1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-27 11:10:13 +01:00

1747 Commits

Author SHA1 Message Date
David Shaw
7911a5ed86 * keyring.h, keyring.c (keyring_register_filename): Return the pointer if
a given keyring is registered twice.

* keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a default
keyring. (keydb_locate_writable): Prefer the default keyring if possible.

* g10.c (main): Add --default-keyring option.
2002-11-08 03:31:21 +00:00
David Shaw
bf4a893586 * options.h, g10.c (main), trustdb.c (ask_ownertrust): Add
--force-ownertrust option for debugging purposes.  This allows setting a
whole keyring to a given trust during an --update-trustdb.  Not for normal
use - it's just easier than hitting "4" all the time to test a large
trustdb.
2002-11-07 04:37:27 +00:00
David Shaw
d771dd272d * w32reg.c (read_w32_registry_string): Fixed expanding of the environment
buffer; didn't worked at all.  Reported by Thijmen Klok.  From Werner on
stable branch.

* secmem.c (secmem_free, secmem_term): Use wipememory2() instead of
memset() to overwrite secure memory

* iobuf.c (direct_open): Handle mode 'b' if O_BINARY is available. From
Werner on stable branch.

* fileutil.c: Comment from stable branch.
2002-11-06 22:51:44 +00:00
David Shaw
d941240b45 * util.h: Add wipememory2() macro (same as wipememory, but can specify the
byte to wipe with).
2002-11-06 17:38:09 +00:00
David Shaw
c4d58f14e0 * rndw32.c [__CYGWIN32__]: Don't include winioctl.h - it is not required
anymore. (From Werner)

* random.c (read_seed_file,update_random_seed_file): Use binary mode for
__CYGWIN__. (From Werner)

* blowfish.c (burn_stack), cast5.c (burn_stack), des.c (burn_stack), md5.c
(burn_stack), random.c (burn_stack, read_pool, fast_random_poll),
rijndael.c (burn_stack), rmd160.c (burn_stack), rndegd.c
(rndegd_gather_random), rndlinux.c (rndlinux_gather_random), sha1.c
(burn_stack), tiger.c (burn_stack), twofish.c (burn_stack): Replace
various calls to memset() with the more secure wipememory().
2002-11-06 17:32:37 +00:00
David Shaw
3cb4118b6c * pubkey-enc.c (get_session_key): With hidden recipients or try a given
passphrase against all secret keys rather than trying all secret keys in
turn.  Don't if --try-all-secrets or --status-fd is enabled.

* passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase
query, but don't prompt with the key info.

* seckey-cert.c (do_check, check_secret_key): A negative ask count means
to enable passphrase mode 1.

* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.
2002-11-06 16:58:28 +00:00
David Shaw
ec0d9a416e * gpgkeys_ldap.c (key_in_keylist, add_key_to_keylist, free_keylist,
get_key, search_key): The LDAP keyserver doesn't remove duplicates, so
remove them locally.  Do not include the key modification time in the
search response.
2002-11-05 22:08:02 +00:00
David Shaw
6920513cb4 * keyserver.c (keyserver_search_prompt): When --with-colons is enabled,
don't try and fit the search output to the screen size - just dump the
whole list.
2002-11-05 16:11:04 +00:00
David Shaw
47b4b7f5c3 * keyserver.c (keyserver_search_prompt): When --with-colons is enabled,
just dump the raw keyserver protocol to stdout and don't print the menu.
2002-11-05 04:28:40 +00:00
David Shaw
c773df7668 * KEYSERVER: New. Documents the --with-colons format for keyserver
listings.

* DETAILS: Clarify meaning of 'u'.  Noted by Timo.
2002-11-05 04:24:45 +00:00
David Shaw
731ab598ad * trustdb.c (trust_model_string, check_trustdb, update_trustdb,
validate_one_keyblock): It's not clear what a trustdb rebuild or check
means with a trust model other than "classic" or "openpgp", so disallow
this.
2002-11-04 17:30:38 +00:00
David Shaw
f7b357ebfe * gpgkeys_hkp.c (send_key), gpgkeys_ldap.c (send_key): Properly handle an
input file that does not include any key data at all.
2002-11-04 13:59:08 +00:00
David Shaw
91a8e4a6fb * options.h, g10.c (main): Add --trust-model option. Current models are
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works).  Default is "openpgp".

* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.

* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.
2002-11-03 20:18:56 +00:00
David Shaw
1b593c0515 * gpg.sgml: Document "tsign", clarify "setpref", clarify --recipient,
document --hidden-recipient, document --hidden-encrypt-to, clarify
--no-encrypt-to, clarify --throw-keyid, document --no-throw-keyid.
2002-11-03 13:40:39 +00:00
David Shaw
06285e37b1 * NEWS: Note trust signature support,
--hidden-encrypt-to/--hidden-recipient, and long algorithm name support
everywhere.
2002-11-03 12:52:30 +00:00
David Shaw
ae1d1288ee * keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids, keyedit_menu):
Prompt for and create a trust signature with "tsign".  This is functional,
but needs better UI text.

* build-packet.c (build_sig_subpkt): Able to build trust and regexp
subpackets.

* pkclist.c (do_edit_ownertrust): Comment.
2002-11-03 12:46:52 +00:00
David Shaw
39e659312e * keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the full
algorithm name (CAST5, SHA1) rather than the short form (S3, H2).

* main.h, keygen.c (keygen_get_std_prefs), keyedit.c (keyedit_menu):
Return and use a fake uid packet rather than a string since we already
have a nice parser/printer in keyedit.c:show_prefs.

* main.h, misc.c (string_to_compress_algo): New.
2002-11-03 00:00:42 +00:00
David Shaw
d6693c144c * cipher.c (string_to_cipher_algo), md.c (string_to_digest_algo): Allow
the Sxxx and Hxxx format for cipher and digest names.
2002-11-02 21:39:37 +00:00
David Shaw
bdf0e306df * g10.c (main): Add --no-throw-keyid.
* keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main), pkclist.c
(build_pk_list): Add --hidden-recipient (-R) and --hidden-encrypt-to,
which do a single-user variation on --throw-keyid.  The "hide this key"
flag is carried in bit 0 of the pk_list flags field.

* keyserver.c (parse_keyrec): Fix shadowing warning.
2002-11-01 16:15:45 +00:00
David Shaw
7b4ad0f64c * Makefile.am: Put gnupg.spec in the root directory so rpm -ta works. 2002-10-31 18:29:53 +00:00
David Shaw
61a15d304d * gnupg.spec.in: Update source ftp path. 2002-10-31 18:28:35 +00:00
Stefan Bellon
7dac918b6d added RISC OS module loading support 2002-10-31 16:58:47 +00:00
David Shaw
20c99d180a * build-packet.c (do_plaintext), encode.c (encode_sesskey, encode_simple,
encode_crypt), sign.c (write_plaintext_packet): Use wipememory() instead
of memset() to wipe sensitive memory as the memset() might be optimized
away.
2002-10-31 15:40:42 +00:00
David Shaw
d284a4d200 * util.h: Add wipememory() macro. 2002-10-31 15:35:24 +00:00
David Shaw
b9d7219150 * configure.ac: Add a check for volatile. 2002-10-31 15:31:04 +00:00
David Shaw
179b8570c8 * trustdb.c (check_regexp): Modern regexps require REG_EXTENDED. 2002-10-30 23:40:05 +00:00
David Shaw
09158d1e99 * packet.h, trustdb.h, trustdb.c (trust_string): New. Return a string
like "fully trusted", "marginally trusted", etc. (get_min_ownertrust):
New.  Return minimum ownertrust. (update_min_ownertrust): New.  Set
minimum ownertrust. (check_regexp): New.  Check a regular epression
against a user ID. (ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when returning a
letter. (clear_validity): Remove minimum ownertrust when a key becomes
invalid. (release_key_items): Release regexp along with the rest of the
info. (validate_one_keyblock, validate_keys): Build a trust sig chain
while validating.  Call check_regexp for regexps.  Use the minimum
ownertrust if the user does not specify a genuine ownertrust.

* pkclist.c (do_edit_ownertrust): Only allow user to select a trust level
greater than the minimum value.

* parse-packet.c (can_handle_critical): Can handle critical trust and
regexp subpackets.

* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c (do_delete_key),
import.c (import_one): Rename clear_ownertrust to clear_ownertrusts and
have it clear the min_ownertrust value as well.

* keylist.c (list_keyblock_print): Indent uid to match pub and sig.
2002-10-30 03:11:57 +00:00
David Shaw
de9c6b3169 * configure.ac: Add --disable-regex in case some platform just can't
handle the regex stuff.  This means they can't fully handle trust sigs
with an attached regex either.
2002-10-29 22:44:07 +00:00
David Shaw
809b8b031a * keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
menu_addrevoker), keylist.c (list_keyblock_print, print_fingerprint): Show
"T" or the trust depth for trust signatures, and add spaces to some
strings to make room for it.

* packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt,
parse_signature): Parse trust signature values.

* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Reserve a byte
for the minimum ownertrust value (for use with trust signatures).
2002-10-29 18:00:07 +00:00
Stefan Bellon
e4021a4c95 tidied RISC OS filetype support 2002-10-29 14:37:12 +00:00
Stefan Bellon
557f65836d filetype support for RISC OS 2002-10-28 13:26:44 +00:00
David Shaw
f33df26a20 * gnupg.spec.in: Use new path for keyserver helpers, /usr/lib is no longer
used for cipher/hash plugins, and include gpgv, gpgsplit, and the new
gnupg.7 man page.
2002-10-26 19:45:00 +00:00
David Shaw
be1d2a4038 * gpgkeys_hkp.c (main), gpgkeys_ldap.c (main): Add -V flag to output
protocol and program version.
2002-10-24 22:33:22 +00:00
David Shaw
c42c5f9229 * gpg.sgml: Document --refresh-keys.
* gpg.sgml: Clarify --force-mdc, and document --disable-mdc.
2002-10-24 05:48:14 +00:00
David Shaw
64291d81be * main.h, import.c (sec_to_pub_keyblock, import_secret_one,
parse_import_options), g10.c (main): New import-option "convert-sk-to-pk"
to convert a secret key into a public key during import.  It is on by
default.
2002-10-23 15:59:45 +00:00
Werner Koch
fc9aa1ecae * gpgsplit.c: New options --secret-to-public and --no-split.
GNUified the indentation style.
2002-10-23 08:47:17 +00:00
Werner Koch
7e5f9547c5 * pubkey-enc.c (get_it): Fix segv, test for revoked only when PK
has been assigned.
2002-10-23 07:11:01 +00:00
David Shaw
45a8594ff9 * Makefile.am: Anything linking with libutil.a needs INTLLIBS as well on
platforms where INTLLIBS is set.
2002-10-21 20:32:38 +00:00
David Shaw
9e00f6816b * distfiles, _regex.h: Add _regex.h from glibc 2.3.1. 2002-10-19 20:36:28 +00:00
David Shaw
586c6fe9d1 * configure.ac: Regex tests adapted from mutt to decide whether to use the
internal regex code or not.
2002-10-19 20:34:51 +00:00
David Shaw
5cc82fc5b8 * Makefile.am, regcomp.c, regex.c, regex_internal.c, regex_internal.h,
regexec.c: Add new regex files from glibc 2.3.1.
2002-10-19 20:24:53 +00:00
Timo Schulz
aa853f1eb5 2002-10-18 Timo Schulz <ts@winpt.org>
* keylist.c: (print_pubkey_info): New.
        (print_seckey_info): New.
        * main.h: Prototypes for the new functions.
        * delkey.c (do_delete_key): Use it here.
        * revoke.c (gen_desig_revoke): Ditto.
2002-10-18 15:41:33 +00:00
Werner Koch
8d76177f10 Bumped version number for cvs version 2002-10-18 10:41:34 +00:00
Werner Koch
53255c3261 * POTFILES.in (hkp.c): Removed. V1-3-0 2002-10-18 09:39:04 +00:00
Werner Koch
61fbbd0b92 * configure.ac: Changed version number comments.
(ALL_LINGUAS): Removed all except for de.  During development it
might not be a good idea to keep all of them - they get outdated
too soon and diff files will be far too large.
2002-10-18 09:32:42 +00:00
Werner Koch
74d460ad63 * config.links (powerpc-apple-darwin6.1): Disable assembler
due to non-working modules/as.  Suggested by Gordon Worley.
2002-10-18 09:24:56 +00:00
Werner Koch
36bf36b2de * autogen.sh: Allow env variables to override the auto* tool
names.  Suggested by Simon Josefsson.
2002-10-17 14:03:11 +00:00
Werner Koch
be9b626c1d * pkclist.c (do_edit_ownertrust): Show all user IDs. This should
be enhanced to also show the current trust level.  Suggested by
Florian Weimer.
2002-10-17 13:48:43 +00:00
David Shaw
b8c842df7c * README: Multiple A record rotation works with MINGW32 now, and clarify
how it works with LDAP.
2002-10-17 13:27:13 +00:00
David Shaw
9d32f6f06b * http.c (connect_server): Try all A records for names with multiple
addresses until one answers for both MINGW32 and not MINGW32.
2002-10-17 12:45:58 +00:00