LCOV - code coverage report
Current view: top level - g10 - parse-packet.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 695 1514 45.9 %
Date: 2015-11-05 17:10:59 Functions: 27 42 64.3 %

          Line data    Source code
       1             : /* parse-packet.c  - read packets
       2             :  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
       3             :  *               2007, 2009, 2010 Free Software Foundation, Inc.
       4             :  * Copyright (C) 2014 Werner Koch
       5             :  * Copyright (C) 2015 g10 Code GmbH
       6             :  *
       7             :  * This file is part of GnuPG.
       8             :  *
       9             :  * GnuPG is free software; you can redistribute it and/or modify
      10             :  * it under the terms of the GNU General Public License as published by
      11             :  * the Free Software Foundation; either version 3 of the License, or
      12             :  * (at your option) any later version.
      13             :  *
      14             :  * GnuPG is distributed in the hope that it will be useful,
      15             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      16             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      17             :  * GNU General Public License for more details.
      18             :  *
      19             :  * You should have received a copy of the GNU General Public License
      20             :  * along with this program; if not, see <http://www.gnu.org/licenses/>.
      21             :  */
      22             : 
      23             : #include <config.h>
      24             : #include <stdio.h>
      25             : #include <stdlib.h>
      26             : #include <string.h>
      27             : #include <assert.h>
      28             : 
      29             : #include "gpg.h"
      30             : #include "util.h"
      31             : #include "packet.h"
      32             : #include "iobuf.h"
      33             : #include "filter.h"
      34             : #include "photoid.h"
      35             : #include "options.h"
      36             : #include "main.h"
      37             : #include "i18n.h"
      38             : #include "host2net.h"
      39             : 
      40             : 
      41             : /* Maximum length of packets to avoid excessive memory allocation.  */
      42             : #define MAX_KEY_PACKET_LENGTH     (256 * 1024)
      43             : #define MAX_UID_PACKET_LENGTH     (  2 * 1024)
      44             : #define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024)
      45             : #define MAX_ATTR_PACKET_LENGTH    ( 16 * 1024*1024)
      46             : 
      47             : 
      48             : static int mpi_print_mode;
      49             : static int list_mode;
      50             : static estream_t listfp;
      51             : 
      52             : static int parse (IOBUF inp, PACKET * pkt, int onlykeypkts,
      53             :                   off_t * retpos, int *skip, IOBUF out, int do_skip
      54             : #ifdef DEBUG_PARSE_PACKET
      55             :                   , const char *dbg_w, const char *dbg_f, int dbg_l
      56             : #endif
      57             :   );
      58             : static int copy_packet (IOBUF inp, IOBUF out, int pkttype,
      59             :                         unsigned long pktlen, int partial);
      60             : static void skip_packet (IOBUF inp, int pkttype,
      61             :                          unsigned long pktlen, int partial);
      62             : static void *read_rest (IOBUF inp, size_t pktlen);
      63             : static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen);
      64             : static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
      65             :                             PACKET * packet);
      66             : static int parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
      67             :                             PACKET * packet);
      68             : static int parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
      69             :                               PKT_onepass_sig * ops);
      70             : static int parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
      71             :                       byte * hdr, int hdrlen, PACKET * packet);
      72             : static int parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen,
      73             :                           PACKET * packet);
      74             : static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
      75             :                             PACKET * packet);
      76             : static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen,
      77             :                           PACKET * packet);
      78             : static void parse_trust (IOBUF inp, int pkttype, unsigned long pktlen,
      79             :                          PACKET * packet);
      80             : static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
      81             :                             PACKET * packet, int new_ctb, int partial);
      82             : static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
      83             :                              PACKET * packet, int new_ctb);
      84             : static int parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
      85             :                             PACKET * packet, int new_ctb, int partial);
      86             : static int parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
      87             :                       PACKET * packet, int new_ctb);
      88             : static int parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
      89             :                               PACKET * packet, int partial);
      90             : 
      91             : /* Read a 16-bit value in MSB order (big endian) from an iobuf.  */
      92             : static unsigned short
      93       11458 : read_16 (IOBUF inp)
      94             : {
      95             :   unsigned short a;
      96       11458 :   a = (unsigned short)iobuf_get_noeof (inp) << 8;
      97       11458 :   a |= iobuf_get_noeof (inp);
      98       11458 :   return a;
      99             : }
     100             : 
     101             : 
     102             : /* Read a 32-bit value in MSB order (big endian) from an iobuf.  */
     103             : static unsigned long
     104        8334 : read_32 (IOBUF inp)
     105             : {
     106             :   unsigned long a;
     107        8334 :   a = (unsigned long)iobuf_get_noeof (inp) << 24;
     108        8334 :   a |= iobuf_get_noeof (inp) << 16;
     109        8334 :   a |= iobuf_get_noeof (inp) << 8;
     110        8334 :   a |= iobuf_get_noeof (inp);
     111        8334 :   return a;
     112             : }
     113             : 
     114             : 
     115             : /* Read an external representation of an MPI and return the MPI.  The
     116             :    external format is a 16-bit unsigned value stored in network byte
     117             :    order giving the number of bits for the following integer.  The
     118             :    integer is stored MSB first and is left padded with zero bits to
     119             :    align on a byte boundary.
     120             : 
     121             :    The caller must set *RET_NREAD to the maximum number of bytes to
     122             :    read from the pipeline INP.  This function sets *RET_NREAD to be
     123             :    the number of bytes actually read from the pipeline.
     124             : 
     125             :    If SECURE is true, the integer is stored in secure memory
     126             :    (allocated using gcry_xmalloc_secure).  */
     127             : static gcry_mpi_t
     128       28287 : mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
     129             : {
     130             :   int c, c1, c2, i;
     131       28287 :   unsigned int nmax = *ret_nread;
     132             :   unsigned int nbits, nbytes;
     133       28287 :   size_t nread = 0;
     134       28287 :   gcry_mpi_t a = NULL;
     135       28287 :   byte *buf = NULL;
     136             :   byte *p;
     137             : 
     138       28287 :   if (!nmax)
     139           0 :     goto overflow;
     140             : 
     141       28287 :   if ((c = c1 = iobuf_get (inp)) == -1)
     142           0 :     goto leave;
     143       28287 :   if (++nread == nmax)
     144           0 :     goto overflow;
     145       28287 :   nbits = c << 8;
     146       28287 :   if ((c = c2 = iobuf_get (inp)) == -1)
     147           0 :     goto leave;
     148       28287 :   ++nread;
     149       28287 :   nbits |= c;
     150       28287 :   if (nbits > MAX_EXTERN_MPI_BITS)
     151             :     {
     152           0 :       log_error ("mpi too large (%u bits)\n", nbits);
     153           0 :       goto leave;
     154             :     }
     155             : 
     156       28287 :   nbytes = (nbits + 7) / 8;
     157       28287 :   buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
     158       28287 :   p = buf;
     159       28287 :   p[0] = c1;
     160       28287 :   p[1] = c2;
     161     1819156 :   for (i = 0; i < nbytes; i++)
     162             :     {
     163     1790869 :       if (nread == nmax)
     164           0 :         goto overflow;
     165             : 
     166     1790869 :       c = iobuf_get (inp);
     167     1790869 :       if (c == -1)
     168           0 :         goto leave;
     169             : 
     170     1790869 :       p[i + 2] = c;
     171     1790869 :       nread ++;
     172             :     }
     173             : 
     174       28287 :   if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
     175           0 :     a = NULL;
     176             : 
     177       28287 :   *ret_nread = nread;
     178       28287 :   gcry_free(buf);
     179       28287 :   return a;
     180             : 
     181             :  overflow:
     182           0 :   log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
     183             :  leave:
     184           0 :   *ret_nread = nread;
     185           0 :   gcry_free(buf);
     186           0 :   return a;
     187             : }
     188             : 
     189             : 
     190             : int
     191        4919 : set_packet_list_mode (int mode)
     192             : {
     193        4919 :   int old = list_mode;
     194        4919 :   list_mode = mode;
     195             : 
     196             :   /* We use stdout only if invoked by the --list-packets command
     197             :      but switch to stderr in all other cases.  This breaks the
     198             :      previous behaviour but that seems to be more of a bug than
     199             :      intentional.  I don't believe that any application makes use of
     200             :      this long standing annoying way of printing to stdout except when
     201             :      doing a --list-packets. If this assumption fails, it will be easy
     202             :      to add an option for the listing stream.  Note that we initialize
     203             :      it only once; mainly because there is code which switches
     204             :      opt.list_mode back to 1 and we want to have all output to the
     205             :      same stream.  The MPI_PRINT_MODE will be enabled if the
     206             :      corresponding debug flag is set or if we are in --list-packets
     207             :      and --verbose is given.
     208             : 
     209             :      Using stderr is not actually very clean because it bypasses the
     210             :      logging code but it is a special thing anyway.  I am not sure
     211             :      whether using log_stream() would be better.  Perhaps we should
     212             :      enable the list mode only with a special option. */
     213        4919 :   if (!listfp)
     214             :     {
     215         813 :       if (opt.list_packets == 2)
     216             :         {
     217           1 :           listfp = es_stdout;
     218           1 :           if (opt.verbose)
     219           0 :             mpi_print_mode = 1;
     220             :         }
     221             :       else
     222         812 :         listfp = es_stderr;
     223             : 
     224         813 :       if (opt.debug && DBG_MPI_VALUE)
     225           0 :         mpi_print_mode = 1;
     226             :     }
     227        4919 :   return old;
     228             : }
     229             : 
     230             : 
     231             : /* If OPT.VERBOSE is set, print a warning that the algorithm ALGO is
     232             :    not suitable for signing and encryption.  */
     233             : static void
     234           0 : unknown_pubkey_warning (int algo)
     235             : {
     236             :   static byte unknown_pubkey_algos[256];
     237             : 
     238             :   /* First check whether the algorithm is usable but not suitable for
     239             :      encryption/signing.  */
     240           0 :   if (pubkey_get_npkey (algo))
     241             :     {
     242           0 :       if (opt.verbose)
     243             :         {
     244           0 :           if (!pubkey_get_nsig (algo))
     245           0 :             log_info ("public key algorithm %s not suitable for %s\n",
     246             :                       openpgp_pk_algo_name (algo), "signing");
     247           0 :           if (!pubkey_get_nenc (algo))
     248           0 :             log_info ("public key algorithm %s not suitable for %s\n",
     249             :                       openpgp_pk_algo_name (algo), "encryption");
     250             :         }
     251             :     }
     252             :   else
     253             :     {
     254           0 :       algo &= 0xff;
     255           0 :       if (!unknown_pubkey_algos[algo])
     256             :         {
     257           0 :           if (opt.verbose)
     258           0 :             log_info (_("can't handle public key algorithm %d\n"), algo);
     259           0 :           unknown_pubkey_algos[algo] = 1;
     260             :         }
     261             :     }
     262           0 : }
     263             : 
     264             : 
     265             : #ifdef DEBUG_PARSE_PACKET
     266             : int
     267       20965 : dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l)
     268             : {
     269             :   int skip, rc;
     270             : 
     271             :   do
     272             :     {
     273       20965 :       rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l);
     274             :     }
     275       20965 :   while (skip && ! rc);
     276       20965 :   return rc;
     277             : }
     278             : #else /*!DEBUG_PARSE_PACKET*/
     279             : int
     280             : parse_packet (IOBUF inp, PACKET * pkt)
     281             : {
     282             :   int skip, rc;
     283             : 
     284             :   do
     285             :     {
     286             :       rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0);
     287             :     }
     288             :   while (skip && ! rc);
     289             :   return rc;
     290             : }
     291             : #endif /*!DEBUG_PARSE_PACKET*/
     292             : 
     293             : 
     294             : /*
     295             :  * Like parse packet, but only return secret or public (sub)key
     296             :  * packets.
     297             :  */
     298             : #ifdef DEBUG_PARSE_PACKET
     299             : int
     300           0 : dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid,
     301             :                    const char *dbg_f, int dbg_l)
     302             : {
     303             :   int skip, rc;
     304             : 
     305             :   do
     306             :     {
     307           0 :       rc =
     308           0 :         parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search",
     309             :                dbg_f, dbg_l);
     310             :     }
     311           0 :   while (skip && ! rc);
     312           0 :   return rc;
     313             : }
     314             : #else /*!DEBUG_PARSE_PACKET*/
     315             : int
     316             : search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid)
     317             : {
     318             :   int skip, rc;
     319             : 
     320             :   do
     321             :     {
     322             :       rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0);
     323             :     }
     324             :   while (skip && ! rc);
     325             :   return rc;
     326             : }
     327             : #endif /*!DEBUG_PARSE_PACKET*/
     328             : 
     329             : 
     330             : /*
     331             :  * Copy all packets from INP to OUT, thereby removing unused spaces.
     332             :  */
     333             : #ifdef DEBUG_PARSE_PACKET
     334             : int
     335           0 : dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l)
     336             : {
     337             :   PACKET pkt;
     338           0 :   int skip, rc = 0;
     339             : 
     340           0 :   if (! out)
     341           0 :     log_bug ("copy_all_packets: OUT may not be NULL.\n");
     342             : 
     343             :   do
     344             :     {
     345           0 :       init_packet (&pkt);
     346             :     }
     347             :   while (!
     348             :          (rc =
     349           0 :           parse (inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l)));
     350           0 :   return rc;
     351             : }
     352             : #else /*!DEBUG_PARSE_PACKET*/
     353             : int
     354             : copy_all_packets (IOBUF inp, IOBUF out)
     355             : {
     356             :   PACKET pkt;
     357             :   int skip, rc = 0;
     358             : 
     359             :   if (! out)
     360             :     log_bug ("copy_all_packets: OUT may not be NULL.\n");
     361             : 
     362             :   do
     363             :     {
     364             :       init_packet (&pkt);
     365             :     }
     366             :   while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
     367             :   return rc;
     368             : }
     369             : #endif /*!DEBUG_PARSE_PACKET*/
     370             : 
     371             : 
     372             : /*
     373             :  * Copy some packets from INP to OUT, thereby removing unused spaces.
     374             :  * Stop at offset STOPoff (i.e. don't copy packets at this or later
     375             :  * offsets)
     376             :  */
     377             : #ifdef DEBUG_PARSE_PACKET
     378             : int
     379           0 : dbg_copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff,
     380             :                        const char *dbg_f, int dbg_l)
     381             : {
     382             :   PACKET pkt;
     383           0 :   int skip, rc = 0;
     384             :   do
     385             :     {
     386           0 :       if (iobuf_tell (inp) >= stopoff)
     387           0 :         return 0;
     388           0 :       init_packet (&pkt);
     389             :     }
     390             :   while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0,
     391           0 :                        "some", dbg_f, dbg_l)));
     392           0 :   return rc;
     393             : }
     394             : #else /*!DEBUG_PARSE_PACKET*/
     395             : int
     396             : copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff)
     397             : {
     398             :   PACKET pkt;
     399             :   int skip, rc = 0;
     400             :   do
     401             :     {
     402             :       if (iobuf_tell (inp) >= stopoff)
     403             :         return 0;
     404             :       init_packet (&pkt);
     405             :     }
     406             :   while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
     407             :   return rc;
     408             : }
     409             : #endif /*!DEBUG_PARSE_PACKET*/
     410             : 
     411             : 
     412             : /*
     413             :  * Skip over N packets
     414             :  */
     415             : #ifdef DEBUG_PARSE_PACKET
     416             : int
     417           0 : dbg_skip_some_packets (IOBUF inp, unsigned n, const char *dbg_f, int dbg_l)
     418             : {
     419           0 :   int skip, rc = 0;
     420             :   PACKET pkt;
     421             : 
     422           0 :   for (; n && !rc; n--)
     423             :     {
     424           0 :       init_packet (&pkt);
     425           0 :       rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l);
     426             :     }
     427           0 :   return rc;
     428             : }
     429             : #else /*!DEBUG_PARSE_PACKET*/
     430             : int
     431             : skip_some_packets (IOBUF inp, unsigned n)
     432             : {
     433             :   int skip, rc = 0;
     434             :   PACKET pkt;
     435             : 
     436             :   for (; n && !rc; n--)
     437             :     {
     438             :       init_packet (&pkt);
     439             :       rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1);
     440             :     }
     441             :   return rc;
     442             : }
     443             : #endif /*!DEBUG_PARSE_PACKET*/
     444             : 
     445             : 
     446             : /* Parse a packet and save it in *PKT.
     447             : 
     448             :    If OUT is not NULL and the packet is valid (its type is not 0),
     449             :    then the header, the initial length field and the packet's contents
     450             :    are written to OUT.  In this case, the packet is not saved in *PKT.
     451             : 
     452             :    ONLYKEYPKTS is a simple packet filter.  If ONLYKEYPKTS is set to 1,
     453             :    then only public subkey packets, public key packets, private subkey
     454             :    packets and private key packets are parsed.  The rest are skipped
     455             :    (i.e., the header and the contents are read from the pipeline and
     456             :    discarded).  If ONLYKEYPKTS is set to 2, then in addition to the
     457             :    above 4 types of packets, user id packets are also accepted.
     458             : 
     459             :    DO_SKIP is a more coarse grained filter.  Unless ONLYKEYPKTS is set
     460             :    to 2 and the packet is a user id packet, all packets are skipped.
     461             : 
     462             :    Finally, if a packet is invalid (it's type is 0), it is skipped.
     463             : 
     464             :    If a packet is skipped and SKIP is not NULL, then *SKIP is set to
     465             :    1.
     466             : 
     467             :    Note: ONLYKEYPKTS and DO_SKIP are only respected if OUT is NULL,
     468             :    i.e., the packets are not simply being copied.
     469             : 
     470             :    If RETPOS is not NULL, then the position of INP (as returned by
     471             :    iobuf_tell) is saved there before any data is read from INP.
     472             :   */
     473             : static int
     474       20965 : parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
     475             :        int *skip, IOBUF out, int do_skip
     476             : #ifdef DEBUG_PARSE_PACKET
     477             :        , const char *dbg_w, const char *dbg_f, int dbg_l
     478             : #endif
     479             :        )
     480             : {
     481       20965 :   int rc = 0, c, ctb, pkttype, lenbytes;
     482             :   unsigned long pktlen;
     483             :   byte hdr[8];
     484             :   int hdrlen;
     485       20965 :   int new_ctb = 0, partial = 0;
     486       20965 :   int with_uid = (onlykeypkts == 2);
     487             :   off_t pos;
     488             : 
     489       20965 :   *skip = 0;
     490       20965 :   assert (!pkt->pkt.generic);
     491       20965 :   if (retpos || list_mode)
     492             :     {
     493           6 :       pos = iobuf_tell (inp);
     494          12 :       if (retpos)
     495           0 :         *retpos = pos;
     496             :     }
     497             :   else
     498       20959 :     pos = 0; /* (silence compiler warning) */
     499             : 
     500             :   /* The first byte of a packet is the so-called tag.  The highest bit
     501             :      must be set.  */
     502       20965 :   if ((ctb = iobuf_get (inp)) == -1)
     503             :     {
     504        4096 :       rc = -1;
     505        4096 :       goto leave;
     506             :     }
     507       16869 :   hdrlen = 0;
     508       16869 :   hdr[hdrlen++] = ctb;
     509             : 
     510       16869 :   if (!(ctb & 0x80))
     511             :     {
     512           0 :       log_error ("%s: invalid packet (ctb=%02x)\n", iobuf_where (inp), ctb);
     513           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
     514           0 :       goto leave;
     515             :     }
     516             : 
     517             :   /* Immediately following the header is the length.  There are two
     518             :      formats: the old format and the new format.  If bit 6 (where the
     519             :      least significant bit is bit 0) is set in the tag, then we are
     520             :      dealing with a new format packet.  Otherwise, it is an old format
     521             :      packet.  */
     522       16869 :   pktlen = 0;
     523       16869 :   new_ctb = !!(ctb & 0x40);
     524       16869 :   if (new_ctb)
     525             :     {
     526             :       /* Get the packet's type.  This is encoded in the 6 least
     527             :          significant bits of the tag.  */
     528         567 :       pkttype = ctb & 0x3f;
     529             : 
     530             :       /* Extract the packet's length.  New format packets have 4 ways
     531             :          to encode the packet length.  The value of the first byte
     532             :          determines the encoding and partially determines the length.
     533             :          See section 4.2.2 of RFC 4880 for details.  */
     534         567 :       if ((c = iobuf_get (inp)) == -1)
     535             :         {
     536           0 :           log_error ("%s: 1st length byte missing\n", iobuf_where (inp));
     537           0 :           rc = gpg_error (GPG_ERR_INV_PACKET);
     538           0 :           goto leave;
     539             :         }
     540             : 
     541             : 
     542         567 :       hdr[hdrlen++] = c;
     543         567 :       if (c < 192)
     544         261 :         pktlen = c;
     545         306 :       else if (c < 224)
     546             :         {
     547           7 :           pktlen = (c - 192) * 256;
     548           7 :           if ((c = iobuf_get (inp)) == -1)
     549             :             {
     550           0 :               log_error ("%s: 2nd length byte missing\n",
     551             :                          iobuf_where (inp));
     552           0 :               rc = gpg_error (GPG_ERR_INV_PACKET);
     553           0 :               goto leave;
     554             :             }
     555           7 :           hdr[hdrlen++] = c;
     556           7 :           pktlen += c + 192;
     557             :         }
     558         299 :       else if (c == 255)
     559             :         {
     560             :           int i;
     561             :           char value[4];
     562             : 
     563           0 :           for (i = 0; i < 4; i ++)
     564             :             {
     565           0 :               if ((c = iobuf_get (inp)) == -1)
     566             :                 {
     567           0 :                   log_error ("%s: 4 byte length invalid\n", iobuf_where (inp));
     568           0 :                   rc = gpg_error (GPG_ERR_INV_PACKET);
     569           0 :                   goto leave;
     570             :                 }
     571           0 :               value[i] = hdr[hdrlen++] = c;
     572             :             }
     573             : 
     574           0 :           pktlen = buf32_to_ulong (value);
     575             :         }
     576             :       else /* Partial body length.  */
     577             :         {
     578         299 :           switch (pkttype)
     579             :             {
     580             :             case PKT_PLAINTEXT:
     581             :             case PKT_ENCRYPTED:
     582             :             case PKT_ENCRYPTED_MDC:
     583             :             case PKT_COMPRESSED:
     584         299 :               iobuf_set_partial_block_mode (inp, c & 0xff);
     585         299 :               pktlen = 0;       /* To indicate partial length.  */
     586         299 :               partial = 1;
     587         299 :               break;
     588             : 
     589             :             default:
     590           0 :               log_error ("%s: partial length invalid for"
     591             :                          " packet type %d\n", iobuf_where (inp), pkttype);
     592           0 :               rc = gpg_error (GPG_ERR_INV_PACKET);
     593           0 :               goto leave;
     594             :             }
     595             :         }
     596             : 
     597             :     }
     598             :   else
     599             :     /* This is an old format packet.  */
     600             :     {
     601             :       /* Extract the packet's type.  This is encoded in bits 2-5.  */
     602       16302 :       pkttype = (ctb >> 2) & 0xf;
     603             : 
     604             :       /* The type of length encoding is encoded in bits 0-1 of the
     605             :          tag.  */
     606       16302 :       lenbytes = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
     607       16302 :       if (!lenbytes)
     608             :         {
     609         534 :           pktlen = 0;   /* Don't know the value.  */
     610             :           /* This isn't really partial, but we can treat it the same
     611             :              in a "read until the end" sort of way.  */
     612         534 :           partial = 1;
     613         534 :           if (pkttype != PKT_ENCRYPTED && pkttype != PKT_PLAINTEXT
     614         534 :               && pkttype != PKT_COMPRESSED)
     615             :             {
     616           0 :               log_error ("%s: indeterminate length for invalid"
     617             :                          " packet type %d\n", iobuf_where (inp), pkttype);
     618           0 :               rc = gpg_error (GPG_ERR_INV_PACKET);
     619           0 :               goto leave;
     620             :             }
     621             :         }
     622             :       else
     623             :         {
     624       36685 :           for (; lenbytes; lenbytes--)
     625             :             {
     626       20917 :               pktlen <<= 8;
     627       20917 :               c = iobuf_get (inp);
     628       20917 :               if (c == -1)
     629             :                 {
     630           0 :                   log_error ("%s: length invalid\n", iobuf_where (inp));
     631           0 :                   rc = gpg_error (GPG_ERR_INV_PACKET);
     632           0 :                   goto leave;
     633             :                 }
     634       20917 :               pktlen |= hdr[hdrlen++] = c;
     635             :             }
     636             :         }
     637             :     }
     638             : 
     639             :   /* Sometimes the decompressing layer enters an error state in which
     640             :      it simply outputs 0xff for every byte read.  If we have a stream
     641             :      of 0xff bytes, then it will be detected as a new format packet
     642             :      with type 63 and a 4-byte encoded length that is 4G-1.  Since
     643             :      packets with type 63 are private and we use them as a control
     644             :      packet, which won't be 4 GB, we reject such packets as
     645             :      invalid.  */
     646       16869 :   if (pkttype == 63 && pktlen == 0xFFFFFFFF)
     647             :     {
     648             :       /* With some probability this is caused by a problem in the
     649             :        * the uncompressing layer - in some error cases it just loops
     650             :        * and spits out 0xff bytes. */
     651           0 :       log_error ("%s: garbled packet detected\n", iobuf_where (inp));
     652           0 :       g10_exit (2);
     653             :     }
     654             : 
     655       16869 :   if (out && pkttype)
     656             :     {
     657             :       /* This type of copying won't work if the packet uses a partial
     658             :          body length.  (In other words, this only works if HDR is
     659             :          actually the length.)  Currently, no callers require this
     660             :          functionality so we just log this as an error.  */
     661           0 :       if (partial)
     662             :         {
     663           0 :           log_error ("parse: Can't copy partial packet.  Aborting.\n");
     664           0 :           rc = gpg_error (GPG_ERR_INV_PACKET);
     665           0 :           goto leave;
     666             :         }
     667             : 
     668           0 :       rc = iobuf_write (out, hdr, hdrlen);
     669           0 :       if (!rc)
     670           0 :         rc = copy_packet (inp, out, pkttype, pktlen, partial);
     671           0 :       goto leave;
     672             :     }
     673             : 
     674       16869 :   if (with_uid && pkttype == PKT_USER_ID)
     675             :     /* If ONLYKEYPKTS is set to 2, then we never skip user id packets,
     676             :        even if DO_SKIP is set.  */
     677             :     ;
     678       16869 :   else if (do_skip
     679             :            /* type==0 is not allowed.  This is an invalid packet.  */
     680       16869 :            || !pkttype
     681             :            /* When ONLYKEYPKTS is set, we don't skip keys.  */
     682       16869 :            || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
     683           0 :                && pkttype != PKT_PUBLIC_KEY
     684           0 :                && pkttype != PKT_SECRET_SUBKEY && pkttype != PKT_SECRET_KEY))
     685             :     {
     686           0 :       iobuf_skip_rest (inp, pktlen, partial);
     687           0 :       *skip = 1;
     688           0 :       rc = 0;
     689           0 :       goto leave;
     690             :     }
     691             : 
     692       16869 :   if (DBG_PACKET)
     693             :     {
     694             : #ifdef DEBUG_PARSE_PACKET
     695           0 :       log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
     696             :                  iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "",
     697             :                  dbg_w, dbg_f, dbg_l);
     698             : #else
     699             :       log_debug ("parse_packet(iob=%d): type=%d length=%lu%s\n",
     700             :                  iobuf_id (inp), pkttype, pktlen,
     701             :                  new_ctb ? " (new_ctb)" : "");
     702             : #endif
     703             :     }
     704             : 
     705       16869 :   if (list_mode)
     706           5 :     es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
     707             :                 (unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
     708           1 :                 partial? (new_ctb ? " partial" : " indeterminate") :"",
     709             :                 new_ctb? " new-ctb":"");
     710             : 
     711       16869 :   pkt->pkttype = pkttype;
     712       16869 :   rc = GPG_ERR_UNKNOWN_PACKET;  /* default error */
     713       16869 :   switch (pkttype)
     714             :     {
     715             :     case PKT_PUBLIC_KEY:
     716             :     case PKT_PUBLIC_SUBKEY:
     717             :     case PKT_SECRET_KEY:
     718             :     case PKT_SECRET_SUBKEY:
     719        5035 :       pkt->pkt.public_key = xmalloc_clear (sizeof *pkt->pkt.public_key);
     720        5035 :       rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
     721        5035 :       break;
     722             :     case PKT_SYMKEY_ENC:
     723         218 :       rc = parse_symkeyenc (inp, pkttype, pktlen, pkt);
     724         218 :       break;
     725             :     case PKT_PUBKEY_ENC:
     726         253 :       rc = parse_pubkeyenc (inp, pkttype, pktlen, pkt);
     727         253 :       break;
     728             :     case PKT_SIGNATURE:
     729        6388 :       pkt->pkt.signature = xmalloc_clear (sizeof *pkt->pkt.signature);
     730        6388 :       rc = parse_signature (inp, pkttype, pktlen, pkt->pkt.signature);
     731        6388 :       break;
     732             :     case PKT_ONEPASS_SIG:
     733         118 :       pkt->pkt.onepass_sig = xmalloc_clear (sizeof *pkt->pkt.onepass_sig);
     734         118 :       rc = parse_onepass_sig (inp, pkttype, pktlen, pkt->pkt.onepass_sig);
     735         118 :       break;
     736             :     case PKT_USER_ID:
     737        3239 :       rc = parse_user_id (inp, pkttype, pktlen, pkt);
     738        3239 :       break;
     739             :     case PKT_ATTRIBUTE:
     740           0 :       pkt->pkttype = pkttype = PKT_USER_ID;  /* we store it in the userID */
     741           0 :       rc = parse_attribute (inp, pkttype, pktlen, pkt);
     742           0 :       break;
     743             :     case PKT_OLD_COMMENT:
     744             :     case PKT_COMMENT:
     745           0 :       rc = parse_comment (inp, pkttype, pktlen, pkt);
     746           0 :       break;
     747             :     case PKT_RING_TRUST:
     748           5 :       parse_trust (inp, pkttype, pktlen, pkt);
     749           5 :       rc = 0;
     750           5 :       break;
     751             :     case PKT_PLAINTEXT:
     752         580 :       rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial);
     753         580 :       break;
     754             :     case PKT_COMPRESSED:
     755         540 :       rc = parse_compressed (inp, pkttype, pktlen, pkt, new_ctb);
     756         540 :       break;
     757             :     case PKT_ENCRYPTED:
     758             :     case PKT_ENCRYPTED_MDC:
     759         470 :       rc = parse_encrypted (inp, pkttype, pktlen, pkt, new_ctb, partial);
     760         470 :       break;
     761             :     case PKT_MDC:
     762           0 :       rc = parse_mdc (inp, pkttype, pktlen, pkt, new_ctb);
     763           0 :       break;
     764             :     case PKT_GPG_CONTROL:
     765          16 :       rc = parse_gpg_control (inp, pkttype, pktlen, pkt, partial);
     766          16 :       break;
     767             :     case PKT_MARKER:
     768           7 :       rc = parse_marker (inp, pkttype, pktlen);
     769           7 :       break;
     770             :     default:
     771             :       /* Unknown packet.  Skip it.  */
     772           0 :       skip_packet (inp, pkttype, pktlen, partial);
     773           0 :       break;
     774             :     }
     775             : 
     776             :  leave:
     777             :   /* FIXME: We leak in case of an error (see the xmalloc's above).  */
     778       20965 :   if (!rc && iobuf_error (inp))
     779           0 :     rc = GPG_ERR_INV_KEYRING;
     780             : 
     781             :   /* FIXME: We use only the error code for now to avoid problems with
     782             :      callers which have not been checked to always use gpg_err_code()
     783             :      when comparing error codes.  */
     784       20965 :   return rc == -1? -1 : gpg_err_code (rc);
     785             : }
     786             : 
     787             : 
     788             : static void
     789           0 : dump_hex_line (int c, int *i)
     790             : {
     791           0 :   if (*i && !(*i % 8))
     792             :     {
     793           0 :       if (*i && !(*i % 24))
     794           0 :         es_fprintf (listfp, "\n%4d:", *i);
     795             :       else
     796           0 :         es_putc (' ', listfp);
     797             :     }
     798           0 :   if (c == -1)
     799           0 :     es_fprintf (listfp, " EOF");
     800             :   else
     801           0 :     es_fprintf (listfp, " %02x", c);
     802           0 :   ++*i;
     803           0 : }
     804             : 
     805             : 
     806             : /* Copy the contents of a packet from the pipeline IN to the pipeline
     807             :    OUT.
     808             : 
     809             :    The header and length have already been read from INP and the
     810             :    decoded values are given as PKGTYPE and PKTLEN.
     811             : 
     812             :    If the packet is a partial body length packet (RFC 4880, Section
     813             :    4.2.2.4), then iobuf_set_partial_block_mode should already have
     814             :    been called on INP and PARTIAL should be set.
     815             : 
     816             :    If PARTIAL is set or PKTLEN is 0 and PKTTYPE is PKT_COMPRESSED,
     817             :    copy until the first EOF is encountered on INP.
     818             : 
     819             :    Returns 0 on success and an error code if an error occurs.  */
     820             : static int
     821           0 : copy_packet (IOBUF inp, IOBUF out, int pkttype,
     822             :              unsigned long pktlen, int partial)
     823             : {
     824             :   int rc;
     825             :   int n;
     826             :   char buf[100];
     827             : 
     828           0 :   if (partial)
     829             :     {
     830           0 :       while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
     831           0 :         if ((rc = iobuf_write (out, buf, n)))
     832           0 :           return rc;            /* write error */
     833             :     }
     834           0 :   else if (!pktlen && pkttype == PKT_COMPRESSED)
     835             :     {
     836           0 :       log_debug ("copy_packet: compressed!\n");
     837             :       /* compressed packet, copy till EOF */
     838           0 :       while ((n = iobuf_read (inp, buf, sizeof (buf))) != -1)
     839           0 :         if ((rc = iobuf_write (out, buf, n)))
     840           0 :           return rc;            /* write error */
     841             :     }
     842             :   else
     843             :     {
     844           0 :       for (; pktlen; pktlen -= n)
     845             :         {
     846           0 :           n = pktlen > sizeof (buf) ? sizeof (buf) : pktlen;
     847           0 :           n = iobuf_read (inp, buf, n);
     848           0 :           if (n == -1)
     849           0 :             return gpg_error (GPG_ERR_EOF);
     850           0 :           if ((rc = iobuf_write (out, buf, n)))
     851           0 :             return rc;          /* write error */
     852             :         }
     853             :     }
     854           0 :   return 0;
     855             : }
     856             : 
     857             : 
     858             : /* Skip an unknown packet.  PKTTYPE is the packet's type, PKTLEN is
     859             :    the length of the packet's content and PARTIAL is whether partial
     860             :    body length encoding in used (in this case PKTLEN is ignored).  */
     861             : static void
     862           0 : skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial)
     863             : {
     864           0 :   if (list_mode)
     865             :     {
     866           0 :       es_fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
     867             :                   pkttype, pktlen);
     868           0 :       if (pkttype)
     869             :         {
     870           0 :           int c, i = 0;
     871           0 :           es_fputs ("dump:", listfp);
     872           0 :           if (partial)
     873             :             {
     874           0 :               while ((c = iobuf_get (inp)) != -1)
     875           0 :                 dump_hex_line (c, &i);
     876             :             }
     877             :           else
     878             :             {
     879           0 :               for (; pktlen; pktlen--)
     880             :                 {
     881           0 :                   dump_hex_line ((c = iobuf_get (inp)), &i);
     882           0 :                   if (c == -1)
     883           0 :                     break;
     884             :                 }
     885             :             }
     886           0 :           es_putc ('\n', listfp);
     887           0 :           return;
     888             :         }
     889             :     }
     890           0 :   iobuf_skip_rest (inp, pktlen, partial);
     891             : }
     892             : 
     893             : 
     894             : /* Read PKTLEN bytes form INP and return them in a newly allocated
     895             :    buffer.  In case of an error (including reading fewer than PKTLEN
     896             :    bytes from INP before EOF is returned), NULL is returned and an
     897             :    error message is logged.  */
     898             : static void *
     899          14 : read_rest (IOBUF inp, size_t pktlen)
     900             : {
     901             :   int c;
     902             :   byte *buf, *p;
     903             : 
     904          14 :   buf = xtrymalloc (pktlen);
     905          14 :   if (!buf)
     906             :     {
     907           0 :       gpg_error_t err = gpg_error_from_syserror ();
     908           0 :       log_error ("error reading rest of packet: %s\n", gpg_strerror (err));
     909           0 :       return NULL;
     910             :     }
     911        1054 :   for (p = buf; pktlen; pktlen--)
     912             :     {
     913        1040 :       c = iobuf_get (inp);
     914        1040 :       if (c == -1)
     915             :         {
     916           0 :           log_error ("premature eof while reading rest of packet\n");
     917           0 :           xfree (buf);
     918           0 :           return NULL;
     919             :         }
     920        1040 :       *p++ = c;
     921             :     }
     922             : 
     923          14 :   return buf;
     924             : }
     925             : 
     926             : 
     927             : /* Read a special size+body from INP.  On success store an opaque MPI
     928             :    with it at R_DATA.  On error return an error code and store NULL at
     929             :    R_DATA.  Even in the error case store the number of read bytes at
     930             :    R_NREAD.  The caller shall pass the remaining size of the packet in
     931             :    PKTLEN.  */
     932             : static gpg_error_t
     933         772 : read_size_body (iobuf_t inp, int pktlen, size_t *r_nread,
     934             :                 gcry_mpi_t *r_data)
     935             : {
     936             :   char buffer[256];
     937             :   char *tmpbuf;
     938             :   int i, c, nbytes;
     939             : 
     940         772 :   *r_nread = 0;
     941         772 :   *r_data = NULL;
     942             : 
     943         772 :   if (!pktlen)
     944           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     945         772 :   c = iobuf_readbyte (inp);
     946         772 :   if (c < 0)
     947           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     948         772 :   pktlen--;
     949         772 :   ++*r_nread;
     950         772 :   nbytes = c;
     951         772 :   if (nbytes < 2 || nbytes > 254)
     952           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     953         772 :   if (nbytes > pktlen)
     954           0 :     return gpg_error (GPG_ERR_INV_PACKET);
     955             : 
     956         772 :   buffer[0] = nbytes;
     957             : 
     958        5672 :   for (i = 0; i < nbytes; i++)
     959             :     {
     960        4900 :       c = iobuf_get (inp);
     961        4900 :       if (c < 0)
     962           0 :         return gpg_error (GPG_ERR_INV_PACKET);
     963        4900 :       ++*r_nread;
     964        4900 :       buffer[1+i] = c;
     965             :     }
     966             : 
     967         772 :   tmpbuf = xtrymalloc (1 + nbytes);
     968         772 :   if (!tmpbuf)
     969           0 :     return gpg_error_from_syserror ();
     970         772 :   memcpy (tmpbuf, buffer, 1 + nbytes);
     971         772 :   *r_data = gcry_mpi_set_opaque (NULL, tmpbuf, 8 * (1 + nbytes));
     972         772 :   if (!*r_data)
     973             :     {
     974           0 :       xfree (tmpbuf);
     975           0 :       return gpg_error_from_syserror ();
     976             :     }
     977         772 :   return 0;
     978             : }
     979             : 
     980             : 
     981             : /* Parse a marker packet.  */
     982             : static int
     983           7 : parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
     984             : {
     985             :   (void) pkttype;
     986             : 
     987           7 :   if (pktlen != 3)
     988           1 :     goto fail;
     989             : 
     990           6 :   if (iobuf_get (inp) != 'P')
     991             :     {
     992           0 :       pktlen--;
     993           0 :       goto fail;
     994             :     }
     995             : 
     996           6 :   if (iobuf_get (inp) != 'G')
     997             :     {
     998           0 :       pktlen--;
     999           0 :       goto fail;
    1000             :     }
    1001             : 
    1002           6 :   if (iobuf_get (inp) != 'P')
    1003             :     {
    1004           0 :       pktlen--;
    1005           0 :       goto fail;
    1006             :     }
    1007             : 
    1008           6 :   if (list_mode)
    1009           0 :     es_fputs (":marker packet: PGP\n", listfp);
    1010             : 
    1011           6 :   return 0;
    1012             : 
    1013             :  fail:
    1014           1 :   log_error ("invalid marker packet\n");
    1015           1 :   if (list_mode)
    1016           0 :     es_fputs (":marker packet: [invalid]\n", listfp);
    1017           1 :   iobuf_skip_rest (inp, pktlen, 0);
    1018           1 :   return GPG_ERR_INV_PACKET;
    1019             : }
    1020             : 
    1021             : 
    1022             : static int
    1023         218 : parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
    1024             :                  PACKET * packet)
    1025             : {
    1026             :   PKT_symkey_enc *k;
    1027         218 :   int rc = 0;
    1028             :   int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
    1029             : 
    1030         218 :   if (pktlen < 4)
    1031             :     {
    1032           0 :       log_error ("packet(%d) too short\n", pkttype);
    1033           0 :       if (list_mode)
    1034           0 :         es_fprintf (listfp, ":symkey enc packet: [too short]\n");
    1035           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1036           0 :       goto leave;
    1037             :     }
    1038         218 :   version = iobuf_get_noeof (inp);
    1039         218 :   pktlen--;
    1040         218 :   if (version != 4)
    1041             :     {
    1042           0 :       log_error ("packet(%d) with unknown version %d\n", pkttype, version);
    1043           0 :       if (list_mode)
    1044           0 :         es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
    1045           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1046           0 :       goto leave;
    1047             :     }
    1048         218 :   if (pktlen > 200)
    1049             :     {                           /* (we encode the seskeylen in a byte) */
    1050           0 :       log_error ("packet(%d) too large\n", pkttype);
    1051           0 :       if (list_mode)
    1052           0 :         es_fprintf (listfp, ":symkey enc packet: [too large]\n");
    1053           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1054           0 :       goto leave;
    1055             :     }
    1056         218 :   cipher_algo = iobuf_get_noeof (inp);
    1057         218 :   pktlen--;
    1058         218 :   s2kmode = iobuf_get_noeof (inp);
    1059         218 :   pktlen--;
    1060         218 :   hash_algo = iobuf_get_noeof (inp);
    1061         218 :   pktlen--;
    1062         218 :   switch (s2kmode)
    1063             :     {
    1064             :     case 0: /* Simple S2K.  */
    1065           0 :       minlen = 0;
    1066           0 :       break;
    1067             :     case 1: /* Salted S2K.  */
    1068           0 :       minlen = 8;
    1069           0 :       break;
    1070             :     case 3: /* Iterated+salted S2K.  */
    1071         218 :       minlen = 9;
    1072         218 :       break;
    1073             :     default:
    1074           0 :       log_error ("unknown S2K mode %d\n", s2kmode);
    1075           0 :       if (list_mode)
    1076           0 :         es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
    1077           0 :       goto leave;
    1078             :     }
    1079         218 :   if (minlen > pktlen)
    1080             :     {
    1081           0 :       log_error ("packet with S2K %d too short\n", s2kmode);
    1082           0 :       if (list_mode)
    1083           0 :         es_fprintf (listfp, ":symkey enc packet: [too short]\n");
    1084           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1085           0 :       goto leave;
    1086             :     }
    1087         218 :   seskeylen = pktlen - minlen;
    1088         218 :   k = packet->pkt.symkey_enc = xmalloc_clear (sizeof *packet->pkt.symkey_enc
    1089             :                                               + seskeylen - 1);
    1090         218 :   k->version = version;
    1091         218 :   k->cipher_algo = cipher_algo;
    1092         218 :   k->s2k.mode = s2kmode;
    1093         218 :   k->s2k.hash_algo = hash_algo;
    1094         218 :   if (s2kmode == 1 || s2kmode == 3)
    1095             :     {
    1096        1962 :       for (i = 0; i < 8 && pktlen; i++, pktlen--)
    1097        1744 :         k->s2k.salt[i] = iobuf_get_noeof (inp);
    1098             :     }
    1099         218 :   if (s2kmode == 3)
    1100             :     {
    1101         218 :       k->s2k.count = iobuf_get (inp);
    1102         218 :       pktlen--;
    1103             :     }
    1104         218 :   k->seskeylen = seskeylen;
    1105         218 :   if (k->seskeylen)
    1106             :     {
    1107           0 :       for (i = 0; i < seskeylen && pktlen; i++, pktlen--)
    1108           0 :         k->seskey[i] = iobuf_get_noeof (inp);
    1109             : 
    1110             :       /* What we're watching out for here is a session key decryptor
    1111             :          with no salt.  The RFC says that using salt for this is a
    1112             :          MUST. */
    1113           0 :       if (s2kmode != 1 && s2kmode != 3)
    1114           0 :         log_info (_("WARNING: potentially insecure symmetrically"
    1115             :                     " encrypted session key\n"));
    1116             :     }
    1117         218 :   assert (!pktlen);
    1118             : 
    1119         218 :   if (list_mode)
    1120             :     {
    1121           0 :       es_fprintf (listfp,
    1122             :                   ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
    1123             :                   version, cipher_algo, s2kmode, hash_algo);
    1124           0 :       if (seskeylen)
    1125           0 :         es_fprintf (listfp, ", seskey %d bits", (seskeylen - 1) * 8);
    1126           0 :       es_fprintf (listfp, "\n");
    1127           0 :       if (s2kmode == 1 || s2kmode == 3)
    1128             :         {
    1129           0 :           es_fprintf (listfp, "\tsalt ");
    1130           0 :           es_write_hexstring (listfp, k->s2k.salt, 8, 0, NULL);
    1131           0 :           if (s2kmode == 3)
    1132           0 :             es_fprintf (listfp, ", count %lu (%lu)",
    1133           0 :                         S2K_DECODE_COUNT ((ulong) k->s2k.count),
    1134           0 :                         (ulong) k->s2k.count);
    1135           0 :           es_fprintf (listfp, "\n");
    1136             :         }
    1137             :     }
    1138             : 
    1139             :  leave:
    1140         218 :   iobuf_skip_rest (inp, pktlen, 0);
    1141         218 :   return rc;
    1142             : }
    1143             : 
    1144             : 
    1145             : static int
    1146         253 : parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
    1147             :                  PACKET * packet)
    1148             : {
    1149         253 :   int rc = 0;
    1150             :   int i, ndata;
    1151             :   PKT_pubkey_enc *k;
    1152             : 
    1153         253 :   k = packet->pkt.pubkey_enc = xmalloc_clear (sizeof *packet->pkt.pubkey_enc);
    1154         253 :   if (pktlen < 12)
    1155             :     {
    1156           0 :       log_error ("packet(%d) too short\n", pkttype);
    1157           0 :       if (list_mode)
    1158           0 :         es_fputs (":pubkey enc packet: [too short]\n", listfp);
    1159           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1160           0 :       goto leave;
    1161             :     }
    1162         253 :   k->version = iobuf_get_noeof (inp);
    1163         253 :   pktlen--;
    1164         253 :   if (k->version != 2 && k->version != 3)
    1165             :     {
    1166           0 :       log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
    1167           0 :       if (list_mode)
    1168           0 :         es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
    1169           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1170           0 :       goto leave;
    1171             :     }
    1172         253 :   k->keyid[0] = read_32 (inp);
    1173         253 :   pktlen -= 4;
    1174         253 :   k->keyid[1] = read_32 (inp);
    1175         253 :   pktlen -= 4;
    1176         253 :   k->pubkey_algo = iobuf_get_noeof (inp);
    1177         253 :   pktlen--;
    1178         253 :   k->throw_keyid = 0;  /* Only used as flag for build_packet.  */
    1179         253 :   if (list_mode)
    1180           0 :     es_fprintf (listfp,
    1181             :                 ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
    1182           0 :                 k->version, k->pubkey_algo, (ulong) k->keyid[0],
    1183           0 :                 (ulong) k->keyid[1]);
    1184             : 
    1185         253 :   ndata = pubkey_get_nenc (k->pubkey_algo);
    1186         253 :   if (!ndata)
    1187             :     {
    1188           0 :       if (list_mode)
    1189           0 :         es_fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo);
    1190           0 :       unknown_pubkey_warning (k->pubkey_algo);
    1191           0 :       k->data[0] = NULL; /* No need to store the encrypted data.  */
    1192             :     }
    1193             :   else
    1194             :     {
    1195         758 :       for (i = 0; i < ndata; i++)
    1196             :         {
    1197         505 :           if (k->pubkey_algo == PUBKEY_ALGO_ECDH && i == 1)
    1198          24 :             {
    1199             :               size_t n;
    1200          24 :               rc = read_size_body (inp, pktlen, &n, k->data+i);
    1201          24 :               pktlen -= n;
    1202             :             }
    1203             :           else
    1204             :             {
    1205         481 :               int n = pktlen;
    1206         481 :               k->data[i] = mpi_read (inp, &n, 0);
    1207         481 :               pktlen -= n;
    1208         481 :               if (!k->data[i])
    1209           0 :                 rc = gpg_error (GPG_ERR_INV_PACKET);
    1210             :             }
    1211         505 :           if (rc)
    1212           0 :             goto leave;
    1213         505 :           if (list_mode)
    1214             :             {
    1215           0 :               es_fprintf (listfp, "\tdata: ");
    1216           0 :               mpi_print (listfp, k->data[i], mpi_print_mode);
    1217           0 :               es_putc ('\n', listfp);
    1218             :             }
    1219             :         }
    1220             :     }
    1221             : 
    1222             :  leave:
    1223         253 :   iobuf_skip_rest (inp, pktlen, 0);
    1224         253 :   return rc;
    1225             : }
    1226             : 
    1227             : 
    1228             : /* Dump a subpacket to LISTFP.  BUFFER contains the subpacket in
    1229             :    question and points to the type field in the subpacket header (not
    1230             :    the start of the header).  TYPE is the subpacket's type with the
    1231             :    critical bit cleared.  CRITICAL is the value of the CRITICAL bit.
    1232             :    BUFLEN is the length of the buffer and LENGTH is the length of the
    1233             :    subpacket according to the subpacket's header.  */
    1234             : static void
    1235           2 : dump_sig_subpkt (int hashed, int type, int critical,
    1236             :                  const byte * buffer, size_t buflen, size_t length)
    1237             : {
    1238           2 :   const char *p = NULL;
    1239             :   int i;
    1240             : 
    1241             :   /* The CERT has warning out with explains how to use GNUPG to detect
    1242             :    * the ARRs - we print our old message here when it is a faked ARR
    1243             :    * and add an additional notice.  */
    1244           2 :   if (type == SIGSUBPKT_ARR && !hashed)
    1245             :     {
    1246           0 :       es_fprintf (listfp,
    1247             :                   "\tsubpkt %d len %u (additional recipient request)\n"
    1248             :                   "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
    1249             :                   "encrypt to this key and thereby reveal the plaintext to "
    1250             :                   "the owner of this ARR key. Detailed info follows:\n",
    1251             :                   type, (unsigned) length);
    1252             :     }
    1253             : 
    1254           2 :   buffer++;
    1255           2 :   length--;
    1256             : 
    1257           2 :   es_fprintf (listfp, "\t%s%ssubpkt %d len %u (",     /*) */
    1258             :               critical ? "critical " : "",
    1259             :               hashed ? "hashed " : "", type, (unsigned) length);
    1260           2 :   if (length > buflen)
    1261             :     {
    1262           0 :       es_fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
    1263           2 :       return;
    1264             :     }
    1265           2 :   switch (type)
    1266             :     {
    1267             :     case SIGSUBPKT_SIG_CREATED:
    1268           1 :       if (length >= 4)
    1269           1 :         es_fprintf (listfp, "sig created %s",
    1270             :                     strtimestamp (buf32_to_u32 (buffer)));
    1271           1 :       break;
    1272             :     case SIGSUBPKT_SIG_EXPIRE:
    1273           0 :       if (length >= 4)
    1274             :         {
    1275           0 :           if (buf32_to_u32 (buffer))
    1276           0 :             es_fprintf (listfp, "sig expires after %s",
    1277             :                         strtimevalue (buf32_to_u32 (buffer)));
    1278             :           else
    1279           0 :             es_fprintf (listfp, "sig does not expire");
    1280             :         }
    1281           0 :       break;
    1282             :     case SIGSUBPKT_EXPORTABLE:
    1283           0 :       if (length)
    1284           0 :         es_fprintf (listfp, "%sexportable", *buffer ? "" : "not ");
    1285           0 :       break;
    1286             :     case SIGSUBPKT_TRUST:
    1287           0 :       if (length != 2)
    1288           0 :         p = "[invalid trust subpacket]";
    1289             :       else
    1290           0 :         es_fprintf (listfp, "trust signature of depth %d, value %d", buffer[0],
    1291           0 :                     buffer[1]);
    1292           0 :       break;
    1293             :     case SIGSUBPKT_REGEXP:
    1294           0 :       if (!length)
    1295           0 :         p = "[invalid regexp subpacket]";
    1296             :       else
    1297             :         {
    1298           0 :           es_fprintf (listfp, "regular expression: \"");
    1299           0 :           es_write_sanitized (listfp, buffer, length, "\"", NULL);
    1300           0 :           p = "\"";
    1301             :         }
    1302           0 :       break;
    1303             :     case SIGSUBPKT_REVOCABLE:
    1304           0 :       if (length)
    1305           0 :         es_fprintf (listfp, "%srevocable", *buffer ? "" : "not ");
    1306           0 :       break;
    1307             :     case SIGSUBPKT_KEY_EXPIRE:
    1308           0 :       if (length >= 4)
    1309             :         {
    1310           0 :           if (buf32_to_u32 (buffer))
    1311           0 :             es_fprintf (listfp, "key expires after %s",
    1312             :                         strtimevalue (buf32_to_u32 (buffer)));
    1313             :           else
    1314           0 :             es_fprintf (listfp, "key does not expire");
    1315             :         }
    1316           0 :       break;
    1317             :     case SIGSUBPKT_PREF_SYM:
    1318           0 :       es_fputs ("pref-sym-algos:", listfp);
    1319           0 :       for (i = 0; i < length; i++)
    1320           0 :         es_fprintf (listfp, " %d", buffer[i]);
    1321           0 :       break;
    1322             :     case SIGSUBPKT_REV_KEY:
    1323           0 :       es_fputs ("revocation key: ", listfp);
    1324           0 :       if (length < 22)
    1325           0 :         p = "[too short]";
    1326             :       else
    1327             :         {
    1328           0 :           es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
    1329           0 :           for (i = 2; i < length; i++)
    1330           0 :             es_fprintf (listfp, "%02X", buffer[i]);
    1331             :         }
    1332           0 :       break;
    1333             :     case SIGSUBPKT_ISSUER:
    1334           1 :       if (length >= 8)
    1335           2 :         es_fprintf (listfp, "issuer key ID %08lX%08lX",
    1336           1 :                     (ulong) buf32_to_u32 (buffer),
    1337           1 :                     (ulong) buf32_to_u32 (buffer + 4));
    1338           1 :       break;
    1339             :     case SIGSUBPKT_NOTATION:
    1340             :       {
    1341           0 :         es_fputs ("notation: ", listfp);
    1342           0 :         if (length < 8)
    1343           0 :           p = "[too short]";
    1344             :         else
    1345             :           {
    1346           0 :             const byte *s = buffer;
    1347             :             size_t n1, n2;
    1348             : 
    1349           0 :             n1 = (s[4] << 8) | s[5];
    1350           0 :             n2 = (s[6] << 8) | s[7];
    1351           0 :             s += 8;
    1352           0 :             if (8 + n1 + n2 != length)
    1353           0 :               p = "[error]";
    1354             :             else
    1355             :               {
    1356           0 :                 es_write_sanitized (listfp, s, n1, ")", NULL);
    1357           0 :                 es_putc ('=', listfp);
    1358             : 
    1359           0 :                 if (*buffer & 0x80)
    1360           0 :                   es_write_sanitized (listfp, s + n1, n2, ")", NULL);
    1361             :                 else
    1362           0 :                   p = "[not human readable]";
    1363             :               }
    1364             :           }
    1365             :       }
    1366           0 :       break;
    1367             :     case SIGSUBPKT_PREF_HASH:
    1368           0 :       es_fputs ("pref-hash-algos:", listfp);
    1369           0 :       for (i = 0; i < length; i++)
    1370           0 :         es_fprintf (listfp, " %d", buffer[i]);
    1371           0 :       break;
    1372             :     case SIGSUBPKT_PREF_COMPR:
    1373           0 :       es_fputs ("pref-zip-algos:", listfp);
    1374           0 :       for (i = 0; i < length; i++)
    1375           0 :         es_fprintf (listfp, " %d", buffer[i]);
    1376           0 :       break;
    1377             :     case SIGSUBPKT_KS_FLAGS:
    1378           0 :       es_fputs ("key server preferences:", listfp);
    1379           0 :       for (i = 0; i < length; i++)
    1380           0 :         es_fprintf (listfp, " %02X", buffer[i]);
    1381           0 :       break;
    1382             :     case SIGSUBPKT_PREF_KS:
    1383           0 :       es_fputs ("preferred key server: ", listfp);
    1384           0 :       es_write_sanitized (listfp, buffer, length, ")", NULL);
    1385           0 :       break;
    1386             :     case SIGSUBPKT_PRIMARY_UID:
    1387           0 :       p = "primary user ID";
    1388           0 :       break;
    1389             :     case SIGSUBPKT_POLICY:
    1390           0 :       es_fputs ("policy: ", listfp);
    1391           0 :       es_write_sanitized (listfp, buffer, length, ")", NULL);
    1392           0 :       break;
    1393             :     case SIGSUBPKT_KEY_FLAGS:
    1394           0 :       es_fputs ("key flags:", listfp);
    1395           0 :       for (i = 0; i < length; i++)
    1396           0 :         es_fprintf (listfp, " %02X", buffer[i]);
    1397           0 :       break;
    1398             :     case SIGSUBPKT_SIGNERS_UID:
    1399           0 :       p = "signer's user ID";
    1400           0 :       break;
    1401             :     case SIGSUBPKT_REVOC_REASON:
    1402           0 :       if (length)
    1403             :         {
    1404           0 :           es_fprintf (listfp, "revocation reason 0x%02x (", *buffer);
    1405           0 :           es_write_sanitized (listfp, buffer + 1, length - 1, ")", NULL);
    1406           0 :           p = ")";
    1407             :         }
    1408           0 :       break;
    1409             :     case SIGSUBPKT_ARR:
    1410           0 :       es_fputs ("Big Brother's key (ignored): ", listfp);
    1411           0 :       if (length < 22)
    1412           0 :         p = "[too short]";
    1413             :       else
    1414             :         {
    1415           0 :           es_fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
    1416           0 :           if (length > 2)
    1417           0 :             es_write_hexstring (listfp, buffer+2, length-2, 0, NULL);
    1418             :         }
    1419           0 :       break;
    1420             :     case SIGSUBPKT_FEATURES:
    1421           0 :       es_fputs ("features:", listfp);
    1422           0 :       for (i = 0; i < length; i++)
    1423           0 :         es_fprintf (listfp, " %02x", buffer[i]);
    1424           0 :       break;
    1425             :     case SIGSUBPKT_SIGNATURE:
    1426           0 :       es_fputs ("signature: ", listfp);
    1427           0 :       if (length < 17)
    1428           0 :         p = "[too short]";
    1429             :       else
    1430           0 :         es_fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
    1431           0 :                     buffer[0],
    1432           0 :                     buffer[0] == 3 ? buffer[2] : buffer[1],
    1433           0 :                     buffer[0] == 3 ? buffer[15] : buffer[2],
    1434           0 :                     buffer[0] == 3 ? buffer[16] : buffer[3]);
    1435           0 :       break;
    1436             :     default:
    1437           0 :       if (type >= 100 && type <= 110)
    1438           0 :         p = "experimental / private subpacket";
    1439             :       else
    1440           0 :         p = "?";
    1441           0 :       break;
    1442             :     }
    1443             : 
    1444           2 :   es_fprintf (listfp, "%s)\n", p ? p : "");
    1445             : }
    1446             : 
    1447             : 
    1448             : /*
    1449             :  * Returns: >= 0 use this offset into buffer
    1450             :  *          -1 explicitly reject returning this type
    1451             :  *          -2 subpacket too short
    1452             :  */
    1453             : int
    1454       25379 : parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
    1455             : {
    1456       25379 :   switch (type)
    1457             :     {
    1458             :     case SIGSUBPKT_REV_KEY:
    1459           5 :       if (n < 22)
    1460           0 :         break;
    1461           5 :       return 0;
    1462             :     case SIGSUBPKT_SIG_CREATED:
    1463             :     case SIGSUBPKT_SIG_EXPIRE:
    1464             :     case SIGSUBPKT_KEY_EXPIRE:
    1465        6406 :       if (n < 4)
    1466           0 :         break;
    1467        6406 :       return 0;
    1468             :     case SIGSUBPKT_KEY_FLAGS:
    1469             :     case SIGSUBPKT_KS_FLAGS:
    1470             :     case SIGSUBPKT_PREF_SYM:
    1471             :     case SIGSUBPKT_PREF_HASH:
    1472             :     case SIGSUBPKT_PREF_COMPR:
    1473             :     case SIGSUBPKT_POLICY:
    1474             :     case SIGSUBPKT_PREF_KS:
    1475             :     case SIGSUBPKT_FEATURES:
    1476             :     case SIGSUBPKT_REGEXP:
    1477       12817 :       return 0;
    1478             :     case SIGSUBPKT_SIGNATURE:
    1479             :     case SIGSUBPKT_EXPORTABLE:
    1480             :     case SIGSUBPKT_REVOCABLE:
    1481             :     case SIGSUBPKT_REVOC_REASON:
    1482           7 :       if (!n)
    1483           0 :         break;
    1484           7 :       return 0;
    1485             :     case SIGSUBPKT_ISSUER:      /* issuer key ID */
    1486        5849 :       if (n < 8)
    1487           0 :         break;
    1488        5849 :       return 0;
    1489             :     case SIGSUBPKT_NOTATION:
    1490             :       /* minimum length needed, and the subpacket must be well-formed
    1491             :          where the name length and value length all fit inside the
    1492             :          packet. */
    1493         160 :       if (n < 8
    1494         480 :           || 8 + ((buffer[4] << 8) | buffer[5]) +
    1495         320 :           ((buffer[6] << 8) | buffer[7]) != n)
    1496             :         break;
    1497         160 :       return 0;
    1498             :     case SIGSUBPKT_PRIMARY_UID:
    1499         135 :       if (n != 1)
    1500           0 :         break;
    1501         135 :       return 0;
    1502             :     case SIGSUBPKT_TRUST:
    1503           0 :       if (n != 2)
    1504           0 :         break;
    1505           0 :       return 0;
    1506             :     default:
    1507           0 :       return 0;
    1508             :     }
    1509           0 :   return -2;
    1510             : }
    1511             : 
    1512             : 
    1513             : /* Return true if we understand the critical notation.  */
    1514             : static int
    1515           0 : can_handle_critical_notation (const byte * name, size_t len)
    1516             : {
    1517           0 :   if (len == 32 && memcmp (name, "preferred-email-encoding@pgp.com", 32) == 0)
    1518           0 :     return 1;
    1519           0 :   if (len == 21 && memcmp (name, "pka-address@gnupg.org", 21) == 0)
    1520           0 :     return 1;
    1521             : 
    1522           0 :   return 0;
    1523             : }
    1524             : 
    1525             : 
    1526             : static int
    1527           0 : can_handle_critical (const byte * buffer, size_t n, int type)
    1528             : {
    1529           0 :   switch (type)
    1530             :     {
    1531             :     case SIGSUBPKT_NOTATION:
    1532           0 :       if (n >= 8)
    1533             :         {
    1534           0 :           size_t notation_len = ((buffer[4] << 8) | buffer[5]);
    1535           0 :           if (n - 8 >= notation_len)
    1536           0 :             return can_handle_critical_notation (buffer + 8, notation_len);
    1537             :         }
    1538           0 :       return 0;
    1539             :     case SIGSUBPKT_SIGNATURE:
    1540             :     case SIGSUBPKT_SIG_CREATED:
    1541             :     case SIGSUBPKT_SIG_EXPIRE:
    1542             :     case SIGSUBPKT_KEY_EXPIRE:
    1543             :     case SIGSUBPKT_EXPORTABLE:
    1544             :     case SIGSUBPKT_REVOCABLE:
    1545             :     case SIGSUBPKT_REV_KEY:
    1546             :     case SIGSUBPKT_ISSUER:      /* issuer key ID */
    1547             :     case SIGSUBPKT_PREF_SYM:
    1548             :     case SIGSUBPKT_PREF_HASH:
    1549             :     case SIGSUBPKT_PREF_COMPR:
    1550             :     case SIGSUBPKT_KEY_FLAGS:
    1551             :     case SIGSUBPKT_PRIMARY_UID:
    1552             :     case SIGSUBPKT_FEATURES:
    1553             :     case SIGSUBPKT_TRUST:
    1554             :     case SIGSUBPKT_REGEXP:
    1555             :       /* Is it enough to show the policy or keyserver? */
    1556             :     case SIGSUBPKT_POLICY:
    1557             :     case SIGSUBPKT_PREF_KS:
    1558           0 :       return 1;
    1559             : 
    1560             :     default:
    1561           0 :       return 0;
    1562             :     }
    1563             : }
    1564             : 
    1565             : 
    1566             : const byte *
    1567      104954 : enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
    1568             :                  size_t * ret_n, int *start, int *critical)
    1569             : {
    1570             :   const byte *buffer;
    1571             :   int buflen;
    1572             :   int type;
    1573             :   int critical_dummy;
    1574             :   int offset;
    1575             :   size_t n;
    1576      104954 :   int seq = 0;
    1577      104954 :   int reqseq = start ? *start : 0;
    1578             : 
    1579      104954 :   if (!critical)
    1580      104525 :     critical = &critical_dummy;
    1581             : 
    1582      104954 :   if (!pktbuf || reqseq == -1)
    1583             :     {
    1584             :       static char dummy[] = "x";
    1585             :       /* Return a value different from NULL to indicate that
    1586             :        * there is no critical bit we do not understand.  */
    1587        2156 :       return reqtype == SIGSUBPKT_TEST_CRITICAL ? dummy : NULL;
    1588             :     }
    1589      102798 :   buffer = pktbuf->data;
    1590      102798 :   buflen = pktbuf->len;
    1591      505569 :   while (buflen)
    1592             :     {
    1593      325094 :       n = *buffer++;
    1594      325094 :       buflen--;
    1595      325094 :       if (n == 255) /* 4 byte length header.  */
    1596             :         {
    1597           0 :           if (buflen < 4)
    1598           0 :             goto too_short;
    1599           0 :           n = buf32_to_size_t (buffer);
    1600           0 :           buffer += 4;
    1601           0 :           buflen -= 4;
    1602             :         }
    1603      325094 :       else if (n >= 192) /* 4 byte special encoded length header.  */
    1604             :         {
    1605           0 :           if (buflen < 2)
    1606           0 :             goto too_short;
    1607           0 :           n = ((n - 192) << 8) + *buffer + 192;
    1608           0 :           buffer++;
    1609           0 :           buflen--;
    1610             :         }
    1611      325094 :       if (buflen < n)
    1612           0 :         goto too_short;
    1613      325094 :       type = *buffer;
    1614      325094 :       if (type & 0x80)
    1615             :         {
    1616           0 :           type &= 0x7f;
    1617           0 :           *critical = 1;
    1618             :         }
    1619             :       else
    1620      325094 :         *critical = 0;
    1621      325094 :       if (!(++seq > reqseq))
    1622             :         ;
    1623      325084 :       else if (reqtype == SIGSUBPKT_TEST_CRITICAL)
    1624             :         {
    1625       27931 :           if (*critical)
    1626             :             {
    1627           0 :               if (n - 1 > buflen + 1)
    1628           0 :                 goto too_short;
    1629           0 :               if (!can_handle_critical (buffer + 1, n - 1, type))
    1630             :                 {
    1631           0 :                   if (opt.verbose)
    1632           0 :                     log_info (_("subpacket of type %d has "
    1633             :                                 "critical bit set\n"), type);
    1634           0 :                   if (start)
    1635           0 :                     *start = seq;
    1636           0 :                   return NULL;  /* This is an error.  */
    1637             :                 }
    1638             :             }
    1639             :         }
    1640      297153 :       else if (reqtype < 0) /* List packets.  */
    1641           2 :         dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
    1642             :                          type, *critical, buffer, buflen, n);
    1643      297151 :       else if (type == reqtype) /* Found.  */
    1644             :         {
    1645       25121 :           buffer++;
    1646       25121 :           n--;
    1647       25121 :           if (n > buflen)
    1648           0 :             goto too_short;
    1649       25121 :           if (ret_n)
    1650       12809 :             *ret_n = n;
    1651       25121 :           offset = parse_one_sig_subpkt (buffer, n, type);
    1652       25121 :           switch (offset)
    1653             :             {
    1654             :             case -2:
    1655           0 :               log_error ("subpacket of type %d too short\n", type);
    1656           0 :               return NULL;
    1657             :             case -1:
    1658           0 :               return NULL;
    1659             :             default:
    1660       25121 :               break;
    1661             :             }
    1662       25121 :           if (start)
    1663           5 :             *start = seq;
    1664       25121 :           return buffer + offset;
    1665             :         }
    1666      299973 :       buffer += n;
    1667      299973 :       buflen -= n;
    1668             :     }
    1669       77677 :   if (reqtype == SIGSUBPKT_TEST_CRITICAL)
    1670             :     /* Returning NULL means we found a subpacket with the critical bit
    1671             :        set that we dn't grok.  We've iterated over all the subpackets
    1672             :        and haven't found such a packet so we need to return a non-NULL
    1673             :        value.  */
    1674       11458 :     return buffer;
    1675             : 
    1676             :   /* Critical bit we don't understand. */
    1677       66219 :   if (start)
    1678        3432 :     *start = -1;
    1679       66219 :   return NULL;  /* End of packets; not found.  */
    1680             : 
    1681             :  too_short:
    1682           0 :   if (opt.verbose)
    1683           0 :     log_info ("buffer shorter than subpacket\n");
    1684           0 :   if (start)
    1685           0 :     *start = -1;
    1686           0 :   return NULL;
    1687             : }
    1688             : 
    1689             : 
    1690             : const byte *
    1691      100409 : parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
    1692             :                   size_t * ret_n)
    1693             : {
    1694      100409 :   return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
    1695             : }
    1696             : 
    1697             : 
    1698             : const byte *
    1699       11458 : parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype)
    1700             : {
    1701             :   const byte *p;
    1702             : 
    1703       11458 :   p = parse_sig_subpkt (sig->hashed, reqtype, NULL);
    1704       11458 :   if (!p)
    1705       11458 :     p = parse_sig_subpkt (sig->unhashed, reqtype, NULL);
    1706       11458 :   return p;
    1707             : }
    1708             : 
    1709             : 
    1710             : /* Find all revocation keys.  Look in hashed area only.  */
    1711             : void
    1712           5 : parse_revkeys (PKT_signature * sig)
    1713             : {
    1714             :   const byte *revkey;
    1715           5 :   int seq = 0;
    1716             :   size_t len;
    1717             : 
    1718           5 :   if (sig->sig_class != 0x1F)
    1719           5 :     return;
    1720             : 
    1721          15 :   while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY,
    1722             :                                     &len, &seq, NULL)))
    1723             :     {
    1724           5 :       if (/* The only valid length is 22 bytes.  See RFC 4880
    1725             :              5.2.3.15.  */
    1726           5 :           len == 22
    1727             :           /* 0x80 bit must be set on the class.  */
    1728           5 :           && (revkey[0] & 0x80))
    1729             :         {
    1730           5 :           sig->revkey = xrealloc (sig->revkey,
    1731             :                                   sizeof (struct revocation_key) *
    1732             :                                   (sig->numrevkeys + 1));
    1733             : 
    1734             :           /* Copy the individual fields.  */
    1735           5 :           sig->revkey[sig->numrevkeys].class = revkey[0];
    1736           5 :           sig->revkey[sig->numrevkeys].algid = revkey[1];
    1737           5 :           memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20);
    1738             : 
    1739           5 :           sig->numrevkeys++;
    1740             :         }
    1741             :     }
    1742             : }
    1743             : 
    1744             : 
    1745             : int
    1746        6388 : parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
    1747             :                  PKT_signature * sig)
    1748             : {
    1749        6388 :   int md5_len = 0;
    1750             :   unsigned n;
    1751        6388 :   int is_v4 = 0;
    1752        6388 :   int rc = 0;
    1753             :   int i, ndata;
    1754             : 
    1755        6388 :   if (pktlen < 16)
    1756             :     {
    1757           0 :       log_error ("packet(%d) too short\n", pkttype);
    1758           0 :       if (list_mode)
    1759           0 :         es_fputs (":signature packet: [too short]\n", listfp);
    1760           0 :       goto leave;
    1761             :     }
    1762        6388 :   sig->version = iobuf_get_noeof (inp);
    1763        6388 :   pktlen--;
    1764        6388 :   if (sig->version == 4)
    1765        5729 :     is_v4 = 1;
    1766         659 :   else if (sig->version != 2 && sig->version != 3)
    1767             :     {
    1768           0 :       log_error ("packet(%d) with unknown version %d\n",
    1769           0 :                  pkttype, sig->version);
    1770           0 :       if (list_mode)
    1771           0 :         es_fputs (":signature packet: [unknown version]\n", listfp);
    1772           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    1773           0 :       goto leave;
    1774             :     }
    1775             : 
    1776        6388 :   if (!is_v4)
    1777             :     {
    1778         659 :       if (pktlen == 0)
    1779           0 :         goto underflow;
    1780         659 :       md5_len = iobuf_get_noeof (inp);
    1781         659 :       pktlen--;
    1782             :     }
    1783        6388 :   if (pktlen == 0)
    1784           0 :     goto underflow;
    1785        6388 :   sig->sig_class = iobuf_get_noeof (inp);
    1786        6388 :   pktlen--;
    1787        6388 :   if (!is_v4)
    1788             :     {
    1789         659 :       if (pktlen < 12)
    1790           0 :         goto underflow;
    1791         659 :       sig->timestamp = read_32 (inp);
    1792         659 :       pktlen -= 4;
    1793         659 :       sig->keyid[0] = read_32 (inp);
    1794         659 :       pktlen -= 4;
    1795         659 :       sig->keyid[1] = read_32 (inp);
    1796         659 :       pktlen -= 4;
    1797             :     }
    1798        6388 :   if (pktlen < 2)
    1799           0 :     goto underflow;
    1800        6388 :   sig->pubkey_algo = iobuf_get_noeof (inp);
    1801        6388 :   pktlen--;
    1802        6388 :   sig->digest_algo = iobuf_get_noeof (inp);
    1803        6388 :   pktlen--;
    1804        6388 :   sig->flags.exportable = 1;
    1805        6388 :   sig->flags.revocable = 1;
    1806        6388 :   if (is_v4) /* Read subpackets.  */
    1807             :     {
    1808        5729 :       if (pktlen < 2)
    1809           0 :         goto underflow;
    1810        5729 :       n = read_16 (inp);
    1811        5729 :       pktlen -= 2;  /* Length of hashed data. */
    1812        5729 :       if (pktlen < n)
    1813           0 :         goto underflow;
    1814        5729 :       if (n > 10000)
    1815             :         {
    1816           0 :           log_error ("signature packet: hashed data too long\n");
    1817           0 :           if (list_mode)
    1818           0 :             es_fputs (":signature packet: [hashed data too long]\n", listfp);
    1819           0 :           rc = GPG_ERR_INV_PACKET;
    1820           0 :           goto leave;
    1821             :         }
    1822        5729 :       if (n)
    1823             :         {
    1824        5729 :           sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
    1825        5729 :           sig->hashed->size = n;
    1826        5729 :           sig->hashed->len = n;
    1827        5729 :           if (iobuf_read (inp, sig->hashed->data, n) != n)
    1828             :             {
    1829           0 :               log_error ("premature eof while reading "
    1830             :                          "hashed signature data\n");
    1831           0 :               if (list_mode)
    1832           0 :                 es_fputs (":signature packet: [premature eof]\n", listfp);
    1833           0 :               rc = -1;
    1834           0 :               goto leave;
    1835             :             }
    1836        5729 :           pktlen -= n;
    1837             :         }
    1838        5729 :       if (pktlen < 2)
    1839           0 :         goto underflow;
    1840        5729 :       n = read_16 (inp);
    1841        5729 :       pktlen -= 2;  /* Length of unhashed data.  */
    1842        5729 :       if (pktlen < n)
    1843           0 :         goto underflow;
    1844        5729 :       if (n > 10000)
    1845             :         {
    1846           0 :           log_error ("signature packet: unhashed data too long\n");
    1847           0 :           if (list_mode)
    1848           0 :             es_fputs (":signature packet: [unhashed data too long]\n", listfp);
    1849           0 :           rc = GPG_ERR_INV_PACKET;
    1850           0 :           goto leave;
    1851             :         }
    1852        5729 :       if (n)
    1853             :         {
    1854        5729 :           sig->unhashed = xmalloc (sizeof (*sig->unhashed) + n - 1);
    1855        5729 :           sig->unhashed->size = n;
    1856        5729 :           sig->unhashed->len = n;
    1857        5729 :           if (iobuf_read (inp, sig->unhashed->data, n) != n)
    1858             :             {
    1859           0 :               log_error ("premature eof while reading "
    1860             :                          "unhashed signature data\n");
    1861           0 :               if (list_mode)
    1862           0 :                 es_fputs (":signature packet: [premature eof]\n", listfp);
    1863           0 :               rc = -1;
    1864           0 :               goto leave;
    1865             :             }
    1866        5729 :           pktlen -= n;
    1867             :         }
    1868             :     }
    1869             : 
    1870        6388 :   if (pktlen < 2)
    1871           0 :     goto underflow;
    1872        6388 :   sig->digest_start[0] = iobuf_get_noeof (inp);
    1873        6388 :   pktlen--;
    1874        6388 :   sig->digest_start[1] = iobuf_get_noeof (inp);
    1875        6388 :   pktlen--;
    1876             : 
    1877        6388 :   if (is_v4 && sig->pubkey_algo)  /* Extract required information.  */
    1878             :     {
    1879             :       const byte *p;
    1880             :       size_t len;
    1881             : 
    1882             :       /* Set sig->flags.unknown_critical if there is a critical bit
    1883             :        * set for packets which we do not understand.  */
    1884        5729 :       if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
    1885        5729 :           || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
    1886           0 :         sig->flags.unknown_critical = 1;
    1887             : 
    1888        5729 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
    1889        5729 :       if (p)
    1890        5729 :         sig->timestamp = buf32_to_u32 (p);
    1891           0 :       else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
    1892           0 :                && opt.verbose)
    1893           0 :         log_info ("signature packet without timestamp\n");
    1894             : 
    1895        5729 :       p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER);
    1896        5729 :       if (p)
    1897             :         {
    1898        5729 :           sig->keyid[0] = buf32_to_u32 (p);
    1899        5729 :           sig->keyid[1] = buf32_to_u32 (p + 4);
    1900             :         }
    1901           0 :       else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
    1902           0 :                && opt.verbose)
    1903           0 :         log_info ("signature packet without keyid\n");
    1904             : 
    1905        5729 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
    1906        5729 :       if (p && buf32_to_u32 (p))
    1907         138 :         sig->expiredate = sig->timestamp + buf32_to_u32 (p);
    1908        5729 :       if (sig->expiredate && sig->expiredate <= make_timestamp ())
    1909         138 :         sig->flags.expired = 1;
    1910             : 
    1911        5729 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
    1912        5729 :       if (p)
    1913           0 :         sig->flags.policy_url = 1;
    1914             : 
    1915        5729 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
    1916        5729 :       if (p)
    1917           0 :         sig->flags.pref_ks = 1;
    1918             : 
    1919        5729 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
    1920        5729 :       if (p)
    1921         160 :         sig->flags.notation = 1;
    1922             : 
    1923        5729 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
    1924        5729 :       if (p && *p == 0)
    1925           5 :         sig->flags.revocable = 0;
    1926             : 
    1927        5729 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
    1928        5729 :       if (p && len == 2)
    1929             :         {
    1930           0 :           sig->trust_depth = p[0];
    1931           0 :           sig->trust_value = p[1];
    1932             : 
    1933             :           /* Only look for a regexp if there is also a trust
    1934             :              subpacket. */
    1935           0 :           sig->trust_regexp =
    1936           0 :             parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
    1937             : 
    1938             :           /* If the regular expression is of 0 length, there is no
    1939             :              regular expression. */
    1940           0 :           if (len == 0)
    1941           0 :             sig->trust_regexp = NULL;
    1942             :         }
    1943             : 
    1944             :       /* We accept the exportable subpacket from either the hashed or
    1945             :          unhashed areas as older versions of gpg put it in the
    1946             :          unhashed area.  In theory, anyway, we should never see this
    1947             :          packet off of a local keyring. */
    1948             : 
    1949        5729 :       p = parse_sig_subpkt2 (sig, SIGSUBPKT_EXPORTABLE);
    1950        5729 :       if (p && *p == 0)
    1951           0 :         sig->flags.exportable = 0;
    1952             : 
    1953             :       /* Find all revocation keys.  */
    1954        5729 :       if (sig->sig_class == 0x1F)
    1955           5 :         parse_revkeys (sig);
    1956             :     }
    1957             : 
    1958        6388 :   if (list_mode)
    1959             :     {
    1960           9 :       es_fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
    1961             :                   "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
    1962             :                   "\tdigest algo %d, begin of digest %02x %02x\n",
    1963           1 :                   sig->pubkey_algo,
    1964           2 :                   (ulong) sig->keyid[0], (ulong) sig->keyid[1],
    1965           3 :                   sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
    1966           3 :                   sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
    1967           1 :       if (is_v4)
    1968             :         {
    1969           1 :           parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
    1970           1 :           parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
    1971             :         }
    1972             :     }
    1973             : 
    1974        6388 :   ndata = pubkey_get_nsig (sig->pubkey_algo);
    1975        6388 :   if (!ndata)
    1976             :     {
    1977           0 :       if (list_mode)
    1978           0 :         es_fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo);
    1979           0 :       unknown_pubkey_warning (sig->pubkey_algo);
    1980             : 
    1981             :       /* We store the plain material in data[0], so that we are able
    1982             :        * to write it back with build_packet().  */
    1983           0 :       if (pktlen > (5 * MAX_EXTERN_MPI_BITS / 8))
    1984             :         {
    1985             :           /* We include a limit to avoid too trivial DoS attacks by
    1986             :              having gpg allocate too much memory.  */
    1987           0 :           log_error ("signature packet: too much data\n");
    1988           0 :           rc = GPG_ERR_INV_PACKET;
    1989             :         }
    1990             :       else
    1991             :         {
    1992           0 :           sig->data[0] =
    1993           0 :             gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen), pktlen * 8);
    1994           0 :           pktlen = 0;
    1995             :         }
    1996             :     }
    1997             :   else
    1998             :     {
    1999       18518 :       for (i = 0; i < ndata; i++)
    2000             :         {
    2001       12130 :           n = pktlen;
    2002       12130 :           sig->data[i] = mpi_read (inp, &n, 0);
    2003       12130 :           pktlen -= n;
    2004       12130 :           if (list_mode)
    2005             :             {
    2006           1 :               es_fprintf (listfp, "\tdata: ");
    2007           1 :               mpi_print (listfp, sig->data[i], mpi_print_mode);
    2008           1 :               es_putc ('\n', listfp);
    2009             :             }
    2010       12130 :           if (!sig->data[i])
    2011           0 :             rc = GPG_ERR_INV_PACKET;
    2012             :         }
    2013             :     }
    2014             : 
    2015             :  leave:
    2016        6388 :   iobuf_skip_rest (inp, pktlen, 0);
    2017        6388 :   return rc;
    2018             : 
    2019             :  underflow:
    2020           0 :   log_error ("packet(%d) too short\n", pkttype);
    2021           0 :   if (list_mode)
    2022           0 :     es_fputs (":signature packet: [too short]\n", listfp);
    2023             : 
    2024           0 :   iobuf_skip_rest (inp, pktlen, 0);
    2025             : 
    2026           0 :   return GPG_ERR_INV_PACKET;
    2027             : }
    2028             : 
    2029             : 
    2030             : static int
    2031         118 : parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
    2032             :                    PKT_onepass_sig * ops)
    2033             : {
    2034             :   int version;
    2035         118 :   int rc = 0;
    2036             : 
    2037         118 :   if (pktlen < 13)
    2038             :     {
    2039           0 :       log_error ("packet(%d) too short\n", pkttype);
    2040           0 :       if (list_mode)
    2041           0 :         es_fputs (":onepass_sig packet: [too short]\n", listfp);
    2042           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    2043           0 :       goto leave;
    2044             :     }
    2045         118 :   version = iobuf_get_noeof (inp);
    2046         118 :   pktlen--;
    2047         118 :   if (version != 3)
    2048             :     {
    2049           0 :       log_error ("onepass_sig with unknown version %d\n", version);
    2050           0 :       if (list_mode)
    2051           0 :         es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
    2052           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    2053           0 :       goto leave;
    2054             :     }
    2055         118 :   ops->sig_class = iobuf_get_noeof (inp);
    2056         118 :   pktlen--;
    2057         118 :   ops->digest_algo = iobuf_get_noeof (inp);
    2058         118 :   pktlen--;
    2059         118 :   ops->pubkey_algo = iobuf_get_noeof (inp);
    2060         118 :   pktlen--;
    2061         118 :   ops->keyid[0] = read_32 (inp);
    2062         118 :   pktlen -= 4;
    2063         118 :   ops->keyid[1] = read_32 (inp);
    2064         118 :   pktlen -= 4;
    2065         118 :   ops->last = iobuf_get_noeof (inp);
    2066         118 :   pktlen--;
    2067         118 :   if (list_mode)
    2068           6 :     es_fprintf (listfp,
    2069             :                 ":onepass_sig packet: keyid %08lX%08lX\n"
    2070             :                 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
    2071             :                 "last=%d\n",
    2072           2 :                 (ulong) ops->keyid[0], (ulong) ops->keyid[1],
    2073           1 :                 version, ops->sig_class,
    2074           3 :                 ops->digest_algo, ops->pubkey_algo, ops->last);
    2075             : 
    2076             : 
    2077             :  leave:
    2078         118 :   iobuf_skip_rest (inp, pktlen, 0);
    2079         118 :   return rc;
    2080             : }
    2081             : 
    2082             : 
    2083             : static int
    2084        5035 : parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
    2085             :            byte * hdr, int hdrlen, PACKET * pkt)
    2086             : {
    2087        5035 :   gpg_error_t err = 0;
    2088             :   int i, version, algorithm;
    2089             :   unsigned long timestamp, expiredate, max_expiredate;
    2090             :   int npkey, nskey;
    2091             :   u32 keyid[2];
    2092             :   PKT_public_key *pk;
    2093             : 
    2094             :   (void) hdr;
    2095             : 
    2096        5035 :   pk = pkt->pkt.public_key; /* PK has been cleared. */
    2097             : 
    2098        5035 :   version = iobuf_get_noeof (inp);
    2099        5035 :   pktlen--;
    2100        5035 :   if (pkttype == PKT_PUBLIC_SUBKEY && version == '#')
    2101             :     {
    2102             :       /* Early versions of G10 used the old PGP comments packets;
    2103             :        * luckily all those comments are started by a hash.  */
    2104           0 :       if (list_mode)
    2105             :         {
    2106           0 :           es_fprintf (listfp, ":rfc1991 comment packet: \"");
    2107           0 :           for (; pktlen; pktlen--)
    2108             :             {
    2109             :               int c;
    2110           0 :               c = iobuf_get (inp);
    2111           0 :               if (c == -1)
    2112           0 :                 break; /* Ooops: shorter than indicated.  */
    2113           0 :               if (c >= ' ' && c <= 'z')
    2114           0 :                 es_putc (c, listfp);
    2115             :               else
    2116           0 :                 es_fprintf (listfp, "\\x%02x", c);
    2117             :             }
    2118           0 :           es_fprintf (listfp, "\"\n");
    2119             :         }
    2120           0 :       iobuf_skip_rest (inp, pktlen, 0);
    2121           0 :       return 0;
    2122             :     }
    2123        5035 :   else if (version == 4)
    2124             :     {
    2125             :       /* The only supported version.  Use an older gpg
    2126             :          version (i.e. gpg 1.4) to parse v3 packets.  */
    2127             :     }
    2128           0 :   else if (version == 2 || version == 3)
    2129             :     {
    2130           0 :       if (opt.verbose > 1)
    2131           0 :         log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
    2132           0 :       if (list_mode)
    2133           0 :         es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
    2134           0 :       pk->version = version;
    2135           0 :       err = gpg_error (GPG_ERR_LEGACY_KEY);
    2136           0 :       goto leave;
    2137             :     }
    2138             :   else
    2139             :     {
    2140           0 :       log_error ("packet(%d) with unknown version %d\n", pkttype, version);
    2141           0 :       if (list_mode)
    2142           0 :         es_fputs (":key packet: [unknown version]\n", listfp);
    2143           0 :       err = gpg_error (GPG_ERR_INV_PACKET);
    2144           0 :       goto leave;
    2145             :     }
    2146             : 
    2147        5035 :   if (pktlen < 11)
    2148             :     {
    2149           0 :       log_error ("packet(%d) too short\n", pkttype);
    2150           0 :       if (list_mode)
    2151           0 :         es_fputs (":key packet: [too short]\n", listfp);
    2152           0 :       err = gpg_error (GPG_ERR_INV_PACKET);
    2153           0 :       goto leave;
    2154             :     }
    2155        5035 :   else if (pktlen > MAX_KEY_PACKET_LENGTH)
    2156             :     {
    2157           0 :       log_error ("packet(%d) too large\n", pkttype);
    2158           0 :       if (list_mode)
    2159           0 :         es_fputs (":key packet: [too larget]\n", listfp);
    2160           0 :       err = gpg_error (GPG_ERR_INV_PACKET);
    2161           0 :       goto leave;
    2162             :     }
    2163             : 
    2164        5035 :   timestamp = read_32 (inp);
    2165        5035 :   pktlen -= 4;
    2166        5035 :   expiredate = 0;               /* have to get it from the selfsignature */
    2167        5035 :   max_expiredate = 0;
    2168        5035 :   algorithm = iobuf_get_noeof (inp);
    2169        5035 :   pktlen--;
    2170        5035 :   if (list_mode)
    2171           0 :     es_fprintf (listfp, ":%s key packet:\n"
    2172             :                 "\tversion %d, algo %d, created %lu, expires %lu\n",
    2173             :                 pkttype == PKT_PUBLIC_KEY ? "public" :
    2174           0 :                 pkttype == PKT_SECRET_KEY ? "secret" :
    2175           0 :                 pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
    2176           0 :                 pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
    2177             :                 version, algorithm, timestamp, expiredate);
    2178             : 
    2179        5035 :   pk->timestamp = timestamp;
    2180        5035 :   pk->expiredate = expiredate;
    2181        5035 :   pk->max_expiredate = max_expiredate;
    2182        5035 :   pk->hdrbytes = hdrlen;
    2183        5035 :   pk->version = version;
    2184        5035 :   pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
    2185        5035 :   pk->pubkey_algo = algorithm;
    2186             : 
    2187        5035 :   nskey = pubkey_get_nskey (algorithm);
    2188        5035 :   npkey = pubkey_get_npkey (algorithm);
    2189        5035 :   if (!npkey)
    2190             :     {
    2191           0 :       if (list_mode)
    2192           0 :         es_fprintf (listfp, "\tunknown algorithm %d\n", algorithm);
    2193           0 :       unknown_pubkey_warning (algorithm);
    2194             :     }
    2195             : 
    2196        5035 :   if (!npkey)
    2197             :     {
    2198             :       /* Unknown algorithm - put data into an opaque MPI.  */
    2199           0 :       pk->pkey[0] = gcry_mpi_set_opaque (NULL,
    2200             :                                          read_rest (inp, pktlen), pktlen * 8);
    2201           0 :       pktlen = 0;
    2202           0 :       goto leave;
    2203             :     }
    2204             :   else
    2205             :     {
    2206       21459 :       for (i = 0; i < npkey; i++)
    2207             :         {
    2208       16424 :           if (    (algorithm == PUBKEY_ALGO_ECDSA && (i == 0))
    2209       16172 :                || (algorithm == PUBKEY_ALGO_EDDSA && (i == 0))
    2210       16172 :                || (algorithm == PUBKEY_ALGO_ECDH  && (i == 0 || i == 2)))
    2211         748 :             {
    2212             :               /* Read the OID (i==1) or the KDF params (i==2).  */
    2213             :               size_t n;
    2214         748 :               err = read_size_body (inp, pktlen, &n, pk->pkey+i);
    2215         748 :               pktlen -= n;
    2216             :             }
    2217             :           else
    2218             :             {
    2219       15676 :               unsigned int n = pktlen;
    2220       15676 :               pk->pkey[i] = mpi_read (inp, &n, 0);
    2221       15676 :               pktlen -= n;
    2222       15676 :               if (!pk->pkey[i])
    2223           0 :                 err = gpg_error (GPG_ERR_INV_PACKET);
    2224             :             }
    2225       16424 :           if (err)
    2226           0 :             goto leave;
    2227       16424 :           if (list_mode)
    2228             :             {
    2229           0 :               es_fprintf (listfp, "\tpkey[%d]: ", i);
    2230           0 :               mpi_print (listfp, pk->pkey[i], mpi_print_mode);
    2231           0 :               if ((algorithm == PUBKEY_ALGO_ECDSA
    2232           0 :                    || algorithm == PUBKEY_ALGO_EDDSA
    2233           0 :                    || algorithm == PUBKEY_ALGO_ECDH) && i==0)
    2234             :                 {
    2235           0 :                   char *curve = openpgp_oid_to_str (pk->pkey[0]);
    2236           0 :                   const char *name = openpgp_oid_to_curve (curve, 0);
    2237           0 :                   es_fprintf (listfp, " %s (%s)", name?name:"", curve);
    2238           0 :                   xfree (curve);
    2239             :                 }
    2240           0 :               es_putc ('\n', listfp);
    2241             :             }
    2242             :         }
    2243             :     }
    2244        5035 :   if (list_mode)
    2245           0 :     keyid_from_pk (pk, keyid);
    2246             : 
    2247        5035 :   if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
    2248             :     {
    2249             :       struct seckey_info *ski;
    2250             :       byte temp[16];
    2251          14 :       size_t snlen = 0;
    2252             : 
    2253          14 :       if (pktlen < 1)
    2254             :         {
    2255           0 :           err = gpg_error (GPG_ERR_INV_PACKET);
    2256           0 :           goto leave;
    2257             :         }
    2258             : 
    2259          14 :       pk->seckey_info = ski = xtrycalloc (1, sizeof *ski);
    2260          14 :       if (!pk->seckey_info)
    2261             :         {
    2262           0 :           err = gpg_error_from_syserror ();
    2263           0 :           goto leave;
    2264             :         }
    2265             : 
    2266          14 :       ski->algo = iobuf_get_noeof (inp);
    2267          14 :       pktlen--;
    2268          14 :       if (ski->algo)
    2269             :         {
    2270          14 :           ski->is_protected = 1;
    2271          14 :           ski->s2k.count = 0;
    2272          14 :           if (ski->algo == 254 || ski->algo == 255)
    2273             :             {
    2274          14 :               if (pktlen < 3)
    2275             :                 {
    2276           0 :                   err = gpg_error (GPG_ERR_INV_PACKET);
    2277           0 :                   goto leave;
    2278             :                 }
    2279          14 :               ski->sha1chk = (ski->algo == 254);
    2280          14 :               ski->algo = iobuf_get_noeof (inp);
    2281          14 :               pktlen--;
    2282             :               /* Note that a ski->algo > 110 is illegal, but I'm not
    2283             :                  erroring on it here as otherwise there would be no
    2284             :                  way to delete such a key.  */
    2285          14 :               ski->s2k.mode = iobuf_get_noeof (inp);
    2286          14 :               pktlen--;
    2287          14 :               ski->s2k.hash_algo = iobuf_get_noeof (inp);
    2288          14 :               pktlen--;
    2289             :               /* Check for the special GNU extension.  */
    2290          14 :               if (ski->s2k.mode == 101)
    2291             :                 {
    2292           0 :                   for (i = 0; i < 4 && pktlen; i++, pktlen--)
    2293           0 :                     temp[i] = iobuf_get_noeof (inp);
    2294           0 :                   if (i < 4 || memcmp (temp, "GNU", 3))
    2295             :                     {
    2296           0 :                       if (list_mode)
    2297           0 :                         es_fprintf (listfp, "\tunknown S2K %d\n",
    2298             :                                     ski->s2k.mode);
    2299           0 :                       err = gpg_error (GPG_ERR_INV_PACKET);
    2300           0 :                       goto leave;
    2301             :                     }
    2302             :                   /* Here we know that it is a GNU extension.  What
    2303             :                    * follows is the GNU protection mode: All values
    2304             :                    * have special meanings and they are mapped to MODE
    2305             :                    * with a base of 1000.  */
    2306           0 :                   ski->s2k.mode = 1000 + temp[3];
    2307             :                 }
    2308             : 
    2309             :               /* Read the salt.  */
    2310          14 :               switch (ski->s2k.mode)
    2311             :                 {
    2312             :                 case 1:
    2313             :                 case 3:
    2314         126 :                   for (i = 0; i < 8 && pktlen; i++, pktlen--)
    2315         112 :                     temp[i] = iobuf_get_noeof (inp);
    2316          14 :                   memcpy (ski->s2k.salt, temp, 8);
    2317          14 :                   break;
    2318             :                 }
    2319             : 
    2320             :               /* Check the mode.  */
    2321          14 :               switch (ski->s2k.mode)
    2322             :                 {
    2323             :                 case 0:
    2324           0 :                   if (list_mode)
    2325           0 :                     es_fprintf (listfp, "\tsimple S2K");
    2326           0 :                   break;
    2327             :                 case 1:
    2328           0 :                   if (list_mode)
    2329           0 :                     es_fprintf (listfp, "\tsalted S2K");
    2330           0 :                   break;
    2331             :                 case 3:
    2332          14 :                   if (list_mode)
    2333           0 :                     es_fprintf (listfp, "\titer+salt S2K");
    2334          14 :                   break;
    2335             :                 case 1001:
    2336           0 :                   if (list_mode)
    2337           0 :                     es_fprintf (listfp, "\tgnu-dummy S2K");
    2338           0 :                   break;
    2339             :                 case 1002:
    2340           0 :                   if (list_mode)
    2341           0 :                     es_fprintf (listfp, "\tgnu-divert-to-card S2K");
    2342           0 :                   break;
    2343             :                 default:
    2344           0 :                   if (list_mode)
    2345           0 :                     es_fprintf (listfp, "\tunknown %sS2K %d\n",
    2346           0 :                                 ski->s2k.mode < 1000 ? "" : "GNU ",
    2347             :                                 ski->s2k.mode);
    2348           0 :                   err = gpg_error (GPG_ERR_INV_PACKET);
    2349           0 :                   goto leave;
    2350             :                 }
    2351             : 
    2352             :               /* Print some info.  */
    2353          14 :               if (list_mode)
    2354             :                 {
    2355           0 :                   es_fprintf (listfp, ", algo: %d,%s hash: %d",
    2356           0 :                               ski->algo,
    2357           0 :                               ski->sha1chk ? " SHA1 protection,"
    2358           0 :                               : " simple checksum,", ski->s2k.hash_algo);
    2359           0 :                   if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
    2360             :                     {
    2361           0 :                       es_fprintf (listfp, ", salt: ");
    2362           0 :                       es_write_hexstring (listfp, ski->s2k.salt, 8, 0, NULL);
    2363             :                     }
    2364           0 :                   es_putc ('\n', listfp);
    2365             :                 }
    2366             : 
    2367             :               /* Read remaining protection parameters.  */
    2368          28 :               if (ski->s2k.mode == 3)
    2369             :                 {
    2370          14 :                   if (pktlen < 1)
    2371             :                     {
    2372           0 :                       err = gpg_error (GPG_ERR_INV_PACKET);
    2373           0 :                       goto leave;
    2374             :                     }
    2375          14 :                   ski->s2k.count = iobuf_get (inp);
    2376          14 :                   pktlen--;
    2377          14 :                   if (list_mode)
    2378           0 :                     es_fprintf (listfp, "\tprotect count: %lu (%lu)\n",
    2379           0 :                                 (ulong)S2K_DECODE_COUNT ((ulong)ski->s2k.count),
    2380           0 :                                 (ulong) ski->s2k.count);
    2381             :                 }
    2382           0 :               else if (ski->s2k.mode == 1002)
    2383             :                 {
    2384             :                   /* Read the serial number. */
    2385           0 :                   if (pktlen < 1)
    2386             :                     {
    2387           0 :                       err = gpg_error (GPG_ERR_INV_PACKET);
    2388           0 :                       goto leave;
    2389             :                     }
    2390           0 :                   snlen = iobuf_get (inp);
    2391           0 :                   pktlen--;
    2392           0 :                   if (pktlen < snlen || snlen == (size_t)(-1))
    2393             :                     {
    2394           0 :                       err = gpg_error (GPG_ERR_INV_PACKET);
    2395           0 :                       goto leave;
    2396             :                     }
    2397             :                 }
    2398             :             }
    2399             :           else /* Old version; no S2K, so we set mode to 0, hash MD5.  */
    2400             :             {
    2401             :               /* Note that a ski->algo > 110 is illegal, but I'm not
    2402             :                  erroring on it here as otherwise there would be no
    2403             :                  way to delete such a key.  */
    2404           0 :               ski->s2k.mode = 0;
    2405           0 :               ski->s2k.hash_algo = DIGEST_ALGO_MD5;
    2406           0 :               if (list_mode)
    2407           0 :                 es_fprintf (listfp, "\tprotect algo: %d  (hash algo: %d)\n",
    2408           0 :                             ski->algo, ski->s2k.hash_algo);
    2409             :             }
    2410             : 
    2411             :           /* It is really ugly that we don't know the size
    2412             :            * of the IV here in cases we are not aware of the algorithm.
    2413             :            * so a
    2414             :            *   ski->ivlen = cipher_get_blocksize (ski->algo);
    2415             :            * won't work.  The only solution I see is to hardwire it.
    2416             :            * NOTE: if you change the ivlen above 16, don't forget to
    2417             :            * enlarge temp.  */
    2418          14 :           ski->ivlen = openpgp_cipher_blocklen (ski->algo);
    2419          14 :           assert (ski->ivlen <= sizeof (temp));
    2420             : 
    2421          14 :           if (ski->s2k.mode == 1001)
    2422           0 :             ski->ivlen = 0;
    2423          14 :           else if (ski->s2k.mode == 1002)
    2424           0 :             ski->ivlen = snlen < 16 ? snlen : 16;
    2425             : 
    2426          14 :           if (pktlen < ski->ivlen)
    2427             :             {
    2428           0 :               err = gpg_error (GPG_ERR_INV_PACKET);
    2429           0 :               goto leave;
    2430             :             }
    2431         190 :           for (i = 0; i < ski->ivlen && pktlen; i++, pktlen--)
    2432         176 :             temp[i] = iobuf_get_noeof (inp);
    2433          14 :           if (list_mode)
    2434             :             {
    2435           0 :               es_fprintf (listfp,
    2436           0 :                           ski->s2k.mode == 1002 ? "\tserial-number: "
    2437             :                           : "\tprotect IV: ");
    2438           0 :               for (i = 0; i < ski->ivlen; i++)
    2439           0 :                 es_fprintf (listfp, " %02x", temp[i]);
    2440           0 :               es_putc ('\n', listfp);
    2441             :             }
    2442          14 :           memcpy (ski->iv, temp, ski->ivlen);
    2443             :         }
    2444             : 
    2445             :       /* It does not make sense to read it into secure memory.
    2446             :        * If the user is so careless, not to protect his secret key,
    2447             :        * we can assume, that he operates an open system :=(.
    2448             :        * So we put the key into secure memory when we unprotect it. */
    2449          14 :       if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
    2450             :         {
    2451             :           /* Better set some dummy stuff here.  */
    2452           0 :           pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
    2453           0 :                                                  xstrdup ("dummydata"),
    2454             :                                                  10 * 8);
    2455           0 :           pktlen = 0;
    2456             :         }
    2457          14 :       else if (ski->is_protected)
    2458             :         {
    2459          14 :           if (pktlen < 2) /* At least two bytes for the length.  */
    2460             :             {
    2461           0 :               err = gpg_error (GPG_ERR_INV_PACKET);
    2462           0 :               goto leave;
    2463             :             }
    2464             : 
    2465             :           /* Ugly: The length is encrypted too, so we read all stuff
    2466             :            * up to the end of the packet into the first SKEY
    2467             :            * element.  */
    2468          14 :           pk->pkey[npkey] = gcry_mpi_set_opaque (NULL,
    2469             :                                                  read_rest (inp, pktlen),
    2470             :                                                  pktlen * 8);
    2471             :           /* Mark that MPI as protected - we need this information for
    2472             :              importing a key.  The OPAQUE flag can't be used because
    2473             :              we also store public EdDSA values in opaque MPIs.  */
    2474          14 :           if (pk->pkey[npkey])
    2475          14 :             gcry_mpi_set_flag (pk->pkey[npkey], GCRYMPI_FLAG_USER1);
    2476          14 :           pktlen = 0;
    2477          14 :           if (list_mode)
    2478           0 :             es_fprintf (listfp, "\tskey[%d]: [v4 protected]\n", npkey);
    2479             :         }
    2480             :       else
    2481             :         {
    2482             :           /* Not encrypted.  */
    2483           0 :           for (i = npkey; i < nskey; i++)
    2484             :             {
    2485             :               unsigned int n;
    2486             : 
    2487           0 :               if (pktlen < 2) /* At least two bytes for the length.  */
    2488             :                 {
    2489           0 :                   err = gpg_error (GPG_ERR_INV_PACKET);
    2490           0 :                   goto leave;
    2491             :                 }
    2492           0 :               n = pktlen;
    2493           0 :               pk->pkey[i] = mpi_read (inp, &n, 0);
    2494           0 :               pktlen -= n;
    2495           0 :               if (list_mode)
    2496             :                 {
    2497           0 :                   es_fprintf (listfp, "\tskey[%d]: ", i);
    2498           0 :                   mpi_print (listfp, pk->pkey[i], mpi_print_mode);
    2499           0 :                   es_putc ('\n', listfp);
    2500             :                 }
    2501             : 
    2502           0 :               if (!pk->pkey[i])
    2503           0 :                 err = gpg_error (GPG_ERR_INV_PACKET);
    2504             :             }
    2505           0 :           if (err)
    2506           0 :             goto leave;
    2507             : 
    2508           0 :           if (pktlen < 2)
    2509             :             {
    2510           0 :               err = gpg_error (GPG_ERR_INV_PACKET);
    2511           0 :               goto leave;
    2512             :             }
    2513           0 :           ski->csum = read_16 (inp);
    2514           0 :           pktlen -= 2;
    2515           0 :           if (list_mode)
    2516           0 :             es_fprintf (listfp, "\tchecksum: %04hx\n", ski->csum);
    2517             :         }
    2518             :     }
    2519             : 
    2520        5035 :   if (list_mode)
    2521           0 :     es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
    2522           0 :                 (ulong) keyid[0], (ulong) keyid[1]);
    2523             : 
    2524             :  leave:
    2525        5035 :   iobuf_skip_rest (inp, pktlen, 0);
    2526        5035 :   return err;
    2527             : }
    2528             : 
    2529             : 
    2530             : /* Attribute subpackets have the same format as v4 signature
    2531             :    subpackets.  This is not part of OpenPGP, but is done in several
    2532             :    versions of PGP nevertheless.  */
    2533             : int
    2534           0 : parse_attribute_subpkts (PKT_user_id * uid)
    2535             : {
    2536             :   size_t n;
    2537           0 :   int count = 0;
    2538           0 :   struct user_attribute *attribs = NULL;
    2539           0 :   const byte *buffer = uid->attrib_data;
    2540           0 :   int buflen = uid->attrib_len;
    2541             :   byte type;
    2542             : 
    2543           0 :   xfree (uid->attribs);
    2544             : 
    2545           0 :   while (buflen)
    2546             :     {
    2547           0 :       n = *buffer++;
    2548           0 :       buflen--;
    2549           0 :       if (n == 255)  /* 4 byte length header.  */
    2550             :         {
    2551           0 :           if (buflen < 4)
    2552           0 :             goto too_short;
    2553           0 :           n = buf32_to_size_t (buffer);
    2554           0 :           buffer += 4;
    2555           0 :           buflen -= 4;
    2556             :         }
    2557           0 :       else if (n >= 192)  /* 2 byte special encoded length header.  */
    2558             :         {
    2559           0 :           if (buflen < 2)
    2560           0 :             goto too_short;
    2561           0 :           n = ((n - 192) << 8) + *buffer + 192;
    2562           0 :           buffer++;
    2563           0 :           buflen--;
    2564             :         }
    2565           0 :       if (buflen < n)
    2566           0 :         goto too_short;
    2567             : 
    2568           0 :       if (!n)
    2569             :         {
    2570             :           /* Too short to encode the subpacket type.  */
    2571           0 :           if (opt.verbose)
    2572           0 :             log_info ("attribute subpacket too short\n");
    2573           0 :           break;
    2574             :         }
    2575             : 
    2576           0 :       attribs = xrealloc (attribs,
    2577             :                           (count + 1) * sizeof (struct user_attribute));
    2578           0 :       memset (&attribs[count], 0, sizeof (struct user_attribute));
    2579             : 
    2580           0 :       type = *buffer;
    2581           0 :       buffer++;
    2582           0 :       buflen--;
    2583           0 :       n--;
    2584             : 
    2585           0 :       attribs[count].type = type;
    2586           0 :       attribs[count].data = buffer;
    2587           0 :       attribs[count].len = n;
    2588           0 :       buffer += n;
    2589           0 :       buflen -= n;
    2590           0 :       count++;
    2591             :     }
    2592             : 
    2593           0 :   uid->attribs = attribs;
    2594           0 :   uid->numattribs = count;
    2595           0 :   return count;
    2596             : 
    2597             :  too_short:
    2598           0 :   if (opt.verbose)
    2599           0 :     log_info ("buffer shorter than attribute subpacket\n");
    2600           0 :   uid->attribs = attribs;
    2601           0 :   uid->numattribs = count;
    2602           0 :   return count;
    2603             : }
    2604             : 
    2605             : 
    2606             : static int
    2607        3239 : parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
    2608             : {
    2609             :   byte *p;
    2610             : 
    2611             :   /* Cap the size of a user ID at 2k: a value absurdly large enough
    2612             :      that there is no sane user ID string (which is printable text
    2613             :      as of RFC2440bis) that won't fit in it, but yet small enough to
    2614             :      avoid allocation problems.  A large pktlen may not be
    2615             :      allocatable, and a very large pktlen could actually cause our
    2616             :      allocation to wrap around in xmalloc to a small number. */
    2617             : 
    2618        3239 :   if (pktlen > MAX_UID_PACKET_LENGTH)
    2619             :     {
    2620           0 :       log_error ("packet(%d) too large\n", pkttype);
    2621           0 :       if (list_mode)
    2622           0 :         es_fprintf (listfp, ":user ID packet: [too large]\n");
    2623           0 :       iobuf_skip_rest (inp, pktlen, 0);
    2624           0 :       return GPG_ERR_INV_PACKET;
    2625             :     }
    2626             : 
    2627        3239 :   packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id + pktlen);
    2628        3239 :   packet->pkt.user_id->len = pktlen;
    2629        3239 :   packet->pkt.user_id->ref = 1;
    2630             : 
    2631        3239 :   p = packet->pkt.user_id->name;
    2632      104849 :   for (; pktlen; pktlen--, p++)
    2633      101610 :     *p = iobuf_get_noeof (inp);
    2634        3239 :   *p = 0;
    2635             : 
    2636        3239 :   if (list_mode)
    2637             :     {
    2638           0 :       int n = packet->pkt.user_id->len;
    2639           0 :       es_fprintf (listfp, ":user ID packet: \"");
    2640             :       /* fixme: Hey why don't we replace this with es_write_sanitized?? */
    2641           0 :       for (p = packet->pkt.user_id->name; n; p++, n--)
    2642             :         {
    2643           0 :           if (*p >= ' ' && *p <= 'z')
    2644           0 :             es_putc (*p, listfp);
    2645             :           else
    2646           0 :             es_fprintf (listfp, "\\x%02x", *p);
    2647             :         }
    2648           0 :       es_fprintf (listfp, "\"\n");
    2649             :     }
    2650        3239 :   return 0;
    2651             : }
    2652             : 
    2653             : 
    2654             : void
    2655           0 : make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
    2656             : {
    2657           0 :   assert (max_namelen > 70);
    2658           0 :   if (uid->numattribs <= 0)
    2659           0 :     sprintf (uid->name, "[bad attribute packet of size %lu]",
    2660             :              uid->attrib_len);
    2661           0 :   else if (uid->numattribs > 1)
    2662           0 :     sprintf (uid->name, "[%d attributes of size %lu]",
    2663             :              uid->numattribs, uid->attrib_len);
    2664             :   else
    2665             :     {
    2666             :       /* Only one attribute, so list it as the "user id" */
    2667             : 
    2668           0 :       if (uid->attribs->type == ATTRIB_IMAGE)
    2669             :         {
    2670             :           u32 len;
    2671             :           byte type;
    2672             : 
    2673           0 :           if (parse_image_header (uid->attribs, &type, &len))
    2674           0 :             sprintf (uid->name, "[%.20s image of size %lu]",
    2675             :                      image_type_to_string (type, 1), (ulong) len);
    2676             :           else
    2677           0 :             sprintf (uid->name, "[invalid image]");
    2678             :         }
    2679             :       else
    2680           0 :         sprintf (uid->name, "[unknown attribute of size %lu]",
    2681           0 :                  (ulong) uid->attribs->len);
    2682             :     }
    2683             : 
    2684           0 :   uid->len = strlen (uid->name);
    2685           0 : }
    2686             : 
    2687             : 
    2688             : static int
    2689           0 : parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
    2690             :                  PACKET * packet)
    2691             : {
    2692             :   byte *p;
    2693             : 
    2694             :   (void) pkttype;
    2695             : 
    2696             :   /* We better cap the size of an attribute packet to make DoS not too
    2697             :      easy.  16MB should be more then enough for one attribute packet
    2698             :      (ie. a photo).  */
    2699           0 :   if (pktlen > MAX_ATTR_PACKET_LENGTH)
    2700             :     {
    2701           0 :       log_error ("packet(%d) too large\n", pkttype);
    2702           0 :       if (list_mode)
    2703           0 :         es_fprintf (listfp, ":attribute packet: [too large]\n");
    2704           0 :       iobuf_skip_rest (inp, pktlen, 0);
    2705           0 :       return GPG_ERR_INV_PACKET;
    2706             :     }
    2707             : 
    2708             : #define EXTRA_UID_NAME_SPACE 71
    2709           0 :   packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
    2710             :                                        + EXTRA_UID_NAME_SPACE);
    2711           0 :   packet->pkt.user_id->ref = 1;
    2712           0 :   packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
    2713           0 :   packet->pkt.user_id->attrib_len = pktlen;
    2714             : 
    2715           0 :   p = packet->pkt.user_id->attrib_data;
    2716           0 :   for (; pktlen; pktlen--, p++)
    2717           0 :     *p = iobuf_get_noeof (inp);
    2718             : 
    2719             :   /* Now parse out the individual attribute subpackets.  This is
    2720             :      somewhat pointless since there is only one currently defined
    2721             :      attribute type (jpeg), but it is correct by the spec. */
    2722           0 :   parse_attribute_subpkts (packet->pkt.user_id);
    2723             : 
    2724           0 :   make_attribute_uidname (packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
    2725             : 
    2726           0 :   if (list_mode)
    2727             :     {
    2728           0 :       es_fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name);
    2729             :     }
    2730           0 :   return 0;
    2731             : }
    2732             : 
    2733             : 
    2734             : static int
    2735           0 : parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
    2736             : {
    2737             :   byte *p;
    2738             : 
    2739             :   /* Cap comment packet at a reasonable value to avoid an integer
    2740             :      overflow in the malloc below.  Comment packets are actually not
    2741             :      anymore define my OpenPGP and we even stopped to use our
    2742             :      private comment packet.  */
    2743           0 :   if (pktlen > MAX_COMMENT_PACKET_LENGTH)
    2744             :     {
    2745           0 :       log_error ("packet(%d) too large\n", pkttype);
    2746           0 :       if (list_mode)
    2747           0 :         es_fprintf (listfp, ":%scomment packet: [too large]\n",
    2748             :                     pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
    2749           0 :       iobuf_skip_rest (inp, pktlen, 0);
    2750           0 :       return GPG_ERR_INV_PACKET;
    2751             :     }
    2752           0 :   packet->pkt.comment = xmalloc (sizeof *packet->pkt.comment + pktlen - 1);
    2753           0 :   packet->pkt.comment->len = pktlen;
    2754           0 :   p = packet->pkt.comment->data;
    2755           0 :   for (; pktlen; pktlen--, p++)
    2756           0 :     *p = iobuf_get_noeof (inp);
    2757             : 
    2758           0 :   if (list_mode)
    2759             :     {
    2760           0 :       int n = packet->pkt.comment->len;
    2761           0 :       es_fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT ?
    2762             :                   "OpenPGP draft " : "");
    2763           0 :       for (p = packet->pkt.comment->data; n; p++, n--)
    2764             :         {
    2765           0 :           if (*p >= ' ' && *p <= 'z')
    2766           0 :             es_putc (*p, listfp);
    2767             :           else
    2768           0 :             es_fprintf (listfp, "\\x%02x", *p);
    2769             :         }
    2770           0 :       es_fprintf (listfp, "\"\n");
    2771             :     }
    2772           0 :   return 0;
    2773             : }
    2774             : 
    2775             : 
    2776             : static void
    2777           5 : parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
    2778             : {
    2779             :   int c;
    2780             : 
    2781             :   (void) pkttype;
    2782             : 
    2783           5 :   pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
    2784           5 :   if (pktlen)
    2785             :     {
    2786           5 :       c = iobuf_get_noeof (inp);
    2787           5 :       pktlen--;
    2788           5 :       pkt->pkt.ring_trust->trustval = c;
    2789           5 :       pkt->pkt.ring_trust->sigcache = 0;
    2790           5 :       if (!c && pktlen == 1)
    2791             :         {
    2792           0 :           c = iobuf_get_noeof (inp);
    2793           0 :           pktlen--;
    2794             :           /* We require that bit 7 of the sigcache is 0 (easier eof
    2795             :              handling).  */
    2796           0 :           if (!(c & 0x80))
    2797           0 :             pkt->pkt.ring_trust->sigcache = c;
    2798             :         }
    2799           5 :       if (list_mode)
    2800           0 :         es_fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
    2801           0 :                     pkt->pkt.ring_trust->trustval,
    2802           0 :                     pkt->pkt.ring_trust->sigcache);
    2803             :     }
    2804             :   else
    2805             :     {
    2806           0 :       pkt->pkt.ring_trust->trustval = 0;
    2807           0 :       pkt->pkt.ring_trust->sigcache = 0;
    2808           0 :       if (list_mode)
    2809           0 :         es_fprintf (listfp, ":trust packet: empty\n");
    2810             :     }
    2811           5 :   iobuf_skip_rest (inp, pktlen, 0);
    2812           5 : }
    2813             : 
    2814             : 
    2815             : static int
    2816         580 : parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
    2817             :                  PACKET * pkt, int new_ctb, int partial)
    2818             : {
    2819         580 :   int rc = 0;
    2820             :   int mode, namelen;
    2821             :   PKT_plaintext *pt;
    2822             :   byte *p;
    2823             :   int c, i;
    2824             : 
    2825         580 :   if (!partial && pktlen < 6)
    2826             :     {
    2827           0 :       log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
    2828           0 :       if (list_mode)
    2829           0 :         es_fputs (":literal data packet: [too short]\n", listfp);
    2830           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    2831           0 :       goto leave;
    2832             :     }
    2833         580 :   mode = iobuf_get_noeof (inp);
    2834         580 :   if (pktlen)
    2835         546 :     pktlen--;
    2836         580 :   namelen = iobuf_get_noeof (inp);
    2837         580 :   if (pktlen)
    2838         546 :     pktlen--;
    2839             :   /* Note that namelen will never exceed 255 bytes. */
    2840         580 :   pt = pkt->pkt.plaintext =
    2841         580 :     xmalloc (sizeof *pkt->pkt.plaintext + namelen - 1);
    2842         580 :   pt->new_ctb = new_ctb;
    2843         580 :   pt->mode = mode;
    2844         580 :   pt->namelen = namelen;
    2845         580 :   pt->is_partial = partial;
    2846         580 :   if (pktlen)
    2847             :     {
    2848        3532 :       for (i = 0; pktlen > 4 && i < namelen; pktlen--, i++)
    2849        2986 :         pt->name[i] = iobuf_get_noeof (inp);
    2850             :     }
    2851             :   else
    2852             :     {
    2853          48 :       for (i = 0; i < namelen; i++)
    2854          14 :         if ((c = iobuf_get (inp)) == -1)
    2855           0 :           break;
    2856             :         else
    2857          14 :           pt->name[i] = c;
    2858             :     }
    2859         580 :   pt->timestamp = read_32 (inp);
    2860         580 :   if (pktlen)
    2861         546 :     pktlen -= 4;
    2862         580 :   pt->len = pktlen;
    2863         580 :   pt->buf = inp;
    2864         580 :   pktlen = 0;
    2865             : 
    2866         580 :   if (list_mode)
    2867             :     {
    2868           2 :       es_fprintf (listfp, ":literal data packet:\n"
    2869             :                   "\tmode %c (%X), created %lu, name=\"",
    2870           1 :                   mode >= ' ' && mode < 'z' ? mode : '?', mode,
    2871           1 :                   (ulong) pt->timestamp);
    2872           6 :       for (p = pt->name, i = 0; i < namelen; p++, i++)
    2873             :         {
    2874           5 :           if (*p >= ' ' && *p <= 'z')
    2875           5 :             es_putc (*p, listfp);
    2876             :           else
    2877           0 :             es_fprintf (listfp, "\\x%02x", *p);
    2878             :         }
    2879           1 :       es_fprintf (listfp, "\",\n\traw data: ");
    2880           1 :       if (partial)
    2881           0 :         es_fprintf (listfp, "unknown length\n");
    2882             :       else
    2883           1 :         es_fprintf (listfp, "%lu bytes\n", (ulong) pt->len);
    2884             :     }
    2885             : 
    2886             :  leave:
    2887         580 :   return rc;
    2888             : }
    2889             : 
    2890             : 
    2891             : static int
    2892         540 : parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
    2893             :                   PACKET * pkt, int new_ctb)
    2894             : {
    2895             :   PKT_compressed *zd;
    2896             : 
    2897             :   /* PKTLEN is here 0, but data follows (this should be the last
    2898             :      object in a file or the compress algorithm should know the
    2899             :      length).  */
    2900             :   (void) pkttype;
    2901             :   (void) pktlen;
    2902             : 
    2903         540 :   zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
    2904         540 :   zd->algorithm = iobuf_get_noeof (inp);
    2905         540 :   zd->len = 0;                       /* not used */
    2906         540 :   zd->new_ctb = new_ctb;
    2907         540 :   zd->buf = inp;
    2908         540 :   if (list_mode)
    2909           1 :     es_fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
    2910         540 :   return 0;
    2911             : }
    2912             : 
    2913             : 
    2914             : static int
    2915         470 : parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
    2916             :                  PACKET * pkt, int new_ctb, int partial)
    2917             : {
    2918         470 :   int rc = 0;
    2919             :   PKT_encrypted *ed;
    2920         470 :   unsigned long orig_pktlen = pktlen;
    2921             : 
    2922         470 :   ed = pkt->pkt.encrypted = xmalloc (sizeof *pkt->pkt.encrypted);
    2923             :   /* ed->len is set below.  */
    2924         470 :   ed->extralen = 0;  /* Unknown here; only used in build_packet.  */
    2925         470 :   ed->buf = NULL;
    2926         470 :   ed->new_ctb = new_ctb;
    2927         470 :   ed->is_partial = partial;
    2928         470 :   if (pkttype == PKT_ENCRYPTED_MDC)
    2929             :     {
    2930             :       /* Fixme: add some pktlen sanity checks.  */
    2931             :       int version;
    2932             : 
    2933         417 :       version = iobuf_get_noeof (inp);
    2934         417 :       if (orig_pktlen)
    2935         199 :         pktlen--;
    2936         417 :       if (version != 1)
    2937             :         {
    2938           0 :           log_error ("encrypted_mdc packet with unknown version %d\n",
    2939             :                      version);
    2940           0 :           if (list_mode)
    2941           0 :             es_fputs (":encrypted data packet: [unknown version]\n", listfp);
    2942             :           /*skip_rest(inp, pktlen); should we really do this? */
    2943           0 :           rc = gpg_error (GPG_ERR_INV_PACKET);
    2944           0 :           goto leave;
    2945             :         }
    2946         417 :       ed->mdc_method = DIGEST_ALGO_SHA1;
    2947             :     }
    2948             :   else
    2949          53 :     ed->mdc_method = 0;
    2950             : 
    2951             :   /* A basic sanity check.  We need at least an 8 byte IV plus the 2
    2952             :      detection bytes.  Note that we don't known the algorithm and thus
    2953             :      we may only check against the minimum blocksize.  */
    2954         470 :   if (orig_pktlen && pktlen < 10)
    2955             :     {
    2956             :       /* Actually this is blocksize+2.  */
    2957           0 :       log_error ("packet(%d) too short\n", pkttype);
    2958           0 :       if (list_mode)
    2959           0 :         es_fputs (":encrypted data packet: [too short]\n", listfp);
    2960           0 :       rc = GPG_ERR_INV_PACKET;
    2961           0 :       iobuf_skip_rest (inp, pktlen, partial);
    2962           0 :       goto leave;
    2963             :     }
    2964             : 
    2965             :   /* Store the remaining length of the encrypted data (i.e. without
    2966             :      the MDC version number but with the IV etc.).  This value is
    2967             :      required during decryption.  */
    2968         470 :   ed->len = pktlen;
    2969             : 
    2970         470 :   if (list_mode)
    2971             :     {
    2972           0 :       if (orig_pktlen)
    2973           0 :         es_fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
    2974             :                     orig_pktlen);
    2975             :       else
    2976           0 :         es_fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
    2977           0 :       if (ed->mdc_method)
    2978           0 :         es_fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method);
    2979             :     }
    2980             : 
    2981         470 :   ed->buf = inp;
    2982             : 
    2983             :  leave:
    2984         470 :   return rc;
    2985             : }
    2986             : 
    2987             : 
    2988             : /* Note, that this code is not anymore used in real life because the
    2989             :    MDC checking is now done right after the decryption in
    2990             :    decrypt_data.  */
    2991             : static int
    2992           0 : parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
    2993             :            PACKET * pkt, int new_ctb)
    2994             : {
    2995           0 :   int rc = 0;
    2996             :   PKT_mdc *mdc;
    2997             :   byte *p;
    2998             : 
    2999             :   (void) pkttype;
    3000             : 
    3001           0 :   mdc = pkt->pkt.mdc = xmalloc (sizeof *pkt->pkt.mdc);
    3002           0 :   if (list_mode)
    3003           0 :     es_fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
    3004           0 :   if (!new_ctb || pktlen != 20)
    3005             :     {
    3006           0 :       log_error ("mdc_packet with invalid encoding\n");
    3007           0 :       rc = gpg_error (GPG_ERR_INV_PACKET);
    3008           0 :       goto leave;
    3009             :     }
    3010           0 :   p = mdc->hash;
    3011           0 :   for (; pktlen; pktlen--, p++)
    3012           0 :     *p = iobuf_get_noeof (inp);
    3013             : 
    3014             :  leave:
    3015           0 :   return rc;
    3016             : }
    3017             : 
    3018             : 
    3019             : /*
    3020             :  * This packet is internally generated by us (ibn armor.c) to transfer
    3021             :  * some information to the lower layer.  To make sure that this packet
    3022             :  * is really a GPG faked one and not one comming from outside, we
    3023             :  * first check that there is a unique tag in it.
    3024             :  *
    3025             :  * The format of such a control packet is:
    3026             :  *   n byte  session marker
    3027             :  *   1 byte  control type CTRLPKT_xxxxx
    3028             :  *   m byte  control data
    3029             :  */
    3030             : static int
    3031          16 : parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
    3032             :                    PACKET * packet, int partial)
    3033             : {
    3034             :   byte *p;
    3035             :   const byte *sesmark;
    3036             :   size_t sesmarklen;
    3037             :   int i;
    3038             : 
    3039             :   (void) pkttype;
    3040             : 
    3041          16 :   if (list_mode)
    3042           0 :     es_fprintf (listfp, ":packet 63: length %lu ", pktlen);
    3043             : 
    3044          16 :   sesmark = get_session_marker (&sesmarklen);
    3045          16 :   if (pktlen < sesmarklen + 1)       /* 1 is for the control bytes */
    3046           0 :     goto skipit;
    3047         272 :   for (i = 0; i < sesmarklen; i++, pktlen--)
    3048             :     {
    3049         256 :       if (sesmark[i] != iobuf_get_noeof (inp))
    3050           0 :         goto skipit;
    3051             :     }
    3052          16 :   if (pktlen > 4096)
    3053           0 :     goto skipit;  /* Definitely too large.  We skip it to avoid an
    3054             :                      overflow in the malloc.  */
    3055          16 :   if (list_mode)
    3056           0 :     es_fputs ("- gpg control packet", listfp);
    3057             : 
    3058          16 :   packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
    3059             :                                      + pktlen - 1);
    3060          16 :   packet->pkt.gpg_control->control = iobuf_get_noeof (inp);
    3061          16 :   pktlen--;
    3062          16 :   packet->pkt.gpg_control->datalen = pktlen;
    3063          16 :   p = packet->pkt.gpg_control->data;
    3064          48 :   for (; pktlen; pktlen--, p++)
    3065          32 :     *p = iobuf_get_noeof (inp);
    3066             : 
    3067          16 :   return 0;
    3068             : 
    3069             :  skipit:
    3070           0 :   if (list_mode)
    3071             :     {
    3072             :       int c;
    3073             : 
    3074           0 :       i = 0;
    3075           0 :       es_fprintf (listfp, "- private (rest length %lu)\n", pktlen);
    3076           0 :       if (partial)
    3077             :         {
    3078           0 :           while ((c = iobuf_get (inp)) != -1)
    3079           0 :             dump_hex_line (c, &i);
    3080             :         }
    3081             :       else
    3082             :         {
    3083           0 :           for (; pktlen; pktlen--)
    3084             :             {
    3085           0 :               dump_hex_line ((c = iobuf_get (inp)), &i);
    3086           0 :               if (c == -1)
    3087           0 :                 break;
    3088             :             }
    3089             :         }
    3090           0 :       es_putc ('\n', listfp);
    3091             :     }
    3092           0 :   iobuf_skip_rest (inp, pktlen, 0);
    3093           0 :   return gpg_error (GPG_ERR_INV_PACKET);
    3094             : }
    3095             : 
    3096             : 
    3097             : /* Create a GPG control packet to be used internally as a placeholder.  */
    3098             : PACKET *
    3099         579 : create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
    3100             : {
    3101             :   PACKET *packet;
    3102             :   byte *p;
    3103             : 
    3104         579 :   packet = xmalloc (sizeof *packet);
    3105         579 :   init_packet (packet);
    3106         579 :   packet->pkttype = PKT_GPG_CONTROL;
    3107         579 :   packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
    3108             :                                      + datalen - 1);
    3109         579 :   packet->pkt.gpg_control->control = type;
    3110         579 :   packet->pkt.gpg_control->datalen = datalen;
    3111         579 :   p = packet->pkt.gpg_control->data;
    3112         579 :   for (; datalen; datalen--, p++)
    3113           0 :     *p = *data++;
    3114             : 
    3115         579 :   return packet;
    3116             : }

Generated by: LCOV version 1.11