diff --git a/ChangeLog b/ChangeLog index be215c85d..6866ecf52 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Thu Jul 15 10:15:35 CEST 1999 Werner Koch + + + * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Fixed last modification. + Wed Jul 7 13:08:40 CEST 1999 Werner Koch diff --git a/NEWS b/NEWS index b9caa4ed8..8dfc04a10 100644 --- a/NEWS +++ b/NEWS @@ -14,11 +14,12 @@ * New commands --lsign-key and made --sign-key a shortcut for --edit and sign. - * New options (#122--124 ;-) --[no-]default-recipient[-self]. See the - man page. + * New options (#122--126 ;-) --[no-]default-recipient[-self], + --disable-{cipher,pubkey}-algo. See the man page. * Enhanced info output in case of multiple recipients and fixed exit code. + Noteworthy changes in version 0.9.8 ----------------------------------- diff --git a/TODO b/TODO index 7906b67fe..a02d7b45b 100644 --- a/TODO +++ b/TODO @@ -2,7 +2,7 @@ * add some status output put for signing and encryption. replace the putc in primegen with some kind of status-fd outputs. - * Speed up calculation of key validity. + * Speed up calculation of key validation. * print a warning when a revoked/expired _secret_ key is used. diff --git a/acinclude.m4 b/acinclude.m4 index 542995330..7e549143c 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -560,7 +560,7 @@ AC_CHECK_TOOL(AS, as, false) # GNUPG_SYS_SYMBOL_UNDERSCORE - does the compiler prefix global symbols # with an underscore? AC_DEFUN(GNUPG_SYS_SYMBOL_UNDERSCORE, -[ac_cv_sys_symbol_underscore="check" +[tmp_do_check="no" case "${target}" in i386-emx-os2 | i[3456]86-pc-os2*emx ) ac_cv_sys_symbol_underscore=yes @@ -568,11 +568,13 @@ case "${target}" in *) if test "$cross_compiling" = yes; then ac_cv_sys_symbol_underscore=yes + else + tmp_do_check="yes" fi ;; esac -if test "$ac_cv_sys_symbol_underscore" = "check"; then +if test "$tmp_do_check" = "yes"; then ac_cv_sys_symbol_underscore="" AC_REQUIRE([GNUPG_PROG_NM])dnl AC_REQUIRE([GNUPG_SYS_NM_PARSE])dnl diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 1c6a7c15e..73a42ba49 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,15 @@ +Thu Jul 15 10:15:35 CEST 1999 Werner Koch + + + * elgamal.c (elg_check_secret_key,elg_encrypt + elg_decrypt,elg_sign,elg_verify): Sanity check on the args. + * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto. + + * pubkey.c (disable_pubkey_algo): New. + (check_pubkey_algo2): Look at disabled algo table. + * cipher.c (disable_cipher_algo): New. + (check_cipher_algo): Look at disabled algo table. + Wed Jul 7 13:08:40 CEST 1999 Werner Koch * Makefile.am: Support for libtool. diff --git a/cipher/cipher.c b/cipher/cipher.c index 59b6f2efb..ac77e5b02 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -48,6 +48,7 @@ struct cipher_table_s { }; static struct cipher_table_s cipher_table[TABLE_SIZE]; +static int disabled_algos[TABLE_SIZE]; struct cipher_handle_s { @@ -246,6 +247,22 @@ cipher_algo_to_string( int algo ) return NULL; } + +void +disable_cipher_algo( int algo ) +{ + int i; + + for(i=0; i < DIM(disabled_algos); i++ ) { + if( !disabled_algos[i] || disabled_algos[i] == algo ) { + disabled_algos[i] = algo; + return; + } + } + /* fixme: we should use a linked list */ + log_fatal("can't disable cipher algo %d: table full\n"); +} + /**************** * Return 0 if the cipher algo is available */ @@ -256,8 +273,13 @@ check_cipher_algo( int algo ) do { for(i=0; cipher_table[i].name; i++ ) - if( cipher_table[i].algo == algo ) - return 0; /* okay */ + if( cipher_table[i].algo == algo ) { + for(i=0; i < DIM(disabled_algos); i++ ) { + if( disabled_algos[i] == algo ) + return G10ERR_CIPHER_ALGO; + } + return 0; /* okay */ + } } while( load_cipher_modules() ); return G10ERR_CIPHER_ALGO; } diff --git a/cipher/dsa.c b/cipher/dsa.c index 9154f49d6..5828b9508 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -300,6 +300,7 @@ verify(MPI r, MPI s, MPI hash, DSA_public_key *pkey ) MPI base[3]; MPI exp[3]; + if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) ) return 0; /* assertion 0 < r < q failed */ if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) ) @@ -365,6 +366,8 @@ dsa_check_secret_key( int algo, MPI *skey ) if( algo != PUBKEY_ALGO_DSA ) return G10ERR_PUBKEY_ALGO; + if( !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.q = skey[1]; @@ -386,6 +389,8 @@ dsa_sign( int algo, MPI *resarr, MPI data, MPI *skey ) if( algo != PUBKEY_ALGO_DSA ) return G10ERR_PUBKEY_ALGO; + if( !data || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.q = skey[1]; @@ -406,6 +411,9 @@ dsa_verify( int algo, MPI hash, MPI *data, MPI *pkey, if( algo != PUBKEY_ALGO_DSA ) return G10ERR_PUBKEY_ALGO; + if( !data[0] || !data[1] || !hash + || !pkey[0] || !pkey[1] || !pkey[2] || !pkey[3] ) + return G10ERR_BAD_MPI; pk.p = pkey[0]; pk.q = pkey[1]; diff --git a/cipher/elgamal.c b/cipher/elgamal.c index 4b9758628..bbf9c2782 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -459,6 +459,8 @@ elg_check_secret_key( int algo, MPI *skey ) if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !skey[0] || !skey[1] || !skey[2] || !skey[3] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.g = skey[1]; @@ -479,6 +481,8 @@ elg_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ) if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !data || !pkey[0] || !pkey[1] || !pkey[2] ) + return G10ERR_BAD_MPI; pk.p = pkey[0]; pk.g = pkey[1]; @@ -496,6 +500,9 @@ elg_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !data[0] || !data[1] + || !skey[0] || !skey[1] || !skey[2] || !skey[3] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.g = skey[1]; @@ -513,6 +520,8 @@ elg_sign( int algo, MPI *resarr, MPI data, MPI *skey ) if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !data || !skey[0] || !skey[1] || !skey[2] || !skey[3] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.g = skey[1]; @@ -532,6 +541,9 @@ elg_verify( int algo, MPI hash, MPI *data, MPI *pkey, if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !data[0] || !data[1] || !hash + || !pkey[0] || !pkey[1] || !pkey[2] ) + return G10ERR_BAD_MPI; pk.p = pkey[0]; pk.g = pkey[1]; diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 81574dbd9..548d2e819 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -54,7 +54,7 @@ struct pubkey_table_s { }; static struct pubkey_table_s pubkey_table[TABLE_SIZE]; - +static int disabled_algos[TABLE_SIZE]; static int @@ -267,6 +267,20 @@ pubkey_algo_to_string( int algo ) } +void +disable_pubkey_algo( int algo ) +{ + int i; + + for(i=0; i < DIM(disabled_algos); i++ ) { + if( !disabled_algos[i] || disabled_algos[i] == algo ) { + disabled_algos[i] = algo; + return; + } + } + log_fatal("can't disable pubkey algo %d: table full\n"); +} + int check_pubkey_algo( int algo ) @@ -291,6 +305,11 @@ check_pubkey_algo2( int algo, unsigned use ) if( (use & PUBKEY_USAGE_ENC) && !(pubkey_table[i].use & PUBKEY_USAGE_ENC) ) return G10ERR_WR_PUBKEY_ALGO; + + for(i=0; i < DIM(disabled_algos); i++ ) { + if( disabled_algos[i] == algo ) + return G10ERR_PUBKEY_ALGO; + } return 0; /* okay */ } } while( load_pubkey_modules() ); diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 2e0758253..2c73715ae 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -940,6 +940,7 @@ selected from the preferences stored with the key. + --digest-algo &ParmName; @@ -997,6 +998,21 @@ not encrypt the data. + +--disable-cipher-algo &ParmName; + +Never allow the use of &ParmName; as cipher algorithm. +The given name will not be checked so that a later loaded algorithm +will still get disabled. + + + +--disable-pubkey-algo &ParmName; + +Never allow the use of &ParmName; as public key algorithm. +The given name will not be checked so that a later loaded algorithm +will still get disabled. + --throw-keyid diff --git a/g10/ChangeLog b/g10/ChangeLog index 3b8ed4bbe..937677f47 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +Thu Jul 15 10:15:35 CEST 1999 Werner Koch + + + * g10.c: New options --disable-{cipher,pubkey}-algo. + Wed Jul 14 19:42:08 CEST 1999 Werner Koch diff --git a/g10/g10.c b/g10/g10.c index 02210423e..0e0999fbb 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -172,6 +172,8 @@ enum cmd_and_opt_values { aNull = 0, oLoggerFD, oUtf8Strings, oNoUtf8Strings, + oDisableCipherAlgo, + oDisablePubkeyAlgo, aTest }; @@ -328,6 +330,8 @@ static ARGPARSE_OPTS opts[] = { { oUtf8Strings, "utf8-strings", 0, "@" }, { oNoUtf8Strings, "no-utf8-strings", 0, "@" }, { oWithFingerprint, "with-fingerprint", 0, "@" }, + { oDisableCipherAlgo, "disable-cipher-algo", 2, "@" }, + { oDisablePubkeyAlgo, "disable-pubkey-algo", 2, "@" }, {0} }; @@ -833,6 +837,12 @@ main( int argc, char **argv ) case oNotation: add_notation_data( pargs.r.ret_str ); break; case oUtf8Strings: utf8_strings = 1; break; case oNoUtf8Strings: utf8_strings = 0; break; + case oDisableCipherAlgo: + disable_cipher_algo( string_to_cipher_algo(pargs.r.ret_str) ); + break; + case oDisablePubkeyAlgo: + disable_pubkey_algo( string_to_pubkey_algo(pargs.r.ret_str) ); + break; default : pargs.err = configfp? 1:2; break; } diff --git a/include/cipher.h b/include/cipher.h index a420f4f6b..a3f0eeba2 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -128,6 +128,7 @@ void rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length ); /*-- cipher.c --*/ int string_to_cipher_algo( const char *string ); const char * cipher_algo_to_string( int algo ); +void disable_cipher_algo( int algo ); int check_cipher_algo( int algo ); unsigned cipher_get_keylen( int algo ); unsigned cipher_get_blocksize( int algo ); @@ -147,6 +148,7 @@ void cipher_sync( CIPHER_HANDLE c ); int string_to_pubkey_algo( const char *string ); const char * pubkey_algo_to_string( int algo ); +void disable_pubkey_algo( int algo ); int check_pubkey_algo( int algo ); int check_pubkey_algo2( int algo, unsigned use ); int pubkey_get_npkey( int algo );