14 years ago* README: Update copyright.
David Shaw [Thu, 26 Feb 2004 04:40:57 +0000 (04:40 +0000)]
* README: Update copyright.

* NEWS: Note --max-output, --list-config, --min-cert-level, AIX fix, new
http-proxy keyserver-option, new LDAP server code, TLS, LDAPS, and
--show-session-key with --symmetric.

14 years ago* delkey.c (do_delete_key): Allow deleting a public key with a secret
David Shaw [Thu, 26 Feb 2004 02:03:27 +0000 (02:03 +0000)]
* delkey.c (do_delete_key): Allow deleting a public key with a secret
present if --expert is set.

* plaintext.c (handle_plaintext): Make bytecount static so it works with
multiple literal packets inside a message.

* encode.c, helptext.c (keygen.algo, keygen.algo.elg_se), keygen.c
(ask_algo), sig-check.c (do_check_messages), skclist.c (build_sk_list):
Rename "ElGamal" to "Elgamal" as that is the proper spelling nowadays.
Suggested by Jon Callas.

14 years ago* gpgkeys_ldap.c (send_key): List pgpCertID as one of the deleted
David Shaw [Thu, 26 Feb 2004 01:29:26 +0000 (01:29 +0000)]
* gpgkeys_ldap.c (send_key): List pgpCertID as one of the deleted
attributes.  This guarantees that if something goes wrong, we won't be
able to complete the transaction, thus leaving any key already existing on
the server intact.

14 years ago* plaintext.c: Copyright.
David Shaw [Tue, 24 Feb 2004 23:37:18 +0000 (23:37 +0000)]
* plaintext.c: Copyright.

* encode.c (encode_simple): Show cipher with --verbose.

* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level.  If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.

* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.

14 years ago(lock_pool) [_AIX]: Also set errno.
Werner Koch [Tue, 24 Feb 2004 16:06:55 +0000 (16:06 +0000)]
(lock_pool) [_AIX]: Also set errno.

14 years ago* gpgkeys_ldap.c (delete_one_attr): Removed. (make_one_attr): Delete
David Shaw [Tue, 24 Feb 2004 03:57:21 +0000 (03:57 +0000)]
* gpgkeys_ldap.c (delete_one_attr): Removed. (make_one_attr): Delete
functionality added.  Optional deduping functionality added (currently
only used for pgpSignerID). (build_attrs): Translate sig entries into
pgpSignerID.  Properly build the timestamp for pgpKeyCreateTime and

14 years ago* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
David Shaw [Mon, 23 Feb 2004 04:00:51 +0000 (04:00 +0000)]
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
--min-cert-check-level option to specify minimum cert check level.
Defaults to 2 (so 0x11 sigs are ignored).  0x10 sigs cannot be ignored.

14 years ago* gpgkeys_ldap.c (delete_one_attr): New function to replace attributes
David Shaw [Mon, 23 Feb 2004 03:43:45 +0000 (03:43 +0000)]
* gpgkeys_ldap.c (delete_one_attr): New function to replace attributes
with NULL (a "delete" that works even for nonexistant attributes).
(send_key): Use it here to remove attributes so a modify operation starts
with a clean playing field.  Bias sends to modify before add, since (I
suspect) people update their existing keys more often than they make and
send new keys to the server.

15 years ago* plaintext.c (handle_plaintext): Properly handle a --max-output of zero
David Shaw [Sun, 22 Feb 2004 04:16:31 +0000 (04:16 +0000)]
* plaintext.c (handle_plaintext): Properly handle a --max-output of zero
(do not limit output at all).

15 years ago* keyserver.c (keyserver_spawn): Use the full 64-bit keyid in the INFO
David Shaw [Sun, 22 Feb 2004 00:36:34 +0000 (00:36 +0000)]
* keyserver.c (keyserver_spawn): Use the full 64-bit keyid in the INFO
header lines, and include "sig:" records for the benefit of people who
store their keys in LDAP servers.  It makes it easy to do queries for
things like "all keys signed by Isabella".

15 years ago* gpgkeys_ldap.c (epoch2ldaptime): New. Converse of ldap2epochtime.
David Shaw [Sun, 22 Feb 2004 00:08:53 +0000 (00:08 +0000)]
* gpgkeys_ldap.c (epoch2ldaptime): New.  Converse of ldap2epochtime.
(make_one_attr): New. Build a modification list in memory to send to the
LDAP server. (build_attrs): New. Parse INFO lines sent over by gpg.
(free_mod_values): New.  Unwinds a modification list.
(send_key_keyserver): Renamed from old send_key(). (send_key): New
function to send a key to a LDAP server. (main): Use send_key() for real
LDAP servers, send_key_keyserver() otherwise.

15 years ago* util.h: Prototype for hextobyte().
David Shaw [Sat, 21 Feb 2004 22:13:39 +0000 (22:13 +0000)]
* util.h: Prototype for hextobyte().

15 years ago* miscutil.c (hextobyte): Moved here from g10/misc.c so I can use it in
David Shaw [Sat, 21 Feb 2004 22:12:29 +0000 (22:12 +0000)]
* miscutil.c (hextobyte): Moved here from g10/misc.c so I can use it in
the keyserver helpers.

15 years ago* main.h, misc.c (hextobyte): Removed. It's in libutil.a now.
David Shaw [Sat, 21 Feb 2004 22:11:23 +0000 (22:11 +0000)]
* main.h, misc.c (hextobyte): Removed.  It's in libutil.a now.

15 years ago* keyserver.c (keyserver_export): Disallow user strings that aren't key
David Shaw [Fri, 20 Feb 2004 20:18:49 +0000 (20:18 +0000)]
* keyserver.c (keyserver_export): Disallow user strings that aren't key
IDs. (keyserver_import): Clarify error message. (keyserver_spawn):
Properly handle 8 bit characters in user IDs in the info lines during

15 years ago* Check for timegm(). Replacement functions for setenv()
David Shaw [Fri, 20 Feb 2004 15:11:57 +0000 (15:11 +0000)]
* Check for timegm().  Replacement functions for setenv()
and unsetenv().

15 years ago* mkdtemp.c: New (moved from g10/), setenv.c: New, unsetenv.c: New.
David Shaw [Fri, 20 Feb 2004 15:10:36 +0000 (15:10 +0000)]
* mkdtemp.c: New (moved from g10/), setenv.c: New, unsetenv.c: New.

* Include @LIBOBJS@ for replacement functions.

15 years ago* mkdtemp.c: Removed.
David Shaw [Fri, 20 Feb 2004 15:04:56 +0000 (15:04 +0000)]
* mkdtemp.c: Removed.

* We get mkdtemp.c from libutil.a now, so don't link with

* keyserver.c (keyserver_spawn): Pass the scheme to the keyserver helper.

15 years ago* gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv.
David Shaw [Fri, 20 Feb 2004 14:59:02 +0000 (14:59 +0000)]
* gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv.
(search_key): Catch a SIZELIMIT_EXCEEDED error and show the user whatever
the server did give us. (find_basekeyspacedn): There is no guarantee that
namingContexts will be readable.

* Link gpgkeys_ldap with libutil.a to get the replacement
functions (and eventually translations, etc).

15 years ago* gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do not
David Shaw [Thu, 19 Feb 2004 21:32:15 +0000 (21:32 +0000)]
* gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do not
correct for timezones. (main): Find the basekeyspacedn before we try to
start TLS, so we can give a better error message when a user tries to use
TLS with a LDAP keyserver.

15 years ago* Check for ln -s and add GPGKEYS_LDAP conditional, both for
David Shaw [Thu, 19 Feb 2004 20:10:38 +0000 (20:10 +0000)]
* Check for ln -s and add GPGKEYS_LDAP conditional, both for
making gpgkeys_ldaps symlink to gpgkeys_ldap.

15 years ago* Add automake conditionals to symlink gpgkeys_ldaps to
David Shaw [Thu, 19 Feb 2004 20:09:12 +0000 (20:09 +0000)]
* Add automake conditionals to symlink gpgkeys_ldaps to
gpgkeys_ldap when needed.

* gpgkeys_ldap.c (main): Add support for LDAPS and TLS connections.
These are only useful and usable when talking to real LDAP keyservers.
Add new "tls" option to tune TLS use from off, to try quietly, to try
loudly, or to require TLS.

15 years ago* Simplify the LDAP checking code since OpenLDAP is far more
David Shaw [Thu, 19 Feb 2004 16:34:32 +0000 (16:34 +0000)]
* Simplify the LDAP checking code since OpenLDAP is far more
mature these days and dependencies are cleaner.  Add checks for
ldap_set_option and ldap_start_tls_s.

15 years ago* gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out what
David Shaw [Thu, 19 Feb 2004 15:09:14 +0000 (15:09 +0000)]
* gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out what
kind of LDAP server we're talking to (either real LDAP or the LDAP
keyserver), and return the baseKeySpaceDN to find keys under. (main): Call
it from here, and remove the old code that only handled the LDAP

15 years ago* options.h, g10.c (main), plaintext.c (handle_plaintext): Add
David Shaw [Wed, 18 Feb 2004 23:09:27 +0000 (23:09 +0000)]
* options.h, g10.c (main), plaintext.c (handle_plaintext): Add
--max-output option to help people deal with decompression bombs.

15 years ago* gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that LDAP_OPT_ERROR_NUMBER
David Shaw [Wed, 18 Feb 2004 23:05:47 +0000 (23:05 +0000)]
* gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that LDAP_OPT_ERROR_NUMBER
is defined before we use it.

* Fix VERSION number.

15 years ago* build-packet.c (do_user_id): Do not force a header for attribute packets
David Shaw [Sun, 15 Feb 2004 15:54:02 +0000 (15:54 +0000)]
* build-packet.c (do_user_id): Do not force a header for attribute packets
as they require a new CTB, and we don't support forced headers for new
CTBs yet.

15 years ago* build-packet.c (write_header2): If a suggested header length is provided
David Shaw [Sun, 15 Feb 2004 00:04:32 +0000 (00:04 +0000)]
* build-packet.c (write_header2): If a suggested header length is provided
along with a zero length, interpret this as an actual zero length packet
and not as an indeterminate length packet. (do_comment, do_user_id): Use
it here as these packets might be naturally zero length.

* parse-packet.c (parse): Show packet type when failing due to an
indeterminate length packet.

* misc.c (parse_options): Only provide args for the true (i.e. not
"no-xxx") form of options.

15 years ago* keyserver.c (argsep): Move to misc.c.
David Shaw [Sat, 14 Feb 2004 05:03:45 +0000 (05:03 +0000)]
* keyserver.c (argsep): Move to misc.c.

* main.h, misc.c (parse_options), export.c (parse_export_options),
import.c (parse_import_options), g10.c (main): Use it here to allow for
options with optional arguments.  Change all callers.

15 years ago* import.c (check_prefs): Some language fixes. (sec_to_pub_keyblock,
David Shaw [Sat, 14 Feb 2004 01:54:12 +0000 (01:54 +0000)]
* import.c (check_prefs): Some language fixes. (sec_to_pub_keyblock,
import_secret_one): Without knowing the number of MPIs there are, we
cannot try and sk-to-pk-ize a key.

15 years ago* gnupg.7: Clarify that 'gpgv' doesn't encrypt, and that's not a bug.
David Shaw [Thu, 12 Feb 2004 20:46:18 +0000 (20:46 +0000)]
* gnupg.7: Clarify that 'gpgv' doesn't encrypt, and that's not a bug.

* samplekeys.asc: Update 99242560.

* gpg.sgml: Clarify -u/--local-user and --default-key.  Note what happens
if you run 'gpg' without any commands.  Document --multifile.  Document
list-option show-unusable-subkeys.

15 years ago* import.c (check_prefs): New function to check preferences on a public
David Shaw [Thu, 12 Feb 2004 19:18:27 +0000 (19:18 +0000)]
* import.c (check_prefs): New function to check preferences on a public
key to ensure that it does not advertise any that we cannot fulfill.  Use
the keyedit command list function to optionally rewrite the prefs.
(import_one, import_secret_one): Use it here when importing a public key
that we have the secret half of, or when importing a secret key that we
have the public half of.

15 years ago* main.h, keyedit.c (keyedit_menu): Remove sign_mode and enhance the more
David Shaw [Thu, 12 Feb 2004 18:32:09 +0000 (18:32 +0000)]
* main.h, keyedit.c (keyedit_menu): Remove sign_mode and enhance the more
general command list functionality to replace it.

* g10.c (main): Use the general command functionality to implement
--sign-key, --lsign-key, --nrsign-key, and --nrlsign-key.

15 years ago* import.c (import_one): Do the revocation check even in the case when a
David Shaw [Thu, 12 Feb 2004 16:31:07 +0000 (16:31 +0000)]
* import.c (import_one): Do the revocation check even in the case when a
key, a revocation key set in a direct key signature, and a revocation from
that revocation key, all arrive piecemeal. Needless to say, this is pretty

15 years ago* options.h, g10.c (main), keylist.c (list_keyblock_print): Add
David Shaw [Wed, 11 Feb 2004 13:46:23 +0000 (13:46 +0000)]
* options.h, g10.c (main), keylist.c (list_keyblock_print): Add
"show-unusable-subkeys" list-option to show revoked and/or expired

15 years ago* keyedit.c (keyedit_menu): Prompt for subkey removal for both secret and
David Shaw [Wed, 11 Feb 2004 04:32:52 +0000 (04:32 +0000)]
* keyedit.c (keyedit_menu): Prompt for subkey removal for both secret and
public subkeys.

* keylist.c (list_keyblock_print), keyedit.c (show_key_with_all_names):
Show the revocation date of a key/subkey, and general formatting work.

* packet.h, getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
merge_selfsigs): Keep track of the revocation date of a key.

* keydb.h, keyid.c (revokestr_from_pk): New function to print the
revocation date of a key.

15 years ago* keygen.c (keygen_set_std_prefs): Build the default preferences list at
David Shaw [Tue, 10 Feb 2004 22:42:34 +0000 (22:42 +0000)]
* keygen.c (keygen_set_std_prefs): Build the default preferences list at
runtime as it properly handles algorithms disabled at build or run time.

* getkey.c (merge_selfsigs_main): Properly handle expired user IDs when
the expired self-sig is not the only self-sig.

* misc.c (compress_algo_to_string): Return NULL on failure like all of the
other xxxx_algo_to_string() functions.

* mainproc.c (list_node): Minor spacing tweak to match --list-keys output.

* keylist.c (list_keyblock_print), mainproc.c (list_node): Mark revoked
subkeys as revoked.  Requested by Matthew Wilcox.  Revoked overrides
expiration when both apply.

* keyedit.c (show_prefs): Use compress algo constants.
(show_basic_key_info): Make revoked and expired tags translatable.

* g10.c (rm_group): Properly ungroup from a list of groups.

15 years ago* clearsig.test, sigs.test: Properly detect RSA being missing, and use the
David Shaw [Mon, 9 Feb 2004 19:44:36 +0000 (19:44 +0000)]
* clearsig.test, sigs.test: Properly detect RSA being missing, and use the
proper key for doing an RSA test.

15 years ago* DETAILS: Details for --list-config.
David Shaw [Fri, 30 Jan 2004 19:03:22 +0000 (19:03 +0000)]
* DETAILS: Details for --list-config.

* gpg.sgml: Document --ungroup and --list-config.

15 years ago* g10.c (main, rm_group): Add --ungroup command to remove a particular
David Shaw [Fri, 30 Jan 2004 16:49:28 +0000 (16:49 +0000)]
* g10.c (main, rm_group): Add --ungroup command to remove a particular
group. (add_group): When adding a group with the same name as an already
existing group, merge the two groups. (list_config): Show an error message
when listing a config item that doesn't exist. (main): Replace -z0 trick
for no compression.

* packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c
(list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor cleanup to
remove local_id, which is no longer used.

15 years ago* getkey.c: Set MAX_PK_CACHE_ENTRIES and MAX_UID_CACHE_ENTRIES to
David Shaw [Wed, 28 Jan 2004 01:04:30 +0000 (01:04 +0000)]
PK_UID_CACHE_SIZE (set in ./configure).

* getkey.c (get_pubkey): When reading key data into the cache, properly
handle keys that are partially (pk, no UIDs) cached already.  This is
Debian bug #176425 and #229549.

* compress.c (init_compress, push_compress_filter2): Do the right thing
(i.e. nothing) with compress algo 0.

* main.h, decrypt.c (decrypt_messages): Accept filenames to decrypt on
stdin.  This is bug #253.

15 years ago* NEWS: Note --enable-key-cache, the OpenBSD/i386 and HPPA fixes, and
David Shaw [Wed, 28 Jan 2004 01:00:53 +0000 (01:00 +0000)]
* NEWS: Note --enable-key-cache, the OpenBSD/i386 and HPPA fixes, and
Elgamal removal.

* README, Add --enable-key-cache=SIZE configure option.
This sets the key/uid cache size.  Default is 4096.

15 years ago* mainproc.c (list_node): Show sigs with --verbose.
David Shaw [Sat, 24 Jan 2004 00:47:45 +0000 (00:47 +0000)]
* mainproc.c (list_node): Show sigs with --verbose.

* options.h, g10.c (set_screen_dimensions): New function to look at

* keyserver.c (parse_keyrec, keyserver_search_prompt), keyedit.c
(print_and_check_one_sig): Use new screen dimension variables.

15 years ago* g10.c (list_config): New function to dump config options to stdout.
David Shaw [Thu, 22 Jan 2004 03:47:05 +0000 (03:47 +0000)]
* g10.c (list_config): New function to dump config options to stdout.
Currently requires --with-colons. (collapse_args): New function to turn
argc/argv into a single string. (main): Use it here to pass list_config()
more than one argument as a single string. (print_algo_numbers): Helper to
print algorithm number for --list-config "pubkey", "cipher",
"hash"/"digest", and "compress" config options.

15 years ago* packet.h, getkey.c (merge_selfsigs, merge_selfsigs_main), pkclist.c
David Shaw [Thu, 22 Jan 2004 01:08:58 +0000 (01:08 +0000)]
* packet.h, getkey.c (merge_selfsigs, merge_selfsigs_main), pkclist.c
(check_signatures_trust): Indicate who has revoked a key (the owner or a
designated revoker).  If a key was revoked by both, prefer the owner.

15 years ago* keyedit.c (print_and_check_one_sig, keyedit_menu): Use the COLUMNS
David Shaw [Wed, 21 Jan 2004 21:25:43 +0000 (21:25 +0000)]
* keyedit.c (print_and_check_one_sig, keyedit_menu): Use the COLUMNS
environment variable (if any) to hint how wide the terminal is.  Disabled
on _WIN32.  Suggested by Janusz A. Urbanowicz.

15 years ago* keylist.c (set_attrib_fd): Open attribute fd in binary mode. This isn't
David Shaw [Wed, 21 Jan 2004 04:35:32 +0000 (04:35 +0000)]
* keylist.c (set_attrib_fd): Open attribute fd in binary mode. This isn't
meaningful on POSIX systems, but the Mingw builds aren't exactly POSIX.

15 years agohppa1.1/udiv-qrnnd.S: Alignment fix from Lamont Jones for Debian.
David Shaw [Wed, 21 Jan 2004 04:26:35 +0000 (04:26 +0000)]
hppa1.1/udiv-qrnnd.S: Alignment fix from Lamont Jones for Debian.

15 years ago* trustdb.c (reset_trust_records): New, faster, implementation that
David Shaw [Wed, 21 Jan 2004 03:19:13 +0000 (03:19 +0000)]
* trustdb.c (reset_trust_records): New, faster, implementation that
doesn't involve a keyring scan. (clear_validity): Removed.

15 years ago* g10.c (main), keydb.h, keydb.c (keydb_rebuild_caches), keyring.h,
David Shaw [Tue, 20 Jan 2004 16:09:38 +0000 (16:09 +0000)]
* g10.c (main), keydb.h, keydb.c (keydb_rebuild_caches), keyring.h,
keyring.c (keyring_rebuild_cache): Add "noisy" flag so cache rebuilds can
remain noisy when called for itself, and quiet when called as part of the
trustdb rebuild.

* trustdb.c (validate_keys): Rebuild the sig caches before building the
trustdb.  Note that this is going to require some architectual
re-thinking, as it is agonizingly slow.

15 years ago* sig-check.c (check_key_signature2): Comments.
David Shaw [Mon, 19 Jan 2004 22:46:55 +0000 (22:46 +0000)]
* sig-check.c (check_key_signature2): Comments.

* keyring.c (keyring_rebuild_cache): Clear sig cache for any signatures
that we can no longer process (say, if the user removed support for a
necessary pubkey or digest algorithm).

15 years ago* misc.c (print_cipher_algo_note): May as well call Rijndael AES
David Shaw [Sat, 17 Jan 2004 03:14:14 +0000 (03:14 +0000)]
* misc.c (print_cipher_algo_note): May as well call Rijndael AES
at this point.

* keygen.c (do_create), misc.c (openpgp_pk_algo_usage): Remove the
last bits of Elgamal type 20 support.

15 years ago* cipher.h: Remove the old CIPHER_ALGO_RINJDAEL values. is_ELGAMAL() now
David Shaw [Sat, 17 Jan 2004 03:10:09 +0000 (03:10 +0000)]
* cipher.h: Remove the old CIPHER_ALGO_RINJDAEL values. is_ELGAMAL() now
only matches type 16 and not type 20.

15 years ago* cipher.c (setup_cipher_table): May as well call Rijndael AES at this
David Shaw [Sat, 17 Jan 2004 03:06:50 +0000 (03:06 +0000)]
* cipher.c (setup_cipher_table): May as well call Rijndael AES at this

15 years ago* pubkey.c (setup_pubkey_table), elgamal.c (sign, verify, test_keys,
David Shaw [Sat, 17 Jan 2004 01:49:16 +0000 (01:49 +0000)]
* pubkey.c (setup_pubkey_table), elgamal.c (sign, verify, test_keys,
elg_sign, elg_verify, elg_get_info): Remove the last bits of Elgamal type
20 support.

15 years ago* argparse.c (default_strusage): Update copyright date. (initialize):
David Shaw [Fri, 16 Jan 2004 05:16:42 +0000 (05:16 +0000)]
* argparse.c (default_strusage): Update copyright date. (initialize):
Avoid a number of -Wformat-nonliteral warnings. These aren't actual
problems, but the warnings bothered me.

* miscutil.c (print_string2): New variation on print_string that allows
two delimiters. (print_string): Call print_string2 to do work.

15 years ago* util.h: Add prototype for print_string2().
David Shaw [Fri, 16 Jan 2004 05:14:50 +0000 (05:14 +0000)]
* util.h: Add prototype for print_string2().

15 years ago(send_key): Add a content type.
Werner Koch [Tue, 13 Jan 2004 11:07:25 +0000 (11:07 +0000)]
(send_key): Add a content type.

15 years ago* Use -Wformat-nonliteral in maintainer-mode.
Werner Koch [Tue, 13 Jan 2004 10:57:46 +0000 (10:57 +0000)]
* Use -Wformat-nonliteral in maintainer-mode.

15 years ago* gpgkeys_hkp.c (search_key): Catch a mangled input file (useful if
David Shaw [Mon, 12 Jan 2004 04:09:37 +0000 (04:09 +0000)]
* gpgkeys_hkp.c (search_key): Catch a mangled input file (useful if
something other than GnuPG is calling the program). (main): Avoid possible
pre-string write.  Noted by Christian Biere.

* gpgkeys_ldap.c (main): Avoid possible pre-string write.

15 years ago* Include stdio.h when checking for bzlib.h. Solaris 9 has a
David Shaw [Mon, 12 Jan 2004 03:59:29 +0000 (03:59 +0000)]
* Include stdio.h when checking for bzlib.h. Solaris 9 has a
very old bzip2 library and we can at least guarantee that it won't fail
because of the lack of stdio.h.

* THANKS: Added Phong Nguyen, who found the Elgamal signing key problem.

15 years ago* convert-from-106, lspgpot: Check for gpg binary before proceeding.
David Shaw [Mon, 12 Jan 2004 02:48:42 +0000 (02:48 +0000)]
* convert-from-106, lspgpot: Check for gpg binary before proceeding.
Don't hardcode the path to gpg.

* gpgsplit.c (handle_bzip2): Remove two cut and paste typecast errors.
Noted by Stefan Bellon.

15 years ago* config.links: OpenBSD 3.4 is now ELF, so use the proper assembler code
David Shaw [Mon, 12 Jan 2004 00:51:39 +0000 (00:51 +0000)]
* config.links: OpenBSD 3.4 is now ELF, so use the proper assembler code
for that.  Use the portable C MPI code for OpenBSD before 3.4, and remove
the special i386-openbsd assembly directory.

* Add the portable C links to DISTCLEANFILES.  Noted by
Nelson H. F. Beebe.

* mpi-mpow.c (build_index): s/index/idx/ to avoid gcc warning. From Werner
on stable branch.

* longlong.h: Added PowerPC 64 bit code from GPM-4.1.2 but didn't enable
it yet.  From Werner on stable branch.

15 years agoUse the portable C MPI code for OpenBSD before 3.4, and remove the special
David Shaw [Mon, 12 Jan 2004 00:48:28 +0000 (00:48 +0000)]
Use the portable C MPI code for OpenBSD before 3.4, and remove the special
i386-openbsd assembly directory.

15 years ago* gpg.sgml: Fix a few minor typos. Clarify what --textmode is useful for.
David Shaw [Thu, 8 Jan 2004 05:49:39 +0000 (05:49 +0000)]
* gpg.sgml: Fix a few minor typos.  Clarify what --textmode is useful for.

* gpg.sgml: List proper documentation URL.  Note that addrevoker takes an
optional "sensitive" argument.  Remind that $GNUPGHOME can be used instead
of --homedir.  Clarify --no-default-keyring, and note why it may not take
effect if there are no other keyrings present.  Remove --pgp2 from the
list of --pgpXes that are just for bad preference lists.  Explain more why
locking memory pages is good.

* gpg.sgml: Add an example of what an exclamation mark is, as people seem
to miss it often.

15 years agoOnly use ZLib module on RISC OS when configured
Stefan Bellon [Sat, 3 Jan 2004 17:13:59 +0000 (17:13 +0000)]
Only use ZLib module on RISC OS when configured

15 years ago* clearsig.test, conventional-mdc.test, conventional.test,,
David Shaw [Wed, 31 Dec 2003 19:00:35 +0000 (19:00 +0000)]
* clearsig.test, conventional-mdc.test, conventional.test,,
encrypt-dsa.test, encrypt.test, genkey1024.test, plain-1.asc,
plain-1-pgp.asc, plain-2.asc, plain-3.asc, pubring.asc, secring.asc,
sigs.test: Rework tests to work properly with a gpg binary that doesn't
have all ciphers and all pk algos. Basically, we test for the ciphers we
have, only test signing with non-160-bit hashes with RSA (we test all
hashes as hashes).  Test all key lengths of AES.

15 years ago* options.h, g10.c (main), import.c (parse_import_options, import_one,
David Shaw [Wed, 31 Dec 2003 04:58:52 +0000 (04:58 +0000)]
* options.h, g10.c (main), import.c (parse_import_options, import_one,
import_secret_one), keyserver.c (keyserver_refresh): Change --merge-only
to --import-option merge-only.  Deprecate --merge-only.

15 years ago* g10m.c: Dead code. Remove.
David Shaw [Tue, 30 Dec 2003 04:29:07 +0000 (04:29 +0000)]
* g10m.c: Dead code.  Remove.

* Don't compile g10m.c.

15 years ago* idea-stub.c (load_module, idea_get_info): Return the proper type for
David Shaw [Tue, 30 Dec 2003 01:37:52 +0000 (01:37 +0000)]
* idea-stub.c (load_module, idea_get_info): Return the proper type for
idea_get_info from inside load_module.  From Stefan Bellon.

15 years ago* rijndael.c, rndunix.c, twofish.c: Remove dead IS_MODULE code.
David Shaw [Tue, 30 Dec 2003 00:57:05 +0000 (00:57 +0000)]
* rijndael.c, rndunix.c, twofish.c: Remove dead IS_MODULE code.

* g10c.c: Dead code.  Remove.

* Don't compile g10c.c.

15 years ago* g10u.c: Dead code. Remove.
David Shaw [Tue, 30 Dec 2003 00:50:32 +0000 (00:50 +0000)]
* g10u.c: Dead code.  Remove.

* Don't compile g10u.c.

* iobuf.c (block_filter): Properly handle a partial body stream that ends
with a 5-byte length.

15 years ago* misc.c (pull_in_libs): Dead code. Removed.
David Shaw [Tue, 30 Dec 2003 00:46:42 +0000 (00:46 +0000)]
* misc.c (pull_in_libs): Dead code.  Removed.

* sig-check.c (check_revocation_keys): Comments.

* getkey.c (merge_selfsigs_main): Don't bother to check designated revoker
sigs if the key is already revoked.

* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on
PKs.  It is set when there is a revocation signature from a valid
revocation key, but the revocation key is not present to verify the

* pkclist.c (check_signatures_trust): Use it here to give a warning when
showing key trust.

* compress-bz2.c: Include stdio.h.  Solaris 9 has a very old bzip2 library
and we can at least guarantee that it won't fail because of the lack of

* tdbio.c: Fixed format string bugs related to the use of DB_NAME.
Reported by Florian Weimer.

15 years ago* gpgkeys_hkp.c (send_key, get_key, main): Work with new HTTP code that
David Shaw [Sun, 28 Dec 2003 16:21:46 +0000 (16:21 +0000)]
* gpgkeys_hkp.c (send_key, get_key, main): Work with new HTTP code that
passes the proxy in from the outside.  If the command file sends a proxy,
use it.  If it sends "http-proxy" with no arguments, use $http_proxy from
the environment.

15 years ago* options.h, g10.c (main), keyserver.c (keyserver_opts,
David Shaw [Sun, 28 Dec 2003 16:08:04 +0000 (16:08 +0000)]
* options.h, g10.c (main), keyserver.c (keyserver_opts,
parse_keyserver_uri): honor-http-proxy is no longer an option since we can
do the same thing with http-proxy with no arguments. Also remove
broken-http-proxy since it can be better handled in the HTTP helper.

15 years ago* http.h: Pass the http proxy from outside rather than pulling it from the
David Shaw [Sun, 28 Dec 2003 15:57:06 +0000 (15:57 +0000)]
* http.h: Pass the http proxy from outside rather than pulling it from the

15 years ago* http.c (send_request, http_open_document, http_open): Pass the http
David Shaw [Sun, 28 Dec 2003 15:55:53 +0000 (15:55 +0000)]
* http.c (send_request, http_open_document, http_open): Pass the http
proxy from outside rather than pulling it from the evironment.

15 years ago* keyserver.c (argsep): New variation on strsep that knows about optional
David Shaw [Sun, 28 Dec 2003 15:46:49 +0000 (15:46 +0000)]
* keyserver.c (argsep): New variation on strsep that knows about optional
arguments. (parse_keyserver_options): Use it here for optional arguments.

15 years agocleaned up RISC OS code and removed lots of unnecessary stuff
Stefan Bellon [Sun, 28 Dec 2003 14:12:16 +0000 (14:12 +0000)]
cleaned up RISC OS code and removed lots of unnecessary stuff

15 years ago* keyserver.c (strip_leading_space, get_arg): New.
David Shaw [Sun, 28 Dec 2003 04:38:00 +0000 (04:38 +0000)]
* keyserver.c (strip_leading_space, get_arg): New.
(parse_keyserver_options): Use them here to allow arguments to
keyserver-options.  Since none of our options need arguments yet, just
pass them through whole to the keyserver helper.

15 years ago* main.h, misc.c (parse_options): Add a "noisy" flag to enable and disable
David Shaw [Sun, 28 Dec 2003 03:46:43 +0000 (03:46 +0000)]
* main.h, misc.c (parse_options): Add a "noisy" flag to enable and disable
the messages about which option didn't match or matched ambiguously.
Change all callers (g10.c, keyserver.c).

* main.h, import.c (import_options), export.c (export_options): Pass the
noisy flag through.

15 years ago* build-packet.c (write_fake_data, do_secret_key), seckey-cert.c
David Shaw [Wed, 17 Dec 2003 23:04:53 +0000 (23:04 +0000)]
* build-packet.c (write_fake_data, do_secret_key), seckey-cert.c
(do_check): Use an unsigned length for mpi_get_opaque.

* options.h: It's impolite to assign -1 to an unsigned

15 years ago* mpiutil.c (mpi_set_opaque, mpi_get_opaque): Make the length of an opaque
David Shaw [Wed, 17 Dec 2003 22:30:57 +0000 (22:30 +0000)]
* mpiutil.c (mpi_set_opaque, mpi_get_opaque): Make the length of an opaque
MPI unsigned.

15 years ago* mpi.h (gcry_mpi, mpi_get_opaque, mpi_set_opaque): Make nbits and the
David Shaw [Wed, 17 Dec 2003 22:28:49 +0000 (22:28 +0000)]
* mpi.h (gcry_mpi, mpi_get_opaque, mpi_set_opaque): Make nbits and the
length of an opaque MPI unsigned.

15 years ago* sig-check.c (cmp_help, do_check), sign.c (do_sign): Remove old unused
David Shaw [Wed, 17 Dec 2003 19:21:41 +0000 (19:21 +0000)]
* sig-check.c (cmp_help, do_check), sign.c (do_sign): Remove old unused

* keyid.c (keyid_from_sk): Make sure lowbits is initialized.

15 years ago* dsa.h, dsa.c (dsa_verify), elgamal.h, elgamal.c (elg_verify), rsa.h,
David Shaw [Wed, 17 Dec 2003 19:05:23 +0000 (19:05 +0000)]
* dsa.h, dsa.c (dsa_verify), elgamal.h, elgamal.c (elg_verify), rsa.h,
rsa.c (rsa_verify), pubkey.c (dummy_verify, pubkey_verify): Remove old
unused code.

15 years ago* cipher.h (pubkey_verify): Remove old unused code.
David Shaw [Wed, 17 Dec 2003 19:01:22 +0000 (19:01 +0000)]
* cipher.h (pubkey_verify): Remove old unused code.

15 years ago* sig-check.c (do_check): Move the signing algo and hash checks from
David Shaw [Sat, 13 Dec 2003 03:53:27 +0000 (03:53 +0000)]
* sig-check.c (do_check): Move the signing algo and hash checks from
here... (signature_check2): ... to here. (check_key_signature2): ... and
here.  This is a minor optimization to avoid fetching a key (which can be
expensive, especially if it is not self-signed, and there are many key
signatures on it which need to be checked for ultimate trust) if the
signature would have failed anyway because of algorithm or hash problems.

15 years ago* packet.h, build-packet.c (hash_public_key): Remove function ...
David Shaw [Thu, 11 Dec 2003 01:07:42 +0000 (01:07 +0000)]
* packet.h, build-packet.c (hash_public_key): Remove function ...

* keydb.h, keyid.c (hash_public_key, do_fingerprint_md): ... and make a
new one here that shares code with the fingerprint calculations.  This
removes some duplicated functionality, and is also around 14% faster.
(Every bit helps).

* import.c (import_one): No longer need the Elgamal import warning.

* getkey.c (get_pubkey_fast): This one is sort of obscure. get_pubkey_fast
returns the primary key when requesting a subkey, so if a user has a key
signed by a subkey (we don't do this, but used to), AND that key is not
self-signed, AND the algorithm of the subkey in question is not present in
GnuPG, AND the algorithm of the primary key that owns the subkey in
question is present in GnuPG, then we will try and verify the subkey
signature using the primary key algorithm and hit a BUG().  The fix is to
not return a hit if the keyid is not the primary.  All other users of
get_pubkey_fast already expect a primary only.

15 years ago* keyid.c (do_fingerprint_md): Remove the rules to hash the old v3 Elgamal
David Shaw [Wed, 10 Dec 2003 01:59:45 +0000 (01:59 +0000)]
* keyid.c (do_fingerprint_md): Remove the rules to hash the old v3 Elgamal
keys.  They are no longer needed.

15 years ago* keyid.c (keyid_from_sk, keyid_from_pk, fingerprint_from_pk,
David Shaw [Wed, 10 Dec 2003 01:52:33 +0000 (01:52 +0000)]
* keyid.c (keyid_from_sk, keyid_from_pk, fingerprint_from_pk,
fingerprint_from_sk): Enforce the v3-is-only-RSA rule.  Anything that
isn't RSA gets a zero keyid and fingerprint.

15 years ago* keyid.c (do_fingerprint_md): Properly handle hashing of keys that we
David Shaw [Wed, 10 Dec 2003 01:27:55 +0000 (01:27 +0000)]
* keyid.c (do_fingerprint_md): Properly handle hashing of keys that we
don't know the structure of by using the opaque MPI.
(do_fingerprint_md_sk): We cannot calculate the fingerprint from a secret
key unless we know the structure (since we can't leave off the secret key
parts), so fail early..... (keyid_from_sk, fingerprint_from_sk): .... and
return all zeroes.

15 years agoRemoved accidential added file
Werner Koch [Tue, 9 Dec 2003 09:19:36 +0000 (09:19 +0000)]
Removed accidential added file

15 years ago* Add a min_automake_version.
Werner Koch [Tue, 9 Dec 2003 09:12:43 +0000 (09:12 +0000)]
* Add a min_automake_version.
* Revamped except for the --build-w32 hack.

15 years ago* gpg.sgml: Fix a few missing semicolons in & entities. Noted by
David Shaw [Tue, 9 Dec 2003 05:09:37 +0000 (05:09 +0000)]
* gpg.sgml: Fix a few missing semicolons in & entities.  Noted by
Christian Biere.  Some minor grammar fixes.  Remove the "host -l |
grep wwwkeys" advice since the nameserver no longer all allow zone
transfers.  Replace it with a mention of hkp://  Note that
BZIP2 defaults to compression level 6.

15 years ago* gpgsplit.c (write_part): Split off decompression code. (handle_zlib):
David Shaw [Sat, 6 Dec 2003 20:02:59 +0000 (20:02 +0000)]
* gpgsplit.c (write_part): Split off decompression code. (handle_zlib):
Move it here. (handle_bzip2): Add this to handle BZIP2 compressed

15 years ago* http.c (send_request): Add a Host: header for virtual hosts.
David Shaw [Sat, 6 Dec 2003 18:35:32 +0000 (18:35 +0000)]
* http.c (send_request): Add a Host: header for virtual hosts.

15 years ago* Reenable tests now that the Elgamal signature keys are
David Shaw [Fri, 5 Dec 2003 13:32:48 +0000 (13:32 +0000)]
* Reenable tests now that the Elgamal signature keys are

*, pubring.asc, secring.asc, plain-1.asc, plain-2.asc,
plain-3.asc: Remove the old v3 Elgamal keys and replace with RSA+Elgamal
and RSA s+e.

15 years ago* miscutil.c (answer_is_yes_no_default, answer_is_yes_no_quit): Don't use
David Shaw [Fri, 5 Dec 2003 04:20:47 +0000 (04:20 +0000)]
* miscutil.c (answer_is_yes_no_default, answer_is_yes_no_quit): Don't use
alternate strings when not needed so we don't have to re-translate them.
Hopefully the comment will be enough to indicate multiple match strings.

15 years ago* config.links: Show target in asm-syntax.h file and include targets for
David Shaw [Fri, 5 Dec 2003 04:15:31 +0000 (04:15 +0000)]
* config.links: Show target in asm-syntax.h file and include targets for
K*BSD (GNU userland with BSD kernel).