Fixed issue with mixed grouped/ungrouped idents sharing the same key and when revocation occurs krista-local-7-Jan-2020
authorKrista 'DarthMama' Bennett <krista@pep.foundation>
Mon, 13 Jan 2020 15:43:17 +0100
branchkrista-local-7-Jan-2020
changeset 43299ad078f25131
parent 4328 1cab90c62df2
child 4330 b60132b40bae
Fixed issue with mixed grouped/ungrouped idents sharing the same key and when revocation occurs
src/key_reset.c
     1.1 --- a/src/key_reset.c	Mon Jan 13 15:29:31 2020 +0100
     1.2 +++ b/src/key_reset.c	Mon Jan 13 15:43:17 2020 +0100
     1.3 @@ -136,13 +136,18 @@
     1.4                  return PEP_UNKNOWN_ERROR;
     1.5          }        
     1.6      }
     1.7 -        
     1.8 +    
     1.9 +    if (!kr_commands) {
    1.10 +        // There was nothing for us to send to self - we could be ungrouped,
    1.11 +        // etc
    1.12 +        return PEP_STATUS_OK;
    1.13 +    }    
    1.14      char* payload = NULL;
    1.15      size_t size = 0;
    1.16      status = key_reset_commands_to_PER(kr_commands, &payload, &size);
    1.17      if (status != PEP_STATUS_OK)
    1.18          return status;
    1.19 -    
    1.20 +        
    1.21      // From and to our first ident - this only goes to us.
    1.22      pEp_identity* from = identity_dup(from_idents->ident);
    1.23      pEp_identity* to = identity_dup(from);    
    1.24 @@ -862,19 +867,12 @@
    1.25      // each of these has the same key and needs a new one.
    1.26      identity_list* curr_ident;
    1.27      for (curr_ident = key_idents; curr_ident && curr_ident->ident; curr_ident = curr_ident->next) {
    1.28 -        if (curr_ident->ident->flags & PEP_idf_devicegroup) {
    1.29 -            pEp_identity* ident = curr_ident->ident;
    1.30 -            free(ident->fpr);
    1.31 -            ident->fpr = NULL;
    1.32 -            status = generate_keypair(session, ident);
    1.33 -            if (status != PEP_STATUS_OK)
    1.34 -                return status;
    1.35 -                
    1.36 -        }
    1.37 -        // FIXME: BUG - this will cause early revocation for grouped idents!! 
    1.38 -        else {
    1.39 -            status = key_reset(session, old_key, curr_ident->ident); 
    1.40 -        }        
    1.41 +        pEp_identity* ident = curr_ident->ident;
    1.42 +        free(ident->fpr);
    1.43 +        ident->fpr = NULL;
    1.44 +        status = generate_keypair(session, ident);
    1.45 +        if (status != PEP_STATUS_OK)
    1.46 +            return status;            
    1.47      }
    1.48          
    1.49      // Ok, everyone's got a new keypair. Hoorah! 
    1.50 @@ -884,24 +882,28 @@
    1.51                                             key_idents,
    1.52                                             old_key,
    1.53                                             &outmsg);
    1.54 -    
    1.55 -    message* enc_msg = NULL;
    1.56 -    
    1.57 -    // encrypt this baby and get out
    1.58 -    // extra keys???
    1.59 -    status = encrypt_message(session, outmsg, NULL, &enc_msg, PEP_enc_PGP_MIME, PEP_encrypt_flag_key_reset_only);
    1.60 -    
    1.61 -    if (status != PEP_STATUS_OK) {
    1.62 -        goto pEp_free;
    1.63 +                                           
    1.64 +    // Following will only be true if some idents were grouped,
    1.65 +    // and will only include grouped idents!                                       
    1.66 +    if (outmsg) {    
    1.67 +        message* enc_msg = NULL;
    1.68 +        
    1.69 +        // encrypt this baby and get out
    1.70 +        // extra keys???
    1.71 +        status = encrypt_message(session, outmsg, NULL, &enc_msg, PEP_enc_PGP_MIME, PEP_encrypt_flag_key_reset_only);
    1.72 +        
    1.73 +        if (status != PEP_STATUS_OK) {
    1.74 +            goto pEp_free;
    1.75 +        }
    1.76 +
    1.77 +        // insert into queue
    1.78 +        status = send_cb(enc_msg);
    1.79 +
    1.80 +        if (status != PEP_STATUS_OK) {
    1.81 +            free(enc_msg);
    1.82 +            goto pEp_free;            
    1.83 +        }                         
    1.84      }
    1.85 -
    1.86 -    // insert into queue
    1.87 -    status = send_cb(enc_msg);
    1.88 -
    1.89 -    if (status != PEP_STATUS_OK) {
    1.90 -        free(enc_msg);
    1.91 -        goto pEp_free;            
    1.92 -    }                         
    1.93      
    1.94      // Ok, we've signed everything we need to with the old key,
    1.95      // Revoke that baby.