From d14ecc17593bc6b350e6c4ad067bb71f54fe8397 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 6 Sep 2000 12:51:58 +0000 Subject: See ChangeLog: Wed Sep 6 14:59:09 CEST 2000 Werner Koch --- ChangeLog | 4 ++ NEWS | 2 + THANKS | 3 ++ TODO | 6 ++- configure.in | 6 +++ doc/gpg.sgml | 11 +++++ g10/ChangeLog | 13 ++++++ g10/g10.c | 9 ++--- g10/openfile.c | 18 ++++++++- g10/passphrase.c | 3 +- g10/pkclist.c | 6 +-- g10/trustdb.c | 120 ++++++++++++++++++++++++++++++++++++++++++------------- util/ChangeLog | 8 ++++ util/secmem.c | 8 ++-- util/strgutil.c | 3 +- 15 files changed, 175 insertions(+), 45 deletions(-) diff --git a/ChangeLog b/ChangeLog index 931d656cb..091f4e429 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Wed Sep 6 14:59:09 CEST 2000 Werner Koch + + * configure.in (GNUPG_HOMEDIR): New. + Fri Aug 25 16:05:38 CEST 2000 Werner Koch * configure.in: Changes to allow for Solaris random device. diff --git a/NEWS b/NEWS index 6294aa9a4..9a62921e6 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,8 @@ Noteworthy changes in the current CVS branch STABLE-BRANCH-1-0 * New configuration option --with-egd-socket. + * The --trusted-key option is back after it left us with 0.9.5 + Noteworthy changes in version 1.0.2 (2000-07-12) ---------------------------------------------- diff --git a/THANKS b/THANKS index e95713c92..acc0b8692 100644 --- a/THANKS +++ b/THANKS @@ -30,6 +30,7 @@ Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de Dave Dykstra dwd@bell-labs.com David Ellement ellement@sdd.hp.com David Hallinan hallinan@rtd.com +David Mathog MATHOG@seqaxp.bio.caltech.edu Dimitri dmitri@advantrix.com Dirk Lattermann dlatt@t-online.de Ed Boraas ecxjo@esperanto.org @@ -44,6 +45,7 @@ Frank Stajano frank.stajano@cl.cam.ac.uk Frank Tobin ftobin@uiuc.edu Gabriel Rosenkoetter gr@eclipsed.net Gaël Quéri gqueri@mail.dotcom.fr +Giampaolo Tomassoni g.tomassoni@libero.it Greg Louis glouis@dynamicro.on.ca Greg Troxel gdt@ir.bbn.com Gregory Steuck steuck@iname.com @@ -84,6 +86,7 @@ Markus Friedl Markus.Friedl@informatik.uni-erlangen.de Martin Kahlert martin.kahlert@provi.de Martin Hamilton Martin Schulte schulte@thp.uni-koeln.de +Matt Kraai kraai@alumni.carnegiemellon.edu Matthew Skala mskala@ansuz.sooke.bc.ca Matthias Urlichs smurf@noris.de Max Valianskiy maxcom@maxcom.ml.org diff --git a/TODO b/TODO index b3382f7a1..66ebc9dfb 100644 --- a/TODO +++ b/TODO @@ -1,6 +1,8 @@ - * configure option to set EGD entropy socket name - + * Think more whether the setting to ultimately trusted is a good idea.!! + + * add some minor things vor VMS. + * Don't get the ultimately trusted keys from the secring but store it permanently in the trustdb. This way we don't need a secring at all. diff --git a/configure.in b/configure.in index 270a2636c..0d97def48 100644 --- a/configure.in +++ b/configure.in @@ -702,10 +702,16 @@ cat >g10defs.tmp </dev/null; then diff --git a/doc/gpg.sgml b/doc/gpg.sgml index d6bce9e06..ba80d8acb 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -389,6 +389,17 @@ Sign a public key with you secret key but mark it as non-exportable. This is a shortcut version of the subcommand "lsign" from --edit. + +--trusted-key long key ID + +Assume that the specified key (which must be given +as a full 8 byte key ID) is as trustworthy as one of +your own secret keys. This option is useful if you +don't want to keep your secret keys (or one of them) +online but still be able to check the validity of a given +recipient's or signator's key. + + --delete-key &ParmName; diff --git a/g10/ChangeLog b/g10/ChangeLog index 79ea0a102..1569113e8 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,16 @@ +Wed Sep 6 14:59:09 CEST 2000 Werner Koch + + * passphrase.c (hash_passphrase): Removed funny assert. Reported by + David Mathog. + + * openfile.c (try_make_homedir): Changes for non-Posix systems. + * g10.c (main): Take the default homedir from macro. + + * g10.c: The --trusted-key option is back. + * trustdb.c (verify_own_key): Handle this option. + (add_ultimate_key): Moved stuff from verify_own_key to this new func. + (register_trusted_key): New. + Fri Aug 25 16:05:38 CEST 2000 Werner Koch * parse-packet.c (dump_sig_subpkt): Print info about the ARR. diff --git a/g10/g10.c b/g10/g10.c index 7b1dfaf9c..c831ba41d 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -195,6 +195,7 @@ enum cmd_and_opt_values { aNull = 0, oNoAutoKeyRetrieve, oMergeOnly, oTryAllSecrets, + oTrustedKey, oEmu3DESS2KBug, /* will be removed in 1.1 */ oEmuMDEncodeBug, aTest }; @@ -295,6 +296,7 @@ static ARGPARSE_OPTS opts[] = { { oCompletesNeeded, "completes-needed", 1, "@"}, { oMarginalsNeeded, "marginals-needed", 1, "@"}, { oMaxCertDepth, "max-cert-depth", 1, "@" }, + { oTrustedKey, "trusted-key", 2, N_("|KEYID|ulimately trust this key")}, { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")}, { oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")}, @@ -635,11 +637,7 @@ main( int argc, char **argv ) opt.homedir = getenv("GNUPGHOME"); #endif if( !opt.homedir || !*opt.homedir ) { - #ifdef HAVE_DRIVE_LETTERS - opt.homedir = "c:/gnupg"; - #else - opt.homedir = "~/.gnupg"; - #endif + opt.homedir = GNUPG_HOMEDIR; } /* check whether we have a config file on the commandline */ @@ -937,6 +935,7 @@ main( int argc, char **argv ) break; case oMergeOnly: opt.merge_only = 1; break; case oTryAllSecrets: opt.try_all_secrets = 1; break; + case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break; default : pargs.err = configfp? 1:2; break; } diff --git a/g10/openfile.c b/g10/openfile.c index 394bec32e..ff7478d86 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -316,10 +316,24 @@ copy_options_file( const char *destdir ) void try_make_homedir( const char *fname ) { + const char *defhome = GNUPG_HOMEDIR; + + /* Create the directory only if the supplied directory name + * is the same as the default one. This way we avoid to create + * arbitrary directories when a non-default homedirectory is used. + * To cope with HOME, we do compare only the suffix if we see that + * the default homedir does start with a tilde. + */ if( opt.dry_run ) return; - if( strlen(fname) >= 7 - && !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) { + + if ( ( *defhome == '~' + && ( strlen(fname) >= strlen (defhome+1) + && !strcmp(fname+strlen(defhome+1)-strlen(defhome+1), + defhome+1 ) )) + || ( *defhome != '~' + && !compare_filenames( fname, defhome ) ) + ) { if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) ) log_fatal( _("%s: can't create directory: %s\n"), fname, strerror(errno) ); diff --git a/g10/passphrase.c b/g10/passphrase.c index b400ea257..9bc1abfe0 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -279,8 +279,7 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create ) else { md_write( md, s2k->salt, 8 ); count -= 8; - assert( count >= 0 ); - md_write( md, pw, count ); + md_write( md, pw, count ); } } else diff --git a/g10/pkclist.c b/g10/pkclist.c index d19ba0bf2..9bd42e226 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -349,9 +349,9 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help ) case '4': trust = TRUST_FULLY ; break; default: BUG(); } - *new_trust = trust; - changed = 1; - break; + *new_trust = trust; + changed = 1; + break; } else if( *p == ans[0] || *p == ans[1] ) { tty_printf(_( diff --git a/g10/trustdb.c b/g10/trustdb.c index 54fe34d88..ae3533eba 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -109,6 +109,7 @@ static TN used_tns; static int alloced_tns; static int max_alloced_tns; +static struct keyid_list *trusted_key_list; static LOCAL_ID_TABLE new_lid_table(void); static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag ); @@ -463,6 +464,63 @@ lid_from_keyid_no_sdir( u32 *keyid ) ************* Initialization **************** ***********************************************/ +void +register_trusted_key( const char *string ) +{ + u32 keyid[2]; + struct keyid_list *r; + + if( classify_user_id( string, keyid, NULL, NULL, NULL ) != 11 ) { + log_error(_("'%s' is not a valid long keyID\n"), string ); + return; + } + + for( r = trusted_key_list; r; r = r->next ) + if( r->keyid[0] == keyid[0] && r->keyid[1] == keyid[1] ) + return; + r = m_alloc( sizeof *r ); + r->keyid[0] = keyid[0]; + r->keyid[1] = keyid[1]; + r->next = trusted_key_list; + trusted_key_list = r; +} + + +static void +add_ultimate_key( PKT_public_key *pk, u32 *keyid ) +{ + int rc; + + /* first make sure that the pubkey is in the trustdb */ + rc = query_trust_record( pk ); + if( rc == -1 && opt.dry_run ) + return; + if( rc == -1 ) { /* put it into the trustdb */ + rc = insert_trust_record_by_pk( pk ); + if( rc ) { + log_error(_("key %08lX: can't put it into the trustdb\n"), + (ulong)keyid[1] ); + return; + } + } + else if( rc ) { + log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] ); + return; + } + + if( DBG_TRUST ) + log_debug("key %08lX.%lu: stored into ultikey_table\n", + (ulong)keyid[1], pk->local_id ); + + if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) ) + log_error(_("key %08lX: already in trusted key table\n"), + (ulong)keyid[1]); + else if( opt.verbose > 1 ) + log_info(_("key %08lX: accepted as trusted key.\n"), + (ulong)keyid[1]); + +} + /**************** * Verify that all our public keys are in the trustdb. */ @@ -474,7 +532,27 @@ verify_own_keys(void) PKT_secret_key *sk = m_alloc_clear( sizeof *sk ); PKT_public_key *pk = m_alloc_clear( sizeof *pk ); u32 keyid[2]; - + struct keyid_list *kl; + + + /* put the trusted keys into the ultikey table */ + for( kl = trusted_key_list; kl; kl = kl->next ) { + keyid[0] = kl->keyid[0]; + keyid[1] = kl->keyid[1]; + /* get the public key */ + memset( pk, 0, sizeof *pk ); + rc = get_pubkey( pk, keyid ); + if( rc ) { + log_info(_("key %08lX: no public key for trusted key - skipped\n"), + (ulong)keyid[1] ); + } + else { + add_ultimate_key( pk, keyid ); + release_public_key_parts( pk ); + } + } + + /* And now add all secret keys to the ultikey table */ while( !(rc=enum_secret_keys( &enum_context, sk, 0 ) ) ) { int have_pk = 0; @@ -487,6 +565,10 @@ verify_own_keys(void) log_info(_("NOTE: secret key %08lX is NOT protected.\n"), (ulong)keyid[1] ); + for( kl = trusted_key_list; kl; kl = kl->next ) { + if( kl->keyid[0] == keyid[0] && kl->keyid[1] == keyid[1] ) + goto skip; /* already in trusted key table */ + } /* see whether we can access the public key of this secret key */ memset( pk, 0, sizeof *pk ); @@ -504,33 +586,8 @@ verify_own_keys(void) goto skip; } - /* make sure that the pubkey is in the trustdb */ - rc = query_trust_record( pk ); - if( rc == -1 && opt.dry_run ) - goto skip; - if( rc == -1 ) { /* put it into the trustdb */ - rc = insert_trust_record_by_pk( pk ); - if( rc ) { - log_error(_("key %08lX: can't put it into the trustdb\n"), - (ulong)keyid[1] ); - goto skip; - } - } - else if( rc ) { - log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] ); - goto skip; - - } + add_ultimate_key( pk, keyid ); - if( DBG_TRUST ) - log_debug("key %08lX.%lu: stored into ultikey_table\n", - (ulong)keyid[1], pk->local_id ); - if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) ) - log_error(_("key %08lX: already in trusted key table\n"), - (ulong)keyid[1]); - else if( opt.verbose > 1 ) - log_info(_("key %08lX: accepted as trusted key.\n"), - (ulong)keyid[1]); skip: release_secret_key_parts( sk ); if( have_pk ) @@ -541,6 +598,15 @@ verify_own_keys(void) else rc = 0; + /* release the trusted keyid table */ + { struct keyid_list *kl2; + for( kl = trusted_key_list; kl; kl = kl2 ) { + kl2 = kl->next; + m_free( kl ); + } + trusted_key_list = NULL; + } + enum_secret_keys( &enum_context, NULL, 0 ); /* free context */ free_secret_key( sk ); free_public_key( pk ); diff --git a/util/ChangeLog b/util/ChangeLog index 12b9ba4c6..f47cfdde7 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,11 @@ +Wed Sep 6 14:59:09 CEST 2000 Werner Koch + + * secmem.c (secmem_realloc): check for failed secmem_malloc. By + Matt Kraai. + + * strgutil.c (utf8_to_native): Fixed null ptr problem. By + Giampaolo Tomassoni. + Thu Jul 27 10:02:38 CEST 2000 Werner Koch * iobuf.c: Use setmode() at several places to set stdin and stdout diff --git a/util/secmem.c b/util/secmem.c index 8b80370c1..308b6bb46 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -347,9 +347,11 @@ secmem_realloc( void *p, size_t newsize ) if( newsize < size ) return p; /* it is easier not to shrink the memory */ a = secmem_malloc( newsize ); - memcpy(a, p, size); - memset((char*)a+size, 0, newsize-size); - secmem_free(p); + if ( a ) { + memcpy(a, p, size); + memset((char*)a+size, 0, newsize-size); + secmem_free(p); + } return a; } diff --git a/util/strgutil.c b/util/strgutil.c index 861bf0d6b..1308bb0af 100644 --- a/util/strgutil.c +++ b/util/strgutil.c @@ -424,7 +424,8 @@ utf8_to_native( const char *string, size_t length ) case 0 : n++; if( p ) *p++ = '0'; break; default: n += 3; sprintf( p, "x%02x", *s ); - p += 3; + if ( p ) + p += 3; break; } } -- cgit v1.2.3