diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | README | 512 | ||||
| -rw-r--r-- | acinclude.m4 | 10 | ||||
| -rw-r--r-- | cipher/ChangeLog | 14 | ||||
| -rw-r--r-- | cipher/Makefile.am | 5 | ||||
| -rw-r--r-- | cipher/dsa.c | 13 | ||||
| -rw-r--r-- | cipher/elgamal.c | 28 | ||||
| -rw-r--r-- | cipher/primegen.c | 6 | ||||
| -rw-r--r-- | cipher/rsa.c | 40 | ||||
| -rw-r--r-- | configure.in | 10 | ||||
| -rw-r--r-- | doc/Makefile.am | 13 | ||||
| -rw-r--r-- | mpi/ChangeLog | 9 | ||||
| -rw-r--r-- | mpi/Makefile.am | 9 | ||||
| -rw-r--r-- | mpi/generic/mpi-asm-defs.h | 3 | ||||
| -rw-r--r-- | mpi/mpi-internal.h | 18 | ||||
| -rw-r--r-- | mpi/mpicoder.c | 2 | ||||
| -rw-r--r-- | mpi/mpiutil.c | 1 | ||||
| -rw-r--r-- | src/ChangeLog | 7 | ||||
| -rw-r--r-- | src/Makefile.am | 4 | ||||
| -rw-r--r-- | src/gcrypt.h | 2 |
20 files changed, 131 insertions, 579 deletions
@@ -1,3 +1,7 @@ +2000-11-13 Werner Koch <wk@gnupg.org> + + * acinclude.m4 (GNUPG_FIX_HDR_VERSION): VPATH build fix. + 2000-10-10 Werner Koch <wk@gnupg.org> * Makefile.am (dist-hook): Create the version file. @@ -1,5 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- - GnuPG - The GNU Privacy Guard ------------------------------- Version 1.1 @@ -12,516 +10,12 @@ Branch 1.0.x for real work. The next stable release will be 1.2 +This version has been released due to the included libgcrypt which is +used by GNUTLS. - GnuPG is GNU's tool for secure communication and data storage. - It can be used to encrypt data and to create digital signatures. - It includes an advanced key management facility and is compliant - with the proposed OpenPGP Internet standard as described in RFC2440. - - GnuPG works best on GNU/Linux or *BSD systems. Most other Unices - are also supported but are not as well tested as the Free Unices. - See http://www.gnupg.org/gnupg.html#supsys for a list of systems - which are known to work. - - See the file COPYING for copyright and warranty information. - - Because GnuPG does not use use any patented algorithm it cannot be - compatible with PGP2 versions. PGP 2.x uses only IDEA (which is - patented worldwide) and RSA (which is patented in the United States - until Sep 20, 2000). - - The default algorithms are DSA and ElGamal. ElGamal for signing - is still available, but because of the larger size of such - signatures it is deprecated (Please note that the GnuPG - implementation of ElGamal signatures is *not* insecure). Symmetric - algorithms are: 3DES, Blowfish, CAST5 and Twofish (GnuPG does not - yet create Twofish encrypted messages because there is no agreement - in the OpenPGP WG on how to use it together with a MDC algorithm) - Digest algorithms available are MD5, RIPEMD160 and SHA1. - - - Installation - ------------ - - Please read the file INSTALL! - - Here is a quick summary: - - 1) Check that you have unmodified sources. The below on how to do this. - Don't skip it - this is an important step! - - 2) Unpack the TAR. With GNU tar you can do it this way: - "tar xzvf gnupg-x.y.z.tar.gz" - - 3) "cd gnupg-x.y.z" - - 4) "./configure" - - 5) "make" - - 6) "make install" - - 7) You end up with a "gpg" binary in /usr/local/bin. - Note: Because some old programs rely on the existence of a - binary named "gpgm" (which was build by some Beta versions - of GnuPG); you may want to install a symbolic link to it: - "cd /usr/local/bin; ln -s gpg gpgm" - - 8) To avoid swapping out of sensitive data, you can install "gpg" as - suid root. If you don't do so, you may want to add the option - "no-secmem-warning" to ~/.gnupg/options - - - How to Verify the Source - ------------------------ - - In order to check that the version of GnuPG which you are going to - install is an original and unmodified one, you can do it in one of - the following ways: - - a) If you already have a trusted Version of GnuPG installed, you - can simply check the supplied signature: - - $ gpg --verify gnupg-x.y.z.tar.gz.asc - - This checks that the detached signature gnupg-x.y.z.tar.gz.asc - is indeed a a signature of gnupg-x.y.z.tar.gz. The key used to - create this signature is: - - "pub 1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>" - - If you do not have this key, you can get it from the source in - the file g10/pubring.asc (use "gpg --import g10/pubring.gpg" to - add it to the keyring) or from any keyserver. You have to make - sure that this is really the key and not a faked one. You can do - this by comparing the output of: - - $ gpg --fingerprint 0x57548DCD - - with the elsewhere published fingerprint, or - if you are able to - _positively_ verify the signature of this README file - with - this fingerprint: "6BD9 050F D8FC 941B 4341 2DCC 68B7 AB89 5754 8DCD" - - Please note, that you have to use an old version of GnuPG to - do all this stuff. *Never* use the version which you are going - to check! - - - b) If you have a trusted Version of PGP 2 or 5 installed, you - can check the supplied PGP 2 signature: - - $ pgp gnupg-x.y.z.tar.gz.sig gnupg-x.y.z.tar.gz - - This checks that the detached signature gnupg-x.y.z.tar.gz.sig - is indeed a a signature of gnupg-x.y.z.tar.gz. Please note, - that this signature has been created with a RSA signature and - you probably can't use this method (due to legal reasons) when - you are in the U.S. The key used to create this signature is - the same as the one used to sign this README file. It should be - available at the keyservers and is also included in the source - of GnuPG in g10/pubring.asc. - - "pub 768R/0C9857A5 1995-09-30 Werner Koch <werner.koch@guug.de>" - - The fingerprint of this key is published in printed form in the - "Global Trust Register for 1998", ISBN 0-9532397-0-5. - - - c) If you don't have any of the above programs, you have to verify - the MD5 checksum: - - $ md5sum gnupg-x.y.z.tar.gz.sig - - This should yield an output similar_to this: - - fd9351b26b3189c1d577f0970f9dcadc gnupg-x.y.z.tar.gz - - Now check that this checksum is _exactly_ the same as the one - published via the announcement list and probably via Usenet. - - - - Documentation - ------------- - - A draft version of the manual is included in the subdirectory doc/gph. - The supplied version is rendered in HTML and you may access it with any - browser (e.g.: lynx doc/gpg/index.html). The GnuPG webpages have a link - to the latest development version and you may want to read those instead. - - A couple of HOWTO documents are available online; for a listing see: - - http://www.gnupg.org/docs.html#howtos - - A man page with a description of all commands and options gets installed - along with the program. - - - Introduction - ------------ - - Here is a brief overview on how to use GnuPG - it is strongly suggested - that you read the manual and other information about the use of - cryptography. GnuPG is only a tool, secure usage requires that - YOU KNOW WHAT YOU ARE DOING. - - If you already have a DSA key from PGP 5 (they call them DH/ElGamal) - you can simply copy the pgp keyrings over the GnuPG keyrings after - running gpg once to create the correct directory. - - The normal way to create a key is - - gpg --gen-key - - This asks some questions and then starts key generation. To create - good random numbers for the key parameters, GnuPG needs to gather - enough noise (entropy) from your system. If you see no progress - during key generation you should start some other activities such - as mouse moves or hitting on the CTRL and SHIFT keys. - - Generate a key ONLY on a machine where you have direct physical - access - don't do it over the network or on a machine used also - by others - especially if you have no access to the root account. - - When you are asked for a passphrase use a good one which you can - easy remember. Don't make the passphrase too long because you have - to type it for every decryption or signing; but, - AND THIS IS VERY - IMPORTANT - use a good one that is not easily to guess because the - security of the whole system relies on your secret key and the - passphrase that protects it when someone gains access to your secret - keyring. A good way to select a passphrase is to figure out a short - nonsense sentence which makes some sense for you and modify it by - inserting extra spaces, non-letters and changing the case of some - characters - this is really easy to remember especially if you - associate some pictures with it. - - Next, you should create a revocation certificate in case someone - gets knowledge of your secret key or you forgot your passphrase - - gpg --gen-revoke your_user_id - - Run this command and store the revocation certificate away. The output - is always ASCII armored, so that you can print it and (hopefully - never) re-create it if your electronic media fails. - - Now you can use your key to create digital signatures - - gpg -s file - - This creates a file "file.gpg" which is compressed and has a - signature attached. - - gpg -sa file - - Same as above, but creates a file "file.asc" which is ASCII armored - and and ready for sending by mail. It is better to use your - mailers features to create signatures (The mailer uses GnuPG to do - this) because the mailer has the ability to MIME encode such - signatures - but this is not a security issue. - - gpg -s -o out file - - Creates a signature of "file", but writes the output to the file - "out". - - Everyone who knows your public key (you can and should publish - your key by putting it on a key server, a web page or in your .plan - file) is now able to check whether you really signed this text - - gpg --verify file - - GnuPG now checks whether the signature is valid and prints an - appropriate message. If the signature is good, you know at least - that the person (or machine) has access to the secret key which - corresponds to the published public key. - - If you run gpg without an option it will verify the signature and - create a new file that is identical to the original. gpg can also - run as a filter, so that you can pipe data to verify trough it - - cat signed-file | gpg | wc -l - - which will check the signature of signed-file and then display the - number of lines in the original file. - - To send a message encrypted to someone you can use - - gpg -e -r heine file - - This encrypts "file" with the public key of the user "heine" and - writes it to "file.gpg" - - echo "hello" | gpg -ea -r heine | mail heine - - Ditto, but encrypts "hello\n" and mails it as ASCII armored message - to the user with the mail address heine. - - gpg -se -r heine file - - This encrypts "file" with the public key of "heine" and writes it - to "file.gpg" after signing it with your user id. - - gpg -se -r heine -u Suttner file - - Ditto, but sign the file with your alternative user id "Suttner" - - - GnuPG has some options to help you publish public keys. This is - called "exporting" a key, thus - - gpg --export >all-my-keys - - exports all the keys in the keyring and writes them (in a binary - format) to "all-my-keys". You may then mail "all-my-keys" as an - MIME attachment to someone else or put it on an FTP server. To - export only some user IDs, you give them as arguments on the command - line. - - To mail a public key or put it on a web page you have to create - the key in ASCII armored format - - gpg --export --armor | mail panther@tiger.int - - This will send all your public keys to your friend panther. - - If you have received a key from someone else you can put it - into your public keyring. This is called "importing" - - gpg --import [filenames] - - New keys are appended to your keyring and already existing - keys are updated. Note that GnuPG does not import keys that - are not self-signed. - - Because anyone can claim that a public key belongs to her - we must have some way to check that a public key really belongs - to the owner. This can be achieved by comparing the key during - a phone call. Sure, it is not very easy to compare a binary file - by reading the complete hex dump of the file - GnuPG (and nearly - every other program used for management of cryptographic keys) - provides other solutions. - - gpg --fingerprint <username> - - prints the so called "fingerprint" of the given username which - is a sequence of hex bytes (which you may have noticed in mail - sigs or on business cards) that uniquely identifies the public - key - different keys will always have different fingerprints. - It is easy to compare fingerprints by phone and I suggest - that you print your fingerprint on the back of your business - card. To see the fingerprints of the secondary keys, you can - give the command twice; but this is normally not needed. - - If you don't know the owner of the public key you are in trouble. - Suppose however that friend of yours knows someone who knows someone - who has met the owner of the public key at some computer conference. - Suppose that all the people between you and the public key holder - may now act as introducers to you. Introducers signing keys thereby - certify that they know the owner of the keys they sign. If you then - trust all the introducers to have correctly signed other keys, you - can be be sure that the other key really belongs to the one who - claims to own it.. - - There are 2 steps to validate a key: - 1. First check that there is a complete chain - of signed keys from the public key you want to use - and your key and verify each signature. - 2. Make sure that you have full trust in the certificates - of all the introduces between the public key holder and - you. - Step 2 is the more complicated part because there is no easy way - for a computer to decide who is trustworthy and who is not. GnuPG - leaves this decision to you and will ask you for a trust value - (here also referenced as the owner-trust of a key) for every key - needed to check the chain of certificates. You may choose from: - a) "I don't know" - then it is not possible to use any - of the chains of certificates, in which this key is used - as an introducer, to validate the target key. Use this if - you don't know the introducer. - b) "I do not trust" - Use this if you know that the introducer - does not do a good job in certifying other keys. The effect - is the same as with a) but for a) you may later want to - change the value because you got new information about this - introducer. - c) "I trust marginally" - Use this if you assume that the - introducer knows what he is doing. Together with some - other marginally trusted keys, GnuPG validates the target - key then as good. - d) "I fully trust" - Use this if you really know that this - introducer does a good job when certifying other keys. - If all the introducer are of this trust value, GnuPG - normally needs only one chain of signatures to validate - a target key okay. (But this may be adjusted with the help - of some options). - This information is confidential because it gives your personal - opinion on the trustworthiness of someone else. Therefore this data - is not stored in the keyring but in the "trustdb" - (~/.gnupg/trustdb.gpg). Do not assign a high trust value just - because the introducer is a friend of yours - decide how well she - understands the implications of key signatures and you may want to - tell her more about public key cryptography so you can later change - the trust value you assigned. - - Okay, here is how GnuPG helps you with key management. Most stuff - is done with the --edit-key command - - gpg --edit-key <keyid or username> - - GnuPG displays some information about the key and then prompts - for a command (enter "help" to see a list of commands and see - the man page for a more detailed explanation). To sign a key - you select the user ID you want to sign by entering the number - that is displayed in the leftmost column (or do nothing if the - key has only one user ID) and then enter the command "sign" and - follow all the prompts. When you are ready, give the command - "save" (or use "quit" to cancel your actions). - - If you want to sign the key with another of your user IDs, you - must give an "-u" option on the command line together with the - "--edit-key". - - Normally you want to sign only one user ID because GnuPG - uses only one and this keeps the public key certificate - small. Because such key signatures are very important you - should make sure that the signatories of your key sign a user ID - which is very likely to stay for a long time - choose one with an - email address you have full control of or do not enter an email - address at all. In future GnuPG will have a way to tell which - user ID is the one with an email address you prefer - because - you have no signatures on this email address it is easy to change - this address. Remember, your signatories sign your public key (the - primary one) together with one of your user IDs - so it is not possible - to change the user ID later without voiding all the signatures. - - Tip: If you hear about a key signing party on a computer conference - join it because this is a very convenient way to get your key - certified (But remember that signatures have nothing to to with the - trust you assign to a key). - - - 8 Ways to Specify a User ID - -------------------------- - There are several ways to specify a user ID, here are some examples. - - * Only by the short keyid (prepend a zero if it begins with A..F): - - "234567C4" - "0F34E556E" - "01347A56A" - "0xAB123456 - - * By a complete keyid: - - "234AABBCC34567C4" - "0F323456784E56EAB" - "01AB3FED1347A5612" - "0x234AABBCC34567C4" - - * By a fingerprint: - - "1234343434343434C434343434343434" - "123434343434343C3434343434343734349A3434" - "0E12343434343434343434EAB3484343434343434" - - The first one is MD5 the others are ripemd160 or sha1. - - * By an exact string: - - "=Heinrich Heine <heinrichh@uni-duesseldorf.de>" - - * By an email address: - - "<heinrichh@uni-duesseldorf.de>" - - * By word match - - "+Heinrich Heine duesseldorf" - - All words must match exactly (not case sensitive) and appear in - any order in the user ID. Words are any sequences of letters, - digits, the underscore and characters with bit 7 set. - - * By the Local ID (from the trust DB): - - "#34" - - This may be used by a MUA to specify an exact key after selecting - a key from GnuPG (by using a special option or an extra utility) - - * Or by the usual substring: - - "Heine" - "*Heine" - - The '*' indicates substring search explicitly. - - - Batch mode - ---------- - If you use the option "--batch", GnuPG runs in non-interactive mode and - never prompts for input data. This does not even allow entering the - passphrase. Until we have a better solution (something like ssh-agent), - you can use the option "--passphrase-fd n", which works like PGP's - PGPPASSFD. - - Batch mode also causes GnuPG to terminate as soon as a BAD signature is - detected. - - - Exit status - ----------- - GnuPG returns with an exit status of 1 if in batch mode and a bad signature - has been detected or 2 or higher for all other errors. You should parse - stderr or, better, the output of the fd specified with --status-fd to get - detailed information about the errors. - - - How to Get More Information - --------------------------- - - The primary WWW page is "http://www.gnupg.org" - The primary FTP site is "ftp://ftp.gnupg.org/pub/gcrypt/" - - See http://www.gnupg.org/mirrors.html for a list of FTP mirrors - and use them if possible. You may also find GnuPG mirrored on - some of the regular GNU mirrors. - - We have some mailing lists dedicated to GnuPG: - - gnupg-announce@gnupg.org For important announcements like - new versions and such stuff. - This is a moderated list and has - very low traffic. - gnupg-users@gnupg.org For general user discussion and - help. - gnupg-devel@gnupg.org GnuPG developers main forum. - - You subscribe to one of the list by sending mail with a subject - of "subscribe" to x-request@gnupg.org, where x is the name of the - mailing list (gnupg-announce, gnupg-users, etc.). An archive of - the mailing lists is available at http://lists.gnupg.org . - - The gnupg.org domain is hosted in Germany to avoid possible legal - problems (technical advices may count as a violation of ITAR). +GPG itself does not work and will not be installed. - Please direct bug reports to <gnupg-bugs@gnu.org> or post - them direct to the mailing list <gnupg-devel@gnupg.org>. - Please direct questions about GnuPG to the users mailing list or - one of the pgp newsgroups; please do not direct questions to one - of the authors directly as we are busy working on improvements - and bug fixes. Both mailing lists are watched by the authors - and we try to answer questions when time allows us to do so. - Commercial grade support for GnuPG is available; please see - the GNU service directory or search other resources. ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.0.0 (GNU/Linux) -Comment: For info see http://www.gnupg.org -iQB1AwUBN+M8CB0Z9MEMmFelAQFmggMAuwHxMcQPsS1r2pD1KVZ67qTUeZnSM+wP -daX3wnBgZzxYhzZiuciaFYky6ERC0Er4HVKtSlLBPhY1N1y2d98Se7TTUaUsVY8F -uvGJkK/7ykaHfWgcIbKFb6hlnpy29+mO -=1oCH ------END PGP SIGNATURE----- diff --git a/acinclude.m4 b/acinclude.m4 index 7291c1df..9dce2486 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -32,12 +32,12 @@ dnl Make the version number in gcrypt/gcrypt.h the same as the one here. dnl (this is easier than to have a .in file just for one substitution) dnl AC_DEFUN(GNUPG_FIX_HDR_VERSION, - [ sed "s/^#define $2 \".*/#define $2 \"$VERSION\"/" $1 > $1.tmp - if cmp -s $1 $1.tmp 2>/dev/null; then - rm -f $1.tmp + [ sed "s/^#define $2 \".*/#define $2 \"$VERSION\"/" $srcdir/$1 > $srcdir/$1.tmp + if cmp -s $srcdir/$1 $srcdir/$1.tmp 2>/dev/null; then + rm -f $srcdir/$1.tmp else - rm -f $1 - if mv $1.tmp $1 ; then + rm -f $srcdir/$1 + if mv $srcdir/$1.tmp $srcdir/$1 ; then : else AC_MSG_ERROR([[ diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 38045bb1..2a861c03 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,17 @@ +2000-11-14 Werner Koch <wk@gnupg.org> + + * dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and + mpi_free by gcry_mpi_release. + * elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure. + * rsa.c (test_keys,generate,rsa_verify): Ditto. + * primegen.c (generate_elg_prime): Ditto. + (gen_prime): Ditto and removed nlimbs. + + * rsa.c (generate): Allocate 2 more vars in secure memory. + + * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency + problems. + 2000-10-09 Werner Koch <wk@gnupg.org> * arcfour.c, arcfour.h: New. diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 0a9b10b4..2fadfb36 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -1,10 +1,13 @@ # Process this file with automake to produce Makefile.in -INCLUDES = -I$(top_srcdir)/gcrypt +INCLUDES = -I$(top_srcdir)/gcrypt -I$(top_srcdir)/mpi noinst_LTLIBRARIES = libcipher.la +OMIT_DEPENDENCIES = types.h gcrypt.h + + # The configure script greps the module names from the EXTRA_PROGRAMS line EXTRA_PROGRAMS = rndlinux rndunix rndegd rndw32 sha1 rmd160 md5 tiger diff --git a/cipher/dsa.c b/cipher/dsa.c index 255fa372..6e41dd8b 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -23,6 +23,7 @@ #include <stdlib.h> #include <string.h> #include <assert.h> + #include "g10lib.h" #include "mpi.h" #include "cipher.h" @@ -136,9 +137,9 @@ static void test_keys( DSA_secret_key *sk, unsigned qbits ) { DSA_public_key pk; - MPI test = mpi_alloc( qbits / BITS_PER_MPI_LIMB ); - MPI out1_a = mpi_alloc( qbits / BITS_PER_MPI_LIMB ); - MPI out1_b = mpi_alloc( qbits / BITS_PER_MPI_LIMB ); + MPI test = gcry_mpi_new ( qbits ); + MPI out1_a = gcry_mpi_new ( qbits ); + MPI out1_b = gcry_mpi_new ( qbits ); pk.p = sk->p; pk.q = sk->q; @@ -150,9 +151,9 @@ test_keys( DSA_secret_key *sk, unsigned qbits ) if( !verify( out1_a, out1_b, test, &pk ) ) log_fatal("DSA:: sign, verify failed\n"); - mpi_free( test ); - mpi_free( out1_a ); - mpi_free( out1_b ); + gcry_mpi_release ( test ); + gcry_mpi_release ( out1_a ); + gcry_mpi_release ( out1_b ); } diff --git a/cipher/elgamal.c b/cipher/elgamal.c index f2c029b3..c2c2c6e1 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -121,10 +121,10 @@ static void test_keys( ELG_secret_key *sk, unsigned nbits ) { ELG_public_key pk; - MPI test = mpi_alloc( 0 ); - MPI out1_a = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - MPI out1_b = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); - MPI out2 = mpi_alloc( nbits / BITS_PER_MPI_LIMB ); + MPI test = gcry_mpi_new ( 0 ); + MPI out1_a = gcry_mpi_new ( nbits ); + MPI out1_b = gcry_mpi_new ( nbits ); + MPI out2 = gcry_mpi_new ( nbits ); pk.p = sk->p; pk.g = sk->g; @@ -141,10 +141,10 @@ test_keys( ELG_secret_key *sk, unsigned nbits ) if( !verify( out1_a, out1_b, test, &pk ) ) log_fatal("ElGamal operation: sign, verify failed\n"); - mpi_free( test ); - mpi_free( out1_a ); - mpi_free( out1_b ); - mpi_free( out2 ); + gcry_mpi_release ( test ); + gcry_mpi_release ( out1_a ); + gcry_mpi_release ( out1_b ); + gcry_mpi_release ( out2 ); } @@ -241,8 +241,8 @@ generate( ELG_secret_key *sk, unsigned int nbits, MPI **ret_factors ) unsigned int xbits; byte *rndbuf; - p_min1 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); - temp = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + p_min1 = gcry_mpi_new ( nbits ); + temp = gcry_mpi_new( nbits ); qbits = wiener_map( nbits ); if( qbits & 1 ) /* better have a even one */ qbits++; @@ -265,7 +265,7 @@ generate( ELG_secret_key *sk, unsigned int nbits, MPI **ret_factors ) xbits = qbits * 3 / 2; if( xbits >= nbits ) BUG(); - x = mpi_alloc_secure( xbits/BITS_PER_MPI_LIMB ); + x = gcry_mpi_snew ( xbits ); if( DBG_CIPHER ) log_debug("choosing a random x of size %u", xbits ); rndbuf = NULL; @@ -294,7 +294,7 @@ generate( ELG_secret_key *sk, unsigned int nbits, MPI **ret_factors ) } while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) ); g10_free(rndbuf); - y = mpi_alloc(nbits/BITS_PER_MPI_LIMB); + y = gcry_mpi_new (nbits); gcry_mpi_powm( y, g, x, p ); if( DBG_CIPHER ) { @@ -314,8 +314,8 @@ generate( ELG_secret_key *sk, unsigned int nbits, MPI **ret_factors ) /* now we can test our keys (this should never fail!) */ test_keys( sk, nbits - 64 ); - mpi_free( p_min1 ); - mpi_free( temp ); + gcry_mpi_release ( p_min1 ); + gcry_mpi_release ( temp ); } diff --git a/cipher/primegen.c b/cipher/primegen.c index f5dca859..03c3c8a5 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -129,7 +129,7 @@ generate_elg_prime( int mode, unsigned pbits, unsigned qbits, if( DBG_CIPHER ) log_debug("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n", pbits, req_qbits, qbits, fbits, n ); - prime = mpi_alloc( (pbits + BITS_PER_MPI_LIMB - 1) / BITS_PER_MPI_LIMB ); + prime = gcry_mpi_new ( pbits ); q = gen_prime( qbits, 0, 0 ); q_factor = mode==1? gen_prime( req_qbits, 0, 0 ) : NULL; @@ -292,7 +292,6 @@ generate_elg_prime( int mode, unsigned pbits, unsigned qbits, static MPI gen_prime( unsigned nbits, int secret, int randomlevel ) { - unsigned nlimbs; MPI prime, ptest, pminus1, val_2, val_3, result; int i; unsigned x, step; @@ -308,10 +307,9 @@ gen_prime( unsigned nbits, int secret, int randomlevel ) } mods = g10_xmalloc( no_of_small_prime_numbers * sizeof *mods ); /* make nbits fit into MPI implementation */ - nlimbs = (nbits + BITS_PER_MPI_LIMB - 1) / BITS_PER_MPI_LIMB; val_2 = mpi_alloc_set_ui( 2 ); val_3 = mpi_alloc_set_ui( 3); - prime = secret? mpi_alloc_secure( nlimbs ): mpi_alloc( nlimbs ); + prime = secret? gcry_mpi_snew ( nbits ): gcry_mpi_new ( nbits ); result = mpi_alloc_like( prime ); pminus1= mpi_alloc_like( prime ); ptest = mpi_alloc_like( prime ); diff --git a/cipher/rsa.c b/cipher/rsa.c index f342e3c3..e7ecccbc 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -61,9 +61,9 @@ static void test_keys( RSA_secret_key *sk, unsigned nbits ) { RSA_public_key pk; - MPI test = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); - MPI out1 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); - MPI out2 = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + MPI test = gcry_mpi_new ( nbits ); + MPI out1 = gcry_mpi_new ( nbits ); + MPI out2 = gcry_mpi_new ( nbits ); pk.n = sk->n; pk.e = sk->e; @@ -77,9 +77,9 @@ test_keys( RSA_secret_key *sk, unsigned nbits ) public( out2, out1, &pk ); if( mpi_cmp( test, out2 ) ) log_fatal("RSA operation: secret, public failed\n"); - mpi_free( test ); - mpi_free( out1 ); - mpi_free( out2 ); + gcry_mpi_release ( test ); + gcry_mpi_release ( out1 ); + gcry_mpi_release ( out2 ); } /**************** @@ -107,27 +107,27 @@ generate( RSA_secret_key *sk, unsigned nbits ) /* calculate Euler totient: phi = (p-1)(q-1) */ t1 = mpi_alloc_secure( mpi_get_nlimbs(p) ); t2 = mpi_alloc_secure( mpi_get_nlimbs(p) ); - phi = mpi_alloc_secure( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); - g = mpi_alloc_secure( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); - f = mpi_alloc_secure( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + phi = gcry_mpi_snew ( nbits ); + g = gcry_mpi_snew ( nbits ); + f = gcry_mpi_snew ( nbits ); mpi_sub_ui( t1, p, 1 ); mpi_sub_ui( t2, q, 1 ); mpi_mul( phi, t1, t2 ); mpi_gcd(g, t1, t2); mpi_fdiv_q(f, phi, g); /* multiply them to make the private key */ - n = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + n = gcry_mpi_new ( nbits ); mpi_mul( n, p, q ); /* find a public exponent */ - e = mpi_alloc( (6+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + e = gcry_mpi_new ( 6 ); mpi_set_ui( e, 17); /* start with 17 */ while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */ mpi_add_ui( e, e, 2); /* calculate the secret key d = e^1 mod phi */ - d = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + d = gcry_mpi_snew ( nbits ); mpi_invm(d, e, f ); /* calculate the inverse of p and q (used for chinese remainder theorem)*/ - u = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + u = gcry_mpi_snew ( nbits ); mpi_invm(u, p, q ); if( DBG_CIPHER ) { @@ -142,11 +142,11 @@ generate( RSA_secret_key *sk, unsigned nbits ) log_mpidump(" u= ", u ); } - mpi_free(t1); - mpi_free(t2); - mpi_free(phi); - mpi_free(f); - mpi_free(g); + gcry_mpi_release (t1); + gcry_mpi_release (t2); + gcry_mpi_release (phi); + gcry_mpi_release (f); + gcry_mpi_release (g); sk->n = n; sk->e = e; @@ -416,11 +416,11 @@ rsa_verify( int algo, MPI hash, MPI *data, MPI *pkey, return GCRYERR_INV_PK_ALGO; pk.n = pkey[0]; pk.e = pkey[1]; - result = mpi_alloc( (160+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB); + result = gcry_mpi_new ( 160 ); public( result, data[0], &pk ); /*rc = (*cmp)( opaquev, result );*/ rc = mpi_cmp( result, hash )? GCRYERR_BAD_SIGNATURE:0; - mpi_free(result); + gcry_mpi_release (result); return rc; } diff --git a/configure.in b/configure.in index ca0d0467..4ef6be25 100644 --- a/configure.in +++ b/configure.in @@ -19,7 +19,7 @@ AC_CANONICAL_SYSTEM # AGE, set REVISION to 0. # 3. Interfaces removed (BAD, breaks upward compatibility): Increment # CURRENT, set AGE and REVISION to 0. -AM_INIT_AUTOMAKE(gnupg,1.1.1a) +AM_INIT_AUTOMAKE(gnupg,1.1.1b) LIBGCRYPT_LT_CURRENT=1 LIBGCRYPT_LT_AGE=0 LIBGCRYPT_LT_REVISION=0 @@ -710,7 +710,7 @@ AC_SUBST(ZLIBS) # Allow users to append something to the version string without -# flagging it as development version. The user version parts is +# flagging it as development version. The user version part is # considered everything after a dash. changequote(,)dnl tmp_pat='[a-zA-Z]' @@ -719,9 +719,9 @@ if echo "$VERSION" | sed 's/-.*//' | grep "$tmp_pat" >/dev/null ; then AC_DEFINE(IS_DEVELOPMENT_VERSION) fi -dnl Temp workarounds: +dnl Temp workarounds GNUPG_LINK_FILES(gcrypt/gcrypt.h, gcrypt.h ) -GNUPG_LINK_FILES(include/types.h, gcrypt/types.h ) +GNUPG_LINK_FILES(include/types.h, types.h ) AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes) @@ -739,7 +739,7 @@ fi dnl dnl Make the version number in gcrypt/gcrypt.h the same as the one here. -dnl (this is easier than to have a .in file just for one substitution) +dnl (this is easier than to have a *.in file just for one substitution) dnl GNUPG_FIX_HDR_VERSION(gcrypt/gcrypt.h, GCRYPT_VERSION) diff --git a/doc/Makefile.am b/doc/Makefile.am index 23876dea..a594205a 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -3,18 +3,19 @@ BUILT_SOURCES = version.sgml gcryptref.html gcryptref.ps -EXTRA_DIST = DETAILS gpg.sgml gpg.1 FAQ HACKING OpenPGP \ - version.sgml.in $(BUILT_SOURCES) +#EXTRA_DIST = DETAILS gpg.sgml gpg.1 FAQ HACKING OpenPGP \ +# version.sgml.in $(BUILT_SOURCES) +EXTRA_DIST = DETAILS HACKING OpenPGP FAQ -man_MANS = gpg.1 +#man_MANS = gpg.1 -pkgdata_DATA = gcryptref.html gcryptref.ps +### pkgdata_DATA = gcryptref.html gcryptref.ps CLEANFILES = gcryptref.aux gcryptref.log gcryptref.tex gcryptref.dvi -gcryptref.sgml : version.sgml +# gcryptref.sgml : version.sgml if HAVE_DB2MAN @@ -40,3 +41,5 @@ endif + + diff --git a/mpi/ChangeLog b/mpi/ChangeLog index 64b0b386..95bb6f1d 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,12 @@ +2000-11-14 Werner Koch <wk@gnupg.org> + + * mpi-internal.h, mpi.h: Changed the way they are called and + introduced DID_MPI_LIMP_TYPEDEF hack. Very ugly, should all be + revamped. + + * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency + problems. + 2000-10-11 Werner Koch <wk@gnupg.org> * generic/mpi-asm-defs.h: New. diff --git a/mpi/Makefile.am b/mpi/Makefile.am index f7567e5f..a9df442e 100644 --- a/mpi/Makefile.am +++ b/mpi/Makefile.am @@ -1,7 +1,6 @@ ## Process this file with automake to produce Makefile.in - -INCLUDES = -I$(top_srcdir)/gcrypt +INCLUDES = -I$(top_srcdir)/gcrypt CFLAGS = @CFLAGS@ @MPI_OPT_FLAGS@ ASFLAGS = @MPI_SFLAGS@ @@ -12,6 +11,8 @@ DISTCLEANFILES = mpih-add1.S mpih-mul1.S mpih-mul2.S mpih-mul3.S \ # CLEANFILES = _*.s CLEANFILES = *.s +OMIT_DEPENDENCIES = types.h gcrypt.h + noinst_LTLIBRARIES = libmpi.la libmpi_la_LDFLAGS = @@ -33,7 +34,8 @@ libmpi_la_SOURCES = longlong.h \ mpih-cmp.c \ mpih-div.c \ mpih-mul.c \ - mpiutil.c + mpiutil.c \ + mpi.h # Note this objects are actually links, the sourcefiles are # distributed by special code in dist-hook @@ -63,3 +65,4 @@ libmpi_la_LIBADD = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@ # $(COMPILE) -c _$*.s # mv -f _$*.o $*.o + diff --git a/mpi/generic/mpi-asm-defs.h b/mpi/generic/mpi-asm-defs.h index c25f966a..3bd1b611 100644 --- a/mpi/generic/mpi-asm-defs.h +++ b/mpi/generic/mpi-asm-defs.h @@ -1,8 +1,7 @@ /* This file defines some basic constants for the MPI machinery. We * need to define the types on a per-CPU basis, so it is done with * this file here. */ -#define BYTES_PER_MPI_LIMB (sizeof unsigned long) - +#define BYTES_PER_MPI_LIMB (SIZEOF_UNSIGNED_LONG) diff --git a/mpi/mpi-internal.h b/mpi/mpi-internal.h index cde1c0ce..3a7855de 100644 --- a/mpi/mpi-internal.h +++ b/mpi/mpi-internal.h @@ -30,6 +30,24 @@ #ifndef G10_MPI_INTERNAL_H #define G10_MPI_INTERNAL_H +#include "mpi-asm-defs.h" +#if BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_INT + typedef unsigned int mpi_limb_t; + typedef signed int mpi_limb_signed_t; +#elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_LONG + typedef unsigned long int mpi_limb_t; + typedef signed long int mpi_limb_signed_t; +#elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_LONG_LONG + typedef unsigned long long int mpi_limb_t; + typedef signed long long int mpi_limb_signed_t; +#elif BYTES_PER_MPI_LIMB == SIZEOF_UNSIGNED_SHORT + typedef unsigned short int mpi_limb_t; + typedef signed short int mpi_limb_signed_t; +#else + #error BYTES_PER_MPI_LIMB does not match any C type +#endif +#define BITS_PER_MPI_LIMB (8*BYTES_PER_MPI_LIMB) +#define DID_MPI_LIMB_TYPEDEF 1 #include "mpi.h" /* If KARATSUBA_THRESHOLD is not already defined, define it to a diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c index 9c68d7c9..87f5870c 100644 --- a/mpi/mpicoder.c +++ b/mpi/mpicoder.c @@ -24,9 +24,7 @@ #include <stdlib.h> #include <assert.h> -#include "mpi.h" #include "mpi-internal.h" -#include "memory.h" #include "g10lib.h" #define MAX_EXTERN_MPI_BITS 16384 diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index 2dad135d..3c5aee05 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -25,7 +25,6 @@ #include <assert.h> #include "g10lib.h" -#include "mpi.h" #include "mpi-internal.h" #include "memory.h" diff --git a/src/ChangeLog b/src/ChangeLog index 870db51b..192a7a6d 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,10 @@ +2000-11-14 Werner Koch <wk@gnupg.org> + + * mpi.h: Moved to ../mpi. + + * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency + problems. + 2000-10-11 Werner Koch <wk@gnupg.org> * mpi.h: Changed the way mpi_limb_t is defined. diff --git a/src/Makefile.am b/src/Makefile.am index 4caaa2e3..7c66e19f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -18,6 +18,9 @@ EXTRA_DIST = gcrypt-config.in gcrypt.m4 INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl +OMIT_DEPENDENCIES = types.h + + lib_LTLIBRARIES = libgcrypt.la bin_SCRIPTS = gcrypt-config @@ -36,7 +39,6 @@ libgcrypt_la_LDFLAGS = -version-info \ # -export-symbols libgcrypt.sym libgcrypt_la_SOURCES = g10lib.h \ - mpi.h \ cipher.h \ misc.c \ global.c \ diff --git a/src/gcrypt.h b/src/gcrypt.h index cf7eb7cc..dfce469c 100644 --- a/src/gcrypt.h +++ b/src/gcrypt.h @@ -35,7 +35,7 @@ extern "C" { * header matches the installed library. * Note: Do not edit the next line as configure may fix the string here. */ -#define GCRYPT_VERSION "1.1.1a" +#define GCRYPT_VERSION "1.1.1b" #ifndef HAVE_BYTE_TYPEDEF |