pgg_key_revoke takes both secure public key as parameters, and add revocation signature to both of them. Fixed pgp_filter_keys_fileread, which wasn't initializing cbinfo->io, segfaulting when trying to print an error

8 years ago · dd43fa3a92
parent fda602171a
commit dd43fa3a92
6 changed files with 24 additions and 29 deletions
--- a/dist/src/lib/keyring.c
+++ b/dist/src/lib/keyring.c
@ -863,7 +863,7 @@ pgp_add_selfsigned_userid(pgp_key_t *key, uint8_t *userid)
 }

 unsigned 
-pgp_key_revoke(pgp_key_t *key, uint8_t code, const char *reason)
+pgp_key_revoke(pgp_key_t *skey, pgp_key_t *pkey, uint8_t code, const char *reason)
 {
 	pgp_create_sig_t	*sig;
 	pgp_subpacket_t	 sigpacket;
@ -872,21 +872,22 @@ pgp_key_revoke(pgp_key_t *key, uint8_t code, const char *reason)

 	sig = pgp_create_sig_new();
 	pgp_sig_start_key_rev(
-            sig, &key->key.seckey.pubkey,
+            sig, &skey->key.seckey.pubkey,
            PGP_SIG_REV_KEY);

 	pgp_add_time(sig, (int64_t)time(NULL), "birth");
-	pgp_add_issuer_keyid(sig, key->pubkeyid);
+	pgp_add_issuer_keyid(sig, skey->pubkeyid);
    pgp_add_revocation_reason(sig, code, reason);
 	pgp_end_hashed_subpkts(sig);

 	pgp_setup_memory_write(&sigoutput, &mem_sig, 128);
-	pgp_write_sig(sigoutput, sig, &key->key.seckey.pubkey, &key->key.seckey);
+	pgp_write_sig(sigoutput, sig, &skey->key.seckey.pubkey, &skey->key.seckey);

 	sigpacket.length = pgp_mem_len(mem_sig);
 	sigpacket.raw = pgp_mem_data(mem_sig);

-    pgp_add_directsig(key, &sigpacket, &sig->sig.info);
+    pgp_add_directsig(skey, &sigpacket, &sig->sig.info);
+    pgp_add_directsig(pkey, &sigpacket, &sig->sig.info);

 	/* cleanup */
 	pgp_create_sig_delete(sig);
@ -942,13 +943,14 @@ pgp_keydata_init(pgp_key_t *keydata, const pgp_content_enum type)
 */

 unsigned 
-pgp_keyring_fileread(
+pgp_keyring_fileread(pgp_io_t *io,
            pgp_keyring_t *pubring,
            pgp_keyring_t *secring,
 			const unsigned armour,
 			const char *filename)
 {
    return pgp_filter_keys_fileread(
+                io,
                pubring,
                secring,
                NULL /*certring -> self cert */,
--- a/dist/src/lib/keyring.h
+++ b/dist/src/lib/keyring.h
@ -112,7 +112,7 @@ pgp_seckey_t *pgp_get_writable_seckey(pgp_key_t *);
 // pgp_seckey_t *pgp_decrypt_seckey(const pgp_key_t *, void *);

 unsigned 
-pgp_keyring_fileread(
+pgp_keyring_fileread(pgp_io_t *io,
            pgp_keyring_t *pubring,
            pgp_keyring_t *secring,
 			const unsigned armour,
@ -222,6 +222,6 @@ pgp_key_find_uid_cond(
 const pgp_key_rating_t pgp_key_get_rating(const pgp_key_t *key);

 unsigned 
-pgp_key_revoke(pgp_key_t *key, uint8_t code, const char *reason);
+pgp_key_revoke(pgp_key_t *skey, pgp_key_t *pkey, uint8_t code, const char *reason);

 #endif /* KEYRING_H_ */
--- a/dist/src/lib/netpgp.c
+++ b/dist/src/lib/netpgp.c
@ -234,7 +234,7 @@ readkeyring(netpgp_t *netpgp,
 		(void) snprintf(f, sizeof(f), "%s/%s.gpg", homedir, name);
 		filename = f;
 	}
-	if (!pgp_keyring_fileread(pubring, secring, noarmor, filename)) {
+	if (!pgp_keyring_fileread(netpgp->io, pubring, secring, noarmor, filename)) {
 		(void) fprintf(stderr, "Can't read %s %s\n", name, filename);
 		return 0;
 	}
@ -1246,6 +1246,7 @@ netpgp_import_key(netpgp_t *netpgp, char *f)
 	io = netpgp->io;
 	realarmor = isarmoured(io, f, NULL, IMPORT_ARMOR_HEAD);
 	done = pgp_keyring_fileread(
+            io,
            netpgp->pubring,
            netpgp->secring,
            realarmor, f);
@ -1840,7 +1841,7 @@ netpgp_list_packets(netpgp_t *netpgp, char *f, int armor, char *pubringname)
 		(void) fprintf(io->errs, "netpgp_list_packets: bad alloc\n");
 		return 0;
 	}
-	if (!pgp_keyring_fileread(keyring, NULL, noarmor, pubringname)) {
+	if (!pgp_keyring_fileread(io, keyring, NULL, noarmor, pubringname)) {
 		free(keyring);
 		(void) fprintf(io->errs, "Cannot read pub keyring %s\n",
 			pubringname);
@ -2031,7 +2032,7 @@ netpgp_write_sshkey(netpgp_t *netpgp, char *s, const char *userid, char *out, si
 		(void) fprintf(stderr, "netpgp_save_sshpub: bad alloc 2\n");
 		goto done;
 	}
-	if (!pgp_keyring_fileread(netpgp->pubring = keyring, NULL, 1, f)) {
+	if (!pgp_keyring_fileread(io, netpgp->pubring = keyring, NULL, 1, f)) {
 		(void) fprintf(stderr, "can't import key\n");
 		goto done;
 	}
--- a/dist/src/lib/openssl_crypto.c
+++ b/dist/src/lib/openssl_crypto.c
@ -712,9 +712,7 @@ pgp_rsa_generate_keypair(pgp_key_t *keydata,
 	seckey->pubkey.alg = PGP_PKA_RSA;

 	seckey->pubkey.key.rsa.n = BN_dup(rsa->n);
-    printf("RSA N %p %d\n", seckey->pubkey.key.rsa.n, BN_num_bits(seckey->pubkey.key.rsa.n));
 	seckey->pubkey.key.rsa.e = BN_dup(rsa->e);
-    printf("RSA E %p %d\n", seckey->pubkey.key.rsa.e, BN_num_bits(seckey->pubkey.key.rsa.e));

 	/* seckey->s2k_usage = PGP_S2KU_ENCRYPTED_AND_HASHED; */
 	seckey->s2k_usage = PGP_S2KU_NONE;
--- a/dist/src/lib/validate.c
+++ b/dist/src/lib/validate.c
@ -837,6 +837,7 @@ static pgp_cb_ret_t key_filter_cb (

 unsigned 
 pgp_filter_keys_fileread(
+            pgp_io_t *io,
            pgp_keyring_t *destpubring,
            pgp_keyring_t *destsecring,
            pgp_keyring_t *certring,
@ -857,27 +858,19 @@ pgp_filter_keys_fileread(
    filter.destpubring = destpubring;
    filter.destsecring = destsecring;

-	stream = pgp_new(sizeof(*stream));
-	pgp_parse_options(stream, PGP_PTAG_SS_ALL, PGP_PARSE_PARSED);
+    fd = pgp_setup_file_read(io,
+			&stream,filename,
+			&vdata,
+            pgp_validate_key_cb,
+			1);

-#ifdef O_BINARY
-	fd = open(filename, O_RDONLY | O_BINARY);
-#else
-	fd = open(filename, O_RDONLY);
-#endif
 	if (fd < 0) {
 		pgp_stream_delete(stream);
 		perror(filename);
 		return 0;
 	}
-#ifdef USE_MMAP_FOR_FILES
-	pgp_reader_set_mmap(stream, fd);
-#else
-	pgp_reader_set_fd(stream, fd);
-#endif

-	pgp_set_callback(stream, pgp_validate_key_cb, &vdata);
-	stream->readinfo.accumulate = 1;
+	pgp_parse_options(stream, PGP_PTAG_SS_ALL, PGP_PARSE_PARSED);

 	if (armour) {
 		pgp_reader_push_dearmour(stream);
@ -904,7 +897,8 @@ pgp_filter_keys_fileread(
 }

 unsigned 
-pgp_filter_keys_from_mem(pgp_io_t *io,
+pgp_filter_keys_from_mem(
+            pgp_io_t *io,
            pgp_keyring_t *destpubring,
            pgp_keyring_t *destsecring,
            pgp_keyring_t *certring,
--- a/dist/src/lib/validate.h
+++ b/dist/src/lib/validate.h
@ -131,7 +131,7 @@ pgp_cb_ret_t validate_data_cb(const pgp_packet_t *, pgp_cbdata_t *);
 void pgp_free_sig_info(pgp_sig_info_t *);

 unsigned 
-pgp_filter_keys_fileread(
+pgp_filter_keys_fileread(pgp_io_t *io,
            pgp_keyring_t *destpubring,
            pgp_keyring_t *destsecring,
            pgp_keyring_t *certring,