mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
.
This commit is contained in:
parent
17c023bf69
commit
b4aeef458c
8
AUTHORS
8
AUTHORS
@ -3,16 +3,18 @@ Authors of GNU Privacy Guard (gnupg).
|
||||
Werner Koch. Designed and implemented gnupg.
|
||||
|
||||
|
||||
GPG Matthew Skala 1998-08-10
|
||||
GNUPG Matthew Skala 1998-08-10
|
||||
Disclaims changes (Twofish code).
|
||||
mskala@ansuz.sooke.bc.ca
|
||||
|
||||
GPG Natural Resources Canada 1998-08-11
|
||||
GNUPG Natural Resources Canada 1998-08-11
|
||||
Disclaims changes by Matthew Skala.
|
||||
|
||||
GPG Niklas Hernaeus ??????????
|
||||
GNUPG Niklas Hernaeus ??????????
|
||||
(Weak key patches)
|
||||
|
||||
GNUPG Michael Roth ??????????
|
||||
(DES code)
|
||||
|
||||
TRANSLATIONS Marco d'Itri 1997-02-22
|
||||
Disclaim
|
||||
|
@ -1,3 +1,8 @@
|
||||
Thu Sep 17 18:49:40 1998 Werner Koch (wk@(none))
|
||||
|
||||
* Makefile.am (dist-hook): Now creates RPM file.
|
||||
* scripts/gnupg.spec: New template file for RPMs
|
||||
|
||||
Thu Jul 30 19:17:07 1998 Werner Koch (wk@(none))
|
||||
|
||||
* acinclude.h (WK_CHECK_IPC): New
|
||||
|
10
INSTALL
10
INSTALL
@ -77,12 +77,22 @@ You can create them with:
|
||||
Installation
|
||||
============
|
||||
gpg is not installed as suid:root; if you want to do it, do it manually.
|
||||
We will use capabilities in the future.
|
||||
|
||||
The ~/.gnupg directory will be created if it does not exist. Your first
|
||||
action should be to create a key pair: "gpg --gen-key".
|
||||
|
||||
|
||||
|
||||
Creating a RPM package
|
||||
======================
|
||||
The file scripts/gnupg-x.x.x.spec is used to build a RPM package:
|
||||
1. As root, copy the spec file into /usr/src/redhat/SPECS
|
||||
2. copy the tar file into /usr/src/redhat/SOURCES
|
||||
3. type: rpm -ba SPECS/gnupg-x.x.x.spec
|
||||
|
||||
|
||||
|
||||
Basic Installation
|
||||
==================
|
||||
|
||||
|
@ -13,5 +13,8 @@ dist-hook:
|
||||
|| cp -p $(srcdir)/$$dir/$$i $(distdir)/$$dir/$$i; \
|
||||
done ; \
|
||||
done
|
||||
@set -e; \
|
||||
sed -e 's/@pkg_version@/$(VERSION)/g' $(srcdir)/scripts/gnupg.spec \
|
||||
> $(distdir)/scripts/gnupg-$(VERSION).spec
|
||||
|
||||
|
||||
|
15
NEWS
15
NEWS
@ -1,3 +1,18 @@
|
||||
Noteworthy changes in version 0.4.0
|
||||
-----------------------------------
|
||||
* Triple DES is now supported. Michael Roth did this piece of
|
||||
needed work. We have now all the coded needed to be OpenPGP
|
||||
compliant.
|
||||
|
||||
* Added a simple rpm spec file (see INSTALL).
|
||||
|
||||
* detached and armored signatures are now using "PGP SIGNATURE",
|
||||
except when --rfc1991 is used.
|
||||
|
||||
* All times which are not in the yyy-mm-dd format are now printed
|
||||
in local time.
|
||||
|
||||
|
||||
Noteworthy changes in version 0.3.5
|
||||
-----------------------------------
|
||||
* New option --throw-keyid to create anonymous enciphered messages.
|
||||
|
17
README
17
README
@ -2,12 +2,7 @@
|
||||
|
||||
GNUPG - The GNU Privacy Guard
|
||||
-------------------------------
|
||||
Version 0.3
|
||||
|
||||
WARNING: IF YOU ARE ALREADY USING GNUPG YOU SHOULD NOW MAKE A BACKUP
|
||||
OF "gpg" BECAUSE YOU NEED IT TO CONVERT YOUR PASSPHRASE AND OTHER
|
||||
THINGS - SEE "NEWS"!
|
||||
|
||||
Version 0.4
|
||||
|
||||
As you can see from the version number, the program may have some
|
||||
bugs and some features may not work at all - please report this to
|
||||
@ -336,11 +331,11 @@
|
||||
please subscribe before posting).
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GNUPG v0.3.2b (GNU/Linux)
|
||||
Version: GNUPG v0.3.5a (GNU/Linux)
|
||||
Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/
|
||||
|
||||
iQB1AwUBNcy3yh0Z9MEMmFelAQEUXwMAg8h8GaecR1jWVwCqaWO4oGCyWgaxvi0yfQR1Y1GC
|
||||
j6Hpo5Hwa3d2UAYETL3M42/M32uxe0Wh8PMgLTWTfhV9XjwxCNg3BBDm2Zb5Enpr9UEIFOdN
|
||||
OCV3J4gED4jXDOtO
|
||||
=oPV/
|
||||
iQB1AwUBNgJ6bB0Z9MEMmFelAQEBHgL+JhFVCrTAK2G3NVVVQBHXU5eucNx3tQQE3UucvSBA
|
||||
YaKfX8dC5QU7wfgv8nFBXMK2mnAcJhJzBT6mZwxpzTZZTh7IS4qu//R9Vgy3A06ZddxKFf2M
|
||||
YFelmgdpqTL6ntJC
|
||||
=JZ3m
|
||||
-----END PGP SIGNATURE-----
|
||||
|
3
THANKS
3
THANKS
@ -27,6 +27,8 @@ Mark Adler madler@alumni.caltech.edu
|
||||
Martin Schulte schulte@thp.uni-koeln.de
|
||||
Matthew Skala mskala@ansuz.sooke.bc.ca
|
||||
Max Valianskiy maxcom@maxcom.ml.org
|
||||
Michael Roth mroth@nessie.de
|
||||
Michael Sobolev mss@despair.transas.com
|
||||
Nicolas Graner Nicolas.Graner@cri.u-psud.fr
|
||||
Niklas Hernaeus nh@sleipner.df.lth.se
|
||||
Nimrod Zimerman zimerman@forfree.at
|
||||
@ -37,6 +39,7 @@ QingLong qinglong@bolizm.ihep.su
|
||||
Ralph Gillen gillen@theochem.uni-duesseldorf.de
|
||||
Serge Munhoven munhoven@mema.ucl.ac.be
|
||||
Steffen Ullrich ccrlphr@xensei.com
|
||||
Steffen Zahn Steffen.Zahn@oen.siemens.de
|
||||
Thomas Roessler roessler@guug.de
|
||||
Tom Spindler dogcow@home.merit.edu
|
||||
Tom Zerucha tzeruch@ceddec.com
|
||||
|
5
TODO
5
TODO
@ -1,6 +1,4 @@
|
||||
|
||||
* localize asctime()
|
||||
|
||||
* if --libdir is used, the extensions are put in a wrong place.
|
||||
How does GNOME handle this or make a new option for this directory.
|
||||
|
||||
@ -13,8 +11,6 @@
|
||||
|
||||
* add test cases for invalid data (scrambled armor or other random data)
|
||||
|
||||
* fix the expire stuff for v4 packets.
|
||||
|
||||
* add some sanity checks to read_keyblock, so that we are sure that
|
||||
the minimal requirements are met (?)
|
||||
|
||||
@ -52,4 +48,5 @@
|
||||
* Use "user ID", "trustdb" and "WARNING".
|
||||
|
||||
* armor.c cannot handle concatenated armored messages.
|
||||
at least it should be possible to do this for "KEY BLOCK"
|
||||
|
||||
|
@ -64,6 +64,8 @@
|
||||
#undef HAVE_U16_TYPEDEF
|
||||
#undef HAVE_U32_TYPEDEF
|
||||
|
||||
#undef HAVE_BROKEN_MLOCK
|
||||
|
||||
/* One of the following macros is defined to select which of
|
||||
* the cipher/rand-xxxx.c should be used */
|
||||
#undef USE_RAND_DUMMY
|
||||
|
44
acinclude.m4
44
acinclude.m4
@ -154,6 +154,50 @@ define(WK_CHECK_IPC,
|
||||
])
|
||||
|
||||
|
||||
######################################################################
|
||||
# Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock
|
||||
# is not called from uid 0 (not tested whether uid 0 works)
|
||||
######################################################################
|
||||
dnl WK_CHECK_MLOCK
|
||||
dnl
|
||||
define(WK_CHECK_MLOCK,
|
||||
[ AC_CHECK_FUNCS(mlock)
|
||||
if test "$ac_cv_func_mlock" = "yes"; then
|
||||
AC_MSG_CHECKING(whether mlock is broken)
|
||||
AC_TRY_RUN([
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include <sys/mman.h>
|
||||
#include <sys/types.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
int main()
|
||||
{
|
||||
char *pool;
|
||||
int err;
|
||||
long int pgsize = getpagesize();
|
||||
|
||||
pool = malloc( 4096 + pgsize );
|
||||
if( !pool )
|
||||
return 2;
|
||||
pool += (pgsize - ((long int)pool % pgsize));
|
||||
|
||||
err = mlock( pool, 4096 );
|
||||
if( !err || errno == EPERM )
|
||||
return 0; /* okay */
|
||||
|
||||
return 1; /* hmmm */
|
||||
}
|
||||
|
||||
],
|
||||
AC_MSG_RESULT(no),
|
||||
AC_DEFINE(HAVE_BROKEN_MLOCK)
|
||||
AC_MSG_RESULT(yes),
|
||||
AC_MSG_RESULT(assuming no))
|
||||
fi
|
||||
])
|
||||
|
||||
|
||||
######################################################################
|
||||
# progtest.m4 from gettext 0.35
|
||||
######################################################################
|
||||
|
@ -14,4 +14,10 @@ for i in plain-1 data-80000 ; do
|
||||
echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 -o y --yes x
|
||||
cmp $i y || error "$i: mismatch"
|
||||
done
|
||||
for i in plain-1 data-80000 ; do
|
||||
echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 \
|
||||
--cipher-algo 3des -c -o x --yes $i
|
||||
echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 -o y --yes x
|
||||
cmp $i y || error "$i: mismatch"
|
||||
done
|
||||
|
||||
|
@ -1,3 +1,7 @@
|
||||
Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none))
|
||||
|
||||
* des.c : New file from Michael Roth <mroth@nessie.de>
|
||||
|
||||
Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none))
|
||||
|
||||
* blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.
|
||||
|
@ -17,6 +17,8 @@ libcipher_a_SOURCES = cipher.c \
|
||||
md.c \
|
||||
dynload.c \
|
||||
dynload.h \
|
||||
des.c \
|
||||
des.h \
|
||||
blowfish.c \
|
||||
blowfish.h \
|
||||
cast5.c \
|
||||
|
@ -29,6 +29,7 @@
|
||||
#include "util.h"
|
||||
#include "errors.h"
|
||||
#include "cipher.h"
|
||||
#include "des.h"
|
||||
#include "blowfish.h"
|
||||
#include "cast5.h"
|
||||
#include "dynload.h"
|
||||
@ -106,6 +107,17 @@ setup_cipher_table()
|
||||
if( !cipher_table[i].name )
|
||||
BUG();
|
||||
i++;
|
||||
cipher_table[i].algo = CIPHER_ALGO_3DES;
|
||||
cipher_table[i].name = des_get_info( cipher_table[i].algo,
|
||||
&cipher_table[i].keylen,
|
||||
&cipher_table[i].blocksize,
|
||||
&cipher_table[i].contextsize,
|
||||
&cipher_table[i].setkey,
|
||||
&cipher_table[i].encrypt,
|
||||
&cipher_table[i].decrypt );
|
||||
if( !cipher_table[i].name )
|
||||
BUG();
|
||||
i++;
|
||||
cipher_table[i].algo = CIPHER_ALGO_BLOWFISH160;
|
||||
cipher_table[i].name = blowfish_get_info( cipher_table[i].algo,
|
||||
&cipher_table[i].keylen,
|
||||
|
117
cipher/des.c
117
cipher/des.c
@ -112,14 +112,39 @@
|
||||
*/
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#include <config.h>
|
||||
#include <string.h> /* memcpy, memcmp */
|
||||
#include <assert.h>
|
||||
#include "types.h" /* for byte and u32 typedefs */
|
||||
#include "util.h" /* for log_fatal() */
|
||||
#include "des.h"
|
||||
|
||||
typedef unsigned long u32;
|
||||
typedef unsigned char byte;
|
||||
|
||||
/* Some defines/checks to support standalone modules */
|
||||
|
||||
#ifndef CIPHER_ALGO_3DES
|
||||
#define CIPHER_ALGO_3DES 2
|
||||
#elif CIPHER_ALGO_3DES != 2
|
||||
#error CIPHER_ALGO_3DES is defined to a wrong value.
|
||||
#endif
|
||||
|
||||
#ifndef G10ERR_WEAK_KEY
|
||||
#define G10ERR_WEAK_KEY 43
|
||||
#elif G10ERR_WEAK_KEY != 43
|
||||
#error G10ERR_WEAK_KEY is defined to a wrong value.
|
||||
#endif
|
||||
|
||||
#ifndef G10ERR_WRONG_KEYLEN
|
||||
#define G10ERR_WRONG_KEYLEN 44
|
||||
#elif G10ERR_WRONG_KEYLEN != 44
|
||||
#error G10ERR_WRONG_KEYLEN is defined to a wrong value.
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
/* Macros used by the info function. */
|
||||
#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned))(f))
|
||||
#define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f))
|
||||
|
||||
|
||||
/*
|
||||
@ -127,6 +152,7 @@ typedef unsigned char byte;
|
||||
*/
|
||||
typedef struct _des_ctx
|
||||
{
|
||||
int mode;
|
||||
u32 encrypt_subkeys[32];
|
||||
u32 decrypt_subkeys[32];
|
||||
}
|
||||
@ -137,6 +163,7 @@ des_ctx[1];
|
||||
*/
|
||||
typedef struct _tripledes_ctx
|
||||
{
|
||||
int mode;
|
||||
u32 encrypt_subkeys[96];
|
||||
u32 decrypt_subkeys[96];
|
||||
}
|
||||
@ -499,7 +526,8 @@ des_setkey (struct _des_ctx *ctx, const byte * key)
|
||||
|
||||
|
||||
/*
|
||||
* Electronic Codebook Mode DES encryption/decryption of data according to 'mode'.
|
||||
* Electronic Codebook Mode DES encryption/decryption of data according
|
||||
* to 'mode'.
|
||||
*/
|
||||
static int
|
||||
des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
|
||||
@ -638,6 +666,16 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, i
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Check whether the 8 byte key is weak.
|
||||
*/
|
||||
|
||||
static int
|
||||
is_weak_key ( byte *key )
|
||||
{
|
||||
return 0; /* FIXME */
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Performs a selftest of this DES/Triple-DES implementation.
|
||||
@ -654,7 +692,6 @@ selftest (void)
|
||||
if (sizeof (u32) != 4)
|
||||
return "Wrong word size for DES configured.";
|
||||
|
||||
|
||||
/*
|
||||
* DES Maintenance Test
|
||||
*/
|
||||
@ -714,3 +751,69 @@ selftest (void)
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
do_tripledes_setkey ( struct _tripledes_ctx *ctx, byte *key, unsigned keylen )
|
||||
{
|
||||
if( keylen != 24 )
|
||||
return G10ERR_WRONG_KEYLEN;
|
||||
|
||||
if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) )
|
||||
return G10ERR_WEAK_KEY;
|
||||
|
||||
tripledes_set3keys ( ctx, key, key+8, key+16);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
do_tripledes_encrypt( struct _tripledes_ctx *ctx, byte *outbuf, byte *inbuf )
|
||||
{
|
||||
tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
|
||||
}
|
||||
|
||||
static void
|
||||
do_tripledes_decrypt( struct _tripledes_ctx *ctx, byte *outbuf, byte *inbuf )
|
||||
{
|
||||
tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Return some information about the algorithm. We need algo here to
|
||||
* distinguish different flavors of the algorithm.
|
||||
* Returns: A pointer to string describing the algorithm or NULL if
|
||||
* the ALGO is invalid.
|
||||
*/
|
||||
const char *
|
||||
des_get_info( int algo, size_t *keylen,
|
||||
size_t *blocksize, size_t *contextsize,
|
||||
int (**r_setkey)( void *c, byte *key, unsigned keylen ),
|
||||
void (**r_encrypt)( void *c, byte *outbuf, byte *inbuf ),
|
||||
void (**r_decrypt)( void *c, byte *outbuf, byte *inbuf )
|
||||
)
|
||||
{
|
||||
static int did_selftest = 0;
|
||||
|
||||
if( !did_selftest ) {
|
||||
const char *s = selftest();
|
||||
if( s )
|
||||
log_fatal("selftest failed: %s", s );
|
||||
did_selftest = 1;
|
||||
}
|
||||
|
||||
|
||||
if( algo == CIPHER_ALGO_3DES ) {
|
||||
*keylen = 192;
|
||||
*blocksize = 8;
|
||||
*contextsize = sizeof(struct _tripledes_ctx);
|
||||
*r_setkey = FNCCAST_SETKEY(do_tripledes_setkey);
|
||||
*r_encrypt= FNCCAST_CRYPT(do_tripledes_encrypt);
|
||||
*r_decrypt= FNCCAST_CRYPT(do_tripledes_decrypt);
|
||||
return "3DES";
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
34
cipher/des.h
Normal file
34
cipher/des.h
Normal file
@ -0,0 +1,34 @@
|
||||
/* des.h
|
||||
* Copyright (C) 1998 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GNUPG.
|
||||
*
|
||||
* GNUPG is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* GNUPG is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
*/
|
||||
#ifndef G10_DES_H
|
||||
#define G10_DES_H
|
||||
|
||||
#include "types.h"
|
||||
|
||||
|
||||
const char *
|
||||
des_get_info( int algo, size_t *keylen,
|
||||
size_t *blocksize, size_t *contextsize,
|
||||
int (**setkey)( void *c, byte *key, unsigned keylen ),
|
||||
void (**encrypt)( void *c, byte *outbuf, byte *inbuf ),
|
||||
void (**decrypt)( void *c, byte *outbuf, byte *inbuf )
|
||||
);
|
||||
|
||||
#endif /*G10_DES_H*/
|
@ -180,10 +180,12 @@ fi
|
||||
|
||||
dnl Checks for library functions.
|
||||
AC_FUNC_VPRINTF
|
||||
AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mlock mmap)
|
||||
AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mmap)
|
||||
AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit)
|
||||
AC_CHECK_FUNCS(atexit raise getpagesize strftime)
|
||||
|
||||
WK_CHECK_MLOCK
|
||||
|
||||
WK_CHECK_IPC
|
||||
if test "$ac_cv_header_sys_shm_h" = "yes"; then
|
||||
AC_DEFINE(USE_SHM_COPROCESSING)
|
||||
|
@ -41,12 +41,10 @@
|
||||
|
||||
Layout of the TrustDB
|
||||
=====================
|
||||
FIXME: use a directory record as top node instead of the pubkey record
|
||||
|
||||
The TrustDB is built from fixed length records, where the first byte
|
||||
describes the record type. All numeric values are stored in network
|
||||
byte order. The length of each record is 40 bytes. The first record of
|
||||
the DB is always of type 1 and this is the only record of this type.
|
||||
the DB is always of type 2 and this is the only record of this type.
|
||||
|
||||
Record type 0:
|
||||
--------------
|
||||
@ -56,7 +54,7 @@ Record type 1:
|
||||
--------------
|
||||
Version information for this TrustDB. This is always the first
|
||||
record of the DB and the only one with type 1.
|
||||
1 byte value 1
|
||||
1 byte value 2
|
||||
3 bytes 'gpg' magic value
|
||||
1 byte Version of the TrustDB
|
||||
3 byte reserved
|
||||
|
@ -1,3 +1,16 @@
|
||||
Fri Sep 18 16:50:32 1998 Werner Koch (wk@(none))
|
||||
|
||||
* getkey.c (merge_key_and_selfsig): New.
|
||||
|
||||
Fri Sep 18 10:20:11 1998 Werner Koch (wk@(none))
|
||||
|
||||
* pkclist.c (select_algo_from_prefs): Removed 3DEs kludge.
|
||||
|
||||
* seskey.c (make_session_key): Fixed SERIOUS bug introduced
|
||||
by adding the weak key detection code.
|
||||
|
||||
* sign.c (sign_file): Changed aremor header in certain cases.
|
||||
|
||||
Tue Sep 15 17:52:55 1998 Werner Koch (wk@(none))
|
||||
|
||||
* mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp.
|
||||
|
@ -69,9 +69,12 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
|
||||
log_bug("Nanu\n"); /* oops: found a bug */
|
||||
|
||||
dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
|
||||
if( cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ) )
|
||||
rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
|
||||
if( rc == G10ERR_WEAK_KEY )
|
||||
log_info(_("Warning: Message was encrypted with "
|
||||
"a weak key in the symmetric cipher.\n"));
|
||||
else if( rc )
|
||||
log_error("key setup failed: %s\n", g10_errstr(rc) );
|
||||
|
||||
cipher_setiv( dfx.cipher_hd, NULL );
|
||||
|
||||
|
@ -381,8 +381,8 @@ i18n_init(void)
|
||||
{
|
||||
#ifdef ENABLE_NLS
|
||||
#ifdef HAVE_LC_MESSAGES
|
||||
setlocale( LC_MESSAGES, "" );
|
||||
setlocale( LC_TIME, "" );
|
||||
setlocale( LC_MESSAGES, "" );
|
||||
#else
|
||||
setlocale( LC_ALL, "" );
|
||||
#endif
|
||||
|
66
g10/getkey.c
66
g10/getkey.c
@ -613,7 +613,7 @@ compare_name( const char *uid, size_t uidlen, const char *name, int mode )
|
||||
*/
|
||||
|
||||
static void
|
||||
add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
|
||||
merge_one_pk_and_selfsig( KBNODE keyblock, KBNODE knode )
|
||||
{
|
||||
PKT_public_key *pk = knode->pkt->pkt.public_key;
|
||||
PKT_signature *sig;
|
||||
@ -643,9 +643,8 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
|
||||
&& sig->keyid[1] == kid[1]
|
||||
&& sig->version > 3 ) {
|
||||
/* okay this is (the first) self-signature which can be used
|
||||
* fixme: Check how to handle subkey bindings
|
||||
* FIXME: We should only use this if the signature is valid
|
||||
* but this is time consuming - we muts provide another
|
||||
* but this is time consuming - we must provide another
|
||||
* way to handle this
|
||||
*/
|
||||
const byte *p;
|
||||
@ -658,6 +657,63 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* merge all selfsignatures with the keys.
|
||||
*/
|
||||
void
|
||||
merge_keys_and_selfsig( KBNODE keyblock )
|
||||
{
|
||||
PKT_public_key *pk = NULL;
|
||||
PKT_secret_key *sk = NULL;
|
||||
PKT_signature *sig;
|
||||
KBNODE k;
|
||||
u32 kid[2];
|
||||
|
||||
for(k=keyblock; k; k = k->next ) {
|
||||
if( k->pkt->pkttype == PKT_PUBLIC_KEY
|
||||
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
|
||||
pk = k->pkt->pkt.public_key; sk = NULL;
|
||||
if( pk->version < 4 )
|
||||
pk = NULL; /* not needed for old keys */
|
||||
else
|
||||
keyid_from_pk( pk, kid );
|
||||
}
|
||||
else if( k->pkt->pkttype == PKT_SECRET_KEY
|
||||
|| k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
||||
pk = NULL; sk = k->pkt->pkt.secret_key;
|
||||
if( sk->version < 4 )
|
||||
sk = NULL;
|
||||
else
|
||||
keyid_from_sk( sk, kid );
|
||||
}
|
||||
else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE
|
||||
&& (sig=k->pkt->pkt.signature)->sig_class >= 0x10
|
||||
&& sig->sig_class <= 0x13 && sig->version > 3
|
||||
&& sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] ) {
|
||||
/* okay this is (the first) self-signature which can be used
|
||||
* FIXME: We should only use this if the signature is valid
|
||||
* but this is time consuming - we must provide another
|
||||
* way to handle this
|
||||
*/
|
||||
const byte *p;
|
||||
p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL );
|
||||
if( pk ) {
|
||||
pk->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0;
|
||||
/* fixme: add usage etc. */
|
||||
pk = NULL; /* use only the first self signature */
|
||||
}
|
||||
else {
|
||||
sk->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0;
|
||||
sk = NULL; /* use only the first self signature */
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/****************
|
||||
* Lookup a key by scanning all keyrings
|
||||
* mode 1 = lookup by NAME (exact)
|
||||
@ -808,12 +864,12 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
|
||||
if( primary && !pk->pubkey_usage ) {
|
||||
copy_public_key_new_namehash( pk, keyblock->pkt->pkt.public_key,
|
||||
use_namehash? namehash:NULL);
|
||||
add_stuff_from_selfsig( keyblock, keyblock );
|
||||
merge_one_pk_and_selfsig( keyblock, keyblock );
|
||||
}
|
||||
else {
|
||||
copy_public_key_new_namehash( pk, k->pkt->pkt.public_key,
|
||||
use_namehash? namehash:NULL);
|
||||
add_stuff_from_selfsig( keyblock, k );
|
||||
merge_one_pk_and_selfsig( keyblock, k );
|
||||
}
|
||||
if( ret_keyblock ) {
|
||||
*ret_keyblock = keyblock;
|
||||
|
@ -120,6 +120,7 @@ int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
|
||||
int seckey_available( u32 *keyid );
|
||||
int get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock );
|
||||
int enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys );
|
||||
void merge_keys_and_selfsig( KBNODE keyblock );
|
||||
char*get_user_id_string( u32 *keyid );
|
||||
char*get_user_id( u32 *keyid, size_t *rn );
|
||||
|
||||
|
@ -85,6 +85,9 @@ get_keyblock_byname( KBNODE *keyblock, KBPOS *kbpos, const char *username )
|
||||
rc = read_keyblock( kbpos, keyblock );
|
||||
if( rc )
|
||||
log_error("%s: keyblock read problem: %s\n", username, g10_errstr(rc));
|
||||
else
|
||||
merge_keys_and_selfsig( *keyblock );
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -490,6 +493,7 @@ keyedit_menu( const char *username, STRLIST locusr )
|
||||
username, g10_errstr(rc));
|
||||
goto leave;
|
||||
}
|
||||
merge_keys_and_selfsig( sec_keyblock );
|
||||
}
|
||||
|
||||
/* and now get the public key */
|
||||
|
@ -599,13 +599,6 @@ select_algo_from_prefs( PK_LIST pk_list, int preftype )
|
||||
i = 1; /* yep; we can use compression algo 1 */
|
||||
}
|
||||
|
||||
if( preftype == PREFTYPE_SYM && i == CIPHER_ALGO_3DES ) {
|
||||
i = CIPHER_ALGO_CAST5;
|
||||
if( opt.verbose )
|
||||
log_info("replacing 3DES by CAST5\n");
|
||||
}
|
||||
|
||||
|
||||
m_free(pref);
|
||||
return i;
|
||||
}
|
||||
|
@ -42,6 +42,7 @@ make_session_key( DEK *dek )
|
||||
dek->keylen = cipher_get_keylen( dek->algo ) / 8;
|
||||
|
||||
chd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
|
||||
randomize_buffer( dek->key, dek->keylen, 1 );
|
||||
for(i=0; i < 16; i++ ) {
|
||||
rc = cipher_setkey( chd, dek->key, dek->keylen );
|
||||
if( !rc ) {
|
||||
|
@ -220,6 +220,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
|
||||
if( !multifile )
|
||||
iobuf_push_filter( inp, md_filter, &mfx );
|
||||
|
||||
if( detached && !encrypt && !opt.rfc1991 )
|
||||
afx.what = 2;
|
||||
|
||||
if( opt.armor && !outfile )
|
||||
iobuf_push_filter( out, armor_filter, &afx );
|
||||
else {
|
||||
|
@ -1636,7 +1636,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
|
||||
pk->valid_days) < cur_time ) {
|
||||
log_info(_("key %08lX.%lu: expired at %s\n"),
|
||||
keyid[1], pk->local_id,
|
||||
strtimestamp( add_days_to_timestamp(pk->timestamp,
|
||||
asctimestamp( add_days_to_timestamp(pk->timestamp,
|
||||
pk->valid_days)));
|
||||
trustlevel = TRUST_EXPIRED;
|
||||
}
|
||||
|
@ -60,7 +60,7 @@
|
||||
typedef struct {
|
||||
int algo;
|
||||
int keylen;
|
||||
byte key[20]; /* this is the largest used keylen */
|
||||
byte key[24]; /* this is the largest used keylen (3des) */
|
||||
} DEK;
|
||||
|
||||
typedef struct cipher_handle_s *CIPHER_HANDLE;
|
||||
|
@ -62,7 +62,8 @@
|
||||
#define G10ERR_TIME_CONFLICT 40
|
||||
#define G10ERR_WR_PUBKEY_ALGO 41 /* unusabe pubkey algo */
|
||||
#define G10ERR_FILE_EXISTS 42
|
||||
#define G10ERR_WEAK_KEY 43
|
||||
#define G10ERR_WEAK_KEY 43 /* NOTE: hardcoded intothe cipher modules */
|
||||
#define G10ERR_WRONG_KEYLEN 44 /* NOTE: hardcoded intothe cipher modules */
|
||||
|
||||
|
||||
#ifndef HAVE_STRERROR
|
||||
|
@ -1,3 +1,7 @@
|
||||
Thu Sep 17 18:08:50 1998 Werner Koch (wk@(none))
|
||||
|
||||
* hppa1.1/udiv-qrnnd.S: Fix from Steffen Zahn for HPUX 10.20
|
||||
|
||||
Thu Aug 6 16:39:28 1998 Werner Koch,mobil,,, (wk@tobold)
|
||||
|
||||
* mpi-bit.c (mpi_set_bytes): Removed.
|
||||
|
@ -50,8 +50,8 @@ __udiv_qrnnd
|
||||
|
||||
stws %r25,-16(0,%r30) ; n_hi
|
||||
stws %r24,-12(0,%r30) ; n_lo
|
||||
ldil L'L$0000,%r19
|
||||
ldo R'L$0000(%r19),%r19
|
||||
ldil L'L$0000,%r19 ; '
|
||||
ldo R'L$0000(%r19),%r19 ; '
|
||||
fldds -16(0,%r30),%fr5
|
||||
stws %r23,-12(0,%r30)
|
||||
comib,<= 0,%r25,L$1
|
||||
|
@ -4,3 +4,4 @@ install-sh
|
||||
mkinstalldirs
|
||||
mkdiff
|
||||
missing
|
||||
gnupg.spec
|
||||
|
59
scripts/gnupg.spec
Normal file
59
scripts/gnupg.spec
Normal file
@ -0,0 +1,59 @@
|
||||
#
|
||||
# gnupg -- gnu privacy guard
|
||||
# This is a template. The dist target uses it to create the real file.
|
||||
#
|
||||
Summary: GPL public key crypto
|
||||
Name: gnupg
|
||||
Version: @pkg_version@
|
||||
Release: 3
|
||||
Copyright: GPL
|
||||
Group: Applications/Cryptography
|
||||
Source: ftp://ftp.guug.de/pub/gcrypt/
|
||||
URL: http://www.d.shuttle.de/isil/crypt/gnupg.html
|
||||
Vendor: TechnoCage
|
||||
Packager: Caskey L. Dickson <caskey-at-technocage.com>
|
||||
Provides: gpg openpgp
|
||||
|
||||
%description
|
||||
GNUPG is a complete and free replacement for PGP. Because it does not use
|
||||
IDEA or RSA it can be used without any restrictions. GNUPG is nearly in
|
||||
compliance with the OpenPGP draft.
|
||||
|
||||
%prep
|
||||
rm -rf $RPM_BUILD_DIR/gnupg-@pkg_version@
|
||||
tar -xvzf $RPM_SOURCE_DIR/gnupg-@pkg_version@.tar.gz
|
||||
|
||||
%build
|
||||
cd gnupg-@pkg_version@
|
||||
chown -R root.root *
|
||||
./configure
|
||||
make
|
||||
|
||||
%install
|
||||
cd gnupg-@pkg_version@
|
||||
make install
|
||||
chmod +s /usr/local/bin/gpg
|
||||
chmod +s /usr/local/bin/gpgm
|
||||
|
||||
%files
|
||||
%doc gnupg-@pkg_version@/doc/DETAILS
|
||||
%doc gnupg-@pkg_version@/INSTALL
|
||||
%doc gnupg-@pkg_version@/doc/rfcs
|
||||
%doc gnupg-@pkg_version@/AUTHORS
|
||||
%doc gnupg-@pkg_version@/ABOUT-NLS
|
||||
%doc gnupg-@pkg_version@/COPYING
|
||||
%doc gnupg-@pkg_version@/ChangeLog
|
||||
%doc gnupg-@pkg_version@/NEWS
|
||||
%doc gnupg-@pkg_version@/README
|
||||
%doc gnupg-@pkg_version@/THANKS
|
||||
%doc gnupg-@pkg_version@/TODO
|
||||
/usr/local/man/man1/gpg.1
|
||||
/usr/local/bin/gpg
|
||||
/usr/local/bin/gpgm
|
||||
/usr/local/share/locale/en/LC_MESSAGES/gnupg.mo
|
||||
/usr/local/share/locale/de/LC_MESSAGES/gnupg.mo
|
||||
/usr/local/share/locale/it/LC_MESSAGES/gnupg.mo
|
||||
/usr/local/share/locale/fr/LC_MESSAGES/gnupg.mo
|
||||
/usr/local/lib/gnupg/tiger
|
||||
/usr/local/lib/gnupg/twofish
|
||||
|
@ -1,3 +1,7 @@
|
||||
Fri Sep 18 16:25:47 1998 Werner Koch (wk@(none))
|
||||
|
||||
* secmem.c (lock_pool): Kludge for broken mlock on HPUX 10.20
|
||||
|
||||
Tue Sep 15 17:52:21 1998 Werner Koch (wk@(none))
|
||||
|
||||
* miscutil.c (asctimestamp): New.
|
||||
|
@ -61,16 +61,16 @@ strtimestamp( u32 stamp )
|
||||
const char *
|
||||
asctimestamp( u32 stamp )
|
||||
{
|
||||
static char buffer[30];
|
||||
static char buffer[50];
|
||||
struct tm *tp;
|
||||
time_t atime = stamp;
|
||||
|
||||
tp = localtime( &atime );
|
||||
#ifdef HAVE_STRFTIME
|
||||
mem2str( buffer, asctime(tp), DIM(buffer) );
|
||||
#else
|
||||
strftime( buffer, DIM(buffer)-1, "%c", tp );
|
||||
strftime( buffer, DIM(buffer)-1, "%c %Z", tp );
|
||||
buffer[DIM(buffer)-1] = 0;
|
||||
#else
|
||||
mem2str( buffer, asctime(tp), DIM(buffer) );
|
||||
#endif
|
||||
return buffer;
|
||||
}
|
||||
|
@ -75,11 +75,22 @@ lock_pool( void *p, size_t n )
|
||||
uid_t uid;
|
||||
int err;
|
||||
|
||||
uid = getuid();
|
||||
|
||||
#ifdef HAVE_BROKEN_MLOCK
|
||||
if( uid )
|
||||
err = EPERM;
|
||||
else {
|
||||
err = mlock( p, n );
|
||||
if( err && errno )
|
||||
err = errno;
|
||||
}
|
||||
#else
|
||||
err = mlock( p, n );
|
||||
if( err && errno )
|
||||
err = errno;
|
||||
#endif
|
||||
|
||||
uid = getuid();
|
||||
if( uid && !geteuid() ) {
|
||||
if( setuid( uid ) )
|
||||
log_fatal("failed to reset uid: %s\n", strerror(errno));
|
||||
|
Loading…
x
Reference in New Issue
Block a user