aboutsummaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
Diffstat (limited to 'g10')
-rw-r--r--g10/g10.c15
-rw-r--r--g10/getkey.c10
-rw-r--r--g10/keydb.h3
-rw-r--r--g10/keygen.c52
-rw-r--r--g10/parse-packet.c9
-rw-r--r--g10/seckey-cert.c66
-rw-r--r--g10/sig-check.c6
-rw-r--r--g10/trustdb.c19
8 files changed, 95 insertions, 85 deletions
diff --git a/g10/g10.c b/g10/g10.c
index 94fb6446b..8f65f2efc 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -310,6 +310,11 @@ wrong_args( const char *text)
static void
set_debug(void)
{
+ volatile char *p = g10_malloc(1);
+ volatile MPI a = g10m_new(1);
+ *p = g10c_get_random_byte( 0 );
+
+
if( opt.debug & DBG_MEMORY_VALUE )
memory_debug_mode = 1;
if( opt.debug & DBG_MEMSTAT_VALUE )
@@ -317,9 +322,10 @@ set_debug(void)
if( opt.debug & DBG_MPI_VALUE )
mpi_debug_mode = 1;
if( opt.debug & DBG_CIPHER_VALUE )
- cipher_debug_mode = 1;
+ g10c_debug_mode = 1;
if( opt.debug & DBG_IOBUF_VALUE )
iobuf_debug_mode = 1;
+
}
@@ -542,7 +548,8 @@ main( int argc, char **argv )
#endif /* IS_G10MAINT */
case 'o': opt.outfile = pargs.r.ret_str; break;
- case 'v': opt.verbose++; opt.list_sigs=1; break;
+ case 'v': g10_opt_verbose++;
+ opt.verbose++; opt.list_sigs=1; break;
case 'k': set_cmd( &cmd, aKMode ); break;
case 500: opt.batch = 1; greeting = 0; break;
@@ -567,7 +574,8 @@ main( int argc, char **argv )
case 520: default_keyring = 0; break;
case 521: set_cmd( &cmd, aListPackets); break;
case 522: greeting = 0; break;
- case 526: opt.verbose = 0; opt.list_sigs=0; break;
+ case 526: g10_opt_verbose = 0;
+ opt.verbose = 0; opt.list_sigs=0; break;
case 530: set_cmd( &cmd, aImport); break;
case 532: quick_random_gen(1); break;
case 534: opt.no_comment=1; break;
@@ -633,6 +641,7 @@ main( int argc, char **argv )
opt.list_sigs++;
opt.verbose = opt.verbose > 1;
+ g10_opt_verbose = opt.verbose;
}
diff --git a/g10/getkey.c b/g10/getkey.c
index fb4a8492d..5f607ec51 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -474,16 +474,18 @@ get_pubkey_byname( PKT_public_cert *pkc, const char *name )
/****************
* Search for a key with the given fingerprint and return the
* complete keyblock which may have more than only this key.
- * The fingerprint should always be 20 bytes, fill with zeroes
- * for 16 byte fprints.
*/
int
-get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint )
+get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
+ size_t fprint_len )
{
int rc;
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
- rc = lookup( pkc, 20, NULL, fprint, ret_keyblock );
+ if( fprint_len == 20 || fprint_len == 16 )
+ rc = lookup( pkc, fprint_len, NULL, fprint, ret_keyblock );
+ else
+ rc = G10ERR_GENERAL; /* Oops */
free_public_cert( pkc );
return rc;
diff --git a/g10/keydb.h b/g10/keydb.h
index 1cd6457a3..07d9115b3 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -109,7 +109,8 @@ void add_secret_keyring( const char *name );
int get_pubkey( PKT_public_cert *pkc, u32 *keyid );
int get_pubkey_byname( PKT_public_cert *pkc, const char *name );
int get_seckey( PKT_secret_cert *skc, u32 *keyid );
-int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint );
+int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
+ size_t fprint_len );
int seckey_available( u32 *keyid );
int get_seckey_byname( PKT_secret_cert *skc, const char *name, int unlock );
int enum_secret_keys( void **context, PKT_secret_cert *skc );
diff --git a/g10/keygen.c b/g10/keygen.c
index 63c162fb2..8ad30bb9b 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -35,7 +35,7 @@
#include "i18n.h"
-#if defined(HAVE_RSA_CIPHER) && 0
+#if 0
#define ENABLE_RSA_KEYGEN 1
#endif
@@ -143,11 +143,14 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
PACKET *pkt;
PKT_secret_cert *skc;
PKT_public_cert *pkc;
- ELG_public_key pk;
- ELG_secret_key sk;
+ MPI skey[4];
MPI *factors;
- elg_generate( &pk, &sk, nbits, &factors );
+ rc = pubkey_generate( PUBKEY_ALGO_ELGAMAL, nbits, skey, &factors );
+ if( rc ) {
+ log_error("pubkey_generate failed: %s\n", g10_errstr(rc) );
+ return rc;
+ }
skc = m_alloc_clear( sizeof *skc );
pkc = m_alloc_clear( sizeof *pkc );
@@ -155,13 +158,13 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
skc->version = pkc->version = version;
skc->valid_days = pkc->valid_days = valid_days;
skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_ELGAMAL;
- pkc->pkey[0] = pk.p;
- pkc->pkey[1] = pk.g;
- pkc->pkey[2] = pk.y;
- skc->skey[0] = sk.p;
- skc->skey[1] = sk.g;
- skc->skey[2] = sk.y;
- skc->skey[3] = sk.x;
+ pkc->pkey[0] = mpi_copy( skey[0] );
+ pkc->pkey[1] = mpi_copy( skey[1] );
+ pkc->pkey[2] = mpi_copy( skey[2] );
+ skc->skey[0] = skey[0];
+ skc->skey[1] = skey[1];
+ skc->skey[2] = skey[2];
+ skc->skey[3] = skey[3];
skc->is_protected = 0;
skc->protect.algo = 0;
@@ -278,14 +281,17 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
PACKET *pkt;
PKT_secret_cert *skc;
PKT_public_cert *pkc;
- DSA_public_key pk;
- DSA_secret_key sk;
+ MPI skey[5];
MPI *factors;
if( nbits > 1024 )
nbits = 1024;
- dsa_generate( &pk, &sk, nbits, &factors );
+ rc = pubkey_generate( PUBKEY_ALGO_DSA, nbits, skey, &factors );
+ if( rc ) {
+ log_error("pubkey_generate failed: %s\n", g10_errstr(rc) );
+ return rc;
+ }
skc = m_alloc_clear( sizeof *skc );
pkc = m_alloc_clear( sizeof *pkc );
@@ -296,15 +302,15 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
*/
skc->valid_days = pkc->valid_days = valid_days;
skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_DSA;
- pkc->pkey[0] = pk.p;
- pkc->pkey[1] = pk.q;
- pkc->pkey[2] = pk.g;
- pkc->pkey[3] = pk.y;
- skc->skey[0] = sk.p;
- skc->skey[1] = sk.q;
- skc->skey[2] = sk.g;
- skc->skey[3] = sk.y;
- skc->skey[4] = sk.x;
+ pkc->pkey[0] = skey[0];
+ pkc->pkey[1] = skey[1];
+ pkc->pkey[2] = skey[2];
+ pkc->pkey[3] = skey[3];
+ skc->skey[0] = skey[0];
+ skc->skey[1] = skey[1];
+ skc->skey[2] = skey[2];
+ skc->skey[3] = skey[3];
+ skc->skey[4] = skey[4];
skc->is_protected = 0;
skc->protect.algo = 0;
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 0ee6e7d37..0cd4238ad 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -972,15 +972,15 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
}
else {
- if( list_mode )
- printf( "\tprotect algo: %d\n",
- cert->protect.algo);
/* old version, we don't have a S2K, so we fake one */
cert->protect.s2k.mode = 0;
/* We need this kludge to cope with old GNUPG versions */
cert->protect.s2k.hash_algo =
cert->protect.algo == CIPHER_ALGO_BLOWFISH160?
DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
+ if( list_mode )
+ printf( "\tprotect algo: %d (hash algo: %d)\n",
+ cert->protect.algo, cert->protect.s2k.hash_algo );
}
if( pktlen < 8 ) {
rc = G10ERR_INVALID_PACKET;
@@ -1176,6 +1176,9 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
}
if( cert->protect.algo == CIPHER_ALGO_BLOWFISH160 )
memcpy(cert->protect.iv, temp, 8 );
+ /* old version, we don't have a S2K, so we fake one */
+ cert->protect.s2k.mode = 0;
+ cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
}
else
cert->is_protected = 0;
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 41a09b281..9ac19c89c 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -81,27 +81,25 @@ do_check( PKT_secret_cert *cert )
csum = checksum_mpi( cert->skey[4] );
m_free( buffer );
break;
- #ifdef HAVE_RSA_CIPHER
case PUBKEY_ALGO_RSA:
case PUBKEY_ALGO_RSA_E:
case PUBKEY_ALGO_RSA_S:
csum = 0;
#define X(a) do { \
- buffer = mpi_get_secure_buffer( cert->d.rsa.##a, \
+ buffer = mpi_get_secure_buffer( cert->skey[(a)], \
&nbytes, NULL ); \
csum += checksum_u16( nbytes*8 ); \
cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); \
csum += checksum( buffer, nbytes ); \
- mpi_set_buffer(cert->d.rsa.##a, buffer, nbytes, 0 ); \
+ mpi_set_buffer(cert->skey[(a)], buffer, nbytes, 0 ); \
m_free( buffer ); \
} while(0)
- X(d);
- X(p);
- X(q);
- X(u);
+ X(2);
+ X(3);
+ X(4);
+ X(5);
#undef X
break;
- #endif /* HAVE_RSA_CIPHER */
default: BUG();
}
@@ -135,29 +133,27 @@ do_check( PKT_secret_cert *cert )
case PUBKEY_ALGO_DSA:
csum = checksum_mpi( cert->skey[4] );
break;
- #ifdef HAVE_RSA_CIPHER
case PUBKEY_ALGO_RSA_E:
case PUBKEY_ALGO_RSA_S:
case PUBKEY_ALGO_RSA:
csum =0;
- buffer = mpi_get_buffer( cert->d.rsa.rsa_d, &nbytes, NULL );
+ buffer = mpi_get_buffer( cert->skey[2], &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
- buffer = mpi_get_buffer( cert->d.rsa.rsa_p, &nbytes, NULL );
+ buffer = mpi_get_buffer( cert->skey[3], &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
- buffer = mpi_get_buffer( cert->d.rsa.rsa_q, &nbytes, NULL );
+ buffer = mpi_get_buffer( cert->skey[4], &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
- buffer = mpi_get_buffer( cert->d.rsa.rsa_u, &nbytes, NULL );
+ buffer = mpi_get_buffer( cert->skey[5], &nbytes, NULL );
csum += checksum_u16( nbytes*8 );
csum += checksum( buffer, nbytes );
m_free( buffer );
break;
- #endif
default: BUG();
}
if( csum != cert->csum )
@@ -182,36 +178,22 @@ check_secret_key( PKT_secret_cert *cert )
for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) {
if( i )
log_error(_("Invalid passphrase; please try again ...\n"));
- switch( cert->pubkey_algo ) {
- case PUBKEY_ALGO_ELGAMAL_E:
- case PUBKEY_ALGO_ELGAMAL:
- case PUBKEY_ALGO_DSA:
+ rc = do_check( cert );
+ #if 0 /* set to 1 to enable the workaround */
+ if( rc == G10ERR_BAD_PASS && cert->is_protected
+ && cert->protect.algo == CIPHER_ALGO_BLOWFISH
+ && cert->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
+ /* Workaround for a bug in 0.2.16 which still used
+ * a 160 bit key for BLOWFISH. */
+ log_info("trying workaround for 0.2.16 passphrase bug ...\n");
+ log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n");
+ cert->protect.algo = CIPHER_ALGO_BLOWFISH160;
rc = do_check( cert );
- #if 0 /* set to 1 to enable the workaround */
- if( rc == G10ERR_BAD_PASS && cert->is_protected
- && cert->protect.algo == CIPHER_ALGO_BLOWFISH
- && cert->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
- /* Workaround for a bug in 0.2.16 which still used
- * a 160 bit key for BLOWFISH. */
- log_info("trying workaround for 0.2.16 passphrase bug ...\n");
- log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n");
- cert->protect.algo = CIPHER_ALGO_BLOWFISH160;
- rc = do_check( cert );
- if( rc )
- rc = G10ERR_BAD_PASS;
- cert->protect.algo = CIPHER_ALGO_BLOWFISH;
- }
- #endif
- break;
- #ifdef HAVE_RSA_CIPHER
- case PUBKEY_ALGO_RSA:
- case PUBKEY_ALGO_RSA_E:
- case PUBKEY_ALGO_RSA_S:
- rc = do_check( cert );
- break;
- #endif
- default: rc = G10ERR_PUBKEY_ALGO;
+ if( rc )
+ rc = G10ERR_BAD_PASS;
+ cert->protect.algo = CIPHER_ALGO_BLOWFISH;
}
+ #endif
if( get_passphrase_fd() != -1 )
break;
}
diff --git a/g10/sig-check.c b/g10/sig-check.c
index a4c802c67..0ef69b7d5 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -49,10 +49,8 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
int rc=0;
- #ifndef HAVE_RSA_CIPHER
if( is_RSA(sig->pubkey_algo) )
write_status(STATUS_RSA_OR_IDEA);
- #endif
if( get_pubkey( pkc, sig->keyid ) )
rc = G10ERR_NO_PUBKEY;
@@ -149,7 +147,7 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
log_mpidump("calc sig frame: ", result);
rc = pubkey_verify( pkc->pubkey_algo, result, sig->data, pkc->pkey );
}
- #ifdef HAVE_RSA_CIPHER
+ #if 0 /* WORK!!! */
else if( pkc->pubkey_algo == PUBKEY_ALGO_RSA
|| pkc->pubkey_algo == PUBKEY_ALGO_RSA_S ) {
int i, j, c, old_enc;
@@ -231,7 +229,7 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
}
}
}
- #endif/*HAVE_RSA_CIPHER*/
+ #endif
else {
/*log_debug("signature_check: unsupported pubkey algo %d\n",
pkc->pubkey_algo );*/
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 3ebc83137..bb4942c41 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -83,6 +83,7 @@ struct trust_record {
ulong owner;
u32 keyid[2];
byte pubkey_algo;
+ byte fingerprint_len;
byte fingerprint[20];
byte ownertrust;
} key;
@@ -387,9 +388,11 @@ dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
fputs(", (??)", fp );
putc('\n', fp);
break;
- case RECTYPE_KEY: fprintf(fp, "key keyid=%08lX, own=%lu, ownertrust=%02x\n",
+ case RECTYPE_KEY: fprintf(fp,
+ "key keyid=%08lX, own=%lu, ownertrust=%02x, fl=%d\n",
(ulong)rec->r.key.keyid[1],
- rec->r.key.owner, rec->r.key.ownertrust );
+ rec->r.key.owner, rec->r.key.ownertrust,
+ rec->r.key.fingerprint_len );
break;
case RECTYPE_CTL: fprintf(fp, "ctl\n");
break;
@@ -497,7 +500,10 @@ read_record( ulong recnum, TRUSTREC *rec, int expected )
rec->r.key.owner = buftoulong(p); p += 4;
rec->r.dir.keyid[0] = buftou32(p); p += 4;
rec->r.dir.keyid[1] = buftou32(p); p += 4;
- rec->r.key.pubkey_algo = *p++; p++;
+ rec->r.key.pubkey_algo = *p++;
+ rec->r.key.fingerprint_len = *p++;
+ if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 )
+ rec->r.key.fingerprint_len = 20;
memcpy( rec->r.key.fingerprint, p, 20); p += 20;
rec->r.key.ownertrust = *p++;
break;
@@ -562,7 +568,8 @@ write_record( ulong recnum, TRUSTREC *rec )
ulongtobuf(p, rec->r.key.owner); p += 4;
u32tobuf(p, rec->r.key.keyid[0]); p += 4;
u32tobuf(p, rec->r.key.keyid[1]); p += 4;
- *p++ = rec->r.key.pubkey_algo; p++;
+ *p++ = rec->r.key.pubkey_algo;
+ *p++ = rec->r.key.fingerprint_len;
memcpy( p, rec->r.key.fingerprint, 20); p += 20;
*p++ = rec->r.key.ownertrust;
break;
@@ -1166,7 +1173,8 @@ build_sigrecs( ulong pubkeyid )
log_error(_("%lu: build_sigrecs: can't read key record\n"), pubkeyid);
goto leave;
}
- rc = get_keyblock_byfprint( &keyblock, krec.r.key.fingerprint );
+ rc = get_keyblock_byfprint( &keyblock, krec.r.key.fingerprint,
+ krec.r.key.fingerprint_len );
if( rc ) {
log_error(_("build_sigrecs: get_keyblock_byfprint failed\n") );
goto leave;
@@ -1938,6 +1946,7 @@ insert_trust_record( PKT_public_cert *pkc )
rec.r.key.keyid[0] = keyid[0];
rec.r.key.keyid[1] = keyid[1];
rec.r.key.pubkey_algo = pkc->pubkey_algo;
+ rec.r.key.fingerprint_len = fingerlen;
memcpy(rec.r.key.fingerprint, fingerprint, fingerlen );
rec.r.key.ownertrust = 0;
if( write_record( knum, &rec ) ) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 05:55:24 +0000