2 * cleankey.c - Routines to look for common key problems and clean them up.
4 * Copyright 2004,2012 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
25 #include "keystructs.h"
29 #include "onak-conf.h"
33 * dedupuids - Merge duplicate uids on a key.
34 * @key: The key to de-dup uids on.
36 * This function attempts to merge duplicate IDs on a key. It returns 0
37 * if the key is unchanged, otherwise the number of dups merged.
39 int dedupuids(struct openpgp_publickey *key)
41 struct openpgp_signedpacket_list *curuid = NULL;
42 struct openpgp_signedpacket_list *dup = NULL;
43 struct openpgp_signedpacket_list *tmp = NULL;
46 log_assert(key != NULL);
48 while (curuid != NULL) {
49 dup = find_signed_packet(curuid->next, curuid->packet);
51 logthing(LOGTHING_INFO, "Found duplicate uid: %.*s",
52 curuid->packet->length,
53 curuid->packet->data);
55 merge_packet_sigs(curuid, dup);
57 * Remove the duplicate uid.
60 while (tmp != NULL && tmp->next != dup) {
63 log_assert(tmp != NULL);
64 tmp->next = dup->next;
66 free_signedpacket_list(dup);
68 dup = find_signed_packet(curuid->next, curuid->packet);
70 curuid = curuid->next;
77 * check_sighashes - Check that sig hashes are correct.
78 * @key - the check to check the sig hashes of.
80 * Given an OpenPGP key confirm that all of the sigs on it have the
81 * appropriate 2 octet hash beginning, as stored as part of the sig.
82 * This is a simple way to remove junk sigs and, for example, catches
83 * subkey sig corruption as produced by old pksd implementations.
84 * Any sig that has an incorrect hash is removed from the key. If the
85 * hash cannot be checked (eg we don't support that hash type) we err
86 * on the side of caution and keep it.
88 int clean_sighashes(struct openpgp_publickey *key,
89 struct openpgp_packet *sigdata,
90 struct openpgp_packet_list **sigs)
92 struct openpgp_packet_list *tmpsig;
95 while (*sigs != NULL) {
96 if (check_packet_sighash(key, sigdata, (*sigs)->packet) == 0) {
98 *sigs = (*sigs)->next;
100 free_packet_list(tmpsig);
103 sigs = &(*sigs)->next;
110 int clean_list_sighashes(struct openpgp_publickey *key,
111 struct openpgp_signedpacket_list *siglist)
115 while (siglist != NULL) {
116 removed += clean_sighashes(key, siglist->packet,
118 siglist = siglist->next;
124 int clean_key_sighashes(struct openpgp_publickey *key)
128 removed = clean_sighashes(key, NULL, &key->sigs);
129 removed += clean_list_sighashes(key, key->uids);
130 removed += clean_list_sighashes(key, key->subkeys);
136 * cleankeys - Apply all available cleaning options on a list of keys.
137 * @keys: The list of keys to clean.
139 * Applies all the cleaning options we can (eg duplicate key ids) to a
140 * list of keys. Returns 0 if no changes were made, otherwise the number
143 int cleankeys(struct openpgp_publickey *keys)
145 int changed = 0, count;
147 while (keys != NULL) {
148 count = dedupuids(keys);
149 if (config.check_sighash) {
150 count += clean_key_sighashes(keys);