security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Collected fixes.

This commit is contained in:
Werner Koch 2006-11-05 15:08:58 +00:00
parent 1e9f026d29
commit 10d563da08
17 changed files with 160 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
AUTHORS
View File

@ -11,7 +11,7 @@ Ales Nyakhaychyk <nyakhaychyk@i1fn.linux.by> Translations [be]
Birger Langkjer <birger.langkjer@image.dk> Translations [da] Birger Langkjer <birger.langkjer@image.dk> Translations [da]
Maxim Britov <maxbritov@tut.by> Translations [ru] Maxim Britov <maxim.britov@gmail.com> Translations [ru]
Daniel Resare <daniel@resare.com> Translations [sv] Daniel Resare <daniel@resare.com> Translations [sv]
Per Tunedal <per@clipanish.com> Translations [sv] Per Tunedal <per@clipanish.com> Translations [sv]
@ -81,7 +81,7 @@ Nils Ellmenreich <nils 'at' infosun.fmi.uni-passau.de>
Paul Eggert <eggert@twinsun.com> Paul Eggert <eggert@twinsun.com>
(configuration macros for LFS) (configuration macros for LFS)
Pavel I. Shajdo <zwon@severodvinsk.ru> Translations [ru] Pavel I. Shajdo <pshajdo@gmail.com> Translations [ru]
(man pages) (man pages)
Pedro Morais <morais@poli.org> Translations [pt_PT] Pedro Morais <morais@poli.org> Translations [pt_PT]

4
ChangeLog
View File

@ -1,3 +1,7 @@
2006-11-03 Werner Koch <wk@g10code.com>
* configure.ac: Test for pty.h. From Gentoo.
2006-10-24 Werner Koch <wk@g10code.com> 2006-10-24 Werner Koch <wk@g10code.com>
Released 1.9.94. Released 1.9.94.

5
common/ChangeLog
View File

@ -1,3 +1,8 @@
2006-11-03 Werner Koch <wk@g10code.com>
* Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From
Gentoo.
2006-10-24 Marcus Brinkmann <marcus@g10code.de> 2006-10-24 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS). * Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS).

2
common/Makefile.am
View File

@ -81,6 +81,6 @@ module_tests = t-convert
t_common_ldadd = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a \ t_common_ldadd = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a \
$(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS)
t_convert_DEPENDENCIES = convert.c t_convert_DEPENDENCIES = convert.c libcommon.a
t_convert_LDADD = $(t_common_ldadd) t_convert_LDADD = $(t_common_ldadd)

4
configure.ac
View File

@ -876,7 +876,7 @@ fi
# #
AC_HEADER_STDC AC_HEADER_STDC
AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h]) AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
AC_CHECK_HEADERS([pwd.h inttypes.h]) AC_CHECK_HEADERS([pty.h pwd.h inttypes.h])
# #
@ -1245,7 +1245,7 @@ if test "$have_libassuan" = "no"; then
*** ***
*** You need libassuan with Pth support to build this program. *** You need libassuan with Pth support to build this program.
*** This library is for example available at *** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/alpha/libassuan/ *** ftp://ftp.gnupg.org/gcrypt/libassuan/
*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required). *** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).
***]]) ***]])
fi fi

4
doc/ChangeLog
View File

@ -1,3 +1,7 @@
2006-10-30 Werner Koch <wk@g10code.com>
* faq.raw: Minor corrections.
2006-10-12 Werner Koch <wk@g10code.com> 2006-10-12 Werner Koch <wk@g10code.com>
* Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict * Makefile.am (man_MANS): Do not install gnupg.7 due to a conflict

6
doc/faq.raw
View File

@ -583,7 +583,9 @@ you could search in the mailing list archive.
GnuPG keeps several files in a special homedir directory. These GnuPG keeps several files in a special homedir directory. These
include the options file, pubring.gpg, secring.gpg, trustdb.gpg, include the options file, pubring.gpg, secring.gpg, trustdb.gpg,
and others. GnuPG will always create and use these files. On unices, and others. GnuPG will always create and use these files. On unices,
the homedir is usually ~/.gnupg; on Windows "C:\gnupg\". the homedir is usually ~/.gnupg; on Windows it is name "gnupg" and
found below the user's application directory. Run the gpg and
pass the option --version to see the name of that directory.
If you want to put your keyrings somewhere else, use the option: If you want to put your keyrings somewhere else, use the option:
@ -978,7 +980,7 @@ you could search in the mailing list archive.
You are most likely using GnuPG 1.0.2 or older on Windows. That's You are most likely using GnuPG 1.0.2 or older on Windows. That's
feature isn't yet implemented, but it's a bug not to say it. Newer feature isn't yet implemented, but it's a bug not to say it. Newer
versions issue a warning. Upgrade to 1.0.4 or newer. versions issue a warning. Upgrade to 1.4.5 or newer.
<Q> I get "gpg: waiting for lock ..." <Q> I get "gpg: waiting for lock ..."

15
g10/ChangeLog
View File

@ -1,3 +1,18 @@
2006-11-05 Werner Koch <wk@g10code.com>
* gpg.c (main): Remove the default --require-cross-certification.
* options.skel: Enable require-cross-certification.
2006-10-31 Werner Koch <wk@g10code.com>
* pkclist.c (warn_missing_aes_from_pklist): New.
* encode.c (encrypt_filter, encode_crypt): Use it here.
2006-10-27 Werner Koch <wk@g10code.com>
* pkclist.c (warn_missing_mdc_from_pklist): New.
* encode.c (use_mdc): Use it here.
2006-10-24 Marcus Brinkmann <marcus@g10code.de> 2006-10-24 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS). * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).

21
g10/encode.c
View File

@ -147,6 +147,9 @@ use_mdc(PK_LIST pk_list,int algo)
if (gcry_cipher_get_algo_blklen (algo) != 8) if (gcry_cipher_get_algo_blklen (algo) != 8)
return 1; return 1;
if (opt.verbose)
warn_missing_mdc_from_pklist (pk_list);
return 0; /* No MDC */ return 0; /* No MDC */
} }
@ -521,6 +524,14 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
compliance_failure(); compliance_failure();
} }
} }
/* In case 3DES has been selected, print a warning if
any key does not have a preference for AES. This
should help to indentify why encrypting to several
recipients falls back to 3DES. */
if (opt.verbose
&& cfx.dek->algo == CIPHER_ALGO_3DES)
warn_missing_aes_from_pklist (pk_list);
} }
else { else {
if(!opt.expert && if(!opt.expert &&
@ -533,7 +544,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
cfx.dek->algo = opt.def_cipher_algo; cfx.dek->algo = opt.def_cipher_algo;
} }
cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo); cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
/* Only do the is-file-already-compressed check if we are using a /* Only do the is-file-already-compressed check if we are using a
@ -716,6 +727,14 @@ encrypt_filter( void *opaque, int control,
* happen if we do not have any public keys in the list */ * happen if we do not have any public keys in the list */
efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
} }
/* In case 3DES has been selected, print a warning if
any key does not have a preference for AES. This
should help to indentify why encrypting to several
recipients falls back to 3DES. */
if (opt.verbose
&& efx->cfx.dek->algo == CIPHER_ALGO_3DES)
warn_missing_aes_from_pklist (efx->pk_list);
} }
else { else {
if(!opt.expert && if(!opt.expert &&

1
g10/gpg.c
View File

@ -1857,7 +1857,6 @@ main (int argc, char **argv )
opt.rfc2440_text=1; opt.rfc2440_text=1;
opt.def_sig_expire="0"; opt.def_sig_expire="0";
opt.def_cert_expire="0"; opt.def_cert_expire="0";
opt.flags.require_cross_cert = 1;
set_homedir ( default_homedir () ); set_homedir ( default_homedir () );
/* Check whether we have a config file on the command line. */ /* Check whether we have a config file on the command line. */

2
g10/keydb.h
View File

@ -188,6 +188,8 @@ int algo_available( preftype_t preftype, int algo,
int select_algo_from_prefs( PK_LIST pk_list, int preftype, int select_algo_from_prefs( PK_LIST pk_list, int preftype,
int request, const union pref_hint *hint); int request, const union pref_hint *hint);
int select_mdc_from_pklist (PK_LIST pk_list); int select_mdc_from_pklist (PK_LIST pk_list);
void warn_missing_mdc_from_pklist (PK_LIST pk_list);
void warn_missing_aes_from_pklist (PK_LIST pk_list);
/*-- skclist.c --*/ /*-- skclist.c --*/
int random_is_faked (void); int random_is_faked (void);

28
g10/options.skel
View File

@ -53,6 +53,15 @@
#no-escape-from-lines #no-escape-from-lines
# When verifying a signature made from a subkey, ensure that the cross
# certification "back signature" on the subkey is present and valid.
# This protects against a subtle attack against subkeys that can sign.
# Defaults to --no-require-cross-certification. However for new
# installations it should be enabled.
require-cross-certification
# If you do not use the Latin-1 (ISO-8859-1) charset, you should tell # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell
# GnuPG which is the native character set. Please check the man page # GnuPG which is the native character set. Please check the man page
# for supported character sets. This character set is only used for # for supported character sets. This character set is only used for
@ -191,22 +200,3 @@ keyserver hkp://subkeys.pgp.net
# Use your MIME handler to view photos: # Use your MIME handler to view photos:
# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"
# Passphrase agent
#
# We support the old experimental passphrase agent protocol as well as
# the new Assuan based one (currently available in the "newpg" package
# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent,
# you have to run an agent as daemon and use the option
#
# use-agent
#
# which tries to use the agent but will fallback to the regular mode
# if there is a problem connecting to the agent. The normal way to
# locate the agent is by looking at the environment variable
# GPG_AGENT_INFO which should have been set during gpg-agent startup.
# In certain situations the use of this variable is not possible, thus
# the option
#
# --gpg-agent-info=<path>:<pid>:1
#
# may be used to override it.

84
g10/pkclist.c
View File

@ -1328,9 +1328,10 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request,
} }
#if 0 #if 0
log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX\n", log_debug("pref mask=%08lX%08lX%08lX%08lX%08lX%08lX%08lX%08lX (%s)\n",
(ulong)mask[7], (ulong)mask[6], (ulong)mask[5], (ulong)mask[4], (ulong)mask[7], (ulong)mask[6], (ulong)mask[5], (ulong)mask[4],
(ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0]); (ulong)mask[3], (ulong)mask[2], (ulong)mask[1], (ulong)mask[0],
keystr_from_pk (pkr->pk));
#endif #endif
for(i=0; i < 8; i++ ) for(i=0; i < 8; i++ )
bits[i] &= mask[i]; bits[i] &= mask[i];
@ -1423,26 +1424,73 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request,
} }
/* /*
* Select the MDC flag from the pk_list. We can only use MDC if all recipients * Select the MDC flag from the pk_list. We can only use MDC if all
* support this feature * recipients support this feature.
*/ */
int int
select_mdc_from_pklist (PK_LIST pk_list) select_mdc_from_pklist (PK_LIST pk_list)
{ {
PK_LIST pkr; PK_LIST pkr;
if( !pk_list ) if ( !pk_list )
return 0; return 0;
for (pkr = pk_list; pkr; pkr = pkr->next) { for (pkr = pk_list; pkr; pkr = pkr->next)
int mdc; {
int mdc;
if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc; if (pkr->pk->user_id) /* selected by user ID */
else mdc = pkr->pk->user_id->flags.mdc;
mdc = pkr->pk->mdc_feature; else
if (!mdc) mdc = pkr->pk->mdc_feature;
return 0; /* at least one recipient does not support it */ if (!mdc)
return 0; /* At least one recipient does not support it. */
}
return 1; /* Can be used. */
}
/* Print a warning for all keys in PK_LIST missing the MDC feature. */
void
warn_missing_mdc_from_pklist (PK_LIST pk_list)
{
PK_LIST pkr;
for (pkr = pk_list; pkr; pkr = pkr->next)
{
int mdc;
if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc;
else
mdc = pkr->pk->mdc_feature;
if (!mdc)
log_info (_("Note: key %s has no %s feature\n"),
keystr_from_pk (pkr->pk), "MDC");
}
}
void
warn_missing_aes_from_pklist (PK_LIST pk_list)
{
PK_LIST pkr;
for (pkr = pk_list; pkr; pkr = pkr->next)
{
const prefitem_t *prefs;
int i;
int gotit = 0;
prefs = pkr->pk->user_id? pkr->pk->user_id->prefs : pkr->pk->prefs;
if (prefs)
{
for (i=0; !gotit && prefs[i].type; i++ )
if (prefs[i].type == PREFTYPE_SYM
&& prefs[i].value == CIPHER_ALGO_AES)
gotit++;
}
if (!gotit)
log_info (_("Note: key %s has no preference for %s\n"),
keystr_from_pk (pkr->pk), "AES");
} }
return 1; /* can be used */
} }

4
tests/ChangeLog
View File

@ -1,3 +1,7 @@
2006-11-05 Werner Koch <wk@g10code.com>
* asschk.c (read_assuan): Minor cleanups.
2006-09-06 Marcus Brinkmann <marcus@g10code.de> 2006-09-06 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (openpgp): New variable. * Makefile.am (openpgp): New variable.

23
tests/asschk.c
View File

@ -273,10 +273,12 @@ writen (int fd, const char *buffer, size_t length)
type and store that in recv_type. The function terminates on a type and store that in recv_type. The function terminates on a
communication error. Returns a pointer into the inputline to the communication error. Returns a pointer into the inputline to the
first byte of the arguments. The parsing is very strict to match first byte of the arguments. The parsing is very strict to match
excalty what we want to send. */ exaclty what we want to send. */
static char * static char *
read_assuan (int fd) read_assuan (int fd)
{ {
/* FIXME: For general robustness, the pending stuff needs to be
associated with FD. */
static char pending[MAX_LINELEN]; static char pending[MAX_LINELEN];
static size_t pending_len; static size_t pending_len;
size_t nleft = sizeof recv_line; size_t nleft = sizeof recv_line;
@ -296,11 +298,18 @@ read_assuan (int fd)
pending_len = 0; pending_len = 0;
} }
else else
n = read (fd, buf, nleft); {
do
if (opt_verbose) {
n = read (fd, buf, nleft);
}
while (n < 0 && errno == EINTR);
}
if (opt_verbose && n >= 0 )
{ {
int i; int i;
printf ("%s: read \"", __FUNCTION__); printf ("%s: read \"", __FUNCTION__);
for (i = 0; i < n; i ++) for (i = 0; i < n; i ++)
putc (buf[i], stdout); putc (buf[i], stdout);
@ -308,11 +317,7 @@ read_assuan (int fd)
} }
if (n < 0) if (n < 0)
{ die ("reading fd %d failed: %s", fd, strerror (errno));
if (errno == EINTR)
continue;
die ("reading fd %d failed: %s", fd, strerror (errno));
}
else if (!n) else if (!n)
die ("received incomplete line on fd %d", fd); die ("received incomplete line on fd %d", fd);
p = buf; p = buf;

5
tools/ChangeLog
View File

@ -1,3 +1,8 @@
2006-11-03 Werner Koch <wk@g10code.com>
* symcryptrun.c: Include signal.h and include pth.h only if test
asserts that it exists.
2006-10-23 Werner Koch <wk@g10code.com> 2006-10-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <gpgsm>: Add --cipher-algo. * gpgconf-comp.c <gpgsm>: Add --cipher-algo.

3
tools/symcryptrun.c
View File

@ -69,10 +69,13 @@
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <assert.h> #include <assert.h>
#include <signal.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/wait.h> #include <sys/wait.h>
#ifdef HAVE_PTY_H
#include <pty.h> #include <pty.h>
#endif
#include <utmp.h> #include <utmp.h>
#include <ctype.h> #include <ctype.h>
#ifdef HAVE_LOCALE_H #ifdef HAVE_LOCALE_H