LCOV - code coverage report
Current view: top level - g10 - parse-packet.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 837 1532 54.6 %
Date: 2016-11-29 15:00:56 Functions: 30 42 71.4 %

          Line data    Source code
       1             : /* parse-packet.c  - read packets
       2             :  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
       3             :  *               2007, 2009, 2010 Free Software Foundation, Inc.
       4             :  * Copyright (C) 2014 Werner Koch
       5             :  * Copyright (C) 2015 g10 Code GmbH
       6             :  *
       7             :  * This file is part of GnuPG.
       8             :  *
       9             :  * GnuPG is free software; you can redistribute it and/or modify
      10             :  * it under the terms of the GNU General Public License as published by
      11             :  * the Free Software Foundation; either version 3 of the License, or
      12             :  * (at your option) any later version.
      13             :  *
      14             :  * GnuPG is distributed in the hope that it will be useful,
      15             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :  * GNU General Public License for more details.
      18             :  *
      19             :  * You should have received a copy of the GNU General Public License
      20             :  * along with this program; if not, see <https://www.gnu.org/licenses/>.
      21             :  */
      22             : 
      23             : #include <config.h>
      24             : #include <stdio.h>
      25             : #include <stdlib.h>
      26             : #include <string.h>
      27             : 
      28             : #include "gpg.h"
      29             : #include "util.h"
      30             : #include "packet.h"
      31             : #include "iobuf.h"
      32             : #include "filter.h"
      33             : #include "photoid.h"
      34             : #include "options.h"
      35             : #include "main.h"
      36             : #include "i18n.h"
      37             : #include "host2net.h"
      38             : 
      39             : 
      40             : /* Maximum length of packets to avoid excessive memory allocation.  */
      41             : #define MAX_KEY_PACKET_LENGTH     (256 * 1024)
      42             : #define MAX_UID_PACKET_LENGTH     (  2 * 1024)
      43             : #define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024)
      44             : #define MAX_ATTR_PACKET_LENGTH    ( 16 * 1024*1024)
      45             : 
      46             : 
      47             : static int mpi_print_mode;
      48             : static int list_mode;
      49             : static estream_t listfp;
      50             : 
      51             : static int parse (IOBUF inp, PACKET * pkt, int onlykeypkts,
      52             :                   off_t * retpos, int *skip, IOBUF out, int do_skip
      53             : #ifdef DEBUG_PARSE_PACKET
      54             :                   , const char *dbg_w, const char *dbg_f, int dbg_l
      55             : #endif
      56             :   );
      57             : static int copy_packet (IOBUF inp, IOBUF out, int pkttype,
      58             :                         unsigned long pktlen, int partial);
      59             : static void skip_packet (IOBUF inp, int pkttype,
      60             :                          unsigned long pktlen, int partial);
      61             : static void *read_rest (IOBUF inp, size_t pktlen);
      62             : static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen);
      63             : static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
      64             :                             PACKET * packet);
      65             : static int parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
      66             :                             PACKET * packet);
      67             : static int parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
      68             :                               PKT_onepass_sig * ops);
      69             : static int parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
      70             :                       byte * hdr, int hdrlen, PACKET * packet);
      71             : static int parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen,
      72             :                           PACKET * packet);
      73             : static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
      74             :                             PACKET * packet);
      75             : static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen,
      76             :                           PACKET * packet);
      77             : static void parse_trust (IOBUF inp, int pkttype, unsigned long pktlen,
      78             :                          PACKET * packet);
      79             : static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
      80             :                             PACKET * packet, int new_ctb, int partial);
      81             : static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
      82             :                              PACKET * packet, int new_ctb);
      83             : static int parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
      84             :                             PACKET * packet, int new_ctb, int partial);
      85             : static int parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
      86             :                       PACKET * packet, int new_ctb);
      87             : static int parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
      88             :                               PACKET * packet, int partial);
      89             : 
      90             : /* Read a 16-bit value in MSB order (big endian) from an iobuf.  */
      91             : static unsigned short
      92       17449 : read_16 (IOBUF inp)
      93             : {
      94             :   unsigned short a;
      95       17449 :   a = (unsigned short)iobuf_get_noeof (inp) << 8;
      96       17449 :   a |= iobuf_get_noeof (inp);
      97       17449 :   return a;
      98             : }
      99             : 
     100             : 
     101             : /* Read a 32-bit value in MSB order (big endian) from an iobuf.  */
     102             : static unsigned long
     103       10585 : read_32 (IOBUF inp)
     104             : {
     105             :   unsigned long a;
     106       10585 :   a = (unsigned long)iobuf_get_noeof (inp) << 24;
     107       10585 :   a |= iobuf_get_noeof (inp) << 16;
     108       10585 :   a |= iobuf_get_noeof (inp) << 8;
     109       10585 :   a |= iobuf_get_noeof (inp);
     110       10585 :   return a;
     111             : }
     112             : 
     113             : 
     114             : /* Read an external representation of an MPI and return the MPI.  The
     115             :    external format is a 16-bit unsigned value stored in network byte
     116             :    order giving the number of bits for the following integer.  The
     117             :    integer is stored MSB first and is left padded with zero bits to
     118             :    align on a byte boundary.
     119             : 
     120             :    The caller must set *RET_NREAD to the maximum number of bytes to
     121             :    read from the pipeline INP.  This function sets *RET_NREAD to be
     122             :    the number of bytes actually read from the pipeline.
     123             : 
     124             :    If SECURE is true, the integer is stored in secure memory
     125             :    (allocated using gcry_xmalloc_secure).  */
     126             : static gcry_mpi_t
     127       37130 : mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
     128             : {
     129             :   int c, c1, c2, i;
     130       37130 :   unsigned int nmax = *ret_nread;
     131             :   unsigned int nbits, nbytes;
     132       37130 :   size_t nread = 0;
     133       37130 :   gcry_mpi_t a = NULL;
     134       37130 :   byte *buf = NULL;
     135             :   byte *p;
     136             : 
     137       37130 :   if (!nmax)
     138           0 :     goto overflow;
     139             : 
     140       37130 :   if ((c = c1 = iobuf_get (inp)) == -1)
     141           0 :     goto leave;
     142       37130 :   if (++nread == nmax)
     143           0 :     goto overflow;
     144       37130 :   nbits = c << 8;
     145       37130 :   if ((c = c2 = iobuf_get (inp)) == -1)
     146           0 :     goto leave;
     147       37130 :   ++nread;
     148       37130 :   nbits |= c;
     149       37130 :   if (nbits > MAX_EXTERN_MPI_BITS)
     150             :     {
     151           0 :       log_error ("mpi too large (%u bits)\n", nbits);
     152           0 :       goto leave;
     153             :     }
     154             : 
     155       37130 :   nbytes = (nbits + 7) / 8;
     156       37130 :   buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
     157       37130 :   p = buf;
     158       37130 :   p[0] = c1;
     159       37130 :   p[1] = c2;
     160     3030197 :   for (i = 0; i < nbytes; i++)
     161             :     {
     162     2993067 :       if (nread == nmax)
     163           0 :         goto overflow;
     164             : 
     165     2993067 :       c = iobuf_get (inp);
     166     2993067 :       if (c == -1)
     167           0 :         goto leave;
     168             : 
     169     2993067 :       p[i + 2] = c;
     170     2993067 :       nread ++;
     171             :     }
     172             : 
     173       37130 :   if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
     174           0 :     a = NULL;
     175             : 
     176       37130 :   *ret_nread = nread;
     177       37130 :   gcry_free(buf);
     178       37130 :   return a;
     179             : 
     180             :  overflow:
     181           0 :   log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
     182             :  leave:
     183           0 :   *ret_nread = nread;
     184           0 :   gcry_free(buf);
     185           0 :   return a;
     186             : }
     187             : 
     188             : 
     189             : int
     190        6963 : set_packet_list_mode (int mode)
     191             : {
     192        6963 :   int old = list_mode;
     193        6963 :   list_mode = mode;
     194             : 
     195             :   /* We use stdout only if invoked by the --list-packets command
     196             :      but switch to stderr in all other cases.  This breaks the
     197             :      previous behaviour but that seems to be more of a bug than
     198             :      intentional.  I don't believe that any application makes use of
     199             :      this long standing annoying way of printing to stdout except when
     200             :      doing a --list-packets. If this assumption fails, it will be easy
     201             :      to add an option for the listing stream.  Note that we initialize
     202             :      it only once; mainly because there is code which switches
     203             :      opt.list_mode back to 1 and we want to have all output to the
     204             :      same stream.  The MPI_PRINT_MODE will be enabled if the
     205             :      corresponding debug flag is set or if we are in --list-packets
     206             :      and --verbose is given.
     207             : 
     208             :      Using stderr is not actually very clean because it bypasses the
     209             :      logging code but it is a special thing anyway.  I am not sure
     210             :      whether using log_stream() would be better.  Perhaps we should
     211             :      enable the list mode only with a special option. */
     212        6963 :   if (!listfp)
     213             :     {
     214        1013 :       if (opt.list_packets)
     215             :         {
     216          13 :           listfp = es_stdout;
     217          13 :           if (opt.verbose)
     218           0 :             mpi_print_mode = 1;
     219             :         }
     220             :       else
     221        1000 :         listfp = es_stderr;
     222             : 
     223        1013 :       if (DBG_MPI)
     224           0 :         mpi_print_mode = 1;
     225             :     }
     226        6963 :   return old;
     227             : }
     228             : 
     229             : 
     230             : /* If OPT.VERBOSE is set, print a warning that the algorithm ALGO is
     231             :    not suitable for signing and encryption.  */
     232             : static void
     233           0 : unknown_pubkey_warning (int algo)
     234             : {
     235             :   static byte unknown_pubkey_algos[256];
     236             : 
     237             :   /* First check whether the algorithm is usable but not suitable for
     238             :      encryption/signing.  */
     239           0 :   if (pubkey_get_npkey (algo))
     240             :     {
     241           0 :       if (opt.verbose)
     242             :         {
     243           0 :           if (!pubkey_get_nsig (algo))
     244           0 :             log_info ("public key algorithm %s not suitable for %s\n",
     245             :                       openpgp_pk_algo_name (algo), "signing");
     246           0 :           if (!pubkey_get_nenc (algo))
     247           0 :             log_info ("public key algorithm %s not suitable for %s\n",
     248             :                       openpgp_pk_algo_name (algo), "encryption");
     249             :         }
     250             :     }
     251             :   else
     252             :     {
     253           0 :       algo &= 0xff;
     254           0 :       if (!unknown_pubkey_algos[algo])
     255             :         {
     256           0 :           if (opt.verbose)
     257           0 :             log_info (_("can't handle public key algorithm %d\n"), algo);
     258           0 :           unknown_pubkey_algos[algo] = 1;
     259             :         }
     260             :     }
     261           0 : }
     262             : 
     263             : 
     264             : #ifdef DEBUG_PARSE_PACKET
     265             : int
     266       27654 : dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l)
     267             : {
     268             :   int skip, rc;
     269             : 
     270             :   do
     271             :     {
     272       27654 :       rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l);
     273             :     }
     274       27654 :   while (skip && ! rc);
     275       27654 :   return rc;
     276             : }
     277             : #else /*!DEBUG_PARSE_PACKET*/
     278             : int
     279             : parse_packet (IOBUF inp, PACKET * pkt)
     280             : {
     281             :   int skip, rc;
     282             : 
     283             :   do
     284             :     {
     285             :       rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0);
     286             :     }
     287             :   while (skip && ! rc);
     288             :   return rc;
     289             : }
     290             : #endif /*!DEBUG_PARSE_PACKET*/
     291             : 
     292             : 
     293             : /*
     294             :  * Like parse packet, but only return secret or public (sub)key
     295             :  * packets.
     296             :  */
     297             : #ifdef DEBUG_PARSE_PACKET
     298             : int
     299         766 : dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid,
     300             :                    const char *dbg_f, int dbg_l)
     301             : {
     302             :   int skip, rc;
     303             : 
     304             :   do
     305             :     {
     306         766 :       rc =
     307         766 :         parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search",
     308             :                dbg_f, dbg_l);
     309             :     }
     310         766 :   while (skip && ! rc);
     311         173 :   return rc;
     312             : }
     313             : #else /*!DEBUG_PARSE_PACKET*/
     314             : int
     315             : search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid)
     316             : {
     317             :   int skip, rc;
     318             : 
     319             :   do
     320             :     {
     321             :       rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0);
     322             :     }
     323             :   while (skip && ! rc);
     324             :   return rc;
     325             : }
     326             : #endif /*!DEBUG_PARSE_PACKET*/
     327             : 
     328             : 
     329             : /*
     330             :  * Copy all packets from INP to OUT, thereby removing unused spaces.
     331             :  */
     332             : #ifdef DEBUG_PARSE_PACKET
     333             : int
     334           1 : dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l)
     335             : {
     336             :   PACKET pkt;
     337           1 :   int skip, rc = 0;
     338             : 
     339           1 :   if (! out)
     340           0 :     log_bug ("copy_all_packets: OUT may not be NULL.\n");
     341             : 
     342             :   do
     343             :     {
     344           1 :       init_packet (&pkt);
     345             :     }
     346             :   while (!
     347             :          (rc =
     348           1 :           parse (inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l)));
     349           1 :   return rc;
     350             : }
     351             : #else /*!DEBUG_PARSE_PACKET*/
     352             : int
     353             : copy_all_packets (IOBUF inp, IOBUF out)
     354             : {
     355             :   PACKET pkt;
     356             :   int skip, rc = 0;
     357             : 
     358             :   if (! out)
     359             :     log_bug ("copy_all_packets: OUT may not be NULL.\n");
     360             : 
     361             :   do
     362             :     {
     363             :       init_packet (&pkt);
     364             :     }
     365             :   while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
     366             :   return rc;
     367             : }
     368             : #endif /*!DEBUG_PARSE_PACKET*/
     369             : 
     370             : 
     371             : /*
     372             :  * Copy some packets from INP to OUT, thereby removing unused spaces.
     373             :  * Stop at offset STOPoff (i.e. don't copy packets at this or later
     374             :  * offsets)
     375             :  */
     376             : #ifdef DEBUG_PARSE_PACKET
     377             : int
     378           0 : dbg_copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff,
     379             :                        const char *dbg_f, int dbg_l)
     380             : {
     381             :   PACKET pkt;
     382           0 :   int skip, rc = 0;
     383             :   do
     384             :     {
     385           0 :       if (iobuf_tell (inp) >= stopoff)
     386           0 :         return 0;
     387           0 :       init_packet (&pkt);
     388             :     }
     389             :   while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0,
     390           0 :                        "some", dbg_f, dbg_l)));
     391           0 :   return rc;
     392             : }
     393             : #else /*!DEBUG_PARSE_PACKET*/
     394             : int
     395             : copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff)
     396             : {
     397             :   PACKET pkt;
     398             :   int skip, rc = 0;
     399             :   do
     400             :     {
     401             :       if (iobuf_tell (inp) >= stopoff)
     402             :         return 0;
     403             :       init_packet (&pkt);
     404             :     }
     405             :   while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
     406             :   return rc;
     407             : }
     408             : #endif /*!DEBUG_PARSE_PACKET*/
     409             : 
     410             : 
     411             : /*
     412             :  * Skip over N packets
     413             :  */
     414             : #ifdef DEBUG_PARSE_PACKET
     415             : int
     416           0 : dbg_skip_some_packets (IOBUF inp, unsigned n, const char *dbg_f, int dbg_l)
     417             : {
     418           0 :   int skip, rc = 0;
     419             :   PACKET pkt;
     420             : 
     421           0 :   for (; n && !rc; n--)
     422             :     {
     423           0 :       init_packet (&pkt);
     424           0 :       rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l);
     425             :     }
     426           0 :   return rc;
     427             : }
     428             : #else /*!DEBUG_PARSE_PACKET*/
     429             : int
     430             : skip_some_packets (IOBUF inp, unsigned n)
     431             : {
     432             :   int skip, rc = 0;
     433             :   PACKET pkt;
     434             : 
     435             :   for (; n && !rc; n--)
     436             :     {
     437             :       init_packet (&pkt);
     438             :       rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1);
     439             :     }
     440             :   return rc;
     441             : }
     442             : #endif /*!DEBUG_PARSE_PACKET*/
     443             : 
     444             : 
     445             : /* Parse a packet and save it in *PKT.
     446             : 
     447             :    If OUT is not NULL and the packet is valid (its type is not 0),
     448             :    then the header, the initial length field and the packet's contents
     449             :    are written to OUT.  In this case, the packet is not saved in *PKT.
     450             : 
     451             :    ONLYKEYPKTS is a simple packet filter.  If ONLYKEYPKTS is set to 1,
     452             :    then only public subkey packets, public key packets, private subkey
     453             :    packets and private key packets are parsed.  The rest are skipped
     454             :    (i.e., the header and the contents are read from the pipeline and
     455             :    discarded).  If ONLYKEYPKTS is set to 2, then in addition to the
     456             :    above 4 types of packets, user id packets are also accepted.
     457             : 
     458             :    DO_SKIP is a more coarse grained filter.  Unless ONLYKEYPKTS is set
     459             :    to 2 and the packet is a user id packet, all packets are skipped.
     460             : 
     461             :    Finally, if a packet is invalid (it's type is 0), it is skipped.
     462             : 
     463             :    If a packet is skipped and SKIP is not NULL, then *SKIP is set to
     464             :    1.
     465             : 
     466             :    Note: ONLYKEYPKTS and DO_SKIP are only respected if OUT is NULL,
     467             :    i.e., the packets are not simply being copied.
     468             : 
     469             :    If RETPOS is not NULL, then the position of INP (as returned by
     470             :    iobuf_tell) is saved there before any data is read from INP.
     471             :   */
     472             : static int
     473       28421 : parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
     474             :        int *skip, IOBUF out, int do_skip
     475             : #ifdef DEBUG_PARSE_PACKET
     476             :        , const char *dbg_w, const char *dbg_f, int dbg_l
     477             : #endif
     478             :        )
     479             : {
     480       28421 :   int rc = 0, c, ctb, pkttype, lenbytes;
     481             :   unsigned long pktlen;
     482             :   byte hdr[8];
     483             :   int hdrlen;
     484       28421 :   int new_ctb = 0, partial = 0;
     485       28421 :   int with_uid = (onlykeypkts == 2);
     486             :   off_t pos;
     487             : 
     488       28421 :   *skip = 0;
     489       28421 :   log_assert (!pkt->pkt.generic);
     490       28421 :   if (retpos || list_mode)
     491             :     {
     492         848 :       pos = iobuf_tell (inp);
     493        1696 :       if (retpos)
     494         766 :         *retpos = pos;
     495             :     }
     496             :   else
     497       27573 :     pos = 0; /* (silence compiler warning) */
     498             : 
     499             :   /* The first byte of a packet is the so-called tag.  The highest bit
     500             :      must be set.  */
     501       28421 :   if ((ctb = iobuf_get (inp)) == -1)
     502             :     {
     503        4742 :       rc = -1;
     504        4742 :       goto leave;
     505             :     }
     506       23679 :   hdrlen = 0;
     507       23679 :   hdr[hdrlen++] = ctb;
     508             : 
     509       23679 :   if (!(ctb & 0x80))
     510             :     {
     511           1 :       log_error ("%s: invalid packet (ctb=%02x)\n", iobuf_where (inp), ctb);
     512           1 :       rc = gpg_error (GPG_ERR_INV_PACKET);
     513           1 :       goto leave;
     514             :     }
     515             : 
     516             :   /* Immediately following the header is the length.  There are two
     517             :      formats: the old format and the new format.  If bit 6 (where the
     518             :      least significant bit is bit 0) is set in the tag, then we are
     519             :      dealing with a new format packet.  Otherwise, it is an old format
     520             :      packet.  */
     521       23678 :   pktlen = 0;
     522       23678 :   new_ctb = !!(ctb & 0x40);
     523       23678 :   if (new_ctb)
     524             :     {
     525             :       /* Get the packet's type.  This is encoded in the 6 least
     526             :          significant bits of the tag.  */
     527         450 :       pkttype = ctb & 0x3f;
     528             : 
     529             :       /* Extract the packet's length.  New format packets have 4 ways
     530             :          to encode the packet length.  The value of the first byte
     531             :          determines the encoding and partially determines the length.
     532             :          See section 4.2.2 of RFC 4880 for details.  */
     533         450 :       if ((c = iobuf_get (inp)) == -1)
     534             :         {
     535           0 :           log_error ("%s: 1st length byte missing\n", iobuf_where (inp));
     536           0 :           rc = gpg_error (GPG_ERR_INV_PACKET);
     537           0 :           goto leave;
     538             :         }
     539             : 
     540             : 
     541         450 :       hdr[hdrlen++] = c;
     542         450 :       if (c < 192)
     543         125 :         pktlen = c;
     544         325 :       else if (c < 224)
     545             :         {
     546          10 :           pktlen = (c - 192) * 256;
     547          10 :           if ((c = iobuf_get (inp)) == -1)
     548             :             {
     549           0 :               log_error ("%s: 2nd length byte missing\n",
     550             :                          iobuf_where (inp));
     551           0 :               rc = gpg_error (GPG_ERR_INV_PACKET);
     552           0 :               goto leave;
     553             :             }
     554          10 :           hdr[hdrlen++] = c;
     555          10 :           pktlen += c + 192;
     556             :         }
     557         315 :       else if (c == 255)
     558             :         {
     559             :           int i;
     560             :           char value[4];
     561             : 
     562           0 :           for (i = 0; i < 4; i ++)
     563             :             {
     564           0 :               if ((c = iobuf_get (inp)) == -1)
     565             :                 {
     566           0 :                   log_error ("%s: 4 byte length invalid\n", iobuf_where (inp));
     567           0 :                   rc = gpg_error (GPG_ERR_INV_PACKET);
     568           0 :                   goto leave;
     569             :                 }
     570           0 :               value[i] = hdr[hdrlen++] = c;
     571             :             }
     572             : 
     573           0 :           pktlen = buf32_to_ulong (value);
     574             :         }
     575             :       else /* Partial body length.  */
     576             :         {
     577         315 :           switch (pkttype)
     578             :             {
     579             :             case PKT_PLAINTEXT:
     580             :             case PKT_ENCRYPTED:
     581             :             case PKT_ENCRYPTED_MDC:
     582             :             case PKT_COMPRESSED:
     583         315 :               iobuf_set_partial_body_length_mode (inp, c & 0xff);
     584         315 :               pktlen = 0;       /* To indicate partial length.  */
     585         315 :               partial = 1;
     586         315 :               break;
     587             : 
     588             :             default:
     589           0 :               log_error ("%s: partial length invalid for"
     590             :                          " packet type %d\n", iobuf_where (inp), pkttype);
     591           0 :               rc = gpg_error (GPG_ERR_INV_PACKET);
     592           0 :               goto leave;
     593             :             }
     594             :         }
     595             : 
     596             :     }
     597             :   else
     598             :     /* This is an old format packet.  */
     599             :     {
     600             :       /* Extract the packet's type.  This is encoded in bits 2-5.  */
     601       23228 :       pkttype = (ctb >> 2) & 0xf;
     602             : 
     603             :       /* The type of length encoding is encoded in bits 0-1 of the
     604             :          tag.  */
     605       23228 :       lenbytes = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
     606       23228 :       if (!lenbytes)
     607             :         {
     608         418 :           pktlen = 0;   /* Don't know the value.  */
     609             :           /* This isn't really partial, but we can treat it the same
     610             :              in a "read until the end" sort of way.  */
     611         418 :           partial = 1;
     612         418 :           if (pkttype != PKT_ENCRYPTED && pkttype != PKT_PLAINTEXT
     613         418 :               && pkttype != PKT_COMPRESSED)
     614             :             {
     615           0 :               log_error ("%s: indeterminate length for invalid"
     616             :                          " packet type %d\n", iobuf_where (inp), pkttype);
     617           0 :               rc = gpg_error (GPG_ERR_INV_PACKET);
     618           0 :               goto leave;
     619             :             }
     620             :         }
     621             :       else
     622             :         {
     623       54046 :           for (; lenbytes; lenbytes--)
     624             :             {
     625       31236 :               pktlen <<= 8;
     626       31236 :               c = iobuf_get (inp);
     627       31236 :               if (c == -1)
     628             :                 {
     629           0 :                   log_error ("%s: length invalid\n", iobuf_where (inp));
     630           0 :                   rc = gpg_error (GPG_ERR_INV_PACKET);
     631           0 :                   goto leave;
     632             :                 }
     633       31236 :               pktlen |= hdr[hdrlen++] = c;
     634             :             }
     635             :         }
     636             :     }
     637             : 
     638             :   /* Sometimes the decompressing layer enters an error state in which
     639             :      it simply outputs 0xff for every byte read.  If we have a stream
     640             :      of 0xff bytes, then it will be detected as a new format packet
     641             :      with type 63 and a 4-byte encoded length that is 4G-1.  Since
     642             :      packets with type 63 are private and we use them as a control
     643             :      packet, which won't be 4 GB, we reject such packets as
     644             :      invalid.  */
     645       23678 :   if (pkttype == 63 && pktlen == 0xFFFFFFFF)
     646             :     {
     647             :       /* With some probability this is caused by a problem in the
     648             :        * the uncompressing layer - in some error cases it just loops
     649             :        * and spits out 0xff bytes. */
     650           0 :       log_error ("%s: garbled packet detected\n", iobuf_where (inp));
     651           0 :       g10_exit (2);
     652             :     }
     653             : 
     654       23678 :   if (out && pkttype)
     655             :     {
     656             :       /* This type of copying won't work if the packet uses a partial
     657             :          body length.  (In other words, this only works if HDR is
     658             :          actually the length.)  Currently, no callers require this
     659             :          functionality so we just log this as an error.  */
     660           0 :       if (partial)
     661             :         {
     662           0 :           log_error ("parse: Can't copy partial packet.  Aborting.\n");
     663           0 :           rc = gpg_error (GPG_ERR_INV_PACKET);
     664           0 :           goto leave;
     665             :         }
     666             : 
     667           0 :       rc = iobuf_write (out, hdr, hdrlen);
     668           0 :       if (!rc)
     669           0 :         rc = copy_packet (inp, out, pkttype, pktlen, partial);
     670           0 :       goto leave;
     671             :     }
     672             : 
     673       23678 :   if (with_uid && pkttype == PKT_USER_ID)
     674             :     /* If ONLYKEYPKTS is set to 2, then we never skip user id packets,
     675             :        even if DO_SKIP is set.  */
     676             :     ;
     677       23675 :   else if (do_skip
     678             :            /* type==0 is not allowed.  This is an invalid packet.  */
     679       23675 :            || !pkttype
     680             :            /* When ONLYKEYPKTS is set, we don't skip keys.  */
     681       23675 :            || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
     682         691 :                && pkttype != PKT_PUBLIC_KEY
     683         593 :                && pkttype != PKT_SECRET_SUBKEY && pkttype != PKT_SECRET_KEY))
     684             :     {
     685         593 :       iobuf_skip_rest (inp, pktlen, partial);
     686         593 :       *skip = 1;
     687         593 :       rc = 0;
     688         593 :       goto leave;
     689             :     }
     690             : 
     691       23085 :   if (DBG_PACKET)
     692             :     {
     693             : #ifdef DEBUG_PARSE_PACKET
     694           0 :       log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
     695             :                  iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "",
     696             :                  dbg_w, dbg_f, dbg_l);
     697             : #else
     698             :       log_debug ("parse_packet(iob=%d): type=%d length=%lu%s\n",
     699             :                  iobuf_id (inp), pkttype, pktlen,
     700             :                  new_ctb ? " (new_ctb)" : "");
     701             : #endif
     702             :     }
     703             : 
     704       23085 :   if (list_mode)
     705          63 :     es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
     706             :                 (unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
     707           6 :                 partial? (new_ctb ? " partial" : " indeterminate") :"",
     708             :                 new_ctb? " new-ctb":"");
     709             : 
     710       23085 :   pkt->pkttype = pkttype;
     711       23085 :   rc = GPG_ERR_UNKNOWN_PACKET;  /* default error */
     712       23085 :   switch (pkttype)
     713             :     {
     714             :     case PKT_PUBLIC_KEY:
     715             :     case PKT_PUBLIC_SUBKEY:
     716             :     case PKT_SECRET_KEY:
     717             :     case PKT_SECRET_SUBKEY:
     718        7295 :       pkt->pkt.public_key = xmalloc_clear (sizeof *pkt->pkt.public_key);
     719        7295 :       rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
     720        7295 :       break;
     721             :     case PKT_SYMKEY_ENC:
     722          59 :       rc = parse_symkeyenc (inp, pkttype, pktlen, pkt);
     723          59 :       break;
     724             :     case PKT_PUBKEY_ENC:
     725         271 :       rc = parse_pubkeyenc (inp, pkttype, pktlen, pkt);
     726         271 :       break;
     727             :     case PKT_SIGNATURE:
     728        9255 :       pkt->pkt.signature = xmalloc_clear (sizeof *pkt->pkt.signature);
     729        9255 :       rc = parse_signature (inp, pkttype, pktlen, pkt->pkt.signature);
     730        9255 :       break;
     731             :     case PKT_ONEPASS_SIG:
     732         155 :       pkt->pkt.onepass_sig = xmalloc_clear (sizeof *pkt->pkt.onepass_sig);
     733         155 :       rc = parse_onepass_sig (inp, pkttype, pktlen, pkt->pkt.onepass_sig);
     734         155 :       break;
     735             :     case PKT_USER_ID:
     736        4408 :       rc = parse_user_id (inp, pkttype, pktlen, pkt);
     737        4408 :       break;
     738             :     case PKT_ATTRIBUTE:
     739           0 :       pkt->pkttype = pkttype = PKT_USER_ID;  /* we store it in the userID */
     740           0 :       rc = parse_attribute (inp, pkttype, pktlen, pkt);
     741           0 :       break;
     742             :     case PKT_OLD_COMMENT:
     743             :     case PKT_COMMENT:
     744           0 :       rc = parse_comment (inp, pkttype, pktlen, pkt);
     745           0 :       break;
     746             :     case PKT_RING_TRUST:
     747         412 :       parse_trust (inp, pkttype, pktlen, pkt);
     748         412 :       rc = 0;
     749         412 :       break;
     750             :     case PKT_PLAINTEXT:
     751         463 :       rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial);
     752         463 :       break;
     753             :     case PKT_COMPRESSED:
     754         424 :       rc = parse_compressed (inp, pkttype, pktlen, pkt, new_ctb);
     755         424 :       break;
     756             :     case PKT_ENCRYPTED:
     757             :     case PKT_ENCRYPTED_MDC:
     758         319 :       rc = parse_encrypted (inp, pkttype, pktlen, pkt, new_ctb, partial);
     759         319 :       break;
     760             :     case PKT_MDC:
     761           0 :       rc = parse_mdc (inp, pkttype, pktlen, pkt, new_ctb);
     762           0 :       break;
     763             :     case PKT_GPG_CONTROL:
     764          17 :       rc = parse_gpg_control (inp, pkttype, pktlen, pkt, partial);
     765          17 :       break;
     766             :     case PKT_MARKER:
     767           7 :       rc = parse_marker (inp, pkttype, pktlen);
     768           7 :       break;
     769             :     default:
     770             :       /* Unknown packet.  Skip it.  */
     771           0 :       skip_packet (inp, pkttype, pktlen, partial);
     772           0 :       break;
     773             :     }
     774             : 
     775             :  leave:
     776             :   /* FIXME: We leak in case of an error (see the xmalloc's above).  */
     777       28421 :   if (!rc && iobuf_error (inp))
     778           0 :     rc = GPG_ERR_INV_KEYRING;
     779             : 
     780             :   /* FIXME: We use only the error code for now to avoid problems with
     781             :      callers which have not been checked to always use gpg_err_code()
     782             :      when comparing error codes.  */
     783       28421 :   return rc == -1? -1 : gpg_err_code (rc);
     784             : }
     785             : 
     786             : 
     787             : static void
     788           0 : dump_hex_line (int c, int *i)
     789             : {
     790           0 :   if (*i && !(*i % 8))
     791             :     {
     792           0 :       if (*i && !(*i % 24))
     793           0 :         es_fprintf (listfp, "\n%4d:", *i);
     794             :       else
     795           0 :         es_putc (' ', listfp);
     796             :     }
     797           0 :   if (c == -1)
     798           0 :     es_fprintf (listfp, " EOF");
     799             :   else
     800           0 :     es_fprintf (listfp, " %02x", c);
     801           0 :   ++*i;
     802           0 : }
     803             : 
     804             : 
     805             : /* Copy the contents of a packet from the pipeline IN to the pipeline
     806             :    OUT.
     807             : 
     808             :    The header and length have already been read from INP and the
     809             :    decoded values are given as PKGTYPE and PKTLEN.
     810             : 
     811             :    If the packet is a partial body length packet (RFC 4880, Section
     812             :    4.2.2.4), then iobuf_set_partial_block_modeiobuf_set_partial_block_mode
     813             :    should already have been called on INP and PARTIAL should be set.
     814             : 
     815             :    If PARTIAL is set or PKTLEN is 0 and PKTTYPE is PKT_COMPRESSED,
     816             :    copy until the first EOF is encountered on INP.
     817             : 
     818             :    Returns 0 on success and an error code if an error occurs.  */
     819             : static int
     820           0 : copy_packet (IOBUF inp, IOBUF out, int pkttype,
     821             :              unsigned long pktlen, int partial)
     822             : {
     823             :   int rc;
     824             :   int n;
     825             :   char buf[100];
     826             : 
     827           0 :   if (partial)
     828             :     {
     829           0 :       while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
     830           0 :         if ((rc = iobuf_write (out, buf, n)))
     831           0 :           return rc;            /* write error */
     832             :     }
     833           0 :   else if (!pktlen && pkttype == PKT_COMPRESSED)
     834             :     {
     835           0 :       log_debug ("copy_packet: compressed!\n");
     836             :       /* compressed packet, copy till EOF */
     837           0 :       while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
     838           0 :         if ((rc = iobuf_write (out, buf, n)))
     839           0 :           return rc;            /* write error */
     840             :     }
     841             :   else
     842             :     {
     843           0 :       for (; pktlen; pktlen -= n)
     844             :         {
     845           0 :           n = pktlen > sizeof (buf) ? sizeof (buf) : pktlen;
     846           0 :           n = iobuf_read (inp, buf, n);
     847           0 :           if (n == -1)
     848           0 :             return gpg_error (GPG_ERR_EOF);
     849           0 :           if ((rc = iobuf_write (out, buf, n)))
     850           0 :             return rc;          /* write error */
     851             :         }
     852             :     }
     853           0 :   return 0;
     854             : }
     855             : 
     856             : 
     857             : /* Skip an unknown packet.  PKTTYPE is the packet's type, PKTLEN is
     858             :    the length of the packet's content and PARTIAL is whether partial
     859             :    body length encoding in used (in this case PKTLEN is ignored).  */
     860             : static void
     861           0 : skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial)
     862             : {
     863           0 :   if (list_mode)
     864             :     {
     865           0 :       es_fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
     866             :                   pkttype, pktlen);
     867           0 :       if (pkttype)
     868             :         {
     869           0 :           int c, i = 0;
     870           0 :           es_fputs ("dump:", listfp);
     871           0 :           if (partial)
     872             :             {
     873           0 :               while ((c = iobuf_get (inp)) != -1)
     874           0 :                 dump_hex_line (c, &i);
     875             :             }
     876             :           else
     877             :             {
     878           0 :               for (; pktlen; pktlen--)
     879             :                 {
     880           0 :                   dump_hex_line ((c = iobuf_get (inp)), &i);
     881           0 :                   if (c == -1)
     882           0 :                     break;
     883             :                 }
     884             :             }
     885           0 :           es_putc ('\n', listfp);
     886           0 :           return;
     887             :         }
     888             :     }
     889           0 :   iobuf_skip_rest (inp, pktlen, partial);
     890             : }
     891             : 
     892             : 
     893             : /* Read PKTLEN bytes form INP and return them in a newly allocated
     894             :    buffer.  In case of an error (including reading fewer than PKTLEN
     895             :    bytes from INP before EOF is returned), NULL is returned and an
     896             :    error message is logged.  */
     897             : static void *
     898          33 : read_rest (IOBUF inp, size_t pktlen)
     899             : {
     900             :   int c;
     901             :   byte *buf, *p;
     902             : 
     903          33 :   buf = xtrymalloc (pktlen);
     904          33 :   if (!buf)
     905             :     {
     906           0 :       gpg_error_t err = gpg_error_from_syserror ();
     907           0 :       log_error ("error reading rest of packet: %s\n", gpg_strerror (err));
     908           0 :       return NULL;
     909             :     }
     910        4115 :   for (p = buf; pktlen; pktlen--)
     911             :     {
     912        4082 :       c = iobuf_get (inp);
     913        4082 :       if (c == -1)
     914             :         {
     915           0 :           log_error ("premature eof while reading rest of packet\n");
     916           0 :           xfree (buf);
     917           0 :           return NULL;
     918             :         }
     919        4082 :       *p++ = c;
     920             :     }
     921             : 
     922          33 :   return buf;
     923             : }
     924             : 
     925             : 
     926             : /* Read a special size+body from INP.  On success store an opaque MPI
     927             :    with it at R_DATA.  On error return an error code and store NULL at
     928             :    R_DATA.  Even in the error case store the number of read bytes at
     929             :    R_NREAD.  The caller shall pass the remaining size of the packet in
     930             :    PKTLEN.  */
     931             : static gpg_error_t
     932         802 : read_size_body (iobuf_t inp, int pktlen, size_t *r_nread,
     933             :                 gcry_mpi_t *r_data)
     934             : {
     935             :   char buffer[256];
     936             :   char *tmpbuf;
     937             :   int i, c, nbytes;
     938             : 
     939         802 :   *r_nread = 0;
     940         802 :   *r_data = NULL;
     941             : 
     942         802 :   if (!pktlen)
     943           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     944         802 :   c = iobuf_readbyte (inp);
     945         802 :   if (c < 0)
     946           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     947         802 :   pktlen--;
     948         802 :   ++*r_nread;
     949         802 :   nbytes = c;
     950         802 :   if (nbytes < 2 || nbytes > 254)
     951           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     952         802 :   if (nbytes > pktlen)
     953           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     954             : 
     955         802 :   buffer[0] = nbytes;
     956             : 
     957        6044 :   for (i = 0; i < nbytes; i++)
     958             :     {
     959        5242 :       c = iobuf_get (inp);
     960        5242 :       if (c < 0)
     961           0 :         return gpg_error (GPG_ERR_INV_PACKET);
     962        5242 :       ++*r_nread;
     963        5242 :       buffer[1+i] = c;
     964             :     }
     965             : 
     966         802 :   tmpbuf = xtrymalloc (1 + nbytes);
     967         802 :   if (!tmpbuf)
     968           0 :     return gpg_error_from_syserror ();
     969         802 :   memcpy (tmpbuf, buffer, 1 + nbytes);
     970         802 :   *r_data = gcry_mpi_set_opaque (NULL, tmpbuf, 8 * (1 + nbytes));
     971         802 :   if (!*r_data)
     972             :     {
     973           0 :       xfree (tmpbuf);
     974           0 :       return gpg_error_from_syserror ();
     975             :     }
     976         802 :   return 0;
     977             : }
     978             : 
     979             : 
     980             : /* Parse a marker packet.  */
     981             : static int
     982           7 : parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
     983             : {
     984             :   (void) pkttype;
     985             : 
     986           7 :   if (pktlen != 3)
     987           1 :     goto fail;
     988             : 
     989           6 :   if (iobuf_get (inp) != 'P')
     990             :     {
     991           0 :       pktlen--;
     992           0 :       goto fail;
     993             :     }
     994             : 
     995           6 :   if (iobuf_get (inp) != 'G')
     996             :     {
     997           0 :       pktlen--;
     998           0 :       goto fail;
     999             :     }
    1000             : 
    1001           6 :   if (iobuf_get (inp) != 'P')
    1002             :     {
    1003           0 :       pktlen--;
    1004           0 :       goto fail;
    1005             :     }
    1006             : 
    1007           6 :   if (list_mode)
    1008           0 :     es_fputs (":marker packet: PGP\n", listfp);
    1009             : 
    1010           6 :   return 0;
    1011             : 
    1012             :  fail:
    1013           1 :   log_error ("invalid marker packet\n");
    1014           1 :   if (list_mode)
    1015           0 :     es_fputs (":marker packet: [invalid]\n", listfp);
    1016           1 :   iobuf_skip_rest (inp, pktlen, 0);
    1017           1 :   return GPG_ERR_INV_PACKET;
    1018             : }
    1019             : 
    1020             : 
    1021             : static int
    1022          59 : parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
    1023             :                  PACKET * packet)
    1024             : {
    1025             :   PKT_symkey_enc *k;
    1026          59 :   int rc = 0;
    1027             :   int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
    1028             : 
    1029          59 :   if (pktlen < 4)
    1030             :     {
    1031           0 :       log_error ("packet(%d) too short\n", pkttype);
    1032           0 :       if (list_mode)
    1033           0 :         es_fprintf (listfp, ":symkey enc packet: [too short]\n");
    1034           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1035           0 :       goto leave;
    1036             :     }
    1037          59 :   version = iobuf_get_noeof (inp);
    1038          59 :   pktlen--;
    1039          59 :   if (version != 4)
    1040             :     {
    1041           0 :       log_error ("packet(%d) with unknown version %d\n", pkttype, version);
    1042           0 :       if (list_mode)
    1043           0 :         es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
    1044           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1045           0 :       goto leave;
    1046             :     }
    1047          59 :   if (pktlen > 200)
    1048             :     {                           /* (we encode the seskeylen in a byte) */
    1049           0 :       log_error ("packet(%d) too large\n", pkttype);
    1050           0 :       if (list_mode)
    1051           0 :         es_fprintf (listfp, ":symkey enc packet: [too large]\n");
    1052           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1053           0 :       goto leave;
    1054             :     }
    1055          59 :   cipher_algo = iobuf_get_noeof (inp);
    1056          59 :   pktlen--;
    1057          59 :   s2kmode = iobuf_get_noeof (inp);
    1058          59 :   pktlen--;
    1059          59 :   hash_algo = iobuf_get_noeof (inp);
    1060          59 :   pktlen--;
    1061          59 :   switch (s2kmode)
    1062             :     {
    1063             :     case 0: /* Simple S2K.  */
    1064           0 :       minlen = 0;
    1065           0 :       break;
    1066             :     case 1: /* Salted S2K.  */
    1067           0 :       minlen = 8;
    1068           0 :       break;
    1069             :     case 3: /* Iterated+salted S2K.  */
    1070          59 :       minlen = 9;
    1071          59 :       break;
    1072             :     default:
    1073           0 :       log_error ("unknown S2K mode %d\n", s2kmode);
    1074           0 :       if (list_mode)
    1075           0 :         es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
    1076           0 :       goto leave;
    1077             :     }
    1078          59 :   if (minlen > pktlen)
    1079             :     {
    1080           0 :       log_error ("packet with S2K %d too short\n", s2kmode);
    1081           0 :       if (list_mode)
    1082           0 :         es_fprintf (listfp, ":symkey enc packet: [too short]\n");
    1083           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1084           0 :       goto leave;
    1085             :     }
    1086          59 :   seskeylen = pktlen - minlen;
    1087          59 :   k = packet->pkt.symkey_enc = xmalloc_clear (sizeof *packet->pkt.symkey_enc
    1088             :                                               + seskeylen - 1);
    1089          59 :   k->version = version;
    1090          59 :   k->cipher_algo = cipher_algo;
    1091          59 :   k->s2k.mode = s2kmode;
    1092          59 :   k->s2k.hash_algo = hash_algo;
    1093          59 :   if (s2kmode == 1 || s2kmode == 3)
    1094             :     {
    1095         531 :       for (i = 0; i < 8 && pktlen; i++, pktlen--)
    1096         472 :         k->s2k.salt[i] = iobuf_get_noeof (inp);
    1097             :     }
    1098          59 :   if (s2kmode == 3)
    1099             :     {
    1100          59 :       k->s2k.count = iobuf_get (inp);
    1101          59 :       pktlen--;
    1102             :     }
    1103          59 :   k->seskeylen = seskeylen;
    1104          59 :   if (k->seskeylen)
    1105             :     {
    1106          68 :       for (i = 0; i < seskeylen && pktlen; i++, pktlen--)
    1107          66 :         k->seskey[i] = iobuf_get_noeof (inp);
    1108             : 
    1109             :       /* What we're watching out for here is a session key decryptor
    1110             :          with no salt.  The RFC says that using salt for this is a
    1111             :          MUST. */
    1112           2 :       if (s2kmode != 1 && s2kmode != 3)
    1113           0 :         log_info (_("WARNING: potentially insecure symmetrically"
    1114             :                     " encrypted session key\n"));
    1115             :     }
    1116          59 :   log_assert (!pktlen);
    1117             : 
    1118          59 :   if (list_mode)
    1119             :     {
    1120           0 :       es_fprintf (listfp,
    1121             :                   ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
    1122             :                   version, cipher_algo, s2kmode, hash_algo);
    1123           0 :       if (seskeylen)
    1124           0 :         es_fprintf (listfp, ", seskey %d bits", (seskeylen - 1) * 8);
    1125           0 :       es_fprintf (listfp, "\n");
    1126           0 :       if (s2kmode == 1 || s2kmode == 3)
    1127             :         {
    1128           0 :           es_fprintf (listfp, "\tsalt ");
    1129           0 :           es_write_hexstring (listfp, k->s2k.salt, 8, 0, NULL);
    1130           0 :           if (s2kmode == 3)
    1131           0 :             es_fprintf (listfp, ", count %lu (%lu)",
    1132           0 :                         S2K_DECODE_COUNT ((ulong) k->s2k.count),
    1133           0 :                         (ulong) k->s2k.count);
    1134           0 :           es_fprintf (listfp, "\n");
    1135             :         }
    1136             :     }
    1137             : 
    1138             :  leave:
    1139          59 :   iobuf_skip_rest (inp, pktlen, 0);
    1140          59 :   return rc;
    1141             : }
    1142             : 
    1143             : 
    1144             : static int
    1145         271 : parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
    1146             :                  PACKET * packet)
    1147             : {
    1148         271 :   int rc = 0;
    1149             :   int i, ndata;
    1150             :   PKT_pubkey_enc *k;
    1151             : 
    1152         271 :   k = packet->pkt.pubkey_enc = xmalloc_clear (sizeof *packet->pkt.pubkey_enc);
    1153         271 :   if (pktlen < 12)
    1154             :     {
    1155           0 :       log_error ("packet(%d) too short\n", pkttype);
    1156           0 :       if (list_mode)
    1157           0 :         es_fputs (":pubkey enc packet: [too short]\n", listfp);
    1158           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1159           0 :       goto leave;
    1160             :     }
    1161         271 :   k->version = iobuf_get_noeof (inp);
    1162         271 :   pktlen--;
    1163         271 :   if (k->version != 2 && k->version != 3)
    1164             :     {
    1165           0 :       log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
    1166           0 :       if (list_mode)
    1167           0 :         es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
    1168           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1169           0 :       goto leave;
    1170             :     }
    1171         271 :   k->keyid[0] = read_32 (inp);
    1172         271 :   pktlen -= 4;
    1173         271 :   k->keyid[1] = read_32 (inp);
    1174         271 :   pktlen -= 4;
    1175         271 :   k->pubkey_algo = iobuf_get_noeof (inp);
    1176         271 :   pktlen--;
    1177         271 :   k->throw_keyid = 0;  /* Only used as flag for build_packet.  */
    1178         271 :   if (list_mode)
    1179          40 :     es_fprintf (listfp,
    1180             :                 ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
    1181          30 :                 k->version, k->pubkey_algo, (ulong) k->keyid[0],
    1182          10 :                 (ulong) k->keyid[1]);
    1183             : 
    1184         271 :   ndata = pubkey_get_nenc (k->pubkey_algo);
    1185         271 :   if (!ndata)
    1186             :     {
    1187           0 :       if (list_mode)
    1188           0 :         es_fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo);
    1189           0 :       unknown_pubkey_warning (k->pubkey_algo);
    1190           0 :       k->data[0] = NULL; /* No need to store the encrypted data.  */
    1191             :     }
    1192             :   else
    1193             :     {
    1194         804 :       for (i = 0; i < ndata; i++)
    1195             :         {
    1196         533 :           if (k->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
    1197          27 :             {
    1198             :               size_t n;
    1199          27 :               rc = read_size_body (inp, pktlen, &n, k->data+i);
    1200          27 :               pktlen -= n;
    1201             :             }
    1202             :           else
    1203             :             {
    1204         506 :               int n = pktlen;
    1205         506 :               k->data[i] = mpi_read (inp, &n, 0);
    1206         506 :               pktlen -= n;
    1207         506 :               if (!k->data[i])
    1208           0 :                 rc = gpg_error (GPG_ERR_INV_PACKET);
    1209             :             }
    1210         533 :           if (rc)
    1211           0 :             goto leave;
    1212         533 :           if (list_mode)
    1213             :             {
    1214          15 :               es_fprintf (listfp, "\tdata: ");
    1215          15 :               mpi_print (listfp, k->data[i], mpi_print_mode);
    1216          15 :               es_putc ('\n', listfp);
    1217             :             }
    1218             :         }
    1219             :     }
    1220             : 
    1221             :  leave:
    1222         271 :   iobuf_skip_rest (inp, pktlen, 0);
    1223         271 :   return rc;
    1224             : }
    1225             : 
    1226             : 
    1227             : /* Dump a subpacket to LISTFP.  BUFFER contains the subpacket in
    1228             :    question and points to the type field in the subpacket header (not
    1229             :    the start of the header).  TYPE is the subpacket's type with the
    1230             :    critical bit cleared.  CRITICAL is the value of the CRITICAL bit.
    1231             :    BUFLEN is the length of the buffer and LENGTH is the length of the
    1232             :    subpacket according to the subpacket's header.  */
    1233             : static void
    1234          78 : dump_sig_subpkt (int hashed, int type, int critical,
    1235             :                  const byte * buffer, size_t buflen, size_t length)
    1236             : {
    1237          78 :   const char *p = NULL;
    1238             :   int i;
    1239             : 
    1240             :   /* The CERT has warning out with explains how to use GNUPG to detect
    1241             :    * the ARRs - we print our old message here when it is a faked ARR
    1242             :    * and add an additional notice.  */
    1243          78 :   if (type == SIGSUBPKT_ARR && !hashed)
    1244             :     {
    1245           0 :       es_fprintf (listfp,
    1246             :                   "\tsubpkt %d len %u (additional recipient request)\n"
    1247             :                   "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
    1248             :                   "encrypt to this key and thereby reveal the plaintext to "
    1249             :                   "the owner of this ARR key. Detailed info follows:\n",
    1250             :                   type, (unsigned) length);
    1251             :     }
    1252             : 
    1253          78 :   buffer++;
    1254          78 :   length--;
    1255             : 
    1256          78 :   es_fprintf (listfp, "\t%s%ssubpkt %d len %u (",     /*) */
    1257             :               critical ? "critical " : "",
    1258             :               hashed ? "hashed " : "", type, (unsigned) length);
    1259          78 :   if (length > buflen)
    1260             :     {
    1261           0 :       es_fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
    1262          78 :       return;
    1263             :     }
    1264          78 :   switch (type)
    1265             :     {
    1266             :     case SIGSUBPKT_SIG_CREATED:
    1267          13 :       if (length >= 4)
    1268          13 :         es_fprintf (listfp, "sig created %s",
    1269             :                     strtimestamp (buf32_to_u32 (buffer)));
    1270          13 :       break;
    1271             :     case SIGSUBPKT_SIG_EXPIRE:
    1272           0 :       if (length >= 4)
    1273             :         {
    1274           0 :           if (buf32_to_u32 (buffer))
    1275           0 :             es_fprintf (listfp, "sig expires after %s",
    1276             :                         strtimevalue (buf32_to_u32 (buffer)));
    1277             :           else
    1278           0 :             es_fprintf (listfp, "sig does not expire");
    1279             :         }
    1280           0 :       break;
    1281             :     case SIGSUBPKT_EXPORTABLE:
    1282           0 :       if (length)
    1283           0 :         es_fprintf (listfp, "%sexportable", *buffer ? "" : "not ");
    1284           0 :       break;
    1285             :     case SIGSUBPKT_TRUST:
    1286           0 :       if (length != 2)
    1287           0 :         p = "[invalid trust subpacket]";
    1288             :       else
    1289           0 :         es_fprintf (listfp, "trust signature of depth %d, value %d", buffer[0],
    1290           0 :                     buffer[1]);
    1291           0 :       break;
    1292             :     case SIGSUBPKT_REGEXP:
    1293           0 :       if (!length)
    1294           0 :         p = "[invalid regexp subpacket]";
    1295             :       else
    1296             :         {
    1297           0 :           es_fprintf (listfp, "regular expression: \"");
    1298           0 :           es_write_sanitized (listfp, buffer, length, "\"", NULL);
    1299           0 :           p = "\"";
    1300             :         }
    1301           0 :       break;
    1302             :     case SIGSUBPKT_REVOCABLE:
    1303           0 :       if (length)
    1304           0 :         es_fprintf (listfp, "%srevocable", *buffer ? "" : "not ");
    1305           0 :       break;
    1306             :     case SIGSUBPKT_KEY_EXPIRE:
    1307           0 :       if (length >= 4)
    1308             :         {
    1309           0 :           if (buf32_to_u32 (buffer))
    1310           0 :             es_fprintf (listfp, "key expires after %s",
    1311             :                         strtimevalue (buf32_to_u32 (buffer)));
    1312             :           else
    1313           0 :             es_fprintf (listfp, "key does not expire");
    1314             :         }
    1315           0 :       break;
    1316             :     case SIGSUBPKT_PREF_SYM:
    1317           8 :       es_fputs ("pref-sym-algos:", listfp);
    1318          36 :       for (i = 0; i < length; i++)
    1319          28 :         es_fprintf (listfp, " %d", buffer[i]);
    1320           8 :       break;
    1321             :     case SIGSUBPKT_REV_KEY:
    1322           0 :       es_fputs ("revocation key: ", listfp);
    1323           0 :       if (length < 22)
    1324           0 :         p = "[too short]";
    1325             :       else
    1326             :         {
    1327           0 :           es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
    1328           0 :           for (i = 2; i < length; i++)
    1329           0 :             es_fprintf (listfp, "%02X", buffer[i]);
    1330             :         }
    1331           0 :       break;
    1332             :     case SIGSUBPKT_ISSUER:
    1333          13 :       if (length >= 8)
    1334          26 :         es_fprintf (listfp, "issuer key ID %08lX%08lX",
    1335          13 :                     (ulong) buf32_to_u32 (buffer),
    1336          13 :                     (ulong) buf32_to_u32 (buffer + 4));
    1337          13 :       break;
    1338             :     case SIGSUBPKT_ISSUER_FPR:
    1339           0 :       if (length >= 21)
    1340             :         {
    1341             :           char *tmp;
    1342           0 :           es_fprintf (listfp, "issuer fpr v%d ", buffer[0]);
    1343           0 :           tmp = bin2hex (buffer+1, length-1, NULL);
    1344           0 :           if (tmp)
    1345             :             {
    1346           0 :               es_fputs (tmp, listfp);
    1347           0 :               xfree (tmp);
    1348             :             }
    1349             :         }
    1350           0 :       break;
    1351             :     case SIGSUBPKT_NOTATION:
    1352             :       {
    1353           0 :         es_fputs ("notation: ", listfp);
    1354           0 :         if (length < 8)
    1355           0 :           p = "[too short]";
    1356             :         else
    1357             :           {
    1358           0 :             const byte *s = buffer;
    1359             :             size_t n1, n2;
    1360             : 
    1361           0 :             n1 = (s[4] << 8) | s[5];
    1362           0 :             n2 = (s[6] << 8) | s[7];
    1363           0 :             s += 8;
    1364           0 :             if (8 + n1 + n2 != length)
    1365           0 :               p = "[error]";
    1366             :             else
    1367             :               {
    1368           0 :                 es_write_sanitized (listfp, s, n1, ")", NULL);
    1369           0 :                 es_putc ('=', listfp);
    1370             : 
    1371           0 :                 if (*buffer & 0x80)
    1372           0 :                   es_write_sanitized (listfp, s + n1, n2, ")", NULL);
    1373             :                 else
    1374           0 :                   p = "[not human readable]";
    1375             :               }
    1376             :           }
    1377             :       }
    1378           0 :       break;
    1379             :     case SIGSUBPKT_PREF_HASH:
    1380           8 :       es_fputs ("pref-hash-algos:", listfp);
    1381          24 :       for (i = 0; i < length; i++)
    1382          16 :         es_fprintf (listfp, " %d", buffer[i]);
    1383           8 :       break;
    1384             :     case SIGSUBPKT_PREF_COMPR:
    1385           8 :       es_fputs ("pref-zip-algos:", listfp);
    1386          24 :       for (i = 0; i < length; i++)
    1387          16 :         es_fprintf (listfp, " %d", buffer[i]);
    1388           8 :       break;
    1389             :     case SIGSUBPKT_KS_FLAGS:
    1390           8 :       es_fputs ("keyserver preferences:", listfp);
    1391          16 :       for (i = 0; i < length; i++)
    1392           8 :         es_fprintf (listfp, " %02X", buffer[i]);
    1393           8 :       break;
    1394             :     case SIGSUBPKT_PREF_KS:
    1395           0 :       es_fputs ("preferred keyserver: ", listfp);
    1396           0 :       es_write_sanitized (listfp, buffer, length, ")", NULL);
    1397           0 :       break;
    1398             :     case SIGSUBPKT_PRIMARY_UID:
    1399           0 :       p = "primary user ID";
    1400           0 :       break;
    1401             :     case SIGSUBPKT_POLICY:
    1402           0 :       es_fputs ("policy: ", listfp);
    1403           0 :       es_write_sanitized (listfp, buffer, length, ")", NULL);
    1404           0 :       break;
    1405             :     case SIGSUBPKT_KEY_FLAGS:
    1406          12 :       es_fputs ("key flags:", listfp);
    1407          24 :       for (i = 0; i < length; i++)
    1408          12 :         es_fprintf (listfp, " %02X", buffer[i]);
    1409          12 :       break;
    1410             :     case SIGSUBPKT_SIGNERS_UID:
    1411           0 :       p = "signer's user ID";
    1412           0 :       break;
    1413             :     case SIGSUBPKT_REVOC_REASON:
    1414           0 :       if (length)
    1415             :         {
    1416           0 :           es_fprintf (listfp, "revocation reason 0x%02x (", *buffer);
    1417           0 :           es_write_sanitized (listfp, buffer + 1, length - 1, ")", NULL);
    1418           0 :           p = ")";
    1419             :         }
    1420           0 :       break;
    1421             :     case SIGSUBPKT_ARR:
    1422           0 :       es_fputs ("Big Brother's key (ignored): ", listfp);
    1423           0 :       if (length < 22)
    1424           0 :         p = "[too short]";
    1425             :       else
    1426             :         {
    1427           0 :           es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
    1428           0 :           if (length > 2)
    1429           0 :             es_write_hexstring (listfp, buffer+2, length-2, 0, NULL);
    1430             :         }
    1431           0 :       break;
    1432             :     case SIGSUBPKT_FEATURES:
    1433           8 :       es_fputs ("features:", listfp);
    1434          16 :       for (i = 0; i < length; i++)
    1435           8 :         es_fprintf (listfp, " %02x", buffer[i]);
    1436           8 :       break;
    1437             :     case SIGSUBPKT_SIGNATURE:
    1438           0 :       es_fputs ("signature: ", listfp);
    1439           0 :       if (length < 17)
    1440           0 :         p = "[too short]";
    1441             :       else
    1442           0 :         es_fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
    1443           0 :                     buffer[0],
    1444           0 :                     buffer[0] == 3 ? buffer[2] : buffer[1],
    1445           0 :                     buffer[0] == 3 ? buffer[15] : buffer[2],
    1446           0 :                     buffer[0] == 3 ? buffer[16] : buffer[3]);
    1447           0 :       break;
    1448             :     default:
    1449           0 :       if (type >= 100 && type <= 110)
    1450           0 :         p = "experimental / private subpacket";
    1451             :       else
    1452           0 :         p = "?";
    1453           0 :       break;
    1454             :     }
    1455             : 
    1456          78 :   es_fprintf (listfp, "%s)\n", p ? p : "");
    1457             : }
    1458             : 
    1459             : 
    1460             : /*
    1461             :  * Returns: >= 0 use this offset into buffer
    1462             :  *          -1 explicitly reject returning this type
    1463             :  *          -2 subpacket too short
    1464             :  */
    1465             : int
    1466       36693 : parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
    1467             : {
    1468       36693 :   switch (type)
    1469             :     {
    1470             :     case SIGSUBPKT_REV_KEY:
    1471           5 :       if (n < 22)
    1472           0 :         break;
    1473           5 :       return 0;
    1474             :     case SIGSUBPKT_SIG_CREATED:
    1475             :     case SIGSUBPKT_SIG_EXPIRE:
    1476             :     case SIGSUBPKT_KEY_EXPIRE:
    1477        9661 :       if (n < 4)
    1478           0 :         break;
    1479        9661 :       return 0;
    1480             :     case SIGSUBPKT_KEY_FLAGS:
    1481             :     case SIGSUBPKT_KS_FLAGS:
    1482             :     case SIGSUBPKT_PREF_SYM:
    1483             :     case SIGSUBPKT_PREF_HASH:
    1484             :     case SIGSUBPKT_PREF_COMPR:
    1485             :     case SIGSUBPKT_POLICY:
    1486             :     case SIGSUBPKT_PREF_KS:
    1487             :     case SIGSUBPKT_FEATURES:
    1488             :     case SIGSUBPKT_REGEXP:
    1489       17414 :       return 0;
    1490             :     case SIGSUBPKT_SIGNATURE:
    1491             :     case SIGSUBPKT_EXPORTABLE:
    1492             :     case SIGSUBPKT_REVOCABLE:
    1493             :     case SIGSUBPKT_REVOC_REASON:
    1494         135 :       if (!n)
    1495           0 :         break;
    1496         135 :       return 0;
    1497             :     case SIGSUBPKT_ISSUER:      /* issuer key ID */
    1498        8863 :       if (n < 8)
    1499           0 :         break;
    1500        8863 :       return 0;
    1501             :     case SIGSUBPKT_ISSUER_FPR:  /* issuer key ID */
    1502         277 :       if (n < 21)
    1503           0 :         break;
    1504         277 :       return 0;
    1505             :     case SIGSUBPKT_NOTATION:
    1506             :       /* minimum length needed, and the subpacket must be well-formed
    1507             :          where the name length and value length all fit inside the
    1508             :          packet. */
    1509         160 :       if (n < 8
    1510         480 :           || 8 + ((buffer[4] << 8) | buffer[5]) +
    1511         320 :           ((buffer[6] << 8) | buffer[7]) != n)
    1512             :         break;
    1513         160 :       return 0;
    1514             :     case SIGSUBPKT_PRIMARY_UID:
    1515         135 :       if (n != 1)
    1516           0 :         break;
    1517         135 :       return 0;
    1518             :     case SIGSUBPKT_TRUST:
    1519           2 :       if (n != 2)
    1520           0 :         break;
    1521           2 :       return 0;
    1522             :     default:
    1523          41 :       return 0;
    1524             :     }
    1525           0 :   return -2;
    1526             : }
    1527             : 
    1528             : 
    1529             : /* Return true if we understand the critical notation.  */
    1530             : static int
    1531           0 : can_handle_critical_notation (const byte * name, size_t len)
    1532             : {
    1533           0 :   if (len == 32 && memcmp (name, "preferred-email-encoding@pgp.com", 32) == 0)
    1534           0 :     return 1;
    1535           0 :   if (len == 21 && memcmp (name, "pka-address@gnupg.org", 21) == 0)
    1536           0 :     return 1;
    1537             : 
    1538           0 :   return 0;
    1539             : }
    1540             : 
    1541             : 
    1542             : static int
    1543          10 : can_handle_critical (const byte * buffer, size_t n, int type)
    1544             : {
    1545          10 :   switch (type)
    1546             :     {
    1547             :     case SIGSUBPKT_NOTATION:
    1548           0 :       if (n >= 8)
    1549             :         {
    1550           0 :           size_t notation_len = ((buffer[4] << 8) | buffer[5]);
    1551           0 :           if (n - 8 >= notation_len)
    1552           0 :             return can_handle_critical_notation (buffer + 8, notation_len);
    1553             :         }
    1554           0 :       return 0;
    1555             :     case SIGSUBPKT_SIGNATURE:
    1556             :     case SIGSUBPKT_SIG_CREATED:
    1557             :     case SIGSUBPKT_SIG_EXPIRE:
    1558             :     case SIGSUBPKT_KEY_EXPIRE:
    1559             :     case SIGSUBPKT_EXPORTABLE:
    1560             :     case SIGSUBPKT_REVOCABLE:
    1561             :     case SIGSUBPKT_REV_KEY:
    1562             :     case SIGSUBPKT_ISSUER:      /* issuer key ID */
    1563             :     case SIGSUBPKT_ISSUER_FPR:  /* issuer fingerprint */
    1564             :     case SIGSUBPKT_PREF_SYM:
    1565             :     case SIGSUBPKT_PREF_HASH:
    1566             :     case SIGSUBPKT_PREF_COMPR:
    1567             :     case SIGSUBPKT_KEY_FLAGS:
    1568             :     case SIGSUBPKT_PRIMARY_UID:
    1569             :     case SIGSUBPKT_FEATURES:
    1570             :     case SIGSUBPKT_TRUST:
    1571             :     case SIGSUBPKT_REGEXP:
    1572             :       /* Is it enough to show the policy or keyserver? */
    1573             :     case SIGSUBPKT_POLICY:
    1574             :     case SIGSUBPKT_PREF_KS:
    1575          10 :       return 1;
    1576             : 
    1577             :     default:
    1578           0 :       return 0;
    1579             :     }
    1580             : }
    1581             : 
    1582             : 
    1583             : const byte *
    1584      161700 : enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
    1585             :                  size_t * ret_n, int *start, int *critical)
    1586             : {
    1587             :   const byte *buffer;
    1588             :   int buflen;
    1589             :   int type;
    1590             :   int critical_dummy;
    1591             :   int offset;
    1592             :   size_t n;
    1593      161700 :   int seq = 0;
    1594      161700 :   int reqseq = start ? *start : 0;
    1595             : 
    1596      161700 :   if (!critical)
    1597      161151 :     critical = &critical_dummy;
    1598             : 
    1599      161700 :   if (!pktbuf || reqseq == -1)
    1600             :     {
    1601             :       static char dummy[] = "x";
    1602             :       /* Return a value different from NULL to indicate that
    1603             :        * there is no critical bit we do not understand.  */
    1604        2167 :       return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
    1605             :     }
    1606      159533 :   buffer = pktbuf->data;
    1607      159533 :   buflen = pktbuf->len;
    1608      810568 :   while (buflen)
    1609             :     {
    1610      527727 :       n = *buffer++;
    1611      527727 :       buflen--;
    1612      527727 :       if (n == 255) /* 4 byte length header.  */
    1613             :         {
    1614           0 :           if (buflen < 4)
    1615           0 :             goto too_short;
    1616           0 :           n = buf32_to_size_t (buffer);
    1617           0 :           buffer += 4;
    1618           0 :           buflen -= 4;
    1619             :         }
    1620      527727 :       else if (n >= 192) /* 4 byte special encoded length header.  */
    1621             :         {
    1622           0 :           if (buflen < 2)
    1623           0 :             goto too_short;
    1624           0 :           n = ((n - 192) << 8) + *buffer + 192;
    1625           0 :           buffer++;
    1626           0 :           buflen--;
    1627             :         }
    1628      527727 :       if (buflen < n)
    1629           0 :         goto too_short;
    1630      527727 :       type = *buffer;
    1631      527727 :       if (type & 0x80)
    1632             :         {
    1633         100 :           type &= 0x7f;
    1634         100 :           *critical = 1;
    1635             :         }
    1636             :       else
    1637      527627 :         *critical = 0;
    1638      527727 :       if (!(++seq > reqseq))
    1639             :         ;
    1640      527465 :       else if (reqtype == SIGSUBPKT_TEST_CRITICAL)
    1641             :         {
    1642       44046 :           if (*critical)
    1643             :             {
    1644          10 :               if (n - 1 > buflen + 1)
    1645           0 :                 goto too_short;
    1646          10 :               if (!can_handle_critical (buffer + 1, n - 1, type))
    1647             :                 {
    1648           0 :                   if (opt.verbose)
    1649           0 :                     log_info (_("subpacket of type %d has "
    1650             :                                 "critical bit set\n"), type);
    1651           0 :                   if (start)
    1652           0 :                     *start = seq;
    1653           0 :                   return NULL;  /* This is an error.  */
    1654             :                 }
    1655             :             }
    1656             :         }
    1657      483419 :       else if (reqtype < 0) /* List packets.  */
    1658          78 :         dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
    1659             :                          type, *critical, buffer, buflen, n);
    1660      483341 :       else if (type == reqtype) /* Found.  */
    1661             :         {
    1662       36225 :           buffer++;
    1663       36225 :           n--;
    1664       36225 :           if (n > buflen)
    1665           0 :             goto too_short;
    1666       36225 :           if (ret_n)
    1667       17680 :             *ret_n = n;
    1668       36225 :           offset = parse_one_sig_subpkt (buffer, n, type);
    1669       36225 :           switch (offset)
    1670             :             {
    1671             :             case -2:
    1672           0 :               log_error ("subpacket of type %d too short\n", type);
    1673           0 :               return NULL;
    1674             :             case -1:
    1675           0 :               return NULL;
    1676             :             default:
    1677       36225 :               break;
    1678             :             }
    1679       36225 :           if (start)
    1680         131 :             *start = seq;
    1681       36225 :           return buffer + offset;
    1682             :         }
    1683      491502 :       buffer += n;
    1684      491502 :       buflen -= n;
    1685             :     }
    1686      123308 :   if (reqtype == SIGSUBPKT_TEST_CRITICAL)
    1687             :     /* Returning NULL means we found a subpacket with the critical bit
    1688             :        set that we don't grok.  We've iterated over all the subpackets
    1689             :        and haven't found such a packet so we need to return a non-NULL
    1690             :        value.  */
    1691       17444 :     return buffer;
    1692             : 
    1693             :   /* Critical bit we don't understand. */
    1694      105864 :   if (start)
    1695        4993 :     *start = -1;
    1696      105864 :   return NULL;  /* End of packets; not found.  */
    1697             : 
    1698             :  too_short:
    1699           0 :   if (opt.verbose)
    1700           0 :     log_info ("buffer shorter than subpacket\n");
    1701           0 :   if (start)
    1702           0 :     *start = -1;
    1703           0 :   return NULL;
    1704             : }
    1705             : 
    1706             : 
    1707             : const byte *
    1708      155475 : parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
    1709             :                   size_t * ret_n)
    1710             : {
    1711      155475 :   return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
    1712             : }
    1713             : 
    1714             : 
    1715             : const byte *
    1716       17444 : parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
    1717             : {
    1718             :   const byte *p;
    1719             : 
    1720       17444 :   p = parse_sig_subpkt (sig->hashed, reqtype, NULL);
    1721       17444 :   if (!p)
    1722       17444 :     p = parse_sig_subpkt (sig->unhashed, reqtype, NULL);
    1723       17444 :   return p;
    1724             : }
    1725             : 
    1726             : 
    1727             : /* Find all revocation keys.  Look in hashed area only.  */
    1728             : void
    1729           5 : parse_revkeys (PKT_signature * sig)
    1730             : {
    1731             :   const byte *revkey;
    1732           5 :   int seq = 0;
    1733             :   size_t len;
    1734             : 
    1735           5 :   if (sig->sig_class != 0x1F)
    1736           5 :     return;
    1737             : 
    1738          15 :   while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
    1739             :                                     &len, &seq, NULL)))
    1740             :     {
    1741           5 :       if (/* The only valid length is 22 bytes.  See RFC 4880
    1742             :              5.2.3.15.  */
    1743           5 :           len == 22
    1744             :           /* 0x80 bit must be set on the class.  */
    1745           5 :           && (revkey[0] & 0x80))
    1746             :         {
    1747           5 :           sig->revkey = xrealloc (sig->revkey,
    1748             :                                   sizeof (struct revocation_key) *
    1749             :                                   (sig->numrevkeys + 1));
    1750             : 
    1751             :           /* Copy the individual fields.  */
    1752           5 :           sig->revkey[sig->numrevkeys].class = revkey[0];
    1753           5 :           sig->revkey[sig->numrevkeys].algid = revkey[1];
    1754           5 :           memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20);
    1755             : 
    1756           5 :           sig->numrevkeys++;
    1757             :         }
    1758             :     }
    1759             : }
    1760             : 
    1761             : 
    1762             : int
    1763        9381 : parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
    1764             :                  PKT_signature * sig)
    1765             : {
    1766        9381 :   int md5_len = 0;
    1767             :   unsigned n;
    1768        9381 :   int is_v4 = 0;
    1769        9381 :   int rc = 0;
    1770             :   int i, ndata;
    1771             : 
    1772        9381 :   if (pktlen < 16)
    1773             :     {
    1774           0 :       log_error ("packet(%d) too short\n", pkttype);
    1775           0 :       if (list_mode)
    1776           0 :         es_fputs (":signature packet: [too short]\n", listfp);
    1777           0 :       goto leave;
    1778             :     }
    1779        9381 :   sig->version = iobuf_get_noeof (inp);
    1780        9381 :   pktlen--;
    1781        9381 :   if (sig->version == 4)
    1782        8722 :     is_v4 = 1;
    1783         659 :   else if (sig->version != 2 && sig->version != 3)
    1784             :     {
    1785           0 :       log_error ("packet(%d) with unknown version %d\n",
    1786           0 :                  pkttype, sig->version);
    1787           0 :       if (list_mode)
    1788           0 :         es_fputs (":signature packet: [unknown version]\n", listfp);
    1789           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1790           0 :       goto leave;
    1791             :     }
    1792             : 
    1793        9381 :   if (!is_v4)
    1794             :     {
    1795         659 :       if (pktlen == 0)
    1796           0 :         goto underflow;
    1797         659 :       md5_len = iobuf_get_noeof (inp);
    1798         659 :       pktlen--;
    1799             :     }
    1800        9381 :   if (pktlen == 0)
    1801           0 :     goto underflow;
    1802        9381 :   sig->sig_class = iobuf_get_noeof (inp);
    1803        9381 :   pktlen--;
    1804        9381 :   if (!is_v4)
    1805             :     {
    1806         659 :       if (pktlen < 12)
    1807           0 :         goto underflow;
    1808         659 :       sig->timestamp = read_32 (inp);
    1809         659 :       pktlen -= 4;
    1810         659 :       sig->keyid[0] = read_32 (inp);
    1811         659 :       pktlen -= 4;
    1812         659 :       sig->keyid[1] = read_32 (inp);
    1813         659 :       pktlen -= 4;
    1814             :     }
    1815        9381 :   if (pktlen < 2)
    1816           0 :     goto underflow;
    1817        9381 :   sig->pubkey_algo = iobuf_get_noeof (inp);
    1818        9381 :   pktlen--;
    1819        9381 :   sig->digest_algo = iobuf_get_noeof (inp);
    1820        9381 :   pktlen--;
    1821        9381 :   sig->flags.exportable = 1;
    1822        9381 :   sig->flags.revocable = 1;
    1823        9381 :   if (is_v4) /* Read subpackets.  */
    1824             :     {
    1825        8722 :       if (pktlen < 2)
    1826           0 :         goto underflow;
    1827        8722 :       n = read_16 (inp);
    1828        8722 :       pktlen -= 2;  /* Length of hashed data. */
    1829        8722 :       if (pktlen < n)
    1830           0 :         goto underflow;
    1831        8722 :       if (n > 10000)
    1832             :         {
    1833           0 :           log_error ("signature packet: hashed data too long\n");
    1834           0 :           if (list_mode)
    1835           0 :             es_fputs (":signature packet: [hashed data too long]\n", listfp);
    1836           0 :           rc = GPG_ERR_INV_PACKET;
    1837           0 :           goto leave;
    1838             :         }
    1839        8722 :       if (n)
    1840             :         {
    1841        8722 :           sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
    1842        8722 :           sig->hashed->size = n;
    1843        8722 :           sig->hashed->len = n;
    1844        8722 :           if (iobuf_read (inp, sig->hashed->data, n) != n)
    1845             :             {
    1846           0 :               log_error ("premature eof while reading "
    1847             :                          "hashed signature data\n");
    1848           0 :               if (list_mode)
    1849           0 :                 es_fputs (":signature packet: [premature eof]\n", listfp);
    1850           0 :               rc = -1;
    1851           0 :               goto leave;
    1852             :             }
    1853        8722 :           pktlen -= n;
    1854             :         }
    1855        8722 :       if (pktlen < 2)
    1856           0 :         goto underflow;
    1857        8722 :       n = read_16 (inp);
    1858        8722 :       pktlen -= 2;  /* Length of unhashed data.  */
    1859        8722 :       if (pktlen < n)
    1860           0 :         goto underflow;
    1861        8722 :       if (n > 10000)
    1862             :         {
    1863           0 :           log_error ("signature packet: unhashed data too long\n");
    1864           0 :           if (list_mode)
    1865           0 :             es_fputs (":signature packet: [unhashed data too long]\n", listfp);
    1866           0 :           rc = GPG_ERR_INV_PACKET;
    1867           0 :           goto leave;
    1868             :         }
    1869        8722 :       if (n)
    1870             :         {
    1871        8722 :           sig->unhashed = xmalloc (sizeof (*sig->unhashed) + n - 1);
    1872        8722 :           sig->unhashed->size = n;
    1873        8722 :           sig->unhashed->len = n;
    1874        8722 :           if (iobuf_read (inp, sig->unhashed->data, n) != n)
    1875             :             {
    1876           0 :               log_error ("premature eof while reading "
    1877             :                          "unhashed signature data\n");
    1878           0 :               if (list_mode)
    1879           0 :                 es_fputs (":signature packet: [premature eof]\n", listfp);
    1880           0 :               rc = -1;
    1881           0 :               goto leave;
    1882             :             }
    1883        8722 :           pktlen -= n;
    1884             :         }
    1885             :     }
    1886             : 
    1887        9381 :   if (pktlen < 2)
    1888           0 :     goto underflow;
    1889        9381 :   sig->digest_start[0] = iobuf_get_noeof (inp);
    1890        9381 :   pktlen--;
    1891        9381 :   sig->digest_start[1] = iobuf_get_noeof (inp);
    1892        9381 :   pktlen--;
    1893             : 
    1894        9381 :   if (is_v4 && sig->pubkey_algo)  /* Extract required information.  */
    1895             :     {
    1896             :       const byte *p;
    1897             :       size_t len;
    1898             : 
    1899             :       /* Set sig->flags.unknown_critical if there is a critical bit
    1900             :        * set for packets which we do not understand.  */
    1901        8722 :       if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
    1902        8722 :           || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
    1903           0 :         sig->flags.unknown_critical = 1;
    1904             : 
    1905        8722 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
    1906        8722 :       if (p)
    1907        8722 :         sig->timestamp = buf32_to_u32 (p);
    1908           0 :       else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
    1909           0 :                && opt.verbose)
    1910           0 :         log_info ("signature packet without timestamp\n");
    1911             : 
    1912        8722 :       p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER);
    1913        8722 :       if (p)
    1914             :         {
    1915        8722 :           sig->keyid[0] = buf32_to_u32 (p);
    1916        8722 :           sig->keyid[1] = buf32_to_u32 (p + 4);
    1917             :         }
    1918           0 :       else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
    1919           0 :                && opt.verbose)
    1920           0 :         log_info ("signature packet without keyid\n");
    1921             : 
    1922        8722 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
    1923        8722 :       if (p && buf32_to_u32 (p))
    1924         148 :         sig->expiredate = sig->timestamp + buf32_to_u32 (p);
    1925        8722 :       if (sig->expiredate && sig->expiredate <= make_timestamp ())
    1926         141 :         sig->flags.expired = 1;
    1927             : 
    1928        8722 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
    1929        8722 :       if (p)
    1930           6 :         sig->flags.policy_url = 1;
    1931             : 
    1932        8722 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
    1933        8722 :       if (p)
    1934           0 :         sig->flags.pref_ks = 1;
    1935             : 
    1936        8722 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len);
    1937        8722 :       if (p && len)
    1938             :         {
    1939          29 :           sig->signers_uid = try_make_printable_string (p, len, 0);
    1940          29 :           if (!sig->signers_uid)
    1941             :             {
    1942           0 :               rc = gpg_error_from_syserror ();
    1943           0 :               goto leave;
    1944             :             }
    1945             :         }
    1946             : 
    1947        8722 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
    1948        8722 :       if (p)
    1949         160 :         sig->flags.notation = 1;
    1950             : 
    1951        8722 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
    1952        8722 :       if (p && *p == 0)
    1953           5 :         sig->flags.revocable = 0;
    1954             : 
    1955        8722 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
    1956        8722 :       if (p && len == 2)
    1957             :         {
    1958           2 :           sig->trust_depth = p[0];
    1959           2 :           sig->trust_value = p[1];
    1960             : 
    1961             :           /* Only look for a regexp if there is also a trust
    1962             :              subpacket. */
    1963           2 :           sig->trust_regexp =
    1964           2 :             parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
    1965             : 
    1966             :           /* If the regular expression is of 0 length, there is no
    1967             :              regular expression. */
    1968           2 :           if (len == 0)
    1969           0 :             sig->trust_regexp = NULL;
    1970             :         }
    1971             : 
    1972             :       /* We accept the exportable subpacket from either the hashed or
    1973             :          unhashed areas as older versions of gpg put it in the
    1974             :          unhashed area.  In theory, anyway, we should never see this
    1975             :          packet off of a local keyring. */
    1976             : 
    1977        8722 :       p = parse_sig_subpkt2 (sig, SIGSUBPKT_EXPORTABLE);
    1978        8722 :       if (p && *p == 0)
    1979           0 :         sig->flags.exportable = 0;
    1980             : 
    1981             :       /* Find all revocation keys.  */
    1982        8722 :       if (sig->sig_class == 0x1F)
    1983           5 :         parse_revkeys (sig);
    1984             :     }
    1985             : 
    1986        9381 :   if (list_mode)
    1987             :     {
    1988         117 :       es_fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
    1989             :                   "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
    1990             :                   "\tdigest algo %d, begin of digest %02x %02x\n",
    1991          13 :                   sig->pubkey_algo,
    1992          26 :                   (ulong) sig->keyid[0], (ulong) sig->keyid[1],
    1993          39 :                   sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
    1994          39 :                   sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
    1995          13 :       if (is_v4)
    1996             :         {
    1997          13 :           parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
    1998          13 :           parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
    1999             :         }
    2000             :     }
    2001             : 
    2002        9381 :   ndata = pubkey_get_nsig (sig->pubkey_algo);
    2003        9381 :   if (!ndata)
    2004             :     {
    2005           0 :       if (list_mode)
    2006           0 :         es_fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo);
    2007           0 :       unknown_pubkey_warning (sig->pubkey_algo);
    2008             : 
    2009             :       /* We store the plain material in data[0], so that we are able
    2010             :        * to write it back with build_packet().  */
    2011           0 :       if (pktlen > (5 * MAX_EXTERN_MPI_BITS / 8))
    2012             :         {
    2013             :           /* We include a limit to avoid too trivial DoS attacks by
    2014             :              having gpg allocate too much memory.  */
    2015           0 :           log_error ("signature packet: too much data\n");
    2016           0 :           rc = GPG_ERR_INV_PACKET;
    2017             :         }
    2018             :       else
    2019             :         {
    2020           0 :           sig->data[0] =
    2021           0 :             gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen), pktlen * 8);
    2022           0 :           pktlen = 0;
    2023             :         }
    2024             :     }
    2025             :   else
    2026             :     {
    2027       25137 :       for (i = 0; i < ndata; i++)
    2028             :         {
    2029       15756 :           n = pktlen;
    2030       15756 :           sig->data[i] = mpi_read (inp, &n, 0);
    2031       15756 :           pktlen -= n;
    2032       15756 :           if (list_mode)
    2033             :             {
    2034          23 :               es_fprintf (listfp, "\tdata: ");
    2035          23 :               mpi_print (listfp, sig->data[i], mpi_print_mode);
    2036          23 :               es_putc ('\n', listfp);
    2037             :             }
    2038       15756 :           if (!sig->data[i])
    2039           0 :             rc = GPG_ERR_INV_PACKET;
    2040             :         }
    2041             :     }
    2042             : 
    2043             :  leave:
    2044        9381 :   iobuf_skip_rest (inp, pktlen, 0);
    2045        9381 :   return rc;
    2046             : 
    2047             :  underflow:
    2048           0 :   log_error ("packet(%d) too short\n", pkttype);
    2049           0 :   if (list_mode)
    2050           0 :     es_fputs (":signature packet: [too short]\n", listfp);
    2051             : 
    2052           0 :   iobuf_skip_rest (inp, pktlen, 0);
    2053             : 
    2054           0 :   return GPG_ERR_INV_PACKET;
    2055             : }
    2056             : 
    2057             : 
    2058             : static int
    2059         155 : parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
    2060             :                    PKT_onepass_sig * ops)
    2061             : {
    2062             :   int version;
    2063         155 :   int rc = 0;
    2064             : 
    2065         155 :   if (pktlen < 13)
    2066             :     {
    2067           0 :       log_error ("packet(%d) too short\n", pkttype);
    2068           0 :       if (list_mode)
    2069           0 :         es_fputs (":onepass_sig packet: [too short]\n", listfp);
    2070           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    2071           0 :       goto leave;
    2072             :     }
    2073         155 :   version = iobuf_get_noeof (inp);
    2074         155 :   pktlen--;
    2075         155 :   if (version != 3)
    2076             :     {
    2077           0 :       log_error ("onepass_sig with unknown version %d\n", version);
    2078           0 :       if (list_mode)
    2079           0 :         es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
    2080           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    2081           0 :       goto leave;
    2082             :     }
    2083         155 :   ops->sig_class = iobuf_get_noeof (inp);
    2084         155 :   pktlen--;
    2085         155 :   ops->digest_algo = iobuf_get_noeof (inp);
    2086         155 :   pktlen--;
    2087         155 :   ops->pubkey_algo = iobuf_get_noeof (inp);
    2088         155 :   pktlen--;
    2089         155 :   ops->keyid[0] = read_32 (inp);
    2090         155 :   pktlen -= 4;
    2091         155 :   ops->keyid[1] = read_32 (inp);
    2092         155 :   pktlen -= 4;
    2093         155 :   ops->last = iobuf_get_noeof (inp);
    2094         155 :   pktlen--;
    2095         155 :   if (list_mode)
    2096           6 :     es_fprintf (listfp,
    2097             :                 ":onepass_sig packet: keyid %08lX%08lX\n"
    2098             :                 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
    2099             :                 "last=%d\n",
    2100           2 :                 (ulong) ops->keyid[0], (ulong) ops->keyid[1],
    2101           1 :                 version, ops->sig_class,
    2102           3 :                 ops->digest_algo, ops->pubkey_algo, ops->last);
    2103             : 
    2104             : 
    2105             :  leave:
    2106         155 :   iobuf_skip_rest (inp, pktlen, 0);
    2107         155 :   return rc;
    2108             : }
    2109             : 
    2110             : 
    2111             : static int
    2112        7295 : parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
    2113             :            byte * hdr, int hdrlen, PACKET * pkt)
    2114             : {
    2115        7295 :   gpg_error_t err = 0;
    2116             :   int i, version, algorithm;
    2117             :   unsigned long timestamp, expiredate, max_expiredate;
    2118             :   int npkey, nskey;
    2119             :   u32 keyid[2];
    2120             :   PKT_public_key *pk;
    2121             : 
    2122             :   (void) hdr;
    2123             : 
    2124        7295 :   pk = pkt->pkt.public_key; /* PK has been cleared. */
    2125             : 
    2126        7295 :   version = iobuf_get_noeof (inp);
    2127        7295 :   pktlen--;
    2128        7295 :   if (pkttype == PKT_PUBLIC_SUBKEY && version == '#')
    2129             :     {
    2130             :       /* Early versions of G10 used the old PGP comments packets;
    2131             :        * luckily all those comments are started by a hash.  */
    2132           0 :       if (list_mode)
    2133             :         {
    2134           0 :           es_fprintf (listfp, ":rfc1991 comment packet: \"");
    2135           0 :           for (; pktlen; pktlen--)
    2136             :             {
    2137             :               int c;
    2138           0 :               c = iobuf_get (inp);
    2139           0 :               if (c == -1)
    2140           0 :                 break; /* Ooops: shorter than indicated.  */
    2141           0 :               if (c >= ' ' && c <= 'z')
    2142           0 :                 es_putc (c, listfp);
    2143             :               else
    2144           0 :                 es_fprintf (listfp, "\\x%02x", c);
    2145             :             }
    2146           0 :           es_fprintf (listfp, "\"\n");
    2147             :         }
    2148           0 :       iobuf_skip_rest (inp, pktlen, 0);
    2149           0 :       return 0;
    2150             :     }
    2151        7295 :   else if (version == 4)
    2152             :     {
    2153             :       /* The only supported version.  Use an older gpg
    2154             :          version (i.e. gpg 1.4) to parse v3 packets.  */
    2155             :     }
    2156           2 :   else if (version == 2 || version == 3)
    2157             :     {
    2158           2 :       if (opt.verbose > 1)
    2159           0 :         log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
    2160           2 :       if (list_mode)
    2161           0 :         es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
    2162           2 :       pk->version = version;
    2163           2 :       err = gpg_error (GPG_ERR_LEGACY_KEY);
    2164           2 :       goto leave;
    2165             :     }
    2166             :   else
    2167             :     {
    2168           0 :       log_error ("packet(%d) with unknown version %d\n", pkttype, version);
    2169           0 :       if (list_mode)
    2170           0 :         es_fputs (":key packet: [unknown version]\n", listfp);
    2171           0 :       err = gpg_error (GPG_ERR_INV_PACKET);
    2172           0 :       goto leave;
    2173             :     }
    2174             : 
    2175        7293 :   if (pktlen < 11)
    2176             :     {
    2177           0 :       log_error ("packet(%d) too short\n", pkttype);
    2178           0 :       if (list_mode)
    2179           0 :         es_fputs (":key packet: [too short]\n", listfp);
    2180           0 :       err = gpg_error (GPG_ERR_INV_PACKET);
    2181           0 :       goto leave;
    2182             :     }
    2183        7293 :   else if (pktlen > MAX_KEY_PACKET_LENGTH)
    2184             :     {
    2185           0 :       log_error ("packet(%d) too large\n", pkttype);
    2186           0 :       if (list_mode)
    2187           0 :         es_fputs (":key packet: [too larget]\n", listfp);
    2188           0 :       err = gpg_error (GPG_ERR_INV_PACKET);
    2189           0 :       goto leave;
    2190             :     }
    2191             : 
    2192        7293 :   timestamp = read_32 (inp);
    2193        7293 :   pktlen -= 4;
    2194        7293 :   expiredate = 0;               /* have to get it from the selfsignature */
    2195        7293 :   max_expiredate = 0;
    2196        7293 :   algorithm = iobuf_get_noeof (inp);
    2197        7293 :   pktlen--;
    2198        7293 :   if (list_mode)
    2199          17 :     es_fprintf (listfp, ":%s key packet:\n"
    2200             :                 "\tversion %d, algo %d, created %lu, expires %lu\n",
    2201             :                 pkttype == PKT_PUBLIC_KEY ? "public" :
    2202          11 :                 pkttype == PKT_SECRET_KEY ? "secret" :
    2203           6 :                 pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
    2204           2 :                 pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
    2205             :                 version, algorithm, timestamp, expiredate);
    2206             : 
    2207        7293 :   pk->timestamp = timestamp;
    2208        7293 :   pk->expiredate = expiredate;
    2209        7293 :   pk->max_expiredate = max_expiredate;
    2210        7293 :   pk->hdrbytes = hdrlen;
    2211        7293 :   pk->version = version;
    2212        7293 :   pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
    2213        7293 :   pk->pubkey_algo = algorithm;
    2214             : 
    2215        7293 :   nskey = pubkey_get_nskey (algorithm);
    2216        7293 :   npkey = pubkey_get_npkey (algorithm);
    2217        7293 :   if (!npkey)
    2218             :     {
    2219           0 :       if (list_mode)
    2220           0 :         es_fprintf (listfp, "\tunknown algorithm %d\n", algorithm);
    2221           0 :       unknown_pubkey_warning (algorithm);
    2222             :     }
    2223             : 
    2224        7293 :   if (!npkey)
    2225             :     {
    2226             :       /* Unknown algorithm - put data into an opaque MPI.  */
    2227           0 :       pk->pkey[0] = gcry_mpi_set_opaque (NULL,
    2228             :                                          read_rest (inp, pktlen), pktlen * 8);
    2229           0 :       pktlen = 0;
    2230           0 :       goto leave;
    2231             :     }
    2232             :   else
    2233             :     {
    2234       28922 :       for (i = 0; i < npkey; i++)
    2235             :         {
    2236       21629 :           if (    (algorithm == PUBKEY_ALGO_ECDSA && (i == 0))
    2237       21377 :                || (algorithm == PUBKEY_ALGO_EDDSA && (i == 0))
    2238       21368 :                || (algorithm == PUBKEY_ALGO_ECDH  && (i == 0 || i == 2)))
    2239         775 :             {
    2240             :               /* Read the OID (i==1) or the KDF params (i==2).  */
    2241             :               size_t n;
    2242         775 :               err = read_size_body (inp, pktlen, &n, pk->pkey+i);
    2243         775 :               pktlen -= n;
    2244             :             }
    2245             :           else
    2246             :             {
    2247       20854 :               unsigned int n = pktlen;
    2248       20854 :               pk->pkey[i] = mpi_read (inp, &n, 0);
    2249       20854 :               pktlen -= n;
    2250       20854 :               if (!pk->pkey[i])
    2251           0 :                 err = gpg_error (GPG_ERR_INV_PACKET);
    2252             :             }
    2253       21629 :           if (err)
    2254           0 :             goto leave;
    2255       21629 :           if (list_mode)
    2256             :             {
    2257          32 :               es_fprintf (listfp, "\tpkey[%d]: ", i);
    2258          32 :               mpi_print (listfp, pk->pkey[i], mpi_print_mode);
    2259          32 :               if ((algorithm == PUBKEY_ALGO_ECDSA
    2260          32 :                    || algorithm == PUBKEY_ALGO_EDDSA
    2261          32 :                    || algorithm == PUBKEY_ALGO_ECDH) && i==0)
    2262             :                 {
    2263           0 :                   char *curve = openpgp_oid_to_str (pk->pkey[0]);
    2264           0 :                   const char *name = openpgp_oid_to_curve (curve, 0);
    2265           0 :                   es_fprintf (listfp, " %s (%s)", name?name:"", curve);
    2266           0 :                   xfree (curve);
    2267             :                 }
    2268          32 :               es_putc ('\n', listfp);
    2269             :             }
    2270             :         }
    2271             :     }
    2272        7293 :   if (list_mode)
    2273          10 :     keyid_from_pk (pk, keyid);
    2274             : 
    2275        7293 :   if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
    2276             :     {
    2277             :       struct seckey_info *ski;
    2278             :       byte temp[16];
    2279          38 :       size_t snlen = 0;
    2280             : 
    2281          38 :       if (pktlen < 1)
    2282             :         {
    2283           0 :           err = gpg_error (GPG_ERR_INV_PACKET);
    2284           0 :           goto leave;
    2285             :         }
    2286             : 
    2287          38 :       pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
    2288          38 :       if (!pk->seckey_info)
    2289             :         {
    2290           0 :           err = gpg_error_from_syserror ();
    2291           0 :           goto leave;
    2292             :         }
    2293             : 
    2294          38 :       ski->algo = iobuf_get_noeof (inp);
    2295          38 :       pktlen--;
    2296          38 :       if (ski->algo)
    2297             :         {
    2298          33 :           ski->is_protected = 1;
    2299          33 :           ski->s2k.count = 0;
    2300          33 :           if (ski->algo == 254 || ski->algo == 255)
    2301             :             {
    2302          33 :               if (pktlen < 3)
    2303             :                 {
    2304           0 :                   err = gpg_error (GPG_ERR_INV_PACKET);
    2305           0 :                   goto leave;
    2306             :                 }
    2307          33 :               ski->sha1chk = (ski->algo == 254);
    2308          33 :               ski->algo = iobuf_get_noeof (inp);
    2309          33 :               pktlen--;
    2310             :               /* Note that a ski->algo > 110 is illegal, but I'm not
    2311             :                  erroring on it here as otherwise there would be no
    2312             :                  way to delete such a key.  */
    2313          33 :               ski->s2k.mode = iobuf_get_noeof (inp);
    2314          33 :               pktlen--;
    2315          33 :               ski->s2k.hash_algo = iobuf_get_noeof (inp);
    2316          33 :               pktlen--;
    2317             :               /* Check for the special GNU extension.  */
    2318          33 :               if (ski->s2k.mode == 101)
    2319             :                 {
    2320           0 :                   for (i = 0; i < 4 && pktlen; i++, pktlen--)
    2321           0 :                     temp[i] = iobuf_get_noeof (inp);
    2322           0 :                   if (i < 4 || memcmp (temp, "GNU", 3))
    2323             :                     {
    2324           0 :                       if (list_mode)
    2325           0 :                         es_fprintf (listfp, "\tunknown S2K %d\n",
    2326             :                                     ski->s2k.mode);
    2327           0 :                       err = gpg_error (GPG_ERR_INV_PACKET);
    2328           0 :                       goto leave;
    2329             :                     }
    2330             :                   /* Here we know that it is a GNU extension.  What
    2331             :                    * follows is the GNU protection mode: All values
    2332             :                    * have special meanings and they are mapped to MODE
    2333             :                    * with a base of 1000.  */
    2334           0 :                   ski->s2k.mode = 1000 + temp[3];
    2335             :                 }
    2336             : 
    2337             :               /* Read the salt.  */
    2338          33 :               switch (ski->s2k.mode)
    2339             :                 {
    2340             :                 case 1:
    2341             :                 case 3:
    2342         297 :                   for (i = 0; i < 8 && pktlen; i++, pktlen--)
    2343         264 :                     temp[i] = iobuf_get_noeof (inp);
    2344          33 :                   if (i < 8)
    2345             :                     {
    2346           0 :                       err = gpg_error (GPG_ERR_INV_PACKET);
    2347           0 :                       goto leave;
    2348             :                     }
    2349          33 :                   memcpy (ski->s2k.salt, temp, 8);
    2350          33 :                   break;
    2351             :                 }
    2352             : 
    2353             :               /* Check the mode.  */
    2354          33 :               switch (ski->s2k.mode)
    2355             :                 {
    2356             :                 case 0:
    2357           0 :                   if (list_mode)
    2358           0 :                     es_fprintf (listfp, "\tsimple S2K");
    2359           0 :                   break;
    2360             :                 case 1:
    2361           0 :                   if (list_mode)
    2362           0 :                     es_fprintf (listfp, "\tsalted S2K");
    2363           0 :                   break;
    2364             :                 case 3:
    2365          33 :                   if (list_mode)
    2366           2 :                     es_fprintf (listfp, "\titer+salt S2K");
    2367          33 :                   break;
    2368             :                 case 1001:
    2369           0 :                   if (list_mode)
    2370           0 :                     es_fprintf (listfp, "\tgnu-dummy S2K");
    2371           0 :                   break;
    2372             :                 case 1002:
    2373           0 :                   if (list_mode)
    2374           0 :                     es_fprintf (listfp, "\tgnu-divert-to-card S2K");
    2375           0 :                   break;
    2376             :                 default:
    2377           0 :                   if (list_mode)
    2378           0 :                     es_fprintf (listfp, "\tunknown %sS2K %d\n",
    2379           0 :                                 ski->s2k.mode < 1000 ? "" : "GNU ",
    2380             :                                 ski->s2k.mode);
    2381           0 :                   err = gpg_error (GPG_ERR_INV_PACKET);
    2382           0 :                   goto leave;
    2383             :                 }
    2384             : 
    2385             :               /* Print some info.  */
    2386          33 :               if (list_mode)
    2387             :                 {
    2388           6 :                   es_fprintf (listfp, ", algo: %d,%s hash: %d",
    2389           2 :                               ski->algo,
    2390           2 :                               ski->sha1chk ? " SHA1 protection,"
    2391           2 :                               : " simple checksum,", ski->s2k.hash_algo);
    2392           2 :                   if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
    2393             :                     {
    2394           2 :                       es_fprintf (listfp, ", salt: ");
    2395           2 :                       es_write_hexstring (listfp, ski->s2k.salt, 8, 0, NULL);
    2396             :                     }
    2397           2 :                   es_putc ('\n', listfp);
    2398             :                 }
    2399             : 
    2400             :               /* Read remaining protection parameters.  */
    2401          66 :               if (ski->s2k.mode == 3)
    2402             :                 {
    2403          33 :                   if (pktlen < 1)
    2404             :                     {
    2405           0 :                       err = gpg_error (GPG_ERR_INV_PACKET);
    2406           0 :                       goto leave;
    2407             :                     }
    2408          33 :                   ski->s2k.count = iobuf_get (inp);
    2409          33 :                   pktlen--;
    2410          33 :                   if (list_mode)
    2411           4 :                     es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",
    2412           2 :                                 (ulong)S2K_DECODE_COUNT ((ulong)ski->s2k.count),
    2413           2 :                                 (ulong) ski->s2k.count);
    2414             :                 }
    2415           0 :               else if (ski->s2k.mode == 1002)
    2416             :                 {
    2417             :                   /* Read the serial number. */
    2418           0 :                   if (pktlen < 1)
    2419             :                     {
    2420           0 :                       err = gpg_error (GPG_ERR_INV_PACKET);
    2421           0 :                       goto leave;
    2422             :                     }
    2423           0 :                   snlen = iobuf_get (inp);
    2424           0 :                   pktlen--;
    2425           0 :                   if (pktlen < snlen || snlen == (size_t)(-1))
    2426             :                     {
    2427           0 :                       err = gpg_error (GPG_ERR_INV_PACKET);
    2428           0 :                       goto leave;
    2429             :                     }
    2430             :                 }
    2431             :             }
    2432             :           else /* Old version; no S2K, so we set mode to 0, hash MD5.  */
    2433             :             {
    2434             :               /* Note that a ski->algo > 110 is illegal, but I'm not
    2435             :                  erroring on it here as otherwise there would be no
    2436             :                  way to delete such a key.  */
    2437           0 :               ski->s2k.mode = 0;
    2438           0 :               ski->s2k.hash_algo = DIGEST_ALGO_MD5;
    2439           0 :               if (list_mode)
    2440           0 :                 es_fprintf (listfp, "\tprotect algo: %d  (hash algo: %d)\n",
    2441           0 :                             ski->algo, ski->s2k.hash_algo);
    2442             :             }
    2443             : 
    2444             :           /* It is really ugly that we don't know the size
    2445             :            * of the IV here in cases we are not aware of the algorithm.
    2446             :            * so a
    2447             :            *   ski->ivlen = cipher_get_blocksize (ski->algo);
    2448             :            * won't work.  The only solution I see is to hardwire it.
    2449             :            * NOTE: if you change the ivlen above 16, don't forget to
    2450             :            * enlarge temp.  */
    2451          33 :           ski->ivlen = openpgp_cipher_blocklen (ski->algo);
    2452          33 :           log_assert (ski->ivlen <= sizeof (temp));
    2453             : 
    2454          33 :           if (ski->s2k.mode == 1001)
    2455           0 :             ski->ivlen = 0;
    2456          33 :           else if (ski->s2k.mode == 1002)
    2457           0 :             ski->ivlen = snlen < 16 ? snlen : 16;
    2458             : 
    2459          33 :           if (pktlen < ski->ivlen)
    2460             :             {
    2461           0 :               err = gpg_error (GPG_ERR_INV_PACKET);
    2462           0 :               goto leave;
    2463             :             }
    2464         513 :           for (i = 0; i < ski->ivlen; i++, pktlen--)
    2465         480 :             temp[i] = iobuf_get_noeof (inp);
    2466          33 :           if (list_mode)
    2467             :             {
    2468           2 :               es_fprintf (listfp,
    2469           2 :                           ski->s2k.mode == 1002 ? "\tserial-number: "
    2470             :                           : "\tprotect IV: ");
    2471          34 :               for (i = 0; i < ski->ivlen; i++)
    2472          32 :                 es_fprintf (listfp, " %02x", temp[i]);
    2473           2 :               es_putc ('\n', listfp);
    2474             :             }
    2475          33 :           memcpy (ski->iv, temp, ski->ivlen);
    2476             :         }
    2477             : 
    2478             :       /* It does not make sense to read it into secure memory.
    2479             :        * If the user is so careless, not to protect his secret key,
    2480             :        * we can assume, that he operates an open system :=(.
    2481             :        * So we put the key into secure memory when we unprotect it. */
    2482          38 :       if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
    2483             :         {
    2484             :           /* Better set some dummy stuff here.  */
    2485           0 :           pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
    2486           0 :                                                  xstrdup ("dummydata"),
    2487             :                                                  10 * 8);
    2488           0 :           pktlen = 0;
    2489             :         }
    2490          38 :       else if (ski->is_protected)
    2491             :         {
    2492          33 :           if (pktlen < 2) /* At least two bytes for the length.  */
    2493             :             {
    2494           0 :               err = gpg_error (GPG_ERR_INV_PACKET);
    2495           0 :               goto leave;
    2496             :             }
    2497             : 
    2498             :           /* Ugly: The length is encrypted too, so we read all stuff
    2499             :            * up to the end of the packet into the first SKEY
    2500             :            * element.  */
    2501          33 :           pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
    2502             :                                                  read_rest (inp, pktlen),
    2503             :                                                  pktlen * 8);
    2504             :           /* Mark that MPI as protected - we need this information for
    2505             :              importing a key.  The OPAQUE flag can't be used because
    2506             :              we also store public EdDSA values in opaque MPIs.  */
    2507          33 :           if (pk->pkey[npkey])
    2508          33 :             gcry_mpi_set_flag (pk->pkey[npkey], GCRYMPI_FLAG_USER1);
    2509          33 :           pktlen = 0;
    2510          33 :           if (list_mode)
    2511           2 :             es_fprintf (listfp, "\tskey[%d]: [v4 protected]\n", npkey);
    2512             :         }
    2513             :       else
    2514             :         {
    2515             :           /* Not encrypted.  */
    2516          19 :           for (i = npkey; i < nskey; i++)
    2517             :             {
    2518             :               unsigned int n;
    2519             : 
    2520          14 :               if (pktlen < 2) /* At least two bytes for the length.  */
    2521             :                 {
    2522           0 :                   err = gpg_error (GPG_ERR_INV_PACKET);
    2523           0 :                   goto leave;
    2524             :                 }
    2525          14 :               n = pktlen;
    2526          14 :               pk->pkey[i] = mpi_read (inp, &n, 0);
    2527          14 :               pktlen -= n;
    2528          14 :               if (list_mode)
    2529             :                 {
    2530           6 :                   es_fprintf (listfp, "\tskey[%d]: ", i);
    2531           6 :                   mpi_print (listfp, pk->pkey[i], mpi_print_mode);
    2532           6 :                   es_putc ('\n', listfp);
    2533             :                 }
    2534             : 
    2535          14 :               if (!pk->pkey[i])
    2536           0 :                 err = gpg_error (GPG_ERR_INV_PACKET);
    2537             :             }
    2538           5 :           if (err)
    2539           0 :             goto leave;
    2540             : 
    2541           5 :           if (pktlen < 2)
    2542             :             {
    2543           0 :               err = gpg_error (GPG_ERR_INV_PACKET);
    2544           0 :               goto leave;
    2545             :             }
    2546           5 :           ski->csum = read_16 (inp);
    2547           5 :           pktlen -= 2;
    2548           5 :           if (list_mode)
    2549           3 :             es_fprintf (listfp, "\tchecksum: %04hx\n", ski->csum);
    2550             :         }
    2551             :     }
    2552             : 
    2553             :   /* Note that KEYID below has been initialized above in list_mode.  */
    2554        7293 :   if (list_mode)
    2555          20 :     es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
    2556          20 :                 (ulong) keyid[0], (ulong) keyid[1]);
    2557             : 
    2558             :  leave:
    2559        7295 :   iobuf_skip_rest (inp, pktlen, 0);
    2560        7295 :   return err;
    2561             : }
    2562             : 
    2563             : 
    2564             : /* Attribute subpackets have the same format as v4 signature
    2565             :    subpackets.  This is not part of OpenPGP, but is done in several
    2566             :    versions of PGP nevertheless.  */
    2567             : int
    2568           0 : parse_attribute_subpkts (PKT_user_id * uid)
    2569             : {
    2570             :   size_t n;
    2571           0 :   int count = 0;
    2572           0 :   struct user_attribute *attribs = NULL;
    2573           0 :   const byte *buffer = uid->attrib_data;
    2574           0 :   int buflen = uid->attrib_len;
    2575             :   byte type;
    2576             : 
    2577           0 :   xfree (uid->attribs);
    2578             : 
    2579           0 :   while (buflen)
    2580             :     {
    2581           0 :       n = *buffer++;
    2582           0 :       buflen--;
    2583           0 :       if (n == 255)  /* 4 byte length header.  */
    2584             :         {
    2585           0 :           if (buflen < 4)
    2586           0 :             goto too_short;
    2587           0 :           n = buf32_to_size_t (buffer);
    2588           0 :           buffer += 4;
    2589           0 :           buflen -= 4;
    2590             :         }
    2591           0 :       else if (n >= 192)  /* 2 byte special encoded length header.  */
    2592             :         {
    2593           0 :           if (buflen < 2)
    2594           0 :             goto too_short;
    2595           0 :           n = ((n - 192) << 8) + *buffer + 192;
    2596           0 :           buffer++;
    2597           0 :           buflen--;
    2598             :         }
    2599           0 :       if (buflen < n)
    2600           0 :         goto too_short;
    2601             : 
    2602           0 :       if (!n)
    2603             :         {
    2604             :           /* Too short to encode the subpacket type.  */
    2605           0 :           if (opt.verbose)
    2606           0 :             log_info ("attribute subpacket too short\n");
    2607           0 :           break;
    2608             :         }
    2609             : 
    2610           0 :       attribs = xrealloc (attribs,
    2611             :                           (count + 1) * sizeof (struct user_attribute));
    2612           0 :       memset (&attribs[count], 0, sizeof (struct user_attribute));
    2613             : 
    2614           0 :       type = *buffer;
    2615           0 :       buffer++;
    2616           0 :       buflen--;
    2617           0 :       n--;
    2618             : 
    2619           0 :       attribs[count].type = type;
    2620           0 :       attribs[count].data = buffer;
    2621           0 :       attribs[count].len = n;
    2622           0 :       buffer += n;
    2623           0 :       buflen -= n;
    2624           0 :       count++;
    2625             :     }
    2626             : 
    2627           0 :   uid->attribs = attribs;
    2628           0 :   uid->numattribs = count;
    2629           0 :   return count;
    2630             : 
    2631             :  too_short:
    2632           0 :   if (opt.verbose)
    2633           0 :     log_info ("buffer shorter than attribute subpacket\n");
    2634           0 :   uid->attribs = attribs;
    2635           0 :   uid->numattribs = count;
    2636           0 :   return count;
    2637             : }
    2638             : 
    2639             : 
    2640             : static int
    2641        4408 : parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
    2642             : {
    2643             :   byte *p;
    2644             : 
    2645             :   /* Cap the size of a user ID at 2k: a value absurdly large enough
    2646             :      that there is no sane user ID string (which is printable text
    2647             :      as of RFC2440bis) that won't fit in it, but yet small enough to
    2648             :      avoid allocation problems.  A large pktlen may not be
    2649             :      allocatable, and a very large pktlen could actually cause our
    2650             :      allocation to wrap around in xmalloc to a small number. */
    2651             : 
    2652        4408 :   if (pktlen > MAX_UID_PACKET_LENGTH)
    2653             :     {
    2654           0 :       log_error ("packet(%d) too large\n", pkttype);
    2655           0 :       if (list_mode)
    2656           0 :         es_fprintf (listfp, ":user ID packet: [too large]\n");
    2657           0 :       iobuf_skip_rest (inp, pktlen, 0);
    2658           0 :       return GPG_ERR_INV_PACKET;
    2659             :     }
    2660             : 
    2661        4408 :   packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id + pktlen);
    2662        4408 :   packet->pkt.user_id->len = pktlen;
    2663        4408 :   packet->pkt.user_id->ref = 1;
    2664             : 
    2665        4408 :   p = packet->pkt.user_id->name;
    2666      143436 :   for (; pktlen; pktlen--, p++)
    2667      139028 :     *p = iobuf_get_noeof (inp);
    2668        4408 :   *p = 0;
    2669             : 
    2670        4408 :   if (list_mode)
    2671             :     {
    2672           6 :       int n = packet->pkt.user_id->len;
    2673           6 :       es_fprintf (listfp, ":user ID packet: \"");
    2674             :       /* fixme: Hey why don't we replace this with es_write_sanitized?? */
    2675         220 :       for (p = packet->pkt.user_id->name; n; p++, n--)
    2676             :         {
    2677         214 :           if (*p >= ' ' && *p <= 'z')
    2678         214 :             es_putc (*p, listfp);
    2679             :           else
    2680           0 :             es_fprintf (listfp, "\\x%02x", *p);
    2681             :         }
    2682           6 :       es_fprintf (listfp, "\"\n");
    2683             :     }
    2684        4408 :   return 0;
    2685             : }
    2686             : 
    2687             : 
    2688             : void
    2689           0 : make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
    2690             : {
    2691           0 :   log_assert (max_namelen > 70);
    2692           0 :   if (uid->numattribs <= 0)
    2693           0 :     sprintf (uid->name, "[bad attribute packet of size %lu]",
    2694             :              uid->attrib_len);
    2695           0 :   else if (uid->numattribs > 1)
    2696           0 :     sprintf (uid->name, "[%d attributes of size %lu]",
    2697             :              uid->numattribs, uid->attrib_len);
    2698             :   else
    2699             :     {
    2700             :       /* Only one attribute, so list it as the "user id" */
    2701             : 
    2702           0 :       if (uid->attribs->type == ATTRIB_IMAGE)
    2703             :         {
    2704             :           u32 len;
    2705             :           byte type;
    2706             : 
    2707           0 :           if (parse_image_header (uid->attribs, &type, &len))
    2708           0 :             sprintf (uid->name, "[%.20s image of size %lu]",
    2709             :                      image_type_to_string (type, 1), (ulong) len);
    2710             :           else
    2711           0 :             sprintf (uid->name, "[invalid image]");
    2712             :         }
    2713             :       else
    2714           0 :         sprintf (uid->name, "[unknown attribute of size %lu]",
    2715           0 :                  (ulong) uid->attribs->len);
    2716             :     }
    2717             : 
    2718           0 :   uid->len = strlen (uid->name);
    2719           0 : }
    2720             : 
    2721             : 
    2722             : static int
    2723           0 : parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
    2724             :                  PACKET * packet)
    2725             : {
    2726             :   byte *p;
    2727             : 
    2728             :   (void) pkttype;
    2729             : 
    2730             :   /* We better cap the size of an attribute packet to make DoS not too
    2731             :      easy.  16MB should be more then enough for one attribute packet
    2732             :      (ie. a photo).  */
    2733           0 :   if (pktlen > MAX_ATTR_PACKET_LENGTH)
    2734             :     {
    2735           0 :       log_error ("packet(%d) too large\n", pkttype);
    2736           0 :       if (list_mode)
    2737           0 :         es_fprintf (listfp, ":attribute packet: [too large]\n");
    2738           0 :       iobuf_skip_rest (inp, pktlen, 0);
    2739           0 :       return GPG_ERR_INV_PACKET;
    2740             :     }
    2741             : 
    2742             : #define EXTRA_UID_NAME_SPACE 71
    2743           0 :   packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
    2744             :                                        + EXTRA_UID_NAME_SPACE);
    2745           0 :   packet->pkt.user_id->ref = 1;
    2746           0 :   packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
    2747           0 :   packet->pkt.user_id->attrib_len = pktlen;
    2748             : 
    2749           0 :   p = packet->pkt.user_id->attrib_data;
    2750           0 :   for (; pktlen; pktlen--, p++)
    2751           0 :     *p = iobuf_get_noeof (inp);
    2752             : 
    2753             :   /* Now parse out the individual attribute subpackets.  This is
    2754             :      somewhat pointless since there is only one currently defined
    2755             :      attribute type (jpeg), but it is correct by the spec. */
    2756           0 :   parse_attribute_subpkts (packet->pkt.user_id);
    2757             : 
    2758           0 :   make_attribute_uidname (packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
    2759             : 
    2760           0 :   if (list_mode)
    2761             :     {
    2762           0 :       es_fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name);
    2763             :     }
    2764           0 :   return 0;
    2765             : }
    2766             : 
    2767             : 
    2768             : static int
    2769           0 : parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
    2770             : {
    2771             :   byte *p;
    2772             : 
    2773             :   /* Cap comment packet at a reasonable value to avoid an integer
    2774             :      overflow in the malloc below.  Comment packets are actually not
    2775             :      anymore define my OpenPGP and we even stopped to use our
    2776             :      private comment packet.  */
    2777           0 :   if (pktlen > MAX_COMMENT_PACKET_LENGTH)
    2778             :     {
    2779           0 :       log_error ("packet(%d) too large\n", pkttype);
    2780           0 :       if (list_mode)
    2781           0 :         es_fprintf (listfp, ":%scomment packet: [too large]\n",
    2782             :                     pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
    2783           0 :       iobuf_skip_rest (inp, pktlen, 0);
    2784           0 :       return GPG_ERR_INV_PACKET;
    2785             :     }
    2786           0 :   packet->pkt.comment = xmalloc (sizeof *packet->pkt.comment + pktlen - 1);
    2787           0 :   packet->pkt.comment->len = pktlen;
    2788           0 :   p = packet->pkt.comment->data;
    2789           0 :   for (; pktlen; pktlen--, p++)
    2790           0 :     *p = iobuf_get_noeof (inp);
    2791             : 
    2792           0 :   if (list_mode)
    2793             :     {
    2794           0 :       int n = packet->pkt.comment->len;
    2795           0 :       es_fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT ?
    2796             :                   "OpenPGP draft " : "");
    2797           0 :       for (p = packet->pkt.comment->data; n; p++, n--)
    2798             :         {
    2799           0 :           if (*p >= ' ' && *p <= 'z')
    2800           0 :             es_putc (*p, listfp);
    2801             :           else
    2802           0 :             es_fprintf (listfp, "\\x%02x", *p);
    2803             :         }
    2804           0 :       es_fprintf (listfp, "\"\n");
    2805             :     }
    2806           0 :   return 0;
    2807             : }
    2808             : 
    2809             : 
    2810             : static void
    2811         412 : parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
    2812             : {
    2813             :   int c;
    2814             : 
    2815             :   (void) pkttype;
    2816             : 
    2817         412 :   pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
    2818         412 :   if (pktlen)
    2819             :     {
    2820         412 :       c = iobuf_get_noeof (inp);
    2821         412 :       pktlen--;
    2822         412 :       pkt->pkt.ring_trust->trustval = c;
    2823         412 :       pkt->pkt.ring_trust->sigcache = 0;
    2824         412 :       if (!c && pktlen == 1)
    2825             :         {
    2826         407 :           c = iobuf_get_noeof (inp);
    2827         407 :           pktlen--;
    2828             :           /* We require that bit 7 of the sigcache is 0 (easier eof
    2829             :              handling).  */
    2830         407 :           if (!(c & 0x80))
    2831         407 :             pkt->pkt.ring_trust->sigcache = c;
    2832             :         }
    2833         412 :       if (list_mode)
    2834           0 :         es_fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
    2835           0 :                     pkt->pkt.ring_trust->trustval,
    2836           0 :                     pkt->pkt.ring_trust->sigcache);
    2837             :     }
    2838             :   else
    2839             :     {
    2840           0 :       pkt->pkt.ring_trust->trustval = 0;
    2841           0 :       pkt->pkt.ring_trust->sigcache = 0;
    2842           0 :       if (list_mode)
    2843           0 :         es_fprintf (listfp, ":trust packet: empty\n");
    2844             :     }
    2845         412 :   iobuf_skip_rest (inp, pktlen, 0);
    2846         412 : }
    2847             : 
    2848             : 
    2849             : static int
    2850         463 : parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
    2851             :                  PACKET * pkt, int new_ctb, int partial)
    2852             : {
    2853         463 :   int rc = 0;
    2854             :   int mode, namelen;
    2855             :   PKT_plaintext *pt;
    2856             :   byte *p;
    2857             :   int c, i;
    2858             : 
    2859         463 :   if (!partial && pktlen < 6)
    2860             :     {
    2861           0 :       log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
    2862           0 :       if (list_mode)
    2863           0 :         es_fputs (":literal data packet: [too short]\n", listfp);
    2864           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    2865           0 :       goto leave;
    2866             :     }
    2867         463 :   mode = iobuf_get_noeof (inp);
    2868         463 :   if (pktlen)
    2869         421 :     pktlen--;
    2870         463 :   namelen = iobuf_get_noeof (inp);
    2871         463 :   if (pktlen)
    2872         421 :     pktlen--;
    2873             :   /* Note that namelen will never exceed 255 bytes. */
    2874         463 :   pt = pkt->pkt.plaintext =
    2875         463 :     xmalloc (sizeof *pkt->pkt.plaintext + namelen - 1);
    2876         463 :   pt->new_ctb = new_ctb;
    2877         463 :   pt->mode = mode;
    2878         463 :   pt->namelen = namelen;
    2879         463 :   pt->is_partial = partial;
    2880         463 :   if (pktlen)
    2881             :     {
    2882        3443 :       for (i = 0; pktlen > 4 && i < namelen; pktlen--, i++)
    2883        3022 :         pt->name[i] = iobuf_get_noeof (inp);
    2884             :     }
    2885             :   else
    2886             :     {
    2887          56 :       for (i = 0; i < namelen; i++)
    2888          14 :         if ((c = iobuf_get (inp)) == -1)
    2889           0 :           break;
    2890             :         else
    2891          14 :           pt->name[i] = c;
    2892             :     }
    2893         463 :   pt->timestamp = read_32 (inp);
    2894         463 :   if (pktlen)
    2895         421 :     pktlen -= 4;
    2896         463 :   pt->len = pktlen;
    2897         463 :   pt->buf = inp;
    2898             : 
    2899         463 :   if (list_mode)
    2900             :     {
    2901          12 :       es_fprintf (listfp, ":literal data packet:\n"
    2902             :                   "\tmode %c (%X), created %lu, name=\"",
    2903           6 :                   mode >= ' ' && mode < 'z' ? mode : '?', mode,
    2904           6 :                   (ulong) pt->timestamp);
    2905          11 :       for (p = pt->name, i = 0; i < namelen; p++, i++)
    2906             :         {
    2907           5 :           if (*p >= ' ' && *p <= 'z')
    2908           5 :             es_putc (*p, listfp);
    2909             :           else
    2910           0 :             es_fprintf (listfp, "\\x%02x", *p);
    2911             :         }
    2912           6 :       es_fprintf (listfp, "\",\n\traw data: ");
    2913           6 :       if (partial)
    2914           0 :         es_fprintf (listfp, "unknown length\n");
    2915             :       else
    2916           6 :         es_fprintf (listfp, "%lu bytes\n", (ulong) pt->len);
    2917             :     }
    2918             : 
    2919             :  leave:
    2920         463 :   return rc;
    2921             : }
    2922             : 
    2923             : 
    2924             : static int
    2925         424 : parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
    2926             :                   PACKET * pkt, int new_ctb)
    2927             : {
    2928             :   PKT_compressed *zd;
    2929             : 
    2930             :   /* PKTLEN is here 0, but data follows (this should be the last
    2931             :      object in a file or the compress algorithm should know the
    2932             :      length).  */
    2933             :   (void) pkttype;
    2934             :   (void) pktlen;
    2935             : 
    2936         424 :   zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
    2937         424 :   zd->algorithm = iobuf_get_noeof (inp);
    2938         424 :   zd->len = 0;                       /* not used */
    2939         424 :   zd->new_ctb = new_ctb;
    2940         424 :   zd->buf = inp;
    2941         424 :   if (list_mode)
    2942           6 :     es_fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
    2943         424 :   return 0;
    2944             : }
    2945             : 
    2946             : 
    2947             : static int
    2948         319 : parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
    2949             :                  PACKET * pkt, int new_ctb, int partial)
    2950             : {
    2951         319 :   int rc = 0;
    2952             :   PKT_encrypted *ed;
    2953         319 :   unsigned long orig_pktlen = pktlen;
    2954             : 
    2955         319 :   ed = pkt->pkt.encrypted = xmalloc (sizeof *pkt->pkt.encrypted);
    2956             :   /* ed->len is set below.  */
    2957         319 :   ed->extralen = 0;  /* Unknown here; only used in build_packet.  */
    2958         319 :   ed->buf = NULL;
    2959         319 :   ed->new_ctb = new_ctb;
    2960         319 :   ed->is_partial = partial;
    2961         319 :   if (pkttype == PKT_ENCRYPTED_MDC)
    2962             :     {
    2963             :       /* Fixme: add some pktlen sanity checks.  */
    2964             :       int version;
    2965             : 
    2966         259 :       version = iobuf_get_noeof (inp);
    2967         259 :       if (orig_pktlen)
    2968          35 :         pktlen--;
    2969         259 :       if (version != 1)
    2970             :         {
    2971           0 :           log_error ("encrypted_mdc packet with unknown version %d\n",
    2972             :                      version);
    2973           0 :           if (list_mode)
    2974           0 :             es_fputs (":encrypted data packet: [unknown version]\n", listfp);
    2975             :           /*skip_rest(inp, pktlen); should we really do this? */
    2976           0 :           rc = gpg_error (GPG_ERR_INV_PACKET);
    2977           0 :           goto leave;
    2978             :         }
    2979         259 :       ed->mdc_method = DIGEST_ALGO_SHA1;
    2980             :     }
    2981             :   else
    2982          60 :     ed->mdc_method = 0;
    2983             : 
    2984             :   /* A basic sanity check.  We need at least an 8 byte IV plus the 2
    2985             :      detection bytes.  Note that we don't known the algorithm and thus
    2986             :      we may only check against the minimum blocksize.  */
    2987         319 :   if (orig_pktlen && pktlen < 10)
    2988             :     {
    2989             :       /* Actually this is blocksize+2.  */
    2990           0 :       log_error ("packet(%d) too short\n", pkttype);
    2991           0 :       if (list_mode)
    2992           0 :         es_fputs (":encrypted data packet: [too short]\n", listfp);
    2993           0 :       rc = GPG_ERR_INV_PACKET;
    2994           0 :       iobuf_skip_rest (inp, pktlen, partial);
    2995           0 :       goto leave;
    2996             :     }
    2997             : 
    2998             :   /* Store the remaining length of the encrypted data (i.e. without
    2999             :      the MDC version number but with the IV etc.).  This value is
    3000             :      required during decryption.  */
    3001         319 :   ed->len = pktlen;
    3002             : 
    3003         319 :   if (list_mode)
    3004             :     {
    3005           5 :       if (orig_pktlen)
    3006           5 :         es_fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
    3007             :                     orig_pktlen);
    3008             :       else
    3009           0 :         es_fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
    3010           5 :       if (ed->mdc_method)
    3011           0 :         es_fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method);
    3012             :     }
    3013             : 
    3014         319 :   ed->buf = inp;
    3015             : 
    3016             :  leave:
    3017         319 :   return rc;
    3018             : }
    3019             : 
    3020             : 
    3021             : /* Note, that this code is not anymore used in real life because the
    3022             :    MDC checking is now done right after the decryption in
    3023             :    decrypt_data.  */
    3024             : static int
    3025           0 : parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
    3026             :            PACKET * pkt, int new_ctb)
    3027             : {
    3028           0 :   int rc = 0;
    3029             :   PKT_mdc *mdc;
    3030             :   byte *p;
    3031             : 
    3032             :   (void) pkttype;
    3033             : 
    3034           0 :   mdc = pkt->pkt.mdc = xmalloc (sizeof *pkt->pkt.mdc);
    3035           0 :   if (list_mode)
    3036           0 :     es_fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
    3037           0 :   if (!new_ctb || pktlen != 20)
    3038             :     {
    3039           0 :       log_error ("mdc_packet with invalid encoding\n");
    3040           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    3041           0 :       goto leave;
    3042             :     }
    3043           0 :   p = mdc->hash;
    3044           0 :   for (; pktlen; pktlen--, p++)
    3045           0 :     *p = iobuf_get_noeof (inp);
    3046             : 
    3047             :  leave:
    3048           0 :   return rc;
    3049             : }
    3050             : 
    3051             : 
    3052             : /*
    3053             :  * This packet is internally generated by us (ibn armor.c) to transfer
    3054             :  * some information to the lower layer.  To make sure that this packet
    3055             :  * is really a GPG faked one and not one coming from outside, we
    3056             :  * first check that there is a unique tag in it.
    3057             :  *
    3058             :  * The format of such a control packet is:
    3059             :  *   n byte  session marker
    3060             :  *   1 byte  control type CTRLPKT_xxxxx
    3061             :  *   m byte  control data
    3062             :  */
    3063             : static int
    3064          17 : parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
    3065             :                    PACKET * packet, int partial)
    3066             : {
    3067             :   byte *p;
    3068             :   const byte *sesmark;
    3069             :   size_t sesmarklen;
    3070             :   int i;
    3071             : 
    3072             :   (void) pkttype;
    3073             : 
    3074          17 :   if (list_mode)
    3075           0 :     es_fprintf (listfp, ":packet 63: length %lu ", pktlen);
    3076             : 
    3077          17 :   sesmark = get_session_marker (&sesmarklen);
    3078          17 :   if (pktlen < sesmarklen + 1)       /* 1 is for the control bytes */
    3079           0 :     goto skipit;
    3080         289 :   for (i = 0; i < sesmarklen; i++, pktlen--)
    3081             :     {
    3082         272 :       if (sesmark[i] != iobuf_get_noeof (inp))
    3083           0 :         goto skipit;
    3084             :     }
    3085          17 :   if (pktlen > 4096)
    3086           0 :     goto skipit;  /* Definitely too large.  We skip it to avoid an
    3087             :                      overflow in the malloc.  */
    3088          17 :   if (list_mode)
    3089           0 :     es_fputs ("- gpg control packet", listfp);
    3090             : 
    3091          17 :   packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
    3092             :                                      + pktlen - 1);
    3093          17 :   packet->pkt.gpg_control->control = iobuf_get_noeof (inp);
    3094          17 :   pktlen--;
    3095          17 :   packet->pkt.gpg_control->datalen = pktlen;
    3096          17 :   p = packet->pkt.gpg_control->data;
    3097          51 :   for (; pktlen; pktlen--, p++)
    3098          34 :     *p = iobuf_get_noeof (inp);
    3099             : 
    3100          17 :   return 0;
    3101             : 
    3102             :  skipit:
    3103           0 :   if (list_mode)
    3104             :     {
    3105             :       int c;
    3106             : 
    3107           0 :       i = 0;
    3108           0 :       es_fprintf (listfp, "- private (rest length %lu)\n", pktlen);
    3109           0 :       if (partial)
    3110             :         {
    3111           0 :           while ((c = iobuf_get (inp)) != -1)
    3112           0 :             dump_hex_line (c, &i);
    3113             :         }
    3114             :       else
    3115             :         {
    3116           0 :           for (; pktlen; pktlen--)
    3117             :             {
    3118           0 :               dump_hex_line ((c = iobuf_get (inp)), &i);
    3119           0 :               if (c == -1)
    3120           0 :                 break;
    3121             :             }
    3122             :         }
    3123           0 :       es_putc ('\n', listfp);
    3124             :     }
    3125           0 :   iobuf_skip_rest (inp, pktlen, 0);
    3126           0 :   return gpg_error (GPG_ERR_INV_PACKET);
    3127             : }
    3128             : 
    3129             : 
    3130             : /* Create a GPG control packet to be used internally as a placeholder.  */
    3131             : PACKET *
    3132         457 : create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
    3133             : {
    3134             :   PACKET *packet;
    3135             :   byte *p;
    3136             : 
    3137         457 :   packet = xmalloc (sizeof *packet);
    3138         457 :   init_packet (packet);
    3139         457 :   packet->pkttype = PKT_GPG_CONTROL;
    3140         457 :   packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
    3141             :                                      + datalen - 1);
    3142         457 :   packet->pkt.gpg_control->control = type;
    3143         457 :   packet->pkt.gpg_control->datalen = datalen;
    3144         457 :   p = packet->pkt.gpg_control->data;
    3145         457 :   for (; datalen; datalen--, p++)
    3146           0 :     *p = *data++;
    3147             : 
    3148         457 :   return packet;
    3149             : }

Generated by: LCOV version 1.11