From 6286d01ba33b963be30fbb4fba6f35f1b05acd17 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 8 Oct 2013 15:29:36 +0200 Subject: [PATCH] gpg: Fix --version output and explicitly disable ECC. * g10/misc.c (openpgp_pk_algo_name): New. Replace all calls in g10/ to gcry_pk_algo_name by a call to this function. (map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG. (openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of GCRY_PK_ELG_E. Return an error for ECC algos. (openpgp_pk_test_algo2): Return an error for ECC algos. * g10/gpg.c (build_list): Avoid printing ECC two times. * include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*. -- Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg --version" printed two question marks. This patches fixes that and also make sure that gpg does advertise any ECC features. The patch in build_list is not really needed. Signed-off-by: Werner Koch --- g10/encode.c | 20 +++++----- g10/gpg.c | 9 +++-- g10/keyedit.c | 4 +- g10/keygen.c | 6 +-- g10/keyserver.c | 2 +- g10/main.h | 1 + g10/mainproc.c | 4 +- g10/misc.c | 36 +++++++++++++++--- g10/passphrase.c | 96 ++++++++++++++++++++++++------------------------ g10/sign.c | 2 +- include/cipher.h | 12 +++--- 11 files changed, 111 insertions(+), 81 deletions(-) diff --git a/g10/encode.c b/g10/encode.c index 3c4e0a274..88d0a6961 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -83,7 +83,7 @@ encode_seskey( DEK *dek, DEK **seskey, byte *enckey ) /* The encrypted session key is prefixed with a one-octet algorithm id. */ buf[0] = (*seskey)->algo; memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen ); - + /* We only pass already checked values to the following fucntion, thus we consider any failure as fatal. */ if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) @@ -117,7 +117,7 @@ use_mdc(PK_LIST pk_list,int algo) if(select_mdc_from_pklist(pk_list)) return 1; - + /* The keys don't support MDC, so now we do a bit of a hack - if any of the AESes or TWOFISH are in the prefs, we assume that the user can handle a MDC. This is valid for PGP 7, which can handle MDCs @@ -178,7 +178,7 @@ encode_simple( const char *filename, int mode, int use_seskey ) memset( &zfx, 0, sizeof zfx); memset( &tfx, 0, sizeof tfx); init_packet(&pkt); - + /* prepare iobufs */ inp = iobuf_open(filename); if (inp) @@ -207,7 +207,7 @@ encode_simple( const char *filename, int mode, int use_seskey ) it has no S2K salt. RFC1991 always uses simple S2K. */ if ( RFC1991 && use_seskey ) use_seskey = 0; - + cfx.dek = NULL; if( mode ) { int canceled; @@ -254,7 +254,7 @@ encode_simple( const char *filename, int mode, int use_seskey ) { if (opt.verbose) log_info(_("`%s' already compressed\n"), filename); - do_compress = 0; + do_compress = 0; } if( rc || (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) { @@ -563,7 +563,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey ) cfx.dek->algo = opt.def_cipher_algo; } - + cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo); /* Only do the is-file-already-compressed check if we are using a @@ -575,7 +575,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey ) { if (opt.verbose) log_info(_("`%s' already compressed\n"), filename); - do_compress = 0; + do_compress = 0; } if (rc2) { @@ -846,7 +846,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ) if( opt.verbose ) { char *ustr = get_user_id_string_native (enc->keyid); log_info(_("%s/%s encrypted for: \"%s\"\n"), - gcry_pk_algo_name (enc->pubkey_algo), + openpgp_pk_algo_name (enc->pubkey_algo), openpgp_cipher_algo_name (dek->algo), ustr ); xfree(ustr); @@ -874,9 +874,9 @@ encode_crypt_files(int nfiles, char **files, strlist_t remusr) if (opt.outfile) { log_error(_("--output doesn't work for this command\n")); - return; + return; } - + if (!nfiles) { char line[2048]; diff --git a/g10/gpg.c b/g10/gpg.c index 1238f47c1..339bf2698 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -854,8 +854,8 @@ my_strusage( int level ) case 33: p = _("\nSupported algorithms:\n"); break; case 34: if (!pubkeys) - pubkeys = build_list (_("Pubkey: "), 0, - gcry_pk_algo_name, + pubkeys = build_list (_("Pubkey: "), 'P', + openpgp_pk_algo_name, openpgp_pk_test_algo ); p = pubkeys; break; @@ -906,6 +906,9 @@ build_list (const char *text, char letter, for (i=0; i <= 110; i++ ) { + if (letter == 'P' && i == 19 ) + continue; /* No need to print a second "ECC" string. */ + if (!chkf (i) && (s = mapf (i))) { if (mb.len - len > 60) @@ -921,7 +924,7 @@ build_list (const char *text, char letter, put_membuf_str (&mb, text); put_membuf_str (&mb, s); - if (opt.verbose && letter) + if (opt.verbose && letter && letter != 'P') { char num[20]; snprintf (num, sizeof num, " (%c%d)", letter, i); diff --git a/g10/keyedit.c b/g10/keyedit.c index 3470257a7..4d5395d29 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2810,7 +2810,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker, if(pk->is_revoked) { char *user=get_user_id_string_native(pk->revoked.keyid); - const char *algo = gcry_pk_algo_name (pk->revoked.algo); + const char *algo = openpgp_pk_algo_name (pk->revoked.algo); tty_printf (_("The following key was revoked on" " %s by %s key %s\n"), revokestr_from_pk(pk),algo?algo:"?",user); @@ -2828,7 +2828,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker, char *user; const char *algo; - algo = gcry_pk_algo_name (pk->revkey[i].algid); + algo = openpgp_pk_algo_name (pk->revkey[i].algid); keyid_from_fingerprint(pk->revkey[i].fpr, MAX_FINGERPRINT_LEN,r_keyid); diff --git a/g10/keygen.c b/g10/keygen.c index 3222c55f0..ad6bd73e6 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1603,7 +1603,7 @@ ask_key_flags(int algo,int subkey) { tty_printf("\n"); tty_printf(_("Possible actions for a %s key: "), - gcry_pk_algo_name (algo)); + openpgp_pk_algo_name (algo)); print_key_flags(possible); tty_printf("\n"); tty_printf(_("Current allowed actions: ")); @@ -1807,7 +1807,7 @@ ask_keysize (int algo, unsigned int primary_keysize) } tty_printf(_("%s keys may be between %u and %u bits long.\n"), - gcry_pk_algo_name (algo), min, max); + openpgp_pk_algo_name (algo), min, max); for(;;) { @@ -1826,7 +1826,7 @@ ask_keysize (int algo, unsigned int primary_keysize) if(nbitsmax) tty_printf(_("%s keysizes must be in the range %u-%u\n"), - gcry_pk_algo_name (algo), min, max); + openpgp_pk_algo_name (algo), min, max); else break; } diff --git a/g10/keyserver.c b/g10/keyserver.c index 291a79c5d..7164f67c0 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -485,7 +485,7 @@ print_keyrec(int number,struct keyrec *keyrec) { const char *str; - str = gcry_pk_algo_name (map_pk_openpgp_to_gcry (keyrec->type)); + str = openpgp_pk_algo_name (keyrec->type); if(str && strcmp (str, "?")) printf("%s ",str); else diff --git a/g10/main.h b/g10/main.h index 35c937375..4ec0f293e 100644 --- a/g10/main.h +++ b/g10/main.h @@ -93,6 +93,7 @@ int map_pk_openpgp_to_gcry (int algo); int openpgp_pk_test_algo( int algo ); int openpgp_pk_test_algo2 ( int algo, unsigned int use ); int openpgp_pk_algo_usage ( int algo ); +const char *openpgp_pk_algo_name (int algo); int openpgp_md_test_algo( int algo ); #ifdef USE_IDEA diff --git a/g10/mainproc.c b/g10/mainproc.c index a1bd95928..0387f8aca 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -455,7 +455,7 @@ print_pkenc_list( struct kidlist_item *list, int failed ) if ( !failed && list->reason ) continue; - algstr = gcry_pk_algo_name ( list->pubkey_algo ); + algstr = openpgp_pk_algo_name ( list->pubkey_algo ); pk = xmalloc_clear( sizeof *pk ); if( !algstr ) @@ -1644,7 +1644,7 @@ check_sig_and_print( CTX c, KBNODE node ) /* (Indendation below not yet changed to GNU style.) */ - astr = gcry_pk_algo_name ( sig->pubkey_algo ); + astr = openpgp_pk_algo_name ( sig->pubkey_algo ); if(keystrlen()>8) { log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp)); diff --git a/g10/misc.c b/g10/misc.c index 9d3ee1edb..9b7c8ab4e 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -297,7 +297,7 @@ print_pubkey_algo_note( int algo ) { warn=1; log_info (_("WARNING: using experimental public key algorithm %s\n"), - gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo))); + openpgp_pk_algo_name (algo)); } } else if (algo == 20) @@ -423,8 +423,9 @@ map_pk_openpgp_to_gcry (int algo) { switch (algo) { - case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/; - case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/; + case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/; + case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/; + case PUBKEY_ALGO_ELGAMAL_E: return GCRY_PK_ELG; default: return algo; } } @@ -433,11 +434,15 @@ map_pk_openpgp_to_gcry (int algo) int openpgp_pk_test_algo( int algo ) { + /* ECC is not yet supported even if supported by Libgcrypt. */ + if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA) + return gpg_error (GPG_ERR_PUBKEY_ALGO); + /* Dont't allow type 20 keys unless in rfc2440 mode. */ if (!RFC2440 && algo == 20) return gpg_error (GPG_ERR_PUBKEY_ALGO); - if (algo == GCRY_PK_ELG_E) + if (algo == PUBKEY_ALGO_ELGAMAL_E) algo = GCRY_PK_ELG; if (algo < 0 || algo > 110) @@ -450,11 +455,15 @@ openpgp_pk_test_algo2( int algo, unsigned int use ) { size_t use_buf = use; + /* ECC is not yet supported even if supported by Libgcrypt. */ + if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA) + return gpg_error (GPG_ERR_PUBKEY_ALGO); + /* Dont't allow type 20 keys unless in rfc2440 mode. */ if (!RFC2440 && algo == 20) return gpg_error (GPG_ERR_PUBKEY_ALGO); - if (algo == GCRY_PK_ELG_E) + if (algo == PUBKEY_ALGO_ELGAMAL_E) algo = GCRY_PK_ELG; if (algo < 0 || algo > 110) @@ -491,12 +500,29 @@ openpgp_pk_algo_usage ( int algo ) case PUBKEY_ALGO_DSA: use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; break; + case PUBKEY_ALGO_ECDH: + use = PUBKEY_USAGE_ENC; + break; + case PUBKEY_ALGO_ECDSA: + use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; + break; default: break; } return use; } + +/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a + string representation of the algorithm name. For unknown algorithm + IDs this function returns "?". */ +const char * +openpgp_pk_algo_name (int algo) +{ + return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo)); +} + + int openpgp_md_test_algo( int algo ) { diff --git a/g10/passphrase.c b/g10/passphrase.c index 2133de569..97527180a 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -74,7 +74,7 @@ encode_s2k_iterations (int iterations) if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); /* Default to 65536 which we used up to 2.0.13. */ - return 96; + return 96; } else if (mycnt >= 65011712) return 255; /* Largest possible value. */ @@ -87,7 +87,7 @@ encode_s2k_iterations (int iterations) if (iterations >= 65011712) return 255; - + /* Need count to be in the range 16-31 */ for (count=iterations>>6; count>=32; count>>=1) c++; @@ -96,13 +96,13 @@ encode_s2k_iterations (int iterations) if (S2K_DECODE_COUNT(result) < iterations) result++; - + return result; } -/* Hash a passphrase using the supplied s2k. +/* Hash a passphrase using the supplied s2k. Always needs: dek->algo, s2k->mode, s2k->hash_algo. */ static void hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k) @@ -119,20 +119,20 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k) if (gcry_md_open (&md, s2k->hash_algo, 1)) BUG (); - for (pass=0; used < dek->keylen ; pass++ ) + for (pass=0; used < dek->keylen ; pass++ ) { - if ( pass ) + if ( pass ) { gcry_md_reset (md); for (i=0; i < pass; i++ ) /* Preset the hash context. */ gcry_md_putc (md, 0 ); } - if ( s2k->mode == 1 || s2k->mode == 3 ) + if ( s2k->mode == 1 || s2k->mode == 3 ) { int len2 = pwlen + 8; ulong count = len2; - + if ( s2k->mode == 3 ) { count = S2K_DECODE_COUNT(s2k->count); @@ -146,7 +146,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k) /* A little bit complicated because we need a ulong for count. */ while ( count > len2 ) /* maybe iterated+salted */ - { + { gcry_md_write ( md, s2k->salt, 8 ); gcry_md_write ( md, pw, pwlen ); count -= len2; @@ -242,7 +242,7 @@ read_passphrase_from_fd( int fd ) int i, len; char *pw; - if ( !opt.batch ) + if ( !opt.batch ) { /* Not used but we have to do a dummy read, so that it won't end up at the begin of the message if the quite usual trick to prepend the passphtrase to the message is used. */ @@ -251,12 +251,12 @@ read_passphrase_from_fd( int fd ) while (!(read (fd, buf, 1) != 1 || *buf == '\n' )) ; *buf = 0; - return; + return; } - for (pw = NULL, i = len = 100; ; i++ ) + for (pw = NULL, i = len = 100; ; i++ ) { - if (i >= len-1 ) + if (i >= len-1 ) { char *pw2 = pw; len += 100; @@ -322,35 +322,35 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat, if( keyid && get_pubkey( pk, keyid ) ) { if (pk) - free_public_key( pk ); + free_public_key( pk ); pk = NULL; /* oops: no key for some reason */ } - + orig_codeset = i18n_switchto_utf8 (); if (custom_description) atext = native_to_utf8 (custom_description); else if ( !mode && pk && keyid ) - { + { char *uid; size_t uidlen; - const char *algo_name = gcry_pk_algo_name ( pk->pubkey_algo ); + const char *algo_name = openpgp_pk_algo_name (pk->pubkey_algo); const char *timestr; char *maink; - + if ( !algo_name ) algo_name = "?"; #define KEYIDSTRING _(" (main key ID %s)") maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 ); - if( keyid[2] && keyid[3] && keyid[0] != keyid[2] + if( keyid[2] && keyid[3] && keyid[0] != keyid[2] && keyid[1] != keyid[3] ) sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) ); else *maink = 0; - - uid = get_user_id ( keyid, &uidlen ); + + uid = get_user_id ( keyid, &uidlen ); timestr = strtimestamp (pk->timestamp); #undef KEYIDSTRING @@ -361,7 +361,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat, "%u-bit %s key, ID %s,\n" \ "created %s%s.\n" ) - atext = xmalloc ( 100 + strlen (PROMPTSTRING) + atext = xmalloc ( 100 + strlen (PROMPTSTRING) + uidlen + 15 + strlen(algo_name) + keystrlen() + strlen (timestr) + strlen (maink) ); sprintf (atext, PROMPTSTRING, @@ -373,16 +373,16 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat, #undef PROMPTSTRING - { + { size_t dummy; fingerprint_from_pk( pk, fpr, &dummy ); have_fpr = 1; } - + } else atext = xstrdup ( _("Enter passphrase\n") ); - + if (!mode && cacheid) my_cacheid = cacheid; @@ -398,7 +398,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat, rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext, repeat, check, &pw); - + xfree (my_prompt); xfree (atext); atext = NULL; @@ -413,7 +413,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat, if (canceled) *canceled = 1; } - else + else { log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); /* Due to limitations in the API of the upper layers they @@ -422,7 +422,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat, definitely not happen and let it continue without requiring a passphrase. Given that now all the upper layers handle a cancel correctly, we simply set the cancel flag now for all - errors from the agent. */ + errors from the agent. */ if (canceled) *canceled = 1; @@ -450,7 +450,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo ) int rc; (void)algo; - + if (!cacheid) { PKT_public_key *pk; @@ -460,7 +460,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo ) byte fpr[MAX_FINGERPRINT_LEN]; char hexfprbuf[2*20+1]; size_t dummy; - + pk = xcalloc (1, sizeof *pk); if ( !keyid || get_pubkey( pk, keyid ) ) { @@ -488,7 +488,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo ) NULL, sets it to true. MODE 0: Allow cached passphrase - 1: Ignore cached passphrase + 1: Ignore cached passphrase 2: Ditto, but create a new key 3: Allow cached passphrase; use the S2K salt as the cache ID 4: Ditto, but create a new key @@ -496,7 +496,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo ) DEK * passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, int cipher_algo, STRING2KEY *s2k, int mode, - const char *tryagain_text, + const char *tryagain_text, const char *custdesc, const char *custprompt, int *canceled) { @@ -509,11 +509,11 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, if (!canceled) canceled = &dummy_canceled; *canceled = 0; - + if ( !s2k ) { assert (mode != 3 && mode != 4); - /* This is used for the old rfc1991 mode + /* This is used for the old rfc1991 mode * Note: This must match the code in encode.c with opt.rfc1991 set */ s2k = &help_s2k; s2k->mode = 0; @@ -539,16 +539,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, /* If we do not have a passphrase available in NEXT_PW and status information are request, we print them now. */ - if ( !next_pw && is_status_enabled() ) + if ( !next_pw && is_status_enabled() ) { char buf[50]; - + if ( keyid ) { u32 used_kid[2]; char *us; - - if ( keyid[2] && keyid[3] ) + + if ( keyid[2] && keyid[3] ) { used_kid[0] = keyid[2]; used_kid[1] = keyid[3]; @@ -558,16 +558,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, used_kid[0] = keyid[0]; used_kid[1] = keyid[1]; } - + us = get_long_user_id_string ( keyid ); write_status_text ( STATUS_USERID_HINT, us ); xfree(us); - + snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0", (ulong)keyid[0], (ulong)keyid[1], (ulong)used_kid[0], (ulong)used_kid[1], pubkey_algo ); - + write_status_text ( STATUS_NEED_PASSPHRASE, buf ); } else @@ -586,7 +586,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, { PKT_public_key *pk = xmalloc_clear( sizeof *pk ); char *p; - + p = get_user_id_native(keyid); tty_printf ("\n"); tty_printf (_("You need a passphrase to unlock the secret key for\n" @@ -595,8 +595,8 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, if ( !get_pubkey( pk, keyid ) ) { - const char *s = gcry_pk_algo_name ( pk->pubkey_algo ); - + const char *s = openpgp_pk_algo_name (pk->pubkey_algo); + tty_printf (_("%u-bit %s key, ID %s, created %s"), nbits_from_pk( pk ), s?s:"?", keystr(keyid), strtimestamp(pk->timestamp) ); @@ -620,19 +620,19 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, free_public_key( pk ); } - if ( next_pw ) + if ( next_pw ) { /* Simply return the passphrase we already have in NEXT_PW. */ pw = next_pw; next_pw = NULL; } - else if ( have_static_passphrase () ) + else if ( have_static_passphrase () ) { /* Return the passphrase we have stored in FD_PASSWD. */ pw = xmalloc_secure ( strlen(fd_passwd)+1 ); strcpy ( pw, fd_passwd ); } - else + else { if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3)) { @@ -653,7 +653,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, return NULL; } } - + if ( !pw || !*pw ) write_status( STATUS_MISSING_PASSPHRASE ); diff --git a/g10/sign.c b/g10/sign.c index 7d5236ac1..0de3321be 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -318,7 +318,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, if( opt.verbose ) { char *ustr = get_user_id_string_native (sig->keyid); log_info(_("%s/%s signature from: \"%s\"\n"), - gcry_pk_algo_name (sk->pubkey_algo), + openpgp_pk_algo_name (sk->pubkey_algo), gcry_md_algo_name (sig->digest_algo), ustr ); xfree(ustr); diff --git a/include/cipher.h b/include/cipher.h index a3774c10a..1b7e69b64 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -51,14 +51,14 @@ #define CIPHER_ALGO_CAMELLIA256 13 #define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */ -#define PUBKEY_ALGO_RSA /* 1 */ GCRY_PK_RSA -#define PUBKEY_ALGO_RSA_E /* 2 */ GCRY_PK_RSA_E /* RSA encrypt only. */ -#define PUBKEY_ALGO_RSA_S /* 3 */ GCRY_PK_RSA_S /* RSA sign only. */ -#define PUBKEY_ALGO_ELGAMAL_E /* 16 */ GCRY_PK_ELG_E /* Elgamal encr only */ -#define PUBKEY_ALGO_DSA /* 17 */ GCRY_PK_DSA +#define PUBKEY_ALGO_RSA 1 +#define PUBKEY_ALGO_RSA_E 2 /* RSA encrypt only. */ +#define PUBKEY_ALGO_RSA_S 3 /* RSA sign only. */ +#define PUBKEY_ALGO_ELGAMAL_E 16 /* Elgamal encr only */ +#define PUBKEY_ALGO_DSA 17 #define PUBKEY_ALGO_ECDH 18 #define PUBKEY_ALGO_ECDSA 19 -#define PUBKEY_ALGO_ELGAMAL /* 20 */ GCRY_PK_ELG /* Elgamal encr+sign */ +#define PUBKEY_ALGO_ELGAMAL 20 /* Elgamal encr+sign */ #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */ #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */