gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnutls-dev] [PATCH] Fixing OpenPGP keyring import (again)

From: Ludovic Courtès
Subject: [gnutls-dev] [PATCH] Fixing OpenPGP keyring import (again)
Date: Sun, 13 May 2007 13:00:55 +0200
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) 
Hi,

The patch below (against) `HEAD' fixes OpenPGP keyring import.  It
should also work for ASCII-armored keyrings, although I did not test it
since I did not have ASCII-armored keyrings at hand.  It also adds a
test for this so that we can catch it earlier next time.

Two issues with the test:

  1. For some reason, `check_id ()' doesn't work with the second ID
     that's commented in `keyring.c', although it should.  Actually, I
     have the exact same test in Scheme and that one works.  So there
     must be something fishy going on, but I couldn't find out what.

  2. There's a memory leak in `cdk_keydb_get_pk ()':

     3,466 (24 direct, 3,442 indirect) bytes in 2 blocks are definitely lost in 
loss record 4 of 4
        at 0x401D4B0: malloc (vg_replace_malloc.c:149)
        by 0x420C7F3: (within /usr/lib/libgcrypt.so.11.2.2)
        by 0x420CA60: gcry_malloc (in /usr/lib/libgcrypt.so.11.2.2)
        by 0x420CCDC: gcry_calloc (in /usr/lib/libgcrypt.so.11.2.2)
        by 0x402BBA5: cdk_calloc (main.c:163)
        by 0x402E33A: cdk_kbnode_new (kbnode.c:41)
        by 0x4030758: cdk_keydb_get_keyblock (keydb.c:1715)
        by 0x4031953: cdk_keydb_search (keydb.c:938)
        by 0x40325D7: cdk_keydb_get_pk (keydb.c:1268)
        by 0x4029878: gnutls_openpgp_keyring_check_id (extras.c:103)
        by 0x8048921: doit (keyring.c:163)
        by 0x8048B44: main (utils.c:148)

     Fixing it is left as an exercise to the reader.  :-)

     Also, for some unknown reason, Valgrind doesn't show the above leak
     when just run from `make check'.

Thanks,
Ludovic.

PS: BTW, how's Git going?  :-)


ChangeLog entry:

        * libextra/openpgp/extras.c (gnutls_openpgp_keyring_import):
        Fixed again, for raw keyring import (ASCII keyring import
        untested).

        * configure.in: Added `tests/openpgp/Makefile'.
        * tests/Makefile.am (SUBDIRS): Add `openpgp' when
        `ENABLE_OPENPGP' is true.


--- orig/configure.in
+++ mod/configure.in
@@ -637,7 +637,7 @@
        tests/pkcs1-padding/Makefile tests/pkcs8-decode/Makefile \
        tests/pkcs12-decode/Makefile tests/pathlen/Makefile \
        tests/key-id/Makefile tests/sha2/Makefile \
-       tests/hostname-check/Makefile \
+       tests/hostname-check/Makefile tests/openpgp/Makefile \
        includes/Makefile includes/gnutls/gnutls.h \
        lib/Makefile lib/minitasn1/Makefile lib/x509/Makefile \
        libextra/Makefile libextra/openpgp/Makefile libextra/opencdk/Makefile \


--- orig/libextra/openpgp/extras.c
+++ mod/libextra/openpgp/extras.c
@@ -110,13 +110,14 @@
 }
 
 /**
- * gnutls_openpgp_keyring_import - This function will import a RAW or BASE64 
encoded key
+ * gnutls_openpgp_keyring_import - Import a raw- or Base64-encoded OpenPGP 
keyring
  * @keyring: The structure to store the parsed key.
  * @data: The RAW or BASE64 encoded keyring.
- * @format: One of gnutls_openpgp_keyring_fmt elements.
+ * @format: One of #gnutls_openpgp_keyring_fmt elements.
  *
- * This function will convert the given RAW or Base64 encoded keyring
- * to the native gnutls_openpgp_keyring_t format. The output will be stored in 
'keyring'.
+ * This function will convert the given RAW or Base64 encoded keyring to the
+ * native #gnutls_openpgp_keyring_t format.  The output will be stored in
+ * 'keyring'.
  *
  * Returns 0 on success.
  *
@@ -126,30 +127,53 @@
                               const gnutls_datum_t *data,
                               gnutls_openpgp_key_fmt_t format)
 {
-  int rc;
-  keybox_blob *blob = NULL;
-
+  int rc = 0;
+  cdk_error_t err;
 
-  blob = kbx_read_blob (data, 0);
-  if (!blob)
+  if (format == GNUTLS_OPENPGP_FMT_RAW)
     {
-      gnutls_assert ();
-      return GNUTLS_E_OPENPGP_KEYRING_ERROR;
+      err = cdk_keydb_new (&keyring->db, CDK_DBTYPE_DATA,
+                          data->data, data->size);
+      if (err)
+       {
+         gnutls_assert ();
+         goto leave;
+       }
     }
-
-  keyring->db = kbx_to_keydb (blob);
-  if (!keyring->db)
+  else
     {
-      gnutls_assert ();
-      rc = GNUTLS_E_OPENPGP_KEYRING_ERROR;
-      goto leave;
+      cdk_stream_t input;
+
+      err = cdk_stream_tmp_from_mem (data->data, data->size, &input);
+      if (err)
+       {
+         gnutls_assert ();
+         goto leave;
+       }
+
+      err = cdk_stream_set_armor_flag (input, CDK_ARMOR_MESSAGE);
+      if (err)
+       {
+         cdk_stream_close (input);
+         gnutls_assert ();
+         goto leave;
+       }
+
+      err = cdk_keydb_new_from_stream (&keyring->db, 0, input);
+
+      cdk_stream_close (input);
+
+      if (err)
+       {
+         gnutls_assert ();
+         goto leave;
+       }
     }
 
-  rc = 0;
 
-leave:
-  kbx_blob_release (blob);
+ leave:
+  rc = _gnutls_map_cdk_rc (err);
   return rc;
 }
 
--- orig/tests/Makefile.am
+++ mod/tests/Makefile.am
@@ -21,6 +21,9 @@
 
 SUBDIRS = rsa-md5-collision pkcs1-padding pkcs8-decode pkcs12-decode   \
        userid pathlen key-id sha2 hostname-check
+if ENABLE_OPENPGP
+SUBDIRS += openpgp
+endif
 
 AM_CPPFLAGS = -I$(top_srcdir)/lgl -I$(top_builddir)/lgl                        
\
        -I$(top_srcdir)/gl -I$(top_builddir)/gl                         \


--- /dev/null
+++ 
/home/ludo/src/laas/gnutls/,,address@hidden/new-files-archive/./tests/openpgp/Makefile.am
@@ -0,0 +1,41 @@
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2007 Free Software Foundation
+#
+# Author: Ludovic Courtès.
+#
+# This file is part of GNUTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+openpgp_sources = keyring.c
+
+if ENABLE_OPENPGP
+TESTS_ENVIRONMENT = $(VALGRIND)
+
+TESTS = keyring
+
+check_PROGRAMS = keyring
+
+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes      \
+             -I$(top_srcdir)/tests
+LDADD = -L$(top_builddir)/libextra -lgnutls-extra      \
+        -L$(top_builddir)/lib      -lgnutls            \
+       -L$(top_builddir)/tests    -lutils
+
+else
+
+EXTRA_DIST = $(openpgp_sources)
+
+endif
--- /dev/null
+++ 
/home/ludo/src/laas/gnutls/,,address@hidden/new-files-archive/./tests/openpgp/keyring.c
@@ -0,0 +1,180 @@
+/*
+ * Copyright (C) 2007 Free Software Foundation
+ * Author: Ludovic Courtès
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GNUTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/extra.h>
+#include <gnutls/openpgp.h>
+
+#include "utils.h"
+
+/* A raw-encoded OpenPGP keyring.  This is a copy of (`sha1sum' output):
+   5fdce61bff528070dfabdd237d91be618c353b4e  src/openpgp/cli_ring.gpg  */
+static unsigned char raw_keyring[] =
+  "\231\1\242\4\74\147\225\215\21\4\0\200\261\145\41\213\370\50"
+  "\6\372\157\114\30\13\361\361\117\300\20\56\17\116\25\140\121\55"
+  "\13\277\270\244\32\172\220\133\7\215\104\173\115\65\44\6\303\244"
+  "\330\373\314\36\260\335\277\117\202\343\35\202\37\306\6\77\127\276"
+  "\73\107\366\310\265\244\361\113\276\222\101\165\333\50\252\155\273\303"
+  "\22\40\235\170\224\372\163\173\310\262\326\74\274\237\111\262\216\140"
+  "\374\260\174\136\10\52\363\304\173\215\161\122\336\21\376\130\56\157"
+  "\377\243\372\110\4\137\315\171\170\347\267\25\173\0\240\277\24\237"
+  "\32\311\275\230\132\54\244\235\1\335\21\262\203\223\1\321\337\3"
+  "\375\24\20\257\42\102\31\324\166\234\267\270\125\367\55\74\275\220"
+  "\4\77\365\136\33\156\156\241\33\172\326\225\77\33\54\252\262\135"
+  "\3\347\251\224\24\123\355\101\350\221\40\132\204\317\40\231\51\215"
+  "\271\52\313\16\350\317\174\113\132\62\16\230\42\100\176\52\255\25"
+  "\170\222\304\321\305\323\144\201\366\364\242\145\43\372\244\327\21\270"
+  "\53\260\372\7\107\12\150\160\277\57\200\110\240\247\20\54\234\337"
+  "\114\203\360\335\372\322\342\65\136\65\244\31\64\164\225\251\237\77"
+  "\126\143\214\3\377\153\220\333\134\161\16\21\125\337\126\114\132\7"
+  "\52\364\370\275\370\210\110\103\210\314\241\246\160\26\75\37\51\252"
+  "\354\300\234\213\171\215\173\200\203\42\151\57\146\11\343\16\122\100"
+  "\63\335\102\137\123\203\266\23\313\6\253\362\206\163\41\207\20\347"
+  "\150\71\170\66\36\66\270\363\22\257\322\104\133\142\60\240\206\305"
+  "\235\355\164\212\21\223\73\211\101\113\120\266\361\107\322\30\103\46"
+  "\377\302\101\62\334\100\215\266\62\334\26\63\122\320\214\3\346\306"
+  "\4\156\225\241\356\142\344\264\45\104\162\56\40\127\150\157\40\50"
+  "\116\157\40\143\157\155\155\145\156\164\163\51\40\74\167\150\157\100"
+  "\167\150\157\151\163\56\157\162\147\76\210\135\4\23\21\2\0\35"
+  "\5\2\74\147\225\215\5\11\3\302\147\0\5\13\7\12\3\4"
+  "\3\25\3\2\3\26\2\1\2\27\200\0\12\11\20\65\24\134"
+  "\352\247\331\74\77\226\130\0\237\170\231\313\311\366\351\114\60\173"
+  "\230\70\167\150\4\333\373\103\327\317\157\0\240\244\135\2\220\125"
+  "\63\240\155\313\353\326\311\161\372\35\361\172\145\70\376\231\1\242"
+  "\4\74\112\305\154\21\4\0\347\56\166\266\56\357\251\243\275\131"
+  "\100\223\51\44\30\5\14\2\327\2\235\154\242\6\156\374\64\310"
+  "\140\70\142\174\144\76\261\246\122\247\257\35\67\317\106\374\120\132"
+  "\301\340\306\231\263\170\225\264\274\263\345\65\101\377\332\107\146\326"
+  "\26\214\53\212\257\326\253\42\106\155\6\321\200\64\325\332\306\230"
+  "\346\231\73\245\263\120\377\202\56\34\330\160\52\165\21\116\213\163"
+  "\246\260\234\263\271\74\344\115\273\121\154\233\265\371\133\266\146\30"
+  "\206\2\240\241\104\162\66\300\145\217\0\240\217\133\136\170\330\137"
+  "\171\54\302\7\57\224\164\144\127\46\373\115\223\163\3\376\65\170"
+  "\326\211\326\140\156\221\30\351\371\247\4\53\226\74\362\77\75\217"
+  "\23\167\242\163\300\360\227\115\277\104\263\312\274\276\24\335\144\101"
+  "\45\125\206\76\71\251\306\47\146\55\167\254\66\146\52\344\111\171"
+  "\54\62\142\323\361\56\230\62\247\126\123\11\326\173\240\256\115\362"
+  "\137\136\332\11\67\5\152\325\276\211\364\6\236\275\176\307\154\344"
+  "\62\104\35\365\325\57\377\320\155\71\345\366\36\66\224\173\151\212"
+  "\167\313\142\253\201\344\244\22\53\371\5\6\161\331\224\154\206\136"
+  "\4\0\320\141\103\172\226\115\336\61\210\30\302\262\115\340\10\346"
+  "\0\226\266\15\270\246\204\270\132\203\215\21\237\311\60\61\30\211"
+  "\255\127\243\271\47\364\110\370\116\262\123\306\43\355\247\73\102\377"
+  "\170\274\346\72\152\123\35\165\246\114\350\124\5\23\200\216\237\133"
+  "\20\316\7\135\64\27\270\1\26\111\30\261\61\323\124\114\207\145"
+  "\250\354\271\227\37\141\240\237\307\75\120\230\6\20\153\131\167\322"
+  "\21\313\16\35\4\320\355\226\274\350\233\256\217\163\330\0\260\122"
+  "\23\234\277\215\264\111\117\160\145\156\103\104\113\40\164\145\163\164"
+  "\40\153\145\171\40\50\117\156\154\171\40\151\156\164\145\156\144\145"
+  "\144\40\146\157\162\40\164\145\163\164\40\160\165\162\160\157\163\145"
+  "\163\41\51\40\74\157\160\145\156\143\144\153\100\146\157\157\55\142"
+  "\141\162\56\157\162\147\76\210\142\4\23\21\2\0\32\5\2\74"
+  "\112\305\154\5\13\7\12\3\4\3\25\3\2\3\26\2\1\2"
+  "\36\1\2\27\200\0\22\11\20\275\127\54\334\314\300\174\65\7"
+  "\145\107\120\107\0\1\1\201\301\0\234\16\22\215\216\324\104\174"
+  "\155\313\316\141\120\331\315\206\342\15\204\131\245\0\237\146\201\146"
+  "\54\200\306\252\317\35\55\53\302\4\360\202\376\200\323\333\244\271"
+  "\1\15\4\74\112\305\157\20\4\0\342\1\126\122\140\151\320\147"
+  "\322\117\115\161\346\323\206\130\340\213\343\277\44\154\32\334\340\215"
+  "\266\234\330\324\131\301\355\63\127\70\101\7\230\165\132\375\267\237"
+  "\27\227\317\2\56\160\307\226\17\22\312\150\226\322\174\375\44\241"
+  "\34\323\26\335\341\373\314\36\246\25\305\303\37\354\145\156\106\160"
+  "\170\310\165\374\120\233\36\313\231\310\265\154\55\207\134\120\342\1"
+  "\213\133\17\243\170\140\156\266\102\132\45\63\203\17\125\375\41\326"
+  "\111\1\126\25\324\232\35\11\351\121\17\137\0\3\5\4\0\320"
+  "\275\255\344\4\62\165\206\165\310\175\7\60\303\140\230\24\147\272"
+  "\341\276\266\314\20\132\74\37\66\153\375\276\241\56\67\204\126\121"
+  "\62\70\270\255\101\116\122\242\251\146\35\35\361\333\153\265\363\77"
+  "\151\6\26\141\7\125\154\201\62\44\63\13\60\223\55\267\310\314"
+  "\202\45\147\55\172\342\112\362\106\227\120\345\71\266\141\352\144\165"
+  "\322\340\74\330\323\203\215\304\250\254\112\375\41\65\66\376\76\226"
+  "\354\235\12\352\145\26\113\127\156\1\263\172\215\312\211\362\262\127"
+  "\320\210\116\4\30\21\2\0\6\5\2\74\112\305\157\0\22\11"
+  "\20\275\127\54\334\314\300\174\65\7\145\107\120\107\0\1\1\165"
+  "\146\0\237\140\36\37\231\340\260\174\167\346\177\76\354\241\341\237"
+  "\224\143\323\163\147\0\237\152\306\236\264\21\232\157\373\364\111\347"
+  "\321\124\330\56\5\324\10\141\333";
+
+/* The ID of a key known to be in the above keyring.  */
+static const unsigned char id_in_keyring[8] =
+  /* "Dr. Who", first key in the keyring */
+  { 0x35, 0x14, 0x5c, 0xea,
+    0xa7, 0xd9, 0x3c, 0x3f };
+/*   { 0xbd, 0x57, 0x2c, 0xdc, */
+/*     0xcc, 0xc0, 0x7c, 0x35 }; */
+
+static const unsigned char id_not_in_keyring[8] =
+  { 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00 };
+
+
+void
+doit (void)
+{
+  int ret;
+  gnutls_openpgp_keyring_t keyring;
+  gnutls_datum_t data;
+
+  ret = gnutls_global_init ();
+  if (ret < 0)
+    fail ("init %d\n", ret);
+
+  ret = gnutls_global_init_extra ();
+  if (ret < 0)
+    fail ("extra-init %d\n", ret);
+
+  ret = gnutls_openpgp_keyring_init (&keyring);
+  if (ret < 0)
+    fail ("keyring-init %d\n", ret);
+
+
+  data.data = raw_keyring;
+  data.size = sizeof (raw_keyring);
+  ret = gnutls_openpgp_keyring_import (keyring, &data,
+                                      GNUTLS_OPENPGP_FMT_RAW);
+
+  if (ret < 0)
+    fail ("keyring-import %d\n", ret);
+
+  ret = gnutls_openpgp_keyring_check_id (keyring, id_not_in_keyring, 0);
+  if (ret == 0)
+    fail ("keyring-check-id (not-in-keyring) %d\n", ret);
+
+  ret = gnutls_openpgp_keyring_check_id (keyring, id_in_keyring, 0);
+  if (ret != 0)
+    fail ("keyring-check-id %d\n", ret);
+
+  success ("done\n");
+
+  gnutls_openpgp_keyring_deinit (keyring);
+  gnutls_global_deinit ();
+}
+
+/* Local Variables:
+   coding: latin-1
+   End:
+ */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]