diff options
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | THANKS | 5 | ||||
| -rw-r--r-- | TODO | 15 | ||||
| -rw-r--r-- | cipher/ChangeLog | 4 | ||||
| -rw-r--r-- | cipher/twofish.c | 3 | ||||
| -rw-r--r-- | doc/gpg.sgml | 10 | ||||
| -rw-r--r-- | g10/ChangeLog | 18 | ||||
| -rw-r--r-- | g10/g10.c | 5 | ||||
| -rw-r--r-- | g10/getkey.c | 6 | ||||
| -rw-r--r-- | g10/keydb.h | 1 | ||||
| -rw-r--r-- | g10/keygen.c | 34 | ||||
| -rw-r--r-- | g10/parse-packet.c | 2 | ||||
| -rw-r--r-- | g10/pkclist.c | 121 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 7 | ||||
| -rw-r--r-- | g10/ringedit.c | 32 | ||||
| -rw-r--r-- | include/util.h | 1 | ||||
| -rw-r--r-- | util/ChangeLog | 4 | ||||
| -rw-r--r-- | util/dotlock.c | 41 |
18 files changed, 282 insertions, 33 deletions
@@ -14,7 +14,7 @@ Noteworthy changes in the current test release cases were it is really required. Use the option --no-random-seed-file to disable this feature. - * New option --ignore-time-conflict. + * New options --ignore-time-conflict and --lock-never. * Some fixes for the W32 version @@ -32,6 +32,10 @@ Noteworthy changes in the current test release create revocations for the subkeys. See the FAQ for a procedure to install such secret keys. + * Keygeneration now writes to the first writeable keyring or + as default to the one in the homedirectory. Prior versions + ignored all --keyring options. + Noteworthy changes in version 1.0.1 (1999-12-16) ----------------------------------- @@ -16,6 +16,8 @@ Bryan Fullerton [email protected] Caskey L. Dickson [email protected] Cees van de Griend [email protected] Charles Levert [email protected] +Chip Salzenberg [email protected] +Christian Kurz [email protected] Christian von Roques [email protected] Christopher Oliver [email protected] Christian Recktenwald [email protected] @@ -135,5 +137,8 @@ Thanks to the German Unix User Group for providing FTP space, Martin Hamilton for hosting the mailing list and HSP for hosting gnupg.org. +The development of this software has partly been funded by the German +Ministry for Economics and Technology under grant VIB3-68553.168-001/1999. + Many thanks to my wife Gerlinde for having so much patience with me while hacking late in the evening. @@ -1,13 +1,10 @@ - * Print the reason for revocation at certain places. + * add a check to the make dist target to see whether the man page + was build. * at least an option to prefer DSA keys over RSA when selecting the key to - use. Depending on creation time would be nice too. I thing this is - already done for the subkeys. - - * Rework the whole key selection stuff: Compile a list of valid - candidates for a keyblock first and the select one from it. - The current code is too ugly (getkey.c). + use. Depending on creation time would be nice too. I think this is + already done for the subkeys - check it. * Fix localtime() in W32. @@ -15,6 +12,10 @@ Scheduled for 1.1 ----------------- + * Rework the whole key selection stuff: Compile a list of valid + candidates for a keyblock first and the select one from it. + The current code is too ugly (getkey.c). + * With option -i prompt before adding a key to the keyring and show some info what we are about to add. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 04df09871..fd8888d10 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,7 @@ +Fri Apr 14 19:37:08 CEST 2000 Werner Koch <[email protected]> + + * twofish.c (twofish_get_info): Fixed warning about cast. + Tue Mar 28 14:26:58 CEST 2000 Werner Koch <[email protected]> * random.c [MINGW32]: Include process.h for getpid. diff --git a/cipher/twofish.c b/cipher/twofish.c index fa84e26f1..12982e123 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -987,7 +987,8 @@ twofish_get_info (int algo, size_t *keylen, *keylen = algo==10? 256 : 128; *blocksize = 16; *contextsize = sizeof (TWOFISH_context); - *(int (**)(const TWOFISH_context*, const byte*, unsigned))r_setkey + + *(int (**)(TWOFISH_context*, const byte*, const unsigned))r_setkey = twofish_setkey; *(void (**)(const TWOFISH_context*, byte*, const byte*))r_encrypt = twofish_encrypt; diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 51a0f28b3..c8623fb54 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -1178,6 +1178,16 @@ from a config file. </para></listitem></varlistentry> <varlistentry> +<term>--lock-never</term> +<listitem><para> +Disable locking entirely. This option should be used only in very +special environments, where it can be assured that only one process +is accessing those files. A bootable floppy with a standalone +encryption system will probably use this. Improper usage of this +option may lead to data and key corruption. +</para></listitem></varlistentry> + +<varlistentry> <term>--no-random-seed-file</term> <listitem><para> &gnupg; uses a file to store it's internal random pool over invocations. diff --git a/g10/ChangeLog b/g10/ChangeLog index c0170606c..99e83ab6e 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,21 @@ +Fri Apr 14 19:37:08 CEST 2000 Werner Koch <[email protected]> + + * pkclist.c (do_show_revocation_reason): New. + (show_revocation_reason): New and called at various places. + + * g10.c (main): Fixed small typo. + + * pkclist.c (do_we_trust): Act on always_trust but not for revoked + keys. Suggested by Chip Salzenberg. + + * g10.c: New option --lock-never. + + * ringedit.c (get_writable_keyblock_file): New. + * keygen.c (do_generate_keypair): Use this instead of the hardwired one. + + * keygen.c (ask_user_id): Check that the email address is in the + correct field. Suggested by Christian Kurz. + Mon Apr 10 13:34:19 CEST 2000 Werner Koch <[email protected]> * keyedit.c (show_key_with_all_names): s/sbb/ssb/ @@ -168,6 +168,7 @@ enum cmd_and_opt_values { aNull = 0, oEscapeFrom, oLockOnce, oLockMultiple, + oLockNever, oKeyServer, oEncryptTo, oNoEncryptTo, @@ -347,6 +348,7 @@ static ARGPARSE_OPTS opts[] = { { oEscapeFrom, "escape-from-lines", 0, "@" }, { oLockOnce, "lock-once", 0, "@" }, { oLockMultiple, "lock-multiple", 0, "@" }, + { oLockNever, "lock-never", 0, "@" }, { oLoggerFD, "logger-fd",1, "@" }, { oUseEmbeddedFilename, "use-embedded-filename", 0, "@" }, { oUtf8Strings, "utf8-strings", 0, "@" }, @@ -882,6 +884,7 @@ main( int argc, char **argv ) case oNotDashEscaped: opt.not_dash_escaped = 1; break; case oEscapeFrom: opt.escape_from = 1; break; case oLockOnce: opt.lock_once = 1; break; + case oLockNever: disable_dotlock(); break; case oLockMultiple: opt.lock_once = 0; break; case oKeyServer: opt.keyserver_name = pargs.r.ret_str; break; case oNotation: add_notation_data( pargs.r.ret_str ); break; @@ -1447,7 +1450,7 @@ main( int argc, char **argv ) break; case aFixTrustDB: - log_error("this command ist not yet implemented.\"\n"); + log_error("this command is not yet implemented.\"\n"); log_error("A workaround is to use \"--export-ownertrust\", remove\n"); log_error("the trustdb file and do an \"--import-ownertrust\".\n" ); break; diff --git a/g10/getkey.c b/g10/getkey.c index 1dae1a3cd..568402f3a 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -45,7 +45,11 @@ * that they are all valid. * Note: We must use numerical values here in case that this program * will be converted to those little blue HAL9000s with their strange - * EBCDIC character set (user ids are UTF-8). */ + * EBCDIC character set (user ids are UTF-8). + * wk 2000-04-13: Hmmm, does this really make sense, given the fact that + * we can run gpg now on a S/390 running GNU/Linux, where the code + * translation is done by the device drivers? + */ static const byte word_match_chars[256] = { /* 00 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 08 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, diff --git a/g10/keydb.h b/g10/keydb.h index 68d2c231a..6db15d8a8 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -200,6 +200,7 @@ const char *enum_keyblock_resources( int *sequence, int secret ); int add_keyblock_resource( const char *resname, int force, int secret ); const char *keyblock_resource_name( KBPOS *kbpos ); int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ); +char *get_writable_keyblock_file( int secret ); int locate_keyblock_by_fpr( KBPOS *kbpos, const byte *fpr, int fprlen, int secret ); int locate_keyblock_by_keyid( KBPOS *kbpos, u32 *keyid, diff --git a/g10/keygen.c b/g10/keygen.c index ead51cbc2..d0083d13d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -689,6 +689,7 @@ ask_user_id( int mode ) uid = aname = acomment = amail = NULL; for(;;) { char *p; + int fail=0; if( !aname ) { for(;;) { @@ -740,6 +741,7 @@ ask_user_id( int mode ) } } + m_free(uid); uid = p = m_alloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10); p = stpcpy(p, aname ); @@ -764,6 +766,12 @@ ask_user_id( int mode ) tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid); /* fixme: add a warning if this user-id already exists */ + if( !*amail && (strchr( aname, '@' ) || strchr( acomment, '@'))) { + fail = 1; + tty_printf(_("Please don't put the email address " + "into the real name or the comment\n") ); + } + for(;;) { char *ansstr = _("NnCcEeOoQq"); @@ -774,8 +782,9 @@ ask_user_id( int mode ) answer[1] = 0; } else { - answer = cpr_get("keygen.userid.cmd",_( - "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); + answer = cpr_get("keygen.userid.cmd", fail? + _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") : + _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); cpr_kill_prompt(); } if( strlen(answer) > 1 ) @@ -793,10 +802,15 @@ ask_user_id( int mode ) break; } else if( *answer == ansstr[6] || *answer == ansstr[7] ) { - m_free(aname); aname = NULL; - m_free(acomment); acomment = NULL; - m_free(amail); amail = NULL; - break; + if( fail ) { + tty_printf(_("Please correct the error first\n")); + } + else { + m_free(aname); aname = NULL; + m_free(acomment); acomment = NULL; + m_free(amail); amail = NULL; + break; + } } else if( *answer == ansstr[8] || *answer == ansstr[9] ) { m_free(aname); aname = NULL; @@ -1443,12 +1457,8 @@ do_generate_keypair( struct para_data_s *para, assert( outctrl->sec.stream ); } else { - /* check whether we are allowed to write to the keyrings */ - /* It is probably wrong to use the default names here - * but becuase I never gpt any complaints, we better leave - * it as it is. */ - pub_fname = make_filename(opt.homedir, "pubring.gpg", NULL ); - sec_fname = make_filename(opt.homedir, "secring.gpg", NULL ); + pub_fname = get_writable_keyblock_file( 0 ); + sec_fname = get_writable_keyblock_file( 1 ); } if( opt.verbose ) { diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 8b12216cc..48d601501 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1,5 +1,5 @@ /* parse-packet.c - read packets - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/pkclist.c b/g10/pkclist.c index 04f76b653..42725d446 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1,5 +1,5 @@ /* pkclist.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998,2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -96,6 +96,112 @@ fpr_info( PKT_public_key *pk ) } +/**************** + * Show the revocation reason as it is stored with the given signature + */ +static void +do_show_revocation_reason( PKT_signature *sig ) +{ + size_t n, nn; + const byte *p, *pp; + int seq = 0; + const char *text; + + while( (p = enum_sig_subpkt( sig->hashed_data, SIGSUBPKT_REVOC_REASON, + &n, &seq )) ) { + if( !n ) + continue; /* invalid - just skip it */ + + if( *p == 0 ) + text = _("No reason specified"); + else if( *p == 0x01 ) + text = _("Key is superseded"); + else if( *p == 0x02 ) + text = _("Key has been compromised"); + else if( *p == 0x03 ) + text = _("Key is no longer used"); + else if( *p == 0x20 ) + text = _("User ID is non longer valid"); + else + text = NULL; + + log_info( _("Reason for revocation: ") ); + if( text ) + fputs( text, log_stream() ); + else + fprintf( log_stream(), "code=%02x", *p ); + putc( '\n', log_stream() ); + n--; p++; + pp = NULL; + do { + /* We don't want any empty lines, so skip them */ + while( n && *p == '\n' ) { + p++; + n--; + } + if( n ) { + pp = memchr( p, '\n', n ); + nn = pp? pp - p : n; + log_info( _("Revocation comment: ") ); + print_string( log_stream(), p, nn, 0 ); + putc( '\n', log_stream() ); + p += nn; n -= nn; + } + } while( pp ); + } +} + + +static void +show_revocation_reason( PKT_public_key *pk ) +{ + /* Hmmm, this is not so easy becuase we have to duplicate the code + * used in the trustbd to calculate the keyflags. We need to find + * a clean way to check revocation certificates on keys and signatures. + * And there should be no duplicate code. Because we enter this function + * only when the trustdb toldus, taht we have a revoked key, we could + * simplylook for a revocation cert and display this one, when there is + * only one. Let's try to do this until we have a better solution. + */ + KBNODE node, keyblock = NULL; + byte fingerprint[MAX_FINGERPRINT_LEN]; + size_t fingerlen; + int rc; + + /* get the keyblock */ + fingerprint_from_pk( pk, fingerprint, &fingerlen ); + rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen ); + if( rc ) { /* that should never happen */ + log_debug( "failed to get the keyblock\n"); + return; + } + + for( node=keyblock; node; node = node->next ) { + if( ( node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) + break; + } + if( !node ) { + log_debug("Oops, PK not in keyblock\n"); + release_kbnode( keyblock ); + return; + } + /* now find the revocation certificate */ + for( node = node->next; node ; node = node->next ) { + if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + break; + if( node->pkt->pkttype == PKT_SIGNATURE + && (node->pkt->pkt.signature->sig_class == 0x20 + || node->pkt->pkt.signature->sig_class == 0x28 ) ) { + /* FIXME: we should check the signature here */ + do_show_revocation_reason ( node->pkt->pkt.signature ); + } + } + + release_kbnode( keyblock ); +} + static void show_paths( ulong lid, int only_first ) @@ -350,6 +456,7 @@ do_we_trust( PKT_public_key *pk, int *trustlevel ) if( (*trustlevel & TRUST_FLAG_REVOKED) ) { log_info(_("key %08lX: key has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); + show_revocation_reason( pk ); if( opt.batch ) return 0; @@ -361,6 +468,7 @@ do_we_trust( PKT_public_key *pk, int *trustlevel ) else if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) { log_info(_("key %08lX: subkey has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); + show_revocation_reason( pk ); if( opt.batch ) return 0; @@ -371,6 +479,15 @@ do_we_trust( PKT_public_key *pk, int *trustlevel ) } *trustlevel &= ~trustmask; + if( opt.always_trust) { + if( opt.verbose ) + log_info("No trust check due to --always-trust option\n"); + /* The problem with this, is that EXPIRE can't be checked as + * this needs to insert a ne key into the trustdb first and + * we don't want that */ + return 1; + } + switch( (*trustlevel & TRUST_MASK) ) { case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */ @@ -533,10 +650,12 @@ check_signatures_trust( PKT_signature *sig ) write_status( STATUS_KEYREVOKED ); log_info(_("WARNING: This key has been revoked by its owner!\n")); log_info(_(" This could mean that the signature is forgery.\n")); + show_revocation_reason( pk ); } else if( (trustlevel & TRUST_FLAG_SUB_REVOKED) ) { write_status( STATUS_KEYREVOKED ); log_info(_("WARNING: This subkey has been revoked by its owner!\n")); + show_revocation_reason( pk ); } diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index c3241eb21..f84075486 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -202,6 +202,13 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) (ulong)keyid[1], asctimestamp( pk->expiredate) ); } + /* FIXME: check wheter the key has been revoked and display + * the revocation reason. Actually the user should know this himself, + * but the sender might not know already and therefor the user + * should get a notice that an revoked key has been used to decode + * the message. The user can than watch out for snakes send by + * one of those Eves outside his paradise :-) + */ free_public_key( pk ); rc = 0; } diff --git a/g10/ringedit.c b/g10/ringedit.c index bd7a882bd..5fcd458b0 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -1,5 +1,5 @@ /* ringedit.c - Function for key ring editing - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -181,7 +181,6 @@ enum_keyblock_resources( int *sequence, int secret ) } - /**************** * Register a resource (which currently may only be a keyring file). * The first keyring which is added by this function is @@ -420,6 +419,35 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ) } +/**************** + * Return the filename of the firstkeyblock resource which is intended + * for write access. This will either be the default resource or in + * case this is not writable one of the others. If no writable is found, + * the default filename in the homedirectory will be returned. + * Caller must free, will never return NULL. + */ +char * +get_writable_keyblock_file( int secret ) +{ + int i = secret? default_secret_resource : default_public_resource; + + if( resource_table[i].used && !resource_table[i].secret == !secret ) { + if( !access( resource_table[i].fname, R_OK|W_OK ) ) { + return m_strdup( resource_table[i].fname ); + } + } + for(i=0; i < MAX_RESOURCES; i++ ) { + if( resource_table[i].used && !resource_table[i].secret == !secret ) { + if( !access( resource_table[i].fname, R_OK|W_OK ) ) { + return m_strdup( resource_table[i].fname ); + } + } + } + /* Assume the home dir is always writable */ + return make_filename(opt.homedir, secret? "secring.gpg" + : "pubring.gpg", NULL ); +} + /**************** * Search a keyblock which starts with the given packet and puts all diff --git a/include/util.h b/include/util.h index 1b74aa119..4c475927c 100644 --- a/include/util.h +++ b/include/util.h @@ -132,6 +132,7 @@ const char *strusage( int level ); struct dotlock_handle; typedef struct dotlock_handle *DOTLOCK; +void disable_dotlock(void); DOTLOCK create_dotlock( const char *file_to_lock ); int make_dotlock( DOTLOCK h, long timeout ); int release_dotlock( DOTLOCK h ); diff --git a/util/ChangeLog b/util/ChangeLog index 4106b075d..d4dde67a8 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,7 @@ +Fri Apr 14 19:37:08 CEST 2000 Werner Koch <[email protected]> + + * dotlock.c (disable_dotlock): New. Implmented this in the module. + 2000-03-09 14:04:22 Werner Koch ([email protected]) * argparse.c (default_strusage): Changed year of default copyright. diff --git a/util/dotlock.c b/util/dotlock.c index 369a3d42a..fc8ddae36 100644 --- a/util/dotlock.c +++ b/util/dotlock.c @@ -1,5 +1,5 @@ /* dotlock.c - dotfile locking - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998,2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -42,14 +42,22 @@ struct dotlock_handle { char *tname; /* name of lockfile template */ char *lockname; /* name of the real lockfile */ int locked; /* lock status */ + int disable; /* locking */ }; static DOTLOCK all_lockfiles; +static int never_lock; static int read_lockfile( const char *name ); static void remove_lockfiles(void); +void +disable_dotlock(void) +{ + never_lock = 1; +} + /**************** * Create a lockfile with the given name and return an object of * type DOTLOCK which may be used later to actually do the lock. @@ -88,6 +96,17 @@ create_dotlock( const char *file_to_lock ) return NULL; h = m_alloc_clear( sizeof *h ); + if( never_lock ) { + h->disable = 1; + #ifdef _REENTRANT + /* fixme: aquire mutex on all_lockfiles */ + #endif + h->next = all_lockfiles; + all_lockfiles = h; + return h; + } + + #ifndef HAVE_DOSISH_SYSTEM sprintf( pidstr, "%10d\n", (int)getpid() ); /* fixme: add the hostname to the second line (FQDN or IP addr?) */ @@ -191,6 +210,10 @@ make_dotlock( DOTLOCK h, long timeout ) const char *maybe_dead=""; int backoff=0; + if( h->disable ) { + return 0; + } + if( h->locked ) { log_debug("oops, `%s' is already locked\n", h->lockname ); return 0; @@ -259,6 +282,10 @@ release_dotlock( DOTLOCK h ) #else int pid; + if( h->disable ) { + return 0; + } + if( !h->locked ) { log_debug("oops, `%s' is not locked\n", h->lockname ); return 0; @@ -333,11 +360,13 @@ remove_lockfiles() while( h ) { h2 = h->next; - if( h->locked ) - unlink( h->lockname ); - unlink(h->tname); - m_free(h->tname); - m_free(h->lockname); + if( !h->disable ) { + if( h->locked ) + unlink( h->lockname ); + unlink(h->tname); + m_free(h->tname); + m_free(h->lockname); + } m_free(h); h = h2; } |