[svn] GnuPG - r5461 - trunk/g10
svn author wk
cvs at cvs.gnupg.org
Wed Oct 20 13:33:52 CEST 2010
Author: wk
Date: 2010-10-20 13:33:50 +0200 (Wed, 20 Oct 2010)
New Revision: 5461
Modified:
trunk/g10/ChangeLog
trunk/g10/free-packet.c
trunk/g10/getkey.c
trunk/g10/kbnode.c
trunk/g10/keyedit.c
trunk/g10/keyid.c
trunk/g10/keylist.c
trunk/g10/keyserver.c
trunk/g10/mainproc.c
trunk/g10/misc.c
trunk/g10/packet.h
trunk/g10/parse-packet.c
trunk/g10/pkclist.c
trunk/g10/pubkey-enc.c
trunk/g10/seckey-cert.c
trunk/g10/sig-check.c
trunk/g10/sign.c
trunk/g10/trustdb.c
Log:
Make public key data structure easier to read.
Check vor v1 card while signing.
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/ChangeLog 2010-10-20 11:33:50 UTC (rev 5461)
@@ -1,3 +1,28 @@
+2010-10-20 Werner Koch <wk at g10code.com>
+
+ * packet.h (PKT_public_key): s/mdc_feature/flags.mdc/. Change all
+ users.
+ (PKT_public_key): Split is_disabled into flags.disabled_valid and
+ flags.disabled. Change all users.
+ (pk_is_disabled): Adjust for change.
+ (PKT_public_key): s/is_primary/flags.primary/. Change all users.
+ (PKT_public_key): s/is_revoked/flags.revoked/. Change all users.
+ (PKT_public_key): s/maybe_revoked/flags.maybe_revoked/. Change all
+ users.
+ (PKT_public_key): s/is_valid/flags.valid/. Change all users.
+ (PKT_public_key): s/dont_cache/flags.dont_cache/. Change all users.
+ (PKT_public_key): s/backsig/flags.backsig/. Change all users.
+
+ * sign.c (openpgp_card_v1_p): New.
+ (hash_for): Re-implement test for v1 cards.
+ * packet.h (PKT_public_key): Add field serialno and
+ flags.serialno_valid.
+ * free-packet.c (release_public_key_parts): Free serialno.
+
+ * parse-packet.c (parse_key): Cast -1 to size_t.
+ * trustdb.c (validate_keys): Cast -1 to size_t. Suggested by
+ Steven M. Schweda.
+
2010-10-18 Werner Koch <wk at g10code.com>
* call-agent.c (agent_scd_pksign): Replace sprintf by bin2hex.
Modified: trunk/g10/free-packet.c
===================================================================
--- trunk/g10/free-packet.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/free-packet.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -112,7 +112,11 @@
pk->revkey=NULL;
pk->numrevkeys=0;
}
-
+ if (pk->serialno)
+ {
+ xfree (pk->serialno);
+ pk->serialno = NULL;
+ }
}
Modified: trunk/g10/getkey.c
===================================================================
--- trunk/g10/getkey.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/getkey.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -134,7 +134,7 @@
if (pk_cache_disabled)
return;
- if (pk->dont_cache)
+ if (pk->flags.dont_cache)
return;
if (is_ELGAMAL (pk->pubkey_algo)
@@ -1411,6 +1411,8 @@
rinfo->keyid[1] = sig->keyid[1];
}
+
+/* Note that R_REVOKED may be set to 0, 1 or 2. */
static void
merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
struct revoke_info *rinfo)
@@ -1571,7 +1573,7 @@
/* Mark that key as valid: One direct key signature should
* render a key as valid. */
- pk->is_valid = 1;
+ pk->flags.valid = 1;
}
/* Pass 1.5: Look for key revocation signatures that were not made
@@ -1599,7 +1601,7 @@
break;
}
else if (rc == G10ERR_NO_PUBKEY)
- pk->maybe_revoked = 1;
+ pk->flags.maybe_revoked = 1;
/* A failure here means the sig did not verify, was
not issued by a revocation key, or a revocation
@@ -1623,7 +1625,7 @@
if (uidnode && signode)
{
fixup_uidnode (uidnode, signode, keytimestamp);
- pk->is_valid = 1;
+ pk->flags.valid = 1;
}
uidnode = k;
signode = NULL;
@@ -1659,22 +1661,22 @@
if (uidnode && signode)
{
fixup_uidnode (uidnode, signode, keytimestamp);
- pk->is_valid = 1;
+ pk->flags.valid = 1;
}
/* If the key isn't valid yet, and we have
--allow-non-selfsigned-uid set, then force it valid. */
- if (!pk->is_valid && opt.allow_non_selfsigned_uid)
+ if (!pk->flags.valid && opt.allow_non_selfsigned_uid)
{
if (opt.verbose)
log_info (_("Invalid key %s made valid by"
" --allow-non-selfsigned-uid\n"), keystr_from_pk (pk));
- pk->is_valid = 1;
+ pk->flags.valid = 1;
}
/* The key STILL isn't valid, so try and find an ultimately
trusted signature. */
- if (!pk->is_valid)
+ if (!pk->flags.valid)
{
uidnode = NULL;
@@ -1705,7 +1707,7 @@
&& get_ownertrust (ultimate_pk) == TRUST_ULTIMATE)
{
free_public_key (ultimate_pk);
- pk->is_valid = 1;
+ pk->flags.valid = 1;
break;
}
@@ -1942,7 +1944,7 @@
subpk = subnode->pkt->pkt.public_key;
keytimestamp = subpk->timestamp;
- subpk->is_valid = 0;
+ subpk->flags.valid = 0;
subpk->main_keyid[0] = mainpk->main_keyid[0];
subpk->main_keyid[1] = mainpk->main_keyid[1];
@@ -1969,7 +1971,7 @@
subkeys rather than re-sign old ones as the
problem is in the distribution. Plus, PGP (7)
does this the same way. */
- subpk->is_revoked = 1;
+ subpk->flags.revoked = 1;
sig_to_revoke_info (sig, &subpk->revoked);
/* Although we could stop now, we continue to
* figure out other information like the old expiration
@@ -2025,10 +2027,10 @@
if (openpgp_pk_test_algo (subpk->pubkey_algo))
return;
- subpk->is_valid = 1;
+ subpk->flags.valid = 1;
/* Find the most recent 0x19 embedded signature on our self-sig. */
- if (subpk->backsig == 0)
+ if (!subpk->flags.backsig)
{
int seq = 0;
size_t n;
@@ -2093,9 +2095,9 @@
/* 2==valid, 1==invalid, 0==didn't check */
if (check_backsig (mainpk, subpk, backsig) == 0)
- subpk->backsig = 2;
+ subpk->flags.backsig = 2;
else
- subpk->backsig = 1;
+ subpk->flags.backsig = 1;
free_seckey_enc (backsig);
}
@@ -2123,7 +2125,7 @@
struct revoke_info rinfo;
PKT_public_key *main_pk;
prefitem_t *prefs;
- int mdc_feature;
+ unsigned int mdc_feature;
if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
{
@@ -2151,7 +2153,7 @@
}
main_pk = keyblock->pkt->pkt.public_key;
- if (revoked || main_pk->has_expired || !main_pk->is_valid)
+ if (revoked || main_pk->has_expired || !main_pk->flags.valid)
{
/* If the primary key is revoked, expired, or invalid we
* better set the appropriate flags on that key and all
@@ -2162,11 +2164,11 @@
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
PKT_public_key *pk = k->pkt->pkt.public_key;
- if (!main_pk->is_valid)
- pk->is_valid = 0;
- if (revoked && !pk->is_revoked)
+ if (!main_pk->flags.valid)
+ pk->flags.valid = 0;
+ if (revoked && !pk->flags.revoked)
{
- pk->is_revoked = revoked;
+ pk->flags.revoked = revoked;
memcpy (&pk->revoked, &rinfo, sizeof (rinfo));
}
if (main_pk->has_expired)
@@ -2206,7 +2208,7 @@
if (pk->prefs)
xfree (pk->prefs);
pk->prefs = copy_prefs (prefs);
- pk->mdc_feature = mdc_feature;
+ pk->flags.mdc = mdc_feature;
}
}
}
@@ -2313,13 +2315,13 @@
if (DBG_CACHE)
log_debug ("\tchecking subkey %08lX\n",
(ulong) keyid_from_pk (pk, NULL));
- if (!pk->is_valid)
+ if (!pk->flags.valid)
{
if (DBG_CACHE)
log_debug ("\tsubkey not valid\n");
continue;
}
- if (pk->is_revoked)
+ if (pk->flags.revoked)
{
if (DBG_CACHE)
log_debug ("\tsubkey has been revoked\n");
@@ -2368,12 +2370,12 @@
if (DBG_CACHE && !foundk && !req_prim)
log_debug ("\tno suitable subkeys found - trying primary\n");
pk = keyblock->pkt->pkt.public_key;
- if (!pk->is_valid)
+ if (!pk->flags.valid)
{
if (DBG_CACHE)
log_debug ("\tprimary key not valid\n");
}
- else if (pk->is_revoked)
+ else if (pk->flags.revoked)
{
if (DBG_CACHE)
log_debug ("\tprimary key has been revoked\n");
Modified: trunk/g10/kbnode.c
===================================================================
--- trunk/g10/kbnode.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/kbnode.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -396,9 +396,9 @@
(ulong)keyid_from_pk( pk, NULL ),
pk->pubkey_algo, pk->pubkey_usage,
pk->has_expired? 'e':'.',
- pk->is_revoked? 'r':'.',
- pk->is_valid? 'v':'.',
- pk->mdc_feature? 'm':'.');
+ pk->flags.revoked? 'r':'.',
+ pk->flags.valid? 'v':'.',
+ pk->flags.mdc? 'm':'.');
}
log_flush ();
Modified: trunk/g10/keyedit.c
===================================================================
--- trunk/g10/keyedit.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/keyedit.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -1807,7 +1807,7 @@
{
int localsig = 0, nonrevokesig = 0, trustsig = 0, interactive = 0;
- if (pk->is_revoked)
+ if (pk->flags.revoked)
{
tty_printf (_("Key is revoked."));
@@ -2651,9 +2651,9 @@
fputs (node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub:" : "sub:",
stdout);
- if (!pk->is_valid)
+ if (!pk->flags.valid)
putchar ('i');
- else if (pk->is_revoked)
+ else if (pk->flags.revoked)
putchar ('r');
else if (pk->has_expired)
putchar ('e');
@@ -2882,7 +2882,7 @@
primary = pk;
}
- if (pk->is_revoked)
+ if (pk->flags.revoked)
{
char *user = get_user_id_string_native (pk->revoked.keyid);
tty_printf (_("The following key was revoked on"
@@ -2933,7 +2933,7 @@
tty_printf (_("created: %s"), datestr_from_pk (pk));
tty_printf (" ");
- if (pk->is_revoked)
+ if (pk->flags.revoked)
tty_printf (_("revoked: %s"), revokestr_from_pk (pk));
else if (pk->has_expired)
tty_printf (_("expired: %s"), expirestr_from_pk (pk));
@@ -3754,7 +3754,7 @@
{
if (node->pkt->pkt.public_key->pubkey_usage & PUBKEY_USAGE_SIG)
{
- if (node->pkt->pkt.public_key->backsig)
+ if (node->pkt->pkt.public_key->flags.backsig)
tty_printf (_
("signing subkey %s is already cross-certified\n"),
keystr_from_pk (node->pkt->pkt.public_key));
@@ -5028,7 +5028,7 @@
PACKET *pkt;
PKT_signature *sig;
- if (pk->is_revoked)
+ if (pk->flags.revoked)
{
tty_printf (_("Key %s is already revoked.\n"), keystr_from_pk (pk));
return 0;
@@ -5089,7 +5089,7 @@
PKT_public_key *subpk = node->pkt->pkt.public_key;
struct sign_attrib attrib;
- if (subpk->is_revoked)
+ if (subpk->flags.revoked)
{
tty_printf (_("Subkey %s is already revoked.\n"),
keystr_from_pk (subpk));
Modified: trunk/g10/keyid.c
===================================================================
--- trunk/g10/keyid.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/keyid.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -446,6 +446,10 @@
{
struct tm *tp;
+ /* Note: VMS uses an unsigned time_t thus the compiler yields a
+ warning here. You may ignore this warning or def out this test
+ for VMS. The proper way to handle this would be a configure test
+ to a detect properly implemented unsigned time_t. */
if ( atime < 0 ) /* 32 bit time_t and after 2038-01-19 */
strcpy (buffer, "????" "-??" "-??"); /* mark this as invalid */
else
Modified: trunk/g10/keylist.c
===================================================================
--- trunk/g10/keylist.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/keylist.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -601,7 +601,7 @@
if (use & PUBKEY_USAGE_SIG)
{
es_putc ('s', es_stdout);
- if (pk->is_primary)
+ if (pk->flags.primary)
{
es_putc ('c', es_stdout);
/* The PUBKEY_USAGE_CERT flag was introduced later and we
@@ -631,17 +631,17 @@
{
pk = k->pkt->pkt.public_key;
- if (pk->is_primary)
+ if (pk->flags.primary)
disabled = pk_is_disabled (pk);
- if (pk->is_valid && !pk->is_revoked && !pk->has_expired)
+ if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired)
{
if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
enc = 1;
if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
{
sign = 1;
- if (pk->is_primary)
+ if (pk->flags.primary)
cert = 1;
}
if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
@@ -805,7 +805,7 @@
nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
keystr_from_pk (pk), datestr_from_pk (pk));
- if (pk->is_revoked)
+ if (pk->flags.revoked)
{
es_fprintf (es_stdout, " [");
es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk));
@@ -895,7 +895,7 @@
{
PKT_public_key *pk2 = node->pkt->pkt.public_key;
- if ((pk2->is_revoked || pk2->has_expired)
+ if ((pk2->flags.revoked || pk2->has_expired)
&& !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
{
skip_sigs = 1;
@@ -928,7 +928,7 @@
s2k_char,
nbits_from_pk (pk2), pubkey_letter (pk2->pubkey_algo),
keystr_from_pk (pk2), datestr_from_pk (pk2));
- if (pk2->is_revoked)
+ if (pk2->flags.revoked)
{
es_fprintf (es_stdout, " [");
es_fprintf (es_stdout, _("revoked: %s"), revokestr_from_pk (pk2));
@@ -1131,9 +1131,9 @@
keyid_from_pk (pk, keyid);
es_fputs (secret? "sec:":"pub:", es_stdout);
- if (!pk->is_valid)
+ if (!pk->flags.valid)
es_putc ('i', es_stdout);
- else if (pk->is_revoked)
+ else if (pk->flags.revoked)
es_putc ('r', es_stdout);
else if (pk->has_expired)
es_putc ('e', es_stdout);
@@ -1193,7 +1193,7 @@
if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
dump_attribs (node->pkt->pkt.user_id, pk);
/*
- * Fixme: We need a is_valid flag here too
+ * Fixme: We need a valid flag here too
*/
str = uid->attrib_data ? "uat" : "uid";
if (uid->is_revoked)
@@ -1251,9 +1251,9 @@
keyid_from_pk (pk2, keyid2);
es_fputs (secret? "ssb:":"sub:", es_stdout);
- if (!pk2->is_valid)
+ if (!pk2->flags.valid)
es_putc ('i', es_stdout);
- else if (pk2->is_revoked)
+ else if (pk2->flags.revoked)
es_putc ('r', es_stdout);
else if (pk2->has_expired)
es_putc ('e', es_stdout);
Modified: trunk/g10/keyserver.c
===================================================================
--- trunk/g10/keyserver.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/keyserver.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -1282,7 +1282,7 @@
pk->timestamp,
pk->expiredate);
- if(pk->is_revoked)
+ if(pk->flags.revoked)
fprintf(spawn->tochild,"r");
if(pk->has_expired)
fprintf(spawn->tochild,"e");
Modified: trunk/g10/mainproc.c
===================================================================
--- trunk/g10/mainproc.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/mainproc.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -1002,7 +1002,7 @@
else
{
/* of subkey */
- if( pk->is_revoked )
+ if( pk->flags.revoked )
{
printf(" [");
printf(_("revoked: %s"),revokestr_from_pk(pk));
@@ -1930,7 +1930,7 @@
sig->version,sig->pubkey_algo,sig->digest_algo,
sig->sig_class);
bufp = bufp + strlen (bufp);
- if (!vpk->is_primary) {
+ if (!vpk->flags.primary) {
u32 akid[2];
akid[0] = vpk->main_keyid[0];
Modified: trunk/g10/misc.c
===================================================================
--- trunk/g10/misc.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/misc.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -657,7 +657,7 @@
if((*(ch+1))=='p' && args->pksk)
{
- if(args->pksk->is_primary)
+ if(args->pksk->flags.primary)
fingerprint_from_pk (args->pksk, array, &len);
else if (args->pksk->main_keyid[0]
|| args->pksk->main_keyid[1])
Modified: trunk/g10/packet.h
===================================================================
--- trunk/g10/packet.h 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/packet.h 2010-10-20 11:33:50 UTC (rev 5461)
@@ -235,48 +235,61 @@
* elements; the extra secret key information are stored in the
* SECKEY_INFO field.
*/
-typedef struct {
- u32 timestamp; /* key made */
- u32 expiredate; /* expires at this date or 0 if not at all */
- u32 max_expiredate; /* must not expire past this date */
- struct revoke_info revoked;
- byte hdrbytes; /* number of header bytes */
- byte version;
- byte selfsigversion; /* highest version of all of the self-sigs */
- byte pubkey_algo; /* algorithm used for public key scheme */
- byte pubkey_usage; /* for now only used to pass it to getkey() */
- byte req_usage; /* hack to pass a request to getkey() */
- byte req_algo; /* Ditto */
- u32 has_expired; /* set to the expiration date if expired */
- int is_revoked; /* key has been revoked, 1 if by the
- owner, 2 if by a designated revoker */
- int maybe_revoked; /* a designated revocation is present, but
- without the key to check it */
- int is_valid; /* key (especially subkey) is valid */
- int dont_cache; /* do not cache this */
- byte backsig; /* 0=none, 1=bad, 2=good */
- u32 main_keyid[2]; /* keyid of the primary key */
- u32 keyid[2]; /* calculated by keyid_from_pk() */
- byte is_primary;
- byte is_disabled; /* 0 for unset, 1 for enabled, 2 for disabled. */
- prefitem_t *prefs; /* list of preferences (may be NULL) */
- int mdc_feature; /* mdc feature set */
- PKT_user_id *user_id; /* if != NULL: found by that uid */
- struct revocation_key *revkey;
- int numrevkeys;
- u32 trust_timestamp;
- byte trust_depth;
- byte trust_value;
- const byte *trust_regexp;
- struct seckey_info *seckey_info; /* If not NULL this malloced
- structure describes a secret
- key. */
- gcry_mpi_t pkey[PUBKEY_MAX_NSKEY]; /* Right, NSKEY elements. */
+typedef struct
+{
+ u32 timestamp; /* key made */
+ u32 expiredate; /* expires at this date or 0 if not at all */
+ u32 max_expiredate; /* must not expire past this date */
+ struct revoke_info revoked;
+ byte hdrbytes; /* number of header bytes */
+ byte version;
+ byte selfsigversion; /* highest version of all of the self-sigs */
+ byte pubkey_algo; /* algorithm used for public key scheme */
+ byte pubkey_usage; /* for now only used to pass it to getkey() */
+ byte req_usage; /* hack to pass a request to getkey() */
+ byte req_algo; /* Ditto */
+ u32 has_expired; /* set to the expiration date if expired */
+ u32 main_keyid[2]; /* keyid of the primary key */
+ u32 keyid[2]; /* calculated by keyid_from_pk() */
+ prefitem_t *prefs; /* list of preferences (may be NULL) */
+ struct
+ {
+ unsigned int mdc:1; /* MDC feature set. */
+ unsigned int disabled_valid:1;/* The next flag is valid. */
+ unsigned int disabled:1; /* The key has been disabled. */
+ unsigned int primary:1; /* This is a primary key. */
+ unsigned int revoked:2; /* Key has been revoked.
+ 1 = revoked by the owner
+ 2 = revoked by designated revoker. */
+ unsigned int maybe_revoked:1; /* A designated revocation is
+ present, but without the key to
+ check it. */
+ unsigned int valid:1; /* Key (especially subkey) is valid. */
+ unsigned int dont_cache:1; /* Do not cache this key. */
+ unsigned int backsig:2; /* 0=none, 1=bad, 2=good. */
+ unsigned int serialno_valid:1;/* SERIALNO below is valid. */
+ } flags;
+ PKT_user_id *user_id; /* If != NULL: found by that uid. */
+ struct revocation_key *revkey;
+ int numrevkeys;
+ u32 trust_timestamp;
+ byte trust_depth;
+ byte trust_value;
+ const byte *trust_regexp;
+ char *serialno; /* Malloced hex string or NULL if it is
+ likely not on a card. See also
+ flags.serialno_valid. */
+ struct seckey_info *seckey_info; /* If not NULL this malloced
+ structure describes a secret
+ key. */
+ gcry_mpi_t pkey[PUBKEY_MAX_NSKEY]; /* Right, NSKEY elements. */
} PKT_public_key;
/* Evaluates as true if the pk is disabled, and false if it isn't. If
there is no disable value cached, fill one in. */
-#define pk_is_disabled(a) (((a)->is_disabled)?((a)->is_disabled==2):(cache_disabled_value((a))))
+#define pk_is_disabled(a) \
+ (((a)->flags.disabled_valid)? \
+ ((a)->flags.disabled):(cache_disabled_value((a))))
typedef struct {
Modified: trunk/g10/parse-packet.c
===================================================================
--- trunk/g10/parse-packet.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/parse-packet.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -1901,7 +1901,7 @@
pk->max_expiredate = max_expiredate;
pk->hdrbytes = hdrlen;
pk->version = version;
- pk->is_primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
+ pk->flags.primary = (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY);
pk->pubkey_algo = algorithm;
nskey = pubkey_get_nskey (algorithm);
@@ -2085,7 +2085,7 @@
}
snlen = iobuf_get (inp);
pktlen--;
- if (pktlen < snlen || snlen == -1)
+ if (pktlen < snlen || snlen == (size_t)(-1))
{
err = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
Modified: trunk/g10/pkclist.c
===================================================================
--- trunk/g10/pkclist.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/pkclist.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -527,7 +527,7 @@
goto leave;
}
- if(pk->maybe_revoked && !pk->is_revoked)
+ if(pk->flags.maybe_revoked && !pk->flags.revoked)
log_info(_("WARNING: this key might be revoked (revocation key"
" not present)\n"));
@@ -536,7 +536,7 @@
if ( (trustlevel & TRUST_FLAG_REVOKED) )
{
write_status( STATUS_KEYREVOKED );
- if(pk->is_revoked==2)
+ if(pk->flags.revoked == 2)
log_info(_("WARNING: This key has been revoked by its"
" designated revoker!\n"));
else
@@ -1491,7 +1491,7 @@
if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc;
else
- mdc = pkr->pk->mdc_feature;
+ mdc = pkr->pk->flags.mdc;
if (!mdc)
return 0; /* At least one recipient does not support it. */
}
@@ -1512,7 +1512,7 @@
if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc;
else
- mdc = pkr->pk->mdc_feature;
+ mdc = pkr->pk->flags.mdc;
if (!mdc)
log_info (_("Note: key %s has no %s feature\n"),
keystr_from_pk (pkr->pk), "MDC");
Modified: trunk/g10/pubkey-enc.c
===================================================================
--- trunk/g10/pubkey-enc.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/pubkey-enc.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -313,7 +313,7 @@
}
}
- if (pk && pk->is_revoked)
+ if (pk && pk->flags.revoked)
{
log_info (_("NOTE: key has been revoked"));
log_printf ("\n");
Modified: trunk/g10/seckey-cert.c
===================================================================
--- trunk/g10/seckey-cert.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/seckey-cert.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -76,10 +76,11 @@
}
keyid_from_sk( sk, keyid );
keyid[2] = keyid[3] = 0;
- if( !sk->is_primary ) {
+ if (!sk->flags.primary)
+ {
keyid[2] = sk->main_keyid[0];
keyid[3] = sk->main_keyid[1];
- }
+ }
dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo,
&sk->protect.s2k, mode,
tryagain_text, canceled );
@@ -269,6 +270,7 @@
int
is_secret_key_protected (PKT_public_key *pk)
{
+#warning do we need this
return 0; /* FIXME: use agent_get_keyinfo?*/
/* return sk->is_protected? */
/* sk->protect.s2k.mode == 1002? -2 : */
Modified: trunk/g10/sig-check.c
===================================================================
--- trunk/g10/sig-check.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/sig-check.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -82,7 +82,7 @@
}
else if( get_pubkey( pk, sig->keyid ) )
rc = G10ERR_NO_PUBKEY;
- else if(!pk->is_valid && !pk->is_primary)
+ else if(!pk->flags.valid && !pk->flags.primary)
rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
invalid subkey */
else
@@ -98,9 +98,9 @@
them as their own. The attacker couldn't actually use the
subkey, but they could try and claim ownership of any
signaures issued by it. */
- if(rc==0 && !pk->is_primary && pk->backsig<2)
+ if(rc==0 && !pk->flags.primary && pk->flags.backsig < 2)
{
- if(pk->backsig==0)
+ if (!pk->flags.backsig)
{
log_info(_("WARNING: signing subkey %s is not"
" cross-certified\n"),keystr_from_pk(pk));
@@ -112,7 +112,7 @@
if(opt.flags.require_cross_cert)
rc=G10ERR_GENERAL;
}
- else if(pk->backsig==1)
+ else if(pk->flags.backsig == 1)
{
log_info(_("WARNING: signing subkey %s has an invalid"
" cross-certification\n"),keystr_from_pk(pk));
@@ -246,7 +246,7 @@
*r_expired = 1;
}
- if (pk->is_revoked)
+ if (pk->flags.revoked)
{
if (opt.verbose)
log_info (_("NOTE: signature key %s has been revoked\n"),
@@ -412,13 +412,12 @@
assert(IS_KEY_REV(sig));
assert((sig->keyid[0]!=pk->keyid[0]) || (sig->keyid[0]!=pk->keyid[1]));
- if(busy)
+ if (busy)
{
- /* return an error (i.e. not revoked), but mark the pk as
+ /* Return an error (i.e. not revoked), but mark the pk as
uncacheable as we don't really know its revocation status
- until it is checked directly. */
-
- pk->dont_cache=1;
+ until it is checked directly. */
+ pk->flags.dont_cache = 1;
return rc;
}
Modified: trunk/g10/sign.c
===================================================================
--- trunk/g10/sign.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/sign.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -360,7 +360,49 @@
}
+/* Return true if the key seems to be on a version 1 OpenPGP card.
+ This works by asking the agent and may fail if the card has not yet
+ been used with the agent. */
+static int
+openpgp_card_v1_p (PKT_public_key *pk)
+{
+ gpg_error_t err;
+ int result;
+ /* Shortcut if we are not using RSA: The v1 cards only support RSA
+ thus there is no point in looking any further. */
+ if (!is_RSA (pk->pubkey_algo))
+ return 0;
+
+ if (!pk->flags.serialno_valid)
+ {
+ char *hexgrip;
+
+ err = hexkeygrip_from_pk (pk, &hexgrip);
+ if (err)
+ {
+ log_error ("error computing a keygrip: %s\n", gpg_strerror (err));
+ return 0; /* Ooops. */
+ }
+
+ xfree (pk->serialno);
+ agent_get_keyinfo (NULL, hexgrip, &pk->serialno);
+ xfree (hexgrip);
+ pk->flags.serialno_valid = 1;
+ }
+
+ if (!pk->serialno)
+ result = 0; /* Error from a past agent_get_keyinfo or no card. */
+ else
+ {
+ /* The version number of the card is included in the serialno. */
+ result = !strncmp (pk->serialno, "D2760001240101", 14);
+ }
+ return result;
+}
+
+
+
static int
match_dsa_hash (unsigned int qbytes)
{
@@ -440,10 +482,7 @@
return match_dsa_hash(qbytes);
}
- else if (0
- /* FIXME: call agent sk->is_protected && sk->protect.s2k.mode == 1002
- && sk->protect.ivlen == 16
- && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01\x01", 7)*/)
+ else if (openpgp_card_v1_p (pk))
{
/* The sk lives on a smartcard, and old smartcards only handle
SHA-1 and RIPEMD/160. Newer smartcards (v2.0) don't have
@@ -851,7 +890,7 @@
gcry_md_start_debug (mfx.md, "sign");
/* If we're encrypting and signing, it is reasonable to pick the
- hash algorithm to use out of the recepient key prefs. This is
+ hash algorithm to use out of the recipient key prefs. This is
best effort only, as in a DSA2 and smartcard world there are
cases where we cannot please everyone with a single hash (DSA2
wants >160 and smartcards want =160). In the future this could
Modified: trunk/g10/trustdb.c
===================================================================
--- trunk/g10/trustdb.c 2010-10-20 06:51:11 UTC (rev 5460)
+++ trunk/g10/trustdb.c 2010-10-20 11:33:50 UTC (rev 5461)
@@ -520,7 +520,7 @@
{
if(!key && !uid)
return _("10 translator see trustdb.c:uid_trust_string_fixed");
- else if(uid->is_revoked || (key && key->is_revoked))
+ else if(uid->is_revoked || (key && key->flags.revoked))
return _("[ revoked]");
else if(uid->is_expired)
return _("[ expired]");
@@ -994,16 +994,17 @@
********* Query trustdb values **************
***********************************************/
-/* Return true if key is disabled */
+/* Return true if key is disabled. Note that this is usually used via
+ the pk_is_disabled macro. */
int
-cache_disabled_value(PKT_public_key *pk)
+cache_disabled_value (PKT_public_key *pk)
{
int rc;
TRUSTREC trec;
- int disabled=0;
+ int disabled = 0;
- if(pk->is_disabled)
- return (pk->is_disabled==2);
+ if (pk->flags.disabled_valid)
+ return pk->flags.disabled;
init_trustdb();
@@ -1016,15 +1017,13 @@
if (rc == -1) /* no record found, so assume not disabled */
goto leave;
- if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
- disabled=1;
+ if (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
+ disabled = 1;
/* Cache it for later so we don't need to look at the trustdb every
time */
- if(disabled)
- pk->is_disabled=2;
- else
- pk->is_disabled=1;
+ pk->flags.disabled = disabled;
+ pk->flags.disabled_valid = 1;
leave:
return disabled;
@@ -1151,16 +1150,17 @@
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
{
validity |= TRUST_FLAG_DISABLED;
- pk->is_disabled=2;
+ pk->flags.disabled = 1;
}
else
- pk->is_disabled=1;
+ pk->flags.disabled = 0;
+ pk->flags.disabled_valid = 1;
leave:
/* set some flags direct from the key */
- if (main_pk->is_revoked)
+ if (main_pk->flags.revoked)
validity |= TRUST_FLAG_REVOKED;
- if (main_pk != pk && pk->is_revoked)
+ if (main_pk != pk && pk->flags.revoked)
validity |= TRUST_FLAG_SUB_REVOKED;
/* Note: expiration is a trust value and not a flag - don't know why
* I initially designed it that way */
@@ -2145,7 +2145,7 @@
merge_keys_and_selfsig (keyblock);
clear_kbnode_flags (keyblock);
pk = keyblock->pkt->pkt.public_key;
- if (pk->has_expired || pk->is_revoked)
+ if (pk->has_expired || pk->flags.revoked)
{
/* it does not make sense to look further at those keys */
mark_keyblock_seen (full_trust, keyblock);
@@ -2355,7 +2355,7 @@
{
k->ownertrust = ask_ownertrust (k->kid,min);
- if (k->ownertrust == -1)
+ if (k->ownertrust == (unsigned int)(-1))
{
quit=1;
goto leave;
More information about the Gnupg-commits
mailing list