Improved detection of bad/invalid signer keys.

author: Werner Koch <[email protected]> 2009-08-06 20:12:00 +0000
committer: Werner Koch <[email protected]> 2009-08-06 20:12:00 +0000
commit: 019601191a250f5ec95ca871aa281ae836a1a34e (patch)
tree: 2d948f3e1fa834f262519853f5556bfe48f37209 /g10
parent: Enable readline support in --card-edit. (diff)
download: gnupg-019601191a250f5ec95ca871aa281ae836a1a34e.tar.gz
gnupg-019601191a250f5ec95ca871aa281ae836a1a34e.zip
4 files changed, 36 insertions, 1 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 4137f1d58..7e6a6f758 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+2009-08-06  Werner Koch  <[email protected]>
+
+	* skclist.c (build_sk_list): Print INV_SGNR status line.
+	* seckey-cert.c (do_check): Return G10ERR_UNU_SECKEY instead of
+	general error.
+
 2009-08-05  Werner Koch  <[email protected]>
 
 	* card-util.c: Enable readline support also in GnuPG-2.
diff --git a/g10/cpr.c b/g10/cpr.c
index a20a811ff..1533ac661 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -202,6 +202,12 @@ write_status_text_and_buffer ( int no, const char *string,
             if (first && string) {
                 fputs (string, statusfp);
                 count += strlen (string);
+                /* Make sure that there is space after the string.  */
+                if (*string && string[strlen (string)-1] != ' ')
+                  {
+                    putc (' ', statusfp);
+                    count++;
+                  }
             }
             first = 0;
         }
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 821673541..1398b181b 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -53,7 +53,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
 
 	if( sk->protect.s2k.mode == 1001 ) {
 	    log_info(_("secret key parts are not available\n"));
-	    return G10ERR_GENERAL;
+	    return G10ERR_UNU_SECKEY;
 	}
 	if( sk->protect.algo == CIPHER_ALGO_NONE )
 	    BUG();
diff --git a/g10/skclist.c b/g10/skclist.c
index d644e71b2..70b375aa3 100644
--- a/g10/skclist.c
+++ b/g10/skclist.c
@@ -128,6 +128,8 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 	if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
 	  free_secret_key( sk ); sk = NULL;
 	  log_error("no default secret key: %s\n", g10_errstr(rc) );
+          write_status_text (STATUS_INV_SGNR,
+                             get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY));
 	}
 	else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) )
 	  {
@@ -138,6 +140,8 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 		log_info(_("key is not flagged as insecure - "
 			   "can't use it with the faked RNG!\n"));
 		free_secret_key( sk ); sk = NULL;
+                write_status_text (STATUS_INV_SGNR, 
+                                   get_inv_recpsgnr_code (GPG_ERR_NOT_TRUSTED));
 	      }
 	    else
 	      {
@@ -152,6 +156,7 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 	  {
 	    free_secret_key( sk ); sk = NULL;
 	    log_error("invalid default secret key: %s\n", g10_errstr(rc) );
+            write_status_text (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc));
 	  }
       }
     else {
@@ -176,6 +181,9 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 		free_secret_key( sk ); sk = NULL;
 		log_error(_("skipped \"%s\": %s\n"),
 			  locusr->d, g10_errstr(rc) );
+                write_status_text_and_buffer 
+                  (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), 
+                   locusr->d, strlen (locusr->d), -1);
 	      }
             else if ( key_present_in_sk_list(sk_list, sk) == 0) {
                 free_secret_key(sk); sk = NULL;
@@ -186,6 +194,9 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 		free_secret_key( sk ); sk = NULL;
 		log_error(_("skipped \"%s\": %s\n"),
 			  locusr->d, g10_errstr(rc) );
+                write_status_text_and_buffer 
+                  (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), 
+                   locusr->d, strlen (locusr->d), -1);
 	      }
 	    else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) ) {
 		SK_LIST r;
@@ -197,11 +208,19 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 			     _("this is a PGP generated Elgamal key which"
 			       " is not secure for signatures!"));
 		    free_secret_key( sk ); sk = NULL;
+                    write_status_text_and_buffer 
+                      (STATUS_INV_SGNR, 
+                       get_inv_recpsgnr_code (GPG_ERR_WRONG_KEY_USAGE), 
+                       locusr->d, strlen (locusr->d), -1);
 		  }
 		else if( random_is_faked() && !is_insecure( sk ) ) {
 		    log_info(_("key is not flagged as insecure - "
 			       "can't use it with the faked RNG!\n"));
 		    free_secret_key( sk ); sk = NULL;
+                    write_status_text_and_buffer 
+                      (STATUS_INV_SGNR, 
+                       get_inv_recpsgnr_code (GPG_ERR_NOT_TRUSTED), 
+                       locusr->d, strlen (locusr->d), -1);
 		}
 		else {
 		    r = xmalloc( sizeof *r );
@@ -214,6 +233,9 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 	    else {
 		free_secret_key( sk ); sk = NULL;
 		log_error("skipped \"%s\": %s\n", locusr->d, g10_errstr(rc) );
+                write_status_text_and_buffer 
+                  (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), 
+                   locusr->d, strlen (locusr->d), -1);
 	    }
 	}
     }
@@ -221,6 +243,7 @@ build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 
     if( !rc && !sk_list ) {
 	log_error("no valid signators\n");
+        write_status_text (STATUS_NO_SGNR, "0");
 	rc = G10ERR_NO_USER_ID;
     }
author	Werner Koch <[email protected]>	2009-08-06 20:12:00 +0000
committer	Werner Koch <[email protected]>	2009-08-06 20:12:00 +0000
commit	019601191a250f5ec95ca871aa281ae836a1a34e (patch)
tree	2d948f3e1fa834f262519853f5556bfe48f37209 /g10
parent	Enable readline support in --card-edit. (diff)
download	gnupg-019601191a250f5ec95ca871aa281ae836a1a34e.tar.gz gnupg-019601191a250f5ec95ca871aa281ae836a1a34e.zip