1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Commit Graph

331 Commits

Author SHA1 Message Date
Stefan Bellon
bbf5ea78c2 added fast-import to import-options 2002-09-23 13:03:52 +00:00
Stefan Bellon
77ffe357a9 avoid function clone 2002-09-22 09:20:08 +00:00
Stefan Bellon
78c754cd70 added trustdb update/check for stream import as well 2002-09-21 23:59:59 +00:00
Stefan Bellon
b9c091bd86 trustdb checks/updates after import 2002-09-21 21:57:22 +00:00
Werner Koch
c9f2aaca05 comment type fix 2002-09-20 07:37:44 +00:00
David Shaw
c4c0b1dc5b From stable branch
* keyserver.c (keyserver_spawn): Properly handle line truncation. Don't
leak memory (~10-20 bytes) on searches.
(keyserver_search_prompt): Cleanup.

* keylist.c (list_keyblock_colon): Show 1F direct key signatures in
--with-colons listing.
2002-09-19 17:13:03 +00:00
David Shaw
299e2bf336 From stable branch
* keyedit.c (menu_addrevoker): The direct key signature for revocation
keys must be at least v4 to carry the revocation key subpacket.  Add a PGP
2.x warning for revocation keys.

* g10.c (check_permissions): Rearrange strings to make translating easier
(don't incorporate string parts).

* keyedit.c (sign_uids): Make strings translatable.

* sig-check.c (check_key_signature2): Make string translatable.
2002-09-17 03:21:13 +00:00
David Shaw
baffecaca2 Import from stable branch.
2002-09-13  David Shaw  <dshaw@jabberwocky.com>

	* getkey.c (check_revocation_keys): Move....
	* main.h, sig-check.c (check_revocation_keys): to here.  Also
	return the signature_check error code rather than 0/1 and cache
	the sig result.

	* sig-check.c (check_key_signature2): Divert to
	check_revocation_keys if a revocation sig is made by someone other
	than the pk owner.

	* getkey.c (merge_selfsigs_main): Tidy.

2002-09-13  Werner Koch  <wk@gnupg.org>

	* g10.c (main) [__MINGW32__]: Activate oLoadExtension.
2002-09-13 12:59:31 +00:00
David Shaw
b45a2d03a6 * Makefile.am, hkp.c, hkp.h, keyserver.c (keyserver_work): Remove internal
HKP support.
2002-09-12 12:45:58 +00:00
David Shaw
72cd3ef859 * keyserver.c (keyserver_spawn): Remove whitespace after keyserver
commands.
2002-09-12 12:10:04 +00:00
Werner Koch
c5445cc323 * g10.c, options.h: Removed option --emulate-checksum-bug.
* misc.c (checksum_u16_nobug): Removed.
(checksum_u16): Removed the bug emulation.
(checksum_mpi): Ditto.
(checksum_mpi_counted_nbits): Removed and replaced all calls
with checksum_mpi.
* parse-packet.c (read_protected_v3_mpi): New.
(parse_key): Use it here to store it as an opaque MPI.
* seckey-cert.c (do_check): Changed the v3 unprotection to the new
why to store these keys.
(protect_secret_key): Likewise.
* build-packet.c (do_secret_key): And changed the writing.
2002-09-11 07:27:54 +00:00
David Shaw
c30d7e8dc7 * exec.c (expand_args): Remove loop left over from earlier implementation.
(exec_write): Missed one tick.
2002-09-10 18:03:40 +00:00
Werner Koch
b324a5d2d1 Cleanups and minor fixes. 2002-09-10 08:40:12 +00:00
David Shaw
d8eda8dbd1 * g10.c (add_group): Use '=' to separate group name from group members.
Use a better error message for when no = is found.

* hkp.c (hkp_export): Use CRLF in headers.
2002-09-09 19:21:58 +00:00
David Shaw
8dccf882f7 * mainproc.c (print_pkenc_list): Don't increment the error counter when
printing the list of keys a message was encrypted to.  This would make gpg
give a non-zero exit code even for completely valid messages if the
message was encrypted to more than one key that the user owned.
2002-09-04 02:48:47 +00:00
Werner Koch
5819b1ee45 * g10.c (main): Try to set a default character set. Print the
used one in verbosity level 3.
* gpgv.c (main): Try to set a default character set.

* status.c, status.h (STATUS_IMPORT_OK): New.
* import.c (import_one,import_secret_one): Print new status.
2002-09-02 10:59:04 +00:00
David Shaw
46a58a0527 * pkclist.c (build_pk_list): Add new status code to indicate an untrusted
user.  This (or a disabled key) fail with "unavailable pubkey"
(G10ERR_UNU_PUBKEY).
2002-08-30 19:21:55 +00:00
David Shaw
c721e11bf5 * pkclist.c (build_pk_list): Fail if any recipient keys are unusable.
* options.skel: The PGP LDAP keyserver is back.  Use MIT keyserver as a
sample rather than cryptnet as cryptnet does not support searching yet.

* keyedit.c (show_key_with_all_names): Fix error message (preferences are
userid/selfsig and not key specific).
2002-08-30 18:01:32 +00:00
Werner Koch
5dfd5a6dac * pkclist.c (do_we_trust_pre): Changed the wording of a warning.
* encode.c (encode_simple,encode_crypt): Use new style CTB for
compressssed packets when using MDC.  We need to do this so that
concatenated messages are properly decrypted.  Old style
compression assumes that it is the last packet; given that we
can't determine the length in advance, the uncompressor does not
know where to start.  Actually we should use the new CTB always
but this would break PGP 2 compatibility.
* parse-packet.c (parse): Special treatment for new style CTB
compressed packets.

* build-packet.c (do_mdc): Removed. Was not used.
(do_encrypted_mdc): Count the version number and the MDC packet.
2002-08-30 16:34:13 +00:00
David Shaw
a119391e26 * sig-check.c (do_check_messages, do_check): Show keyid in error messages.
* keyserver.c (print_keyinfo): More readable key listings for
--search-keys responses.
2002-08-28 19:34:58 +00:00
David Shaw
da488f03a7 * hkp.c (parse_hkp_index, dehtmlize): Move HTML functionality into new
"dehtmlize" function.  Remove HTML before trying to parse each line from
the keyserver.  If the keyserver provides key type information in the
listing, use it.
2002-08-26 19:07:59 +00:00
David Shaw
7e3e9bf357 * sig-check.c (do_check, do_check_messages): Emit the usual sig warnings
even for cached sigs.  This also serves to protect against missing a sig
expiring while cached.

* getkey.c (merge_selfsigs_main): Don't check UID self-sigs twice.
2002-08-23 20:59:48 +00:00
David Shaw
8609693d79 * import.c (clean_subkeys, chk_self_sigs): Merge clean_subkeys into
chk_self_sigs.  This improves efficiency as the same signatures are not
checked multiple times.  Clarify when a subkey is revoked (any revocation
signature, even if it is dated before the binding signature).

* getkey.c (merge_selfsigs_subkey): Subkey revocation comments.

* keylist.c (list_one): Stats are only for public key listings.

* g10.c (main), options.skel: Default should be include-revoked for
keyserver operations.
2002-08-22 17:47:42 +00:00
Werner Koch
c7dfa3a8d2 * import.c (import_print_stats): Print new non_imported counter
which is currently not used becuase we terminate on errors.
2002-08-21 14:59:05 +00:00
David Shaw
1cc0480be4 * options.skel: Document no-include-attributes for keyserver-options. 2002-08-20 17:16:33 +00:00
David Shaw
fa88fe9aaf * keylist.c, keyedit.c, keyserver.c, sign.c: Some TODOs and comments.
* export.c (do_export_stream): Fix noop bug in exporting sensitive
revocation keys.

* pkclist.c (do_edit_ownertrust): Comment out the option for showing trust
paths until it can be implemented.
2002-08-20 12:45:57 +00:00
Werner Koch
89f8e7ef36 * getkey.c (get_user_id_native): Renamed to ..
(get_user_id_printable): this.  Filter out all dangerous
characters.  Checked all usages.
(get_user_id_string_native): Renamed to..
(get_user_id_string_printable): this.  Filter out all dangerous
characters.  Checked all usages.
* keyedit.c (show_basic_key_info): New.
* keylist.c (print_fingerprint): New mode 3.
* import.c (import_one): Use new function to display the user ID.
2002-08-19 08:28:00 +00:00
Timo Schulz
5201d1ec9d 2002-08-16 Timo Schulz <ts@winpt.org>
* g10.c (main): enable opt.interactive.

        * import.c (import_one): Ask the user if the key shall be
        imported when the interactive mode is used. Useful to extract
        selected keys from a file.
2002-08-18 17:24:21 +00:00
Werner Koch
e78e69f37a Removed a leftover conflict indicator. 2002-08-16 07:14:29 +00:00
Werner Koch
0996f7d4df * seckey-cert.c: Workaround to allow decryption of v3 keys created
with a bug in the mpi_get_secure_buffer.
2002-08-16 07:13:13 +00:00
David Shaw
9ad0a6550b * hkp.c (parse_hkp_index): Properly handle really large keys (5 digit key
length) in HKP searches.
2002-08-14 22:48:28 +00:00
David Shaw
1111da19a8 * encode.c (encode_simple): Fix problem with using compression algo 2 and
symmetric compressed files.

* encode.c (encode_simple, encode_crypt): If we are not using a MDC,
compress even if a file is already compressed.  This is to help against
the chosen ciphertext attack.

* pkclist.c (select_algo_from_prefs): Fix requested algorithm bug so the
request succeeds even if the requested algorithm is not the first found.

* cipher.c (write_header), encode.c (use_mdc, encode_simple, encode_crypt,
encrypt_filter), g10.c (main): Be more eager to use a MDC.  We use a MDC
if the keys directly support it, if the keys list AES (any) or TWOFISH
anywhere in the prefs, or if the cipher chosen does not have a 64 bit
blocksize.
2002-08-13 19:00:23 +00:00
David Shaw
74a84ca93b * options.skel: Some language tweaks, and remove the load-extension
section for random gatherers.

* keyring.c (create_tmp_file, rename_tmp_file): Create tmp files with
user-only permissions, but restore the original permissions if the user
has something special set.

* openfile.c (copy_options_file): Create new options file (gpg.conf) with
user-only permissions.

* keydb.c (keydb_add_resource): Create new keyrings with user-only
permissions.
2002-08-09 02:23:42 +00:00
David Shaw
c3f1100411 * tdbio.c (tdbio_set_dbname): Create new trustdbs with user-only
permissions.
2002-08-08 19:09:34 +00:00
David Shaw
e703540328 * sig-check.c (signature_check2): Sanity check that the md has a context
for the hash that the sig is expecting.  This can happen if a onepass sig
header does not match the actual sig, and also if the clearsign "Hash:"
header is missing or does not match the actual sig.
2002-08-07 19:53:27 +00:00
David Shaw
fee7e35bae * keyedit.c (menu_revsig): Properly show a uid is revoked without
restarting gpg.  This is Debian bug 124219, though their supplied patch
will not do the right thing.

* main.h, tdbio.c (tdbio_set_dbname), misc.c (removed check_permissions),
keydb.c (keydb_add_resource), g10.c (main, check_permissions): Significant
reworking of the permission check mechanism.  The new behavior is to check
everything in the homedir by checking the homedir itself.  If the user
wants to put (possibly shared) keyrings outside the homedir, they are not
checked.  The options file and any extension files are checked wherever
they are, as well as their enclosing directories.  This is Debian bug
147760.
2002-08-07 15:53:15 +00:00
Stefan Bellon
7dec3219c9 use of EXTSEP_S 2002-08-06 18:32:58 +00:00
David Shaw
63a71c1ff9 * options.h, g10.c (main), mainproc.c (proc_encrypted): --ignore-mdc-error
option to turn a MDC check error into a warning.
2002-08-06 17:57:53 +00:00
David Shaw
58b0a36d6b * encode.c (encode_crypt), g10.c (main), sign.c (sign_file,
clearsign_file): Use the same --pgpX warning string everywhere to ease
translations.

* encode.c (write_pubkey_enc_from_list): Warn when using --throw-keyid
with --pgpX.  Noted by Vedaal Nistar.
2002-08-06 17:38:04 +00:00
David Shaw
111f78b1ff * revoke.c (export_minimal_pk, gen_desig_revoke, gen_revoke): Export a
minimal pk along with the revocation cert when in --pgpX mode so that PGP
can import it.
2002-08-06 16:58:58 +00:00
Werner Koch
e028b7760b * options.skel: Changed comments.
* gpg.sgml: Fixed doc regarding the name change of the option
file.
2002-08-06 13:37:09 +00:00
Werner Koch
a1259acdcb * g10.c (main): Try to use "gpg.conf" as default option file.
* openfile.c (copy_options_file): Changed name of created file.
2002-08-06 13:29:27 +00:00
Werner Koch
85aa3e18c2 The big extension module removal. 2002-08-03 10:50:53 +00:00
Werner Koch
4493a9603b * delkey.c (do_delete_key): Always allow to delete a key in batch mode
when specified by fingerprint.  Suggested by Enzo Michelangeli.
2002-08-02 10:15:39 +00:00
David Shaw
928dba9e70 * options.h, g10.c (main), mainproc.c (proc_encrypted): Return a
decryption failed error if a MDC does not verify.  Warn if a MDC is not
present (can disable via --no-mdc-warning).

* exec.c (exec_write), g10.c (main), keyserver.c (keyserver_spawn): Use
new DISABLE_KEYSERVER_PATH rather than FIXED_EXEC_PATH.
2002-07-30 16:48:21 +00:00
David Shaw
33ef3cf981 * sig-check.c (do_check): Properly validate v4 sigs with no hashed section
at all.
2002-07-29 03:07:11 +00:00
David Shaw
bb99f6c828 * keyedit.c (menu_revsig): Change "revsig" to honor selected uids so the
user can revoke sigs from particular uids only.

* keylist.c (list_keyblock_print): Don't display expired uids in
--list-keys unless -v and not --list-sigs (just like revoked uids).
2002-07-25 22:59:25 +00:00
David Shaw
9ac6821b46 * exec.c, export.c, import.c, keyedit.c, keyserver.c, misc.c: "Warning" ->
"WARNING"
2002-07-25 18:08:09 +00:00
David Shaw
553ac3f08c * main.h, import.c (parse_import_options, fix_hkp_corruption, import_one,
delete_inv_parts), g10.c (main): New import-option
"repair-hkp-subkey-bug", which repairs as much as possible the HKP
mangling multiple subkeys bug.  It is on by default for keyserver
receives, and off by default for regular --import.

* main.h, import.c (import, import_one, delete_inv_parts), hkp.c
(hkp_ask_import), keyserver.c (keyserver_spawn): Use keyserver import
options when doing keyserver receives.
2002-07-24 21:17:19 +00:00
David Shaw
d0c643a6c5 * options.h, exec.h, exec.c (set_exec_path, exec_write), g10.c (main),
keyserver.c (keyserver_spawn): If the user does not use "exec-path",
completely replace $PATH with GNUPG_LIBEXECDIR before calling the
keyserver helper.  If the user does use "exec-path", append
GNUPG_LIBEXECDIR after the specified path.
2002-07-24 19:24:08 +00:00