diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 25 | ||||
| -rw-r--r-- | g10/Makefile.am | 14 | ||||
| -rw-r--r-- | g10/build-packet.c | 4 | ||||
| -rw-r--r-- | g10/cipher.c | 6 | ||||
| -rw-r--r-- | g10/encr-data.c | 6 | ||||
| -rw-r--r-- | g10/g10.c | 103 | ||||
| -rw-r--r-- | g10/getkey.c | 2 | ||||
| -rw-r--r-- | g10/import.c | 56 | ||||
| -rw-r--r-- | g10/keyedit.c | 7 | ||||
| -rw-r--r-- | g10/packet.h | 3 | ||||
| -rw-r--r-- | g10/parse-packet.c | 30 | ||||
| -rw-r--r-- | g10/ringedit.c | 7 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 15 | ||||
| -rw-r--r-- | g10/tdbio.c | 5 |
14 files changed, 120 insertions, 163 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index fd8e718c7..5fc0e45ca 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,28 @@ +Sun Apr 18 10:11:28 CEST 1999 Werner Koch <[email protected]> + + + * seckey-cert.c (do_check): Use real IV instead of a 0 one, so that + it works even if the length of the IV doesn't match the blocksize. + Removed the save_iv stuff. + (protect_secret_key): Likewise. Create the IV here. + * packet.h (PKT_secret_key): Increased size of IV field and add a + ivlen field. + * parse-packet.c (parse_key): Use the len protect.ivlen. + * build-packet.c (do_secret_key). Ditto. + + * getkey.c (key_byname): Close keyblocks. + + * Makefile.am (gpgm): Removed this + * g10.c: Merged gpg and gpgm + + * import.c (import): Utilize option quiet. + * tdbio.c (tdbio_set_dbname): Ditto. + * ringedit.c (add_keyblock_resource,keyring_copy): Ditto. + + * keyedit.c (sign_uids): Add some batch support. + + * g10.c (main): add call to tty_batchmode. + Fri Apr 9 12:26:25 CEST 1999 Werner Koch <[email protected]> * status.c (write_status_text): Some more status codes. diff --git a/g10/Makefile.am b/g10/Makefile.am index cf0286d2c..5fadb2918 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -7,7 +7,7 @@ LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@ needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a #noinst_PROGRAMS = gpgd -bin_PROGRAMS = gpg gpgm +bin_PROGRAMS = gpg common_source = \ build-packet.c \ @@ -64,12 +64,9 @@ gpg_SOURCES = g10.c \ verify.c \ decrypt.c \ keyedit.c \ + dearmor.c \ keygen.c - -gpgm_SOURCES = dearmor.c \ - $(common_source) - #gpgd_SOURCES = gpgd.c \ # ks-proto.h \ # ks-proto.c \ @@ -80,11 +77,6 @@ gpgm_SOURCES = dearmor.c \ LDADD = $(needed_libs) @ZLIBS@ @INTLLIBS@ -gpgm_LDADD = g10maint.o $(LDADD) - -g10maint.o: $(srcdir)/g10.c - $(COMPILE) -DIS_G10MAINT -o g10maint.o -c $(srcdir)/g10.c - $(PROGRAMS): $(needed_libs) @@ -92,6 +84,6 @@ $(PROGRAMS): $(needed_libs) install-data-local: $(mkinstalldirs) $(pkgdatadir) $(INSTALL_DATA) $(srcdir)/options.skel $(pkgdatadir)/options.skel - + rm $(bindir)/gpgm || ln -s $(bindir)/gpgm gpg diff --git a/g10/build-packet.c b/g10/build-packet.c index ca0837f6b..b3831eb32 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -343,7 +343,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) if( is_RSA(sk->pubkey_algo) && sk->version < 4 && !sk->protect.s2k.mode ) { iobuf_put(a, sk->protect.algo ); - iobuf_write(a, sk->protect.iv, 8 ); + iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); } else { iobuf_put(a, 0xff ); @@ -355,7 +355,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) iobuf_write(a, sk->protect.s2k.salt, 8 ); if( sk->protect.s2k.mode == 3 ) iobuf_put(a, sk->protect.s2k.count ); - iobuf_write(a, sk->protect.iv, 8 ); + iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); } } else diff --git a/g10/cipher.c b/g10/cipher.c index 5a7229f24..f0564e36d 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -64,10 +64,10 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); cfx->cipher_hd = cipher_open( cfx->dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); - /*log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/ +/* log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/ cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); - cipher_setiv( cfx->cipher_hd, NULL ); - /* log_hexdump( "prefix", temp, nprefix+2 );*/ + cipher_setiv( cfx->cipher_hd, NULL, 0 ); +/* log_hexdump( "prefix", temp, nprefix+2 ); */ cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2); cipher_sync( cfx->cipher_hd ); iobuf_write(a, temp, nprefix+2); diff --git a/g10/encr-data.c b/g10/encr-data.c index ff0930775..c18a397bd 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -71,7 +71,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) BUG(); dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); - /*log_hexdump( "thekey", dek->key, dek->keylen );*/ +/* log_hexdump( "thekey", dek->key, dek->keylen );*/ rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); if( rc == G10ERR_WEAK_KEY ) log_info(_("WARNING: message was encrypted with " @@ -79,7 +79,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) else if( rc ) log_error("key setup failed: %s\n", g10_errstr(rc) ); - cipher_setiv( dfx.cipher_hd, NULL ); + cipher_setiv( dfx.cipher_hd, NULL, 0 ); if( ed->len ) { for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) { @@ -99,7 +99,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2); cipher_sync( dfx.cipher_hd ); p = temp; - /*log_hexdump( "prefix", temp, nprefix+2 );*/ +/* log_hexdump( "prefix", temp, nprefix+2 ); */ if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) { cipher_close(dfx.cipher_hd); return G10ERR_BAD_KEY; @@ -45,10 +45,6 @@ #include "g10defs.h" #include "hkp.h" -#ifndef IS_G10MAINT - #define IS_G10 1 -#endif - enum cmd_and_opt_values { aNull = 0, oArmor = 'a', @@ -165,7 +161,6 @@ static ARGPARSE_OPTS opts[] = { { 300, NULL, 0, N_("@Commands:\n ") }, - #ifdef IS_G10 { aSign, "sign", 256, N_("|[file]|make a signature")}, { aClearsign, "clearsign", 256, N_("|[file]|make a clear text signature") }, { aDetachedSign, "detach-sign", 256, N_("make a detached signature")}, @@ -174,21 +169,16 @@ static ARGPARSE_OPTS opts[] = { { aStore, "store", 256, N_("store only")}, { aDecrypt, "decrypt", 256, N_("decrypt data (default)")}, { aVerify, "verify" , 256, N_("verify a signature")}, - #endif { aListKeys, "list-keys", 256, N_("list keys")}, { aListKeys, "list-public-keys", 256, "@" }, { aListSigs, "list-sigs", 256, N_("list keys and signatures")}, { aCheckKeys, "check-sigs",256, N_("check key signatures")}, { oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")}, { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, - #ifdef IS_G10 { aKeygen, "gen-key", 256, N_("generate a new key pair")}, - #endif { aDeleteKey, "delete-key",256, N_("remove key from the public keyring")}, - #ifdef IS_G10 { aEditKey, "edit-key" ,256, N_("sign or edit a key")}, { aGenRevoke, "gen-revoke",256, N_("generate a revocation certificate")}, - #endif { aExport, "export" , 256, N_("export keys") }, { aSendKeys, "send-keys" , 256, N_("export keys to a key server") }, { aRecvKeys, "recv-keys" , 256, N_("import keys from a key server") }, @@ -197,7 +187,6 @@ static ARGPARSE_OPTS opts[] = { { aImport, "import", 256 , N_("import/merge keys")}, { aFastImport, "fast-import", 256 , "@"}, { aListPackets, "list-packets",256,N_("list only the sequence of packets")}, - #ifdef IS_G10MAINT { aExportOwnerTrust, "export-ownertrust", 256, N_("export the ownertrust values")}, { aImportOwnerTrust, @@ -215,7 +204,6 @@ static ARGPARSE_OPTS opts[] = { { aPrimegen, "gen-prime" , 256, "@" }, { aGenRandom, "gen-random" , 256, "@" }, #endif - #endif { 301, NULL, 0, N_("@\nOptions:\n ") }, @@ -224,12 +212,10 @@ static ARGPARSE_OPTS opts[] = { { oRecipient, "remote-user", 2, "@"}, /* old option name */ { oEncryptTo, "encrypt-to", 2, "@" }, { oNoEncryptTo, "no-encrypt-to", 0, "@" }, - #ifdef IS_G10 { oUser, "local-user",2, N_("use this user-id to sign or decrypt")}, { oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") }, { oTextmodeShort, NULL, 0, "@"}, { oTextmode, "textmode", 0, N_("use canonical text mode")}, - #endif { oOutput, "output", 2, N_("use as output file")}, { oVerbose, "verbose", 0, N_("verbose") }, { oQuiet, "quiet", 0, N_("be somewhat more quiet") }, @@ -259,37 +245,25 @@ static ARGPARSE_OPTS opts[] = { N_("|NAME|use message digest algorithm NAME for passphrases")}, { oS2KCipher, "s2k-cipher-algo",2, N_("|NAME|use cipher algorithm NAME for passphrases")}, - #ifdef IS_G10 { oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")}, { oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")}, { oCompressAlgo, "compress-algo", 1 , N_("|N|use compress algorithm N")}, { oThrowKeyid, "throw-keyid", 0, N_("throw keyid field of encrypted packets")}, - #else /* some dummies */ - { oCipherAlgo, "cipher-algo", 2 , "@"}, - { oDigestAlgo, "digest-algo", 2 , "@"}, - { oCompressAlgo, "compress-algo", 1 , "@"}, - #endif - #ifdef IS_G10 { 302, NULL, 0, N_("@\nExamples:\n\n" " -se -r Bob [file] sign and encrypt for user Bob\n" " --clearsign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" " --list-keys [names] show keys\n" " --fingerprint [names] show fingerprints\n" ) }, - #endif /* hidden options */ - #ifdef IS_G10MAINT { aExportOwnerTrust, "list-ownertrust",0 , "@"}, /* alias */ { aListTrustDB, "list-trustdb",0 , "@"}, { aListTrustPath, "list-trust-path",0, "@"}, - #endif - #ifdef IS_G10 { oKOption, NULL, 0, "@"}, { oPasswdFD, "passphrase-fd",1, "@" }, { aSignKey, "sign-key" ,256, "@" }, /* alias for edit-key */ - #endif { aDeleteSecretKey, "delete-secret-key",0, "@" }, { oQuickRandom, "quick-random", 0, "@"}, { oNoVerbose, "no-verbose", 0, "@"}, @@ -330,10 +304,8 @@ static char *build_list( const char *text, const char *(*mapf)(int), int (*chkf)(int) ); static void set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd ); -#ifdef IS_G10MAINT static void print_hex( byte *p, size_t n ); static void print_mds( const char *fname, int algo ); -#endif const char * strusage( int level ) @@ -341,12 +313,7 @@ strusage( int level ) static char *digests, *pubkeys, *ciphers; const char *p; switch( level ) { - case 11: p = - #ifdef IS_G10MAINT - "gpgm (GnuPG)"; - #else - "gpg (GnuPG)"; - #endif + case 11: p = "gpg (GnuPG)"; break; case 13: p = VERSION; break; case 17: p = PRINTABLE_OS_NAME; break; @@ -355,21 +322,12 @@ strusage( int level ) break; case 1: case 40: p = - #ifdef IS_G10MAINT - _("Usage: gpgm [options] [files] (-h for help)"); - #else _("Usage: gpg [options] [files] (-h for help)"); - #endif break; case 41: p = - #ifdef IS_G10MAINT - _("Syntax: gpgm [options] [files]\n" - "GnuPG maintenance utility\n"); - #else _("Syntax: gpg [options] [files]\n" "sign, check, encrypt or decrypt\n" "default operation depends on the input data\n"); - #endif break; case 31: p = _("\nSupported algorithms:\n"); break; @@ -446,11 +404,7 @@ i18n_init(void) static void wrong_args( const char *text) { - #ifdef IS_G10MAINT - fputs(_("usage: gpgm [options] "),stderr); - #else fputs(_("usage: gpg [options] "),stderr); - #endif fputs(text,stderr); putc('\n',stderr); g10_exit(2); @@ -532,11 +486,6 @@ main( int argc, char **argv ) trap_unaligned(); secmem_set_flags( secmem_get_flags() | 2 ); /* suspend warnings */ - #ifdef IS_G10MAINT - secmem_init( 0 ); /* disable use of secmem */ - maybe_setuid = 0; - log_set_name("gpgm"); - #else /* Please note that we may running SUID(ROOT), so be very CAREFUL * when adding any stuff between here and the call to * secmem_init() somewhere after the option parsing @@ -544,7 +493,6 @@ main( int argc, char **argv ) log_set_name("gpg"); secure_random_alloc(); /* put random number into secure memory */ disable_core_dumps(); - #endif init_signals(); create_dotlock(NULL); /* register locking cleanup */ i18n_init(); @@ -600,19 +548,13 @@ main( int argc, char **argv ) #ifdef USE_SHM_COPROCESSING if( opt.shm_coprocess ) { - #ifdef IS_G10 init_shm_coprocessing(requested_shm_size, 1 ); - #else - init_shm_coprocessing(requested_shm_size, 0 ); - #endif } #endif - #ifdef IS_G10 /* initialize the secure memory. */ secmem_init( 16384 ); maybe_setuid = 0; /* Okay, we are now working under our real uid */ - #endif if( default_config ) configname = make_filename(opt.homedir, "options", NULL ); @@ -661,7 +603,6 @@ main( int argc, char **argv ) case aDeleteSecretKey: set_cmd( &cmd, aDeleteSecretKey); break; case aDeleteKey: set_cmd( &cmd, aDeleteKey); break; - #ifdef IS_G10 case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break; case aSym: set_cmd( &cmd, aSym); break; case aDecrypt: set_cmd( &cmd, aDecrypt); break; @@ -674,11 +615,10 @@ main( int argc, char **argv ) case aClearsign: set_cmd( &cmd, aClearsign); break; case aGenRevoke: set_cmd( &cmd, aGenRevoke); break; case aVerify: set_cmd( &cmd, aVerify); break; - #else - #ifdef MAINTAINER_OPTIONS - case aPrimegen: set_cmd( &cmd, aPrimegen); break; - case aGenRandom: set_cmd( &cmd, aGenRandom); break; - #endif + #ifdef MAINTAINER_OPTIONS + case aPrimegen: set_cmd( &cmd, aPrimegen); break; + case aGenRandom: set_cmd( &cmd, aGenRandom); break; + #endif case aPrintMD: set_cmd( &cmd, aPrintMD); break; case aPrintMDs: set_cmd( &cmd, aPrintMDs); break; case aListTrustDB: set_cmd( &cmd, aListTrustDB); break; @@ -686,13 +626,10 @@ main( int argc, char **argv ) case aUpdateTrustDB: set_cmd( &cmd, aUpdateTrustDB); break; case aFixTrustDB: set_cmd( &cmd, aFixTrustDB); break; case aListTrustPath: set_cmd( &cmd, aListTrustPath); break; - case aDeArmor: set_cmd( &cmd, aDeArmor); break; - case aEnArmor: set_cmd( &cmd, aEnArmor); break; + case aDeArmor: set_cmd( &cmd, aDeArmor); greeting = 0; break; + case aEnArmor: set_cmd( &cmd, aEnArmor); greeting = 0; break; case aExportOwnerTrust: set_cmd( &cmd, aExportOwnerTrust); break; case aImportOwnerTrust: set_cmd( &cmd, aImportOwnerTrust); break; - #endif /* IS_G10MAINT */ - - case oArmor: opt.armor = 1; opt.no_armor=0; break; case oOutput: opt.outfile = pargs.r.ret_str; break; @@ -773,7 +710,6 @@ main( int argc, char **argv ) sl = add_to_strlist( &remusr, pargs.r.ret_str ); sl->flags = 1; break; - #ifdef IS_G10 case oRecipient: /* store the recipient */ add_to_strlist( &remusr, pargs.r.ret_str ); break; @@ -787,12 +723,6 @@ main( int argc, char **argv ) case oCipherAlgo: def_cipher_string = m_strdup(pargs.r.ret_str); break; case oDigestAlgo: def_digest_string = m_strdup(pargs.r.ret_str); break; case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break; - #else - case oCipherAlgo: - case oDigestAlgo: - case oNoSecmemWarn: - break; /* dummies */ - #endif case oCharset: if( set_native_charset( pargs.r.ret_str ) ) log_error(_("%s is not a valid character set\n"), @@ -824,6 +754,8 @@ main( int argc, char **argv ) log_info("NOTE: this is a development version!\n"); #endif } + if( opt.batch ) + tty_batchmode( 1 ); secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */ @@ -958,7 +890,6 @@ main( int argc, char **argv ) log_error_f( print_fname_stdin(fname), "store failed: %s\n", g10_errstr(rc) ); break; - #ifdef IS_G10 case aSym: /* encrypt the given file only with the symmetric cipher */ if( argc > 1 ) wrong_args(_("--symmetric [filename]")); @@ -1042,8 +973,6 @@ main( int argc, char **argv ) keyedit_menu(fname, locusr, NULL ); break; - #endif /* IS_G10 */ - case aDeleteSecretKey: if( argc != 1 ) wrong_args(_("--delete-secret-key username")); @@ -1086,13 +1015,11 @@ main( int argc, char **argv ) wrong_args(_("-k[v][v][v][c] [userid] [keyring]") ); break; - #ifdef IS_G10 case aKeygen: /* generate a key (interactive) */ if( argc ) wrong_args("--gen-key"); generate_keypair(); break; - #endif case aFastImport: case aImport: @@ -1133,15 +1060,12 @@ main( int argc, char **argv ) free_strlist(sl); break; - #ifdef IS_G10 case aGenRevoke: if( argc != 1 ) wrong_args("--gen-revoke user-id"); gen_revoke( *argv ); break; - #endif - #ifdef IS_G10MAINT case aDeArmor: if( argc > 1 ) wrong_args("--dearmor [file]"); @@ -1292,13 +1216,9 @@ main( int argc, char **argv ) import_ownertrust( argc? *argv:NULL ); break; - #endif /* IS_G10MAINT */ - - case aListPackets: opt.list_packets=1; default: - /* fixme: g10maint should do regular maintenace tasks here */ if( argc > 1 ) wrong_args(_("[filename]")); /* Issue some output for the unix newbie */ @@ -1351,7 +1271,6 @@ g10_exit( int rc ) -#ifdef IS_G10MAINT static void print_hex( byte *p, size_t n ) { @@ -1452,7 +1371,3 @@ print_mds( const char *fname, int algo ) fclose(fp); } - - -#endif /* IS_G10MAINT */ - diff --git a/g10/getkey.c b/g10/getkey.c index 4d16ecd84..505e1c071 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -702,6 +702,8 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist, if( retctx ) /* caller wants the context */ *retctx = ctx; else { + /* Hmmm, why not get_pubkey-end here?? */ + enum_keyblocks( 2, &ctx->kbpos, NULL ); /* close */ for(n=0; n < ctx->nitems; n++ ) m_free( ctx->items[n].namebuf ); m_free( ctx ); diff --git a/g10/import.c b/g10/import.c index 31965dcb9..0d8463c1e 100644 --- a/g10/import.c +++ b/g10/import.c @@ -163,7 +163,7 @@ import( IOBUF inp, int fast, const char* fname ) release_kbnode(keyblock); if( rc ) break; - if( !(++count % 100) ) + if( !(++count % 100) && !opt.quiet ) log_info(_("%lu keys so far processed\n"), count ); } if( rc == -1 ) @@ -171,31 +171,33 @@ import( IOBUF inp, int fast, const char* fname ) else if( rc && rc != G10ERR_INV_KEYRING ) log_error_f( fname, _("read error: %s\n"), g10_errstr(rc)); - log_info(_("Total number processed: %lu\n"), count ); - if( stats.no_user_id ) - log_info(_(" w/o user IDs: %lu\n"), stats.no_user_id ); - if( stats.imported || stats.imported_rsa ) { - log_info(_(" imported: %lu"), stats.imported ); - if( stats.imported_rsa ) - fprintf(stderr, " (RSA: %lu)", stats.imported_rsa ); - putc('\n', stderr); + if( !opt.quiet ) { + log_info(_("Total number processed: %lu\n"), count ); + if( stats.no_user_id ) + log_info(_(" w/o user IDs: %lu\n"), stats.no_user_id ); + if( stats.imported || stats.imported_rsa ) { + log_info(_(" imported: %lu"), stats.imported ); + if( stats.imported_rsa ) + fprintf(stderr, " (RSA: %lu)", stats.imported_rsa ); + putc('\n', stderr); + } + if( stats.unchanged ) + log_info(_(" unchanged: %lu\n"), stats.unchanged ); + if( stats.n_uids ) + log_info(_(" new user IDs: %lu\n"), stats.n_uids ); + if( stats.n_subk ) + log_info(_(" new subkeys: %lu\n"), stats.n_subk ); + if( stats.n_sigs ) + log_info(_(" new signatures: %lu\n"), stats.n_sigs ); + if( stats.n_revoc ) + log_info(_(" new key revocations: %lu\n"), stats.n_revoc ); + if( stats.secret_read ) + log_info(_(" secret keys read: %lu\n"), stats.secret_read ); + if( stats.secret_imported ) + log_info(_(" secret keys imported: %lu\n"), stats.secret_imported ); + if( stats.secret_dups ) + log_info(_(" secret keys unchanged: %lu\n"), stats.secret_dups ); } - if( stats.unchanged ) - log_info(_(" unchanged: %lu\n"), stats.unchanged ); - if( stats.n_uids ) - log_info(_(" new user IDs: %lu\n"), stats.n_uids ); - if( stats.n_subk ) - log_info(_(" new subkeys: %lu\n"), stats.n_subk ); - if( stats.n_sigs ) - log_info(_(" new signatures: %lu\n"), stats.n_sigs ); - if( stats.n_revoc ) - log_info(_(" new key revocations: %lu\n"), stats.n_revoc ); - if( stats.secret_read ) - log_info(_(" secret keys read: %lu\n"), stats.secret_read ); - if( stats.secret_imported ) - log_info(_(" secret keys imported: %lu\n"), stats.secret_imported ); - if( stats.secret_dups ) - log_info(_(" secret keys unchanged: %lu\n"), stats.secret_dups ); return rc; } @@ -553,7 +555,9 @@ import_secret_one( const char *fname, KBNODE keyblock ) _("can't write keyring: %s\n"), g10_errstr(rc) ); unlock_keyblock( &kbpos ); /* we are ready */ - log_info_f(fname, _("key %08lX: secret key imported\n"), (ulong)keyid[1]); + if( !opt.quiet ) + log_info_f(fname, _("key %08lX: secret key imported\n"), + (ulong)keyid[1]); stats.secret_imported++; } else if( !rc ) { /* we can't merge secret keys */ diff --git a/g10/keyedit.c b/g10/keyedit.c index ad53c37bb..7ae006a68 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -306,8 +306,11 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local ) tty_printf( _("The signature will be marked as non-exportable.\n\n")); - if( !cpr_get_answer_is_yes("sign_uid.okay", _("Really sign? ")) ) - continue;; + + if( opt.batch && opt.answer_yes ) + ; + else if( !cpr_get_answer_is_yes("sign_uid.okay", _("Really sign? ")) ) + continue; /* now we can sign the user ids */ reloop: /* (must use this, because we are modifing the list) */ primary_pk = NULL; diff --git a/g10/packet.h b/g10/packet.h index 06fb92e8f..36115be5b 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -139,7 +139,8 @@ typedef struct { struct { byte algo; /* cipher used to protect the secret information*/ STRING2KEY s2k; - byte iv[8]; /* initialization vector for CFB mode */ + byte ivlen; /* used length of the iv */ + byte iv[16]; /* initialization vector for CFB mode */ } protect; MPI skey[PUBKEY_MAX_NSKEY]; u16 csum; /* checksum */ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 1683df0a2..61a226a39 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1,5 +1,5 @@ /* parse-packet.c - read packets - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1310,19 +1310,33 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, printf( "\tprotect algo: %d (hash algo: %d)\n", sk->protect.algo, sk->protect.s2k.hash_algo ); } - if( pktlen < 8 ) { + /* It is really ugly that we don't know the size + * of the IV here in cases we are not aware of the algorithm. + * so a + * sk->protect.ivlen = cipher_get_blocksize(sk->protect.algo); + * won't work. The only solution I see is to hardwire it here. + */ + switch( sk->protect.algo ) { + case 7: case 8: case 9: /* reserved for AES */ + case 10: /* Twofish */ + sk->protect.ivlen = 16; + break; + default: + sk->protect.ivlen = 8; + } + if( pktlen < sk->protect.ivlen ) { rc = G10ERR_INVALID_PACKET; goto leave; } - for(i=0; i < 8 && pktlen; i++, pktlen-- ) + for(i=0; i < sk->protect.ivlen && pktlen; i++, pktlen-- ) temp[i] = iobuf_get_noeof(inp); if( list_mode ) { printf( "\tprotect IV: "); - for(i=0; i < 8; i++ ) + for(i=0; i < sk->protect.ivlen; i++ ) printf(" %02x", temp[i] ); putchar('\n'); } - memcpy(sk->protect.iv, temp, 8 ); + memcpy(sk->protect.iv, temp, sk->protect.ivlen ); } else sk->is_protected = 0; @@ -1330,7 +1344,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, * If the user is so careless, not to protect his secret key, * we can assume, that he operates an open system :=(. * So we put the key into secure memory when we unprotect it. */ - if( is_v4 && sk->is_protected ){ + if( is_v4 && sk->is_protected ) { /* ugly; the length is encrypted too, so we read all * stuff up to the end of the packet into the first * skey element */ @@ -1539,14 +1553,14 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, ed->len = pktlen; ed->buf = NULL; ed->new_ctb = new_ctb; - if( pktlen && pktlen < 10 ) { + if( pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */ log_error("packet(%d) too short\n", pkttype); skip_rest(inp, pktlen); goto leave; } if( list_mode ) { if( pktlen ) - printf(":encrypted data packet:\n\tlength: %lu\n", pktlen-10); + printf(":encrypted data packet:\n\tlength: %lu\n", pktlen); else printf(":encrypted data packet:\n\tlength: unknown\n"); } diff --git a/g10/ringedit.c b/g10/ringedit.c index 30e30cefe..75baf8abd 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -298,7 +298,7 @@ add_keyblock_resource( const char *url, int force, int secret ) rc = G10ERR_OPEN_FILE; goto leave; } - else + else if( !opt.quiet ) log_info( _("%s: directory created\n"), filename ); copy_options_file( filename ); } @@ -329,7 +329,8 @@ add_keyblock_resource( const char *url, int force, int secret ) } } #endif - log_info(_("%s: keyring created\n"), filename ); + if( !opt.quiet ) + log_info(_("%s: keyring created\n"), filename ); } } #if HAVE_DOSISH_SYSTEM || 1 @@ -1344,7 +1345,7 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root ) unlock_rentry( rentry ); return G10ERR_OPEN_FILE; } - else + else if( !opt.quiet ) log_info(_("%s: keyring created\n"), rentry->fname ); kbctx=NULL; diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index d875e6333..03cf3f2bf 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -48,7 +48,6 @@ do_check( PKT_secret_key *sk ) u32 keyid[4]; /* 4! because we need two of them */ CIPHER_HANDLE cipher_hd=NULL; PKT_secret_key *save_sk; - char save_iv[8]; if( sk->protect.algo == CIPHER_ALGO_NONE ) BUG(); @@ -70,11 +69,9 @@ do_check( PKT_secret_key *sk ) cipher_hd = cipher_open( sk->protect.algo, CIPHER_MODE_AUTO_CFB, 1); cipher_setkey( cipher_hd, dek->key, dek->keylen ); - cipher_setiv( cipher_hd, NULL ); m_free(dek); save_sk = copy_secret_key( NULL, sk ); - memcpy(save_iv, sk->protect.iv, 8 ); - cipher_decrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); + cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); csum = 0; if( sk->version >= 4 ) { int ndata; @@ -129,7 +126,6 @@ do_check( PKT_secret_key *sk ) if( csum != sk->csum ) { copy_secret_key( sk, save_sk ); free_secret_key( save_sk ); - memcpy( sk->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } /* the checksum may fail, so we also check the key itself */ @@ -137,7 +133,6 @@ do_check( PKT_secret_key *sk ) if( res ) { copy_secret_key( sk, save_sk ); free_secret_key( save_sk ); - memcpy( sk->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } free_secret_key( save_sk ); @@ -231,8 +226,12 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) if( cipher_setkey( cipher_hd, dek->key, dek->keylen ) ) log_info(_("WARNING: Weak key detected" " - please change passphrase again.\n")); - cipher_setiv( cipher_hd, NULL ); - cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); + sk->protect.ivlen = cipher_get_blocksize( sk->protect.algo ); + assert( sk->protect.ivlen <= DIM(sk->protect.iv) ); + if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 ) + BUG(); /* yes, we are very careful */ + randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1); + cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); if( sk->version >= 4 ) { #define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY) byte *bufarr[NMPIS]; diff --git a/g10/tdbio.c b/g10/tdbio.c index 9bcb6aa14..1d05aae37 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -443,7 +443,7 @@ tdbio_set_dbname( const char *new_dbname, int create ) #endif log_fatal( _("%s: can't create directory: %s\n"), fname, strerror(errno) ); - else + else if( !opt.quiet ) log_info( _("%s: directory created\n"), fname ); copy_options_file( fname ); } @@ -489,7 +489,8 @@ tdbio_set_dbname( const char *new_dbname, int create ) if( tdbio_read_record( 0, &rec, RECTYPE_VER ) ) log_fatal( _("%s: invalid trustdb created\n"), db_name ); - log_info(_("%s: trustdb created\n"), db_name); + if( !opt.quiet ) + log_info(_("%s: trustdb created\n"), db_name); return 0; } |