From: Jonathan McDowell Date: Fri, 14 Aug 2015 17:19:15 +0000 (+0100) Subject: Add de-duplication of subkeys on a key X-Git-Tag: onak-0.4.6~10 X-Git-Url: https://the.earth.li/gitweb/?a=commitdiff_plain;h=e17ef1fac72bcfeff58e7c88af18eea6f9d6bc85;p=onak.git Add de-duplication of subkeys on a key GnuPG will incorrectly add a pre-existing subkey that it doesn't understand (e.g. ECC) to a key. This results in keys with a large number of identical subkeys. Avoid this by detecting such keys and de-duplicating the identical subkeys. (gnupg bug report at https://bugs.gnupg.org/gnupg/issue1962) --- diff --git a/cleankey.c b/cleankey.c index 7d0bfe4..5608ef0 100644 --- a/cleankey.c +++ b/cleankey.c @@ -22,6 +22,7 @@ #include #include "cleankey.h" +#include "keyid.h" #include "keystructs.h" #include "log.h" #include "mem.h" @@ -73,6 +74,53 @@ int dedupuids(struct openpgp_publickey *key) return merged; } +/** + * dedupsubkeys - Merge duplicate subkeys on a key. + * @key: The key to de-dup subkeys on. + * + * This function attempts to merge duplicate subkeys on a key. It returns + * 0 if the key is unchanged, otherwise the number of dups merged. + */ +int dedupsubkeys(struct openpgp_publickey *key) +{ + struct openpgp_signedpacket_list *cursubkey = NULL; + struct openpgp_signedpacket_list *dup = NULL; + struct openpgp_signedpacket_list *tmp = NULL; + int merged = 0; + uint64_t subkeyid; + + log_assert(key != NULL); + cursubkey = key->subkeys; + while (cursubkey != NULL) { + dup = find_signed_packet(cursubkey->next, cursubkey->packet); + while (dup != NULL) { + get_packetid(cursubkey->packet, &subkeyid); + logthing(LOGTHING_INFO, + "Found duplicate subkey: 0x%016" PRIX64, + subkeyid); + merged++; + merge_packet_sigs(cursubkey, dup); + /* + * Remove the duplicate uid. + */ + tmp = cursubkey; + while (tmp != NULL && tmp->next != dup) { + tmp = tmp->next; + } + log_assert(tmp != NULL); + tmp->next = dup->next; + dup->next = NULL; + free_signedpacket_list(dup); + + dup = find_signed_packet(cursubkey->next, + cursubkey->packet); + } + cursubkey = cursubkey->next; + } + + return merged; +} + /** * check_sighashes - Check that sig hashes are correct. * @key - the check to check the sig hashes of. @@ -146,6 +194,7 @@ int cleankeys(struct openpgp_publickey *keys) while (keys != NULL) { count = dedupuids(keys); + count += dedupsubkeys(keys); if (config.check_sighash) { count += clean_key_sighashes(keys); }