See ChangeLog: Fri Aug 25 16:05:38 CEST 2000 Werner Koch

ChangeLog

@@ -1,3 +1,9 @@
+Fri Aug 25 16:05:38 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * configure.in:  Changes to allow for Solaris random device.
+        By Nils Ellmenreich.
+        (--with-egd-socket): New.
+
 Wed Aug 23 19:52:51 CEST 2000  Werner Koch  <wk@openit.de>
 
         * acinclude.m4 (GNUPG_CHECK_MLOCK):  Removed that silly mkdir().

INSTALL

@@ -18,6 +18,15 @@ Configure options for GNUPG
 		      none - Do not linkl any module in but rely on
 			     a dynmically loaded modules.
 
+--with-egd-socket=<name>  This is only used when EGD is used as random
+                     gatherer. GnuPG uses by default "~/.gnupg/entropy"
+                     as the socket to connect EGD.  Using this option the
+                     socket name can be changed.  You may use any filename
+                     here with 2 exceptions:  a filename starting with
+                     "~/" uses the socket in the homedirectory of the user
+                     and one starting with a "=" uses a socket in the
+                     GnuPG homedirectory which is bye default "~/.gnupg".
+   
 --with-included-zlib Forces usage of the local zlib sources. Default is
 		     to use the (shared) library of the system.
 

NEWS

@@ -11,7 +11,9 @@ Noteworthy changes in the current CVS branch STABLE-BRANCH-1-0
       to help the British folks to somewhat minimize the danger
       of this Orwellian RIP bill.
 
-    * New options --merge-only and --try-all-secrets
+    * New options --merge-only and --try-all-secrets.
+
+    * New configuration option --with-egd-socket.
 
 
 Noteworthy changes in version 1.0.2 (2000-07-12)

TODO

@@ -1,8 +1,6 @@
 
   * configure option to set EGD entropy socket name
    
-  * handle --output /dev/null
-
   * Don't get the ultimately trusted keys from the secring but store
     it permanently in the trustdb.  This way we don't need a secring at all.
 
@@ -81,3 +79,5 @@ Nice to have
   * Evaluate whether it make sense to replace the namehashs either by
     using the user ID directly or by using pointers into the trustdb.
 
+
+

VERSION

@@ -1 +1,2 @@
 1.0.2b
+

acconfig.h

@@ -72,6 +72,9 @@
 /* Linux has an ioctl */
 #undef HAVE_DEV_RANDOM_IOCTL
 
+/* see cipher/rndegd.c */
+#undef EGD_SOCKET_NAME
+
 
 #undef USE_DYNAMIC_LINKING
 #undef HAVE_DL_DLOPEN

cipher/ChangeLog

@@ -1,3 +1,10 @@
+Fri Aug 25 16:05:38 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * rndlinux.c (open_device): Loose random device checking.
+        By Nils Ellmenreich.
+
+        * rndegd.c (gather_random): Name of socket is nom configurable.
+
 Wed Jun 28 11:54:44 CEST 2000  Werner Koch  <wk@>
 
   * rsa.c, rsa.h: New based on the old module version (only in CVS for now).

cipher/rndegd.c

@@ -114,13 +114,28 @@ gather_random( void (*add)(const void*, size_t, int), int requester,
 	}
     }
     if( fd == -1 ) {
-	char *name = make_filename( g10_opt_homedir, "entropy", NULL );
+        const char *bname = NULL;
+	char *name;
 	struct sockaddr_un addr;
 	int addr_len;
       
+      #ifdef EGD_SOCKET_NAME
+        bname = EGD_SOCKET_NAME;
+      #endif
+        if ( !bname || !*bname )
+            bname = "entropy";
+
+        if ( *bname == '=' && bname[1] )
+            name = make_filename( g10_opt_homedir, bname+1 , NULL );
+        else
+            name = make_filename( bname , NULL );
+
+        if ( strlen(name)+1 >= sizeof addr.sun_path ) 
+            g10_log_fatal ("EGD socketname is too long\n");
+
 	memset( &addr, 0, sizeof addr );
 	addr.sun_family = AF_UNIX;
-	strcpy( addr.sun_path, name );	  /* fixme: check that it is long enough */
+	strcpy( addr.sun_path, name );	  
 	addr_len = offsetof( struct sockaddr_un, sun_path )
 		   + strlen( addr.sun_path );
 

cipher/rndlinux.c

@@ -70,7 +70,7 @@ get_entropy_count( int fd )
 #endif
 
 /****************
- * Used to open the Linux and xBSD /dev/random devices
+ * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists), ...)
  */
 static int
 open_device( const char *name, int minor )
@@ -83,8 +83,9 @@ open_device( const char *name, int minor )
 	g10_log_fatal("can't open %s: %s\n", name, strerror(errno) );
     if( fstat( fd, &sb ) )
 	g10_log_fatal("stat() off %s failed: %s\n", name, strerror(errno) );
-    if( !S_ISCHR(sb.st_mode) )
+    /* Don't check device type for better portability */
-	g10_log_fatal("invalid random device!\n" );
+    /*  if( (!S_ISCHR(sb.st_mode)) && (!S_ISFIFO(sb.st_mode)) )
+	  g10_log_fatal("invalid random device!\n" ); */
     return fd;
 }
 

configure.in

@@ -49,6 +49,10 @@ case "$use_static_rnd" in
       ;;
 esac
 
+AC_ARG_WITH(egd-socket,
+    [  --with-egd-socket=NAME  Use NAME for the EGD socket)],
+            egd_socket_name="$withval", egd_socket_name="" )
+AC_DEFINE_UNQUOTED(EGD_SOCKET_NAME, "$egd_socket_name")
 
 
 dnl
@@ -262,6 +266,12 @@ case "${target}" in
         DYNLINK_MOD_CFLAGS="-shared -rdynamic -fpic -Wl,-Bshareable -Wl,-x"
         ;;
 
+    *-solaris*)
+        NAME_OF_DEV_RANDOM="/dev/random"
+        NAME_OF_DEV_URANDOM="/dev/random"
+        DYNLINK_MOD_CFLAGS="-shared $CFLAGS_PIC"
+        ;;
+
     *)
         NAME_OF_DEV_RANDOM="/dev/random"
         NAME_OF_DEV_URANDOM="/dev/urandom"
@@ -442,7 +452,7 @@ dnl check whether we have a random device
 dnl
 if test "$try_dev_random" = yes ; then
     AC_CACHE_CHECK(for random device, ac_cv_have_dev_random,
-    [if test -c "$NAME_OF_DEV_RANDOM" && test -c "$NAME_OF_DEV_URANDOM" ; then
+    [if test -r "$NAME_OF_DEV_RANDOM" && test -r "$NAME_OF_DEV_URANDOM" ; then
       ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; fi])
     if test "$ac_cv_have_dev_random" = yes; then
         AC_DEFINE(HAVE_DEV_RANDOM)

doc/gpg.sgml

@@ -1061,7 +1061,7 @@ for conventional encryption.
 <listitem><para>
 Use compress algorithm	&ParmN;. Default is 2 which is
 RFC1950 compression. You may use 1 to use the old zlib 
-version which is used by PGP. The default algorithm may
+version (RFC1951) which is used by PGP. The default algorithm may
 give better results because the window size is not limited
 to 8K. If this is not used the OpenPGP behavior is used,
 i.e. the compression algorithm is selected from the

g10/ChangeLog

@@ -1,3 +1,12 @@
+Fri Aug 25 16:05:38 CEST 2000  Werner Koch  <wk@openit.de>
+
+        * parse-packet.c (dump_sig_subpkt): Print info about the ARR.
+
+        * openfile.c (overwrite_filep): Always return okay if the file is
+        called /dev/null. 
+        (make_outfile_name): Add ".sign" to the list of know extensions.
+        (open_sigfile): Ditto.
+
 Wed Aug 23 19:52:51 CEST 2000  Werner Koch  <wk@openit.de>
 
         * g10.c: New option --allow-freeform-uid. By Jeroen C. van Gelderen.

g10/openfile.c

@@ -70,6 +70,11 @@ overwrite_filep( const char *fname )
     if( access( fname, F_OK ) )
 	return 1; /* does not exist */
 
+#ifndef HAVE_DOSISH_SYSTEM
+    if ( !strcmp ( fname, "/dev/null" ) )
+        return 1; /* does not do any harm */
+#endif
+
     /* fixme: add some backup stuff in case of overwrite */
     if( opt.answer_yes )
 	return 1;
@@ -105,6 +110,11 @@ make_outfile_name( const char *iname )
 	buf[n-4] = 0;
 	return buf;
     }
+    else if( n > 5 && !CMP_FILENAME(iname+n-5,".sign") ) {
+	char *buf = m_strdup( iname );
+	buf[n-5] = 0;
+	return buf;
+    }
 
     log_info(_("%s: unknown suffix\n"), iname );
     return NULL;
@@ -241,6 +251,7 @@ open_sigfile( const char *iname )
     if( iname && !(*iname == '-' && !iname[1]) ) {
 	len = strlen(iname);
 	if( len > 4 && ( !strcmp(iname + len - 4, ".sig")
+                        || ( len > 5 && !strcmp(iname + len - 5, ".sign") )
                         || !strcmp(iname + len - 4, ".asc")) ) {
 	    char *buf;
 	    buf = m_strdup(iname);
@@ -321,3 +332,6 @@ try_make_homedir( const char *fname )
     }
 }
 
+
+
+

g10/parse-packet.c

@@ -739,9 +739,6 @@ dump_sig_subpkt( int hashed, int type, int critical,
 	    printf("key expires after %s",
 				    strtimevalue( buffer_to_u32(buffer) ) );
 	break;
-      case SIGSUBPKT_ARR:
-	p = "additional recipient request";
-	break;
       case SIGSUBPKT_PREF_SYM:
 	fputs("pref-sym-algos:", stdout );
 	for( i=0; i < length; i++ )
@@ -823,6 +820,16 @@ dump_sig_subpkt( int hashed, int type, int critical,
 	    p = ")";
 	}
 	break;
+      case SIGSUBPKT_ARR:
+        fputs("Big Brother's key (ignored): ", stdout );
+	if( length < 22 )
+	    p = "[too short]";
+	else {
+	    printf("c=%02x a=%d f=", buffer[0], buffer[1] );
+	    for( i=2; i < length; i++ )
+		printf("%02X", buffer[i] );
+	}
+        break;
       case SIGSUBPKT_PRIV_ADD_SIG:
 	p = "signs additional user ID";
 	break;