aboutsummaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
Diffstat (limited to 'g10')
-rw-r--r--g10/ChangeLog13
-rw-r--r--g10/getkey.c17
2 files changed, 25 insertions, 5 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 8580977d9..6ced690c6 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,16 @@
+2003-12-10 David Shaw <[email protected]>
+
+ * getkey.c (get_pubkey_fast): This one is sort of obscure.
+ get_pubkey_fast returns the primary key when requesting a subkey,
+ so if a user has a key signed by a subkey (we don't do this, but
+ used to), AND that key is not self-signed, AND the algorithm of
+ the subkey in question is not present in GnuPG, AND the algorithm
+ of the primary key that owns the subkey in question is present in
+ GnuPG, then we will try and verify the subkey signature using the
+ primary key algorithm and hit a BUG(). The fix is to not return a
+ hit if the keyid is not the primary. All other users of
+ get_pubkey_fast already expect a primary only.
+
2003-12-04 David Shaw <[email protected]>
* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
diff --git a/g10/getkey.c b/g10/getkey.c
index 684e617d4..cfa65af3f 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -375,13 +375,15 @@ get_pubkey( PKT_public_key *pk, u32 *keyid )
/* Get a public key and store it into the allocated pk. This function
differs from get_pubkey() in that it does not do a check of the key
- to avoid recursion. It should be used only in very certain cases. */
+ to avoid recursion. It should be used only in very certain cases.
+ It will only retrieve primary keys. */
int
get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
{
int rc = 0;
KEYDB_HANDLE hd;
KBNODE keyblock;
+ u32 pkid[2];
assert (pk);
#if MAX_PK_CACHE_ENTRIES
@@ -414,20 +416,25 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
return G10ERR_NO_PUBKEY;
}
-
+
assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
|| keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
- copy_public_key (pk, keyblock->pkt->pkt.public_key );
+
+ keyid_from_pk(keyblock->pkt->pkt.public_key,pkid);
+ if(keyid[0]==pkid[0] && keyid[1]==pkid[1])
+ copy_public_key (pk, keyblock->pkt->pkt.public_key );
+ else
+ rc=G10ERR_NO_PUBKEY;
+
release_kbnode (keyblock);
/* Not caching key here since it won't have all of the fields
properly set. */
- return 0;
+ return rc;
}
-
KBNODE
get_pubkeyblock( u32 *keyid )
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 16:21:53 +0000