* g10/build-packet.c (do_secret_key): Check for NULL return from
gcry_mpi_get_opaque.
* g10/keyid.c (hash_public_key): Ditto.
--
This is a backport of 76c8122adf from
master to the STABLE-BRANCH-1-4
On the STABLE-BRANCH-1-4, we may also want to patch g10/seckey-cert.c,
but that has not been done in this patch.
This fix extends commmit 0835d2f44e.
gpg2 --export --no-default-keyring --keyring TESTDATA
With TESTDATA being below after unpacking.
-----BEGIN PGP ARMORED FILE-----
mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ
iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA
EJgTBJx/AP8ABPPzBJx/AP8ABPPz
=2yE0
-----END PGP ARMORED FILE-----
Reported-by: Jodie Cunningham
[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
This fixes sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.
(back ported from commit 2183683bd6)
Signed-off-by: Werner Koch <wk@gnupg.org>
[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* include/cipher.h (PUBKEY_ALGO_ECC): New.
* g10/keyid.c (pubkey_letter): Add letter 'C'.
--
ID 22 will be used for generic ECC, i.e. one which can be used for
ECDSA and ECDH. The only support in 1.4 will pretty printing the
algorithm id.
This does not mean we have any kind of ECC support now. It is merely
to avoid printing a question mark for the algorithm.
Trailing white space changes as usual.
algorithms.
* keyedit.c (sign_uids): Don't request a signing key to make a
certification.
* keygen.c (do_add_key_flags): Force the certify flag on for all
primary keys, as the spec requires primary keys must be able to
certify (if nothing else, which key is going to issue the user ID
signature?) (print_key_flags): Show certify flag. (ask_key_flags,
ask_algo): Don't allow setting the C flag for subkeys.
* keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): Distinguish
between a sign/certify key and a certify-only key.
instead of 0x0000000000000000 for the invalid key ID since all-zeroes
is reserved for the anonymous recipient.
* keyedit.c (change_passphrase), keygen.c (generate_subkeypair): Fix a
string ;)
we are taking.
* keyid.c (keystr): If printing a keyid that lacks the high 4 bytes, print
the low 4 alone. (keystr_from_desc): Handle short keyids and warn on v3
fingerprints.
merge selfsigs if we have to for honor-keyserver-url. (keyserver_refresh):
Keyserver URL handler moved here. (calculate_keyid_fpr): Removed.
* keydb.h, keyid.c (keystr_from_desc): Calculate a key string from a
KEYDB_SEARCH_DESC.
a key string from a key in one step. This isn't faster than before, but
makes for neater code.
* keylist.c (list_keyblock_print): Use keystr_from_xx here.
(print_key_data): No need to pass a keyid in.
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.
* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.
* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.
public subkeys.
* keylist.c (list_keyblock_print), keyedit.c (show_key_with_all_names):
Show the revocation date of a key/subkey, and general formatting work.
* packet.h, getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
merge_selfsigs): Keep track of the revocation date of a key.
* keydb.h, keyid.c (revokestr_from_pk): New function to print the
revocation date of a key.
* keydb.h, keyid.c (hash_public_key, do_fingerprint_md): ... and make a
new one here that shares code with the fingerprint calculations. This
removes some duplicated functionality, and is also around 14% faster.
(Every bit helps).
* import.c (import_one): No longer need the Elgamal import warning.
* getkey.c (get_pubkey_fast): This one is sort of obscure. get_pubkey_fast
returns the primary key when requesting a subkey, so if a user has a key
signed by a subkey (we don't do this, but used to), AND that key is not
self-signed, AND the algorithm of the subkey in question is not present in
GnuPG, AND the algorithm of the primary key that owns the subkey in
question is present in GnuPG, then we will try and verify the subkey
signature using the primary key algorithm and hit a BUG(). The fix is to
not return a hit if the keyid is not the primary. All other users of
get_pubkey_fast already expect a primary only.
don't know the structure of by using the opaque MPI.
(do_fingerprint_md_sk): We cannot calculate the fingerprint from a secret
key unless we know the structure (since we can't leave off the secret key
parts), so fail early..... (keyid_from_sk, fingerprint_from_sk): .... and
return all zeroes.
keydb.h, keyid.c (namehash_from_uid): New function to rmd160-hash the
contents of a user ID packet and cache it in the uid object.
* keylist.c (list_keyblock_colon): Use namehash in field 8 of uids. Show
dates for creation (selfsig date), and expiration in fields 6 and 7.
* trustdb.c (get_validity, get_validity_counts, update_validity): Use new
namehash function rather than hashing it locally.