chnages done at the train

6 files changed, 105 insertions, 19 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index a907239b2..2e9a3587d 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,13 @@
+Thu Aug  6 16:30:41 1998  Werner Koch,mobil,,,	(wk@tobold)
+
+	* seskey.c (encode_session_key): Now uses get_random_bits().
+
+Thu Aug  6 07:34:56 1998  Werner Koch,mobil,,,	(wk@tobold)
+
+	* ringedit.c (keyring_copy): No more backupfiles for
+	secret keyrings and add additional warning in case of
+	a failed secret keyring operation.
+
 Wed Aug  5 11:54:37 1998  Werner Koch  (wk@(none))
 
 	* g10.c (check_opts): Moved to main.  Changed def_cipher_algo
diff --git a/g10/g10.c b/g10/g10.c
index acc5bf691..8a04db161 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -969,13 +969,14 @@ main( int argc, char **argv )
 	{
 	    int level = atoi(*argv);
 	    for(;;) {
-		int c = get_random_byte(level);
+		byte *p = get_random_bits( 8, level, 0);
 		if( argc == 1 ) {
-		    printf("%02x", c );
+		    printf("%02x", *p );
 		    fflush(stdout);
 		}
 		else
 		    putchar(c&0xff);
+		m_free(p);
 	    }
 	}
 	break;
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 46d7f8435..920d508cd 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -210,7 +210,7 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
 	for(;;) {
 	    md_write( md, s2k->salt, 8 );
 	    md_write( md, pw, len );
-	    if( count < len2 )
+	    if( count <= len2 )
 		break;
 	    count -= len2;
 	}
diff --git a/g10/ringedit.c b/g10/ringedit.c
index 58eb6d6d9..6f505ef2a 100644
--- a/g10/ringedit.c
+++ b/g10/ringedit.c
@@ -55,6 +55,7 @@
 #include "mpi.h"
 #include "iobuf.h"
 #include "keydb.h"
+#include "i18n.h"
 #include <unistd.h> /* for truncate */
 
 
@@ -865,14 +866,16 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root )
 	}
     }
     /* rename and make backup file */
-  #if __MINGW32__
-    remove( bakfname );
-  #endif
-    if( rename( rentry->fname, bakfname ) ) {
-	log_error("%s: rename to %s failed: %s\n",
-				rentry->fname, bakfname, strerror(errno) );
-	rc = G10ERR_RENAME_FILE;
-	goto leave;
+    if( !rentry->secret ) {  /* but not for secret keyrings */
+      #if __MINGW32__
+	remove( bakfname );
+      #endif
+	if( rename( rentry->fname, bakfname ) ) {
+	    log_error("%s: rename to %s failed: %s\n",
+				    rentry->fname, bakfname, strerror(errno) );
+	    rc = G10ERR_RENAME_FILE;
+	    goto leave;
+	}
     }
   #if __MINGW32__
     remove( rentry->fname );
@@ -881,6 +884,13 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root )
 	log_error("%s: rename to %s failed: %s\n",
 			    tmpfname, rentry->fname,strerror(errno) );
 	rc = G10ERR_RENAME_FILE;
+	if( rentry->secret ) {
+	    log_info(_(
+		"Warning: 2 files with confidential information exists.\n"));
+	    log_info(_("%s is the unchanged one\n"), rentry->fname );
+	    log_info(_("%s is the new one\n"), tmpfname );
+	    log_info(_("Please fix this possible security flaw\n"));
+	}
 	goto leave;
     }
 
diff --git a/g10/seskey.c b/g10/seskey.c
index 6e76d12db..29881d2e9 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -51,7 +51,7 @@ encode_session_key( DEK *dek, unsigned nbits )
     int nframe = (nbits+7) / 8;
     byte *p;
     byte *frame;
-    int i,n,c;
+    int i,n;
     u16 csum;
     MPI a;
 
@@ -86,12 +86,10 @@ encode_session_key( DEK *dek, unsigned nbits )
     frame[n++] = 2;
     i = nframe - 6 - dek->keylen;
     assert( i > 0 );
-    /* FIXME: replace the loop by a call to get_random_bits() */
-    for( ; i ; i-- ) {
-	while( !(c = get_random_byte(1)) )
-	    ;
-	frame[n++] = c;
-    }
+    p = get_random_bits( i*8, 1, 1 );
+    memcpy( frame+n, p, i );
+    m_free(p);
+    n += i;
     frame[n++] = 0;
     frame[n++] = dek->algo;
     memcpy( frame+n, dek->key, dek->keylen ); n += dek->keylen;
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 034e092e3..02950b502 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -871,6 +871,33 @@ tdbio_search_dir_byfpr( const byte *fingerprint, size_t fingerlen,
     return rc;
 }
 
+static int
+del_reclist( ulong recno, int type )
+{
+    TRUSTREC rec;
+    int rc;
+
+    while( recno ) {
+	rc = tdbio_read_record( recno, &rec, type);
+	if( rc ) {
+	    log_error_f(db_name, "can't read record %lu: %s\n",
+						recno, g10_errstr(rc));
+	    return rc;
+	}
+	switch( type ) {
+	    case RECTYPE_PREF: recno = rec.r.pref.next; break;
+	    case RECTYPE_UID:  recno = rec.r.uid.next;	break;
+	    default: BUG();
+	}
+	rc = tdbio_delete_record( rec.recnum );
+	if( rc ) {
+	    log_error_f(db_name, "can't delete record %lu: %s\n",
+						rec.recnum, g10_errstr(rc));
+	    return rc;
+	}
+    }
+    return 0;
+}
 
 /****************
  * Delete the Userid UIDLID from DIRLID
@@ -878,7 +905,47 @@ tdbio_search_dir_byfpr( const byte *fingerprint, size_t fingerlen,
 int
 tdbio_delete_uidrec( ulong dirlid, ulong uidlid )
 {
-    return G10ERR_GENERAL; /* not implemented */
+    TRUSTREC dirrec, rec;
+    ulong recno;
+    int rc;
+
+    rc = tdbio_read_record( dirlid, &dirrec, RECTYPE_DIR);
+    if( rc ) {
+	log_error_f(db_name, "can't read dirrec %lu: %s\n", dirlid, g10_errstr(rc));
+	return rc;
+    }
+    recno = dirrec.r.dir.uidlist;
+    for( ; recno; recno = rec.r.uid.next ) {
+	rc = tdbio_read_record( recno, &rec, RECTYPE_UID);
+	if( rc ) {
+	    log_error_f(db_name, "can't read uidrec %lu: %s\n",
+						    recno, g10_errstr(rc));
+	    return rc;
+	}
+	if( recno == uidlid ) {
+	    rc = del_reclist( rec.r.uid.prefrec, RECTYPE_PREF );
+	    if( rc )
+		return rc;
+	    rc = del_reclist( rec.r.uid.siglist, RECTYPE_SIG );
+	    if( rc )
+		return rc;
+	    rc = tdbio_delete_record( recno );
+	    if( rc ) {
+		log_error_f(db_name, "can't delete uidrec %lu: %s\n",
+						    recno, g10_errstr(rc));
+		return rc;
+	    }
+	    dirrec.r.dir.uidlist = 0;
+	    rc = tdbio_write_record( &dirrec );
+	    if( rc ) {
+		log_error_f(db_name, "can't update dirrec %lu: %s\n",
+						  dirrec.recnum, g10_errstr(rc));
+		return rc;
+	    }
+	    return 0;
+	}
+    }
+    return -1; /* not found */
 }