diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 33 | ||||
| -rw-r--r-- | g10/armor.c | 8 | ||||
| -rw-r--r-- | g10/build-packet.c | 18 | ||||
| -rw-r--r-- | g10/cipher.c | 4 | ||||
| -rw-r--r-- | g10/encode.c | 2 | ||||
| -rw-r--r-- | g10/encr-data.c | 3 | ||||
| -rw-r--r-- | g10/filter.h | 1 | ||||
| -rw-r--r-- | g10/free-packet.c | 19 | ||||
| -rw-r--r-- | g10/g10.c | 53 | ||||
| -rw-r--r-- | g10/gpgd.c | 2 | ||||
| -rw-r--r-- | g10/hkp.c | 1 | ||||
| -rw-r--r-- | g10/keygen.c | 6 | ||||
| -rw-r--r-- | g10/keyid.c | 8 | ||||
| -rw-r--r-- | g10/main.h | 10 | ||||
| -rw-r--r-- | g10/mainproc.c | 16 | ||||
| -rw-r--r-- | g10/misc.c | 180 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/packet.h | 7 | ||||
| -rw-r--r-- | g10/parse-packet.c | 32 | ||||
| -rw-r--r-- | g10/passphrase.c | 2 | ||||
| -rw-r--r-- | g10/pkclist.c | 2 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 11 | ||||
| -rw-r--r-- | g10/ringedit.c | 1 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 49 | ||||
| -rw-r--r-- | g10/seskey.c | 18 | ||||
| -rw-r--r-- | g10/sig-check.c | 3 | ||||
| -rw-r--r-- | g10/sign.c | 14 | ||||
| -rw-r--r-- | g10/skclist.c | 2 | ||||
| -rw-r--r-- | g10/status.c | 1 |
29 files changed, 329 insertions, 179 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 3ba8449b8..de4fc890c 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,36 @@ +Wed Dec 8 21:58:32 CET 1999 Werner Koch <[email protected]> + + * seckey-cert.c: Removed obsolete mpi_*_protect_flag. + * parse-packet.c: Ditto. + + * misc.c (mpi_read): Removed the secure argumet becuase it is + never used. Changed all Callers. + (mpi_read_opaque): New. + (mpi_write_opaque): New. + * parse-packet.c (parse_key): Use the opaque method also for + v3 keys. + * build-packet.c (do_secret_key): Likewise. + + * g10.c (main): Check libgcrypt version. + + * packet.h: replaced inclusion of mpi.h by a plain typeedef of the + gcry_mpi structure and removed all inclusions of "mpi.h" in all + sources. + + * g10.c: Add --delete-secret-key to the help page. + + * g10.c (main): Changed the default homedir to "~/.gnupg-test" so + that we don't mess up with the stable version. + + * misc.c (mpi_write): New. + (mpi_write): New. + + * misc.c (checksum_u16_nobug): Removed. + (checksum_mpi_counted_nbits): Renamed to ... + (checksum_mpi): ... this to superseed the old one. Changed all + callers. This is because we do not emulate the old gpg bug anymore. + * g10.c (oEmuChecksumBug): Removed. + Fri Nov 19 17:15:20 CET 1999 Werner Koch <[email protected]> * g10.c (register_extension): New... diff --git a/g10/armor.c b/g10/armor.c index 053cae7ff..d595141ba 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -830,19 +830,19 @@ armor_filter( void *opaque, int control, buf[n++] = 0x01; /* sigclass 0x01 (canonical text mode)*/ if( hashes & 1 ) { hashes &= ~1; - buf[n++] = DIGEST_ALGO_RMD160; + buf[n++] = GCRY_MD_RMD160; } else if( hashes & 2 ) { hashes &= ~2; - buf[n++] = DIGEST_ALGO_SHA1; + buf[n++] = GCRY_MD_SHA1; } else if( hashes & 4 ) { hashes &= ~4; - buf[n++] = DIGEST_ALGO_MD5; + buf[n++] = GCRY_MD_MD5; } else if( hashes & 8 ) { hashes &= ~8; - buf[n++] = DIGEST_ALGO_TIGER; + buf[n++] = GCRY_MD_TIGER; } else buf[n++] = 0; /* (don't know) */ diff --git a/g10/build-packet.c b/g10/build-packet.c index eb2608a44..84ca3a8db 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -27,9 +27,8 @@ #include "packet.h" #include "errors.h" #include "iobuf.h" -#include "mpi.h" #include "util.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "memory.h" #include "options.h" #include "main.h" @@ -174,11 +173,11 @@ static void write_fake_data( IOBUF out, MPI a ) { if( a ) { - int i; + size_t i; void *p; - p = mpi_get_opaque( a, &i ); - iobuf_write( out, p, i ); + p = gcry_mpi_get_opaque( a, &i ); + iobuf_write( out, p, (i+7)/8 ); } } @@ -372,13 +371,14 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) iobuf_put(a, 0 ); if( sk->is_protected && sk->version >= 4 ) { byte *p; - assert( mpi_is_opaque( sk->skey[npkey] ) ); - p = mpi_get_opaque( sk->skey[npkey], &i ); - iobuf_write(a, p, i ); + size_t n; + assert( gcry_mpi_get_flag( sk->skey[i], GCRYMPI_FLAG_OPAQUE ) ); + p = gcry_mpi_get_opaque( sk->skey[i], &n ); + iobuf_write(a, p, (n+7)/8 ); } else { for( ; i < nskey; i++ ) - mpi_write(a, sk->skey[i] ); + mpi_write_opaque(a, sk->skey[i] ); write_16(a, sk->csum ); } diff --git a/g10/cipher.c b/g10/cipher.c index 162bbc35f..ef4c86502 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -54,8 +54,8 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) ed.len = cfx->datalen; ed.new_ctb = !ed.len && !opt.rfc1991; if( use_mdc ) { - ed.mdc_method = DIGEST_ALGO_SHA1; - cfx->mdc_hash = gcry_md_open( DIGEST_ALGO_SHA1, 0 ); + ed.mdc_method = GCRY_MD_SHA1; + cfx->mdc_hash = gcry_md_open( GCRY_MD_SHA1, 0 ); /*should we check the function works, or is it better to provide a flag which makes the function die itself ?? FIXME */ /*md_start_debug( cfx->mdc_hash, "mdccreat" );*/ diff --git a/g10/encode.c b/g10/encode.c index e87616d70..15761d09d 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -474,7 +474,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ) frame = encode_session_key( dek, pubkey_nbits( pk->pubkey_algo, pk->pkey ) ); rc = pubkey_encrypt( pk->pubkey_algo, enc->data, frame, pk->pkey ); - mpi_free( frame ); + mpi_release( frame ); if( rc ) log_error("pubkey_encrypt failed: %s\n", g10_errstr(rc) ); else { diff --git a/g10/encr-data.c b/g10/encr-data.c index 7f5b16392..c4c9ff2f0 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -27,8 +27,7 @@ #include "util.h" #include "memory.h" #include "packet.h" -#include "mpi.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "options.h" #include "i18n.h" diff --git a/g10/filter.h b/g10/filter.h index 321a4ca9e..c9ea2f394 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -23,6 +23,7 @@ #include <gcrypt.h> #include "basicdefs.h" +#include "iobuf.h" diff --git a/g10/free-packet.c b/g10/free-packet.c index 4c533d859..93c93de19 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -26,9 +26,8 @@ #include "packet.h" #include "iobuf.h" -#include "mpi.h" #include "util.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "memory.h" #include "options.h" #include "main.h" @@ -45,9 +44,9 @@ free_pubkey_enc( PKT_pubkey_enc *enc ) int n, i; n = pubkey_get_nenc( enc->pubkey_algo ); if( !n ) - mpi_free(enc->data[0]); + mpi_release(enc->data[0]); for(i=0; i < n; i++ ) - mpi_free( enc->data[i] ); + mpi_release( enc->data[i] ); m_free(enc); } @@ -57,9 +56,9 @@ free_seckey_enc( PKT_signature *sig ) int n, i; n = pubkey_get_nsig( sig->pubkey_algo ); if( !n ) - mpi_free(sig->data[0]); + mpi_release(sig->data[0]); for(i=0; i < n; i++ ) - mpi_free( sig->data[i] ); + mpi_release( sig->data[i] ); m_free(sig->hashed_data); m_free(sig->unhashed_data); m_free(sig); @@ -73,9 +72,9 @@ release_public_key_parts( PKT_public_key *pk ) int n, i; n = pubkey_get_npkey( pk->pubkey_algo ); if( !n ) - mpi_free(pk->pkey[0]); + mpi_release(pk->pkey[0]); for(i=0; i < n; i++ ) { - mpi_free( pk->pkey[i] ); + mpi_release( pk->pkey[i] ); pk->pkey[i] = NULL; } if( pk->namehash ) { @@ -180,9 +179,9 @@ release_secret_key_parts( PKT_secret_key *sk ) n = pubkey_get_nskey( sk->pubkey_algo ); if( !n ) - mpi_free(sk->skey[0]); + mpi_release(sk->skey[0]); for(i=0; i < n; i++ ) { - mpi_free( sk->skey[i] ); + mpi_release( sk->skey[i] ); sk->skey[i] = NULL; } } @@ -36,7 +36,6 @@ #include "options.h" #include "keydb.h" #include "trustdb.h" -#include "mpi.h" #include "filter.h" #include "ttyio.h" #include "i18n.h" @@ -200,6 +199,8 @@ static ARGPARSE_OPTS opts[] = { { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, { aKeygen, "gen-key", 256, N_("generate a new key pair")}, { aDeleteKey, "delete-key",256, N_("remove key from the public keyring")}, + { aDeleteSecretKey, "delete-secret-key",256, + N_("remove key from the secret keyring")}, { aSignKey, "sign-key" ,256, N_("sign a key")}, { aLSignKey, "lsign-key" ,256, N_("sign a key locally")}, { aEditKey, "edit-key" ,256, N_("sign or edit a key")}, @@ -299,7 +300,6 @@ static ARGPARSE_OPTS opts[] = { { aListTrustPath, "list-trust-path",0, "@"}, { oKOption, NULL, 0, "@"}, { oPasswdFD, "passphrase-fd",1, "@" }, - { aDeleteSecretKey, "delete-secret-key",0, "@" }, { oNoVerbose, "no-verbose", 0, "@"}, { oTrustDBName, "trustdb-name", 2, "@" }, { oNoSecmemWarn, "no-secmem-warning", 0, "@" }, /* used only by regression tests */ @@ -319,7 +319,6 @@ static ARGPARSE_OPTS opts[] = { { oCompressKeys, "compress-keys",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"}, { oAlwaysTrust, "always-trust", 0, "@"}, - { oEmuChecksumBug, "emulate-checksum-bug", 0, "@"}, { oRunAsShmCP, "run-as-shm-coprocess", 4, "@" }, { oSetFilename, "set-filename", 2, "@" }, { oSetPolicyURL, "set-policy-url", 2, "@" }, @@ -489,6 +488,8 @@ make_username( const char *string ) static void register_extension( const char *mainpgm, const char *fname ) { + #warning fixme add resgitser cipher extension + #if 0 if( *fname != '/' ) { /* do tilde expansion etc */ char *tmp; @@ -501,6 +502,7 @@ register_extension( const char *mainpgm, const char *fname ) } else register_cipher_extension( mainpgm, fname ); + #endif } @@ -512,10 +514,12 @@ set_debug(void) memory_debug_mode = 1; if( opt.debug & DBG_MEMSTAT_VALUE ) memory_stat_debug_mode = 1; + if( opt.debug & DBG_MPI_VALUE ) - mpi_debug_mode = 1; + gcry_control( GCRYCTL_SET_DEBUG_FLAGS, 2 ); if( opt.debug & DBG_CIPHER_VALUE ) - g10c_debug_mode = 1; + gcry_control( GCRYCTL_SET_DEBUG_FLAGS, 1 ); + if( opt.debug & DBG_IOBUF_VALUE ) iobuf_debug_mode = 1; @@ -590,7 +594,14 @@ main( int argc, char **argv ) * secmem_init() somewhere after the option parsing */ log_set_name("gpg"); - secure_random_alloc(); /* put random number into secure memory */ + /* check that the libraries are suitable. Do it here because + * the option parse may need services of the library */ + if ( !gcry_check_version ( "1.1.1" ) ) { + log_fatal(_("libgcrypt is too old (need %s, have %s)\n"), + VERSION, gcry_check_version(NULL) ); + } + + gcry_control( GCRYCTL_USE_SECURE_RNDPOOL ); disable_core_dumps(); init_signals(); create_dotlock(NULL); /* register locking cleanup */ @@ -609,9 +620,9 @@ main( int argc, char **argv ) opt.homedir = getenv("GNUPGHOME"); if( !opt.homedir || !*opt.homedir ) { #ifdef HAVE_DRIVE_LETTERS - opt.homedir = "c:/gnupg"; + opt.homedir = "c:/gnupg-test"; #else - opt.homedir = "~/.gnupg"; + opt.homedir = "~/.gnupg-test"; #endif } @@ -663,6 +674,7 @@ main( int argc, char **argv ) if( default_config ) configname = make_filename(opt.homedir, "options", NULL ); + argc = orig_argc; argv = orig_argv; pargs.argc = &argc; @@ -741,8 +753,10 @@ main( int argc, char **argv ) case oNoTTY: opt.quiet = 1; tty_no_terminal(1); break; case oDryRun: opt.dry_run = 1; break; case oInteractive: opt.interactive = 1; break; - case oVerbose: g10_opt_verbose++; - opt.verbose++; opt.list_sigs=1; break; + case oVerbose: + opt.verbose++; opt.list_sigs=1; + gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose ); + break; case oKOption: set_cmd( &cmd, aKMode ); break; case oBatch: opt.batch = 1; greeting = 0; break; @@ -768,8 +782,10 @@ main( int argc, char **argv ) case oNoArmor: opt.no_armor=1; opt.armor=0; break; case oNoDefKeyring: default_keyring = 0; break; case oNoGreeting: nogreeting = 1; break; - case oNoVerbose: g10_opt_verbose = 0; - opt.verbose = 0; opt.list_sigs=0; break; + case oNoVerbose: + opt.verbose = 0; opt.list_sigs=0; + gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose ); + break; case oNoComment: opt.no_comment=1; break; case oNoVersion: opt.no_version=1; break; case oEmitVersion: opt.no_version=0; break; @@ -823,7 +839,6 @@ main( int argc, char **argv ) opt.s2k_digest_algo = GCRY_MD_RMD160; opt.s2k_cipher_algo = GCRY_CIPHER_BLOWFISH; break; - case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; case oCompressSigs: opt.compress_sigs = 1; break; case oRunAsShmCP: #ifndef USE_SHM_COPROCESSING @@ -950,10 +965,11 @@ main( int argc, char **argv ) secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */ set_debug(); - g10_opt_homedir = opt.homedir; + /* FIXME: should set filenames of libgcrypt explicitly + * g10_opt_homedir = opt.homedir; */ /* must do this after dropping setuid, because string_to... - * may try to load an module */ + * may try to load a module */ if( def_cipher_string ) { opt.def_cipher_algo = gcry_cipher_map_name(def_cipher_string); m_free(def_cipher_string); def_cipher_string = NULL; @@ -1018,7 +1034,7 @@ main( int argc, char **argv ) opt.list_sigs++; opt.verbose = opt.verbose > 1; - g10_opt_verbose = opt.verbose; + gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose ); } @@ -1202,6 +1218,7 @@ main( int argc, char **argv ) case aListSigs: opt.list_sigs = 1; case aListKeys: + /* fixme: we chnaged this in 1.0 */ public_key_list( argc, argv ); break; case aListSecretKeys: @@ -1318,13 +1335,13 @@ main( int argc, char **argv ) mpi_print( stdout, factors[0], 1 ); /* print q */ } else if( mode == 4 && argc == 3 ) { - MPI g = mpi_alloc(1); + MPI g = mpi_new(8); mpi_print( stdout, generate_elg_prime( 0, atoi(argv[1]), atoi(argv[2]), g, NULL ), 1); putchar('\n'); mpi_print( stdout, g, 1 ); - mpi_free(g); + mpi_release(g); } else #endif diff --git a/g10/gpgd.c b/g10/gpgd.c index d68e5a843..6ee87ec8a 100644 --- a/g10/gpgd.c +++ b/g10/gpgd.c @@ -38,7 +38,7 @@ #include <sys/stat.h> #include "util.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "options.h" #include "main.h" @@ -30,6 +30,7 @@ #include "util.h" #include "ttyio.h" #include "i18n.h" +#include "memory.h" #include "options.h" #include "filter.h" #include "http.h" diff --git a/g10/keygen.c b/g10/keygen.c index b4da909f8..2d3c88f43 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -28,7 +28,7 @@ #include "util.h" #include "main.h" #include "packet.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "ttyio.h" #include "options.h" #include "keydb.h" @@ -227,7 +227,7 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, sk->is_protected = 0; sk->protect.algo = 0; - sk->csum = checksum_mpi_counted_nbits( sk->skey[3] ); + sk->csum = checksum_mpi( sk->skey[3] ); if( ret_sk ) /* not a subkey: return an unprotected version of the sk */ *ret_sk = copy_secret_key( NULL, sk ); @@ -306,7 +306,7 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, sk->is_protected = 0; sk->protect.algo = 0; - sk->csum = checksum_mpi_counted_nbits( sk->skey[4] ); + sk->csum = checksum_mpi( sk->skey[4] ); if( ret_sk ) /* not a subkey: return an unprotected version of the sk */ *ret_sk = copy_secret_key( NULL, sk ); diff --git a/g10/keyid.c b/g10/keyid.c index 0c82aa193..ac3e71258 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -28,9 +28,9 @@ #include <gcrypt.h> #include "util.h" #include "main.h" +#include "memory.h" #include "packet.h" #include "options.h" -#include "mpi.h" #include "keydb.h" @@ -353,7 +353,7 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len ) /* RSA in version 3 packets is special */ GCRY_MD_HD md; - md = gcry_md_open( DIGEST_ALGO_MD5, 0); + md = gcry_md_open( GCRY_MD_MD5, 0); if( !md ) BUG(); if( pubkey_get_npkey( pk->pubkey_algo ) > 1 ) { @@ -368,7 +368,7 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len ) if( !array ) array = m_alloc( 16 ); len = 16; - memcpy(array, gcry_md_read(md, DIGEST_ALGO_MD5), 16 ); + memcpy(array, gcry_md_read(md, GCRY_MD_MD5), 16 ); gcry_md_close(md); } else { @@ -399,7 +399,7 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len ) /* RSA in version 3 packets is special */ GCRY_MD_HD md; - md = gcry_md_open( DIGEST_ALGO_MD5, 0); + md = gcry_md_open( GCRY_MD_MD5, 0); if( !md ) BUG(); if( pubkey_get_npkey( sk->pubkey_algo ) > 1 ) { diff --git a/g10/main.h b/g10/main.h index dc5eb32c7..1649a69ef 100644 --- a/g10/main.h +++ b/g10/main.h @@ -23,13 +23,16 @@ #include <gcrypt.h> #include "basicdefs.h" #include "iobuf.h" -#include "mpi.h" #include "keydb.h" #define DEFAULT_CIPHER_ALGO GCRY_CIPHER_BLOWFISH #define DEFAULT_PUBKEY_ALGO GCRY_PUBKEY_ELGAMAL #define DEFAULT_DIGEST_ALGO GCRY_MD_RMD160 +#define is_RSA(a) ((a)==GCRY_PK_RSA || (a)==GCRY_PK_RSA_E \ + || (a)==GCRY_PK_RSA_S ) +#define is_ELGAMAL(a) ((a)==GCRY_PK_ELG || (a)==GCRY_PK_ELG_E) + /*-- g10.c --*/ extern int g10_errors_seen; @@ -52,9 +55,12 @@ void disable_core_dumps(void); u16 checksum_u16( unsigned n ); u16 checksum( byte *p, unsigned n ); u16 checksum_mpi( MPI a ); -u16 checksum_mpi_counted_nbits( MPI a ); u32 buffer_to_u32( const byte *buffer ); +int mpi_write( IOBUF out, GCRY_MPI a ); +GCRY_MPI mpi_read(IOBUF inp, unsigned *ret_nread ); +GCRY_MPI mpi_read_opaque(IOBUF inp, unsigned *ret_nread ); + int openpgp_cipher_test_algo( int algo ); int openpgp_pk_test_algo( int algo, unsigned int usage_flags ); int openpgp_md_test_algo( int algo ); diff --git a/g10/mainproc.c b/g10/mainproc.c index db43e50b3..af26118c7 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -376,7 +376,7 @@ proc_plaintext( CTX c, PACKET *pkt ) gcry_md_enable( c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo ); if( !any && n->pkt->pkt.onepass_sig->digest_algo - == DIGEST_ALGO_MD5 ) + == GCRY_MD_MD5 ) only_md5 = 1; else only_md5 = 0; @@ -400,9 +400,9 @@ proc_plaintext( CTX c, PACKET *pkt ) } } if( !any ) { /* no onepass sig packet: enable all standard algos */ - gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); - gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); - gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); + gcry_md_enable( c->mfx.md, GCRY_MD_RMD160 ); + gcry_md_enable( c->mfx.md, GCRY_MD_SHA1 ); + gcry_md_enable( c->mfx.md, GCRY_MD_MD5 ); } if( only_md5 ) { /* This is a kludge to work around a bug in pgp2. It does only @@ -410,7 +410,7 @@ proc_plaintext( CTX c, PACKET *pkt ) * pgp mails we could see whether there is the signature packet * in front of the plaintext. If someone needs this, send me a patch. */ - if( !(c->mfx.md2 = gcry_md_open( DIGEST_ALGO_MD5, 0)) ) + if( !(c->mfx.md2 = gcry_md_open( GCRY_MD_MD5, 0)) ) BUG(); } #if 0 @@ -1188,13 +1188,13 @@ proc_tree( CTX c, KBNODE node ) free_md_filter_context( &c->mfx ); if( !(c->mfx.md = gcry_md_open(sig->digest_algo, 0)) ) BUG(); - if( sig->digest_algo == DIGEST_ALGO_MD5 + if( sig->digest_algo == GCRY_MD_MD5 && is_RSA( sig->pubkey_algo ) ) { /* enable a workaround for a pgp2 bug */ - if( !(c->mfx.md2 = gcry_md_open( DIGEST_ALGO_MD5, 0 )) ) + if( !(c->mfx.md2 = gcry_md_open( GCRY_MD_MD5, 0 )) ) BUG(); } - else if( sig->digest_algo == DIGEST_ALGO_SHA1 + else if( sig->digest_algo == GCRY_MD_SHA1 && sig->pubkey_algo == GCRY_PK_DSA && sig->sig_class == 0x01 ) { /* enable the workaround also for pgp5 when the detached diff --git a/g10/misc.c b/g10/misc.c index 7e8e85a9e..4d7644f4c 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -34,10 +34,13 @@ #include <gcrypt.h> #include "util.h" #include "main.h" +#include "memory.h" #include "options.h" #include "i18n.h" +#define MAX_EXTERN_MPI_BITS 16384 + #if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2 #warning using trap_unaligned @@ -86,23 +89,140 @@ disable_core_dumps() -u16 -checksum_u16( unsigned n ) +/**************** + * write an mpi to out. + */ +int +mpi_write( IOBUF out, MPI a ) { - u16 a; + char buffer[(MAX_EXTERN_MPI_BITS+7)/8]; + size_t nbytes; + int rc; - a = (n >> 8) & 0xff; - if( opt.emulate_bugs & EMUBUG_GPGCHKSUM ) { - a |= n & 0xff; - log_debug("csum_u16 emulated for n=%u\n", n); + nbytes = (MAX_EXTERN_MPI_BITS+7)/8; + rc = gcry_mpi_print( GCRYMPI_FMT_PGP, buffer, &nbytes, a ); + if( !rc ) + rc = iobuf_write( out, buffer, nbytes ); + + return rc; +} + +/**************** + * Writye a MPI to out, but in this case it is an opaque one, + * s used vor v3 protected keys. + */ +int +mpi_write_opaque( IOBUF out, MPI a ) +{ + size_t nbytes, nbits; + int rc; + + assert( gcry_mpi_get_flag( a, GCRYMPI_FLAG_OPAQUE ) ); + p = gcry_mpi_get_opaque( a, &nbits ); + nbytes = (nbits+7) / 8; + iobuf_put( out, nbits >> 8 ); + iobuf_put( out, nbits ) + rc = iobuf_write( out, p, nbytes ); + return rc; +} + + +/**************** + * Read an external representation of an mpi and return the MPI + * The external format is a 16 bit unsigned value stored in network byte order, + * giving the number of bits for the following integer. The integer is stored + * with MSB first (left padded with zeroes to align on a byte boundary). + */ +MPI +mpi_read(IOBUF inp, unsigned *ret_nread, int secure) +{ + int c, c1, c2, i; + unsigned nbits, nbytes, nread=0; + MPI a = NULL; + byte *buf = NULL; + byte *p; + + if( (c = c1 = iobuf_get(inp)) == -1 ) + goto leave; + nbits = c << 8; + if( (c = c2 = iobuf_get(inp)) == -1 ) + goto leave; + nbits |= c; + if( nbits > MAX_EXTERN_MPI_BITS ) { + log_error("mpi too large (%u bits)\n", nbits); + goto leave; + } + nread = 2; + nbytes = (nbits+7) / 8; + buf = secure? m_alloc_secure( nbytes+2 ) : m_alloc( nbytes+2 ); + p = buf; + p[0] = c1; + p[1] = c2; + for( i=0 ; i < nbytes; i++ ) { + p[i+2] = iobuf_get(inp) & 0xff; + nread++; + } + nread += nbytes; + /* FIXME: replace with the gcry_scan function */ + a = mpi_read_from_buffer( buf, &nread, secure ); + + leave: + m_free(buf); + if( nread > *ret_nread ) + log_bug("mpi larger than packet"); + else + *ret_nread = nread; + return a; +} + +/**************** + * Same as mpi_read but the value is stored as an opaque MPI. + * This function is used to read encrpted MPI of v3 packets. + */ +GCRY_MPI +mpi_read_opaque(IOBUF inp, unsigned *ret_nread ) +{ + int c, c1, c2, i; + unsigned nbits, nbytes, nread=0; + GCRY_MPI a = NULL; + byte *buf = NULL; + byte *p; + + if( (c = c1 = iobuf_get(inp)) == -1 ) + goto leave; + nbits = c << 8; + if( (c = c2 = iobuf_get(inp)) == -1 ) + goto leave; + nbits |= c; + if( nbits > MAX_EXTERN_MPI_BITS ) { + log_error("mpi too large (%u bits)\n", nbits); + goto leave; } + nread = 2; + nbytes = (nbits+7) / 8; + buf = m_alloc( nbytes ); + p = buf; + for( i=0 ; i < nbytes; i++ ) { + p[i] = iobuf_get(inp) & 0xff; + nread++; + } + nread += nbytes; + a = gcry_mpi_set_opaque(NULL, buf, nbits ); + buf = NULL; + + leave: + m_free(buf); + if( nread > *ret_nread ) + log_bug("mpi larger than packet"); else - a += n & 0xff; + *ret_nread = nread; return a; } -static u16 -checksum_u16_nobug( unsigned n ) + + +u16 +checksum_u16( unsigned n ) { u16 a; @@ -130,43 +250,13 @@ checksum_mpi( MPI a ) unsigned nbits; buffer = mpi_get_buffer( a, &nbytes, NULL ); - /* some versions of gpg encode wrong values for the length of an mpi - * so that mpi_get_nbits() which counts the mpi yields another (shorter) - * value than the one store with the mpi. mpi_get_nbit_info() returns - * this stored value if it is still available. - */ - - if( opt.emulate_bugs & EMUBUG_GPGCHKSUM ) - nbits = 0; - else - nbits = mpi_get_nbit_info(a); - if( !nbits ) - nbits = mpi_get_nbits(a); + nbits = mpi_get_nbits(a); csum = checksum_u16( nbits ); csum += checksum( buffer, nbytes ); m_free( buffer ); return csum; } -/**************** - * This is the correct function - */ -u16 -checksum_mpi_counted_nbits( MPI a ) -{ - u16 csum; - byte *buffer; - unsigned nbytes; - unsigned nbits; - - buffer = mpi_get_buffer( a, &nbytes, NULL ); - nbits = mpi_get_nbits(a); - mpi_set_nbit_info(a,nbits); - csum = checksum_u16_nobug( nbits ); - csum += checksum( buffer, nbytes ); - m_free( buffer ); - return csum; -} u32 @@ -213,10 +303,10 @@ print_cipher_algo_note( int algo ) { if( algo >= 100 && algo <= 110 ) no_exp_algo(); - else if( algo == CIPHER_ALGO_3DES - || algo == CIPHER_ALGO_CAST5 - || algo == CIPHER_ALGO_BLOWFISH - || algo == CIPHER_ALGO_TWOFISH + else if( algo == GCRY_CIPHER_3DES + || algo == GCRY_CIPHER_CAST5 + || algo == GCRY_CIPHER_BLOWFISH + || algo == GCRY_CIPHER_TWOFISH ) ; else { diff --git a/g10/options.h b/g10/options.h index 02613e3cc..4a2251052 100644 --- a/g10/options.h +++ b/g10/options.h @@ -86,8 +86,6 @@ struct { } opt; -#define EMUBUG_GPGCHKSUM 1 - #define DBG_PACKET_VALUE 1 /* debug packet reading/writing */ #define DBG_MPI_VALUE 2 /* debug mpi details */ #define DBG_CIPHER_VALUE 4 /* debug cipher handling */ diff --git a/g10/packet.h b/g10/packet.h index 17893875f..8e0c8c7e1 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -23,10 +23,13 @@ #include "types.h" #include "iobuf.h" -#include "mpi.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "filter.h" +#ifndef DID_MPI_TYPEDEF + typedef struct gcry_mpi *MPI; + #define DID_MPI_TYPEDEF +#endif #define GNUPG_MAX_NPKEY 4 #define GNUPG_MAX_NSKEY 6 diff --git a/g10/parse-packet.c b/g10/parse-packet.c index e261b5366..e4e9fdd51 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -26,9 +26,8 @@ #include "packet.h" #include "iobuf.h" -#include "mpi.h" #include "util.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "memory.h" #include "filter.h" #include "options.h" @@ -98,7 +97,7 @@ set_packet_list_mode( int mode ) { int old = list_mode; list_mode = mode; - mpi_print_mode = DBG_MPI; + mpi_print_mode = (opt.debug & DBG_MPI_VALUE); return old; } @@ -1133,7 +1132,8 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, unknown_pubkey_warning( sig->pubkey_algo ); /* we store the plain material in data[0], so that we are able * to write it back with build_packet() */ - sig->data[0] = mpi_set_opaque(NULL, read_rest(inp, pktlen), pktlen ); + sig->data[0] = gcry_mpi_set_opaque(NULL, + read_rest(inp, pktlen), pktlen*8 ); pktlen = 0; } else { @@ -1292,8 +1292,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, byte temp[16]; if( !npkey ) { - sk->skey[0] = mpi_set_opaque( NULL, - read_rest(inp, pktlen), pktlen ); + sk->skey[0] = gcry_mpi_set_opaque( NULL, + read_rest(inp, pktlen), pktlen*8 ); pktlen = 0; goto leave; } @@ -1368,7 +1368,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, } else { /* old version; no S2K, so we set mode to 0, hash MD5 */ sk->protect.s2k.mode = 0; - sk->protect.s2k.hash_algo = DIGEST_ALGO_MD5; + sk->protect.s2k.hash_algo = GCRY_MD_MD5; if( list_mode ) printf( "\tprotect algo: %d (hash algo: %d)\n", sk->protect.algo, sk->protect.s2k.hash_algo ); @@ -1412,9 +1412,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, if( is_v4 && sk->is_protected ) { /* ugly; the length is encrypted too, so we read all * stuff up to the end of the packet into the first - * skey element */ - sk->skey[npkey] = mpi_set_opaque(NULL, - read_rest(inp, pktlen), pktlen ); + * skey element (which is the one indexed by npkey) */ + sk->skey[npkey] = gcry_mpi_set_opaque(NULL, + read_rest(inp, pktlen), pktlen*8 ); pktlen = 0; if( list_mode ) { printf("\tencrypted stuff follows\n"); @@ -1422,9 +1422,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, } else { /* v3 method: the mpi length is not encrypted */ for(i=npkey; i < nskey; i++ ) { - n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; - if( sk->is_protected ) - mpi_set_protect_flag(sk->skey[i]); + n = pktlen; + sk->skey[i] = mpi_read_opaque(inp, &n, 0 ); + pktlen -=n; if( list_mode ) { printf( "\tskey[%d]: ", i); if( sk->is_protected ) @@ -1446,8 +1446,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, PKT_public_key *pk = pkt->pkt.public_key; if( !npkey ) { - pk->pkey[0] = mpi_set_opaque( NULL, - read_rest(inp, pktlen), pktlen ); + pk->pkey[0] = gcry_mpi_set_opaque( NULL, + read_rest(inp, pktlen), pktlen*8 ); pktlen = 0; goto leave; } @@ -1635,7 +1635,7 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, goto leave; } method = iobuf_get_noeof(inp); pktlen--; - if( method != DIGEST_ALGO_SHA1 ) { + if( method != GCRY_MD_SHA1 ) { log_error("encrypted_mdc does not use SHA1 method\n" ); goto leave; } diff --git a/g10/passphrase.c b/g10/passphrase.c index 49b7a60c2..ae937e26d 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -28,7 +28,7 @@ #include "memory.h" #include "options.h" #include "ttyio.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "keydb.h" #include "main.h" #include "i18n.h" diff --git a/g10/pkclist.c b/g10/pkclist.c index 6eae1f024..4f47e5563 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -908,7 +908,7 @@ static int algo_available( int preftype, int algo ) { if( preftype == PREFTYPE_SYM ) { - if( algo == CIPHER_ALGO_TWOFISH ) + if( algo == GCRY_CIPHER_TWOFISH ) return 0; /* we don't want to generate Twofish messages for now*/ return algo && !openpgp_cipher_test_algo( algo ); } diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index f11e6f12a..94fe2777b 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -27,10 +27,9 @@ #include "memory.h" #include "packet.h" #include "main.h" -#include "mpi.h" #include "keydb.h" #include "trustdb.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "status.h" #include "options.h" #include "i18n.h" @@ -110,7 +109,7 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) if( rc ) goto leave; frame = mpi_get_buffer( plain_dek, &nframe, NULL ); - mpi_free( plain_dek ); plain_dek = NULL; + mpi_release( plain_dek ); plain_dek = NULL; /* Now get the DEK (data encryption key) from the frame * @@ -129,7 +128,7 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) * DEK is the encryption key (session key) with length k * CSUM */ - if( DBG_CIPHER ) + if( (opt.debug & DBG_CIPHER_VALUE) ) log_hexdump("DEK frame:", frame, nframe ); n=0; if( n + 7 > nframe ) @@ -171,7 +170,7 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) rc = G10ERR_WRONG_SECKEY; goto leave; } - if( DBG_CIPHER ) + if( (opt.debug & DBG_CIPHER_VALUE) ) log_hexdump("DEK is:", dek->key, dek->keylen ); /* check that the algo is in the preferences */ { @@ -197,7 +196,7 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) } leave: - mpi_free(plain_dek); + mpi_release(plain_dek); m_free(frame); return rc; } diff --git a/g10/ringedit.c b/g10/ringedit.c index 7db1b0b6b..b5eedd6ef 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -54,7 +54,6 @@ #include "util.h" #include "packet.h" #include "memory.h" -#include "mpi.h" #include "iobuf.h" #include "keydb.h" #include "host2net.h" diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index a0e41eea9..b228bc9c8 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -28,7 +28,6 @@ #include "util.h" #include "memory.h" #include "packet.h" -#include "mpi.h" #include "keydb.h" #include "main.h" #include "options.h" @@ -84,15 +83,17 @@ do_check( PKT_secret_key *sk ) log_fatal("set IV failed: %s\n", gcry_strerror(-1) ); csum = 0; if( sk->version >= 4 ) { - int ndata; + size_t ndata; + unsigned int ndatabits; byte *p, *data; i = pubkey_get_npkey(sk->pubkey_algo); - assert( mpi_is_opaque( sk->skey[i] ) ); - p = mpi_get_opaque( sk->skey[i], &ndata ); + assert( gcry_mpi_get_flag( sk->skey[i], GCRYMPI_FLAG_OPAQUE ) ); + p = gcry_mpi_get_opaque( sk->skey[i], &ndatabits ); + ndata = (ndatabits+7)/8; data = m_alloc_secure( ndata ); gcry_cipher_decrypt( cipher_hd, data, ndata, p, ndata ); - mpi_free( sk->skey[i] ); sk->skey[i] = NULL ; + mpi_release( sk->skey[i] ); sk->skey[i] = NULL ; p = data; if( ndata < 2 ) { log_error("not enough bytes for checksum\n"); @@ -104,11 +105,12 @@ do_check( PKT_secret_key *sk ) sk->csum = data[ndata-2] << 8 | data[ndata-1]; } /* must check it here otherwise the mpi_read_xx would fail - * because the length das an abritary value */ + * because the length may have an arbitrary value */ if( sk->csum == csum ) { for( ; i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { nbytes = ndata; sk->skey[i] = mpi_read_from_buffer(p, &nbytes, 1 ); + /* fixme: replace by mpi_scan */ ndata -= nbytes; p += nbytes; } @@ -118,18 +120,24 @@ do_check( PKT_secret_key *sk ) else { for(i=pubkey_get_npkey(sk->pubkey_algo); i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { - buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL ); + size_t ndata; + unsigned int ndatabits; + byte *p, *data; + + assert( gcry_mpi_get_flag( sk->skey[i], GCRYMPI_FLAG_OPAQUE ) ); + p = gcry_mpi_get_opaque( sk->skey[i], &ndatabits ); + ndata = (ndatabits+7)/8; + data = m_alloc_secure( ndata ); gcry_cipher_sync( cipher_hd ); - assert( mpi_is_protected(sk->skey[i]) ); - gcry_cipher_decrypt( cipher_hd, buffer, nbytes, NULL, 0 ); - mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 ); - mpi_clear_protect_flag( sk->skey[i] ); + gcry_cipher_decrypt( cipher_hd, data, ndata, p, ndata ); + mpi_release( sk->skey[i] ); sk->skey[i] = NULL ; + + res = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_USG, + data, &ndata ); + csum += checksum_mpi( sk->skey[i] ); m_free( buffer ); } - if( opt.emulate_bugs & EMUBUG_GPGCHKSUM ) { - csum = sk->csum; - } } gcry_cipher_close( cipher_hd ); /* now let's see whether we have used the right passphrase */ @@ -261,6 +269,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) gcry_randomize(sk->protect.iv, sk->protect.ivlen, GCRY_STRONG_RANDOM); gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); + #warning FIXME: replace set/get buffer if( sk->version >= 4 ) { #define NMPIS (GNUPG_MAX_NSKEY - GNUPG_MAX_NPKEY) byte *bufarr[NMPIS]; @@ -271,7 +280,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) for(j=0, i = pubkey_get_npkey(sk->pubkey_algo); i < pubkey_get_nskey(sk->pubkey_algo); i++, j++ ) { - assert( !mpi_is_opaque( sk->skey[i] ) ); + assert( !gcry_mpi_get_flag( sk->skey[i], GCRYMPI_FLAG_OPAQUE ) ); bufarr[j] = mpi_get_buffer( sk->skey[i], &narr[j], NULL ); nbits[j] = mpi_get_nbits( sk->skey[i] ); ndata += narr[j] + 2; @@ -299,25 +308,25 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) gcry_cipher_encrypt( cipher_hd, data, ndata, NULL, 0 ); for(i = pubkey_get_npkey(sk->pubkey_algo); i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { - mpi_free( sk->skey[i] ); + mpi_release( sk->skey[i] ); sk->skey[i] = NULL; } i = pubkey_get_npkey(sk->pubkey_algo); - sk->skey[i] = mpi_set_opaque(NULL, data, ndata ); + sk->skey[i] = gcry_mpi_set_opaque(NULL, data, ndata*8 ); } else { /* NOTE: we always recalculate the checksum because there * are some test releases which calculated it wrong */ + #warning FIXME: Replace this code csum = 0; for(i=pubkey_get_npkey(sk->pubkey_algo); i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { - csum += checksum_mpi_counted_nbits( sk->skey[i] ); + csum += checksum_mpi( sk->skey[i] ); buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL ); gcry_cipher_sync( cipher_hd ); - assert( !mpi_is_protected(sk->skey[i]) ); + assert( !mpi_is_opaque(sk->skey[i]) ); gcry_cipher_encrypt( cipher_hd, buffer, nbytes, NULL, 0 ); mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 ); - mpi_set_protect_flag( sk->skey[i] ); m_free( buffer ); } sk->csum = csum; diff --git a/g10/seskey.c b/g10/seskey.c index 19f40636f..eac15c41f 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -26,10 +26,10 @@ #include <gcrypt.h> #include "util.h" -#include "cipher.h" -#include "mpi.h" +#include "dummy-cipher.h" #include "main.h" #include "i18n.h" +#include "memory.h" /**************** @@ -144,7 +144,7 @@ encode_session_key( DEK *dek, unsigned nbits ) frame[n++] = csum >>8; frame[n++] = csum; assert( n == nframe ); - a = mpi_alloc_secure( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ); + a = mpi_secure_new( nframe ); mpi_set_buffer( a, frame, nframe, 0 ); m_free(frame); return a; @@ -182,9 +182,7 @@ do_encode_md( GCRY_MD_HD md, int algo, size_t len, unsigned nbits, memcpy( frame+n, asn, asnlen ); n += asnlen; memcpy( frame+n, gcry_md_read(md, algo), len ); n += len; assert( n == nframe ); - a = gcry_md_is_secure(md)? - mpi_alloc_secure( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ) - : mpi_alloc( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ); + a = gcry_md_is_secure(md)? mpi_secure_new( nframe ) : mpi_new( nframe ); mpi_set_buffer( a, frame, nframe, 0 ); m_free(frame); return a; @@ -198,11 +196,9 @@ encode_md_value( int pubkey_algo, GCRY_MD_HD md, int hash_algo, unsigned nbits ) MPI frame; if( pubkey_algo == GCRY_PK_DSA ) { - frame = gcry_md_is_secure(md)? mpi_alloc_secure( - (gcry_md_get_algo_dlen(hash_algo) - +BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ) - : mpi_alloc((gcry_md_get_algo_dlen(hash_algo) - +BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ); + frame = gcry_md_is_secure(md)? + mpi_secure_new( gcry_md_get_algo_dlen(hash_algo) ) + : mpi_new( gcry_md_get_algo_dlen(hash_algo) ); mpi_set_buffer( frame, gcry_md_read(md, hash_algo), gcry_md_get_algo_dlen(hash_algo), 0 ); } diff --git a/g10/sig-check.c b/g10/sig-check.c index 03477b537..4fbf0808c 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -28,7 +28,6 @@ #include "util.h" #include "packet.h" #include "memory.h" -#include "mpi.h" #include "keydb.h" #include "main.h" #include "status.h" @@ -452,7 +451,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, GCRY_MD_HD digest ) ctx.md = digest; rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey, cmp_help, &ctx ); - mpi_free( result ); + mpi_release( result ); if( !rc && sig->flags.unknown_critical ) { log_info(_("assuming bad signature due to an unknown critical bit\n")); rc = G10ERR_BAD_SIGN; diff --git a/g10/sign.c b/g10/sign.c index d278945a3..d65e0e2d1 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -181,7 +181,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, frame = encode_md_value( sk->pubkey_algo, md, digest_algo, mpi_get_nbits(sk->skey[0])); rc = pk_sign( sk->pubkey_algo, sig->data, frame, sk->skey ); - mpi_free(frame); + mpi_release(frame); if( rc ) log_error(_("signing failed: %s\n"), g10_errstr(rc) ); else { @@ -217,9 +217,9 @@ hash_for(int pubkey_algo ) if( opt.def_digest_algo ) return opt.def_digest_algo; if( pubkey_algo == GCRY_PK_DSA ) - return DIGEST_ALGO_SHA1; + return GCRY_MD_SHA1; if( pubkey_algo == GCRY_PK_RSA ) - return DIGEST_ALGO_MD5; + return GCRY_MD_MD5; return DEFAULT_DIGEST_ALGO; } @@ -645,7 +645,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - if( hash_for(sk->pubkey_algo) == DIGEST_ALGO_MD5 ) + if( hash_for(sk->pubkey_algo) == GCRY_MD_MD5 ) only_md5 = 1; else { only_md5 = 0; @@ -813,10 +813,10 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, || sigclass == 0x30 || sigclass == 0x28 ); if( !digest_algo ) { switch( sk->pubkey_algo ) { - case GCRY_PK_DSA: digest_algo = DIGEST_ALGO_SHA1; break; + case GCRY_PK_DSA: digest_algo = GCRY_MD_SHA1; break; case GCRY_PK_RSA_S: - case GCRY_PK_RSA: digest_algo = DIGEST_ALGO_MD5; break; - default: digest_algo = DIGEST_ALGO_RMD160; break; + case GCRY_PK_RSA: digest_algo = GCRY_MD_MD5; break; + default: digest_algo = GCRY_MD_RMD160; break; } } if( !(md = gcry_md_open( digest_algo, 0 ))) diff --git a/g10/skclist.c b/g10/skclist.c index 381601e90..be9769185 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -33,7 +33,7 @@ #include "memory.h" #include "util.h" #include "i18n.h" -#include "cipher.h" +#include "dummy-cipher.h" #include "main.h" diff --git a/g10/status.c b/g10/status.c index 9f1c5a669..079c0dbd9 100644 --- a/g10/status.c +++ b/g10/status.c @@ -43,6 +43,7 @@ #include "ttyio.h" #include "options.h" #include "main.h" +#include "memory.h" #include "i18n.h" static int fd = -1; |