security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-05-29 21:58:04 +02:00
Code Activity

Decryption and signi via agent is now implemented.

Browse Source
This commit is contained in:
Werner Koch 2010-04-23 11:36:59 +00:00
parent c86a59db74
commit 8e5010a958
22 changed files with 409 additions and 358 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/sexputil.c
View File

@ -136,7 +136,7 @@ cmp_simple_canon_sexp (const unsigned char *a_orig,
} }
/* Create a simple S-expression from the hex string at LIBNE. Returns /* Create a simple S-expression from the hex string at LINE. Returns
a newly allocated buffer with that canonical encoded S-expression a newly allocated buffer with that canonical encoded S-expression
or NULL in case of an error. On return the number of characters or NULL in case of an error. On return the number of characters
scanned in LINE will be stored at NSCANNED. This fucntions stops scanned in LINE will be stored at NSCANNED. This fucntions stops

30
g10/ChangeLog
View File

@ -1,3 +1,33 @@
2010-04-23 Werner Koch <wk@g10code.com>
* pubkey-enc.c (get_it): Use the agent for decryption.
* call-agent.c (agent_pkdecrypt, inq_ciphertext_cb): New.
2010-04-22 Werner Koch <wk@g10code.com>
* photoid.c (show_photos): Remove arg SK.
* pubkey-enc.c (get_session_key, get_it): Change to use the public
key object.
(get_it): Remove card related stuff. Now automagically handled
by the agent.
* skclist.c (build_sk_list): Remove UNLOCK arg.
* keylist.c (print_fingerprint): Remove arg SK.
* mainproc.c (list_node): Disable listing of secret key packets.
* keyring.c (struct keyring_name, struct keyring_handle): Remove
field SECRET.
(keyring_register_filename, keyring_new, orename_tmp_file)
(do_copy): Remove arg SECRET.
* keydb.c (struct resource_item): Remove field SECRET.
(keydb_add_resource): Remove arg SECRET.
(keydb_new): Remove code fro secret keyrings.
* gpg.c (main): Ignore --secret-keyring. Remove all secret
keyring related code.
2010-04-21 Werner Koch <wk@g10code.com> 2010-04-21 Werner Koch <wk@g10code.com>
* pkclist.c (default_recipient): Change to use public keys. * pkclist.c (default_recipient): Change to use public keys.

128
g10/call-agent.c
View File

@ -50,8 +50,9 @@ static int did_early_card_test;
struct cipher_parm_s struct cipher_parm_s
{ {
ctrl_t ctrl;
assuan_context_t ctx; assuan_context_t ctx;
const char *ciphertext; unsigned char *ciphertext;
size_t ciphertextlen; size_t ciphertextlen;
}; };
@ -104,7 +105,6 @@ status_sc_op_failure (int rc)
/* Try to connect to the agent via socket or fork it off and work by /* Try to connect to the agent via socket or fork it off and work by
pipes. Handle the server's initial greeting */ pipes. Handle the server's initial greeting */
static int static int
@ -1582,3 +1582,127 @@ agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
} }
/* Handle a CIPHERTEXT inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the END. */
static gpg_error_t
inq_ciphertext_cb (void *opaque, const char *line)
{
struct cipher_parm_s *parm = opaque;
int rc;
if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10]))
{
assuan_begin_confidential (parm->ctx);
rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
assuan_end_confidential (parm->ctx);
}
else
rc = default_inq_cb (parm->ctrl, line);
return rc;
}
/* Call the agent to do a decrypt operation using the key identified
by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the
success the decoded value is stored verbatim at R_BUF and its
length at R_BUF; the callers needs to release it. */
gpg_error_t
agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
gcry_sexp_t s_ciphertext,
unsigned char **r_buf, size_t *r_buflen)
{
gpg_error_t err;
char line[ASSUAN_LINELENGTH];
membuf_t data;
size_t n, len;
char *p, *buf, *endp;
if (!keygrip || strlen(keygrip) != 40 || !s_ciphertext || !r_buf || !r_buflen)
return gpg_error (GPG_ERR_INV_VALUE);
*r_buf = NULL;
err = start_agent (ctrl, 0);
if (err)
return err;
err = assuan_transact (agent_ctx, "RESET",
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
snprintf (line, sizeof line, "SETKEY %s", keygrip);
err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
if (desc)
{
snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
line[DIM(line)-1] = 0;
err = assuan_transact (agent_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (err)
return err;
}
init_membuf_secure (&data, 1024);
{
struct cipher_parm_s parm;
parm.ctrl = ctrl;
parm.ctx = agent_ctx;
err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
if (err)
return err;
err = assuan_transact (agent_ctx, "PKDECRYPT",
membuf_data_cb, &data,
inq_ciphertext_cb, &parm, NULL, NULL);
xfree (parm.ciphertext);
}
if (err)
{
xfree (get_membuf (&data, &len));
return err;
}
put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
buf = get_membuf (&data, &len);
if (!buf)
return gpg_error_from_syserror ();
assert (len); /* (we forced Nul termination.) */
if (*buf != '(')
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP);
}
if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP);
}
len -= 11; /* Count only the data of the second part. */
p = buf + 8; /* Skip leading parenthesis and the value tag. */
n = strtoul (p, &endp, 10);
if (!n || *endp != ':')
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP);
}
endp++;
if (endp-p+n > len)
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
}
memmove (buf, endp, n);
*r_buflen = n;
*r_buf = buf;
return 0;
}

4
g10/call-agent.h
View File

@ -158,6 +158,10 @@ gpg_error_t agent_pksign (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
int digestalgo, int digestalgo,
gcry_sexp_t *r_sigval); gcry_sexp_t *r_sigval);
/* Decrypt a ciphertext. */
gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
gcry_sexp_t s_ciphertext,
unsigned char **r_buf, size_t *r_buflen);
#endif /*GNUPG_G10_CALL_AGENT_H*/ #endif /*GNUPG_G10_CALL_AGENT_H*/

23
g10/gpg.c
View File

@ -1890,7 +1890,7 @@ main (int argc, char **argv)
char *username; char *username;
int may_coredump; int may_coredump;
strlist_t sl, remusr= NULL, locusr=NULL; strlist_t sl, remusr= NULL, locusr=NULL;
strlist_t nrings=NULL, sec_nrings=NULL; strlist_t nrings = NULL;
armor_filter_context_t *afx = NULL; armor_filter_context_t *afx = NULL;
int detached_sig = 0; int detached_sig = 0;
FILE *configfp = NULL; FILE *configfp = NULL;
@ -2283,8 +2283,9 @@ main (int argc, char **argv)
break; break;
case oSecretKeyring: case oSecretKeyring:
append_to_strlist( &sec_nrings, pargs.r.ret_str); /* Ignore this old option. */
break; break;
case oOptions: case oOptions:
/* config files may not be nested (silently ignore them) */ /* config files may not be nested (silently ignore them) */
if( !configfp ) { if( !configfp ) {
@ -3385,22 +3386,12 @@ main (int argc, char **argv)
if( ALWAYS_ADD_KEYRINGS if( ALWAYS_ADD_KEYRINGS
|| (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) ) || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
{ {
if (ALWAYS_ADD_KEYRINGS if (!nrings || default_keyring) /* Add default ring. */
|| (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys keydb_add_resource ("pubring" EXTSEP_S "gpg", 4);
&& cmd != aVerify && cmd != aSym && cmd != aLocateKeys)) for (sl = nrings; sl; sl = sl->next )
{ keydb_add_resource (sl->d, sl->flags);
if (!sec_nrings || default_keyring) /* add default secret rings */
keydb_add_resource ("secring" EXTSEP_S "gpg", 4, 1);
for (sl = sec_nrings; sl; sl = sl->next)
keydb_add_resource ( sl->d, 0, 1 );
}
if( !nrings || default_keyring ) /* add default ring */
keydb_add_resource ("pubring" EXTSEP_S "gpg", 4, 0);
for(sl = nrings; sl; sl = sl->next )
keydb_add_resource ( sl->d, sl->flags, 0 );
} }
FREE_STRLIST(nrings); FREE_STRLIST(nrings);
FREE_STRLIST(sec_nrings);
if (cmd == aGPGConfTest) if (cmd == aGPGConfTest)
g10_exit(0); g10_exit(0);

4
g10/gpgv.c
View File

@ -196,9 +196,9 @@ main( int argc, char **argv )
/* Note: We open all keyrings in read-only mode (flag value: 8). */ /* Note: We open all keyrings in read-only mode (flag value: 8). */
if (!nrings) /* No keyring given: use default one. */ if (!nrings) /* No keyring given: use default one. */
keydb_add_resource ("trustedkeys" EXTSEP_S "gpg", 8, 0); keydb_add_resource ("trustedkeys" EXTSEP_S "gpg", 8);
for (sl = nrings; sl; sl = sl->next) for (sl = nrings; sl; sl = sl->next)
keydb_add_resource (sl->d, 8, 0 ); keydb_add_resource (sl->d, 8);
FREE_STRLIST (nrings); FREE_STRLIST (nrings);

38
g10/keydb.c
View File

@ -45,13 +45,13 @@ typedef enum {
} KeydbResourceType; } KeydbResourceType;
#define MAX_KEYDB_RESOURCES 40 #define MAX_KEYDB_RESOURCES 40
struct resource_item { struct resource_item
{
KeydbResourceType type; KeydbResourceType type;
union { union {
KEYRING_HANDLE kr; KEYRING_HANDLE kr;
} u; } u;
void *token; void *token;
int secret;
}; };
static struct resource_item all_resources[MAX_KEYDB_RESOURCES]; static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
@ -213,9 +213,9 @@ maybe_create_keyring (char *filename, int force)
* Flag 8 - Open as read-only. * Flag 8 - Open as read-only.
*/ */
int int
keydb_add_resource (const char *url, int flags, int secret) keydb_add_resource (const char *url, int flags)
{ {
static int any_secret, any_public; static int any_public;
const char *resname = url; const char *resname = url;
char *filename = NULL; char *filename = NULL;
int force = (flags&1); int force = (flags&1);
@ -255,7 +255,7 @@ keydb_add_resource (const char *url, int flags, int secret)
filename = xstrdup (resname); filename = xstrdup (resname);
if (!force && !read_only) if (!force && !read_only)
force = secret? !any_secret : !any_public; force = !any_public;
/* See whether we can determine the filetype. */ /* See whether we can determine the filetype. */
if (rt == KEYDB_RESOURCE_TYPE_NONE) { if (rt == KEYDB_RESOURCE_TYPE_NONE) {
@ -289,7 +289,7 @@ keydb_add_resource (const char *url, int flags, int secret)
if (rc) if (rc)
goto leave; goto leave;
if(keyring_register_filename (filename, secret, read_only, &token)) if(keyring_register_filename (filename, read_only, &token))
{ {
if (used_resources >= MAX_KEYDB_RESOURCES) if (used_resources >= MAX_KEYDB_RESOURCES)
rc = G10ERR_RESOURCE_LIMIT; rc = G10ERR_RESOURCE_LIMIT;
@ -300,7 +300,6 @@ keydb_add_resource (const char *url, int flags, int secret)
all_resources[used_resources].type = rt; all_resources[used_resources].type = rt;
all_resources[used_resources].u.kr = NULL; /* Not used here */ all_resources[used_resources].u.kr = NULL; /* Not used here */
all_resources[used_resources].token = token; all_resources[used_resources].token = token;
all_resources[used_resources].secret = secret;
used_resources++; used_resources++;
} }
} }
@ -324,22 +323,9 @@ keydb_add_resource (const char *url, int flags, int secret)
leave: leave:
if (rc) if (rc)
{ log_error (_("keyblock resource `%s': %s\n"), filename, g10_errstr(rc));
/* Secret keyrings are not required in all cases. To avoid
having gpg return failure we use log_info here if the
rewsource is a secret one and marked as default
resource. */
if ((flags&4) && secret)
log_info (_("keyblock resource `%s': %s\n"),
filename, g10_errstr(rc));
else
log_error (_("keyblock resource `%s': %s\n"),
filename, g10_errstr(rc));
}
else if (secret)
any_secret = 1;
else else
any_public = 1; any_public = 1;
xfree (filename); xfree (filename);
return rc; return rc;
} }
@ -352,7 +338,6 @@ keydb_new (void)
{ {
KEYDB_HANDLE hd; KEYDB_HANDLE hd;
int i, j; int i, j;
int secret = 0; /* FIXME: Remove the secret stuff all together. */
hd = xmalloc_clear (sizeof *hd); hd = xmalloc_clear (sizeof *hd);
hd->found = -1; hd->found = -1;
@ -360,8 +345,6 @@ keydb_new (void)
assert (used_resources <= MAX_KEYDB_RESOURCES); assert (used_resources <= MAX_KEYDB_RESOURCES);
for (i=j=0; i < used_resources; i++) for (i=j=0; i < used_resources; i++)
{ {
if (!all_resources[i].secret != !secret)
continue;
switch (all_resources[i].type) switch (all_resources[i].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: /* ignore */ case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
@ -369,8 +352,7 @@ keydb_new (void)
case KEYDB_RESOURCE_TYPE_KEYRING: case KEYDB_RESOURCE_TYPE_KEYRING:
hd->active[j].type = all_resources[i].type; hd->active[j].type = all_resources[i].type;
hd->active[j].token = all_resources[i].token; hd->active[j].token = all_resources[i].token;
hd->active[j].secret = all_resources[i].secret; hd->active[j].u.kr = keyring_new (all_resources[i].token);
hd->active[j].u.kr = keyring_new (all_resources[i].token, secret);
if (!hd->active[j].u.kr) { if (!hd->active[j].u.kr) {
xfree (hd); xfree (hd);
return NULL; /* fixme: release all previously allocated handles*/ return NULL; /* fixme: release all previously allocated handles*/
@ -706,8 +688,6 @@ keydb_rebuild_caches (int noisy)
for (i=0; i < used_resources; i++) for (i=0; i < used_resources; i++)
{ {
if (all_resources[i].secret)
continue;
if (!keyring_is_writable (all_resources[i].token)) if (!keyring_is_writable (all_resources[i].token))
continue; continue;
switch (all_resources[i].type) switch (all_resources[i].type)

4
g10/keydb.h
View File

@ -132,7 +132,7 @@ union pref_hint
Flag 1 == force Flag 1 == force
Flag 2 == default Flag 2 == default
*/ */
int keydb_add_resource (const char *url, int flags, int secret); int keydb_add_resource (const char *url, int flags);
KEYDB_HANDLE keydb_new (void); KEYDB_HANDLE keydb_new (void);
void keydb_release (KEYDB_HANDLE hd); void keydb_release (KEYDB_HANDLE hd);
const char *keydb_get_resource_name (KEYDB_HANDLE hd); const char *keydb_get_resource_name (KEYDB_HANDLE hd);
@ -173,7 +173,7 @@ void warn_missing_aes_from_pklist (PK_LIST pk_list);
int random_is_faked (void); int random_is_faked (void);
void release_sk_list( SK_LIST sk_list ); void release_sk_list( SK_LIST sk_list );
gpg_error_t build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, gpg_error_t build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list,
int unlock, unsigned use); unsigned use);
/*-- passphrase.h --*/ /*-- passphrase.h --*/
unsigned char encode_s2k_iterations (int iterations); unsigned char encode_s2k_iterations (int iterations);

17
g10/keyedit.c
View File

@ -557,7 +557,7 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
* why to sign keys using a subkey. Implementation of USAGE_CERT * why to sign keys using a subkey. Implementation of USAGE_CERT
* is just a hack in getkey.c and does not mean that a subkey * is just a hack in getkey.c and does not mean that a subkey
* marked as certification capable will be used. */ * marked as certification capable will be used. */
rc = build_sk_list (locusr, &sk_list, 0, PUBKEY_USAGE_CERT); rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_CERT);
if (rc) if (rc)
goto leave; goto leave;
@ -2686,7 +2686,7 @@ show_key_with_all_names_colon (KBNODE keyblock)
putchar ('a'); putchar ('a');
putchar ('\n'); putchar ('\n');
print_fingerprint (pk, NULL, 0); print_fingerprint (pk, 0);
print_revokers (pk); print_revokers (pk);
} }
} }
@ -2970,7 +2970,7 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
if (node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr) if (node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr)
{ {
print_fingerprint (pk, NULL, 2); print_fingerprint (pk, 2);
tty_printf ("\n"); tty_printf ("\n");
} }
} }
@ -3047,7 +3047,7 @@ show_basic_key_info (KBNODE keyblock)
tty_printf (" "); tty_printf (" ");
tty_printf (_("expires: %s"), expirestr_from_pk (pk)); tty_printf (_("expires: %s"), expirestr_from_pk (pk));
tty_printf ("\n"); tty_printf ("\n");
print_fingerprint (pk, NULL, 3); print_fingerprint (pk, 3);
tty_printf ("\n"); tty_printf ("\n");
} }
else if (node->pkt->pkttype == PKT_SECRET_KEY) else if (node->pkt->pkttype == PKT_SECRET_KEY)
@ -3061,7 +3061,8 @@ show_basic_key_info (KBNODE keyblock)
tty_printf (" "); tty_printf (" ");
tty_printf (_("expires: %s"), expirestr_from_sk (sk)); tty_printf (_("expires: %s"), expirestr_from_sk (sk));
tty_printf ("\n"); tty_printf ("\n");
print_fingerprint (NULL, sk, 3); log_debug ("FIXME\n");
/* print_fingerprint (NULL, sk, 3); */
tty_printf ("\n"); tty_printf ("\n");
} }
} }
@ -3110,7 +3111,7 @@ show_key_and_fingerprint (KBNODE keyblock)
} }
tty_printf ("\n"); tty_printf ("\n");
if (pk) if (pk)
print_fingerprint (pk, NULL, 2); print_fingerprint (pk, 2);
} }
@ -3588,7 +3589,7 @@ menu_addrevoker (KBNODE pub_keyblock, int sensitive)
} }
print_pubkey_info (NULL, revoker_pk); print_pubkey_info (NULL, revoker_pk);
print_fingerprint (revoker_pk, NULL, 2); print_fingerprint (revoker_pk, 2);
tty_printf ("\n"); tty_printf ("\n");
tty_printf (_("WARNING: appointing a key as a designated revoker " tty_printf (_("WARNING: appointing a key as a designated revoker "
@ -5201,7 +5202,7 @@ menu_showphoto (KBNODE keyblock)
"key %s (uid %d)\n"), "key %s (uid %d)\n"),
image_type_to_string (type, 1), image_type_to_string (type, 1),
(ulong) size, keystr_from_pk (pk), count); (ulong) size, keystr_from_pk (pk), count);
show_photos (&uid->attribs[i], 1, pk, NULL, uid); show_photos (&uid->attribs[i], 1, pk, uid);
} }
} }
} }

58
g10/keylist.c
View File

@ -817,7 +817,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
es_fprintf (es_stdout, "\n"); es_fprintf (es_stdout, "\n");
if (fpr) if (fpr)
print_fingerprint (pk, NULL, 0); print_fingerprint (pk, 0);
/* FIXME: Change this function to take a PK and ask the agent: */ /* FIXME: Change this function to take a PK and ask the agent: */
/* if (secret) print_card_serialno (sk); */ /* if (secret) print_card_serialno (sk); */
@ -866,7 +866,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
es_putc ('\n', es_stdout); es_putc ('\n', es_stdout);
if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL) if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
show_photos (uid->attribs, uid->numattribs, pk, NULL, uid); show_photos (uid->attribs, uid->numattribs, pk, uid);
} }
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{ {
@ -911,7 +911,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
es_putc ('\n', es_stdout); es_putc ('\n', es_stdout);
if (fpr > 1) if (fpr > 1)
{ {
print_fingerprint (pk2, NULL, 0); print_fingerprint (pk2, 0);
/* FIXME: (see above) */ /* FIXME: (see above) */
/* if (secret) */ /* if (secret) */
/* print_card_serialno (sk2); */ /* print_card_serialno (sk2); */
@ -1127,7 +1127,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
print_revokers (pk); print_revokers (pk);
if (fpr) if (fpr)
print_fingerprint (pk, NULL, 0); print_fingerprint (pk, 0);
if (opt.with_key_data) if (opt.with_key_data)
{ {
if (!hexkeygrip_from_pk (pk, &p)) if (!hexkeygrip_from_pk (pk, &p))
@ -1232,7 +1232,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
} }
es_putc ('\n', es_stdout); es_putc ('\n', es_stdout);
if (fpr > 1) if (fpr > 1)
print_fingerprint (pk2, NULL, 0); print_fingerprint (pk2, 0);
if (opt.with_key_data) if (opt.with_key_data)
{ {
if (!hexkeygrip_from_pk (pk2, &p)) if (!hexkeygrip_from_pk (pk2, &p))
@ -1428,15 +1428,17 @@ list_keyblock (KBNODE keyblock, int secret, int fpr, void *opaque)
} }
/* /*
* standard function to print the finperprint. * Function to print the finperprint.
* mode 0: as used in key listings, opt.with_colons is honored * mode 0: as used in key listings, opt.with_colons is honored
* 1: print using log_info () * 1: print using log_info ()
* 2: direct use of tty * 2: direct use of tty
* 3: direct use of tty but only primary key. * 3: direct use of tty but only primary key.
* modes 1 and 2 will try and print both subkey and primary key fingerprints *
* Modes 1 and 2 will try and print both subkey and primary key
* fingerprints. A MODE with bit 7 set is used internally.
*/ */
void void
print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode) print_fingerprint (PKT_public_key *pk, int mode)
{ {
byte array[MAX_FINGERPRINT_LEN], *p; byte array[MAX_FINGERPRINT_LEN], *p;
size_t i, n; size_t i, n;
@ -1444,21 +1446,12 @@ print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode)
const char *text; const char *text;
int primary = 0; int primary = 0;
if (sk) if (pk->main_keyid[0] == pk->keyid[0]
{ && pk->main_keyid[1] == pk->keyid[1])
if (sk->main_keyid[0] == sk->keyid[0] primary = 1;
&& sk->main_keyid[1] == sk->keyid[1])
primary = 1;
}
else
{
if (pk->main_keyid[0] == pk->keyid[0]
&& pk->main_keyid[1] == pk->keyid[1])
primary = 1;
}
/* Just to be safe */ /* Just to be safe */
if (mode & 0x80 && !primary) if ((mode & 0x80) && !primary)
{ {
log_error ("primary key is not really primary!\n"); log_error ("primary key is not really primary!\n");
return; return;
@ -1468,20 +1461,10 @@ print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode)
if (!primary && (mode == 1 || mode == 2)) if (!primary && (mode == 1 || mode == 2))
{ {
if (sk) PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
{ get_pubkey (primary_pk, pk->main_keyid);
PKT_secret_key *primary_sk = xmalloc_clear (sizeof (*primary_sk)); print_fingerprint (primary_pk, mode | 0x80);
get_seckey (primary_sk, sk->main_keyid); free_public_key (primary_pk);
print_fingerprint (NULL, primary_sk, mode | 0x80);
free_secret_key (primary_sk);
}
else
{
PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
get_pubkey (primary_pk, pk->main_keyid);
print_fingerprint (primary_pk, NULL, mode | 0x80);
free_public_key (primary_pk);
}
} }
if (mode == 1) if (mode == 1)
@ -1513,10 +1496,7 @@ print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode)
text = _(" Key fingerprint ="); text = _(" Key fingerprint =");
} }
if (sk) fingerprint_from_pk (pk, array, &n);
fingerprint_from_sk (sk, array, &n);
else
fingerprint_from_pk (pk, array, &n);
p = array; p = array;
if (opt.with_colons && !mode) if (opt.with_colons && !mode)
{ {

111
g10/keyring.c
View File

@ -1,5 +1,5 @@
/* keyring.c - keyring file handling /* keyring.c - keyring file handling
* Copyright (C) 2001, 2004, 2009 Free Software Foundation, Inc. * Copyright (C) 2001, 2004, 2009, 2010 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -53,7 +53,6 @@ typedef struct keyring_name *KR_NAME;
struct keyring_name struct keyring_name
{ {
struct keyring_name *next; struct keyring_name *next;
int secret;
int read_only; int read_only;
dotlock_t lockhd; dotlock_t lockhd;
int is_locked; int is_locked;
@ -69,9 +68,9 @@ static OffsetHashTable kr_offtbl;
static int kr_offtbl_ready; static int kr_offtbl_ready;
struct keyring_handle { struct keyring_handle
{
CONST_KR_NAME resource; CONST_KR_NAME resource;
int secret; /* this is for a secret keyring */
struct { struct {
CONST_KR_NAME kr; CONST_KR_NAME kr;
IOBUF iobuf; IOBUF iobuf;
@ -93,7 +92,7 @@ struct keyring_handle {
static int do_copy (int mode, const char *fname, KBNODE root, int secret, static int do_copy (int mode, const char *fname, KBNODE root,
off_t start_offset, unsigned int n_packets ); off_t start_offset, unsigned int n_packets );
@ -201,8 +200,7 @@ update_offset_hash_table_from_kb (OffsetHashTable tbl, KBNODE node, off_t off)
* if a new keyring was registered. * if a new keyring was registered.
*/ */
int int
keyring_register_filename (const char *fname, int secret, int read_only, keyring_register_filename (const char *fname, int read_only, void **ptr)
void **ptr)
{ {
KR_NAME kr; KR_NAME kr;
@ -221,12 +219,8 @@ keyring_register_filename (const char *fname, int secret, int read_only,
} }
} }
if (secret)
register_secured_file (fname);
kr = xmalloc (sizeof *kr + strlen (fname)); kr = xmalloc (sizeof *kr + strlen (fname));
strcpy (kr->fname, fname); strcpy (kr->fname, fname);
kr->secret = !!secret;
kr->read_only = read_only; kr->read_only = read_only;
kr->lockhd = NULL; kr->lockhd = NULL;
kr->is_locked = 0; kr->is_locked = 0;
@ -254,21 +248,19 @@ keyring_is_writable (void *token)
/* Create a new handle for the resource associated with TOKEN. SECRET /* Create a new handle for the resource associated with TOKEN.
is just just as a cross-check.
The returned handle must be released using keyring_release (). */ The returned handle must be released using keyring_release (). */
KEYRING_HANDLE KEYRING_HANDLE
keyring_new (void *token, int secret) keyring_new (void *token)
{ {
KEYRING_HANDLE hd; KEYRING_HANDLE hd;
KR_NAME resource = token; KR_NAME resource = token;
assert (resource && !resource->secret == !secret); assert (resource);
hd = xmalloc_clear (sizeof *hd); hd = xmalloc_clear (sizeof *hd);
hd->resource = resource; hd->resource = resource;
hd->secret = !!secret;
active_handles++; active_handles++;
return hd; return hd;
} }
@ -537,10 +529,10 @@ keyring_update_keyblock (KEYRING_HANDLE hd, KBNODE kb)
hd->current.iobuf = NULL; hd->current.iobuf = NULL;
/* do the update */ /* do the update */
rc = do_copy (3, hd->found.kr->fname, kb, hd->secret, rc = do_copy (3, hd->found.kr->fname, kb,
hd->found.offset, hd->found.n_packets ); hd->found.offset, hd->found.n_packets );
if (!rc) { if (!rc) {
if (!hd->secret && kr_offtbl) if (kr_offtbl)
{ {
update_offset_hash_table_from_kb (kr_offtbl, kb, 0); update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
} }
@ -585,8 +577,8 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
hd->current.iobuf = NULL; hd->current.iobuf = NULL;
/* do the insert */ /* do the insert */
rc = do_copy (1, fname, kb, hd->secret, 0, 0 ); rc = do_copy (1, fname, kb, 0, 0 );
if (!rc && !hd->secret && kr_offtbl) if (!rc && kr_offtbl)
{ {
update_offset_hash_table_from_kb (kr_offtbl, kb, 0); update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
} }
@ -625,7 +617,7 @@ keyring_delete_keyblock (KEYRING_HANDLE hd)
hd->current.iobuf = NULL; hd->current.iobuf = NULL;
/* do the delete */ /* do the delete */
rc = do_copy (2, hd->found.kr->fname, NULL, hd->secret, rc = do_copy (2, hd->found.kr->fname, NULL,
hd->found.offset, hd->found.n_packets ); hd->found.offset, hd->found.n_packets );
if (!rc) { if (!rc) {
/* better reset the found info */ /* better reset the found info */
@ -953,7 +945,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
if (rc) if (rc)
return rc; return rc;
use_offtbl = !hd->secret && kr_offtbl; use_offtbl = !!kr_offtbl;
if (!use_offtbl) if (!use_offtbl)
; ;
else if (!kr_offtbl_ready) else if (!kr_offtbl_ready)
@ -1148,11 +1140,10 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
{ {
KR_NAME kr; KR_NAME kr;
/* First set the did_full_scan flag for this keyring (ignore /* First set the did_full_scan flag for this keyring. */
secret keyrings) */
for (kr=kr_names; kr; kr = kr->next) for (kr=kr_names; kr; kr = kr->next)
{ {
if (!kr->secret && hd->resource == kr) if (hd->resource == kr)
{ {
kr->did_full_scan = 1; kr->did_full_scan = 1;
break; break;
@ -1162,7 +1153,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
offtbl ready */ offtbl ready */
for (kr=kr_names; kr; kr = kr->next) for (kr=kr_names; kr; kr = kr->next)
{ {
if (!kr->secret && !kr->did_full_scan) if (!kr->did_full_scan)
break; break;
} }
if (!kr) if (!kr)
@ -1247,20 +1238,10 @@ create_tmp_file (const char *template,
static int static int
rename_tmp_file (const char *bakfname, const char *tmpfname, rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname)
const char *fname, int secret )
{ {
int rc = 0; int rc = 0;
/* It's a secret keyring, so let's force a fsync just to be safe on
filesystems that may not sync data and metadata together
(e.g. ext4). */
if (secret && iobuf_ioctl (NULL, IOBUF_IOCTL_FSYNC, 0, (char*)tmpfname))
{
rc = gpg_error_from_syserror ();
goto fail;
}
/* Invalidate close caches. */ /* Invalidate close caches. */
if (iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)tmpfname )) if (iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)tmpfname ))
{ {
@ -1270,27 +1251,22 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)bakfname ); iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)bakfname );
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname ); iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname );
/* first make a backup file except for secret keyrings */ /* First make a backup file. */
if (!secret)
{
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__) #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
gnupg_remove (bakfname); gnupg_remove (bakfname);
#endif #endif
if (rename (fname, bakfname) ) if (rename (fname, bakfname) )
{ {
rc = gpg_error_from_syserror (); rc = gpg_error_from_syserror ();
log_error ("renaming `%s' to `%s' failed: %s\n", log_error ("renaming `%s' to `%s' failed: %s\n",
fname, bakfname, strerror(errno) ); fname, bakfname, strerror(errno) );
return rc; return rc;
}
} }
/* then rename the file */ /* then rename the file */
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__) #if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
gnupg_remove( fname ); gnupg_remove( fname );
#endif #endif
if (secret)
unregister_secured_file (fname);
if (rename (tmpfname, fname) ) if (rename (tmpfname, fname) )
{ {
rc = gpg_error_from_syserror (); rc = gpg_error_from_syserror ();
@ -1308,9 +1284,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
statbuf.st_mode=S_IRUSR | S_IWUSR; statbuf.st_mode=S_IRUSR | S_IWUSR;
if (((secret && !opt.preserve_permissions) if (!stat (bakfname, &statbuf) && !chmod (fname, statbuf.st_mode))
|| !stat (bakfname,&statbuf))
&& !chmod (fname,statbuf.st_mode))
; ;
else else
log_error ("WARNING: unable to restore permissions to `%s': %s", log_error ("WARNING: unable to restore permissions to `%s': %s",
@ -1321,13 +1295,6 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
return 0; return 0;
fail: fail:
if (secret)
{
log_info(_("WARNING: 2 files with confidential information exists.\n"));
log_info(_("%s is the unchanged one\n"), fname );
log_info(_("%s is the new one\n"), tmpfname );
log_info(_("Please fix this possible security flaw\n"));
}
return rc; return rc;
} }
@ -1392,7 +1359,7 @@ keyring_rebuild_cache (void *token,int noisy)
int rc; int rc;
ulong count = 0, sigcount = 0; ulong count = 0, sigcount = 0;
hd = keyring_new (token, 0); hd = keyring_new (token);
memset (&desc, 0, sizeof desc); memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FIRST; desc.mode = KEYDB_SEARCH_MODE_FIRST;
@ -1420,7 +1387,7 @@ keyring_rebuild_cache (void *token,int noisy)
tmpfp = NULL; tmpfp = NULL;
} }
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename, rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
lastresname, 0) : 0; lastresname) : 0;
xfree (tmpfilename); tmpfilename = NULL; xfree (tmpfilename); tmpfilename = NULL;
xfree (bakfilename); bakfilename = NULL; xfree (bakfilename); bakfilename = NULL;
if (rc) if (rc)
@ -1513,7 +1480,7 @@ keyring_rebuild_cache (void *token,int noisy)
tmpfp = NULL; tmpfp = NULL;
} }
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename, rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
lastresname, 0) : 0; lastresname) : 0;
xfree (tmpfilename); tmpfilename = NULL; xfree (tmpfilename); tmpfilename = NULL;
xfree (bakfilename); bakfilename = NULL; xfree (bakfilename); bakfilename = NULL;
@ -1536,7 +1503,7 @@ keyring_rebuild_cache (void *token,int noisy)
* 3 = update * 3 = update
*/ */
static int static int
do_copy (int mode, const char *fname, KBNODE root, int secret, do_copy (int mode, const char *fname, KBNODE root,
off_t start_offset, unsigned int n_packets ) off_t start_offset, unsigned int n_packets )
{ {
IOBUF fp, newfp; IOBUF fp, newfp;
@ -1556,7 +1523,7 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
mode_t oldmask; mode_t oldmask;
oldmask=umask(077); oldmask=umask(077);
if (!secret && is_secured_filename (fname)) { if (is_secured_filename (fname)) {
newfp = NULL; newfp = NULL;
gpg_err_set_errno (EPERM); gpg_err_set_errno (EPERM);
} }
@ -1602,8 +1569,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
iobuf_close(fp); iobuf_close(fp);
goto leave; goto leave;
} }
if (secret)
register_secured_file (tmpfname);
if( mode == 1 ) { /* insert */ if( mode == 1 ) { /* insert */
/* copy everything to the new file */ /* copy everything to the new file */
@ -1612,8 +1577,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
log_error("%s: copy to `%s' failed: %s\n", log_error("%s: copy to `%s' failed: %s\n",
fname, tmpfname, g10_errstr(rc) ); fname, tmpfname, g10_errstr(rc) );
iobuf_close(fp); iobuf_close(fp);
if (secret)
unregister_secured_file (tmpfname);
iobuf_cancel(newfp); iobuf_cancel(newfp);
goto leave; goto leave;
} }
@ -1627,8 +1590,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
log_error ("%s: copy to `%s' failed: %s\n", log_error ("%s: copy to `%s' failed: %s\n",
fname, tmpfname, g10_errstr(rc) ); fname, tmpfname, g10_errstr(rc) );
iobuf_close(fp); iobuf_close(fp);
if (secret)
unregister_secured_file (tmpfname);
iobuf_cancel(newfp); iobuf_cancel(newfp);
goto leave; goto leave;
} }
@ -1639,8 +1600,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
log_error("%s: skipping %u packets failed: %s\n", log_error("%s: skipping %u packets failed: %s\n",
fname, n_packets, g10_errstr(rc)); fname, n_packets, g10_errstr(rc));
iobuf_close(fp); iobuf_close(fp);
if (secret)
unregister_secured_file (tmpfname);
iobuf_cancel(newfp); iobuf_cancel(newfp);
goto leave; goto leave;
} }
@ -1650,8 +1609,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
rc = write_keyblock (newfp, root); rc = write_keyblock (newfp, root);
if (rc) { if (rc) {
iobuf_close(fp); iobuf_close(fp);
if (secret)
unregister_secured_file (tmpfname);
iobuf_cancel(newfp); iobuf_cancel(newfp);
goto leave; goto leave;
} }
@ -1664,8 +1621,6 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
log_error("%s: copy to `%s' failed: %s\n", log_error("%s: copy to `%s' failed: %s\n",
fname, tmpfname, g10_errstr(rc) ); fname, tmpfname, g10_errstr(rc) );
iobuf_close(fp); iobuf_close(fp);
if (secret)
unregister_secured_file (tmpfname);
iobuf_cancel(newfp); iobuf_cancel(newfp);
goto leave; goto leave;
} }
@ -1684,7 +1639,7 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
goto leave; goto leave;
} }
rc = rename_tmp_file (bakfname, tmpfname, fname, secret); rc = rename_tmp_file (bakfname, tmpfname, fname);
leave: leave:
xfree(bakfname); xfree(bakfname);

5
g10/keyring.h
View File

@ -24,11 +24,10 @@
typedef struct keyring_handle *KEYRING_HANDLE; typedef struct keyring_handle *KEYRING_HANDLE;
int keyring_register_filename (const char *fname, int secret, int read_only, int keyring_register_filename (const char *fname, int read_only, void **ptr);
void **ptr);
int keyring_is_writable (void *token); int keyring_is_writable (void *token);
KEYRING_HANDLE keyring_new (void *token, int secret); KEYRING_HANDLE keyring_new (void *token);
void keyring_release (KEYRING_HANDLE hd); void keyring_release (KEYRING_HANDLE hd);
const char *keyring_get_resource_name (KEYRING_HANDLE hd); const char *keyring_get_resource_name (KEYRING_HANDLE hd);
int keyring_lock (KEYRING_HANDLE hd, int yes); int keyring_lock (KEYRING_HANDLE hd, int yes);

2
g10/main.h
View File

@ -305,7 +305,7 @@ void secret_key_list( strlist_t list );
void print_subpackets_colon(PKT_signature *sig); void print_subpackets_colon(PKT_signature *sig);
void reorder_keyblock (KBNODE keyblock); void reorder_keyblock (KBNODE keyblock);
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque ); void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode); void print_fingerprint (PKT_public_key *pk, int mode);
void print_revokers(PKT_public_key *pk); void print_revokers(PKT_public_key *pk);
void show_policy_url(PKT_signature *sig,int indent,int mode); void show_policy_url(PKT_signature *sig,int indent,int mode);
void show_keyserver_url(PKT_signature *sig,int indent,int mode); void show_keyserver_url(PKT_signature *sig,int indent,int mode);

132
g10/mainproc.c
View File

@ -939,7 +939,7 @@ list_node( CTX c, KBNODE node )
if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) { if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
putchar('\n'); any=1; putchar('\n'); any=1;
if( opt.fingerprint ) if( opt.fingerprint )
print_fingerprint( pk, NULL, 0 ); print_fingerprint (pk, 0);
printf("rtv:1:%u:\n", printf("rtv:1:%u:\n",
node->next->pkt->pkt.ring_trust->trustval ); node->next->pkt->pkt.ring_trust->trustval );
} }
@ -976,7 +976,7 @@ list_node( CTX c, KBNODE node )
putchar(':'); putchar(':');
putchar('\n'); putchar('\n');
if( opt.fingerprint && !any ) if( opt.fingerprint && !any )
print_fingerprint( pk, NULL, 0 ); print_fingerprint ( pk, 0 );
if( opt.with_colons if( opt.with_colons
&& node->next && node->next
&& node->next->pkt->pkttype == PKT_RING_TRUST ) { && node->next->pkt->pkttype == PKT_RING_TRUST ) {
@ -1015,71 +1015,75 @@ list_node( CTX c, KBNODE node )
if( !any ) if( !any )
putchar('\n'); putchar('\n');
if( !mainkey && opt.fingerprint > 1 ) if( !mainkey && opt.fingerprint > 1 )
print_fingerprint( pk, NULL, 0 ); print_fingerprint( pk, 0 );
} }
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) ) else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) { || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *sk = node->pkt->pkt.secret_key;
if( opt.with_colons ) log_debug ("FIXME: No way to print secret key packets here\n");
{ /* fixme: We may use a fucntion to trun a secret key packet into
u32 keyid[2]; a public key one and use that here. */
keyid_from_sk( sk, keyid ); /* PKT_secret_key *sk = node->pkt->pkt.secret_key; */
printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
mainkey? "sec":"ssb", /* if( opt.with_colons ) */
nbits_from_sk( sk ), /* { */
sk->pubkey_algo, /* u32 keyid[2]; */
(ulong)keyid[0],(ulong)keyid[1], /* keyid_from_sk( sk, keyid ); */
colon_datestr_from_sk( sk ), /* printf("%s::%u:%d:%08lX%08lX:%s:%s:::", */
colon_strtime (sk->expiredate) /* mainkey? "sec":"ssb", */
/* fixme: add LID */ ); /* nbits_from_sk( sk ), */
} /* sk->pubkey_algo, */
else /* (ulong)keyid[0],(ulong)keyid[1], */
printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb", /* colon_datestr_from_sk( sk ), */
nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), /* colon_strtime (sk->expiredate) */
keystr_from_sk( sk ), datestr_from_sk( sk )); /* /\* fixme: add LID *\/ ); */
if( mainkey ) { /* } */
/* and now list all userids with their signatures */ /* else */
for( node = node->next; node; node = node->next ) { /* printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb", */
if( node->pkt->pkttype == PKT_SIGNATURE ) { /* nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), */
if( !any ) { /* keystr_from_sk( sk ), datestr_from_sk( sk )); */
if( node->pkt->pkt.signature->sig_class == 0x20 ) /* if( mainkey ) { */
puts("[revoked]"); /* /\* and now list all userids with their signatures *\/ */
else /* for( node = node->next; node; node = node->next ) { */
putchar('\n'); /* if( node->pkt->pkttype == PKT_SIGNATURE ) { */
any = 1; /* if( !any ) { */
} /* if( node->pkt->pkt.signature->sig_class == 0x20 ) */
list_node(c, node ); /* puts("[revoked]"); */
} /* else */
else if( node->pkt->pkttype == PKT_USER_ID ) { /* putchar('\n'); */
if( any ) { /* any = 1; */
if( opt.with_colons ) /* } */
printf("%s:::::::::", /* list_node(c, node ); */
node->pkt->pkt.user_id->attrib_data?"uat":"uid"); /* } */
else /* else if( node->pkt->pkttype == PKT_USER_ID ) { */
printf( "uid%*s", 28, "" ); /* if( any ) { */
} /* if( opt.with_colons ) */
print_userid( node->pkt ); /* printf("%s:::::::::", */
if( opt.with_colons ) /* node->pkt->pkt.user_id->attrib_data?"uat":"uid"); */
putchar(':'); /* else */
putchar('\n'); /* printf( "uid%*s", 28, "" ); */
if( opt.fingerprint && !any ) /* } */
print_fingerprint( NULL, sk, 0 ); /* print_userid( node->pkt ); */
any=1; /* if( opt.with_colons ) */
} /* putchar(':'); */
else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { /* putchar('\n'); */
if( !any ) { /* if( opt.fingerprint && !any ) */
putchar('\n'); /* print_fingerprint( NULL, sk, 0 ); */
any = 1; /* any=1; */
} /* } */
list_node(c, node ); /* else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { */
} /* if( !any ) { */
} /* putchar('\n'); */
} /* any = 1; */
if( !any ) /* } */
putchar('\n'); /* list_node(c, node ); */
if( !mainkey && opt.fingerprint > 1 ) /* } */
print_fingerprint( NULL, sk, 0 ); /* } */
/* } */
/* if( !any ) */
/* putchar('\n'); */
/* if( !mainkey && opt.fingerprint > 1 ) */
/* print_fingerprint( NULL, sk, 0 ); */
} }
else if( node->pkt->pkttype == PKT_SIGNATURE ) { else if( node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
@ -1848,7 +1852,7 @@ check_sig_and_print( CTX c, KBNODE node )
if(opt.verify_options&VERIFY_SHOW_PHOTOS) if(opt.verify_options&VERIFY_SHOW_PHOTOS)
show_photos(un->pkt->pkt.user_id->attribs, show_photos(un->pkt->pkt.user_id->attribs,
un->pkt->pkt.user_id->numattribs, un->pkt->pkt.user_id->numattribs,
pk,NULL,un->pkt->pkt.user_id); pk ,un->pkt->pkt.user_id);
} }
p=utf8_to_native(un->pkt->pkt.user_id->name, p=utf8_to_native(un->pkt->pkt.user_id->name,

22
g10/photoid.c
View File

@ -161,7 +161,7 @@ generate_photo_id(PKT_public_key *pk,const char *photo_name)
"user" may not be able to dismiss a viewer window! */ "user" may not be able to dismiss a viewer window! */
if(opt.command_fd==-1) if(opt.command_fd==-1)
{ {
show_photos(uid->attribs,uid->numattribs,pk,NULL,uid); show_photos (uid->attribs, uid->numattribs, pk, uid);
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay", switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
_("Is this photo correct (y/N/q)? "))) _("Is this photo correct (y/N/q)? ")))
{ {
@ -285,9 +285,8 @@ static const char *get_default_photo_command(void)
#endif #endif
void void
show_photos(const struct user_attribute *attrs, show_photos(const struct user_attribute *attrs, int count,
int count,PKT_public_key *pk,PKT_secret_key *sk, PKT_public_key *pk, PKT_user_id *uid)
PKT_user_id *uid)
{ {
#ifndef DISABLE_PHOTO_VIEWER #ifndef DISABLE_PHOTO_VIEWER
int i; int i;
@ -295,16 +294,13 @@ show_photos(const struct user_attribute *attrs,
u32 len; u32 len;
u32 kid[2]={0,0}; u32 kid[2]={0,0};
memset(&args,0,sizeof(args)); memset (&args, 0, sizeof(args));
args.pk=pk; args.pk = pk;
args.pksk=sk; args.validity_info = get_validity_info (pk, uid);
args.validity_info=get_validity_info(pk,uid); args.validity_string = get_validity_string (pk, uid);
args.validity_string=get_validity_string(pk,uid);
if(pk) if (pk)
keyid_from_pk(pk,kid); keyid_from_pk (pk, kid);
else if(sk)
keyid_from_sk(sk,kid);
for(i=0;i<count;i++) for(i=0;i<count;i++)
if(attrs[i].type==ATTRIB_IMAGE && if(attrs[i].type==ATTRIB_IMAGE &&

4
g10/photoid.h
View File

@ -27,7 +27,7 @@
PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename); PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename);
int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len); int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
char *image_type_to_string(byte type,int style); char *image_type_to_string(byte type,int style);
void show_photos(const struct user_attribute *attrs,int count, void show_photos (const struct user_attribute *attrs, int count,
PKT_public_key *pk,PKT_secret_key *sk,PKT_user_id *uid); PKT_public_key *pk, PKT_user_id *uid);
#endif /* !_PHOTOID_H_ */ #endif /* !_PHOTOID_H_ */

24
g10/pkclist.c
View File

@ -246,9 +246,9 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
if((opt.verify_options&VERIFY_SHOW_PHOTOS) if((opt.verify_options&VERIFY_SHOW_PHOTOS)
&& un->pkt->pkt.user_id->attrib_data) && un->pkt->pkt.user_id->attrib_data)
show_photos(un->pkt->pkt.user_id->attribs, show_photos (un->pkt->pkt.user_id->attribs,
un->pkt->pkt.user_id->numattribs,pk,NULL, un->pkt->pkt.user_id->numattribs, pk,
un->pkt->pkt.user_id); un->pkt->pkt.user_id);
p=utf8_to_native(un->pkt->pkt.user_id->name, p=utf8_to_native(un->pkt->pkt.user_id->name,
un->pkt->pkt.user_id->len,0); un->pkt->pkt.user_id->len,0);
@ -256,7 +256,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
tty_printf(_(" aka \"%s\"\n"),p); tty_printf(_(" aka \"%s\"\n"),p);
} }
print_fingerprint (pk, NULL, 2); print_fingerprint (pk, 2);
tty_printf("\n"); tty_printf("\n");
release_kbnode (keyblock); release_kbnode (keyblock);
} }
@ -464,7 +464,7 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
if( !opt.batch && !rc ) if( !opt.batch && !rc )
{ {
print_pubkey_info(NULL,pk); print_pubkey_info(NULL,pk);
print_fingerprint (pk, NULL, 2); print_fingerprint (pk, 2);
tty_printf("\n"); tty_printf("\n");
tty_printf( tty_printf(
@ -523,7 +523,7 @@ check_signatures_trust( PKT_signature *sig )
if( !opt.quiet ) if( !opt.quiet )
log_info(_("WARNING: Using untrusted key!\n")); log_info(_("WARNING: Using untrusted key!\n"));
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (pk, NULL, 1); print_fingerprint (pk, 1);
goto leave; goto leave;
} }
@ -611,7 +611,7 @@ check_signatures_trust( PKT_signature *sig )
{ {
case TRUST_EXPIRED: case TRUST_EXPIRED:
log_info(_("Note: This key has expired!\n")); log_info(_("Note: This key has expired!\n"));
print_fingerprint (pk, NULL, 1); print_fingerprint (pk, 1);
break; break;
default: default:
@ -625,7 +625,7 @@ check_signatures_trust( PKT_signature *sig )
" a trusted signature!\n")); " a trusted signature!\n"));
log_info(_(" There is no indication that the " log_info(_(" There is no indication that the "
"signature belongs to the owner.\n" )); "signature belongs to the owner.\n" ));
print_fingerprint (pk, NULL, 1); print_fingerprint (pk, 1);
break; break;
case TRUST_NEVER: case TRUST_NEVER:
@ -634,7 +634,7 @@ check_signatures_trust( PKT_signature *sig )
log_info(_("WARNING: We do NOT trust this key!\n")); log_info(_("WARNING: We do NOT trust this key!\n"));
log_info(_(" The signature is probably a FORGERY.\n")); log_info(_(" The signature is probably a FORGERY.\n"));
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (pk, NULL, 1); print_fingerprint (pk, 1);
rc = gpg_error (GPG_ERR_BAD_SIGNATURE); rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
break; break;
@ -644,19 +644,19 @@ check_signatures_trust( PKT_signature *sig )
" sufficiently trusted signatures!\n")); " sufficiently trusted signatures!\n"));
log_info(_(" It is not certain that the" log_info(_(" It is not certain that the"
" signature belongs to the owner.\n" )); " signature belongs to the owner.\n" ));
print_fingerprint (pk, NULL, 1); print_fingerprint (pk, 1);
break; break;
case TRUST_FULLY: case TRUST_FULLY:
write_status( STATUS_TRUST_FULLY ); write_status( STATUS_TRUST_FULLY );
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (pk, NULL, 1); print_fingerprint (pk, 1);
break; break;
case TRUST_ULTIMATE: case TRUST_ULTIMATE:
write_status( STATUS_TRUST_ULTIMATE ); write_status( STATUS_TRUST_ULTIMATE );
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (pk, NULL, 1); print_fingerprint (pk, 1);
break; break;
} }

125
g10/pubkey-enc.c
View File

@ -39,7 +39,7 @@
static gpg_error_t get_it (PKT_pubkey_enc *k, static gpg_error_t get_it (PKT_pubkey_enc *k,
DEK *dek, PKT_secret_key *sk, u32 *keyid); DEK *dek, PKT_public_key *sk, u32 *keyid);
/* Check that the given algo is mentioned in one of the valid user-ids. */ /* Check that the given algo is mentioned in one of the valid user-ids. */
@ -74,7 +74,7 @@ is_algo_in_prefs (kbnode_t keyblock, preftype_t type, int algo)
gpg_error_t gpg_error_t
get_session_key (PKT_pubkey_enc * k, DEK * dek) get_session_key (PKT_pubkey_enc * k, DEK * dek)
{ {
PKT_secret_key *sk = NULL; PKT_public_key *sk = NULL;
int rc; int rc;
rc = openpgp_pk_test_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC); rc = openpgp_pk_test_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC);
@ -84,7 +84,7 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek)
if ((k->keyid[0] || k->keyid[1]) && !opt.try_all_secrets) if ((k->keyid[0] || k->keyid[1]) && !opt.try_all_secrets)
{ {
sk = xmalloc_clear (sizeof *sk); sk = xmalloc_clear (sizeof *sk);
sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo */ sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo. */
if (!(rc = get_seckey (sk, k->keyid))) if (!(rc = get_seckey (sk, k->keyid)))
rc = get_it (k, dek, sk, k->keyid); rc = get_it (k, dek, sk, k->keyid);
} }
@ -99,9 +99,9 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek)
for (;;) for (;;)
{ {
if (sk) if (sk)
free_secret_key (sk); free_public_key (sk);
sk = xmalloc_clear (sizeof *sk); sk = xmalloc_clear (sizeof *sk);
rc = enum_secret_keys (&enum_context, sk, 1, 0); rc = -1; /* FIXME:enum_secret_keys (&enum_context, sk, 1, 0);*/
if (rc) if (rc)
{ {
rc = G10ERR_NO_SECKEY; rc = G10ERR_NO_SECKEY;
@ -109,7 +109,7 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek)
} }
if (sk->pubkey_algo != k->pubkey_algo) if (sk->pubkey_algo != k->pubkey_algo)
continue; continue;
keyid_from_sk (sk, keyid); keyid_from_pk (sk, keyid);
log_info (_("anonymous recipient; trying secret key %s ...\n"), log_info (_("anonymous recipient; trying secret key %s ...\n"),
keystr (keyid)); keystr (keyid));
@ -149,63 +149,59 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek)
leave: leave:
if (sk) if (sk)
free_secret_key (sk); free_public_key (sk);
return rc; return rc;
} }
static gpg_error_t static gpg_error_t
get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid) get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
{ {
int rc; gpg_error_t err;
gcry_mpi_t plain_dek = NULL;
byte *frame = NULL; byte *frame = NULL;
unsigned int n; unsigned int n;
size_t nframe; size_t nframe;
u16 csum, csum2; u16 csum, csum2;
int card = 0; int card = 0;
gcry_sexp_t s_data;
char *desc;
char *keygrip;
if (sk->is_protected && sk->protect.s2k.mode == 1002) /* Get the keygrip. */
{ /* Note, that we only support RSA for now. */ err = hexkeygrip_from_pk (sk, &keygrip);
#ifdef ENABLE_CARD_SUPPORT if (err)
unsigned char *rbuf; goto leave;
size_t rbuflen;
char *snbuf;
unsigned char *indata = NULL;
size_t indatalen;
snbuf = /* Convert the data to an S-expression. */
serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk); if (sk->pubkey_algo == GCRY_PK_ELG || sk->pubkey_algo == GCRY_PK_ELG_E)
{
if (gcry_mpi_aprint if (!enc->data[0] || !enc->data[1])
(GCRYMPI_FMT_USG, &indata, &indatalen, enc->data[0])) err = gpg_error (GPG_ERR_BAD_MPI);
BUG (); else
err = gcry_sexp_build (&s_data, NULL, "(enc-val(elg(a%m)(b%m)))",
rc = agent_scd_pkdecrypt (snbuf, indata, indatalen, &rbuf, &rbuflen); enc->data[0], enc->data[1]);
xfree (snbuf); }
xfree (indata); else if (sk->pubkey_algo == GCRY_PK_RSA || sk->pubkey_algo == GCRY_PK_RSA_E)
if (rc) {
goto leave; if (!enc->data[0])
err = gpg_error (GPG_ERR_BAD_MPI);
frame = rbuf; else
nframe = rbuflen; err = gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))",
card = 1; enc->data[0]);
#else
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
goto leave;
#endif /*!ENABLE_CARD_SUPPORT */
} }
else else
{ err = gpg_error (GPG_ERR_BUG);
rc = pk_decrypt (sk->pubkey_algo, &plain_dek, enc->data, sk->skey);
if (rc) if (err)
goto leave; goto leave;
if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &frame, &nframe, plain_dek))
BUG (); /* Decrypt. */
gcry_mpi_release (plain_dek); desc = xtrystrdup ("FIXME: Format a description");
plain_dek = NULL; err = agent_pkdecrypt (NULL, keygrip, desc, s_data, &frame, &nframe);
} xfree (desc);
gcry_sexp_release (s_data);
if (err)
goto leave;
/* Now get the DEK (data encryption key) from the frame /* Now get the DEK (data encryption key) from the frame
* *
@ -231,18 +227,18 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
{ {
if (n + 7 > nframe) if (n + 7 > nframe)
{ {
rc = G10ERR_WRONG_SECKEY; err = gpg_error (G10ERR_WRONG_SECKEY);
goto leave; goto leave;
} }
if (frame[n] == 1 && frame[nframe - 1] == 2) if (frame[n] == 1 && frame[nframe - 1] == 2)
{ {
log_info (_("old encoding of the DEK is not supported\n")); log_info (_("old encoding of the DEK is not supported\n"));
rc = G10ERR_CIPHER_ALGO; err = gpg_error (G10ERR_CIPHER_ALGO);
goto leave; goto leave;
} }
if (frame[n] != 2) /* Somethink is wrong. */ if (frame[n] != 2) /* Something went wrong. */
{ {
rc = G10ERR_WRONG_SECKEY; err = gpg_error (G10ERR_WRONG_SECKEY);
goto leave; goto leave;
} }
for (n++; n < nframe && frame[n]; n++) /* Skip the random bytes. */ for (n++; n < nframe && frame[n]; n++) /* Skip the random bytes. */
@ -252,7 +248,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
if (n + 4 > nframe) if (n + 4 > nframe)
{ {
rc = G10ERR_WRONG_SECKEY; err = gpg_error (G10ERR_WRONG_SECKEY);
goto leave; goto leave;
} }
@ -260,10 +256,10 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
dek->algo = frame[n++]; dek->algo = frame[n++];
if (dek->algo == CIPHER_ALGO_IDEA) if (dek->algo == CIPHER_ALGO_IDEA)
write_status (STATUS_RSA_OR_IDEA); write_status (STATUS_RSA_OR_IDEA);
rc = openpgp_cipher_test_algo (dek->algo); err = openpgp_cipher_test_algo (dek->algo);
if (rc) if (err)
{ {
if (!opt.quiet && gpg_err_code (rc) == GPG_ERR_CIPHER_ALGO) if (!opt.quiet && gpg_err_code (err) == GPG_ERR_CIPHER_ALGO)
{ {
log_info (_("cipher algorithm %d%s is unknown or disabled\n"), log_info (_("cipher algorithm %d%s is unknown or disabled\n"),
dek->algo, dek->algo,
@ -276,7 +272,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
} }
if (dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo)) if (dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo))
{ {
rc = GPG_ERR_WRONG_SECKEY; err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave; goto leave;
} }
@ -288,7 +284,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
csum2 += dek->key[n]; csum2 += dek->key[n];
if (csum != csum2) if (csum != csum2)
{ {
rc = G10ERR_WRONG_SECKEY; err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave; goto leave;
} }
if (DBG_CIPHER) if (DBG_CIPHER)
@ -301,7 +297,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
if (!pkb) if (!pkb)
{ {
rc = -1; err = -1;
log_error ("oops: public key not found for preference check\n"); log_error ("oops: public key not found for preference check\n");
} }
else if (pkb->pkt->pkt.public_key->selfsigversion > 3 else if (pkb->pkt->pkt.public_key->selfsigversion > 3
@ -310,7 +306,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
&& !is_algo_in_prefs (pkb, PREFTYPE_SYM, dek->algo)) && !is_algo_in_prefs (pkb, PREFTYPE_SYM, dek->algo))
log_info (_("WARNING: cipher algorithm %s not found in recipient" log_info (_("WARNING: cipher algorithm %s not found in recipient"
" preferences\n"), openpgp_cipher_algo_name (dek->algo)); " preferences\n"), openpgp_cipher_algo_name (dek->algo));
if (!rc) if (!err)
{ {
KBNODE k; KBNODE k;
@ -346,14 +342,13 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
} }
release_kbnode (pkb); release_kbnode (pkb);
rc = 0; err = 0;
} }
leave:
leave:
gcry_mpi_release (plain_dek);
xfree (frame); xfree (frame);
return rc; xfree (keygrip);
return err;
} }

2
g10/revoke.c
View File

@ -248,7 +248,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
if(locusr) if(locusr)
{ {
rc=build_sk_list(locusr,&sk_list,0,PUBKEY_USAGE_CERT); rc=build_sk_list(locusr, &sk_list, PUBKEY_USAGE_CERT);
if(rc) if(rc)
goto leave; goto leave;
} }

14
g10/sign.c
View File

@ -314,7 +314,7 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
gcry_sexp_t s_sigval; gcry_sexp_t s_sigval;
/* FIXME: desc = gpgsm_format_keydesc (cert); */ /* FIXME: desc = gpgsm_format_keydesc (cert); */
desc = xtrystrdup ("FIXME: Format a decription"); desc = xtrystrdup ("FIXME: Format a description");
err = agent_pksign (NULL/*ctrl*/, hexgrip, desc, err = agent_pksign (NULL/*ctrl*/, hexgrip, desc,
dp, gcry_md_get_algo_dlen (mdalgo), mdalgo, dp, gcry_md_get_algo_dlen (mdalgo), mdalgo,
@ -811,7 +811,9 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr,
duration=parse_expire_string(opt.def_sig_expire); duration=parse_expire_string(opt.def_sig_expire);
} }
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) /* Note: In the old non-agent version the following call used to
unprotect the secret key. This is now done on demand by the agent. */
if( (rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG )) )
goto leave; goto leave;
if(PGP2 && !only_old_style(sk_list)) if(PGP2 && !only_old_style(sk_list))
@ -1126,7 +1128,9 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
duration=parse_expire_string(opt.def_sig_expire); duration=parse_expire_string(opt.def_sig_expire);
} }
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) /* Note: In the old non-agent version the following call used to
unprotect the secret key. This is now done on demand by the agent. */
if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) )
goto leave; goto leave;
if( !old_style && !duration ) if( !old_style && !duration )
@ -1290,7 +1294,9 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
duration=parse_expire_string(opt.def_sig_expire); duration=parse_expire_string(opt.def_sig_expire);
} }
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG); /* Note: In the old non-agent version the following call used to
unprotect the secret key. This is now done on demand by the agent. */
rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG);
if (rc) if (rc)
goto leave; goto leave;

16
g10/skclist.c
View File

@ -115,10 +115,8 @@ is_duplicated_entry (strlist_t list, strlist_t item)
} }
/* FIXME: We ignore the UNLOCK flag - should not be needed anymore. */
gpg_error_t gpg_error_t
build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, unsigned int use)
int unlock, unsigned int use)
{ {
gpg_error_t err; gpg_error_t err;
SK_LIST sk_list = NULL; SK_LIST sk_list = NULL;
@ -202,18 +200,6 @@ build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list,
pk = NULL; pk = NULL;
log_info (_("skipped: secret key already present\n")); log_info (_("skipped: secret key already present\n"));
} }
/* Fixme: We could change the next test by a call to gpg-agent which
would then cache the passphrase. */
/* else if (unlock && (rc = check_secret_key (sk, 0))) */
/* { */
/* free_secret_key (sk); */
/* sk = NULL; */
/* log_error (_("skipped \"%s\": %s\n"), */
/* locusr->d, g10_errstr (rc)); */
/* write_status_text_and_buffer */
/* (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), */
/* locusr->d, strlen (locusr->d), -1); */
/* } */
else if ((err = openpgp_pk_test_algo2 (pk->pubkey_algo, use))) else if ((err = openpgp_pk_test_algo2 (pk->pubkey_algo, use)))
{ {
free_public_key (pk); free_public_key (pk);

2
sm/call-agent.c
View File

@ -300,7 +300,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
/* Handle a CIPHERTEXT inquiry. Note, we only send the data, /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
assuan_transact talkes care of flushing and writing the end */ assuan_transact takes care of flushing and writing the end */
static gpg_error_t static gpg_error_t
inq_ciphertext_cb (void *opaque, const char *line) inq_ciphertext_cb (void *opaque, const char *line)
{ {