From cd2d9288aaf9c584673675826ba76e7dbc2ad239 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 25 Oct 2007 09:06:21 +0000 Subject: [PATCH] Ported changes from 1.4. Add copyright notices. --- g10/ChangeLog | 55 ++++++++++ g10/armor.c | 47 +++++++-- g10/encode.c | 18 +--- g10/gpg.c | 36 +++++-- g10/import.c | 156 +++++++++++++++------------- g10/keyedit.c | 2 +- g10/misc.c | 81 +++++++++------ g10/options.h | 9 +- g10/sign.c | 58 +++-------- keyserver/ChangeLog | 16 ++- keyserver/gpgkeys_ldap.c | 23 ++-- tests/openpgp/ChangeLog | 21 +++- tests/openpgp/armdetach.test | 8 ++ tests/openpgp/armdetachm.test | 8 ++ tests/openpgp/armencrypt.test | 8 ++ tests/openpgp/armencryptp.test | 8 ++ tests/openpgp/armor.test | 7 ++ tests/openpgp/armsignencrypt.test | 8 ++ tests/openpgp/armsigs.test | 8 ++ tests/openpgp/clearsig.test | 8 ++ tests/openpgp/conventional-mdc.test | 36 +++---- tests/openpgp/conventional.test | 34 ++---- tests/openpgp/decrypt-dsa.test | 8 ++ tests/openpgp/decrypt.test | 8 ++ tests/openpgp/defs.inc | 19 +++- tests/openpgp/detach.test | 8 ++ tests/openpgp/detachm.test | 8 ++ tests/openpgp/encrypt-dsa.test | 34 ++---- tests/openpgp/encrypt.test | 34 ++---- tests/openpgp/encryptp.test | 8 ++ tests/openpgp/genkey1024.test | 8 ++ tests/openpgp/mds.test | 8 ++ tests/openpgp/multisig.test | 9 ++ tests/openpgp/seat.test | 8 ++ tests/openpgp/signencrypt-dsa.test | 8 ++ tests/openpgp/signencrypt.test | 8 ++ tests/openpgp/sigs-dsa.test | 8 ++ tests/openpgp/sigs.test | 63 +++++------ tests/openpgp/verify.test | 8 ++ tests/openpgp/version.test | 8 ++ 40 files changed, 596 insertions(+), 322 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 3fedb9979..e4702b041 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,58 @@ +2007-10-25 David Shaw (wk) + + From 1.4 (October): + + * gpg.c (main): Add --require-cross-certification to + --openpgp/--rfc4880 mode. + + * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by + default. Enable --require-cross-certification by default. + --openpgp (--rfc4880) is the same as --rfc2440 except with + "--enable-dsa2 --no-rfc2440-text --escape-from-lines". + + * misc.c (compliance_option_string, compliance_failure): Minor + cleanup. + + * armor.c (is_armor_header): Comment about 4880. + + * options.h, gpg.c (main): Add --rfc4880, and make --openpgp an + alias to it. --rfc2440 now stands alone. For now, use the old + 2440 defaults for 4880. + * misc.c (compliance_option_string): Ditto. + + * keyedit.c (keyedit_menu): Use compliance_option_string() instead + of printing the compliance modes here. + +2007-10-25 David Shaw (wk) + + From 1.4 (September): + + * import.c (collapse_uids): Significant speedup for de-duping user + IDs. + +2007-10-25 David Shaw (wk) + + From 1.4 (July): + + * armor.c (parse_header_line): Improve test so that the header + test only allows "Hash" in the signed data section. + + * armor.c (is_armor_tag): New. Detect if an armor header matches + 2440bis-21. + (parse_header_line): Call it here, as bis-21 requires warning the + user (but continuing to process the message) when seeing an + unknown header. + + * encode.c (encode_crypt): Missed one call to + setup_plaintext_name(). This is bug#809. + + * sign.c (mk_notation_policy_etc): Expect all sigs that this is + called for are >=v4. + (write_signature_packets, make_keysig_packet): Only call it for + >=v4 sigs. This allows --force-v3-sigs and --force-v4-certs to + enable or disable notations, policies, and keyserver URLs. This + is bug#800. + 2007-10-19 Werner Koch * passphrase.c (passphrase_get): Use new utf8 switching fucntions. diff --git a/g10/armor.c b/g10/armor.c index 1a9f82e89..76a2bdfbd 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -1,6 +1,6 @@ /* armor.c - Armor flter - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -308,7 +308,19 @@ parse_hash_header( const char *line ) return found; } +/* Returns true if this is a valid armor tag as per RFC-2440bis-21. */ +static int +is_armor_tag(const char *line) +{ + if(strncmp(line,"Version",7)==0 + || strncmp(line,"Comment",7)==0 + || strncmp(line,"MessageID",9)==0 + || strncmp(line,"Hash",4)==0 + || strncmp(line,"Charset",7)==0) + return 1; + return 0; +} /**************** * Check whether this is a armor line. @@ -338,7 +350,8 @@ is_armor_header( byte *line, unsigned len ) --rfc2440 is set since 2440 reads "The header lines, therefore, MUST start at the beginning of a line, and MUST NOT have text following them on the same line." It is unclear whether "text" - refers to all text or just non-whitespace text. */ + refers to all text or just non-whitespace text. 4880 clarified + this was only non-whitespace text. */ if(RFC2440) { @@ -418,16 +431,32 @@ parse_header_line( armor_filter_context_t *afx, byte *line, unsigned int len ) putc('\n', stderr); } - if( afx->in_cleartext ) { + if( afx->in_cleartext ) + { if( (hashes=parse_hash_header( line )) ) - afx->hashes |= hashes; + afx->hashes |= hashes; else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) ) - afx->not_dash_escaped = 1; - else { + afx->not_dash_escaped = 1; + else + { log_error(_("invalid clearsig header\n")); return -1; - } - } + } + } + else if(!is_armor_tag(line)) + { + /* Section 6.2: "Unknown keys should be reported to the user, + but OpenPGP should continue to process the message." Note + that in a clearsigned message this applies to the signature + part (i.e. "BEGIN PGP SIGNATURE") and not the signed data + ("BEGIN PGP SIGNED MESSAGE"). The only key allowed in the + signed data section is "Hash". */ + + log_info(_("unknown armor header: ")); + print_string( stderr, line, len, 0 ); + putc('\n', stderr); + } + return 1; } diff --git a/g10/encode.c b/g10/encode.c index 196d213d2..4a5733220 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -598,22 +598,8 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey ) if(use_symkey && (rc=write_symkey_enc(symkey_s2k,symkey_dek,cfx.dek,out))) goto leave; - if (!opt.no_literal) { - /* setup the inner packet */ - if( filename || opt.set_filename ) { - char *s = make_basename( opt.set_filename ? opt.set_filename - : filename, - iobuf_get_real_fname( inp ) ); - pt = xmalloc( sizeof *pt + strlen(s) - 1 ); - pt->namelen = strlen(s); - memcpy(pt->name, s, pt->namelen ); - xfree(s); - } - else { /* no filename */ - pt = xmalloc( sizeof *pt - 1 ); - pt->namelen = 0; - } - } + if (!opt.no_literal) + pt=setup_plaintext_name(filename,inp); if (!iobuf_is_pipe_filename (filename) && *filename && !opt.textmode ) { diff --git a/g10/gpg.c b/g10/gpg.c index 599b7df5a..e1b1efbcd 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1,6 +1,6 @@ /* gpg.c - The GnuPG utility (main for gpg) * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * 2006, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -194,6 +194,7 @@ enum cmd_and_opt_values oGnuPG, oRFC1991, oRFC2440, + oRFC4880, oOpenPGP, oPGP2, oPGP6, @@ -520,6 +521,7 @@ static ARGPARSE_OPTS opts[] = { { oGnuPG, "no-pgp8", 0, "@"}, { oRFC1991, "rfc1991", 0, "@"}, { oRFC2440, "rfc2440", 0, "@" }, + { oRFC4880, "rfc4880", 0, "@" }, { oOpenPGP, "openpgp", 0, N_("use strict OpenPGP behavior")}, { oPGP2, "pgp2", 0, N_("generate PGP 2.x compatible messages")}, { oPGP6, "pgp6", 0, "@"}, @@ -1902,8 +1904,8 @@ main (int argc, char **argv ) opt.marginals_needed = 3; opt.max_cert_depth = 5; opt.pgp2_workarounds = 1; - opt.force_v3_sigs = 1; opt.escape_from = 1; + opt.flags.require_cross_cert = 1; opt.import_options=IMPORT_SK2PK; opt.export_options=EXPORT_ATTRIBUTES; opt.keyserver_options.import_options=IMPORT_REPAIR_PKS_SUBKEY_BUG; @@ -1917,7 +1919,6 @@ main (int argc, char **argv ) opt.min_cert_level=2; set_screen_dimensions(); opt.keyid_format=KF_SHORT; - opt.rfc2440_text=1; opt.def_sig_expire="0"; opt.def_cert_expire="0"; set_homedir ( default_homedir () ); @@ -2303,11 +2304,34 @@ main (int argc, char **argv ) opt.escape_from = 1; break; case oOpenPGP: + case oRFC4880: + /* This is effectively the same as RFC2440, but with + "--enable-dsa2 --no-rfc2440-text --escape-from-lines + --require-cross-certification". */ + opt.compliance = CO_RFC4880; + opt.flags.dsa2 = 1; + opt.flags.require_cross_cert = 1; + opt.rfc2440_text = 0; + opt.allow_non_selfsigned_uid = 1; + opt.allow_freeform_uid = 1; + opt.pgp2_workarounds = 0; + opt.escape_from = 1; + opt.force_v3_sigs = 0; + opt.compress_keys = 0; /* not mandated, but we do it */ + opt.compress_sigs = 0; /* ditto. */ + opt.not_dash_escaped = 0; + opt.def_cipher_algo = 0; + opt.def_digest_algo = 0; + opt.cert_digest_algo = 0; + opt.compress_algo = -1; + opt.s2k_mode = 3; /* iterated+salted */ + opt.s2k_digest_algo = DIGEST_ALGO_SHA1; + opt.s2k_cipher_algo = CIPHER_ALGO_3DES; + break; case oRFC2440: - /* TODO: When 2440bis becomes a RFC, set new values for - oOpenPGP. */ - opt.rfc2440_text=1; opt.compliance = CO_RFC2440; + opt.flags.dsa2 = 0; + opt.rfc2440_text = 1; opt.allow_non_selfsigned_uid = 1; opt.allow_freeform_uid = 1; opt.pgp2_workarounds = 0; diff --git a/g10/import.c b/g10/import.c index a3d0fecb8..fbfb18d0e 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1,6 +1,6 @@ /* import.c - import a key into our key storage. - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1649,90 +1649,102 @@ delete_inv_parts( const char *fname, KBNODE keyblock, * It may happen that the imported keyblock has duplicated user IDs. * We check this here and collapse those user IDs together with their * sigs into one. - * Returns: True if the keyblock hash changed. + * Returns: True if the keyblock has changed. */ int collapse_uids( KBNODE *keyblock ) { - KBNODE n, n2; - int in_uid; - int any=0; + KBNODE uid1; + int any=0; - restart: - for( n = *keyblock; n; n = n->next ) { - if( n->pkt->pkttype != PKT_USER_ID ) + for(uid1=*keyblock;uid1;uid1=uid1->next) + { + KBNODE uid2; + + if(uid1->pkt->pkttype!=PKT_USER_ID) + continue; + + for(uid2=uid1->next;uid2;uid2=uid2->next) + { + if(uid2->pkt->pkttype!=PKT_USER_ID) continue; - for( n2 = n->next; n2; n2 = n2->next ) { - if( n2->pkt->pkttype == PKT_USER_ID - && !cmp_user_ids( n->pkt->pkt.user_id, - n2->pkt->pkt.user_id ) ) { - /* found a duplicate */ - any = 1; - if( !n2->next - || n2->next->pkt->pkttype == PKT_USER_ID - || n2->next->pkt->pkttype == PKT_PUBLIC_SUBKEY - || n2->next->pkt->pkttype == PKT_SECRET_SUBKEY ) { - /* no more signatures: delete the user ID - * and start over */ - remove_kbnode( keyblock, n2 ); + + if(cmp_user_ids(uid1->pkt->pkt.user_id, + uid2->pkt->pkt.user_id)==0) + { + /* We have a duplicated uid */ + KBNODE sig1,last; + + any=1; + + /* Now take uid2's signatures, and attach them to + uid1 */ + for(last=uid2;last->next;last=last->next) + { + if(last->next->pkt->pkttype==PKT_USER_ID + || last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY + || last->next->pkt->pkttype==PKT_SECRET_SUBKEY) + break; } - else { - /* The simple approach: Move one signature and - * then start over to delete the next one :-( */ - move_kbnode( keyblock, n2->next, n->next ); + + /* Snip out uid2 */ + (find_prev_kbnode(*keyblock,uid2,0))->next=last->next; + + /* Now put uid2 in place as part of uid1 */ + last->next=uid1->next; + uid1->next=uid2; + remove_kbnode(keyblock,uid2); + + /* Now dedupe uid1 */ + for(sig1=uid1->next;sig1;sig1=sig1->next) + { + KBNODE sig2; + + if(sig1->pkt->pkttype==PKT_USER_ID + || sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY + || sig1->pkt->pkttype==PKT_SECRET_SUBKEY) + break; + + if(sig1->pkt->pkttype!=PKT_SIGNATURE) + continue; + + for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next) + { + if(sig2->pkt->pkttype==PKT_USER_ID + || sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY + || sig2->pkt->pkttype==PKT_SECRET_SUBKEY) + break; + + if(sig2->pkt->pkttype!=PKT_SIGNATURE) + continue; + + if(cmp_signatures(sig1->pkt->pkt.signature, + sig2->pkt->pkt.signature)==0) + { + /* We have a match, so delete the second + signature */ + remove_kbnode(&uid1,sig2); + sig2=last; + } + } } - goto restart; } } } - if( !any ) - return 0; - restart_sig: - /* now we may have duplicate signatures on one user ID: fix this */ - for( in_uid = 0, n = *keyblock; n; n = n->next ) { - if( n->pkt->pkttype == PKT_USER_ID ) - in_uid = 1; - else if( n->pkt->pkttype == PKT_PUBLIC_SUBKEY - || n->pkt->pkttype == PKT_SECRET_SUBKEY ) - in_uid = 0; - else if( in_uid ) { - n2 = n; - do { - KBNODE ncmp = NULL; - for( ; n2; n2 = n2->next ) { - if( n2->pkt->pkttype == PKT_USER_ID - || n2->pkt->pkttype == PKT_PUBLIC_SUBKEY - || n2->pkt->pkttype == PKT_SECRET_SUBKEY ) - break; - if( n2->pkt->pkttype != PKT_SIGNATURE ) - ; - else if( !ncmp ) - ncmp = n2; - else if( !cmp_signatures( ncmp->pkt->pkt.signature, - n2->pkt->pkt.signature )) { - remove_kbnode( keyblock, n2 ); - goto restart_sig; - } - } - n2 = ncmp? ncmp->next : NULL; - } while( n2 ); - } + if(any && !opt.quiet) + { + const char *key="???"; + + if( (uid1=find_kbnode( *keyblock, PKT_PUBLIC_KEY )) ) + key=keystr_from_pk(uid1->pkt->pkt.public_key); + else if( (uid1 = find_kbnode( *keyblock, PKT_SECRET_KEY )) ) + key=keystr_from_sk(uid1->pkt->pkt.secret_key); + + log_info(_("key %s: duplicated user ID detected - merged\n"),key); } - if(!opt.quiet) - { - const char *key="???"; - - if( (n = find_kbnode( *keyblock, PKT_PUBLIC_KEY )) ) - key=keystr_from_pk(n->pkt->pkt.public_key); - else if( (n = find_kbnode( *keyblock, PKT_SECRET_KEY )) ) - key=keystr_from_sk(n->pkt->pkt.secret_key); - - log_info(_("key %s: duplicated user ID detected - merged\n"),key); - } - - return 1; + return any; } /* Check for a 0x20 revocation from a revocation key that is not diff --git a/g10/keyedit.c b/g10/keyedit.c index 77f401798..1078758dd 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1803,7 +1803,7 @@ keyedit_menu( const char *username, strlist_t locusr, { tty_printf( _("This command is not allowed while in %s mode.\n"), - RFC2440?"OpenPGP":PGP2?"PGP2":"RFC-1991"); + compliance_option_string()); break; } photo=1; diff --git a/g10/misc.c b/g10/misc.c index 3781b2c27..96bb6c559 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -831,47 +831,64 @@ default_compress_algo(void) const char * compliance_option_string(void) { - switch(opt.compliance) - { - case CO_RFC2440: - return "--openpgp"; - case CO_PGP2: - return "--pgp2"; - case CO_PGP6: - return "--pgp6"; - case CO_PGP7: - return "--pgp7"; - case CO_PGP8: - return "--pgp8"; - default: - return "???"; - } -} + char *ver="???"; -static const char * -compliance_string(void) -{ switch(opt.compliance) { - case CO_RFC2440: - return "OpenPGP"; - case CO_PGP2: - return "PGP 2.x"; - case CO_PGP6: - return "PGP 6.x"; - case CO_PGP7: - return "PGP 7.x"; - case CO_PGP8: - return "PGP 8.x"; - default: - return "???"; + case CO_GNUPG: return "--gnupg"; + case CO_RFC4880: return "--openpgp"; + case CO_RFC2440: return "--rfc2440"; + case CO_RFC1991: return "--rfc1991"; + case CO_PGP2: return "--pgp2"; + case CO_PGP6: return "--pgp6"; + case CO_PGP7: return "--pgp7"; + case CO_PGP8: return "--pgp8"; } + + return ver; } void compliance_failure(void) { - log_info(_("this message may not be usable by %s\n"),compliance_string()); + char *ver="???"; + + switch(opt.compliance) + { + case CO_GNUPG: + ver="GnuPG"; + break; + + case CO_RFC4880: + ver="OpenPGP"; + break; + + case CO_RFC2440: + ver="OpenPGP (older)"; + break; + + case CO_RFC1991: + ver="old PGP"; + break; + + case CO_PGP2: + ver="PGP 2.x"; + break; + + case CO_PGP6: + ver="PGP 6.x"; + break; + + case CO_PGP7: + ver="PGP 7.x"; + break; + + case CO_PGP8: + ver="PGP 8.x"; + break; + } + + log_info(_("this message may not be usable by %s\n"),ver); opt.compliance=CO_GNUPG; } diff --git a/g10/options.h b/g10/options.h index 5918d089e..be7394e35 100644 --- a/g10/options.h +++ b/g10/options.h @@ -1,6 +1,6 @@ /* options.h - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -103,7 +103,8 @@ struct int force_ownertrust; enum { - CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8 + CO_GNUPG, CO_RFC4880, CO_RFC2440, CO_RFC1991, CO_PGP2, + CO_PGP6, CO_PGP7, CO_PGP8 } compliance; enum { @@ -290,10 +291,12 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define GNUPG (opt.compliance==CO_GNUPG) #define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2) #define RFC2440 (opt.compliance==CO_RFC2440) +#define RFC4880 (opt.compliance==CO_RFC4880) #define PGP2 (opt.compliance==CO_PGP2) #define PGP6 (opt.compliance==CO_PGP6) #define PGP7 (opt.compliance==CO_PGP7) #define PGP8 (opt.compliance==CO_PGP8) +#define PGPX (PGP2 || PGP6 || PGP7 || PGP8) /* Various option flags. Note that there should be no common string names between the IMPORT_ and EXPORT_ flags as they can be mixed in diff --git a/g10/sign.c b/g10/sign.c index 33830d0ce..6e3671dbd 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1,6 +1,6 @@ /* sign.c - sign data - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -66,32 +66,17 @@ mk_notation_policy_etc( PKT_signature *sig, struct notation *nd=NULL; struct expando_args args; + assert(sig->version>=4); + memset(&args,0,sizeof(args)); args.pk=pk; args.sk=sk; - /* It is actually impossible to get here when making a v3 key - signature since keyedit.c:sign_uids will automatically bump a - signature with a notation or policy url up to v4, but it is - good to do these checks anyway. */ - /* notation data */ if(IS_SIG(sig) && opt.sig_notations) - { - if(sig->version<4) - log_error(_("can't put notation data into v3 (PGP 2.x style) " - "signatures\n")); - else - nd=opt.sig_notations; - } + nd=opt.sig_notations; else if( IS_CERT(sig) && opt.cert_notations ) - { - if(sig->version<4) - log_error(_("can't put notation data into v3 (PGP 2.x style) " - "key signatures\n")); - else - nd=opt.cert_notations; - } + nd=opt.cert_notations; if(nd) { @@ -116,21 +101,9 @@ mk_notation_policy_etc( PKT_signature *sig, /* set policy URL */ if( IS_SIG(sig) && opt.sig_policy_url ) - { - if(sig->version<4) - log_error(_("can't put a policy URL into v3 (PGP 2.x style) " - "signatures\n")); - else - pu=opt.sig_policy_url; - } + pu=opt.sig_policy_url; else if( IS_CERT(sig) && opt.cert_policy_url ) - { - if(sig->version<4) - log_error(_("can't put a policy URL into v3 key (PGP 2.x style) " - "signatures\n")); - else - pu=opt.cert_policy_url; - } + pu=opt.cert_policy_url; for(;pu;pu=pu->next) { @@ -153,12 +126,7 @@ mk_notation_policy_etc( PKT_signature *sig, /* preferred keyserver URL */ if( IS_SIG(sig) && opt.sig_keyserver_url ) - { - if(sig->version<4) - log_info("can't put a preferred keyserver URL into v3 signatures\n"); - else - pu=opt.sig_keyserver_url; - } + pu=opt.sig_keyserver_url; for(;pu;pu=pu->next) { @@ -689,8 +657,10 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash, BUG (); if (sig->version >= 4) + { build_sig_subpkt_from_sig (sig); - mk_notation_policy_etc (sig, NULL, sk); + mk_notation_policy_etc (sig, NULL, sk); + } hash_sigversion_to_magic (md, sig); gcry_md_final (md); @@ -1487,8 +1457,10 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, sig->expiredate=sig->timestamp+duration; sig->sig_class = sigclass; if( sig->version >= 4 ) + { build_sig_subpkt_from_sig( sig ); - mk_notation_policy_etc( sig, pk, sk ); + mk_notation_policy_etc( sig, pk, sk ); + } /* Crucial that the call to mksubpkt comes LAST before the calls to finalize the sig as that makes it possible for the mksubpkt diff --git a/keyserver/ChangeLog b/keyserver/ChangeLog index 62c29d77a..c111aa52e 100644 --- a/keyserver/ChangeLog +++ b/keyserver/ChangeLog @@ -1,3 +1,15 @@ +2007-10-25 David Shaw (wk) + + From 1.4 (July): + + * gpgkeys_ldap.c (main): Fix bug in setting up whether to verify + peer SSL cert. This used to work with older OpenLDAP, but is now + more strictly handled. + + * gpgkeys_ldap.c (search_key, main): Fix bug where searching for + foo bar (no quotes) on the command line resulted in searching for + "foo\2Abar" due to LDAP quoting. The proper search is "foo*bar". + 2007-06-11 Werner Koch * gpgkeys_hkp.c (send_key): Rename eof to r_eof as some Windows @@ -1208,8 +1220,8 @@ gpgkeys_mailto (email keyserver helper) - Copyright 1998, 1999, 2000, 2001, 2002, 2003, - 2004 Free Software Foundation, Inc. + Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + 2007 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/keyserver/gpgkeys_ldap.c b/keyserver/gpgkeys_ldap.c index df107ff9c..0186ce575 100644 --- a/keyserver/gpgkeys_ldap.c +++ b/keyserver/gpgkeys_ldap.c @@ -1,5 +1,6 @@ /* gpgkeys_ldap.c - talk to a LDAP keyserver - * Copyright (C) 2001, 2002, 2004, 2005, 2006 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2004, 2005, 2006 + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1288,18 +1289,25 @@ printquoted(FILE *stream,char *string,char delim) static int search_key(const char *searchkey) { - char **vals; + char **vals,*search; LDAPMessage *res,*each; int err,count=0; struct keylist *dupelist=NULL; /* The maximum size of the search, including the optional stuff and the trailing \0 */ - char search[2+1+9+1+3+(MAX_LINE*3)+3+1+15+14+1+1+20]; char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled", "pgpkeycreatetime","pgpkeyexpiretime","modifytimestamp", "pgpkeysize","pgpkeytype",NULL}; enum ks_search_type search_type; + search=malloc(2+1+9+1+3+strlen(searchkey)+3+1+15+14+1+1+20); + if(!search) + { + fprintf(console,"gpgkeys: out of memory when building search list\n"); + fprintf(output,"SEARCH %s FAILED %d\n",searchkey,KEYSERVER_NO_MEMORY); + return KEYSERVER_NO_MEMORY; + } + fprintf(output,"SEARCH %s BEGIN\n",searchkey); search_type=classify_ks_search(&searchkey); @@ -1354,7 +1362,7 @@ search_key(const char *searchkey) break; } - ldap_quote(search,searchkey); + strcat(search,searchkey); switch(search_type) { @@ -1392,6 +1400,7 @@ search_key(const char *searchkey) err=ldap_search_s(ldap,basekeyspacedn, LDAP_SCOPE_SUBTREE,search,attrs,0,&res); + free(search); if(err!=LDAP_SUCCESS && err!=LDAP_SIZELIMIT_EXCEEDED) { int errtag=ldap_err_to_gpg_err(err); @@ -2172,7 +2181,7 @@ main(int argc,char *argv[]) else ver=LDAP_OPT_X_TLS_NEVER; - err=ldap_set_option(ldap,LDAP_OPT_X_TLS_REQUIRE_CERT,&ver); + err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ver); } #endif @@ -2308,7 +2317,7 @@ main(int argc,char *argv[]) keyptr=keyptr->next; } - searchkey=malloc(len+1); + searchkey=malloc((len*3)+1); if(searchkey==NULL) { ret=KEYSERVER_NO_MEMORY; @@ -2321,7 +2330,7 @@ main(int argc,char *argv[]) keyptr=keylist; while(keyptr!=NULL) { - strcat(searchkey,keyptr->str); + ldap_quote(searchkey,keyptr->str); strcat(searchkey,"*"); keyptr=keyptr->next; } diff --git a/tests/openpgp/ChangeLog b/tests/openpgp/ChangeLog index 58b95cfb0..9e3b96a85 100644 --- a/tests/openpgp/ChangeLog +++ b/tests/openpgp/ChangeLog @@ -1,3 +1,22 @@ +2007-10-25 Werner Koch + + Add missing copyright notices to *.test. + +2007-10-25 David Shaw (wk) + + From 1.4 (July): + + * defs.inc (all_cipher_algos): New function to return all ciphers. + * defs.inc (all_cipher_algos): New function to return all ciphers + we support. This is safer than the previous setup which could + hide that some ciphers weren't being tested. Plus, this + automatically tests any new ciphers libgcrypt supports. + (all_hash_algos): New. + * sigs.test: Use it here, and also test with >=160 bit hashes for + DSA2. + * conventional.test, encrypt.test, encrypt-dsa.test, + * conventional-mdc.test: Use it here. + 2007-05-02 David Shaw * conventional.test, encrypt.test, encrypt-dsa.test, @@ -289,7 +308,7 @@ Mon May 18 15:40:02 1998 Werner Koch (wk@isil.d.shuttle.de) * ChangeLog: New. - Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. + Copyright 1998, 1999, 2000, 2001, 2007 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/tests/openpgp/armdetach.test b/tests/openpgp/armdetach.test index c445d6ce6..e4bbb1fd0 100755 --- a/tests/openpgp/armdetach.test +++ b/tests/openpgp/armdetach.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/armdetachm.test b/tests/openpgp/armdetachm.test index f1958424c..67d96287a 100755 --- a/tests/openpgp/armdetachm.test +++ b/tests/openpgp/armdetachm.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/armencrypt.test b/tests/openpgp/armencrypt.test index 356d1bda7..df3729410 100755 --- a/tests/openpgp/armencrypt.test +++ b/tests/openpgp/armencrypt.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/armencryptp.test b/tests/openpgp/armencryptp.test index d18c56b7e..9246b6d27 100755 --- a/tests/openpgp/armencryptp.test +++ b/tests/openpgp/armencryptp.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/armor.test b/tests/openpgp/armor.test index 2efcf3260..eb0267a6f 100755 --- a/tests/openpgp/armor.test +++ b/tests/openpgp/armor.test @@ -1,5 +1,12 @@ #!/bin/sh # Regression tests pertaining to the armoring. +# Copyright 2006, 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/armsignencrypt.test b/tests/openpgp/armsignencrypt.test index 24b9575ad..5b392df27 100755 --- a/tests/openpgp/armsignencrypt.test +++ b/tests/openpgp/armsignencrypt.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/armsigs.test b/tests/openpgp/armsigs.test index aecc06429..8fc867226 100755 --- a/tests/openpgp/armsigs.test +++ b/tests/openpgp/armsigs.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/clearsig.test b/tests/openpgp/clearsig.test index 8217f2f49..78f1fa6a9 100755 --- a/tests/openpgp/clearsig.test +++ b/tests/openpgp/clearsig.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # Fixme: we should not only do a --verify but also the output. diff --git a/tests/openpgp/conventional-mdc.test b/tests/openpgp/conventional-mdc.test index b3cf10b3a..a5e5c4e44 100755 --- a/tests/openpgp/conventional-mdc.test +++ b/tests/openpgp/conventional-mdc.test @@ -1,32 +1,19 @@ #!/bin/sh +# Copyright 2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 -algos="3des" - -if have_cipher_algo "IDEA"; then - algos="$algos idea" -fi - -if have_cipher_algo "CAST5"; then - algos="$algos cast5" -fi - -if have_cipher_algo "BLOWFISH"; then - algos="$algos blowfish" -fi - -if have_cipher_algo "AES"; then - algos="$algos aes aes192 aes256" -fi - -if have_cipher_algo "TWOFISH"; then - algos="$algos twofish" -fi - #info Checking conventional encryption -for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do - for ciph in $algos; do +for ciph in `all_cipher_algos`; do + echo_n "$ciph " + for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do # *BSD's dd can't cope with a count of 0 if test "$i" = "0"; then : >z @@ -40,3 +27,4 @@ for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do cmp z y || error "$ciph/$i: mismatch" done done +echo_n "| " diff --git a/tests/openpgp/conventional.test b/tests/openpgp/conventional.test index 8b75c8a50..1464ee229 100755 --- a/tests/openpgp/conventional.test +++ b/tests/openpgp/conventional.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 @@ -9,29 +17,8 @@ for i in plain-2 data-32000 ; do cmp $i y || error "$i: mismatch" done -algos="3des" - -if have_cipher_algo "IDEA"; then - algos="$algos idea" -fi - -if have_cipher_algo "CAST5"; then - algos="$algos cast5" -fi - -if have_cipher_algo "BLOWFISH"; then - algos="$algos blowfish" -fi - -if have_cipher_algo "AES"; then - algos="$algos aes aes192 aes256" -fi - -if have_cipher_algo "TWOFISH"; then - algos="$algos twofish" -fi - -for a in $algos; do +for a in `all_cipher_algos`; do + echo_n "$a " for i in plain-1 data-80000 ; do echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \ --cipher-algo $a -c -o x --yes $i @@ -39,3 +26,4 @@ for a in $algos; do cmp $i y || error "$i: ($a) mismatch" done done +echo_n "| " diff --git a/tests/openpgp/decrypt-dsa.test b/tests/openpgp/decrypt-dsa.test index 6dc7dc459..7220f8a22 100755 --- a/tests/openpgp/decrypt-dsa.test +++ b/tests/openpgp/decrypt-dsa.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/decrypt.test b/tests/openpgp/decrypt.test index aab416750..d3b5ddf41 100755 --- a/tests/openpgp/decrypt.test +++ b/tests/openpgp/decrypt.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc index 694e9ee1c..b33d9ebf8 100755 --- a/tests/openpgp/defs.inc +++ b/tests/openpgp/defs.inc @@ -1,4 +1,12 @@ -# definitions for the check scripts +# Definitions for the OpenPGP test scripts -*- sh -*- +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. #-------------------------------- #------ constants --------------- @@ -139,6 +147,15 @@ have_hash_algo () { fi } +all_cipher_algos () { + ../../g10/gpg2 --homedir . --version | grep "Cipher" | sed 's/^Cipher: //; s/,//g' +} + +all_hash_algos () { + ../../g10/gpg2 --homedir . --version | grep "Hash" | sed 's/^Hash: //; s/,//g' +} + + set -e pgmname=`basename $0` #trap cleanup SIGHUP SIGINT SIGQUIT diff --git a/tests/openpgp/detach.test b/tests/openpgp/detach.test index 6a3ae05c5..9b68e001a 100755 --- a/tests/openpgp/detach.test +++ b/tests/openpgp/detach.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/detachm.test b/tests/openpgp/detachm.test index dc60bb239..d65bcf276 100755 --- a/tests/openpgp/detachm.test +++ b/tests/openpgp/detachm.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/encrypt-dsa.test b/tests/openpgp/encrypt-dsa.test index 4b9da35ff..01fe33aa8 100755 --- a/tests/openpgp/encrypt-dsa.test +++ b/tests/openpgp/encrypt-dsa.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 @@ -9,29 +17,8 @@ for i in $plain_files $data_files ; do cmp $i y || error "$i: mismatch" done -algos="3des" - -if have_cipher_algo "IDEA"; then - algos="$algos idea" -fi - -if have_cipher_algo "CAST5"; then - algos="$algos cast5" -fi - -if have_cipher_algo "BLOWFISH"; then - algos="$algos blowfish" -fi - -if have_cipher_algo "AES"; then - algos="$algos aes aes192 aes256" -fi - -if have_cipher_algo "TWOFISH"; then - algos="$algos twofish" -fi - -for ca in $algos ; do +for ca in `all_cipher_algos` ; do + echo_n "$ca " for i in $plain_files $data_files ; do $GPG $dsa_keyrings --always-trust --cipher-algo $ca -e \ -o x --yes -r "$dsa_usrname2" $i @@ -39,3 +26,4 @@ for ca in $algos ; do cmp $i y || error "$i: mismatch" done done +echo_n "| " diff --git a/tests/openpgp/encrypt.test b/tests/openpgp/encrypt.test index 35f35d0e5..c50c66c12 100755 --- a/tests/openpgp/encrypt.test +++ b/tests/openpgp/encrypt.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 @@ -9,32 +17,12 @@ for i in $plain_files $data_files ; do cmp $i y || error "$i: mismatch" done -algos="3des" - -if have_cipher_algo "IDEA"; then - algos="$algos idea" -fi - -if have_cipher_algo "CAST5"; then - algos="$algos cast5" -fi - -if have_cipher_algo "BLOWFISH"; then - algos="$algos blowfish" -fi - -if have_cipher_algo "AES"; then - algos="$algos aes aes192 aes256" -fi - -if have_cipher_algo "TWOFISH"; then - algos="$algos twofish" -fi - -for ca in $algos ; do +for ca in `all_cipher_algos` ; do + echo_n "$ca " for i in $plain_files $data_files ; do $GPG --always-trust -e -o x --yes -r "$usrname2" --cipher-algo $ca $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" done done +echo_n "| " diff --git a/tests/openpgp/encryptp.test b/tests/openpgp/encryptp.test index 7df24efec..984f56ab8 100755 --- a/tests/openpgp/encryptp.test +++ b/tests/openpgp/encryptp.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/genkey1024.test b/tests/openpgp/genkey1024.test index e17e8c91c..74c036667 100755 --- a/tests/openpgp/genkey1024.test +++ b/tests/openpgp/genkey1024.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/mds.test b/tests/openpgp/mds.test index 6551d18e0..a4583a19a 100755 --- a/tests/openpgp/mds.test +++ b/tests/openpgp/mds.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/multisig.test b/tests/openpgp/multisig.test index ee194aef9..908b57842 100755 --- a/tests/openpgp/multisig.test +++ b/tests/openpgp/multisig.test @@ -1,4 +1,13 @@ #!/bin/sh +# Copyright 2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + # Check that gpg verifies only signatures where there is no ambiguity # in the order of packets. Needs the Demo Keys Lima and Mike. diff --git a/tests/openpgp/seat.test b/tests/openpgp/seat.test index 72ab27f41..28e69256c 100755 --- a/tests/openpgp/seat.test +++ b/tests/openpgp/seat.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/signencrypt-dsa.test b/tests/openpgp/signencrypt-dsa.test index 41bf83164..77ded1213 100755 --- a/tests/openpgp/signencrypt-dsa.test +++ b/tests/openpgp/signencrypt-dsa.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/signencrypt.test b/tests/openpgp/signencrypt.test index 2af50cb53..8ccbaf7ca 100755 --- a/tests/openpgp/signencrypt.test +++ b/tests/openpgp/signencrypt.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/sigs-dsa.test b/tests/openpgp/sigs-dsa.test index 2294cf55a..8b3b14f14 100755 --- a/tests/openpgp/sigs-dsa.test +++ b/tests/openpgp/sigs-dsa.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/sigs.test b/tests/openpgp/sigs.test index 79a3a18a4..86b0cdc7b 100755 --- a/tests/openpgp/sigs.test +++ b/tests/openpgp/sigs.test @@ -1,48 +1,26 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 -set -x - -#info Checking signatures for i in $plain_files $data_files; do echo "$usrpass1" | $GPG --passphrase-fd 0 -s -o x --yes $i $GPG -o y --yes x cmp $i y || error "$i: mismatch" done -# Using the DSA sig key - only 160 bit hashes -for da in ripemd160 sha1 ; do - for i in $plain_files; do - echo "$usrpass1" | $GPG --passphrase-fd 0 --digest-algo $da \ - -s -o x --yes $i - $GPG -o y --yes x - cmp $i y || error "$i: mismatch" - # process only the first one - break - done -done +for da in `all_hash_algos` ; do + echo_n "$da " -# TODO: add the new SHAs here once we allow them to be used in new -# documents. - -if have_pubkey_algo "RSA"; then - # Using the RSA sig key - all hashes - hash_algo_list="ripemd160 sha1 md5" - if have_hash_algo "SHA224"; then - hash_algo_list="$hash_algo_list sha224" - fi - if have_hash_algo "SHA256"; then - hash_algo_list="$hash_algo_list sha256" - fi - if have_hash_algo "SHA384"; then - hash_algo_list="$hash_algo_list sha384" - fi - if have_hash_algo "SHA512"; then - hash_algo_list="$hash_algo_list sha512" - fi - - for da in $hash_algo_list ; do + # RSA key, so any hash is okay + if have_pubkey_algo "RSA"; then for i in $plain_files; do $GPG -u $usrname3 --digest-algo $da -s -o x --yes $i $GPG -o y --yes x @@ -50,5 +28,18 @@ if have_pubkey_algo "RSA"; then # process only the first one break done - done -fi + fi + + # Using the DSA sig key - only 160 bit or larger hashes + if test $da != "MD5"; then + for i in $plain_files; do + echo "$usrpass1" | $GPG --passphrase-fd 0 --digest-algo $da \ + -s -o x --yes $i + $GPG -o y --yes x + cmp $i y || error "$i: mismatch" + # process only the first one + break + done + fi +done +echo_n "| " diff --git a/tests/openpgp/verify.test b/tests/openpgp/verify.test index 41bd94a3f..eef61c769 100755 --- a/tests/openpgp/verify.test +++ b/tests/openpgp/verify.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3 diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test index f1fd7284f..34733e27d 100755 --- a/tests/openpgp/version.test +++ b/tests/openpgp/version.test @@ -1,4 +1,12 @@ #!/bin/sh +# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006, +# 2007 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. . $srcdir/defs.inc || exit 3