diff --git a/TODO b/TODO index 01a44e4f1..45d066797 100644 --- a/TODO +++ b/TODO @@ -28,8 +28,6 @@ * Speed up calculation of key validation. - * Allow a replacement for the progress functions in ./cipher - * print a warning when a revoked/expired _secret_ key is used. * --disable-asm should still assemble _udiv_qrnnd when needed @@ -47,6 +45,12 @@ * Delay the read of the passphrase-fd afte a NEED_PASSPHRASE. But this may break some scripts. + * as soon as we have moved to KBX, we can check signatures at all places + because there is no perfomance drawback as we can store the result of + a verification in the KBX. This enable us to better print information on + revoked user IDs and signatures. Well, caching of non-self-signatures + will still be complicated. + Nice to have ------------ diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 72129a898..f13c0fb9c 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,9 @@ +Tue Jul 25 17:44:15 CEST 2000 Werner Koch + + * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt, + gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with + the new S-Exp interface. + Mon Jul 17 16:35:47 CEST 2000 Werner Koch * random.c (gather_faked): Replaced make_timestamp by time(2) again. diff --git a/cipher/pubkey.c b/cipher/pubkey.c index b139720d6..7ef6f18b7 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -701,25 +701,38 @@ sexp_to_key( GCRY_SEXP sexp, int want_private, MPI **retarray, int *retalgo) :"public-key", 0 ); if( !list ) return GCRYERR_INV_OBJ; /* Does not contain a public- or private-key object */ - list = gcry_sexp_cdr( list ); + l2 = gcry_sexp_cdr( list ); + gcry_sexp_release ( list ); + list = l2; if( !list ) return GCRYERR_NO_OBJ; /* no cdr for the key object */ + l2 = gcry_sexp_car( list ); + gcry_sexp_release ( list ); + list = l2; + if( !list ) + return GCRYERR_NO_OBJ; /* no car for the key object */ name = gcry_sexp_car_data( list, &n ); - if( !name ) + if( !name ) { + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* invalid structure of object */ + } for(i=0; (s=algo_info_table[i].name); i++ ) { if( strlen(s) == n && !memcmp( s, name, n ) ) break; } - if( !s ) + if( !s ) { + gcry_sexp_release ( list ); return GCRYERR_INV_PK_ALGO; /* unknown algorithm */ + } algo = algo_info_table[i].algo; elems1 = algo_info_table[i].common_elements; elems2 = want_private? algo_info_table[i].secret_elements : algo_info_table[i].public_elements; array = g10_calloc( strlen(elems1)+strlen(elems2)+1, sizeof *array ); - if( !array ) + if( !array ) { + gcry_sexp_release ( list ); return GCRYERR_NO_MEM; + } idx = 0; for(s=elems1; *s; s++, idx++ ) { @@ -728,13 +741,16 @@ sexp_to_key( GCRY_SEXP sexp, int want_private, MPI **retarray, int *retalgo) for(i=0; i DIM(mpis) ) + BUG (); + + /* build the string */ + nelem = 0; + string = p = g10_xmalloc ( needed ); + p = stpcpy ( p, "(key-data(" ); + + p = stpcpy ( p, "(public-key(" ); + p = stpcpy ( p, algo_name ); + for(i=0; pub_elems[i]; i++ ) { + *p++ = '('; + *p++ = pub_elems[i]; + p = stpcpy ( p, "%m)" ); + mpis[nelem++] = skey[i]; + } + strcpy ( p, "))" ); + + p = stpcpy ( p, "(private-key(" ); + p = stpcpy ( p, algo_name ); + for(i=0; sec_elems[i]; i++ ) { + *p++ = '('; + *p++ = sec_elems[i]; + p = stpcpy ( p, "%m)" ); + mpis[nelem++] = skey[i]; + } + strcpy ( p, "))" ); + + p = stpcpy ( p, "(misc-key-info(pm1-factors" ); + for(i=0; factors[i]; i++ ) { + p = stpcpy ( p, "%m" ); + mpis[nelem++] = factors[i]; + } + strcpy ( p, "))" ); + + while ( nelem < DIM(mpis) ) + mpis[nelem++] = NULL; + + /* and now the ugly part: we don't have a function to + * pass an array to a format string, so we have just pass everything + * we have. which normally should be no problem as only those + * with a corresponding %m are used + */ + if ( gcry_sexp_build ( r_key, NULL, string, + mpis[0], mpis[1], mpis[2], mpis[3], mpis[4], mpis[5], + mpis[6], mpis[7], mpis[8], mpis[9], mpis[10], mpis[11], + mpis[12], mpis[13], mpis[14], mpis[15], mpis[16], mpis[17], + mpis[18], mpis[19], mpis[20], mpis[21], mpis[22], mpis[23], + mpis[24], mpis[25], mpis[26], mpis[27], mpis[28], mpis[29] + ) ) + BUG (); + assert ( DIM(mpis) == 29 ); + g10_free ( string ); + } + release_mpi_array ( skey ); + release_mpi_array ( factors ); - /* and put all together */ - *r_key = gcry_sexp_vlist( SEXP_NEW( "key-data", 0 ), - pub_list, sec_list, misc_list, NULL ); - gcry_sexp_release( pub_list ); - gcry_sexp_release( sec_list ); - gcry_sexp_release( misc_list ); return 0; } diff --git a/g10/ChangeLog b/g10/ChangeLog index 6d3aa7cc4..893fed136 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,19 @@ +Tue Jul 25 17:44:15 CEST 2000 Werner Koch + + * keyedit.c (menu_expire): expire date for primary key can be set again. + + * keylist.c (is_uid_valid): New. + (list_keyblock): Print validity information for all user IDs. Note, this + has to be done at other places too; for now we have only minimal support. + + * sign.c (pk_sign): Changed to use the new S-Exp interface. + * encode.c (pk_encrypt): Ditto. + * sig-check.c (pk_verify): Ditto. + * seckey-cert.c (pk_check_secret_key): Ditto. + * pubkey-enc.c (pk_decrypt): Ditto. + * misc.c (pubkey_nbits): Ditto. + * keygen.c (key_from_sexp,factors_from_sexp,gen_elg,gen_dsa): Ditto. + Fri Jul 14 19:38:23 CEST 2000 Werner Koch Replaced everything with the code from the STABLE-BRANCH-1-0 and diff --git a/g10/encode.c b/g10/encode.c index 6195b533c..e1ef5b2ae 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -54,18 +54,19 @@ pk_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ) /* make a sexp from pkey */ if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), - gcry_sexp_new_name_mpi( "p", pkey[0] ), - gcry_sexp_new_name_mpi( "g", pkey[1] ), - gcry_sexp_new_name_mpi( "y", pkey[2] ), - NULL )); + rc = gcry_sexp_build ( &s_pkey, NULL, + "(public-key(elg(p%m)(g%m)(y%m)))", + pkey[0], pkey[1], pkey[2] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + /* put the data into a simple list */ - s_data = gcry_sexp_new_mpi( data ); + if ( gcry_sexp_build( &s_data, NULL, "%m", data ) ) + BUG (); /* pass it to libgcrypt */ rc = gcry_pk_encrypt( &s_ciph, s_data, s_pkey ); @@ -79,10 +80,13 @@ pk_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ) assert( list ); resarr[0] = gcry_sexp_cdr_mpi( list, 0 ); assert( resarr[0] ); + gcry_sexp_release ( list ); + list = gcry_sexp_find_token( s_ciph, "b" , 0 ); assert( list ); resarr[1] = gcry_sexp_cdr_mpi( list, 0 ); assert( resarr[1] ); + gcry_sexp_release ( list ); } gcry_sexp_release( s_ciph ); diff --git a/g10/keyedit.c b/g10/keyedit.c index a64c7e86f..daf4fb41d 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1504,7 +1504,7 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock ) else if( node->pkt->pkttype == PKT_USER_ID ) uid = node->pkt->pkt.user_id; else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE - && sub_pk != NULL ) { + && (mainkey || sub_pk ) ) { PKT_signature *sig = node->pkt->pkt.signature; if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] && ( (mainkey && uid && (sig->sig_class&~3) == 0x10) diff --git a/g10/keygen.c b/g10/keygen.c index b6c6cc7e3..3b3d95e3b 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -254,7 +254,9 @@ key_from_sexp( GCRY_MPI *array, list = gcry_sexp_find_token( sexp, topname, 0 ); if( !list ) return GCRYERR_INV_OBJ; - list = gcry_sexp_cdr( list ); + l2 = gcry_sexp_cdr( list ); + gcry_sexp_release ( list ); + list = l2; if( !list ) return GCRYERR_NO_OBJ; @@ -266,17 +268,21 @@ key_from_sexp( GCRY_MPI *array, gcry_free( array[i] ); array[i] = NULL; } + gcry_sexp_release ( list ); return GCRYERR_NO_OBJ; /* required parameter not found */ } array[idx] = gcry_sexp_cdr_mpi( l2, GCRYMPI_FMT_USG ); + gcry_sexp_release ( l2 ); if( !array[idx] ) { for(i=0; i 1024 || nbits < 512 ) { @@ -460,11 +473,9 @@ gen_dsa(unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, log_info(_("keysize rounded up to %u bits\n"), nbits ); } - sprintf(buf, "%u", nbits ); - s_parms = SEXP_CONS( SEXP_NEW( "genkey", 0 ), - SEXP_CONS( SEXP_NEW("dsa",0), - gcry_sexp_new_name_data( "nbits", buf, 0 ) ) - ); + if ( gcry_sexp_build ( &s_parms, NULL, + "(genkey(dsa(nbits %d)))", (int)nbits ) ) + BUG (); rc = gcry_pk_genkey( &s_key, s_parms ); gcry_sexp_release( s_parms ); diff --git a/g10/keylist.c b/g10/keylist.c index 751a61c9b..4109968c0 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -105,6 +105,83 @@ list_all( int secret ) } +/**************** + * Check whether the user ID at NODE is valid; that is it has a + * valid self-signature but no later valid revocation. + * Caller has to pass the keyID of the primary in mainkey. + * Returns: NULL = valid + * string with the reason why it is invalid + */ +static const char * +is_uid_valid ( KBNODE keyblock, KBNODE uidnode, u32 *mainkid ) +{ + KBNODE node; + PKT_signature *selfsig = NULL; /* the latest valid self signature */ + + /* The key signature verify function can's handle secret keys yet and + * becuase we are not sure whether the duplication of user IDs and + * self-signatures should be kept on secret keys we are not going to fix + * it there. */ + if ( keyblock->pkt->pkttype == PKT_SECRET_KEY ) + return NULL; + + assert ( uidnode->pkt->pkttype == PKT_USER_ID + || uidnode->pkt->pkttype == PKT_PHOTO_ID ); + + /* first find out about the latest valid self-signature */ + for ( node = uidnode->next; node; node = node->next ) { + PKT_signature *sig; + + if ( node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_PHOTO_ID + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY ) + break; + if ( node->pkt->pkttype != PKT_SIGNATURE ) + continue; + sig = node->pkt->pkt.signature; + if ( mainkid[0] != sig->keyid[0] || mainkid[1] != sig->keyid[1] ) + continue; /* we only care about self-signatures for now */ + + if ( (sig->sig_class&~3) == 0x10 ) { /* regular self signature */ + if ( !check_key_signature( keyblock, node, NULL ) ) { + if ( !selfsig ) + selfsig = sig; /* use the first valid sig */ + else if ( sig->timestamp > selfsig->timestamp + && sig->sig_class >= selfsig->sig_class ) + selfsig = sig; /* but this one is newer */ + } + } + } + + if ( !selfsig ) + return _("invalid"); /* no valid self signature */ + + /* watch out for a newer revocation */ + for ( node = uidnode->next; node; node = node->next ) { + PKT_signature *sig; + + if ( node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_PHOTO_ID + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY ) + break; + if ( node->pkt->pkttype != PKT_SIGNATURE ) + continue; + sig = node->pkt->pkt.signature; + if ( mainkid[0] != sig->keyid[0] || mainkid[1] != sig->keyid[1] ) + continue; /* we only care about self-signatures for now */ + + if ( sig->sig_class == 0x30 + && sig->timestamp >= selfsig->timestamp ) { + if ( !check_key_signature( keyblock, node, NULL ) ) + return _("revoked"); + } + } + + return NULL; /* UID is valid */ +} + static void list_one( STRLIST names, int secret ) @@ -263,9 +340,13 @@ list_keyblock( KBNODE keyblock, int secret ) node->pkt->pkt.user_id->len, ':' ); putchar(':'); } - else + else { + const char *s = is_uid_valid ( keyblock, node, keyid ); + if ( s ) + printf ("[%s] ", s ); print_utf8_string( stdout, node->pkt->pkt.user_id->name, node->pkt->pkt.user_id->len ); + } putchar('\n'); if( !any ) { diff --git a/g10/misc.c b/g10/misc.c index e7bd8fac6..44a6f76b1 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -420,40 +420,34 @@ pubkey_get_nenc( int algo ) return n > 0? n : 0; } + unsigned int pubkey_nbits( int algo, MPI *key ) { - int nbits; + int rc, nbits; GCRY_SEXP sexp; - if( algo == GCRY_PK_DSA ) { - sexp = SEXP_CONS( SEXP_NEW( "public-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 3 ), - gcry_sexp_new_name_mpi( "p", key[0] ), - gcry_sexp_new_name_mpi( "q", key[1] ), - gcry_sexp_new_name_mpi( "g", key[2] ), - gcry_sexp_new_name_mpi( "y", key[3] ), - NULL )); + rc = gcry_sexp_build ( &sexp, NULL, + "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", + key[0], key[1], key[2], key[3] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - sexp = SEXP_CONS( SEXP_NEW( "public-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), - gcry_sexp_new_name_mpi( "p", key[0] ), - gcry_sexp_new_name_mpi( "g", key[1] ), - gcry_sexp_new_name_mpi( "y", key[2] ), - NULL )); + rc = gcry_sexp_build ( &sexp, NULL, + "(public-key(elg(p%m)(g%m)(y%m)))", + key[0], key[1], key[2] ); } else if( algo == GCRY_PK_RSA ) { - sexp = SEXP_CONS( SEXP_NEW( "public-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), - gcry_sexp_new_name_mpi( "n", key[0] ), - gcry_sexp_new_name_mpi( "e", key[1] ), - NULL )); + rc = gcry_sexp_build ( &sexp, NULL, + "(public-key(rsa(n%m)(e%m)))", + key[0], key[1] ); } else return 0; + if ( rc ) + BUG (); + nbits = gcry_pk_get_nbits( sexp ); gcry_sexp_release( sexp ); return nbits; diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 2019d0301..aa848a2cb 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -51,45 +51,36 @@ pk_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) *result = NULL; /* make a sexp from skey */ if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 0 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "g", skey[1] ), - gcry_sexp_new_name_mpi( "y", skey[2] ), - gcry_sexp_new_name_mpi( "x", skey[3] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(elg(p%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3] ); } else if( algo == GCRY_PK_RSA ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 0 ), - gcry_sexp_new_name_mpi( "n", skey[0] ), - gcry_sexp_new_name_mpi( "e", skey[1] ), - gcry_sexp_new_name_mpi( "d", skey[2] ), - gcry_sexp_new_name_mpi( "p", skey[3] ), - gcry_sexp_new_name_mpi( "q", skey[4] ), - gcry_sexp_new_name_mpi( "u", skey[5] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4], skey[5] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + /* put data into a S-Exp s_data */ if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_data = SEXP_CONS( SEXP_NEW( "enc-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 0 ), - gcry_sexp_new_name_mpi( "a", data[0] ), - gcry_sexp_new_name_mpi( "b", data[1] ), - NULL )); + rc = gcry_sexp_build ( &s_data, NULL, + "(enc-val(elg(a%m)(b%m)))", data[0], data[1] ); } else if( algo == GCRY_PK_RSA ) { - s_data = SEXP_CONS( SEXP_NEW( "enc-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 0 ), - gcry_sexp_new_name_mpi( "a", data[0] ), - NULL )); + rc = gcry_sexp_build ( &s_data, NULL, + "(enc-val(rsa(a%m)))", data[0] ); } else BUG(); + if ( rc ) + BUG (); + rc = gcry_pk_decrypt( &s_plain, s_data, s_skey ); gcry_sexp_release( s_skey ); gcry_sexp_release( s_data); @@ -97,6 +88,7 @@ pk_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) return rc; *result = gcry_sexp_car_mpi( s_plain, 0 ); + gcry_sexp_release( s_plain ); if( !*result ) return -1; /* oops */ diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index ab09b8f4d..1f511c229 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -46,38 +46,26 @@ pk_check_secret_key( int algo, MPI *skey ) /* make a sexp from skey */ if( algo == GCRY_PK_DSA ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 0 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "q", skey[1] ), - gcry_sexp_new_name_mpi( "g", skey[2] ), - gcry_sexp_new_name_mpi( "y", skey[3] ), - gcry_sexp_new_name_mpi( "x", skey[4] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 0 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "g", skey[1] ), - gcry_sexp_new_name_mpi( "y", skey[2] ), - gcry_sexp_new_name_mpi( "x", skey[3] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(elg(p%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3] ); } else if( algo == GCRY_PK_RSA ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 0 ), - gcry_sexp_new_name_mpi( "n", skey[0] ), - gcry_sexp_new_name_mpi( "e", skey[1] ), - gcry_sexp_new_name_mpi( "d", skey[2] ), - gcry_sexp_new_name_mpi( "p", skey[3] ), - gcry_sexp_new_name_mpi( "q", skey[4] ), - gcry_sexp_new_name_mpi( "u", skey[5] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4], skey[5] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + rc = gcry_pk_testkey( s_skey ); gcry_sexp_release( s_skey ); return rc; diff --git a/g10/sig-check.c b/g10/sig-check.c index f12cfa6d3..ba392414a 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -61,59 +61,49 @@ pk_verify( int algo, MPI hash, MPI *data, MPI *pkey, /* make a sexp from pkey */ if( algo == GCRY_PK_DSA ) { - s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 10 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 3 ), - gcry_sexp_new_name_mpi( "p", pkey[0] ), - gcry_sexp_new_name_mpi( "q", pkey[1] ), - gcry_sexp_new_name_mpi( "g", pkey[2] ), - gcry_sexp_new_name_mpi( "y", pkey[3] ), - NULL )); + rc = gcry_sexp_build ( &s_pkey, NULL, + "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", + pkey[0], pkey[1], pkey[2], pkey[3] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 10 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), - gcry_sexp_new_name_mpi( "p", pkey[0] ), - gcry_sexp_new_name_mpi( "g", pkey[1] ), - gcry_sexp_new_name_mpi( "y", pkey[2] ), - NULL )); + rc = gcry_sexp_build ( &s_pkey, NULL, + "(public-key(dsa(p%m)(g%m)(y%m)))", + pkey[0], pkey[1], pkey[2] ); } else if( algo == GCRY_PK_RSA ) { - s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 10 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), - gcry_sexp_new_name_mpi( "n", pkey[0] ), - gcry_sexp_new_name_mpi( "e", pkey[1] ), - NULL )); + rc = gcry_sexp_build ( &s_pkey, NULL, + "(public-key(rsa(n%m)(e%m)))", + pkey[0], pkey[1] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + /* put hash into a S-Exp s_hash */ - s_hash = gcry_sexp_new_mpi( hash ); + if ( gcry_sexp_build( &s_hash, NULL, "%m", hash ) ) + BUG (); /* put data into a S-Exp s_sig */ if( algo == GCRY_PK_DSA ) { - s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 0 ), - gcry_sexp_new_name_mpi( "r", data[0] ), - gcry_sexp_new_name_mpi( "s", data[1] ), - NULL )); + rc = gcry_sexp_build ( &s_sig, NULL, + "(sig-val(dsa(r%m)(s%m)))", data[0], data[1] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 0 ), - gcry_sexp_new_name_mpi( "r", data[0] ), - gcry_sexp_new_name_mpi( "s", data[1] ), - NULL )); + rc = gcry_sexp_build ( &s_sig, NULL, + "(sig-val(elg(r%m)(s%m)))", data[0], data[1] ); } else if( algo == GCRY_PK_RSA ) { - s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), - gcry_sexp_new_name_mpi( "s", data[0] ), - NULL )); + rc = gcry_sexp_build ( &s_sig, NULL, + "(sig-val(rsa(s%m)))", data[0] ); } else BUG(); + if ( rc ) + BUG (); + rc = gcry_pk_verify( s_sig, s_hash, s_pkey ); gcry_sexp_release( s_sig ); diff --git a/g10/sign.c b/g10/sign.c index 9d0c203b8..ca469c07c 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -58,29 +58,24 @@ pk_sign( int algo, MPI *data, MPI hash, MPI *skey ) /* make a sexp from skey */ if( algo == GCRY_PK_DSA ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 3 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "q", skey[1] ), - gcry_sexp_new_name_mpi( "g", skey[2] ), - gcry_sexp_new_name_mpi( "y", skey[3] ), - gcry_sexp_new_name_mpi( "x", skey[4] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "g", skey[1] ), - gcry_sexp_new_name_mpi( "y", skey[2] ), - gcry_sexp_new_name_mpi( "x", skey[3] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(elg(p%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + /* put hash into a S-Exp s_hash */ - s_hash = gcry_sexp_new_mpi( hash ); + if ( gcry_sexp_build( &s_hash, NULL, "%m", hash ) ) + BUG (); rc = gcry_pk_sign( &s_sig, s_hash, s_skey ); gcry_sexp_release( s_hash ); @@ -93,10 +88,13 @@ pk_sign( int algo, MPI *data, MPI hash, MPI *skey ) assert( list ); data[0] = gcry_sexp_cdr_mpi( list, 0 ); assert( data[0] ); + gcry_sexp_release (list); + list = gcry_sexp_find_token( s_sig, "s" , 0 ); assert( list ); data[1] = gcry_sexp_cdr_mpi( list, 0 ); assert( data[1] ); + gcry_sexp_release (list); } diff --git a/mpi/ChangeLog b/mpi/ChangeLog index 7119d1e2a..6bdeaf254 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,7 @@ +Tue Jul 25 17:44:15 CEST 2000 Werner Koch + + * config.links: Support for powerpc--netbsd by Gabriel Rosenkoetter. + Mon Jul 17 16:35:47 CEST 2000 Werner Koch * power/: Add all files from GMP for this CPU. Converted comments to diff --git a/mpi/config.links b/mpi/config.links index 6a2cbfb53..6f6b276da 100644 --- a/mpi/config.links +++ b/mpi/config.links @@ -178,6 +178,16 @@ case "${target}" in cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h path="powerpc32" ;; + + powerpc*-*-netbsd*) + echo '/* configured NetBSD on powerpc */' >>./mpi/asm-syntax.h + echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h + mpi_sflags="-Wa,-mppc" + path="powerpc32" + ;; + + rs6000-*-aix[456789]* | \ rs6000-*-aix3.2.[456789]) mpi_sflags="-Wa,-mpwr" diff --git a/util/iobuf.c b/util/iobuf.c index d4900f416..ce63b55b8 100644 --- a/util/iobuf.c +++ b/util/iobuf.c @@ -468,7 +468,7 @@ int iobuf_close( IOBUF a ) { IOBUF a2; - size_t dummy_len; + size_t dummy_len = 0; int rc=0; if( a && a->directfp ) { @@ -986,7 +986,7 @@ underflow(IOBUF a) } if( a->use == 1 && rc == -1 ) { /* EOF: we can remove the filter */ - size_t dummy_len; + size_t dummy_len=0; /* and tell the filter to free itself */ if( (rc = a->filter(a->filter_ov, IOBUFCTRL_FREE, a->chain,