security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-22 19:58:29 +01:00
Code Activity

fixes for the 1.0.6b bugs David recently posted to gnupg-devel.

Browse Source
This commit is contained in:
Werner Koch 2001-11-08 13:26:00 +00:00
parent b725937df1
commit c67b9886c6
26 changed files with 272 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
2001-10-23 Werner Koch <wk@gnupg.org>
Released 1.0.6b snapshot.
2001-10-22 Werner Koch <wk@gnupg.org> 2001-10-22 Werner Koch <wk@gnupg.org>
* configure.ac: Fixed for automake 1.5 * configure.ac: Fixed for automake 1.5

2
NEWS
View File

@ -51,6 +51,8 @@
* A subkey is never used to sign keys. * A subkey is never used to sign keys.
* Read only keyrings are now handled as expected.
Noteworthy changes in version 1.0.6 (2001-05-29) Noteworthy changes in version 1.0.6 (2001-05-29)
------------------------------------------------ ------------------------------------------------

2
THANKS
View File

@ -137,6 +137,7 @@ Nimrod Zimerman zimerman@forfree.at
N J Doye nic@niss.ac.uk N J Doye nic@niss.ac.uk
Oliver Haakert haakert@hsp.de Oliver Haakert haakert@hsp.de
Oskari Jääskeläinen f33003a@cc.hut.fi Oskari Jääskeläinen f33003a@cc.hut.fi
Pascal Scheffers Pascal@scheffers.net
Paul D. Smith psmith@baynetworks.com Paul D. Smith psmith@baynetworks.com
Per Cederqvist ceder@lysator.liu.se Per Cederqvist ceder@lysator.liu.se
Phil Blundell pb@debian.org Phil Blundell pb@debian.org
@ -161,6 +162,7 @@ Ross Golder rossigee@bigfoot.com
Sam Roberts sam@cogent.ca Sam Roberts sam@cogent.ca
Sami Tolvanen sami@tolvanen.com Sami Tolvanen sami@tolvanen.com
Sean MacLennan seanm@netwinder.org Sean MacLennan seanm@netwinder.org
Sebastian Klemke packet@convergence.de
Serge Munhoven munhoven@mema.ucl.ac.be Serge Munhoven munhoven@mema.ucl.ac.be
SL Baur steve@xemacs.org SL Baur steve@xemacs.org
Stefan Bellon sbellon@sbellon.de Stefan Bellon sbellon@sbellon.de

6
TODO
View File

@ -115,11 +115,13 @@
verification status of the message to the output (i.e. write something to verification status of the message to the output (i.e. write something to
the --output file and not only to stderr. the --output file and not only to stderr.
* The user is asked for a revocation reasons even if this one can't
be used with v3 keys.
* keyflags don't distinguish between {certify,signature}-only.
Things we won't do Things we won't do
------------------ ------------------
* New option --file-remove path-to-wipe-program ? * New option --file-remove path-to-wipe-program ?

4
acinclude.m4
View File

@ -1,4 +1,4 @@
dnl macros to configure g10 dnl macros to configure gnupg
dnl Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. dnl Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
dnl dnl
dnl This file is part of GnuPG. dnl This file is part of GnuPG.
@ -43,7 +43,7 @@ AC_DEFUN(GNUPG_CHECK_TYPEDEF,
fi fi
]) ])
w
dnl GNUPG_CHECK_GNUMAKE dnl GNUPG_CHECK_GNUMAKE
dnl dnl
AC_DEFUN(GNUPG_CHECK_GNUMAKE, AC_DEFUN(GNUPG_CHECK_GNUMAKE,

6
cipher/ChangeLog
View File

@ -1,3 +1,9 @@
2001-11-08 Werner Koch <wk@gnupg.org>
* primegen.c (gen_prime): Set 2 high order bits for secret primes.
* rsa.c (generate): Loop until we find the exact modulus size.
Changed the exponent to 41.
2001-10-22 Werner Koch <wk@gnupg.org> 2001-10-22 Werner Koch <wk@gnupg.org>
* Makefile.am: Need to use $(EXEEXT) where approriate. * Makefile.am: Need to use $(EXEEXT) where approriate.

7
cipher/primegen.c
View File

@ -327,8 +327,13 @@ gen_prime( unsigned nbits, int secret, int randomlevel )
m_free(p); m_free(p);
} }
/* set high order bit to 1, set low order bit to 1 */ /* set high order bit to 1, set low order bit to .
if we are generating a secret prime we are most probably
doing that for RSA, to make sure that the modulus does have
the requested keysize we set the 2 high order bits */
mpi_set_highbit( prime, nbits-1 ); mpi_set_highbit( prime, nbits-1 );
if (secret)
mpi_set_bit (prime, nbits-2);
mpi_set_bit( prime, 0 ); mpi_set_bit( prime, 0 );
/* calculate all remainders */ /* calculate all remainders */

41
cipher/rsa.c
View File

@ -102,11 +102,27 @@ generate( RSA_secret_key *sk, unsigned nbits )
MPI g; MPI g;
MPI f; MPI f;
/* make sure that nbits is even so that we generate p, q of equal size */
if ( (nbits&1) )
nbits++;
n = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
p = q = NULL;
do {
/* select two (very secret) primes */ /* select two (very secret) primes */
if (p)
mpi_free (p);
if (q)
mpi_free (q);
p = generate_secret_prime( nbits / 2 ); p = generate_secret_prime( nbits / 2 );
q = generate_secret_prime( nbits / 2 ); q = generate_secret_prime( nbits / 2 );
if( mpi_cmp( p, q ) > 0 ) /* p shall be smaller than q (for calc of u)*/ if( mpi_cmp( p, q ) > 0 ) /* p shall be smaller than q (for calc of u)*/
mpi_swap(p,q); mpi_swap(p,q);
/* calculate the modulus */
mpi_mul( n, p, q );
} while ( mpi_get_nbits(n) != nbits );
/* calculate Euler totient: phi = (p-1)(q-1) */ /* calculate Euler totient: phi = (p-1)(q-1) */
t1 = mpi_alloc_secure( mpi_get_nlimbs(p) ); t1 = mpi_alloc_secure( mpi_get_nlimbs(p) );
t2 = mpi_alloc_secure( mpi_get_nlimbs(p) ); t2 = mpi_alloc_secure( mpi_get_nlimbs(p) );
@ -118,14 +134,27 @@ generate( RSA_secret_key *sk, unsigned nbits )
mpi_mul( phi, t1, t2 ); mpi_mul( phi, t1, t2 );
mpi_gcd(g, t1, t2); mpi_gcd(g, t1, t2);
mpi_fdiv_q(f, phi, g); mpi_fdiv_q(f, phi, g);
/* multiply them to make the private key */
n = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); /* find an public exponent.
mpi_mul( n, p, q ); We use 41 as this is quite fast and more secure than the
/* find a public exponent */ commonly used 17. Benchmarking the RSA verify function
e = mpi_alloc( (6+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); with a 1024 bit key yields (2001-11-08):
mpi_set_ui( e, 17); /* start with 17 */ e=17 0.54 ms
e=41 0.75 ms
e=257 0.95 ms
e=65537 1.80 ms
*/
e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
mpi_set_ui( e, 41);
if( !mpi_gcd(t1, e, phi) ) {
mpi_set_ui( e, 257);
if( !mpi_gcd(t1, e, phi) ) {
mpi_set_ui( e, 65537);
while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */ while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */
mpi_add_ui( e, e, 2); mpi_add_ui( e, e, 2);
}
}
/* calculate the secret key d = e^1 mod phi */ /* calculate the secret key d = e^1 mod phi */
d = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); d = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
mpi_invm(d, e, f ); mpi_invm(d, e, f );

2
configure.ac
View File

@ -24,7 +24,7 @@ AC_PREREQ(2.52)
dnl A snapshot release has a letter appended. CVS files before a release dnl A snapshot release has a letter appended. CVS files before a release
dnl are suffixed with the string "-cvs", so "1.0.6a-cvs" is a cvs version dnl are suffixed with the string "-cvs", so "1.0.6a-cvs" is a cvs version
dnl between 1.0.6 and 1.0.6a. dnl between 1.0.6 and 1.0.6a.
AC_INIT(gnupg, 1.0.6b, bug-gnupg@gnu.org) AC_INIT(gnupg, 1.0.6c-cvs, bug-gnupg@gnu.org)
ALL_LINGUAS="da de eo es_ES et fr id it ja nl pl pt_BR pt_PT sv tr" ALL_LINGUAS="da de eo es_ES et fr id it ja nl pl pt_BR pt_PT sv tr"
static_modules="sha1 md5 rmd160" static_modules="sha1 md5 rmd160"
static_random_module="" static_random_module=""

9
doc/ChangeLog
View File

@ -1,3 +1,12 @@
2001-10-31 Werner Koch <wk@gnupg.org>
* gpg.sgml: Add a remark on how to get the long key ID. Suggested
by Sebastian Klemke.
2001-10-23 Werner Koch <wk@gnupg.org>
* gpg.sgml: Add missing tag.
2001-09-28 Werner Koch <wk@gnupg.org> 2001-09-28 Werner Koch <wk@gnupg.org>
* gpg.sgml: Add a note on option parsing. * gpg.sgml: Add a note on option parsing.

19
doc/gpg.sgml
View File

@ -81,6 +81,7 @@ You will find a list of HOWTO documents at http://www.gnupg.org/docs.html .
Please remember that option parsing stops as soon as a non option is Please remember that option parsing stops as soon as a non option is
encountered, you can explicitly stop option parsing by using the encountered, you can explicitly stop option parsing by using the
special option "--". special option "--".
</para>
</refsect1> </refsect1>
<refsect1> <refsect1>
@ -1299,6 +1300,19 @@ signatures on data.
Reset the --force-v3-sigs option. Reset the --force-v3-sigs option.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry>
<term>--force-v4-certs</term>
<listitem><para>
Always use v4 key signatures even on v3 version keys. This make the
signature unusable for PGP 2.
</para></listitem></varlistentry>
<varlistentry>
<term>--no-force-v3-certs</term>
<listitem><para>
Reset the --force-v4-certs option.
</para></listitem></varlistentry>
<varlistentry> <varlistentry>
<term>--force-mdc</term> <term>--force-mdc</term>
@ -1453,7 +1467,7 @@ encoded in UTF-8 regardless of any --charset setting.
<varlistentry> <varlistentry>
<term>--with-key-data</term> <term>--with-key-data</term>
<listitem><para> <listitem><para>
Print key listings delimited by colons and print the public key data. Print key listings delimited by colons (like --with-colons) and print the public key data.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry> <varlistentry>
@ -1617,7 +1631,8 @@ Here the key ID is given in the usual short form.
<term>01AB3FED1347A5612</term> <term>01AB3FED1347A5612</term>
<term>0x234AABBCC34567C4</term> <term>0x234AABBCC34567C4</term>
<listitem><para> <listitem><para>
Here the key ID is given in the long form as used by OpenPGP. Here the key ID is given in the long form as used by OpenPGP
(you can get the long key ID using the option --with-colons).
</para></listitem> </para></listitem>
</varlistentry> </varlistentry>

12
doc/gpg.texi
View File

@ -791,6 +791,13 @@ signatures on data.
@item ---no-force-v3-sigs @item ---no-force-v3-sigs
Reset the ---force-v3-sigs option. Reset the ---force-v3-sigs option.
@item ---force-v4-certs
Always use v4 key signatures even on v3 version keys. This make the
signature unusable for PGP 2.
@item ---no-force-v3-certs
Reset the ---force-v4-certs option.
@item ---force-mdc @item ---force-mdc
Force the use of encryption with appended manipulation Force the use of encryption with appended manipulation
code. This is always used with the newer ciphers (those code. This is always used with the newer ciphers (those
@ -881,7 +888,7 @@ Print key listings delimited by colons. Note, that the output will be
encoded in UTF-8 regardless of any ---charset setting. encoded in UTF-8 regardless of any ---charset setting.
@item ---with-key-data @item ---with-key-data
Print key listings delimited by colons and print the public key data. Print key listings delimited by colons (like ---with-colons) and print the public key data.
@item ---with-fingerprint @item ---with-fingerprint
Same as the command ---fingerprint but changes only the format of the output Same as the command ---fingerprint but changes only the format of the output
@ -979,7 +986,8 @@ Here the key ID is given in the usual short form.
@itemx 0F323456784E56EAB @itemx 0F323456784E56EAB
@itemx 01AB3FED1347A5612 @itemx 01AB3FED1347A5612
@itemx 0x234AABBCC34567C4 @itemx 0x234AABBCC34567C4
Here the key ID is given in the long form as used by OpenPGP. Here the key ID is given in the long form as used by OpenPGP
(you can get the long key ID using the option ---with-colons).
@item 1234343434343434C434343434343434 @item 1234343434343434C434343434343434
@itemx 123434343434343C3434343434343734349A3434 @itemx 123434343434343C3434343434343734349A3434

28
g10/ChangeLog
View File

@ -1,3 +1,31 @@
2001-11-08 Werner Koch <wk@gnupg.org>
* pkclist.c (do_edit_ownertrust): Allow to skip over keys, the non
working "show info" is now assigned to "i"
* trustdb.c (ask_ownertrust, validate_keys): Implement a real quit
here. Both are by David Shaw.
* trustdb.c (validate_keys): Make sure next_exipire is initialized.
* sign.c (make_keysig_packet): Use SHA-1 with v4 RSA keys.
* g10.c, options.h : New option --[no-]froce-v4-certs.
* sign.c (make_keysig_packet): Create v4 sigs on v4 keys even with
a v3 key. Use new option. By David Shaw
* revoke.c (ask_revocation_reason): Allow to select "no reason".
By David Shaw.
* keyid.c (fingerprint_from_sk): Calculation of an v3 fpr was
plain wrong - nearly the same code in fingerprint_from_pk is correct.
* build-packet.c (do_secret_key): Added a few comments to the code.
2001-11-07 Werner Koch <wk@gnupg.org>
* g10.c (main): Print a warning when -r is used w/o encryption.
Suggested by Pascal Scheffers.
2001-10-23 Werner Koch <wk@gnupg.org> 2001-10-23 Werner Koch <wk@gnupg.org>
* keyedit.c (keyedit_menu): Changed helptext for showpref * keyedit.c (keyedit_menu): Changed helptext for showpref

35
g10/build-packet.c
View File

@ -340,13 +340,16 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
{ {
int rc = 0; int rc = 0;
int i, nskey, npkey; int i, nskey, npkey;
IOBUF a = iobuf_temp(); IOBUF a = iobuf_temp(); /* build in a self-enlarging buffer */
/* Write the version number - if none is specified, use 3 */
if( !sk->version ) if( !sk->version )
iobuf_put( a, 3 ); iobuf_put( a, 3 );
else else
iobuf_put( a, sk->version ); iobuf_put( a, sk->version );
write_32(a, sk->timestamp ); write_32(a, sk->timestamp );
/* v3 needs the expiration time */
if( sk->version < 4 ) { if( sk->version < 4 ) {
u16 ndays; u16 ndays;
if( sk->expiredate ) if( sk->expiredate )
@ -355,27 +358,45 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
ndays = 0; ndays = 0;
write_16(a, ndays); write_16(a, ndays);
} }
iobuf_put(a, sk->pubkey_algo ); iobuf_put(a, sk->pubkey_algo );
/* get number of secret and public parameters. They are held in
one array first the public ones, then the secret ones */
nskey = pubkey_get_nskey( sk->pubkey_algo ); nskey = pubkey_get_nskey( sk->pubkey_algo );
npkey = pubkey_get_npkey( sk->pubkey_algo ); npkey = pubkey_get_npkey( sk->pubkey_algo );
/* If we don't have any public parameters - which is the case if
we don't know the algorithm used - the parameters are stored as
one blob in a faked (opaque) MPI */
if( !npkey ) { if( !npkey ) {
write_fake_data( a, sk->skey[0] ); write_fake_data( a, sk->skey[0] );
goto leave; goto leave;
} }
assert( npkey < nskey ); assert( npkey < nskey );
/* Writing the public parameters is easy */
for(i=0; i < npkey; i++ ) for(i=0; i < npkey; i++ )
mpi_write(a, sk->skey[i] ); mpi_write(a, sk->skey[i] );
/* build the header for protected (encrypted) secret parameters */
if( sk->is_protected ) { if( sk->is_protected ) {
if( is_RSA(sk->pubkey_algo) && sk->version < 4 if( is_RSA(sk->pubkey_algo) && sk->version < 4
&& !sk->protect.s2k.mode ) { && !sk->protect.s2k.mode ) {
/* the simple rfc1991 (v3) way */
iobuf_put(a, sk->protect.algo ); iobuf_put(a, sk->protect.algo );
iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); iobuf_write(a, sk->protect.iv, sk->protect.ivlen );
} }
else { else {
/* OpenPGP protection according to rfc2440 */
iobuf_put(a, 0xff ); iobuf_put(a, 0xff );
iobuf_put(a, sk->protect.algo ); iobuf_put(a, sk->protect.algo );
if( sk->protect.s2k.mode >= 1000 ) { if( sk->protect.s2k.mode >= 1000 ) {
/* These modes are not possible in OpenPGP, we use them
to implement our extesnsions, 101 can ve views as a
private/experimental extension (this is not
specified in rfc2440 but the same scheme is used
for all other algorithm identifiers) */
iobuf_put(a, 101 ); iobuf_put(a, 101 );
iobuf_put(a, sk->protect.s2k.hash_algo ); iobuf_put(a, sk->protect.s2k.hash_algo );
iobuf_write(a, "GNU", 3 ); iobuf_write(a, "GNU", 3 );
@ -390,32 +411,40 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
iobuf_write(a, sk->protect.s2k.salt, 8 ); iobuf_write(a, sk->protect.s2k.salt, 8 );
if( sk->protect.s2k.mode == 3 ) if( sk->protect.s2k.mode == 3 )
iobuf_put(a, sk->protect.s2k.count ); iobuf_put(a, sk->protect.s2k.count );
/* For out special mode 1001 we do not need an IV */
if( sk->protect.s2k.mode != 1001 ) if( sk->protect.s2k.mode != 1001 )
iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); iobuf_write(a, sk->protect.iv, sk->protect.ivlen );
} }
} }
else else
iobuf_put(a, 0 ); iobuf_put(a, 0 );
if( sk->protect.s2k.mode == 1001 ) if( sk->protect.s2k.mode == 1001 )
; ; /* GnuPG extension - don't write a secret key at all */
else if( sk->is_protected && sk->version >= 4 ) { else if( sk->is_protected && sk->version >= 4 ) {
/* The secret key is protected - write it out as it is */
byte *p; byte *p;
assert( mpi_is_opaque( sk->skey[npkey] ) ); assert( mpi_is_opaque( sk->skey[npkey] ) );
p = mpi_get_opaque( sk->skey[npkey], &i ); p = mpi_get_opaque( sk->skey[npkey], &i );
iobuf_write(a, p, i ); iobuf_write(a, p, i );
} }
else { else {
/* v3 way - same code for protected and non- protected key */
for( ; i < nskey; i++ ) for( ; i < nskey; i++ )
mpi_write(a, sk->skey[i] ); mpi_write(a, sk->skey[i] );
write_16(a, sk->csum ); write_16(a, sk->csum );
} }
leave: leave:
/* Build the header of the packet - which we must do after writing all
the other stuff, so that we know the length of the packet */
write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes, 1 ); write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes, 1 );
/* And finally write it out the real stream */
if( iobuf_write_temp( out, a ) ) if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE; rc = G10ERR_WRITE_FILE;
iobuf_close(a); iobuf_close(a); /* close the remporary buffer */
return rc; return rc;
} }

23
g10/g10.c
View File

@ -180,6 +180,8 @@ enum cmd_and_opt_values { aNull = 0,
oThrowKeyid, oThrowKeyid,
oForceV3Sigs, oForceV3Sigs,
oNoForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs,
oNoForceV4Certs,
oForceMDC, oForceMDC,
oS2KMode, oS2KMode,
oS2KDigest, oS2KDigest,
@ -311,6 +313,8 @@ static ARGPARSE_OPTS opts[] = {
{ oNoTTY, "no-tty", 0, N_("don't use the terminal at all") }, { oNoTTY, "no-tty", 0, N_("don't use the terminal at all") },
{ oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") }, { oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
{ oNoForceV3Sigs, "no-force-v3-sigs", 0, N_("do not force v3 signatures") }, { oNoForceV3Sigs, "no-force-v3-sigs", 0, N_("do not force v3 signatures") },
{ oForceV4Certs, "force-v4-certs", 0, N_("force v4 key signatures") },
{ oNoForceV4Certs, "no-force-v4-certs", 0, N_("do not force v4 key signatures") },
{ oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") }, { oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") },
{ oDryRun, "dry-run", 0, N_("do not make any changes") }, { oDryRun, "dry-run", 0, N_("do not make any changes") },
/*{ oInteractive, "interactive", 0, N_("prompt before overwriting") }, */ /*{ oInteractive, "interactive", 0, N_("prompt before overwriting") }, */
@ -668,6 +672,7 @@ main( int argc, char **argv )
char *preference_list = NULL; char *preference_list = NULL;
int pwfd = -1; int pwfd = -1;
int with_fpr = 0; /* make an option out of --fingerprint */ int with_fpr = 0; /* make an option out of --fingerprint */
int any_explicit_recipient = 0;
#ifdef USE_SHM_COPROCESSING #ifdef USE_SHM_COPROCESSING
ulong requested_shm_size=0; ulong requested_shm_size=0;
#endif #endif
@ -956,6 +961,7 @@ main( int argc, char **argv )
case oRFC1991: case oRFC1991:
opt.rfc1991 = 1; opt.rfc1991 = 1;
opt.rfc2440 = 0; opt.rfc2440 = 0;
opt.force_v4_certs = 0;
opt.no_comment = 1; opt.no_comment = 1;
opt.escape_from = 1; opt.escape_from = 1;
break; break;
@ -998,6 +1004,8 @@ main( int argc, char **argv )
case oThrowKeyid: opt.throw_keyid = 1; break; case oThrowKeyid: opt.throw_keyid = 1; break;
case oForceV3Sigs: opt.force_v3_sigs = 1; break; case oForceV3Sigs: opt.force_v3_sigs = 1; break;
case oNoForceV3Sigs: opt.force_v3_sigs = 0; break; case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
case oForceV4Certs: opt.force_v4_certs = 1; break;
case oNoForceV4Certs: opt.force_v4_certs = 0; break;
case oForceMDC: opt.force_mdc = 1; break; case oForceMDC: opt.force_mdc = 1; break;
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break; case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break;
@ -1010,6 +1018,7 @@ main( int argc, char **argv )
break; break;
case oRecipient: /* store the recipient */ case oRecipient: /* store the recipient */
add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
any_explicit_recipient = 1;
break; break;
case oTextmodeShort: opt.textmode = 2; break; case oTextmodeShort: opt.textmode = 2; break;
case oTextmode: opt.textmode=1; break; case oTextmode: opt.textmode=1; break;
@ -1279,6 +1288,20 @@ main( int argc, char **argv )
log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc)); log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
switch (cmd) {
case aStore:
case aSym:
case aSign:
case aSignSym:
case aClearsign:
if (!opt.quiet && any_explicit_recipient)
log_info ("WARNING: recipients (-r) given "
"without using public key encryption");
break;
default:
break;
}
switch( cmd ) { switch( cmd ) {
case aStore: /* only store the file */ case aStore: /* only store the file */
if( argc > 1 ) if( argc > 1 )

4
g10/keyid.c
View File

@ -457,10 +457,10 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len )
md = md_open( DIGEST_ALGO_MD5, 0); md = md_open( DIGEST_ALGO_MD5, 0);
if( pubkey_get_npkey( sk->pubkey_algo ) > 1 ) { if( pubkey_get_npkey( sk->pubkey_algo ) > 1 ) {
p = buf = mpi_get_buffer( sk->skey[1], &n, NULL ); p = buf = mpi_get_buffer( sk->skey[0], &n, NULL );
md_write( md, p, n ); md_write( md, p, n );
m_free(buf); m_free(buf);
p = buf = mpi_get_buffer( sk->skey[0], &n, NULL ); p = buf = mpi_get_buffer( sk->skey[1], &n, NULL );
md_write( md, p, n ); md_write( md, p, n );
m_free(buf); m_free(buf);
} }

1
g10/options.h
View File

@ -57,6 +57,7 @@ struct {
int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
int def_cipher_algo; int def_cipher_algo;
int force_v3_sigs; int force_v3_sigs;
int force_v4_certs;
int force_mdc; int force_mdc;
int def_digest_algo; int def_digest_algo;
int def_compress_algo; int def_compress_algo;

17
g10/pkclist.c
View File

@ -241,7 +241,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
keyid_from_pk (pk, keyid); keyid_from_pk (pk, keyid);
for(;;) { for(;;) {
/* a string with valid answers */ /* a string with valid answers */
const char *ans = _("sSmMqQ"); const char *ans = _("iImMqQsS");
if( !did_help ) if( !did_help )
{ {
@ -268,15 +268,18 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
tty_printf (_(" %d = I trust fully\n"), 4); tty_printf (_(" %d = I trust fully\n"), 4);
if (mode) if (mode)
tty_printf (_(" %d = I trust ultimately\n"), 5); tty_printf (_(" %d = I trust ultimately\n"), 5);
tty_printf (_(" s = please show me more information\n") ); tty_printf (_(" i = please show me more information\n") );
if( mode ) if( mode )
tty_printf(_(" m = back to the main menu\n")); tty_printf(_(" m = back to the main menu\n"));
else else
{
tty_printf(_(" s = skip this key\n"));
tty_printf(_(" q = quit\n")); tty_printf(_(" q = quit\n"));
}
tty_printf("\n"); tty_printf("\n");
did_help = 1; did_help = 1;
} }
if( strlen(ans) != 6 ) if( strlen(ans) != 8 )
BUG(); BUG();
p = cpr_get("edit_ownertrust.value",_("Your decision? ")); p = cpr_get("edit_ownertrust.value",_("Your decision? "));
trim_spaces(p); trim_spaces(p);
@ -319,6 +322,10 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
{ {
break ; /* back to the menu */ break ; /* back to the menu */
} }
else if( !mode && (*p == ans[6] || *p == ans[7] ) )
{
break; /* skip */
}
else if( !mode && (*p == ans[4] || *p == ans[5] ) ) else if( !mode && (*p == ans[4] || *p == ans[5] ) )
{ {
quit = 1; quit = 1;
@ -346,7 +353,7 @@ edit_ownertrust (PKT_public_key *pk, int mode )
switch ( do_edit_ownertrust (pk, mode, &trust, no_help ) ) switch ( do_edit_ownertrust (pk, mode, &trust, no_help ) )
{ {
case -1: /* quit */ case -1: /* quit */
return 0; return -1;
case -2: /* show info */ case -2: /* show info */
show_paths(pk, 1); show_paths(pk, 1);
no_help = 1; no_help = 1;
@ -355,7 +362,7 @@ edit_ownertrust (PKT_public_key *pk, int mode )
trust &= ~TRUST_FLAG_DISABLED; trust &= ~TRUST_FLAG_DISABLED;
trust |= get_ownertrust (pk) & TRUST_FLAG_DISABLED; trust |= get_ownertrust (pk) & TRUST_FLAG_DISABLED;
update_ownertrust (pk, trust ); update_ownertrust (pk, trust );
return 0; return 1;
default: default:
return 0; return 0;
} }

24
g10/revoke.c
View File

@ -240,9 +240,10 @@ gen_revoke( const char *uname )
struct revocation_reason_info * struct revocation_reason_info *
ask_revocation_reason( int key_rev, int cert_rev, int hint ) ask_revocation_reason( int key_rev, int cert_rev, int hint )
{ {
int code; int code=-1;
char *description = NULL; char *description = NULL;
struct revocation_reason_info *reason; struct revocation_reason_info *reason;
const char *text_0 = _("No reason specified");
const char *text_1 = _("Key has been compromised"); const char *text_1 = _("Key has been compromised");
const char *text_2 = _("Key is superseded"); const char *text_2 = _("Key is superseded");
const char *text_3 = _("Key is no longer used"); const char *text_3 = _("Key is no longer used");
@ -254,6 +255,7 @@ ask_revocation_reason( int key_rev, int cert_rev, int hint )
description = NULL; description = NULL;
tty_printf(_("Please select the reason for the revocation:\n")); tty_printf(_("Please select the reason for the revocation:\n"));
tty_printf( " 0 = %s\n", text_0 );
if( key_rev ) if( key_rev )
tty_printf(" 1 = %s\n", text_1 ); tty_printf(" 1 = %s\n", text_1 );
if( key_rev ) if( key_rev )
@ -262,27 +264,29 @@ ask_revocation_reason( int key_rev, int cert_rev, int hint )
tty_printf(" 3 = %s\n", text_3 ); tty_printf(" 3 = %s\n", text_3 );
if( cert_rev ) if( cert_rev )
tty_printf(" 4 = %s\n", text_4 ); tty_printf(" 4 = %s\n", text_4 );
tty_printf( " 0 = %s\n", _("Cancel") ); tty_printf( " Q = %s\n", _("Cancel") );
if( hint ) if( hint )
tty_printf(_("(Probably you want to select %d here)\n"), hint ); tty_printf(_("(Probably you want to select %d here)\n"), hint );
for(code = 0; !code;) { while(code==-1) {
int n; int n;
char *answer = cpr_get("ask_revocation_reason.code", char *answer = cpr_get("ask_revocation_reason.code",
_("Your decision? ")); _("Your decision? "));
trim_spaces( answer ); trim_spaces( answer );
cpr_kill_prompt(); cpr_kill_prompt();
if( *answer == 'q' || *answer == 'Q' ) if( *answer == 'q' || *answer == 'Q')
n = 0; return NULL; /* cancel */
else if( !isdigit( *answer ) ) if( hint && !*answer )
n = -1;
else if( hint && !*answer )
n = hint; n = hint;
else if(!isdigit( *answer ) )
n = -1;
else else
n = atoi(answer); n = atoi(answer);
m_free(answer); m_free(answer);
if( !n ) if( n == 0 ) {
return NULL; /* cancel */ code = 0x00; /* no particular reason */
code_text = text_0;
}
else if( key_rev && n == 1 ) { else if( key_rev && n == 1 ) {
code = 0x02; /* key has been compromised */ code = 0x02; /* key has been compromised */
code_text = text_1; code_text = text_1;

22
g10/sign.c
View File

@ -982,15 +982,31 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
|| sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x20 || sigclass == 0x18
|| sigclass == 0x30 || sigclass == 0x28 ); || sigclass == 0x30 || sigclass == 0x28 );
if (opt.force_v4_certs)
sigversion = 4;
if (sigversion < sk->version) if (sigversion < sk->version)
sigversion = sk->version; sigversion = sk->version;
/* If you are making a signature on a v4 key using your v3 key, it
doesn't make sense to generate a v3 sig. After all, no v3-only
PGP implementation could understand the v4 key in the first
place. */
if (sigversion < pk->version)
sigversion = pk->version;
if( !digest_algo ) { if( !digest_algo ) {
switch( sk->pubkey_algo ) { switch( sk->pubkey_algo ) {
case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break; case PUBKEY_ALGO_DSA:
digest_algo = DIGEST_ALGO_SHA1;
break;
case PUBKEY_ALGO_RSA_S: case PUBKEY_ALGO_RSA_S:
case PUBKEY_ALGO_RSA: digest_algo = DIGEST_ALGO_MD5; break; case PUBKEY_ALGO_RSA:
default: digest_algo = DIGEST_ALGO_RMD160; break; digest_algo = sk->version < 4? DIGEST_ALGO_MD5 : DIGEST_ALGO_SHA1;
break;
default:
digest_algo = DIGEST_ALGO_RMD160;
break;
} }
} }
md = md_open( digest_algo, 0 ); md = md_open( digest_algo, 0 );

23
g10/trustdb.c
View File

@ -846,12 +846,12 @@ enum_cert_paths_print( void **context, FILE *fp,
*********** NEW NEW NEW **************** *********** NEW NEW NEW ****************
****************************************/ ****************************************/
static unsigned int static int
ask_ownertrust (u32 *kid) ask_ownertrust (u32 *kid)
{ {
PKT_public_key *pk; PKT_public_key *pk;
int rc; int rc;
unsigned int ot; int ot;
pk = m_alloc_clear (sizeof *pk); pk = m_alloc_clear (sizeof *pk);
rc = get_pubkey (pk, kid); rc = get_pubkey (pk, kid);
@ -862,10 +862,13 @@ ask_ownertrust (u32 *kid)
return TRUST_UNKNOWN; return TRUST_UNKNOWN;
} }
if (edit_ownertrust (pk, 0)) ot=edit_ownertrust(pk,0);
if(ot>0)
ot = get_ownertrust (pk); ot = get_ownertrust (pk);
else else if(ot==0)
ot = TRUST_UNDEFINED; ot = TRUST_UNDEFINED;
else
ot = -1; /* quit */
free_public_key( pk ); free_public_key( pk );
return ot; return ot;
} }
@ -1303,6 +1306,7 @@ static int
validate_keys (int interactive) validate_keys (int interactive)
{ {
int rc = 0; int rc = 0;
int quit=0;
struct key_item *klist = NULL; struct key_item *klist = NULL;
struct key_item *k; struct key_item *k;
struct key_array *keys = NULL; struct key_array *keys = NULL;
@ -1315,6 +1319,7 @@ validate_keys (int interactive)
KeyHashTable visited; KeyHashTable visited;
u32 next_expire; u32 next_expire;
next_expire = 0xffffffff; /* set next expire to the year 2106 */
visited = new_key_hash_table (); visited = new_key_hash_table ();
/* Fixme: Instead of always building a UTK list, we could just build it /* Fixme: Instead of always building a UTK list, we could just build it
* here when needed */ * here when needed */
@ -1324,7 +1329,6 @@ validate_keys (int interactive)
goto leave; goto leave;
} }
next_expire = 0xffffffff; /* set next expire to the year 2106 */
/* mark all UTKs as visited and set validity to ultimate */ /* mark all UTKs as visited and set validity to ultimate */
for (k=utk_list; k; k = k->next) for (k=utk_list; k; k = k->next)
@ -1377,7 +1381,12 @@ validate_keys (int interactive)
{ {
if (interactive && k->ownertrust == TRUST_UNKNOWN) if (interactive && k->ownertrust == TRUST_UNKNOWN)
k->ownertrust = ask_ownertrust (k->kid); k->ownertrust = ask_ownertrust (k->kid);
if (k->ownertrust == TRUST_UNKNOWN) if (k->ownertrust == -1)
{
quit=1;
goto leave;
}
else if (k->ownertrust == TRUST_UNKNOWN)
ot_unknown++; ot_unknown++;
else if (k->ownertrust == TRUST_UNDEFINED) else if (k->ownertrust == TRUST_UNDEFINED)
ot_undefined++; ot_undefined++;
@ -1448,7 +1457,7 @@ validate_keys (int interactive)
release_key_array (keys); release_key_array (keys);
release_key_items (klist); release_key_items (klist);
release_key_hash_table (visited); release_key_hash_table (visited);
if (!rc) /* mark trustDB as checked */ if (!rc && !quit) /* mark trustDB as checked */
{ {
if (next_expire == 0xffffffff) if (next_expire == 0xffffffff)
tdbio_write_nextcheck (0); tdbio_write_nextcheck (0);

8
po/ChangeLog
View File

@ -1,3 +1,11 @@
2001-10-23 gettextize <bug-gnu-utils@gnu.org>
* Makefile.in.in: Upgrade to gettext-0.10.40.
2001-10-23 gettextize <bug-gnu-utils@gnu.org>
* Makefile.in.in: Upgrade to gettext-0.10.40.
2001-09-07 Werner Koch <wk@gnupg.org> 2001-09-07 Werner Koch <wk@gnupg.org>
* POTFILES.in: Added new files. * POTFILES.in: Added new files.

2
po/Makefile.in.in
View File

@ -2,7 +2,7 @@
# Copyright (C) 1995-1997, 2000, 2001 by Ulrich Drepper <drepper@gnu.ai.mit.edu> # Copyright (C) 1995-1997, 2000, 2001 by Ulrich Drepper <drepper@gnu.ai.mit.edu>
# #
# This file file be copied and used freely without restrictions. It can # This file file be copied and used freely without restrictions. It can
# be used in projects which are not available under the GNU Public License # be used in projects which are not available under the GNU General Public License
# but which still want to provide support for the GNU gettext functionality. # but which still want to provide support for the GNU gettext functionality.
# Please note that the actual code is *not* freely available. # Please note that the actual code is *not* freely available.

4
tools/ChangeLog
View File

@ -1,3 +1,7 @@
2001-10-23 Werner Koch <wk@gnupg.org>
* Makefile.am (gpgsplit_LDADD): Add ZLIBS.
2001-09-18 Werner Koch <wk@gnupg.org> 2001-09-18 Werner Koch <wk@gnupg.org>
* gpgsplit.c: New option --uncompress. * gpgsplit.c: New option --uncompress.

2
tools/Makefile.am
View File

@ -41,7 +41,7 @@ mpicalc_LDADD = $(needed_libs)
bftest_LDADD = $(needed_libs) bftest_LDADD = $(needed_libs)
shmtest_LDADD = $(needed_libs) shmtest_LDADD = $(needed_libs)
gpgsplit_LDADD = $(needed_libs) gpgsplit_LDADD = @ZLIBS@ $(needed_libs)
mpicalc bftest shmtest gpgsplit: $(needed_libs) mpicalc bftest shmtest gpgsplit: $(needed_libs)

2
util/iobuf.c
View File

@ -230,7 +230,7 @@ fd_cache_close (const char *fname, FILEP_OR_FD fp)
close(fp); close(fp);
#endif #endif
if( DBG_IOBUF ) if( DBG_IOBUF )
log_debug ("fd_cache_close (%p) real\n", fp); log_debug ("fd_cache_close (%p) real\n", (void*)fp);
return; return;
} }
/* try to reuse a slot */ /* try to reuse a slot */