diff options
| author | Werner Koch <[email protected]> | 2008-12-09 10:43:22 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2008-12-09 10:43:22 +0000 |
| commit | 0ad3411b0720909ebf3c3b4709ab1631b9fac7e4 (patch) | |
| tree | bc505ae79f91aae70e8cc128ec10695f123318cc | |
| parent | * curl-shim.h, gpgkeys_curl.c, gpgkeys_hkp.c (main): Always show curl (diff) | |
| download | gnupg-0ad3411b0720909ebf3c3b4709ab1631b9fac7e4.tar.gz gnupg-0ad3411b0720909ebf3c3b4709ab1631b9fac7e4.zip | |
Check algo usage.
| -rw-r--r-- | g10/ChangeLog | 9 | ||||
| -rw-r--r-- | g10/keygen.c | 58 |
2 files changed, 46 insertions, 21 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 3747350d2..dfee13c28 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2008-12-09 Werner Koch <[email protected]> + + * keygen.c (proc_parameter_file): Check that key and subkey usages + are allowed. + 2008-11-18 David Shaw <[email protected]> * trustdb.c (validate_one_keyblock): Fix the trust signature @@ -330,8 +335,8 @@ 2007-01-31 David Shaw <[email protected]> - * keygen.c (do_generate_keypair, proc_parameter_file, - generate_keypair, generate_subkeypair): Pass a timestamp through + * keygen.c (do_generate_keypair, proc_parameter_file) + (generate_keypair, generate_subkeypair): Pass a timestamp through to all the gen_xxx functions. * keyedit.c (sign_uids): Another multiple to single timestamp diff --git a/g10/keygen.c b/g10/keygen.c index 9bc18777e..aac4c7c74 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2196,42 +2196,62 @@ proc_parameter_file( struct para_data_s *para, const char *fname, return -1; } - err=parse_parameter_usage (fname, para, pKEYUSAGE); - if(err==0) + err = parse_parameter_usage (fname, para, pKEYUSAGE); + if (!err) { /* Default to algo capabilities if key-usage is not provided */ - r=xmalloc_clear(sizeof(*r)); - r->key=pKEYUSAGE; - r->u.usage=openpgp_pk_algo_usage(algo); - r->next=para; - para=r; + r = xmalloc_clear(sizeof(*r)); + r->key = pKEYUSAGE; + r->u.usage = openpgp_pk_algo_usage(algo); + r->next = para; + para = r; } - else if(err==-1) + else if (err == -1) return -1; + else + { + r = get_parameter (para, pKEYUSAGE); + if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) + { + log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n", + fname, r->lnr, algo); + return -1; + } + } r = get_parameter( para, pSUBKEYTYPE ); if(r) { - algo=get_parameter_algo( para, pSUBKEYTYPE); - if(check_pubkey_algo(algo)) + algo = get_parameter_algo (para, pSUBKEYTYPE); + if (check_pubkey_algo (algo)) { - log_error("%s:%d: invalid algorithm\n", fname, r->lnr ); + log_error ("%s:%d: invalid algorithm\n", fname, r->lnr ); return -1; } - err=parse_parameter_usage (fname, para, pSUBKEYUSAGE); - if(err==0) + err = parse_parameter_usage (fname, para, pSUBKEYUSAGE); + if (!err) { /* Default to algo capabilities if subkey-usage is not provided */ - r=xmalloc_clear(sizeof(*r)); - r->key=pSUBKEYUSAGE; - r->u.usage=openpgp_pk_algo_usage(algo); - r->next=para; - para=r; + r = xmalloc_clear (sizeof(*r)); + r->key = pSUBKEYUSAGE; + r->u.usage = openpgp_pk_algo_usage (algo); + r->next = para; + para = r; } - else if(err==-1) + else if (err == -1) return -1; + else + { + r = get_parameter (para, pSUBKEYUSAGE); + if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) + { + log_error ("%s:%d: specified Subkey-Usage not allowed" + " for algo %d\n", fname, r->lnr, algo); + return -1; + } + } } if( get_parameter_value( para, pUSERID ) ) |