diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/Makefile.am | 4 | ||||
| -rw-r--r-- | g10/Makefile.in | 4 | ||||
| -rw-r--r-- | g10/elg.c | 10 | ||||
| -rw-r--r-- | g10/filter.h | 5 | ||||
| -rw-r--r-- | g10/g10.c | 22 | ||||
| -rw-r--r-- | g10/keygen.c | 169 | ||||
| -rw-r--r-- | g10/main.h | 13 | ||||
| -rw-r--r-- | g10/mainproc.c | 2 | ||||
| -rw-r--r-- | g10/rsa.c | 11 | ||||
| -rw-r--r-- | g10/sign.c | 62 |
10 files changed, 130 insertions, 172 deletions
diff --git a/g10/Makefile.am b/g10/Makefile.am index ec432e049..154ffe689 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -46,8 +46,8 @@ g10_SOURCES = g10.c \ sig-check.c -LDADD = -L ../cipher -L ../mpi -L ../util -L ../intl \ - -lcipher -lmpi -lutil -lintl +LDADD = -L ../cipher -L ../mpi -L ../util \ + -lcipher -lmpi -lutil $(PROGRAMS): ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a diff --git a/g10/Makefile.in b/g10/Makefile.in index ec99a5bc2..a11c89aba 100644 --- a/g10/Makefile.in +++ b/g10/Makefile.in @@ -83,8 +83,8 @@ g10_SOURCES = g10.c \ comment.c \ sig-check.c -LDADD = -L ../cipher -L ../mpi -L ../util -L ../intl \ - -lcipher -lmpi -lutil -lintl +LDADD = -L ../cipher -L ../mpi -L ../util \ + -lcipher -lmpi -lutil mkinstalldirs = $(top_srcdir)/scripts/mkinstalldirs CONFIG_HEADER = ../config.h PROGRAMS = $(bin_PROGRAMS) @@ -66,18 +66,20 @@ g10_elg_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek ) void -g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md ) +g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, + MD_HANDLE md, int digest_algo ) { ELG_secret_key skey; MPI frame; byte *dp; assert( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ); + if( !digest_algo ) + digest_algo = md_get_algo(md); - md_final( md ); - dp = md_read( md, 0 ); + dp = md_read( md, digest_algo ); keyid_from_skc( skc, sig->keyid ); - sig->d.elg.digest_algo = md_get_algo(md); + sig->d.elg.digest_algo = digest_algo; sig->d.elg.digest_start[0] = dp[0]; sig->d.elg.digest_start[1] = dp[1]; sig->d.elg.a = mpi_alloc( mpi_get_nlimbs(skc->d.elg.p) ); diff --git a/g10/filter.h b/g10/filter.h index bedacf9b6..b81a78db6 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -35,9 +35,8 @@ typedef struct { u32 crc; byte helpbuf[100]; int helpidx, helplen; - byte tempbuf[100]; - int tempidx, templen; - void *fake; + int faked; + int parse_state; int inp_checked; /* set if inp has been checked */ int inp_bypass; /* set if the input is not armored */ int inp_eof; @@ -116,7 +116,7 @@ wrong_args( const char *text) fputs(_("Usage: g10 [options] "),stderr); fputs(text,stderr); putc('\n',stderr); - exit(2); + g10_exit(2); } static void @@ -150,14 +150,14 @@ set_cmd( enum cmd_values *ret_cmd, enum cmd_values new_cmd ) cmd = aKModeC; else { log_error(_("conflicting commands\n")); - exit(2); + g10_exit(2); } *ret_cmd = cmd; } -int +void main( int argc, char **argv ) { static ARGPARSE_OPTS opts[] = { @@ -237,6 +237,8 @@ main( int argc, char **argv ) enum cmd_values cmd = 0; + secmem_init( 16384 ); + i18n_init(); opt.compress = -1; /* defaults to standard compress level */ opt.def_cipher_algo = CIPHER_ALGO_BLOWFISH; @@ -397,7 +399,7 @@ main( int argc, char **argv ) errors++; } if( errors ) - exit(2); + g10_exit(2); set_debug(); @@ -673,7 +675,17 @@ main( int argc, char **argv ) /* cleanup */ FREE_STRLIST(remusr); FREE_STRLIST(locusr); - return log_get_errorcount(0)? 2:0; + g10_exit(0); +} + + +void +g10_exit( int rc ) +{ + if( opt.verbose ) + secmem_dump_stats(); + secmem_term(); + exit( rc? rc : log_get_errorcount(0)? 2:0 ); } diff --git a/g10/keygen.c b/g10/keygen.c index 1f932f71b..a817463db 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -32,6 +32,7 @@ #include "ttyio.h" #include "options.h" #include "keydb.h" +#include "i18n.h" #if 0 #define TEST_ALGO 1 @@ -105,7 +106,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc ) PKT_public_cert *pkc; if( opt.verbose ) - log_info("writing self signature\n"); + log_info(_("writing self signature\n")); /* get the uid packet from the tree */ for( kbctx=NULL; (node=walk_kbtree( root, &kbctx)) ; ) { @@ -201,19 +202,16 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, #ifdef ENABLE_RSA_KEYGEN static int -gen_rsa(unsigned nbits, IOBUF pub_io, IOBUF sec_io, DEK *dek, - PKT_public_cert **ret_pkc, PKT_secret_cert **ret_skc ) +gen_rsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, + PKT_secret_cert **ret_skc ) { int rc; - PACKET pkt1, pkt2; + PACKET *pkt; PKT_secret_cert *skc; PKT_public_cert *pkc; RSA_public_key pk; RSA_secret_key sk; - init_packet(&pkt1); - init_packet(&pkt2); - rsa_generate( &pk, &sk, nbits ); skc = m_alloc_clear( sizeof *skc ); @@ -234,11 +232,11 @@ gen_rsa(unsigned nbits, IOBUF pub_io, IOBUF sec_io, DEK *dek, skc->d.rsa.csum += checksum_mpi( skc->d.rsa.rsa_p ); skc->d.rsa.csum += checksum_mpi( skc->d.rsa.rsa_q ); skc->d.rsa.csum += checksum_mpi( skc->d.rsa.rsa_u ); - if( !dek ) { - skc->d.rsa.is_protected = 0; - skc->d.rsa.protect_algo = 0; - } - else { + + /* return an unprotected version of the skc */ + *ret_skc = copy_secret_cert( NULL, skc ); + + if( dek ) { skc->d.rsa.is_protected = 1; skc->d.rsa.protect_algo = CIPHER_ALGO_BLOWFISH; randomize_buffer( skc->d.rsa.protect.blowfish.iv, 8, 1); @@ -246,31 +244,22 @@ gen_rsa(unsigned nbits, IOBUF pub_io, IOBUF sec_io, DEK *dek, rc = protect_secret_key( skc, dek ); if( rc ) { log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); - goto leave; + free_public_cert(pkc); + free_secret_cert(skc); + return rc; } } - pkt1.pkttype = PKT_PUBLIC_CERT; - pkt1.pkt.public_cert = pkc; - pkt2.pkttype = PKT_SECRET_CERT; - pkt2.pkt.secret_cert = skc; + pkt = m_alloc_clear(sizeof *pkt); + pkt->pkttype = PKT_PUBLIC_CERT; + pkt->pkt.public_cert = pkc; + add_kbnode(pub_root, new_kbnode( pkt )); + + pkt = m_alloc_clear(sizeof *pkt); + pkt->pkttype = PKT_SECRET_CERT; + pkt->pkt.secret_cert = skc; + add_kbnode(sec_root, new_kbnode( pkt )); - if( (rc = build_packet( pub_io, &pkt1 )) ) { - log_error("build public_cert packet failed: %s\n", g10_errstr(rc) ); - goto leave; - } - if( (rc = build_packet( sec_io, &pkt2 )) ) { - log_error("build secret_cert packet failed: %s\n", g10_errstr(rc) ); - goto leave; - } - *ret_pkc = pkt1.pkt.public_cert; - pkt1.pkt.public_cert = NULL; - *ret_skc = pkt1.pkt.secret_cert; - pkt1.pkt.secret_cert = NULL; - - leave: - free_packet(&pkt1); - free_packet(&pkt2); return rc; } #endif /*ENABLE_RSA_KEYGEN*/ @@ -305,28 +294,27 @@ generate_keypair() const char *algo_name; char *aname, *acomment, *amail; - #ifndef TEST_ALGO +#ifndef TEST_ALGO if( opt.batch || opt.answer_yes || opt.answer_no ) - log_fatal("Key generation can only be used in interactive mode\n"); - - tty_printf("Please select the algorithm to use:\n" - " (1) ElGamal is the suggested one.\n" - " (2) DSA can only be used for signatures.\n" - #ifdef ENABLE_RSA_KEYGEN - " (3) RSA cannot be used in the U.S.\n" - #endif - ); + log_fatal(_("Key generation can only be used in interactive mode\n")); + + tty_printf(_("Please select the algorithm to use:\n" + " (1) ElGamal is the suggested one.\n" + " (2) DSA can only be used for signatures.\n")); + #ifdef ENABLE_RSA_KEYGEN + tty_printf(_(" (3) RSA cannot be used in the U.S.\n")); #endif +#endif for(;;) { #ifdef TEST_ALGO algo = TEST_ALGO; #else - answer = tty_get("Your selection? (1,2" - #ifdef ENABLE_RSA_KEYGEN - ",3" - #endif - ") "); + #ifdef ENABLE_RSA_KEYGEN + answer = tty_get(_("Your selection? (1,2,3) ")); + #else + answer = tty_get(_("Your selection? (1,2) ")); + #endif tty_kill_prompt(); algo = *answer? atoi(answer): 1; m_free(answer); @@ -339,7 +327,7 @@ generate_keypair() else if( algo == 2 ) { algo = PUBKEY_ALGO_DSA; algo_name = "DSA"; - tty_printf("Sorry; DSA is not yet supported.\n"); + tty_printf(_("Sorry; DSA is not yet supported.\n")); } #ifdef ENABLE_RSA_KEYGEN else if( algo == 3 ) { @@ -352,36 +340,33 @@ generate_keypair() - tty_printf("About to generate a new %s keypair.\n" - #ifndef TEST_NBITS - " minimum keysize is 768 bits\n" - " default keysize is 1024 bits\n" - " highest suggested keysize is 2048 bits\n" - #endif - , algo_name ); + tty_printf(_("About to generate a new %s keypair.\n" + " minimum keysize is 768 bits\n" + " default keysize is 1024 bits\n" + " highest suggested keysize is 2048 bits\n"), algo_name ); for(;;) { #ifdef TEST_NBITS nbits = TEST_NBITS; #else - answer = tty_get("What keysize do you want? (1024) "); + answer = tty_get(_("What keysize do you want? (1024) ")); tty_kill_prompt(); nbits = *answer? atoi(answer): 1024; m_free(answer); #endif if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) ) - tty_printf("DSA does only allow keysizes from 512 to 1024\n"); + tty_printf(_("DSA does only allow keysizes from 512 to 1024\n")); else if( nbits < 768 ) - tty_printf("keysize too small; 768 is smallest value allowed.\n"); + tty_printf(_("keysize too small; 768 is smallest value allowed.\n")); else if( nbits > 2048 ) { - tty_printf("Keysizes larger than 2048 are not suggested, because " - "computations take REALLY long!\n"); - answer = tty_get("Are you sure, that you want this keysize? "); + tty_printf(_("Keysizes larger than 2048 are not suggested, because " + "computations take REALLY long!\n")); + answer = tty_get(_("Are you sure, that you want this keysize? ")); tty_kill_prompt(); if( answer_is_yes(answer) ) { m_free(answer); - tty_printf("Okay, but keep in mind that your monitor " - "and keyboard radiation is also very vulnerable " - "to attacks!\n"); + tty_printf(_("Okay, but keep in mind that your monitor " + "and keyboard radiation is also very vulnerable " + "to attacks!\n")); break; } m_free(answer); @@ -389,24 +374,24 @@ generate_keypair() else break; } - tty_printf("Requested keysize is %u bits\n", nbits ); + tty_printf(_("Requested keysize is %u bits\n"), nbits ); if( algo == PUBKEY_ALGO_DSA && (nbits % 64) ) { nbits = ((nbits + 63) / 64) * 64; - tty_printf("rounded up to %u bits\n", nbits ); + tty_printf(_("rounded up to %u bits\n"), nbits ); } else if( (nbits % 32) ) { nbits = ((nbits + 31) / 32) * 32; - tty_printf("rounded up to %u bits\n", nbits ); + tty_printf(_("rounded up to %u bits\n"), nbits ); } #ifdef TEST_UID uid = m_alloc(strlen(TEST_UID)+1); strcpy(uid, TEST_UID); #else - tty_printf( "\n" + tty_printf( _("\n" "You need a User-ID to identify your key; the software constructs the user id\n" "from Real Name, Comment and Email Address in this form:\n" -" \"Heinrich Heine (Der Dichter) <[email protected]>\"\n\n" ); +" \"Heinrich Heine (Der Dichter) <[email protected]>\"\n\n") ); uid = NULL; aname=acomment=amail=NULL; for(;;) { @@ -415,15 +400,15 @@ generate_keypair() if( !aname ) { for(;;) { m_free(aname); - aname = tty_get("Real name: "); + aname = tty_get(_("Real name: ")); trim_spaces(aname); tty_kill_prompt(); if( strpbrk( aname, "<([])>" ) ) - tty_printf("Invalid character in name\n"); + tty_printf(_("Invalid character in name\n")); else if( isdigit(*aname) ) - tty_printf("Name may not start with a digit\n"); + tty_printf(_("Name may not start with a digit\n")); else if( strlen(aname) < 5 ) - tty_printf("Name must be at least 5 characters long\n"); + tty_printf(_("Name must be at least 5 characters long\n")); else break; } @@ -431,7 +416,7 @@ generate_keypair() if( !amail ) { for(;;) { m_free(amail); - amail = tty_get("Email address: "); + amail = tty_get(_("Email address: ")); trim_spaces(amail); strlwr(amail); tty_kill_prompt(); @@ -443,7 +428,7 @@ generate_keypair() || amail[strlen(amail)-1] == '@' || amail[strlen(amail)-1] == '.' || strstr(amail, "..") ) - tty_printf("Not a valid email address\n"); + tty_printf(_("Not a valid email address\n")); else break; } @@ -451,13 +436,13 @@ generate_keypair() if( !acomment ) { for(;;) { m_free(acomment); - acomment = tty_get("Comment: "); + acomment = tty_get(_("Comment: ")); trim_spaces(acomment); tty_kill_prompt(); if( !*acomment ) break; /* no comment is okay */ else if( strpbrk( acomment, "()" ) ) - tty_printf("Invalid character in comment\n"); + tty_printf(_("Invalid character in comment\n")); else break; } @@ -473,15 +458,13 @@ generate_keypair() /* append a warning if we do not have dev/random * or it is switched into quick testmode */ - #ifdef HAVE_DEV_RANDOM if( quick_random_gen(-1) ) - #endif strcpy(p, " (INSECURE!)" ); - tty_printf("You selected this USER-ID:\n \"%s\"\n\n", uid); + tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid); for(;;) { - answer = tty_get("Edit (N)ame, (C)omment, (E)mail or (O)kay? "); + answer = tty_get(_("Edit (N)ame, (C)omment, (E)mail or (O)kay? ")); tty_kill_prompt(); if( strlen(answer) > 1 ) ; @@ -513,7 +496,7 @@ generate_keypair() #endif - tty_printf( "You need a Passphrase to protect your secret key.\n\n" ); + tty_printf(_("You need a Passphrase to protect your secret key.\n\n") ); dek = m_alloc_secure( sizeof *dek ); for(;;) { @@ -521,14 +504,14 @@ generate_keypair() rc = make_dek_from_passphrase( dek , 2 ); if( rc == -1 ) { m_free(dek); dek = NULL; - tty_printf( + tty_printf(_( "You don't what a passphrase - this is probably a *bad* idea!\n" "I will do it anyway. You can change your passphrase at anytime,\n" - "using this program with the option \"--change-passphrase\"\n\n" ); + "using this program with the option \"--change-passphrase\"\n\n")); break; } else if( rc == G10ERR_PASSPHRASE ) { - tty_printf("passphrase not correctly repeated; try again.\n"); + tty_printf(_("passphrase not correctly repeated; try again.\n")); } else if( rc ) { m_free(dek); dek = NULL; @@ -545,8 +528,8 @@ generate_keypair() pub_fname = make_filename("~/.g10", "pubring.g10", NULL ); sec_fname = make_filename("~/.g10", "secring.g10", NULL ); if( opt.verbose ) { - tty_printf("writing public certificate to '%s'\n", pub_fname ); - tty_printf("writing secret certificate to '%s'\n", sec_fname ); + tty_printf(_("writing public certificate to '%s'\n"), pub_fname ); + tty_printf(_("writing secret certificate to '%s'\n"), sec_fname ); } /* we create the packets as a tree of kbnodes. Because the structure @@ -557,17 +540,17 @@ generate_keypair() pub_root = make_comment_node("#created by G10 pre-release " VERSION ); sec_root = make_comment_node("#created by G10 pre-release " VERSION ); - tty_printf( + tty_printf(_( "We need to generate a lot of random bytes. It is a good idea to perform\n" "some other action (work in another window, move the mouse, utilize the\n" "network and the disks) during the prime generation; this gives the random\n" -"number generator a better chance to gain enough entropy.\n" ); +"number generator a better chance to gain enough entropy.\n") ); if( algo == PUBKEY_ALGO_ELGAMAL ) rc = gen_elg(nbits, pub_root, sec_root, dek, &skc ); #ifdef ENABLE_RSA_KEYGEN else if( algo == PUBKEY_ALGO_RSA ) - rc = gen_rsa(nbits, pub_io, sec_io, dek, &skc ); + rc = gen_rsa(nbits, pub_root, sec_root, dek, &skc ); #endif else if( algo == PUBKEY_ALGO_DSA ) rc = gen_dsa(nbits, pub_root, sec_root, dek, &skc ); @@ -625,7 +608,7 @@ generate_keypair() else if( (rc=insert_keyblock( &sec_kbpos, sec_root )) ) log_error("can't write secret key: %s\n", g10_errstr(rc) ); else { - tty_printf("public and secret key created and signed.\n" ); + tty_printf(_("public and secret key created and signed.\n") ); } if( !rc1 ) @@ -636,7 +619,7 @@ generate_keypair() if( rc ) - tty_printf("Key generation failed: %s\n", g10_errstr(rc) ); + tty_printf(_("Key generation failed: %s\n"), g10_errstr(rc) ); release_kbnode( pub_root ); release_kbnode( sec_root ); if( skc ) /* the unprotected secret certificate */ diff --git a/g10/main.h b/g10/main.h index 5a76173a1..5548f8112 100644 --- a/g10/main.h +++ b/g10/main.h @@ -32,6 +32,13 @@ typedef struct { } encrypt_filter_context_t; +/*-- g10.c --*/ +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) + void g10_exit(int rc) __attribute__ ((noreturn)); +#else + void g10_exit(int rc); +#endif + /*-- encode.c --*/ int encode_symmetric( const char *filename ); int encode_store( const char *filename ); @@ -71,11 +78,13 @@ KBNODE make_comment_node( const char *s ); /*-- elg.c --*/ void g10_elg_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek ); -void g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md ); +void g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, + MD_HANDLE md, int digest_algo ); /*-- rsa.c --*/ void g10_rsa_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek ); -void g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md ); +void g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, + MD_HANDLE md, int digest_algo ); /*-- import.c --*/ int import_pubkeys( const char *filename ); diff --git a/g10/mainproc.c b/g10/mainproc.c index 36c3381da..35a44939b 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -613,7 +613,7 @@ proc_tree( CTX c, KBNODE node ) print_keyid( stderr, sig->keyid ); putc('\n', stderr); if( opt.batch ) - exit(1); + g10_exit(1); } else log_error("Can't check signature made by %08lX: %s\n", @@ -64,19 +64,20 @@ g10_rsa_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek ) void -g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md ) +g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, + MD_HANDLE md, int digest_algo ) { #ifdef HAVE_RSA_CIPHER RSA_secret_key skey; byte *dp; assert( sig->pubkey_algo == PUBKEY_ALGO_RSA ); + if( !digest_algo ) + digest_algo = md_get_algo(md); - md_final( md ); - dp = md_read( md, 0 ); - + dp = md_read( md, digest_algo ); keyid_from_skc( skc, sig->keyid ); - sig->d.rsa.digest_algo = md_get_algo( md ); + sig->d.rsa.digest_algo = digest_algo; sig->d.rsa.digest_start[0] = dp[0]; sig->d.rsa.digest_start[1] = dp[1]; sig->d.rsa.rsa_integer = diff --git a/g10/sign.c b/g10/sign.c index 247b30edd..31fe2bd05 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -48,9 +48,9 @@ complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md ) if( (rc=check_secret_key( skc )) ) ; else if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) - g10_elg_sign( skc, sig, md ); + g10_elg_sign( skc, sig, md, 0 ); else if( sig->pubkey_algo == PUBKEY_ALGO_RSA ) - g10_rsa_sign( skc, sig, md ); + g10_rsa_sign( skc, sig, md, 0 ); else BUG(); @@ -246,7 +246,6 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, PKT_secret_cert *skc; PKT_signature *sig; MD_HANDLE md; - byte *dp; skc = skc_rover->skc; @@ -265,58 +264,11 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, md_putc( md, a & 0xff ); } md_final( md ); - dp = md_read( md, DIGEST_ALGO_RMD160 ); - - if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) { - ELG_secret_key skey; - MPI frame; - - keyid_from_skc( skc, sig->keyid ); - sig->d.elg.digest_algo = DIGEST_ALGO_RMD160; - sig->d.elg.digest_start[0] = dp[0]; - sig->d.elg.digest_start[1] = dp[1]; - sig->d.elg.a = mpi_alloc( mpi_get_nlimbs(skc->d.elg.p) ); - sig->d.elg.b = mpi_alloc( mpi_get_nlimbs(skc->d.elg.p) ); - frame = encode_rmd160_value( dp, 20, mpi_get_nbits(skc->d.elg.p) ); - skey.p = skc->d.elg.p; - skey.g = skc->d.elg.g; - skey.y = skc->d.elg.y; - skey.x = skc->d.elg.x; - elg_sign( sig->d.elg.a, sig->d.elg.b, frame, &skey); - memset( &skey, 0, sizeof skey ); - mpi_free(frame); - if( opt.verbose ) { - char *ustr = get_user_id_string( sig->keyid ); - log_info("ELG signature from: %s\n", ustr ); - m_free(ustr); - } - } - #ifdef HAVE_RSA_CIPHER - else if( sig->pubkey_algo == PUBKEY_ALGO_RSA ) { - RSA_secret_key skey; - - keyid_from_skc( skc, sig->keyid ); - sig->d.rsa.digest_algo = DIGEST_ALGO_RMD160; - sig->d.rsa.digest_start[0] = dp[0]; - sig->d.rsa.digest_start[1] = dp[1]; - sig->d.rsa.rsa_integer = encode_rmd160_value( dp, 20, - mpi_get_nbits(skc->d.rsa.rsa_n) ); - skey.e = skc->d.rsa.rsa_e; - skey.n = skc->d.rsa.rsa_n; - skey.p = skc->d.rsa.rsa_p; - skey.q = skc->d.rsa.rsa_q; - skey.d = skc->d.rsa.rsa_d; - skey.u = skc->d.rsa.rsa_u; - rsa_secret( sig->d.rsa.rsa_integer, sig->d.rsa.rsa_integer, &skey); - memset( &skey, 0, sizeof skey ); - if( opt.verbose ) { - char *ustr = get_user_id_string( sig->keyid ); - log_info("RSA signature from: %s\n", ustr ); - m_free(ustr); - } - /* fixme: should we check wether the signature is okay? */ - } - #endif/*HAVE_RSA_CIPHER*/ + + if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) + g10_elg_sign( skc, sig, md, DIGEST_ALGO_RMD160 ); + else if( sig->pubkey_algo == PUBKEY_ALGO_RSA ) + g10_rsa_sign( skc, sig, md, DIGEST_ALGO_RMD160 ); else BUG(); |