security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

See ChangeLog: Sun Apr 18 10:11:28 CEST 1999 Werner Koch

Browse source
This commit is contained in:
Werner Koch 1999-04-18 08:18:52 +00:00
parent 02d018f9c8
commit 1feae2011c
50 changed files with 547 additions and 502 deletions
Download patch file Download diff file Expand all files Collapse all files

25
g10/ChangeLog
View file

@ -1,3 +1,28 @@
Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* seckey-cert.c (do_check): Use real IV instead of a 0 one, so that
it works even if the length of the IV doesn't match the blocksize.
Removed the save_iv stuff.
(protect_secret_key): Likewise. Create the IV here.
* packet.h (PKT_secret_key): Increased size of IV field and add a
ivlen field.
* parse-packet.c (parse_key): Use the len protect.ivlen.
* build-packet.c (do_secret_key). Ditto.
* getkey.c (key_byname): Close keyblocks.
* Makefile.am (gpgm): Removed this
* g10.c: Merged gpg and gpgm
* import.c (import): Utilize option quiet.
* tdbio.c (tdbio_set_dbname): Ditto.
* ringedit.c (add_keyblock_resource,keyring_copy): Ditto.
* keyedit.c (sign_uids): Add some batch support.
* g10.c (main): add call to tty_batchmode.
Fri Apr 9 12:26:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* status.c (write_status_text): Some more status codes.

14
g10/Makefile.am
View file

@ -7,7 +7,7 @@ LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@
needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
#noinst_PROGRAMS = gpgd
bin_PROGRAMS = gpg gpgm
bin_PROGRAMS = gpg
common_source = \
build-packet.c \
@ -64,12 +64,9 @@ gpg_SOURCES = g10.c \
verify.c \
decrypt.c \
keyedit.c \
dearmor.c \
keygen.c
gpgm_SOURCES = dearmor.c \
$(common_source)
#gpgd_SOURCES = gpgd.c \
# ks-proto.h \
# ks-proto.c \
@ -80,11 +77,6 @@ gpgm_SOURCES = dearmor.c \
LDADD = $(needed_libs) @ZLIBS@ @INTLLIBS@
gpgm_LDADD = g10maint.o $(LDADD)
g10maint.o: $(srcdir)/g10.c
$(COMPILE) -DIS_G10MAINT -o g10maint.o -c $(srcdir)/g10.c
$(PROGRAMS): $(needed_libs)
@ -92,6 +84,6 @@ $(PROGRAMS): $(needed_libs)
install-data-local:
$(mkinstalldirs) $(pkgdatadir)
$(INSTALL_DATA) $(srcdir)/options.skel $(pkgdatadir)/options.skel
rm $(bindir)/gpgm || ln -s $(bindir)/gpgm gpg

4
g10/build-packet.c
View file

@ -343,7 +343,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
if( is_RSA(sk->pubkey_algo) && sk->version < 4
&& !sk->protect.s2k.mode ) {
iobuf_put(a, sk->protect.algo );
iobuf_write(a, sk->protect.iv, 8 );
iobuf_write(a, sk->protect.iv, sk->protect.ivlen );
}
else {
iobuf_put(a, 0xff );
@ -355,7 +355,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
iobuf_write(a, sk->protect.s2k.salt, 8 );
if( sk->protect.s2k.mode == 3 )
iobuf_put(a, sk->protect.s2k.count );
iobuf_write(a, sk->protect.iv, 8 );
iobuf_write(a, sk->protect.iv, sk->protect.ivlen );
}
}
else

6
g10/cipher.c
View file

@ -64,10 +64,10 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
temp[nprefix+1] = temp[nprefix-1];
print_cipher_algo_note( cfx->dek->algo );
cfx->cipher_hd = cipher_open( cfx->dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
/*log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/
/* log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/
cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen );
cipher_setiv( cfx->cipher_hd, NULL );
/* log_hexdump( "prefix", temp, nprefix+2 );*/
cipher_setiv( cfx->cipher_hd, NULL, 0 );
/* log_hexdump( "prefix", temp, nprefix+2 ); */
cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2);
cipher_sync( cfx->cipher_hd );
iobuf_write(a, temp, nprefix+2);

6
g10/encr-data.c
View file

@ -71,7 +71,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
BUG();
dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
/*log_hexdump( "thekey", dek->key, dek->keylen );*/
/* log_hexdump( "thekey", dek->key, dek->keylen );*/
rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
if( rc == G10ERR_WEAK_KEY )
log_info(_("WARNING: message was encrypted with "
@ -79,7 +79,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
else if( rc )
log_error("key setup failed: %s\n", g10_errstr(rc) );
cipher_setiv( dfx.cipher_hd, NULL );
cipher_setiv( dfx.cipher_hd, NULL, 0 );
if( ed->len ) {
for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) {
@ -99,7 +99,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2);
cipher_sync( dfx.cipher_hd );
p = temp;
/*log_hexdump( "prefix", temp, nprefix+2 );*/
/* log_hexdump( "prefix", temp, nprefix+2 ); */
if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
cipher_close(dfx.cipher_hd);
return G10ERR_BAD_KEY;

103
g10/g10.c
View file

@ -45,10 +45,6 @@
#include "g10defs.h"
#include "hkp.h"
#ifndef IS_G10MAINT
#define IS_G10 1
#endif
enum cmd_and_opt_values { aNull = 0,
oArmor = 'a',
@ -165,7 +161,6 @@ static ARGPARSE_OPTS opts[] = {
{ 300, NULL, 0, N_("@Commands:\n ") },
#ifdef IS_G10
{ aSign, "sign", 256, N_("|[file]|make a signature")},
{ aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature") },
{ aDetachedSign, "detach-sign", 256, N_("make a detached signature")},
@ -174,21 +169,16 @@ static ARGPARSE_OPTS opts[] = {
{ aStore, "store", 256, N_("store only")},
{ aDecrypt, "decrypt", 256, N_("decrypt data (default)")},
{ aVerify, "verify" , 256, N_("verify a signature")},
#endif
{ aListKeys, "list-keys", 256, N_("list keys")},
{ aListKeys, "list-public-keys", 256, "@" },
{ aListSigs, "list-sigs", 256, N_("list keys and signatures")},
{ aCheckKeys, "check-sigs",256, N_("check key signatures")},
{ oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},
{ aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
#ifdef IS_G10
{ aKeygen, "gen-key", 256, N_("generate a new key pair")},
#endif
{ aDeleteKey, "delete-key",256, N_("remove key from the public keyring")},
#ifdef IS_G10
{ aEditKey, "edit-key" ,256, N_("sign or edit a key")},
{ aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")},
#endif
{ aExport, "export" , 256, N_("export keys") },
{ aSendKeys, "send-keys" , 256, N_("export keys to a key server") },
{ aRecvKeys, "recv-keys" , 256, N_("import keys from a key server") },
@ -197,7 +187,6 @@ static ARGPARSE_OPTS opts[] = {
{ aImport, "import", 256 , N_("import/merge keys")},
{ aFastImport, "fast-import", 256 , "@"},
{ aListPackets, "list-packets",256,N_("list only the sequence of packets")},
#ifdef IS_G10MAINT
{ aExportOwnerTrust,
"export-ownertrust", 256, N_("export the ownertrust values")},
{ aImportOwnerTrust,
@ -215,7 +204,6 @@ static ARGPARSE_OPTS opts[] = {
{ aPrimegen, "gen-prime" , 256, "@" },
{ aGenRandom, "gen-random" , 256, "@" },
#endif
#endif
{ 301, NULL, 0, N_("@\nOptions:\n ") },
@ -224,12 +212,10 @@ static ARGPARSE_OPTS opts[] = {
{ oRecipient, "remote-user", 2, "@"}, /* old option name */
{ oEncryptTo, "encrypt-to", 2, "@" },
{ oNoEncryptTo, "no-encrypt-to", 0, "@" },
#ifdef IS_G10
{ oUser, "local-user",2, N_("use this user-id to sign or decrypt")},
{ oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
{ oTextmodeShort, NULL, 0, "@"},
{ oTextmode, "textmode", 0, N_("use canonical text mode")},
#endif
{ oOutput, "output", 2, N_("use as output file")},
{ oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
@ -259,37 +245,25 @@ static ARGPARSE_OPTS opts[] = {
N_("|NAME|use message digest algorithm NAME for passphrases")},
{ oS2KCipher, "s2k-cipher-algo",2,
N_("|NAME|use cipher algorithm NAME for passphrases")},
#ifdef IS_G10
{ oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
{ oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
{ oCompressAlgo, "compress-algo", 1 , N_("|N|use compress algorithm N")},
{ oThrowKeyid, "throw-keyid", 0, N_("throw keyid field of encrypted packets")},
#else /* some dummies */
{ oCipherAlgo, "cipher-algo", 2 , "@"},
{ oDigestAlgo, "digest-algo", 2 , "@"},
{ oCompressAlgo, "compress-algo", 1 , "@"},
#endif
#ifdef IS_G10
{ 302, NULL, 0, N_("@\nExamples:\n\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
" --clearsign [file] make a clear text signature\n"
" --detach-sign [file] make a detached signature\n"
" --list-keys [names] show keys\n"
" --fingerprint [names] show fingerprints\n" ) },
#endif
/* hidden options */
#ifdef IS_G10MAINT
{ aExportOwnerTrust, "list-ownertrust",0 , "@"}, /* alias */
{ aListTrustDB, "list-trustdb",0 , "@"},
{ aListTrustPath, "list-trust-path",0, "@"},
#endif
#ifdef IS_G10
{ oKOption, NULL, 0, "@"},
{ oPasswdFD, "passphrase-fd",1, "@" },
{ aSignKey, "sign-key" ,256, "@" }, /* alias for edit-key */
#endif
{ aDeleteSecretKey, "delete-secret-key",0, "@" },
{ oQuickRandom, "quick-random", 0, "@"},
{ oNoVerbose, "no-verbose", 0, "@"},
@ -330,10 +304,8 @@ static char *build_list( const char *text,
const char *(*mapf)(int), int (*chkf)(int) );
static void set_cmd( enum cmd_and_opt_values *ret_cmd,
enum cmd_and_opt_values new_cmd );
#ifdef IS_G10MAINT
static void print_hex( byte *p, size_t n );
static void print_mds( const char *fname, int algo );
#endif
const char *
strusage( int level )
@ -341,12 +313,7 @@ strusage( int level )
static char *digests, *pubkeys, *ciphers;
const char *p;
switch( level ) {
case 11: p =
#ifdef IS_G10MAINT
"gpgm (GnuPG)";
#else
"gpg (GnuPG)";
#endif
case 11: p = "gpg (GnuPG)";
break;
case 13: p = VERSION; break;
case 17: p = PRINTABLE_OS_NAME; break;
@ -355,21 +322,12 @@ strusage( int level )
break;
case 1:
case 40: p =
#ifdef IS_G10MAINT
_("Usage: gpgm [options] [files] (-h for help)");
#else
_("Usage: gpg [options] [files] (-h for help)");
#endif
break;
case 41: p =
#ifdef IS_G10MAINT
_("Syntax: gpgm [options] [files]\n"
"GnuPG maintenance utility\n");
#else
_("Syntax: gpg [options] [files]\n"
"sign, check, encrypt or decrypt\n"
"default operation depends on the input data\n");
#endif
break;
case 31: p = _("\nSupported algorithms:\n"); break;
@ -446,11 +404,7 @@ i18n_init(void)
static void
wrong_args( const char *text)
{
#ifdef IS_G10MAINT
fputs(_("usage: gpgm [options] "),stderr);
#else
fputs(_("usage: gpg [options] "),stderr);
#endif
fputs(text,stderr);
putc('\n',stderr);
g10_exit(2);
@ -532,11 +486,6 @@ main( int argc, char **argv )
trap_unaligned();
secmem_set_flags( secmem_get_flags() | 2 ); /* suspend warnings */
#ifdef IS_G10MAINT
secmem_init( 0 ); /* disable use of secmem */
maybe_setuid = 0;
log_set_name("gpgm");
#else
/* Please note that we may running SUID(ROOT), so be very CAREFUL
* when adding any stuff between here and the call to
* secmem_init() somewhere after the option parsing
@ -544,7 +493,6 @@ main( int argc, char **argv )
log_set_name("gpg");
secure_random_alloc(); /* put random number into secure memory */
disable_core_dumps();
#endif
init_signals();
create_dotlock(NULL); /* register locking cleanup */
i18n_init();
@ -600,19 +548,13 @@ main( int argc, char **argv )
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess ) {
#ifdef IS_G10
init_shm_coprocessing(requested_shm_size, 1 );
#else
init_shm_coprocessing(requested_shm_size, 0 );
#endif
}
#endif
#ifdef IS_G10
/* initialize the secure memory. */
secmem_init( 16384 );
maybe_setuid = 0;
/* Okay, we are now working under our real uid */
#endif
if( default_config )
configname = make_filename(opt.homedir, "options", NULL );
@ -661,7 +603,6 @@ main( int argc, char **argv )
case aDeleteSecretKey: set_cmd( &cmd, aDeleteSecretKey); break;
case aDeleteKey: set_cmd( &cmd, aDeleteKey); break;
#ifdef IS_G10
case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
case aSym: set_cmd( &cmd, aSym); break;
case aDecrypt: set_cmd( &cmd, aDecrypt); break;
@ -674,11 +615,10 @@ main( int argc, char **argv )
case aClearsign: set_cmd( &cmd, aClearsign); break;
case aGenRevoke: set_cmd( &cmd, aGenRevoke); break;
case aVerify: set_cmd( &cmd, aVerify); break;
#else
#ifdef MAINTAINER_OPTIONS
case aPrimegen: set_cmd( &cmd, aPrimegen); break;
case aGenRandom: set_cmd( &cmd, aGenRandom); break;
#endif
#ifdef MAINTAINER_OPTIONS
case aPrimegen: set_cmd( &cmd, aPrimegen); break;
case aGenRandom: set_cmd( &cmd, aGenRandom); break;
#endif
case aPrintMD: set_cmd( &cmd, aPrintMD); break;
case aPrintMDs: set_cmd( &cmd, aPrintMDs); break;
case aListTrustDB: set_cmd( &cmd, aListTrustDB); break;
@ -686,13 +626,10 @@ main( int argc, char **argv )
case aUpdateTrustDB: set_cmd( &cmd, aUpdateTrustDB); break;
case aFixTrustDB: set_cmd( &cmd, aFixTrustDB); break;
case aListTrustPath: set_cmd( &cmd, aListTrustPath); break;
case aDeArmor: set_cmd( &cmd, aDeArmor); break;
case aEnArmor: set_cmd( &cmd, aEnArmor); break;
case aDeArmor: set_cmd( &cmd, aDeArmor); greeting = 0; break;
case aEnArmor: set_cmd( &cmd, aEnArmor); greeting = 0; break;
case aExportOwnerTrust: set_cmd( &cmd, aExportOwnerTrust); break;
case aImportOwnerTrust: set_cmd( &cmd, aImportOwnerTrust); break;
#endif /* IS_G10MAINT */
case oArmor: opt.armor = 1; opt.no_armor=0; break;
case oOutput: opt.outfile = pargs.r.ret_str; break;
@ -773,7 +710,6 @@ main( int argc, char **argv )
sl = add_to_strlist( &remusr, pargs.r.ret_str );
sl->flags = 1;
break;
#ifdef IS_G10
case oRecipient: /* store the recipient */
add_to_strlist( &remusr, pargs.r.ret_str );
break;
@ -787,12 +723,6 @@ main( int argc, char **argv )
case oCipherAlgo: def_cipher_string = m_strdup(pargs.r.ret_str); break;
case oDigestAlgo: def_digest_string = m_strdup(pargs.r.ret_str); break;
case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break;
#else
case oCipherAlgo:
case oDigestAlgo:
case oNoSecmemWarn:
break; /* dummies */
#endif
case oCharset:
if( set_native_charset( pargs.r.ret_str ) )
log_error(_("%s is not a valid character set\n"),
@ -824,6 +754,8 @@ main( int argc, char **argv )
log_info("NOTE: this is a development version!\n");
#endif
}
if( opt.batch )
tty_batchmode( 1 );
secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */
@ -958,7 +890,6 @@ main( int argc, char **argv )
log_error_f( print_fname_stdin(fname),
"store failed: %s\n", g10_errstr(rc) );
break;
#ifdef IS_G10
case aSym: /* encrypt the given file only with the symmetric cipher */
if( argc > 1 )
wrong_args(_("--symmetric [filename]"));
@ -1042,8 +973,6 @@ main( int argc, char **argv )
keyedit_menu(fname, locusr, NULL );
break;
#endif /* IS_G10 */
case aDeleteSecretKey:
if( argc != 1 )
wrong_args(_("--delete-secret-key username"));
@ -1086,13 +1015,11 @@ main( int argc, char **argv )
wrong_args(_("-k[v][v][v][c] [userid] [keyring]") );
break;
#ifdef IS_G10
case aKeygen: /* generate a key (interactive) */
if( argc )
wrong_args("--gen-key");
generate_keypair();
break;
#endif
case aFastImport:
case aImport:
@ -1133,15 +1060,12 @@ main( int argc, char **argv )
free_strlist(sl);
break;
#ifdef IS_G10
case aGenRevoke:
if( argc != 1 )
wrong_args("--gen-revoke user-id");
gen_revoke( *argv );
break;
#endif
#ifdef IS_G10MAINT
case aDeArmor:
if( argc > 1 )
wrong_args("--dearmor [file]");
@ -1292,13 +1216,9 @@ main( int argc, char **argv )
import_ownertrust( argc? *argv:NULL );
break;
#endif /* IS_G10MAINT */
case aListPackets:
opt.list_packets=1;
default:
/* fixme: g10maint should do regular maintenace tasks here */
if( argc > 1 )
wrong_args(_("[filename]"));
/* Issue some output for the unix newbie */
@ -1351,7 +1271,6 @@ g10_exit( int rc )
#ifdef IS_G10MAINT
static void
print_hex( byte *p, size_t n )
{
@ -1452,7 +1371,3 @@ print_mds( const char *fname, int algo )
fclose(fp);
}
#endif /* IS_G10MAINT */

2
g10/getkey.c
View file

@ -702,6 +702,8 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist,
if( retctx ) /* caller wants the context */
*retctx = ctx;
else {
/* Hmmm, why not get_pubkey-end here?? */
enum_keyblocks( 2, &ctx->kbpos, NULL ); /* close */
for(n=0; n < ctx->nitems; n++ )
m_free( ctx->items[n].namebuf );
m_free( ctx );

56
g10/import.c
View file

@ -163,7 +163,7 @@ import( IOBUF inp, int fast, const char* fname )
release_kbnode(keyblock);
if( rc )
break;
if( !(++count % 100) )
if( !(++count % 100) && !opt.quiet )
log_info(_("%lu keys so far processed\n"), count );
}
if( rc == -1 )
@ -171,31 +171,33 @@ import( IOBUF inp, int fast, const char* fname )
else if( rc && rc != G10ERR_INV_KEYRING )
log_error_f( fname, _("read error: %s\n"), g10_errstr(rc));
log_info(_("Total number processed: %lu\n"), count );
if( stats.no_user_id )
log_info(_(" w/o user IDs: %lu\n"), stats.no_user_id );
if( stats.imported || stats.imported_rsa ) {
log_info(_(" imported: %lu"), stats.imported );
if( stats.imported_rsa )
fprintf(stderr, " (RSA: %lu)", stats.imported_rsa );
putc('\n', stderr);
if( !opt.quiet ) {
log_info(_("Total number processed: %lu\n"), count );
if( stats.no_user_id )
log_info(_(" w/o user IDs: %lu\n"), stats.no_user_id );
if( stats.imported || stats.imported_rsa ) {
log_info(_(" imported: %lu"), stats.imported );
if( stats.imported_rsa )
fprintf(stderr, " (RSA: %lu)", stats.imported_rsa );
putc('\n', stderr);
}
if( stats.unchanged )
log_info(_(" unchanged: %lu\n"), stats.unchanged );
if( stats.n_uids )
log_info(_(" new user IDs: %lu\n"), stats.n_uids );
if( stats.n_subk )
log_info(_(" new subkeys: %lu\n"), stats.n_subk );
if( stats.n_sigs )
log_info(_(" new signatures: %lu\n"), stats.n_sigs );
if( stats.n_revoc )
log_info(_(" new key revocations: %lu\n"), stats.n_revoc );
if( stats.secret_read )
log_info(_(" secret keys read: %lu\n"), stats.secret_read );
if( stats.secret_imported )
log_info(_(" secret keys imported: %lu\n"), stats.secret_imported );
if( stats.secret_dups )
log_info(_(" secret keys unchanged: %lu\n"), stats.secret_dups );
}
if( stats.unchanged )
log_info(_(" unchanged: %lu\n"), stats.unchanged );
if( stats.n_uids )
log_info(_(" new user IDs: %lu\n"), stats.n_uids );
if( stats.n_subk )
log_info(_(" new subkeys: %lu\n"), stats.n_subk );
if( stats.n_sigs )
log_info(_(" new signatures: %lu\n"), stats.n_sigs );
if( stats.n_revoc )
log_info(_(" new key revocations: %lu\n"), stats.n_revoc );
if( stats.secret_read )
log_info(_(" secret keys read: %lu\n"), stats.secret_read );
if( stats.secret_imported )
log_info(_(" secret keys imported: %lu\n"), stats.secret_imported );
if( stats.secret_dups )
log_info(_(" secret keys unchanged: %lu\n"), stats.secret_dups );
return rc;
}
@ -553,7 +555,9 @@ import_secret_one( const char *fname, KBNODE keyblock )
_("can't write keyring: %s\n"), g10_errstr(rc) );
unlock_keyblock( &kbpos );
/* we are ready */
log_info_f(fname, _("key %08lX: secret key imported\n"), (ulong)keyid[1]);
if( !opt.quiet )
log_info_f(fname, _("key %08lX: secret key imported\n"),
(ulong)keyid[1]);
stats.secret_imported++;
}
else if( !rc ) { /* we can't merge secret keys */

7
g10/keyedit.c
View file

@ -306,8 +306,11 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
tty_printf(
_("The signature will be marked as non-exportable.\n\n"));
if( !cpr_get_answer_is_yes("sign_uid.okay", _("Really sign? ")) )
continue;;
if( opt.batch && opt.answer_yes )
;
else if( !cpr_get_answer_is_yes("sign_uid.okay", _("Really sign? ")) )
continue;
/* now we can sign the user ids */
reloop: /* (must use this, because we are modifing the list) */
primary_pk = NULL;

3
g10/packet.h
View file

@ -139,7 +139,8 @@ typedef struct {
struct {
byte algo; /* cipher used to protect the secret information*/
STRING2KEY s2k;
byte iv[8]; /* initialization vector for CFB mode */
byte ivlen; /* used length of the iv */
byte iv[16]; /* initialization vector for CFB mode */
} protect;
MPI skey[PUBKEY_MAX_NSKEY];
u16 csum; /* checksum */

30
g10/parse-packet.c
View file

@ -1,5 +1,5 @@
/* parse-packet.c - read packets
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -1310,19 +1310,33 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
printf( "\tprotect algo: %d (hash algo: %d)\n",
sk->protect.algo, sk->protect.s2k.hash_algo );
}
if( pktlen < 8 ) {
/* It is really ugly that we don't know the size
* of the IV here in cases we are not aware of the algorithm.
* so a
* sk->protect.ivlen = cipher_get_blocksize(sk->protect.algo);
* won't work. The only solution I see is to hardwire it here.
*/
switch( sk->protect.algo ) {
case 7: case 8: case 9: /* reserved for AES */
case 10: /* Twofish */
sk->protect.ivlen = 16;
break;
default:
sk->protect.ivlen = 8;
}
if( pktlen < sk->protect.ivlen ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
for(i=0; i < 8 && pktlen; i++, pktlen-- )
for(i=0; i < sk->protect.ivlen && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
if( list_mode ) {
printf( "\tprotect IV: ");
for(i=0; i < 8; i++ )
for(i=0; i < sk->protect.ivlen; i++ )
printf(" %02x", temp[i] );
putchar('\n');
}
memcpy(sk->protect.iv, temp, 8 );
memcpy(sk->protect.iv, temp, sk->protect.ivlen );
}
else
sk->is_protected = 0;
@ -1330,7 +1344,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
* If the user is so careless, not to protect his secret key,
* we can assume, that he operates an open system :=(.
* So we put the key into secure memory when we unprotect it. */
if( is_v4 && sk->is_protected ){
if( is_v4 && sk->is_protected ) {
/* ugly; the length is encrypted too, so we read all
* stuff up to the end of the packet into the first
* skey element */
@ -1539,14 +1553,14 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
ed->len = pktlen;
ed->buf = NULL;
ed->new_ctb = new_ctb;
if( pktlen && pktlen < 10 ) {
if( pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */
log_error("packet(%d) too short\n", pkttype);
skip_rest(inp, pktlen);
goto leave;
}
if( list_mode ) {
if( pktlen )
printf(":encrypted data packet:\n\tlength: %lu\n", pktlen-10);
printf(":encrypted data packet:\n\tlength: %lu\n", pktlen);
else
printf(":encrypted data packet:\n\tlength: unknown\n");
}

7
g10/ringedit.c
View file

@ -298,7 +298,7 @@ add_keyblock_resource( const char *url, int force, int secret )
rc = G10ERR_OPEN_FILE;
goto leave;
}
else
else if( !opt.quiet )
log_info( _("%s: directory created\n"), filename );
copy_options_file( filename );
}
@ -329,7 +329,8 @@ add_keyblock_resource( const char *url, int force, int secret )
}
}
#endif
log_info(_("%s: keyring created\n"), filename );
if( !opt.quiet )
log_info(_("%s: keyring created\n"), filename );
}
}
#if HAVE_DOSISH_SYSTEM || 1
@ -1344,7 +1345,7 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root )
unlock_rentry( rentry );
return G10ERR_OPEN_FILE;
}
else
else if( !opt.quiet )
log_info(_("%s: keyring created\n"), rentry->fname );
kbctx=NULL;

15
g10/seckey-cert.c
View file

@ -48,7 +48,6 @@ do_check( PKT_secret_key *sk )
u32 keyid[4]; /* 4! because we need two of them */
CIPHER_HANDLE cipher_hd=NULL;
PKT_secret_key *save_sk;
char save_iv[8];
if( sk->protect.algo == CIPHER_ALGO_NONE )
BUG();
@ -70,11 +69,9 @@ do_check( PKT_secret_key *sk )
cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
m_free(dek);
save_sk = copy_secret_key( NULL, sk );
memcpy(save_iv, sk->protect.iv, 8 );
cipher_decrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
csum = 0;
if( sk->version >= 4 ) {
int ndata;
@ -129,7 +126,6 @@ do_check( PKT_secret_key *sk )
if( csum != sk->csum ) {
copy_secret_key( sk, save_sk );
free_secret_key( save_sk );
memcpy( sk->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
/* the checksum may fail, so we also check the key itself */
@ -137,7 +133,6 @@ do_check( PKT_secret_key *sk )
if( res ) {
copy_secret_key( sk, save_sk );
free_secret_key( save_sk );
memcpy( sk->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
free_secret_key( save_sk );
@ -231,8 +226,12 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
if( cipher_setkey( cipher_hd, dek->key, dek->keylen ) )
log_info(_("WARNING: Weak key detected"
" - please change passphrase again.\n"));
cipher_setiv( cipher_hd, NULL );
cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
sk->protect.ivlen = cipher_get_blocksize( sk->protect.algo );
assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
BUG(); /* yes, we are very careful */
randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1);
cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
if( sk->version >= 4 ) {
#define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY)
byte *bufarr[NMPIS];

5
g10/tdbio.c
View file

@ -443,7 +443,7 @@ tdbio_set_dbname( const char *new_dbname, int create )
#endif
log_fatal( _("%s: can't create directory: %s\n"),
fname, strerror(errno) );
else
else if( !opt.quiet )
log_info( _("%s: directory created\n"), fname );
copy_options_file( fname );
}
@ -489,7 +489,8 @@ tdbio_set_dbname( const char *new_dbname, int create )
if( tdbio_read_record( 0, &rec, RECTYPE_VER ) )
log_fatal( _("%s: invalid trustdb created\n"), db_name );
log_info(_("%s: trustdb created\n"), db_name);
if( !opt.quiet )
log_info(_("%s: trustdb created\n"), db_name);
return 0;
}