security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

* keygen.c (proc_parameter_file): Sanity check items in keygen batch

Browse Source 
file.  Noted by Michael Schierl.
This commit is contained in:
David Shaw 2005-08-05 03:30:13 +00:00
parent c765d1ee0c
commit 533bc3e813
2 changed files with 127 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
g10/ChangeLog
View File

@ -1,5 +1,8 @@
2005-08-04 David Shaw <dshaw@jabberwocky.com> 2005-08-04 David Shaw <dshaw@jabberwocky.com>
* keygen.c (proc_parameter_file): Sanity check items in keygen
batch file. Noted by Michael Schierl.
* pkclist.c (do_edit_ownertrust): Don't allow ownertrust level 0. * pkclist.c (do_edit_ownertrust): Don't allow ownertrust level 0.
Noted by Michael Schierl. Noted by Michael Schierl.

226
g10/keygen.c
View File

@ -2059,122 +2059,144 @@ static int
proc_parameter_file( struct para_data_s *para, const char *fname, proc_parameter_file( struct para_data_s *para, const char *fname,
struct output_control_s *outctrl, int card ) struct output_control_s *outctrl, int card )
{ {
struct para_data_s *r; struct para_data_s *r;
const char *s1, *s2, *s3; const char *s1, *s2, *s3;
size_t n; size_t n;
char *p; char *p;
int i; int have_user_id=0;
/* Check that we have all required parameters. */ /* Check that we have all required parameters. */
assert( get_parameter( para, pKEYTYPE ) ); r = get_parameter( para, pKEYTYPE );
i = get_parameter_algo( para, pKEYTYPE ); if(r)
if( i < 1 || check_pubkey_algo2( i, PUBKEY_USAGE_SIG ) ) { {
r = get_parameter( para, pKEYTYPE ); if(check_pubkey_algo2(get_parameter_algo(para,pKEYTYPE),
log_error("%s:%d: invalid algorithm\n", fname, r->lnr ); PUBKEY_USAGE_SIG))
{
log_error("%s:%d: invalid algorithm\n", fname, r->lnr );
return -1;
}
}
else
{
log_error("%s: no Key-Type specified\n",fname);
return -1;
}
if (parse_parameter_usage (fname, para, pKEYUSAGE))
return -1;
r = get_parameter( para, pSUBKEYTYPE );
if(r)
{
if(check_pubkey_algo( get_parameter_algo( para, pSUBKEYTYPE)))
{
log_error("%s:%d: invalid algorithm\n", fname, r->lnr );
return -1;
}
if(parse_parameter_usage (fname, para, pSUBKEYUSAGE))
return -1; return -1;
} }
if (parse_parameter_usage (fname, para, pKEYUSAGE)) if( get_parameter_value( para, pUSERID ) )
return -1; have_user_id=1;
else
i = get_parameter_algo( para, pSUBKEYTYPE ); {
if( i > 0 && check_pubkey_algo( i ) ) { /* create the formatted user ID */
r = get_parameter( para, pSUBKEYTYPE ); s1 = get_parameter_value( para, pNAMEREAL );
log_error("%s:%d: invalid algorithm\n", fname, r->lnr ); s2 = get_parameter_value( para, pNAMECOMMENT );
return -1; s3 = get_parameter_value( para, pNAMEEMAIL );
} if( s1 || s2 || s3 )
if (i > 0 && parse_parameter_usage (fname, para, pSUBKEYUSAGE)) {
return -1; n = (s1?strlen(s1):0) + (s2?strlen(s2):0) + (s3?strlen(s3):0);
r = xmalloc_clear( sizeof *r + n + 20 );
r->key = pUSERID;
if( !get_parameter_value( para, pUSERID ) ) { p = r->u.value;
/* create the formatted user ID */ if( s1 )
s1 = get_parameter_value( para, pNAMEREAL ); p = stpcpy(p, s1 );
s2 = get_parameter_value( para, pNAMECOMMENT ); if( s2 )
s3 = get_parameter_value( para, pNAMEEMAIL ); p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")");
if( s1 || s2 || s3 ) { if( s3 )
n = (s1?strlen(s1):0) + (s2?strlen(s2):0) + (s3?strlen(s3):0); p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">");
r = xmalloc_clear( sizeof *r + n + 20 ); r->next = para;
r->key = pUSERID; para = r;
p = r->u.value; have_user_id=1;
if( s1 )
p = stpcpy(p, s1 );
if( s2 )
p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")");
if( s3 )
p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">");
r->next = para;
para = r;
} }
} }
/* Set preferences, if any. */ if(!have_user_id)
keygen_set_std_prefs(get_parameter_value( para, pPREFERENCES ), 0); {
log_error("%s: no User-ID specified\n",fname);
/* Set revoker, if any. */
if (parse_revocation_key (fname, para, pREVOKER))
return -1; return -1;
/* make DEK and S2K from the Passphrase */
r = get_parameter( para, pPASSPHRASE );
if( r && *r->u.value ) {
/* we have a plain text passphrase - create a DEK from it.
* It is a little bit ridiculous to keep it ih secure memory
* but becuase we do this alwasy, why not here */
STRING2KEY *s2k;
DEK *dek;
s2k = xmalloc_secure( sizeof *s2k );
s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO;
set_next_passphrase( r->u.value );
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2,
NULL, NULL);
set_next_passphrase( NULL );
assert( dek );
memset( r->u.value, 0, strlen(r->u.value) );
r = xmalloc_clear( sizeof *r );
r->key = pPASSPHRASE_S2K;
r->u.s2k = s2k;
r->next = para;
para = r;
r = xmalloc_clear( sizeof *r );
r->key = pPASSPHRASE_DEK;
r->u.dek = dek;
r->next = para;
para = r;
} }
/* make KEYEXPIRE from Expire-Date */ /* Set preferences, if any. */
r = get_parameter( para, pEXPIREDATE ); keygen_set_std_prefs(get_parameter_value( para, pPREFERENCES ), 0);
if( r && *r->u.value )
{
u32 seconds;
seconds = parse_expire_string( r->u.value ); /* Set revoker, if any. */
if( seconds == (u32)-1 ) if (parse_revocation_key (fname, para, pREVOKER))
{ return -1;
log_error("%s:%d: invalid expire date\n", fname, r->lnr );
return -1;
}
r->u.expire = seconds;
r->key = pKEYEXPIRE; /* change hat entry */
/* also set it for the subkey */
r = xmalloc_clear( sizeof *r + 20 );
r->key = pSUBKEYEXPIRE;
r->u.expire = seconds;
r->next = para;
para = r;
}
if( !!outctrl->pub.newfname ^ !!outctrl->sec.newfname ) { /* make DEK and S2K from the Passphrase */
log_error("%s:%d: only one ring name is set\n", fname, outctrl->lnr ); r = get_parameter( para, pPASSPHRASE );
return -1; if( r && *r->u.value ) {
/* we have a plain text passphrase - create a DEK from it.
* It is a little bit ridiculous to keep it ih secure memory
* but becuase we do this alwasy, why not here */
STRING2KEY *s2k;
DEK *dek;
s2k = xmalloc_secure( sizeof *s2k );
s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO;
set_next_passphrase( r->u.value );
dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2,
NULL, NULL);
set_next_passphrase( NULL );
assert( dek );
memset( r->u.value, 0, strlen(r->u.value) );
r = xmalloc_clear( sizeof *r );
r->key = pPASSPHRASE_S2K;
r->u.s2k = s2k;
r->next = para;
para = r;
r = xmalloc_clear( sizeof *r );
r->key = pPASSPHRASE_DEK;
r->u.dek = dek;
r->next = para;
para = r;
}
/* make KEYEXPIRE from Expire-Date */
r = get_parameter( para, pEXPIREDATE );
if( r && *r->u.value )
{
u32 seconds;
seconds = parse_expire_string( r->u.value );
if( seconds == (u32)-1 )
{
log_error("%s:%d: invalid expire date\n", fname, r->lnr );
return -1;
}
r->u.expire = seconds;
r->key = pKEYEXPIRE; /* change hat entry */
/* also set it for the subkey */
r = xmalloc_clear( sizeof *r + 20 );
r->key = pSUBKEYEXPIRE;
r->u.expire = seconds;
r->next = para;
para = r;
} }
do_generate_keypair( para, outctrl, card ); if( !!outctrl->pub.newfname ^ !!outctrl->sec.newfname ) {
return 0; log_error("%s:%d: only one ring name is set\n", fname, outctrl->lnr );
return -1;
}
do_generate_keypair( para, outctrl, card );
return 0;
} }