* import.c (import_secret_one): Check for an illegal (>110) protection

cipher when importing a secret key. * keylist.c (list_keyblock_print): Show a '#' for a secret-parts-missing key. * parse_packet.c (parse_key): Some comments. * revoke.c (gen_revoke): Remove some debugging code. * trustdb.c (verify_own_keys): Make trusted-key a non-deprecated option again. * seckey-cert.c (do_check): Don't give the IDEA warning unless the cipher in question is in fact IDEA.
2002-10-02 22:01:29 +00:00 · 2002-10-02 22:01:29 +00:00 · 58972f24c4
parent b959d789fe
commit 58972f24c4
7 changed files with 42 additions and 15 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,21 @@
+2002-10-02  David Shaw  <dshaw@jabberwocky.com>
+
+	* import.c (import_secret_one): Check for an illegal (>110)
+	protection cipher when importing a secret key.
+
+	* keylist.c (list_keyblock_print): Show a '#' for a
+	secret-parts-missing key.
+
+	* parse_packet.c (parse_key): Some comments.
+
+	* revoke.c (gen_revoke): Remove some debugging code.
+
+	* trustdb.c (verify_own_keys): Make trusted-key a non-deprecated
+	option again.
+
+	* seckey-cert.c (do_check): Don't give the IDEA warning unless the
+	cipher in question is in fact IDEA.
+
 2002-10-01  David Shaw  <dshaw@jabberwocky.com>

 	* import.c (import_one): Make sure that a newly imported key
--- a/g10/import.c
+++ b/g10/import.c
@ -850,6 +850,13 @@ import_secret_one( const char *fname, KBNODE keyblock,
 	return 0;
    }

+    if(sk->protect.algo>110)
+      {
+	log_error(_("key %08lX: secret key with invalid cipher %d "
+		    "- skipped\n"),(ulong)keyid[1],sk->protect.algo);
+	return 0;
+      }
+
    clear_kbnode_flags( keyblock );

    /* do we have this key already in one of our secrings ? */
--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -409,10 +409,11 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
 	pk = NULL;
 	sk = node->pkt->pkt.secret_key;
 	keyid_from_sk( sk, keyid );
-        printf("sec  %4u%c/%08lX %s ", nbits_from_sk( sk ),
-				       pubkey_letter( sk->pubkey_algo ),
-				       (ulong)keyid[1],
-				       datestr_from_sk( sk ) );
+        printf("sec%c %4u%c/%08lX %s ", (sk->protect.s2k.mode==1001)?'#':' ',
+	                                nbits_from_sk( sk ),
+				        pubkey_letter( sk->pubkey_algo ),
+				        (ulong)keyid[1],
+				        datestr_from_sk( sk ) );
    }
    else {
 	pk = node->pkt->pkt.public_key;
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -1574,6 +1574,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 		}
                sk->protect.sha1chk = (sk->protect.algo == 254);
 		sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
+		/* Note that a sk->protect.algo > 110 is illegal, but
+		   I'm not erroring on it here as otherwise there
+		   would be no way to delete such a key. */
 		sk->protect.s2k.mode  = iobuf_get_noeof(inp); pktlen--;
 		sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
 		/* check for the special GNU extension */
@ -1647,6 +1650,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 					    (ulong)sk->protect.s2k.count);
 		}
 	    }
+	    /* Note that a sk->protect.algo > 110 is illegal, but I'm
+	       not erroring on it here as otherwise there would be no
+	       way to delete such a key. */
 	    else { /* old version; no S2K, so we set mode to 0, hash MD5 */
 		sk->protect.s2k.mode = 0;
 		sk->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
--- a/g10/revoke.c
+++ b/g10/revoke.c
@ -551,7 +551,9 @@ gen_revoke( const char *uname )

    if(opt.pgp2 || opt.pgp6 || opt.pgp7)
      {
-	rc=export_minimal_pk(out,NULL /*pub_keyblock*/,sig,NULL);
+	/* Use a minimal pk for PGPx mode, since PGP can't import bare
+	   revocation certificates. */
+	rc=export_minimal_pk(out,pub_keyblock,sig,NULL);
 	if(rc)
 	  goto leave;
      }
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@ -58,7 +58,8 @@ do_check( PKT_secret_key *sk, const char *tryagain_text )
 	if( check_cipher_algo( sk->protect.algo ) ) {
 	    log_info(_("protection algorithm %d%s is not supported\n"),
 			sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
-	    idea_cipher_warn(0);
+	    if(sk->protect.algo==CIPHER_ALGO_IDEA)
+	      idea_cipher_warn(0);
 	    return G10ERR_CIPHER_ALGO;
 	}
 	keyid_from_sk( sk, keyid );
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -247,7 +247,6 @@ verify_own_keys(void)
  ulong recnum;
  int rc;
  struct key_item *k;
-  int hint_shown = 0;

  if (utk_list)
    return;
@ -296,14 +295,7 @@ verify_own_keys(void)
                                | TRUST_ULTIMATE ));
            release_public_key_parts (&pk);
          }
-          if (!hint_shown)
-            {
-              log_info ("the --trusted-key option is now obsolete; "
-                        "use the --edit command instead.\n");
-              log_info ("given keys will be marked as trusted\n");
-              hint_shown = 1;
-            }
-          log_info ("key %08lX marked as ultimately trusted\n",
+          log_info (_("key %08lX marked as ultimately trusted\n"),
                    (ulong)k->kid[1]);
        }
    }