security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

A bunch of minor changes

Browse source
This commit is contained in:
Werner Koch 2009-12-21 16:19:09 +00:00
parent 9129fcd868
commit 4b4e243f7d
19 changed files with 312 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

12
g10/ChangeLog
View file

@ -1,3 +1,15 @@
2009-12-21 Werner Koch <wk@g10code.com>
* gpg.c (main): Add dummy options --skip-hidden-recipients and no
variant.
* call-agent.c (agent_get_s2k_count): New.
* gpg.c (main): Set s2k_count to 0.
* (encode_s2k_iterations): Move ...
* passphrase.c (encode_s2k_iterations): ... here. Call
agent_get_s2k_count if called with a 0 arg.
(passphrase_to_dek_ext): Set S2K_COUNT via encode_s2k_iterations.
2009-12-17 Werner Koch <wk@g10code.com>
* sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag.

35
g10/call-agent.c
View file

@ -1254,3 +1254,38 @@ gpg_agent_get_confirmation (const char *desc)
}
/* Return the S2K iteration count as computed by gpg-agent. */
gpg_error_t
agent_get_s2k_count (unsigned long *r_count)
{
gpg_error_t err;
membuf_t data;
char *buf;
*r_count = 0;
err = start_agent (0);
if (err)
return err;
init_membuf (&data, 32);
err = assuan_transact (agent_ctx, "GETINFO s2k_count",
membuf_data_cb, &data,
NULL, NULL, NULL, NULL);
if (err)
xfree (get_membuf (&data, NULL));
else
{
put_membuf (&data, "", 1);
buf = get_membuf (&data, NULL);
if (!buf)
err = gpg_error_from_syserror ();
else
{
*r_count = strtoul (buf, NULL, 10);
xfree (buf);
}
}
return err;
}

3
g10/call-agent.h
View file

@ -137,6 +137,9 @@ gpg_error_t agent_clear_passphrase (const char *cache_id);
/* Present the prompt DESC and ask the user to confirm. */
gpg_error_t gpg_agent_get_confirmation (const char *desc);
/* Return the S2K iteration count as computed by gpg-agent. */
gpg_error_t agent_get_s2k_count (unsigned long *r_count);
#endif /*GNUPG_G10_CALL_AGENT_H*/

4
g10/card-util.c
View file

@ -948,7 +948,7 @@ change_cert (const char *args)
}
else
{
tty_printf ("usage error: redirectrion to file required\n");
tty_printf ("usage error: redirection to file required\n");
return -1;
}
@ -977,7 +977,7 @@ read_cert (const char *args)
}
else
{
tty_printf ("usage error: redirectrion to file required\n");
tty_printf ("usage error: redirection to file required\n");
return -1;
}

45
g10/gpg.c
View file

@ -233,6 +233,8 @@ enum cmd_and_opt_values
oWithSigList,
oWithSigCheck,
oSkipVerify,
oSkipHiddenRecipients,
oNoSkipHiddenRecipients,
oCompressKeys,
oCompressSigs,
oAlwaysTrust,
@ -626,6 +628,9 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (aListSigs, "list-sig", "@"), /* alias */
ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
ARGPARSE_s_n (oCompressKeys, "compress-keys", "@"),
ARGPARSE_s_n (oCompressSigs, "compress-sigs", "@"),
ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
@ -1789,33 +1794,6 @@ parse_trust_model(const char *model)
}
/* Pack an s2k iteration count into the form specified in 2440. If
we're in between valid values, round up. */
static unsigned char
encode_s2k_iterations(int iterations)
{
unsigned char c=0,result;
unsigned int count;
if(iterations<=1024)
return 0;
if(iterations>=65011712)
return 255;
/* Need count to be in the range 16-31 */
for(count=iterations>>6;count>=32;count>>=1)
c++;
result=(c<<4)|(count-16);
if(S2K_DECODE_COUNT(result)<iterations)
result++;
return result;
}
/* This fucntion called to initialized a new control object. It is
assumed that this object has been zeroed out before calling this
function. */
@ -1991,7 +1969,7 @@ main (int argc, char **argv)
opt.cert_digest_algo = 0;
opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_count = 96; /* 65536 iterations */
opt.s2k_count = 0; /* Auto-calibrate when needed. */
#ifdef USE_CAST5
opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
#else
@ -2346,6 +2324,12 @@ main (int argc, char **argv)
case oWithSigList: opt.list_sigs = 1; break;
case oSkipVerify: opt.skip_verify=1; break;
case oSkipHiddenRecipients:
case oNoSkipHiddenRecipients:
/* Dummies for options to be used in 2.1. */
break;
case oCompressKeys: opt.compress_keys = 1; break;
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
/* There are many programs (like mutt) that call gpg with
@ -2507,7 +2491,10 @@ main (int argc, char **argv)
case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
case oS2KCount:
opt.s2k_count=encode_s2k_iterations(pargs.r.ret_int);
if (pargs.r.ret_int)
opt.s2k_count = encode_s2k_iterations (pargs.r.ret_int);
else
opt.s2k_count = 0; /* Auto-calibrate when needed. */
break;
case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break;
case oNoEncryptTo: opt.no_encrypt_to = 1; break;

1
g10/keydb.h
View file

@ -196,6 +196,7 @@ int build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
int unlock, unsigned use );
/*-- passphrase.h --*/
unsigned char encode_s2k_iterations (int iterations);
assuan_context_t agent_open (int try, const char *orig_codeset);
void agent_close (assuan_context_t ctx);
int have_static_passphrase(void);

62
g10/passphrase.c
View file

@ -50,6 +50,58 @@ static char *next_pw = NULL;
static char *last_pw = NULL;
/* Pack an s2k iteration count into the form specified in 2440. If
we're in between valid values, round up. With value 0 return the
old default. */
unsigned char
encode_s2k_iterations (int iterations)
{
gpg_error_t err;
unsigned char c=0;
unsigned char result;
unsigned int count;
if (!iterations)
{
unsigned long mycnt;
/* Ask the gpg-agent for a useful iteration count. */
err = agent_get_s2k_count (&mycnt);
if (err || mycnt < 65536)
{
/* Don't print an error if an older agent is used. */
if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
/* Default to 65536 which we used up to 2.0.13. */
return 96;
}
else if (mycnt >= 65011712)
return 255; /* Largest possible value. */
else
return encode_s2k_iterations ((int)mycnt);
}
if (iterations <= 1024)
return 0; /* Command line arg compatibility. */
if (iterations >= 65011712)
return 255;
/* Need count to be in the range 16-31 */
for (count=iterations>>6; count>=32; count>>=1)
c++;
result = (c<<4)|(count-16);
if (S2K_DECODE_COUNT(result) < iterations)
result++;
return result;
}
/* Hash a passphrase using the supplied s2k.
Always needs: dek->algo, s2k->mode, s2k->hash_algo. */
static void
@ -474,7 +526,15 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
{
gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
if ( s2k->mode == 3 )
s2k->count = opt.s2k_count;
{
/* We delay the encoding until it is really needed. This is
if we are going to dynamically calibrate it, we need to
call out to gpg-agent and that should not be done during
option processing in main(). */
if (!opt.s2k_count)
opt.s2k_count = encode_s2k_iterations (0);
s2k->count = opt.s2k_count;
}
}
/* If we do not have a passphrase available in NEXT_PW and status

4
g10/trustdb.c
View file

@ -1661,7 +1661,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
/* Everything else we delete */
/* At this point, if 12 is set, the signing key was unavailable.
If 9 or 10 is set, it's superceded. Otherwise, it's
If 9 or 10 is set, it's superseded. Otherwise, it's
invalid. */
if(noisy)
@ -1669,7 +1669,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
keystr(node->pkt->pkt.signature->keyid),
uidnode->pkt->pkt.user_id->name,
node->flag&(1<<12)?"key unavailable":
node->flag&(1<<9)?"signature superceded":"invalid signature");
node->flag&(1<<9)?"signature superseded":"invalid signature");
delete_kbnode(node);
deleted++;