diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 8 | ||||
| -rw-r--r-- | g10/build-packet.c | 8 | ||||
| -rw-r--r-- | g10/g10.c | 3 | ||||
| -rw-r--r-- | g10/keyedit.c | 29 | ||||
| -rw-r--r-- | g10/keygen.c | 39 | ||||
| -rw-r--r-- | g10/openfile.c | 55 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/parse-packet.c | 4 | ||||
| -rw-r--r-- | g10/passphrase.c | 16 | ||||
| -rw-r--r-- | g10/pkclist.c | 33 | ||||
| -rw-r--r-- | g10/plaintext.c | 11 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 3 | ||||
| -rw-r--r-- | g10/revoke.c | 11 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 65 | ||||
| -rw-r--r-- | g10/seskey.c | 18 | ||||
| -rw-r--r-- | g10/status.c | 52 | ||||
| -rw-r--r-- | g10/status.h | 1 |
17 files changed, 231 insertions, 126 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 2e9a3587d..6aef10371 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +Sat Aug 8 17:26:12 1998 Werner Koch (wk@(none)) + + * openfile (overwrite_filep): Changed semantics and all callers. + +Sat Aug 8 12:17:07 1998 Werner Koch (wk@(none)) + + * status.c (display_help): New. + Thu Aug 6 16:30:41 1998 Werner Koch,mobil,,, (wk@tobold) * seskey.c (encode_session_key): Now uses get_random_bits(). diff --git a/g10/build-packet.c b/g10/build-packet.c index 1ddb420ae..6373e0cbd 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -310,9 +310,11 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) } else iobuf_put(a, 0 ); - if( sk->is_protected && sk->version >= 4 - && !(opt.emulate_bugs & EMUBUG_ENCR_MPI) ) { - BUG(); + if( sk->is_protected && sk->version >= 4 ) { + byte *p; + assert( mpi_is_opaque( sk->skey[npkey] ) ); + p = mpi_get_opaque( sk->skey[npkey], &i ); + iobuf_write(a, p, i ); } else { for( ; i < nskey; i++ ) @@ -173,7 +173,7 @@ static ARGPARSE_OPTS opts[] = { { 559, "always-trust", 0, "@"}, { 562, "emulate-checksum-bug", 0, "@"}, { 554, "run-as-shm-coprocess", 4, "@" }, - { 568, "emulate-encr-mpi-bug", 0, "@"}, + /* 568 unused */ {0} }; @@ -598,7 +598,6 @@ main( int argc, char **argv ) log_error("shared memory coprocessing is not available\n"); #endif break; - case 568: opt.emulate_bugs |= EMUBUG_ENCR_MPI; break; default : errors++; pargs.err = configfp? 1:2; break; } } diff --git a/g10/keyedit.c b/g10/keyedit.c index 69685bfff..c991be101 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -266,7 +266,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified ) tty_print_string( p, n ); tty_printf("\"\n\n"); m_free(p); - p = cpr_get("sign_uid.really", _("Really sign? ")); + p = cpr_get(N_("sign_uid.okay"), _("Really sign? ")); cpr_kill_prompt(); if( !answer_is_yes(p) ) { m_free(p); @@ -400,8 +400,9 @@ delete_key( const char *username, int secret ) m_free(p); tty_printf("\n\n"); - p = cpr_get( secret? "delete_key.secret.really":"delete_key.really", - _("Delete this key from the keyring? ")); + p = cpr_get( secret? N_("delete_key.secret.okay") + : N_("delete_key.okay"), + _("Delete this key from the keyring? ")); cpr_kill_prompt(); if( !cpr_enabled() && secret && answer_is_yes(p)) { /* I think it is not required to check a passphrase; if @@ -410,7 +411,8 @@ delete_key( const char *username, int secret ) * basic texts about security. */ m_free(p); - p = tty_get(_("This is a secret key! - really delete? ")); + p = cpr_get(N_("delete_key.secret.okay"), + _("This is a secret key! - really delete? ")); } if( answer_is_yes(p) ) okay++; @@ -496,7 +498,7 @@ change_passphrase( KBNODE keyblock ) rc = 0; tty_printf(_( "You don't want a passphrase -" " this is probably a *bad* idea!\n\n")); - if( cpr_get_answer_is_yes("change_passwd.empty", + if( cpr_get_answer_is_yes(N_("change_passwd.empty.okay"), _("Do you really want to do this? "))) changed++; break; @@ -632,7 +634,7 @@ keyedit_menu( const char *username, STRLIST locusr ) redisplay = 0; } m_free(answer); - answer = cpr_get("keyedit.cmd", _("Command> ")); + answer = cpr_get(N_("keyedit.cmd"), _("Command> ")); cpr_kill_prompt(); trim_spaces(answer); @@ -674,9 +676,11 @@ keyedit_menu( const char *username, STRLIST locusr ) case cmdQUIT: if( !modified && !sec_modified ) goto leave; - if( !cpr_get_answer_is_yes("keyedit.save",_("Save changes? ")) ) { + if( !cpr_get_answer_is_yes(N_("keyedit.save.okay"), + _("Save changes? ")) ) { if( cpr_enabled() - || tty_get_answer_is_yes(_("Quit without saving? ")) ) + || cpr_get_answer_is_yes(N_("keyedit.cancel.okay"), + _("Quit without saving? ")) ) goto leave; break; } @@ -731,7 +735,8 @@ keyedit_menu( const char *username, STRLIST locusr ) case cmdSIGN: /* sign (only the public key) */ if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) { - if( !tty_get_answer_is_yes(_("Really sign all user ids? ")) ) { + if( !cpr_get_answer_is_yes(N_("keyedit.signall.okay"), + _("Really sign all user ids? ")) ) { tty_printf(_("Hint: Select the user ids to sign\n")); break; } @@ -763,7 +768,8 @@ keyedit_menu( const char *username, STRLIST locusr ) tty_printf(_("You must select at least one user id.\n")); else if( count_uids(keyblock) - n1 < 1 ) tty_printf(_("You can't delete the last user id!\n")); - else if( tty_get_answer_is_yes( + else if( cpr_get_answer_is_yes( + N_("keyedit.remove.uid.okay"), n1 > 1? _("Really remove all selected user ids? ") : _("Really remove this user id? ") ) ) { @@ -789,7 +795,8 @@ keyedit_menu( const char *username, STRLIST locusr ) if( !(n1=count_selected_keys( keyblock )) ) tty_printf(_("You must select at least one key.\n")); - else if( sec_keyblock && !tty_get_answer_is_yes( + else if( sec_keyblock && !cpr_get_answer_is_yes( + N_("keyedit.remove.subkey.okay"), n1 > 1? _("Do you really want to delete the selected keys? "): _("Do you really want to delete this key? ") diff --git a/g10/keygen.c b/g10/keygen.c index 7780abfb1..90a6c712d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -390,8 +390,8 @@ ask_algo( int *ret_v4, int addmode ) *ret_v4 = 1; for(;;) { - answer = cpr_get("keygen.algo",_("Your selection? ")); - tty_kill_prompt(); + answer = cpr_get(N_("keygen.algo"),_("Your selection? ")); + cpr_kill_prompt(); algo = *answer? atoi(answer): 1; m_free(answer); if( algo == 1 && !addmode ) { @@ -434,8 +434,9 @@ ask_keysize( int algo ) " highest suggested keysize is 2048 bits\n"), pubkey_algo_to_string(algo) ); for(;;) { - answer = cpr_get("keygen.size",_("What keysize do you want? (1024) ")); - tty_kill_prompt(); + answer = cpr_get(N_("keygen.size"), + _("What keysize do you want? (1024) ")); + cpr_kill_prompt(); nbits = *answer? atoi(answer): 1024; m_free(answer); if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) ) @@ -445,7 +446,7 @@ ask_keysize( int algo ) else if( nbits > 2048 && !cpr_enabled() ) { tty_printf(_("Keysizes larger than 2048 are not suggested because " "computations take REALLY long!\n")); - if( tty_get_answer_is_yes(_( + if( cpr_get_answer_is_yes(N_("keygen.size.huge.okay"),_( "Are you sure that you want this keysize? ")) ) { tty_printf(_("Okay, but keep in mind that your monitor " "and keyboard radiation is also very vulnerable " @@ -454,7 +455,7 @@ ask_keysize( int algo ) } } else if( nbits > 1536 && !cpr_enabled() ) { - if( tty_get_answer_is_yes(_( + if( cpr_get_answer_is_yes(N_("keygen.size.large.okay"),_( "Do you really need such a large keysize? ")) ) break; } @@ -495,8 +496,8 @@ ask_valid_days() int mult; m_free(answer); - answer = cpr_get("keygen.valid",_("Key is valid for? (0) ")); - tty_kill_prompt(); + answer = cpr_get(N_("keygen.valid"),_("Key is valid for? (0) ")); + cpr_kill_prompt(); trim_spaces(answer); if( !*answer ) valid_days = 0; @@ -519,7 +520,8 @@ ask_valid_days() } if( !cpr_enabled() - && tty_get_answer_is_yes(_("Is this correct (y/n)? ")) ) + && cpr_get_answer_is_yes(N_("keygen.valid.okay"), + _("Is this correct (y/n)? ")) ) break; } m_free(answer); @@ -558,9 +560,9 @@ ask_user_id( int mode ) if( !aname ) { for(;;) { m_free(aname); - aname = cpr_get("keygen.name",_("Real name: ")); + aname = cpr_get(N_("keygen.name"),_("Real name: ")); trim_spaces(aname); - tty_kill_prompt(); + cpr_kill_prompt(); if( strpbrk( aname, "<([])>" ) ) tty_printf(_("Invalid character in name\n")); else if( isdigit(*aname) ) @@ -574,10 +576,10 @@ ask_user_id( int mode ) if( !amail ) { for(;;) { m_free(amail); - amail = cpr_get("keygen.email",_("Email address: ")); + amail = cpr_get(N_("keygen.email"),_("Email address: ")); trim_spaces(amail); strlwr(amail); - tty_kill_prompt(); + cpr_kill_prompt(); if( !*amail ) break; /* no email address is okay */ else if( has_invalid_email_chars(amail) @@ -594,9 +596,9 @@ ask_user_id( int mode ) if( !acomment ) { for(;;) { m_free(acomment); - acomment = cpr_get("keygen.comment",_("Comment: ")); + acomment = cpr_get(N_("keygen.comment"),_("Comment: ")); trim_spaces(acomment); - tty_kill_prompt(); + cpr_kill_prompt(); if( !*acomment ) break; /* no comment is okay */ else if( strpbrk( acomment, "()" ) ) @@ -630,9 +632,9 @@ ask_user_id( int mode ) answer[1] = 0; } else { - answer = tty_get(_( + answer = cpr_get(N_("keygen.userid.cmd"),_( "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); - tty_kill_prompt(); + cpr_kill_prompt(); } if( strlen(answer) > 1 ) ; @@ -959,7 +961,8 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) assert(algo); nbits = ask_keysize( algo ); ndays = ask_valid_days(); - if( !cpr_enabled() && !tty_get_answer_is_yes( _("Really create? ") ) ) + if( !cpr_enabled() && !cpr_get_answer_is_yes(N_("keygen.sub.okay"), + _("Really create? ") ) ) goto leave; if( passphrase ) { diff --git a/g10/openfile.c b/g10/openfile.c index afa36b983..b8a6825a3 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -30,51 +30,35 @@ #include "ttyio.h" #include "options.h" #include "main.h" +#include "status.h" +#include "i18n.h" /**************** * Check whether FNAME exists and ask if it's okay to overwrite an * existing one. - * Returns: -1 : Do not overwrite - * 0 : it's okay to overwrite or the file does not exist - * >0 : other error + * Returns: True: it's okay to overwrite or the file does not exist + * False: Do not overwrite */ int overwrite_filep( const char *fname ) { if( !fname || (*fname == '-' && !fname[1]) ) - return 0; /* stdout */ - if( !access( fname, F_OK ) ) { - char *p; - int okay; - int first = 1; + return 1; /* writing to stdout is always okay */ - if( opt.answer_yes ) - okay = 1; - else if( opt.answer_no || opt.batch ) - okay = 2; - else - okay = 0; + if( access( fname, F_OK ) ) + return 1; /* does not exist */ - while( !okay ) { - if( first ) { - tty_printf("File '%s' exists. ", fname); - first = 0; - } - p = tty_get("Overwrite (y/N)? "); - tty_kill_prompt(); - if( (*p == 'y' || *p == 'Y') && !p[1] ) - okay = 1; - else if( !*p || ((*p == 'n' || *p == 'N') && !p[1]) ) - okay = 2; - else - okay = 0; - m_free(p); - } - if( okay == 2 ) - return -1; - /* fixme: add some backup stuff */ - } + /* fixme: add some backup stuff in case of overwrite */ + if( opt.answer_yes ) + return 1; + if( opt.answer_no || opt.batch ) + return 0; /* do not overwrite */ + + tty_printf(_("File '%s' exists. "), fname); + if( cpr_get_answer_is_yes(N_("openfile.overwrite.okay"), + _("Overwrite (y/N)? ")) ) + return 1; return 0; } @@ -90,7 +74,6 @@ IOBUF open_outfile( const char *iname, int mode ) { IOBUF a = NULL; - int rc; if( (!iname || (*iname=='-' && !iname[1])) && !opt.outfile ) { if( !(a = iobuf_create(NULL)) ) @@ -110,14 +93,12 @@ open_outfile( const char *iname, int mode ) mode==2 ? ".sig" : ".gpg"); name = buf; } - if( !(rc=overwrite_filep( name )) ) { + if( overwrite_filep( name ) ) { if( !(a = iobuf_create( name )) ) log_error("can't create %s: %s\n", name, strerror(errno) ); else if( opt.verbose ) log_info("writing to '%s'\n", name ); } - else if( rc != -1 ) - log_error("oops: overwrite_filep(%s): %s\n", name, g10_errstr(rc) ); m_free(buf); } return a; diff --git a/g10/options.h b/g10/options.h index 862ed4146..630e43f44 100644 --- a/g10/options.h +++ b/g10/options.h @@ -56,7 +56,6 @@ struct { #define EMUBUG_GPGCHKSUM 1 -#define EMUBUG_ENCR_MPI 2 #define DBG_PACKET_VALUE 1 /* debug packet reading/writing */ #define DBG_MPI_VALUE 2 /* debug mpi details */ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 396486f23..f534cbbdd 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1102,8 +1102,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, * If the user is so careless, not to protect his secret key, * we can assume, that he operates an open system :=(. * So we put the key into secure memory when we unprotect it. */ - if( is_v4 && sk->is_protected && !(opt.emulate_bugs & EMUBUG_ENCR_MPI)){ - /* ugly; the length is encrypted too, so wee read all + if( is_v4 && sk->is_protected ){ + /* ugly; the length is encrypted too, so we read all * stuff up to the end of the packet into the first * skey element */ sk->skey[npkey] = mpi_set_opaque(NULL, diff --git a/g10/passphrase.c b/g10/passphrase.c index 920d508cd..b9f41510f 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -32,6 +32,7 @@ #include "keydb.h" #include "main.h" #include "i18n.h" +#include "status.h" static int pwfd = -1; static char *next_pw = NULL; @@ -129,6 +130,12 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode ) tty_printf("\n"); free_public_key( pk ); } + else if( keyid && !next_pw ) { + char buf[20]; + sprintf( buf, "%08lX%08lX", (ulong)keyid[0], (ulong)keyid[1] ); + write_status_text( STATUS_NEED_PASSPHRASE, buf ); + } + if( next_pw ) { pw = next_pw; next_pw = NULL; @@ -157,10 +164,11 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode ) else if( opt.batch ) log_fatal("Can't query password in batchmode\n"); else { - pw = tty_get_hidden("Enter pass phrase: " ); + pw = cpr_get_hidden(N_("passphrase.enter"), _("Enter pass phrase: ") ); tty_kill_prompt(); - if( mode == 2 ) { - char *pw2 = tty_get_hidden("Repeat pass phrase: " ); + if( mode == 2 && !cpr_enabled() ) { + char *pw2 = cpr_get_hidden(N_("passphrase.repeat"), + _("Repeat pass phrase: ") ); tty_kill_prompt(); if( strcmp(pw, pw2) ) { m_free(pw2); @@ -205,7 +213,7 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create ) if( s2k->mode == 3 ) { count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6); - log_info("s2k iteration count=%lu\n", count ); + log_debug("s2k iteration count=%lu\n", count ); } for(;;) { md_write( md, s2k->salt, 8 ); diff --git a/g10/pkclist.c b/g10/pkclist.c index 4e58f125c..59cc9b7d3 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -84,17 +84,11 @@ edit_ownertrust( ulong lid, int mode ) " s = please show me more information\n\n") ); for(;;) { - p = tty_get(_("Your decision? ")); + p = cpr_get(N_("edit_ownertrust.value"),_("Your decision? ")); trim_spaces(p); - tty_kill_prompt(); + cpr_kill_prompt(); if( *p && p[1] ) ; - else if( *p == '?' ) { - tty_printf(_( -"It's up to you to assign a value here; this value will never be exported\n" -"to any 3rd party. We need it to implement the web-of-trust; it has nothing\n" -"to do with the (implicitly created) web-of-certificates.\n")); - } else if( !p[1] && (*p >= '1' && *p <= '4') ) { unsigned trust; switch( *p ) { @@ -173,18 +167,12 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) int rc; if( (trustlevel & TRUST_FLAG_REVOKED) ) { - char *answer; - int yes; - log_info("key has been revoked!\n"); if( opt.batch ) return 0; - answer = tty_get("Use this key anyway? "); - tty_kill_prompt(); - yes = answer_is_yes(answer); - m_free(answer); - if( !yes ) + if( !cpr_get_answer_is_yes(N_("revoked_key.override"), + _("Use this key anyway? ")) ) return 0; } @@ -265,18 +253,14 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel ) int rc = do_we_trust( pk, trustlevel ); if( !opt.batch && !rc ) { - char *answer; - tty_printf(_( "It is NOT certain that the key belongs to its owner.\n" "If you *really* know what you are doing, you may answer\n" "the next question with yes\n\n") ); - answer = tty_get("Use this key anyway? "); - tty_kill_prompt(); - if( answer_is_yes(answer) ) + if( cpr_get_answer_is_yes(N_("untrusted_key.override"), + _("Use this key anyway? ")) ) rc = 1; - m_free(answer); } else if( opt.always_trust && !rc ) { log_info(_("WARNING: Using untrusted key!\n")); @@ -421,9 +405,10 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage ) for(;;) { rc = 0; m_free(answer); - answer = tty_get(_("Enter the user ID: ")); + answer = cpr_get(N_("pklist.user_id.enter"), + _("Enter the user ID: ")); trim_spaces(answer); - tty_kill_prompt(); + cpr_kill_prompt(); if( !*answer ) break; if( pk ) diff --git a/g10/plaintext.c b/g10/plaintext.c index 1a22ecdbd..914be8f20 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -30,6 +30,7 @@ #include "ttyio.h" #include "filter.h" #include "main.h" +#include "status.h" #include "i18n.h" @@ -109,9 +110,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, /* no filename or "-" given; write to stdout */ fp = stdout; } - else if( (rc=overwrite_filep( fname )) ) { - if( rc == -1 ) - rc = G10ERR_CREATE_FILE; + else if( !overwrite_filep( fname ) ) { + rc = G10ERR_CREATE_FILE; goto leave; } @@ -207,8 +207,9 @@ ask_for_detached_datafile( md_filter_context_t *mfx, const char *inname ) tty_printf("Detached signature.\n"); do { m_free(answer); - answer = tty_get("Please enter name of data file: "); - tty_kill_prompt(); + answer = cpr_get(N_("detached_signature.filename"), + _("Please enter name of data file: ")); + cpr_kill_prompt(); if( any && !*answer ) { rc = G10ERR_READ_FILE; goto leave; diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 98ad2d3ae..f6a15fccf 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -31,6 +31,7 @@ #include "trustdb.h" #include "cipher.h" #include "status.h" +#include "i18n.h" /**************** @@ -134,7 +135,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) log_error("can't check algorithm against preferences\n"); else if( dek->algo != CIPHER_ALGO_3DES && !is_algo_in_prefs( pk->local_id, PREFTYPE_SYM, dek->algo ) ) - log_info("note: cipher algorithm %d not found in preferences\n", + log_info(_("note: cipher algorithm %d not found in preferences\n"), dek->algo ); free_public_key( pk ); rc = 0; diff --git a/g10/revoke.c b/g10/revoke.c index 948da6361..c78d79c85 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -33,6 +33,8 @@ #include "util.h" #include "main.h" #include "ttyio.h" +#include "status.h" +#include "i18n.h" /**************** @@ -53,8 +55,6 @@ gen_revoke( const char *uname ) KBNODE keyblock = NULL; KBNODE node; KBPOS kbpos; - char *answer; - int yes; if( opt.batch ) { log_error("sorry, can't do this in batch mode\n"); @@ -117,11 +117,8 @@ gen_revoke( const char *uname ) } tty_printf("\n"); - answer = tty_get("Create a revocation certificate for this key? "); - tty_kill_prompt(); - yes = answer_is_yes(answer); - m_free(answer); - if( !yes ) { + if( !cpr_get_answer_is_yes(N_("gen_revoke.okay"), + _("Create a revocation certificate for this key? ")) ){ rc = 0; goto leave; } diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 679d029cf..78673dfdc 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -67,10 +67,11 @@ do_check( PKT_secret_key *sk ) memcpy(save_iv, sk->protect.iv, 8 ); cipher_decrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); csum = 0; - if( sk->version >= 4 && !(opt.emulate_bugs & EMUBUG_ENCR_MPI) ) { + if( sk->version >= 4 ) { int ndata; byte *p, *data; + i = pubkey_get_npkey(sk->pubkey_algo); assert( mpi_is_opaque( sk->skey[i] ) ); p = mpi_get_opaque( sk->skey[i], &ndata ); @@ -78,10 +79,15 @@ do_check( PKT_secret_key *sk ) cipher_decrypt( cipher_hd, data, p, ndata ); mpi_free( sk->skey[i] ); sk->skey[i] = NULL ; p = data; - csum = checksum( data, ndata); - if( ndata < 2 ) - log_bug("not enough bytes for checksum\n"); - sk->csum = data[ndata-2] << 8 | data[ndata-1]; + if( ndata < 2 ) { + log_error("not enough bytes for checksum\n"); + sk->csum = 0; + csum = 1; + } + else { + csum = checksum( data, ndata-2); + sk->csum = data[ndata-2] << 8 | data[ndata-1]; + } /* must check it here otherwise the mpi_read_xx would fail * because the length das an abritary value */ if( sk->csum == csum ) { @@ -198,7 +204,7 @@ is_secret_key_protected( PKT_secret_key *sk ) int protect_secret_key( PKT_secret_key *sk, DEK *dek ) { - int i, rc = 0; + int i,j, rc = 0; byte *buffer; unsigned nbytes; u16 csum; @@ -219,12 +225,53 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) cipher_setkey( cipher_hd, dek->key, dek->keylen ); cipher_setiv( cipher_hd, NULL ); cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); - if( sk->version >= 4 && !(opt.emulate_bugs & EMUBUG_ENCR_MPI) ) { - BUG(); + if( sk->version >= 4 ) { + #define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY) + byte *buffer[NMPIS]; + unsigned nbytes[NMPIS]; + unsigned nbits[NMPIS]; + int ndata=0; + byte *p, *data; + + for(j=0, i = pubkey_get_npkey(sk->pubkey_algo); + i < pubkey_get_nskey(sk->pubkey_algo); i++, j++ ) { + assert( !mpi_is_opaque( sk->skey[i] ) ); + buffer[j] = mpi_get_buffer( sk->skey[i], &nbytes[j], NULL ); + nbits[j] = mpi_get_nbits( sk->skey[i] ); + ndata += nbytes[j] + 2; + } + for( ; j < NMPIS; j++ ) + buffer[j] = NULL; + ndata += 2; /* for checksum */ + + data = m_alloc_secure( ndata ); + p = data; + for(j=0; j < NMPIS && buffer[j]; j++ ) { + p[0] = nbits[j] >> 8 ; + p[1] = nbits[j]; + p += 2; + memcpy(p, buffer[j], nbytes[j] ); + p += nbytes[j]; + m_free(buffer[j]); + } + #undef NMPIS + csum = checksum( data, ndata-2); + sk->csum = csum; + *p++ = csum >> 8; + *p++ = csum; + assert( p == data+ndata ); + cipher_encrypt( cipher_hd, data, data, ndata ); + for(i = pubkey_get_npkey(sk->pubkey_algo); + i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { + mpi_free( sk->skey[i] ); + sk->skey[i] = NULL; + } + i = pubkey_get_npkey(sk->pubkey_algo); + sk->skey[i] = mpi_set_opaque(NULL, data, ndata ); } else { /* NOTE: we always recalculate the checksum because there - * are some * test releases which calculated it wrong */ + * are some test releases which calculated it wrong */ csum = 0; for(i=pubkey_get_npkey(sk->pubkey_algo); i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { diff --git a/g10/seskey.c b/g10/seskey.c index 29881d2e9..d4d2ab1fb 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -87,6 +87,24 @@ encode_session_key( DEK *dek, unsigned nbits ) i = nframe - 6 - dek->keylen; assert( i > 0 ); p = get_random_bits( i*8, 1, 1 ); + /* replace zero bytes by new values */ + for(;;) { + int j, k; + byte *pp; + + /* count the zero bytes */ + for(j=k=0; j < i; j++ ) + if( !p[j] ) + k++; + if( !k ) + break; /* okay: no zero bytes */ + k += k/128; /* better get some more */ + pp = get_random_bits( k*8, 1, 1); + for(j=0; j < i && k ; j++ ) + if( !p[j] ) + p[j] = pp[--k]; + m_free(pp); + } memcpy( frame+n, p, i ); m_free(p); n += i; diff --git a/g10/status.c b/g10/status.c index 8660613c3..6eb074909 100644 --- a/g10/status.c +++ b/g10/status.c @@ -37,6 +37,7 @@ #include "ttyio.h" #include "options.h" #include "main.h" +#include "i18n.h" static int fd = -1; #ifdef USE_SHM_COPROCESSING @@ -87,6 +88,7 @@ write_status_text ( int no, const char *text) case STATUS_SHM_GET : s = "SHM_GET\n"; break; case STATUS_SHM_GET_BOOL : s = "SHM_GET_BOOL\n"; break; case STATUS_SHM_GET_HIDDEN : s = "SHM_GET_HIDDEN\n"; break; + case STATUS_NEED_PASSPHRASE: s = "NEED_PASSPHRASE\n"; break; default: s = "?\n"; break; } @@ -194,6 +196,32 @@ do_shm_get( const char *keyword, int hidden, int bool ) #endif /* USE_SHM_COPROCESSING */ +static void +display_help( const char *keyword ) +{ + char *p; + int hint = 0; + + tty_kill_prompt(); + if( !keyword ) { + tty_printf(_("No help available") ); + hint++; + } + else { + p = _(keyword); + if( !strcmp( p, keyword ) ) { + tty_printf(_("No help available for '%s'"), keyword ); + hint++; + } + else + tty_printf("%s", p ); + } + tty_printf("\n"); + if( hint ) + tty_printf("You should set your LANG variable to a valid value.\n" + "Set LANG to \"en\" to see the English help texts.\n" ); +} + int cpr_enabled() @@ -208,21 +236,41 @@ cpr_enabled() char * cpr_get( const char *keyword, const char *prompt ) { + char *p; + #ifdef USE_SHM_COPROCESSING if( opt.shm_coprocess ) return do_shm_get( keyword, 0, 0 ); #endif - return tty_get( prompt ); + for(;;) { + p = tty_get( prompt ); + if( *p == '?' && !p[1] ) { + m_free(p); + display_help( keyword ); + } + else + return p; + } } char * cpr_get_hidden( const char *keyword, const char *prompt ) { + char *p; + #ifdef USE_SHM_COPROCESSING if( opt.shm_coprocess ) return do_shm_get( keyword, 1, 0 ); #endif - return tty_get_hidden( prompt ); + for(;;) { + p = tty_get_hidden( prompt ); + if( *p == '?' && !p[1] ) { + m_free(p); + display_help( keyword ); + } + else + return p; + } } void diff --git a/g10/status.h b/g10/status.h index f49e593a4..e9ad819d3 100644 --- a/g10/status.h +++ b/g10/status.h @@ -47,6 +47,7 @@ #define STATUS_SHM_GET_BOOL 18 #define STATUS_SHM_GET_HIDDEN 19 +#define STATUS_NEED_PASSPHRASE 20 /*-- status.c --*/ void set_status_fd ( int fd ); |