security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00
Code Activity

See ChangeLog: Wed Jul 7 13:23:40 CEST 1999 Werner Koch

Browse Source
This commit is contained in:
Werner Koch 1999-07-07 11:28:26 +00:00
parent 86abac78a2
commit bd7298cf0d
35 changed files with 4711 additions and 4608 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* Makefile.am: Support for libtool.
* configure.in: Ditto.
Tue Jun 29 21:44:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

5
Makefile.am
View File

@ -23,9 +23,11 @@ dist-hook:
sed -e 's/@pkg_version@/$(VERSION)/g' \
$(top_srcdir)/scripts/gnupg.spec.in \
> $(distdir)/scripts/gnupg.spec
rm $(distdir)/gcrypt/*.[ch]
# maintainer only
if MAINTAINER_MODE
# This is only useful within my local environment (wk)
cvs-get:
rsync -Cavuzb --exclude scratch --exclude .deps \
wkoch@sigtrap.guug.de:work/gnupg .
@ -36,6 +38,7 @@ cvs-put:
cvs-sync: cvs-get cvs-put
endif
.PHONY: cvs-get cvs-put cvs-sync

3
NEWS
View File

@ -5,6 +5,9 @@
* You will be asked for a filename if gpg cannot deduce one.
* Changes to support libtool which is needed for the development
of libgcrypt.
Noteworthy changes in version 0.9.8
-----------------------------------

2
TODO
View File

@ -33,7 +33,6 @@ Nice to have
utility and SOCKSify this utility.
* Do a real fix for bug #7 or document that it is a PGP 5 error.
* preferences of hash algorithms are not yet used.
* new menu to delete signatures and list signature in menu
* Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
or use POSIX.4 realtime signals. Overhaul the interface and the
test program. Use it with the test suite?
@ -42,7 +41,6 @@ Nice to have
* Burn the buffers used by fopen(), or use read(2). Does this
really make sense? And while we are at it: implement a secure deletion
stuff?
* Stats about used random numbers.
* the pubkey encrypt functions should do some sanity checks.
* dynload: implement the hint stuff.
* "gpg filename.tar.gz.asc" sollte wie mit --verify funktionieren (-sab).

5
cipher/ChangeLog
View File

@ -1,3 +1,8 @@
Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* Makefile.am: Support for libtool.
Fri Jul 2 11:45:54 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

9
cipher/Makefile.am
View File

@ -3,7 +3,7 @@
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
noinst_LIBRARIES = libcipher.a
noinst_LTLIBRARIES = libcipher.la
# The configure script greps the module names from the following lines.
# You must also add all these names to EXTRA_PROGRAMS some lines below
@ -33,7 +33,8 @@ endif
DYNLINK_MOD_CFLAGS = -DIS_MODULE @DYNLINK_MOD_CFLAGS@
libcipher_a_SOURCES = cipher.c \
libcipher_la_LDFLAGS =
libcipher_la_SOURCES = cipher.c \
pubkey.c \
md.c \
dynload.c \
@ -62,8 +63,8 @@ libcipher_a_SOURCES = cipher.c \
BUILT_SOURCES = construct.c
libcipher_a_DEPENDENCIES = @STATIC_CIPHER_OBJS@
libcipher_a_LIBADD = @STATIC_CIPHER_OBJS@
libcipher_la_DEPENDENCIES = @STATIC_CIPHER_OBJS@
libcipher_la_LIBADD = @STATIC_CIPHER_OBJS@
# If I remember it correct, automake 1.4 has a feature to set

24
configure.in
View File

@ -109,8 +109,18 @@ AC_MSG_CHECKING([whether compilation of libgcrypt is requested])
AC_ARG_ENABLE(libgcrypt,
[ --enable-libgcrypt compile the libgcrypt [default=no]],
[compile_libgcrypt="$enableval"],[compile_libgcrypt=no])
AM_CONDITIONAL(COMPILE_LIBGCRYPT, test x$compile_libgcrypt = xyes)
AC_MSG_RESULT($compile_libgcrypt)
if test x$compile_libgcrypt = xyes ; then
if test -f $srcdir/gcrypt/gcrypt.h; then
:
else
compile_libgcrypt=no
AC_MSG_WARN([[
*** LIBGCRYPT is not yet ready for public testing.
*** Maybe you have more luck with the next release of GnuPG]])
fi
fi
AM_CONDITIONAL(COMPILE_LIBGCRYPT, test x$compile_libgcrypt = xyes)
dnl
@ -123,6 +133,8 @@ AC_ARG_WITH(capabilities,
AC_MSG_RESULT($use_capabilities)
AM_MAINTAINER_MODE
dnl Checks for programs.
AC_CANONICAL_SYSTEM
@ -139,15 +151,17 @@ AC_PROG_CC
AC_PROG_CPP
AC_ISC_POSIX
AC_PROG_INSTALL
AC_PROG_RANLIB
AC_PROG_AWK
AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no)
AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes)
dnl
dnl Don't default to build shared libs
dnl Build shared libraries only when compilation of libgcrypt
dnl has been requested
dnl
AM_DISABLE_SHARED
enable_shared="$compile_libgcrypt"
AM_PROG_LIBTOOL
@ -486,7 +500,7 @@ for name in $MODULES_IN_CIPHER; do
done;
if test $x = yes; then
STATIC_CIPHER_NAMES="$STATIC_CIPHER_NAMES $name"
STATIC_CIPHER_OBJS="$STATIC_CIPHER_OBJS $name.o"
STATIC_CIPHER_OBJS="$STATIC_CIPHER_OBJS $name.lo"
else
DYNAMIC_CIPHER_MODS="$DYNAMIC_CIPHER_MODS $name"
GNUPG_MSG_PRINT([$name])
@ -556,7 +570,7 @@ if test "$ac_cv_mpi_extra_asm_modules" != ""; then
GNUPG_MSG_PRINT([mpi extra asm functions:])
for i in $ac_cv_mpi_extra_asm_modules; do
GNUPG_MSG_PRINT([$i])
MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.o"
MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.lo"
done
AC_MSG_RESULT()
fi

17
g10/ChangeLog
View File

@ -1,3 +1,20 @@
Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* Makefile.am: Support for libtool.
* keygen.c (ask_expire_interval): Hack to allow for an expire date.
* trustdb.c (do_update_trust_record,update_trust_record): Splitted.
(check_trust_record): New.
(check_trust,build_cert_tree): Check the dir record as needed.
(upd_pref_record): Removed.
(make_pref_record): New.
(propagate_validity): Stop as soon as we have enough validity.
* tbdio.c (MAX_CACHE_ENTRIES_HARD): Increased the limit.
Fri Jul 2 11:45:54 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

2
g10/Makefile.am
View File

@ -4,7 +4,7 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
EXTRA_DIST = OPTIONS pubring.asc options.skel
OMIT_DEPENDENCIES = zlib.h zconf.h
LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@
needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la
#noinst_PROGRAMS = gpgd
bin_PROGRAMS = gpg

5
g10/helptext.c
View File

@ -101,7 +101,10 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
{ N_("keygen.valid"),
"Enter the required value"
"Enter the required value as shown in the pronpt.\n"
"It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
"get a good error response - instead the system tries to interpret\n"
"the given value as an interval."
},
{ N_("keygen.valid.okay"),

4
g10/keyedit.c
View File

@ -592,7 +592,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
{ N_("enable") , cmdENABLEKEY , 0, N_("enable a key") },
{ NULL, cmdNONE } };
enum cmdids cmd;
enum cmdids cmd = 0;
int rc = 0;
KBNODE keyblock = NULL;
KBPOS keyblockpos;
@ -643,7 +643,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
toggle = 0;
cur_keyblock = keyblock;
for(;;) { /* main loop */
int i, arg_number;
int i, arg_number=0;
char *p;
tty_printf("\n");

14
g10/keygen.c
View File

@ -519,13 +519,25 @@ ask_expire_interval(void)
answer = NULL;
for(;;) {
int mult;
u32 abs_date=0;
u32 curtime=0;;
m_free(answer);
answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
cpr_kill_prompt();
trim_spaces(answer);
curtime = make_timestamp();
if( !*answer )
valid_days = 0;
else if( (abs_date = scan_isodatestr(answer)) && abs_date > curtime ) {
/* This calculation is not perfectly okay because we
* are later going to simply multiply by 86400 and don't
* correct for leapseconds. A solution would be to change
* the whole implemenation to work with dates and not intervals
* which are required for v3 keys.
*/
valid_days = abs_date/86400-curtime/86400+1;
}
else if( (mult=check_valid_days(answer)) ) {
valid_days = atoi(answer) * mult;
if( valid_days < 0 || valid_days > 32767 )
@ -544,7 +556,7 @@ ask_expire_interval(void)
interval = valid_days * 86400L;
/* print the date when the key expires */
tty_printf(_("Key expires at %s\n"),
asctimestamp(make_timestamp() + interval ) );
asctimestamp(curtime + interval ) );
}
if( !cpr_enabled()

2
g10/tdbio.c
View File

@ -57,7 +57,7 @@ struct cache_ctrl_struct {
};
#define MAX_CACHE_ENTRIES_SOFT 200 /* may be increased while in a */
#define MAX_CACHE_ENTRIES_HARD 1000 /* transaction to this one */
#define MAX_CACHE_ENTRIES_HARD 10000 /* transaction to this one */
static CACHE_CTRL cache_list;
static int cache_entries;
static int cache_is_dirty;

416
g10/trustdb.c
View File

@ -124,6 +124,9 @@ static int do_check( TRUSTREC *drec, unsigned *trustlevel,
const char *nhash, int (*add_fnc)(ulong),
unsigned *retflgs);
static int get_dir_record( PKT_public_key *pk, TRUSTREC *rec );
static int do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
int recheck, int *modified );
static int check_trust_record( TRUSTREC *drec );
/* a table used to keep track of ultimately trusted keys
* which are the ones from our secrings and the trusted keys */
@ -403,44 +406,6 @@ get_dir_record( PKT_public_key *pk, TRUSTREC *rec )
return rc;
}
/****************
* Get the LID of a public key.
* Returns: The LID of the key (note, that this may be a shadow dir)
* or 0 if not available.
* fixme: make this ftser by putting entries into the sdir hash table
*/
#if 0
static ulong
lid_from_keyid( u32 *keyid )
{
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
TRUSTREC rec;
ulong lid = 0;
int rc;
rc = get_pubkey( pk, keyid );
if( !rc ) {
if( pk->local_id )
lid = pk->local_id;
else {
rc = tdbio_search_dir_bypk( pk, &rec );
if( !rc )
lid = rec.recnum;
else if( rc == -1 ) { /* see whether there is a sdir instead */
u32 akid[2];
keyid_from_pk( pk, akid );
rc = tdbio_search_sdir( akid, pk->pubkey_algo, &rec );
if( !rc )
lid = rec.recnum;
}
}
}
free_public_key( pk );
return lid;
}
#endif
static ulong
lid_from_keyid_no_sdir( u32 *keyid )
{
@ -862,124 +827,6 @@ find_or_create_lid( PKT_signature *sig )
#if 0
static void
upd_pref_record( TRUSTREC *urec, u32 *keyid, PKT_signature *sig )
{
static struct {
sigsubpkttype_t subpkttype;
int preftype;
} ptable[] = {
{ SIGSUBPKT_PREF_SYM, PREFTYPE_SYM },
{ SIGSUBPKT_PREF_HASH, PREFTYPE_HASH },
{ SIGSUBPKT_PREF_COMPR, PREFTYPE_COMPR },
{ 0, 0 }
};
TRUSTREC prec;
ulong lid = urec->r.uid.lid ;
const byte *uidhash = urec->r.uid.namehash;
const byte *s;
size_t n;
int k, i;
ulong recno;
byte prefs_sig[200];
int n_prefs_sig = 0;
byte prefs_rec[200];
int n_prefs_rec = 0;
if( DBG_TRUST )
log_debug("upd_pref_record for %08lX.%lu/%02X%02X\n",
(ulong)keyid[1], lid, uidhash[18], uidhash[19] );
/* check for changed preferences */
for(k=0; ptable[k].subpkttype; k++ ) {
s = parse_sig_subpkt2( sig, ptable[k].subpkttype, &n );
if( s ) {
for( ; n; n--, s++ ) {
if( n_prefs_sig >= DIM(prefs_sig)-1 ) {
log_info("uid %08lX.%lu/%02X%02X: %s\n",
(ulong)keyid[1], lid, uidhash[18], uidhash[19],
_("Too many preferences") );
break;
}
prefs_sig[n_prefs_sig++] = ptable[k].preftype;
prefs_sig[n_prefs_sig++] = *s;
}
}
}
for( recno=urec->r.uid.prefrec; recno; recno = prec.r.pref.next ) {
read_record( recno, &prec, RECTYPE_PREF );
for(i = 0; i < ITEMS_PER_PREF_RECORD; i +=2 ) {
if( n_prefs_rec >= DIM(prefs_rec)-1 ) {
log_info("uid %08lX.%lu/%02X%02X: %s\n",
(ulong)keyid[1], lid, uidhash[18], uidhash[19],
_("Too many preference items") );
break;
}
if( prec.r.pref.data[i] ) {
prefs_rec[n_prefs_rec++] = prec.r.pref.data[i];
prefs_rec[n_prefs_rec++] = prec.r.pref.data[i+1];
}
}
}
if( n_prefs_sig == n_prefs_rec
&& !memcmp( prefs_sig, prefs_rec, n_prefs_sig ) )
return; /* not changed */
/* Preferences have changed: Delete all pref records
* This is much simpler than checking whether we have to
* do update the record at all - the record cache may care about it
*/
for( recno=urec->r.uid.prefrec; recno; recno = prec.r.pref.next ) {
read_record( recno, &prec, RECTYPE_PREF );
delete_record( recno );
}
if( n_prefs_sig > ITEMS_PER_PREF_RECORD )
log_info(_("WARNING: can't yet handle long pref records\n"));
memset( &prec, 0, sizeof prec );
prec.recnum = tdbio_new_recnum();
prec.rectype = RECTYPE_PREF;
prec.r.pref.lid = lid;
if( n_prefs_sig <= ITEMS_PER_PREF_RECORD )
memcpy( prec.r.pref.data, prefs_sig, n_prefs_sig );
else { /* need more than one pref record */
TRUSTREC tmp;
ulong nextrn;
byte *pp = prefs_sig;
n = n_prefs_sig;
memcpy( prec.r.pref.data, pp, ITEMS_PER_PREF_RECORD );
n -= ITEMS_PER_PREF_RECORD;
pp += ITEMS_PER_PREF_RECORD;
nextrn = prec.r.pref.next = tdbio_new_recnum();
do {
memset( &tmp, 0, sizeof tmp );
tmp.recnum = nextrn;
tmp.rectype = RECTYPE_PREF;
tmp.r.pref.lid = lid;
if( n <= ITEMS_PER_PREF_RECORD ) {
memcpy( tmp.r.pref.data, pp, n );
n = 0;
}
else {
memcpy( tmp.r.pref.data, pp, ITEMS_PER_PREF_RECORD );
n -= ITEMS_PER_PREF_RECORD;
pp += ITEMS_PER_PREF_RECORD;
nextrn = tmp.r.pref.next = tdbio_new_recnum();
}
write_record( &tmp );
} while( n );
}
write_record( &prec );
urec->r.uid.prefrec = prec.recnum;
urec->dirty = 1;
}
#endif
/****************
* Check the validity of a key and calculate the keyflags
* keynode points to
@ -1045,7 +892,7 @@ check_keybinding( KBNODE keyblock, KBNODE keynode, u32 *mainkid,
if( opt.verbose )
log_info(_("key %08lX.%lu: Valid key revocation\n"),
(ulong)keyid_from_pk(pk, NULL), lid );
keyflags |= KEYF_REVOKED; /* fixme: revoke the main key too*/
keyflags |= KEYF_REVOKED;
}
else {
log_info(_(
@ -1056,8 +903,6 @@ check_keybinding( KBNODE keyblock, KBNODE keynode, u32 *mainkid,
}
else if( sig->sig_class == 0x28 && !revoke_seen && !is_main ) {
/* this is a subkey revocation certificate: check it */
/* fixme: we should also check that the revocation
* is newer than the key (OpenPGP) */
rc = check_key_signature( keyblock, node, NULL );
if( !rc ) {
if( opt.verbose )
@ -1081,7 +926,7 @@ check_keybinding( KBNODE keyblock, KBNODE keynode, u32 *mainkid,
static ulong
make_key_records( KBNODE keyblock, ulong lid, u32 *keyid )
make_key_records( KBNODE keyblock, ulong lid, u32 *keyid, int *mainrev )
{
TRUSTREC *krecs, **kend, *k, *k2;
KBNODE node;
@ -1090,6 +935,7 @@ make_key_records( KBNODE keyblock, ulong lid, u32 *keyid )
size_t fprlen;
ulong keyrecno;
*mainrev = 0;
krecs = NULL; kend = &krecs;
for( node=keyblock; node; node = node->next ) {
if( node->pkt->pkttype != PKT_PUBLIC_KEY
@ -1110,7 +956,9 @@ make_key_records( KBNODE keyblock, ulong lid, u32 *keyid )
kend = &k->next;
k->r.key.keyflags = check_keybinding( keyblock, node, keyid, lid, pk );
if( (k->r.key.keyflags & KEYF_REVOKED)
&& node->pkt->pkttype == PKT_PUBLIC_KEY )
*mainrev = 1;
}
keyrecno = krecs? krecs->recnum : 0;
@ -1128,13 +976,15 @@ make_key_records( KBNODE keyblock, ulong lid, u32 *keyid )
/****************
* Check the validity of a user ID and calculate the uidflags
* keynode points to
* a node with a user ID. mainkid has the key ID of the primary key
* keyblock is the complete keyblock which is needed for signature
* checking.
* keynode points to a node with a user ID.
* mainkid has the key ID of the primary key, keyblock is the complete
* keyblock which is needed for signature checking.
* Returns: The uid flags and the self-signature which is considered to
* be the most current.
*/
static unsigned int
check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid )
check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid,
PKT_signature **bestsig )
{
KBNODE node;
unsigned int uidflags = 0;
@ -1188,7 +1038,8 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid )
/* and now check for revocations - we must do this after the
* self signature check because a self-signature which is newer
* than a revocation makes the revocation invalid.
* Fixme: Is this correct - check with rfc2440 */
* RFC2440 is quiet about tis but I feel this is reasonable for
* non-primary-key revocations. */
for( node=keynode->next; node; node = node->next ) {
if( node->pkt->pkttype == PKT_USER_ID
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
@ -1221,7 +1072,7 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid )
}
}
*bestsig = selfsig;
return uidflags;
}
@ -1397,6 +1248,74 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode,
}
/****************
* Make a preference record (or a list of them) according to the supplied
* signature.
* Returns: The record number of the first pref record.
*/
static ulong
make_pref_record( PKT_signature *sig, ulong lid )
{
static struct {
sigsubpkttype_t subpkttype;
int preftype;
} ptable[] = {
{ SIGSUBPKT_PREF_SYM, PREFTYPE_SYM },
{ SIGSUBPKT_PREF_HASH, PREFTYPE_HASH },
{ SIGSUBPKT_PREF_COMPR, PREFTYPE_COMPR },
{ 0, 0 }
};
TRUSTREC *precs, **p_end, *p=NULL, *p2;
ulong precno;
int k, idx=0;
const byte *s;
size_t n;
#if (ITEMS_PER_PREF_RECORD % 2) != 0
#error ITEMS_PER_PREF_RECORD must have an even value
#endif
precs = NULL; p_end = &precs;
for(k=0; ptable[k].subpkttype; k++ ) {
s = parse_sig_subpkt2( sig, ptable[k].subpkttype, &n );
if( !s )
continue;
for( ; n; n--, s++ ) {
if( !idx ) {
p = m_alloc_clear( sizeof *p );
p->rectype = RECTYPE_PREF;
p->r.pref.lid = lid;
}
p->r.pref.data[idx++] = ptable[k].preftype;
p->r.pref.data[idx++] = *s;
if( idx >= ITEMS_PER_PREF_RECORD ) {
p->recnum = tdbio_new_recnum();
*p_end = p;
p_end = &p->next;
idx = 0;
}
}
}
if( idx ) {
p->recnum = tdbio_new_recnum();
*p_end = p;
p_end = &p->next;
}
precno = precs? precs->recnum : 0;
/* write the precs and release the memory */
for( p = precs; p ; p = p2 ) {
if( p->next )
p->r.pref.next = p->next->recnum;
write_record( p );
p2 = p->next;
m_free( p );
}
return precno;
}
static ulong
make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire )
{
@ -1408,6 +1327,8 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire )
urecs = NULL; uend = &urecs;
for( node=keyblock; node; node = node->next ) {
PKT_signature *bestsig;
if( node->pkt->pkttype != PKT_USER_ID )
continue;
uid = node->pkt->pkt.user_id;
@ -1422,10 +1343,12 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire )
*uend = u;
uend = &u->next;
u->r.uid.uidflags = check_uidsigs( keyblock, node, keyid, lid );
u->r.uid.uidflags = check_uidsigs( keyblock, node, keyid,
lid, &bestsig );
if( (u->r.uid.uidflags & UIDF_CHECKED)
&& (u->r.uid.uidflags & UIDF_VALID) )
/*make_pref_record( &urec, keyid, selfsig )*/;
&& (u->r.uid.uidflags & UIDF_VALID) ) {
u->r.uid.prefrec = bestsig? make_pref_record( bestsig, lid ) : 0;
}
/* create the list of signatures */
u->r.uid.siglist = make_sig_records( keyblock, node,
lid, keyid, min_expire );
@ -1451,47 +1374,61 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire )
*/
int
update_trust_record( KBNODE keyblock, int recheck, int *modified )
{
TRUSTREC drec;
int rc;
if( opt.dry_run )
return 0;
if( modified )
*modified = 0;
init_trustdb();
rc = get_dir_record( find_kbnode( keyblock, PKT_PUBLIC_KEY )
->pkt->pkt.public_key, &drec );
if( rc )
return rc;
rc = do_update_trust_record( keyblock, &drec, recheck, modified );
return rc;
}
/****************
* Same as update_trust_record, but tghis functions expects the dir record.
* On exit the dirrecord will reflect any changes made.
*/
static int
do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
int recheck, int *modified )
{
PKT_public_key *primary_pk;
KBNODE node;
TRUSTREC drec, krec, urec, prec, helprec;
int rc = 0;
TRUSTREC krec, urec, prec, helprec;
int i, rc = 0;
u32 keyid[2]; /* keyid of primary key */
/* int mod_up = 0;
int mod_down = 0; */
ulong recno, r2;
u32 expire;
if( opt.dry_run )
return 0;
init_trustdb();
if( modified )
*modified = 0;
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
primary_pk = node->pkt->pkt.public_key;
rc = get_dir_record( primary_pk, &drec );
if( rc )
return rc;
primary_pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )->pkt->pkt.public_key;
if( !primary_pk->local_id )
primary_pk->local_id = drec.recnum;
primary_pk->local_id = drec->recnum;
keyid_from_pk( primary_pk, keyid );
if( DBG_TRUST )
log_debug("update_trust_record: %08lX.%lu\n", (ulong)keyid[1], drec.recnum );
log_debug("do_update_trust_record: %08lX.%lu\n",
(ulong)keyid[1], drec->recnum );
rc = tdbio_begin_transaction();
if( rc )
return rc;
/* delete the old stuff */
for( recno=drec.r.dir.keylist; recno; recno = krec.r.key.next ) {
for( recno=drec->r.dir.keylist; recno; recno = krec.r.key.next ) {
read_record( recno, &krec, RECTYPE_KEY );
delete_record( recno );
}
drec.r.dir.keylist = 0;
for( recno=drec.r.dir.uidlist; recno; recno = urec.r.uid.next ) {
drec->r.dir.keylist = 0;
for( recno=drec->r.dir.uidlist; recno; recno = urec.r.uid.next ) {
read_record( recno, &urec, RECTYPE_UID );
for(r2=urec.r.uid.prefrec ; r2; r2 = prec.r.pref.next ) {
read_record( r2, &prec, RECTYPE_PREF );
@ -1503,14 +1440,16 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified )
}
delete_record( recno );
}
drec.r.dir.uidlist = 0;
drec->r.dir.uidlist = 0;
/* insert new stuff */
drec.r.dir.dirflags &= ~DIRF_REVOKED;
drec.r.dir.keylist = make_key_records( keyblock, drec.recnum, keyid );
drec->r.dir.dirflags &= ~DIRF_REVOKED;
drec->r.dir.keylist = make_key_records( keyblock, drec->recnum, keyid, &i );
if( i ) /* primary key has been revoked */
drec->r.dir.dirflags &= DIRF_REVOKED;
expire = 0;
drec.r.dir.uidlist = make_uid_records( keyblock, drec.recnum, keyid,
drec->r.dir.uidlist = make_uid_records( keyblock, drec->recnum, keyid,
&expire );
#if 0
if( orig_uidflags != urec.r.uid.uidflags ) {
@ -1522,18 +1461,15 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified )
*mod_up=1; /*(maybe a new user id)*/
#endif
/* FIXME: if the primary key has been revoked, we should
set the revoked flag in the dir records */
if( rc )
rc = tdbio_cancel_transaction();
else {
if( modified && tdbio_is_dirty() )
*modified = 1;
drec.r.dir.dirflags |= DIRF_CHECKED;
drec.r.dir.valcheck = 0;
drec.r.dir.checkat = expire;
write_record( &drec );
drec->r.dir.dirflags |= DIRF_CHECKED;
drec->r.dir.valcheck = 0;
drec->r.dir.checkat = expire;
write_record( drec );
/*tdbio_write_modify_stamp( mod_up, mod_down );*/
rc = tdbio_end_transaction();
}
@ -1603,7 +1539,7 @@ insert_trust_record( KBNODE keyblock )
tdbio_write_modify_stamp( 1, 0 );
/* and put all the other stuff into the keydb */
rc = update_trust_record( keyblock, 1, NULL );
rc = do_update_trust_record( keyblock, &dirrec, 1, NULL );
do_sync();
return rc;
@ -1639,9 +1575,35 @@ insert_trust_record_by_pk( PKT_public_key *pk )
}
/****************
* Check one trust record. This function is called for every
* directory record which is to be checked. The supplied
* dir record is modified according to the performed actions.
* Currently we only do an update_trust_record.
*/
static int
check_trust_record( TRUSTREC *drec )
{
KBNODE keyblock;
int modified, rc;
rc = get_keyblock_bylid( &keyblock, drec->recnum );
if( rc ) {
log_debug( "check_trust_record %lu: keyblock not found: %s\n",
drec->recnum, g10_errstr(rc) );
return rc;
}
rc = do_update_trust_record( keyblock, drec, 0, &modified );
release_kbnode( keyblock );
return rc;
}
/****************
* Walk over the keyrings and create trustdb records for all keys
* which are not currently in the trustdb.
* It is intended to be used after a fast-import operation.
*/
void
@ -1657,16 +1619,17 @@ update_trustdb()
init_trustdb();
rc = enum_keyblocks( 0, &kbpos, &keyblock );
if( !rc ) {
ulong count=0, upd_count=0, err_count=0, new_count=0;
ulong count=0, err_count=0, new_count=0;
while( !(rc = enum_keyblocks( 1, &kbpos, &keyblock )) ) {
int modified;
TRUSTREC drec;
PKT_public_key *pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )
->pkt->pkt.public_key;
rc = update_trust_record( keyblock, 1, &modified );
if( rc == -1 ) { /* not yet in trustdb: insert */
PKT_public_key *pk;
rc = get_dir_record( pk, &drec );
if( rc == -1 ) { /* not in trustdb: insert */
rc = insert_trust_record( keyblock );
pk = keyblock->pkt->pkt.public_key;
if( rc && !pk->local_id ) {
log_error(_("lid ?: insert failed: %s\n"),
g10_errstr(rc) );
@ -1684,18 +1647,9 @@ update_trustdb()
}
}
else if( rc ) {
log_error(_("lid %lu: update failed: %s\n"),
lid_from_keyblock(keyblock), g10_errstr(rc) );
log_error(_("error reading dir record: %s\n"), g10_errstr(rc));
err_count++;
}
else if( modified ) {
if( opt.verbose )
log_info(_("lid %lu: updated\n"),
lid_from_keyblock(keyblock));
upd_count++;
}
else if( opt.verbose > 1 )
log_info(_("lid %lu: okay\n"), lid_from_keyblock(keyblock) );
release_kbnode( keyblock ); keyblock = NULL;
if( !(++count % 100) )
@ -1704,8 +1658,6 @@ update_trustdb()
log_info(_("%lu keys processed\n"), count);
if( err_count )
log_info(_("\t%lu keys with errors\n"), err_count);
if( upd_count )
log_info(_("\t%lu keys updated\n"), upd_count);
if( new_count )
log_info(_("\t%lu keys inserted\n"), new_count);
}
@ -1753,6 +1705,8 @@ check_trustdb( const char *username )
continue;
}
check_trust_record( &rec );
}
log_info(_("%lu keys processed\n"), count);
@ -1780,7 +1734,7 @@ check_trustdb( const char *username )
* certchain_set must be a valid set or point to NULL; this function
* may modifiy it.
*
* Fixme: add a fastscan mode which stops ad valid validity nodes.
* Hmmm: add a fastscan mode which stops at valid validity nodes.
*/
static TN
build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
@ -1814,6 +1768,10 @@ build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
m_free(keynode);
return NULL;
}
if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() )
check_trust_record( &dirrec );
keynode->n.k.ownertrust = dirrec.r.dir.ownertrust & TRUST_MASK;
/* loop over all user ids */
@ -1873,14 +1831,12 @@ build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
tn->back = uidnode;
tn->next = uidnode->list;
uidnode->list = tn;
#if 0 /* optimazation - fixme: reenable this later */
if( tn->n.k.buckstop ) {
/* ultimately trusted key found:
* no need to check more signatures of this uid */
sigrec.r.sig.next = 0;
break;
}
#endif
}
} /* end loop over sig recs */
} /* end loop over user ids */
@ -1965,10 +1921,10 @@ propagate_validity( TN root, TN node, int (*add_fnc)(ulong), unsigned *retflgs )
}
/* loop over all user ids */
for( ur=node->list; ur; ur = ur->next ) {
for( ur=node->list; ur && max_validity < TRUST_FULLY; ur = ur->next ) {
assert( ur->is_uid );
/* loop over all signators */
for(kr=ur->list; kr; kr = kr->next ) {
for(kr=ur->list; kr && max_validity < TRUST_FULLY; kr = kr->next ) {
if( propagate_validity( root, kr, add_fnc, retflgs ) )
return -1; /* quit */
if( kr->n.k.validity == TRUST_ULTIMATE ) {
@ -2007,10 +1963,7 @@ propagate_validity( TN root, TN node, int (*add_fnc)(ulong), unsigned *retflgs )
else if( kr->n.k.ownertrust == TRUST_MARGINAL )
ur->n.u.marginal_count++;
}
}
/* fixme: We can move this test into the loop to stop as soon as
* we have a level of FULLY and return from this function
* We dont do this now to get better debug output */
if( ur->n.u.fully_count >= opt.completes_needed
|| ur->n.u.marginal_count >= opt.marginals_needed )
ur->n.u.validity = TRUST_FULLY;
@ -2020,6 +1973,7 @@ propagate_validity( TN root, TN node, int (*add_fnc)(ulong), unsigned *retflgs )
if( ur->n.u.validity >= max_validity )
max_validity = ur->n.u.validity;
}
}
node->n.k.validity = max_validity;
return 0;
@ -2112,7 +2066,7 @@ do_check( TRUSTREC *dr, unsigned *validity,
if( (dr->r.dir.ownertrust & TRUST_FLAG_DISABLED) )
*validity = 0; /* no need to check further */
else if( namehash ) {
/* Fixme: use the cache */
/* Fixme: use a cache */
*validity = verify_key( opt.max_cert_depth, dr, namehash,
add_fnc, retflgs );
}
@ -2283,6 +2237,8 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel,
(ulong)keyid[1], pk->local_id );
return G10ERR_TIME_CONFLICT;
}
if( rec.r.dir.checkat && rec.r.dir.checkat <= cur_time )
check_trust_record( &rec );
if( pk->expiredate && pk->expiredate <= cur_time ) {
log_info(_("key %08lX.%lu: expired at %s\n"),

3
include/mpi.h
View File

@ -110,11 +110,14 @@ int mpi_write( IOBUF out, MPI a );
MPI mpi_read_from_buffer(byte *buffer, unsigned *ret_nread, int secure);
int mpi_fromstr(MPI val, const char *str);
int mpi_print( FILE *fp, MPI a, int mode );
void g10_log_mpidump( const char *text, MPI a );
u32 mpi_get_keyid( MPI a, u32 *keyid );
byte *mpi_get_buffer( MPI a, unsigned *nbytes, int *sign );
byte *mpi_get_secure_buffer( MPI a, unsigned *nbytes, int *sign );
void mpi_set_buffer( MPI a, const byte *buffer, unsigned nbytes, int sign );
#define log_mpidump g10_log_mpidump
/*-- mpi-add.c --*/
void mpi_add_ui(MPI w, MPI u, ulong v );
void mpi_add(MPI w, MPI u, MPI v);

4
include/util.h
View File

@ -60,12 +60,12 @@ typedef struct {
/*-- logger.c --*/
void log_set_logfile( const char *name, int fd );
FILE *log_stream(void);
void g10_log_print_prefix(const char *text);
void log_set_name( const char *name );
const char *log_get_name(void);
void log_set_pid( int pid );
int log_get_errorcount( int clear );
void g10_log_hexdump( const char *text, const char *buf, size_t len );
void g10_log_mpidump( const char *text, MPI a );
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
void g10_log_bug( const char *fmt, ... )
@ -100,7 +100,6 @@ void g10_log_mpidump( const char *text, MPI a );
#endif
#define log_hexdump g10_log_hexdump
#define log_mpidump g10_log_mpidump
#define log_bug g10_log_bug
#define log_bug0 g10_log_bug0
#define log_fatal g10_log_fatal
@ -148,6 +147,7 @@ const char *print_fname_stdout( const char *s );
/*-- miscutil.c --*/
u32 make_timestamp(void);
u32 scan_isodatestr( const char *string );
u32 add_days_to_timestamp( u32 stamp, u16 days );
const char *strtimevalue( u32 stamp );
const char *strtimestamp( u32 stamp ); /* GMT */

7
mpi/ChangeLog
View File

@ -1,3 +1,10 @@
Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* mpicoder.c (g10_log_mpidump): New.
* Makefile.am: Support for libtool.
Fri Jul 2 11:45:54 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

33
mpi/Makefile.am
View File

@ -10,11 +10,11 @@ DISTCLEANFILES = mpih-add1.S mpih-mul1.S mpih-mul2.S mpih-mul3.S \
CLEANFILES = tmp-*.s
noinst_LIBRARIES = libmpi.a
# noinst_HEADERS =
noinst_LTLIBRARIES = libmpi.la
libmpi_a_SOURCES = longlong.h \
libmpi_la_LDFLAGS =
libmpi_la_SOURCES = longlong.h \
mpi-add.c \
mpi-bit.c \
mpi-cmp.c \
@ -37,16 +37,16 @@ libmpi_a_SOURCES = longlong.h \
# Note this objects are actually links, the sourcefiles are
# distributed by special code in dist-hook
common_asm_objects = mpih-mul1.o \
mpih-mul2.o \
mpih-mul3.o \
mpih-add1.o \
mpih-sub1.o \
mpih-lshift.o \
mpih-rshift.o
common_asm_objects = mpih-mul1.lo \
mpih-mul2.lo \
mpih-mul3.lo \
mpih-add1.lo \
mpih-sub1.lo \
mpih-lshift.lo \
mpih-rshift.lo
libmpi_a_DEPENDENCIES = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@
libmpi_a_LIBADD = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@
libmpi_la_DEPENDENCIES = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@
libmpi_la_LIBADD = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@
SUFFIXES = .S
@ -56,3 +56,12 @@ SUFFIXES = .S
mv tmp-$*.o $@
rm -f tmp-$*.s
.S.lo:
$(CPP) $(INCLUDES) $(DEFS) $< | grep -v '^#' >tmp-$*.s
if test -f tmp-$*.lo; then rm tmp-$*.lo; fi
if test -f tmp-$*.o ; then rm tmp-$*.o ; fi
$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(SFLAGS) -c tmp-$*.s
if test -f tmp-$*.lo; then mv tmp-$*.lo $*.lo; fi
if test -f tmp-$*.o ; then mv tmp-$*.o $*.o ; fi
rm -f tmp-$*.s

10
mpi/mpicoder.c
View File

@ -286,6 +286,16 @@ mpi_print( FILE *fp, MPI a, int mode )
}
void
g10_log_mpidump( const char *text, MPI a )
{
FILE *fp = log_stream();
g10_log_print_prefix(text);
mpi_print(fp, a, 1 );
fputc('\n', fp);
}
/****************
* Special function to get the low 8 bytes from an mpi.
* This can be used as a keyid; KEYID is an 2 element array.

1232
po/de.po
View File

File diff suppressed because it is too large Load Diff

1240
po/es_ES.po
View File

File diff suppressed because it is too large Load Diff

1247
po/fr.po
View File

File diff suppressed because it is too large Load Diff

1226
po/it.po
View File

File diff suppressed because it is too large Load Diff

1244
po/pl.po
View File

File diff suppressed because it is too large Load Diff

1246
po/pt_BR.po
View File

File diff suppressed because it is too large Load Diff

1185
po/ru.po
View File

File diff suppressed because it is too large Load Diff

2
scripts/autogen.sh
View File

@ -7,7 +7,7 @@ DIE=no
autoconf_vers=2.13
automake_vers=1.4
aclocal_vers=1.4
libtool_vers=1.2
libtool_vers=1.3
if (autoconf --version) < /dev/null > /dev/null 2>&1 ; then
if (autoconf --version | awk 'NR==1 { if( $3 >= '$autoconf_vers') \

2
scripts/distfiles
View File

@ -7,4 +7,6 @@ missing
gnupg.spec.in
autogen.sh
ChangeLog
ltconfig
ltmain.sh

5
tools/ChangeLog
View File

@ -1,3 +1,8 @@
Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* Makefile.am: Support for libtool.
Tue Jun 8 13:36:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* mpicalc.c (main): hex digits may now be lowercase

4
tools/Makefile.am
View File

@ -1,8 +1,8 @@
## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
needed_libs = ../cipher/libcipher.a ../util/libutil.a \
../mpi/libmpi.a ../util/libutil.a @INTLLIBS@
needed_libs = ../cipher/libcipher.la \
../mpi/libmpi.la ../util/libutil.la @INTLLIBS@
noinst_PROGRAMS = mpicalc bftest clean-sat mk-tdata shmtest

12
util/ChangeLog
View File

@ -1,3 +1,15 @@
Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* memory.c (membug): Use if either M_DEBUG or M_GUARD is used.
* miscutil.c (scan_isodatestr): New.
* logger.c (g10_log_mpidump): Moved to ../mpi/mpicoder.c
(g10_log_print_prefix): Renamed from print_prefix and made global.
* Makefile.am: Support for libtool.
Thu Jul 1 12:47:31 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

5
util/Makefile.am
View File

@ -2,10 +2,11 @@
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
noinst_LIBRARIES = libutil.a
noinst_LTLIBRARIES = libutil.la
libutil_a_SOURCES = g10u.c logger.c fileutil.c miscutil.c strgutil.c \
libutil_la_LDFLAGS =
libutil_la_SOURCES = g10u.c logger.c fileutil.c miscutil.c strgutil.c \
ttyio.c argparse.c memory.c secmem.c errors.c iobuf.c \
dotlock.c http.c

23
util/logger.c
View File

@ -102,8 +102,8 @@ log_get_errorcount( int clear)
}
static void
print_prefix(const char *text)
void
g10_log_print_prefix(const char *text)
{
if( !logfp )
logfp = stderr;
@ -129,7 +129,7 @@ g10_log_info( const char *fmt, ... )
{
va_list arg_ptr ;
print_prefix("");
g10_log_print_prefix("");
va_start( arg_ptr, fmt ) ;
vfprintf(logfp,fmt,arg_ptr) ;
va_end(arg_ptr);
@ -151,7 +151,7 @@ g10_log_error( const char *fmt, ... )
{
va_list arg_ptr ;
print_prefix("");
g10_log_print_prefix("");
va_start( arg_ptr, fmt ) ;
vfprintf(logfp,fmt,arg_ptr) ;
va_end(arg_ptr);
@ -175,7 +175,7 @@ g10_log_fatal( const char *fmt, ... )
{
va_list arg_ptr ;
print_prefix("fatal: ");
g10_log_print_prefix("fatal: ");
va_start( arg_ptr, fmt ) ;
vfprintf(logfp,fmt,arg_ptr) ;
va_end(arg_ptr);
@ -202,7 +202,7 @@ g10_log_bug( const char *fmt, ... )
va_list arg_ptr ;
putc('\n', stderr );
print_prefix("Ohhhh jeeee: ");
g10_log_print_prefix("Ohhhh jeeee: ");
va_start( arg_ptr, fmt ) ;
vfprintf(stderr,fmt,arg_ptr) ;
va_end(arg_ptr);
@ -230,7 +230,7 @@ g10_log_debug( const char *fmt, ... )
{
va_list arg_ptr ;
print_prefix("DBG: ");
g10_log_print_prefix("DBG: ");
va_start( arg_ptr, fmt ) ;
vfprintf(logfp,fmt,arg_ptr) ;
va_end(arg_ptr);
@ -254,18 +254,11 @@ g10_log_hexdump( const char *text, const char *buf, size_t len )
{
int i;
print_prefix(text);
g10_log_print_prefix(text);
for(i=0; i < len; i++ )
fprintf(logfp, " %02X", ((const byte*)buf)[i] );
fputc('\n', logfp);
}
void
g10_log_mpidump( const char *text, MPI a )
{
print_prefix(text);
mpi_print(logfp, a, 1 );
fputc('\n', logfp);
}

9
util/memory.c
View File

@ -48,9 +48,11 @@
#define EXTRA_ALIGN 0
#endif
#if defined(M_DEBUG) || defined(M_GUARD)
static void membug( const char *fmt, ... );
#endif
#ifdef M_DEBUG
static void membug( const char *fmt, ... );
#ifndef M_GUARD
#define M_GUARD 1
@ -319,7 +321,9 @@ check_allmem( const char *info )
check_mem(e->user_p-4-EXTRA_ALIGN, info);
}
#endif /* M_DEBUG */
#if defined(M_DEBUG) || defined(M_GUARD)
static void
membug( const char *fmt, ... )
{
@ -336,8 +340,7 @@ membug( const char *fmt, ... )
#endif
abort();
}
#endif /* M_DEBUG */
#endif
void
m_print_stats( const char *prefix )

44
util/miscutil.c
View File

@ -19,6 +19,7 @@
*/
#include <config.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
@ -30,12 +31,55 @@
#include "util.h"
#include "i18n.h"
/****************
* I know that the OpenPGP protocol has a Y2106 problem ;-)
*/
u32
make_timestamp()
{
return time(NULL);
}
/****************
* Scan a date string and return a timestamp.
* The only supported format is "yyyy-mm-dd"
* Returns 0 for an invalid date.
*/
u32
scan_isodatestr( const char *string )
{
int year, month, day;
struct tm tmbuf;
time_t stamp;
int i;
if( strlen(string) != 10 || string[4] != '-' || string[7] != '-' )
return 0;
for( i=0; i < 4; i++ )
if( !isdigit(string[i]) )
return 0;
if( !isdigit(string[5]) || !isdigit(string[6]) )
return 0;
if( !isdigit(string[8]) || !isdigit(string[9]) )
return 0;
year = atoi(string);
month = atoi(string+5);
day = atoi(string+8);
/* some basic checks */
if( year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 )
return 0;
memset( &tmbuf, 0, sizeof tmbuf );
tmbuf.tm_mday = day;
tmbuf.tm_mon = month-1;
tmbuf.tm_year = year - 1900;
tmbuf.tm_isdst = -1;
stamp = mktime( &tmbuf );
if( stamp == (time_t)-1 )
return 0;
return stamp;
}
u32
add_days_to_timestamp( u32 stamp, u16 days )
{