diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | INSTALL | 9 | ||||
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | TODO | 4 | ||||
| -rw-r--r-- | VERSION | 1 | ||||
| -rw-r--r-- | acconfig.h | 3 | ||||
| -rw-r--r-- | cipher/ChangeLog | 7 | ||||
| -rw-r--r-- | cipher/rndegd.c | 19 | ||||
| -rw-r--r-- | cipher/rndlinux.c | 7 | ||||
| -rw-r--r-- | configure.in | 12 | ||||
| -rw-r--r-- | doc/gpg.sgml | 4 | ||||
| -rw-r--r-- | g10/ChangeLog | 9 | ||||
| -rw-r--r-- | g10/openfile.c | 16 | ||||
| -rw-r--r-- | g10/parse-packet.c | 15 |
14 files changed, 100 insertions, 16 deletions
@@ -1,3 +1,9 @@ +Fri Aug 25 16:05:38 CEST 2000 Werner Koch <[email protected]> + + * configure.in: Changes to allow for Solaris random device. + By Nils Ellmenreich. + (--with-egd-socket): New. + Wed Aug 23 19:52:51 CEST 2000 Werner Koch <[email protected]> * acinclude.m4 (GNUPG_CHECK_MLOCK): Removed that silly mkdir(). @@ -18,6 +18,15 @@ Configure options for GNUPG none - Do not linkl any module in but rely on a dynmically loaded modules. +--with-egd-socket=<name> This is only used when EGD is used as random + gatherer. GnuPG uses by default "~/.gnupg/entropy" + as the socket to connect EGD. Using this option the + socket name can be changed. You may use any filename + here with 2 exceptions: a filename starting with + "~/" uses the socket in the homedirectory of the user + and one starting with a "=" uses a socket in the + GnuPG homedirectory which is bye default "~/.gnupg". + --with-included-zlib Forces usage of the local zlib sources. Default is to use the (shared) library of the system. @@ -11,7 +11,9 @@ Noteworthy changes in the current CVS branch STABLE-BRANCH-1-0 to help the British folks to somewhat minimize the danger of this Orwellian RIP bill. - * New options --merge-only and --try-all-secrets + * New options --merge-only and --try-all-secrets. + + * New configuration option --with-egd-socket. Noteworthy changes in version 1.0.2 (2000-07-12) @@ -1,8 +1,6 @@ * configure option to set EGD entropy socket name - * handle --output /dev/null - * Don't get the ultimately trusted keys from the secring but store it permanently in the trustdb. This way we don't need a secring at all. @@ -81,3 +79,5 @@ Nice to have * Evaluate whether it make sense to replace the namehashs either by using the user ID directly or by using pointers into the trustdb. + + @@ -1 +1,2 @@ 1.0.2b + diff --git a/acconfig.h b/acconfig.h index 2ed4fd61a..c4d7a834b 100644 --- a/acconfig.h +++ b/acconfig.h @@ -72,6 +72,9 @@ /* Linux has an ioctl */ #undef HAVE_DEV_RANDOM_IOCTL +/* see cipher/rndegd.c */ +#undef EGD_SOCKET_NAME + #undef USE_DYNAMIC_LINKING #undef HAVE_DL_DLOPEN diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 06466ca5e..b4195dd3c 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,10 @@ +Fri Aug 25 16:05:38 CEST 2000 Werner Koch <[email protected]> + + * rndlinux.c (open_device): Loose random device checking. + By Nils Ellmenreich. + + * rndegd.c (gather_random): Name of socket is nom configurable. + Wed Jun 28 11:54:44 CEST 2000 Werner Koch <wk@> * rsa.c, rsa.h: New based on the old module version (only in CVS for now). diff --git a/cipher/rndegd.c b/cipher/rndegd.c index 97395b959..0e4b414b8 100644 --- a/cipher/rndegd.c +++ b/cipher/rndegd.c @@ -114,13 +114,28 @@ gather_random( void (*add)(const void*, size_t, int), int requester, } } if( fd == -1 ) { - char *name = make_filename( g10_opt_homedir, "entropy", NULL ); + const char *bname = NULL; + char *name; struct sockaddr_un addr; int addr_len; + + #ifdef EGD_SOCKET_NAME + bname = EGD_SOCKET_NAME; + #endif + if ( !bname || !*bname ) + bname = "entropy"; + + if ( *bname == '=' && bname[1] ) + name = make_filename( g10_opt_homedir, bname+1 , NULL ); + else + name = make_filename( bname , NULL ); + + if ( strlen(name)+1 >= sizeof addr.sun_path ) + g10_log_fatal ("EGD socketname is too long\n"); memset( &addr, 0, sizeof addr ); addr.sun_family = AF_UNIX; - strcpy( addr.sun_path, name ); /* fixme: check that it is long enough */ + strcpy( addr.sun_path, name ); addr_len = offsetof( struct sockaddr_un, sun_path ) + strlen( addr.sun_path ); diff --git a/cipher/rndlinux.c b/cipher/rndlinux.c index 6f80a8def..4ac8bb310 100644 --- a/cipher/rndlinux.c +++ b/cipher/rndlinux.c @@ -70,7 +70,7 @@ get_entropy_count( int fd ) #endif /**************** - * Used to open the Linux and xBSD /dev/random devices + * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists), ...) */ static int open_device( const char *name, int minor ) @@ -83,8 +83,9 @@ open_device( const char *name, int minor ) g10_log_fatal("can't open %s: %s\n", name, strerror(errno) ); if( fstat( fd, &sb ) ) g10_log_fatal("stat() off %s failed: %s\n", name, strerror(errno) ); - if( !S_ISCHR(sb.st_mode) ) - g10_log_fatal("invalid random device!\n" ); + /* Don't check device type for better portability */ + /* if( (!S_ISCHR(sb.st_mode)) && (!S_ISFIFO(sb.st_mode)) ) + g10_log_fatal("invalid random device!\n" ); */ return fd; } diff --git a/configure.in b/configure.in index 9a22b56e1..270a2636c 100644 --- a/configure.in +++ b/configure.in @@ -49,6 +49,10 @@ case "$use_static_rnd" in ;; esac +AC_ARG_WITH(egd-socket, + [ --with-egd-socket=NAME Use NAME for the EGD socket)], + egd_socket_name="$withval", egd_socket_name="" ) +AC_DEFINE_UNQUOTED(EGD_SOCKET_NAME, "$egd_socket_name") dnl @@ -262,6 +266,12 @@ case "${target}" in DYNLINK_MOD_CFLAGS="-shared -rdynamic -fpic -Wl,-Bshareable -Wl,-x" ;; + *-solaris*) + NAME_OF_DEV_RANDOM="/dev/random" + NAME_OF_DEV_URANDOM="/dev/random" + DYNLINK_MOD_CFLAGS="-shared $CFLAGS_PIC" + ;; + *) NAME_OF_DEV_RANDOM="/dev/random" NAME_OF_DEV_URANDOM="/dev/urandom" @@ -442,7 +452,7 @@ dnl check whether we have a random device dnl if test "$try_dev_random" = yes ; then AC_CACHE_CHECK(for random device, ac_cv_have_dev_random, - [if test -c "$NAME_OF_DEV_RANDOM" && test -c "$NAME_OF_DEV_URANDOM" ; then + [if test -r "$NAME_OF_DEV_RANDOM" && test -r "$NAME_OF_DEV_URANDOM" ; then ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; fi]) if test "$ac_cv_have_dev_random" = yes; then AC_DEFINE(HAVE_DEV_RANDOM) diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 1b70b65d0..d6bce9e06 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -1060,8 +1060,8 @@ for conventional encryption. <term>--compress-algo &ParmN;</term> <listitem><para> Use compress algorithm &ParmN;. Default is 2 which is -RFC1950 compression. You may use 1 to use the old zlib -version which is used by PGP. The default algorithm may +RFC1950 compression. You may use 1 to use the old zlib +version (RFC1951) which is used by PGP. The default algorithm may give better results because the window size is not limited to 8K. If this is not used the OpenPGP behavior is used, i.e. the compression algorithm is selected from the diff --git a/g10/ChangeLog b/g10/ChangeLog index 31d777ad7..79ea0a102 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +Fri Aug 25 16:05:38 CEST 2000 Werner Koch <[email protected]> + + * parse-packet.c (dump_sig_subpkt): Print info about the ARR. + + * openfile.c (overwrite_filep): Always return okay if the file is + called /dev/null. + (make_outfile_name): Add ".sign" to the list of know extensions. + (open_sigfile): Ditto. + Wed Aug 23 19:52:51 CEST 2000 Werner Koch <[email protected]> * g10.c: New option --allow-freeform-uid. By Jeroen C. van Gelderen. diff --git a/g10/openfile.c b/g10/openfile.c index a00785e96..394bec32e 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -70,6 +70,11 @@ overwrite_filep( const char *fname ) if( access( fname, F_OK ) ) return 1; /* does not exist */ +#ifndef HAVE_DOSISH_SYSTEM + if ( !strcmp ( fname, "/dev/null" ) ) + return 1; /* does not do any harm */ +#endif + /* fixme: add some backup stuff in case of overwrite */ if( opt.answer_yes ) return 1; @@ -105,6 +110,11 @@ make_outfile_name( const char *iname ) buf[n-4] = 0; return buf; } + else if( n > 5 && !CMP_FILENAME(iname+n-5,".sign") ) { + char *buf = m_strdup( iname ); + buf[n-5] = 0; + return buf; + } log_info(_("%s: unknown suffix\n"), iname ); return NULL; @@ -241,7 +251,8 @@ open_sigfile( const char *iname ) if( iname && !(*iname == '-' && !iname[1]) ) { len = strlen(iname); if( len > 4 && ( !strcmp(iname + len - 4, ".sig") - || !strcmp(iname + len - 4, ".asc")) ) { + || ( len > 5 && !strcmp(iname + len - 5, ".sign") ) + || !strcmp(iname + len - 4, ".asc")) ) { char *buf; buf = m_strdup(iname); buf[len-4] = 0 ; @@ -321,3 +332,6 @@ try_make_homedir( const char *fname ) } } + + + diff --git a/g10/parse-packet.c b/g10/parse-packet.c index f63f051b3..eb7cedac7 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -739,9 +739,6 @@ dump_sig_subpkt( int hashed, int type, int critical, printf("key expires after %s", strtimevalue( buffer_to_u32(buffer) ) ); break; - case SIGSUBPKT_ARR: - p = "additional recipient request"; - break; case SIGSUBPKT_PREF_SYM: fputs("pref-sym-algos:", stdout ); for( i=0; i < length; i++ ) @@ -817,12 +814,22 @@ dump_sig_subpkt( int hashed, int type, int critical, p = "signer's user ID"; break; case SIGSUBPKT_REVOC_REASON: - if( length ) { + if( length ) { printf("revocation reason 0x%02x (", *buffer ); print_string( stdout, buffer+1, length-1, ')' ); p = ")"; } break; + case SIGSUBPKT_ARR: + fputs("Big Brother's key (ignored): ", stdout ); + if( length < 22 ) + p = "[too short]"; + else { + printf("c=%02x a=%d f=", buffer[0], buffer[1] ); + for( i=2; i < length; i++ ) + printf("%02X", buffer[i] ); + } + break; case SIGSUBPKT_PRIV_ADD_SIG: p = "signs additional user ID"; break; |