diff --git a/BUGS b/BUGS index da991bd08..8f98aa586 100644 --- a/BUGS +++ b/BUGS @@ -42,29 +42,27 @@ an "info standards" to find out why a disclaimer is needed for GNU.) Buserror on IRIX 6.4: Crash while doing a keygen. I think while creating the prime. Other buserrors are reported when doing a "gpg README" on sparc-solaris2.6. - --> I hope I've fixed this: Please, can someone it. I can't reproduce it - on the alpha I have access to. + --> I hope I've fixed this: Please, can check someone it. + I can't reproduce it on the alpha I have access to. -[ **] #7 1999-02-22 0.9.3 +[ *] #7 1999-02-22 0.9.3 Conventional encrytion incompatibilty: $ gpg -c --cipher-algo cast5 --compress-algo 1 --no-comment secrets.txt Creates a file that gpg can decrypt, but PGP 5.5 has problems with it. PGP decrypts 6416k out of 6424k, then complains with "PGP Warning", "The keyring contains a bad (corrupted) PGP packet". The resulting file is missing information from the front. + [26.02.99: temporary fix in encrypt_simple() -[ *] #8 1999-02-25 +[ ] #8 1999-02-25 0.9.3 %gpg --encrypt -r kazu@iijlab.net --batch foo gpg: Warning: using insecure memory! gpg: 11C23F61: no info to calculate a trust probability - This creates a symmetrically encrypted message WITHOUT a session key encrypted with public cryptographic(i.e. foo.gpg). This is probably - because GNUPG encrypted a message with a random session key first then - tries to find public keys specified with the -r option. I don't like - this. + [26.02.99 fixed] -[ **] #9 1999-02-25 +[ ] #9 1999-02-25 Misalignment in md5.c#md5_write. - + [26.02.99 fixed] diff --git a/ChangeLog b/ChangeLog index fc78f89ae..8565122ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Fri Feb 26 17:55:41 CET 1999 Werner Koch + + * encode.c (encode_simple): temporary fix. + Wed Feb 24 11:07:27 CET 1999 Werner Koch * configure.in: New option --enable-static-rnd. diff --git a/THANKS b/THANKS index be9260610..55318f35e 100644 --- a/THANKS +++ b/THANKS @@ -67,6 +67,7 @@ QingLong qinglong@bolizm.ihep.su Ralph Gillen gillen@theochem.uni-duesseldorf.de Rat ratinox@peorth.gweep.net Reinhard Wobst R.Wobst@ifw-dresden.de +Rémi Guyomarch rguyomarch@ifn.fr Reuben Sumner rasumner@wisdom.weizmann.ac.il Roddy Strachan roddy@satlink.com.au Roland Rosenfeld roland@spinnaker.rhein.de diff --git a/TODO b/TODO index 94aca828a..ce204f50c 100644 --- a/TODO +++ b/TODO @@ -18,17 +18,7 @@ What about 2.2 or should we use the system calls directly? * when decryptiong multiple key: print a warning only if no usable pubkey - encrypte package was found. Extension: display a list of all recipients. - - * in pkclist.c : display info about the key before saying that - we have (no) trust info. - - * for new key: the last keyring specified is used. Order is: default - keyrings, keyrings from options, keyrings from the command line. - - * display a kind of message-id from a signature (the timestamp may not - be suffiecient but DSA signatures are always different). This can - be used to prevent replay attacks. (something is mentioned in rfc2440). + encrypt package was found. Extension: display a list of all recipients. Nice to have diff --git a/checks/Makefile.am b/checks/Makefile.am index eb83ec4fe..38b163fcf 100644 --- a/checks/Makefile.am +++ b/checks/Makefile.am @@ -64,5 +64,7 @@ data-32000: data-80000: ../tools/mk-tdata 80000 >data-80000 plain-large: - cat ../doc/HACKING ../doc/DETAILS ../doc/FAQ >plain-large + cat $(srcdir)/../doc/HACKING \ + $(srcdir)/../doc/DETAILS \ + $(srcdir)/../doc/FAQ >plain-large diff --git a/checks/defs.inc b/checks/defs.inc index f8bc3147e..840fc69d2 100755 --- a/checks/defs.inc +++ b/checks/defs.inc @@ -74,12 +74,11 @@ pgmname=`basename $0` [ -z "$srcdir" ] && fatal "not called from make" -# Note don't use lock-once here because we call gpg in a pipe cat <./options no-greeting no-secmem-warning load-extension ../cipher/tiger +load-extension ../cipher/rndlinux batch -lock-once EOF diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 442591f15..bc9aa54e5 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,7 @@ +Fri Feb 26 17:55:41 CET 1999 Werner Koch + + * md.c: Nearly a total rewrote. + Wed Feb 24 11:07:27 CET 1999 Werner Koch * cipher.c (context): Fixed alignment diff --git a/cipher/md5.c b/cipher/md5.c index f49f71c73..a3725466b 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -1,5 +1,5 @@ /* md5.c - MD5 Message-Digest Algorithm - * Copyright (C) 1995, 1996, 1998 Free Software Foundation, Inc. + * Copyright (C) 1995, 1996, 1998, 1999 Free Software Foundation, Inc. * * according to the definition of MD5 in RFC 1321 from April 1992. * NOTE: This is *not* the same file as the one from glibc. @@ -19,7 +19,7 @@ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* Written by Ulrich Drepper , 1995. */ -/* modified for GnuPG by */ +/* heavily modified for GnuPG by */ /* Test values: * "" D4 1D 8C D9 8F 00 B2 04 E9 80 09 98 EC F8 42 7E @@ -40,24 +40,12 @@ typedef struct { u32 A,B,C,D; /* chaining variables */ - u32 total[2]; - u32 buflen; - char buffer[128]; + u32 nblocks; + byte buf[64]; + int count; } MD5_CONTEXT; - -#ifdef BIG_ENDIAN_HOST - #define SWAP(n) \ - (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24)) -#else - #define SWAP(n) (n) -#endif - -/* This array contains the bytes used to pad the buffer to the next - 64-byte boundary. (RFC 1321, 3.1: Step 1) */ -static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ }; - static void md5_init( MD5_CONTEXT *ctx ) { @@ -66,8 +54,8 @@ md5_init( MD5_CONTEXT *ctx ) ctx->C = 0x98badcfe; ctx->D = 0x10325476; - ctx->total[0] = ctx->total[1] = 0; - ctx->buflen = 0; + ctx->nblocks = 0; + ctx->count = 0; } @@ -87,157 +75,137 @@ md5_init( MD5_CONTEXT *ctx ) * transform n*64 bytes */ static void -transform( MD5_CONTEXT *ctx, const void *buffer, size_t len ) +/*transform( MD5_CONTEXT *ctx, const void *buffer, size_t len )*/ +transform( MD5_CONTEXT *ctx, byte *data ) { u32 correct_words[16]; - const u32 *words = buffer; - size_t nwords = len / sizeof(u32); - const u32 *endp = words + nwords; u32 A = ctx->A; u32 B = ctx->B; u32 C = ctx->C; u32 D = ctx->D; + u32 *cwp = correct_words; - /* First increment the byte count. RFC 1321 specifies the possible - length of the file up to 2^64 bits. Here we only compute the - number of bytes. Do a double word increment. */ - ctx->total[0] += len; - if( ctx->total[0] < len ) - ++ctx->total[1]; + #ifdef BIG_ENDIAN_HOST + { int i; + byte *p2, *p1; + for(i=0, p1=data, p2=(byte*)correct_words; i < 16; i++, p2 += 4 ) { + p2[3] = *p1++; + p2[2] = *p1++; + p2[1] = *p1++; + p2[0] = *p1++; + } + } + #else + memcpy( correct_words, data, 64 ); + #endif - /* Process all bytes in the buffer with 64 bytes in each round of - the loop. */ - while(words < endp) { - u32 *cwp = correct_words; - u32 A_save = A; - u32 B_save = B; - u32 C_save = C; - u32 D_save = D; +#define OP(a, b, c, d, s, T) \ + do \ + { \ + a += FF (b, c, d) + (*cwp++) + T; \ + CYCLIC (a, s); \ + a += b; \ + } \ + while (0) - /* First round: using the given function, the context and a constant - the next context is computed. Because the algorithm's processing - unit is a 32-bit word, and it is determined to work on words in - little endian byte order, we perhaps have to change the byte order - before the computation. To reduce the work for the next steps - we store the swapped words in the array CORRECT_WORDS. */ - -#define OP(a, b, c, d, s, T) \ - do \ - { \ - a += FF (b, c, d) + (*cwp++ = SWAP (*words)) + T; \ - ++words; \ - CYCLIC (a, s); \ - a += b; \ - } \ - while (0) - - /* It is unfortunate that C does not provide an operator for - cyclic rotation. Hope the C compiler is smart enough. */ + /* It is unfortunate that C does not provide an operator for + cyclic rotation. Hope the C compiler is smart enough. */ #define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) - /* Before we start, one word about the strange constants. - They are defined in RFC 1321 as + /* Before we start, one word about the strange constants. + They are defined in RFC 1321 as - T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 - */ + T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64 + */ - /* Round 1. */ - OP (A, B, C, D, 7, 0xd76aa478); - OP (D, A, B, C, 12, 0xe8c7b756); - OP (C, D, A, B, 17, 0x242070db); - OP (B, C, D, A, 22, 0xc1bdceee); - OP (A, B, C, D, 7, 0xf57c0faf); - OP (D, A, B, C, 12, 0x4787c62a); - OP (C, D, A, B, 17, 0xa8304613); - OP (B, C, D, A, 22, 0xfd469501); - OP (A, B, C, D, 7, 0x698098d8); - OP (D, A, B, C, 12, 0x8b44f7af); - OP (C, D, A, B, 17, 0xffff5bb1); - OP (B, C, D, A, 22, 0x895cd7be); - OP (A, B, C, D, 7, 0x6b901122); - OP (D, A, B, C, 12, 0xfd987193); - OP (C, D, A, B, 17, 0xa679438e); - OP (B, C, D, A, 22, 0x49b40821); + /* Round 1. */ + OP (A, B, C, D, 7, 0xd76aa478); + OP (D, A, B, C, 12, 0xe8c7b756); + OP (C, D, A, B, 17, 0x242070db); + OP (B, C, D, A, 22, 0xc1bdceee); + OP (A, B, C, D, 7, 0xf57c0faf); + OP (D, A, B, C, 12, 0x4787c62a); + OP (C, D, A, B, 17, 0xa8304613); + OP (B, C, D, A, 22, 0xfd469501); + OP (A, B, C, D, 7, 0x698098d8); + OP (D, A, B, C, 12, 0x8b44f7af); + OP (C, D, A, B, 17, 0xffff5bb1); + OP (B, C, D, A, 22, 0x895cd7be); + OP (A, B, C, D, 7, 0x6b901122); + OP (D, A, B, C, 12, 0xfd987193); + OP (C, D, A, B, 17, 0xa679438e); + OP (B, C, D, A, 22, 0x49b40821); - /* For the second to fourth round we have the possibly swapped words - in CORRECT_WORDS. Redefine the macro to take an additional first - argument specifying the function to use. */ #undef OP #define OP(f, a, b, c, d, k, s, T) \ - do \ - { \ - a += f (b, c, d) + correct_words[k] + T; \ - CYCLIC (a, s); \ - a += b; \ - } \ - while (0) + do \ + { \ + a += f (b, c, d) + correct_words[k] + T; \ + CYCLIC (a, s); \ + a += b; \ + } \ + while (0) - /* Round 2. */ - OP (FG, A, B, C, D, 1, 5, 0xf61e2562); - OP (FG, D, A, B, C, 6, 9, 0xc040b340); - OP (FG, C, D, A, B, 11, 14, 0x265e5a51); - OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa); - OP (FG, A, B, C, D, 5, 5, 0xd62f105d); - OP (FG, D, A, B, C, 10, 9, 0x02441453); - OP (FG, C, D, A, B, 15, 14, 0xd8a1e681); - OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8); - OP (FG, A, B, C, D, 9, 5, 0x21e1cde6); - OP (FG, D, A, B, C, 14, 9, 0xc33707d6); - OP (FG, C, D, A, B, 3, 14, 0xf4d50d87); - OP (FG, B, C, D, A, 8, 20, 0x455a14ed); - OP (FG, A, B, C, D, 13, 5, 0xa9e3e905); - OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8); - OP (FG, C, D, A, B, 7, 14, 0x676f02d9); - OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a); + /* Round 2. */ + OP (FG, A, B, C, D, 1, 5, 0xf61e2562); + OP (FG, D, A, B, C, 6, 9, 0xc040b340); + OP (FG, C, D, A, B, 11, 14, 0x265e5a51); + OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa); + OP (FG, A, B, C, D, 5, 5, 0xd62f105d); + OP (FG, D, A, B, C, 10, 9, 0x02441453); + OP (FG, C, D, A, B, 15, 14, 0xd8a1e681); + OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8); + OP (FG, A, B, C, D, 9, 5, 0x21e1cde6); + OP (FG, D, A, B, C, 14, 9, 0xc33707d6); + OP (FG, C, D, A, B, 3, 14, 0xf4d50d87); + OP (FG, B, C, D, A, 8, 20, 0x455a14ed); + OP (FG, A, B, C, D, 13, 5, 0xa9e3e905); + OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8); + OP (FG, C, D, A, B, 7, 14, 0x676f02d9); + OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a); - /* Round 3. */ - OP (FH, A, B, C, D, 5, 4, 0xfffa3942); - OP (FH, D, A, B, C, 8, 11, 0x8771f681); - OP (FH, C, D, A, B, 11, 16, 0x6d9d6122); - OP (FH, B, C, D, A, 14, 23, 0xfde5380c); - OP (FH, A, B, C, D, 1, 4, 0xa4beea44); - OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9); - OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60); - OP (FH, B, C, D, A, 10, 23, 0xbebfbc70); - OP (FH, A, B, C, D, 13, 4, 0x289b7ec6); - OP (FH, D, A, B, C, 0, 11, 0xeaa127fa); - OP (FH, C, D, A, B, 3, 16, 0xd4ef3085); - OP (FH, B, C, D, A, 6, 23, 0x04881d05); - OP (FH, A, B, C, D, 9, 4, 0xd9d4d039); - OP (FH, D, A, B, C, 12, 11, 0xe6db99e5); - OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8); - OP (FH, B, C, D, A, 2, 23, 0xc4ac5665); + /* Round 3. */ + OP (FH, A, B, C, D, 5, 4, 0xfffa3942); + OP (FH, D, A, B, C, 8, 11, 0x8771f681); + OP (FH, C, D, A, B, 11, 16, 0x6d9d6122); + OP (FH, B, C, D, A, 14, 23, 0xfde5380c); + OP (FH, A, B, C, D, 1, 4, 0xa4beea44); + OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9); + OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60); + OP (FH, B, C, D, A, 10, 23, 0xbebfbc70); + OP (FH, A, B, C, D, 13, 4, 0x289b7ec6); + OP (FH, D, A, B, C, 0, 11, 0xeaa127fa); + OP (FH, C, D, A, B, 3, 16, 0xd4ef3085); + OP (FH, B, C, D, A, 6, 23, 0x04881d05); + OP (FH, A, B, C, D, 9, 4, 0xd9d4d039); + OP (FH, D, A, B, C, 12, 11, 0xe6db99e5); + OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8); + OP (FH, B, C, D, A, 2, 23, 0xc4ac5665); - /* Round 4. */ - OP (FI, A, B, C, D, 0, 6, 0xf4292244); - OP (FI, D, A, B, C, 7, 10, 0x432aff97); - OP (FI, C, D, A, B, 14, 15, 0xab9423a7); - OP (FI, B, C, D, A, 5, 21, 0xfc93a039); - OP (FI, A, B, C, D, 12, 6, 0x655b59c3); - OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92); - OP (FI, C, D, A, B, 10, 15, 0xffeff47d); - OP (FI, B, C, D, A, 1, 21, 0x85845dd1); - OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f); - OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0); - OP (FI, C, D, A, B, 6, 15, 0xa3014314); - OP (FI, B, C, D, A, 13, 21, 0x4e0811a1); - OP (FI, A, B, C, D, 4, 6, 0xf7537e82); - OP (FI, D, A, B, C, 11, 10, 0xbd3af235); - OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb); - OP (FI, B, C, D, A, 9, 21, 0xeb86d391); - /* Add the starting values of the context. */ - A += A_save; - B += B_save; - C += C_save; - D += D_save; - } + /* Round 4. */ + OP (FI, A, B, C, D, 0, 6, 0xf4292244); + OP (FI, D, A, B, C, 7, 10, 0x432aff97); + OP (FI, C, D, A, B, 14, 15, 0xab9423a7); + OP (FI, B, C, D, A, 5, 21, 0xfc93a039); + OP (FI, A, B, C, D, 12, 6, 0x655b59c3); + OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92); + OP (FI, C, D, A, B, 10, 15, 0xffeff47d); + OP (FI, B, C, D, A, 1, 21, 0x85845dd1); + OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f); + OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0); + OP (FI, C, D, A, B, 6, 15, 0xa3014314); + OP (FI, B, C, D, A, 13, 21, 0x4e0811a1); + OP (FI, A, B, C, D, 4, 6, 0xf7537e82); + OP (FI, D, A, B, C, 11, 10, 0xbd3af235); + OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb); + OP (FI, B, C, D, A, 9, 21, 0xeb86d391); /* Put checksum in context given as argument. */ - ctx->A = A; - ctx->B = B; - ctx->C = C; - ctx->D = D; + ctx->A += A; + ctx->B += B; + ctx->C += C; + ctx->D += D; } @@ -247,46 +215,33 @@ transform( MD5_CONTEXT *ctx, const void *buffer, size_t len ) * in the message whose digest is being computed. */ static void -md5_write( MD5_CONTEXT *ctx, const void *buffer, size_t len) +md5_write( MD5_CONTEXT *hd, byte *inbuf, size_t inlen) { - /* When we already have some bits in our internal buffer concatenate - both inputs first. */ - if (ctx->buflen != 0) - { - size_t left_over = ctx->buflen; - size_t add = 128 - left_over > len ? len : 128 - left_over; + if( hd->count == 64 ) { /* flush the buffer */ + transform( hd, hd->buf ); + hd->count = 0; + hd->nblocks++; + } + if( !inbuf ) + return; + if( hd->count ) { + for( ; inlen && hd->count < 64; inlen-- ) + hd->buf[hd->count++] = *inbuf++; + md5_write( hd, NULL, 0 ); + if( !inlen ) + return; + } - memcpy (&ctx->buffer[left_over], buffer, add); - ctx->buflen += add; + while( inlen >= 64 ) { + transform( hd, inbuf ); + hd->count = 0; + hd->nblocks++; + inlen -= 64; + inbuf += 64; + } + for( ; inlen && hd->count < 64; inlen-- ) + hd->buf[hd->count++] = *inbuf++; - if (left_over + add > 64) - { - transform(ctx, ctx->buffer, (left_over + add) & ~63); - /* The regions in the following copy operation cannot overlap. */ - memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63], - (left_over + add) & 63); - ctx->buflen = (left_over + add) & 63; - } - - buffer = (const char *) buffer + add; - len -= add; - /* FIXME: misalignment occurs ... tsssss */ - } - - /* Process available complete blocks. */ - if (len > 64) - { - transform( ctx, buffer, len & ~63); - buffer = (const char *) buffer + (len & ~63); - len &= 63; - } - - /* Move remaining bytes in internal buffer. */ - if (len > 0) - { - memcpy (ctx->buffer, buffer, len); - ctx->buflen = len; - } } @@ -298,39 +253,68 @@ md5_write( MD5_CONTEXT *ctx, const void *buffer, size_t len) */ static void -md5_final( MD5_CONTEXT *ctx ) +md5_final( MD5_CONTEXT *hd ) { - /* Take yet unprocessed bytes into account. */ - u32 bytes = ctx->buflen; - size_t pad; + u32 t, msb, lsb; + byte *p; - /* Now count remaining bytes. */ - ctx->total[0] += bytes; - if( ctx->total[0] < bytes ) - ++ctx->total[1]; + md5_write(hd, NULL, 0); /* flush */; - pad = bytes >= 56 ? 64 + 56 - bytes : 56 - bytes; - memcpy (&ctx->buffer[bytes], fillbuf, pad); + msb = 0; + t = hd->nblocks; + if( (lsb = t << 6) < t ) /* multiply by 64 to make a byte count */ + msb++; + msb += t >> 26; + t = lsb; + if( (lsb = t + hd->count) < t ) /* add the count */ + msb++; + t = lsb; + if( (lsb = t << 3) < t ) /* multiply by 8 to make a bit count */ + msb++; + msb += t >> 29; - /* Put the 64-bit file length in *bits* at the end of the buffer. */ - *(u32 *) &ctx->buffer[bytes + pad] = SWAP (ctx->total[0] << 3); - *(u32 *) &ctx->buffer[bytes + pad + 4] = SWAP ((ctx->total[1] << 3) | - (ctx->total[0] >> 29)); + if( hd->count < 56 ) { /* enough room */ + hd->buf[hd->count++] = 0x80; /* pad */ + while( hd->count < 56 ) + hd->buf[hd->count++] = 0; /* pad */ + } + else { /* need one extra block */ + hd->buf[hd->count++] = 0x80; /* pad character */ + while( hd->count < 64 ) + hd->buf[hd->count++] = 0; + md5_write(hd, NULL, 0); /* flush */; + memset(hd->buf, 0, 56 ); /* fill next block with zeroes */ + } + /* append the 64 bit count */ + hd->buf[56] = lsb ; + hd->buf[57] = lsb >> 8; + hd->buf[58] = lsb >> 16; + hd->buf[59] = lsb >> 24; + hd->buf[60] = msb ; + hd->buf[61] = msb >> 8; + hd->buf[62] = msb >> 16; + hd->buf[63] = msb >> 24; + transform( hd, hd->buf ); - /* Process last bytes. */ - transform( ctx, ctx->buffer, bytes + pad + 8); + p = hd->buf; + #ifdef BIG_ENDIAN_HOST + #define X(a) do { *p++ = hd->##a ; *p++ = hd->##a >> 8; \ + *p++ = hd->##a >> 16; *p++ = hd->##a >> 24; } while(0) + #else /* little endian */ + #define X(a) do { *(u32*)p = hd->##a ; p += 4; } while(0) + #endif + X(A); + X(B); + X(C); + X(D); + #undef X - /* Store the result in buffer */ - ((u32 *)ctx->buffer)[0] = SWAP (ctx->A); - ((u32 *)ctx->buffer)[1] = SWAP (ctx->B); - ((u32 *)ctx->buffer)[2] = SWAP (ctx->C); - ((u32 *)ctx->buffer)[3] = SWAP (ctx->D); } static byte * md5_read( MD5_CONTEXT *hd ) { - return hd->buffer; + return hd->buf; } /**************** diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 70904a144..e8771883a 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -173,8 +173,6 @@ rol(int n, u32 x) static void transform( RMD160_CONTEXT *hd, byte *data ) { - - u32 a,b,c,d,e,aa,bb,cc,dd,ee,t; #ifdef BIG_ENDIAN_HOST u32 x[16]; diff --git a/cipher/rndegd.c b/cipher/rndegd.c index 15aa38d8d..6cdc4dda7 100644 --- a/cipher/rndegd.c +++ b/cipher/rndegd.c @@ -125,7 +125,7 @@ gather_random( void (*add)(const void*, size_t, int), int requester, "\n" "Not enough random bytes available. Please do some other work to give\n" "the OS a chance to collect more entropy! (Need %d more bytes)\n"), length ); - warn = 0; /* <--- set to 1 to display the message only once */ + warn = 1; continue; } else if( rc == -1 ) { @@ -140,17 +140,23 @@ gather_random( void (*add)(const void*, size_t, int), int requester, /* process reply */ if( n == -1 ) g10_log_error("read error on EGD: %s\n", strerror(errno)); - else if( n < 2 ) + else if( cmd == 2 && n != nbytes ) { + g10_log_error("bad EGD reply: too short %d/%d\n", nbytes, n ); + } + else if( cmd == 2 ) { + (*add)( buffer, n, requester ); + length -= n; + } + else if( !n ) g10_log_error("bad EGD reply: too short\n"); - else if( buffer[0] != cmd ) - g10_log_error("bad EGD reply: cmd mismatch %d/%d\n", - cmd, *buffer ); - else if( buffer[1] != nbytes ) + else if( buffer[0] != n-1 ) g10_log_error("bad EGD reply: count mismatch %d/%d\n", - nbytes, buffer[1] ); + n-1, buffer[0] ); + else if( n==1 ) + g10_log_info("no data from EGD\n"); else { - n -= 2; - (*add)( buffer+2, n, requester ); + n -= 1; + (*add)( buffer+1, n, requester ); length -= n; } } diff --git a/doc/DETAILS b/doc/DETAILS index ed2ad04c3..810f1eaa7 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -64,6 +64,12 @@ more arguments in future versions. as GOODSIG but has the fingerprint as the argument. Both status lines ere emitted for a good signature. + SIG_ID + This is emitted only for DSA or ElGamal signatures which + have been verified okay. The strings is a signature id + and maybe used in applications to detect replay attacks + of signed messages. + TRUST_UNDEFINED TRUST_NEVER TRUST_MARGINAL diff --git a/g10/ChangeLog b/g10/ChangeLog index 6834b7257..0b89f6da8 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +Fri Feb 26 17:55:41 CET 1999 Werner Koch + + * pkclist.c (build_pk_list): Return error if there are no recipients. + + * sig-check.c (signature_check): New signature id feature. + * armor.c (make_radic64_string): New. + + * mainproc.c (proc_pubkey_enc): early check for seckey availability. + + * pkclist.c (do_we_trust_pre): print user id before asking. + + * ringedit.c (add_keyblock_resource,get_keyblock_handle): Cleaner + handling of default resource. + + Thu Feb 25 18:47:39 CET 1999 Werner Koch * pkclist.c (algo_available): New. diff --git a/g10/armor.c b/g10/armor.c index 9cf11c0e0..ce3470398 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -1007,4 +1007,31 @@ armor_filter( void *opaque, int control, } +/**************** + * create a radix64 encoded string. + */ +char * +make_radix64_string( const byte *data, size_t len ) +{ + char *buffer, *p; + + buffer = p = m_alloc( (len+2)/3*4 + 1 ); + for( ; len >= 3 ; len -= 3, data += 3 ) { + *p++ = bintoasc[(data[0] >> 2) & 077]; + *p++ = bintoasc[(((data[0] <<4)&060)|((data[1] >> 4)&017))&077]; + *p++ = bintoasc[(((data[1]<<2)&074)|((data[2]>>6)&03))&077]; + *p++ = bintoasc[data[2]&077]; + } + if( len == 2 ) { + *p++ = bintoasc[(data[0] >> 2) & 077]; + *p++ = bintoasc[(((data[0] <<4)&060)|((data[1] >> 4)&017))&077]; + *p++ = bintoasc[((data[1]<<2)&074)]; + } + else if( len == 1 ) { + *p++ = bintoasc[(data[0] >> 2) & 077]; + *p++ = bintoasc[(data[0] <<4)&060]; + } + *p = 0; + return buffer; +} diff --git a/g10/encode.c b/g10/encode.c index 18346d798..aba251a20 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -150,7 +150,13 @@ encode_simple( const char *filename, int mode ) pt = m_alloc( sizeof *pt - 1 ); pt->namelen = 0; } - if( filename ) { + /* pgp5 has problems to decrypt symmetrically encrypted data from + * GnuPOG if the filelength is in the inner packet. It works + * when only partial length headers are use. Until we have + * tracked this problem down. We use this temporary fix + * (fixme: remove the && !mode ) + */ + if( filename && !mode ) { if( !(filesize = iobuf_get_filelength(inp)) ) log_info(_("%s: WARNING: empty file\n"), filename ); } diff --git a/g10/main.h b/g10/main.h index 6078de2f1..c3f236379 100644 --- a/g10/main.h +++ b/g10/main.h @@ -49,6 +49,9 @@ void print_pubkey_algo_note( int algo ); void print_cipher_algo_note( int algo ); void print_digest_algo_note( int algo ); +/*-- armor.c --*/ +char *make_radix64_string( const byte *data, size_t len ); + /*-- misc.c --*/ void trap_unaligned(void); void disable_core_dumps(void); diff --git a/g10/mainproc.c b/g10/mainproc.c index fa90d003e..7f3d3745e 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -178,10 +178,13 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) c->last_was_session_key = 1; enc = pkt->pkt.pubkey_enc; /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/ + /* Hmmm: why do I have this algo check here - anyway there is + * function to check it. */ if( is_ELGAMAL(enc->pubkey_algo) || enc->pubkey_algo == PUBKEY_ALGO_DSA || is_RSA(enc->pubkey_algo) ) { - if ( !c->dek ) { + if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1]) + || !seckey_available( enc->keyid )) ) { c->dek = m_alloc_secure( sizeof *c->dek ); if( (result = get_session_key( enc, c->dek )) ) { /* error: delete the DEK */ diff --git a/g10/pkclist.c b/g10/pkclist.c index 4f19753ba..ca22736a7 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -230,6 +230,7 @@ _("Could not find a valid trust path to the key. Let's see whether we\n" } lid = pk->local_id; + #if 0 /* FIXME: enable this when trustdb stuff works again */ while( enum_cert_paths( &context, &lid, &otrust, &validity ) != -1 ) { if( lid == pk->local_id ) continue; @@ -256,6 +257,7 @@ _("Could not find a valid trust path to the key. Let's see whether we\n" } } enum_cert_paths( &context, NULL, NULL, NULL ); /* release context */ + #endif if( !any ) tty_printf(_("No path leading to one of our keys found.\n\n") ); @@ -374,6 +376,19 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel ) if( (trustlevel & TRUST_FLAG_REVOKED) && !rc ) return 0; else if( !opt.batch && !rc ) { + char *p; + u32 keyid[2]; + size_t n; + + keyid_from_pk( pk, keyid); + tty_printf( "%4u%c/%08lX %s \"", + nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), + (ulong)keyid[1], datestr_from_pk( pk ) ); + p = get_user_id( keyid, &n ); + tty_print_string( p, n ), + m_free(p); + tty_printf("\"\n\n"); + tty_printf(_( "It is NOT certain that the key belongs to its owner.\n" "If you *really* know what you are doing, you may answer\n" @@ -382,6 +397,10 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel ) if( cpr_get_answer_is_yes("untrusted_key.override", _("Use this key anyway? ")) ) rc = 1; + + /* Hmmm: Should we set a flag to tell the user the user about + * his decision the next time he encrypts for this recipient? + */ } else if( opt.always_trust && !rc ) { log_info(_("WARNING: Using untrusted key!\n")); @@ -598,6 +617,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) } } else { + any_recipients = 0; for(; remusr; remusr = remusr->next ) { if( (remusr->flags & 1) ) continue; /* encrypt-to keys are already handled */ diff --git a/g10/ringedit.c b/g10/ringedit.c index bc7d40e05..b61aa9b94 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -79,6 +79,8 @@ typedef struct resource_table_struct RESTBL; #define MAX_RESOURCES 10 static RESTBL resource_table[MAX_RESOURCES]; +static int default_public_resource; +static int default_secret_resource; static int search( PACKET *pkt, KBPOS *kbpos, int secret ); @@ -348,11 +350,17 @@ add_keyblock_resource( const char *url, int force, int secret ) goto leave; } + /* fixme: avoid duplicate resources */ resource_table[i].used = 1; resource_table[i].secret = !!secret; resource_table[i].fname = m_strdup(filename); resource_table[i].iobuf = iobuf; resource_table[i].rt = rt; + if( secret ) + default_secret_resource = i; + else + default_public_resource = i; + leave: if( rc ) log_error("keyblock resource `%s': %s\n", filename, g10_errstr(rc) ); @@ -386,9 +394,12 @@ keyblock_resource_name( KBPOS *kbpos ) int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ) { - int i; + int i = 0; - for(i=0; i < MAX_RESOURCES; i++ ) + if( !filename ) + i = secret? default_secret_resource : default_public_resource; + + for(; i < MAX_RESOURCES; i++ ) { if( resource_table[i].used && !resource_table[i].secret == !secret ) { /* fixme: dos needs case insensitive file compare */ if( !filename || !strcmp( resource_table[i].fname, filename ) ) { @@ -398,6 +409,7 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ) return 0; } } + } return -1; /* not found */ } diff --git a/g10/sig-check.c b/g10/sig-check.c index 0eb29eafb..4cb1ea65e 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -64,6 +64,34 @@ signature_check( PKT_signature *sig, MD_HANDLE digest ) rc = do_check( pk, sig, digest ); free_public_key( pk ); + + if( !rc && is_status_enabled() + && ( sig->pubkey_algo == PUBKEY_ALGO_DSA + || sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) ) { + /* If we are using these public key algorithms we can + * calculate an unique signature id, which may be useful + * in an application to prevent replac attacks */ + MD_HANDLE md; + int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); + byte *p; + + md = md_open( DIGEST_ALGO_RMD160, 0); + for(i=0; i < nsig; i++ ) { + unsigned n = mpi_get_nbits( sig->data[i]); + + md_putc( md, n>>8); + md_putc( md, n ); + p = mpi_get_buffer( sig->data[i], &n, NULL ); + md_write( md, p, n ); + m_free(p); + } + md_final( md ); + p = make_radix64_string( md_read( md, 0 ), 20 ); + write_status_text( STATUS_SIG_ID, p ); + m_free(p); + md_close(md); + } + return rc; } diff --git a/g10/status.c b/g10/status.c index 4ed91d2d9..e34dda3d9 100644 --- a/g10/status.c +++ b/g10/status.c @@ -98,6 +98,7 @@ write_status_text ( int no, const char *text) case STATUS_SHM_GET_HIDDEN : s = "SHM_GET_HIDDEN\n"; break; case STATUS_NEED_PASSPHRASE: s = "NEED_PASSPHRASE\n"; break; case STATUS_VALIDSIG : s = "VALIDSIG\n"; break; + case STATUS_SIG_ID : s = "SIG_ID\n"; break; default: s = "?\n"; break; } diff --git a/g10/status.h b/g10/status.h index e0f552b60..734c29983 100644 --- a/g10/status.h +++ b/g10/status.h @@ -49,6 +49,7 @@ #define STATUS_NEED_PASSPHRASE 20 #define STATUS_VALIDSIG 21 +#define STATUS_SIG_ID 22 /*-- status.c --*/ void set_status_fd ( int fd ); diff --git a/util/ChangeLog b/util/ChangeLog index e410ce5fc..c11327ddd 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,7 @@ +Fri Feb 26 17:55:41 CET 1999 Werner Koch + + * secmem.c (memblock_struct): Force align (Rémi Guyomarch) + Wed Feb 24 11:07:27 CET 1999 Werner Koch * iobuf.c (block_filter): Fixed the oscillating partial packet chunks. diff --git a/util/secmem.c b/util/secmem.c index aa6d822c7..3db66c062 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -47,8 +47,7 @@ struct memblock_struct { unsigned size; union { MEMBLOCK *next; - long align_dummy; - char d[1]; + PROPERLY_ALIGNED_TYPE aligned; } u; }; @@ -291,7 +290,7 @@ secmem_malloc( size_t size ) max_alloced = cur_alloced; if( cur_blocks > max_blocks ) max_blocks = cur_blocks; - return &mb->u.d; + return &mb->u.aligned.c; } @@ -302,7 +301,7 @@ secmem_realloc( void *p, size_t newsize ) size_t size; void *a; - mb = (MEMBLOCK*)((char*)p - ((size_t) &((MEMBLOCK*)0)->u.d)); + mb = (MEMBLOCK*)((char*)p - ((size_t) &((MEMBLOCK*)0)->u.aligned.c)); size = mb->size; if( newsize < size ) return p; /* it is easier not to shrink the memory */ @@ -323,7 +322,7 @@ secmem_free( void *a ) if( !a ) return; - mb = (MEMBLOCK*)((char*)a - ((size_t) &((MEMBLOCK*)0)->u.d)); + mb = (MEMBLOCK*)((char*)a - ((size_t) &((MEMBLOCK*)0)->u.aligned.c)); size = mb->size; memset(mb, 0xff, size ); memset(mb, 0xaa, size );