1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

1100 Commits

Author SHA1 Message Date
David Shaw
3afe991bb8 * packet.h, build-packet.c (build_sig_subpkt), export.c
(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c
(dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old
sig cache subpacket.  This wasn't completely harmless as it caused
subpacket 101 to disappear on import and export.

* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex.  This is step one in simplifying them. No
functional change yet, just use a macro to check for compliance level.

* sign.c (sign_file): Fix bug that causes spurious compression preference
warning.

* sign.c (clearsign_file): Fix bug that prevents proper warning message
from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key.

* main.h, misc.c (compliance_option_string, compliance_string,
compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file,
clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New
functions to put the "this message may not be usable...." warning in one
place.

* options.h, g10.c (main): Part two of the simplification.  Use a single
enum to indicate what we are compliant to (1991, 2440, PGPx, etc.)

* g10.c (main): Show errors for failure in export, send-keys, recv-keys,
and refresh-keys.

* options.h, g10.c (main): Give algorithm warnings for algorithms chosen
against the --pgpX and --openpgp rules.

* keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp
mode.

* sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of
0.
2003-05-03 04:07:45 +00:00
David Shaw
7c3aa4aea3 * cipher.h: Add constants for compression algorithms. 2003-05-03 03:21:29 +00:00
David Shaw
f861b6488e * tdbio.c (create_version_record): Only create new trustdbs with
TM_CLASSIC or TM_PGP.

* trustdb.h, trustdb.c (trust_string, get_ownertrust_string,
get_validity_string, ask_ownertrust, validate_keys), pkclist.c
(do_edit_ownertrust): Rename trust_string to trust_value_to_string for
naming consistency.

* trustdb.h, trustdb.c (string_to_trust_value): New function to translate
a string to a trust value.

* g10.c (main): Use string_to_trust_value here for --force-ownertrust.

* options.h, g10.c (main), trustdb.c (trust_model_string, init_trustdb,
check_trustdb, update_trustdb, get_validity, validate_one_keyblock): An
"OpenPGP" trust model is misleading since there is no official OpenPGP
trust model.  Use "PGP" instead.
2003-05-01 21:37:08 +00:00
David Shaw
1fc1d26083 * build-packet.c (build_sig_subpkt): Comments.
* exec.c (exec_write): Cast NULL to void* to properly terminate varargs
list.

* keyedit.c (show_key_with_all_names): Just for safety, catch an invalid
pk algorithm.

* sign.c (make_keysig_packet): Crucial that the call to mksubpkt comes
LAST before the calls to finalize the sig as that makes it possible for
the mksubpkt function to get a reliable pointer to the subpacket area.

* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
particular user ID, use that ID as the one to ask about when prompting
whether to use the key anyway. (build_pk_list): Similar change here when
adding keys to the recipient list.

* trustdb.c (update_validity): Fix bug that prevented more than one
validity record per trust record. (get_validity): When retrieving validity
for a (user) supplied user ID, return the validity for that user ID only,
and do not fall back to the general key validity. (validate_one_keyblock):
Some commentary on whether non-self-signed user IDs belong in the web of
trust (arguably, they do).
2003-04-30 05:33:52 +00:00
David Shaw
82334b3bdc * gettextP.h: Add comment for HP/UX users. Local fix for GnuPG. 2003-04-30 03:49:23 +00:00
Werner Koch
9e6c5f9a61 * scdaemon.c: New options --print-atr and --reader-port
* apdu.c, apdu.h: New

* card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC.
2003-04-29 19:08:35 +00:00
Werner Koch
735c284e73 * Makefile.am: Use libassuan. Don't override LDFLAGS anymore.
* server.c (register_commands): Adjust for new Assuan semantics.
2003-04-29 10:42:42 +00:00
Werner Koch
ff272a6ed3 * Makefile.am (LDFLAGS): Removed.
* command.c (register_commands): Adjusted for new Assuan semantics.
2003-04-29 10:42:05 +00:00
Werner Koch
84a9ac9572 * util.h (fopencokokie): Removed prototype and struct.
* maperror.c: Use system assuan.h
2003-04-29 10:39:22 +00:00
Werner Koch
ca4df4b123 * command.c (register_commands): Adjusted for new Assuan semantics.
* Makefile.am: Don't override LDFLAGS.
2003-04-29 10:38:49 +00:00
Werner Koch
fd959cdb59 Removed assuan because we now use libassuan 2003-04-29 09:11:49 +00:00
David Shaw
7fe578ce22 * DETAILS (VALIDSIG): Add version, pk algo, digest algo, sig class, and a
reserved field for flags in a future version.

* gpg.sgml: Document --no-textmode and --no-use-agent.  Clarify the
interoperability section.  Clarify that "hkp corruption"
(repair-hkp-subkey-bug) is really "pks corruption"
(repair-pks-subkey-bug).
2003-04-27 20:37:26 +00:00
David Shaw
ed7467a6ba * BUGS: Fix bug reporting URL.
* NEWS: Add sig version, pk algo, hash algo, and sig class to VALIDSIG.
Add notes about SRV, the "subkeyid!" syntax, configure options to disable
various algorithms, and the ability to change the keyserver no-modify
flag.
2003-04-27 20:30:38 +00:00
David Shaw
9f6fa94486 * g10.c (main): Add --no-textmode.
* export.c (do_export_stream), keyedit.c (show_key_with_all_names,
menu_addrevoker), mainproc.c (check_sig_and_print), photoid.c
(show_photos), sign.c (mk_notation_and_policy), trustdb.c (get_validity,
reset_trust_records, validate_keys): Make some strings translatable.

* mainproc.c (check_sig_and_print): Show digest algorithm and sig class
when verifying a sig with --verbose on, and add version, pk and hash
algorithms and sig class to VALIDSIG.

* parse-packet.c (enum_sig_subpkt): Make a warning message a --verbose
warning message since we don't need to warn every time we see an unknown
critical (we only need to invalidate the signature).

* trustdb.c (init_trustdb): Check the trustdb options even with TM_AUTO
since the auto may become TM_CLASSIC or TM_OPENPGP.
2003-04-27 20:22:09 +00:00
David Shaw
a01bda6abd * sign.c (do_sign): Show the hash used when making a signature in verbose
mode.

* tdbio.h, tdbio.c (tdbio_read_model): New function to return the trust
model used in a given trustdb.

* options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb,
update_trustdb): Use tdbio_read_model to implement an "auto" trust model
which is set via the trustdb.
2003-04-26 20:38:16 +00:00
David Shaw
e0373e85a9 * config.links: Re-disable assembler on Darwin. Darwin 6.5 broke it
again.
2003-04-25 04:12:57 +00:00
David Shaw
8bb4628d05 * configure.ac: Big warning that TIGER/192 is being removed from the
standard, and make it disabled by default.

* README: Put back proper copyright line.  Remove mention of TIGER/192.
2003-04-23 22:57:49 +00:00
David Shaw
874214d0a0 * import.c (import_revoke_cert): Remove ultimate trust when revoking an
ultimately trusted key.

* keyedit.c (sign_uids): Allow replacing expired signatures. Allow
duplicate signatures with --expert.

* pkclist.c (check_signatures_trust): Don't display a null fingerprint
when checking a signature with --always-trust enabled.

* filter.h (progress_filter_context_t), progress.c (handle_progress),
plaintext.c (ask_for_detached_datafile, hash_datafiles): Fix compiler
warnings.  Make "what" constant.

* build-packet.c (do_plaintext): Do not create invalid literal packets
with >255-byte names.
2003-04-23 21:18:39 +00:00
David Shaw
4e472d09a8 * Makefile.am, options.in: Rename options.in to options since it no longer
needs to be a generated file.

* sigs.test: TODO note to add the new SHAs when we start generating them.

* mds.test: Test the new SHAs.
2003-04-23 20:08:38 +00:00
Werner Koch
b394776a80 * Makefile.am (AM_CFLAGS): Make use of AM_CFLAGS and AM_LDFLAGS.
* g10.c, options.h: New option --enable-progress-filter.
* progress.c (handle_progress): Make use of it.
2003-04-15 15:46:13 +00:00
Werner Koch
fc3cc2cacf * gpg.sgml: Document --enable-progress-filter. 2003-04-15 15:44:30 +00:00
Werner Koch
e5ffcabadb * configure.ac (HAVE_DOSISH_SYSTEM): New automake conditional. 2003-04-15 15:27:39 +00:00
Werner Koch
6878858fdc * longlong.h (umul_ppmm): Support SH3 and SH4. Thanks to
kazuya.s@jp.yokogawa.com.
2003-04-15 12:44:27 +00:00
Werner Koch
297e879108 * md.c (md_start_debug): Need to open the file in binary mode. 2003-04-15 12:20:31 +00:00
Werner Koch
983034610d * acinclude.m4 (GNUPG_CHECK_ENDIAN): Fix quoting of r.e. using
quadrigraphs.
2003-04-15 12:19:58 +00:00
David Shaw
01d6a55b77 * srv.c (main): Test against wwwkeys.pgp.net.
* srv.h: Grr. The RH7.3 Linux man page defines the fourth arg of dn_expand
as unsigned char*, but it is really char* according to resolv.h.
2003-04-13 20:06:09 +00:00
Werner Koch
6b55878912 * passphrase.c (read_passphrase_from_fd): Do a dummy read if the
agent is to be used.  Noted by Ingo Kl�cker.
(agent_get_passphrase): Inhibit caching when we have no
fingerprint.  This is required for key generation as well as for
symmetric only encryption.

* passphrase .c (agent_get_passphrase): New arg CANCELED.
(passphrase_to_dek): Ditto.  Passed to above.  Changed all
callers to pass NULL.
* seckey-cert.c (do_check): New arg CANCELED.
(check_secret_key): Terminate loop when canceled.

* keyedit.c (change_passphrase): Pass ERRTEXT untranslated to
passphrase_to_dek and translate where appropriate.
* seckey-cert.c (check_secret_key): Ditto.
* keygen.c (ask_passphrase): Ditto.
* passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT.
Switch the codeset to utf-8.
2003-04-10 09:56:47 +00:00
David Shaw
3cf45b304e * main.h, g10.c (main), import.c (parse_import_options,
fix_pks_corruption): It's really PKS corruption, not HKP corruption.
Keep the old repair-hkp-subkey-bug command as an alias.

* g10.c (main): Rename --no-version to --no-emit-version for consistency.
Keep --no-version as an alias.
2003-04-09 01:57:46 +00:00
David Shaw
11fc63ba93 * gpgkeys_hkp.c (dehtmlize, parse_hkp_index): Fix memory corruption bug on
some platforms.
2003-04-09 01:36:16 +00:00
Werner Koch
55fc1bb453 * autogen.sh: Add options to build for coldfire and uClinux. 2003-04-08 09:20:09 +00:00
Werner Koch
0a5ec42a9f * Makefile.am (EXTRA_DIST): Add autogen.sh wrapper. 2003-04-08 09:19:41 +00:00
Werner Koch
26fabc31e3 Add primary key fingerprint to VALIDSIG status. 2003-04-08 08:42:47 +00:00
David Shaw
cf6fcc0b4b * DETAILS: Don't specify which hash is used to make up the namehash since
it may change in the future.

* samplekeys.asc: Updated.

* gpg.sgml: Document "revuid".  Clarify that --openpgp resets --pgpX.
Some cleanup of --no-xxx options, make sure that all SGML tags are closed,
clarify --pgp8 allows SHA-256, and document --no-emit-version.

* Makefile.am: Allow CVS version to build without faqprog.pl.
2003-04-07 22:23:42 +00:00
David Shaw
fe5e3e594a * dcigettext.c (plural_lookup): Name conflict on some platforms with
"index".  Local fix for GnuPG.
2003-04-07 22:04:25 +00:00
David Shaw
c88bc35372 * configure.ac: Use much more accurate method to determine whether
DNS SRV is usable.

* README: Document the various --disable-xxx switches, and add a note
about existing keys that may use one of the missing ciphers as a
preference.  Update copyright date.

* NEWS: Add note about SHA-256/384/512.

* acinclude.m4: Fix URL to faqprog.pl.
2003-04-07 21:52:38 +00:00
David Shaw
5eba95854c * pkclist.c (algo_available): PGP 8 can use the SHA-256 hash.
* sign.c (sign_file, clearsign_file, sign_symencrypt_file): Remove unused
code.
2003-04-04 22:48:24 +00:00
David Shaw
d2548b3f60 * keydb.h: Err on the side of making an unknown signature a SIG rather
than a CERT.

* import.c (delete_inv_parts): Discard any key signatures that aren't key
types (i.e. 0x00, 0x01, etc.)

* g10.c (main): Add deprecated option warning for --list-ownertrust.  Add
--compression-algo alias for --compress-algo.  Change --version output
strings to match "showpref" strings, and make translatable.

* status.c (do_get_from_fd): Accept 'y' as well as 'Y' for --command-fd
boolean input.

* trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX)

* keyedit.c (show_key_with_all_names_colon): Show no-ks-modify flag.
2003-03-24 20:05:53 +00:00
Werner Koch
62df762d9e * acinclude.m4 (GNUPG_CHECK_ENDIAN): When crosscompiling assume
little only for Intel CPUs.

* configure.ac: Check for ranlib and ar.  This is required for
cross compiling.
2003-03-24 16:18:30 +00:00
David Shaw
930290698a * argparse.c (default_strusage): Change copyright date. 2003-03-23 16:24:49 +00:00
David Shaw
1995efc728 * srv.h, srv.c (getsrv): Use unsigned char rather than char. Noted by
Stefan Bellon.
2003-03-15 02:28:02 +00:00
David Shaw
2c717d9038 * options.h, g10.c (main), keyserver.c (kopts): Add "try-dns-srv"
keyserver option.  Defaults to on.

* passphrase.c (agent_get_passphrase): Fix memory leak with symmetric
messages.  Fix segfault with symmetric messages.  Fix incorrect prompt
with symmetric messages.
2003-03-11 22:12:20 +00:00
David Shaw
81844d2b65 * http.c (connect_server): Use DNS SRV to get a server list. Fail over to
A records if necessary.

* Makefile.am, srv.h, srv.c: New DNS SRV handling code.
2003-03-11 22:04:53 +00:00
David Shaw
48b55931dc * Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.
2003-03-11 19:23:23 +00:00
David Shaw
bbd986f3d8 * gpgkeys_hkp.c (get_key): Properly handle CRLF line endings in the
armored key. (main): Accept "try-dns-srv" option.

* Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.  Use @SRVLIBS@ to link in the resolver if we are using DNS
SRV.
2003-03-11 17:42:07 +00:00
David Shaw
a07c1bc4ac * http.h: Add HTTP_FLAG_TRY_SRV. 2003-03-11 17:32:59 +00:00
David Shaw
d804867c17 * configure.ac: Look for res_query so we can use DNS SRV, and add
--disable-dns-srv to disable it.
2003-03-11 17:29:49 +00:00
Werner Koch
230d871336 * compress.c (init_uncompress): Use a 15 bit window size so that
the output of implementations which don't run for PGP 2
compatibility won't get garbled.
2003-03-10 09:59:33 +00:00
David Shaw
e84c4ca606 * configure.ac: Define @CAPLIBS@ to link in -lcap if we are using
capabilities.
2003-03-04 16:12:53 +00:00
David Shaw
909f6a0637 * trustdb.c (validate_keys): Mask the ownertrust when building the list of
fully valid keys so that disabled keys are still counted in the web of
trust. (get_ownertrust_with_min): Do the same for the minimum ownertrust
calculation.

* parse-packet.c (dump_sig_subpkt): Show the notation names for
not-human-readable notations.  Fix cosmetic off-by-one length counter.

* options.skel: Add explantion and commented-out
"no-mangle-dos-filenames".

* mainproc.c (proc_encrypted): Make string translatable.

* keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit characters
in the uid strings sent to the keyserver helper.

* keyring.c (keyring_rebuild_cache): Lock the keyring while rebuilding the
signature caches to prevent another gpg from tampering with the temporary
copy.

* keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in default
prefs.

* keyedit.c (show_prefs): Make strings translatable.

* keydb.c: Double the maximum number of keyrings to 40.

* gpgv.c (main): Fix bug #113 - gpgv should accept the
--ignore-time-conflict option.

* g10.c (main): --openpgp disables --pgpX.  Double the amount of secure
memory to 32k (keys are getting bigger these days).

* Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.
2003-03-04 15:24:12 +00:00
David Shaw
cb2167a306 * keyserver.c (keyserver_spawn): Include various pieces of information
about the key in the data sent to the keyserver helper.  This allows the
helper to use it in instructing a remote server which may not have any
actual OpenPGP smarts in parsing keys.

* main.h, export.c (export_pubkeys_stream, do_export_stream): Add ability
to return only the first match in an exported keyblock for keyserver
usage.  This should be replaced at some point with a more flexible
solution where each key can be armored seperately.
2003-02-26 17:11:24 +00:00