See ChangeLog: Fri Apr 14 19:37:08 CEST 2000 Werner Koch

NEWS

@@ -14,7 +14,7 @@ Noteworthy changes in the current test release
       cases were it is really required.
       Use the option --no-random-seed-file to disable this feature.
 
-    * New option --ignore-time-conflict.
+    * New options --ignore-time-conflict and --lock-never.
 
     * Some fixes for the W32 version
 
@@ -32,6 +32,10 @@ Noteworthy changes in the current test release
       create revocations for the subkeys.  See the FAQ for a
       procedure to install such secret keys.
 
+    * Keygeneration now writes to the first writeable keyring or
+      as default to the one in the homedirectory.  Prior versions
+      ignored all --keyring options.
+
 
 Noteworthy changes in version 1.0.1 (1999-12-16)
 -----------------------------------

THANKS

@@ -16,6 +16,8 @@ Bryan Fullerton 	   bryanf@samurai.com
 Caskey L. Dickson	   caskey@technocage.com
 Cees van de Griend	   cees-list@griend.xs4all.nl
 Charles Levert		   charles@comm.polymtl.ca
+Chip Salzenberg 	   chip@valinux.com
+Christian Kurz		   shorty@debian.org
 Christian von Roques	   roques@pond.sub.org
 Christopher Oliver	   oliver@fritz.traverse.net
 Christian Recktenwald	   chris@citecs.de
@@ -135,5 +137,8 @@ Thanks to the German Unix User Group for providing FTP space,
 Martin Hamilton for hosting the mailing list and HSP for
 hosting gnupg.org.
 
+The development of this software has partly been funded by the German
+Ministry for Economics and Technology under grant VIB3-68553.168-001/1999.
+
 Many thanks to my wife Gerlinde for having so much patience with
 me while hacking late in the evening.

TODO

@@ -1,13 +1,10 @@
 
-  * Print the reason for revocation at certain places.
+  * add a check to the make dist target to see whether the man page
+    was build.
 
   * at least an option to prefer DSA keys over RSA when selecting the key to
-    use.  Depending on creation time would be nice too.  I thing this is
-    already done for the subkeys.
-
-  * Rework the whole key selection stuff: Compile a list of valid
-    candidates for a keyblock first and the select one from it.
-    The current code is too ugly (getkey.c).
+    use.  Depending on creation time would be nice too.  I think this is
+    already done for the subkeys - check it.
 
   * Fix localtime() in W32.
 
@@ -15,6 +12,10 @@
 
 Scheduled for 1.1
 -----------------
+  * Rework the whole key selection stuff: Compile a list of valid
+    candidates for a keyblock first and the select one from it.
+    The current code is too ugly (getkey.c).
+
   * With option -i prompt before adding a key to the keyring and show some
     info what we are about to add.
 

cipher/ChangeLog

@@ -1,3 +1,7 @@
+Fri Apr 14 19:37:08 CEST 2000  Werner Koch  <wk@openit.de>
+
+	* twofish.c (twofish_get_info): Fixed warning about cast.
+
 Tue Mar 28 14:26:58 CEST 2000  Werner Koch  <wk@openit.de>
 
 	* random.c [MINGW32]: Include process.h for getpid.

cipher/twofish.c

@@ -987,7 +987,8 @@ twofish_get_info (int algo, size_t *keylen,
     *keylen = algo==10? 256 : 128;
     *blocksize = 16;
     *contextsize = sizeof (TWOFISH_context);
-    *(int  (**)(const TWOFISH_context*, const byte*, unsigned))r_setkey
+
+    *(int  (**)(TWOFISH_context*, const byte*, const unsigned))r_setkey
 							= twofish_setkey;
     *(void (**)(const TWOFISH_context*, byte*, const byte*))r_encrypt
 							= twofish_encrypt;

doc/gpg.sgml

@@ -1177,6 +1177,16 @@ needed. Use this to override a previous --lock-once
 from a config file.
 </para></listitem></varlistentry>
 
+<varlistentry>
+<term>--lock-never</term>
+<listitem><para>
+Disable locking entirely.  This option should be used only in very
+special environments, where it can be assured that only one process
+is accessing those files.  A bootable floppy with a standalone
+encryption system will probably use this.  Improper usage of this
+option may lead to data and key corruption.
+</para></listitem></varlistentry>
+
 <varlistentry>
 <term>--no-random-seed-file</term>
 <listitem><para>

g10/ChangeLog

@@ -1,3 +1,21 @@
+Fri Apr 14 19:37:08 CEST 2000  Werner Koch  <wk@openit.de>
+
+	* pkclist.c (do_show_revocation_reason): New.
+	(show_revocation_reason): New and called at various places.
+
+	* g10.c (main): Fixed small typo.
+
+	* pkclist.c (do_we_trust): Act on always_trust but not for revoked
+	keys. Suggested by Chip Salzenberg.
+
+	* g10.c: New option --lock-never.
+
+	* ringedit.c (get_writable_keyblock_file): New.
+	* keygen.c (do_generate_keypair): Use this instead of the hardwired one.
+
+	* keygen.c (ask_user_id): Check that the email address is in the
+	correct field.	Suggested by Christian Kurz.
+
 Mon Apr 10 13:34:19 CEST 2000  Werner Koch  <wk@openit.de>
 
 	* keyedit.c (show_key_with_all_names): s/sbb/ssb/

g10/g10.c

@@ -168,6 +168,7 @@ enum cmd_and_opt_values { aNull = 0,
     oEscapeFrom,
     oLockOnce,
     oLockMultiple,
+    oLockNever,
     oKeyServer,
     oEncryptTo,
     oNoEncryptTo,
@@ -347,6 +348,7 @@ static ARGPARSE_OPTS opts[] = {
     { oEscapeFrom, "escape-from-lines", 0, "@" },
     { oLockOnce, "lock-once", 0, "@" },
     { oLockMultiple, "lock-multiple", 0, "@" },
+    { oLockNever, "lock-never", 0, "@" },
     { oLoggerFD, "logger-fd",1, "@" },
     { oUseEmbeddedFilename, "use-embedded-filename", 0, "@" },
     { oUtf8Strings, "utf8-strings", 0, "@" },
@@ -882,6 +884,7 @@ main( int argc, char **argv )
 	  case oNotDashEscaped: opt.not_dash_escaped = 1; break;
 	  case oEscapeFrom: opt.escape_from = 1; break;
 	  case oLockOnce: opt.lock_once = 1; break;
+	  case oLockNever: disable_dotlock(); break;
 	  case oLockMultiple: opt.lock_once = 0; break;
 	  case oKeyServer: opt.keyserver_name = pargs.r.ret_str; break;
 	  case oNotation: add_notation_data( pargs.r.ret_str ); break;
@@ -1447,7 +1450,7 @@ main( int argc, char **argv )
 	break;
 
       case aFixTrustDB:
-	log_error("this command ist not yet implemented.\"\n");
+	log_error("this command is not yet implemented.\"\n");
 	log_error("A workaround is to use \"--export-ownertrust\", remove\n");
 	log_error("the trustdb file and do an \"--import-ownertrust\".\n" );
 	break;

g10/getkey.c

@@ -45,7 +45,11 @@
  * that they are all valid.
  * Note: We must use numerical values here in case that this program
  * will be converted to those little blue HAL9000s with their strange
- * EBCDIC character set (user ids are UTF-8). */
+ * EBCDIC character set (user ids are UTF-8).
+ * wk 2000-04-13: Hmmm, does this really make sense, given the fact that
+ * we can run gpg now on a S/390 running GNU/Linux, where the code
+ * translation is done by the device drivers?
+ */
 static const byte word_match_chars[256] = {
   /* 00 */  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   /* 08 */  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

g10/keydb.h

@@ -200,6 +200,7 @@ const char *enum_keyblock_resources( int *sequence, int secret );
 int add_keyblock_resource( const char *resname, int force, int secret );
 const char *keyblock_resource_name( KBPOS *kbpos );
 int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos );
+char *get_writable_keyblock_file( int secret );
 int locate_keyblock_by_fpr( KBPOS *kbpos, const byte *fpr,
 					    int fprlen, int secret );
 int locate_keyblock_by_keyid( KBPOS *kbpos, u32 *keyid,

g10/keygen.c

@@ -689,6 +689,7 @@ ask_user_id( int mode )
     uid = aname = acomment = amail = NULL;
     for(;;) {
 	char *p;
+	int fail=0;
 
 	if( !aname ) {
 	    for(;;) {
@@ -740,6 +741,7 @@ ask_user_id( int mode )
 	    }
 	}
 
+
 	m_free(uid);
 	uid = p = m_alloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10);
 	p = stpcpy(p, aname );
@@ -764,6 +766,12 @@ ask_user_id( int mode )
 
 	tty_printf(_("You selected this USER-ID:\n    \"%s\"\n\n"), uid);
 	/* fixme: add a warning if this user-id already exists */
+	if( !*amail && (strchr( aname, '@' ) || strchr( acomment, '@'))) {
+	    fail = 1;
+	    tty_printf(_("Please don't put the email address "
+			  "into the real name or the comment\n") );
+	}
+
 	for(;;) {
 	    char *ansstr = _("NnCcEeOoQq");
 
@@ -774,8 +782,9 @@ ask_user_id( int mode )
 		answer[1] = 0;
 	    }
 	    else {
-		answer = cpr_get("keygen.userid.cmd",_(
-		    "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
+		answer = cpr_get("keygen.userid.cmd", fail?
+		  _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") :
+		  _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
 		cpr_kill_prompt();
 	    }
 	    if( strlen(answer) > 1 )
@@ -793,10 +802,15 @@ ask_user_id( int mode )
 		break;
 	    }
 	    else if( *answer == ansstr[6] || *answer == ansstr[7] ) {
-		m_free(aname); aname = NULL;
-		m_free(acomment); acomment = NULL;
-		m_free(amail); amail = NULL;
-		break;
+		if( fail ) {
+		    tty_printf(_("Please correct the error first\n"));
+		}
+		else {
+		    m_free(aname); aname = NULL;
+		    m_free(acomment); acomment = NULL;
+		    m_free(amail); amail = NULL;
+		    break;
+		}
 	    }
 	    else if( *answer == ansstr[8] || *answer == ansstr[9] ) {
 		m_free(aname); aname = NULL;
@@ -1443,12 +1457,8 @@ do_generate_keypair( struct para_data_s *para,
 	assert( outctrl->sec.stream );
     }
     else {
-	/* check whether we are allowed to write to the keyrings */
-	/* It is probably wrong to use the default names here
-	 * but becuase I never gpt any complaints, we better leave
-	 * it as it is. */
-	pub_fname = make_filename(opt.homedir, "pubring.gpg", NULL );
-	sec_fname = make_filename(opt.homedir, "secring.gpg", NULL );
+	pub_fname = get_writable_keyblock_file( 0 );
+	sec_fname = get_writable_keyblock_file( 1 );
     }
 
     if( opt.verbose ) {

g10/parse-packet.c

@@ -1,5 +1,5 @@
 /* parse-packet.c  - read packets
- *	Copyright (C) 1998, 1999 Free Software Foundation, Inc.
+ *	Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *

g10/pkclist.c

@@ -1,5 +1,5 @@
 /* pkclist.c
- *	Copyright (C) 1998 Free Software Foundation, Inc.
+ *	Copyright (C) 1998,2000 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -96,6 +96,112 @@ fpr_info( PKT_public_key *pk )
 }
 
 
+/****************
+ * Show the revocation reason as it is stored with the given signature
+ */
+static void
+do_show_revocation_reason( PKT_signature *sig )
+{
+    size_t n, nn;
+    const byte *p, *pp;
+    int seq = 0;
+    const char *text;
+
+    while( (p = enum_sig_subpkt( sig->hashed_data, SIGSUBPKT_REVOC_REASON,
+				 &n, &seq )) ) {
+	if( !n )
+	    continue; /* invalid - just skip it */
+
+	if( *p == 0 )
+	    text = _("No reason specified");
+	else if( *p == 0x01 )
+	    text = _("Key is superseded");
+	else if( *p == 0x02 )
+	    text = _("Key has been compromised");
+	else if( *p == 0x03 )
+	    text = _("Key is no longer used");
+	else if( *p == 0x20 )
+	    text = _("User ID is non longer valid");
+	else
+	    text = NULL;
+
+	log_info( _("Reason for revocation: ") );
+	if( text )
+	    fputs( text, log_stream() );
+	else
+	    fprintf( log_stream(), "code=%02x", *p );
+	putc( '\n', log_stream() );
+	n--; p++;
+	pp = NULL;
+	do {
+	    /* We don't want any empty lines, so skip them */
+	    while( n && *p == '\n' ) {
+		p++;
+		n--;
+	    }
+	    if( n ) {
+		pp = memchr( p, '\n', n );
+		nn = pp? pp - p : n;
+		log_info( _("Revocation comment: ") );
+		print_string( log_stream(), p, nn, 0 );
+		putc( '\n', log_stream() );
+		p += nn; n -= nn;
+	    }
+	} while( pp );
+    }
+}
+
+
+static void
+show_revocation_reason( PKT_public_key *pk )
+{
+    /* Hmmm, this is not so easy becuase we have to duplicate the code
+     * used in the trustbd to calculate the keyflags.  We need to find
+     * a clean way to check revocation certificates on keys and signatures.
+     * And there should be no duplicate code.  Because we enter this function
+     * only when the trustdb toldus, taht we have a revoked key, we could
+     * simplylook for a revocation cert and display this one, when there is
+     * only one. Let's try to do this until we have a better solution.
+     */
+    KBNODE node, keyblock = NULL;
+    byte fingerprint[MAX_FINGERPRINT_LEN];
+    size_t fingerlen;
+    int rc;
+
+    /* get the keyblock */
+    fingerprint_from_pk( pk, fingerprint, &fingerlen );
+    rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen );
+    if( rc ) { /* that should never happen */
+	log_debug( "failed to get the keyblock\n");
+	return;
+    }
+
+    for( node=keyblock; node; node = node->next ) {
+	if( ( node->pkt->pkttype == PKT_PUBLIC_KEY
+	      || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+	    && !cmp_public_keys( node->pkt->pkt.public_key, pk ) )
+	    break;
+    }
+    if( !node ) {
+	log_debug("Oops, PK not in keyblock\n");
+	release_kbnode( keyblock );
+	return;
+    }
+    /* now find the revocation certificate */
+    for( node = node->next; node ; node = node->next ) {
+	if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+	    break;
+	if( node->pkt->pkttype == PKT_SIGNATURE
+	    && (node->pkt->pkt.signature->sig_class == 0x20
+		|| node->pkt->pkt.signature->sig_class == 0x28 ) ) {
+		/* FIXME: we should check the signature here */
+		do_show_revocation_reason ( node->pkt->pkt.signature );
+	}
+    }
+
+    release_kbnode( keyblock );
+}
+
 
 static void
 show_paths( ulong lid, int only_first )
@@ -350,6 +456,7 @@ do_we_trust( PKT_public_key *pk, int *trustlevel )
     if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
 	log_info(_("key %08lX: key has been revoked!\n"),
 					(ulong)keyid_from_pk( pk, NULL) );
+	show_revocation_reason( pk );
 	if( opt.batch )
 	    return 0;
 
@@ -361,6 +468,7 @@ do_we_trust( PKT_public_key *pk, int *trustlevel )
     else if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
 	log_info(_("key %08lX: subkey has been revoked!\n"),
 					(ulong)keyid_from_pk( pk, NULL) );
+	show_revocation_reason( pk );
 	if( opt.batch )
 	    return 0;
 
@@ -371,6 +479,15 @@ do_we_trust( PKT_public_key *pk, int *trustlevel )
     }
     *trustlevel &= ~trustmask;
 
+    if( opt.always_trust) {
+	if( opt.verbose )
+	    log_info("No trust check due to --always-trust option\n");
+	/* The problem with this, is that EXPIRE can't be checked as
+	 * this needs to insert a ne key into the trustdb first and
+	 * we don't want that */
+	return 1;
+    }
+
 
     switch( (*trustlevel & TRUST_MASK) ) {
       case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
@@ -533,10 +650,12 @@ check_signatures_trust( PKT_signature *sig )
 	write_status( STATUS_KEYREVOKED );
 	log_info(_("WARNING: This key has been revoked by its owner!\n"));
 	log_info(_("         This could mean that the signature is forgery.\n"));
+	show_revocation_reason( pk );
     }
     else if( (trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
 	write_status( STATUS_KEYREVOKED );
 	log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
+	show_revocation_reason( pk );
     }
 
 

g10/pubkey-enc.c

@@ -202,6 +202,13 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid )
 			   (ulong)keyid[1], asctimestamp( pk->expiredate) );
 	}
 
+	/* FIXME: check wheter the key has been revoked and display
+	 * the revocation reason.  Actually the user should know this himself,
+	 * but the sender might not know already and therefor the user
+	 * should get a notice that an revoked key has been used to decode
+	 * the message.  The user can than watch out for snakes send by
+	 * one of those Eves outside his paradise :-)
+	 */
 	free_public_key( pk );
 	rc = 0;
     }

g10/ringedit.c

@@ -1,5 +1,5 @@
 /* ringedit.c -  Function for key ring editing
- *	Copyright (C) 1998 Free Software Foundation, Inc.
+ *	Copyright (C) 1998, 2000 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -181,7 +181,6 @@ enum_keyblock_resources( int *sequence, int secret )
 }
 
 
-
 /****************
  * Register a resource (which currently may only be a keyring file).
  * The first keyring which is added by this function is
@@ -420,6 +419,35 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
 }
 
 
+/****************
+ * Return the filename of the firstkeyblock resource which is intended
+ * for write access. This will either be the default resource or in
+ * case this is not writable one of the others.  If no writable is found,
+ * the default filename in the homedirectory will be returned.
+ * Caller must free, will never return NULL.
+ */
+char *
+get_writable_keyblock_file( int secret )
+{
+    int i = secret? default_secret_resource : default_public_resource;
+
+    if( resource_table[i].used && !resource_table[i].secret == !secret ) {
+	if( !access( resource_table[i].fname, R_OK|W_OK ) ) {
+	    return m_strdup( resource_table[i].fname );
+	}
+    }
+    for(i=0; i < MAX_RESOURCES; i++ ) {
+	if( resource_table[i].used && !resource_table[i].secret == !secret ) {
+	    if( !access( resource_table[i].fname, R_OK|W_OK ) ) {
+		return m_strdup( resource_table[i].fname );
+	    }
+	}
+    }
+    /* Assume the home dir is always writable */
+    return  make_filename(opt.homedir, secret? "secring.gpg"
+					     : "pubring.gpg", NULL );
+}
+
 
 /****************
  * Search a keyblock which starts with the given packet and puts all

include/util.h

@@ -132,6 +132,7 @@ const char *strusage( int level );
 struct dotlock_handle;
 typedef struct dotlock_handle *DOTLOCK;
 
+void disable_dotlock(void);
 DOTLOCK create_dotlock( const char *file_to_lock );
 int make_dotlock( DOTLOCK h, long timeout );
 int release_dotlock( DOTLOCK h );

util/ChangeLog

@@ -1,3 +1,7 @@
+Fri Apr 14 19:37:08 CEST 2000  Werner Koch  <wk@openit.de>
+
+	* dotlock.c (disable_dotlock): New.  Implmented this in the module.
+
 2000-03-09 14:04:22  Werner Koch  (wk@habibti.openit.de)
 
 	* argparse.c (default_strusage): Changed year of default copyright.

util/dotlock.c

@@ -1,5 +1,5 @@
 /* dotlock.c - dotfile locking
- *	Copyright (C) 1998 Free Software Foundation, Inc.
+ *	Copyright (C) 1998,2000 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -42,14 +42,22 @@ struct dotlock_handle {
     char *tname;    /* name of lockfile template */
     char *lockname; /* name of the real lockfile */
     int locked;     /* lock status */
+    int disable;    /* locking */
 };
 
 
 static DOTLOCK all_lockfiles;
+static int never_lock;
 
 static int read_lockfile( const char *name );
 static void remove_lockfiles(void);
 
+void
+disable_dotlock(void)
+{
+    never_lock = 1;
+}
+
 /****************
  * Create a lockfile with the given name and return an object of
  * type DOTLOCK which may be used later to actually do the lock.
@@ -88,6 +96,17 @@ create_dotlock( const char *file_to_lock )
 	return NULL;
 
     h = m_alloc_clear( sizeof *h );
+    if( never_lock ) {
+	h->disable = 1;
+      #ifdef _REENTRANT
+	/* fixme: aquire mutex on all_lockfiles */
+      #endif
+	h->next = all_lockfiles;
+	all_lockfiles = h;
+	return h;
+    }
+
+
 #ifndef HAVE_DOSISH_SYSTEM
     sprintf( pidstr, "%10d\n", (int)getpid() );
     /* fixme: add the hostname to the second line (FQDN or IP addr?) */
@@ -191,6 +210,10 @@ make_dotlock( DOTLOCK h, long timeout )
     const char *maybe_dead="";
     int backoff=0;
 
+    if( h->disable ) {
+	return 0;
+    }
+
     if( h->locked ) {
 	log_debug("oops, `%s' is already locked\n", h->lockname );
 	return 0;
@@ -259,6 +282,10 @@ release_dotlock( DOTLOCK h )
 #else
     int pid;
 
+    if( h->disable ) {
+	return 0;
+    }
+
     if( !h->locked ) {
 	log_debug("oops, `%s' is not locked\n", h->lockname );
 	return 0;
@@ -333,11 +360,13 @@ remove_lockfiles()
 
     while( h ) {
 	h2 = h->next;
-	if( h->locked )
-	    unlink( h->lockname );
-	unlink(h->tname);
-	m_free(h->tname);
-	m_free(h->lockname);
+	if( !h->disable ) {
+	    if( h->locked )
+		unlink( h->lockname );
+	    unlink(h->tname);
+	    m_free(h->tname);
+	    m_free(h->lockname);
+	}
 	m_free(h);
 	h = h2;
     }