Merged with gpg 1.4.3 code.

The gpg part does not yet build.
author: Werner Koch <wk@gnupg.org> 2006-04-19 13:26:11 +0200
committer: Werner Koch <wk@gnupg.org> 2006-04-19 13:26:11 +0200
commit: 29b23dea9731e8f258211bc6fd733d205c18e2a8 (patch)
tree: ff2a0f66bda0c1f050e8fa00cbf610e18b91c9f7 /g10/skclist.c
parent: 2006-04-14 Marcus Brinkmann <marcus@g10code.de> (diff)
download: gnupg2-29b23dea9731e8f258211bc6fd733d205c18e2a8.tar.xz
gnupg2-29b23dea9731e8f258211bc6fd733d205c18e2a8.zip
1 files changed, 86 insertions, 40 deletions
diff --git a/g10/skclist.c b/g10/skclist.c
index 67d9eb2f9..1cb69074a 100644
--- a/g10/skclist.c
+++ b/g10/skclist.c
@@ -1,5 +1,5 @@
-/* skclist.c
- * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+/* skclist.c - Build a list of secret keys
+ * Copyright (C) 1998, 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -15,7 +15,8 @@
  *
  * You should have received a copy of the GNU General Public License
  * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
  */
 
 #include <config.h>
@@ -25,11 +26,11 @@
 #include <errno.h>
 #include <assert.h>
 
+#include "gpg.h"
 #include "options.h"
 #include "packet.h"
 #include "errors.h"
 #include "keydb.h"
-#include "memory.h"
 #include "util.h"
 #include "i18n.h"
 #include "cipher.h"
@@ -43,11 +44,41 @@ release_sk_list( SK_LIST sk_list )
     for( ; sk_list; sk_list = sk_rover ) {
 	sk_rover = sk_list->next;
 	free_secret_key( sk_list->sk );
-	xfree ( sk_list );
+	xfree( sk_list );
     }
 }
 
 
+/* Check that we are only using keys which don't have
+ * the string "(insecure!)" or "not secure" or "do not use"
+ * in one of the user ids
+ */
+static int
+is_insecure( PKT_secret_key *sk )
+{
+    u32 keyid[2];
+    KBNODE node = NULL, u;
+    int insecure = 0;
+
+    keyid_from_sk( sk, keyid );
+    node = get_pubkeyblock( keyid );
+    for ( u = node; u; u = u->next ) {
+        if ( u->pkt->pkttype == PKT_USER_ID ) {
+            PKT_user_id *id = u->pkt->pkt.user_id;
+            if ( id->attrib_data )
+                continue; /* skip attribute packets */
+            if ( strstr( id->name, "(insecure!)" )
+                 || strstr( id->name, "not secure" )
+                 || strstr( id->name, "do not use" ) ) {
+                insecure = 1;
+                break;
+            }
+        }
+    }
+    release_kbnode( node );
+    
+    return insecure;
+}
 
 static int
 key_present_in_sk_list(SK_LIST sk_list, PKT_secret_key *sk)
@@ -77,37 +108,41 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
     SK_LIST sk_list = NULL;
     int rc;
 
-    if( !locusr ) { /* use the default one */
+    if( !locusr )
+      { /* use the default one */
 	PKT_secret_key *sk;
 
-	sk = xcalloc (1, sizeof *sk );
+	sk = xmalloc_clear( sizeof *sk );
 	sk->req_usage = use;
 	if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
-	    free_secret_key( sk ); sk = NULL;
-	    log_error("no default secret key: %s\n", gpg_strerror (rc) );
+	  free_secret_key( sk ); sk = NULL;
+	  log_error("no default secret key: %s\n", g10_errstr(rc) );
 	}
-	else if( !(rc=openpgp_pk_test_algo (sk->pubkey_algo, use)) ) {
+	else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) )
+	  {
 	    SK_LIST r;
 
-	    if( sk->version == 4 && (use & PUBKEY_USAGE_SIG)
-		&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
-		log_info("this is a PGP generated "
-		    "ElGamal key which is NOT secure for signatures!\n");
+	    if( random_is_faked() && !is_insecure( sk ) )
+	      {
+		log_info(_("key is not flagged as insecure - "
+			   "can't use it with the faked RNG!\n"));
 		free_secret_key( sk ); sk = NULL;
-	    }
-	    else {
-		r = xmalloc ( sizeof *r );
+	      }
+	    else
+	      {
+		r = xmalloc( sizeof *r );
 		r->sk = sk; sk = NULL;
 		r->next = sk_list;
 		r->mark = 0;
 		sk_list = r;
-	    }
-	}
-	else {
+	      }
+	  }
+	else
+	  {
 	    free_secret_key( sk ); sk = NULL;
-	    log_error("invalid default secret key: %s\n", gpg_strerror (rc) );
-	}
-    }
+	    log_error("invalid default secret key: %s\n", g10_errstr(rc) );
+	  }
+      }
     else {
         STRLIST locusr_orig = locusr;
 	for(; locusr; locusr = locusr->next ) {
@@ -118,36 +153,47 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
              * won't catch all duplicates because the user IDs may be
              * specified in different ways.
              */
-            if ( is_duplicated_entry ( locusr_orig, locusr ) ) {
-		log_error(_("skipped `%s': duplicated\n"), locusr->d );
+            if ( is_duplicated_entry ( locusr_orig, locusr ) )
+	      {
+		log_error(_("skipped \"%s\": duplicated\n"), locusr->d );
                 continue;
-            }
-	    sk = xcalloc (1, sizeof *sk );
+	      }
+	    sk = xmalloc_clear( sizeof *sk );
 	    sk->req_usage = use;
-	    if( (rc = get_seckey_byname( sk, locusr->d, 0 )) ) {
+	    if( (rc = get_seckey_byname( sk, locusr->d, 0 )) )
+	      {
 		free_secret_key( sk ); sk = NULL;
-		log_error(_("skipped `%s': %s\n"), locusr->d, gpg_strerror (rc) );
-	    }
+		log_error(_("skipped \"%s\": %s\n"),
+			  locusr->d, g10_errstr(rc) );
+	      }
             else if ( key_present_in_sk_list(sk_list, sk) == 0) {
                 free_secret_key(sk); sk = NULL;
                 log_info(_("skipped: secret key already present\n"));
             }
-            else if ( unlock && (rc = check_secret_key( sk, 0 )) ) {
+            else if ( unlock && (rc = check_secret_key( sk, 0 )) )
+	      {
 		free_secret_key( sk ); sk = NULL;
-		log_error(_("skipped `%s': %s\n"), locusr->d, gpg_strerror (rc) );
-            }
+		log_error(_("skipped \"%s\": %s\n"),
+			  locusr->d, g10_errstr(rc) );
+	      }
 	    else if( !(rc=openpgp_pk_test_algo (sk->pubkey_algo, use)) ) {
 		SK_LIST r;
 
 		if( sk->version == 4 && (use & PUBKEY_USAGE_SIG)
-		    && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
-		    log_info(_("skipped `%s': this is a PGP generated "
-			"ElGamal key which is not secure for signatures!\n"),
-			locusr->d );
+		    && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E )
+		  {
+		    log_info(_("skipped \"%s\": %s\n"),locusr->d,
+			     _("this is a PGP generated Elgamal key which"
+			       " is not secure for signatures!"));
+		    free_secret_key( sk ); sk = NULL;
+		  }
+		else if( random_is_faked() && !is_insecure( sk ) ) {
+		    log_info(_("key is not flagged as insecure - "
+			       "can't use it with the faked RNG!\n"));
 		    free_secret_key( sk ); sk = NULL;
 		}
 		else {
-		    r = xmalloc ( sizeof *r );
+		    r = xmalloc( sizeof *r );
 		    r->sk = sk; sk = NULL;
 		    r->next = sk_list;
 		    r->mark = 0;
@@ -156,7 +202,7 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
 	    }
 	    else {
 		free_secret_key( sk ); sk = NULL;
-		log_error("skipped `%s': %s\n", locusr->d, gpg_strerror (rc) );
+		log_error("skipped \"%s\": %s\n", locusr->d, g10_errstr(rc) );
 	    }
 	}
     }
@@ -164,7 +210,7 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
 
     if( !rc && !sk_list ) {
 	log_error("no valid signators\n");
-	rc = GPG_ERR_NO_USER_ID;
+	rc = G10ERR_NO_USER_ID;
     }
 
     if( rc )
author	Werner Koch <wk@gnupg.org>	2006-04-19 13:26:11 +0200
committer	Werner Koch <wk@gnupg.org>	2006-04-19 13:26:11 +0200
commit	29b23dea9731e8f258211bc6fd733d205c18e2a8 (patch)
tree	ff2a0f66bda0c1f050e8fa00cbf610e18b91c9f7 /g10/skclist.c
parent	2006-04-14 Marcus Brinkmann <marcus@g10code.de> (diff)
download	gnupg2-29b23dea9731e8f258211bc6fd733d205c18e2a8.tar.xz gnupg2-29b23dea9731e8f258211bc6fd733d205c18e2a8.zip