From 879014e14bfa1ead553a51f94be0a3b9341e904e Mon Sep 17 00:00:00 2001 From: David Shaw Date: Sat, 3 May 2003 03:17:00 +0000 Subject: [PATCH] * g10.c (main): Show errors for failure in export, send-keys, recv-keys, and refresh-keys. * keyserver.c (keyserver_work): Range check the TCP port for HKP. * options.h, g10.c (main): Give algorithm warnings for algorithms chosen against the --pgpX and --openpgp rules. * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp mode. * sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of 0. --- g10/ChangeLog | 16 ++++++++- g10/g10.c | 88 ++++++++++++++++++++++++++++++++++++++++++----- g10/keydb.h | 5 +-- g10/keyserver.c | 9 +++++ g10/options.h | 9 ++--- g10/pkclist.c | 90 ++++++++++++++++++++++++++++--------------------- g10/sign.c | 3 +- 7 files changed, 165 insertions(+), 55 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index abd64b31f..7615bdce7 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,6 +1,20 @@ 2003-05-02 David Shaw - * sign.c (sign_file): Fix bug that causes spurious compression + * g10.c (main): Show errors for failure in export, send-keys, + recv-keys, and refresh-keys. + + * keyserver.c (keyserver_work): Range check the TCP port for HKP. + + * options.h, g10.c (main): Give algorithm warnings for algorithms + chosen against the --pgpX and --openpgp rules. + + * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in + --openpgp mode. + + * sign.c (sign_file), pkclist.c (algo_available): Allow passing a + hint of 0. + + * sign.c (sign_file): Fix bug that causes a spurious compression preference warning. * sign.c (clearsign_file): Fix bug that prevents proper warning diff --git a/g10/g10.c b/g10/g10.c index b8f30b115..bafa03539 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -1458,7 +1458,7 @@ main( int argc, char **argv ) opt.def_cipher_algo = 0; opt.def_digest_algo = 0; opt.cert_digest_algo = 0; - opt.def_compress_algo = 1; + opt.def_compress_algo = -1; opt.s2k_mode = 3; /* iterated+salted */ opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; @@ -1844,7 +1844,6 @@ main( int argc, char **argv ) opt.escape_from=1; opt.force_v3_sigs=1; opt.ask_sig_expire=0; - opt.def_compress_algo=1; opt.force_mdc=0; opt.disable_mdc=1; } @@ -1854,12 +1853,10 @@ main( int argc, char **argv ) opt.escape_from=1; opt.force_v3_sigs=1; opt.ask_sig_expire=0; - opt.def_compress_algo=1; } else if(PGP8) { opt.escape_from=1; - opt.def_compress_algo=1; } /* must do this after dropping setuid, because string_to... @@ -1942,6 +1939,66 @@ main( int argc, char **argv ) if( log_get_errorcount(0) ) g10_exit(2); + /* Check our chosen algorithms against the list of legal + algorithms. */ + + if(!GNUPG) + { + const char *badalg=NULL; + preftype_t badtype=PREFTYPE_NONE; + + if(opt.def_cipher_algo + && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL)) + { + badalg=cipher_algo_to_string(opt.def_cipher_algo); + badtype=PREFTYPE_SYM; + } + else if(opt.def_digest_algo + && !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL)) + { + badalg=digest_algo_to_string(opt.def_digest_algo); + badtype=PREFTYPE_HASH; + } + else if(opt.cert_digest_algo + && !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL)) + { + badalg=digest_algo_to_string(opt.cert_digest_algo); + badtype=PREFTYPE_HASH; + } + else if(opt.def_compress_algo!=-1 + && !algo_available(PREFTYPE_ZIP,opt.def_compress_algo,NULL)) + { + badalg=compress_algo_to_string(opt.def_compress_algo); + badtype=PREFTYPE_ZIP; + } + + if(badalg) + { + switch(badtype) + { + case PREFTYPE_SYM: + log_info(_("you may not use cipher algorithm \"%s\" " + "while in %s mode\n"), + badalg,compliance_option_string()); + break; + case PREFTYPE_HASH: + log_info(_("you may not use digest algorithm \"%s\" " + "while in %s mode\n"), + badalg,compliance_option_string()); + break; + case PREFTYPE_ZIP: + log_info(_("you may not use compression algorithm \"%s\" " + "while in %s mode\n"), + badalg,compliance_option_string()); + break; + default: + BUG(); + } + + compliance_failure(); + } + } + /* set the random seed file */ if( use_random_seed ) { char *p = make_filename(opt.homedir, "random_seed", NULL ); @@ -2273,11 +2330,20 @@ main( int argc, char **argv ) for( ; argc; argc--, argv++ ) add_to_strlist2( &sl, *argv, utf8_strings ); if( cmd == aSendKeys ) - keyserver_export( sl ); + rc=keyserver_export( sl ); else if( cmd == aRecvKeys ) - keyserver_import( sl ); + rc=keyserver_import( sl ); else - export_pubkeys( sl, opt.export_options ); + rc=export_pubkeys( sl, opt.export_options ); + if(rc) + { + if(cmd==aSendKeys) + log_error(_("keyserver send failed: %s\n"),g10_errstr(rc)); + else if(cmd==aRecvKeys) + log_error(_("keyserver receive failed: %s\n"),g10_errstr(rc)); + else + log_error(_("key export failed: %s\n"),g10_errstr(rc)); + } free_strlist(sl); break; @@ -2286,7 +2352,9 @@ main( int argc, char **argv ) for( ; argc; argc--, argv++ ) append_to_strlist2( &sl, *argv, utf8_strings ); - keyserver_search( sl ); + rc=keyserver_search( sl ); + if(rc) + log_error(_("keyserver search failed: %s\n"),g10_errstr(rc)); free_strlist(sl); break; @@ -2294,7 +2362,9 @@ main( int argc, char **argv ) sl = NULL; for( ; argc; argc--, argv++ ) add_to_strlist2( &sl, *argv, utf8_strings ); - keyserver_refresh(sl); + rc=keyserver_refresh(sl); + if(rc) + log_error(_("keyserver refresh failed: %s\n"),g10_errstr(rc)); free_strlist(sl); break; diff --git a/g10/keydb.h b/g10/keydb.h index 155fa6599..9f47123ec 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -164,8 +164,9 @@ void show_revocation_reason( PKT_public_key *pk, int mode ); int check_signatures_trust( PKT_signature *sig ); void release_pk_list( PK_LIST pk_list ); int build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use ); -int select_algo_from_prefs( PK_LIST pk_list, int preftype, - int request, void *hint ); +int algo_available( preftype_t preftype, int algo, void *hint ); +int select_algo_from_prefs( PK_LIST pk_list, int preftype, + int request, void *hint ); int select_mdc_from_pklist (PK_LIST pk_list); /*-- skclist.c --*/ diff --git a/g10/keyserver.c b/g10/keyserver.c index aba5dfbd9..4be8a1c68 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -194,6 +194,11 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno) ch++; } + + /* It would seem to be reasonable to limit the range of the + ports to values between 1-65535, but RFC 1738 and 1808 + imply there is no limit. Of course, the real world has + limits. */ } /* (any path part of the URI is discarded for now as no keyserver @@ -679,6 +684,10 @@ keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,int count) log_error(_("no keyserver known (use option --keyserver)\n")); return G10ERR_BAD_URI; } + else if(opt.keyserver_port && (strlen(opt.keyserver_port)>5 + || atoi(opt.keyserver_port)<1 + || atoi(opt.keyserver_port)>65535)) + return G10ERR_BAD_URI; else { void *stats_handle = import_new_stats_handle (); diff --git a/g10/options.h b/g10/options.h index 17d89e003..318c062f8 100644 --- a/g10/options.h +++ b/g10/options.h @@ -204,11 +204,12 @@ struct { #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) #define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE) +#define GNUPG (opt.compliance==CO_GNUPG) #define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2) #define RFC2440 (opt.compliance==CO_RFC2440) -#define PGP2 (opt.compliance==CO_PGP2) -#define PGP6 (opt.compliance==CO_PGP6) -#define PGP7 (opt.compliance==CO_PGP7) -#define PGP8 (opt.compliance==CO_PGP8) +#define PGP2 (opt.compliance==CO_PGP2) +#define PGP6 (opt.compliance==CO_PGP6) +#define PGP7 (opt.compliance==CO_PGP7) +#define PGP8 (opt.compliance==CO_PGP8) #endif /*G10_OPTIONS_H*/ diff --git a/g10/pkclist.c b/g10/pkclist.c index 07bf2be5b..dbfbc031b 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1088,46 +1088,60 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use ) intersection"), and PGP has no mechanism to fix such a broken preference list, so I'm including it. -dms */ -static int -algo_available( int preftype, int algo, void *hint ) +int +algo_available( preftype_t preftype, int algo, void *hint ) { - if( preftype == PREFTYPE_SYM ) { - if( PGP6 && ( algo != 1 && algo != 2 && algo != 3) ) - return 0; - - if( (PGP7 || PGP8) - && (algo != 1 && algo != 2 && algo != 3 - && algo != 7 && algo != 8 && algo != 9 && algo != 10) ) - return 0; - - return algo && !check_cipher_algo( algo ); - } - else if( preftype == PREFTYPE_HASH ) { - int bits=0; - - if(hint) - bits=*(int *)hint; - - if(bits && (bits != md_digest_length(algo))) - return 0; - - if( (PGP6 || PGP7) && (algo != 1 && algo != 2 && algo != 3) ) - return 0; - - if( PGP8 && (algo != 1 && algo != 2 && algo != 3 && algo != 8)) - return 0; - - return algo && !check_digest_algo( algo ); - } - else if( preftype == PREFTYPE_ZIP ) { - if ( ( PGP6 || PGP7 || PGP8 ) - && ( algo !=0 && algo != 1) ) - return 0; - - return !check_compress_algo( algo ); - } - else + if( preftype == PREFTYPE_SYM ) + { + if(PGP6 && (algo != CIPHER_ALGO_IDEA + && algo != CIPHER_ALGO_3DES + && algo != CIPHER_ALGO_CAST5)) return 0; + + if((PGP7 || PGP8) && (algo != CIPHER_ALGO_IDEA + && algo != CIPHER_ALGO_3DES + && algo != CIPHER_ALGO_CAST5 + && algo != CIPHER_ALGO_AES + && algo != CIPHER_ALGO_AES192 + && algo != CIPHER_ALGO_AES256 + && algo != CIPHER_ALGO_TWOFISH)) + return 0; + + return algo && !check_cipher_algo( algo ); + } + else if( preftype == PREFTYPE_HASH ) + { + if(hint && ((*(int *)hint) != md_digest_length(algo))) + return 0; + + if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5 + && algo != DIGEST_ALGO_SHA1 + && algo != DIGEST_ALGO_RMD160)) + return 0; + + + if(PGP8 && (algo != DIGEST_ALGO_MD5 + && algo != DIGEST_ALGO_SHA1 + && algo != DIGEST_ALGO_RMD160 + && algo != DIGEST_ALGO_SHA256)) + return 0; + + /* TIGER is not allowed any longer according to 2440bis. */ + if( RFC2440 && algo == DIGEST_ALGO_TIGER ) + return 0; + + return algo && !check_digest_algo( algo ); + } + else if( preftype == PREFTYPE_ZIP ) + { + if((PGP6 || PGP7 || PGP8) && (algo != COMPRESS_ALGO_NONE + && algo != COMPRESS_ALGO_ZIP)) + return 0; + + return !check_compress_algo( algo ); + } + else + return 0; } diff --git a/g10/sign.c b/g10/sign.c index c2972b82f..4f676ff0a 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -720,7 +720,8 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, hashlen=20; if((algo= - select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,&hashlen))>0) + select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1, + hashlen?&hashlen:NULL))>0) recipient_digest_algo=algo; } }