1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

See ChangeLog: Fri Apr 14 19:37:08 CEST 2000 Werner Koch

This commit is contained in:
Werner Koch 2000-04-14 17:34:30 +00:00
parent c6cd141bc0
commit 5f8fc31d9a
18 changed files with 282 additions and 33 deletions

6
NEWS
View File

@ -14,7 +14,7 @@ Noteworthy changes in the current test release
cases were it is really required.
Use the option --no-random-seed-file to disable this feature.
* New option --ignore-time-conflict.
* New options --ignore-time-conflict and --lock-never.
* Some fixes for the W32 version
@ -32,6 +32,10 @@ Noteworthy changes in the current test release
create revocations for the subkeys. See the FAQ for a
procedure to install such secret keys.
* Keygeneration now writes to the first writeable keyring or
as default to the one in the homedirectory. Prior versions
ignored all --keyring options.
Noteworthy changes in version 1.0.1 (1999-12-16)
-----------------------------------

5
THANKS
View File

@ -16,6 +16,8 @@ Bryan Fullerton bryanf@samurai.com
Caskey L. Dickson caskey@technocage.com
Cees van de Griend cees-list@griend.xs4all.nl
Charles Levert charles@comm.polymtl.ca
Chip Salzenberg chip@valinux.com
Christian Kurz shorty@debian.org
Christian von Roques roques@pond.sub.org
Christopher Oliver oliver@fritz.traverse.net
Christian Recktenwald chris@citecs.de
@ -135,5 +137,8 @@ Thanks to the German Unix User Group for providing FTP space,
Martin Hamilton for hosting the mailing list and HSP for
hosting gnupg.org.
The development of this software has partly been funded by the German
Ministry for Economics and Technology under grant VIB3-68553.168-001/1999.
Many thanks to my wife Gerlinde for having so much patience with
me while hacking late in the evening.

15
TODO
View File

@ -1,13 +1,10 @@
* Print the reason for revocation at certain places.
* add a check to the make dist target to see whether the man page
was build.
* at least an option to prefer DSA keys over RSA when selecting the key to
use. Depending on creation time would be nice too. I thing this is
already done for the subkeys.
* Rework the whole key selection stuff: Compile a list of valid
candidates for a keyblock first and the select one from it.
The current code is too ugly (getkey.c).
use. Depending on creation time would be nice too. I think this is
already done for the subkeys - check it.
* Fix localtime() in W32.
@ -15,6 +12,10 @@
Scheduled for 1.1
-----------------
* Rework the whole key selection stuff: Compile a list of valid
candidates for a keyblock first and the select one from it.
The current code is too ugly (getkey.c).
* With option -i prompt before adding a key to the keyring and show some
info what we are about to add.

View File

@ -1,3 +1,7 @@
Fri Apr 14 19:37:08 CEST 2000 Werner Koch <wk@openit.de>
* twofish.c (twofish_get_info): Fixed warning about cast.
Tue Mar 28 14:26:58 CEST 2000 Werner Koch <wk@openit.de>
* random.c [MINGW32]: Include process.h for getpid.

View File

@ -987,7 +987,8 @@ twofish_get_info (int algo, size_t *keylen,
*keylen = algo==10? 256 : 128;
*blocksize = 16;
*contextsize = sizeof (TWOFISH_context);
*(int (**)(const TWOFISH_context*, const byte*, unsigned))r_setkey
*(int (**)(TWOFISH_context*, const byte*, const unsigned))r_setkey
= twofish_setkey;
*(void (**)(const TWOFISH_context*, byte*, const byte*))r_encrypt
= twofish_encrypt;

View File

@ -1177,6 +1177,16 @@ needed. Use this to override a previous --lock-once
from a config file.
</para></listitem></varlistentry>
<varlistentry>
<term>--lock-never</term>
<listitem><para>
Disable locking entirely. This option should be used only in very
special environments, where it can be assured that only one process
is accessing those files. A bootable floppy with a standalone
encryption system will probably use this. Improper usage of this
option may lead to data and key corruption.
</para></listitem></varlistentry>
<varlistentry>
<term>--no-random-seed-file</term>
<listitem><para>

View File

@ -1,3 +1,21 @@
Fri Apr 14 19:37:08 CEST 2000 Werner Koch <wk@openit.de>
* pkclist.c (do_show_revocation_reason): New.
(show_revocation_reason): New and called at various places.
* g10.c (main): Fixed small typo.
* pkclist.c (do_we_trust): Act on always_trust but not for revoked
keys. Suggested by Chip Salzenberg.
* g10.c: New option --lock-never.
* ringedit.c (get_writable_keyblock_file): New.
* keygen.c (do_generate_keypair): Use this instead of the hardwired one.
* keygen.c (ask_user_id): Check that the email address is in the
correct field. Suggested by Christian Kurz.
Mon Apr 10 13:34:19 CEST 2000 Werner Koch <wk@openit.de>
* keyedit.c (show_key_with_all_names): s/sbb/ssb/

View File

@ -168,6 +168,7 @@ enum cmd_and_opt_values { aNull = 0,
oEscapeFrom,
oLockOnce,
oLockMultiple,
oLockNever,
oKeyServer,
oEncryptTo,
oNoEncryptTo,
@ -347,6 +348,7 @@ static ARGPARSE_OPTS opts[] = {
{ oEscapeFrom, "escape-from-lines", 0, "@" },
{ oLockOnce, "lock-once", 0, "@" },
{ oLockMultiple, "lock-multiple", 0, "@" },
{ oLockNever, "lock-never", 0, "@" },
{ oLoggerFD, "logger-fd",1, "@" },
{ oUseEmbeddedFilename, "use-embedded-filename", 0, "@" },
{ oUtf8Strings, "utf8-strings", 0, "@" },
@ -882,6 +884,7 @@ main( int argc, char **argv )
case oNotDashEscaped: opt.not_dash_escaped = 1; break;
case oEscapeFrom: opt.escape_from = 1; break;
case oLockOnce: opt.lock_once = 1; break;
case oLockNever: disable_dotlock(); break;
case oLockMultiple: opt.lock_once = 0; break;
case oKeyServer: opt.keyserver_name = pargs.r.ret_str; break;
case oNotation: add_notation_data( pargs.r.ret_str ); break;
@ -1447,7 +1450,7 @@ main( int argc, char **argv )
break;
case aFixTrustDB:
log_error("this command ist not yet implemented.\"\n");
log_error("this command is not yet implemented.\"\n");
log_error("A workaround is to use \"--export-ownertrust\", remove\n");
log_error("the trustdb file and do an \"--import-ownertrust\".\n" );
break;

View File

@ -45,7 +45,11 @@
* that they are all valid.
* Note: We must use numerical values here in case that this program
* will be converted to those little blue HAL9000s with their strange
* EBCDIC character set (user ids are UTF-8). */
* EBCDIC character set (user ids are UTF-8).
* wk 2000-04-13: Hmmm, does this really make sense, given the fact that
* we can run gpg now on a S/390 running GNU/Linux, where the code
* translation is done by the device drivers?
*/
static const byte word_match_chars[256] = {
/* 00 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
/* 08 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

View File

@ -200,6 +200,7 @@ const char *enum_keyblock_resources( int *sequence, int secret );
int add_keyblock_resource( const char *resname, int force, int secret );
const char *keyblock_resource_name( KBPOS *kbpos );
int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos );
char *get_writable_keyblock_file( int secret );
int locate_keyblock_by_fpr( KBPOS *kbpos, const byte *fpr,
int fprlen, int secret );
int locate_keyblock_by_keyid( KBPOS *kbpos, u32 *keyid,

View File

@ -689,6 +689,7 @@ ask_user_id( int mode )
uid = aname = acomment = amail = NULL;
for(;;) {
char *p;
int fail=0;
if( !aname ) {
for(;;) {
@ -740,6 +741,7 @@ ask_user_id( int mode )
}
}
m_free(uid);
uid = p = m_alloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10);
p = stpcpy(p, aname );
@ -764,6 +766,12 @@ ask_user_id( int mode )
tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
/* fixme: add a warning if this user-id already exists */
if( !*amail && (strchr( aname, '@' ) || strchr( acomment, '@'))) {
fail = 1;
tty_printf(_("Please don't put the email address "
"into the real name or the comment\n") );
}
for(;;) {
char *ansstr = _("NnCcEeOoQq");
@ -774,8 +782,9 @@ ask_user_id( int mode )
answer[1] = 0;
}
else {
answer = cpr_get("keygen.userid.cmd",_(
"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
answer = cpr_get("keygen.userid.cmd", fail?
_("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") :
_("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
cpr_kill_prompt();
}
if( strlen(answer) > 1 )
@ -793,11 +802,16 @@ ask_user_id( int mode )
break;
}
else if( *answer == ansstr[6] || *answer == ansstr[7] ) {
if( fail ) {
tty_printf(_("Please correct the error first\n"));
}
else {
m_free(aname); aname = NULL;
m_free(acomment); acomment = NULL;
m_free(amail); amail = NULL;
break;
}
}
else if( *answer == ansstr[8] || *answer == ansstr[9] ) {
m_free(aname); aname = NULL;
m_free(acomment); acomment = NULL;
@ -1443,12 +1457,8 @@ do_generate_keypair( struct para_data_s *para,
assert( outctrl->sec.stream );
}
else {
/* check whether we are allowed to write to the keyrings */
/* It is probably wrong to use the default names here
* but becuase I never gpt any complaints, we better leave
* it as it is. */
pub_fname = make_filename(opt.homedir, "pubring.gpg", NULL );
sec_fname = make_filename(opt.homedir, "secring.gpg", NULL );
pub_fname = get_writable_keyblock_file( 0 );
sec_fname = get_writable_keyblock_file( 1 );
}
if( opt.verbose ) {

View File

@ -1,5 +1,5 @@
/* parse-packet.c - read packets
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*

View File

@ -1,5 +1,5 @@
/* pkclist.c
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998,2000 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -96,6 +96,112 @@ fpr_info( PKT_public_key *pk )
}
/****************
* Show the revocation reason as it is stored with the given signature
*/
static void
do_show_revocation_reason( PKT_signature *sig )
{
size_t n, nn;
const byte *p, *pp;
int seq = 0;
const char *text;
while( (p = enum_sig_subpkt( sig->hashed_data, SIGSUBPKT_REVOC_REASON,
&n, &seq )) ) {
if( !n )
continue; /* invalid - just skip it */
if( *p == 0 )
text = _("No reason specified");
else if( *p == 0x01 )
text = _("Key is superseded");
else if( *p == 0x02 )
text = _("Key has been compromised");
else if( *p == 0x03 )
text = _("Key is no longer used");
else if( *p == 0x20 )
text = _("User ID is non longer valid");
else
text = NULL;
log_info( _("Reason for revocation: ") );
if( text )
fputs( text, log_stream() );
else
fprintf( log_stream(), "code=%02x", *p );
putc( '\n', log_stream() );
n--; p++;
pp = NULL;
do {
/* We don't want any empty lines, so skip them */
while( n && *p == '\n' ) {
p++;
n--;
}
if( n ) {
pp = memchr( p, '\n', n );
nn = pp? pp - p : n;
log_info( _("Revocation comment: ") );
print_string( log_stream(), p, nn, 0 );
putc( '\n', log_stream() );
p += nn; n -= nn;
}
} while( pp );
}
}
static void
show_revocation_reason( PKT_public_key *pk )
{
/* Hmmm, this is not so easy becuase we have to duplicate the code
* used in the trustbd to calculate the keyflags. We need to find
* a clean way to check revocation certificates on keys and signatures.
* And there should be no duplicate code. Because we enter this function
* only when the trustdb toldus, taht we have a revoked key, we could
* simplylook for a revocation cert and display this one, when there is
* only one. Let's try to do this until we have a better solution.
*/
KBNODE node, keyblock = NULL;
byte fingerprint[MAX_FINGERPRINT_LEN];
size_t fingerlen;
int rc;
/* get the keyblock */
fingerprint_from_pk( pk, fingerprint, &fingerlen );
rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen );
if( rc ) { /* that should never happen */
log_debug( "failed to get the keyblock\n");
return;
}
for( node=keyblock; node; node = node->next ) {
if( ( node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
&& !cmp_public_keys( node->pkt->pkt.public_key, pk ) )
break;
}
if( !node ) {
log_debug("Oops, PK not in keyblock\n");
release_kbnode( keyblock );
return;
}
/* now find the revocation certificate */
for( node = node->next; node ; node = node->next ) {
if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
break;
if( node->pkt->pkttype == PKT_SIGNATURE
&& (node->pkt->pkt.signature->sig_class == 0x20
|| node->pkt->pkt.signature->sig_class == 0x28 ) ) {
/* FIXME: we should check the signature here */
do_show_revocation_reason ( node->pkt->pkt.signature );
}
}
release_kbnode( keyblock );
}
static void
show_paths( ulong lid, int only_first )
@ -350,6 +456,7 @@ do_we_trust( PKT_public_key *pk, int *trustlevel )
if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
log_info(_("key %08lX: key has been revoked!\n"),
(ulong)keyid_from_pk( pk, NULL) );
show_revocation_reason( pk );
if( opt.batch )
return 0;
@ -361,6 +468,7 @@ do_we_trust( PKT_public_key *pk, int *trustlevel )
else if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
log_info(_("key %08lX: subkey has been revoked!\n"),
(ulong)keyid_from_pk( pk, NULL) );
show_revocation_reason( pk );
if( opt.batch )
return 0;
@ -371,6 +479,15 @@ do_we_trust( PKT_public_key *pk, int *trustlevel )
}
*trustlevel &= ~trustmask;
if( opt.always_trust) {
if( opt.verbose )
log_info("No trust check due to --always-trust option\n");
/* The problem with this, is that EXPIRE can't be checked as
* this needs to insert a ne key into the trustdb first and
* we don't want that */
return 1;
}
switch( (*trustlevel & TRUST_MASK) ) {
case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
@ -533,10 +650,12 @@ check_signatures_trust( PKT_signature *sig )
write_status( STATUS_KEYREVOKED );
log_info(_("WARNING: This key has been revoked by its owner!\n"));
log_info(_(" This could mean that the signature is forgery.\n"));
show_revocation_reason( pk );
}
else if( (trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
write_status( STATUS_KEYREVOKED );
log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
show_revocation_reason( pk );
}

View File

@ -202,6 +202,13 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid )
(ulong)keyid[1], asctimestamp( pk->expiredate) );
}
/* FIXME: check wheter the key has been revoked and display
* the revocation reason. Actually the user should know this himself,
* but the sender might not know already and therefor the user
* should get a notice that an revoked key has been used to decode
* the message. The user can than watch out for snakes send by
* one of those Eves outside his paradise :-)
*/
free_public_key( pk );
rc = 0;
}

View File

@ -1,5 +1,5 @@
/* ringedit.c - Function for key ring editing
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 2000 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -181,7 +181,6 @@ enum_keyblock_resources( int *sequence, int secret )
}
/****************
* Register a resource (which currently may only be a keyring file).
* The first keyring which is added by this function is
@ -420,6 +419,35 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
}
/****************
* Return the filename of the firstkeyblock resource which is intended
* for write access. This will either be the default resource or in
* case this is not writable one of the others. If no writable is found,
* the default filename in the homedirectory will be returned.
* Caller must free, will never return NULL.
*/
char *
get_writable_keyblock_file( int secret )
{
int i = secret? default_secret_resource : default_public_resource;
if( resource_table[i].used && !resource_table[i].secret == !secret ) {
if( !access( resource_table[i].fname, R_OK|W_OK ) ) {
return m_strdup( resource_table[i].fname );
}
}
for(i=0; i < MAX_RESOURCES; i++ ) {
if( resource_table[i].used && !resource_table[i].secret == !secret ) {
if( !access( resource_table[i].fname, R_OK|W_OK ) ) {
return m_strdup( resource_table[i].fname );
}
}
}
/* Assume the home dir is always writable */
return make_filename(opt.homedir, secret? "secring.gpg"
: "pubring.gpg", NULL );
}
/****************
* Search a keyblock which starts with the given packet and puts all

View File

@ -132,6 +132,7 @@ const char *strusage( int level );
struct dotlock_handle;
typedef struct dotlock_handle *DOTLOCK;
void disable_dotlock(void);
DOTLOCK create_dotlock( const char *file_to_lock );
int make_dotlock( DOTLOCK h, long timeout );
int release_dotlock( DOTLOCK h );

View File

@ -1,3 +1,7 @@
Fri Apr 14 19:37:08 CEST 2000 Werner Koch <wk@openit.de>
* dotlock.c (disable_dotlock): New. Implmented this in the module.
2000-03-09 14:04:22 Werner Koch (wk@habibti.openit.de)
* argparse.c (default_strusage): Changed year of default copyright.

View File

@ -1,5 +1,5 @@
/* dotlock.c - dotfile locking
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998,2000 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -42,14 +42,22 @@ struct dotlock_handle {
char *tname; /* name of lockfile template */
char *lockname; /* name of the real lockfile */
int locked; /* lock status */
int disable; /* locking */
};
static DOTLOCK all_lockfiles;
static int never_lock;
static int read_lockfile( const char *name );
static void remove_lockfiles(void);
void
disable_dotlock(void)
{
never_lock = 1;
}
/****************
* Create a lockfile with the given name and return an object of
* type DOTLOCK which may be used later to actually do the lock.
@ -88,6 +96,17 @@ create_dotlock( const char *file_to_lock )
return NULL;
h = m_alloc_clear( sizeof *h );
if( never_lock ) {
h->disable = 1;
#ifdef _REENTRANT
/* fixme: aquire mutex on all_lockfiles */
#endif
h->next = all_lockfiles;
all_lockfiles = h;
return h;
}
#ifndef HAVE_DOSISH_SYSTEM
sprintf( pidstr, "%10d\n", (int)getpid() );
/* fixme: add the hostname to the second line (FQDN or IP addr?) */
@ -191,6 +210,10 @@ make_dotlock( DOTLOCK h, long timeout )
const char *maybe_dead="";
int backoff=0;
if( h->disable ) {
return 0;
}
if( h->locked ) {
log_debug("oops, `%s' is already locked\n", h->lockname );
return 0;
@ -259,6 +282,10 @@ release_dotlock( DOTLOCK h )
#else
int pid;
if( h->disable ) {
return 0;
}
if( !h->locked ) {
log_debug("oops, `%s' is not locked\n", h->lockname );
return 0;
@ -333,11 +360,13 @@ remove_lockfiles()
while( h ) {
h2 = h->next;
if( !h->disable ) {
if( h->locked )
unlink( h->lockname );
unlink(h->tname);
m_free(h->tname);
m_free(h->lockname);
}
m_free(h);
h = h2;
}