From: Martti Rannanjärvi <martti.rannanjarvi@dovecot.fi>
Date: Tue, 28 Jun 2016 10:24:09 +0000 (+0300)
Subject: lib-dcrypt: correctly set version 2 on key info
X-Git-Tag: 2.2.25.rc1~41
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3dba61671ddc02668f71c9692eb39ea8f8a30db1;p=thirdparty%2Fdovecot%2Fcore.git

lib-dcrypt: correctly set version 2 on key info

Dovecot format version 2 keys were incorrectly reported as version 1
before.
---

diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c
index 6447a46c43..f967695e64 100644
--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
@@ -1809,7 +1809,7 @@ bool dcrypt_openssl_key_string_get_info(const char *key_data, enum dcrypt_key_fo
 				return FALSE;
 			}
 		} else if (strcmp(fields[0], "2") == 0) {
-			version = DCRYPT_KEY_VERSION_1;
+			version = DCRYPT_KEY_VERSION_2;
 			if (nfields == 3) {
 				kind = DCRYPT_KEY_KIND_PUBLIC;
 			} else if (nfields == 5 && strcmp(fields[2],"0") == 0) {
@@ -1828,6 +1828,10 @@ bool dcrypt_openssl_key_string_get_info(const char *key_data, enum dcrypt_key_fo
 					*error_r = "Invalid dovecot v2 encoding";
 				return FALSE;
 			}
+		} else {
+			if (error_r != NULL)
+				*error_r = "Invalid dovecot key version";
+			return FALSE;
 		}
 
 		/* last field is always key hash */
diff --git a/src/lib-dcrypt/test-crypto.c b/src/lib-dcrypt/test-crypto.c
index a6d96b10b7..501bae414b 100644
--- a/src/lib-dcrypt/test-crypto.c
+++ b/src/lib-dcrypt/test-crypto.c
@@ -440,6 +440,35 @@ void test_load_v2_public_key(void)
 	test_end();
 }
 
+static
+void test_get_info_v2_key(void) {
+	test_begin("test_get_info_v2_key");
+
+	const char *key = "2\t305e301006072a8648ce3d020106052b81040026034a000203fcc90034fa03d6fb79a0fc8b3b43c3398f68e76029307360cdcb9e27bb7e84b3c19dfb7244763bc4d442d216f09b7b7945ed9d182f3156550e9ee30b237a0217dbf79d28975f31\t86706b69d1f640011a65d26a42f2ba20a619173644e1cc7475eb1d90966e84dc";
+	enum dcrypt_key_format format;
+	enum dcrypt_key_version version = DCRYPT_KEY_VERSION_NA;
+	enum dcrypt_key_kind kind;
+	enum dcrypt_key_encryption_type encryption_type;
+	const char *encryption_key_hash = NULL;
+	const char *key_hash = NULL;
+	const char *error = NULL;
+
+	test_assert(dcrypt_key_string_get_info(key, &format, &version,
+			&kind, &encryption_type, &encryption_key_hash,
+			&key_hash, &error));
+	test_assert(error == NULL);
+	test_assert(format == DCRYPT_FORMAT_DOVECOT);
+	test_assert(version == DCRYPT_KEY_VERSION_2);
+
+	test_assert(kind == DCRYPT_KEY_KIND_PUBLIC);
+	test_assert(encryption_type == DCRYPT_KEY_ENCRYPTION_TYPE_NONE);
+	test_assert(encryption_key_hash == NULL);
+	test_assert(key_hash != NULL && strcmp(key_hash,
+		"86706b69d1f640011a65d26a42f2ba20a619173644e1cc7475eb1d90966e84dc") == 0);
+
+	test_end();
+}
+
 static
 void test_gen_and_get_info_rsa_pem(void)
 {
@@ -517,6 +546,7 @@ int main(void) {
 		test_load_v1_public_key,
 		test_load_v2_key,
 		test_load_v2_public_key,
+		test_get_info_v2_key,
 		test_gen_and_get_info_rsa_pem,
 		NULL
 	};