summaryrefslogtreecommitdiff
path: root/security/netpgp/patches/patch-src_lib_keyring.c
blob: 8500d1f253c1ba8c643520dec952168be9984a54 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

$NetBSD: patch-src_lib_keyring.c,v 1.3 2018/03/15 20:00:43 khorben Exp $

Do not crash when listing keys without a keyring.
Do not use random data for pass-phrases on EOF.
Do not ask for a passphrase when empty.

--- src/lib/keyring.c.orig	2011-06-25 00:37:44.000000000 +0000
+++ src/lib/keyring.c
@@ -226,7 +226,7 @@ typedef struct {
 	pgp_seckey_t		*seckey;
 } decrypt_t;
 
-static pgp_cb_ret_t 
+static pgp_cb_ret_t
 decrypt_cb(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
 {
 	const pgp_contents_t	*content = &pkt->u;
@@ -244,7 +244,9 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_
 		break;
 
 	case PGP_GET_PASSPHRASE:
-		(void) pgp_getpassphrase(decrypt->passfp, pass, sizeof(pass));
+		if (pgp_getpassphrase(decrypt->passfp, pass, sizeof(pass)) == 0) {
+			pass[0] = '\0';
+		}
 		*content->skey_passphrase.passphrase = netpgp_strdup(pass);
 		pgp_forget(pass, (unsigned)sizeof(pass));
 		return PGP_KEEP_MEMORY;
@@ -292,6 +294,20 @@ decrypt_cb(const pgp_packet_t *pkt, pgp_
 	return PGP_RELEASE_MEMORY;
 }
 
+static pgp_cb_ret_t
+decrypt_cb_empty(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
+{
+	const pgp_contents_t	*content = &pkt->u;
+
+	switch (pkt->tag) {
+	case PGP_GET_PASSPHRASE:
+		*content->skey_passphrase.passphrase = netpgp_strdup("");
+		return PGP_KEEP_MEMORY;
+	default:
+		return decrypt_cb(pkt, cbinfo);
+	}
+}
+
 /**
 \ingroup Core_Keys
 \brief Decrypts secret key from given keydata with given passphrase
@@ -306,8 +322,18 @@ pgp_decrypt_seckey(const pgp_key_t *key,
 	const int	 printerrors = 1;
 	decrypt_t	 decrypt;
 
+	/* first try with an empty passphrase */
 	(void) memset(&decrypt, 0x0, sizeof(decrypt));
 	decrypt.key = key;
+	stream = pgp_new(sizeof(*stream));
+	pgp_keydata_reader_set(stream, key);
+	pgp_set_callback(stream, decrypt_cb_empty, &decrypt);
+	stream->readinfo.accumulate = 1;
+	pgp_parse(stream, !printerrors);
+	if (decrypt.seckey != NULL) {
+		return decrypt.seckey;
+	}
+	/* ask for a passphrase */
 	decrypt.passfp = passfp;
 	stream = pgp_new(sizeof(*stream));
 	pgp_keydata_reader_set(stream, key);
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-27 17:17:26 +0000