mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-23 15:07:03 +01:00
* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys. * keyserver.c (keyserver_work): Range check the TCP port for HKP. * options.h, g10.c (main): Give algorithm warnings for algorithms chosen against the --pgpX and --openpgp rules. * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp mode. * sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of 0.
This commit is contained in:
parent
1db0d1e0a2
commit
879014e14b
@ -1,6 +1,20 @@
|
|||||||
2003-05-02 David Shaw <dshaw@jabberwocky.com>
|
2003-05-02 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* sign.c (sign_file): Fix bug that causes spurious compression
|
* g10.c (main): Show errors for failure in export, send-keys,
|
||||||
|
recv-keys, and refresh-keys.
|
||||||
|
|
||||||
|
* keyserver.c (keyserver_work): Range check the TCP port for HKP.
|
||||||
|
|
||||||
|
* options.h, g10.c (main): Give algorithm warnings for algorithms
|
||||||
|
chosen against the --pgpX and --openpgp rules.
|
||||||
|
|
||||||
|
* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in
|
||||||
|
--openpgp mode.
|
||||||
|
|
||||||
|
* sign.c (sign_file), pkclist.c (algo_available): Allow passing a
|
||||||
|
hint of 0.
|
||||||
|
|
||||||
|
* sign.c (sign_file): Fix bug that causes a spurious compression
|
||||||
preference warning.
|
preference warning.
|
||||||
|
|
||||||
* sign.c (clearsign_file): Fix bug that prevents proper warning
|
* sign.c (clearsign_file): Fix bug that prevents proper warning
|
||||||
|
88
g10/g10.c
88
g10/g10.c
@ -1458,7 +1458,7 @@ main( int argc, char **argv )
|
|||||||
opt.def_cipher_algo = 0;
|
opt.def_cipher_algo = 0;
|
||||||
opt.def_digest_algo = 0;
|
opt.def_digest_algo = 0;
|
||||||
opt.cert_digest_algo = 0;
|
opt.cert_digest_algo = 0;
|
||||||
opt.def_compress_algo = 1;
|
opt.def_compress_algo = -1;
|
||||||
opt.s2k_mode = 3; /* iterated+salted */
|
opt.s2k_mode = 3; /* iterated+salted */
|
||||||
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
|
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
|
||||||
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
|
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
|
||||||
@ -1844,7 +1844,6 @@ main( int argc, char **argv )
|
|||||||
opt.escape_from=1;
|
opt.escape_from=1;
|
||||||
opt.force_v3_sigs=1;
|
opt.force_v3_sigs=1;
|
||||||
opt.ask_sig_expire=0;
|
opt.ask_sig_expire=0;
|
||||||
opt.def_compress_algo=1;
|
|
||||||
opt.force_mdc=0;
|
opt.force_mdc=0;
|
||||||
opt.disable_mdc=1;
|
opt.disable_mdc=1;
|
||||||
}
|
}
|
||||||
@ -1854,12 +1853,10 @@ main( int argc, char **argv )
|
|||||||
opt.escape_from=1;
|
opt.escape_from=1;
|
||||||
opt.force_v3_sigs=1;
|
opt.force_v3_sigs=1;
|
||||||
opt.ask_sig_expire=0;
|
opt.ask_sig_expire=0;
|
||||||
opt.def_compress_algo=1;
|
|
||||||
}
|
}
|
||||||
else if(PGP8)
|
else if(PGP8)
|
||||||
{
|
{
|
||||||
opt.escape_from=1;
|
opt.escape_from=1;
|
||||||
opt.def_compress_algo=1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* must do this after dropping setuid, because string_to...
|
/* must do this after dropping setuid, because string_to...
|
||||||
@ -1942,6 +1939,66 @@ main( int argc, char **argv )
|
|||||||
if( log_get_errorcount(0) )
|
if( log_get_errorcount(0) )
|
||||||
g10_exit(2);
|
g10_exit(2);
|
||||||
|
|
||||||
|
/* Check our chosen algorithms against the list of legal
|
||||||
|
algorithms. */
|
||||||
|
|
||||||
|
if(!GNUPG)
|
||||||
|
{
|
||||||
|
const char *badalg=NULL;
|
||||||
|
preftype_t badtype=PREFTYPE_NONE;
|
||||||
|
|
||||||
|
if(opt.def_cipher_algo
|
||||||
|
&& !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
|
||||||
|
{
|
||||||
|
badalg=cipher_algo_to_string(opt.def_cipher_algo);
|
||||||
|
badtype=PREFTYPE_SYM;
|
||||||
|
}
|
||||||
|
else if(opt.def_digest_algo
|
||||||
|
&& !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
|
||||||
|
{
|
||||||
|
badalg=digest_algo_to_string(opt.def_digest_algo);
|
||||||
|
badtype=PREFTYPE_HASH;
|
||||||
|
}
|
||||||
|
else if(opt.cert_digest_algo
|
||||||
|
&& !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL))
|
||||||
|
{
|
||||||
|
badalg=digest_algo_to_string(opt.cert_digest_algo);
|
||||||
|
badtype=PREFTYPE_HASH;
|
||||||
|
}
|
||||||
|
else if(opt.def_compress_algo!=-1
|
||||||
|
&& !algo_available(PREFTYPE_ZIP,opt.def_compress_algo,NULL))
|
||||||
|
{
|
||||||
|
badalg=compress_algo_to_string(opt.def_compress_algo);
|
||||||
|
badtype=PREFTYPE_ZIP;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(badalg)
|
||||||
|
{
|
||||||
|
switch(badtype)
|
||||||
|
{
|
||||||
|
case PREFTYPE_SYM:
|
||||||
|
log_info(_("you may not use cipher algorithm \"%s\" "
|
||||||
|
"while in %s mode\n"),
|
||||||
|
badalg,compliance_option_string());
|
||||||
|
break;
|
||||||
|
case PREFTYPE_HASH:
|
||||||
|
log_info(_("you may not use digest algorithm \"%s\" "
|
||||||
|
"while in %s mode\n"),
|
||||||
|
badalg,compliance_option_string());
|
||||||
|
break;
|
||||||
|
case PREFTYPE_ZIP:
|
||||||
|
log_info(_("you may not use compression algorithm \"%s\" "
|
||||||
|
"while in %s mode\n"),
|
||||||
|
badalg,compliance_option_string());
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
BUG();
|
||||||
|
}
|
||||||
|
|
||||||
|
compliance_failure();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* set the random seed file */
|
/* set the random seed file */
|
||||||
if( use_random_seed ) {
|
if( use_random_seed ) {
|
||||||
char *p = make_filename(opt.homedir, "random_seed", NULL );
|
char *p = make_filename(opt.homedir, "random_seed", NULL );
|
||||||
@ -2273,11 +2330,20 @@ main( int argc, char **argv )
|
|||||||
for( ; argc; argc--, argv++ )
|
for( ; argc; argc--, argv++ )
|
||||||
add_to_strlist2( &sl, *argv, utf8_strings );
|
add_to_strlist2( &sl, *argv, utf8_strings );
|
||||||
if( cmd == aSendKeys )
|
if( cmd == aSendKeys )
|
||||||
keyserver_export( sl );
|
rc=keyserver_export( sl );
|
||||||
else if( cmd == aRecvKeys )
|
else if( cmd == aRecvKeys )
|
||||||
keyserver_import( sl );
|
rc=keyserver_import( sl );
|
||||||
else
|
else
|
||||||
export_pubkeys( sl, opt.export_options );
|
rc=export_pubkeys( sl, opt.export_options );
|
||||||
|
if(rc)
|
||||||
|
{
|
||||||
|
if(cmd==aSendKeys)
|
||||||
|
log_error(_("keyserver send failed: %s\n"),g10_errstr(rc));
|
||||||
|
else if(cmd==aRecvKeys)
|
||||||
|
log_error(_("keyserver receive failed: %s\n"),g10_errstr(rc));
|
||||||
|
else
|
||||||
|
log_error(_("key export failed: %s\n"),g10_errstr(rc));
|
||||||
|
}
|
||||||
free_strlist(sl);
|
free_strlist(sl);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2286,7 +2352,9 @@ main( int argc, char **argv )
|
|||||||
for( ; argc; argc--, argv++ )
|
for( ; argc; argc--, argv++ )
|
||||||
append_to_strlist2( &sl, *argv, utf8_strings );
|
append_to_strlist2( &sl, *argv, utf8_strings );
|
||||||
|
|
||||||
keyserver_search( sl );
|
rc=keyserver_search( sl );
|
||||||
|
if(rc)
|
||||||
|
log_error(_("keyserver search failed: %s\n"),g10_errstr(rc));
|
||||||
free_strlist(sl);
|
free_strlist(sl);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2294,7 +2362,9 @@ main( int argc, char **argv )
|
|||||||
sl = NULL;
|
sl = NULL;
|
||||||
for( ; argc; argc--, argv++ )
|
for( ; argc; argc--, argv++ )
|
||||||
add_to_strlist2( &sl, *argv, utf8_strings );
|
add_to_strlist2( &sl, *argv, utf8_strings );
|
||||||
keyserver_refresh(sl);
|
rc=keyserver_refresh(sl);
|
||||||
|
if(rc)
|
||||||
|
log_error(_("keyserver refresh failed: %s\n"),g10_errstr(rc));
|
||||||
free_strlist(sl);
|
free_strlist(sl);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -164,8 +164,9 @@ void show_revocation_reason( PKT_public_key *pk, int mode );
|
|||||||
int check_signatures_trust( PKT_signature *sig );
|
int check_signatures_trust( PKT_signature *sig );
|
||||||
void release_pk_list( PK_LIST pk_list );
|
void release_pk_list( PK_LIST pk_list );
|
||||||
int build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use );
|
int build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use );
|
||||||
int select_algo_from_prefs( PK_LIST pk_list, int preftype,
|
int algo_available( preftype_t preftype, int algo, void *hint );
|
||||||
int request, void *hint );
|
int select_algo_from_prefs( PK_LIST pk_list, int preftype,
|
||||||
|
int request, void *hint );
|
||||||
int select_mdc_from_pklist (PK_LIST pk_list);
|
int select_mdc_from_pklist (PK_LIST pk_list);
|
||||||
|
|
||||||
/*-- skclist.c --*/
|
/*-- skclist.c --*/
|
||||||
|
@ -194,6 +194,11 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
|
|||||||
|
|
||||||
ch++;
|
ch++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* It would seem to be reasonable to limit the range of the
|
||||||
|
ports to values between 1-65535, but RFC 1738 and 1808
|
||||||
|
imply there is no limit. Of course, the real world has
|
||||||
|
limits. */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* (any path part of the URI is discarded for now as no keyserver
|
/* (any path part of the URI is discarded for now as no keyserver
|
||||||
@ -679,6 +684,10 @@ keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,int count)
|
|||||||
log_error(_("no keyserver known (use option --keyserver)\n"));
|
log_error(_("no keyserver known (use option --keyserver)\n"));
|
||||||
return G10ERR_BAD_URI;
|
return G10ERR_BAD_URI;
|
||||||
}
|
}
|
||||||
|
else if(opt.keyserver_port && (strlen(opt.keyserver_port)>5
|
||||||
|
|| atoi(opt.keyserver_port)<1
|
||||||
|
|| atoi(opt.keyserver_port)>65535))
|
||||||
|
return G10ERR_BAD_URI;
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
void *stats_handle = import_new_stats_handle ();
|
void *stats_handle = import_new_stats_handle ();
|
||||||
|
@ -204,11 +204,12 @@ struct {
|
|||||||
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
|
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
|
||||||
#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
|
#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
|
||||||
|
|
||||||
|
#define GNUPG (opt.compliance==CO_GNUPG)
|
||||||
#define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2)
|
#define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2)
|
||||||
#define RFC2440 (opt.compliance==CO_RFC2440)
|
#define RFC2440 (opt.compliance==CO_RFC2440)
|
||||||
#define PGP2 (opt.compliance==CO_PGP2)
|
#define PGP2 (opt.compliance==CO_PGP2)
|
||||||
#define PGP6 (opt.compliance==CO_PGP6)
|
#define PGP6 (opt.compliance==CO_PGP6)
|
||||||
#define PGP7 (opt.compliance==CO_PGP7)
|
#define PGP7 (opt.compliance==CO_PGP7)
|
||||||
#define PGP8 (opt.compliance==CO_PGP8)
|
#define PGP8 (opt.compliance==CO_PGP8)
|
||||||
|
|
||||||
#endif /*G10_OPTIONS_H*/
|
#endif /*G10_OPTIONS_H*/
|
||||||
|
@ -1088,46 +1088,60 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
intersection"), and PGP has no mechanism to fix such a broken
|
intersection"), and PGP has no mechanism to fix such a broken
|
||||||
preference list, so I'm including it. -dms */
|
preference list, so I'm including it. -dms */
|
||||||
|
|
||||||
static int
|
int
|
||||||
algo_available( int preftype, int algo, void *hint )
|
algo_available( preftype_t preftype, int algo, void *hint )
|
||||||
{
|
{
|
||||||
if( preftype == PREFTYPE_SYM ) {
|
if( preftype == PREFTYPE_SYM )
|
||||||
if( PGP6 && ( algo != 1 && algo != 2 && algo != 3) )
|
{
|
||||||
return 0;
|
if(PGP6 && (algo != CIPHER_ALGO_IDEA
|
||||||
|
&& algo != CIPHER_ALGO_3DES
|
||||||
if( (PGP7 || PGP8)
|
&& algo != CIPHER_ALGO_CAST5))
|
||||||
&& (algo != 1 && algo != 2 && algo != 3
|
|
||||||
&& algo != 7 && algo != 8 && algo != 9 && algo != 10) )
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return algo && !check_cipher_algo( algo );
|
|
||||||
}
|
|
||||||
else if( preftype == PREFTYPE_HASH ) {
|
|
||||||
int bits=0;
|
|
||||||
|
|
||||||
if(hint)
|
|
||||||
bits=*(int *)hint;
|
|
||||||
|
|
||||||
if(bits && (bits != md_digest_length(algo)))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if( (PGP6 || PGP7) && (algo != 1 && algo != 2 && algo != 3) )
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if( PGP8 && (algo != 1 && algo != 2 && algo != 3 && algo != 8))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return algo && !check_digest_algo( algo );
|
|
||||||
}
|
|
||||||
else if( preftype == PREFTYPE_ZIP ) {
|
|
||||||
if ( ( PGP6 || PGP7 || PGP8 )
|
|
||||||
&& ( algo !=0 && algo != 1) )
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return !check_compress_algo( algo );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
if((PGP7 || PGP8) && (algo != CIPHER_ALGO_IDEA
|
||||||
|
&& algo != CIPHER_ALGO_3DES
|
||||||
|
&& algo != CIPHER_ALGO_CAST5
|
||||||
|
&& algo != CIPHER_ALGO_AES
|
||||||
|
&& algo != CIPHER_ALGO_AES192
|
||||||
|
&& algo != CIPHER_ALGO_AES256
|
||||||
|
&& algo != CIPHER_ALGO_TWOFISH))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
return algo && !check_cipher_algo( algo );
|
||||||
|
}
|
||||||
|
else if( preftype == PREFTYPE_HASH )
|
||||||
|
{
|
||||||
|
if(hint && ((*(int *)hint) != md_digest_length(algo)))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if((PGP6 || PGP7) && (algo != DIGEST_ALGO_MD5
|
||||||
|
&& algo != DIGEST_ALGO_SHA1
|
||||||
|
&& algo != DIGEST_ALGO_RMD160))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
|
||||||
|
if(PGP8 && (algo != DIGEST_ALGO_MD5
|
||||||
|
&& algo != DIGEST_ALGO_SHA1
|
||||||
|
&& algo != DIGEST_ALGO_RMD160
|
||||||
|
&& algo != DIGEST_ALGO_SHA256))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
/* TIGER is not allowed any longer according to 2440bis. */
|
||||||
|
if( RFC2440 && algo == DIGEST_ALGO_TIGER )
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
return algo && !check_digest_algo( algo );
|
||||||
|
}
|
||||||
|
else if( preftype == PREFTYPE_ZIP )
|
||||||
|
{
|
||||||
|
if((PGP6 || PGP7 || PGP8) && (algo != COMPRESS_ALGO_NONE
|
||||||
|
&& algo != COMPRESS_ALGO_ZIP))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
return !check_compress_algo( algo );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -720,7 +720,8 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
|
|||||||
hashlen=20;
|
hashlen=20;
|
||||||
|
|
||||||
if((algo=
|
if((algo=
|
||||||
select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,&hashlen))>0)
|
select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,
|
||||||
|
hashlen?&hashlen:NULL))>0)
|
||||||
recipient_digest_algo=algo;
|
recipient_digest_algo=algo;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user