diff --git a/ABOUT-NLS b/ABOUT-NLS index b3f2c65d4..28d38c76f 100644 --- a/ABOUT-NLS +++ b/ABOUT-NLS @@ -191,7 +191,7 @@ PO files have been submitted to translation coordination. gcal | [] [] [] [] [] | 5 gettext | [] [] [] [] [] [] [] [] [] [] [] | 12 grep | [] [] [] [] [] [] [] [] [] [] | 10 - hello | [] [] [] [] [] [] [] [] [] [] | 10 + hello | [] [] [] [] [] [] [] [] [] [] [] | 11 id-utils | [] [] [] | 3 indent | [] [] [] [] [] | 5 libc | [] [] [] [] [] [] [] | 7 @@ -201,14 +201,14 @@ PO files have been submitted to translation coordination. ptx | [] [] [] [] [] [] [] [] | 8 recode | [] [] [] [] [] [] [] [] [] | 9 sh-utils | [] [] [] [] [] [] [] [] | 8 - sharutils | [] [] [] [] [] | 5 - tar | [] [] [] [] [] [] [] [] [] [] | 10 - texinfo | [] [] | 2 + sharutils | [] [] [] [] [] [] | 6 + tar | [] [] [] [] [] [] [] [] [] [] [] | 11 + texinfo | [] [] [] | 3 textutils | [] [] [] [] [] [] [] [] [] | 9 wdiff | [] [] [] [] [] [] [] [] | 8 `----------------------------------------------------' 17 languages cs da de en es fi fr it ja ko nl no pl pt ru sl sv - 27 packages 3 3 25 1 18 1 26 2 1 12 20 9 19 7 4 7 17 175 + 27 packages 6 4 25 1 18 1 26 2 1 12 20 9 19 7 4 7 17 179 Some counters in the preceding matrix are higher than the number of visible blocks let us expect. This is because a few extra PO files are diff --git a/AUTHORS b/AUTHORS index 35e7049ad..566688918 100644 --- a/AUTHORS +++ b/AUTHORS @@ -3,19 +3,23 @@ Authors of GNU Privacy Guard (gnupg). Werner Koch. Designed and implemented gnupg. -TRANSLATIONS Marco d'Itri 1997-02-22 -Disclaim - -GPG Matthew Skala 1998-08-10 +GPG Matthew Skala 1998-08-10 Disclaims changes (Twofish code). mskala@ansuz.sooke.bc.ca -GPG Natural Resources Canada 1998-08-11 +GPG Natural Resources Canada 1998-08-11 Disclaims changes by Matthew Skala. -TRANSLATIONS Gaël Quéri ????????????? +GPG Niklas Hernaeus ?????????? +(Weak key patches) + + +TRANSLATIONS Marco d'Itri 1997-02-22 +Disclaim + +TRANSLATIONS Gaël Quéri ?????????? fr.po -TRANSLATIONS Walter Koch ??????????? +TRANSLATIONS Walter Koch ?????????? de.po diff --git a/INSTALL b/INSTALL index 23fa6b98b..7829ec5a4 100644 --- a/INSTALL +++ b/INSTALL @@ -33,8 +33,12 @@ Configure options for GNUPG Problems ======== -If you have compile problems, try the configure options "--with-included-zlib", -"--disable-nls" (See ABOUT-NLS) or --disable-dynload. +If you get unresolved externals "gettext" you should run configure again +with the option "--with-included-gettext". + +If you have other compile problems, try the configure options +"--with-included-zlib" or "--disable-nls" (See ABOUT-NLS) +or --disable-dynload. I can't check all assembler files, so if you have problems assembling them (or the program crashes), simply delete the files in the mpi/ directory. diff --git a/Makefile.am b/Makefile.am index b8f6282bf..258ec7003 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,10 +4,6 @@ SUBDIRS = intl po zlib util mpi cipher tools g10 doc checks EXTRA_DIST = VERSION -tar: clean - cd ..; tar czvf ~/bkup/g10-`date +%d%m`.tar.gz src - - dist-hook: @set -e; \ for file in `find $(srcdir) -type f -name distfiles`; do \ @@ -17,8 +13,5 @@ dist-hook: || cp -p $(srcdir)/$$dir/$$i $(distdir)/$$dir/$$i; \ done ; \ done - for file in po/cat-id-tbl.c po/gnupg.pot; do \ - rm $(distdir)/$$file || true ; \ - done diff --git a/NEWS b/NEWS index 10aca85a5..23635c7ed 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,16 @@ Noteworthy changes in version 0.3.5 * --delete-[secret-]key is now also availabe in gpgm. + * cleartext signatures are not anymore converted to LF only. + + * Fixed a trustdb problem. Run "gpgm --check-trustdb" to fix old + trust dbs. + + * Building in another directory should now work. + + * Weak key detection mechanism (Niklas Hernaeus). + + Noteworthy changes in version 0.3.4 ----------------------------------- * New options --comment and --set-filename; see g10/OPTIONS diff --git a/THANKS b/THANKS index 054c6a3a8..c19d23a96 100644 --- a/THANKS +++ b/THANKS @@ -9,6 +9,7 @@ Brian Warner warner@lothar.com Caskey L. Dickson caskey@technocage.com Charles Levert charles@comm.polymtl.ca Christian von Roques roques@pond.sub.org +Christopher Oliver oliver@fritz.traverse.net Daniel Eisenbud eisenbud@cs.swarthmore.edu Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de Ed Boraas ecxjo@esperanto.org @@ -27,9 +28,12 @@ Martin Schulte schulte@thp.uni-koeln.de Matthew Skala mskala@ansuz.sooke.bc.ca Max Valianskiy maxcom@maxcom.ml.org Nicolas Graner Nicolas.Graner@cri.u-psud.fr +Niklas Hernaeus nh@sleipner.df.lth.se Nimrod Zimerman zimerman@forfree.at Oskari Jääskeläinen f33003a@cc.hut.fi +Paul D. Smith psmith@baynetworks.com Peter Gutmann pgut001@cs.auckland.ac.nz +QingLong qinglong@bolizm.ihep.su Ralph Gillen gillen@theochem.uni-duesseldorf.de Serge Munhoven munhoven@mema.ucl.ac.be Steffen Ullrich ccrlphr@xensei.com diff --git a/TODO b/TODO index 0bbb4f359..def9e7b11 100644 --- a/TODO +++ b/TODO @@ -1,11 +1,6 @@ - * cleanup for SHM einbauen (non-linux) - - * shared memory access funktioniert nicht wenn seuid installiert. - - * ElGamal key benutzen wenn die DSA keyid angegeben ist?? - - * Apply Paul D. Smith's sugestions for building in another direcory. + * Should we use the ElGamal subkey if the DSA keyid is given? + What about an option --loose-keyid-match? * salted and iterated S2Ks don't work (see passphrase.c). @@ -15,14 +10,9 @@ * fix the expire stuff for v4 packets. - * Fix Oscaris problems with the trustdb. - * invalid packets (Marco) und Markus Gruber - * add some sanity checks to read_keyblock, so that we are sure that the minimal requirements are met (?) - * what about the CR,LF in cleartext singatures? - * decryption of message with multiple recipients does not work. * preferences of hash algorithms are not yet used. @@ -49,10 +39,6 @@ * Is it okay to use gettext for the help system??? - * configure checks two times for gcc - - * update gettext - * Add some stuff for DU cc * check for "expect" before running test genkey1024 diff --git a/VERSION b/VERSION index 789f9a52b..c2c0004f0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.4a +0.3.5 diff --git a/acinclude.m4 b/acinclude.m4 index 5f7c56215..6fe4337f4 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -155,12 +155,12 @@ define(WK_CHECK_IPC, ###################################################################### -# progtest.m4 from gettext 0.32 +# progtest.m4 from gettext 0.35 ###################################################################### # Search path for a program which passes the given test. # Ulrich Drepper , 1996. # -# This file file be copied and used freely without restrictions. It can +# This file can be copied and used freely without restrictions. It can # be used in projects which are not available under the GNU Public License # but which still want to provide support for the GNU gettext functionality. # Please note that the actual code is *not* freely available. @@ -205,14 +205,13 @@ fi AC_SUBST($1)dnl ]) - ###################################################################### -# lcmessage.m4 from gettext 0.32 +# lcmessage.m4 from gettext 0.35 ###################################################################### # Check whether LC_MESSAGES is available in . # Ulrich Drepper , 1995. # -# This file file be copied and used freely without restrictions. It can +# This file can be copied and used freely without restrictions. It can # be used in projects which are not available under the GNU Public License # but which still want to provide support for the GNU gettext functionality. # Please note that the actual code is *not* freely available. @@ -229,20 +228,18 @@ AC_DEFUN(AM_LC_MESSAGES, fi fi]) - - ###################################################################### -# gettext.m4 from gettext 0.32 +# gettext.m4 from gettext 0.35 ###################################################################### # Macro to add for using GNU gettext. # Ulrich Drepper , 1995. # -# This file file be copied and used freely without restrictions. It can +# This file can be copied and used freely without restrictions. It can # be used in projects which are not available under the GNU Public License # but which still want to provide support for the GNU gettext functionality. # Please note that the actual code is *not* freely available. -# serial 3 +# serial 5 AC_DEFUN(AM_WITH_NLS, [AC_MSG_CHECKING([whether NLS is requested]) @@ -284,9 +281,10 @@ AC_DEFUN(AM_WITH_NLS, AC_CHECK_LIB(intl, bindtextdomain, [AC_CACHE_CHECK([for gettext in libintl], gt_cv_func_gettext_libintl, - [AC_TRY_LINK([], [return (int) gettext ("")], - gt_cv_func_gettext_libintl=yes, - gt_cv_func_gettext_libintl=no)])]) + [AC_CHECK_LIB(intl, gettext, + gt_cv_func_gettext_libintl=yes, + gt_cv_func_gettext_libintl=no)], + gt_cv_func_gettext_libintl=no)]) fi if test "$gt_cv_func_gettext_libc" = "yes" \ @@ -380,7 +378,7 @@ AC_DEFUN(AM_WITH_NLS, : ; else AC_MSG_RESULT( - [found xgettext programs is not GNU xgettext; ignore it]) + [found xgettext program is not GNU xgettext; ignore it]) XGETTEXT=":" fi fi @@ -392,6 +390,12 @@ AC_DEFUN(AM_WITH_NLS, nls_cv_header_intl=intl/libintl.h nls_cv_header_libgt=intl/libgettext.h fi + AC_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl) + AC_OUTPUT_COMMANDS( + [case "$CONFIG_FILES" in *po/Makefile.in*) + sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile + esac]) + # If this is used in GNU gettext we have to set USE_NLS to `yes' # because some of the sources are only built for this goal. @@ -436,9 +440,9 @@ AC_DEFUN(AM_GNU_GETTEXT, AC_REQUIRE([AC_FUNC_MMAP])dnl AC_CHECK_HEADERS([argz.h limits.h locale.h nl_types.h malloc.h string.h \ -unistd.h values.h sys/param.h]) +unistd.h sys/param.h]) AC_CHECK_FUNCS([getcwd munmap putenv setenv setlocale strchr strcasecmp \ -__argz_count __argz_stringify __argz_next]) +strdup __argz_count __argz_stringify __argz_next]) if test "${ac_cv_func_stpcpy+set}" != "set"; then AC_CHECK_FUNCS(stpcpy) @@ -543,5 +547,3 @@ __argz_count __argz_stringify __argz_next]) < $srcdir/po/POTFILES.in > po/POTFILES ]) - - diff --git a/checks/Makefile.am b/checks/Makefile.am index bd7d11199..351075206 100644 --- a/checks/Makefile.am +++ b/checks/Makefile.am @@ -19,11 +19,16 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ DATA_FILES = data-500 data-9000 data-32000 data-80000 EXTRA_DIST = defs.inc run-gpg run-gpgm $(TESTS) $(TEST_FILES) -CLEANFILES = prepared.stamp x y z out err $(DATA_FILES) +CLEANFILES = prepared.stamp x y z out err $(DATA_FILES) \ + plain-1 plain-2 plain-3 +DISTCLEANFILES = pubring.gpg secring.gpg pubring.pkr secring.skr + check: prepared.stamp +testdata: prepared.stamp + prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \ ./pubring.pkr ./secring.skr $(DATA_FILES) echo timestamp >./prepared.stamp diff --git a/checks/armdetach.test b/checks/armdetach.test index 16d4efe76..c68c5da82 100755 --- a/checks/armdetach.test +++ b/checks/armdetach.test @@ -5,7 +5,7 @@ #info Checking armored detached signatures for i in $plain_files $data_files ; do - echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sab -o x --yes $i - ./run-gpg -o /dev/null --yes x <$i || error "$i: bad signature" + echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sab -o x --yes $i + $srcdir/run-gpg -o /dev/null --yes x <$i || error "$i: bad signature" done diff --git a/checks/armdetachm.test b/checks/armdetachm.test index 5d8d077c2..f628fcf2b 100755 --- a/checks/armdetachm.test +++ b/checks/armdetachm.test @@ -4,6 +4,6 @@ #info Checking armored detached signatures of multiple files i="$plain_files $data_files" -echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sab -o x --yes $i -cat $i | ./run-gpg -o /dev/null --yes x || error "$i: bad signature" +echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sab -o x --yes $i +cat $i | $srcdir/run-gpg -o /dev/null --yes x || error "$i: bad signature" diff --git a/checks/armencrypt.test b/checks/armencrypt.test index 48c60a8b8..cade9dde4 100755 --- a/checks/armencrypt.test +++ b/checks/armencrypt.test @@ -4,8 +4,8 @@ #info Checking armored encryption for i in $plain_files $data_files ; do - ./run-gpg -ea -o x --yes -r "$usrname2" $i - ./run-gpg -o y --yes x + $srcdir/run-gpg -ea -o x --yes -r "$usrname2" $i + $srcdir/run-gpg -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/checks/armencryptp.test b/checks/armencryptp.test index 37cb4a34b..95a1efd63 100755 --- a/checks/armencryptp.test +++ b/checks/armencryptp.test @@ -4,9 +4,9 @@ #info Checking armored encryption with a pipe for i in $plain_files $data_files ; do - ./run-gpg -ea --yes -r "$usrname2" < $i | tee x | ./run-gpg -o y --yes + $srcdir/run-gpg -ea --yes -r "$usrname2" < $i | tee x | $srcdir/run-gpg -o y --yes cmp $i y || error "$i: mismatch" - ./run-gpg --yes < x > y + $srcdir/run-gpg --yes < x > y cmp $i y || error "$i: mismatch" done diff --git a/checks/armsignencrypt.test b/checks/armsignencrypt.test index daa1b9676..f8ffdaf4d 100755 --- a/checks/armsignencrypt.test +++ b/checks/armsignencrypt.test @@ -6,8 +6,8 @@ #info Checking armored signing and encryption for i in $plain_files $data_files ; do echo "$usrpass1" \ - | ./run-gpg --passphrase-fd 0 -sae -o x --yes -r "$usrname2" $i - ./run-gpg -o y --yes x + | $srcdir/run-gpg --passphrase-fd 0 -sae -o x --yes -r "$usrname2" $i + $srcdir/run-gpg -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/checks/armsigs.test b/checks/armsigs.test index 5152c2de0..34b5a7fa3 100755 --- a/checks/armsigs.test +++ b/checks/armsigs.test @@ -4,8 +4,8 @@ #info Checking armored signatures for i in $plain_files $data_files ; do - echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sa -o x --yes $i - ./run-gpg -o y --yes x + echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sa -o x --yes $i + $srcdir/run-gpg -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/checks/clearsig.test b/checks/clearsig.test index d633713c9..69c2544d7 100755 --- a/checks/clearsig.test +++ b/checks/clearsig.test @@ -6,13 +6,13 @@ # but the output has always one. I do not thinkl this is a bug, because # it is clear text and not binary text. for i in $plain_files; do - echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sat -o x --yes $i - ./run-gpg --verify x + echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sat -o x --yes $i + $srcdir/run-gpg --verify x done # and once more to check rfc1991 for i in $plain_files; do - echo "$usrpass1" | ./run-gpg --passphrase-fd 0 \ + echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 \ --rfc1991 --digest-algo md5 -sat -o x --yes $i - ./run-gpg --verify x + $srcdir/run-gpg --verify x done diff --git a/checks/conventional.test b/checks/conventional.test index 9176c0c44..dbf831000 100755 --- a/checks/conventional.test +++ b/checks/conventional.test @@ -4,14 +4,14 @@ #info Checking conventional encryption for i in plain-2 data-32000 ; do - echo "Hier spricht HAL" | ./run-gpg --passphrase-fd 0 -c -o x --yes $i - echo "Hier spricht HAL" | ./run-gpg --passphrase-fd 0 -o y --yes x + echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 -c -o x --yes $i + echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 -o y --yes x cmp $i y || error "$i: mismatch" done for i in plain-1 data-80000 ; do - echo "Hier spricht HAL" | ./run-gpg --passphrase-fd 0 \ + echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 \ --cipher-algo cast5 -c -o x --yes $i - echo "Hier spricht HAL" | ./run-gpg --passphrase-fd 0 -o y --yes x + echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/checks/decrypt-dsa.test b/checks/decrypt-dsa.test index 08fe2de7e..ba73ddf5f 100755 --- a/checks/decrypt-dsa.test +++ b/checks/decrypt-dsa.test @@ -4,7 +4,7 @@ #info Checking decryption of supplied DSA encrypted file for i in "plain-1" ; do - ./run-gpg $dsa_keyrings -o y --yes $i-pgp.asc + $srcdir/run-gpg $dsa_keyrings -o y --yes $srcdir/$i-pgp.asc cmp $i y || error "$i: mismatch" done diff --git a/checks/decrypt.test b/checks/decrypt.test index 843c9be9d..1d7449401 100755 --- a/checks/decrypt.test +++ b/checks/decrypt.test @@ -4,7 +4,8 @@ #info Checking decryption of supplied files for i in $plain_files ; do - echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -o y --yes $i.asc + echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 \ + -o y --yes $srcdir/$i.asc cmp $i y || error "$i: mismatch" done diff --git a/checks/detach.test b/checks/detach.test index 37700e517..cdad558c1 100755 --- a/checks/detach.test +++ b/checks/detach.test @@ -4,7 +4,7 @@ #info Checking detached signatures for i in $plain_files $data_files ; do - echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sb -o x --yes $i - ./run-gpg -o /dev/null --yes x <$i || error "$i: bad signature" + echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sb -o x --yes $i + $srcdir/run-gpg -o /dev/null --yes x <$i || error "$i: bad signature" done diff --git a/checks/detachm.test b/checks/detachm.test index 5af856f75..b5fb05af5 100755 --- a/checks/detachm.test +++ b/checks/detachm.test @@ -4,6 +4,6 @@ #info Checking detached signatures of multiple files i="$plain_files $data_files" -echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sb -o x --yes $i -cat $i | ./run-gpg -o /dev/null --yes x || error "$i: bad signature" +echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sb -o x --yes $i +cat $i | $srcdir/run-gpg -o /dev/null --yes x || error "$i: bad signature" diff --git a/checks/encrypt-dsa.test b/checks/encrypt-dsa.test index b809700b1..ba0564fd8 100755 --- a/checks/encrypt-dsa.test +++ b/checks/encrypt-dsa.test @@ -4,16 +4,16 @@ #info Checking encryption for i in $plain_files $data_files ; do - ./run-gpg $dsa_keyrings -e -o x --yes -r "$dsa_usrname2" $i - ./run-gpg $dsa_keyrings -o y --yes x + $srcdir/run-gpg $dsa_keyrings -e -o x --yes -r "$dsa_usrname2" $i + $srcdir/run-gpg $dsa_keyrings -o y --yes x cmp $i y || error "$i: mismatch" done # and with cast for i in $plain_files $data_files ; do - ./run-gpg $dsa_keyrings --cipher-algo cast5 -e \ + $srcdir/run-gpg $dsa_keyrings --cipher-algo cast5 -e \ -o x --yes -r "$dsa_usrname2" $i - ./run-gpg $dsa_keyrings -o y --yes x + $srcdir/run-gpg $dsa_keyrings -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/checks/encrypt.test b/checks/encrypt.test index 07e9a3a24..468136cca 100755 --- a/checks/encrypt.test +++ b/checks/encrypt.test @@ -4,13 +4,13 @@ #info Checking encryption for i in $plain_files $data_files ; do - ./run-gpg -e -o x --yes -r "$usrname2" $i - ./run-gpg -o y --yes x + $srcdir/run-gpg -e -o x --yes -r "$usrname2" $i + $srcdir/run-gpg -o y --yes x cmp $i y || error "$i: mismatch" done for i in $plain_files $data_files ; do - ./run-gpg -e -o x --yes -r "$usrname2" --cipher-algo cast5 $i - ./run-gpg -o y --yes x + $srcdir/run-gpg -e -o x --yes -r "$usrname2" --cipher-algo cast5 $i + $srcdir/run-gpg -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/checks/encryptp.test b/checks/encryptp.test index b0af2c626..c63fb822f 100755 --- a/checks/encryptp.test +++ b/checks/encryptp.test @@ -4,7 +4,7 @@ #info Checking encryption with a pipe for i in $plain_files $data_files ; do - ./run-gpg -e --yes -r "$usrname2" <$i | tee yy | ./run-gpg --yes > y + $srcdir/run-gpg -e --yes -r "$usrname2" <$i | tee yy | $srcdir/run-gpg --yes > y cmp $i y || error "$i: mismatch" done diff --git a/checks/mds.test b/checks/mds.test index ff07e1a5f..38ca5fbc6 100755 --- a/checks/mds.test +++ b/checks/mds.test @@ -11,7 +11,7 @@ test_one () { failed="" #info Checking message digests -echo -n "" | ./run-gpgm --print-mds >y +echo -n "" | $srcdir/run-gpgm --print-mds >y test_one "MD5" "D41D8CD98F00B204E9800998ECF8427E" test_one "SHA1" "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709" test_one "RMD160" "9C1185A5C5E9FC54612808977EE8F548B2258D31" @@ -19,7 +19,7 @@ test_one "TIGER" "24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A" [ "$failed" != "" ] && error "$failed failed for empty string" -echo -n "abcdefghijklmnopqrstuvwxyz" | ./run-gpgm --print-mds >y +echo -n "abcdefghijklmnopqrstuvwxyz" | $srcdir/run-gpgm --print-mds >y test_one "MD5" "C3FCD3D76192E4007DFB496CCA67E13B" test_one "SHA1" "32D10C7B8CF96570CA04CE37F2A19D84240D3A89" test_one "RMD160" "F71C27109C692C1B56BBDCEB5B9D2865B3708DBC" diff --git a/checks/seat.test b/checks/seat.test index 25fa54a53..f89234e60 100755 --- a/checks/seat.test +++ b/checks/seat.test @@ -3,8 +3,8 @@ . $srcdir/defs.inc || exit 3 for i in $plain_files ; do - echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -seat -r two -o x --yes $i - ./run-gpg -o y --yes x + echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -seat -r two -o x --yes $i + $srcdir/run-gpg -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/checks/signencrypt-dsa.test b/checks/signencrypt-dsa.test index eae61ffeb..8b588aa08 100755 --- a/checks/signencrypt-dsa.test +++ b/checks/signencrypt-dsa.test @@ -4,17 +4,17 @@ #info Checking signing and encryption for DSA for i in $plain_files $data_files ; do - ./run-gpg $dsa_keyrings -se -o x --yes \ + $srcdir/run-gpg $dsa_keyrings -se -o x --yes \ -u "$dsa_usrname1" -r "$dsa_usrname2" $i - ./run-gpg $dsa_keyrings -o y --yes x + $srcdir/run-gpg $dsa_keyrings -o y --yes x cmp $i y || error "$i: mismatch" done for da in ripemd160 sha1 md5; do for i in $plain_files; do - ./run-gpg $dsa_keyrings -se -o x --yes --digest-algo $da \ + $srcdir/run-gpg $dsa_keyrings -se -o x --yes --digest-algo $da \ -u "$dsa_usrname1" -r "$dsa_usrname2" $i - ./run-gpg $dsa_keyrings -o y --yes x + $srcdir/run-gpg $dsa_keyrings -o y --yes x cmp $i y || error "$i: mismatch" # process only the first one break diff --git a/checks/signencrypt.test b/checks/signencrypt.test index 5e79b4c88..fa9363f7f 100755 --- a/checks/signencrypt.test +++ b/checks/signencrypt.test @@ -6,8 +6,8 @@ #info Checking signing and encryption for i in $plain_files $data_files ; do echo "$usrpass1" \ - | ./run-gpg --passphrase-fd 0 -se -o x --yes -r "$usrname2" $i - ./run-gpg -o y --yes x + | $srcdir/run-gpg --passphrase-fd 0 -se -o x --yes -r "$usrname2" $i + $srcdir/run-gpg -o y --yes x cmp $i y || error "$i: mismatch" done diff --git a/checks/sigs-dsa.test b/checks/sigs-dsa.test index 8d4bfd556..8f29602dd 100755 --- a/checks/sigs-dsa.test +++ b/checks/sigs-dsa.test @@ -4,16 +4,16 @@ #info Checking DSA signatures (default digest algo) for i in $plain_files $data_files; do - ./run-gpg $dsa_keyrings -s -o x --yes -u $dsa_usrname1 $i - ./run-gpg $dsa_keyrings -o y --yes x + $srcdir/run-gpg $dsa_keyrings -s -o x --yes -u $dsa_usrname1 $i + $srcdir/run-gpg $dsa_keyrings -o y --yes x cmp $i y || error "$i: mismatch" done for da in ripemd160 sha1 md5; do for i in $plain_files; do - ./run-gpg $dsa_keyrings --digest-algo $da \ + $srcdir/run-gpg $dsa_keyrings --digest-algo $da \ -s -o x --yes -u $dsa_usrname1 $i - ./run-gpg $dsa_keyrings -o y --yes x + $srcdir/run-gpg $dsa_keyrings -o y --yes x cmp $i y || error "$i: mismatch" # process only the first one break diff --git a/checks/sigs.test b/checks/sigs.test index 298c9b358..2446dde96 100755 --- a/checks/sigs.test +++ b/checks/sigs.test @@ -4,16 +4,16 @@ #info Checking signatures for i in $plain_files $data_files; do - echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -s -o x --yes $i - ./run-gpg -o y --yes x + echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -s -o x --yes $i + $srcdir/run-gpg -o y --yes x cmp $i y || error "$i: mismatch" done for da in ripemd160 sha1 md5 tiger; do for i in $plain_files; do - echo "$usrpass1" | ./run-gpg --passphrase-fd 0 --digest-algo $da \ + echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 --digest-algo $da \ -s -o x --yes $i - ./run-gpg -o y --yes x + $srcdir/run-gpg -o y --yes x cmp $i y || error "$i: mismatch" # process only the first one break diff --git a/checks/version.test b/checks/version.test index 55dfe80df..13ca07364 100755 --- a/checks/version.test +++ b/checks/version.test @@ -3,7 +3,7 @@ . $srcdir/defs.inc || exit 3 # print the GPG version -./run-gpg --version +$srcdir/run-gpg --version #fixme: check that the output is correct diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 7b16f1215..da0c03ef7 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,11 @@ +Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none)) + + * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys. + +Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none)) + + * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined. + Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none)) * Makefile.am: Fixes to allow a different build directory diff --git a/cipher/Makefile.am b/cipher/Makefile.am index a9d5a5cad..a96694ce1 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -46,7 +46,7 @@ EXTRA_twofish_SOURCES = twofish.c tiger: $(srcdir)/tiger.c - $(COMPILE) -shared -fPIC -o tiger $(srcdir)/tiger.c + $(COMPILE) -shared -fPIC -O1 -o tiger $(srcdir)/tiger.c twofish: $(srcdir)/twofish.c $(COMPILE) -shared -fPIC -o twofish $(srcdir)/twofish.c diff --git a/cipher/blowfish.c b/cipher/blowfish.c index 3ed2ed858..f5c29c6aa 100644 --- a/cipher/blowfish.c +++ b/cipher/blowfish.c @@ -41,7 +41,7 @@ #define CIPHER_ALGO_BLOWFISH 4 /* blowfish 128 bit key */ #define CIPHER_ALGO_BLOWFISH160 42 /* blowfish 160 bit key (not in OpenPGP)*/ -#define FNCCAST_SETKEY(f) (void(*)(void*, byte*, unsigned))(f) +#define FNCCAST_SETKEY(f) (int(*)(void*, byte*, unsigned))(f) #define FNCCAST_CRYPT(f) (void(*)(void*, byte*, byte*))(f) #define BLOWFISH_BLOCKSIZE 8 @@ -55,7 +55,7 @@ typedef struct { u32 p[BLOWFISH_ROUNDS+2]; } BLOWFISH_context; -static void bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ); +static int bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ); static void encrypt_block( BLOWFISH_context *bc, byte *outbuf, byte *inbuf ); static void decrypt_block( BLOWFISH_context *bc, byte *outbuf, byte *inbuf ); @@ -480,7 +480,7 @@ selftest() -static void +static int bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ) { int i, j; @@ -543,6 +543,19 @@ bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ) c->s3[i] = datal; c->s3[i+1] = datar; } + + + /* Check for weak key. A weak key is a key in which a value in */ + /* the P-array (here c) occurs more than once per table. */ + for(i=0; i < 255; i++ ) { + for( j=i+1; j < 256; j++) { + if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) || + (c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) ) + return G10ERR_WEAK_KEY; + } + } + + return 0; } @@ -555,7 +568,7 @@ bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen ) const char * blowfish_get_info( int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**r_setkey)( void *c, byte *key, unsigned keylen ), + int (**r_setkey)( void *c, byte *key, unsigned keylen ), void (**r_encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**r_decrypt)( void *c, byte *outbuf, byte *inbuf ) ) diff --git a/cipher/blowfish.h b/cipher/blowfish.h index e328415f5..d3848aae8 100644 --- a/cipher/blowfish.h +++ b/cipher/blowfish.h @@ -26,7 +26,7 @@ const char * blowfish_get_info( int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**setkey)( void *c, byte *key, unsigned keylen ), + int (**setkey)( void *c, byte *key, unsigned keylen ), void (**encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**decrypt)( void *c, byte *outbuf, byte *inbuf ) ); diff --git a/cipher/cast5.c b/cipher/cast5.c index 6b2e5a969..64866ba7f 100644 --- a/cipher/cast5.c +++ b/cipher/cast5.c @@ -47,7 +47,7 @@ #define CIPHER_ALGO_CAST5 3 -#define FNCCAST_SETKEY(f) (void(*)(void*, byte*, unsigned))(f) +#define FNCCAST_SETKEY(f) (int(*)(void*, byte*, unsigned))(f) #define FNCCAST_CRYPT(f) (void(*)(void*, byte*, byte*))(f) #define CAST5_BLOCKSIZE 8 @@ -57,7 +57,7 @@ typedef struct { byte Kr[16]; } CAST5_context; -static void cast_setkey( CAST5_context *c, byte *key, unsigned keylen ); +static int cast_setkey( CAST5_context *c, byte *key, unsigned keylen ); static void encrypt_block( CAST5_context *bc, byte *outbuf, byte *inbuf ); static void decrypt_block( CAST5_context *bc, byte *outbuf, byte *inbuf ); @@ -549,7 +549,7 @@ key_schedule( u32 *x, u32 *z, u32 *k ) } -static void +static int cast_setkey( CAST5_context *c, byte *key, unsigned keylen ) { static int initialized; @@ -582,6 +582,7 @@ cast_setkey( CAST5_context *c, byte *key, unsigned keylen ) #undef xi #undef zi + return 0; } @@ -594,7 +595,7 @@ cast_setkey( CAST5_context *c, byte *key, unsigned keylen ) const char * cast5_get_info( int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**r_setkey)( void *c, byte *key, unsigned keylen ), + int (**r_setkey)( void *c, byte *key, unsigned keylen ), void (**r_encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**r_decrypt)( void *c, byte *outbuf, byte *inbuf ) ) diff --git a/cipher/cast5.h b/cipher/cast5.h index 070255c6d..ea6fa9e43 100644 --- a/cipher/cast5.h +++ b/cipher/cast5.h @@ -25,7 +25,7 @@ const char * cast5_get_info( int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**setkey)( void *c, byte *key, unsigned keylen ), + int (**setkey)( void *c, byte *key, unsigned keylen ), void (**encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**decrypt)( void *c, byte *outbuf, byte *inbuf ) ); diff --git a/cipher/cipher.c b/cipher/cipher.c index 049207bf1..2326d1dd2 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -43,7 +43,7 @@ struct cipher_table_s { size_t blocksize; size_t keylen; size_t contextsize; /* allocate this amount of context */ - void (*setkey)( void *c, byte *key, unsigned keylen ); + int (*setkey)( void *c, byte *key, unsigned keylen ); void (*encrypt)( void *c, byte *outbuf, byte *inbuf ); void (*decrypt)( void *c, byte *outbuf, byte *inbuf ); }; @@ -58,15 +58,15 @@ struct cipher_handle_s { byte iv[MAX_BLOCKSIZE]; /* (this should be ulong aligned) */ byte lastiv[MAX_BLOCKSIZE]; int unused; /* in IV */ - void (*setkey)( void *c, byte *key, unsigned keylen ); + int (*setkey)( void *c, byte *key, unsigned keylen ); void (*encrypt)( void *c, byte *outbuf, byte *inbuf ); void (*decrypt)( void *c, byte *outbuf, byte *inbuf ); byte context[1]; }; -static void -dummy_setkey( void *c, byte *key, unsigned keylen ) { } +static int +dummy_setkey( void *c, byte *key, unsigned keylen ) { return 0; } static void dummy_encrypt_block( void *c, byte *outbuf, byte *inbuf ) { BUG(); } static void @@ -346,10 +346,10 @@ cipher_close( CIPHER_HANDLE c ) } -void +int cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen ) { - (*c->setkey)( &c->context, key, keylen ); + return (*c->setkey)( &c->context, key, keylen ); } diff --git a/cipher/dynload.c b/cipher/dynload.c index a8c01f259..0cbbda2c1 100644 --- a/cipher/dynload.c +++ b/cipher/dynload.c @@ -30,6 +30,11 @@ #include "cipher.h" #include "dynload.h" + +#ifndef RTLD_NOW + #define RTLD_NOW 1 +#endif + typedef struct ext_list { struct ext_list *next; void *handle; /* handle from dlopen() */ @@ -234,7 +239,7 @@ enum_gnupgext_digests( void **enum_context, const char * enum_gnupgext_ciphers( void **enum_context, int *algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**setkey)( void *c, byte *key, unsigned keylen ), + int (**setkey)( void *c, byte *key, unsigned keylen ), void (**encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**decrypt)( void *c, byte *outbuf, byte *inbuf ) ) @@ -242,7 +247,7 @@ enum_gnupgext_ciphers( void **enum_context, int *algo, EXTLIST r; ENUMCONTEXT *ctx; const char * (*finfo)(int, size_t*, size_t*, size_t*, - void (**)( void *, byte *, unsigned), + int (**)( void *, byte *, unsigned), void (**)( void *, byte *, byte *), void (**)( void *, byte *, byte *)); diff --git a/cipher/dynload.h b/cipher/dynload.h index fd87bbeef..ad22a824f 100644 --- a/cipher/dynload.h +++ b/cipher/dynload.h @@ -31,7 +31,7 @@ enum_gnupgext_digests( void **enum_context, const char * enum_gnupgext_ciphers( void **enum_context, int *algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**setkey)( void *c, byte *key, unsigned keylen ), + int (**setkey)( void *c, byte *key, unsigned keylen ), void (**encrypt)( void *c, byte *outbuf, byte *inbuf ), void (**decrypt)( void *c, byte *outbuf, byte *inbuf ) ); diff --git a/cipher/twofish.c b/cipher/twofish.c index b244e9526..d93c145ea 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -29,7 +29,7 @@ static void selftest(void); /* Macros used by the info function. */ -#define FNCCAST_SETKEY(f) ((void(*)(void*, byte*, unsigned))(f)) +#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned))(f)) #define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f)) /* Structure for an expanded Twofish key. s contains the key-dependent @@ -443,7 +443,7 @@ static const byte exp_to_poly[492] = { /* Perform the key setup. Note that this works *only* with 128-bit keys, * despite the API that makes it look like it might support other sizes. */ -static void +static int twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen) { /* Temporaries for CALC_K. */ @@ -577,6 +577,8 @@ twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen) CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B); CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00); CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D); + + return 0; } /* Macros to compute the g() function in the encryption and decryption @@ -825,7 +827,7 @@ main() static const char * twofish_get_info (int algo, size_t *keylen, size_t *blocksize, size_t *contextsize, - void (**r_setkey) (void *c, byte *key, unsigned keylen), + int (**r_setkey) (void *c, byte *key, unsigned keylen), void (**r_encrypt) (void *c, byte *outbuf, byte *inbuf), void (**r_decrypt) (void *c, byte *outbuf, byte *inbuf) ) diff --git a/configure.in b/configure.in index fc6d3db49..0ee39a5df 100644 --- a/configure.in +++ b/configure.in @@ -79,7 +79,11 @@ AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir) AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) dnl AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) +AC_PROG_CC +AC_PROG_CPP AC_ISC_POSIX +AC_PROG_RANLIB +AC_PROG_INSTALL case "${target}" in i386--mingw32) @@ -93,10 +97,6 @@ case "${target}" in GNUPG_LIBDIR="c:/lib/gnupg" ;; *) -AC_PROG_RANLIB -AC_PROG_INSTALL -AC_PROG_CC -AC_PROG_CPP AC_DEFINE(USE_RAND_UNIX) GNUPG_LIBDIR="$g10_prefix/lib/gnupg" ;; @@ -182,6 +182,7 @@ dnl Checks for library functions. AC_FUNC_VPRINTF AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mlock mmap) AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit) +AC_CHECK_FUNCS(atexit raise getpagesize) WK_CHECK_IPC if test "$ac_cv_header_sys_shm_h" = "yes"; then diff --git a/g10/ChangeLog b/g10/ChangeLog index f2406eac6..a6c769728 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,22 @@ +Mon Sep 14 11:40:52 1998 Werner Koch (wk@(none)) + + * seskey.c (make_session_key): Now detects weak keys. + + * trustdb (clear_trust_checked_flag): New. + + * plaintext.c (handle_plaintext): Does no anymore suppress CR from + cleartext signed messages. + +Sun Sep 13 12:54:29 1998 Werner Koch (wk@(none)) + + * trustdb.c (insert_trust_record): Fixed a stupid bug in the free + liunked list loops. + +Sat Sep 12 15:49:16 1998 Werner Koch (wk@(none)) + + * status.c (remove_shmid): New. + (init_shm_comprocess): Now sets permission to the real uid. + Wed Sep 9 11:15:03 1998 Werner Koch (wk@(none)) * packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to diff --git a/g10/encr-data.c b/g10/encr-data.c index b5eb0e0ee..03551be7b 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -29,6 +29,7 @@ #include "mpi.h" #include "cipher.h" #include "options.h" +#include "i18n.h" static int decode_filter( void *opaque, int control, IOBUF a, @@ -68,7 +69,10 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) log_bug("Nanu\n"); /* oops: found a bug */ dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); - cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); + if( cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ) ) + log_info(_("Warning: Message was encrypted with " + "a weak key in the symmetric cipher.\n")); + cipher_setiv( dfx.cipher_hd, NULL ); if( ed->len ) { diff --git a/g10/import.c b/g10/import.c index 73e04cb3d..7ef916d27 100644 --- a/g10/import.c +++ b/g10/import.c @@ -394,6 +394,8 @@ import_one( const char *fname, KBNODE keyblock ) log_error("key %08lX: trustdb insert failed: %s\n", (ulong)keyid[1], g10_errstr(rc) ); } + else + rc = clear_trust_checked_flag( new_key? pk : pk_orig ); } leave: diff --git a/g10/keyedit.c b/g10/keyedit.c index c0a082bba..2b3a02023 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -213,6 +213,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified ) KBNODE node, uidnode; PKT_public_key *primary_pk; int select_all = !count_selected_uids(keyblock); + int upd_trust = 0; /* build a list of all signators */ rc=build_sk_list( locusr, &sk_list, 0, 1 ); @@ -292,6 +293,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified ) goto leave; } *ret_modified = 1; /* we changed the keyblock */ + upd_trust = 1; pkt = m_alloc_clear( sizeof *pkt ); pkt->pkttype = PKT_SIGNATURE; @@ -301,6 +303,10 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified ) } } } /* end loop over signators */ + if( upd_trust && primary_pk ) { + rc = clear_trust_checked_flag( primary_pk ); + } + leave: release_sk_list( sk_list ); diff --git a/g10/plaintext.c b/g10/plaintext.c index 914be8f20..6d1c8796f 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -137,7 +137,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, else md_putc(mfx->md, c ); } - if( convert && c == '\r' ) + if( convert && !clearsig && c == '\r' ) continue; /* fixme: this hack might be too simple */ if( fp ) { if( putc( c, fp ) == EOF ) { @@ -157,7 +157,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, else md_putc(mfx->md, c ); } - if( convert && c == '\r' ) + if( convert && !clearsig && c == '\r' ) continue; /* fixme: this hack might be too simple */ if( fp ) { if( putc( c, fp ) == EOF ) { diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 819f79c9c..9253b8ce1 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -73,7 +73,6 @@ do_check( PKT_secret_key *sk ) int ndata; byte *p, *data; - i = pubkey_get_npkey(sk->pubkey_algo); assert( mpi_is_opaque( sk->skey[i] ) ); p = mpi_get_opaque( sk->skey[i], &ndata ); @@ -212,7 +211,9 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) else { cipher_hd = cipher_open( sk->protect.algo, CIPHER_MODE_AUTO_CFB, 1 ); - cipher_setkey( cipher_hd, dek->key, dek->keylen ); + if( cipher_setkey( cipher_hd, dek->key, dek->keylen ) ) + log_info(_("Warning: Weak key detected" + " - please change passphrase again.\n")); cipher_setiv( cipher_hd, NULL ); cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); if( sk->version >= 4 ) { diff --git a/g10/seskey.c b/g10/seskey.c index d4d2ab1fb..c268d1559 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -27,6 +27,7 @@ #include "cipher.h" #include "mpi.h" #include "main.h" +#include "i18n.h" /**************** @@ -35,8 +36,25 @@ void make_session_key( DEK *dek ) { + CIPHER_HANDLE chd; + int i, rc; + dek->keylen = cipher_get_keylen( dek->algo ) / 8; - randomize_buffer( dek->key, dek->keylen, 1 ); + + chd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); + for(i=0; i < 16; i++ ) { + rc = cipher_setkey( chd, dek->key, dek->keylen ); + if( !rc ) { + cipher_close( chd ); + return; + } + log_info(_("weak key created - retrying\n") ); + /* Renew the session key until we get a non-weak key. */ + randomize_buffer( dek->key, dek->keylen, 1 ); + } + log_fatal(_( + "cannot avoid weak key for symmetric cipher; tried %d times!\n"), + i); } diff --git a/g10/status.c b/g10/status.c index 3c22c0d1c..7cb2f5c5d 100644 --- a/g10/status.c +++ b/g10/status.c @@ -105,11 +105,27 @@ write_status_text ( int no, const char *text) #ifdef USE_SHM_COPROCESSING + +#ifndef IPC_RMID_DEFERRED_RELEASE +static void +remove_shmid( void ) +{ + if( shm_id != -1 ) { + shmctl ( shm_id, IPC_RMID, 0); + shm_id = -1; + } +} +#endif + void init_shm_coprocessing ( ulong requested_shm_size, int lock_mem ) { char buf[100]; + struct shmid_ds shmds; + #ifndef IPC_RMID_DEFERRED_RELEASE + atexit( remove_shmid ); + #endif requested_shm_size = (requested_shm_size + 4095) & ~4095; if ( requested_shm_size > 2 * 4096 ) log_fatal("too much shared memory requested; only 8k are allowed\n"); @@ -133,14 +149,24 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem ) shm_is_locked = 1; } + + #ifdef IPC_RMID_DEFERRED_RELEASE - if ( shmctl ( shm_id, IPC_RMID, 0) ) + if( shmctl( shm_id, IPC_RMID, 0) ) log_fatal("shmctl IPC_RMDID of %d failed: %s\n", shm_id, strerror(errno)); - #else - #error Must add a cleanup function #endif + if( shmctl( shm_id, IPC_STAT, &shmds ) ) + log_fatal("shmctl IPC_STAT of %d failed: %s\n", + shm_id, strerror(errno)); + if( shmds.shm_perm.uid != getuid() ) { + shmds.shm_perm.uid = getuid(); + if( shmctl( shm_id, IPC_SET, &shmds ) ) + log_fatal("shmctl IPC_SET of %d failed: %s\n", + shm_id, strerror(errno)); + } + /* write info; Protocol version, id, size, locked size */ sprintf( buf, "pv=1 pid=%d shmid=%d sz=%u lz=%u", (int)getpid(), shm_id, (unsigned)shm_size, shm_is_locked? (unsigned)shm_size:0 ); diff --git a/g10/trustdb.c b/g10/trustdb.c index efe7bcaf0..893c04304 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1704,9 +1704,28 @@ enum_trust_web( void **context, ulong *lid ) if( !c ) { /* make a new context */ c = m_alloc_clear( sizeof *c ); *context = c; - if( *lid != last_trust_web_key && last_trust_web_key ) - log_bug("enum_trust_web: nyi\n"); /* <--- FIXME */ - c->tsl = last_trust_web_tslist; + if( *lid == last_trust_web_key && last_trust_web_tslist ) + c->tsl = last_trust_web_tslist; + else { + TRUST_SEG_LIST tsl, tsl2, tslist; + int rc; + + rc = make_tsl( *lid, &tslist ); + if( rc ) { + log_error("failed to build the TSL\n"); + return rc; + } + /* cache the tslist, so that we do not need to free it */ + if( last_trust_web_key ) { + for( tsl = last_trust_web_tslist; tsl; tsl = tsl2 ) { + tsl2 = tsl->next; + m_free(tsl); + } + } + last_trust_web_key = *lid; + last_trust_web_tslist = tslist; + c->tsl = last_trust_web_tslist; + } c->index = 1; } @@ -1880,6 +1899,38 @@ query_trust_record( PKT_public_key *pk ) } +int +clear_trust_checked_flag( PKT_public_key *pk ) +{ + TRUSTREC rec; + int rc; + + if( !pk->local_id ) { + query_trust_record( pk ); + if( !pk->local_id ) + log_bug("clear_trust_checked_flag: Still no LID\n"); + } + + if( (rc=tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ))) { + log_error("clear_trust_checked_flag: read record failed: %s\n", + g10_errstr(rc)); + return rc; + } + + if( !(rec.r.dir.dirflags & DIRF_CHECKED) ) + return 0; + + /* reset the flag */ + rec.r.dir.dirflags &= ~DIRF_CHECKED; + rc = tdbio_write_record( &rec ); + if( rc ) { + log_error("clear_trust_checked_flag: write dir record failed: %s\n", + g10_errstr(rc)); + return rc; + } + return 0; +} + /**************** * helper function for insert_trust_record() @@ -2138,11 +2189,11 @@ insert_trust_record( PKT_public_key *orig_pk ) leave: - for(rec=uidlist_head; rec; rec = rec->next ) { + for(rec=uidlist_head; rec; rec = rec2 ) { rec2 = rec->next; rel_mem_uidnode(NULL, 0, rec ); } - for(rec=keylist_head; rec; rec = rec->next ) { + for(rec=keylist_head; rec; rec = rec2 ) { rec2 = rec->next; m_free(rec); } diff --git a/g10/trustdb.h b/g10/trustdb.h index fc470073f..4345a73a7 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -56,6 +56,7 @@ byte *get_pref_data( ulong lid, const byte *namehash, size_t *ret_n ); int is_algo_in_prefs( ulong lid, int preftype, int algo ); int keyid_from_lid( ulong lid, u32 *keyid ); int query_trust_record( PKT_public_key *pk ); +int clear_trust_checked_flag( PKT_public_key *pk ); int insert_trust_record( PKT_public_key *pk ); int update_ownertrust( ulong lid, unsigned new_trust ); diff --git a/include/ChangeLog b/include/ChangeLog index b59c6393c..627449c34 100644 --- a/include/ChangeLog +++ b/include/ChangeLog @@ -1,3 +1,8 @@ +Mon Sep 14 09:17:22 1998 Werner Koch (wk@(none)) + + * util.h (HAVE_ATEXIT): New. + (HAVE_RAISE): New. + Mon Jul 6 10:41:55 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.h (PUBKEY_USAGE_): New. diff --git a/include/cipher.h b/include/cipher.h index 8ddd3655a..d26812647 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -134,7 +134,7 @@ unsigned cipher_get_keylen( int algo ); unsigned cipher_get_blocksize( int algo ); CIPHER_HANDLE cipher_open( int algo, int mode, int secure ); void cipher_close( CIPHER_HANDLE c ); -void cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen ); +int cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen ); void cipher_setiv( CIPHER_HANDLE c, const byte *iv ); void cipher_encrypt( CIPHER_HANDLE c, byte *out, byte *in, unsigned nbytes ); void cipher_decrypt( CIPHER_HANDLE c, byte *out, byte *in, unsigned nbytes ); diff --git a/include/errors.h b/include/errors.h index b1182ba1f..40fffcb50 100644 --- a/include/errors.h +++ b/include/errors.h @@ -62,6 +62,7 @@ #define G10ERR_TIME_CONFLICT 40 #define G10ERR_WR_PUBKEY_ALGO 41 /* unusabe pubkey algo */ #define G10ERR_FILE_EXISTS 42 +#define G10ERR_WEAK_KEY 43 #ifndef HAVE_STRERROR diff --git a/include/util.h b/include/util.h index f480f48f3..cd4d488ca 100644 --- a/include/util.h +++ b/include/util.h @@ -166,6 +166,15 @@ char *strlwr(char *a); #endif +/**** other missing stuff ****/ +#ifndef HAVE_ATEXIT /* For SunOS */ + #define atexit(a) (on_exit((a),0)) +#endif + +#ifndef HAVE_RAISE + #define raise(a) kill(getpid(), (a)) +#endif + /******** some macros ************/ #ifndef STR #define STR(v) #v diff --git a/util/ChangeLog b/util/ChangeLog index 8644bb7d6..edcbb5ca3 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,7 @@ +Mon Sep 14 09:38:18 1998 Werner Koch (wk@(none)) + + * secmem.c (init_pool): Now mmaps /dev/zero if we do not have MAP_ANON. + Wed Sep 9 13:52:28 1998 Werner Koch (wk@(none)) * ttyio.c (do_get): Ctrl-D is now a valid but special character diff --git a/util/errors.c b/util/errors.c index 54671a297..dc3f7e811 100644 --- a/util/errors.c +++ b/util/errors.c @@ -92,6 +92,7 @@ g10_errstr( int err ) X(TIME_CONFLICT ,"Timestamp conflict") X(WR_PUBKEY_ALGO ,"Unusable pubkey algorithm") X(FILE_EXISTS ,"File exists") + X(WEAK_KEY ,"Weak key") default: p = buf; sprintf(buf, "g10err=%d", err); break; } #undef X diff --git a/util/secmem.c b/util/secmem.c index d78fabecf..44df08b16 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -28,6 +28,7 @@ #include #include #include + #include #endif #include "types.h" @@ -103,15 +104,38 @@ lock_pool( void *p, size_t n ) static void init_pool( size_t n) { + size_t pgsize; + poolsize = n; if( disable_secmem ) log_bug("secure memory is disabled"); - #if HAVE_MMAP && defined(MAP_ANON) - poolsize = (poolsize + 4095) & ~4095; - pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE, - MAP_PRIVATE|MAP_ANON, -1, 0); + #ifdef HAVE_GETPAGESIZE + pgsize = getpagesize(); + #else + pgsize = 4096; + #endif + + #if HAVE_MMAP + poolsize = (poolsize + pgsize -1 ) & ~(pgsize-1); + #ifdef MAP_ANONYMOUS + pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + #else /* map /dev/zero instead */ + { int fd; + + fd = open("/dev/zero", O_RDWR); + if( fd == -1 ) { + log_error("can't open /dev/zero: %s\n", strerror(errno) ); + pool = (void*)-1; + } + else { + pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE, + MAP_PRIVATE, fd, 0); + } + } + #endif if( pool == (void*)-1 ) log_error("can't mmap pool of %u bytes: %s - using malloc\n", (unsigned)poolsize, strerror(errno)); diff --git a/zlib/Makefile b/zlib/Makefile index b98090a3b..26c6aa6d2 100644 --- a/zlib/Makefile +++ b/zlib/Makefile @@ -66,13 +66,13 @@ host_alias = i586-pc-linux-gnu host_triplet = i586-pc-linux-gnu target_alias = i586-pc-linux-gnu target_triplet = i586-pc-linux-gnu -CATALOGS = en.gmo de.gmo it.gmo fr.gmo -CATOBJEXT = .gmo +CATALOGS = en.mo de.mo it.mo fr.mo +CATOBJEXT = .mo CC = gcc CPP = gcc -E -DATADIRNAME = share +DATADIRNAME = lib DYNLINK_LDFLAGS = -rdynamic -G10_LOCALEDIR = /usr/local/share/locale +G10_LOCALEDIR = /usr/local/lib/locale GENCAT = GMOFILES = en.gmo de.gmo it.gmo fr.gmo GMSGFMT = /usr/local/bin/msgfmt @@ -80,9 +80,9 @@ GT_NO = GT_YES = #YES# INCLUDE_LOCALE_H = #include INSTOBJEXT = .mo -INTLDEPS = $(top_builddir)/intl/libintl.a -INTLLIBS = $(top_builddir)/intl/libintl.a -INTLOBJS = $(GETTOBJS) +INTLDEPS = +INTLLIBS = +INTLOBJS = MKINSTALLDIRS = scripts/mkinstalldirs MPI_EXTRA_ASM_OBJS = MSGFMT = /usr/local/bin/msgfmt @@ -90,9 +90,9 @@ PACKAGE = gnupg POFILES = en.po de.po it.po fr.po POSUB = po RANLIB = ranlib -USE_INCLUDED_LIBINTL = yes +USE_INCLUDED_LIBINTL = no USE_NLS = yes -VERSION = 0.3.4a +VERSION = 0.3.5 ZLIBS = l = @@ -122,7 +122,7 @@ LIBRARIES = $(noinst_LIBRARIES) DEFS = -DHAVE_CONFIG_H -I. -I$(srcdir) -I.. CPPFLAGS = LDFLAGS = -LIBS = -ldl -lz +LIBS = -ldl -lz libzlib_a_LIBADD = libzlib_a_OBJECTS = adler32.o compress.o crc32.o gzio.o uncompr.o \ deflate.o trees.o zutil.o inflate.o infblock.o inftrees.o infcodes.o \