8 files changed, 132 insertions, 34 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 0f5c6417a..ca1d2ae8e 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,15 @@
+2009-12-21  Werner Koch  <[email protected]>
+
+	* gpg.c (main): Add dummy options --skip-hidden-recipients and no
+	variant.
+
+	* call-agent.c (agent_get_s2k_count): New.
+	* gpg.c (main):  Set s2k_count to 0.
+	* (encode_s2k_iterations): Move ...
+	* passphrase.c (encode_s2k_iterations): ... here.  Call
+	agent_get_s2k_count if called with a 0 arg.
+	(passphrase_to_dek_ext): Set S2K_COUNT via encode_s2k_iterations.
+
 2009-12-17  Werner Koch  <[email protected]>
 
 	* sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag.
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 12ecd9d57..d4e55e5b2 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1254,3 +1254,38 @@ gpg_agent_get_confirmation (const char *desc)
 }
 
 
+/* Return the S2K iteration count as computed by gpg-agent.  */
+gpg_error_t
+agent_get_s2k_count (unsigned long *r_count)
+{
+  gpg_error_t err;
+  membuf_t data;
+  char *buf;
+
+  *r_count = 0;
+
+  err = start_agent (0);
+  if (err)
+    return err;
+
+  init_membuf (&data, 32);
+  err = assuan_transact (agent_ctx, "GETINFO s2k_count", 
+                        membuf_data_cb, &data,
+                        NULL, NULL, NULL, NULL);
+  if (err)
+    xfree (get_membuf (&data, NULL));
+  else 
+    {
+      put_membuf (&data, "", 1);
+      buf = get_membuf (&data, NULL);
+      if (!buf)
+        err = gpg_error_from_syserror ();
+      else
+        {
+          *r_count = strtoul (buf, NULL, 10);
+          xfree (buf);
+        }
+    }
+  return err;
+}
+
diff --git a/g10/call-agent.h b/g10/call-agent.h
index a89f483de..9088e4a5b 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -137,6 +137,9 @@ gpg_error_t agent_clear_passphrase (const char *cache_id);
 /* Present the prompt DESC and ask the user to confirm.  */
 gpg_error_t gpg_agent_get_confirmation (const char *desc);
 
+/* Return the S2K iteration count as computed by gpg-agent.  */
+gpg_error_t agent_get_s2k_count (unsigned long *r_count);
+
 
 #endif /*GNUPG_G10_CALL_AGENT_H*/
 
diff --git a/g10/card-util.c b/g10/card-util.c
index 61fd3112e..96a994c98 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -948,7 +948,7 @@ change_cert (const char *args)
     }
   else
     {
-      tty_printf ("usage error: redirectrion to file required\n");
+      tty_printf ("usage error: redirection to file required\n");
       return -1;
     }
 
@@ -977,7 +977,7 @@ read_cert (const char *args)
     }
   else
     {
-      tty_printf ("usage error: redirectrion to file required\n");
+      tty_printf ("usage error: redirection to file required\n");
       return -1;
     }
 
diff --git a/g10/gpg.c b/g10/gpg.c
index 4581488b5..8fea30be8 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -233,6 +233,8 @@ enum cmd_and_opt_values
     oWithSigList,
     oWithSigCheck,
     oSkipVerify,
+    oSkipHiddenRecipients,
+    oNoSkipHiddenRecipients,
     oCompressKeys,
     oCompressSigs,
     oAlwaysTrust,
@@ -626,6 +628,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (aListSigs, "list-sig", "@"),   /* alias */
   ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
   ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
+  ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
+  ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
+  ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
   ARGPARSE_s_n (oCompressKeys, "compress-keys", "@"),
   ARGPARSE_s_n (oCompressSigs, "compress-sigs", "@"),
   ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
@@ -1789,33 +1794,6 @@ parse_trust_model(const char *model)
 }
 
 
-/* Pack an s2k iteration count into the form specified in 2440.  If
-   we're in between valid values, round up. */
-static unsigned char
-encode_s2k_iterations(int iterations)
-{
-  unsigned char c=0,result;
-  unsigned int count;
-
-  if(iterations<=1024)
-    return 0;
-
-  if(iterations>=65011712)
-    return 255;
-
-  /* Need count to be in the range 16-31 */
-  for(count=iterations>>6;count>=32;count>>=1)
-    c++;
-
-  result=(c<<4)|(count-16);
-
-  if(S2K_DECODE_COUNT(result)<iterations)
-    result++;
-
-  return result;
-}
-
-
 /* This fucntion called to initialized a new control object.  It is
    assumed that this object has been zeroed out before calling this
    function. */
@@ -1991,7 +1969,7 @@ main (int argc, char **argv)
     opt.cert_digest_algo = 0;
     opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
     opt.s2k_mode = 3; /* iterated+salted */
-    opt.s2k_count = 96; /* 65536 iterations */
+    opt.s2k_count = 0; /* Auto-calibrate when needed.  */
 #ifdef USE_CAST5
     opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
 #else
@@ -2346,6 +2324,12 @@ main (int argc, char **argv)
           case oWithSigList: opt.list_sigs = 1; break;  
 
 	  case oSkipVerify: opt.skip_verify=1; break;
+
+	  case oSkipHiddenRecipients: 
+	  case oNoSkipHiddenRecipients: 
+            /* Dummies for options to be used in 2.1.  */
+            break;
+
 	  case oCompressKeys: opt.compress_keys = 1; break;
 	  case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
 	    /* There are many programs (like mutt) that call gpg with
@@ -2507,7 +2491,10 @@ main (int argc, char **argv)
 	  case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
 	  case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
 	  case oS2KCount:
-	    opt.s2k_count=encode_s2k_iterations(pargs.r.ret_int);
+	    if (pargs.r.ret_int)
+              opt.s2k_count = encode_s2k_iterations (pargs.r.ret_int);
+            else
+              opt.s2k_count = 0;  /* Auto-calibrate when needed.  */
 	    break;
           case oSimpleSKChecksum: opt.simple_sk_checksum = 1; break;
 	  case oNoEncryptTo: opt.no_encrypt_to = 1; break;
diff --git a/g10/keydb.h b/g10/keydb.h
index ca3ca77ec..52ede1611 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -196,6 +196,7 @@ int  build_sk_list( strlist_t locusr, SK_LIST *ret_sk_list,
 					    int unlock, unsigned use );
 
 /*-- passphrase.h --*/
+unsigned char encode_s2k_iterations (int iterations);
 assuan_context_t agent_open (int try, const char *orig_codeset);
 void agent_close (assuan_context_t ctx);
 int  have_static_passphrase(void);
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 9fddebf0e..eb1701b51 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -50,6 +50,58 @@ static char *next_pw = NULL;
 static char *last_pw = NULL;
 
 
+
+/* Pack an s2k iteration count into the form specified in 2440.  If
+   we're in between valid values, round up.  With value 0 return the
+   old default.  */
+unsigned char
+encode_s2k_iterations (int iterations)
+{
+  gpg_error_t err;
+  unsigned char c=0;
+  unsigned char result;
+  unsigned int count;
+
+  if (!iterations)
+    {
+      unsigned long mycnt;
+
+      /* Ask the gpg-agent for a useful iteration count.  */
+      err = agent_get_s2k_count (&mycnt);
+      if (err || mycnt < 65536)
+        {
+          /* Don't print an error if an older agent is used.  */
+          if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
+            log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
+          /* Default to 65536 which we used up to 2.0.13.  */
+          return 96; 
+        }
+      else if (mycnt >= 65011712)
+        return 255; /* Largest possible value.  */
+      else
+        return encode_s2k_iterations ((int)mycnt);
+    }
+
+  if (iterations <= 1024)
+    return 0;  /* Command line arg compatibility.  */
+
+  if (iterations >= 65011712)
+    return 255;
+  
+  /* Need count to be in the range 16-31 */
+  for (count=iterations>>6; count>=32; count>>=1)
+    c++;
+
+  result = (c<<4)|(count-16);
+
+  if (S2K_DECODE_COUNT(result) < iterations)
+    result++;
+  
+  return result;
+}
+
+
+
 /* Hash a passphrase using the supplied s2k. 
    Always needs: dek->algo, s2k->mode, s2k->hash_algo.  */
 static void
@@ -474,7 +526,15 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
     {
       gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
       if ( s2k->mode == 3 )
-        s2k->count = opt.s2k_count;
+        {
+          /* We delay the encoding until it is really needed.  This is
+             if we are going to dynamically calibrate it, we need to
+             call out to gpg-agent and that should not be done during
+             option processing in main().  */
+          if (!opt.s2k_count)
+            opt.s2k_count = encode_s2k_iterations (0);
+          s2k->count = opt.s2k_count;
+        }
     }
 
   /* If we do not have a passphrase available in NEXT_PW and status
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 2db971526..c83e16984 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1661,7 +1661,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
       /* Everything else we delete */
 
       /* At this point, if 12 is set, the signing key was unavailable.
-	 If 9 or 10 is set, it's superceded.  Otherwise, it's
+	 If 9 or 10 is set, it's superseded.  Otherwise, it's
 	 invalid. */
 
       if(noisy)
@@ -1669,7 +1669,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
 		 keystr(node->pkt->pkt.signature->keyid),
 		 uidnode->pkt->pkt.user_id->name,
 		 node->flag&(1<<12)?"key unavailable":
-		 node->flag&(1<<9)?"signature superceded":"invalid signature");
+		 node->flag&(1<<9)?"signature superseded":"invalid signature");
 
       delete_kbnode(node);
       deleted++;