summaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>1999-03-02 10:41:49 +0100
committerWerner Koch <wk@gnupg.org>1999-03-02 10:41:49 +0100
commitc27c7416d5148865a513e007fb6f0a34993a6073 (patch)
tree389583ab57cc825586486eedf989e1925695cc5e /g10
parentSee ChangeLog: Sun Feb 28 19:11:00 CET 1999 Werner Koch (diff)
downloadgnupg2-c27c7416d5148865a513e007fb6f0a34993a6073.tar.xz
gnupg2-c27c7416d5148865a513e007fb6f0a34993a6073.zip
See ChangeLog: Tue Mar 2 10:38:42 CET 1999 Werner Koch
Diffstat (limited to '')
-rw-r--r--g10/ChangeLog6
-rw-r--r--g10/armor.c2
-rw-r--r--g10/sig-check.c21
-rw-r--r--g10/sign.c100
-rw-r--r--g10/trustdb.c18
5 files changed, 37 insertions, 110 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 11636394a..9ccca2318 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+Tue Mar 2 10:38:42 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * sig-check.c (signature_check): sig-id now works for all algos.
+
+ * armor.c (armor_filter): Fixed armor bypassing.
+
Sun Feb 28 19:11:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* keygen.c (ask_user_id): Don't change the case of email addresses.
diff --git a/g10/armor.c b/g10/armor.c
index ce3470398..1a3e6e5ba 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -792,7 +792,7 @@ armor_filter( void *opaque, int control,
else if( !afx->inp_checked ) {
rc = check_input( afx, a );
if( afx->inp_bypass ) {
- for(n=0; n < size && afx->buffer_pos < afx->buffer_len; n++ )
+ for(n=0; n < size && afx->buffer_pos < afx->buffer_len; )
buf[n++] = afx->buffer[afx->buffer_pos++];
if( afx->buffer_pos >= afx->buffer_len )
afx->buffer_len = 0;
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 4cb1ea65e..2de2f7818 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -65,17 +65,26 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
free_public_key( pk );
- if( !rc && is_status_enabled()
- && ( sig->pubkey_algo == PUBKEY_ALGO_DSA
- || sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) ) {
- /* If we are using these public key algorithms we can
- * calculate an unique signature id, which may be useful
- * in an application to prevent replac attacks */
+ if( !rc && is_status_enabled() ) {
+ /* This signature id works best with DLP algorithms because
+ * they use a random parameter for every signature. Instead of
+ * this sig-id we could have also used the hash of the document
+ * and the timestamp, but the drawback of this is, that it is
+ * not possible to sign more than one identical document within
+ * one second. Some remote bacth processing applications might
+ * like this feature here */
MD_HANDLE md;
+ u32 a = sig->timestamp;
int i, nsig = pubkey_get_nsig( sig->pubkey_algo );
byte *p;
md = md_open( DIGEST_ALGO_RMD160, 0);
+ md_putc( digest, sig->pubkey_algo );
+ md_putc( digest, sig->digest_algo );
+ md_putc( digest, (a >> 24) & 0xff );
+ md_putc( digest, (a >> 16) & 0xff );
+ md_putc( digest, (a >> 8) & 0xff );
+ md_putc( digest, a & 0xff );
for(i=0; i < nsig; i++ ) {
unsigned n = mpi_get_nbits( sig->data[i]);
diff --git a/g10/sign.c b/g10/sign.c
index dd7f50c35..4d4288449 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -455,106 +455,6 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
}
-#if 0
-/****************
- * Note: We do not calculate the hash over the last CR,LF
- */
-static int
-write_dash_escaped( IOBUF inp, IOBUF out, MD_HANDLE md )
-{
- int c;
- int lastlf = 1;
- int state = 0;
-
- if( opt.not_dash_escaped ) {
- lastlf = 0;
- while( (c = iobuf_get(inp)) != -1 ) {
- md_putc(md, c );
- iobuf_put( out, c );
- lastlf = c;
- }
- if( lastlf != '\n' ) {
- /* add a missing trailing LF */
- md_putc(md, '\n' );
- iobuf_put( out, '\n' );
- }
-
- return 0;
- }
-
- while( (c = iobuf_get(inp)) != -1 ) {
- if( lastlf ) {
- if( c == '-' ) {
- iobuf_put( out, c );
- iobuf_put( out, ' ' );
- }
- else if( c == 'F' && opt.escape_from ) {
- int i;
-
- if( state >= 1 )
- md_putc(md, '\r');
- if( state >= 2 )
- md_putc(md, '\n');
- state = 0;
-
- for( i=1; i < 5 && (c = iobuf_get(inp)) != -1; i++ ) {
- if( "From "[i] != c )
- break;
- }
- if( i < 5 ) {
- iobuf_write( out, "From", i );
- md_write( md, "From", i );
- if( c == -1 )
- break;
- }
- else {
- iobuf_writestr( out, "- From" );
- md_write( md, "From", 4 );
- }
- }
- }
-
- again:
- switch( state ) {
- case 0:
- if( c == '\r' )
- state = 1;
- else
- md_putc(md, c );
- break;
- case 1:
- if( c == '\n' )
- state = 2;
- else {
- md_putc(md, '\r');
- state = 0;
- goto again;
- }
- break;
- case 2:
- md_putc(md, '\r');
- md_putc(md, '\n');
- state = 0;
- goto again;
- default: BUG();
- }
- iobuf_put( out, c );
- lastlf = c == '\n';
- }
- if( state == 1 )
- md_putc(md, '\r');
- else if( state == 2 ) { /* file ended with a new line */
- md_putc(md, '\r');
- md_putc(md, '\n');
- iobuf_put( out, '\n');
- }
-
- if( !lastlf )
- iobuf_put( out, '\n' );
-
- return 0; /* fixme: add error handling */
-}
-#endif
/****************
* make a clear signature. note that opt.armor is not needed
diff --git a/g10/trustdb.c b/g10/trustdb.c
index c96de91f4..c40976523 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -996,6 +996,10 @@ collect_paths( int depth, int max_depth, int all, TRUSTREC *drec,
typedef struct {
ulong lid;
ulong uid;
+ byte uid_flags;
+ byte uid_validity;
+ byte dir_flags;
+ byte ownertrust;
} CERT_ITEM;
/* structure to hold certification chains. Item[nitems-1] is the
@@ -1033,7 +1037,7 @@ add_cert_items_to_set( CERT_CHAIN *set_head, CERT_ITEM *items, int nitems )
/****************
* Find all certification paths of a given LID.
- * Limit the search to MAX_DEPTH. stack is a helper variable which
+ * Limit the search to MAX_DEPTH. stack is a helper variable which
* should have been allocated with size max_depth, stack[0] should
* be setup to the key we are investigating, so the minimal depth
* we should ever see in this function is 1.
@@ -1076,6 +1080,9 @@ find_cert_chain( ulong lid, int depth, int max_depth,
/* Performance hint: add stuff to ignore this one when the
* assigned validity of the key is bad */
+ stack[depth].dir_flags = dirrec.r.dir.dirflags;
+ stack[depth].ownertrust = dirrec.r.dir.ownertrust;
+
/* loop over all user ids */
for( uidrno = dirrec.r.dir.uidlist; uidrno; uidrno = uidrec.r.uid.next ) {
TRUSTREC sigrec;
@@ -1083,6 +1090,8 @@ find_cert_chain( ulong lid, int depth, int max_depth,
stack[depth].uid = uidrno;
read_record( uidrno, &uidrec, RECTYPE_UID );
+ stack[depth].uid_flags = uidrec.r.uid.uidflags;
+ stack[depth].uid_validity = uidrec.r.uid.validity;
if( !(uidrec.r.uid.uidflags & UIDF_CHECKED) )
continue; /* user id has not been checked */
@@ -1562,13 +1571,16 @@ list_trust_path( const char *username )
find_cert_chain( lid, 0, opt.max_cert_depth, stack, &chains);
m_free( stack );
/* dump chains */
+ printf("lid/uid(ownertrust,validity):\n");
for(r=chains; r ; r = r->next ) {
printf("chain:" );
for(i=0; i < r->nitems; i++ )
- printf(" %4lu/%-4lu", r->items[i].lid, r->items[i].uid );
+ printf(" %lu/%lu(%d,%d)", r->items[i].lid, r->items[i].uid,
+ r->items[i].ownertrust,
+ (r->items[i].uid_flags & UIDF_VALVALID )?
+ r->items[i].uid_validity : 0 );
putchar('\n');
}
-
}
#endif
}