security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

See ChangeLog: Mon Feb 22 20:04:00 CET 1999 Werner Koch

This commit is contained in:
Werner Koch 1999-02-22 19:08:46 +00:00
parent 5d5dc4b12d
commit 9f099678ac
17 changed files with 346 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
BUGS Normal file
View File

@ -0,0 +1,44 @@
List of some known bugs
-------------------------
This following list contains those bugs which we are aware of. Please
make sure that bugs you report are not listed here. If you can fix one
of these bugs/limitations we will certainly be glad to receive a patch.
(Please note that we need a disclaimer if a patch is longer than about
10 lines; but it may help anyway to show us where we have to fix it. Do
an "info standards" to find out why a disclaimer is needed for GNU.)
(format: severity: [ *] to [***], no, first reported, by, version)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ *] #1
pgp263in works fine even with a source file with CR,LF but GnuPG
and pgp263in has problems if the clearsign has been created by
pgp263ia.
[ *] #3
--list-packets should continue even w/o a passphrase (or in batch
mode). Maybe we have to move it to a separate program??
[ *] #4 1999-01-13 <ralf.stephan@fitug.de> 0.9.1
v3 key 'expiration date' problem:
1. generate a key, set expiration date
2. <do other things, deleting etc.>
3. edit a v3 secret key, try to set expiration date
- output: "You can't change...
4. save
5. key has expiration date from 1. and gpg reports that pubkey
and seckey differ.
The for loop the exp.date is set before v3 detection?
[is this bug still there?]
[ *] #5
/home/jam/.gnupg/pubring.gpg: can't open gdbm file: Can't be writer
keyblock resource `/home/jam/.gnupg/pubring.gpg': file open error
OOPS in close enum_keyblocks - ignored
[gdbm is experimental and will be replaced by the new keybox code]

5
ChangeLog
View File

@ -1,3 +1,8 @@
Mon Feb 22 20:04:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* BUGS: Now we assign bug numbers.
* OBUGS: New to keep rack o fixed bugs (CVS only)
Fri Feb 19 18:01:54 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* VERSION: Released 0.9.3

2
Makefile.am
View File

@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
SUBDIRS = intl zlib util mpi cipher tools g10 po doc checks
EXTRA_DIST = VERSION PROJECTS
EXTRA_DIST = VERSION PROJECTS BUGS
all-am: g10defs.h
all-recursive-am: g10defs.h

2
NEWS
View File

@ -1,3 +1,5 @@
Noteworthy changes in version 0.9.3
-----------------------------------

12
OBUGS Normal file
View File

@ -0,0 +1,12 @@
List of fixed bugs
--------------------
(format: severity: [ *] to [***], no, first reported, by, version)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[***] #2 1999-02-21
Problem while importing or deleting public keys in 0.9.3 - 0.9.2
worked fine. Error message:
gpg:[stdin]: key A6A59DB9: secret key not found: public key not found
FIX: 1999-02-22 wk

5
PROJECTS
View File

@ -47,8 +47,3 @@
* Keep a list of duplicate, faked or unwanted keyids.
* use regular C strings for the user ids; this can be done because
OpenPGP requires them to be UTF-8 and we can replace a Null by
an UTF-8 character (which one?)

1
THANKS
View File

@ -60,6 +60,7 @@ Nimrod Zimerman zimerman@forfree.at
N J Doye nic@niss.ac.uk
Oskari Jääskeläinen f33003a@cc.hut.fi
Paul D. Smith psmith@baynetworks.com
Philippe Laliberte arsphl@oeil.qc.ca
Peter Gutmann pgut001@cs.auckland.ac.nz
QingLong qinglong@bolizm.ihep.su
Ralph Gillen gillen@theochem.uni-duesseldorf.de

2
THOUGHTS
View File

@ -195,10 +195,12 @@ o Allow more that one file for key storage.
o Use the HKS protocol and enhance it in a way that binary
keyrings can be transmitted. (I already wrote some
http server and client code which can be used for this)
And extend it to allow reuse of a connection.
o Keep a checksum (hash) of the entire keyblock so that a
client can easy check whether this keyblock has changed.
(keyblock = the entire key with all certificates etc.)
Transmitted in the HEAD info.
o Allow efficient propagation of new keys and revocation
certificates.

60
TODO
View File

@ -1,51 +1,35 @@
Bugs
----
* clearsig: keep lineendings as they are. Remember that trailings
blanks are not hashed. Funny: pgp263in works fine even with
a source file with CR,LF but GnuPG and pgp263in has problems
if the clearsign has been created by pgp263ia.
Needs more investigation - anyone?
* replace my type 20 subkeys by type 16 ones.
* Implement 256 bit key Twofish.
Important
----------
* Check revocation and expire stuff. [I'm currently working on this.]
* clearsig: keep lineendings as they are. Remember that trailings
blanks are not hashed.
* Check calculation of key validity. [I'm currently working on this.]
* Check revocation and expire stuff. [I'm currently working on this.]
* See why we always get this "Hmmm public key lost"
* Check calculation of key validity. [I'm currently working on this.]
* print a warning when a revoked/expired secret key is used.
* See why we always get this "Hmmm public key lost"
Needed
------
* remove more "Fixmes"
* print a warning when a revoked/expired secret key is used.
* Implement 256 bit key Twofish.
* remove more "Fixmes"
* Use capabilities if available. glibc2 does not support it yet?
What about 2.2 or should we use the system calls directly?
* Use capabilities if available. glibc2 does not support it yet?
What about 2.2 or should we use the system calls directly?
Minor Bugs
----------
* --list-packets should continue even w/o a passphrase (or in batch
mode).
Nice to have
------------
* preferences of hash algorithms are not yet used.
* new menu to delete signatures and list signature in menu
* Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
or use POSIX.4 realtime signals.
* add test cases for invalid data (scrambled armor or other random data)
* add checking of armor trailers
* Burn the buffers used by fopen(), or use read(2). Does this
really make sense?
* change the fake_data stuff to mpi_set_opaque
* How about letting something like 'gpg --version -v', list the
effective options. [Too much work.]
* Stats about used random numbers.
* preferences of hash algorithms are not yet used.
* new menu to delete signatures and list signature in menu
* Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
or use POSIX.4 realtime signals.
* add test cases for invalid data (scrambled armor or other random data)
* add checking of armor trailers
* Burn the buffers used by fopen(), or use read(2). Does this
really make sense?
* change the fake_data stuff to mpi_set_opaque
* How about letting something like 'gpg --version -v', list the
effective options. [Too much work.]
* Stats about used random numbers.

4
cipher/ChangeLog
View File

@ -1,3 +1,7 @@
Mon Feb 22 20:04:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* rndegd.c: New.
Wed Feb 10 17:15:39 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* Makefile.am: Modules are now figured out by configure

8
cipher/Makefile.am
View File

@ -10,15 +10,16 @@ noinst_LIBRARIES = libcipher.a
# and EXTRA_foo_SOURCES entries.
# Hmmm is there a more easy way to do this? (EXTRA_PROGRAMS
# might also list programs which are not modules)
# MODULES: rndunix rndlinux
# MODULES: rndunix rndlinux rndegd
# MODULES: sha1 rmd160 md5 tiger
# MODULES: twofish
EXTRA_PROGRAMS = rndunix rndlinux \
EXTRA_PROGRAMS = rndunix rndlinux rndegd \
sha1 rmd160 md5 tiger \
twofish
EXTRA_rndlinux_SOURCES = rndlinux.c
EXTRA_rndunix_SOURCES = rndunix.c
EXTRA_rndegd_SOURCES = rndegd.c
EXTRA_md5_SOURCES = md5.c
EXTRA_rmd160_SOURCES = rmd160.c
EXTRA_sha1_SOURCES = sha1.c
@ -91,6 +92,9 @@ rndunix: $(srcdir)/rndunix.c
rndlinux: $(srcdir)/rndlinux.c
$(COMPILE) $(DYNLINK_MOD_CFLAGS) -o rndlinux $(srcdir)/rndlinux.c
rndegd: $(srcdir)/rndegd.c
$(COMPILE) $(DYNLINK_MOD_CFLAGS) -o rndegd $(srcdir)/rndegd.c
install-exec-hook:

205
cipher/rndegd.c Normal file
View File

@ -0,0 +1,205 @@
/* rndegd.c - interface to the EGD
* Copyright (C) 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <errno.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include "types.h"
#include "util.h"
#include "ttyio.h"
#include "dynload.h"
#ifdef IS_MODULE
#define _(a) (a)
#else
#include "i18n.h"
#endif
static int gather_random( void (*add)(const void*, size_t, int), int requester,
size_t length, int level );
#ifdef IS_MODULE
static void tty_printf(const char *fmt, ... )
{
g10_log_info("tty_printf not available (%s)\n", fmt );
}
#endif
static int
do_write( int fd, void *buf, size_t nbytes )
{
size_t nleft = nbytes;
ssize_t nwritten;
while( nleft > 0 ) {
nwritten = write( fd, buf, nleft);
if( nwritten < 0 ) {
if( errno = EINTR )
continue;
return -1;
}
nleft -= nwritten;
buf = (char*)buf + nwritten;
}
return 0;
}
my $bytes = shift;
$msg = pack("CC", 0x01, $bytes);
$s->syswrite($msg, length($msg));
my $nread = $s->sysread($buf, 1);
die unless $nread == 1;
my $count = unpack("C",$buf);
$nread = $s->sysread($buf, $count);
die "didn't get all the entropy" unless $nread == $count;
print "got $count bytes of entropy: ",unpack("H*",$buf),"\n";
static int
gather_random( void (*add)(const void*, size_t, int), int requester,
size_t length, int level )
{
static int fd = -1;
int n;
int warn=0;
byte buffer[768];
if( fd == -1 ) {
const char *name = "/tmp/entropy";
struct sockaddr_un addr;
int addr_len;
memset( &addr, 0, sizeof addr );
addr.sun_family = AF_UNIX;
strcpy( addr.sun_path, name ); /* fixme: check that it is long enough */
addr_len = strlen(addr.sun_path) + sizeof addr.sun_family;
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if( fd == -1 )
g10_log_fatal("can't create unix domain socket: %s\n",
strerror(errno) );
if( connect( fd, (struct sockaddr*)&addr, addr_len) == -1 )
g10_log_fatal("can't connect to `%s': %s\n",
name, strerror(errno) );
}
if( do_write( fd, "\x01", 1 ) == -1 )
g10_log_fatal("can't write to the EGD: %s\n", strerror(errno) );
while( length ) {
fd_set rfds;
struct timeval tv;
int rc;
FD_ZERO(&rfds);
FD_SET(fd, &rfds);
tv.tv_sec = 3;
tv.tv_usec = 0;
if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) {
if( !warn )
tty_printf( _(
"\n"
"Not enough random bytes available. Please do some other work to give\n"
"the OS a chance to collect more entropy! (Need %d more bytes)\n"), length );
warn = 0; /* set to 1 to print onyl one warning */
continue;
}
else if( rc == -1 ) {
tty_printf("select() error: %s\n", strerror(errno));
continue;
}
do {
int nbytes = length < sizeof(buffer)? length : sizeof(buffer);
n = read(fd, buffer, nbytes );
if( n >= 0 && n > nbytes ) {
g10_log_error("bogus read from random device (n=%d)\n", n );
n = nbytes;
}
} while( n == -1 && errno == EINTR );
if( n == -1 )
g10_log_fatal("read error on EGD: %s\n", strerror(errno));
(*add)( buffer, n, requester );
length -= n;
}
memset(buffer, 0, sizeof(buffer) );
return 0; /* success */
}
#ifndef IS_MODULE
static
#endif
const char * const gnupgext_version = "RNDEGD ($Revision$)";
static struct {
int class;
int version;
void *func;
} func_table[] = {
{ 40, 1, gather_random },
};
#ifndef IS_MODULE
static
#endif
void *
gnupgext_enum_func( int what, int *sequence, int *class, int *vers )
{
void *ret;
int i = *sequence;
do {
if ( i >= DIM(func_table) || i < 0 ) {
return NULL;
}
*class = func_table[i].class;
*vers = func_table[i].version;
ret = func_table[i].func;
i++;
} while ( what && what != *class );
*sequence = i;
return ret;
}
#ifndef IS_MODULE
void
rndegd_constructor(void)
{
register_internal_cipher_extension( gnupgext_version,
gnupgext_enum_func );
}
#endif

4
g10/ChangeLog
View File

@ -1,3 +1,7 @@
Mon Feb 22 20:04:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* getkey.c (lookup_sk): Return G10ERR_NO_SECKEY and not x_PUBKEY.
Fri Feb 19 15:49:15 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* pkclist.c (select_algo_from_prefs): retrieve LID if not there.

2
g10/getkey.c
View File

@ -1753,7 +1753,7 @@ lookup_sk( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock )
}
}
else if( rc == -1 )
rc = G10ERR_NO_PUBKEY;
rc = G10ERR_NO_SECKEY;
release_kbnode( ctx->keyblock );
ctx->keyblock = NULL;

6
scripts/ChangeLog
View File

@ -1,3 +1,9 @@
Mon Feb 22 20:04:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* autogen.sh: Enhanced the version testing code (Philippe Laliberte)
* mkwebpage: Edits the buglist.
Sat Feb 13 12:04:43 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* autogen.sh: Now uses gettextize

32
scripts/autogen.sh
View File

@ -4,21 +4,39 @@
PGM=GnuPG
DIE=no
autoconf_vers=2.13
automake_vers=1.4
aclocal_vers=1.4
if (autoconf --version) < /dev/null > /dev/null 2>&1 ; then
:
if (autoconf --version | awk 'NR==1 { if( $3 >= '$autoconf_vers') \
exit 1; exit 0; }');
then
echo "**Error**: "\`autoconf\'" is too old."
echo ' (version ' $autoconf_vers ' or newer is required)'
DIE="yes"
fi
else
echo
echo "**Error**: You must have "\`autoconf\'" installed to compile $PGM."
echo ' (version 2.13 or newer is required)'
echo ' (version ' $autoconf_vers ' or newer is required)'
DIE="yes"
fi
if (automake --version) < /dev/null > /dev/null 2>&1 ; then
if (automake --version | awk 'NR==1 { if( $4 >= '$automake_vers') \
exit 1; exit 0; }');
then
echo "**Error**: "\`automake\'" is too old."
echo ' (version ' $automake_vers ' or newer is required)'
DIE="yes"
fi
if (aclocal --version) < /dev/null > /dev/null 2>&1; then
if (aclocal --version | awk 'NR==1 { if( $4 >= 1.4 ) exit 1; exit 0; }');
if (aclocal --version | awk 'NR==1 { if( $4 >= '$aclocal_vers' ) \
exit 1; exit 0; }' );
then
echo "**Error**: "\`aclocal\'" is too old."
echo ' (version 1.4 or newer is required)'
echo ' (version ' $aclocal_vers ' or newer is required)'
DIE="yes"
fi
else
@ -27,11 +45,10 @@ if (automake --version) < /dev/null > /dev/null 2>&1 ; then
echo " installed doesn't appear recent enough."
DIE="yes"
fi
else
echo
echo "**Error**: You must have "\`automake\'" installed to compile $PGM."
echo ' (version 1.3 or newer is required)'
echo ' (version ' $automake_vers ' or newer is required)'
DIE="yes"
fi
@ -41,7 +58,8 @@ if (gettext --version </dev/null 2>/dev/null | awk 'NR==1 { split($4,A,"\."); \
then
echo "**Error**: You must have "\`gettext\'" installed to compile $PGM."
echo ' (version 0.10.35 or newer is required; get'
echo ' ftp://alpha.gnu.org/gnu/gettext-0.10.35.tar.gz)'
echo ' ftp://alpha.gnu.org/gnu/gettext-0.10.35.tar.gz'
echo ' or install the latest Debian package)'
DIE="yes"
fi

6
scripts/mkwebpage
View File

@ -21,9 +21,15 @@ fix_it () {
EOF
cvs -Q checkout -p gnupg/NEWS >>$dir/NEWS
cvs -Q checkout -p gnupg/BUGS >>$dir/BUGS
here=`pwd`
cd $dir
ln -sf gnupg.html index.html
sed -n '1,/@BEGIN_BUGLIST@/ p' buglist.html >buglist.tmp
sed '1,/^~~~~~~~~~~~/ d' BUGS >>buglist.tmp
echo "(List generated from CVS: " `date -R` ")" >>buglist.tmp
sed -n '/@END_BUGLIST@/,$ p' buglist.html >>buglist.tmp
mv buglist.tmp buglist.html
cd $here
}