diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 19 | ||||
| -rw-r--r-- | g10/encr-data.c | 6 | ||||
| -rw-r--r-- | g10/import.c | 2 | ||||
| -rw-r--r-- | g10/keyedit.c | 6 | ||||
| -rw-r--r-- | g10/plaintext.c | 4 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 5 | ||||
| -rw-r--r-- | g10/seskey.c | 20 | ||||
| -rw-r--r-- | g10/status.c | 32 | ||||
| -rw-r--r-- | g10/trustdb.c | 61 | ||||
| -rw-r--r-- | g10/trustdb.h | 1 |
10 files changed, 142 insertions, 14 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index f2406eac6..a6c769728 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,22 @@ +Mon Sep 14 11:40:52 1998 Werner Koch (wk@(none)) + + * seskey.c (make_session_key): Now detects weak keys. + + * trustdb (clear_trust_checked_flag): New. + + * plaintext.c (handle_plaintext): Does no anymore suppress CR from + cleartext signed messages. + +Sun Sep 13 12:54:29 1998 Werner Koch (wk@(none)) + + * trustdb.c (insert_trust_record): Fixed a stupid bug in the free + liunked list loops. + +Sat Sep 12 15:49:16 1998 Werner Koch (wk@(none)) + + * status.c (remove_shmid): New. + (init_shm_comprocess): Now sets permission to the real uid. + Wed Sep 9 11:15:03 1998 Werner Koch (wk@(none)) * packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to diff --git a/g10/encr-data.c b/g10/encr-data.c index b5eb0e0ee..03551be7b 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -29,6 +29,7 @@ #include "mpi.h" #include "cipher.h" #include "options.h" +#include "i18n.h" static int decode_filter( void *opaque, int control, IOBUF a, @@ -68,7 +69,10 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) log_bug("Nanu\n"); /* oops: found a bug */ dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); - cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); + if( cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ) ) + log_info(_("Warning: Message was encrypted with " + "a weak key in the symmetric cipher.\n")); + cipher_setiv( dfx.cipher_hd, NULL ); if( ed->len ) { diff --git a/g10/import.c b/g10/import.c index 73e04cb3d..7ef916d27 100644 --- a/g10/import.c +++ b/g10/import.c @@ -394,6 +394,8 @@ import_one( const char *fname, KBNODE keyblock ) log_error("key %08lX: trustdb insert failed: %s\n", (ulong)keyid[1], g10_errstr(rc) ); } + else + rc = clear_trust_checked_flag( new_key? pk : pk_orig ); } leave: diff --git a/g10/keyedit.c b/g10/keyedit.c index c0a082bba..2b3a02023 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -213,6 +213,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified ) KBNODE node, uidnode; PKT_public_key *primary_pk; int select_all = !count_selected_uids(keyblock); + int upd_trust = 0; /* build a list of all signators */ rc=build_sk_list( locusr, &sk_list, 0, 1 ); @@ -292,6 +293,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified ) goto leave; } *ret_modified = 1; /* we changed the keyblock */ + upd_trust = 1; pkt = m_alloc_clear( sizeof *pkt ); pkt->pkttype = PKT_SIGNATURE; @@ -301,6 +303,10 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified ) } } } /* end loop over signators */ + if( upd_trust && primary_pk ) { + rc = clear_trust_checked_flag( primary_pk ); + } + leave: release_sk_list( sk_list ); diff --git a/g10/plaintext.c b/g10/plaintext.c index 914be8f20..6d1c8796f 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -137,7 +137,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, else md_putc(mfx->md, c ); } - if( convert && c == '\r' ) + if( convert && !clearsig && c == '\r' ) continue; /* fixme: this hack might be too simple */ if( fp ) { if( putc( c, fp ) == EOF ) { @@ -157,7 +157,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, else md_putc(mfx->md, c ); } - if( convert && c == '\r' ) + if( convert && !clearsig && c == '\r' ) continue; /* fixme: this hack might be too simple */ if( fp ) { if( putc( c, fp ) == EOF ) { diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 819f79c9c..9253b8ce1 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -73,7 +73,6 @@ do_check( PKT_secret_key *sk ) int ndata; byte *p, *data; - i = pubkey_get_npkey(sk->pubkey_algo); assert( mpi_is_opaque( sk->skey[i] ) ); p = mpi_get_opaque( sk->skey[i], &ndata ); @@ -212,7 +211,9 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) else { cipher_hd = cipher_open( sk->protect.algo, CIPHER_MODE_AUTO_CFB, 1 ); - cipher_setkey( cipher_hd, dek->key, dek->keylen ); + if( cipher_setkey( cipher_hd, dek->key, dek->keylen ) ) + log_info(_("Warning: Weak key detected" + " - please change passphrase again.\n")); cipher_setiv( cipher_hd, NULL ); cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); if( sk->version >= 4 ) { diff --git a/g10/seskey.c b/g10/seskey.c index d4d2ab1fb..c268d1559 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -27,6 +27,7 @@ #include "cipher.h" #include "mpi.h" #include "main.h" +#include "i18n.h" /**************** @@ -35,8 +36,25 @@ void make_session_key( DEK *dek ) { + CIPHER_HANDLE chd; + int i, rc; + dek->keylen = cipher_get_keylen( dek->algo ) / 8; - randomize_buffer( dek->key, dek->keylen, 1 ); + + chd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); + for(i=0; i < 16; i++ ) { + rc = cipher_setkey( chd, dek->key, dek->keylen ); + if( !rc ) { + cipher_close( chd ); + return; + } + log_info(_("weak key created - retrying\n") ); + /* Renew the session key until we get a non-weak key. */ + randomize_buffer( dek->key, dek->keylen, 1 ); + } + log_fatal(_( + "cannot avoid weak key for symmetric cipher; tried %d times!\n"), + i); } diff --git a/g10/status.c b/g10/status.c index 3c22c0d1c..7cb2f5c5d 100644 --- a/g10/status.c +++ b/g10/status.c @@ -105,11 +105,27 @@ write_status_text ( int no, const char *text) #ifdef USE_SHM_COPROCESSING + +#ifndef IPC_RMID_DEFERRED_RELEASE +static void +remove_shmid( void ) +{ + if( shm_id != -1 ) { + shmctl ( shm_id, IPC_RMID, 0); + shm_id = -1; + } +} +#endif + void init_shm_coprocessing ( ulong requested_shm_size, int lock_mem ) { char buf[100]; + struct shmid_ds shmds; + #ifndef IPC_RMID_DEFERRED_RELEASE + atexit( remove_shmid ); + #endif requested_shm_size = (requested_shm_size + 4095) & ~4095; if ( requested_shm_size > 2 * 4096 ) log_fatal("too much shared memory requested; only 8k are allowed\n"); @@ -133,14 +149,24 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem ) shm_is_locked = 1; } + + #ifdef IPC_RMID_DEFERRED_RELEASE - if ( shmctl ( shm_id, IPC_RMID, 0) ) + if( shmctl( shm_id, IPC_RMID, 0) ) log_fatal("shmctl IPC_RMDID of %d failed: %s\n", shm_id, strerror(errno)); - #else - #error Must add a cleanup function #endif + if( shmctl( shm_id, IPC_STAT, &shmds ) ) + log_fatal("shmctl IPC_STAT of %d failed: %s\n", + shm_id, strerror(errno)); + if( shmds.shm_perm.uid != getuid() ) { + shmds.shm_perm.uid = getuid(); + if( shmctl( shm_id, IPC_SET, &shmds ) ) + log_fatal("shmctl IPC_SET of %d failed: %s\n", + shm_id, strerror(errno)); + } + /* write info; Protocol version, id, size, locked size */ sprintf( buf, "pv=1 pid=%d shmid=%d sz=%u lz=%u", (int)getpid(), shm_id, (unsigned)shm_size, shm_is_locked? (unsigned)shm_size:0 ); diff --git a/g10/trustdb.c b/g10/trustdb.c index efe7bcaf0..893c04304 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1704,9 +1704,28 @@ enum_trust_web( void **context, ulong *lid ) if( !c ) { /* make a new context */ c = m_alloc_clear( sizeof *c ); *context = c; - if( *lid != last_trust_web_key && last_trust_web_key ) - log_bug("enum_trust_web: nyi\n"); /* <--- FIXME */ - c->tsl = last_trust_web_tslist; + if( *lid == last_trust_web_key && last_trust_web_tslist ) + c->tsl = last_trust_web_tslist; + else { + TRUST_SEG_LIST tsl, tsl2, tslist; + int rc; + + rc = make_tsl( *lid, &tslist ); + if( rc ) { + log_error("failed to build the TSL\n"); + return rc; + } + /* cache the tslist, so that we do not need to free it */ + if( last_trust_web_key ) { + for( tsl = last_trust_web_tslist; tsl; tsl = tsl2 ) { + tsl2 = tsl->next; + m_free(tsl); + } + } + last_trust_web_key = *lid; + last_trust_web_tslist = tslist; + c->tsl = last_trust_web_tslist; + } c->index = 1; } @@ -1880,6 +1899,38 @@ query_trust_record( PKT_public_key *pk ) } +int +clear_trust_checked_flag( PKT_public_key *pk ) +{ + TRUSTREC rec; + int rc; + + if( !pk->local_id ) { + query_trust_record( pk ); + if( !pk->local_id ) + log_bug("clear_trust_checked_flag: Still no LID\n"); + } + + if( (rc=tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ))) { + log_error("clear_trust_checked_flag: read record failed: %s\n", + g10_errstr(rc)); + return rc; + } + + if( !(rec.r.dir.dirflags & DIRF_CHECKED) ) + return 0; + + /* reset the flag */ + rec.r.dir.dirflags &= ~DIRF_CHECKED; + rc = tdbio_write_record( &rec ); + if( rc ) { + log_error("clear_trust_checked_flag: write dir record failed: %s\n", + g10_errstr(rc)); + return rc; + } + return 0; +} + /**************** * helper function for insert_trust_record() @@ -2138,11 +2189,11 @@ insert_trust_record( PKT_public_key *orig_pk ) leave: - for(rec=uidlist_head; rec; rec = rec->next ) { + for(rec=uidlist_head; rec; rec = rec2 ) { rec2 = rec->next; rel_mem_uidnode(NULL, 0, rec ); } - for(rec=keylist_head; rec; rec = rec->next ) { + for(rec=keylist_head; rec; rec = rec2 ) { rec2 = rec->next; m_free(rec); } diff --git a/g10/trustdb.h b/g10/trustdb.h index fc470073f..4345a73a7 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -56,6 +56,7 @@ byte *get_pref_data( ulong lid, const byte *namehash, size_t *ret_n ); int is_algo_in_prefs( ulong lid, int preftype, int algo ); int keyid_from_lid( ulong lid, u32 *keyid ); int query_trust_record( PKT_public_key *pk ); +int clear_trust_checked_flag( PKT_public_key *pk ); int insert_trust_record( PKT_public_key *pk ); int update_ownertrust( ulong lid, unsigned new_trust ); |