diff options
author | Werner Koch <wk@gnupg.org> | 1999-03-02 10:41:49 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 1999-03-02 10:41:49 +0100 |
commit | c27c7416d5148865a513e007fb6f0a34993a6073 (patch) | |
tree | 389583ab57cc825586486eedf989e1925695cc5e /g10 | |
parent | See ChangeLog: Sun Feb 28 19:11:00 CET 1999 Werner Koch (diff) | |
download | gnupg2-c27c7416d5148865a513e007fb6f0a34993a6073.tar.xz gnupg2-c27c7416d5148865a513e007fb6f0a34993a6073.zip |
See ChangeLog: Tue Mar 2 10:38:42 CET 1999 Werner Koch
Diffstat (limited to '')
-rw-r--r-- | g10/ChangeLog | 6 | ||||
-rw-r--r-- | g10/armor.c | 2 | ||||
-rw-r--r-- | g10/sig-check.c | 21 | ||||
-rw-r--r-- | g10/sign.c | 100 | ||||
-rw-r--r-- | g10/trustdb.c | 18 |
5 files changed, 37 insertions, 110 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 11636394a..9ccca2318 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +Tue Mar 2 10:38:42 CET 1999 Werner Koch <wk@isil.d.shuttle.de> + + * sig-check.c (signature_check): sig-id now works for all algos. + + * armor.c (armor_filter): Fixed armor bypassing. + Sun Feb 28 19:11:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de> * keygen.c (ask_user_id): Don't change the case of email addresses. diff --git a/g10/armor.c b/g10/armor.c index ce3470398..1a3e6e5ba 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -792,7 +792,7 @@ armor_filter( void *opaque, int control, else if( !afx->inp_checked ) { rc = check_input( afx, a ); if( afx->inp_bypass ) { - for(n=0; n < size && afx->buffer_pos < afx->buffer_len; n++ ) + for(n=0; n < size && afx->buffer_pos < afx->buffer_len; ) buf[n++] = afx->buffer[afx->buffer_pos++]; if( afx->buffer_pos >= afx->buffer_len ) afx->buffer_len = 0; diff --git a/g10/sig-check.c b/g10/sig-check.c index 4cb1ea65e..2de2f7818 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -65,17 +65,26 @@ signature_check( PKT_signature *sig, MD_HANDLE digest ) free_public_key( pk ); - if( !rc && is_status_enabled() - && ( sig->pubkey_algo == PUBKEY_ALGO_DSA - || sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) ) { - /* If we are using these public key algorithms we can - * calculate an unique signature id, which may be useful - * in an application to prevent replac attacks */ + if( !rc && is_status_enabled() ) { + /* This signature id works best with DLP algorithms because + * they use a random parameter for every signature. Instead of + * this sig-id we could have also used the hash of the document + * and the timestamp, but the drawback of this is, that it is + * not possible to sign more than one identical document within + * one second. Some remote bacth processing applications might + * like this feature here */ MD_HANDLE md; + u32 a = sig->timestamp; int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); byte *p; md = md_open( DIGEST_ALGO_RMD160, 0); + md_putc( digest, sig->pubkey_algo ); + md_putc( digest, sig->digest_algo ); + md_putc( digest, (a >> 24) & 0xff ); + md_putc( digest, (a >> 16) & 0xff ); + md_putc( digest, (a >> 8) & 0xff ); + md_putc( digest, a & 0xff ); for(i=0; i < nsig; i++ ) { unsigned n = mpi_get_nbits( sig->data[i]); diff --git a/g10/sign.c b/g10/sign.c index dd7f50c35..4d4288449 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -455,106 +455,6 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, } -#if 0 -/**************** - * Note: We do not calculate the hash over the last CR,LF - */ -static int -write_dash_escaped( IOBUF inp, IOBUF out, MD_HANDLE md ) -{ - int c; - int lastlf = 1; - int state = 0; - - if( opt.not_dash_escaped ) { - lastlf = 0; - while( (c = iobuf_get(inp)) != -1 ) { - md_putc(md, c ); - iobuf_put( out, c ); - lastlf = c; - } - if( lastlf != '\n' ) { - /* add a missing trailing LF */ - md_putc(md, '\n' ); - iobuf_put( out, '\n' ); - } - - return 0; - } - - while( (c = iobuf_get(inp)) != -1 ) { - if( lastlf ) { - if( c == '-' ) { - iobuf_put( out, c ); - iobuf_put( out, ' ' ); - } - else if( c == 'F' && opt.escape_from ) { - int i; - - if( state >= 1 ) - md_putc(md, '\r'); - if( state >= 2 ) - md_putc(md, '\n'); - state = 0; - - for( i=1; i < 5 && (c = iobuf_get(inp)) != -1; i++ ) { - if( "From "[i] != c ) - break; - } - if( i < 5 ) { - iobuf_write( out, "From", i ); - md_write( md, "From", i ); - if( c == -1 ) - break; - } - else { - iobuf_writestr( out, "- From" ); - md_write( md, "From", 4 ); - } - } - } - - again: - switch( state ) { - case 0: - if( c == '\r' ) - state = 1; - else - md_putc(md, c ); - break; - case 1: - if( c == '\n' ) - state = 2; - else { - md_putc(md, '\r'); - state = 0; - goto again; - } - break; - case 2: - md_putc(md, '\r'); - md_putc(md, '\n'); - state = 0; - goto again; - default: BUG(); - } - iobuf_put( out, c ); - lastlf = c == '\n'; - } - if( state == 1 ) - md_putc(md, '\r'); - else if( state == 2 ) { /* file ended with a new line */ - md_putc(md, '\r'); - md_putc(md, '\n'); - iobuf_put( out, '\n'); - } - - if( !lastlf ) - iobuf_put( out, '\n' ); - - return 0; /* fixme: add error handling */ -} -#endif /**************** * make a clear signature. note that opt.armor is not needed diff --git a/g10/trustdb.c b/g10/trustdb.c index c96de91f4..c40976523 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -996,6 +996,10 @@ collect_paths( int depth, int max_depth, int all, TRUSTREC *drec, typedef struct { ulong lid; ulong uid; + byte uid_flags; + byte uid_validity; + byte dir_flags; + byte ownertrust; } CERT_ITEM; /* structure to hold certification chains. Item[nitems-1] is the @@ -1033,7 +1037,7 @@ add_cert_items_to_set( CERT_CHAIN *set_head, CERT_ITEM *items, int nitems ) /**************** * Find all certification paths of a given LID. - * Limit the search to MAX_DEPTH. stack is a helper variable which + * Limit the search to MAX_DEPTH. stack is a helper variable which * should have been allocated with size max_depth, stack[0] should * be setup to the key we are investigating, so the minimal depth * we should ever see in this function is 1. @@ -1076,6 +1080,9 @@ find_cert_chain( ulong lid, int depth, int max_depth, /* Performance hint: add stuff to ignore this one when the * assigned validity of the key is bad */ + stack[depth].dir_flags = dirrec.r.dir.dirflags; + stack[depth].ownertrust = dirrec.r.dir.ownertrust; + /* loop over all user ids */ for( uidrno = dirrec.r.dir.uidlist; uidrno; uidrno = uidrec.r.uid.next ) { TRUSTREC sigrec; @@ -1083,6 +1090,8 @@ find_cert_chain( ulong lid, int depth, int max_depth, stack[depth].uid = uidrno; read_record( uidrno, &uidrec, RECTYPE_UID ); + stack[depth].uid_flags = uidrec.r.uid.uidflags; + stack[depth].uid_validity = uidrec.r.uid.validity; if( !(uidrec.r.uid.uidflags & UIDF_CHECKED) ) continue; /* user id has not been checked */ @@ -1562,13 +1571,16 @@ list_trust_path( const char *username ) find_cert_chain( lid, 0, opt.max_cert_depth, stack, &chains); m_free( stack ); /* dump chains */ + printf("lid/uid(ownertrust,validity):\n"); for(r=chains; r ; r = r->next ) { printf("chain:" ); for(i=0; i < r->nitems; i++ ) - printf(" %4lu/%-4lu", r->items[i].lid, r->items[i].uid ); + printf(" %lu/%lu(%d,%d)", r->items[i].lid, r->items[i].uid, + r->items[i].ownertrust, + (r->items[i].uid_flags & UIDF_VALVALID )? + r->items[i].uid_validity : 0 ); putchar('\n'); } - } #endif } |