security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

See ChangeLog: Sat Jan 9 16:02:23 CET 1999 Werner Koch

Browse Source
This commit is contained in:
Werner Koch 1999-01-09 15:06:59 +00:00
parent 7d0efec7cf
commit 002b1a8632
35 changed files with 829 additions and 521 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* configure.in: Add a way to statically link rndunix
Sun Jan 3 15:28:44 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* acinclude.m4 (GNUPG_CHECK_RDYNAMIC): New.

9
NEWS
View File

@ -8,6 +8,15 @@
fixed an infinite loop bug in the 3DES code and in the code
which looks for trusted signatures.
* Fixed a bug in the mpi library which caused signatures not to
compare okay.
* Rewrote the handling of cleartext signatures; the code is now
better maintainable (I hope so).
* New status output VALIDSIG only for valid signatures together
with the fingerprint of the signer's key.
Noteworthy changes in version 0.9.0
-----------------------------------

201
THOUGHTS Normal file
View File

@ -0,0 +1,201 @@
/* we still have these if a signed signed more than one
* user ID. I don't think that is makes sense to sign
* more than one user ID; an exception might be a user ID
* which is to be removed in near future. Anyway it is
* always good to sign only those user ID which are
* unlikely to change. It might be good to insert a
* user ID which does not contain an email address and
* mark this one with a special signature flag or let
* sign_key() suggest a user ID w/o an email address
*/
* What shall we do if we have a valid subkey revocation certificate
but no subkey binding? Is this a valid but revoked key?
Date: Mon, 4 Jan 1999 19:34:29 -0800 (PST)
From: Matthew Skala <mskala@ansuz.sooke.bc.ca>
- Signing with an expired key doesn't work by default, does work with a
special option.
- Verifying a signature that appears to have been made by an expired key
after its expiry date but is otherwise good reports the signature as BAD,
preferably with a message indicating that it's a key-expiry problem rather
than a cryptographically bad signature.
- Verifying a signature from a key that is now expired, where the
signature was made before the expiry date, reports the signature as
GOOD, possibly with a warning that the key has since expired.
- Encrypting to an expired key doesn't work by default, does work with a
special option.
- Decrypting always works, if you have the appropriate secret key and
passphrase.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Werner..
I was looking at some of the PROJECTS items in the recent gpg CVS and wanted
to comment on one of them:
* Add a way to override the current cipher/md implementations
by others (using extensions)
As you know I've been thinking about how to use a PalmPilot or an iButton in
some useful way in GPG. The two things that seem reasonable are:
1) keep the secret key in the device, only transferring it to the host
computer for the duration of the secret-key operation (sign or decrypt).
The key is never kept on disk, only in RAM. This removes the chance that
casual snooping on your office workstation will reveal your key (it
doesn't help against an active attack, but the attacker must leave a
tampered version of GPG around or otherwise get their code to run while
the key-storage device is attached to attack the key)
2) perform the secret-key operation on the device, so the secret key never
leaves the confines of that device. There are still attacks possible,
based upon talking to the device while it is connected and trying to
convince the device (and possibly the user) that it is the real GPG,
but in general this protects the key pretty strongly. Any individual
message is still vulnerable, but that's a tradeoff of the convenience of
composing that message on a full-sized screen+keyboard (plus the added
speed of encryption) vs. the security of writing the message on a
secure device.
I think there are a variety of ways of implementing these things, but a few
extension mechanisms in GPG should be enough to try various ways later on.
1) pass an argument string to loadable extension modules (maybe
gpg --load-extension foofish=arg1,arg2,arg3 ?)
2) allow multiple instances of the same extension module (presumably with
different arguments)
3) allow extension modules to use stdin/stdout/stderr as normal (probably
already in there), for giving feedback to the user, or possibly asking them
for a password of some sort
4) have an extension to provide secret keys:
It looks like most of the hooks for this are already in place, it just
needs an extension module which can register itself as a keyblock resource.
I'm thinking of a module for this that is given an external program name as
an argument. When the keyblock resource is asked to enumerate its keys, it
runs the external program (first with a "0" argument, then a "1", and so on
until the program reports that no more keys are available). The external
program returns one (possibly armored) secret key block each time. The
program might have some kind of special protocol to talk to the storage
device. One thing that comes to mind is to simply include a random number
in the message sent over the serial port: the program would display this
number, the Pilot at the other end would display the number it receives, if
the user sees that both are the same they instruct the Pilot to release the
key, as basic protection against someone else asking for the key while it
is attached. More sophisticated schemes are possible depending upon how
much processing power and IO is available on the device. But the same
extension module should be able to handle as complex a scheme as one could
wish.
The current keyblock-resource interface would work fine, although it
might be more convenient if a resource could be asked for a key by id
instead of enumerating all of them and then searching through the resulting
list for a match. A module that provided public keys would have to work this
way (imagine a module that could automatically do an http fetch for a
particular key.. easily-added automatic key fetching). Without that ability
to fetch by id (which would require it to fall back to the other keyblock
resources if it failed), the user's device might be asked to release the
key even though some other secret key was the one needed.
5) have an extension to perform a secret-key operation without the actual
secret key material
basically something to indicate that any decrypt or sign operations that
occur for a specific keyid should call the extension module instead. The
secret key would not be extracted (it wouldn't be available anyway). The
module is given the keyid and the MPI of the block it is supposed to sign
or decrypt.
The module could then run an external program to do the operation. I'm
imagining a Pilot program which receives the data, asks the user if it can go
along with the operation (after displaying a hash of the request, which is
also displayed by the extension module's program to make sure the Pilot is
being asked to do the right operation), performs the signature or decryption,
then returns the data. This protocol could be made arbitrarily complex, with
a D-H key to encrypt the link, and both sides signing requests to
authenticate one to the other (although this transforms the the problem of
getting your secret key off your office workstation into the problem of
your workstation holding a key tells your Pilot that it is allowed to perform
the secret key operation, and if someone gets a hold of that key they may
be able to trick your pilot [plugged in somewhere else] to do the same thing
for them).
This is basically red/black separation, with the Pilot or iButton having the
perimeter beyond which the red data doesn't pass. Better than the secret-key
storage device but requires a lot more power on the device (the new iButtons
with the exponentiator could do it, but it would take way too much code space
on the old ones, although they would be fine for just carrying the keys).
The signature code might need to be extended to verify the signature you just
made, since an active intruder pretending to the the Pilot wouldn't be able to
make a valid signature (but they might sign your message with a different key
just to be annoying).
Anyway, just wanted to share my thoughts on some possibilities. I've been
carrying this little Java iButton on my keyring for months now, looking for
something cool to do with it, and I think that secure storage for my GPG key
would be just the right application.
cheers,
-Brian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.4.5 (GNU/Linux)
Comment: For info finger gcrypt@ftp.guug.de
iD8DBQE2c5oZkDmgv9E5zEwRArAwAKDWV5fpTtbGPiMPgl2Bpp0gvhbfQgCgzJuY
AmIQTk4s62/y2zMAHDdOzK0=
=jr7m
-----END PGP SIGNATURE-----
About a new Keyserver (discussion with Allan Clark <allanc@sco.com>):
=====================
Some ideas:
o the KS should verify signatures and only accept those
which are good.
o Keep a blacklist of known bad signatures to minimize
the time needed to check them
o Should be fast - I currently designing a new storage
system called keybox which takes advantage of the fact
that the keyID is higly random and can be directly be
used as a hash value and this keyID is (for v4 keys)
part of the fingerprint: So it is possible to use the
fingerprint as key but do an lookup by the keyID.
o To be used as the "public keyring" in a LAN so that there
is no need to keep one on every machine.
o Allow more that one file for key storage.
o Use the HKS protocol and enhance it in a way that binary
keyrings can be transmitted. (I already wrote some
http server and client code which can be used for this)
o Keep a checkcsum (hash) of the entire keyblock so that a
client can easy check whether this keyblock has changed.
(keyblock = the entire key with all certificates etc.)
o Allow efficient propagation of new keys and revocation
certificates.
Probably more things but this keyserver is not a goal for the
1.0 release. Someone should be able to fix some of the limitations
of the existing key servers (I think they bail out on some rfc2440
packet formats).

3
TODO
View File

@ -22,7 +22,7 @@ Important
* print a warning when a revoked/expired secret key is used.
* Allow the use of a the faked RNG onyl for keys which are
* Allow the use of a the faked RNG only for keys which are
flagged as INSECURE.
@ -55,6 +55,5 @@ Nice to have
* Burn the buffers used by fopen(), or use read(2). Does this
really make sense?
* change the fake_data stuff to mpi_set_opaque
* rewrite the ugly armor code.

6
cipher/ChangeLog
View File

@ -1,3 +1,9 @@
Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* rndunix.c (gather_random): check for setuid.
* Makefile.am: Add a way to staically link random modules
Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* md.c (md_stop_debug): Do a flush first.

14
cipher/Makefile.am
View File

@ -1,18 +1,18 @@
## Process this file with automake to produce Makefile.in
gnupg_extensions = tiger twofish rndunix
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
noinst_LIBRARIES = libcipher.a
EXTRA_PROGRAMS = tiger twofish rndunix rndlinux
if ENABLE_GNUPG_EXTENSIONS
pkglib_PROGRAMS = $(gnupg_extensions)
pkglib_PROGRAMS = @DYNAMIC_CIPHER_MODS@ @DYNAMIC_RANDOM_MODS@
else
pkglib_PROGRAMS =
endif
DYNLINK_MOD_CFLAGS = -DIS_MODULE @DYNLINK_MOD_CFLAGS@
DYNLINK_MOD_CFLAGS = -DIS_MODULE @DYNLINK_MOD_CFLAGS@
libcipher_a_SOURCES = cipher.c \
pubkey.c \
@ -33,7 +33,6 @@ libcipher_a_SOURCES = cipher.c \
random.h \
random.c \
rand-internal.h \
rndlinux.c \
rmd.h \
rmd160.c \
sha1.h \
@ -43,9 +42,14 @@ libcipher_a_SOURCES = cipher.c \
g10c.c \
smallprime.c
EXTRA_libcipher_a_SOURCES = rndlinux.c rndunix.c
EXTRA_tiger_SOURCES = tiger.c
EXTRA_twofish_SOURCES = twofish.c
libcipher_a_DEPENDENCIES = @STATIC_RANDOM_OBJS@ @STATIC_CIPHER_OBJS@
libcipher_a_LIBADD = @STATIC_RANDOM_OBJS@ @STATIC_CIPHER_OBJS@
tiger: $(srcdir)/tiger.c
`echo $(COMPILE) $(DYNLINK_MOD_CFLAGS) -o tiger $(srcdir)/tiger.c | \

2
cipher/md.c
View File

@ -1,5 +1,5 @@
/* md.c - message digest dispatcher
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998,1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*

4
cipher/random.c
View File

@ -122,13 +122,9 @@ initialize()
#elif USE_RNDUNIX
rndunix_constructor();
#elif USE_RNDW32
rndw32_constructor();
#elif USE_RNDOS2
rndos2_constructor();
#elif USE_RNDATARI
rndatari_constructor();
#elif USE_RNDMVS
rndmvs_constructor();
#endif
}

4
cipher/rndunix.c
View File

@ -2,6 +2,7 @@
* *
* BeOS Randomness-Gathering Code *
* Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1998 *
* Copyright (C) 1998, 1999 Werner Koch
* *
****************************************************************************/
@ -678,6 +679,9 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
size_t n;
if( !gatherer_pid ) {
/* make sure we are not setuid */
if( getuid() != geteuid() )
BUG();
/* time to start the gatherer process */
if( pipe( pipedes ) ) {
g10_log_error("pipe() failed: %s\n", strerror(errno));

42
configure.in
View File

@ -259,6 +259,48 @@ else
fi
dnl
dnl Figure how to link the random modules
dnl
if test "$ac_cv_have_dev_random" = yes; then
AC_DEFINE(USE_RNDLINUX)
STATIC_RANDOM_OBJS="rndlinux.o"
DYNAMIC_RANDOM_MODS=""
else
case "${target}" in
i386--mingw32)
AC_DEFINE(USE_RNDW32)
STATIC_RANDOM_OBJS=""
DYNAMIC_RANDOM_MODS=""
;;
m68k-atari-mint)
AC_DEFINE(USE_RNDATARI)
STATIC_RANDOM_OBJS=""
DYNAMIC_RANDOM_MODS=""
;;
*)
AC_DEFINE(USE_RNDUNIX)
STATIC_RANDOM_OBJS="rndunix.o"
DYNAMIC_RANDOM_MODS=""
;;
esac
fi
AC_SUBST(STATIC_RANDOM_OBJS)
AC_SUBST(DYNAMIC_RANDOM_MODS)
dnl
dnl Figure how to link the cipher modules
dnl
dnl (form now these are only dynamic)
STATIC_CIPHER_OBJS=""
DYNAMIC_CIPHER_MODS="twofish tiger"
AC_SUBST(STATIC_CIPHER_OBJS)
AC_SUBST(DYNAMIC_CIPHER_MODS)
dnl setup assembler stuff
AC_MSG_CHECKING(for mpi assembler functions)
if test -f $srcdir/mpi/config.links ; then

16
debian/README.Debian vendored Normal file
View File

@ -0,0 +1,16 @@
Due to a bug in the way secret keys were encrypted in versions prior
to 0.3.3, later version of gnupg are not backwards compatible and you
will have to convert your secret keys before using old secret keys
with recent versions of gnupg.
The upgrade strategy is described in /usr/doc/gnupg/NEWS.gz, please
refer to it for more details, but it requires an old copy of the gpg
and gpgm binaries. They may be on your system as gpg.old and
gpgm.old, but if they're not you can find gnupg 0.3.2 source and
binaries for i386, m68k, alpha, powerpc and hurd-i386 at:
<URL:http://james.nocrew.org/gnupg/>
--
James Troup <james@nocrew.org>, Bradford, UK
Sun, 8 Nov 1998 19:11:40 +0000

166
debian/changelog vendored Normal file
View File

@ -0,0 +1,166 @@
gnupg (0.9.0-1) unstable; urgency=low
* New upstream version.
* g10/armor.c (armor_filter): add missing new line in comment string; as
noticed by Stainless Steel Rat <ratinox@peorth.gweep.net>.
-- James Troup <james@nocrew.org> Tue, 29 Dec 1998 20:22:43 +0000
gnupg (0.4.5-1) unstable; urgency=low
* New upstream version.
* debian/rules (clean): force removal of intl/libintl.h which the
Makefiles fail to remove properly.
-- James Troup <james@nocrew.org> Tue, 8 Dec 1998 22:40:23 +0000
gnupg (0.4.4-1) unstable; urgency=low
* New upstream version.
-- James Troup <james@nocrew.org> Sat, 21 Nov 1998 01:34:29 +0000
gnupg (0.4.3-1) unstable; urgency=low
* New upstream version.
* debian/README.Debian: new file; contains same information as is in the
preinst. Suggested by Wichert Akkerman <wichert@cs.leidenuniv.nl>.
* debian/rules (binary-arch): install `README.Debian'
* debian/control (Standards-Version): updated to 2.5.0.0.
-- James Troup <james@nocrew.org> Sun, 8 Nov 1998 19:08:12 +0000
gnupg (0.4.2-1) unstable; urgency=low
* New upstream version.
* debian/preinst: improve message about the NEWS file which isn't
actually installed when it's referred to, thanks to Martin Mitchell
<martin@debian.org>.
* debian/rules (binary-arch): don't install the now non-existent `rfcs',
but do install `OpenPGP'.
-- James Troup <james@nocrew.org> Sun, 18 Oct 1998 22:48:34 +0100
gnupg (0.4.1-1) unstable; urgency=low
* New upstream version.
* debian/rules (binary-arch): fix the gpgm manpage symlink now installed
by `make install'.
-- James Troup <james@nocrew.org> Sun, 11 Oct 1998 17:01:21 +0100
gnupg (0.4.0-1) unstable; urgency=high
* New upstream version. [#26717]
* debian/copyright: tone down warning about alpha nature of gnupg.
* debian/copyright: new maintainer address.
* debian/control: update extended description.
* debian/rules (binary-arch): install FAQ and all ChangeLogs.
* debian/preinst: new; check for upgrade from (<= 0.3.2-1) and warn about
incompatabilites in keyring format and offer to move old copy out of
gpg out of the way for transistion strategy and inform the user about
the old copies of gnupg available on my web page.
* debian/rules (binary-arch) install preinst.
* debian/rules (binary-arch): don't depend on the test target as it is
now partially interactive (tries to generate a key, which requires
someone else to be using the computer).
-- James Troup <james@nocrew.org> Thu, 8 Oct 1998 00:47:07 +0100
gnupg (0.3.2-1) unstable; urgency=low
* New upstream version.
* debian/control (Maintainer): new address.
* debian/copyright: updated list of changes.
-- James Troup <james@nocrew.org> Thu, 9 Jul 1998 21:06:07 +0200
gnupg (0.3.1-1) unstable; urgency=low
* New upstream version.
-- James Troup <james@nocrew.org> Tue, 7 Jul 1998 00:26:21 +0200
gnupg (0.3.0-2) unstable; urgency=low
* Applied bug-fix patch from Werner.
-- James Troup <jjtroup@comp.brad.ac.uk> Fri, 26 Jun 1998 12:18:29 +0200
gnupg (0.3.0-1) unstable; urgency=low
* New upstream version.
* debian/control: rewrote short and long description.
* cipher/Makefile.am: link tiger with -lc.
* debian/rules (binary-arch): strip loadable modules.
* util/secmem.c (lock_pool): get rid of errant test code; fix from
Werner Koch <wk@isil.d.shuttle.de>.
* debian/rules (test): new target which runs gnupg's test suite.
binary-arch depends on it, to ensure it's run whenever the package is
built.
-- James Troup <jjtroup@comp.brad.ac.uk> Thu, 25 Jun 1998 16:04:57 +0200
gnupg (0.2.19-1) unstable; urgency=low
* New upstream version.
* debian/control: Updated long description.
-- James Troup <jjtroup@comp.brad.ac.uk> Sat, 30 May 1998 12:12:35 +0200
gnupg (0.2.18-1) unstable; urgency=low
* New upstream version.
-- James Troup <J.J.Troup@comp.brad.ac.uk> Sat, 16 May 1998 11:52:47 +0200
gnupg (0.2.17-1) unstable; urgency=high
* New upstream version.
* debian/control (Standards-Version): updated to 2.4.1.0.
* debian/control: tone down warning about alpha nature of gnupg, as per
README.
* debian/copyright: ditto.
-- James Troup <jjtroup@comp.brad.ac.uk> Mon, 4 May 1998 22:36:51 +0200
gnupg (0.2.15-1) unstable; urgency=high
* New upstream version.
-- James Troup <jjtroup@comp.brad.ac.uk> Fri, 10 Apr 1998 01:12:20 +0100
gnupg (0.2.13-1) unstable; urgency=high
* New upstream version.
-- James Troup <jjtroup@comp.brad.ac.uk> Wed, 11 Mar 1998 01:52:51 +0000
gnupg (0.2.12-1) unstable; urgency=low
* New upstream version.
-- James Troup <jjtroup@comp.brad.ac.uk> Sat, 7 Mar 1998 13:52:40 +0000
gnupg (0.2.11-1) unstable; urgency=low
* New upstream version.
-- James Troup <jjtroup@comp.brad.ac.uk> Wed, 4 Mar 1998 01:32:12 +0000
gnupg (0.2.10-1) unstable; urgency=low
* New upstream version.
* Name changed upstream.
-- James Troup <jjtroup@comp.brad.ac.uk> Mon, 2 Mar 1998 07:32:05 +0000
g10 (0.2.7-1) unstable; urgency=low
* Initial release.
-- James Troup <jjtroup@comp.brad.ac.uk> Fri, 20 Feb 1998 02:05:34 +0000
Local variables:
mode: debian-changelog
End:

23
debian/control vendored Normal file
View File

@ -0,0 +1,23 @@
Source: gnupg
Section: utils
Priority: optional
Maintainer: James Troup <james@nocrew.org>
Standards-Version: 2.5.0.0
Package: gnupg
Architecture: any
Depends: ${shlibs:Depends}
Description: GNU privacy guard - a free PGP replacement.
GNUPG is the GNU encryption and signing tool. As you can see from the
version number, the program may have some bugs and some features may not
work at all.
.
Due to the fact that GNUPG does not use use any patented algorithm,
it cannot be compatible to old PGP versions, because those use
IDEA (which is worldwide patented) and RSA (which is patented in
the United States until Sep 20, 2000).
.
GNUPG is in almost all aspects compatible with other OpenPGP
implementations. The default algorithms are DSA and ELGamal.
Symmetric algorithms are: Blowfish and CAST5, Digest algorithms are
MD5, RIPEMD160, SHA1 and TIGER/192.

30
debian/copyright vendored Normal file
View File

@ -0,0 +1,30 @@
This is Debian/GNU Linux's prepackaged version of GNUPG, a free PGP
replacement. As you can see from the version number, the program may
have some bugs and some features may not work at all.
This package was put together by me, James Troup
<james@nocrew.org>, from the sources, which I obtained from
ftp://ftp.guug.de/pub/gcrypt/gnupg-0.9.0.tar.gz. The changes were
minimal, namely:
- adding support for the Debian package maintenance scheme, by adding
various debian/* files.
Program Copyright (C) 1997, 1998 Werner Koch (dd9jn).
Modifications for Debian Copyright (C) 1998 James Troup.
GNUPG is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNUPG is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License with
your Debian GNU/Linux system, in /usr/doc/copyright/GPL, or with the
Debian GNU/Linux gnupg source package as the file COPYING. If not,
write to the Free Software Foundation, Inc., 59 Temple Place, Suite
330, Boston, MA 02111-1307, USA.

7
debian/distfiles vendored Normal file
View File

@ -0,0 +1,7 @@
README.Debian
changelog
control
copyright
distfiles
preinst
rules

47
debian/preinst vendored Normal file
View File

@ -0,0 +1,47 @@
#!/bin/sh
set -e
case "$1" in
upgrade|install)
# Try to gracefully handle upgrades from a pre-0.3.3 version
if [ ! -z $2 ]; then
set +e
dpkg --compare-versions $2 \<= 0.3.2-1
result=$?
set -e
if [ $result = 0 ]; then
cat <<EOF
Due to a bug in the way secret keys were encrypted in versions prior
to 0.3.3, this version of gnupg is not backwards compatible with $2
which you have (had) installed on your system.
There is an upgrade strategy (see /usr/doc/gnupg/NEWS.gz after this
version is installed), but it requires an old copy of the gpg and gpgm
EOF
echo -n "binaries; shall I make copies of them for you (Y/n)? "
read answer
if [ ! "$answer" = "n" -a ! "$answer" = "N" ]; then
cp /usr/bin/gpg /usr/bin/gpg.old
cp /usr/bin/gpgm /usr/bin/gpgm.old
echo "Okay, done. The old versions are /usr/bin/gpg*.old"
else
echo "Okay, I haven't made backups."
fi;
cat <<EOF
If at any stage you need a pre-0.3.3 gnupg, you can find source and
binaries for i386, m68k, alpha, powerpc and hurd-i386 at
http://james.nocrew.org/gnupg/
Press return to continue
EOF
read foo
fi;
fi;
;;
abort-upgrade)
;;
esac

72
debian/rules vendored Normal file
View File

@ -0,0 +1,72 @@
#!/usr/bin/make -f
# debian/rules file - for GNUPG (0.9.0)
# Based on sample debian/rules file - for GNU Hello (1.3).
# Copyright 1994,1995 by Ian Jackson.
# Copyright 1998 James Troup
# I hereby give you perpetual unlimited permission to copy,
# modify and relicense this file, provided that you do not remove
# my name from the file itself. (I assert my moral right of
# paternity under the Copyright, Designs and Patents Act 1988.)
# This file may have to be extensively modified
build:
$(checkdir)
./configure --prefix=/usr --with-included-gettext
$(MAKE) CFLAGS="-O2 -g -Wall"
touch build
test: build
$(checkdir)
make -C checks check || exit 127
touch test
clean:
$(checkdir)
-rm -f build
-$(MAKE) -i distclean || $(MAKE) -f Makefile.in distclean
-rm -rf debian/tmp debian/*~ debian/files* debian/substvars
# Cruft not removed by `make clean'
-rm -f intl/libintl.h
binary-indep:
binary-arch: checkroot build # test
$(checkdir)
-rm -rf debian/tmp
install -d debian/tmp/DEBIAN/
install -m 755 debian/preinst debian/tmp/DEBIAN/preinst
$(MAKE) prefix=`pwd`/debian/tmp/usr install
rm debian/tmp/usr/man/man1/gpgm.1
gzip -9v debian/tmp/usr/man/man1/*
ln -s gpg.1.gz debian/tmp/usr/man/man1/gpgm.1.gz
strip debian/tmp/usr/bin/*
strip --strip-unneeded debian/tmp/usr/lib/gnupg/*
install -d debian/tmp/usr/doc/gnupg/
install -m 644 debian/changelog debian/tmp/usr/doc/gnupg/changelog.Debian
install -m 644 debian/README.Debian README NEWS THANKS TODO doc/DETAILS \
doc/FAQ doc/OpenPGP debian/tmp/usr/doc/gnupg/
for i in po util mpi cipher tools g10 checks include; do \
install -m 644 $$i/ChangeLog debian/tmp/usr/doc/gnupg/changelog.$$i; done
install -m 644 ChangeLog debian/tmp/usr/doc/gnupg/changelog.toplevel
gzip -9v debian/tmp/usr/doc/gnupg/*
ln -s changelog.g10.gz debian/tmp/usr/doc/gnupg/changelog.gz
install -m 644 debian/copyright debian/tmp/usr/doc/gnupg/
dpkg-shlibdeps g10/gpg
dpkg-gencontrol -isp
chown -R root.root debian/tmp
chmod -R go=rX debian/tmp
dpkg --build debian/tmp ..
define checkdir
test -f g10/g10.c -a -f debian/rules
endef
# Below here is fairly generic really
binary: binary-indep binary-arch
checkroot:
$(checkdir)
test root = "`whoami`"
.PHONY: binary binary-arch binary-indep clean checkroot

56
doc/DETAILS
View File

@ -40,6 +40,62 @@ ssb::1536:20:5CE086B5B5A18FF4:1998-07-07:0:::
More fields may be added later.
Format of the "--status-fd" output
==================================
Every line is prefixed with "[GNUPG:] ", followed by a keyword with
the type of the status line and a some arguments depending on the
type (maybe none); an application should always be prepared to see
more argumnents in future versions.
GOODSIG <long keyid> <username>
The signature with the keyid is good.
BADSIG <long keyid> <username>
The signature with the keyid has not been verified okay.
ERRSIG
It was not possible to check the signature. This may be
caused by a missing public key or an unsupported algorithm.
No argumens yet.
VALIDSIG <fingerprint in hex>
The signature with the keyid is good. This is the same
as GOODSIG but has the fingerprint as the argument. Both
status lines ere emmited for a good signature.
TRUST_UNDEFINED
TRUST_NEVER
TRUST_MARGINAL
TRUST_FULLY
TRUST_ULTIMATE
For good signatures one of these status lines are emitted
to indicate how trustworthy the signatur is. No arguments yet.
SIGEXPIRED
The signature key has expired. No arguments yet.
KEYREVOKED
The used key has been revoked by his owner. No arguments yet.
BADARMOR
The ascii armor is corrupted. No arguments yet.
RSA_OR_IDEA
The RSA or IDEA algorithms has been used in the data. A
program might want to fallback to another program to handle
the data if GnuPG failed.
SHM_INFO
SHM_GET
SHM_GET_BOOL
SHM_GET_HIDDEN
NEED_PASSPHRASE
[Needs documentation]
Key generation
==============
Key generation shows progress by printing different characters to

15
g10/ChangeLog
View File

@ -1,3 +1,18 @@
Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* sig-check.c (do_check): Output time diff on error
* status.c (STATUS_VALIDSIG): New.
(is_status_enabled): New.
* mainproc.c (check_sig_and_print): Issue that status message.
* plaintext.c (special_md_putc): Removed
* armor.c (armor_filter): print error for truncated lines.
* free-packet.c (free_encrypted): Revomed call to set_block_mode.
(free_plaintext): Ditto.
Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* pkclist.c (add_ownertrust): Fixed return value.

430
g10/armor.c
View File

@ -1,5 +1,5 @@
/* armor.c - Armor flter
* Copyright (C) 1998,1999 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -254,415 +254,6 @@ parse_hash_header( const char *line )
#if 0 /* old code */
/****************
* parse an ascii armor.
* Returns: the state,
* the remaining bytes in BUF are returned in RBUFLEN.
* r_empty return the # of empty lines before the buffer
*/
static fhdr_state_t
find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
IOBUF a, size_t n, unsigned *r_empty, int *r_hashes,
int only_keyblocks, int *not_dashed )
{
int c=0, i;
const char *s;
byte *p;
size_t buflen;
int cont;
int clearsig=0;
int hdr_line=0;
unsigned empty = 0;
buflen = *r_buflen;
assert(buflen >= 100 );
buflen -= 4; /* reserved room for CR,LF, and two extra */
do {
switch( state ) {
case fhdrHASArmor:
/* read at least the first byte to check whether it is armored
* or not */
c = 0;
for(n=0; n < 28 && (c=iobuf_get(a)) != -1 && c != '\n'; )
buf[n++] = c;
if( !n && c == '\n' )
state = fhdrCHECKBegin;
else if( !n || c == -1 )
state = fhdrNOArmor; /* too short */
else if( !is_armored( buf ) ) {
state = fhdrNOArmor;
if( c == '\n' )
buf[n++] = c;
}
else if( c == '\n' )
state = fhdrCHECKBegin;
else
state = fhdrINITCont;
break;
case fhdrINIT: /* read some stuff into buffer */
n = 0;
case fhdrINITCont: /* read more stuff into buffer */
c = 0;
for(; n < buflen && (c=iobuf_get(a)) != -1 && c != '\n'; )
buf[n++] = c;
state = c == '\n' ? fhdrCHECKBegin :
c == -1 ? fhdrEOF : fhdrINITSkip;
break;
case fhdrINITSkip:
if( c == '\n' )
n = 0;
else {
while( (c=iobuf_get(a)) != -1 && c != '\n' )
;
}
state = c == -1? fhdrEOF : fhdrINIT;
break;
case fhdrSKIPHeader:
while( (c=iobuf_get(a)) != -1 && c != '\n' )
;
state = c == -1? fhdrEOF : fhdrWAITHeader;
break;
case fhdrWAITHeader: /* wait for Header lines */
c = 0;
for(n=0; n < buflen && (c=iobuf_get(a)) != -1 && c != '\n'; )
buf[n++] = c;
buf[n] = 0;
if( n < buflen || c == '\n' ) {
if( n && buf[0] != '\r') { /* maybe a header */
if( strchr( buf, ':') ) { /* yes */
int hashes=0;
if( buf[n-1] == '\r' )
buf[--n] = 0;
if( opt.verbose ) {
log_info(_("armor header: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
}
if( clearsig && !(hashes=parse_hash_header( buf )) ) {
if( strlen(buf) > 15
&& !memcmp( buf, "NotDashEscaped:", 15 ) ) {
*not_dashed = 1;
state = fhdrWAITHeader;
}
else {
log_error(_("invalid clearsig header\n"));
state = fhdrERROR;
}
}
else {
state = fhdrWAITHeader;
if( r_hashes )
*r_hashes |= hashes;
}
}
else if( clearsig && n > 15 && !memcmp(buf, "-----", 5 ) )
state = fhdrNullClearsig;
else
state = fhdrCHECKDashEscaped3;
}
else if( !n || (buf[0] == '\r' && !buf[1]) ) { /* empty line */
if( clearsig )
state = fhdrWAITClearsig;
else {
/* this is not really correct: if we do not have
* a clearsig and no armor lines we are not allowed
* to have an empty line */
n = 0;
state = fhdrTEXT;
}
}
else {
log_error(_("invalid armor header: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
state = fhdrERROR;
}
}
else if( c != -1 ) {
if( strchr( buf, ':') ) { /* buffer to short, but this is okay*/
if( opt.verbose ) {
log_info(_("armor header: "));
print_string( stderr, buf, n, 0 );
fputs("[...]\n", stderr); /* indicate it is truncated */
}
state = fhdrSKIPHeader; /* skip rest of line */
}
else /* line too long */
state = fhdrERROR;
}
else
state = fhdrEOF;
break;
case fhdrWAITClearsig: /* skip the empty line (for clearsig) */
c = 0;
for(n=0; n < buflen && (c=iobuf_get(a)) != -1 && c != '\n'; )
buf[n++] = c;
if( c != -1 ) {
if( n > 15 && !memcmp(buf, "-----", 5 ) )
state = fhdrNullClearsig;
else if( c != '\n' )
state = fhdrREADClearsigNext;
else
state = fhdrCHECKDashEscaped3;
}
else {
/* fixme: we should check whether this line continues
* it is possible that we have only read ws until here
* and more stuff is to come */
state = fhdrEOF;
}
break;
case fhdrNullClearsig: /* zero length cleartext */
state = fhdrENDClearsig;
break;
case fhdrENDClearsig:
case fhdrCHECKBegin:
state = state == fhdrCHECKBegin ? fhdrINITSkip : fhdrERRORShow;
if( n < 15 )
break; /* too short */
if( memcmp( buf, "-----", 5 ) )
break;
buf[n] = 0;
p = strstr(buf+5, "-----");
if( !p )
break;
*p = 0;
p += 5;
if( *p == '\r' )
p++;
if( *p )
break; /* garbage after dashes */
p = buf+5;
for(i=0; (s=head_strings[i]); i++ )
if( !strcmp(s, p) )
break;
if( !s )
break; /* unknown begin line */
if( only_keyblocks && i != 1 && i != 5 && i != 6 )
break; /* not a keyblock armor */
/* found the begin line */
hdr_line = i;
state = fhdrWAITHeader;
*not_dashed = 0;
if( hdr_line == BEGIN_SIGNED_MSG_IDX )
clearsig = 1;
if( opt.verbose > 1 )
log_info(_("armor: %s\n"), head_strings[hdr_line]);
break;
case fhdrCLEARSIGSimple:
/* we are at the begin of a new line */
case fhdrCLEARSIGSimpleNext:
n = 0;
c = 0;
while( n < buflen && (c=iobuf_get(a)) != -1 ) {
buf[n++] = c;
if( c == '\n' )
break;
}
buf[n] = 0;
if( c == -1 )
state = fhdrEOF;
else if( state == fhdrCLEARSIGSimple
&& n > 15 && !memcmp(buf, "-----", 5 ) ) {
if( c == '\n' )
buf[n-1] = 0;
state = fhdrENDClearsig;
}
else if( c == '\n' )
state = fhdrCLEARSIGSimple;
else
state = fhdrCLEARSIGSimpleNext;
break;
case fhdrCLEARSIG:
case fhdrEMPTYClearsig:
case fhdrREADClearsig:
/* we are at the start of a line: read a clearsig into the buffer
* we have to look for a header line or dashed escaped text*/
n = 0;
c = 0;
while( n < buflen && (c=iobuf_get(a)) != -1 && c != '\n' )
buf[n++] = c;
buf[n] = 0;
if( c == -1 )
state = fhdrEOF;
else if( !n || ( buf[0]=='\r' && !buf[1] ) ) {
state = fhdrEMPTYClearsig;
empty++;
}
else if( c == '\n' )
state = fhdrCHECKClearsig2;
else
state = fhdrCHECKClearsig;
break;
case fhdrCHECKDashEscaped3:
if( *not_dashed ) {
state = fhdrTEXTSimple;
break;
}
if( !(n > 1 && buf[0] == '-' && buf[1] == ' ' ) ) {
state = fhdrTEXT;
break;
}
/* fall through */
case fhdrCHECKDashEscaped2:
case fhdrCHECKDashEscaped:
/* check dash escaped line */
if( buf[2] == '-' || ( n > 6 && !memcmp(buf+2, "From ", 5))) {
for(i=2; i < n; i++ )
buf[i-2] = buf[i];
n -= 2;
buf[n] = 0; /* not really needed */
state = state == fhdrCHECKDashEscaped3 ? fhdrTEXT :
state == fhdrCHECKDashEscaped2 ?
fhdrREADClearsig : fhdrTESTSpaces;
}
else {
log_error(_("invalid dash escaped line: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
state = fhdrERROR;
}
break;
case fhdrCHECKClearsig:
/* check the clearsig line */
if( n > 15 && !memcmp(buf, "-----", 5 ) )
state = fhdrENDClearsig;
else if( buf[0] == '-' && buf[1] == ' ' && !*not_dashed )
state = fhdrCHECKDashEscaped;
else {
state = fhdrTESTSpaces;
}
break;
case fhdrCHECKClearsig2:
/* check the clearsig line */
if( n > 15 && !memcmp(buf, "-----", 5 ) )
state = fhdrENDClearsig;
else if( buf[0] == '-' && buf[1] == ' ' && !*not_dashed )
state = fhdrCHECKDashEscaped2;
else {
state = fhdrREADClearsig;
}
break;
case fhdrREADClearsigNext:
/* Read to the end of the line, do not care about checking
* for dashed escaped text of headers */
c = 0;
n = 0;
while( n < buflen && (c=iobuf_get(a)) != -1 && c != '\n' )
buf[n++] = c;
buf[n] = 0;
if( c == -1 )
state = fhdrEOF;
else if( c == '\n' )
state = fhdrREADClearsig;
else
state = fhdrTESTSpaces;
break;
case fhdrTESTSpaces: {
/* but must check whether the rest of the line
* only contains white spaces; this is problematic
* since we may have to restore the stuff. simply
* counting spaces is not enough, because it may be a
* mix of different white space characters */
IOBUF b = iobuf_temp();
while( (c=iobuf_get(a)) != -1 && c != '\n' ) {
iobuf_put(b,c);
if( c != ' ' && c != '\t' && c != '\r' )
break;
}
if( c == '\n' ) {
/* okay we can skip the rest of the line */
iobuf_close(b);
state = fhdrREADClearsig;
}
else {
iobuf_unget_and_close_temp(a,b);
state = fhdrREADClearsigNext;
}
} break;
case fhdrERRORShow:
log_error(_("invalid clear text header: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
state = fhdrERROR;
break;
default: BUG();
}
switch( state ) {
case fhdrINIT:
case fhdrINITCont:
case fhdrINITSkip:
case fhdrCHECKBegin:
case fhdrWAITHeader:
case fhdrWAITClearsig:
case fhdrSKIPHeader:
case fhdrEMPTYClearsig:
case fhdrCHECKClearsig:
case fhdrCHECKClearsig2:
case fhdrCHECKDashEscaped:
case fhdrCHECKDashEscaped2:
case fhdrCHECKDashEscaped3:
case fhdrTESTSpaces:
case fhdrERRORShow:
cont = 1;
break;
default: cont = 0;
}
} while( cont );
if( clearsig && state == fhdrTEXT ) {
state = fhdrCLEARSIG;
}
else if( clearsig && state == fhdrTEXTSimple ) {
state = fhdrCLEARSIGSimple;
buf[n] = '\n';
n++;
}
if( state == fhdrCLEARSIG || state == fhdrREADClearsig ) {
/* append CR,LF after removing trailing wspaces */
for(p=buf+n-1; n; n--, p-- ) {
assert( *p != '\n' );
if( *p != ' ' && *p != '\t' && *p != '\r' ) {
p[1] = '\r';
p[2] = '\n';
n += 2;
break;
}
}
if( !n ) {
buf[0] = '\r';
buf[1] = '\n';
n = 2;
}
}
fprintf(stderr,"ARMOR READ (state=%d): %.*s", state, n, buf );
*r_buflen = n;
*r_empty = empty;
return state;
}
#endif
static unsigned
trim_trailing_spaces( byte *line, unsigned len )
@ -909,8 +500,10 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
else {
while( len < size && afx->buffer_pos < afx->buffer_len )
buf[len++] = afx->buffer[afx->buffer_pos++];
buf[len++] = '\r';
buf[len++] = '\n';
if( afx->buffer_pos >= afx->buffer_len ) {
buf[len++] = '\r';
buf[len++] = '\n';
}
if( len >= size )
continue;
}
@ -948,8 +541,8 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
putc('\n', stderr);
}
lastline = 1;
assert( len >= 4 );
len -= 2; /* remove the last CR,LF */
if( len >= 2 )
len -= 2; /* remove the last CR,LF */
rc = -1;
}
}
@ -958,7 +551,7 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
buf[0] = (len-2) >> 8;
buf[1] = (len-2);
if( lastline ) { /* write last (ending) length header */
if( buf[0] && buf[1] ) { /* only if we have some text */
if( buf[0] || buf[1] ) { /* only if we have some text */
buf[len++] = 0;
buf[len++] = 0;
}
@ -1134,7 +727,7 @@ armor_filter( void *opaque, int control,
int idx, idx2;
size_t n=0;
u32 crc;
#if 1
#if 0
static FILE *fp ;
if( !fp ) {
@ -1232,7 +825,7 @@ armor_filter( void *opaque, int control,
}
else
rc = radix64_read( afx, a, &n, buf, size );
#if 1
#if 0
if( n )
if( fwrite(buf, n, 1, fp ) != 1 )
BUG();
@ -1367,6 +960,9 @@ armor_filter( void *opaque, int control,
}
else if( !afx->any_data && !afx->inp_bypass )
log_error(_("no valid OpenPGP data found.\n"));
if( afx->truncated )
log_info(_("invalid armor: line longer than %d characters\n"),
MAX_LINELEN );
m_free( afx->buffer );
afx->buffer = NULL;
}

2
g10/build-packet.c
View File

@ -426,7 +426,7 @@ do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt )
{
int i, rc = 0;
u32 n;
byte buf[1000]; /* FIXME: this buffer has the plaintext! */
byte buf[1000]; /* this buffer has the plaintext! */
int nbytes;
write_header(out, ctb, calc_plaintext( pt ) );

19
g10/encr-data.c
View File

@ -1,5 +1,5 @@
/* encr-data.c - process an encrypted data packet
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -79,10 +79,12 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
cipher_setiv( dfx.cipher_hd, NULL );
if( ed->len ) {
/*iobuf_set_limit( ed->buf, ed->len );*/
for(i=0; i < (blocksize+2) && ed->len; i++, ed->len-- )
temp[i] = iobuf_get(ed->buf);
for(i=0; i < (blocksize+2) && ed->len; i++, ed->len-- ) {
if( (c=iobuf_get(ed->buf)) == -1 )
break;
else
temp[i] = c;
}
}
else {
for(i=0; i < (blocksize+2); i++ )
@ -100,13 +102,6 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
}
iobuf_push_filter( ed->buf, decode_filter, &dfx );
proc_packets(ed->buf);
#if 0
iobuf_pop_filter( ed->buf, decode_filter, &dfx );
if( ed->len )
iobuf_set_limit( ed->buf, 0 ); /* disable the readlimit */
else
iobuf_clear_eof( ed->buf );
#endif
ed->buf = NULL;
cipher_close(dfx.cipher_hd);
return 0;

2
g10/free-packet.c
View File

@ -264,7 +264,6 @@ free_encrypted( PKT_encrypted *ed )
if( iobuf_in_block_mode(ed->buf) ) {
while( iobuf_get(ed->buf) != -1 )
;
iobuf_set_block_mode(ed->buf, 0);
}
else {
for( ; ed->len; ed->len-- ) /* skip the packet */
@ -282,7 +281,6 @@ free_plaintext( PKT_plaintext *pt )
if( iobuf_in_block_mode(pt->buf) ) {
while( iobuf_get(pt->buf) != -1 )
;
iobuf_set_block_mode(pt->buf, 0);
}
else {
for( ; pt->len; pt->len-- ) /* skip the packet */

20
g10/mainproc.c
View File

@ -278,7 +278,7 @@ proc_plaintext( CTX c, PACKET *pkt )
md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
}
md_start_debug( c->mfx.md, "verify" );
/*md_start_debug( c->mfx.md, "verify" );*/
rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
if( rc == G10ERR_CREATE_FILE && !c->sigs_only) {
/* can't write output but we hash it anyway to
@ -849,6 +849,24 @@ check_sig_and_print( CTX c, KBNODE node )
print_keyid( stderr, sig->keyid );
putc('\"', stderr);
putc('\n', stderr);
if( !rc && is_status_enabled() ) {
/* print a status response with the fingerprint */
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
if( !get_pubkey( pk, sig->keyid ) ) {
byte array[MAX_FINGERPRINT_LEN], *p;
char buf[MAX_FINGERPRINT_LEN*2+1];
size_t i, n;
fingerprint_from_pk( pk, array, &n );
p = array;
for(i=0; i < n ; i++, p++ )
sprintf(buf+2*i, "%02X", *p );
write_status_text( STATUS_VALIDSIG, buf );
}
free_public_key( pk );
}
if( !rc )
rc = check_signatures_trust( sig );
if( rc )

61
g10/plaintext.c
View File

@ -1,5 +1,5 @@
/* plaintext.c - process an plaintext packet
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -35,46 +35,6 @@
#include "i18n.h"
/****************
* Defer the last CR,LF
*/
static void
special_md_putc( MD_HANDLE md, int c, int *state )
{
if( c == -1 ) { /* flush */
if( *state == 1 ) {
md_putc(md, '\r');
}
*state = 0;
return;
}
again:
switch( *state ) {
case 0:
if( c == '\r' )
*state = 1;
else
md_putc(md, c );
break;
case 1:
if( c == '\n' )
*state = 2;
else {
md_putc(md, '\r');
*state = 0;
goto again;
}
break;
case 2:
md_putc(md, '\r');
md_putc(md, '\n');
*state = 0;
goto again;
default: BUG();
}
}
/****************
* Handle a plaintext packet. If MFX is not NULL, update the MDs
@ -91,7 +51,6 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
int rc = 0;
int c;
int convert = pt->mode == 't';
int special_state = 0;
/* create the filename as C string */
if( nooutput )
@ -137,12 +96,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
rc = G10ERR_READ_FILE;
goto leave;
}
if( mfx->md ) {
if( 0 && convert && clearsig )
special_md_putc(mfx->md, c, &special_state );
else
md_putc(mfx->md, c );
}
if( mfx->md )
md_putc(mfx->md, c );
if( convert && !clearsig && c == '\r' )
continue; /* fixme: this hack might be too simple */
if( fp ) {
@ -157,12 +112,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
}
else {
while( (c = iobuf_get(pt->buf)) != -1 ) {
if( mfx->md ) {
if( 0 && convert && clearsig )
special_md_putc(mfx->md, c, &special_state );
else
md_putc(mfx->md, c );
}
if( mfx->md )
md_putc(mfx->md, c );
if( convert && !clearsig && c == '\r' )
continue; /* fixme: this hack might be too simple */
if( fp ) {
@ -176,8 +127,6 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
}
pt->buf = NULL;
}
if( 0 && mfx->md && convert && clearsig )
special_md_putc(mfx->md, -1, &special_state ); /* flush */
if( fp && fp != stdout && fclose(fp) ) {
log_error("Error closing `%s': %s\n", fname, strerror(errno) );

5
g10/sig-check.c
View File

@ -162,7 +162,10 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
cur_time = make_timestamp();
if( pk->timestamp > cur_time ) {
log_info(_("public key created in future (time warp or clock problem)\n"));
ulong d = pk->timestamp - cur_time;
log_info(_("public key created %lu %s "
"in future (time warp or clock problem)\n"),
d, d==1? _("second"):_("seconds") );
return G10ERR_TIME_CONFLICT;
}

2
g10/sign.c
View File

@ -637,7 +637,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
PKT_secret_key *sk = sk_rover->sk;
md_enable(textmd, hash_for(sk->pubkey_algo));
}
md_start_debug( textmd, "create" );
/*md_start_debug( textmd, "create" );*/
if( !opt.not_dash_escaped )
iobuf_push_filter( inp, text_filter, &tfx );
rc = write_dash_escaped( inp, out, textmd );

6
g10/status.c
View File

@ -56,6 +56,11 @@ set_status_fd ( int newfd )
fd = newfd;
}
int
is_status_enabled()
{
return fd != -1;
}
void
write_status ( int no )
@ -92,6 +97,7 @@ write_status_text ( int no, const char *text)
case STATUS_SHM_GET_BOOL : s = "SHM_GET_BOOL\n"; break;
case STATUS_SHM_GET_HIDDEN : s = "SHM_GET_HIDDEN\n"; break;
case STATUS_NEED_PASSPHRASE: s = "NEED_PASSPHRASE\n"; break;
case STATUS_VALIDSIG : s = "VALIDSIG\n"; break;
default: s = "?\n"; break;
}

2
g10/status.h
View File

@ -48,9 +48,11 @@
#define STATUS_SHM_GET_HIDDEN 19
#define STATUS_NEED_PASSPHRASE 20
#define STATUS_VALIDSIG 21
/*-- status.c --*/
void set_status_fd ( int fd );
int is_status_enabled ( void );
void write_status ( int no );
void write_status_text ( int no, const char *text );

4
mpi/ChangeLog
View File

@ -1,3 +1,7 @@
Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* mpi-cmp.c (mpi_cmp_ui): Normalized the arg.
Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* mpi-bit.c (mpi_normalize): New.

2
mpi/mpi-bit.c
View File

@ -1,5 +1,5 @@
/* mpi-bit.c - MPI bit level fucntions
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*

3
mpi/mpi-cmp.c
View File

@ -1,5 +1,5 @@
/* mpi-cmp.c - MPI functions
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -28,6 +28,7 @@ mpi_cmp_ui( MPI u, unsigned long v )
{
mpi_limb_t limb = v;
mpi_normalize( u );
if( !u->nlimbs && !limb )
return 0;
if( u->sign )

5
util/ChangeLog
View File

@ -1,3 +1,8 @@
Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* secmem.c (lock_pool): add another check that setuid() worked.
(secmem_init): Ditto.
Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* iobuf.c (iobuf_clear_eof): Removed.

60
util/iobuf.c
View File

@ -1,5 +1,5 @@
/* iobuf.c - file handling
* Copyright (C) 1998,1999 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -401,6 +401,24 @@ block_filter(void *opaque, int control, IOBUF chain, byte *buf, size_t *ret_len)
}
static void
print_chain( IOBUF a )
{
if( !DBG_IOBUF )
return;
for(; a; a = a->chain ) {
size_t dummy_len = 0;
const char *desc = "[none]";
if( a->filter )
a->filter( a->filter_ov, IOBUFCTRL_DESC, NULL,
(byte*)&desc, &dummy_len );
log_debug("iobuf chain: %d.%d `%s' filter_eof=%d start=%d len=%d\n",
a->no, a->subno, desc, a->filter_eof,
a->d.start, a->d.len );
}
}
/****************
* Allocate a new io buffer, with no function assigned.
@ -709,8 +727,7 @@ iobuf_push_filter( IOBUF a,
if( DBG_IOBUF ) {
log_debug("iobuf-%d.%d: push `%s'\n", a->no, a->subno, a->desc );
for(b=a; b; b = b->chain )
log_debug("\tchain: %d.%d `%s'\n", b->no, b->subno, b->desc );
print_chain( a );
}
/* now we can initialize the new function if we have one */
@ -804,14 +821,15 @@ underflow(IOBUF a)
return -1; /* EOF because a temp buffer can't do an underflow */
if( a->filter_eof ) {
if( a->chain ) {
if( a->chain && a->filter_eof == 1 ) {
IOBUF b = a->chain;
if( DBG_IOBUF )
log_debug("iobuf-%d.%d: pop `%s' in underflow\n",
a->no, a->subno, a->desc );
m_free(a->d.buf);
memcpy(a, b, sizeof *a);
m_free(b);
if( DBG_IOBUF )
log_debug("iobuf-%d.%d: popped filter in underflow\n",
a->no, a->subno );
print_chain(a);
}
else
a->filter_eof = 0;
@ -844,9 +862,17 @@ underflow(IOBUF a)
len = a->d.size;
rc = a->filter( a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
a->d.buf, &len );
if( DBG_IOBUF )
if( DBG_IOBUF ) {
log_debug("iobuf-%d.%d: underflow: req=%lu got=%lu rc=%d\n",
a->no, a->subno, (ulong)a->d.size, (ulong)len, rc );
#if 0
if( a->no == 7 ) {
print_string(stderr, a->d.buf, len, 0 );
putc('\n', stderr );
}
#endif
}
if( a->usage == 1 && rc == -1 ) { /* EOF: we can remove the filter */
size_t dummy_len;
@ -860,12 +886,16 @@ underflow(IOBUF a)
a->filter_eof = 1;
if( !len && a->chain ) {
IOBUF b = a->chain;
if( DBG_IOBUF )
log_debug("iobuf-%d.%d: pop `%s' in underflow (!len)\n",
a->no, a->subno, a->desc );
print_chain(a);
m_free(a->d.buf);
memcpy(a,b, sizeof *a);
m_free(b);
if( DBG_IOBUF )
log_debug("iobuf-%d.%d: popped filter in underflow (!len)\n",
a->no, a->subno );
print_chain(a);
}
}
else if( rc )
@ -1009,6 +1039,7 @@ iobuf_peek(IOBUF a, byte *buf, unsigned buflen )
if( a->filter_eof )
return -1;
if( !(a->d.start < a->d.len) ) {
if( underflow(a) == -1 )
return -1;
@ -1275,7 +1306,8 @@ iobuf_set_block_mode( IOBUF a, size_t n )
assert( a->usage == 1 || a->usage == 2 );
ctx->usage = a->usage;
if( !n ) {
log_debug("pop_filter called in set_block_mode - please report\n");
if( a->usage == 1 )
log_debug("pop_filter called in set_block_mode - please report\n");
pop_filter(a, block_filter, NULL );
}
else {
@ -1296,7 +1328,9 @@ iobuf_set_partial_block_mode( IOBUF a, size_t len )
assert( a->usage == 1 || a->usage == 2 );
ctx->usage = a->usage;
if( !len ) {
log_debug("pop_filter called in set_partial_block_mode - please report\n");
if( a->usage == 1 )
log_debug("pop_filter called in set_partial_block_mode"
" - please report\n");
pop_filter(a, block_filter, NULL );
}
else {

6
util/secmem.c
View File

@ -1,5 +1,5 @@
/* secmem.c - memory allocation from a secure heap
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998,1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -104,7 +104,7 @@ lock_pool( void *p, size_t n )
#endif
if( uid && !geteuid() ) {
if( setuid( uid ) )
if( setuid( uid ) || getuid() != geteuid() )
log_fatal("failed to reset uid: %s\n", strerror(errno));
}
@ -223,7 +223,7 @@ secmem_init( size_t n )
disable_secmem=1;
uid = getuid();
if( uid != geteuid() ) {
if( setuid( uid ) )
if( setuid( uid ) || getuid() != geteuid() )
log_fatal("failed to drop setuid\n" );
}
#endif