security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

Ported changes from 1.4.

Browse Source 
Add copyright notices.
This commit is contained in:
Werner Koch 2007-10-25 09:06:21 +00:00
parent eda26e299f
commit cd2d9288aa
40 changed files with 596 additions and 322 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
g10/ChangeLog
View File

@ -1,3 +1,58 @@
2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
From 1.4 (October):
* gpg.c (main): Add --require-cross-certification to
--openpgp/--rfc4880 mode.
* gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by
default. Enable --require-cross-certification by default.
--openpgp (--rfc4880) is the same as --rfc2440 except with
"--enable-dsa2 --no-rfc2440-text --escape-from-lines".
* misc.c (compliance_option_string, compliance_failure): Minor
cleanup.
* armor.c (is_armor_header): Comment about 4880.
* options.h, gpg.c (main): Add --rfc4880, and make --openpgp an
alias to it. --rfc2440 now stands alone. For now, use the old
2440 defaults for 4880.
* misc.c (compliance_option_string): Ditto.
* keyedit.c (keyedit_menu): Use compliance_option_string() instead
of printing the compliance modes here.
2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
From 1.4 (September):
* import.c (collapse_uids): Significant speedup for de-duping user
IDs.
2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
From 1.4 (July):
* armor.c (parse_header_line): Improve test so that the header
test only allows "Hash" in the signed data section.
* armor.c (is_armor_tag): New. Detect if an armor header matches
2440bis-21.
(parse_header_line): Call it here, as bis-21 requires warning the
user (but continuing to process the message) when seeing an
unknown header.
* encode.c (encode_crypt): Missed one call to
setup_plaintext_name(). This is bug#809.
* sign.c (mk_notation_policy_etc): Expect all sigs that this is
called for are >=v4.
(write_signature_packets, make_keysig_packet): Only call it for
>=v4 sigs. This allows --force-v3-sigs and --force-v4-certs to
enable or disable notations, policies, and keyserver URLs. This
is bug#800.
2007-10-19 Werner Koch <wk@g10code.com> 2007-10-19 Werner Koch <wk@g10code.com>
* passphrase.c (passphrase_get): Use new utf8 switching fucntions. * passphrase.c (passphrase_get): Use new utf8 switching fucntions.

39
g10/armor.c
View File

@ -1,6 +1,6 @@
/* armor.c - Armor flter /* armor.c - Armor flter
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2006 Free Software Foundation, Inc. * 2007 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -308,7 +308,19 @@ parse_hash_header( const char *line )
return found; return found;
} }
/* Returns true if this is a valid armor tag as per RFC-2440bis-21. */
static int
is_armor_tag(const char *line)
{
if(strncmp(line,"Version",7)==0
|| strncmp(line,"Comment",7)==0
|| strncmp(line,"MessageID",9)==0
|| strncmp(line,"Hash",4)==0
|| strncmp(line,"Charset",7)==0)
return 1;
return 0;
}
/**************** /****************
* Check whether this is a armor line. * Check whether this is a armor line.
@ -338,7 +350,8 @@ is_armor_header( byte *line, unsigned len )
--rfc2440 is set since 2440 reads "The header lines, therefore, --rfc2440 is set since 2440 reads "The header lines, therefore,
MUST start at the beginning of a line, and MUST NOT have text MUST start at the beginning of a line, and MUST NOT have text
following them on the same line." It is unclear whether "text" following them on the same line." It is unclear whether "text"
refers to all text or just non-whitespace text. */ refers to all text or just non-whitespace text. 4880 clarified
this was only non-whitespace text. */
if(RFC2440) if(RFC2440)
{ {
@ -418,16 +431,32 @@ parse_header_line( armor_filter_context_t *afx, byte *line, unsigned int len )
putc('\n', stderr); putc('\n', stderr);
} }
if( afx->in_cleartext ) { if( afx->in_cleartext )
{
if( (hashes=parse_hash_header( line )) ) if( (hashes=parse_hash_header( line )) )
afx->hashes |= hashes; afx->hashes |= hashes;
else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) ) else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) )
afx->not_dash_escaped = 1; afx->not_dash_escaped = 1;
else { else
{
log_error(_("invalid clearsig header\n")); log_error(_("invalid clearsig header\n"));
return -1; return -1;
} }
} }
else if(!is_armor_tag(line))
{
/* Section 6.2: "Unknown keys should be reported to the user,
but OpenPGP should continue to process the message." Note
that in a clearsigned message this applies to the signature
part (i.e. "BEGIN PGP SIGNATURE") and not the signed data
("BEGIN PGP SIGNED MESSAGE"). The only key allowed in the
signed data section is "Hash". */
log_info(_("unknown armor header: "));
print_string( stderr, line, len, 0 );
putc('\n', stderr);
}
return 1; return 1;
} }

18
g10/encode.c
View File

@ -598,22 +598,8 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
if(use_symkey && (rc=write_symkey_enc(symkey_s2k,symkey_dek,cfx.dek,out))) if(use_symkey && (rc=write_symkey_enc(symkey_s2k,symkey_dek,cfx.dek,out)))
goto leave; goto leave;
if (!opt.no_literal) { if (!opt.no_literal)
/* setup the inner packet */ pt=setup_plaintext_name(filename,inp);
if( filename || opt.set_filename ) {
char *s = make_basename( opt.set_filename ? opt.set_filename
: filename,
iobuf_get_real_fname( inp ) );
pt = xmalloc( sizeof *pt + strlen(s) - 1 );
pt->namelen = strlen(s);
memcpy(pt->name, s, pt->namelen );
xfree(s);
}
else { /* no filename */
pt = xmalloc( sizeof *pt - 1 );
pt->namelen = 0;
}
}
if (!iobuf_is_pipe_filename (filename) && *filename && !opt.textmode ) if (!iobuf_is_pipe_filename (filename) && *filename && !opt.textmode )
{ {

36
g10/gpg.c
View File

@ -1,6 +1,6 @@
/* gpg.c - The GnuPG utility (main for gpg) /* gpg.c - The GnuPG utility (main for gpg)
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
* 2006 Free Software Foundation, Inc. * 2006, 2007 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -194,6 +194,7 @@ enum cmd_and_opt_values
oGnuPG, oGnuPG,
oRFC1991, oRFC1991,
oRFC2440, oRFC2440,
oRFC4880,
oOpenPGP, oOpenPGP,
oPGP2, oPGP2,
oPGP6, oPGP6,
@ -520,6 +521,7 @@ static ARGPARSE_OPTS opts[] = {
{ oGnuPG, "no-pgp8", 0, "@"}, { oGnuPG, "no-pgp8", 0, "@"},
{ oRFC1991, "rfc1991", 0, "@"}, { oRFC1991, "rfc1991", 0, "@"},
{ oRFC2440, "rfc2440", 0, "@" }, { oRFC2440, "rfc2440", 0, "@" },
{ oRFC4880, "rfc4880", 0, "@" },
{ oOpenPGP, "openpgp", 0, N_("use strict OpenPGP behavior")}, { oOpenPGP, "openpgp", 0, N_("use strict OpenPGP behavior")},
{ oPGP2, "pgp2", 0, N_("generate PGP 2.x compatible messages")}, { oPGP2, "pgp2", 0, N_("generate PGP 2.x compatible messages")},
{ oPGP6, "pgp6", 0, "@"}, { oPGP6, "pgp6", 0, "@"},
@ -1902,8 +1904,8 @@ main (int argc, char **argv )
opt.marginals_needed = 3; opt.marginals_needed = 3;
opt.max_cert_depth = 5; opt.max_cert_depth = 5;
opt.pgp2_workarounds = 1; opt.pgp2_workarounds = 1;
opt.force_v3_sigs = 1;
opt.escape_from = 1; opt.escape_from = 1;
opt.flags.require_cross_cert = 1;
opt.import_options=IMPORT_SK2PK; opt.import_options=IMPORT_SK2PK;
opt.export_options=EXPORT_ATTRIBUTES; opt.export_options=EXPORT_ATTRIBUTES;
opt.keyserver_options.import_options=IMPORT_REPAIR_PKS_SUBKEY_BUG; opt.keyserver_options.import_options=IMPORT_REPAIR_PKS_SUBKEY_BUG;
@ -1917,7 +1919,6 @@ main (int argc, char **argv )
opt.min_cert_level=2; opt.min_cert_level=2;
set_screen_dimensions(); set_screen_dimensions();
opt.keyid_format=KF_SHORT; opt.keyid_format=KF_SHORT;
opt.rfc2440_text=1;
opt.def_sig_expire="0"; opt.def_sig_expire="0";
opt.def_cert_expire="0"; opt.def_cert_expire="0";
set_homedir ( default_homedir () ); set_homedir ( default_homedir () );
@ -2303,11 +2304,34 @@ main (int argc, char **argv )
opt.escape_from = 1; opt.escape_from = 1;
break; break;
case oOpenPGP: case oOpenPGP:
case oRFC4880:
/* This is effectively the same as RFC2440, but with
"--enable-dsa2 --no-rfc2440-text --escape-from-lines
--require-cross-certification". */
opt.compliance = CO_RFC4880;
opt.flags.dsa2 = 1;
opt.flags.require_cross_cert = 1;
opt.rfc2440_text = 0;
opt.allow_non_selfsigned_uid = 1;
opt.allow_freeform_uid = 1;
opt.pgp2_workarounds = 0;
opt.escape_from = 1;
opt.force_v3_sigs = 0;
opt.compress_keys = 0; /* not mandated, but we do it */
opt.compress_sigs = 0; /* ditto. */
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
opt.cert_digest_algo = 0;
opt.compress_algo = -1;
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
break;
case oRFC2440: case oRFC2440:
/* TODO: When 2440bis becomes a RFC, set new values for
oOpenPGP. */
opt.rfc2440_text=1;
opt.compliance = CO_RFC2440; opt.compliance = CO_RFC2440;
opt.flags.dsa2 = 0;
opt.rfc2440_text = 1;
opt.allow_non_selfsigned_uid = 1; opt.allow_non_selfsigned_uid = 1;
opt.allow_freeform_uid = 1; opt.allow_freeform_uid = 1;
opt.pgp2_workarounds = 0; opt.pgp2_workarounds = 0;

140
g10/import.c
View File

@ -1,6 +1,6 @@
/* import.c - import a key into our key storage. /* import.c - import a key into our key storage.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2006 Free Software Foundation, Inc. * 2007 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -1649,90 +1649,102 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
* It may happen that the imported keyblock has duplicated user IDs. * It may happen that the imported keyblock has duplicated user IDs.
* We check this here and collapse those user IDs together with their * We check this here and collapse those user IDs together with their
* sigs into one. * sigs into one.
* Returns: True if the keyblock hash changed. * Returns: True if the keyblock has changed.
*/ */
int int
collapse_uids( KBNODE *keyblock ) collapse_uids( KBNODE *keyblock )
{ {
KBNODE n, n2; KBNODE uid1;
int in_uid;
int any=0; int any=0;
restart: for(uid1=*keyblock;uid1;uid1=uid1->next)
for( n = *keyblock; n; n = n->next ) { {
if( n->pkt->pkttype != PKT_USER_ID ) KBNODE uid2;
if(uid1->pkt->pkttype!=PKT_USER_ID)
continue; continue;
for( n2 = n->next; n2; n2 = n2->next ) {
if( n2->pkt->pkttype == PKT_USER_ID for(uid2=uid1->next;uid2;uid2=uid2->next)
&& !cmp_user_ids( n->pkt->pkt.user_id, {
n2->pkt->pkt.user_id ) ) { if(uid2->pkt->pkttype!=PKT_USER_ID)
/* found a duplicate */ continue;
if(cmp_user_ids(uid1->pkt->pkt.user_id,
uid2->pkt->pkt.user_id)==0)
{
/* We have a duplicated uid */
KBNODE sig1,last;
any=1; any=1;
if( !n2->next
|| n2->next->pkt->pkttype == PKT_USER_ID
|| n2->next->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| n2->next->pkt->pkttype == PKT_SECRET_SUBKEY ) {
/* no more signatures: delete the user ID
* and start over */
remove_kbnode( keyblock, n2 );
}
else {
/* The simple approach: Move one signature and
* then start over to delete the next one :-( */
move_kbnode( keyblock, n2->next, n->next );
}
goto restart;
}
}
}
if( !any )
return 0;
restart_sig: /* Now take uid2's signatures, and attach them to
/* now we may have duplicate signatures on one user ID: fix this */ uid1 */
for( in_uid = 0, n = *keyblock; n; n = n->next ) { for(last=uid2;last->next;last=last->next)
if( n->pkt->pkttype == PKT_USER_ID ) {
in_uid = 1; if(last->next->pkt->pkttype==PKT_USER_ID
else if( n->pkt->pkttype == PKT_PUBLIC_SUBKEY || last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY
|| n->pkt->pkttype == PKT_SECRET_SUBKEY ) || last->next->pkt->pkttype==PKT_SECRET_SUBKEY)
in_uid = 0;
else if( in_uid ) {
n2 = n;
do {
KBNODE ncmp = NULL;
for( ; n2; n2 = n2->next ) {
if( n2->pkt->pkttype == PKT_USER_ID
|| n2->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| n2->pkt->pkttype == PKT_SECRET_SUBKEY )
break; break;
if( n2->pkt->pkttype != PKT_SIGNATURE ) }
;
else if( !ncmp ) /* Snip out uid2 */
ncmp = n2; (find_prev_kbnode(*keyblock,uid2,0))->next=last->next;
else if( !cmp_signatures( ncmp->pkt->pkt.signature,
n2->pkt->pkt.signature )) { /* Now put uid2 in place as part of uid1 */
remove_kbnode( keyblock, n2 ); last->next=uid1->next;
goto restart_sig; uid1->next=uid2;
remove_kbnode(keyblock,uid2);
/* Now dedupe uid1 */
for(sig1=uid1->next;sig1;sig1=sig1->next)
{
KBNODE sig2;
if(sig1->pkt->pkttype==PKT_USER_ID
|| sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY
|| sig1->pkt->pkttype==PKT_SECRET_SUBKEY)
break;
if(sig1->pkt->pkttype!=PKT_SIGNATURE)
continue;
for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next)
{
if(sig2->pkt->pkttype==PKT_USER_ID
|| sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY
|| sig2->pkt->pkttype==PKT_SECRET_SUBKEY)
break;
if(sig2->pkt->pkttype!=PKT_SIGNATURE)
continue;
if(cmp_signatures(sig1->pkt->pkt.signature,
sig2->pkt->pkt.signature)==0)
{
/* We have a match, so delete the second
signature */
remove_kbnode(&uid1,sig2);
sig2=last;
}
}
} }
} }
n2 = ncmp? ncmp->next : NULL;
} while( n2 );
} }
} }
if(!opt.quiet) if(any && !opt.quiet)
{ {
const char *key="???"; const char *key="???";
if( (n = find_kbnode( *keyblock, PKT_PUBLIC_KEY )) ) if( (uid1=find_kbnode( *keyblock, PKT_PUBLIC_KEY )) )
key=keystr_from_pk(n->pkt->pkt.public_key); key=keystr_from_pk(uid1->pkt->pkt.public_key);
else if( (n = find_kbnode( *keyblock, PKT_SECRET_KEY )) ) else if( (uid1 = find_kbnode( *keyblock, PKT_SECRET_KEY )) )
key=keystr_from_sk(n->pkt->pkt.secret_key); key=keystr_from_sk(uid1->pkt->pkt.secret_key);
log_info(_("key %s: duplicated user ID detected - merged\n"),key); log_info(_("key %s: duplicated user ID detected - merged\n"),key);
} }
return 1; return any;
} }
/* Check for a 0x20 revocation from a revocation key that is not /* Check for a 0x20 revocation from a revocation key that is not

2
g10/keyedit.c
View File

@ -1803,7 +1803,7 @@ keyedit_menu( const char *username, strlist_t locusr,
{ {
tty_printf( tty_printf(
_("This command is not allowed while in %s mode.\n"), _("This command is not allowed while in %s mode.\n"),
RFC2440?"OpenPGP":PGP2?"PGP2":"RFC-1991"); compliance_option_string());
break; break;
} }
photo=1; photo=1;

81
g10/misc.c
View File

@ -831,47 +831,64 @@ default_compress_algo(void)
const char * const char *
compliance_option_string(void) compliance_option_string(void)
{ {
char *ver="???";
switch(opt.compliance) switch(opt.compliance)
{ {
case CO_RFC2440: case CO_GNUPG: return "--gnupg";
return "--openpgp"; case CO_RFC4880: return "--openpgp";
case CO_PGP2: case CO_RFC2440: return "--rfc2440";
return "--pgp2"; case CO_RFC1991: return "--rfc1991";
case CO_PGP6: case CO_PGP2: return "--pgp2";
return "--pgp6"; case CO_PGP6: return "--pgp6";
case CO_PGP7: case CO_PGP7: return "--pgp7";
return "--pgp7"; case CO_PGP8: return "--pgp8";
case CO_PGP8:
return "--pgp8";
default:
return "???";
}
} }
static const char * return ver;
compliance_string(void)
{
switch(opt.compliance)
{
case CO_RFC2440:
return "OpenPGP";
case CO_PGP2:
return "PGP 2.x";
case CO_PGP6:
return "PGP 6.x";
case CO_PGP7:
return "PGP 7.x";
case CO_PGP8:
return "PGP 8.x";
default:
return "???";
}
} }
void void
compliance_failure(void) compliance_failure(void)
{ {
log_info(_("this message may not be usable by %s\n"),compliance_string()); char *ver="???";
switch(opt.compliance)
{
case CO_GNUPG:
ver="GnuPG";
break;
case CO_RFC4880:
ver="OpenPGP";
break;
case CO_RFC2440:
ver="OpenPGP (older)";
break;
case CO_RFC1991:
ver="old PGP";
break;
case CO_PGP2:
ver="PGP 2.x";
break;
case CO_PGP6:
ver="PGP 6.x";
break;
case CO_PGP7:
ver="PGP 7.x";
break;
case CO_PGP8:
ver="PGP 8.x";
break;
}
log_info(_("this message may not be usable by %s\n"),ver);
opt.compliance=CO_GNUPG; opt.compliance=CO_GNUPG;
} }

9
g10/options.h
View File

@ -1,6 +1,6 @@
/* options.h /* options.h
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2006 Free Software Foundation, Inc. * 2007 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -103,7 +103,8 @@ struct
int force_ownertrust; int force_ownertrust;
enum enum
{ {
CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8 CO_GNUPG, CO_RFC4880, CO_RFC2440, CO_RFC1991, CO_PGP2,
CO_PGP6, CO_PGP7, CO_PGP8
} compliance; } compliance;
enum enum
{ {
@ -290,10 +291,12 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define GNUPG (opt.compliance==CO_GNUPG) #define GNUPG (opt.compliance==CO_GNUPG)
#define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2) #define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2)
#define RFC2440 (opt.compliance==CO_RFC2440) #define RFC2440 (opt.compliance==CO_RFC2440)
#define RFC4880 (opt.compliance==CO_RFC4880)
#define PGP2 (opt.compliance==CO_PGP2) #define PGP2 (opt.compliance==CO_PGP2)
#define PGP6 (opt.compliance==CO_PGP6) #define PGP6 (opt.compliance==CO_PGP6)
#define PGP7 (opt.compliance==CO_PGP7) #define PGP7 (opt.compliance==CO_PGP7)
#define PGP8 (opt.compliance==CO_PGP8) #define PGP8 (opt.compliance==CO_PGP8)
#define PGPX (PGP2 || PGP6 || PGP7 || PGP8)
/* Various option flags. Note that there should be no common string /* Various option flags. Note that there should be no common string
names between the IMPORT_ and EXPORT_ flags as they can be mixed in names between the IMPORT_ and EXPORT_ flags as they can be mixed in

44
g10/sign.c
View File

@ -1,6 +1,6 @@
/* sign.c - sign data /* sign.c - sign data
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2006 Free Software Foundation, Inc. * 2007 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -66,32 +66,17 @@ mk_notation_policy_etc( PKT_signature *sig,
struct notation *nd=NULL; struct notation *nd=NULL;
struct expando_args args; struct expando_args args;
assert(sig->version>=4);
memset(&args,0,sizeof(args)); memset(&args,0,sizeof(args));
args.pk=pk; args.pk=pk;
args.sk=sk; args.sk=sk;
/* It is actually impossible to get here when making a v3 key
signature since keyedit.c:sign_uids will automatically bump a
signature with a notation or policy url up to v4, but it is
good to do these checks anyway. */
/* notation data */ /* notation data */
if(IS_SIG(sig) && opt.sig_notations) if(IS_SIG(sig) && opt.sig_notations)
{
if(sig->version<4)
log_error(_("can't put notation data into v3 (PGP 2.x style) "
"signatures\n"));
else
nd=opt.sig_notations; nd=opt.sig_notations;
}
else if( IS_CERT(sig) && opt.cert_notations ) else if( IS_CERT(sig) && opt.cert_notations )
{
if(sig->version<4)
log_error(_("can't put notation data into v3 (PGP 2.x style) "
"key signatures\n"));
else
nd=opt.cert_notations; nd=opt.cert_notations;
}
if(nd) if(nd)
{ {
@ -116,21 +101,9 @@ mk_notation_policy_etc( PKT_signature *sig,
/* set policy URL */ /* set policy URL */
if( IS_SIG(sig) && opt.sig_policy_url ) if( IS_SIG(sig) && opt.sig_policy_url )
{
if(sig->version<4)
log_error(_("can't put a policy URL into v3 (PGP 2.x style) "
"signatures\n"));
else
pu=opt.sig_policy_url; pu=opt.sig_policy_url;
}
else if( IS_CERT(sig) && opt.cert_policy_url ) else if( IS_CERT(sig) && opt.cert_policy_url )
{
if(sig->version<4)
log_error(_("can't put a policy URL into v3 key (PGP 2.x style) "
"signatures\n"));
else
pu=opt.cert_policy_url; pu=opt.cert_policy_url;
}
for(;pu;pu=pu->next) for(;pu;pu=pu->next)
{ {
@ -153,12 +126,7 @@ mk_notation_policy_etc( PKT_signature *sig,
/* preferred keyserver URL */ /* preferred keyserver URL */
if( IS_SIG(sig) && opt.sig_keyserver_url ) if( IS_SIG(sig) && opt.sig_keyserver_url )
{
if(sig->version<4)
log_info("can't put a preferred keyserver URL into v3 signatures\n");
else
pu=opt.sig_keyserver_url; pu=opt.sig_keyserver_url;
}
for(;pu;pu=pu->next) for(;pu;pu=pu->next)
{ {
@ -689,8 +657,10 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
BUG (); BUG ();
if (sig->version >= 4) if (sig->version >= 4)
{
build_sig_subpkt_from_sig (sig); build_sig_subpkt_from_sig (sig);
mk_notation_policy_etc (sig, NULL, sk); mk_notation_policy_etc (sig, NULL, sk);
}
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
gcry_md_final (md); gcry_md_final (md);
@ -1487,8 +1457,10 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
sig->expiredate=sig->timestamp+duration; sig->expiredate=sig->timestamp+duration;
sig->sig_class = sigclass; sig->sig_class = sigclass;
if( sig->version >= 4 ) if( sig->version >= 4 )
{
build_sig_subpkt_from_sig( sig ); build_sig_subpkt_from_sig( sig );
mk_notation_policy_etc( sig, pk, sk ); mk_notation_policy_etc( sig, pk, sk );
}
/* Crucial that the call to mksubpkt comes LAST before the calls /* Crucial that the call to mksubpkt comes LAST before the calls
to finalize the sig as that makes it possible for the mksubpkt to finalize the sig as that makes it possible for the mksubpkt

16
keyserver/ChangeLog
View File

@ -1,3 +1,15 @@
2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
From 1.4 (July):
* gpgkeys_ldap.c (main): Fix bug in setting up whether to verify
peer SSL cert. This used to work with older OpenLDAP, but is now
more strictly handled.
* gpgkeys_ldap.c (search_key, main): Fix bug where searching for
foo bar (no quotes) on the command line resulted in searching for
"foo\2Abar" due to LDAP quoting. The proper search is "foo*bar".
2007-06-11 Werner Koch <wk@g10code.com> 2007-06-11 Werner Koch <wk@g10code.com>
* gpgkeys_hkp.c (send_key): Rename eof to r_eof as some Windows * gpgkeys_hkp.c (send_key): Rename eof to r_eof as some Windows
@ -1208,8 +1220,8 @@
gpgkeys_mailto (email keyserver helper) gpgkeys_mailto (email keyserver helper)
Copyright 1998, 1999, 2000, 2001, 2002, 2003, Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
2004 Free Software Foundation, Inc. 2007 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without unlimited permission to copy and/or distribute it, with or without

23
keyserver/gpgkeys_ldap.c
View File

@ -1,5 +1,6 @@
/* gpgkeys_ldap.c - talk to a LDAP keyserver /* gpgkeys_ldap.c - talk to a LDAP keyserver
* Copyright (C) 2001, 2002, 2004, 2005, 2006 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2004, 2005, 2006
* 2007 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -1288,18 +1289,25 @@ printquoted(FILE *stream,char *string,char delim)
static int static int
search_key(const char *searchkey) search_key(const char *searchkey)
{ {
char **vals; char **vals,*search;
LDAPMessage *res,*each; LDAPMessage *res,*each;
int err,count=0; int err,count=0;
struct keylist *dupelist=NULL; struct keylist *dupelist=NULL;
/* The maximum size of the search, including the optional stuff and /* The maximum size of the search, including the optional stuff and
the trailing \0 */ the trailing \0 */
char search[2+1+9+1+3+(MAX_LINE*3)+3+1+15+14+1+1+20];
char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled", char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled",
"pgpkeycreatetime","pgpkeyexpiretime","modifytimestamp", "pgpkeycreatetime","pgpkeyexpiretime","modifytimestamp",
"pgpkeysize","pgpkeytype",NULL}; "pgpkeysize","pgpkeytype",NULL};
enum ks_search_type search_type; enum ks_search_type search_type;
search=malloc(2+1+9+1+3+strlen(searchkey)+3+1+15+14+1+1+20);
if(!search)
{
fprintf(console,"gpgkeys: out of memory when building search list\n");
fprintf(output,"SEARCH %s FAILED %d\n",searchkey,KEYSERVER_NO_MEMORY);
return KEYSERVER_NO_MEMORY;
}
fprintf(output,"SEARCH %s BEGIN\n",searchkey); fprintf(output,"SEARCH %s BEGIN\n",searchkey);
search_type=classify_ks_search(&searchkey); search_type=classify_ks_search(&searchkey);
@ -1354,7 +1362,7 @@ search_key(const char *searchkey)
break; break;
} }
ldap_quote(search,searchkey); strcat(search,searchkey);
switch(search_type) switch(search_type)
{ {
@ -1392,6 +1400,7 @@ search_key(const char *searchkey)
err=ldap_search_s(ldap,basekeyspacedn, err=ldap_search_s(ldap,basekeyspacedn,
LDAP_SCOPE_SUBTREE,search,attrs,0,&res); LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
free(search);
if(err!=LDAP_SUCCESS && err!=LDAP_SIZELIMIT_EXCEEDED) if(err!=LDAP_SUCCESS && err!=LDAP_SIZELIMIT_EXCEEDED)
{ {
int errtag=ldap_err_to_gpg_err(err); int errtag=ldap_err_to_gpg_err(err);
@ -2172,7 +2181,7 @@ main(int argc,char *argv[])
else else
ver=LDAP_OPT_X_TLS_NEVER; ver=LDAP_OPT_X_TLS_NEVER;
err=ldap_set_option(ldap,LDAP_OPT_X_TLS_REQUIRE_CERT,&ver); err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ver);
} }
#endif #endif
@ -2308,7 +2317,7 @@ main(int argc,char *argv[])
keyptr=keyptr->next; keyptr=keyptr->next;
} }
searchkey=malloc(len+1); searchkey=malloc((len*3)+1);
if(searchkey==NULL) if(searchkey==NULL)
{ {
ret=KEYSERVER_NO_MEMORY; ret=KEYSERVER_NO_MEMORY;
@ -2321,7 +2330,7 @@ main(int argc,char *argv[])
keyptr=keylist; keyptr=keylist;
while(keyptr!=NULL) while(keyptr!=NULL)
{ {
strcat(searchkey,keyptr->str); ldap_quote(searchkey,keyptr->str);
strcat(searchkey,"*"); strcat(searchkey,"*");
keyptr=keyptr->next; keyptr=keyptr->next;
} }

21
tests/openpgp/ChangeLog
View File

@ -1,3 +1,22 @@
2007-10-25 Werner Koch <wk@g10code.com>
Add missing copyright notices to *.test.
2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
From 1.4 (July):
* defs.inc (all_cipher_algos): New function to return all ciphers.
* defs.inc (all_cipher_algos): New function to return all ciphers
we support. This is safer than the previous setup which could
hide that some ciphers weren't being tested. Plus, this
automatically tests any new ciphers libgcrypt supports.
(all_hash_algos): New.
* sigs.test: Use it here, and also test with >=160 bit hashes for
DSA2.
* conventional.test, encrypt.test, encrypt-dsa.test,
* conventional-mdc.test: Use it here.
2007-05-02 David Shaw <dshaw@jabberwocky.com> 2007-05-02 David Shaw <dshaw@jabberwocky.com>
* conventional.test, encrypt.test, encrypt-dsa.test, * conventional.test, encrypt.test, encrypt-dsa.test,
@ -289,7 +308,7 @@ Mon May 18 15:40:02 1998 Werner Koch (wk@isil.d.shuttle.de)
* ChangeLog: New. * ChangeLog: New.
Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. Copyright 1998, 1999, 2000, 2001, 2007 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without unlimited permission to copy and/or distribute it, with or without

8
tests/openpgp/armdetach.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/armdetachm.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/armencrypt.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/armencryptp.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

7
tests/openpgp/armor.test
View File

@ -1,5 +1,12 @@
#!/bin/sh #!/bin/sh
# Regression tests pertaining to the armoring. # Regression tests pertaining to the armoring.
# Copyright 2006, 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/armsignencrypt.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/armsigs.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/clearsig.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# Fixme: we should not only do a --verify but also the output. # Fixme: we should not only do a --verify but also the output.

34
tests/openpgp/conventional-mdc.test
View File

@ -1,32 +1,19 @@
#!/bin/sh #!/bin/sh
# Copyright 2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3
algos="3des"
if have_cipher_algo "IDEA"; then
algos="$algos idea"
fi
if have_cipher_algo "CAST5"; then
algos="$algos cast5"
fi
if have_cipher_algo "BLOWFISH"; then
algos="$algos blowfish"
fi
if have_cipher_algo "AES"; then
algos="$algos aes aes192 aes256"
fi
if have_cipher_algo "TWOFISH"; then
algos="$algos twofish"
fi
#info Checking conventional encryption #info Checking conventional encryption
for ciph in `all_cipher_algos`; do
echo_n "$ciph "
for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do
for ciph in $algos; do
# *BSD's dd can't cope with a count of 0 # *BSD's dd can't cope with a count of 0
if test "$i" = "0"; then if test "$i" = "0"; then
: >z : >z
@ -40,3 +27,4 @@ for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do
cmp z y || error "$ciph/$i: mismatch" cmp z y || error "$ciph/$i: mismatch"
done done
done done
echo_n "| "

34
tests/openpgp/conventional.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3
@ -9,29 +17,8 @@ for i in plain-2 data-32000 ; do
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
algos="3des" for a in `all_cipher_algos`; do
echo_n "$a "
if have_cipher_algo "IDEA"; then
algos="$algos idea"
fi
if have_cipher_algo "CAST5"; then
algos="$algos cast5"
fi
if have_cipher_algo "BLOWFISH"; then
algos="$algos blowfish"
fi
if have_cipher_algo "AES"; then
algos="$algos aes aes192 aes256"
fi
if have_cipher_algo "TWOFISH"; then
algos="$algos twofish"
fi
for a in $algos; do
for i in plain-1 data-80000 ; do for i in plain-1 data-80000 ; do
echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
--cipher-algo $a -c -o x --yes $i --cipher-algo $a -c -o x --yes $i
@ -39,3 +26,4 @@ for a in $algos; do
cmp $i y || error "$i: ($a) mismatch" cmp $i y || error "$i: ($a) mismatch"
done done
done done
echo_n "| "

8
tests/openpgp/decrypt-dsa.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/decrypt.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

19
tests/openpgp/defs.inc
View File

@ -1,4 +1,12 @@
# definitions for the check scripts # Definitions for the OpenPGP test scripts -*- sh -*-
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#-------------------------------- #--------------------------------
#------ constants --------------- #------ constants ---------------
@ -139,6 +147,15 @@ have_hash_algo () {
fi fi
} }
all_cipher_algos () {
../../g10/gpg2 --homedir . --version | grep "Cipher" | sed 's/^Cipher: //; s/,//g'
}
all_hash_algos () {
../../g10/gpg2 --homedir . --version | grep "Hash" | sed 's/^Hash: //; s/,//g'
}
set -e set -e
pgmname=`basename $0` pgmname=`basename $0`
#trap cleanup SIGHUP SIGINT SIGQUIT #trap cleanup SIGHUP SIGINT SIGQUIT

8
tests/openpgp/detach.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/detachm.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

34
tests/openpgp/encrypt-dsa.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3
@ -9,29 +17,8 @@ for i in $plain_files $data_files ; do
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
algos="3des" for ca in `all_cipher_algos` ; do
echo_n "$ca "
if have_cipher_algo "IDEA"; then
algos="$algos idea"
fi
if have_cipher_algo "CAST5"; then
algos="$algos cast5"
fi
if have_cipher_algo "BLOWFISH"; then
algos="$algos blowfish"
fi
if have_cipher_algo "AES"; then
algos="$algos aes aes192 aes256"
fi
if have_cipher_algo "TWOFISH"; then
algos="$algos twofish"
fi
for ca in $algos ; do
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG $dsa_keyrings --always-trust --cipher-algo $ca -e \ $GPG $dsa_keyrings --always-trust --cipher-algo $ca -e \
-o x --yes -r "$dsa_usrname2" $i -o x --yes -r "$dsa_usrname2" $i
@ -39,3 +26,4 @@ for ca in $algos ; do
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
done done
echo_n "| "

34
tests/openpgp/encrypt.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3
@ -9,32 +17,12 @@ for i in $plain_files $data_files ; do
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
algos="3des" for ca in `all_cipher_algos` ; do
echo_n "$ca "
if have_cipher_algo "IDEA"; then
algos="$algos idea"
fi
if have_cipher_algo "CAST5"; then
algos="$algos cast5"
fi
if have_cipher_algo "BLOWFISH"; then
algos="$algos blowfish"
fi
if have_cipher_algo "AES"; then
algos="$algos aes aes192 aes256"
fi
if have_cipher_algo "TWOFISH"; then
algos="$algos twofish"
fi
for ca in $algos ; do
for i in $plain_files $data_files ; do for i in $plain_files $data_files ; do
$GPG --always-trust -e -o x --yes -r "$usrname2" --cipher-algo $ca $i $GPG --always-trust -e -o x --yes -r "$usrname2" --cipher-algo $ca $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
done done
echo_n "| "

8
tests/openpgp/encryptp.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/genkey1024.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/mds.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

9
tests/openpgp/multisig.test
View File

@ -1,4 +1,13 @@
#!/bin/sh #!/bin/sh
# Copyright 2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# Check that gpg verifies only signatures where there is no ambiguity # Check that gpg verifies only signatures where there is no ambiguity
# in the order of packets. Needs the Demo Keys Lima and Mike. # in the order of packets. Needs the Demo Keys Lima and Mike.

8
tests/openpgp/seat.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/signencrypt-dsa.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/signencrypt.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/sigs-dsa.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

61
tests/openpgp/sigs.test
View File

@ -1,18 +1,37 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3
set -x
#info Checking signatures
for i in $plain_files $data_files; do for i in $plain_files $data_files; do
echo "$usrpass1" | $GPG --passphrase-fd 0 -s -o x --yes $i echo "$usrpass1" | $GPG --passphrase-fd 0 -s -o x --yes $i
$GPG -o y --yes x $GPG -o y --yes x
cmp $i y || error "$i: mismatch" cmp $i y || error "$i: mismatch"
done done
# Using the DSA sig key - only 160 bit hashes for da in `all_hash_algos` ; do
for da in ripemd160 sha1 ; do echo_n "$da "
# RSA key, so any hash is okay
if have_pubkey_algo "RSA"; then
for i in $plain_files; do
$GPG -u $usrname3 --digest-algo $da -s -o x --yes $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
# process only the first one
break
done
fi
# Using the DSA sig key - only 160 bit or larger hashes
if test $da != "MD5"; then
for i in $plain_files; do for i in $plain_files; do
echo "$usrpass1" | $GPG --passphrase-fd 0 --digest-algo $da \ echo "$usrpass1" | $GPG --passphrase-fd 0 --digest-algo $da \
-s -o x --yes $i -s -o x --yes $i
@ -21,34 +40,6 @@ for da in ripemd160 sha1 ; do
# process only the first one # process only the first one
break break
done done
fi
done done
echo_n "| "
# TODO: add the new SHAs here once we allow them to be used in new
# documents.
if have_pubkey_algo "RSA"; then
# Using the RSA sig key - all hashes
hash_algo_list="ripemd160 sha1 md5"
if have_hash_algo "SHA224"; then
hash_algo_list="$hash_algo_list sha224"
fi
if have_hash_algo "SHA256"; then
hash_algo_list="$hash_algo_list sha256"
fi
if have_hash_algo "SHA384"; then
hash_algo_list="$hash_algo_list sha384"
fi
if have_hash_algo "SHA512"; then
hash_algo_list="$hash_algo_list sha512"
fi
for da in $hash_algo_list ; do
for i in $plain_files; do
$GPG -u $usrname3 --digest-algo $da -s -o x --yes $i
$GPG -o y --yes x
cmp $i y || error "$i: mismatch"
# process only the first one
break
done
done
fi

8
tests/openpgp/verify.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3

8
tests/openpgp/version.test
View File

@ -1,4 +1,12 @@
#!/bin/sh #!/bin/sh
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
. $srcdir/defs.inc || exit 3 . $srcdir/defs.inc || exit 3