security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Avoid output to the tty during import. 

* g10/key-check.c (key_check_all_keysigs): Add arg mode and change all
output calls to use it.
* g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all
output calls to use it.
(keyedit_menu): Adjust for changes.
* g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp.
* g10/import.c (import_one): Call key_check_all_keysigs with output to
the log stream.
--

Fixes-commit: 404fa8211b
GnuPG-bug-id: 3288
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-07-27 11:37:00 +02:00
parent 94eea0ed2c
commit fcb62fe20f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
7 changed files with 96 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/gpgcompose.c
View File

@ -3065,11 +3065,13 @@ show_basic_key_info (ctrl_t ctrl, KBNODE keyblock)
} }
int int
keyedit_print_one_sig (ctrl_t ctrl, int rc, kbnode_t keyblock, kbnode_t node, keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
int rc, kbnode_t keyblock, kbnode_t node,
int *inv_sigs, int *no_key, int *oth_err, int *inv_sigs, int *no_key, int *oth_err,
int is_selfsig, int print_without_key, int extended) int is_selfsig, int print_without_key, int extended)
{ {
(void) ctrl; (void) ctrl;
(void) fp;
(void) rc; (void) rc;
(void) keyblock; (void) keyblock;
(void) node; (void) node;

2
g10/import.c
View File

@ -1701,7 +1701,7 @@ import_one (ctrl_t ctrl,
keystr_from_pk(pk)); keystr_from_pk(pk));
if ((options & IMPORT_REPAIR_KEYS)) if ((options & IMPORT_REPAIR_KEYS))
key_check_all_keysigs (ctrl, keyblock, 0, 0); key_check_all_keysigs (ctrl, 1, keyblock, 0, 0);
if (chk_self_sigs (ctrl, keyblock, keyid, &non_self)) if (chk_self_sigs (ctrl, keyblock, keyid, &non_self))
return 0; /* Invalid keyblock - error already printed. */ return 0; /* Invalid keyblock - error already printed. */

117
g10/key-check.c
View File

@ -33,7 +33,7 @@
#include "key-check.h" #include "key-check.h"
/* Order two signatures. The actual ordering isn't important. Our /* Order two signatures. The actual ordering isn't important. Our
goal is to ensure that identical signatures occur together. */ * goal is to ensure that identical signatures occur together. */
static int static int
sig_comparison (const void *av, const void *bv) sig_comparison (const void *av, const void *bv)
{ {
@ -72,28 +72,35 @@ sig_comparison (const void *av, const void *bv)
return 0; return 0;
} }
/* Perform a few sanity checks on a keyblock is okay and possibly /* Perform a few sanity checks on a keyblock is okay and possibly
repair some damage. Concretely: * repair some damage. Concretely:
*
- Detect duplicate signatures and remove them. * - Detect duplicate signatures and remove them.
*
- Detect out of order signatures and relocate them (e.g., a sig * - Detect out of order signatures and relocate them (e.g., a sig
over user id X located under subkey Y). * over user id X located under subkey Y).
*
Note: this function does not remove signatures that don't belong or * Note: this function does not remove signatures that don't belong or
components that are not signed! (Although it would be trivial to * components that are not signed! (Although it would be trivial to
do so.) * do so.)
*
If ONLY_SELFSIGS is true, then this function only reorders self * If ONLY_SELFSIGS is true, then this function only reorders self
signatures (it still checks all signatures for duplicates, * signatures (it still checks all signatures for duplicates,
however). * however).
*
Returns 1 if the keyblock was modified, 0 otherwise. */ * Allowed values for MODE are:
* -1 - print to the TTY
* 0 - print to stdout
* 1 - use log_info.
*
* Returns true if the keyblock was modified. */
int int
key_check_all_keysigs (ctrl_t ctrl, kbnode_t kb, key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb,
int only_selected, int only_selfsigs) int only_selected, int only_selfsigs)
{ {
gpg_error_t err; gpg_error_t err;
estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
PKT_public_key *pk; PKT_public_key *pk;
KBNODE n, n_next, *n_prevp, n2; KBNODE n, n_next, *n_prevp, n2;
char *pending_desc = NULL; char *pending_desc = NULL;
@ -329,8 +336,8 @@ key_check_all_keysigs (ctrl_t ctrl, kbnode_t kb,
{ {
if (DBG_PACKET && pending_desc) if (DBG_PACKET && pending_desc)
log_debug ("%s", pending_desc); log_debug ("%s", pending_desc);
tty_printf (_("can't check signature with unsupported" log_info (_("can't check signature with unsupported"
" public-key algorithm (%d): %s.\n"), " public-key algorithm (%d): %s.\n"),
sig->pubkey_algo, gpg_strerror (err)); sig->pubkey_algo, gpg_strerror (err));
break; break;
} }
@ -338,8 +345,8 @@ key_check_all_keysigs (ctrl_t ctrl, kbnode_t kb,
{ {
if (DBG_PACKET && pending_desc) if (DBG_PACKET && pending_desc)
log_debug ("%s", pending_desc); log_debug ("%s", pending_desc);
tty_printf (_("can't check signature with unsupported" log_info (_("can't check signature with unsupported"
" message-digest algorithm %d: %s.\n"), " message-digest algorithm %d: %s.\n"),
sig->digest_algo, gpg_strerror (err)); sig->digest_algo, gpg_strerror (err));
break; break;
} }
@ -482,32 +489,36 @@ key_check_all_keysigs (ctrl_t ctrl, kbnode_t kb,
; ;
else if (last_printed_component->pkt->pkttype == PKT_USER_ID) else if (last_printed_component->pkt->pkttype == PKT_USER_ID)
{ {
tty_printf ("uid "); tty_fprintf (fp, "uid ");
tty_print_utf8_string (last_printed_component tty_print_utf8_string2 (fp,
->pkt->pkt.user_id->name, last_printed_component
last_printed_component ->pkt->pkt.user_id->name,
->pkt->pkt.user_id->len); last_printed_component
->pkt->pkt.user_id->len, 0);
} }
else if (last_printed_component->pkt->pkttype else if (last_printed_component->pkt->pkttype
== PKT_PUBLIC_KEY) == PKT_PUBLIC_KEY)
tty_printf ("pub %s", tty_fprintf (fp, "pub %s",
pk_keyid_str (last_printed_component pk_keyid_str (last_printed_component
->pkt->pkt.public_key)); ->pkt->pkt.public_key));
else else
tty_printf ("sub %s", tty_fprintf (fp, "sub %s",
pk_keyid_str (last_printed_component pk_keyid_str (last_printed_component
->pkt->pkt.public_key)); ->pkt->pkt.public_key));
if (modified) if (modified)
{ {
if (is_reordered) if (is_reordered)
tty_printf (_(" (reordered signatures follow)")); tty_fprintf (fp, _(" (reordered signatures follow)"));
tty_printf ("\n"); if (mode > 0)
log_printf ("\n");
else
tty_fprintf (fp, "\n");
} }
} }
if (modified) if (modified)
keyedit_print_one_sig (ctrl, rc, kb, n, NULL, NULL, NULL, keyedit_print_one_sig (ctrl, fp, rc, kb, n, NULL, NULL, NULL,
has_selfsig, 0, only_selfsigs); has_selfsig, 0, only_selfsigs);
} }
@ -524,7 +535,7 @@ key_check_all_keysigs (ctrl_t ctrl, kbnode_t kb,
buffer, sizeof (buffer), &len, buffer, sizeof (buffer), &len,
sig->data[i]); sig->data[i]);
printable = bin2hex (buffer, len, NULL); printable = bin2hex (buffer, len, NULL);
log_info (" %d: %s\n", i, printable); log_debug (" %d: %s\n", i, printable);
xfree (printable); xfree (printable);
} }
} }
@ -614,27 +625,31 @@ key_check_all_keysigs (ctrl_t ctrl, kbnode_t kb,
} }
if (dups || missing_issuer || bad_signature || reordered) if (dups || missing_issuer || bad_signature || reordered)
tty_printf (_("key %s:\n"), pk_keyid_str (pk)); tty_fprintf (fp, _("key %s:\n"), pk_keyid_str (pk));
if (dups) if (dups)
tty_printf (ngettext ("%d duplicate signature removed\n", tty_fprintf (fp,
"%d duplicate signatures removed\n", dups), dups); ngettext ("%d duplicate signature removed\n",
"%d duplicate signatures removed\n", dups), dups);
if (missing_issuer) if (missing_issuer)
tty_printf (ngettext ("%d signature not checked due to a missing key\n", tty_fprintf (fp,
"%d signatures not checked due to missing keys\n", ngettext ("%d signature not checked due to a missing key\n",
missing_issuer), missing_issuer); "%d signatures not checked due to missing keys\n",
missing_issuer), missing_issuer);
if (bad_signature) if (bad_signature)
tty_printf (ngettext ("%d bad signature\n", tty_fprintf (fp,
"%d bad signatures\n", ngettext ("%d bad signature\n",
bad_signature), bad_signature); "%d bad signatures\n",
bad_signature), bad_signature);
if (reordered) if (reordered)
tty_printf (ngettext ("%d signature reordered\n", tty_fprintf (fp,
"%d signatures reordered\n", ngettext ("%d signature reordered\n",
reordered), reordered); "%d signatures reordered\n",
reordered), reordered);
if (only_selfsigs && (bad_signature || reordered)) if (only_selfsigs && (bad_signature || reordered))
tty_printf (_("Warning: errors found and only checked self-signatures," tty_fprintf (fp, _("Warning: errors found and only checked self-signatures,"
" run '%s' to check all signatures.\n"), "check"); " run '%s' to check all signatures.\n"), "check");
return modified; return modified;
} }

2
g10/key-check.h
View File

@ -22,7 +22,7 @@
#include "gpg.h" #include "gpg.h"
int key_check_all_keysigs (ctrl_t ctrl, kbnode_t kb, int key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb,
int only_selected, int only_selfsigs); int only_selected, int only_selfsigs);
#endif /* GNUPG_G10_PACKET_TOOLS_H */ #endif /* GNUPG_G10_PACKET_TOOLS_H */

40
g10/keyedit.c
View File

@ -193,7 +193,8 @@ print_and_check_one_sig_colon (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
* always be printed. * always be printed.
*/ */
int int
keyedit_print_one_sig (ctrl_t ctrl, int rc, kbnode_t keyblock, kbnode_t node, keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
int rc, kbnode_t keyblock, kbnode_t node,
int *inv_sigs, int *no_key, int *oth_err, int *inv_sigs, int *no_key, int *oth_err,
int is_selfsig, int print_without_key, int extended) int is_selfsig, int print_without_key, int extended)
{ {
@ -232,7 +233,7 @@ keyedit_print_one_sig (ctrl_t ctrl, int rc, kbnode_t keyblock, kbnode_t node,
} }
if (sigrc != '?' || print_without_key) if (sigrc != '?' || print_without_key)
{ {
tty_printf ("%s%c%c %c%c%c%c%c%c %s %s", tty_fprintf (fp, "%s%c%c %c%c%c%c%c%c %s %s",
is_rev ? "rev" : "sig", sigrc, is_rev ? "rev" : "sig", sigrc,
(sig->sig_class - 0x10 > 0 && (sig->sig_class - 0x10 > 0 &&
sig->sig_class - 0x10 < sig->sig_class - 0x10 <
@ -248,38 +249,41 @@ keyedit_print_one_sig (ctrl_t ctrl, int rc, kbnode_t keyblock, kbnode_t node,
keystr (sig->keyid), keystr (sig->keyid),
datestr_from_sig (sig)); datestr_from_sig (sig));
if ((opt.list_options & LIST_SHOW_SIG_EXPIRE) || extended ) if ((opt.list_options & LIST_SHOW_SIG_EXPIRE) || extended )
tty_printf (" %s", expirestr_from_sig (sig)); tty_fprintf (fp, " %s", expirestr_from_sig (sig));
tty_printf (" "); tty_fprintf (fp, " ");
if (sigrc == '%') if (sigrc == '%')
tty_printf ("[%s] ", gpg_strerror (rc)); tty_fprintf (fp, "[%s] ", gpg_strerror (rc));
else if (sigrc == '?') else if (sigrc == '?')
; ;
else if (is_selfsig) else if (is_selfsig)
{ {
tty_printf (is_rev ? _("[revocation]") : _("[self-signature]")); tty_fprintf (fp, is_rev ? _("[revocation]") : _("[self-signature]"));
if (extended && sig->flags.chosen_selfsig) if (extended && sig->flags.chosen_selfsig)
tty_printf ("*"); tty_fprintf (fp, "*");
} }
else else
{ {
size_t n; size_t n;
char *p = get_user_id (ctrl, sig->keyid, &n); char *p = get_user_id (ctrl, sig->keyid, &n);
tty_print_utf8_string2 (NULL, p, n, tty_print_utf8_string2 (fp, p, n,
opt.screen_columns - keystrlen () - 26 - opt.screen_columns - keystrlen () - 26 -
((opt. ((opt.
list_options & LIST_SHOW_SIG_EXPIRE) ? 11 list_options & LIST_SHOW_SIG_EXPIRE) ? 11
: 0)); : 0));
xfree (p); xfree (p);
} }
tty_printf ("\n"); if (fp == log_get_stream ())
log_printf ("\n");
else
tty_fprintf (fp, "\n");
if (sig->flags.policy_url if (sig->flags.policy_url
&& ((opt.list_options & LIST_SHOW_POLICY_URLS) || extended)) && ((opt.list_options & LIST_SHOW_POLICY_URLS) || extended))
show_policy_url (sig, 3, -1); show_policy_url (sig, 3, (!fp? -1 : fp == log_get_stream ()? 1 : 0));
if (sig->flags.notation if (sig->flags.notation
&& ((opt.list_options & LIST_SHOW_NOTATIONS) || extended)) && ((opt.list_options & LIST_SHOW_NOTATIONS) || extended))
show_notation (sig, 3, -1, show_notation (sig, 3, (!fp? -1 : fp == log_get_stream ()? 1 : 0),
((opt. ((opt.
list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0) + list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0) +
((opt. ((opt.
@ -287,7 +291,7 @@ keyedit_print_one_sig (ctrl_t ctrl, int rc, kbnode_t keyblock, kbnode_t node,
if (sig->flags.pref_ks if (sig->flags.pref_ks
&& ((opt.list_options & LIST_SHOW_KEYSERVER_URLS) || extended)) && ((opt.list_options & LIST_SHOW_KEYSERVER_URLS) || extended))
show_keyserver_url (sig, 3, -1); show_keyserver_url (sig, 3, (!fp? -1 : fp == log_get_stream ()? 1 : 0));
if (extended) if (extended)
{ {
@ -296,12 +300,12 @@ keyedit_print_one_sig (ctrl_t ctrl, int rc, kbnode_t keyblock, kbnode_t node,
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL); s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
if (s && *s) if (s && *s)
tty_printf (" [primary]\n"); tty_fprintf (fp, " [primary]\n");
s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if (s && buf32_to_u32 (s)) if (s && buf32_to_u32 (s))
tty_printf (" [expires: %s]\n", tty_fprintf (fp, " [expires: %s]\n",
isotimestamp (pk->timestamp + buf32_to_u32 (s))); isotimestamp (pk->timestamp + buf32_to_u32 (s)));
} }
} }
@ -317,7 +321,7 @@ print_and_check_one_sig (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
int rc; int rc;
rc = check_key_signature (ctrl, keyblock, node, is_selfsig); rc = check_key_signature (ctrl, keyblock, node, is_selfsig);
return keyedit_print_one_sig (ctrl, rc, return keyedit_print_one_sig (ctrl, NULL, rc,
keyblock, node, inv_sigs, no_key, oth_err, keyblock, node, inv_sigs, no_key, oth_err,
*is_selfsig, print_without_key, extended); *is_selfsig, print_without_key, extended);
} }
@ -1166,7 +1170,7 @@ fix_keyblock (ctrl_t ctrl, kbnode_t *keyblockp)
if (collapse_uids (keyblockp)) if (collapse_uids (keyblockp))
changed++; changed++;
if (key_check_all_keysigs (ctrl, *keyblockp, 0, 1)) if (key_check_all_keysigs (ctrl, 1, *keyblockp, 0, 1))
changed++; changed++;
reorder_keyblock (*keyblockp); reorder_keyblock (*keyblockp);
/* If we modified the keyblock, make sure the flags are right. */ /* If we modified the keyblock, make sure the flags are right. */
@ -1613,7 +1617,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break; break;
case cmdCHECK: case cmdCHECK:
if (key_check_all_keysigs (ctrl, keyblock, if (key_check_all_keysigs (ctrl, -1, keyblock,
count_selected_uids (keyblock), count_selected_uids (keyblock),
!strcmp (arg_string, "selfsig"))) !strcmp (arg_string, "selfsig")))
modified = 1; modified = 1;

3
g10/keyedit.h
View File

@ -51,7 +51,8 @@ void keyedit_quick_set_expire (ctrl_t ctrl,
void keyedit_quick_set_primary (ctrl_t ctrl, const char *username, void keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
const char *primaryuid); const char *primaryuid);
void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock); void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock);
int keyedit_print_one_sig (ctrl_t ctrl, int rc, kbnode_t keyblock, int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
int rc, kbnode_t keyblock,
kbnode_t node, int *inv_sigs, int *no_key, kbnode_t node, int *inv_sigs, int *no_key,
int *oth_err, int is_selfsig, int *oth_err, int is_selfsig,
int print_without_key, int extended); int print_without_key, int extended);

2
g10/keylist.c
View File

@ -193,7 +193,7 @@ print_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
} }
/* Print information about the public key. With FP passed as NULL, /* Print information about the public key. With FP passed as NULL,
the tty output interface is used, otherwise output is directted to the tty output interface is used, otherwise output is directed to
the given stream. */ the given stream. */
void void
print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk) print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk)