security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

See ChangeLog: Tue Oct 26 14:10:21 CEST 1999 Werner Koch

Browse source
This commit is contained in:
Werner Koch 1999-10-26 12:14:37 +00:00
parent df4ecbb8d9
commit cf70ca8d68
71 changed files with 4032 additions and 2869 deletions
Download patch file Download diff file Expand all files Collapse all files

52
g10/ChangeLog
View file

@ -1,5 +1,55 @@
Sat Sep 18 12:16:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
* misc.c (openpgp_cipher_test_algo): New.
(openpgp_pk_test_algo): New.
(openpgp_md_test_algo): New.
* g10.c (build_list): Changed to use the new functions from libgcrypt.
* ringedit.c (enum_keyblocks): Set .rt to 0 on open.
* encode.c (encode_simple): Use new CTB when we don't have the
length of the file. This is somewhat strange as the comment above
indicates that this part is actually fixed for PGP 5 - maybe I simply
lost the source line, tsss.
* sign.c (clearsign_file): Avoid duplicated Entries in the "Hash:"
line. Those headers are now only _not_ printed when there are
only old-style keys _and_ all hashs are MD5.
(clearsign_file): Use gcry_md_test_algo() and gcry_md_algo_name().
* openfile.c (make_outfile_name): Use case-insenstive compare for
DOS systems. Add ".pgp" to the list of know extensions.
(open_outfile): For DOS systems try to replace the suffix instead of
appending it.
* encr-data.c (decrypt_data): Reset error on a weak key.
* cipher.c: Replaced the cipher and digest functions by the gcry_ ones.
* seckey-cert.c: Ditto.
* seskey.c: Ditto.
* g10.c (print_mds): Replaced digst functions with the new gcry_ ones.
* keyid.c: Ditto.
* mainproc.c: Ditto.
* passphrase.c: Ditto.
* sig-check.c: Ditto.
* sign.c: Ditto.
* pkclist.c (do_edit_ownertrust): Made the answer string const.
* basicdefs.h: New. Move some defs and decl to this header.
* openfile.c (open_outfile): Fixed the 8dot3 handling.
* passphrase.c (passphrase_to_dek): Print uid using utf8 func.
* delkey.c (delete_key): Ditto.
* pkclist.c (show_paths,do_edit_ownertrust,do_we_trust): Ditto
(do_we_trust_pre): Ditto.
* trustdb.c (print_user_id,check_uidsigs): Ditto.
* revoke.c (gen_revoke,ask_revoke_sig): Ditto.
Sat Sep 18 12:16:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* filter.h: Changed cipher handle types to the the GCRY_xxx ones.
replaces include cipher by system header include gcrypt.h.

3
g10/Makefile.am
View file

@ -4,7 +4,8 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
EXTRA_DIST = OPTIONS pubring.asc options.skel
OMIT_DEPENDENCIES = zlib.h zconf.h
LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@
needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la
needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la \
../gcrypt/libgcrypt.la
#noinst_PROGRAMS = gpgd
bin_PROGRAMS = gpg

10
g10/build-packet.c
View file

@ -242,7 +242,7 @@ do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
* Make a hash value from the public key certificate
*/
void
hash_public_key( MD_HANDLE md, PKT_public_key *pk )
hash_public_key( GCRY_MD_HD md, PKT_public_key *pk )
{
PACKET pkt;
int rc = 0;
@ -293,10 +293,10 @@ hash_public_key( MD_HANDLE md, PKT_public_key *pk )
}
}
/* hash a header */
md_putc( md, 0x99 );
gcry_md_putc( md, 0x99 );
pktlen &= 0xffff; /* can't handle longer packets */
md_putc( md, pktlen >> 8 );
md_putc( md, pktlen & 0xff );
gcry_md_putc( md, pktlen >> 8 );
gcry_md_putc( md, pktlen & 0xff );
}
/* hash the packet body */
while( (c=iobuf_get(a)) != -1 ) {
@ -307,7 +307,7 @@ hash_public_key( MD_HANDLE md, PKT_public_key *pk )
i=0;
}
#endif
md_putc( md, c );
gcry_md_putc( md, c );
}
#if 0
putc('\n', fp);

18
g10/cipher.c
View file

@ -25,6 +25,7 @@
#include <errno.h>
#include <assert.h>
#include <gcrypt.h>
#include "errors.h"
#include "iobuf.h"
#include "memory.h"
@ -55,6 +56,8 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
if( use_mdc ) {
ed.mdc_method = DIGEST_ALGO_SHA1;
cfx->mdc_hash = gcry_md_open( DIGEST_ALGO_SHA1, 0 );
/*should we check the function works, or is it better to provide
a flag which makes the function die itself ?? FIXME */
/*md_start_debug( cfx->mdc_hash, "mdccreat" );*/
}
init_packet( &pkt );
@ -70,13 +73,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
temp[nprefix] = temp[nprefix-2];
temp[nprefix+1] = temp[nprefix-1];
print_cipher_algo_note( cfx->dek->algo );
if( gcry_cipher_open( &cfx->cipher_hd,
cfx->dek->algo,
CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (cfy->dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) )
) {
if( !(cfx->cipher_hd = gcry_cipher_open( cfx->dek->algo,
GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (cfx->dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC)))
) {
/* we should never get an error here cause we already checked, that
* the algorithm is available. */
BUG();
@ -91,7 +93,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
/* log_hexdump( "prefix", temp, nprefix+2 ); */
if( cfx->mdc_hash )
gcry_md_write( cfx->mdc_hash, temp, nprefix+2 );
rc = cipher_encrypt( cfx->cipher_hd, temp, nprefix+2, NULL, 0 );
rc = gcry_cipher_encrypt( cfx->cipher_hd, temp, nprefix+2, NULL, 0 );
if( !rc )
rc = gcry_cipher_sync( cfx->cipher_hd );
if( rc )

2
g10/delkey.c
View file

@ -124,7 +124,7 @@ delete_key( const char *username, int secret )
pubkey_letter( pk->pubkey_algo ),
keyid[1], datestr_from_pk(pk) );
p = get_user_id( keyid, &n );
tty_print_string( p, n );
tty_print_utf8_string( p, n );
m_free(p);
tty_printf("\n\n");

5
g10/encode.c
View file

@ -177,6 +177,7 @@ encode_simple( const char *filename, int mode )
pt->timestamp = make_timestamp();
pt->mode = opt.textmode? 't' : 'b';
pt->len = filesize;
pt->new_ctb = !pt->len && !opt.rfc1991;
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
@ -480,8 +481,8 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
if( opt.verbose ) {
char *ustr = get_user_id_string( enc->keyid );
log_info(_("%s/%s encrypted for: %s\n"),
pubkey_algo_to_string(enc->pubkey_algo),
cipher_algo_to_string(dek->algo), ustr );
gcry_pk_algo_name(enc->pubkey_algo),
gcry_cipher_algo_name(dek->algo), ustr );
m_free(ustr);
}
/* and write it */

61
g10/encr-data.c
View file

@ -56,7 +56,6 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
decode_filter_ctx_t dfx;
byte *p;
int rc=0, c, i;
int algo_okay;
byte temp[32];
int blocksize;
unsigned nprefix;
@ -71,27 +70,45 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
if( opt.verbose )
log_info(_("%s encrypted data\n"), gcry_cipher_algo_name( dek->algo ) );
blocksize = gcry_cipher_get_blklen( dek->algo );
blocksize = gcry_cipher_get_algo_blklen( dek->algo );
if( blocksize < 1 || blocksize > 16 )
log_fatal("unsupported blocksize %u\n", blocksize );
nprefix = blocksize;
if( ed->len && ed->len < (nprefix+2) )
BUG();
--> We are currently working HERE!!!!
if( ed->mdc_method )
dfx.mdc_hash = md_open( ed->mdc_method, 0 );
dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
if( ed->mdc_method ) {
dfx.mdc_hash = gcry_md_open( ed->mdc_method, 0 );
if( !dfx.mdc_hash )
BUG();
}
if( !(dfx.cipher_hd = gcry_cipher_open( dek->algo,
GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) ))
) {
/* we should never get an error here cause we already checked, that
* the algorithm is available. What about a flag to let the function
* die in this case? */
BUG();
}
/* log_hexdump( "thekey", dek->key, dek->keylen );*/
rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
if( rc == G10ERR_WEAK_KEY )
rc = gcry_cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
if( rc == GCRYERR_WEAK_KEY ) {
log_info(_("WARNING: message was encrypted with "
"a weak key in the symmetric cipher.\n"));
rc = 0;
}
else if( rc ) {
log_error("key setup failed: %s\n", g10_errstr(rc) );
log_error("key setup failed: %s\n", gcry_strerror(rc) );
rc = map_gcry_rc(rc);
goto leave;
}
cipher_setiv( dfx.cipher_hd, NULL, 0 );
gcry_cipher_setiv( dfx.cipher_hd, NULL, 0 );
if( ed->len ) {
for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) {
@ -108,10 +125,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
else
temp[i] = c;
}
cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2);
gcry_cipher_decrypt( dfx.cipher_hd, temp, nprefix+2, NULL, 0 );
if( dfx.mdc_hash )
md_write( dfx.mdc_hash, temp, nprefix+2 );
cipher_sync( dfx.cipher_hd );
gcry_md_write( dfx.mdc_hash, temp, nprefix+2 );
gcry_cipher_sync( dfx.cipher_hd );
p = temp;
/* log_hexdump( "prefix", temp, nprefix+2 ); */
if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
@ -127,20 +144,20 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
if( ed->mdc_method && dfx.eof_seen == 2 )
rc = G10ERR_INVALID_PACKET;
else if( ed->mdc_method ) { /* check the mdc */
int datalen = md_digest_length( ed->mdc_method );
md_final( dfx.mdc_hash );
int datalen = gcry_md_get_algo_dlen( ed->mdc_method );
if( datalen != 20
|| memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) )
|| memcmp(gcry_md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) )
rc = G10ERR_BAD_SIGN;
log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);
log_hexdump("MDC calculated:", gcry_md_read( dfx.mdc_hash, 0), datalen);
log_hexdump("MDC message :", dfx.defer, 20);
}
leave:
cipher_close(dfx.cipher_hd);
md_close( dfx.mdc_hash );
gcry_cipher_close(dfx.cipher_hd);
gcry_md_close( dfx.mdc_hash );
return rc;
}
/* I think we should merge this with cipher_filter */
static int
mdc_decode_filter( void *opaque, int control, IOBUF a,
@ -198,8 +215,8 @@ mdc_decode_filter( void *opaque, int control, IOBUF a,
}
if( n ) {
cipher_decrypt( dfx->cipher_hd, buf, buf, n);
md_write( dfx->mdc_hash, buf, n );
gcry_cipher_decrypt( dfx->cipher_hd, buf, n, NULL, 0);
gcry_md_write( dfx->mdc_hash, buf, n );
}
else {
assert( dfx->eof_seen );
@ -225,7 +242,7 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
n = iobuf_read( a, buf, size );
if( n == -1 ) n = 0;
if( n )
cipher_decrypt( fc->cipher_hd, buf, buf, n);
gcry_cipher_decrypt( fc->cipher_hd, buf, n, NULL, 0);
else
rc = -1; /* eof */
*ret_len = n;

11
g10/filter.h
View file

@ -22,7 +22,9 @@
#include <gcrypt.h>
#include "types.h"
#include "basicdefs.h"
typedef struct {
GCRY_MD_HD md; /* catch all */
@ -83,6 +85,13 @@ typedef struct {
} cipher_filter_context_t;
typedef struct {
int header_okay;
PK_LIST pk_list;
cipher_filter_context_t cfx;
} encrypt_filter_context_t;
typedef struct {
byte *buffer; /* malloced buffer */

95
g10/g10.c
View file

@ -26,6 +26,7 @@
#include <ctype.h>
#include <unistd.h>
#include <gcrypt.h>
#include "packet.h"
#include "iobuf.h"
@ -36,7 +37,6 @@
#include "keydb.h"
#include "trustdb.h"
#include "mpi.h"
#include "cipher.h"
#include "filter.h"
#include "ttyio.h"
#include "i18n.h"
@ -353,8 +353,8 @@ int g10_errors_seen = 0;
static int utf8_strings = 0;
static int maybe_setuid = 1;
static char *build_list( const char *text,
const char *(*mapf)(int), int (*chkf)(int) );
static char *build_list( const char *text, const char * (*mapf)(int),
int (*chkf)(int) );
static void set_cmd( enum cmd_and_opt_values *ret_cmd,
enum cmd_and_opt_values new_cmd );
static void print_hex( byte *p, size_t n );
@ -388,20 +388,20 @@ strusage( int level )
case 31: p = _("\nSupported algorithms:\n"); break;
case 32:
if( !ciphers )
ciphers = build_list("Cipher: ", cipher_algo_to_string,
check_cipher_algo );
ciphers = build_list("Cipher: ", gcry_cipher_algo_name,
openpgp_cipher_test_algo );
p = ciphers;
break;
case 33:
if( !pubkeys )
pubkeys = build_list("Pubkey: ", pubkey_algo_to_string,
check_pubkey_algo );
pubkeys = build_list("Pubkey: ", gcry_pk_algo_name,
openpgp_pk_test_algo );
p = pubkeys;
break;
case 34:
if( !digests )
digests = build_list("Hash: ", digest_algo_to_string,
check_digest_algo );
digests = build_list("Hash: ", gcry_md_algo_name,
openpgp_md_test_algo );
p = digests;
break;
@ -415,7 +415,6 @@ static char *
build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) )
{
int i;
const char *s;
size_t n=strlen(text)+2;
char *list, *p;
@ -423,16 +422,16 @@ build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) )
secmem_init( 0 ); /* drop setuid */
for(i=1; i < 110; i++ )
if( !chkf(i) && (s=mapf(i)) )
n += strlen(s) + 2;
if( !chkf(i) )
n += strlen(mapf(i)) + 2;
list = m_alloc( 21 + n ); *list = 0;
for(p=NULL, i=1; i < 110; i++ ) {
if( !chkf(i) && (s=mapf(i)) ) {
if( !chkf(i) ) {
if( !p )
p = stpcpy( list, text );
else
p = stpcpy( p, ", ");
p = stpcpy(p, s );
p = stpcpy(p, mapf(i) );
}
}
if( p )
@ -577,8 +576,8 @@ main( int argc, char **argv )
opt.def_digest_algo = 0;
opt.def_compress_algo = 2;
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = DIGEST_ALGO_RMD160;
opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
opt.s2k_digest_algo = GCRY_MD_RMD160;
opt.s2k_cipher_algo = GCRY_CIPHER_BLOWFISH;
opt.completes_needed = 1;
opt.marginals_needed = 3;
opt.max_cert_depth = 5;
@ -798,8 +797,8 @@ main( int argc, char **argv )
opt.def_digest_algo = 0;
opt.def_compress_algo = 2;
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = DIGEST_ALGO_RMD160;
opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
opt.s2k_digest_algo = GCRY_MD_RMD160;
opt.s2k_cipher_algo = GCRY_CIPHER_BLOWFISH;
break;
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
case oCompressSigs: opt.compress_sigs = 1; break;
@ -853,11 +852,14 @@ main( int argc, char **argv )
case oNotation: add_notation_data( pargs.r.ret_str ); break;
case oUtf8Strings: utf8_strings = 1; break;
case oNoUtf8Strings: utf8_strings = 0; break;
case oDisableCipherAlgo:
disable_cipher_algo( string_to_cipher_algo(pargs.r.ret_str) );
case oDisableCipherAlgo: {
int algo = gcry_cipher_map_name(pargs.r.ret_str);
gcry_cipher_ctl( NULL, GCRYCTL_DISABLE_ALGO,
&algo, sizeof algo );
}
break;
case oDisablePubkeyAlgo:
disable_pubkey_algo( string_to_pubkey_algo(pargs.r.ret_str) );
disable_pubkey_algo( gcry_pk_map_name(pargs.r.ret_str) );
break;
case oAllowNonSelfsignedUID:
opt.allow_non_selfsigned_uid = 1;
@ -927,27 +929,27 @@ main( int argc, char **argv )
/* must do this after dropping setuid, because string_to...
* may try to load an module */
if( def_cipher_string ) {
opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
opt.def_cipher_algo = gcry_cipher_map_name(def_cipher_string);
m_free(def_cipher_string); def_cipher_string = NULL;
if( check_cipher_algo(opt.def_cipher_algo) )
if( openpgp_cipher_test_algo(opt.def_cipher_algo) )
log_error(_("selected cipher algorithm is invalid\n"));
}
if( def_digest_string ) {
opt.def_digest_algo = string_to_digest_algo(def_digest_string);
opt.def_digest_algo = gcry_md_map_name(def_digest_string);
m_free(def_digest_string); def_digest_string = NULL;
if( check_digest_algo(opt.def_digest_algo) )
if( openpgp_md_test_algo(opt.def_digest_algo) )
log_error(_("selected digest algorithm is invalid\n"));
}
if( s2k_cipher_string ) {
opt.s2k_cipher_algo = string_to_cipher_algo(s2k_cipher_string);
opt.s2k_cipher_algo = gcry_cipher_map_name(s2k_cipher_string);
m_free(s2k_cipher_string); s2k_cipher_string = NULL;
if( check_cipher_algo(opt.s2k_cipher_algo) )
if( openpgp_cipher_test_algo(opt.s2k_cipher_algo) )
log_error(_("selected cipher algorithm is invalid\n"));
}
if( s2k_digest_string ) {
opt.s2k_digest_algo = string_to_digest_algo(s2k_digest_string);
opt.s2k_digest_algo = gcry_md_map_name(s2k_digest_string);
m_free(s2k_digest_string); s2k_digest_string = NULL;
if( check_digest_algo(opt.s2k_digest_algo) )
if( openpgp_md_test_algo(opt.s2k_digest_algo) )
log_error(_("selected digest algorithm is invalid\n"));
}
if( opt.set_policy_url ) {
@ -1330,7 +1332,7 @@ main( int argc, char **argv )
wrong_args("--print-md algo [files]");
{
int all_algos = (**argv=='*' && !(*argv)[1]);
int algo = all_algos? 0 : string_to_digest_algo(*argv);
int algo = all_algos? 0 : gcry_md_map_name(*argv);
if( !algo && !all_algos )
log_error(_("invalid hash algorithm `%s'\n"), *argv );
@ -1509,8 +1511,9 @@ print_mds( const char *fname, int algo )
FILE *fp;
char buf[1024];
size_t n;
MD_HANDLE md;
GCRY_MD_HD md;
char *pname;
int have_tiger = 0;
if( !fname ) {
fp = stdin;
@ -1527,43 +1530,41 @@ print_mds( const char *fname, int algo )
return;
}
md = md_open( 0, 0 );
md = gcry_md_open( 0, 0 );
if( algo )
md_enable( md, algo );
gcry_md_enable( md, algo );
else {
md_enable( md, DIGEST_ALGO_MD5 );
md_enable( md, DIGEST_ALGO_SHA1 );
md_enable( md, DIGEST_ALGO_RMD160 );
if( !check_digest_algo(DIGEST_ALGO_TIGER) )
md_enable( md, DIGEST_ALGO_TIGER );
gcry_md_enable( md, GCRY_MD_MD5 );
gcry_md_enable( md, GCRY_MD_SHA1 );
gcry_md_enable( md, GCRY_MD_RMD160 );
have_tiger = !gcry_md_enable( md, GCRY_MD_TIGER );
}
while( (n=fread( buf, 1, DIM(buf), fp )) )
md_write( md, buf, n );
gcry_md_write( md, buf, n );
if( ferror(fp) )
log_error("%s%s\n", pname, strerror(errno) );
else {
md_final(md);
if( algo ) {
if( fname )
fputs( pname, stdout );
print_hex(md_read(md, algo), md_digest_length(algo) );
print_hex( gcry_md_read(md, algo), gcry_md_get_algo_dlen(algo) );
}
else {
printf( "%s MD5 = ", fname?pname:"" );
print_hex(md_read(md, DIGEST_ALGO_MD5), 16 );
print_hex(gcry_md_read(md, GCRY_MD_MD5), 16 );
printf("\n%s SHA1 = ", fname?pname:"" );
print_hex(md_read(md, DIGEST_ALGO_SHA1), 20 );
print_hex(gcry_md_read(md, GCRY_MD_SHA1), 20 );
printf("\n%sRMD160 = ", fname?pname:"" );
print_hex(md_read(md, DIGEST_ALGO_RMD160), 20 );
if( !check_digest_algo(DIGEST_ALGO_TIGER) ) {
print_hex(gcry_md_read(md, GCRY_MD_RMD160), 20 );
if( have_tiger ) {
printf("\n%s TIGER = ", fname?pname:"" );
print_hex(md_read(md, DIGEST_ALGO_TIGER), 24 );
print_hex(gcry_md_read(md, GCRY_MD_TIGER), 24 );
}
}
putchar('\n');
}
md_close(md);
gcry_md_close(md);
if( fp != stdin )
fclose(fp);

5
g10/keydb.h
View file

@ -25,9 +25,8 @@
#include <gdbm.h>
#endif
#include "types.h"
#include "basicdefs.h"
#include "packet.h"
#include "cipher.h"
#define MAX_FINGERPRINT_LEN 20
@ -83,7 +82,6 @@ struct keyblock_pos_struct {
typedef struct keyblock_pos_struct KBPOS;
/* structure to hold a couple of public key certificates */
typedef struct pk_list *PK_LIST;
struct pk_list {
PK_LIST next;
PKT_public_key *pk;
@ -91,7 +89,6 @@ struct pk_list {
};
/* structure to hold a couple of secret key certificates */
typedef struct sk_list *SK_LIST;
struct sk_list {
SK_LIST next;
PKT_secret_key *sk;

4
g10/keygen.c
View file

@ -443,7 +443,7 @@ ask_keysize( int algo )
" minimum keysize is 768 bits\n"
" default keysize is 1024 bits\n"
" highest suggested keysize is 2048 bits\n"),
pubkey_algo_to_string(algo) );
gcry_pk_algo_name(algo) );
for(;;) {
answer = cpr_get("keygen.size",
_("What keysize do you want? (1024) "));
@ -686,7 +686,7 @@ ask_user_id( int mode )
tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
/* fixme: add a warning if this user-id already exists */
for(;;) {
char *ansstr = _("NnCcEeOoQq");
const char *ansstr = _("NnCcEeOoQq");
if( strlen(ansstr) != 10 )
BUG();

103
g10/keyid.c
View file

@ -25,6 +25,7 @@
#include <errno.h>
#include <time.h>
#include <assert.h>
#include <gcrypt.h>
#include "util.h"
#include "main.h"
#include "packet.h"
@ -48,10 +49,10 @@ pubkey_letter( int algo )
}
static MD_HANDLE
static GCRY_MD_HD
do_fingerprint_md( PKT_public_key *pk )
{
MD_HANDLE md;
GCRY_MD_HD md;
unsigned n;
unsigned nb[PUBKEY_MAX_NPKEY];
unsigned nn[PUBKEY_MAX_NPKEY];
@ -59,7 +60,9 @@ do_fingerprint_md( PKT_public_key *pk )
int i;
int npkey = pubkey_get_npkey( pk->pubkey_algo );
md = md_open( pk->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0);
md = gcry_md_open( pk->version < 4 ? GCRY_MD_RMD160 : GCRY_MD_SHA1, 0);
if( !md )
BUG();
n = pk->version < 4 ? 8 : 6;
for(i=0; i < npkey; i++ ) {
nb[i] = mpi_get_nbits(pk->pkey[i]);
@ -67,19 +70,19 @@ do_fingerprint_md( PKT_public_key *pk )
n += 2 + nn[i];
}
md_putc( md, 0x99 ); /* ctb */
md_putc( md, n >> 8 ); /* 2 byte length header */
md_putc( md, n );
gcry_md_putc( md, 0x99 ); /* ctb */
gcry_md_putc( md, n >> 8 ); /* 2 byte length header */
gcry_md_putc( md, n );
if( pk->version < 4 )
md_putc( md, 3 );
gcry_md_putc( md, 3 );
else
md_putc( md, 4 );
gcry_md_putc( md, 4 );
{ u32 a = pk->timestamp;
md_putc( md, a >> 24 );
md_putc( md, a >> 16 );
md_putc( md, a >> 8 );
md_putc( md, a );
gcry_md_putc( md, a >> 24 );
gcry_md_putc( md, a >> 16 );
gcry_md_putc( md, a >> 8 );
gcry_md_putc( md, a );
}
if( pk->version < 4 ) {
u16 a;
@ -88,22 +91,22 @@ do_fingerprint_md( PKT_public_key *pk )
a = (u16)((pk->expiredate - pk->timestamp) / 86400L);
else
a = 0;
md_putc( md, a >> 8 );
md_putc( md, a );
gcry_md_putc( md, a >> 8 );
gcry_md_putc( md, a );
}
md_putc( md, pk->pubkey_algo );
gcry_md_putc( md, pk->pubkey_algo );
for(i=0; i < npkey; i++ ) {
md_putc( md, nb[i]>>8);
md_putc( md, nb[i] );
md_write( md, pp[i], nn[i] );
gcry_md_putc( md, nb[i]>>8);
gcry_md_putc( md, nb[i] );
gcry_md_write( md, pp[i], nn[i] );
m_free(pp[i]);
}
md_final( md );
gcry_md_final( md );
return md;
}
static MD_HANDLE
static GCRY_MD_HD
do_fingerprint_md_sk( PKT_secret_key *sk )
{
PKT_public_key pk;
@ -140,13 +143,13 @@ keyid_from_sk( PKT_secret_key *sk, u32 *keyid )
}
else {
const byte *dp;
MD_HANDLE md;
GCRY_MD_HD md;
md = do_fingerprint_md_sk(sk);
dp = md_read( md, 0 );
dp = gcry_md_read( md, 0 );
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
lowbits = keyid[1];
md_close(md);
gcry_md_close(md);
}
return lowbits;
@ -179,13 +182,13 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
}
else {
const byte *dp;
MD_HANDLE md;
GCRY_MD_HD md;
md = do_fingerprint_md(pk);
dp = md_read( md, 0 );
dp = gcry_md_read( md, 0 );
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
lowbits = keyid[1];
md_close(md);
gcry_md_close(md);
pk->keyid[0] = keyid[0];
pk->keyid[1] = keyid[1];
}
@ -348,34 +351,36 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len )
if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
/* RSA in version 3 packets is special */
MD_HANDLE md;
GCRY_MD_HD md;
md = md_open( DIGEST_ALGO_MD5, 0);
md = gcry_md_open( DIGEST_ALGO_MD5, 0);
if( !md )
BUG();
if( pubkey_get_npkey( pk->pubkey_algo ) > 1 ) {
p = buf = mpi_get_buffer( pk->pkey[0], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(buf);
p = buf = mpi_get_buffer( pk->pkey[1], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(buf);
}
md_final(md);
gcry_md_final(md);
if( !array )
array = m_alloc( 16 );
len = 16;
memcpy(array, md_read(md, DIGEST_ALGO_MD5), 16 );
md_close(md);
memcpy(array, gcry_md_read(md, DIGEST_ALGO_MD5), 16 );
gcry_md_close(md);
}
else {
MD_HANDLE md;
GCRY_MD_HD md;
md = do_fingerprint_md(pk);
dp = md_read( md, 0 );
len = md_digest_length( md_get_algo( md ) );
dp = gcry_md_read( md, 0 );
len = gcry_md_get_algo_dlen( gcry_md_get_algo( md ) );
assert( len <= MAX_FINGERPRINT_LEN );
if( !array )
array = m_alloc( len );
memcpy(array, dp, len );
md_close(md);
gcry_md_close(md);
}
*ret_len = len;
@ -392,34 +397,36 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len )
if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) {
/* RSA in version 3 packets is special */
MD_HANDLE md;
GCRY_MD_HD md;
md = md_open( DIGEST_ALGO_MD5, 0);
md = gcry_md_open( DIGEST_ALGO_MD5, 0);
if( !md )
BUG();
if( pubkey_get_npkey( sk->pubkey_algo ) > 1 ) {
p = buf = mpi_get_buffer( sk->skey[1], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(buf);
p = buf = mpi_get_buffer( sk->skey[0], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(buf);
}
md_final(md);
gcry_md_final(md);
if( !array )
array = m_alloc( 16 );
len = 16;
memcpy(array, md_read(md, DIGEST_ALGO_MD5), 16 );
md_close(md);
memcpy(array, gcry_md_read(md, GCRY_MD_MD5), 16 );
gcry_md_close(md);
}
else {
MD_HANDLE md;
GCRY_MD_HD md;
md = do_fingerprint_md_sk(sk);
dp = md_read( md, 0 );
len = md_digest_length( md_get_algo( md ) );
dp = gcry_md_read( md, 0 );
len = gcry_md_get_algo_dlen( gcry_md_get_algo( md ) );
assert( len <= MAX_FINGERPRINT_LEN );
if( !array )
array = m_alloc( len );
memcpy(array, dp, len );
md_close(md);
gcry_md_close(md);
}
*ret_len = len;

28
g10/main.h
View file

@ -19,22 +19,16 @@
*/
#ifndef G10_MAIN_H
#define G10_MAIN_H
#include "types.h"
#include <gcrypt.h>
#include "basicdefs.h"
#include "iobuf.h"
#include "mpi.h"
#include "cipher.h"
#include "keydb.h"
#define DEFAULT_CIPHER_ALGO CIPHER_ALGO_BLOWFISH
#define DEFAULT_PUBKEY_ALGO PUBKEY_ALGO_ELGAMAL
#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_RMD160
typedef struct {
int header_okay;
PK_LIST pk_list;
cipher_filter_context_t cfx;
} encrypt_filter_context_t;
#define DEFAULT_CIPHER_ALGO GCRY_CIPHER_BLOWFISH
#define DEFAULT_PUBKEY_ALGO GCRY_PUBKEY_ELGAMAL
#define DEFAULT_DIGEST_ALGO GCRY_MD_RMD160
/*-- g10.c --*/
@ -61,6 +55,10 @@ u16 checksum_mpi( MPI a );
u16 checksum_mpi_counted_nbits( MPI a );
u32 buffer_to_u32( const byte *buffer );
int openpgp_cipher_test_algo( int algo );
int openpgp_pk_test_algo( int algo );
int openpgp_md_test_algo( int algo );
/*-- helptext.c --*/
void display_online_help( const char *keyword );
@ -73,7 +71,7 @@ int encrypt_filter( void *opaque, int control,
/*-- sign.c --*/
int complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md );
int complete_sig( PKT_signature *sig, PKT_secret_key *sk, GCRY_MD_HD md );
int sign_file( STRLIST filenames, int detached, STRLIST locusr,
int do_encrypt, STRLIST remusr, const char *outfile );
int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
@ -108,7 +106,7 @@ void copy_options_file( const char *destdir );
/*-- seskey.c --*/
void make_session_key( DEK *dek );
MPI encode_session_key( DEK *dek, unsigned nbits );
MPI encode_md_value( int pubkey_algo, MD_HANDLE md,
MPI encode_md_value( int pubkey_algo, GCRY_MD_HD md,
int hash_algo, unsigned nbits );
/*-- comment.c --*/
@ -143,7 +141,7 @@ int verify_signatures( int nfiles, char **files );
int decrypt_message( const char *filename );
/*-- plaintext.c --*/
int hash_datafiles( MD_HANDLE md, MD_HANDLE md2,
int hash_datafiles( GCRY_MD_HD md, GCRY_MD_HD md2,
STRLIST files, const char *sigfilename, int textmode );
/*-- signal.c --*/

63
g10/mainproc.c
View file

@ -25,12 +25,12 @@
#include <assert.h>
#include <time.h>
#include <gcrypt.h>
#include "packet.h"
#include "iobuf.h"
#include "memory.h"
#include "options.h"
#include "util.h"
#include "cipher.h"
#include "keydb.h"
#include "filter.h"
#include "main.h"
@ -266,7 +266,7 @@ print_failed_pkenc( struct kidlist_item *list )
{
for( ; list; list = list->next ) {
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
const char *algstr = pubkey_algo_to_string( list->pubkey_algo );
const char *algstr = gcry_pk_algo_name( list->pubkey_algo );
pk->pubkey_algo = list->pubkey_algo;
if( !get_pubkey( pk, list->kid ) ) {
@ -361,7 +361,8 @@ proc_plaintext( CTX c, PACKET *pkt )
else if( opt.verbose )
log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
free_md_filter_context( &c->mfx );
c->mfx.md = md_open( 0, 0);
if( !(c->mfx.md = gcry_md_open( 0, 0)) )
BUG();
/* fixme: we may need to push the textfilter if we have sigclass 1
* and no armoring - Not yet tested
* Hmmm, why don't we need it at all if we have sigclass 1
@ -372,7 +373,8 @@ proc_plaintext( CTX c, PACKET *pkt )
for(n=c->list; n; n = n->next ) {
if( n->pkt->pkttype == PKT_ONEPASS_SIG ) {
if( n->pkt->pkt.onepass_sig->digest_algo ) {
md_enable( c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo );
gcry_md_enable( c->mfx.md,
n->pkt->pkt.onepass_sig->digest_algo );
if( !any && n->pkt->pkt.onepass_sig->digest_algo
== DIGEST_ALGO_MD5 )
only_md5 = 1;
@ -398,9 +400,9 @@ proc_plaintext( CTX c, PACKET *pkt )
}
}
if( !any ) { /* no onepass sig packet: enable all standard algos */
md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
}
if( only_md5 ) {
/* This is a kludge to work around a bug in pgp2. It does only
@ -408,7 +410,8 @@ proc_plaintext( CTX c, PACKET *pkt )
* pgp mails we could see whether there is the signature packet
* in front of the plaintext. If someone needs this, send me a patch.
*/
c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0);
if( !(c->mfx.md2 = gcry_md_open( DIGEST_ALGO_MD5, 0)) )
BUG();
}
#if 0
#warning md_start_debug is enabled
@ -467,7 +470,7 @@ static int
do_check_sig( CTX c, KBNODE node, int *is_selfsig )
{
PKT_signature *sig;
MD_HANDLE md = NULL, md2 = NULL;
GCRY_MD_HD md = NULL, md2 = NULL;
int algo, rc;
assert( node->pkt->pkttype == PKT_SIGNATURE );
@ -476,27 +479,31 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
sig = node->pkt->pkt.signature;
algo = sig->digest_algo;
if( (rc=check_digest_algo(algo)) )
if( (rc=openpgp_md_test_algo(algo)) )
return rc;
if( sig->sig_class == 0x00 ) {
if( c->mfx.md )
md = md_copy( c->mfx.md );
md = gcry_md_copy( c->mfx.md );
else /* detached signature */
md = md_open( 0, 0 ); /* signature_check() will enable the md*/
md = gcry_md_open( 0, 0 ); /* signature_check() will enable the md*/
if( !md )
BUG();
}
else if( sig->sig_class == 0x01 ) {
/* how do we know that we have to hash the (already hashed) text
* in canonical mode ??? (calculating both modes???) */
if( c->mfx.md ) {
md = md_copy( c->mfx.md );
md = gcry_md_copy( c->mfx.md );
if( c->mfx.md2 )
md2 = md_copy( c->mfx.md2 );
md2 = gcry_md_copy( c->mfx.md2 );
}
else { /* detached signature */
log_debug("Do we really need this here?");
md = md_open( 0, 0 ); /* signature_check() will enable the md*/
md2 = md_open( 0, 0 );
md = gcry_md_open( 0, 0 ); /* signature_check() will enable the md*/
md2 = gcry_md_open( 0, 0 );
if( !md || !md2 )
BUG();
}
}
else if( (sig->sig_class&~3) == 0x10
@ -518,8 +525,8 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
rc = signature_check( sig, md );
if( rc == G10ERR_BAD_SIGN && md2 )
rc = signature_check( sig, md2 );
md_close(md);
md_close(md2);
gcry_md_close(md);
gcry_md_close(md2);
return rc;
}
@ -1020,7 +1027,7 @@ static int
check_sig_and_print( CTX c, KBNODE node )
{
PKT_signature *sig = node->pkt->pkt.signature;
const char *astr, *tstr;
const char *tstr;
int rc;
if( opt.skip_verify ) {
@ -1029,9 +1036,9 @@ check_sig_and_print( CTX c, KBNODE node )
}
tstr = asctimestamp(sig->timestamp);
astr = pubkey_algo_to_string( sig->pubkey_algo );
log_info(_("Signature made %.*s using %s key ID %08lX\n"),
(int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] );
(int)strlen(tstr), tstr, gcry_pk_algo_name( sig->pubkey_algo ),
(ulong)sig->keyid[1] );
rc = do_check_sig(c, node, NULL );
if( rc == G10ERR_NO_PUBKEY && opt.keyserver_name ) {
@ -1148,11 +1155,12 @@ proc_tree( CTX c, KBNODE node )
if( !c->have_data ) {
free_md_filter_context( &c->mfx );
/* prepare to create all requested message digests */
c->mfx.md = md_open(0, 0);
if( !(c->mfx.md = gcry_md_open(0, 0)) )
BUG();
/* fixme: why looking for the signature packet and not 1passpacket*/
for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) {
md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
gcry_md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
}
/* ask for file and hash it */
if( c->sigs_only )
@ -1177,18 +1185,21 @@ proc_tree( CTX c, KBNODE node )
if( !c->have_data ) {
/* detached signature */
free_md_filter_context( &c->mfx );
c->mfx.md = md_open(sig->digest_algo, 0);
if( !(c->mfx.md = gcry_md_open(sig->digest_algo, 0)) )
BUG();
if( sig->digest_algo == DIGEST_ALGO_MD5
&& is_RSA( sig->pubkey_algo ) ) {
/* enable a workaround for a pgp2 bug */
c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0 );
if( !(c->mfx.md2 = gcry_md_open( DIGEST_ALGO_MD5, 0 )) )
BUG();
}
else if( sig->digest_algo == DIGEST_ALGO_SHA1
&& sig->pubkey_algo == PUBKEY_ALGO_DSA
&& sig->sig_class == 0x01 ) {
/* enable the workaround also for pgp5 when the detached
* signature has been created in textmode */
c->mfx.md2 = md_open( sig->digest_algo, 0 );
if( !(c->mfx.md2 = gcry_md_open( sig->digest_algo, 0 )) )
BUG();
}
/* Here we have another hack to work around a pgp 2 bug
* It works by not using the textmode for detached signatures;

8
g10/mdfilter.c
View file

@ -50,9 +50,9 @@ md_filter( void *opaque, int control,
i = iobuf_read( a, buf, size );
if( i == -1 ) i = 0;
if( i ) {
md_write(mfx->md, buf, i );
gcry_md_write(mfx->md, buf, i );
if( mfx->md2 )
md_write(mfx->md2, buf, i );
gcry_md_write(mfx->md2, buf, i );
}
else
rc = -1; /* eof */
@ -67,8 +67,8 @@ md_filter( void *opaque, int control,
void
free_md_filter_context( md_filter_context_t *mfx )
{
md_close(mfx->md);
md_close(mfx->md2);
gcry_md_close(mfx->md);
gcry_md_close(mfx->md2);
mfx->md = NULL;
mfx->md2 = NULL;
mfx->maxbuf_size = 0;

30
g10/misc.c
View file

@ -31,6 +31,7 @@
#include <sys/time.h>
#include <sys/resource.h>
#endif
#include <gcrypt.h>
#include "util.h"
#include "main.h"
#include "options.h"
@ -265,3 +266,32 @@ map_gcry_rc( int rc )
}
}
/****************
* Wrapper around the libgcrypt function with addional checks on
* openPGP contrainst for the algo ID.
*/
int
openpgp_cipher_test_algo( int algo )
{
if( algo < 0 || algo > 110 )
return GCRYERR_INV_ALGO;
return gcry_cipher_test_algo(algo);
}
int
openpgp_pk_test_algo( int algo )
{
if( algo < 0 || algo > 110 )
return GCRYERR_INV_ALGO;
return gcry_pk_test_algo(algo);
}
int
openpgp_md_test_algo( int algo )
{
if( algo < 0 || algo > 110 )
return GCRYERR_INV_ALGO;
return gcry_md_test_algo(algo);
}

48
g10/openfile.c
View file

@ -39,6 +39,14 @@
#define SKELEXT ".skel"
#endif
#ifdef HAVE_DRIVE_LETTERS
#define CMP_FILENAME(a,b) stricmp( (a), (b) )
#else
#define CMP_FILENAME(a,b) strcmp( (a), (b) )
#endif
/* FIXME: Implement opt.interactive. */
/****************
@ -70,6 +78,7 @@ overwrite_filep( const char *fname )
}
/****************
* Strip know extensions from iname and return a newly allocated
* filename. Return NULL if we can't do that.
@ -82,13 +91,11 @@ make_outfile_name( const char *iname )
if( (!iname || (*iname=='-' && !iname[1]) ))
return m_strdup("-");
#ifdef HAVE_DRIVE_LETTERS
#warning add case insensitive compare
#endif
n = strlen(iname);
if( n > 4 && ( !strcmp(iname+n-4,".gpg")
|| !strcmp(iname+n-4,".sig")
|| !strcmp(iname+n-4,".asc") ) ) {
if( n > 4 && ( !CMP_FILENAME(iname+n-4,".gpg")
|| !CMP_FILENAME(iname+n-4,".pgp")
|| !CMP_FILENAME(iname+n-4,".sig")
|| !CMP_FILENAME(iname+n-4,".asc") ) ) {
char *buf = m_strdup( iname );
buf[n-4] = 0;
return buf;
@ -169,11 +176,33 @@ open_outfile( const char *iname, int mode, IOBUF *a )
name = opt.outfile;
else {
#ifdef USE_ONLY_8DOT3
#warning please implement 8.3 files
#endif
/* It is quite common for DOS system to have only one dot in a
* a filename So if we have something like this, we simple
* replace the suffix execpt in cases where the suffix is
* larger than 3 characters and not the same as.
* We should really map the filenames to 8.3 but this tends to
* be more complicated and is probaly a duty of the filesystem
*/
char *dot;
const char *newsfx = mode==1 ? ".asc" :
mode==2 ? ".sig" : ".gpg";
buf = m_alloc(strlen(iname)+4+1);
strcpy(buf,iname);
dot = strchr(buf, '.' );
if( dot && dot > buf && dot[1] && strlen(dot) <= 4
&& CMP_FILENAME(newsfx, dot) ) {
strcpy(dot, newsfx );
}
else if( dot && !dot[1] ) /* don't duplicate a dot */
strcat( dot, newsfx+1 );
else
strcat( buf, newsfx );
#else
buf = m_alloc(strlen(iname)+4+1);
strcpy(stpcpy(buf,iname), mode==1 ? ".asc" :
mode==2 ? ".sig" : ".gpg");
#endif
name = buf;
}
@ -204,9 +233,6 @@ open_sigfile( const char *iname )
IOBUF a = NULL;
size_t len;
#ifdef USE_ONLY_8DOT3
#warning please implement 8.3 files
#endif
if( iname && !(*iname == '-' && !iname[1]) ) {
len = strlen(iname);
if( len > 4 && ( !strcmp(iname + len - 4, ".sig")

6
g10/packet.h
View file

@ -281,7 +281,7 @@ const byte *parse_sig_subpkt2( PKT_signature *sig,
/*-- build-packet.c --*/
int build_packet( IOBUF inp, PACKET *pkt );
u32 calc_packet_length( PACKET *pkt );
void hash_public_key( MD_HANDLE md, PKT_public_key *pk );
void hash_public_key( GCRY_MD_HD md, PKT_public_key *pk );
void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
const byte *buffer, size_t buflen );
void build_sig_subpkt_from_sig( PKT_signature *sig );
@ -313,7 +313,7 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
/*-- sig-check.c --*/
int signature_check( PKT_signature *sig, MD_HANDLE digest );
int signature_check( PKT_signature *sig, GCRY_MD_HD digest );
/*-- seckey-cert.c --*/
int is_secret_key_protected( PKT_secret_key *sk );
@ -334,7 +334,7 @@ int encrypt_data( PKT_encrypted *ed, DEK *dek );
/*-- plaintext.c --*/
int handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
int nooutput, int clearsig );
int ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
int ask_for_detached_datafile( GCRY_MD_HD md, GCRY_MD_HD md2,
const char *inname, int textmode );
/*-- comment.c --*/

38
g10/passphrase.c
View file

@ -159,14 +159,14 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
tty_printf(_("\nYou need a passphrase to unlock the secret key for\n"
"user: \"") );
p = get_user_id( keyid, &n );
tty_print_string( p, n );
tty_print_utf8_string( p, n );
m_free(p);
tty_printf("\"\n");
if( !get_pubkey( pk, keyid ) ) {
const char *s = pubkey_algo_to_string( pk->pubkey_algo );
tty_printf( _("%u-bit %s key, ID %08lX, created %s"),
nbits_from_pk( pk ), s?s:"?", (ulong)keyid[1],
nbits_from_pk( pk ),
gcry_pk_algo_name( pk->pubkey_algo ), (ulong)keyid[1],
strtimestamp(pk->timestamp) );
if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
&& keyid[1] != keyid[3] )
@ -229,22 +229,24 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
static void
hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
{
MD_HANDLE md;
GCRY_MD_HD md;
int pass, i;
int used = 0;
int pwlen = strlen(pw);
assert( s2k->hash_algo );
dek->keylen = cipher_get_keylen( dek->algo ) / 8;
dek->keylen = gcry_cipher_get_algo_keylen( dek->algo );
if( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) )
BUG();
md = md_open( s2k->hash_algo, 1);
if( !(md = gcry_md_open( s2k->hash_algo, GCRY_MD_FLAG_SECURE )) )
BUG();
for(pass=0; used < dek->keylen ; pass++ ) {
if( pass ) {
md_reset(md);
gcry_md_reset(md);
for(i=0; i < pass; i++ ) /* preset the hash context */
md_putc(md, 0 );
gcry_md_putc(md, 0 );
}
if( s2k->mode == 1 || s2k->mode == 3 ) {
@ -264,28 +266,28 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
}
/* a little bit complicated because we need a ulong for count */
while( count > len2 ) { /* maybe iterated+salted */
md_write( md, s2k->salt, 8 );
md_write( md, pw, pwlen );
gcry_md_write( md, s2k->salt, 8 );
gcry_md_write( md, pw, pwlen );
count -= len2;
}
if( count < 8 )
md_write( md, s2k->salt, count );
gcry_md_write( md, s2k->salt, count );
else {
md_write( md, s2k->salt, 8 );
gcry_md_write( md, s2k->salt, 8 );
count -= 8;
assert( count >= 0 );
md_write( md, pw, count );
gcry_md_write( md, pw, count );
}
}
else
md_write( md, pw, pwlen );
md_final( md );
i = md_digest_length( s2k->hash_algo );
gcry_md_write( md, pw, pwlen );
gcry_md_final( md );
i = gcry_md_get_algo_dlen( s2k->hash_algo );
if( i > dek->keylen - used )
i = dek->keylen - used;
memcpy( dek->key+used, md_read(md, s2k->hash_algo), i );
memcpy( dek->key+used, gcry_md_read(md, s2k->hash_algo), i );
used += i;
}
md_close(md);
gcry_md_close(md);
}

13
g10/pkclist.c
View file

@ -27,6 +27,7 @@
#include "options.h"
#include "packet.h"
#include "main.h"
#include "errors.h"
#include "keydb.h"
#include "memory.h"
@ -149,7 +150,7 @@ show_paths( ulong lid, int only_first )
putchar(' ');
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
tty_print_utf8_string( p, n ),
m_free(p);
tty_printf("\"\n");
free_public_key( pk );
@ -194,7 +195,7 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help )
for(;;) {
/* a string with valid answers */
char *ans = _("sSmMqQ");
const char *ans = _("sSmMqQ");
if( !did_help ) {
if( !mode ) {
@ -203,7 +204,7 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help )
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1], datestr_from_pk( pk ) );
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
tty_print_utf8_string( p, n ),
m_free(p);
tty_printf("\"\n");
print_fpr( pk );
@ -460,7 +461,7 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel )
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1], datestr_from_pk( pk ) );
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
tty_print_utf8_string( p, n ),
m_free(p);
tty_printf("\"\n");
print_fpr( pk );
@ -908,10 +909,10 @@ algo_available( int preftype, int algo )
if( preftype == PREFTYPE_SYM ) {
if( algo == CIPHER_ALGO_TWOFISH )
return 0; /* we don't want to generate Twofish messages for now*/
return algo && !check_cipher_algo( algo );
return algo && !openpgp_cipher_test_algo( algo );
}
else if( preftype == PREFTYPE_HASH ) {
return algo && !check_digest_algo( algo );
return algo && !openpgp_md_test_algo( algo );
}
else if( preftype == PREFTYPE_COMPR ) {
return !algo || algo == 1 || algo == 2;

42
g10/plaintext.c
View file

@ -106,7 +106,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
goto leave;
}
if( mfx->md )
md_putc(mfx->md, c );
gcry_md_putc(mfx->md, c );
if( c == '\r' )
continue; /* fixme: this hack might be too simple */
if( fp ) {
@ -132,7 +132,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
goto leave;
}
if( mfx->md )
md_write( mfx->md, buffer, len );
gcry_md_write( mfx->md, buffer, len );
if( fp ) {
if( fwrite( buffer, 1, len, fp ) != len ) {
log_error("Error writing to `%s': %s\n",
@ -151,7 +151,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
if( convert ) { /* text mode */
while( (c = iobuf_get(pt->buf)) != -1 ) {
if( mfx->md )
md_putc(mfx->md, c );
gcry_md_putc(mfx->md, c );
if( convert && c == '\r' )
continue; /* fixme: this hack might be too simple */
if( fp ) {
@ -180,7 +180,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
if( len < 32768 )
eof = 1;
if( mfx->md )
md_write( mfx->md, buffer, len );
gcry_md_write( mfx->md, buffer, len );
if( fp ) {
if( fwrite( buffer, 1, len, fp ) != len ) {
log_error("Error writing to `%s': %s\n",
@ -210,26 +210,26 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
if( !mfx->md )
continue;
if( state == 2 ) {
md_putc(mfx->md, '\r' );
md_putc(mfx->md, '\n' );
gcry_md_putc(mfx->md, '\r' );
gcry_md_putc(mfx->md, '\n' );
state = 0;
}
if( !state ) {
if( c == '\r' )
state = 1;
else
md_putc(mfx->md, c );
gcry_md_putc(mfx->md, c );
}
else if( state == 1 ) {
if( c == '\n' )
state = 2;
else {
md_putc(mfx->md, '\r' );
gcry_md_putc(mfx->md, '\r' );
if( c == '\r' )
state = 1;
else {
state = 0;
md_putc(mfx->md, c );
gcry_md_putc(mfx->md, c );
}
}
}
@ -253,7 +253,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
}
static void
do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode )
do_hash( GCRY_MD_HD md, GCRY_MD_HD md2, IOBUF fp, int textmode )
{
text_filter_context_t tfx;
int c;
@ -267,27 +267,27 @@ do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode )
int lc = -1;
while( (c = iobuf_get(fp)) != -1 ) {
if( c == '\n' && lc == '\r' )
md_putc(md2, c);
gcry_md_putc(md2, c);
else if( c == '\n' ) {
md_putc(md2, '\r');
md_putc(md2, c);
gcry_md_putc(md2, '\r');
gcry_md_putc(md2, c);
}
else if( c != '\n' && lc == '\r' ) {
md_putc(md2, '\n');
md_putc(md2, c);
gcry_md_putc(md2, '\n');
gcry_md_putc(md2, c);
}
else
md_putc(md2, c);
gcry_md_putc(md2, c);
if( md )
md_putc(md, c );
gcry_md_putc(md, c );
lc = c;
}
}
else {
while( (c = iobuf_get(fp)) != -1 ) {
if( md )
md_putc(md, c );
gcry_md_putc(md, c );
}
}
}
@ -298,7 +298,7 @@ do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode )
* INFILE is the name of the input file.
*/
int
ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
ask_for_detached_datafile( GCRY_MD_HD md, GCRY_MD_HD md2,
const char *inname, int textmode )
{
char *answer = NULL;
@ -308,7 +308,7 @@ ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
fp = open_sigfile( inname ); /* open default file */
if( !fp && !opt.batch ) {
int any=0;
tty_printf("Detached signature.\n");
tty_printf(_("Detached signature.\n"));
do {
m_free(answer);
answer = cpr_get("detached_signature.filename",
@ -353,7 +353,7 @@ ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
* If FILES is NULL, hash stdin.
*/
int
hash_datafiles( MD_HANDLE md, MD_HANDLE md2, STRLIST files,
hash_datafiles( GCRY_MD_HD md, GCRY_MD_HD md2, STRLIST files,
const char *sigfilename, int textmode )
{
IOBUF fp;

5
g10/pubkey-enc.c
View file

@ -26,6 +26,7 @@
#include "util.h"
#include "memory.h"
#include "packet.h"
#include "main.h"
#include "mpi.h"
#include "keydb.h"
#include "trustdb.h"
@ -150,12 +151,12 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid )
dek->algo = frame[n++];
if( dek->algo == CIPHER_ALGO_IDEA )
write_status(STATUS_RSA_OR_IDEA);
rc = check_cipher_algo( dek->algo );
rc = openpgp_cipher_test_algo( dek->algo );
if( rc ) {
dek->algo = 0;
goto leave;
}
if( (dek->keylen*8) != cipher_get_keylen( dek->algo ) ) {
if( dek->keylen != gcry_cipher_get_algo_keylen( dek->algo ) ) {
rc = G10ERR_WRONG_SECKEY;
goto leave;
}

6
g10/revoke.c
View file

@ -113,7 +113,7 @@ gen_revoke( const char *uname )
{
size_t n;
char *p = get_user_id( sk_keyid, &n );
tty_print_string( p, n );
tty_print_utf8_string( p, n );
m_free(p);
tty_printf("\n");
}
@ -243,8 +243,8 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node, PKT_signature *sig ) ) {
}
tty_printf(_("user ID: \""));
tty_print_string( unode->pkt->pkt.user_id->name,
unode->pkt->pkt.user_id->len, 0 );
tty_print_utf8_string( unode->pkt->pkt.user_id->name,
unode->pkt->pkt.user_id->len, 0 );
tty_printf(_("\"\nsigned with your key %08lX at %s\n"),
sig->keyid[1], datestr_from_sig(sig) );

2
g10/ringedit.c
View file

@ -737,7 +737,9 @@ enum_keyblocks( int mode, KBPOS *kbpos, KBNODE *ret_root )
if( !mode || mode == 5 || mode == 100 ) {
int i;
kbpos->fp = NULL;
kbpos->rt = rt_UNKNOWN;
if( !mode ) {
kbpos->secret = 0;
i = 0;

78
g10/seckey-cert.c
View file

@ -23,12 +23,13 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <gcrypt.h>
#include "util.h"
#include "memory.h"
#include "packet.h"
#include "mpi.h"
#include "keydb.h"
#include "cipher.h"
#include "main.h"
#include "options.h"
#include "i18n.h"
@ -46,12 +47,12 @@ do_check( PKT_secret_key *sk )
if( sk->is_protected ) { /* remove the protection */
DEK *dek = NULL;
u32 keyid[4]; /* 4! because we need two of them */
CIPHER_HANDLE cipher_hd=NULL;
GCRY_CIPHER_HD cipher_hd=NULL;
PKT_secret_key *save_sk;
if( sk->protect.algo == CIPHER_ALGO_NONE )
if( sk->protect.algo == GCRY_CIPHER_NONE )
BUG();
if( check_cipher_algo( sk->protect.algo ) ) {
if( openpgp_cipher_test_algo( sk->protect.algo ) ) {
log_info(_("protection algorithm %d is not supported\n"),
sk->protect.algo );
return G10ERR_CIPHER_ALGO;
@ -66,12 +67,21 @@ do_check( PKT_secret_key *sk )
}
dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo,
&sk->protect.s2k, 0 );
cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen );
if( !(cipher_hd = gcry_cipher_open( sk->protect.algo,
GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (sk->protect.algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) ) )
) {
BUG();
}
if( gcry_cipher_setkey( cipher_hd, dek->key, dek->keylen ) )
log_fatal("set key failed: %s\n", gcry_strerror(-1) );
m_free(dek);
save_sk = copy_secret_key( NULL, sk );
cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
if( gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ))
log_fatal("set IV failed: %s\n", gcry_strerror(-1) );
csum = 0;
if( sk->version >= 4 ) {
int ndata;
@ -81,7 +91,7 @@ do_check( PKT_secret_key *sk )
assert( mpi_is_opaque( sk->skey[i] ) );
p = mpi_get_opaque( sk->skey[i], &ndata );
data = m_alloc_secure( ndata );
cipher_decrypt( cipher_hd, data, p, ndata );
gcry_cipher_decrypt( cipher_hd, data, ndata, p, ndata );
mpi_free( sk->skey[i] ); sk->skey[i] = NULL ;
p = data;
if( ndata < 2 ) {
@ -109,9 +119,9 @@ do_check( PKT_secret_key *sk )
for(i=pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
gcry_cipher_sync( cipher_hd );
assert( mpi_is_protected(sk->skey[i]) );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
gcry_cipher_decrypt( cipher_hd, buffer, nbytes, NULL, 0 );
mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
mpi_clear_protect_flag( sk->skey[i] );
csum += checksum_mpi( sk->skey[i] );
@ -121,7 +131,7 @@ do_check( PKT_secret_key *sk )
csum = sk->csum;
}
}
cipher_close( cipher_hd );
gcry_cipher_close( cipher_hd );
/* now let's see whether we have used the right passphrase */
if( csum != sk->csum ) {
copy_secret_key( sk, save_sk );
@ -215,23 +225,41 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
return 0;
if( !sk->is_protected ) { /* okay, apply the protection */
CIPHER_HANDLE cipher_hd=NULL;
GCRY_CIPHER_HD cipher_hd=NULL;
if( check_cipher_algo( sk->protect.algo ) )
if( openpgp_cipher_test_algo( sk->protect.algo ) )
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
else {
print_cipher_algo_note( sk->protect.algo );
cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1 );
if( cipher_setkey( cipher_hd, dek->key, dek->keylen ) )
if( !(cipher_hd = gcry_cipher_open( sk->protect.algo,
GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (sk->protect.algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) ))
) {
BUG();
}
rc = gcry_cipher_setkey( cipher_hd, dek->key, dek->keylen );
if( rc == GCRYERR_WEAK_KEY ) {
log_info(_("WARNING: Weak key detected"
" - please change passphrase again.\n"));
sk->protect.ivlen = cipher_get_blocksize( sk->protect.algo );
rc = 0;
}
else if( rc )
BUG();
/* set the IV length */
{ int blocksize = gcry_cipher_get_algo_blklen( sk->protect.algo );
if( blocksize != 8 && blocksize != 16 )
log_fatal("unsupported blocksize %d\n", blocksize );
sk->protect.ivlen = blocksize;
}
assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
BUG(); /* yes, we are very careful */
randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1);
cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
if( sk->version >= 4 ) {
#define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY)
byte *bufarr[NMPIS];
@ -267,7 +295,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
*p++ = csum >> 8;
*p++ = csum;
assert( p == data+ndata );
cipher_encrypt( cipher_hd, data, data, ndata );
gcry_cipher_encrypt( cipher_hd, data, ndata, NULL, 0 );
for(i = pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
mpi_free( sk->skey[i] );
@ -284,9 +312,9 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
csum += checksum_mpi_counted_nbits( sk->skey[i] );
buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
gcry_cipher_sync( cipher_hd );
assert( !mpi_is_protected(sk->skey[i]) );
cipher_encrypt( cipher_hd, buffer, buffer, nbytes );
gcry_cipher_encrypt( cipher_hd, buffer, nbytes, NULL, 0 );
mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
mpi_set_protect_flag( sk->skey[i] );
m_free( buffer );
@ -294,7 +322,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
sk->csum = csum;
}
sk->is_protected = 1;
cipher_close( cipher_hd );
gcry_cipher_close( cipher_hd );
}
}
return rc;

61
g10/seskey.c
View file

@ -23,6 +23,8 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <gcrypt.h>
#include "util.h"
#include "cipher.h"
#include "mpi.h"
@ -36,19 +38,28 @@
void
make_session_key( DEK *dek )
{
CIPHER_HANDLE chd;
GCRY_CIPHER_HD chd;
int i, rc;
dek->keylen = cipher_get_keylen( dek->algo ) / 8;
dek->keylen = gcry_cipher_get_algo_keylen( dek->algo );
if( !(chd = gcry_cipher_open( dek->algo, GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) ))
) {
BUG();
}
chd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
randomize_buffer( dek->key, dek->keylen, 1 );
for(i=0; i < 16; i++ ) {
rc = cipher_setkey( chd, dek->key, dek->keylen );
rc = gcry_cipher_setkey( chd, dek->key, dek->keylen );
if( !rc ) {
cipher_close( chd );
gcry_cipher_close( chd );
return;
}
if( rc != GCRYERR_WEAK_KEY )
BUG();
log_info(_("weak key created - retrying\n") );
/* Renew the session key until we get a non-weak key. */
randomize_buffer( dek->key, dek->keylen, 1 );
@ -141,8 +152,8 @@ encode_session_key( DEK *dek, unsigned nbits )
static MPI
do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
const byte *asn, size_t asnlen )
do_encode_md( GCRY_MD_HD md, int algo, size_t len, unsigned nbits,
const byte *asn, size_t asnlen )
{
int nframe = (nbits+7) / 8;
byte *frame;
@ -159,7 +170,8 @@ do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
*
* PAD consists of FF bytes.
*/
frame = md_is_secure(md)? m_alloc_secure( nframe ) : m_alloc( nframe );
frame = gcry_md_is_secure(md)? m_alloc_secure( nframe )
: m_alloc( nframe );
n = 0;
frame[n++] = 0;
frame[n++] = algo;
@ -168,9 +180,9 @@ do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
memset( frame+n, 0xff, i ); n += i;
frame[n++] = 0;
memcpy( frame+n, asn, asnlen ); n += asnlen;
memcpy( frame+n, md_read(md, algo), len ); n += len;
memcpy( frame+n, gcry_md_read(md, algo), len ); n += len;
assert( n == nframe );
a = md_is_secure(md)?
a = gcry_md_is_secure(md)?
mpi_alloc_secure( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB )
: mpi_alloc( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB );
mpi_set_buffer( a, frame, nframe, 0 );
@ -180,24 +192,33 @@ do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
MPI
encode_md_value( int pubkey_algo, MD_HANDLE md, int hash_algo, unsigned nbits )
encode_md_value( int pubkey_algo, GCRY_MD_HD md, int hash_algo, unsigned nbits )
{
int algo = hash_algo? hash_algo : md_get_algo(md);
const byte *asn;
size_t asnlen, mdlen;
int algo = hash_algo? hash_algo : gcry_md_get_algo(md);
MPI frame;
if( pubkey_algo == PUBKEY_ALGO_DSA ) {
frame = md_is_secure(md)? mpi_alloc_secure((md_digest_length(hash_algo)
frame = gcry_md_is_secure(md)? mpi_alloc_secure(
(gcry_md_get_algo_dlen(hash_algo)
+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB )
: mpi_alloc((md_digest_length(hash_algo)
: mpi_alloc((gcry_md_get_algo_dlen(hash_algo)
+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB );
mpi_set_buffer( frame, md_read(md, hash_algo),
md_digest_length(hash_algo), 0 );
mpi_set_buffer( frame, gcry_md_read(md, hash_algo),
gcry_md_get_algo_dlen(hash_algo), 0 );
}
else {
asn = md_asn_oid( algo, &asnlen, &mdlen );
frame = do_encode_md( md, algo, mdlen, nbits, asn, asnlen );
byte *asn;
size_t asnlen;
if( gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, NULL, &asnlen ) )
log_fatal("can't get OID of algo %d: %s\n",
algo, gcry_strerror(-1));
asn = m_alloc( asnlen );
if( gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, asn, &asnlen ) )
BUG();
frame = do_encode_md( md, algo, gcry_md_get_algo_dlen( algo ),
nbits, asn, asnlen );
m_free( asn );
}
return frame;
}

130
g10/sig-check.c
View file

@ -23,42 +23,43 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <gcrypt.h>
#include "util.h"
#include "packet.h"
#include "memory.h"
#include "mpi.h"
#include "keydb.h"
#include "cipher.h"
#include "main.h"
#include "status.h"
#include "i18n.h"
struct cmp_help_context_s {
PKT_signature *sig;
MD_HANDLE md;
GCRY_MD_HD md;
};
static int do_signature_check( PKT_signature *sig, MD_HANDLE digest,
static int do_signature_check( PKT_signature *sig, GCRY_MD_HD digest,
u32 *r_expire );
static int do_check( PKT_public_key *pk, PKT_signature *sig,
MD_HANDLE digest );
GCRY_MD_HD digest );
/****************
* Check the signature which is contained in SIG.
* The MD_HANDLE should be currently open, so that this function
* The GCRY_MD_HD should be currently open, so that this function
* is able to append some data, before finalizing the digest.
*/
int
signature_check( PKT_signature *sig, MD_HANDLE digest )
signature_check( PKT_signature *sig, GCRY_MD_HD digest )
{
u32 dummy;
return do_signature_check( sig, digest, &dummy );
}
static int
do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
do_signature_check( PKT_signature *sig, GCRY_MD_HD digest, u32 *r_expire )
{
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0;
@ -84,36 +85,37 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
* not possible to sign more than one identical document within
* one second. Some remote bacth processing applications might
* like this feature here */
MD_HANDLE md;
GCRY_MD_HD md;
u32 a = sig->timestamp;
int i, nsig = pubkey_get_nsig( sig->pubkey_algo );
byte *p, *buffer;
md = md_open( DIGEST_ALGO_RMD160, 0);
md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo );
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
if( !(md = gcry_md_open( DIGEST_ALGO_RMD160, 0)) )
BUG();
gcry_md_putc( digest, sig->pubkey_algo );
gcry_md_putc( digest, sig->digest_algo );
gcry_md_putc( digest, (a >> 24) & 0xff );
gcry_md_putc( digest, (a >> 16) & 0xff );
gcry_md_putc( digest, (a >> 8) & 0xff );
gcry_md_putc( digest, a & 0xff );
for(i=0; i < nsig; i++ ) {
unsigned n = mpi_get_nbits( sig->data[i]);
md_putc( md, n>>8);
md_putc( md, n );
gcry_md_putc( md, n>>8);
gcry_md_putc( md, n );
p = mpi_get_buffer( sig->data[i], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(p);
}
md_final( md );
p = make_radix64_string( md_read( md, 0 ), 20 );
gcry_md_final( md );
p = make_radix64_string( gcry_md_read( md, 0 ), 20 );
buffer = m_alloc( strlen(p) + 60 );
sprintf( buffer, "%s %s %lu",
p, strtimestamp( sig->timestamp ), (ulong)sig->timestamp );
write_status_text( STATUS_SIG_ID, buffer );
m_free(buffer);
m_free(p);
md_close(md);
gcry_md_close(md);
}
return rc;
@ -123,11 +125,11 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
#if 0 /* not anymore used */
/****************
* Check the MDC which is contained in SIG.
* The MD_HANDLE should be currently open, so that this function
* The GCRY_MD_HD should be currently open, so that this function
* is able to append some data, before finalizing the digest.
*/
int
mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest )
mdc_kludge_check( PKT_signature *sig, GCRY_MD_HD digest )
{
int rc=0;
@ -139,23 +141,23 @@ mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest )
/* complete the digest */
if( sig->version >= 4 )
md_putc( digest, sig->version );
md_putc( digest, sig->sig_class );
gcry_md_putc( digest, sig->version );
gcry_md_putc( digest, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
gcry_md_putc( digest, (a >> 24) & 0xff );
gcry_md_putc( digest, (a >> 16) & 0xff );
gcry_md_putc( digest, (a >> 8) & 0xff );
gcry_md_putc( digest, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo );
gcry_md_putc( digest, sig->pubkey_algo );
gcry_md_putc( digest, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( digest, sig->hashed_data, n+2 );
gcry_md_write( digest, sig->hashed_data, n+2 );
n += 6;
}
else
@ -167,7 +169,7 @@ mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest )
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( digest, buf, 6 );
gcry_md_write( digest, buf, 6 );
}
md_final( digest );
@ -221,7 +223,7 @@ cmp_help( void *opaque, MPI result )
size_t mdlen, asnlen;
struct cmp_help_context_s *ctx = opaque;
PKT_signature *sig = ctx->sig;
MD_HANDLE digest = ctx->md;
GCRY_MD_HD digest = ctx->md;
old_enc = 0;
for(i=j=0; (c=mpi_getbyte(result, i)) != -1; i++ ) {
@ -284,7 +286,7 @@ cmp_help( void *opaque, MPI result )
static int
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
do_check( PKT_public_key *pk, PKT_signature *sig, GCRY_MD_HD digest )
{
MPI result = NULL;
int rc=0;
@ -323,33 +325,33 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
}
if( (rc=check_digest_algo(sig->digest_algo)) )
if( (rc=openpgp_md_test_algo(sig->digest_algo)) )
return rc;
if( (rc=check_pubkey_algo(sig->pubkey_algo)) )
if( (rc=openpgp_pk_test_algo(sig->pubkey_algo)) )
return rc;
/* make sure the digest algo is enabled (in case of a detached signature)*/
md_enable( digest, sig->digest_algo );
gcry_md_enable( digest, sig->digest_algo );
/* complete the digest */
if( sig->version >= 4 )
md_putc( digest, sig->version );
md_putc( digest, sig->sig_class );
gcry_md_putc( digest, sig->version );
gcry_md_putc( digest, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
gcry_md_putc( digest, (a >> 24) & 0xff );
gcry_md_putc( digest, (a >> 16) & 0xff );
gcry_md_putc( digest, (a >> 8) & 0xff );
gcry_md_putc( digest, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo );
gcry_md_putc( digest, sig->pubkey_algo );
gcry_md_putc( digest, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( digest, sig->hashed_data, n+2 );
gcry_md_write( digest, sig->hashed_data, n+2 );
n += 6;
}
else
@ -361,9 +363,9 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( digest, buf, 6 );
gcry_md_write( digest, buf, 6 );
}
md_final( digest );
gcry_md_final( digest );
result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
mpi_get_nbits(pk->pkey[0]));
@ -385,7 +387,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
static void
hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig )
hash_uid_node( KBNODE unode, GCRY_MD_HD md, PKT_signature *sig )
{
PKT_user_id *uid = unode->pkt->pkt.user_id;
@ -397,9 +399,9 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig )
buf[2] = uid->len >> 16;
buf[3] = uid->len >> 8;
buf[4] = uid->len;
md_write( md, buf, 5 );
gcry_md_write( md, buf, 5 );
}
md_write( md, uid->name, uid->len );
gcry_md_write( md, uid->name, uid->len );
}
/****************
@ -417,7 +419,7 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
int
check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
{
MD_HANDLE md;
GCRY_MD_HD md;
PKT_public_key *pk;
PKT_signature *sig;
int algo;
@ -439,24 +441,26 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
sig->flags.valid? "good":"bad" );
#endif
if( (rc=check_digest_algo(algo)) )
if( (rc=openpgp_md_test_algo(algo)) )
return rc;
if( sig->sig_class == 0x20 ) {
md = md_open( algo, 0 );
if( !(md = gcry_md_open( algo, 0 )) )
BUG();
hash_public_key( md, pk );
rc = do_check( pk, sig, md );
md_close(md);
gcry_md_close(md);
}
else if( sig->sig_class == 0x28 ) { /* subkey revocation */
KBNODE snode = find_prev_kbnode( root, node, PKT_PUBLIC_SUBKEY );
if( snode ) {
md = md_open( algo, 0 );
if( !(md = gcry_md_open( algo, 0 )) )
BUG();
hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md );
md_close(md);
gcry_md_close(md);
}
else {
log_error("no subkey for subkey revocation packet\n");
@ -474,11 +478,12 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
*is_selfsig = 1;
}
md = md_open( algo, 0 );
if( !(md = gcry_md_open( algo, 0 )) )
BUG();
hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md );
md_close(md);
gcry_md_close(md);
}
else {
log_error("no subkey for key signature packet\n");
@ -492,7 +497,8 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
u32 keyid[2];
keyid_from_pk( pk, keyid );
md = md_open( algo, 0 );
if( !(md = gcry_md_open( algo, 0 )) )
BUG();
hash_public_key( md, pk );
hash_uid_node( unode, md, sig );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
@ -502,7 +508,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
}
else
rc = do_signature_check( sig, md, r_expire );
md_close(md);
gcry_md_close(md);
}
else {
log_error("no user ID for key signature packet\n");

149
g10/sign.c
View file

@ -25,6 +25,7 @@
#include <errno.h>
#include <assert.h>
#include <gcrypt.h>
#include "options.h"
#include "packet.h"
#include "errors.h"
@ -94,7 +95,7 @@ mk_notation_and_policy( PKT_signature *sig )
static int
do_sign( PKT_secret_key *sk, PKT_signature *sig,
MD_HANDLE md, int digest_algo )
GCRY_MD_HD md, int digest_algo )
{
MPI frame;
byte *dp;
@ -113,10 +114,10 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
print_pubkey_algo_note(sk->pubkey_algo);
if( !digest_algo )
digest_algo = md_get_algo(md);
digest_algo = gcry_md_get_algo(md);
print_digest_algo_note( digest_algo );
dp = md_read( md, digest_algo );
dp = gcry_md_read( md, digest_algo );
sig->digest_algo = digest_algo;
sig->digest_start[0] = dp[0];
sig->digest_start[1] = dp[1];
@ -130,7 +131,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
if( opt.verbose ) {
char *ustr = get_user_id_string( sig->keyid );
log_info(_("%s signature from: %s\n"),
pubkey_algo_to_string(sk->pubkey_algo), ustr );
gcry_pk_algo_name(sk->pubkey_algo), ustr );
m_free(ustr);
}
}
@ -140,7 +141,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
int
complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md )
complete_sig( PKT_signature *sig, PKT_secret_key *sk, GCRY_MD_HD md )
{
int rc=0;
@ -273,11 +274,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
/* prepare to calculate the MD over the input */
if( opt.textmode && !outfile )
iobuf_push_filter( inp, text_filter, &tfx );
mfx.md = md_open(0, 0);
if( !(mfx.md = gcry_md_open(0, 0)))
BUG();
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
md_enable(mfx.md, hash_for(sk->pubkey_algo));
gcry_md_enable(mfx.md, hash_for(sk->pubkey_algo));
}
if( !multifile )
@ -448,7 +450,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk;
PKT_signature *sig;
MD_HANDLE md;
GCRY_MD_HD md;
sk = sk_rover->sk;
@ -462,37 +464,37 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
sig->timestamp = make_timestamp();
sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00;
md = md_copy( mfx.md );
md = gcry_md_copy( mfx.md );
if( sig->version >= 4 ) {
build_sig_subpkt_from_sig( sig );
md_putc( md, sig->version );
gcry_md_putc( md, sig->version );
}
mk_notation_and_policy( sig );
md_putc( md, sig->sig_class );
gcry_md_putc( md, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( md, (a >> 24) & 0xff );
md_putc( md, (a >> 16) & 0xff );
md_putc( md, (a >> 8) & 0xff );
md_putc( md, a & 0xff );
gcry_md_putc( md, (a >> 24) & 0xff );
gcry_md_putc( md, (a >> 16) & 0xff );
gcry_md_putc( md, (a >> 8) & 0xff );
gcry_md_putc( md, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo );
gcry_md_putc( md, sig->pubkey_algo );
gcry_md_putc( md, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( md, sig->hashed_data, n+2 );
gcry_md_write( md, sig->hashed_data, n+2 );
n += 6;
}
else {
md_putc( md, 0 ); /* always hash the length of the subpacket*/
md_putc( md, 0 );
gcry_md_putc( md, 0 ); /* always hash the length of the subpacket*/
gcry_md_putc( md, 0 );
n = 6;
}
/* add some magic */
@ -502,13 +504,13 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( md, buf, 6 );
gcry_md_write( md, buf, 6 );
}
md_final( md );
gcry_md_final( md );
rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
md_close( md );
gcry_md_close( md );
if( !rc ) { /* and write it */
init_packet(&pkt);
@ -530,7 +532,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
else
iobuf_close(out);
iobuf_close(inp);
md_close( mfx.md );
gcry_md_close( mfx.md );
release_sk_list( sk_list );
release_pk_list( pk_list );
return rc;
@ -545,7 +547,7 @@ int
clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
{
armor_filter_context_t afx;
MD_HANDLE textmd = NULL;
GCRY_MD_HD textmd = NULL;
IOBUF inp = NULL, out = NULL;
PACKET pkt;
int rc = 0;
@ -594,21 +596,26 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
}
}
if( old_style || only_md5 )
if( old_style && only_md5 )
iobuf_writestr(out, "\n" );
else {
const char *s;
int any = 0;
byte hashs_seen[256];
memset( hashs_seen, 0, sizeof hashs_seen );
iobuf_writestr(out, "Hash: " );
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
s = digest_algo_to_string( hash_for(sk->pubkey_algo) );
if( s ) {
if( any )
iobuf_put(out, ',' );
iobuf_writestr(out, s );
any = 1;
int i = hash_for(sk->pubkey_algo);
if( !hashs_seen[ i & 0xff ] ) {
if( !openpgp_md_test_algo( i ) ) {
hashs_seen[ i & 0xff ] = 1;
if( any )
iobuf_put(out, ',' );
iobuf_writestr(out, gcry_md_algo_name( i ) );
any = 1;
}
}
}
assert(any);
@ -620,10 +627,11 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
}
textmd = md_open(0, 0);
if( !(textmd = gcry_md_open(0, 0)) )
BUG();
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
md_enable(textmd, hash_for(sk->pubkey_algo));
gcry_md_enable(textmd, hash_for(sk->pubkey_algo));
}
/*md_start_debug( textmd, "sign" );*/
copy_clearsig_text( out, inp, textmd,
@ -638,7 +646,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk;
PKT_signature *sig;
MD_HANDLE md;
GCRY_MD_HD md;
sk = sk_rover->sk;
@ -652,36 +660,36 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
sig->timestamp = make_timestamp();
sig->sig_class = 0x01;
md = md_copy( textmd );
md = gcry_md_copy( textmd );
if( sig->version >= 4 ) {
build_sig_subpkt_from_sig( sig );
md_putc( md, sig->version );
gcry_md_putc( md, sig->version );
}
mk_notation_and_policy( sig );
md_putc( md, sig->sig_class );
gcry_md_putc( md, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( md, (a >> 24) & 0xff );
md_putc( md, (a >> 16) & 0xff );
md_putc( md, (a >> 8) & 0xff );
md_putc( md, a & 0xff );
gcry_md_putc( md, (a >> 24) & 0xff );
gcry_md_putc( md, (a >> 16) & 0xff );
gcry_md_putc( md, (a >> 8) & 0xff );
gcry_md_putc( md, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo );
gcry_md_putc( md, sig->pubkey_algo );
gcry_md_putc( md, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( md, sig->hashed_data, n+2 );
gcry_md_write( md, sig->hashed_data, n+2 );
n += 6;
}
else {
md_putc( md, 0 ); /* always hash the length of the subpacket*/
md_putc( md, 0 );
gcry_md_putc( md, 0 ); /* always hash the length of the subpacket*/
gcry_md_putc( md, 0 );
n = 6;
}
/* add some magic */
@ -691,13 +699,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( md, buf, 6 );
gcry_md_write( md, buf, 6 );
}
md_final( md );
gcry_md_final( md );
rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
md_close( md );
gcry_md_close( md );
if( !rc ) { /* and write it */
init_packet(&pkt);
@ -719,7 +727,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
else
iobuf_close(out);
iobuf_close(inp);
md_close( textmd );
gcry_md_close( textmd );
release_sk_list( sk_list );
return rc;
}
@ -741,7 +749,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
{
PKT_signature *sig;
int rc=0;
MD_HANDLE md;
GCRY_MD_HD md;
assert( (sigclass >= 0x10 && sigclass <= 0x13)
|| sigclass == 0x20 || sigclass == 0x18
@ -754,7 +762,8 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
default: digest_algo = DIGEST_ALGO_RMD160; break;
}
}
md = md_open( digest_algo, 0 );
if( !(md = gcry_md_open( digest_algo, 0 )))
BUG();
/* hash the public key certificate and the user id */
hash_public_key( md, pk );
@ -769,9 +778,9 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
buf[2] = uid->len >> 16;
buf[3] = uid->len >> 8;
buf[4] = uid->len;
md_write( md, buf, 5 );
gcry_md_write( md, buf, 5 );
}
md_write( md, uid->name, uid->len );
gcry_md_write( md, uid->name, uid->len );
}
/* and make the signature packet */
sig = m_alloc_clear( sizeof *sig );
@ -790,29 +799,29 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
if( !rc ) {
mk_notation_and_policy( sig );
if( sig->version >= 4 )
md_putc( md, sig->version );
md_putc( md, sig->sig_class );
gcry_md_putc( md, sig->version );
gcry_md_putc( md, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( md, (a >> 24) & 0xff );
md_putc( md, (a >> 16) & 0xff );
md_putc( md, (a >> 8) & 0xff );
md_putc( md, a & 0xff );
gcry_md_putc( md, (a >> 24) & 0xff );
gcry_md_putc( md, (a >> 16) & 0xff );
gcry_md_putc( md, (a >> 8) & 0xff );
gcry_md_putc( md, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo );
gcry_md_putc( md, sig->pubkey_algo );
gcry_md_putc( md, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( md, sig->hashed_data, n+2 );
gcry_md_write( md, sig->hashed_data, n+2 );
n += 6;
}
else {
md_putc( md, 0 ); /* always hash the length of the subpacket*/
md_putc( md, 0 );
gcry_md_putc( md, 0 ); /* always hash the length of the subpacket*/
gcry_md_putc( md, 0 );
n = 6;
}
/* add some magic */
@ -822,15 +831,15 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( md, buf, 6 );
gcry_md_write( md, buf, 6 );
}
md_final(md);
gcry_md_final(md);
rc = complete_sig( sig, sk, md );
}
md_close( md );
gcry_md_close( md );
if( rc )
free_seckey_enc( sig );
else

13
g10/textfilter.c
View file

@ -25,6 +25,7 @@
#include <errno.h>
#include <assert.h>
#include <gcrypt.h>
#include "errors.h"
#include "iobuf.h"
#include "memory.h"
@ -141,7 +142,7 @@ text_filter( void *opaque, int control,
* md is updated as required by rfc2440
*/
int
copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
copy_clearsig_text( IOBUF out, IOBUF inp, GCRY_MD_HD md,
int escape_dash, int escape_from, int pgp2mode )
{
unsigned maxlen;
@ -166,15 +167,15 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
/* update the message digest */
if( escape_dash ) {
if( pending_lf ) {
md_putc( md, '\r' );
md_putc( md, '\n' );
gcry_md_putc( md, '\r' );
gcry_md_putc( md, '\n' );
}
md_write( md, buffer,
gcry_md_write( md, buffer,
len_without_trailing_chars( buffer, n,
pgp2mode? " \r\n":" \t\r\n"));
}
else
md_write( md, buffer, n );
gcry_md_write( md, buffer, n );
pending_lf = buffer[n-1] == '\n';
/* write the output */
@ -190,7 +191,7 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
if( !pending_lf ) { /* make sure that the file ends with a LF */
iobuf_put( out, '\n');
if( !escape_dash )
md_putc( md, '\n' );
gcry_md_putc( md, '\n' );
}
if( truncated )

8
g10/trustdb.c
View file

@ -586,13 +586,13 @@ print_user_id( FILE *fp, const char *text, u32 *keyid )
p = get_user_id( keyid, &n );
if( fp ) {
fprintf( fp, "%s \"", text );
print_string( fp, p, n, 0 );
print_utf8_string( fp, p, n );
putc('\"', fp);
putc('\n', fp);
}
else {
tty_printf( "%s \"", text );
tty_print_string( p, n );
tty_print_utf8_string( p, n );
tty_printf( "\"\n" );
}
m_free(p);
@ -652,7 +652,7 @@ print_path( int pathlen, TN ME .........., FILE *fp, ulong highlight )
p = get_user_id( keyid, &n );
putc(' ', fp);
putc('\"', fp);
print_string( fp, p, n > 40? 40:n, 0 );
print_utf8_string( fp, p, n > 40? 40:n, 0 );
putc('\"', fp);
m_free(p);
putc('\n', fp );
@ -1000,7 +1000,7 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid,
(ulong)mainkid[1], lid );
assert(keynode->pkt->pkttype == PKT_USER_ID );
uid = keynode->pkt->pkt.user_id;
print_string( log_stream(), uid->name, uid->len, '\"' );
print_utf8_string( log_stream(), uid->name, uid->len );
fputs("\"\n", log_stream());
}