diff options
| author | Werner Koch <[email protected]> | 1999-01-09 15:06:59 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 1999-01-09 15:06:59 +0000 |
| commit | 002b1a8632d2c2795deb4682ba6db8be120db9b4 (patch) | |
| tree | 33a0e8c96550f24d9aa1747b05a9f471f975e7a7 | |
| parent | See ChangeLog: Thu Jan 7 18:00:58 CET 1999 Werner Koch (diff) | |
| download | gnupg-002b1a8632d2c2795deb4682ba6db8be120db9b4.tar.gz gnupg-002b1a8632d2c2795deb4682ba6db8be120db9b4.zip | |
See ChangeLog: Sat Jan 9 16:02:23 CET 1999 Werner Koch
Diffstat (limited to '')
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | NEWS | 9 | ||||
| -rw-r--r-- | THOUGHTS | 201 | ||||
| -rw-r--r-- | TODO | 3 | ||||
| -rw-r--r-- | cipher/ChangeLog | 6 | ||||
| -rw-r--r-- | cipher/Makefile.am | 14 | ||||
| -rw-r--r-- | cipher/md.c | 2 | ||||
| -rw-r--r-- | cipher/random.c | 4 | ||||
| -rw-r--r-- | cipher/rndunix.c | 4 | ||||
| -rw-r--r-- | configure.in | 42 | ||||
| -rw-r--r-- | debian/README.Debian | 16 | ||||
| -rw-r--r-- | debian/changelog | 166 | ||||
| -rw-r--r-- | debian/control | 23 | ||||
| -rw-r--r-- | debian/copyright | 30 | ||||
| -rw-r--r-- | debian/distfiles | 7 | ||||
| -rw-r--r-- | debian/preinst | 47 | ||||
| -rw-r--r-- | debian/rules | 72 | ||||
| -rw-r--r-- | doc/DETAILS | 56 | ||||
| -rw-r--r-- | g10/ChangeLog | 15 | ||||
| -rw-r--r-- | g10/armor.c | 430 | ||||
| -rw-r--r-- | g10/build-packet.c | 2 | ||||
| -rw-r--r-- | g10/encr-data.c | 19 | ||||
| -rw-r--r-- | g10/free-packet.c | 2 | ||||
| -rw-r--r-- | g10/mainproc.c | 20 | ||||
| -rw-r--r-- | g10/plaintext.c | 61 | ||||
| -rw-r--r-- | g10/sig-check.c | 5 | ||||
| -rw-r--r-- | g10/sign.c | 2 | ||||
| -rw-r--r-- | g10/status.c | 6 | ||||
| -rw-r--r-- | g10/status.h | 2 | ||||
| -rw-r--r-- | mpi/ChangeLog | 4 | ||||
| -rw-r--r-- | mpi/mpi-bit.c | 2 | ||||
| -rw-r--r-- | mpi/mpi-cmp.c | 3 | ||||
| -rw-r--r-- | util/ChangeLog | 5 | ||||
| -rw-r--r-- | util/iobuf.c | 60 | ||||
| -rw-r--r-- | util/secmem.c | 6 |
35 files changed, 829 insertions, 521 deletions
@@ -1,3 +1,7 @@ +Sat Jan 9 16:02:23 CET 1999 Werner Koch <[email protected]> + + * configure.in: Add a way to statically link rndunix + Sun Jan 3 15:28:44 CET 1999 Werner Koch <[email protected]> * acinclude.m4 (GNUPG_CHECK_RDYNAMIC): New. @@ -8,6 +8,15 @@ fixed an infinite loop bug in the 3DES code and in the code which looks for trusted signatures. + * Fixed a bug in the mpi library which caused signatures not to + compare okay. + + * Rewrote the handling of cleartext signatures; the code is now + better maintainable (I hope so). + + * New status output VALIDSIG only for valid signatures together + with the fingerprint of the signer's key. + Noteworthy changes in version 0.9.0 ----------------------------------- diff --git a/THOUGHTS b/THOUGHTS new file mode 100644 index 000000000..99766ce0f --- /dev/null +++ b/THOUGHTS @@ -0,0 +1,201 @@ + + /* we still have these if a signed signed more than one + * user ID. I don't think that is makes sense to sign + * more than one user ID; an exception might be a user ID + * which is to be removed in near future. Anyway it is + * always good to sign only those user ID which are + * unlikely to change. It might be good to insert a + * user ID which does not contain an email address and + * mark this one with a special signature flag or let + * sign_key() suggest a user ID w/o an email address + */ + + + * What shall we do if we have a valid subkey revocation certificate + but no subkey binding? Is this a valid but revoked key? + + +Date: Mon, 4 Jan 1999 19:34:29 -0800 (PST) +From: Matthew Skala <[email protected]> + +- Signing with an expired key doesn't work by default, does work with a + special option. +- Verifying a signature that appears to have been made by an expired key + after its expiry date but is otherwise good reports the signature as BAD, + preferably with a message indicating that it's a key-expiry problem rather + than a cryptographically bad signature. +- Verifying a signature from a key that is now expired, where the + signature was made before the expiry date, reports the signature as + GOOD, possibly with a warning that the key has since expired. +- Encrypting to an expired key doesn't work by default, does work with a + special option. +- Decrypting always works, if you have the appropriate secret key and + passphrase. + + + +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +Hi Werner.. + +I was looking at some of the PROJECTS items in the recent gpg CVS and wanted +to comment on one of them: + + * Add a way to override the current cipher/md implementations + by others (using extensions) + +As you know I've been thinking about how to use a PalmPilot or an iButton in +some useful way in GPG. The two things that seem reasonable are: + 1) keep the secret key in the device, only transferring it to the host + computer for the duration of the secret-key operation (sign or decrypt). + The key is never kept on disk, only in RAM. This removes the chance that + casual snooping on your office workstation will reveal your key (it + doesn't help against an active attack, but the attacker must leave a + tampered version of GPG around or otherwise get their code to run while + the key-storage device is attached to attack the key) + 2) perform the secret-key operation on the device, so the secret key never + leaves the confines of that device. There are still attacks possible, + based upon talking to the device while it is connected and trying to + convince the device (and possibly the user) that it is the real GPG, + but in general this protects the key pretty strongly. Any individual + message is still vulnerable, but that's a tradeoff of the convenience of + composing that message on a full-sized screen+keyboard (plus the added + speed of encryption) vs. the security of writing the message on a + secure device. + +I think there are a variety of ways of implementing these things, but a few +extension mechanisms in GPG should be enough to try various ways later on. + +1) pass an argument string to loadable extension modules (maybe + gpg --load-extension foofish=arg1,arg2,arg3 ?) +2) allow multiple instances of the same extension module (presumably with + different arguments) +3) allow extension modules to use stdin/stdout/stderr as normal (probably + already in there), for giving feedback to the user, or possibly asking them + for a password of some sort +4) have an extension to provide secret keys: + + It looks like most of the hooks for this are already in place, it just + needs an extension module which can register itself as a keyblock resource. + + I'm thinking of a module for this that is given an external program name as + an argument. When the keyblock resource is asked to enumerate its keys, it + runs the external program (first with a "0" argument, then a "1", and so on + until the program reports that no more keys are available). The external + program returns one (possibly armored) secret key block each time. The + program might have some kind of special protocol to talk to the storage + device. One thing that comes to mind is to simply include a random number + in the message sent over the serial port: the program would display this + number, the Pilot at the other end would display the number it receives, if + the user sees that both are the same they instruct the Pilot to release the + key, as basic protection against someone else asking for the key while it + is attached. More sophisticated schemes are possible depending upon how + much processing power and IO is available on the device. But the same + extension module should be able to handle as complex a scheme as one could + wish. + + The current keyblock-resource interface would work fine, although it + might be more convenient if a resource could be asked for a key by id + instead of enumerating all of them and then searching through the resulting + list for a match. A module that provided public keys would have to work this + way (imagine a module that could automatically do an http fetch for a + particular key.. easily-added automatic key fetching). Without that ability + to fetch by id (which would require it to fall back to the other keyblock + resources if it failed), the user's device might be asked to release the + key even though some other secret key was the one needed. + + +5) have an extension to perform a secret-key operation without the actual + secret key material + + basically something to indicate that any decrypt or sign operations that + occur for a specific keyid should call the extension module instead. The + secret key would not be extracted (it wouldn't be available anyway). The + module is given the keyid and the MPI of the block it is supposed to sign + or decrypt. + + The module could then run an external program to do the operation. I'm + imagining a Pilot program which receives the data, asks the user if it can go + along with the operation (after displaying a hash of the request, which is + also displayed by the extension module's program to make sure the Pilot is + being asked to do the right operation), performs the signature or decryption, + then returns the data. This protocol could be made arbitrarily complex, with + a D-H key to encrypt the link, and both sides signing requests to + authenticate one to the other (although this transforms the the problem of + getting your secret key off your office workstation into the problem of + your workstation holding a key tells your Pilot that it is allowed to perform + the secret key operation, and if someone gets a hold of that key they may + be able to trick your pilot [plugged in somewhere else] to do the same thing + for them). + + This is basically red/black separation, with the Pilot or iButton having the + perimeter beyond which the red data doesn't pass. Better than the secret-key + storage device but requires a lot more power on the device (the new iButtons + with the exponentiator could do it, but it would take way too much code space + on the old ones, although they would be fine for just carrying the keys). + +The signature code might need to be extended to verify the signature you just +made, since an active intruder pretending to the the Pilot wouldn't be able to +make a valid signature (but they might sign your message with a different key +just to be annoying). + +Anyway, just wanted to share my thoughts on some possibilities. I've been +carrying this little Java iButton on my keyring for months now, looking for +something cool to do with it, and I think that secure storage for my GPG key +would be just the right application. + +cheers, + -Brian + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v0.4.5 (GNU/Linux) +Comment: For info finger [email protected] + +iD8DBQE2c5oZkDmgv9E5zEwRArAwAKDWV5fpTtbGPiMPgl2Bpp0gvhbfQgCgzJuY +AmIQTk4s62/y2zMAHDdOzK0= +=jr7m +-----END PGP SIGNATURE----- + + + +About a new Keyserver (discussion with Allan Clark <[email protected]>): +===================== + +Some ideas: + +o the KS should verify signatures and only accept those + which are good. + +o Keep a blacklist of known bad signatures to minimize + the time needed to check them + +o Should be fast - I currently designing a new storage + system called keybox which takes advantage of the fact + that the keyID is higly random and can be directly be + used as a hash value and this keyID is (for v4 keys) + part of the fingerprint: So it is possible to use the + fingerprint as key but do an lookup by the keyID. + +o To be used as the "public keyring" in a LAN so that there + is no need to keep one on every machine. + +o Allow more that one file for key storage. + +o Use the HKS protocol and enhance it in a way that binary + keyrings can be transmitted. (I already wrote some + http server and client code which can be used for this) + +o Keep a checkcsum (hash) of the entire keyblock so that a + client can easy check whether this keyblock has changed. + (keyblock = the entire key with all certificates etc.) + +o Allow efficient propagation of new keys and revocation + certificates. + + +Probably more things but this keyserver is not a goal for the +1.0 release. Someone should be able to fix some of the limitations +of the existing key servers (I think they bail out on some rfc2440 +packet formats). + @@ -22,7 +22,7 @@ Important * print a warning when a revoked/expired secret key is used. - * Allow the use of a the faked RNG onyl for keys which are + * Allow the use of a the faked RNG only for keys which are flagged as INSECURE. @@ -55,6 +55,5 @@ Nice to have * Burn the buffers used by fopen(), or use read(2). Does this really make sense? * change the fake_data stuff to mpi_set_opaque - * rewrite the ugly armor code. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 347d3469c..ad7d6f83b 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,9 @@ +Sat Jan 9 16:02:23 CET 1999 Werner Koch <[email protected]> + + * rndunix.c (gather_random): check for setuid. + + * Makefile.am: Add a way to staically link random modules + Thu Jan 7 18:00:58 CET 1999 Werner Koch <[email protected]> * md.c (md_stop_debug): Do a flush first. diff --git a/cipher/Makefile.am b/cipher/Makefile.am index a27989cb0..4a7171071 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -1,18 +1,18 @@ ## Process this file with automake to produce Makefile.in -gnupg_extensions = tiger twofish rndunix - INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl noinst_LIBRARIES = libcipher.a + +EXTRA_PROGRAMS = tiger twofish rndunix rndlinux if ENABLE_GNUPG_EXTENSIONS -pkglib_PROGRAMS = $(gnupg_extensions) +pkglib_PROGRAMS = @DYNAMIC_CIPHER_MODS@ @DYNAMIC_RANDOM_MODS@ else pkglib_PROGRAMS = endif -DYNLINK_MOD_CFLAGS = -DIS_MODULE @DYNLINK_MOD_CFLAGS@ +DYNLINK_MOD_CFLAGS = -DIS_MODULE @DYNLINK_MOD_CFLAGS@ libcipher_a_SOURCES = cipher.c \ pubkey.c \ @@ -33,7 +33,6 @@ libcipher_a_SOURCES = cipher.c \ random.h \ random.c \ rand-internal.h \ - rndlinux.c \ rmd.h \ rmd160.c \ sha1.h \ @@ -43,9 +42,14 @@ libcipher_a_SOURCES = cipher.c \ g10c.c \ smallprime.c + +EXTRA_libcipher_a_SOURCES = rndlinux.c rndunix.c EXTRA_tiger_SOURCES = tiger.c EXTRA_twofish_SOURCES = twofish.c +libcipher_a_DEPENDENCIES = @STATIC_RANDOM_OBJS@ @STATIC_CIPHER_OBJS@ +libcipher_a_LIBADD = @STATIC_RANDOM_OBJS@ @STATIC_CIPHER_OBJS@ + tiger: $(srcdir)/tiger.c `echo $(COMPILE) $(DYNLINK_MOD_CFLAGS) -o tiger $(srcdir)/tiger.c | \ diff --git a/cipher/md.c b/cipher/md.c index f7be5e4cc..6e335db80 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -1,5 +1,5 @@ /* md.c - message digest dispatcher - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998,1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/cipher/random.c b/cipher/random.c index 6f8a20aa1..1812467ae 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -122,13 +122,9 @@ initialize() #elif USE_RNDUNIX rndunix_constructor(); #elif USE_RNDW32 - rndw32_constructor(); #elif USE_RNDOS2 - rndos2_constructor(); #elif USE_RNDATARI - rndatari_constructor(); #elif USE_RNDMVS - rndmvs_constructor(); #endif } diff --git a/cipher/rndunix.c b/cipher/rndunix.c index c005afba4..9e49ebc75 100644 --- a/cipher/rndunix.c +++ b/cipher/rndunix.c @@ -2,6 +2,7 @@ * * * BeOS Randomness-Gathering Code * * Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1998 * + * Copyright (C) 1998, 1999 Werner Koch * * ****************************************************************************/ @@ -678,6 +679,9 @@ gather_random( void (*add)(const void*, size_t, int), int requester, size_t n; if( !gatherer_pid ) { + /* make sure we are not setuid */ + if( getuid() != geteuid() ) + BUG(); /* time to start the gatherer process */ if( pipe( pipedes ) ) { g10_log_error("pipe() failed: %s\n", strerror(errno)); diff --git a/configure.in b/configure.in index f7104866b..6fcc58af1 100644 --- a/configure.in +++ b/configure.in @@ -259,6 +259,48 @@ else fi +dnl +dnl Figure how to link the random modules +dnl +if test "$ac_cv_have_dev_random" = yes; then + AC_DEFINE(USE_RNDLINUX) + STATIC_RANDOM_OBJS="rndlinux.o" + DYNAMIC_RANDOM_MODS="" +else + case "${target}" in + i386--mingw32) + AC_DEFINE(USE_RNDW32) + STATIC_RANDOM_OBJS="" + DYNAMIC_RANDOM_MODS="" + ;; + m68k-atari-mint) + AC_DEFINE(USE_RNDATARI) + STATIC_RANDOM_OBJS="" + DYNAMIC_RANDOM_MODS="" + ;; + *) + AC_DEFINE(USE_RNDUNIX) + STATIC_RANDOM_OBJS="rndunix.o" + DYNAMIC_RANDOM_MODS="" + ;; + esac +fi + +AC_SUBST(STATIC_RANDOM_OBJS) +AC_SUBST(DYNAMIC_RANDOM_MODS) + + +dnl +dnl Figure how to link the cipher modules +dnl +dnl (form now these are only dynamic) +STATIC_CIPHER_OBJS="" +DYNAMIC_CIPHER_MODS="twofish tiger" +AC_SUBST(STATIC_CIPHER_OBJS) +AC_SUBST(DYNAMIC_CIPHER_MODS) + + + dnl setup assembler stuff AC_MSG_CHECKING(for mpi assembler functions) if test -f $srcdir/mpi/config.links ; then diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 000000000..f59643715 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,16 @@ +Due to a bug in the way secret keys were encrypted in versions prior +to 0.3.3, later version of gnupg are not backwards compatible and you +will have to convert your secret keys before using old secret keys +with recent versions of gnupg. + +The upgrade strategy is described in /usr/doc/gnupg/NEWS.gz, please +refer to it for more details, but it requires an old copy of the gpg +and gpgm binaries. They may be on your system as gpg.old and +gpgm.old, but if they're not you can find gnupg 0.3.2 source and +binaries for i386, m68k, alpha, powerpc and hurd-i386 at: + + <URL:http://james.nocrew.org/gnupg/> + +-- +James Troup <[email protected]>, Bradford, UK +Sun, 8 Nov 1998 19:11:40 +0000 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 000000000..f8f9eebd8 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,166 @@ +gnupg (0.9.0-1) unstable; urgency=low + + * New upstream version. + * g10/armor.c (armor_filter): add missing new line in comment string; as + noticed by Stainless Steel Rat <[email protected]>. + + -- James Troup <[email protected]> Tue, 29 Dec 1998 20:22:43 +0000 + +gnupg (0.4.5-1) unstable; urgency=low + + * New upstream version. + * debian/rules (clean): force removal of intl/libintl.h which the + Makefiles fail to remove properly. + + -- James Troup <[email protected]> Tue, 8 Dec 1998 22:40:23 +0000 + +gnupg (0.4.4-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <[email protected]> Sat, 21 Nov 1998 01:34:29 +0000 + +gnupg (0.4.3-1) unstable; urgency=low + + * New upstream version. + * debian/README.Debian: new file; contains same information as is in the + preinst. Suggested by Wichert Akkerman <[email protected]>. + * debian/rules (binary-arch): install `README.Debian' + * debian/control (Standards-Version): updated to 2.5.0.0. + + -- James Troup <[email protected]> Sun, 8 Nov 1998 19:08:12 +0000 + +gnupg (0.4.2-1) unstable; urgency=low + + * New upstream version. + * debian/preinst: improve message about the NEWS file which isn't + actually installed when it's referred to, thanks to Martin Mitchell + <[email protected]>. + * debian/rules (binary-arch): don't install the now non-existent `rfcs', + but do install `OpenPGP'. + + -- James Troup <[email protected]> Sun, 18 Oct 1998 22:48:34 +0100 + +gnupg (0.4.1-1) unstable; urgency=low + + * New upstream version. + * debian/rules (binary-arch): fix the gpgm manpage symlink now installed + by `make install'. + + -- James Troup <[email protected]> Sun, 11 Oct 1998 17:01:21 +0100 + +gnupg (0.4.0-1) unstable; urgency=high + + * New upstream version. [#26717] + * debian/copyright: tone down warning about alpha nature of gnupg. + * debian/copyright: new maintainer address. + * debian/control: update extended description. + * debian/rules (binary-arch): install FAQ and all ChangeLogs. + * debian/preinst: new; check for upgrade from (<= 0.3.2-1) and warn about + incompatabilites in keyring format and offer to move old copy out of + gpg out of the way for transistion strategy and inform the user about + the old copies of gnupg available on my web page. + * debian/rules (binary-arch) install preinst. + * debian/rules (binary-arch): don't depend on the test target as it is + now partially interactive (tries to generate a key, which requires + someone else to be using the computer). + + -- James Troup <[email protected]> Thu, 8 Oct 1998 00:47:07 +0100 + +gnupg (0.3.2-1) unstable; urgency=low + + * New upstream version. + * debian/control (Maintainer): new address. + * debian/copyright: updated list of changes. + + -- James Troup <[email protected]> Thu, 9 Jul 1998 21:06:07 +0200 + +gnupg (0.3.1-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <[email protected]> Tue, 7 Jul 1998 00:26:21 +0200 + +gnupg (0.3.0-2) unstable; urgency=low + + * Applied bug-fix patch from Werner. + + -- James Troup <[email protected]> Fri, 26 Jun 1998 12:18:29 +0200 + +gnupg (0.3.0-1) unstable; urgency=low + + * New upstream version. + * debian/control: rewrote short and long description. + * cipher/Makefile.am: link tiger with -lc. + * debian/rules (binary-arch): strip loadable modules. + * util/secmem.c (lock_pool): get rid of errant test code; fix from + Werner Koch <[email protected]>. + * debian/rules (test): new target which runs gnupg's test suite. + binary-arch depends on it, to ensure it's run whenever the package is + built. + + -- James Troup <[email protected]> Thu, 25 Jun 1998 16:04:57 +0200 + +gnupg (0.2.19-1) unstable; urgency=low + + * New upstream version. + * debian/control: Updated long description. + + -- James Troup <[email protected]> Sat, 30 May 1998 12:12:35 +0200 + +gnupg (0.2.18-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <[email protected]> Sat, 16 May 1998 11:52:47 +0200 + +gnupg (0.2.17-1) unstable; urgency=high + + * New upstream version. + * debian/control (Standards-Version): updated to 2.4.1.0. + * debian/control: tone down warning about alpha nature of gnupg, as per + README. + * debian/copyright: ditto. + + -- James Troup <[email protected]> Mon, 4 May 1998 22:36:51 +0200 + +gnupg (0.2.15-1) unstable; urgency=high + + * New upstream version. + + -- James Troup <[email protected]> Fri, 10 Apr 1998 01:12:20 +0100 + +gnupg (0.2.13-1) unstable; urgency=high + + * New upstream version. + + -- James Troup <[email protected]> Wed, 11 Mar 1998 01:52:51 +0000 + +gnupg (0.2.12-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <[email protected]> Sat, 7 Mar 1998 13:52:40 +0000 + +gnupg (0.2.11-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <[email protected]> Wed, 4 Mar 1998 01:32:12 +0000 + +gnupg (0.2.10-1) unstable; urgency=low + + * New upstream version. + * Name changed upstream. + + -- James Troup <[email protected]> Mon, 2 Mar 1998 07:32:05 +0000 + +g10 (0.2.7-1) unstable; urgency=low + + * Initial release. + + -- James Troup <[email protected]> Fri, 20 Feb 1998 02:05:34 +0000 + +Local variables: +mode: debian-changelog +End: diff --git a/debian/control b/debian/control new file mode 100644 index 000000000..1c5f906e9 --- /dev/null +++ b/debian/control @@ -0,0 +1,23 @@ +Source: gnupg +Section: utils +Priority: optional +Maintainer: James Troup <[email protected]> +Standards-Version: 2.5.0.0 + +Package: gnupg +Architecture: any +Depends: ${shlibs:Depends} +Description: GNU privacy guard - a free PGP replacement. + GNUPG is the GNU encryption and signing tool. As you can see from the + version number, the program may have some bugs and some features may not + work at all. + . + Due to the fact that GNUPG does not use use any patented algorithm, + it cannot be compatible to old PGP versions, because those use + IDEA (which is worldwide patented) and RSA (which is patented in + the United States until Sep 20, 2000). + . + GNUPG is in almost all aspects compatible with other OpenPGP + implementations. The default algorithms are DSA and ELGamal. + Symmetric algorithms are: Blowfish and CAST5, Digest algorithms are + MD5, RIPEMD160, SHA1 and TIGER/192. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 000000000..bf1042084 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,30 @@ +This is Debian/GNU Linux's prepackaged version of GNUPG, a free PGP +replacement. As you can see from the version number, the program may +have some bugs and some features may not work at all. + +This package was put together by me, James Troup +<[email protected]>, from the sources, which I obtained from +ftp://ftp.guug.de/pub/gcrypt/gnupg-0.9.0.tar.gz. The changes were +minimal, namely: + +- adding support for the Debian package maintenance scheme, by adding + various debian/* files. + +Program Copyright (C) 1997, 1998 Werner Koch (dd9jn). +Modifications for Debian Copyright (C) 1998 James Troup. + +GNUPG is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNUPG is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License with +your Debian GNU/Linux system, in /usr/doc/copyright/GPL, or with the +Debian GNU/Linux gnupg source package as the file COPYING. If not, +write to the Free Software Foundation, Inc., 59 Temple Place, Suite +330, Boston, MA 02111-1307, USA. diff --git a/debian/distfiles b/debian/distfiles new file mode 100644 index 000000000..df6fac50c --- /dev/null +++ b/debian/distfiles @@ -0,0 +1,7 @@ +README.Debian +changelog +control +copyright +distfiles +preinst +rules diff --git a/debian/preinst b/debian/preinst new file mode 100644 index 000000000..8369e2013 --- /dev/null +++ b/debian/preinst @@ -0,0 +1,47 @@ +#!/bin/sh + +set -e + +case "$1" in + upgrade|install) + # Try to gracefully handle upgrades from a pre-0.3.3 version + + if [ ! -z $2 ]; then + set +e + dpkg --compare-versions $2 \<= 0.3.2-1 + result=$? + set -e + if [ $result = 0 ]; then + cat <<EOF +Due to a bug in the way secret keys were encrypted in versions prior +to 0.3.3, this version of gnupg is not backwards compatible with $2 +which you have (had) installed on your system. + +There is an upgrade strategy (see /usr/doc/gnupg/NEWS.gz after this +version is installed), but it requires an old copy of the gpg and gpgm +EOF + echo -n "binaries; shall I make copies of them for you (Y/n)? " + read answer + if [ ! "$answer" = "n" -a ! "$answer" = "N" ]; then + cp /usr/bin/gpg /usr/bin/gpg.old + cp /usr/bin/gpgm /usr/bin/gpgm.old + echo "Okay, done. The old versions are /usr/bin/gpg*.old" + else + echo "Okay, I haven't made backups." + fi; + cat <<EOF + +If at any stage you need a pre-0.3.3 gnupg, you can find source and +binaries for i386, m68k, alpha, powerpc and hurd-i386 at + + http://james.nocrew.org/gnupg/ + +Press return to continue +EOF + read foo + fi; + fi; + ;; + abort-upgrade) + ;; +esac diff --git a/debian/rules b/debian/rules new file mode 100644 index 000000000..aa074754f --- /dev/null +++ b/debian/rules @@ -0,0 +1,72 @@ +#!/usr/bin/make -f +# debian/rules file - for GNUPG (0.9.0) +# Based on sample debian/rules file - for GNU Hello (1.3). +# Copyright 1994,1995 by Ian Jackson. +# Copyright 1998 James Troup +# I hereby give you perpetual unlimited permission to copy, +# modify and relicense this file, provided that you do not remove +# my name from the file itself. (I assert my moral right of +# paternity under the Copyright, Designs and Patents Act 1988.) +# This file may have to be extensively modified + +build: + $(checkdir) + ./configure --prefix=/usr --with-included-gettext + $(MAKE) CFLAGS="-O2 -g -Wall" + touch build + +test: build + $(checkdir) + make -C checks check || exit 127 + touch test + +clean: + $(checkdir) + -rm -f build + -$(MAKE) -i distclean || $(MAKE) -f Makefile.in distclean + -rm -rf debian/tmp debian/*~ debian/files* debian/substvars + # Cruft not removed by `make clean' + -rm -f intl/libintl.h + +binary-indep: + +binary-arch: checkroot build # test + $(checkdir) + -rm -rf debian/tmp + install -d debian/tmp/DEBIAN/ + install -m 755 debian/preinst debian/tmp/DEBIAN/preinst + $(MAKE) prefix=`pwd`/debian/tmp/usr install + rm debian/tmp/usr/man/man1/gpgm.1 + gzip -9v debian/tmp/usr/man/man1/* + ln -s gpg.1.gz debian/tmp/usr/man/man1/gpgm.1.gz + strip debian/tmp/usr/bin/* + strip --strip-unneeded debian/tmp/usr/lib/gnupg/* + install -d debian/tmp/usr/doc/gnupg/ + install -m 644 debian/changelog debian/tmp/usr/doc/gnupg/changelog.Debian + install -m 644 debian/README.Debian README NEWS THANKS TODO doc/DETAILS \ + doc/FAQ doc/OpenPGP debian/tmp/usr/doc/gnupg/ + for i in po util mpi cipher tools g10 checks include; do \ + install -m 644 $$i/ChangeLog debian/tmp/usr/doc/gnupg/changelog.$$i; done + install -m 644 ChangeLog debian/tmp/usr/doc/gnupg/changelog.toplevel + gzip -9v debian/tmp/usr/doc/gnupg/* + ln -s changelog.g10.gz debian/tmp/usr/doc/gnupg/changelog.gz + install -m 644 debian/copyright debian/tmp/usr/doc/gnupg/ + dpkg-shlibdeps g10/gpg + dpkg-gencontrol -isp + chown -R root.root debian/tmp + chmod -R go=rX debian/tmp + dpkg --build debian/tmp .. + +define checkdir + test -f g10/g10.c -a -f debian/rules +endef + +# Below here is fairly generic really + +binary: binary-indep binary-arch + +checkroot: + $(checkdir) + test root = "`whoami`" + +.PHONY: binary binary-arch binary-indep clean checkroot diff --git a/doc/DETAILS b/doc/DETAILS index 554139653..346e809af 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -40,6 +40,62 @@ ssb::1536:20:5CE086B5B5A18FF4:1998-07-07:0::: More fields may be added later. +Format of the "--status-fd" output +================================== +Every line is prefixed with "[GNUPG:] ", followed by a keyword with +the type of the status line and a some arguments depending on the +type (maybe none); an application should always be prepared to see +more argumnents in future versions. + + + GOODSIG <long keyid> <username> + The signature with the keyid is good. + + BADSIG <long keyid> <username> + The signature with the keyid has not been verified okay. + + ERRSIG + It was not possible to check the signature. This may be + caused by a missing public key or an unsupported algorithm. + No argumens yet. + + VALIDSIG <fingerprint in hex> + The signature with the keyid is good. This is the same + as GOODSIG but has the fingerprint as the argument. Both + status lines ere emmited for a good signature. + + TRUST_UNDEFINED + TRUST_NEVER + TRUST_MARGINAL + TRUST_FULLY + TRUST_ULTIMATE + For good signatures one of these status lines are emitted + to indicate how trustworthy the signatur is. No arguments yet. + + SIGEXPIRED + The signature key has expired. No arguments yet. + + KEYREVOKED + The used key has been revoked by his owner. No arguments yet. + + BADARMOR + The ascii armor is corrupted. No arguments yet. + + RSA_OR_IDEA + The RSA or IDEA algorithms has been used in the data. A + program might want to fallback to another program to handle + the data if GnuPG failed. + + SHM_INFO + SHM_GET + SHM_GET_BOOL + SHM_GET_HIDDEN + NEED_PASSPHRASE + [Needs documentation] + + + + Key generation ============== Key generation shows progress by printing different characters to diff --git a/g10/ChangeLog b/g10/ChangeLog index 532fa472b..f42b743b1 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +Sat Jan 9 16:02:23 CET 1999 Werner Koch <[email protected]> + + * sig-check.c (do_check): Output time diff on error + + * status.c (STATUS_VALIDSIG): New. + (is_status_enabled): New. + * mainproc.c (check_sig_and_print): Issue that status message. + + * plaintext.c (special_md_putc): Removed + + * armor.c (armor_filter): print error for truncated lines. + + * free-packet.c (free_encrypted): Revomed call to set_block_mode. + (free_plaintext): Ditto. + Thu Jan 7 18:00:58 CET 1999 Werner Koch <[email protected]> * pkclist.c (add_ownertrust): Fixed return value. diff --git a/g10/armor.c b/g10/armor.c index be0e69bf0..1d58c4146 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -1,5 +1,5 @@ /* armor.c - Armor flter - * Copyright (C) 1998,1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -254,415 +254,6 @@ parse_hash_header( const char *line ) -#if 0 /* old code */ -/**************** - * parse an ascii armor. - * Returns: the state, - * the remaining bytes in BUF are returned in RBUFLEN. - * r_empty return the # of empty lines before the buffer - */ -static fhdr_state_t -find_header( fhdr_state_t state, byte *buf, size_t *r_buflen, - IOBUF a, size_t n, unsigned *r_empty, int *r_hashes, - int only_keyblocks, int *not_dashed ) -{ - int c=0, i; - const char *s; - byte *p; - size_t buflen; - int cont; - int clearsig=0; - int hdr_line=0; - unsigned empty = 0; - - buflen = *r_buflen; - assert(buflen >= 100 ); - buflen -= 4; /* reserved room for CR,LF, and two extra */ - do { - switch( state ) { - case fhdrHASArmor: - /* read at least the first byte to check whether it is armored - * or not */ - c = 0; - for(n=0; n < 28 && (c=iobuf_get(a)) != -1 && c != '\n'; ) - buf[n++] = c; - if( !n && c == '\n' ) - state = fhdrCHECKBegin; - else if( !n || c == -1 ) - state = fhdrNOArmor; /* too short */ - else if( !is_armored( buf ) ) { - state = fhdrNOArmor; - if( c == '\n' ) - buf[n++] = c; - } - else if( c == '\n' ) - state = fhdrCHECKBegin; - else - state = fhdrINITCont; - break; - - case fhdrINIT: /* read some stuff into buffer */ - n = 0; - case fhdrINITCont: /* read more stuff into buffer */ - c = 0; - for(; n < buflen && (c=iobuf_get(a)) != -1 && c != '\n'; ) - buf[n++] = c; - state = c == '\n' ? fhdrCHECKBegin : - c == -1 ? fhdrEOF : fhdrINITSkip; - break; - - case fhdrINITSkip: - if( c == '\n' ) - n = 0; - else { - while( (c=iobuf_get(a)) != -1 && c != '\n' ) - ; - } - state = c == -1? fhdrEOF : fhdrINIT; - break; - - case fhdrSKIPHeader: - while( (c=iobuf_get(a)) != -1 && c != '\n' ) - ; - state = c == -1? fhdrEOF : fhdrWAITHeader; - break; - - case fhdrWAITHeader: /* wait for Header lines */ - c = 0; - for(n=0; n < buflen && (c=iobuf_get(a)) != -1 && c != '\n'; ) - buf[n++] = c; - buf[n] = 0; - if( n < buflen || c == '\n' ) { - if( n && buf[0] != '\r') { /* maybe a header */ - if( strchr( buf, ':') ) { /* yes */ - int hashes=0; - if( buf[n-1] == '\r' ) - buf[--n] = 0; - if( opt.verbose ) { - log_info(_("armor header: ")); - print_string( stderr, buf, n, 0 ); - putc('\n', stderr); - } - if( clearsig && !(hashes=parse_hash_header( buf )) ) { - if( strlen(buf) > 15 - && !memcmp( buf, "NotDashEscaped:", 15 ) ) { - *not_dashed = 1; - state = fhdrWAITHeader; - } - else { - log_error(_("invalid clearsig header\n")); - state = fhdrERROR; - } - } - else { - state = fhdrWAITHeader; - if( r_hashes ) - *r_hashes |= hashes; - } - } - else if( clearsig && n > 15 && !memcmp(buf, "-----", 5 ) ) - state = fhdrNullClearsig; - else - state = fhdrCHECKDashEscaped3; - } - else if( !n || (buf[0] == '\r' && !buf[1]) ) { /* empty line */ - if( clearsig ) - state = fhdrWAITClearsig; - else { - /* this is not really correct: if we do not have - * a clearsig and no armor lines we are not allowed - * to have an empty line */ - n = 0; - state = fhdrTEXT; - } - } - else { - log_error(_("invalid armor header: ")); - print_string( stderr, buf, n, 0 ); - putc('\n', stderr); - state = fhdrERROR; - } - } - else if( c != -1 ) { - if( strchr( buf, ':') ) { /* buffer to short, but this is okay*/ - if( opt.verbose ) { - log_info(_("armor header: ")); - print_string( stderr, buf, n, 0 ); - fputs("[...]\n", stderr); /* indicate it is truncated */ - } - state = fhdrSKIPHeader; /* skip rest of line */ - } - else /* line too long */ - state = fhdrERROR; - } - else - state = fhdrEOF; - break; - - case fhdrWAITClearsig: /* skip the empty line (for clearsig) */ - c = 0; - for(n=0; n < buflen && (c=iobuf_get(a)) != -1 && c != '\n'; ) - buf[n++] = c; - if( c != -1 ) { - if( n > 15 && !memcmp(buf, "-----", 5 ) ) - state = fhdrNullClearsig; - else if( c != '\n' ) - state = fhdrREADClearsigNext; - else - state = fhdrCHECKDashEscaped3; - } - else { - /* fixme: we should check whether this line continues - * it is possible that we have only read ws until here - * and more stuff is to come */ - state = fhdrEOF; - } - break; - - case fhdrNullClearsig: /* zero length cleartext */ - state = fhdrENDClearsig; - break; - - case fhdrENDClearsig: - case fhdrCHECKBegin: - state = state == fhdrCHECKBegin ? fhdrINITSkip : fhdrERRORShow; - if( n < 15 ) - break; /* too short */ - if( memcmp( buf, "-----", 5 ) ) - break; - buf[n] = 0; - p = strstr(buf+5, "-----"); - if( !p ) - break; - *p = 0; - p += 5; - if( *p == '\r' ) - p++; - if( *p ) - break; /* garbage after dashes */ - p = buf+5; - for(i=0; (s=head_strings[i]); i++ ) - if( !strcmp(s, p) ) - break; - if( !s ) - break; /* unknown begin line */ - if( only_keyblocks && i != 1 && i != 5 && i != 6 ) - break; /* not a keyblock armor */ - - /* found the begin line */ - hdr_line = i; - state = fhdrWAITHeader; - *not_dashed = 0; - if( hdr_line == BEGIN_SIGNED_MSG_IDX ) - clearsig = 1; - if( opt.verbose > 1 ) - log_info(_("armor: %s\n"), head_strings[hdr_line]); - break; - - case fhdrCLEARSIGSimple: - /* we are at the begin of a new line */ - case fhdrCLEARSIGSimpleNext: - n = 0; - c = 0; - while( n < buflen && (c=iobuf_get(a)) != -1 ) { - buf[n++] = c; - if( c == '\n' ) - break; - } - buf[n] = 0; - if( c == -1 ) - state = fhdrEOF; - else if( state == fhdrCLEARSIGSimple - && n > 15 && !memcmp(buf, "-----", 5 ) ) { - if( c == '\n' ) - buf[n-1] = 0; - state = fhdrENDClearsig; - } - else if( c == '\n' ) - state = fhdrCLEARSIGSimple; - else - state = fhdrCLEARSIGSimpleNext; - break; - - case fhdrCLEARSIG: - case fhdrEMPTYClearsig: - case fhdrREADClearsig: - /* we are at the start of a line: read a clearsig into the buffer - * we have to look for a header line or dashed escaped text*/ - n = 0; - c = 0; - while( n < buflen && (c=iobuf_get(a)) != -1 && c != '\n' ) - buf[n++] = c; - buf[n] = 0; - if( c == -1 ) - state = fhdrEOF; - else if( !n || ( buf[0]=='\r' && !buf[1] ) ) { - state = fhdrEMPTYClearsig; - empty++; - } - else if( c == '\n' ) - state = fhdrCHECKClearsig2; - else - state = fhdrCHECKClearsig; - break; - - case fhdrCHECKDashEscaped3: - if( *not_dashed ) { - state = fhdrTEXTSimple; - break; - } - if( !(n > 1 && buf[0] == '-' && buf[1] == ' ' ) ) { - state = fhdrTEXT; - break; - } - /* fall through */ - case fhdrCHECKDashEscaped2: - case fhdrCHECKDashEscaped: - /* check dash escaped line */ - if( buf[2] == '-' || ( n > 6 && !memcmp(buf+2, "From ", 5))) { - for(i=2; i < n; i++ ) - buf[i-2] = buf[i]; - n -= 2; - buf[n] = 0; /* not really needed */ - state = state == fhdrCHECKDashEscaped3 ? fhdrTEXT : - state == fhdrCHECKDashEscaped2 ? - fhdrREADClearsig : fhdrTESTSpaces; - } - else { - log_error(_("invalid dash escaped line: ")); - print_string( stderr, buf, n, 0 ); - putc('\n', stderr); - state = fhdrERROR; - } - break; - - case fhdrCHECKClearsig: - /* check the clearsig line */ - if( n > 15 && !memcmp(buf, "-----", 5 ) ) - state = fhdrENDClearsig; - else if( buf[0] == '-' && buf[1] == ' ' && !*not_dashed ) - state = fhdrCHECKDashEscaped; - else { - state = fhdrTESTSpaces; - } - break; - - case fhdrCHECKClearsig2: - /* check the clearsig line */ - if( n > 15 && !memcmp(buf, "-----", 5 ) ) - state = fhdrENDClearsig; - else if( buf[0] == '-' && buf[1] == ' ' && !*not_dashed ) - state = fhdrCHECKDashEscaped2; - else { - state = fhdrREADClearsig; - } - break; - - case fhdrREADClearsigNext: - /* Read to the end of the line, do not care about checking - * for dashed escaped text of headers */ - c = 0; - n = 0; - while( n < buflen && (c=iobuf_get(a)) != -1 && c != '\n' ) - buf[n++] = c; - buf[n] = 0; - if( c == -1 ) - state = fhdrEOF; - else if( c == '\n' ) - state = fhdrREADClearsig; - else - state = fhdrTESTSpaces; - break; - - case fhdrTESTSpaces: { - /* but must check whether the rest of the line - * only contains white spaces; this is problematic - * since we may have to restore the stuff. simply - * counting spaces is not enough, because it may be a - * mix of different white space characters */ - IOBUF b = iobuf_temp(); - while( (c=iobuf_get(a)) != -1 && c != '\n' ) { - iobuf_put(b,c); - if( c != ' ' && c != '\t' && c != '\r' ) - break; - } - if( c == '\n' ) { - /* okay we can skip the rest of the line */ - iobuf_close(b); - state = fhdrREADClearsig; - } - else { - iobuf_unget_and_close_temp(a,b); - state = fhdrREADClearsigNext; - } - } break; - - case fhdrERRORShow: - log_error(_("invalid clear text header: ")); - print_string( stderr, buf, n, 0 ); - putc('\n', stderr); - state = fhdrERROR; - break; - - default: BUG(); - } - switch( state ) { - case fhdrINIT: - case fhdrINITCont: - case fhdrINITSkip: - case fhdrCHECKBegin: - case fhdrWAITHeader: - case fhdrWAITClearsig: - case fhdrSKIPHeader: - case fhdrEMPTYClearsig: - case fhdrCHECKClearsig: - case fhdrCHECKClearsig2: - case fhdrCHECKDashEscaped: - case fhdrCHECKDashEscaped2: - case fhdrCHECKDashEscaped3: - case fhdrTESTSpaces: - case fhdrERRORShow: - cont = 1; - break; - default: cont = 0; - } - } while( cont ); - - if( clearsig && state == fhdrTEXT ) { - state = fhdrCLEARSIG; - } - else if( clearsig && state == fhdrTEXTSimple ) { - state = fhdrCLEARSIGSimple; - buf[n] = '\n'; - n++; - } - - if( state == fhdrCLEARSIG || state == fhdrREADClearsig ) { - /* append CR,LF after removing trailing wspaces */ - for(p=buf+n-1; n; n--, p-- ) { - assert( *p != '\n' ); - if( *p != ' ' && *p != '\t' && *p != '\r' ) { - p[1] = '\r'; - p[2] = '\n'; - n += 2; - break; - } - } - if( !n ) { - buf[0] = '\r'; - buf[1] = '\n'; - n = 2; - } - } - - fprintf(stderr,"ARMOR READ (state=%d): %.*s", state, n, buf ); - - *r_buflen = n; - *r_empty = empty; - return state; -} -#endif - static unsigned trim_trailing_spaces( byte *line, unsigned len ) @@ -909,8 +500,10 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, else { while( len < size && afx->buffer_pos < afx->buffer_len ) buf[len++] = afx->buffer[afx->buffer_pos++]; - buf[len++] = '\r'; - buf[len++] = '\n'; + if( afx->buffer_pos >= afx->buffer_len ) { + buf[len++] = '\r'; + buf[len++] = '\n'; + } if( len >= size ) continue; } @@ -948,8 +541,8 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, putc('\n', stderr); } lastline = 1; - assert( len >= 4 ); - len -= 2; /* remove the last CR,LF */ + if( len >= 2 ) + len -= 2; /* remove the last CR,LF */ rc = -1; } } @@ -958,7 +551,7 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, buf[0] = (len-2) >> 8; buf[1] = (len-2); if( lastline ) { /* write last (ending) length header */ - if( buf[0] && buf[1] ) { /* only if we have some text */ + if( buf[0] || buf[1] ) { /* only if we have some text */ buf[len++] = 0; buf[len++] = 0; } @@ -1134,7 +727,7 @@ armor_filter( void *opaque, int control, int idx, idx2; size_t n=0; u32 crc; - #if 1 + #if 0 static FILE *fp ; if( !fp ) { @@ -1232,7 +825,7 @@ armor_filter( void *opaque, int control, } else rc = radix64_read( afx, a, &n, buf, size ); - #if 1 + #if 0 if( n ) if( fwrite(buf, n, 1, fp ) != 1 ) BUG(); @@ -1367,6 +960,9 @@ armor_filter( void *opaque, int control, } else if( !afx->any_data && !afx->inp_bypass ) log_error(_("no valid OpenPGP data found.\n")); + if( afx->truncated ) + log_info(_("invalid armor: line longer than %d characters\n"), + MAX_LINELEN ); m_free( afx->buffer ); afx->buffer = NULL; } diff --git a/g10/build-packet.c b/g10/build-packet.c index 5b952f153..a1eb12623 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -426,7 +426,7 @@ do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt ) { int i, rc = 0; u32 n; - byte buf[1000]; /* FIXME: this buffer has the plaintext! */ + byte buf[1000]; /* this buffer has the plaintext! */ int nbytes; write_header(out, ctb, calc_plaintext( pt ) ); diff --git a/g10/encr-data.c b/g10/encr-data.c index d44d6c245..c5967c23b 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -1,5 +1,5 @@ /* encr-data.c - process an encrypted data packet - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -79,10 +79,12 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) cipher_setiv( dfx.cipher_hd, NULL ); if( ed->len ) { - /*iobuf_set_limit( ed->buf, ed->len );*/ - - for(i=0; i < (blocksize+2) && ed->len; i++, ed->len-- ) - temp[i] = iobuf_get(ed->buf); + for(i=0; i < (blocksize+2) && ed->len; i++, ed->len-- ) { + if( (c=iobuf_get(ed->buf)) == -1 ) + break; + else + temp[i] = c; + } } else { for(i=0; i < (blocksize+2); i++ ) @@ -100,13 +102,6 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) } iobuf_push_filter( ed->buf, decode_filter, &dfx ); proc_packets(ed->buf); - #if 0 - iobuf_pop_filter( ed->buf, decode_filter, &dfx ); - if( ed->len ) - iobuf_set_limit( ed->buf, 0 ); /* disable the readlimit */ - else - iobuf_clear_eof( ed->buf ); - #endif ed->buf = NULL; cipher_close(dfx.cipher_hd); return 0; diff --git a/g10/free-packet.c b/g10/free-packet.c index 3e3c9d054..e953b0d45 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -264,7 +264,6 @@ free_encrypted( PKT_encrypted *ed ) if( iobuf_in_block_mode(ed->buf) ) { while( iobuf_get(ed->buf) != -1 ) ; - iobuf_set_block_mode(ed->buf, 0); } else { for( ; ed->len; ed->len-- ) /* skip the packet */ @@ -282,7 +281,6 @@ free_plaintext( PKT_plaintext *pt ) if( iobuf_in_block_mode(pt->buf) ) { while( iobuf_get(pt->buf) != -1 ) ; - iobuf_set_block_mode(pt->buf, 0); } else { for( ; pt->len; pt->len-- ) /* skip the packet */ diff --git a/g10/mainproc.c b/g10/mainproc.c index f1df39f2c..6b69eefa1 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -278,7 +278,7 @@ proc_plaintext( CTX c, PACKET *pkt ) md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); } - md_start_debug( c->mfx.md, "verify" ); + /*md_start_debug( c->mfx.md, "verify" );*/ rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); if( rc == G10ERR_CREATE_FILE && !c->sigs_only) { /* can't write output but we hash it anyway to @@ -849,6 +849,24 @@ check_sig_and_print( CTX c, KBNODE node ) print_keyid( stderr, sig->keyid ); putc('\"', stderr); putc('\n', stderr); + if( !rc && is_status_enabled() ) { + /* print a status response with the fingerprint */ + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); + + if( !get_pubkey( pk, sig->keyid ) ) { + byte array[MAX_FINGERPRINT_LEN], *p; + char buf[MAX_FINGERPRINT_LEN*2+1]; + size_t i, n; + + fingerprint_from_pk( pk, array, &n ); + p = array; + for(i=0; i < n ; i++, p++ ) + sprintf(buf+2*i, "%02X", *p ); + write_status_text( STATUS_VALIDSIG, buf ); + } + free_public_key( pk ); + } + if( !rc ) rc = check_signatures_trust( sig ); if( rc ) diff --git a/g10/plaintext.c b/g10/plaintext.c index c5c6685f4..887b583f6 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -1,5 +1,5 @@ /* plaintext.c - process an plaintext packet - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -35,46 +35,6 @@ #include "i18n.h" -/**************** - * Defer the last CR,LF - */ -static void -special_md_putc( MD_HANDLE md, int c, int *state ) -{ - if( c == -1 ) { /* flush */ - if( *state == 1 ) { - md_putc(md, '\r'); - } - - *state = 0; - return; - } - again: - switch( *state ) { - case 0: - if( c == '\r' ) - *state = 1; - else - md_putc(md, c ); - break; - case 1: - if( c == '\n' ) - *state = 2; - else { - md_putc(md, '\r'); - *state = 0; - goto again; - } - break; - case 2: - md_putc(md, '\r'); - md_putc(md, '\n'); - *state = 0; - goto again; - default: BUG(); - } -} - /**************** * Handle a plaintext packet. If MFX is not NULL, update the MDs @@ -91,7 +51,6 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, int rc = 0; int c; int convert = pt->mode == 't'; - int special_state = 0; /* create the filename as C string */ if( nooutput ) @@ -137,12 +96,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, rc = G10ERR_READ_FILE; goto leave; } - if( mfx->md ) { - if( 0 && convert && clearsig ) - special_md_putc(mfx->md, c, &special_state ); - else - md_putc(mfx->md, c ); - } + if( mfx->md ) + md_putc(mfx->md, c ); if( convert && !clearsig && c == '\r' ) continue; /* fixme: this hack might be too simple */ if( fp ) { @@ -157,12 +112,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, } else { while( (c = iobuf_get(pt->buf)) != -1 ) { - if( mfx->md ) { - if( 0 && convert && clearsig ) - special_md_putc(mfx->md, c, &special_state ); - else - md_putc(mfx->md, c ); - } + if( mfx->md ) + md_putc(mfx->md, c ); if( convert && !clearsig && c == '\r' ) continue; /* fixme: this hack might be too simple */ if( fp ) { @@ -176,8 +127,6 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, } pt->buf = NULL; } - if( 0 && mfx->md && convert && clearsig ) - special_md_putc(mfx->md, -1, &special_state ); /* flush */ if( fp && fp != stdout && fclose(fp) ) { log_error("Error closing `%s': %s\n", fname, strerror(errno) ); diff --git a/g10/sig-check.c b/g10/sig-check.c index 2e9fd47eb..2460cd09a 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -162,7 +162,10 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) cur_time = make_timestamp(); if( pk->timestamp > cur_time ) { - log_info(_("public key created in future (time warp or clock problem)\n")); + ulong d = pk->timestamp - cur_time; + log_info(_("public key created %lu %s " + "in future (time warp or clock problem)\n"), + d, d==1? _("second"):_("seconds") ); return G10ERR_TIME_CONFLICT; } diff --git a/g10/sign.c b/g10/sign.c index 0fac451bf..abb6e9d44 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -637,7 +637,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) PKT_secret_key *sk = sk_rover->sk; md_enable(textmd, hash_for(sk->pubkey_algo)); } - md_start_debug( textmd, "create" ); + /*md_start_debug( textmd, "create" );*/ if( !opt.not_dash_escaped ) iobuf_push_filter( inp, text_filter, &tfx ); rc = write_dash_escaped( inp, out, textmd ); diff --git a/g10/status.c b/g10/status.c index 71a4e8341..4ed91d2d9 100644 --- a/g10/status.c +++ b/g10/status.c @@ -56,6 +56,11 @@ set_status_fd ( int newfd ) fd = newfd; } +int +is_status_enabled() +{ + return fd != -1; +} void write_status ( int no ) @@ -92,6 +97,7 @@ write_status_text ( int no, const char *text) case STATUS_SHM_GET_BOOL : s = "SHM_GET_BOOL\n"; break; case STATUS_SHM_GET_HIDDEN : s = "SHM_GET_HIDDEN\n"; break; case STATUS_NEED_PASSPHRASE: s = "NEED_PASSPHRASE\n"; break; + case STATUS_VALIDSIG : s = "VALIDSIG\n"; break; default: s = "?\n"; break; } diff --git a/g10/status.h b/g10/status.h index fa1583687..e0f552b60 100644 --- a/g10/status.h +++ b/g10/status.h @@ -48,9 +48,11 @@ #define STATUS_SHM_GET_HIDDEN 19 #define STATUS_NEED_PASSPHRASE 20 +#define STATUS_VALIDSIG 21 /*-- status.c --*/ void set_status_fd ( int fd ); +int is_status_enabled ( void ); void write_status ( int no ); void write_status_text ( int no, const char *text ); diff --git a/mpi/ChangeLog b/mpi/ChangeLog index 9d79660e3..2a49d403b 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,7 @@ +Sat Jan 9 16:02:23 CET 1999 Werner Koch <[email protected]> + + * mpi-cmp.c (mpi_cmp_ui): Normalized the arg. + Thu Jan 7 18:00:58 CET 1999 Werner Koch <[email protected]> * mpi-bit.c (mpi_normalize): New. diff --git a/mpi/mpi-bit.c b/mpi/mpi-bit.c index 227a929bb..00aa5d086 100644 --- a/mpi/mpi-bit.c +++ b/mpi/mpi-bit.c @@ -1,5 +1,5 @@ /* mpi-bit.c - MPI bit level fucntions - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/mpi/mpi-cmp.c b/mpi/mpi-cmp.c index 3c3c76b7c..2a6cdbf1c 100644 --- a/mpi/mpi-cmp.c +++ b/mpi/mpi-cmp.c @@ -1,5 +1,5 @@ /* mpi-cmp.c - MPI functions - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -28,6 +28,7 @@ mpi_cmp_ui( MPI u, unsigned long v ) { mpi_limb_t limb = v; + mpi_normalize( u ); if( !u->nlimbs && !limb ) return 0; if( u->sign ) diff --git a/util/ChangeLog b/util/ChangeLog index 641d6231d..596dd8f2c 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,8 @@ +Sat Jan 9 16:02:23 CET 1999 Werner Koch <[email protected]> + + * secmem.c (lock_pool): add another check that setuid() worked. + (secmem_init): Ditto. + Thu Jan 7 18:00:58 CET 1999 Werner Koch <[email protected]> * iobuf.c (iobuf_clear_eof): Removed. diff --git a/util/iobuf.c b/util/iobuf.c index 755da1d82..b6314527a 100644 --- a/util/iobuf.c +++ b/util/iobuf.c @@ -1,5 +1,5 @@ /* iobuf.c - file handling - * Copyright (C) 1998,1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -401,6 +401,24 @@ block_filter(void *opaque, int control, IOBUF chain, byte *buf, size_t *ret_len) } +static void +print_chain( IOBUF a ) +{ + if( !DBG_IOBUF ) + return; + for(; a; a = a->chain ) { + size_t dummy_len = 0; + const char *desc = "[none]"; + + if( a->filter ) + a->filter( a->filter_ov, IOBUFCTRL_DESC, NULL, + (byte*)&desc, &dummy_len ); + + log_debug("iobuf chain: %d.%d `%s' filter_eof=%d start=%d len=%d\n", + a->no, a->subno, desc, a->filter_eof, + a->d.start, a->d.len ); + } +} /**************** * Allocate a new io buffer, with no function assigned. @@ -709,8 +727,7 @@ iobuf_push_filter( IOBUF a, if( DBG_IOBUF ) { log_debug("iobuf-%d.%d: push `%s'\n", a->no, a->subno, a->desc ); - for(b=a; b; b = b->chain ) - log_debug("\tchain: %d.%d `%s'\n", b->no, b->subno, b->desc ); + print_chain( a ); } /* now we can initialize the new function if we have one */ @@ -804,14 +821,15 @@ underflow(IOBUF a) return -1; /* EOF because a temp buffer can't do an underflow */ if( a->filter_eof ) { - if( a->chain ) { + if( a->chain && a->filter_eof == 1 ) { IOBUF b = a->chain; + if( DBG_IOBUF ) + log_debug("iobuf-%d.%d: pop `%s' in underflow\n", + a->no, a->subno, a->desc ); m_free(a->d.buf); memcpy(a, b, sizeof *a); m_free(b); - if( DBG_IOBUF ) - log_debug("iobuf-%d.%d: popped filter in underflow\n", - a->no, a->subno ); + print_chain(a); } else a->filter_eof = 0; @@ -844,9 +862,17 @@ underflow(IOBUF a) len = a->d.size; rc = a->filter( a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, a->d.buf, &len ); - if( DBG_IOBUF ) + if( DBG_IOBUF ) { log_debug("iobuf-%d.%d: underflow: req=%lu got=%lu rc=%d\n", a->no, a->subno, (ulong)a->d.size, (ulong)len, rc ); + #if 0 + if( a->no == 7 ) { + print_string(stderr, a->d.buf, len, 0 ); + putc('\n', stderr ); + } + #endif + + } if( a->usage == 1 && rc == -1 ) { /* EOF: we can remove the filter */ size_t dummy_len; @@ -860,12 +886,16 @@ underflow(IOBUF a) a->filter_eof = 1; if( !len && a->chain ) { IOBUF b = a->chain; + if( DBG_IOBUF ) + log_debug("iobuf-%d.%d: pop `%s' in underflow (!len)\n", + a->no, a->subno, a->desc ); + print_chain(a); m_free(a->d.buf); memcpy(a,b, sizeof *a); m_free(b); - if( DBG_IOBUF ) - log_debug("iobuf-%d.%d: popped filter in underflow (!len)\n", - a->no, a->subno ); + print_chain(a); + + } } else if( rc ) @@ -1009,6 +1039,7 @@ iobuf_peek(IOBUF a, byte *buf, unsigned buflen ) if( a->filter_eof ) return -1; + if( !(a->d.start < a->d.len) ) { if( underflow(a) == -1 ) return -1; @@ -1275,7 +1306,8 @@ iobuf_set_block_mode( IOBUF a, size_t n ) assert( a->usage == 1 || a->usage == 2 ); ctx->usage = a->usage; if( !n ) { - log_debug("pop_filter called in set_block_mode - please report\n"); + if( a->usage == 1 ) + log_debug("pop_filter called in set_block_mode - please report\n"); pop_filter(a, block_filter, NULL ); } else { @@ -1296,7 +1328,9 @@ iobuf_set_partial_block_mode( IOBUF a, size_t len ) assert( a->usage == 1 || a->usage == 2 ); ctx->usage = a->usage; if( !len ) { - log_debug("pop_filter called in set_partial_block_mode - please report\n"); + if( a->usage == 1 ) + log_debug("pop_filter called in set_partial_block_mode" + " - please report\n"); pop_filter(a, block_filter, NULL ); } else { diff --git a/util/secmem.c b/util/secmem.c index 30396f3c3..e9bc05abd 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -1,5 +1,5 @@ /* secmem.c - memory allocation from a secure heap - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998,1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -104,7 +104,7 @@ lock_pool( void *p, size_t n ) #endif if( uid && !geteuid() ) { - if( setuid( uid ) ) + if( setuid( uid ) || getuid() != geteuid() ) log_fatal("failed to reset uid: %s\n", strerror(errno)); } @@ -223,7 +223,7 @@ secmem_init( size_t n ) disable_secmem=1; uid = getuid(); if( uid != geteuid() ) { - if( setuid( uid ) ) + if( setuid( uid ) || getuid() != geteuid() ) log_fatal("failed to drop setuid\n" ); } #endif |