1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

5796 Commits

Author SHA1 Message Date
Neal H. Walfield
2d1d795481 gpg: Systematically detect and fix signatures that are out of order.
* g10/keyedit.c (sig_comparison): New function.
(fix_key_signature_order): Merge functionality into...
(check_all_keysigs): ... this function.  Rewrite to eliminate
duplicates and use a systematic approach to detecting and moving
signatures that are out of order instead of a heuristic.
(fix_keyblock): Don't call fix_key_signature_order.  Call
check_all_keysigs instead after collapsing the uids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2236
2016-02-19 16:38:27 +01:00
Neal H. Walfield
44cdb9d73f gpg: Split check_key_signature2.
* g10/sig-check.c (hash_uid_node): Rename from this...
(hash_uid_packet): ... to this.  Take a PKT_user_id instead of a
KBNODE.
(check_key_signature2): Split the basic signature checking
functionality into...
(check_signature_over_key_or_uid): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:38:26 +01:00
Neal H. Walfield
5fbd80579a gpg: Split print_and_check_one_sig.
* g10/keyedit.c (print_and_check_one_sig): Split the print
functionality into...
(print_one_sig): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:03 +01:00
Neal H. Walfield
ac5aea9545 gpg: Split the function check_signature_end.
* g10/sig-check.c (check_signature_end): Break the basic signature
check into...
(check_signature_end_simple): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:02 +01:00
Neal H. Walfield
10671c3a4c gpg: Use format_keyid rather than manually formatting the keyid.
* g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
manually formatting the keyid.
* g10/keygen.c (card_write_key_to_backup_file): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:02 +01:00
Neal H. Walfield
bf9d1248c8 gpg: Initialize the primary key when generating a key.
* g10/keygen.c (do_generate_keypair): Initialize
pri_psk->flags.primary, pri_psk->keyid and pri_psk->main_keyid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:01 +01:00
Neal H. Walfield
c45633a571 gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid.
* g10/keydb.h (keyid_cmp): New function.
* g10/keyid.c (pk_keyid): New function.
(pk_main_keyid): New function.
(keyid_copy): New function.
(pk_keyid_str): New function.
* g10/packet.h (PKT_public_key): Update comments for main_keyid and
keyid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk,
NULL) to ensure that pk->keyid is valid.  Because it is easy to forget
to do this, these accessor functions take care of it.
2016-02-19 16:13:00 +01:00
Daniel Kahn Gillmor
7e7f35a2d7
gpgparsemail: Allow weirdly-mixed pkcs7 signatures.
* tools/gpgparsemail.c: Add and check info->signing_protocol_2.

--
Some mailers in the wild will generate messages that have the a weird
structure where they use the x- prefix in one part and drop it in
another.

For example, the main MIME part as a whole has:

Content-Type: multipart/signed;
   protocol="application/x-pkcs7-signature"

but the signature sub-part has:

  Content-Type: application/pkcs7-signature

(or vice versa, where the x- prefix is in the sub-part but not the
protocol= section on the main MIME object)

This change also avoids allocating strings for these comparisons,
since the const strings in question are already available in the built
executable, and no dynamic labels are needed.

===
- 2 lines reformatted to keep them below 90 cols. - wk
2016-02-18 12:15:46 +01:00
Daniel Kahn Gillmor
813df2fe66
gpg: Clean up dangling agent_open and agent_closed declarations.
* g10/keydb.h: Remove agent_open, agent_close declarations/
* g10/migrate.c: #include <unistd.h> for access()

--
agent_open() is only defined statically in common/simple-pw-query.c,
it is neither used nor referenced anywhere else.  agent_close doesn't
exist anywhere.  The removal of these declarations removes an
unecessary inclusion of libassuan.h.

migrate.c was relying on keydb.h -> libassuan.h -> unistd.h for the
declaration of access(), so we now handle that explicitly instead.
2016-02-18 12:11:16 +01:00
Werner Koch
e1ceff1676
w32: Make scdaemon build again due to libusb problem.
* configure.ac: Add hack to disable libusb for Windows.  Also use
$host instead of $target in the switch
 --

The new test for libusb does not support cross-compiling.  As a quick
workaround we disable libusb for Windows because we can't use it anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-16 16:53:34 +01:00
Werner Koch
44b02e1beb
w32: Do not error out if gpgconf is not installed.
* common/homedir.c (check_portable_app): Remove error message.
--

It is sometimes useful to install just gpgv and no other parts.  Our
test for a portable application returned an error if gpgconf is not
installed.  That error is not required but was merely a debug aid.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-16 16:07:44 +01:00
Neal H. Walfield
2f02ed75a9 gpg: Make ASCII armor decoding more robust to encoding errors.
* g10/armor.c (radix64_read): If the = is followed by the string "3D",
check if the following four characters are valid radix 64 and are
followed by a new line.  If so, warn and ignore the '3D'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2250
2016-02-16 13:09:32 +01:00
Werner Koch
a1c11283af
doc: Add a gnupg-module-overview picture.
* doc/gnupg-module-overview.svg: New.
* doc/debugging.texi (Component interaction): New.
* doc/Makefile.am (EXTRA_DIST): Add PNG and PDF versions of
gnupg-module-overview.svg.  Remove two eps files.
(BUILT_SOURCES): Add gnupg-module-overview.pdf and .png.  Remove
gnupg-card-architecture.epsl
(gnupg_TEXINFOS): Add gnupg-module-overview.svg
(gnupg.dvi): New.
(DISTCLEANFILES): Remove build eps files.
--

Many thanks to Emanuel Schütze for helping with the redesign of the
module overview.  The original file has been used by mere for years in
talks but was never a proper part of GnuPG.

The EPS files have been removed due to their size.  Thus to build the
"dvi" target the convert tool is required.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-16 13:01:17 +01:00
NIIBE Yutaka
ea9cfcfbf7 common, g10: Fix indentation to silence GCC-6.
* common/iobuf.c (iobuf_ioctl): Fix.
* g10/encrypt.c (encrypt_filter): Likewise.
* g10/keyring.c (prepare_search): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-02-15 11:05:29 +09:00
NIIBE Yutaka
6fbe12a51e dirmngr: fix for memory alignment.
* dirmngr/dns-stuff.c (get_dns_cert): Cast through void *.
(getsrv, get_dns_cname): Make sure it's aligned for HEADER.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-02-15 10:55:34 +09:00
Werner Koch
772f6b29b5
Put asterisks in front of two function descriptions.
--

This helps visual impaired hackers to easier read comments and also
helps use when looking at a printout.
2016-02-14 16:11:06 +01:00
Werner Koch
9b28b82e7c
gpg: Add hidden key-edit subcommand "change-usage".
* g10/keyedit.c (cmdCHANGEUSAGE): New.
(cmds): Add command "change-usage".
(keyedit_menu): Handle that command.
(menu_changeusage): New.
* g10/keygen.c (keygen_add_key_flags): New.
(ask_key_flags): Add optional arg current.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-14 16:01:53 +01:00
Neal H. Walfield
9663b08848 gpg: Improve API documentation.
* g10/seskey.c (make_session_key): Improve documentation.
(encode_session_key): Improve documentation.
* g10/encrypt.c (encrypt_seskey): Remove gratuitous initialization.
* g10/dek.h (DEK): Improve documenation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-14 14:46:30 +01:00
Neal H. Walfield
5cdde08ea8 gpg: Fix calc_header_length when LEN is 0 and improve documentation.
* g10/build-packet.c (calc_header_length): Return the correct haeder
size when LEN is 0.  Fix documentation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2240
2016-02-14 14:46:24 +01:00
Neal H. Walfield
c0268c449d gpg: Fix format_keyid when dynamically allocating the buffer.
* g10/keyid.c (format_keyid): Return a char *, not a const char *.  If
BUFFER is NULL, then set LEN to the static buffer's size.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-14 14:46:20 +01:00
Neal H. Walfield
ad43dc6cfc common: Fix comment.
* common/iobuf.c (iobuf_flush_temp): Fix comment.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-14 14:46:16 +01:00
Werner Koch
86f3bb144a
g13: Require a confirmation before g13 is used for DM-Crypt.
* g13/g13-syshelp.c (g13_syshelp_i_know_what_i_am_doing):
* g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Call it.
(sh_dmcrypt_mount_container): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:30:14 +01:00
Werner Koch
b0e6ab1109
g13: Second chunk of code to support dm-crypt.
* g13/be-dmcrypt.c, g13/be-dmcrypt.h: New.
* g13/Makefile.am (g13_SOURCES): Add them.
* g13/backend.c: Include be-dmcrypt.h and call-syshelp.h.
(no_such_backend): Rename to _no_such_backend and provide replacement
macro.
(be_is_supported_conttype): Support DM-Crypt.
(be_take_lock_for_create): Call set_segvice for DM-Crypt.
(be_create_new_keys): Make it a dummy for DM-Crypt.
(be_create_container): Call be_dmcrypt_create_container.
(be_mount_container): call be_dmcrypt_mount_container.
* g13/g13-syshelp.c (main): Enable verbose mode.
* g13/g13tuple.c (get_tupledesc_data): New.
* g13/g13tuple.h (unref_tupledesc): New.
* g13/g13.h (server_control_): Add field "recipients".
* g13/g13.c (main): Fix setting of recipients via cmdline.
(g13_deinit_default_ctrl): Release recipients list.
(g13_request_shutdown): New.  Replace all direct update of
shutdown_pending by calls this function.
* g13/server.c (server_local_s): Remove field recipients which is now
part of CTRL.
(reset_notify, cmd_recipient, cmd_create): Adjust for this change.
* g13/create.c (encrypt_keyblob): Rename to g13_encrypt_keyblob.
(g13_create_container): Support DM-Crypt.
* g13/mount.c (parse_header): Allow for meta data copies.
(g13_mount_container): Support DM-Crypt.
* g13/sh-cmd.c (cmd_create): Make it work.
(cmd_mount): New.
* g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Make it work.
(sh_dmcrypt_mount_container): New.
--

With this patch we can now create an encrypted partition and partly
mount it (i.e. setup keys and create the mapped device). We do not yet
create a file system or mount that file system

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:54 +01:00
Werner Koch
13f745b50d
g13: Improve dump_keyblob.
* g13/g13tuple.c: Include keyblob.h.
(find_tuple_uint): Factor code out to ...
(convert_uint): new.
(all_printable): New.
* g13/mount.c (dump_keyblob: Move and rename to ...
* g13/g13tuple.c (dump_tupledesc): here.  Revamp and pretyy print uint
values.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:40 +01:00
Werner Koch
59fc3507d1
g13: Define 3 new tags.
* g13/keyblob.h (KEYBLOB_TAG_CONT_NSEC): New.
(KEYBLOB_TAG_ENC_NSEC): New.
(KEYBLOB_TAG_ENC_OFF): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:40 +01:00
Werner Koch
82d12156ef
g13: Rename utils.c to g13tuple.c
* g13/utils.c: Rename to g13tuple.c.
* g13/utils.h: Rename to g13tuple.h.  Change all users.
* g13/Makefile.am: Adjust accordingly
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:39 +01:00
Werner Koch
4f152f3276
g13: Add functions to handle uint in a keyblob.
* g13/utils.c (append_tuple_uint): New.
(find_tuple_uint): New.
* g13/t-utils.c: New.
* g13/Makefile.am (noinst_PROGRAMS, TESTS): New.
(module_tests, t_common_ldadd): New.
(t_utils_SOURCES, t_utils_LDADD): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:39 +01:00
Werner Koch
dc1dbc43a6
g13: Re-factor high level create code.
* g13/create.c (g13_create_container): Factor some code out to ...
* g13/backend.c (be_take_lock_for_create): new.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:39 +01:00
Werner Koch
3087197008
g13: Return an error for non-existing device.
* g13/sh-cmd.c (cmd_device): Set ERR.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:39 +01:00
Werner Koch
6390beca54
g13: Fix releasing of a syshelp context.
* g13/call-syshelp.c (call_syshelp_release): Allow a NULL arg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:39 +01:00
Werner Koch
c5d7045daf
g13: Switch over to common/exectool.c.
* g13/sh-exectool.c: Remove.  It has been replaced by common/exectool.c.
* g13/Makefile.am (g13_syshelp_SOURCES): Remove sh-exectool.c
* g13/sh-blockdev.c: Include exectool.h.  Change sh_exec_tool to
gnupg_exec-tool.
* g13/sh-dmcrypt.c: Ditto.
--

With commit 2ae07f826aa551db8adf714158fce962790a6b54 the exectool code
was moved from a g13 feature branch to common/ so that it could be
used by gpgtar.  With this patch we finally remove the original code
and use the one in common/.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:39 +01:00
Werner Koch
d19d6e1856
common: Make gnupg_exec_tool conform to spec.
* common/exectool.c (gnupg_exec_tool): Allocate extra byte.  Allow
zero length read.  Append hidden byte.  Release memory on error.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:38 +01:00
Werner Koch
81494fd30d
g13: First chunk of code to support dm-crypt.
* g13/call-syshelp.c, g13/call-syshelp.h: New.
* g13/g13-syshelp.c, g13/g13-syshelp.h: New.
* g13/sh-cmd.c: New.
* g13/sh-blockdev.c: New.
* g13/sh-exectool.c: New.
* g13/sh-dmcrypt.c: New.
* g13/Makefile.am (sbin_PROGRAMS): Add g13-syshelp.c
(g13_syshelp_SOURCES): New.
(g13_syshelp_LDADD): New.

* g13/g13.c (opts): Add option --type.
(g13_deinit_default_ctrl): New.
(main): Implement that option.  Call g13_deinit_default_ctrl.
* g13/g13.h (struct call_syshelp_s): New declaration.
(server_control_s): Add field syshelp_local.
* g13/keyblob.h (KEYBLOB_TAG_CREATED): New.
(KEYBLOB_TAG_ALGOSTR): New.
(KEYBLOB_TAG_HDRCOPY): New.
* g13/backend.c (be_parse_conttype_name): New.
(be_get_detached_name): Add CONTTYPE_DM_CRYPT.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:38 +01:00
Werner Koch
d711f5c769
tests: Remove some harmless warnings in regression tests.
* tests/openpgp/gpg-agent.conf.tmpl: Remove --use-standard-socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:15 +01:00
Neal H. Walfield
acac103ba5 common: Change simple_query to ignore status messages.
* common/simple-pwquery.c (simple_query): Ignore status messages.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2229
2016-02-12 22:12:21 +01:00
NIIBE Yutaka
d9f9b3be03 g10: Make sure to have the directory for trustdb.
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
the directory and create it if none before calling take_write_lock.

--

Thanks to Marc Deslauriers for the bug report and his patch.

GnuPG-bug-id: 2246

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-02-12 10:10:33 +09:00
Neal H. Walfield
75311cfe18 doc: Note that rngd can also be used to quickly generate insecure keys.
* doc/gpg-agent.texi (Agent Options): Add comment to the description
of --debug-quick-random that rngd can also be used to quickly generate
key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-02 11:50:52 +01:00
Werner Koch
3d952a2fe5
scd: Fix size_t/int mismatch in libusb
* scd/ccid-driver.c (bulk_in, abort_cmd, ccid_poll): Change msglen to
int.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-27 14:31:13 +01:00
Werner Koch
1b90b52a56
scd: Fix detection of libusb.
* configure.ac (HAVE_LIBUSB): Clear if no header file was found.
(LIBUSB_LIBS): Ditto.
--

This allows to use commit d0d9708 when libusb is installed without the
header files.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-27 14:23:19 +01:00
Werner Koch
ab7d41b69c
gpg: Shorten the --tofu-policy help text
--

Using "help" as value lists the options.  Not having the current
options in the help text also makes it easier to keep translations
clean.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-27 14:00:15 +01:00
Werner Koch
4d67144142
dirmngr: Build fix for FreeBSD (EAI macros)
* dirmngr/dns-stuff.c (map_eai_to_gpg_error): Map EAI_NODATA and
EAI_ADDRFAMILY only if defined.
--

Reported-by: Christoph Moench-Tegeder <cmt@burggraben.net>
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-27 14:00:15 +01:00
Ineiev
f099042d82
doc: Typo fixes
--
2016-01-27 14:00:15 +01:00
NIIBE Yutaka
d0d9708970 scd: Migrate to new API of libusb 1.0.
* configure.ac (LIBUSB_CPPFLAGS): New.
* scd/Makefile.am (AM_CPPFLAGS): Add LIBUSB_CPPFLAGS.
* scd/ccid-driver.c: Use libusb 1.0 API.
--

Changes are straightforward, not use any new features.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-01-27 12:24:05 +09:00
Werner Koch
167558a67e
Post release updates
--
2016-01-26 14:14:24 +01:00
Werner Koch
e9e5e83ec1
Release 2.1.11 gnupg-2.1.11 2016-01-26 13:49:59 +01:00
Werner Koch
dc4a47097b
po: Auto-update
--
2016-01-26 13:48:26 +01:00
Petr Pisar
cc75359273
po: Update Czech translation
--
2016-01-26 13:45:41 +01:00
Werner Koch
7313c5fd5a
Update copyright years.
--
2016-01-26 13:20:59 +01:00
Werner Koch
d56f76afbd
po: Update German translation
--
2016-01-26 13:19:34 +01:00
Andre Heinecke
3e50236d4e
gpgtar,w32: Fix gpgtar 8 bit encoding handling on W32
* common/utf8conv.c (wchar_to_utf8): Factor code out to ...
(wchar_to_cp): new.
(utf8_to_wchar): Factor code out to ...
(cp_to_wchar): new.
(wchar_to_native): New.
(native_to_wchar): New.
* tools/gpgtar-create.c (fillup_entry_w32): Use native_to_wchar.
(scan_directory): Use wchar_to_native.
--

Gpgtar needs to handle filenames in the local 8 bit encoding on
Windows as it uses the 8 bit file io functions.

GnuPG-bug-id: 1624, 1746

Patch from bug 1624 modified to fit into GnuPG 2.1 by wk.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-26 09:53:42 +01:00