diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 52 | ||||
| -rw-r--r-- | g10/Makefile.am | 3 | ||||
| -rw-r--r-- | g10/build-packet.c | 10 | ||||
| -rw-r--r-- | g10/cipher.c | 18 | ||||
| -rw-r--r-- | g10/delkey.c | 2 | ||||
| -rw-r--r-- | g10/encode.c | 5 | ||||
| -rw-r--r-- | g10/encr-data.c | 61 | ||||
| -rw-r--r-- | g10/filter.h | 11 | ||||
| -rw-r--r-- | g10/g10.c | 95 | ||||
| -rw-r--r-- | g10/keydb.h | 5 | ||||
| -rw-r--r-- | g10/keygen.c | 4 | ||||
| -rw-r--r-- | g10/keyid.c | 103 | ||||
| -rw-r--r-- | g10/main.h | 28 | ||||
| -rw-r--r-- | g10/mainproc.c | 63 | ||||
| -rw-r--r-- | g10/mdfilter.c | 8 | ||||
| -rw-r--r-- | g10/misc.c | 30 | ||||
| -rw-r--r-- | g10/openfile.c | 48 | ||||
| -rw-r--r-- | g10/packet.h | 6 | ||||
| -rw-r--r-- | g10/passphrase.c | 38 | ||||
| -rw-r--r-- | g10/pkclist.c | 13 | ||||
| -rw-r--r-- | g10/plaintext.c | 42 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 5 | ||||
| -rw-r--r-- | g10/revoke.c | 6 | ||||
| -rw-r--r-- | g10/ringedit.c | 2 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 78 | ||||
| -rw-r--r-- | g10/seskey.c | 61 | ||||
| -rw-r--r-- | g10/sig-check.c | 130 | ||||
| -rw-r--r-- | g10/sign.c | 149 | ||||
| -rw-r--r-- | g10/textfilter.c | 13 | ||||
| -rw-r--r-- | g10/trustdb.c | 8 |
30 files changed, 659 insertions, 438 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 32d5f36a4..b5ded0c28 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,55 @@ -Sat Sep 18 12:16:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> +Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de> + + * misc.c (openpgp_cipher_test_algo): New. + (openpgp_pk_test_algo): New. + (openpgp_md_test_algo): New. + + * g10.c (build_list): Changed to use the new functions from libgcrypt. + + * ringedit.c (enum_keyblocks): Set .rt to 0 on open. + + * encode.c (encode_simple): Use new CTB when we don't have the + length of the file. This is somewhat strange as the comment above + indicates that this part is actually fixed for PGP 5 - maybe I simply + lost the source line, tsss. + + * sign.c (clearsign_file): Avoid duplicated Entries in the "Hash:" + line. Those headers are now only _not_ printed when there are + only old-style keys _and_ all hashs are MD5. + + (clearsign_file): Use gcry_md_test_algo() and gcry_md_algo_name(). + + * openfile.c (make_outfile_name): Use case-insenstive compare for + DOS systems. Add ".pgp" to the list of know extensions. + (open_outfile): For DOS systems try to replace the suffix instead of + appending it. + + * encr-data.c (decrypt_data): Reset error on a weak key. + * cipher.c: Replaced the cipher and digest functions by the gcry_ ones. + * seckey-cert.c: Ditto. + * seskey.c: Ditto. + * g10.c (print_mds): Replaced digst functions with the new gcry_ ones. + * keyid.c: Ditto. + * mainproc.c: Ditto. + * passphrase.c: Ditto. + * sig-check.c: Ditto. + * sign.c: Ditto. + + * pkclist.c (do_edit_ownertrust): Made the answer string const. + + * basicdefs.h: New. Move some defs and decl to this header. + + * openfile.c (open_outfile): Fixed the 8dot3 handling. + + * passphrase.c (passphrase_to_dek): Print uid using utf8 func. + * delkey.c (delete_key): Ditto. + * pkclist.c (show_paths,do_edit_ownertrust,do_we_trust): Ditto + (do_we_trust_pre): Ditto. + * trustdb.c (print_user_id,check_uidsigs): Ditto. + * revoke.c (gen_revoke,ask_revoke_sig): Ditto. + +Sat Sep 18 12:16:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> * filter.h: Changed cipher handle types to the the GCRY_xxx ones. replaces include cipher by system header include gcrypt.h. diff --git a/g10/Makefile.am b/g10/Makefile.am index af727cda8..d2fd427c0 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -4,7 +4,8 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl EXTRA_DIST = OPTIONS pubring.asc options.skel OMIT_DEPENDENCIES = zlib.h zconf.h LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@ -needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la +needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la \ + ../gcrypt/libgcrypt.la #noinst_PROGRAMS = gpgd bin_PROGRAMS = gpg diff --git a/g10/build-packet.c b/g10/build-packet.c index 4049f370f..5e56c2048 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -242,7 +242,7 @@ do_public_key( IOBUF out, int ctb, PKT_public_key *pk ) * Make a hash value from the public key certificate */ void -hash_public_key( MD_HANDLE md, PKT_public_key *pk ) +hash_public_key( GCRY_MD_HD md, PKT_public_key *pk ) { PACKET pkt; int rc = 0; @@ -293,10 +293,10 @@ hash_public_key( MD_HANDLE md, PKT_public_key *pk ) } } /* hash a header */ - md_putc( md, 0x99 ); + gcry_md_putc( md, 0x99 ); pktlen &= 0xffff; /* can't handle longer packets */ - md_putc( md, pktlen >> 8 ); - md_putc( md, pktlen & 0xff ); + gcry_md_putc( md, pktlen >> 8 ); + gcry_md_putc( md, pktlen & 0xff ); } /* hash the packet body */ while( (c=iobuf_get(a)) != -1 ) { @@ -307,7 +307,7 @@ hash_public_key( MD_HANDLE md, PKT_public_key *pk ) i=0; } #endif - md_putc( md, c ); + gcry_md_putc( md, c ); } #if 0 putc('\n', fp); diff --git a/g10/cipher.c b/g10/cipher.c index e458a807c..c0f10ff19 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -25,6 +25,7 @@ #include <errno.h> #include <assert.h> +#include <gcrypt.h> #include "errors.h" #include "iobuf.h" #include "memory.h" @@ -55,6 +56,8 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) if( use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; cfx->mdc_hash = gcry_md_open( DIGEST_ALGO_SHA1, 0 ); + /*should we check the function works, or is it better to provide + a flag which makes the function die itself ?? FIXME */ /*md_start_debug( cfx->mdc_hash, "mdccreat" );*/ } init_packet( &pkt ); @@ -70,13 +73,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) temp[nprefix] = temp[nprefix-2]; temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); - if( gcry_cipher_open( &cfx->cipher_hd, - cfx->dek->algo, - CIPHER_MODE_CFB, - GCRY_CIPHER_SECURE - | (cfy->dek->algo >= 100 ? - 0 : GCRY_CIPHER_ENABLE_SYNC) ) - ) { + if( !(cfx->cipher_hd = gcry_cipher_open( cfx->dek->algo, + GCRY_CIPHER_MODE_CFB, + GCRY_CIPHER_SECURE + | (cfx->dek->algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC))) + ) { /* we should never get an error here cause we already checked, that * the algorithm is available. */ BUG(); @@ -91,7 +93,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) /* log_hexdump( "prefix", temp, nprefix+2 ); */ if( cfx->mdc_hash ) gcry_md_write( cfx->mdc_hash, temp, nprefix+2 ); - rc = cipher_encrypt( cfx->cipher_hd, temp, nprefix+2, NULL, 0 ); + rc = gcry_cipher_encrypt( cfx->cipher_hd, temp, nprefix+2, NULL, 0 ); if( !rc ) rc = gcry_cipher_sync( cfx->cipher_hd ); if( rc ) diff --git a/g10/delkey.c b/g10/delkey.c index 8d4f1a5b0..a324fd631 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -124,7 +124,7 @@ delete_key( const char *username, int secret ) pubkey_letter( pk->pubkey_algo ), keyid[1], datestr_from_pk(pk) ); p = get_user_id( keyid, &n ); - tty_print_string( p, n ); + tty_print_utf8_string( p, n ); m_free(p); tty_printf("\n\n"); diff --git a/g10/encode.c b/g10/encode.c index bc03401ac..fe054fdab 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -177,6 +177,7 @@ encode_simple( const char *filename, int mode ) pt->timestamp = make_timestamp(); pt->mode = opt.textmode? 't' : 'b'; pt->len = filesize; + pt->new_ctb = !pt->len && !opt.rfc1991; pt->buf = inp; pkt.pkttype = PKT_PLAINTEXT; pkt.pkt.plaintext = pt; @@ -480,8 +481,8 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ) if( opt.verbose ) { char *ustr = get_user_id_string( enc->keyid ); log_info(_("%s/%s encrypted for: %s\n"), - pubkey_algo_to_string(enc->pubkey_algo), - cipher_algo_to_string(dek->algo), ustr ); + gcry_pk_algo_name(enc->pubkey_algo), + gcry_cipher_algo_name(dek->algo), ustr ); m_free(ustr); } /* and write it */ diff --git a/g10/encr-data.c b/g10/encr-data.c index 0b3accf56..1dd6e0e77 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -56,7 +56,6 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) decode_filter_ctx_t dfx; byte *p; int rc=0, c, i; - int algo_okay; byte temp[32]; int blocksize; unsigned nprefix; @@ -71,27 +70,45 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if( opt.verbose ) log_info(_("%s encrypted data\n"), gcry_cipher_algo_name( dek->algo ) ); - blocksize = gcry_cipher_get_blklen( dek->algo ); + blocksize = gcry_cipher_get_algo_blklen( dek->algo ); if( blocksize < 1 || blocksize > 16 ) log_fatal("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; if( ed->len && ed->len < (nprefix+2) ) BUG(); ---> We are currently working HERE!!!! - if( ed->mdc_method ) - dfx.mdc_hash = md_open( ed->mdc_method, 0 ); - dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); + + if( ed->mdc_method ) { + dfx.mdc_hash = gcry_md_open( ed->mdc_method, 0 ); + if( !dfx.mdc_hash ) + BUG(); + } + if( !(dfx.cipher_hd = gcry_cipher_open( dek->algo, + GCRY_CIPHER_MODE_CFB, + GCRY_CIPHER_SECURE + | (dek->algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC) )) + ) { + /* we should never get an error here cause we already checked, that + * the algorithm is available. What about a flag to let the function + * die in this case? */ + BUG(); + } + + /* log_hexdump( "thekey", dek->key, dek->keylen );*/ - rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); - if( rc == G10ERR_WEAK_KEY ) + rc = gcry_cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); + if( rc == GCRYERR_WEAK_KEY ) { log_info(_("WARNING: message was encrypted with " "a weak key in the symmetric cipher.\n")); + rc = 0; + } else if( rc ) { - log_error("key setup failed: %s\n", g10_errstr(rc) ); + log_error("key setup failed: %s\n", gcry_strerror(rc) ); + rc = map_gcry_rc(rc); goto leave; } - cipher_setiv( dfx.cipher_hd, NULL, 0 ); + gcry_cipher_setiv( dfx.cipher_hd, NULL, 0 ); if( ed->len ) { for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) { @@ -108,10 +125,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) else temp[i] = c; } - cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2); + gcry_cipher_decrypt( dfx.cipher_hd, temp, nprefix+2, NULL, 0 ); if( dfx.mdc_hash ) - md_write( dfx.mdc_hash, temp, nprefix+2 ); - cipher_sync( dfx.cipher_hd ); + gcry_md_write( dfx.mdc_hash, temp, nprefix+2 ); + gcry_cipher_sync( dfx.cipher_hd ); p = temp; /* log_hexdump( "prefix", temp, nprefix+2 ); */ if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) { @@ -127,20 +144,20 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if( ed->mdc_method && dfx.eof_seen == 2 ) rc = G10ERR_INVALID_PACKET; else if( ed->mdc_method ) { /* check the mdc */ - int datalen = md_digest_length( ed->mdc_method ); - md_final( dfx.mdc_hash ); + int datalen = gcry_md_get_algo_dlen( ed->mdc_method ); if( datalen != 20 - || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) ) + || memcmp(gcry_md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) ) rc = G10ERR_BAD_SIGN; - log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen); + log_hexdump("MDC calculated:", gcry_md_read( dfx.mdc_hash, 0), datalen); log_hexdump("MDC message :", dfx.defer, 20); } leave: - cipher_close(dfx.cipher_hd); - md_close( dfx.mdc_hash ); + gcry_cipher_close(dfx.cipher_hd); + gcry_md_close( dfx.mdc_hash ); return rc; } + /* I think we should merge this with cipher_filter */ static int mdc_decode_filter( void *opaque, int control, IOBUF a, @@ -198,8 +215,8 @@ mdc_decode_filter( void *opaque, int control, IOBUF a, } if( n ) { - cipher_decrypt( dfx->cipher_hd, buf, buf, n); - md_write( dfx->mdc_hash, buf, n ); + gcry_cipher_decrypt( dfx->cipher_hd, buf, n, NULL, 0); + gcry_md_write( dfx->mdc_hash, buf, n ); } else { assert( dfx->eof_seen ); @@ -225,7 +242,7 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) n = iobuf_read( a, buf, size ); if( n == -1 ) n = 0; if( n ) - cipher_decrypt( fc->cipher_hd, buf, buf, n); + gcry_cipher_decrypt( fc->cipher_hd, buf, n, NULL, 0); else rc = -1; /* eof */ *ret_len = n; diff --git a/g10/filter.h b/g10/filter.h index 02e4e2ed6..321a4ca9e 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -22,7 +22,9 @@ #include <gcrypt.h> -#include "types.h" +#include "basicdefs.h" + + typedef struct { GCRY_MD_HD md; /* catch all */ @@ -83,6 +85,13 @@ typedef struct { } cipher_filter_context_t; +typedef struct { + int header_okay; + PK_LIST pk_list; + cipher_filter_context_t cfx; +} encrypt_filter_context_t; + + typedef struct { byte *buffer; /* malloced buffer */ @@ -26,6 +26,7 @@ #include <ctype.h> #include <unistd.h> +#include <gcrypt.h> #include "packet.h" #include "iobuf.h" @@ -36,7 +37,6 @@ #include "keydb.h" #include "trustdb.h" #include "mpi.h" -#include "cipher.h" #include "filter.h" #include "ttyio.h" #include "i18n.h" @@ -353,8 +353,8 @@ int g10_errors_seen = 0; static int utf8_strings = 0; static int maybe_setuid = 1; -static char *build_list( const char *text, - const char *(*mapf)(int), int (*chkf)(int) ); +static char *build_list( const char *text, const char * (*mapf)(int), + int (*chkf)(int) ); static void set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd ); static void print_hex( byte *p, size_t n ); @@ -388,20 +388,20 @@ strusage( int level ) case 31: p = _("\nSupported algorithms:\n"); break; case 32: if( !ciphers ) - ciphers = build_list("Cipher: ", cipher_algo_to_string, - check_cipher_algo ); + ciphers = build_list("Cipher: ", gcry_cipher_algo_name, + openpgp_cipher_test_algo ); p = ciphers; break; case 33: if( !pubkeys ) - pubkeys = build_list("Pubkey: ", pubkey_algo_to_string, - check_pubkey_algo ); + pubkeys = build_list("Pubkey: ", gcry_pk_algo_name, + openpgp_pk_test_algo ); p = pubkeys; break; case 34: if( !digests ) - digests = build_list("Hash: ", digest_algo_to_string, - check_digest_algo ); + digests = build_list("Hash: ", gcry_md_algo_name, + openpgp_md_test_algo ); p = digests; break; @@ -415,7 +415,6 @@ static char * build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) ) { int i; - const char *s; size_t n=strlen(text)+2; char *list, *p; @@ -423,16 +422,16 @@ build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) ) secmem_init( 0 ); /* drop setuid */ for(i=1; i < 110; i++ ) - if( !chkf(i) && (s=mapf(i)) ) - n += strlen(s) + 2; + if( !chkf(i) ) + n += strlen(mapf(i)) + 2; list = m_alloc( 21 + n ); *list = 0; for(p=NULL, i=1; i < 110; i++ ) { - if( !chkf(i) && (s=mapf(i)) ) { + if( !chkf(i) ) { if( !p ) p = stpcpy( list, text ); else p = stpcpy( p, ", "); - p = stpcpy(p, s ); + p = stpcpy(p, mapf(i) ); } } if( p ) @@ -577,8 +576,8 @@ main( int argc, char **argv ) opt.def_digest_algo = 0; opt.def_compress_algo = 2; opt.s2k_mode = 3; /* iterated+salted */ - opt.s2k_digest_algo = DIGEST_ALGO_RMD160; - opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH; + opt.s2k_digest_algo = GCRY_MD_RMD160; + opt.s2k_cipher_algo = GCRY_CIPHER_BLOWFISH; opt.completes_needed = 1; opt.marginals_needed = 3; opt.max_cert_depth = 5; @@ -798,8 +797,8 @@ main( int argc, char **argv ) opt.def_digest_algo = 0; opt.def_compress_algo = 2; opt.s2k_mode = 3; /* iterated+salted */ - opt.s2k_digest_algo = DIGEST_ALGO_RMD160; - opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH; + opt.s2k_digest_algo = GCRY_MD_RMD160; + opt.s2k_cipher_algo = GCRY_CIPHER_BLOWFISH; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; case oCompressSigs: opt.compress_sigs = 1; break; @@ -853,11 +852,14 @@ main( int argc, char **argv ) case oNotation: add_notation_data( pargs.r.ret_str ); break; case oUtf8Strings: utf8_strings = 1; break; case oNoUtf8Strings: utf8_strings = 0; break; - case oDisableCipherAlgo: - disable_cipher_algo( string_to_cipher_algo(pargs.r.ret_str) ); + case oDisableCipherAlgo: { + int algo = gcry_cipher_map_name(pargs.r.ret_str); + gcry_cipher_ctl( NULL, GCRYCTL_DISABLE_ALGO, + &algo, sizeof algo ); + } break; case oDisablePubkeyAlgo: - disable_pubkey_algo( string_to_pubkey_algo(pargs.r.ret_str) ); + disable_pubkey_algo( gcry_pk_map_name(pargs.r.ret_str) ); break; case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; @@ -927,27 +929,27 @@ main( int argc, char **argv ) /* must do this after dropping setuid, because string_to... * may try to load an module */ if( def_cipher_string ) { - opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string); + opt.def_cipher_algo = gcry_cipher_map_name(def_cipher_string); m_free(def_cipher_string); def_cipher_string = NULL; - if( check_cipher_algo(opt.def_cipher_algo) ) + if( openpgp_cipher_test_algo(opt.def_cipher_algo) ) log_error(_("selected cipher algorithm is invalid\n")); } if( def_digest_string ) { - opt.def_digest_algo = string_to_digest_algo(def_digest_string); + opt.def_digest_algo = gcry_md_map_name(def_digest_string); m_free(def_digest_string); def_digest_string = NULL; - if( check_digest_algo(opt.def_digest_algo) ) + if( openpgp_md_test_algo(opt.def_digest_algo) ) log_error(_("selected digest algorithm is invalid\n")); } if( s2k_cipher_string ) { - opt.s2k_cipher_algo = string_to_cipher_algo(s2k_cipher_string); + opt.s2k_cipher_algo = gcry_cipher_map_name(s2k_cipher_string); m_free(s2k_cipher_string); s2k_cipher_string = NULL; - if( check_cipher_algo(opt.s2k_cipher_algo) ) + if( openpgp_cipher_test_algo(opt.s2k_cipher_algo) ) log_error(_("selected cipher algorithm is invalid\n")); } if( s2k_digest_string ) { - opt.s2k_digest_algo = string_to_digest_algo(s2k_digest_string); + opt.s2k_digest_algo = gcry_md_map_name(s2k_digest_string); m_free(s2k_digest_string); s2k_digest_string = NULL; - if( check_digest_algo(opt.s2k_digest_algo) ) + if( openpgp_md_test_algo(opt.s2k_digest_algo) ) log_error(_("selected digest algorithm is invalid\n")); } if( opt.set_policy_url ) { @@ -1330,7 +1332,7 @@ main( int argc, char **argv ) wrong_args("--print-md algo [files]"); { int all_algos = (**argv=='*' && !(*argv)[1]); - int algo = all_algos? 0 : string_to_digest_algo(*argv); + int algo = all_algos? 0 : gcry_md_map_name(*argv); if( !algo && !all_algos ) log_error(_("invalid hash algorithm `%s'\n"), *argv ); @@ -1509,8 +1511,9 @@ print_mds( const char *fname, int algo ) FILE *fp; char buf[1024]; size_t n; - MD_HANDLE md; + GCRY_MD_HD md; char *pname; + int have_tiger = 0; if( !fname ) { fp = stdin; @@ -1527,43 +1530,41 @@ print_mds( const char *fname, int algo ) return; } - md = md_open( 0, 0 ); + md = gcry_md_open( 0, 0 ); if( algo ) - md_enable( md, algo ); + gcry_md_enable( md, algo ); else { - md_enable( md, DIGEST_ALGO_MD5 ); - md_enable( md, DIGEST_ALGO_SHA1 ); - md_enable( md, DIGEST_ALGO_RMD160 ); - if( !check_digest_algo(DIGEST_ALGO_TIGER) ) - md_enable( md, DIGEST_ALGO_TIGER ); + gcry_md_enable( md, GCRY_MD_MD5 ); + gcry_md_enable( md, GCRY_MD_SHA1 ); + gcry_md_enable( md, GCRY_MD_RMD160 ); + have_tiger = !gcry_md_enable( md, GCRY_MD_TIGER ); } while( (n=fread( buf, 1, DIM(buf), fp )) ) - md_write( md, buf, n ); + gcry_md_write( md, buf, n ); if( ferror(fp) ) log_error("%s%s\n", pname, strerror(errno) ); else { - md_final(md); if( algo ) { if( fname ) fputs( pname, stdout ); - print_hex(md_read(md, algo), md_digest_length(algo) ); + print_hex( gcry_md_read(md, algo), gcry_md_get_algo_dlen(algo) ); } else { printf( "%s MD5 = ", fname?pname:"" ); - print_hex(md_read(md, DIGEST_ALGO_MD5), 16 ); + print_hex(gcry_md_read(md, GCRY_MD_MD5), 16 ); printf("\n%s SHA1 = ", fname?pname:"" ); - print_hex(md_read(md, DIGEST_ALGO_SHA1), 20 ); + print_hex(gcry_md_read(md, GCRY_MD_SHA1), 20 ); printf("\n%sRMD160 = ", fname?pname:"" ); - print_hex(md_read(md, DIGEST_ALGO_RMD160), 20 ); - if( !check_digest_algo(DIGEST_ALGO_TIGER) ) { + print_hex(gcry_md_read(md, GCRY_MD_RMD160), 20 ); + if( have_tiger ) { printf("\n%s TIGER = ", fname?pname:"" ); - print_hex(md_read(md, DIGEST_ALGO_TIGER), 24 ); + print_hex(gcry_md_read(md, GCRY_MD_TIGER), 24 ); } } putchar('\n'); } - md_close(md); + gcry_md_close(md); if( fp != stdin ) fclose(fp); diff --git a/g10/keydb.h b/g10/keydb.h index 20a8a6325..fe4f8be94 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -25,9 +25,8 @@ #include <gdbm.h> #endif -#include "types.h" +#include "basicdefs.h" #include "packet.h" -#include "cipher.h" #define MAX_FINGERPRINT_LEN 20 @@ -83,7 +82,6 @@ struct keyblock_pos_struct { typedef struct keyblock_pos_struct KBPOS; /* structure to hold a couple of public key certificates */ -typedef struct pk_list *PK_LIST; struct pk_list { PK_LIST next; PKT_public_key *pk; @@ -91,7 +89,6 @@ struct pk_list { }; /* structure to hold a couple of secret key certificates */ -typedef struct sk_list *SK_LIST; struct sk_list { SK_LIST next; PKT_secret_key *sk; diff --git a/g10/keygen.c b/g10/keygen.c index ceff09d10..0ed07e690 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -443,7 +443,7 @@ ask_keysize( int algo ) " minimum keysize is 768 bits\n" " default keysize is 1024 bits\n" " highest suggested keysize is 2048 bits\n"), - pubkey_algo_to_string(algo) ); + gcry_pk_algo_name(algo) ); for(;;) { answer = cpr_get("keygen.size", _("What keysize do you want? (1024) ")); @@ -686,7 +686,7 @@ ask_user_id( int mode ) tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid); /* fixme: add a warning if this user-id already exists */ for(;;) { - char *ansstr = _("NnCcEeOoQq"); + const char *ansstr = _("NnCcEeOoQq"); if( strlen(ansstr) != 10 ) BUG(); diff --git a/g10/keyid.c b/g10/keyid.c index 665b3be86..b4d745a7c 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -25,6 +25,7 @@ #include <errno.h> #include <time.h> #include <assert.h> +#include <gcrypt.h> #include "util.h" #include "main.h" #include "packet.h" @@ -48,10 +49,10 @@ pubkey_letter( int algo ) } -static MD_HANDLE +static GCRY_MD_HD do_fingerprint_md( PKT_public_key *pk ) { - MD_HANDLE md; + GCRY_MD_HD md; unsigned n; unsigned nb[PUBKEY_MAX_NPKEY]; unsigned nn[PUBKEY_MAX_NPKEY]; @@ -59,7 +60,9 @@ do_fingerprint_md( PKT_public_key *pk ) int i; int npkey = pubkey_get_npkey( pk->pubkey_algo ); - md = md_open( pk->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0); + md = gcry_md_open( pk->version < 4 ? GCRY_MD_RMD160 : GCRY_MD_SHA1, 0); + if( !md ) + BUG(); n = pk->version < 4 ? 8 : 6; for(i=0; i < npkey; i++ ) { nb[i] = mpi_get_nbits(pk->pkey[i]); @@ -67,19 +70,19 @@ do_fingerprint_md( PKT_public_key *pk ) n += 2 + nn[i]; } - md_putc( md, 0x99 ); /* ctb */ - md_putc( md, n >> 8 ); /* 2 byte length header */ - md_putc( md, n ); + gcry_md_putc( md, 0x99 ); /* ctb */ + gcry_md_putc( md, n >> 8 ); /* 2 byte length header */ + gcry_md_putc( md, n ); if( pk->version < 4 ) - md_putc( md, 3 ); + gcry_md_putc( md, 3 ); else - md_putc( md, 4 ); + gcry_md_putc( md, 4 ); { u32 a = pk->timestamp; - md_putc( md, a >> 24 ); - md_putc( md, a >> 16 ); - md_putc( md, a >> 8 ); - md_putc( md, a ); + gcry_md_putc( md, a >> 24 ); + gcry_md_putc( md, a >> 16 ); + gcry_md_putc( md, a >> 8 ); + gcry_md_putc( md, a ); } if( pk->version < 4 ) { u16 a; @@ -88,22 +91,22 @@ do_fingerprint_md( PKT_public_key *pk ) a = (u16)((pk->expiredate - pk->timestamp) / 86400L); else a = 0; - md_putc( md, a >> 8 ); - md_putc( md, a ); + gcry_md_putc( md, a >> 8 ); + gcry_md_putc( md, a ); } - md_putc( md, pk->pubkey_algo ); + gcry_md_putc( md, pk->pubkey_algo ); for(i=0; i < npkey; i++ ) { - md_putc( md, nb[i]>>8); - md_putc( md, nb[i] ); - md_write( md, pp[i], nn[i] ); + gcry_md_putc( md, nb[i]>>8); + gcry_md_putc( md, nb[i] ); + gcry_md_write( md, pp[i], nn[i] ); m_free(pp[i]); } - md_final( md ); + gcry_md_final( md ); return md; } -static MD_HANDLE +static GCRY_MD_HD do_fingerprint_md_sk( PKT_secret_key *sk ) { PKT_public_key pk; @@ -140,13 +143,13 @@ keyid_from_sk( PKT_secret_key *sk, u32 *keyid ) } else { const byte *dp; - MD_HANDLE md; + GCRY_MD_HD md; md = do_fingerprint_md_sk(sk); - dp = md_read( md, 0 ); + dp = gcry_md_read( md, 0 ); keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; lowbits = keyid[1]; - md_close(md); + gcry_md_close(md); } return lowbits; @@ -179,13 +182,13 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid ) } else { const byte *dp; - MD_HANDLE md; + GCRY_MD_HD md; md = do_fingerprint_md(pk); - dp = md_read( md, 0 ); + dp = gcry_md_read( md, 0 ); keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; lowbits = keyid[1]; - md_close(md); + gcry_md_close(md); pk->keyid[0] = keyid[0]; pk->keyid[1] = keyid[1]; } @@ -348,34 +351,36 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len ) if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) { /* RSA in version 3 packets is special */ - MD_HANDLE md; + GCRY_MD_HD md; - md = md_open( DIGEST_ALGO_MD5, 0); + md = gcry_md_open( DIGEST_ALGO_MD5, 0); + if( !md ) + BUG(); if( pubkey_get_npkey( pk->pubkey_algo ) > 1 ) { p = buf = mpi_get_buffer( pk->pkey[0], &n, NULL ); - md_write( md, p, n ); + gcry_md_write( md, p, n ); m_free(buf); p = buf = mpi_get_buffer( pk->pkey[1], &n, NULL ); - md_write( md, p, n ); + gcry_md_write( md, p, n ); m_free(buf); } - md_final(md); + gcry_md_final(md); if( !array ) array = m_alloc( 16 ); len = 16; - memcpy(array, md_read(md, DIGEST_ALGO_MD5), 16 ); - md_close(md); + memcpy(array, gcry_md_read(md, DIGEST_ALGO_MD5), 16 ); + gcry_md_close(md); } else { - MD_HANDLE md; + GCRY_MD_HD md; md = do_fingerprint_md(pk); - dp = md_read( md, 0 ); - len = md_digest_length( md_get_algo( md ) ); + dp = gcry_md_read( md, 0 ); + len = gcry_md_get_algo_dlen( gcry_md_get_algo( md ) ); assert( len <= MAX_FINGERPRINT_LEN ); if( !array ) array = m_alloc( len ); memcpy(array, dp, len ); - md_close(md); + gcry_md_close(md); } *ret_len = len; @@ -392,34 +397,36 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len ) if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) { /* RSA in version 3 packets is special */ - MD_HANDLE md; + GCRY_MD_HD md; - md = md_open( DIGEST_ALGO_MD5, 0); + md = gcry_md_open( DIGEST_ALGO_MD5, 0); + if( !md ) + BUG(); if( pubkey_get_npkey( sk->pubkey_algo ) > 1 ) { p = buf = mpi_get_buffer( sk->skey[1], &n, NULL ); - md_write( md, p, n ); + gcry_md_write( md, p, n ); m_free(buf); p = buf = mpi_get_buffer( sk->skey[0], &n, NULL ); - md_write( md, p, n ); + gcry_md_write( md, p, n ); m_free(buf); } - md_final(md); + gcry_md_final(md); if( !array ) array = m_alloc( 16 ); len = 16; - memcpy(array, md_read(md, DIGEST_ALGO_MD5), 16 ); - md_close(md); + memcpy(array, gcry_md_read(md, GCRY_MD_MD5), 16 ); + gcry_md_close(md); } else { - MD_HANDLE md; + GCRY_MD_HD md; md = do_fingerprint_md_sk(sk); - dp = md_read( md, 0 ); - len = md_digest_length( md_get_algo( md ) ); + dp = gcry_md_read( md, 0 ); + len = gcry_md_get_algo_dlen( gcry_md_get_algo( md ) ); assert( len <= MAX_FINGERPRINT_LEN ); if( !array ) array = m_alloc( len ); memcpy(array, dp, len ); - md_close(md); + gcry_md_close(md); } *ret_len = len; diff --git a/g10/main.h b/g10/main.h index df04f408d..4ccc2f658 100644 --- a/g10/main.h +++ b/g10/main.h @@ -19,22 +19,16 @@ */ #ifndef G10_MAIN_H #define G10_MAIN_H -#include "types.h" + +#include <gcrypt.h> +#include "basicdefs.h" #include "iobuf.h" #include "mpi.h" -#include "cipher.h" #include "keydb.h" -#define DEFAULT_CIPHER_ALGO CIPHER_ALGO_BLOWFISH -#define DEFAULT_PUBKEY_ALGO PUBKEY_ALGO_ELGAMAL -#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_RMD160 - - -typedef struct { - int header_okay; - PK_LIST pk_list; - cipher_filter_context_t cfx; -} encrypt_filter_context_t; +#define DEFAULT_CIPHER_ALGO GCRY_CIPHER_BLOWFISH +#define DEFAULT_PUBKEY_ALGO GCRY_PUBKEY_ELGAMAL +#define DEFAULT_DIGEST_ALGO GCRY_MD_RMD160 /*-- g10.c --*/ @@ -61,6 +55,10 @@ u16 checksum_mpi( MPI a ); u16 checksum_mpi_counted_nbits( MPI a ); u32 buffer_to_u32( const byte *buffer ); +int openpgp_cipher_test_algo( int algo ); +int openpgp_pk_test_algo( int algo ); +int openpgp_md_test_algo( int algo ); + /*-- helptext.c --*/ void display_online_help( const char *keyword ); @@ -73,7 +71,7 @@ int encrypt_filter( void *opaque, int control, /*-- sign.c --*/ -int complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md ); +int complete_sig( PKT_signature *sig, PKT_secret_key *sk, GCRY_MD_HD md ); int sign_file( STRLIST filenames, int detached, STRLIST locusr, int do_encrypt, STRLIST remusr, const char *outfile ); int clearsign_file( const char *fname, STRLIST locusr, const char *outfile ); @@ -108,7 +106,7 @@ void copy_options_file( const char *destdir ); /*-- seskey.c --*/ void make_session_key( DEK *dek ); MPI encode_session_key( DEK *dek, unsigned nbits ); -MPI encode_md_value( int pubkey_algo, MD_HANDLE md, +MPI encode_md_value( int pubkey_algo, GCRY_MD_HD md, int hash_algo, unsigned nbits ); /*-- comment.c --*/ @@ -143,7 +141,7 @@ int verify_signatures( int nfiles, char **files ); int decrypt_message( const char *filename ); /*-- plaintext.c --*/ -int hash_datafiles( MD_HANDLE md, MD_HANDLE md2, +int hash_datafiles( GCRY_MD_HD md, GCRY_MD_HD md2, STRLIST files, const char *sigfilename, int textmode ); /*-- signal.c --*/ diff --git a/g10/mainproc.c b/g10/mainproc.c index 4c93b4877..98034bec3 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -25,12 +25,12 @@ #include <assert.h> #include <time.h> +#include <gcrypt.h> #include "packet.h" #include "iobuf.h" #include "memory.h" #include "options.h" #include "util.h" -#include "cipher.h" #include "keydb.h" #include "filter.h" #include "main.h" @@ -266,7 +266,7 @@ print_failed_pkenc( struct kidlist_item *list ) { for( ; list; list = list->next ) { PKT_public_key *pk = m_alloc_clear( sizeof *pk ); - const char *algstr = pubkey_algo_to_string( list->pubkey_algo ); + const char *algstr = gcry_pk_algo_name( list->pubkey_algo ); pk->pubkey_algo = list->pubkey_algo; if( !get_pubkey( pk, list->kid ) ) { @@ -361,7 +361,8 @@ proc_plaintext( CTX c, PACKET *pkt ) else if( opt.verbose ) log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name); free_md_filter_context( &c->mfx ); - c->mfx.md = md_open( 0, 0); + if( !(c->mfx.md = gcry_md_open( 0, 0)) ) + BUG(); /* fixme: we may need to push the textfilter if we have sigclass 1 * and no armoring - Not yet tested * Hmmm, why don't we need it at all if we have sigclass 1 @@ -372,7 +373,8 @@ proc_plaintext( CTX c, PACKET *pkt ) for(n=c->list; n; n = n->next ) { if( n->pkt->pkttype == PKT_ONEPASS_SIG ) { if( n->pkt->pkt.onepass_sig->digest_algo ) { - md_enable( c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo ); + gcry_md_enable( c->mfx.md, + n->pkt->pkt.onepass_sig->digest_algo ); if( !any && n->pkt->pkt.onepass_sig->digest_algo == DIGEST_ALGO_MD5 ) only_md5 = 1; @@ -398,9 +400,9 @@ proc_plaintext( CTX c, PACKET *pkt ) } } if( !any ) { /* no onepass sig packet: enable all standard algos */ - md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); - md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); - md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); + gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); + gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); + gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); } if( only_md5 ) { /* This is a kludge to work around a bug in pgp2. It does only @@ -408,7 +410,8 @@ proc_plaintext( CTX c, PACKET *pkt ) * pgp mails we could see whether there is the signature packet * in front of the plaintext. If someone needs this, send me a patch. */ - c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0); + if( !(c->mfx.md2 = gcry_md_open( DIGEST_ALGO_MD5, 0)) ) + BUG(); } #if 0 #warning md_start_debug is enabled @@ -467,7 +470,7 @@ static int do_check_sig( CTX c, KBNODE node, int *is_selfsig ) { PKT_signature *sig; - MD_HANDLE md = NULL, md2 = NULL; + GCRY_MD_HD md = NULL, md2 = NULL; int algo, rc; assert( node->pkt->pkttype == PKT_SIGNATURE ); @@ -476,27 +479,31 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig ) sig = node->pkt->pkt.signature; algo = sig->digest_algo; - if( (rc=check_digest_algo(algo)) ) + if( (rc=openpgp_md_test_algo(algo)) ) return rc; if( sig->sig_class == 0x00 ) { if( c->mfx.md ) - md = md_copy( c->mfx.md ); + md = gcry_md_copy( c->mfx.md ); else /* detached signature */ - md = md_open( 0, 0 ); /* signature_check() will enable the md*/ + md = gcry_md_open( 0, 0 ); /* signature_check() will enable the md*/ + if( !md ) + BUG(); } else if( sig->sig_class == 0x01 ) { /* how do we know that we have to hash the (already hashed) text * in canonical mode ??? (calculating both modes???) */ if( c->mfx.md ) { - md = md_copy( c->mfx.md ); + md = gcry_md_copy( c->mfx.md ); if( c->mfx.md2 ) - md2 = md_copy( c->mfx.md2 ); + md2 = gcry_md_copy( c->mfx.md2 ); } else { /* detached signature */ log_debug("Do we really need this here?"); - md = md_open( 0, 0 ); /* signature_check() will enable the md*/ - md2 = md_open( 0, 0 ); + md = gcry_md_open( 0, 0 ); /* signature_check() will enable the md*/ + md2 = gcry_md_open( 0, 0 ); + if( !md || !md2 ) + BUG(); } } else if( (sig->sig_class&~3) == 0x10 @@ -518,8 +525,8 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig ) rc = signature_check( sig, md ); if( rc == G10ERR_BAD_SIGN && md2 ) rc = signature_check( sig, md2 ); - md_close(md); - md_close(md2); + gcry_md_close(md); + gcry_md_close(md2); return rc; } @@ -1020,7 +1027,7 @@ static int check_sig_and_print( CTX c, KBNODE node ) { PKT_signature *sig = node->pkt->pkt.signature; - const char *astr, *tstr; + const char *tstr; int rc; if( opt.skip_verify ) { @@ -1029,9 +1036,9 @@ check_sig_and_print( CTX c, KBNODE node ) } tstr = asctimestamp(sig->timestamp); - astr = pubkey_algo_to_string( sig->pubkey_algo ); log_info(_("Signature made %.*s using %s key ID %08lX\n"), - (int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] ); + (int)strlen(tstr), tstr, gcry_pk_algo_name( sig->pubkey_algo ), + (ulong)sig->keyid[1] ); rc = do_check_sig(c, node, NULL ); if( rc == G10ERR_NO_PUBKEY && opt.keyserver_name ) { @@ -1148,11 +1155,12 @@ proc_tree( CTX c, KBNODE node ) if( !c->have_data ) { free_md_filter_context( &c->mfx ); /* prepare to create all requested message digests */ - c->mfx.md = md_open(0, 0); + if( !(c->mfx.md = gcry_md_open(0, 0)) ) + BUG(); /* fixme: why looking for the signature packet and not 1passpacket*/ for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) { - md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo); + gcry_md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo); } /* ask for file and hash it */ if( c->sigs_only ) @@ -1177,18 +1185,21 @@ proc_tree( CTX c, KBNODE node ) if( !c->have_data ) { /* detached signature */ free_md_filter_context( &c->mfx ); - c->mfx.md = md_open(sig->digest_algo, 0); + if( !(c->mfx.md = gcry_md_open(sig->digest_algo, 0)) ) + BUG(); if( sig->digest_algo == DIGEST_ALGO_MD5 && is_RSA( sig->pubkey_algo ) ) { /* enable a workaround for a pgp2 bug */ - c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0 ); + if( !(c->mfx.md2 = gcry_md_open( DIGEST_ALGO_MD5, 0 )) ) + BUG(); } else if( sig->digest_algo == DIGEST_ALGO_SHA1 && sig->pubkey_algo == PUBKEY_ALGO_DSA && sig->sig_class == 0x01 ) { /* enable the workaround also for pgp5 when the detached * signature has been created in textmode */ - c->mfx.md2 = md_open( sig->digest_algo, 0 ); + if( !(c->mfx.md2 = gcry_md_open( sig->digest_algo, 0 )) ) + BUG(); } /* Here we have another hack to work around a pgp 2 bug * It works by not using the textmode for detached signatures; diff --git a/g10/mdfilter.c b/g10/mdfilter.c index 951fd730e..54eadcf6c 100644 --- a/g10/mdfilter.c +++ b/g10/mdfilter.c @@ -50,9 +50,9 @@ md_filter( void *opaque, int control, i = iobuf_read( a, buf, size ); if( i == -1 ) i = 0; if( i ) { - md_write(mfx->md, buf, i ); + gcry_md_write(mfx->md, buf, i ); if( mfx->md2 ) - md_write(mfx->md2, buf, i ); + gcry_md_write(mfx->md2, buf, i ); } else rc = -1; /* eof */ @@ -67,8 +67,8 @@ md_filter( void *opaque, int control, void free_md_filter_context( md_filter_context_t *mfx ) { - md_close(mfx->md); - md_close(mfx->md2); + gcry_md_close(mfx->md); + gcry_md_close(mfx->md2); mfx->md = NULL; mfx->md2 = NULL; mfx->maxbuf_size = 0; diff --git a/g10/misc.c b/g10/misc.c index 61f104a01..fb9d62f1f 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -31,6 +31,7 @@ #include <sys/time.h> #include <sys/resource.h> #endif +#include <gcrypt.h> #include "util.h" #include "main.h" #include "options.h" @@ -265,3 +266,32 @@ map_gcry_rc( int rc ) } } + +/**************** + * Wrapper around the libgcrypt function with addional checks on + * openPGP contrainst for the algo ID. + */ +int +openpgp_cipher_test_algo( int algo ) +{ + if( algo < 0 || algo > 110 ) + return GCRYERR_INV_ALGO; + return gcry_cipher_test_algo(algo); +} + +int +openpgp_pk_test_algo( int algo ) +{ + if( algo < 0 || algo > 110 ) + return GCRYERR_INV_ALGO; + return gcry_pk_test_algo(algo); +} + +int +openpgp_md_test_algo( int algo ) +{ + if( algo < 0 || algo > 110 ) + return GCRYERR_INV_ALGO; + return gcry_md_test_algo(algo); +} + diff --git a/g10/openfile.c b/g10/openfile.c index 4d16db500..4f73334b8 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -39,6 +39,14 @@ #define SKELEXT ".skel" #endif + +#ifdef HAVE_DRIVE_LETTERS + #define CMP_FILENAME(a,b) stricmp( (a), (b) ) +#else + #define CMP_FILENAME(a,b) strcmp( (a), (b) ) +#endif + + /* FIXME: Implement opt.interactive. */ /**************** @@ -70,6 +78,7 @@ overwrite_filep( const char *fname ) } + /**************** * Strip know extensions from iname and return a newly allocated * filename. Return NULL if we can't do that. @@ -82,13 +91,11 @@ make_outfile_name( const char *iname ) if( (!iname || (*iname=='-' && !iname[1]) )) return m_strdup("-"); - #ifdef HAVE_DRIVE_LETTERS - #warning add case insensitive compare - #endif n = strlen(iname); - if( n > 4 && ( !strcmp(iname+n-4,".gpg") - || !strcmp(iname+n-4,".sig") - || !strcmp(iname+n-4,".asc") ) ) { + if( n > 4 && ( !CMP_FILENAME(iname+n-4,".gpg") + || !CMP_FILENAME(iname+n-4,".pgp") + || !CMP_FILENAME(iname+n-4,".sig") + || !CMP_FILENAME(iname+n-4,".asc") ) ) { char *buf = m_strdup( iname ); buf[n-4] = 0; return buf; @@ -169,11 +176,33 @@ open_outfile( const char *iname, int mode, IOBUF *a ) name = opt.outfile; else { #ifdef USE_ONLY_8DOT3 - #warning please implement 8.3 files - #endif + /* It is quite common for DOS system to have only one dot in a + * a filename So if we have something like this, we simple + * replace the suffix execpt in cases where the suffix is + * larger than 3 characters and not the same as. + * We should really map the filenames to 8.3 but this tends to + * be more complicated and is probaly a duty of the filesystem + */ + char *dot; + const char *newsfx = mode==1 ? ".asc" : + mode==2 ? ".sig" : ".gpg"; + + buf = m_alloc(strlen(iname)+4+1); + strcpy(buf,iname); + dot = strchr(buf, '.' ); + if( dot && dot > buf && dot[1] && strlen(dot) <= 4 + && CMP_FILENAME(newsfx, dot) ) { + strcpy(dot, newsfx ); + } + else if( dot && !dot[1] ) /* don't duplicate a dot */ + strcat( dot, newsfx+1 ); + else + strcat( buf, newsfx ); + #else buf = m_alloc(strlen(iname)+4+1); strcpy(stpcpy(buf,iname), mode==1 ? ".asc" : mode==2 ? ".sig" : ".gpg"); + #endif name = buf; } @@ -204,9 +233,6 @@ open_sigfile( const char *iname ) IOBUF a = NULL; size_t len; - #ifdef USE_ONLY_8DOT3 - #warning please implement 8.3 files - #endif if( iname && !(*iname == '-' && !iname[1]) ) { len = strlen(iname); if( len > 4 && ( !strcmp(iname + len - 4, ".sig") diff --git a/g10/packet.h b/g10/packet.h index 50ea65b3f..f3f8cbd9d 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -281,7 +281,7 @@ const byte *parse_sig_subpkt2( PKT_signature *sig, /*-- build-packet.c --*/ int build_packet( IOBUF inp, PACKET *pkt ); u32 calc_packet_length( PACKET *pkt ); -void hash_public_key( MD_HANDLE md, PKT_public_key *pk ); +void hash_public_key( GCRY_MD_HD md, PKT_public_key *pk ); void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type, const byte *buffer, size_t buflen ); void build_sig_subpkt_from_sig( PKT_signature *sig ); @@ -313,7 +313,7 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b ); /*-- sig-check.c --*/ -int signature_check( PKT_signature *sig, MD_HANDLE digest ); +int signature_check( PKT_signature *sig, GCRY_MD_HD digest ); /*-- seckey-cert.c --*/ int is_secret_key_protected( PKT_secret_key *sk ); @@ -334,7 +334,7 @@ int encrypt_data( PKT_encrypted *ed, DEK *dek ); /*-- plaintext.c --*/ int handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, int nooutput, int clearsig ); -int ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2, +int ask_for_detached_datafile( GCRY_MD_HD md, GCRY_MD_HD md2, const char *inname, int textmode ); /*-- comment.c --*/ diff --git a/g10/passphrase.c b/g10/passphrase.c index 6026ff7f9..46527d8f5 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -159,14 +159,14 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo, tty_printf(_("\nYou need a passphrase to unlock the secret key for\n" "user: \"") ); p = get_user_id( keyid, &n ); - tty_print_string( p, n ); + tty_print_utf8_string( p, n ); m_free(p); tty_printf("\"\n"); if( !get_pubkey( pk, keyid ) ) { - const char *s = pubkey_algo_to_string( pk->pubkey_algo ); tty_printf( _("%u-bit %s key, ID %08lX, created %s"), - nbits_from_pk( pk ), s?s:"?", (ulong)keyid[1], + nbits_from_pk( pk ), + gcry_pk_algo_name( pk->pubkey_algo ), (ulong)keyid[1], strtimestamp(pk->timestamp) ); if( keyid[2] && keyid[3] && keyid[0] != keyid[2] && keyid[1] != keyid[3] ) @@ -229,22 +229,24 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo, static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create ) { - MD_HANDLE md; + GCRY_MD_HD md; int pass, i; int used = 0; int pwlen = strlen(pw); assert( s2k->hash_algo ); - dek->keylen = cipher_get_keylen( dek->algo ) / 8; + dek->keylen = gcry_cipher_get_algo_keylen( dek->algo ); if( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) ) BUG(); - md = md_open( s2k->hash_algo, 1); + if( !(md = gcry_md_open( s2k->hash_algo, GCRY_MD_FLAG_SECURE )) ) + BUG(); + for(pass=0; used < dek->keylen ; pass++ ) { if( pass ) { - md_reset(md); + gcry_md_reset(md); for(i=0; i < pass; i++ ) /* preset the hash context */ - md_putc(md, 0 ); + gcry_md_putc(md, 0 ); } if( s2k->mode == 1 || s2k->mode == 3 ) { @@ -264,28 +266,28 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create ) } /* a little bit complicated because we need a ulong for count */ while( count > len2 ) { /* maybe iterated+salted */ - md_write( md, s2k->salt, 8 ); - md_write( md, pw, pwlen ); + gcry_md_write( md, s2k->salt, 8 ); + gcry_md_write( md, pw, pwlen ); count -= len2; } if( count < 8 ) - md_write( md, s2k->salt, count ); + gcry_md_write( md, s2k->salt, count ); else { - md_write( md, s2k->salt, 8 ); + gcry_md_write( md, s2k->salt, 8 ); count -= 8; assert( count >= 0 ); - md_write( md, pw, count ); + gcry_md_write( md, pw, count ); } } else - md_write( md, pw, pwlen ); - md_final( md ); - i = md_digest_length( s2k->hash_algo ); + gcry_md_write( md, pw, pwlen ); + gcry_md_final( md ); + i = gcry_md_get_algo_dlen( s2k->hash_algo ); if( i > dek->keylen - used ) i = dek->keylen - used; - memcpy( dek->key+used, md_read(md, s2k->hash_algo), i ); + memcpy( dek->key+used, gcry_md_read(md, s2k->hash_algo), i ); used += i; } - md_close(md); + gcry_md_close(md); } diff --git a/g10/pkclist.c b/g10/pkclist.c index fab2f13a7..7559b1145 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -27,6 +27,7 @@ #include "options.h" #include "packet.h" +#include "main.h" #include "errors.h" #include "keydb.h" #include "memory.h" @@ -149,7 +150,7 @@ show_paths( ulong lid, int only_first ) putchar(' '); p = get_user_id( keyid, &n ); - tty_print_string( p, n ), + tty_print_utf8_string( p, n ), m_free(p); tty_printf("\"\n"); free_public_key( pk ); @@ -194,7 +195,7 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help ) for(;;) { /* a string with valid answers */ - char *ans = _("sSmMqQ"); + const char *ans = _("sSmMqQ"); if( !did_help ) { if( !mode ) { @@ -203,7 +204,7 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help ) nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), (ulong)keyid[1], datestr_from_pk( pk ) ); p = get_user_id( keyid, &n ); - tty_print_string( p, n ), + tty_print_utf8_string( p, n ), m_free(p); tty_printf("\"\n"); print_fpr( pk ); @@ -460,7 +461,7 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel ) nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), (ulong)keyid[1], datestr_from_pk( pk ) ); p = get_user_id( keyid, &n ); - tty_print_string( p, n ), + tty_print_utf8_string( p, n ), m_free(p); tty_printf("\"\n"); print_fpr( pk ); @@ -908,10 +909,10 @@ algo_available( int preftype, int algo ) if( preftype == PREFTYPE_SYM ) { if( algo == CIPHER_ALGO_TWOFISH ) return 0; /* we don't want to generate Twofish messages for now*/ - return algo && !check_cipher_algo( algo ); + return algo && !openpgp_cipher_test_algo( algo ); } else if( preftype == PREFTYPE_HASH ) { - return algo && !check_digest_algo( algo ); + return algo && !openpgp_md_test_algo( algo ); } else if( preftype == PREFTYPE_COMPR ) { return !algo || algo == 1 || algo == 2; diff --git a/g10/plaintext.c b/g10/plaintext.c index f8f4dcaf7..592455f12 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -106,7 +106,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, goto leave; } if( mfx->md ) - md_putc(mfx->md, c ); + gcry_md_putc(mfx->md, c ); if( c == '\r' ) continue; /* fixme: this hack might be too simple */ if( fp ) { @@ -132,7 +132,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, goto leave; } if( mfx->md ) - md_write( mfx->md, buffer, len ); + gcry_md_write( mfx->md, buffer, len ); if( fp ) { if( fwrite( buffer, 1, len, fp ) != len ) { log_error("Error writing to `%s': %s\n", @@ -151,7 +151,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, if( convert ) { /* text mode */ while( (c = iobuf_get(pt->buf)) != -1 ) { if( mfx->md ) - md_putc(mfx->md, c ); + gcry_md_putc(mfx->md, c ); if( convert && c == '\r' ) continue; /* fixme: this hack might be too simple */ if( fp ) { @@ -180,7 +180,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, if( len < 32768 ) eof = 1; if( mfx->md ) - md_write( mfx->md, buffer, len ); + gcry_md_write( mfx->md, buffer, len ); if( fp ) { if( fwrite( buffer, 1, len, fp ) != len ) { log_error("Error writing to `%s': %s\n", @@ -210,26 +210,26 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, if( !mfx->md ) continue; if( state == 2 ) { - md_putc(mfx->md, '\r' ); - md_putc(mfx->md, '\n' ); + gcry_md_putc(mfx->md, '\r' ); + gcry_md_putc(mfx->md, '\n' ); state = 0; } if( !state ) { if( c == '\r' ) state = 1; else - md_putc(mfx->md, c ); + gcry_md_putc(mfx->md, c ); } else if( state == 1 ) { if( c == '\n' ) state = 2; else { - md_putc(mfx->md, '\r' ); + gcry_md_putc(mfx->md, '\r' ); if( c == '\r' ) state = 1; else { state = 0; - md_putc(mfx->md, c ); + gcry_md_putc(mfx->md, c ); } } } @@ -253,7 +253,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, } static void -do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode ) +do_hash( GCRY_MD_HD md, GCRY_MD_HD md2, IOBUF fp, int textmode ) { text_filter_context_t tfx; int c; @@ -267,27 +267,27 @@ do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode ) int lc = -1; while( (c = iobuf_get(fp)) != -1 ) { if( c == '\n' && lc == '\r' ) - md_putc(md2, c); + gcry_md_putc(md2, c); else if( c == '\n' ) { - md_putc(md2, '\r'); - md_putc(md2, c); + gcry_md_putc(md2, '\r'); + gcry_md_putc(md2, c); } else if( c != '\n' && lc == '\r' ) { - md_putc(md2, '\n'); - md_putc(md2, c); + gcry_md_putc(md2, '\n'); + gcry_md_putc(md2, c); } else - md_putc(md2, c); + gcry_md_putc(md2, c); if( md ) - md_putc(md, c ); + gcry_md_putc(md, c ); lc = c; } } else { while( (c = iobuf_get(fp)) != -1 ) { if( md ) - md_putc(md, c ); + gcry_md_putc(md, c ); } } } @@ -298,7 +298,7 @@ do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode ) * INFILE is the name of the input file. */ int -ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2, +ask_for_detached_datafile( GCRY_MD_HD md, GCRY_MD_HD md2, const char *inname, int textmode ) { char *answer = NULL; @@ -308,7 +308,7 @@ ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2, fp = open_sigfile( inname ); /* open default file */ if( !fp && !opt.batch ) { int any=0; - tty_printf("Detached signature.\n"); + tty_printf(_("Detached signature.\n")); do { m_free(answer); answer = cpr_get("detached_signature.filename", @@ -353,7 +353,7 @@ ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2, * If FILES is NULL, hash stdin. */ int -hash_datafiles( MD_HANDLE md, MD_HANDLE md2, STRLIST files, +hash_datafiles( GCRY_MD_HD md, GCRY_MD_HD md2, STRLIST files, const char *sigfilename, int textmode ) { IOBUF fp; diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index af77a1e52..67bb50994 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -26,6 +26,7 @@ #include "util.h" #include "memory.h" #include "packet.h" +#include "main.h" #include "mpi.h" #include "keydb.h" #include "trustdb.h" @@ -150,12 +151,12 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) dek->algo = frame[n++]; if( dek->algo == CIPHER_ALGO_IDEA ) write_status(STATUS_RSA_OR_IDEA); - rc = check_cipher_algo( dek->algo ); + rc = openpgp_cipher_test_algo( dek->algo ); if( rc ) { dek->algo = 0; goto leave; } - if( (dek->keylen*8) != cipher_get_keylen( dek->algo ) ) { + if( dek->keylen != gcry_cipher_get_algo_keylen( dek->algo ) ) { rc = G10ERR_WRONG_SECKEY; goto leave; } diff --git a/g10/revoke.c b/g10/revoke.c index d93c7a462..64c9c764c 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -113,7 +113,7 @@ gen_revoke( const char *uname ) { size_t n; char *p = get_user_id( sk_keyid, &n ); - tty_print_string( p, n ); + tty_print_utf8_string( p, n ); m_free(p); tty_printf("\n"); } @@ -243,8 +243,8 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node, PKT_signature *sig ) ) { } tty_printf(_("user ID: \"")); - tty_print_string( unode->pkt->pkt.user_id->name, - unode->pkt->pkt.user_id->len, 0 ); + tty_print_utf8_string( unode->pkt->pkt.user_id->name, + unode->pkt->pkt.user_id->len, 0 ); tty_printf(_("\"\nsigned with your key %08lX at %s\n"), sig->keyid[1], datestr_from_sig(sig) ); diff --git a/g10/ringedit.c b/g10/ringedit.c index 04d6753de..7db1b0b6b 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -737,7 +737,9 @@ enum_keyblocks( int mode, KBPOS *kbpos, KBNODE *ret_root ) if( !mode || mode == 5 || mode == 100 ) { int i; + kbpos->fp = NULL; + kbpos->rt = rt_UNKNOWN; if( !mode ) { kbpos->secret = 0; i = 0; diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index a8fae04d6..c153782bf 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -23,12 +23,13 @@ #include <stdlib.h> #include <string.h> #include <assert.h> + +#include <gcrypt.h> #include "util.h" #include "memory.h" #include "packet.h" #include "mpi.h" #include "keydb.h" -#include "cipher.h" #include "main.h" #include "options.h" #include "i18n.h" @@ -46,12 +47,12 @@ do_check( PKT_secret_key *sk ) if( sk->is_protected ) { /* remove the protection */ DEK *dek = NULL; u32 keyid[4]; /* 4! because we need two of them */ - CIPHER_HANDLE cipher_hd=NULL; + GCRY_CIPHER_HD cipher_hd=NULL; PKT_secret_key *save_sk; - if( sk->protect.algo == CIPHER_ALGO_NONE ) + if( sk->protect.algo == GCRY_CIPHER_NONE ) BUG(); - if( check_cipher_algo( sk->protect.algo ) ) { + if( openpgp_cipher_test_algo( sk->protect.algo ) ) { log_info(_("protection algorithm %d is not supported\n"), sk->protect.algo ); return G10ERR_CIPHER_ALGO; @@ -66,12 +67,21 @@ do_check( PKT_secret_key *sk ) } dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo, &sk->protect.s2k, 0 ); - cipher_hd = cipher_open( sk->protect.algo, - CIPHER_MODE_AUTO_CFB, 1); - cipher_setkey( cipher_hd, dek->key, dek->keylen ); + if( !(cipher_hd = gcry_cipher_open( sk->protect.algo, + GCRY_CIPHER_MODE_CFB, + GCRY_CIPHER_SECURE + | (sk->protect.algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC) ) ) + ) { + BUG(); + } + + if( gcry_cipher_setkey( cipher_hd, dek->key, dek->keylen ) ) + log_fatal("set key failed: %s\n", gcry_strerror(-1) ); m_free(dek); save_sk = copy_secret_key( NULL, sk ); - cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); + if( gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen )) + log_fatal("set IV failed: %s\n", gcry_strerror(-1) ); csum = 0; if( sk->version >= 4 ) { int ndata; @@ -81,7 +91,7 @@ do_check( PKT_secret_key *sk ) assert( mpi_is_opaque( sk->skey[i] ) ); p = mpi_get_opaque( sk->skey[i], &ndata ); data = m_alloc_secure( ndata ); - cipher_decrypt( cipher_hd, data, p, ndata ); + gcry_cipher_decrypt( cipher_hd, data, ndata, p, ndata ); mpi_free( sk->skey[i] ); sk->skey[i] = NULL ; p = data; if( ndata < 2 ) { @@ -109,9 +119,9 @@ do_check( PKT_secret_key *sk ) for(i=pubkey_get_npkey(sk->pubkey_algo); i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL ); - cipher_sync( cipher_hd ); + gcry_cipher_sync( cipher_hd ); assert( mpi_is_protected(sk->skey[i]) ); - cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); + gcry_cipher_decrypt( cipher_hd, buffer, nbytes, NULL, 0 ); mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 ); mpi_clear_protect_flag( sk->skey[i] ); csum += checksum_mpi( sk->skey[i] ); @@ -121,7 +131,7 @@ do_check( PKT_secret_key *sk ) csum = sk->csum; } } - cipher_close( cipher_hd ); + gcry_cipher_close( cipher_hd ); /* now let's see whether we have used the right passphrase */ if( csum != sk->csum ) { copy_secret_key( sk, save_sk ); @@ -215,23 +225,41 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) return 0; if( !sk->is_protected ) { /* okay, apply the protection */ - CIPHER_HANDLE cipher_hd=NULL; + GCRY_CIPHER_HD cipher_hd=NULL; - if( check_cipher_algo( sk->protect.algo ) ) + if( openpgp_cipher_test_algo( sk->protect.algo ) ) rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ else { print_cipher_algo_note( sk->protect.algo ); - cipher_hd = cipher_open( sk->protect.algo, - CIPHER_MODE_AUTO_CFB, 1 ); - if( cipher_setkey( cipher_hd, dek->key, dek->keylen ) ) + if( !(cipher_hd = gcry_cipher_open( sk->protect.algo, + GCRY_CIPHER_MODE_CFB, + GCRY_CIPHER_SECURE + | (sk->protect.algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC) )) + ) { + BUG(); + } + + + rc = gcry_cipher_setkey( cipher_hd, dek->key, dek->keylen ); + if( rc == GCRYERR_WEAK_KEY ) { log_info(_("WARNING: Weak key detected" " - please change passphrase again.\n")); - sk->protect.ivlen = cipher_get_blocksize( sk->protect.algo ); + rc = 0; + } + else if( rc ) + BUG(); + + /* set the IV length */ + { int blocksize = gcry_cipher_get_algo_blklen( sk->protect.algo ); + if( blocksize != 8 && blocksize != 16 ) + log_fatal("unsupported blocksize %d\n", blocksize ); + sk->protect.ivlen = blocksize; + } + assert( sk->protect.ivlen <= DIM(sk->protect.iv) ); - if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 ) - BUG(); /* yes, we are very careful */ randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1); - cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); + gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); if( sk->version >= 4 ) { #define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY) byte *bufarr[NMPIS]; @@ -267,7 +295,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) *p++ = csum >> 8; *p++ = csum; assert( p == data+ndata ); - cipher_encrypt( cipher_hd, data, data, ndata ); + gcry_cipher_encrypt( cipher_hd, data, ndata, NULL, 0 ); for(i = pubkey_get_npkey(sk->pubkey_algo); i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { mpi_free( sk->skey[i] ); @@ -284,9 +312,9 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { csum += checksum_mpi_counted_nbits( sk->skey[i] ); buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL ); - cipher_sync( cipher_hd ); + gcry_cipher_sync( cipher_hd ); assert( !mpi_is_protected(sk->skey[i]) ); - cipher_encrypt( cipher_hd, buffer, buffer, nbytes ); + gcry_cipher_encrypt( cipher_hd, buffer, nbytes, NULL, 0 ); mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 ); mpi_set_protect_flag( sk->skey[i] ); m_free( buffer ); @@ -294,7 +322,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) sk->csum = csum; } sk->is_protected = 1; - cipher_close( cipher_hd ); + gcry_cipher_close( cipher_hd ); } } return rc; diff --git a/g10/seskey.c b/g10/seskey.c index bb158abc0..db8f6c62c 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -23,6 +23,8 @@ #include <stdlib.h> #include <string.h> #include <assert.h> + +#include <gcrypt.h> #include "util.h" #include "cipher.h" #include "mpi.h" @@ -36,19 +38,28 @@ void make_session_key( DEK *dek ) { - CIPHER_HANDLE chd; + GCRY_CIPHER_HD chd; int i, rc; - dek->keylen = cipher_get_keylen( dek->algo ) / 8; + dek->keylen = gcry_cipher_get_algo_keylen( dek->algo ); + + if( !(chd = gcry_cipher_open( dek->algo, GCRY_CIPHER_MODE_CFB, + GCRY_CIPHER_SECURE + | (dek->algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC) )) + ) { + BUG(); + } - chd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); randomize_buffer( dek->key, dek->keylen, 1 ); for(i=0; i < 16; i++ ) { - rc = cipher_setkey( chd, dek->key, dek->keylen ); + rc = gcry_cipher_setkey( chd, dek->key, dek->keylen ); if( !rc ) { - cipher_close( chd ); + gcry_cipher_close( chd ); return; } + if( rc != GCRYERR_WEAK_KEY ) + BUG(); log_info(_("weak key created - retrying\n") ); /* Renew the session key until we get a non-weak key. */ randomize_buffer( dek->key, dek->keylen, 1 ); @@ -141,8 +152,8 @@ encode_session_key( DEK *dek, unsigned nbits ) static MPI -do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits, - const byte *asn, size_t asnlen ) +do_encode_md( GCRY_MD_HD md, int algo, size_t len, unsigned nbits, + const byte *asn, size_t asnlen ) { int nframe = (nbits+7) / 8; byte *frame; @@ -159,7 +170,8 @@ do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits, * * PAD consists of FF bytes. */ - frame = md_is_secure(md)? m_alloc_secure( nframe ) : m_alloc( nframe ); + frame = gcry_md_is_secure(md)? m_alloc_secure( nframe ) + : m_alloc( nframe ); n = 0; frame[n++] = 0; frame[n++] = algo; @@ -168,9 +180,9 @@ do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits, memset( frame+n, 0xff, i ); n += i; frame[n++] = 0; memcpy( frame+n, asn, asnlen ); n += asnlen; - memcpy( frame+n, md_read(md, algo), len ); n += len; + memcpy( frame+n, gcry_md_read(md, algo), len ); n += len; assert( n == nframe ); - a = md_is_secure(md)? + a = gcry_md_is_secure(md)? mpi_alloc_secure( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ) : mpi_alloc( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ); mpi_set_buffer( a, frame, nframe, 0 ); @@ -180,24 +192,33 @@ do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits, MPI -encode_md_value( int pubkey_algo, MD_HANDLE md, int hash_algo, unsigned nbits ) +encode_md_value( int pubkey_algo, GCRY_MD_HD md, int hash_algo, unsigned nbits ) { - int algo = hash_algo? hash_algo : md_get_algo(md); - const byte *asn; - size_t asnlen, mdlen; + int algo = hash_algo? hash_algo : gcry_md_get_algo(md); MPI frame; if( pubkey_algo == PUBKEY_ALGO_DSA ) { - frame = md_is_secure(md)? mpi_alloc_secure((md_digest_length(hash_algo) + frame = gcry_md_is_secure(md)? mpi_alloc_secure( + (gcry_md_get_algo_dlen(hash_algo) +BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ) - : mpi_alloc((md_digest_length(hash_algo) + : mpi_alloc((gcry_md_get_algo_dlen(hash_algo) +BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ); - mpi_set_buffer( frame, md_read(md, hash_algo), - md_digest_length(hash_algo), 0 ); + mpi_set_buffer( frame, gcry_md_read(md, hash_algo), + gcry_md_get_algo_dlen(hash_algo), 0 ); } else { - asn = md_asn_oid( algo, &asnlen, &mdlen ); - frame = do_encode_md( md, algo, mdlen, nbits, asn, asnlen ); + byte *asn; + size_t asnlen; + + if( gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, NULL, &asnlen ) ) + log_fatal("can't get OID of algo %d: %s\n", + algo, gcry_strerror(-1)); + asn = m_alloc( asnlen ); + if( gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, asn, &asnlen ) ) + BUG(); + frame = do_encode_md( md, algo, gcry_md_get_algo_dlen( algo ), + nbits, asn, asnlen ); + m_free( asn ); } return frame; } diff --git a/g10/sig-check.c b/g10/sig-check.c index 773eff7ca..972c8778d 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -23,42 +23,43 @@ #include <stdlib.h> #include <string.h> #include <assert.h> + +#include <gcrypt.h> #include "util.h" #include "packet.h" #include "memory.h" #include "mpi.h" #include "keydb.h" -#include "cipher.h" #include "main.h" #include "status.h" #include "i18n.h" struct cmp_help_context_s { PKT_signature *sig; - MD_HANDLE md; + GCRY_MD_HD md; }; -static int do_signature_check( PKT_signature *sig, MD_HANDLE digest, +static int do_signature_check( PKT_signature *sig, GCRY_MD_HD digest, u32 *r_expire ); static int do_check( PKT_public_key *pk, PKT_signature *sig, - MD_HANDLE digest ); + GCRY_MD_HD digest ); /**************** * Check the signature which is contained in SIG. - * The MD_HANDLE should be currently open, so that this function + * The GCRY_MD_HD should be currently open, so that this function * is able to append some data, before finalizing the digest. */ int -signature_check( PKT_signature *sig, MD_HANDLE digest ) +signature_check( PKT_signature *sig, GCRY_MD_HD digest ) { u32 dummy; return do_signature_check( sig, digest, &dummy ); } static int -do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire ) +do_signature_check( PKT_signature *sig, GCRY_MD_HD digest, u32 *r_expire ) { PKT_public_key *pk = m_alloc_clear( sizeof *pk ); int rc=0; @@ -84,36 +85,37 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire ) * not possible to sign more than one identical document within * one second. Some remote bacth processing applications might * like this feature here */ - MD_HANDLE md; + GCRY_MD_HD md; u32 a = sig->timestamp; int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); byte *p, *buffer; - md = md_open( DIGEST_ALGO_RMD160, 0); - md_putc( digest, sig->pubkey_algo ); - md_putc( digest, sig->digest_algo ); - md_putc( digest, (a >> 24) & 0xff ); - md_putc( digest, (a >> 16) & 0xff ); - md_putc( digest, (a >> 8) & 0xff ); - md_putc( digest, a & 0xff ); + if( !(md = gcry_md_open( DIGEST_ALGO_RMD160, 0)) ) + BUG(); + gcry_md_putc( digest, sig->pubkey_algo ); + gcry_md_putc( digest, sig->digest_algo ); + gcry_md_putc( digest, (a >> 24) & 0xff ); + gcry_md_putc( digest, (a >> 16) & 0xff ); + gcry_md_putc( digest, (a >> 8) & 0xff ); + gcry_md_putc( digest, a & 0xff ); for(i=0; i < nsig; i++ ) { unsigned n = mpi_get_nbits( sig->data[i]); - md_putc( md, n>>8); - md_putc( md, n ); + gcry_md_putc( md, n>>8); + gcry_md_putc( md, n ); p = mpi_get_buffer( sig->data[i], &n, NULL ); - md_write( md, p, n ); + gcry_md_write( md, p, n ); m_free(p); } - md_final( md ); - p = make_radix64_string( md_read( md, 0 ), 20 ); + gcry_md_final( md ); + p = make_radix64_string( gcry_md_read( md, 0 ), 20 ); buffer = m_alloc( strlen(p) + 60 ); sprintf( buffer, "%s %s %lu", p, strtimestamp( sig->timestamp ), (ulong)sig->timestamp ); write_status_text( STATUS_SIG_ID, buffer ); m_free(buffer); m_free(p); - md_close(md); + gcry_md_close(md); } return rc; @@ -123,11 +125,11 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire ) #if 0 /* not anymore used */ /**************** * Check the MDC which is contained in SIG. - * The MD_HANDLE should be currently open, so that this function + * The GCRY_MD_HD should be currently open, so that this function * is able to append some data, before finalizing the digest. */ int -mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest ) +mdc_kludge_check( PKT_signature *sig, GCRY_MD_HD digest ) { int rc=0; @@ -139,23 +141,23 @@ mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest ) /* complete the digest */ if( sig->version >= 4 ) - md_putc( digest, sig->version ); - md_putc( digest, sig->sig_class ); + gcry_md_putc( digest, sig->version ); + gcry_md_putc( digest, sig->sig_class ); if( sig->version < 4 ) { u32 a = sig->timestamp; - md_putc( digest, (a >> 24) & 0xff ); - md_putc( digest, (a >> 16) & 0xff ); - md_putc( digest, (a >> 8) & 0xff ); - md_putc( digest, a & 0xff ); + gcry_md_putc( digest, (a >> 24) & 0xff ); + gcry_md_putc( digest, (a >> 16) & 0xff ); + gcry_md_putc( digest, (a >> 8) & 0xff ); + gcry_md_putc( digest, a & 0xff ); } else { byte buf[6]; size_t n; - md_putc( digest, sig->pubkey_algo ); - md_putc( digest, sig->digest_algo ); + gcry_md_putc( digest, sig->pubkey_algo ); + gcry_md_putc( digest, sig->digest_algo ); if( sig->hashed_data ) { n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; - md_write( digest, sig->hashed_data, n+2 ); + gcry_md_write( digest, sig->hashed_data, n+2 ); n += 6; } else @@ -167,7 +169,7 @@ mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest ) buf[3] = n >> 16; buf[4] = n >> 8; buf[5] = n; - md_write( digest, buf, 6 ); + gcry_md_write( digest, buf, 6 ); } md_final( digest ); @@ -221,7 +223,7 @@ cmp_help( void *opaque, MPI result ) size_t mdlen, asnlen; struct cmp_help_context_s *ctx = opaque; PKT_signature *sig = ctx->sig; - MD_HANDLE digest = ctx->md; + GCRY_MD_HD digest = ctx->md; old_enc = 0; for(i=j=0; (c=mpi_getbyte(result, i)) != -1; i++ ) { @@ -284,7 +286,7 @@ cmp_help( void *opaque, MPI result ) static int -do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) +do_check( PKT_public_key *pk, PKT_signature *sig, GCRY_MD_HD digest ) { MPI result = NULL; int rc=0; @@ -323,33 +325,33 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) } - if( (rc=check_digest_algo(sig->digest_algo)) ) + if( (rc=openpgp_md_test_algo(sig->digest_algo)) ) return rc; - if( (rc=check_pubkey_algo(sig->pubkey_algo)) ) + if( (rc=openpgp_pk_test_algo(sig->pubkey_algo)) ) return rc; /* make sure the digest algo is enabled (in case of a detached signature)*/ - md_enable( digest, sig->digest_algo ); + gcry_md_enable( digest, sig->digest_algo ); /* complete the digest */ if( sig->version >= 4 ) - md_putc( digest, sig->version ); - md_putc( digest, sig->sig_class ); + gcry_md_putc( digest, sig->version ); + gcry_md_putc( digest, sig->sig_class ); if( sig->version < 4 ) { u32 a = sig->timestamp; - md_putc( digest, (a >> 24) & 0xff ); - md_putc( digest, (a >> 16) & 0xff ); - md_putc( digest, (a >> 8) & 0xff ); - md_putc( digest, a & 0xff ); + gcry_md_putc( digest, (a >> 24) & 0xff ); + gcry_md_putc( digest, (a >> 16) & 0xff ); + gcry_md_putc( digest, (a >> 8) & 0xff ); + gcry_md_putc( digest, a & 0xff ); } else { byte buf[6]; size_t n; - md_putc( digest, sig->pubkey_algo ); - md_putc( digest, sig->digest_algo ); + gcry_md_putc( digest, sig->pubkey_algo ); + gcry_md_putc( digest, sig->digest_algo ); if( sig->hashed_data ) { n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; - md_write( digest, sig->hashed_data, n+2 ); + gcry_md_write( digest, sig->hashed_data, n+2 ); n += 6; } else @@ -361,9 +363,9 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) buf[3] = n >> 16; buf[4] = n >> 8; buf[5] = n; - md_write( digest, buf, 6 ); + gcry_md_write( digest, buf, 6 ); } - md_final( digest ); + gcry_md_final( digest ); result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo, mpi_get_nbits(pk->pkey[0])); @@ -385,7 +387,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) static void -hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig ) +hash_uid_node( KBNODE unode, GCRY_MD_HD md, PKT_signature *sig ) { PKT_user_id *uid = unode->pkt->pkt.user_id; @@ -397,9 +399,9 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig ) buf[2] = uid->len >> 16; buf[3] = uid->len >> 8; buf[4] = uid->len; - md_write( md, buf, 5 ); + gcry_md_write( md, buf, 5 ); } - md_write( md, uid->name, uid->len ); + gcry_md_write( md, uid->name, uid->len ); } /**************** @@ -417,7 +419,7 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) int check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) { - MD_HANDLE md; + GCRY_MD_HD md; PKT_public_key *pk; PKT_signature *sig; int algo; @@ -439,24 +441,26 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) sig->flags.valid? "good":"bad" ); #endif - if( (rc=check_digest_algo(algo)) ) + if( (rc=openpgp_md_test_algo(algo)) ) return rc; if( sig->sig_class == 0x20 ) { - md = md_open( algo, 0 ); + if( !(md = gcry_md_open( algo, 0 )) ) + BUG(); hash_public_key( md, pk ); rc = do_check( pk, sig, md ); - md_close(md); + gcry_md_close(md); } else if( sig->sig_class == 0x28 ) { /* subkey revocation */ KBNODE snode = find_prev_kbnode( root, node, PKT_PUBLIC_SUBKEY ); if( snode ) { - md = md_open( algo, 0 ); + if( !(md = gcry_md_open( algo, 0 )) ) + BUG(); hash_public_key( md, pk ); hash_public_key( md, snode->pkt->pkt.public_key ); rc = do_check( pk, sig, md ); - md_close(md); + gcry_md_close(md); } else { log_error("no subkey for subkey revocation packet\n"); @@ -474,11 +478,12 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) *is_selfsig = 1; } - md = md_open( algo, 0 ); + if( !(md = gcry_md_open( algo, 0 )) ) + BUG(); hash_public_key( md, pk ); hash_public_key( md, snode->pkt->pkt.public_key ); rc = do_check( pk, sig, md ); - md_close(md); + gcry_md_close(md); } else { log_error("no subkey for key signature packet\n"); @@ -492,7 +497,8 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) u32 keyid[2]; keyid_from_pk( pk, keyid ); - md = md_open( algo, 0 ); + if( !(md = gcry_md_open( algo, 0 )) ) + BUG(); hash_public_key( md, pk ); hash_uid_node( unode, md, sig ); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { @@ -502,7 +508,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) } else rc = do_signature_check( sig, md, r_expire ); - md_close(md); + gcry_md_close(md); } else { log_error("no user ID for key signature packet\n"); diff --git a/g10/sign.c b/g10/sign.c index eb53794dc..1f577bef2 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -25,6 +25,7 @@ #include <errno.h> #include <assert.h> +#include <gcrypt.h> #include "options.h" #include "packet.h" #include "errors.h" @@ -94,7 +95,7 @@ mk_notation_and_policy( PKT_signature *sig ) static int do_sign( PKT_secret_key *sk, PKT_signature *sig, - MD_HANDLE md, int digest_algo ) + GCRY_MD_HD md, int digest_algo ) { MPI frame; byte *dp; @@ -113,10 +114,10 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, print_pubkey_algo_note(sk->pubkey_algo); if( !digest_algo ) - digest_algo = md_get_algo(md); + digest_algo = gcry_md_get_algo(md); print_digest_algo_note( digest_algo ); - dp = md_read( md, digest_algo ); + dp = gcry_md_read( md, digest_algo ); sig->digest_algo = digest_algo; sig->digest_start[0] = dp[0]; sig->digest_start[1] = dp[1]; @@ -130,7 +131,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, if( opt.verbose ) { char *ustr = get_user_id_string( sig->keyid ); log_info(_("%s signature from: %s\n"), - pubkey_algo_to_string(sk->pubkey_algo), ustr ); + gcry_pk_algo_name(sk->pubkey_algo), ustr ); m_free(ustr); } } @@ -140,7 +141,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, int -complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md ) +complete_sig( PKT_signature *sig, PKT_secret_key *sk, GCRY_MD_HD md ) { int rc=0; @@ -273,11 +274,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, /* prepare to calculate the MD over the input */ if( opt.textmode && !outfile ) iobuf_push_filter( inp, text_filter, &tfx ); - mfx.md = md_open(0, 0); + if( !(mfx.md = gcry_md_open(0, 0))) + BUG(); for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - md_enable(mfx.md, hash_for(sk->pubkey_algo)); + gcry_md_enable(mfx.md, hash_for(sk->pubkey_algo)); } if( !multifile ) @@ -448,7 +450,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk; PKT_signature *sig; - MD_HANDLE md; + GCRY_MD_HD md; sk = sk_rover->sk; @@ -462,37 +464,37 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, sig->timestamp = make_timestamp(); sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00; - md = md_copy( mfx.md ); + md = gcry_md_copy( mfx.md ); if( sig->version >= 4 ) { build_sig_subpkt_from_sig( sig ); - md_putc( md, sig->version ); + gcry_md_putc( md, sig->version ); } mk_notation_and_policy( sig ); - md_putc( md, sig->sig_class ); + gcry_md_putc( md, sig->sig_class ); if( sig->version < 4 ) { u32 a = sig->timestamp; - md_putc( md, (a >> 24) & 0xff ); - md_putc( md, (a >> 16) & 0xff ); - md_putc( md, (a >> 8) & 0xff ); - md_putc( md, a & 0xff ); + gcry_md_putc( md, (a >> 24) & 0xff ); + gcry_md_putc( md, (a >> 16) & 0xff ); + gcry_md_putc( md, (a >> 8) & 0xff ); + gcry_md_putc( md, a & 0xff ); } else { byte buf[6]; size_t n; - md_putc( md, sig->pubkey_algo ); - md_putc( md, sig->digest_algo ); + gcry_md_putc( md, sig->pubkey_algo ); + gcry_md_putc( md, sig->digest_algo ); if( sig->hashed_data ) { n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; - md_write( md, sig->hashed_data, n+2 ); + gcry_md_write( md, sig->hashed_data, n+2 ); n += 6; } else { - md_putc( md, 0 ); /* always hash the length of the subpacket*/ - md_putc( md, 0 ); + gcry_md_putc( md, 0 ); /* always hash the length of the subpacket*/ + gcry_md_putc( md, 0 ); n = 6; } /* add some magic */ @@ -502,13 +504,13 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, buf[3] = n >> 16; buf[4] = n >> 8; buf[5] = n; - md_write( md, buf, 6 ); + gcry_md_write( md, buf, 6 ); } - md_final( md ); + gcry_md_final( md ); rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) ); - md_close( md ); + gcry_md_close( md ); if( !rc ) { /* and write it */ init_packet(&pkt); @@ -530,7 +532,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, else iobuf_close(out); iobuf_close(inp); - md_close( mfx.md ); + gcry_md_close( mfx.md ); release_sk_list( sk_list ); release_pk_list( pk_list ); return rc; @@ -545,7 +547,7 @@ int clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) { armor_filter_context_t afx; - MD_HANDLE textmd = NULL; + GCRY_MD_HD textmd = NULL; IOBUF inp = NULL, out = NULL; PACKET pkt; int rc = 0; @@ -594,21 +596,26 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) } } - if( old_style || only_md5 ) + if( old_style && only_md5 ) iobuf_writestr(out, "\n" ); else { - const char *s; int any = 0; + byte hashs_seen[256]; + memset( hashs_seen, 0, sizeof hashs_seen ); iobuf_writestr(out, "Hash: " ); for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - s = digest_algo_to_string( hash_for(sk->pubkey_algo) ); - if( s ) { - if( any ) - iobuf_put(out, ',' ); - iobuf_writestr(out, s ); - any = 1; + int i = hash_for(sk->pubkey_algo); + + if( !hashs_seen[ i & 0xff ] ) { + if( !openpgp_md_test_algo( i ) ) { + hashs_seen[ i & 0xff ] = 1; + if( any ) + iobuf_put(out, ',' ); + iobuf_writestr(out, gcry_md_algo_name( i ) ); + any = 1; + } } } assert(any); @@ -620,10 +627,11 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) } - textmd = md_open(0, 0); + if( !(textmd = gcry_md_open(0, 0)) ) + BUG(); for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - md_enable(textmd, hash_for(sk->pubkey_algo)); + gcry_md_enable(textmd, hash_for(sk->pubkey_algo)); } /*md_start_debug( textmd, "sign" );*/ copy_clearsig_text( out, inp, textmd, @@ -638,7 +646,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk; PKT_signature *sig; - MD_HANDLE md; + GCRY_MD_HD md; sk = sk_rover->sk; @@ -652,36 +660,36 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) sig->timestamp = make_timestamp(); sig->sig_class = 0x01; - md = md_copy( textmd ); + md = gcry_md_copy( textmd ); if( sig->version >= 4 ) { build_sig_subpkt_from_sig( sig ); - md_putc( md, sig->version ); + gcry_md_putc( md, sig->version ); } mk_notation_and_policy( sig ); - md_putc( md, sig->sig_class ); + gcry_md_putc( md, sig->sig_class ); if( sig->version < 4 ) { u32 a = sig->timestamp; - md_putc( md, (a >> 24) & 0xff ); - md_putc( md, (a >> 16) & 0xff ); - md_putc( md, (a >> 8) & 0xff ); - md_putc( md, a & 0xff ); + gcry_md_putc( md, (a >> 24) & 0xff ); + gcry_md_putc( md, (a >> 16) & 0xff ); + gcry_md_putc( md, (a >> 8) & 0xff ); + gcry_md_putc( md, a & 0xff ); } else { byte buf[6]; size_t n; - md_putc( md, sig->pubkey_algo ); - md_putc( md, sig->digest_algo ); + gcry_md_putc( md, sig->pubkey_algo ); + gcry_md_putc( md, sig->digest_algo ); if( sig->hashed_data ) { n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; - md_write( md, sig->hashed_data, n+2 ); + gcry_md_write( md, sig->hashed_data, n+2 ); n += 6; } else { - md_putc( md, 0 ); /* always hash the length of the subpacket*/ - md_putc( md, 0 ); + gcry_md_putc( md, 0 ); /* always hash the length of the subpacket*/ + gcry_md_putc( md, 0 ); n = 6; } /* add some magic */ @@ -691,13 +699,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) buf[3] = n >> 16; buf[4] = n >> 8; buf[5] = n; - md_write( md, buf, 6 ); + gcry_md_write( md, buf, 6 ); } - md_final( md ); + gcry_md_final( md ); rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) ); - md_close( md ); + gcry_md_close( md ); if( !rc ) { /* and write it */ init_packet(&pkt); @@ -719,7 +727,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) else iobuf_close(out); iobuf_close(inp); - md_close( textmd ); + gcry_md_close( textmd ); release_sk_list( sk_list ); return rc; } @@ -741,7 +749,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, { PKT_signature *sig; int rc=0; - MD_HANDLE md; + GCRY_MD_HD md; assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x20 || sigclass == 0x18 @@ -754,7 +762,8 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, default: digest_algo = DIGEST_ALGO_RMD160; break; } } - md = md_open( digest_algo, 0 ); + if( !(md = gcry_md_open( digest_algo, 0 ))) + BUG(); /* hash the public key certificate and the user id */ hash_public_key( md, pk ); @@ -769,9 +778,9 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, buf[2] = uid->len >> 16; buf[3] = uid->len >> 8; buf[4] = uid->len; - md_write( md, buf, 5 ); + gcry_md_write( md, buf, 5 ); } - md_write( md, uid->name, uid->len ); + gcry_md_write( md, uid->name, uid->len ); } /* and make the signature packet */ sig = m_alloc_clear( sizeof *sig ); @@ -790,29 +799,29 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, if( !rc ) { mk_notation_and_policy( sig ); if( sig->version >= 4 ) - md_putc( md, sig->version ); - md_putc( md, sig->sig_class ); + gcry_md_putc( md, sig->version ); + gcry_md_putc( md, sig->sig_class ); if( sig->version < 4 ) { u32 a = sig->timestamp; - md_putc( md, (a >> 24) & 0xff ); - md_putc( md, (a >> 16) & 0xff ); - md_putc( md, (a >> 8) & 0xff ); - md_putc( md, a & 0xff ); + gcry_md_putc( md, (a >> 24) & 0xff ); + gcry_md_putc( md, (a >> 16) & 0xff ); + gcry_md_putc( md, (a >> 8) & 0xff ); + gcry_md_putc( md, a & 0xff ); } else { byte buf[6]; size_t n; - md_putc( md, sig->pubkey_algo ); - md_putc( md, sig->digest_algo ); + gcry_md_putc( md, sig->pubkey_algo ); + gcry_md_putc( md, sig->digest_algo ); if( sig->hashed_data ) { n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; - md_write( md, sig->hashed_data, n+2 ); + gcry_md_write( md, sig->hashed_data, n+2 ); n += 6; } else { - md_putc( md, 0 ); /* always hash the length of the subpacket*/ - md_putc( md, 0 ); + gcry_md_putc( md, 0 ); /* always hash the length of the subpacket*/ + gcry_md_putc( md, 0 ); n = 6; } /* add some magic */ @@ -822,15 +831,15 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, buf[3] = n >> 16; buf[4] = n >> 8; buf[5] = n; - md_write( md, buf, 6 ); + gcry_md_write( md, buf, 6 ); } - md_final(md); + gcry_md_final(md); rc = complete_sig( sig, sk, md ); } - md_close( md ); + gcry_md_close( md ); if( rc ) free_seckey_enc( sig ); else diff --git a/g10/textfilter.c b/g10/textfilter.c index 3125925b6..3588156ad 100644 --- a/g10/textfilter.c +++ b/g10/textfilter.c @@ -25,6 +25,7 @@ #include <errno.h> #include <assert.h> +#include <gcrypt.h> #include "errors.h" #include "iobuf.h" #include "memory.h" @@ -141,7 +142,7 @@ text_filter( void *opaque, int control, * md is updated as required by rfc2440 */ int -copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md, +copy_clearsig_text( IOBUF out, IOBUF inp, GCRY_MD_HD md, int escape_dash, int escape_from, int pgp2mode ) { unsigned maxlen; @@ -166,15 +167,15 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md, /* update the message digest */ if( escape_dash ) { if( pending_lf ) { - md_putc( md, '\r' ); - md_putc( md, '\n' ); + gcry_md_putc( md, '\r' ); + gcry_md_putc( md, '\n' ); } - md_write( md, buffer, + gcry_md_write( md, buffer, len_without_trailing_chars( buffer, n, pgp2mode? " \r\n":" \t\r\n")); } else - md_write( md, buffer, n ); + gcry_md_write( md, buffer, n ); pending_lf = buffer[n-1] == '\n'; /* write the output */ @@ -190,7 +191,7 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md, if( !pending_lf ) { /* make sure that the file ends with a LF */ iobuf_put( out, '\n'); if( !escape_dash ) - md_putc( md, '\n' ); + gcry_md_putc( md, '\n' ); } if( truncated ) diff --git a/g10/trustdb.c b/g10/trustdb.c index 96b77a4ef..830316931 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -586,13 +586,13 @@ print_user_id( FILE *fp, const char *text, u32 *keyid ) p = get_user_id( keyid, &n ); if( fp ) { fprintf( fp, "%s \"", text ); - print_string( fp, p, n, 0 ); + print_utf8_string( fp, p, n ); putc('\"', fp); putc('\n', fp); } else { tty_printf( "%s \"", text ); - tty_print_string( p, n ); + tty_print_utf8_string( p, n ); tty_printf( "\"\n" ); } m_free(p); @@ -652,7 +652,7 @@ print_path( int pathlen, TN ME .........., FILE *fp, ulong highlight ) p = get_user_id( keyid, &n ); putc(' ', fp); putc('\"', fp); - print_string( fp, p, n > 40? 40:n, 0 ); + print_utf8_string( fp, p, n > 40? 40:n, 0 ); putc('\"', fp); m_free(p); putc('\n', fp ); @@ -1000,7 +1000,7 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid, (ulong)mainkid[1], lid ); assert(keynode->pkt->pkttype == PKT_USER_ID ); uid = keynode->pkt->pkt.user_id; - print_string( log_stream(), uid->name, uid->len, '\"' ); + print_utf8_string( log_stream(), uid->name, uid->len ); fputs("\"\n", log_stream()); } |