (keyblock);
/* Not caching key here since it won't have all of the fields /* Not caching key here since it won't have all of the fields
properly set. */ properly set. */
return 0; return rc;
} }
KBNODE KBNODE
get_pubkeyblock( u32 *keyid ) get_pubkeyblock( u32 *keyid )
{ {