diff options
| -rw-r--r-- | BUGS | 41 | ||||
| -rw-r--r-- | OBUGS | 32 | ||||
| -rw-r--r-- | cipher/primegen.c | 3 | ||||
| -rw-r--r-- | cipher/pubkey.c | 24 | ||||
| -rw-r--r-- | g10/ChangeLog | 17 | ||||
| -rw-r--r-- | g10/armor.c | 36 | ||||
| -rw-r--r-- | g10/keygen.c | 9 | ||||
| -rw-r--r-- | g10/keyid.c | 107 | ||||
| -rw-r--r-- | g10/main.h | 6 | ||||
| -rw-r--r-- | g10/misc.c | 64 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/parse-packet.c | 2 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 10 | ||||
| -rw-r--r-- | g10/sig-check.c | 4 | ||||
| -rw-r--r-- | include/ChangeLog | 4 | ||||
| -rw-r--r-- | include/g10lib.h | 179 | ||||
| -rw-r--r-- | include/memory.h | 2 | ||||
| -rw-r--r-- | mpi/ChangeLog | 8 | ||||
| -rw-r--r-- | mpi/mpicoder.c | 125 | ||||
| -rwxr-xr-x | scripts/commit | 2 | ||||
| -rwxr-xr-x | scripts/mkwebpage | 3 | ||||
| -rw-r--r-- | util/ChangeLog | 6 | ||||
| -rw-r--r-- | util/memory.c | 8 | ||||
| -rw-r--r-- | util/secmem.c | 2 | ||||
| -rw-r--r-- | util/stringhelp.c | 22 | ||||
| -rw-r--r-- | util/stringhelp.h | 5 |
26 files changed, 364 insertions, 358 deletions
@@ -41,51 +41,22 @@ and after about half a day in the rsync snapshots. rndunix hangs on hp/ux. The problem is related to my_plcose which is not always called. (I suggest to use EGD instead of rndunix.) -[ *] #22 1999-07-22 - Solaris make has problems with the generated POTFILES - seems to be a - gettext bug. Use GNU make as a workaround. - FIX: 1999-12-03 (meanwhile fixed in gettext) - -[ *] #23 1999-09-03 <todd.brooks@yale.edu> 0.9.11 - Only the first signature of a cleartext sig seems to be verified. - Can't fix it in 1.0 because the code is semi-frozen. - HMMM: Can't reprodude the bug here - it just works. [ *] #24 1999-09-05 <marcus@yoyo.cc.monash.edu.au> 0.9.11 Does not link libc and libz expect when removing all "-lc -lz" except for the last one. This happens on some systems when not using the GNU ld. This need to be fixed in libtool. -[ **] #25 1999-10-04 <wk@gnupg.org> 1.0 - Validity check based on user name is only done when listing a key; - the key ID based checking (selecting the user ID with the most - validity) is used in all other cases. The Edit menu does not have - a way to disable user ID based validity. - FIX: 1999-12-03 (1.0.x only) - -[ *] #26 1999-11-11 - gpg still does not take UTF8 strings to select a UID. - FIX: 1999-11-12 - -[ **] #27 1999-11-12 <oren@hishome.net> - Unknown packets (type 17 - photo ID?) mess up the checking - of self-signature because they are simply ignored. - FIX: 1999-11-12 (1.0.x only) - [ *] #28 1999-11-29 --list-key will only emit an error about unknown UIDs when all UIDs are unknown. [Postponed for 1.2] +[ *] #30 1999-12-16 <pfeifer@dbai.tuwien.ac.at> + Using -r with a name does not check for multiple recpients and may + lead to unwanted recipients. -[ **] #29 1999-12-01 <karney@pppl.gov> - Using a --gen-key on a new user account (w/o ~./gnupg) doesn't pay - attention to the standard options files, which get's installed - afterwards. - FIX: 1999-12-02 - - - - +[ *] #31 199-12-24 Jeff Allen <jra@corp.webtv.net> + VPATH build in a subdirectory of the sources does not work for po files. -Next #30 +Next #31 @@ -100,3 +100,35 @@ Ctrl-D does not work correct for messages entered at the tty. FIX: 1999-06-18 (Better EOF detection on terminals) +[ *] #22 1999-07-22 + Solaris make has problems with the generated POTFILES - seems to be a + gettext bug. Use GNU make as a workaround. + FIX: 1999-12-03 (meanwhile fixed in gettext) + +[ *] #23 1999-09-03 <todd.brooks@yale.edu> 0.9.11 + Only the first signature of a cleartext sig seems to be verified. + Can't fix it in 1.0 because the code is semi-frozen. + HMMM: Can't reprodude the bug here - it just works. + +[ **] #25 1999-10-04 <wk@gnupg.org> 1.0 + Validity check based on user name is only done when listing a key; + the key ID based checking (selecting the user ID with the most + validity) is used in all other cases. The Edit menu does not have + a way to disable user ID based validity. + FIX: 1999-12-03 (1.0.x only) + +[ *] #26 1999-11-11 + gpg still does not take UTF8 strings to select a UID. + FIX: 1999-11-12 + +[ **] #27 1999-11-12 <oren@hishome.net> + Unknown packets (type 17 - photo ID?) mess up the checking + of self-signature because they are simply ignored. + FIX: 1999-11-12 (1.0.x only) + +[ **] #29 1999-12-01 <karney@pppl.gov> + Using a --gen-key on a new user account (w/o ~./gnupg) doesn't pay + attention to the standard options files, which get's installed + afterwards. + FIX: 1999-12-02 + diff --git a/cipher/primegen.c b/cipher/primegen.c index 1ad163332..450337905 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -241,7 +241,8 @@ generate_elg_prime( int mode, unsigned pbits, unsigned qbits, mpi_add_ui(g, g, 1); if( DBG_CIPHER ) { log_debug("checking g: "); - mpi_print( stderr, g, 1 ); + /*mpi_print( stderr, g, 1 );*/ + #warning we need an internal mpi_print for debugging } else progress('^'); diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 4b2c55e41..86b797df2 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -635,6 +635,17 @@ release_mpi_array( MPI *array ) * * Returns: A pointer to an allocated array of MPIs if the return value is * zero; the caller has to release this array. + * + * Example of a DSA public key: + * (private-key + * (dsa + * (p <mpi>) + * (g <mpi>) + * (y <mpi>) + * (x <mpi>) + * ) + * ) + * The <mpi> are expected to be in GCRYMPI_FMT_USG */ static int sexp_to_key( GCRY_SEXP sexp, int want_private, MPI **retarray, int *retalgo) @@ -783,8 +794,8 @@ gcry_pk_decrypt( GCRY_SEXP *result, GCRY_SEXP data, GCRY_SEXP skey ) /**************** * Create a signature. * - * Caller has to provide a secret kez as the SEXP skey and data expressed - * as a SEXP list hash with only one emelennt which should instantly be + * Caller has to provide a secret key as the SEXP skey and data expressed + * as a SEXP list hash with only one element which should instantly be * available as a MPI. Later versions of this functions may provide padding * and other things depending on data. * @@ -793,6 +804,15 @@ gcry_pk_decrypt( GCRY_SEXP *result, GCRY_SEXP data, GCRY_SEXP skey ) * signature value; the structure of this signature depends on the * other arguments but is always suitable to be passed to * gcry_pk_verify + * + * s_hash = (<mpi>) + * s_skey = <key-as-defined-in-sexp_to_key> + * r_sig = (sig-val + * (<algo> + * (<param_name1> <mpi>) + * ... + * (<param_namen> <mpi>) + * )) */ int gcry_pk_sign( GCRY_SEXP *r_sig, GCRY_SEXP s_hash, GCRY_SEXP s_skey ) diff --git a/g10/ChangeLog b/g10/ChangeLog index de4fc890c..45f6af4db 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,20 @@ +Fri Dec 31 12:48:31 CET 1999 Werner Koch <wk@gnupg.de> + + * keyid.c (do_fingerprint_md): Replaced mpi_get_buffer by gcry_mpi_print. + (v3_keyid): New. + (keyid_from_sk): And use it here. + (keyid_from_pk): Ditto. + (fingerprint_from_sk): Ditto. + (fingerprint_from_pk): Ditto. + + * misc.c (mpi_print): New. + + * misc.c (checksum_mpi): Now uses gcry_mpi_print to get the data. + + * seckey-cert.c (do_check): Replaced mpi_read_from_buffer. + + * armor.c (armor_filter): Made the "Comment:" header translatable. + Wed Dec 8 21:58:32 CET 1999 Werner Koch <wk@gnupg.de> * seckey-cert.c: Removed obsolete mpi_*_protect_flag. diff --git a/g10/armor.c b/g10/armor.c index d595141ba..192a4188c 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -876,6 +876,8 @@ armor_filter( void *opaque, int control, } else if( control == IOBUFCTRL_FLUSH ) { if( !afx->status ) { /* write the header line */ + const char *s; + if( afx->what >= DIM(head_strings) ) log_bug("afx->what=%d", afx->what); iobuf_writestr(a, "-----"); @@ -885,26 +887,24 @@ armor_filter( void *opaque, int control, iobuf_writestr(a, "Version: GnuPG v" VERSION " (" PRINTABLE_OS_NAME ")\n"); - if( opt.comment_string ) { - const char *s = opt.comment_string; - if( *s ) { - iobuf_writestr(a, "Comment: " ); - for( ; *s; s++ ) { - if( *s == '\n' ) - iobuf_writestr(a, "\\n" ); - else if( *s == '\r' ) - iobuf_writestr(a, "\\r" ); - else if( *s == '\v' ) - iobuf_writestr(a, "\\v" ); - else - iobuf_put(a, *s ); - } - iobuf_put(a, '\n' ); + /* write the comment string or a default one */ + s = opt.comment_string ? opt.comment_string + : _("For info see http://www.gnupg.org"); + if( *s ) { + iobuf_writestr(a, "Comment: " ); + for( ; *s; s++ ) { + if( *s == '\n' ) + iobuf_writestr(a, "\\n" ); + else if( *s == '\r' ) + iobuf_writestr(a, "\\r" ); + else if( *s == '\v' ) + iobuf_writestr(a, "\\v" ); + else + iobuf_put(a, *s ); } + iobuf_put(a, '\n' ); } - else - iobuf_writestr(a, - "Comment: For info see http://www.gnupg.org\n"); + if( afx->hdrlines ) iobuf_writestr(a, afx->hdrlines); iobuf_put(a, '\n'); diff --git a/g10/keygen.c b/g10/keygen.c index 2d3c88f43..10f27952a 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -26,6 +26,7 @@ #include <errno.h> #include <assert.h> #include "util.h" +#include "memory.h" #include "main.h" #include "packet.h" #include "dummy-cipher.h" @@ -83,12 +84,12 @@ keygen_add_std_prefs( PKT_signature *sig, void *opaque ) keygen_add_key_expire( sig, opaque ); - buf[0] = CIPHER_ALGO_TWOFISH; - buf[1] = CIPHER_ALGO_CAST5; + buf[0] = GCRY_CIPHER_TWOFISH; + buf[1] = GCRY_CIPHER_CAST5; build_sig_subpkt( sig, SIGSUBPKT_PREF_SYM, buf, 2 ); - buf[0] = DIGEST_ALGO_RMD160; - buf[1] = DIGEST_ALGO_SHA1; + buf[0] = GCRY_MD_RMD160; + buf[1] = GCRY_MD_SHA1; build_sig_subpkt( sig, SIGSUBPKT_PREF_HASH, buf, 2 ); buf[0] = 2; diff --git a/g10/keyid.c b/g10/keyid.c index ac3e71258..774b90a9a 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -54,8 +54,7 @@ do_fingerprint_md( PKT_public_key *pk ) { GCRY_MD_HD md; unsigned n; - unsigned nb[GNUPG_MAX_NPKEY]; - unsigned nn[GNUPG_MAX_NPKEY]; + unsigned int nn[GNUPG_MAX_NPKEY]; byte *pp[GNUPG_MAX_NPKEY]; int i; int npkey = pubkey_get_npkey( pk->pubkey_algo ); @@ -65,9 +64,17 @@ do_fingerprint_md( PKT_public_key *pk ) BUG(); n = pk->version < 4 ? 8 : 6; for(i=0; i < npkey; i++ ) { - nb[i] = mpi_get_nbits(pk->pkey[i]); - pp[i] = mpi_get_buffer( pk->pkey[i], nn+i, NULL ); - n += 2 + nn[i]; + int rc; + size_t nbytes; + + rc = gcry_mpi_print( GCRYMPI_FMT_PGP, NULL, &nbytes, pk->pkey[i] ); + assert( !rc ); + /* fixme: we should try to allocate a buffer on the stack */ + pp[i] = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_PGP, pp[1], &nbytes, pk->pkey[i] ); + assert( !rc ); + nn[i] = nbytes; + n += nn[i]; } gcry_md_putc( md, 0x99 ); /* ctb */ @@ -96,8 +103,6 @@ do_fingerprint_md( PKT_public_key *pk ) } gcry_md_putc( md, pk->pubkey_algo ); for(i=0; i < npkey; i++ ) { - gcry_md_putc( md, nb[i]>>8); - gcry_md_putc( md, nb[i] ); gcry_md_write( md, pp[i], nn[i] ); m_free(pp[i]); } @@ -124,6 +129,30 @@ do_fingerprint_md_sk( PKT_secret_key *sk ) } +static void +v3_keyid( MPI a, u32 *ki ) +{ + int rc; + byte *buffer; + size_t nbytes; + + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, a ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buffer = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buffer, &nbytes, a ); + assert( !rc ); + if( nbytes < 8 ) { /* oops */ + ki[0] = ki[1] = 0; + } + else { + memcpy( ki+0, buffer+nbytes-8, 4); + memcpy( ki+1, buffer+nbytes-4, 4); + } + m_free( buffer ); +} + + /**************** * Get the keyid from the secret key and put it into keyid * if this is not NULL. Return the 32 low bits of the keyid. @@ -131,15 +160,16 @@ do_fingerprint_md_sk( PKT_secret_key *sk ) u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid ) { - u32 lowbits; u32 dummy_keyid[2]; if( !keyid ) keyid = dummy_keyid; if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) { - lowbits = pubkey_get_npkey(sk->pubkey_algo) ? - mpi_get_keyid( sk->skey[0], keyid ) : 0; /* take n */ + if( pubkey_get_npkey(sk->pubkey_algo) ) + v3_keyid( sk->skey[0], keyid ); /* take n */ + else + keyid[0] = keyid[1] = 0; } else { const byte *dp; @@ -148,11 +178,10 @@ keyid_from_sk( PKT_secret_key *sk, u32 *keyid ) dp = gcry_md_read( md, 0 ); keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; - lowbits = keyid[1]; gcry_md_close(md); } - return lowbits; + return keyid[1]; } @@ -163,7 +192,6 @@ keyid_from_sk( PKT_secret_key *sk, u32 *keyid ) u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid ) { - u32 lowbits; u32 dummy_keyid[2]; if( !keyid ) @@ -172,11 +200,12 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid ) if( pk->keyid[0] || pk->keyid[1] ) { keyid[0] = pk->keyid[0]; keyid[1] = pk->keyid[1]; - lowbits = keyid[1]; } else if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) { - lowbits = pubkey_get_npkey(pk->pubkey_algo) ? - mpi_get_keyid( pk->pkey[0], keyid ) : 0 ; /* from n */ + if( pubkey_get_npkey(pk->pubkey_algo) ) + v3_keyid( pk->pkey[0], keyid ); /* from n */ + else + keyid[0] = keyid[1] = 0; pk->keyid[0] = keyid[0]; pk->keyid[1] = keyid[1]; } @@ -187,13 +216,12 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid ) dp = gcry_md_read( md, 0 ); keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; - lowbits = keyid[1]; gcry_md_close(md); pk->keyid[0] = keyid[0]; pk->keyid[1] = keyid[1]; } - return lowbits; + return keyid[1]; } @@ -357,11 +385,24 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len ) if( !md ) BUG(); if( pubkey_get_npkey( pk->pubkey_algo ) > 1 ) { - p = buf = mpi_get_buffer( pk->pkey[0], &n, NULL ); - gcry_md_write( md, p, n ); + int rc; + size_t nbytes; + + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, pk->pkey[0] ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buf = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buf, &nbytes, pk->pkey[0] ); + assert( !rc ); + gcry_md_write( md, buf, nbytes ); m_free(buf); - p = buf = mpi_get_buffer( pk->pkey[1], &n, NULL ); - gcry_md_write( md, p, n ); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, pk->pkey[1] ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buf = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buf, &nbytes, pk->pkey[1] ); + assert( !rc ); + gcry_md_write( md, buf, nbytes ); m_free(buf); } gcry_md_final(md); @@ -403,11 +444,25 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len ) if( !md ) BUG(); if( pubkey_get_npkey( sk->pubkey_algo ) > 1 ) { - p = buf = mpi_get_buffer( sk->skey[1], &n, NULL ); - gcry_md_write( md, p, n ); + int rc; + size_t nbytes; + + #warning Why is the hash sequence for secret keys different + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, sk->skey[1] ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buf = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buf, &nbytes, sk->skey[1] ); + assert( !rc ); + gcry_md_write( md, buf, nbytes ); m_free(buf); - p = buf = mpi_get_buffer( sk->skey[0], &n, NULL ); - gcry_md_write( md, p, n ); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, sk->skey[0] ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buf = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buf, &nbytes, sk->skey[0] ); + assert( !rc ); + gcry_md_write( md, buf, nbytes ); m_free(buf); } gcry_md_final(md); diff --git a/g10/main.h b/g10/main.h index 1649a69ef..03cba92c5 100644 --- a/g10/main.h +++ b/g10/main.h @@ -58,8 +58,10 @@ u16 checksum_mpi( MPI a ); u32 buffer_to_u32( const byte *buffer ); int mpi_write( IOBUF out, GCRY_MPI a ); -GCRY_MPI mpi_read(IOBUF inp, unsigned *ret_nread ); -GCRY_MPI mpi_read_opaque(IOBUF inp, unsigned *ret_nread ); +int mpi_write_opaque( IOBUF out, MPI a ); +GCRY_MPI mpi_read(IOBUF inp, unsigned int *ret_nread, int secure ); +GCRY_MPI mpi_read_opaque(IOBUF inp, unsigned int *ret_nread ); +int mpi_print( FILE *fp, MPI a, int mode ); int openpgp_cipher_test_algo( int algo ); int openpgp_pk_test_algo( int algo, unsigned int usage_flags ); diff --git a/g10/misc.c b/g10/misc.c index 4d7644f4c..a750cca75 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -23,6 +23,7 @@ #include <stdlib.h> #include <string.h> #include <errno.h> +#include <assert.h> #if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2 #include <asm/sysinfo.h> #include <asm/unistd.h> @@ -116,12 +117,13 @@ mpi_write_opaque( IOBUF out, MPI a ) { size_t nbytes, nbits; int rc; + char *p; assert( gcry_mpi_get_flag( a, GCRYMPI_FLAG_OPAQUE ) ); p = gcry_mpi_get_opaque( a, &nbits ); nbytes = (nbits+7) / 8; iobuf_put( out, nbits >> 8 ); - iobuf_put( out, nbits ) + iobuf_put( out, nbits ); rc = iobuf_write( out, p, nbytes ); return rc; } @@ -134,10 +136,10 @@ mpi_write_opaque( IOBUF out, MPI a ) * with MSB first (left padded with zeroes to align on a byte boundary). */ MPI -mpi_read(IOBUF inp, unsigned *ret_nread, int secure) +mpi_read(IOBUF inp, unsigned int *ret_nread, int secure) { int c, c1, c2, i; - unsigned nbits, nbytes, nread=0; + unsigned int nbits, nbytes, nread=0; MPI a = NULL; byte *buf = NULL; byte *p; @@ -163,8 +165,8 @@ mpi_read(IOBUF inp, unsigned *ret_nread, int secure) nread++; } nread += nbytes; - /* FIXME: replace with the gcry_scan function */ - a = mpi_read_from_buffer( buf, &nread, secure ); + if( gcry_mpi_scan( &a, GCRYMPI_FMT_PGP, buf, &nread ) ) + a = NULL; leave: m_free(buf); @@ -220,6 +222,35 @@ mpi_read_opaque(IOBUF inp, unsigned *ret_nread ) } +int +mpi_print( FILE *fp, MPI a, int mode ) +{ + int n=0; + + if( !a ) + return fprintf(fp, "[MPI_NULL]"); + if( !mode ) { + unsigned int n1; + n1 = gcry_mpi_get_nbits(a); + n += fprintf(fp, "[%u bits]", n1); + } + else { + int rc; + byte *buffer; + size_t nbytes; + + rc = gcry_mpi_print( GCRYMPI_FMT_HEX, NULL, &nbytes, a ); + assert( !rc ); + buffer = m_is_secure(a)? m_alloc_secure(nbytes) : m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_HEX, buffer, &nbytes, a ); + assert( !rc ); + fputs( buffer, fp ); + n += strlen(buffer); + m_free( buffer ); + } + return n; +} + u16 checksum_u16( unsigned n ) @@ -244,15 +275,21 @@ checksum( byte *p, unsigned n ) u16 checksum_mpi( MPI a ) { + int rc; u16 csum; byte *buffer; - unsigned nbytes; - unsigned nbits; + size_t nbytes; - buffer = mpi_get_buffer( a, &nbytes, NULL ); - nbits = mpi_get_nbits(a); - csum = checksum_u16( nbits ); - csum += checksum( buffer, nbytes ); + rc = gcry_mpi_print( GCRYMPI_FMT_PGP, NULL, &nbytes, a ); + assert( !rc ); + /* fixme: for numbers not in the suecre memory we + * should use a stack based buffer and only allocate + * a larger one when the mpi_print return an error + */ + buffer = m_is_secure(a)? m_alloc_secure(nbytes) : m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_PGP, buffer, &nbytes, a ); + assert( !rc ); + csum = checksum( buffer, nbytes ); m_free( buffer ); return csum; } @@ -388,3 +425,8 @@ pubkey_get_nenc( int algo ) return n > 0? n : 0; } +int +pubkey_nbits() +{ +} + diff --git a/g10/options.h b/g10/options.h index 4a2251052..937d452ed 100644 --- a/g10/options.h +++ b/g10/options.h @@ -102,6 +102,7 @@ struct { #define DBG_FILTER (opt.debug & DBG_FILTER_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_TRUST (opt.debug & DBG_TRUST_VALUE) +#define DBG_CIPHER (opt.debug & DBG_CIPHER_VALUE) #endif /*G10_OPTIONS_H*/ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index e4e9fdd51..e72e16d65 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1423,7 +1423,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, else { /* v3 method: the mpi length is not encrypted */ for(i=npkey; i < nskey; i++ ) { n = pktlen; - sk->skey[i] = mpi_read_opaque(inp, &n, 0 ); + sk->skey[i] = mpi_read_opaque(inp, &n ); pktlen -=n; if( list_mode ) { printf( "\tskey[%d]: ", i); diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index b228bc9c8..7cacb9f5b 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -109,8 +109,12 @@ do_check( PKT_secret_key *sk ) if( sk->csum == csum ) { for( ; i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { nbytes = ndata; - sk->skey[i] = mpi_read_from_buffer(p, &nbytes, 1 ); - /* fixme: replace by mpi_scan */ + assert( m_is_secure( p ) ); + res = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP, + p, &nbytes); + if( res ) + log_bug("gcry_mpi_scan failed in do_check: rc=%d\n", res); + ndata -= nbytes; p += nbytes; } @@ -134,6 +138,8 @@ do_check( PKT_secret_key *sk ) res = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_USG, data, &ndata ); + if( res ) + log_bug("gcry_mpi_scan failed in do_check: rc=%d\n", res); csum += checksum_mpi( sk->skey[i] ); m_free( buffer ); diff --git a/g10/sig-check.c b/g10/sig-check.c index 4fbf0808c..842055d17 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -105,7 +105,7 @@ pk_verify( int algo, MPI hash, MPI *data, MPI *pkey, NULL )); } else if( algo == GCRY_PK_RSA ) { - s_sig = SEXP_CONS( SEXP_NEW( "public-key", 10 ), + s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), gcry_sexp_new_name_mpi( "s", data[0] ), NULL )); @@ -167,7 +167,7 @@ do_signature_check( PKT_signature *sig, GCRY_MD_HD digest, u32 *r_expire ) int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); byte *p, *buffer; - if( !(md = gcry_md_open( DIGEST_ALGO_RMD160, 0)) ) + if( !(md = gcry_md_open( GCRY_MD_RMD160, 0)) ) BUG(); gcry_md_putc( digest, sig->pubkey_algo ); gcry_md_putc( digest, sig->digest_algo ); diff --git a/include/ChangeLog b/include/ChangeLog index ed7e47992..48124e9f3 100644 --- a/include/ChangeLog +++ b/include/ChangeLog @@ -13,17 +13,14 @@ Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de> Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> - * i18n.h: Add support for simple-gettext. Tue Jun 29 21:44:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> - * util.h (stricmp): Use strcasecmp as replacement. Sat Jun 26 12:15:59 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> - * cipher.h (MD_HANDLE): Assigned a structure name. Fri Apr 9 12:26:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> @@ -34,7 +31,6 @@ Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> * cipher.h (DEK): increased max. key length to 32 bytes - Sat Feb 20 21:40:49 CET 1999 Werner Koch <wk@isil.d.shuttle.de> * g10lib.h: Removed file and changed all files that includes this. diff --git a/include/g10lib.h b/include/g10lib.h deleted file mode 100644 index 158901c0f..000000000 --- a/include/g10lib.h +++ /dev/null @@ -1,179 +0,0 @@ -/* g10lib.h - internal defintions for libgcrypt - * Copyright (C) 1998 Free Software Foundation, Inc. - * - * This header is to be used inside of libgcrypt in place of gcrypt.h. - * This way we can easily distinguish between internal and external - * usage of gcrypt.h - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ - -#ifndef G10LIB_H -#define G10LIB_H 1 - -#ifdef _GCRYPT_H - #error gcrypt.h already included -#endif -/* because libgcrypt is distributed along with GnuPG, we need some way - * to do a sanity check. If this macro is defined, we are inside of - * libgcrypt */ -#define _GCRYPT_IN_LIBGCRYPT 1 - -#include <gcrypt.h> -#include "types.h" - -#ifdef G10_I18N_H - #error i18n should not be included here -#endif - -#define _(a) g10_gettext(a) -#define N_(a) (a) - -/*-- gcrypt/global.c --*/ -int set_lasterr( int ec ); - -void *g10_malloc( size_t n ); -void *g10_calloc( size_t n, size_t m ); -void *g10_malloc_secure( size_t n ); -void *g10_calloc_secure( size_t n, size_t m ); -void *g10_realloc( void *a, size_t n ); -char *g10_strdup( const char * a); -void *g10_xmalloc( size_t n ); -void *g10_xcalloc( size_t n, size_t m ); -void *g10_xmalloc_secure( size_t n ); -void *g10_xcalloc_secure( size_t n, size_t m ); -void *g10_xrealloc( void *a, size_t n ); -char *g10_xstrdup( const char * a); -void g10_free( void *p ); -int g10_is_secure( const void *a ); -void g10_check_heap( const void *a ); - - -/*-- gcrypt/misc.c --*/ - -#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) -#define G10_GCC_A_NR __attribute__ ((noreturn)) -#define G10_GCC_A_PRINTF( f, a ) \ - __attribute__ ((format (printf,f,a))) -#define G10_GCC_A_NR_PRINTF( f, a ) \ - __attribute__ ((noreturn, format (printf,f,a))) -void g10_bug( const char *file, int line, const char *func ) G10_GCC_A_NR; -#else -#define G10_GCC_A_NR -#define G10_GCC_A_PRINTF( f, a ) -#define G10_GCC_A_NR_PRINTF( f, a ) -void g10_bug( const char *file, int line ); -#endif - -const char *g10_gettext( const char *key ); -void g10_fatal_error(int rc, const char *text ) G10_GCC_A_NR; -void g10_log( int level, const char *fmt, ... ) G10_GCC_A_PRINTF(2,3); -void g10_log_bug( const char *fmt, ... ) G10_GCC_A_NR_PRINTF(1,2); -void g10_log_fatal( const char *fmt, ... ) G10_GCC_A_NR_PRINTF(1,2); -void g10_log_error( const char *fmt, ... ) G10_GCC_A_PRINTF(1,2); -void g10_log_info( const char *fmt, ... ) G10_GCC_A_PRINTF(1,2); -void g10_log_debug( const char *fmt, ... ) G10_GCC_A_PRINTF(1,2); - - -/*-- util/{secmem,memory}.c --*/ - -void *g10_private_malloc( size_t n ); -void *g10_private_malloc_secure( size_t n ); -int g10_private_is_secure( const void *p ); -void g10_private_check_heap( const void *p ); -void *g10_private_realloc( void *a, size_t n ); -void g10_private_free( void *p ); - - - -/*-- cipher/pubkey.c --*/ - -#ifndef DID_MPI_TYPEDEF - typedef struct gcry_mpi * MPI; - #define DID_MPI_TYPEDEF -#endif - -int string_to_pubkey_algo( const char *string ); -const char * pubkey_algo_to_string( int algo ); -unsigned pubkey_nbits( int algo, MPI *pkey ); -int pubkey_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors ); -int pubkey_check_secret_key( int algo, MPI *skey ); -int pubkey_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ); -int pubkey_decrypt( int algo, MPI *result, MPI *data, MPI *skey ); - - - - -/*-- primegen.c --*/ -MPI generate_secret_prime( unsigned nbits ); -MPI generate_public_prime( unsigned nbits ); -MPI generate_elg_prime( int mode, unsigned pbits, unsigned qbits, - MPI g, MPI **factors ); - - - -/* logging macros */ -#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) - #define BUG() g10_bug( __FILE__ , __LINE__, __FUNCTION__ ) -#else - #define BUG() g10_bug( __FILE__ , __LINE__ ) -#endif - -#define log_hexdump g10_log_hexdump -#define log_bug g10_log_bug -#define log_fatal g10_log_fatal -#define log_error g10_log_error -#define log_info g10_log_info -#define log_debug g10_log_debug - - -/* replacements of missing functions */ -#ifndef HAVE_MEMICMP -int memicmp( const char *a, const char *b, size_t n ); -#endif -#ifndef HAVE_STPCPY -char *stpcpy(char *a,const char *b); -#endif -#ifndef HAVE_STRLWR -char *strlwr(char *a); -#endif -#ifndef HAVE_STRTOUL - #define strtoul(a,b,c) ((unsigned long)strtol((a),(b),(c))) -#endif -#ifndef HAVE_MEMMOVE - #define memmove(d, s, n) bcopy((s), (d), (n)) -#endif -#ifndef HAVE_STRICMP - #define stricmp(a,b) strcasecmp( (a), (b) ) -#endif -#ifndef HAVE_ATEXIT - #define atexit(a) (on_exit((a),0)) -#endif -#ifndef HAVE_RAISE - #define raise(a) kill(getpid(), (a)) -#endif - -/* some handy macros */ -#ifndef STR - #define STR(v) #v -#endif -#define STR2(v) STR(v) -#define DIM(v) (sizeof(v)/sizeof((v)[0])) -#define DIMof(type,member) DIM(((type *)0)->member) - - -#endif /* G10LIB_H */ diff --git a/include/memory.h b/include/memory.h index d7d7aabeb..32c42fcd5 100644 --- a/include/memory.h +++ b/include/memory.h @@ -58,6 +58,8 @@ void m_check( const void *a ); char *m_strdup( const char * a); #endif +int m_is_secure( const void *a ); + size_t m_size( const void *a ); void m_print_stats(const char *prefix); diff --git a/mpi/ChangeLog b/mpi/ChangeLog index 81fec2a00..2a85de0e2 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,11 @@ +Fri Dec 31 12:48:31 CET 1999 Werner Koch <wk@gnupg.de> + + * mpicoder.c (mpi_read_from_buffer): Made static. + (gcry_mpi_print): A buffer of NULL is now allowed to get the required + length back. + (mpi_get_keyid): Removed. + (mpi_print): Made static - should be removed. + Wed Dec 8 21:58:32 CET 1999 Werner Koch <wk@gnupg.de> * Makefile.am (INCLUDES): Add ../gcrypt. diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c index 352468cbd..753c17673 100644 --- a/mpi/mpicoder.c +++ b/mpi/mpicoder.c @@ -32,7 +32,7 @@ #define MAX_EXTERN_MPI_BITS 16384 -MPI +static MPI mpi_read_from_buffer(byte *buffer, unsigned *ret_nread, int secure) { int i, j; @@ -156,7 +156,7 @@ mpi_fromstr(MPI val, const char *str) * printed. * FIXME: Replace this by the more generic gcry_mpi_print() */ -int +static int mpi_print( FILE *fp, MPI a, int mode ) { int i, n=0; @@ -202,30 +202,6 @@ g10_log_mpidump( const char *text, MPI a ) fputc('\n', fp); } -/**************** - * Special function to get the low 8 bytes from an mpi. - * This can be used as a keyid; KEYID is an 2 element array. - * Return the low 4 bytes. - */ -u32 -mpi_get_keyid( MPI a, u32 *keyid ) -{ -#if BYTES_PER_MPI_LIMB == 4 - if( keyid ) { - keyid[0] = a->nlimbs >= 2? a->d[1] : 0; - keyid[1] = a->nlimbs >= 1? a->d[0] : 0; - } - return a->nlimbs >= 1? a->d[0] : 0; -#elif BYTES_PER_MPI_LIMB == 8 - if( keyid ) { - keyid[0] = a->nlimbs? (u32)(a->d[0] >> 32) : 0; - keyid[1] = a->nlimbs? (u32)(a->d[0] & 0xffffffff) : 0; - } - return a->nlimbs? (u32)(a->d[0] & 0xffffffff) : 0; -#else - #error Make this function work with other LIMB sizes -#endif -} /**************** @@ -453,6 +429,7 @@ gcry_mpi_scan( struct gcry_mpi **ret_mpi, enum gcry_mpi_format format, /**************** * Write a using format into buffer which has a length of *NBYTES. * Returns the number of bytes actually written in nbytes. + * Buffer maybe NULL to query the required length of the buffer */ int gcry_mpi_print( enum gcry_mpi_format format, char *buffer, size_t *nbytes, @@ -465,8 +442,8 @@ gcry_mpi_print( enum gcry_mpi_format format, char *buffer, size_t *nbytes, return GCRYERR_INV_ARG; len = *nbytes; + *nbytes = 0; if( format == GCRYMPI_FMT_STD ) { - byte *s = buffer; char *tmp; int extra = 0; unsigned int n; @@ -480,39 +457,43 @@ gcry_mpi_print( enum gcry_mpi_format format, char *buffer, size_t *nbytes, extra=1; } - if( n > len ) { + if( n > len && buffer ) { m_free(tmp); return GCRYERR_TOO_SHORT; /* the provided buffer is too short */ } - if( extra ) - *s++ = 0; + if( buffer ) { + byte *s = buffer; + if( extra ) + *s++ = 0; - memcpy( s, tmp, n-extra ); + memcpy( s, tmp, n-extra ); + } m_free(tmp); *nbytes = n; return 0; } else if( format == GCRYMPI_FMT_PGP ) { unsigned int n = (nbits + 7)/8; - byte *s = buffer; - char *tmp; if( a->sign ) return GCRYERR_INV_ARG; /* pgp format can only handle unsigned */ - if( n+2 > len ) + if( n+2 > len && buffer ) return GCRYERR_TOO_SHORT; /* the provided buffer is too short */ - s[0] = nbits >> 8; - s[1] = nbits; - - tmp = mpi_get_buffer( a, &n, NULL ); - memcpy( s+2, tmp, n ); - m_free(tmp); + if( buffer ) { + char *tmp; + byte *s = buffer; + s[0] = nbits >> 8; + s[1] = nbits; + + tmp = mpi_get_buffer( a, &n, NULL ); + memcpy( s+2, tmp, n ); + m_free(tmp); + } *nbytes = n+2; return 0; } else if( format == GCRYMPI_FMT_SSH ) { - byte *s = buffer; char *tmp; int extra = 0; unsigned int n; @@ -526,24 +507,26 @@ gcry_mpi_print( enum gcry_mpi_format format, char *buffer, size_t *nbytes, extra=1; } - if( n+4 > len ) { + if( n+4 > len && buffer ) { m_free(tmp); return GCRYERR_TOO_SHORT; /* the provided buffer is too short */ } - *s++ = n >> 24; - *s++ = n >> 16; - *s++ = n >> 8; - *s++ = n; - if( extra ) - *s++ = 0; - - memcpy( s, tmp, n-extra ); + if( buffer ) { + byte *s = buffer; + *s++ = n >> 24; + *s++ = n >> 16; + *s++ = n >> 8; + *s++ = n; + if( extra ) + *s++ = 0; + + memcpy( s, tmp, n-extra ); + } m_free(tmp); *nbytes = 4+n; return 0; } else if( format == GCRYMPI_FMT_HEX ) { - byte *s = buffer; byte *tmp; int i; int extra = 0; @@ -553,25 +536,37 @@ gcry_mpi_print( enum gcry_mpi_format format, char *buffer, size_t *nbytes, if( !n || (*tmp & 0x80) ) extra=1; - if( 2*n+3+1 > len ) { + if( 2*n+3+1 > len && buffer ) { m_free(tmp); return GCRYERR_TOO_SHORT; /* the provided buffer is too short */ } - if( a->sign ) - *s++ = '-'; - if( extra ) { - *s++ = '0'; - *s++ = '0'; - } + if( buffer ) { + byte *s = buffer; + if( a->sign ) + *s++ = '-'; + if( extra ) { + *s++ = '0'; + *s++ = '0'; + } - for(i=0; i < n; i++ ) { - unsigned int c = tmp[i]; - *s++ = (c >> 4) < 10? '0'+(c>>4) : 'A'+(c>>4)-10 ; - c &= 15; - *s++ = c < 10? '0'+c : 'A'+c-10 ; + for(i=0; i < n; i++ ) { + unsigned int c = tmp[i]; + *s++ = (c >> 4) < 10? '0'+(c>>4) : 'A'+(c>>4)-10 ; + c &= 15; + *s++ = c < 10? '0'+c : 'A'+c-10 ; + } + *s++ = 0; + *nbytes = (char*)s - buffer; + } + else { + *nbytes = n; + if( a->sign ) + ++*nbytes; + if( extra ) + *nbytes += 2; + ++*nbytes; /* terminating Nul */ } - *s++ = 0; - *nbytes = (char*)s - buffer; + m_free(tmp); return 0; } else diff --git a/scripts/commit b/scripts/commit index 18a9b4aa7..6bfa0a615 100755 --- a/scripts/commit +++ b/scripts/commit @@ -59,5 +59,5 @@ for i in `find . -name cvs-add -print`; do fi done -cvs commit -m "See ChangeLog: $date $name" $* +cvs -z3 commit -m "See ChangeLog: $date $name" $* diff --git a/scripts/mkwebpage b/scripts/mkwebpage index 811de2a11..eba90d490 100755 --- a/scripts/mkwebpage +++ b/scripts/mkwebpage @@ -8,7 +8,6 @@ pgm="gnupg-www" mod="gnupg-www" MKWEBSITE=$HOME/bin/mkwebsite - cd $myhome rm -rf $pgm.tmp 2>/dev/null || true @@ -30,6 +29,8 @@ echo "(List generated from CVS: " $(date +%Y-%m-%d) ")" >> $pgm.tmp/en/include- cd $pgm.tmp $MKWEBSITE --cvs --use-this-dir $myhome/$pgm.new cd $myhome +cp -a gph $pgm.new/ || true + rm -rf $pgm.tmp || true rm -rf $pgm.old || true diff --git a/util/ChangeLog b/util/ChangeLog index aadb8b4d0..923d35705 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,9 @@ +Fri Dec 31 12:48:31 CET 1999 Werner Koch <wk@gnupg.de> + + * memory.c (m_is_secure): New. + + * stringhelp.c (trim_trailing_spaces): New. + Wed Dec 8 21:58:32 CET 1999 Werner Koch <wk@gnupg.de> * strgutil.c (strcasecmp): New. diff --git a/util/memory.c b/util/memory.c index 712e20d26..db64ceeaf 100644 --- a/util/memory.c +++ b/util/memory.c @@ -37,7 +37,7 @@ #include "memory.h" #include "util.h" -/* FXIME: ugly hack. Need a prototype here bug can't include g10lib.h */ +/* FXIME: ugly hack. Need a prototype here but can't include g10lib.h */ int g10_private_is_secure( void *p ); @@ -642,4 +642,10 @@ FNAME(strdup)( const char *a FNAMEPRT ) return p; } +int +m_is_secure( const void *a ) +{ + return g10_private_is_secure(a); +} + diff --git a/util/secmem.c b/util/secmem.c index 84ec4c2a1..2eb2dfc9e 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -381,7 +381,7 @@ g10_private_is_secure( const void *p ) /**************** * Warning: This code might be called by an interrupt handler - * and frankly, thre should really be such a handler, + * and frankly, there should really be such a handler, * to make sure that the memory is wiped out. * We hope that the OS wipes out mlocked memory after * receiving a SIGKILL - it really should do so, otherwise diff --git a/util/stringhelp.c b/util/stringhelp.c index 16908f9a3..32318dad3 100644 --- a/util/stringhelp.c +++ b/util/stringhelp.c @@ -103,6 +103,28 @@ trim_spaces( char *str ) return str ; } +/**************** + * remove trailing white spaces + */ +char * +trim_trailing_spaces( char *string ) +{ + char *p, *mark; + + for( mark = NULL, p = string; *p; p++ ) { + if( isspace( *(byte*)p ) ) { + if( !mark ) + mark = p; + } + else + mark = NULL; + } + if( mark ) + *mark = '\0' ; + + return string ; +} + unsigned diff --git a/util/stringhelp.h b/util/stringhelp.h index 98b3ad551..c51cb552f 100644 --- a/util/stringhelp.h +++ b/util/stringhelp.h @@ -25,9 +25,10 @@ const char *memistr( const char *buf, size_t buflen, const char *sub ); char *mem2str( char *, const void *, size_t); char *trim_spaces( char *string ); -unsigned int trim_trailing_chars( byte *line, unsigned len, +char *trim_trailing_spaces( char *string ); +unsigned int trim_trailing_chars( unsigned char *line, unsigned len, const char *trimchars); -unsigned int trim_trailing_ws( byte *line, unsigned len ); +unsigned int trim_trailing_ws( unsigned char *line, unsigned len ); #ifndef HAVE_MEMICMP |