[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.22-3-g1a0eeaa
by Werner Koch
cvs at cvs.gnupg.org
Fri Oct 11 09:29:36 CEST 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e (commit)
via 6286d01ba33b963be30fbb4fba6f35f1b05acd17 (commit)
from 3544beff86b324a855eb5a927673f12d74651889 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e
Author: Werner Koch <wk at gnupg.org>
Date: Fri Oct 11 09:25:58 2013 +0200
gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark): Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--
This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used. It just does
not make sense to create a trustdb if there is no need for it.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/NEWS b/NEWS
index cb53749..1c1d832 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
Noteworthy changes in version 2.0.23 (unreleased)
-------------------------------------------------
+ * Do not create a trustdb file if --trust-model=always is used.
+
Noteworthy changes in version 2.0.22 (2013-10-04)
-------------------------------------------------
diff --git a/g10/gpg.c b/g10/gpg.c
index 339bf26..3415042 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3408,15 +3408,11 @@ main (int argc, char **argv)
case aListTrustDB:
rc = setup_trustdb (argc? 1:0, trustdb_name);
break;
- case aEncr:
- case aEncrFiles:
+ default:
/* If we are using TM_ALWAYS, we do not need to create the
trustdb. */
rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
break;
- default:
- rc = setup_trustdb (1, trustdb_name );
- break;
}
if (rc)
log_error (_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 3e6091c..c5f662c 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -473,7 +473,7 @@ create_version_record (void)
int
-tdbio_set_dbname( const char *new_dbname, int create )
+tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile)
{
char *fname;
static int initialized = 0;
@@ -483,6 +483,8 @@ tdbio_set_dbname( const char *new_dbname, int create )
initialized = 1;
}
+ *r_nofile = 0;
+
if(new_dbname==NULL)
fname=make_filename(opt.homedir,"trustdb" EXTSEP_S "gpg", NULL);
else if (*new_dbname != DIRSEP_C )
@@ -501,7 +503,9 @@ tdbio_set_dbname( const char *new_dbname, int create )
xfree(fname);
return G10ERR_TRUSTDB;
}
- if( create ) {
+ if (!create)
+ *r_nofile = 1;
+ else {
FILE *fp;
TRUSTREC rec;
int rc;
diff --git a/g10/tdbio.h b/g10/tdbio.h
index b99b491..4f37de4 100644
--- a/g10/tdbio.h
+++ b/g10/tdbio.h
@@ -57,7 +57,7 @@ struct trust_record {
byte min_cert_level;
ulong created; /* timestamp of trustdb creation */
ulong nextcheck; /* timestamp of next scheduled check */
- ulong reserved;
+ ulong reserved;
ulong reserved2;
ulong firstfree;
ulong reserved3;
@@ -82,7 +82,7 @@ struct trust_record {
} trust;
struct {
byte namehash[20];
- ulong next;
+ ulong next;
byte validity;
byte full_count;
byte marginal_count;
@@ -93,7 +93,7 @@ typedef struct trust_record TRUSTREC;
/*-- tdbio.c --*/
int tdbio_update_version_record(void);
-int tdbio_set_dbname( const char *new_dbname, int create );
+int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile);
const char *tdbio_get_dbname(void);
void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
diff --git a/g10/trustdb.c b/g10/trustdb.c
index dedb18c..f96701a 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -44,7 +44,7 @@
/*
* A structure to store key identification as well as some stuff needed
- * for validation
+ * for validation
*/
struct key_item {
struct key_item *next;
@@ -60,7 +60,7 @@ typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
/*
* Structure to keep track of keys, this is used as an array wherre
- * the item right after the last one has a keyblock set to NULL.
+ * the item right after the last one has a keyblock set to NULL.
* Maybe we can drop this thing and replace it by key_item
*/
struct key_array {
@@ -73,6 +73,7 @@ static struct {
int init;
int level;
char *dbname;
+ int no_trustdb; /* Set if a trustdb file is not available. */
} trustdb_args;
/* some globals */
@@ -92,7 +93,7 @@ static struct key_item *
new_key_item (void)
{
struct key_item *k;
-
+
k = xmalloc_clear (sizeof *k);
return k;
}
@@ -114,11 +115,11 @@ release_key_items (struct key_item *k)
* For fast keylook up we need a hash table. Each byte of a KeyIDs
* should be distributed equally over the 256 possible values (except
* for v3 keyIDs but we consider them as not important here). So we
- * can just use 10 bits to index a table of 1024 key items.
+ * can just use 10 bits to index a table of 1024 key items.
* Possible optimization: Don not use key_items but other hash_table when the
- * duplicates lists gets too large.
+ * duplicates lists gets too large.
*/
-static KeyHashTable
+static KeyHashTable
new_key_hash_table (void)
{
struct key_item **tbl;
@@ -139,7 +140,7 @@ release_key_hash_table (KeyHashTable tbl)
xfree (tbl);
}
-/*
+/*
* Returns: True if the keyID is in the given hash table
*/
static int
@@ -164,7 +165,7 @@ add_key_hash_table (KeyHashTable tbl, u32 *kid)
for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
return; /* already in table */
-
+
kk = new_key_item ();
kk->kid[0] = kid[0];
kk->kid[1] = kid[1];
@@ -234,7 +235,7 @@ add_utk (u32 *kid)
{
struct key_item *k;
- for (k = utk_list; k; k = k->next)
+ for (k = utk_list; k; k = k->next)
{
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
{
@@ -269,15 +270,15 @@ verify_own_keys(void)
return;
/* scan the trustdb to find all ultimately trusted keys */
- for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
+ for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
{
- if ( rec.rectype == RECTYPE_TRUST
+ if ( rec.rectype == RECTYPE_TRUST
&& (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
{
byte *fpr = rec.r.trust.fingerprint;
int fprlen;
u32 kid[2];
-
+
/* Problem: We do only use fingerprints in the trustdb but
* we need the keyID here to indetify the key; we can only
* use that ugly hack to distinguish between 16 and 20
@@ -293,9 +294,9 @@ verify_own_keys(void)
}
/* Put any --trusted-key keys into the trustdb */
- for (k = user_utk_list; k; k = k->next)
+ for (k = user_utk_list; k; k = k->next)
{
- if ( add_utk (k->kid) )
+ if ( add_utk (k->kid) )
{ /* not yet in trustDB as ultimately trusted */
PKT_public_key pk;
@@ -441,7 +442,7 @@ init_trustdb()
if(level==0 || level==1)
{
- int rc = tdbio_set_dbname( dbname, !!level );
+ int rc = tdbio_set_dbname (dbname, !!level, &trustdb_args.no_trustdb);
if( rc )
log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
}
@@ -492,7 +493,7 @@ init_trustdb()
static int
trust_letter (unsigned int value)
{
- switch( (value & TRUST_MASK) )
+ switch( (value & TRUST_MASK) )
{
case TRUST_UNKNOWN: return '-';
case TRUST_EXPIRED: return 'e';
@@ -541,7 +542,7 @@ uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
const char *
trust_value_to_string (unsigned int value)
{
- switch( (value & TRUST_MASK) )
+ switch( (value & TRUST_MASK) )
{
case TRUST_UNKNOWN: return _("unknown");
case TRUST_EXPIRED: return _("expired");
@@ -610,7 +611,7 @@ check_trustdb ()
/*
- * Recreate the WoT.
+ * Recreate the WoT.
*/
void
update_trustdb()
@@ -627,6 +628,9 @@ void
revalidation_mark (void)
{
init_trustdb();
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return;
+
/* we simply set the time for the next check to 1 (far back in 1970)
* so that a --update-trustdb will be scheduled */
if (tdbio_write_nextcheck (1))
@@ -662,8 +666,10 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
TRUSTREC opts;
init_trustdb();
-
- read_record(0,&opts,RECTYPE_VER);
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ memset (&opts, 0, sizeof opts);
+ else
+ read_record(0,&opts,RECTYPE_VER);
if(trust_model)
*trust_model=opts.r.ver.trust_model;
@@ -685,29 +691,29 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
*********** Ownertrust et al. ****************
***********************************************/
-static int
+static int
read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
{
int rc;
-
+
init_trustdb();
rc = tdbio_search_trust_bypk (pk, rec);
if (rc == -1)
return -1; /* no record yet */
- if (rc)
+ if (rc)
{
log_error ("trustdb: searching trust record failed: %s\n",
g10_errstr (rc));
- return rc;
+ return rc;
}
-
+
if (rec->rectype != RECTYPE_TRUST)
{
log_error ("trustdb: record %lu is not a trust record\n",
rec->recnum);
- return G10ERR_TRUSTDB;
- }
-
+ return G10ERR_TRUSTDB;
+ }
+
return 0;
}
@@ -715,16 +721,19 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
* Return the assigned ownertrust value for the given public key.
* The key should be the primary key.
*/
-unsigned int
+unsigned int
get_ownertrust ( PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
-
+
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return TRUST_UNKNOWN;
+
rc = read_trust_record (pk, &rec);
if (rc == -1)
return TRUST_UNKNOWN; /* no record yet */
- if (rc)
+ if (rc)
{
tdbio_invalid ();
return rc; /* actually never reached */
@@ -733,16 +742,19 @@ get_ownertrust ( PKT_public_key *pk)
return rec.r.trust.ownertrust;
}
-unsigned int
+unsigned int
get_min_ownertrust (PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
-
+
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return TRUST_UNKNOWN;
+
rc = read_trust_record (pk, &rec);
if (rc == -1)
return TRUST_UNKNOWN; /* no record yet */
- if (rc)
+ if (rc)
{
tdbio_invalid ();
return rc; /* actually never reached */
@@ -805,7 +817,10 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
{
TRUSTREC rec;
int rc;
-
+
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return;
+
rc = read_trust_record (pk, &rec);
if (!rc)
{
@@ -837,7 +852,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
do_sync ();
rc = 0;
}
- else
+ else
{
tdbio_invalid ();
}
@@ -850,6 +865,9 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
TRUSTREC rec;
int rc;
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return;
+
pk = xmalloc_clear (sizeof *pk);
rc = get_pubkey (pk, kid);
if (rc)
@@ -891,7 +909,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
do_sync ();
rc = 0;
}
- else
+ else
{
tdbio_invalid ();
}
@@ -904,7 +922,10 @@ clear_ownertrusts (PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
-
+
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return 0;
+
rc = read_trust_record (pk, &rec);
if (!rc)
{
@@ -932,8 +953,8 @@ clear_ownertrusts (PKT_public_key *pk)
return 0;
}
-/*
- * Note: Caller has to do a sync
+/*
+ * Note: Caller has to do a sync
*/
static void
update_validity (PKT_public_key *pk, PKT_user_id *uid,
@@ -952,7 +973,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
return;
}
if (rc == -1) /* no record yet - create a new one */
- {
+ {
size_t dummy;
rc = 0;
@@ -1007,6 +1028,8 @@ cache_disabled_value(PKT_public_key *pk)
return (pk->is_disabled==2);
init_trustdb();
+ if (trustdb_args.no_trustdb)
+ return 0; /* No trustdb => not disabled. */
rc = read_trust_record (pk, &trec);
if (rc && rc != -1)
@@ -1016,10 +1039,10 @@ cache_disabled_value(PKT_public_key *pk)
}
if (rc == -1) /* no record found, so assume not disabled */
goto leave;
-
+
if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
disabled=1;
-
+
/* Cache it for later so we don't need to look at the trustdb every
time */
if(disabled)
@@ -1037,6 +1060,9 @@ check_trustdb_stale(void)
static int did_nextcheck=0;
init_trustdb ();
+ if (trustdb_args.no_trustdb)
+ return; /* No trustdb => can't be stale. */
+
if (!did_nextcheck
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
{
@@ -1047,7 +1073,7 @@ check_trustdb_stale(void)
if ((scheduled && scheduled <= make_timestamp ())
|| pending_check_trustdb)
{
- if (opt.no_auto_check_trustdb)
+ if (opt.no_auto_check_trustdb)
{
pending_check_trustdb = 1;
log_info (_("please do a --check-trustdb\n"));
@@ -1064,7 +1090,7 @@ check_trustdb_stale(void)
/*
* Return the validity information for PK. If the namehash is not
* NULL, the validity of the corresponsing user ID is returned,
- * otherwise, a reasonable value for the entire key is returned.
+ * otherwise, a reasonable value for the entire key is returned.
*/
unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid)
@@ -1080,6 +1106,14 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
namehash_from_uid(uid);
init_trustdb ();
+
+ /* If we have no trustdb (which also means it has not been created)
+ and the trust-model is always, we don't know the validity -
+ return immediately. If we won't do that the tdbio code would try
+ to open the trustdb and run into a fatal error. */
+ if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+ return TRUST_UNKNOWN;
+
check_trustdb_stale();
keyid_from_pk (pk, kid);
@@ -1093,7 +1127,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
log_error ("error getting main key %s of subkey %s: %s\n",
tempkeystr, keystr(kid), g10_errstr(rc));
xfree(tempkeystr);
- validity = TRUST_UNKNOWN;
+ validity = TRUST_UNKNOWN;
goto leave;
}
}
@@ -1116,7 +1150,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
}
if (rc == -1) /* no record found */
{
- validity = TRUST_UNKNOWN;
+ validity = TRUST_UNKNOWN;
goto leave;
}
@@ -1149,7 +1183,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
recno = vrec.r.valid.next;
}
-
+
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
{
validity |= TRUST_FLAG_DISABLED;
@@ -1168,7 +1202,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
* I initially designed it that way */
if (main_pk->has_expired || pk->has_expired)
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
-
+
if (pending_check_trustdb)
validity |= TRUST_FLAG_PENDING_CHECK;
@@ -1181,10 +1215,10 @@ int
get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
{
int trustlevel;
-
+
if (!pk)
return '?'; /* Just in case a NULL PK is passed. */
-
+
trustlevel = get_validity (pk, uid);
if ( (trustlevel & TRUST_FLAG_REVOKED) )
return 'r';
@@ -1311,7 +1345,7 @@ ask_ownertrust (u32 *kid,int minimum)
keystr(kid), g10_errstr(rc) );
return TRUST_UNKNOWN;
}
-
+
if(opt.force_ownertrust)
{
log_info("force trust for key %s to %s\n",
@@ -1384,7 +1418,7 @@ dump_key_array (int depth, struct key_array *keys)
}
}
}
-}
+}
static void
@@ -1407,7 +1441,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
status = TRUST_UNDEFINED;
else
status = 0;
-
+
if (status)
{
update_validity (keyblock->pkt->pkt.public_key,
@@ -1422,7 +1456,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
if (any)
do_sync ();
-}
+}
/*
* check whether the signature sig is in the klist k
@@ -1454,7 +1488,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
{
KBNODE node;
PKT_signature *sig;
-
+
/* first check all signatures */
for (node=uidnode->next; node; node = node->next)
{
@@ -1487,7 +1521,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
continue;
}
node->flag |= 1<<9;
- }
+ }
/* reset the remaining flags */
for (; node; node = node->next)
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
@@ -1535,7 +1569,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
older: if signode was older then we don't want to take n
as signode is nonrevocable. If n was older then we're
automatically fine. */
-
+
if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
!signode->pkt->pkt.signature->flags.revocable &&
(signode->pkt->pkt.signature->expiredate==0 ||
@@ -1551,7 +1585,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
n was older then we don't want to take signode as n is
nonrevocable. If signode was older then we're
automatically fine. */
-
+
if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
!signode->pkt->pkt.signature->flags.revocable &&
(signode->pkt->pkt.signature->expiredate==0 ||
@@ -1582,7 +1616,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
sig = signode->pkt->pkt.signature;
if (IS_UID_SIG (sig))
- { /* this seems to be a usable one which is not revoked.
+ { /* this seems to be a usable one which is not revoked.
* Just need to check whether there is an expiration time,
* We do the expired certification after finding a suitable
* certification, the assumption is that a signator does not
@@ -1591,7 +1625,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
* different expiration time */
const byte *p;
u32 expire;
-
+
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
expire = p? sig->timestamp + buffer_to_u32(p) : 0;
@@ -1678,7 +1712,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
delete_kbnode(node);
deleted++;
}
-
+
return deleted;
}
@@ -1937,7 +1971,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
{
if (uid->help_full_count >= opt.completes_needed
|| uid->help_marginal_count >= opt.marginals_needed )
- uidnode->flag |= 4;
+ uidnode->flag |= 4;
else if (uid->help_full_count || uid->help_marginal_count)
uidnode->flag |= 2;
uidnode->flag |= 1;
@@ -1952,7 +1986,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
issigned = 0;
get_validity_counts(pk,uid);
- mark_usable_uid_certs (kb, uidnode, main_kid, klist,
+ mark_usable_uid_certs (kb, uidnode, main_kid, klist,
curtime, next_expire);
}
else if (node->pkt->pkttype == PKT_SIGNATURE
@@ -1960,15 +1994,15 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
{
/* Note that we are only seeing unrevoked sigs here */
PKT_signature *sig = node->pkt->pkt.signature;
-
+
kr = is_in_klist (klist, sig);
/* If the trust_regexp does not match, it's as if the sig
did not exist. This is safe for non-trust sigs as well
since we don't accept a regexp on the sig unless it's a
trust sig. */
- if (kr && (!kr->trust_regexp
- || opt.trust_model != TM_PGP
- || (uidnode
+ if (kr && (!kr->trust_regexp
+ || opt.trust_model != TM_PGP
+ || (uidnode
&& check_regexp(kr->trust_regexp,
uidnode->pkt->pkt.user_id->name))))
{
@@ -2032,7 +2066,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
pk->trust_value = sig->trust_value;
pk->trust_depth = depth-1;
-
+
/* If the trust sig contains a regexp, record it
on the pk for the next round. */
if (sig->trust_regexp)
@@ -2055,7 +2089,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
{
if (uid->help_full_count >= opt.completes_needed
|| uid->help_marginal_count >= opt.marginals_needed )
- uidnode->flag |= 4;
+ uidnode->flag |= 4;
else if (uid->help_full_count || uid->help_marginal_count)
uidnode->flag |= 2;
uidnode->flag |= 1;
@@ -2079,7 +2113,7 @@ search_skipfnc (void *opaque, u32 *kid, PKT_user_id *dummy)
* kllist. The caller has to pass keydb handle so that we don't use
* to create our own. Returns either a key_array or NULL in case of
* an error. No results found are indicated by an empty array.
- * Caller hast to release the returned array.
+ * Caller hast to release the returned array.
*/
static struct key_array *
validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
@@ -2090,11 +2124,11 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
size_t nkeys, maxkeys;
int rc;
KEYDB_SEARCH_DESC desc;
-
+
maxkeys = 1000;
keys = xmalloc ((maxkeys+1) * sizeof *keys);
nkeys = 0;
-
+
rc = keydb_search_reset (hd);
if (rc)
{
@@ -2119,21 +2153,21 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
xfree (keys);
return NULL;
}
-
+
desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
do
{
PKT_public_key *pk;
-
+
rc = keydb_get_keyblock (hd, &keyblock);
- if (rc)
+ if (rc)
{
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
xfree (keys);
return NULL;
}
-
- if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
+
+ if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
{
log_debug ("ooops: invalid pkttype %d encountered\n",
keyblock->pkt->pkttype);
@@ -2143,7 +2177,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
}
/* prepare the keyblock for further processing */
- merge_keys_and_selfsig (keyblock);
+ merge_keys_and_selfsig (keyblock);
clear_kbnode_flags (keyblock);
pk = keyblock->pkt->pkt.public_key;
if (pk->has_expired || pk->is_revoked)
@@ -2180,9 +2214,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
release_kbnode (keyblock);
keyblock = NULL;
- }
+ }
while ( !(rc = keydb_search (hd, &desc, 1)) );
- if (rc && rc != -1)
+ if (rc && rc != -1)
{
log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
xfree (keys);
@@ -2191,7 +2225,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
keys[nkeys].keyblock = NULL;
return keys;
-}
+}
/* Caller must sync */
static void
@@ -2201,7 +2235,7 @@ reset_trust_records(void)
ulong recnum;
int count = 0, nreset = 0;
- for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
+ for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
{
if(rec.rectype==RECTYPE_TRUST)
{
@@ -2240,7 +2274,7 @@ reset_trust_records(void)
* Step 2: loop max_cert_times
* Step 3: if OWNERTRUST of any key in klist is undefined
* ask user to assign ownertrust
- * Step 4: Loop over all keys in the keyDB which are not marked seen
+ * Step 4: Loop over all keys in the keyDB which are not marked seen
* Step 5: if key is revoked or expired
* mark key as seen
* continue loop at Step 4
@@ -2252,7 +2286,7 @@ reset_trust_records(void)
* End Loop
* Step 8: Build a new klist from all fully trusted keys from step 6
* End Loop
- * Ready
+ * Ready
*
*/
static int
@@ -2322,7 +2356,7 @@ validate_keys (int interactive)
if ( pk->expiredate && pk->expiredate >= start_time
&& pk->expiredate < next_expire)
next_expire = pk->expiredate;
-
+
release_kbnode (keyblock);
do_sync ();
}
@@ -2398,7 +2432,7 @@ validate_keys (int interactive)
/* Find all keys which are signed by a key in kdlist */
keys = validate_key_list (kdb, full_trust, klist,
start_time, &next_expire);
- if (!keys)
+ if (!keys)
{
log_error ("validate_key_list failed\n");
rc = G10ERR_GENERAL;
@@ -2416,9 +2450,9 @@ validate_keys (int interactive)
store_validation_status (depth, kar->keyblock, stored);
log_info (_("depth: %d valid: %3d signed: %3d"
- " trust: %d-, %dq, %dn, %dm, %df, %du\n"),
+ " trust: %d-, %dq, %dn, %dm, %df, %du\n"),
depth, valids, key_count, ot_unknown, ot_undefined,
- ot_never, ot_marginal, ot_full, ot_ultimate );
+ ot_never, ot_marginal, ot_full, ot_ultimate );
/* Build a new kdlist from all fully valid keys in KEYS */
if (klist != utk_list)
@@ -2480,10 +2514,10 @@ validate_keys (int interactive)
if (!rc && !quit) /* mark trustDB as checked */
{
if (next_expire == 0xffffffff || next_expire < start_time )
- tdbio_write_nextcheck (0);
+ tdbio_write_nextcheck (0);
else
{
- tdbio_write_nextcheck (next_expire);
+ tdbio_write_nextcheck (next_expire);
log_info (_("next trustdb check due at %s\n"),
strtimestamp (next_expire));
}
commit 6286d01ba33b963be30fbb4fba6f35f1b05acd17
Author: Werner Koch <wk at gnupg.org>
Date: Tue Oct 8 15:29:36 2013 +0200
gpg: Fix --version output and explicitly disable ECC.
* g10/misc.c (openpgp_pk_algo_name): New. Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E. Return an error for ECC algos.
(openpgp_pk_test_algo2): Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--
Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks. This patches fixes that and
also make sure that gpg does advertise any ECC features. The patch in
build_list is not really needed.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/encode.c b/g10/encode.c
index 3c4e0a2..88d0a69 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -83,7 +83,7 @@ encode_seskey( DEK *dek, DEK **seskey, byte *enckey )
/* The encrypted session key is prefixed with a one-octet algorithm id. */
buf[0] = (*seskey)->algo;
memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
-
+
/* We only pass already checked values to the following fucntion,
thus we consider any failure as fatal. */
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
@@ -117,7 +117,7 @@ use_mdc(PK_LIST pk_list,int algo)
if(select_mdc_from_pklist(pk_list))
return 1;
-
+
/* The keys don't support MDC, so now we do a bit of a hack - if any
of the AESes or TWOFISH are in the prefs, we assume that the user
can handle a MDC. This is valid for PGP 7, which can handle MDCs
@@ -178,7 +178,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
memset( &zfx, 0, sizeof zfx);
memset( &tfx, 0, sizeof tfx);
init_packet(&pkt);
-
+
/* prepare iobufs */
inp = iobuf_open(filename);
if (inp)
@@ -207,7 +207,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
it has no S2K salt. RFC1991 always uses simple S2K. */
if ( RFC1991 && use_seskey )
use_seskey = 0;
-
+
cfx.dek = NULL;
if( mode ) {
int canceled;
@@ -254,7 +254,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
{
if (opt.verbose)
log_info(_("`%s' already compressed\n"), filename);
- do_compress = 0;
+ do_compress = 0;
}
if( rc || (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) {
@@ -563,7 +563,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
cfx.dek->algo = opt.def_cipher_algo;
}
-
+
cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
/* Only do the is-file-already-compressed check if we are using a
@@ -575,7 +575,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
{
if (opt.verbose)
log_info(_("`%s' already compressed\n"), filename);
- do_compress = 0;
+ do_compress = 0;
}
if (rc2)
{
@@ -846,7 +846,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
if( opt.verbose ) {
char *ustr = get_user_id_string_native (enc->keyid);
log_info(_("%s/%s encrypted for: \"%s\"\n"),
- gcry_pk_algo_name (enc->pubkey_algo),
+ openpgp_pk_algo_name (enc->pubkey_algo),
openpgp_cipher_algo_name (dek->algo),
ustr );
xfree(ustr);
@@ -874,9 +874,9 @@ encode_crypt_files(int nfiles, char **files, strlist_t remusr)
if (opt.outfile)
{
log_error(_("--output doesn't work for this command\n"));
- return;
+ return;
}
-
+
if (!nfiles)
{
char line[2048];
diff --git a/g10/gpg.c b/g10/gpg.c
index 1238f47..339bf26 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -854,8 +854,8 @@ my_strusage( int level )
case 33: p = _("\nSupported algorithms:\n"); break;
case 34:
if (!pubkeys)
- pubkeys = build_list (_("Pubkey: "), 0,
- gcry_pk_algo_name,
+ pubkeys = build_list (_("Pubkey: "), 'P',
+ openpgp_pk_algo_name,
openpgp_pk_test_algo );
p = pubkeys;
break;
@@ -906,6 +906,9 @@ build_list (const char *text, char letter,
for (i=0; i <= 110; i++ )
{
+ if (letter == 'P' && i == 19 )
+ continue; /* No need to print a second "ECC" string. */
+
if (!chkf (i) && (s = mapf (i)))
{
if (mb.len - len > 60)
@@ -921,7 +924,7 @@ build_list (const char *text, char letter,
put_membuf_str (&mb, text);
put_membuf_str (&mb, s);
- if (opt.verbose && letter)
+ if (opt.verbose && letter && letter != 'P')
{
char num[20];
snprintf (num, sizeof num, " (%c%d)", letter, i);
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 3470257..4d5395d 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2810,7 +2810,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
if(pk->is_revoked)
{
char *user=get_user_id_string_native(pk->revoked.keyid);
- const char *algo = gcry_pk_algo_name (pk->revoked.algo);
+ const char *algo = openpgp_pk_algo_name (pk->revoked.algo);
tty_printf (_("The following key was revoked on"
" %s by %s key %s\n"),
revokestr_from_pk(pk),algo?algo:"?",user);
@@ -2828,7 +2828,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
char *user;
const char *algo;
- algo = gcry_pk_algo_name (pk->revkey[i].algid);
+ algo = openpgp_pk_algo_name (pk->revkey[i].algid);
keyid_from_fingerprint(pk->revkey[i].fpr,
MAX_FINGERPRINT_LEN,r_keyid);
diff --git a/g10/keygen.c b/g10/keygen.c
index 3222c55..ad6bd73 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1603,7 +1603,7 @@ ask_key_flags(int algo,int subkey)
{
tty_printf("\n");
tty_printf(_("Possible actions for a %s key: "),
- gcry_pk_algo_name (algo));
+ openpgp_pk_algo_name (algo));
print_key_flags(possible);
tty_printf("\n");
tty_printf(_("Current allowed actions: "));
@@ -1807,7 +1807,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
}
tty_printf(_("%s keys may be between %u and %u bits long.\n"),
- gcry_pk_algo_name (algo), min, max);
+ openpgp_pk_algo_name (algo), min, max);
for(;;)
{
@@ -1826,7 +1826,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
if(nbits<min || nbits>max)
tty_printf(_("%s keysizes must be in the range %u-%u\n"),
- gcry_pk_algo_name (algo), min, max);
+ openpgp_pk_algo_name (algo), min, max);
else
break;
}
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 291a79c..7164f67 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -485,7 +485,7 @@ print_keyrec(int number,struct keyrec *keyrec)
{
const char *str;
- str = gcry_pk_algo_name (map_pk_openpgp_to_gcry (keyrec->type));
+ str = openpgp_pk_algo_name (keyrec->type);
if(str && strcmp (str, "?"))
printf("%s ",str);
else
diff --git a/g10/main.h b/g10/main.h
index 35c9373..4ec0f29 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -93,6 +93,7 @@ int map_pk_openpgp_to_gcry (int algo);
int openpgp_pk_test_algo( int algo );
int openpgp_pk_test_algo2 ( int algo, unsigned int use );
int openpgp_pk_algo_usage ( int algo );
+const char *openpgp_pk_algo_name (int algo);
int openpgp_md_test_algo( int algo );
#ifdef USE_IDEA
diff --git a/g10/mainproc.c b/g10/mainproc.c
index a1bd959..0387f8a 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -455,7 +455,7 @@ print_pkenc_list( struct kidlist_item *list, int failed )
if ( !failed && list->reason )
continue;
- algstr = gcry_pk_algo_name ( list->pubkey_algo );
+ algstr = openpgp_pk_algo_name ( list->pubkey_algo );
pk = xmalloc_clear( sizeof *pk );
if( !algstr )
@@ -1644,7 +1644,7 @@ check_sig_and_print( CTX c, KBNODE node )
/* (Indendation below not yet changed to GNU style.) */
- astr = gcry_pk_algo_name ( sig->pubkey_algo );
+ astr = openpgp_pk_algo_name ( sig->pubkey_algo );
if(keystrlen()>8)
{
log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
diff --git a/g10/misc.c b/g10/misc.c
index 9d3ee1e..9b7c8ab 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -297,7 +297,7 @@ print_pubkey_algo_note( int algo )
{
warn=1;
log_info (_("WARNING: using experimental public key algorithm %s\n"),
- gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo)));
+ openpgp_pk_algo_name (algo));
}
}
else if (algo == 20)
@@ -423,8 +423,9 @@ map_pk_openpgp_to_gcry (int algo)
{
switch (algo)
{
- case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
- case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/;
+ case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
+ case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/;
+ case PUBKEY_ALGO_ELGAMAL_E: return GCRY_PK_ELG;
default: return algo;
}
}
@@ -433,11 +434,15 @@ map_pk_openpgp_to_gcry (int algo)
int
openpgp_pk_test_algo( int algo )
{
+ /* ECC is not yet supported even if supported by Libgcrypt. */
+ if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
/* Dont't allow type 20 keys unless in rfc2440 mode. */
if (!RFC2440 && algo == 20)
return gpg_error (GPG_ERR_PUBKEY_ALGO);
- if (algo == GCRY_PK_ELG_E)
+ if (algo == PUBKEY_ALGO_ELGAMAL_E)
algo = GCRY_PK_ELG;
if (algo < 0 || algo > 110)
@@ -450,11 +455,15 @@ openpgp_pk_test_algo2( int algo, unsigned int use )
{
size_t use_buf = use;
+ /* ECC is not yet supported even if supported by Libgcrypt. */
+ if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
/* Dont't allow type 20 keys unless in rfc2440 mode. */
if (!RFC2440 && algo == 20)
return gpg_error (GPG_ERR_PUBKEY_ALGO);
- if (algo == GCRY_PK_ELG_E)
+ if (algo == PUBKEY_ALGO_ELGAMAL_E)
algo = GCRY_PK_ELG;
if (algo < 0 || algo > 110)
@@ -491,12 +500,29 @@ openpgp_pk_algo_usage ( int algo )
case PUBKEY_ALGO_DSA:
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break;
+ case PUBKEY_ALGO_ECDH:
+ use = PUBKEY_USAGE_ENC;
+ break;
+ case PUBKEY_ALGO_ECDSA:
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
+ break;
default:
break;
}
return use;
}
+
+/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
+ string representation of the algorithm name. For unknown algorithm
+ IDs this function returns "?". */
+const char *
+openpgp_pk_algo_name (int algo)
+{
+ return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
+}
+
+
int
openpgp_md_test_algo( int algo )
{
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 2133de5..9752718 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -74,7 +74,7 @@ encode_s2k_iterations (int iterations)
if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
/* Default to 65536 which we used up to 2.0.13. */
- return 96;
+ return 96;
}
else if (mycnt >= 65011712)
return 255; /* Largest possible value. */
@@ -87,7 +87,7 @@ encode_s2k_iterations (int iterations)
if (iterations >= 65011712)
return 255;
-
+
/* Need count to be in the range 16-31 */
for (count=iterations>>6; count>=32; count>>=1)
c++;
@@ -96,13 +96,13 @@ encode_s2k_iterations (int iterations)
if (S2K_DECODE_COUNT(result) < iterations)
result++;
-
+
return result;
}
-/* Hash a passphrase using the supplied s2k.
+/* Hash a passphrase using the supplied s2k.
Always needs: dek->algo, s2k->mode, s2k->hash_algo. */
static void
hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
@@ -119,20 +119,20 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
if (gcry_md_open (&md, s2k->hash_algo, 1))
BUG ();
- for (pass=0; used < dek->keylen ; pass++ )
+ for (pass=0; used < dek->keylen ; pass++ )
{
- if ( pass )
+ if ( pass )
{
gcry_md_reset (md);
for (i=0; i < pass; i++ ) /* Preset the hash context. */
gcry_md_putc (md, 0 );
}
- if ( s2k->mode == 1 || s2k->mode == 3 )
+ if ( s2k->mode == 1 || s2k->mode == 3 )
{
int len2 = pwlen + 8;
ulong count = len2;
-
+
if ( s2k->mode == 3 )
{
count = S2K_DECODE_COUNT(s2k->count);
@@ -146,7 +146,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
/* A little bit complicated because we need a ulong for count. */
while ( count > len2 ) /* maybe iterated+salted */
- {
+ {
gcry_md_write ( md, s2k->salt, 8 );
gcry_md_write ( md, pw, pwlen );
count -= len2;
@@ -242,7 +242,7 @@ read_passphrase_from_fd( int fd )
int i, len;
char *pw;
- if ( !opt.batch )
+ if ( !opt.batch )
{ /* Not used but we have to do a dummy read, so that it won't end
up at the begin of the message if the quite usual trick to
prepend the passphtrase to the message is used. */
@@ -251,12 +251,12 @@ read_passphrase_from_fd( int fd )
while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
;
*buf = 0;
- return;
+ return;
}
- for (pw = NULL, i = len = 100; ; i++ )
+ for (pw = NULL, i = len = 100; ; i++ )
{
- if (i >= len-1 )
+ if (i >= len-1 )
{
char *pw2 = pw;
len += 100;
@@ -322,35 +322,35 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
if( keyid && get_pubkey( pk, keyid ) )
{
if (pk)
- free_public_key( pk );
+ free_public_key( pk );
pk = NULL; /* oops: no key for some reason */
}
-
+
orig_codeset = i18n_switchto_utf8 ();
if (custom_description)
atext = native_to_utf8 (custom_description);
else if ( !mode && pk && keyid )
- {
+ {
char *uid;
size_t uidlen;
- const char *algo_name = gcry_pk_algo_name ( pk->pubkey_algo );
+ const char *algo_name = openpgp_pk_algo_name (pk->pubkey_algo);
const char *timestr;
char *maink;
-
+
if ( !algo_name )
algo_name = "?";
#define KEYIDSTRING _(" (main key ID %s)")
maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 );
- if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
+ if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
&& keyid[1] != keyid[3] )
sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) );
else
*maink = 0;
-
- uid = get_user_id ( keyid, &uidlen );
+
+ uid = get_user_id ( keyid, &uidlen );
timestr = strtimestamp (pk->timestamp);
#undef KEYIDSTRING
@@ -361,7 +361,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
"%u-bit %s key, ID %s,\n" \
"created %s%s.\n" )
- atext = xmalloc ( 100 + strlen (PROMPTSTRING)
+ atext = xmalloc ( 100 + strlen (PROMPTSTRING)
+ uidlen + 15 + strlen(algo_name) + keystrlen()
+ strlen (timestr) + strlen (maink) );
sprintf (atext, PROMPTSTRING,
@@ -373,16 +373,16 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
#undef PROMPTSTRING
- {
+ {
size_t dummy;
fingerprint_from_pk( pk, fpr, &dummy );
have_fpr = 1;
}
-
+
}
else
atext = xstrdup ( _("Enter passphrase\n") );
-
+
if (!mode && cacheid)
my_cacheid = cacheid;
@@ -398,7 +398,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext,
repeat, check, &pw);
-
+
xfree (my_prompt);
xfree (atext); atext = NULL;
@@ -413,7 +413,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
if (canceled)
*canceled = 1;
}
- else
+ else
{
log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
/* Due to limitations in the API of the upper layers they
@@ -422,7 +422,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
definitely not happen and let it continue without requiring a
passphrase. Given that now all the upper layers handle a
cancel correctly, we simply set the cancel flag now for all
- errors from the agent. */
+ errors from the agent. */
if (canceled)
*canceled = 1;
@@ -450,7 +450,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
int rc;
(void)algo;
-
+
if (!cacheid)
{
PKT_public_key *pk;
@@ -460,7 +460,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
byte fpr[MAX_FINGERPRINT_LEN];
char hexfprbuf[2*20+1];
size_t dummy;
-
+
pk = xcalloc (1, sizeof *pk);
if ( !keyid || get_pubkey( pk, keyid ) )
{
@@ -488,7 +488,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
NULL, sets it to true.
MODE 0: Allow cached passphrase
- 1: Ignore cached passphrase
+ 1: Ignore cached passphrase
2: Ditto, but create a new key
3: Allow cached passphrase; use the S2K salt as the cache ID
4: Ditto, but create a new key
@@ -496,7 +496,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
DEK *
passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode,
- const char *tryagain_text,
+ const char *tryagain_text,
const char *custdesc, const char *custprompt,
int *canceled)
{
@@ -509,11 +509,11 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
if (!canceled)
canceled = &dummy_canceled;
*canceled = 0;
-
+
if ( !s2k )
{
assert (mode != 3 && mode != 4);
- /* This is used for the old rfc1991 mode
+ /* This is used for the old rfc1991 mode
* Note: This must match the code in encode.c with opt.rfc1991 set */
s2k = &help_s2k;
s2k->mode = 0;
@@ -539,16 +539,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
/* If we do not have a passphrase available in NEXT_PW and status
information are request, we print them now. */
- if ( !next_pw && is_status_enabled() )
+ if ( !next_pw && is_status_enabled() )
{
char buf[50];
-
+
if ( keyid )
{
u32 used_kid[2];
char *us;
-
- if ( keyid[2] && keyid[3] )
+
+ if ( keyid[2] && keyid[3] )
{
used_kid[0] = keyid[2];
used_kid[1] = keyid[3];
@@ -558,16 +558,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
used_kid[0] = keyid[0];
used_kid[1] = keyid[1];
}
-
+
us = get_long_user_id_string ( keyid );
write_status_text ( STATUS_USERID_HINT, us );
xfree(us);
-
+
snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
(ulong)keyid[0], (ulong)keyid[1],
(ulong)used_kid[0], (ulong)used_kid[1],
pubkey_algo );
-
+
write_status_text ( STATUS_NEED_PASSPHRASE, buf );
}
else
@@ -586,7 +586,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
{
PKT_public_key *pk = xmalloc_clear( sizeof *pk );
char *p;
-
+
p = get_user_id_native(keyid);
tty_printf ("\n");
tty_printf (_("You need a passphrase to unlock the secret key for\n"
@@ -595,8 +595,8 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
if ( !get_pubkey( pk, keyid ) )
{
- const char *s = gcry_pk_algo_name ( pk->pubkey_algo );
-
+ const char *s = openpgp_pk_algo_name (pk->pubkey_algo);
+
tty_printf (_("%u-bit %s key, ID %s, created %s"),
nbits_from_pk( pk ), s?s:"?", keystr(keyid),
strtimestamp(pk->timestamp) );
@@ -620,19 +620,19 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
free_public_key( pk );
}
- if ( next_pw )
+ if ( next_pw )
{
/* Simply return the passphrase we already have in NEXT_PW. */
pw = next_pw;
next_pw = NULL;
}
- else if ( have_static_passphrase () )
+ else if ( have_static_passphrase () )
{
/* Return the passphrase we have stored in FD_PASSWD. */
pw = xmalloc_secure ( strlen(fd_passwd)+1 );
strcpy ( pw, fd_passwd );
}
- else
+ else
{
if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
{
@@ -653,7 +653,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
return NULL;
}
}
-
+
if ( !pw || !*pw )
write_status( STATUS_MISSING_PASSPHRASE );
diff --git a/g10/sign.c b/g10/sign.c
index 7d5236a..0de3321 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -318,7 +318,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
if( opt.verbose ) {
char *ustr = get_user_id_string_native (sig->keyid);
log_info(_("%s/%s signature from: \"%s\"\n"),
- gcry_pk_algo_name (sk->pubkey_algo),
+ openpgp_pk_algo_name (sk->pubkey_algo),
gcry_md_algo_name (sig->digest_algo),
ustr );
xfree(ustr);
diff --git a/include/cipher.h b/include/cipher.h
index a3774c1..1b7e69b 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -51,14 +51,14 @@
#define CIPHER_ALGO_CAMELLIA256 13
#define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */
-#define PUBKEY_ALGO_RSA /* 1 */ GCRY_PK_RSA
-#define PUBKEY_ALGO_RSA_E /* 2 */ GCRY_PK_RSA_E /* RSA encrypt only. */
-#define PUBKEY_ALGO_RSA_S /* 3 */ GCRY_PK_RSA_S /* RSA sign only. */
-#define PUBKEY_ALGO_ELGAMAL_E /* 16 */ GCRY_PK_ELG_E /* Elgamal encr only */
-#define PUBKEY_ALGO_DSA /* 17 */ GCRY_PK_DSA
+#define PUBKEY_ALGO_RSA 1
+#define PUBKEY_ALGO_RSA_E 2 /* RSA encrypt only. */
+#define PUBKEY_ALGO_RSA_S 3 /* RSA sign only. */
+#define PUBKEY_ALGO_ELGAMAL_E 16 /* Elgamal encr only */
+#define PUBKEY_ALGO_DSA 17
#define PUBKEY_ALGO_ECDH 18
#define PUBKEY_ALGO_ECDSA 19
-#define PUBKEY_ALGO_ELGAMAL /* 20 */ GCRY_PK_ELG /* Elgamal encr+sign */
+#define PUBKEY_ALGO_ELGAMAL 20 /* Elgamal encr+sign */
#define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
#define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 +
g10/encode.c | 20 ++---
g10/gpg.c | 15 ++--
g10/keyedit.c | 4 +-
g10/keygen.c | 6 +-
g10/keyserver.c | 2 +-
g10/main.h | 1 +
g10/mainproc.c | 4 +-
g10/misc.c | 36 +++++++--
g10/passphrase.c | 96 ++++++++++++------------
g10/sign.c | 2 +-
g10/tdbio.c | 8 +-
g10/tdbio.h | 6 +-
g10/trustdb.c | 216 +++++++++++++++++++++++++++++++-----------------------
include/cipher.h | 12 +--
15 files changed, 248 insertions(+), 182 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list