[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta751-26-gae29b52
by Werner Koch
cvs at cvs.gnupg.org
Thu Aug 14 11:30:57 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via ae29b52119aa419989b773b2d6abb6e287dfc81b (commit)
via 2b8d8369d59249b89526c18c5ac276e6445dc35e (commit)
via 49c9a958e0b786850309bca555d4465c97d337e1 (commit)
via 71b55e91f02cdb65a8884892f71c4c7bf8a75247 (commit)
via 7d0492075ea638607309b3ea6a792b0e95ea7d98 (commit)
from cb127024b9ca893f83bc26ebaa8769bf09c2fcff (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ae29b52119aa419989b773b2d6abb6e287dfc81b
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 12 10:36:30 2014 +0200
gpg: Disable an MD5 workaround for pgp2 by default.
* g10/sig-check.c (do_check): Move some code to ...
* g10/misc.c (print_md5_rejected_note): new function.
* g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround
only if option --allow-weak-digest-algos is used.
diff --git a/g10/main.h b/g10/main.h
index 4ec4bbf..8fe03ac 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -74,6 +74,7 @@ extern int g10_errors_seen;
void print_pubkey_algo_note (pubkey_algo_t algo);
void print_cipher_algo_note (cipher_algo_t algo);
void print_digest_algo_note (digest_algo_t algo);
+void print_md5_rejected_note (void);
/*-- armor.c --*/
char *make_radix64_string( const byte *data, size_t len );
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 51392e3..7c699b3 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -694,7 +694,8 @@ proc_plaintext( CTX c, PACKET *pkt )
gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
}
- if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
+ if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify
+ && opt.flags.allow_weak_digest_algos) {
/* This is a kludge to work around a bug in pgp2. It does only
* catch those mails which are armored. To catch the non-armored
* pgp mails we could see whether there is the signature packet
@@ -2132,7 +2133,8 @@ proc_tree( CTX c, KBNODE node )
if( !opt.pgp2_workarounds )
;
else if( sig->digest_algo == DIGEST_ALGO_MD5
- && is_RSA( sig->pubkey_algo ) ) {
+ && is_RSA( sig->pubkey_algo)
+ && opt.flags.allow_weak_digest_algos) {
/* enable a workaround for a pgp2 bug */
if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
BUG ();
@@ -2145,16 +2147,17 @@ proc_tree( CTX c, KBNODE node )
if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
BUG ();
}
-#if 0 /* workaround disabled */
- /* Here we have another hack to work around a pgp 2 bug
- * It works by not using the textmode for detached signatures;
- * this will let the first signature check (on md) fail
- * but the second one (on md2) which adds an extra CR should
- * then produce the "correct" hash. This is very, very ugly
- * hack but it may help in some cases (and break others)
- */
- /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
-#endif
+
+ /* Here we used to have another hack to work around a pgp
+ * 2 bug: It worked by not using the textmode for detached
+ * signatures; this would let the first signature check
+ * (on md) fail but the second one (on md2), which adds an
+ * extra CR would then have produced the "correct" hash.
+ * This is very, very ugly hack but it may haved help in
+ * some cases (and break others).
+ * c->mfx.md2? 0 :(sig->sig_class == 0x01)
+ */
+
if ( DBG_HASHING ) {
gcry_md_debug( c->mfx.md, "verify" );
if ( c->mfx.md2 )
diff --git a/g10/misc.c b/g10/misc.c
index 0ad4602..54c2f89 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -342,6 +342,21 @@ print_digest_algo_note (digest_algo_t algo)
}
+void
+print_md5_rejected_note (void)
+{
+ static int shown;
+
+ if (!shown)
+ {
+ log_info
+ (_("Note: signatures using the %s algorithm are rejected\n"),
+ "MD5");
+ shown = 1;
+ }
+}
+
+
/* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do
this for algorithms we implemented in Libgcrypt after they become
part of OpenPGP. */
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 0cbb7f2..ad2ab5c 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -269,16 +269,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
if (sig->digest_algo == GCRY_MD_MD5
&& !opt.flags.allow_weak_digest_algos)
{
- static int shown;
-
- if (!shown)
- {
- log_info
- (_("Note: signatures using the %s algorithm are rejected\n"),
- "MD5");
- shown = 1;
- }
-
+ print_md5_rejected_note ();
return GPG_ERR_DIGEST_ALGO;
}
commit 2b8d8369d59249b89526c18c5ac276e6445dc35e
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 12 10:36:30 2014 +0200
gpg: Remove options --pgp2 and --rfc1991.
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users.
(RFC2440, PGP2): Remove. Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--
The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5). Thus we remove all support for
_creating_ PGP 2 compatible messages.
diff --git a/NEWS b/NEWS
index 2fcbaeb..d78c6d7 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
Noteworthy changes in version 2.1.0-betaxxx (unreleased)
--------------------------------------------------------
+ * gpg: Removed the option --pgp2 and --rfc1991 and the ability to
+ create PGP-2 compatible messages.
+
Noteworthy changes in version 2.1.0-beta751 (2014-07-03)
--------------------------------------------------------
diff --git a/doc/gpg.texi b/doc/gpg.texi
index d0da837..36aa18e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1476,7 +1476,7 @@ Set what trust model GnuPG should follow. The models are:
@item classic
@opindex trust-mode:classic
- This is the standard Web of Trust as used in PGP 2.x and earlier.
+ This is the standard Web of Trust as introduced by PGP 2.
@item direct
@opindex trust-mode:direct
@@ -2342,9 +2342,11 @@ behavior. Note that this is currently the same thing as
Reset all packet, cipher and digest options to strict RFC-2440
behavior.
+ at ifclear gpgtowone
@item --rfc1991
@opindex rfc1991
-Try to be more RFC-1991 (PGP 2.x) compliant.
+Try to be more RFC-1991 (PGP 2.x) compliant. This option is
+deprecated will be removed in GnuPG 2.1.
@item --pgp2
@opindex pgp2
@@ -2367,6 +2369,12 @@ This option implies
@end ifclear
It also disables @option{--textmode} when encrypting.
+This option is deprecated will be removed in GnuPG 2.1. The reason
+for dropping PGP-2 support is that the PGP 2 format is not anymore
+considered safe (for example due to the use of the broken MD5 algorithm).
+Note that the decryption of PGP-2 created messages will continue to work.
+ at end ifclear
+
@item --pgp6
@opindex pgp6
Set up all options to be as PGP 6 compliant as possible. This
diff --git a/g10/cipher.c b/g10/cipher.c
index 10f0ebb..b72b144 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -56,7 +56,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
memset( &ed, 0, sizeof ed );
ed.len = cfx->datalen;
ed.extralen = blocksize+2;
- ed.new_ctb = !ed.len && !RFC1991;
+ ed.new_ctb = !ed.len;
if( cfx->dek->use_mdc ) {
ed.mdc_method = DIGEST_ALGO_SHA1;
gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0);
diff --git a/g10/encrypt.c b/g10/encrypt.c
index 5b10b73..d1ce933 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -104,8 +104,8 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
static int
use_mdc(PK_LIST pk_list,int algo)
{
- /* RFC-1991 and 2440 don't have MDC */
- if(RFC1991 || RFC2440)
+ /* RFC-2440 don't has MDC */
+ if (RFC2440)
return 0;
/* --force-mdc overrides --disable-mdc */
@@ -174,7 +174,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
compress_filter_context_t zfx;
text_filter_context_t tfx;
progress_filter_context_t *pfx;
- int do_compress = !RFC1991 && default_compress_algo();
+ int do_compress = !!default_compress_algo();
pfx = new_progress_context ();
memset( &cfx, 0, sizeof cfx);
@@ -206,19 +206,13 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
if (opt.textmode)
iobuf_push_filter( inp, text_filter, &tfx );
- /* Due the the fact that we use don't use an IV to encrypt the
- session key we can't use the new mode with RFC1991 because it has
- no S2K salt. RFC1991 always uses simple S2K. */
- if ( RFC1991 && use_seskey )
- use_seskey = 0;
-
cfx.dek = NULL;
if ( mode )
{
int canceled;
s2k = xmalloc_clear( sizeof *s2k );
- s2k->mode = RFC1991? 0:opt.s2k_mode;
+ s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO;
cfx.dek = passphrase_to_dek (NULL, 0,
default_cipher_algo(), s2k, 4,
@@ -279,7 +273,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
push_armor_filter (afx, out);
}
- if ( s2k && !RFC1991 )
+ if ( s2k )
{
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc + seskeylen + 1 );
enc->version = 4;
@@ -335,7 +329,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
pt->timestamp = make_timestamp();
pt->mode = opt.textmode? 't' : 'b';
pt->len = filesize;
- pt->new_ctb = !pt->len && !RFC1991;
+ pt->new_ctb = !pt->len;
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
@@ -478,13 +472,13 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
compress_filter_context_t zfx;
text_filter_context_t tfx;
progress_filter_context_t *pfx;
- PK_LIST pk_list, work_list;
+ PK_LIST pk_list;
int do_compress;
if (filefd != -1 && filename)
return gpg_error (GPG_ERR_INV_ARG);
- do_compress = opt.compress_algo && !RFC1991;
+ do_compress = !!opt.compress_algo;
pfx = new_progress_context ();
memset( &cfx, 0, sizeof cfx);
@@ -510,19 +504,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
}
}
- if(PGP2)
- {
- for (work_list=pk_list; work_list; work_list=work_list->next)
- if (!(is_RSA (work_list->pk->pubkey_algo)
- && nbits_from_pk (work_list->pk) <= 2048))
- {
- log_info(_("you can only encrypt to RSA keys of 2048 bits or "
- "less in --pgp2 mode\n"));
- compliance_failure();
- break;
- }
- }
-
/* Prepare iobufs. */
#ifdef HAVE_W32_SYSTEM
if (filefd == -1)
@@ -592,13 +573,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
if (cfx.dek->algo == -1)
{
cfx.dek->algo = CIPHER_ALGO_3DES;
-
- if (PGP2)
- {
- log_info(_("unable to use the IDEA cipher for all of the keys "
- "you are encrypting to.\n"));
- compliance_failure();
- }
}
/* In case 3DES has been selected, print a warning if any key
@@ -687,7 +661,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
pt->timestamp = make_timestamp();
pt->mode = opt.textmode ? 't' : 'b';
pt->len = filesize;
- pt->new_ctb = !pt->len && !RFC1991;
+ pt->new_ctb = !pt->len;
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
@@ -895,7 +869,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
keyid_from_pk( pk, enc->keyid );
enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
- if (opt.throw_keyid && (PGP2 || PGP6 || PGP7 || PGP8))
+ if (opt.throw_keyid && (PGP6 || PGP7 || PGP8))
{
log_info(_("you may not use %s while in %s mode\n"),
"--throw-keyid",compliance_option_string());
diff --git a/g10/gpg.c b/g10/gpg.c
index f5b2231..7ba193b 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -205,11 +205,9 @@ enum cmd_and_opt_values
oMaxCertDepth,
oLoadExtension,
oGnuPG,
- oRFC1991,
oRFC2440,
oRFC4880,
oOpenPGP,
- oPGP2,
oPGP6,
oPGP7,
oPGP8,
@@ -573,11 +571,9 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
- ARGPARSE_s_n (oRFC1991, "rfc1991", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
- ARGPARSE_s_n (oPGP2, "pgp2", "@"),
ARGPARSE_s_n (oPGP6, "pgp6", "@"),
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
ARGPARSE_s_n (oPGP8, "pgp8", "@"),
@@ -2484,11 +2480,6 @@ main (int argc, char **argv)
/* Dummy so that gpg 1.4 conf files can work. Should
eventually be removed. */
break;
- case oRFC1991:
- opt.compliance = CO_RFC1991;
- opt.force_v4_certs = 0;
- opt.escape_from = 1;
- break;
case oOpenPGP:
case oRFC4880:
/* This is effectively the same as RFC2440, but with
@@ -2530,7 +2521,6 @@ main (int argc, char **argv)
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
break;
- case oPGP2: opt.compliance = CO_PGP2; break;
case oPGP6: opt.compliance = CO_PGP6; break;
case oPGP7: opt.compliance = CO_PGP7; break;
case oPGP8: opt.compliance = CO_PGP8; break;
@@ -3238,78 +3228,7 @@ main (int argc, char **argv)
log_clock ("start");
/* Do these after the switch(), so they can override settings. */
- if(PGP2)
- {
- int unusable=0;
-
- if(cmd==aSign && !detached_sig)
- {
- log_info(_("you can only make detached or clear signatures "
- "while in --pgp2 mode\n"));
- unusable=1;
- }
- else if(cmd==aSignEncr || cmd==aSignSym)
- {
- log_info(_("you can't sign and encrypt at the "
- "same time while in --pgp2 mode\n"));
- unusable=1;
- }
- else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym))
- {
- log_info(_("you must use files (and not a pipe) when "
- "working with --pgp2 enabled.\n"));
- unusable=1;
- }
- else if(cmd==aEncr || cmd==aSym)
- {
- /* Everything else should work without IDEA (except using
- a secret key encrypted with IDEA and setting an IDEA
- preference, but those have their own error
- messages). */
-
- if (openpgp_cipher_test_algo(CIPHER_ALGO_IDEA))
- {
- log_info(_("encrypting a message in --pgp2 mode requires "
- "the IDEA cipher\n"));
- unusable=1;
- }
- else if(cmd==aSym)
- {
- /* This only sets IDEA for symmetric encryption
- since it is set via select_algo_from_prefs for
- pk encryption. */
- xfree(def_cipher_string);
- def_cipher_string = xstrdup("idea");
- }
-
- /* PGP2 can't handle the output from the textmode
- filter, so we disable it for anything that could
- create a literal packet (only encryption and
- symmetric encryption, since we disable signing
- above). */
- if(!unusable)
- opt.textmode=0;
- }
-
- if(unusable)
- compliance_failure();
- else
- {
- opt.force_v4_certs = 0;
- opt.escape_from = 1;
- opt.force_v3_sigs = 1;
- opt.pgp2_workarounds = 1;
- opt.ask_sig_expire = 0;
- opt.ask_cert_expire = 0;
- opt.flags.allow_weak_digest_algos = 1;
- xfree(def_digest_string);
- def_digest_string = xstrdup("md5");
- xfree(s2k_digest_string);
- s2k_digest_string = xstrdup("md5");
- opt.compress_algo = COMPRESS_ALGO_ZIP;
- }
- }
- else if(PGP6)
+ if(PGP6)
{
opt.disable_mdc=1;
opt.escape_from=1;
@@ -3675,7 +3594,7 @@ main (int argc, char **argv)
else if(opt.s2k_mode==0)
log_error(_("you cannot use --symmetric --encrypt"
" with --s2k-mode 0\n"));
- else if(PGP2 || PGP6 || PGP7 || RFC1991)
+ else if(PGP6 || PGP7)
log_error(_("you cannot use --symmetric --encrypt"
" while in %s mode\n"),compliance_option_string());
else
@@ -3726,7 +3645,7 @@ main (int argc, char **argv)
else if(opt.s2k_mode==0)
log_error(_("you cannot use --symmetric --sign --encrypt"
" with --s2k-mode 0\n"));
- else if(PGP2 || PGP6 || PGP7 || RFC1991)
+ else if(PGP6 || PGP7)
log_error(_("you cannot use --symmetric --sign --encrypt"
" while in %s mode\n"),compliance_option_string());
else
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 77bd37f..1d80625 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -518,19 +518,6 @@ sign_uids (estream_t fp,
KBNODE node, uidnode;
PKT_public_key *primary_pk = NULL;
int select_all = !count_selected_uids (keyblock) || interactive;
- int all_v3 = 1;
-
- /* Are there any non-v3 sigs on this key already? */
- if (PGP2)
- {
- for (node = keyblock; node; node = node->next)
- if (node->pkt->pkttype == PKT_SIGNATURE &&
- node->pkt->pkt.signature->version > 3)
- {
- all_v3 = 0;
- break;
- }
- }
/* Build a list of all signators.
*
@@ -894,29 +881,6 @@ sign_uids (estream_t fp,
if (duration)
force_v4 = 1;
- /* Is --pgp2 on, it's a v3 key, all the sigs on the key are
- currently v3 and we're about to sign it with a v4 sig? If
- so, danger! */
- if (PGP2 && all_v3 &&
- (pk->version > 3 || force_v4) && primary_pk->version <= 3)
- {
- tty_fprintf (fp, _("You may not make an OpenPGP signature on a "
- "PGP 2.x key while in --pgp2 mode.\n"));
- tty_fprintf (fp, _("This would make the key unusable in PGP 2.x.\n"));
-
- if (opt.expert && !quick)
- {
- if (!cpr_get_answer_is_yes ("sign_uid.v4_on_v3_okay",
- _("Are you sure you still "
- "want to sign it? (y/N) ")))
- continue;
-
- all_v3 = 0;
- }
- else
- continue;
- }
-
if (selfsig)
;
else
@@ -1773,7 +1737,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break;
case cmdADDPHOTO:
- if (RFC2440 || RFC1991 || PGP2)
+ if (RFC2440)
{
tty_printf (_("This command is not allowed while in %s mode.\n"),
compliance_option_string ());
diff --git a/g10/keygen.c b/g10/keygen.c
index af5d34d..ed11a2f 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -341,16 +341,6 @@ keygen_set_std_prefs (const char *string,int personal)
if ( !openpgp_cipher_test_algo (CIPHER_ALGO_CAST5) )
strcat(dummy_string,"S3 ");
strcat(dummy_string,"S2 "); /* 3DES */
- /* If we have it, IDEA goes *after* 3DES so it won't be
- used unless we're encrypting along with a V3 key.
- Ideally, we would only put the S1 preference in if the
- key was RSA and <=2048 bits, as that is what won't
- break PGP2, but that is difficult with the current
- code, and not really worth checking as a non-RSA <=2048
- bit key wouldn't be usable by PGP2 anyway. -dms */
- if (PGP2 && !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
- strcat(dummy_string,"S1 ");
-
/* The default hash algo order is:
SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
diff --git a/g10/misc.c b/g10/misc.c
index 0125da4..0ad4602 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1191,8 +1191,6 @@ compliance_option_string(void)
case CO_GNUPG: return "--gnupg";
case CO_RFC4880: return "--openpgp";
case CO_RFC2440: return "--rfc2440";
- case CO_RFC1991: return "--rfc1991";
- case CO_PGP2: return "--pgp2";
case CO_PGP6: return "--pgp6";
case CO_PGP7: return "--pgp7";
case CO_PGP8: return "--pgp8";
@@ -1220,14 +1218,6 @@ compliance_failure(void)
ver="OpenPGP (older)";
break;
- case CO_RFC1991:
- ver="old PGP";
- break;
-
- case CO_PGP2:
- ver="PGP 2.x";
- break;
-
case CO_PGP6:
ver="PGP 6.x";
break;
diff --git a/g10/options.h b/g10/options.h
index e407aa4..7efb3d6 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -121,7 +121,7 @@ struct
int force_ownertrust;
enum
{
- CO_GNUPG, CO_RFC4880, CO_RFC2440, CO_RFC1991, CO_PGP2,
+ CO_GNUPG, CO_RFC4880, CO_RFC2440,
CO_PGP6, CO_PGP7, CO_PGP8
} compliance;
enum
@@ -307,14 +307,12 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
/* Compatibility flags. */
#define GNUPG (opt.compliance==CO_GNUPG)
-#define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2)
#define RFC2440 (opt.compliance==CO_RFC2440)
#define RFC4880 (opt.compliance==CO_RFC4880)
-#define PGP2 (opt.compliance==CO_PGP2)
#define PGP6 (opt.compliance==CO_PGP6)
#define PGP7 (opt.compliance==CO_PGP7)
#define PGP8 (opt.compliance==CO_PGP8)
-#define PGPX (PGP2 || PGP6 || PGP7 || PGP8)
+#define PGPX (PGP6 || PGP7 || PGP8)
/* Various option flags. Note that there should be no common string
names between the IMPORT_ and EXPORT_ flags as they can be mixed in
diff --git a/g10/pkclist.c b/g10/pkclist.c
index e783ae4..1032b01 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -928,7 +928,7 @@ build_pk_list (ctrl_t ctrl,
/* Hidden recipients are not allowed while in PGP mode,
issue a warning and switch into GnuPG mode. */
- if ((rov->flags&2) && (PGP2 || PGP6 || PGP7 || PGP8))
+ if ((rov->flags&2) && (PGP6 || PGP7 || PGP8))
{
log_info(_("you may not use %s while in %s mode\n"),
"--hidden-recipient",
@@ -978,7 +978,7 @@ build_pk_list (ctrl_t ctrl,
/* Hidden encrypt-to recipients are not allowed while
in PGP mode, issue a warning and switch into
GnuPG mode. */
- if ((r->flags&1) && (PGP2 || PGP6 || PGP7 || PGP8))
+ if ((r->flags&1) && (PGP6 || PGP7 || PGP8))
{
log_info(_("you may not use %s while in %s mode\n"),
"--hidden-encrypt-to",
@@ -1344,10 +1344,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
dropped from 4880 but is still relevant to GPG's 1991
support. All this doesn't mean IDEA is actually
available, of course. */
- if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4)
- implicit=CIPHER_ALGO_IDEA;
- else
- implicit=CIPHER_ALGO_3DES;
+ implicit=CIPHER_ALGO_3DES;
break;
@@ -1359,12 +1356,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
mode, and that's the only time PREFTYPE_HASH is used
anyway. -dms */
- /* MD5 is there for v3 keys with v3 selfsigs when --pgp2 is
- on. */
- if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4)
- implicit=DIGEST_ALGO_MD5;
- else
- implicit=DIGEST_ALGO_SHA1;
+ implicit=DIGEST_ALGO_SHA1;
break;
diff --git a/g10/revoke.c b/g10/revoke.c
index bf5e33b..67f62e5 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -473,7 +473,7 @@ create_revocation (const char *filename,
goto leave;
}
- if (keyblock && (PGP2 || PGP6 || PGP7 || PGP8))
+ if (keyblock && (PGP6 || PGP7 || PGP8))
{
/* Use a minimal pk for PGPx mode, since PGP can't import bare
revocation certificates. */
diff --git a/g10/server.c b/g10/server.c
index e87c871..b019d1a 100644
--- a/g10/server.c
+++ b/g10/server.c
@@ -320,10 +320,6 @@ cmd_encrypt (assuan_context_t ctx, char *line)
goto leave;
}
- /* Fixme: Check that we are using real files and not pipes if in
- PGP-2 mode. Do all the other checks we do in gpg.c for aEncr.
- Maybe we should drop the PGP2 compatibility. */
-
/* FIXME: GPGSM does this here: Add all encrypt-to marked recipients
from the default list. */
diff --git a/g10/sign.c b/g10/sign.c
index 9aa4da4..c8139d7 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -509,11 +509,6 @@ hash_for (PKT_public_key *pk)
return DIGEST_ALGO_SHA1;
}
- else if (PGP2 && pk->pubkey_algo == PUBKEY_ALGO_RSA && pk->version < 4 )
- {
- /* Old-style PGP only understands MD5 */
- return DIGEST_ALGO_MD5;
- }
else if (opt.personal_digest_prefs)
{
/* It's not DSA, so we can use whatever the first hash algorithm
@@ -659,7 +654,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
pt->timestamp = make_timestamp ();
pt->mode = ptmode;
pt->len = filesize;
- pt->new_ctb = !pt->len && !RFC1991;
+ pt->new_ctb = !pt->len;
pt->buf = inp;
init_packet(&pkt);
pkt.pkttype = PKT_PLAINTEXT;
@@ -710,7 +705,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
/* Build the signature packet. */
sig = xmalloc_clear (sizeof *sig);
- if (opt.force_v3_sigs || RFC1991)
+ if (opt.force_v3_sigs)
sig->version = 3;
else if (duration || opt.sig_policy_url
|| opt.sig_notations || opt.sig_keyserver_url)
@@ -819,7 +814,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
goto leave;
- if(!opt.force_v3_sigs && !RFC1991)
+ if(!opt.force_v3_sigs)
{
if(opt.ask_sig_expire && !opt.batch)
duration=ask_expire_interval(1,opt.def_sig_expire);
@@ -832,13 +827,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
if( (rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG )) )
goto leave;
- if(PGP2 && !only_old_style(sk_list))
- {
- log_info(_("you can only detach-sign with PGP 2.x style keys "
- "while in --pgp2 mode\n"));
- compliance_failure();
- }
-
if (encryptflag
&& (rc=build_pk_list (ctrl, remusr, &pk_list, PUBKEY_USAGE_ENC)))
goto leave;
@@ -986,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
if( !multifile )
iobuf_push_filter( inp, md_filter, &mfx );
- if( detached && !encryptflag && !RFC1991 )
+ if( detached && !encryptflag)
afx->what = 2;
if( opt.armor && !outfile )
@@ -1029,7 +1017,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
}
/* Write the one-pass signature packets if needed */
- if (!detached && !RFC1991) {
+ if (!detached) {
rc = write_onepass_sig_packets (sk_list, out,
opt.textmode && !outfile ? 0x01:0x00);
if (rc)
@@ -1135,7 +1123,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
int rc = 0;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
- int old_style = RFC1991;
+ int old_style = 0;
int only_md5 = 0;
u32 duration=0;
@@ -1143,7 +1131,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
afx = new_armor_context ();
init_packet( &pkt );
- if(!opt.force_v3_sigs && !RFC1991)
+ if(!opt.force_v3_sigs)
{
if(opt.ask_sig_expire && !opt.batch)
duration=ask_expire_interval(1,opt.def_sig_expire);
@@ -1156,16 +1144,9 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) )
goto leave;
- if( !old_style && !duration )
+ if(!duration )
old_style = only_old_style( sk_list );
- if(PGP2 && !only_old_style(sk_list))
- {
- log_info(_("you can only clearsign with PGP 2.x style keys "
- "while in --pgp2 mode\n"));
- compliance_failure();
- }
-
/* prepare iobufs */
inp = iobuf_open(fname);
if (inp && is_secured_file (iobuf_get_fd (inp)))
@@ -1311,7 +1292,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
memset( &cfx, 0, sizeof cfx);
init_packet( &pkt );
- if(!opt.force_v3_sigs && !RFC1991)
+ if(!opt.force_v3_sigs)
{
if(opt.ask_sig_expire && !opt.batch)
duration=ask_expire_interval(1,opt.def_sig_expire);
@@ -1343,7 +1324,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
/* prepare key */
s2k = xmalloc_clear( sizeof *s2k );
- s2k->mode = RFC1991? 0:opt.s2k_mode;
+ s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO;
algo = default_cipher_algo();
@@ -1389,7 +1370,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
/* Write the symmetric key packet */
/*(current filters: armor)*/
- if (!RFC1991) {
+ {
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
enc->version = 4;
enc->cipher_algo = cfx.dek->algo;
@@ -1410,12 +1391,10 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
/* Write the one-pass signature packets */
/*(current filters: zip - encrypt - armor)*/
- if (!RFC1991) {
- rc = write_onepass_sig_packets (sk_list, out,
- opt.textmode? 0x01:0x00);
- if (rc)
- goto leave;
- }
+ rc = write_onepass_sig_packets (sk_list, out,
+ opt.textmode? 0x01:0x00);
+ if (rc)
+ goto leave;
write_status_begin_signing (mfx.md);
diff --git a/tests/openpgp/clearsig.test b/tests/openpgp/clearsig.test
index 74631e1..bf67916 100755
--- a/tests/openpgp/clearsig.test
+++ b/tests/openpgp/clearsig.test
@@ -24,17 +24,6 @@ done
# ======================================
-# and once more to check rfc1991
-# ======================================
-
-if have_pubkey_algo "RSA"; then
- for i in $plain_files plain-large ; do
- $GPG -u $usrname3 --rfc1991 --digest-algo md5 --clearsign -o x --yes $i
- $GPG --verify x
- done
-fi
-
-# ======================================
# and one with long lines
# ======================================
cat >y <<EOF
@@ -100,7 +89,7 @@ cat >y <<EOF
}
/* ask for file and hash it */
- if( c->sigs_only ) {
-+ if( c->sigs_only )
++ if( c->sigs_only )
rc = hash_datafiles( c->mfx.md, NULL,
c->signed_data, c->sigfilename,
n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
commit 49c9a958e0b786850309bca555d4465c97d337e1
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 12 10:36:30 2014 +0200
build: Fix autogen.sh base version hack.
* autogen.sh <find-version>: Fix.
diff --git a/autogen.sh b/autogen.sh
index a6b5909..cafecc9 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -216,9 +216,10 @@ if [ "$myhost" = "find-version" ]; then
beta=no
if [ -d .git ]; then
ingit=yes
- tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null \
- | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}' )
- if [ -z "$tmp" ]; then
+ tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
+ if [ -n "$tmp" ]; then
+ tmp=$(echo "$tmp"|awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}')
+ else
tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
| awk -F- '$4!=0{print"-beta"$4}')
fi
commit 71b55e91f02cdb65a8884892f71c4c7bf8a75247
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 12 10:36:30 2014 +0200
gpg: Remove --compress-keys and --compress-sigs feature.
* g10/gpg.c (oCompressKeys, oCompressSigs): Remove.
(opts): Turn --compress-keys and --compress-signs in NOPs.
* g10/options.h (opt): Remove fields compress_keys and compress_sigs.
* g10/export.c (do_export): Remove compress_keys feature.
* g10/sign.c (sign_file): Remove compress_sigs feature.
--
These features are disabled in GnuPG since the very early days and
they fulfill no real purpose. For now we keep the command line
options as dummys.
diff --git a/g10/export.c b/g10/export.c
index 0aa44f3..6a921c1 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -213,8 +213,6 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options )
afx->what = secret? 5 : 1;
push_armor_filter (afx, out);
}
- if ( opt.compress_keys )
- push_compress_filter (out,&zfx,default_compress_algo());
}
rc = do_export_stream (ctrl, out, users, secret, NULL, options, &any );
diff --git a/g10/gpg.c b/g10/gpg.c
index 666e970..f5b2231 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -251,8 +251,6 @@ enum cmd_and_opt_values
oSkipVerify,
oSkipHiddenRecipients,
oNoSkipHiddenRecipients,
- oCompressKeys,
- oCompressSigs,
oAlwaysTrust,
oTrustModel,
oForceOwnertrust,
@@ -563,9 +561,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"),
ARGPARSE_s_s (oAttributeFile, "attribute-file", "@"),
- ARGPARSE_s_n (oNoop, "sk-comments", "@"),
- ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
-
ARGPARSE_s_i (oCompletesNeeded, "completes-needed", "@"),
ARGPARSE_s_i (oMarginalsNeeded, "marginals-needed", "@"),
ARGPARSE_s_i (oMaxCertDepth, "max-cert-depth", "@" ),
@@ -672,8 +667,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
- ARGPARSE_s_n (oCompressKeys, "compress-keys", "@"),
- ARGPARSE_s_n (oCompressSigs, "compress-sigs", "@"),
ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
@@ -799,6 +792,12 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"),
ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
+ /* Dummy options. */
+ ARGPARSE_s_n (oNoop, "sk-comments", "@"),
+ ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
+ ARGPARSE_s_n (oNoop, "compress-keys", "@"),
+ ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
+
ARGPARSE_end ()
};
@@ -2459,7 +2458,6 @@ main (int argc, char **argv)
case oSkipHiddenRecipients: opt.skip_hidden_recipients = 1; break;
case oNoSkipHiddenRecipients: opt.skip_hidden_recipients = 0; break;
- case oCompressKeys: opt.compress_keys = 1; break;
case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
#ifndef NO_TRUST_MODELS
@@ -2505,8 +2503,6 @@ main (int argc, char **argv)
opt.pgp2_workarounds = 0;
opt.escape_from = 1;
opt.force_v3_sigs = 0;
- opt.compress_keys = 0; /* not mandated, but we do it */
- opt.compress_sigs = 0; /* ditto. */
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
@@ -2525,8 +2521,6 @@ main (int argc, char **argv)
opt.pgp2_workarounds = 0;
opt.escape_from = 0;
opt.force_v3_sigs = 0;
- opt.compress_keys = 0; /* not mandated, but we do it */
- opt.compress_sigs = 0; /* ditto. */
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
@@ -2541,7 +2535,6 @@ main (int argc, char **argv)
case oPGP7: opt.compliance = CO_PGP7; break;
case oPGP8: opt.compliance = CO_PGP8; break;
case oGnuPG: opt.compliance = CO_GNUPG; break;
- case oCompressSigs: opt.compress_sigs = 1; break;
case oRFC2440Text: opt.rfc2440_text=1; break;
case oNoRFC2440Text: opt.rfc2440_text=0; break;
case oSetFilename:
diff --git a/g10/options.h b/g10/options.h
index 266b3e9..e407aa4 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -111,8 +111,7 @@ struct
int skip_verify;
int skip_hidden_recipients;
- int compress_keys;
- int compress_sigs;
+
/* TM_CLASSIC must be zero to accomodate trustdbs generated before
we started storing the trust model inside the trustdb. */
enum
diff --git a/g10/sign.c b/g10/sign.c
index 907d8c5..9aa4da4 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -998,7 +998,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
iobuf_push_filter( out, encrypt_filter, &efx );
}
- if( opt.compress_algo && !outfile && ( !detached || opt.compress_sigs) )
+ if (opt.compress_algo && !outfile && !detached)
{
int compr_algo=opt.compress_algo;
commit 7d0492075ea638607309b3ea6a792b0e95ea7d98
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 12 10:36:30 2014 +0200
gpg: Add list-option "show-usage".
* g10/gpg.c (parse_list_options): Add "show-usage".
* g10/options.h (LIST_SHOW_USAGE): New.
* g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller.
* g10/keylist.c (list_keyblock_print): Print usage info.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index e0b0039..d0da837 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1096,6 +1096,13 @@ give the opposite meaning. The options are:
see @option{--attribute-fd} for the appropriate way to get photo data
for scripts and other frontends.
+ @item show-usage
+ @opindex list-options:show-usage
+ Show usage information for keys and subkeys in the standard key
+ listing. This is a list of letters indicating the allowed usage for a
+ key (@code{E}=encryption, @code{S}=signing, @code{C}=certification,
+ @code{A}=authentication). Defaults to no.
+
@item show-policy-urls
@opindex list-options:show-policy-urls
Show policy URLs in the @option{--list-sigs} or @option{--check-sigs}
diff --git a/g10/gpg.c b/g10/gpg.c
index 1f840c6..666e970 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1793,6 +1793,8 @@ parse_list_options(char *str)
{
{"show-photos",LIST_SHOW_PHOTOS,NULL,
N_("display photo IDs during key listings")},
+ {"show-usage",LIST_SHOW_USAGE,NULL,
+ N_("show key usage information during key listings")},
{"show-policy-urls",LIST_SHOW_POLICY_URLS,NULL,
N_("show policy URLs during signature listings")},
{"show-notations",LIST_SHOW_NOTATIONS,NULL,
diff --git a/g10/keydb.h b/g10/keydb.h
index 0cf6ca1..23d0bcc 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -282,7 +282,7 @@ const char *datestr_from_sig( PKT_signature *sig );
const char *expirestr_from_pk( PKT_public_key *pk );
const char *expirestr_from_sig( PKT_signature *sig );
const char *revokestr_from_pk( PKT_public_key *pk );
-const char *usagestr_from_pk( PKT_public_key *pk );
+const char *usagestr_from_pk (PKT_public_key *pk, int fill);
const char *colon_strtime (u32 t);
const char *colon_datestr_from_pk (PKT_public_key *pk);
const char *colon_datestr_from_sig (PKT_signature *sig);
diff --git a/g10/keyedit.c b/g10/keyedit.c
index c5f02f7..77bd37f 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2991,7 +2991,7 @@ show_key_with_all_names (estream_t fp,
else
tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
tty_fprintf (fp, " ");
- tty_fprintf (fp, _("usage: %s"), usagestr_from_pk (pk));
+ tty_fprintf (fp, _("usage: %s"), usagestr_from_pk (pk, 1));
tty_fprintf (fp, "\n");
if (pk->seckey_info
diff --git a/g10/keyid.c b/g10/keyid.c
index 6ce6f32..94900bd 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -629,7 +629,7 @@ revokestr_from_pk( PKT_public_key *pk )
const char *
-usagestr_from_pk( PKT_public_key *pk )
+usagestr_from_pk (PKT_public_key *pk, int fill)
{
static char buffer[10];
int i = 0;
@@ -647,7 +647,7 @@ usagestr_from_pk( PKT_public_key *pk )
if ( (use & PUBKEY_USAGE_AUTH) )
buffer[i++] = 'A';
- while (i < 4)
+ while (fill && i < 4)
buffer[i++] = ' ';
buffer[i] = 0;
diff --git a/g10/keylist.c b/g10/keylist.c
index 7d9fe23..3649475 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -834,6 +834,10 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
keystr_from_pk (pk), datestr_from_pk (pk));
+ if ((opt.list_options & LIST_SHOW_USAGE))
+ {
+ es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk, 0));
+ }
if (pk->flags.revoked)
{
es_fprintf (es_stdout, " [");
@@ -973,6 +977,10 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
xfree (curve);
}
+ if ((opt.list_options & LIST_SHOW_USAGE))
+ {
+ es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk2, 0));
+ }
if (pk2->flags.revoked)
{
es_fprintf (es_stdout, " [");
diff --git a/g10/options.h b/g10/options.h
index 0a604f9..266b3e9 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -349,6 +349,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define LIST_SHOW_KEYRING (1<<8)
#define LIST_SHOW_SIG_EXPIRE (1<<9)
#define LIST_SHOW_SIG_SUBPACKETS (1<<10)
+#define LIST_SHOW_USAGE (1<<11)
#define VERIFY_SHOW_PHOTOS (1<<0)
#define VERIFY_SHOW_POLICY_URLS (1<<1)
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 ++
autogen.sh | 7 +--
doc/gpg.texi | 19 +++++++-
g10/cipher.c | 2 +-
g10/encrypt.c | 46 ++++--------------
g10/export.c | 2 -
g10/gpg.c | 108 +++++--------------------------------------
g10/keydb.h | 2 +-
g10/keyedit.c | 40 +---------------
g10/keygen.c | 10 ----
g10/keyid.c | 4 +-
g10/keylist.c | 8 ++++
g10/main.h | 1 +
g10/mainproc.c | 27 ++++++-----
g10/misc.c | 25 ++++++----
g10/options.h | 10 ++--
g10/pkclist.c | 16 ++-----
g10/revoke.c | 2 +-
g10/server.c | 4 --
g10/sig-check.c | 11 +----
g10/sign.c | 53 +++++++--------------
tests/openpgp/clearsig.test | 13 +-----
22 files changed, 117 insertions(+), 296 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list