diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 13 | ||||
| -rw-r--r-- | g10/encr-data.c | 5 | ||||
| -rw-r--r-- | g10/g10.c | 2 | ||||
| -rw-r--r-- | g10/getkey.c | 66 | ||||
| -rw-r--r-- | g10/keydb.h | 1 | ||||
| -rw-r--r-- | g10/keyedit.c | 4 | ||||
| -rw-r--r-- | g10/pkclist.c | 7 | ||||
| -rw-r--r-- | g10/seskey.c | 1 | ||||
| -rw-r--r-- | g10/sign.c | 3 | ||||
| -rw-r--r-- | g10/trustdb.c | 2 |
10 files changed, 89 insertions, 15 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 3a4c2911e..84ebb78bd 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,16 @@ +Fri Sep 18 16:50:32 1998 Werner Koch (wk@(none)) + + * getkey.c (merge_key_and_selfsig): New. + +Fri Sep 18 10:20:11 1998 Werner Koch (wk@(none)) + + * pkclist.c (select_algo_from_prefs): Removed 3DEs kludge. + + * seskey.c (make_session_key): Fixed SERIOUS bug introduced + by adding the weak key detection code. + + * sign.c (sign_file): Changed aremor header in certain cases. + Tue Sep 15 17:52:55 1998 Werner Koch (wk@(none)) * mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp. diff --git a/g10/encr-data.c b/g10/encr-data.c index 03551be7b..c9fca4d81 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -69,9 +69,12 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) log_bug("Nanu\n"); /* oops: found a bug */ dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); - if( cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ) ) + rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); + if( rc == G10ERR_WEAK_KEY ) log_info(_("Warning: Message was encrypted with " "a weak key in the symmetric cipher.\n")); + else if( rc ) + log_error("key setup failed: %s\n", g10_errstr(rc) ); cipher_setiv( dfx.cipher_hd, NULL ); @@ -381,8 +381,8 @@ i18n_init(void) { #ifdef ENABLE_NLS #ifdef HAVE_LC_MESSAGES - setlocale( LC_MESSAGES, "" ); setlocale( LC_TIME, "" ); + setlocale( LC_MESSAGES, "" ); #else setlocale( LC_ALL, "" ); #endif diff --git a/g10/getkey.c b/g10/getkey.c index 189ef0be1..f9f4c9f43 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -613,7 +613,7 @@ compare_name( const char *uid, size_t uidlen, const char *name, int mode ) */ static void -add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode ) +merge_one_pk_and_selfsig( KBNODE keyblock, KBNODE knode ) { PKT_public_key *pk = knode->pkt->pkt.public_key; PKT_signature *sig; @@ -643,9 +643,8 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode ) && sig->keyid[1] == kid[1] && sig->version > 3 ) { /* okay this is (the first) self-signature which can be used - * fixme: Check how to handle subkey bindings * FIXME: We should only use this if the signature is valid - * but this is time consuming - we muts provide another + * but this is time consuming - we must provide another * way to handle this */ const byte *p; @@ -659,6 +658,63 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode ) /**************** + * merge all selfsignatures with the keys. + */ +void +merge_keys_and_selfsig( KBNODE keyblock ) +{ + PKT_public_key *pk = NULL; + PKT_secret_key *sk = NULL; + PKT_signature *sig; + KBNODE k; + u32 kid[2]; + + for(k=keyblock; k; k = k->next ) { + if( k->pkt->pkttype == PKT_PUBLIC_KEY + || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { + pk = k->pkt->pkt.public_key; sk = NULL; + if( pk->version < 4 ) + pk = NULL; /* not needed for old keys */ + else + keyid_from_pk( pk, kid ); + } + else if( k->pkt->pkttype == PKT_SECRET_KEY + || k->pkt->pkttype == PKT_SECRET_SUBKEY ) { + pk = NULL; sk = k->pkt->pkt.secret_key; + if( sk->version < 4 ) + sk = NULL; + else + keyid_from_sk( sk, kid ); + } + else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE + && (sig=k->pkt->pkt.signature)->sig_class >= 0x10 + && sig->sig_class <= 0x13 && sig->version > 3 + && sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] ) { + /* okay this is (the first) self-signature which can be used + * FIXME: We should only use this if the signature is valid + * but this is time consuming - we must provide another + * way to handle this + */ + const byte *p; + p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL ); + if( pk ) { + pk->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0; + /* fixme: add usage etc. */ + pk = NULL; /* use only the first self signature */ + } + else { + sk->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0; + sk = NULL; /* use only the first self signature */ + } + } + } +} + + + + + +/**************** * Lookup a key by scanning all keyrings * mode 1 = lookup by NAME (exact) * 2 = lookup by NAME (substring) @@ -808,12 +864,12 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid, if( primary && !pk->pubkey_usage ) { copy_public_key_new_namehash( pk, keyblock->pkt->pkt.public_key, use_namehash? namehash:NULL); - add_stuff_from_selfsig( keyblock, keyblock ); + merge_one_pk_and_selfsig( keyblock, keyblock ); } else { copy_public_key_new_namehash( pk, k->pkt->pkt.public_key, use_namehash? namehash:NULL); - add_stuff_from_selfsig( keyblock, k ); + merge_one_pk_and_selfsig( keyblock, k ); } if( ret_keyblock ) { *ret_keyblock = keyblock; diff --git a/g10/keydb.h b/g10/keydb.h index c85f93787..c16dc4b80 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -120,6 +120,7 @@ int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint, int seckey_available( u32 *keyid ); int get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock ); int enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys ); +void merge_keys_and_selfsig( KBNODE keyblock ); char*get_user_id_string( u32 *keyid ); char*get_user_id( u32 *keyid, size_t *rn ); diff --git a/g10/keyedit.c b/g10/keyedit.c index 2b3a02023..13fa24c8c 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -85,6 +85,9 @@ get_keyblock_byname( KBNODE *keyblock, KBPOS *kbpos, const char *username ) rc = read_keyblock( kbpos, keyblock ); if( rc ) log_error("%s: keyblock read problem: %s\n", username, g10_errstr(rc)); + else + merge_keys_and_selfsig( *keyblock ); + return rc; } @@ -490,6 +493,7 @@ keyedit_menu( const char *username, STRLIST locusr ) username, g10_errstr(rc)); goto leave; } + merge_keys_and_selfsig( sec_keyblock ); } /* and now get the public key */ diff --git a/g10/pkclist.c b/g10/pkclist.c index b4d79f281..4f52eebb7 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -599,13 +599,6 @@ select_algo_from_prefs( PK_LIST pk_list, int preftype ) i = 1; /* yep; we can use compression algo 1 */ } - if( preftype == PREFTYPE_SYM && i == CIPHER_ALGO_3DES ) { - i = CIPHER_ALGO_CAST5; - if( opt.verbose ) - log_info("replacing 3DES by CAST5\n"); - } - - m_free(pref); return i; } diff --git a/g10/seskey.c b/g10/seskey.c index c268d1559..b9dab28cc 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -42,6 +42,7 @@ make_session_key( DEK *dek ) dek->keylen = cipher_get_keylen( dek->algo ) / 8; chd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); + randomize_buffer( dek->key, dek->keylen, 1 ); for(i=0; i < 16; i++ ) { rc = cipher_setkey( chd, dek->key, dek->keylen ); if( !rc ) { diff --git a/g10/sign.c b/g10/sign.c index 63b7c8248..349b2f34d 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -220,6 +220,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, if( !multifile ) iobuf_push_filter( inp, md_filter, &mfx ); + if( detached && !encrypt && !opt.rfc1991 ) + afx.what = 2; + if( opt.armor && !outfile ) iobuf_push_filter( out, armor_filter, &afx ); else { diff --git a/g10/trustdb.c b/g10/trustdb.c index 893c04304..bce0df0c9 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1636,7 +1636,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel ) pk->valid_days) < cur_time ) { log_info(_("key %08lX.%lu: expired at %s\n"), keyid[1], pk->local_id, - strtimestamp( add_days_to_timestamp(pk->timestamp, + asctimestamp( add_days_to_timestamp(pk->timestamp, pk->valid_days))); trustlevel = TRUST_EXPIRED; } |