security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-23 15:07:03 +01:00
Code Activity

See ChangeLog: Wed Jan 5 11:51:17 CET 2000 Werner Koch

Browse Source
This commit is contained in:
Werner Koch 2000-01-05 10:46:34 +00:00
parent dae44387d6
commit 1f0c21cc77
14 changed files with 97 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
THANKS
View File

@ -39,6 +39,7 @@ Hendrik Buschkamp buschkamp@rheumanet.org
Holger Schurig holger@d.om.org Holger Schurig holger@d.om.org
Hugh Daniel hugh@toad.com Hugh Daniel hugh@toad.com
Ian McKellar imckellar@harvestroad.com.au Ian McKellar imckellar@harvestroad.com.au
Jan Krueger max@physics.otago.ac.nz
Janusz A. Urbanowicz alex@bofh.torun.pl Janusz A. Urbanowicz alex@bofh.torun.pl
James Troup james@nocrew.org James Troup james@nocrew.org
Jean-loup Gailly gzip@prep.ai.mit.edu Jean-loup Gailly gzip@prep.ai.mit.edu

4
doc/ChangeLog
View File

@ -1,3 +1,7 @@
Wed Jan 5 11:51:17 CET 2000 Werner Koch <wk@gnupg.de>
* FAQ: Enhanced answer for the 3des-s2k bug.
Sat Dec 4 12:30:28 CET 1999 Werner Koch <wk@gnupg.de> Sat Dec 4 12:30:28 CET 1999 Werner Koch <wk@gnupg.de>
* gpg.sgml: Add section about the user ID * gpg.sgml: Add section about the user ID

8
doc/DETAILS
View File

@ -190,6 +190,14 @@ more arguments in future versions.
Marks the end of a file processing which has been started Marks the end of a file processing which has been started
by FILE_START. by FILE_START.
BEGIN_DECRYPTION
END_DECRYPTION
Mark the start and end of the actual decryption process. These
are also emmited when in --list-only mode.
BEGIN_ENCRYPTION
END_ENCRYPTION
Mark the start and end of the actual encryption process.
Key generation Key generation

11
doc/FAQ
View File

@ -350,12 +350,12 @@
hash algorithm to use. hash algorithm to use.
Q: How can a get list of key IDs used to encrypt a message? Q: How can a get list of key IDs used to encrypt a message?
A: gpg --batch --decrypt --status-fd 1 2>/dev/null \ A: gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null \
| awk '/^\[GNUPG:\] ENC_TO / { print $3 }' | awk '/^\[GNUPG:\] ENC_TO / { print $3 }'
Q: PGP 5.x, 6.x does not like my secret key. Q: PGP 5.x, 6.x does not like my secret key.
A: PGP probaly bails out on some private comment packets used by GnuPG. A: PGP probably bails out on some private comment packets used by GnuPG.
These packets are fully in compliance with OpenPGP; however PGP is not These packets are fully in compliance with OpenPGP; however PGP is not
really OpenPGP aware. A workaround is to eport the secret keys with really OpenPGP aware. A workaround is to eport the secret keys with
this command: this command:
@ -364,10 +364,11 @@
Q: I can't decrypt my symmetrical only (-c) encrypted message with Q: I can't decrypt my symmetrical only (-c) encrypted message with
a new version of GnuPG. a new version of GnuPG.
A: There used to be a bug in GnuPG < 1.0.1 which happens only if 3DES A: There used to be a bug in GnuPG < 1.0.1 which happens only if 3DES or
was used for symmetric only encryption (this has never been the default). Twofish has been used for symmetric only encryption (this has never been
the default).
The bug has been fixed but to enable you to decrypt old messages, you The bug has been fixed but to enable you to decrypt old messages, you
should run gpg with the option "--emulate-3des-s2k-bug", decrypt the should run gpg with the option "--emulate-3des-s2k-bug", decrypt the
message and encrypt it again without this option. The option will message and encrypt it again without this option. The option will
be removed in 1.1, so better re/encrypt your message now. be removed in 1.1, so better re-encrypt your message now.

12
doc/gpg.sgml
View File

@ -1104,7 +1104,8 @@ Reset all packet, cipher and digest options to OpenPGP
behavior. Use this option to reset all previous behavior. Use this option to reset all previous
options like --rfc1991, --force-v3-sigs, --s2k-*, options like --rfc1991, --force-v3-sigs, --s2k-*,
--cipher-algo, --digest-algo and --compress-algo to --cipher-algo, --digest-algo and --compress-algo to
OpenPGP compliant values. OpenPGP compliant values. All PGP workarounds are also
disabled.
</para></listitem></varlistentry> </para></listitem></varlistentry>
@ -1232,6 +1233,15 @@ can get a faster listing. The excact behaviour of this option may change
in future versions. in future versions.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<term>--list-only</term>
<listitem><para>
Changes the behaviour of some commands. This is like --dry-run but
different in some cases. The semantic of this command may be extended in
the future. Currently it does only skip the actual decryption pass and
therefore enables a fast listing of the encryption keys.
</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--no-literal</term> <term>--no-literal</term>
<listitem><para> <listitem><para>

18
g10/ChangeLog
View File

@ -1,3 +1,21 @@
Wed Jan 5 11:51:17 CET 2000 Werner Koch <wk@gnupg.de>
* g10.c (main): Reset new global flag opt.pgp2_workarounds
when --openpgp is used.
* mainproc.c (proc_plaintext): Do the PGP2,5 workarounds only
when the global falg is set.
(proc_tree): Ditto.
* textfilter.c (copy_clearsig_text): Ditto.
* armor.c (armor_filter): Ditto.
* g10.c: New option --list-only
* mainproc.c (proc_tree): Don't do it if opt.list_only is active.
(proc_pubkey_enc): Implement option.
* status.h, status.c ({BEGIN,END}_{EN,DE}CRYPTION): New.
* cipher.c (cipher_filter): New status outputs.
* mainproc.c (proc_encrypted): New status outputs.
Fri Dec 31 14:08:15 CET 1999 Werner Koch <wk@gnupg.de> Fri Dec 31 14:08:15 CET 1999 Werner Koch <wk@gnupg.de>
* armor.c (armor_filter): Made the "Comment:" header translatable. * armor.c (armor_filter): Made the "Comment:" header translatable.

3
g10/armor.c
View File

@ -837,7 +837,8 @@ armor_filter( void *opaque, int control,
hashes &= 1|2|4|8; hashes &= 1|2|4|8;
if( !hashes ) { if( !hashes ) {
hashes |= 4; /* default to MD 5 */ hashes |= 4; /* default to MD 5 */
afx->pgp2mode = 1; if( opt.pgp2_workarounds )
afx->pgp2mode = 1;
} }
n=0; n=0;
do { do {

5
g10/cipher.c
View File

@ -33,6 +33,7 @@
#include "packet.h" #include "packet.h"
#include "options.h" #include "options.h"
#include "main.h" #include "main.h"
#include "status.h"
#define MIN_PARTIAL_SIZE 512 #define MIN_PARTIAL_SIZE 512
@ -54,7 +55,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
if( use_mdc ) { if( use_mdc ) {
ed.mdc_method = DIGEST_ALGO_SHA1; ed.mdc_method = DIGEST_ALGO_SHA1;
cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 ); cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 );
md_start_debug( cfx->mdc_hash, "mdccreat" ); /*md_start_debug( cfx->mdc_hash, "mdccreat" );*/
} }
init_packet( &pkt ); init_packet( &pkt );
pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
@ -101,6 +102,7 @@ cipher_filter( void *opaque, int control,
else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */ else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
assert(a); assert(a);
if( !cfx->header ) { if( !cfx->header ) {
write_status( STATUS_BEGIN_ENCRYPTION );
write_header( cfx, a ); write_header( cfx, a );
} }
if( cfx->mdc_hash ) if( cfx->mdc_hash )
@ -121,6 +123,7 @@ cipher_filter( void *opaque, int control,
md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL; md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL;
} }
cipher_close(cfx->cipher_hd); cipher_close(cfx->cipher_hd);
write_status( STATUS_END_ENCRYPTION );
} }
else if( control == IOBUFCTRL_DESC ) { else if( control == IOBUFCTRL_DESC ) {
*(char**)buf = "cipher_filter"; *(char**)buf = "cipher_filter";

7
g10/g10.c
View File

@ -180,6 +180,7 @@ enum cmd_and_opt_values { aNull = 0,
oSetFilesize, oSetFilesize,
oHonorHttpProxy, oHonorHttpProxy,
oFastListMode, oFastListMode,
oListOnly,
oEmu3DESS2KBug, /* will be removed in 1.1 */ oEmu3DESS2KBug, /* will be removed in 1.1 */
aTest }; aTest };
@ -350,6 +351,7 @@ static ARGPARSE_OPTS opts[] = {
{ oSetFilesize, "set-filesize", 20, "@" }, { oSetFilesize, "set-filesize", 20, "@" },
{ oHonorHttpProxy,"honor-http-proxy", 0, "@" }, { oHonorHttpProxy,"honor-http-proxy", 0, "@" },
{ oFastListMode,"fast-list-mode", 0, "@" }, { oFastListMode,"fast-list-mode", 0, "@" },
{ oListOnly, "list-only", 0, "@"},
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"}, { oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
{0} }; {0} };
@ -592,6 +594,7 @@ main( int argc, char **argv )
opt.completes_needed = 1; opt.completes_needed = 1;
opt.marginals_needed = 3; opt.marginals_needed = 3;
opt.max_cert_depth = 5; opt.max_cert_depth = 5;
opt.pgp2_workarounds = 1;
#ifdef __MINGW32__ #ifdef __MINGW32__
opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" ); opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" );
#else #else
@ -700,7 +703,9 @@ main( int argc, char **argv )
case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break; case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
case aSym: set_cmd( &cmd, aSym); break; case aSym: set_cmd( &cmd, aSym); break;
case aDecrypt: set_cmd( &cmd, aDecrypt); break; case aDecrypt: set_cmd( &cmd, aDecrypt); break;
case aEncr: set_cmd( &cmd, aEncr); break; case aEncr: set_cmd( &cmd, aEncr); break;
case aSign: set_cmd( &cmd, aSign ); break; case aSign: set_cmd( &cmd, aSign ); break;
case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break; case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break;
@ -804,6 +809,7 @@ main( int argc, char **argv )
break; break;
case oOpenPGP: case oOpenPGP:
opt.rfc1991 = 0; opt.rfc1991 = 0;
opt.pgp2_workarounds = 0;
opt.escape_from = 0; opt.escape_from = 0;
opt.force_v3_sigs = 0; opt.force_v3_sigs = 0;
opt.compress_keys = 0; /* not mandated but we do it */ opt.compress_keys = 0; /* not mandated but we do it */
@ -880,6 +886,7 @@ main( int argc, char **argv )
case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break; case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
case oHonorHttpProxy: opt.honor_http_proxy = 1; break; case oHonorHttpProxy: opt.honor_http_proxy = 1; break;
case oFastListMode: opt.fast_list_mode = 1; break; case oFastListMode: opt.fast_list_mode = 1; break;
case oListOnly: opt.list_only=1; break;
default : pargs.err = configfp? 1:2; break; default : pargs.err = configfp? 1:2; break;
} }

31
g10/mainproc.c
View File

@ -225,10 +225,14 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
|| is_RSA(enc->pubkey_algo) ) { || is_RSA(enc->pubkey_algo) ) {
if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1]) if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1])
|| !seckey_available( enc->keyid )) ) { || !seckey_available( enc->keyid )) ) {
c->dek = m_alloc_secure( sizeof *c->dek ); if( opt.list_only )
if( (result = get_session_key( enc, c->dek )) ) { result = -1;
/* error: delete the DEK */ else {
m_free(c->dek); c->dek = NULL; c->dek = m_alloc_secure( sizeof *c->dek );
if( (result = get_session_key( enc, c->dek )) ) {
/* error: delete the DEK */
m_free(c->dek); c->dek = NULL;
}
} }
} }
else else
@ -312,10 +316,14 @@ proc_encrypted( CTX c, PACKET *pkt )
print_failed_pkenc( c->failed_pkenc ); print_failed_pkenc( c->failed_pkenc );
write_status( STATUS_BEGIN_DECRYPTION );
/*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/ /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
if( !c->dek && !c->last_was_session_key ) { if( opt.list_only )
result = -1;
else if( !c->dek && !c->last_was_session_key ) {
/* assume this is old conventional encrypted data /* assume this is old conventional encrypted data
* Actually we should use IDEA and MD5 in this case, but becuase * Actually we should use IDEA and MD5 in this case, but because
* IDEA is patented we can't do so */ * IDEA is patented we can't do so */
c->dek = passphrase_to_dek( NULL, 0, c->dek = passphrase_to_dek( NULL, 0,
opt.def_cipher_algo ? opt.def_cipher_algo opt.def_cipher_algo ? opt.def_cipher_algo
@ -347,6 +355,7 @@ proc_encrypted( CTX c, PACKET *pkt )
} }
free_packet(pkt); free_packet(pkt);
c->last_was_session_key = 0; c->last_was_session_key = 0;
write_status( STATUS_END_DECRYPTION );
} }
@ -406,7 +415,7 @@ proc_plaintext( CTX c, PACKET *pkt )
md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
} }
if( only_md5 && !opt.skip_verify ) { if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
/* This is a kludge to work around a bug in pgp2. It does only /* This is a kludge to work around a bug in pgp2. It does only
* catch those mails which are armored. To catch the non-armored * catch those mails which are armored. To catch the non-armored
* pgp mails we could see whether there is the signature packet * pgp mails we could see whether there is the signature packet
@ -1142,7 +1151,7 @@ proc_tree( CTX c, KBNODE node )
KBNODE n1; KBNODE n1;
int rc; int rc;
if( opt.list_packets ) if( opt.list_packets || opt.list_only )
return; return;
c->local_id = 0; c->local_id = 0;
@ -1194,8 +1203,10 @@ proc_tree( CTX c, KBNODE node )
/* detached signature */ /* detached signature */
free_md_filter_context( &c->mfx ); free_md_filter_context( &c->mfx );
c->mfx.md = md_open(sig->digest_algo, 0); c->mfx.md = md_open(sig->digest_algo, 0);
if( sig->digest_algo == DIGEST_ALGO_MD5 if( !opt.pgp2_workarounds )
&& is_RSA( sig->pubkey_algo ) ) { ;
else if( sig->digest_algo == DIGEST_ALGO_MD5
&& is_RSA( sig->pubkey_algo ) ) {
/* enable a workaround for a pgp2 bug */ /* enable a workaround for a pgp2 bug */
c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0 ); c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0 );
} }

2
g10/options.h
View File

@ -33,6 +33,7 @@ struct {
int compress; int compress;
char *outfile; char *outfile;
int dry_run; int dry_run;
int list_only;
int textmode; int textmode;
int batch; /* run in batch mode */ int batch; /* run in batch mode */
int answer_yes; /* answer yes on most questions */ int answer_yes; /* answer yes on most questions */
@ -63,6 +64,7 @@ struct {
int compress_sigs; int compress_sigs;
int always_trust; int always_trust;
int rfc1991; int rfc1991;
int pgp2_workarounds;
unsigned emulate_bugs; /* bug emulation flags EMUBUG_xxxx */ unsigned emulate_bugs; /* bug emulation flags EMUBUG_xxxx */
int shm_coprocess; int shm_coprocess;
const char *set_filename; const char *set_filename;

4
g10/status.c
View File

@ -120,6 +120,10 @@ write_status_text ( int no, const char *text)
case STATUS_FILE_START : s = "FILE_START\n"; break; case STATUS_FILE_START : s = "FILE_START\n"; break;
case STATUS_FILE_DONE : s = "FILE_DONE\n"; break; case STATUS_FILE_DONE : s = "FILE_DONE\n"; break;
case STATUS_FILE_ERROR : s = "FILE_ERROR\n"; break; case STATUS_FILE_ERROR : s = "FILE_ERROR\n"; break;
case STATUS_BEGIN_DECRYPTION:s = "BEGIN_DECRYPTION\n"; break;
case STATUS_END_DECRYPTION : s = "END_DECRYPTION\n"; break;
case STATUS_BEGIN_ENCRYPTION:s = "BEGIN_ENCRYPTION\n"; break;
case STATUS_END_ENCRYPTION : s = "END_ENCRYPTION\n"; break;
default: s = "?\n"; break; default: s = "?\n"; break;
} }

5
g10/status.h
View File

@ -69,6 +69,11 @@
#define STATUS_FILE_DONE 39 #define STATUS_FILE_DONE 39
#define STATUS_FILE_ERROR 40 #define STATUS_FILE_ERROR 40
#define STATUS_BEGIN_DECRYPTION 41
#define STATUS_END_DECRYPTION 42
#define STATUS_BEGIN_ENCRYPTION 43
#define STATUS_END_ENCRYPTION 44
/*-- status.c --*/ /*-- status.c --*/
void set_status_fd ( int fd ); void set_status_fd ( int fd );

4
g10/textfilter.c
View File

@ -31,6 +31,7 @@
#include "util.h" #include "util.h"
#include "filter.h" #include "filter.h"
#include "i18n.h" #include "i18n.h"
#include "options.h"
#ifdef HAVE_DOSISH_SYSTEM #ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n" #define LF "\r\n"
@ -156,6 +157,9 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
int truncated = 0; int truncated = 0;
int pending_lf = 0; int pending_lf = 0;
if( !opt.pgp2_workarounds )
pgp2mode = 0;
if( !escape_dash ) if( !escape_dash )
escape_from = 0; escape_from = 0;