diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 14 | ||||
| -rw-r--r-- | g10/gpg.c | 71 | ||||
| -rw-r--r-- | g10/keydb.h | 1 | ||||
| -rw-r--r-- | g10/keygen.c | 8 | ||||
| -rw-r--r-- | g10/keyserver-internal.h | 2 | ||||
| -rw-r--r-- | g10/mainproc.c | 7 | ||||
| -rw-r--r-- | g10/packet.h | 56 | ||||
| -rw-r--r-- | g10/skclist.c | 27 |
8 files changed, 79 insertions, 107 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 426dd8ca6..03a97363f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,17 @@ +2006-08-21 Werner Koch <[email protected]> + + * skclist.c (random_is_faked): Implemented. + (is_insecure): Also test for the old uppercase version of the + insecure string. + * gpg.c (main): Renamed --quick-random to debug-quick-quick-random. + + * gpg.c (print_mds): Do not use the USE_SHA macros. + + * mainproc.c (proc_encrypted): Remove assign inside condition for + better readibility. + + * packet.h: Moved consts to new header ../common/openpgpdefs.h. + 2006-08-16 Werner Koch <[email protected]> * keyserver.c (GPGKEYS_PREFIX): Rename to gpg2keys_. This is so @@ -568,7 +568,7 @@ static ARGPARSE_OPTS opts[] = { { oPasswdFile, "passphrase-file",2, "@" }, { oCommandFD, "command-fd",1, "@" }, { oCommandFile, "command-file",2, "@" }, - { oQuickRandom, "quick-random", 0, "@"}, + { oQuickRandom, "debug-quick-random", 0, "@"}, { oNoVerbose, "no-verbose", 0, "@"}, { oTrustDBName, "trustdb-name", 2, "@" }, { oNoSecmemWarn, "no-secmem-warning", 0, "@" }, @@ -2152,8 +2152,9 @@ main (int argc, char **argv ) gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); opt.list_sigs=0; break; - /* Disabled for now: - case oQuickRandom: quick_random_gen(1); break;*/ + case oQuickRandom: + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + break; case oEmitVersion: opt.no_version=0; break; case oNoEmitVersion: opt.no_version=1; break; case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break; @@ -2162,17 +2163,17 @@ main (int argc, char **argv ) case oTrustDBName: trustdb_name = pargs.r.ret_str; break; case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break; case oDefRecipient: - if( *pargs.r.ret_str ) - opt.def_recipient = make_username(pargs.r.ret_str); - break; + if( *pargs.r.ret_str ) + opt.def_recipient = make_username(pargs.r.ret_str); + break; case oDefRecipientSelf: - xfree(opt.def_recipient); opt.def_recipient = NULL; - opt.def_recipient_self = 1; - break; + xfree(opt.def_recipient); opt.def_recipient = NULL; + opt.def_recipient_self = 1; + break; case oNoDefRecipient: - xfree(opt.def_recipient); opt.def_recipient = NULL; - opt.def_recipient_self = 0; - break; + xfree(opt.def_recipient); opt.def_recipient = NULL; + opt.def_recipient_self = 0; + break; case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */ case oHomedir: break; case oNoBatch: opt.batch = 0; break; @@ -4031,14 +4032,14 @@ print_mds( const char *fname, int algo ) gcry_md_enable (md, GCRY_MD_MD5); gcry_md_enable (md, GCRY_MD_SHA1); gcry_md_enable (md, GCRY_MD_RMD160); -#ifdef USE_SHA256 - gcry_md_enable (md, DIGEST_ALGO_SHA224); - gcry_md_enable (md, GCRY_MD_SHA256); -#endif -#ifdef USE_SHA512 - gcry_md_enable (md, GCRY_MD_SHA384); - gcry_md_enable (md, GCRY_MD_SHA512); -#endif + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224)) + gcry_md_enable (md, DIGEST_ALGO_SHA224); + if (!openpgp_md_test_algo (GCRY_MD_SHA256)) + gcry_md_enable (md, GCRY_MD_SHA256); + if (!openpgp_md_test_algo (GCRY_MD_SHA384)) + gcry_md_enable (md, GCRY_MD_SHA384); + if (!openpgp_md_test_algo (GCRY_MD_SHA512)) + gcry_md_enable (md, GCRY_MD_SHA512); } while( (n=fread( buf, 1, DIM(buf), fp )) ) @@ -4054,15 +4055,14 @@ print_mds( const char *fname, int algo ) print_hashline( md, GCRY_MD_MD5, fname ); print_hashline( md, GCRY_MD_SHA1, fname ); print_hashline( md, GCRY_MD_RMD160, fname ); -#ifdef USE_SHA256 - if (!gcry_md_test_algo (DIGEST_ALGO_SHA224) + if (!gcry_md_test_algo (DIGEST_ALGO_SHA224)) print_hashline (md, DIGEST_ALGO_SHA224, fname); - print_hashline( md, GCRY_MD_SHA256, fname ); -#endif -#ifdef USE_SHA512 - print_hashline( md, GCRY_MD_SHA384, fname ); - print_hashline( md, GCRY_MD_SHA512, fname ); -#endif + if (!gcry_md_test_algo (GCRY_MD_SHA256)) + print_hashline( md, GCRY_MD_SHA256, fname ); + if (!gcry_md_test_algo (GCRY_MD_SHA384)) + print_hashline ( md, GCRY_MD_SHA384, fname ); + if (!gcry_md_test_algo (GCRY_MD_SHA512)) + print_hashline ( md, GCRY_MD_SHA512, fname ); } } else { @@ -4072,15 +4072,14 @@ print_mds( const char *fname, int algo ) print_hex( md, GCRY_MD_MD5, fname ); print_hex( md, GCRY_MD_SHA1, fname ); print_hex( md, GCRY_MD_RMD160, fname ); -#ifdef USE_SHA256 - if (!gcry_md_test_algo (DIGEST_ALGO_SHA224) + if (!gcry_md_test_algo (DIGEST_ALGO_SHA224)) print_hex (md, DIGEST_ALGO_SHA224, fname); - print_hex( md, GCRY_MD_SHA256, fname ); -#endif -#ifdef USE_SHA512 - print_hex( md, GCRY_MD_SHA384, fname ); - print_hex( md, GCRY_MD_SHA512, fname ); -#endif + if (!gcry_md_test_algo (GCRY_MD_SHA256)) + print_hex( md, GCRY_MD_SHA256, fname ); + if (!gcry_md_test_algo (GCRY_MD_SHA384)) + print_hex( md, GCRY_MD_SHA384, fname ); + if (!gcry_md_test_algo (GCRY_MD_SHA512)) + print_hex( md, GCRY_MD_SHA512, fname ); } } } diff --git a/g10/keydb.h b/g10/keydb.h index f48acd3c6..b58512068 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -190,6 +190,7 @@ int select_algo_from_prefs( PK_LIST pk_list, int preftype, int select_mdc_from_pklist (PK_LIST pk_list); /*-- skclist.c --*/ +int random_is_faked (void); void release_sk_list( SK_LIST sk_list ); int build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, unsigned use ); diff --git a/g10/keygen.c b/g10/keygen.c index 063c775e9..32bccbb5f 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1949,11 +1949,9 @@ ask_user_id( int mode ) if( *amail ) p = stpcpy(stpcpy(stpcpy(p," <"), amail),">"); - /* append a warning if we do not have dev/random - * or it is switched into quick testmode */ - /* FIXME: see skclist.c:random_is_faked */ - /* if( quick_random_gen(-1) ) */ - /* strcpy(p, " (INSECURE!)" ); */ + /* Append a warning if the RNG is switched into fake mode. */ + if ( random_is_faked () ) + strcpy(p, " (insecure!)" ); /* print a note in case that UTF8 mapping has to be done */ for(p=uid; *p; p++ ) { diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h index a5e6e8c37..fe08a6b71 100644 --- a/g10/keyserver-internal.h +++ b/g10/keyserver-internal.h @@ -23,7 +23,7 @@ #define _KEYSERVER_INTERNAL_H_ #include <time.h> -#include "keyserver.h" +#include "../common/keyserver.h" #include "../common/iobuf.h" #include "types.h" diff --git a/g10/mainproc.c b/g10/mainproc.c index ca5ea9ade..45d9d34a5 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -508,8 +508,9 @@ proc_encrypted( CTX c, PACKET *pkt ) } else { - /* assume this is old style conventional encrypted data */ - if ( (algo = opt.def_cipher_algo)) + /* Assume this is old style conventional encrypted data. */ + algo = opt.def_cipher_algo; + if ( algo ) log_info (_("assuming %s encrypted data\n"), gcry_cipher_algo_name (algo)); else if ( gcry_cipher_test_algo (CIPHER_ALGO_IDEA) ) @@ -680,6 +681,8 @@ proc_plaintext( CTX c, PACKET *pkt ) } rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); + if (rc) + log_debug ("handle_plaintext failed: err=%d\n", rc); if( gpg_err_code (rc) == GPG_ERR_ENOENT && !c->sigs_only) { #warning We need to change the test for the error code diff --git a/g10/packet.h b/g10/packet.h index 54eeda1a9..2aaf3b902 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -28,32 +28,10 @@ #include "../jnlib/strlist.h" #include "cipher.h" #include "filter.h" +#include "../common/openpgpdefs.h" #define DEBUG_PARSE_PACKET 1 -typedef enum { - PKT_NONE =0, - PKT_PUBKEY_ENC =1, /* public key encrypted packet */ - PKT_SIGNATURE =2, /* secret key encrypted packet */ - PKT_SYMKEY_ENC =3, /* session key packet (OpenPGP)*/ - PKT_ONEPASS_SIG =4, /* one pass sig packet (OpenPGP)*/ - PKT_SECRET_KEY =5, /* secret key */ - PKT_PUBLIC_KEY =6, /* public key */ - PKT_SECRET_SUBKEY =7, /* secret subkey (OpenPGP) */ - PKT_COMPRESSED =8, /* compressed data packet */ - PKT_ENCRYPTED =9, /* conventional encrypted data */ - PKT_MARKER =10, /* marker packet (OpenPGP) */ - PKT_PLAINTEXT =11, /* plaintext data with filename and mode */ - PKT_RING_TRUST =12, /* keyring trust packet */ - PKT_USER_ID =13, /* user id packet */ - PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */ - PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */ - PKT_ATTRIBUTE =17, /* PGP's attribute packet */ - PKT_ENCRYPTED_MDC =18, /* integrity protected encrypted data */ - PKT_MDC =19, /* manipulation detection code packet */ - PKT_COMMENT =61, /* new comment packet (private) */ - PKT_GPG_CONTROL =63 /* internal control packet */ -} pkttype_t; typedef struct packet_struct PACKET; @@ -373,38 +351,6 @@ struct packet_struct { (a)->pkt.generic = NULL; \ } while(0) -typedef enum { - SIGSUBPKT_TEST_CRITICAL=-3, - SIGSUBPKT_LIST_UNHASHED=-2, - SIGSUBPKT_LIST_HASHED =-1, - SIGSUBPKT_NONE = 0, - SIGSUBPKT_SIG_CREATED = 2, /* signature creation time */ - SIGSUBPKT_SIG_EXPIRE = 3, /* signature expiration time */ - SIGSUBPKT_EXPORTABLE = 4, /* exportable */ - SIGSUBPKT_TRUST = 5, /* trust signature */ - SIGSUBPKT_REGEXP = 6, /* regular expression */ - SIGSUBPKT_REVOCABLE = 7, /* revocable */ - SIGSUBPKT_KEY_EXPIRE = 9, /* key expiration time */ - SIGSUBPKT_ARR =10, /* additional recipient request */ - SIGSUBPKT_PREF_SYM =11, /* preferred symmetric algorithms */ - SIGSUBPKT_REV_KEY =12, /* revocation key */ - SIGSUBPKT_ISSUER =16, /* issuer key ID */ - SIGSUBPKT_NOTATION =20, /* notation data */ - SIGSUBPKT_PREF_HASH =21, /* preferred hash algorithms */ - SIGSUBPKT_PREF_COMPR =22, /* preferred compression algorithms */ - SIGSUBPKT_KS_FLAGS =23, /* key server preferences */ - SIGSUBPKT_PREF_KS =24, /* preferred key server */ - SIGSUBPKT_PRIMARY_UID =25, /* primary user id */ - SIGSUBPKT_POLICY =26, /* policy URL */ - SIGSUBPKT_KEY_FLAGS =27, /* key flags */ - SIGSUBPKT_SIGNERS_UID =28, /* signer's user id */ - SIGSUBPKT_REVOC_REASON =29, /* reason for revocation */ - SIGSUBPKT_FEATURES =30, /* feature flags */ - - SIGSUBPKT_SIGNATURE =32, /* embedded signature */ - - SIGSUBPKT_FLAG_CRITICAL=128 -} sigsubpkttype_t; struct notation { diff --git a/g10/skclist.c b/g10/skclist.c index d8f3b2dc1..d9a9d5e9f 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -35,16 +35,26 @@ #include "i18n.h" #include "cipher.h" +#ifndef GCRYCTL_FAKED_RANDOM_P +#define GCRYCTL_FAKED_RANDOM_P 51 +#endif -/* There is currently no way to get the status of the quick random - generator flag from libgcrypt and it is not clear whether this - faked RNG is really a good idea. Thus for now we use this stub - function but we should consider to entirely remove this fake RNG - stuff. */ -static int +/* Return true if Libgcrypt's RNG is in faked mode. */ +int random_is_faked (void) { - return 0; + /* We use a runtime check to allow for slow migrattion of libgcrypt. + We can't use the constant becuase that one is actually an enum + value. */ + gpg_error_t err = gcry_control ( 51 /*GCRYCTL_FAKED_RANDOM_P*/, 0); + + if (!err) + return 0; + if (gpg_err_code (err) != GPG_ERR_INV_OP) + return 1; + log_info ("WARNING: libgcrypt too old.\n"); + log_info (" can't check whether we are in faked RNG mode\n"); + return 0; /* Need to return false. */ } @@ -82,7 +92,8 @@ is_insecure( PKT_secret_key *sk ) continue; /* skip attribute packets */ if ( strstr( id->name, "(insecure!)" ) || strstr( id->name, "not secure" ) - || strstr( id->name, "do not use" ) ) { + || strstr( id->name, "do not use" ) + || strstr( id->name, "(INSECURE!)" ) ) { insecure = 1; break; } |