diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | acinclude.m4 | 6 | ||||
-rw-r--r-- | cipher/ChangeLog | 12 | ||||
-rw-r--r-- | cipher/cipher.c | 26 | ||||
-rw-r--r-- | cipher/dsa.c | 8 | ||||
-rw-r--r-- | cipher/elgamal.c | 12 | ||||
-rw-r--r-- | cipher/pubkey.c | 21 |
7 files changed, 85 insertions, 5 deletions
@@ -1,3 +1,8 @@ +Thu Jul 15 10:15:35 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> + + + * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Fixed last modification. + Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> diff --git a/acinclude.m4 b/acinclude.m4 index 54299533..7e549143 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -560,7 +560,7 @@ AC_CHECK_TOOL(AS, as, false) # GNUPG_SYS_SYMBOL_UNDERSCORE - does the compiler prefix global symbols # with an underscore? AC_DEFUN(GNUPG_SYS_SYMBOL_UNDERSCORE, -[ac_cv_sys_symbol_underscore="check" +[tmp_do_check="no" case "${target}" in i386-emx-os2 | i[3456]86-pc-os2*emx ) ac_cv_sys_symbol_underscore=yes @@ -568,11 +568,13 @@ case "${target}" in *) if test "$cross_compiling" = yes; then ac_cv_sys_symbol_underscore=yes + else + tmp_do_check="yes" fi ;; esac -if test "$ac_cv_sys_symbol_underscore" = "check"; then +if test "$tmp_do_check" = "yes"; then ac_cv_sys_symbol_underscore="" AC_REQUIRE([GNUPG_PROG_NM])dnl AC_REQUIRE([GNUPG_SYS_NM_PARSE])dnl diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 1c6a7c15..73a42ba4 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,15 @@ +Thu Jul 15 10:15:35 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> + + + * elgamal.c (elg_check_secret_key,elg_encrypt + elg_decrypt,elg_sign,elg_verify): Sanity check on the args. + * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto. + + * pubkey.c (disable_pubkey_algo): New. + (check_pubkey_algo2): Look at disabled algo table. + * cipher.c (disable_cipher_algo): New. + (check_cipher_algo): Look at disabled algo table. + Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> * Makefile.am: Support for libtool. diff --git a/cipher/cipher.c b/cipher/cipher.c index 59b6f2ef..ac77e5b0 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -48,6 +48,7 @@ struct cipher_table_s { }; static struct cipher_table_s cipher_table[TABLE_SIZE]; +static int disabled_algos[TABLE_SIZE]; struct cipher_handle_s { @@ -246,6 +247,22 @@ cipher_algo_to_string( int algo ) return NULL; } + +void +disable_cipher_algo( int algo ) +{ + int i; + + for(i=0; i < DIM(disabled_algos); i++ ) { + if( !disabled_algos[i] || disabled_algos[i] == algo ) { + disabled_algos[i] = algo; + return; + } + } + /* fixme: we should use a linked list */ + log_fatal("can't disable cipher algo %d: table full\n"); +} + /**************** * Return 0 if the cipher algo is available */ @@ -256,8 +273,13 @@ check_cipher_algo( int algo ) do { for(i=0; cipher_table[i].name; i++ ) - if( cipher_table[i].algo == algo ) - return 0; /* okay */ + if( cipher_table[i].algo == algo ) { + for(i=0; i < DIM(disabled_algos); i++ ) { + if( disabled_algos[i] == algo ) + return G10ERR_CIPHER_ALGO; + } + return 0; /* okay */ + } } while( load_cipher_modules() ); return G10ERR_CIPHER_ALGO; } diff --git a/cipher/dsa.c b/cipher/dsa.c index 9154f49d..5828b950 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -300,6 +300,7 @@ verify(MPI r, MPI s, MPI hash, DSA_public_key *pkey ) MPI base[3]; MPI exp[3]; + if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) ) return 0; /* assertion 0 < r < q failed */ if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) ) @@ -365,6 +366,8 @@ dsa_check_secret_key( int algo, MPI *skey ) if( algo != PUBKEY_ALGO_DSA ) return G10ERR_PUBKEY_ALGO; + if( !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.q = skey[1]; @@ -386,6 +389,8 @@ dsa_sign( int algo, MPI *resarr, MPI data, MPI *skey ) if( algo != PUBKEY_ALGO_DSA ) return G10ERR_PUBKEY_ALGO; + if( !data || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.q = skey[1]; @@ -406,6 +411,9 @@ dsa_verify( int algo, MPI hash, MPI *data, MPI *pkey, if( algo != PUBKEY_ALGO_DSA ) return G10ERR_PUBKEY_ALGO; + if( !data[0] || !data[1] || !hash + || !pkey[0] || !pkey[1] || !pkey[2] || !pkey[3] ) + return G10ERR_BAD_MPI; pk.p = pkey[0]; pk.q = pkey[1]; diff --git a/cipher/elgamal.c b/cipher/elgamal.c index 4b975862..bbf9c278 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -459,6 +459,8 @@ elg_check_secret_key( int algo, MPI *skey ) if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !skey[0] || !skey[1] || !skey[2] || !skey[3] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.g = skey[1]; @@ -479,6 +481,8 @@ elg_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ) if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !data || !pkey[0] || !pkey[1] || !pkey[2] ) + return G10ERR_BAD_MPI; pk.p = pkey[0]; pk.g = pkey[1]; @@ -496,6 +500,9 @@ elg_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !data[0] || !data[1] + || !skey[0] || !skey[1] || !skey[2] || !skey[3] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.g = skey[1]; @@ -513,6 +520,8 @@ elg_sign( int algo, MPI *resarr, MPI data, MPI *skey ) if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !data || !skey[0] || !skey[1] || !skey[2] || !skey[3] ) + return G10ERR_BAD_MPI; sk.p = skey[0]; sk.g = skey[1]; @@ -532,6 +541,9 @@ elg_verify( int algo, MPI hash, MPI *data, MPI *pkey, if( !is_ELGAMAL(algo) ) return G10ERR_PUBKEY_ALGO; + if( !data[0] || !data[1] || !hash + || !pkey[0] || !pkey[1] || !pkey[2] ) + return G10ERR_BAD_MPI; pk.p = pkey[0]; pk.g = pkey[1]; diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 81574dbd..548d2e81 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -54,7 +54,7 @@ struct pubkey_table_s { }; static struct pubkey_table_s pubkey_table[TABLE_SIZE]; - +static int disabled_algos[TABLE_SIZE]; static int @@ -267,6 +267,20 @@ pubkey_algo_to_string( int algo ) } +void +disable_pubkey_algo( int algo ) +{ + int i; + + for(i=0; i < DIM(disabled_algos); i++ ) { + if( !disabled_algos[i] || disabled_algos[i] == algo ) { + disabled_algos[i] = algo; + return; + } + } + log_fatal("can't disable pubkey algo %d: table full\n"); +} + int check_pubkey_algo( int algo ) @@ -291,6 +305,11 @@ check_pubkey_algo2( int algo, unsigned use ) if( (use & PUBKEY_USAGE_ENC) && !(pubkey_table[i].use & PUBKEY_USAGE_ENC) ) return G10ERR_WR_PUBKEY_ALGO; + + for(i=0; i < DIM(disabled_algos); i++ ) { + if( disabled_algos[i] == algo ) + return G10ERR_PUBKEY_ALGO; + } return 0; /* okay */ } } while( load_pubkey_modules() ); |