security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-05-28 21:50:02 +02:00
Code Activity

Merged most of David Shaw's changes in 1.3 since 2003-06-03.

Browse Source
This commit is contained in:
Werner Koch 2003-09-23 17:48:33 +00:00
parent 47959a306e
commit 4c66e94ff9
45 changed files with 1489 additions and 509 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ChangeLog
View File

@ -1,3 +1,17 @@
2003-09-23 Werner Koch <wk@gnupg.org>
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
* configure.ac: Drop all TIGER/192 support.
(uint64_t): Check for UINT64_C to go along with uint64_t.
(getaddrinfo): Check for it.
(sigset_t): Check for sigset_t and struct sigaction. This is for
Forte c89 on Solaris which seems to define only the function call
half of the two pairs by default.
(W32LIBS): Include wsock32 in W32LIBS. This is different from
NETLIBS so we don't need to force other platforms to pull in the
netlibs when they aren't actually needed.
2003-09-06 Werner Koch <wk@gnupg.org> 2003-09-06 Werner Koch <wk@gnupg.org>
Released 1.9.1. Released 1.9.1.

2
TODO
View File

@ -63,3 +63,5 @@ might want to have an agent context for each service request
* ALL * ALL
** Return IMPORT_OK status. ** Return IMPORT_OK status.
* Where is http.c, regcomp.c, srv.c, w32reg.c ?

8
common/ChangeLog
View File

@ -1,3 +1,11 @@
2003-09-23 Werner Koch <wk@gnupg.org>
* iobuf.c (check_special_filename): Replaced is isdigit by digitp
to avoid passing negative values and potential locale problems.
Problem noted by Christian Biere.
* util.h (ascii_isspace): New.
2003-09-18 Werner Koch <wk@gnupg.org> 2003-09-18 Werner Koch <wk@gnupg.org>
* ttyio.c (tty_fprintf): New. * ttyio.c (tty_fprintf): New.

20
common/iobuf.c
View File

@ -101,7 +101,7 @@ typedef struct close_cache_s *CLOSE_CACHE;
static CLOSE_CACHE close_cache; static CLOSE_CACHE close_cache;
#endif #endif
#ifdef __MINGW32__ #ifdef _WIN32
typedef struct typedef struct
{ {
int sock; int sock;
@ -112,7 +112,7 @@ typedef struct
char fname[1]; /* name of the file */ char fname[1]; /* name of the file */
} }
sock_filter_ctx_t; sock_filter_ctx_t;
#endif /*__MINGW32__*/ #endif /*_WIN32*/
/* The first partial length header block must be of size 512 /* The first partial length header block must be of size 512
* to make it easier (and efficienter) we use a min. block size of 512 * to make it easier (and efficienter) we use a min. block size of 512
@ -580,7 +580,7 @@ file_filter (void *opaque, int control, iobuf_t chain, byte * buf,
return rc; return rc;
} }
#ifdef __MINGW32__ #ifdef _WIN32
/* Becuase sockets are an special object under Lose32 we have to /* Becuase sockets are an special object under Lose32 we have to
* use a special filter */ * use a special filter */
static int static int
@ -667,7 +667,7 @@ sock_filter (void *opaque, int control, iobuf_t chain, byte * buf,
} }
return rc; return rc;
} }
#endif /*__MINGW32__*/ #endif /*_WIN32*/
/**************** /****************
* This is used to implement the block write mode. * This is used to implement the block write mode.
@ -1171,7 +1171,7 @@ check_special_filename (const char *fname)
int i; int i;
fname += 2; fname += 2;
for (i = 0; isdigit (fname[i]); i++) for (i = 0; digitp (fname+i); i++)
; ;
if (!fname[i]) if (!fname[i])
return atoi (fname); return atoi (fname);
@ -1262,7 +1262,7 @@ iobuf_t
iobuf_sockopen (int fd, const char *mode) iobuf_sockopen (int fd, const char *mode)
{ {
iobuf_t a; iobuf_t a;
#ifdef __MINGW32__ #ifdef _WIN32
sock_filter_ctx_t *scx; sock_filter_ctx_t *scx;
size_t len; size_t len;
@ -1405,7 +1405,7 @@ iobuf_ioctl (iobuf_t a, int cmd, int intval, void *ptrval)
b->keep_open = intval; b->keep_open = intval;
return 0; return 0;
} }
#ifdef __MINGW32__ #ifdef _WIN32
else if (!a->chain && a->filter == sock_filter) else if (!a->chain && a->filter == sock_filter)
{ {
sock_filter_ctx_t *b = a->filter_ov; sock_filter_ctx_t *b = a->filter_ov;
@ -1440,7 +1440,7 @@ iobuf_ioctl (iobuf_t a, int cmd, int intval, void *ptrval)
b->no_cache = intval; b->no_cache = intval;
return 0; return 0;
} }
#ifdef __MINGW32__ #ifdef _WIN32
else if (!a->chain && a->filter == sock_filter) else if (!a->chain && a->filter == sock_filter)
{ {
sock_filter_ctx_t *b = a->filter_ov; sock_filter_ctx_t *b = a->filter_ov;
@ -2363,7 +2363,7 @@ iobuf_read_line (iobuf_t a, byte ** addr_of_buffer,
int int
iobuf_translate_file_handle (int fd, int for_write) iobuf_translate_file_handle (int fd, int for_write)
{ {
#ifdef __MINGW32__ #ifdef _WIN32
{ {
int x; int x;
@ -2387,7 +2387,7 @@ iobuf_translate_file_handle (int fd, int for_write)
static int static int
translate_file_handle (int fd, int for_write) translate_file_handle (int fd, int for_write)
{ {
#ifdef __MINGW32__ #ifdef _WIN32
#ifdef FILE_FILTER_USES_STDIO #ifdef FILE_FILTER_USES_STDIO
fd = iobuf_translate_file_handle (fd, for_write); fd = iobuf_translate_file_handle (fd, for_write);
#else #else

16
common/ttyio.c
View File

@ -37,7 +37,7 @@
#define HAVE_TCGETATTR #define HAVE_TCGETATTR
#endif #endif
#endif #endif
#ifdef __MINGW32__ /* use the odd Win32 functions */ #ifdef _WIN32 /* use the odd Win32 functions */
#include <windows.h> #include <windows.h>
#ifdef HAVE_TCGETATTR #ifdef HAVE_TCGETATTR
#error mingw32 and termios #error mingw32 and termios
@ -51,7 +51,7 @@
#define CONTROL_D ('D' - 'A' + 1) #define CONTROL_D ('D' - 'A' + 1)
#ifdef __MINGW32__ /* use the odd Win32 functions */ #ifdef _WIN32 /* use the odd Win32 functions */
static struct { static struct {
HANDLE in, out; HANDLE in, out;
} con; } con;
@ -124,7 +124,7 @@ init_ttyfp(void)
if( initialized ) if( initialized )
return; return;
#if defined(__MINGW32__) #if defined(_WIN32)
{ {
SECURITY_ATTRIBUTES sa; SECURITY_ATTRIBUTES sa;
@ -194,7 +194,7 @@ tty_printf( const char *fmt, ... )
init_ttyfp(); init_ttyfp();
va_start( arg_ptr, fmt ) ; va_start( arg_ptr, fmt ) ;
#ifdef __MINGW32__ #ifdef _WIN32
{ {
char *buf = NULL; char *buf = NULL;
int n; int n;
@ -241,7 +241,7 @@ tty_fprintf (FILE *fp, const char *fmt, ... )
init_ttyfp(); init_ttyfp();
va_start( arg_ptr, fmt ) ; va_start( arg_ptr, fmt ) ;
#ifdef __MINGW32__ #ifdef _WIN32
{ {
char *buf = NULL; char *buf = NULL;
int n; int n;
@ -278,7 +278,7 @@ tty_print_string ( const byte *p, size_t n )
if( !initialized ) if( !initialized )
init_ttyfp(); init_ttyfp();
#ifdef __MINGW32__ #ifdef _WIN32
/* not so effective, change it if you want */ /* not so effective, change it if you want */
for( ; n; n--, p++ ) for( ; n; n--, p++ )
if( iscntrl( *p ) ) { if( iscntrl( *p ) ) {
@ -372,7 +372,7 @@ do_get( const char *prompt, int hidden )
buf = xmalloc((n=50)); buf = xmalloc((n=50));
i = 0; i = 0;
#ifdef __MINGW32__ /* windoze version */ #ifdef _WIN32 /* windoze version */
if( hidden ) if( hidden )
SetConsoleMode(con.in, HID_INPMODE ); SetConsoleMode(con.in, HID_INPMODE );
@ -527,7 +527,7 @@ tty_kill_prompt()
last_prompt_len = 0; last_prompt_len = 0;
if( !last_prompt_len ) if( !last_prompt_len )
return; return;
#ifdef __MINGW32__ #ifdef _WIN32
tty_printf("\r%*s\r", last_prompt_len, ""); tty_printf("\r%*s\r", last_prompt_len, "");
#else #else
{ {

4
common/util.h
View File

@ -107,6 +107,10 @@ int asprintf (char **result, const char *format, ...);
#define hexdigitp(a) (digitp (a) \ #define hexdigitp(a) (digitp (a) \
|| (*(a) >= 'A' && *(a) <= 'F') \ || (*(a) >= 'A' && *(a) <= 'F') \
|| (*(a) >= 'a' && *(a) <= 'f')) || (*(a) >= 'a' && *(a) <= 'f'))
/* Note this isn't identical to a C locale isspace() without \f and
\v, but works for the purposes used here. */
#define ascii_isspace(a) ((a)==' ' || (a)=='\n' || (a)=='\r' || (a)=='\t')
/* the atoi macros assume that the buffer has only valid digits */ /* the atoi macros assume that the buffer has only valid digits */
#define atoi_1(p) (*(p) - '0' ) #define atoi_1(p) (*(p) - '0' )
#define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1)) #define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1))

36
configure.ac
View File

@ -647,7 +647,17 @@ AC_CHECK_SIZEOF(unsigned short)
AC_CHECK_SIZEOF(unsigned int) AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(unsigned long) AC_CHECK_SIZEOF(unsigned long)
AC_CHECK_SIZEOF(unsigned long long) AC_CHECK_SIZEOF(unsigned long long)
AC_CHECK_SIZEOF(uint64_t) # Ensure that we have UINT64_C before we bother to check for uint64_t
# fixme: really needed in gnupg? I think it is only useful in libcgrypt.
AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([#include <inttypes.h>
uint64_t foo=UINT64_C(42);]),gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
if test "$gnupg_cv_uint64_c_works" = "yes" ; then
AC_CHECK_SIZEOF(uint64_t)
fi
if test "$ac_cv_sizeof_unsigned_short" = "0" \ if test "$ac_cv_sizeof_unsigned_short" = "0" \
|| test "$ac_cv_sizeof_unsigned_int" = "0" \ || test "$ac_cv_sizeof_unsigned_int" = "0" \
@ -660,19 +670,8 @@ if test "$ac_cv_sizeof_unsigned_int" != "8" \
&& test "$ac_cv_sizeof_unsigned_long" != "8" \ && test "$ac_cv_sizeof_unsigned_long" != "8" \
&& test "$ac_cv_sizeof_unsigned_long_long" != "8" \ && test "$ac_cv_sizeof_unsigned_long_long" != "8" \
&& test "$ac_cv_sizeof_uint64_t" != "8"; then && test "$ac_cv_sizeof_uint64_t" != "8"; then
AC_MSG_WARN([No 64-bit types. Disabling TIGER/192, SHA-384, and SHA-512]) AC_MSG_WARN([No 64-bit types. Disabling SHA-384, and SHA-512])
else else
if test x"$use_tiger192" = xyes ; then
AC_SUBST(TIGER_O,tiger.o)
AC_DEFINE(USE_TIGER192,1,[Define to include the TIGER/192 digest])
fi
if test "$use_old_tiger192" = yes ; then
AC_SUBST(TIGER_O,tiger.o)
AC_DEFINE(USE_TIGER192,1,[Define to include the TIGER/192 digest])
AC_DEFINE(USE_OLD_TIGER,1,[Define to use the old fake OID for TIGER/192 digest support])
fi
if test x"$use_sha512" = xyes ; then if test x"$use_sha512" = xyes ; then
AC_SUBST(SHA512_O,sha512.o) AC_SUBST(SHA512_O,sha512.o)
AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests]) AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests])
@ -689,9 +688,11 @@ AC_CHECK_FUNCS(strerror stpcpy strsep strlwr tcgetattr strtoul mmap)
AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times) AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times)
AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime) AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime)
AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale) AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale)
AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat) AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo)
# These are needed by libjnlib - fixme: we should have a macros for them AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
# These are needed by libjnlib - fixme: we should have macros for them
AC_CHECK_FUNCS(memicmp stpcpy strlwr strtoul memmove stricmp strtol) AC_CHECK_FUNCS(memicmp stpcpy strlwr strtoul memmove stricmp strtol)
AC_CHECK_FUNCS(getrusage setrlimit stat setlocale) AC_CHECK_FUNCS(getrusage setrlimit stat setlocale)
AC_CHECK_FUNCS(flockfile funlockfile) AC_CHECK_FUNCS(flockfile funlockfile)
@ -703,6 +704,8 @@ AC_REPLACE_FUNCS(fseeko ftello)
AC_REPLACE_FUNCS(isascii) AC_REPLACE_FUNCS(isascii)
AC_REPLACE_FUNCS(putc_unlocked) AC_REPLACE_FUNCS(putc_unlocked)
# #
# check for gethrtime and run a testprogram to see whether # check for gethrtime and run a testprogram to see whether
# it is broken. It has been reported that some Solaris and HP UX systems # it is broken. It has been reported that some Solaris and HP UX systems
@ -877,7 +880,7 @@ GNUPG_CHECK_GNUMAKE
# mysterious reasons - the final link step should bail out. # mysterious reasons - the final link step should bail out.
case "${target}" in case "${target}" in
*-*-mingw32*) *-*-mingw32*)
LIBS="$LIBS -lwsock32" W32LIBS="-lwsock32"
;; ;;
*) *)
;; ;;
@ -893,6 +896,7 @@ if test "$GCC" = yes; then
fi fi
AC_SUBST(NETLIBS) AC_SUBST(NETLIBS)
AC_SUBST(W32LIBS)
# We use jnlib, so tell other modules about it # We use jnlib, so tell other modules about it

264
g10/ChangeLog
View File

@ -1,3 +1,267 @@
2003-09-23 Werner Koch <wk@gnupg.org>
Merged most of David Shaw's changes in 1.3 since 2003-06-03.
* Makefile.am: Include W32LIBS where appropriate.
* armor.c (parse_hash_header,armor_filter): Drop TIGER/192 support.
* g10.c (print_hex,print_mds): Ditto.
* pkclist.c (algo_available): Ditto.
* armor.c (armor_filter): Allow using --comment multiple times to
get multiple Comment header lines. --no-comments resets list.
* options.h, g10.c (main): Ditto. Deprecate --default-comment in
favor of --no-comments.
* g10.c (main): Trim --help to commonly used options. Remove -f.
* g10.c (main): Add --multifile as an alias to turn --encrypt into
--encrypt-files (plus --verify-files, --decrypt-files). Error out
if --multifile is used with the commands that don't support it yet.
* encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440
directly to check for MDC usability. Do not set the force_mdc or
disable_mdc flags since there is no point any longer.
* g10.c (main): Use "keyserver-url" instead of
"preferred-keyserver" for the sake of short and simple commands.
(add_keyserver_url): Clarify a few strings. It's a
"preferred keyserver URL".
* keyedit.c (keyedit_menu): Ditto.
* sign.c (mk_notation_policy_etc): Ditto.
* main.h, keygen.c (keygen_add_keyserver_url): Signature callback
for adding a keyserver URL.
* keyedit.c (keyedit_menu, menu_set_keyserver_url): New command to
set preferred keyserver to specified (or all) user IDs.
* build-packet.c (build_sig_subpkt): Set preferred keyserver flag
while building a preferred keyserver subpacket.
* keylist.c (show_policy_url, show_keyserver_url): URLs might be
UTF8.
* keyedit.c (menu_addrevoker): Fix leaking a few bytes.
* keyedit.c (show_key_with_all_names): Use list-option
show-long-keyid in main --edit-key display.
* keyedit.c (print_and_check_one_sig): Use list-option
show-long-keyid in --edit-key "check" function.
* passphrase.c (agent_send_all_options): Make use of $GPG_TTY.
* g10.c (main): Disable use-agent if passphrase-fd is given
later. Suggested by Kurt Garloff.
* exec.c, g10.c, gpgv.c, passphrase.c, photoid.c:
s/__MINGW32__/_WIN32/ to help building on native Windows
compilers. Requested by Brian Gladman. From Werner on stable
branch.
* options.h, g10.c (main): Add list-option
list-preferred-keyserver.
* keyedit.c (change_passphrase): When responding 'no' to the blank
passphrase question, re-prompt for a new passphrase. This is bug
#202.
* mainproc.c (check_sig_and_print): Use two different preferred
keyserver displays - one if the key is not present (to tell the
user where to get the key), the other if it is present (to tell
the user where the key can be refreshed).
* packet.h, parse-packet.c (parse_signature): Set flag if a
preferred keyserver is present.
* keylist.c (list_keyblock_print): Show keyserver url in listings
with list-option show-keyserver-url.
* mainproc.c (check_sig_and_print): Get the uid validity before
printing any sig results to avoid munging the output with trustdb
warnings.
* g10.c (main): Don't include --show-keyring in --help as it is
deprecated.
* options.skel: Note that keyserver.pgp.com isn't synchronized,
and explain the roundrobin a bit better.
* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts,
collapse_uids, merge_blocks): Make much quieter during import of
slightly munged, but recoverable, keys. Use log_error for
unrecoverable import failures.
* keyring.c (keyring_rebuild_cache): Comment.
* sign.c (mk_notation_and_policy): Making a v3 signature with
notations or policy urls is an error, not an info (i.e. increment
the errorcount). Don't print the notation or policy url to stdout
since it can be mixed into the output stream when piping and munge
the stream.
* packet.h, sig-check.c (signature_check2, do_check,
do_check_messages): Provide a signing-key-is-revoked flag. Change
all callers.
* status.h, status.c (get_status_string): New REVKEYSIG status tag
for a good signature from a revoked key.
* mainproc.c (do_check_sig, check_sig_and_print): Use it here.
* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare
actual signatures on import rather than using keyid or class
matching. This does not change actual behavior with a key, but
does mean that all sigs are imported whether they will be used or
not.
* parse-packet.c (parse_signature): Don't give "signature packet
without xxxx" warnings for experimental pk algorithms. An
experimental algorithm may not have a notion of (for example) a
keyid (i.e. PGP's x.509 stuff).
* options.h, g10.c (main), keylist.c (list_keyblock_print),
keyedit.c (print_and_check_one_sig): New "show-sig-expire"
list-option to show signature expiration dates (if any).
* options.h, g10.c (main, add_keyserver_url): Add
--sig-preferred-keyserver to implant a "where to get my key"
subpacket into a signature.
* sign.c (mk_notation_and_policy): Rename to
mk_notation_policy_etc and add preferred keyserver support for
signatures.
* keygen.c (do_add_key_flags): Don't set the certify flag for
subkeys.
(ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal
subkeys.
(generate_keypair): Provide key flags for the default DSA/Elgamal
keys.
* sig-check.c (signature_check, signature_check2,
check_key_signature, check_key_signature2): Allow passing NULLs
for unused parameters in the x2 form of each function to avoid the
need for dummy variables. getkey.c, mainproc.c: Change all
callers.
* trustdb.h, trustdb.c (read_trust_options): New. Returns items
from the trustdb version record.
* keylist.c (public_key_list): Use it here for the new "tru"
record.
* gpgv.c (read_trust_options): Stub.
* keyedit.c (show_key_with_all_names): Use list-option
show-validity in --edit-key interface as well.
* options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
verify-options "show-validity" and "show-long-keyid" to show
trustdb validity and long keyids during (file) signature
verification.
* packet.h, main.h, sig-check.c (signature_check2)
(check_key_signature2, do_check): If ret_pk is set, fill in the pk
used to verify the signature. Change all callers in getkey.c,
mainproc.c, and sig-check.c.
* keylist.c (list_keyblock_colon): Use the ret_pk from above to
put the fingerprint of the signing key in "sig" records during a
--with-colons --check-sigs. This requires --no-sig-cache as well
since we don't cache fingerprints.
* parse-packet.c (parse_signature): No need to reserve 8 bytes for
the unhashed signature cache any longer.
* misc.c (pct_expando): Add two new expandos - signer's
fingerprint (%g), and signer's primary fingerprint (%p).
* g10.c (main): Add --rfc2440 alias for --openpgp since in a few
months, they won't be the same thing.
* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for
"hkp", since it is occasionally written that way.
(keyserver_spawn): Use ascii_isspace to avoid locale issues.
* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the
email field as well as the name field, and allow mixing fields
when it is set.
* trustdb.c (validate_one_keyblock): Certifications on revoked or
expired uids do not count in the web of trust.
* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we
have struct sigaction. This is for Forte c89 on Solaris which
seems to define only the function call half of the two pairs by
default.
(pause_on_sigusr): Typo.
(do_block): If we can't use sigprocmask() and sigset_t, try to get
the number of signals from NSIG as well as MAXSIG, and if we
can't, fail with an explanation.
* signal.c, tdbio.c: Comment out the transaction code. It was not
used in this version, and was causing some build problems on
quasi-posix platforms (Solaris and Forte c89).
* keylist.c (list_keyblock_colon): Don't include validity values
when listing secret keys since they can be incorrect and/or
misleading. This is a temporary kludge, and will be handled
properly in 1.9/2.0.
* mainproc.c (check_sig_and_print): Only show the "key available
from" preferred keyserver line if the key is not currently
present.
* keyedit.c (sign_uids): Do not sign expired uids without --expert
(same behavior as revoked uids). Do not allow signing a user ID
without a self-signature. --expert overrides. Add additional
prompt to the signature level question.
(menu_expire): When changing expiration dates, don't replace
selfsigs on revoked uids since this would effectively unrevoke
them. There is also no point in replacing expired selfsigs. This
is bug #181
* g10.c (add_notation_data): Make sure that only ascii is passed
to iscntrl. Noted by Christian Biere.
* getkey.c (classify_user_id2): Replaced isspace by spacep
* keygen.c (ask_user_id): Ditto.
(get_parameter_algo): Ditto.
* keyedit.c (keyedit_menu): Ditto.
* tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/.
* revoke.c (ask_revocation_reason):
* keyserver.c (keyserver_spawn): Dito.
* parse-packet.c (parse): Disallow old style partial length for
all key material packets to avoid possible corruption of keyrings.
* import.c (import_keys_internal): Invalidate the cache so that
the file descriptor gets closed. Fixes bug reported by Juan
F. Codagnone.
* options.h, g10.c (main), main.h, keylist.c (show_keyserver_url),
mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt,
parse_one_sig_subpkt, can_handle_critical): Add read-only support
for preferred keyserver subpackets. They're basically policy URLs
with a different name. Add a verify-option
"show-preferred-keyserver" to turn them on and off (on by default,
as per stable branch).
* g10.c (main): Add "--set-notation" as alias to "--notation-data"
this is to make things consistent with --set-policy-url meaning
both sigs and certs.
* options.h, g10.c (main), keylist.c (list_keyblock_print): Add
"show-validity" and "show-long-keyid" list-options.
* gpgv.c (get_validity, trust_value_to_string): Stubs.
* g10.c (main): Use SAFE_VERSION instead of VERSION in the
version-specific gpg.conf file so it can be overridden on RISCOS.
* keyedit.c (show_key_with_all_names): Fix assertion failure when
using toggle to see a secret key. Reported by Maxim Britov.
2003-09-22 Timo Schulz <twoaday@freakmail.de> 2003-09-22 Timo Schulz <twoaday@freakmail.de>
* card-util.c (card_status): Free pk in case of an error * card-util.c (card_status): Free pk in case of an error

2
g10/Makefile.am
View File

@ -109,7 +109,7 @@ gpgv2_SOURCES = gpgv.c \
# ks-db.h \ # ks-db.h \
# $(common_source) # $(common_source)
LDADD = $(needed_libs) @INTLLIBS@ @CAPLIBS@ @ZLIBS@ LDADD = $(needed_libs) @INTLLIBS@ @CAPLIBS@ @ZLIBS@ @W32LIBS@
gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error
gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error

39
g10/armor.c
View File

@ -249,16 +249,12 @@ parse_hash_header( const char *line )
found |= 2; found |= 2;
else if( !strncmp( s, "MD5", s2-s ) ) else if( !strncmp( s, "MD5", s2-s ) )
found |= 4; found |= 4;
else if( !strncmp( s, "TIGER192", s2-s ) )
found |= 8;
else if( !strncmp( s, "TIGER", s2-s ) ) /* used by old versions */
found |= 8;
else if( !strncmp( s, "SHA256", s2-s ) ) else if( !strncmp( s, "SHA256", s2-s ) )
found |= 16; found |= 8;
else if( !strncmp( s, "SHA384", s2-s ) ) else if( !strncmp( s, "SHA384", s2-s ) )
found |= 32; found |= 16;
else if( !strncmp( s, "SHA512", s2-s ) ) else if( !strncmp( s, "SHA512", s2-s ) )
found |= 64; found |= 32;
else else
return 0; return 0;
for(; *s2 && (*s2==' ' || *s2 == '\t'); s2++ ) for(; *s2 && (*s2==' ' || *s2 == '\t'); s2++ )
@ -899,12 +895,10 @@ armor_filter( void *opaque, int control,
if( hashes & 4 ) if( hashes & 4 )
buf[n++] = DIGEST_ALGO_MD5; buf[n++] = DIGEST_ALGO_MD5;
if( hashes & 8 ) if( hashes & 8 )
buf[n++] = DIGEST_ALGO_TIGER;
if( hashes & 16 )
buf[n++] = DIGEST_ALGO_SHA256; buf[n++] = DIGEST_ALGO_SHA256;
if( hashes & 32 ) if( hashes & 16 )
buf[n++] = DIGEST_ALGO_SHA384; buf[n++] = DIGEST_ALGO_SHA384;
if( hashes & 64 ) if( hashes & 32 )
buf[n++] = DIGEST_ALGO_SHA512; buf[n++] = DIGEST_ALGO_SHA512;
buf[1] = n - 2; buf[1] = n - 2;
@ -932,6 +926,7 @@ armor_filter( void *opaque, int control,
else if( control == IOBUFCTRL_FLUSH && !afx->cancel ) { else if( control == IOBUFCTRL_FLUSH && !afx->cancel ) {
if( !afx->status ) { /* write the header line */ if( !afx->status ) { /* write the header line */
const char *s; const char *s;
STRLIST comment = opt.comments;
if( afx->what >= DIM(head_strings) ) if( afx->what >= DIM(head_strings) )
log_bug("afx->what=%d", afx->what); log_bug("afx->what=%d", afx->what);
@ -942,22 +937,24 @@ armor_filter( void *opaque, int control,
iobuf_writestr(a, "Version: GnuPG v" VERSION " (" iobuf_writestr(a, "Version: GnuPG v" VERSION " ("
PRINTABLE_OS_NAME ")" LF ); PRINTABLE_OS_NAME ")" LF );
/* write the comment string or a default one */ /* Write the comment string. */
s = opt.comment_string; for(s=comment? comment->d:NULL; comment;
if( s && *s ) { comment=comment->next,s=comment->d)
{
iobuf_writestr(a, "Comment: " ); iobuf_writestr(a, "Comment: " );
for( ; *s; s++ ) { for ( ; *s; s++ )
{
if( *s == '\n' ) if( *s == '\n' )
iobuf_writestr(a, "\\n" ); iobuf_writestr(a, "\\n" );
else if( *s == '\r' ) else if( *s == '\r' )
iobuf_writestr(a, "\\r" ); iobuf_writestr(a, "\\r" );
else if( *s == '\v' ) else if( *s == '\v' )
iobuf_writestr(a, "\\v" ); iobuf_writestr(a, "\\v" );
else else
iobuf_put(a, *s ); iobuf_put(a, *s );
} }
iobuf_writestr(a, LF ); iobuf_writestr(a, LF );
} }
if ( afx->hdrlines ) { if ( afx->hdrlines ) {
for ( s = afx->hdrlines; *s; s++ ) { for ( s = afx->hdrlines; *s; s++ ) {

4
g10/build-packet.c
View File

@ -756,6 +756,10 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
sig->flags.policy_url=1; sig->flags.policy_url=1;
break; break;
case SIGSUBPKT_PREF_KS:
sig->flags.pref_ks=1;
break;
case SIGSUBPKT_EXPORTABLE: case SIGSUBPKT_EXPORTABLE:
if(buffer[0]) if(buffer[0])
sig->flags.exportable=1; sig->flags.exportable=1;

4
g10/encode.c
View File

@ -122,6 +122,10 @@ use_mdc (PK_LIST pk_list,int algo)
CIPHER_ALGO_TWOFISH CIPHER_ALGO_TWOFISH
}; };
int i; int i;
/* RFC-1991 and 2440 don't have MDC */
if(RFC1991 || RFC2440)
return 0;
/* --force-mdc overrides --disable-mdc */ /* --force-mdc overrides --disable-mdc */
if (opt.force_mdc) if (opt.force_mdc)

10
g10/exec.c
View File

@ -1,5 +1,5 @@
/* exec.c - generic call-a-program code /* exec.c - generic call-a-program code
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -59,7 +59,7 @@ int set_exec_path(const char *path,int method) { return GPG_ERR_GENERAL; }
char *mkdtemp(char *template); char *mkdtemp(char *template);
#endif #endif
#if defined (__MINGW32__) #if defined (_WIN32)
/* This is a nicer system() for windows that waits for programs to /* This is a nicer system() for windows that waits for programs to
return before returning control to the caller. I hate helpful return before returning control to the caller. I hate helpful
computers. */ computers. */
@ -139,7 +139,7 @@ static int make_tempdir(struct exec_info *info)
if(tmp==NULL) if(tmp==NULL)
{ {
#if defined (__MINGW32__) #if defined (_WIN32)
tmp=xmalloc (256); tmp=xmalloc (256);
if(GetTempPath(256,tmp)==0) if(GetTempPath(256,tmp)==0)
strcpy(tmp,"c:\\windows\\temp"); strcpy(tmp,"c:\\windows\\temp");
@ -176,7 +176,7 @@ static int make_tempdir(struct exec_info *info)
sprintf(info->tempdir,"%s" DIRSEP_S "gpg-XXXXXX",tmp); sprintf(info->tempdir,"%s" DIRSEP_S "gpg-XXXXXX",tmp);
#if defined (__MINGW32__) #if defined (_WIN32)
xfree (tmp); xfree (tmp);
#endif #endif
@ -502,7 +502,7 @@ int exec_read(struct exec_info *info)
if(DBG_EXTPROG) if(DBG_EXTPROG)
log_debug("system() command is %s\n",info->command); log_debug("system() command is %s\n",info->command);
#if defined (__MINGW32__) #if defined (_WIN32)
info->progreturn=win_system(info->command); info->progreturn=win_system(info->command);
#else #else
info->progreturn=system(info->command); info->progreturn=system(info->command);

313
g10/g10.c
View File

@ -59,7 +59,6 @@ enum cmd_and_opt_values { aNull = 0,
aSym = 'c', aSym = 'c',
aDecrypt = 'd', aDecrypt = 'd',
aEncr = 'e', aEncr = 'e',
aEncrFiles,
oInteractive = 'i', oInteractive = 'i',
aListKeys = 'k', aListKeys = 'k',
aListSecretKeys = 'K', aListSecretKeys = 'K',
@ -73,12 +72,13 @@ enum cmd_and_opt_values { aNull = 0,
oUser = 'u', oUser = 'u',
oVerbose = 'v', oVerbose = 'v',
oCompress = 'z', oCompress = 'z',
oNotation = 'N', oSetNotation = 'N',
oBatch = 500, oBatch = 500,
oSigNotation, oSigNotation,
oCertNotation, oCertNotation,
oShowNotation, oShowNotation,
oNoShowNotation, oNoShowNotation,
aEncrFiles,
aDecryptFiles, aDecryptFiles,
aClearsign, aClearsign,
aStore, aStore,
@ -172,6 +172,7 @@ enum cmd_and_opt_values { aNull = 0,
oLoadExtension, oLoadExtension,
oGnuPG, oGnuPG,
oRFC1991, oRFC1991,
oRFC2440,
oOpenPGP, oOpenPGP,
oPGP2, oPGP2,
oPGP6, oPGP6,
@ -219,9 +220,11 @@ enum cmd_and_opt_values { aNull = 0,
oCertPolicyURL, oCertPolicyURL,
oShowPolicyURL, oShowPolicyURL,
oNoShowPolicyURL, oNoShowPolicyURL,
oSigKeyserverURL,
oUseEmbeddedFilename, oUseEmbeddedFilename,
oComment, oComment,
oDefaultComment, oDefaultComment,
oNoComments,
oThrowKeyid, oThrowKeyid,
oNoThrowKeyid, oNoThrowKeyid,
oShowPhotos, oShowPhotos,
@ -315,6 +318,7 @@ enum cmd_and_opt_values { aNull = 0,
oMangleDosFilenames, oMangleDosFilenames,
oNoMangleDosFilenames, oNoMangleDosFilenames,
oEnableProgressFilter, oEnableProgressFilter,
oMultifile,
aTest }; aTest };
@ -326,17 +330,17 @@ static ARGPARSE_OPTS opts[] = {
{ aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature") }, { aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature") },
{ aDetachedSign, "detach-sign", 256, N_("make a detached signature")}, { aDetachedSign, "detach-sign", 256, N_("make a detached signature")},
{ aEncr, "encrypt", 256, N_("encrypt data")}, { aEncr, "encrypt", 256, N_("encrypt data")},
{ aEncrFiles, "encrypt-files", 256, N_("|[files]|encrypt files")}, { aEncrFiles, "encrypt-files", 256, "@"},
{ aSym, "symmetric", 256, N_("encryption only with symmetric cipher")}, { aSym, "symmetric", 256, N_("encryption only with symmetric cipher")},
{ aStore, "store", 256, N_("store only")}, { aStore, "store", 256, "@"},
{ aDecrypt, "decrypt", 256, N_("decrypt data (default)")}, { aDecrypt, "decrypt", 256, N_("decrypt data (default)")},
{ aDecryptFiles, "decrypt-files", 256, N_("|[files]|decrypt files")}, { aDecryptFiles, "decrypt-files", 256, "@"},
{ aVerify, "verify" , 256, N_("verify a signature")}, { aVerify, "verify" , 256, N_("verify a signature")},
{ aVerifyFiles, "verify-files" , 256, "@" }, { aVerifyFiles, "verify-files" , 256, "@" },
{ aListKeys, "list-keys", 256, N_("list keys")}, { aListKeys, "list-keys", 256, N_("list keys")},
{ aListKeys, "list-public-keys", 256, "@" }, { aListKeys, "list-public-keys", 256, "@" },
{ aListSigs, "list-sigs", 256, N_("list keys and signatures")}, { aListSigs, "list-sigs", 256, N_("list keys and signatures")},
{ aCheckKeys, "check-sigs",256, N_("check key signatures")}, { aCheckKeys, "check-sigs",256, N_("list and check key signatures")},
{ oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")}, { oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},
{ aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
{ aKeygen, "gen-key", 256, N_("generate a new key pair")}, { aKeygen, "gen-key", 256, N_("generate a new key pair")},
@ -345,8 +349,8 @@ static ARGPARSE_OPTS opts[] = {
N_("remove keys from the secret keyring")}, N_("remove keys from the secret keyring")},
{ aSignKey, "sign-key" ,256, N_("sign a key")}, { aSignKey, "sign-key" ,256, N_("sign a key")},
{ aLSignKey, "lsign-key" ,256, N_("sign a key locally")}, { aLSignKey, "lsign-key" ,256, N_("sign a key locally")},
{ aNRSignKey, "nrsign-key" ,256, N_("sign a key non-revocably")}, { aNRSignKey, "nrsign-key" ,256, "@"},
{ aNRLSignKey, "nrlsign-key" ,256, N_("sign a key locally and non-revocably")}, { aNRLSignKey, "nrlsign-key" ,256, "@"},
{ aEditKey, "edit-key" ,256, N_("sign or edit a key")}, { aEditKey, "edit-key" ,256, N_("sign or edit a key")},
{ aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")}, { aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")},
{ aDesigRevoke, "desig-revoke",256, "@" }, { aDesigRevoke, "desig-revoke",256, "@" },
@ -366,19 +370,15 @@ static ARGPARSE_OPTS opts[] = {
{ aCardEdit, "card-edit", 256, N_("change data on a card")}, { aCardEdit, "card-edit", 256, N_("change data on a card")},
{ aChangePIN, "change-pin", 256, N_("change a card's PIN")}, { aChangePIN, "change-pin", 256, N_("change a card's PIN")},
{ aListPackets, "list-packets",256,N_("list only the sequence of packets")}, { aListPackets, "list-packets",256, "@"},
{ aExportOwnerTrust, { aExportOwnerTrust, "export-ownertrust", 256, "@"},
"export-ownertrust", 256, N_("export the ownertrust values")}, { aImportOwnerTrust, "import-ownertrust", 256, "@"},
{ aImportOwnerTrust, { aUpdateTrustDB, "update-trustdb",0 , N_("update the trust database")},
"import-ownertrust", 256, N_("import ownertrust values")}, { aCheckTrustDB, "check-trustdb",0 , "@"},
{ aUpdateTrustDB,
"update-trustdb",0 , N_("update the trust database")},
{ aCheckTrustDB,
"check-trustdb",0 , N_("unattended trust database update")},
{ aFixTrustDB, "fix-trustdb",0 , N_("fix a corrupted trust database")}, { aFixTrustDB, "fix-trustdb",0 , N_("fix a corrupted trust database")},
{ aDeArmor, "dearmor", 256, N_("De-Armor a file or stdin") }, { aDeArmor, "dearmor", 256, "@" },
{ aDeArmor, "dearmour", 256, "@" }, { aDeArmor, "dearmour", 256, "@" },
{ aEnArmor, "enarmor", 256, N_("En-Armor a file or stdin") }, { aEnArmor, "enarmor", 256, "@" },
{ aEnArmor, "enarmour", 256, "@" }, { aEnArmor, "enarmour", 256, "@" },
{ aPrintMD, "print-md" , 256, N_("|algo [files]|print message digests")}, { aPrintMD, "print-md" , 256, N_("|algo [files]|print message digests")},
{ aPrimegen, "gen-prime" , 256, "@" }, { aPrimegen, "gen-prime" , 256, "@" },
@ -391,10 +391,8 @@ static ARGPARSE_OPTS opts[] = {
{ oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")}, { oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")},
{ oHiddenRecipient, "hidden-recipient", 2, "@" }, { oHiddenRecipient, "hidden-recipient", 2, "@" },
{ oRecipient, "remote-user", 2, "@"}, /* old option name */ { oRecipient, "remote-user", 2, "@"}, /* old option name */
{ oDefRecipient, "default-recipient" ,2, { oDefRecipient, "default-recipient" ,2, "@" },
N_("|NAME|use NAME as default recipient")}, { oDefRecipientSelf, "default-recipient-self" ,0, "@" },
{ oDefRecipientSelf, "default-recipient-self" ,0,
N_("use the default key as default recipient")},
{ oNoDefRecipient, "no-default-recipient", 0, "@" }, { oNoDefRecipient, "no-default-recipient", 0, "@" },
{ oTempDir, "temp-directory", 2, "@" }, { oTempDir, "temp-directory", 2, "@" },
{ oExecPath, "exec-path", 2, "@" }, { oExecPath, "exec-path", 2, "@" },
@ -414,82 +412,82 @@ static ARGPARSE_OPTS opts[] = {
{ oNoAskCertExpire, "no-ask-cert-expire", 0, "@"}, { oNoAskCertExpire, "no-ask-cert-expire", 0, "@"},
{ oOutput, "output", 2, N_("use as output file")}, { oOutput, "output", 2, N_("use as output file")},
{ oVerbose, "verbose", 0, N_("verbose") }, { oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") }, { oQuiet, "quiet", 0, "@" },
{ oNoTTY, "no-tty", 0, N_("don't use the terminal at all") }, { oNoTTY, "no-tty", 0, "@" },
{ oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") }, { oForceV3Sigs, "force-v3-sigs", 0, "@" },
{ oNoForceV3Sigs, "no-force-v3-sigs", 0, N_("do not force v3 signatures") }, { oNoForceV3Sigs, "no-force-v3-sigs", 0, "@" },
{ oForceV4Certs, "force-v4-certs", 0, N_("force v4 key signatures") }, { oForceV4Certs, "force-v4-certs", 0, "@" },
{ oNoForceV4Certs, "no-force-v4-certs", 0, N_("do not force v4 key signatures") }, { oNoForceV4Certs, "no-force-v4-certs", 0, "@" },
{ oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") }, { oForceMDC, "force-mdc", 0, "@" },
{ oNoForceMDC, "no-force-mdc", 0, "@" }, { oNoForceMDC, "no-force-mdc", 0, "@" },
{ oDisableMDC, "disable-mdc", 0, N_("never use a MDC for encryption") }, { oDisableMDC, "disable-mdc", 0, "@" },
{ oNoDisableMDC, "no-disable-mdc", 0, "@" }, { oNoDisableMDC, "no-disable-mdc", 0, "@" },
{ oDryRun, "dry-run", 0, N_("do not make any changes") }, { oDryRun, "dry-run", 0, N_("do not make any changes") },
{ oInteractive, "interactive", 0, N_("prompt before overwriting") }, { oInteractive, "interactive", 0, N_("prompt before overwriting") },
{ oUseAgent, "use-agent",0, N_("use the gpg-agent")}, { oUseAgent, "use-agent",0, "@"},
{ oNoUseAgent, "no-use-agent",0, "@"}, { oNoUseAgent, "no-use-agent",0, "@"},
{ oGpgAgentInfo, "gpg-agent-info",2, "@"}, { oGpgAgentInfo, "gpg-agent-info",2, "@"},
{ oBatch, "batch", 0, N_("batch mode: never ask")}, { oBatch, "batch", 0, "@"},
{ oAnswerYes, "yes", 0, N_("assume yes on most questions")}, { oAnswerYes, "yes", 0, "@"},
{ oAnswerNo, "no", 0, N_("assume no on most questions")}, { oAnswerNo, "no", 0, "@"},
{ oKeyring, "keyring" ,2, N_("add this keyring to the list of keyrings")}, { oKeyring, "keyring" , 2, "@"},
{ oPrimaryKeyring, "primary-keyring",2, "@" }, { oPrimaryKeyring, "primary-keyring",2, "@" },
{ oSecretKeyring, "secret-keyring" ,2, N_("add this secret keyring to the list")}, { oSecretKeyring, "secret-keyring" ,2, "@"},
{ oShowKeyring, "show-keyring", 0, N_("show which keyring a listed key is on")}, { oShowKeyring, "show-keyring", 0, "@"},
{ oDefaultKey, "default-key" ,2, N_("|NAME|use NAME as default secret key")}, { oDefaultKey, "default-key" , 2, "@"},
{ oKeyServer, "keyserver",2, N_("|HOST|use this keyserver to lookup keys")}, { oKeyServer, "keyserver", 2, "@"},
{ oKeyServerOptions, "keyserver-options",2,"@"}, { oKeyServerOptions, "keyserver-options",2,"@"},
{ oImportOptions, "import-options",2,"@"}, { oImportOptions, "import-options",2,"@"},
{ oExportOptions, "export-options",2,"@"}, { oExportOptions, "export-options",2,"@"},
{ oListOptions, "list-options",2,"@"}, { oListOptions, "list-options",2,"@"},
{ oCharset, "charset" , 2, N_("|NAME|set terminal charset to NAME") }, { oVerifyOptions, "verify-options",2,"@"},
{ oOptions, "options" , 2, N_("read options from file")}, { oCharset, "charset" , 2, "@" },
{ oOptions, "options" , 2, "@"},
{ oDebug, "debug" ,4|16, "@"}, { oDebug, "debug" ,4|16, "@"},
{ oDebugAll, "debug-all" ,0, "@"}, { oDebugAll, "debug-all" ,0, "@"},
{ oStatusFD, "status-fd" ,1, N_("|FD|write status info to this FD") }, { oStatusFD, "status-fd" ,1, "@" },
#ifdef __riscos__ #ifdef __riscos__
{ oStatusFile, "status-file" ,2, N_("|[file]|write status info to file") }, { oStatusFile, "status-file" ,2, "@" },
#endif /* __riscos__ */ #endif /* __riscos__ */
{ oAttributeFD, "attribute-fd" ,1, "@" }, { oAttributeFD, "attribute-fd" ,1, "@" },
#ifdef __riscos__ #ifdef __riscos__
{ oAttributeFile, "attribute-file" ,2, "@" }, { oAttributeFile, "attribute-file" ,2, "@" },
#endif /* __riscos__ */ #endif /* __riscos__ */
{ oNoSKComments, "no-comment", 0, "@"},
{ oNoSKComments, "no-sk-comments", 0, "@"}, { oNoSKComments, "no-sk-comments", 0, "@"},
{ oSKComments, "sk-comments", 0, "@"}, { oSKComments, "sk-comments", 0, "@"},
{ oCompletesNeeded, "completes-needed", 1, "@"}, { oCompletesNeeded, "completes-needed", 1, "@"},
{ oMarginalsNeeded, "marginals-needed", 1, "@"}, { oMarginalsNeeded, "marginals-needed", 1, "@"},
{ oMaxCertDepth, "max-cert-depth", 1, "@" }, { oMaxCertDepth, "max-cert-depth", 1, "@" },
{ oTrustedKey, "trusted-key", 2, N_("|KEYID|ultimately trust this key")}, { oTrustedKey, "trusted-key", 2, "@"},
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")}, { oLoadExtension, "load-extension" ,2, "@"},
{ oGnuPG, "gnupg", 0, "@"}, { oGnuPG, "gnupg", 0, "@"},
{ oGnuPG, "no-pgp2", 0, "@"}, { oGnuPG, "no-pgp2", 0, "@"},
{ oGnuPG, "no-pgp6", 0, "@"}, { oGnuPG, "no-pgp6", 0, "@"},
{ oGnuPG, "no-pgp7", 0, "@"}, { oGnuPG, "no-pgp7", 0, "@"},
{ oGnuPG, "no-pgp8", 0, "@"}, { oGnuPG, "no-pgp8", 0, "@"},
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, { oRFC1991, "rfc1991", 0, "@"},
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")}, { oRFC2440, "rfc2440", 0, "@"},
{ oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")}, { oOpenPGP, "openpgp", 0, N_("use strict OpenPGP behavior")},
{ oPGP2, "pgp2", 0, N_("generate PGP 2.x compatible messages")},
{ oPGP6, "pgp6", 0, "@"}, { oPGP6, "pgp6", 0, "@"},
{ oPGP7, "pgp7", 0, "@"}, { oPGP7, "pgp7", 0, "@"},
{ oPGP8, "pgp8", 0, "@"}, { oPGP8, "pgp8", 0, "@"},
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")}, { oS2KMode, "s2k-mode", 1, "@"},
{ oS2KDigest, "s2k-digest-algo",2, { oS2KDigest, "s2k-digest-algo",2, "@"},
N_("|NAME|use message digest algorithm NAME for passphrases")}, { oS2KCipher, "s2k-cipher-algo",2, "@"},
{ oS2KCipher, "s2k-cipher-algo",2,
N_("|NAME|use cipher algorithm NAME for passphrases")},
{ oSimpleSKChecksum, "simple-sk-checksum", 0, "@"}, { oSimpleSKChecksum, "simple-sk-checksum", 0, "@"},
{ oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")}, { oCipherAlgo, "cipher-algo", 2 , "@"},
{ oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")}, { oDigestAlgo, "digest-algo", 2 , "@"},
{ oCertDigestAlgo, "cert-digest-algo", 2 , "@" }, { oCertDigestAlgo, "cert-digest-algo", 2 , "@" },
{ oCompressAlgo,"compress-algo",2,N_("|NAME|use compression algorithm NAME")}, { oCompressAlgo,"compress-algo",2, "@"},
{ oThrowKeyid, "throw-keyid", 0, N_("throw keyid field of encrypted packets")}, { oThrowKeyid, "throw-keyid", 0, "@"},
{ oNoThrowKeyid, "no-throw-keyid", 0, "@" }, { oNoThrowKeyid, "no-throw-keyid", 0, "@" },
{ oShowPhotos, "show-photos", 0, "@" }, { oShowPhotos, "show-photos", 0, "@" },
{ oNoShowPhotos, "no-show-photos", 0, "@" }, { oNoShowPhotos, "no-show-photos", 0, "@" },
{ oPhotoViewer, "photo-viewer", 2, "@" }, { oPhotoViewer, "photo-viewer", 2, "@" },
{ oNotation, "notation-data", 2, "@" }, { oSetNotation, "set-notation", 2, "@" },
{ oSetNotation, "notation-data", 2, "@" }, /* Alias */
{ oSigNotation, "sig-notation", 2, "@" }, { oSigNotation, "sig-notation", 2, "@" },
{ oCertNotation, "cert-notation", 2, "@" }, { oCertNotation, "cert-notation", 2, "@" },
@ -556,8 +554,10 @@ static ARGPARSE_OPTS opts[] = {
{ oNoShowPolicyURL, "no-show-policy-url", 0, "@" }, { oNoShowPolicyURL, "no-show-policy-url", 0, "@" },
{ oShowNotation, "show-notation", 0, "@" }, { oShowNotation, "show-notation", 0, "@" },
{ oNoShowNotation, "no-show-notation", 0, "@" }, { oNoShowNotation, "no-show-notation", 0, "@" },
{ oSigKeyserverURL, "sig-keyserver-url", 2, "@" },
{ oComment, "comment", 2, "@" }, { oComment, "comment", 2, "@" },
{ oDefaultComment, "default-comment", 0, "@" }, { oDefaultComment, "default-comment", 0, "@" },
{ oNoComments, "no-comments", 0, "@" },
{ oEmitVersion, "emit-version", 0, "@"}, { oEmitVersion, "emit-version", 0, "@"},
{ oNoEmitVersion, "no-emit-version", 0, "@"}, { oNoEmitVersion, "no-emit-version", 0, "@"},
{ oNoEmitVersion, "no-version", 0, "@"}, /* alias */ { oNoEmitVersion, "no-version", 0, "@"}, /* alias */
@ -625,6 +625,7 @@ static ARGPARSE_OPTS opts[] = {
{ oMangleDosFilenames, "mangle-dos-filenames", 0, "@" }, { oMangleDosFilenames, "mangle-dos-filenames", 0, "@" },
{ oNoMangleDosFilenames, "no-mangle-dos-filenames", 0, "@" }, { oNoMangleDosFilenames, "no-mangle-dos-filenames", 0, "@" },
{ oEnableProgressFilter, "enable-progress-filter", 0, "@" }, { oEnableProgressFilter, "enable-progress-filter", 0, "@" },
{ oMultifile, "multifile", 0, "@" },
{0} }; {0} };
@ -641,6 +642,7 @@ static void set_cmd( enum cmd_and_opt_values *ret_cmd,
static void print_mds( const char *fname, int algo ); static void print_mds( const char *fname, int algo );
static void add_notation_data( const char *string, int which ); static void add_notation_data( const char *string, int which );
static void add_policy_url( const char *string, int which ); static void add_policy_url( const char *string, int which );
static void add_keyserver_url( const char *string, int which );
static void emergency_cleanup (void); static void emergency_cleanup (void);
#ifdef __riscos__ #ifdef __riscos__
@ -1158,6 +1160,7 @@ main( int argc, char **argv )
char *pers_digest_list = NULL; char *pers_digest_list = NULL;
char *pers_compress_list = NULL; char *pers_compress_list = NULL;
int eyes_only=0; int eyes_only=0;
int multifile=0;
int pwfd = -1; int pwfd = -1;
int with_fpr = 0; /* make an option out of --fingerprint */ int with_fpr = 0; /* make an option out of --fingerprint */
int any_explicit_recipient = 0; int any_explicit_recipient = 0;
@ -1222,12 +1225,13 @@ main( int argc, char **argv )
opt.keyserver_options.include_subkeys=1; opt.keyserver_options.include_subkeys=1;
opt.keyserver_options.include_revoked=1; opt.keyserver_options.include_revoked=1;
opt.keyserver_options.try_dns_srv=1; opt.keyserver_options.try_dns_srv=1;
opt.verify_options=VERIFY_SHOW_POLICY|VERIFY_SHOW_NOTATION; opt.verify_options=
VERIFY_SHOW_POLICY|VERIFY_SHOW_NOTATION|VERIFY_SHOW_KEYSERVER;
opt.trust_model=TM_AUTO; opt.trust_model=TM_AUTO;
opt.mangle_dos_filenames = 1; opt.mangle_dos_filenames = 1;
opt.use_agent = 1; opt.use_agent = 1;
#if defined (__MINGW32__) #if defined (_WIN32)
set_homedir ( read_w32_registry_string( NULL, set_homedir ( read_w32_registry_string( NULL,
"Software\\GNU\\GnuPG", "HomeDir" )); "Software\\GNU\\GnuPG", "HomeDir" ));
#else #else
@ -1389,11 +1393,15 @@ main( int argc, char **argv )
case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break; case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
case aSym: set_cmd( &cmd, aSym); break; case aSym: set_cmd( &cmd, aSym); break;
case aDecryptFiles: multifile=1; /* fall through */
case aDecrypt: set_cmd( &cmd, aDecrypt); break; case aDecrypt: set_cmd( &cmd, aDecrypt); break;
case aDecryptFiles: set_cmd( &cmd, aDecryptFiles); break;
case aEncrFiles: multifile=1; /* fall through */
case aEncr: set_cmd( &cmd, aEncr); break; case aEncr: set_cmd( &cmd, aEncr); break;
case aEncrFiles: set_cmd( &cmd, aEncrFiles ); break;
case aVerifyFiles: multifile=1; /* fall through */
case aVerify: set_cmd( &cmd, aVerify); break;
case aSign: set_cmd( &cmd, aSign ); break; case aSign: set_cmd( &cmd, aSign ); break;
case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break; case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break;
case aSignKey: set_cmd( &cmd, aSignKey); break; case aSignKey: set_cmd( &cmd, aSignKey); break;
@ -1405,8 +1413,7 @@ main( int argc, char **argv )
case aClearsign: set_cmd( &cmd, aClearsign); break; case aClearsign: set_cmd( &cmd, aClearsign); break;
case aGenRevoke: set_cmd( &cmd, aGenRevoke); break; case aGenRevoke: set_cmd( &cmd, aGenRevoke); break;
case aDesigRevoke: set_cmd( &cmd, aDesigRevoke); break; case aDesigRevoke: set_cmd( &cmd, aDesigRevoke); break;
case aVerify: set_cmd( &cmd, aVerify); break;
case aVerifyFiles: set_cmd( &cmd, aVerifyFiles); break;
case aPrimegen: set_cmd( &cmd, aPrimegen); break; case aPrimegen: set_cmd( &cmd, aPrimegen); break;
case aGenRandom: set_cmd( &cmd, aGenRandom); break; case aGenRandom: set_cmd( &cmd, aGenRandom); break;
case aPrintMD: set_cmd( &cmd, aPrintMD); break; case aPrintMD: set_cmd( &cmd, aPrintMD); break;
@ -1564,7 +1571,7 @@ main( int argc, char **argv )
break; break;
case oLoadExtension: case oLoadExtension:
#ifndef __riscos__ #ifndef __riscos__
#if defined(USE_DYNAMIC_LINKING) || defined(__MINGW32__) #if defined(USE_DYNAMIC_LINKING) || defined(_WIN32)
if(check_permissions(pargs.r.ret_str,2)) if(check_permissions(pargs.r.ret_str,2))
log_info(_("cipher extension \"%s\" not loaded due to " log_info(_("cipher extension \"%s\" not loaded due to "
"unsafe permissions\n"),pargs.r.ret_str); "unsafe permissions\n"),pargs.r.ret_str);
@ -1579,14 +1586,13 @@ main( int argc, char **argv )
case oRFC1991: case oRFC1991:
opt.compliance = CO_RFC1991; opt.compliance = CO_RFC1991;
opt.force_v4_certs = 0; opt.force_v4_certs = 0;
opt.disable_mdc = 1;
opt.escape_from = 1; opt.escape_from = 1;
break; break;
case oRFC2440:
case oOpenPGP: case oOpenPGP:
/* TODO: When 2440bis becomes a RFC, these may need /* TODO: When 2440bis becomes a RFC, these may need
changing. */ changing. */
opt.compliance = CO_RFC2440; opt.compliance = CO_RFC2440;
opt.disable_mdc = 1;
opt.allow_non_selfsigned_uid = 1; opt.allow_non_selfsigned_uid = 1;
opt.allow_freeform_uid = 1; opt.allow_freeform_uid = 1;
opt.pgp2_workarounds = 0; opt.pgp2_workarounds = 0;
@ -1627,9 +1633,19 @@ main( int argc, char **argv )
opt.list_options&=~LIST_SHOW_POLICY; opt.list_options&=~LIST_SHOW_POLICY;
opt.verify_options&=~VERIFY_SHOW_POLICY; opt.verify_options&=~VERIFY_SHOW_POLICY;
break; break;
case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
case oUseEmbeddedFilename: opt.use_embedded_filename = 1; break; case oUseEmbeddedFilename: opt.use_embedded_filename = 1; break;
case oComment: opt.comment_string = pargs.r.ret_str; break;
case oDefaultComment: opt.comment_string = NULL; break; case oComment: add_to_strlist(&opt.comments,pargs.r.ret_str); break;
case oDefaultComment:
deprecated_warning(configname,configlineno,
"--default-comment","--no-comments","");
/* fall through */
case oNoComments:
free_strlist(opt.comments);
opt.comments=NULL;
break;
case oThrowKeyid: opt.throw_keyid = 1; break; case oThrowKeyid: opt.throw_keyid = 1; break;
case oNoThrowKeyid: opt.throw_keyid = 0; break; case oNoThrowKeyid: opt.throw_keyid = 0; break;
case oShowPhotos: case oShowPhotos:
@ -1686,6 +1702,7 @@ main( int argc, char **argv )
case oCompress: opt.compress = pargs.r.ret_int; break; case oCompress: opt.compress = pargs.r.ret_int; break;
case oPasswdFD: case oPasswdFD:
pwfd = iobuf_translate_file_handle (pargs.r.ret_int, 0); pwfd = iobuf_translate_file_handle (pargs.r.ret_int, 0);
opt.use_agent = 0;
break; break;
#ifdef __riscos__ #ifdef __riscos__
case oPasswdFile: case oPasswdFile:
@ -1784,9 +1801,11 @@ main( int argc, char **argv )
{"show-photos",LIST_SHOW_PHOTOS}, {"show-photos",LIST_SHOW_PHOTOS},
{"show-policy-url",LIST_SHOW_POLICY}, {"show-policy-url",LIST_SHOW_POLICY},
{"show-notation",LIST_SHOW_NOTATION}, {"show-notation",LIST_SHOW_NOTATION},
{"show-keyring",LIST_SHOW_KEYRING}, {"show-keyserver-url",LIST_SHOW_KEYSERVER},
{"show-validity",LIST_SHOW_VALIDITY}, {"show-validity",LIST_SHOW_VALIDITY},
{"show-long-keyid",LIST_SHOW_LONG_KEYID}, {"show-long-keyid",LIST_SHOW_LONG_KEYID},
{"show-keyring",LIST_SHOW_KEYRING},
{"show-sig-expire",LIST_SHOW_SIG_EXPIRE},
{NULL,0} {NULL,0}
}; };
@ -1807,6 +1826,9 @@ main( int argc, char **argv )
{"show-photos",VERIFY_SHOW_PHOTOS}, {"show-photos",VERIFY_SHOW_PHOTOS},
{"show-policy-url",VERIFY_SHOW_POLICY}, {"show-policy-url",VERIFY_SHOW_POLICY},
{"show-notation",VERIFY_SHOW_NOTATION}, {"show-notation",VERIFY_SHOW_NOTATION},
{"show-keyserver-url",VERIFY_SHOW_KEYSERVER},
{"show-validity",VERIFY_SHOW_VALIDITY},
{"show-long-keyid",VERIFY_SHOW_LONG_KEYID},
{NULL,0} {NULL,0}
}; };
@ -1827,7 +1849,7 @@ main( int argc, char **argv )
else else
opt.exec_path_set=1; opt.exec_path_set=1;
break; break;
case oNotation: case oSetNotation:
add_notation_data( pargs.r.ret_str, 0 ); add_notation_data( pargs.r.ret_str, 0 );
add_notation_data( pargs.r.ret_str, 1 ); add_notation_data( pargs.r.ret_str, 1 );
break; break;
@ -1931,6 +1953,7 @@ main( int argc, char **argv )
case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break; case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
case oEnableProgressFilter: opt.enable_progress_filter = 1; break; case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
case oMultifile: multifile=1; break;
default : pargs.err = configfp? 1:2; break; default : pargs.err = configfp? 1:2; break;
} }
@ -2053,8 +2076,6 @@ main( int argc, char **argv )
compliance_failure(); compliance_failure();
else else
{ {
opt.force_mdc = 0;
opt.disable_mdc = 1;
opt.force_v4_certs = 0; opt.force_v4_certs = 0;
opt.sk_comments = 0; opt.sk_comments = 0;
opt.escape_from = 1; opt.escape_from = 1;
@ -2073,8 +2094,6 @@ main( int argc, char **argv )
opt.escape_from=1; opt.escape_from=1;
opt.force_v3_sigs=1; opt.force_v3_sigs=1;
opt.ask_sig_expire=0; opt.ask_sig_expire=0;
opt.force_mdc=0;
opt.disable_mdc=1;
} }
else if(PGP7) else if(PGP7)
{ {
@ -2170,6 +2189,37 @@ main( int argc, char **argv )
keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP)) keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
log_error(_("invalid personal compress preferences\n")); log_error(_("invalid personal compress preferences\n"));
/* We don't support all possible commands with multifile yet */
if(multifile)
{
char *cmdname;
switch(cmd)
{
case aSign:
cmdname="--sign";
break;
case aClearsign:
cmdname="--clearsign";
break;
case aDetachedSign:
cmdname="--detach-sign";
break;
case aSym:
cmdname="--symmetric";
break;
case aStore:
cmdname="--store";
break;
default:
cmdname=NULL;
break;
}
if(cmdname)
log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
}
if( log_get_errorcount(0) ) if( log_get_errorcount(0) )
g10_exit(2); g10_exit(2);
@ -2262,8 +2312,7 @@ main( int argc, char **argv )
if( cmd != aDeArmor && cmd != aEnArmor ) if( cmd != aDeArmor && cmd != aEnArmor )
{ {
if (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys if (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
&& cmd != aVerify && cmd != aVerifyFiles && cmd != aVerify && cmd != aSym)
&& cmd != aSym)
{ {
if (!sec_nrings || default_keyring) /* add default secret rings */ if (!sec_nrings || default_keyring) /* add default secret rings */
keydb_add_resource ("secring" EXTSEP_S "gpg", 0, 1); keydb_add_resource ("secring" EXTSEP_S "gpg", 0, 1);
@ -2335,17 +2384,18 @@ main( int argc, char **argv )
break; break;
case aEncr: /* encrypt the given file */ case aEncr: /* encrypt the given file */
if( argc > 1 ) if(multifile)
wrong_args(_("--encrypt [filename]")); encode_crypt_files(argc, argv, remusr);
if( (rc = encode_crypt(fname,remusr)) ) else
log_error("%s: encryption failed: %s\n", {
print_fname_stdin(fname), gpg_strerror (rc) ); if( argc > 1 )
wrong_args(_("--encrypt [filename]"));
if( (rc = encode_crypt(fname,remusr)) )
log_error("%s: encryption failed: %s\n",
print_fname_stdin(fname), gpg_strerror (rc) );
}
break; break;
case aEncrFiles: /* encrypt the given files */
encode_crypt_files(argc, argv, remusr);
break;
case aSign: /* sign the given file */ case aSign: /* sign the given file */
sl = NULL; sl = NULL;
if( detached_sig ) { /* sign all files */ if( detached_sig ) { /* sign all files */
@ -2397,26 +2447,30 @@ main( int argc, char **argv )
break; break;
case aVerify: case aVerify:
if( (rc = verify_signatures( argc, argv ) )) if(multifile)
log_error("verify signatures failed: %s\n", gpg_strerror (rc) ); {
break; if( (rc = verify_files( argc, argv ) ))
log_error("verify files failed: %s\n", gpg_strerror (rc) );
case aVerifyFiles: }
if( (rc = verify_files( argc, argv ) )) else
log_error("verify files failed: %s\n", gpg_strerror (rc) ); {
if( (rc = verify_signatures( argc, argv ) ))
log_error("verify signatures failed: %s\n", gpg_strerror (rc) );
}
break; break;
case aDecrypt: case aDecrypt:
if( argc > 1 ) if(multifile)
wrong_args(_("--decrypt [filename]")); decrypt_messages(argc, argv);
if( (rc = decrypt_message( fname ) )) else
log_error("decrypt_message failed: %s\n", gpg_strerror (rc) ); {
if( argc > 1 )
wrong_args(_("--decrypt [filename]"));
if( (rc = decrypt_message( fname ) ))
log_error("decrypt_message failed: %s\n", gpg_strerror (rc) );
}
break; break;
case aDecryptFiles:
decrypt_messages(argc, argv);
break;
case aSignKey: /* sign the key given as argument */ case aSignKey: /* sign the key given as argument */
if( argc != 1 ) if( argc != 1 )
wrong_args(_("--sign-key user-id")); wrong_args(_("--sign-key user-id"));
@ -2900,8 +2954,6 @@ print_hex( MD_HANDLE md, int algo, const char *fname )
if(algo==DIGEST_ALGO_RMD160) if(algo==DIGEST_ALGO_RMD160)
indent+=printf("RMD160 = "); indent+=printf("RMD160 = ");
else if(algo==DIGEST_ALGO_TIGER)
indent+=printf(" TIGER = ");
else if(algo>0) else if(algo>0)
indent+=printf("%6s = ", gcry_md_algo_name (algo)); indent+=printf("%6s = ", gcry_md_algo_name (algo));
else else
@ -3018,9 +3070,6 @@ print_mds( const char *fname, int algo )
gcry_md_enable (md, GCRY_MD_MD5 ); gcry_md_enable (md, GCRY_MD_MD5 );
gcry_md_enable (md, GCRY_MD_SHA1 ); gcry_md_enable (md, GCRY_MD_SHA1 );
gcry_md_enable (md, GCRY_MD_RMD160 ); gcry_md_enable (md, GCRY_MD_RMD160 );
#ifdef USE_TIGER192
gcry_md_enable (md, GCRY_MD_TIGER );
#endif
#ifdef USE_SHA256 #ifdef USE_SHA256
gcry_md_enable (md, GCRY_MD_SHA256 ); gcry_md_enable (md, GCRY_MD_SHA256 );
#endif #endif
@ -3043,9 +3092,6 @@ print_mds( const char *fname, int algo )
print_hashline( md, GCRY_MD_MD5, fname ); print_hashline( md, GCRY_MD_MD5, fname );
print_hashline( md, GCRY_MD_SHA1, fname ); print_hashline( md, GCRY_MD_SHA1, fname );
print_hashline( md, GCRY_MD_RMD160, fname ); print_hashline( md, GCRY_MD_RMD160, fname );
#ifdef USE_TIGER192
print_hashline( md, GCRY_MD_TIGER, fname );
#endif
#ifdef USE_SHA256 #ifdef USE_SHA256
print_hashline( md, GCRY_MD_SHA256, fname ); print_hashline( md, GCRY_MD_SHA256, fname );
#endif #endif
@ -3062,9 +3108,6 @@ print_mds( const char *fname, int algo )
print_hex( md, GCRY_MD_MD5, fname ); print_hex( md, GCRY_MD_MD5, fname );
print_hex( md, GCRY_MD_SHA1, fname ); print_hex( md, GCRY_MD_SHA1, fname );
print_hex( md, GCRY_MD_RMD160, fname ); print_hex( md, GCRY_MD_RMD160, fname );
#ifdef USE_TIGER192
print_hex( md, GCRY_MD_TIGER, fname );
#endif
#ifdef USE_SHA256 #ifdef USE_SHA256
print_hex( md, GCRY_MD_SHA256, fname ); print_hex( md, GCRY_MD_SHA256, fname );
#endif #endif
@ -3132,13 +3175,13 @@ add_notation_data( const char *string, int which )
/* we only support printable text - therefore we enforce the use /* we only support printable text - therefore we enforce the use
* of only printable characters (an empty value is valid) */ * of only printable characters (an empty value is valid) */
for( s++; *s ; s++ ) { for( s++; *s ; s++ ) {
if( iscntrl(*s) ) { if( *s & 0x80 )
highbit = 1;
else if( iscntrl(*s) ) {
log_error(_("a notation value must not use " log_error(_("a notation value must not use "
"any control characters\n") ); "any control characters\n") );
return; return;
} }
else if( *s & 0x80 )
highbit = 1;
} }
if( highbit ) /* must use UTF8 encoding */ if( highbit ) /* must use UTF8 encoding */
@ -3183,3 +3226,39 @@ add_policy_url( const char *string, int which )
if(critical) if(critical)
sl->flags |= 1; sl->flags |= 1;
} }
static void
add_keyserver_url( const char *string, int which )
{
int i,critical=0;
STRLIST sl;
if(*string=='!')
{
string++;
critical=1;
}
for(i=0;i<strlen(string);i++)
if(string[i]&0x80 || iscntrl(string[i]))
break;
if(i==0 || i<strlen(string))
{
if(which)
BUG();
else
log_error(_("the given signature preferred"
" keyserver URL is invalid\n"));
}
if(which)
BUG();
else
sl=add_to_strlist( &opt.sig_keyserver_url, string );
if(critical)
sl->flags |= 1;
}

8
g10/getkey.c
View File

@ -572,7 +572,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
memset (desc, 0, sizeof *desc); memset (desc, 0, sizeof *desc);
/* skip leading spaces. Fixme: what is with trailing spaces? */ /* skip leading spaces. Fixme: what is with trailing spaces? */
for(s = name; *s && isspace(*s); s++ ) for(s = name; *s && spacep (s); s++ )
; ;
switch (*s) { switch (*s) {
@ -653,7 +653,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
} }
/* check if a hexadecimal number is terminated by EOS or blank */ /* check if a hexadecimal number is terminated by EOS or blank */
if (hexlength && s[hexlength] && !isspace(s[hexlength])) { if (hexlength && s[hexlength] && !spacep (s+hexlength)) {
if (hexprefix) /* a "0x" prefix without correct */ if (hexprefix) /* a "0x" prefix without correct */
return 0; /* termination is an error */ return 0; /* termination is an error */
else /* The first chars looked like */ else /* The first chars looked like */
@ -1593,8 +1593,6 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
{ {
PKT_signature *sig = k->pkt->pkt.signature; PKT_signature *sig = k->pkt->pkt.signature;
u32 dummy;
int dum2;
if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1]) if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
{ {
@ -1610,7 +1608,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
ultimate trust flag. */ ultimate trust flag. */
if(get_pubkey_fast(ultimate_pk,sig->keyid)==0 if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
&& check_key_signature2(keyblock,k,ultimate_pk, && check_key_signature2(keyblock,k,ultimate_pk,
NULL,&dummy,&dum2)==0 NULL, NULL, NULL, NULL)==0
&& get_ownertrust(ultimate_pk)==TRUST_ULTIMATE) && get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
{ {
free_public_key(ultimate_pk); free_public_key(ultimate_pk);

16
g10/gpgv.c
View File

@ -1,5 +1,6 @@
/* gpgv.c - The GnuPG signature verify utility /* gpgv.c - The GnuPG signature verify utility
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 1998, 1999, 2000, 2001, 2002,
* 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -155,8 +156,9 @@ main( int argc, char **argv )
opt.trust_model = TM_ALWAYS; opt.trust_model = TM_ALWAYS;
opt.batch = 1; opt.batch = 1;
#if defined (__MINGW32__) #if defined (_WIN32)
opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" ); opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG",
"HomeDir" );
#else #else
opt.homedir = getenv("GNUPGHOME"); opt.homedir = getenv("GNUPGHOME");
#endif #endif
@ -221,6 +223,14 @@ g10_exit( int rc )
} }
void
read_trust_options (byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth)
{
}
/* Stub: /* Stub:
* We have to override the trustcheck from pkclist.c becuase * We have to override the trustcheck from pkclist.c becuase
* this utility assumes that all keys in the keyring are trustworthy * this utility assumes that all keys in the keyring are trustworthy

232
g10/import.c
View File

@ -1,5 +1,6 @@
/* import.c /* import.c - Import OpenPGP key material
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 1998, 1999, 2000, 2001, 2002,
* 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -168,6 +169,8 @@ import_keys_internal( iobuf_t inp, char **fnames, int nnames,
else { else {
rc = import( inp2, fname, stats, options ); rc = import( inp2, fname, stats, options );
iobuf_close(inp2); iobuf_close(inp2);
/* Must invalidate that ugly cache to actually close it. */
iobuf_ioctl (NULL, 2, 0, (char*)fname);
if( rc ) if( rc )
log_error("import from `%s' failed: %s\n", fname, log_error("import from `%s' failed: %s\n", fname,
gpg_strerror (rc) ); gpg_strerror (rc) );
@ -589,7 +592,8 @@ import_one( const char *fname, KBNODE keyblock,
clear_kbnode_flags( keyblock ); clear_kbnode_flags( keyblock );
if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)) if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)
&& opt.verbose)
log_info(_("key %08lX: PKS subkey corruption repaired\n"), log_info(_("key %08lX: PKS subkey corruption repaired\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
@ -611,11 +615,9 @@ import_one( const char *fname, KBNODE keyblock,
} }
if( !delete_inv_parts( fname, keyblock, keyid, options ) ) { if( !delete_inv_parts( fname, keyblock, keyid, options ) ) {
if( !opt.quiet ) { log_error ( _("key %08lX: no valid user IDs\n"), (ulong)keyid[1]);
log_info( _("key %08lX: no valid user IDs\n"), if( !opt.quiet )
(ulong)keyid[1]);
log_info(_("this may be caused by a missing self-signature\n")); log_info(_("this may be caused by a missing self-signature\n"));
}
stats->no_user_id++; stats->no_user_id++;
return 0; return 0;
} }
@ -979,8 +981,8 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
pk = xcalloc (1, sizeof *pk ); pk = xcalloc (1, sizeof *pk );
rc = get_pubkey( pk, keyid ); rc = get_pubkey( pk, keyid );
if( gpg_err_code (rc) == GPG_ERR_NO_PUBKEY ) { if( gpg_err_code (rc) == GPG_ERR_NO_PUBKEY ) {
log_info( _("key %08lX: no public key - " log_error ( _("key %08lX: no public key - "
"can't apply revocation certificate\n"), (ulong)keyid[1]); "can't apply revocation certificate\n"), (ulong)keyid[1]);
rc = 0; rc = 0;
goto leave; goto leave;
} }
@ -1030,12 +1032,12 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
if( onode->pkt->pkttype == PKT_USER_ID ) if( onode->pkt->pkttype == PKT_USER_ID )
break; break;
else if( onode->pkt->pkttype == PKT_SIGNATURE else if( onode->pkt->pkttype == PKT_SIGNATURE
&& onode->pkt->pkt.signature->sig_class == 0x20 && !cmp_signatures(node->pkt->pkt.signature,
&& keyid[0] == onode->pkt->pkt.signature->keyid[0] onode->pkt->pkt.signature))
&& keyid[1] == onode->pkt->pkt.signature->keyid[1] ) { {
rc = 0; rc = 0;
goto leave; /* yes, we already know about it */ goto leave; /* yes, we already know about it */
} }
} }
@ -1125,17 +1127,20 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
rc = check_key_signature( keyblock, n, NULL); rc = check_key_signature( keyblock, n, NULL);
if( rc ) if( rc )
{ {
char *p=utf8_to_native(unode->pkt->pkt.user_id->name, if (opt.verbose)
strlen(unode->pkt->pkt.user_id->name),0); {
log_info( gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ? char *p=utf8_to_native(unode->pkt->pkt.user_id->name,
_("key %08lX: unsupported public key " strlen(unode->pkt->pkt.user_id->name),0);
"algorithm on user id \"%s\"\n"): log_info( gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
_("key %08lX: invalid self-signature " _("key %08lX: unsupported public key "
"on user id \"%s\"\n"), "algorithm on user id \"%s\"\n"):
(ulong)keyid[1],p); _("key %08lX: invalid self-signature "
xfree (p); "on user id \"%s\"\n"),
} (ulong)keyid[1],p);
else xfree (p);
}
}
else
unode->flag |= 1; /* mark that signature checked */ unode->flag |= 1; /* mark that signature checked */
} }
} }
@ -1144,39 +1149,49 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
like the rest of gpg. If the standard gets like the rest of gpg. If the standard gets
revocation targets, this may need to be revised. */ revocation targets, this may need to be revised. */
if( !knode ) { if( !knode )
log_info( _("key %08lX: no subkey for subkey " {
"binding signature\n"),(ulong)keyid[1]); if (opt.verbose)
n->flag |= 4; /* delete this */ log_info( _("key %08lX: no subkey for subkey "
} "binding signature\n"),(ulong)keyid[1]);
else { n->flag |= 4; /* delete this */
rc = check_key_signature( keyblock, n, NULL); }
if( rc ) { else
log_info( gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ? {
_("key %08lX: unsupported public key algorithm\n"): rc = check_key_signature( keyblock, n, NULL);
if( rc )
{
if (opt.verbose)
log_info( gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
_("key %08lX: unsupported public key algorithm\n"):
_("key %08lX: invalid subkey binding\n"), _("key %08lX: invalid subkey binding\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
n->flag|=4; n->flag|=4;
} }
else { else
/* It's valid, so is it newer? */ {
if(sig->timestamp>=bsdate) { /* It's valid, so is it newer? */
knode->flag |= 1; /* the subkey is valid */ if(sig->timestamp>=bsdate)
if(bsnode) { {
bsnode->flag|=4; /* Delete the last binding knode->flag |= 1; /* the subkey is valid */
sig since this one is if(bsnode)
newer */ {
log_info(_("key %08lX: removed multiple subkey " bsnode->flag|=4; /* Delete the last binding
"binding\n"),(ulong)keyid[1]); sig since this one is
} newer */
if (opt.verbose)
bsnode=n; log_info(_("key %08lX: removed multiple "
bsdate=sig->timestamp; "subkey binding\n"),
} (ulong)keyid[1]);
else }
n->flag|=4; /* older */
} bsnode=n;
} bsdate=sig->timestamp;
}
else
n->flag|=4; /* older */
}
}
} }
else if( sig->sig_class == 0x28 ) { else if( sig->sig_class == 0x28 ) {
/* We don't actually mark the subkey as revoked right /* We don't actually mark the subkey as revoked right
@ -1186,14 +1201,16 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
See the comment in getkey.c:merge_selfsigs_subkey for See the comment in getkey.c:merge_selfsigs_subkey for
more */ more */
if( !knode ) { if( !knode ) {
if (opt.verbose)
log_info( _("key %08lX: no subkey for subkey " log_info( _("key %08lX: no subkey for subkey "
"revocation signature\n"),(ulong)keyid[1]); "revocation signature\n"),(ulong)keyid[1]);
n->flag |= 4; /* delete this */ n->flag |= 4; /* delete this */
} }
else { else {
rc = check_key_signature( keyblock, n, NULL); rc = check_key_signature( keyblock, n, NULL);
if( rc ) { if( rc ) {
log_info( gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ? if (opt.verbose)
log_info( gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
_("key %08lX: unsupported public key algorithm\n"): _("key %08lX: unsupported public key algorithm\n"):
_("key %08lX: invalid subkey revocation\n"), _("key %08lX: invalid subkey revocation\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
@ -1206,8 +1223,10 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
rsnode->flag|=4; /* Delete the last revocation rsnode->flag|=4; /* Delete the last revocation
sig since this one is sig since this one is
newer */ newer */
log_info(_("key %08lX: removed multiple subkey " if (opt.verbose)
"revocation signatures\n"),(ulong)keyid[1]); log_info(_("key %08lX: removed multiple subkey "
"revocation signatures\n"),
(ulong)keyid[1]);
} }
rsnode=n; rsnode=n;
@ -1291,23 +1310,25 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
!node->pkt->pkt.signature->flags.exportable && !node->pkt->pkt.signature->flags.exportable &&
!(options&IMPORT_ALLOW_LOCAL_SIGS) && !(options&IMPORT_ALLOW_LOCAL_SIGS) &&
seckey_available( node->pkt->pkt.signature->keyid ) ) { seckey_available( node->pkt->pkt.signature->keyid ) ) {
/* here we violate the rfc a bit by still allowing /* Here we violate the rfc a bit by still allowing
* to import non-exportable signature when we have the * to import non-exportable signature when we have the
* the secret key used to create this signature - it * the secret key used to create this signature - it
* seems that this makes sense */ * seems that this makes sense. */
if (opt.verbose)
log_info( _("key %08lX: non exportable signature " log_info( _("key %08lX: non exportable signature "
"(class %02x) - skipped\n"), "(class %02x) - skipped\n"),
(ulong)keyid[1], (ulong)keyid[1],
node->pkt->pkt.signature->sig_class ); node->pkt->pkt.signature->sig_class );
delete_kbnode( node ); delete_kbnode( node );
} }
else if( node->pkt->pkttype == PKT_SIGNATURE else if( node->pkt->pkttype == PKT_SIGNATURE
&& node->pkt->pkt.signature->sig_class == 0x20 ) { && node->pkt->pkt.signature->sig_class == 0x20 ) {
if( uid_seen ) { if( uid_seen ) {
if (opt.verbose)
log_error( _("key %08lX: revocation certificate " log_error( _("key %08lX: revocation certificate "
"at wrong place - skipped\n"), "at wrong place - skipped\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
delete_kbnode( node ); delete_kbnode( node );
} }
else { else {
/* If the revocation cert is from a different key than /* If the revocation cert is from a different key than
@ -1321,9 +1342,10 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
int rc = check_key_signature( keyblock, node, NULL); int rc = check_key_signature( keyblock, node, NULL);
if( rc ) if( rc )
{ {
log_error( _("key %08lX: invalid revocation " if (opt.verbose)
"certificate: %s - skipped\n"), log_info ( _("key %08lX: invalid revocation "
(ulong)keyid[1], gpg_strerror (rc)); "certificate: %s - skipped\n"),
(ulong)keyid[1], gpg_strerror (rc));
delete_kbnode( node ); delete_kbnode( node );
} }
} }
@ -1333,17 +1355,19 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
(node->pkt->pkt.signature->sig_class == 0x18 || (node->pkt->pkt.signature->sig_class == 0x18 ||
node->pkt->pkt.signature->sig_class == 0x28) && node->pkt->pkt.signature->sig_class == 0x28) &&
!subkey_seen ) { !subkey_seen ) {
log_error( _("key %08lX: subkey signature " if (opt.verbose)
log_info ( _("key %08lX: subkey signature "
"in wrong place - skipped\n"), "in wrong place - skipped\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
delete_kbnode( node ); delete_kbnode( node );
} }
else if( node->pkt->pkttype == PKT_SIGNATURE else if( node->pkt->pkttype == PKT_SIGNATURE
&& !IS_CERT(node->pkt->pkt.signature)) && !IS_CERT(node->pkt->pkt.signature))
{ {
log_error(_("key %08lX: unexpected signature class (0x%02X) -" if (opt.verbose)
" skipped\n"),(ulong)keyid[1], log_info (_("key %08lX: unexpected signature class (0x%02X) -"
node->pkt->pkt.signature->sig_class); " skipped\n"),(ulong)keyid[1],
node->pkt->pkt.signature->sig_class);
delete_kbnode(node); delete_kbnode(node);
} }
else if( (node->flag & 4) ) /* marked for deletion */ else if( (node->flag & 4) ) /* marked for deletion */
@ -1439,8 +1463,9 @@ collapse_uids( KBNODE *keyblock )
kid1 = keyid_from_sk( n->pkt->pkt.secret_key, NULL ); kid1 = keyid_from_sk( n->pkt->pkt.secret_key, NULL );
else else
kid1 = 0; kid1 = 0;
log_info(_("key %08lX: duplicated user ID detected - merged\n"), if (!opt.quiet)
(ulong)kid1); log_info (_("key %08lX: duplicated user ID detected - merged\n"),
(ulong)kid1);
return 1; return 1;
} }
@ -1557,23 +1582,27 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
break; break;
else if( onode->pkt->pkttype == PKT_SIGNATURE else if( onode->pkt->pkttype == PKT_SIGNATURE
&& onode->pkt->pkt.signature->sig_class == 0x20 && onode->pkt->pkt.signature->sig_class == 0x20
&& node->pkt->pkt.signature->keyid[0] && !cmp_signatures(onode->pkt->pkt.signature,
== onode->pkt->pkt.signature->keyid[0] node->pkt->pkt.signature))
&& node->pkt->pkt.signature->keyid[1] {
== onode->pkt->pkt.signature->keyid[1] ) { found = 1;
found = 1; break;
break; }
}
} }
if( !found ) { if( !found ) {
char *p=get_user_id_printable (keyid);
KBNODE n2 = clone_kbnode(node); KBNODE n2 = clone_kbnode(node);
insert_kbnode( keyblock_orig, n2, 0 ); insert_kbnode( keyblock_orig, n2, 0 );
n2->flag |= 1; n2->flag |= 1;
++*n_sigs; ++*n_sigs;
log_info(_("key %08lX: \"%s\" revocation certificate added\n"),
(ulong)keyid[1],p); if (!opt.quiet)
xfree (p); {
char *p=get_user_id_printable (keyid);
log_info(_("key %08lX: \"%s\" "
"revocation certificate added\n"),
(ulong)keyid[1],p);
xfree (p);
}
} }
} }
} }
@ -1602,8 +1631,9 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
insert_kbnode( keyblock_orig, n2, 0 ); insert_kbnode( keyblock_orig, n2, 0 );
n2->flag |= 1; n2->flag |= 1;
++*n_sigs; ++*n_sigs;
log_info( _("key %08lX: direct key signature added\n"), if (!opt.quiet)
(ulong)keyid[1]); log_info( _("key %08lX: direct key signature added\n"),
(ulong)keyid[1]);
} }
} }
} }
@ -1771,20 +1801,12 @@ merge_sigs( KBNODE dst, KBNODE src, int *n_sigs,
|| n->pkt->pkt.signature->sig_class == 0x28 ) || n->pkt->pkt.signature->sig_class == 0x28 )
continue; /* skip signatures which are only valid on subkeys */ continue; /* skip signatures which are only valid on subkeys */
found = 0; found = 0;
for(n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next){ for(n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next)
if( n2->pkt->pkttype == PKT_SIGNATURE if(!cmp_signatures(n->pkt->pkt.signature,n2->pkt->pkt.signature))
&& n->pkt->pkt.signature->keyid[0] {
== n2->pkt->pkt.signature->keyid[0] found++;
&& n->pkt->pkt.signature->keyid[1] break;
== n2->pkt->pkt.signature->keyid[1] }
&& n->pkt->pkt.signature->timestamp
<= n2->pkt->pkt.signature->timestamp
&& n->pkt->pkt.signature->sig_class
== n2->pkt->pkt.signature->sig_class ) {
found++;
break;
}
}
if( !found ) { if( !found ) {
/* This signature is new or newer, append N to DST. /* This signature is new or newer, append N to DST.
* We add a clone to the original keyblock, because this * We add a clone to the original keyblock, because this

228
g10/keyedit.c
View File

@ -56,6 +56,7 @@ static int menu_addrevoker( KBNODE pub_keyblock,
static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock ); static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock ); static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock ); static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_set_keyserver_url (KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_select_uid( KBNODE keyblock, int idx ); static int menu_select_uid( KBNODE keyblock, int idx );
static int menu_select_key( KBNODE keyblock, int idx ); static int menu_select_key( KBNODE keyblock, int idx );
static int count_uids( KBNODE keyblock ); static int count_uids( KBNODE keyblock );
@ -135,7 +136,7 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
break; break;
} }
if( sigrc != '?' || print_without_key ) { if( sigrc != '?' || print_without_key ) {
tty_printf("%s%c%c %c%c%c%c%c%c %08lX %s ", tty_printf("%s%c%c %c%c%c%c%c%c ",
is_rev? "rev":"sig",sigrc, is_rev? "rev":"sig",sigrc,
(sig->sig_class-0x10>0 && (sig->sig_class-0x10>0 &&
sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ', sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
@ -145,8 +146,15 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
sig->flags.notation?'N':' ', sig->flags.notation?'N':' ',
sig->flags.expired?'X':' ', sig->flags.expired?'X':' ',
(sig->trust_depth>9)?'T': (sig->trust_depth>9)?'T':
(sig->trust_depth>0)?'0'+sig->trust_depth:' ', (sig->trust_depth>0)?'0'+sig->trust_depth:' ');
(ulong)sig->keyid[1], datestr_from_sig(sig)); if(opt.list_options&LIST_SHOW_LONG_KEYID)
tty_printf("%08lX%08lX",(ulong)sig->keyid[0],(ulong)sig->keyid[1]);
else
tty_printf("%08lX",(ulong)sig->keyid[1]);
tty_printf(" %s", datestr_from_sig(sig));
if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
tty_printf(" %s",expirestr_from_sig(sig));
tty_printf(" ");
if( sigrc == '%' ) if( sigrc == '%' )
tty_printf("[%s] ", gpg_strerror (rc) ); tty_printf("[%s] ", gpg_strerror (rc) );
else if( sigrc == '?' ) else if( sigrc == '?' )
@ -168,6 +176,9 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATION)) if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATION))
show_notation(sig,3,0); show_notation(sig,3,0);
if(sig->flags.pref_ks && (opt.list_options&LIST_SHOW_KEYSERVER))
show_keyserver_url(sig,3,0);
} }
return (sigrc == '!'); return (sigrc == '!');
@ -500,12 +511,47 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
tty_printf(_(" Unable to sign.\n")); tty_printf(_(" Unable to sign.\n"));
} }
} }
else if(!uidnode->pkt->pkt.user_id->created) else if(uidnode->pkt->pkt.user_id->is_expired)
{ {
tty_printf(_("WARNING: user ID \"%s\" is not " tty_printf(_("User ID \"%s\" is expired."),user);
"self-signed.\n"),user);
}
if(opt.expert)
{
tty_printf("\n");
/* No, so remove the mark and continue */
if(!cpr_get_answer_is_yes("sign_uid.expire_okay",
_("Are you sure you "
"still want to sign "
"it? (y/N) ")))
uidnode->flag &= ~NODFLG_MARK_A;
}
else
{
uidnode->flag &= ~NODFLG_MARK_A;
tty_printf(_(" Unable to sign.\n"));
}
}
else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
{
tty_printf(_("User ID \"%s\" is not self-signed."),
user);
if(opt.expert)
{
tty_printf("\n");
/* No, so remove the mark and continue */
if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
_("Are you sure you "
"still want to sign "
"it? (y/N) ")))
uidnode->flag &= ~NODFLG_MARK_A;
}
else
{
uidnode->flag &= ~NODFLG_MARK_A;
tty_printf(_(" Unable to sign.\n"));
}
}
xfree (user); xfree (user);
} }
} }
@ -739,7 +785,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
while(class==0) while(class==0)
{ {
answer = cpr_get("sign_uid.class",_("Your selection? ")); answer = cpr_get("sign_uid.class",_("Your selection? "
"(enter '?' for more information): "));
if(answer[0]=='\0') if(answer[0]=='\0')
class=0x10+opt.def_cert_check_level; /* Default */ class=0x10+opt.def_cert_check_level; /* Default */
@ -970,8 +1017,10 @@ change_passphrase( KBNODE keyblock )
" this is probably a *bad* idea!\n\n")); " this is probably a *bad* idea!\n\n"));
if( cpr_get_answer_is_yes("change_passwd.empty.okay", if( cpr_get_answer_is_yes("change_passwd.empty.okay",
_("Do you really want to do this? "))) _("Do you really want to do this? ")))
{
changed++; changed++;
break; break;
}
} }
else { /* okay */ else { /* okay */
rc = 0; rc = 0;
@ -1067,7 +1116,8 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdADDREVOKER, cmdADDPHOTO, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdADDREVOKER,
cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdSETPREF, cmdUPDPREF, cmdENABLEKEY, cmdDISABLEKEY, cmdSHOWPREF, cmdSETPREF, cmdUPDPREF,
cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST, cmdNOP }; cmdPREFKS, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST,
cmdNOP };
static struct { const char *name; static struct { const char *name;
enum cmdids id; enum cmdids id;
int need_sk; int need_sk;
@ -1108,10 +1158,14 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
{ N_("toggle") , cmdTOGGLE , 1,0,0, N_("toggle between secret " { N_("toggle") , cmdTOGGLE , 1,0,0, N_("toggle between secret "
"and public key listing") }, "and public key listing") },
{ N_("t" ) , cmdTOGGLE , 1,0,0, NULL }, { N_("t" ) , cmdTOGGLE , 1,0,0, NULL },
{ N_("pref") , cmdPREF , 0,1,0, N_("list preferences (expert)") }, { N_("pref") , cmdPREF , 0,1,0,
{ N_("showpref"), cmdSHOWPREF , 0,1,0, N_("list preferences (verbose)") }, N_("list preferences (expert)")},
{ N_("showpref"), cmdSHOWPREF , 0,1,0,
N_("list preferences (verbose)")},
{ N_("setpref") , cmdSETPREF , 1,1,0, N_("set preference list") }, { N_("setpref") , cmdSETPREF , 1,1,0, N_("set preference list") },
{ N_("updpref") , cmdUPDPREF , 1,1,0, N_("updated preferences") }, { N_("updpref") , cmdUPDPREF , 1,1,0, N_("updated preferences") },
{ N_("keyserver"),cmdPREFKS , 1,1,0,
N_("set preferred keyserver URL")},
{ N_("passwd") , cmdPASSWD , 1,1,0, N_("change the passphrase") }, { N_("passwd") , cmdPASSWD , 1,1,0, N_("change the passphrase") },
{ N_("trust") , cmdTRUST , 0,1,0, N_("change the ownertrust") }, { N_("trust") , cmdTRUST , 0,1,0, N_("change the ownertrust") },
{ N_("revsig") , cmdREVSIG , 0,1,0, N_("revoke signatures") }, { N_("revsig") , cmdREVSIG , 0,1,0, N_("revoke signatures") },
@ -1238,7 +1292,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
cmd = cmdLIST; cmd = cmdLIST;
else if( *answer == CONTROL_D ) else if( *answer == CONTROL_D )
cmd = cmdQUIT; cmd = cmdQUIT;
else if( isdigit( *answer ) ) { else if( digitp( answer ) ) {
cmd = cmdSELUID; cmd = cmdSELUID;
arg_number = atoi(answer); arg_number = atoi(answer);
} }
@ -1565,6 +1619,14 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
} }
break; break;
case cmdPREFKS:
if( menu_set_keyserver_url ( keyblock, sec_keyblock ) ) {
merge_keys_and_selfsig( keyblock );
modified = 1;
redisplay = 1;
}
break;
case cmdNOP: case cmdNOP:
break; break;
@ -1950,6 +2012,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
int i, rc; int i, rc;
int do_warn = 0; int do_warn = 0;
byte pk_version=0; byte pk_version=0;
PKT_public_key *primary=NULL;
if (opt.with_colons) if (opt.with_colons)
{ {
@ -1979,7 +2042,8 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
do_warn = 1; do_warn = 1;
} }
pk_version=pk->version; pk_version = pk->version;
primary = pk;
} }
if(with_revoker) { if(with_revoker) {
@ -2006,19 +2070,27 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
} }
} }
tty_printf(_("%s%c %4u%c/%08lX created: %s expires: %s"), keyid_from_pk(pk,NULL);
node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub", tty_printf("%s%c %4u%c/",
(node->flag & NODFLG_SELKEY)? '*':' ', node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
nbits_from_pk( pk ), (node->flag & NODFLG_SELKEY)? '*':' ',
pubkey_letter( pk->pubkey_algo ), nbits_from_pk( pk ),
(ulong)keyid_from_pk(pk,NULL), pubkey_letter( pk->pubkey_algo ));
datestr_from_pk(pk),
expirestr_from_pk(pk) ); if(opt.list_options&LIST_SHOW_LONG_KEYID)
tty_printf("%08lX",(ulong)pk->keyid[0]);
tty_printf("%08lX ",(ulong)pk->keyid[1]);
tty_printf(_("created: %s expires: %s"),
datestr_from_pk(pk),
expirestr_from_pk(pk) );
tty_printf("\n"); tty_printf("\n");
if( node->pkt->pkttype == PKT_PUBLIC_KEY ) if( node->pkt->pkttype == PKT_PUBLIC_KEY )
{ {
tty_printf(" "); tty_printf(" ");
if(opt.list_options&LIST_SHOW_LONG_KEYID)
tty_printf(" ");
tty_printf(_("trust: %-13s"), otrust); tty_printf(_("trust: %-13s"), otrust);
tty_printf(_("validity: %s"), trust ); tty_printf(_("validity: %s"), trust );
tty_printf("\n"); tty_printf("\n");
@ -2072,6 +2144,9 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
PKT_user_id *uid = node->pkt->pkt.user_id; PKT_user_id *uid = node->pkt->pkt.user_id;
++i; ++i;
if( !only_marked || (only_marked && (node->flag & NODFLG_MARK_A))){ if( !only_marked || (only_marked && (node->flag & NODFLG_MARK_A))){
if(opt.list_options&LIST_SHOW_VALIDITY && primary)
tty_printf("[%8.8s] ",
trust_value_to_string(get_validity(primary,uid)));
if( only_marked ) if( only_marked )
tty_printf(" "); tty_printf(" ");
else if( node->flag & NODFLG_SELUID ) else if( node->flag & NODFLG_SELUID )
@ -2599,16 +2674,23 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
answer=cpr_get_utf8("keyedit.add_revoker", answer=cpr_get_utf8("keyedit.add_revoker",
_("Enter the user ID of the designated revoker: ")); _("Enter the user ID of the designated revoker: "));
if(answer[0]=='\0' || answer[0]=='\004') if(answer[0]=='\0' || answer[0]=='\004')
goto fail; {
xfree(answer); answer = NULL;
goto fail;
}
rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1); rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1);
if(rc) if(rc)
{ {
log_error (_("key `%s' not found: %s\n"),answer,gpg_strerror (rc)); log_error (_("key `%s' not found: %s\n"),answer,gpg_strerror (rc));
xfree (answer); answer = NULL;
continue; continue;
} }
xfree (answer); answer = NULL;
fingerprint_from_pk(revoker_pk,revkey.fpr,&fprlen); fingerprint_from_pk(revoker_pk,revkey.fpr,&fprlen);
if(fprlen!=20) if(fprlen!=20)
{ {
@ -2788,7 +2870,8 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
&& ( mainkey || sub_pk ) ) { && ( mainkey || sub_pk ) ) {
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
&& ( (mainkey && uid && (sig->sig_class&~3) == 0x10) && ( (mainkey && uid
&& uid->created && (sig->sig_class&~3) == 0x10)
|| (!mainkey && sig->sig_class == 0x18) ) ) { || (!mainkey && sig->sig_class == 0x18) ) ) {
/* this is a selfsignature which is to be replaced */ /* this is a selfsignature which is to be replaced */
PKT_signature *newsig; PKT_signature *newsig;
@ -3084,6 +3167,101 @@ menu_set_preferences (KBNODE pub_keyblock, KBNODE sec_keyblock )
} }
static int
menu_set_keyserver_url (KBNODE pub_keyblock, KBNODE sec_keyblock )
{
PKT_secret_key *sk; /* copy of the main sk */
PKT_public_key *main_pk;
PKT_user_id *uid;
KBNODE node;
u32 keyid[2];
int selected, select_all;
int modified = 0;
char *answer;
no_primary_warning(pub_keyblock,1);
answer=cpr_get_utf8("keyedit.add_keyserver",
_("Enter your preferred keyserver URL: "));
if(answer[0]=='\0' || answer[0]=='\004')
{
xfree(answer);
return 0;
}
select_all = !count_selected_uids (pub_keyblock);
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
/* Now we can actually change the self signature(s) */
main_pk = NULL;
uid = NULL;
selected = 0;
for ( node=pub_keyblock; node; node = node->next ) {
if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
break; /* ready */
if ( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
main_pk = node->pkt->pkt.public_key;
keyid_from_pk( main_pk, keyid );
}
else if ( node->pkt->pkttype == PKT_USER_ID ) {
uid = node->pkt->pkt.user_id;
selected = select_all || (node->flag & NODFLG_SELUID);
}
else if ( main_pk && uid && selected
&& node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature;
if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
&& (uid && (sig->sig_class&~3) == 0x10) ) {
if( sig->version < 4 ) {
char *user=utf8_to_native(uid->name,strlen(uid->name),0);
log_info(_("skipping v3 self-signature on user id \"%s\"\n"),
user);
xfree(user);
}
else {
/* This is a selfsignature which is to be replaced
* We have to ignore v3 signatures because they are
* not able to carry the preferences */
PKT_signature *newsig;
PACKET *newpkt;
int rc;
rc = update_keysig_packet (&newsig, sig,
main_pk, uid, NULL,
sk,
keygen_add_keyserver_url,
answer );
if( rc ) {
log_error ("update_keysig_packet failed: %s\n",
gpg_strerror (rc));
xfree(answer);
free_secret_key( sk );
return 0;
}
/* replace the packet */
newpkt = xcalloc (1, sizeof *newpkt );
newpkt->pkttype = PKT_SIGNATURE;
newpkt->pkt.signature = newsig;
free_packet( node->pkt );
xfree (node->pkt);
node->pkt = newpkt;
modified = 1;
}
}
}
}
xfree(answer);
free_secret_key( sk );
return modified;
}
/**************** /****************
* Select one user id or remove all selection if index is 0. * Select one user id or remove all selection if index is 0.
* Returns: True if the selection changed; * Returns: True if the selection changed;

52
g10/keygen.c
View File

@ -1,6 +1,6 @@
/* keygen.c - generate a key pair /* keygen.c - generate a key pair
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 * Copyright (C) 1998, 1999, 2000, 2001, 2002,
* Free Software Foundation, Inc. * 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -147,7 +147,12 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
buf[0] = 0; buf[0] = 0;
if (use & PUBKEY_USAGE_SIG) if (use & PUBKEY_USAGE_SIG)
buf[0] |= 0x01 | 0x02; {
if(sig->sig_class==0x18)
buf[0] |= 0x02; /* Don't set the certify flag for subkeys */
else
buf[0] |= 0x01 | 0x02;
}
if (use & PUBKEY_USAGE_ENC) if (use & PUBKEY_USAGE_ENC)
buf[0] |= 0x04 | 0x08; buf[0] |= 0x04 | 0x08;
if (use & PUBKEY_USAGE_AUTH) if (use & PUBKEY_USAGE_AUTH)
@ -587,6 +592,18 @@ keygen_add_std_prefs( PKT_signature *sig, void *opaque )
return 0; return 0;
} }
int
keygen_add_keyserver_url(PKT_signature *sig, void *opaque)
{
const char *url=opaque;
build_sig_subpkt(sig,SIGSUBPKT_PREF_KS,url,strlen(url));
return 0;
}
int int
keygen_add_revkey(PKT_signature *sig, void *opaque) keygen_add_revkey(PKT_signature *sig, void *opaque)
{ {
@ -1138,10 +1155,10 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
static int static int
check_valid_days( const char *s ) check_valid_days( const char *s )
{ {
if( !isdigit(*s) ) if( !digitp(s) )
return 0; return 0;
for( s++; *s; s++) for( s++; *s; s++)
if( !isdigit(*s) ) if( !digitp(s) )
break; break;
if( !*s ) if( !*s )
return 1; return 1;
@ -1219,15 +1236,18 @@ ask_algo (int addmode, unsigned int *r_usage)
_("Create anyway? "))) _("Create anyway? ")))
{ {
algo = PUBKEY_ALGO_ELGAMAL; algo = PUBKEY_ALGO_ELGAMAL;
*r_usage = PUBKEY_USAGE_ENC | PUBKEY_USAGE_SIG;
break; break;
} }
} }
else if( algo == 3 && addmode ) { else if( algo == 3 && addmode ) {
algo = PUBKEY_ALGO_ELGAMAL_E; algo = PUBKEY_ALGO_ELGAMAL_E;
*r_usage = PUBKEY_USAGE_ENC;
break; break;
} }
else if( algo == 2 ) { else if( algo == 2 ) {
algo = PUBKEY_ALGO_DSA; algo = PUBKEY_ALGO_DSA;
*r_usage = PUBKEY_USAGE_SIG;
break; break;
} }
else else
@ -1489,7 +1509,7 @@ ask_user_id( int mode )
if( strpbrk( aname, "<>" ) ) if( strpbrk( aname, "<>" ) )
tty_printf(_("Invalid character in name\n")); tty_printf(_("Invalid character in name\n"));
else if( isdigit(*aname) ) else if( digitp(aname) )
tty_printf(_("Name may not start with a digit\n")); tty_printf(_("Name may not start with a digit\n"));
else if( strlen(aname) < 5 ) else if( strlen(aname) < 5 )
tty_printf(_("Name must be at least 5 characters long\n")); tty_printf(_("Name must be at least 5 characters long\n"));
@ -1503,7 +1523,7 @@ ask_user_id( int mode )
amail = cpr_get("keygen.email",_("Email address: ")); amail = cpr_get("keygen.email",_("Email address: "));
trim_spaces(amail); trim_spaces(amail);
cpr_kill_prompt(); cpr_kill_prompt();
if( !*amail ) if( !*amail || opt.allow_freeform_uid )
break; /* no email address is okay */ break; /* no email address is okay */
else if( has_invalid_email_chars(amail) else if( has_invalid_email_chars(amail)
|| count_chr(amail,'@') != 1 || count_chr(amail,'@') != 1
@ -1551,7 +1571,8 @@ ask_user_id( int mode )
tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid); tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
/* fixme: add a warning if this user-id already exists */ /* fixme: add a warning if this user-id already exists */
if( !*amail && (strchr( aname, '@' ) || strchr( acomment, '@'))) { if( !*amail && !opt.allow_freeform_uid
&& (strchr( aname, '@' ) || strchr( acomment, '@'))) {
fail = 1; fail = 1;
tty_printf(_("Please don't put the email address " tty_printf(_("Please don't put the email address "
"into the real name or the comment\n") ); "into the real name or the comment\n") );
@ -1608,7 +1629,7 @@ ask_user_id( int mode )
} }
xfree (answer); xfree (answer);
if( !amail && !acomment && !amail ) if( !amail && !acomment && !amail )
break; break;
xfree (uid); uid = NULL; xfree (uid); uid = NULL;
} }
if( uid ) { if( uid ) {
@ -1754,7 +1775,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key )
struct para_data_s *r = get_parameter( para, key ); struct para_data_s *r = get_parameter( para, key );
if( !r ) if( !r )
return -1; return -1;
if( isdigit( *r->u.value ) ) if( digitp( r->u.value ) )
i = atoi( r->u.value ); i = atoi( r->u.value );
else else
i = openpgp_pk_map_name ( r->u.value ); i = openpgp_pk_map_name ( r->u.value );
@ -2295,6 +2316,11 @@ generate_keypair( const char *fname )
strcpy( r->u.value, "1024" ); strcpy( r->u.value, "1024" );
r->next = para; r->next = para;
para = r; para = r;
r = xcalloc (1, sizeof *r + 20 );
r->key = pKEYUSAGE;
strcpy( r->u.value, "sign" );
r->next = para;
para = r;
algo = PUBKEY_ALGO_ELGAMAL_E; algo = PUBKEY_ALGO_ELGAMAL_E;
r = xcalloc (1, sizeof *r + 20 ); r = xcalloc (1, sizeof *r + 20 );
@ -2302,6 +2328,12 @@ generate_keypair( const char *fname )
sprintf( r->u.value, "%d", algo ); sprintf( r->u.value, "%d", algo );
r->next = para; r->next = para;
para = r; para = r;
r = xcalloc (1, sizeof *r + 20 );
r->key = pSUBKEYUSAGE;
strcpy( r->u.value, "encrypt" );
r->next = para;
r->next = para;
para = r;
} }
else else
{ {

147
g10/keylist.c
View File

@ -1,6 +1,6 @@
/* keylist.c /* keylist.c - List all or selected keys
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 * Copyright (C) 1998, 1999, 2000, 2001, 2002,
* Free Software Foundation, Inc. * 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -58,10 +58,46 @@ static FILE *attrib_fp=NULL;
void void
public_key_list( STRLIST list ) public_key_list( STRLIST list )
{ {
if( !list ) if(opt.with_colons)
list_all(0); {
else byte trust_model,marginals,completes,cert_depth;
list_one( list, 0 ); ulong created,nextcheck;
read_trust_options(&trust_model,&created,&nextcheck,
&marginals,&completes,&cert_depth);
printf("tru:");
if(nextcheck && nextcheck <= make_timestamp())
printf("o");
if(trust_model!=opt.trust_model)
printf("t");
if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
{
if(marginals!=opt.marginals_needed)
printf("m");
if(completes!=opt.completes_needed)
printf("c");
if(cert_depth!=opt.max_cert_depth)
printf("d");
}
printf(":%d:%lu:%lu",trust_model,created,nextcheck);
/* Only show marginals, completes, and cert_depth in the classic
or PGP trust models since they are not meaningful
otherwise. */
if(trust_model==TM_PGP || trust_model==TM_CLASSIC)
printf(":%d:%d:%d",marginals,completes,cert_depth);
printf("\n");
}
if( !list )
list_all(0);
else
list_one( list, 0 );
} }
void void
@ -152,7 +188,6 @@ show_policy_url(PKT_signature *sig,int indent,int mode)
for(i=0;i<indent;i++) for(i=0;i<indent;i++)
putchar(' '); putchar(' ');
/* This isn't UTF8 as it is a URL(?) */
if(crit) if(crit)
str=_("Critical signature policy: "); str=_("Critical signature policy: ");
else else
@ -161,7 +196,7 @@ show_policy_url(PKT_signature *sig,int indent,int mode)
log_info("%s",str); log_info("%s",str);
else else
printf("%s",str); printf("%s",str);
print_string(fp,p,len,0); print_utf8_string(fp,p,len);
fprintf(fp,"\n"); fprintf(fp,"\n");
} }
@ -170,6 +205,48 @@ show_policy_url(PKT_signature *sig,int indent,int mode)
} }
} }
/*
mode=0 for stdout.
mode=1 for log_info + status messages
mode=2 for status messages only
*/
/* TODO: use this */
void
show_keyserver_url(PKT_signature *sig,int indent,int mode)
{
const byte *p;
size_t len;
int seq=0,crit;
FILE *fp=mode?log_get_stream():stdout;
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&len,&seq,&crit)))
{
if(mode!=2)
{
int i;
char *str;
for(i=0;i<indent;i++)
putchar(' ');
if(crit)
str=_("Critical preferred keyserver: ");
else
str=_("Preferred keyserver: ");
if(mode)
log_info("%s",str);
else
printf("%s",str);
print_utf8_string(fp,p,len);
fprintf(fp,"\n");
}
/* TODO: put in a status-fd tag for preferred keyservers */
}
}
/* /*
mode=0 for stdout. mode=0 for stdout.
mode=1 for log_info + status messages mode=1 for log_info + status messages
@ -788,6 +865,9 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATION)) if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATION))
show_notation(sig,3,0); show_notation(sig,3,0);
if(sig->flags.pref_ks && (opt.list_options&LIST_SHOW_KEYSERVER))
show_keyserver_url(sig,3,0);
/* fixme: check or list other sigs here */ /* fixme: check or list other sigs here */
} }
} }
@ -820,7 +900,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
pk = NULL; pk = NULL;
sk = node->pkt->pkt.secret_key; sk = node->pkt->pkt.secret_key;
keyid_from_sk( sk, keyid ); keyid_from_sk( sk, keyid );
printf("sec:u:%u:%d:%08lX%08lX:%s:%s:::", printf("sec::%u:%d:%08lX%08lX:%s:%s:::",
nbits_from_sk( sk ), nbits_from_sk( sk ),
sk->pubkey_algo, sk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1], (ulong)keyid[0],(ulong)keyid[1],
@ -886,13 +966,17 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
if( any ) { if( any ) {
int i; int i;
char *str=uid->attrib_data?"uat":"uid"; char *str=uid->attrib_data?"uat":"uid";
if ( uid->is_revoked ) /* If we're listing a secret key, leave out the
validity values for now. FIXME: This should be
handled better in 1.9. */
if ( sk )
printf("%s:::::",str);
else if ( uid->is_revoked )
printf("%s:r::::",str); printf("%s:r::::",str);
else if ( uid->is_expired ) else if ( uid->is_expired )
printf("%s:e::::",str); printf("%s:e::::",str);
else if ( opt.no_expensive_trust_checks ) { else if ( opt.no_expensive_trust_checks )
printf("%s:::::",str); printf("%s:::::",str);
}
else { else {
int uid_validity; int uid_validity;
@ -1010,8 +1094,10 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
} }
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) { else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
int sigrc; int sigrc, fprokay=0;
char *sigstr; char *sigstr;
size_t fplen;
byte fparray[MAX_FINGERPRINT_LEN];
if( !any ) { /* no user id, (maybe a revocation follows)*/ if( !any ) { /* no user id, (maybe a revocation follows)*/
if( sig->sig_class == 0x20 ) if( sig->sig_class == 0x20 )
@ -1045,8 +1131,14 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
continue; continue;
} }
if( opt.check_sigs ) { if( opt.check_sigs ) {
PKT_public_key *signer_pk=NULL;
fflush(stdout); fflush(stdout);
rc = check_key_signature( keyblock, node, NULL ); if(opt.no_sig_cache)
signer_pk = xcalloc (1, sizeof(PKT_public_key));
rc = check_key_signature2( keyblock, node, NULL, signer_pk,
NULL, NULL, NULL );
switch( gpg_err_code (rc) ) { switch( gpg_err_code (rc) ) {
case 0: sigrc = '!'; break; case 0: sigrc = '!'; break;
case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break; case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
@ -1054,6 +1146,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break; case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
default: sigrc = '%'; break; default: sigrc = '%'; break;
} }
if(opt.no_sig_cache)
{
if(!rc)
{
fingerprint_from_pk (signer_pk, fparray, &fplen);
fprokay=1;
}
free_public_key(signer_pk);
}
} }
else { else {
rc = 0; rc = 0;
@ -1087,7 +1189,20 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
print_string( stdout, p, n, ':' ); print_string( stdout, p, n, ':' );
xfree (p); xfree (p);
} }
printf(":%02x%c:\n", sig->sig_class,sig->flags.exportable?'x':'l'); printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
if(opt.no_sig_cache && opt.check_sigs && fprokay)
{
size_t i;
printf(":");
for (i=0; i < fplen ; i++ )
printf ("%02X", fparray[i] );
printf(":");
}
printf("\n");
/* fixme: check or list other sigs here */ /* fixme: check or list other sigs here */
} }
} }

7
g10/keyring.c
View File

@ -1382,6 +1382,13 @@ keyring_rebuild_cache (void *token)
{ {
if (node->pkt->pkttype == PKT_SIGNATURE) if (node->pkt->pkttype == PKT_SIGNATURE)
{ {
/* Note that this doesn't cache the result of a
revocation issued by a designated revoker. This is
because the pk in question does not carry the revkeys
as we haven't merged the key and selfsigs. It is
questionable whether this matters very much since
there are very very few designated revoker revocation
packets out there. */
check_key_signature (keyblock, node, NULL); check_key_signature (keyblock, node, NULL);
sigcount++; sigcount++;
} }

9
g10/keyserver.c
View File

@ -170,7 +170,8 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
opt.keyserver_scheme="hkp"; opt.keyserver_scheme="hkp";
opt.keyserver_options.broken_http_proxy=1; opt.keyserver_options.broken_http_proxy=1;
} }
else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0) else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0
|| ascii_strcasecmp(opt.keyserver_scheme,"http")==0)
{ {
/* Canonicalize this to "hkp" so it works with both the internal /* Canonicalize this to "hkp" so it works with both the internal
and external keyserver interface. */ and external keyserver interface. */
@ -203,7 +204,7 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
ch=opt.keyserver_port; ch=opt.keyserver_port;
while(*ch!='\0') while(*ch!='\0')
{ {
if(!isdigit(*ch)) if(!digitp(ch))
return GPG_ERR_BAD_URI; return GPG_ERR_BAD_URI;
ch++; ch++;
@ -340,7 +341,7 @@ parse_keyrec(char *keystring)
/* Remove trailing whitespace */ /* Remove trailing whitespace */
for(i=strlen(keystring);i>0;i--) for(i=strlen(keystring);i>0;i--)
if(isspace(keystring[i-1])) if(ascii_isspace(keystring[i-1]))
keystring[i-1]='\0'; keystring[i-1]='\0';
else else
break; break;
@ -978,7 +979,7 @@ keyserver_spawn(int action,STRLIST list,
/* remove trailing whitespace */ /* remove trailing whitespace */
plen=strlen(ptr); plen=strlen(ptr);
while(plen>0 && isspace(ptr[plen-1])) while(plen>0 && ascii_isspace(ptr[plen-1]))
plen--; plen--;
plen[ptr]='\0'; plen[ptr]='\0';

5
g10/main.h
View File

@ -151,7 +151,8 @@ int sign_symencrypt_file (const char *fname, STRLIST locusr);
int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig); int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ); int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk, int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
int *is_selfsig, u32 *r_expiredate, int *r_expired ); PKT_public_key *ret_pk, int *is_selfsig,
u32 *r_expiredate, int *r_expired );
/*-- delkey.c --*/ /*-- delkey.c --*/
int delete_keys( STRLIST names, int secret, int allow_both ); int delete_keys( STRLIST names, int secret, int allow_both );
@ -170,6 +171,7 @@ PKT_user_id *keygen_get_std_prefs (void);
int keygen_add_key_expire( PKT_signature *sig, void *opaque ); int keygen_add_key_expire( PKT_signature *sig, void *opaque );
int keygen_add_std_prefs( PKT_signature *sig, void *opaque ); int keygen_add_std_prefs( PKT_signature *sig, void *opaque );
int keygen_upd_std_prefs( PKT_signature *sig, void *opaque ); int keygen_upd_std_prefs( PKT_signature *sig, void *opaque );
int keygen_add_keyserver_url(PKT_signature *sig, void *opaque);
int keygen_add_revkey(PKT_signature *sig, void *opaque); int keygen_add_revkey(PKT_signature *sig, void *opaque);
int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ); int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock );
@ -232,6 +234,7 @@ void reorder_keyblock (KBNODE keyblock);
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque ); void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode); void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
void show_policy_url(PKT_signature *sig,int indent,int mode); void show_policy_url(PKT_signature *sig,int indent,int mode);
void show_keyserver_url(PKT_signature *sig,int indent,int mode);
void show_notation(PKT_signature *sig,int indent,int mode); void show_notation(PKT_signature *sig,int indent,int mode);
void dump_attribs(const PKT_user_id *uid, void dump_attribs(const PKT_user_id *uid,
PKT_public_key *pk,PKT_secret_key *sk); PKT_public_key *pk,PKT_secret_key *sk);

131
g10/mainproc.c
View File

@ -668,15 +668,12 @@ proc_compressed( CTX c, PACKET *pkt )
* Returns: 0 = valid signature or an error code * Returns: 0 = valid signature or an error code
*/ */
static int static int
do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey ) do_check_sig( CTX c, KBNODE node, int *is_selfsig,
int *is_expkey, int *is_revkey )
{ {
PKT_signature *sig; PKT_signature *sig;
MD_HANDLE md = NULL, md2 = NULL; MD_HANDLE md = NULL, md2 = NULL;
int algo, rc, dum2; int algo, rc;
u32 dummy;
if(!is_expkey)
is_expkey=&dum2;
assert( node->pkt->pkttype == PKT_SIGNATURE ); assert( node->pkt->pkttype == PKT_SIGNATURE );
if( is_selfsig ) if( is_selfsig )
@ -732,9 +729,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
} }
else else
return GPG_ERR_SIG_CLASS; return GPG_ERR_SIG_CLASS;
rc = signature_check2( sig, md, &dummy, is_expkey ); rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL );
if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 ) if( gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2 )
rc = signature_check2( sig, md2, &dummy, is_expkey ); rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL );
gcry_md_close (md); gcry_md_close (md);
gcry_md_close (md2); gcry_md_close (md2);
@ -958,7 +955,8 @@ list_node( CTX c, KBNODE node )
if( opt.check_sigs ) { if( opt.check_sigs ) {
fflush(stdout); fflush(stdout);
switch( gpg_err_code (rc2=do_check_sig( c, node, switch( gpg_err_code (rc2=do_check_sig( c, node,
&is_selfsig, NULL )) ) { &is_selfsig,
NULL, NULL )) ) {
case 0: sigrc = '!'; break; case 0: sigrc = '!'; break;
case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break; case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
case GPG_ERR_NO_PUBKEY: case GPG_ERR_NO_PUBKEY:
@ -1217,7 +1215,7 @@ check_sig_and_print( CTX c, KBNODE node )
{ {
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
const char *astr, *tstr; const char *astr, *tstr;
int rc, is_expkey=0; int rc, is_expkey=0, is_revkey=0;
if( opt.skip_verify ) { if( opt.skip_verify ) {
log_info(_("signature verification suppressed\n")); log_info(_("signature verification suppressed\n"));
@ -1281,19 +1279,51 @@ check_sig_and_print( CTX c, KBNODE node )
tstr = asctimestamp(sig->timestamp); tstr = asctimestamp(sig->timestamp);
astr = gcry_pk_algo_name (sig->pubkey_algo); astr = gcry_pk_algo_name (sig->pubkey_algo);
log_info(_("Signature made %.*s using %s key ID %08lX\n"), if(opt.verify_options&VERIFY_SHOW_LONG_KEYID)
(int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] ); {
log_info(_("Signature made %.*s\n"),(int)strlen(tstr), tstr);
log_info(_(" using %s key %08lX%08lX\n"),
astr? astr: "?",(ulong)sig->keyid[0],(ulong)sig->keyid[1] );
}
else
log_info(_("Signature made %.*s using %s key ID %08lX\n"),
(int)strlen(tstr), tstr, astr? astr: "?",
(ulong)sig->keyid[1] );
rc = do_check_sig(c, node, NULL, &is_expkey ); rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
if( gpg_err_code (rc) == GPG_ERR_NO_PUBKEY if( gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
&& opt.keyserver_scheme && opt.keyserver_options.auto_key_retrieve) { && opt.keyserver_scheme && opt.keyserver_options.auto_key_retrieve) {
if( keyserver_import_keyid ( sig->keyid )==0 ) if( keyserver_import_keyid ( sig->keyid )==0 )
rc = do_check_sig(c, node, NULL, &is_expkey ); rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
} }
/* If the key still isn't found, try to inform the user where it
can be found. */
if(gpg_err_code (rc)==GPG_ERR_NO_PUBKEY && sig->flags.pref_ks)
{
const byte *p;
int seq=0;
size_t n;
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
{
/* According to my favorite copy editor, in English
grammar, you say "at" if the key is located on a web
page, but "from" if it is located on a keyserver. I'm
not going to even try to make two strings here :) */
log_info(_("Key available at: ") );
print_string( log_get_stream(), p, n, 0 );
putc( '\n', log_get_stream() );
}
}
if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) { if( !rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE ) {
KBNODE un, keyblock; KBNODE un, keyblock;
int count=0, statno; int count=0, statno;
char keyid_str[50]; char keyid_str[50];
PKT_public_key *pk=NULL;
if(rc) if(rc)
statno=STATUS_BADSIG; statno=STATUS_BADSIG;
@ -1301,6 +1331,8 @@ check_sig_and_print( CTX c, KBNODE node )
statno=STATUS_EXPSIG; statno=STATUS_EXPSIG;
else if(is_expkey) else if(is_expkey)
statno=STATUS_EXPKEYSIG; statno=STATUS_EXPKEYSIG;
else if(is_revkey)
statno=STATUS_REVKEYSIG;
else else
statno=STATUS_GOODSIG; statno=STATUS_GOODSIG;
@ -1311,6 +1343,13 @@ check_sig_and_print( CTX c, KBNODE node )
/* find and print the primary user ID */ /* find and print the primary user ID */
for( un=keyblock; un; un = un->next ) { for( un=keyblock; un; un = un->next ) {
int valid;
if(un->pkt->pkttype==PKT_PUBLIC_KEY)
{
pk=un->pkt->pkt.public_key;
continue;
}
if( un->pkt->pkttype != PKT_USER_ID ) if( un->pkt->pkttype != PKT_USER_ID )
continue; continue;
if ( !un->pkt->pkt.user_id->created ) if ( !un->pkt->pkt.user_id->created )
@ -1325,6 +1364,13 @@ check_sig_and_print( CTX c, KBNODE node )
if ( un->pkt->pkt.user_id->attrib_data ) if ( un->pkt->pkt.user_id->attrib_data )
continue; continue;
assert(pk);
/* Get it before we print anything to avoid interrupting
the output with the "please do a --check-trustdb"
line. */
valid=get_validity(pk,un->pkt->pkt.user_id);
keyid_str[17] = 0; /* cut off the "[uncertain]" part */ keyid_str[17] = 0; /* cut off the "[uncertain]" part */
write_status_text_and_buffer (statno, keyid_str, write_status_text_and_buffer (statno, keyid_str,
un->pkt->pkt.user_id->name, un->pkt->pkt.user_id->name,
@ -1336,7 +1382,11 @@ check_sig_and_print( CTX c, KBNODE node )
: _("Good signature from \"")); : _("Good signature from \""));
print_utf8_string( log_get_stream(), un->pkt->pkt.user_id->name, print_utf8_string( log_get_stream(), un->pkt->pkt.user_id->name,
un->pkt->pkt.user_id->len ); un->pkt->pkt.user_id->len );
fputs("\"\n", log_get_stream() ); if(opt.verify_options&VERIFY_SHOW_VALIDITY)
fprintf (log_get_stream(),
"\" [%s]\n",trust_value_to_string(valid));
else
fputs("\"\n", log_get_stream() );
count++; count++;
} }
if( !count ) { /* just in case that we have no valid textual if( !count ) { /* just in case that we have no valid textual
@ -1380,10 +1430,7 @@ check_sig_and_print( CTX c, KBNODE node )
/* If we have a good signature and already printed /* If we have a good signature and already printed
* the primary user ID, print all the other user IDs */ * the primary user ID, print all the other user IDs */
if ( count && !rc ) { if ( count && !rc ) {
PKT_public_key *pk=NULL;
for( un=keyblock; un; un = un->next ) { for( un=keyblock; un; un = un->next ) {
if(un->pkt->pkttype==PKT_PUBLIC_KEY)
pk=un->pkt->pkt.public_key;
if( un->pkt->pkttype != PKT_USER_ID ) if( un->pkt->pkttype != PKT_USER_ID )
continue; continue;
if ( un->pkt->pkt.user_id->is_revoked ) if ( un->pkt->pkt.user_id->is_revoked )
@ -1407,28 +1454,46 @@ check_sig_and_print( CTX c, KBNODE node )
log_info( _(" aka \"")); log_info( _(" aka \""));
print_utf8_string( log_get_stream(), un->pkt->pkt.user_id->name, print_utf8_string( log_get_stream(), un->pkt->pkt.user_id->name,
un->pkt->pkt.user_id->len ); un->pkt->pkt.user_id->len );
fputs("\"\n", log_get_stream() ); if(opt.verify_options&VERIFY_SHOW_VALIDITY)
fprintf (log_get_stream(), "\" [%s]\n",
trust_value_to_string(get_validity(pk,
un->pkt->
pkt.user_id)));
else
fputs("\"\n", log_get_stream() );
} }
} }
release_kbnode( keyblock ); release_kbnode( keyblock );
if( !rc ) if( !rc )
{ {
show_notation(sig,0,1); if(opt.verify_options&VERIFY_SHOW_POLICY)
show_policy_url(sig,0,1); show_policy_url(sig,0,1);
} else
show_policy_url(sig,0,2);
if(opt.verify_options&VERIFY_SHOW_KEYSERVER)
show_keyserver_url(sig,0,1);
else
show_keyserver_url(sig,0,2);
if(opt.verify_options&VERIFY_SHOW_NOTATION)
show_notation(sig,0,1);
else
show_notation(sig,0,2);
}
if( !rc && is_status_enabled() ) { if( !rc && is_status_enabled() ) {
/* print a status response with the fingerprint */ /* print a status response with the fingerprint */
PKT_public_key *pk = xcalloc (1, sizeof *pk ); PKT_public_key *vpk = xcalloc (1, sizeof *vpk );
if( !get_pubkey( pk, sig->keyid ) ) { if( !get_pubkey( vpk, sig->keyid ) ) {
byte array[MAX_FINGERPRINT_LEN], *p; byte array[MAX_FINGERPRINT_LEN], *p;
char buf[MAX_FINGERPRINT_LEN*4+90], *bufp; char buf[MAX_FINGERPRINT_LEN*4+90], *bufp;
size_t i, n; size_t i, n;
bufp = buf; bufp = buf;
fingerprint_from_pk( pk, array, &n ); fingerprint_from_pk( vpk, array, &n );
p = array; p = array;
for(i=0; i < n ; i++, p++, bufp += 2) for(i=0; i < n ; i++, p++, bufp += 2)
sprintf(bufp, "%02X", *p ); sprintf(bufp, "%02X", *p );
@ -1442,27 +1507,27 @@ check_sig_and_print( CTX c, KBNODE node )
sig->version,sig->pubkey_algo,sig->digest_algo, sig->version,sig->pubkey_algo,sig->digest_algo,
sig->sig_class); sig->sig_class);
bufp = bufp + strlen (bufp); bufp = bufp + strlen (bufp);
if (!pk->is_primary) { if (!vpk->is_primary) {
u32 akid[2]; u32 akid[2];
akid[0] = pk->main_keyid[0]; akid[0] = vpk->main_keyid[0];
akid[1] = pk->main_keyid[1]; akid[1] = vpk->main_keyid[1];
free_public_key (pk); free_public_key (vpk);
pk = xcalloc (1, sizeof *pk ); vpk = xcalloc (1, sizeof *vpk );
if (get_pubkey (pk, akid)) { if (get_pubkey (vpk, akid)) {
/* impossible error, we simply return a zeroed out fpr */ /* impossible error, we simply return a zeroed out fpr */
n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20; n = MAX_FINGERPRINT_LEN < 20? MAX_FINGERPRINT_LEN : 20;
memset (array, 0, n); memset (array, 0, n);
} }
else else
fingerprint_from_pk( pk, array, &n ); fingerprint_from_pk( vpk, array, &n );
} }
p = array; p = array;
for(i=0; i < n ; i++, p++, bufp += 2) for(i=0; i < n ; i++, p++, bufp += 2)
sprintf(bufp, "%02X", *p ); sprintf(bufp, "%02X", *p );
write_status_text( STATUS_VALIDSIG, buf ); write_status_text( STATUS_VALIDSIG, buf );
} }
free_public_key( pk ); free_public_key( vpk );
} }
if( !rc ) if( !rc )

29
g10/misc.c
View File

@ -369,6 +369,8 @@ pct_expando(const char *string,struct expando_args *args)
if(args->sk) if(args->sk)
keyid_from_sk(args->sk,sk_keyid); keyid_from_sk(args->sk,sk_keyid);
/* This is used so that %k works in photoid command strings in
--list-secret-keys (which of course has a sk, but no pk). */
if(!args->pk && args->sk) if(!args->pk && args->sk)
keyid_from_sk(args->sk,pk_keyid); keyid_from_sk(args->sk,pk_keyid);
@ -430,16 +432,37 @@ pct_expando(const char *string,struct expando_args *args)
} }
break; break;
case 'f': /* fingerprint */ case 'p': /* primary pk fingerprint of a sk */
case 'f': /* pk fingerprint */
case 'g': /* sk fingerprint */
{ {
byte array[MAX_FINGERPRINT_LEN]; byte array[MAX_FINGERPRINT_LEN];
size_t len; size_t len;
int i; int i;
if(args->pk) if( ch[1]=='p' && args->sk)
{
if(args->sk->is_primary)
fingerprint_from_sk(args->sk,array,&len);
else if(args->sk->main_keyid[0] || args->sk->main_keyid[1])
{
PKT_public_key *pk= xcalloc(1, sizeof(PKT_public_key));
if(get_pubkey_fast(pk,args->sk->main_keyid)==0)
fingerprint_from_pk(pk,array,&len);
else
memset(array,0,(len=MAX_FINGERPRINT_LEN));
free_public_key(pk);
}
else
memset(array,0,(len=MAX_FINGERPRINT_LEN));
}
else if( ch[1]=='f' && args->pk)
fingerprint_from_pk(args->pk,array,&len); fingerprint_from_pk(args->pk,array,&len);
else if( ch[1]=='g' && args->sk)
fingerprint_from_sk(args->sk,array,&len);
else else
memset(array,0, (len=MAX_FINGERPRINT_LEN)); memset(array, 0, (len=MAX_FINGERPRINT_LEN));
if(idx+(len*2)<maxlen) if(idx+(len*2)<maxlen)
{ {

27
g10/options.h
View File

@ -101,7 +101,7 @@ struct {
unsigned int emulate_bugs; /* bug emulation flags EMUBUG_xxxx */ unsigned int emulate_bugs; /* bug emulation flags EMUBUG_xxxx */
int shm_coprocess; int shm_coprocess;
const char *set_filename; const char *set_filename;
const char *comment_string; STRLIST comments;
int throw_keyid; int throw_keyid;
const char *photo_viewer; const char *photo_viewer;
int s2k_mode; int s2k_mode;
@ -153,6 +153,7 @@ struct {
STRLIST cert_notation_data; STRLIST cert_notation_data;
STRLIST sig_policy_url; STRLIST sig_policy_url;
STRLIST cert_policy_url; STRLIST cert_policy_url;
STRLIST sig_keyserver_url;
int use_embedded_filename; int use_embedded_filename;
int allow_non_selfsigned_uid; int allow_non_selfsigned_uid;
int allow_freeform_uid; int allow_freeform_uid;
@ -230,16 +231,22 @@ struct {
#define EXPORT_SEXP_FORMAT 16 #define EXPORT_SEXP_FORMAT 16
#define LIST_SHOW_PHOTOS 1 #define LIST_SHOW_PHOTOS 1
#define LIST_SHOW_POLICY 2 #define LIST_SHOW_POLICY 2
#define LIST_SHOW_NOTATION 4 #define LIST_SHOW_NOTATION 4
#define LIST_SHOW_KEYRING 8 #define LIST_SHOW_KEYSERVER 8
#define LIST_SHOW_VALIDITY 16 #define LIST_SHOW_VALIDITY 16
#define LIST_SHOW_LONG_KEYID 32 #define LIST_SHOW_LONG_KEYID 32
#define LIST_SHOW_KEYRING 64
#define LIST_SHOW_SIG_EXPIRE 128
#define VERIFY_SHOW_PHOTOS 1
#define VERIFY_SHOW_POLICY 2 #define VERIFY_SHOW_PHOTOS 1
#define VERIFY_SHOW_NOTATION 4 #define VERIFY_SHOW_POLICY 2
#define VERIFY_SHOW_NOTATION 4
#define VERIFY_SHOW_KEYSERVER 8
#define VERIFY_SHOW_VALIDITY 16
#define VERIFY_SHOW_LONG_KEYID 32
#endif /*G10_OPTIONS_H*/ #endif /*G10_OPTIONS_H*/

16
g10/options.skel
View File

@ -90,10 +90,10 @@
# support). # support).
# #
# Example HKP keyserver: # Example HKP keyserver:
# x-hkp://pgp.mit.edu # hkp://subkeys.pgp.net
# #
# Example email keyserver: # Example email keyserver:
# mailto:pgp-public-keys@keys.nl.pgp.net # mailto:pgp-public-keys@keys.pgp.net
# #
# Example LDAP keyservers: # Example LDAP keyservers:
# ldap://pgp.surfnet.nl:11370 # ldap://pgp.surfnet.nl:11370
@ -101,7 +101,7 @@
# #
# Regular URL syntax applies, and you can set an alternate port # Regular URL syntax applies, and you can set an alternate port
# through the usual method: # through the usual method:
# x-hkp://keyserver.example.net:22742 # hkp://keyserver.example.net:22742
# #
# If you have problems connecting to a HKP server through a buggy http # If you have problems connecting to a HKP server through a buggy http
# proxy, you can use keyserver option broken-http-proxy (see below), # proxy, you can use keyserver option broken-http-proxy (see below),
@ -109,10 +109,14 @@
# regarding proxies (keyserver option honor-http-proxy) # regarding proxies (keyserver option honor-http-proxy)
# #
# Most users just set the name and type of their preferred keyserver. # Most users just set the name and type of their preferred keyserver.
# Most servers do synchronize with each other and DNS round-robin may # Note that most servers (with the notable exception of
# give you a quasi-random server each time. # ldap://keyserver.pgp.com) synchronize changes with each other. Note
# also that a single server name may actually point to multiple
# servers via DNS round-robin. hkp://subkeys.pgp.net is an example of
# such a "server", which spreads the load over a number of physical
# servers.
#keyserver x-hkp://pgp.mit.edu keyserver hkp://subkeys.pgp.net
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
#keyserver ldap://pgp.surfnet.nl:11370 #keyserver ldap://pgp.surfnet.nl:11370
#keyserver ldap://keyserver.pgp.com #keyserver ldap://keyserver.pgp.com

9
g10/packet.h
View File

@ -132,8 +132,9 @@ typedef struct {
unsigned unknown_critical:1; unsigned unknown_critical:1;
unsigned exportable:1; unsigned exportable:1;
unsigned revocable:1; unsigned revocable:1;
unsigned policy_url:1; /* Policy URL is present */ unsigned policy_url:1; /* At least one policy URL is present */
unsigned notation:1; /* At least one notation is present */ unsigned notation:1; /* At least one notation is present */
unsigned pref_ks:1; /* At least one preferred keyserver is present */
unsigned expired:1; unsigned expired:1;
} flags; } flags;
u32 keyid[2]; /* 64 bit keyid */ u32 keyid[2]; /* 64 bit keyid */
@ -463,8 +464,8 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
/*-- sig-check.c --*/ /*-- sig-check.c --*/
int signature_check( PKT_signature *sig, MD_HANDLE digest ); int signature_check( PKT_signature *sig, MD_HANDLE digest );
int signature_check2( PKT_signature *sig, MD_HANDLE digest, int signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
u32 *r_expiredate, int *r_expired ); int *r_expired, int *r_revoked, PKT_public_key *ret_pk );
/*-- seckey-cert.c --*/ /*-- seckey-cert.c --*/
int is_secret_key_protected( PKT_secret_key *sk ); int is_secret_key_protected( PKT_secret_key *sk );

65
g10/parse-packet.c
View File

@ -367,9 +367,29 @@ parse( iobuf_t inp, PACKET *pkt, int onlykeypkts, off_t *retpos,
lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3)); lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
if( !lenbytes ) { if( !lenbytes ) {
pktlen = 0; /* don't know the value */ pktlen = 0; /* don't know the value */
if( pkttype != PKT_COMPRESSED ) switch (pkttype) {
iobuf_set_block_mode(inp, 1); case PKT_ENCRYPTED:
} case PKT_PLAINTEXT:
/* These partial length encodings are from an very
early GnuPG release and deprecated. However we
still support them read-wise. Note, that we should
not allow them for any key related packets, because
this might render a keyring unusable if an errenous
packet indicated this mode but not complying to it
gets imported. */
iobuf_set_block_mode(inp, 1);
break;
case PKT_COMPRESSED:
break; /* the orginal pgp 2 way. */
default:
log_error ("%s: old style partial length "
"for invalid packet type\n", iobuf_where(inp) );
rc = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
}
else { else {
for( ; lenbytes; lenbytes-- ) { for( ; lenbytes; lenbytes-- ) {
pktlen <<= 8; pktlen <<= 8;
@ -860,7 +880,8 @@ dump_sig_subpkt( int hashed, int type, int critical,
printf(" %02X", buffer[i]); printf(" %02X", buffer[i]);
break; break;
case SIGSUBPKT_PREF_KS: case SIGSUBPKT_PREF_KS:
p = "preferred key server"; fputs("preferred key server: ", stdout );
print_string( stdout, buffer, length, ')' );
break; break;
case SIGSUBPKT_PRIMARY_UID: case SIGSUBPKT_PRIMARY_UID:
p = "primary user ID"; p = "primary user ID";
@ -936,6 +957,7 @@ parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
case SIGSUBPKT_PREF_HASH: case SIGSUBPKT_PREF_HASH:
case SIGSUBPKT_PREF_COMPR: case SIGSUBPKT_PREF_COMPR:
case SIGSUBPKT_POLICY: case SIGSUBPKT_POLICY:
case SIGSUBPKT_PREF_KS:
case SIGSUBPKT_FEATURES: case SIGSUBPKT_FEATURES:
case SIGSUBPKT_REGEXP: case SIGSUBPKT_REGEXP:
return 0; return 0;
@ -992,9 +1014,11 @@ can_handle_critical( const byte *buffer, size_t n, int type )
case SIGSUBPKT_KEY_FLAGS: case SIGSUBPKT_KEY_FLAGS:
case SIGSUBPKT_PRIMARY_UID: case SIGSUBPKT_PRIMARY_UID:
case SIGSUBPKT_FEATURES: case SIGSUBPKT_FEATURES:
case SIGSUBPKT_POLICY: /* Is it enough to show the policy? */
case SIGSUBPKT_TRUST: case SIGSUBPKT_TRUST:
case SIGSUBPKT_REGEXP: case SIGSUBPKT_REGEXP:
/* Is it enough to show the policy or keyserver? */
case SIGSUBPKT_POLICY:
case SIGSUBPKT_PREF_KS:
return 1; return 1;
default: default:
@ -1220,11 +1244,8 @@ parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen,
goto leave; goto leave;
} }
if( n ) { if( n ) {
/* we add 8 extra bytes so that we have space for the signature sig->unhashed = xmalloc (sizeof(*sig->unhashed) + n - 1 );
* status cache. Well we are wasting this if there is a cache sig->unhashed->size = n;
* packet already, but in the other case it avoids an realloc */
sig->unhashed = xmalloc (sizeof(*sig->unhashed) + n + 8 - 1 );
sig->unhashed->size = n + 8;
sig->unhashed->len = n; sig->unhashed->len = n;
if( iobuf_read(inp, sig->unhashed->data, n ) != n ) { if( iobuf_read(inp, sig->unhashed->data, n ) != n ) {
log_error("premature eof while reading " log_error("premature eof while reading "
@ -1259,17 +1280,19 @@ parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen,
} }
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL ); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL );
if( !p ) if(p)
log_error("signature packet without timestamp\n"); sig->timestamp = buffer_to_u32(p);
else else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110))
sig->timestamp = buffer_to_u32(p); log_error("signature packet without timestamp\n");
p = parse_sig_subpkt2( sig, SIGSUBPKT_ISSUER, NULL ); p = parse_sig_subpkt2( sig, SIGSUBPKT_ISSUER, NULL );
if( !p ) if( p )
log_error("signature packet without keyid\n"); {
else { sig->keyid[0] = buffer_to_u32(p);
sig->keyid[0] = buffer_to_u32(p); sig->keyid[1] = buffer_to_u32(p+4);
sig->keyid[1] = buffer_to_u32(p+4);
} }
else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110))
log_error("signature packet without keyid\n");
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_SIG_EXPIRE,NULL); p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_SIG_EXPIRE,NULL);
if(p) if(p)
@ -1281,6 +1304,10 @@ parse_signature( iobuf_t inp, int pkttype, unsigned long pktlen,
if(p) if(p)
sig->flags.policy_url=1; sig->flags.policy_url=1;
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,NULL);
if(p)
sig->flags.pref_ks=1;
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,NULL); p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,NULL);
if(p) if(p)
sig->flags.notation=1; sig->flags.notation=1;

22
g10/passphrase.c
View File

@ -29,7 +29,7 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/un.h> #include <sys/un.h>
#endif #endif
#if defined (__MINGW32__) || defined (__CYGWIN32__) #if defined (_WIN32) || defined (__CYGWIN32__)
# include <windows.h> # include <windows.h>
#endif #endif
#include <errno.h> #include <errno.h>
@ -101,7 +101,7 @@ static char *fd_passwd = NULL;
static char *next_pw = NULL; static char *next_pw = NULL;
static char *last_pw = NULL; static char *last_pw = NULL;
#if defined (__MINGW32__) #if defined (_WIN32)
static int read_fd = 0; static int read_fd = 0;
static int write_fd = 0; static int write_fd = 0;
#endif #endif
@ -191,7 +191,7 @@ read_passphrase_from_fd( int fd )
static int static int
writen ( int fd, const void *buf, size_t nbytes ) writen ( int fd, const void *buf, size_t nbytes )
{ {
#if defined (__MINGW32__) #if defined (_WIN32)
DWORD nwritten, nleft = nbytes; DWORD nwritten, nleft = nbytes;
while (nleft > 0) { while (nleft > 0) {
@ -234,7 +234,7 @@ writen ( int fd, const void *buf, size_t nbytes )
static int static int
readn ( int fd, void *buf, size_t buflen, size_t *ret_nread ) readn ( int fd, void *buf, size_t buflen, size_t *ret_nread )
{ {
#if defined (__MINGW32__) #if defined (_WIN32)
DWORD nread, nleft = buflen; DWORD nread, nleft = buflen;
while (nleft > 0) { while (nleft > 0) {
@ -328,7 +328,7 @@ readline (int fd, char *buf, size_t buflen)
#if !defined (__riscos__) #if !defined (__riscos__)
#if !defined (__MINGW32__) #if !defined (_WIN32)
/* For the new Assuan protocol we may have to send options */ /* For the new Assuan protocol we may have to send options */
static int static int
agent_send_option (int fd, const char *name, const char *value) agent_send_option (int fd, const char *name, const char *value)
@ -376,7 +376,11 @@ agent_send_all_options (int fd)
} }
if (!opt.ttyname) if (!opt.ttyname)
dft_ttyname = tty_get_ttyname (); {
dft_ttyname = getenv ("GPG_TTY");
if ((!dft_ttyname || !*dft_ttyname) && tty_get_ttyname ())
dft_ttyname = tty_get_ttyname ();
}
if (opt.ttyname || dft_ttyname) if (opt.ttyname || dft_ttyname)
{ {
if (agent_send_option (fd, "ttyname", if (agent_send_option (fd, "ttyname",
@ -433,7 +437,7 @@ agent_send_all_options (int fd)
#endif #endif
return rc; return rc;
} }
#endif /*!__MINGW32__*/ #endif /*!_WIN32*/
/* /*
@ -444,7 +448,7 @@ agent_send_all_options (int fd)
static int static int
agent_open (int *ret_prot) agent_open (int *ret_prot)
{ {
#if defined (__MINGW32__) #if defined (_WIN32)
int fd; int fd;
char *infostr, *p; char *infostr, *p;
HANDLE h; HANDLE h;
@ -589,7 +593,7 @@ agent_open (int *ret_prot)
static void static void
agent_close ( int fd ) agent_close ( int fd )
{ {
#if defined (__MINGW32__) #if defined (_WIN32)
HANDLE h = OpenEvent(EVENT_ALL_ACCESS, FALSE, "gpg_agent"); HANDLE h = OpenEvent(EVENT_ALL_ACCESS, FALSE, "gpg_agent");
ResetEvent(h); ResetEvent(h);
#else #else

4
g10/photoid.c
View File

@ -22,7 +22,7 @@
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#ifdef __MINGW32__ #ifdef _WIN32
# include <windows.h> # include <windows.h>
# ifndef VER_PLATFORM_WIN32_WINDOWS # ifndef VER_PLATFORM_WIN32_WINDOWS
# define VER_PLATFORM_WIN32_WINDOWS 1 # define VER_PLATFORM_WIN32_WINDOWS 1
@ -223,7 +223,7 @@ char *image_type_to_string(byte type,int style)
#if !defined(FIXED_PHOTO_VIEWER) && !defined(DISABLE_PHOTO_VIEWER) #if !defined(FIXED_PHOTO_VIEWER) && !defined(DISABLE_PHOTO_VIEWER)
static const char *get_default_photo_command(void) static const char *get_default_photo_command(void)
{ {
#if defined(__MINGW32__) #if defined(_WIN32)
OSVERSIONINFO osvi; OSVERSIONINFO osvi;
memset(&osvi,0,sizeof(osvi)); memset(&osvi,0,sizeof(osvi));

4
g10/pkclist.c
View File

@ -1164,10 +1164,6 @@ algo_available( preftype_t preftype, int algo, void *hint )
&& algo != DIGEST_ALGO_SHA256)) && algo != DIGEST_ALGO_SHA256))
return 0; return 0;
/* TIGER is not allowed any longer according to 2440bis. */
if( RFC2440 && algo == DIGEST_ALGO_TIGER )
return 0;
return algo && !gcry_md_test_algo( algo ); return algo && !gcry_md_test_algo( algo );
} }
else if( preftype == PREFTYPE_ZIP ) else if( preftype == PREFTYPE_ZIP )

2
g10/revoke.c
View File

@ -608,7 +608,7 @@ ask_revocation_reason( int key_rev, int cert_rev, int hint )
return NULL; /* cancel */ return NULL; /* cancel */
if( hint && !*answer ) if( hint && !*answer )
n = hint; n = hint;
else if(!isdigit( *answer ) ) else if(!digitp( answer ) )
n = -1; n = -1;
else else
n = atoi(answer); n = atoi(answer);

81
g10/sig-check.c
View File

@ -43,8 +43,9 @@ struct cmp_help_context_s {
MD_HANDLE md; MD_HANDLE md;
}; };
static int do_check( PKT_public_key *pk, PKT_signature *sig,
MD_HANDLE digest, int *r_expired ); static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
int *r_expired, int *r_revoked, PKT_public_key *ret_pk);
/**************** /****************
* Check the signature which is contained in SIG. * Check the signature which is contained in SIG.
@ -54,20 +55,16 @@ static int do_check( PKT_public_key *pk, PKT_signature *sig,
int int
signature_check( PKT_signature *sig, MD_HANDLE digest ) signature_check( PKT_signature *sig, MD_HANDLE digest )
{ {
u32 dummy; return signature_check2( sig, digest, NULL, NULL, NULL, NULL );
int dum2;
return signature_check2( sig, digest, &dummy, &dum2 );
} }
int int
signature_check2( PKT_signature *sig, MD_HANDLE digest, signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
u32 *r_expiredate, int *r_expired ) int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
{ {
PKT_public_key *pk = xcalloc (1, sizeof *pk ); PKT_public_key *pk = xcalloc (1, sizeof *pk );
int rc=0; int rc=0;
*r_expiredate = 0;
/* Sanity check that the md has a context for the hash that the /* Sanity check that the md has a context for the hash that the
sig is expecting. This can happen if a onepass sig header does sig is expecting. This can happen if a onepass sig header does
not match the actual sig, and also if the clearsign "Hash:" not match the actual sig, and also if the clearsign "Hash:"
@ -83,8 +80,9 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest,
rc=GPG_ERR_BAD_PUBKEY; /* you cannot have a good sig from an rc=GPG_ERR_BAD_PUBKEY; /* you cannot have a good sig from an
invalid subkey */ invalid subkey */
else { else {
*r_expiredate = pk->expiredate; if (r_expiredate)
rc = do_check( pk, sig, digest, r_expired ); *r_expiredate = pk->expiredate;
rc = do_check( pk, sig, digest, r_expired, r_revoked, ret_pk );
} }
free_public_key( pk ); free_public_key( pk );
@ -135,11 +133,15 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest,
static int static int
do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired ) do_check_messages( PKT_public_key *pk, PKT_signature *sig,
int *r_expired, int *r_revoked )
{ {
u32 cur_time; u32 cur_time;
*r_expired = 0; if (r_expired)
*r_expired = 0;
if (r_revoked)
*r_revoked = 0;
if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info(_("key %08lX: this is a PGP generated " log_info(_("key %08lX: this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n"), "ElGamal key which is NOT secure for signatures!\n"),
@ -182,22 +184,26 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
sprintf(buf,"%lu",(ulong)pk->expiredate); sprintf(buf,"%lu",(ulong)pk->expiredate);
write_status_text(STATUS_KEYEXPIRED,buf); write_status_text(STATUS_KEYEXPIRED,buf);
write_status(STATUS_SIGEXPIRED); write_status(STATUS_SIGEXPIRED);
*r_expired = 1; if (r_expired)
*r_expired = 1;
} }
if(pk->is_revoked && r_revoked)
*r_revoked=1;
return 0; return 0;
} }
static int static int
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest, do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
int *r_expired ) int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
{ {
gcry_mpi_t result = NULL; gcry_mpi_t result = NULL;
int rc=0; int rc=0;
struct cmp_help_context_s ctx; struct cmp_help_context_s ctx;
if( (rc=do_check_messages(pk,sig,r_expired)) ) if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
return rc; return rc;
if( (rc=gcry_md_test_algo(sig->digest_algo)) ) if( (rc=gcry_md_test_algo(sig->digest_algo)) )
return rc; return rc;
@ -280,6 +286,9 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
rc = gpg_error (GPG_ERR_BAD_SIGNATURE); rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
} }
if(!rc && ret_pk)
copy_public_key(ret_pk,pk);
return rc; return rc;
} }
@ -406,16 +415,19 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
int int
check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
{ {
u32 dummy; return check_key_signature2(root, node, NULL, NULL, is_selfsig, NULL, NULL);
int dum2;
return check_key_signature2(root, node, NULL, is_selfsig, &dummy, &dum2 );
} }
/* If check_pk is set, then use it to check the signature in node /* If check_pk is set, then use it to check the signature in node
rather than getting it from root or the keydb. */ rather than getting it from root or the keydb. If ret_pk is set,
fill in the public key that was used to verify the signature.
ret_pk is only meaningful when the verification was successful. */
/* TODO: add r_revoked here as well. It has the same problems as
r_expiredate and r_expired and the cache. */
int int
check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk, check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
int *is_selfsig, u32 *r_expiredate, int *r_expired ) PKT_public_key *ret_pk, int *is_selfsig,
u32 *r_expiredate, int *r_expired )
{ {
MD_HANDLE md; MD_HANDLE md;
PKT_public_key *pk; PKT_public_key *pk;
@ -425,8 +437,10 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
if( is_selfsig ) if( is_selfsig )
*is_selfsig = 0; *is_selfsig = 0;
*r_expiredate = 0; if( r_expiredate )
*r_expired = 0; *r_expiredate = 0;
if( r_expired )
*r_expired = 0;
assert( node->pkt->pkttype == PKT_SIGNATURE ); assert( node->pkt->pkttype == PKT_SIGNATURE );
assert( root->pkt->pkttype == PKT_PUBLIC_KEY ); assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
@ -444,7 +458,9 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
*is_selfsig = 1; *is_selfsig = 1;
} }
if((rc=do_check_messages(pk,sig,r_expired))) /* BUG: This is wrong for non-self-sigs. Needs to be the
actual pk */
if((rc=do_check_messages(pk,sig,r_expired,NULL)))
return rc; return rc;
return sig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE); return sig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE);
} }
@ -464,7 +480,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
{ {
gcry_md_open (&md, algo, 0 ); gcry_md_open (&md, algo, 0 );
hash_public_key( md, pk ); hash_public_key( md, pk );
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
gcry_md_close(md); gcry_md_close(md);
} }
@ -476,12 +492,12 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
gcry_md_open (&md, algo, 0 ); gcry_md_open (&md, algo, 0 );
hash_public_key( md, pk ); hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key ); hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
gcry_md_close(md); gcry_md_close(md);
} }
else { else {
if (!opt.quiet) if (opt.verbose)
log_info (_("key %08lX: no subkey for subkey " log_info (_("key %08lX: no subkey for subkey "
"revocation signature\n"), "revocation signature\n"),
(ulong)keyid_from_pk (pk, NULL)); (ulong)keyid_from_pk (pk, NULL));
@ -502,7 +518,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
gcry_md_open (&md, algo, 0 ); gcry_md_open (&md, algo, 0 );
hash_public_key( md, pk ); hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key ); hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
gcry_md_close(md); gcry_md_close(md);
} }
@ -517,7 +533,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
else if( sig->sig_class == 0x1f ) { /* direct key signature */ else if( sig->sig_class == 0x1f ) { /* direct key signature */
gcry_md_open (&md, algo, 0 ); gcry_md_open (&md, algo, 0 );
hash_public_key( md, pk ); hash_public_key( md, pk );
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
gcry_md_close(md); gcry_md_close(md);
} }
@ -535,12 +551,13 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
{ {
if( is_selfsig ) if( is_selfsig )
*is_selfsig = 1; *is_selfsig = 1;
rc = do_check( pk, sig, md, r_expired ); rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
} }
else if (check_pk) else if (check_pk)
rc=do_check(check_pk,sig,md,r_expired); rc=do_check(check_pk,sig,md,r_expired, NULL, ret_pk);
else else
rc = signature_check2( sig, md, r_expiredate, r_expired ); rc = signature_check2( sig, md, r_expiredate, r_expired,
NULL, ret_pk);
cache_sig_result ( sig, rc ); cache_sig_result ( sig, rc );
gcry_md_close(md); gcry_md_close(md);

65
g10/sign.c
View File

@ -55,12 +55,12 @@ void __stdcall Sleep(ulong);
static int recipient_digest_algo=0; static int recipient_digest_algo=0;
/**************** /****************
* Create a notation. It is assumed that the stings in STRLIST * Create a notation. We assume thIt is assumed that the strings in
* are already checked to contain only printable data and have a valid * the STRLISTs of the opt struct are already checked to contain only
* NAME=VALUE format. * printable data and have a valid NAME=VALUE format.
*/ */
static void static void
mk_notation_and_policy( PKT_signature *sig, mk_notation_policy_etc( PKT_signature *sig,
PKT_public_key *pk, PKT_secret_key *sk ) PKT_public_key *pk, PKT_secret_key *sk )
{ {
const char *string; const char *string;
@ -74,18 +74,25 @@ mk_notation_and_policy( PKT_signature *sig,
args.pk=pk; args.pk=pk;
args.sk=sk; args.sk=sk;
/* It is actually impossible to get here when making a v3 key
signature since keyedit.c:sign_uids will automatically bump a
signature with a notation or policy url up to v4, but it is
good to do these checks anyway. */
/* notation data */ /* notation data */
if(IS_SIG(sig) && opt.sig_notation_data) if(IS_SIG(sig) && opt.sig_notation_data)
{ {
if(sig->version<4) if(sig->version<4)
log_info("can't put notation data into v3 signatures\n"); log_error(_("can't put notation data into v3 (PGP 2.x style) "
"signatures\n"));
else else
nd=opt.sig_notation_data; nd=opt.sig_notation_data;
} }
else if( IS_CERT(sig) && opt.cert_notation_data ) else if( IS_CERT(sig) && opt.cert_notation_data )
{ {
if(sig->version<4) if(sig->version<4)
log_info("can't put notation data into v3 key signatures\n"); log_error(_("can't put notation data into v3 (PGP 2.x style) "
"key signatures\n"));
else else
nd=opt.cert_notation_data; nd=opt.cert_notation_data;
} }
@ -125,21 +132,20 @@ mk_notation_and_policy( PKT_signature *sig,
xfree (buf); xfree (buf);
} }
if(opt.list_options&LIST_SHOW_NOTATION)
show_notation(sig,0,0);
/* set policy URL */ /* set policy URL */
if( IS_SIG(sig) && opt.sig_policy_url ) if( IS_SIG(sig) && opt.sig_policy_url )
{ {
if(sig->version<4) if(sig->version<4)
log_info("can't put a policy URL into v3 signatures\n"); log_error(_("can't put a policy URL into v3 (PGP 2.x style) "
"signatures\n"));
else else
pu=opt.sig_policy_url; pu=opt.sig_policy_url;
} }
else if( IS_CERT(sig) && opt.cert_policy_url ) else if( IS_CERT(sig) && opt.cert_policy_url )
{ {
if(sig->version<4) if(sig->version<4)
log_info("can't put a policy URL into v3 key signatures\n"); log_error(_("can't put a policy URL into v3 key (PGP 2.x style) "
"signatures\n"));
else else
pu=opt.cert_policy_url; pu=opt.cert_policy_url;
} }
@ -163,8 +169,34 @@ mk_notation_and_policy( PKT_signature *sig,
xfree (s); xfree (s);
} }
if(opt.list_options&LIST_SHOW_POLICY) /* preferred keyserver URL */
show_policy_url(sig,0,0); if( IS_SIG(sig) && opt.sig_keyserver_url )
{
if(sig->version<4)
log_info (_("can't put a preferred keyserver URL "
"into v3 signatures\n"));
else
pu=opt.sig_keyserver_url;
}
for(;pu;pu=pu->next)
{
string = pu->d;
s=pct_expando(string,&args);
if(!s)
{
log_error(_("WARNING: unable to %%-expand preferred keyserver URL"
" (too large). Using unexpanded.\n"));
s=xstrdup(string);
}
build_sig_subpkt(sig,SIGSUBPKT_PREF_KS|
((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
s,strlen(s));
xfree(s);
}
} }
@ -621,7 +653,8 @@ write_signature_packets (SK_LIST sk_list, iobuf_t out, MD_HANDLE hash,
sig = xcalloc (1,sizeof *sig); sig = xcalloc (1,sizeof *sig);
if(opt.force_v3_sigs || RFC1991) if(opt.force_v3_sigs || RFC1991)
sig->version=3; sig->version=3;
else if(duration || opt.sig_policy_url || opt.sig_notation_data) else if(duration || opt.sig_policy_url
|| opt.sig_notation_data || opt.sig_keyserver_url)
sig->version=4; sig->version=4;
else else
sig->version=sk->version; sig->version=sk->version;
@ -640,7 +673,7 @@ write_signature_packets (SK_LIST sk_list, iobuf_t out, MD_HANDLE hash,
if (sig->version >= 4) if (sig->version >= 4)
build_sig_subpkt_from_sig (sig); build_sig_subpkt_from_sig (sig);
mk_notation_and_policy (sig, NULL, sk); mk_notation_policy_etc (sig, NULL, sk);
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
gcry_md_final (md); gcry_md_final (md);
@ -1308,7 +1341,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
sig->sig_class = sigclass; sig->sig_class = sigclass;
if( sig->version >= 4 ) if( sig->version >= 4 )
build_sig_subpkt_from_sig( sig ); build_sig_subpkt_from_sig( sig );
mk_notation_and_policy( sig, pk, sk ); mk_notation_policy_etc ( sig, pk, sk );
/* Crucial that the call to mksubpkt comes LAST before the calls /* Crucial that the call to mksubpkt comes LAST before the calls
to finalize the sig as that makes it possible for the mksubpkt to finalize the sig as that makes it possible for the mksubpkt

27
g10/signal.c
View File

@ -1,5 +1,5 @@
/* signal.c - signal handling /* signal.c - signal handling
* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. * Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -42,7 +42,7 @@ static void
init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign ) init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign )
{ {
#ifndef HAVE_DOSISH_SYSTEM #ifndef HAVE_DOSISH_SYSTEM
#ifdef HAVE_SIGACTION #if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION)
struct sigaction oact, nact; struct sigaction oact, nact;
if (check_ign) { if (check_ign) {
@ -132,7 +132,7 @@ void
pause_on_sigusr( int which ) pause_on_sigusr( int which )
{ {
#ifndef HAVE_DOSISH_SYSTEM #ifndef HAVE_DOSISH_SYSTEM
#ifdef HAVE_SIGPROCMASK #if defined(HAVE_SIGPROCMASK) && defined(HAVE_SIGSET_T)
sigset_t mask, oldmask; sigset_t mask, oldmask;
assert( which == 1 ); assert( which == 1 );
@ -150,8 +150,8 @@ pause_on_sigusr( int which )
while (!caught_sigusr1) while (!caught_sigusr1)
sigpause(SIGUSR1); sigpause(SIGUSR1);
caught_sigusr1 = 0; caught_sigusr1 = 0;
sigrelse(SIGUSR1); ???? sigrelse(SIGUSR1);
#endif /*!HAVE_SIGPROCMASK*/ #endif /*!HAVE_SIGPROCMASK && HAVE_SISET_T*/
#endif #endif
} }
@ -161,7 +161,7 @@ do_block( int block )
{ {
#ifndef HAVE_DOSISH_SYSTEM #ifndef HAVE_DOSISH_SYSTEM
static int is_blocked; static int is_blocked;
#ifdef HAVE_SIGPROCMASK #if defined(HAVE_SIGPROCMASK) && defined(HAVE_SIGSET_T)
static sigset_t oldmask; static sigset_t oldmask;
if( block ) { if( block ) {
@ -180,13 +180,22 @@ do_block( int block )
is_blocked = 0; is_blocked = 0;
} }
#else /*!HAVE_SIGPROCMASK*/ #else /*!HAVE_SIGPROCMASK*/
static void (*disposition[MAXSIG])();
#if defined(NSIG)
# define SIGSMAX (NSIG)
#elif defined(MAXSIG)
# define SIGSMAX (MAXSIG+1)
#else
# error "define SIGSMAX to the number of signals on your platform plus one"
#endif
static void (*disposition[SIGSMAX])(int);
int sig; int sig;
if( block ) { if( block ) {
if( is_blocked ) if( is_blocked )
log_bug("signals are already blocked\n"); log_bug("signals are already blocked\n");
for (sig=1; sig < MAXSIG; sig++) { for (sig=1; sig < SIGSMAX; sig++) {
disposition[sig] = sigset (sig, SIG_HOLD); disposition[sig] = sigset (sig, SIG_HOLD);
} }
is_blocked = 1; is_blocked = 1;
@ -194,7 +203,7 @@ do_block( int block )
else { else {
if( !is_blocked ) if( !is_blocked )
log_bug("signals are not blocked\n"); log_bug("signals are not blocked\n");
for (sig=1; sig < MAXSIG; sig++) { for (sig=1; sig < SIGSMAX; sig++) {
sigset (sig, disposition[sig]); sigset (sig, disposition[sig]);
} }
is_blocked = 0; is_blocked = 0;

1
g10/status.c
View File

@ -129,6 +129,7 @@ get_status_string ( int no )
case STATUS_SIGEXPIRED : s = "SIGEXPIRED deprecated-use-keyexpired-instead"; break; case STATUS_SIGEXPIRED : s = "SIGEXPIRED deprecated-use-keyexpired-instead"; break;
case STATUS_EXPSIG : s = "EXPSIG"; break; case STATUS_EXPSIG : s = "EXPSIG"; break;
case STATUS_EXPKEYSIG : s = "EXPKEYSIG"; break; case STATUS_EXPKEYSIG : s = "EXPKEYSIG"; break;
case STATUS_REVKEYSIG : s = "REVKEYSIG"; break;
case STATUS_ATTRIBUTE : s = "ATTRIBUTE"; break; case STATUS_ATTRIBUTE : s = "ATTRIBUTE"; break;
default: s = "?"; break; default: s = "?"; break;
} }

1
g10/status.h
View File

@ -99,6 +99,7 @@
#define STATUS_ATTRIBUTE 67 #define STATUS_ATTRIBUTE 67
#define STATUS_IMPORT_OK 68 #define STATUS_IMPORT_OK 68
#define STATUS_IMPORT_CHECK 69 #define STATUS_IMPORT_CHECK 69
#define STATUS_REVKEYSIG 70
/*-- status.c --*/ /*-- status.c --*/
void set_status_fd ( int fd ); void set_status_fd ( int fd );

2
g10/tdbdump.c
View File

@ -154,7 +154,7 @@ import_ownertrust( const char *fname )
break; /* can't continue */ break; /* can't continue */
} }
for(p = line; *p && *p != ':' ; p++ ) for(p = line; *p && *p != ':' ; p++ )
if( !isxdigit(*p) ) if( !hexdigitp (p) )
break; break;
if( *p != ':' ) { if( *p != ':' ) {
log_error (_("\b%s: error: missing colon\n"), fname ); log_error (_("\b%s: error: missing colon\n"), fname );

5
g10/tdbio.c
View File

@ -337,6 +337,9 @@ tdbio_sync()
} }
#if 0
/* The transaction code is disabled in the 1.2.x branch, as it is not
yet used. It will be enabled in 1.3.x. */
/**************** /****************
* Simple transactions system: * Simple transactions system:
@ -408,6 +411,8 @@ tdbio_cancel_transaction()
return 0; return 0;
} }
#endif /* transaction code */
/******************************************************** /********************************************************

42
g10/trustdb.c
View File

@ -591,6 +591,31 @@ trustdb_pending_check(void)
return pending_check_trustdb; return pending_check_trustdb;
} }
void
read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth)
{
TRUSTREC opts;
init_trustdb();
read_record(0,&opts,RECTYPE_VER);
if(trust_model)
*trust_model=opts.r.ver.trust_model;
if(created)
*created=opts.r.ver.created;
if(nextcheck)
*nextcheck=opts.r.ver.nextcheck;
if(marginals)
*marginals=opts.r.ver.marginals;
if(completes)
*completes=opts.r.ver.completes;
if(cert_depth)
*cert_depth=opts.r.ver.cert_depth;
}
/*********************************************** /***********************************************
*********** Ownertrust et al. **************** *********** Ownertrust et al. ****************
@ -1573,10 +1598,14 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
signed (but not self-signed) uid does carry trust, of a sort, signed (but not self-signed) uid does carry trust, of a sort,
even if it is a statement being made by people other than the even if it is a statement being made by people other than the
key owner "through" the uids on the key owner's key. I'm key owner "through" the uids on the key owner's key. I'm
going with the latter. -dshaw */ going with the latter. However, if the user ID was
explicitly revoked, or passively allowed to expire, that
should stop validity through the user ID until it is
resigned. -dshaw */
/* && node->pkt->pkt.user_id->created) */ if (node->pkt->pkttype == PKT_USER_ID
if (node->pkt->pkttype == PKT_USER_ID) && !node->pkt->pkt.user_id->is_revoked
&& !node->pkt->pkt.user_id->is_expired)
{ {
if (uidnode && issigned) if (uidnode && issigned)
{ {
@ -1590,12 +1619,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
} }
uidnode = node; uidnode = node;
uid=uidnode->pkt->pkt.user_id; uid=uidnode->pkt->pkt.user_id;
#if 0
/* If the selfsig is going to expire... This is disabled as /* If the selfsig is going to expire... */
we do count un-self-signed uids in the web of trust. */
if(uid->expiredate && uid->expiredate<*next_expire) if(uid->expiredate && uid->expiredate<*next_expire)
*next_expire = uid->expiredate; *next_expire = uid->expiredate;
#endif
issigned = 0; issigned = 0;
get_validity_counts(pk,uid); get_validity_counts(pk,uid);
mark_usable_uid_certs (kb, uidnode, main_kid, klist, mark_usable_uid_certs (kb, uidnode, main_kid, klist,

3
g10/trustdb.h
View File

@ -64,6 +64,9 @@ int enum_cert_paths( void **context, ulong *lid,
void enum_cert_paths_print( void **context, FILE *fp, void enum_cert_paths_print( void **context, FILE *fp,
int refresh, ulong selected_lid ); int refresh, ulong selected_lid );
void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
byte *marginals,byte *completes,byte *cert_depth);
unsigned int get_ownertrust (PKT_public_key *pk); unsigned int get_ownertrust (PKT_public_key *pk);
unsigned int get_min_ownertrust (PKT_public_key *pk); unsigned int get_min_ownertrust (PKT_public_key *pk);
int get_ownertrust_info (PKT_public_key *pk); int get_ownertrust_info (PKT_public_key *pk);

11
include/ChangeLog
View File

@ -1,3 +1,14 @@
2003-09-04 David Shaw <dshaw@jabberwocky.com>
* cipher.h: Drop TIGER/192 support.
* types.h: Prefer using uint64_t when creating a 64-bit unsigned
type. This avoids a warning on compilers that support but complain
about unsigned long long.
* util.h: Make sure that only ascii is passed to isfoo
functions. (From Werner on stable branch).
2003-09-04 Werner Koch <wk@gnupg.org> 2003-09-04 Werner Koch <wk@gnupg.org>
* cipher.h (PUBKEY_USAGE_AUTH): Added. * cipher.h (PUBKEY_USAGE_AUTH): Added.

1
include/cipher.h
View File

@ -53,7 +53,6 @@
#define DIGEST_ALGO_MD5 GCRY_MD_MD5 #define DIGEST_ALGO_MD5 GCRY_MD_MD5
#define DIGEST_ALGO_SHA1 GCRY_MD_SHA1 #define DIGEST_ALGO_SHA1 GCRY_MD_SHA1
#define DIGEST_ALGO_RMD160 GCRY_MD_RMD160 #define DIGEST_ALGO_RMD160 GCRY_MD_RMD160
#define DIGEST_ALGO_TIGER GCRY_MD_TIGER
#define DIGEST_ALGO_SHA256 GCRY_MD_SHA256 #define DIGEST_ALGO_SHA256 GCRY_MD_SHA256
#define DIGEST_ALGO_SHA384 GCRY_MD_SHA384 #define DIGEST_ALGO_SHA384 GCRY_MD_SHA384
#define DIGEST_ALGO_SHA512 GCRY_MD_SHA512 #define DIGEST_ALGO_SHA512 GCRY_MD_SHA512

10
include/types.h
View File

@ -101,7 +101,11 @@ typedef unsigned long u32;
*/ */
#ifndef HAVE_U64_TYPEDEF #ifndef HAVE_U64_TYPEDEF
#undef u64 /* maybe there is a macro with this name */ #undef u64 /* maybe there is a macro with this name */
#if SIZEOF_UNSIGNED_INT == 8 #if SIZEOF_UINT64_T == 8
typedef uint64_t u64;
#define U64_C(c) (UINT64_C(c))
#define HAVE_U64_TYPEDEF
#elif SIZEOF_UNSIGNED_INT == 8
typedef unsigned int u64; typedef unsigned int u64;
#define U64_C(c) (c ## U) #define U64_C(c) (c ## U)
#define HAVE_U64_TYPEDEF #define HAVE_U64_TYPEDEF
@ -113,10 +117,6 @@ typedef unsigned long u64;
typedef unsigned long long u64; typedef unsigned long long u64;
#define U64_C(c) (c ## ULL) #define U64_C(c) (c ## ULL)
#define HAVE_U64_TYPEDEF #define HAVE_U64_TYPEDEF
#elif SIZEOF_UINT64_T == 8
typedef uint64_t u64;
#define U64_C(c) (UINT64_C(c))
#define HAVE_U64_TYPEDEF
#endif #endif
#endif #endif