[svn] GnuPG - r4890 - branches/STABLE-BRANCH-1-4/g10
svn author wk
cvs at cvs.gnupg.org
Tue Dec 9 11:43:23 CET 2008
Author: wk
Date: 2008-12-09 11:43:22 +0100 (Tue, 09 Dec 2008)
New Revision: 4890
Modified:
branches/STABLE-BRANCH-1-4/g10/ChangeLog
branches/STABLE-BRANCH-1-4/g10/keygen.c
Log:
Check algo usage.
Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2008-12-09 08:58:02 UTC (rev 4889)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2008-12-09 10:43:22 UTC (rev 4890)
@@ -1,3 +1,8 @@
+2008-12-09 Werner Koch <wk at g10code.com>
+
+ * keygen.c (proc_parameter_file): Check that key and subkey usages
+ are allowed.
+
2008-11-18 David Shaw <dshaw at jabberwocky.com>
* trustdb.c (validate_one_keyblock): Fix the trust signature
@@ -330,8 +335,8 @@
2007-01-31 David Shaw <dshaw at jabberwocky.com>
- * keygen.c (do_generate_keypair, proc_parameter_file,
- generate_keypair, generate_subkeypair): Pass a timestamp through
+ * keygen.c (do_generate_keypair, proc_parameter_file)
+ (generate_keypair, generate_subkeypair): Pass a timestamp through
to all the gen_xxx functions.
* keyedit.c (sign_uids): Another multiple to single timestamp
Modified: branches/STABLE-BRANCH-1-4/g10/keygen.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/keygen.c 2008-12-09 08:58:02 UTC (rev 4889)
+++ branches/STABLE-BRANCH-1-4/g10/keygen.c 2008-12-09 10:43:22 UTC (rev 4890)
@@ -2196,42 +2196,62 @@
return -1;
}
- err=parse_parameter_usage (fname, para, pKEYUSAGE);
- if(err==0)
+ err = parse_parameter_usage (fname, para, pKEYUSAGE);
+ if (!err)
{
/* Default to algo capabilities if key-usage is not provided */
- r=xmalloc_clear(sizeof(*r));
- r->key=pKEYUSAGE;
- r->u.usage=openpgp_pk_algo_usage(algo);
- r->next=para;
- para=r;
+ r = xmalloc_clear(sizeof(*r));
+ r->key = pKEYUSAGE;
+ r->u.usage = openpgp_pk_algo_usage(algo);
+ r->next = para;
+ para = r;
}
- else if(err==-1)
+ else if (err == -1)
return -1;
+ else
+ {
+ r = get_parameter (para, pKEYUSAGE);
+ if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
+ {
+ log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n",
+ fname, r->lnr, algo);
+ return -1;
+ }
+ }
r = get_parameter( para, pSUBKEYTYPE );
if(r)
{
- algo=get_parameter_algo( para, pSUBKEYTYPE);
- if(check_pubkey_algo(algo))
+ algo = get_parameter_algo (para, pSUBKEYTYPE);
+ if (check_pubkey_algo (algo))
{
- log_error("%s:%d: invalid algorithm\n", fname, r->lnr );
+ log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
return -1;
}
- err=parse_parameter_usage (fname, para, pSUBKEYUSAGE);
- if(err==0)
+ err = parse_parameter_usage (fname, para, pSUBKEYUSAGE);
+ if (!err)
{
/* Default to algo capabilities if subkey-usage is not
provided */
- r=xmalloc_clear(sizeof(*r));
- r->key=pSUBKEYUSAGE;
- r->u.usage=openpgp_pk_algo_usage(algo);
- r->next=para;
- para=r;
+ r = xmalloc_clear (sizeof(*r));
+ r->key = pSUBKEYUSAGE;
+ r->u.usage = openpgp_pk_algo_usage (algo);
+ r->next = para;
+ para = r;
}
- else if(err==-1)
+ else if (err == -1)
return -1;
+ else
+ {
+ r = get_parameter (para, pSUBKEYUSAGE);
+ if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
+ {
+ log_error ("%s:%d: specified Subkey-Usage not allowed"
+ " for algo %d\n", fname, r->lnr, algo);
+ return -1;
+ }
+ }
}
if( get_parameter_value( para, pUSERID ) )
More information about the Gnupg-commits
mailing list