diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/gpg.c | 58 | ||||
| -rw-r--r-- | g10/keygen.c | 11 | ||||
| -rw-r--r-- | g10/main.h | 8 | ||||
| -rw-r--r-- | g10/mainproc.c | 9 | ||||
| -rw-r--r-- | g10/misc.c | 77 | ||||
| -rw-r--r-- | g10/pkclist.c | 111 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 12 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 13 | ||||
| -rw-r--r-- | g10/status.c | 1 | ||||
| -rw-r--r-- | g10/status.h | 3 |
10 files changed, 107 insertions, 196 deletions
@@ -1134,8 +1134,6 @@ rm_group(char *name) directory is group or other writable or not owned by us. Disable exec in this case. - 2) Extensions. Same as #1. - Returns true if the item is unsafe. */ static int check_permissions(const char *path,int item) @@ -1152,16 +1150,7 @@ check_permissions(const char *path,int item) assert(item==0 || item==1 || item==2); - /* extensions may attach a path */ - if(item==2 && path[0]!=DIRSEP_C) - { - if(strchr(path,DIRSEP_C)) - tmppath=make_filename(path,NULL); - else - tmppath=make_filename(GNUPG_LIBDIR,path,NULL); - } - else - tmppath=xstrdup(path); + tmppath=xstrdup(path); /* If the item is located in the homedir, but isn't the homedir, don't continue if we already checked the homedir itself. This is @@ -1218,9 +1207,9 @@ check_permissions(const char *path,int item) homedir_cache=ret; } } - else if(item==1 || item==2) + else if(item==1) { - /* The options or extension file. Okay unless it or its + /* The options file. Okay unless it or its containing directory is group or other writable or not owned by us or root. */ @@ -1271,48 +1260,36 @@ check_permissions(const char *path,int item) if(item==0) log_info(_("WARNING: unsafe ownership on" " homedir `%s'\n"),tmppath); - else if(item==1) - log_info(_("WARNING: unsafe ownership on" - " configuration file `%s'\n"),tmppath); else log_info(_("WARNING: unsafe ownership on" - " extension `%s'\n"),tmppath); + " configuration file `%s'\n"),tmppath); } if(perm) { if(item==0) log_info(_("WARNING: unsafe permissions on" " homedir `%s'\n"),tmppath); - else if(item==1) - log_info(_("WARNING: unsafe permissions on" - " configuration file `%s'\n"),tmppath); else log_info(_("WARNING: unsafe permissions on" - " extension `%s'\n"),tmppath); + " configuration file `%s'\n"),tmppath); } if(enc_dir_own) { if(item==0) log_info(_("WARNING: unsafe enclosing directory ownership on" " homedir `%s'\n"),tmppath); - else if(item==1) - log_info(_("WARNING: unsafe enclosing directory ownership on" - " configuration file `%s'\n"),tmppath); else log_info(_("WARNING: unsafe enclosing directory ownership on" - " extension `%s'\n"),tmppath); + " configuration file `%s'\n"),tmppath); } if(enc_dir_perm) { if(item==0) log_info(_("WARNING: unsafe enclosing directory permissions on" " homedir `%s'\n"),tmppath); - else if(item==1) - log_info(_("WARNING: unsafe enclosing directory permissions on" - " configuration file `%s'\n"),tmppath); else log_info(_("WARNING: unsafe enclosing directory permissions on" - " extension `%s'\n"),tmppath); + " configuration file `%s'\n"),tmppath); } } @@ -2318,19 +2295,7 @@ main (int argc, char **argv ) } break; case oLoadExtension: -#ifndef __riscos__ -#if defined(USE_DYNAMIC_LINKING) || defined(_WIN32) - if(check_permissions(pargs.r.ret_str,2)) - log_info(_("cipher extension `%s' not loaded due to" - " unsafe permissions\n"),pargs.r.ret_str); - else - register_cipher_extension(orig_argc? *orig_argv:NULL, - pargs.r.ret_str); -#endif -#else /* __riscos__ */ - riscos_not_implemented("load-extension"); -#endif /* __riscos__ */ - break; + break; /* This is a dummy option since 1.4.13. */ case oRFC1991: opt.compliance = CO_RFC1991; opt.force_v4_certs = 0; @@ -3037,7 +3002,6 @@ main (int argc, char **argv ) { log_info(_("encrypting a message in --pgp2 mode requires " "the IDEA cipher\n")); - idea_cipher_warn(1); unusable=1; } else if(cmd==aSym) @@ -3097,12 +3061,6 @@ main (int argc, char **argv ) * may try to load an module */ if( def_cipher_string ) { opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string); - if(opt.def_cipher_algo==0 && - (ascii_strcasecmp(def_cipher_string,"idea")==0 - || ascii_strcasecmp(def_cipher_string,"s1")==0)) - { - idea_cipher_warn(1); - } xfree(def_cipher_string); def_cipher_string = NULL; if( check_cipher_algo(opt.def_cipher_algo) ) log_error(_("selected cipher algorithm is invalid\n")); diff --git a/g10/keygen.c b/g10/keygen.c index 90bddae5a..7c473cbaf 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -332,14 +332,15 @@ keygen_set_std_prefs (const char *string,int personal) if(!check_cipher_algo(CIPHER_ALGO_CAST5)) strcat(dummy_string,"S3 "); strcat(dummy_string,"S2 "); /* 3DES */ - /* If we have it, IDEA goes *after* 3DES so it won't be + /* If we have it and we are in PGP2 mode, + IDEA goes *after* 3DES so it won't be used unless we're encrypting along with a V3 key. Ideally, we would only put the S1 preference in if the key was RSA and <=2048 bits, as that is what won't break PGP2, but that is difficult with the current code, and not really worth checking as a non-RSA <=2048 bit key wouldn't be usable by PGP2 anyway. -dms */ - if(!check_cipher_algo(CIPHER_ALGO_IDEA)) + if(PGP2 && !check_cipher_algo(CIPHER_ALGO_IDEA)) strcat(dummy_string,"S1 "); @@ -415,12 +416,6 @@ keygen_set_std_prefs (const char *string,int personal) else { log_info (_("invalid item `%s' in preference string\n"),tok); - - /* Complain if IDEA is not available. */ - if(ascii_strcasecmp(tok,"s1")==0 - || ascii_strcasecmp(tok,"idea")==0) - idea_cipher_warn(1); - rc=-1; } } diff --git a/g10/main.h b/g10/main.h index 584c4c7f9..784ade06d 100644 --- a/g10/main.h +++ b/g10/main.h @@ -85,12 +85,6 @@ int openpgp_pk_test_algo( int algo, unsigned int usage_flags ); int openpgp_pk_algo_usage ( int algo ); int openpgp_md_test_algo( int algo ); -#ifdef USE_IDEA -void idea_cipher_warn( int show ); -#else -#define idea_cipher_warn(a) -#endif - void md5_digest_warn (int show); void not_in_gpg1_notice (void); @@ -224,7 +218,7 @@ void import_print_stats (void *hd); int collapse_uids( KBNODE *keyblock ); -int auto_create_card_key_stub ( const char *serialnostr, +int auto_create_card_key_stub ( const char *serialnostr, const unsigned char *fpr1, const unsigned char *fpr2, const unsigned char *fpr3); diff --git a/g10/mainproc.c b/g10/mainproc.c index 3ffb049bc..9cbf9ada3 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -260,14 +260,6 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen ) if(dek->keylen > DIM(dek->key)) BUG (); - /* This is not completely accurate, since a bad passphrase may have - resulted in a garbage algorithm byte, but it's close enough since - a bogus byte here will fail later. */ - if(dek->algo==CIPHER_ALGO_IDEA) - { - idea_cipher_warn(0); - } - memcpy(dek->key, seskey + 1, dek->keylen); /*log_hexdump( "thekey", dek->key, dek->keylen );*/ @@ -565,7 +557,6 @@ proc_encrypted( CTX c, PACKET *pkt ) algo = opt.def_cipher_algo; if (!algo) algo = opt.s2k_cipher_algo; - idea_cipher_warn(1); log_info (_("IDEA cipher unavailable, " "optimistically attempting to use %s instead\n"), cipher_algo_to_string(algo)); diff --git a/g10/misc.c b/g10/misc.c index b688a93d7..68b4cea3f 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -39,7 +39,7 @@ #ifdef _WIN32 #include <time.h> #include <process.h> -#include <windows.h> +#include <windows.h> #include <shlobj.h> #ifndef CSIDL_APPDATA #define CSIDL_APPDATA 0x001a @@ -71,7 +71,7 @@ #ifdef ENABLE_SELINUX_HACKS /* A object and a global variable to keep track of files marked as secured. */ -struct secured_file_item +struct secured_file_item { struct secured_file_item *next; ino_t ino; @@ -141,7 +141,7 @@ register_secured_file (const char *fname) /* Note that we stop immediatley if something goes wrong here. */ if (stat (fname, &buf)) - log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname, + log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname, "register_secured_file", strerror (errno)); /* log_debug ("registering `%s' i=%lu.%lu\n", fname, */ /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */ @@ -191,8 +191,8 @@ unregister_secured_file (const char *fname) } /* Return true if FD is corresponds to a secured file. Using -1 for - FS is allowed and will return false. */ -int + FS is allowed and will return false. */ +int is_secured_file (int fd) { #ifdef ENABLE_SELINUX_HACKS @@ -206,7 +206,7 @@ is_secured_file (int fd) secure if something went wrong. */ if (fstat (fd, &buf)) { - log_error (_("fstat(%d) failed in %s: %s\n"), fd, + log_error (_("fstat(%d) failed in %s: %s\n"), fd, "is_secured_file", strerror (errno)); return 1; } @@ -224,8 +224,8 @@ is_secured_file (int fd) /* Return true if FNAME is corresponds to a secured file. Using NULL, "" or "-" for FS is allowed and will return false. This function is used before creating a file, thus it won't fail if the file does - not exist. */ -int + not exist. */ +int is_secured_filename (const char *fname) { #ifdef ENABLE_SELINUX_HACKS @@ -233,7 +233,7 @@ is_secured_filename (const char *fname) struct secured_file_item *sf; if (iobuf_is_pipe_filename (fname) || !*fname) - return 0; + return 0; /* Note that we print out a error here and claim that a file is secure if something went wrong. */ @@ -369,10 +369,10 @@ get_session_marker( size_t *rlen ) ulong a, b; initialized = 1; - /* also this marker is guessable it is not easy to use this + /* also this marker is guessable it is not easy to use this * for a faked control packet because an attacker does not - * have enough control about the time the verification does - * take place. Of course, we can add just more random but + * have enough control about the time the verification does + * take place. Of course, we can add just more random but * than we need the random generator even for verification * tasks - which does not make sense. */ a = aa ^ (ulong)getpid(); @@ -407,13 +407,13 @@ openpgp_pk_test_algo( int algo, unsigned int usage_flags ) return check_pubkey_algo2( algo, usage_flags ); } -int +int openpgp_pk_algo_usage ( int algo ) { - int use = 0; - + int use = 0; + /* they are hardwired in gpg 1.0 */ - switch ( algo ) { + switch ( algo ) { case PUBKEY_ALGO_RSA: use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH; break; @@ -426,14 +426,14 @@ openpgp_pk_algo_usage ( int algo ) case PUBKEY_ALGO_ELGAMAL: /* Allow encryption with type 20 keys if RFC-2440 compliance has been selected. Signing is broken thus we won't allow - this. */ + this. */ if (RFC2440) use = PUBKEY_USAGE_ENC; break; case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break; - case PUBKEY_ALGO_DSA: + case PUBKEY_ALGO_DSA: use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; break; default: @@ -450,23 +450,6 @@ openpgp_md_test_algo( int algo ) return check_digest_algo(algo); } -#ifdef USE_IDEA -/* Special warning for the IDEA cipher */ -void -idea_cipher_warn(int show) -{ - static int warned=0; - - if(!warned || show) - { - log_info(_("the IDEA cipher plugin is not present\n")); - log_info(_("please see %s for more information\n"), - "http://www.gnupg.org/faq/why-not-idea.html"); - warned=1; - } -} -#endif - /* Print a warning if the md5 digest algorithm has been used. This warning is printed only once unless SHOW is used. */ void @@ -500,7 +483,7 @@ not_in_gpg1_notice (void) } -static unsigned long +static unsigned long get_signature_count(PKT_secret_key *sk) { #ifdef ENABLE_CARD_SUPPORT @@ -509,7 +492,7 @@ get_signature_count(PKT_secret_key *sk) struct agent_card_info_s info; if(agent_scd_getattr("SIG-COUNTER",&info)==0) return info.sig_counter; - } + } #endif /* How to do this without a card? */ @@ -600,7 +583,7 @@ pct_expando(const char *string,struct expando_args *args) sprintf(&ret[idx],"%lu",get_signature_count(args->sk)); idx+=strlen(&ret[idx]); done=1; - } + } break; case 'p': /* primary pk fingerprint of a sk */ @@ -669,7 +652,7 @@ pct_expando(const char *string,struct expando_args *args) case 't': /* e.g. "jpg" */ str=image_type_to_string(args->imagetype,0); break; - + case 'T': /* e.g. "image/jpeg" */ str=image_type_to_string(args->imagetype,2); break; @@ -1148,7 +1131,7 @@ unescape_percent_string (const unsigned char *s) while (*s) { if (*s == '%' && s[1] && s[2]) - { + { s++; *d = xtoi_2 (s); if (!*d) @@ -1164,7 +1147,7 @@ unescape_percent_string (const unsigned char *s) else *d++ = *s++; } - *d = 0; + *d = 0; return buffer; } @@ -1186,7 +1169,7 @@ has_invalid_email_chars (const char *s) const char *valid_chars= "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - for ( ; *s; s++ ) + for ( ; *s; s++ ) { if ( *s & 0x80 ) continue; /* We only care about ASCII. */ @@ -1271,7 +1254,7 @@ default_homedir (void) if (!dir || !*dir) { char path[MAX_PATH]; - + /* It might be better to use LOCAL_APPDATA because this is defined as "non roaming" and thus more likely to be kept locally. For private keys this is desired. However, given @@ -1279,13 +1262,13 @@ default_homedir (void) using a system roaming serives might be better than to let them do it manually. A security conscious user will anyway use the registry entry to have better control. */ - if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, - NULL, 0, path) >= 0) + if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE, + NULL, 0, path) >= 0) { char *tmp = xmalloc (strlen (path) + 6 +1); strcpy (stpcpy (tmp, path), "\\gnupg"); dir = tmp; - + /* Try to create the directory if it does not yet exists. */ if (access (dir, F_OK)) @@ -1325,7 +1308,7 @@ get_libexecdir (void) else { log_debug ("bad filename `%s' returned for this process\n", dir); - *dir = 0; + *dir = 0; } } diff --git a/g10/pkclist.c b/g10/pkclist.c index d0d2a532c..158ddf0c7 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -162,7 +162,7 @@ show_revocation_reason( PKT_public_key *pk, int mode ) * mode: 0 = standard * 1 = Without key info and additional menu option 'm' * this does also add an option to set the key to ultimately trusted. - * Returns: + * Returns: * -2 = nothing changed - caller should show some additional info * -1 = quit operation * 0 = nothing changed @@ -198,7 +198,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, uppercase. Below you will find the matching strings which should be translated accordingly and the letter changed to match the one in the answer string. - + i = please show me more information m = back to the main menu s = skip this key @@ -206,9 +206,9 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, */ const char *ans = _("iImMqQsS"); - if( !did_help ) + if( !did_help ) { - if( !mode ) + if( !mode ) { KBNODE keyblock, un; @@ -235,7 +235,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, if (un->pkt->pkt.user_id->is_primary && !un->pkt->pkt.user_id->attrib_data ) continue; - + if((opt.verify_options&VERIFY_SHOW_PHOTOS) && un->pkt->pkt.user_id->attrib_data) show_photos(un->pkt->pkt.user_id->attribs, @@ -247,7 +247,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, tty_printf(_(" aka \"%s\"\n"),p); } - + print_fingerprint (pk, NULL, 2); tty_printf("\n"); release_kbnode (keyblock); @@ -305,7 +305,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, did_help = 0; else if( *p && p[1] ) ; - else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) ) + else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) ) { unsigned int trust; switch( *p ) @@ -331,14 +331,14 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, } #if 0 /* not yet implemented */ - else if( *p == ans[0] || *p == ans[1] ) + else if( *p == ans[0] || *p == ans[1] ) { tty_printf(_("Certificates leading to an ultimately trusted key:\n")); show = 1; break; } #endif - else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) ) + else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) ) { break ; /* back to the menu */ } @@ -357,9 +357,9 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, return show? -2: quit? -1 : changed; } -/* +/* * Display a menu to change the ownertrust of the key PK (which should - * be a primary key). + * be a primary key). * For mode values see do_edit_ownertrust () */ int @@ -416,7 +416,7 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel ) log_error ("invalid trustlevel %u returned from validation layer\n", trustlevel); /* fall thru */ - case TRUST_UNKNOWN: + case TRUST_UNKNOWN: case TRUST_UNDEFINED: log_info(_("%s: There is no assurance this key belongs" " to the named user\n"),keystr_from_pk(pk)); @@ -491,7 +491,7 @@ check_signatures_trust( PKT_signature *sig ) int rc=0; rc = get_pubkey( pk, sig->keyid ); - if (rc) + if (rc) { /* this should not happen */ log_error("Ooops; the key vanished - can't check the trust\n"); rc = G10ERR_NO_PUBKEY; @@ -513,7 +513,7 @@ check_signatures_trust( PKT_signature *sig ) trustlevel = get_validity (pk, NULL); - if ( (trustlevel & TRUST_FLAG_REVOKED) ) + if ( (trustlevel & TRUST_FLAG_REVOKED) ) { write_status( STATUS_KEYREVOKED ); if(pk->is_revoked==2) @@ -524,13 +524,13 @@ check_signatures_trust( PKT_signature *sig ) log_info(_(" This could mean that the signature is forged.\n")); show_revocation_reason( pk, 0 ); } - else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) ) + else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) ) { write_status( STATUS_KEYREVOKED ); log_info(_("WARNING: This subkey has been revoked by its owner!\n")); show_revocation_reason( pk, 0 ); } - + if ((trustlevel & TRUST_FLAG_DISABLED)) log_info (_("Note: This key has been disabled.\n")); @@ -563,9 +563,9 @@ check_signatures_trust( PKT_signature *sig ) "does not match DNS entry\n"), sig->pka_info->email); } - switch ( (trustlevel & TRUST_MASK) ) + switch ( (trustlevel & TRUST_MASK) ) { - case TRUST_UNKNOWN: + case TRUST_UNKNOWN: case TRUST_UNDEFINED: case TRUST_MARGINAL: if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE) @@ -587,18 +587,18 @@ check_signatures_trust( PKT_signature *sig ) } /* Now let the user know what up with the trustlevel. */ - switch ( (trustlevel & TRUST_MASK) ) + switch ( (trustlevel & TRUST_MASK) ) { case TRUST_EXPIRED: log_info(_("Note: This key has expired!\n")); print_fingerprint (pk, NULL, 1); break; - + default: log_error ("invalid trustlevel %u returned from validation layer\n", trustlevel); /* fall thru */ - case TRUST_UNKNOWN: + case TRUST_UNKNOWN: case TRUST_UNDEFINED: write_status( STATUS_TRUST_UNDEFINED ); log_info(_("WARNING: This key is not certified with" @@ -790,7 +790,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) /* Check whether there are any recipients in the list and build the * list of the encrypt-to ones (we always trust them). */ - for ( rov = remusr; rov; rov = rov->next ) + for ( rov = remusr; rov; rov = rov->next ) { if ( !(rov->flags & 1) ) { @@ -809,7 +809,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) compliance_failure(); } } - else if ( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) + else if ( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) { /* Encryption has been requested and --encrypt-to has not been disabled. Check this encrypt-to key. */ @@ -818,7 +818,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) /* We explicitly allow encrypt-to to an disabled key; thus we pass 1 as last argument. */ - if ( (rc = get_pubkey_byname ( pk, rov->d, NULL, NULL, 1 )) ) + if ( (rc = get_pubkey_byname ( pk, rov->d, NULL, NULL, 1 )) ) { free_public_key ( pk ); pk = NULL; log_error (_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) ); @@ -826,7 +826,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) rov->d, strlen (rov->d), -1); goto fail; } - else if ( !(rc=check_pubkey_algo2 (pk->pubkey_algo, use )) ) + else if ( !(rc=check_pubkey_algo2 (pk->pubkey_algo, use )) ) { /* Skip the actual key if the key is already present * in the list. Add it to our list if not. */ @@ -858,7 +858,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) } } } - else + else { /* The public key is not usable for encryption or not available. */ @@ -873,8 +873,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) /* If we don't have any recipients yet and we are not in batch mode drop into interactive selection mode. */ - if ( !any_recipients && !opt.batch ) - { + if ( !any_recipients && !opt.batch ) + { int have_def_rec; char *answer = NULL; STRLIST backlog = NULL; @@ -886,7 +886,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) if ( !have_def_rec ) tty_printf(_("You did not specify a user ID. (you may use \"-r\")\n")); - for (;;) + for (;;) { rc = 0; xfree(answer); @@ -896,7 +896,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) answer = def_rec; def_rec = NULL; } - else if (backlog) + else if (backlog) { /* This is part of our trick to expand and display groups. */ answer = pop_strlist (&backlog); @@ -939,8 +939,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) trim_spaces(answer); cpr_kill_prompt(); } - - if ( !answer || !*answer ) + + if ( !answer || !*answer ) { xfree(answer); break; /* No more recipients entered - get out of loop. */ @@ -960,12 +960,12 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) rc = get_pubkey_byname( pk, answer, NULL, NULL, 0 ); if (rc) tty_printf(_("No such user ID.\n")); - else if ( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) + else if ( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) { if ( have_def_rec ) { /* No validation for a default recipient. */ - if (!key_present_in_pk_list(pk_list, pk)) + if (!key_present_in_pk_list(pk_list, pk)) { free_public_key (pk); pk = NULL; log_info (_("skipped: public key " @@ -985,13 +985,13 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) else { /* Check validity of this key. */ int trustlevel; - + trustlevel = get_validity (pk, pk->user_id); - if ( (trustlevel & TRUST_FLAG_DISABLED) ) + if ( (trustlevel & TRUST_FLAG_DISABLED) ) { tty_printf (_("Public key is disabled.\n") ); } - else if ( do_we_trust_pre (pk, trustlevel) ) + else if ( do_we_trust_pre (pk, trustlevel) ) { /* Skip the actual key if the key is already * present in the list */ @@ -1023,7 +1023,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) pk = NULL; } } - else if ( !any_recipients && (def_rec = default_recipient()) ) + else if ( !any_recipients && (def_rec = default_recipient()) ) { /* We are in batch mode and have only a default recipient. */ pk = xmalloc_clear( sizeof *pk ); @@ -1034,7 +1034,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) rc = get_pubkey_byname (pk, def_rec, NULL, NULL, 1); if (rc) log_error(_("unknown default recipient \"%s\"\n"), def_rec ); - else if ( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) + else if ( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) { /* Mark any_recipients here since the default recipient would have been used if it wasn't already there. It @@ -1044,7 +1044,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) if (!key_present_in_pk_list(pk_list, pk)) log_info (_("skipped: public key already set " "as default recipient\n")); - else + else { PK_LIST r = xmalloc( sizeof *r ); r->pk = pk; pk = NULL; @@ -1060,18 +1060,18 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) } xfree(def_rec); def_rec = NULL; } - else + else { /* General case: Check all keys. */ any_recipients = 0; - for (; remusr; remusr = remusr->next ) + for (; remusr; remusr = remusr->next ) { if ( (remusr->flags & 1) ) continue; /* encrypt-to keys are already handled. */ pk = xmalloc_clear( sizeof *pk ); pk->req_usage = use; - if ( (rc = get_pubkey_byname( pk, remusr->d, NULL, NULL, 0 )) ) + if ( (rc = get_pubkey_byname( pk, remusr->d, NULL, NULL, 0 )) ) { /* Key not found or other error. */ free_public_key( pk ); pk = NULL; @@ -1081,13 +1081,13 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) -1); goto fail; } - else if ( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) + else if ( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) { /* Key found and usable. Check validity. */ int trustlevel; - + trustlevel = get_validity (pk, pk->user_id); - if ( (trustlevel & TRUST_FLAG_DISABLED) ) + if ( (trustlevel & TRUST_FLAG_DISABLED) ) { /*Key has been disabled. */ free_public_key(pk); pk = NULL; @@ -1100,7 +1100,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) rc=G10ERR_UNU_PUBKEY; goto fail; } - else if ( do_we_trust_pre( pk, trustlevel ) ) + else if ( do_we_trust_pre( pk, trustlevel ) ) { /* Note: do_we_trust may have changed the trustlevel */ @@ -1110,7 +1110,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) /* Skip the actual key if the key is already present * in the list */ - if (!key_present_in_pk_list(pk_list, pk)) + if (!key_present_in_pk_list(pk_list, pk)) { free_public_key(pk); pk = NULL; log_info(_("%s: skipped: public key already present\n"), @@ -1150,14 +1150,14 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned int use ) } } } - - if ( !rc && !any_recipients ) + + if ( !rc && !any_recipients ) { log_error(_("no valid addressees\n")); write_status_text (STATUS_NO_RECP, "0"); rc = G10ERR_NO_USER_ID; } - + fail: if ( rc ) @@ -1196,7 +1196,7 @@ algo_available( preftype_t preftype, int algo, const union pref_hint *hint ) && algo != CIPHER_ALGO_3DES && algo != CIPHER_ALGO_CAST5)) return 0; - + if(PGP7 && (algo != CIPHER_ALGO_IDEA && algo != CIPHER_ALGO_3DES && algo != CIPHER_ALGO_CAST5 @@ -1287,8 +1287,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, /* IDEA is implicitly there for v3 keys with v3 selfsigs if --pgp2 mode is on. This was a 2440 thing that was dropped from 4880 but is still relevant to GPG's 1991 - support. All this doesn't mean IDEA is actually - available, of course. */ + support. */ if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4) implicit=CIPHER_ALGO_IDEA; else @@ -1402,7 +1401,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, if(result==-1) { - unsigned int best=-1; + unsigned int best=-1; /* At this point, we have not selected an algorithm due to a special request or via personal prefs. Pick the highest @@ -1451,7 +1450,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, /* * Select the MDC flag from the pk_list. We can only use MDC if all recipients - * support this feature + * support this feature */ int select_mdc_from_pklist (PK_LIST pk_list) diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 041409a14..51b5c55f4 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -49,7 +49,7 @@ is_algo_in_prefs ( KBNODE keyblock, preftype_t type, int algo ) if (k->pkt->pkttype == PKT_USER_ID) { PKT_user_id *uid = k->pkt->pkt.user_id; prefitem_t *prefs = uid->prefs; - + if (uid->created && prefs && !uid->is_revoked && !uid->is_expired ) { for (; prefs->type; prefs++ ) @@ -152,7 +152,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid ) byte *frame = NULL; unsigned n, nframe; u16 csum, csum2; - + int card = 0; if (sk->is_protected && sk->protect.s2k.mode == 1002) @@ -234,15 +234,11 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid ) dek->keylen = nframe - (n+1) - 2; dek->algo = frame[n++]; - if( dek->algo == CIPHER_ALGO_IDEA ) - write_status(STATUS_RSA_OR_IDEA); rc = check_cipher_algo( dek->algo ); if( rc ) { if( !opt.quiet && rc == G10ERR_CIPHER_ALGO ) { log_info(_("cipher algorithm %d%s is unknown or disabled\n"), dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":""); - if(dek->algo==CIPHER_ALGO_IDEA) - idea_cipher_warn(0); } dek->algo = 0; goto leave; @@ -281,9 +277,9 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid ) " preferences\n"),cipher_algo_to_string(dek->algo)); if (!rc) { KBNODE k; - + for (k=pkb; k; k = k->next) { - if (k->pkt->pkttype == PKT_PUBLIC_KEY + if (k->pkt->pkttype == PKT_PUBLIC_KEY || k->pkt->pkttype == PKT_PUBLIC_SUBKEY){ u32 aki[2]; keyid_from_pk(k->pkt->pkt.public_key, aki); diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 74f80c463..cad4e63c9 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -58,11 +58,6 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, if( check_cipher_algo( sk->protect.algo ) ) { log_info(_("protection algorithm %d%s is not supported\n"), sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" ); - if (sk->protect.algo==CIPHER_ALGO_IDEA) - { - write_status (STATUS_RSA_OR_IDEA); - idea_cipher_warn (0); - } return G10ERR_CIPHER_ALGO; } if(check_digest_algo(sk->protect.s2k.hash_algo)) @@ -110,7 +105,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, attack */ sk->csum = 0; csum = 1; - if( ndata < 20 ) + if( ndata < 20 ) log_error("not enough bytes for SHA-1 checksum\n"); else { MD_HANDLE h = md_open (DIGEST_ALGO_SHA1, 1); @@ -359,10 +354,10 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) p += narr[j]; xfree(bufarr[j]); } - + if (opt.simple_sk_checksum) { log_info (_("generating the deprecated 16-bit checksum" - " for secret key protection\n")); + " for secret key protection\n")); csum = checksum( data, ndata-2); sk->csum = csum; *p++ = csum >> 8; @@ -410,7 +405,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) data[1] = nbits; cipher_encrypt (cipher_hd, data+2, buffer, nbytes); xfree( buffer ); - + mpi_free (sk->skey[i]); sk->skey[i] = mpi_set_opaque (NULL, data, nbytes+2); } diff --git a/g10/status.c b/g10/status.c index 9ce9ca87b..5c43b277a 100644 --- a/g10/status.c +++ b/g10/status.c @@ -91,7 +91,6 @@ get_status_string ( int no ) case STATUS_BADSIG : s = "BADSIG"; break; case STATUS_ERRSIG : s = "ERRSIG"; break; case STATUS_BADARMOR : s = "BADARMOR"; break; - case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA"; break; case STATUS_TRUST_UNDEFINED: s = "TRUST_UNDEFINED"; break; case STATUS_TRUST_NEVER : s = "TRUST_NEVER"; break; case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL"; break; diff --git a/g10/status.h b/g10/status.h index 61a0fcef9..6533d7329 100644 --- a/g10/status.h +++ b/g10/status.h @@ -30,7 +30,8 @@ #define STATUS_BADARMOR 7 -#define STATUS_RSA_OR_IDEA 8 +/* Not anymore used: STATUS_RSA_OR_IDEA 8 */ + #define STATUS_KEYEXPIRED 9 #define STATUS_KEYREVOKED 10 |