1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

6138 Commits

Author SHA1 Message Date
Werner Koch
1e9bc66a9a
gpg: Remove options --print-dane-records and --print-pka-records.
* g10/gpg.c (main): Remove options but print a dedicated warning.
* g10/options.h (struct opt): Remove fields 'print_dane_records' and
'print_pka_records'.
* g10/keylist.c (list_keyblock): Do not call list_keyblock_pka.
(list_keyblock_pka): Remove.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 15:19:36 +02:00
Åka Sikrom
d6d7e4d218
po: Complete update of the Norwegian translation 2016-07-14 14:20:56 +02:00
Yuri Chornoivan
9427288ebb
Update Ukrainian translation 2016-07-14 14:18:08 +02:00
Ineiev
39c8887035
Update Russian translation. 2016-07-14 14:12:43 +02:00
Werner Koch
0342369ce0
gpg: Fix regression since 2.1 in --search-key with a fingerprint.
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Prefix fingerprint with 0x.
--

pre-2.1 made sure that the 0x prefix was put before the fingerprint so
that the search command works.  Actually --recv-key should be used
with a fingerprint but some users are using --search-key, probably to
use the interactive mode.

GnuPG-bug-id: 2412
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 14:00:37 +02:00
Werner Koch
fb14bf0a95
gpgscm: Use kludge to avoid improper use of ffi_schemify_name.
* tests/gpgscm/ffi.c (ffi_schemify_name): Use xstrdup instead of
strdup for now.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 10:52:03 +02:00
Werner Koch
c98995efef
build: Require latest released libraries
* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
(do_encryption): Always support OCB.
(do_decryption): Ditto.
(agent_unprotect): Ditto.
* dirmngr/server.c (is_tor_running): Unconditionally build this.
--

Although not technically required, it is easier to require them to
avoid bug reports due to too old library versions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 10:48:34 +02:00
Werner Koch
66b634f27f
build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
* build-aux/config.guess: Update.
* build-aux/config.sub: Update.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 18:57:19 +02:00
Werner Koch
3b8ed7650d
gpg: Fix regression due to the new --mimemode options.
* g10/gpg.c (opts): Re-add oTextmodeShort.
--

Regression-due-to: e148c3caa9
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 18:29:40 +02:00
Werner Koch
5811b5c685
tests: 3 more sample messages
--
2016-07-13 18:20:06 +02:00
Daiki Ueno
82b90eee10
gpg: Make --try-all-secrets work for hidden recipients
* g10/getkey.c (enum_secret_keys): Really enumerate all secret
keys if --try-all-secrets is specified.
--

GnuPG-bug-id: 1985
Signed-off-by: Daiki Ueno <ueno@gnu.org>

- Add new arg CTRL to getkey_byname call.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 18:15:52 +02:00
Werner Koch
7b96a8d736
gpg: Do not print a the short keyid if the high word is zero.
* g10/keyid.c (format_keyid): Always returh long keyid ifor KF_LONG.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 17:19:56 +02:00
Werner Koch
4ef62278e3
Merge branch 'master' into STABLE-BRANCH-2-2
--
2016-07-13 15:11:46 +02:00
Werner Koch
e148c3caa9
gpg: New option --mimemode.
* g10/gpg.c (oMimemode): New.
(opts): Add --mimemode.
(main): Use --mimemode only in rfc4880bis compliance mode.
* g10/options.h (struct opt): Add field "mimemode".
* g10/build-packet.c (do_plaintext): Allow for mode 'm'.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested.
* g10/plaintext.c (handle_plaintext): Handle 'm' mode.
* g10/sign.c (write_plaintext_packet): Handle 'm' mode.
(sign_file, sign_symencrypt_file): Use 'm' if requested.
--

Thsi patch prepares for a proposed change in RFC4880bis to support a
MIME flag.  A literal data packet with the mime flag set is handled
like a 't' or 'u' but CR are not removed.  The PLAINTEXT status line
will also indicate a MIME content.

If --mimemode is used without --rfc4880bis 't' will be used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 13:31:12 +02:00
Werner Koch
95810929f7
wks: Use correct key for the confirmation
* tools/gpg-wks-client.c (send_confirmation_response): Actually
encrypt to the recipient.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 12:12:21 +02:00
Werner Koch
44ecc33b4a
wks: New server command --list-domains
* tools/gpg-wks-server.c (aListDomains): New.
(opts): Add --list-domains.
(parse_arguments): Implement.
(main): Ditto.  Use only one final diagnostic message.
(command_list_domains): New.
(check_and_publish): Remove directory creation.
(get_domain_list): New.
(expire_pending_confirmations): Rewrite using a list of directories.
(command_cron): Get domain list and pass to
expire_pending_confirmations.
--

  gpg-wks-server --list-domains

is required once to create the sub directories
2016-07-13 11:44:48 +02:00
NIIBE Yutaka
7be2181777 agent: Fix envvars for UPDATESTARTUPTTY.
agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames
to get the list.

--

Debian-bug-id: 801247
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-13 09:24:26 +09:00
Werner Koch
acb27915f8
g13: Fix memleak.
* g13/g13tuple.c (create_tupledesc): Init refcount to 1.
--

The old code somehow assumed that calloc was used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-12 23:04:39 +02:00
Werner Koch
38eb5f81d2
wks: Add --cron command to gpg-wks-server.
* tools/gpg-wks-server.c (PENDING_TTL): New.
(expire_one_domain, expire_pending_confirmations): New.
(command_cron): New.
(main): Implement --cron.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-12 20:18:22 +02:00
Werner Koch
5de41c4ece
wks: Try to send an encrypted confirmation back.
* tools/gpg-wks-client.c (encrypt_response_status_cb): New.
(encrypt_response): New.
(send_confirmation_response): Encrypt the response.

* tools/gpg-wks-server.c (send_confirmation_request): Use freeing of
BODY and BODYENC.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-12 18:18:19 +02:00
Werner Koch
d3837e0435
wks: Also create DANE record.
* tools/gpg-wks-server.c (copy_key_as_dane): New.
(check_and_publish): Also publish as DANE record.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-12 16:59:20 +02:00
Werner Koch
6cb373f37b
doc: Update import-export description.
--
2016-07-12 16:11:20 +02:00
Werner Koch
9b075575cd
gpg: Extend import-option import-export to print PKA or DANE.
* g10/export.c (do_export_stream): Move PKA and DANE printing helper
code to ...
(print_pka_or_dane_records): this fucntion.
(write_keyblock_to_output): Add arg OPTIOSN and call
print_pka_or_dane_records if requested.
--

It is now possible to print a DANE record given a a file with a key
without importing the key first:

  gpg --export-options export-dane \
      --import-options import-export \
      --import-filter keep-uid='mbox =~ alpha' \
      --import FILE_WITH_KEY

Using the filter we only print a user id with the substring "alpha" in
the addr-spec.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-12 15:13:34 +02:00
Werner Koch
0f5b105d96
gpg: Move a function from import.c to export.c.
* g10/import.c (write_keyblock_to_output): Move to ...
* g10/export.c (write_keyblock_to_output): here.  Add arg WITH_ARMOR.
Also make sure never to export ring trust packets.
2016-07-12 15:13:34 +02:00
Werner Koch
3ccfd58b25
Register DCO for Yann E. MORIN.
--
2016-07-12 15:13:34 +02:00
Daniel Kahn Gillmor
a346dc2275 dirmngr: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-12 12:16:22 +02:00
Werner Koch
7732b33288
gpgconf: Enhance --list-dirs.
* tools/gpgconf.c (main) <aListDir>: Factor code out to ...
(list_dirs): new.  Rewrite to use a table.  Allow selection of a
items.  Add "agent-ssh-socket".
--

This change makes the use of gpgconf in scripts easier.  For example,
to set the envvar with the name of the socket used by ssh, it is now
possible to do this:

  SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"

which guarantees that the right name is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-11 13:06:48 +02:00
NIIBE Yutaka
e32c575e0f gpgv: Tweak default options for extra security.
* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status.  Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.

--

It is common that an organization distributes binary keyrings with
signature cache (Tag 12, Trust Packet) and people use gpgv to validate
signature with such keyrings.  In such a use case, it is possible that
the key validation itself is skipped.

For the purpose of gpgv validation of signatures, we should not depend
on signature cache in keyrings (if any), but we should validate the key
by its self signature for primary key, and back signature for subkey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-09 10:20:02 +09:00
Werner Koch
cbe467e794
gpg: Add export options "export-pka" and "export-dane".
* g10/options.h (EXPORT_PKA_FORMAT): New.
* g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
* g10/export.c: Include zb32.h.
(parse_export_options): Add options "export-pka" and "export-dane".
(do_export): Do not armor if either of these option is set.
(print_pka_or_dane_records): New.
(do_export_stream): Implement new options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-07 17:35:20 +02:00
Werner Koch
b05878f32a
gpg: Split a too large export function.
* g10/export.c (do_export_stream): Factor some code out to ...
(do_export_one_keyblock): new.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-07 17:35:20 +02:00
Justus Winter
2f61aa0ff1 gpgscm: Capture output of spawned processes.
* tests/gpgscm/tests.scm (call-check): Capture stdout and stderr, and
return stdout if the child exited successfully, or include stderr in
the error.
* tests/openpgp/version.scm: Demonstrate this by checking the stdout.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-07 16:18:10 +02:00
Werner Koch
511c2522b9
doc: Escape file names in generated macros.
* doc/mkdefsinc.c (print_filename): New.
(main): Use it here.
--

Our Jenkins uses an @ in directory names and thus our builds break.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 19:35:15 +02:00
Werner Koch
e5896da666
wks: Let the server take the encrytion key from the file.
* tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to
'keyfile'.
(store_key_as_pending): Add arg 'r_fname' to make of the keyfile.
(send_confirmation_request): Add arg 'keyfile'.
(process_new_key): Pass on the name of the keyfile.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:50:57 +02:00
Werner Koch
a479804c86
gpg: New options --recipient-file and --hidden-recipient-file.
* g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
(opts): Add options --recipient-file and --hidden-recipient-file.
(main): Implement them.  Also remove duplicate code from similar
options.
* g10/keydb.h (PK_LIST_FROM_FILE): New.
(PK_LIST_SHIFT): Bump up.
* g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
(find_and_check_key): Add and implement arg FROM_FILE.
(build_pk_list): Pass new value for new arg.
* g10/getkey.c (get_pubkey_fromfile): New.
* g10/gpgv.c (read_key_from_file): New stub.
* g10/test-stubs.c (read_key_from_file): New stub.
* g10/server.c (cmd_recipient): Add flag --file.
* g10/import.c (read_key_from_file): New.

* tests/openpgp/defs.scm (key-file1): New.
(key-file2): New.
* tests/openpgp/setup.scm: Add their private keys and import the
key-file1.
* tests/openpgp/encrypt.scm: Add new test.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:35:19 +02:00
Werner Koch
073be51a86
gpg: New option --no-keyring.
* g10/gpg.c (oNoKeyring): New.
(opts): Add "--no-keyring".
(main): Do not register any keyring if the option is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:33:53 +02:00
Werner Koch
fdfde91595
gpg: Document use of node flags in import.c and remove unused args.
* g10/import.c (NODE_GOOD_SELFSIG): New.  Use instead of 1.
(NODE_BAD_SELFSIG): New.  Use instead of 2.
(NODE_DELETION_MARK): New.  Use instead of 4.
(NODE_FLAG_A): New.  Use to mark new nodes in merge_blocks.
(chk_self_sigs): Remove unused args FNAME and PK.
(import_one): Adjust call.  Simplify error return because
chk_self_sigs does not return an error code.
(append_uid, append_key, merge_sigs, merge_keysigs): Remove unsued
args FNAME and KEYID.
(merge_blocks, import_one, import_secret_one)
(import_revoke_cert): Remove unused arg FNAME.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 11:29:19 +02:00
Werner Koch
7e0c48eb6f
gpg: Get rid of an unused arg in a function in getkey.c.
* g10/getkey.c (pk_from_block): Remove unused arg CTX.  Change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 08:55:34 +02:00
Werner Koch
9385dfeb9d
gpg: Change calling convention for a function in getkey.c
* g10/getkey.c (merge_selfsigs): Remove arg CTX.  Add args REQ_USAGE
and WANT_EXACT.
(finish_lookup): Adjust caller.  Set LOOKUP_NOT_SELECTED here...
(lookup): and not here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 08:55:30 +02:00
Werner Koch
5d1a9c4dc8
gpg: Fix possible out-of-bounds read in is_armored.
* g10/armor.c (check_input): Call is_armored only if LEN >= 2.
(unarmor_pump): Use a 2 byte buffer for is_armored.
--

Fixes-commit: 605276ef8c
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-05 18:49:06 +02:00
Justus Winter
8270580a5a tests: Honor environment variable 'TMP'.
This fixes problems with long socket names, e.g. when doing distcheck.

* tests/gpgscm/tests.scm (path-join): New function.
(with-temporary-working-directory): Honor 'TMP'.
(make-temporary-file): Likewise.
* tests/migrations/Makefile.am (TMP): Default to '/tmp'.
(TESTS_ENVIRONMENT): Set 'TMP'.
* tests/openpgp/Makefile.am (TMP): Default to '/tmp'.
(TESTS_ENVIRONMENT): Set 'TMP'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-05 16:25:21 +02:00
Justus Winter
f26fe4f73e gpgscm: Improve robustness and compatibility.
* tests/gpgscm/ffi.c (do_getenv): Avoid gccism.
(do_mkdtemp): Handle errors.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-05 16:24:13 +02:00
Justus Winter
b70d08827d tests/migrations: Fix distcheck.
* tests/migrations/Makefile.am (TESTS): Rename test.
(TEST_FILES): Update list.
(EXTRA_DIST): Add common.scm.
* tests/migrations/common.scm (GPGTAR): New variable.
(dearmor): Rename and untar archive.
* tests/migrations/extended-private-key-format.scm: Rename.
(setup): Update.
* tests/migrations/extended-pkf.tar.asc: New file.
* tests/migrations/extended-private-key-format.gpghome: Delete.
* tests/migrations/from-classic.gpghome: Likewise.
* tests/migrations/from-classic.scm (setup): Update.
* tests/migrations/from-classic.tar.asc: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-05 15:25:21 +02:00
Justus Winter
0b8a335879 tools/gpgtar: Provide --create and --extract.
* tools/gpgtar.c (cmd_and_opt_values): New values.
(opts): New actions.
(parse_arguments): Handle new actions.
* tests/openpgp/gpgtar.scm: Test new interface.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-05 15:18:30 +02:00
Justus Winter
a6b87981f7 g10: Fix out-of-bounds read.
* g10/armor.c (use_armor_filter): We need two bytes for 'is_armored'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-05 12:38:15 +02:00
Werner Koch
8c8ae043b8
wks: Add command --read to gpg-wks-client.
* tools/gpg-wks-client.c (aRead): New.
(opts): Add command "--read".
(main): Implement that.
--

This command allows to process alread decrypted Web Key Service
messages.  It can for example be used in /etc/mailcap

--8<---------------cut here---------------start------------->8---
application/vnd.gnupg.wks; gpg-wks-client -v --read --send;\
      needsterminal; description=Web Key Service message
--8<---------------cut here---------------end--------------->8---

to allow Mutt to process confirmation requests.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-04 11:29:12 +02:00
Werner Koch
27d158ead4
tests: Add a gettime test for sizeof (time_t) > 4.
* common/t-gettime.c (test_isotime2epoch): Add 4 more tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-04 10:00:34 +02:00
Werner Koch
9177a89773
gpg: Avoid spurious failures on keyblocks with no or only deleted nodes.
* g10/import.c (write_keyblock_to_output): Clear ERR on success.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-03 11:56:10 +02:00
Werner Koch
1bfed0bbc5
wks: Let the client only export the requested UID.
* tools/gpg-wks-client.c (get_key): Export only the requested uid.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-03 10:27:39 +02:00
Werner Koch
7705f310f1
tools: Call sendmail directly from the wks tools.
* tools/send-mail.c, tools/send-mail.h: New.
* tools/wks-util.c: New.
* tools/Makefile.am (gpg_wks_server_SOURCES): Add them.
(gpg_wks_client_SOURCES): Ditto.
* tools/gpg-wks.h (opt): Add fields use_sendmail and output.
* tools/gpg-wks-client.c: Add options --send and --output.  Rename
command --send to --create.
(command_send, send_confirmation_response): Output via wks_send_mime.
* tools/gpg-wks-server.c:  Add options --send and --output.
(send_confirmation_request): Output via wks_send_mime.
(check_and_publish): Add hack for name-value bug.
--

With this code, a dedicated user on the server along with a procmail
script, it was possible to run a basic test.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-03 00:41:30 +02:00
Werner Koch
c619035d9c
tools: Add options to gpg-wks-server.
* tools/gpg-wks.h (opt): Add 'default_from' and 'extra_headers'.
* tools/gpg-wks-server.c (oFrom, oHeader): New.
(parse_arguments): Set them and check args.
(get_submission_address): New.
(send_confirmation_request): Set correct From address.  Add extra
headers.
(process_new_key): Return an error code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-02 18:59:22 +02:00