security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10/gpgv.c

675 lines
13 KiB
C
Raw Normal View History

This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* gpgv.c - The GnuPG signature verify utility
Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level * g10/trustdb.c (check_trustdb_stale): Request a rebuild if pending_check_trustdb is true (set when we detect a trustdb parameter has changed). * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons listing for min_cert_level not matching. * g10/tdbio.c (tdbio_update_version_record, create_version_record, tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record, tdbio_write_record): Add a byte for min_cert_level in the tdbio version record.
2012-01-20 04:33:51 +01:00
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, 2006,
* 2008, 2009, 2012 Free Software Foundation, Inc.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* along with this program; if not, see <http://www.gnu.org/licenses/>.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*/
#include <config.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
Revert "g10: Support armored keyrings in gpgv." This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.
2016-04-06 11:34:11 +02:00
#ifdef HAVE_DOSISH_SYSTEM
#include <fcntl.h> /* for setmode() */
#endif
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#ifdef HAVE_LIBREADLINE
Various updates
2006-09-21 15:30:45 +02:00
#define GNUPG_LIBREADLINE_H_INCLUDED
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#include <readline/readline.h>
#endif
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define INCLUDED_BY_MAIN_MODULE 1
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
#include "gpg.h"
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
#include "util.h"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#include "packet.h"
#include "iobuf.h"
#include "main.h"
#include "options.h"
#include "keydb.h"
#include "trustdb.h"
#include "filter.h"
#include "ttyio.h"
#include "i18n.h"
More W32 related changes
2007-06-26 15:48:44 +02:00
#include "sysutils.h"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#include "status.h"
With --enable-gpg the keyservers are now build and a first test using gpg2 shows no prblems. Needs more testing of course.
2006-08-16 12:47:53 +02:00
#include "call-agent.h"
common: Add a global variable to for the default error source. For the shared code parts it is cumbersome to pass an error sourse variable to each function. Its value is always a constant for a given binary and thus a global variable makes things a lot easier than the former macro stuff. * common/init.c (default_errsource): New global var. (init_common_subsystems): Rename to _init_common_subsystems. Set DEFAULT_ERRSOURCE. * common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT. (init_common_subsystems): New macro. * common/util.h (default_errsource): Add declaration. * kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
2012-02-06 20:50:47 +01:00
#include "../common/init.h"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
enum cmd_and_opt_values {
aNull = 0,
oQuiet = 'q',
oVerbose = 'v',
oBatch = 500,
oKeyring,
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
oIgnoreTimeConflict,
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
oStatusFD,
oLoggerFD,
oHomedir,
gpg: Add option --weak-digest to gpg and gpgv. * g10/options.h: Add additional_weak_digests linked list to opts. * g10/main.h: Declare weakhash linked list struct and additional_weak_digest() function to insert newly-declared weak digests into opts. * g10/misc.c: (additional_weak_digest): New function. (print_digest_algo_note): Check for deprecated digests; use proper gcry_md_algos type. * g10/sig-check.c: (do_check): Reject weak digests in addition to MD5. * g10/gpg.c: Add --weak-digest option to gpg. * doc/gpg.texi: Document gpg --weak-digest option. * g10/gpgv.c: Add --weak-digest option to gpgv. * doc/gpgv.texi: Document gpgv --weak-digest option. -- gpg and gpgv treat signatures made over MD5 as unreliable, unless the user supplies --allow-weak-digests to gpg. Signatures over any other digest are considered acceptable. Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC 4880, the collision-resistance of SHA-1 is weaker than anyone would like it to be. Some operators of high-value targets that depend on OpenPGP signatures may wish to require their signers to use a stronger digest algorithm than SHA1, even if the OpenPGP ecosystem at large cannot deprecate SHA1 entirely today. This changeset adds a new "--weak-digest DIGEST" option for both gpg and gpgv, which makes it straightforward for anyone to treat any signature or certification made over the specified digest as unreliable. This option can be supplied multiple times if the operator wishes to deprecate multiple digest algorithms, and will be ignored completely if the operator supplies --allow-weak-digests (as before). MD5 is still always considered weak, regardless of any further --weak-digest options supplied. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Capitialized some comments, shorted a line in do_check, and changed subject to name the option. -wk
2015-10-18 23:35:32 +02:00
oWeakDigest,
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
aTest
};
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
static ARGPARSE_OPTS opts[] = {
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
ARGPARSE_group (300, N_("@\nOptions:\n ")),
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
ARGPARSE_s_s (oKeyring, "keyring",
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
N_("|FILE|take the keys from the keyring FILE")),
ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict",
N_("make timestamp conflicts only a warning")),
ARGPARSE_s_i (oStatusFD, "status-fd",
N_("|FD|write status info to this FD")),
ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
gpg: Add --weak-digest to gpgv's help screen. -- Suggested-by: Daniel Kahn Gillmor
2016-05-18 17:00:03 +02:00
ARGPARSE_s_s (oWeakDigest, "weak-digest",
N_("|ALGO|reject signatures made with ALGO")),
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
ARGPARSE_end ()
};
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int g10_errors_seen = 0;
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
static char *
make_libversion (const char *libname, const char *(*getfnc)(const char*))
{
const char *s;
char *result;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
s = getfnc (NULL);
result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
strcpy (stpcpy (stpcpy (result, libname), " "), s);
return result;
}
Finished the bulk of changes for gnupg 1.9. This included switching to libgcrypt functions, using shared error codes from libgpg-error, replacing the old functions we used to have in ../util by those in ../jnlib and ../common, renaming the malloc functions and a couple of types. Note, that not all changes are listed below becuause they are too similar and done at far too many places. As of today the code builds using the current libgcrypt from CVS but it is very unlikely that it actually works.
2003-06-18 21:56:13 +02:00
static const char *
my_strusage( int level )
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
static char *ver_gcry;
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
const char *p;
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
switch (level)
{
Make use of the *_NAME etc macros. Replace hardwired strings at many places with new macros from config.h and use the new strusage macro replacement feature. * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn sentinels. * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
case 11: p = "@GPG@v (GnuPG)";
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
break;
case 13: p = VERSION; break;
case 17: p = PRINTABLE_OS_NAME; break;
Make bug reporting address easier changeable.
2009-07-21 16:21:05 +02:00
case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
case 1:
Move password repetition from gpg to gpg-agent.
2009-03-17 13:13:32 +01:00
case 40: p = _("Usage: gpgv [options] [files] (-h for help)");
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
break;
Move password repetition from gpg to gpg-agent.
2009-03-17 13:13:32 +01:00
case 41: p = _("Syntax: gpgv [options] [files]\n"
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
"Check signatures against known trusted keys\n");
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
break;
Print library versions according to GNU standards.
2008-11-18 19:01:03 +01:00
case 20:
if (!ver_gcry)
ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
p = ver_gcry;
break;
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
default: p = NULL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
return p;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int
main( int argc, char **argv )
{
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
ARGPARSE_ARGS pargs;
int rc=0;
strlist_t sl;
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
strlist_t nrings = NULL;
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
unsigned configlineno;
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
ctrl_t ctrl;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Add a hook to be called right after main. * common/init.c (early_system_init): New stub function. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 19:57:22 +01:00
early_system_init ();
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
set_strusage (my_strusage);
log_set_prefix ("gpgv", 1);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
/* Make sure that our subsystems are ready. */
Minor fixes.
2008-12-09 09:58:02 +01:00
i18n_init();
More chnages to use estream. Add a way to replace the standard descriptors.
2010-03-22 13:46:05 +01:00
init_common_subsystems (&argc, &argv);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
gpgv: Init Libgcrypt to avoid syslog warning. * g10/gpgv.c (main): Check libgcrypt version and disable secure memory. -- GnuPG-bug-id: 1376 Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 3966eb244518d5612385d35a5149f7164a9fb707) Resolved conflicts: g10/gpgv.c
2013-08-19 11:22:11 +02:00
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
{
log_fatal ( _("%s is too old (need %s, have %s)\n"), "libgcrypt",
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
}
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
gnupg_init_signals (0, NULL);
opt.command_fd = -1; /* no command fd */
gpgv: Init Libgcrypt to avoid syslog warning. * g10/gpgv.c (main): Check libgcrypt version and disable secure memory. -- GnuPG-bug-id: 1376 Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 3966eb244518d5612385d35a5149f7164a9fb707) Resolved conflicts: g10/gpgv.c
2013-08-19 11:22:11 +02:00
opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE;
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
opt.trust_model = TM_ALWAYS;
opt.batch = 1;
opt.homedir = default_homedir ();
gpg: Ensure all weak digest rejection notices are shown * g10/main.h: Add rejection_shown flag to each weakhash struct * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not treat MD5 separately; (print_digest_rejected_note): Use weakhash.rejection_shown instead of static shown. * g10/options.h (opt): Change from additional_weak_digests to weak_digests. * g10/sig-check.c: Do not treat MD5 separately. * g10/gpg.c (main): Explicitly set MD5 as weak. * g10/gpgv.c (main): Explicitly set MD5 as weak. -- Previously, only one weak digest rejection message was shown, of whichever was the first type encountered. This meant that if "gpg --weak-digest SHA224" encountered both an MD5 digest and a SHA224 digest, it would only show the user that the MD5 digest was rejected. In order to let the user know which algorithms were rejected, we needed to move the "shown" flag into a per-weak-algorithm location. Given this additional complication, it made no sense to continue to treat MD5 specially, so it is added as a default weak algorithm in the same opt.weak_digests data structure as any other. Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-23 23:46:57 +02:00
opt.weak_digests = NULL;
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
tty_no_terminal(1);
tty_batchmode(1);
Renamed the lock functions. Also cleaned up the dotlock code for easier readability.
2011-09-23 14:43:58 +02:00
dotlock_disable ();
gpgv: Init Libgcrypt to avoid syslog warning. * g10/gpgv.c (main): Check libgcrypt version and disable secure memory. -- GnuPG-bug-id: 1376 Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 3966eb244518d5612385d35a5149f7164a9fb707) Resolved conflicts: g10/gpgv.c
2013-08-19 11:22:11 +02:00
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
gpg: Ensure all weak digest rejection notices are shown * g10/main.h: Add rejection_shown flag to each weakhash struct * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not treat MD5 separately; (print_digest_rejected_note): Use weakhash.rejection_shown instead of static shown. * g10/options.h (opt): Change from additional_weak_digests to weak_digests. * g10/sig-check.c: Do not treat MD5 separately. * g10/gpg.c (main): Explicitly set MD5 as weak. * g10/gpgv.c (main): Explicitly set MD5 as weak. -- Previously, only one weak digest rejection message was shown, of whichever was the first type encountered. This meant that if "gpg --weak-digest SHA224" encountered both an MD5 digest and a SHA224 digest, it would only show the user that the MD5 digest was rejected. In order to let the user know which algorithms were rejected, we needed to move the "shown" flag into a per-weak-algorithm location. Given this additional complication, it made no sense to continue to treat MD5 specially, so it is added as a default weak algorithm in the same opt.weak_digests data structure as any other. Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-23 23:46:57 +02:00
additional_weak_digest("MD5");
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags= 1; /* do not remove the args */
while (optfile_parse( NULL, NULL, &configlineno, &pargs, opts))
{
switch (pargs.r_opt)
{
case oQuiet: opt.quiet = 1; break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oVerbose:
opt.verbose++;
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
opt.list_sigs=1;
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
break;
case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
case oStatusFD: set_status_fd( pargs.r.ret_int ); break;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
case oLoggerFD:
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
break;
case oHomedir: opt.homedir = pargs.r.ret_str; break;
gpg: Add option --weak-digest to gpg and gpgv. * g10/options.h: Add additional_weak_digests linked list to opts. * g10/main.h: Declare weakhash linked list struct and additional_weak_digest() function to insert newly-declared weak digests into opts. * g10/misc.c: (additional_weak_digest): New function. (print_digest_algo_note): Check for deprecated digests; use proper gcry_md_algos type. * g10/sig-check.c: (do_check): Reject weak digests in addition to MD5. * g10/gpg.c: Add --weak-digest option to gpg. * doc/gpg.texi: Document gpg --weak-digest option. * g10/gpgv.c: Add --weak-digest option to gpgv. * doc/gpgv.texi: Document gpgv --weak-digest option. -- gpg and gpgv treat signatures made over MD5 as unreliable, unless the user supplies --allow-weak-digests to gpg. Signatures over any other digest are considered acceptable. Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC 4880, the collision-resistance of SHA-1 is weaker than anyone would like it to be. Some operators of high-value targets that depend on OpenPGP signatures may wish to require their signers to use a stronger digest algorithm than SHA1, even if the OpenPGP ecosystem at large cannot deprecate SHA1 entirely today. This changeset adds a new "--weak-digest DIGEST" option for both gpg and gpgv, which makes it straightforward for anyone to treat any signature or certification made over the specified digest as unreliable. This option can be supplied multiple times if the operator wishes to deprecate multiple digest algorithms, and will be ignored completely if the operator supplies --allow-weak-digests (as before). MD5 is still always considered weak, regardless of any further --weak-digest options supplied. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Capitialized some comments, shorted a line in do_check, and changed subject to name the option. -wk
2015-10-18 23:35:32 +02:00
case oWeakDigest:
additional_weak_digest(pargs.r.ret_str);
break;
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
default : pargs.err = ARGPARSE_PRINT_ERROR; break;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
if (log_get_errorcount (0))
g10_exit(2);
if (opt.verbose > 1)
set_packet_list_mode(1);
Make gpgv error message about a missing keyring more useful. This fixes Debian#494040. Also implement readonly semantic for extra safety.
2009-04-03 12:34:22 +02:00
gpg: First patches to support a keybox storage backend. * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to .. * kbx/keybox.h: here. * kbx/keybox-init.c (keybox_lock): Add dummy function * g10/keydb.c: Include keybox.h. (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX. (struct resource_item): Add field kb. (maybe_create_keyring_or_box): Add error descriptions to diagnostics. Add arg IS_BOX. Write a header for a new keybox file. (keydb_add_resource): No more need for the force flag. Rename the local variable "force" to "create". Add URL scheme "gnupg-kbx". Add magic test to detect a keybox file. Add basic support for keybox. (keydb_new, keydb_get_resource_name, keydb_delete_keyblock) (keydb_locate_writable, keydb_search_reset, keydb_search2): Add support for keybox. (lock_all, unlock_all): Ditto. * g10/Makefile.am (needed_libs): Add libkeybox.a. (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround. * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY) KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New. * g10/gpg.c, g10/gpgv.c (main): Use new constants. -- I did most of these changes back in 2011 and only cleaned them up now. More to follow soon.
2012-12-27 15:04:29 +01:00
/* Note: We open all keyrings in read-only mode. */
Make gpgv error message about a missing keyring more useful. This fixes Debian#494040. Also implement readonly semantic for extra safety.
2009-04-03 12:34:22 +02:00
if (!nrings) /* No keyring given: use default one. */
gpg: Allow gpgv to work with a trustedkeys.kbx file. * g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New. * g10/keydb.c (keydb_add_resource): Take care of new flag. * g10/gpgv.c (main): Use new flag. -- GnuPG-bug-id: 2025 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-07 15:53:56 +02:00
keydb_add_resource ("trustedkeys" EXTSEP_S "kbx",
(KEYDB_RESOURCE_FLAG_READONLY
|KEYDB_RESOURCE_FLAG_GPGVDEF));
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
for (sl = nrings; sl; sl = sl->next)
Revert "g10: Support armored keyrings in gpgv." This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.
2016-04-06 11:34:11 +02:00
keydb_add_resource (sl->d, KEYDB_RESOURCE_FLAG_READONLY);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
FREE_STRLIST (nrings);
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
ctrl = xcalloc (1, sizeof *ctrl);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
if ((rc = verify_signatures (ctrl, argc, argv)))
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
log_error("verify signatures failed: %s\n", gpg_strerror (rc) );
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
xfree (ctrl);
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
/* cleanup */
g10_exit (0);
return 8; /*NOTREACHED*/
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
void
g10_exit( int rc )
{
Cleaned up unused gpgsm and gpg options.
2008-11-13 13:37:45 +01:00
rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
exit(rc );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
/* Stub:
Fix typos found using codespell. * agent/cache.c: Fix typos. * agent/call-pinentry.c: Likewise. * agent/call-scd.c: Likewise. * agent/command-ssh.c: Likewise. * agent/command.c: Likewise. * agent/divert-scd.c: Likewise. * agent/findkey.c: Likewise. * agent/gpg-agent.c: Likewise. * agent/w32main.c: Likewise. * common/argparse.c: Likewise. * common/audit.c: Likewise. * common/audit.h: Likewise. * common/convert.c: Likewise. * common/dotlock.c: Likewise. * common/exechelp-posix.c: Likewise. * common/exechelp-w32.c: Likewise. * common/exechelp-w32ce.c: Likewise. * common/exechelp.h: Likewise. * common/helpfile.c: Likewise. * common/i18n.h: Likewise. * common/iobuf.c: Likewise. * common/iobuf.h: Likewise. * common/localename.c: Likewise. * common/logging.c: Likewise. * common/openpgp-oid.c: Likewise. * common/session-env.c: Likewise. * common/sexputil.c: Likewise. * common/sysutils.c: Likewise. * common/t-sexputil.c: Likewise. * common/ttyio.c: Likewise. * common/util.h: Likewise. * dirmngr/cdblib.c: Likewise. * dirmngr/certcache.c: Likewise. * dirmngr/crlcache.c: Likewise. * dirmngr/dirmngr-client.c: Likewise. * dirmngr/dirmngr.c: Likewise. * dirmngr/dirmngr_ldap.c: Likewise. * dirmngr/dns-stuff.c: Likewise. * dirmngr/http.c: Likewise. * dirmngr/ks-engine-hkp.c: Likewise. * dirmngr/ks-engine-ldap.c: Likewise. * dirmngr/ldap-wrapper.c: Likewise. * dirmngr/ldap.c: Likewise. * dirmngr/misc.c: Likewise. * dirmngr/ocsp.c: Likewise. * dirmngr/validate.c: Likewise. * g10/encrypt.c: Likewise. * g10/getkey.c: Likewise. * g10/gpg.c: Likewise. * g10/gpgv.c: Likewise. * g10/import.c: Likewise. * g10/keydb.c: Likewise. * g10/keydb.h: Likewise. * g10/keygen.c: Likewise. * g10/keyid.c: Likewise. * g10/keylist.c: Likewise. * g10/keyring.c: Likewise. * g10/mainproc.c: Likewise. * g10/misc.c: Likewise. * g10/options.h: Likewise. * g10/packet.h: Likewise. * g10/parse-packet.c: Likewise. * g10/pkclist.c: Likewise. * g10/pkglue.c: Likewise. * g10/plaintext.c: Likewise. * g10/server.c: Likewise. * g10/sig-check.c: Likewise. * g10/sqlite.c: Likewise. * g10/tdbio.c: Likewise. * g10/test-stubs.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. * g13/create.c: Likewise. * g13/mountinfo.c: Likewise. * kbx/keybox-blob.c: Likewise. * kbx/keybox-file.c: Likewise. * kbx/keybox-init.c: Likewise. * kbx/keybox-search-desc.h: Likewise. * kbx/keybox-search.c: Likewise. * kbx/keybox-update.c: Likewise. * scd/apdu.c: Likewise. * scd/app-openpgp.c: Likewise. * scd/app-p15.c: Likewise. * scd/app.c: Likewise. * scd/ccid-driver.c: Likewise. * scd/command.c: Likewise. * scd/iso7816.c: Likewise. * sm/base64.c: Likewise. * sm/call-agent.c: Likewise. * sm/call-dirmngr.c: Likewise. * sm/certchain.c: Likewise. * sm/gpgsm.c: Likewise. * sm/import.c: Likewise. * sm/keydb.c: Likewise. * sm/minip12.c: Likewise. * sm/qualified.c: Likewise. * sm/server.c: Likewise. * tools/gpg-check-pattern.c: Likewise. * tools/gpgconf-comp.c: Likewise. * tools/gpgkey2ssh.c: Likewise. * tools/gpgparsemail.c: Likewise. * tools/gpgtar.c: Likewise. * tools/rfc822parse.c: Likewise. * tools/symcryptrun.c: Likewise. Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-16 12:41:46 +01:00
* We have to override the trustcheck from pkclist.c because
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* this utility assumes that all keys in the keyring are trustworthy
*/
int
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
(void)ctrl;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)sig;
return 0;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
void
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck,
Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level * g10/trustdb.c (check_trustdb_stale): Request a rebuild if pending_check_trustdb is true (set when we detect a trustdb parameter has changed). * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons listing for min_cert_level not matching. * g10/tdbio.c (tdbio_update_version_record, create_version_record, tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record, tdbio_write_record): Add a byte for min_cert_level in the tdbio version record.
2012-01-20 04:33:51 +01:00
byte *marginals, byte *completes, byte *cert_depth,
byte *min_cert_level)
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
{
(void)trust_model;
(void)created;
(void)nextcheck;
(void)marginals;
(void)completes;
(void)cert_depth;
Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level * g10/trustdb.c (check_trustdb_stale): Request a rebuild if pending_check_trustdb is true (set when we detect a trustdb parameter has changed). * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons listing for min_cert_level not matching. * g10/tdbio.c (tdbio_update_version_record, create_version_record, tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record, tdbio_write_record): Add a byte for min_cert_level in the tdbio version record.
2012-01-20 04:33:51 +01:00
(void)min_cert_level;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
/* Stub:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* We don't have the trustdb , so we have to provide some stub functions
* instead
*/
int
cache_disabled_value(PKT_public_key *pk)
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)pk;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
return 0;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
void
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
check_trustdb_stale (ctrl_t ctrl)
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
{
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
(void)ctrl;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
(void)ctrl;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)pk;
(void)uid;
return '?';
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
unsigned int
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
(void)ctrl;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)pk;
(void)uid;
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
(void)sig;
(void)may_ask;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
return 0;
}
const char *
trust_value_to_string (unsigned int value)
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)value;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
return "err";
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
const char *
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
(void)ctrl;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)key;
(void)uid;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
return "err";
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int
get_ownertrust_info (PKT_public_key *pk)
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)pk;
return '?';
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
unsigned int
get_ownertrust (PKT_public_key *pk)
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)pk;
return TRUST_UNKNOWN;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
/* Stubs:
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* Because we only work with trusted keys, it does not make sense to
* get them from a keyserver
*/
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
struct keyserver_spec *
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
keyserver_match (struct keyserver_spec *spec)
{
(void)spec;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
return NULL;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: Make --auto-key-retrieve work with dirmngr configured server. * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional. * g10/keyserver.c (keyserver_any_configured): New. (keyserver_put): Remove arg keyserver because this will always receive opt.keyserver which is anyway used when connecting dirmngr. Do not check opt.keyserver. (keyserver_import_cert): Replace opt.keyserver by keyserver_any_configured. * g10/mainproc.c (check_sig_and_print): Ditto. * g10/import.c (revocation_present): Ditto. * g10/getkey.c (get_pubkey_byname): Ditto. * g10/gpgv.c (keyserver_any_configured): Add stub. * g10/test-stubs.c (keyserver_any_configured): Add stub. -- The keyserver should be configured in dirmngr.conf and thus we can't use opt.keyserver in gpg to decide whether a keyserver has been configured. GnuPG-bug-id: 2147 Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-21 11:49:27 +01:00
int
keyserver_any_configured (ctrl_t ctrl)
{
(void)ctrl;
return 0;
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
keyserver_import_keyid (u32 *keyid, void *dummy)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)keyid;
(void)dummy;
return -1;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
keyserver_import_cert (const char *name)
{
(void)name;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
return -1;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
keyserver_import_pka (const char *name,unsigned char *fpr)
{
(void)name;
(void)fpr;
return -1;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for Joe.Doe@Example.ORG is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address wk@gnupg.org can be used for testing. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-27 08:34:29 +02:00
gpg_error_t
keyserver_import_wkd (ctrl_t ctrl, const char *name,
unsigned char **fpr, size_t *fpr_len)
{
(void)ctrl;
(void)name;
(void)fpr;
(void)fpr_len;
return GPG_ERR_BUG;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
int
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
keyserver_import_name (const char *name,struct keyserver_spec *spec)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)name;
(void)spec;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
return -1;
}
int
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
keyserver_import_ldap (const char *name)
{
(void)name;
return -1;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Stub:
* No encryption here but mainproc links to these functions.
*/
Re-indent and changed return type.
2010-04-21 19:30:07 +02:00
gpg_error_t
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
get_session_key (ctrl_t ctrl, PKT_pubkey_enc *k, DEK *dek)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
(void)ctrl;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)k;
(void)dek;
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
return GPG_ERR_GENERAL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Stub: */
Re-indent and changed return type.
2010-04-21 19:30:07 +02:00
gpg_error_t
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
get_override_session_key (DEK *dek, const char *string)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)dek;
(void)string;
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
return GPG_ERR_GENERAL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Stub: */
int
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
(void)ctrl;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)procctx;
(void)ed;
(void)dek;
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
return GPG_ERR_GENERAL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
/* Stub:
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
* No interactive commands, so we don't need the helptexts
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*/
void
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
display_online_help (const char *keyword)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)keyword;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
/* Stub:
* We don't use secret keys, but getkey.c links to this
*/
int
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
check_secret_key (PKT_public_key *pk, int n)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
{
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
(void)pk;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)n;
gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
return GPG_ERR_GENERAL;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
}
/* Stub:
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
* No secret key, so no passphrase needed
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*/
DEK *
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
passphrase_to_dek (u32 *keyid, int pubkey_algo,
int cipher_algo, STRING2KEY *s2k, int mode,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
const char *tmp, int *canceled)
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)keyid;
(void)pubkey_algo;
(void)cipher_algo;
(void)s2k;
(void)mode;
(void)tmp;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
if (canceled)
*canceled = 0;
return NULL;
}
2009-08-20 Daiki Ueno <ueno@unixuser.org> * mainproc.c (proc_encrypted): Clear passphrase cached with S2K cache ID if decryption failed. * passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid. * gpgv.c (passphrase_clear_cache): New stub.
2009-08-20 10:41:15 +02:00
void
passphrase_clear_cache (u32 *keyid, const char *cacheid, int algo)
{
(void)keyid;
(void)cacheid;
(void)algo;
}
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
struct keyserver_spec *
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
parse_preferred_keyserver(PKT_signature *sig)
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
{
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
(void)sig;
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
return NULL;
}
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
struct keyserver_spec *
parse_keyserver_uri (const char *uri, int require_scheme,
const char *configname, unsigned int configlineno)
{
(void)uri;
(void)require_scheme;
(void)configname;
(void)configlineno;
return NULL;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
void
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
free_keyserver_spec (struct keyserver_spec *keyserver)
{
(void)keyserver;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* Stubs to avoid linking to photoid.c */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
void
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
show_photos (const struct user_attribute *attrs, int count, PKT_public_key *pk)
{
(void)attrs;
(void)count;
(void)pk;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
int
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
parse_image_header (const struct user_attribute *attr, byte *type, u32 *len)
{
(void)attr;
(void)type;
(void)len;
return 0;
}
char *
image_type_to_string (byte type, int string)
{
(void)type;
(void)string;
return NULL;
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#ifdef ENABLE_CARD_SUPPORT
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
int
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
agent_scd_getattr (const char *name, struct agent_card_info_s *info)
{
(void)name;
(void)info;
return 0;
}
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
#endif /* ENABLE_CARD_SUPPORT */
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
/* We do not do any locking, so use these stubs here */
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
void
Renamed the lock functions. Also cleaned up the dotlock code for easier readability.
2011-09-23 14:43:58 +02:00
dotlock_disable (void)
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
{
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
dotlock_t
Add a flag parameter to dotlock_create. This allows us to extend this function in the future.
2011-09-28 15:41:58 +02:00
dotlock_create (const char *file_to_lock, unsigned int flags)
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
{
(void)file_to_lock;
Add a flag parameter to dotlock_create. This allows us to extend this function in the future.
2011-09-28 15:41:58 +02:00
(void)flags;
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
return NULL;
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
void
Renamed the lock functions. Also cleaned up the dotlock code for easier readability.
2011-09-23 14:43:58 +02:00
dotlock_destroy (dotlock_t h)
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
{
(void)h;
}
int
Renamed the lock functions. Also cleaned up the dotlock code for easier readability.
2011-09-23 14:43:58 +02:00
dotlock_take (dotlock_t h, long timeout)
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
{
(void)h;
(void)timeout;
return 0;
}
int
Renamed the lock functions. Also cleaned up the dotlock code for easier readability.
2011-09-23 14:43:58 +02:00
dotlock_release (dotlock_t h)
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
{
(void)h;
return 0;
}
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
void
Renamed the lock functions. Also cleaned up the dotlock code for easier readability.
2011-09-23 14:43:58 +02:00
dotlock_remove_lockfiles (void)
Marked all unused args on non-W32 platforms.
2008-10-20 15:53:23 +02:00
{
}
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
gpg_error_t
agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
{
(void)ctrl;
(void)pk;
return gpg_error (GPG_ERR_NO_SECKEY);
}
More agent support for gpg.
2010-10-13 17:57:08 +02:00
gpg_error_t
agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
{
(void)ctrl;
(void)keyblock;
return gpg_error (GPG_ERR_NO_SECKEY);
}
gpg_error_t
agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno)
{
(void)ctrl;
(void)hexkeygrip;
*r_serialno = NULL;
return gpg_error (GPG_ERR_NO_SECKEY);
}
gpg: Move all DNS access to Dirmngr. * common/dns-cert.h: Move to ../dirmngr/. * common/dns-cert.c: Move to ../dirmngr/. Change args to return the key as a buffer. * common/t-dns-cert.c: Move to ../dirmngr/. * common/pka.c, common/pka.h, common/t-pka.c: Remove. * dirmngr/server.c (data_line_cookie_write): Factor code out to data_line_write and make it a wrapper for that. (data_line_write): New. (cmd_dns_cert): New. (register_commands): Register new command. * g10/Makefile.am (LDADD): Remove DNSLIBS. * g10/call-dirmngr.c (dns_cert_parm_s): New. (dns_cert_data_cb, dns_cert_status_cb): New. (gpg_dirmngr_dns_cert): New. (gpg_dirmngr_get_pka): New. * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function. * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by gpg_dirmngr_dns_cert. (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka. * g10/mainproc.c: Include call-dirmngr.h. (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by gpg_dirmngr_get_pka. -- With this patch gpg does not do any network access itself but uses dirmngr for that. Note that we need to keep linking to NETLIBS due to the logging code and because we need TCP for our socket emulation under Windows. Probably also required for Solaris etc. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-23 15:42:56 +02:00
gpg_error_t
gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
unsigned char **r_fpr, size_t *r_fprlen,
char **r_url)
{
(void)ctrl;
(void)userid;
if (r_fpr)
*r_fpr = NULL;
if (r_fprlen)
*r_fprlen = 0;
if (r_url)
*r_url = NULL;
return gpg_error (GPG_ERR_NOT_FOUND);
}
gpg: Add option --print-dane-records. * g10/options.h (opt): Add field "print_dane_records". * g10/gpg.c (oPrintDANERecords): new. (opts): Add --print-dane-records. (main): Set that option. * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling. (do_export_stream): Add EXPORT_DANE_FORMAT handling. * g10/keylist.c (list_keyblock_pka): Implement DANE record printing. * g10/gpgv.c (export_pubkey_buffer): New stub. * g10/test-stubs.c (export_pubkey_buffer): New stub. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 15:04:45 +02:00
gpg_error_t
export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options,
gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:02:35 +01:00
export_stats_t stats,
gpg: Add option --print-dane-records. * g10/options.h (opt): Add field "print_dane_records". * g10/gpg.c (oPrintDANERecords): new. (opts): Add --print-dane-records. (main): Set that option. * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling. (do_export_stream): Add EXPORT_DANE_FORMAT handling. * g10/keylist.c (list_keyblock_pka): Implement DANE record printing. * g10/gpgv.c (export_pubkey_buffer): New stub. * g10/test-stubs.c (export_pubkey_buffer): New stub. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 15:04:45 +02:00
kbnode_t *r_keyblock, void **r_data, size_t *r_datalen)
{
(void)ctrl;
(void)keyspec;
(void)options;
gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:02:35 +01:00
(void)stats;
gpg: Add option --print-dane-records. * g10/options.h (opt): Add field "print_dane_records". * g10/gpg.c (oPrintDANERecords): new. (opts): Add --print-dane-records. (main): Set that option. * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling. (do_export_stream): Add EXPORT_DANE_FORMAT handling. * g10/keylist.c (list_keyblock_pka): Implement DANE record printing. * g10/gpgv.c (export_pubkey_buffer): New stub. * g10/test-stubs.c (export_pubkey_buffer): New stub. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 15:04:45 +02:00
*r_keyblock = NULL;
*r_data = NULL;
*r_datalen = 0;
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
}
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
gpg_error_t
gpg: Store the Tofu meta handle for databases in CTRL. * g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations. (struct server_control_s): Add field tofu.dbs. * g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by by tofu_dbs_t. (opendbs): Add arg CTRL. Cache the DBS in CTRL. (closedbs): Rename to tofu_closedbs and make global. Add arg CTRL. (tofu_register): Add arg CTRL. Change all callers. Do not call closedbs. (tofu_get_validity): Ditto. (tofu_set_policy): Ditto. (tofu_get_policy): Ditto. (tofu_set_policy_by_keyid): Add arg CTRL. * g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 12:26:44 +02:00
tofu_get_policy (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *user_id,
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
enum tofu_policy *policy)
{
gpg: Store the Tofu meta handle for databases in CTRL. * g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations. (struct server_control_s): Add field tofu.dbs. * g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by by tofu_dbs_t. (opendbs): Add arg CTRL. Cache the DBS in CTRL. (closedbs): Rename to tofu_closedbs and make global. Add arg CTRL. (tofu_register): Add arg CTRL. Change all callers. Do not call closedbs. (tofu_get_validity): Ditto. (tofu_set_policy): Ditto. (tofu_get_policy): Ditto. (tofu_set_policy_by_keyid): Add arg CTRL. * g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 12:26:44 +02:00
(void)ctrl;
g10: Add TOFU support. * configure.ac: Check for sqlite3. (SQLITE3_CFLAGS): AC_SUBST it. (SQLITE3_LIBS): Likewise. * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS). (gpg2_SOURCES): Add tofu.h and tofu.c. (gpg2_LDADD): Add $(SQLITE3_LIBS). * g10/tofu.c: New file. * g10/tofu.h: New file. * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP. (tofu_db_format): Define. * g10/packet.h (PKT_signature): Add fields digest and digest_len. * g10/gpg.c: Include "tofu.h". (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy, oTOFUDBFormat. (opts): Add them. (parse_trust_model): Recognize the tofu and tofu+pgp trust models. (parse_tofu_policy): New function. (parse_tofu_db_format): New function. (main): Initialize opt.tofu_default_policy and opt.tofu_db_format. Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat. * g10/mainproc.c (do_check_sig): If the signature is good, copy the hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately. * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update callers. (tdb_get_validity_core): Add arguments sig and may_ask. Update callers. * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them to tdb_get_validity_core. * g10/trustdb.c: Include "tofu.h". (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP. (tdb_get_validity_core): Add arguments sig and may_ask. If OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust level. Combine it with the computed PGP trust level, if appropriate. * g10/keyedit.c: Include "tofu.h". (show_key_with_all_names_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/keylist.c: Include "tofu.h". (public_key_list): Also show the PGP stats if the trust model is TM_TOFU_PGP. (list_keyblock_colon): If the trust mode is tofu or tofu+pgp, then show the trust policy. * g10/pkclist.c: Include "tofu.h". * g10/gpgv.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * g10/test-stubs.c (get_validity): Add arguments sig and may_ask. (enum tofu_policy): Define. (tofu_get_policy): New stub. (tofu_policy_str): Likewise. * doc/DETAILS: Describe the TOFU Policy field. * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu, --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format. * tests/openpgp/Makefile.am (TESTS): Add tofu.test. (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt. (CLEANFILES): Add tofu.db. (clean-local): Add tofu.d. * tests/openpgp/tofu.test: New file. * tests/openpgp/tofu-2183839A-1.txt: New file. * tests/openpgp/tofu-BC15C85A-1.txt: New file. * tests/openpgp/tofu-EE37CF96-1.txt: New file. * tests/openpgp/tofu-keys.asc: New file. * tests/openpgp/tofu-keys-secret.asc: New file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:44:05 +02:00
(void)pk;
(void)user_id;
(void)policy;
return gpg_error (GPG_ERR_GENERAL);
}
const char *
tofu_policy_str (enum tofu_policy policy)
{
(void)policy;
return "unknown";
}
gpg: Provide an interface to patch TOFU updates. * g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch. Rename end_transaction to savepoint_batch_commit. Update users. Remove field rollback. Add fields savepoint_inner and savepoint_inner_commit. Add field batch_update. (dump_cache): New function. (batch_update): New variable. (begin_transaction). New function. (end_transaction): New function. (rollback_transaction): New function. (tofu_begin_batch_update): New function. (tofu_end_batch_update): New function. (closedb): End any pending batch transaction. (closedbs): Assert that none of the DBs have a started batch transaction if we not in batch mode. (record_binding): Use the begin_transaction, end_transaction and rollback_transaction functions instead of including the SQL inline. Also start a batch mode transaction if we are using the flat format. (tofu_register): Use the begin_transaction, end_transaction and rollback_transaction functions instead of including the SQL inline. * g10/gpgv.c (tofu_begin_batch_update): New function. (tofu_end_batch_update): New function. * g10/test-stubs.c (tofu_begin_batch_update): New function. (tofu_end_batch_update): New function. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-23 17:23:17 +02:00
void
tofu_begin_batch_update (void)
{
}
void
tofu_end_batch_update (void)
{
}