1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-11 13:14:25 +01:00

* import.c (import_secret_one): Check for an illegal (>110) protection

cipher when importing a secret key.

* keylist.c (list_keyblock_print): Show a '#' for a secret-parts-missing
key.

* parse_packet.c (parse_key): Some comments.

* revoke.c (gen_revoke): Remove some debugging code.

* trustdb.c (verify_own_keys): Make trusted-key a non-deprecated option
again.
This commit is contained in:
David Shaw 2002-10-02 21:56:03 +00:00
parent b8e23f7cb2
commit 27d526298b
6 changed files with 37 additions and 14 deletions

View File

@ -1,3 +1,18 @@
2002-10-02 David Shaw <dshaw@jabberwocky.com>
* import.c (import_secret_one): Check for an illegal (>110)
protection cipher when importing a secret key.
* keylist.c (list_keyblock_print): Show a '#' for a
secret-parts-missing key.
* parse_packet.c (parse_key): Some comments.
* revoke.c (gen_revoke): Remove some debugging code.
* trustdb.c (verify_own_keys): Make trusted-key a non-deprecated
option again.
2002-10-01 David Shaw <dshaw@jabberwocky.com> 2002-10-01 David Shaw <dshaw@jabberwocky.com>
* seckey-cert.c (do_check): Don't give the IDEA warning unless the * seckey-cert.c (do_check): Don't give the IDEA warning unless the

View File

@ -839,6 +839,13 @@ import_secret_one( const char *fname, KBNODE keyblock,
return 0; return 0;
} }
if(sk->protect.algo>110)
{
log_error(_("key %08lX: secret key with invalid cipher %d "
"- skipped\n"),(ulong)keyid[1],sk->protect.algo);
return 0;
}
clear_kbnode_flags( keyblock ); clear_kbnode_flags( keyblock );
/* do we have this key already in one of our secrings ? */ /* do we have this key already in one of our secrings ? */

View File

@ -409,10 +409,11 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
pk = NULL; pk = NULL;
sk = node->pkt->pkt.secret_key; sk = node->pkt->pkt.secret_key;
keyid_from_sk( sk, keyid ); keyid_from_sk( sk, keyid );
printf("sec %4u%c/%08lX %s ", nbits_from_sk( sk ), printf("sec%c %4u%c/%08lX %s ", (sk->protect.s2k.mode==1001)?'#':' ',
pubkey_letter( sk->pubkey_algo ), nbits_from_sk( sk ),
(ulong)keyid[1], pubkey_letter( sk->pubkey_algo ),
datestr_from_sk( sk ) ); (ulong)keyid[1],
datestr_from_sk( sk ) );
} }
else { else {
pk = node->pkt->pkt.public_key; pk = node->pkt->pkt.public_key;

View File

@ -1574,6 +1574,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
} }
sk->protect.sha1chk = (sk->protect.algo == 254); sk->protect.sha1chk = (sk->protect.algo == 254);
sk->protect.algo = iobuf_get_noeof(inp); pktlen--; sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
/* Note that a sk->protect.algo > 110 is illegal, but
I'm not erroring on it here as otherwise there
would be no way to delete such a key. */
sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--; sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--; sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
/* check for the special GNU extension */ /* check for the special GNU extension */
@ -1647,6 +1650,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
(ulong)sk->protect.s2k.count); (ulong)sk->protect.s2k.count);
} }
} }
/* Note that a sk->protect.algo > 110 is illegal, but I'm
not erroring on it here as otherwise there would be no
way to delete such a key. */
else { /* old version; no S2K, so we set mode to 0, hash MD5 */ else { /* old version; no S2K, so we set mode to 0, hash MD5 */
sk->protect.s2k.mode = 0; sk->protect.s2k.mode = 0;
sk->protect.s2k.hash_algo = DIGEST_ALGO_MD5; sk->protect.s2k.hash_algo = DIGEST_ALGO_MD5;

View File

@ -551,7 +551,9 @@ gen_revoke( const char *uname )
if(opt.pgp2 || opt.pgp6 || opt.pgp7) if(opt.pgp2 || opt.pgp6 || opt.pgp7)
{ {
rc=export_minimal_pk(out,NULL /*pub_keyblock*/,sig,NULL); /* Use a minimal pk for PGPx mode, since PGP can't import bare
revocation certificates. */
rc=export_minimal_pk(out,pub_keyblock,sig,NULL);
if(rc) if(rc)
goto leave; goto leave;
} }

View File

@ -247,7 +247,6 @@ verify_own_keys(void)
ulong recnum; ulong recnum;
int rc; int rc;
struct key_item *k; struct key_item *k;
int hint_shown = 0;
if (utk_list) if (utk_list)
return; return;
@ -296,14 +295,7 @@ verify_own_keys(void)
| TRUST_ULTIMATE )); | TRUST_ULTIMATE ));
release_public_key_parts (&pk); release_public_key_parts (&pk);
} }
if (!hint_shown) log_info (_("key %08lX marked as ultimately trusted\n"),
{
log_info ("the --trusted-key option is now obsolete; "
"use the --edit command instead.\n");
log_info ("given keys will be marked as trusted\n");
hint_shown = 1;
}
log_info ("key %08lX marked as ultimately trusted\n",
(ulong)k->kid[1]); (ulong)k->kid[1]);
} }
} }