security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

ready for a new release

This commit is contained in:
Werner Koch 1998-08-08 19:27:00 +00:00
parent a43709eb8a
commit 6ccf4e0f80
32 changed files with 470 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
NEWS
View File

@ -1,5 +1,24 @@
Noteworthy changes in version 0.3.3
-----------------------------------
* IMPORTANT: I found yet another bug in the way the secret keys
are encrypted - I did it the way pgp 2.x did it, but OpenPGP
and pgp 5.x specifiy another (in some aspects simpler) method.
To convert your secret keys you have to do this:
1. Build the new release but don't install it and keep
a copy of the old program.
2. Disable the network, make sure that you are the only
user, be sure that there are no trojan horses etc ....
3. Use your old gpg (version 0.3.[12]) and set the
passphrases of ALL your secret keys to empty!
(gpg --change-passphrase your-user-id).
4. Save your ownertrusts (see the next point)
5. rm ~/.gnupg/trustd.gpg
6. install the new version of gpg (0.3.3)
7. For every secret key call "gpg --edit-key your-user-id",
enter "passwd" at the prompt, follow the instructions and
change your passward back, enter "save" to store it.
8. Restore the ownertrust (see next point).
* The format of the trust database has changed; you must delete
the old one, so gnupg can create a new one.
IMPORTANT: Use version 0.3.[12] to save your assigned ownertrusts
@ -43,8 +62,13 @@ Noteworthy changes in version 0.3.3
Twofish is the AES submission from Schneier et al.; see
"www.counterpane.com/twofish.html" for more information.
* [talk about --emulate-encr-mpi-bug]
* Started with a help system: If you enter a question mark at some
prompt; you should get a specific help for this prompt.
* There is no more backup copy of the secret keyring.
* A lot of new bugs. I think this release is not as stable as
the previous one.
Noteworthy changes in version 0.3.2

4
README
View File

@ -2,6 +2,10 @@
-------------------------------
Version 0.3
WARNING: IF YOU ARE ALREADY USING GNUPG YOU SHOULD NOW MAKE A BACKUP
OF "gpg" BECAUSE YOU NEED IT TO CONVERT YOUR PASSPHRASE AND OTHER
THINGS - SEE "NEWS"!
As you can see from the version number, the program may have some
bugs and some features may not work at all - please report this to

5
TODO
View File

@ -1,4 +1,5 @@
* Fix Oscaris problems with the trustdb.
* salted and iterated S2Ks don't work (see passphrase.c).
* Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
@ -11,6 +12,7 @@
what does pgp 5 do, what does OpenPGP say=
==> I think it is okay, should be tested against pgp5
* Fix Oscaris problems with the trustdb.
* invalid packets (Marco) und Markus Gruber
* add some sanity checks to read_keyblock, so that we are sure that
@ -47,4 +49,5 @@
* change the fake_data stuff to mpi_set_opaque
* Is it okay to use gettext for the help system???

2
VERSION
View File

@ -1 +1 @@
0.3.2b
0.3.2c

10
checks/run-gpg
View File

@ -1,12 +1,18 @@
#!/bin/sh
[ -n "$show_cmds" ] && echo "../g10/gpg --homedir . $*"
if ! ../g10/gpg --homedir . $* 2>err.tmp.$$ ; then
echo "(../g10/gpg --homedir . $*) failed" >&2
cat err.tmp.$$ >&2
rm err.tmp.$$
exit 1
fi
grep -v 'gpg: Good signature from' err.tmp.$$ \
| grep -v 'gpg: Signature made ' || true
fgrep -v -f - err.tmp.$$ <<EOF
gpg: Good signature from
gpg: Signature made
gpg: note: cipher algorithm 3 not found in preferences
gpg: note: cipher algorithm 4 not found in preferences
EOF
rm err.tmp.$$

6
cipher/g10c.c
View File

@ -36,3 +36,9 @@ g10c_generate_secret_prime( unsigned nbits )
}
char *
g10c_get_random_bits( unsigned nbits, int level, int secure )
{
return (char*)get_random_bits( nbits, level, secure );
}

2
configure.in
View File

@ -21,7 +21,7 @@ fi
VERSION=`cat $srcdir/VERSION`
PACKAGE=gnupg
ALL_LINGUAS="de it"
ALL_LINGUAS="en de it"
AC_SUBST(VERSION)
AC_SUBST(PACKAGE)
AC_DEFINE_UNQUOTED(VERSION, "$VERSION")

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
Sat Aug 8 17:26:12 1998 Werner Koch (wk@(none))
* openfile (overwrite_filep): Changed semantics and all callers.
Sat Aug 8 12:17:07 1998 Werner Koch (wk@(none))
* status.c (display_help): New.
Thu Aug 6 16:30:41 1998 Werner Koch,mobil,,, (wk@tobold)
* seskey.c (encode_session_key): Now uses get_random_bits().

8
g10/build-packet.c
View File

@ -310,9 +310,11 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
}
else
iobuf_put(a, 0 );
if( sk->is_protected && sk->version >= 4
&& !(opt.emulate_bugs & EMUBUG_ENCR_MPI) ) {
BUG();
if( sk->is_protected && sk->version >= 4 ) {
byte *p;
assert( mpi_is_opaque( sk->skey[npkey] ) );
p = mpi_get_opaque( sk->skey[npkey], &i );
iobuf_write(a, p, i );
}
else {
for( ; i < nskey; i++ )

3
g10/g10.c
View File

@ -173,7 +173,7 @@ static ARGPARSE_OPTS opts[] = {
{ 559, "always-trust", 0, "@"},
{ 562, "emulate-checksum-bug", 0, "@"},
{ 554, "run-as-shm-coprocess", 4, "@" },
{ 568, "emulate-encr-mpi-bug", 0, "@"},
/* 568 unused */
{0} };
@ -598,7 +598,6 @@ main( int argc, char **argv )
log_error("shared memory coprocessing is not available\n");
#endif
break;
case 568: opt.emulate_bugs |= EMUBUG_ENCR_MPI; break;
default : errors++; pargs.err = configfp? 1:2; break;
}
}

29
g10/keyedit.c
View File

@ -266,7 +266,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified )
tty_print_string( p, n );
tty_printf("\"\n\n");
m_free(p);
p = cpr_get("sign_uid.really", _("Really sign? "));
p = cpr_get(N_("sign_uid.okay"), _("Really sign? "));
cpr_kill_prompt();
if( !answer_is_yes(p) ) {
m_free(p);
@ -400,8 +400,9 @@ delete_key( const char *username, int secret )
m_free(p);
tty_printf("\n\n");
p = cpr_get( secret? "delete_key.secret.really":"delete_key.really",
_("Delete this key from the keyring? "));
p = cpr_get( secret? N_("delete_key.secret.okay")
: N_("delete_key.okay"),
_("Delete this key from the keyring? "));
cpr_kill_prompt();
if( !cpr_enabled() && secret && answer_is_yes(p)) {
/* I think it is not required to check a passphrase; if
@ -410,7 +411,8 @@ delete_key( const char *username, int secret )
* basic texts about security.
*/
m_free(p);
p = tty_get(_("This is a secret key! - really delete? "));
p = cpr_get(N_("delete_key.secret.okay"),
_("This is a secret key! - really delete? "));
}
if( answer_is_yes(p) )
okay++;
@ -496,7 +498,7 @@ change_passphrase( KBNODE keyblock )
rc = 0;
tty_printf(_( "You don't want a passphrase -"
" this is probably a *bad* idea!\n\n"));
if( cpr_get_answer_is_yes("change_passwd.empty",
if( cpr_get_answer_is_yes(N_("change_passwd.empty.okay"),
_("Do you really want to do this? ")))
changed++;
break;
@ -632,7 +634,7 @@ keyedit_menu( const char *username, STRLIST locusr )
redisplay = 0;
}
m_free(answer);
answer = cpr_get("keyedit.cmd", _("Command> "));
answer = cpr_get(N_("keyedit.cmd"), _("Command> "));
cpr_kill_prompt();
trim_spaces(answer);
@ -674,9 +676,11 @@ keyedit_menu( const char *username, STRLIST locusr )
case cmdQUIT:
if( !modified && !sec_modified )
goto leave;
if( !cpr_get_answer_is_yes("keyedit.save",_("Save changes? ")) ) {
if( !cpr_get_answer_is_yes(N_("keyedit.save.okay"),
_("Save changes? ")) ) {
if( cpr_enabled()
|| tty_get_answer_is_yes(_("Quit without saving? ")) )
|| cpr_get_answer_is_yes(N_("keyedit.cancel.okay"),
_("Quit without saving? ")) )
goto leave;
break;
}
@ -731,7 +735,8 @@ keyedit_menu( const char *username, STRLIST locusr )
case cmdSIGN: /* sign (only the public key) */
if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
if( !tty_get_answer_is_yes(_("Really sign all user ids? ")) ) {
if( !cpr_get_answer_is_yes(N_("keyedit.signall.okay"),
_("Really sign all user ids? ")) ) {
tty_printf(_("Hint: Select the user ids to sign\n"));
break;
}
@ -763,7 +768,8 @@ keyedit_menu( const char *username, STRLIST locusr )
tty_printf(_("You must select at least one user id.\n"));
else if( count_uids(keyblock) - n1 < 1 )
tty_printf(_("You can't delete the last user id!\n"));
else if( tty_get_answer_is_yes(
else if( cpr_get_answer_is_yes(
N_("keyedit.remove.uid.okay"),
n1 > 1? _("Really remove all selected user ids? ")
: _("Really remove this user id? ")
) ) {
@ -789,7 +795,8 @@ keyedit_menu( const char *username, STRLIST locusr )
if( !(n1=count_selected_keys( keyblock )) )
tty_printf(_("You must select at least one key.\n"));
else if( sec_keyblock && !tty_get_answer_is_yes(
else if( sec_keyblock && !cpr_get_answer_is_yes(
N_("keyedit.remove.subkey.okay"),
n1 > 1?
_("Do you really want to delete the selected keys? "):
_("Do you really want to delete this key? ")

39
g10/keygen.c
View File

@ -390,8 +390,8 @@ ask_algo( int *ret_v4, int addmode )
*ret_v4 = 1;
for(;;) {
answer = cpr_get("keygen.algo",_("Your selection? "));
tty_kill_prompt();
answer = cpr_get(N_("keygen.algo"),_("Your selection? "));
cpr_kill_prompt();
algo = *answer? atoi(answer): 1;
m_free(answer);
if( algo == 1 && !addmode ) {
@ -434,8 +434,9 @@ ask_keysize( int algo )
" highest suggested keysize is 2048 bits\n"),
pubkey_algo_to_string(algo) );
for(;;) {
answer = cpr_get("keygen.size",_("What keysize do you want? (1024) "));
tty_kill_prompt();
answer = cpr_get(N_("keygen.size"),
_("What keysize do you want? (1024) "));
cpr_kill_prompt();
nbits = *answer? atoi(answer): 1024;
m_free(answer);
if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) )
@ -445,7 +446,7 @@ ask_keysize( int algo )
else if( nbits > 2048 && !cpr_enabled() ) {
tty_printf(_("Keysizes larger than 2048 are not suggested because "
"computations take REALLY long!\n"));
if( tty_get_answer_is_yes(_(
if( cpr_get_answer_is_yes(N_("keygen.size.huge.okay"),_(
"Are you sure that you want this keysize? ")) ) {
tty_printf(_("Okay, but keep in mind that your monitor "
"and keyboard radiation is also very vulnerable "
@ -454,7 +455,7 @@ ask_keysize( int algo )
}
}
else if( nbits > 1536 && !cpr_enabled() ) {
if( tty_get_answer_is_yes(_(
if( cpr_get_answer_is_yes(N_("keygen.size.large.okay"),_(
"Do you really need such a large keysize? ")) )
break;
}
@ -495,8 +496,8 @@ ask_valid_days()
int mult;
m_free(answer);
answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
tty_kill_prompt();
answer = cpr_get(N_("keygen.valid"),_("Key is valid for? (0) "));
cpr_kill_prompt();
trim_spaces(answer);
if( !*answer )
valid_days = 0;
@ -519,7 +520,8 @@ ask_valid_days()
}
if( !cpr_enabled()
&& tty_get_answer_is_yes(_("Is this correct (y/n)? ")) )
&& cpr_get_answer_is_yes(N_("keygen.valid.okay"),
_("Is this correct (y/n)? ")) )
break;
}
m_free(answer);
@ -558,9 +560,9 @@ ask_user_id( int mode )
if( !aname ) {
for(;;) {
m_free(aname);
aname = cpr_get("keygen.name",_("Real name: "));
aname = cpr_get(N_("keygen.name"),_("Real name: "));
trim_spaces(aname);
tty_kill_prompt();
cpr_kill_prompt();
if( strpbrk( aname, "<([])>" ) )
tty_printf(_("Invalid character in name\n"));
else if( isdigit(*aname) )
@ -574,10 +576,10 @@ ask_user_id( int mode )
if( !amail ) {
for(;;) {
m_free(amail);
amail = cpr_get("keygen.email",_("Email address: "));
amail = cpr_get(N_("keygen.email"),_("Email address: "));
trim_spaces(amail);
strlwr(amail);
tty_kill_prompt();
cpr_kill_prompt();
if( !*amail )
break; /* no email address is okay */
else if( has_invalid_email_chars(amail)
@ -594,9 +596,9 @@ ask_user_id( int mode )
if( !acomment ) {
for(;;) {
m_free(acomment);
acomment = cpr_get("keygen.comment",_("Comment: "));
acomment = cpr_get(N_("keygen.comment"),_("Comment: "));
trim_spaces(acomment);
tty_kill_prompt();
cpr_kill_prompt();
if( !*acomment )
break; /* no comment is okay */
else if( strpbrk( acomment, "()" ) )
@ -630,9 +632,9 @@ ask_user_id( int mode )
answer[1] = 0;
}
else {
answer = tty_get(_(
answer = cpr_get(N_("keygen.userid.cmd"),_(
"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
tty_kill_prompt();
cpr_kill_prompt();
}
if( strlen(answer) > 1 )
;
@ -959,7 +961,8 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
assert(algo);
nbits = ask_keysize( algo );
ndays = ask_valid_days();
if( !cpr_enabled() && !tty_get_answer_is_yes( _("Really create? ") ) )
if( !cpr_enabled() && !cpr_get_answer_is_yes(N_("keygen.sub.okay"),
_("Really create? ") ) )
goto leave;
if( passphrase ) {

55
g10/openfile.c
View File

@ -30,51 +30,35 @@
#include "ttyio.h"
#include "options.h"
#include "main.h"
#include "status.h"
#include "i18n.h"
/****************
* Check whether FNAME exists and ask if it's okay to overwrite an
* existing one.
* Returns: -1 : Do not overwrite
* 0 : it's okay to overwrite or the file does not exist
* >0 : other error
* Returns: True: it's okay to overwrite or the file does not exist
* False: Do not overwrite
*/
int
overwrite_filep( const char *fname )
{
if( !fname || (*fname == '-' && !fname[1]) )
return 0; /* stdout */
if( !access( fname, F_OK ) ) {
char *p;
int okay;
int first = 1;
return 1; /* writing to stdout is always okay */
if( opt.answer_yes )
okay = 1;
else if( opt.answer_no || opt.batch )
okay = 2;
else
okay = 0;
if( access( fname, F_OK ) )
return 1; /* does not exist */
while( !okay ) {
if( first ) {
tty_printf("File '%s' exists. ", fname);
first = 0;
}
p = tty_get("Overwrite (y/N)? ");
tty_kill_prompt();
if( (*p == 'y' || *p == 'Y') && !p[1] )
okay = 1;
else if( !*p || ((*p == 'n' || *p == 'N') && !p[1]) )
okay = 2;
else
okay = 0;
m_free(p);
}
if( okay == 2 )
return -1;
/* fixme: add some backup stuff */
}
/* fixme: add some backup stuff in case of overwrite */
if( opt.answer_yes )
return 1;
if( opt.answer_no || opt.batch )
return 0; /* do not overwrite */
tty_printf(_("File '%s' exists. "), fname);
if( cpr_get_answer_is_yes(N_("openfile.overwrite.okay"),
_("Overwrite (y/N)? ")) )
return 1;
return 0;
}
@ -90,7 +74,6 @@ IOBUF
open_outfile( const char *iname, int mode )
{
IOBUF a = NULL;
int rc;
if( (!iname || (*iname=='-' && !iname[1])) && !opt.outfile ) {
if( !(a = iobuf_create(NULL)) )
@ -110,14 +93,12 @@ open_outfile( const char *iname, int mode )
mode==2 ? ".sig" : ".gpg");
name = buf;
}
if( !(rc=overwrite_filep( name )) ) {
if( overwrite_filep( name ) ) {
if( !(a = iobuf_create( name )) )
log_error("can't create %s: %s\n", name, strerror(errno) );
else if( opt.verbose )
log_info("writing to '%s'\n", name );
}
else if( rc != -1 )
log_error("oops: overwrite_filep(%s): %s\n", name, g10_errstr(rc) );
m_free(buf);
}
return a;

1
g10/options.h
View File

@ -56,7 +56,6 @@ struct {
#define EMUBUG_GPGCHKSUM 1
#define EMUBUG_ENCR_MPI 2
#define DBG_PACKET_VALUE 1 /* debug packet reading/writing */
#define DBG_MPI_VALUE 2 /* debug mpi details */

4
g10/parse-packet.c
View File

@ -1102,8 +1102,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
* If the user is so careless, not to protect his secret key,
* we can assume, that he operates an open system :=(.
* So we put the key into secure memory when we unprotect it. */
if( is_v4 && sk->is_protected && !(opt.emulate_bugs & EMUBUG_ENCR_MPI)){
/* ugly; the length is encrypted too, so wee read all
if( is_v4 && sk->is_protected ){
/* ugly; the length is encrypted too, so we read all
* stuff up to the end of the packet into the first
* skey element */
sk->skey[npkey] = mpi_set_opaque(NULL,

16
g10/passphrase.c
View File

@ -32,6 +32,7 @@
#include "keydb.h"
#include "main.h"
#include "i18n.h"
#include "status.h"
static int pwfd = -1;
static char *next_pw = NULL;
@ -129,6 +130,12 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
tty_printf("\n");
free_public_key( pk );
}
else if( keyid && !next_pw ) {
char buf[20];
sprintf( buf, "%08lX%08lX", (ulong)keyid[0], (ulong)keyid[1] );
write_status_text( STATUS_NEED_PASSPHRASE, buf );
}
if( next_pw ) {
pw = next_pw;
next_pw = NULL;
@ -157,10 +164,11 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
else if( opt.batch )
log_fatal("Can't query password in batchmode\n");
else {
pw = tty_get_hidden("Enter pass phrase: " );
pw = cpr_get_hidden(N_("passphrase.enter"), _("Enter pass phrase: ") );
tty_kill_prompt();
if( mode == 2 ) {
char *pw2 = tty_get_hidden("Repeat pass phrase: " );
if( mode == 2 && !cpr_enabled() ) {
char *pw2 = cpr_get_hidden(N_("passphrase.repeat"),
_("Repeat pass phrase: ") );
tty_kill_prompt();
if( strcmp(pw, pw2) ) {
m_free(pw2);
@ -205,7 +213,7 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
if( s2k->mode == 3 ) {
count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6);
log_info("s2k iteration count=%lu\n", count );
log_debug("s2k iteration count=%lu\n", count );
}
for(;;) {
md_write( md, s2k->salt, 8 );

33
g10/pkclist.c
View File

@ -84,17 +84,11 @@ edit_ownertrust( ulong lid, int mode )
" s = please show me more information\n\n") );
for(;;) {
p = tty_get(_("Your decision? "));
p = cpr_get(N_("edit_ownertrust.value"),_("Your decision? "));
trim_spaces(p);
tty_kill_prompt();
cpr_kill_prompt();
if( *p && p[1] )
;
else if( *p == '?' ) {
tty_printf(_(
"It's up to you to assign a value here; this value will never be exported\n"
"to any 3rd party. We need it to implement the web-of-trust; it has nothing\n"
"to do with the (implicitly created) web-of-certificates.\n"));
}
else if( !p[1] && (*p >= '1' && *p <= '4') ) {
unsigned trust;
switch( *p ) {
@ -173,18 +167,12 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
int rc;
if( (trustlevel & TRUST_FLAG_REVOKED) ) {
char *answer;
int yes;
log_info("key has been revoked!\n");
if( opt.batch )
return 0;
answer = tty_get("Use this key anyway? ");
tty_kill_prompt();
yes = answer_is_yes(answer);
m_free(answer);
if( !yes )
if( !cpr_get_answer_is_yes(N_("revoked_key.override"),
_("Use this key anyway? ")) )
return 0;
}
@ -265,18 +253,14 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel )
int rc = do_we_trust( pk, trustlevel );
if( !opt.batch && !rc ) {
char *answer;
tty_printf(_(
"It is NOT certain that the key belongs to its owner.\n"
"If you *really* know what you are doing, you may answer\n"
"the next question with yes\n\n") );
answer = tty_get("Use this key anyway? ");
tty_kill_prompt();
if( answer_is_yes(answer) )
if( cpr_get_answer_is_yes(N_("untrusted_key.override"),
_("Use this key anyway? ")) )
rc = 1;
m_free(answer);
}
else if( opt.always_trust && !rc ) {
log_info(_("WARNING: Using untrusted key!\n"));
@ -421,9 +405,10 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
for(;;) {
rc = 0;
m_free(answer);
answer = tty_get(_("Enter the user ID: "));
answer = cpr_get(N_("pklist.user_id.enter"),
_("Enter the user ID: "));
trim_spaces(answer);
tty_kill_prompt();
cpr_kill_prompt();
if( !*answer )
break;
if( pk )

11
g10/plaintext.c
View File

@ -30,6 +30,7 @@
#include "ttyio.h"
#include "filter.h"
#include "main.h"
#include "status.h"
#include "i18n.h"
@ -109,9 +110,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
/* no filename or "-" given; write to stdout */
fp = stdout;
}
else if( (rc=overwrite_filep( fname )) ) {
if( rc == -1 )
rc = G10ERR_CREATE_FILE;
else if( !overwrite_filep( fname ) ) {
rc = G10ERR_CREATE_FILE;
goto leave;
}
@ -207,8 +207,9 @@ ask_for_detached_datafile( md_filter_context_t *mfx, const char *inname )
tty_printf("Detached signature.\n");
do {
m_free(answer);
answer = tty_get("Please enter name of data file: ");
tty_kill_prompt();
answer = cpr_get(N_("detached_signature.filename"),
_("Please enter name of data file: "));
cpr_kill_prompt();
if( any && !*answer ) {
rc = G10ERR_READ_FILE;
goto leave;

3
g10/pubkey-enc.c
View File

@ -31,6 +31,7 @@
#include "trustdb.h"
#include "cipher.h"
#include "status.h"
#include "i18n.h"
/****************
@ -134,7 +135,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
log_error("can't check algorithm against preferences\n");
else if( dek->algo != CIPHER_ALGO_3DES
&& !is_algo_in_prefs( pk->local_id, PREFTYPE_SYM, dek->algo ) )
log_info("note: cipher algorithm %d not found in preferences\n",
log_info(_("note: cipher algorithm %d not found in preferences\n"),
dek->algo );
free_public_key( pk );
rc = 0;

11
g10/revoke.c
View File

@ -33,6 +33,8 @@
#include "util.h"
#include "main.h"
#include "ttyio.h"
#include "status.h"
#include "i18n.h"
/****************
@ -53,8 +55,6 @@ gen_revoke( const char *uname )
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
char *answer;
int yes;
if( opt.batch ) {
log_error("sorry, can't do this in batch mode\n");
@ -117,11 +117,8 @@ gen_revoke( const char *uname )
}
tty_printf("\n");
answer = tty_get("Create a revocation certificate for this key? ");
tty_kill_prompt();
yes = answer_is_yes(answer);
m_free(answer);
if( !yes ) {
if( !cpr_get_answer_is_yes(N_("gen_revoke.okay"),
_("Create a revocation certificate for this key? ")) ){
rc = 0;
goto leave;
}

65
g10/seckey-cert.c
View File

@ -67,10 +67,11 @@ do_check( PKT_secret_key *sk )
memcpy(save_iv, sk->protect.iv, 8 );
cipher_decrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
csum = 0;
if( sk->version >= 4 && !(opt.emulate_bugs & EMUBUG_ENCR_MPI) ) {
if( sk->version >= 4 ) {
int ndata;
byte *p, *data;
i = pubkey_get_npkey(sk->pubkey_algo);
assert( mpi_is_opaque( sk->skey[i] ) );
p = mpi_get_opaque( sk->skey[i], &ndata );
@ -78,10 +79,15 @@ do_check( PKT_secret_key *sk )
cipher_decrypt( cipher_hd, data, p, ndata );
mpi_free( sk->skey[i] ); sk->skey[i] = NULL ;
p = data;
csum = checksum( data, ndata);
if( ndata < 2 )
log_bug("not enough bytes for checksum\n");
sk->csum = data[ndata-2] << 8 | data[ndata-1];
if( ndata < 2 ) {
log_error("not enough bytes for checksum\n");
sk->csum = 0;
csum = 1;
}
else {
csum = checksum( data, ndata-2);
sk->csum = data[ndata-2] << 8 | data[ndata-1];
}
/* must check it here otherwise the mpi_read_xx would fail
* because the length das an abritary value */
if( sk->csum == csum ) {
@ -198,7 +204,7 @@ is_secret_key_protected( PKT_secret_key *sk )
int
protect_secret_key( PKT_secret_key *sk, DEK *dek )
{
int i, rc = 0;
int i,j, rc = 0;
byte *buffer;
unsigned nbytes;
u16 csum;
@ -219,12 +225,53 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
if( sk->version >= 4 && !(opt.emulate_bugs & EMUBUG_ENCR_MPI) ) {
BUG();
if( sk->version >= 4 ) {
#define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY)
byte *buffer[NMPIS];
unsigned nbytes[NMPIS];
unsigned nbits[NMPIS];
int ndata=0;
byte *p, *data;
for(j=0, i = pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++, j++ ) {
assert( !mpi_is_opaque( sk->skey[i] ) );
buffer[j] = mpi_get_buffer( sk->skey[i], &nbytes[j], NULL );
nbits[j] = mpi_get_nbits( sk->skey[i] );
ndata += nbytes[j] + 2;
}
for( ; j < NMPIS; j++ )
buffer[j] = NULL;
ndata += 2; /* for checksum */
data = m_alloc_secure( ndata );
p = data;
for(j=0; j < NMPIS && buffer[j]; j++ ) {
p[0] = nbits[j] >> 8 ;
p[1] = nbits[j];
p += 2;
memcpy(p, buffer[j], nbytes[j] );
p += nbytes[j];
m_free(buffer[j]);
}
#undef NMPIS
csum = checksum( data, ndata-2);
sk->csum = csum;
*p++ = csum >> 8;
*p++ = csum;
assert( p == data+ndata );
cipher_encrypt( cipher_hd, data, data, ndata );
for(i = pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
mpi_free( sk->skey[i] );
sk->skey[i] = NULL;
}
i = pubkey_get_npkey(sk->pubkey_algo);
sk->skey[i] = mpi_set_opaque(NULL, data, ndata );
}
else {
/* NOTE: we always recalculate the checksum because there
* are some * test releases which calculated it wrong */
* are some test releases which calculated it wrong */
csum = 0;
for(i=pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {

18
g10/seskey.c
View File

@ -87,6 +87,24 @@ encode_session_key( DEK *dek, unsigned nbits )
i = nframe - 6 - dek->keylen;
assert( i > 0 );
p = get_random_bits( i*8, 1, 1 );
/* replace zero bytes by new values */
for(;;) {
int j, k;
byte *pp;
/* count the zero bytes */
for(j=k=0; j < i; j++ )
if( !p[j] )
k++;
if( !k )
break; /* okay: no zero bytes */
k += k/128; /* better get some more */
pp = get_random_bits( k*8, 1, 1);
for(j=0; j < i && k ; j++ )
if( !p[j] )
p[j] = pp[--k];
m_free(pp);
}
memcpy( frame+n, p, i );
m_free(p);
n += i;

52
g10/status.c
View File

@ -37,6 +37,7 @@
#include "ttyio.h"
#include "options.h"
#include "main.h"
#include "i18n.h"
static int fd = -1;
#ifdef USE_SHM_COPROCESSING
@ -87,6 +88,7 @@ write_status_text ( int no, const char *text)
case STATUS_SHM_GET : s = "SHM_GET\n"; break;
case STATUS_SHM_GET_BOOL : s = "SHM_GET_BOOL\n"; break;
case STATUS_SHM_GET_HIDDEN : s = "SHM_GET_HIDDEN\n"; break;
case STATUS_NEED_PASSPHRASE: s = "NEED_PASSPHRASE\n"; break;
default: s = "?\n"; break;
}
@ -194,6 +196,32 @@ do_shm_get( const char *keyword, int hidden, int bool )
#endif /* USE_SHM_COPROCESSING */
static void
display_help( const char *keyword )
{
char *p;
int hint = 0;
tty_kill_prompt();
if( !keyword ) {
tty_printf(_("No help available") );
hint++;
}
else {
p = _(keyword);
if( !strcmp( p, keyword ) ) {
tty_printf(_("No help available for '%s'"), keyword );
hint++;
}
else
tty_printf("%s", p );
}
tty_printf("\n");
if( hint )
tty_printf("You should set your LANG variable to a valid value.\n"
"Set LANG to \"en\" to see the English help texts.\n" );
}
int
cpr_enabled()
@ -208,21 +236,41 @@ cpr_enabled()
char *
cpr_get( const char *keyword, const char *prompt )
{
char *p;
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess )
return do_shm_get( keyword, 0, 0 );
#endif
return tty_get( prompt );
for(;;) {
p = tty_get( prompt );
if( *p == '?' && !p[1] ) {
m_free(p);
display_help( keyword );
}
else
return p;
}
}
char *
cpr_get_hidden( const char *keyword, const char *prompt )
{
char *p;
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess )
return do_shm_get( keyword, 1, 0 );
#endif
return tty_get_hidden( prompt );
for(;;) {
p = tty_get_hidden( prompt );
if( *p == '?' && !p[1] ) {
m_free(p);
display_help( keyword );
}
else
return p;
}
}
void

1
g10/status.h
View File

@ -47,6 +47,7 @@
#define STATUS_SHM_GET_BOOL 18
#define STATUS_SHM_GET_HIDDEN 19
#define STATUS_NEED_PASSPHRASE 20
/*-- status.c --*/
void set_status_fd ( int fd );

6
include/g10lib.h
View File

@ -70,6 +70,8 @@ int g10m_invm( MPI x, MPI u, MPI v );
unsigned g10m_get_nbits( MPI a );
unsigned g10m_get_size( MPI a );
void g10m_set_buffer( MPI a, const char *buffer, unsigned nbytes, int sign );
/********************************************
******* symmetric cipher functions *******
@ -97,8 +99,8 @@ const char *g10m_revision_string(int mode);
const char *g10c_revision_string(int mode);
const char *g10u_revision_string(int mode);
MPI g10c_generate_secret_prime( unsigned nbits );
unsigned char g10c_get_random_byte( int level );
MPI g10c_generate_secret_prime( unsigned nbits );
char *g10c_get_random_bits( unsigned nbits, int level, int secure );
void *g10_malloc( size_t n );

8
mpi/g10m.c
View File

@ -85,3 +85,11 @@ g10m_get_size( MPI a )
return mpi_get_nlimbs( a ) * BITS_PER_MPI_LIMB;
}
void
g10m_set_buffer( MPI a, const char *buffer, unsigned nbytes, int sign )
{
mpi_set_buffer( a, buffer, nbytes, sign );
}

2
po/POTFILES.in
View File

@ -30,6 +30,8 @@ g10/sig-check.c
g10/sign.c
g10/trustdb.c
g10/verify.c
g10/status.c
g10/pubkey-enc.c
#---end--

28
po/de.po
View File

@ -1259,3 +1259,31 @@ msgid "key %08lX.%lu: trust check failed: %s\n"
msgstr "Schlüssel %08lX.%lu: Vertrauensprüfung fehlgeschlagen: %s\n"
#################################
######## Help msgids ############
#################################
msgid "passphrase.enter"
msgstr ""
"Bitte geben Sie die \"Passhrase\" ein; dies ist ein geheimer Satz der aus\n"
"beliebigen Zeichen bestehen kann. Was Sie eingegeben wird nicht angezeigt.\n"
"Zur ihrer eigenen Sicherbeit benutzen Sie biite einen Satz, den sie sich\n"
"gut merken könne, der aber nicht leicht zu raten ist; Zitate und andere\n"
"bekannte Texte sind eine SCHLECHTE Wahl, da diese mit Sicherheit Online\n"
"verfügbar sind und durch entsprechende Programme zum Raten der \"Passphrase\"\n"
"benutzt werden. Sätze mit persönlicher Bedeutung die auch noch durch\n"
"falsche Groß-/Kleinschreibung und eingestreute Sonderzeichen verändert werden,\n"
"sind i.d.R. eine gute Wahl"
msgid "passphrase.repeat"
msgstr ""
"Um sicher zugehen, daß Sie sich bei der Eingabe der \"Passphrase\" nicht\n"
"vertippt haben, geben Sie diese bitte nochmal ein. Nur wenn beide Eingaben\n"
"übereinstimmen, wird die \"Passphrase\" akzeptiert."
msgid "keyedit.cmd"
msgstr "Geben Sie bitte \"help\" ein."

141
po/en.po
View File

@ -1,29 +1,128 @@
msgid "passphrase.enter"
msgid ""
msgstr ""
"Please enter the passhrase; this is a secret sentence which consists\n"
"beliebigen Zeichen bestehen kann. Was Sie eingegeben wird nicht angezeigt.\n"
"Zur ihrer eigenen Sicherbeit benutzen Sie biite einen Satz, den sie sich\n"
"gut merken könne, der aber nicht leicht zu raten ist; Zitate und andere\n"
"bekannte Texte sind eine SCHLECHTE Wahl, da diese mit Sicherheit Online\n"
"verfügbar sind und durch entsprechende Programme zum Raten der \"Passphrase\"\n"
"benutzt werden. Sätze mit persönlicher Bedeutung die auch noch durch\n"
"falsche Groß-/Kleinschreibung und eingestreute Sonderzeichen verändert werden,\n"
"sind i.d.R. eine gute Wahl"
msgid "passphrase.repeat"
msgstr ""
"Um sicher zugehen, daß Sie sich bei der Eingabe der \"Passphrase\" nicht\n"
"vertippt haben, geben Sie diese bitte nochmal ein. Nur wenn beide Eingaben\n"
"übereinstimmen, wird die \"Passphrase\" akzeptiert."
msgid "keyedit.cmd"
msgstr "Please enter \"help\"."
"Date: 1998-08-08 18:07:50+0200\n"
"From: Werner Koch <wk@frodo>\n"
"Content-Type: text/plain; charset=\n"
"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments --keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
"Files: util/secmem.c util/argparse.c cipher/random.c cipher/rand-dummy.c cipher/rand-unix.c cipher/rand-w32.c g10/g10.c g10/pkclist.c g10/keygen.c g10/decrypt.c g10/encode.c g10/import.c g10/keyedit.c g10/keylist.c g10/mainproc.c g10/passphrase.c g10/plaintext.c g10/pref.c g10/seckey-cert.c g10/sig-check.c g10/sign.c g10/trustdb.c g10/verify.c g10/status.c g10/pubkey-enc.c\n"
#: g10/pkclist.c:87
msgid "edit_ownertrust.value"
msgstr ""
"It's up to you to assign a value here; this value will never be exported\n"
"to any 3rd party. We need it to implement the web-of-trust; it has nothing\n"
"to do with the (implicitly created) web-of-certificates."
#: g10/pkclist.c:174
msgid "revoked_key.override"
msgstr "If you want to use this revoked key anyway, answer \"yes\"."
#: g10/pkclist.c:261
msgid "untrusted_key.override"
msgstr "If you want to use this untrusted key anyway, answer \"yes\"."
#: g10/pkclist.c:408
msgid "pklist.user_id.enter"
msgstr "Enter the user id of the addresse to whom you want to send the message."
#: g10/keygen.c:393
msgid "keygen.algo"
msgstr "Select the algorithm to use:"
"Needs more explanation here."
#: g10/keygen.c:437
msgid "keygen.size"
msgstr ""
#: g10/keygen.c:449
msgid "keygen.size.huge.okay"
msgstr ""
#: g10/keygen.c:458
msgid "keygen.size.large.okay"
msgstr ""
#: g10/keygen.c:499
msgid "keygen.valid"
msgstr ""
#: g10/keygen.c:523
msgid "keygen.valid.okay"
msgstr ""
#: g10/keygen.c:563
msgid "keygen.name"
msgstr ""
#: g10/keygen.c:579
msgid "keygen.email"
msgstr ""
#: g10/keygen.c:599
msgid "keygen.comment"
msgstr ""
#: g10/keygen.c:635
msgid "keygen.userid.cmd"
msgstr ""
"N to change the name.\n"
"C to change the comment.\n"
"E to change the email address.\n"
"O to continue with key generation.\n"
"Q to to quit the key generation."
#: g10/keygen.c:964
msgid "keygen.sub.okay"
msgstr "Answer \"yes\" (or just \"y\") if it is okay to generate the sub key."
#: g10/keyedit.c:269
msgid "sign_uid.okay"
msgstr ""
#: g10/keyedit.c:403 g10/keyedit.c:414
msgid "delete_key.secret.okay"
msgstr ""
#: g10/keyedit.c:404
msgid "delete_key.okay"
msgstr ""
#: g10/keyedit.c:501
msgid "change_passwd.empty.okay"
msgstr ""
#: g10/keyedit.c:637
msgid "keyedit.cmd"
msgstr "Please enter \"help\"."
#: g10/keyedit.c:679
msgid "keyedit.save.okay"
msgstr ""
#: g10/keyedit.c:682
msgid "keyedit.cancel.okay"
msgstr ""
#: g10/keyedit.c:738
msgid "keyedit.signall.okay"
msgstr ""
#: g10/keyedit.c:772
msgid "keyedit.remove.uid.okay"
msgstr ""
#: g10/keyedit.c:799
msgid "keyedit.remove.subkey.okay"
msgstr ""
#: g10/passphrase.c:167
msgid "passphrase.enter"
msgstr ""
"Please enter the passhrase; this is a secret sentence \n"
" Blurb, blurb,.... "
#: g10/passphrase.c:170
msgid "passphrase.repeat"
msgstr ""
"Please repeat the last passphrase, so you are sure what you typed in."

4
util/ChangeLog
View File

@ -1,3 +1,7 @@
Sat Aug 8 18:35:00 1998 Werner Koch (wk@(none))
* ttyio.c (cleanup): New.
Mon Aug 3 17:06:00 1998 Werner Koch (wk@(none))
* secmem.c (MAP_ANON): Add a macro test

25
util/ttyio.c
View File

@ -56,9 +56,22 @@ static FILE *ttyfp = NULL;
static int initialized;
static int last_prompt_len;
#ifdef HAVE_TCGETATTR
static struct termios termsave;
static int restore_termios;
#endif
#ifdef HAVE_TCGETATTR
static void
cleanup(void)
{
if( restore_termios ) {
restore_termios = 0; /* do it prios in case it is interrupted again */
if( tcsetattr(fileno(ttyfp), TCSAFLUSH, &termsave) )
log_error("tcsetattr() failed: %s\n", strerror(errno) );
}
}
#endif
static void
init_ttyfp()
@ -94,6 +107,9 @@ init_ttyfp()
ttyfp = fopen("/dev/tty", "r+");
if( !ttyfp )
log_fatal("cannot open /dev/tty: %s\n", strerror(errno) );
#endif
#ifdef HAVE_TCGETATTR
atexit( cleanup );
#endif
initialized = 1;
}
@ -199,9 +215,6 @@ do_get( const char *prompt, int hidden )
char *buf;
byte cbuf[1];
int c, n, i;
#ifdef HAVE_TCGETATTR
struct termios termsave;
#endif
if( !initialized )
init_ttyfp();
@ -252,6 +265,7 @@ do_get( const char *prompt, int hidden )
if( tcgetattr(fileno(ttyfp), &termsave) )
log_fatal("tcgetattr() failed: %s\n", strerror(errno) );
restore_termios = 1;
term = termsave;
term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
if( tcsetattr( fileno(ttyfp), TCSAFLUSH, &term ) )
@ -284,6 +298,7 @@ do_get( const char *prompt, int hidden )
#ifdef HAVE_TCGETATTR
if( tcsetattr(fileno(ttyfp), TCSAFLUSH, &termsave) )
log_error("tcsetattr() failed: %s\n", strerror(errno) );
restore_termios = 0;
#endif
}
#endif /* end unix version */

8
zlib/Makefile
View File

@ -66,7 +66,7 @@ host_alias = i586-pc-linux-gnu
host_triplet = i586-pc-linux-gnu
target_alias = i586-pc-linux-gnu
target_triplet = i586-pc-linux-gnu
CATALOGS = de.gmo it.gmo
CATALOGS = en.gmo de.gmo it.gmo
CATOBJEXT = .gmo
CC = gcc
CPP = gcc -E
@ -74,7 +74,7 @@ DATADIRNAME = share
DYNLINK_LDFLAGS = -rdynamic
G10_LOCALEDIR = /usr/local/share/locale
GENCAT =
GMOFILES = de.gmo it.gmo
GMOFILES = en.gmo de.gmo it.gmo
GMSGFMT = /usr/local/bin/msgfmt
GT_NO =
GT_YES = #YES#
@ -87,12 +87,12 @@ MKINSTALLDIRS = scripts/mkinstalldirs
MPI_EXTRA_ASM_OBJS =
MSGFMT = /usr/local/bin/msgfmt
PACKAGE = gnupg
POFILES = de.po it.po
POFILES = en.po de.po it.po
POSUB = po
RANLIB = ranlib
USE_INCLUDED_LIBINTL = yes
USE_NLS = yes
VERSION = 0.3.2b
VERSION = 0.3.2c
ZLIBS =
l =