[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.22-3-g1a0eeaa

by Werner Koch cvs at cvs.gnupg.org
Fri Oct 11 09:29:36 CEST 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e (commit)
       via  6286d01ba33b963be30fbb4fba6f35f1b05acd17 (commit)
      from  3544beff86b324a855eb5a927673f12d74651889 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 11 09:25:58 2013 +0200

    gpg: Do not require a trustdb with --always-trust.
    
    * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
    * g10/trustdb.c (trustdb_args): Add field no_trustdb.
    (init_trustdb): Set that field.
    (revalidation_mark):  Take care of a nonexistent trustdb file.
    (read_trust_options): Ditto.
    (get_ownertrust): Ditto.
    (get_min_ownertrust): Ditto.
    (update_ownertrust): Ditto.
    (update_min_ownertrust): Ditto.
    (clear_ownertrusts): Ditto.
    (cache_disabled_value): Ditto.
    (check_trustdb_stale): Ditto.
    (get_validity): Ditto.
    * g10/gpg.c (main): Do not create a trustdb with most commands for
    trust-model always.
    --
    
    This slightly changes the semantics of most commands in that they
    won't create a trustdb if --trust-model=always is used.  It just does
    not make sense to create a trustdb if there is no need for it.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/NEWS b/NEWS
index cb53749..1c1d832 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 Noteworthy changes in version 2.0.23 (unreleased)
 -------------------------------------------------
 
+ * Do not create a trustdb file if --trust-model=always is used.
+
 
 Noteworthy changes in version 2.0.22 (2013-10-04)
 -------------------------------------------------
diff --git a/g10/gpg.c b/g10/gpg.c
index 339bf26..3415042 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3408,15 +3408,11 @@ main (int argc, char **argv)
       case aListTrustDB:
         rc = setup_trustdb (argc? 1:0, trustdb_name);
         break;
-      case aEncr:
-      case aEncrFiles:
+      default:
         /* If we are using TM_ALWAYS, we do not need to create the
            trustdb.  */
         rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
         break;
-      default:
-        rc = setup_trustdb (1, trustdb_name );
-        break;
       }
     if (rc)
       log_error (_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 3e6091c..c5f662c 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -473,7 +473,7 @@ create_version_record (void)
 
 
 int
-tdbio_set_dbname( const char *new_dbname, int create )
+tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile)
 {
     char *fname;
     static int initialized = 0;
@@ -483,6 +483,8 @@ tdbio_set_dbname( const char *new_dbname, int create )
 	initialized = 1;
     }
 
+    *r_nofile = 0;
+
     if(new_dbname==NULL)
       fname=make_filename(opt.homedir,"trustdb" EXTSEP_S "gpg", NULL);
     else if (*new_dbname != DIRSEP_C )
@@ -501,7 +503,9 @@ tdbio_set_dbname( const char *new_dbname, int create )
 	    xfree(fname);
 	    return G10ERR_TRUSTDB;
 	}
-	if( create ) {
+	if (!create)
+          *r_nofile = 1;
+        else {
 	    FILE *fp;
 	    TRUSTREC rec;
 	    int rc;
diff --git a/g10/tdbio.h b/g10/tdbio.h
index b99b491..4f37de4 100644
--- a/g10/tdbio.h
+++ b/g10/tdbio.h
@@ -57,7 +57,7 @@ struct trust_record {
 	    byte  min_cert_level;
 	    ulong created;   /* timestamp of trustdb creation  */
 	    ulong nextcheck; /* timestamp of next scheduled check */
-	    ulong reserved;  
+	    ulong reserved;
 	    ulong reserved2;
 	    ulong firstfree;
 	    ulong reserved3;
@@ -82,7 +82,7 @@ struct trust_record {
       } trust;
       struct {
         byte namehash[20];
-        ulong next;  
+        ulong next;
         byte validity;
 	byte full_count;
 	byte marginal_count;
@@ -93,7 +93,7 @@ typedef struct trust_record TRUSTREC;
 
 /*-- tdbio.c --*/
 int tdbio_update_version_record(void);
-int tdbio_set_dbname( const char *new_dbname, int create );
+int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile);
 const char *tdbio_get_dbname(void);
 void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
 int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
diff --git a/g10/trustdb.c b/g10/trustdb.c
index dedb18c..f96701a 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -44,7 +44,7 @@
 
 /*
  * A structure to store key identification as well as some stuff needed
- * for validation 
+ * for validation
  */
 struct key_item {
   struct key_item *next;
@@ -60,7 +60,7 @@ typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
 
 /*
  * Structure to keep track of keys, this is used as an array wherre
- * the item right after the last one has a keyblock set to NULL. 
+ * the item right after the last one has a keyblock set to NULL.
  * Maybe we can drop this thing and replace it by key_item
  */
 struct key_array {
@@ -73,6 +73,7 @@ static struct {
     int init;
     int level;
     char *dbname;
+    int no_trustdb;   /* Set if a trustdb file is not available.  */
 } trustdb_args;
 
 /* some globals */
@@ -92,7 +93,7 @@ static struct key_item *
 new_key_item (void)
 {
   struct key_item *k;
-  
+
   k = xmalloc_clear (sizeof *k);
   return k;
 }
@@ -114,11 +115,11 @@ release_key_items (struct key_item *k)
  * For fast keylook up we need a hash table.  Each byte of a KeyIDs
  * should be distributed equally over the 256 possible values (except
  * for v3 keyIDs but we consider them as not important here). So we
- * can just use 10 bits to index a table of 1024 key items. 
+ * can just use 10 bits to index a table of 1024 key items.
  * Possible optimization: Don not use key_items but other hash_table when the
- * duplicates lists gets too large. 
+ * duplicates lists gets too large.
  */
-static KeyHashTable 
+static KeyHashTable
 new_key_hash_table (void)
 {
   struct key_item **tbl;
@@ -139,7 +140,7 @@ release_key_hash_table (KeyHashTable tbl)
   xfree (tbl);
 }
 
-/* 
+/*
  * Returns: True if the keyID is in the given hash table
  */
 static int
@@ -164,7 +165,7 @@ add_key_hash_table (KeyHashTable tbl, u32 *kid)
   for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
     if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
       return; /* already in table */
-  
+
   kk = new_key_item ();
   kk->kid[0] = kid[0];
   kk->kid[1] = kid[1];
@@ -234,7 +235,7 @@ add_utk (u32 *kid)
 {
   struct key_item *k;
 
-  for (k = utk_list; k; k = k->next) 
+  for (k = utk_list; k; k = k->next)
     {
       if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
         {
@@ -269,15 +270,15 @@ verify_own_keys(void)
     return;
 
   /* scan the trustdb to find all ultimately trusted keys */
-  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ ) 
+  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
     {
-      if ( rec.rectype == RECTYPE_TRUST 
+      if ( rec.rectype == RECTYPE_TRUST
            && (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
         {
             byte *fpr = rec.r.trust.fingerprint;
             int fprlen;
             u32 kid[2];
-            
+
             /* Problem: We do only use fingerprints in the trustdb but
              * we need the keyID here to indetify the key; we can only
              * use that ugly hack to distinguish between 16 and 20
@@ -293,9 +294,9 @@ verify_own_keys(void)
     }
 
   /* Put any --trusted-key keys into the trustdb */
-  for (k = user_utk_list; k; k = k->next) 
+  for (k = user_utk_list; k; k = k->next)
     {
-      if ( add_utk (k->kid) ) 
+      if ( add_utk (k->kid) )
         { /* not yet in trustDB as ultimately trusted */
           PKT_public_key pk;
 
@@ -441,7 +442,7 @@ init_trustdb()
 
   if(level==0 || level==1)
     {
-      int rc = tdbio_set_dbname( dbname, !!level );
+      int rc = tdbio_set_dbname (dbname, !!level, &trustdb_args.no_trustdb);
       if( rc )
 	log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
     }
@@ -492,7 +493,7 @@ init_trustdb()
 static int
 trust_letter (unsigned int value)
 {
-  switch( (value & TRUST_MASK) ) 
+  switch( (value & TRUST_MASK) )
     {
     case TRUST_UNKNOWN:   return '-';
     case TRUST_EXPIRED:   return 'e';
@@ -541,7 +542,7 @@ uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
 const char *
 trust_value_to_string (unsigned int value)
 {
-  switch( (value & TRUST_MASK) ) 
+  switch( (value & TRUST_MASK) )
     {
     case TRUST_UNKNOWN:   return _("unknown");
     case TRUST_EXPIRED:   return _("expired");
@@ -610,7 +611,7 @@ check_trustdb ()
 
 
 /*
- * Recreate the WoT. 
+ * Recreate the WoT.
  */
 void
 update_trustdb()
@@ -627,6 +628,9 @@ void
 revalidation_mark (void)
 {
   init_trustdb();
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return;
+
   /* we simply set the time for the next check to 1 (far back in 1970)
    * so that a --update-trustdb will be scheduled */
   if (tdbio_write_nextcheck (1))
@@ -662,8 +666,10 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
   TRUSTREC opts;
 
   init_trustdb();
-
-  read_record(0,&opts,RECTYPE_VER);
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    memset (&opts, 0, sizeof opts);
+  else
+    read_record(0,&opts,RECTYPE_VER);
 
   if(trust_model)
     *trust_model=opts.r.ver.trust_model;
@@ -685,29 +691,29 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
  ***********  Ownertrust et al. ****************
  ***********************************************/
 
-static int 
+static int
 read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
 {
   int rc;
-  
+
   init_trustdb();
   rc = tdbio_search_trust_bypk (pk, rec);
   if (rc == -1)
     return -1; /* no record yet */
-  if (rc) 
+  if (rc)
     {
       log_error ("trustdb: searching trust record failed: %s\n",
                  g10_errstr (rc));
-      return rc; 
+      return rc;
     }
-      
+
   if (rec->rectype != RECTYPE_TRUST)
     {
       log_error ("trustdb: record %lu is not a trust record\n",
                  rec->recnum);
-      return G10ERR_TRUSTDB; 
-    }      
-  
+      return G10ERR_TRUSTDB;
+    }
+
   return 0;
 }
 
@@ -715,16 +721,19 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
  * Return the assigned ownertrust value for the given public key.
  * The key should be the primary key.
  */
-unsigned int 
+unsigned int
 get_ownertrust ( PKT_public_key *pk)
 {
   TRUSTREC rec;
   int rc;
-  
+
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return TRUST_UNKNOWN;
+
   rc = read_trust_record (pk, &rec);
   if (rc == -1)
     return TRUST_UNKNOWN; /* no record yet */
-  if (rc) 
+  if (rc)
     {
       tdbio_invalid ();
       return rc; /* actually never reached */
@@ -733,16 +742,19 @@ get_ownertrust ( PKT_public_key *pk)
   return rec.r.trust.ownertrust;
 }
 
-unsigned int 
+unsigned int
 get_min_ownertrust (PKT_public_key *pk)
 {
   TRUSTREC rec;
   int rc;
-  
+
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return TRUST_UNKNOWN;
+
   rc = read_trust_record (pk, &rec);
   if (rc == -1)
     return TRUST_UNKNOWN; /* no record yet */
-  if (rc) 
+  if (rc)
     {
       tdbio_invalid ();
       return rc; /* actually never reached */
@@ -805,7 +817,10 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
 {
   TRUSTREC rec;
   int rc;
-  
+
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return;
+
   rc = read_trust_record (pk, &rec);
   if (!rc)
     {
@@ -837,7 +852,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
       do_sync ();
       rc = 0;
     }
-  else 
+  else
     {
       tdbio_invalid ();
     }
@@ -850,6 +865,9 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
   TRUSTREC rec;
   int rc;
 
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return;
+
   pk = xmalloc_clear (sizeof *pk);
   rc = get_pubkey (pk, kid);
   if (rc)
@@ -891,7 +909,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
       do_sync ();
       rc = 0;
     }
-  else 
+  else
     {
       tdbio_invalid ();
     }
@@ -904,7 +922,10 @@ clear_ownertrusts (PKT_public_key *pk)
 {
   TRUSTREC rec;
   int rc;
-  
+
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return 0;
+
   rc = read_trust_record (pk, &rec);
   if (!rc)
     {
@@ -932,8 +953,8 @@ clear_ownertrusts (PKT_public_key *pk)
   return 0;
 }
 
-/* 
- * Note: Caller has to do a sync 
+/*
+ * Note: Caller has to do a sync
  */
 static void
 update_validity (PKT_public_key *pk, PKT_user_id *uid,
@@ -952,7 +973,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
       return;
     }
   if (rc == -1) /* no record yet - create a new one */
-    { 
+    {
       size_t dummy;
 
       rc = 0;
@@ -1007,6 +1028,8 @@ cache_disabled_value(PKT_public_key *pk)
     return (pk->is_disabled==2);
 
   init_trustdb();
+  if (trustdb_args.no_trustdb)
+    return 0;  /* No trustdb => not disabled.  */
 
   rc = read_trust_record (pk, &trec);
   if (rc && rc != -1)
@@ -1016,10 +1039,10 @@ cache_disabled_value(PKT_public_key *pk)
     }
   if (rc == -1) /* no record found, so assume not disabled */
     goto leave;
- 
+
   if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
     disabled=1;
- 
+
   /* Cache it for later so we don't need to look at the trustdb every
      time */
   if(disabled)
@@ -1037,6 +1060,9 @@ check_trustdb_stale(void)
   static int did_nextcheck=0;
 
   init_trustdb ();
+  if (trustdb_args.no_trustdb)
+    return;  /* No trustdb => can't be stale.  */
+
   if (!did_nextcheck
       && (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
     {
@@ -1047,7 +1073,7 @@ check_trustdb_stale(void)
       if ((scheduled && scheduled <= make_timestamp ())
 	  || pending_check_trustdb)
         {
-          if (opt.no_auto_check_trustdb) 
+          if (opt.no_auto_check_trustdb)
             {
               pending_check_trustdb = 1;
               log_info (_("please do a --check-trustdb\n"));
@@ -1064,7 +1090,7 @@ check_trustdb_stale(void)
 /*
  * Return the validity information for PK.  If the namehash is not
  * NULL, the validity of the corresponsing user ID is returned,
- * otherwise, a reasonable value for the entire key is returned. 
+ * otherwise, a reasonable value for the entire key is returned.
  */
 unsigned int
 get_validity (PKT_public_key *pk, PKT_user_id *uid)
@@ -1080,6 +1106,14 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
     namehash_from_uid(uid);
 
   init_trustdb ();
+
+  /* If we have no trustdb (which also means it has not been created)
+     and the trust-model is always, we don't know the validity -
+     return immediately.  If we won't do that the tdbio code would try
+     to open the trustdb and run into a fatal error.  */
+  if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
+    return TRUST_UNKNOWN;
+
   check_trustdb_stale();
 
   keyid_from_pk (pk, kid);
@@ -1093,7 +1127,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
           log_error ("error getting main key %s of subkey %s: %s\n",
                      tempkeystr, keystr(kid), g10_errstr(rc));
 	  xfree(tempkeystr);
-          validity = TRUST_UNKNOWN; 
+          validity = TRUST_UNKNOWN;
           goto leave;
 	}
     }
@@ -1116,7 +1150,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
     }
   if (rc == -1) /* no record found */
     {
-      validity = TRUST_UNKNOWN; 
+      validity = TRUST_UNKNOWN;
       goto leave;
     }
 
@@ -1149,7 +1183,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
 
       recno = vrec.r.valid.next;
     }
-  
+
   if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
     {
       validity |= TRUST_FLAG_DISABLED;
@@ -1168,7 +1202,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
    * I initially designed it that way */
   if (main_pk->has_expired || pk->has_expired)
     validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
-  
+
   if (pending_check_trustdb)
     validity |= TRUST_FLAG_PENDING_CHECK;
 
@@ -1181,10 +1215,10 @@ int
 get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
 {
   int trustlevel;
-  
+
   if (!pk)
     return '?';  /* Just in case a NULL PK is passed.  */
-  
+
   trustlevel = get_validity (pk, uid);
   if ( (trustlevel & TRUST_FLAG_REVOKED) )
     return 'r';
@@ -1311,7 +1345,7 @@ ask_ownertrust (u32 *kid,int minimum)
                  keystr(kid), g10_errstr(rc) );
       return TRUST_UNKNOWN;
     }
- 
+
   if(opt.force_ownertrust)
     {
       log_info("force trust for key %s to %s\n",
@@ -1384,7 +1418,7 @@ dump_key_array (int depth, struct key_array *keys)
             }
         }
     }
-}  
+}
 
 
 static void
@@ -1407,7 +1441,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
             status = TRUST_UNDEFINED;
           else
             status = 0;
-          
+
           if (status)
             {
               update_validity (keyblock->pkt->pkt.public_key,
@@ -1422,7 +1456,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
 
   if (any)
     do_sync ();
-}  
+}
 
 /*
  * check whether the signature sig is in the klist k
@@ -1454,7 +1488,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 {
   KBNODE node;
   PKT_signature *sig;
-  
+
   /* first check all signatures */
   for (node=uidnode->next; node; node = node->next)
     {
@@ -1487,7 +1521,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 	  continue;
 	}
       node->flag |= 1<<9;
-    }      
+    }
   /* reset the remaining flags */
   for (; node; node = node->next)
       node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
@@ -1535,7 +1569,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
              older: if signode was older then we don't want to take n
              as signode is nonrevocable.  If n was older then we're
              automatically fine. */
-	  
+
 	  if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
 	       !signode->pkt->pkt.signature->flags.revocable &&
 	       (signode->pkt->pkt.signature->expiredate==0 ||
@@ -1551,7 +1585,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
              n was older then we don't want to take signode as n is
              nonrevocable.  If signode was older then we're
              automatically fine. */
-	  
+
 	  if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
 		!signode->pkt->pkt.signature->flags.revocable &&
 		(signode->pkt->pkt.signature->expiredate==0 ||
@@ -1582,7 +1616,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 
       sig = signode->pkt->pkt.signature;
       if (IS_UID_SIG (sig))
-        { /* this seems to be a usable one which is not revoked. 
+        { /* this seems to be a usable one which is not revoked.
            * Just need to check whether there is an expiration time,
            * We do the expired certification after finding a suitable
            * certification, the assumption is that a signator does not
@@ -1591,7 +1625,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
            * different expiration time */
           const byte *p;
           u32 expire;
-                    
+
           p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
           expire = p? sig->timestamp + buffer_to_u32(p) : 0;
 
@@ -1678,7 +1712,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
       delete_kbnode(node);
       deleted++;
     }
-    
+
   return deleted;
 }
 
@@ -1937,7 +1971,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
             {
               if (uid->help_full_count >= opt.completes_needed
                   || uid->help_marginal_count >= opt.marginals_needed )
-                uidnode->flag |= 4; 
+                uidnode->flag |= 4;
               else if (uid->help_full_count || uid->help_marginal_count)
                 uidnode->flag |= 2;
               uidnode->flag |= 1;
@@ -1952,7 +1986,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
 
           issigned = 0;
 	  get_validity_counts(pk,uid);
-          mark_usable_uid_certs (kb, uidnode, main_kid, klist, 
+          mark_usable_uid_certs (kb, uidnode, main_kid, klist,
                                  curtime, next_expire);
         }
       else if (node->pkt->pkttype == PKT_SIGNATURE
@@ -1960,15 +1994,15 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
         {
 	  /* Note that we are only seeing unrevoked sigs here */
           PKT_signature *sig = node->pkt->pkt.signature;
-          
+
           kr = is_in_klist (klist, sig);
 	  /* If the trust_regexp does not match, it's as if the sig
              did not exist.  This is safe for non-trust sigs as well
              since we don't accept a regexp on the sig unless it's a
              trust sig. */
-          if (kr && (!kr->trust_regexp 
-                     || opt.trust_model != TM_PGP 
-                     || (uidnode 
+          if (kr && (!kr->trust_regexp
+                     || opt.trust_model != TM_PGP
+                     || (uidnode
                          && check_regexp(kr->trust_regexp,
                                          uidnode->pkt->pkt.user_id->name))))
             {
@@ -2032,7 +2066,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
 
 		      pk->trust_value = sig->trust_value;
 		      pk->trust_depth = depth-1;
-                      
+
 		      /* If the trust sig contains a regexp, record it
 			 on the pk for the next round. */
 		      if (sig->trust_regexp)
@@ -2055,7 +2089,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
     {
       if (uid->help_full_count >= opt.completes_needed
 	  || uid->help_marginal_count >= opt.marginals_needed )
-        uidnode->flag |= 4; 
+        uidnode->flag |= 4;
       else if (uid->help_full_count || uid->help_marginal_count)
         uidnode->flag |= 2;
       uidnode->flag |= 1;
@@ -2079,7 +2113,7 @@ search_skipfnc (void *opaque, u32 *kid, PKT_user_id *dummy)
  * kllist.  The caller has to pass keydb handle so that we don't use
  * to create our own.  Returns either a key_array or NULL in case of
  * an error.  No results found are indicated by an empty array.
- * Caller hast to release the returned array.  
+ * Caller hast to release the returned array.
  */
 static struct key_array *
 validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
@@ -2090,11 +2124,11 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
   size_t nkeys, maxkeys;
   int rc;
   KEYDB_SEARCH_DESC desc;
-  
+
   maxkeys = 1000;
   keys = xmalloc ((maxkeys+1) * sizeof *keys);
   nkeys = 0;
-  
+
   rc = keydb_search_reset (hd);
   if (rc)
     {
@@ -2119,21 +2153,21 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
       xfree (keys);
       return NULL;
     }
-  
+
   desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
   do
     {
       PKT_public_key *pk;
-        
+
       rc = keydb_get_keyblock (hd, &keyblock);
-      if (rc) 
+      if (rc)
         {
           log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
           xfree (keys);
           return NULL;
         }
-      
-      if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY) 
+
+      if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
         {
           log_debug ("ooops: invalid pkttype %d encountered\n",
                      keyblock->pkt->pkttype);
@@ -2143,7 +2177,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
         }
 
       /* prepare the keyblock for further processing */
-      merge_keys_and_selfsig (keyblock); 
+      merge_keys_and_selfsig (keyblock);
       clear_kbnode_flags (keyblock);
       pk = keyblock->pkt->pkt.public_key;
       if (pk->has_expired || pk->is_revoked)
@@ -2180,9 +2214,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
 
       release_kbnode (keyblock);
       keyblock = NULL;
-    } 
+    }
   while ( !(rc = keydb_search (hd, &desc, 1)) );
-  if (rc && rc != -1) 
+  if (rc && rc != -1)
     {
       log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
       xfree (keys);
@@ -2191,7 +2225,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
 
   keys[nkeys].keyblock = NULL;
   return keys;
-} 
+}
 
 /* Caller must sync */
 static void
@@ -2201,7 +2235,7 @@ reset_trust_records(void)
   ulong recnum;
   int count = 0, nreset = 0;
 
-  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ ) 
+  for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
     {
       if(rec.rectype==RECTYPE_TRUST)
 	{
@@ -2240,7 +2274,7 @@ reset_trust_records(void)
  * Step 2: loop max_cert_times
  * Step 3:   if OWNERTRUST of any key in klist is undefined
  *             ask user to assign ownertrust
- * Step 4:   Loop over all keys in the keyDB which are not marked seen 
+ * Step 4:   Loop over all keys in the keyDB which are not marked seen
  * Step 5:     if key is revoked or expired
  *                mark key as seen
  *                continue loop at Step 4
@@ -2252,7 +2286,7 @@ reset_trust_records(void)
  *             End Loop
  * Step 8:   Build a new klist from all fully trusted keys from step 6
  *           End Loop
- *         Ready  
+ *         Ready
  *
  */
 static int
@@ -2322,7 +2356,7 @@ validate_keys (int interactive)
       if ( pk->expiredate && pk->expiredate >= start_time
            && pk->expiredate < next_expire)
         next_expire = pk->expiredate;
-      
+
       release_kbnode (keyblock);
       do_sync ();
     }
@@ -2398,7 +2432,7 @@ validate_keys (int interactive)
       /* Find all keys which are signed by a key in kdlist */
       keys = validate_key_list (kdb, full_trust, klist,
 				start_time, &next_expire);
-      if (!keys) 
+      if (!keys)
         {
           log_error ("validate_key_list failed\n");
           rc = G10ERR_GENERAL;
@@ -2416,9 +2450,9 @@ validate_keys (int interactive)
           store_validation_status (depth, kar->keyblock, stored);
 
       log_info (_("depth: %d  valid: %3d  signed: %3d"
-                  "  trust: %d-, %dq, %dn, %dm, %df, %du\n"), 
+                  "  trust: %d-, %dq, %dn, %dm, %df, %du\n"),
                 depth, valids, key_count, ot_unknown, ot_undefined,
-                ot_never, ot_marginal, ot_full, ot_ultimate ); 
+                ot_never, ot_marginal, ot_full, ot_ultimate );
 
       /* Build a new kdlist from all fully valid keys in KEYS */
       if (klist != utk_list)
@@ -2480,10 +2514,10 @@ validate_keys (int interactive)
   if (!rc && !quit) /* mark trustDB as checked */
     {
       if (next_expire == 0xffffffff || next_expire < start_time )
-        tdbio_write_nextcheck (0); 
+        tdbio_write_nextcheck (0);
       else
         {
-          tdbio_write_nextcheck (next_expire); 
+          tdbio_write_nextcheck (next_expire);
           log_info (_("next trustdb check due at %s\n"),
                     strtimestamp (next_expire));
         }

commit 6286d01ba33b963be30fbb4fba6f35f1b05acd17
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 8 15:29:36 2013 +0200

    gpg: Fix --version output and explicitly disable ECC.
    
    * g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
    to gcry_pk_algo_name by a call to this function.
    (map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
    (openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
    GCRY_PK_ELG_E.  Return an error for ECC algos.
    (openpgp_pk_test_algo2):  Return an error for ECC algos.
    * g10/gpg.c (build_list): Avoid printing ECC two times.
    * include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
    --
    
    Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
    --version" printed two question marks.  This patches fixes that and
    also make sure that gpg does advertise any ECC features.  The patch in
    build_list is not really needed.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/encode.c b/g10/encode.c
index 3c4e0a2..88d0a69 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -83,7 +83,7 @@ encode_seskey( DEK *dek, DEK **seskey, byte *enckey )
     /* The encrypted session key is prefixed with a one-octet algorithm id.  */
     buf[0] = (*seskey)->algo;
     memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
-    
+
     /* We only pass already checked values to the following fucntion,
        thus we consider any failure as fatal.  */
     if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
@@ -117,7 +117,7 @@ use_mdc(PK_LIST pk_list,int algo)
 
   if(select_mdc_from_pklist(pk_list))
     return 1;
-  
+
   /* The keys don't support MDC, so now we do a bit of a hack - if any
      of the AESes or TWOFISH are in the prefs, we assume that the user
      can handle a MDC.  This is valid for PGP 7, which can handle MDCs
@@ -178,7 +178,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
     memset( &zfx, 0, sizeof zfx);
     memset( &tfx, 0, sizeof tfx);
     init_packet(&pkt);
-    
+
     /* prepare iobufs */
     inp = iobuf_open(filename);
     if (inp)
@@ -207,7 +207,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
        it has no S2K salt. RFC1991 always uses simple S2K. */
     if ( RFC1991 && use_seskey )
         use_seskey = 0;
-    
+
     cfx.dek = NULL;
     if( mode ) {
         int canceled;
@@ -254,7 +254,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
       {
         if (opt.verbose)
           log_info(_("`%s' already compressed\n"), filename);
-        do_compress = 0;        
+        do_compress = 0;
       }
 
     if( rc || (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) {
@@ -563,7 +563,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
 
       cfx.dek->algo = opt.def_cipher_algo;
     }
-    
+
     cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
 
     /* Only do the is-file-already-compressed check if we are using a
@@ -575,7 +575,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
       {
         if (opt.verbose)
           log_info(_("`%s' already compressed\n"), filename);
-        do_compress = 0;        
+        do_compress = 0;
       }
     if (rc2)
       {
@@ -846,7 +846,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
 	    if( opt.verbose ) {
 		char *ustr = get_user_id_string_native (enc->keyid);
 		log_info(_("%s/%s encrypted for: \"%s\"\n"),
-                         gcry_pk_algo_name (enc->pubkey_algo),
+                         openpgp_pk_algo_name (enc->pubkey_algo),
                          openpgp_cipher_algo_name (dek->algo),
                          ustr );
 		xfree(ustr);
@@ -874,9 +874,9 @@ encode_crypt_files(int nfiles, char **files, strlist_t remusr)
   if (opt.outfile)
     {
       log_error(_("--output doesn't work for this command\n"));
-      return;        
+      return;
     }
-    
+
   if (!nfiles)
     {
       char line[2048];
diff --git a/g10/gpg.c b/g10/gpg.c
index 1238f47..339bf26 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -854,8 +854,8 @@ my_strusage( int level )
       case 33: p = _("\nSupported algorithms:\n"); break;
       case 34:
 	if (!pubkeys)
-            pubkeys = build_list (_("Pubkey: "), 0,
-                                  gcry_pk_algo_name,
+            pubkeys = build_list (_("Pubkey: "), 'P',
+                                  openpgp_pk_algo_name,
                                   openpgp_pk_test_algo );
 	p = pubkeys;
 	break;
@@ -906,6 +906,9 @@ build_list (const char *text, char letter,
 
   for (i=0; i <= 110; i++ )
     {
+      if (letter == 'P' && i == 19 )
+        continue; /* No need to print a second "ECC" string.  */
+
       if (!chkf (i) && (s = mapf (i)))
         {
           if (mb.len - len > 60)
@@ -921,7 +924,7 @@ build_list (const char *text, char letter,
             put_membuf_str (&mb, text);
 
           put_membuf_str (&mb, s);
-          if (opt.verbose && letter)
+          if (opt.verbose && letter && letter != 'P')
             {
               char num[20];
               snprintf (num, sizeof num, " (%c%d)", letter, i);
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 3470257..4d5395d 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2810,7 +2810,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
 	    if(pk->is_revoked)
 	      {
 		char *user=get_user_id_string_native(pk->revoked.keyid);
-		const char *algo = gcry_pk_algo_name (pk->revoked.algo);
+		const char *algo = openpgp_pk_algo_name (pk->revoked.algo);
 		tty_printf (_("The following key was revoked on"
                               " %s by %s key %s\n"),
 			   revokestr_from_pk(pk),algo?algo:"?",user);
@@ -2828,7 +2828,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
 		      char *user;
 		      const char *algo;
 
-                      algo = gcry_pk_algo_name (pk->revkey[i].algid);
+                      algo = openpgp_pk_algo_name (pk->revkey[i].algid);
 		      keyid_from_fingerprint(pk->revkey[i].fpr,
 					     MAX_FINGERPRINT_LEN,r_keyid);
 
diff --git a/g10/keygen.c b/g10/keygen.c
index 3222c55..ad6bd73 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1603,7 +1603,7 @@ ask_key_flags(int algo,int subkey)
     {
       tty_printf("\n");
       tty_printf(_("Possible actions for a %s key: "),
-		 gcry_pk_algo_name (algo));
+		 openpgp_pk_algo_name (algo));
       print_key_flags(possible);
       tty_printf("\n");
       tty_printf(_("Current allowed actions: "));
@@ -1807,7 +1807,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
     }
 
   tty_printf(_("%s keys may be between %u and %u bits long.\n"),
-	     gcry_pk_algo_name (algo), min, max);
+	     openpgp_pk_algo_name (algo), min, max);
 
   for(;;)
     {
@@ -1826,7 +1826,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
 
       if(nbits<min || nbits>max)
 	tty_printf(_("%s keysizes must be in the range %u-%u\n"),
-		   gcry_pk_algo_name (algo), min, max);
+		   openpgp_pk_algo_name (algo), min, max);
       else
 	break;
     }
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 291a79c..7164f67 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -485,7 +485,7 @@ print_keyrec(int number,struct keyrec *keyrec)
     {
       const char *str;
 
-      str = gcry_pk_algo_name (map_pk_openpgp_to_gcry (keyrec->type));
+      str = openpgp_pk_algo_name (keyrec->type);
       if(str && strcmp (str, "?"))
 	printf("%s ",str);
       else
diff --git a/g10/main.h b/g10/main.h
index 35c9373..4ec0f29 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -93,6 +93,7 @@ int map_pk_openpgp_to_gcry (int algo);
 int openpgp_pk_test_algo( int algo );
 int openpgp_pk_test_algo2 ( int algo, unsigned int use );
 int openpgp_pk_algo_usage ( int algo );
+const char *openpgp_pk_algo_name (int algo);
 int openpgp_md_test_algo( int algo );
 
 #ifdef USE_IDEA
diff --git a/g10/mainproc.c b/g10/mainproc.c
index a1bd959..0387f8a 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -455,7 +455,7 @@ print_pkenc_list( struct kidlist_item *list, int failed )
         if ( !failed && list->reason )
             continue;
 
-        algstr = gcry_pk_algo_name ( list->pubkey_algo );
+        algstr = openpgp_pk_algo_name ( list->pubkey_algo );
         pk = xmalloc_clear( sizeof *pk );
 
 	if( !algstr )
@@ -1644,7 +1644,7 @@ check_sig_and_print( CTX c, KBNODE node )
 
   /* (Indendation below not yet changed to GNU style.) */
 
-    astr = gcry_pk_algo_name ( sig->pubkey_algo );
+    astr = openpgp_pk_algo_name ( sig->pubkey_algo );
     if(keystrlen()>8)
       {
 	log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
diff --git a/g10/misc.c b/g10/misc.c
index 9d3ee1e..9b7c8ab 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -297,7 +297,7 @@ print_pubkey_algo_note( int algo )
 	{
 	  warn=1;
 	  log_info (_("WARNING: using experimental public key algorithm %s\n"),
-		    gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo)));
+		    openpgp_pk_algo_name (algo));
 	}
     }
   else if (algo == 20)
@@ -423,8 +423,9 @@ map_pk_openpgp_to_gcry (int algo)
 {
   switch (algo)
     {
-    case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
-    case PUBKEY_ALGO_ECDH:  return 302 /*GCRY_PK_ECDH*/;
+    case PUBKEY_ALGO_ECDSA:     return 301 /*GCRY_PK_ECDSA*/;
+    case PUBKEY_ALGO_ECDH:      return 302 /*GCRY_PK_ECDH*/;
+    case PUBKEY_ALGO_ELGAMAL_E: return GCRY_PK_ELG;
     default: return algo;
     }
 }
@@ -433,11 +434,15 @@ map_pk_openpgp_to_gcry (int algo)
 int
 openpgp_pk_test_algo( int algo )
 {
+  /* ECC is not yet supported even if supported by Libgcrypt.  */
+  if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
+    return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
   /* Dont't allow type 20 keys unless in rfc2440 mode.  */
   if (!RFC2440 && algo == 20)
     return gpg_error (GPG_ERR_PUBKEY_ALGO);
 
-  if (algo == GCRY_PK_ELG_E)
+  if (algo == PUBKEY_ALGO_ELGAMAL_E)
     algo = GCRY_PK_ELG;
 
   if (algo < 0 || algo > 110)
@@ -450,11 +455,15 @@ openpgp_pk_test_algo2( int algo, unsigned int use )
 {
   size_t use_buf = use;
 
+  /* ECC is not yet supported even if supported by Libgcrypt.  */
+  if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
+    return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
   /* Dont't allow type 20 keys unless in rfc2440 mode.  */
   if (!RFC2440 && algo == 20)
     return gpg_error (GPG_ERR_PUBKEY_ALGO);
 
-  if (algo == GCRY_PK_ELG_E)
+  if (algo == PUBKEY_ALGO_ELGAMAL_E)
     algo = GCRY_PK_ELG;
 
   if (algo < 0 || algo > 110)
@@ -491,12 +500,29 @@ openpgp_pk_algo_usage ( int algo )
       case PUBKEY_ALGO_DSA:
           use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
           break;
+      case PUBKEY_ALGO_ECDH:
+          use = PUBKEY_USAGE_ENC;
+          break;
+      case PUBKEY_ALGO_ECDSA:
+          use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
+          break;
       default:
           break;
     }
     return use;
 }
 
+
+/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
+   string representation of the algorithm name.  For unknown algorithm
+   IDs this function returns "?".  */
+const char *
+openpgp_pk_algo_name (int algo)
+{
+  return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
+}
+
+
 int
 openpgp_md_test_algo( int algo )
 {
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 2133de5..9752718 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -74,7 +74,7 @@ encode_s2k_iterations (int iterations)
           if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
             log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
           /* Default to 65536 which we used up to 2.0.13.  */
-          return 96; 
+          return 96;
         }
       else if (mycnt >= 65011712)
         return 255; /* Largest possible value.  */
@@ -87,7 +87,7 @@ encode_s2k_iterations (int iterations)
 
   if (iterations >= 65011712)
     return 255;
-  
+
   /* Need count to be in the range 16-31 */
   for (count=iterations>>6; count>=32; count>>=1)
     c++;
@@ -96,13 +96,13 @@ encode_s2k_iterations (int iterations)
 
   if (S2K_DECODE_COUNT(result) < iterations)
     result++;
-  
+
   return result;
 }
 
 
 
-/* Hash a passphrase using the supplied s2k. 
+/* Hash a passphrase using the supplied s2k.
    Always needs: dek->algo, s2k->mode, s2k->hash_algo.  */
 static void
 hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
@@ -119,20 +119,20 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
 
   if (gcry_md_open (&md, s2k->hash_algo, 1))
     BUG ();
-  for (pass=0; used < dek->keylen ; pass++ ) 
+  for (pass=0; used < dek->keylen ; pass++ )
     {
-      if ( pass ) 
+      if ( pass )
         {
           gcry_md_reset (md);
           for (i=0; i < pass; i++ ) /* Preset the hash context.  */
             gcry_md_putc (md, 0 );
 	}
 
-      if ( s2k->mode == 1 || s2k->mode == 3 ) 
+      if ( s2k->mode == 1 || s2k->mode == 3 )
         {
           int len2 = pwlen + 8;
           ulong count = len2;
-          
+
           if ( s2k->mode == 3 )
             {
               count = S2K_DECODE_COUNT(s2k->count);
@@ -146,7 +146,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
 
           /* A little bit complicated because we need a ulong for count. */
           while ( count > len2 )  /* maybe iterated+salted */
-            { 
+            {
               gcry_md_write ( md, s2k->salt, 8 );
               gcry_md_write ( md, pw, pwlen );
               count -= len2;
@@ -242,7 +242,7 @@ read_passphrase_from_fd( int fd )
   int i, len;
   char *pw;
 
-  if ( !opt.batch ) 
+  if ( !opt.batch )
     { /* Not used but we have to do a dummy read, so that it won't end
          up at the begin of the message if the quite usual trick to
          prepend the passphtrase to the message is used. */
@@ -251,12 +251,12 @@ read_passphrase_from_fd( int fd )
       while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
         ;
       *buf = 0;
-      return; 
+      return;
     }
 
-  for (pw = NULL, i = len = 100; ; i++ ) 
+  for (pw = NULL, i = len = 100; ; i++ )
     {
-      if (i >= len-1 ) 
+      if (i >= len-1 )
         {
           char *pw2 = pw;
           len += 100;
@@ -322,35 +322,35 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
   if( keyid && get_pubkey( pk, keyid ) )
     {
       if (pk)
-        free_public_key( pk );      
+        free_public_key( pk );
       pk = NULL; /* oops: no key for some reason */
     }
-  
+
   orig_codeset = i18n_switchto_utf8 ();
 
   if (custom_description)
     atext = native_to_utf8 (custom_description);
   else if ( !mode && pk && keyid )
-    { 
+    {
       char *uid;
       size_t uidlen;
-      const char *algo_name = gcry_pk_algo_name ( pk->pubkey_algo );
+      const char *algo_name = openpgp_pk_algo_name (pk->pubkey_algo);
       const char *timestr;
       char *maink;
-      
+
       if ( !algo_name )
         algo_name = "?";
 
 #define KEYIDSTRING _(" (main key ID %s)")
 
       maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 );
-      if( keyid[2] && keyid[3] && keyid[0] != keyid[2] 
+      if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
           && keyid[1] != keyid[3] )
         sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) );
       else
         *maink = 0;
-      
-      uid = get_user_id ( keyid, &uidlen ); 
+
+      uid = get_user_id ( keyid, &uidlen );
       timestr = strtimestamp (pk->timestamp);
 
 #undef KEYIDSTRING
@@ -361,7 +361,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
 		       "%u-bit %s key, ID %s,\n" \
                        "created %s%s.\n" )
 
-      atext = xmalloc ( 100 + strlen (PROMPTSTRING)  
+      atext = xmalloc ( 100 + strlen (PROMPTSTRING)
                         + uidlen + 15 + strlen(algo_name) + keystrlen()
                         + strlen (timestr) + strlen (maink) );
       sprintf (atext, PROMPTSTRING,
@@ -373,16 +373,16 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
 
 #undef PROMPTSTRING
 
-      { 
+      {
         size_t dummy;
         fingerprint_from_pk( pk, fpr, &dummy );
         have_fpr = 1;
       }
-      
+
     }
   else
     atext = xstrdup ( _("Enter passphrase\n") );
-                
+
 
   if (!mode && cacheid)
     my_cacheid = cacheid;
@@ -398,7 +398,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
 
   rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext,
                              repeat, check, &pw);
-  
+
   xfree (my_prompt);
   xfree (atext); atext = NULL;
 
@@ -413,7 +413,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
       if (canceled)
         *canceled = 1;
     }
-  else 
+  else
     {
       log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
       /* Due to limitations in the API of the upper layers they
@@ -422,7 +422,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
          definitely not happen and let it continue without requiring a
          passphrase.  Given that now all the upper layers handle a
          cancel correctly, we simply set the cancel flag now for all
-         errors from the agent.  */ 
+         errors from the agent.  */
       if (canceled)
         *canceled = 1;
 
@@ -450,7 +450,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
   int rc;
 
   (void)algo;
-    
+
   if (!cacheid)
     {
       PKT_public_key *pk;
@@ -460,7 +460,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
       byte fpr[MAX_FINGERPRINT_LEN];
       char hexfprbuf[2*20+1];
       size_t dummy;
-      
+
       pk = xcalloc (1, sizeof *pk);
       if ( !keyid || get_pubkey( pk, keyid ) )
         {
@@ -488,7 +488,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
    NULL, sets it to true.
 
    MODE 0:  Allow cached passphrase
-        1:  Ignore cached passphrase 
+        1:  Ignore cached passphrase
         2:  Ditto, but create a new key
         3:  Allow cached passphrase; use the S2K salt as the cache ID
         4:  Ditto, but create a new key
@@ -496,7 +496,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
 DEK *
 passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
                        int cipher_algo, STRING2KEY *s2k, int mode,
-                       const char *tryagain_text, 
+                       const char *tryagain_text,
                        const char *custdesc, const char *custprompt,
                        int *canceled)
 {
@@ -509,11 +509,11 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
   if (!canceled)
     canceled = &dummy_canceled;
   *canceled = 0;
-  
+
   if ( !s2k )
     {
       assert (mode != 3 && mode != 4);
-      /* This is used for the old rfc1991 mode 
+      /* This is used for the old rfc1991 mode
        * Note: This must match the code in encode.c with opt.rfc1991 set */
       s2k = &help_s2k;
       s2k->mode = 0;
@@ -539,16 +539,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
 
   /* If we do not have a passphrase available in NEXT_PW and status
      information are request, we print them now. */
-  if ( !next_pw && is_status_enabled() ) 
+  if ( !next_pw && is_status_enabled() )
     {
       char buf[50];
-      
+
       if ( keyid )
         {
           u32 used_kid[2];
           char *us;
-          
-          if ( keyid[2] && keyid[3] ) 
+
+          if ( keyid[2] && keyid[3] )
             {
               used_kid[0] = keyid[2];
               used_kid[1] = keyid[3];
@@ -558,16 +558,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
               used_kid[0] = keyid[0];
               used_kid[1] = keyid[1];
             }
-          
+
           us = get_long_user_id_string ( keyid );
           write_status_text ( STATUS_USERID_HINT, us );
           xfree(us);
-          
+
           snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
                     (ulong)keyid[0], (ulong)keyid[1],
                     (ulong)used_kid[0], (ulong)used_kid[1],
                     pubkey_algo );
-          
+
           write_status_text ( STATUS_NEED_PASSPHRASE, buf );
 	}
       else
@@ -586,7 +586,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
     {
       PKT_public_key *pk = xmalloc_clear( sizeof *pk );
       char *p;
-      
+
       p = get_user_id_native(keyid);
       tty_printf ("\n");
       tty_printf (_("You need a passphrase to unlock the secret key for\n"
@@ -595,8 +595,8 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
 
       if ( !get_pubkey( pk, keyid ) )
         {
-          const char *s = gcry_pk_algo_name ( pk->pubkey_algo );
-          
+          const char *s = openpgp_pk_algo_name (pk->pubkey_algo);
+
           tty_printf (_("%u-bit %s key, ID %s, created %s"),
                       nbits_from_pk( pk ), s?s:"?", keystr(keyid),
                       strtimestamp(pk->timestamp) );
@@ -620,19 +620,19 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
         free_public_key( pk );
     }
 
-  if ( next_pw ) 
+  if ( next_pw )
     {
       /* Simply return the passphrase we already have in NEXT_PW. */
       pw = next_pw;
       next_pw = NULL;
     }
-  else if ( have_static_passphrase () ) 
+  else if ( have_static_passphrase () )
     {
       /* Return the passphrase we have stored in FD_PASSWD. */
       pw = xmalloc_secure ( strlen(fd_passwd)+1 );
       strcpy ( pw, fd_passwd );
     }
-  else 
+  else
     {
       if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
 	{
@@ -653,7 +653,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
           return NULL;
         }
     }
-    
+
   if ( !pw || !*pw )
     write_status( STATUS_MISSING_PASSPHRASE );
 
diff --git a/g10/sign.c b/g10/sign.c
index 7d5236a..0de3321 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -318,7 +318,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
 	if( opt.verbose ) {
 	    char *ustr = get_user_id_string_native (sig->keyid);
 	    log_info(_("%s/%s signature from: \"%s\"\n"),
-		     gcry_pk_algo_name (sk->pubkey_algo),
+		     openpgp_pk_algo_name (sk->pubkey_algo),
 		     gcry_md_algo_name (sig->digest_algo),
 		     ustr );
 	    xfree(ustr);
diff --git a/include/cipher.h b/include/cipher.h
index a3774c1..1b7e69b 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -51,14 +51,14 @@
 #define CIPHER_ALGO_CAMELLIA256     13
 #define CIPHER_ALGO_DUMMY          110    /* No encryption at all. */
 
-#define PUBKEY_ALGO_RSA          /*  1 */ GCRY_PK_RSA
-#define PUBKEY_ALGO_RSA_E        /*  2 */ GCRY_PK_RSA_E /* RSA encrypt only. */
-#define PUBKEY_ALGO_RSA_S        /*  3 */ GCRY_PK_RSA_S /* RSA sign only.    */
-#define PUBKEY_ALGO_ELGAMAL_E    /* 16 */ GCRY_PK_ELG_E /* Elgamal encr only */
-#define PUBKEY_ALGO_DSA          /* 17 */ GCRY_PK_DSA
+#define PUBKEY_ALGO_RSA              1
+#define PUBKEY_ALGO_RSA_E            2 /* RSA encrypt only. */
+#define PUBKEY_ALGO_RSA_S            3 /* RSA sign only.    */
+#define PUBKEY_ALGO_ELGAMAL_E       16 /* Elgamal encr only */
+#define PUBKEY_ALGO_DSA             17
 #define PUBKEY_ALGO_ECDH            18
 #define PUBKEY_ALGO_ECDSA           19
-#define PUBKEY_ALGO_ELGAMAL      /* 20 */ GCRY_PK_ELG   /* Elgamal encr+sign */
+#define PUBKEY_ALGO_ELGAMAL         20 /* Elgamal encr+sign */
 
 #define PUBKEY_USAGE_SIG     GCRY_PK_USAGE_SIGN  /* Good for signatures. */
 #define PUBKEY_USAGE_ENC     GCRY_PK_USAGE_ENCR  /* Good for encryption. */

-----------------------------------------------------------------------

Summary of changes:
 NEWS             |    2 +
 g10/encode.c     |   20 ++---
 g10/gpg.c        |   15 ++--
 g10/keyedit.c    |    4 +-
 g10/keygen.c     |    6 +-
 g10/keyserver.c  |    2 +-
 g10/main.h       |    1 +
 g10/mainproc.c   |    4 +-
 g10/misc.c       |   36 +++++++--
 g10/passphrase.c |   96 ++++++++++++------------
 g10/sign.c       |    2 +-
 g10/tdbio.c      |    8 +-
 g10/tdbio.h      |    6 +-
 g10/trustdb.c    |  216 +++++++++++++++++++++++++++++++-----------------------
 include/cipher.h |   12 +--
 15 files changed, 248 insertions(+), 182 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org




More information about the Gnupg-commits mailing list