security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-18 00:49:50 +02:00
Code Activity

gpg: Fix --version output and explicitly disable ECC.

Browse Source 
* g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E.  Return an error for ECC algos.
(openpgp_pk_test_algo2):  Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--

Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks.  This patches fixes that and
also make sure that gpg does advertise any ECC features.  The patch in
build_list is not really needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2013-10-08 15:29:36 +02:00
parent 3544beff86
commit 6286d01ba3
11 changed files with 111 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
g10/encode.c
View File

@ -83,7 +83,7 @@ encode_seskey( DEK *dek, DEK **seskey, byte *enckey )
/* The encrypted session key is prefixed with a one-octet algorithm id. */ /* The encrypted session key is prefixed with a one-octet algorithm id. */
buf[0] = (*seskey)->algo; buf[0] = (*seskey)->algo;
memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen ); memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
/* We only pass already checked values to the following fucntion, /* We only pass already checked values to the following fucntion,
thus we consider any failure as fatal. */ thus we consider any failure as fatal. */
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
@ -117,7 +117,7 @@ use_mdc(PK_LIST pk_list,int algo)
if(select_mdc_from_pklist(pk_list)) if(select_mdc_from_pklist(pk_list))
return 1; return 1;
/* The keys don't support MDC, so now we do a bit of a hack - if any /* The keys don't support MDC, so now we do a bit of a hack - if any
of the AESes or TWOFISH are in the prefs, we assume that the user of the AESes or TWOFISH are in the prefs, we assume that the user
can handle a MDC. This is valid for PGP 7, which can handle MDCs can handle a MDC. This is valid for PGP 7, which can handle MDCs
@ -178,7 +178,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
memset( &zfx, 0, sizeof zfx); memset( &zfx, 0, sizeof zfx);
memset( &tfx, 0, sizeof tfx); memset( &tfx, 0, sizeof tfx);
init_packet(&pkt); init_packet(&pkt);
/* prepare iobufs */ /* prepare iobufs */
inp = iobuf_open(filename); inp = iobuf_open(filename);
if (inp) if (inp)
@ -207,7 +207,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
it has no S2K salt. RFC1991 always uses simple S2K. */ it has no S2K salt. RFC1991 always uses simple S2K. */
if ( RFC1991 && use_seskey ) if ( RFC1991 && use_seskey )
use_seskey = 0; use_seskey = 0;
cfx.dek = NULL; cfx.dek = NULL;
if( mode ) { if( mode ) {
int canceled; int canceled;
@ -254,7 +254,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
{ {
if (opt.verbose) if (opt.verbose)
log_info(_("`%s' already compressed\n"), filename); log_info(_("`%s' already compressed\n"), filename);
do_compress = 0; do_compress = 0;
} }
if( rc || (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) { if( rc || (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) {
@ -563,7 +563,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
cfx.dek->algo = opt.def_cipher_algo; cfx.dek->algo = opt.def_cipher_algo;
} }
cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo); cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
/* Only do the is-file-already-compressed check if we are using a /* Only do the is-file-already-compressed check if we are using a
@ -575,7 +575,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
{ {
if (opt.verbose) if (opt.verbose)
log_info(_("`%s' already compressed\n"), filename); log_info(_("`%s' already compressed\n"), filename);
do_compress = 0; do_compress = 0;
} }
if (rc2) if (rc2)
{ {
@ -846,7 +846,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
if( opt.verbose ) { if( opt.verbose ) {
char *ustr = get_user_id_string_native (enc->keyid); char *ustr = get_user_id_string_native (enc->keyid);
log_info(_("%s/%s encrypted for: \"%s\"\n"), log_info(_("%s/%s encrypted for: \"%s\"\n"),
gcry_pk_algo_name (enc->pubkey_algo), openpgp_pk_algo_name (enc->pubkey_algo),
openpgp_cipher_algo_name (dek->algo), openpgp_cipher_algo_name (dek->algo),
ustr ); ustr );
xfree(ustr); xfree(ustr);
@ -874,9 +874,9 @@ encode_crypt_files(int nfiles, char **files, strlist_t remusr)
if (opt.outfile) if (opt.outfile)
{ {
log_error(_("--output doesn't work for this command\n")); log_error(_("--output doesn't work for this command\n"));
return; return;
} }
if (!nfiles) if (!nfiles)
{ {
char line[2048]; char line[2048];

9
g10/gpg.c
View File

@ -854,8 +854,8 @@ my_strusage( int level )
case 33: p = _("\nSupported algorithms:\n"); break; case 33: p = _("\nSupported algorithms:\n"); break;
case 34: case 34:
if (!pubkeys) if (!pubkeys)
pubkeys = build_list (_("Pubkey: "), 0, pubkeys = build_list (_("Pubkey: "), 'P',
gcry_pk_algo_name, openpgp_pk_algo_name,
openpgp_pk_test_algo ); openpgp_pk_test_algo );
p = pubkeys; p = pubkeys;
break; break;
@ -906,6 +906,9 @@ build_list (const char *text, char letter,
for (i=0; i <= 110; i++ ) for (i=0; i <= 110; i++ )
{ {
if (letter == 'P' && i == 19 )
continue; /* No need to print a second "ECC" string. */
if (!chkf (i) && (s = mapf (i))) if (!chkf (i) && (s = mapf (i)))
{ {
if (mb.len - len > 60) if (mb.len - len > 60)
@ -921,7 +924,7 @@ build_list (const char *text, char letter,
put_membuf_str (&mb, text); put_membuf_str (&mb, text);
put_membuf_str (&mb, s); put_membuf_str (&mb, s);
if (opt.verbose && letter) if (opt.verbose && letter && letter != 'P')
{ {
char num[20]; char num[20];
snprintf (num, sizeof num, " (%c%d)", letter, i); snprintf (num, sizeof num, " (%c%d)", letter, i);

4
g10/keyedit.c
View File

@ -2810,7 +2810,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
if(pk->is_revoked) if(pk->is_revoked)
{ {
char *user=get_user_id_string_native(pk->revoked.keyid); char *user=get_user_id_string_native(pk->revoked.keyid);
const char *algo = gcry_pk_algo_name (pk->revoked.algo); const char *algo = openpgp_pk_algo_name (pk->revoked.algo);
tty_printf (_("The following key was revoked on" tty_printf (_("The following key was revoked on"
" %s by %s key %s\n"), " %s by %s key %s\n"),
revokestr_from_pk(pk),algo?algo:"?",user); revokestr_from_pk(pk),algo?algo:"?",user);
@ -2828,7 +2828,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
char *user; char *user;
const char *algo; const char *algo;
algo = gcry_pk_algo_name (pk->revkey[i].algid); algo = openpgp_pk_algo_name (pk->revkey[i].algid);
keyid_from_fingerprint(pk->revkey[i].fpr, keyid_from_fingerprint(pk->revkey[i].fpr,
MAX_FINGERPRINT_LEN,r_keyid); MAX_FINGERPRINT_LEN,r_keyid);

6
g10/keygen.c
View File

@ -1603,7 +1603,7 @@ ask_key_flags(int algo,int subkey)
{ {
tty_printf("\n"); tty_printf("\n");
tty_printf(_("Possible actions for a %s key: "), tty_printf(_("Possible actions for a %s key: "),
gcry_pk_algo_name (algo)); openpgp_pk_algo_name (algo));
print_key_flags(possible); print_key_flags(possible);
tty_printf("\n"); tty_printf("\n");
tty_printf(_("Current allowed actions: ")); tty_printf(_("Current allowed actions: "));
@ -1807,7 +1807,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
} }
tty_printf(_("%s keys may be between %u and %u bits long.\n"), tty_printf(_("%s keys may be between %u and %u bits long.\n"),
gcry_pk_algo_name (algo), min, max); openpgp_pk_algo_name (algo), min, max);
for(;;) for(;;)
{ {
@ -1826,7 +1826,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
if(nbits<min || nbits>max) if(nbits<min || nbits>max)
tty_printf(_("%s keysizes must be in the range %u-%u\n"), tty_printf(_("%s keysizes must be in the range %u-%u\n"),
gcry_pk_algo_name (algo), min, max); openpgp_pk_algo_name (algo), min, max);
else else
break; break;
} }

2
g10/keyserver.c
View File

@ -485,7 +485,7 @@ print_keyrec(int number,struct keyrec *keyrec)
{ {
const char *str; const char *str;
str = gcry_pk_algo_name (map_pk_openpgp_to_gcry (keyrec->type)); str = openpgp_pk_algo_name (keyrec->type);
if(str && strcmp (str, "?")) if(str && strcmp (str, "?"))
printf("%s ",str); printf("%s ",str);
else else

1
g10/main.h
View File

@ -93,6 +93,7 @@ int map_pk_openpgp_to_gcry (int algo);
int openpgp_pk_test_algo( int algo ); int openpgp_pk_test_algo( int algo );
int openpgp_pk_test_algo2 ( int algo, unsigned int use ); int openpgp_pk_test_algo2 ( int algo, unsigned int use );
int openpgp_pk_algo_usage ( int algo ); int openpgp_pk_algo_usage ( int algo );
const char *openpgp_pk_algo_name (int algo);
int openpgp_md_test_algo( int algo ); int openpgp_md_test_algo( int algo );
#ifdef USE_IDEA #ifdef USE_IDEA

4
g10/mainproc.c
View File

@ -455,7 +455,7 @@ print_pkenc_list( struct kidlist_item *list, int failed )
if ( !failed && list->reason ) if ( !failed && list->reason )
continue; continue;
algstr = gcry_pk_algo_name ( list->pubkey_algo ); algstr = openpgp_pk_algo_name ( list->pubkey_algo );
pk = xmalloc_clear( sizeof *pk ); pk = xmalloc_clear( sizeof *pk );
if( !algstr ) if( !algstr )
@ -1644,7 +1644,7 @@ check_sig_and_print( CTX c, KBNODE node )
/* (Indendation below not yet changed to GNU style.) */ /* (Indendation below not yet changed to GNU style.) */
astr = gcry_pk_algo_name ( sig->pubkey_algo ); astr = openpgp_pk_algo_name ( sig->pubkey_algo );
if(keystrlen()>8) if(keystrlen()>8)
{ {
log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp)); log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));

36
g10/misc.c
View File

@ -297,7 +297,7 @@ print_pubkey_algo_note( int algo )
{ {
warn=1; warn=1;
log_info (_("WARNING: using experimental public key algorithm %s\n"), log_info (_("WARNING: using experimental public key algorithm %s\n"),
gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo))); openpgp_pk_algo_name (algo));
} }
} }
else if (algo == 20) else if (algo == 20)
@ -423,8 +423,9 @@ map_pk_openpgp_to_gcry (int algo)
{ {
switch (algo) switch (algo)
{ {
case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/; case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/; case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/;
case PUBKEY_ALGO_ELGAMAL_E: return GCRY_PK_ELG;
default: return algo; default: return algo;
} }
} }
@ -433,11 +434,15 @@ map_pk_openpgp_to_gcry (int algo)
int int
openpgp_pk_test_algo( int algo ) openpgp_pk_test_algo( int algo )
{ {
/* ECC is not yet supported even if supported by Libgcrypt. */
if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
return gpg_error (GPG_ERR_PUBKEY_ALGO);
/* Dont't allow type 20 keys unless in rfc2440 mode. */ /* Dont't allow type 20 keys unless in rfc2440 mode. */
if (!RFC2440 && algo == 20) if (!RFC2440 && algo == 20)
return gpg_error (GPG_ERR_PUBKEY_ALGO); return gpg_error (GPG_ERR_PUBKEY_ALGO);
if (algo == GCRY_PK_ELG_E) if (algo == PUBKEY_ALGO_ELGAMAL_E)
algo = GCRY_PK_ELG; algo = GCRY_PK_ELG;
if (algo < 0 || algo > 110) if (algo < 0 || algo > 110)
@ -450,11 +455,15 @@ openpgp_pk_test_algo2( int algo, unsigned int use )
{ {
size_t use_buf = use; size_t use_buf = use;
/* ECC is not yet supported even if supported by Libgcrypt. */
if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
return gpg_error (GPG_ERR_PUBKEY_ALGO);
/* Dont't allow type 20 keys unless in rfc2440 mode. */ /* Dont't allow type 20 keys unless in rfc2440 mode. */
if (!RFC2440 && algo == 20) if (!RFC2440 && algo == 20)
return gpg_error (GPG_ERR_PUBKEY_ALGO); return gpg_error (GPG_ERR_PUBKEY_ALGO);
if (algo == GCRY_PK_ELG_E) if (algo == PUBKEY_ALGO_ELGAMAL_E)
algo = GCRY_PK_ELG; algo = GCRY_PK_ELG;
if (algo < 0 || algo > 110) if (algo < 0 || algo > 110)
@ -491,12 +500,29 @@ openpgp_pk_algo_usage ( int algo )
case PUBKEY_ALGO_DSA: case PUBKEY_ALGO_DSA:
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break; break;
case PUBKEY_ALGO_ECDH:
use = PUBKEY_USAGE_ENC;
break;
case PUBKEY_ALGO_ECDSA:
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break;
default: default:
break; break;
} }
return use; return use;
} }
/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
string representation of the algorithm name. For unknown algorithm
IDs this function returns "?". */
const char *
openpgp_pk_algo_name (int algo)
{
return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
}
int int
openpgp_md_test_algo( int algo ) openpgp_md_test_algo( int algo )
{ {

96
g10/passphrase.c
View File

@ -74,7 +74,7 @@ encode_s2k_iterations (int iterations)
if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
/* Default to 65536 which we used up to 2.0.13. */ /* Default to 65536 which we used up to 2.0.13. */
return 96; return 96;
} }
else if (mycnt >= 65011712) else if (mycnt >= 65011712)
return 255; /* Largest possible value. */ return 255; /* Largest possible value. */
@ -87,7 +87,7 @@ encode_s2k_iterations (int iterations)
if (iterations >= 65011712) if (iterations >= 65011712)
return 255; return 255;
/* Need count to be in the range 16-31 */ /* Need count to be in the range 16-31 */
for (count=iterations>>6; count>=32; count>>=1) for (count=iterations>>6; count>=32; count>>=1)
c++; c++;
@ -96,13 +96,13 @@ encode_s2k_iterations (int iterations)
if (S2K_DECODE_COUNT(result) < iterations) if (S2K_DECODE_COUNT(result) < iterations)
result++; result++;
return result; return result;
} }
/* Hash a passphrase using the supplied s2k. /* Hash a passphrase using the supplied s2k.
Always needs: dek->algo, s2k->mode, s2k->hash_algo. */ Always needs: dek->algo, s2k->mode, s2k->hash_algo. */
static void static void
hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k) hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
@ -119,20 +119,20 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
if (gcry_md_open (&md, s2k->hash_algo, 1)) if (gcry_md_open (&md, s2k->hash_algo, 1))
BUG (); BUG ();
for (pass=0; used < dek->keylen ; pass++ ) for (pass=0; used < dek->keylen ; pass++ )
{ {
if ( pass ) if ( pass )
{ {
gcry_md_reset (md); gcry_md_reset (md);
for (i=0; i < pass; i++ ) /* Preset the hash context. */ for (i=0; i < pass; i++ ) /* Preset the hash context. */
gcry_md_putc (md, 0 ); gcry_md_putc (md, 0 );
} }
if ( s2k->mode == 1 || s2k->mode == 3 ) if ( s2k->mode == 1 || s2k->mode == 3 )
{ {
int len2 = pwlen + 8; int len2 = pwlen + 8;
ulong count = len2; ulong count = len2;
if ( s2k->mode == 3 ) if ( s2k->mode == 3 )
{ {
count = S2K_DECODE_COUNT(s2k->count); count = S2K_DECODE_COUNT(s2k->count);
@ -146,7 +146,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
/* A little bit complicated because we need a ulong for count. */ /* A little bit complicated because we need a ulong for count. */
while ( count > len2 ) /* maybe iterated+salted */ while ( count > len2 ) /* maybe iterated+salted */
{ {
gcry_md_write ( md, s2k->salt, 8 ); gcry_md_write ( md, s2k->salt, 8 );
gcry_md_write ( md, pw, pwlen ); gcry_md_write ( md, pw, pwlen );
count -= len2; count -= len2;
@ -242,7 +242,7 @@ read_passphrase_from_fd( int fd )
int i, len; int i, len;
char *pw; char *pw;
if ( !opt.batch ) if ( !opt.batch )
{ /* Not used but we have to do a dummy read, so that it won't end { /* Not used but we have to do a dummy read, so that it won't end
up at the begin of the message if the quite usual trick to up at the begin of the message if the quite usual trick to
prepend the passphtrase to the message is used. */ prepend the passphtrase to the message is used. */
@ -251,12 +251,12 @@ read_passphrase_from_fd( int fd )
while (!(read (fd, buf, 1) != 1 || *buf == '\n' )) while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
; ;
*buf = 0; *buf = 0;
return; return;
} }
for (pw = NULL, i = len = 100; ; i++ ) for (pw = NULL, i = len = 100; ; i++ )
{ {
if (i >= len-1 ) if (i >= len-1 )
{ {
char *pw2 = pw; char *pw2 = pw;
len += 100; len += 100;
@ -322,35 +322,35 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
if( keyid && get_pubkey( pk, keyid ) ) if( keyid && get_pubkey( pk, keyid ) )
{ {
if (pk) if (pk)
free_public_key( pk ); free_public_key( pk );
pk = NULL; /* oops: no key for some reason */ pk = NULL; /* oops: no key for some reason */
} }
orig_codeset = i18n_switchto_utf8 (); orig_codeset = i18n_switchto_utf8 ();
if (custom_description) if (custom_description)
atext = native_to_utf8 (custom_description); atext = native_to_utf8 (custom_description);
else if ( !mode && pk && keyid ) else if ( !mode && pk && keyid )
{ {
char *uid; char *uid;
size_t uidlen; size_t uidlen;
const char *algo_name = gcry_pk_algo_name ( pk->pubkey_algo ); const char *algo_name = openpgp_pk_algo_name (pk->pubkey_algo);
const char *timestr; const char *timestr;
char *maink; char *maink;
if ( !algo_name ) if ( !algo_name )
algo_name = "?"; algo_name = "?";
#define KEYIDSTRING _(" (main key ID %s)") #define KEYIDSTRING _(" (main key ID %s)")
maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 ); maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 );
if( keyid[2] && keyid[3] && keyid[0] != keyid[2] if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
&& keyid[1] != keyid[3] ) && keyid[1] != keyid[3] )
sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) ); sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) );
else else
*maink = 0; *maink = 0;
uid = get_user_id ( keyid, &uidlen ); uid = get_user_id ( keyid, &uidlen );
timestr = strtimestamp (pk->timestamp); timestr = strtimestamp (pk->timestamp);
#undef KEYIDSTRING #undef KEYIDSTRING
@ -361,7 +361,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
"%u-bit %s key, ID %s,\n" \ "%u-bit %s key, ID %s,\n" \
"created %s%s.\n" ) "created %s%s.\n" )
atext = xmalloc ( 100 + strlen (PROMPTSTRING) atext = xmalloc ( 100 + strlen (PROMPTSTRING)
+ uidlen + 15 + strlen(algo_name) + keystrlen() + uidlen + 15 + strlen(algo_name) + keystrlen()
+ strlen (timestr) + strlen (maink) ); + strlen (timestr) + strlen (maink) );
sprintf (atext, PROMPTSTRING, sprintf (atext, PROMPTSTRING,
@ -373,16 +373,16 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
#undef PROMPTSTRING #undef PROMPTSTRING
{ {
size_t dummy; size_t dummy;
fingerprint_from_pk( pk, fpr, &dummy ); fingerprint_from_pk( pk, fpr, &dummy );
have_fpr = 1; have_fpr = 1;
} }
} }
else else
atext = xstrdup ( _("Enter passphrase\n") ); atext = xstrdup ( _("Enter passphrase\n") );
if (!mode && cacheid) if (!mode && cacheid)
my_cacheid = cacheid; my_cacheid = cacheid;
@ -398,7 +398,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext, rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext,
repeat, check, &pw); repeat, check, &pw);
xfree (my_prompt); xfree (my_prompt);
xfree (atext); atext = NULL; xfree (atext); atext = NULL;
@ -413,7 +413,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
if (canceled) if (canceled)
*canceled = 1; *canceled = 1;
} }
else else
{ {
log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
/* Due to limitations in the API of the upper layers they /* Due to limitations in the API of the upper layers they
@ -422,7 +422,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
definitely not happen and let it continue without requiring a definitely not happen and let it continue without requiring a
passphrase. Given that now all the upper layers handle a passphrase. Given that now all the upper layers handle a
cancel correctly, we simply set the cancel flag now for all cancel correctly, we simply set the cancel flag now for all
errors from the agent. */ errors from the agent. */
if (canceled) if (canceled)
*canceled = 1; *canceled = 1;
@ -450,7 +450,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
int rc; int rc;
(void)algo; (void)algo;
if (!cacheid) if (!cacheid)
{ {
PKT_public_key *pk; PKT_public_key *pk;
@ -460,7 +460,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
byte fpr[MAX_FINGERPRINT_LEN]; byte fpr[MAX_FINGERPRINT_LEN];
char hexfprbuf[2*20+1]; char hexfprbuf[2*20+1];
size_t dummy; size_t dummy;
pk = xcalloc (1, sizeof *pk); pk = xcalloc (1, sizeof *pk);
if ( !keyid || get_pubkey( pk, keyid ) ) if ( !keyid || get_pubkey( pk, keyid ) )
{ {
@ -488,7 +488,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
NULL, sets it to true. NULL, sets it to true.
MODE 0: Allow cached passphrase MODE 0: Allow cached passphrase
1: Ignore cached passphrase 1: Ignore cached passphrase
2: Ditto, but create a new key 2: Ditto, but create a new key
3: Allow cached passphrase; use the S2K salt as the cache ID 3: Allow cached passphrase; use the S2K salt as the cache ID
4: Ditto, but create a new key 4: Ditto, but create a new key
@ -496,7 +496,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
DEK * DEK *
passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode, int cipher_algo, STRING2KEY *s2k, int mode,
const char *tryagain_text, const char *tryagain_text,
const char *custdesc, const char *custprompt, const char *custdesc, const char *custprompt,
int *canceled) int *canceled)
{ {
@ -509,11 +509,11 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
if (!canceled) if (!canceled)
canceled = &dummy_canceled; canceled = &dummy_canceled;
*canceled = 0; *canceled = 0;
if ( !s2k ) if ( !s2k )
{ {
assert (mode != 3 && mode != 4); assert (mode != 3 && mode != 4);
/* This is used for the old rfc1991 mode /* This is used for the old rfc1991 mode
* Note: This must match the code in encode.c with opt.rfc1991 set */ * Note: This must match the code in encode.c with opt.rfc1991 set */
s2k = &help_s2k; s2k = &help_s2k;
s2k->mode = 0; s2k->mode = 0;
@ -539,16 +539,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
/* If we do not have a passphrase available in NEXT_PW and status /* If we do not have a passphrase available in NEXT_PW and status
information are request, we print them now. */ information are request, we print them now. */
if ( !next_pw && is_status_enabled() ) if ( !next_pw && is_status_enabled() )
{ {
char buf[50]; char buf[50];
if ( keyid ) if ( keyid )
{ {
u32 used_kid[2]; u32 used_kid[2];
char *us; char *us;
if ( keyid[2] && keyid[3] ) if ( keyid[2] && keyid[3] )
{ {
used_kid[0] = keyid[2]; used_kid[0] = keyid[2];
used_kid[1] = keyid[3]; used_kid[1] = keyid[3];
@ -558,16 +558,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
used_kid[0] = keyid[0]; used_kid[0] = keyid[0];
used_kid[1] = keyid[1]; used_kid[1] = keyid[1];
} }
us = get_long_user_id_string ( keyid ); us = get_long_user_id_string ( keyid );
write_status_text ( STATUS_USERID_HINT, us ); write_status_text ( STATUS_USERID_HINT, us );
xfree(us); xfree(us);
snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0", snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
(ulong)keyid[0], (ulong)keyid[1], (ulong)keyid[0], (ulong)keyid[1],
(ulong)used_kid[0], (ulong)used_kid[1], (ulong)used_kid[0], (ulong)used_kid[1],
pubkey_algo ); pubkey_algo );
write_status_text ( STATUS_NEED_PASSPHRASE, buf ); write_status_text ( STATUS_NEED_PASSPHRASE, buf );
} }
else else
@ -586,7 +586,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
{ {
PKT_public_key *pk = xmalloc_clear( sizeof *pk ); PKT_public_key *pk = xmalloc_clear( sizeof *pk );
char *p; char *p;
p = get_user_id_native(keyid); p = get_user_id_native(keyid);
tty_printf ("\n"); tty_printf ("\n");
tty_printf (_("You need a passphrase to unlock the secret key for\n" tty_printf (_("You need a passphrase to unlock the secret key for\n"
@ -595,8 +595,8 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
if ( !get_pubkey( pk, keyid ) ) if ( !get_pubkey( pk, keyid ) )
{ {
const char *s = gcry_pk_algo_name ( pk->pubkey_algo ); const char *s = openpgp_pk_algo_name (pk->pubkey_algo);
tty_printf (_("%u-bit %s key, ID %s, created %s"), tty_printf (_("%u-bit %s key, ID %s, created %s"),
nbits_from_pk( pk ), s?s:"?", keystr(keyid), nbits_from_pk( pk ), s?s:"?", keystr(keyid),
strtimestamp(pk->timestamp) ); strtimestamp(pk->timestamp) );
@ -620,19 +620,19 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
free_public_key( pk ); free_public_key( pk );
} }
if ( next_pw ) if ( next_pw )
{ {
/* Simply return the passphrase we already have in NEXT_PW. */ /* Simply return the passphrase we already have in NEXT_PW. */
pw = next_pw; pw = next_pw;
next_pw = NULL; next_pw = NULL;
} }
else if ( have_static_passphrase () ) else if ( have_static_passphrase () )
{ {
/* Return the passphrase we have stored in FD_PASSWD. */ /* Return the passphrase we have stored in FD_PASSWD. */
pw = xmalloc_secure ( strlen(fd_passwd)+1 ); pw = xmalloc_secure ( strlen(fd_passwd)+1 );
strcpy ( pw, fd_passwd ); strcpy ( pw, fd_passwd );
} }
else else
{ {
if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3)) if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
{ {
@ -653,7 +653,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
return NULL; return NULL;
} }
} }
if ( !pw || !*pw ) if ( !pw || !*pw )
write_status( STATUS_MISSING_PASSPHRASE ); write_status( STATUS_MISSING_PASSPHRASE );

2
g10/sign.c
View File

@ -318,7 +318,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
if( opt.verbose ) { if( opt.verbose ) {
char *ustr = get_user_id_string_native (sig->keyid); char *ustr = get_user_id_string_native (sig->keyid);
log_info(_("%s/%s signature from: \"%s\"\n"), log_info(_("%s/%s signature from: \"%s\"\n"),
gcry_pk_algo_name (sk->pubkey_algo), openpgp_pk_algo_name (sk->pubkey_algo),
gcry_md_algo_name (sig->digest_algo), gcry_md_algo_name (sig->digest_algo),
ustr ); ustr );
xfree(ustr); xfree(ustr);

12
include/cipher.h
View File

@ -51,14 +51,14 @@
#define CIPHER_ALGO_CAMELLIA256 13 #define CIPHER_ALGO_CAMELLIA256 13
#define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */ #define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */
#define PUBKEY_ALGO_RSA /* 1 */ GCRY_PK_RSA #define PUBKEY_ALGO_RSA 1
#define PUBKEY_ALGO_RSA_E /* 2 */ GCRY_PK_RSA_E /* RSA encrypt only. */ #define PUBKEY_ALGO_RSA_E 2 /* RSA encrypt only. */
#define PUBKEY_ALGO_RSA_S /* 3 */ GCRY_PK_RSA_S /* RSA sign only. */ #define PUBKEY_ALGO_RSA_S 3 /* RSA sign only. */
#define PUBKEY_ALGO_ELGAMAL_E /* 16 */ GCRY_PK_ELG_E /* Elgamal encr only */ #define PUBKEY_ALGO_ELGAMAL_E 16 /* Elgamal encr only */
#define PUBKEY_ALGO_DSA /* 17 */ GCRY_PK_DSA #define PUBKEY_ALGO_DSA 17
#define PUBKEY_ALGO_ECDH 18 #define PUBKEY_ALGO_ECDH 18
#define PUBKEY_ALGO_ECDSA 19 #define PUBKEY_ALGO_ECDSA 19
#define PUBKEY_ALGO_ELGAMAL /* 20 */ GCRY_PK_ELG /* Elgamal encr+sign */ #define PUBKEY_ALGO_ELGAMAL 20 /* Elgamal encr+sign */
#define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */ #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
#define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */ #define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */