security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Collected fixes.

This commit is contained in:
Werner Koch 2006-11-05 15:08:58 +00:00
parent 1e9f026d29
commit 10d563da08
17 changed files with 160 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
AUTHORS
View File

@ -11,7 +11,7 @@ Ales Nyakhaychyk <nyakhaychyk@i1fn.linux.by> Translations [be]
Birger Langkjer <birger.langkjer@image.dk> Translations [da]
Maxim Britov <maxbritov@tut.by> Translations [ru]
Maxim Britov <maxim.britov@gmail.com> Translations [ru]
Daniel Resare <daniel@resare.com> Translations [sv]
Per Tunedal <per@clipanish.com> Translations [sv]
@ -81,7 +81,7 @@ Nils Ellmenreich <nils 'at' infosun.fmi.uni-passau.de>
Paul Eggert <eggert@twinsun.com>
(configuration macros for LFS)
Pavel I. Shajdo <zwon@severodvinsk.ru> Translations [ru]
Pavel I. Shajdo <pshajdo@gmail.com> Translations [ru]
(man pages)
Pedro Morais <morais@poli.org> Translations [pt_PT]

4
ChangeLog
View File

@ -1,3 +1,7 @@
2006-11-03 Werner Koch <wk@g10code.com>
* configure.ac: Test for pty.h. From Gentoo.
2006-10-24 Werner Koch <wk@g10code.com>
Released 1.9.94.

5
common/ChangeLog
View File

@ -1,3 +1,8 @@
2006-11-03 Werner Koch <wk@g10code.com>
* Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From
Gentoo.
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS).

2
common/Makefile.am
View File

@ -81,6 +81,6 @@ module_tests = t-convert
t_common_ldadd = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a \
$(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS)
t_convert_DEPENDENCIES = convert.c
t_convert_DEPENDENCIES = convert.c libcommon.a
t_convert_LDADD = $(t_common_ldadd)

4
configure.ac
View File

@ -876,7 +876,7 @@ fi
#
AC_HEADER_STDC
AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
AC_CHECK_HEADERS([pwd.h inttypes.h])
AC_CHECK_HEADERS([pty.h pwd.h inttypes.h])
#
@ -1245,7 +1245,7 @@ if test "$have_libassuan" = "no"; then
***
*** You need libassuan with Pth support to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/
*** ftp://ftp.gnupg.org/gcrypt/libassuan/
*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
***]])
fi

4
doc/ChangeLog
View File

@ -1,3 +1,7 @@
2006-10-30 Werner Koch <wk@g10code.com>
* faq.raw: Minor corrections.
2006-10-12 Werner Koch <wk@g10code.com>
* Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict

6
doc/faq.raw
View File

@ -583,7 +583,9 @@ you could search in the mailing list archive.
GnuPG keeps several files in a special homedir directory. These
include the options file, pubring.gpg, secring.gpg, trustdb.gpg,
and others. GnuPG will always create and use these files. On unices,
the homedir is usually ~/.gnupg; on Windows "C:\gnupg\".
the homedir is usually ~/.gnupg; on Windows it is name "gnupg" and
found below the user's application directory. Run the gpg and
pass the option --version to see the name of that directory.
If you want to put your keyrings somewhere else, use the option:
@ -978,7 +980,7 @@ you could search in the mailing list archive.
You are most likely using GnuPG 1.0.2 or older on Windows. That's
feature isn't yet implemented, but it's a bug not to say it. Newer
versions issue a warning. Upgrade to 1.0.4 or newer.
versions issue a warning. Upgrade to 1.4.5 or newer.
<Q> I get "gpg: waiting for lock ..."

15
g10/ChangeLog
View File

@ -1,3 +1,18 @@
2006-11-05 Werner Koch <wk@g10code.com>
* gpg.c (main): Remove the default --require-cross-certification.
* options.skel: Enable require-cross-certification.
2006-10-31 Werner Koch <wk@g10code.com>
* pkclist.c (warn_missing_aes_from_pklist): New.
* encode.c (encrypt_filter, encode_crypt): Use it here.
2006-10-27 Werner Koch <wk@g10code.com>
* pkclist.c (warn_missing_mdc_from_pklist): New.
* encode.c (use_mdc): Use it here.
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).

21
g10/encode.c
View File

@ -147,6 +147,9 @@ use_mdc(PK_LIST pk_list,int algo)
if (gcry_cipher_get_algo_blklen (algo) != 8)
return 1;
if (opt.verbose)
warn_missing_mdc_from_pklist (pk_list);
return 0; /* No MDC */
}
@ -521,6 +524,14 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
compliance_failure();
}
}
/* In case 3DES has been selected, print a warning if
any key does not have a preference for AES. This
should help to indentify why encrypting to several
recipients falls back to 3DES. */
if (opt.verbose
&& cfx.dek->algo == CIPHER_ALGO_3DES)
warn_missing_aes_from_pklist (pk_list);
}
else {
if(!opt.expert &&
@ -533,7 +544,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
cfx.dek->algo = opt.def_cipher_algo;
}
cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
/* Only do the is-file-already-compressed check if we are using a
@ -716,6 +727,14 @@ encrypt_filter( void *opaque, int control,
* happen if we do not have any public keys in the list */
efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
}
/* In case 3DES has been selected, print a warning if
any key does not have a preference for AES. This
should help to indentify why encrypting to several
recipients falls back to 3DES. */
if (opt.verbose
&& efx->cfx.dek->algo == CIPHER_ALGO_3DES)
warn_missing_aes_from_pklist (efx->pk_list);
}
else {
if(!opt.expert &&

1
g10/gpg.c
View File

@ -1857,7 +1857,6 @@ main (int argc, char **argv )
opt.rfc2440_text=1;
opt.def_sig_expire="0";
opt.def_cert_expire="0";
opt.flags.require_cross_cert = 1;
set_homedir ( default_homedir () );
/* Check whether we have a config file on the command line. */

2
g10/keydb.h
View File

@ -188,6 +188,8 @@ int algo_available( preftype_t preftype, int algo,
int select_algo_from_prefs( PK_LIST pk_list, int preftype,
int request, const union pref_hint *hint);
int select_mdc_from_pklist (PK_LIST pk_list);
void warn_missing_mdc_from_pklist (PK_LIST pk_list);
void warn_missing_aes_from_pklist (PK_LIST pk_list);
/*-- skclist.c --*/
int random_is_faked (void);

28
g10/options.skel
View File

@ -53,6 +53,15 @@
#no-escape-from-lines
# When verifying a signature made from a subkey, ensure that the cross
# certification "back signature" on the subkey is present and valid.
# This protects against a subtle attack against subkeys that can sign.
# Defaults to --no-require-cross-certification. However for new
# installations it should be enabled.
require-cross-certification
# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
# GnuPG which is the native character set. Please check the man page
# for supported character sets. This character set is only used for
@ -191,22 +200,3 @@ keyserver hkp://subkeys.pgp.net
# Use your MIME handler to view photos:
# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
# Passphrase agent
#
# We support the old experimental passphrase agent protocol as well as
# the new Assuan based one (currently available in the "newpg" package
# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent,
# you have to run an agent as daemon and use the option
#
# use-agent
#
# which tries to use the agent but will fallback to the regular mode
# if there is a problem connecting to the agent. The normal way to
# locate the agent is by looking at the environment variable
# GPG_AGENT_INFO which should have been set during gpg-agent startup.
# In certain situations the use of this variable is not possible, thus
# the option
#
# --gpg-agent-info=<path>:<pid>:1
#
# may be used to override it.

84
g10/pkclist.c
View File

@ -1328,9 +1328,10 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request,
}
#if 0
log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX\n",
log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX (%s)\n",
(ulong)mask[7], (ulong)mask[6], (ulong)mask[5], (ulong)mask[4],
(ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0]);
(ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0],
keystr_from_pk (pkr->pk));
#endif
for(i=0; i < 8; i++ )
bits[i] &= mask[i];
@ -1423,26 +1424,73 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request,
}
/*
* Select the MDC flag from the pk_list. We can only use MDC if all recipients
* support this feature
* Select the MDC flag from the pk_list. We can only use MDC if all
* recipients support this feature.
*/
int
select_mdc_from_pklist (PK_LIST pk_list)
{
PK_LIST pkr;
PK_LIST pkr;
if( !pk_list )
return 0;
for (pkr = pk_list; pkr; pkr = pkr->next) {
int mdc;
if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc;
else
mdc = pkr->pk->mdc_feature;
if (!mdc)
return 0; /* at least one recipient does not support it */
if ( !pk_list )
return 0;
for (pkr = pk_list; pkr; pkr = pkr->next)
{
int mdc;
if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc;
else
mdc = pkr->pk->mdc_feature;
if (!mdc)
return 0; /* At least one recipient does not support it. */
}
return 1; /* Can be used. */
}
/* Print a warning for all keys in PK_LIST missing the MDC feature. */
void
warn_missing_mdc_from_pklist (PK_LIST pk_list)
{
PK_LIST pkr;
for (pkr = pk_list; pkr; pkr = pkr->next)
{
int mdc;
if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc;
else
mdc = pkr->pk->mdc_feature;
if (!mdc)
log_info (_("Note: key %s has no %s feature\n"),
keystr_from_pk (pkr->pk), "MDC");
}
}
void
warn_missing_aes_from_pklist (PK_LIST pk_list)
{
PK_LIST pkr;
for (pkr = pk_list; pkr; pkr = pkr->next)
{
const prefitem_t *prefs;
int i;
int gotit = 0;
prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs;
if (prefs)
{
for (i=0; !gotit && prefs[i].type; i++ )
if (prefs[i].type == PREFTYPE_SYM
&& prefs[i].value == CIPHER_ALGO_AES)
gotit++;
}
if (!gotit)
log_info (_("Note: key %s has no preference for %s\n"),
keystr_from_pk (pkr->pk), "AES");
}
return 1; /* can be used */
}

4
tests/ChangeLog
View File

@ -1,3 +1,7 @@
2006-11-05 Werner Koch <wk@g10code.com>
* asschk.c (read_assuan): Minor cleanups.
2006-09-06 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (openpgp): New variable.

23
tests/asschk.c
View File

@ -273,10 +273,12 @@ writen (int fd, const char *buffer, size_t length)
type and store that in recv_type. The function terminates on a
communication error. Returns a pointer into the inputline to the
first byte of the arguments. The parsing is very strict to match
excalty what we want to send. */
exaclty what we want to send. */
static char *
read_assuan (int fd)
{
/* FIXME: For general robustness, the pending stuff needs to be
associated with FD. */
static char pending[MAX_LINELEN];
static size_t pending_len;
size_t nleft = sizeof recv_line;
@ -296,11 +298,18 @@ read_assuan (int fd)
pending_len = 0;
}
else
n = read (fd, buf, nleft);
if (opt_verbose)
{
do
{
n = read (fd, buf, nleft);
}
while (n < 0 && errno == EINTR);
}
if (opt_verbose && n >= 0 )
{
int i;
printf ("%s: read \"", __FUNCTION__);
for (i = 0; i < n; i ++)
putc (buf[i], stdout);
@ -308,11 +317,7 @@ read_assuan (int fd)
}
if (n < 0)
{
if (errno == EINTR)
continue;
die ("reading fd %d failed: %s", fd, strerror (errno));
}
die ("reading fd %d failed: %s", fd, strerror (errno));
else if (!n)
die ("received incomplete line on fd %d", fd);
p = buf;

5
tools/ChangeLog
View File

@ -1,3 +1,8 @@
2006-11-03 Werner Koch <wk@g10code.com>
* symcryptrun.c: Include signal.h and include pth.h only if test
asserts that it exists.
2006-10-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <gpgsm>: Add --cipher-algo.

3
tools/symcryptrun.c
View File

@ -69,10 +69,13 @@
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <signal.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#ifdef HAVE_PTY_H
#include <pty.h>
#endif
#include <utmp.h>
#include <ctype.h>
#ifdef HAVE_LOCALE_H