1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

See ChangeLog: Wed Sep 6 14:59:09 CEST 2000 Werner Koch

This commit is contained in:
Werner Koch 2000-09-06 12:51:58 +00:00
parent 74b7fe6a7e
commit d14ecc1759
15 changed files with 174 additions and 44 deletions

View File

@ -1,3 +1,7 @@
Wed Sep 6 14:59:09 CEST 2000 Werner Koch <wk@openit.de>
* configure.in (GNUPG_HOMEDIR): New.
Fri Aug 25 16:05:38 CEST 2000 Werner Koch <wk@openit.de>
* configure.in: Changes to allow for Solaris random device.

2
NEWS
View File

@ -15,6 +15,8 @@ Noteworthy changes in the current CVS branch STABLE-BRANCH-1-0
* New configuration option --with-egd-socket.
* The --trusted-key option is back after it left us with 0.9.5
Noteworthy changes in version 1.0.2 (2000-07-12)
----------------------------------------------

3
THANKS
View File

@ -30,6 +30,7 @@ Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
Dave Dykstra dwd@bell-labs.com
David Ellement ellement@sdd.hp.com
David Hallinan hallinan@rtd.com
David Mathog MATHOG@seqaxp.bio.caltech.edu
Dimitri dmitri@advantrix.com
Dirk Lattermann dlatt@t-online.de
Ed Boraas ecxjo@esperanto.org
@ -44,6 +45,7 @@ Frank Stajano frank.stajano@cl.cam.ac.uk
Frank Tobin ftobin@uiuc.edu
Gabriel Rosenkoetter gr@eclipsed.net
Gaël Quéri gqueri@mail.dotcom.fr
Giampaolo Tomassoni g.tomassoni@libero.it
Greg Louis glouis@dynamicro.on.ca
Greg Troxel gdt@ir.bbn.com
Gregory Steuck steuck@iname.com
@ -84,6 +86,7 @@ Markus Friedl Markus.Friedl@informatik.uni-erlangen.de
Martin Kahlert martin.kahlert@provi.de
Martin Hamilton
Martin Schulte schulte@thp.uni-koeln.de
Matt Kraai kraai@alumni.carnegiemellon.edu
Matthew Skala mskala@ansuz.sooke.bc.ca
Matthias Urlichs smurf@noris.de
Max Valianskiy maxcom@maxcom.ml.org

6
TODO
View File

@ -1,6 +1,8 @@
* configure option to set EGD entropy socket name
* Think more whether the setting to ultimately trusted is a good idea.!!
* add some minor things vor VMS.
* Don't get the ultimately trusted keys from the secring but store
it permanently in the trustdb. This way we don't need a secring at all.

View File

@ -702,10 +702,16 @@ cat >g10defs.tmp <<G10EOF
#define G10_LOCALEDIR "c:/lib/gnupg/locale"
#define GNUPG_LIBDIR "c:/lib/gnupg"
#define GNUPG_DATADIR "c:/lib/gnupg"
#define GNUPG_HOMEDIR "c:/gnupg"
#else
#define G10_LOCALEDIR "${prefix}/${DATADIRNAME}/locale"
#define GNUPG_LIBDIR "${libdir}/gnupg"
#define GNUPG_DATADIR "${datadir}/gnupg"
#ifdef __VMS
#define GNUPG_HOMEDIR "/SYS\$LOGIN/gnupg"
#else
#define GNUPG_HOMEDIR "~/.gnupg"
#endif
#endif
G10EOF
if cmp -s g10defs.h g10defs.tmp 2>/dev/null; then

View File

@ -389,6 +389,17 @@ Sign a public key with you secret key but mark it as non-exportable.
This is a shortcut version of the subcommand "lsign" from --edit.
</para></listitem></varlistentry>
<varlistentry>
<term>--trusted-key <parameter>long key ID</parameter></term>
<listitem><para>
Assume that the specified key (which must be given
as a full 8 byte key ID) is as trustworthy as one of
your own secret keys. This option is useful if you
don't want to keep your secret keys (or one of them)
online but still be able to check the validity of a given
recipient's or signator's key.
</para></listitem></varlistentry>
<varlistentry>
<term>--delete-key &ParmName;</term>
<listitem><para>

View File

@ -1,3 +1,16 @@
Wed Sep 6 14:59:09 CEST 2000 Werner Koch <wk@openit.de>
* passphrase.c (hash_passphrase): Removed funny assert. Reported by
David Mathog.
* openfile.c (try_make_homedir): Changes for non-Posix systems.
* g10.c (main): Take the default homedir from macro.
* g10.c: The --trusted-key option is back.
* trustdb.c (verify_own_key): Handle this option.
(add_ultimate_key): Moved stuff from verify_own_key to this new func.
(register_trusted_key): New.
Fri Aug 25 16:05:38 CEST 2000 Werner Koch <wk@openit.de>
* parse-packet.c (dump_sig_subpkt): Print info about the ARR.

View File

@ -195,6 +195,7 @@ enum cmd_and_opt_values { aNull = 0,
oNoAutoKeyRetrieve,
oMergeOnly,
oTryAllSecrets,
oTrustedKey,
oEmu3DESS2KBug, /* will be removed in 1.1 */
oEmuMDEncodeBug,
aTest };
@ -295,6 +296,7 @@ static ARGPARSE_OPTS opts[] = {
{ oCompletesNeeded, "completes-needed", 1, "@"},
{ oMarginalsNeeded, "marginals-needed", 1, "@"},
{ oMaxCertDepth, "max-cert-depth", 1, "@" },
{ oTrustedKey, "trusted-key", 2, N_("|KEYID|ulimately trust this key")},
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
@ -635,11 +637,7 @@ main( int argc, char **argv )
opt.homedir = getenv("GNUPGHOME");
#endif
if( !opt.homedir || !*opt.homedir ) {
#ifdef HAVE_DRIVE_LETTERS
opt.homedir = "c:/gnupg";
#else
opt.homedir = "~/.gnupg";
#endif
opt.homedir = GNUPG_HOMEDIR;
}
/* check whether we have a config file on the commandline */
@ -937,6 +935,7 @@ main( int argc, char **argv )
break;
case oMergeOnly: opt.merge_only = 1; break;
case oTryAllSecrets: opt.try_all_secrets = 1; break;
case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
default : pargs.err = configfp? 1:2; break;
}

View File

@ -316,10 +316,24 @@ copy_options_file( const char *destdir )
void
try_make_homedir( const char *fname )
{
const char *defhome = GNUPG_HOMEDIR;
/* Create the directory only if the supplied directory name
* is the same as the default one. This way we avoid to create
* arbitrary directories when a non-default homedirectory is used.
* To cope with HOME, we do compare only the suffix if we see that
* the default homedir does start with a tilde.
*/
if( opt.dry_run )
return;
if( strlen(fname) >= 7
&& !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) {
if ( ( *defhome == '~'
&& ( strlen(fname) >= strlen (defhome+1)
&& !strcmp(fname+strlen(defhome+1)-strlen(defhome+1),
defhome+1 ) ))
|| ( *defhome != '~'
&& !compare_filenames( fname, defhome ) )
) {
if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) )
log_fatal( _("%s: can't create directory: %s\n"),
fname, strerror(errno) );

View File

@ -279,8 +279,7 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
else {
md_write( md, s2k->salt, 8 );
count -= 8;
assert( count >= 0 );
md_write( md, pw, count );
md_write( md, pw, count );
}
}
else

View File

@ -349,9 +349,9 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help )
case '4': trust = TRUST_FULLY ; break;
default: BUG();
}
*new_trust = trust;
changed = 1;
break;
*new_trust = trust;
changed = 1;
break;
}
else if( *p == ans[0] || *p == ans[1] ) {
tty_printf(_(

View File

@ -109,6 +109,7 @@ static TN used_tns;
static int alloced_tns;
static int max_alloced_tns;
static struct keyid_list *trusted_key_list;
static LOCAL_ID_TABLE new_lid_table(void);
static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag );
@ -463,6 +464,63 @@ lid_from_keyid_no_sdir( u32 *keyid )
************* Initialization ****************
***********************************************/
void
register_trusted_key( const char *string )
{
u32 keyid[2];
struct keyid_list *r;
if( classify_user_id( string, keyid, NULL, NULL, NULL ) != 11 ) {
log_error(_("'%s' is not a valid long keyID\n"), string );
return;
}
for( r = trusted_key_list; r; r = r->next )
if( r->keyid[0] == keyid[0] && r->keyid[1] == keyid[1] )
return;
r = m_alloc( sizeof *r );
r->keyid[0] = keyid[0];
r->keyid[1] = keyid[1];
r->next = trusted_key_list;
trusted_key_list = r;
}
static void
add_ultimate_key( PKT_public_key *pk, u32 *keyid )
{
int rc;
/* first make sure that the pubkey is in the trustdb */
rc = query_trust_record( pk );
if( rc == -1 && opt.dry_run )
return;
if( rc == -1 ) { /* put it into the trustdb */
rc = insert_trust_record_by_pk( pk );
if( rc ) {
log_error(_("key %08lX: can't put it into the trustdb\n"),
(ulong)keyid[1] );
return;
}
}
else if( rc ) {
log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] );
return;
}
if( DBG_TRUST )
log_debug("key %08lX.%lu: stored into ultikey_table\n",
(ulong)keyid[1], pk->local_id );
if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
log_error(_("key %08lX: already in trusted key table\n"),
(ulong)keyid[1]);
else if( opt.verbose > 1 )
log_info(_("key %08lX: accepted as trusted key.\n"),
(ulong)keyid[1]);
}
/****************
* Verify that all our public keys are in the trustdb.
*/
@ -474,7 +532,27 @@ verify_own_keys(void)
PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
u32 keyid[2];
struct keyid_list *kl;
/* put the trusted keys into the ultikey table */
for( kl = trusted_key_list; kl; kl = kl->next ) {
keyid[0] = kl->keyid[0];
keyid[1] = kl->keyid[1];
/* get the public key */
memset( pk, 0, sizeof *pk );
rc = get_pubkey( pk, keyid );
if( rc ) {
log_info(_("key %08lX: no public key for trusted key - skipped\n"),
(ulong)keyid[1] );
}
else {
add_ultimate_key( pk, keyid );
release_public_key_parts( pk );
}
}
/* And now add all secret keys to the ultikey table */
while( !(rc=enum_secret_keys( &enum_context, sk, 0 ) ) ) {
int have_pk = 0;
@ -487,6 +565,10 @@ verify_own_keys(void)
log_info(_("NOTE: secret key %08lX is NOT protected.\n"),
(ulong)keyid[1] );
for( kl = trusted_key_list; kl; kl = kl->next ) {
if( kl->keyid[0] == keyid[0] && kl->keyid[1] == keyid[1] )
goto skip; /* already in trusted key table */
}
/* see whether we can access the public key of this secret key */
memset( pk, 0, sizeof *pk );
@ -504,33 +586,8 @@ verify_own_keys(void)
goto skip;
}
/* make sure that the pubkey is in the trustdb */
rc = query_trust_record( pk );
if( rc == -1 && opt.dry_run )
goto skip;
if( rc == -1 ) { /* put it into the trustdb */
rc = insert_trust_record_by_pk( pk );
if( rc ) {
log_error(_("key %08lX: can't put it into the trustdb\n"),
(ulong)keyid[1] );
goto skip;
}
}
else if( rc ) {
log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] );
goto skip;
add_ultimate_key( pk, keyid );
}
if( DBG_TRUST )
log_debug("key %08lX.%lu: stored into ultikey_table\n",
(ulong)keyid[1], pk->local_id );
if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
log_error(_("key %08lX: already in trusted key table\n"),
(ulong)keyid[1]);
else if( opt.verbose > 1 )
log_info(_("key %08lX: accepted as trusted key.\n"),
(ulong)keyid[1]);
skip:
release_secret_key_parts( sk );
if( have_pk )
@ -541,6 +598,15 @@ verify_own_keys(void)
else
rc = 0;
/* release the trusted keyid table */
{ struct keyid_list *kl2;
for( kl = trusted_key_list; kl; kl = kl2 ) {
kl2 = kl->next;
m_free( kl );
}
trusted_key_list = NULL;
}
enum_secret_keys( &enum_context, NULL, 0 ); /* free context */
free_secret_key( sk );
free_public_key( pk );

View File

@ -1,3 +1,11 @@
Wed Sep 6 14:59:09 CEST 2000 Werner Koch <wk@openit.de>
* secmem.c (secmem_realloc): check for failed secmem_malloc. By
Matt Kraai.
* strgutil.c (utf8_to_native): Fixed null ptr problem. By
Giampaolo Tomassoni.
Thu Jul 27 10:02:38 CEST 2000 Werner Koch <wk@openit.de>
* iobuf.c: Use setmode() at several places to set stdin and stdout

View File

@ -347,9 +347,11 @@ secmem_realloc( void *p, size_t newsize )
if( newsize < size )
return p; /* it is easier not to shrink the memory */
a = secmem_malloc( newsize );
memcpy(a, p, size);
memset((char*)a+size, 0, newsize-size);
secmem_free(p);
if ( a ) {
memcpy(a, p, size);
memset((char*)a+size, 0, newsize-size);
secmem_free(p);
}
return a;
}

View File

@ -424,7 +424,8 @@ utf8_to_native( const char *string, size_t length )
case 0 : n++; if( p ) *p++ = '0'; break;
default: n += 3;
sprintf( p, "x%02x", *s );
p += 3;
if ( p )
p += 3;
break;
}
}