security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-08 23:37:47 +02:00
Code Activity
749bb80cb7
gnupg/sm
History
Werner Koch 74c5b35062
sm: Detect circular chains in --list-chain. 
* sm/keylist.c (list_cert_chain): Break loop for a too long chain.
--

This avoids endless loops in case of circular chain definitions.  We
use such a limit at other palces as well.  Example for such a chain is

# ------------------------ >8 ------------------------
           ID: 0xBE231B05
          S/N: 51260A931CE27F9CC3A55F79E072AE82
        (dec): 107864989418777835411218143713715990146
       Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
      Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
     sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53
     sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05
      md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6
      pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678
       certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82
      keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9
    notBefore: 2005-06-07 08:09:10
     notAfter: 2019-06-24 19:06:30
     hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
      keyType: rsa2048
    subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A
    authKeyId: [none]
 authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
[...]

Certified by
           ID: 0xCE2E4C63
          S/N: 46EAF096054CC5E3FA65EA6E9F42C664
        (dec): 94265836834010752231943569188608722532
       Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
      Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
     sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73
     sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63
      md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27
      pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840
       certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664
      keygrip: 10678FB5A458D99B7692851E49849F507688B847
    notBefore: 2005-06-07 08:09:10
     notAfter: 2020-05-30 10:48:38
     hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
      keyType: rsa2048
    subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
    authKeyId: [none]
 authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A
     keyUsage: certSign crlSign
[...]

Which has a circular dependency on subKeyId/authkeyId.ki.
2021-11-15 17:51:38 +01:00
..
call-agent.c Use only one copy of the warn_server_mismatch function. 2020-09-01 20:43:57 +02:00
call-dirmngr.c gpg,sm: Simplify keyserver spec parsing. 2021-06-16 12:03:13 +02:00
certchain.c sm: Fix finding of issuer in use-keyboxd mode. 2021-06-11 20:15:32 +02:00
certcheck.c sm: Avoid memory leaks and double double-free 2021-05-20 13:51:47 +02:00
certdump.c sm: Add LotW support to the key listing 2021-09-09 13:30:22 +02:00
certlist.c sm: Implement initial support for keyboxd. 2020-09-10 13:05:17 +02:00
certreqgen-ui.c gpgsm: Replace all assert calls by log_assert. 2020-07-08 14:40:34 +02:00
certreqgen.c gpgsm: Replace all assert calls by log_assert. 2020-07-08 14:40:34 +02:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
decrypt.c sm: Fix pwri. 2021-08-05 11:16:56 +09:00
delete.c sm: Implement delete key in keyboxd mode 2020-09-21 09:20:40 +02:00
encrypt.c sm: Avoid memory leaks and double double-free 2021-05-20 13:51:47 +02:00
export.c sm: Ask for the password for password based decryption (pwri) 2021-05-17 15:42:27 +02:00
fingerprint.c gpgsm: Replace all assert calls by log_assert. 2020-07-08 14:40:34 +02:00
gpgsm-w32info.rc w32: Add icons and version information. 2013-05-07 21:35:48 +02:00
gpgsm.c sm: New option --ldapserver as an alias for --keyserver. 2021-06-16 13:04:34 +02:00
gpgsm.h gpg,sm: Simplify keyserver spec parsing. 2021-06-16 12:03:13 +02:00
import.c sm: Fix finding of issuer in use-keyboxd mode. 2021-06-11 20:15:32 +02:00
keydb.c sm,w32: Fix Unicode problem on key box creation. 2021-07-29 11:51:25 +02:00
keydb.h sm: Implement initial support for keyboxd. 2020-09-10 13:05:17 +02:00
keylist.c sm: Detect circular chains in --list-chain. 2021-11-15 17:51:38 +01:00
Makefile.am build: Fix "ksba.h not found" problem 2021-09-08 15:18:38 +02:00
minip12.c sm: Do not print certain issuer not found diags in quiet mode. 2021-02-25 09:16:18 +01:00
minip12.h sm: Silence some output on --quiet 2021-02-24 08:40:06 +01:00
misc.c sm: Exclude rsaPSS from de-vs compliance mode. 2020-07-03 16:15:29 +02:00
passphrase.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
passphrase.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
qualified.c Replace most of the remaining stdio calls by estream calls. 2020-10-20 12:15:56 +02:00
server.c sm: Avoid memory leaks and double double-free 2021-05-20 13:51:47 +02:00
sign.c sm: Implement initial support for keyboxd. 2020-09-10 13:05:17 +02:00
t-minip12.c sm: Add support to export ECC private keys. 2020-04-27 19:54:39 +02:00
verify.c Include the library version in the compliance checks. 2021-01-28 15:48:08 +01:00