diff options
| -rw-r--r-- | TODO | 8 | ||||
| -rw-r--r-- | cipher/ChangeLog | 6 | ||||
| -rw-r--r-- | cipher/pubkey.c | 333 | ||||
| -rw-r--r-- | g10/ChangeLog | 16 | ||||
| -rw-r--r-- | g10/encode.c | 18 | ||||
| -rw-r--r-- | g10/keyedit.c | 2 | ||||
| -rw-r--r-- | g10/keygen.c | 53 | ||||
| -rw-r--r-- | g10/keylist.c | 83 | ||||
| -rw-r--r-- | g10/misc.c | 34 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 42 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 36 | ||||
| -rw-r--r-- | g10/sig-check.c | 56 | ||||
| -rw-r--r-- | g10/sign.c | 30 | ||||
| -rw-r--r-- | mpi/ChangeLog | 4 | ||||
| -rw-r--r-- | mpi/config.links | 10 | ||||
| -rw-r--r-- | util/iobuf.c | 4 |
16 files changed, 495 insertions, 240 deletions
@@ -28,8 +28,6 @@ * Speed up calculation of key validation. - * Allow a replacement for the progress functions in ./cipher - * print a warning when a revoked/expired _secret_ key is used. * --disable-asm should still assemble _udiv_qrnnd when needed @@ -47,6 +45,12 @@ * Delay the read of the passphrase-fd afte a NEED_PASSPHRASE. But this may break some scripts. + * as soon as we have moved to KBX, we can check signatures at all places + because there is no perfomance drawback as we can store the result of + a verification in the KBX. This enable us to better print information on + revoked user IDs and signatures. Well, caching of non-self-signatures + will still be complicated. + Nice to have ------------ diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 72129a898..f13c0fb9c 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,9 @@ +Tue Jul 25 17:44:15 CEST 2000 Werner Koch <[email protected]> + + * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt, + gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with + the new S-Exp interface. + Mon Jul 17 16:35:47 CEST 2000 Werner Koch <wk@> * random.c (gather_faked): Replaced make_timestamp by time(2) again. diff --git a/cipher/pubkey.c b/cipher/pubkey.c index b139720d6..7ef6f18b7 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -701,25 +701,38 @@ sexp_to_key( GCRY_SEXP sexp, int want_private, MPI **retarray, int *retalgo) :"public-key", 0 ); if( !list ) return GCRYERR_INV_OBJ; /* Does not contain a public- or private-key object */ - list = gcry_sexp_cdr( list ); + l2 = gcry_sexp_cdr( list ); + gcry_sexp_release ( list ); + list = l2; if( !list ) return GCRYERR_NO_OBJ; /* no cdr for the key object */ + l2 = gcry_sexp_car( list ); + gcry_sexp_release ( list ); + list = l2; + if( !list ) + return GCRYERR_NO_OBJ; /* no car for the key object */ name = gcry_sexp_car_data( list, &n ); - if( !name ) + if( !name ) { + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* invalid structure of object */ + } for(i=0; (s=algo_info_table[i].name); i++ ) { if( strlen(s) == n && !memcmp( s, name, n ) ) break; } - if( !s ) + if( !s ) { + gcry_sexp_release ( list ); return GCRYERR_INV_PK_ALGO; /* unknown algorithm */ + } algo = algo_info_table[i].algo; elems1 = algo_info_table[i].common_elements; elems2 = want_private? algo_info_table[i].secret_elements : algo_info_table[i].public_elements; array = g10_calloc( strlen(elems1)+strlen(elems2)+1, sizeof *array ); - if( !array ) + if( !array ) { + gcry_sexp_release ( list ); return GCRYERR_NO_MEM; + } idx = 0; for(s=elems1; *s; s++, idx++ ) { @@ -728,13 +741,16 @@ sexp_to_key( GCRY_SEXP sexp, int want_private, MPI **retarray, int *retalgo) for(i=0; i<idx; i++) g10_free( array[i] ); g10_free( array ); + gcry_sexp_release ( list ); return GCRYERR_NO_OBJ; /* required parameter not found */ } array[idx] = gcry_sexp_cdr_mpi( l2, GCRYMPI_FMT_USG ); + gcry_sexp_release ( l2 ); if( !array[idx] ) { for(i=0; i<idx; i++) g10_free( array[i] ); g10_free( array ); + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* required parameter is invalid */ } } @@ -744,18 +760,21 @@ sexp_to_key( GCRY_SEXP sexp, int want_private, MPI **retarray, int *retalgo) for(i=0; i<idx; i++) g10_free( array[i] ); g10_free( array ); + gcry_sexp_release ( list ); return GCRYERR_NO_OBJ; /* required parameter not found */ } - /* FIXME: put the MPI in secure memory when needed */ array[idx] = gcry_sexp_cdr_mpi( l2, GCRYMPI_FMT_USG ); + gcry_sexp_release ( l2 ); if( !array[idx] ) { for(i=0; i<idx; i++) g10_free( array[i] ); g10_free( array ); + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* required parameter is invalid */ } } + gcry_sexp_release ( list ); *retarray = array; *retalgo = algo; @@ -778,38 +797,55 @@ sexp_to_sig( GCRY_SEXP sexp, MPI **retarray, int *retalgo) list = gcry_sexp_find_token( sexp, "sig-val" , 0 ); if( !list ) return GCRYERR_INV_OBJ; /* Does not contain a signature value object */ - list = gcry_sexp_cdr( list ); + l2 = gcry_sexp_cdr( list ); + gcry_sexp_release ( list ); + list = l2; if( !list ) return GCRYERR_NO_OBJ; /* no cdr for the sig object */ + l2 = gcry_sexp_car( list ); + gcry_sexp_release ( list ); + list = l2; + if( !list ) + return GCRYERR_NO_OBJ; /* no car for the key object */ name = gcry_sexp_car_data( list, &n ); - if( !name ) + if( !name ) { + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* invalid structure of object */ + } for(i=0; (s=sig_info_table[i].name); i++ ) { if( strlen(s) == n && !memcmp( s, name, n ) ) break; } - if( !s ) + if( !s ) { + gcry_sexp_release ( list ); return GCRYERR_INV_PK_ALGO; /* unknown algorithm */ + } algo = sig_info_table[i].algo; elems = sig_info_table[i].elements; array = g10_calloc( (strlen(elems)+1) , sizeof *array ); - if( !array ) + if( !array ) { + gcry_sexp_release ( list ); return GCRYERR_NO_MEM; + } idx = 0; for(s=elems; *s; s++, idx++ ) { l2 = gcry_sexp_find_token( list, s, 1 ); if( !l2 ) { g10_free( array ); + gcry_sexp_release ( list ); return GCRYERR_NO_OBJ; /* required parameter not found */ } array[idx] = gcry_sexp_cdr_mpi( l2, GCRYMPI_FMT_USG ); + gcry_sexp_release ( l2 ); if( !array[idx] ) { g10_free( array ); + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* required parameter is invalid */ } } + gcry_sexp_release ( list ); *retarray = array; *retalgo = algo; @@ -837,38 +873,53 @@ sexp_to_enc( GCRY_SEXP sexp, MPI **retarray, int *retalgo) list = gcry_sexp_find_token( sexp, "enc-val" , 0 ); if( !list ) return GCRYERR_INV_OBJ; /* Does not contain a encrypted value object */ - list = gcry_sexp_cdr( list ); - if( !list ) + l2 = gcry_sexp_cdr( list ); + gcry_sexp_release ( list ); + list = l2; + if( !list ) { + gcry_sexp_release ( list ); return GCRYERR_NO_OBJ; /* no cdr for the data object */ + } name = gcry_sexp_car_data( list, &n ); - if( !name ) + if( !name ) { + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* invalid structure of object */ + } for(i=0; (s=enc_info_table[i].name); i++ ) { if( strlen(s) == n && !memcmp( s, name, n ) ) break; } - if( !s ) + if( !s ) { + gcry_sexp_release ( list ); return GCRYERR_INV_PK_ALGO; /* unknown algorithm */ + } + algo = enc_info_table[i].algo; elems = enc_info_table[i].elements; array = g10_calloc( (strlen(elems)+1) , sizeof *array ); - if( !array ) + if( !array ) { + gcry_sexp_release ( list ); return GCRYERR_NO_MEM; + } idx = 0; for(s=elems; *s; s++, idx++ ) { l2 = gcry_sexp_find_token( list, s, 1 ); if( !l2 ) { g10_free( array ); + gcry_sexp_release ( list ); return GCRYERR_NO_OBJ; /* required parameter not found */ } array[idx] = gcry_sexp_cdr_mpi( l2, GCRYMPI_FMT_USG ); + gcry_sexp_release ( l2 ); if( !array[idx] ) { g10_free( array ); + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* required parameter is invalid */ } } + gcry_sexp_release ( list ); *retarray = array; *retalgo = algo; @@ -900,7 +951,6 @@ gcry_pk_encrypt( GCRY_SEXP *r_ciph, GCRY_SEXP s_data, GCRY_SEXP s_pkey ) { MPI *pkey, data, *ciph; const char *algo_name, *algo_elems; - GCRY_SEXP *s_elems; int i, rc, algo; /* get the key */ @@ -933,26 +983,61 @@ gcry_pk_encrypt( GCRY_SEXP *r_ciph, GCRY_SEXP s_data, GCRY_SEXP s_pkey ) release_mpi_array( pkey ); mpi_free( data ); if( rc ) { + release_mpi_array( ciph ); g10_free( ciph ); return rc; } /* We did it. Now build the return list */ - s_elems = g10_xcalloc( (strlen(algo_elems)+2), sizeof *s_elems ); - s_elems[0] = SEXP_NEW( algo_name, 0 ); - for(i=0; algo_elems[i]; i++ ) { - char tmp[2]; - tmp[0] = algo_elems[i]; - tmp[1] = 0; - s_elems[i+1] = gcry_sexp_new_name_mpi( tmp, ciph[i] ); + { + char *string, *p; + size_t nelem, needed= strlen(algo_name) + 20; + + /* count elements, so that we can allocate enough space */ + for(nelem=0; algo_elems[nelem]; nelem++ ) + needed += 10; /* 6 + a safety margin */ + /* build the string */ + string = p = g10_xmalloc ( needed ); + p = stpcpy ( p, "(enc-val(" ); + p = stpcpy ( p, algo_name ); + for(i=0; algo_elems[i]; i++ ) { + *p++ = '('; + *p++ = algo_elems[i]; + p = stpcpy ( p, "%m)" ); + } + strcpy ( p, "))" ); + /* and now the ugly part: we don't have a function to + * pass an array to a format string, so we have to do it this way :-( + */ + switch ( nelem ) { + case 1: rc = gcry_sexp_build ( r_ciph, NULL, string, + ciph[0] + ); break; + case 2: rc = gcry_sexp_build ( r_ciph, NULL, string, + ciph[0], ciph[1] + ); break; + case 3: rc = gcry_sexp_build ( r_ciph, NULL, string, + ciph[0], ciph[1], ciph[2] + ); break; + case 4: rc = gcry_sexp_build ( r_ciph, NULL, string, + ciph[0], ciph[1], ciph[2], ciph[3] + ); break; + case 5: rc = gcry_sexp_build ( r_ciph, NULL, string, + ciph[0], ciph[1], ciph[2], ciph[3], ciph[4] + ); break; + case 6: rc = gcry_sexp_build ( r_ciph, NULL, string, + ciph[0], ciph[1], ciph[2], ciph[3], ciph[4], ciph[5] + ); break; + default: BUG (); + } + if ( rc ) + BUG (); + g10_free ( string ); } release_mpi_array( ciph ); g10_free( ciph ); - *r_ciph = SEXP_CONS( SEXP_NEW( "enc-val", 0 ), - gcry_sexp_alist( s_elems ) ); - g10_free( s_elems ); return 0; } @@ -1003,7 +1088,9 @@ gcry_pk_decrypt( GCRY_SEXP *r_plain, GCRY_SEXP s_data, GCRY_SEXP s_skey ) return -1; /* fixme: add real errornumber - decryption failed */ } - *r_plain = gcry_sexp_new_mpi( plain ); + if ( gcry_sexp_build( r_plain, NULL, "%m", plain ) ) + BUG (); + mpi_free( plain ); release_mpi_array( data ); release_mpi_array( skey ); @@ -1042,7 +1129,6 @@ gcry_pk_sign( GCRY_SEXP *r_sig, GCRY_SEXP s_hash, GCRY_SEXP s_skey ) MPI *result; int i, algo, rc; const char *algo_name, *algo_elems; - GCRY_SEXP *s_elems; rc = sexp_to_key( s_skey, 1, &skey, &algo ); if( rc ) @@ -1074,21 +1160,54 @@ gcry_pk_sign( GCRY_SEXP *r_sig, GCRY_SEXP s_hash, GCRY_SEXP s_skey ) return rc; } - s_elems = g10_xcalloc( (strlen(algo_elems)+2), sizeof *s_elems ); - s_elems[0] = SEXP_NEW( algo_name, 0 ); - for(i=0; algo_elems[i]; i++ ) { - char tmp[2]; - tmp[0] = algo_elems[i]; - tmp[1] = 0; - s_elems[i+1] = gcry_sexp_new_name_mpi( tmp, result[i] ); + { + char *string, *p; + size_t nelem, needed= strlen(algo_name) + 20; + + /* count elements, so that we can allocate enough space */ + for(nelem=0; algo_elems[nelem]; nelem++ ) + needed += 10; /* 6 + a safety margin */ + /* build the string */ + string = p = g10_xmalloc ( needed ); + p = stpcpy ( p, "(sig-val(" ); + p = stpcpy ( p, algo_name ); + for(i=0; algo_elems[i]; i++ ) { + *p++ = '('; + *p++ = algo_elems[i]; + p = stpcpy ( p, "%m)" ); + } + strcpy ( p, "))" ); + /* and now the ugly part: we don't have a function to + * pass an array to a format string, so we have to do it this way :-( + */ + switch ( nelem ) { + case 1: rc = gcry_sexp_build ( r_sig, NULL, string, + result[0] + ); break; + case 2: rc = gcry_sexp_build ( r_sig, NULL, string, + result[0], result[1] + ); break; + case 3: rc = gcry_sexp_build ( r_sig, NULL, string, + result[0], result[1], result[2] + ); break; + case 4: rc = gcry_sexp_build ( r_sig, NULL, string, + result[0], result[1], result[2], result[3] + ); break; + case 5: rc = gcry_sexp_build ( r_sig, NULL, string, + result[0], result[1], result[2], result[3], result[4] + ); break; + case 6: rc = gcry_sexp_build ( r_sig, NULL, string, + result[0], result[1], result[2], result[3], result[4], result[5] + ); break; + default: BUG (); + } + if ( rc ) + BUG (); + g10_free ( string ); } release_mpi_array( result ); g10_free( result ); - *r_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), - gcry_sexp_alist( s_elems ) ); - - g10_free( s_elems ); return 0; } @@ -1199,7 +1318,7 @@ gcry_pk_testkey( GCRY_SEXP s_key ) int gcry_pk_genkey( GCRY_SEXP *r_key, GCRY_SEXP s_parms ) { - GCRY_SEXP list, l2, *s_elems, pub_list, sec_list, misc_list; + GCRY_SEXP list, l2; const char *name; const char *s; size_t n; @@ -1213,18 +1332,24 @@ gcry_pk_genkey( GCRY_SEXP *r_key, GCRY_SEXP s_parms ) list = gcry_sexp_find_token( s_parms, "genkey", 0 ); if( !list ) return GCRYERR_INV_OBJ; /* Does not contain genkey data */ - list = gcry_sexp_cdr( list ); + l2 = gcry_sexp_cdr( list ); + gcry_sexp_release ( list ); + list = l2; if( !list ) return GCRYERR_NO_OBJ; /* no cdr for the genkey */ name = gcry_sexp_car_data( list, &n ); - if( !name ) + if( !name ) { + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* algo string missing */ + } for(i=0; (s=algo_info_table[i].name); i++ ) { if( strlen(s) == n && !memcmp( s, name, n ) ) break; } - if( !s ) + if( !s ) { + gcry_sexp_release ( list ); return GCRYERR_INV_PK_ALGO; /* unknown algorithm */ + } algo = algo_info_table[i].algo; algo_name = algo_info_table[i].name; @@ -1234,11 +1359,15 @@ gcry_pk_genkey( GCRY_SEXP *r_key, GCRY_SEXP s_parms ) strcat( sec_elems, algo_info_table[i].secret_elements ); l2 = gcry_sexp_find_token( list, "nbits", 0 ); - if( !l2 ) + gcry_sexp_release ( list ); + list = l2; + if( !list ) return GCRYERR_NO_OBJ; /* no nbits aparemter */ - name = gcry_sexp_cdr_data( l2, &n ); - if( !name ) + name = gcry_sexp_cdr_data( list, &n ); + if( !name ) { + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* nbits without a cdr */ + } { char *p = g10_xmalloc(n+1); memcpy(p, name, n ); @@ -1246,56 +1375,84 @@ gcry_pk_genkey( GCRY_SEXP *r_key, GCRY_SEXP s_parms ) nbits = (unsigned int)strtol( p, NULL, 0 ); g10_free( p ); } + gcry_sexp_release ( list ); rc = pubkey_generate( algo, nbits, skey, &factors ); if( rc ) { return rc; } - /* build the public key list */ - s_elems = g10_xcalloc( (strlen(pub_elems)+2), sizeof *s_elems ); - s_elems[0] = SEXP_NEW( algo_name, 0 ); - for(i=0; pub_elems[i]; i++ ) { - char tmp[2]; - tmp[0] = pub_elems[i]; - tmp[1] = 0; - s_elems[i+1] = gcry_sexp_new_name_mpi( tmp, skey[i] ); - } - pub_list = SEXP_CONS( SEXP_NEW( "public-key", 0 ), - gcry_sexp_alist( s_elems ) ); - g10_free( s_elems ); - - /* build the secret key list */ - s_elems = g10_xcalloc( (strlen(sec_elems)+2), sizeof *s_elems ); - s_elems[0] = SEXP_NEW( algo_name, 0 ); - for(i=0; sec_elems[i]; i++ ) { - char tmp[2]; - tmp[0] = sec_elems[i]; - tmp[1] = 0; - s_elems[i+1] = gcry_sexp_new_name_mpi( tmp, skey[i] ); - } - sec_list = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_alist( s_elems ) ); - g10_free( s_elems ); - - /* build the list of factors */ - for(n=0; factors[n]; n++ ) - ; - s_elems = g10_xcalloc( n+2, sizeof *s_elems ); - s_elems[0] = SEXP_NEW( "pm1-factors", 0 ); - for(i=0; factors[i]; i++ ) { - s_elems[i+1] = gcry_sexp_new_mpi( factors[i] ); + { + char *string, *p; + size_t nelem=0, needed=0; + GCRY_MPI mpis[30]; + + + /* count elements, so that we can allocate enough space */ + for(i=0; pub_elems[i]; i++, nelem++ ) + needed += 10; /* 6 + a safety margin */ + for(i=0; sec_elems[i]; i++, nelem++ ) + needed += 10; /* 6 + a safety margin */ + for(i=0; factors[i]; i++, nelem++ ) + needed += 10; /* 6 + a safety margin */ + needed += 2* strlen(algo_name) + 300; + if ( nelem > DIM(mpis) ) + BUG (); + + /* build the string */ + nelem = 0; + string = p = g10_xmalloc ( needed ); + p = stpcpy ( p, "(key-data(" ); + + p = stpcpy ( p, "(public-key(" ); + p = stpcpy ( p, algo_name ); + for(i=0; pub_elems[i]; i++ ) { + *p++ = '('; + *p++ = pub_elems[i]; + p = stpcpy ( p, "%m)" ); + mpis[nelem++] = skey[i]; + } + strcpy ( p, "))" ); + + p = stpcpy ( p, "(private-key(" ); + p = stpcpy ( p, algo_name ); + for(i=0; sec_elems[i]; i++ ) { + *p++ = '('; + *p++ = sec_elems[i]; + p = stpcpy ( p, "%m)" ); + mpis[nelem++] = skey[i]; + } + strcpy ( p, "))" ); + + p = stpcpy ( p, "(misc-key-info(pm1-factors" ); + for(i=0; factors[i]; i++ ) { + p = stpcpy ( p, "%m" ); + mpis[nelem++] = factors[i]; + } + strcpy ( p, "))" ); + + while ( nelem < DIM(mpis) ) + mpis[nelem++] = NULL; + + /* and now the ugly part: we don't have a function to + * pass an array to a format string, so we have just pass everything + * we have. which normally should be no problem as only those + * with a corresponding %m are used + */ + if ( gcry_sexp_build ( r_key, NULL, string, + mpis[0], mpis[1], mpis[2], mpis[3], mpis[4], mpis[5], + mpis[6], mpis[7], mpis[8], mpis[9], mpis[10], mpis[11], + mpis[12], mpis[13], mpis[14], mpis[15], mpis[16], mpis[17], + mpis[18], mpis[19], mpis[20], mpis[21], mpis[22], mpis[23], + mpis[24], mpis[25], mpis[26], mpis[27], mpis[28], mpis[29] + ) ) + BUG (); + assert ( DIM(mpis) == 29 ); + g10_free ( string ); } - misc_list = SEXP_CONS( SEXP_NEW( "misc-key-info", 0 ), - gcry_sexp_alist( s_elems ) ); - g10_free( s_elems ); - - /* and put all together */ - *r_key = gcry_sexp_vlist( SEXP_NEW( "key-data", 0 ), - pub_list, sec_list, misc_list, NULL ); - gcry_sexp_release( pub_list ); - gcry_sexp_release( sec_list ); - gcry_sexp_release( misc_list ); + release_mpi_array ( skey ); + release_mpi_array ( factors ); + return 0; } diff --git a/g10/ChangeLog b/g10/ChangeLog index 6d3aa7cc4..893fed136 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,19 @@ +Tue Jul 25 17:44:15 CEST 2000 Werner Koch <[email protected]> + + * keyedit.c (menu_expire): expire date for primary key can be set again. + + * keylist.c (is_uid_valid): New. + (list_keyblock): Print validity information for all user IDs. Note, this + has to be done at other places too; for now we have only minimal support. + + * sign.c (pk_sign): Changed to use the new S-Exp interface. + * encode.c (pk_encrypt): Ditto. + * sig-check.c (pk_verify): Ditto. + * seckey-cert.c (pk_check_secret_key): Ditto. + * pubkey-enc.c (pk_decrypt): Ditto. + * misc.c (pubkey_nbits): Ditto. + * keygen.c (key_from_sexp,factors_from_sexp,gen_elg,gen_dsa): Ditto. + Fri Jul 14 19:38:23 CEST 2000 Werner Koch <wk@> Replaced everything with the code from the STABLE-BRANCH-1-0 and diff --git a/g10/encode.c b/g10/encode.c index 6195b533c..e1ef5b2ae 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -54,18 +54,19 @@ pk_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ) /* make a sexp from pkey */ if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), - gcry_sexp_new_name_mpi( "p", pkey[0] ), - gcry_sexp_new_name_mpi( "g", pkey[1] ), - gcry_sexp_new_name_mpi( "y", pkey[2] ), - NULL )); + rc = gcry_sexp_build ( &s_pkey, NULL, + "(public-key(elg(p%m)(g%m)(y%m)))", + pkey[0], pkey[1], pkey[2] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + /* put the data into a simple list */ - s_data = gcry_sexp_new_mpi( data ); + if ( gcry_sexp_build( &s_data, NULL, "%m", data ) ) + BUG (); /* pass it to libgcrypt */ rc = gcry_pk_encrypt( &s_ciph, s_data, s_pkey ); @@ -79,10 +80,13 @@ pk_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ) assert( list ); resarr[0] = gcry_sexp_cdr_mpi( list, 0 ); assert( resarr[0] ); + gcry_sexp_release ( list ); + list = gcry_sexp_find_token( s_ciph, "b" , 0 ); assert( list ); resarr[1] = gcry_sexp_cdr_mpi( list, 0 ); assert( resarr[1] ); + gcry_sexp_release ( list ); } gcry_sexp_release( s_ciph ); diff --git a/g10/keyedit.c b/g10/keyedit.c index a64c7e86f..daf4fb41d 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1504,7 +1504,7 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock ) else if( node->pkt->pkttype == PKT_USER_ID ) uid = node->pkt->pkt.user_id; else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE - && sub_pk != NULL ) { + && (mainkey || sub_pk ) ) { PKT_signature *sig = node->pkt->pkt.signature; if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] && ( (mainkey && uid && (sig->sig_class&~3) == 0x10) diff --git a/g10/keygen.c b/g10/keygen.c index b6c6cc7e3..3b3d95e3b 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -254,7 +254,9 @@ key_from_sexp( GCRY_MPI *array, list = gcry_sexp_find_token( sexp, topname, 0 ); if( !list ) return GCRYERR_INV_OBJ; - list = gcry_sexp_cdr( list ); + l2 = gcry_sexp_cdr( list ); + gcry_sexp_release ( list ); + list = l2; if( !list ) return GCRYERR_NO_OBJ; @@ -266,17 +268,21 @@ key_from_sexp( GCRY_MPI *array, gcry_free( array[i] ); array[i] = NULL; } + gcry_sexp_release ( list ); return GCRYERR_NO_OBJ; /* required parameter not found */ } array[idx] = gcry_sexp_cdr_mpi( l2, GCRYMPI_FMT_USG ); + gcry_sexp_release ( l2 ); if( !array[idx] ) { for(i=0; i<idx; i++) { gcry_free( array[i] ); array[i] = NULL; } + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; /* required parameter is invalid */ } } + gcry_sexp_release ( list ); return 0; } @@ -294,36 +300,45 @@ factors_from_sexp( MPI **retarray, GCRY_SEXP sexp ) list = gcry_sexp_find_token( sexp, "misc-key-info", 0 ); if( !list ) return GCRYERR_INV_OBJ; - list = gcry_sexp_cdr( list ); + l2 = gcry_sexp_cdr( list ); + gcry_sexp_release ( list ); + list = l2; if( !list ) return GCRYERR_NO_OBJ; - list = gcry_sexp_find_token( list, "pm1-factors", 0 ); + l2 = gcry_sexp_find_token( list, "pm1-factors", 0 ); + gcry_sexp_release ( list ); + list = l2; if( !list ) return GCRYERR_NO_OBJ; /* count factors */ ctx = NULL; for( n=0; (l2 = gcry_sexp_enum( list, &ctx, 0 )); n++ ) - ; + gcry_sexp_release ( l2 ); array = gcry_xcalloc( n, sizeof *array ); - if( !array ) + if( !array ) { + gcry_sexp_release ( list ); return GCRYERR_NO_MEM; - - /* retrieve factors (the first enum is to skip the car) */ + } + /* retrieve factors */ ctx = NULL; - if( gcry_sexp_enum( list, &ctx, 0 ) ) { + if( (l2 = gcry_sexp_enum( list, &ctx, 0 )) ) { + gcry_sexp_release ( l2 ); /* skip the car */ for( n=0; (l2 = gcry_sexp_enum( list, &ctx, 0 )); n++ ) { array[n] = gcry_sexp_car_mpi( l2, 0 ); + gcry_sexp_release ( l2 ); if( !array[n] ) { for(i=0; i < n; i++ ) gcry_mpi_release( array[i] ); gcry_free(array); + gcry_sexp_release ( list ); return GCRYERR_INV_OBJ; } } } + gcry_sexp_release ( list ); *retarray = array; return 0; } @@ -340,7 +355,6 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, PKT_secret_key *sk; PKT_public_key *pk; MPI *factors; - char buf[100]; GCRY_SEXP s_parms, s_key; assert( is_ELGAMAL(algo) ); @@ -355,12 +369,12 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, log_info(_("keysize rounded up to %u bits\n"), nbits ); } - sprintf(buf, "%u", nbits ); - s_parms = SEXP_CONS( SEXP_NEW( "genkey", 0 ), - SEXP_CONS( SEXP_NEW(algo == GCRY_PK_ELG_E ? "openpgp-elg" : - algo == GCRY_PK_ELG ? "elg" : "x-oops",0), - gcry_sexp_new_name_data( "nbits", buf, 0 ) ) - ); + if ( gcry_sexp_build ( &s_parms, NULL, + "(genkey(%s(nbits %d)))", + algo == GCRY_PK_ELG_E ? "openpgp-elg" : + algo == GCRY_PK_ELG ? "elg" : "x-oops" , + (int)nbits ) ) + BUG (); rc = gcry_pk_genkey( &s_key, s_parms ); gcry_sexp_release( s_parms ); @@ -447,7 +461,6 @@ gen_dsa(unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, PKT_secret_key *sk; PKT_public_key *pk; MPI *factors; - char buf[100]; GCRY_SEXP s_parms, s_key; if( nbits > 1024 || nbits < 512 ) { @@ -460,11 +473,9 @@ gen_dsa(unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, log_info(_("keysize rounded up to %u bits\n"), nbits ); } - sprintf(buf, "%u", nbits ); - s_parms = SEXP_CONS( SEXP_NEW( "genkey", 0 ), - SEXP_CONS( SEXP_NEW("dsa",0), - gcry_sexp_new_name_data( "nbits", buf, 0 ) ) - ); + if ( gcry_sexp_build ( &s_parms, NULL, + "(genkey(dsa(nbits %d)))", (int)nbits ) ) + BUG (); rc = gcry_pk_genkey( &s_key, s_parms ); gcry_sexp_release( s_parms ); diff --git a/g10/keylist.c b/g10/keylist.c index 751a61c9b..4109968c0 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -105,6 +105,83 @@ list_all( int secret ) } +/**************** + * Check whether the user ID at NODE is valid; that is it has a + * valid self-signature but no later valid revocation. + * Caller has to pass the keyID of the primary in mainkey. + * Returns: NULL = valid + * string with the reason why it is invalid + */ +static const char * +is_uid_valid ( KBNODE keyblock, KBNODE uidnode, u32 *mainkid ) +{ + KBNODE node; + PKT_signature *selfsig = NULL; /* the latest valid self signature */ + + /* The key signature verify function can's handle secret keys yet and + * becuase we are not sure whether the duplication of user IDs and + * self-signatures should be kept on secret keys we are not going to fix + * it there. */ + if ( keyblock->pkt->pkttype == PKT_SECRET_KEY ) + return NULL; + + assert ( uidnode->pkt->pkttype == PKT_USER_ID + || uidnode->pkt->pkttype == PKT_PHOTO_ID ); + + /* first find out about the latest valid self-signature */ + for ( node = uidnode->next; node; node = node->next ) { + PKT_signature *sig; + + if ( node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_PHOTO_ID + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY ) + break; + if ( node->pkt->pkttype != PKT_SIGNATURE ) + continue; + sig = node->pkt->pkt.signature; + if ( mainkid[0] != sig->keyid[0] || mainkid[1] != sig->keyid[1] ) + continue; /* we only care about self-signatures for now */ + + if ( (sig->sig_class&~3) == 0x10 ) { /* regular self signature */ + if ( !check_key_signature( keyblock, node, NULL ) ) { + if ( !selfsig ) + selfsig = sig; /* use the first valid sig */ + else if ( sig->timestamp > selfsig->timestamp + && sig->sig_class >= selfsig->sig_class ) + selfsig = sig; /* but this one is newer */ + } + } + } + + if ( !selfsig ) + return _("invalid"); /* no valid self signature */ + + /* watch out for a newer revocation */ + for ( node = uidnode->next; node; node = node->next ) { + PKT_signature *sig; + + if ( node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_PHOTO_ID + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY ) + break; + if ( node->pkt->pkttype != PKT_SIGNATURE ) + continue; + sig = node->pkt->pkt.signature; + if ( mainkid[0] != sig->keyid[0] || mainkid[1] != sig->keyid[1] ) + continue; /* we only care about self-signatures for now */ + + if ( sig->sig_class == 0x30 + && sig->timestamp >= selfsig->timestamp ) { + if ( !check_key_signature( keyblock, node, NULL ) ) + return _("revoked"); + } + } + + return NULL; /* UID is valid */ +} + static void list_one( STRLIST names, int secret ) @@ -263,9 +340,13 @@ list_keyblock( KBNODE keyblock, int secret ) node->pkt->pkt.user_id->len, ':' ); putchar(':'); } - else + else { + const char *s = is_uid_valid ( keyblock, node, keyid ); + if ( s ) + printf ("[%s] ", s ); print_utf8_string( stdout, node->pkt->pkt.user_id->name, node->pkt->pkt.user_id->len ); + } putchar('\n'); if( !any ) { diff --git a/g10/misc.c b/g10/misc.c index e7bd8fac6..44a6f76b1 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -420,40 +420,34 @@ pubkey_get_nenc( int algo ) return n > 0? n : 0; } + unsigned int pubkey_nbits( int algo, MPI *key ) { - int nbits; + int rc, nbits; GCRY_SEXP sexp; - if( algo == GCRY_PK_DSA ) { - sexp = SEXP_CONS( SEXP_NEW( "public-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 3 ), - gcry_sexp_new_name_mpi( "p", key[0] ), - gcry_sexp_new_name_mpi( "q", key[1] ), - gcry_sexp_new_name_mpi( "g", key[2] ), - gcry_sexp_new_name_mpi( "y", key[3] ), - NULL )); + rc = gcry_sexp_build ( &sexp, NULL, + "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", + key[0], key[1], key[2], key[3] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - sexp = SEXP_CONS( SEXP_NEW( "public-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), - gcry_sexp_new_name_mpi( "p", key[0] ), - gcry_sexp_new_name_mpi( "g", key[1] ), - gcry_sexp_new_name_mpi( "y", key[2] ), - NULL )); + rc = gcry_sexp_build ( &sexp, NULL, + "(public-key(elg(p%m)(g%m)(y%m)))", + key[0], key[1], key[2] ); } else if( algo == GCRY_PK_RSA ) { - sexp = SEXP_CONS( SEXP_NEW( "public-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), - gcry_sexp_new_name_mpi( "n", key[0] ), - gcry_sexp_new_name_mpi( "e", key[1] ), - NULL )); + rc = gcry_sexp_build ( &sexp, NULL, + "(public-key(rsa(n%m)(e%m)))", + key[0], key[1] ); } else return 0; + if ( rc ) + BUG (); + nbits = gcry_pk_get_nbits( sexp ); gcry_sexp_release( sexp ); return nbits; diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 2019d0301..aa848a2cb 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -51,45 +51,36 @@ pk_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) *result = NULL; /* make a sexp from skey */ if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 0 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "g", skey[1] ), - gcry_sexp_new_name_mpi( "y", skey[2] ), - gcry_sexp_new_name_mpi( "x", skey[3] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(elg(p%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3] ); } else if( algo == GCRY_PK_RSA ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 0 ), - gcry_sexp_new_name_mpi( "n", skey[0] ), - gcry_sexp_new_name_mpi( "e", skey[1] ), - gcry_sexp_new_name_mpi( "d", skey[2] ), - gcry_sexp_new_name_mpi( "p", skey[3] ), - gcry_sexp_new_name_mpi( "q", skey[4] ), - gcry_sexp_new_name_mpi( "u", skey[5] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4], skey[5] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + /* put data into a S-Exp s_data */ if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_data = SEXP_CONS( SEXP_NEW( "enc-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 0 ), - gcry_sexp_new_name_mpi( "a", data[0] ), - gcry_sexp_new_name_mpi( "b", data[1] ), - NULL )); + rc = gcry_sexp_build ( &s_data, NULL, + "(enc-val(elg(a%m)(b%m)))", data[0], data[1] ); } else if( algo == GCRY_PK_RSA ) { - s_data = SEXP_CONS( SEXP_NEW( "enc-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 0 ), - gcry_sexp_new_name_mpi( "a", data[0] ), - NULL )); + rc = gcry_sexp_build ( &s_data, NULL, + "(enc-val(rsa(a%m)))", data[0] ); } else BUG(); + if ( rc ) + BUG (); + rc = gcry_pk_decrypt( &s_plain, s_data, s_skey ); gcry_sexp_release( s_skey ); gcry_sexp_release( s_data); @@ -97,6 +88,7 @@ pk_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) return rc; *result = gcry_sexp_car_mpi( s_plain, 0 ); + gcry_sexp_release( s_plain ); if( !*result ) return -1; /* oops */ diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index ab09b8f4d..1f511c229 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -46,38 +46,26 @@ pk_check_secret_key( int algo, MPI *skey ) /* make a sexp from skey */ if( algo == GCRY_PK_DSA ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 0 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "q", skey[1] ), - gcry_sexp_new_name_mpi( "g", skey[2] ), - gcry_sexp_new_name_mpi( "y", skey[3] ), - gcry_sexp_new_name_mpi( "x", skey[4] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 0 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "g", skey[1] ), - gcry_sexp_new_name_mpi( "y", skey[2] ), - gcry_sexp_new_name_mpi( "x", skey[3] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(elg(p%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3] ); } else if( algo == GCRY_PK_RSA ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 0 ), - gcry_sexp_new_name_mpi( "n", skey[0] ), - gcry_sexp_new_name_mpi( "e", skey[1] ), - gcry_sexp_new_name_mpi( "d", skey[2] ), - gcry_sexp_new_name_mpi( "p", skey[3] ), - gcry_sexp_new_name_mpi( "q", skey[4] ), - gcry_sexp_new_name_mpi( "u", skey[5] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4], skey[5] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + rc = gcry_pk_testkey( s_skey ); gcry_sexp_release( s_skey ); return rc; diff --git a/g10/sig-check.c b/g10/sig-check.c index f12cfa6d3..ba392414a 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -61,59 +61,49 @@ pk_verify( int algo, MPI hash, MPI *data, MPI *pkey, /* make a sexp from pkey */ if( algo == GCRY_PK_DSA ) { - s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 10 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 3 ), - gcry_sexp_new_name_mpi( "p", pkey[0] ), - gcry_sexp_new_name_mpi( "q", pkey[1] ), - gcry_sexp_new_name_mpi( "g", pkey[2] ), - gcry_sexp_new_name_mpi( "y", pkey[3] ), - NULL )); + rc = gcry_sexp_build ( &s_pkey, NULL, + "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", + pkey[0], pkey[1], pkey[2], pkey[3] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 10 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), - gcry_sexp_new_name_mpi( "p", pkey[0] ), - gcry_sexp_new_name_mpi( "g", pkey[1] ), - gcry_sexp_new_name_mpi( "y", pkey[2] ), - NULL )); + rc = gcry_sexp_build ( &s_pkey, NULL, + "(public-key(dsa(p%m)(g%m)(y%m)))", + pkey[0], pkey[1], pkey[2] ); } else if( algo == GCRY_PK_RSA ) { - s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 10 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), - gcry_sexp_new_name_mpi( "n", pkey[0] ), - gcry_sexp_new_name_mpi( "e", pkey[1] ), - NULL )); + rc = gcry_sexp_build ( &s_pkey, NULL, + "(public-key(rsa(n%m)(e%m)))", + pkey[0], pkey[1] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + /* put hash into a S-Exp s_hash */ - s_hash = gcry_sexp_new_mpi( hash ); + if ( gcry_sexp_build( &s_hash, NULL, "%m", hash ) ) + BUG (); /* put data into a S-Exp s_sig */ if( algo == GCRY_PK_DSA ) { - s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 0 ), - gcry_sexp_new_name_mpi( "r", data[0] ), - gcry_sexp_new_name_mpi( "s", data[1] ), - NULL )); + rc = gcry_sexp_build ( &s_sig, NULL, + "(sig-val(dsa(r%m)(s%m)))", data[0], data[1] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 0 ), - gcry_sexp_new_name_mpi( "r", data[0] ), - gcry_sexp_new_name_mpi( "s", data[1] ), - NULL )); + rc = gcry_sexp_build ( &s_sig, NULL, + "(sig-val(elg(r%m)(s%m)))", data[0], data[1] ); } else if( algo == GCRY_PK_RSA ) { - s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), - gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), - gcry_sexp_new_name_mpi( "s", data[0] ), - NULL )); + rc = gcry_sexp_build ( &s_sig, NULL, + "(sig-val(rsa(s%m)))", data[0] ); } else BUG(); + if ( rc ) + BUG (); + rc = gcry_pk_verify( s_sig, s_hash, s_pkey ); gcry_sexp_release( s_sig ); diff --git a/g10/sign.c b/g10/sign.c index 9d0c203b8..ca469c07c 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -58,29 +58,24 @@ pk_sign( int algo, MPI *data, MPI hash, MPI *skey ) /* make a sexp from skey */ if( algo == GCRY_PK_DSA ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "dsa", 3 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "q", skey[1] ), - gcry_sexp_new_name_mpi( "g", skey[2] ), - gcry_sexp_new_name_mpi( "y", skey[3] ), - gcry_sexp_new_name_mpi( "x", skey[4] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3], skey[4] ); } else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { - s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), - gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), - gcry_sexp_new_name_mpi( "p", skey[0] ), - gcry_sexp_new_name_mpi( "g", skey[1] ), - gcry_sexp_new_name_mpi( "y", skey[2] ), - gcry_sexp_new_name_mpi( "x", skey[3] ), - NULL )); + rc = gcry_sexp_build ( &s_skey, NULL, + "(private-key(elg(p%m)(g%m)(y%m)(x%m)))", + skey[0], skey[1], skey[2], skey[3] ); } else return GPGERR_PUBKEY_ALGO; + if ( rc ) + BUG (); + /* put hash into a S-Exp s_hash */ - s_hash = gcry_sexp_new_mpi( hash ); + if ( gcry_sexp_build( &s_hash, NULL, "%m", hash ) ) + BUG (); rc = gcry_pk_sign( &s_sig, s_hash, s_skey ); gcry_sexp_release( s_hash ); @@ -93,10 +88,13 @@ pk_sign( int algo, MPI *data, MPI hash, MPI *skey ) assert( list ); data[0] = gcry_sexp_cdr_mpi( list, 0 ); assert( data[0] ); + gcry_sexp_release (list); + list = gcry_sexp_find_token( s_sig, "s" , 0 ); assert( list ); data[1] = gcry_sexp_cdr_mpi( list, 0 ); assert( data[1] ); + gcry_sexp_release (list); } diff --git a/mpi/ChangeLog b/mpi/ChangeLog index 7119d1e2a..6bdeaf254 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,7 @@ +Tue Jul 25 17:44:15 CEST 2000 Werner Koch <[email protected]> + + * config.links: Support for powerpc--netbsd by Gabriel Rosenkoetter. + Mon Jul 17 16:35:47 CEST 2000 Werner Koch <wk@> * power/: Add all files from GMP for this CPU. Converted comments to diff --git a/mpi/config.links b/mpi/config.links index 6a2cbfb53..6f6b276da 100644 --- a/mpi/config.links +++ b/mpi/config.links @@ -178,6 +178,16 @@ case "${target}" in cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h path="powerpc32" ;; + + powerpc*-*-netbsd*) + echo '/* configured NetBSD on powerpc */' >>./mpi/asm-syntax.h + echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h + mpi_sflags="-Wa,-mppc" + path="powerpc32" + ;; + + rs6000-*-aix[456789]* | \ rs6000-*-aix3.2.[456789]) mpi_sflags="-Wa,-mpwr" diff --git a/util/iobuf.c b/util/iobuf.c index d4900f416..ce63b55b8 100644 --- a/util/iobuf.c +++ b/util/iobuf.c @@ -468,7 +468,7 @@ int iobuf_close( IOBUF a ) { IOBUF a2; - size_t dummy_len; + size_t dummy_len = 0; int rc=0; if( a && a->directfp ) { @@ -986,7 +986,7 @@ underflow(IOBUF a) } if( a->use == 1 && rc == -1 ) { /* EOF: we can remove the filter */ - size_t dummy_len; + size_t dummy_len=0; /* and tell the filter to free itself */ if( (rc = a->filter(a->filter_ov, IOBUFCTRL_FREE, a->chain, |