security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-22 19:58:29 +01:00
Code Activity

Add pubkey letters e and E for ECC.

Browse Source 
This does not mean we have any kind of ECC support now.  It is merely
to avoid printing a question mark for the algorithm.

Trailing white space changes as usual.
This commit is contained in:
Werner Koch 2011-07-01 10:21:08 +02:00
parent fc1680abdf
commit 04b0b050ff
7 changed files with 216 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
g10/build-packet.c
View File

@ -313,7 +313,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
private/experimental extension (this is not private/experimental extension (this is not
specified in rfc2440 but the same scheme is used specified in rfc2440 but the same scheme is used
for all other algorithm identifiers) */ for all other algorithm identifiers) */
iobuf_put(a, 101 ); iobuf_put(a, 101 );
iobuf_put(a, sk->protect.s2k.hash_algo ); iobuf_put(a, sk->protect.s2k.hash_algo );
iobuf_write(a, "GNU", 3 ); iobuf_write(a, "GNU", 3 );
iobuf_put(a, sk->protect.s2k.mode - 1000 ); iobuf_put(a, sk->protect.s2k.mode - 1000 );
@ -326,10 +326,10 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
|| sk->protect.s2k.mode == 3 ) || sk->protect.s2k.mode == 3 )
iobuf_write(a, sk->protect.s2k.salt, 8 ); iobuf_write(a, sk->protect.s2k.salt, 8 );
if( sk->protect.s2k.mode == 3 ) if( sk->protect.s2k.mode == 3 )
iobuf_put(a, sk->protect.s2k.count ); iobuf_put(a, sk->protect.s2k.count );
/* For out special modes 1001, 1002 we do not need an IV */ /* For out special modes 1001, 1002 we do not need an IV */
if( sk->protect.s2k.mode != 1001 if( sk->protect.s2k.mode != 1001
&& sk->protect.s2k.mode != 1002 ) && sk->protect.s2k.mode != 1002 )
iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); iobuf_write(a, sk->protect.iv, sk->protect.ivlen );
} }
@ -338,9 +338,9 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
iobuf_put(a, 0 ); iobuf_put(a, 0 );
if( sk->protect.s2k.mode == 1001 ) if( sk->protect.s2k.mode == 1001 )
; /* GnuPG extension - don't write a secret key at all */ ; /* GnuPG extension - don't write a secret key at all */
else if( sk->protect.s2k.mode == 1002 ) else if( sk->protect.s2k.mode == 1002 )
{ /* GnuPG extension - divert to OpenPGP smartcard. */ { /* GnuPG extension - divert to OpenPGP smartcard. */
iobuf_put(a, sk->protect.ivlen ); /* length of the serial iobuf_put(a, sk->protect.ivlen ); /* length of the serial
number or 0 for no serial number or 0 for no serial
number. */ number. */
@ -599,7 +599,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
} }
if( buflen < n ) if( buflen < n )
break; break;
type = *buffer & 0x7f; type = *buffer & 0x7f;
if( type == reqtype ) { if( type == reqtype ) {
buffer++; buffer++;
@ -633,7 +633,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
* Note: All pointers into sig->[un]hashed (e.g. returned by * Note: All pointers into sig->[un]hashed (e.g. returned by
* parse_sig_subpkt) are not valid after a call to this function. The * parse_sig_subpkt) are not valid after a call to this function. The
* data to put into the subpaket should be in a buffer with a length * data to put into the subpaket should be in a buffer with a length
* of buflen. * of buflen.
*/ */
void void
build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type, build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
@ -736,7 +736,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
case SIGSUBPKT_SIGNATURE: case SIGSUBPKT_SIGNATURE:
hashed = 0; hashed = 0;
break; break;
default: default:
hashed = 1; hashed = 1;
break; break;
} }
@ -787,7 +787,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
memcpy (p, buffer, buflen); memcpy (p, buffer, buflen);
} }
if (hashed) if (hashed)
sig->hashed = newarea; sig->hashed = newarea;
else else
sig->unhashed = newarea; sig->unhashed = newarea;
@ -1196,6 +1196,8 @@ write_header( IOBUF out, int ctb, u32 len )
static int static int
write_sign_packet_header( IOBUF out, int ctb, u32 len ) write_sign_packet_header( IOBUF out, int ctb, u32 len )
{ {
(void)ctb;
/* work around a bug in the pgp read function for signature packets, /* work around a bug in the pgp read function for signature packets,
* which are not correctly coded and silently assume at some * which are not correctly coded and silently assume at some
* point 2 byte length headers.*/ * point 2 byte length headers.*/
@ -1305,6 +1307,8 @@ write_new_header( IOBUF out, int ctb, u32 len, int hdrlen )
static int static int
write_version( IOBUF out, int ctb ) write_version( IOBUF out, int ctb )
{ {
(void)ctb;
if( iobuf_put( out, 3 ) ) if( iobuf_put( out, 3 ) )
return -1; return -1;
return 0; return 0;

150
g10/getkey.c
View File

@ -195,7 +195,7 @@ get_primary_uid ( KBNODE keyblock, size_t *uidlen )
*uidlen = k->pkt->pkt.user_id->len; *uidlen = k->pkt->pkt.user_id->len;
return k->pkt->pkt.user_id->name; return k->pkt->pkt.user_id->name;
} }
} }
s = user_id_not_found_utf8 (); s = user_id_not_found_utf8 ();
*uidlen = strlen (s); *uidlen = strlen (s);
return s; return s;
@ -303,7 +303,7 @@ pk_from_block ( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE keyblock )
assert ( a->pkt->pkttype == PKT_PUBLIC_KEY assert ( a->pkt->pkttype == PKT_PUBLIC_KEY
|| a->pkt->pkttype == PKT_PUBLIC_SUBKEY ); || a->pkt->pkttype == PKT_PUBLIC_SUBKEY );
copy_public_key ( pk, a->pkt->pkt.public_key ); copy_public_key ( pk, a->pkt->pkt.public_key );
} }
@ -315,7 +315,7 @@ sk_from_block ( GETKEY_CTX ctx,
assert ( a->pkt->pkttype == PKT_SECRET_KEY assert ( a->pkt->pkttype == PKT_SECRET_KEY
|| a->pkt->pkttype == PKT_SECRET_SUBKEY ); || a->pkt->pkttype == PKT_SECRET_SUBKEY );
copy_secret_key( sk, a->pkt->pkt.secret_key); copy_secret_key( sk, a->pkt->pkt.secret_key);
} }
@ -400,7 +400,7 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
KEYDB_HANDLE hd; KEYDB_HANDLE hd;
KBNODE keyblock; KBNODE keyblock;
u32 pkid[2]; u32 pkid[2];
assert (pk); assert (pk);
#if MAX_PK_CACHE_ENTRIES #if MAX_PK_CACHE_ENTRIES
{ /* Try to get it from the cache */ { /* Try to get it from the cache */
@ -427,7 +427,7 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
} }
rc = keydb_get_keyblock (hd, &keyblock); rc = keydb_get_keyblock (hd, &keyblock);
keydb_release (hd); keydb_release (hd);
if (rc) if (rc)
{ {
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc)); log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
return G10ERR_NO_PUBKEY; return G10ERR_NO_PUBKEY;
@ -561,8 +561,8 @@ seckey_available( u32 *keyid )
* must be in the range 0..9), this is considered a fingerprint. * must be in the range 0..9), this is considered a fingerprint.
* - If the username starts with a left angle, we assume it is a complete * - If the username starts with a left angle, we assume it is a complete
* email address and look only at this part. * email address and look only at this part.
* - If the username starts with a colon we assume it is a unified * - If the username starts with a colon we assume it is a unified
* key specfification. * key specfification.
* - If the username starts with a '.', we assume it is the ending * - If the username starts with a '.', we assume it is the ending
* part of an email address * part of an email address
* - If the username starts with an '@', we assume it is a part of an * - If the username starts with an '@', we assume it is a part of an
@ -583,7 +583,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
const char *s; const char *s;
int hexprefix = 0; int hexprefix = 0;
int hexlength; int hexlength;
int mode = 0; int mode = 0;
KEYDB_SEARCH_DESC dummy_desc; KEYDB_SEARCH_DESC dummy_desc;
if (!desc) if (!desc)
@ -642,12 +642,12 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
case '#': /* local user id */ case '#': /* local user id */
return 0; /* This is now obsolete and van't not be used anymore*/ return 0; /* This is now obsolete and van't not be used anymore*/
case ':': /*Unified fingerprint */ case ':': /*Unified fingerprint */
{ {
const char *se, *si; const char *se, *si;
int i; int i;
se = strchr( ++s,':'); se = strchr( ++s,':');
if ( !se ) if ( !se )
return 0; return 0;
@ -657,15 +657,15 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
} }
if (i != 32 && i != 40) if (i != 32 && i != 40)
return 0; /* invalid length of fpr*/ return 0; /* invalid length of fpr*/
for (i=0,si=s; si < se; i++, si +=2) for (i=0,si=s; si < se; i++, si +=2)
desc->u.fpr[i] = hextobyte(si); desc->u.fpr[i] = hextobyte(si);
for ( ; i < 20; i++) for ( ; i < 20; i++)
desc->u.fpr[i]= 0; desc->u.fpr[i]= 0;
s = se + 1; s = se + 1;
mode = KEYDB_SEARCH_MODE_FPR; mode = KEYDB_SEARCH_MODE_FPR;
} }
break; break;
default: default:
if (s[0] == '0' && s[1] == 'x') { if (s[0] == '0' && s[1] == 'x') {
hexprefix = 1; hexprefix = 1;
@ -715,7 +715,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
int i; int i;
if (hexlength == 33) if (hexlength == 33)
s++; s++;
memset(desc->u.fpr+16, 0, 4); memset(desc->u.fpr+16, 0, 4);
for (i=0; i < 16; i++, s+=2) { for (i=0; i < 16; i++, s+=2) {
int c = hextobyte(s); int c = hextobyte(s);
if (c == -1) if (c == -1)
@ -754,11 +754,13 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
static int static int
skip_unusable(void *dummy,u32 *keyid,PKT_user_id *uid) skip_unusable(void *dummy, u32 *keyid,PKT_user_id *uid)
{ {
int unusable=0; int unusable=0;
KBNODE keyblock; KBNODE keyblock;
(void)dummy;
keyblock=get_pubkeyblock(keyid); keyblock=get_pubkeyblock(keyid);
if(!keyblock) if(!keyblock)
{ {
@ -815,7 +817,7 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist,
STRLIST r; STRLIST r;
GETKEY_CTX ctx; GETKEY_CTX ctx;
KBNODE help_kb = NULL; KBNODE help_kb = NULL;
if( retctx ) {/* reset the returned context in case of error */ if( retctx ) {/* reset the returned context in case of error */
assert (!ret_kdbhd); /* not allowed because the handle is assert (!ret_kdbhd); /* not allowed because the handle is
stored in the context */ stored in the context */
@ -844,7 +846,7 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist,
for(n=0, r=namelist; r; r = r->next, n++ ) for(n=0, r=namelist; r; r = r->next, n++ )
{ {
classify_user_id (r->d, &ctx->items[n]); classify_user_id (r->d, &ctx->items[n]);
if (ctx->items[n].exact) if (ctx->items[n].exact)
ctx->exact = 1; ctx->exact = 1;
if (!ctx->items[n].mode) if (!ctx->items[n].mode)
@ -863,7 +865,7 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist,
} }
ctx->kr_handle = keydb_new (secmode); ctx->kr_handle = keydb_new (secmode);
if ( !ret_kb ) if ( !ret_kb )
ret_kb = &help_kb; ret_kb = &help_kb;
if( secmode ) { if( secmode ) {
@ -1054,7 +1056,7 @@ get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock )
rc = lookup( ctx, ret_keyblock, 0 ); rc = lookup( ctx, ret_keyblock, 0 );
if ( !rc && pk && ret_keyblock ) if ( !rc && pk && ret_keyblock )
pk_from_block ( ctx, pk, *ret_keyblock ); pk_from_block ( ctx, pk, *ret_keyblock );
return rc; return rc;
} }
@ -1074,7 +1076,7 @@ get_pubkey_end( GETKEY_CTX ctx )
* Search for a key with the given fingerprint. * Search for a key with the given fingerprint.
* FIXME: * FIXME:
* We should replace this with the _byname function. Thiscsan be done * We should replace this with the _byname function. Thiscsan be done
* by creating a userID conforming to the unified fingerprint style. * by creating a userID conforming to the unified fingerprint style.
*/ */
int int
get_pubkey_byfprint( PKT_public_key *pk, get_pubkey_byfprint( PKT_public_key *pk,
@ -1120,10 +1122,10 @@ get_pubkey_byfprint_fast (PKT_public_key *pk,
KBNODE keyblock; KBNODE keyblock;
byte fprbuf[MAX_FINGERPRINT_LEN]; byte fprbuf[MAX_FINGERPRINT_LEN];
int i; int i;
for (i=0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++) for (i=0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
fprbuf[i] = fprint[i]; fprbuf[i] = fprint[i];
while (i < MAX_FINGERPRINT_LEN) while (i < MAX_FINGERPRINT_LEN)
fprbuf[i++] = 0; fprbuf[i++] = 0;
hd = keydb_new (0); hd = keydb_new (0);
@ -1135,12 +1137,12 @@ get_pubkey_byfprint_fast (PKT_public_key *pk,
} }
rc = keydb_get_keyblock (hd, &keyblock); rc = keydb_get_keyblock (hd, &keyblock);
keydb_release (hd); keydb_release (hd);
if (rc) if (rc)
{ {
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc)); log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
return G10ERR_NO_PUBKEY; return G10ERR_NO_PUBKEY;
} }
assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
|| keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY ); || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
if (pk) if (pk)
@ -1216,7 +1218,7 @@ get_seckey_byname2( GETKEY_CTX *retctx,
return rc; return rc;
} }
int int
get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock ) get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock )
{ {
return get_seckey_byname2 ( NULL, sk, name, unlock, NULL ); return get_seckey_byname2 ( NULL, sk, name, unlock, NULL );
@ -1255,7 +1257,7 @@ get_seckey_end( GETKEY_CTX ctx )
* Search for a key with the given fingerprint. * Search for a key with the given fingerprint.
* FIXME: * FIXME:
* We should replace this with the _byname function. Thiscsan be done * We should replace this with the _byname function. Thiscsan be done
* by creating a userID conforming to the unified fingerprint style. * by creating a userID conforming to the unified fingerprint style.
*/ */
int int
get_seckey_byfprint( PKT_secret_key *sk, get_seckey_byfprint( PKT_secret_key *sk,
@ -1295,10 +1297,10 @@ get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint,
{ {
int rc; int rc;
struct getkey_ctx_s ctx; struct getkey_ctx_s ctx;
if (fprint_len != 20 && fprint_len == 16) if (fprint_len != 20 && fprint_len == 16)
return G10ERR_GENERAL; /* Oops */ return G10ERR_GENERAL; /* Oops */
memset (&ctx, 0, sizeof ctx); memset (&ctx, 0, sizeof ctx);
ctx.not_allocated = 1; ctx.not_allocated = 1;
ctx.kr_handle = keydb_new (1); ctx.kr_handle = keydb_new (1);
@ -1309,7 +1311,7 @@ get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint,
memcpy (ctx.items[0].u.fpr, fprint, fprint_len); memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
rc = lookup (&ctx, ret_keyblock, 1); rc = lookup (&ctx, ret_keyblock, 1);
get_seckey_end (&ctx); get_seckey_end (&ctx);
return rc; return rc;
} }
@ -1525,7 +1527,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
/* We could also query this from the unhashed area if it is not in /* We could also query this from the unhashed area if it is not in
* the hased area and then later try to decide which is the better * the hased area and then later try to decide which is the better
* there should be no security problem with this. * there should be no security problem with this.
* For now we only look at the hashed one. * For now we only look at the hashed one.
*/ */
/* Now build the preferences list. These must come from the /* Now build the preferences list. These must come from the
@ -1537,7 +1539,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
hash = p; nhash = p?n:0; hash = p; nhash = p?n:0;
p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_COMPR, &n ); p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_COMPR, &n );
zip = p; nzip = p?n:0; zip = p; nzip = p?n:0;
if (uid->prefs) if (uid->prefs)
xfree (uid->prefs); xfree (uid->prefs);
n = nsym + nhash + nzip; n = nsym + nhash + nzip;
if (!n) if (!n)
@ -1632,7 +1634,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) { for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) {
if ( k->pkt->pkttype == PKT_SIGNATURE ) { if ( k->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = k->pkt->pkt.signature; PKT_signature *sig = k->pkt->pkt.signature;
if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) { if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
if ( check_key_signature( keyblock, k, NULL ) ) if ( check_key_signature( keyblock, k, NULL ) )
; /* signature did not verify */ ; /* signature did not verify */
else if ( IS_KEY_REV (sig) ){ else if ( IS_KEY_REV (sig) ){
@ -1642,9 +1644,9 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
* here because we have to assume that an attacker can * here because we have to assume that an attacker can
* generate all kinds of signatures. However due to the * generate all kinds of signatures. However due to the
* fact that the key has been revoked it does not harm * fact that the key has been revoked it does not harm
* either and by continuing we gather some more info on * either and by continuing we gather some more info on
* that key. * that key.
*/ */
*r_revoked = 1; *r_revoked = 1;
sig_to_revoke_info(sig,rinfo); sig_to_revoke_info(sig,rinfo);
} }
@ -1732,7 +1734,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
key_expire_seen = 1; key_expire_seen = 1;
} }
/* mark that key as valid: one direct key signature should /* mark that key as valid: one direct key signature should
* render a key as valid */ * render a key as valid */
pk->is_valid = 1; pk->is_valid = 1;
} }
@ -1751,7 +1753,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
if(IS_KEY_REV(sig) && if(IS_KEY_REV(sig) &&
(sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1])) (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1]))
{ {
int rc=check_revocation_keys(pk,sig); int rc=check_revocation_keys(pk,sig);
if(rc==0) if(rc==0)
{ {
@ -1781,7 +1783,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
sigdate = 0; /* helper to find the latest signature in one user ID */ sigdate = 0; /* helper to find the latest signature in one user ID */
for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) { for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) {
if ( k->pkt->pkttype == PKT_USER_ID ) { if ( k->pkt->pkttype == PKT_USER_ID ) {
if ( uidnode && signode ) if ( uidnode && signode )
{ {
fixup_uidnode ( uidnode, signode, keytimestamp ); fixup_uidnode ( uidnode, signode, keytimestamp );
pk->is_valid=1; pk->is_valid=1;
@ -1792,7 +1794,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
} }
else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) { else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) {
PKT_signature *sig = k->pkt->pkt.signature; PKT_signature *sig = k->pkt->pkt.signature;
if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) { if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
if ( check_key_signature( keyblock, k, NULL ) ) if ( check_key_signature( keyblock, k, NULL ) )
; /* signature did not verify */ ; /* signature did not verify */
else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig)) else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig))
@ -1887,7 +1889,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
/* Now that we had a look at all user IDs we can now get some information /* Now that we had a look at all user IDs we can now get some information
* from those user IDs. * from those user IDs.
*/ */
if ( !key_usage ) { if ( !key_usage ) {
/* find the latest user ID with key flags set */ /* find the latest user ID with key flags set */
uiddate = 0; /* helper to find the latest user ID */ uiddate = 0; /* helper to find the latest user ID */
@ -1908,17 +1910,17 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
else { /* check that the usage matches the usage as given by the algo */ else { /* check that the usage matches the usage as given by the algo */
int x = openpgp_pk_algo_usage ( pk->pubkey_algo ); int x = openpgp_pk_algo_usage ( pk->pubkey_algo );
if ( x ) /* mask it down to the actual allowed usage */ if ( x ) /* mask it down to the actual allowed usage */
key_usage &= x; key_usage &= x;
} }
/* Whatever happens, it's a primary key, so it can certify. */ /* Whatever happens, it's a primary key, so it can certify. */
pk->pubkey_usage = key_usage|PUBKEY_USAGE_CERT; pk->pubkey_usage = key_usage|PUBKEY_USAGE_CERT;
if ( !key_expire_seen ) { if ( !key_expire_seen ) {
/* find the latest valid user ID with a key expiration set /* find the latest valid user ID with a key expiration set
* Note, that this may be a different one from the above because * Note, that this may be a different one from the above because
* some user IDs may have no expiration date set */ * some user IDs may have no expiration date set */
uiddate = 0; uiddate = 0;
for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
k = k->next ) { k = k->next ) {
if ( k->pkt->pkttype == PKT_USER_ID ) { if ( k->pkt->pkttype == PKT_USER_ID ) {
@ -1989,7 +1991,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
if ( k->pkt->pkttype == PKT_USER_ID && if ( k->pkt->pkttype == PKT_USER_ID &&
!k->pkt->pkt.user_id->attrib_data) { !k->pkt->pkt.user_id->attrib_data) {
PKT_user_id *uid = k->pkt->pkt.user_id; PKT_user_id *uid = k->pkt->pkt.user_id;
if ( k != uidnode ) if ( k != uidnode )
uid->is_primary = 0; uid->is_primary = 0;
} }
} }
@ -2093,7 +2095,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
k = k->next ) { k = k->next ) {
if ( k->pkt->pkttype == PKT_SIGNATURE ) { if ( k->pkt->pkttype == PKT_SIGNATURE ) {
sig = k->pkt->pkt.signature; sig = k->pkt->pkt.signature;
if ( sig->keyid[0] == mainkid[0] && sig->keyid[1]==mainkid[1] ) { if ( sig->keyid[0] == mainkid[0] && sig->keyid[1]==mainkid[1] ) {
if ( check_key_signature( keyblock, k, NULL ) ) if ( check_key_signature( keyblock, k, NULL ) )
; /* signature did not verify */ ; /* signature did not verify */
else if ( IS_SUBKEY_REV (sig) ) { else if ( IS_SUBKEY_REV (sig) ) {
@ -2107,7 +2109,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
does this the same way. */ does this the same way. */
subpk->is_revoked = 1; subpk->is_revoked = 1;
sig_to_revoke_info(sig,&subpk->revoked); sig_to_revoke_info(sig,&subpk->revoked);
/* although we could stop now, we continue to /* although we could stop now, we continue to
* figure out other information like the old expiration * figure out other information like the old expiration
* time */ * time */
} }
@ -2144,11 +2146,11 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
/* check that the usage matches the usage as given by the algo */ /* check that the usage matches the usage as given by the algo */
int x = openpgp_pk_algo_usage ( subpk->pubkey_algo ); int x = openpgp_pk_algo_usage ( subpk->pubkey_algo );
if ( x ) /* mask it down to the actual allowed usage */ if ( x ) /* mask it down to the actual allowed usage */
key_usage &= x; key_usage &= x;
} }
subpk->pubkey_usage = key_usage; subpk->pubkey_usage = key_usage;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p && buffer_to_u32(p) ) if ( p && buffer_to_u32(p) )
key_expire = keytimestamp + buffer_to_u32(p); key_expire = keytimestamp + buffer_to_u32(p);
@ -2240,7 +2242,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
} }
/* /*
* Merge information from the self-signatures with the key, so that * Merge information from the self-signatures with the key, so that
* we can later use them more easy. * we can later use them more easy.
* The function works by first applying the self signatures to the * The function works by first applying the self signatures to the
@ -2250,7 +2252,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
* We check all self signatures or validity and ignore all invalid signatures. * We check all self signatures or validity and ignore all invalid signatures.
* All signatures are then ordered by their creation date .... * All signatures are then ordered by their creation date ....
* For the primary key: * For the primary key:
* FIXME the docs * FIXME the docs
*/ */
static void static void
merge_selfsigs( KBNODE keyblock ) merge_selfsigs( KBNODE keyblock )
@ -2311,7 +2313,7 @@ merge_selfsigs( KBNODE keyblock )
* which user ID the key has been selected. * which user ID the key has been selected.
* fixme: we should keep atoms of commonly used preferences or * fixme: we should keep atoms of commonly used preferences or
* use reference counting to optimize the preference lists storage. * use reference counting to optimize the preference lists storage.
* FIXME: it might be better to use the intersection of * FIXME: it might be better to use the intersection of
* all preferences. * all preferences.
* Do a similar thing for the MDC feature flag. * Do a similar thing for the MDC feature flag.
*/ */
@ -2325,7 +2327,7 @@ merge_selfsigs( KBNODE keyblock )
mdc_feature = k->pkt->pkt.user_id->flags.mdc; mdc_feature = k->pkt->pkt.user_id->flags.mdc;
break; break;
} }
} }
for(k=keyblock; k; k = k->next ) { for(k=keyblock; k; k = k->next ) {
if ( k->pkt->pkttype == PKT_PUBLIC_KEY if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
@ -2353,7 +2355,7 @@ merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY ); assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
assert ( secblock->pkt->pkttype == PKT_SECRET_KEY ); assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
for (pub=pubblock; pub; pub = pub->next ) { for (pub=pubblock; pub; pub = pub->next ) {
if ( pub->pkt->pkttype == PKT_PUBLIC_KEY ) { if ( pub->pkt->pkttype == PKT_PUBLIC_KEY ) {
PKT_public_key *pk = pub->pkt->pkt.public_key; PKT_public_key *pk = pub->pkt->pkt.public_key;
@ -2385,7 +2387,7 @@ merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
} }
} }
} }
if ( !sec ) if ( !sec )
BUG(); /* already checked in premerge */ BUG(); /* already checked in premerge */
} }
} }
@ -2404,7 +2406,7 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY ); assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
assert ( secblock->pkt->pkttype == PKT_SECRET_KEY ); assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
for (pub=pubblock,last=NULL; pub; last = pub, pub = pub->next ) { for (pub=pubblock,last=NULL; pub; last = pub, pub = pub->next ) {
pub->flag &= ~3; /* reset bits 0 and 1 */ pub->flag &= ~3; /* reset bits 0 and 1 */
if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
@ -2433,14 +2435,14 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
if (opt.verbose) if (opt.verbose)
log_info (_("no secret subkey" log_info (_("no secret subkey"
" for public subkey %s - ignoring\n"), " for public subkey %s - ignoring\n"),
keystr_from_pk (pk)); keystr_from_pk (pk));
/* we have to remove the subkey in this case */ /* we have to remove the subkey in this case */
assert ( last ); assert ( last );
/* find the next subkey */ /* find the next subkey */
for (next=pub->next,ll=pub; for (next=pub->next,ll=pub;
next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY; next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY;
ll = next, next = next->next ) ll = next, next = next->next )
; ;
/* make new link */ /* make new link */
last->next = next; last->next = next;
@ -2510,7 +2512,7 @@ finish_lookup (GETKEY_CTX ctx)
u32 curtime = make_timestamp (); u32 curtime = make_timestamp ();
assert( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ); assert( keyblock->pkt->pkttype == PKT_PUBLIC_KEY );
ctx->found_key = NULL; ctx->found_key = NULL;
if (ctx->exact) { if (ctx->exact) {
@ -2579,7 +2581,7 @@ finish_lookup (GETKEY_CTX ctx)
log_debug( "\tsubkey not yet valid\n"); log_debug( "\tsubkey not yet valid\n");
continue; continue;
} }
if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) { if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) {
if (DBG_CACHE) if (DBG_CACHE)
log_debug( "\tusage does not match: want=%x have=%x\n", log_debug( "\tusage does not match: want=%x have=%x\n",
@ -2596,7 +2598,7 @@ finish_lookup (GETKEY_CTX ctx)
} }
} }
/* Okay now try the primary key unless we want an exact /* Okay now try the primary key unless we want an exact
* key ID match on a subkey */ * key ID match on a subkey */
if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) { if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) {
PKT_public_key *pk; PKT_public_key *pk;
@ -2628,7 +2630,7 @@ finish_lookup (GETKEY_CTX ctx)
latest_date = pk->timestamp; latest_date = pk->timestamp;
} }
} }
if ( !latest_key ) { if ( !latest_key ) {
if (DBG_CACHE) if (DBG_CACHE)
log_debug("\tno suitable key found - giving up\n"); log_debug("\tno suitable key found - giving up\n");
@ -2645,8 +2647,8 @@ finish_lookup (GETKEY_CTX ctx)
if (pk->user_id) if (pk->user_id)
free_user_id (pk->user_id); free_user_id (pk->user_id);
pk->user_id = scopy_user_id (foundu); pk->user_id = scopy_user_id (foundu);
} }
ctx->found_key = latest_key; ctx->found_key = latest_key;
if (latest_key != keyblock && opt.verbose) if (latest_key != keyblock && opt.verbose)
@ -2659,7 +2661,7 @@ finish_lookup (GETKEY_CTX ctx)
} }
cache_user_id( keyblock ); cache_user_id( keyblock );
return 1; /* found */ return 1; /* found */
} }
@ -2670,7 +2672,7 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
int rc; int rc;
KBNODE secblock = NULL; /* helper */ KBNODE secblock = NULL; /* helper */
int no_suitable_key = 0; int no_suitable_key = 0;
rc = 0; rc = 0;
while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) { while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) {
/* If we are searching for the first key we have to make sure /* If we are searching for the first key we have to make sure
@ -2685,13 +2687,13 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
rc = 0; rc = 0;
goto skip; goto skip;
} }
if ( secmode ) { if ( secmode ) {
/* find the correspondig public key and use this /* find the correspondig public key and use this
* this one for the selection process */ * this one for the selection process */
u32 aki[2]; u32 aki[2];
KBNODE k = ctx->keyblock; KBNODE k = ctx->keyblock;
if (k->pkt->pkttype != PKT_SECRET_KEY) if (k->pkt->pkttype != PKT_SECRET_KEY)
BUG(); BUG();
@ -2726,7 +2728,7 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
} }
else else
no_suitable_key = 1; no_suitable_key = 1;
skip: skip:
/* release resources and continue search */ /* release resources and continue search */
if ( secmode ) { if ( secmode ) {
@ -2765,8 +2767,8 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
/**************** /****************
* FIXME: Replace by the generic function * FIXME: Replace by the generic function
* It does not work as it is right now - it is used at * It does not work as it is right now - it is used at
* 2 places: a) to get the key for an anonyous recipient * 2 places: a) to get the key for an anonyous recipient
* b) to get the ultimately trusted keys. * b) to get the ultimately trusted keys.
* The a) usage might have some problems. * The a) usage might have some problems.
@ -2832,7 +2834,7 @@ enum_secret_keys( void **context, PKT_secret_key *sk,
} }
release_kbnode (c->keyblock); release_kbnode (c->keyblock);
c->keyblock = c->node = NULL; c->keyblock = c->node = NULL;
rc = c->first? keydb_search_first (c->hd) : keydb_search_next (c->hd); rc = c->first? keydb_search_first (c->hd) : keydb_search_next (c->hd);
c->first = 0; c->first = 0;
if (rc) { if (rc) {
@ -2840,7 +2842,7 @@ enum_secret_keys( void **context, PKT_secret_key *sk,
c->eof = 1; c->eof = 1;
return -1; /* eof */ return -1; /* eof */
} }
rc = keydb_get_keyblock (c->hd, &c->keyblock); rc = keydb_get_keyblock (c->hd, &c->keyblock);
c->node = c->keyblock; c->node = c->keyblock;
} while (!rc); } while (!rc);
@ -2999,7 +3001,7 @@ parse_auto_key_locate(char *options)
continue; continue;
/* For now we silently ignore the new methods introduced with /* For now we silently ignore the new methods introduced with
2.0.10. */ 2.0.10. */
if (!ascii_strcasecmp (tok,"nodefault") if (!ascii_strcasecmp (tok,"nodefault")
|| !ascii_strcasecmp (tok,"local")) || !ascii_strcasecmp (tok,"local"))
continue; continue;

80
g10/gpg.c
View File

@ -279,7 +279,7 @@ enum cmd_and_opt_values
oS2KDigest, oS2KDigest,
oS2KCipher, oS2KCipher,
oS2KCount, oS2KCount,
oSimpleSKChecksum, oSimpleSKChecksum,
oDisplayCharset, oDisplayCharset,
oNotDashEscaped, oNotDashEscaped,
oEscapeFrom, oEscapeFrom,
@ -308,7 +308,7 @@ enum cmd_and_opt_values
oNoAllowNonSelfsignedUID, oNoAllowNonSelfsignedUID,
oAllowFreeformUID, oAllowFreeformUID,
oNoAllowFreeformUID, oNoAllowFreeformUID,
oAllowSecretKeyImport, oAllowSecretKeyImport,
oEnableSpecialFilenames, oEnableSpecialFilenames,
oNoLiteral, oNoLiteral,
oSetFilesize, oSetFilesize,
@ -992,7 +992,7 @@ open_info_file (const char *fname, int for_write)
sensitive information may be retrieved by means of error sensitive information may be retrieved by means of error
messages. */ messages. */
return -1; return -1;
#else #else
int fd; int fd;
/* if (is_secured_filename (fname)) */ /* if (is_secured_filename (fname)) */
@ -1015,7 +1015,7 @@ open_info_file (const char *fname, int for_write)
if ( fd == -1) if ( fd == -1)
log_error ( for_write? _("can't create `%s': %s\n") log_error ( for_write? _("can't create `%s': %s\n")
: _("can't open `%s': %s\n"), fname, strerror(errno)); : _("can't open `%s': %s\n"), fname, strerror(errno));
return fd; return fd;
#endif #endif
} }
@ -1678,7 +1678,7 @@ parse_trust_model(const char *model)
/* Must be called before we open any files. */ /* Must be called before we open any files. */
static void static void
reopen_std(void) reopen_std(void)
{ {
#if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM) #if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM)
struct stat statbuf; struct stat statbuf;
int did_stdin=0,did_stdout=0,did_stderr=0; int did_stdin=0,did_stdout=0,did_stderr=0;
@ -1775,7 +1775,7 @@ get_default_configname (void)
if (configname) if (configname)
{ {
char *tok; char *tok;
xfree (configname); xfree (configname);
configname = NULL; configname = NULL;
@ -1786,13 +1786,13 @@ get_default_configname (void)
else else
break; break;
} }
configname = make_filename (opt.homedir, name, NULL); configname = make_filename (opt.homedir, name, NULL);
} }
while (access (configname, R_OK)); while (access (configname, R_OK));
xfree(name); xfree(name);
if (! configname) if (! configname)
configname = make_filename (opt.homedir, "gpg" EXTSEP_S "conf", NULL); configname = make_filename (opt.homedir, "gpg" EXTSEP_S "conf", NULL);
if (! access (configname, R_OK)) if (! access (configname, R_OK))
@ -1930,9 +1930,9 @@ main (int argc, char **argv )
#elif defined(__APPLE__) #elif defined(__APPLE__)
opt.pcsc_driver = "/System/Library/Frameworks/PCSC.framework/PCSC"; opt.pcsc_driver = "/System/Library/Frameworks/PCSC.framework/PCSC";
#elif defined(__GLIBC__) #elif defined(__GLIBC__)
opt.pcsc_driver = "libpcsclite.so.1"; opt.pcsc_driver = "libpcsclite.so.1";
#else #else
opt.pcsc_driver = "libpcsclite.so"; opt.pcsc_driver = "libpcsclite.so";
#endif #endif
opt.disable_keypad = 1; /* No keypad support; use gpg2 instead. */ opt.disable_keypad = 1; /* No keypad support; use gpg2 instead. */
#endif /*ENABLE_CARD_SUPPORT*/ #endif /*ENABLE_CARD_SUPPORT*/
@ -2079,19 +2079,19 @@ main (int argc, char **argv )
{ {
switch( pargs.r_opt ) switch( pargs.r_opt )
{ {
case aCheckKeys: case aCheckKeys:
case aListConfig: case aListConfig:
case aGPGConfList: case aGPGConfList:
case aGPGConfTest: case aGPGConfTest:
case aListPackets: case aListPackets:
case aImport: case aImport:
case aFastImport: case aFastImport:
case aSendKeys: case aSendKeys:
case aRecvKeys: case aRecvKeys:
case aSearchKeys: case aSearchKeys:
case aRefreshKeys: case aRefreshKeys:
case aFetchKeys: case aFetchKeys:
case aExport: case aExport:
set_cmd (&cmd, pargs.r_opt); set_cmd (&cmd, pargs.r_opt);
break; break;
case aListKeys: set_cmd( &cmd, aListKeys); break; case aListKeys: set_cmd( &cmd, aListKeys); break;
@ -2104,7 +2104,7 @@ main (int argc, char **argv )
break; break;
case aDeleteSecretAndPublicKeys: case aDeleteSecretAndPublicKeys:
set_cmd( &cmd, aDeleteSecretAndPublicKeys); set_cmd( &cmd, aDeleteSecretAndPublicKeys);
greeting=1; greeting=1;
break; break;
case aDeleteKeys: set_cmd( &cmd, aDeleteKeys); greeting=1; break; case aDeleteKeys: set_cmd( &cmd, aDeleteKeys); greeting=1; break;
@ -2205,7 +2205,7 @@ main (int argc, char **argv )
case oDebug: opt.debug |= pargs.r.ret_ulong; break; case oDebug: opt.debug |= pargs.r.ret_ulong; break;
case oDebugAll: opt.debug = ~0; break; case oDebugAll: opt.debug = ~0; break;
case oDebugLevel: break; /* Not supported. */ case oDebugLevel: break; /* Not supported. */
case oDebugCCIDDriver: case oDebugCCIDDriver:
#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) #if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB)
ccid_set_debug_level (ccid_set_debug_level (1)+1); ccid_set_debug_level (ccid_set_debug_level (1)+1);
#endif #endif
@ -2549,7 +2549,7 @@ main (int argc, char **argv )
case oCommandFile: case oCommandFile:
opt.command_fd = open_info_file (pargs.r.ret_str, 0); opt.command_fd = open_info_file (pargs.r.ret_str, 0);
break; break;
case oCipherAlgo: case oCipherAlgo:
def_cipher_string = xstrdup(pargs.r.ret_str); def_cipher_string = xstrdup(pargs.r.ret_str);
break; break;
case oDigestAlgo: case oDigestAlgo:
@ -2855,8 +2855,8 @@ main (int argc, char **argv )
opt.exit_on_status_write_error = 1; opt.exit_on_status_write_error = 1;
break; break;
case oLimitCardInsertTries: case oLimitCardInsertTries:
opt.limit_card_insert_tries = pargs.r.ret_int; opt.limit_card_insert_tries = pargs.r.ret_int;
break; break;
case oRequireCrossCert: opt.flags.require_cross_cert=1; break; case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
@ -2967,7 +2967,7 @@ main (int argc, char **argv )
"--no-literal" ); "--no-literal" );
} }
#ifndef ENABLE_AGENT_SUPPORT #ifndef ENABLE_AGENT_SUPPORT
if (opt.use_agent) { if (opt.use_agent) {
log_info(_("NOTE: %s is not available in this version\n"), log_info(_("NOTE: %s is not available in this version\n"),
"--use-agent"); "--use-agent");
@ -3088,7 +3088,9 @@ main (int argc, char **argv )
if(opt.def_cipher_algo==0 && if(opt.def_cipher_algo==0 &&
(ascii_strcasecmp(def_cipher_string,"idea")==0 (ascii_strcasecmp(def_cipher_string,"idea")==0
|| ascii_strcasecmp(def_cipher_string,"s1")==0)) || ascii_strcasecmp(def_cipher_string,"s1")==0))
idea_cipher_warn(1); {
idea_cipher_warn(1);
}
xfree(def_cipher_string); def_cipher_string = NULL; xfree(def_cipher_string); def_cipher_string = NULL;
if( check_cipher_algo(opt.def_cipher_algo) ) if( check_cipher_algo(opt.def_cipher_algo) )
log_error(_("selected cipher algorithm is invalid\n")); log_error(_("selected cipher algorithm is invalid\n"));
@ -3305,13 +3307,13 @@ main (int argc, char **argv )
case of "-kvv userid keyring". Also avoid adding the secret case of "-kvv userid keyring". Also avoid adding the secret
keyring for a couple of commands to avoid unneeded access in keyring for a couple of commands to avoid unneeded access in
case the secrings are stored on a floppy. case the secrings are stored on a floppy.
We always need to add the keyrings if we are running under We always need to add the keyrings if we are running under
SELinux, this is so that the rings are added to the list of SELinux, this is so that the rings are added to the list of
secured files. */ secured files. */
if( ALWAYS_ADD_KEYRINGS if( ALWAYS_ADD_KEYRINGS
|| (cmd != aDeArmor && cmd != aEnArmor || (cmd != aDeArmor && cmd != aEnArmor
&& !(cmd == aKMode && argc == 2 )) ) && !(cmd == aKMode && argc == 2 )) )
{ {
if (ALWAYS_ADD_KEYRINGS if (ALWAYS_ADD_KEYRINGS
|| (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys || (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
@ -3358,11 +3360,11 @@ main (int argc, char **argv )
switch (cmd) switch (cmd)
{ {
case aStore: case aStore:
case aSym: case aSym:
case aSign: case aSign:
case aSignSym: case aSignSym:
case aClearsign: case aClearsign:
if (!opt.quiet && any_explicit_recipient) if (!opt.quiet && any_explicit_recipient)
log_info (_("WARNING: recipients (-r) given " log_info (_("WARNING: recipients (-r) given "
"without using public key encryption\n")); "without using public key encryption\n"));
@ -3522,7 +3524,7 @@ main (int argc, char **argv )
log_error("decrypt_message failed: %s\n", g10_errstr(rc) ); log_error("decrypt_message failed: %s\n", g10_errstr(rc) );
} }
break; break;
case aSignKey: case aSignKey:
if( argc != 1 ) if( argc != 1 )
wrong_args(_("--sign-key user-id")); wrong_args(_("--sign-key user-id"));
@ -3901,7 +3903,7 @@ main (int argc, char **argv )
wrong_args("--import-ownertrust [file]"); wrong_args("--import-ownertrust [file]");
import_ownertrust( argc? *argv:NULL ); import_ownertrust( argc? *argv:NULL );
break; break;
case aPipeMode: case aPipeMode:
if ( argc ) if ( argc )
wrong_args ("--pipemode"); wrong_args ("--pipemode");
@ -4106,12 +4108,12 @@ print_hashline( MD_HANDLE md, int algo, const char *fname )
{ {
int i, n; int i, n;
const byte *p; const byte *p;
if ( fname ) { if ( fname ) {
for (p = fname; *p; p++ ) { for (p = fname; *p; p++ ) {
if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' ) if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
printf("%%%02X", *p ); printf("%%%02X", *p );
else else
putchar( *p ); putchar( *p );
} }
} }
@ -4119,7 +4121,7 @@ print_hashline( MD_HANDLE md, int algo, const char *fname )
printf("%d:", algo ); printf("%d:", algo );
p = md_read( md, algo ); p = md_read( md, algo );
n = md_digest_length(algo); n = md_digest_length(algo);
for(i=0; i < n ; i++, p++ ) for(i=0; i < n ; i++, p++ )
printf("%02X", *p ); printf("%02X", *p );
putchar(':'); putchar(':');
putchar('\n'); putchar('\n');
@ -4177,7 +4179,7 @@ print_mds( const char *fname, int algo )
else { else {
md_final(md); md_final(md);
if ( opt.with_colons ) { if ( opt.with_colons ) {
if ( algo ) if ( algo )
print_hashline( md, algo, fname ); print_hashline( md, algo, fname );
else { else {
print_hashline( md, DIGEST_ALGO_MD5, fname ); print_hashline( md, DIGEST_ALGO_MD5, fname );
@ -4274,7 +4276,7 @@ add_policy_url( const char *string, int which )
sl=add_to_strlist( &opt.sig_policy_url, string ); sl=add_to_strlist( &opt.sig_policy_url, string );
if(critical) if(critical)
sl->flags |= 1; sl->flags |= 1;
} }
static void static void
@ -4307,5 +4309,5 @@ add_keyserver_url( const char *string, int which )
sl=add_to_strlist( &opt.sig_keyserver_url, string ); sl=add_to_strlist( &opt.sig_keyserver_url, string );
if(critical) if(critical)
sl->flags |= 1; sl->flags |= 1;
} }

88
g10/keydb.c
View File

@ -32,7 +32,7 @@
#include "main.h" /*try_make_homedir ()*/ #include "main.h" /*try_make_homedir ()*/
#include "packet.h" #include "packet.h"
#include "keyring.h" #include "keyring.h"
#include "keydb.h" #include "keydb.h"
#include "i18n.h" #include "i18n.h"
static int active_handles; static int active_handles;
@ -88,7 +88,7 @@ maybe_create_keyring (char *filename, int force)
/* If we don't want to create a new file at all, there is no need to /* If we don't want to create a new file at all, there is no need to
go any further - bail out right here. */ go any further - bail out right here. */
if (!force) if (!force)
return G10ERR_OPEN_FILE; return G10ERR_OPEN_FILE;
/* First of all we try to create the home directory. Note, that we /* First of all we try to create the home directory. Note, that we
@ -99,9 +99,9 @@ maybe_create_keyring (char *filename, int force)
last_slash_in_filename = strrchr (filename, DIRSEP_C); last_slash_in_filename = strrchr (filename, DIRSEP_C);
*last_slash_in_filename = 0; *last_slash_in_filename = 0;
if (access(filename, F_OK)) if (access(filename, F_OK))
{ {
static int tried; static int tried;
if (!tried) if (!tried)
{ {
tried = 1; tried = 1;
@ -130,8 +130,8 @@ maybe_create_keyring (char *filename, int force)
if (opt.verbose) if (opt.verbose)
log_info ("can't allocate lock for `%s'\n", filename ); log_info ("can't allocate lock for `%s'\n", filename );
if (!force) if (!force)
return G10ERR_OPEN_FILE; return G10ERR_OPEN_FILE;
else else
return G10ERR_GENERAL; return G10ERR_GENERAL;
} }
@ -161,7 +161,7 @@ maybe_create_keyring (char *filename, int force)
else else
iobuf = iobuf_create (filename); iobuf = iobuf_create (filename);
umask (oldmask); umask (oldmask);
if (!iobuf) if (!iobuf)
{ {
log_error ( _("error creating keyring `%s': %s\n"), log_error ( _("error creating keyring `%s': %s\n"),
filename, strerror(errno)); filename, strerror(errno));
@ -279,7 +279,7 @@ keydb_add_resource (const char *url, int flags, int secret)
{ {
if (used_resources >= MAX_KEYDB_RESOURCES) if (used_resources >= MAX_KEYDB_RESOURCES)
rc = G10ERR_RESOURCE_LIMIT; rc = G10ERR_RESOURCE_LIMIT;
else else
{ {
if(flags&2) if(flags&2)
primary_keyring=token; primary_keyring=token;
@ -338,10 +338,10 @@ keydb_new (int secret)
{ {
KEYDB_HANDLE hd; KEYDB_HANDLE hd;
int i, j; int i, j;
hd = xmalloc_clear (sizeof *hd); hd = xmalloc_clear (sizeof *hd);
hd->found = -1; hd->found = -1;
assert (used_resources <= MAX_KEYDB_RESOURCES); assert (used_resources <= MAX_KEYDB_RESOURCES);
for (i=j=0; i < used_resources; i++) for (i=j=0; i < used_resources; i++)
{ {
@ -365,12 +365,12 @@ keydb_new (int secret)
} }
} }
hd->used = j; hd->used = j;
active_handles++; active_handles++;
return hd; return hd;
} }
void void
keydb_release (KEYDB_HANDLE hd) keydb_release (KEYDB_HANDLE hd)
{ {
int i; int i;
@ -409,19 +409,19 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
int idx; int idx;
const char *s = NULL; const char *s = NULL;
if (!hd) if (!hd)
return NULL; return NULL;
if ( hd->found >= 0 && hd->found < hd->used) if ( hd->found >= 0 && hd->found < hd->used)
idx = hd->found; idx = hd->found;
else if ( hd->current >= 0 && hd->current < hd->used) else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current; idx = hd->current;
else else
idx = 0; idx = 0;
switch (hd->active[idx].type) { switch (hd->active[idx].type) {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
s = NULL; s = NULL;
break; break;
case KEYDB_RESOURCE_TYPE_KEYRING: case KEYDB_RESOURCE_TYPE_KEYRING:
s = keyring_get_resource_name (hd->active[idx].u.kr); s = keyring_get_resource_name (hd->active[idx].u.kr);
@ -433,7 +433,7 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
static int static int
lock_all (KEYDB_HANDLE hd) lock_all (KEYDB_HANDLE hd)
{ {
int i, rc = 0; int i, rc = 0;
@ -490,7 +490,7 @@ unlock_all (KEYDB_HANDLE hd)
/* /*
* Return the last found keyring. Caller must free it. * Return the last found keyring. Caller must free it.
* The returned keyblock has the kbode flag bit 0 set for the node with * The returned keyblock has the kbode flag bit 0 set for the node with
* the public key used to locate the keyblock or flag bit 1 set for * the public key used to locate the keyblock or flag bit 1 set for
* the user ID node. * the user ID node.
*/ */
int int
@ -501,7 +501,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
if (!hd) if (!hd)
return G10ERR_INV_ARG; return G10ERR_INV_ARG;
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
switch (hd->active[hd->found].type) { switch (hd->active[hd->found].type) {
@ -516,7 +516,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
return rc; return rc;
} }
/* /*
* update the current keyblock with KB * update the current keyblock with KB
*/ */
int int
@ -527,7 +527,7 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
if (!hd) if (!hd)
return G10ERR_INV_ARG; return G10ERR_INV_ARG;
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
if( opt.dry_run ) if( opt.dry_run )
@ -551,8 +551,8 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
} }
/* /*
* Insert a new KB into one of the resources. * Insert a new KB into one of the resources.
*/ */
int int
keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb) keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
@ -560,15 +560,15 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
int rc = -1; int rc = -1;
int idx; int idx;
if (!hd) if (!hd)
return G10ERR_INV_ARG; return G10ERR_INV_ARG;
if( opt.dry_run ) if( opt.dry_run )
return 0; return 0;
if ( hd->found >= 0 && hd->found < hd->used) if ( hd->found >= 0 && hd->found < hd->used)
idx = hd->found; idx = hd->found;
else if ( hd->current >= 0 && hd->current < hd->used) else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current; idx = hd->current;
else else
return G10ERR_GENERAL; return G10ERR_GENERAL;
@ -591,7 +591,7 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
} }
/* /*
* The current keyblock will be deleted. * The current keyblock will be deleted.
*/ */
int int
@ -602,7 +602,7 @@ keydb_delete_keyblock (KEYDB_HANDLE hd)
if (!hd) if (!hd)
return G10ERR_INV_ARG; return G10ERR_INV_ARG;
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
if( opt.dry_run ) if( opt.dry_run )
@ -629,16 +629,18 @@ keydb_delete_keyblock (KEYDB_HANDLE hd)
/* /*
* Locate the default writable key resource, so that the next * Locate the default writable key resource, so that the next
* operation (which is only relevant for inserts) will be done on this * operation (which is only relevant for inserts) will be done on this
* resource. * resource.
*/ */
int int
keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
{ {
int rc; int rc;
(void)reserved;
if (!hd) if (!hd)
return G10ERR_INV_ARG; return G10ERR_INV_ARG;
rc = keydb_search_reset (hd); /* this does reset hd->current */ rc = keydb_search_reset (hd); /* this does reset hd->current */
if (rc) if (rc)
return rc; return rc;
@ -662,9 +664,9 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
return rc; return rc;
} }
for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++) for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
{ {
switch (hd->active[hd->current].type) switch (hd->active[hd->current].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
BUG(); BUG();
@ -675,7 +677,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
break; break;
} }
} }
return -1; return -1;
} }
@ -686,7 +688,7 @@ void
keydb_rebuild_caches (int noisy) keydb_rebuild_caches (int noisy)
{ {
int i, rc; int i, rc;
for (i=0; i < used_resources; i++) for (i=0; i < used_resources; i++)
{ {
if (all_resources[i].secret) if (all_resources[i].secret)
@ -707,10 +709,10 @@ keydb_rebuild_caches (int noisy)
/* /*
* Start the next search on this handle right at the beginning * Start the next search on this handle right at the beginning
*/ */
int int
keydb_search_reset (KEYDB_HANDLE hd) keydb_search_reset (KEYDB_HANDLE hd)
{ {
int i, rc = 0; int i, rc = 0;
@ -718,7 +720,7 @@ keydb_search_reset (KEYDB_HANDLE hd)
if (!hd) if (!hd)
return G10ERR_INV_ARG; return G10ERR_INV_ARG;
hd->current = 0; hd->current = 0;
hd->found = -1; hd->found = -1;
/* and reset all resources */ /* and reset all resources */
for (i=0; !rc && i < hd->used; i++) { for (i=0; !rc && i < hd->used; i++) {
@ -730,15 +732,15 @@ keydb_search_reset (KEYDB_HANDLE hd)
break; break;
} }
} }
return rc; return rc;
} }
/* /*
* Search through all keydb resources, starting at the current position, * Search through all keydb resources, starting at the current position,
* for a keyblock which contains one of the keys described in the DESC array. * for a keyblock which contains one of the keys described in the DESC array.
*/ */
int int
keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
size_t ndesc, size_t *descindex) size_t ndesc, size_t *descindex)
{ {
@ -758,12 +760,12 @@ keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
break; break;
} }
if (rc == -1) /* EOF -> switch to next resource */ if (rc == -1) /* EOF -> switch to next resource */
hd->current++; hd->current++;
else if (!rc) else if (!rc)
hd->found = hd->current; hd->found = hd->current;
} }
return rc; return rc;
} }
int int

8
g10/keyid.c
View File

@ -35,7 +35,7 @@
#ifdef HAVE_UNSIGNED_TIME_T #ifdef HAVE_UNSIGNED_TIME_T
# define INVALID_TIME_CHECK(a) ((a) == (time_t)(-1)) # define INVALID_TIME_CHECK(a) ((a) == (time_t)(-1))
#else #else
/* Error or 32 bit time_t and value after 2038-01-19. */ /* Error or 32 bit time_t and value after 2038-01-19. */
# define INVALID_TIME_CHECK(a) ((a) < 0) # define INVALID_TIME_CHECK(a) ((a) < 0)
#endif #endif
@ -51,6 +51,8 @@ pubkey_letter( int algo )
case PUBKEY_ALGO_ELGAMAL_E: return 'g'; case PUBKEY_ALGO_ELGAMAL_E: return 'g';
case PUBKEY_ALGO_ELGAMAL: return 'G' ; case PUBKEY_ALGO_ELGAMAL: return 'G' ;
case PUBKEY_ALGO_DSA: return 'D' ; case PUBKEY_ALGO_DSA: return 'D' ;
case PUBKEY_ALGO_ECDSA: return 'E' ; /* ECC DSA (sign only) */
case PUBKEY_ALGO_ECDH: return 'e' ; /* ECC DH (encrypt only) */
default: return '?'; default: return '?';
} }
} }
@ -100,7 +102,7 @@ hash_public_key( MD_HANDLE md, PKT_public_key *pk )
u16 days=0; u16 days=0;
if(pk->expiredate) if(pk->expiredate)
days=(u16)((pk->expiredate - pk->timestamp) / 86400L); days=(u16)((pk->expiredate - pk->timestamp) / 86400L);
md_putc( md, days >> 8 ); md_putc( md, days >> 8 );
md_putc( md, days ); md_putc( md, days );
} }
@ -175,7 +177,7 @@ keystrlen(void)
const char * const char *
keystr(u32 *keyid) keystr(u32 *keyid)
{ {
static char keyid_str[19]; static char keyid_str[19];
switch(opt.keyid_format) switch(opt.keyid_format)

62
g10/mainproc.c
View File

@ -72,7 +72,7 @@ struct mainproc_context
int trustletter; /* Temporary usage in list_node. */ int trustletter; /* Temporary usage in list_node. */
ulong symkeys; ulong symkeys;
struct kidlist_item *pkenc_list; /* List of encryption packets. */ struct kidlist_item *pkenc_list; /* List of encryption packets. */
struct struct
{ {
int op; int op;
int stop_now; int stop_now;
@ -135,10 +135,10 @@ add_gpg_control( CTX c, PACKET *pkt )
/* New clear text signature. /* New clear text signature.
* Process the last one and reset everything */ * Process the last one and reset everything */
release_list(c); release_list(c);
} }
else if ( pkt->pkt.gpg_control->control == CTRLPKT_PIPEMODE ) { else if ( pkt->pkt.gpg_control->control == CTRLPKT_PIPEMODE ) {
/* Pipemode control packet */ /* Pipemode control packet */
if ( pkt->pkt.gpg_control->datalen < 2 ) if ( pkt->pkt.gpg_control->datalen < 2 )
log_fatal ("invalid pipemode control packet length\n"); log_fatal ("invalid pipemode control packet length\n");
if (pkt->pkt.gpg_control->data[0] == 1) { if (pkt->pkt.gpg_control->data[0] == 1) {
/* start the whole thing */ /* start the whole thing */
@ -156,10 +156,10 @@ add_gpg_control( CTX c, PACKET *pkt )
/* and tell the outer loop to terminate */ /* and tell the outer loop to terminate */
c->pipemode.stop_now = 1; c->pipemode.stop_now = 1;
} }
else else
log_fatal ("invalid pipemode control packet code\n"); log_fatal ("invalid pipemode control packet code\n");
return 0; /* no need to store the packet */ return 0; /* no need to store the packet */
} }
if( c->list ) /* add another packet */ if( c->list ) /* add another packet */
add_kbnode( c->list, new_kbnode( pkt )); add_kbnode( c->list, new_kbnode( pkt ));
@ -264,14 +264,16 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
resulted in a garbage algorithm byte, but it's close enough since resulted in a garbage algorithm byte, but it's close enough since
a bogus byte here will fail later. */ a bogus byte here will fail later. */
if(dek->algo==CIPHER_ALGO_IDEA) if(dek->algo==CIPHER_ALGO_IDEA)
idea_cipher_warn(0); {
idea_cipher_warn(0);
}
memcpy(dek->key, seskey + 1, dek->keylen); memcpy(dek->key, seskey + 1, dek->keylen);
/*log_hexdump( "thekey", dek->key, dek->keylen );*/ /*log_hexdump( "thekey", dek->key, dek->keylen );*/
return 0; return 0;
} }
static void static void
proc_symkey_enc( CTX c, PACKET *pkt ) proc_symkey_enc( CTX c, PACKET *pkt )
@ -403,7 +405,7 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
} }
else if( is_ELGAMAL(enc->pubkey_algo) else if( is_ELGAMAL(enc->pubkey_algo)
|| enc->pubkey_algo == PUBKEY_ALGO_DSA || enc->pubkey_algo == PUBKEY_ALGO_DSA
|| is_RSA(enc->pubkey_algo) || is_RSA(enc->pubkey_algo)
|| (RFC2440 && enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)) { || (RFC2440 && enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)) {
/* Note that we also allow type 20 Elgamal keys for decryption. /* Note that we also allow type 20 Elgamal keys for decryption.
There are still a couple of those keys in active use as a There are still a couple of those keys in active use as a
@ -464,7 +466,7 @@ print_pkenc_list( struct kidlist_item *list, int failed )
for( ; list; list = list->next ) { for( ; list; list = list->next ) {
PKT_public_key *pk; PKT_public_key *pk;
const char *algstr; const char *algstr;
if ( failed && !list->reason ) if ( failed && !list->reason )
continue; continue;
if ( !failed && list->reason ) if ( !failed && list->reason )
@ -680,7 +682,7 @@ proc_plaintext( CTX c, PACKET *pkt )
/* check that we have at least the sigclass and one hash */ /* check that we have at least the sigclass and one hash */
if ( datalen < 2 ) if ( datalen < 2 )
log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n"); log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n");
/* Note that we don't set the clearsig flag for not-dash-escaped /* Note that we don't set the clearsig flag for not-dash-escaped
* documents */ * documents */
clearsig = (*data == 0x01); clearsig = (*data == 0x01);
@ -764,7 +766,7 @@ proc_plaintext( CTX c, PACKET *pkt )
n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0)); n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
if (c->list) if (c->list)
add_kbnode (c->list, n); add_kbnode (c->list, n);
else else
c->list = n; c->list = n;
} }
@ -849,7 +851,7 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig,
|| sig->sig_class == 0x1f || sig->sig_class == 0x1f
|| sig->sig_class == 0x20 || sig->sig_class == 0x20
|| sig->sig_class == 0x28 || sig->sig_class == 0x28
|| sig->sig_class == 0x30 ) { || sig->sig_class == 0x30 ) {
if( c->list->pkt->pkttype == PKT_PUBLIC_KEY if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
|| c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
return check_key_signature( c->list, node, is_selfsig ); return check_key_signature( c->list, node, is_selfsig );
@ -1102,7 +1104,7 @@ list_node( CTX c, KBNODE node )
switch( (rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL )) ) { switch( (rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL )) ) {
case 0: sigrc = '!'; break; case 0: sigrc = '!'; break;
case G10ERR_BAD_SIGN: sigrc = '-'; break; case G10ERR_BAD_SIGN: sigrc = '-'; break;
case G10ERR_NO_PUBKEY: case G10ERR_NO_PUBKEY:
case G10ERR_UNU_PUBKEY: sigrc = '?'; break; case G10ERR_UNU_PUBKEY: sigrc = '?'; break;
default: sigrc = '%'; break; default: sigrc = '%'; break;
} }
@ -1199,7 +1201,7 @@ proc_signature_packets( void *anchor, IOBUF a,
messages, send a NODATA status back and return an error code. messages, send a NODATA status back and return an error code.
Using log_error is required because verify_files does not check Using log_error is required because verify_files does not check
error codes for each file but we want to terminate the process error codes for each file but we want to terminate the process
with an error. */ with an error. */
if (!rc && !c->any_sig_seen) if (!rc && !c->any_sig_seen)
{ {
write_status_text (STATUS_NODATA, "4"); write_status_text (STATUS_NODATA, "4");
@ -1334,7 +1336,7 @@ do_proc_packets( CTX c, IOBUF a )
* packet and not to reuse the current one ... It works right * packet and not to reuse the current one ... It works right
* when there is a compression packet inbetween which adds just * when there is a compression packet inbetween which adds just
* an extra layer. * an extra layer.
* Hmmm: Rewrite this whole module here?? * Hmmm: Rewrite this whole module here??
*/ */
if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC ) if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC )
c->have_data = pkt->pkttype == PKT_PLAINTEXT; c->have_data = pkt->pkttype == PKT_PLAINTEXT;
@ -1348,8 +1350,8 @@ do_proc_packets( CTX c, IOBUF a )
else else
free_packet(pkt); free_packet(pkt);
if ( c->pipemode.stop_now ) { if ( c->pipemode.stop_now ) {
/* we won't get an EOF in pipemode, so we have to /* we won't get an EOF in pipemode, so we have to
* break the loop here */ * break the loop here */
rc = -1; rc = -1;
break; break;
} }
@ -1459,7 +1461,7 @@ check_sig_and_print( CTX c, KBNODE node )
O{1,n} P S{1,n} -- standard OpenPGP signature. O{1,n} P S{1,n} -- standard OpenPGP signature.
C P S{1,n} -- cleartext signature. C P S{1,n} -- cleartext signature.
O = One-Pass Signature packet. O = One-Pass Signature packet.
S = Signature packet. S = Signature packet.
P = OpenPGP Message packet (Encrypted | Compressed | Literal) P = OpenPGP Message packet (Encrypted | Compressed | Literal)
@ -1471,7 +1473,7 @@ check_sig_and_print( CTX c, KBNODE node )
C = Marker packet for cleartext signatures. C = Marker packet for cleartext signatures.
We reject all other messages. We reject all other messages.
Actually we are calling this too often, i.e. for verification of Actually we are calling this too often, i.e. for verification of
each message but better have some duplicate work than to silently each message but better have some duplicate work than to silently
introduce a bug here. introduce a bug here.
@ -1485,7 +1487,7 @@ check_sig_and_print( CTX c, KBNODE node )
n = c->list; n = c->list;
assert (n); assert (n);
if ( n->pkt->pkttype == PKT_SIGNATURE ) if ( n->pkt->pkttype == PKT_SIGNATURE )
{ {
/* This is either "S{1,n}" case (detached signature) or /* This is either "S{1,n}" case (detached signature) or
"S{1,n} P" (old style PGP2 signature). */ "S{1,n} P" (old style PGP2 signature). */
@ -1504,7 +1506,7 @@ check_sig_and_print( CTX c, KBNODE node )
else else
goto ambiguous; goto ambiguous;
} }
else if (n->pkt->pkttype == PKT_ONEPASS_SIG) else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
{ {
/* This is the "O{1,n} P S{1,n}" case (standard signature). */ /* This is the "O{1,n} P S{1,n}" case (standard signature). */
for (n_onepass=1, n = n->next; for (n_onepass=1, n = n->next;
@ -1552,7 +1554,7 @@ check_sig_and_print( CTX c, KBNODE node )
if (n || !n_sig) if (n || !n_sig)
goto ambiguous; goto ambiguous;
} }
else else
{ {
ambiguous: ambiguous:
log_error(_("can't handle this ambiguous signature data\n")); log_error(_("can't handle this ambiguous signature data\n"));
@ -1621,19 +1623,19 @@ check_sig_and_print( CTX c, KBNODE node )
/* If the preferred keyserver thing above didn't work, our second /* If the preferred keyserver thing above didn't work, our second
try is to use the URI from a DNS PKA record. */ try is to use the URI from a DNS PKA record. */
if ( rc == G10ERR_NO_PUBKEY if ( rc == G10ERR_NO_PUBKEY
&& opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
&& opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD) && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD)
{ {
const char *uri = pka_uri_from_sig (sig); const char *uri = pka_uri_from_sig (sig);
if (uri) if (uri)
{ {
/* FIXME: We might want to locate the key using the /* FIXME: We might want to locate the key using the
fingerprint instead of the keyid. */ fingerprint instead of the keyid. */
int res; int res;
struct keyserver_spec *spec; struct keyserver_spec *spec;
spec = parse_keyserver_uri (uri, 1, NULL, 0); spec = parse_keyserver_uri (uri, 1, NULL, 0);
if (spec) if (spec)
{ {
@ -1717,7 +1719,7 @@ check_sig_and_print( CTX c, KBNODE node )
keyid_str[17] = 0; /* cut off the "[uncertain]" part */ keyid_str[17] = 0; /* cut off the "[uncertain]" part */
write_status_text_and_buffer (statno, keyid_str, write_status_text_and_buffer (statno, keyid_str,
un->pkt->pkt.user_id->name, un->pkt->pkt.user_id->name,
un->pkt->pkt.user_id->len, un->pkt->pkt.user_id->len,
-1 ); -1 );
p=utf8_to_native(un->pkt->pkt.user_id->name, p=utf8_to_native(un->pkt->pkt.user_id->name,
@ -1762,7 +1764,7 @@ check_sig_and_print( CTX c, KBNODE node )
write_status_text_and_buffer (statno, keyid_str, write_status_text_and_buffer (statno, keyid_str,
un? un->pkt->pkt.user_id->name:"[?]", un? un->pkt->pkt.user_id->name:"[?]",
un? un->pkt->pkt.user_id->len:3, un? un->pkt->pkt.user_id->len:3,
-1 ); -1 );
if(un) if(un)
@ -1785,7 +1787,7 @@ check_sig_and_print( CTX c, KBNODE node )
fputs("\n", log_stream() ); fputs("\n", log_stream() );
} }
/* If we have a good signature and already printed /* If we have a good signature and already printed
* the primary user ID, print all the other user IDs */ * the primary user ID, print all the other user IDs */
if ( count && !rc if ( count && !rc
&& !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY) ) { && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY) ) {
@ -1882,7 +1884,7 @@ check_sig_and_print( CTX c, KBNODE node )
bufp = bufp + strlen (bufp); bufp = bufp + strlen (bufp);
if (!vpk->is_primary) { if (!vpk->is_primary) {
u32 akid[2]; u32 akid[2];
akid[0] = vpk->main_keyid[0]; akid[0] = vpk->main_keyid[0];
akid[1] = vpk->main_keyid[1]; akid[1] = vpk->main_keyid[1];
free_public_key (vpk); free_public_key (vpk);
@ -2030,7 +2032,7 @@ proc_tree( CTX c, KBNODE node )
log_error (_("not a detached signature\n") ); log_error (_("not a detached signature\n") );
return; return;
} }
for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); )
check_sig_and_print( c, n1 ); check_sig_and_print( c, n1 );
} }

5
include/cipher.h
View File

@ -47,8 +47,11 @@
#define PUBKEY_ALGO_RSA_S 3 /* RSA sign only */ #define PUBKEY_ALGO_RSA_S 3 /* RSA sign only */
#define PUBKEY_ALGO_ELGAMAL_E 16 /* encrypt only ElGamal (but not for v3)*/ #define PUBKEY_ALGO_ELGAMAL_E 16 /* encrypt only ElGamal (but not for v3)*/
#define PUBKEY_ALGO_DSA 17 #define PUBKEY_ALGO_DSA 17
#define PUBKEY_ALGO_ECDH 18
#define PUBKEY_ALGO_ECDSA 19
#define PUBKEY_ALGO_ELGAMAL 20 /* sign and encrypt elgamal */ #define PUBKEY_ALGO_ELGAMAL 20 /* sign and encrypt elgamal */
#define PUBKEY_USAGE_SIG 1 /* key is good for signatures */ #define PUBKEY_USAGE_SIG 1 /* key is good for signatures */
#define PUBKEY_USAGE_ENC 2 /* key is good for encryption */ #define PUBKEY_USAGE_ENC 2 /* key is good for encryption */
#define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/
@ -113,7 +116,7 @@ typedef struct gcry_md_context *MD_HANDLE;
#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) #if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
#define EXTERN_UNLESS_MAIN_MODULE extern #define EXTERN_UNLESS_MAIN_MODULE extern
#else #else
#define EXTERN_UNLESS_MAIN_MODULE #define EXTERN_UNLESS_MAIN_MODULE
#endif #endif
#endif #endif
EXTERN_UNLESS_MAIN_MODULE int g10c_debug_mode; EXTERN_UNLESS_MAIN_MODULE int g10c_debug_mode;