mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-14 21:47:19 +02:00
* packet.h, build-packet.c (hash_public_key): Remove function ...
* keydb.h, keyid.c (hash_public_key, do_fingerprint_md): ... and make a new one here that shares code with the fingerprint calculations. This removes some duplicated functionality, and is also around 14% faster. (Every bit helps). * import.c (import_one): No longer need the Elgamal import warning. * getkey.c (get_pubkey_fast): This one is sort of obscure. get_pubkey_fast returns the primary key when requesting a subkey, so if a user has a key signed by a subkey (we don't do this, but used to), AND that key is not self-signed, AND the algorithm of the subkey in question is not present in GnuPG, AND the algorithm of the primary key that owns the subkey in question is present in GnuPG, then we will try and verify the subkey signature using the primary key algorithm and hit a BUG(). The fix is to not return a hit if the keyid is not the primary. All other users of get_pubkey_fast already expect a primary only.
This commit is contained in:
David Shaw
parent
888a6c2980
commit
db5ab5e730
7 changed files with 108 additions and 143 deletions
|
|
@ -254,85 +254,6 @@ do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
|
|||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Make a hash value from the public key certificate
|
||||
*/
|
||||
void
|
||||
hash_public_key( MD_HANDLE md, PKT_public_key *pk )
|
||||
{
|
||||
PACKET pkt;
|
||||
int rc = 0;
|
||||
int ctb;
|
||||
ulong pktlen;
|
||||
int c;
|
||||
IOBUF a = iobuf_temp();
|
||||
#if 0
|
||||
FILE *fp = fopen("dump.pk", "a");
|
||||
int i=0;
|
||||
|
||||
fprintf(fp, "\nHashing PK (v%d):\n", pk->version);
|
||||
#endif
|
||||
|
||||
/* build the packet */
|
||||
init_packet(&pkt);
|
||||
pkt.pkttype = PKT_PUBLIC_KEY;
|
||||
pkt.pkt.public_key = pk;
|
||||
if( (rc = build_packet( a, &pkt )) )
|
||||
log_fatal("build public_key for hashing failed: %s\n", g10_errstr(rc));
|
||||
|
||||
if( !(pk->version == 3 && pk->pubkey_algo == 16) ) {
|
||||
/* skip the constructed header but don't do this for our very old
|
||||
* v3 ElG keys */
|
||||
ctb = iobuf_get_noeof(a);
|
||||
pktlen = 0;
|
||||
if( (ctb & 0x40) ) {
|
||||
c = iobuf_get_noeof(a);
|
||||
if( c < 192 )
|
||||
pktlen = c;
|
||||
else if( c < 224 ) {
|
||||
pktlen = (c - 192) * 256;
|
||||
c = iobuf_get_noeof(a);
|
||||
pktlen += c + 192;
|
||||
}
|
||||
else if( c == 255 ) {
|
||||
pktlen = iobuf_get_noeof(a) << 24;
|
||||
pktlen |= iobuf_get_noeof(a) << 16;
|
||||
pktlen |= iobuf_get_noeof(a) << 8;
|
||||
pktlen |= iobuf_get_noeof(a);
|
||||
}
|
||||
}
|
||||
else {
|
||||
int lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
|
||||
for( ; lenbytes; lenbytes-- ) {
|
||||
pktlen <<= 8;
|
||||
pktlen |= iobuf_get_noeof(a);
|
||||
}
|
||||
}
|
||||
/* hash a header */
|
||||
md_putc( md, 0x99 );
|
||||
pktlen &= 0xffff; /* can't handle longer packets */
|
||||
md_putc( md, pktlen >> 8 );
|
||||
md_putc( md, pktlen & 0xff );
|
||||
}
|
||||
/* hash the packet body */
|
||||
while( (c=iobuf_get(a)) != -1 ) {
|
||||
#if 0
|
||||
fprintf( fp," %02x", c );
|
||||
if( (++i == 24) ) {
|
||||
putc('\n', fp);
|
||||
i=0;
|
||||
}
|
||||
#endif
|
||||
md_putc( md, c );
|
||||
}
|
||||
#if 0
|
||||
putc('\n', fp);
|
||||
fclose(fp);
|
||||
#endif
|
||||
iobuf_cancel(a);
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue