From ea887464b16894a010e0a5c044fd1fae15dad16d Mon Sep 17 00:00:00 2001 From: Repo Admin Date: Tue, 30 May 2000 15:31:45 +0000 Subject: [PATCH] This commit was manufactured by cvs2svn to create branch 'ePit-1-0'. --- AUTHORS | 96 +- BUGS | 60 +- ChangeLog | 128 +- INSTALL | 18 + Makefile.am | 32 +- NEWS | 79 + NOTES | 19 + README | 25 +- THANKS | 228 ++- TODO | 23 +- VERSION | 2 +- acconfig.h | 1 + acinclude.m4 | 64 +- checks/ChangeLog | 15 +- checks/Makefile.am | 16 +- checks/defs.inc | 3 - checks/mkdemodirs | 12 +- cipher/ChangeLog | 134 +- cipher/Makefile.am | 24 +- cipher/blowfish.c | 12 +- cipher/cast5.c | 13 +- cipher/des.c | 218 ++- cipher/dsa.c | 18 +- cipher/elgamal.c | 138 +- cipher/md.c | 2 +- cipher/md5.c | 8 +- cipher/primegen.c | 27 +- cipher/random.c | 199 +- cipher/random.h | 2 + cipher/rmd160.c | 8 +- cipher/rndegd.c | 9 +- cipher/rndlinux.c | 6 + cipher/rndunix.c | 15 +- cipher/rndw32.c | 958 +++++++++ cipher/sha1.c | 8 +- cipher/tiger.c | 8 +- cipher/twofish.c | 26 +- configure.in | 133 +- doc/ChangeLog | 69 + doc/DETAILS | 145 ++ doc/FAQ | 64 + doc/HACKING | 70 +- doc/Makefile.am | 8 +- doc/OpenPGP | 9 + doc/README.W32 | 96 + doc/gpg.sgml | 218 ++- doc/gph/Makefile.am | 4 +- doc/gph/signatures.jpg.asc | 232 +++ g10/ChangeLog | 468 ++++- g10/Makefile.am | 2 +- g10/OPTIONS | 2 +- g10/armor.c | 101 +- g10/build-packet.c | 55 +- g10/cipher.c | 7 +- g10/compress.c | 2 +- g10/dearmor.c | 2 +- g10/delkey.c | 9 +- g10/encode.c | 7 +- g10/encr-data.c | 4 +- g10/export.c | 33 +- g10/filter.h | 6 +- g10/free-packet.c | 4 +- g10/g10.c | 188 +- g10/getkey.c | 111 +- g10/helptext.c | 25 +- g10/hkp.c | 37 +- g10/hkp.h | 2 +- g10/import.c | 110 +- g10/kbnode.c | 4 +- g10/keydb.h | 4 +- g10/keyedit.c | 162 +- g10/keygen.c | 843 ++++++-- g10/keyid.c | 2 +- g10/keylist.c | 96 +- g10/ks-proto.h | 2 +- g10/main.h | 21 +- g10/mainproc.c | 84 +- g10/mdfilter.c | 2 +- g10/misc.c | 2 +- g10/openfile.c | 77 +- g10/options.h | 9 +- g10/options.skel | 5 + g10/packet.h | 8 +- g10/parse-packet.c | 83 +- g10/passphrase.c | 12 +- g10/pkclist.c | 158 +- g10/plaintext.c | 18 +- g10/pubkey-enc.c | 23 +- g10/pubring.asc | 675 ++++--- g10/revoke.c | 354 ++-- g10/ringedit.c | 63 +- g10/seckey-cert.c | 6 +- g10/seskey.c | 2 +- g10/sig-check.c | 81 +- g10/sign.c | 34 +- g10/signal.c | 15 +- g10/skclist.c | 2 +- g10/status.c | 85 +- g10/status.h | 16 +- g10/tdbdump.c | 7 +- g10/tdbio.c | 22 +- g10/tdbio.h | 5 +- g10/textfilter.c | 38 +- g10/trustdb.c | 287 ++- g10/trustdb.h | 3 +- g10/verify.c | 89 +- include/ChangeLog | 17 + include/cipher.h | 4 + include/errors.h | 1 + include/http.h | 5 + include/iobuf.h | 1 + include/ttyio.h | 1 + include/types.h | 7 +- include/util.h | 11 + mpi/ChangeLog | 61 +- mpi/Makefile.am | 34 +- mpi/config.links | 82 +- mpi/longlong.h | 14 + mpi/mpi-internal.h | 17 + mpi/mpi-mpow.c | 129 +- mpi/mpi-pow.c | 19 +- mpi/mpih-div.c | 2 +- mpi/mpih-mul.c | 116 +- mpi/power/distfiles | 7 + mpi/power/mpih-add1.S | 86 + mpi/power/mpih-lshift.S | 64 + mpi/power/mpih-mul1.S | 115 ++ mpi/power/mpih-mul2.S | 130 ++ mpi/power/mpih-mul3.S | 135 ++ mpi/power/mpih-rshift.S | 64 + mpi/power/mpih-sub1.S | 87 + po/ChangeLog | 77 +- po/POTFILES.in | 1 - po/de.glo | 122 +- po/de.po | 2082 +++++++++----------- po/eo.po | 3658 +++++++++++++++++++++++++++++++++++ po/es_ES.po | 1909 ++++++++++-------- po/fr.po | 1627 +++++++++------- po/id.po | 3647 +++++++++++++++++++++++++++++++++++ po/it.po | 1521 +++++++++------ po/ja.po | 3643 +++++++++++++++++++++++++++++++++++ po/nl.po | 3707 +++++++++++++++++++++++++++++++++++ po/pl.po | 1697 +++++++++------- po/pt_BR.po | 1637 +++++++++------- po/pt_PT.po | 1544 +++++++++------ po/ru.po | 1515 +++++++++------ po/sv.po | 3732 ++++++++++++++++++++++++++++++++++++ scripts/ChangeLog | 28 +- scripts/autogen.sh | 20 - scripts/commit | 30 +- scripts/config.guess | 186 +- scripts/config.sub | 49 +- scripts/distfiles | 2 - scripts/gnupg.spec.in | 84 +- scripts/gnupgbug | 185 ++ scripts/mk-w32-dist | 28 + tools/ChangeLog | 4 + tools/Makefile.am | 4 +- tools/ring-a-party | 103 + util/ChangeLog | 69 +- util/Makefile.am | 8 +- util/argparse.c | 2 +- util/dotlock.c | 41 +- util/errors.c | 1 + util/http.c | 40 +- util/iobuf.c | 38 +- util/logger.c | 6 + util/miscutil.c | 2 +- util/secmem.c | 20 +- util/simple-gettext.c | 29 +- util/strgutil.c | 12 + util/ttyio.c | 40 +- util/w32reg.c | 88 + 173 files changed, 34607 insertions(+), 8116 deletions(-) create mode 100644 cipher/rndw32.c create mode 100644 doc/ChangeLog create mode 100644 doc/README.W32 create mode 100644 doc/gph/signatures.jpg.asc create mode 100644 mpi/power/mpih-add1.S create mode 100644 mpi/power/mpih-lshift.S create mode 100644 mpi/power/mpih-mul1.S create mode 100644 mpi/power/mpih-mul2.S create mode 100644 mpi/power/mpih-mul3.S create mode 100644 mpi/power/mpih-rshift.S create mode 100644 mpi/power/mpih-sub1.S create mode 100644 po/eo.po create mode 100644 po/id.po create mode 100644 po/ja.po create mode 100644 po/nl.po create mode 100644 po/sv.po create mode 100644 scripts/gnupgbug create mode 100755 scripts/mk-w32-dist create mode 100755 tools/ring-a-party create mode 100644 util/w32reg.c diff --git a/AUTHORS b/AUTHORS index 8c5bfeb61..007d41f90 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,84 +1,59 @@ -Authors of GNU Privacy Guard (GnuPG) -==================================== +Program: GnuPG +Maintainer: Werner Koch -GNUPG Werner Koch 1998-02-23 -Assigns GNU Privacy Guard and future changes. -werner.koch@guug.de -Designed and implemented GnuPG. +Authors +======= +Daniel Resare xxxx [sv] -GNUPG Matthew Skala 1998-08-10 -Disclaims changes. -mskala@ansuz.sooke.bc.ca -Wrote cipher/twofish.c. +Gael Queri Translations [fr] + (fixed a lot of typos) -GNUPG Natural Resources Canada 1998-08-11 -Disclaims changes by Matthew Skala. +Gregory Steuck Translations [ru] +Edmund GRIMLEY EVANS Translations [eo] -GNUPG Michael Roth Germany 1998-09-17 -Assigns changes. -mroth@nessie.de -Wrote cipher/des.c. -Changes and bug fixes all over the place. +Ivo Timmermans Translations [nl] +Janusz Aleksander Urbanowicz Translations [po] -GNUPG Niklas Hernaeus 1998-09-18 -Disclaims changes. -nh@df.lth.se -Weak key patches. +Michael Roth Assignment + (wrote cipher/des.c., changes and bug fixes all over the place) +Marco d'Itri Translations [it] -GNUPG Rémi Guyomarch 1999-05-25 -Assigns past and future changes. (g10/compress.c, g10/encr-data.c, -g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c) -rguyom@mail.dotcom.fr +Matthew Skala Disclaimer + (wrote cipher/twofish.c) +Niklas Hernaeus Disclaimer + (weak key patches) -TRANSLATIONS Marco d'Itri 1997-02-22 -Disclaimer. [it] -md@linux.it +Pedro Morais Translations [pt_BR] +Rémi Guyomarch Assignment + (g10/compress.c, g10/encr-data.c, + g10/free-packet.c, g10/mdfilter.c, g10/plaintext.c, util/iobuf.c) -TRANSLATIONS Gael Queri 1998-09-08 -Disclaimer. [fr] -gqueri@mail.dotcom.fr -Fixed a lot of typos. +Tedi Heriyanto Translations [id] +Thiago Jung Bauermann Translations [pt_BR] -TRANSLATIONS Walter Koch 1998-09-08 -Disclaimer. [de] -koch@hsp.de +Urko Lusa Translations [es_ES] +Walter Koch Translations [de] -TRANSLATIONS Gregory Steuck 1998-10-20 -Disclaimer. [ru] -steuck@iname.com +Werner Koch Assignment + (started the whole thing) - -TRANSLATIONS Urko Lusa -Disclaimer. [es_ES] -ulusa@lacueva.ddns.org - - -TRANSLATIONS Thiago Jung Bauermann -Disclaimer. [pt_BR] -jungmann@cwb.matrix.com.br - - -TRANSLATIONS Pedro Morais -??????????. [pt_PT] -morais@poli.org - - -TRANSLATIONS Janusz Aleksander Urbanowicz 1999-01-09 -Disclaimer. [po] -alex@bofh.torun.pl +Yosiaki IIDA Translations [ja] -More credits -============ +Other legal information +======================= + +Natural Resources Canada disclaims changes by Matthew Skala. + This program uses the zlib compression library written by Jean-loup Gailly and Mark Adler. @@ -87,7 +62,8 @@ Torbjorn Granlund . The keybox implementation is based on GDBM 1.7.3 by Philip A. Nelson. -The file cipher/rndunix.c is based on rndunix.c from cryptlib. +The files cipher/rndunix.c and cipher/rndw32.c are based on rndunix.c +and rndwin32.c from cryptlib. Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999. The files in debian/ are by James Troup who is the Debian maintainer diff --git a/BUGS b/BUGS index 81fdcf1bd..df428bde4 100644 --- a/BUGS +++ b/BUGS @@ -1,58 +1,8 @@ - List of some known bugs - ------------------------- +Please see -This following list contains those bugs which we are aware of. Please -make sure that bugs you report are not listed here. If you can fix one -of these bugs/limitations we will certainly be glad to receive a patch. -(Please note that we need a disclaimer if a patch is longer than about -10 lines; but it may help anyway to show us where we have to fix it. Do -an "info standards" to find out why a disclaimer is needed for GNU.) + http://www.gnupg.org/buglist.html -Format: severity: [ *] to [***], no, first reported, by, version. -Bugs which are marked with "FIX: yyyy-mm-dd" are fixed in the CVS -and after about half a day in the rsync snapshots. -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +for a list know bugs in GnuPG. We don't distribute this list anymore +with the package because a more current one with notes in which version +the bug is fixed can be found online. -[ *] #3 - --list-packets should continue even w/o a passphrase (or in batch - mode). Maybe we have to move it to a separate program?? - -[ *] #4 1999-01-13 0.9.1 - v3 key 'expiration date' problem: - 1. generate a key, set expiration date - 2. - 3. edit a v3 secret key, try to set expiration date - - output: "You can't change... - 4. save - 5. key has expiration date from 1. and gpg reports that pubkey - and seckey differ. - The for loop the exp.date is set before v3 detection? - [is this bug still alive? - can someone please check it] - -[ **] #6 1999-02-22 0.9.3 - Bus error on IRIX 6.4: Crash while doing a keygen. I think while creating - the prime. Other bus errors are reported when doing a "gpg README" - on sparc-solaris2.6. - --> Solaris fixed. - --> IRIX bug still there but someone should test this again! - -[ *] #18 1999-05-27 0.9.7 - rndunix hangs on hp/ux. The problem is related to my_plcose which is - not always called. (I suggest to use EGD instead of rndunix.) - -[ *] #22 1999-07-22 - Solaris make has problems with the generated POTFILES - seems to be a - gettext bug. Use GNU gmake as a workaround. - -[ *] #23 1999-09-03 0.9.11 - Only the first signature of a cleartext sig seems to be verified. - Can't fix it in 1.0 because the code is semi-frozen. - HMMM: Can't reprodude the bug here - it just works. Check wehther - -[ *] #24 1999-09-05 0.9.11 - Does not link libc and libz expect when removing all "-lc -lz" except - for the last one. This happens on some systems when not using the - GNU ld. This need to be fixed in libtool. - - -Next #25 diff --git a/ChangeLog b/ChangeLog index 9cbb59962..70039b8bb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,128 @@ -Wed Sep 15 16:22:17 CEST 1999 Werner Koch +Tue May 30 16:37:55 CEST 2000 Werner Koch + Version 1.0.1-ePit-1 + +Sun May 28 13:55:17 CEST 2000 Werner Koch + + * acinclude.m4 (GNUPG_SYS_NM_PARSE): Added BSDI support. + (GNUPG_CHECK_RDYNAMIC): Ditto. + +Wed Apr 19 10:57:26 CEST 2000 Werner Koch + + * acconfig.h (HAVE_MLOCK): Added + +Wed Mar 22 13:50:24 CET 2000 Werner Koch + + * acinclude.m4 (GNUPG_CHECK_MLOCK): Changed the way to test for + librt. Test suggested by Jeff Long. + +Fri Mar 17 17:50:25 CET 2000 Werner Koch + + * acinclude.m4 (GNUPG_CHECK_MLOCK): Do librt check only when + we can't link a test program. This way GNU systems don't need + to link against linrt. + (GNUPG_CHECK_IPC): Fixed use of TRY_COMPILE macro. From Tim Mooney. + +2000-03-14 12:07:54 Werner Koch (wk@habibti.openit.de) + + * acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Add support for + DJGPP. + (GNUPG_CHECK_MLOCK): Check whether mlock sits in librt. + * configure.in: Add a test for unisgned long long. + +Tue Mar 7 18:45:31 CET 2000 Werner Koch + + * acinclude.m4 (GNUPG_CHECK_RDYNAMIC): Add NetBSD. By Thomas Klausner. + * configure.in (DYNLINK_MOD_CFLAGS): Set different for NetBSD. + +Thu Mar 2 15:37:46 CET 2000 Werner Koch + + * configure.in: Add check for clock_gettime + +Wed Feb 23 10:07:57 CET 2000 Werner Koch + + * configure.in (ALL_LINGUAS): Add nl. + +Wed Feb 16 16:25:09 CET 2000 Werner Koch + + * configure.in (ALL_LINGUAS): Add Esperanto. + +Wed Feb 16 14:09:00 CET 2000 Werner Koch + + * configure.in (ALL_LINGUAS): Add sv and ja. + + * AUTHORS: Converted to a more compact format. + + * INSTALL: Wrote a note about a Solaris problem. + +Thu Feb 10 17:39:44 CET 2000 Werner Koch + + * configure.in: Use /usr/local for CFLAGS and LDFLAGS when + target is freebsd. By Rémi. + +Thu Jan 13 19:31:58 CET 2000 Werner Koch + + * configure.in: Do not set development version when the version has + a dash in it. Suggested by Dave Dykstra. + +Thu Dec 16 10:07:58 CET 1999 Werner Koch + + * VERSION: Set to 1.0.1. + + * configure.in: Removed substitution for doc/gph/Makefile. + Do all the gcc warning only in maintainer mode. + +Thu Dec 9 10:31:05 CET 1999 Werner Koch + + * INSTALL: Add a hint for AIX. By Jos Backus. + +Sat Dec 4 12:30:28 CET 1999 Werner Koch + + * configure.in (dlopen): Use CHECK_FUNC for a test of dlopen in libc. + Suggested by Alexandre Oliva. + (-Wall): Moved the settting of gcc warning options near to the end + so that tests don't get confused. Suggested by Paul D. Smith. + +Mon Nov 22 11:14:53 CET 1999 Werner Koch + + * BUGS: Replaced content with a link to the online list. + +Fri Nov 12 20:33:19 CET 1999 Werner Koch + + * README: Fixed a type and add a note about the gnupg-i18n ML. + +Thu Oct 28 16:08:20 CEST 1999 Werner Koch + + * acinclude.m4, configure.in (GNUPG_CHECK_GNUMAKE): New. + +Sat Oct 9 20:34:41 CEST 1999 Werner Koch + + * configure.in: Tweaked handling of random modules and removed + dummy support for libgcrypt. + * Makefile.am: Removed libgcrypt support. + * cgrypt/ : Removed. + + * Makefile.am: Removed libtool. + +Fri Oct 8 20:32:01 CEST 1999 Werner Koch + + * configure.in: Fixed quoting in test for development version. + + * THANKS: Add entries for Michael, Brenno and J Horacio who did + very nice Howto documents - I apoligize for forgetting to mention them + earlier. + +Tue Sep 28 20:54:37 CEST 1999 Werner Koch + + * textfilter.c (copy_clearsig_text) [__MINGW32__): Use CR,LF. + +Fri Sep 17 12:56:42 CEST 1999 Werner Koch + + * configure.in: Add "-lcap" when capabilities are requested. + Add the conditional CROSS_COMPILING. + * Makefile.am: Don't use checks when CROSS_COMPILING. + +Wed Sep 15 16:22:17 CEST 1999 Werner Koch * configure.in (ALL_LINGUAS): Add pt_PT. @@ -8,12 +131,10 @@ Wed Sep 15 16:22:17 CEST 1999 Werner Koch Tue Sep 7 17:08:10 CEST 1999 Werner Koch - * VERSION: Set to 1.0.0. Mon Sep 6 19:59:08 CEST 1999 Werner Koch - * configure.in: Create makefile in doc/gph * acinclude.m4 (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): New @@ -21,7 +142,6 @@ Mon Sep 6 19:59:08 CEST 1999 Werner Koch Thu Sep 2 16:40:55 CEST 1999 Werner Koch - * VERSION: Set to 0.9.11. Tue Aug 31 17:20:44 CEST 1999 Werner Koch diff --git a/INSTALL b/INSTALL index 55a4c855f..90c464967 100644 --- a/INSTALL +++ b/INSTALL @@ -70,6 +70,24 @@ This doesn't matter and we know about it (actually it is due to the some warning options which we have enabled for gcc) +Specific problems on some machines +================================== + + * IBM RS/6000 running AIX: + + Due to a change in gcc (since version 2.8) the MPI stuff may + not build. In this case try to run configure using: + CFLAGS="-g -O2 -mcpu=powerpc" ./configure + + * Solaris + + There are reports that the function gethrtime() as used in + cipher/random.c raised a SIGILL. It seems that is due to + a header/lib miscmatch. Solution is to fix the Solaris + installation or comment the call to gethrtime(). + + + The Random Device ================= Random devices are available in Linux, FreeBSD and OpenBSD. diff --git a/Makefile.am b/Makefile.am index e3add598e..fb518ea58 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,19 +1,16 @@ ## Process this file with automake to produce Makefile.in -if COMPILE_LIBGCRYPT -gcrypt = gcrypt -my_clean_gcrypt = +if CROSS_COMPILING +checks = else -gcrypt = -my_clean_gcrypt = gcrypt/Makefile +checks = checks endif -SUBDIRS = intl zlib util mpi cipher tools g10 po doc checks ${gcrypt} +SUBDIRS = intl zlib util mpi cipher tools g10 po doc ${checks} EXTRA_DIST = VERSION PROJECTS BUGS # gettext never gets it right, so we take here care of deleting the -# symlink. my_clean_gcrypt is just a kludge until we can include -# libgcrypt. -DISTCLEANFILES = g10defs.h intl/libintl.h ${my_clean_gcrypt} +# symlink. +DISTCLEANFILES = g10defs.h intl/libintl.h dist-hook: @set -e; \ @@ -28,23 +25,6 @@ dist-hook: sed -e 's/@pkg_version@/$(VERSION)/g' \ $(top_srcdir)/scripts/gnupg.spec.in \ > $(distdir)/scripts/gnupg.spec - -rm $(distdir)/gcrypt/*.[ch] -if MAINTAINER_MODE -# This is only useful within my local environment (wk) -cvs-get: - rsync -Cavuzb --exclude scratch --exclude .deps \ - wkoch@sigtrap.guug.de:work/gnupg . - -cvs-put: - rsync -Cavuzb --exclude .deps --exclude scratch \ - . wkoch@sigtrap.guug.de:work/gnupg - -cvs-sync: cvs-get cvs-put - -endif - - -.PHONY: cvs-get cvs-put cvs-sync diff --git a/NEWS b/NEWS index d5d2c5f13..83f69d9c5 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,82 @@ +Noteworthy changes in version 1.0.1-ePit-1 +------------------------------------------ + + * Fixed expiration handling of encryption keys. + + * Add an experimental feature to do unattended key generation. + + * The user is now asked for the reason of revocation as required + by the new OpenPGP draft. + + * There is a ~/.gnupg/random_seed file now which saves the + state of the internal RNG and increases system performance + somewhat. This way the full entropy source is only used in + cases were it is really required. + Use the option --no-random-seed-file to disable this feature. + + * New options --ignore-time-conflict and --lock-never. + + * Some fixes for the W32 version. + + * The entropy.dll is not anymore used by the W32 version but replaced + by code derived from Cryptlib. + + * Encryption is now much faster: About 2 times for 1k bit keys + and 8 times for 4k keys. + + * New encryption keys are generated in a way which allows a much + faster decryption. + + * New command --export-secret-subkeys which outputs the + the _primary_ key with is's secret parts deleted. This is + useful for automated decryption/signature creation as it + allows to keep the real secret primary key offline and + thereby protecting the key certificates and allowing to + create revocations for the subkeys. See the FAQ for a + procedure to install such secret keys. + + * Keygeneration now writes to the first writeable keyring or + as default to the one in the homedirectory. Prior versions + ignored all --keyring options. + + * New option --command-fd to take user input from a file descriptor; + to be used with --status-fd by software which uses GnuPG as a backend. + + * There is a new status PROGRESS which is used to show progress during + key generation. + +Noteworthy changes in version 1.0.1 (1999-12-16) +----------------------------------- + + * New command --verify-files. New option --fast-list-mode. + + * $http_proxy is now used when --honor-http-proxy is set. + + * Fixed some minor bugs and the problem with conventional encrypted + packets which did use the gpg v3 partial length headers. + + * Add Indonesian and Portugese translations. + + * Fixed a bug with symmetric-only encryption using the non-default 3DES. + The option --emulate-3des-s2k-bug may be used to decrypt documents + which have been encrypted this way; this should be done immediately + as this workaround will be remove in 1.1 + + * Can now handle (but not display) PGP's photo IDs. I don't know the + format of that packet but after stripping a few bytes from the start + it looks like a JPEG (at least my test data). Handling of this + package is required because otherwise it would mix up the + self signatures and you can't import those keys. + + * Passing non-ascii user IDs on the commandline should now work in all + cases. + + * New keys are now generated with an additional preference to Blowfish. + + * Removed the GNU Privacy Handbook from the distribution as it will go + into a separate one. + + Noteworthy changes in version 1.0.0 (1999-09-07) ----------------------------------- diff --git a/NOTES b/NOTES index 47a69df47..97996597e 100644 --- a/NOTES +++ b/NOTES @@ -10,4 +10,23 @@ Some other reported cpu-vendor-os strings: sparc-sun-solaris5.4 sparc-sun-sunos4.1.2 i386-pc-sysv4.2 (USL Unixware v1.1.2) + powerpc-ibm-aix4.3.2.0 John Payne +gpg 1.0.1 okay with MP-RAS 3.02.01 Edition 5 using gcc 2.95.2 and EGD + By + +gpg 1.0.1 okay with 4.0.1 BSDI BSD/OS 4.0 i386 + + +rndw32 tested on: + + Windows 98 4.10.1998 mit einem AMD-K6-2-450 + Michael Engels ) + + Windows 95 4.00.950a + + Windows NT 4.00.1381 + + + + diff --git a/README b/README index 1d9c9acaf..d7185dcb6 100644 --- a/README +++ b/README @@ -121,7 +121,7 @@ c) If you don't have any of the above programs, you have to verify the MD5 checksum: - $ md5sum gnupg-x.y.z.tar.gz.sig + $ md5sum gnupg-x.y.z.tar.gz This should yield an output similar_to this: @@ -135,10 +135,11 @@ Documentation ------------- - A draft version of the manual is included in the subdirectory doc/gph. - The supplied version is rendered in HTML and you may access it with any - browser (e.g.: lynx doc/gpg/index.html). The GnuPG webpages have a link - to the latest development version and you may want to read those instead. + The manual will be distributed separate under the name "gnupgdoc". + An online version of the latest manual draft is available at the + GnuPG web pages: + + http://www.gnupg.org/gph/ A couple of HOWTO documents are available online; for a listing see: @@ -473,7 +474,7 @@ The primary WWW page is "http://www.gnupg.org" The primary FTP site is "ftp://ftp.gnupg.org/pub/gcrypt/" - See http://www.gnupg.org/mirrors.html for a list of FTP mirrors + See http://www.gnupg.org/mirrors.html for a list of mirrors and use them if possible. You may also find GnuPG mirrored on some of the regular GNU mirrors. @@ -485,6 +486,8 @@ very low traffic. gnupg-users@gnupg.org For general user discussion and help. + gnupg-i18n@gnupg.org Discussion about internationalization + issues. gnupg-devel@gnupg.org GnuPG developers main forum. You subscribe to one of the list by sending mail with a subject @@ -508,11 +511,9 @@ the GNU service directory or search other resources. -----BEGIN PGP SIGNATURE----- -Version: GnuPG v0.9.11 (GNU/Linux) -Comment: For info see http://www.gnupg.org -iQB1AwUBN9QAwB0Z9MEMmFelAQG0XwMAqyH3UR0Jk+dm2ZkVoTqckGqmMMt5IdBN -MlG4g3dau5De8XXHvbQ45cUpU4CC0MOlEuKDp+CKOc+xbzczdH35qYt/5XKmVWS8 -JwTvuKKCZ/95JRMk0ZMRueQduH7tSijZ -=MefQ +iQB1AwUBOEkX0B0Z9MEMmFelAQE2aQL/bo8po/atFACnG7eZBodfV0ikE+PFynOf +uzQjirp00hSFwP8jMmv+ccnlyZkHRwrhl/Xc8GCmmeATwtb1fuAWvCO51T1YIv3i ++K8Y6ThnQxG6TS0A/DBcoxwKpT7jEEPG +=WYfE -----END PGP SIGNATURE----- diff --git a/THANKS b/THANKS index 079f621ed..2868209ef 100644 --- a/THANKS +++ b/THANKS @@ -3,109 +3,143 @@ reporting problems, suggesting various improvements or submitting actual code. Here is a list of those people. Help me keep it complete and free of errors. -Allan Clark allanc@sco.com -Anand Kumria wildfire@progsoc.uts.edu.au -Ariel T Glenn ariel@columbia.edu -Bodo Moeller Bodo_Moeller@public.uni-hamburg.de -Bryan Fullerton bryanf@samurai.com -Brian Moore bem@cmc.net -Brian Warner warner@lothar.com -Caskey L. Dickson caskey@technocage.com -Cees van de Griend cees-list@griend.xs4all.nl -Charles Levert charles@comm.polymtl.ca -Christian von Roques roques@pond.sub.org -Christopher Oliver oliver@fritz.traverse.net -Christian Recktenwald chris@citecs.de -Daniel Eisenbud eisenbud@cs.swarthmore.edu -Daniel Koening dan@mail.isis.de -David Ellement ellement@sdd.hp.com -Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de -Dirk Lattermann dlatt@t-online.de -Ed Boraas ecxjo@esperanto.org -Enzo Michelangeli em@MailAndNews.com -Ernst Molitor ernst.molitor@uni-bonn.de -Fabio Coatti cova@felix.unife.it -Felix von Leitner leitner@amdiv.de -Frank Heckenbach heckenb@mi.uni-erlangen.de -Frank Stajano frank.stajano@cl.cam.ac.uk -Gaël Quéri gqueri@mail.dotcom.fr -Greg Louis glouis@dynamicro.on.ca -Greg Troxel gdt@ir.bbn.com -Gregory Steuck steuck@iname.com -Geoff Keating geoffk@ozemail.com.au -Harald Denker harry@hal.westfalen.de -Hendrik Buschkamp buschkamp@rheumanet.org -Holger Schurig holger@d.om.org -Hugh Daniel hugh@toad.com -Ian McKellar imckellar@harvestroad.com.au -Janusz A. Urbanowicz alex@bofh.torun.pl -James Troup james@nocrew.org -Jean-loup Gailly gzip@prep.ai.mit.edu -Jens Bachem bachem@rrz.uni-koeln.de -Joachim Backes backes@rhrk.uni-kl.de -John A. Martin jam@jamux.com -Johnny Teveßen j.tevessen@gmx.de -Jörg Schilling schilling@fokus.gmd.de -Jun Kuriyama kuriyama@sky.rim.or.jp -Karl Fogel kfogel@guanabana.onshore.com -Karsten Thygesen karthy@kom.auc.dk -Katsuhiro Kondou kondou@nec.co.jp -Kazu Yamamoto kazu@iijlab.net -Lars Kellogg-Stedman lars@bu.edu -Marco d'Itri md@linux.it -Mark Adler madler@alumni.caltech.edu -Mark Elbrecht snowball3@bigfoot.com -Markus Friedl Markus.Friedl@informatik.uni-erlangen.de -Martin Kahlert martin.kahlert@provi.de +Adam Mitchell adam@cafe21.org +Alec Habig habig@budoe2.bu.edu +Allan Clark allanc@sco.com +Anand Kumria wildfire@progsoc.uts.edu.au +Ariel T Glenn ariel@columbia.edu +Bodo Moeller Bodo_Moeller@public.uni-hamburg.de +Brenno de Winter brenno@dewinter.com +Brian Moore bem@cmc.net +Brian Warner warner@lothar.com +Bryan Fullerton bryanf@samurai.com +Caskey L. Dickson caskey@technocage.com +Cees van de Griend cees-list@griend.xs4all.nl +Charles Levert charles@comm.polymtl.ca +Chip Salzenberg chip@valinux.com +Christian Kurz shorty@debian.org +Christian von Roques roques@pond.sub.org +Christopher Oliver oliver@fritz.traverse.net +Christian Recktenwald chris@citecs.de +Daniel Eisenbud eisenbud@cs.swarthmore.edu +Daniel Koening dan@mail.isis.de +Daniel Resare daniel@resare.com +Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de +Dave Dykstra dwd@bell-labs.com +David Ellement ellement@sdd.hp.com +David Hallinan hallinan@rtd.com +Dirk Lattermann dlatt@t-online.de +Ed Boraas ecxjo@esperanto.org +Edmund GRIMLEY EVANS edmundo@rano.org +Enzo Michelangeli em@MailAndNews.com +Ernst Molitor ernst.molitor@uni-bonn.de +Fabio Coatti cova@felix.unife.it +Felix von Leitner leitner@amdiv.de +Frank Donahoe fdonahoe@wilkes1.wilkes.edu +Frank Heckenbach heckenb@mi.uni-erlangen.de +Frank Stajano frank.stajano@cl.cam.ac.uk +Frank Tobin ftobin@uiuc.edu +Gaël Quéri gqueri@mail.dotcom.fr +Greg Louis glouis@dynamicro.on.ca +Greg Troxel gdt@ir.bbn.com +Gregory Steuck steuck@iname.com +Geoff Keating geoffk@ozemail.com.au +Harald Denker harry@hal.westfalen.de +Hendrik Buschkamp buschkamp@rheumanet.org +Holger Schurig holger@d.om.org +Holger Smolinski smolinsk@de.ibm.com +Holger Trapp Holger.Trapp@informatik.tu-chemnitz.de +Hugh Daniel hugh@toad.com +Huy Le huyle@ugcs.caltech.edu +Ian McKellar imckellar@harvestroad.com.au +Ivo Timmermans itimmermans@bigfoot.com +Jan Krueger max@physics.otago.ac.nz +Janusz A. Urbanowicz alex@bofh.torun.pl +James Troup james@nocrew.org +Jean-loup Gailly gzip@prep.ai.mit.edu +Jeff Long long@kestrel.cc.ukans.edu +Jens Bachem bachem@rrz.uni-koeln.de +J Horacio MG homega@ciberia.es +Joachim Backes backes@rhrk.uni-kl.de +John A. Martin jam@jamux.com +Johnny Teveßen j.tevessen@gmx.de +Jörg Schilling schilling@fokus.gmd.de +Jos Backus Jos.Backus@nl.origin-it.com +Jun Kuriyama kuriyama@sky.rim.or.jp +Karl Fogel kfogel@guanabana.onshore.com +Karsten Thygesen karthy@kom.auc.dk +Katsuhiro Kondou kondou@nec.co.jp +Kazu Yamamoto kazu@iijlab.net +Lars Kellogg-Stedman lars@bu.edu +L. Sassaman rabbi@quickie.net +Marco d'Itri md@linux.it +Mark Adler madler@alumni.caltech.edu +Mark Elbrecht snowball3@bigfoot.com +Markus Friedl Markus.Friedl@informatik.uni-erlangen.de +Martin Kahlert martin.kahlert@provi.de Martin Hamilton -Martin Schulte schulte@thp.uni-koeln.de -Matthew Skala mskala@ansuz.sooke.bc.ca -Max Valianskiy maxcom@maxcom.ml.org -Michael Roth mroth@nessie.de -Michael Sobolev mss@despair.transas.com -Nicolas Graner Nicolas.Graner@cri.u-psud.fr -NIIBE Yutaka gniibe@chroot.org +Martin Schulte schulte@thp.uni-koeln.de +Matthew Skala mskala@ansuz.sooke.bc.ca +Max Valianskiy maxcom@maxcom.ml.org +Michael Fischer v. Mollard mfvm@gmx.de +Michael Roth mroth@nessie.de +Michael Sobolev mss@despair.transas.com +Nicolas Graner Nicolas.Graner@cri.u-psud.fr +Mike McEwan mike@lotusland.demon.co.uk +NIIBE Yutaka gniibe@chroot.org Niklas Hernaeus -Nimrod Zimerman zimerman@forfree.at -N J Doye nic@niss.ac.uk -Oliver Haakert haakert@hsp.de -Oskari Jääskeläinen f33003a@cc.hut.fi -Paul D. Smith psmith@baynetworks.com -Philippe Laliberte arsphl@oeil.qc.ca -Peter Gutmann pgut001@cs.auckland.ac.nz -QingLong qinglong@bolizm.ihep.su -Ralph Gillen gillen@theochem.uni-duesseldorf.de -Rat ratinox@peorth.gweep.net -Reinhard Wobst R.Wobst@ifw-dresden.de -Rémi Guyomarch rguyom@mail.dotcom.fr -Reuben Sumner rasumner@wisdom.weizmann.ac.il -Roddy Strachan roddy@satlink.com.au -Roland Rosenfeld roland@spinnaker.rhein.de -Ross Golder rossigee@bigfoot.com -Serge Munhoven munhoven@mema.ucl.ac.be -SL Baur steve@xemacs.org -Stefan Karrmann S.Karrmann@gmx.net -Stefan Keller dres@cs.tu-berlin.de -Steffen Ullrich ccrlphr@xensei.com -Steffen Zahn zahn@berlin.snafu.de -Steven Bakker steven@icoe.att.com -Susanne Schultz schultz@hsp.de -Thiago Jung Bauermann jungmann@cwb.matrix.com.br -Thomas Roessler roessler@guug.de -Tom Spindler dogcow@home.merit.edu -Tom Zerucha tzeruch@ceddec.com -Tomas Fasth tomas.fasth@twinspot.net -Thomas Mikkelsen tbm@image.dk -Ulf Möller 3umoelle@informatik.uni-hamburg.de -Urko Lusa ulusa@lacueva.ddns.org -Walter Koch koch@hsp.de -Werner Koch werner.koch@guug.de -Wim Vandeputte bunbun@reptile.rug.ac.be - nbecker@hns.com +Nimrod Zimerman zimerman@forfree.at +N J Doye nic@niss.ac.uk +Oliver Haakert haakert@hsp.de +Oskari Jääskeläinen f33003a@cc.hut.fi +Paul D. Smith psmith@baynetworks.com +Philippe Laliberte arsphl@oeil.qc.ca +Peter Gutmann pgut001@cs.auckland.ac.nz +QingLong qinglong@bolizm.ihep.su +Ralph Gillen gillen@theochem.uni-duesseldorf.de +Rat ratinox@peorth.gweep.net +Reinhard Wobst R.Wobst@ifw-dresden.de +Rémi Guyomarch rguyom@mail.dotcom.fr +Reuben Sumner rasumner@wisdom.weizmann.ac.il +Richard Outerbridge outer@interlog.com +Roddy Strachan roddy@satlink.com.au +Roland Rosenfeld roland@spinnaker.rhein.de +Ross Golder rossigee@bigfoot.com +Sam Roberts sam@cogent.ca +Sean MacLennan seanm@netwinder.org +Serge Munhoven munhoven@mema.ucl.ac.be +SL Baur steve@xemacs.org +Stefan Karrmann S.Karrmann@gmx.net +Stefan Keller dres@cs.tu-berlin.de +Steffen Ullrich ccrlphr@xensei.com +Steffen Zahn zahn@berlin.snafu.de +Steven Bakker steven@icoe.att.com +Susanne Schultz schultz@hsp.de +Thiago Jung Bauermann jungmann@cwb.matrix.com.br +Thomas Roessler roessler@guug.de +Tim Mooney mooney@dogbert.cc.ndsu.nodak.edu +Tom Spindler dogcow@home.merit.edu +Tom Zerucha tzeruch@ceddec.com +Tomas Fasth tomas.fasth@twinspot.net +Thomas Klausner wiz@danbala.ifoer.tuwien.ac.at +Thomas Mikkelsen tbm@image.dk +Ulf Möller 3umoelle@informatik.uni-hamburg.de +Urko Lusa ulusa@euskalnet.net +Walter Hofmann Walter.Hofmann@physik.stud.uni-erlangen.de +Walter Koch koch@hsp.de +Wayne Chapeskie waynec@spinnaker.com +Werner Koch wk@gnupg.org +Wim Vandeputte bunbun@reptile.rug.ac.be +Yosiaki IIDA iida@secom.ne.jp +Yoshihiro Kajiki kajiki@ylug.org + nbecker@hns.com Thanks to the German Unix User Group for providing FTP space, Martin Hamilton for hosting the mailing list and HSP for hosting gnupg.org. +The development of this software has partly been funded by the German +Ministry for Economics and Technology under grant VIB3-68553.168-001/1999. + Many thanks to my wife Gerlinde for having so much patience with me while hacking late in the evening. diff --git a/TODO b/TODO index f37749cf6..8323bd954 100644 --- a/TODO +++ b/TODO @@ -1,6 +1,25 @@ + * g10/trustdb.c (make_sig_records): fix the fixme. + + * at least an option to prefer DSA keys over RSA when selecting the key to + use. Depending on creation time would be nice too. I think this is + already done for the subkeys - check it. + + * Fix localtime() in W32. + + * export sollte exit(1) machen bei einem Fehler - testen! Es wird ein + leerer File erzeugt. Nur unter Windows? + + * No TCP support yet for W32? arggg - should go into a separate program + anyway. + + Scheduled for 1.1 ----------------- + * Rework the whole key selection stuff: Compile a list of valid + candidates for a keyblock first and the select one from it. + The current code is too ugly (getkey.c). + * With option -i prompt before adding a key to the keyring and show some info what we are about to add. @@ -22,6 +41,9 @@ Scheduled for 1.1 * Check the beginning of file to detect already compressed files (gzip, bzip2, xdelta and some picture formats) + * Delay the read of the passphrase-fd after a NEED_PASSPHRASE. But this + may break some scripts. + Nice to have ------------ @@ -51,5 +73,4 @@ Nice to have trustdb. * Evaluate whether it make sense to replace the namehashs either by using the user ID directly or by using pointers into the trustdb. - * --gen-prime may trigger a log_bug; should be a log_fatal. diff --git a/VERSION b/VERSION index 8ce8b88c0..f37fc79b4 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.0a +1.0.1-ePit-1 diff --git a/acconfig.h b/acconfig.h index 40ef16a60..0fe31f61a 100644 --- a/acconfig.h +++ b/acconfig.h @@ -53,6 +53,7 @@ #undef HAVE_STPCPY +#undef HAVE_MLOCK #undef BIG_ENDIAN_HOST #undef LITTLE_ENDIAN_HOST diff --git a/acinclude.m4 b/acinclude.m4 index aa721ea88..01f890020 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -27,6 +27,24 @@ AC_DEFUN(GNUPG_CHECK_TYPEDEF, ]) +dnl GNUPG_CHECK_GNUMAKE +dnl +AC_DEFUN(GNUPG_CHECK_GNUMAKE, + [ + if ${MAKE-make} --version 2>/dev/null | grep '^GNU ' >/dev/null 2>&1; then + : + else + AC_MSG_WARN([[ +*** +*** It seems that you are not using GNU make. Some make tools have serious +*** flaws and you may not be able to build this software at all. Before you +*** complain, please try GNU make: GNU make is easy to build and available +*** at all GNU archives. It is always available from ftp.gnu.org:/gnu/make. +***]]) + fi + ]) + + dnl GNUPG_LINK_FILES( SRC, DEST ) dnl same as AC_LINK_FILES, but collect the files to link in @@ -208,7 +226,7 @@ define(GNUPG_CHECK_RDYNAMIC, CFLAGS_RDYNAMIC="-Wl,-E" ;; - openbsd* | freebsd2* | osf4* | irix* ) + openbsd* | freebsd2* | osf4* | irix* | netbsd* | bsdi* ) CFLAGS_RDYNAMIC="" ;; @@ -275,7 +293,8 @@ define(GNUPG_CHECK_IPC, AC_TRY_COMPILE([#include #include #include ],[ - int foo( int shm_id ) { shmctl(shm_id, SHM_LOCK, 0); } + int shm_id; + shmctl(shm_id, SHM_LOCK, 0); ], gnupg_cv_ipc_have_shm_lock="yes", gnupg_cv_ipc_have_shm_lock="no" @@ -294,11 +313,46 @@ define(GNUPG_CHECK_IPC, ###################################################################### # Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock # is not called from uid 0 (not tested whether uid 0 works) +# For DECs Tru64 we have also to check whether mlock is in librt +# mlock is there a macro using memlk() ###################################################################### dnl GNUPG_CHECK_MLOCK dnl define(GNUPG_CHECK_MLOCK, [ AC_CHECK_FUNCS(mlock) + if test "$ac_cv_func_mlock" = "no"; then + AC_CHECK_HEADERS(sys/mman.h) + if test "$ac_cv_header_sys_mman_h" = "yes"; then + # Add librt to LIBS: + AC_CHECK_LIB(rt, memlk) + AC_CACHE_CHECK([whether mlock is in sys/mman.h], + gnupg_cv_mlock_is_in_sys_mman, + [AC_TRY_LINK([ + #include + #ifdef HAVE_SYS_MMAN_H + #include + #endif + ], [ + mkdir ("foo", 0); + int i; + /* glibc defines this for functions which it implements + * to always fail with ENOSYS. Some functions are actually + * named something starting with __ and the normal name + * is an alias. */ + #if defined (__stub_mlock) || defined (__stub___mlock) + choke me + #else + mlock(&i, 4); + #endif + ; return 0; + ], + gnupg_cv_mlock_is_in_sys_mman=yes, + gnupg_cv_mlock_is_in_sys_mman=no)]) + if test "$gnupg_cv_mlock_is_in_sys_mman" = "yes"; then + AC_DEFINE(HAVE_MLOCK) + fi + fi + fi if test "$ac_cv_func_mlock" = "yes"; then AC_MSG_CHECKING(whether mlock is broken) AC_CACHE_VAL(gnupg_cv_have_broken_mlock, @@ -409,7 +463,7 @@ case "$host_os" in aix*) ac_symcode='[BCDTU]' ;; -freebsd* | netbsd* | openbsd* | sunos* | cygwin32* | mingw32*) +freebsd* | netbsd* | openbsd* | bsdi* | sunos* | cygwin32* | mingw32*) ac_sympat='_\([_A-Za-z][_A-Za-z0-9]*\)' ac_symxfrm='_\1 \1' ;; @@ -562,7 +616,7 @@ AC_CHECK_TOOL(AS, as, false) AC_DEFUN(GNUPG_SYS_SYMBOL_UNDERSCORE, [tmp_do_check="no" case "${target}" in - i386-emx-os2 | i[3456]86-pc-os2*emx ) + i386-emx-os2 | i[3456]86-pc-os2*emx | i386-pc-msdosdjgpp) ac_cv_sys_symbol_underscore=yes ;; *) @@ -633,7 +687,7 @@ AC_DEFUN(GNUPG_FUNC_MKDIR_TAKES_ONE_ARG, #ifdef HAVE_DIRECT_H # include #endif], [mkdir ("foo", 0);], - gnupg_cv_mkdir_takes_one_arg=no, gnupg_cv_mkdir_takes_one_arg=yes)]) + gnupg_cv_mkdir_takes_one_arg=no, gnupg_cv_mkdir_takes_one_arg=yes)]) if test $gnupg_cv_mkdir_takes_one_arg = yes ; then AC_DEFINE(MKDIR_TAKES_ONE_ARG) fi diff --git a/checks/ChangeLog b/checks/ChangeLog index 8e043bf71..0af642df2 100644 --- a/checks/ChangeLog +++ b/checks/ChangeLog @@ -1,11 +1,22 @@ -Tue Aug 31 17:20:44 CEST 1999 Werner Koch +Thu Feb 10 17:39:44 CET 2000 Werner Koch + * mkdemodirs: Fixed the --clean loop. + +Thu Jan 13 19:31:58 CET 2000 Werner Koch + + * defs.inc (chdir): Removed becuase it is unsused an plain old sh + does not like this name. Reported by Alec Habig. + +Tue Oct 26 20:02:23 1999 Werner Koch (wk@gnupg.org) + + * Makefile.am (GPG_DEARMOR): New and use --no-options. + +Tue Aug 31 17:20:44 CEST 1999 Werner Koch * defs.inc: set LC_ALL empty Wed Aug 4 10:34:18 CEST 1999 Werner Koch - * defs.inc (echo_n): New and used instead of /bin/echo "\c" Sun Apr 18 10:11:28 CEST 1999 Werner Koch diff --git a/checks/Makefile.am b/checks/Makefile.am index bda0a2d90..41ded3cd6 100644 --- a/checks/Makefile.am +++ b/checks/Makefile.am @@ -1,5 +1,7 @@ ## Process this file with automake to create Makefile.in +GPG_DEARMOR = ../g10/gpg --no-options --quiet --yes --dearmor + TESTS = version.test mds.test \ decrypt.test decrypt-dsa.test \ sigs.test sigs-dsa.test \ @@ -37,25 +39,25 @@ prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \ ./pubring.gpg: $(srcdir)/pubring.asc - ../g10/gpg --yes --dearmor -o ./pubring.gpg $(srcdir)/pubring.asc + $(GPG_DEARMOR) -o ./pubring.gpg $(srcdir)/pubring.asc ./secring.gpg: $(srcdir)/secring.asc - ../g10/gpg --yes --dearmor -o ./secring.gpg $(srcdir)/secring.asc + $(GPG_DEARMOR) -o ./secring.gpg $(srcdir)/secring.asc ./pubring.pkr: $(srcdir)/pubring.pkr.asc - ../g10/gpg --yes --dearmor -o ./pubring.pkr $(srcdir)/pubring.pkr.asc + $(GPG_DEARMOR) -o ./pubring.pkr $(srcdir)/pubring.pkr.asc ./secring.skr: $(srcdir)/secring.skr.asc - ../g10/gpg --yes --dearmor -o ./secring.skr $(srcdir)/secring.skr.asc + $(GPG_DEARMOR) -o ./secring.skr $(srcdir)/secring.skr.asc ./plain-1: $(srcdir)/plain-1o.asc - ../g10/gpg --yes --dearmor -o ./plain-1 $(srcdir)/plain-1o.asc + $(GPG_DEARMOR) -o ./plain-1 $(srcdir)/plain-1o.asc ./plain-2: $(srcdir)/plain-2o.asc - ../g10/gpg --yes --dearmor -o ./plain-2 $(srcdir)/plain-2o.asc + $(GPG_DEARMOR) -o ./plain-2 $(srcdir)/plain-2o.asc ./plain-3: $(srcdir)/plain-3o.asc - ../g10/gpg --yes --dearmor -o ./plain-3 $(srcdir)/plain-3o.asc + $(GPG_DEARMOR) -o ./plain-3 $(srcdir)/plain-3o.asc diff --git a/checks/defs.inc b/checks/defs.inc index d5fdc8af7..47c6e4d8f 100755 --- a/checks/defs.inc +++ b/checks/defs.inc @@ -48,9 +48,6 @@ info () { echo "$pgmname:" $* >&2 } -chdir () { - cd $1 || fatal "cannot cd to $1" -} echo_n_init=no echo_n () { diff --git a/checks/mkdemodirs b/checks/mkdemodirs index b0755ab48..f0c7e02ba 100755 --- a/checks/mkdemodirs +++ b/checks/mkdemodirs @@ -8,9 +8,9 @@ NAMES='Alpha Bravo Charlie Delta Echo Foxtrot Golf Hotel India Sierra Tango Uniform Victor Whisky XRay Yankee Zulu' if [ "$1" = "--clean" ]; then - for i in $NAMES; do + (for i in $NAMES; do [ -d $i ] && rm -r $i - done + done) || true exit 0 fi @@ -24,10 +24,10 @@ for name in $NAMES; do /bin/echo " $name\c" [ -d $name ] && rm -r $name mkdir $name - $GPGDEMO --export-secret-key -o - $name | tee $name/Secret.gpg | \ - $GPG --homedir $name --import - $GPGDEMO --export -o - $name | tee $name/Public.gpg | \ - $GPG --homedir $name --import + $GPGDEMO --export-secret-key -o - $name > $name/Secret.gpg + $GPG --homedir $name --import $name/Secret.gpg + $GPGDEMO --export -o - $name > $name/Public.gpg + $GPG --homedir $name --import $name/Public.gpg [ -f $name/pubring.gpg~ ] && rm $name/pubring.gpg~ done echo "." diff --git a/cipher/ChangeLog b/cipher/ChangeLog index a8c3d3f13..b26d3f3f1 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,5 +1,137 @@ -Wed Sep 15 16:22:17 CEST 1999 Werner Koch +Sun May 28 13:55:17 CEST 2000 Werner Koch + * random.c (read_seed_file): Binary open for DOSish system + (update_random_seed_file): Ditto. + + * rndw32.c: Add some debuging code enabled by an environment variable. + +Tue May 23 09:19:00 CEST 2000 Werner Koch + + * rndw32.c: Started with alternative code to replace entropy.dll + +Thu May 18 11:38:54 CEST 2000 Werner Koch + + * primegen.c (register_primegen_progress): New. + * dsa.c (register_pk_dsa_progress): New. + * elgamal.c (register_pk_elg_progress): New. + +Fri Apr 14 19:37:08 CEST 2000 Werner Koch + + * twofish.c (twofish_get_info): Fixed warning about cast. + +Tue Mar 28 14:26:58 CEST 2000 Werner Koch + + * random.c [MINGW32]: Include process.h for getpid. + +Thu Mar 2 15:37:46 CET 2000 Werner Koch + + * random.c (fast_random_poll): Add clock_gettime() as fallback for + system which support this POSIX.4 fucntion. By Sam Roberts. + + * rndunix.c: Add some more headers for QNX. By Sam Roberts. + + * random.c (read_seed_file): Removed the S_ISLNK test becuase it + is already covered by !S_ISREG and is not defined in Unixware. + Reported by Dave Dykstra. + + * sha1.c (sha1_get_info): Removed those stupid double lines. Dave + is really a good lint. + +Wed Feb 23 10:07:57 CET 2000 Werner Koch + + * twofish.c (twofish_get_info): Add some const to the casts. By Martin + Kahlert. + +Mon Feb 14 14:30:20 CET 2000 Werner Koch + + (update_random_seed_file): Silently ignore update request when pool + is not filled. + +Fri Feb 11 17:44:40 CET 2000 Werner Koch + + * random.c (read_seed_file): New. + (set_random_seed_file): New. + (read_pool): Try to read the seeding file. + (update_random_seed_file): New. + + (read_pool): Do an initial extra seeding when level 2 quality random + is requested the first time. This requestes at least POOLSIZE/2 bytes + of entropy. Compined with the seeding file this should make normal + random bytes cheaper and increase the quality of the random bytes + used for key generation. + + * rndegd.c (gather_random): Shortcut level 0. + * rndunix.c (gather_random): Ditto. + * rndw32.c (gather_random): Ditto. + +Fri Jan 14 18:32:01 CET 2000 Werner Koch + + * rmd160.c (rmd160_get_info): Moved casting to the left side due to a + problem with UTS4.3. Suggested by Dave Dykstra. + * sha1.c (sha1_get_info): Ditto. + * tiger.c (tiger_get_info): Ditto. + * md5.c (md5_get_info): Ditto + * des.c (des_get_info): Ditto. + * blowfish.c (blowfish_get_info): Ditto. + * cast5.c (cast5_get_info): Ditto. + * twofish.c (twofish_get_info): Ditto. + +Thu Jan 13 19:31:58 CET 2000 Werner Koch + + * elgamal.c (wiener_map): New. + (gen_k): Use a much smaller k. + (generate): Calculate the qbits using the wiener map and + choose an x at a size comparable to the one choosen in gen_k + + * random.c (read_pool): Print a more friendly error message in + cases when too much random is requested in one call. + + * Makefile.am (tiger): Replaced -O1 by -O. Suggested by Alec Habig. + +Sat Dec 4 12:30:28 CET 1999 Werner Koch + + * primegen.c (generate_elg_prime): All primes are now generated with + the lowest random quality level. Becuase they are public anyway we + don't need stronger random and by this we do not drain the systems + entropy so much. + +Thu Oct 28 16:08:20 CEST 1999 Werner Koch + + * random.c (fast_random_poll): Check whether RUSAGE_SELF is defined; + this is not the case for some ESIX and Unixware, although they have + getrusage(). + + * elgamal.c (sign): Hugh found strange code here. Replaced by BUG(). + +Mon Oct 11 09:24:12 CEST 1999 Werner Koch + + * rndw32.c (gather_random): Handle PCP_SEEDER_TOO_SMALL. + +Sat Oct 9 20:34:41 CEST 1999 Werner Koch + + * Makefile.am: Tweaked module build and removed libtool + +Fri Oct 8 20:32:01 CEST 1999 Werner Koch + + * rndw32.c (load_and_init_winseed): Use the Registry to locate the DLL + +Mon Oct 4 21:23:04 CEST 1999 Werner Koch + + * md.c (md_reset): Clear finalized; thanks to Ulf Moeller for + fixing this bug. + +Sat Sep 18 12:51:51 CEST 1999 Werner Koch + + + * Makefile.am: Never compile mingw32 as module + +Wed Sep 15 14:39:59 CEST 1999 Michael Roth + + * des.c: Various speed improvements: One bit pre rotation + trick after initial permutation (Richard Outerbridge). + Finished test of SSLeay Tripple-DES patterns. + +Wed Sep 15 16:22:17 CEST 1999 Werner Koch * rndw32.c: New. diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 3d9a5cb93..f3b087eb8 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -3,17 +3,10 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -noinst_LTLIBRARIES = libcipher.la +noinst_LIBRARIES = libcipher.a -# The configure script greps the module names from the following lines. -# You must also add all these names to EXTRA_PROGRAMS some lines below -# and EXTRA_foo_SOURCES entries. -# Hmmm is there a more easy way to do this? (EXTRA_PROGRAMS -# might also list programs which are not modules) -# MODULES: rndunix rndlinux rndegd rndw32 -# MODULES: sha1 rmd160 md5 tiger -EXTRA_PROGRAMS = rndunix rndlinux rndegd rndw32 \ - sha1 rmd160 md5 tiger +# The configure script greps the module names from the EXTRA_PROGRAMS line +EXTRA_PROGRAMS = rndlinux rndunix rndegd rndw32 sha1 rmd160 md5 tiger EXTRA_rndlinux_SOURCES = rndlinux.c EXTRA_rndunix_SOURCES = rndunix.c @@ -34,8 +27,8 @@ endif DYNLINK_MOD_CFLAGS = -DIS_MODULE @DYNLINK_MOD_CFLAGS@ -libcipher_la_LDFLAGS = -libcipher_la_SOURCES = cipher.c \ +#libcipher_a_LDFLAGS = +libcipher_a_SOURCES = cipher.c \ pubkey.c \ md.c \ dynload.c \ @@ -65,8 +58,8 @@ libcipher_la_SOURCES = cipher.c \ BUILT_SOURCES = construct.c -libcipher_la_DEPENDENCIES = @STATIC_CIPHER_OBJS@ -libcipher_la_LIBADD = @STATIC_CIPHER_OBJS@ +libcipher_a_DEPENDENCIES = @STATIC_CIPHER_OBJS@ +libcipher_a_LIBADD = @STATIC_CIPHER_OBJS@ # If I remember it correct, automake 1.4 has a feature to set @@ -74,7 +67,7 @@ libcipher_la_LIBADD = @STATIC_CIPHER_OBJS@ tiger: $(srcdir)/tiger.c `echo $(COMPILE) $(DYNLINK_MOD_CFLAGS) -o tiger $(srcdir)/tiger.c | \ - sed -e 's/-O[2-9s]*/-O1/g' ` + sed -e 's/-O[2-9s]*/-O/g' ` tiger.o: $(srcdir)/tiger.c `echo $(COMPILE) -c $(srcdir)/tiger.c | sed -e 's/-O[2-9s]*/-O1/g' ` @@ -99,4 +92,3 @@ rndlinux: $(srcdir)/rndlinux.c rndegd: $(srcdir)/rndegd.c $(COMPILE) $(DYNLINK_MOD_CFLAGS) -o rndegd $(srcdir)/rndegd.c - diff --git a/cipher/blowfish.c b/cipher/blowfish.c index 5a829d413..0cb5a861f 100644 --- a/cipher/blowfish.c +++ b/cipher/blowfish.c @@ -43,9 +43,6 @@ #define CIPHER_ALGO_BLOWFISH 4 /* blowfish 128 bit key */ -#define FNCCAST_SETKEY(f) (int(*)(void*, byte*, unsigned))(f) -#define FNCCAST_CRYPT(f) (void(*)(void*, byte*, byte*))(f) - #define BLOWFISH_BLOCKSIZE 8 #define BLOWFISH_ROUNDS 16 @@ -584,9 +581,12 @@ blowfish_get_info( int algo, size_t *keylen, *keylen = 128; *blocksize = BLOWFISH_BLOCKSIZE; *contextsize = sizeof(BLOWFISH_context); - *r_setkey = FNCCAST_SETKEY(bf_setkey); - *r_encrypt= FNCCAST_CRYPT(encrypt_block); - *r_decrypt= FNCCAST_CRYPT(decrypt_block); + *(int (**)(BLOWFISH_context*, byte*, unsigned))r_setkey + = bf_setkey; + *(void (**)(BLOWFISH_context*, byte*, byte*))r_encrypt + = encrypt_block; + *(void (**)(BLOWFISH_context*, byte*, byte*))r_decrypt + = decrypt_block; if( algo == CIPHER_ALGO_BLOWFISH ) return "BLOWFISH"; diff --git a/cipher/cast5.c b/cipher/cast5.c index 0e602bd2e..329f00ff7 100644 --- a/cipher/cast5.c +++ b/cipher/cast5.c @@ -46,9 +46,6 @@ #define CIPHER_ALGO_CAST5 3 -#define FNCCAST_SETKEY(f) (int(*)(void*, byte*, unsigned))(f) -#define FNCCAST_CRYPT(f) (void(*)(void*, byte*, byte*))(f) - #define CAST5_BLOCKSIZE 8 typedef struct { @@ -610,9 +607,13 @@ cast5_get_info( int algo, size_t *keylen, *keylen = 128; *blocksize = CAST5_BLOCKSIZE; *contextsize = sizeof(CAST5_context); - *r_setkey = FNCCAST_SETKEY(cast_setkey); - *r_encrypt= FNCCAST_CRYPT(encrypt_block); - *r_decrypt= FNCCAST_CRYPT(decrypt_block); + *(int (**)(CAST5_context*, byte*, unsigned))r_setkey + = cast_setkey; + *(void (**)(CAST5_context*, byte*, byte*))r_encrypt + = encrypt_block; + *(void (**)(CAST5_context*, byte*, byte*))r_decrypt + = decrypt_block; + if( algo == CIPHER_ALGO_CAST5 ) return "CAST5"; diff --git a/cipher/des.c b/cipher/des.c index 6e6674923..847a3473e 100644 --- a/cipher/des.c +++ b/cipher/des.c @@ -1,5 +1,5 @@ /* des.c - DES and Triple-DES encryption/decryption Algorithm - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * Please see below for more legal information! * @@ -147,9 +147,6 @@ working_memcmp( const char *a, const char *b, size_t n ) #endif -/* Macros used by the info function. */ -#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned))(f)) -#define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f)) /* @@ -190,105 +187,105 @@ static const char *selftest (void); /* * The s-box values are permuted according to the 'primitive function P' + * and are rotated one bit to the left. */ static u32 sbox1[64] = { - 0x00808200, 0x00000000, 0x00008000, 0x00808202, 0x00808002, 0x00008202, 0x00000002, 0x00008000, - 0x00000200, 0x00808200, 0x00808202, 0x00000200, 0x00800202, 0x00808002, 0x00800000, 0x00000002, - 0x00000202, 0x00800200, 0x00800200, 0x00008200, 0x00008200, 0x00808000, 0x00808000, 0x00800202, - 0x00008002, 0x00800002, 0x00800002, 0x00008002, 0x00000000, 0x00000202, 0x00008202, 0x00800000, - 0x00008000, 0x00808202, 0x00000002, 0x00808000, 0x00808200, 0x00800000, 0x00800000, 0x00000200, - 0x00808002, 0x00008000, 0x00008200, 0x00800002, 0x00000200, 0x00000002, 0x00800202, 0x00008202, - 0x00808202, 0x00008002, 0x00808000, 0x00800202, 0x00800002, 0x00000202, 0x00008202, 0x00808200, - 0x00000202, 0x00800200, 0x00800200, 0x00000000, 0x00008002, 0x00008200, 0x00000000, 0x00808002 + 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000, + 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004, + 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, + 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000, + 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400, + 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, + 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400, + 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004 }; static u32 sbox2[64] = { - 0x40084010, 0x40004000, 0x00004000, 0x00084010, 0x00080000, 0x00000010, 0x40080010, 0x40004010, - 0x40000010, 0x40084010, 0x40084000, 0x40000000, 0x40004000, 0x00080000, 0x00000010, 0x40080010, - 0x00084000, 0x00080010, 0x40004010, 0x00000000, 0x40000000, 0x00004000, 0x00084010, 0x40080000, - 0x00080010, 0x40000010, 0x00000000, 0x00084000, 0x00004010, 0x40084000, 0x40080000, 0x00004010, - 0x00000000, 0x00084010, 0x40080010, 0x00080000, 0x40004010, 0x40080000, 0x40084000, 0x00004000, - 0x40080000, 0x40004000, 0x00000010, 0x40084010, 0x00084010, 0x00000010, 0x00004000, 0x40000000, - 0x00004010, 0x40084000, 0x00080000, 0x40000010, 0x00080010, 0x40004010, 0x40000010, 0x00080010, - 0x00084000, 0x00000000, 0x40004000, 0x00004010, 0x40000000, 0x40080010, 0x40084010, 0x00084000 + 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020, + 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020, + 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, + 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020, + 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000, + 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, + 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020, + 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000 }; static u32 sbox3[64] = { - 0x00000104, 0x04010100, 0x00000000, 0x04010004, 0x04000100, 0x00000000, 0x00010104, 0x04000100, - 0x00010004, 0x04000004, 0x04000004, 0x00010000, 0x04010104, 0x00010004, 0x04010000, 0x00000104, - 0x04000000, 0x00000004, 0x04010100, 0x00000100, 0x00010100, 0x04010000, 0x04010004, 0x00010104, - 0x04000104, 0x00010100, 0x00010000, 0x04000104, 0x00000004, 0x04010104, 0x00000100, 0x04000000, - 0x04010100, 0x04000000, 0x00010004, 0x00000104, 0x00010000, 0x04010100, 0x04000100, 0x00000000, - 0x00000100, 0x00010004, 0x04010104, 0x04000100, 0x04000004, 0x00000100, 0x00000000, 0x04010004, - 0x04000104, 0x00010000, 0x04000000, 0x04010104, 0x00000004, 0x00010104, 0x00010100, 0x04000004, - 0x04010000, 0x04000104, 0x00000104, 0x04010000, 0x00010104, 0x00000004, 0x04010004, 0x00010100 + 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200, + 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208, + 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, + 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000, + 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000, + 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, + 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008, + 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200 }; static u32 sbox4[64] = { - 0x80401000, 0x80001040, 0x80001040, 0x00000040, 0x00401040, 0x80400040, 0x80400000, 0x80001000, - 0x00000000, 0x00401000, 0x00401000, 0x80401040, 0x80000040, 0x00000000, 0x00400040, 0x80400000, - 0x80000000, 0x00001000, 0x00400000, 0x80401000, 0x00000040, 0x00400000, 0x80001000, 0x00001040, - 0x80400040, 0x80000000, 0x00001040, 0x00400040, 0x00001000, 0x00401040, 0x80401040, 0x80000040, - 0x00400040, 0x80400000, 0x00401000, 0x80401040, 0x80000040, 0x00000000, 0x00000000, 0x00401000, - 0x00001040, 0x00400040, 0x80400040, 0x80000000, 0x80401000, 0x80001040, 0x80001040, 0x00000040, - 0x80401040, 0x80000040, 0x80000000, 0x00001000, 0x80400000, 0x80001000, 0x00401040, 0x80400040, - 0x80001000, 0x00001040, 0x00400000, 0x80401000, 0x00000040, 0x00400000, 0x00001000, 0x00401040 + 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001, + 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001, + 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, + 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081, + 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000, + 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, + 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081, + 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080 }; static u32 sbox5[64] = { - 0x00000080, 0x01040080, 0x01040000, 0x21000080, 0x00040000, 0x00000080, 0x20000000, 0x01040000, - 0x20040080, 0x00040000, 0x01000080, 0x20040080, 0x21000080, 0x21040000, 0x00040080, 0x20000000, - 0x01000000, 0x20040000, 0x20040000, 0x00000000, 0x20000080, 0x21040080, 0x21040080, 0x01000080, - 0x21040000, 0x20000080, 0x00000000, 0x21000000, 0x01040080, 0x01000000, 0x21000000, 0x00040080, - 0x00040000, 0x21000080, 0x00000080, 0x01000000, 0x20000000, 0x01040000, 0x21000080, 0x20040080, - 0x01000080, 0x20000000, 0x21040000, 0x01040080, 0x20040080, 0x00000080, 0x01000000, 0x21040000, - 0x21040080, 0x00040080, 0x21000000, 0x21040080, 0x01040000, 0x00000000, 0x20040000, 0x21000000, - 0x00040080, 0x01000080, 0x20000080, 0x00040000, 0x00000000, 0x20040000, 0x01040080, 0x20000080 + 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000, + 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000, + 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, + 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100, + 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100, + 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, + 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000, + 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100 }; static u32 sbox6[64] = { - 0x10000008, 0x10200000, 0x00002000, 0x10202008, 0x10200000, 0x00000008, 0x10202008, 0x00200000, - 0x10002000, 0x00202008, 0x00200000, 0x10000008, 0x00200008, 0x10002000, 0x10000000, 0x00002008, - 0x00000000, 0x00200008, 0x10002008, 0x00002000, 0x00202000, 0x10002008, 0x00000008, 0x10200008, - 0x10200008, 0x00000000, 0x00202008, 0x10202000, 0x00002008, 0x00202000, 0x10202000, 0x10000000, - 0x10002000, 0x00000008, 0x10200008, 0x00202000, 0x10202008, 0x00200000, 0x00002008, 0x10000008, - 0x00200000, 0x10002000, 0x10000000, 0x00002008, 0x10000008, 0x10202008, 0x00202000, 0x10200000, - 0x00202008, 0x10202000, 0x00000000, 0x10200008, 0x00000008, 0x00002000, 0x10200000, 0x00202008, - 0x00002000, 0x00200008, 0x10002008, 0x00000000, 0x10202000, 0x10000000, 0x00200008, 0x10002008 + 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000, + 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010, + 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, + 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000, + 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010, + 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, + 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010, + 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010 }; static u32 sbox7[64] = { - 0x00100000, 0x02100001, 0x02000401, 0x00000000, 0x00000400, 0x02000401, 0x00100401, 0x02100400, - 0x02100401, 0x00100000, 0x00000000, 0x02000001, 0x00000001, 0x02000000, 0x02100001, 0x00000401, - 0x02000400, 0x00100401, 0x00100001, 0x02000400, 0x02000001, 0x02100000, 0x02100400, 0x00100001, - 0x02100000, 0x00000400, 0x00000401, 0x02100401, 0x00100400, 0x00000001, 0x02000000, 0x00100400, - 0x02000000, 0x00100400, 0x00100000, 0x02000401, 0x02000401, 0x02100001, 0x02100001, 0x00000001, - 0x00100001, 0x02000000, 0x02000400, 0x00100000, 0x02100400, 0x00000401, 0x00100401, 0x02100400, - 0x00000401, 0x02000001, 0x02100401, 0x02100000, 0x00100400, 0x00000000, 0x00000001, 0x02100401, - 0x00000000, 0x00100401, 0x02100000, 0x00000400, 0x02000001, 0x02000400, 0x00000400, 0x00100001 + 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800, + 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802, + 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, + 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800, + 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002, + 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, + 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802, + 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002 }; static u32 sbox8[64] = { - 0x08000820, 0x00000800, 0x00020000, 0x08020820, 0x08000000, 0x08000820, 0x00000020, 0x08000000, - 0x00020020, 0x08020000, 0x08020820, 0x00020800, 0x08020800, 0x00020820, 0x00000800, 0x00000020, - 0x08020000, 0x08000020, 0x08000800, 0x00000820, 0x00020800, 0x00020020, 0x08020020, 0x08020800, - 0x00000820, 0x00000000, 0x00000000, 0x08020020, 0x08000020, 0x08000800, 0x00020820, 0x00020000, - 0x00020820, 0x00020000, 0x08020800, 0x00000800, 0x00000020, 0x08020020, 0x00000800, 0x00020820, - 0x08000800, 0x00000020, 0x08000020, 0x08020000, 0x08020020, 0x08000000, 0x00020000, 0x08000820, - 0x00000000, 0x08020820, 0x00020020, 0x08000020, 0x08020000, 0x08000800, 0x08000820, 0x00000000, - 0x08020820, 0x00020800, 0x00020800, 0x00000820, 0x00000820, 0x00020020, 0x08000000, 0x08020800 + 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000, + 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040, + 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, + 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000, + 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040, + 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, + 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000, + 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000 }; - /* * These two tables are part of the 'permuted choice 1' function. * In this implementation several speed improvements are done. @@ -312,10 +309,10 @@ u32 rightkey_swap[16] = /* - * Numbers of left shifts per round for encryption subkey schedule - * To calculate the decryption key scheduling we just reverse the - * ordering of the subkeys so we can omit the table for decryption - * subkey schedule. + * Numbers of left shifts per round for encryption subkeys. + * To calculate the decryption subkeys we just reverse the + * ordering of the calculated encryption subkeys. So their + * is no need for a decryption rotate tab. */ static byte encrypt_rotate_tab[16] = { @@ -373,7 +370,7 @@ static byte weak_keys[64][8] = /* - * Macro to swap bits across two words + * Macro to swap bits across two words. */ #define DO_PERMUTATION(a, temp, b, offset, mask) \ temp = ((a>>offset) ^ b) & mask; \ @@ -382,21 +379,30 @@ static byte weak_keys[64][8] = /* - * This performs the 'initial permutation' for the data to be encrypted or decrypted + * This performs the 'initial permutation' of the data to be encrypted + * or decrypted. Additionally the resulting two words are rotated one bit + * to the left. */ #define INITIAL_PERMUTATION(left, temp, right) \ DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \ DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \ DO_PERMUTATION(right, temp, left, 2, 0x33333333) \ DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \ - DO_PERMUTATION(left, temp, right, 1, 0x55555555) - + right = (right << 1) | (right >> 31); \ + temp = (left ^ right) & 0xaaaaaaaa; \ + right ^= temp; \ + left ^= temp; \ + left = (left << 1) | (left >> 31); /* - * The 'inverse initial permutation' + * The 'inverse initial permutation'. */ #define FINAL_PERMUTATION(left, temp, right) \ - DO_PERMUTATION(left, temp, right, 1, 0x55555555) \ + left = (left << 31) | (left >> 1); \ + temp = (left ^ right) & 0xaaaaaaaa; \ + left ^= temp; \ + right ^= temp; \ + right = (right << 31) | (right >> 1); \ DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \ DO_PERMUTATION(right, temp, left, 2, 0x33333333) \ DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \ @@ -406,22 +412,23 @@ static byte weak_keys[64][8] = /* * A full DES round including 'expansion function', 'sbox substitution' * and 'primitive function P' but without swapping the left and right word. + * Please note: The data in 'from' and 'to' is already rotated one bit to + * the left, done in the initial permutation. */ #define DES_ROUND(from, to, work, subkey) \ - work = ((from<<1) | (from>>31)) ^ *subkey++; \ + work = from ^ *subkey++; \ to ^= sbox8[ work & 0x3f ]; \ to ^= sbox6[ (work>>8) & 0x3f ]; \ to ^= sbox4[ (work>>16) & 0x3f ]; \ to ^= sbox2[ (work>>24) & 0x3f ]; \ - work = ((from>>3) | (from<<29)) ^ *subkey++; \ + work = ((from << 28) | (from >> 4)) ^ *subkey++; \ to ^= sbox7[ work & 0x3f ]; \ to ^= sbox5[ (work>>8) & 0x3f ]; \ to ^= sbox3[ (work>>16) & 0x3f ]; \ to ^= sbox1[ (work>>24) & 0x3f ]; - /* - * Macros to convert 8 bytes from/to 32bit words + * Macros to convert 8 bytes from/to 32bit words. */ #define READ_64BIT_DATA(data, left, right) \ left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \ @@ -433,7 +440,6 @@ static byte weak_keys[64][8] = data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \ data[6] = (right >> 8) &0xff; data[7] = right &0xff; - /* * Handy macros for encryption and decryption of data */ @@ -797,9 +803,7 @@ selftest (void) /* - * Triple-DES test (Do somebody known on official test?) - * - * Note: This test doesn't use tripledes_set3keys() ! + * Self made Triple-DES test (Does somebody known an official test?) */ { int i; @@ -823,10 +827,9 @@ selftest (void) tripledes_ecb_encrypt (des3, input, input); } if (memcmp (input, result, 8)) - return "TRIPLE-DES test failed."; + return "Triple-DES test failed."; } - #if 0 /* * More Triple-DES test. These are testvectors as used by SSLeay, * thanks to Jeroen C. van Gelderen. @@ -894,13 +897,32 @@ selftest (void) { 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b } } }; - /* fixme: do the test */ + + byte result[8]; + int i; + static char error[80]; + tripledes_ctx des3; + + for (i=0; i= orig_nbits ) + BUG(); + + nbytes = (nbits+7)/8; if( DBG_CIPHER ) - log_debug("choosing a random k "); + log_debug("choosing a random k of %u bits", nbits); mpi_sub_ui( p_1, p, 1); for(;;) { - if( DBG_CIPHER ) - progress('.'); if( !rndbuf || nbits < 32 ) { m_free(rndbuf); rndbuf = get_random_bits( nbits, 1, 1 ); } else { /* change only some of the higher bits */ - /* we could imporove this by directly requesting more memory + /* we could impprove this by directly requesting more memory * at the first call to get_random_bits() and use this the here - * maybe it is easier to do this directly in random.c */ + * maybe it is easier to do this directly in random.c + * Anyway, it is highly inlikely that we will ever reach this code + */ char *pp = get_random_bits( 32, 1, 1 ); memcpy( rndbuf,pp, 4 ); m_free(pp); + log_debug("gen_k: tsss, never expected to reach this\n"); } mpi_set_buffer( k, rndbuf, nbytes, 0 ); for(;;) { - /* make sure that the number is of the exact lenght */ - if( mpi_test_bit( k, nbits-1 ) ) - mpi_set_highbit( k, nbits-1 ); - else { - mpi_set_highbit( k, nbits-1 ); - mpi_clear_bit( k, nbits-1 ); - } + /* Hmm, actually we don't need this step here + * because we use k much smaller than p - we do it anyway + * just in case the keep on adding a one to k ;) */ if( !(mpi_cmp( k, p_1 ) < 0) ) { /* check: k < (p-1) */ if( DBG_CIPHER ) progress('+'); @@ -153,6 +214,8 @@ gen_k( MPI p ) if( mpi_gcd( temp, k, p_1 ) ) goto found; /* okay, k is relatively prime to (p-1) */ mpi_add_ui( k, k, 1 ); + if( DBG_CIPHER ) + progress('.'); } } found: @@ -171,7 +234,7 @@ gen_k( MPI p ) * and an array with n-1 factors of (p-1) */ static void -generate( ELG_secret_key *sk, unsigned nbits, MPI **ret_factors ) +generate( ELG_secret_key *sk, unsigned int nbits, MPI **ret_factors ) { MPI p; /* the prime */ MPI p_min1; @@ -179,19 +242,15 @@ generate( ELG_secret_key *sk, unsigned nbits, MPI **ret_factors ) MPI x; /* the secret exponent */ MPI y; MPI temp; - unsigned qbits; + unsigned int qbits; + unsigned int xbits; byte *rndbuf; p_min1 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); temp = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); - if( nbits < 512 ) - qbits = 120; - else if( nbits <= 1024 ) - qbits = 160; - else if( nbits <= 2048 ) - qbits = 200; - else - qbits = 240; + qbits = wiener_map( nbits ); + if( qbits & 1 ) /* better have a even one */ + qbits++; g = mpi_alloc(1); p = generate_elg_prime( 0, nbits, qbits, g, ret_factors ); mpi_sub_ui(p_min1, p, 1); @@ -202,18 +261,26 @@ generate( ELG_secret_key *sk, unsigned nbits, MPI **ret_factors ) * This must be a very good random number because this is the * secret part. The prime is public and may be shared anyway, * so a random generator level of 1 is used for the prime. + * + * I don't see a reason to have a x of about the same size + * as the p. It should be sufficient to have one about the size + * of q or the later used k plus a large safety margin. Decryption + * will be much faster with such an x. */ - x = mpi_alloc_secure( nbits/BITS_PER_MPI_LIMB ); + xbits = qbits * 3 / 2; + if( xbits >= nbits ) + BUG(); + x = mpi_alloc_secure( xbits/BITS_PER_MPI_LIMB ); if( DBG_CIPHER ) - log_debug("choosing a random x "); + log_debug("choosing a random x of size %u", xbits ); rndbuf = NULL; do { if( DBG_CIPHER ) progress('.'); if( rndbuf ) { /* change only some of the higher bits */ - if( nbits < 16 ) {/* should never happen ... */ + if( xbits < 16 ) {/* should never happen ... */ m_free(rndbuf); - rndbuf = get_random_bits( nbits, 2, 1 ); + rndbuf = get_random_bits( xbits, 2, 1 ); } else { char *r = get_random_bits( 16, 2, 1 ); @@ -222,9 +289,9 @@ generate( ELG_secret_key *sk, unsigned nbits, MPI **ret_factors ) } } else - rndbuf = get_random_bits( nbits, 2, 1 ); - mpi_set_buffer( x, rndbuf, (nbits+7)/8, 0 ); - mpi_clear_highbit( x, nbits+1 ); + rndbuf = get_random_bits( xbits, 2, 1 ); + mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 ); + mpi_clear_highbit( x, xbits+1 ); } while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) ); m_free(rndbuf); @@ -311,7 +378,6 @@ decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ) MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); /* output = b/(a^x) mod p */ - mpi_powm( t1, a, skey->x, skey->p ); mpi_invm( t1, t1, skey->p ); mpi_mulm( output, b, t1, skey->p ); @@ -351,8 +417,10 @@ sign(MPI a, MPI b, MPI input, ELG_secret_key *skey ) mpi_powm( a, skey->g, k, skey->p ); mpi_mul(t, skey->x, a ); mpi_subm(t, input, t, p_1 ); - while( mpi_is_neg(t) ) + while( mpi_is_neg(t) ) { + BUG(); /* That is nonsense code - left over from a very early test?*/ mpi_add(t, t, p_1); + } mpi_invm(inv, k, p_1 ); mpi_mulm(b, t, inv, p_1 ); diff --git a/cipher/md.c b/cipher/md.c index be921e4b0..9313fc068 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -291,7 +291,7 @@ md_reset( MD_HANDLE a ) { struct md_digest_list_s *r; - a->bufcount = 0; + a->bufcount = a->finalized = 0; for( r=a->list; r; r = r->next ) { memset( r->context.c, 0, r->contextsize ); (*r->init)( &r->context.c ); diff --git a/cipher/md5.c b/cipher/md5.c index bb930d042..eb09d261c 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -344,10 +344,10 @@ md5_get_info( int algo, size_t *contextsize, *r_asnoid = asn; *r_asnlen = DIM(asn); *r_mdlen = 16; - *r_init = (void (*)(void *))md5_init; - *r_write = (void (*)(void *, byte*, size_t))md5_write; - *r_final = (void (*)(void *))md5_final; - *r_read = (byte *(*)(void *))md5_read; + *(void (**)(MD5_CONTEXT *))r_init = md5_init; + *(void (**)(MD5_CONTEXT *, byte*, size_t))r_write = md5_write; + *(void (**)(MD5_CONTEXT *))r_final = md5_final; + *(byte *(**)(MD5_CONTEXT *))r_read = md5_read; return "MD5"; } diff --git a/cipher/primegen.c b/cipher/primegen.c index 9bf108531..b6c569de7 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -38,11 +38,24 @@ static int check_prime( MPI prime, MPI val_2 ); static int is_prime( MPI n, int steps, int *count ); static void m_out_of_n( char *array, int m, int n ); +static void (*progress_cb) ( void *, int ); +static void *progress_cb_data; + +void +register_primegen_progress ( void (*cb)( void *, int), void *cb_data ) +{ + progress_cb = cb; + progress_cb_data = cb_data; +} + static void progress( int c ) { - fputc( c, stderr ); + if ( progress_cb ) + progress_cb ( progress_cb_data, c ); + else + fputc( c, stderr ); } @@ -117,8 +130,8 @@ generate_elg_prime( int mode, unsigned pbits, unsigned qbits, log_debug("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n", pbits, req_qbits, qbits, fbits, n ); prime = mpi_alloc( (pbits + BITS_PER_MPI_LIMB - 1) / BITS_PER_MPI_LIMB ); - q = gen_prime( qbits, 0, 1 ); - q_factor = mode==1? gen_prime( req_qbits, 0, 1 ) : NULL; + q = gen_prime( qbits, 0, 0 ); + q_factor = mode==1? gen_prime( req_qbits, 0, 0 ) : NULL; /* allocate an array to hold the factors + 2 for later usage */ factors = m_alloc_clear( (n+2) * sizeof *factors ); @@ -145,7 +158,7 @@ generate_elg_prime( int mode, unsigned pbits, unsigned qbits, perms = m_alloc_clear( m ); for(i=0; i < n; i++ ) { perms[i] = 1; - pool[i] = gen_prime( fbits, 0, 1 ); + pool[i] = gen_prime( fbits, 0, 0 ); factors[i] = pool[i]; } } @@ -154,7 +167,7 @@ generate_elg_prime( int mode, unsigned pbits, unsigned qbits, for(i=j=0; i < m && j < n ; i++ ) if( perms[i] ) { if( !pool[i] ) - pool[i] = gen_prime( fbits, 0, 1 ); + pool[i] = gen_prime( fbits, 0, 0 ); factors[j++] = pool[i]; } if( i == n ) { @@ -177,7 +190,7 @@ generate_elg_prime( int mode, unsigned pbits, unsigned qbits, count1 = 0; qbits++; progress('>'); - q = gen_prime( qbits, 0, 1 ); + q = gen_prime( qbits, 0, 0 ); goto next_try; } } @@ -188,7 +201,7 @@ generate_elg_prime( int mode, unsigned pbits, unsigned qbits, count2 = 0; qbits--; progress('<'); - q = gen_prime( qbits, 0, 1 ); + q = gen_prime( qbits, 0, 0 ); goto next_try; } } diff --git a/cipher/random.c b/cipher/random.c index 8ade26c11..be23ddd3e 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -36,15 +36,22 @@ #include #include #include +#include #ifdef HAVE_GETHRTIME #include #endif #ifdef HAVE_GETTIMEOFDAY #include #endif +#ifdef HAVE_CLOCK_GETTIME + #include +#endif #ifdef HAVE_GETRUSAGE #include #endif +#ifdef __MINGW32__ + #include +#endif #include "util.h" #include "rmd.h" #include "ttyio.h" @@ -91,6 +98,9 @@ static size_t pool_writepos; static int pool_filled; static int pool_balance; static int just_mixed; +static int did_initial_extra_seeding; +static char *seed_file_name; +static int allow_seed_file_update; static int secure_alloc; static int quick_test; @@ -264,14 +274,171 @@ mix_pool(byte *pool) } +void +set_random_seed_file( const char *name ) +{ + if( seed_file_name ) + BUG(); + seed_file_name = m_strdup( name ); +} + +/**************** + * Read in a seed form the random_seed file + * and return true if this was successful + */ +static int +read_seed_file() +{ + int fd; + struct stat sb; + unsigned char buffer[POOLSIZE]; + int n; + + if( !seed_file_name ) + return 0; + + #ifdef HAVE_DOSISH_SYSTEM + fd = open( seed_file_name, O_RDONLY | O_BINARY ); + #else + fd = open( seed_file_name, O_RDONLY ); + #endif + if( fd == -1 && errno == ENOENT) { + allow_seed_file_update = 1; + return 0; + } + + if( fd == -1 ) { + log_info(_("can't open `%s': %s\n"), seed_file_name, strerror(errno) ); + return 0; + } + if( fstat( fd, &sb ) ) { + log_info(_("can't stat `%s': %s\n"), seed_file_name, strerror(errno) ); + close(fd); + return 0; + } + if( !S_ISREG(sb.st_mode) ) { + log_info(_("`%s' is not a regular file - ignored\n"), seed_file_name ); + close(fd); + return 0; + } + if( !sb.st_size ) { + log_info(_("note: random_seed file is empty\n") ); + close(fd); + allow_seed_file_update = 1; + return 0; + } + if( sb.st_size != POOLSIZE ) { + log_info(_("warning: invalid size of random_seed file - not used\n") ); + close(fd); + return 0; + } + do { + n = read( fd, buffer, POOLSIZE ); + } while( n == -1 && errno == EINTR ); + if( n != POOLSIZE ) { + log_fatal(_("can't read `%s': %s\n"), seed_file_name,strerror(errno) ); + close(fd); + return 0; + } + + close(fd); + + add_randomness( buffer, POOLSIZE, 0 ); + /* add some minor entropy to the pool now (this will also force a mixing) */ + { pid_t x = getpid(); + add_randomness( &x, sizeof(x), 0 ); + } + { time_t x = time(NULL); + add_randomness( &x, sizeof(x), 0 ); + } + { clock_t x = clock(); + add_randomness( &x, sizeof(x), 0 ); + } + /* And read a few bytes from our entropy source. By using + * a level of 0 this will not block and might not return anything + * with some entropy drivers, however the rndlinux driver will use + * /dev/urandom and return some stuff - Do not read to much as we + * want to be friendly to the scare system entropy resource. */ + read_random_source( 0, 16, 0 ); + + allow_seed_file_update = 1; + return 1; +} + +void +update_random_seed_file() +{ + ulong *sp, *dp; + int fd, i; + + if( !seed_file_name || !is_initialized || !pool_filled ) + return; + if( !allow_seed_file_update ) { + log_info(_("note: random_seed file not updated\n")); + return; + } + + + /* copy the entropy pool to a scratch pool and mix both of them */ + for(i=0,dp=(ulong*)keypool, sp=(ulong*)rndpool; + i < POOLWORDS; i++, dp++, sp++ ) { + *dp = *sp + ADD_VALUE; + } + mix_pool(rndpool); rndstats.mixrnd++; + mix_pool(keypool); rndstats.mixkey++; + + #ifdef HAVE_DOSISH_SYSTEM + fd = open( seed_file_name, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, + S_IRUSR|S_IWUSR ); + #else + fd = open( seed_file_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR ); + #endif + if( fd == -1 ) { + log_info(_("can't create `%s': %s\n"), seed_file_name, strerror(errno) ); + return; + } + do { + i = write( fd, keypool, POOLSIZE ); + } while( i == -1 && errno == EINTR ); + if( i != POOLSIZE ) { + log_info(_("can't write `%s': %s\n"), seed_file_name, strerror(errno) ); + } + if( close(fd) ) + log_info(_("can't close `%s': %s\n"), seed_file_name, strerror(errno) ); +} + + static void read_pool( byte *buffer, size_t length, int level ) { int i; ulong *sp, *dp; - if( length >= POOLSIZE ) - BUG(); /* not allowed */ + if( length >= POOLSIZE ) { + log_fatal(_("too many random bits requested; the limit is %d\n"), + POOLSIZE*8-1 ); + } + + if( !pool_filled ) { + if( read_seed_file() ) + pool_filled = 1; + } + + /* For level 2 quality (key generation) we alwas make + * sure that the pool has been seeded enough initially */ + if( level == 2 && !did_initial_extra_seeding ) { + size_t needed; + + pool_balance = 0; + needed = length - pool_balance; + if( needed < POOLSIZE/2 ) + needed = POOLSIZE/2; + else if( needed > POOLSIZE ) + BUG(); + read_random_source( 3, needed, 2 ); + pool_balance += needed; + did_initial_extra_seeding=1; + } /* for level 2 make sure that there is enough random in the pool */ if( level == 2 && pool_balance < length ) { @@ -336,6 +503,12 @@ read_pool( byte *buffer, size_t length, int level ) /**************** * Add LENGTH bytes of randomness from buffer to the pool. * source may be used to specify the randomness source. + * Source is: + * 0 - used ony for initialization + * 1 - fast random poll function + * 2 - normal poll function + * 3 - used when level 2 random quality has been requested + * to do an extra pool seed. */ static void add_randomness( const void *buffer, size_t length, int source ) @@ -399,6 +572,13 @@ fast_random_poll() add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 ); add_randomness( &tv.tv_usec, sizeof(tv.tv_usec), 1 ); } + #elif HAVE_CLOCK_GETTIME + { struct timespec tv; + if( clock_gettime( CLOCK_REALTIME, &tv ) == -1 ) + BUG(); + add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 ); + add_randomness( &tv.tv_nsec, sizeof(tv.tv_nsec), 1 ); + } #else /* use times */ #ifndef HAVE_DOSISH_SYSTEM { struct tms buf; @@ -408,13 +588,28 @@ fast_random_poll() #endif #endif #ifdef HAVE_GETRUSAGE + #ifndef RUSAGE_SELF + #ifdef __GCC__ + #warning There is no RUSAGE_SELF on this system + #endif + #else { struct rusage buf; if( getrusage( RUSAGE_SELF, &buf ) ) BUG(); add_randomness( &buf, sizeof buf, 1 ); memset( &buf, 0, sizeof buf ); } + #endif #endif + /* time and clock are availabe on all systems - so + * we better do it just in case one of the above functions + * didn't work */ + { time_t x = time(NULL); + add_randomness( &x, sizeof(x), 1 ); + } + { clock_t x = clock(); + add_randomness( &x, sizeof(x), 1 ); + } } diff --git a/cipher/random.h b/cipher/random.h index 649325c58..cf80bd98d 100644 --- a/cipher/random.h +++ b/cipher/random.h @@ -25,6 +25,8 @@ /*-- random.c --*/ void random_dump_stats(void); void secure_random_alloc(void); +void set_random_seed_file(const char *); +void update_random_seed_file(void); int quick_random_gen( int onoff ); int random_is_faked(void); void randomize_buffer( byte *buffer, size_t length, int level ); diff --git a/cipher/rmd160.c b/cipher/rmd160.c index ecd65b35d..fba910d7e 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -562,10 +562,10 @@ rmd160_get_info( int algo, size_t *contextsize, *r_asnoid = asn; *r_asnlen = DIM(asn); *r_mdlen = 20; - *r_init = (void (*)(void *))rmd160_init; - *r_write = (void (*)(void *, byte*, size_t))rmd160_write; - *r_final = (void (*)(void *))rmd160_final; - *r_read = (byte *(*)(void *))rmd160_read; + *(void (**)(RMD160_CONTEXT *))r_init = rmd160_init; + *(void (**)(RMD160_CONTEXT *, byte*, size_t))r_write = rmd160_write; + *(void (**)(RMD160_CONTEXT *))r_final = rmd160_final; + *(byte *(**)(RMD160_CONTEXT *))r_read = rmd160_read; return "RIPEMD160"; } diff --git a/cipher/rndegd.c b/cipher/rndegd.c index 7f2598f60..97395b959 100644 --- a/cipher/rndegd.c +++ b/cipher/rndegd.c @@ -83,9 +83,13 @@ do_read( int fd, void *buf, size_t nbytes ) -/* Note: we always use the highest level. +/**************** + * Note: we always use the highest level. * TO boost the performance we may want to add some * additional code for level 1 + * + * Using a level of 0 should never block and better add nothing + * to the pool. So this is just a dummy for EGD. */ static int gather_random( void (*add)(const void*, size_t, int), int requester, @@ -99,7 +103,8 @@ gather_random( void (*add)(const void*, size_t, int), int requester, if( !length ) return 0; - + if( !level ) + return 0; restart: if( do_restart ) { diff --git a/cipher/rndlinux.c b/cipher/rndlinux.c index 78fee1567..6f80a8def 100644 --- a/cipher/rndlinux.c +++ b/cipher/rndlinux.c @@ -89,6 +89,10 @@ open_device( const char *name, int minor ) } +/**************** + * Note: Using a level of 0 should never block and better add nothing + * to the pool. This is easy to accomplish with /dev/urandom. + */ static int gather_random( void (*add)(const void*, size_t, int), int requester, size_t length, int level ) @@ -106,6 +110,8 @@ gather_random( void (*add)(const void*, size_t, int), int requester, fd = fd_random; } else { + /* this will also be used for elve 0 but by using /dev/urandom + * we can be sure that oit will never block. */ if( fd_urandom == -1 ) fd_urandom = open_device( NAME_OF_DEV_URANDOM, 9 ); fd = fd_urandom; diff --git a/cipher/rndunix.c b/cipher/rndunix.c index 46f80eab2..59a924e00 100644 --- a/cipher/rndunix.c +++ b/cipher/rndunix.c @@ -75,9 +75,9 @@ #ifndef __QNX__ #include #endif /* __QNX__ */ -#ifdef _AIX +#if defined( _AIX ) || defined( __QNX__ ) #include -#endif /* _AIX */ +#endif /* _AIX || __QNX__ */ #ifndef __QNX__ #include #include @@ -89,6 +89,10 @@ #endif /* __hpux 9.x, after that it's in unistd.h */ #include /* #include */ +#ifdef __QNX__ +#include +#include +#endif /* __QNX__ */ #include #include "types.h" /* for byte and u32 typedefs */ @@ -716,6 +720,10 @@ read_a_msg( int fd, GATHER_MSG *msg ) } +/**************** + * Using a level of 0 should never block and better add nothing + * to the pool. So this is just a dummy for this gatherer. + */ static int gather_random( void (*add)(const void*, size_t, int), int requester, size_t length, int level ) @@ -725,6 +733,9 @@ gather_random( void (*add)(const void*, size_t, int), int requester, GATHER_MSG msg; size_t n; + if( !level ) + return 0; + if( !gatherer_pid ) { /* make sure we are not setuid */ if( getuid() != geteuid() ) diff --git a/cipher/rndw32.c b/cipher/rndw32.c new file mode 100644 index 000000000..755d399fc --- /dev/null +++ b/cipher/rndw32.c @@ -0,0 +1,958 @@ +/* rndw32.c - W32 entropy gatherer + * Copyright (C) 1999, 2000 Free Software Foundation, Inc. + * Copyright Peter Gutmann, Matt Thomlinson and Blake Coverett 1996-1999 + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + ************************************************************************* + * The code here is based on code from Cryptlib 3.0 beta by Peter Gutmann. + * Source file misc/rndwin32.c "Win32 Randomness-Gathering Code" with this + * copyright notice: + * + * This module is part of the cryptlib continuously seeded pseudorandom + * number generator. For usage conditions, see lib_rand.c + * + * [Here is the notice from lib_rand.c, which is now called dev_sys.c] + * + * This module and the misc/rnd*.c modules represent the cryptlib + * continuously seeded pseudorandom number generator (CSPRNG) as described in + * my 1998 Usenix Security Symposium paper "The generation of random numbers + * for cryptographic purposes". + * + * The CSPRNG code is copyright Peter Gutmann (and various others) 1996, + * 1997, 1998, 1999, all rights reserved. Redistribution of the CSPRNG + * modules and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice + * and this permission notice in its entirety. + * + * 2. Redistributions in binary form must reproduce the copyright notice in + * the documentation and/or other materials provided with the distribution. + * + * 3. A copy of any bugfixes or enhancements made must be provided to the + * author, to allow them to be added to the + * baseline version of the code. + * + * ALTERNATIVELY, the code may be distributed under the terms of the GNU + * General Public License, version 2 or any later version published by the + * Free Software Foundation, in which case the provisions of the GNU GPL are + * required INSTEAD OF the above restrictions. + * + * Although not required under the terms of the GPL, it would still be nice if + * you could make any changes available to the author to allow a consistent + * code base to be maintained + ************************************************************************* + */ + +#include +#include +#include +#include +#include +#include + +#include + + +#include "types.h" +#include "util.h" +#include "dynload.h" + +/* We do not use the netropy DLL anymore because a standalone program is + * easier to maintain and */ +/*#define USE_ENTROPY_DLL*/ + + + +#ifdef IS_MODULE + #define _(a) (a) +#else + #include "i18n.h" +#endif + + +static int debug_me; + +#ifdef USE_ENTROPY_DLL + +#define WIN32_SLOW_SEEDER 0 +#define WIN32_FAST_SEEDER 1 + +#define PCP_SUCCESS 0 +#define PCP_NULL_POINTER 1 +#define PCP_SEEDER_FAILED 2 +#define PCP_SEEDER_NO_MEM 3 +#define PCP_SEEDER_TOO_SMALL 4 +#define PCP_DLL_LOAD_FAILED 5 +#define PCP_UNKNOWN_PLATFORM 6 +#define PCP_ERROR_VERSION 7 +#define PCP_DLL_FUNC 8 +#define PCP_UNKNOWN_SEEDER_TYPE 9 + + +/**************** + * We sometimes get a SEEDER_TOO_SMALL error, in which case we increment + * the internal buffer by SEEDER_INC_CHUNK until we reach MAX_SEEDER_SIZE + * MAX_SEEDER_SIZE is used as an arbitrary limit to protect against + * bugs in Winseed. + */ +#define MAX_SEEDER_SIZE 500000 +#define SEEDER_INC_CHUNK 50000 + + +typedef void *WIN32_SEEDER; + +static WIN32_SEEDER (WINAPI *create_instance)( byte type, unsigned int *reason); +static void (WINAPI *delete_instance)( WIN32_SEEDER that ); +static unsigned int (WINAPI *get_internal_seed_size)( WIN32_SEEDER that ); +static void (WINAPI *set_internal_seed_size)( WIN32_SEEDER that, + unsigned int new_size); +static unsigned int (WINAPI *get_expected_seed_size)( WIN32_SEEDER that); +static unsigned int (WINAPI *get_seed)( WIN32_SEEDER that, byte *buffer, + unsigned int *desired_length); + +static WIN32_SEEDER slow_seeder, fast_seeder; +static byte *entropy_buffer; +static size_t entropy_buffer_size; + +/**************** + * Load and initialize the winseed DLL + * NOTE: winseed is not part of the GnuPG distribution. It should be available + * at the GNU crypto FTP server site. + * We do not load the DLL on demand to have a better control over the + * location of the library. + */ +static void +load_and_init_winseed( void ) +{ + HANDLE hInstance; + void *addr; + unsigned int reason = 0; + unsigned int n1, n2; + const char *dllname; + + dllname = read_w32_registry_string( "HKEY_LOCAL_MACHINE", + "Software\\GNU\\GnuPG", + "EntropyDLL" ); + if( !dllname ) + dllname = "c:/gnupg/entropy.dll"; + + hInstance = LoadLibrary( dllname ); + if( !hInstance ) + goto failure; + if( !(addr = GetProcAddress( hInstance, "WS_create_instance" )) ) + goto failure; + create_instance = addr; + if( !(addr = GetProcAddress( hInstance, "WS_delete_instance" )) ) + goto failure; + delete_instance = addr; + if( !(addr = GetProcAddress( hInstance, "WS_get_internal_seed_size" )) ) + goto failure; + get_internal_seed_size = addr; + if( !(addr = GetProcAddress( hInstance, "WS_set_internal_seed_size" )) ) + goto failure; + set_internal_seed_size = addr; + if( !(addr = GetProcAddress( hInstance, "WS_get_expected_seed_size" )) ) + goto failure; + get_expected_seed_size = addr; + if( !(addr = GetProcAddress( hInstance, "WS_get_seed" )) ) + goto failure; + get_seed = addr; + + /* we have all the functions - init the system */ + slow_seeder = create_instance( WIN32_SLOW_SEEDER, &reason); + if( !slow_seeder ) { + g10_log_fatal("error creating winseed slow seeder: rc=%u\n", reason ); + goto failure; + } + fast_seeder = create_instance( WIN32_FAST_SEEDER, &reason); + if( !fast_seeder ) { + g10_log_fatal("error creating winseed fast seeder: rc=%u\n", reason ); + goto failure; + } + n1 = get_internal_seed_size( slow_seeder ); + /*g10_log_info("slow buffer size=%u\n", n1);*/ + n2 = get_internal_seed_size( fast_seeder ); + /*g10_log_info("fast buffer size=%u\n", n2);*/ + + entropy_buffer_size = n1 > n2? n1: n2; + entropy_buffer = m_alloc( entropy_buffer_size ); + /*g10_log_info("using a buffer of size=%u\n", entropy_buffer_size );*/ + + return; + + failure: + g10_log_fatal("error loading winseed DLL `%s'\n", dllname ); +} + + + + + +/* Note: we always use the highest level. + * TO boost the performance we may want to add some + * additional code for level 1 + */ +static int +gather_random( void (*add)(const void*, size_t, int), int requester, + size_t length, int level ) +{ + unsigned int result; + unsigned int nbytes; + + if( !level ) + return 0; + + if( !slow_seeder ) + load_and_init_winseed(); + + /* Our estimation on how much entropy we should use is very vague. + * Winseed delivers some amount of entropy on each slow poll and + * we add it to our random pool. Depending on the required quality + * level we adjust the requested length so that for higher quality + * we make sure to add more entropy to our pool. However, as we don't + * like to waste any entropy collected by winseed, we always add + * at least everything we got from winseed. + */ + if( level > 1 ) + length *= 100; + else if( level > 0 ) + length *= 10; + + for(;;) { + nbytes = entropy_buffer_size; + result = get_seed( slow_seeder, entropy_buffer, &nbytes); + if( result == PCP_SEEDER_TOO_SMALL ) { + unsigned int n1 = get_internal_seed_size( slow_seeder ); + + if( n1 > MAX_SEEDER_SIZE ) { + g10_log_fatal("rndw32: internal seeder problem (size=%u)\n", + n1); + return -1; /* actually never reached */ + } + n1 += SEEDER_INC_CHUNK; + set_internal_seed_size( slow_seeder, n1 ); + if( n1 > entropy_buffer_size ) { + entropy_buffer_size = n1; + entropy_buffer = m_realloc( entropy_buffer, + entropy_buffer_size ); + } + continue; + } + + + if( result ) { + g10_log_fatal("rndw32: get_seed(slow) failed: rc=%u\n", result); + return -1; /* actually never reached */ + } + /*g10_log_info("rndw32: slow poll level %d, need %u, got %u\n", + level, (unsigned int)length, (unsigned int)nbytes );*/ + (*add)( entropy_buffer, nbytes, requester ); + if( length <= nbytes ) + return 0; /* okay */ + length -= nbytes; + } +} + +static int +gather_random_fast( void (*add)(const void*, size_t, int), int requester ) +{ + unsigned int result; + unsigned int nbytes; + + if( !fast_seeder ) + load_and_init_winseed(); + + /* winseed delivers a constant ammount of entropy for a fast + * poll. We can simply use this and add it to the pool; no need + * a loop like it is used in the slow poll */ + nbytes = entropy_buffer_size; + result = get_seed( fast_seeder, entropy_buffer, &nbytes); + if( result ) { + g10_log_fatal("rndw32: get_seed(fast) failed: rc=%u\n", result); + return -1; /* actually never reached */ + } + /*g10_log_info("rndw32: fast poll got %u\n", (unsigned int)nbytes );*/ + (*add)( entropy_buffer, nbytes, requester ); + return 0; +} + +#else /* !USE_ENTROPY_DLL */ +/* This is the new code which does not require the entropy.dll */ + +/* + * Definitions which are missing from the current GNU Windows32Api + */ + +#define TH32CS_SNAPHEAPLIST 1 +#define TH32CS_SNAPPROCESS 2 +#define TH32CS_SNAPTHREAD 4 +#define TH32CS_SNAPMODULE 8 +#define TH32CS_SNAPALL (1|2|4|8) +#define TH32CS_INHERIT 0x80000000 + +#define IOCTL_DISK_PERFORMANCE 0x00070020 +#define VER_PLATFORM_WIN32_WINDOWS 1 + + +typedef struct { + DWORD dwSize; + DWORD th32ProcessID; + DWORD th32HeapID; + DWORD dwFlags; +} HEAPLIST32; + +typedef struct { + DWORD dwSize; + HANDLE hHandle; + DWORD dwAddress; + DWORD dwBlockSize; + DWORD dwFlags; + DWORD dwLockCount; + DWORD dwResvd; + DWORD th32ProcessID; + DWORD th32HeapID; +} HEAPENTRY32; + +typedef struct { + DWORD dwSize; + DWORD cntUsage; + DWORD th32ProcessID; + DWORD th32DefaultHeapID; + DWORD th32ModuleID; + DWORD cntThreads; + DWORD th32ParentProcessID; + LONG pcPriClassBase; + DWORD dwFlags; + char szExeFile[260]; +} PROCESSENTRY32; + +typedef struct { + DWORD dwSize; + DWORD cntUsage; + DWORD th32ThreadID; + DWORD th32OwnerProcessID; + LONG tpBasePri; + LONG tpDeltaPri; + DWORD dwFlags; +} THREADENTRY32; + +typedef struct { + DWORD dwSize; + DWORD th32ModuleID; + DWORD th32ProcessID; + DWORD GlblcntUsage; + DWORD ProccntUsage; + BYTE *modBaseAddr; + DWORD modBaseSize; + HMODULE hModule; + char szModule[256]; + char szExePath[260]; +} MODULEENTRY32; + + + +/* Type definitions for function pointers to call Toolhelp32 functions + * used with the windows95 gatherer */ +typedef BOOL (WINAPI * MODULEWALK) (HANDLE hSnapshot, MODULEENTRY32 *lpme); +typedef BOOL (WINAPI * THREADWALK) (HANDLE hSnapshot, THREADENTRY32 *lpte); +typedef BOOL (WINAPI * PROCESSWALK) (HANDLE hSnapshot, PROCESSENTRY32 *lppe); +typedef BOOL (WINAPI * HEAPLISTWALK) (HANDLE hSnapshot, HEAPLIST32 *lphl); +typedef BOOL (WINAPI * HEAPFIRST) (HEAPENTRY32 *lphe, DWORD th32ProcessID, + DWORD th32HeapID); +typedef BOOL (WINAPI * HEAPNEXT) (HEAPENTRY32 *lphe); +typedef HANDLE (WINAPI * CREATESNAPSHOT) (DWORD dwFlags, DWORD th32ProcessID); + +/* Type definitions for function pointers to call NetAPI32 functions */ +typedef DWORD (WINAPI * NETSTATISTICSGET) (LPWSTR szServer, LPWSTR szService, + DWORD dwLevel, DWORD dwOptions, + LPBYTE * lpBuffer); +typedef DWORD (WINAPI * NETAPIBUFFERSIZE) (LPVOID lpBuffer, LPDWORD cbBuffer); +typedef DWORD (WINAPI * NETAPIBUFFERFREE) (LPVOID lpBuffer); + + +/* When we query the performance counters, we allocate an initial buffer and + * then reallocate it as required until RegQueryValueEx() stops returning + * ERROR_MORE_DATA. The following values define the initial buffer size and + * step size by which the buffer is increased + */ +#define PERFORMANCE_BUFFER_SIZE 65536 /* Start at 64K */ +#define PERFORMANCE_BUFFER_STEP 16384 /* Step by 16K */ + + +static void +slow_gatherer_windows95( void (*add)(const void*, size_t, int), int requester ) +{ + static CREATESNAPSHOT pCreateToolhelp32Snapshot = NULL; + static MODULEWALK pModule32First = NULL; + static MODULEWALK pModule32Next = NULL; + static PROCESSWALK pProcess32First = NULL; + static PROCESSWALK pProcess32Next = NULL; + static THREADWALK pThread32First = NULL; + static THREADWALK pThread32Next = NULL; + static HEAPLISTWALK pHeap32ListFirst = NULL; + static HEAPLISTWALK pHeap32ListNext = NULL; + static HEAPFIRST pHeap32First = NULL; + static HEAPNEXT pHeap32Next = NULL; + HANDLE hSnapshot; + + + /* initialize the Toolhelp32 function pointers */ + if ( !pCreateToolhelp32Snapshot ) { + HANDLE hKernel; + + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_95: init toolkit\n" ); + + /* Obtain the module handle of the kernel to retrieve the addresses + * of the Toolhelp32 functions */ + if ( ( !(hKernel = GetModuleHandle ("KERNEL32.DLL"))) ) { + g10_log_fatal ( "rndw32: can't get module handle\n" ); + } + + /* Now get pointers to the functions */ + pCreateToolhelp32Snapshot = (CREATESNAPSHOT) GetProcAddress (hKernel, + "CreateToolhelp32Snapshot"); + pModule32First = (MODULEWALK) GetProcAddress (hKernel, "Module32First"); + pModule32Next = (MODULEWALK) GetProcAddress (hKernel, "Module32Next"); + pProcess32First = (PROCESSWALK) GetProcAddress (hKernel, + "Process32First"); + pProcess32Next = (PROCESSWALK) GetProcAddress (hKernel, + "Process32Next"); + pThread32First = (THREADWALK) GetProcAddress (hKernel, "Thread32First"); + pThread32Next = (THREADWALK) GetProcAddress (hKernel, "Thread32Next"); + pHeap32ListFirst = (HEAPLISTWALK) GetProcAddress (hKernel, + "Heap32ListFirst"); + pHeap32ListNext = (HEAPLISTWALK) GetProcAddress (hKernel, + "Heap32ListNext"); + pHeap32First = (HEAPFIRST) GetProcAddress (hKernel, "Heap32First"); + pHeap32Next = (HEAPNEXT) GetProcAddress (hKernel, "Heap32Next"); + + if ( !pCreateToolhelp32Snapshot + || !pModule32First || !pModule32Next + || !pProcess32First || !pProcess32Next + || !pThread32First || !pThread32Next + || !pHeap32ListFirst || !pHeap32ListNext + || !pHeap32First || !pHeap32Next ) { + g10_log_fatal ( "rndw32: failed to get a toolhep function\n" ); + } + } + + /* Take a snapshot of everything we can get to which is currently + * in the system */ + if ( !(hSnapshot = pCreateToolhelp32Snapshot (TH32CS_SNAPALL, 0)) ) { + g10_log_fatal ( "rndw32: failed to take a toolhelp snapshot\n" ); + } + + /* Walk through the local heap */ + { HEAPLIST32 hl32; + hl32.dwSize = sizeof (HEAPLIST32); + if (pHeap32ListFirst (hSnapshot, &hl32)) { + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_95: walk heap\n" ); + do { + HEAPENTRY32 he32; + + /* First add the information from the basic Heaplist32 struct */ + (*add) ( &hl32, sizeof (hl32), requester ); + + /* Now walk through the heap blocks getting information + * on each of them */ + he32.dwSize = sizeof (HEAPENTRY32); + if (pHeap32First (&he32, hl32.th32ProcessID, hl32.th32HeapID)){ + do { + (*add) ( &he32, sizeof (he32), requester ); + } while (pHeap32Next (&he32)); + } + } while (pHeap32ListNext (hSnapshot, &hl32)); + } + } + + + /* Walk through all processes */ + { PROCESSENTRY32 pe32; + pe32.dwSize = sizeof (PROCESSENTRY32); + if (pProcess32First (hSnapshot, &pe32)) { + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_95: walk processes\n" ); + do { + (*add) ( &pe32, sizeof (pe32), requester ); + } while (pProcess32Next (hSnapshot, &pe32)); + } + } + + /* Walk through all threads */ + { THREADENTRY32 te32; + te32.dwSize = sizeof (THREADENTRY32); + if (pThread32First (hSnapshot, &te32)) { + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_95: walk threads\n" ); + do { + (*add) ( &te32, sizeof (te32), requester ); + } while (pThread32Next (hSnapshot, &te32)); + } + } + + /* Walk through all modules associated with the process */ + { MODULEENTRY32 me32; + me32.dwSize = sizeof (MODULEENTRY32); + if (pModule32First (hSnapshot, &me32)) { + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_95: walk modules\n" ); + do { + (*add) ( &me32, sizeof (me32), requester ); + } while (pModule32Next (hSnapshot, &me32)); + } + } + + CloseHandle (hSnapshot); +} + + + +static void +slow_gatherer_windowsNT( void (*add)(const void*, size_t, int), int requester ) +{ + static int is_initialized = 0; + static NETSTATISTICSGET pNetStatisticsGet = NULL; + static NETAPIBUFFERSIZE pNetApiBufferSize = NULL; + static NETAPIBUFFERFREE pNetApiBufferFree = NULL; + static int is_workstation = 1; + + static int cbPerfData = PERFORMANCE_BUFFER_SIZE; + PERF_DATA_BLOCK *pPerfData; + HANDLE hDevice, hNetAPI32 = NULL; + DWORD dwSize, status; + int nDrive; + + if ( !is_initialized ) { + HKEY hKey; + + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_nt: init toolkit\n" ); + /* Find out whether this is an NT server or workstation if necessary */ + if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, + "SYSTEM\\CurrentControlSet\\Control\\ProductOptions", + 0, KEY_READ, &hKey) == ERROR_SUCCESS) { + BYTE szValue[32]; + dwSize = sizeof (szValue); + + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_nt: check product options\n" ); + status = RegQueryValueEx (hKey, "ProductType", 0, NULL, + szValue, &dwSize); + if (status == ERROR_SUCCESS && stricmp (szValue, "WinNT")) { + /* Note: There are (at least) three cases for ProductType: + * WinNT = NT Workstation, ServerNT = NT Server, LanmanNT = + * NT Server acting as a Domain Controller */ + is_workstation = 0; + if ( debug_me ) + log_debug ("rndw32: this is a NT server\n"); + } + RegCloseKey (hKey); + } + + /* Initialize the NetAPI32 function pointers if necessary */ + if ( (hNetAPI32 = LoadLibrary ("NETAPI32.DLL")) ) { + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_nt: netapi32 loaded\n" ); + pNetStatisticsGet = (NETSTATISTICSGET) GetProcAddress (hNetAPI32, + "NetStatisticsGet"); + pNetApiBufferSize = (NETAPIBUFFERSIZE) GetProcAddress (hNetAPI32, + "NetApiBufferSize"); + pNetApiBufferFree = (NETAPIBUFFERFREE) GetProcAddress (hNetAPI32, + "NetApiBufferFree"); + + if ( !pNetStatisticsGet + || !pNetApiBufferSize || !pNetApiBufferFree ) { + FreeLibrary (hNetAPI32); + hNetAPI32 = NULL; + g10_log_debug ("rndw32: No NETAPI found\n" ); + } + } + + is_initialized = 1; + } + + /* Get network statistics. Note: Both NT Workstation and NT Server by + * default will be running both the workstation and server services. The + * heuristic below is probably useful though on the assumption that the + * majority of the network traffic will be via the appropriate service. + * In any case the network statistics return almost no randomness */ + { LPBYTE lpBuffer; + if (hNetAPI32 && !pNetStatisticsGet (NULL, + is_workstation ? L"LanmanWorkstation" : + L"LanmanServer", 0, 0, &lpBuffer) ) { + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_nt: get netstats\n" ); + pNetApiBufferSize (lpBuffer, &dwSize); + (*add) ( lpBuffer, dwSize,requester ); + pNetApiBufferFree (lpBuffer); + } + } + + /* Get disk I/O statistics for all the hard drives */ + for (nDrive = 0;; nDrive++) { + DISK_PERFORMANCE diskPerformance; + char szDevice[50]; + + /* Check whether we can access this device */ + sprintf (szDevice, "\\\\.\\PhysicalDrive%d", nDrive); + hDevice = CreateFile (szDevice, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, + NULL, OPEN_EXISTING, 0, NULL); + if (hDevice == INVALID_HANDLE_VALUE) + break; + + /* Note: This only works if you have turned on the disk performance + * counters with 'diskperf -y'. These counters are off by default */ + if (DeviceIoControl (hDevice, IOCTL_DISK_PERFORMANCE, NULL, 0, + &diskPerformance, sizeof (DISK_PERFORMANCE), + &dwSize, NULL)) + { + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_nt: iostats drive %d\n", + nDrive ); + (*add) ( &diskPerformance, dwSize, requester ); + } + else { + log_info ("NOTE: you should run 'diskperf -y' " + "to enable the disk statistics\n"); + } + CloseHandle (hDevice); + } + + #if 0 /* we don't need this in GnuPG */ + /* Wait for any async keyset driver binding to complete. You may be + * wondering what this call is doing here... the reason it's necessary is + * because RegQueryValueEx() will hang indefinitely if the async driver + * bind is in progress. The problem occurs in the dynamic loading and + * linking of driver DLL's, which work as follows: + * + * hDriver = LoadLibrary( DRIVERNAME ); + * pFunction1 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC1 ); + * pFunction2 = ( TYPE_FUNC1 ) GetProcAddress( hDriver, NAME_FUNC2 ); + * + * If RegQueryValueEx() is called while the GetProcAddress()'s are in + * progress, it will hang indefinitely. This is probably due to some + * synchronisation problem in the NT kernel where the GetProcAddress() + * calls affect something like a module reference count or function + * reference count while RegQueryValueEx() is trying to take a snapshot + * of the statistics, which include the reference counts. Because of + * this, we have to wait until any async driver bind has completed + * before we can call RegQueryValueEx() */ + waitSemaphore (SEMAPHORE_DRIVERBIND); + #endif + + /* Get information from the system performance counters. This can take + * a few seconds to do. In some environments the call to + * RegQueryValueEx() can produce an access violation at some random time + * in the future, adding a short delay after the following code block + * makes the problem go away. This problem is extremely difficult to + * reproduce, I haven't been able to get it to occur despite running it + * on a number of machines. The best explanation for the problem is that + * on the machine where it did occur, it was caused by an external driver + * or other program which adds its own values under the + * HKEY_PERFORMANCE_DATA key. The NT kernel calls the required external + * modules to map in the data, if there's a synchronisation problem the + * external module would write its data at an inappropriate moment, + * causing the access violation. A low-level memory checker indicated + * that ExpandEnvironmentStrings() in KERNEL32.DLL, called an + * interminable number of calls down inside RegQueryValueEx(), was + * overwriting memory (it wrote twice the allocated size of a buffer to a + * buffer allocated by the NT kernel). This may be what's causing the + * problem, but since it's in the kernel there isn't much which can be + * done. + * + * In addition to these problems the code in RegQueryValueEx() which + * estimates the amount of memory required to return the performance + * counter information isn't very accurate, since it always returns a + * worst-case estimate which is usually nowhere near the actual amount + * required. For example it may report that 128K of memory is required, + * but only return 64K of data */ + { pPerfData = m_alloc (cbPerfData); + for (;;) { + dwSize = cbPerfData; + if ( debug_me ) + log_debug ("rndw32#slow_gatherer_nt: get perf data\n" ); + status = RegQueryValueEx (HKEY_PERFORMANCE_DATA, "Global", NULL, + NULL, (LPBYTE) pPerfData, &dwSize); + if (status == ERROR_SUCCESS) { + if (!memcmp (pPerfData->Signature, L"PERF", 8)) { + (*add) ( pPerfData, dwSize, requester ); + } + else + g10_log_debug ( "rndw32: no PERF signature\n"); + break; + } + else if (status == ERROR_MORE_DATA) { + cbPerfData += PERFORMANCE_BUFFER_STEP; + pPerfData = m_realloc (pPerfData, cbPerfData); + } + else { + g10_log_debug ( "rndw32: get performance data problem\n"); + break; + } + } + m_free (pPerfData); + } + /* Although this isn't documented in the Win32 API docs, it's necessary + to explicitly close the HKEY_PERFORMANCE_DATA key after use (it's + implicitly opened on the first call to RegQueryValueEx()). If this + isn't done then any system components which provide performance data + can't be removed or changed while the handle remains active */ + RegCloseKey (HKEY_PERFORMANCE_DATA); +} + + +static int +gather_random( void (*add)(const void*, size_t, int), int requester, + size_t length, int level ) +{ + static int is_initialized; + static int is_windows95; + + + if( !level ) + return 0; + /* We don't differentiate between level 1 and 2 here because + * there is no nternal entropy pool as a scary resource. It may + * all work slower, but because our entropy source will never + * block but deliver some not easy to measure entropy, we assume level 2 + */ + + + if ( !is_initialized ) { + OSVERSIONINFO osvi = { sizeof( osvi ) }; + DWORD platform; + + GetVersionEx( &osvi ); + platform = osvi.dwPlatformId; + is_windows95 = platform == VER_PLATFORM_WIN32_WINDOWS; + + if ( platform == VER_PLATFORM_WIN32s ) { + g10_log_fatal("can't run on a W32s platform\n" ); + } + is_initialized = 1; + if ( debug_me ) + log_debug ("rndw32#gather_random: platform=%d\n", (int)platform ); + } + + + if ( debug_me ) + log_debug ("rndw32#gather_random: req=%d len=%u lvl=%d\n", + requester, (unsigned int)length, level ); + + if (is_windows95 ) { + slow_gatherer_windows95( add, requester ); + } + else { + slow_gatherer_windowsNT( add, requester ); + } + + return 0; +} + + + +static int +gather_random_fast( void (*add)(const void*, size_t, int), int requester ) +{ + static int addedFixedItems = 0; + + if ( debug_me ) + log_debug ("rndw32#gather_random_fast: req=%d\n", requester ); + + /* Get various basic pieces of system information: Handle of active + * window, handle of window with mouse capture, handle of clipboard owner + * handle of start of clpboard viewer list, pseudohandle of current + * process, current process ID, pseudohandle of current thread, current + * thread ID, handle of desktop window, handle of window with keyboard + * focus, whether system queue has any events, cursor position for last + * message, 1 ms time for last message, handle of window with clipboard + * open, handle of process heap, handle of procs window station, types of + * events in input queue, and milliseconds since Windows was started */ + { byte buffer[20*sizeof(ulong)], *bufptr; + bufptr = buffer; + #define ADD(f) do { ulong along = (ulong)(f); \ + memcpy (bufptr, &along, sizeof (along) ); \ + bufptr += sizeof (along); } while (0) + ADD ( GetActiveWindow ()); + ADD ( GetCapture ()); + ADD ( GetClipboardOwner ()); + ADD ( GetClipboardViewer ()); + ADD ( GetCurrentProcess ()); + ADD ( GetCurrentProcessId ()); + ADD ( GetCurrentThread ()); + ADD ( GetCurrentThreadId ()); + ADD ( GetDesktopWindow ()); + ADD ( GetFocus ()); + ADD ( GetInputState ()); + ADD ( GetMessagePos ()); + ADD ( GetMessageTime ()); + ADD ( GetOpenClipboardWindow ()); + ADD ( GetProcessHeap ()); + ADD ( GetProcessWindowStation ()); + ADD ( GetQueueStatus (QS_ALLEVENTS)); + ADD ( GetTickCount ()); + + assert ( bufptr-buffer < sizeof (buffer) ); + (*add) ( buffer, bufptr-buffer, requester ); + #undef ADD + } + + /* Get multiword system information: Current caret position, current + * mouse cursor position */ + { POINT point; + GetCaretPos (&point); + (*add) ( &point, sizeof (point), requester ); + GetCursorPos (&point); + (*add) ( &point, sizeof (point), requester ); + } + + /* Get percent of memory in use, bytes of physical memory, bytes of free + * physical memory, bytes in paging file, free bytes in paging file, user + * bytes of address space, and free user bytes */ + { MEMORYSTATUS memoryStatus; + memoryStatus.dwLength = sizeof (MEMORYSTATUS); + GlobalMemoryStatus (&memoryStatus); + (*add) ( &memoryStatus, sizeof (memoryStatus), requester ); + } + + /* Get thread and process creation time, exit time, time in kernel mode, + and time in user mode in 100ns intervals */ + { HANDLE handle; + FILETIME creationTime, exitTime, kernelTime, userTime; + DWORD minimumWorkingSetSize, maximumWorkingSetSize; + + handle = GetCurrentThread (); + GetThreadTimes (handle, &creationTime, &exitTime, + &kernelTime, &userTime); + (*add) ( &creationTime, sizeof (creationTime), requester ); + (*add) ( &exitTime, sizeof (exitTime), requester ); + (*add) ( &kernelTime, sizeof (kernelTime), requester ); + (*add) ( &userTime, sizeof (userTime), requester ); + + handle = GetCurrentProcess (); + GetProcessTimes (handle, &creationTime, &exitTime, + &kernelTime, &userTime); + (*add) ( &creationTime, sizeof (creationTime), requester ); + (*add) ( &exitTime, sizeof (exitTime), requester ); + (*add) ( &kernelTime, sizeof (kernelTime), requester ); + (*add) ( &userTime, sizeof (userTime), requester ); + + /* Get the minimum and maximum working set size for the current process */ + GetProcessWorkingSetSize (handle, &minimumWorkingSetSize, + &maximumWorkingSetSize); + (*add) ( &minimumWorkingSetSize, + sizeof (&minimumWorkingSetSize), requester ); + (*add) ( &maximumWorkingSetSize, + sizeof (&maximumWorkingSetSize), requester ); + } + + + /* The following are fixed for the lifetime of the process so we only + * add them once */ + if (!addedFixedItems) { + STARTUPINFO startupInfo; + + /* Get name of desktop, console window title, new window position and + * size, window flags, and handles for stdin, stdout, and stderr */ + startupInfo.cb = sizeof (STARTUPINFO); + GetStartupInfo (&startupInfo); + (*add) ( &startupInfo, sizeof (STARTUPINFO), requester ); + addedFixedItems = 1; + } + + /* The performance of QPC varies depending on the architecture it's + * running on and on the OS. Under NT it reads the CPU's 64-bit timestamp + * counter (at least on a Pentium and newer '486's, it hasn't been tested + * on anything without a TSC), under Win95 it reads the 1.193180 MHz PIC + * timer. There are vague mumblings in the docs that it may fail if the + * appropriate hardware isn't available (possibly '386's or MIPS machines + * running NT), but who's going to run NT on a '386? */ + { LARGE_INTEGER performanceCount; + if (QueryPerformanceCounter (&performanceCount)) { + if ( debug_me ) + log_debug ("rndw32#gather_random_fast: perf data\n"); + (*add) (&performanceCount, sizeof (&performanceCount), requester); + } + else { /* Millisecond accuracy at best... */ + DWORD aword = GetTickCount (); + (*add) (&aword, sizeof (aword), requester ); + } + } + + return 0; +} + + + + + +#endif /* !USE_ENTROPY_DLL */ + + +#ifndef IS_MODULE +static +#endif +const char * const gnupgext_version = "RNDW32 ($Revision$)"; + +static struct { + int class; + int version; + void *func; +} func_table[] = { + { 40, 1, gather_random }, + { 41, 1, gather_random_fast }, +}; + + +#ifndef IS_MODULE +static +#endif +void * +gnupgext_enum_func( int what, int *sequence, int *class, int *vers ) +{ + void *ret; + int i = *sequence; + + debug_me = !!getenv("DEBUG_RNDW32"); + + do { + if ( i >= DIM(func_table) || i < 0 ) { + return NULL; + } + *class = func_table[i].class; + *vers = func_table[i].version; + ret = func_table[i].func; + i++; + } while ( what && what != *class ); + + *sequence = i; + return ret; +} + +#ifndef IS_MODULE +void +rndw32_constructor(void) +{ + register_internal_cipher_extension( gnupgext_version, + gnupgext_enum_func ); +} +#endif + diff --git a/cipher/sha1.c b/cipher/sha1.c index 40ad62f1f..2c2a10a7b 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -337,10 +337,10 @@ sha1_get_info( int algo, size_t *contextsize, *r_asnoid = asn; *r_asnlen = DIM(asn); *r_mdlen = 20; - *r_init = (void (*)(void *))sha1_init; - *r_write = (void (*)(void *, byte*, size_t))sha1_write; - *r_final = (void (*)(void *))sha1_final; - *r_read = (byte *(*)(void *))sha1_read; + *(void (**)(SHA1_CONTEXT *))r_init = sha1_init; + *(void (**)(SHA1_CONTEXT *, byte*, size_t))r_write = sha1_write; + *(void (**)(SHA1_CONTEXT *))r_final = sha1_final; + *(byte *(**)(SHA1_CONTEXT *))r_read = sha1_read; return "SHA1"; } diff --git a/cipher/tiger.c b/cipher/tiger.c index 0765f0bbd..e4a7c4daa 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -899,10 +899,10 @@ tiger_get_info( int algo, size_t *contextsize, *r_asnoid = asn; *r_asnlen = DIM(asn); *r_mdlen = 24; - *r_init = (void (*)(void *))tiger_init; - *r_write = (void (*)(void *, byte*, size_t))tiger_write; - *r_final = (void (*)(void *))tiger_final; - *r_read = (byte *(*)(void *))tiger_read; + *(void (**)(TIGER_CONTEXT *))r_init = tiger_init; + *(void (**)(TIGER_CONTEXT *, byte*, size_t))r_write = tiger_write; + *(void (**)(TIGER_CONTEXT *))r_final = tiger_final; + *(byte *(**)(TIGER_CONTEXT *))r_read = tiger_read; return "TIGER"; } diff --git a/cipher/twofish.c b/cipher/twofish.c index 182f18c49..12982e123 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -35,10 +35,6 @@ /* Prototype for the self-test function. */ static const char *selftest(void); -/* Macros used by the info function. */ -#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned))(f)) -#define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f)) - /* Structure for an expanded Twofish key. s contains the key-dependent * S-boxes composed with the MDS matrix; w contains the eight "whitening" * subkeys, K[0] through K[7]. k holds the remaining, "round" subkeys. Note @@ -991,16 +987,20 @@ twofish_get_info (int algo, size_t *keylen, *keylen = algo==10? 256 : 128; *blocksize = 16; *contextsize = sizeof (TWOFISH_context); - *r_setkey = FNCCAST_SETKEY (twofish_setkey); - *r_encrypt= FNCCAST_CRYPT (twofish_encrypt); - *r_decrypt= FNCCAST_CRYPT (twofish_decrypt); - if( algo == 10 ) - return "TWOFISH"; - if (algo == 102) /* This algorithm number is assigned for - * experiments, so we can use it */ - return "TWOFISH128"; - return NULL; + *(int (**)(TWOFISH_context*, const byte*, const unsigned))r_setkey + = twofish_setkey; + *(void (**)(const TWOFISH_context*, byte*, const byte*))r_encrypt + = twofish_encrypt; + *(void (**)(const TWOFISH_context*, byte*, const byte*))r_decrypt + = twofish_decrypt; + + if( algo == 10 ) + return "TWOFISH"; + if (algo == 102) /* This algorithm number is assigned for + * experiments, so we can use it */ + return "TWOFISH128"; + return NULL; } diff --git a/configure.in b/configure.in index a56847ae8..290ebbc23 100644 --- a/configure.in +++ b/configure.in @@ -15,15 +15,16 @@ AM_CONFIG_HEADER(config.h) VERSION=`cat $srcdir/VERSION` PACKAGE=gnupg -ALL_LINGUAS="de es_ES fr it pl pt_BR pt_PT ru" +ALL_LINGUAS="de eo es_ES fr id it ja nl pl pt_BR pt_PT ru sv" static_modules="sha1 md5 rmd160" +static_random_module="" AC_SUBST(VERSION) AC_SUBST(PACKAGE) AC_DEFINE_UNQUOTED(VERSION, "$VERSION") AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE") -MODULES_IN_CIPHER=`awk '/# MODULES: / { for(i=3;i<=NF;i++) print $i}' \ - $srcdir/cipher/Makefile.am` +MODULES_IN_CIPHER=`awk '/^EXTRA_PROGRAMS/ { for(i=3;i<=NF;i++) print $i}' \ + $srcdir/cipher/Makefile.am` dnl dnl Check for random module options @@ -104,29 +105,6 @@ AC_ARG_WITH(included-zlib, [g10_force_zlib=yes], [g10_force_zlib=no] ) AC_MSG_RESULT($g10_force_zlib) -dnl -dnl Check wether we want to compile libgcrypt -dnl -AC_MSG_CHECKING([whether compilation of libgcrypt is requested]) -AC_ARG_ENABLE(libgcrypt, - [ --enable-libgcrypt compile the libgcrypt [default=no]], -[compile_libgcrypt="$enableval"],[compile_libgcrypt=no]) -AC_MSG_RESULT($compile_libgcrypt) -if test x$compile_libgcrypt = xyes ; then - if test -f $srcdir/gcrypt/gcrypt.h; then - : - else - compile_libgcrypt=no - AC_MSG_WARN([[ -*** -*** LIBGCRYPT is not yet ready for public testing. -*** Maybe you have more luck with the next release of GnuPG -*** Watch the gnupg-announce mailing list or the webpage. -***]]) - fi -fi -AM_CONDITIONAL(COMPILE_LIBGCRYPT, test x$compile_libgcrypt = xyes) - dnl dnl Check whether we want to use Linux capabilities @@ -154,12 +132,13 @@ case "${target}" in # special stuff for Windoze NT # Do we need to set cross_compiling here or is it sufficient # to rely on AC_PROG_CC which is called later? - cross_compiling=yes CC="${target}-gcc" CPP="${target}-gcc -E" RANLIB="${target}-ranlib" + disallowed_modules="rndunix rndlinux rndegd" ;; *) + disallowed_modules="rndw32" ;; esac @@ -181,19 +160,7 @@ AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no) AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes) -dnl -dnl Build shared libraries only when compilation of libgcrypt -dnl has been requested -dnl -AM_DISABLE_SHARED -enable_shared="$compile_libgcrypt" -AM_PROG_LIBTOOL - - MPI_OPT_FLAGS="" -if test "$GCC" = yes; then - CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" -fi try_gettext=yes @@ -227,6 +194,12 @@ case "${target}" in try_gdbm="no" ;; + *-*-freebsd*) + # FreeBSD + CPPFLAGS="$CPPFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + ;; + *-*-hpux*) if test -z "$GCC" ; then CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" @@ -279,13 +252,19 @@ esac AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME") dnl Fixme: Are these the best flags for OpenBSD???? -dnl (I have removed the -lc from * ...CFLAGS for test purposes.) case "${target}" in *-openbsd*) NAME_OF_DEV_RANDOM="/dev/srandom" NAME_OF_DEV_URANDOM="/dev/urandom" DYNLINK_MOD_CFLAGS="-shared -rdynamic -fpic -Wl,-Bshareable -Wl,-x" ;; + + *-netbsd*) + NAME_OF_DEV_RANDOM="/dev/random" + NAME_OF_DEV_URANDOM="/dev/urandom" + DYNLINK_MOD_CFLAGS="-shared -rdynamic -fpic -Wl,-Bshareable -Wl,-x" + ;; + *) NAME_OF_DEV_RANDOM="/dev/random" NAME_OF_DEV_URANDOM="/dev/urandom" @@ -344,8 +323,8 @@ if test "$try_dynload" = yes ; then DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC" use_gnupg_extensions=yes else - AC_CHECK_LIB(c,dlopen) - if test "$ac_cv_lib_c_dlopen" = "yes"; then + AC_CHECK_FUNCS(dlopen) + if test "$ac_cv_func_dlopen" = "yes"; then AC_DEFINE(USE_DYNAMIC_LINKING) AC_DEFINE(HAVE_DL_DLOPEN) DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC" @@ -407,6 +386,7 @@ GNUPG_CHECK_TYPEDEF(u32, HAVE_U32_TYPEDEF) AC_CHECK_SIZEOF(unsigned short, 2) AC_CHECK_SIZEOF(unsigned int, 4) AC_CHECK_SIZEOF(unsigned long, 4) +AC_CHECK_SIZEOF(unsigned long long, 0) if test "$ac_cv_sizeof_unsigned_short" = "0" \ || test "$ac_cv_sizeof_unsigned_int" = "0" \ @@ -419,7 +399,7 @@ fi dnl Checks for library functions. AC_FUNC_VPRINTF AC_CHECK_FUNCS(strerror stpcpy strlwr stricmp tcgetattr rand strtoul mmap) -AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit) +AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit clock_gettime) AC_CHECK_FUNCS(memicmp atexit raise getpagesize strftime nl_langinfo) GNUPG_CHECK_MLOCK @@ -435,6 +415,7 @@ if test "$ac_cv_header_sys_capability_h" = "yes" ; then AC_CHECK_LIB(cap, cap_init, ac_need_libcap=1) if test "$ac_cv_lib_cap_cap_init" = "yes"; then AC_DEFINE(USE_CAPABILITIES) + LIBS="$LIBS -lcap" use_capabilities=yes fi fi @@ -494,31 +475,29 @@ fi dnl -dnl Figure out the default linkage mode for cipher modules +dnl Figure out the default linkage mode for random modules dnl -dnl (We always need a static rmd160) print_egd_notice=no -static_modules="$static_modules rmd160" if test "$use_static_rnd" = default; then if test "$ac_cv_have_dev_random" = yes; then - static_modules="$static_modules rndlinux" + static_random_module="rndlinux" else case "${target}" in *-*-mingw32) - static_modules="$static_modules rndw32" + static_random_module="rndw32" AC_DEFINE(USE_STATIC_RNDW32) ;; i?86-emx-os2|i?86-*-os2*emx) - static_modules="$static_modules rndos2" + static_random_module="rndos2" ;; m68k-atari-mint) - static_modules="$static_modules rndatari" + static_random_module="rndatari" ;; i?86-*-msdosdjgpp*) - static_modules="$static_modules" + : ;; *) - static_modules="$static_modules rndunix" + static_random_module="rndunix" print_egd_notice=yes ;; esac @@ -527,7 +506,7 @@ else if test "$use_static_rnd" = none; then : else - static_modules="$static_modules rnd$use_static_rnd" + static_random_module="rnd$use_static_rnd" if test "$use_static_rnd" = "unix"; then print_egd_notice=yes fi @@ -560,23 +539,31 @@ dnl dnl Parse the modules list and build the list dnl of static and dymically linked modules dnl +dnl (We always need a static rmd160) +static_modules="$static_modules rmd160 $static_random_module" STATIC_CIPHER_NAMES="" STATIC_CIPHER_OBJS="" DYNAMIC_CIPHER_MODS="" GNUPG_MSG_PRINT([dynamically linked cipher modules:]) for name in $MODULES_IN_CIPHER; do - x="no" - for i in $static_modules; do - if test "$name" = "$i" ; then - x="yes" - fi + x="yes" + for i in $disallowed_modules; do + if test "$name" = "$i" ; then x="no" ; fi done; if test $x = yes; then - STATIC_CIPHER_NAMES="$STATIC_CIPHER_NAMES $name" - STATIC_CIPHER_OBJS="$STATIC_CIPHER_OBJS $name.lo" - else - DYNAMIC_CIPHER_MODS="$DYNAMIC_CIPHER_MODS $name" - GNUPG_MSG_PRINT([$name]) + x="no" + for i in $static_modules; do + if test "$name" = "$i" ; then + x="yes" + fi + done; + if test $x = yes; then + STATIC_CIPHER_NAMES="$STATIC_CIPHER_NAMES $name" + STATIC_CIPHER_OBJS="$STATIC_CIPHER_OBJS $name.o" + else + DYNAMIC_CIPHER_MODS="$DYNAMIC_CIPHER_MODS $name" + GNUPG_MSG_PRINT([$name]) + fi fi done AC_MSG_RESULT() @@ -643,7 +630,7 @@ if test "$ac_cv_mpi_extra_asm_modules" != ""; then GNUPG_MSG_PRINT([mpi extra asm functions:]) for i in $ac_cv_mpi_extra_asm_modules; do GNUPG_MSG_PRINT([$i]) - MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.lo" + MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.o" done AC_MSG_RESULT() fi @@ -676,15 +663,29 @@ fi AC_SUBST(ZLIBS) +# Allow users to append something to the version string without +# flagging it as development version. The user version parts is +# considered everything after a dash. changequote(,)dnl tmp_pat='[a-zA-Z]' changequote([,])dnl -if echo "$VERSION" | grep $tmp_pat >/dev/null ; then +if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then AC_DEFINE(IS_DEVELOPMENT_VERSION) fi +AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes) + GNUPG_DO_LINK_FILES +GNUPG_CHECK_GNUMAKE + +if test "$GCC" = yes; then + if test "$MAINTAINER_MODE" = "yes"; then + CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" + else + CFLAGS="$CFLAGS -Wall" + fi +fi AC_OUTPUT_COMMANDS([ cat >g10defs.tmp < + + * gpg.sgml: Describe --ignore-time-conflict. + + * gpg.sgml: Fixed a few typos. Thanks to Holger Trapp. + +Wed Jan 5 11:51:17 CET 2000 Werner Koch + + * FAQ: Enhanced answer for the 3des-s2k bug. + +Sat Dec 4 12:30:28 CET 1999 Werner Koch + + * gpg.sgml: Add section about the user ID + +Mon Nov 22 11:14:53 CET 1999 Werner Koch + + * gph: Removed the directory from the dist becuase it will + go into it's own package. + +Thu Sep 23 09:52:58 CEST 1999 Werner Koch + + * README.W32: New. + +Mon Sep 6 19:59:08 CEST 1999 Werner Koch + + + * Makefile.am (SUBDIRS): New subdir gph for the manual. + +Thu Jul 22 20:03:03 CEST 1999 Werner Koch + + + * gpg.sgml (--always-trust): Added. + +Wed Jul 14 19:42:08 CEST 1999 Werner Koch + + + * Makefile.am: Create a dummy man page if docbook-to-man is missing. + +Wed Jun 16 20:16:21 CEST 1999 Werner Koch + + + * gpg1.pod: Removed. + * gpg.sgml: New. Replaces the pod file + * Makefile.am: Add rule to make a man file from sgml + +Tue Jun 15 12:21:08 CEST 1999 Werner Koch + + + * Makefile.in.in: Use DESTDIR. + +Mon May 31 19:41:10 CEST 1999 Werner Koch + + * gpg.1pod: Enhanced the Bugs section (Michael). + +Wed Feb 10 17:15:39 CET 1999 Werner Koch + + + * gpg.1pod: Spelling and grammar corrections (John A. Martin) + * FAQ: Ditto. + * DETAILS: Ditto. + diff --git a/doc/DETAILS b/doc/DETAILS index 7c1e11edf..ecb3d009a 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -134,6 +134,11 @@ more arguments in future versions. SHM_GET_BOOL SHM_GET_HIDDEN + GET_BOOL + GET_LINE + GET_HIDDEN + GOT_IT + NEED_PASSPHRASE Issued whenever a passphrase is needed. keytype is the numerical value of the public key algorithm @@ -181,6 +186,36 @@ more arguments in future versions. Final statistics on import process (this is one long line) + FILE_START + Start processing a file . indicates the performed + operation: + 1 - verify + + FILE_DONE + Marks the end of a file processing which has been started + by FILE_START. + + BEGIN_DECRYPTION + END_DECRYPTION + Mark the start and end of the actual decryption process. These + are also emmited when in --list-only mode. + + BEGIN_ENCRYPTION + END_ENCRYPTION + Mark the start and end of the actual encryption process. + + DELETE_PROBLEM reason_code + Deleting a key failed. Reason codes are: + 1 - No such key + 2 - Must delete secret key first + + PROGRESS what char cur total + Used by the primegen and Public key functions to indicate progress. + "char" is the character displayed with no --status-fd enabled, with + the linefeed replaced by an 'X'. "cur" is the current amount + done and "total" is amount to be done; a "total" of 0 indicates that + the toatal amount is not known. 100/100 may be used to detect the + end of operation. Key generation @@ -214,6 +249,107 @@ Key generation Crypto '97 proceedings p. 260. +Unattended key generation +========================= +There is an experimental feature which allows for unattended +generation of keys controlled by a parameter file. +This feature is not very well tested and does only make sense for some +very special applications. Please don't complain if we decide to chnage +the behaviour of this command. + +To use this feature, you use --gen-key together with --batch and feed the +parameters either form stdin or from a file given on the commandline. +The format of this file is as follows: + o Text only, line length is limited to about 1000 chars. + o You must use UTF-8 encoding to specifiy non-ascii characters. + o Empty lines are ignored + o Leading and trailing spaces are ignored + o A hash sign as the first non white space character indicates a comment line + o Control statements are indicated by a leading percent sign, the + arguments are separated by white space from the keyword. + o Parameters are specified by a keyword, followed by a colon. Arguments + are speparated by white space. + o The first parameter must be "Key-Type", control statements + may be placed anywhere. + o Key generation takes place when either the end of the parameter file + is reached, the next "Key-Type" parameter is encountered or at the + controlstatement "%commit" + o Control staements: + %echo + Print + %dry-run + Suppress actual key generation (useful for syntax checking) + %commit + Perform the key generation. An implicit commit is done + at the next "Key-Type" parameter. + %pubring + %secring + Do not write the key to the default or commandline given + keyring but to . This must be given before the first + commit to take place, duplicate specification of the same filename + is ignored, the last filename before a commit is used. + The filename is used until a new filename is used (at commit points) + and all keys are written to that file. If a new filename is given, + this file is created (and overwrites an existing one). + Both control statements must be given. + o The order of the parameters does not matter except for "Key-Type" + which must be the first parameter. The paramtyers are only for the + generated keyblock and paramters from previous key generations are not + used. Some syntactically checks may be performed. + The currently defined parameters are: + Key-Type: | + Starts a new parameter block by giving the type of the + primary key. The algorithm must be capable of signing. + This is a required parameter. + Key-Length: + Length of the key in bits. Default is 1024 + Subkey-Type: | + This generates a secondary key. Currently only one subkey + can be handled. + Subkey-Length: + Length of the subkey in bits. Default is 1024. + Passphrase: + If you want to specify a passphrase for the secret key, + enter it here. Default is not to use any passphrase. + Name-Real: + Name-Comment: + Name-Email: + The 3 parts of a key. Remember to use UTF-8 here. + If you don't give any of them, no user ID is created. + Expire-Date: |([d|w|m|y]) + Set the expiration date for the key (and the subkey). It + may either be entered in ISO date format (2000-08-15) or as + number of days, weeks, month or years. Without a letter days + are assumed. + +Here is an example: +$ cat >foo < +ssb 1024g/8F70E2C0 2000-03-09 + + Layout of the TrustDB ===================== @@ -477,6 +613,15 @@ There is one enhancement used with the old style packet headers: + that this is the last packet. +GNU extensions to the S2K algorithm +=================================== +S2K mode 101 is used to identify these extensions. +After the hash algorithm the 3 bytes "GNU" are used to make +clear that these are extensions for GNU, the next bytes gives the +GNU protection mode - 1000. Defined modes are: + 1001 - do not store the secret part at all + + Usage of gdbm files for keyrings ================================ The key to store the keyblock is it's fingerprint, other records diff --git a/doc/FAQ b/doc/FAQ index 0bb9b0368..a7ca82cc7 100644 --- a/doc/FAQ +++ b/doc/FAQ @@ -342,3 +342,67 @@ where pgpkeyring is the original keyring and not the GnuPG one you might have created in the first step. + Q: Are the headerlines of a cleartext signater part of the signed + material? + A: No. For example you can add or remove "Comment:" lines. They + have a purpose like the mail header lines. However a "Hash:" + line is needed for OpenPGG signatures to tell the parser which + hash algorithm to use. + + Q: How can a get list of key IDs used to encrypt a message? + A: gpg --batch --decrypt --list-only --status-fd 1 2>/dev/null \ + | awk '/^\[GNUPG:\] ENC_TO / { print $3 }' + + + Q: PGP 5.x, 6.x does not like my secret key. + A: PGP probably bails out on some private comment packets used by GnuPG. + These packets are fully in compliance with OpenPGP; however PGP is not + really OpenPGP aware. A workaround is to eport the secret keys with + this command: + + gpg --export-secret-keys --no-comment -a your-key-id + + Q: I can't decrypt my symmetrical only (-c) encrypted message with + a new version of GnuPG. + A: There used to be a bug in GnuPG < 1.0.1 which happens only if 3DES or + Twofish has been used for symmetric only encryption (this has never been + the default). + The bug has been fixed but to enable you to decrypt old messages, you + should run gpg with the option "--emulate-3des-s2k-bug", decrypt the + message and encrypt it again without this option. The option will + be removed in 1.1, so better re-encrypt your message now. + + Q: How can I used GnuPG in an automated environment? + A: You should use the option --batch and don't use passphrases as + there is usually no way to store it more secure than the secret + keyring itself. The suggested way to create the keys for the + automated envirionment ist: + On a secure machine: + 1. If you want to do automatic signing, create a signing subkey + for your key (edit menu, choose "addkey" and the DSA). + 2. Make sure that you use a passphrase (Needed by the current + implementation) + 3. gpg --export-secret-subkeys --no-comment foo >secring.auto + 4. Copy secring.auto and the public keyring to a test directory. + 5. Cd to this diectory + 6. gpg --homedir . --edit foo + and use "passwd" to remove the passphrase from the subkeys. + You may also want to remove all unused subkeys. + 7. copy secring.auto to a floppy and carry it to the + target box + On the target machine: + 8. Install secring.auto as secret keyring. + 9. Now you can start your new service. It is a good idea to + install some intrusion detection system so that you hopefully + get a notice of an successful intrusion, so that you in turn can + revoke all the subkeys installed on that machine and install new + subkeys. + + Q: In the edit meu the trust values is not displayed correctly after + signing uids - why? + A: This happens because the some informations are stored immediately + in the trustdb, but the actual trust calculation can be done after + the save command. This is a not easy to fix design bug which will be + addressed in GnuPG 1.1 + + diff --git a/doc/HACKING b/doc/HACKING index 6f4c9ffd8..70bfe65dd 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -10,12 +10,12 @@ CVS Access ========== Anonymous read-only CVS access is available: - cvs -z6 -d :pserver:anonymous@ftp.guug.de:/home/koch/cvs login + cvs -z6 -d :pserver:anonymous@cvs.guug.de:/home/koch/cvs login use the password "anonymous". To check out the the complete archive use: - cvs -z6 -d :pserver:anonymous@ftp.guug.de:/home/koch/cvs checkout gnupg + cvs -z6 -d :pserver:anonymous@cvs.guug.de:/home/koch/cvs checkout gnupg This service is provided to help you in hunting bugs and not to deliver stable snapshots; it may happen that it even does not compile, so please @@ -112,6 +112,72 @@ Directory Layout ./gcrypt Stuff needed to build libgcrypt (under construction) +Detailed Roadmap +---------------- +g10/g10.c Main module with option parsing and all the stuff you have + to do on startup. Also has the exout handler and some + helper functions. +g10/sign.c + +g10/parse-packet.c +g10/build-packet.c +g10/free-packet.c + Parsing and creating of OpenPGP message packets. + +g10/getkey.c +g10/pkclist.c +g10/skclist.c +g10/ringedit.c +g10/keydb.h + +g10/keyid.c Helper functions to get the keyid, fingerprint etc. + + +g10/trustdb.c +g10/trustdb.h +g10/tdbdump.c + +g10/compress.c +g10/filter.h +g10/delkey.c +g10/kbnode.c +g10/main.h +g10/mainproc.c +g10/armor.c +g10/mdfilter.c +g10/textfilter.c +g10/cipher.c +g10/misc.c +g10/options.h +g10/openfile.c +g10/tdbio.c +g10/tdbio.h +g10/hkp.h +g10/hkp.c +g10/packet.h +g10/passphrase.c +g10/pubkey-enc.c +g10/seckey-cert.c +g10/seskey.c +g10/import.c +g10/export.c +g10/comment.c +g10/status.c +g10/status.h +g10/sign.c +g10/plaintext.c +g10/encr-data.c +g10/encode.c +g10/revoke.c +g10/keylist.c +g10/sig-check.c +g10/signal.c +g10/helptext.c +g10/verify.c +g10/decrypt.c +g10/keyedit.c +g10/dearmor.c +g10/keygen.c diff --git a/doc/Makefile.am b/doc/Makefile.am index ae5cdb506..44a92d2f9 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,8 +1,6 @@ ## Process this file with automake to create Makefile.in -SUBDIRS = gph - -EXTRA_DIST = DETAILS gpg.sgml gpg.1 FAQ HACKING OpenPGP +EXTRA_DIST = DETAILS gpg.sgml gpg.1 FAQ HACKING OpenPGP README.W32 man_MANS = gpg.1 @@ -27,3 +25,7 @@ endif -db2html $< +dist-hook: + @if test `wc -c < gpg.1` -lt 200; then \ + echo 'ERROR: dummy man page'; false; fi + diff --git a/doc/OpenPGP b/doc/OpenPGP index c73eee4f8..ba44d87fb 100644 --- a/doc/OpenPGP +++ b/doc/OpenPGP @@ -33,6 +33,15 @@ which can be considered to be in compliance with RFC1991; this format is only created if a special option is active. + GnuPG uses a S2K mode of 101 for GNU extensions to the secret key + protection algorithms. This number is not defined in OpenPGP, but + given the fact that this number is in a range which used at many + other places in OpenPGP for private/experimenat algorithm identifiers, + this should be not a so bad choice. The 3 bytes "GNU" are used + to identify this as a GNU extension - see the file DETAILS for a + definition of the used data formats. + + Some Notes on OpenPGP / PGP Compatibility: ========================================== diff --git a/doc/README.W32 b/doc/README.W32 new file mode 100644 index 000000000..e2a7b2227 --- /dev/null +++ b/doc/README.W32 @@ -0,0 +1,96 @@ +This is a beta release of GnuPG for MS-Windows 95, 98 and WNT. +The random number generator should now work but has not undergone +a thorough testing, so we won't say anything about the quality of +the generated key and suggest that you don't use this version with +your production secret keys! It is however okay to verify signatures +or encrypt files using this version. + +PLEASE READ THE FOLLOWING PARAGRAPH CAREFULLY: + +If you have a bug report, please post it to the mailing list +. Please don't send me private mail +regarding this version of GnuPG; I am already spending too much +time on answering the same and same questions over and over. +I can improve GnuPG much faster if I don't have to answer +questions in private mail. You can post to the mailing list +without prior subscribing (but please request to CC you if you want +to get an answer). + + + +Installation instructions: +-------------------------- + 1. Unpack the ZIP archive (alright, you already did this). + 2. Copy "gpg.exe" to some place where you usually store your + binaries. + 3. Create a directory "c:\gnupg" (or any other as you like) + 4. If you did not use the default directory "c:\gnupg", you + should enter a string with the directory into the Registry + under the key: + \\HKEY_CURRENT_USER\Software\GNU\GnuPG\HomeDir + Please use forward slashes and not the backslashes when + setting filenames for GnuPG into the Registry. + 5. Enter "gpg" and see what happens + 6. Read the file README and the online HOWTOs + + +Internationalization support: +----------------------------- + 1. Decide where to store the translation files for your language. + Here we assume the directory "c:/gnu/locale/fr" + 2. Set the directory with the translations into the Registry under the key: + \\HKEY_CURRENT_USER\Control Panel\Mingw32\NLS\MODir + (Example entry: "c:/gnu/locale/fr") + 3. Select which language to use and copy the currect translation file + under the name "gnupg.mo" into the directory set in step 2 + (Example: "copy fr.mo c:\gnu\locale\fr\gnupg.mo") + 4. Done. + +Currently we only support the Codepages 437, 850 und Latin1. If you have +problems, either delete the gnupg.mo file or don't set the environment +variable + + + +How to build it from the source: +-------------------------------- +This version has been build with the Mingw32/CPD kit using the latest +stable version of GnuPG. + +First get the source: It is available at + + ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gnupg-1.0.n.tar.gz + +or for snapshots (with a letter appended to the version number) + + ftp://ftp.gnupg.org/pub/gcrypt/devel/gnupg-1.0.nx.tar.gz + +this is the same source as for the Unix version. + +To build it, you need the MingW32/CPD kit, which is available at + + ftp://ftp.openit.de/pub/cpd/mingw32-cpd-0.2.4.tar.gz + ftp://ftp.openit.de/pub/cpd/gcc-core-2.95.2.tar.gz + ftp://ftp.openit.de/pub/cpd/binutils-2.9.1.tar.gz + ftp://ftp.openit.de/pub/cpd/windows32api-0.1.2.tar.gz + +gcc, binutils and windows32api are stock GNU source which are available +at every ftp.gnug.org mirror. + +After you have installed this environment you should be able to do this: + + $ ./configure --target=i386--mingw32 + $ make + $ i386--mingw32-strip g10/gpg + $ cp g10/gpg /some_windows_drive/gpg.exe + +And everything hopefully works. + + +Don't forget that MS-Windows ist just a temporary workaround until +you can switch to a GNU system ;-) + +Be the source always with you. + + Werner + diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 1297737fd..3ff12a4c7 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -27,7 +27,7 @@ --> -directory"> file"> &ParmFile;"> @@ -156,6 +156,15 @@ filename to force a read from stdin). With more than and the remaining files are the signed stuff. + +--verify-files + +This is a special version of the --verify command which does not work with +detached signatures. The command expects the files to bee verified either +on the commandline or reads the filenames from stdin; each anem muts be on +separate line. The command is intended for quick checking of many files. + +