diff options
| -rw-r--r-- | BUGS | 12 | ||||
| -rw-r--r-- | OBUGS | 16 | ||||
| -rw-r--r-- | TODO | 3 | ||||
| -rw-r--r-- | doc/DETAILS | 10 | ||||
| -rw-r--r-- | g10/ChangeLog | 6 | ||||
| -rw-r--r-- | g10/armor.c | 2 | ||||
| -rw-r--r-- | g10/sig-check.c | 21 | ||||
| -rw-r--r-- | g10/sign.c | 100 | ||||
| -rw-r--r-- | g10/trustdb.c | 18 |
9 files changed, 60 insertions, 128 deletions
@@ -52,17 +52,7 @@ an "info standards" to find out why a disclaimer is needed for GNU.) PGP decrypts 6416k out of 6424k, then complains with "PGP Warning", "The keyring contains a bad (corrupted) PGP packet". The resulting file is missing information from the front. - [26.02.99: temporary fix in encrypt_simple() + [26.02.99: temporary fix in encrypt_simple()] -[ ] #8 1999-02-25 <[email protected]> 0.9.3 - %gpg --encrypt -r [email protected] --batch foo - gpg: Warning: using insecure memory! - gpg: 11C23F61: no info to calculate a trust probability - This creates a symmetrically encrypted message WITHOUT a session key - encrypted with public cryptographic(i.e. foo.gpg). This is probably - [26.02.99 fixed] -[ ] #9 1999-02-25 - Misalignment in md5.c#md5_write. - [26.02.99 fixed] @@ -10,3 +10,19 @@ gpg:[stdin]: key A6A59DB9: secret key not found: public key not found FIX: 1999-02-22 wk +[ *] #8 1999-02-25 <[email protected]> 0.9.3 + %gpg --encrypt -r [email protected] --batch foo + gpg: Warning: using insecure memory! + gpg: 11C23F61: no info to calculate a trust probability + This creates a symmetrically encrypted message WITHOUT a session key + encrypted with public cryptographic(i.e. foo.gpg). This is probably + FIX: 199-02-26 wk + +[ **] #9 1999-02-25 + Misalignment in md5.c#md5_write. + FIX: 1999-02-26 wk + +[ **] #10 1999-03-01 + Armor detection code is broken. Direct import of keyrings is not possible. + FIX: 1999-03-02 wk + @@ -20,7 +20,6 @@ * when decryptiong multiple key: print a warning only if no usable pubkey encrypt package was found. Extension: display a list of all recipients. - * Can't import ring1.pgp. Compressed keys? Should print a warning. Nice to have ------------ @@ -33,7 +32,5 @@ Nice to have * Burn the buffers used by fopen(), or use read(2). Does this really make sense? * change the fake_data stuff to mpi_set_opaque - * How about letting something like 'gpg --version -v', list the - effective options. [Too much work.] * Stats about used random numbers. diff --git a/doc/DETAILS b/doc/DETAILS index 810f1eaa7..9c45b58e1 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -65,10 +65,12 @@ more arguments in future versions. status lines ere emitted for a good signature. SIG_ID <radix64_string> - This is emitted only for DSA or ElGamal signatures which - have been verified okay. The strings is a signature id - and maybe used in applications to detect replay attacks - of signed messages. + This is emitted only for signatures which + have been verified okay. The string is a signature id + and may be used in applications to detect replay attacks + of signed messages. Note that only DLP algorithms give + unique ids - others may yoild duplicated ones when they + have been created in the same second. TRUST_UNDEFINED TRUST_NEVER diff --git a/g10/ChangeLog b/g10/ChangeLog index 11636394a..9ccca2318 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +Tue Mar 2 10:38:42 CET 1999 Werner Koch <[email protected]> + + * sig-check.c (signature_check): sig-id now works for all algos. + + * armor.c (armor_filter): Fixed armor bypassing. + Sun Feb 28 19:11:00 CET 1999 Werner Koch <[email protected]> * keygen.c (ask_user_id): Don't change the case of email addresses. diff --git a/g10/armor.c b/g10/armor.c index ce3470398..1a3e6e5ba 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -792,7 +792,7 @@ armor_filter( void *opaque, int control, else if( !afx->inp_checked ) { rc = check_input( afx, a ); if( afx->inp_bypass ) { - for(n=0; n < size && afx->buffer_pos < afx->buffer_len; n++ ) + for(n=0; n < size && afx->buffer_pos < afx->buffer_len; ) buf[n++] = afx->buffer[afx->buffer_pos++]; if( afx->buffer_pos >= afx->buffer_len ) afx->buffer_len = 0; diff --git a/g10/sig-check.c b/g10/sig-check.c index 4cb1ea65e..2de2f7818 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -65,17 +65,26 @@ signature_check( PKT_signature *sig, MD_HANDLE digest ) free_public_key( pk ); - if( !rc && is_status_enabled() - && ( sig->pubkey_algo == PUBKEY_ALGO_DSA - || sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) ) { - /* If we are using these public key algorithms we can - * calculate an unique signature id, which may be useful - * in an application to prevent replac attacks */ + if( !rc && is_status_enabled() ) { + /* This signature id works best with DLP algorithms because + * they use a random parameter for every signature. Instead of + * this sig-id we could have also used the hash of the document + * and the timestamp, but the drawback of this is, that it is + * not possible to sign more than one identical document within + * one second. Some remote bacth processing applications might + * like this feature here */ MD_HANDLE md; + u32 a = sig->timestamp; int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); byte *p; md = md_open( DIGEST_ALGO_RMD160, 0); + md_putc( digest, sig->pubkey_algo ); + md_putc( digest, sig->digest_algo ); + md_putc( digest, (a >> 24) & 0xff ); + md_putc( digest, (a >> 16) & 0xff ); + md_putc( digest, (a >> 8) & 0xff ); + md_putc( digest, a & 0xff ); for(i=0; i < nsig; i++ ) { unsigned n = mpi_get_nbits( sig->data[i]); diff --git a/g10/sign.c b/g10/sign.c index dd7f50c35..4d4288449 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -455,106 +455,6 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, } -#if 0 -/**************** - * Note: We do not calculate the hash over the last CR,LF - */ -static int -write_dash_escaped( IOBUF inp, IOBUF out, MD_HANDLE md ) -{ - int c; - int lastlf = 1; - int state = 0; - - if( opt.not_dash_escaped ) { - lastlf = 0; - while( (c = iobuf_get(inp)) != -1 ) { - md_putc(md, c ); - iobuf_put( out, c ); - lastlf = c; - } - if( lastlf != '\n' ) { - /* add a missing trailing LF */ - md_putc(md, '\n' ); - iobuf_put( out, '\n' ); - } - - return 0; - } - - while( (c = iobuf_get(inp)) != -1 ) { - if( lastlf ) { - if( c == '-' ) { - iobuf_put( out, c ); - iobuf_put( out, ' ' ); - } - else if( c == 'F' && opt.escape_from ) { - int i; - - if( state >= 1 ) - md_putc(md, '\r'); - if( state >= 2 ) - md_putc(md, '\n'); - state = 0; - - for( i=1; i < 5 && (c = iobuf_get(inp)) != -1; i++ ) { - if( "From "[i] != c ) - break; - } - if( i < 5 ) { - iobuf_write( out, "From", i ); - md_write( md, "From", i ); - if( c == -1 ) - break; - } - else { - iobuf_writestr( out, "- From" ); - md_write( md, "From", 4 ); - } - } - } - - again: - switch( state ) { - case 0: - if( c == '\r' ) - state = 1; - else - md_putc(md, c ); - break; - case 1: - if( c == '\n' ) - state = 2; - else { - md_putc(md, '\r'); - state = 0; - goto again; - } - break; - case 2: - md_putc(md, '\r'); - md_putc(md, '\n'); - state = 0; - goto again; - default: BUG(); - } - iobuf_put( out, c ); - lastlf = c == '\n'; - } - if( state == 1 ) - md_putc(md, '\r'); - else if( state == 2 ) { /* file ended with a new line */ - md_putc(md, '\r'); - md_putc(md, '\n'); - iobuf_put( out, '\n'); - } - - if( !lastlf ) - iobuf_put( out, '\n' ); - - return 0; /* fixme: add error handling */ -} -#endif /**************** * make a clear signature. note that opt.armor is not needed diff --git a/g10/trustdb.c b/g10/trustdb.c index c96de91f4..c40976523 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -996,6 +996,10 @@ collect_paths( int depth, int max_depth, int all, TRUSTREC *drec, typedef struct { ulong lid; ulong uid; + byte uid_flags; + byte uid_validity; + byte dir_flags; + byte ownertrust; } CERT_ITEM; /* structure to hold certification chains. Item[nitems-1] is the @@ -1033,7 +1037,7 @@ add_cert_items_to_set( CERT_CHAIN *set_head, CERT_ITEM *items, int nitems ) /**************** * Find all certification paths of a given LID. - * Limit the search to MAX_DEPTH. stack is a helper variable which + * Limit the search to MAX_DEPTH. stack is a helper variable which * should have been allocated with size max_depth, stack[0] should * be setup to the key we are investigating, so the minimal depth * we should ever see in this function is 1. @@ -1076,6 +1080,9 @@ find_cert_chain( ulong lid, int depth, int max_depth, /* Performance hint: add stuff to ignore this one when the * assigned validity of the key is bad */ + stack[depth].dir_flags = dirrec.r.dir.dirflags; + stack[depth].ownertrust = dirrec.r.dir.ownertrust; + /* loop over all user ids */ for( uidrno = dirrec.r.dir.uidlist; uidrno; uidrno = uidrec.r.uid.next ) { TRUSTREC sigrec; @@ -1083,6 +1090,8 @@ find_cert_chain( ulong lid, int depth, int max_depth, stack[depth].uid = uidrno; read_record( uidrno, &uidrec, RECTYPE_UID ); + stack[depth].uid_flags = uidrec.r.uid.uidflags; + stack[depth].uid_validity = uidrec.r.uid.validity; if( !(uidrec.r.uid.uidflags & UIDF_CHECKED) ) continue; /* user id has not been checked */ @@ -1562,13 +1571,16 @@ list_trust_path( const char *username ) find_cert_chain( lid, 0, opt.max_cert_depth, stack, &chains); m_free( stack ); /* dump chains */ + printf("lid/uid(ownertrust,validity):\n"); for(r=chains; r ; r = r->next ) { printf("chain:" ); for(i=0; i < r->nitems; i++ ) - printf(" %4lu/%-4lu", r->items[i].lid, r->items[i].uid ); + printf(" %lu/%lu(%d,%d)", r->items[i].lid, r->items[i].uid, + r->items[i].ownertrust, + (r->items[i].uid_flags & UIDF_VALVALID )? + r->items[i].uid_validity : 0 ); putchar('\n'); } - } #endif } |