diff options
author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:46 +0900 |
---|---|---|
committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:46 +0900 |
commit | d5a3e1c5fe16a0142f2a4554c4cfed53453bdaa2 (patch) | |
tree | 509fadb6ecb2174394d85b588b6cc74946f8d239 /g10 | |
parent | e299a90138c4ee04892f06ea99394c0f55d311db (diff) | |
download | gpg2-d5a3e1c5fe16a0142f2a4554c4cfed53453bdaa2.tar.gz gpg2-d5a3e1c5fe16a0142f2a4554c4cfed53453bdaa2.tar.bz2 gpg2-d5a3e1c5fe16a0142f2a4554c4cfed53453bdaa2.zip |
Imported Upstream version 2.2.16upstream/2.2.16
Diffstat (limited to 'g10')
-rw-r--r-- | g10/armor.c | 4 | ||||
-rw-r--r-- | g10/build-packet.c | 8 | ||||
-rw-r--r-- | g10/decrypt.c | 7 | ||||
-rw-r--r-- | g10/delkey.c | 103 | ||||
-rw-r--r-- | g10/ecdh.c | 2 | ||||
-rw-r--r-- | g10/exec.c | 110 | ||||
-rw-r--r-- | g10/export.c | 9 | ||||
-rw-r--r-- | g10/getkey.c | 3 | ||||
-rw-r--r-- | g10/import.c | 25 | ||||
-rw-r--r-- | g10/keydb.c | 15 | ||||
-rw-r--r-- | g10/keygen.c | 60 | ||||
-rw-r--r-- | g10/keyserver.c | 9 | ||||
-rw-r--r-- | g10/main.h | 2 | ||||
-rw-r--r-- | g10/options.h | 2 | ||||
-rw-r--r-- | g10/packet.h | 5 | ||||
-rw-r--r-- | g10/parse-packet.c | 15 | ||||
-rw-r--r-- | g10/photoid.c | 16 | ||||
-rw-r--r-- | g10/plaintext.c | 3 | ||||
-rw-r--r-- | g10/sign.c | 7 | ||||
-rw-r--r-- | g10/tofu.c | 32 |
20 files changed, 330 insertions, 107 deletions
diff --git a/g10/armor.c b/g10/armor.c index cc80968..36215a3 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -1156,10 +1156,10 @@ armor_filter( void *opaque, int control, } /* write the comment strings */ - for(s=comment->d;comment;comment=comment->next,s=comment->d) + for(;comment;comment=comment->next) { iobuf_writestr(a, "Comment: " ); - for( ; *s; s++ ) + for( s=comment->d; *s; s++ ) { if( *s == '\n' ) iobuf_writestr(a, "\\n" ); diff --git a/g10/build-packet.c b/g10/build-packet.c index b83ea84..14e40a1 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -424,15 +424,21 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) * Without forcing HDRLEN to 2 in this case an indeterminate length * packet would be written which is not allowed. Note that we are * always called with a CTB indicating an old packet header format, - * so that forcing a 2 octet header works. */ + * so that forcing a 2 octet header works. We also check for the + * maximum allowed packet size by the parser using an arbitrary + * extra 10 bytes for header data. */ if (uid->attrib_data) { + if (uid->attrib_len > MAX_ATTR_PACKET_LENGTH - 10) + return gpg_error (GPG_ERR_TOO_LARGE); hdrlen = uid->attrib_len? 0 : 2; write_header2 (out, ctb, uid->attrib_len, hdrlen); rc = iobuf_write( out, uid->attrib_data, uid->attrib_len ); } else { + if (uid->len > MAX_UID_PACKET_LENGTH - 10) + return gpg_error (GPG_ERR_TOO_LARGE); hdrlen = uid->len? 0 : 2; write_header2 (out, ctb, uid->len, hdrlen); rc = iobuf_write( out, uid->name, uid->len ); diff --git a/g10/decrypt.c b/g10/decrypt.c index 4d6734d..9589aff 100644 --- a/g10/decrypt.c +++ b/g10/decrypt.c @@ -48,7 +48,6 @@ decrypt_message (ctrl_t ctrl, const char *filename) armor_filter_context_t *afx = NULL; progress_filter_context_t *pfx; int rc; - int no_out = 0; pfx = new_progress_context (); @@ -82,11 +81,13 @@ decrypt_message (ctrl_t ctrl, const char *filename) if (!opt.outfile) { - no_out = 1; opt.outfile = "-"; + opt.flags.dummy_outfile = 1; } + else + opt.flags.dummy_outfile = 0; rc = proc_encryption_packets (ctrl, NULL, fp ); - if (no_out) + if (opt.flags.dummy_outfile) opt.outfile = NULL; iobuf_close (fp); diff --git a/g10/delkey.c b/g10/delkey.c index bf8c4e9..e91acb0 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -1,7 +1,7 @@ /* delkey.c - delete keys * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, * 2005, 2006 Free Software Foundation, Inc. - * Copyright (C) 2014 Werner Koch + * Copyright (C) 2014, 2019 Werner Koch * * This file is part of GnuPG. * @@ -53,13 +53,15 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, gpg_error_t err; kbnode_t keyblock = NULL; kbnode_t node, kbctx; + kbnode_t targetnode; KEYDB_HANDLE hd; PKT_public_key *pk = NULL; u32 keyid[2]; int okay=0; int yes; KEYDB_SEARCH_DESC desc; - int exactmatch; + int exactmatch; /* True if key was found by fingerprint. */ + int thiskeyonly; /* 0 = false, 1 = is primary key, 2 = is a subkey. */ *r_sec_avail = 0; @@ -72,6 +74,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR || desc.mode == KEYDB_SEARCH_MODE_FPR16 || desc.mode == KEYDB_SEARCH_MODE_FPR20); + thiskeyonly = desc.exact; if (!err) err = keydb_search (hd, &desc, 1, NULL); if (err) @@ -97,7 +100,35 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, err = gpg_error (GPG_ERR_GENERAL); goto leave; } - pk = node->pkt->pkt.public_key; + + /* If an operation only on a subkey is requested, find that subkey + * now. */ + if (thiskeyonly) + { + kbnode_t tmpnode; + + for (kbctx=NULL; (tmpnode = walk_kbnode (keyblock, &kbctx, 0)); ) + { + if (!(tmpnode->pkt->pkttype == PKT_PUBLIC_KEY + || tmpnode->pkt->pkttype == PKT_PUBLIC_SUBKEY)) + continue; + if (exact_subkey_match_p (&desc, tmpnode)) + break; + } + if (!tmpnode) + { + log_error ("Oops; requested subkey not found anymore!\n"); + err = gpg_error (GPG_ERR_GENERAL); + goto leave; + } + /* Set NODE to this specific subkey or primary key. */ + thiskeyonly = node == tmpnode? 1 : 2; + targetnode = tmpnode; + } + else + targetnode = node; + + pk = targetnode->pkt->pkt.public_key; keyid_from_pk (pk, keyid); if (!secret && !force) @@ -143,6 +174,32 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, print_pubkey_info (ctrl, NULL, pk ); tty_printf( "\n" ); + if (thiskeyonly == 1 && !secret) + { + /* We need to delete the entire public key despite the use + * of the thiskeyonly request. */ + tty_printf (_("Note: The public primary key and all its subkeys" + " will be deleted.\n")); + } + else if (thiskeyonly == 2 && !secret) + { + tty_printf (_("Note: Only the shown public subkey" + " will be deleted.\n")); + } + if (thiskeyonly == 1 && secret) + { + tty_printf (_("Note: Only the secret part of the shown primary" + " key will be deleted.\n")); + } + else if (thiskeyonly == 2 && secret) + { + tty_printf (_("Note: Only the secret part of the shown subkey" + " will be deleted.\n")); + } + + if (thiskeyonly) + tty_printf ("\n"); + yes = cpr_get_answer_is_yes (secret? "delete_key.secret.okay": "delete_key.okay", _("Delete this key from the keyring? (y/N) ")); @@ -178,6 +235,9 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)) continue; + if (thiskeyonly && targetnode != node) + continue; + if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key)) continue; /* No secret key for that public (sub)key. */ @@ -190,7 +250,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, * pre-caution is that since 2.1 the secret key may also * be used for other protocols and thus deleting it from * the gpg would also delete the key for other tools. */ - if (!err) + if (!err && !opt.dry_run) err = agent_delete_key (NULL, hexgrip, prompt, opt.answer_yes); xfree (prompt); @@ -219,6 +279,35 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, if (firsterr) goto leave; } + else if (thiskeyonly == 2) + { + int selected = 0; + + /* Delete the specified public subkey. */ + for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); ) + { + if (thiskeyonly && targetnode != node) + continue; + + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + selected = targetnode == node; + if (selected) + delete_kbnode (node); + } + else if (selected && node->pkt->pkttype == PKT_SIGNATURE) + delete_kbnode (node); + else + selected = 0; + } + commit_kbnode (&keyblock); + err = keydb_update_keyblock (ctrl, hd, keyblock); + if (err) + { + log_error (_("update failed: %s\n"), gpg_strerror (err)); + goto leave; + } + } else { err = keydb_delete_keyblock (hd); @@ -234,7 +323,8 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, revalidation_mark(). This makes sense - only deleting keys that have ownertrust set should trigger this. */ - if (!secret && pk && clear_ownertrusts (ctrl, pk)) + if (!secret && pk && !opt.dry_run && thiskeyonly != 2 + && clear_ownertrusts (ctrl, pk)) { if (opt.verbose) log_info (_("ownertrust information cleared\n")); @@ -247,7 +337,8 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, return err; } -/**************** + +/* * Delete a public or secret key from a keyring. */ gpg_error_t @@ -39,7 +39,7 @@ static const struct /* Note: Must be sorted by ascending values for QBITS. */ { { 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES }, - { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 }, + { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES192 }, /* Note: 528 is 521 rounded to the 8 bit boundary */ { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 } @@ -77,37 +77,99 @@ set_exec_path(const char *path) { return GPG_ERR_GENERAL; } static int w32_system(const char *command) { -#ifdef HAVE_W32CE_SYSTEM -#warning Change this code to use common/exechelp.c -#else - PROCESS_INFORMATION pi; - STARTUPINFO si; - char *string; + if (!strncmp (command, "!ShellExecute ", 14)) + { + SHELLEXECUTEINFOW see; + wchar_t *wname; + int waitms; + + command = command + 14; + while (spacep (command)) + command++; + waitms = atoi (command); + if (waitms < 0) + waitms = 0; + else if (waitms > 60*1000) + waitms = 60000; + while (*command && !spacep (command)) + command++; + while (spacep (command)) + command++; + + wname = utf8_to_wchar (command); + if (!wname) + return -1; + + memset (&see, 0, sizeof see); + see.cbSize = sizeof see; + see.fMask = (SEE_MASK_NOCLOSEPROCESS + | SEE_MASK_NOASYNC + | SEE_MASK_FLAG_NO_UI + | SEE_MASK_NO_CONSOLE); + see.lpVerb = L"open"; + see.lpFile = (LPCWSTR)wname; + see.nShow = SW_SHOW; + + if (DBG_EXTPROG) + log_debug ("running ShellExecuteEx(open,'%s')\n", command); + if (!ShellExecuteExW (&see)) + { + if (DBG_EXTPROG) + log_debug ("ShellExecuteEx failed: rc=%d\n", (int)GetLastError ()); + xfree (wname); + return -1; + } + if (DBG_EXTPROG) + log_debug ("ShellExecuteEx succeeded (hProcess=%p,hInstApp=%d)\n", + see.hProcess, (int)see.hInstApp); + + if (!see.hProcess) + { + gnupg_usleep (waitms*1000); + if (DBG_EXTPROG) + log_debug ("ShellExecuteEx ready (wait=%dms)\n", waitms); + } + else + { + WaitForSingleObject (see.hProcess, INFINITE); + if (DBG_EXTPROG) + log_debug ("ShellExecuteEx ready\n"); + } + CloseHandle (see.hProcess); + + xfree (wname); + } + else + { + char *string; + PROCESS_INFORMATION pi; + STARTUPINFO si; - /* We must use a copy of the command as CreateProcess modifies this - argument. */ - string=xstrdup(command); + /* We must use a copy of the command as CreateProcess modifies + * this argument. */ + string = xstrdup (command); - memset(&pi,0,sizeof(pi)); - memset(&si,0,sizeof(si)); - si.cb=sizeof(si); + memset (&pi, 0, sizeof(pi)); + memset (&si, 0, sizeof(si)); + si.cb = sizeof (si); - if(!CreateProcess(NULL,string,NULL,NULL,FALSE, - DETACHED_PROCESS, - NULL,NULL,&si,&pi)) - return -1; + if (!CreateProcess (NULL, string, NULL, NULL, FALSE, + DETACHED_PROCESS, + NULL, NULL, &si, &pi)) + return -1; - /* Wait for the child to exit */ - WaitForSingleObject(pi.hProcess,INFINITE); + /* Wait for the child to exit */ + WaitForSingleObject (pi.hProcess, INFINITE); - CloseHandle(pi.hProcess); - CloseHandle(pi.hThread); - xfree(string); + CloseHandle (pi.hProcess); + CloseHandle (pi.hThread); + xfree (string); + } return 0; -#endif } -#endif +#endif /*_W32*/ + /* Replaces current $PATH */ int @@ -508,7 +570,7 @@ exec_read(struct exec_info *info) if(info->flags.use_temp_files) { if(DBG_EXTPROG) - log_debug("system() command is %s\n",info->command); + log_debug ("running command: %s\n",info->command); #if defined (_WIN32) info->progreturn=w32_system(info->command); diff --git a/g10/export.c b/g10/export.c index e94e959..4216a24 100644 --- a/g10/export.c +++ b/g10/export.c @@ -428,8 +428,8 @@ new_subkey_list_item (KBNODE node) (keyID or fingerprint) and does match the one at NODE. It is assumed that the packet at NODE is either a public or secret subkey. */ -static int -exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node) +int +exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node) { u32 kid[2]; byte fpr[MAX_FINGERPRINT_LEN]; @@ -596,7 +596,10 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk) top_list = gcry_sexp_find_token (s_key, "private-key", 0); if (!top_list) goto bad_seckey; - if (gcry_sexp_length(top_list) != 2) + + /* ignore all S-expression after the first sublist -- we assume that + they are comments or otherwise irrelevant to OpenPGP */ + if (gcry_sexp_length(top_list) < 2) goto bad_seckey; key = gcry_sexp_nth (top_list, 1); if (!key) diff --git a/g10/getkey.c b/g10/getkey.c index c4afe45..1b699a4 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1495,15 +1495,14 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk, /* Old key is better. */ release_public_key_parts (&new.key); free_user_id (new.uid); - new.uid = NULL; } else { /* A tie. Keep the old key. */ release_public_key_parts (&new.key); free_user_id (new.uid); - new.uid = NULL; } + new.uid = NULL; } getkey_end (ctrl, ctx); ctx = NULL; diff --git a/g10/import.c b/g10/import.c index eb3063d..1899f52 100644 --- a/g10/import.c +++ b/g10/import.c @@ -665,6 +665,18 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, if (!(++stats->count % 100) && !opt.quiet) log_info (_("%lu keys processed so far\n"), stats->count ); + + if (origin == KEYORG_WKD && stats->count >= 5) + { + /* We limit the number of keys _received_ from the WKD to 5. + * In fact there should be only one key but some sites want + * to store a few expired keys there also. gpg's key + * selection will later figure out which key to use. Note + * that for WKD we always return the fingerprint of the + * first imported key. */ + log_info ("import from WKD stopped after %d keys\n", 5); + break; + } } stats->v3keys += v3keys; if (rc == -1) @@ -2174,14 +2186,19 @@ import_one (ctrl_t ctrl, fingerprint of the key in all cases. */ if (fpr) { - xfree (*fpr); /* Note that we need to compare against 0 here because COUNT gets only incremented after returning from this function. */ if (!stats->count) - *fpr = fingerprint_from_pk (pk, NULL, fpr_len); - else - *fpr = NULL; + { + xfree (*fpr); + *fpr = fingerprint_from_pk (pk, NULL, fpr_len); + } + else if (origin != KEYORG_WKD) + { + xfree (*fpr); + *fpr = NULL; + } } } diff --git a/g10/keydb.c b/g10/keydb.c index 0475f85..670a8a1 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1249,12 +1249,19 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, } if (err) { - if (gpg_err_code (err) != GPG_ERR_UNKNOWN_VERSION) + es_fflush (es_stdout); + log_error ("parse_keyblock_image: read error: %s\n", + gpg_strerror (err)); + if (gpg_err_code (err) == GPG_ERR_INV_PACKET) { - log_error ("parse_keyblock_image: read error: %s\n", - gpg_strerror (err)); - err = gpg_error (GPG_ERR_INV_KEYRING); + free_packet (pkt, &parsectx); + init_packet (pkt); + continue; } + /* Unknown version maybe due to v5 keys - we treat this + * error different. */ + if (gpg_err_code (err) != GPG_ERR_UNKNOWN_VERSION) + err = gpg_error (GPG_ERR_INV_KEYRING); break; } diff --git a/g10/keygen.c b/g10/keygen.c index ed57d5d..6042226 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -218,18 +218,22 @@ print_status_key_not_created (const char *handle) -static void -write_uid( KBNODE root, const char *s ) +static gpg_error_t +write_uid (kbnode_t root, const char *s) { - PACKET *pkt = xmalloc_clear(sizeof *pkt ); - size_t n = strlen(s); - - pkt->pkttype = PKT_USER_ID; - pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n); - pkt->pkt.user_id->len = n; - pkt->pkt.user_id->ref = 1; - strcpy(pkt->pkt.user_id->name, s); - add_kbnode( root, new_kbnode( pkt ) ); + PACKET *pkt = xmalloc_clear (sizeof *pkt); + size_t n = strlen (s); + + if (n > MAX_UID_PACKET_LENGTH - 10) + return gpg_error (GPG_ERR_INV_USER_ID); + + pkt->pkttype = PKT_USER_ID; + pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n); + pkt->pkt.user_id->len = n; + pkt->pkt.user_id->ref = 1; + strcpy (pkt->pkt.user_id->name, s); + add_kbnode (root, new_kbnode (pkt)); + return 0; } static void @@ -2356,14 +2360,25 @@ ask_curve (int *algo, int *subkey_algo, const char *current) else { /* If the user selected a signing algorithm and Curve25519 - we need to set the algo to EdDSA and update the curve name. */ - if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA) - && curves[idx].eddsa_curve) + we need to set the algo to EdDSA and update the curve name. + If switching away from EdDSA, we need to set the algo back + to ECDSA. */ + if (*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA) { - if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA) - *subkey_algo = PUBKEY_ALGO_EDDSA; - *algo = PUBKEY_ALGO_EDDSA; - result = curves[idx].eddsa_curve; + if (curves[idx].eddsa_curve) + { + if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA) + *subkey_algo = PUBKEY_ALGO_EDDSA; + *algo = PUBKEY_ALGO_EDDSA; + result = curves[idx].eddsa_curve; + } + else + { + if (subkey_algo && *subkey_algo == PUBKEY_ALGO_EDDSA) + *subkey_algo = PUBKEY_ALGO_ECDSA; + *algo = PUBKEY_ALGO_ECDSA; + result = curves[idx].name; + } } else result = curves[idx].name; @@ -4740,10 +4755,11 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, if (!err && (s = get_parameter_value (para, pUSERID))) { - write_uid (pub_root, s ); - err = write_selfsigs (ctrl, pub_root, pri_psk, - get_parameter_uint (para, pKEYUSAGE), timestamp, - cache_nonce); + err = write_uid (pub_root, s ); + if (!err) + err = write_selfsigs (ctrl, pub_root, pri_psk, + get_parameter_uint (para, pKEYUSAGE), timestamp, + cache_nonce); } /* Write the auth key to the card before the encryption key. This diff --git a/g10/keyserver.c b/g10/keyserver.c index 8509d83..cadb71f 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1537,9 +1537,7 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens) log_info (_("key not found on keyserver\n")); } - if (gpg_err_code (err) == GPG_ERR_NO_KEYSERVER) - log_error (_("no keyserver known (use option --keyserver)\n")); - else if (gpg_err_code (err) == GPG_ERR_NO_DATA) + if (gpg_err_code (err) == GPG_ERR_NO_DATA) err = gpg_error (GPG_ERR_NOT_FOUND); else if (err) log_error ("error searching keyserver: %s\n", gpg_strerror (err)); @@ -2072,8 +2070,9 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick, int armor_status = opt.no_armor; import_filter_t save_filt; - /* Keys returned via WKD are in binary format. */ - opt.no_armor = 1; + /* Keys returned via WKD are in binary format. However, we + * relax that requirement and allow also for armored data. */ + opt.no_armor = 0; save_filt = save_and_clear_import_filter (); if (!save_filt) err = gpg_error_from_syserror (); @@ -394,6 +394,8 @@ void export_print_stats (export_stats_t stats); int parse_export_options(char *str,unsigned int *options,int noisy); gpg_error_t parse_and_set_export_filter (const char *string); +int exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node); + int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, export_stats_t stats); int export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options, diff --git a/g10/options.h b/g10/options.h index 782c0cb..a7677e6 100644 --- a/g10/options.h +++ b/g10/options.h @@ -241,6 +241,8 @@ struct unsigned int disable_signer_uid:1; /* Flag to enable experimental features from RFC4880bis. */ unsigned int rfc4880bis:1; + /* Hack: --output is not given but OUTFILE was temporary set to "-". */ + unsigned int dummy_outfile:1; } flags; /* Linked list of ways to find a key if the key isn't on the local diff --git a/g10/packet.h b/g10/packet.h index d273bb3..b0431d5 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -33,6 +33,11 @@ #define DEBUG_PARSE_PACKET 1 +/* Maximum length of packets to avoid excessive memory allocation. */ +#define MAX_KEY_PACKET_LENGTH (256 * 1024) +#define MAX_UID_PACKET_LENGTH ( 2 * 1024) +#define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024) +#define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024) /* Constants to allocate static MPI arrays. */ #define PUBKEY_MAX_NPKEY OPENPGP_MAX_NPKEY diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 05f63e9..2d6ec92 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -35,14 +35,9 @@ #include "main.h" #include "../common/i18n.h" #include "../common/host2net.h" +#include "../common/mbox-util.h" -/* Maximum length of packets to avoid excessive memory allocation. */ -#define MAX_KEY_PACKET_LENGTH (256 * 1024) -#define MAX_UID_PACKET_LENGTH ( 2 * 1024) -#define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024) -#define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024) - static int mpi_print_mode; static int list_mode; static estream_t listfp; @@ -2064,12 +2059,20 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len); if (p && len) { + char *mbox; + sig->signers_uid = try_make_printable_string (p, len, 0); if (!sig->signers_uid) { rc = gpg_error_from_syserror (); goto leave; } + mbox = mailbox_from_userid (sig->signers_uid); + if (mbox) + { + xfree (sig->signers_uid); + sig->signers_uid = mbox; + } } p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL); diff --git a/g10/photoid.c b/g10/photoid.c index bcea64f..f9720d3 100644 --- a/g10/photoid.c +++ b/g10/photoid.c @@ -262,7 +262,8 @@ char *image_type_to_string(byte type,int style) } #if !defined(FIXED_PHOTO_VIEWER) && !defined(DISABLE_PHOTO_VIEWER) -static const char *get_default_photo_command(void) +static const char * +get_default_photo_command(void) { #if defined(_WIN32) OSVERSIONINFO osvi; @@ -274,14 +275,21 @@ static const char *get_default_photo_command(void) if(osvi.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS) return "start /w %i"; else - return "cmd /c start /w %i"; + return "!ShellExecute 400 %i"; #elif defined(__APPLE__) /* OS X. This really needs more than just __APPLE__. */ return "open %I"; #elif defined(__riscos__) return "Filer_Run %I"; #else - return "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"; + if (!path_access ("xloadimage", X_OK)) + return "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"; + else if (!path_access ("display",X_OK)) + return "display -title 'KeyID 0x%k' %i"; + else if (getuid () && !path_access ("xdg-open", X_OK)) + return "xdg-open %i"; + else + return "/bin/true"; #endif } #endif @@ -312,6 +320,8 @@ show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count, if (pk) keyid_from_pk (pk, kid); + es_fflush (es_stdout); + for(i=0;i<count;i++) if(attrs[i].type==ATTRIB_IMAGE && parse_image_header(&attrs[i],&args.imagetype,&len)) diff --git a/g10/plaintext.c b/g10/plaintext.c index c5d1ddb..f9e0a42 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -70,7 +70,8 @@ get_output_file (const byte *embedded_name, int embedded_namelen, goto leave; } } - else if (opt.outfile) + else if (opt.outfile + && !(opt.flags.use_embedded_filename && opt.flags.dummy_outfile)) { fname = xtrystrdup (opt.outfile); if (!fname) @@ -1593,6 +1593,13 @@ update_keysig_packet (ctrl_t ctrl, if ( opt.cert_digest_algo ) digest_algo = opt.cert_digest_algo; + else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA + || pksk->pubkey_algo == PUBKEY_ALGO_ECDSA + || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA) + digest_algo = orig_sig->digest_algo; + else if (orig_sig->digest_algo == DIGEST_ALGO_SHA1 + || orig_sig->digest_algo == DIGEST_ALGO_RMD160) + digest_algo = DEFAULT_DIGEST_ALGO; else digest_algo = orig_sig->digest_algo; @@ -534,7 +534,7 @@ check_utks (sqlite3 *db) NULL, NULL, &err); if (rc) { - log_error (_("error creating 'ultimately_trusted_keys' TOFU table: %s\n"), + log_error ("error creating 'ultimately_trusted_keys' TOFU table: %s\n", err); sqlite3_free (err); goto out; @@ -840,7 +840,7 @@ initdb (sqlite3 *db) NULL, NULL, &err); if (rc) { - log_error (_("error creating 'encryptions' TOFU table: %s\n"), + log_error ("error creating 'encryptions' TOFU table: %s\n", err); sqlite3_free (err); } @@ -870,7 +870,7 @@ initdb (sqlite3 *db) * safely ignore. */ rc = 0; else - log_error (_("adding column effective_policy to bindings DB: %s\n"), + log_error ("adding column effective_policy to bindings DB: %s\n", err); sqlite3_free (err); } @@ -2143,8 +2143,7 @@ build_conflict_set (ctrl_t ctrl, tofu_dbs_t dbs, rc = keydb_search_reset (hd); if (rc) { - log_error (_("resetting keydb: %s\n"), - gpg_strerror (rc)); + log_error ("resetting keydb failed: %s\n", gpg_strerror (rc)); continue; } @@ -2610,8 +2609,8 @@ get_policy (ctrl_t ctrl, tofu_dbs_t dbs, PKT_public_key *pk, if (record_binding (dbs, fingerprint, email, user_id, policy == TOFU_POLICY_NONE ? TOFU_POLICY_AUTO : policy, effective_policy, conflict, 1, 0, now) != 0) - log_error (_("error setting TOFU binding's policy" - " to %s\n"), tofu_policy_str (policy)); + log_error ("error setting TOFU binding's policy" + " to %s\n", tofu_policy_str (policy)); } /* If the caller wants the set of conflicts, return it. */ @@ -3148,14 +3147,10 @@ show_statistics (tofu_dbs_t dbs, es_fprintf (fp, _("%s: Verified 0 signatures."), email); else { - /* TRANSLATORS: The final %s is replaced by a string like - "7~months". */ + /* Note: Translation not possible with that wording. */ char *ago_str = time_ago_str (now - signature_first_seen); es_fprintf - (fp, - ngettext("%s: Verified %ld~signature in the past %s.", - "%s: Verified %ld~signatures in the past %s.", - signature_count), + (fp, "%s: Verified %ld~signatures in the past %s.", email, signature_count, ago_str); xfree (ago_str); } @@ -3168,12 +3163,9 @@ show_statistics (tofu_dbs_t dbs, { char *ago_str = time_ago_str (now - encryption_first_done); - /* TRANSLATORS: The final %s is replaced by a string like - "7~months". */ - es_fprintf (fp, - ngettext("Encrypted %ld~message in the past %s.", - "Encrypted %ld~messages in the past %s.", - encryption_count), + /* Note: Translation not possible with this kind of + * composition. */ + es_fprintf (fp, "Encrypted %ld~messages in the past %s.", encryption_count, ago_str); xfree (ago_str); } @@ -3940,7 +3932,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy) policy, TOFU_POLICY_NONE, NULL, 0, 1, now); if (err) { - log_error (_("error setting policy for key %s, user id \"%s\": %s"), + log_error ("error setting policy for key %s, user id \"%s\": %s", fingerprint, email, gpg_strerror (err)); xfree (email); break; |