* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark): Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--
This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used. It just does
not make sense to create a trustdb if there is no need for it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (openpgp_pk_algo_name): New. Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E. Return an error for ECC algos.
(openpgp_pk_test_algo2): Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--
Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks. This patches fixes that and
also make sure that gpg does advertise any ECC features. The patch in
build_list is not really needed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (print_pubkey_algo_note): Map the algo.
(openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto.
(pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig)
(pubkey_get_nenc): Return 0 for ECC algorithms.
--
Libgcrypt 1.6 features algorithm 18 (generic ECC). Because of the
missing mapping and no real support for the OpenPGP ECC format, this
led to parsing errors of ECC packets. We better better explicitly
tell gpg that we ECC is not supported.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--
By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id. The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.
Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--
We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature. Thus if key
flags are used in any way, the default key capabilities are never
used.
This allows to create a key with key flags set to all zero so it can't
be used. This better reflects common sense.
(cherry picked from commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf)
* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.
* g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY. Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--
This is a more general fix for the nested compression packet bug. In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream. This patch also reduces the
number of error messages for the non-import case.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Special case setup_trustdb for --encrypt.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 498b9a95dc65c43240835d64cc92d8fb43014d53)
--
This is required by newer mingw toolchain versions which demand that
winsock2.h is included before windows.h. Now, due to the use of
socket definitions in pth.h we need to include winsock2.h also in
pth.h, now pth.h is often included after an include of windows.h and
thus the compiler spits out a warning. To avoid that we include
winsock2.h at all places the compiler complains about.
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--
This fixes an obvious bug in locales where the translated string is
longer than the original. The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.
En passant we also removed the trailing white space on continued
lines.
Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
(cherry picked from commit e33e74e3a4b2b4a0341f933410ddd5db7a12515e)
Note that this version uses utf8_charcount to get the indentation
mostly right.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.c (KEYDB_RESOURCE_TYPE_KEYBOX): New.
(keydb_add_resource): Handle scheme "gnupg-kbx:". Detect Keybox
magic. Print wanrning note for Keybox.
(keydb_new, keydb_release, keydb_get_resource_name)
(lock_all, unlock_all, keydb_get_keyblock)
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_locate_writable, keydb_rebuild_caches, keydb_search_reset)
(keydb_search2): Ignore Keybox type in switches.
* g10/gpg.h (G10ERR_UNSUPPORTED): Map to correct gpg-error value.
--
GnuPG 2.1 will support Keybox files in GPG and thus users might see
weird error messages if they accidentally use a keybox file with 2.0.
Better print a note here.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--
A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring. This change skips all
packets which are not allowed in a keyblock.
GnuPG-bug-id: 1455
(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
* keyserver.c (print_keyrec): Honor --keyid-format when getting back
full fingerprints from the keyserver (the comment in the code was
correct, the code was not).
* g10/misc.c (map_pk_openpgp_to_gcry): New.
* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
--
Although we don't have support for ECC, we want to print a proper
algorithm name in keyserver listings. This will only work while using
a ECC enabled Libgcrypt. Problem reported by Kristian Fiskerstrand.
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data
* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.
--
Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
agent/genkey.c: s/to to/to/
sm/*.c: s/failed to allocated/failed to allocate/
sm/certlist.c: s/should have not/should not have/
Consistency fix:
* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
Replace gcry_md_start_debug by gcry_md_debug in all files.
* agent/gpg-agent.c (fixed_gcry_pth_init): Use only if
GCRY_THREAD_OPTION_VERSION is 0
* scd/scdaemon.c (fixed_gcry_pth_init): Ditto.
--
Libgcrypt 1.6 will have some minor API changes. In particular some
deprecated macros and functions will be removed. PTH will also be
dropped in favor of a thread model neutral locking method.
* g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
recreating a cert.
This is used by various things in --edit-key like setpref, primary,
etc. Suggested by Christian Aistleitner.
* common/status.h (STATUS_DECRYPTION_INFO): New.
* g10/encr-data.c: Include status.h.
(decrypt_data): Emit STATUS_DECRYPTION_INFO line.
--
DECRYPTION_INFO <mdc_method> <sym_algo>
Print information about the symmetric encryption algorithm and
the MDC method. This will be emitted even if the decryption
fails.
* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level
* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
pending_check_trustdb is true (set when we detect a trustdb
parameter has changed).
* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
listing for min_cert_level not matching.
* g10/tdbio.c (tdbio_update_version_record, create_version_record,
tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
tdbio_write_record): Add a byte for min_cert_level in the tdbio
version record.
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* scripts/git-hooks/commit-msg: New script.
* autogen.sh: Install commit-msg hook for git.
* doc/HACKING: Describe the ChangeLog policy.
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg. This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.
overflow when picking an algorithm (not a security issue since we
can't pick something not present in all preference lists, but we might
pick something that isn't scored first choice).
* pkclist.c (select_algo_from_prefs): Slightly improve the handling of
MD5 in preference lists. Instead of replacing MD5 with SHA-1, just
remove MD5 from the list altogether, and let the next-highest ranked
algorithm be chosen.