summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>1998-09-14 17:49:56 +0200
committerWerner Koch <wk@gnupg.org>1998-09-14 17:49:56 +0200
commitc07a88da5d293db89726767fef58090177b423f4 (patch)
tree7ea1d5d10d3e65cf29c4b03616772fb4c829f4d1
parentUpdates (diff)
downloadgnupg2-c07a88da5d293db89726767fef58090177b423f4.tar.xz
gnupg2-c07a88da5d293db89726767fef58090177b423f4.zip
New release
-rw-r--r--ABOUT-NLS10
-rw-r--r--AUTHORS18
-rw-r--r--INSTALL8
-rw-r--r--Makefile.am7
-rw-r--r--NEWS10
-rw-r--r--THANKS4
-rw-r--r--TODO18
-rw-r--r--VERSION2
-rw-r--r--acinclude.m438
-rw-r--r--checks/Makefile.am7
-rwxr-xr-xchecks/armdetach.test4
-rwxr-xr-xchecks/armdetachm.test4
-rwxr-xr-xchecks/armencrypt.test4
-rwxr-xr-xchecks/armencryptp.test4
-rwxr-xr-xchecks/armsignencrypt.test4
-rwxr-xr-xchecks/armsigs.test4
-rwxr-xr-xchecks/clearsig.test8
-rwxr-xr-xchecks/conventional.test8
-rwxr-xr-xchecks/decrypt-dsa.test2
-rwxr-xr-xchecks/decrypt.test3
-rwxr-xr-xchecks/detach.test4
-rwxr-xr-xchecks/detachm.test4
-rwxr-xr-xchecks/encrypt-dsa.test8
-rwxr-xr-xchecks/encrypt.test8
-rwxr-xr-xchecks/encryptp.test2
-rwxr-xr-xchecks/mds.test4
-rwxr-xr-xchecks/seat.test4
-rwxr-xr-xchecks/signencrypt-dsa.test8
-rwxr-xr-xchecks/signencrypt.test4
-rwxr-xr-xchecks/sigs-dsa.test8
-rwxr-xr-xchecks/sigs.test8
-rwxr-xr-xchecks/version.test2
-rw-r--r--cipher/ChangeLog8
-rw-r--r--cipher/Makefile.am2
-rw-r--r--cipher/blowfish.c21
-rw-r--r--cipher/blowfish.h2
-rw-r--r--cipher/cast5.c9
-rw-r--r--cipher/cast5.h2
-rw-r--r--cipher/cipher.c12
-rw-r--r--cipher/dynload.c9
-rw-r--r--cipher/dynload.h2
-rw-r--r--cipher/twofish.c8
-rw-r--r--configure.in9
-rw-r--r--g10/ChangeLog19
-rw-r--r--g10/encr-data.c6
-rw-r--r--g10/import.c2
-rw-r--r--g10/keyedit.c6
-rw-r--r--g10/plaintext.c4
-rw-r--r--g10/seckey-cert.c5
-rw-r--r--g10/seskey.c20
-rw-r--r--g10/status.c32
-rw-r--r--g10/trustdb.c61
-rw-r--r--g10/trustdb.h1
-rw-r--r--include/ChangeLog5
-rw-r--r--include/cipher.h2
-rw-r--r--include/errors.h1
-rw-r--r--include/util.h9
-rw-r--r--util/ChangeLog4
-rw-r--r--util/errors.c1
-rw-r--r--util/secmem.c32
-rw-r--r--zlib/Makefile20
61 files changed, 378 insertions, 167 deletions
diff --git a/ABOUT-NLS b/ABOUT-NLS
index b3f2c65d4..28d38c76f 100644
--- a/ABOUT-NLS
+++ b/ABOUT-NLS
@@ -191,7 +191,7 @@ PO files have been submitted to translation coordination.
gcal | [] [] [] [] [] | 5
gettext | [] [] [] [] [] [] [] [] [] [] [] | 12
grep | [] [] [] [] [] [] [] [] [] [] | 10
- hello | [] [] [] [] [] [] [] [] [] [] | 10
+ hello | [] [] [] [] [] [] [] [] [] [] [] | 11
id-utils | [] [] [] | 3
indent | [] [] [] [] [] | 5
libc | [] [] [] [] [] [] [] | 7
@@ -201,14 +201,14 @@ PO files have been submitted to translation coordination.
ptx | [] [] [] [] [] [] [] [] | 8
recode | [] [] [] [] [] [] [] [] [] | 9
sh-utils | [] [] [] [] [] [] [] [] | 8
- sharutils | [] [] [] [] [] | 5
- tar | [] [] [] [] [] [] [] [] [] [] | 10
- texinfo | [] [] | 2
+ sharutils | [] [] [] [] [] [] | 6
+ tar | [] [] [] [] [] [] [] [] [] [] [] | 11
+ texinfo | [] [] [] | 3
textutils | [] [] [] [] [] [] [] [] [] | 9
wdiff | [] [] [] [] [] [] [] [] | 8
`----------------------------------------------------'
17 languages cs da de en es fi fr it ja ko nl no pl pt ru sl sv
- 27 packages 3 3 25 1 18 1 26 2 1 12 20 9 19 7 4 7 17 175
+ 27 packages 6 4 25 1 18 1 26 2 1 12 20 9 19 7 4 7 17 179
Some counters in the preceding matrix are higher than the number of
visible blocks let us expect. This is because a few extra PO files are
diff --git a/AUTHORS b/AUTHORS
index 35e7049ad..566688918 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -3,19 +3,23 @@ Authors of GNU Privacy Guard (gnupg).
Werner Koch. Designed and implemented gnupg.
-TRANSLATIONS Marco d'Itri 1997-02-22
-Disclaim
-
-GPG Matthew Skala 1998-08-10
+GPG Matthew Skala 1998-08-10
Disclaims changes (Twofish code).
mskala@ansuz.sooke.bc.ca
-GPG Natural Resources Canada 1998-08-11
+GPG Natural Resources Canada 1998-08-11
Disclaims changes by Matthew Skala.
-TRANSLATIONS Gaël Quéri ?????????????
+GPG Niklas Hernaeus ??????????
+(Weak key patches)
+
+
+TRANSLATIONS Marco d'Itri 1997-02-22
+Disclaim
+
+TRANSLATIONS Gaël Quéri ??????????
fr.po
-TRANSLATIONS Walter Koch ???????????
+TRANSLATIONS Walter Koch ??????????
de.po
diff --git a/INSTALL b/INSTALL
index 23fa6b98b..7829ec5a4 100644
--- a/INSTALL
+++ b/INSTALL
@@ -33,8 +33,12 @@ Configure options for GNUPG
Problems
========
-If you have compile problems, try the configure options "--with-included-zlib",
-"--disable-nls" (See ABOUT-NLS) or --disable-dynload.
+If you get unresolved externals "gettext" you should run configure again
+with the option "--with-included-gettext".
+
+If you have other compile problems, try the configure options
+"--with-included-zlib" or "--disable-nls" (See ABOUT-NLS)
+or --disable-dynload.
I can't check all assembler files, so if you have problems assembling them
(or the program crashes), simply delete the files in the mpi/<cpu> directory.
diff --git a/Makefile.am b/Makefile.am
index b8f6282bf..258ec7003 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4,10 +4,6 @@ SUBDIRS = intl po zlib util mpi cipher tools g10 doc checks
EXTRA_DIST = VERSION
-tar: clean
- cd ..; tar czvf ~/bkup/g10-`date +%d%m`.tar.gz src
-
-
dist-hook:
@set -e; \
for file in `find $(srcdir) -type f -name distfiles`; do \
@@ -17,8 +13,5 @@ dist-hook:
|| cp -p $(srcdir)/$$dir/$$i $(distdir)/$$dir/$$i; \
done ; \
done
- for file in po/cat-id-tbl.c po/gnupg.pot; do \
- rm $(distdir)/$$file || true ; \
- done
diff --git a/NEWS b/NEWS
index 10aca85a5..23635c7ed 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,16 @@ Noteworthy changes in version 0.3.5
* --delete-[secret-]key is now also availabe in gpgm.
+ * cleartext signatures are not anymore converted to LF only.
+
+ * Fixed a trustdb problem. Run "gpgm --check-trustdb" to fix old
+ trust dbs.
+
+ * Building in another directory should now work.
+
+ * Weak key detection mechanism (Niklas Hernaeus).
+
+
Noteworthy changes in version 0.3.4
-----------------------------------
* New options --comment and --set-filename; see g10/OPTIONS
diff --git a/THANKS b/THANKS
index 054c6a3a8..c19d23a96 100644
--- a/THANKS
+++ b/THANKS
@@ -9,6 +9,7 @@ Brian Warner warner@lothar.com
Caskey L. Dickson caskey@technocage.com
Charles Levert charles@comm.polymtl.ca
Christian von Roques roques@pond.sub.org
+Christopher Oliver oliver@fritz.traverse.net
Daniel Eisenbud eisenbud@cs.swarthmore.edu
Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
Ed Boraas ecxjo@esperanto.org
@@ -27,9 +28,12 @@ Martin Schulte schulte@thp.uni-koeln.de
Matthew Skala mskala@ansuz.sooke.bc.ca
Max Valianskiy maxcom@maxcom.ml.org
Nicolas Graner Nicolas.Graner@cri.u-psud.fr
+Niklas Hernaeus nh@sleipner.df.lth.se
Nimrod Zimerman zimerman@forfree.at
Oskari Jääskeläinen f33003a@cc.hut.fi
+Paul D. Smith psmith@baynetworks.com
Peter Gutmann pgut001@cs.auckland.ac.nz
+QingLong qinglong@bolizm.ihep.su
Ralph Gillen gillen@theochem.uni-duesseldorf.de
Serge Munhoven munhoven@mema.ucl.ac.be
Steffen Ullrich ccrlphr@xensei.com
diff --git a/TODO b/TODO
index 0bbb4f359..def9e7b11 100644
--- a/TODO
+++ b/TODO
@@ -1,11 +1,6 @@
- * cleanup for SHM einbauen (non-linux)
-
- * shared memory access funktioniert nicht wenn seuid installiert.
-
- * ElGamal key benutzen wenn die DSA keyid angegeben ist??
-
- * Apply Paul D. Smith's sugestions for building in another direcory.
+ * Should we use the ElGamal subkey if the DSA keyid is given?
+ What about an option --loose-keyid-match?
* salted and iterated S2Ks don't work (see passphrase.c).
@@ -15,14 +10,9 @@
* fix the expire stuff for v4 packets.
- * Fix Oscaris problems with the trustdb.
- * invalid packets (Marco) und Markus Gruber
-
* add some sanity checks to read_keyblock, so that we are sure that
the minimal requirements are met (?)
- * what about the CR,LF in cleartext singatures?
-
* decryption of message with multiple recipients does not work.
* preferences of hash algorithms are not yet used.
@@ -49,10 +39,6 @@
* Is it okay to use gettext for the help system???
- * configure checks two times for gcc
-
- * update gettext
-
* Add some stuff for DU cc
* check for "expect" before running test genkey1024
diff --git a/VERSION b/VERSION
index 789f9a52b..c2c0004f0 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.3.4a
+0.3.5
diff --git a/acinclude.m4 b/acinclude.m4
index 5f7c56215..6fe4337f4 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -155,12 +155,12 @@ define(WK_CHECK_IPC,
######################################################################
-# progtest.m4 from gettext 0.32
+# progtest.m4 from gettext 0.35
######################################################################
# Search path for a program which passes the given test.
# Ulrich Drepper <drepper@cygnus.com>, 1996.
#
-# This file file be copied and used freely without restrictions. It can
+# This file can be copied and used freely without restrictions. It can
# be used in projects which are not available under the GNU Public License
# but which still want to provide support for the GNU gettext functionality.
# Please note that the actual code is *not* freely available.
@@ -205,14 +205,13 @@ fi
AC_SUBST($1)dnl
])
-
######################################################################
-# lcmessage.m4 from gettext 0.32
+# lcmessage.m4 from gettext 0.35
######################################################################
# Check whether LC_MESSAGES is available in <locale.h>.
# Ulrich Drepper <drepper@cygnus.com>, 1995.
#
-# This file file be copied and used freely without restrictions. It can
+# This file can be copied and used freely without restrictions. It can
# be used in projects which are not available under the GNU Public License
# but which still want to provide support for the GNU gettext functionality.
# Please note that the actual code is *not* freely available.
@@ -229,20 +228,18 @@ AC_DEFUN(AM_LC_MESSAGES,
fi
fi])
-
-
######################################################################
-# gettext.m4 from gettext 0.32
+# gettext.m4 from gettext 0.35
######################################################################
# Macro to add for using GNU gettext.
# Ulrich Drepper <drepper@cygnus.com>, 1995.
#
-# This file file be copied and used freely without restrictions. It can
+# This file can be copied and used freely without restrictions. It can
# be used in projects which are not available under the GNU Public License
# but which still want to provide support for the GNU gettext functionality.
# Please note that the actual code is *not* freely available.
-# serial 3
+# serial 5
AC_DEFUN(AM_WITH_NLS,
[AC_MSG_CHECKING([whether NLS is requested])
@@ -284,9 +281,10 @@ AC_DEFUN(AM_WITH_NLS,
AC_CHECK_LIB(intl, bindtextdomain,
[AC_CACHE_CHECK([for gettext in libintl],
gt_cv_func_gettext_libintl,
- [AC_TRY_LINK([], [return (int) gettext ("")],
- gt_cv_func_gettext_libintl=yes,
- gt_cv_func_gettext_libintl=no)])])
+ [AC_CHECK_LIB(intl, gettext,
+ gt_cv_func_gettext_libintl=yes,
+ gt_cv_func_gettext_libintl=no)],
+ gt_cv_func_gettext_libintl=no)])
fi
if test "$gt_cv_func_gettext_libc" = "yes" \
@@ -380,7 +378,7 @@ AC_DEFUN(AM_WITH_NLS,
: ;
else
AC_MSG_RESULT(
- [found xgettext programs is not GNU xgettext; ignore it])
+ [found xgettext program is not GNU xgettext; ignore it])
XGETTEXT=":"
fi
fi
@@ -392,6 +390,12 @@ AC_DEFUN(AM_WITH_NLS,
nls_cv_header_intl=intl/libintl.h
nls_cv_header_libgt=intl/libgettext.h
fi
+ AC_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl)
+ AC_OUTPUT_COMMANDS(
+ [case "$CONFIG_FILES" in *po/Makefile.in*)
+ sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile
+ esac])
+
# If this is used in GNU gettext we have to set USE_NLS to `yes'
# because some of the sources are only built for this goal.
@@ -436,9 +440,9 @@ AC_DEFUN(AM_GNU_GETTEXT,
AC_REQUIRE([AC_FUNC_MMAP])dnl
AC_CHECK_HEADERS([argz.h limits.h locale.h nl_types.h malloc.h string.h \
-unistd.h values.h sys/param.h])
+unistd.h sys/param.h])
AC_CHECK_FUNCS([getcwd munmap putenv setenv setlocale strchr strcasecmp \
-__argz_count __argz_stringify __argz_next])
+strdup __argz_count __argz_stringify __argz_next])
if test "${ac_cv_func_stpcpy+set}" != "set"; then
AC_CHECK_FUNCS(stpcpy)
@@ -543,5 +547,3 @@ __argz_count __argz_stringify __argz_next])
< $srcdir/po/POTFILES.in > po/POTFILES
])
-
-
diff --git a/checks/Makefile.am b/checks/Makefile.am
index bd7d11199..351075206 100644
--- a/checks/Makefile.am
+++ b/checks/Makefile.am
@@ -19,11 +19,16 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
DATA_FILES = data-500 data-9000 data-32000 data-80000
EXTRA_DIST = defs.inc run-gpg run-gpgm $(TESTS) $(TEST_FILES)
-CLEANFILES = prepared.stamp x y z out err $(DATA_FILES)
+CLEANFILES = prepared.stamp x y z out err $(DATA_FILES) \
+ plain-1 plain-2 plain-3
+DISTCLEANFILES = pubring.gpg secring.gpg pubring.pkr secring.skr
+
check: prepared.stamp
+testdata: prepared.stamp
+
prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \
./pubring.pkr ./secring.skr $(DATA_FILES)
echo timestamp >./prepared.stamp
diff --git a/checks/armdetach.test b/checks/armdetach.test
index 16d4efe76..c68c5da82 100755
--- a/checks/armdetach.test
+++ b/checks/armdetach.test
@@ -5,7 +5,7 @@
#info Checking armored detached signatures
for i in $plain_files $data_files ; do
- echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sab -o x --yes $i
- ./run-gpg -o /dev/null --yes x <$i || error "$i: bad signature"
+ echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sab -o x --yes $i
+ $srcdir/run-gpg -o /dev/null --yes x <$i || error "$i: bad signature"
done
diff --git a/checks/armdetachm.test b/checks/armdetachm.test
index 5d8d077c2..f628fcf2b 100755
--- a/checks/armdetachm.test
+++ b/checks/armdetachm.test
@@ -4,6 +4,6 @@
#info Checking armored detached signatures of multiple files
i="$plain_files $data_files"
-echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sab -o x --yes $i
-cat $i | ./run-gpg -o /dev/null --yes x || error "$i: bad signature"
+echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sab -o x --yes $i
+cat $i | $srcdir/run-gpg -o /dev/null --yes x || error "$i: bad signature"
diff --git a/checks/armencrypt.test b/checks/armencrypt.test
index 48c60a8b8..cade9dde4 100755
--- a/checks/armencrypt.test
+++ b/checks/armencrypt.test
@@ -4,8 +4,8 @@
#info Checking armored encryption
for i in $plain_files $data_files ; do
- ./run-gpg -ea -o x --yes -r "$usrname2" $i
- ./run-gpg -o y --yes x
+ $srcdir/run-gpg -ea -o x --yes -r "$usrname2" $i
+ $srcdir/run-gpg -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/armencryptp.test b/checks/armencryptp.test
index 37cb4a34b..95a1efd63 100755
--- a/checks/armencryptp.test
+++ b/checks/armencryptp.test
@@ -4,9 +4,9 @@
#info Checking armored encryption with a pipe
for i in $plain_files $data_files ; do
- ./run-gpg -ea --yes -r "$usrname2" < $i | tee x | ./run-gpg -o y --yes
+ $srcdir/run-gpg -ea --yes -r "$usrname2" < $i | tee x | $srcdir/run-gpg -o y --yes
cmp $i y || error "$i: mismatch"
- ./run-gpg --yes < x > y
+ $srcdir/run-gpg --yes < x > y
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/armsignencrypt.test b/checks/armsignencrypt.test
index daa1b9676..f8ffdaf4d 100755
--- a/checks/armsignencrypt.test
+++ b/checks/armsignencrypt.test
@@ -6,8 +6,8 @@
#info Checking armored signing and encryption
for i in $plain_files $data_files ; do
echo "$usrpass1" \
- | ./run-gpg --passphrase-fd 0 -sae -o x --yes -r "$usrname2" $i
- ./run-gpg -o y --yes x
+ | $srcdir/run-gpg --passphrase-fd 0 -sae -o x --yes -r "$usrname2" $i
+ $srcdir/run-gpg -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/armsigs.test b/checks/armsigs.test
index 5152c2de0..34b5a7fa3 100755
--- a/checks/armsigs.test
+++ b/checks/armsigs.test
@@ -4,8 +4,8 @@
#info Checking armored signatures
for i in $plain_files $data_files ; do
- echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sa -o x --yes $i
- ./run-gpg -o y --yes x
+ echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sa -o x --yes $i
+ $srcdir/run-gpg -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/clearsig.test b/checks/clearsig.test
index d633713c9..69c2544d7 100755
--- a/checks/clearsig.test
+++ b/checks/clearsig.test
@@ -6,13 +6,13 @@
# but the output has always one. I do not thinkl this is a bug, because
# it is clear text and not binary text.
for i in $plain_files; do
- echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sat -o x --yes $i
- ./run-gpg --verify x
+ echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sat -o x --yes $i
+ $srcdir/run-gpg --verify x
done
# and once more to check rfc1991
for i in $plain_files; do
- echo "$usrpass1" | ./run-gpg --passphrase-fd 0 \
+ echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 \
--rfc1991 --digest-algo md5 -sat -o x --yes $i
- ./run-gpg --verify x
+ $srcdir/run-gpg --verify x
done
diff --git a/checks/conventional.test b/checks/conventional.test
index 9176c0c44..dbf831000 100755
--- a/checks/conventional.test
+++ b/checks/conventional.test
@@ -4,14 +4,14 @@
#info Checking conventional encryption
for i in plain-2 data-32000 ; do
- echo "Hier spricht HAL" | ./run-gpg --passphrase-fd 0 -c -o x --yes $i
- echo "Hier spricht HAL" | ./run-gpg --passphrase-fd 0 -o y --yes x
+ echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 -c -o x --yes $i
+ echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 -o y --yes x
cmp $i y || error "$i: mismatch"
done
for i in plain-1 data-80000 ; do
- echo "Hier spricht HAL" | ./run-gpg --passphrase-fd 0 \
+ echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 \
--cipher-algo cast5 -c -o x --yes $i
- echo "Hier spricht HAL" | ./run-gpg --passphrase-fd 0 -o y --yes x
+ echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/decrypt-dsa.test b/checks/decrypt-dsa.test
index 08fe2de7e..ba73ddf5f 100755
--- a/checks/decrypt-dsa.test
+++ b/checks/decrypt-dsa.test
@@ -4,7 +4,7 @@
#info Checking decryption of supplied DSA encrypted file
for i in "plain-1" ; do
- ./run-gpg $dsa_keyrings -o y --yes $i-pgp.asc
+ $srcdir/run-gpg $dsa_keyrings -o y --yes $srcdir/$i-pgp.asc
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/decrypt.test b/checks/decrypt.test
index 843c9be9d..1d7449401 100755
--- a/checks/decrypt.test
+++ b/checks/decrypt.test
@@ -4,7 +4,8 @@
#info Checking decryption of supplied files
for i in $plain_files ; do
- echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -o y --yes $i.asc
+ echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 \
+ -o y --yes $srcdir/$i.asc
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/detach.test b/checks/detach.test
index 37700e517..cdad558c1 100755
--- a/checks/detach.test
+++ b/checks/detach.test
@@ -4,7 +4,7 @@
#info Checking detached signatures
for i in $plain_files $data_files ; do
- echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sb -o x --yes $i
- ./run-gpg -o /dev/null --yes x <$i || error "$i: bad signature"
+ echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sb -o x --yes $i
+ $srcdir/run-gpg -o /dev/null --yes x <$i || error "$i: bad signature"
done
diff --git a/checks/detachm.test b/checks/detachm.test
index 5af856f75..b5fb05af5 100755
--- a/checks/detachm.test
+++ b/checks/detachm.test
@@ -4,6 +4,6 @@
#info Checking detached signatures of multiple files
i="$plain_files $data_files"
-echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -sb -o x --yes $i
-cat $i | ./run-gpg -o /dev/null --yes x || error "$i: bad signature"
+echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -sb -o x --yes $i
+cat $i | $srcdir/run-gpg -o /dev/null --yes x || error "$i: bad signature"
diff --git a/checks/encrypt-dsa.test b/checks/encrypt-dsa.test
index b809700b1..ba0564fd8 100755
--- a/checks/encrypt-dsa.test
+++ b/checks/encrypt-dsa.test
@@ -4,16 +4,16 @@
#info Checking encryption
for i in $plain_files $data_files ; do
- ./run-gpg $dsa_keyrings -e -o x --yes -r "$dsa_usrname2" $i
- ./run-gpg $dsa_keyrings -o y --yes x
+ $srcdir/run-gpg $dsa_keyrings -e -o x --yes -r "$dsa_usrname2" $i
+ $srcdir/run-gpg $dsa_keyrings -o y --yes x
cmp $i y || error "$i: mismatch"
done
# and with cast
for i in $plain_files $data_files ; do
- ./run-gpg $dsa_keyrings --cipher-algo cast5 -e \
+ $srcdir/run-gpg $dsa_keyrings --cipher-algo cast5 -e \
-o x --yes -r "$dsa_usrname2" $i
- ./run-gpg $dsa_keyrings -o y --yes x
+ $srcdir/run-gpg $dsa_keyrings -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/encrypt.test b/checks/encrypt.test
index 07e9a3a24..468136cca 100755
--- a/checks/encrypt.test
+++ b/checks/encrypt.test
@@ -4,13 +4,13 @@
#info Checking encryption
for i in $plain_files $data_files ; do
- ./run-gpg -e -o x --yes -r "$usrname2" $i
- ./run-gpg -o y --yes x
+ $srcdir/run-gpg -e -o x --yes -r "$usrname2" $i
+ $srcdir/run-gpg -o y --yes x
cmp $i y || error "$i: mismatch"
done
for i in $plain_files $data_files ; do
- ./run-gpg -e -o x --yes -r "$usrname2" --cipher-algo cast5 $i
- ./run-gpg -o y --yes x
+ $srcdir/run-gpg -e -o x --yes -r "$usrname2" --cipher-algo cast5 $i
+ $srcdir/run-gpg -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/encryptp.test b/checks/encryptp.test
index b0af2c626..c63fb822f 100755
--- a/checks/encryptp.test
+++ b/checks/encryptp.test
@@ -4,7 +4,7 @@
#info Checking encryption with a pipe
for i in $plain_files $data_files ; do
- ./run-gpg -e --yes -r "$usrname2" <$i | tee yy | ./run-gpg --yes > y
+ $srcdir/run-gpg -e --yes -r "$usrname2" <$i | tee yy | $srcdir/run-gpg --yes > y
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/mds.test b/checks/mds.test
index ff07e1a5f..38ca5fbc6 100755
--- a/checks/mds.test
+++ b/checks/mds.test
@@ -11,7 +11,7 @@ test_one () {
failed=""
#info Checking message digests
-echo -n "" | ./run-gpgm --print-mds >y
+echo -n "" | $srcdir/run-gpgm --print-mds >y
test_one "MD5" "D41D8CD98F00B204E9800998ECF8427E"
test_one "SHA1" "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709"
test_one "RMD160" "9C1185A5C5E9FC54612808977EE8F548B2258D31"
@@ -19,7 +19,7 @@ test_one "TIGER" "24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A"
[ "$failed" != "" ] && error "$failed failed for empty string"
-echo -n "abcdefghijklmnopqrstuvwxyz" | ./run-gpgm --print-mds >y
+echo -n "abcdefghijklmnopqrstuvwxyz" | $srcdir/run-gpgm --print-mds >y
test_one "MD5" "C3FCD3D76192E4007DFB496CCA67E13B"
test_one "SHA1" "32D10C7B8CF96570CA04CE37F2A19D84240D3A89"
test_one "RMD160" "F71C27109C692C1B56BBDCEB5B9D2865B3708DBC"
diff --git a/checks/seat.test b/checks/seat.test
index 25fa54a53..f89234e60 100755
--- a/checks/seat.test
+++ b/checks/seat.test
@@ -3,8 +3,8 @@
. $srcdir/defs.inc || exit 3
for i in $plain_files ; do
- echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -seat -r two -o x --yes $i
- ./run-gpg -o y --yes x
+ echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -seat -r two -o x --yes $i
+ $srcdir/run-gpg -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/signencrypt-dsa.test b/checks/signencrypt-dsa.test
index eae61ffeb..8b588aa08 100755
--- a/checks/signencrypt-dsa.test
+++ b/checks/signencrypt-dsa.test
@@ -4,17 +4,17 @@
#info Checking signing and encryption for DSA
for i in $plain_files $data_files ; do
- ./run-gpg $dsa_keyrings -se -o x --yes \
+ $srcdir/run-gpg $dsa_keyrings -se -o x --yes \
-u "$dsa_usrname1" -r "$dsa_usrname2" $i
- ./run-gpg $dsa_keyrings -o y --yes x
+ $srcdir/run-gpg $dsa_keyrings -o y --yes x
cmp $i y || error "$i: mismatch"
done
for da in ripemd160 sha1 md5; do
for i in $plain_files; do
- ./run-gpg $dsa_keyrings -se -o x --yes --digest-algo $da \
+ $srcdir/run-gpg $dsa_keyrings -se -o x --yes --digest-algo $da \
-u "$dsa_usrname1" -r "$dsa_usrname2" $i
- ./run-gpg $dsa_keyrings -o y --yes x
+ $srcdir/run-gpg $dsa_keyrings -o y --yes x
cmp $i y || error "$i: mismatch"
# process only the first one
break
diff --git a/checks/signencrypt.test b/checks/signencrypt.test
index 5e79b4c88..fa9363f7f 100755
--- a/checks/signencrypt.test
+++ b/checks/signencrypt.test
@@ -6,8 +6,8 @@
#info Checking signing and encryption
for i in $plain_files $data_files ; do
echo "$usrpass1" \
- | ./run-gpg --passphrase-fd 0 -se -o x --yes -r "$usrname2" $i
- ./run-gpg -o y --yes x
+ | $srcdir/run-gpg --passphrase-fd 0 -se -o x --yes -r "$usrname2" $i
+ $srcdir/run-gpg -o y --yes x
cmp $i y || error "$i: mismatch"
done
diff --git a/checks/sigs-dsa.test b/checks/sigs-dsa.test
index 8d4bfd556..8f29602dd 100755
--- a/checks/sigs-dsa.test
+++ b/checks/sigs-dsa.test
@@ -4,16 +4,16 @@
#info Checking DSA signatures (default digest algo)
for i in $plain_files $data_files; do
- ./run-gpg $dsa_keyrings -s -o x --yes -u $dsa_usrname1 $i
- ./run-gpg $dsa_keyrings -o y --yes x
+ $srcdir/run-gpg $dsa_keyrings -s -o x --yes -u $dsa_usrname1 $i
+ $srcdir/run-gpg $dsa_keyrings -o y --yes x
cmp $i y || error "$i: mismatch"
done
for da in ripemd160 sha1 md5; do
for i in $plain_files; do
- ./run-gpg $dsa_keyrings --digest-algo $da \
+ $srcdir/run-gpg $dsa_keyrings --digest-algo $da \
-s -o x --yes -u $dsa_usrname1 $i
- ./run-gpg $dsa_keyrings -o y --yes x
+ $srcdir/run-gpg $dsa_keyrings -o y --yes x
cmp $i y || error "$i: mismatch"
# process only the first one
break
diff --git a/checks/sigs.test b/checks/sigs.test
index 298c9b358..2446dde96 100755
--- a/checks/sigs.test
+++ b/checks/sigs.test
@@ -4,16 +4,16 @@
#info Checking signatures
for i in $plain_files $data_files; do
- echo "$usrpass1" | ./run-gpg --passphrase-fd 0 -s -o x --yes $i
- ./run-gpg -o y --yes x
+ echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 -s -o x --yes $i
+ $srcdir/run-gpg -o y --yes x
cmp $i y || error "$i: mismatch"
done
for da in ripemd160 sha1 md5 tiger; do
for i in $plain_files; do
- echo "$usrpass1" | ./run-gpg --passphrase-fd 0 --digest-algo $da \
+ echo "$usrpass1" | $srcdir/run-gpg --passphrase-fd 0 --digest-algo $da \
-s -o x --yes $i
- ./run-gpg -o y --yes x
+ $srcdir/run-gpg -o y --yes x
cmp $i y || error "$i: mismatch"
# process only the first one
break
diff --git a/checks/version.test b/checks/version.test
index 55dfe80df..13ca07364 100755
--- a/checks/version.test
+++ b/checks/version.test
@@ -3,7 +3,7 @@
. $srcdir/defs.inc || exit 3
# print the GPG version
-./run-gpg --version
+$srcdir/run-gpg --version
#fixme: check that the output is correct
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index 7b16f1215..da0c03ef7 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,11 @@
+Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none))
+
+ * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.
+
+Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none))
+
+ * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined.
+
Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none))
* Makefile.am: Fixes to allow a different build directory
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index a9d5a5cad..a96694ce1 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -46,7 +46,7 @@ EXTRA_twofish_SOURCES = twofish.c
tiger: $(srcdir)/tiger.c
- $(COMPILE) -shared -fPIC -o tiger $(srcdir)/tiger.c
+ $(COMPILE) -shared -fPIC -O1 -o tiger $(srcdir)/tiger.c
twofish: $(srcdir)/twofish.c
$(COMPILE) -shared -fPIC -o twofish $(srcdir)/twofish.c
diff --git a/cipher/blowfish.c b/cipher/blowfish.c
index 3ed2ed858..f5c29c6aa 100644
--- a/cipher/blowfish.c
+++ b/cipher/blowfish.c
@@ -41,7 +41,7 @@
#define CIPHER_ALGO_BLOWFISH 4 /* blowfish 128 bit key */
#define CIPHER_ALGO_BLOWFISH160 42 /* blowfish 160 bit key (not in OpenPGP)*/
-#define FNCCAST_SETKEY(f) (void(*)(void*, byte*, unsigned))(f)
+#define FNCCAST_SETKEY(f) (int(*)(void*, byte*, unsigned))(f)
#define FNCCAST_CRYPT(f) (void(*)(void*, byte*, byte*))(f)
#define BLOWFISH_BLOCKSIZE 8
@@ -55,7 +55,7 @@ typedef struct {
u32 p[BLOWFISH_ROUNDS+2];
} BLOWFISH_context;
-static void bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen );
+static int bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen );
static void encrypt_block( BLOWFISH_context *bc, byte *outbuf, byte *inbuf );
static void decrypt_block( BLOWFISH_context *bc, byte *outbuf, byte *inbuf );
@@ -480,7 +480,7 @@ selftest()
-static void
+static int
bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen )
{
int i, j;
@@ -543,6 +543,19 @@ bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen )
c->s3[i] = datal;
c->s3[i+1] = datar;
}
+
+
+ /* Check for weak key. A weak key is a key in which a value in */
+ /* the P-array (here c) occurs more than once per table. */
+ for(i=0; i < 255; i++ ) {
+ for( j=i+1; j < 256; j++) {
+ if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) ||
+ (c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) )
+ return G10ERR_WEAK_KEY;
+ }
+ }
+
+ return 0;
}
@@ -555,7 +568,7 @@ bf_setkey( BLOWFISH_context *c, byte *key, unsigned keylen )
const char *
blowfish_get_info( int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
- void (**r_setkey)( void *c, byte *key, unsigned keylen ),
+ int (**r_setkey)( void *c, byte *key, unsigned keylen ),
void (**r_encrypt)( void *c, byte *outbuf, byte *inbuf ),
void (**r_decrypt)( void *c, byte *outbuf, byte *inbuf )
)
diff --git a/cipher/blowfish.h b/cipher/blowfish.h
index e328415f5..d3848aae8 100644
--- a/cipher/blowfish.h
+++ b/cipher/blowfish.h
@@ -26,7 +26,7 @@
const char *
blowfish_get_info( int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
- void (**setkey)( void *c, byte *key, unsigned keylen ),
+ int (**setkey)( void *c, byte *key, unsigned keylen ),
void (**encrypt)( void *c, byte *outbuf, byte *inbuf ),
void (**decrypt)( void *c, byte *outbuf, byte *inbuf )
);
diff --git a/cipher/cast5.c b/cipher/cast5.c
index 6b2e5a969..64866ba7f 100644
--- a/cipher/cast5.c
+++ b/cipher/cast5.c
@@ -47,7 +47,7 @@
#define CIPHER_ALGO_CAST5 3
-#define FNCCAST_SETKEY(f) (void(*)(void*, byte*, unsigned))(f)
+#define FNCCAST_SETKEY(f) (int(*)(void*, byte*, unsigned))(f)
#define FNCCAST_CRYPT(f) (void(*)(void*, byte*, byte*))(f)
#define CAST5_BLOCKSIZE 8
@@ -57,7 +57,7 @@ typedef struct {
byte Kr[16];
} CAST5_context;
-static void cast_setkey( CAST5_context *c, byte *key, unsigned keylen );
+static int cast_setkey( CAST5_context *c, byte *key, unsigned keylen );
static void encrypt_block( CAST5_context *bc, byte *outbuf, byte *inbuf );
static void decrypt_block( CAST5_context *bc, byte *outbuf, byte *inbuf );
@@ -549,7 +549,7 @@ key_schedule( u32 *x, u32 *z, u32 *k )
}
-static void
+static int
cast_setkey( CAST5_context *c, byte *key, unsigned keylen )
{
static int initialized;
@@ -582,6 +582,7 @@ cast_setkey( CAST5_context *c, byte *key, unsigned keylen )
#undef xi
#undef zi
+ return 0;
}
@@ -594,7 +595,7 @@ cast_setkey( CAST5_context *c, byte *key, unsigned keylen )
const char *
cast5_get_info( int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
- void (**r_setkey)( void *c, byte *key, unsigned keylen ),
+ int (**r_setkey)( void *c, byte *key, unsigned keylen ),
void (**r_encrypt)( void *c, byte *outbuf, byte *inbuf ),
void (**r_decrypt)( void *c, byte *outbuf, byte *inbuf )
)
diff --git a/cipher/cast5.h b/cipher/cast5.h
index 070255c6d..ea6fa9e43 100644
--- a/cipher/cast5.h
+++ b/cipher/cast5.h
@@ -25,7 +25,7 @@
const char *
cast5_get_info( int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
- void (**setkey)( void *c, byte *key, unsigned keylen ),
+ int (**setkey)( void *c, byte *key, unsigned keylen ),
void (**encrypt)( void *c, byte *outbuf, byte *inbuf ),
void (**decrypt)( void *c, byte *outbuf, byte *inbuf )
);
diff --git a/cipher/cipher.c b/cipher/cipher.c
index 049207bf1..2326d1dd2 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -43,7 +43,7 @@ struct cipher_table_s {
size_t blocksize;
size_t keylen;
size_t contextsize; /* allocate this amount of context */
- void (*setkey)( void *c, byte *key, unsigned keylen );
+ int (*setkey)( void *c, byte *key, unsigned keylen );
void (*encrypt)( void *c, byte *outbuf, byte *inbuf );
void (*decrypt)( void *c, byte *outbuf, byte *inbuf );
};
@@ -58,15 +58,15 @@ struct cipher_handle_s {
byte iv[MAX_BLOCKSIZE]; /* (this should be ulong aligned) */
byte lastiv[MAX_BLOCKSIZE];
int unused; /* in IV */
- void (*setkey)( void *c, byte *key, unsigned keylen );
+ int (*setkey)( void *c, byte *key, unsigned keylen );
void (*encrypt)( void *c, byte *outbuf, byte *inbuf );
void (*decrypt)( void *c, byte *outbuf, byte *inbuf );
byte context[1];
};
-static void
-dummy_setkey( void *c, byte *key, unsigned keylen ) { }
+static int
+dummy_setkey( void *c, byte *key, unsigned keylen ) { return 0; }
static void
dummy_encrypt_block( void *c, byte *outbuf, byte *inbuf ) { BUG(); }
static void
@@ -346,10 +346,10 @@ cipher_close( CIPHER_HANDLE c )
}
-void
+int
cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen )
{
- (*c->setkey)( &c->context, key, keylen );
+ return (*c->setkey)( &c->context, key, keylen );
}
diff --git a/cipher/dynload.c b/cipher/dynload.c
index a8c01f259..0cbbda2c1 100644
--- a/cipher/dynload.c
+++ b/cipher/dynload.c
@@ -30,6 +30,11 @@
#include "cipher.h"
#include "dynload.h"
+
+#ifndef RTLD_NOW
+ #define RTLD_NOW 1
+#endif
+
typedef struct ext_list {
struct ext_list *next;
void *handle; /* handle from dlopen() */
@@ -234,7 +239,7 @@ enum_gnupgext_digests( void **enum_context,
const char *
enum_gnupgext_ciphers( void **enum_context, int *algo,
size_t *keylen, size_t *blocksize, size_t *contextsize,
- void (**setkey)( void *c, byte *key, unsigned keylen ),
+ int (**setkey)( void *c, byte *key, unsigned keylen ),
void (**encrypt)( void *c, byte *outbuf, byte *inbuf ),
void (**decrypt)( void *c, byte *outbuf, byte *inbuf )
)
@@ -242,7 +247,7 @@ enum_gnupgext_ciphers( void **enum_context, int *algo,
EXTLIST r;
ENUMCONTEXT *ctx;
const char * (*finfo)(int, size_t*, size_t*, size_t*,
- void (**)( void *, byte *, unsigned),
+ int (**)( void *, byte *, unsigned),
void (**)( void *, byte *, byte *),
void (**)( void *, byte *, byte *));
diff --git a/cipher/dynload.h b/cipher/dynload.h
index fd87bbeef..ad22a824f 100644
--- a/cipher/dynload.h
+++ b/cipher/dynload.h
@@ -31,7 +31,7 @@ enum_gnupgext_digests( void **enum_context,
const char *
enum_gnupgext_ciphers( void **enum_context, int *algo,
size_t *keylen, size_t *blocksize, size_t *contextsize,
- void (**setkey)( void *c, byte *key, unsigned keylen ),
+ int (**setkey)( void *c, byte *key, unsigned keylen ),
void (**encrypt)( void *c, byte *outbuf, byte *inbuf ),
void (**decrypt)( void *c, byte *outbuf, byte *inbuf )
);
diff --git a/cipher/twofish.c b/cipher/twofish.c
index b244e9526..d93c145ea 100644
--- a/cipher/twofish.c
+++ b/cipher/twofish.c
@@ -29,7 +29,7 @@
static void selftest(void);
/* Macros used by the info function. */
-#define FNCCAST_SETKEY(f) ((void(*)(void*, byte*, unsigned))(f))
+#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned))(f))
#define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f))
/* Structure for an expanded Twofish key. s contains the key-dependent
@@ -443,7 +443,7 @@ static const byte exp_to_poly[492] = {
/* Perform the key setup. Note that this works *only* with 128-bit keys,
* despite the API that makes it look like it might support other sizes. */
-static void
+static int
twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen)
{
/* Temporaries for CALC_K. */
@@ -577,6 +577,8 @@ twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen)
CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00);
CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
+
+ return 0;
}
/* Macros to compute the g() function in the encryption and decryption
@@ -825,7 +827,7 @@ main()
static const char *
twofish_get_info (int algo, size_t *keylen,
size_t *blocksize, size_t *contextsize,
- void (**r_setkey) (void *c, byte *key, unsigned keylen),
+ int (**r_setkey) (void *c, byte *key, unsigned keylen),
void (**r_encrypt) (void *c, byte *outbuf, byte *inbuf),
void (**r_decrypt) (void *c, byte *outbuf, byte *inbuf)
)
diff --git a/configure.in b/configure.in
index fc6d3db49..0ee39a5df 100644
--- a/configure.in
+++ b/configure.in
@@ -79,7 +79,11 @@ AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
dnl AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
+AC_PROG_CC
+AC_PROG_CPP
AC_ISC_POSIX
+AC_PROG_RANLIB
+AC_PROG_INSTALL
case "${target}" in
i386--mingw32)
@@ -93,10 +97,6 @@ case "${target}" in
GNUPG_LIBDIR="c:/lib/gnupg"
;;
*)
-AC_PROG_RANLIB
-AC_PROG_INSTALL
-AC_PROG_CC
-AC_PROG_CPP
AC_DEFINE(USE_RAND_UNIX)
GNUPG_LIBDIR="$g10_prefix/lib/gnupg"
;;
@@ -182,6 +182,7 @@ dnl Checks for library functions.
AC_FUNC_VPRINTF
AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mlock mmap)
AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit)
+AC_CHECK_FUNCS(atexit raise getpagesize)
WK_CHECK_IPC
if test "$ac_cv_header_sys_shm_h" = "yes"; then
diff --git a/g10/ChangeLog b/g10/ChangeLog
index f2406eac6..a6c769728 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,22 @@
+Mon Sep 14 11:40:52 1998 Werner Koch (wk@(none))
+
+ * seskey.c (make_session_key): Now detects weak keys.
+
+ * trustdb (clear_trust_checked_flag): New.
+
+ * plaintext.c (handle_plaintext): Does no anymore suppress CR from
+ cleartext signed messages.
+
+Sun Sep 13 12:54:29 1998 Werner Koch (wk@(none))
+
+ * trustdb.c (insert_trust_record): Fixed a stupid bug in the free
+ liunked list loops.
+
+Sat Sep 12 15:49:16 1998 Werner Koch (wk@(none))
+
+ * status.c (remove_shmid): New.
+ (init_shm_comprocess): Now sets permission to the real uid.
+
Wed Sep 9 11:15:03 1998 Werner Koch (wk@(none))
* packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to
diff --git a/g10/encr-data.c b/g10/encr-data.c
index b5eb0e0ee..03551be7b 100644
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@@ -29,6 +29,7 @@
#include "mpi.h"
#include "cipher.h"
#include "options.h"
+#include "i18n.h"
static int decode_filter( void *opaque, int control, IOBUF a,
@@ -68,7 +69,10 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
log_bug("Nanu\n"); /* oops: found a bug */
dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
- cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
+ if( cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ) )
+ log_info(_("Warning: Message was encrypted with "
+ "a weak key in the symmetric cipher.\n"));
+
cipher_setiv( dfx.cipher_hd, NULL );
if( ed->len ) {
diff --git a/g10/import.c b/g10/import.c
index 73e04cb3d..7ef916d27 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -394,6 +394,8 @@ import_one( const char *fname, KBNODE keyblock )
log_error("key %08lX: trustdb insert failed: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
}
+ else
+ rc = clear_trust_checked_flag( new_key? pk : pk_orig );
}
leave:
diff --git a/g10/keyedit.c b/g10/keyedit.c
index c0a082bba..2b3a02023 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -213,6 +213,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified )
KBNODE node, uidnode;
PKT_public_key *primary_pk;
int select_all = !count_selected_uids(keyblock);
+ int upd_trust = 0;
/* build a list of all signators */
rc=build_sk_list( locusr, &sk_list, 0, 1 );
@@ -292,6 +293,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified )
goto leave;
}
*ret_modified = 1; /* we changed the keyblock */
+ upd_trust = 1;
pkt = m_alloc_clear( sizeof *pkt );
pkt->pkttype = PKT_SIGNATURE;
@@ -301,6 +303,10 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified )
}
}
} /* end loop over signators */
+ if( upd_trust && primary_pk ) {
+ rc = clear_trust_checked_flag( primary_pk );
+ }
+
leave:
release_sk_list( sk_list );
diff --git a/g10/plaintext.c b/g10/plaintext.c
index 914be8f20..6d1c8796f 100644
--- a/g10/plaintext.c
+++ b/g10/plaintext.c
@@ -137,7 +137,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
else
md_putc(mfx->md, c );
}
- if( convert && c == '\r' )
+ if( convert && !clearsig && c == '\r' )
continue; /* fixme: this hack might be too simple */
if( fp ) {
if( putc( c, fp ) == EOF ) {
@@ -157,7 +157,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
else
md_putc(mfx->md, c );
}
- if( convert && c == '\r' )
+ if( convert && !clearsig && c == '\r' )
continue; /* fixme: this hack might be too simple */
if( fp ) {
if( putc( c, fp ) == EOF ) {
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 819f79c9c..9253b8ce1 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -73,7 +73,6 @@ do_check( PKT_secret_key *sk )
int ndata;
byte *p, *data;
-
i = pubkey_get_npkey(sk->pubkey_algo);
assert( mpi_is_opaque( sk->skey[i] ) );
p = mpi_get_opaque( sk->skey[i], &ndata );
@@ -212,7 +211,9 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
else {
cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1 );
- cipher_setkey( cipher_hd, dek->key, dek->keylen );
+ if( cipher_setkey( cipher_hd, dek->key, dek->keylen ) )
+ log_info(_("Warning: Weak key detected"
+ " - please change passphrase again.\n"));
cipher_setiv( cipher_hd, NULL );
cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
if( sk->version >= 4 ) {
diff --git a/g10/seskey.c b/g10/seskey.c
index d4d2ab1fb..c268d1559 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -27,6 +27,7 @@
#include "cipher.h"
#include "mpi.h"
#include "main.h"
+#include "i18n.h"
/****************
@@ -35,8 +36,25 @@
void
make_session_key( DEK *dek )
{
+ CIPHER_HANDLE chd;
+ int i, rc;
+
dek->keylen = cipher_get_keylen( dek->algo ) / 8;
- randomize_buffer( dek->key, dek->keylen, 1 );
+
+ chd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
+ for(i=0; i < 16; i++ ) {
+ rc = cipher_setkey( chd, dek->key, dek->keylen );
+ if( !rc ) {
+ cipher_close( chd );
+ return;
+ }
+ log_info(_("weak key created - retrying\n") );
+ /* Renew the session key until we get a non-weak key. */
+ randomize_buffer( dek->key, dek->keylen, 1 );
+ }
+ log_fatal(_(
+ "cannot avoid weak key for symmetric cipher; tried %d times!\n"),
+ i);
}
diff --git a/g10/status.c b/g10/status.c
index 3c22c0d1c..7cb2f5c5d 100644
--- a/g10/status.c
+++ b/g10/status.c
@@ -105,11 +105,27 @@ write_status_text ( int no, const char *text)
#ifdef USE_SHM_COPROCESSING
+
+#ifndef IPC_RMID_DEFERRED_RELEASE
+static void
+remove_shmid( void )
+{
+ if( shm_id != -1 ) {
+ shmctl ( shm_id, IPC_RMID, 0);
+ shm_id = -1;
+ }
+}
+#endif
+
void
init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
{
char buf[100];
+ struct shmid_ds shmds;
+ #ifndef IPC_RMID_DEFERRED_RELEASE
+ atexit( remove_shmid );
+ #endif
requested_shm_size = (requested_shm_size + 4095) & ~4095;
if ( requested_shm_size > 2 * 4096 )
log_fatal("too much shared memory requested; only 8k are allowed\n");
@@ -133,14 +149,24 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
shm_is_locked = 1;
}
+
+
#ifdef IPC_RMID_DEFERRED_RELEASE
- if ( shmctl ( shm_id, IPC_RMID, 0) )
+ if( shmctl( shm_id, IPC_RMID, 0) )
log_fatal("shmctl IPC_RMDID of %d failed: %s\n",
shm_id, strerror(errno));
- #else
- #error Must add a cleanup function
#endif
+ if( shmctl( shm_id, IPC_STAT, &shmds ) )
+ log_fatal("shmctl IPC_STAT of %d failed: %s\n",
+ shm_id, strerror(errno));
+ if( shmds.shm_perm.uid != getuid() ) {
+ shmds.shm_perm.uid = getuid();
+ if( shmctl( shm_id, IPC_SET, &shmds ) )
+ log_fatal("shmctl IPC_SET of %d failed: %s\n",
+ shm_id, strerror(errno));
+ }
+
/* write info; Protocol version, id, size, locked size */
sprintf( buf, "pv=1 pid=%d shmid=%d sz=%u lz=%u", (int)getpid(),
shm_id, (unsigned)shm_size, shm_is_locked? (unsigned)shm_size:0 );
diff --git a/g10/trustdb.c b/g10/trustdb.c
index efe7bcaf0..893c04304 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1704,9 +1704,28 @@ enum_trust_web( void **context, ulong *lid )
if( !c ) { /* make a new context */
c = m_alloc_clear( sizeof *c );
*context = c;
- if( *lid != last_trust_web_key && last_trust_web_key )
- log_bug("enum_trust_web: nyi\n"); /* <--- FIXME */
- c->tsl = last_trust_web_tslist;
+ if( *lid == last_trust_web_key && last_trust_web_tslist )
+ c->tsl = last_trust_web_tslist;
+ else {
+ TRUST_SEG_LIST tsl, tsl2, tslist;
+ int rc;
+
+ rc = make_tsl( *lid, &tslist );
+ if( rc ) {
+ log_error("failed to build the TSL\n");
+ return rc;
+ }
+ /* cache the tslist, so that we do not need to free it */
+ if( last_trust_web_key ) {
+ for( tsl = last_trust_web_tslist; tsl; tsl = tsl2 ) {
+ tsl2 = tsl->next;
+ m_free(tsl);
+ }
+ }
+ last_trust_web_key = *lid;
+ last_trust_web_tslist = tslist;
+ c->tsl = last_trust_web_tslist;
+ }
c->index = 1;
}
@@ -1880,6 +1899,38 @@ query_trust_record( PKT_public_key *pk )
}
+int
+clear_trust_checked_flag( PKT_public_key *pk )
+{
+ TRUSTREC rec;
+ int rc;
+
+ if( !pk->local_id ) {
+ query_trust_record( pk );
+ if( !pk->local_id )
+ log_bug("clear_trust_checked_flag: Still no LID\n");
+ }
+
+ if( (rc=tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ))) {
+ log_error("clear_trust_checked_flag: read record failed: %s\n",
+ g10_errstr(rc));
+ return rc;
+ }
+
+ if( !(rec.r.dir.dirflags & DIRF_CHECKED) )
+ return 0;
+
+ /* reset the flag */
+ rec.r.dir.dirflags &= ~DIRF_CHECKED;
+ rc = tdbio_write_record( &rec );
+ if( rc ) {
+ log_error("clear_trust_checked_flag: write dir record failed: %s\n",
+ g10_errstr(rc));
+ return rc;
+ }
+ return 0;
+}
+
/****************
* helper function for insert_trust_record()
@@ -2138,11 +2189,11 @@ insert_trust_record( PKT_public_key *orig_pk )
leave:
- for(rec=uidlist_head; rec; rec = rec->next ) {
+ for(rec=uidlist_head; rec; rec = rec2 ) {
rec2 = rec->next;
rel_mem_uidnode(NULL, 0, rec );
}
- for(rec=keylist_head; rec; rec = rec->next ) {
+ for(rec=keylist_head; rec; rec = rec2 ) {
rec2 = rec->next;
m_free(rec);
}
diff --git a/g10/trustdb.h b/g10/trustdb.h
index fc470073f..4345a73a7 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -56,6 +56,7 @@ byte *get_pref_data( ulong lid, const byte *namehash, size_t *ret_n );
int is_algo_in_prefs( ulong lid, int preftype, int algo );
int keyid_from_lid( ulong lid, u32 *keyid );
int query_trust_record( PKT_public_key *pk );
+int clear_trust_checked_flag( PKT_public_key *pk );
int insert_trust_record( PKT_public_key *pk );
int update_ownertrust( ulong lid, unsigned new_trust );
diff --git a/include/ChangeLog b/include/ChangeLog
index b59c6393c..627449c34 100644
--- a/include/ChangeLog
+++ b/include/ChangeLog
@@ -1,3 +1,8 @@
+Mon Sep 14 09:17:22 1998 Werner Koch (wk@(none))
+
+ * util.h (HAVE_ATEXIT): New.
+ (HAVE_RAISE): New.
+
Mon Jul 6 10:41:55 1998 Werner Koch (wk@isil.d.shuttle.de)
* cipher.h (PUBKEY_USAGE_): New.
diff --git a/include/cipher.h b/include/cipher.h
index 8ddd3655a..d26812647 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -134,7 +134,7 @@ unsigned cipher_get_keylen( int algo );
unsigned cipher_get_blocksize( int algo );
CIPHER_HANDLE cipher_open( int algo, int mode, int secure );
void cipher_close( CIPHER_HANDLE c );
-void cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen );
+int cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen );
void cipher_setiv( CIPHER_HANDLE c, const byte *iv );
void cipher_encrypt( CIPHER_HANDLE c, byte *out, byte *in, unsigned nbytes );
void cipher_decrypt( CIPHER_HANDLE c, byte *out, byte *in, unsigned nbytes );
diff --git a/include/errors.h b/include/errors.h
index b1182ba1f..40fffcb50 100644
--- a/include/errors.h
+++ b/include/errors.h
@@ -62,6 +62,7 @@
#define G10ERR_TIME_CONFLICT 40
#define G10ERR_WR_PUBKEY_ALGO 41 /* unusabe pubkey algo */
#define G10ERR_FILE_EXISTS 42
+#define G10ERR_WEAK_KEY 43
#ifndef HAVE_STRERROR
diff --git a/include/util.h b/include/util.h
index f480f48f3..cd4d488ca 100644
--- a/include/util.h
+++ b/include/util.h
@@ -166,6 +166,15 @@ char *strlwr(char *a);
#endif
+/**** other missing stuff ****/
+#ifndef HAVE_ATEXIT /* For SunOS */
+ #define atexit(a) (on_exit((a),0))
+#endif
+
+#ifndef HAVE_RAISE
+ #define raise(a) kill(getpid(), (a))
+#endif
+
/******** some macros ************/
#ifndef STR
#define STR(v) #v
diff --git a/util/ChangeLog b/util/ChangeLog
index 8644bb7d6..edcbb5ca3 100644
--- a/util/ChangeLog
+++ b/util/ChangeLog
@@ -1,3 +1,7 @@
+Mon Sep 14 09:38:18 1998 Werner Koch (wk@(none))
+
+ * secmem.c (init_pool): Now mmaps /dev/zero if we do not have MAP_ANON.
+
Wed Sep 9 13:52:28 1998 Werner Koch (wk@(none))
* ttyio.c (do_get): Ctrl-D is now a valid but special character
diff --git a/util/errors.c b/util/errors.c
index 54671a297..dc3f7e811 100644
--- a/util/errors.c
+++ b/util/errors.c
@@ -92,6 +92,7 @@ g10_errstr( int err )
X(TIME_CONFLICT ,"Timestamp conflict")
X(WR_PUBKEY_ALGO ,"Unusable pubkey algorithm")
X(FILE_EXISTS ,"File exists")
+ X(WEAK_KEY ,"Weak key")
default: p = buf; sprintf(buf, "g10err=%d", err); break;
}
#undef X
diff --git a/util/secmem.c b/util/secmem.c
index d78fabecf..44df08b16 100644
--- a/util/secmem.c
+++ b/util/secmem.c
@@ -28,6 +28,7 @@
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
+ #include <fcntl.h>
#endif
#include "types.h"
@@ -103,15 +104,38 @@ lock_pool( void *p, size_t n )
static void
init_pool( size_t n)
{
+ size_t pgsize;
+
poolsize = n;
if( disable_secmem )
log_bug("secure memory is disabled");
- #if HAVE_MMAP && defined(MAP_ANON)
- poolsize = (poolsize + 4095) & ~4095;
- pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE,
- MAP_PRIVATE|MAP_ANON, -1, 0);
+ #ifdef HAVE_GETPAGESIZE
+ pgsize = getpagesize();
+ #else
+ pgsize = 4096;
+ #endif
+
+ #if HAVE_MMAP
+ poolsize = (poolsize + pgsize -1 ) & ~(pgsize-1);
+ #ifdef MAP_ANONYMOUS
+ pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE,
+ MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+ #else /* map /dev/zero instead */
+ { int fd;
+
+ fd = open("/dev/zero", O_RDWR);
+ if( fd == -1 ) {
+ log_error("can't open /dev/zero: %s\n", strerror(errno) );
+ pool = (void*)-1;
+ }
+ else {
+ pool = mmap( 0, poolsize, PROT_READ|PROT_WRITE,
+ MAP_PRIVATE, fd, 0);
+ }
+ }
+ #endif
if( pool == (void*)-1 )
log_error("can't mmap pool of %u bytes: %s - using malloc\n",
(unsigned)poolsize, strerror(errno));
diff --git a/zlib/Makefile b/zlib/Makefile
index b98090a3b..26c6aa6d2 100644
--- a/zlib/Makefile
+++ b/zlib/Makefile
@@ -66,13 +66,13 @@ host_alias = i586-pc-linux-gnu
host_triplet = i586-pc-linux-gnu
target_alias = i586-pc-linux-gnu
target_triplet = i586-pc-linux-gnu
-CATALOGS = en.gmo de.gmo it.gmo fr.gmo
-CATOBJEXT = .gmo
+CATALOGS = en.mo de.mo it.mo fr.mo
+CATOBJEXT = .mo
CC = gcc
CPP = gcc -E
-DATADIRNAME = share
+DATADIRNAME = lib
DYNLINK_LDFLAGS = -rdynamic
-G10_LOCALEDIR = /usr/local/share/locale
+G10_LOCALEDIR = /usr/local/lib/locale
GENCAT =
GMOFILES = en.gmo de.gmo it.gmo fr.gmo
GMSGFMT = /usr/local/bin/msgfmt
@@ -80,9 +80,9 @@ GT_NO =
GT_YES = #YES#
INCLUDE_LOCALE_H = #include <locale.h>
INSTOBJEXT = .mo
-INTLDEPS = $(top_builddir)/intl/libintl.a
-INTLLIBS = $(top_builddir)/intl/libintl.a
-INTLOBJS = $(GETTOBJS)
+INTLDEPS =
+INTLLIBS =
+INTLOBJS =
MKINSTALLDIRS = scripts/mkinstalldirs
MPI_EXTRA_ASM_OBJS =
MSGFMT = /usr/local/bin/msgfmt
@@ -90,9 +90,9 @@ PACKAGE = gnupg
POFILES = en.po de.po it.po fr.po
POSUB = po
RANLIB = ranlib
-USE_INCLUDED_LIBINTL = yes
+USE_INCLUDED_LIBINTL = no
USE_NLS = yes
-VERSION = 0.3.4a
+VERSION = 0.3.5
ZLIBS =
l =
@@ -122,7 +122,7 @@ LIBRARIES = $(noinst_LIBRARIES)
DEFS = -DHAVE_CONFIG_H -I. -I$(srcdir) -I..
CPPFLAGS =
LDFLAGS =
-LIBS = -ldl -lz
+LIBS = -ldl -lz
libzlib_a_LIBADD =
libzlib_a_OBJECTS = adler32.o compress.o crc32.o gzio.o uncompr.o \
deflate.o trees.o zutil.o inflate.o infblock.o inftrees.o infcodes.o \