From 41fa8a3345aecf9b85c1eebb33f9b961a558db1c Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 28 Sep 1998 19:25:31 +0000 Subject: [PATCH] *** empty log message *** --- Makefile.am | 2 +- NEWS | 14 ++ PROJECTS | 6 + README | 19 +-- THANKS | 8 +- TODO | 22 +-- VERSION | 2 +- acconfig.h | 1 + acinclude.m4 | 11 ++ checks/ChangeLog | 4 + checks/Makefile.am | 2 +- checks/genkey1024.test | 14 +- checks/mds.test | 2 +- checks/run-gpg | 7 +- checks/run-gpg.patterns | 6 + cipher/ChangeLog | 13 ++ cipher/Makefile.am | 4 +- cipher/des.c | 205 +++++++++++++++++++-------- cipher/md.c | 81 ++++++++++- cipher/pubkey.c | 2 +- cipher/tiger.c | 2 +- configure.in | 5 +- doc/HACKING | 92 ++++++++++++ doc/Makefile.am | 11 +- doc/gpg.1pod | 46 ++++-- g10/ChangeLog | 94 +++++++++---- g10/Makefile.am | 2 + g10/OPTIONS | 2 +- g10/armor.c | 48 +++---- g10/encode.c | 16 ++- g10/filter.h | 2 +- g10/g10.c | 116 +++++++++------ g10/getkey.c | 27 +++- g10/gpgd.c | 9 ++ g10/import.c | 15 +- g10/keydb.h | 4 +- g10/keyedit.c | 12 +- g10/keygen.c | 12 +- g10/ks-proto.c | 305 ++++++++++++---------------------------- g10/mainproc.c | 4 +- g10/options.h | 3 + g10/parse-packet.c | 3 + g10/passphrase.c | 140 ++++++++++-------- g10/pkclist.c | 16 ++- g10/seckey-cert.c | 2 +- g10/sig-check.c | 4 +- g10/status.c | 17 ++- g10/trustdb.c | 24 ++-- include/cipher.h | 2 + po/ChangeLog | 8 ++ po/POTFILES.in | 2 + po/de.po | 16 +-- po/fr.po | 120 ++++++++-------- po/it.po | 156 +++++++------------- tools/Makefile.am | 4 +- util/ChangeLog | 4 + util/secmem.c | 36 ++++- zlib/Makefile | 28 ++-- 58 files changed, 1105 insertions(+), 729 deletions(-) create mode 100644 PROJECTS create mode 100644 checks/run-gpg.patterns create mode 100644 doc/HACKING diff --git a/Makefile.am b/Makefile.am index 0699aac6d..43e2a28ce 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,7 +1,7 @@ ## Process this file with automake to produce Makefile.in SUBDIRS = intl po zlib util mpi cipher tools g10 doc checks -EXTRA_DIST = VERSION +EXTRA_DIST = VERSION PROJECTS dist-hook: diff --git a/NEWS b/NEWS index 0c7a1c587..05d910e98 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,17 @@ +Noteworthy changes in version 0.4.1 +----------------------------------- + * A secondary key is used when the primary key is specified but cannot + be used for the operation (if it is a sign-only key). + + * GNUPG can now handle concatenated armored messages: There is still a + bug if different kinds of messages are mixed. + + * Iterated+Salted passphrases now work. If want to be sure that PGP5 + is able to handle them you may want to use the options + "--s2k-mode 3 --s2k-cipher-algo cast5 --s2k-digest-algo sha1" + when changing a passphrase. + + Noteworthy changes in version 0.4.0 ----------------------------------- * Triple DES is now supported. Michael Roth did this piece of diff --git a/PROJECTS b/PROJECTS new file mode 100644 index 000000000..835bf2292 --- /dev/null +++ b/PROJECTS @@ -0,0 +1,6 @@ + + - abstraction of the MPI + + - Add a way to override the current cipher/md implementations + by others (using extensions) + diff --git a/README b/README index 31cae5510..216d84fe5 100644 --- a/README +++ b/README @@ -1,5 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- - GNUPG - The GNU Privacy Guard ------------------------------- Version 0.4 @@ -49,7 +47,7 @@ The default algorithms are now DSA and ELGamal. ELGamal for signing is still available, but due to the larger size of such signatures it is depreciated (Please note that the GNUPG implementation of ElGamal - signatures is *not* insecure). Symmetric algorithms are: Blowfish + signatures is *not* insecure). Symmetric algorithms are: 3DES, Blowfish and CAST5, Digest algorithms are MD5, RIPEMD160, SHA1 and TIGER/192. @@ -57,7 +55,9 @@ Installation ------------ - See the file INSTALL. Here is a quick summary: + Please read the file INSTALL. + + Here is a quick summary: 1) "./configure" @@ -321,7 +321,7 @@ ugly data structures, weird usage of filenames and other things. The primary FTP site is "ftp://ftp.guug.de/pub/gcrypt/" - The primary WWW page is "http://www.d.shuttle.de/isil/crypt/gnupg.html" + The primary WWW page is "http://www.d.shuttle.de/isil/gnupg/" If you like, send your keys to ; use "gpg --export --armor | mail gnupg-keys@isil.d.shuttle.de" to do this. @@ -330,12 +330,3 @@ post them to the mailing list (this is a closed list, please subscribe before posting). ------BEGIN PGP SIGNATURE----- -Version: GNUPG v0.3.5a (GNU/Linux) -Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/ - -iQB1AwUBNgJ6bB0Z9MEMmFelAQEBHgL+JhFVCrTAK2G3NVVVQBHXU5eucNx3tQQE3UucvSBA -YaKfX8dC5QU7wfgv8nFBXMK2mnAcJhJzBT6mZwxpzTZZTh7IS4qu//R9Vgy3A06ZddxKFf2M -YFelmgdpqTL6ntJC -=JZ3m ------END PGP SIGNATURE----- diff --git a/THANKS b/THANKS index 67d97c901..000b24d19 100644 --- a/THANKS +++ b/THANKS @@ -15,12 +15,17 @@ Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de Ed Boraas ecxjo@esperanto.org Ernst Molitor ernst.molitor@uni-bonn.de Frank Heckenbach heckenb@mi.uni-erlangen.de +Gaël Quéri gqueri@mail.dotcom.fr Hendrik Buschkamp buschkamp@rheumanet.org +Holger Schurig holger@d.om.org +Hugh Daniel hugh@toad.com Ian McKellar imckellar@harvestroad.com.au James Troup james@nocrew.org Jean-loup Gailly gzip@prep.ai.mit.edu Jens Bachem bachem@rrz.uni-koeln.de Jörg Schilling schilling@fokus.gmd.de +Karl Fogel kfogel@guanabana.onshore.com +Karsten Thygesen karthy@kom.auc.dk Lars Kellogg-Stedman lars@bu.edu Marco d'Itri md@linux.it Mark Adler madler@alumni.caltech.edu @@ -37,9 +42,10 @@ Paul D. Smith psmith@baynetworks.com Peter Gutmann pgut001@cs.auckland.ac.nz QingLong qinglong@bolizm.ihep.su Ralph Gillen gillen@theochem.uni-duesseldorf.de +Roland Rosenfeld roland@spinnaker.rhein.de Serge Munhoven munhoven@mema.ucl.ac.be Steffen Ullrich ccrlphr@xensei.com -Steffen Zahn Steffen.Zahn@oen.siemens.de +Steffen Zahn zahn@berlin.snafu.de Thomas Roessler roessler@guug.de Tom Spindler dogcow@home.merit.edu Tom Zerucha tzeruch@ceddec.com diff --git a/TODO b/TODO index 2fa254923..f54d99ccc 100644 --- a/TODO +++ b/TODO @@ -1,11 +1,18 @@ + * after creating a new uid, the preferences in the trustdb are not updated. + We should always sync the trustdb in such cases. + + * write a tool to extract selected keys from a file. + + * new menu to delete signatures and list signature in menu + + * commandline controlled --edit-key with assumed save. + + * -rdynamic auf Solaris Problem + * if --libdir is used, the extensions are put in a wrong place. How does GNOME handle this or make a new option for this directory. - - * Should we use the ElGamal subkey if the DSA keyid is given? - What about an option --loose-keyid-match? - - * salted and iterated S2Ks don't work (see passphrase.c). + Hmmm, I don´ like to pass ot as a commandline option to cc. * Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal. @@ -42,11 +49,6 @@ * Add some stuff for DU cc - * check for "expect" before running test genkey1024 - * use "passphrase" instead of "pass phrase" * Use "user ID", "trustdb" and "WARNING". - * armor.c cannot handle concatenated armored messages. - at least it should be possible to do this for "KEY BLOCK" - diff --git a/VERSION b/VERSION index 1d0ba9ea1..8d427d3e4 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.4.0 +0.4.0a diff --git a/acconfig.h b/acconfig.h index 1956d3c97..7bd261441 100644 --- a/acconfig.h +++ b/acconfig.h @@ -80,6 +80,7 @@ #undef USE_SHM_COPROCESSING +#undef IPC_HAVE_SHM_LOCK #undef IPC_RMID_DEFERRED_RELEASE @BOTTOM@ diff --git a/acinclude.m4 b/acinclude.m4 index b6c1f656f..f540edc63 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -116,6 +116,7 @@ define(WK_CHECK_CACHE, ###################################################################### # Check for SysV IPC (from GIMP) +# And see whether we have a SHM_LOCK (FreeBSD does not have it). ###################################################################### dnl WK_CHECK_IPC dnl @@ -150,6 +151,15 @@ define(WK_CHECK_IPC, AC_MSG_RESULT(yes), AC_MSG_RESULT(no), AC_MSG_RESULT(assuming no)) + AC_MSG_CHECKING(whether SHM_LOCK is available) + AC_TRY_COMPILE([#include + #include + #include ],[ + int foo( int shm_id ) { shmctl(shm_id, SHM_LOCK, 0); } + ], + AC_DEFINE(IPC_HAVE_SHM_LOCK) + AC_MSG_RESULT(yes), + AC_MSG_RESULT(no)) fi ]) @@ -165,6 +175,7 @@ define(WK_CHECK_MLOCK, if test "$ac_cv_func_mlock" = "yes"; then AC_MSG_CHECKING(whether mlock is broken) AC_TRY_RUN([ + #include #include #include #include diff --git a/checks/ChangeLog b/checks/ChangeLog index 2adfc1b59..4d99d8629 100644 --- a/checks/ChangeLog +++ b/checks/ChangeLog @@ -1,3 +1,7 @@ +Wed Sep 23 12:25:07 1998 Werner Koch (wk@isil.d.shuttle.de) + + * run-gpg.patterns: New (because Solaris fgrep does not like -f -). + Mon Aug 10 21:33:38 1998 Werner Koch (wk@(none)) * genkey1024.test: Ariel fixed this. diff --git a/checks/Makefile.am b/checks/Makefile.am index 351075206..cf784a5bf 100644 --- a/checks/Makefile.am +++ b/checks/Makefile.am @@ -18,7 +18,7 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ DATA_FILES = data-500 data-9000 data-32000 data-80000 -EXTRA_DIST = defs.inc run-gpg run-gpgm $(TESTS) $(TEST_FILES) +EXTRA_DIST = defs.inc run-gpg run-gpgm run-gpg.patterns $(TESTS) $(TEST_FILES) CLEANFILES = prepared.stamp x y z out err $(DATA_FILES) \ plain-1 plain-2 plain-3 DISTCLEANFILES = pubring.gpg secring.gpg pubring.pkr secring.skr diff --git a/checks/genkey1024.test b/checks/genkey1024.test index 95093895d..e419088f2 100755 --- a/checks/genkey1024.test +++ b/checks/genkey1024.test @@ -2,9 +2,19 @@ . $srcdir/defs.inc || exit 3 + +if which expect ; then + : +else + echo "\"expect\" needed but not found - test skipped" + exit 0 +fi + + + expect - < diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 09edd4df9..26c625dcb 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -48,11 +48,11 @@ EXTRA_twofish_SOURCES = twofish.c tiger: $(srcdir)/tiger.c - `echo $(COMPILE) -shared -fPIC -o tiger $(srcdir)/tiger.c | \ + `echo $(COMPILE) -shared -fPIC -lc -o tiger $(srcdir)/tiger.c | \ sed -e 's/-O2/-O1/' ` twofish: $(srcdir)/twofish.c - `echo $(COMPILE) -shared -fPIC -o twofish $(srcdir)/twofish.c | \ + `echo $(COMPILE) -shared -fPIC -lc -o twofish $(srcdir)/twofish.c | \ sed -e 's/-O2/ /' ` diff --git a/cipher/des.c b/cipher/des.c index f10716a2e..ef8ce7de3 100644 --- a/cipher/des.c +++ b/cipher/des.c @@ -152,7 +152,6 @@ */ typedef struct _des_ctx { - int mode; u32 encrypt_subkeys[32]; u32 decrypt_subkeys[32]; } @@ -163,19 +162,19 @@ des_ctx[1]; */ typedef struct _tripledes_ctx { - int mode; u32 encrypt_subkeys[96]; u32 decrypt_subkeys[96]; } tripledes_ctx[1]; -static void des_key_schedule (const byte *, u32 *, int); +static void des_key_schedule (const byte *, u32 *); static int des_setkey (struct _des_ctx *, const byte *); static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int); static int tripledes_set2keys (struct _tripledes_ctx *, const byte *, const byte *); static int tripledes_set3keys (struct _tripledes_ctx *, const byte *, const byte *, const byte *); static int tripledes_ecb_crypt (struct _tripledes_ctx *, const byte *, byte *, int); +static int is_weak_key ( const byte *key ); static const char *selftest (void); @@ -308,18 +307,58 @@ u32 rightkey_swap[16] = /* * Numbers of left shifts per round for encryption subkey schedule + * To calculate the decryption key scheduling we just reverse the + * ordering of the subkeys so we can omit the table for decryption + * subkey schedule. */ static byte encrypt_rotate_tab[16] = { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 }; + + /* - * Numbers of right shifts per round for decryption subkey schedule + * Table with weak DES keys sorted in ascending order. + * In DES their are 64 known keys wich are weak. They are weak + * because they produce only one, two or four different + * subkeys in the subkey scheduling process. + * The keys in this table have all their parity bits cleared. */ -static byte decrypt_rotate_tab[16] = +static byte weak_keys[64][8] = { - 0, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e }, + { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 }, { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe }, + { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 }, + { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe }, { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 }, + { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe }, + { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 }, { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e }, + { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 }, + { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e }, { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 }, + { 0x0e, 0x0e, 0x0e, 0x0e, 0xf0, 0xf0, 0xf0, 0xf0 }, { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e }, + { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe }, + { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 }, { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 }, + { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 }, + { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe }, { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe }, + { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e }, + { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 }, { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 }, + { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 }, + { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e }, { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 }, + { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe }, { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, + { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e }, { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe }, + { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 }, { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, + { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 }, { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 }, + { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e }, { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe }, + { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e }, { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 }, + { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 }, + { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe }, { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 }, + { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e }, { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, + { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 }, { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe }, + { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 }, { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, + { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e }, { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 }, + { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe }, { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, + { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 }, { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e }, + { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 }, { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } }; @@ -359,7 +398,7 @@ static byte decrypt_rotate_tab[16] = /* - * A full DES round including 'expansion funtion', 'sbox substitution' + * A full DES round including 'expansion function', 'sbox substitution' * and 'primitive function P' but without swapping the left and right word. */ #define DES_ROUND(from, to, work, subkey) \ @@ -403,23 +442,22 @@ static byte decrypt_rotate_tab[16] = /* - * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for one DES round + * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for + * 16 encryption rounds. + * To calculate subkeys for decryption the caller + * have to reorder the generated subkeys. * * rawkey: 8 Bytes of key data * subkey: Array of at least 32 u32s. Will be filled * with calculated subkeys. - * mode: Key schedule mode. - * mode == 0: Calculate subkeys to encrypt - * mode != 0: Calculate subkeys to decrypt * */ static void -des_key_schedule (const byte * rawkey, u32 * subkey, int mode) +des_key_schedule (const byte * rawkey, u32 * subkey) { u32 left, right, work; int round; - READ_64BIT_DATA (rawkey, left, right) DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f) @@ -441,20 +479,8 @@ des_key_schedule (const byte * rawkey, u32 * subkey, int mode) for (round = 0; round < 16; ++round) { - if (mode) - { - /* decrypt */ - - left = ((left >> decrypt_rotate_tab[round]) | (left << (28 - decrypt_rotate_tab[round]))) & 0x0fffffff; - right = ((right >> decrypt_rotate_tab[round]) | (right << (28 - decrypt_rotate_tab[round]))) & 0x0fffffff; - } - else - { - /* encrypt */ - - left = ((left << encrypt_rotate_tab[round]) | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff; - right = ((right << encrypt_rotate_tab[round]) | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff; - } + left = ((left << encrypt_rotate_tab[round]) | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff; + right = ((right << encrypt_rotate_tab[round]) | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff; *subkey++ = ((left << 4) & 0x24000000) | ((left << 28) & 0x10000000) @@ -514,11 +540,15 @@ des_key_schedule (const byte * rawkey, u32 * subkey, int mode) static int des_setkey (struct _des_ctx *ctx, const byte * key) { - if (!ctx || !key) - return -1; + int i; - des_key_schedule (key, ctx->encrypt_subkeys, 0); - des_key_schedule (key, ctx->decrypt_subkeys, 1); + des_key_schedule (key, ctx->encrypt_subkeys); + + for(i=0; i<32; i+=2) + { + ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i]; + ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i]; + } return 0; } @@ -535,9 +565,6 @@ des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode) u32 left, right, work; u32 *keys; - if (!ctx || !from || !to) - return -1; - keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys; READ_64BIT_DATA (from, left, right) @@ -570,17 +597,25 @@ tripledes_set2keys (struct _tripledes_ctx *ctx, const byte * key1, const byte * key2) { - if (!ctx || !key1 || !key2) - return -1; + int i; - des_key_schedule (key1, ctx->encrypt_subkeys, 0); - des_key_schedule (key1, ctx->decrypt_subkeys, 1); + des_key_schedule (key1, ctx->encrypt_subkeys); + des_key_schedule (key2, &(ctx->decrypt_subkeys[32])); - des_key_schedule (key2, &(ctx->encrypt_subkeys[32]), 1); - des_key_schedule (key2, &(ctx->decrypt_subkeys[32]), 0); + for(i=0; i<32; i+=2) + { + ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i]; + ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i]; - des_key_schedule (key1, &(ctx->encrypt_subkeys[64]), 0); - des_key_schedule (key1, &(ctx->decrypt_subkeys[64]), 1); + ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i]; + ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i]; + + ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i]; + ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1]; + + ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i]; + ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1]; + } return 0; } @@ -598,17 +633,23 @@ tripledes_set3keys (struct _tripledes_ctx *ctx, const byte * key2, const byte * key3) { - if (!ctx || !key1 || !key2 || !key3) - return -1; + int i; - des_key_schedule (key1, ctx->encrypt_subkeys, 0); - des_key_schedule (key1, ctx->decrypt_subkeys, 1); + des_key_schedule (key1, ctx->encrypt_subkeys); + des_key_schedule (key2, &(ctx->decrypt_subkeys[32])); + des_key_schedule (key3, &(ctx->encrypt_subkeys[64])); - des_key_schedule (key2, &(ctx->encrypt_subkeys[32]), 1); - des_key_schedule (key2, &(ctx->decrypt_subkeys[32]), 0); + for(i=0; i<32; i+=2) + { + ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i]; + ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i]; - des_key_schedule (key3, &(ctx->encrypt_subkeys[64]), 0); - des_key_schedule (key3, &(ctx->decrypt_subkeys[64]), 1); + ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i]; + ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i]; + + ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i]; + ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i]; + } return 0; } @@ -617,6 +658,7 @@ tripledes_set3keys (struct _tripledes_ctx *ctx, /* * Electronic Codebook Mode Triple-DES encryption/decryption of data according to 'mode'. + * Sometimes this mode is named 'EDE' mode (Encryption-Decryption-Encryption). */ static int tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, int mode) @@ -624,9 +666,6 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, i u32 left, right, work; u32 *keys; - if (!ctx || !from || !to) - return -1; - keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys; READ_64BIT_DATA (from, left, right) @@ -666,17 +705,45 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, i } + /* * Check whether the 8 byte key is weak. + * Dose not check the parity bits of the key but simple ignore them. */ - static int -is_weak_key ( byte *key ) +is_weak_key ( const byte *key ) { - return 0; /* FIXME */ + byte work[8]; + int i, left, right, middle, cmp_result; + + /* clear parity bits */ + for(i=0; i<8; ++i) + work[i] = key[i] & 0xfe; + + /* binary search in the weak key table */ + left = 0; + right = 63; + while(1) + { + middle = (left + right) / 2; + + if ( !(cmp_result=memcmp(work, weak_keys[middle], 8)) ) + return -1; + + if ( left == right ) + break; + + if ( cmp_result > 0 ) + left = middle + 1; + else + right = middle - 1; + } + + return 0; } + /* * Performs a selftest of this DES/Triple-DES implementation. * Returns an string with the error text on failure. @@ -717,12 +784,14 @@ selftest (void) memcpy (input, temp1, 8); } if (memcmp (temp3, result, 8)) - return "DES maintenace test failed."; + return "DES maintenance test failed."; } /* - * Triple-DES test (Does somebody known on official test?) + * Triple-DES test (Do somebody known on official test?) + * + * FIXME: This test doesn't use tripledes_set3keys() ! */ { int i; @@ -749,6 +818,20 @@ selftest (void) return "TRIPLE-DES test failed."; } + + /* + * Check the weak key detection. We simply assume the table with + * weak keys is ok and check every key in the table if it is + * detected... (This test is a little bit stupid) + */ + { + int i; + + for (i = 0; i < 64; ++i) + if (!is_weak_key(weak_keys[i])) + return "DES weak key detection failed"; + } + return 0; } @@ -759,11 +842,11 @@ do_tripledes_setkey ( struct _tripledes_ctx *ctx, byte *key, unsigned keylen ) if( keylen != 24 ) return G10ERR_WRONG_KEYLEN; + tripledes_set3keys ( ctx, key, key+8, key+16); + if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) ) return G10ERR_WEAK_KEY; - tripledes_set3keys ( ctx, key, key+8, key+16); - return 0; } @@ -800,7 +883,7 @@ des_get_info( int algo, size_t *keylen, if( !did_selftest ) { const char *s = selftest(); if( s ) - log_fatal("selftest failed: %s", s ); + log_fatal("selftest failed: %s\n", s ); did_selftest = 1; } diff --git a/cipher/md.c b/cipher/md.c index 56f639cfd..a04155235 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -256,7 +256,7 @@ md_copy( MD_HANDLE a ) : m_alloc( sizeof *b ); memcpy( b, a, sizeof *a ); b->list = NULL; - /* and now copy the compelte list of algorithms */ + /* and now copy the complete list of algorithms */ /* I know that the copied list is reversed, but that doesn't matter */ for( ar=a->list; ar; ar = ar->next ) { br = a->secure ? m_alloc_secure( sizeof *br + ar->contextsize ) @@ -269,6 +269,23 @@ md_copy( MD_HANDLE a ) } +/**************** + * Reset all contexts and discard any buffered stuuf. This may be used + * instead of a md_close(); md_open(). + */ +void +md_reset( MD_HANDLE a ) +{ + struct md_digest_list_s *r; + + a->bufcount = 0; + for( r=a->list; r; r = r->next ) { + memset( r->context, 0, r->contextsize ); + (*r->init)( &r->context ); + } +} + + void md_close(MD_HANDLE a) { @@ -331,7 +348,7 @@ md_read( MD_HANDLE a, int algo ) if( !algo ) { /* return the first algorithm */ if( (r=a->list) ) { if( r->next ) - log_error("warning: more than algorithm in md_read(0)\n"); + log_debug("more than algorithm in md_read(0)\n"); return (*r->read)( &r->context ); } } @@ -344,6 +361,58 @@ md_read( MD_HANDLE a, int algo ) return NULL; } + +/**************** + * This function combines md_final and md_read but keeps the context + * intact. This function can be used to calculate intermediate + * digests. The digest is copied into buffer and the digestlength is + * returned. If buffer is NULL only the needed size for buffer is returned. + * buflen gives the max size of buffer. If the buffer is too shourt to + * hold the complete digest, the buffer is filled with as many bytes are + * possible and this value is returned. + */ +int +md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen ) +{ + struct md_digest_list_s *r = NULL; + char *context; + char *digest; + + if( a->bufcount ) + md_write( a, NULL, 0 ); + + if( !algo ) { /* return digest for the first algorithm */ + if( (r=a->list) && r->next ) + log_debug("more than algorithm in md_digest(0)\n"); + } + else { + for(r=a->list; r; r = r->next ) + if( r->algo == algo ) + break; + } + if( !r ) + BUG(); + + if( !buffer ) + return r->mdlen; + + /* I don't want to change the interface, so I simply work on a copy + * the context (extra overhead - should be fixed)*/ + context = a->secure ? m_alloc_secure( r->contextsize ) + : m_alloc( r->contextsize ); + memcpy( context, r->context, r->contextsize ); + (*r->final)( context ); + digest = (*r->read)( context ); + + if( buflen > r->mdlen ) + buflen = r->mdlen; + memcpy( buffer, digest, buflen ); + + m_free(context); + return buflen; +} + + int md_get_algo( MD_HANDLE a ) { @@ -423,5 +492,13 @@ md_stop_debug( MD_HANDLE md ) fclose(md->debug); md->debug = NULL; } + #ifdef HAVE_U64_TYPEDEF + { /* a kludge to pull in the __muldi3 for Solaris */ + volatile u32 a = (u32)md; + volatile u32 b = 42; + volatile u64 c; + c = a * b; + } + #endif } diff --git a/cipher/pubkey.c b/cipher/pubkey.c index a78f788c0..62a48a6d8 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -480,7 +480,7 @@ pubkey_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) /**************** * This is the interface to the public key signing. - * Sign hash with skey and put the result into resarr which + * Sign data with skey and put the result into resarr which * should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the * algorithm allows this - check with pubkey_get_nsig() ) */ diff --git a/cipher/tiger.c b/cipher/tiger.c index d02f5cb86..c473e92d3 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -29,9 +29,9 @@ typedef struct { u64 a, b, c; - u32 nblocks; byte buf[64]; int count; + u32 nblocks; } TIGER_CONTEXT; diff --git a/configure.in b/configure.in index bbb3eb9a4..bd5bc7b5a 100644 --- a/configure.in +++ b/configure.in @@ -254,14 +254,15 @@ fi AC_SUBST(ZLIBS) -AM_GNU_GETTEXT G10_LOCALEDIR="$g10_prefix/$DATADIRNAME/locale" AC_SUBST(G10_LOCALEDIR) AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR") -WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl ) +dnl WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl ) WK_DO_LINK_FILES +AM_GNU_GETTEXT + AC_OUTPUT([ Makefile intl/Makefile diff --git a/doc/HACKING b/doc/HACKING new file mode 100644 index 000000000..27faa87c5 --- /dev/null +++ b/doc/HACKING @@ -0,0 +1,92 @@ + A Hacker's Guide to GNUPG + ================================ + (Some notes on GNUPG internals.) + + + +Memory allocation +----------------- +Use only the functions: + + m_alloc() + m_alloc_clear() + m_strdup() + m_free() + +If you want to store a passphrase or some other sensitive data you may +want to use m_alloc_secure() instead of m_alloc(), as this puts the data +into a memory region which is protected from swapping (on some platforms). +m_free() works for both. This functions will not return if there is not +enough memory available. + + + +Logging +------- + + + + + + +Option parsing +--------------- +GNUPG does not use getopt or GNU getopt but functions of it's own. See +util/argparse.c for details. The advantage of these funtions is that +it is more easy to display and maintain the help texts for the options. +The same option table is also used to parse resource files. + + + +What is an iobuf +---------------- +This is the data structure used for most I/O of gnupg. It is similiar +to System V Streams but much simpler. It should be replaced by a cleaner +and faster implementation. We are doing to much copying and the semantics +of "filter" removing are not very clean. EOF handling is also a problem. + + + +How to use the message digest functions +--------------------------------------- +cipher/md.c implements an interface to hash (message diesgt functions). + +a) If you have a common part of data and some variable parts + and you need to hash of the concatenated parts, you can use this: + md = md_open(...) + md_write( md, common_part ) + md1 = md_copy( md ) + md_write(md1, part1) + md_final(md1); + digest1 = md_read(md1) + md2 = md_copy( md ) + md_write(md2, part2) + md_final(md2); + digest2 = md_read(md2) + + An example are key signatures; the key packet is the common part + and the user-id packets are the variable parts. + +b) If you need a running digest you should use this: + md = md_open(...) + md_write( md, part1 ) + digest_of_part1 = md_digest( md ); + md_write( md, part2 ) + digest_of_part1_cat_part2 = md_digest( md ); + .... + +Both methods may be combined. [Please see the source for the real syntax] + + + + +How to use the cipher functions +------------------------------- + + + + +How to use the public key functions +----------------------------------- + + diff --git a/doc/Makefile.am b/doc/Makefile.am index dc2ee585b..9c83575b0 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,9 +1,18 @@ ## Process this file with automake to create Makefile.in -EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ +EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ HACKING man_MANS = gpg.1 + + +install-data-hook: + if test -f $(man1dir)/gpgm.1; then rm $(man1dir)/gpgm.1; fi + ln -s $(man1dir)/gpg.1 $(man1dir)/gpgm.1 \ + || ln $(man1dir)/gpg.1 $(man1dir)/gpgm.1 + + + %: %pod pod2man $< --section=`echo $@ | sed 's/^.*(?)$$/$$&/'`\ --release="`date -r $< '+%d %b %Y'`"\ diff --git a/doc/gpg.1pod b/doc/gpg.1pod index 93b1a199f..40c930b45 100644 --- a/doc/gpg.1pod +++ b/doc/gpg.1pod @@ -75,7 +75,7 @@ B<-k> [I] [I] B<-kvc> List fingerprints B<-kvvc> List fingerprints and signatures -B<--list-keys> [I] +B<--list-keys> [I] List all keys from the public keyrings, or just the ones given on the command line. @@ -83,7 +83,7 @@ B<--list-secret-keys> [I] List all keys from the secret keyrings, or just the ones given on the command line. -B<--list-sigs> [I] +B<--list-sigs> [I] Same as B<--list-keys>, but the signatures are listed too. @@ -201,7 +201,7 @@ B<--import-ownertrust> [I] Long options can be put in an options file (default F<~/.gnupg/options>); do not write the 2 dashes, but simply the name of the option and any -arguments if required. Lines with a hash as the first non-white-space +arguments if required. Lines with a hash as the first non-white-space character are ignored. Commands may be put in this file too, but that does not make sense. @@ -324,6 +324,26 @@ B<--digest-algo> I program with the option B<--verbose> yields a list of supported algorithms. +B<--s2k-cipher-algo> I + Use I as the cipher algorithm used to protect secret + keys. The default cipher is BLOWFISH. This cipher is + also used for conventional encryption if B<--cipher-algo> + is not given. + +B<--s2k-digest-algo> I + Use I as the digest algorithm used to mangle the + passphrases. The default algorithm is RIPE-MD-160. + This digest algorithm is also used for conventional + encryption if B<--digest-algo> is not given. + +B<--s2k-mode> I + Selects how passphrases are mangled: A number of I<0> + uses the plain passphrase (which is not recommended), + a I<1> (default) adds a salt to the passphrase and + I<3> interates the whole process a couple of times. + Unless -B<--rfc1991> is used, this mode is also used + for conventional encryption. + B<--compress-algo> I Use compress algorithm I. Default is I<2> which is RFC1950 compression; you may use I<1> to use the old zlib @@ -333,6 +353,12 @@ B<--compress-algo> I If this is not used the OpenPGP behaviour is used; i.e. the compression algorith is selected from the preferences. +B<--digest-algo> I + Use I as message digest algorithm. Running the + program with the option B<--verbose> yields a list of + supported algorithms. + + B<--throw-keyid> Do not put the keyid into encrypted packets. This option hides the receiver of the message and is a countermeasure @@ -385,11 +411,11 @@ a signature was bad and other errorcode for fatal errors. =head1 EXAMPLES - -se -r Bob [file] sign and encrypt for user Bob - -sat [file] make a clear text signature - -sb [file] make a detached signature - -k [userid] show keys - -kc [userid] show fingerprint + -se -r Bob [file] sign and encrypt for user Bob + -sat [file] make a clear text signature + -sb [file] make a detached signature + -k [userid] show keys + -kc [userid] show fingerprint =head1 ENVIRONMENT @@ -404,13 +430,13 @@ F<~/.gnupg/pubring.gpg> The public keyring F<~/.gnupg/trustdb.gpg> The trust database -F<~/.gnupg/options> May contain options +F<~/.gnupg/options> May contain options F Default location for extensions =head1 SEE ALSO -gpgm(1) gpgd(1) +gpg(1) gpgm(1) =head1 WARNINGS diff --git a/g10/ChangeLog b/g10/ChangeLog index 84ebb78bd..e767f75be 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,21 +1,67 @@ -Fri Sep 18 16:50:32 1998 Werner Koch (wk@(none)) +Mon Sep 28 12:57:12 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c (verify_own_keys): Add warning if a key is not protected. + + * passphrase (hash_passphrase): Fixed iterated+salted mode and + setup for keysizes > hashsize. + + * g10.c (main): New options: --s2k-{cipher,digest,mode}. + +Fri Sep 25 09:34:23 1998 Werner Koch (wk@isil.d.shuttle.de) + + * g10.c: Chnaged some help texts. + +Tue Sep 22 19:34:39 1998 Werner Koch (wk@isil.d.shuttle.de) + + * passphrase.c (read_passphrase_from_fd): fixed bug for long + passphrases. + +Mon Sep 21 11:28:05 1998 Werner Koch (wk@(none)) + + * getkey.c (lookup): Add code to use the sub key if the primary one + does not match the usage. + + * armor.c (armor_filter): New error message: no valid data found. + (radix64_read): Changes to support multiple messages. + (i18n.h): New. + * mainproc.c (add_onepass_sig): bug fix. + +Mon Sep 21 08:03:16 1998 Werner Koch (wk@isil.d.shuttle.de) + + * pkclist.c (do_we_trust): Add keyid to most messages. + + * passphrase.c (read_passphrase_from_fd): New. + (have_static_passphrase): New + (get_passphrase_fd): Removed. + (set_passphrase_fd): Removed. + * g10.c (main): passphrase is now read here. + + * keyedit.c (keyedit_menu): "help" texts should now translate fine. + +Mon Sep 21 06:40:02 1998 Werner Koch (wk@isil.d.shuttle.de) + + * encode.c (encode_simple): Now disables compression + when --rfc1991 is used. + (encode_crypt): Ditto. + +Fri Sep 18 16:50:32 1998 Werner Koch (wk@isil.d.shuttle.de) * getkey.c (merge_key_and_selfsig): New. -Fri Sep 18 10:20:11 1998 Werner Koch (wk@(none)) +Fri Sep 18 10:20:11 1998 Werner Koch (wk@isil.d.shuttle.de) - * pkclist.c (select_algo_from_prefs): Removed 3DEs kludge. + * pkclist.c (select_algo_from_prefs): Removed 3DES kludge. * seskey.c (make_session_key): Fixed SERIOUS bug introduced by adding the weak key detection code. * sign.c (sign_file): Changed aremor header in certain cases. -Tue Sep 15 17:52:55 1998 Werner Koch (wk@(none)) +Tue Sep 15 17:52:55 1998 Werner Koch (wk@isil.d.shuttle.de) * mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp. -Mon Sep 14 11:40:52 1998 Werner Koch (wk@(none)) +Mon Sep 14 11:40:52 1998 Werner Koch (wk@isil.d.shuttle.de) * seskey.c (make_session_key): Now detects weak keys. @@ -24,17 +70,17 @@ Mon Sep 14 11:40:52 1998 Werner Koch (wk@(none)) * plaintext.c (handle_plaintext): Does no anymore suppress CR from cleartext signed messages. -Sun Sep 13 12:54:29 1998 Werner Koch (wk@(none)) +Sun Sep 13 12:54:29 1998 Werner Koch (wk@isil.d.shuttle.de) * trustdb.c (insert_trust_record): Fixed a stupid bug in the free liunked list loops. -Sat Sep 12 15:49:16 1998 Werner Koch (wk@(none)) +Sat Sep 12 15:49:16 1998 Werner Koch (wk@isil.d.shuttle.de) * status.c (remove_shmid): New. (init_shm_comprocess): Now sets permission to the real uid. -Wed Sep 9 11:15:03 1998 Werner Koch (wk@(none)) +Wed Sep 9 11:15:03 1998 Werner Koch (wk@isil.d.shuttle.de) * packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to implement it. @@ -42,11 +88,11 @@ Wed Sep 9 11:15:03 1998 Werner Koch (wk@(none)) * getkey.c (enum_secret_keys): Add new ar and changed all callers. -Tue Sep 8 20:04:09 1998 Werner Koch (wk@(none)) +Tue Sep 8 20:04:09 1998 Werner Koch (wk@isil.d.shuttle.de) * delkey.c (delete_key): Moved from keyedit.c. -Mon Sep 7 16:37:52 1998 Werner Koch (wk@(none)) +Mon Sep 7 16:37:52 1998 Werner Koch (wk@isil.d.shuttle.de) * build-packet.c (calc_length_header): New arg new_ctb to correctly calculate the length of new style packets. @@ -55,7 +101,7 @@ Mon Sep 7 16:37:52 1998 Werner Koch (wk@(none)) * pkclist.c (select_algo_from_prefs): 3DEs substitute is now CAST5. -Tue Aug 11 17:54:50 1998 Werner Koch (wk@(none)) +Tue Aug 11 17:54:50 1998 Werner Koch (wk@isil.d.shuttle.de) * build-packet.c (do_secret_key): Fixed handling of old keys. @@ -63,7 +109,7 @@ Tue Aug 11 17:54:50 1998 Werner Koch (wk@(none)) * openfile.c (open_outfile): Changed arguments and all callers. -Tue Aug 11 09:14:35 1998 Werner Koch (wk@(none)) +Tue Aug 11 09:14:35 1998 Werner Koch (wk@isil.d.shuttle.de) * encode.c (encode_simple): Applied option set-filename and comment. (encode_crypt): Ditto. @@ -87,7 +133,7 @@ Tue Aug 11 09:14:35 1998 Werner Koch (wk@(none)) * status.c (cpr_get_answer_is_yes): add display_help. -Mon Aug 10 10:11:28 1998 Werner Koch (wk@(none)) +Mon Aug 10 10:11:28 1998 Werner Koch (wk@isil.d.shuttle.de) * getkey.c (lookup_sk): Now always returns the primary if arg primary is true. @@ -96,15 +142,15 @@ Mon Aug 10 10:11:28 1998 Werner Koch (wk@(none)) (get_seckey_byname): Ditto. -Mon Aug 10 08:34:03 1998 Werner Koch (wk@(none)) +Mon Aug 10 08:34:03 1998 Werner Koch (wk@isil.d.shuttle.de) * keyid.c (pubkey_letter): ELG_E is now a small g. -Sat Aug 8 17:26:12 1998 Werner Koch (wk@(none)) +Sat Aug 8 17:26:12 1998 Werner Koch (wk@isil.d.shuttle.de) * openfile (overwrite_filep): Changed semantics and all callers. -Sat Aug 8 12:17:07 1998 Werner Koch (wk@(none)) +Sat Aug 8 12:17:07 1998 Werner Koch (wk@isil.d.shuttle.de) * status.c (display_help): New. @@ -118,7 +164,7 @@ Thu Aug 6 07:34:56 1998 Werner Koch,mobil,,, (wk@tobold) secret keyrings and add additional warning in case of a failed secret keyring operation. -Wed Aug 5 11:54:37 1998 Werner Koch (wk@(none)) +Wed Aug 5 11:54:37 1998 Werner Koch (wk@isil.d.shuttle.de) * g10.c (check_opts): Moved to main. Changed def_cipher_algo semantics and chnaged all users. @@ -131,7 +177,7 @@ Wed Aug 5 11:54:37 1998 Werner Koch (wk@(none)) * build-packet.c (do_secret_key): Ditto. (do_symkey_enc): Ditto. -Tue Aug 4 08:59:10 1998 Werner Koch (wk@(none)) +Tue Aug 4 08:59:10 1998 Werner Koch (wk@isil.d.shuttle.de) * getkey.c (enum_secret_keys): Now returns only primary keys. @@ -142,36 +188,36 @@ Tue Aug 4 08:59:10 1998 Werner Koch (wk@(none)) * sign.c (sign_file): one-pass sigs are now emiited reverse. Preference data is considered when selecting the compress algo. -Wed Jul 29 12:53:03 1998 Werner Koch (wk@(none)) +Wed Jul 29 12:53:03 1998 Werner Koch (wk@isil.d.shuttle.de) * free-packet.c (copy_signature): New. * keygen.c (generate_subkeypair): rewritten * g10.c (aKeyadd): Removed option --add-key -Mon Jul 27 10:37:28 1998 Werner Koch (wk@(none)) +Mon Jul 27 10:37:28 1998 Werner Koch (wk@isil.d.shuttle.de) * seckey-cert.c (do_check): Additional check on cipher blocksize. (protect_secret_key): Ditto. * encr-data.c: Support for other blocksizes. * cipher.c (write_header): Ditto. -Fri Jul 24 16:47:59 1998 Werner Koch (wk@(none)) +Fri Jul 24 16:47:59 1998 Werner Koch (wk@isil.d.shuttle.de) * kbnode.c (insert_kbnode): Changed semantics and all callers. * keyedit.c : More or less a complete rewrite -Wed Jul 22 17:10:04 1998 Werner Koch (wk@(none)) +Wed Jul 22 17:10:04 1998 Werner Koch (wk@isil.d.shuttle.de) * build-packet.c (write_sign_packet_header): New. -Tue Jul 21 14:37:09 1998 Werner Koch (wk@(none)) +Tue Jul 21 14:37:09 1998 Werner Koch (wk@isil.d.shuttle.de) * import.c (import_one): Now creates a trustdb record. * g10.c (main): New command --check-trustdb -Mon Jul 20 11:15:07 1998 Werner Koch (wk@(none)) +Mon Jul 20 11:15:07 1998 Werner Koch (wk@isil.d.shuttle.de) * genkey.c (generate_keypair): Default key is now DSA with encryption only ElGamal subkey. diff --git a/g10/Makefile.am b/g10/Makefile.am index c6d5b135e..b38037d28 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -71,6 +71,8 @@ gpgm_SOURCES = dearmor.c \ #gpgd_SOURCES = gpgd.c \ # ks-proto.h \ # ks-proto.c \ +# ks-db.c \ +# ks-db.h \ # $(common_source) diff --git a/g10/OPTIONS b/g10/OPTIONS index 9555ce06a..4ec4192e3 100644 --- a/g10/OPTIONS +++ b/g10/OPTIONS @@ -49,7 +49,7 @@ compress-sigs run-as-shm-coprocess [request-locked-shm-size] # very special :-) # You will have to use "--status-fd" too - +# Note: This option dioes only work if given on the command line. set-filename # Set as the filename into the plaintext packet diff --git a/g10/armor.c b/g10/armor.c index 38e1b190d..c72526a98 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -34,6 +34,7 @@ #include "options.h" #include "main.h" #include "status.h" +#include "i18n.h" #define CRCINIT 0xB704CE @@ -51,7 +52,7 @@ static int is_initialized; typedef enum { - fhdrHASArmor, + fhdrHASArmor = 0, fhdrNOArmor, fhdrINIT, fhdrINITCont, @@ -331,12 +332,12 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen, if( buf[n-1] == '\r' ) buf[--n] = 0; if( opt.verbose ) { - log_info("armor header: "); + log_info(_("armor header: ")); print_string( stderr, buf, n, 0 ); putc('\n', stderr); } if( clearsig && !(hashes=parse_hash_header( buf )) ) { - log_error("invalid clearsig header\n"); + log_error(_("invalid clearsig header\n")); state = fhdrERROR; } else { @@ -362,7 +363,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen, } } else { - log_error("invalid armor header: "); + log_error(_("invalid armor header: ")); print_string( stderr, buf, n, 0 ); putc('\n', stderr); state = fhdrERROR; @@ -371,7 +372,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen, else if( c != -1 ) { if( strchr( buf, ':') ) { /* buffer to short, but this is okay*/ if( opt.verbose ) { - log_info("armor header: "); + log_info(_("armor header: ")); print_string( stderr, buf, n, 0 ); fputs("[...]\n", stderr); /* indicate it is truncated */ } @@ -436,7 +437,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen, if( hdr_line == BEGIN_SIGNED_MSG_IDX ) clearsig = 1; if( opt.verbose > 1 ) - log_info("armor: %s\n", head_strings[hdr_line]); + log_info(_("armor: %s\n"), head_strings[hdr_line]); break; case fhdrCLEARSIG: @@ -480,7 +481,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen, fhdrREADClearsig : fhdrTESTSpaces; } else { - log_error("invalid dash escaped line: "); + log_error(_("invalid dash escaped line: ")); print_string( stderr, buf, n, 0 ); putc('\n', stderr); state = fhdrERROR; @@ -549,7 +550,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen, } break; case fhdrERRORShow: - log_error("invalid clear text header: "); + log_error(_("invalid clear text header: ")); print_string( stderr, buf, n, 0 ); putc('\n', stderr); state = fhdrERROR; @@ -779,7 +780,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn, break; } else if( (c = asctobin[(c2=c)]) == 255 ) { - log_error("invalid radix64 character %02x skipped\n", c2); + log_error(_("invalid radix64 character %02x skipped\n"), c2); continue; } switch(idx) { @@ -797,7 +798,10 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn, afx->idx = idx; afx->radbuf[0] = val; if( checkcrc ) { - afx->inp_eof = 1; /*assume eof */ + afx->any_data = 1; + afx->inp_checked=0; + afx->faked = 0; + afx->parse_state = 0; for(;;) { /* skip lf and pad characters */ if( afx->helpidx < afx->helplen ) c = afx->helpbuf[afx->helpidx++]; @@ -809,7 +813,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn, break; } if( c == -1 ) - log_error("premature eof (no CRC)\n"); + log_error(_("premature eof (no CRC)\n")); else { u32 mycrc = 0; idx = 0; @@ -828,15 +832,15 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn, break; } while( ++idx < 4 ); if( c == -1 ) { - log_error("premature eof (in CRC)\n"); + log_error(_("premature eof (in CRC)\n")); rc = G10ERR_INVALID_ARMOR; } else if( idx != 4 ) { - log_error("malformed CRC\n"); + log_error(_("malformed CRC\n")); rc = G10ERR_INVALID_ARMOR; } else if( mycrc != afx->crc ) { - log_error("CRC error; %06lx - %06lx\n", + log_error(_("CRC error; %06lx - %06lx\n"), (ulong)afx->crc, (ulong)mycrc); rc = G10ERR_INVALID_ARMOR; } @@ -855,11 +859,11 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn, if( rc == -1 ) rc = 0; else if( rc == 2 ) { - log_error("premature eof (in Trailer)\n"); + log_error(_("premature eof (in Trailer)\n")); rc = G10ERR_INVALID_ARMOR; } else { - log_error("error in trailer line\n"); + log_error(_("error in trailer line\n")); rc = G10ERR_INVALID_ARMOR; } #endif @@ -874,7 +878,6 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn, return rc; } - /**************** * This filter is used to handle the armor stuff */ @@ -914,13 +917,6 @@ armor_filter( void *opaque, int control, if( size < 15+(4*15) ) /* need space for up to 4 onepass_sigs */ BUG(); /* supplied buffer too short */ - if( afx->inp_eof ) { - *ret_len = 0; - if( DBG_FILTER ) - log_debug("armor-filter: eof due to inp_eof flag\n" ); - return -1; - } - if( afx->faked ) rc = fake_packet( afx, a, &n, buf, size ); else if( !afx->inp_checked ) { @@ -1021,7 +1017,7 @@ armor_filter( void *opaque, int control, } else iobuf_writestr(a, - "Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/\n"); + "Comment: For info finger gcrypt@ftp.guug.de\n"); if( afx->hdrlines ) iobuf_writestr(a, afx->hdrlines); iobuf_put(a, '\n'); @@ -1120,6 +1116,8 @@ armor_filter( void *opaque, int control, iobuf_writestr(a, tail_strings[afx->what] ); iobuf_writestr(a, "-----\n"); } + else if( !afx->any_data && !afx->inp_bypass ) + log_error(_("no valid RFC1991 or OpenPGP data found.\n")); } else if( control == IOBUFCTRL_DESC ) *(char**)buf = "armor_filter"; diff --git a/g10/encode.c b/g10/encode.c index ae8b26116..bc4742607 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -76,6 +76,7 @@ encode_simple( const char *filename, int mode ) cipher_filter_context_t cfx; armor_filter_context_t afx; compress_filter_context_t zfx; + int do_compress = opt.compress && !opt.rfc1991; memset( &cfx, 0, sizeof cfx); memset( &afx, 0, sizeof afx); @@ -92,12 +93,12 @@ encode_simple( const char *filename, int mode ) cfx.dek = NULL; if( mode ) { s2k = m_alloc_clear( sizeof *s2k ); - s2k->mode = opt.rfc1991? 0:1; + s2k->mode = opt.rfc1991? 0:opt.s2k_mode; s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo - : DEFAULT_DIGEST_ALGO; + : opt.s2k_digest_algo; cfx.dek = passphrase_to_dek( NULL, opt.def_cipher_algo ? opt.def_cipher_algo - : DEFAULT_CIPHER_ALGO , s2k, 2 ); + : opt.s2k_cipher_algo , s2k, 2 ); if( !cfx.dek || !cfx.dek->keylen ) { rc = G10ERR_PASSPHRASE; m_free(cfx.dek); @@ -158,13 +159,13 @@ encode_simple( const char *filename, int mode ) pt->buf = inp; pkt.pkttype = PKT_PLAINTEXT; pkt.pkt.plaintext = pt; - cfx.datalen = filesize && !opt.compress ? calc_packet_length( &pkt ) : 0; + cfx.datalen = filesize && !do_compress ? calc_packet_length( &pkt ) : 0; /* register the cipher filter */ if( mode ) iobuf_push_filter( out, cipher_filter, &cfx ); /* register the compress filter */ - if( opt.compress ) + if( do_compress ) iobuf_push_filter( out, compress_filter, &zfx ); /* do the work */ @@ -197,6 +198,7 @@ encode_crypt( const char *filename, STRLIST remusr ) armor_filter_context_t afx; compress_filter_context_t zfx; PK_LIST pk_list; + int do_compress = opt.compress && !opt.rfc1991; memset( &cfx, 0, sizeof cfx); memset( &afx, 0, sizeof afx); @@ -270,12 +272,12 @@ encode_crypt( const char *filename, STRLIST remusr ) pt->buf = inp; pkt.pkttype = PKT_PLAINTEXT; pkt.pkt.plaintext = pt; - cfx.datalen = filesize && !opt.compress? calc_packet_length( &pkt ) : 0; + cfx.datalen = filesize && !do_compress? calc_packet_length( &pkt ) : 0; /* register the cipher filter */ iobuf_push_filter( out, cipher_filter, &cfx ); /* register the compress filter */ - if( opt.compress ) { + if( do_compress ) { int compr_algo = select_algo_from_prefs( pk_list, PREFTYPE_COMPR ); if( !compr_algo ) ; /* don't use compression */ diff --git a/g10/filter.h b/g10/filter.h index 2dc8a3e87..d48b75627 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -42,7 +42,7 @@ typedef struct { int parse_state; int inp_checked; /* set if inp has been checked */ int inp_bypass; /* set if the input is not armored */ - int inp_eof; + int any_data; const char *hdrlines; } armor_filter_context_t; diff --git a/g10/g10.c b/g10/g10.c index dac154d56..891da839e 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -135,6 +135,9 @@ enum cmd_and_opt_values { aNull = 0, oSetFilename, oComment, oThrowKeyid, + oS2KMode, + oS2KDigest, + oS2KCipher, aTest }; @@ -212,6 +215,11 @@ static ARGPARSE_OPTS opts[] = { { oMarginalsNeeded, "marginals-needed", 1, N_("(default is 3)")}, { oLoadExtension, "load-extension" ,2, N_("|file|load extension module")}, { oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, + { oS2KMode, "s2k-mode", 1, N_("|N| use passphrase mode N")}, + { oS2KDigest, "s2k-digest-algo",2, + N_("|NAME| use message digest algorithm NAME for passphrases")}, + { oS2KCipher, "s2k-cipher-algo",2, + N_("|NAME| use cipher algorithm NAME for passphrases")}, #ifdef IS_G10 { oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")}, { oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")}, @@ -226,10 +234,10 @@ static ARGPARSE_OPTS opts[] = { #ifdef IS_G10 { 302, NULL, 0, N_("@\nExamples:\n\n" " -se -r Bob [file] sign and encrypt for user Bob\n" - " -sat [file] make a clear text signature\n" - " -sb [file] make a detached signature\n" - " -k [userid] show keys\n" - " -kc [userid] show fingerprint\n" ) }, + " --clearsign [file] make a clear text signature\n" + " --detach-sign [file] make a detached signature\n" + " --list-keys [names] show keys\n" + " --fingerprint [names] show fingerprints\n" ) }, #endif /* hidden options */ @@ -472,11 +480,15 @@ main( int argc, char **argv ) const char *trustdb_name = NULL; char *def_cipher_string = NULL; char *def_digest_string = NULL; + char *s2k_cipher_string = NULL; + char *s2k_digest_string = NULL; + int pwfd = -1; #ifdef USE_SHM_COPROCESSING ulong requested_shm_size=0; #endif trap_unaligned(); + secmem_set_flags( secmem_get_flags() | 2 ); /* suspend warnings */ #ifdef IS_G10MAINT secmem_init( 0 ); /* disable use of secmem */ maybe_setuid = 0; @@ -497,6 +509,9 @@ main( int argc, char **argv ) opt.def_cipher_algo = 0; opt.def_digest_algo = 0; opt.def_compress_algo = 2; + opt.s2k_mode = 1; /* salted */ + opt.s2k_digest_algo = DIGEST_ALGO_RMD160; + opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH; opt.completes_needed = 1; opt.marginals_needed = 3; opt.homedir = getenv("GNUPGHOME"); @@ -527,8 +542,34 @@ main( int argc, char **argv ) default_config = 0; /* --no-options */ else if( pargs.r_opt == oHomedir ) opt.homedir = pargs.r.ret_str; + #ifdef USE_SHM_COPROCESSING + else if( pargs.r_opt == oRunAsShmCP ) { + /* does not make sense in a options file, we do it here, + * so that we are the able to drop setuid as soon as possible */ + opt.shm_coprocess = 1; + requested_shm_size = pargs.r.ret_ulong; + } + #endif } + + #ifdef USE_SHM_COPROCESSING + if( opt.shm_coprocess ) { + #ifdef IS_G10 + init_shm_coprocessing(requested_shm_size, 1 ); + #else + init_shm_coprocessing(requested_shm_size, 0 ); + #endif + } + #endif + #ifdef IS_G10 + /* initialize the secure memory. */ + secmem_init( 16384 ); + maybe_setuid = 0; + /* Okay, we are now working under our real uid */ + #endif + + if( default_config ) configname = make_filename(opt.homedir, "options", NULL ); @@ -550,7 +591,7 @@ main( int argc, char **argv ) else { log_error(_("option file '%s': %s\n"), configname, strerror(errno) ); - g10_exit(1); + g10_exit(2); } m_free(configname); configname = NULL; } @@ -654,16 +695,18 @@ main( int argc, char **argv ) case oDoNotExportRSA: opt.do_not_export_rsa = 1; break; case oCompressSigs: opt.compress_sigs = 1; break; case oRunAsShmCP: - #ifdef USE_SHM_COPROCESSING - opt.shm_coprocess = 1; - requested_shm_size = pargs.r.ret_ulong; - #else + #ifndef USE_SHM_COPROCESSING + /* not possible in the option file, + * but we print the warning here anyway */ log_error("shared memory coprocessing is not available\n"); #endif break; case oSetFilename: opt.set_filename = pargs.r.ret_str; break; case oComment: opt.comment_string = pargs.r.ret_str; break; case oThrowKeyid: opt.throw_keyid = 1; break; + case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; + case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break; + case oS2KCipher: s2k_cipher_string = m_strdup(pargs.r.ret_str); break; #ifdef IS_G10 case oRemote: /* store the remote users */ @@ -680,7 +723,7 @@ main( int argc, char **argv ) locusr = sl; break; case oCompress: opt.compress = pargs.r.ret_int; break; - case oPasswdFD: set_passphrase_fd( pargs.r.ret_int ); break; + case oPasswdFD: pwfd = pargs.r.ret_int; break; case oCipherAlgo: def_cipher_string = m_strdup(pargs.r.ret_str); break; case oDigestAlgo: def_digest_string = m_strdup(pargs.r.ret_str); break; case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break; @@ -709,22 +752,7 @@ main( int argc, char **argv ) tty_printf("%s\n", strusage(15) ); } - #ifdef USE_SHM_COPROCESSING - if( opt.shm_coprocess ) { - #ifdef IS_G10 - init_shm_coprocessing(requested_shm_size, 1 ); - #else - init_shm_coprocessing(requested_shm_size, 0 ); - #endif - } - #endif - #ifdef IS_G10 - /* initialize the secure memory. */ - secmem_init( 16384 ); - maybe_setuid = 0; - /* Okay, we are now working under our real uid */ - #endif - + secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */ set_debug(); @@ -742,12 +770,29 @@ main( int argc, char **argv ) if( check_digest_algo(opt.def_digest_algo) ) log_error(_("selected digest algorithm is invalid\n")); } + if( s2k_cipher_string ) { + opt.s2k_cipher_algo = string_to_cipher_algo(s2k_cipher_string); + m_free(s2k_cipher_string); s2k_cipher_string = NULL; + if( check_cipher_algo(opt.s2k_cipher_algo) ) + log_error(_("selected cipher algorithm is invalid\n")); + } + if( s2k_digest_string ) { + opt.s2k_digest_algo = string_to_digest_algo(s2k_digest_string); + m_free(s2k_digest_string); s2k_digest_string = NULL; + if( check_digest_algo(opt.s2k_digest_algo) ) + log_error(_("selected digest algorithm is invalid\n")); + } if( opt.def_compress_algo < 1 || opt.def_compress_algo > 2 ) log_error(_("compress algorithm must be in range %d..%d\n"), 1, 2); if( opt.completes_needed < 1 ) log_error(_("completes-needed must be greater than 0\n")); if( opt.marginals_needed < 2 ) log_error(_("marginals-needed must be greater than 1\n")); + switch( opt.s2k_mode ) { + case 0: case 1: case 3: break; + default: + log_error(_("invalid S2K mode; must be 0, 1 or 3\n")); + } if( log_get_errorcount(0) ) g10_exit(2); @@ -795,20 +840,11 @@ main( int argc, char **argv ) FREE_STRLIST(nrings); FREE_STRLIST(sec_nrings); - if( argc ) - fname = *argv; - else { - fname = NULL; - if( get_passphrase_fd() == 0 ) { - /* reading data and passphrase from stdin: - * we assume the first line is the passphrase, so - * we should read it now. - * - * We should do it here, but for now it is not needed. - * Anyway, this password scheme is not quite good - */ - } - } + + if( pwfd != -1 ) /* read the passphrase now. */ + read_passphrase_from_fd( pwfd ); + + fname = argc? *argv : NULL; switch( cmd ) { case aPrimegen: diff --git a/g10/getkey.c b/g10/getkey.c index f9f4c9f43..eed62e916 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -31,6 +31,7 @@ #include "keydb.h" #include "options.h" #include "main.h" +#include "i18n.h" #define MAX_PK_CACHE_ENTRIES 500 @@ -789,9 +790,6 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid, } } else { /* keyid or fingerprint lookup */ - /* No need to compare the usage here, as we already have the - * keyid to use - */ if( DBG_CACHE && (mode== 10 || mode==11) ) { log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n", (ulong)keyid[0], (ulong)keyid[1], @@ -867,6 +865,29 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid, merge_one_pk_and_selfsig( keyblock, keyblock ); } else { + if( primary && pk->pubkey_usage + && check_pubkey_algo2( k->pkt->pkt.public_key->pubkey_algo, + pk->pubkey_usage ) == G10ERR_WR_PUBKEY_ALGO ) { + /* if the usage is not correct, try to use a subkey */ + KBNODE save_k = k; + + for( ; k; k = k->next ) { + if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY + && !check_pubkey_algo2( + k->pkt->pkt.public_key->pubkey_algo, + pk->pubkey_usage ) ) + break; + } + if( !k ) + k = save_k; + else + log_info(_("using secondary key %08lX " + "instead of primary key %08lX\n"), + (ulong)keyid_from_pk( k->pkt->pkt.public_key, NULL), + (ulong)keyid_from_pk( save_k->pkt->pkt.public_key, NULL) + ); + } + copy_public_key_new_namehash( pk, k->pkt->pkt.public_key, use_namehash? namehash:NULL); merge_one_pk_and_selfsig( keyblock, k ); diff --git a/g10/gpgd.c b/g10/gpgd.c index da7a990dc..ce92c95d7 100644 --- a/g10/gpgd.c +++ b/g10/gpgd.c @@ -18,6 +18,15 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ +/**************** + * This is a spinning server for most purposes, the server does only + * fork for updates (which may require signature checks and lengthy DB + * operations). + * + * see ks-proto.c for the used protocol. + * see ks-db.c for the layout of the database. + */ + #include #include #include diff --git a/g10/import.c b/g10/import.c index 7ef916d27..12a2a099d 100644 --- a/g10/import.c +++ b/g10/import.c @@ -459,7 +459,7 @@ import_secret_one( const char *fname, KBNODE keyblock ) _("can't lock secret keyring: %s\n"), g10_errstr(rc) ); else if( (rc=insert_keyblock( &kbpos, keyblock )) ) log_error_f(keyblock_resource_name(&kbpos), - _("can't write keyring\n"), g10_errstr(rc) ); + _("can't write keyring: %s\n"), g10_errstr(rc) ); unlock_keyblock( &kbpos ); /* we are ready */ log_info_f(fname, _("key %08lX: secret key imported\n"), (ulong)keyid[1]); @@ -655,16 +655,17 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid ) else if( node->pkt->pkttype == PKT_SIGNATURE && node->pkt->pkt.signature->sig_class == 0x20 ) { if( uid_seen ) { - log_error_f(fname, _("key %08lX: revocation certificate at wrong " - "place - skipped\n"), fname, (ulong)keyid[1]); + log_error_f(fname, _("key %08lX: revocation certificate " + "at wrong place - skipped\n"), + (ulong)keyid[1]); delete_kbnode( node ); } else { int rc = check_key_signature( keyblock, node, NULL); if( rc ) { - log_error_f(fname, _("key %08lX: invalid revocation certificate" - ": %s - skipped\n"), - fname, (ulong)keyid[1], g10_errstr(rc)); + log_error_f(fname, _("key %08lX: invalid revocation " + "certificate: %s - skipped\n"), + (ulong)keyid[1], g10_errstr(rc)); delete_kbnode( node ); } } @@ -788,7 +789,7 @@ append_uid( KBNODE keyblock, KBNODE node, int *n_sigs, /* at lease a self signature comes next to the user-id */ if( node->next->pkt->pkttype == PKT_USER_ID ) { log_error_f(fname, _("key %08lX: our copy has no self-signature\n"), - fname, (ulong)keyid[1]); + (ulong)keyid[1]); return G10ERR_GENERAL; } diff --git a/g10/keydb.h b/g10/keydb.h index c16dc4b80..c7fb26db1 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -99,8 +99,8 @@ int build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, unsigned usage ); /*-- passphrase.h --*/ -void set_passphrase_fd( int fd ); -int get_passphrase_fd(void); +int have_static_passphrase(void); +void read_passphrase_from_fd( int fd ); DEK *passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode); void set_next_passphrase( const char *s ); char *get_last_passphrase(void); diff --git a/g10/keyedit.c b/g10/keyedit.c index 13fa24c8c..9387a762e 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -199,7 +199,6 @@ check_all_keysigs( KBNODE keyblock, int only_selected ) } - /**************** * Loop over all locusr and and sign the uids after asking. * If no user id is marked, all user ids will be signed; @@ -259,10 +258,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified ) (ulong)sk_keyid[1] ); continue; } - /* Ask whether we realy should sign these user id(s) */ + /* Ask whether we really should sign these user id(s) */ tty_printf("\n"); show_key_with_all_names( keyblock, 1, 1, 0, 0 ); - tty_printf("\n"); tty_printf(_( "Are you really sure that you want to sign this key\n" "with your key: \"")); @@ -372,9 +370,9 @@ change_passphrase( KBNODE keyblock ) set_next_passphrase( NULL ); for(;;) { - s2k->mode = 1; - s2k->hash_algo = DIGEST_ALGO_RMD160; - dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 ); + s2k->mode = opt.s2k_mode; + s2k->hash_algo = opt.s2k_digest_algo; + dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 ); if( !dek ) { tty_printf(_("passphrase not correctly repeated; try again.\n")); } @@ -556,7 +554,7 @@ keyedit_menu( const char *username, STRLIST locusr ) if( cmds[i].need_sk && !sec_keyblock ) ; /* skip if we do not have the secret key */ else if( cmds[i].desc ) - tty_printf("%-10s %s\n", cmds[i].name, cmds[i].desc ); + tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) ); } break; diff --git a/g10/keygen.c b/g10/keygen.c index 47a24b2ae..1d1cdbfc2 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -687,9 +687,9 @@ ask_passphrase( STRING2KEY **ret_s2k ) s2k = m_alloc_secure( sizeof *s2k ); for(;;) { - s2k->mode = 1; - s2k->hash_algo = DIGEST_ALGO_RMD160; - dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 ); + s2k->mode = opt.s2k_mode; + s2k->hash_algo = opt.s2k_digest_algo; + dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 ); if( !dek ) { tty_printf(_("passphrase not correctly repeated; try again.\n")); } @@ -970,10 +970,10 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) if( passphrase ) { s2k = m_alloc_secure( sizeof *s2k ); - s2k->mode = 1; - s2k->hash_algo = DIGEST_ALGO_RMD160; + s2k->mode = opt.s2k_mode; + s2k->hash_algo = opt.s2k_digest_algo; set_next_passphrase( passphrase ); - dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 ); + dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 ); } rc = do_create( algo, nbits, pub_keyblock, sec_keyblock, diff --git a/g10/ks-proto.c b/g10/ks-proto.c index b862357fb..b5109f2ad 100644 --- a/g10/ks-proto.c +++ b/g10/ks-proto.c @@ -42,245 +42,114 @@ * X-Key-MTime: * X-Key-LID: * [fixme: is X-.... allowed?] + * */ #include #include #include #include +#include +#include #include "util.h" #include "ks-proto.h" -#if 0 -/**************** - * Read a protocol line - */ + static int -read_line( FILE *fp ) +do_read( int fd, char *buffer, size_t bufsize, int *ret_nread ) { - return -1; + int n; + fd_set rfds; + struct timeval tv; + int rc; + + *ret_nread = 0; + do { + FD_ZERO(&rfds); + FD_SET(fd, &rfds); + tv.tv_sec = 1; + tv.tv_usec = 0; + if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) + return 0; /* timeout */ + if( rc == -1 ) { + log_error("select() error: %s\n", strerror(errno)); + return -1; + } + + do { + n = read(fd, buffer, bufsize ); + if( n >= 0 && n > bufsize ) + log_bug("bogus read from fd %d (n=%d)\n", fd, n ); + } while( n == -1 && errno == EINTR ); + if( n == -1 ) { + log_error("read error on fd %d: %s\n", fd, strerror(errno) ); + return -1; + } + } while( !n ); + *ret_nread = n; + return 0; } - - -/**************** - * Send a HKP request - */ -int -hkp_request( int operation, const char *user_id ) -{ - -} - - - - - -/************************************************ - ******* client communication stuff ************ - ************************************************/ - -/**************** - * Initialisieren des clients - * Es wird ein Handle zurückgegeben oder -1 bei einem fehler. - * z.Z. ist nut eine Verbindung gleichzeitig möglich. - * Wenn einer serverpid von 0 angegeben wird, so wird diese - * der environment variabeln ATEXDB_PID entnommen. - */ - int -hkp_open( const char *serverurl ) +ks_get_request( int fd, KS_TRANS *req ) { - const char *s; + char *p, *p2, buf[500]; + int nread, n; + int state = 0; - s = SERVER_NAME_TEMPLATE; - client.serv_name = xmalloc(strlen(s) + 10 ); - sprintf(client.serv_name,s, serverpid ); - if( opt.verbose ) - Info("Using unix domain stream '%s'", client.serv_name ); + req->err = 0; + req->data = NULL; + while( !do_read( fd, buf, DIM(buf)-1, &nread ) { + p = buf; + if( !state ) { + /* replace the trailing LF with a 0 */ + for(p2=p,n=0; n < nread && *p2 != '\n'; p2++ ) + ; + if( *p2 != '\n' ) { + req->err = KS_ERR_REQ_TOO_LONG; + break; + } + *p2++ = 0; + n++; - memset( &client.serv_addr, 0, sizeof client.serv_addr ); - client.serv_addr.sun_family = AF_UNIX; - strcpy( client.serv_addr.sun_path, client.serv_name ); - client.serv_addr_len = strlen(client.serv_addr.sun_path) - + sizeof client.serv_addr.sun_family; - - client.sockfd = -1; - if( DoCheckVersion() ) - return -1; - return 0; -} - - -static int -DoConnect() -{ - if( client.sockfd != -1 ) - DoDisconnect(); - if( (client.sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1 ) { - Error(1000,"can't open unix domain socket"); - return 1; - } - if( connect(client.sockfd, (struct sockaddr*)&client.serv_addr, - client.serv_addr_len) == -1 ) { - Error(1000,"can't connect to '%s'",client.serv_addr.sun_path); - return 1; - } - - return 0; /* okay */ -} - -static int -DoDisconnect() -{ - if( client.sockfd != -1 ) { - close(client.sockfd); - client.sockfd = -1; - } - return 0; /* okay */ -} - -/**************** - * NBYTES auf den aktuellen stream schreiben. - */ -static int -DoWrite( void *buf, size_t nbytes ) -{ - size_t nleft = nbytes; - ssize_t nwritten; - - while( nleft > 0 ) { - /* FIXME: add EINTR handling */ - nwritten = write(client.sockfd, buf, nleft); - if( nwritten < 0 ) { - Error(1000,"error writing to server"); - return -1; + /* now look at the request. Note that the isspace() will work + * because there is still a CR before the 0 */ + if( (p[0] == 'G' || p[0] == 'g') + && (p[1] == 'E' || p[1] == 'e') + && (p[2] == 'T' || p[2] == 't') && isspace( p[3] ) ) { + req->cmd = KS_REQ_GET; + p += 4; + } + else if( (p[0] == 'H' || p[0] == 'h') + && (p[1] == 'E' || p[1] == 'e') + && (p[2] == 'A' || p[2] == 'a') + && (p[3] == 'D' || p[3] == 'd') && isspace( p[4] ) ) { + req->cmd = KS_REQ_HEAD; + p += 5; + } + else if( (p[0] == 'H' || p[0] == 'h') + && (p[1] == 'E' || p[1] == 'e') + && (p[2] == 'L' || p[2] == 'l') + && (p[3] == 'P' || p[3] == 'p') && isspace( p[4] ) ) { + req->cmd = KS_REQ_HELP; + p += 5; + } + else + req->cmd = KS_REQ_UNKNOWN; + /* skip spaces, store args and remaining data */ + while( *p == ' ' || *p == '\t' ) + p++; + /* fixme: remove trailing blanks from args */ + req->args = p; + p = p2; /* p now points to the remaining n bytes in the buffer */ + state = 1; } - nleft -= nwritten; - buf = (char*)buf + nwritten; - } - return 0; -} - -static int -DoWriteStr( const char *s ) -{ - return DoWrite((char *)s, strlen(s) ); -} - - -static int -DoRead( void *buf, size_t buflen, size_t *ret_nread, int stop) -{ - size_t nleft = buflen; - int nread; - char *p; - - p = buf; - while( nleft > 0 ) { - /* FIXME: add EINTR handling */ - nread = read(client.sockfd, buf, stop? 1 : nleft); - if( nread < 0 ) { - Error(1000,"error reading from server"); - return -1; + if( state == 1 ) { + /* read the option lines */ } - else if( !nread ) - break; /* EOF */ - nleft -= nread; - buf = (char*)buf + nread; - if( stop ) - for(; p < (char*)buf ; p++ ) - if( *p == '\n' ) - goto leave; + } - leave: - if( ret_nread ) - *ret_nread = buflen - nleft; - return 0; -} - -/**************** - * Like DoRead(), but append the received data to the given strgbuf. - * read a maximum of nbytes; - */ -static int -DoReadIntoStrgbuf( strgbuf_t *strgbuf, size_t nbytes, size_t *ret_nread) -{ - size_t ntotal, nleft; - int nread; - byte *p, buffer[1000]; - - ntotal = 0; - nleft = nbytes; - while( nleft ) { - nread = read(client.sockfd, buffer, - nleft > DIM(buffer)? DIM(buffer) : nleft); - if( nread < 0 ) { - Error(1000,"error reading from server"); - return -1; - } - else if( !nread ) - break; /* EOF */ - nleft -= nread; - ntotal += nread; - /* ab in den stringbuffer */ - for(p=buffer; nread; nread--, p++ ) - PutStrgbuf(strgbuf, *p ); - } - - if( ret_nread ) - *ret_nread = ntotal; - return 0; } -/**************** - * In retval wird das numerische argument nach OK zurückgegeben - */ -static int -DoRequest( char *request, long *retval ) -{ - if( DoWrite(request, strlen(request)) ) - return -1; - return DoWaitReply( retval ); -} - -static int -DoWaitReply( long *retval ) -{ - char *p, buf[200]; /* enough room for messages */ - size_t nread; - - /* read but stop at the first newline */ - if( DoRead(buf, DIM(buf)-2, &nread, 1 ) ) - return -1; - buf[DIM(buf)-1] = 0; - /* fixme: should check, that we have the linefeed and otherwise - * perform a dummy read */ - if( p = strchr(buf, '\n') ) - *p = 0; - if( *buf == 'O' && buf[1] == 'K' && (buf[2]==' ' || !buf[2]) ) { - if( retval ) - *retval = buf[2]? strtol(buf+3, NULL, 10 ):0; - return 0; - } - Error(0, "Server replied: %.60s", buf ); - return -1; -} - - - - - - - - - - - - -#endif - - - diff --git a/g10/mainproc.c b/g10/mainproc.c index 1e8af7e21..bcbc4bd92 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -88,8 +88,10 @@ add_onepass_sig( CTX c, PACKET *pkt ) if( c->list->pkt->pkttype != PKT_ONEPASS_SIG ) { log_error("add_onepass_sig: another packet is in the way\n"); release_list( c ); + c->list = new_kbnode( pkt ); } - add_kbnode( c->list, new_kbnode( pkt )); + else + add_kbnode( c->list, new_kbnode( pkt )); } else /* insert the first one */ c->list = node = new_kbnode( pkt ); diff --git a/g10/options.h b/g10/options.h index a4b4167c4..d674ada12 100644 --- a/g10/options.h +++ b/g10/options.h @@ -55,6 +55,9 @@ struct { const char *set_filename; const char *comment_string; int throw_keyid; + int s2k_mode; + int s2k_digest_algo; + int s2k_cipher_algo; } opt; diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 2601e1571..1cd14acfb 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1068,6 +1068,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, } sk->protect.s2k.count = iobuf_get(inp); pktlen--; + if( list_mode ) + printf("\tprotect count: %lu\n", + (ulong)sk->protect.s2k.count); } } else { /* old version; no S2K, so we set mode to 0, hash MD5 */ diff --git a/g10/passphrase.c b/g10/passphrase.c index 7dbaeb466..2e649119d 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -34,22 +34,16 @@ #include "i18n.h" #include "status.h" -static int pwfd = -1; +static char *fd_passwd = NULL; static char *next_pw = NULL; static char *last_pw = NULL; static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create ); -void -set_passphrase_fd( int fd ) -{ - pwfd = fd; -} - int -get_passphrase_fd() +have_static_passphrase() { - return pwfd; + return !!fd_passwd; } /**************** @@ -81,6 +75,36 @@ get_last_passphrase() } +void +read_passphrase_from_fd( int fd ) +{ + int i, len; + char *pw; + + if( !opt.batch ) + tty_printf("Reading passphrase from file descriptor %d ...", fd ); + for( pw = NULL, i = len = 100; ; i++ ) { + if( i >= len-1 ) { + char *pw2 = pw; + len += 100; + pw = m_alloc_secure( len ); + if( pw2 ) + memcpy(pw, pw2, i ); + else + i=0; + } + if( read( fd, pw+i, 1) != 1 || pw[i] == '\n' ) + break; + } + pw[i] = 0; + if( !opt.batch ) + tty_printf("\b\b\b \n" ); + + m_free( fd_passwd ); + fd_passwd = pw; +} + + /**************** * Get a passphrase for the secret key with KEYID, display TEXT * if the user needs to enter the passphrase. @@ -140,26 +164,9 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode ) pw = next_pw; next_pw = NULL; } - else if( pwfd != -1 ) { /* read the passphrase from the file */ - int i, len; - - if( !opt.batch ) - tty_printf("Reading from file descriptor %d ...", pwfd ); - for( pw = NULL, i = len = 100; ; i++ ) { - if( i >= len-1 ) { - char *pw2 = pw; - len += 100; - pw = m_alloc_secure( len ); - if( pw2 ) - memcpy(pw, pw2, i ); - i=0; - } - if( read( pwfd, pw+i, 1) != 1 || pw[i] == '\n' ) - break; - } - pw[i] = 0; - if( !opt.batch ) - tty_printf("\b\b\b \n" ); + else if( fd_passwd ) { + pw = m_alloc_secure( strlen(fd_passwd)+1 ); + strcpy( pw, fd_passwd ); } else if( opt.batch ) log_fatal("Can't query password in batchmode\n"); @@ -192,54 +199,69 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode ) /**************** * Hash a passphrase using the supplied s2k. If create is true, create - * a new salt or whatelse must be filled into the s2k for a new key. + * a new salt or what else must be filled into the s2k for a new key. * always needs: dek->algo, s2k->mode, s2k->hash_algo. */ static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create ) { MD_HANDLE md; + int pass, i; + int used = 0; + int pwlen = strlen(pw); assert( s2k->hash_algo ); - dek->keylen = 0; + dek->keylen = cipher_get_keylen( dek->algo ) / 8; + if( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) ) + BUG(); + md = md_open( s2k->hash_algo, 1); - if( s2k->mode == 1 || s2k->mode == 3 ) { - ulong count = 0; - int len = strlen(pw); - int len2 = len + 8; - - if( create ) - randomize_buffer(s2k->salt, 8, 1); - - if( s2k->mode == 3 ) { - count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6); - log_debug("s2k iteration count=%lu\n", count ); + for(pass=0; used < dek->keylen ; pass++ ) { + if( pass ) { + md_reset(md); + for(i=0; i < pass; i++ ) /* preset the hash context */ + md_putc(md, 0 ); } - for(;;) { - md_write( md, s2k->salt, 8 ); - md_write( md, pw, len ); - if( count <= len2 ) - break; - count -= len2; - } - if( count ) { - if( count < 8 ) { - md_write( md, s2k->salt, count ); + + if( s2k->mode == 1 || s2k->mode == 3 ) { + int len2 = pwlen + 8; + ulong count = len2; + + if( create && !pass ) { + randomize_buffer(s2k->salt, 8, 1); + if( s2k->mode == 3 ) + s2k->count = 96; /* = 56536 */ } + + if( s2k->mode == 3 ) { + count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6); + if( count < len2 ) + count = len2; + } + /* a little bit complicated because we need a ulong for count */ + while( count > len2 ) { /* maybe iterated+salted */ + md_write( md, s2k->salt, 8 ); + md_write( md, pw, pwlen ); + count -= len2; + } + if( count < 8 ) + md_write( md, s2k->salt, count ); else { md_write( md, s2k->salt, 8 ); count -= 8; - assert( count <= len ); + assert( count >= 0 ); md_write( md, pw, count ); } } + else + md_write( md, pw, pwlen ); + md_final( md ); + i = md_digest_length( s2k->hash_algo ); + if( i > dek->keylen - used ) + i = dek->keylen - used; + memcpy( dek->key+used, md_read(md, s2k->hash_algo), i ); + used += i; } - else - md_write( md, pw, strlen(pw) ); - md_final( md ); - dek->keylen = cipher_get_keylen( dek->algo ) / 8; - assert(dek->keylen > 0 && dek->keylen <= DIM(dek->key) ); - memcpy( dek->key, md_read(md,0), dek->keylen ); md_close(md); } diff --git a/g10/pkclist.c b/g10/pkclist.c index 4f52eebb7..272a861b7 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -182,7 +182,8 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) int rc; if( (trustlevel & TRUST_FLAG_REVOKED) ) { - log_info("key has been revoked!\n"); + log_info("%08lX: key has been revoked!\n", + (ulong)keyid_from_pk( pk, NULL) ); if( opt.batch ) return 0; @@ -209,12 +210,13 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) return do_we_trust( pk, trustlevel ); case TRUST_EXPIRED: - log_info("key has expired\n"); + log_info("%08lX: key has expired\n", (ulong)keyid_from_pk( pk, NULL) ); return 0; /* no */ case TRUST_UNDEFINED: if( opt.batch || opt.answer_no ) - log_info("no info to calculate a trust probability\n"); + log_info("%08lX: no info to calculate a trust probability\n", + (ulong)keyid_from_pk( pk, NULL) ); else { rc = add_ownertrust( pk ); if( !rc ) { @@ -229,12 +231,14 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) return 0; case TRUST_NEVER: - log_info("We do NOT trust this key\n"); + log_info("%08lX: We do NOT trust this key\n", + (ulong)keyid_from_pk( pk, NULL) ); return 0; /* no */ case TRUST_MARGINAL: - log_info("I'm not sure whether this key really belongs to the owner\n" - "but I proceed anyway\n"); + log_info("%08lX: I'm not sure whether this key really belongs to the owner\n" + "but I proceed anyway\n", + (ulong)keyid_from_pk( pk, NULL) ); return 1; /* yes */ case TRUST_FULLY: diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 9253b8ce1..d43f8619d 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -168,7 +168,7 @@ check_secret_key( PKT_secret_key *sk, int n ) if( i ) log_error(_("Invalid passphrase; please try again ...\n")); rc = do_check( sk ); - if( get_passphrase_fd() != -1 ) + if( have_static_passphrase() ) break; } diff --git a/g10/sig-check.c b/g10/sig-check.c index 1dda44529..5e6873f9d 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -152,8 +152,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) u32 cur_time; if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { - log_info("this is a PGP generated " - "ElGamal key which is NOT secure for signatures!\n"); + log_info(_("this is a PGP generated " + "ElGamal key which is NOT secure for signatures!\n")); return G10ERR_PUBKEY_ALGO; } diff --git a/g10/status.c b/g10/status.c index 7cb2f5c5d..97b4fba97 100644 --- a/g10/status.c +++ b/g10/status.c @@ -31,6 +31,9 @@ #ifdef HAVE_SYS_SHM_H #include #endif + #if defined(HAVE_MLOCK) + #include + #endif #endif #include "util.h" #include "status.h" @@ -142,11 +145,21 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem ) log_info("mapped %uk shared memory at %p, id=%d\n", (unsigned)shm_size/1024, shm_area, shm_id ); if( lock_mem ) { + #ifdef IPC_HAVE_SHM_LOCK if ( shmctl (shm_id, SHM_LOCK, 0) ) - log_info("Locking shared memory %d failed: %s\n", + log_info("locking shared memory %d failed: %s\n", shm_id, strerror(errno)); else shm_is_locked = 1; + #elif defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) + if ( mlock (shm_area, shm_size) ) + log_info("locking shared memory %d failed: %s\n", + shm_id, strerror(errno)); + else + shm_is_locked = 1; + #else + log_info("Locking shared memory %d failed: No way to do it\n", shm_id ); + #endif } @@ -225,7 +238,7 @@ do_shm_get( const char *keyword, int hidden, int bool ) static void display_help( const char *keyword ) { - char *p; + const char *p; int hint = 0; tty_kill_prompt(); diff --git a/g10/trustdb.c b/g10/trustdb.c index bce0df0c9..b36c176ae 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -105,7 +105,7 @@ static TRUST_SEG_LIST last_trust_web_tslist; #define HEXTOBIN(a) ( (a) >= '0' && (a) <= '9' ? ((a)-'0') : \ (a) >= 'A' && (a) <= 'F' ? ((a)-'A'+10) : ((a)-'a'+10)) - + /********************************************** ************* list helpers ******************* **********************************************/ @@ -239,6 +239,8 @@ keyid_from_lid( ulong lid, u32 *keyid ) return 0; } + + /**************** * Walk through the signatures of a public key. * The caller must provide a context structure, with all fields set @@ -333,7 +335,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create ) - + /*********************************************** ************* Trust stuff ****************** ***********************************************/ @@ -357,6 +359,10 @@ verify_own_keys() if( DBG_TRUST ) log_debug("key %08lX: checking secret key\n", (ulong)keyid[1] ); + if( is_secret_key_protected( sk ) < 1 ) + log_info("note: secret key %08lX is NOT protected.\n", + (ulong)keyid[1] ); + /* see whether we can access the public key of this secret key */ memset( pk, 0, sizeof *pk ); rc = get_pubkey( pk, keyid ); @@ -1204,7 +1210,7 @@ do_check( TRUSTREC *dr, unsigned *trustlevel ) return 0; } - + /*********************************************** **************** API ************************ ***********************************************/ @@ -1564,6 +1570,8 @@ check_trustdb( const char *username ) } } + + /**************** * Get the trustlevel for this PK. * Note: This does not ask any questions @@ -1612,11 +1620,11 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel ) rc = insert_trust_record( pk ); if( rc ) { log_error(_("key %08lX: insert trust record failed: %s\n"), - keyid[1], g10_errstr(rc)); + (ulong)keyid[1], g10_errstr(rc)); goto leave; } log_info(_("key %08lX.%lu: inserted into trustdb\n"), - keyid[1], pk->local_id ); + (ulong)keyid[1], pk->local_id ); /* and re-read the dir record */ if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) { log_error("check_trust: reread dir record failed\n"); @@ -1628,14 +1636,14 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel ) if( pk->timestamp > cur_time ) { log_info(_("key %08lX.%lu: created in future " "(time warp or clock problem)\n"), - keyid[1], pk->local_id ); + (ulong)keyid[1], pk->local_id ); return G10ERR_TIME_CONFLICT; } if( pk->valid_days && add_days_to_timestamp(pk->timestamp, pk->valid_days) < cur_time ) { log_info(_("key %08lX.%lu: expired at %s\n"), - keyid[1], pk->local_id, + (ulong)keyid[1], pk->local_id, asctimestamp( add_days_to_timestamp(pk->timestamp, pk->valid_days))); trustlevel = TRUST_EXPIRED; @@ -1644,7 +1652,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel ) rc = do_check( &rec, &trustlevel ); if( rc ) { log_error(_("key %08lX.%lu: trust check failed: %s\n"), - keyid[1], pk->local_id, g10_errstr(rc)); + (ulong)keyid[1], pk->local_id, g10_errstr(rc)); return rc; } } diff --git a/include/cipher.h b/include/cipher.h index 14b99803e..dce7262c6 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -106,10 +106,12 @@ int check_digest_algo( int algo ); MD_HANDLE md_open( int algo, int secure ); void md_enable( MD_HANDLE hd, int algo ); MD_HANDLE md_copy( MD_HANDLE a ); +void md_reset( MD_HANDLE a ); void md_close(MD_HANDLE a); void md_write( MD_HANDLE a, byte *inbuf, size_t inlen); void md_final(MD_HANDLE a); byte *md_read( MD_HANDLE a, int algo ); +int md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen ); int md_get_algo( MD_HANDLE a ); int md_digest_length( int algo ); const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen ); diff --git a/po/ChangeLog b/po/ChangeLog index 61c1c9753..a09a806ae 100644 --- a/po/ChangeLog +++ b/po/ChangeLog @@ -1,3 +1,11 @@ +Mon Sep 21 15:03:44 1998 Werner Koch (wk@(none)) + + * it.po: New version from Marco d'Itri + +Mon Sep 21 09:28:54 1998 Werner Koch (wk@(none)) + + * fr.po: New version from Gaël Quéri + Tue Aug 11 12:28:11 1998 Werner Koch (wk@(none)) * it.po: New file from Marco. diff --git a/po/POTFILES.in b/po/POTFILES.in index 04a37d240..6b5f524bc 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -15,10 +15,12 @@ cipher/rand-w32.c # main program g10/g10.c +g10/armor.c g10/pkclist.c g10/keygen.c g10/decrypt.c g10/encode.c +g10/getkey.c g10/import.c g10/keyedit.c g10/keylist.c diff --git a/po/de.po b/po/de.po index fcf01f305..cf34f09d1 100644 --- a/po/de.po +++ b/po/de.po @@ -298,19 +298,19 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" -sat [file] make a clear text signature\n" -" -sb [file] make a detached signature\n" -" -k [userid] show keys\n" -" -kc [userid] show fingerprint\n" +" --clearsign [file] make a clear text signature\n" +" --detach-sign [file] make a detached signature\n" +" --list-keys [names] show keys\n" +" --fingerprint [names] show fingerprint\n" msgstr "" "@\n" "Beispiele:\n" "\n" " -se -r Bob [file] Signieren und verschlüsseln für Benutzer Bob\n" -" -sat [file] Eine Klartextsignatur erzeugen\n" -" -sb [file] Eine abgetrennte Signatur erzeugen\n" -" -k [userid] Die Schlüssel anzeigen\n" -" -kc [userid] Die \"Fingerabdrücke\" anzeigen\n" +" --clearsign [file] Eine Klartextsignatur erzeugen\n" +" --detach-sign [file] Eine abgetrennte Signatur erzeugen\n" +" --list-keys [names] Die Schlüssel anzeigen\n" +" --fingerprint [names] Die \"Fingerabdrücke\" anzeigen\n" #: g10/g10.c:302 msgid "Please report bugs to .\n" diff --git a/po/fr.po b/po/fr.po index 1a59f7bf5..8b8e0f895 100644 --- a/po/fr.po +++ b/po/fr.po @@ -2,15 +2,16 @@ # Copyright (C) 1998 Free Software Foundation, Inc. # Gaël Quéri , 1998. # -#, fuzzy msgid "" msgstr "" -"Project-Id-Version: gnupg-0.3.4\n" +"Project-Id-Version: gnupg-0.4.0\n" "POT-Creation-Date: 1998-09-18 17:16+0200\n" -"PO-Revision-Date: 1998-08-20 00:0000+0200\n" +"PO-Revision-Date: 1998-09-17 03:14+0200\n" "Last-Translator: Gaël Quéri \n" +"Language-Team: French \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso8859-1\n" +"Content-Transfer-Encoding: 8-bit\n" #: util/secmem.c:226 msgid "Warning: using insecure memory!\n" @@ -52,7 +53,7 @@ msgid "" msgstr "" "\n" "Il n'y a pas assez d'octets aléatoires disponibles. Faites autre chose\n" -"pur que l'OS puisse amasser plus d'entropie! (il faut %d octets de plus)\n" +"pour que l'OS puisse amasser plus d'entropie! (il faut %d octets de plus)\n" #: g10/g10.c:143 msgid "" @@ -120,7 +121,7 @@ msgstr "g #: g10/g10.c:163 msgid "remove key from the public keyring" -msgstr "enlever la clé du pore-clés public" +msgstr "enlever la clé du porte-clés public" #: g10/g10.c:165 msgid "sign or edit a key" @@ -156,15 +157,15 @@ msgstr "|[NOMS]|v #: g10/g10.c:177 msgid "De-Armor a file or stdin" -msgstr "Enlever l'armure d'un fichier ou de l'entrée standard" +msgstr "Enlever l'armure d'un fichier ou de stdin" #: g10/g10.c:178 msgid "En-Armor a file or stdin" -msgstr "Mettre une armure à un fichier ou à l'entrée standard" +msgstr "Mettre une armure à un fichier ou à stdin" #: g10/g10.c:179 msgid "|algo [files]|print message digests" -msgstr "|algo [fichiers]|indiquer les fonctions de hachage" +msgstr "|alg. [fich.]|indiquer les fonctions de hachage" #: g10/g10.c:180 msgid "print all message digests" @@ -263,7 +264,7 @@ msgstr "(3 par d #: g10/g10.c:213 msgid "|file|load extension module" -msgstr "|fichier|charger un module d'extension" +msgstr "|fich|charger un module d'extension" #: g10/g10.c:214 msgid "emulate the mode described in RFC1991" @@ -283,33 +284,31 @@ msgstr "|N|utiliser l'algorithme de compression N" #: g10/g10.c:219 msgid "throw keyid field of encrypted packets" -msgstr "" +msgstr "enlever l'idendification de la clé des paquets cryptés" -# encore un qui a lu Applied Cryptography ! (Bob)... -# #: g10/g10.c:227 msgid "" "@\n" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" -sat [file] make a clear text signature\n" -" -sb [file] make a detached signature\n" -" -k [userid] show keys\n" -" -kc [userid] show fingerprint\n" +" --clearsign [file] make a clear text signature\n" +" --detach-sign [file] make a detached signature\n" +" --list-keys [names] show keys\n" +" --fingerprint [names] show fingerprint\n" msgstr "" "@\n" "Exemples:\n" "\n" -" -se -r Alice [fichier] signer et crypter pour l'utilisateur Alice\n" -" -sat [fichier] faire une signature en texte clair\n" -" -sb [fichier] faire une signature détachée\n" -" -k [utilisateur] montrer les clés\n" -" -kc [utilisateur] montrer les empreintes\n" +" -se -r Alice [fichier] signer et crypter pour l'utilisateur Alice\n" +" --clearsign [fichier] faire une signature en texte clair\n" +" --detach-sign [fichier] faire une signature détachée\n" +" --list-keys [utilisateur] montrer les clés\n" +" --fingerprint [utilisateur] montrer les empreintes\n" #: g10/g10.c:302 msgid "Please report bugs to .\n" -msgstr "Rapprter toutes anomalies à .\n" +msgstr "Rapporter toutes anomalies à .\n" #: g10/g10.c:307 msgid "Usage: gpgm [options] [files] (-h for help)" @@ -342,6 +341,8 @@ msgid "" "\n" "Supported algorithms:\n" msgstr "" +"\n" +"Algorithmes supportés:\n" #: g10/g10.c:398 msgid "usage: gpgm [options] " @@ -474,8 +475,8 @@ msgid "" "RSA keys are deprecated; please consider creating a new key and use this key " "in the future\n" msgstr "" -"Les clés RSA sont déconseillées: considérez créer une nouvelle clé " -"etl'utiliser dans l'avenir\n" +"Les clés RSA sont déconseillées: considérez créer une nouvelle clé et " +"l'utiliser dans l'avenir\n" #: g10/pkclist.c:71 #, c-format @@ -520,6 +521,10 @@ msgstr "sSmM" #: g10/pkclist.c:99 msgid "edit_ownertrust.value" msgstr "" +"C'est à vous d'assigner une valeur ici; cette valeur ne sera jamais\n" +"exportée à une tierce personne. Nous en avons besoin pour créer le;\n" +"réseau de confiance (web-of-trust); cela n'a rien à voir avec le\n" +"réseau de certificats (créé implicitement)" #: g10/pkclist.c:99 msgid "Your decision? " @@ -549,6 +554,7 @@ msgstr "" #: g10/pkclist.c:189 msgid "revoked_key.override" msgstr "" +"Si vous voulez utiliser cette clé révoquée quand-même, répondez \"oui\"." #: g10/pkclist.c:190 g10/pkclist.c:277 msgid "Use this key anyway? " @@ -569,6 +575,7 @@ msgstr "" #: g10/pkclist.c:276 msgid "untrusted_key.override" msgstr "" +"Si vous voulez utiliser cette clé peu sûre quand-même, répondez \"oui\"." #: g10/pkclist.c:281 msgid "WARNING: Using untrusted key!\n" @@ -625,7 +632,7 @@ msgstr "" #: g10/pkclist.c:423 msgid "pklist.user_id.enter" -msgstr "" +msgstr "Entrez le nom de l'adresse à qui vous voulez envoyer le message." #: g10/pkclist.c:424 msgid "Enter the user ID: " @@ -690,7 +697,7 @@ msgstr " (%d) ElGamal dans un paquet v3\n" #: g10/keygen.c:393 msgid "keygen.algo" -msgstr "" +msgstr "Sélectionnez l'algorithme à utiliser:" #: g10/keygen.c:393 msgid "Your selection? " @@ -750,8 +757,8 @@ msgid "" "Okay, but keep in mind that your monitor and keyboard radiation is also very " "vulnerable to attacks!\n" msgstr "" -"D'accord, mais n'oubliez pas que votre écran et les radiations du " -"claviersont aussi vulnérables aux attaques! :)\n" +"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier " +"sont aussi très vulnérables aux attaques!\n" #: g10/keygen.c:459 msgid "keygen.size.large.okay" @@ -815,7 +822,7 @@ msgstr "" #: g10/keygen.c:525 msgid "Is this correct (y/n)? " -msgstr "Est-ce correct (y/n)? " +msgstr "Est-ce correct (o/n)? " #: g10/keygen.c:553 msgid "" @@ -827,8 +834,8 @@ msgid "" "\n" msgstr "" "\n" -"Vous avez besoin d'un nom d'utilisateur pour identifier votre clé; " -"leprogramme le construit à partir du nom réel, d'un commentaire et d'une\n" +"Vous avez besoin d'un nom d'utilisateur pour identifier votre clé; le " +"programme le construit à partir du nom réel, d'un commentaire et d'une\n" "adresse e-mail de cette manière:\n" " \"Heinrich Heine (Der Dichter) " @@ -1642,11 +1654,13 @@ msgstr "" #: g10/passphrase.c:126 #, c-format msgid "(%u-bit %s key, ID %08lX, created %s)\n" -msgstr "(clé de %u bits, ID %08lX, créée le %s)\n" +msgstr "(clé de %u bits %s, ID %08lX, créée le %s)\n" #: g10/passphrase.c:167 msgid "passphrase.enter" msgstr "" +"Entrez le mot de passe; c'est une phrase secrète \n" +" Blurb, blurb,.... " #: g10/passphrase.c:167 msgid "Enter pass phrase: " @@ -1655,6 +1669,7 @@ msgstr "Entrez le mot de passe: " #: g10/passphrase.c:170 msgid "passphrase.repeat" msgstr "" +"Répétez le dernier mot de passe, pour être sûr de ce que vous avez tapé." #: g10/passphrase.c:171 msgid "Repeat pass phrase: " @@ -1684,7 +1699,7 @@ msgstr "Mot de passe invalide; r #: g10/seckey-cert.c:215 msgid "Warning: Weak key detected - please change passphrase again.\n" -msgstr "" +msgstr "Attention: Mauvaise clé détectée - changez encore le mot de passe.\n" #: g10/sig-check.c:165 msgid "public key created in future (time warp or clock problem)\n" @@ -1772,11 +1787,11 @@ msgstr "Pas d'aide disponible pour '%s'" #: g10/pubkey-enc.c:78 #, c-format msgid "anonymous receiver; trying secret key %08lX ...\n" -msgstr "" +msgstr "destinataire anonyme; essai de la clé secrète %08lX ...\n" #: g10/pubkey-enc.c:84 msgid "okay, we are the anonymous receiver.\n" -msgstr "" +msgstr "d'accord, nous sommes le destinataire anonyme.\n" #: g10/pubkey-enc.c:183 #, c-format @@ -1796,33 +1811,22 @@ msgstr "" #: g10/openfile.c:60 msgid "Overwrite (y/N)? " -msgstr "Réécrire (y/N)? " +msgstr "Réécrire (o/N)? " #: g10/encr-data.c:74 msgid "" "Warning: Message was encrypted with a weak key in the symmetric cipher.\n" msgstr "" +"Attention: Le message a été crypté avec une mauvaise clé pendant le\n" +"chiffrement symétrique.\n" #: g10/seskey.c:52 msgid "weak key created - retrying\n" -msgstr "" +msgstr "mauvais clé générée - nouvel essai\n" #: g10/seskey.c:57 #, c-format msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n" msgstr "" - -#~ msgid "there is a secret key for this public key!\n" -#~ msgstr "il y a une clé secrète pour cette clé publique!\n" - -#~ msgid "use option \"--delete-secret-key\" to delete it first.\n" -#~ msgstr "utilisez l'option \"--delete-secret-key\" pour l'effacer d'abort.\n" - -#~ msgid "can't do that in batchmode without \"--yes\"\n" -#~ msgstr "ne peut faire cela en mode automatique sans \"--yes\"\n" - -#~ msgid "Delete this key from the keyring? " -#~ msgstr "Effacer cette clé du porte-clés? " - -#~ msgid "This is a secret key! - really delete? " -#~ msgstr "C'est une clé secrète! - effacer réellement? " +"ne peut éviter une mauvaise clé pour le chiffrement symétrique: \n" +"%d essais ont eu lieu!\n" diff --git a/po/it.po b/po/it.po index 9c2326810..b5d300ef7 100644 --- a/po/it.po +++ b/po/it.po @@ -1,12 +1,16 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Free Software Foundation, Inc. +# FIRST AUTHOR , YEAR. +# msgid "" msgstr "" -"POT-Creation-Date: 1998-09-18 17:16+0200\n" +"Project-Id-Version: gnupg-0.4.0\n" +"PO-Revision-Date: 1998-09-20 16:15+02:00\n" +"Last-Translator: Marco d'Itri \n" +"Language-Team: Italian \n" +"MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" -"Date: 1998-03-07 12:16:14+0100\n" -"From: Marco d'Itri \n" -"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments " -"--keyword=_ --keyword=N_ --files-from=./POTFILES.in\n" -"Files: util/secmem.c cipher/random.c g10/g10.c g10/pkclist.c g10/keygen.c\n" +"Content-Transfer-Encoding: 8bit\n" #: util/secmem.c:226 msgid "Warning: using insecure memory!\n" @@ -277,7 +281,7 @@ msgstr "|N|usa l'algoritmo di compressione N" #: g10/g10.c:219 msgid "throw keyid field of encrypted packets" -msgstr "" +msgstr "elimina il campo keyid dei pacchetti crittografati" #: g10/g10.c:227 msgid "" @@ -285,19 +289,19 @@ msgid "" "Examples:\n" "\n" " -se -r Bob [file] sign and encrypt for user Bob\n" -" -sat [file] make a clear text signature\n" -" -sb [file] make a detached signature\n" -" -k [userid] show keys\n" -" -kc [userid] show fingerprint\n" +" --clearsign [file] make a clear text signature\n" +" --detach-sign [file] make a detached signature\n" +" --list-keys [names] show keys\n" +" --fingerprint [names] show fingerprint\n" msgstr "" "@\n" "Esempi:\n" "\n" " -se -r Bob [file] firma e cifra per l'utente Bob\n" -" -sat [file] fai una firma mantenendo il testo in chiaro\n" -" -sb [file] fai una firma separata\n" -" -k [userid] mostra le chiavi\n" -" -kc [userid] mostra le impronte digitali\n" +" --clearsign [file] fai una firma mantenendo il testo in chiaro\n" +" --detach-sign [file] fai una firma separata\n" +" --list-keys [names] mostra le chiavi\n" +" --fingerprint [names] mostra le impronte digitali\n" #: g10/g10.c:302 msgid "Please report bugs to .\n" @@ -333,7 +337,7 @@ msgstr "" msgid "" "\n" "Supported algorithms:\n" -msgstr "" +msgstr "\nAlgoritmi gestiti:\n" #: g10/g10.c:398 msgid "usage: gpgm [options] " @@ -347,19 +351,16 @@ msgstr "uso: gpg [options] " msgid "conflicting commands\n" msgstr "comandi in conflitto\n" -# , c-format #: g10/g10.c:547 #, c-format msgid "note: no default option file '%s'\n" msgstr "nota: nessun file con opzioni predefinite '%s'\n" -# , c-format #: g10/g10.c:551 #, c-format msgid "option file '%s': %s\n" msgstr "file con opzioni predefinite '%s': %s\n" -# , c-format #: g10/g10.c:558 #, c-format msgid "reading options from '%s'\n" @@ -373,7 +374,6 @@ msgstr "l'algoritmo di cifratura selezionato non msgid "selected digest algorithm is invalid\n" msgstr "l'algoritmo di digest selezionato non è valido\n" -# , c-format #: g10/g10.c:746 #, c-format msgid "compress algorithm must be in range %d..%d\n" @@ -387,7 +387,6 @@ msgstr "completes-needed deve essere maggiore di 0\n" msgid "marginals-needed must be greater than 1\n" msgstr "marginals-needed deve essere maggiore di 1\n" -# , c-format #: g10/g10.c:833 #, c-format msgid "failed to initialize the TrustDB: %s\n" @@ -433,7 +432,6 @@ msgstr "--delete-secret-key nomeutente" msgid "--delete-key username" msgstr "--delete-key nomeutente" -# , c-format #: g10/encode.c:211 g10/g10.c:950 g10/keylist.c:79 #, c-format msgid "can't open %s: %s\n" @@ -443,19 +441,16 @@ msgstr "impossibile aprire '%s': %s\n" msgid "-k[v][v][v][c] [userid] [keyring]" msgstr "-k[v][v][v][c] [userid] [portachiavi]" -# , c-format #: g10/g10.c:1016 #, c-format msgid "dearmoring failed: %s\n" msgstr "rimozione dell'armatura fallita: %s\n" -# , c-format #: g10/g10.c:1024 #, c-format msgid "enarmoring failed: %s\n" msgstr "creazione dell'armatura fallita: %s\n" -# , c-format #: g10/g10.c:1085 #, c-format msgid "invalid hash algorithm '%s'\n" @@ -465,7 +460,6 @@ msgstr "algoritmo di hash non valido '%s'\n" msgid "[filename]" msgstr "[nomefile]" -# , c-format #: g10/decrypt.c:59 g10/g10.c:1157 g10/verify.c:66 #, c-format msgid "can't open '%s'\n" @@ -479,7 +473,6 @@ msgstr "" "L'uso di chiavi RSA è deprecato; per favore in futuro considera di creare e\n" "usare una nuova chiave.\n" -# , c-format #: g10/pkclist.c:71 #, c-format msgid "" @@ -513,7 +506,7 @@ msgstr "" #: g10/pkclist.c:90 msgid " m = back to the main menu\n" -msgstr "" +msgstr " m = ritorna al menù principale\n" # valid user replies (not including 1..4) # [Marco, you can change 'm' and 's' to whatever letters you like] @@ -666,31 +659,26 @@ msgstr "scrittura della autofirma\n" msgid "Please select what kind of key you want:\n" msgstr "Per favore scegli che tipo di chiave vuoi:\n" -# , c-format #: g10/keygen.c:385 #, c-format msgid " (%d) DSA and ElGamal (default)\n" msgstr " (%d) DSA e ElGamal (default)\n" -# , c-format #: g10/keygen.c:386 #, c-format msgid " (%d) ElGamal (sign and encrypt)\n" msgstr " (%d) ElGamal (firma e crittografa)\n" -# , c-format #: g10/keygen.c:387 #, c-format msgid " (%d) ElGamal (encrypt only)\n" msgstr " (%d) ElGamal (crittografa solo)\n" -# , c-format #: g10/keygen.c:388 #, c-format msgid " (%d) DSA (sign only)\n" msgstr " (%d) DSA (firma solo)\n" -# , c-format #: g10/keygen.c:389 #, c-format msgid " (%d) ElGamal in a v3 packet\n" @@ -708,7 +696,6 @@ msgstr "Cosa scegli? " msgid "Invalid selection.\n" msgstr "Scelta non valida.\n" -# , c-format #: g10/keygen.c:431 #, c-format msgid "" @@ -751,9 +738,8 @@ msgid "keygen.size.huge.okay" msgstr "" #: g10/keygen.c:451 -#, fuzzy msgid "Are you sure that you want this keysize? " -msgstr "Sei sicuro che vuoi una chiave di queste dimensioni? " +msgstr "Sei sicuro di volere una chiave di queste dimensioni? " #: g10/keygen.c:452 msgid "" @@ -771,13 +757,11 @@ msgstr "" msgid "Do you really need such a large keysize? " msgstr "Ti serve davvero una chiave così lunga? " -# , c-format #: g10/keygen.c:466 #, c-format msgid "Requested keysize is %u bits\n" msgstr "Le dimensioni della chiave richieste sono %u bit\n" -# , c-format #: g10/keygen.c:469 g10/keygen.c:473 #, c-format msgid "rounded up to %u bits\n" @@ -814,7 +798,6 @@ msgstr "valore non valido\n" msgid "Key does not expire at all\n" msgstr "La chiave non scade\n" -# , c-format #. print the date when the key expires #: g10/keygen.c:519 #, c-format @@ -889,7 +872,6 @@ msgstr "Commento: " msgid "Invalid character in comment\n" msgstr "Carattere non valido nel commento\n" -# , c-format #: g10/keygen.c:626 #, c-format msgid "" @@ -910,7 +892,6 @@ msgid "keygen.userid.cmd" msgstr "" #: g10/keygen.c:639 -#, fuzzy msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? " msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (O)kay/(Q)uit? " @@ -964,13 +945,11 @@ msgstr "La coppia DSA avr msgid "Key generation cancelled.\n" msgstr "Generazione della chiave annullata.\n" -# , c-format #: g10/keygen.c:812 #, c-format msgid "writing public certificate to '%s'\n" msgstr "scrittura del certificato pubblico in '%s'\n" -# , c-format #: g10/keygen.c:813 #, c-format msgid "writing secret certificate to '%s'\n" @@ -989,7 +968,6 @@ msgstr "" "vorrai usare il comando \"--add-key\" per generare una chiave secondaria\n" "per questo scopo.\n" -# , c-format #: g10/keygen.c:906 g10/keygen.c:990 #, c-format msgid "Key generation failed: %s\n" @@ -1003,7 +981,6 @@ msgstr "" msgid "Really create? " msgstr "Crea davvero? " -# , c-format #: g10/encode.c:87 #, c-format msgid "%s: can't open: %s\n" @@ -1019,7 +996,6 @@ msgstr "errore nella creazione della passhprase: %s\n" msgid "%s: warning: empty file\n" msgstr "%s: attenzione: file vuoto\n" -# , c-format #: g10/encode.c:217 #, c-format msgid "reading from '%s'\n" @@ -1030,7 +1006,6 @@ msgstr "lettura da '%s'\n" msgid "%s encrypted for: %s\n" msgstr "%s crittografato per: %s\n" -# , c-format #: g10/import.c:105 g10/trustdb.c:1342 #, c-format msgid "can't open file: %s\n" @@ -1058,7 +1033,7 @@ msgstr "chiave %08lX: nessun user id valido\n" #: g10/import.c:283 msgid "this may be caused by a missing self-signature\n" -msgstr "" +msgstr "questo può essere causato da una autofirma mancante\n" #: g10/import.c:291 g10/import.c:508 #, c-format @@ -1069,19 +1044,16 @@ msgstr "chiave %08lX: chiave pubblica non trovata: %s\n" msgid "no default public keyring\n" msgstr "nessun portachiavi pubblico predefinito\n" -# , c-format #: g10/import.c:301 #, c-format msgid "writing to '%s'\n" msgstr "scrittura in '%s'\n" -# , c-format #: g10/import.c:305 g10/import.c:359 g10/import.c:562 #, c-format msgid "can't lock public keyring: %s\n" msgstr "impossibile bloccare il portachiavi pubblico: %s\n" -# , c-format #: g10/import.c:308 #, c-format msgid "can't write to keyring: %s\n" @@ -1112,7 +1084,6 @@ msgstr "chiave %08lX: impossibile leggere il keyblock originale: %s\n" msgid "writing keyblock\n" msgstr "scrittura del keyblock\n" -# , c-format #: g10/import.c:362 g10/import.c:565 #, c-format msgid "can't write keyblock: %s\n" @@ -1308,7 +1279,6 @@ msgstr "" msgid "Really sign? " msgstr "Firmo davvero? " -# , c-format #: g10/keyedit.c:295 #, c-format msgid "signing failed: %s\n" @@ -1322,7 +1292,6 @@ msgstr "Questa chiave non msgid "Key is protected.\n" msgstr "La chiave è protetta.\n" -# , c-format #: g10/keyedit.c:366 #, c-format msgid "Can't edit this key: %s\n" @@ -1510,7 +1479,7 @@ msgstr "" #: g10/keyedit.c:465 msgid "change the ownertrust" -msgstr "" +msgstr "cambia il valore di fiducia" #: g10/keyedit.c:483 msgid "can't do that in batchmode\n" @@ -1550,13 +1519,11 @@ msgstr "" msgid "Quit without saving? " msgstr "Esco senza salvare? " -# , c-format #: g10/keyedit.c:580 #, c-format msgid "update failed: %s\n" msgstr "aggiornamento fallito: %s\n" -# , c-format #: g10/keyedit.c:587 #, c-format msgid "update secret failed: %s\n" @@ -1628,13 +1595,11 @@ msgstr "Nessun user id con l'indice %d\n" msgid "No secondary key with index %d\n" msgstr "Nessuna chiave secondaria con l'indice %d\n" -# , c-format #: g10/mainproc.c:198 #, c-format msgid "public key decryption failed: %s\n" msgstr "Decifratura della chiave pubblica fallita: %s\n" -# , c-format #: g10/mainproc.c:228 #, c-format msgid "decryption failed: %s\n" @@ -1659,20 +1624,19 @@ msgid "Can't check signature: %s\n" msgstr "Impossibile controllare la firma: %s\n" #: g10/passphrase.c:117 -#, fuzzy msgid "" "\n" "You need a passphrase to unlock the secret key for\n" "user: \"" msgstr "" -"Ti serve una passphrase per proteggere la tua chiave segreta.\n" "\n" +"Ti serve una passphrase per sbloccare la chiave segreta\n" +"dell'utente: \"" -# "(chiave %s di %u-bit, ID %08lX, creata il %s)\n" #: g10/passphrase.c:126 #, c-format msgid "(%u-bit %s key, ID %08lX, created %s)\n" -msgstr "(%u-bit, chiave %s, ID %08lX, creata il %s)\n" +msgstr "(chiave %2$s di %1$u-bit, ID %3$08lX, creata il %4$s)\n" #: g10/passphrase.c:167 msgid "passphrase.enter" @@ -1698,16 +1662,15 @@ msgstr "" msgid "Please enter name of data file: " msgstr "Inserisci il nome del file di dati: " -# , c-format #: g10/plaintext.c:295 #, c-format msgid "can't open signed data '%s'\n" msgstr "impossibile aprire i dati firmati '%s'\n" #: g10/seckey-cert.c:56 -#, fuzzy, c-format +#, c-format msgid "protection algorithm %d is not supported\n" -msgstr "nota: algoritmo di cifratura %d non trovato nelle impostazioni\n" +msgstr "l'algoritmo di protezione %d non è gestito\n" #: g10/seckey-cert.c:169 msgid "Invalid passphrase; please try again ...\n" @@ -1716,6 +1679,8 @@ msgstr "Passphrase non valida; riprova...\n" #: g10/seckey-cert.c:215 msgid "Warning: Weak key detected - please change passphrase again.\n" msgstr "" +"Attenzione: individuata una chiave debole - per favore cambia ancora la\n" +"passphrase.\n" #: g10/sig-check.c:165 msgid "public key created in future (time warp or clock problem)\n" @@ -1728,43 +1693,41 @@ msgstr "" msgid "warning: signature key expired %s\n" msgstr "attenzione: firma della chiave scaduta il %s\n" -# , c-format #: g10/trustdb.c:316 #, c-format msgid "error reading sigrec: %s\n" -msgstr "" +msgstr "errore leggendo la sigrec: %s\n" #: g10/trustdb.c:321 #, c-format msgid "chained sigrec %lu has a wrong owner\n" -msgstr "" +msgstr "la chained sigrec %lu ha il proprietario sbagliato\n" #: g10/trustdb.c:364 #, c-format msgid "key %08lX: secret key without public key\n" -msgstr "key %08lX: chiave segreta senza chiave pubblica\n" +msgstr "chiave %08lX: chiave segreta senza chiave pubblica\n" #: g10/trustdb.c:369 #, c-format msgid "key %08lX: secret and public key don't match\n" -msgstr "key %08lX: le chiavi segreta e pubblica non corrispondono\n" +msgstr "chiave %08lX: le chiavi segreta e pubblica non corrispondono\n" #: g10/trustdb.c:380 #, c-format msgid "key %08lX: can't put it into the trustdb\n" -msgstr "key %08lX: impossibile metterla nel trustdb\n" +msgstr "chiave %08lX: impossibile metterla nel trustdb\n" #: g10/trustdb.c:386 #, c-format msgid "key %08lX: query record failed\n" -msgstr "key %08lX: richiesta del record fallita\n" +msgstr "chiave %08lX: richiesta del record fallita\n" #: g10/trustdb.c:395 #, c-format msgid "key %08lX: already in ultikey_table\n" -msgstr "key %08lX: già in ultikey_table\n" +msgstr "chiave %08lX: già in ultikey_table\n" -# , c-format #: g10/trustdb.c:402 #, c-format msgid "enum_secret_keys failed: %s\n" @@ -1773,30 +1736,29 @@ msgstr "enum_secret_keys fallito: %s\n" #: g10/trustdb.c:1614 #, c-format msgid "key %08lX: insert trust record failed: %s\n" -msgstr "key %08lX: inserimento del record della fiducia fallito: %s\n" +msgstr "chiave %08lX: inserimento del record della fiducia fallito: %s\n" #: g10/trustdb.c:1618 #, c-format msgid "key %08lX.%lu: inserted into trustdb\n" -msgstr "key %08lX.%lu: inserita nel trustdb\n" +msgstr "chiave %08lX.%lu: inserita nel trustdb\n" #: g10/trustdb.c:1629 #, c-format msgid "key %08lX.%lu: created in future (time warp or clock problem)\n" msgstr "" -"key %08lX.%lu: creata nel futuro (salto nel tempo o problema\n" +"chiave %08lX.%lu: creata nel futuro (salto nel tempo o problema\n" "con l'orologio)\n" -# , c-format #: g10/trustdb.c:1637 #, c-format msgid "key %08lX.%lu: expired at %s\n" -msgstr "key %08lX.%lu: scaduta il %s\n" +msgstr "chiave %08lX.%lu: scaduta il %s\n" #: g10/trustdb.c:1646 #, c-format msgid "key %08lX.%lu: trust check failed: %s\n" -msgstr "key %08lX.%lu: controllo della fiducia fallito: %s\n" +msgstr "chiave %08lX.%lu: controllo della fiducia fallito: %s\n" #: g10/status.c:233 msgid "No help available" @@ -1810,11 +1772,11 @@ msgstr "Nessun aiuto disponibile per '%s'" #: g10/pubkey-enc.c:78 #, c-format msgid "anonymous receiver; trying secret key %08lX ...\n" -msgstr "" +msgstr "ricevente anonimo; provo la chiave segreta %08lX ...\n" #: g10/pubkey-enc.c:84 msgid "okay, we are the anonymous receiver.\n" -msgstr "" +msgstr "Bene, siamo il ricevente anonimo.\n" #: g10/pubkey-enc.c:183 #, c-format @@ -1825,7 +1787,7 @@ msgstr "nota: algoritmo di cifratura %d non trovato nelle impostazioni\n" #: g10/openfile.c:58 #, c-format msgid "File '%s' exists. " -msgstr "" +msgstr "Il file '%s' esiste. " #: g10/openfile.c:59 msgid "openfile.overwrite.okay" @@ -1833,36 +1795,22 @@ msgstr "" #: g10/openfile.c:60 msgid "Overwrite (y/N)? " -msgstr "" +msgstr "Sovrascrivo (y/N)? " #: g10/encr-data.c:74 msgid "" "Warning: Message was encrypted with a weak key in the symmetric cipher.\n" msgstr "" +"Attenzione: il messaggio era stato crittografato usando una chiave debole\n" +"per il cifrario simmetrico\n" #: g10/seskey.c:52 msgid "weak key created - retrying\n" -msgstr "" +msgstr "creata una chiave debole - riprovo\n" #: g10/seskey.c:57 #, c-format msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n" msgstr "" - -#~ msgid "do not make any changes" -#~ msgstr "non fare cambiamenti" - -#~ msgid "there is a secret key for this public key!\n" -#~ msgstr "c'è una chiave segreta per questa chiave pubblica!\n" - -#~ msgid "use option \"--delete-secret-key\" to delete it first.\n" -#~ msgstr "prima usa l'opzione \"--delete-secret-key\" per cancellarla.\n" - -#~ msgid "can't do that in batchmode without \"--yes\"\n" -#~ msgstr "impossibile fare questo in batch mode senza \"--yes\"\n" - -#~ msgid "Delete this key from the keyring? " -#~ msgstr "Cancello questa chiave dal portachiavi? " - -#~ msgid "This is a secret key! - really delete? " -#~ msgstr "Questa è una chiave segreta! - la cancello davvero? " +"Impossibile evitare una chiave debole per il cifrario simmetrico;\n" +"ho provato %d volte!\n" diff --git a/tools/Makefile.am b/tools/Makefile.am index 249ce85d9..e3c8975d3 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl needed_libs = ../cipher/libcipher.a ../util/libutil.a \ ../mpi/libmpi.a ../util/libutil.a @@ -20,5 +20,5 @@ bftest_LDADD = @INTLLIBS@ $(needed_libs) shmtest_LDADD = @INTLLIBS@ $(needed_libs) -mpicalc bftest: $(needed_libs) +mpicalc bftest shmtest: $(needed_libs) diff --git a/util/ChangeLog b/util/ChangeLog index 668c40fe5..4eb7b9697 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,7 @@ +Mon Sep 21 19:45:01 1998 Werner Koch (wk@(none)) + + * secmem.c: New flags to allow suspend/resume of warnings. + Fri Sep 18 16:25:47 1998 Werner Koch (wk@(none)) * secmem.c (lock_pool): Kludge for broken mlock on HPUX 10.20 diff --git a/util/secmem.c b/util/secmem.c index e75a13512..1f1616a18 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -67,6 +67,16 @@ static unsigned cur_blocks; static int disable_secmem; static int show_warning; static int no_warning; +static int suspend_warning; + + +static void +print_warn() +{ + if( !no_warning ) + log_info(_("Warning: using insecure memory!\n")); +} + static void lock_pool( void *p, size_t n ) @@ -78,8 +88,10 @@ lock_pool( void *p, size_t n ) uid = getuid(); #ifdef HAVE_BROKEN_MLOCK - if( uid ) - err = EPERM; + if( uid ) { + errno = EPERM; + err = errno; + } else { err = mlock( p, n ); if( err && errno ) @@ -179,13 +191,26 @@ compress_pool(void) void secmem_set_flags( unsigned flags ) { + int was_susp = suspend_warning; + no_warning = flags & 1; + suspend_warning = flags & 2; + + /* and now issue the warning if it is not longer suspended */ + if( was_susp && !suspend_warning && show_warning ) { + show_warning = 0; + print_warn(); + } } unsigned secmem_get_flags(void) { - return no_warning ? 1:0; + unsigned flags; + + flags = no_warning ? 1:0; + flags |= suspend_warning ? 2:0; + return flags; } void @@ -220,10 +245,9 @@ secmem_malloc( size_t size ) if( !pool_okay ) log_bug("secmem not initialized\n"); - if( show_warning ) { + if( show_warning && !suspend_warning ) { show_warning = 0; - if( !no_warning ) - log_info(_("Warning: using insecure memory!\n")); + print_warn(); } /* blocks are always a multiple of 32 */ diff --git a/zlib/Makefile b/zlib/Makefile index 4eb3f3b59..7b77552a3 100644 --- a/zlib/Makefile +++ b/zlib/Makefile @@ -66,33 +66,33 @@ host_alias = i586-pc-linux-gnu host_triplet = i586-pc-linux-gnu target_alias = i586-pc-linux-gnu target_triplet = i586-pc-linux-gnu -CATALOGS = en.gmo de.gmo it.gmo fr.gmo -CATOBJEXT = .gmo +CATALOGS = +CATOBJEXT = CC = gcc CPP = gcc -E DATADIRNAME = share DYNLINK_LDFLAGS = -rdynamic -G10_LOCALEDIR = /usr/local/share/locale +G10_LOCALEDIR = /usr/local//locale GENCAT = GMOFILES = en.gmo de.gmo it.gmo fr.gmo -GMSGFMT = /usr/local/bin/msgfmt +GMSGFMT = GT_NO = GT_YES = #YES# INCLUDE_LOCALE_H = #include -INSTOBJEXT = .mo -INTLDEPS = $(top_builddir)/intl/libintl.a -INTLLIBS = $(top_builddir)/intl/libintl.a -INTLOBJS = $(GETTOBJS) +INSTOBJEXT = +INTLDEPS = +INTLLIBS = +INTLOBJS = MKINSTALLDIRS = scripts/mkinstalldirs MPI_EXTRA_ASM_OBJS = -MSGFMT = /usr/local/bin/msgfmt +MSGFMT = PACKAGE = gnupg POFILES = en.po de.po it.po fr.po -POSUB = po +POSUB = RANLIB = ranlib -USE_INCLUDED_LIBINTL = yes -USE_NLS = yes -VERSION = 0.4.0 +USE_INCLUDED_LIBINTL = no +USE_NLS = no +VERSION = 0.4.0a ZLIBS = l = @@ -122,7 +122,7 @@ LIBRARIES = $(noinst_LIBRARIES) DEFS = -DHAVE_CONFIG_H -I. -I$(srcdir) -I.. CPPFLAGS = LDFLAGS = -LIBS = -ldl -lz +LIBS = -ldl -lz libzlib_a_LIBADD = libzlib_a_OBJECTS = adler32.o compress.o crc32.o gzio.o uncompr.o \ deflate.o trees.o zutil.o inflate.o infblock.o inftrees.o infcodes.o \