See ChangeLog: Thu Feb 25 18:47:39 CET 1999 Werner Koch

BUGS

@@ -64,6 +64,7 @@ an "info standards" to find out why a disclaimer is needed for GNU.)
     tries to find public keys specified with the -r option. I don't like
     this.
 
-
+[ **] #9 1999-02-25
+    Misalignment in md5.c#md5_write.
 
 

NEWS

@@ -2,6 +2,7 @@
     * New configure option --enable-static-rnd=[egd|linux|unix|none]
       to select a random gathering module for static linking.
 
+
 Noteworthy changes in version 0.9.3
 -----------------------------------
 

TODO

@@ -17,9 +17,18 @@
   * Use capabilities if available.  glibc2 does not support it yet?
     What about 2.2 or should we use the system calls directly?
 
-  * wehndecryptiong multiple key: print a warning only if no usable pubkey
+  * when decryptiong multiple key: print a warning only if no usable pubkey
     encrypte package was found.  Extension: display a list of all recipients.
 
+  * in pkclist.c : display info about the key before saying that
+    we have (no) trust info.
+
+  * for new key: the last keyring specified is used.  Order is: default
+    keyrings, keyrings from options, keyrings from the command line.
+
+  * display a kind of message-id from a signature (the timestamp may not
+    be suffiecient but DSA signatures are always different).  This can
+    be used to prevent replay attacks.	(something is mentioned in rfc2440).
 
 
 Nice to have

cipher/md5.c

@@ -270,6 +270,7 @@ md5_write( MD5_CONTEXT *ctx, const void *buffer, size_t len)
 
 	buffer = (const char *) buffer + add;
 	len -= add;
+	/* FIXME: misalignment occurs ... tsssss */
       }
 
     /* Process available complete blocks.  */

g10/ChangeLog

@@ -1,3 +1,17 @@
+Thu Feb 25 18:47:39 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* pkclist.c (algo_available): New.
+	(select_algo_from_prefs): Check whether algo is available.
+
+	* ringedit.c (keyring_copy): Take care of opt.dry_run.
+	(do_gdbm_store): Ditto.
+	* openfile.c (open_outfile). Ditto.
+	(copy_options_file): Ditto.
+	* trustdb.c (update_trustdb): Ditto.
+	(clear_trust_checked_flag): Ditto.
+	(update_trust_record): Ditto.
+	(insert_trust_record): Ditto.
+
 Wed Feb 24 11:07:27 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* keylist.c (secret_key_list): Now really list the secret key.

g10/g10.c

@@ -232,7 +232,7 @@ static ARGPARSE_OPTS opts[] = {
     { oVerbose, "verbose",   0, N_("verbose") },
     { oQuiet,	"quiet",   0, N_("be somewhat more quiet") },
     { oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
- /* { oDryRun, "dry-run",   0, N_("do not make any changes") }, */
+    { oDryRun, "dry-run",   0, N_("do not make any changes") },
     { oBatch, "batch",     0, N_("batch mode: never ask")},
     { oAnswerYes, "yes",       0, N_("assume yes on most questions")},
     { oAnswerNo,  "no",        0, N_("assume no on most questions")},
@@ -695,6 +695,7 @@ main( int argc, char **argv )
 	  case oArmor: opt.armor = 1; opt.no_armor=0; break;
 	  case oOutput: opt.outfile = pargs.r.ret_str; break;
 	  case oQuiet: opt.quiet = 1; break;
+	  case oDryRun: opt.dry_run = 1; break;
 	  case oVerbose: g10_opt_verbose++;
 		    opt.verbose++; opt.list_sigs=1; break;
 	  case oKOption: set_cmd( &cmd, aKMode ); break;

g10/mainproc.c

@@ -199,6 +199,10 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
 	    log_info( _("public key encrypted data: good DEK\n") );
     }
     else {
+	/* fixme: defer this message until we have parsed all packets of
+	 * this type - do this by building a list of keys with their stati
+	 * and store it with the conetxt.  do_proc_packets can then use
+	 * this list to display some information */
 	log_error(_("public key decryption failed: %s\n"), g10_errstr(result));
     }
     free_packet(pkt);

g10/openfile.c

@@ -93,7 +93,9 @@ open_outfile( const char *iname, int mode, IOBUF *a )
 	char *buf=NULL;
 	const char *name;
 
-	if( opt.outfile )
+	if( opt.dry_run )
+	    name = "/dev/null";
+	else if( opt.outfile )
 	    name = opt.outfile;
 	else {
 	  #ifdef USE_ONLY_8DOT3
@@ -162,6 +164,9 @@ copy_options_file( const char *destdir )
     int linefeeds=0;
     int c;
 
+    if( opt.dry_run )
+	return;
+
     fname = m_alloc( strlen(datadir) + strlen(destdir) + 15 );
     strcpy(stpcpy(fname, datadir), "/options" SKELEXT );
     src = fopen( fname, "r" );

g10/options.h

@@ -31,6 +31,7 @@ struct {
     int armor;
     int compress;
     char *outfile;
+    int dry_run;
     int textmode;
     int batch;	    /* run in batch mode */
     int answer_yes; /* answer yes on most questions */

g10/pkclist.c

@@ -367,7 +367,9 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
 static int
 do_we_trust_pre( PKT_public_key *pk, int trustlevel )
 {
-    int rc = do_we_trust( pk, trustlevel );
+    int rc;
+
+    rc = do_we_trust( pk, trustlevel );
 
     if( (trustlevel & TRUST_FLAG_REVOKED) && !rc )
 	return 0;
@@ -650,6 +652,23 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
 }
 
 
+
+static int
+algo_available( int preftype, int algo )
+{
+    if( preftype == PREFTYPE_SYM ) {
+	return algo && !check_cipher_algo( algo );
+    }
+    else if( preftype == PREFTYPE_HASH ) {
+	return algo && !check_digest_algo( algo );
+    }
+    else if( preftype == PREFTYPE_COMPR ) {
+	return !algo || algo == 1 || algo == 2;
+    }
+    else
+	return 0;
+}
+
 /****************
  * Return -1 if we could not find an algorithm.
  */
@@ -726,9 +745,10 @@ select_algo_from_prefs( PK_LIST pk_list, int preftype )
 	    if( pref[j] == preftype ) {
 		any = 1;
 		if( (bits[pref[j+1]/32] & (1<<(pref[j+1]%32))) ) {
-		    /* fixme: check whether this algoritm is available */
-		    i = pref[j+1];
-		    break;
+		    if( algo_available( preftype, pref[j+1] ) ) {
+			i = pref[j+1];
+			break;
+		    }
 		}
 	    }
 	}
@@ -736,9 +756,10 @@ select_algo_from_prefs( PK_LIST pk_list, int preftype )
     if( !pref || !any ) {
 	for(j=0; j < 256; j++ )
 	    if( (bits[j/32] & (1<<(j%32))) ) {
-		/* fixme: check whether this algoritm is available */
-		i = j;
-		break;
+		if( algo_available( preftype, j ) ) {
+		    i = j;
+		    break;
+		}
 	    }
     }
   #if 0

g10/ringedit.c

@@ -1297,6 +1297,9 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root )
     if( kbpos->fp )
 	BUG(); /* not allowed with such a handle */
 
+    if( opt.dry_run )
+	return 0;
+
     lock_rentry( rentry );
 
     /* open the source file */
@@ -1535,6 +1538,9 @@ do_gdbm_store( KBPOS *kbpos, KBNODE root, int update )
     if( !(rentry = check_pos( kbpos )) )
 	return G10ERR_GENERAL;
 
+    if( opt.dry_run )
+	return 0;
+
     /* construct the fingerprint which is used as the primary key */
     node = find_kbnode( root, PKT_PUBLIC_KEY );
     if( !node )

g10/trustdb.c

@@ -1506,8 +1506,10 @@ list_trust_path( const char *username )
     int rc;
     ulong lid;
     TRUSTREC rec;
+  #if 0
     TRUST_INFO *tmppath;
     TRUST_SEG_LIST trust_seg_list, tsl, tsl2;
+  #endif
     PKT_public_key *pk = m_alloc_clear( sizeof *pk );
 
     INIT_TRUSTDB();
@@ -1688,6 +1690,9 @@ update_trustdb( )
     KBPOS kbpos;
     int rc;
 
+    if( opt.dry_run )
+	return;
+
     INIT_TRUSTDB();
     rc = enum_keyblocks( 0, &kbpos, &keyblock );
     if( !rc ) {
@@ -2121,6 +2126,9 @@ clear_trust_checked_flag( PKT_public_key *pk )
     TRUSTREC rec;
     int rc;
 
+    if( opt.dry_run )
+	return 0;
+
     INIT_TRUSTDB();
     rc = get_dir_record( pk, &rec );
     if( rc )
@@ -3108,6 +3116,9 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified )
     RECNO_LIST recno_list = NULL; /* list of verified records */
     /* fixme: replace recno_list by a lookup on node->recno */
 
+    if( opt.dry_run )
+	return 0;
+
     INIT_TRUSTDB();
     if( modified )
 	*modified = 0;
@@ -3237,6 +3248,10 @@ insert_trust_record( PKT_public_key *pk )
     int rc = 0;
     ulong hintlist = 0;
 
+
+    if( opt.dry_run )
+	return 0;
+
     INIT_TRUSTDB();
 
     if( pk->local_id )