From a630a1e3e74c926163864b013cb164b4cd1866fc Mon Sep 17 00:00:00 2001 From: Andre Heinecke Date: Thu, 15 Mar 2018 15:58:32 +0100 Subject: [PATCH 1/4] core: Parse skipped_v3_keys * src/gpgme.h.in (gpgme_import_result_t): Extend with skipped_v3_keys. * src/import.c (gpgme_op_import_result): Extend debug with new field. (parse_import_res): Parse skipped_v3_keys. * tests/gpg/t-support.h, tests/run-support.h (print_import_result): Print skipped_v3_keys. -- This makes it possible to handle this in a GUI in a future version. GnuPG-Bug-Id: T3776 --- NEWS | 2 +- src/gpgme.h.in | 3 +++ src/import.c | 9 +++++++-- tests/gpg/t-support.h | 6 ++++-- tests/run-support.h | 6 ++++-- 5 files changed, 19 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 1a342b18..c172697c 100644 --- a/NEWS +++ b/NEWS @@ -3,10 +3,10 @@ Noteworthy changes in version 1.10.1 (unreleased) * Interface changes relative to the 1.10.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gpgme_import_result_t EXTENDED: New field 'skipped_v3_keys' cpp: Key::locate NEW. cpp: Data::toString NEW. - Noteworthy changes in version 1.10.0 (2017-12-12) ------------------------------------------------- diff --git a/src/gpgme.h.in b/src/gpgme.h.in index ff80023e..73f2c94c 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1637,6 +1637,9 @@ struct _gpgme_op_import_result /* Number of keys not imported. */ int not_imported; + /* Number of v3 keys skipped. */ + int skipped_v3_keys; + /* List of keys for which an import was attempted. */ gpgme_import_status_t imports; }; diff --git a/src/import.c b/src/import.c index 386ca722..f0d9d9fa 100644 --- a/src/import.c +++ b/src/import.c @@ -94,8 +94,9 @@ gpgme_op_import_result (gpgme_ctx_t ctx) TRACE_LOG3 ("%i secret keys, %i imported, %i unchanged", opd->result.secret_read, opd->result.secret_imported, opd->result.secret_unchanged); - TRACE_LOG2 ("%i skipped new keys, %i not imported", - opd->result.skipped_new_keys, opd->result.not_imported); + TRACE_LOG3 ("%i skipped new keys, %i not imported, %i v3 skipped", + opd->result.skipped_new_keys, opd->result.not_imported, + opd->result.skipped_v3_keys); impstat = opd->result.imports; i = 0; @@ -212,6 +213,10 @@ parse_import_res (char *args, gpgme_import_result_t result) PARSE_NEXT (result->secret_unchanged); PARSE_NEXT (result->skipped_new_keys); PARSE_NEXT (result->not_imported); + if (args && *args) + { + PARSE_NEXT (result->skipped_v3_keys); + } return 0; } diff --git a/tests/gpg/t-support.h b/tests/gpg/t-support.h index f6dec682..ef5766a3 100644 --- a/tests/gpg/t-support.h +++ b/tests/gpg/t-support.h @@ -196,7 +196,8 @@ print_import_result (gpgme_import_result_t r) " secret imported: %d\n" " secret unchanged: %d\n" " skipped new keys: %d\n" - " not imported: %d\n", + " not imported: %d\n" + " skipped v3 keys: %d\n", r->considered, r->no_user_id, r->imported, @@ -210,6 +211,7 @@ print_import_result (gpgme_import_result_t r) r->secret_imported, r->secret_unchanged, r->skipped_new_keys, - r->not_imported); + r->not_imported, + r->skipped_v3_keys); } diff --git a/tests/run-support.h b/tests/run-support.h index 6a2170b0..6c713a9a 100644 --- a/tests/run-support.h +++ b/tests/run-support.h @@ -177,7 +177,8 @@ print_import_result (gpgme_import_result_t r) " secret imported: %d\n" " secret unchanged: %d\n" " skipped new keys: %d\n" - " not imported: %d\n", + " not imported: %d\n" + " skipped v3 keys: %d\n", r->considered, r->no_user_id, r->imported, @@ -191,6 +192,7 @@ print_import_result (gpgme_import_result_t r) r->secret_imported, r->secret_unchanged, r->skipped_new_keys, - r->not_imported); + r->not_imported, + r->skipped_v3_keys); } From ad95288d3b3efc38998841add4fe658c84701f98 Mon Sep 17 00:00:00 2001 From: Andre Heinecke Date: Thu, 15 Mar 2018 16:21:00 +0100 Subject: [PATCH 2/4] cpp: Expose skipped_v3_keys * lang/cpp/src/importresult.cpp, lang/cpp/src/importresult.h (ImportResult::numV3KeysSkipped): New. -- GnuPG-Bug-Id: T3776 --- NEWS | 1 + lang/cpp/src/importresult.cpp | 5 +++++ lang/cpp/src/importresult.h | 1 + 3 files changed, 7 insertions(+) diff --git a/NEWS b/NEWS index c172697c..7b6fdd9c 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,7 @@ Noteworthy changes in version 1.10.1 (unreleased) gpgme_import_result_t EXTENDED: New field 'skipped_v3_keys' cpp: Key::locate NEW. cpp: Data::toString NEW. + cpp: ImportResult::numV3KeysSkipped NEW. Noteworthy changes in version 1.10.0 (2017-12-12) ------------------------------------------------- diff --git a/lang/cpp/src/importresult.cpp b/lang/cpp/src/importresult.cpp index 8c35f9cc..dbb31d05 100644 --- a/lang/cpp/src/importresult.cpp +++ b/lang/cpp/src/importresult.cpp @@ -154,6 +154,11 @@ int GpgME::ImportResult::notImported() const return d ? d->res.not_imported : 0 ; } +int GpgME::ImportResult::numV3KeysSkipped() const +{ + return d ? d->res.skipped_v3_keys : 0 ; +} + GpgME::Import GpgME::ImportResult::import(unsigned int idx) const { return Import(d, idx); diff --git a/lang/cpp/src/importresult.h b/lang/cpp/src/importresult.h index 2f0e7f20..05476796 100644 --- a/lang/cpp/src/importresult.h +++ b/lang/cpp/src/importresult.h @@ -78,6 +78,7 @@ public: int numSecretKeysUnchanged() const; int notImported() const; + int numV3KeysSkipped() const; Import import(unsigned int idx) const; std::vector imports() const; From 9e1e6554834d0e803dd0889deaef4f11047c7e47 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 20 Mar 2018 10:34:56 +0100 Subject: [PATCH 3/4] core: Fix ABI regression in recent commit. * src/gpgme.h.in (_gpgme_op_import_result): Move new field 'skipped_v3_keys' to the end. -- The ABI break has not made it into a release. Also document the new field. Fixes-commit: a630a1e3e74c926163864b013cb164b4cd1866fc Signed-off-by: Werner Koch --- doc/gpgme.texi | 6 ++++++ src/gpgme.h.in | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/doc/gpgme.texi b/doc/gpgme.texi index cd7bb4ba..37cf16ac 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -4811,6 +4811,12 @@ The number of keys not imported. @item gpgme_import_status_t imports A list of gpgme_import_status_t objects which contain more information about the keys for which an import was attempted. + +@item int skipped_v3_keys +For security reasons modern versions of GnuPG do not anymore support +v3 keys (created with PGP 2.x) and ignores them on import. This +counter provides the number of such skipped v3 keys. + @end table @end deftp diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 73f2c94c..e3198798 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1637,11 +1637,11 @@ struct _gpgme_op_import_result /* Number of keys not imported. */ int not_imported; - /* Number of v3 keys skipped. */ - int skipped_v3_keys; - /* List of keys for which an import was attempted. */ gpgme_import_status_t imports; + + /* Number of v3 keys skipped. */ + int skipped_v3_keys; }; typedef struct _gpgme_op_import_result *gpgme_import_result_t; From 343d3e2232a22d0999e1693f0f95e5e290005829 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 20 Mar 2018 10:41:18 +0100 Subject: [PATCH 4/4] core: Do not clobber R_KEY in gpgme_get_key on error. * src/keylist.c (gpgme_get_key): Assign a value to the return parameter only on success. -- This problem could be triggered by an ambiguous key. The problem is that the key returned in that case is for one not expected and worse it has not been ref-ed. Signed-off-by: Werner Koch --- src/keylist.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/keylist.c b/src/keylist.c index 24a9b0b3..7956935b 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -1261,7 +1261,7 @@ gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, gpgme_key_t *r_key, { gpgme_ctx_t listctx; gpgme_error_t err; - gpgme_key_t key; + gpgme_key_t result, key; TRACE_BEG2 (DEBUG_CTX, "gpgme_get_key", ctx, "fpr=%s, secret=%i", fpr, secret); @@ -1295,7 +1295,7 @@ gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, gpgme_key_t *r_key, err = gpgme_op_keylist_start (listctx, fpr, secret); if (!err) - err = gpgme_op_keylist_next (listctx, r_key); + err = gpgme_op_keylist_next (listctx, &result); if (!err) { try_next_key: @@ -1305,9 +1305,9 @@ gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, gpgme_key_t *r_key, else { if (!err - && *r_key && (*r_key)->subkeys && (*r_key)->subkeys->fpr + && result && result->subkeys && result->subkeys->fpr && key && key->subkeys && key->subkeys->fpr - && !strcmp ((*r_key)->subkeys->fpr, key->subkeys->fpr)) + && !strcmp (result->subkeys->fpr, key->subkeys->fpr)) { /* The fingerprint is identical. We assume that this is the same key and don't mark it as an ambiguous. This @@ -1323,12 +1323,14 @@ gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, gpgme_key_t *r_key, gpgme_key_unref (key); err = gpg_error (GPG_ERR_AMBIGUOUS_NAME); } - gpgme_key_unref (*r_key); + gpgme_key_unref (result); + result = NULL; } } gpgme_release (listctx); if (! err) { + *r_key = result; TRACE_LOG2 ("key=%p (%s)", *r_key, ((*r_key)->subkeys && (*r_key)->subkeys->fpr) ? (*r_key)->subkeys->fpr : "invalid");