1 /* parse-packet.c - read packets
2 * Copyright (C) 1998-2007, 2009-2010 Free Software Foundation, Inc.
3 * Copyright (C) 2014, 2018 Werner Koch
4 * Copyright (C) 2015 g10 Code GmbH
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
20 * SPDX-License-Identifier: GPL-3.0+
29 #include "../common/util.h"
31 #include "../common/iobuf.h"
36 #include "../common/i18n.h"
37 #include "../common/host2net.h"
38 #include "../common/mbox-util.h"
41 static int mpi_print_mode;
43 static estream_t listfp;
45 /* A linked list of known notation names. Note that the FLAG is used
46 * to store the length of the name to speed up the check. */
47 static strlist_t known_notations_list;
50 static int parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts,
51 off_t * retpos, int *skip, IOBUF out, int do_skip
52 #if DEBUG_PARSE_PACKET
53 , const char *dbg_w, const char *dbg_f, int dbg_l
56 static int copy_packet (IOBUF inp, IOBUF out, int pkttype,
57 unsigned long pktlen, int partial);
58 static void skip_packet (IOBUF inp, int pkttype,
59 unsigned long pktlen, int partial);
60 static void *read_rest (IOBUF inp, size_t pktlen);
61 static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen);
62 static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
64 static int parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
66 static int parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
67 PKT_onepass_sig * ops);
68 static int parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
69 byte * hdr, int hdrlen, PACKET * packet);
70 static int parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen,
72 static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
74 static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen,
76 static gpg_error_t parse_ring_trust (parse_packet_ctx_t ctx,
77 unsigned long pktlen);
78 static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
79 PACKET * packet, int new_ctb, int partial);
80 static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
81 PACKET * packet, int new_ctb);
82 static int parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
83 PACKET * packet, int new_ctb, int partial);
84 static gpg_error_t parse_encrypted_aead (IOBUF inp, int pkttype,
85 unsigned long pktlen, PACKET *packet,
87 static int parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
88 PACKET * packet, int new_ctb);
89 static int parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
90 PACKET * packet, int partial);
92 /* Read a 16-bit value in MSB order (big endian) from an iobuf. */
97 a = (unsigned short)iobuf_get_noeof (inp) << 8;
98 a |= iobuf_get_noeof (inp);
103 /* Read a 32-bit value in MSB order (big endian) from an iobuf. */
108 a = (unsigned long)iobuf_get_noeof (inp) << 24;
109 a |= iobuf_get_noeof (inp) << 16;
110 a |= iobuf_get_noeof (inp) << 8;
111 a |= iobuf_get_noeof (inp);
116 /* Read an external representation of an MPI and return the MPI. The
117 external format is a 16-bit unsigned value stored in network byte
118 order giving the number of bits for the following integer. The
119 integer is stored MSB first and is left padded with zero bits to
120 align on a byte boundary.
122 The caller must set *RET_NREAD to the maximum number of bytes to
123 read from the pipeline INP. This function sets *RET_NREAD to be
124 the number of bytes actually read from the pipeline.
126 If SECURE is true, the integer is stored in secure memory
127 (allocated using gcry_xmalloc_secure). */
129 mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
132 unsigned int nmax = *ret_nread;
133 unsigned int nbits, nbytes;
142 if ((c = c1 = iobuf_get (inp)) == -1)
147 if ((c = c2 = iobuf_get (inp)) == -1)
151 if (nbits > MAX_EXTERN_MPI_BITS)
153 log_error ("mpi too large (%u bits)\n", nbits);
157 nbytes = (nbits + 7) / 8;
158 buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
162 for (i = 0; i < nbytes; i++)
175 if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
183 log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
191 /* Read an external representation of an SOS and return the opaque MPI
192 with GCRYMPI_FLAG_USER2. The external format is a 16-bit unsigned
193 value stored in network byte order giving information for the
196 The caller must set *RET_NREAD to the maximum number of bytes to
197 read from the pipeline INP. This function sets *RET_NREAD to be
198 the number of bytes actually read from the pipeline.
200 If SECURE is true, the integer is stored in secure memory
201 (allocated using gcry_xmalloc_secure). */
203 sos_read (iobuf_t inp, unsigned int *ret_nread, int secure)
206 unsigned int nmax = *ret_nread;
207 unsigned int nbits, nbytes;
216 if ((c = c1 = iobuf_get (inp)) == -1)
221 if ((c = c2 = iobuf_get (inp)) == -1)
225 if (nbits > MAX_EXTERN_MPI_BITS)
227 log_error ("mpi too large (%u bits)\n", nbits);
231 nbytes = (nbits + 7) / 8;
232 buf = secure ? gcry_xmalloc_secure (nbytes) : gcry_xmalloc (nbytes);
234 for (i = 0; i < nbytes; i++)
247 a = gcry_mpi_set_opaque (NULL, buf, nbits);
248 gcry_mpi_set_flag (a, GCRYMPI_FLAG_USER2);
253 log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
261 /* Register STRING as a known critical notation name. */
263 register_known_notation (const char *string)
267 if (!known_notations_list)
269 sl = add_to_strlist (&known_notations_list,
270 "preferred-email-encoding@pgp.com");
271 sl->flags = 32; /* Length of the string. */
274 return; /* Only initialized the default known notations. */
276 /* In --set-notation we use an exclamation mark to indicate a
277 * critical notation. As a convenience skip this here. */
281 if (!*string || strlist_find (known_notations_list, string))
282 return; /* Empty string or already registered. */
284 sl = add_to_strlist (&known_notations_list, string);
285 sl->flags = strlen (string);
290 set_packet_list_mode (int mode)
295 /* We use stdout only if invoked by the --list-packets command
296 but switch to stderr in all other cases. This breaks the
297 previous behaviour but that seems to be more of a bug than
298 intentional. I don't believe that any application makes use of
299 this long standing annoying way of printing to stdout except when
300 doing a --list-packets. If this assumption fails, it will be easy
301 to add an option for the listing stream. Note that we initialize
302 it only once; mainly because there is code which switches
303 opt.list_mode back to 1 and we want to have all output to the
304 same stream. The MPI_PRINT_MODE will be enabled if the
305 corresponding debug flag is set or if we are in --list-packets
306 and --verbose is given.
308 Using stderr is not actually very clean because it bypasses the
309 logging code but it is a special thing anyway. I am not sure
310 whether using log_stream() would be better. Perhaps we should
311 enable the list mode only with a special option. */
314 if (opt.list_packets)
330 /* If OPT.VERBOSE is set, print a warning that the algorithm ALGO is
331 not suitable for signing and encryption. */
333 unknown_pubkey_warning (int algo)
335 static byte unknown_pubkey_algos[256];
337 /* First check whether the algorithm is usable but not suitable for
338 encryption/signing. */
339 if (pubkey_get_npkey (algo))
341 if (opt.verbose && !glo_ctrl.silence_parse_warnings)
343 if (!pubkey_get_nsig (algo))
344 log_info ("public key algorithm %s not suitable for %s\n",
345 openpgp_pk_algo_name (algo), "signing");
346 if (!pubkey_get_nenc (algo))
347 log_info ("public key algorithm %s not suitable for %s\n",
348 openpgp_pk_algo_name (algo), "encryption");
354 if (!unknown_pubkey_algos[algo])
356 if (opt.verbose && !glo_ctrl.silence_parse_warnings)
357 log_info (_("can't handle public key algorithm %d\n"), algo);
358 unknown_pubkey_algos[algo] = 1;
364 #if DEBUG_PARSE_PACKET
366 dbg_parse_packet (parse_packet_ctx_t ctx, PACKET *pkt,
367 const char *dbg_f, int dbg_l)
373 rc = parse (ctx, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l);
375 while (skip && ! rc);
378 #else /*!DEBUG_PARSE_PACKET*/
380 parse_packet (parse_packet_ctx_t ctx, PACKET *pkt)
386 rc = parse (ctx, pkt, 0, NULL, &skip, NULL, 0);
388 while (skip && ! rc);
391 #endif /*!DEBUG_PARSE_PACKET*/
395 * Like parse packet, but only return secret or public (sub)key
398 #if DEBUG_PARSE_PACKET
400 dbg_search_packet (parse_packet_ctx_t ctx, PACKET *pkt,
401 off_t * retpos, int with_uid,
402 const char *dbg_f, int dbg_l)
408 rc = parse (ctx, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search",
411 while (skip && ! rc);
414 #else /*!DEBUG_PARSE_PACKET*/
416 search_packet (parse_packet_ctx_t ctx, PACKET *pkt,
417 off_t * retpos, int with_uid)
423 rc = parse (ctx, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0);
425 while (skip && ! rc);
428 #endif /*!DEBUG_PARSE_PACKET*/
432 * Copy all packets from INP to OUT, thereby removing unused spaces.
434 #if DEBUG_PARSE_PACKET
436 dbg_copy_all_packets (iobuf_t inp, iobuf_t out, const char *dbg_f, int dbg_l)
439 struct parse_packet_ctx_s parsectx;
443 log_bug ("copy_all_packets: OUT may not be NULL.\n");
445 init_parse_packet (&parsectx, inp);
453 parse (&parsectx, &pkt, 0, NULL, &skip, out, 0, "copy",
456 deinit_parse_packet (&parsectx);
460 #else /*!DEBUG_PARSE_PACKET*/
462 copy_all_packets (iobuf_t inp, iobuf_t out)
465 struct parse_packet_ctx_s parsectx;
469 log_bug ("copy_all_packets: OUT may not be NULL.\n");
471 init_parse_packet (&parsectx, inp);
477 while (!(rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0)));
479 deinit_parse_packet (&parsectx);
483 #endif /*!DEBUG_PARSE_PACKET*/
487 * Copy some packets from INP to OUT, thereby removing unused spaces.
488 * Stop at offset STOPoff (i.e. don't copy packets at this or later
491 #if DEBUG_PARSE_PACKET
493 dbg_copy_some_packets (iobuf_t inp, iobuf_t out, off_t stopoff,
494 const char *dbg_f, int dbg_l)
499 struct parse_packet_ctx_s parsectx;
501 init_parse_packet (&parsectx, inp);
505 if (iobuf_tell (inp) >= stopoff)
507 deinit_parse_packet (&parsectx);
512 while (!(rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0,
513 "some", dbg_f, dbg_l)));
515 deinit_parse_packet (&parsectx);
519 #else /*!DEBUG_PARSE_PACKET*/
521 copy_some_packets (iobuf_t inp, iobuf_t out, off_t stopoff)
525 struct parse_packet_ctx_s parsectx;
528 init_parse_packet (&parsectx, inp);
532 if (iobuf_tell (inp) >= stopoff)
534 deinit_parse_packet (&parsectx);
539 while (!(rc = parse (&parsectx, &pkt, 0, NULL, &skip, out, 0)));
541 deinit_parse_packet (&parsectx);
545 #endif /*!DEBUG_PARSE_PACKET*/
549 * Skip over N packets
551 #if DEBUG_PARSE_PACKET
553 dbg_skip_some_packets (iobuf_t inp, unsigned n, const char *dbg_f, int dbg_l)
558 struct parse_packet_ctx_s parsectx;
560 init_parse_packet (&parsectx, inp);
562 for (; n && !rc; n--)
565 rc = parse (&parsectx, &pkt, 0, NULL, &skip, NULL, 1, "skip",
569 deinit_parse_packet (&parsectx);
573 #else /*!DEBUG_PARSE_PACKET*/
575 skip_some_packets (iobuf_t inp, unsigned int n)
580 struct parse_packet_ctx_s parsectx;
582 init_parse_packet (&parsectx, inp);
584 for (; n && !rc; n--)
587 rc = parse (&parsectx, &pkt, 0, NULL, &skip, NULL, 1);
590 deinit_parse_packet (&parsectx);
594 #endif /*!DEBUG_PARSE_PACKET*/
597 /* Parse a packet and save it in *PKT.
599 If OUT is not NULL and the packet is valid (its type is not 0),
600 then the header, the initial length field and the packet's contents
601 are written to OUT. In this case, the packet is not saved in *PKT.
603 ONLYKEYPKTS is a simple packet filter. If ONLYKEYPKTS is set to 1,
604 then only public subkey packets, public key packets, private subkey
605 packets and private key packets are parsed. The rest are skipped
606 (i.e., the header and the contents are read from the pipeline and
607 discarded). If ONLYKEYPKTS is set to 2, then in addition to the
608 above 4 types of packets, user id packets are also accepted.
610 DO_SKIP is a more coarse grained filter. Unless ONLYKEYPKTS is set
611 to 2 and the packet is a user id packet, all packets are skipped.
613 Finally, if a packet is invalid (it's type is 0), it is skipped.
615 If a packet is skipped and SKIP is not NULL, then *SKIP is set to
618 Note: ONLYKEYPKTS and DO_SKIP are only respected if OUT is NULL,
619 i.e., the packets are not simply being copied.
621 If RETPOS is not NULL, then the position of CTX->INP (as returned by
622 iobuf_tell) is saved there before any data is read from CTX->INP.
625 parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos,
626 int *skip, IOBUF out, int do_skip
627 #if DEBUG_PARSE_PACKET
628 , const char *dbg_w, const char *dbg_f, int dbg_l
634 int c, ctb, pkttype, lenbytes;
635 unsigned long pktlen;
638 int new_ctb = 0, partial = 0;
639 int with_uid = (onlykeypkts == 2);
646 log_assert (!pkt->pkt.generic);
647 if (retpos || list_mode)
649 pos = iobuf_tell (inp);
654 pos = 0; /* (silence compiler warning) */
656 /* The first byte of a packet is the so-called tag. The highest bit
658 if ((ctb = iobuf_get (inp)) == -1)
668 log_error ("%s: invalid packet (ctb=%02x)\n", iobuf_where (inp), ctb);
669 rc = gpg_error (GPG_ERR_INV_PACKET);
673 /* Immediately following the header is the length. There are two
674 formats: the old format and the new format. If bit 6 (where the
675 least significant bit is bit 0) is set in the tag, then we are
676 dealing with a new format packet. Otherwise, it is an old format
679 new_ctb = !!(ctb & 0x40);
682 /* Get the packet's type. This is encoded in the 6 least
683 significant bits of the tag. */
684 pkttype = ctb & 0x3f;
686 /* Extract the packet's length. New format packets have 4 ways
687 to encode the packet length. The value of the first byte
688 determines the encoding and partially determines the length.
689 See section 4.2.2 of RFC 4880 for details. */
690 if ((c = iobuf_get (inp)) == -1)
692 log_error ("%s: 1st length byte missing\n", iobuf_where (inp));
693 rc = gpg_error (GPG_ERR_INV_PACKET);
703 pktlen = (c - 192) * 256;
704 if ((c = iobuf_get (inp)) == -1)
706 log_error ("%s: 2nd length byte missing\n",
708 rc = gpg_error (GPG_ERR_INV_PACKET);
719 for (i = 0; i < 4; i ++)
721 if ((c = iobuf_get (inp)) == -1)
723 log_error ("%s: 4 byte length invalid\n", iobuf_where (inp));
724 rc = gpg_error (GPG_ERR_INV_PACKET);
727 value[i] = hdr[hdrlen++] = c;
730 pktlen = buf32_to_ulong (value);
732 else /* Partial body length. */
738 case PKT_ENCRYPTED_MDC:
739 case PKT_ENCRYPTED_AEAD:
741 iobuf_set_partial_body_length_mode (inp, c & 0xff);
742 pktlen = 0; /* To indicate partial length. */
747 log_error ("%s: partial length invalid for"
748 " packet type %d\n", iobuf_where (inp), pkttype);
749 rc = gpg_error (GPG_ERR_INV_PACKET);
756 /* This is an old format packet. */
758 /* Extract the packet's type. This is encoded in bits 2-5. */
759 pkttype = (ctb >> 2) & 0xf;
761 /* The type of length encoding is encoded in bits 0-1 of the
763 lenbytes = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
766 pktlen = 0; /* Don't know the value. */
767 /* This isn't really partial, but we can treat it the same
768 in a "read until the end" sort of way. */
770 if (pkttype != PKT_ENCRYPTED && pkttype != PKT_PLAINTEXT
771 && pkttype != PKT_COMPRESSED)
773 log_error ("%s: indeterminate length for invalid"
774 " packet type %d\n", iobuf_where (inp), pkttype);
775 rc = gpg_error (GPG_ERR_INV_PACKET);
781 for (; lenbytes; lenbytes--)
787 log_error ("%s: length invalid\n", iobuf_where (inp));
788 rc = gpg_error (GPG_ERR_INV_PACKET);
791 pktlen |= hdr[hdrlen++] = c;
796 /* Sometimes the decompressing layer enters an error state in which
797 it simply outputs 0xff for every byte read. If we have a stream
798 of 0xff bytes, then it will be detected as a new format packet
799 with type 63 and a 4-byte encoded length that is 4G-1. Since
800 packets with type 63 are private and we use them as a control
801 packet, which won't be 4 GB, we reject such packets as
803 if (pkttype == 63 && pktlen == 0xFFFFFFFF)
805 /* With some probability this is caused by a problem in the
806 * the uncompressing layer - in some error cases it just loops
807 * and spits out 0xff bytes. */
808 log_error ("%s: garbled packet detected\n", iobuf_where (inp));
814 /* This type of copying won't work if the packet uses a partial
815 body length. (In other words, this only works if HDR is
816 actually the length.) Currently, no callers require this
817 functionality so we just log this as an error. */
820 log_error ("parse: Can't copy partial packet. Aborting.\n");
821 rc = gpg_error (GPG_ERR_INV_PACKET);
825 rc = iobuf_write (out, hdr, hdrlen);
827 rc = copy_packet (inp, out, pkttype, pktlen, partial);
831 if (with_uid && pkttype == PKT_USER_ID)
832 /* If ONLYKEYPKTS is set to 2, then we never skip user id packets,
833 even if DO_SKIP is set. */
836 /* type==0 is not allowed. This is an invalid packet. */
838 /* When ONLYKEYPKTS is set, we don't skip keys. */
839 || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
840 && pkttype != PKT_PUBLIC_KEY
841 && pkttype != PKT_SECRET_SUBKEY && pkttype != PKT_SECRET_KEY))
843 iobuf_skip_rest (inp, pktlen, partial);
851 #if DEBUG_PARSE_PACKET
852 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
853 iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "",
854 dbg_w, dbg_f, dbg_l);
856 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s\n",
857 iobuf_id (inp), pkttype, pktlen,
858 new_ctb ? " (new_ctb)" : "");
863 es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
864 (unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
865 partial? (new_ctb ? " partial" : " indeterminate") :"",
866 new_ctb? " new-ctb":"");
869 ctx->n_parsed_packets++;
871 pkt->pkttype = pkttype;
872 rc = GPG_ERR_UNKNOWN_PACKET; /* default error */
876 case PKT_PUBLIC_SUBKEY:
878 case PKT_SECRET_SUBKEY:
879 pkt->pkt.public_key = xmalloc_clear (sizeof *pkt->pkt.public_key);
880 rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
883 rc = parse_symkeyenc (inp, pkttype, pktlen, pkt);
886 rc = parse_pubkeyenc (inp, pkttype, pktlen, pkt);
889 pkt->pkt.signature = xmalloc_clear (sizeof *pkt->pkt.signature);
890 rc = parse_signature (inp, pkttype, pktlen, pkt->pkt.signature);
892 case PKT_ONEPASS_SIG:
893 pkt->pkt.onepass_sig = xmalloc_clear (sizeof *pkt->pkt.onepass_sig);
894 rc = parse_onepass_sig (inp, pkttype, pktlen, pkt->pkt.onepass_sig);
897 rc = parse_user_id (inp, pkttype, pktlen, pkt);
900 pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
901 rc = parse_attribute (inp, pkttype, pktlen, pkt);
903 case PKT_OLD_COMMENT:
905 rc = parse_comment (inp, pkttype, pktlen, pkt);
909 rc = parse_ring_trust (ctx, pktlen);
911 goto again; /* Directly read the next packet. */
915 rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial);
918 rc = parse_compressed (inp, pkttype, pktlen, pkt, new_ctb);
921 case PKT_ENCRYPTED_MDC:
922 rc = parse_encrypted (inp, pkttype, pktlen, pkt, new_ctb, partial);
925 rc = parse_mdc (inp, pkttype, pktlen, pkt, new_ctb);
927 case PKT_ENCRYPTED_AEAD:
928 rc = parse_encrypted_aead (inp, pkttype, pktlen, pkt, partial);
930 case PKT_GPG_CONTROL:
931 rc = parse_gpg_control (inp, pkttype, pktlen, pkt, partial);
934 rc = parse_marker (inp, pkttype, pktlen);
937 /* Unknown packet. Skip it. */
938 skip_packet (inp, pkttype, pktlen, partial);
942 /* Store a shallow copy of certain packets in the context. */
943 free_packet (NULL, ctx);
944 if (!rc && (pkttype == PKT_PUBLIC_KEY
945 || pkttype == PKT_SECRET_KEY
946 || pkttype == PKT_USER_ID
947 || pkttype == PKT_ATTRIBUTE
948 || pkttype == PKT_SIGNATURE))
950 ctx->last_pkt = *pkt;
954 /* FIXME: We leak in case of an error (see the xmalloc's above). */
955 if (!rc && iobuf_error (inp))
956 rc = GPG_ERR_INV_KEYRING;
958 /* FIXME: We use only the error code for now to avoid problems with
959 callers which have not been checked to always use gpg_err_code()
960 when comparing error codes. */
961 return rc == -1? -1 : gpg_err_code (rc);
966 dump_hex_line (int c, int *i)
970 if (*i && !(*i % 24))
971 es_fprintf (listfp, "\n%4d:", *i);
973 es_putc (' ', listfp);
976 es_fprintf (listfp, " EOF");
978 es_fprintf (listfp, " %02x", c);
983 /* Copy the contents of a packet from the pipeline IN to the pipeline
986 The header and length have already been read from INP and the
987 decoded values are given as PKGTYPE and PKTLEN.
989 If the packet is a partial body length packet (RFC 4880, Section
990 4.2.2.4), then iobuf_set_partial_block_modeiobuf_set_partial_block_mode
991 should already have been called on INP and PARTIAL should be set.
993 If PARTIAL is set or PKTLEN is 0 and PKTTYPE is PKT_COMPRESSED,
994 copy until the first EOF is encountered on INP.
996 Returns 0 on success and an error code if an error occurs. */
998 copy_packet (IOBUF inp, IOBUF out, int pkttype,
999 unsigned long pktlen, int partial)
1007 while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
1008 if ((rc = iobuf_write (out, buf, n)))
1009 return rc; /* write error */
1011 else if (!pktlen && pkttype == PKT_COMPRESSED)
1013 log_debug ("copy_packet: compressed!\n");
1014 /* compressed packet, copy till EOF */
1015 while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
1016 if ((rc = iobuf_write (out, buf, n)))
1017 return rc; /* write error */
1021 for (; pktlen; pktlen -= n)
1023 n = pktlen > sizeof (buf) ? sizeof (buf) : pktlen;
1024 n = iobuf_read (inp, buf, n);
1026 return gpg_error (GPG_ERR_EOF);
1027 if ((rc = iobuf_write (out, buf, n)))
1028 return rc; /* write error */
1035 /* Skip an unknown packet. PKTTYPE is the packet's type, PKTLEN is
1036 the length of the packet's content and PARTIAL is whether partial
1037 body length encoding in used (in this case PKTLEN is ignored). */
1039 skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial)
1043 es_fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
1048 es_fputs ("dump:", listfp);
1051 while ((c = iobuf_get (inp)) != -1)
1052 dump_hex_line (c, &i);
1056 for (; pktlen; pktlen--)
1058 dump_hex_line ((c = iobuf_get (inp)), &i);
1063 es_putc ('\n', listfp);
1067 iobuf_skip_rest (inp, pktlen, partial);
1071 /* Read PKTLEN bytes from INP and return them in a newly allocated
1072 * buffer. In case of an error (including reading fewer than PKTLEN
1073 * bytes from INP before EOF is returned), NULL is returned and an
1074 * error message is logged. */
1076 read_rest (IOBUF inp, size_t pktlen)
1081 buf = xtrymalloc (pktlen);
1084 gpg_error_t err = gpg_error_from_syserror ();
1085 log_error ("error reading rest of packet: %s\n", gpg_strerror (err));
1088 for (p = buf; pktlen; pktlen--)
1090 c = iobuf_get (inp);
1093 log_error ("premature eof while reading rest of packet\n");
1104 /* Read a special size+body from INP. On success store an opaque MPI
1105 with it at R_DATA. On error return an error code and store NULL at
1106 R_DATA. Even in the error case store the number of read bytes at
1107 R_NREAD. The caller shall pass the remaining size of the packet in
1110 read_size_body (iobuf_t inp, int pktlen, size_t *r_nread,
1121 return gpg_error (GPG_ERR_INV_PACKET);
1122 c = iobuf_readbyte (inp);
1124 return gpg_error (GPG_ERR_INV_PACKET);
1128 if (nbytes < 2 || nbytes > 254)
1129 return gpg_error (GPG_ERR_INV_PACKET);
1130 if (nbytes > pktlen)
1131 return gpg_error (GPG_ERR_INV_PACKET);
1135 for (i = 0; i < nbytes; i++)
1137 c = iobuf_get (inp);
1139 return gpg_error (GPG_ERR_INV_PACKET);
1144 tmpbuf = xtrymalloc (1 + nbytes);
1146 return gpg_error_from_syserror ();
1147 memcpy (tmpbuf, buffer, 1 + nbytes);
1148 *r_data = gcry_mpi_set_opaque (NULL, tmpbuf, 8 * (1 + nbytes));
1152 return gpg_error_from_syserror ();
1158 /* Parse a marker packet. */
1160 parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
1167 if (iobuf_get (inp) != 'P')
1173 if (iobuf_get (inp) != 'G')
1179 if (iobuf_get (inp) != 'P')
1186 es_fputs (":marker packet: PGP\n", listfp);
1191 log_error ("invalid marker packet\n");
1193 es_fputs (":marker packet: [invalid]\n", listfp);
1194 iobuf_skip_rest (inp, pktlen, 0);
1195 return GPG_ERR_INV_PACKET;
1200 parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1205 int i, version, s2kmode, cipher_algo, aead_algo, hash_algo, seskeylen, minlen;
1209 version = iobuf_get_noeof (inp);
1213 else if (version == 5)
1217 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
1219 es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
1220 rc = gpg_error (GPG_ERR_INV_PACKET);
1224 { /* (we encode the seskeylen in a byte) */
1225 log_error ("packet(%d) too large\n", pkttype);
1227 es_fprintf (listfp, ":symkey enc packet: [too large]\n");
1228 rc = gpg_error (GPG_ERR_INV_PACKET);
1231 cipher_algo = iobuf_get_noeof (inp);
1235 aead_algo = iobuf_get_noeof (inp);
1242 s2kmode = iobuf_get_noeof (inp);
1244 hash_algo = iobuf_get_noeof (inp);
1248 case 0: /* Simple S2K. */
1251 case 1: /* Salted S2K. */
1254 case 3: /* Iterated+salted S2K. */
1258 log_error ("unknown S2K mode %d\n", s2kmode);
1260 es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
1263 if (minlen > pktlen)
1265 log_error ("packet with S2K %d too short\n", s2kmode);
1267 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1268 rc = gpg_error (GPG_ERR_INV_PACKET);
1271 seskeylen = pktlen - minlen;
1272 k = packet->pkt.symkey_enc = xmalloc_clear (sizeof *packet->pkt.symkey_enc
1274 k->version = version;
1275 k->cipher_algo = cipher_algo;
1276 k->aead_algo = aead_algo;
1277 k->s2k.mode = s2kmode;
1278 k->s2k.hash_algo = hash_algo;
1279 if (s2kmode == 1 || s2kmode == 3)
1281 for (i = 0; i < 8 && pktlen; i++, pktlen--)
1282 k->s2k.salt[i] = iobuf_get_noeof (inp);
1286 k->s2k.count = iobuf_get_noeof (inp);
1289 k->seskeylen = seskeylen;
1292 for (i = 0; i < seskeylen && pktlen; i++, pktlen--)
1293 k->seskey[i] = iobuf_get_noeof (inp);
1295 /* What we're watching out for here is a session key decryptor
1296 with no salt. The RFC says that using salt for this is a
1298 if (s2kmode != 1 && s2kmode != 3)
1299 log_info (_("WARNING: potentially insecure symmetrically"
1300 " encrypted session key\n"));
1302 log_assert (!pktlen);
1307 ":symkey enc packet: version %d, cipher %d, aead %d,"
1309 version, cipher_algo, aead_algo, s2kmode, hash_algo);
1312 /* To compute the size of the session key we need to know
1313 * the size of the AEAD nonce which we may not know. Thus
1314 * we show only the size of the entire encrypted session
1317 es_fprintf (listfp, ", encrypted seskey %d bytes", seskeylen);
1319 es_fprintf (listfp, ", seskey %d bits", (seskeylen - 1) * 8);
1321 es_fprintf (listfp, "\n");
1322 if (s2kmode == 1 || s2kmode == 3)
1324 es_fprintf (listfp, "\tsalt ");
1325 es_write_hexstring (listfp, k->s2k.salt, 8, 0, NULL);
1327 es_fprintf (listfp, ", count %lu (%lu)",
1328 S2K_DECODE_COUNT ((ulong) k->s2k.count),
1329 (ulong) k->s2k.count);
1330 es_fprintf (listfp, "\n");
1335 iobuf_skip_rest (inp, pktlen, 0);
1339 log_error ("packet(%d) too short\n", pkttype);
1341 es_fprintf (listfp, ":symkey enc packet: [too short]\n");
1342 rc = gpg_error (GPG_ERR_INV_PACKET);
1348 parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
1355 k = packet->pkt.pubkey_enc = xmalloc_clear (sizeof *packet->pkt.pubkey_enc);
1358 log_error ("packet(%d) too short\n", pkttype);
1360 es_fputs (":pubkey enc packet: [too short]\n", listfp);
1361 rc = gpg_error (GPG_ERR_INV_PACKET);
1364 k->version = iobuf_get_noeof (inp);
1366 if (k->version != 2 && k->version != 3)
1368 log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
1370 es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
1371 rc = gpg_error (GPG_ERR_INV_PACKET);
1374 k->keyid[0] = read_32 (inp);
1376 k->keyid[1] = read_32 (inp);
1378 k->pubkey_algo = iobuf_get_noeof (inp);
1380 k->throw_keyid = 0; /* Only used as flag for build_packet. */
1383 ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
1384 k->version, k->pubkey_algo, (ulong) k->keyid[0],
1385 (ulong) k->keyid[1]);
1387 ndata = pubkey_get_nenc (k->pubkey_algo);
1391 es_fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo);
1392 unknown_pubkey_warning (k->pubkey_algo);
1393 k->data[0] = NULL; /* No need to store the encrypted data. */
1397 for (i = 0; i < ndata; i++)
1399 if (k->pubkey_algo == PUBKEY_ALGO_ECDH)
1404 rc = read_size_body (inp, pktlen, &n, k->data+i);
1410 k->data[i] = sos_read (inp, &n, 0);
1413 rc = gpg_error (GPG_ERR_INV_PACKET);
1419 k->data[i] = mpi_read (inp, &n, 0);
1422 rc = gpg_error (GPG_ERR_INV_PACKET);
1428 es_fprintf (listfp, "\tdata: ");
1429 mpi_print (listfp, k->data[i], mpi_print_mode);
1430 es_putc ('\n', listfp);
1436 iobuf_skip_rest (inp, pktlen, 0);
1441 /* Dump a subpacket to LISTFP. BUFFER contains the subpacket in
1442 * question and points to the type field in the subpacket header (not
1443 * the start of the header). TYPE is the subpacket's type with the
1444 * critical bit cleared. CRITICAL is the value of the CRITICAL bit.
1445 * BUFLEN is the length of the buffer and LENGTH is the length of the
1446 * subpacket according to the subpacket's header. DIGEST_ALGO is the
1447 * digest algo of the signature. */
1449 dump_sig_subpkt (int hashed, int type, int critical,
1450 const byte * buffer, size_t buflen, size_t length,
1453 const char *p = NULL;
1457 /* The CERT has warning out with explains how to use GNUPG to detect
1458 * the ARRs - we print our old message here when it is a faked ARR
1459 * and add an additional notice. */
1460 if (type == SIGSUBPKT_ARR && !hashed)
1463 "\tsubpkt %d len %u (additional recipient request)\n"
1464 "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
1465 "encrypt to this key and thereby reveal the plaintext to "
1466 "the owner of this ARR key. Detailed info follows:\n",
1467 type, (unsigned) length);
1473 nprinted = es_fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*) */
1474 critical ? "critical " : "",
1475 hashed ? "hashed " : "", type, (unsigned) length);
1477 nprinted = 1; /*(we use (nprinted-1) later.)*/
1478 if (length > buflen)
1480 es_fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
1485 case SIGSUBPKT_SIG_CREATED:
1487 es_fprintf (listfp, "sig created %s",
1488 strtimestamp (buf32_to_u32 (buffer)));
1490 case SIGSUBPKT_SIG_EXPIRE:
1493 if (buf32_to_u32 (buffer))
1494 es_fprintf (listfp, "sig expires after %s",
1495 strtimevalue (buf32_to_u32 (buffer)));
1497 es_fprintf (listfp, "sig does not expire");
1500 case SIGSUBPKT_EXPORTABLE:
1502 es_fprintf (listfp, "%sexportable", *buffer ? "" : "not ");
1504 case SIGSUBPKT_TRUST:
1506 p = "[invalid trust subpacket]";
1508 es_fprintf (listfp, "trust signature of depth %d, value %d", buffer[0],
1511 case SIGSUBPKT_REGEXP:
1513 p = "[invalid regexp subpacket]";
1516 es_fprintf (listfp, "regular expression: \"");
1517 es_write_sanitized (listfp, buffer, length, "\"", NULL);
1521 case SIGSUBPKT_REVOCABLE:
1523 es_fprintf (listfp, "%srevocable", *buffer ? "" : "not ");
1525 case SIGSUBPKT_KEY_EXPIRE:
1528 if (buf32_to_u32 (buffer))
1529 es_fprintf (listfp, "key expires after %s",
1530 strtimevalue (buf32_to_u32 (buffer)));
1532 es_fprintf (listfp, "key does not expire");
1535 case SIGSUBPKT_PREF_SYM:
1536 es_fputs ("pref-sym-algos:", listfp);
1537 for (i = 0; i < length; i++)
1538 es_fprintf (listfp, " %d", buffer[i]);
1540 case SIGSUBPKT_PREF_AEAD:
1541 es_fputs ("pref-aead-algos:", listfp);
1542 for (i = 0; i < length; i++)
1543 es_fprintf (listfp, " %d", buffer[i]);
1545 case SIGSUBPKT_REV_KEY:
1546 es_fputs ("revocation key: ", listfp);
1551 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1552 for (i = 2; i < length; i++)
1553 es_fprintf (listfp, "%02X", buffer[i]);
1556 case SIGSUBPKT_ISSUER:
1558 es_fprintf (listfp, "issuer key ID %08lX%08lX",
1559 (ulong) buf32_to_u32 (buffer),
1560 (ulong) buf32_to_u32 (buffer + 4));
1562 case SIGSUBPKT_ISSUER_FPR:
1566 es_fprintf (listfp, "issuer fpr v%d ", buffer[0]);
1567 tmp = bin2hex (buffer+1, length-1, NULL);
1570 es_fputs (tmp, listfp);
1575 case SIGSUBPKT_NOTATION:
1577 es_fputs ("notation: ", listfp);
1582 const byte *s = buffer;
1585 n1 = (s[4] << 8) | s[5];
1586 n2 = (s[6] << 8) | s[7];
1588 if (8 + n1 + n2 != length)
1592 es_write_sanitized (listfp, s, n1, ")", NULL);
1593 es_putc ('=', listfp);
1596 es_write_sanitized (listfp, s + n1, n2, ")", NULL);
1598 p = "[not human readable]";
1603 case SIGSUBPKT_PREF_HASH:
1604 es_fputs ("pref-hash-algos:", listfp);
1605 for (i = 0; i < length; i++)
1606 es_fprintf (listfp, " %d", buffer[i]);
1608 case SIGSUBPKT_PREF_COMPR:
1609 es_fputs ("pref-zip-algos:", listfp);
1610 for (i = 0; i < length; i++)
1611 es_fprintf (listfp, " %d", buffer[i]);
1613 case SIGSUBPKT_KS_FLAGS:
1614 es_fputs ("keyserver preferences:", listfp);
1615 for (i = 0; i < length; i++)
1616 es_fprintf (listfp, " %02X", buffer[i]);
1618 case SIGSUBPKT_PREF_KS:
1619 es_fputs ("preferred keyserver: ", listfp);
1620 es_write_sanitized (listfp, buffer, length, ")", NULL);
1622 case SIGSUBPKT_PRIMARY_UID:
1623 p = "primary user ID";
1625 case SIGSUBPKT_POLICY:
1626 es_fputs ("policy: ", listfp);
1627 es_write_sanitized (listfp, buffer, length, ")", NULL);
1629 case SIGSUBPKT_KEY_FLAGS:
1630 es_fputs ("key flags:", listfp);
1631 for (i = 0; i < length; i++)
1632 es_fprintf (listfp, " %02X", buffer[i]);
1634 case SIGSUBPKT_SIGNERS_UID:
1635 p = "signer's user ID";
1637 case SIGSUBPKT_REVOC_REASON:
1640 es_fprintf (listfp, "revocation reason 0x%02x (", *buffer);
1641 es_write_sanitized (listfp, buffer + 1, length - 1, ")", NULL);
1646 es_fputs ("Big Brother's key (ignored): ", listfp);
1651 es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1653 es_write_hexstring (listfp, buffer+2, length-2, 0, NULL);
1656 case SIGSUBPKT_FEATURES:
1657 es_fputs ("features:", listfp);
1658 for (i = 0; i < length; i++)
1659 es_fprintf (listfp, " %02x", buffer[i]);
1661 case SIGSUBPKT_SIGNATURE:
1662 es_fputs ("signature: ", listfp);
1666 es_fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
1668 buffer[0] == 3 ? buffer[2] : buffer[1],
1669 buffer[0] == 3 ? buffer[15] : buffer[2],
1670 buffer[0] == 3 ? buffer[16] : buffer[3]);
1673 case SIGSUBPKT_ATTST_SIGS:
1677 es_fputs ("attst-sigs: ", listfp);
1678 hlen = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (digest_algo));
1680 p = "[unknown digest algo]";
1681 else if ((length % hlen))
1682 p = "[invalid length]";
1685 es_fprintf (listfp, "%u", (unsigned int)length/hlen);
1688 es_fprintf (listfp, "\n\t%*s", nprinted-1, "");
1689 es_write_hexstring (listfp, buffer, hlen, 0, NULL);
1697 case SIGSUBPKT_KEY_BLOCK:
1698 es_fputs ("key-block: ", listfp);
1699 if (length && buffer[0])
1700 p = "[unknown reserved octet]";
1701 else if (length < 50) /* 50 is an arbitrary min. length. */
1702 p = "[invalid subpacket]";
1706 /* fp = es_fopen ("a.key-block", "wb"); */
1707 /* log_assert (fp); */
1708 /* es_fwrite ( buffer+1, length-1, 1, fp); */
1709 /* es_fclose (fp); */
1710 es_fprintf (listfp, "[%u octets]", (unsigned int)length-1);
1716 if (type >= 100 && type <= 110)
1717 p = "experimental / private subpacket";
1723 es_fprintf (listfp, "%s)\n", p ? p : "");
1728 * Returns: >= 0 use this offset into buffer
1729 * -1 explicitly reject returning this type
1730 * -2 subpacket too short
1733 parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
1737 case SIGSUBPKT_REV_KEY:
1741 case SIGSUBPKT_SIG_CREATED:
1742 case SIGSUBPKT_SIG_EXPIRE:
1743 case SIGSUBPKT_KEY_EXPIRE:
1747 case SIGSUBPKT_KEY_FLAGS:
1748 case SIGSUBPKT_KS_FLAGS:
1749 case SIGSUBPKT_PREF_SYM:
1750 case SIGSUBPKT_PREF_AEAD:
1751 case SIGSUBPKT_PREF_HASH:
1752 case SIGSUBPKT_PREF_COMPR:
1753 case SIGSUBPKT_POLICY:
1754 case SIGSUBPKT_PREF_KS:
1755 case SIGSUBPKT_FEATURES:
1756 case SIGSUBPKT_REGEXP:
1757 case SIGSUBPKT_ATTST_SIGS:
1759 case SIGSUBPKT_SIGNATURE:
1760 case SIGSUBPKT_EXPORTABLE:
1761 case SIGSUBPKT_REVOCABLE:
1762 case SIGSUBPKT_REVOC_REASON:
1766 case SIGSUBPKT_ISSUER: /* issuer key ID */
1770 case SIGSUBPKT_ISSUER_FPR: /* issuer key fingerprint */
1774 case SIGSUBPKT_NOTATION:
1775 /* minimum length needed, and the subpacket must be well-formed
1776 where the name length and value length all fit inside the
1779 || 8 + ((buffer[4] << 8) | buffer[5]) +
1780 ((buffer[6] << 8) | buffer[7]) != n)
1783 case SIGSUBPKT_PRIMARY_UID:
1787 case SIGSUBPKT_TRUST:
1791 case SIGSUBPKT_KEY_BLOCK:
1793 return -1; /* Unknown version - ignore. */
1795 break; /* Definitely too short to carry a key block. */
1804 /* Return true if we understand the critical notation. */
1806 can_handle_critical_notation (const byte *name, size_t len)
1810 register_known_notation (NULL); /* Make sure it is initialized. */
1812 for (sl = known_notations_list; sl; sl = sl->next)
1813 if (sl->flags == len && !memcmp (sl->d, name, len))
1814 return 1; /* Known */
1816 if (opt.verbose && !glo_ctrl.silence_parse_warnings)
1818 log_info(_("Unknown critical signature notation: ") );
1819 print_utf8_buffer (log_get_stream(), name, len);
1823 return 0; /* Unknown. */
1828 can_handle_critical (const byte * buffer, size_t n, int type)
1832 case SIGSUBPKT_NOTATION:
1835 size_t notation_len = ((buffer[4] << 8) | buffer[5]);
1836 if (n - 8 >= notation_len)
1837 return can_handle_critical_notation (buffer + 8, notation_len);
1840 case SIGSUBPKT_SIGNATURE:
1841 case SIGSUBPKT_SIG_CREATED:
1842 case SIGSUBPKT_SIG_EXPIRE:
1843 case SIGSUBPKT_KEY_EXPIRE:
1844 case SIGSUBPKT_EXPORTABLE:
1845 case SIGSUBPKT_REVOCABLE:
1846 case SIGSUBPKT_REV_KEY:
1847 case SIGSUBPKT_ISSUER: /* issuer key ID */
1848 case SIGSUBPKT_ISSUER_FPR: /* issuer fingerprint */
1849 case SIGSUBPKT_PREF_SYM:
1850 case SIGSUBPKT_PREF_AEAD:
1851 case SIGSUBPKT_PREF_HASH:
1852 case SIGSUBPKT_PREF_COMPR:
1853 case SIGSUBPKT_KEY_FLAGS:
1854 case SIGSUBPKT_PRIMARY_UID:
1855 case SIGSUBPKT_FEATURES:
1856 case SIGSUBPKT_TRUST:
1857 case SIGSUBPKT_REGEXP:
1858 case SIGSUBPKT_ATTST_SIGS:
1859 /* Is it enough to show the policy or keyserver? */
1860 case SIGSUBPKT_POLICY:
1861 case SIGSUBPKT_PREF_KS:
1862 case SIGSUBPKT_REVOC_REASON: /* At least we know about it. */
1865 case SIGSUBPKT_KEY_BLOCK:
1866 if (n && !buffer[0])
1878 enum_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype,
1879 size_t *ret_n, int *start, int *critical)
1887 const subpktarea_t *pktbuf = want_hashed? sig->hashed : sig->unhashed;
1889 int reqseq = start ? *start : 0;
1892 critical = &critical_dummy;
1894 if (!pktbuf || reqseq == -1)
1896 static char dummy[] = "x";
1897 /* Return a value different from NULL to indicate that
1898 * there is no critical bit we do not understand. */
1899 return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
1901 buffer = pktbuf->data;
1902 buflen = pktbuf->len;
1907 if (n == 255) /* 4 byte length header. */
1911 n = buf32_to_size_t (buffer);
1915 else if (n >= 192) /* 4 byte special encoded length header. */
1919 n = ((n - 192) << 8) + *buffer + 192;
1935 if (!(++seq > reqseq))
1937 else if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1941 if (n - 1 > buflen + 1)
1943 if (!can_handle_critical (buffer + 1, n - 1, type))
1945 if (opt.verbose && !glo_ctrl.silence_parse_warnings)
1946 log_info (_("subpacket of type %d has "
1947 "critical bit set\n"), type);
1950 return NULL; /* This is an error. */
1954 else if (reqtype < 0) /* List packets. */
1955 dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
1956 type, *critical, buffer, buflen, n, sig->digest_algo);
1957 else if (type == reqtype) /* Found. */
1965 offset = parse_one_sig_subpkt (buffer, n, type);
1969 log_error ("subpacket of type %d too short\n", type);
1978 return buffer + offset;
1983 if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1984 /* Returning NULL means we found a subpacket with the critical bit
1985 set that we don't grok. We've iterated over all the subpackets
1986 and haven't found such a packet so we need to return a non-NULL
1990 /* Critical bit we don't understand. */
1993 return NULL; /* End of packets; not found. */
1996 if (opt.debug && !glo_ctrl.silence_parse_warnings)
1998 es_fflush (es_stdout);
1999 log_printhex (pktbuf->data, pktbuf->len > 16? 16 : pktbuf->len,
2000 "buffer shorter than subpacket (%zu/%d/%zu); dump:",
2001 pktbuf->len, buflen, n);
2009 if (opt.verbose && !glo_ctrl.silence_parse_warnings)
2010 log_info ("type octet missing in subpacket\n");
2018 parse_sig_subpkt (PKT_signature *sig, int want_hashed, sigsubpkttype_t reqtype,
2021 return enum_sig_subpkt (sig, want_hashed, reqtype, ret_n, NULL, NULL);
2026 parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype)
2030 p = parse_sig_subpkt (sig, 1, reqtype, NULL);
2032 p = parse_sig_subpkt (sig, 0, reqtype, NULL);
2037 /* Find all revocation keys. Look in hashed area only. */
2039 parse_revkeys (PKT_signature * sig)
2045 if (sig->sig_class != 0x1F)
2048 while ((revkey = enum_sig_subpkt (sig, 1, SIGSUBPKT_REV_KEY,
2051 /* Consider only valid packets. They must have a length of
2052 * either 2+20 or 2+32 octets and bit 7 of the class octet must
2054 if ((len == 22 || len == 34)
2055 && (revkey[0] & 0x80))
2057 sig->revkey = xrealloc (sig->revkey,
2058 sizeof (struct revocation_key) *
2059 (sig->numrevkeys + 1));
2061 sig->revkey[sig->numrevkeys].class = revkey[0];
2062 sig->revkey[sig->numrevkeys].algid = revkey[1];
2064 sig->revkey[sig->numrevkeys].fprlen = len;
2065 memcpy (sig->revkey[sig->numrevkeys].fpr, revkey+2, len);
2066 memset (sig->revkey[sig->numrevkeys].fpr+len, 0,
2067 sizeof (sig->revkey[sig->numrevkeys].fpr) - len);
2075 parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
2076 PKT_signature * sig)
2086 log_error ("packet(%d) too short\n", pkttype);
2088 es_fputs (":signature packet: [too short]\n", listfp);
2091 sig->version = iobuf_get_noeof (inp);
2093 if (sig->version == 4 || sig->version == 5)
2095 else if (sig->version != 2 && sig->version != 3)
2097 log_error ("packet(%d) with unknown version %d\n",
2098 pkttype, sig->version);
2100 es_fputs (":signature packet: [unknown version]\n", listfp);
2101 rc = gpg_error (GPG_ERR_INV_PACKET);
2109 md5_len = iobuf_get_noeof (inp);
2114 sig->sig_class = iobuf_get_noeof (inp);
2120 sig->timestamp = read_32 (inp);
2122 sig->keyid[0] = read_32 (inp);
2124 sig->keyid[1] = read_32 (inp);
2129 sig->pubkey_algo = iobuf_get_noeof (inp);
2131 sig->digest_algo = iobuf_get_noeof (inp);
2133 sig->flags.exportable = 1;
2134 sig->flags.revocable = 1;
2135 if (is_v4or5) /* Read subpackets. */
2140 pktlen -= 2; /* Length of hashed data. */
2145 log_error ("signature packet: hashed data too long\n");
2147 es_fputs (":signature packet: [hashed data too long]\n", listfp);
2148 rc = GPG_ERR_INV_PACKET;
2153 sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
2154 sig->hashed->size = n;
2155 sig->hashed->len = n;
2156 if (iobuf_read (inp, sig->hashed->data, n) != n)
2158 log_error ("premature eof while reading "
2159 "hashed signature data\n");
2161 es_fputs (":signature packet: [premature eof]\n", listfp);
2170 pktlen -= 2; /* Length of unhashed data. */
2175 log_error ("signature packet: unhashed data too long\n");
2177 es_fputs (":signature packet: [unhashed data too long]\n", listfp);
2178 rc = GPG_ERR_INV_PACKET;
2183 sig->unhashed = xmalloc (sizeof (*sig->unhashed) + n - 1);
2184 sig->unhashed->size = n;
2185 sig->unhashed->len = n;
2186 if (iobuf_read (inp, sig->unhashed->data, n) != n)
2188 log_error ("premature eof while reading "
2189 "unhashed signature data\n");
2191 es_fputs (":signature packet: [premature eof]\n", listfp);
2201 sig->digest_start[0] = iobuf_get_noeof (inp);
2203 sig->digest_start[1] = iobuf_get_noeof (inp);
2206 if (is_v4or5 && sig->pubkey_algo) /* Extract required information. */
2211 /* Set sig->flags.unknown_critical if there is a critical bit
2212 * set for packets which we do not understand. */
2213 if (!parse_sig_subpkt (sig, 1, SIGSUBPKT_TEST_CRITICAL, NULL)
2214 || !parse_sig_subpkt (sig, 0, SIGSUBPKT_TEST_CRITICAL, NULL))
2215 sig->flags.unknown_critical = 1;
2217 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_CREATED, NULL);
2219 sig->timestamp = buf32_to_u32 (p);
2220 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
2221 && opt.verbose > 1 && !glo_ctrl.silence_parse_warnings)
2222 log_info ("signature packet without timestamp\n");
2224 /* Set the key id. We first try the issuer fingerprint and if
2225 * it is a v4 signature the fallback to the issuer. Note that
2226 * only the issuer packet is also searched in the unhashed area. */
2227 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_ISSUER_FPR, &len);
2228 if (p && len == 21 && p[0] == 4)
2230 sig->keyid[0] = buf32_to_u32 (p + 1 + 12);
2231 sig->keyid[1] = buf32_to_u32 (p + 1 + 16);
2233 else if (p && len == 33 && p[0] == 5)
2235 sig->keyid[0] = buf32_to_u32 (p + 1 );
2236 sig->keyid[1] = buf32_to_u32 (p + 1 + 4);
2238 else if ((p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER)))
2240 sig->keyid[0] = buf32_to_u32 (p);
2241 sig->keyid[1] = buf32_to_u32 (p + 4);
2243 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
2244 && opt.verbose > 1 && !glo_ctrl.silence_parse_warnings)
2245 log_info ("signature packet without keyid\n");
2247 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIG_EXPIRE, NULL);
2248 if (p && buf32_to_u32 (p))
2249 sig->expiredate = sig->timestamp + buf32_to_u32 (p);
2250 if (sig->expiredate && sig->expiredate <= make_timestamp ())
2251 sig->flags.expired = 1;
2253 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_POLICY, NULL);
2255 sig->flags.policy_url = 1;
2257 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_PREF_KS, NULL);
2259 sig->flags.pref_ks = 1;
2261 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_SIGNERS_UID, &len);
2266 sig->signers_uid = try_make_printable_string (p, len, 0);
2267 if (!sig->signers_uid)
2269 rc = gpg_error_from_syserror ();
2272 mbox = mailbox_from_userid (sig->signers_uid, 0);
2275 xfree (sig->signers_uid);
2276 sig->signers_uid = mbox;
2280 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_KEY_BLOCK, NULL);
2282 sig->flags.key_block = 1;
2284 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_NOTATION, NULL);
2286 sig->flags.notation = 1;
2288 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_REVOCABLE, NULL);
2290 sig->flags.revocable = 0;
2292 p = parse_sig_subpkt (sig, 1, SIGSUBPKT_TRUST, &len);
2295 sig->trust_depth = p[0];
2296 sig->trust_value = p[1];
2298 /* Only look for a regexp if there is also a trust
2301 parse_sig_subpkt (sig, 1, SIGSUBPKT_REGEXP, &len);
2303 /* If the regular expression is of 0 length, there is no
2304 regular expression. */
2306 sig->trust_regexp = NULL;
2309 /* We accept the exportable subpacket from either the hashed or
2310 unhashed areas as older versions of gpg put it in the
2311 unhashed area. In theory, anyway, we should never see this
2312 packet off of a local keyring. */
2314 p = parse_sig_subpkt2 (sig, SIGSUBPKT_EXPORTABLE);
2316 sig->flags.exportable = 0;
2318 /* Find all revocation keys. */
2319 if (sig->sig_class == 0x1F)
2320 parse_revkeys (sig);
2325 es_fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
2326 "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
2327 "\tdigest algo %d, begin of digest %02x %02x\n",
2329 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
2330 sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
2331 sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
2334 parse_sig_subpkt (sig, 1, SIGSUBPKT_LIST_HASHED, NULL);
2335 parse_sig_subpkt (sig, 0, SIGSUBPKT_LIST_UNHASHED, NULL);
2339 ndata = pubkey_get_nsig (sig->pubkey_algo);
2343 es_fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo);
2344 unknown_pubkey_warning (sig->pubkey_algo);
2346 /* We store the plain material in data[0], so that we are able
2347 * to write it back with build_packet(). */
2348 if (pktlen > (5 * MAX_EXTERN_MPI_BITS / 8))
2350 /* We include a limit to avoid too trivial DoS attacks by
2351 having gpg allocate too much memory. */
2352 log_error ("signature packet: too much data\n");
2353 rc = GPG_ERR_INV_PACKET;
2359 tmpp = read_rest (inp, pktlen);
2360 sig->data[0] = gcry_mpi_set_opaque (NULL, tmpp, tmpp? pktlen * 8 : 0);
2366 for (i = 0; i < ndata; i++)
2369 if (sig->pubkey_algo == PUBKEY_ALGO_ECDSA
2370 || sig->pubkey_algo == PUBKEY_ALGO_EDDSA)
2371 sig->data[i] = sos_read (inp, &n, 0);
2373 sig->data[i] = mpi_read (inp, &n, 0);
2377 es_fprintf (listfp, "\tdata: ");
2378 mpi_print (listfp, sig->data[i], mpi_print_mode);
2379 es_putc ('\n', listfp);
2382 rc = GPG_ERR_INV_PACKET;
2387 iobuf_skip_rest (inp, pktlen, 0);
2391 log_error ("packet(%d) too short\n", pkttype);
2393 es_fputs (":signature packet: [too short]\n", listfp);
2395 iobuf_skip_rest (inp, pktlen, 0);
2397 return GPG_ERR_INV_PACKET;
2402 parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
2403 PKT_onepass_sig * ops)
2410 log_error ("packet(%d) too short\n", pkttype);
2412 es_fputs (":onepass_sig packet: [too short]\n", listfp);
2413 rc = gpg_error (GPG_ERR_INV_PACKET);
2416 version = iobuf_get_noeof (inp);
2420 log_error ("onepass_sig with unknown version %d\n", version);
2422 es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
2423 rc = gpg_error (GPG_ERR_INV_PACKET);
2426 ops->sig_class = iobuf_get_noeof (inp);
2428 ops->digest_algo = iobuf_get_noeof (inp);
2430 ops->pubkey_algo = iobuf_get_noeof (inp);
2432 ops->keyid[0] = read_32 (inp);
2434 ops->keyid[1] = read_32 (inp);
2436 ops->last = iobuf_get_noeof (inp);
2440 ":onepass_sig packet: keyid %08lX%08lX\n"
2441 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
2443 (ulong) ops->keyid[0], (ulong) ops->keyid[1],
2444 version, ops->sig_class,
2445 ops->digest_algo, ops->pubkey_algo, ops->last);
2449 iobuf_skip_rest (inp, pktlen, 0);
2455 parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
2456 byte * hdr, int hdrlen, PACKET * pkt)
2458 gpg_error_t err = 0;
2459 int i, version, algorithm;
2460 unsigned long timestamp, expiredate, max_expiredate;
2465 unsigned int pkbytes; /* For v5 keys: Number of bytes in the public
2466 * key material. For v4 keys: 0. */
2470 pk = pkt->pkt.public_key; /* PK has been cleared. */
2472 version = iobuf_get_noeof (inp);
2474 if (pkttype == PKT_PUBLIC_SUBKEY && version == '#')
2476 /* Early versions of G10 used the old PGP comments packets;
2477 * luckily all those comments are started by a hash. */
2480 es_fprintf (listfp, ":rfc1991 comment packet: \"");
2481 for (; pktlen; pktlen--)
2484 c = iobuf_get (inp);
2486 break; /* Ooops: shorter than indicated. */
2487 if (c >= ' ' && c <= 'z')
2488 es_putc (c, listfp);
2490 es_fprintf (listfp, "\\x%02x", c);
2492 es_fprintf (listfp, "\"\n");
2494 iobuf_skip_rest (inp, pktlen, 0);
2497 else if (version == 4)
2499 else if (version == 5)
2501 else if (version == 2 || version == 3)
2503 /* Not anymore supported since 2.1. Use an older gpg version
2504 * (i.e. gpg 1.4) to parse v3 packets. */
2505 if (opt.verbose > 1 && !glo_ctrl.silence_parse_warnings)
2506 log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
2508 es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
2509 pk->version = version;
2510 err = gpg_error (GPG_ERR_LEGACY_KEY);
2515 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
2517 es_fputs (":key packet: [unknown version]\n", listfp);
2518 err = gpg_error (GPG_ERR_INV_PACKET);
2522 if (pktlen < (is_v5? 15:11))
2524 log_error ("packet(%d) too short\n", pkttype);
2526 es_fputs (":key packet: [too short]\n", listfp);
2527 err = gpg_error (GPG_ERR_INV_PACKET);
2530 else if (pktlen > MAX_KEY_PACKET_LENGTH)
2532 log_error ("packet(%d) too large\n", pkttype);
2534 es_fputs (":key packet: [too large]\n", listfp);
2535 err = gpg_error (GPG_ERR_INV_PACKET);
2539 timestamp = read_32 (inp);
2541 expiredate = 0; /* have to get it from the selfsignature */
2543 algorithm = iobuf_get_noeof (inp);
2547 pkbytes = read_32 (inp);
2555 es_fprintf (listfp, ":%s key packet:\n"
2556 "\tversion %d, algo %d, created %lu, expires %lu",
2557 pkttype == PKT_PUBLIC_KEY ? "public" :
2558 pkttype == PKT_SECRET_KEY ? "secret" :
2559 pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
2560 pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
2561 version, algorithm, timestamp, expiredate);
2563 es_fprintf (listfp, ", pkbytes %u\n", pkbytes);
2565 es_fprintf (listfp, "\n");
2568 pk->timestamp = timestamp;
2569 pk->expiredate = expiredate;
2570 pk->max_expiredate = max_expiredate;
2571 pk->hdrbytes = hdrlen;
2572 pk->version = version;
2573 pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
2574 pk->pubkey_algo = algorithm;
2576 nskey = pubkey_get_nskey (algorithm);
2577 npkey = pubkey_get_npkey (algorithm);
2581 es_fprintf (listfp, "\tunknown algorithm %d\n", algorithm);
2582 unknown_pubkey_warning (algorithm);
2587 /* Unknown algorithm - put data into an opaque MPI. */
2588 void *tmpp = read_rest (inp, pktlen);
2589 /* Current gcry_mpi_cmp does not handle a (NULL,n>0) nicely and
2590 * thus we avoid to create such an MPI. */
2591 pk->pkey[0] = gcry_mpi_set_opaque (NULL, tmpp, tmpp? pktlen * 8 : 0);
2597 for (i = 0; i < npkey; i++)
2599 if ( (algorithm == PUBKEY_ALGO_ECDSA && (i == 0))
2600 || (algorithm == PUBKEY_ALGO_EDDSA && (i == 0))
2601 || (algorithm == PUBKEY_ALGO_ECDH && (i == 0 || i == 2)))
2603 /* Read the OID (i==0) or the KDF params (i==2). */
2605 err = read_size_body (inp, pktlen, &n, pk->pkey+i);
2610 unsigned int n = pktlen;
2611 if (algorithm == PUBKEY_ALGO_ECDSA
2612 || algorithm == PUBKEY_ALGO_EDDSA
2613 || algorithm == PUBKEY_ALGO_ECDH)
2614 pk->pkey[i] = sos_read (inp, &n, 0);
2616 pk->pkey[i] = mpi_read (inp, &n, 0);
2619 err = gpg_error (GPG_ERR_INV_PACKET);
2625 es_fprintf (listfp, "\tpkey[%d]: ", i);
2626 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2627 if ((algorithm == PUBKEY_ALGO_ECDSA
2628 || algorithm == PUBKEY_ALGO_EDDSA
2629 || algorithm == PUBKEY_ALGO_ECDH) && i==0)
2631 char *curve = openpgp_oid_to_str (pk->pkey[0]);
2632 const char *name = openpgp_oid_to_curve (curve, 0);
2633 es_fprintf (listfp, " %s (%s)", name?name:"", curve);
2636 es_putc ('\n', listfp);
2641 keyid_from_pk (pk, keyid);
2643 if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
2645 struct seckey_info *ski;
2648 unsigned int skbytes;
2652 err = gpg_error (GPG_ERR_INV_PACKET);
2656 pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
2657 if (!pk->seckey_info)
2659 err = gpg_error_from_syserror ();
2663 ski->algo = iobuf_get_noeof (inp);
2668 unsigned int protcount = 0;
2670 /* Read the one octet count of the following key-protection
2671 * material. Only required in case of unknown values. */
2674 err = gpg_error (GPG_ERR_INV_PACKET);
2677 protcount = iobuf_get_noeof (inp);
2680 es_fprintf (listfp, "\tprotbytes: %u\n", protcount);
2685 ski->is_protected = 1;
2687 if (ski->algo == 254 || ski->algo == 255)
2691 err = gpg_error (GPG_ERR_INV_PACKET);
2695 ski->sha1chk = (ski->algo == 254);
2696 ski->algo = iobuf_get_noeof (inp);
2698 /* Note that a ski->algo > 110 is illegal, but I'm not
2699 * erroring out here as otherwise there would be no way
2700 * to delete such a key. */
2701 ski->s2k.mode = iobuf_get_noeof (inp);
2703 ski->s2k.hash_algo = iobuf_get_noeof (inp);
2705 /* Check for the special GNU extension. */
2706 if (ski->s2k.mode == 101)
2708 for (i = 0; i < 4 && pktlen; i++, pktlen--)
2709 temp[i] = iobuf_get_noeof (inp);
2710 if (i < 4 || memcmp (temp, "GNU", 3))
2713 es_fprintf (listfp, "\tunknown S2K %d\n",
2715 err = gpg_error (GPG_ERR_INV_PACKET);
2718 /* Here we know that it is a GNU extension. What
2719 * follows is the GNU protection mode: All values
2720 * have special meanings and they are mapped to MODE
2721 * with a base of 1000. */
2722 ski->s2k.mode = 1000 + temp[3];
2725 /* Read the salt. */
2726 if (ski->s2k.mode == 3 || ski->s2k.mode == 1)
2728 for (i = 0; i < 8 && pktlen; i++, pktlen--)
2729 temp[i] = iobuf_get_noeof (inp);
2732 err = gpg_error (GPG_ERR_INV_PACKET);
2735 memcpy (ski->s2k.salt, temp, 8);
2738 /* Check the mode. */
2739 switch (ski->s2k.mode)
2743 es_fprintf (listfp, "\tsimple S2K");
2747 es_fprintf (listfp, "\tsalted S2K");
2751 es_fprintf (listfp, "\titer+salt S2K");
2755 es_fprintf (listfp, "\tgnu-dummy");
2759 es_fprintf (listfp, "\tgnu-divert-to-card");
2763 es_fprintf (listfp, "\tgnu-mode1003");
2767 es_fprintf (listfp, "\tunknown %sS2K %d\n",
2768 ski->s2k.mode < 1000 ? "" : "GNU ",
2770 err = gpg_error (GPG_ERR_INV_PACKET);
2774 /* Print some info. */
2775 if (list_mode && ski->s2k.mode != 1003)
2777 es_fprintf (listfp, ", algo: %d,%s hash: %d",
2779 ski->sha1chk ? " SHA1 protection,"
2780 : " simple checksum,", ski->s2k.hash_algo);
2781 if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
2783 es_fprintf (listfp, ", salt: ");
2784 es_write_hexstring (listfp, ski->s2k.salt, 8, 0, NULL);
2788 es_putc ('\n', listfp);
2790 /* Read remaining protection parameters. */
2791 if (ski->s2k.mode == 3)
2795 err = gpg_error (GPG_ERR_INV_PACKET);
2798 ski->s2k.count = iobuf_get_noeof (inp);
2801 es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",
2802 (ulong)S2K_DECODE_COUNT ((ulong)ski->s2k.count),
2803 (ulong) ski->s2k.count);
2805 else if (ski->s2k.mode == 1002)
2807 /* Read the serial number. */
2810 err = gpg_error (GPG_ERR_INV_PACKET);
2813 snlen = iobuf_get (inp);
2815 if (pktlen < snlen || snlen == (size_t)(-1))
2817 err = gpg_error (GPG_ERR_INV_PACKET);
2822 else /* Old version; no S2K, so we set mode to 0, hash MD5. */
2824 /* Note that a ski->algo > 110 is illegal, but I'm not
2825 erroring on it here as otherwise there would be no
2826 way to delete such a key. */
2828 ski->s2k.hash_algo = DIGEST_ALGO_MD5;
2830 es_fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
2831 ski->algo, ski->s2k.hash_algo);
2834 /* It is really ugly that we don't know the size
2835 * of the IV here in cases we are not aware of the algorithm.
2837 * ski->ivlen = cipher_get_blocksize (ski->algo);
2838 * won't work. The only solution I see is to hardwire it.
2839 * NOTE: if you change the ivlen above 16, don't forget to
2841 * FIXME: For v5 keys we can deduce this info!
2843 ski->ivlen = openpgp_cipher_blocklen (ski->algo);
2844 log_assert (ski->ivlen <= sizeof (temp));
2846 if (ski->s2k.mode == 1001 || ski->s2k.mode == 1003)
2848 else if (ski->s2k.mode == 1002)
2849 ski->ivlen = snlen < 16 ? snlen : 16;
2851 if (pktlen < ski->ivlen)
2853 err = gpg_error (GPG_ERR_INV_PACKET);
2856 for (i = 0; i < ski->ivlen; i++, pktlen--)
2857 temp[i] = iobuf_get_noeof (inp);
2858 if (list_mode && ski->s2k.mode != 1003)
2861 ski->s2k.mode == 1002 ? "\tserial-number: "
2862 : "\tprotect IV: ");
2863 for (i = 0; i < ski->ivlen; i++)
2864 es_fprintf (listfp, " %02x", temp[i]);
2865 es_putc ('\n', listfp);
2867 memcpy (ski->iv, temp, ski->ivlen);
2870 /* Skip count of secret key material. */
2875 err = gpg_error (GPG_ERR_INV_PACKET);
2878 skbytes = read_32 (inp);
2881 es_fprintf (listfp, "\tskbytes: %u\n", skbytes);
2884 /* It does not make sense to read it into secure memory.
2885 * If the user is so careless, not to protect his secret key,
2886 * we can assume, that he operates an open system :=(.
2887 * So we put the key into secure memory when we unprotect it. */
2888 if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
2890 /* Better set some dummy stuff here. */
2891 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2892 xstrdup ("dummydata"),
2896 else if (ski->s2k.mode == 1003)
2900 if (pktlen < 2) /* At least two bytes for parenthesis. */
2902 err = gpg_error (GPG_ERR_INV_PACKET);
2906 tmpp = read_rest (inp, pktlen);
2911 char *tmpsxp = canon_sexp_to_string (tmpp, pktlen);
2912 es_fprintf (listfp, "\tskey[%d]: %s\n", npkey,
2913 tmpsxp? trim_trailing_spaces (tmpsxp)
2914 /* */: "[invalid S-expression]");
2918 es_fprintf (listfp, "\tskey[%d]: [s-expression %lu octets]\n",
2921 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2922 tmpp, tmpp? pktlen * 8 : 0);
2925 else if (ski->is_protected)
2929 if (pktlen < 2) /* At least two bytes for the length. */
2931 err = gpg_error (GPG_ERR_INV_PACKET);
2935 /* Ugly: The length is encrypted too, so we read all stuff
2936 * up to the end of the packet into the first SKEY
2938 * FIXME: We can do better for v5 keys. */
2940 tmpp = read_rest (inp, pktlen);
2941 pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
2942 tmpp, tmpp? pktlen * 8 : 0);
2943 /* Mark that MPI as protected - we need this information for
2944 * importing a key. The OPAQUE flag can't be used because
2945 * we also store public EdDSA values in opaque MPIs. */
2946 if (pk->pkey[npkey])
2947 gcry_mpi_set_flag (pk->pkey[npkey], GCRYMPI_FLAG_USER1);
2950 es_fprintf (listfp, "\tskey[%d]: [v4 protected]\n", npkey);
2954 /* Not encrypted. */
2955 for (i = npkey; i < nskey; i++)
2959 if (pktlen < 2) /* At least two bytes for the length. */
2961 err = gpg_error (GPG_ERR_INV_PACKET);
2965 if (algorithm == PUBKEY_ALGO_ECDSA
2966 || algorithm == PUBKEY_ALGO_EDDSA
2967 || algorithm == PUBKEY_ALGO_ECDH)
2968 pk->pkey[i] = sos_read (inp, &n, 0);
2970 pk->pkey[i] = mpi_read (inp, &n, 0);
2974 es_fprintf (listfp, "\tskey[%d]: ", i);
2975 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2976 es_putc ('\n', listfp);
2980 err = gpg_error (GPG_ERR_INV_PACKET);
2987 err = gpg_error (GPG_ERR_INV_PACKET);
2990 ski->csum = read_16 (inp);
2993 es_fprintf (listfp, "\tchecksum: %04hx\n", ski->csum);
2997 /* Note that KEYID below has been initialized above in list_mode. */
2999 es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
3000 (ulong) keyid[0], (ulong) keyid[1]);
3003 iobuf_skip_rest (inp, pktlen, 0);
3008 /* Attribute subpackets have the same format as v4 signature
3009 subpackets. This is not part of OpenPGP, but is done in several
3010 versions of PGP nevertheless. */
3012 parse_attribute_subpkts (PKT_user_id * uid)
3016 struct user_attribute *attribs = NULL;
3017 const byte *buffer = uid->attrib_data;
3018 int buflen = uid->attrib_len;
3021 xfree (uid->attribs);
3027 if (n == 255) /* 4 byte length header. */
3031 n = buf32_to_size_t (buffer);
3035 else if (n >= 192) /* 2 byte special encoded length header. */
3039 n = ((n - 192) << 8) + *buffer + 192;
3048 /* Too short to encode the subpacket type. */
3050 log_info ("attribute subpacket too short\n");
3054 attribs = xrealloc (attribs,
3055 (count + 1) * sizeof (struct user_attribute));
3056 memset (&attribs[count], 0, sizeof (struct user_attribute));
3063 attribs[count].type = type;
3064 attribs[count].data = buffer;
3065 attribs[count].len = n;
3071 uid->attribs = attribs;
3072 uid->numattribs = count;
3076 if (opt.verbose && !glo_ctrl.silence_parse_warnings)
3077 log_info ("buffer shorter than attribute subpacket\n");
3078 uid->attribs = attribs;
3079 uid->numattribs = count;
3085 parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
3089 /* Cap the size of a user ID at 2k: a value absurdly large enough
3090 that there is no sane user ID string (which is printable text
3091 as of RFC2440bis) that won't fit in it, but yet small enough to
3092 avoid allocation problems. A large pktlen may not be
3093 allocatable, and a very large pktlen could actually cause our
3094 allocation to wrap around in xmalloc to a small number. */
3096 if (pktlen > MAX_UID_PACKET_LENGTH)
3098 log_error ("packet(%d) too large\n", pkttype);
3100 es_fprintf (listfp, ":user ID packet: [too large]\n");
3101 iobuf_skip_rest (inp, pktlen, 0);
3102 return GPG_ERR_INV_PACKET;
3105 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id + pktlen);
3106 packet->pkt.user_id->len = pktlen;
3107 packet->pkt.user_id->ref = 1;
3109 p = packet->pkt.user_id->name;
3110 for (; pktlen; pktlen--, p++)
3111 *p = iobuf_get_noeof (inp);
3116 int n = packet->pkt.user_id->len;
3117 es_fprintf (listfp, ":user ID packet: \"");
3118 /* fixme: Hey why don't we replace this with es_write_sanitized?? */
3119 for (p = packet->pkt.user_id->name; n; p++, n--)
3121 if (*p >= ' ' && *p <= 'z')
3122 es_putc (*p, listfp);
3124 es_fprintf (listfp, "\\x%02x", *p);
3126 es_fprintf (listfp, "\"\n");
3133 make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
3135 log_assert (max_namelen > 70);
3136 if (uid->numattribs <= 0)
3137 sprintf (uid->name, "[bad attribute packet of size %lu]",
3139 else if (uid->numattribs > 1)
3140 sprintf (uid->name, "[%d attributes of size %lu]",
3141 uid->numattribs, uid->attrib_len);
3144 /* Only one attribute, so list it as the "user id" */
3146 if (uid->attribs->type == ATTRIB_IMAGE)
3151 if (parse_image_header (uid->attribs, &type, &len))
3152 sprintf (uid->name, "[%.20s image of size %lu]",
3153 image_type_to_string (type, 1), (ulong) len);
3155 sprintf (uid->name, "[invalid image]");
3158 sprintf (uid->name, "[unknown attribute of size %lu]",
3159 (ulong) uid->attribs->len);
3162 uid->len = strlen (uid->name);
3167 parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
3174 /* We better cap the size of an attribute packet to make DoS not too
3175 easy. 16MB should be more then enough for one attribute packet
3177 if (pktlen > MAX_ATTR_PACKET_LENGTH)
3179 log_error ("packet(%d) too large\n", pkttype);
3181 es_fprintf (listfp, ":attribute packet: [too large]\n");
3182 iobuf_skip_rest (inp, pktlen, 0);
3183 return GPG_ERR_INV_PACKET;
3186 #define EXTRA_UID_NAME_SPACE 71
3187 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
3188 + EXTRA_UID_NAME_SPACE);
3189 packet->pkt.user_id->ref = 1;
3190 packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
3191 packet->pkt.user_id->attrib_len = pktlen;
3193 p = packet->pkt.user_id->attrib_data;
3194 for (; pktlen; pktlen--, p++)
3195 *p = iobuf_get_noeof (inp);
3197 /* Now parse out the individual attribute subpackets. This is
3198 somewhat pointless since there is only one currently defined
3199 attribute type (jpeg), but it is correct by the spec. */
3200 parse_attribute_subpkts (packet->pkt.user_id);
3202 make_attribute_uidname (packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
3206 es_fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name);
3213 parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
3217 /* Cap comment packet at a reasonable value to avoid an integer
3218 overflow in the malloc below. Comment packets are actually not
3219 anymore define my OpenPGP and we even stopped to use our
3220 private comment packet. */
3221 if (pktlen > MAX_COMMENT_PACKET_LENGTH)
3223 log_error ("packet(%d) too large\n", pkttype);
3225 es_fprintf (listfp, ":%scomment packet: [too large]\n",
3226 pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
3227 iobuf_skip_rest (inp, pktlen, 0);
3228 return GPG_ERR_INV_PACKET;
3230 packet->pkt.comment = xmalloc (sizeof *packet->pkt.comment + pktlen - 1);
3231 packet->pkt.comment->len = pktlen;
3232 p = packet->pkt.comment->data;
3233 for (; pktlen; pktlen--, p++)
3234 *p = iobuf_get_noeof (inp);
3238 int n = packet->pkt.comment->len;
3239 es_fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT ?
3240 "OpenPGP draft " : "");
3241 for (p = packet->pkt.comment->data; n; p++, n--)
3243 if (*p >= ' ' && *p <= 'z')
3244 es_putc (*p, listfp);
3246 es_fprintf (listfp, "\\x%02x", *p);
3248 es_fprintf (listfp, "\"\n");
3254 /* Parse a ring trust packet RFC4880 (5.10).
3256 * This parser is special in that the packet is not stored as a packet
3257 * but its content is merged into the previous packet. */
3259 parse_ring_trust (parse_packet_ctx_t ctx, unsigned long pktlen)
3262 iobuf_t inp = ctx->inp;
3263 PKT_ring_trust rt = {0};
3270 es_fprintf (listfp, ":trust packet: empty\n");
3275 c = iobuf_get_noeof (inp);
3282 c = iobuf_get_noeof (inp);
3283 /* We require that bit 7 of the sigcache is 0 (easier
3289 iobuf_get_noeof (inp); /* Dummy read. */
3293 /* Next is the optional subtype. */
3297 tmp[0] = iobuf_get_noeof (inp);
3298 tmp[1] = iobuf_get_noeof (inp);
3299 tmp[2] = iobuf_get_noeof (inp);
3300 tmp[3] = iobuf_get_noeof (inp);
3302 if (!memcmp (tmp, "gpg", 3))
3303 rt.subtype = tmp[3];
3307 /* If it is a key or uid subtype read the remaining data. */
3308 if ((rt.subtype == RING_TRUST_KEY || rt.subtype == RING_TRUST_UID)
3312 unsigned int namelen;
3314 rt.keyorg = iobuf_get_noeof (inp);
3316 rt.keyupdate = read_32 (inp);
3318 namelen = iobuf_get_noeof (inp);
3320 if (namelen && pktlen)
3322 rt.url = xtrymalloc (namelen + 1);
3325 err = gpg_error_from_syserror ();
3328 for (i = 0; pktlen && i < namelen; pktlen--, i++)
3329 rt.url[i] = iobuf_get_noeof (inp);
3336 if (rt.subtype == RING_TRUST_SIG)
3337 es_fprintf (listfp, ":trust packet: sig flag=%02x sigcache=%02x\n",
3338 rt.trustval, rt.sigcache);
3339 else if (rt.subtype == RING_TRUST_UID || rt.subtype == RING_TRUST_KEY)
3343 es_fprintf (listfp, ":trust packet: %s upd=%lu src=%d%s",
3344 (rt.subtype == RING_TRUST_UID? "uid" : "key"),
3345 (unsigned long)rt.keyupdate,
3347 (rt.url? " url=":""));
3350 for (p = rt.url; *p; p++)
3352 if (*p >= ' ' && *p <= 'z')
3353 es_putc (*p, listfp);
3355 es_fprintf (listfp, "\\x%02x", *p);
3358 es_putc ('\n', listfp);
3361 es_fprintf (listfp, ":trust packet: not created by gpg\n");
3363 es_fprintf (listfp, ":trust packet: subtype=%02x\n",
3367 /* Now transfer the data to the respective packet. Do not do this
3368 * if SKIP_META is set. */
3369 if (!ctx->last_pkt.pkt.generic || ctx->skip_meta)
3371 else if (rt.subtype == RING_TRUST_SIG
3372 && ctx->last_pkt.pkttype == PKT_SIGNATURE)
3374 PKT_signature *sig = ctx->last_pkt.pkt.signature;
3376 if ((rt.sigcache & 1))
3378 sig->flags.checked = 1;
3379 sig->flags.valid = !!(rt.sigcache & 2);
3382 else if (rt.subtype == RING_TRUST_UID
3383 && (ctx->last_pkt.pkttype == PKT_USER_ID
3384 || ctx->last_pkt.pkttype == PKT_ATTRIBUTE))
3386 PKT_user_id *uid = ctx->last_pkt.pkt.user_id;
3388 uid->keyorg = rt.keyorg;
3389 uid->keyupdate = rt.keyupdate;
3390 uid->updateurl = rt.url;
3393 else if (rt.subtype == RING_TRUST_KEY
3394 && (ctx->last_pkt.pkttype == PKT_PUBLIC_KEY
3395 || ctx->last_pkt.pkttype == PKT_SECRET_KEY))
3397 PKT_public_key *pk = ctx->last_pkt.pkt.public_key;
3399 pk->keyorg = rt.keyorg;
3400 pk->keyupdate = rt.keyupdate;
3401 pk->updateurl = rt.url;
3409 free_packet (NULL, ctx); /* This sets ctx->last_pkt to NULL. */
3410 iobuf_skip_rest (inp, pktlen, 0);
3416 parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
3417 PACKET * pkt, int new_ctb, int partial)
3425 if (!partial && pktlen < 6)
3427 log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
3429 es_fputs (":literal data packet: [too short]\n", listfp);
3430 rc = gpg_error (GPG_ERR_INV_PACKET);
3433 mode = iobuf_get_noeof (inp);
3436 namelen = iobuf_get_noeof (inp);
3439 /* Note that namelen will never exceed 255 bytes. */
3440 pt = pkt->pkt.plaintext =
3441 xmalloc (sizeof *pkt->pkt.plaintext + namelen - 1);
3442 pt->new_ctb = new_ctb;
3444 pt->namelen = namelen;
3445 pt->is_partial = partial;
3448 for (i = 0; pktlen > 4 && i < namelen; pktlen--, i++)
3449 pt->name[i] = iobuf_get_noeof (inp);
3453 for (i = 0; i < namelen; i++)
3454 if ((c = iobuf_get (inp)) == -1)
3459 /* Fill up NAME so that a check with valgrind won't complain about
3460 * reading from uninitialized memory. This case may be triggred by
3461 * corrupted packets. */
3462 for (; i < namelen; i++)
3465 pt->timestamp = read_32 (inp);
3473 es_fprintf (listfp, ":literal data packet:\n"
3474 "\tmode %c (%X), created %lu, name=\"",
3475 mode >= ' ' && mode < 'z' ? mode : '?', mode,
3476 (ulong) pt->timestamp);
3477 for (p = pt->name, i = 0; i < namelen; p++, i++)
3479 if (*p >= ' ' && *p <= 'z')
3480 es_putc (*p, listfp);
3482 es_fprintf (listfp, "\\x%02x", *p);
3484 es_fprintf (listfp, "\",\n\traw data: ");
3486 es_fprintf (listfp, "unknown length\n");
3488 es_fprintf (listfp, "%lu bytes\n", (ulong) pt->len);
3497 parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
3498 PACKET * pkt, int new_ctb)
3502 /* PKTLEN is here 0, but data follows (this should be the last
3503 object in a file or the compress algorithm should know the
3508 zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
3509 zd->algorithm = iobuf_get_noeof (inp);
3510 zd->len = 0; /* not used */
3511 zd->new_ctb = new_ctb;
3514 es_fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
3520 parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
3521 PACKET * pkt, int new_ctb, int partial)
3525 unsigned long orig_pktlen = pktlen;
3527 ed = pkt->pkt.encrypted = xmalloc (sizeof *pkt->pkt.encrypted);
3528 /* ed->len is set below. */
3529 ed->extralen = 0; /* Unknown here; only used in build_packet. */
3531 ed->new_ctb = new_ctb;
3532 ed->is_partial = partial;
3534 ed->cipher_algo = 0; /* Only used with AEAD. */
3535 ed->chunkbyte = 0; /* Only used with AEAD. */
3536 if (pkttype == PKT_ENCRYPTED_MDC)
3538 /* Fixme: add some pktlen sanity checks. */
3541 version = iobuf_get_noeof (inp);
3546 log_error ("encrypted_mdc packet with unknown version %d\n",
3549 es_fputs (":encrypted data packet: [unknown version]\n", listfp);
3550 /*skip_rest(inp, pktlen); should we really do this? */
3551 rc = gpg_error (GPG_ERR_INV_PACKET);
3554 ed->mdc_method = DIGEST_ALGO_SHA1;
3559 /* A basic sanity check. We need at least an 8 byte IV plus the 2
3560 detection bytes. Note that we don't known the algorithm and thus
3561 we may only check against the minimum blocksize. */
3562 if (orig_pktlen && pktlen < 10)
3564 /* Actually this is blocksize+2. */
3565 log_error ("packet(%d) too short\n", pkttype);
3567 es_fputs (":encrypted data packet: [too short]\n", listfp);
3568 rc = GPG_ERR_INV_PACKET;
3569 iobuf_skip_rest (inp, pktlen, partial);
3573 /* Store the remaining length of the encrypted data (i.e. without
3574 the MDC version number but with the IV etc.). This value is
3575 required during decryption. */
3581 es_fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
3584 es_fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
3586 es_fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method);
3596 /* Note, that this code is not anymore used in real life because the
3597 MDC checking is now done right after the decryption in
3600 parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
3601 PACKET * pkt, int new_ctb)
3609 mdc = pkt->pkt.mdc = xmalloc (sizeof *pkt->pkt.mdc);
3611 es_fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
3612 if (!new_ctb || pktlen != 20)
3614 log_error ("mdc_packet with invalid encoding\n");
3615 rc = gpg_error (GPG_ERR_INV_PACKET);
3619 for (; pktlen; pktlen--, p++)
3620 *p = iobuf_get_noeof (inp);
3628 parse_encrypted_aead (iobuf_t inp, int pkttype, unsigned long pktlen,
3629 PACKET *pkt, int partial)
3633 unsigned long orig_pktlen = pktlen;
3636 ed = pkt->pkt.encrypted = xtrymalloc (sizeof *pkt->pkt.encrypted);
3638 return gpg_error_from_syserror ();
3640 ed->extralen = 0; /* (only used in build_packet.) */
3642 ed->new_ctb = 1; /* (packet number requires a new CTB anyway.) */
3643 ed->is_partial = partial;
3645 /* A basic sanity check. We need one version byte, one algo byte,
3646 * one aead algo byte, one chunkbyte, at least 15 byte IV. */
3647 if (orig_pktlen && pktlen < 19)
3649 log_error ("packet(%d) too short\n", pkttype);
3651 es_fputs (":aead encrypted packet: [too short]\n", listfp);
3652 rc = gpg_error (GPG_ERR_INV_PACKET);
3653 iobuf_skip_rest (inp, pktlen, partial);
3657 version = iobuf_get_noeof (inp);
3662 log_error ("aead encrypted packet with unknown version %d\n",
3665 es_fputs (":aead encrypted packet: [unknown version]\n", listfp);
3666 /*skip_rest(inp, pktlen); should we really do this? */
3667 rc = gpg_error (GPG_ERR_INV_PACKET);
3671 ed->cipher_algo = iobuf_get_noeof (inp);
3674 ed->aead_algo = iobuf_get_noeof (inp);
3677 ed->chunkbyte = iobuf_get_noeof (inp);
3681 /* Store the remaining length of the encrypted data. We read the
3682 * rest during decryption. */
3687 es_fprintf (listfp, ":aead encrypted packet: cipher=%u aead=%u cb=%u\n",
3688 ed->cipher_algo, ed->aead_algo, ed->chunkbyte);
3690 es_fprintf (listfp, "\tlength: %lu\n", orig_pktlen);
3692 es_fprintf (listfp, "\tlength: unknown\n");
3703 * This packet is internally generated by us (in armor.c) to transfer
3704 * some information to the lower layer. To make sure that this packet
3705 * is really a GPG faked one and not one coming from outside, we
3706 * first check that there is a unique tag in it.
3708 * The format of such a control packet is:
3709 * n byte session marker
3710 * 1 byte control type CTRLPKT_xxxxx
3711 * m byte control data
3714 parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
3715 PACKET * packet, int partial)
3718 const byte *sesmark;
3725 es_fprintf (listfp, ":packet 63: length %lu ", pktlen);
3727 sesmark = get_session_marker (&sesmarklen);
3728 if (pktlen < sesmarklen + 1) /* 1 is for the control bytes */
3730 for (i = 0; i < sesmarklen; i++, pktlen--)
3732 if (sesmark[i] != iobuf_get_noeof (inp))
3736 goto skipit; /* Definitely too large. We skip it to avoid an
3737 overflow in the malloc. */
3739 es_fputs ("- gpg control packet", listfp);
3741 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
3743 packet->pkt.gpg_control->control = iobuf_get_noeof (inp);
3745 packet->pkt.gpg_control->datalen = pktlen;
3746 p = packet->pkt.gpg_control->data;
3747 for (; pktlen; pktlen--, p++)
3748 *p = iobuf_get_noeof (inp);
3758 es_fprintf (listfp, "- private (rest length %lu)\n", pktlen);
3761 while ((c = iobuf_get (inp)) != -1)
3762 dump_hex_line (c, &i);
3766 for (; pktlen; pktlen--)
3768 dump_hex_line ((c = iobuf_get (inp)), &i);
3773 es_putc ('\n', listfp);
3775 iobuf_skip_rest (inp, pktlen, 0);
3776 return gpg_error (GPG_ERR_INV_PACKET);
3780 /* Create a GPG control packet to be used internally as a placeholder. */
3782 create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
3790 packet = xmalloc (sizeof *packet);
3791 init_packet (packet);
3792 packet->pkttype = PKT_GPG_CONTROL;
3793 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control + datalen);
3794 packet->pkt.gpg_control->control = type;
3795 packet->pkt.gpg_control->datalen = datalen;
3796 p = packet->pkt.gpg_control->data;
3797 for (; datalen; datalen--, p++)