* getkey.c (merge_selfsigs_main): Don't bother to check designated revoker
sigs if the key is already revoked.
* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on
PKs. It is set when there is a revocation signature from a valid
revocation key, but the revocation key is not present to verify the
signature.
* pkclist.c (check_signatures_trust): Use it here to give a warning when
showing key trust.
* compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library
and we can at least guarantee that it won't fail because of the lack of
stdio.h.
returns the primary key when requesting a subkey, so if a user has a key
signed by a subkey (we don't do this, but used to), AND that key is not
self-signed, AND the algorithm of the subkey in question is not present in
GnuPG, AND the algorithm of the primary key that owns the subkey in
question is present in GnuPG, then we will try and verify the subkey
signature using the primary key algorithm and hit a BUG(). The fix is to
not return a hit if the keyid is not the primary. All other users of
get_pubkey_fast already expect a primary only.
get_seckey_byname2): Disallow use of encrypt-only v3 Elgamal keys for
anything except revocations.
* sign.c (do_sign): Add Elgamal encrypt-only keys to the signature
catchall.
* trustdb.c (mark_usable_uid_certs): Disallow signatures to and from
Elgamal encrypt-only keys in the trustdb. Granted, this sounds strange,
but there are historical keys that fit this description.
Reverts change from 2003-10-03.
* THANKS: Added Phong Nguyen, who found the Elgamal signing key
problem.
* configure.ac (ALL_LINGUAS): Added a Russian translation; thanks
to Maxim Britov. Added Belarusion; thanks to Ales Nyakhaychyk.
revocation is generated.
* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Disallow use of sign+encrypt Elgamal keys for
anything except revocations.
* sign.c (do_sign): Catchall for any Elgamal signatures except
revocations.
--quiet is set. Suggested by Duncan Harris. Also don't fail with BUG()
when processing a --symmetric message with a cipher we don't have.
* pkclist.c (build_pk_list): Revert last change. There are too many side
effects for stable.
* g10.c (main): Add read-only warning.
* compress.c (compress_filter): Make static to help force the use of
push_compress_filter. Remove default algorithm setting since that is done
in push_compress_filter now.
* main.h: Use named algorithm.
* filter.h, compress.c (push_compress_filter, push_compress_filter2): New.
Figure out which is the appropriate compression filter to use, and push it
into place.
* compress.c (handle_compressed), encode.c (encode_simple, encode_crypt),
sign.c (sign_file, sign_symencrypt_file), import.c (read_block), export.c
(do_export): Use push_compress_filter instead of pushing the compression
filter ourselves.
* compress-bz2.c: New. Bzlib versions of the compression filter routines.
* Makefile.am: Include compress-bz2.c if bz2lib is available.
difference here between a bad passphrase and a cipher algorithm that we
don't have, so use a error message that makes that clear. Use the actual
list of ciphers when checking whether a cipher is invalid. Return error
if the decrypted cipher algorithm is invalid. (proc_symkey_enc): In a
mixed passphrase/pk message, if a valid dek already exists from decrypting
via pk, do not try to process the passphrase. (proc_symkey_enc): Indicate
when we're decrypting a session key as opposed to decrypting data. If a
passphrase is invalid, discard the dek so we'll keep trying.
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically
encrypted session key. Use --s2k-cipher-algo to choose cipher, rather
than --cipher-algo. This code is never actually called in stable, but
better to fix it here in case we branch in the future.
* parse-packet.c (parse_subkeyenc): Call it a "symmetrically encrypted
session key" since "session key decryption key" is just baffling. Neaten
--list-packets output.
* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless
--quiet is set.
--encrypt-files (plus --verify-files, --decrypt-files).
* encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440 directly to
check for MDC usability. Do not set the force_mdc or disable_mdc flags
since there is no point any longer.
explain the roundrobin a bit better.
* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids,
merge_blocks): Make much quieter during import of slightly munged, but
recoverable, keys. Use log_error for unrecoverable import failures.
* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.
Provide a signing-key-is-revoked flag. Change all callers.
* status.h, status.c (get_status_string): New REVKEYSIG status tag for a
good signature from a revoked key.
* mainproc.c (do_check_sig, check_sig_and_print): Use it here.
* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual
signatures on import rather than using keyid or class matching. This does
not change actual behavior with a key, but does mean that all sigs are
imported whether they will be used or not.
check_key_signature2): Allow passing NULLs for unused parameters in the x2
form of each function to avoid the need for dummy variables. getkey.c,
mainproc.c: Change all callers.
the primary key if the key making the signature is the primary key.
* parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.
and signer's primary fingerprint (%p).
* tdbio.h, tdbio.c (create_version_record, tdbio_write_nextcheck,
tdbio_read_record, tdbio_write_record): Force a 0 into the trust_model
field. This is to help smooth the 1.2->1.4 switchover, as otherwise a 1.4
trustdb could be rebuilt as classic on 1.2 while still claiming to be a
non-classic trust model.
