* free-packet.c (copy_secret_key): Copy secret key into secure memory

since we may unprotect it. * main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local user support so users can use -u with --desig-revoke. This bypasses the interactive walk over the revocation keys.
2024-11-11 21:48:50 +01:00 · 2005-11-19 05:55:45 +00:00 · 2005-11-19 05:55:45 +00:00 · f7c138d9e7
commit f7c138d9e7
parent 092bae80a9
5 changed files with 56 additions and 8 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,12 @@
+2005-11-19  David Shaw  <dshaw@jabberwocky.com>
+
+	* free-packet.c (copy_secret_key): Copy secret key into secure
+	memory since we may unprotect it.
+
+	* main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local
+	user support so users can use -u with --desig-revoke.  This
+	bypasses the interactive walk over the revocation keys.
+
 2005-11-17  David Shaw  <dshaw@jabberwocky.com>

 	* keyedit.c (keyedit_menu, menu_clean): Simplify clean options to
@ -16,7 +25,8 @@

 	* armor.c (parse_header_line): A fussy bit of 2440: header lines
 	are delimited with a colon-space pair.  Therefore a line such as
-	"Comment: " is actually legal, albeit not particularly useful.
+	"Comment: " (with a trailing space) is actually legal, albeit not
+	particularly useful.

 2005-11-11  David Shaw  <dshaw@jabberwocky.com>

--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@ -285,7 +285,7 @@ copy_secret_key( PKT_secret_key *d, PKT_secret_key *s )
    int n, i;

    if( !d )
-	d = xmalloc(sizeof *d);
+	d = xmalloc_secure(sizeof *d);
    else
        release_secret_key_parts (d);
    memcpy( d, s, sizeof *d );
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -3417,7 +3417,7 @@ main (int argc, char **argv )
 	if( argc != 1 )
 	    wrong_args("--desig-revoke user-id");
 	username =  make_username(*argv);
-	gen_desig_revoke( username );
+	gen_desig_revoke( username, locusr );
 	xfree( username );
 	break;

--- a/g10/main.h
+++ b/g10/main.h
@ -237,7 +237,7 @@ int enarmor_file( const char *fname );
 /*-- revoke.c --*/
 struct revocation_reason_info;
 int gen_revoke( const char *uname );
-int gen_desig_revoke( const char *uname );
+int gen_desig_revoke( const char *uname, STRLIST locusr);
 int revocation_reason_build_cb( PKT_signature *sig, void *opaque );
 struct revocation_reason_info *
 		ask_revocation_reason( int key_rev, int cert_rev, int hint );
--- a/g10/revoke.c
+++ b/g10/revoke.c
@ -197,7 +197,7 @@ export_minimal_pk(IOBUF out,KBNODE keyblock,
 * Generate a revocation certificate for UNAME via a designated revoker
 */
 int
-gen_desig_revoke( const char *uname )
+gen_desig_revoke( const char *uname, STRLIST locusr )
 {
    int rc = 0;
    armor_filter_context_t afx;
@ -211,6 +211,7 @@ gen_desig_revoke( const char *uname )
    KBNODE keyblock=NULL,node;
    u32 keyid[2];
    int i,any=0;
+    SK_LIST sk_list=NULL;

    if( opt.batch )
      {
@ -246,6 +247,13 @@ gen_desig_revoke( const char *uname )

    keyid_from_pk(pk,keyid);

+    if(locusr)
+      {
+	rc=build_sk_list(locusr,&sk_list,0,PUBKEY_USAGE_CERT);
+	if(rc)
+	  goto leave;
+      }
+
    /* Are we a designated revoker for this key? */

    if(!pk->revkey && pk->numrevkeys)
@ -253,12 +261,39 @@ gen_desig_revoke( const char *uname )

    for(i=0;i<pk->numrevkeys;i++)
      {
+	SK_LIST list;
+
 	if(sk)
 	  free_secret_key(sk);

-	sk=xmalloc_clear(sizeof(*sk));
+	if(sk_list)
+	  {
+	    for(list=sk_list;list;list=list->next)
+	      {
+		byte fpr[MAX_FINGERPRINT_LEN];
+		size_t fprlen;

+		fingerprint_from_sk(list->sk,fpr,&fprlen);
+
+		/* Don't get involved with keys that don't have 160
+		   bit fingerprints */
+		if(fprlen!=20)
+		  continue;
+
+		if(memcmp(fpr,pk->revkey[i].fpr,20)==0)
+		  break;
+	      }
+
+	    if(list)
+	      sk=copy_secret_key(NULL,list->sk);
+	    else
+	      continue;
+	  }
+	else
+	  {
+	    sk=xmalloc_secure_clear(sizeof(*sk));
 	    rc=get_seckey_byfprint(sk,pk->revkey[i].fpr,MAX_FINGERPRINT_LEN);
+	  }

 	/* We have the revocation key */
 	if(!rc)
@ -297,7 +332,8 @@ gen_desig_revoke( const char *uname )
 	      goto leave;

 	    afx.what = 1;
-	    afx.hdrlines = "Comment: A designated revocation certificate should follow\n";
+	    afx.hdrlines = "Comment: A designated revocation certificate"
+	      " should follow\n";
 	    iobuf_push_filter( out, armor_filter, &afx );

 	    /* create it */
@ -384,6 +420,8 @@ gen_desig_revoke( const char *uname )
    if( sig )
 	free_seckey_enc( sig );

+    release_sk_list(sk_list);
+
    if( rc )
 	iobuf_cancel(out);
    else