diff options
| author | Werner Koch <[email protected]> | 2001-11-08 13:26:00 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2001-11-08 13:26:00 +0000 |
| commit | c67b9886c6a8404e03c8a0e811f9abcb957294e7 (patch) | |
| tree | b3a058839009fbc9f4e22efd5d297345cf5ef0c8 | |
| parent | A keypair to test v3 keys. (diff) | |
| download | gnupg-c67b9886c6a8404e03c8a0e811f9abcb957294e7.tar.gz gnupg-c67b9886c6a8404e03c8a0e811f9abcb957294e7.zip | |
fixes for the 1.0.6b bugs David recently posted to gnupg-devel.
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | THANKS | 2 | ||||
| -rw-r--r-- | TODO | 6 | ||||
| -rw-r--r-- | acinclude.m4 | 4 | ||||
| -rw-r--r-- | cipher/ChangeLog | 6 | ||||
| -rw-r--r-- | cipher/primegen.c | 7 | ||||
| -rw-r--r-- | cipher/rsa.c | 57 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | doc/ChangeLog | 9 | ||||
| -rw-r--r-- | doc/gpg.sgml | 19 | ||||
| -rw-r--r-- | doc/gpg.texi | 12 | ||||
| -rw-r--r-- | g10/ChangeLog | 28 | ||||
| -rw-r--r-- | g10/build-packet.c | 39 | ||||
| -rw-r--r-- | g10/g10.c | 23 | ||||
| -rw-r--r-- | g10/keyid.c | 4 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/pkclist.c | 19 | ||||
| -rw-r--r-- | g10/revoke.c | 26 | ||||
| -rw-r--r-- | g10/sign.c | 22 | ||||
| -rw-r--r-- | g10/trustdb.c | 23 | ||||
| -rw-r--r-- | po/ChangeLog | 8 | ||||
| -rw-r--r-- | po/Makefile.in.in | 2 | ||||
| -rw-r--r-- | tools/ChangeLog | 4 | ||||
| -rw-r--r-- | tools/Makefile.am | 2 | ||||
| -rw-r--r-- | util/iobuf.c | 2 |
26 files changed, 272 insertions, 61 deletions
@@ -1,3 +1,7 @@ +2001-10-23 Werner Koch <[email protected]> + + Released 1.0.6b snapshot. + 2001-10-22 Werner Koch <[email protected]> * configure.ac: Fixed for automake 1.5 @@ -51,6 +51,8 @@ * A subkey is never used to sign keys. + * Read only keyrings are now handled as expected. + Noteworthy changes in version 1.0.6 (2001-05-29) ------------------------------------------------ @@ -137,6 +137,7 @@ Nimrod Zimerman [email protected] N J Doye [email protected] Oliver Haakert [email protected] Oskari J��skel�inen [email protected] +Pascal Scheffers [email protected] Paul D. Smith [email protected] Per Cederqvist [email protected] Phil Blundell [email protected] @@ -161,6 +162,7 @@ Ross Golder [email protected] Sam Roberts [email protected] Sami Tolvanen [email protected] Sean MacLennan [email protected] +Sebastian Klemke [email protected] Serge Munhoven [email protected] SL Baur [email protected] Stefan Bellon [email protected] @@ -115,11 +115,13 @@ verification status of the message to the output (i.e. write something to the --output file and not only to stderr. + * The user is asked for a revocation reasons even if this one can't + be used with v3 keys. + + * keyflags don't distinguish between {certify,signature}-only. Things we won't do ------------------ * New option --file-remove path-to-wipe-program ? - - diff --git a/acinclude.m4 b/acinclude.m4 index 4ba4be9b9..3c97f378b 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -1,4 +1,4 @@ -dnl macros to configure g10 +dnl macros to configure gnupg dnl Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. dnl dnl This file is part of GnuPG. @@ -43,7 +43,7 @@ AC_DEFUN(GNUPG_CHECK_TYPEDEF, fi ]) - +w dnl GNUPG_CHECK_GNUMAKE dnl AC_DEFUN(GNUPG_CHECK_GNUMAKE, diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 664570c0c..29eaeac5f 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,9 @@ +2001-11-08 Werner Koch <[email protected]> + + * primegen.c (gen_prime): Set 2 high order bits for secret primes. + * rsa.c (generate): Loop until we find the exact modulus size. + Changed the exponent to 41. + 2001-10-22 Werner Koch <[email protected]> * Makefile.am: Need to use $(EXEEXT) where approriate. diff --git a/cipher/primegen.c b/cipher/primegen.c index f44d89d14..6ff326050 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -327,8 +327,13 @@ gen_prime( unsigned nbits, int secret, int randomlevel ) m_free(p); } - /* set high order bit to 1, set low order bit to 1 */ + /* set high order bit to 1, set low order bit to . + if we are generating a secret prime we are most probably + doing that for RSA, to make sure that the modulus does have + the requested keysize we set the 2 high order bits */ mpi_set_highbit( prime, nbits-1 ); + if (secret) + mpi_set_bit (prime, nbits-2); mpi_set_bit( prime, 0 ); /* calculate all remainders */ diff --git a/cipher/rsa.c b/cipher/rsa.c index c7078ea1d..e438b39cf 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -102,11 +102,27 @@ generate( RSA_secret_key *sk, unsigned nbits ) MPI g; MPI f; - /* select two (very secret) primes */ - p = generate_secret_prime( nbits / 2 ); - q = generate_secret_prime( nbits / 2 ); - if( mpi_cmp( p, q ) > 0 ) /* p shall be smaller than q (for calc of u)*/ - mpi_swap(p,q); + /* make sure that nbits is even so that we generate p, q of equal size */ + if ( (nbits&1) ) + nbits++; + + n = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + + p = q = NULL; + do { + /* select two (very secret) primes */ + if (p) + mpi_free (p); + if (q) + mpi_free (q); + p = generate_secret_prime( nbits / 2 ); + q = generate_secret_prime( nbits / 2 ); + if( mpi_cmp( p, q ) > 0 ) /* p shall be smaller than q (for calc of u)*/ + mpi_swap(p,q); + /* calculate the modulus */ + mpi_mul( n, p, q ); + } while ( mpi_get_nbits(n) != nbits ); + /* calculate Euler totient: phi = (p-1)(q-1) */ t1 = mpi_alloc_secure( mpi_get_nlimbs(p) ); t2 = mpi_alloc_secure( mpi_get_nlimbs(p) ); @@ -118,14 +134,27 @@ generate( RSA_secret_key *sk, unsigned nbits ) mpi_mul( phi, t1, t2 ); mpi_gcd(g, t1, t2); mpi_fdiv_q(f, phi, g); - /* multiply them to make the private key */ - n = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); - mpi_mul( n, p, q ); - /* find a public exponent */ - e = mpi_alloc( (6+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); - mpi_set_ui( e, 17); /* start with 17 */ - while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */ - mpi_add_ui( e, e, 2); + + /* find an public exponent. + We use 41 as this is quite fast and more secure than the + commonly used 17. Benchmarking the RSA verify function + with a 1024 bit key yields (2001-11-08): + e=17 0.54 ms + e=41 0.75 ms + e=257 0.95 ms + e=65537 1.80 ms + */ + e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); + mpi_set_ui( e, 41); + if( !mpi_gcd(t1, e, phi) ) { + mpi_set_ui( e, 257); + if( !mpi_gcd(t1, e, phi) ) { + mpi_set_ui( e, 65537); + while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */ + mpi_add_ui( e, e, 2); + } + } + /* calculate the secret key d = e^1 mod phi */ d = mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB ); mpi_invm(d, e, f ); @@ -134,7 +163,7 @@ generate( RSA_secret_key *sk, unsigned nbits ) mpi_invm(u, p, q ); if( DBG_CIPHER ) { - log_mpidump(" p= ", p ); + log_mpidump(" p= ", p ); log_mpidump(" q= ", q ); log_mpidump("phi= ", phi ); log_mpidump(" g= ", g ); diff --git a/configure.ac b/configure.ac index 69b4d546f..f2323a869 100644 --- a/configure.ac +++ b/configure.ac @@ -24,7 +24,7 @@ AC_PREREQ(2.52) dnl A snapshot release has a letter appended. CVS files before a release dnl are suffixed with the string "-cvs", so "1.0.6a-cvs" is a cvs version dnl between 1.0.6 and 1.0.6a. -AC_INIT(gnupg, 1.0.6b, [email protected]) +AC_INIT(gnupg, 1.0.6c-cvs, [email protected]) ALL_LINGUAS="da de eo es_ES et fr id it ja nl pl pt_BR pt_PT sv tr" static_modules="sha1 md5 rmd160" static_random_module="" diff --git a/doc/ChangeLog b/doc/ChangeLog index 33e0c41bc..a481732d2 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,12 @@ +2001-10-31 Werner Koch <[email protected]> + + * gpg.sgml: Add a remark on how to get the long key ID. Suggested + by Sebastian Klemke. + +2001-10-23 Werner Koch <[email protected]> + + * gpg.sgml: Add missing tag. + 2001-09-28 Werner Koch <[email protected]> * gpg.sgml: Add a note on option parsing. diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 2c07e7c8b..0eec90bad 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -81,6 +81,7 @@ You will find a list of HOWTO documents at http://www.gnupg.org/docs.html . Please remember that option parsing stops as soon as a non option is encountered, you can explicitly stop option parsing by using the special option "--". +</para> </refsect1> <refsect1> @@ -1299,6 +1300,19 @@ signatures on data. Reset the --force-v3-sigs option. </para></listitem></varlistentry> +<varlistentry> +<term>--force-v4-certs</term> +<listitem><para> +Always use v4 key signatures even on v3 version keys. This make the +signature unusable for PGP 2. +</para></listitem></varlistentry> + +<varlistentry> +<term>--no-force-v3-certs</term> +<listitem><para> +Reset the --force-v4-certs option. +</para></listitem></varlistentry> + <varlistentry> <term>--force-mdc</term> @@ -1453,7 +1467,7 @@ encoded in UTF-8 regardless of any --charset setting. <varlistentry> <term>--with-key-data</term> <listitem><para> -Print key listings delimited by colons and print the public key data. +Print key listings delimited by colons (like --with-colons) and print the public key data. </para></listitem></varlistentry> <varlistentry> @@ -1617,7 +1631,8 @@ Here the key ID is given in the usual short form. <term>01AB3FED1347A5612</term> <term>0x234AABBCC34567C4</term> <listitem><para> -Here the key ID is given in the long form as used by OpenPGP. +Here the key ID is given in the long form as used by OpenPGP +(you can get the long key ID using the option --with-colons). </para></listitem> </varlistentry> diff --git a/doc/gpg.texi b/doc/gpg.texi index 1a83b0906..9b8a90ddd 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -791,6 +791,13 @@ signatures on data. @item ---no-force-v3-sigs Reset the ---force-v3-sigs option. +@item ---force-v4-certs +Always use v4 key signatures even on v3 version keys. This make the +signature unusable for PGP 2. + +@item ---no-force-v3-certs +Reset the ---force-v4-certs option. + @item ---force-mdc Force the use of encryption with appended manipulation code. This is always used with the newer ciphers (those @@ -881,7 +888,7 @@ Print key listings delimited by colons. Note, that the output will be encoded in UTF-8 regardless of any ---charset setting. @item ---with-key-data -Print key listings delimited by colons and print the public key data. +Print key listings delimited by colons (like ---with-colons) and print the public key data. @item ---with-fingerprint Same as the command ---fingerprint but changes only the format of the output @@ -979,7 +986,8 @@ Here the key ID is given in the usual short form. @itemx 0F323456784E56EAB @itemx 01AB3FED1347A5612 @itemx 0x234AABBCC34567C4 -Here the key ID is given in the long form as used by OpenPGP. +Here the key ID is given in the long form as used by OpenPGP +(you can get the long key ID using the option ---with-colons). @item 1234343434343434C434343434343434 @itemx 123434343434343C3434343434343734349A3434 diff --git a/g10/ChangeLog b/g10/ChangeLog index 06588eebc..5ce79becd 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,31 @@ +2001-11-08 Werner Koch <[email protected]> + + * pkclist.c (do_edit_ownertrust): Allow to skip over keys, the non + working "show info" is now assigned to "i" + * trustdb.c (ask_ownertrust, validate_keys): Implement a real quit + here. Both are by David Shaw. + + * trustdb.c (validate_keys): Make sure next_exipire is initialized. + + * sign.c (make_keysig_packet): Use SHA-1 with v4 RSA keys. + + * g10.c, options.h : New option --[no-]froce-v4-certs. + * sign.c (make_keysig_packet): Create v4 sigs on v4 keys even with + a v3 key. Use new option. By David Shaw + + * revoke.c (ask_revocation_reason): Allow to select "no reason". + By David Shaw. + + * keyid.c (fingerprint_from_sk): Calculation of an v3 fpr was + plain wrong - nearly the same code in fingerprint_from_pk is correct. + + * build-packet.c (do_secret_key): Added a few comments to the code. + +2001-11-07 Werner Koch <[email protected]> + + * g10.c (main): Print a warning when -r is used w/o encryption. + Suggested by Pascal Scheffers. + 2001-10-23 Werner Koch <[email protected]> * keyedit.c (keyedit_menu): Changed helptext for showpref diff --git a/g10/build-packet.c b/g10/build-packet.c index 1b0351e97..610968bc8 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -340,13 +340,16 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) { int rc = 0; int i, nskey, npkey; - IOBUF a = iobuf_temp(); + IOBUF a = iobuf_temp(); /* build in a self-enlarging buffer */ + /* Write the version number - if none is specified, use 3 */ if( !sk->version ) iobuf_put( a, 3 ); else iobuf_put( a, sk->version ); write_32(a, sk->timestamp ); + + /* v3 needs the expiration time */ if( sk->version < 4 ) { u16 ndays; if( sk->expiredate ) @@ -355,28 +358,46 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) ndays = 0; write_16(a, ndays); } + iobuf_put(a, sk->pubkey_algo ); + + /* get number of secret and public parameters. They are held in + one array first the public ones, then the secret ones */ nskey = pubkey_get_nskey( sk->pubkey_algo ); npkey = pubkey_get_npkey( sk->pubkey_algo ); + + /* If we don't have any public parameters - which is the case if + we don't know the algorithm used - the parameters are stored as + one blob in a faked (opaque) MPI */ if( !npkey ) { write_fake_data( a, sk->skey[0] ); goto leave; } assert( npkey < nskey ); + /* Writing the public parameters is easy */ for(i=0; i < npkey; i++ ) mpi_write(a, sk->skey[i] ); + + /* build the header for protected (encrypted) secret parameters */ if( sk->is_protected ) { if( is_RSA(sk->pubkey_algo) && sk->version < 4 && !sk->protect.s2k.mode ) { + /* the simple rfc1991 (v3) way */ iobuf_put(a, sk->protect.algo ); iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); } else { + /* OpenPGP protection according to rfc2440 */ iobuf_put(a, 0xff ); iobuf_put(a, sk->protect.algo ); if( sk->protect.s2k.mode >= 1000 ) { - iobuf_put(a, 101 ); + /* These modes are not possible in OpenPGP, we use them + to implement our extesnsions, 101 can ve views as a + private/experimental extension (this is not + specified in rfc2440 but the same scheme is used + for all other algorithm identifiers) */ + iobuf_put(a, 101 ); iobuf_put(a, sk->protect.s2k.hash_algo ); iobuf_write(a, "GNU", 3 ); iobuf_put(a, sk->protect.s2k.mode - 1000 ); @@ -389,33 +410,41 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) || sk->protect.s2k.mode == 3 ) iobuf_write(a, sk->protect.s2k.salt, 8 ); if( sk->protect.s2k.mode == 3 ) - iobuf_put(a, sk->protect.s2k.count ); + iobuf_put(a, sk->protect.s2k.count ); + + /* For out special mode 1001 we do not need an IV */ if( sk->protect.s2k.mode != 1001 ) iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); } } else iobuf_put(a, 0 ); + if( sk->protect.s2k.mode == 1001 ) - ; + ; /* GnuPG extension - don't write a secret key at all */ else if( sk->is_protected && sk->version >= 4 ) { + /* The secret key is protected - write it out as it is */ byte *p; assert( mpi_is_opaque( sk->skey[npkey] ) ); p = mpi_get_opaque( sk->skey[npkey], &i ); iobuf_write(a, p, i ); } else { + /* v3 way - same code for protected and non- protected key */ for( ; i < nskey; i++ ) mpi_write(a, sk->skey[i] ); write_16(a, sk->csum ); } leave: + /* Build the header of the packet - which we must do after writing all + the other stuff, so that we know the length of the packet */ write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes, 1 ); + /* And finally write it out the real stream */ if( iobuf_write_temp( out, a ) ) rc = G10ERR_WRITE_FILE; - iobuf_close(a); + iobuf_close(a); /* close the remporary buffer */ return rc; } @@ -180,6 +180,8 @@ enum cmd_and_opt_values { aNull = 0, oThrowKeyid, oForceV3Sigs, oNoForceV3Sigs, + oForceV4Certs, + oNoForceV4Certs, oForceMDC, oS2KMode, oS2KDigest, @@ -311,6 +313,8 @@ static ARGPARSE_OPTS opts[] = { { oNoTTY, "no-tty", 0, N_("don't use the terminal at all") }, { oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") }, { oNoForceV3Sigs, "no-force-v3-sigs", 0, N_("do not force v3 signatures") }, + { oForceV4Certs, "force-v4-certs", 0, N_("force v4 key signatures") }, + { oNoForceV4Certs, "no-force-v4-certs", 0, N_("do not force v4 key signatures") }, { oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") }, { oDryRun, "dry-run", 0, N_("do not make any changes") }, /*{ oInteractive, "interactive", 0, N_("prompt before overwriting") }, */ @@ -668,6 +672,7 @@ main( int argc, char **argv ) char *preference_list = NULL; int pwfd = -1; int with_fpr = 0; /* make an option out of --fingerprint */ + int any_explicit_recipient = 0; #ifdef USE_SHM_COPROCESSING ulong requested_shm_size=0; #endif @@ -956,6 +961,7 @@ main( int argc, char **argv ) case oRFC1991: opt.rfc1991 = 1; opt.rfc2440 = 0; + opt.force_v4_certs = 0; opt.no_comment = 1; opt.escape_from = 1; break; @@ -998,6 +1004,8 @@ main( int argc, char **argv ) case oThrowKeyid: opt.throw_keyid = 1; break; case oForceV3Sigs: opt.force_v3_sigs = 1; break; case oNoForceV3Sigs: opt.force_v3_sigs = 0; break; + case oForceV4Certs: opt.force_v4_certs = 1; break; + case oNoForceV4Certs: opt.force_v4_certs = 0; break; case oForceMDC: opt.force_mdc = 1; break; case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break; @@ -1010,6 +1018,7 @@ main( int argc, char **argv ) break; case oRecipient: /* store the recipient */ add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); + any_explicit_recipient = 1; break; case oTextmodeShort: opt.textmode = 2; break; case oTextmode: opt.textmode=1; break; @@ -1279,6 +1288,20 @@ main( int argc, char **argv ) log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc)); + switch (cmd) { + case aStore: + case aSym: + case aSign: + case aSignSym: + case aClearsign: + if (!opt.quiet && any_explicit_recipient) + log_info ("WARNING: recipients (-r) given " + "without using public key encryption"); + break; + default: + break; + } + switch( cmd ) { case aStore: /* only store the file */ if( argc > 1 ) diff --git a/g10/keyid.c b/g10/keyid.c index 59f3883c0..1e81545e6 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -457,10 +457,10 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len ) md = md_open( DIGEST_ALGO_MD5, 0); if( pubkey_get_npkey( sk->pubkey_algo ) > 1 ) { - p = buf = mpi_get_buffer( sk->skey[1], &n, NULL ); + p = buf = mpi_get_buffer( sk->skey[0], &n, NULL ); md_write( md, p, n ); m_free(buf); - p = buf = mpi_get_buffer( sk->skey[0], &n, NULL ); + p = buf = mpi_get_buffer( sk->skey[1], &n, NULL ); md_write( md, p, n ); m_free(buf); } diff --git a/g10/options.h b/g10/options.h index 5995d7da6..24012ff10 100644 --- a/g10/options.h +++ b/g10/options.h @@ -57,6 +57,7 @@ struct { int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ int def_cipher_algo; int force_v3_sigs; + int force_v4_certs; int force_mdc; int def_digest_algo; int def_compress_algo; diff --git a/g10/pkclist.c b/g10/pkclist.c index 9a4e4dd0f..4a4cf633b 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -241,7 +241,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, keyid_from_pk (pk, keyid); for(;;) { /* a string with valid answers */ - const char *ans = _("sSmMqQ"); + const char *ans = _("iImMqQsS"); if( !did_help ) { @@ -268,15 +268,18 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, tty_printf (_(" %d = I trust fully\n"), 4); if (mode) tty_printf (_(" %d = I trust ultimately\n"), 5); - tty_printf (_(" s = please show me more information\n") ); + tty_printf (_(" i = please show me more information\n") ); if( mode ) tty_printf(_(" m = back to the main menu\n")); else - tty_printf(_(" q = quit\n")); + { + tty_printf(_(" s = skip this key\n")); + tty_printf(_(" q = quit\n")); + } tty_printf("\n"); did_help = 1; } - if( strlen(ans) != 6 ) + if( strlen(ans) != 8 ) BUG(); p = cpr_get("edit_ownertrust.value",_("Your decision? ")); trim_spaces(p); @@ -319,6 +322,10 @@ do_edit_ownertrust (PKT_public_key *pk, int mode, { break ; /* back to the menu */ } + else if( !mode && (*p == ans[6] || *p == ans[7] ) ) + { + break; /* skip */ + } else if( !mode && (*p == ans[4] || *p == ans[5] ) ) { quit = 1; @@ -346,7 +353,7 @@ edit_ownertrust (PKT_public_key *pk, int mode ) switch ( do_edit_ownertrust (pk, mode, &trust, no_help ) ) { case -1: /* quit */ - return 0; + return -1; case -2: /* show info */ show_paths(pk, 1); no_help = 1; @@ -355,7 +362,7 @@ edit_ownertrust (PKT_public_key *pk, int mode ) trust &= ~TRUST_FLAG_DISABLED; trust |= get_ownertrust (pk) & TRUST_FLAG_DISABLED; update_ownertrust (pk, trust ); - return 0; + return 1; default: return 0; } diff --git a/g10/revoke.c b/g10/revoke.c index 812722eef..453620c7c 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -240,9 +240,10 @@ gen_revoke( const char *uname ) struct revocation_reason_info * ask_revocation_reason( int key_rev, int cert_rev, int hint ) { - int code; + int code=-1; char *description = NULL; struct revocation_reason_info *reason; + const char *text_0 = _("No reason specified"); const char *text_1 = _("Key has been compromised"); const char *text_2 = _("Key is superseded"); const char *text_3 = _("Key is no longer used"); @@ -254,6 +255,7 @@ ask_revocation_reason( int key_rev, int cert_rev, int hint ) description = NULL; tty_printf(_("Please select the reason for the revocation:\n")); + tty_printf( " 0 = %s\n", text_0 ); if( key_rev ) tty_printf(" 1 = %s\n", text_1 ); if( key_rev ) @@ -262,29 +264,31 @@ ask_revocation_reason( int key_rev, int cert_rev, int hint ) tty_printf(" 3 = %s\n", text_3 ); if( cert_rev ) tty_printf(" 4 = %s\n", text_4 ); - tty_printf( " 0 = %s\n", _("Cancel") ); + tty_printf( " Q = %s\n", _("Cancel") ); if( hint ) tty_printf(_("(Probably you want to select %d here)\n"), hint ); - for(code = 0; !code;) { + while(code==-1) { int n; char *answer = cpr_get("ask_revocation_reason.code", _("Your decision? ")); trim_spaces( answer ); cpr_kill_prompt(); - if( *answer == 'q' || *answer == 'Q' ) - n = 0; - else if( !isdigit( *answer ) ) - n = -1; - else if( hint && !*answer ) + if( *answer == 'q' || *answer == 'Q') + return NULL; /* cancel */ + if( hint && !*answer ) n = hint; + else if(!isdigit( *answer ) ) + n = -1; else n = atoi(answer); m_free(answer); - if( !n ) - return NULL; /* cancel */ + if( n == 0 ) { + code = 0x00; /* no particular reason */ + code_text = text_0; + } else if( key_rev && n == 1 ) { - code = 0x02; /* key has been compromised */ + code = 0x02; /* key has been compromised */ code_text = text_1; } else if( key_rev && n == 2 ) { diff --git a/g10/sign.c b/g10/sign.c index cd560aeea..f5d2dae11 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -982,15 +982,31 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x30 || sigclass == 0x28 ); + if (opt.force_v4_certs) + sigversion = 4; + if (sigversion < sk->version) sigversion = sk->version; + /* If you are making a signature on a v4 key using your v3 key, it + doesn't make sense to generate a v3 sig. After all, no v3-only + PGP implementation could understand the v4 key in the first + place. */ + if (sigversion < pk->version) + sigversion = pk->version; + if( !digest_algo ) { switch( sk->pubkey_algo ) { - case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break; + case PUBKEY_ALGO_DSA: + digest_algo = DIGEST_ALGO_SHA1; + break; case PUBKEY_ALGO_RSA_S: - case PUBKEY_ALGO_RSA: digest_algo = DIGEST_ALGO_MD5; break; - default: digest_algo = DIGEST_ALGO_RMD160; break; + case PUBKEY_ALGO_RSA: + digest_algo = sk->version < 4? DIGEST_ALGO_MD5 : DIGEST_ALGO_SHA1; + break; + default: + digest_algo = DIGEST_ALGO_RMD160; + break; } } md = md_open( digest_algo, 0 ); diff --git a/g10/trustdb.c b/g10/trustdb.c index 9c29d1af7..ec80329c6 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -846,12 +846,12 @@ enum_cert_paths_print( void **context, FILE *fp, *********** NEW NEW NEW **************** ****************************************/ -static unsigned int +static int ask_ownertrust (u32 *kid) { PKT_public_key *pk; int rc; - unsigned int ot; + int ot; pk = m_alloc_clear (sizeof *pk); rc = get_pubkey (pk, kid); @@ -862,10 +862,13 @@ ask_ownertrust (u32 *kid) return TRUST_UNKNOWN; } - if (edit_ownertrust (pk, 0)) + ot=edit_ownertrust(pk,0); + if(ot>0) ot = get_ownertrust (pk); - else + else if(ot==0) ot = TRUST_UNDEFINED; + else + ot = -1; /* quit */ free_public_key( pk ); return ot; } @@ -1303,6 +1306,7 @@ static int validate_keys (int interactive) { int rc = 0; + int quit=0; struct key_item *klist = NULL; struct key_item *k; struct key_array *keys = NULL; @@ -1315,6 +1319,7 @@ validate_keys (int interactive) KeyHashTable visited; u32 next_expire; + next_expire = 0xffffffff; /* set next expire to the year 2106 */ visited = new_key_hash_table (); /* Fixme: Instead of always building a UTK list, we could just build it * here when needed */ @@ -1324,7 +1329,6 @@ validate_keys (int interactive) goto leave; } - next_expire = 0xffffffff; /* set next expire to the year 2106 */ /* mark all UTKs as visited and set validity to ultimate */ for (k=utk_list; k; k = k->next) @@ -1377,7 +1381,12 @@ validate_keys (int interactive) { if (interactive && k->ownertrust == TRUST_UNKNOWN) k->ownertrust = ask_ownertrust (k->kid); - if (k->ownertrust == TRUST_UNKNOWN) + if (k->ownertrust == -1) + { + quit=1; + goto leave; + } + else if (k->ownertrust == TRUST_UNKNOWN) ot_unknown++; else if (k->ownertrust == TRUST_UNDEFINED) ot_undefined++; @@ -1448,7 +1457,7 @@ validate_keys (int interactive) release_key_array (keys); release_key_items (klist); release_key_hash_table (visited); - if (!rc) /* mark trustDB as checked */ + if (!rc && !quit) /* mark trustDB as checked */ { if (next_expire == 0xffffffff) tdbio_write_nextcheck (0); diff --git a/po/ChangeLog b/po/ChangeLog index c707efee0..3bdb6435d 100644 --- a/po/ChangeLog +++ b/po/ChangeLog @@ -1,3 +1,11 @@ +2001-10-23 gettextize <[email protected]> + + * Makefile.in.in: Upgrade to gettext-0.10.40. + +2001-10-23 gettextize <[email protected]> + + * Makefile.in.in: Upgrade to gettext-0.10.40. + 2001-09-07 Werner Koch <[email protected]> * POTFILES.in: Added new files. diff --git a/po/Makefile.in.in b/po/Makefile.in.in index 32b737655..28726a21f 100644 --- a/po/Makefile.in.in +++ b/po/Makefile.in.in @@ -2,7 +2,7 @@ # Copyright (C) 1995-1997, 2000, 2001 by Ulrich Drepper <[email protected]> # # This file file be copied and used freely without restrictions. It can -# be used in projects which are not available under the GNU Public License +# be used in projects which are not available under the GNU General Public License # but which still want to provide support for the GNU gettext functionality. # Please note that the actual code is *not* freely available. diff --git a/tools/ChangeLog b/tools/ChangeLog index 0f77898df..7198778b6 100644 --- a/tools/ChangeLog +++ b/tools/ChangeLog @@ -1,3 +1,7 @@ +2001-10-23 Werner Koch <[email protected]> + + * Makefile.am (gpgsplit_LDADD): Add ZLIBS. + 2001-09-18 Werner Koch <[email protected]> * gpgsplit.c: New option --uncompress. diff --git a/tools/Makefile.am b/tools/Makefile.am index c5e0cd578..793fc1b90 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -41,7 +41,7 @@ mpicalc_LDADD = $(needed_libs) bftest_LDADD = $(needed_libs) shmtest_LDADD = $(needed_libs) -gpgsplit_LDADD = $(needed_libs) +gpgsplit_LDADD = @ZLIBS@ $(needed_libs) mpicalc bftest shmtest gpgsplit: $(needed_libs) diff --git a/util/iobuf.c b/util/iobuf.c index 60ae6c866..445a0c23e 100644 --- a/util/iobuf.c +++ b/util/iobuf.c @@ -230,7 +230,7 @@ fd_cache_close (const char *fname, FILEP_OR_FD fp) close(fp); #endif if( DBG_IOBUF ) - log_debug ("fd_cache_close (%p) real\n", fp); + log_debug ("fd_cache_close (%p) real\n", (void*)fp); return; } /* try to reuse a slot */ |