Makefile.am | 4 +- cipher/Makefile.am | 1 + cipher/Makefile.in | 4 +- cipher/algorithms.h | 9 ++++ cipher/md.c | 12 ++++- cipher/rsa.c | 49 ++++++++++++++++--- cipher/sha1dc.c | 124 +++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 12 +++-- doc/gpg.texi | 4 ++ g10/gpg.c | 7 +++ g10/keyid.c | 18 +++---- g10/main.h | 2 +- g10/options.h | 11 ++--- g10/options.skel | 37 +++++--------- g10/sign.c | 2 +- include/cipher.h | 11 +++-- include/iobuf.h | 10 ++-- include/memory.h | 10 ++-- include/mpi.h | 10 ++-- keyserver/gpgkeys_curl.c | 2 + keyserver/gpgkeys_hkp.c | 2 + keyserver/gpgkeys_ldap.c | 6 +-- po/ru.po | 4 +- tools/bftest.c | 1 + tools/mpicalc.c | 1 + util/logger.c | 11 ++--- util/miscutil.c | 4 +- util/strgutil.c | 26 ++++++++++ 28 files changed, 303 insertions(+), 91 deletions(-) diff --git a/Makefile.am b/Makefile.am index 44adf6a..5b1913f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -37,14 +37,14 @@ else bzlib = endif -SUBDIRS = m4 intl zlib ${bzlib} util mpi cipher tools \ +SUBDIRS = m4 ${bzlib} util mpi cipher tools \ g10 keyserver po doc ${checks} EXTRA_DIST = scripts/config.rpath PROJECTS BUGS config.h.in \ autogen.sh ChangeLog-2011 po/ChangeLog-2011 \ util/ChangeLog-2011 scripts/ChangeLog-2011 \ doc/ChangeLog-2011 tools/ChangeLog-2011 \ - zlib/ChangeLog-2011 m4/ChangeLog-2011 \ + m4/ChangeLog-2011 \ include/ChangeLog-2011 g10/ChangeLog-2011 \ checks/ChangeLog-2011 cipher/ChangeLog-2011 \ intl/ChangeLog-2011 keyserver/ChangeLog-2011 \ diff --git a/cipher/Makefile.am b/cipher/Makefile.am index bd79fbc..3fa7476 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -53,6 +53,7 @@ libcipher_a_SOURCES = cipher.c \ md5.c \ rmd160.c \ sha1.c \ + sha1dc.c \ sha256.c if USE_RNDLINUX diff --git a/cipher/Makefile.in b/cipher/Makefile.in index 476eb2d..6af58f4 100644 --- a/cipher/Makefile.in +++ b/cipher/Makefile.in @@ -149,7 +149,7 @@ am__libcipher_a_SOURCES_DIST = cipher.c pubkey.c md.c dynload.c \ elgamal.h rsa.c rsa.h primegen.c random.h random.c \ rand-internal.h rmd.h dsa.h dsa.c smallprime.c algorithms.h \ md5.c rmd160.c sha1.c sha256.c rndlinux.c rndunix.c rndegd.c \ - rndw32.c sha512.c + rndw32.c sha512.c sha1dc.c @USE_RNDLINUX_TRUE@am__objects_1 = rndlinux.$(OBJEXT) @USE_RNDUNIX_TRUE@am__objects_2 = rndunix.$(OBJEXT) @USE_RNDEGD_TRUE@am__objects_3 = rndegd.$(OBJEXT) @@ -408,7 +408,7 @@ libcipher_a_SOURCES = cipher.c pubkey.c md.c dynload.c bithelp.h des.c \ twofish.c blowfish.c cast5.c rijndael.c camellia.c camellia.h \ camellia-glue.c idea.c elgamal.c elgamal.h rsa.c rsa.h \ primegen.c random.h random.c rand-internal.h rmd.h dsa.h dsa.c \ - smallprime.c algorithms.h md5.c rmd160.c sha1.c sha256.c \ + smallprime.c algorithms.h md5.c rmd160.c sha1.c sha256.c sha1dc.c \ $(am__append_2) $(am__append_3) $(am__append_4) \ $(am__append_5) $(am__append_6) all: all-am diff --git a/cipher/algorithms.h b/cipher/algorithms.h index 9deefb4..da74107 100644 --- a/cipher/algorithms.h +++ b/cipher/algorithms.h @@ -49,6 +49,15 @@ sha1_get_info (int algo, size_t *contextsize, byte *(**r_read)( void *c ) ); +const char * +sha1dc_get_info (int algo, size_t *contextsize, + byte **r_asnoid, int *r_asnlen, int *r_mdlen, + void (**r_init)( void *c ), + void (**r_write)( void *c, byte *buf, size_t nbytes ), + void (**r_final)( void *c ), + byte *(**r_read)( void *c ) + ); + const char * sha224_get_info (int algo, size_t *contextsize, byte **r_asnoid, int *r_asnlen, int *r_mdlen, diff --git a/cipher/md.c b/cipher/md.c index ab36d17..ff65d1d 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -113,6 +113,9 @@ load_digest_module (void) BUG (); if (!new_list_item (DIGEST_ALGO_SHA1, sha1_get_info)) BUG (); + /* Intended as transparent replacement of sha1. */ + if (!new_list_item (DIGEST_ALGO_SHA1DC, sha1dc_get_info)) + BUG (); return 1; } @@ -211,10 +214,14 @@ void md_enable( MD_HANDLE h, int algo ) { struct md_digest_list_s *r, *ac; + const int algo0 = algo; for( ac=h->list; ac; ac = ac->next ) if( ac->algo == algo ) return ; /* already enabled */ + /* Replace sha1 with sha1dc for non-secure payloads. */ + if (algo == DIGEST_ALGO_SHA1 && !h->secure) + algo = DIGEST_ALGO_SHA1DC; /* find the algorithm */ do { for(r = digest_list; r; r = r->next ) @@ -231,6 +238,9 @@ md_enable( MD_HANDLE h, int algo ) : xmalloc( sizeof *ac + r->contextsize - sizeof(r->context) ); *ac = *r; + /* Revert to requested algo id (for sha1dc -> sha1), because + * it will be searched by that id in the helpers. */ + ac->algo = algo0; ac->next = h->list; h->list = ac; /* and init this instance */ @@ -495,7 +505,7 @@ void md_start_debug( MD_HANDLE md, const char *suffix ) { static int idx=0; - char buf[25]; + char buf[20 + sizeof(idx) * 3]; if( md->debug ) { log_debug("Oops: md debug already started\n"); diff --git a/cipher/rsa.c b/cipher/rsa.c index b3ecd3b..0ff9e37 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -193,19 +193,54 @@ generate( RSA_secret_key *sk, unsigned nbits ) /**************** - * Test wether the secret key is valid. - * Returns: true if this is a valid key. + * Test whether the secret key is valid. + * Returns: nonzero if this is a valid key. */ static int check_secret_key( RSA_secret_key *sk ) { - int rc; - MPI temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 ); - + int rc = 0; + MPI temp = mpi_alloc_secure ( mpi_get_nlimbs(sk->p) + mpi_get_nlimbs(sk->q) ); + MPI p_1 = mpi_copy (sk->p); /* (p-1) */ + MPI q_1 = mpi_copy (sk->p); /* (q-1) */ + MPI p_1_q_1 = mpi_alloc_secure ( mpi_get_nlimbs(sk->p) + mpi_get_nlimbs(sk->q) ); /* (p-1)(q-1) */ + + /* Calculate (p-1)(q-1). */ + mpi_sub_ui(p_1, p_1, 1); + mpi_sub_ui(q_1, q_1, 1); + mpi_mul(p_1_q_1, p_1, q_1); + + /* Check pq = n. */ mpi_mul(temp, sk->p, sk->q ); - rc = mpi_cmp( temp, sk->n ); + if( 0 != mpi_cmp(temp, sk->n ) ) + goto end; + + /* Check gcd(e, (p-1)(q-1)) = 1. */ + if( ! mpi_gcd(temp, sk->e, p_1_q_1) ) + goto end; + + /* Check de == 1 (mod (p-1)) and (mod (q-1)), i.e. d = e^-1. */ + mpi_mulm(temp, sk->d, sk->e, p_1); + if( 0 != mpi_cmp_ui(temp, 1)) + goto end; + mpi_mulm(temp, sk->d, sk->e, q_1); + if( 0 != mpi_cmp_ui(temp, 1)) + goto end; + + /* Check up == 1 (mod q). */ + mpi_mulm(temp, sk->u, sk->p, sk->q); + if( 0 != mpi_cmp_ui(temp, 1)) + goto end; + + /* Success. Fall through to deallocation code. */ + rc = 1; + + end: mpi_free(temp); - return !rc; + mpi_free(p_1); + mpi_free(q_1); + mpi_free(p_1_q_1); + return rc; } diff --git a/cipher/sha1dc.c b/cipher/sha1dc.c new file mode 100644 index 0000000..4f08095 --- /dev/null +++ b/cipher/sha1dc.c @@ -0,0 +1,124 @@ +/* sha1dc.c - SHA1DC hash function + * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. + * Copyright (C) 2021 Vitaly Chikunov . + * Based on sha1.c + * + * Please see below for more legal information! + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + + +#include +#include +#include +#include +#include +#include +#include "util.h" +#include "memory.h" +#include "algorithms.h" +#include "bithelp.h" + +typedef struct { + SHA1_CTX ctx; + byte buf[20]; +} SHA1DC_CONTEXT; + + +void +sha1dc_init( SHA1DC_CONTEXT *hd ) +{ + /* Security options are enabled by default. */ + SHA1DCInit(&hd->ctx); +} + + +/* Update the message digest with the contents + * of INBUF with length INLEN. + */ +static void +sha1dc_write( SHA1DC_CONTEXT *hd, byte *inbuf, size_t inlen) +{ + + SHA1DCUpdate(&hd->ctx, inbuf, inlen); +} + + +/* The routine final terminates the computation and + * returns the digest. + * Returns: 20 bytes representing the digest. + */ + +static void +sha1dc_final(SHA1DC_CONTEXT *hd) +{ + SHA1DCFinal(hd->buf, &hd->ctx); +} + +static byte * +sha1dc_read( SHA1DC_CONTEXT *hd ) +{ + return hd->buf; +} + + +/**************** + * Shortcut functions which puts the hash value of the supplied buffer + * into outbuf which must have a size of 20 bytes. + */ +void +sha1dc_hash_buffer (char *outbuf, const char *buffer, size_t length) +{ + SHA1DC_CONTEXT hd; + + sha1dc_init (&hd); + sha1dc_write (&hd, (byte*)buffer, length); + sha1dc_final (&hd); + memcpy (outbuf, hd.buf, 20); +} + + +/**************** + * Return some information about the algorithm. We need algo here to + * distinguish different flavors of the algorithm. + * Returns: A pointer to string describing the algorithm or NULL if + * the ALGO is invalid. + */ +const char * +sha1dc_get_info( int algo, size_t *contextsize, + byte **r_asnoid, int *r_asnlen, int *r_mdlen, + void (**r_init)( void *c ), + void (**r_write)( void *c, byte *buf, size_t nbytes ), + void (**r_final)( void *c ), + byte *(**r_read)( void *c ) + ) +{ + static byte asn[15] = /* Object ID is 1.3.14.3.2.26 */ + { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, + 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; + + *contextsize = sizeof(SHA1DC_CONTEXT); + *r_asnoid = asn; + *r_asnlen = DIM(asn); + *r_mdlen = 20; + *(void (**)(SHA1DC_CONTEXT *))r_init = sha1dc_init; + *(void (**)(SHA1DC_CONTEXT *, byte*, size_t))r_write = sha1dc_write; + *(void (**)(SHA1DC_CONTEXT *))r_final = sha1dc_final; + *(byte *(**)(SHA1DC_CONTEXT *))r_read = sha1dc_read; + + return "SHA1DC"; +} diff --git a/configure.ac b/configure.ac index b92440c..afe6397 100644 --- a/configure.ac +++ b/configure.ac @@ -863,7 +863,7 @@ dnl Checks for libraries. AM_PO_SUBDIRS AM_GNU_GETTEXT_VERSION([0.19.3]) if test "$try_gettext" = yes; then - AM_GNU_GETTEXT(,[need-ngettext]) + AM_GNU_GETTEXT(,[need-ngettext],[external]) # gettext requires some extra checks. These really should be part of # the basic AM_GNU_GETTEXT macro. TODO: move other gettext-specific # function checks to here. @@ -1037,6 +1037,13 @@ AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include ]) AC_CHECK_FUNC(getopt,,AC_CHECK_LIB(iberty,getopt,AC_SUBST(GETOPT,"-liberty"))) +AC_CHECK_HEADERS([sha1dc/sha1.h]) +AC_CHECK_LIB(sha1detectcoll, SHA1DCInit) +if test -z "$ac_cv_header_sha1dc_sha1_h" || + test -z "$ac_cv_lib_sha1detectcoll_SHA1DCInit"; then + AC_MSG_ERROR(libsha1detectcoll-devel is not available) +fi + # # check for gethrtime and run a testprogram to see whether # it is broken. It has been reported that some Solaris and HP UX systems @@ -1466,7 +1473,6 @@ fi AC_CONFIG_FILES([ Makefile m4/Makefile -intl/Makefile po/Makefile.in util/Makefile mpi/Makefile @@ -1478,8 +1484,6 @@ keyserver/gpgkeys_test doc/Makefile tools/Makefile tools/gpg-zip -zlib/Makefile -bzlib/Makefile checks/Makefile ]) AC_OUTPUT diff --git a/doc/gpg.texi b/doc/gpg.texi index 42658c9..0cbb62f 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1253,6 +1253,10 @@ Valid values for @code{name} are: @opindex display-charset:koi8-r The usual Russian set (rfc1489). + @item cp1251 + @opindex display-charset:cp1251 + The cp1251 aka windows-1251 Cyrillic set. + @item utf-8 @opindex display-charset:utf-8 Bypass all translations and assume diff --git a/g10/gpg.c b/g10/gpg.c index 416d44e..71ebcb6 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1721,6 +1721,13 @@ reopen_std(void) if(did_stdin==2 || did_stdout==2 || did_stderr==2) exit(3); + + gid_t gid = getgid(); + if(getegid() != gid && setgid(gid)) + { + fprintf(complain,"gpg: fatal: failed to reset gid: %s\n", strerror(errno)); + exit(3); + } #endif /* HAVE_STAT && !HAVE_W32_SYSTEM */ } diff --git a/g10/keyid.c b/g10/keyid.c index a86ac94..fafc2f7 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -449,7 +449,7 @@ nbits_from_sk( PKT_secret_key *sk ) } static const char * -mk_datestr (char *buffer, time_t atime) +mk_datestr (char *buffer, size_t bufsize, time_t atime) { struct tm *tp; @@ -457,7 +457,7 @@ mk_datestr (char *buffer, time_t atime) strcpy (buffer, "????" "-??" "-??"); /* Mark this as invalid. */ else { tp = gmtime (&atime); - sprintf (buffer,"%04d-%02d-%02d", + snprintf (buffer, bufsize, "%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday ); } return buffer; @@ -474,7 +474,7 @@ datestr_from_pk( PKT_public_key *pk ) static char buffer[11+5]; time_t atime = pk->timestamp; - return mk_datestr (buffer, atime); + return mk_datestr (buffer, sizeof(buffer), atime); } const char * @@ -483,7 +483,7 @@ datestr_from_sk( PKT_secret_key *sk ) static char buffer[11+5]; time_t atime = sk->timestamp; - return mk_datestr (buffer, atime); + return mk_datestr (buffer, sizeof(buffer), atime); } const char * @@ -492,7 +492,7 @@ datestr_from_sig( PKT_signature *sig ) static char buffer[11+5]; time_t atime = sig->timestamp; - return mk_datestr (buffer, atime); + return mk_datestr (buffer, sizeof(buffer), atime); } const char * @@ -504,7 +504,7 @@ expirestr_from_pk( PKT_public_key *pk ) if( !pk->expiredate ) return _("never "); atime = pk->expiredate; - return mk_datestr (buffer, atime); + return mk_datestr (buffer, sizeof(buffer), atime); } const char * @@ -516,7 +516,7 @@ expirestr_from_sk( PKT_secret_key *sk ) if( !sk->expiredate ) return _("never "); atime = sk->expiredate; - return mk_datestr (buffer, atime); + return mk_datestr (buffer, sizeof(buffer), atime); } const char * @@ -528,7 +528,7 @@ expirestr_from_sig( PKT_signature *sig ) if(!sig->expiredate) return _("never "); atime=sig->expiredate; - return mk_datestr (buffer, atime); + return mk_datestr (buffer, sizeof(buffer), atime); } const char * @@ -540,7 +540,7 @@ revokestr_from_pk( PKT_public_key *pk ) if(!pk->revoked.date) return _("never "); atime=pk->revoked.date; - return mk_datestr (buffer, atime); + return mk_datestr (buffer, sizeof(buffer), atime); } diff --git a/g10/main.h b/g10/main.h index a0b96f9..92e07c9 100644 --- a/g10/main.h +++ b/g10/main.h @@ -38,7 +38,7 @@ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES #endif -#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_SHA1 +#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1) #define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1 diff --git a/g10/options.h b/g10/options.h index 0ac6e77..687772f 100644 --- a/g10/options.h +++ b/g10/options.h @@ -26,12 +26,11 @@ #include "packet.h" #ifndef EXTERN_UNLESS_MAIN_MODULE -/* Norcraft can't cope with common symbols */ -#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) -#define EXTERN_UNLESS_MAIN_MODULE extern -#else -#define EXTERN_UNLESS_MAIN_MODULE -#endif +# if !defined (INCLUDED_BY_MAIN_MODULE) +# define EXTERN_UNLESS_MAIN_MODULE extern +# else +# define EXTERN_UNLESS_MAIN_MODULE +# endif #endif EXTERN_UNLESS_MAIN_MODULE diff --git a/g10/options.skel b/g10/options.skel index 21bd09b..9f31507 100644 --- a/g10/options.skel +++ b/g10/options.skel @@ -23,20 +23,17 @@ # # See the man page for a list of options. -# Uncomment the following option to get rid of the copyright notice - -#no-greeting +# Comment out the following option to reenable the copyright notice. +no-greeting # If you have more than 1 secret key in your keyring, you may want to # uncomment the following option and set your preferred keyid. - #default-key 621CC013 # If you do not pass a recipient to gpg, it will ask for one. Using # this option you can encrypt to a default key. Key validation will # not be done in this case. The second form uses the default key as # default recipient. - #default-recipient some-user-id #default-recipient-self @@ -45,20 +42,17 @@ # mail client that does not automatically encrypt mail to your key. # In the example, this option allows you to read your local copy of # encrypted mail that you've sent to others. - #encrypt-to some-key-id # By default GnuPG creates version 4 signatures for data files as # specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP # require the older version 3 signatures. Setting this option forces # GnuPG to create version 3 signatures. - #force-v3-sigs # Because some mailers change lines starting with "From " to ">From " # it is good to handle such lines in a special way when creating # cleartext signatures; all other PGP versions do it this way too. - #no-escape-from-lines # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell @@ -68,7 +62,6 @@ # translation. Note that future version of GnuPG will change to UTF-8 # as default character set. In most cases this option is not required # as GnuPG is able to figure out the correct charset at runtime. - #charset utf-8 # Group names may be defined like this: @@ -80,13 +73,11 @@ # cannot make an group that points to another group. Note also that # if there are spaces in the recipient name, this will appear as two # recipients. In these cases it is better to use the key ID. - #group mynames = paige 0x12345678 joe patti # Lock the file only once for the lifetime of a process. If you do # not define this, the lock will be obtained and released every time # it is needed, which is usually preferable. - #lock-once # GnuPG can send and receive keys to and from a keyserver. These @@ -115,7 +106,6 @@ # such a "server", which spreads the load over a number of physical # servers. To see the IP address of the server actually used, you may use # the "--keyserver-options debug". - keyserver hkp://keys.gnupg.net #keyserver mailto:pgp-public-keys@keys.nl.pgp.net #keyserver ldap://keyserver.pgp.com @@ -150,17 +140,14 @@ keyserver hkp://keys.gnupg.net # # no-include-attributes : do not include attribute IDs (aka "photo IDs") # when sending keys to the keyserver. - #keyserver-options auto-key-retrieve # Display photo user IDs in key listings - -# list-options show-photos +#list-options show-photos # Display photo user IDs when a signature from a key with a photo is # verified - -# verify-options show-photos +#verify-options show-photos # Use this program to display photo user IDs # @@ -183,14 +170,14 @@ keyserver hkp://keys.gnupg.net # to use your regular JPEG image viewer. # # Some other viewers: -# photo-viewer "qiv %i" -# photo-viewer "ee %i" +#photo-viewer "qiv %i" +#photo-viewer "ee %i" # # This one saves a copy of the photo ID in your home directory: -# photo-viewer "cat > ~/photoid-for-key-%k.%t" +#photo-viewer "cat > ~/photoid-for-key-%k.%t" # # Use your MIME handler to view photos: -# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" +#photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" # Passphrase agent # @@ -198,9 +185,8 @@ keyserver hkp://keys.gnupg.net # the new Assuan based one (currently available in the "newpg" package # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, # you have to run an agent as daemon and use the option -# -# use-agent -# +#use-agent + # which tries to use the agent but will fallback to the regular mode # if there is a problem connecting to the agent. The normal way to # locate the agent is by looking at the environment variable @@ -237,3 +223,6 @@ keyserver hkp://keys.gnupg.net # # Try CERT, then PKA, then LDAP, then hkp://subkeys.net: #auto-key-locate cert pka ldap hkp://subkeys.pgp.net + +# Comment out the next line to reenable the warning about "using insecure memory". +no-secmem-warning diff --git a/g10/sign.c b/g10/sign.c index ed8ac73..a02baf6 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1412,7 +1412,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, else if(sk->pubkey_algo==PUBKEY_ALGO_DSA) digest_algo = match_dsa_hash(mpi_get_nbits(sk->skey[1])/8); else - digest_algo = DIGEST_ALGO_SHA1; + digest_algo = DEFAULT_DIGEST_ALGO; } md = md_open( digest_algo, 0 ); diff --git a/include/cipher.h b/include/cipher.h index dd4af18..c289af8 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -68,6 +68,7 @@ #define DIGEST_ALGO_SHA384 9 #define DIGEST_ALGO_SHA512 10 #define DIGEST_ALGO_SHA224 11 +#define DIGEST_ALGO_SHA1DC 112 /* private */ #define COMPRESS_ALGO_NONE 0 #define COMPRESS_ALGO_ZIP 1 @@ -115,11 +116,11 @@ struct gcry_md_context { typedef struct gcry_md_context *MD_HANDLE; #ifndef EXTERN_UNLESS_MAIN_MODULE -#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) -#define EXTERN_UNLESS_MAIN_MODULE extern -#else -#define EXTERN_UNLESS_MAIN_MODULE -#endif +# if !defined (INCLUDED_BY_MAIN_MODULE) +# define EXTERN_UNLESS_MAIN_MODULE extern +# else +# define EXTERN_UNLESS_MAIN_MODULE +# endif #endif EXTERN_UNLESS_MAIN_MODULE int g10c_debug_mode; EXTERN_UNLESS_MAIN_MODULE int g10_opt_verbose; diff --git a/include/iobuf.h b/include/iobuf.h index 030f8c8..71b9bd3 100644 --- a/include/iobuf.h +++ b/include/iobuf.h @@ -70,11 +70,11 @@ struct iobuf_struct { }; #ifndef EXTERN_UNLESS_MAIN_MODULE -#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) -#define EXTERN_UNLESS_MAIN_MODULE extern -#else -#define EXTERN_UNLESS_MAIN_MODULE -#endif +# if !defined (INCLUDED_BY_MAIN_MODULE) +# define EXTERN_UNLESS_MAIN_MODULE extern +# else +# define EXTERN_UNLESS_MAIN_MODULE +# endif #endif EXTERN_UNLESS_MAIN_MODULE int iobuf_debug_mode; diff --git a/include/memory.h b/include/memory.h index d414a9b..870fe38 100644 --- a/include/memory.h +++ b/include/memory.h @@ -91,11 +91,11 @@ unsigned secmem_get_flags(void); #define DBG_MEMSTAT memory_stat_debug_mode #ifndef EXTERN_UNLESS_MAIN_MODULE -#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) -#define EXTERN_UNLESS_MAIN_MODULE extern -#else -#define EXTERN_UNLESS_MAIN_MODULE -#endif +# if !defined (INCLUDED_BY_MAIN_MODULE) +# define EXTERN_UNLESS_MAIN_MODULE extern +# else +# define EXTERN_UNLESS_MAIN_MODULE +# endif #endif EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode; EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; diff --git a/include/mpi.h b/include/mpi.h index a4c16f5..50a5baf 100644 --- a/include/mpi.h +++ b/include/mpi.h @@ -36,11 +36,11 @@ #include "memory.h" #ifndef EXTERN_UNLESS_MAIN_MODULE -#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) -#define EXTERN_UNLESS_MAIN_MODULE extern -#else -#define EXTERN_UNLESS_MAIN_MODULE -#endif +# if !defined (INCLUDED_BY_MAIN_MODULE) +# define EXTERN_UNLESS_MAIN_MODULE extern +# else +# define EXTERN_UNLESS_MAIN_MODULE +# endif #endif #define DBG_MPI mpi_debug_mode diff --git a/keyserver/gpgkeys_curl.c b/keyserver/gpgkeys_curl.c index 55aee68..39bc108 100644 --- a/keyserver/gpgkeys_curl.c +++ b/keyserver/gpgkeys_curl.c @@ -37,6 +37,7 @@ #ifdef HAVE_GETOPT_H #include #endif +#define INCLUDED_BY_MAIN_MODULE 1 #ifdef HAVE_LIBCURL #include #else @@ -45,6 +46,7 @@ #include "compat.h" #include "keyserver.h" #include "ksutil.h" +#include "util.h" extern char *optarg; extern int optind; diff --git a/keyserver/gpgkeys_hkp.c b/keyserver/gpgkeys_hkp.c index f45958e..6b262ab 100644 --- a/keyserver/gpgkeys_hkp.c +++ b/keyserver/gpgkeys_hkp.c @@ -38,6 +38,7 @@ #ifdef HAVE_GETOPT_H # include #endif +#define INCLUDED_BY_MAIN_MODULE 1 #ifdef HAVE_LIBCURL # include /* This #define rigamarole is to enable a hack to fake DNS SRV using @@ -63,6 +64,7 @@ #include "compat.h" #include "keyserver.h" #include "ksutil.h" +#include "util.h" extern char *optarg; extern int optind; diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c index 3541957..23129e9 100644 --- a/keyserver/gpgkeys_ldap.c +++ b/keyserver/gpgkeys_ldap.c @@ -58,13 +58,11 @@ #include #endif +#define INCLUDED_BY_MAIN_MODULE 1 #include "compat.h" #include "keyserver.h" #include "ksutil.h" - -#ifdef __riscos__ #include "util.h" -#endif #if HAVE_W32_SYSTEM # if !defined(__MINGW64_VERSION_MAJOR) || !defined(__MINGW32_MAJOR_VERSION) @@ -233,7 +231,7 @@ epoch2ldaptime(time_t stamp) /* YYYYMMDDHHmmssZ */ - sprintf(buf,"%04d%02d%02d%02d%02d%02dZ", + snprintf(buf, sizeof(buf), "%04d%02d%02d%02d%02d%02dZ", ldaptime->tm_year, ldaptime->tm_mon, ldaptime->tm_mday, diff --git a/po/ru.po b/po/ru.po index 2d5b2a4..f001b25 100644 --- a/po/ru.po +++ b/po/ru.po @@ -40,7 +40,7 @@ msgstr "невозможно заблокировать `%s': %s\n" #: cipher/random.c:430 cipher/random.c:609 #, c-format msgid "waiting for lock on `%s'...\n" -msgstr "ожидание блокировки `%s'\n" +msgstr "ожидание блокировки `%s'...\n" #: cipher/random.c:473 g10/card-util.c:787 g10/dearmor.c:59 g10/dearmor.c:108 #: g10/encode.c:182 g10/encode.c:472 g10/gpg.c:1028 g10/gpg.c:3615 @@ -5569,7 +5569,7 @@ msgstr "ВНИМАНИЕ: обнаружен слабый ключ - смени #: g10/seckey-cert.c:366 msgid "generating the deprecated 16-bit checksum for secret key protection\n" msgstr "" -"создание нерекомендуемой 16-битной контрольной суммы для защиты ключа\n" +"создание не рекомендуемой 16-битной контрольной суммы для защиты ключа\n" #: g10/seskey.c:51 msgid "weak key created - retrying\n" diff --git a/tools/bftest.c b/tools/bftest.c index 8a1572c..3c1d93b 100644 --- a/tools/bftest.c +++ b/tools/bftest.c @@ -26,6 +26,7 @@ #include #endif +#define INCLUDED_BY_MAIN_MODULE 1 #include "util.h" #include "cipher.h" #include "i18n.h" diff --git a/tools/mpicalc.c b/tools/mpicalc.c index 46e5fc8..e75d4af 100644 --- a/tools/mpicalc.c +++ b/tools/mpicalc.c @@ -31,6 +31,7 @@ #include #include +#define INCLUDED_BY_MAIN_MODULE 1 #include "util.h" #include "mpi.h" #include "i18n.h" diff --git a/util/logger.c b/util/logger.c index d631611..7e488b0 100644 --- a/util/logger.c +++ b/util/logger.c @@ -109,6 +109,8 @@ log_get_errorcount( int clear) void log_inc_errorcount() { + /* Protect agains overflow. */ + if (errorcount < 30000) errorcount++; } @@ -135,7 +137,7 @@ g10_log_print_prefix(const char *text) if (!logfp ) { FILE *ttyfp_local; - + init_ttyfp(); ttyfp_local = ttyfp_is (); if (isatty (fileno (stderr)) && isatty (fileno (ttyfp_local))) @@ -179,7 +181,7 @@ g10_log_warning( const char *fmt, ... ) if(strict) { - errorcount++; + log_inc_errorcount (); g10_log_print_prefix(_("ERROR: ")); } else @@ -203,7 +205,7 @@ g10_log_error( const char *fmt, ... ) va_start( arg_ptr, fmt ) ; vfprintf(logfp,fmt,arg_ptr) ; va_end(arg_ptr); - errorcount++; + log_inc_errorcount (); #ifdef __riscos__ fflush( logfp ); #endif /* __riscos__ */ @@ -285,6 +287,3 @@ g10_log_hexdump( const char *text, const char *buf, size_t len ) fflush( logfp ); #endif /* __riscos__ */ } - - - diff --git a/util/miscutil.c b/util/miscutil.c index f0cbaca..fc90a46 100644 --- a/util/miscutil.c +++ b/util/miscutil.c @@ -134,7 +134,7 @@ strtimestamp( u32 stamp ) } else { tp = gmtime( &atime ); - sprintf(buffer,"%04d-%02d-%02d", + snprintf(buffer, sizeof buffer, "%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday ); } return buffer; @@ -156,7 +156,7 @@ isotimestamp (u32 stamp) } else { tp = gmtime( &atime ); - sprintf(buffer,"%04d-%02d-%02d %02d:%02d:%02d", + snprintf(buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec); } diff --git a/util/strgutil.c b/util/strgutil.c index 3d45405..5eef7b1 100644 --- a/util/strgutil.c +++ b/util/strgutil.c @@ -77,6 +77,25 @@ static ushort koi8_unicode[128] = { 0x042c,0x042b,0x0417,0x0428,0x042d,0x0429,0x0427,0x042a }; +static ushort cp1251_unicode[128] = { + 0x0402,0x0403,0x201a,0x0453,0x201e,0x2026,0x2020,0x2021, + 0x20ac,0x2030,0x0409,0x2039,0x040a,0x040c,0x040b,0x040f, + 0x0452,0x2018,0x2019,0x201c,0x201d,0x2022,0x2013,0x2014, + 0xffff,0x2122,0x0459,0x203a,0x045a,0x045c,0x045b,0x045f, + 0x00a0,0x040e,0x045e,0x0408,0x00a4,0x0490,0x00a6,0x00a7, + 0x0401,0x00a9,0x0404,0x00ab,0x00ac,0x00ad,0x00ae,0x0407, + 0x00b0,0x00b1,0x0406,0x0456,0x0491,0x00b5,0x00b6,0x00b7, + 0x0451,0x2116,0x0454,0x00bb,0x0458,0x0405,0x0455,0x0457, + 0x0410,0x0411,0x0412,0x0413,0x0414,0x0415,0x0416,0x0417, + 0x0418,0x0419,0x041a,0x041b,0x041c,0x041d,0x041e,0x041f, + 0x0420,0x0421,0x0422,0x0423,0x0424,0x0425,0x0426,0x0427, + 0x0428,0x0429,0x042a,0x042b,0x042c,0x042d,0x042e,0x042f, + 0x0430,0x0431,0x0432,0x0433,0x0434,0x0435,0x0436,0x0437, + 0x0438,0x0439,0x043a,0x043b,0x043c,0x043d,0x043e,0x043f, + 0x0440,0x0441,0x0442,0x0443,0x0444,0x0445,0x0446,0x0447, + 0x0448,0x0449,0x044a,0x044b,0x044c,0x044d,0x044e,0x044f +}; + static ushort latin2_unicode[128] = { 0x0080,0x0081,0x0082,0x0083,0x0084,0x0085,0x0086,0x0087, 0x0088,0x0089,0x008A,0x008B,0x008C,0x008D,0x008E,0x008F, @@ -707,6 +726,13 @@ set_native_charset( const char *newset ) active_charset = koi8_unicode; use_iconv = 0; } + else if( !ascii_strcasecmp( newset, "cp1251" ) + || !ascii_strcasecmp (newset, "windows-1251" ) ) { + active_charset_name = "cp1251"; + no_translation = 0; + active_charset = cp1251_unicode; + use_iconv = 0; + } else return G10ERR_GENERAL; #endif /*!USE_GNUPG_ICONV*/