1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-12 21:58:50 +01:00
Commit Graph

713 Commits

Author SHA1 Message Date
Werner Koch
1a0eeaacd1 gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-11 09:25:58 +02:00
Werner Koch
6286d01ba3 gpg: Fix --version output and explicitly disable ECC.
* g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E.  Return an error for ECC algos.
(openpgp_pk_test_algo2):  Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--

Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks.  This patches fixes that and
also make sure that gpg does advertise any ECC features.  The patch in
build_list is not really needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-11 09:18:01 +02:00
Werner Koch
0bf54e60d3 gpg: Print a "not found" message for an unknown key in --key-edit.
* g10/keyedit.c (keyedit_menu): Print message.
--

GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 18:34:56 +02:00
Werner Koch
1f842011f6 gpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6.
* g10/misc.c (print_pubkey_algo_note): Map the algo.
(openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto.
(pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig)
(pubkey_get_nenc): Return 0 for ECC algorithms.
--

Libgcrypt 1.6 features algorithm 18 (generic ECC).  Because of the
missing mapping and no real support for the OpenPGP ECC format, this
led to parsing errors of ECC packets.  We better better explicitly
tell gpg that we ECC is not supported.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 18:01:40 +02:00
Werner Koch
e7abed3448 gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 13:44:39 +02:00
Daniel Kahn Gillmor
dd868acb0d gpg: Allow setting of all zero key flags
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
(cherry picked from commit b693ec02c4)
2013-10-04 08:54:25 +02:00
Werner Koch
0a805ed160 gpg: Distinguish between missing and cleared key flags.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never
used.

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.
(cherry picked from commit 4bde12206c)
2013-10-04 08:53:49 +02:00
Daniel Kahn Gillmor
89f6706ada Remove trailing white space from some files.
--
2013-10-04 08:53:27 +02:00
Werner Koch
35e40e2d51 gpg: Limit the nesting level of I/O filters.
* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.

* g10/mainproc.c (mainproc_context): New field ANY.  Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY.  Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--

This is a more general fix for the nested compression packet bug.  In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream.  This patch also reduces the
number of error messages for the non-import case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-04 08:20:49 +02:00
Werner Koch
cd1b696b28 gpg: Fix bug with deeply nested compressed packets.
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-02 09:17:38 +02:00
Werner Koch
0f18295ac8 gpg: Use 2048 as the default keysize in batch mode.
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:19:47 +02:00
Werner Koch
3966eb2445 gpgv: Init Libgcrypt to avoid syslog warning.
* g10/gpgv.c (main): Check libgcrypt version and disable secure
memory.
--

GnuPG-bug-id: 1376
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-19 11:22:11 +02:00
Werner Koch
f3c5cc8bcd gpg: Remove legacy keyserver examples from the template conf file.
* g10/options.skel: Update.
2013-08-06 10:04:12 +02:00
Werner Koch
7c028efc18 gpg: No need to create a trustdb when encrypting with --always-trust.
* g10/gpg.c (main): Special case setup_trustdb for --encrypt.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit 498b9a95dc)
2013-08-02 09:26:32 +02:00
Ian Abbott
049b3d9ca0 w32: Add icons and version information.
* common/gnupg.ico: New.  Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-07 21:17:04 +02:00
Jedi
42c44e9ccd Fix a typo and a wrong code indentation.
--

Reported-by: NIIBE Yutaka <gniibe@fsij.org>
2013-04-25 09:33:33 +02:00
Werner Koch
40ca0022a7 w32: Almost everywhere include winsock2.h before windows.h.
--

This is required by newer mingw toolchain versions which demand that
winsock2.h is included before windows.h.  Now, due to the use of
socket definitions in pth.h we need to include winsock2.h also in
pth.h, now pth.h is often included after an include of windows.h and
thus the compiler spits out a warning.  To avoid that we include
winsock2.h at all places the compiler complains about.
2013-04-23 18:06:46 +02:00
Werner Koch
3402a84720 Fix potential heap corruption in "gpg -v --version".
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>

(cherry picked from commit e33e74e3a4)

Note that this version uses utf8_charcount to get the indentation
mostly right.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-22 20:25:35 +02:00
Werner Koch
7db5c81e3a Comment fixes.
--

Reported-by: Daniel Kahn Gillmor
2013-04-22 19:59:34 +02:00
Christian Aistleitner
3cfe527fa5 gpg: Fix honoring --cert-digest-algo when recreating a cert
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data and for hash computation.
2013-01-11 13:51:18 +01:00
Werner Koch
f395a3e7ef gpg: Detect Keybox files and print a diagnostic.
* g10/keydb.c (KEYDB_RESOURCE_TYPE_KEYBOX): New.
(keydb_add_resource): Handle scheme "gnupg-kbx:".  Detect Keybox
magic.  Print wanrning note for Keybox.
(keydb_new, keydb_release, keydb_get_resource_name)
(lock_all, unlock_all, keydb_get_keyblock)
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_locate_writable, keydb_rebuild_caches, keydb_search_reset)
(keydb_search2): Ignore Keybox type in switches.
* g10/gpg.h (G10ERR_UNSUPPORTED): Map to correct gpg-error value.
--

GnuPG 2.1 will support Keybox files in GPG and thus users might see
weird error messages if they accidentally use a keybox file with 2.0.
Better print a note here.
2013-01-03 20:21:20 +01:00
Werner Koch
c291ebaf6f Remove trailing white space from some files.
--
2013-01-03 20:11:54 +01:00
Werner Koch
498882296f gpg: Import only packets which are allowed in a keyblock.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--

A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring.  This change skips all
packets which are not allowed in a keyblock.

GnuPG-bug-id: 1455

(cherry-picked from commit 3a4b96e665)
2012-12-20 11:52:04 +01:00
Werner Koch
d23ec86095 gpg: Make commit 258192d4 actually work
* g10/sign.c (update_keysig_packet): Use digest_algo.
2012-12-19 11:47:23 +01:00
Werner Koch
75404e2dad gpg: Suppress "public key already present" in quiet mode.
* g10/pkclist.c (build_pk_list): Print two diagnostics only in
non-quiet mode.
--

(back-ported from commit 8325d61659)
2012-12-19 11:29:37 +01:00
Werner Koch
febb8ace98 Remove trailing white space from a file
--
2012-12-19 11:27:11 +01:00
David Shaw
3d0c386011 The keyserver search menu should honor --keyid-format
* keyserver.c (print_keyrec): Honor --keyid-format when getting back
  full fingerprints from the keyserver (the comment in the code was
  correct, the code was not).
2012-11-29 13:06:39 -05:00
Werner Koch
978878b1be Fix printing of ECC algo names in hkp keyserver listings.
* g10/misc.c (map_pk_openpgp_to_gcry): New.
* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
--

Although we don't have support for ECC, we want to print a proper
algorithm name in keyserver listings.  This will only work while using
a ECC enabled Libgcrypt.  Problem reported by Kristian Fiskerstrand.
2012-11-27 17:35:16 +01:00
Werner Koch
ab4ea45f54 Allow decryption with card keys > 3072 bit
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data

* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.

--

Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
2012-11-06 14:39:22 +01:00
David Prévot
1c2f80cf1b Fix typos spotted during translations
agent/genkey.c: s/to to/to/
sm/*.c: s/failed to allocated/failed to allocate/
sm/certlist.c: s/should have not/should not have/

Consistency fix:

* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
2012-08-24 10:34:43 +02:00
David Prévot
bc95b35289 Actually show translators comments in PO files 2012-08-24 10:33:28 +02:00
Werner Koch
b8d7b33d69 Add provisions to build with Libgcrypt 1.6.
Replace gcry_md_start_debug by gcry_md_debug in all files.

* agent/gpg-agent.c (fixed_gcry_pth_init): Use only if
GCRY_THREAD_OPTION_VERSION is 0
* scd/scdaemon.c (fixed_gcry_pth_init): Ditto.
--

Libgcrypt 1.6 will have some minor API changes.  In particular some
deprecated macros and functions will be removed.  PTH will also be
dropped in favor of a thread model neutral locking method.
2012-05-24 10:55:11 +02:00
Werner Koch
a4b22d8edf Print the hash algorithm in colon mode key listing.
* g10/keylist.c (list_keyblock_colon): Print digest_algo.
2012-05-24 10:50:14 +02:00
Werner Koch
88633bf3d4 Allow compressed data with algorithm 0.
* g10/mainproc.c (proc_compressed): Remove superfluous check for
an algorithm number of 0.  This is bug#1326.
2012-03-26 15:14:55 +02:00
David Shaw
258192d4d4 Honor --cert-digest-algo when recreating a cert.
* g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
  recreating a cert.

This is used by various things in --edit-key like setpref, primary,
etc.  Suggested by Christian Aistleitner.
2012-01-31 21:41:03 -05:00
Werner Koch
f772757ea1 gpg: Add a DECRYPTION_INFO status.
* common/status.h (STATUS_DECRYPTION_INFO): New.
* g10/encr-data.c: Include status.h.
(decrypt_data): Emit STATUS_DECRYPTION_INFO line.
--

DECRYPTION_INFO <mdc_method> <sym_algo>
    Print information about the symmetric encryption algorithm and
    the MDC method.  This will be emitted even if the decryption
    fails.
2012-01-31 15:14:20 +01:00
David Shaw
333b870929 Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level

* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
  pending_check_trustdb is true (set when we detect a trustdb
  parameter has changed).

* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
  listing for min_cert_level not matching.

* g10/tdbio.c (tdbio_update_version_record, create_version_record,
  tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
  tdbio_write_record): Add a byte for min_cert_level in the tdbio
  version record.
2012-01-19 23:03:56 -05:00
David Shaw
5a0ed4a2cc Merge fix for issue 1331 from 1.4.
* photoid.c (generate_photo_id): Check for the JPEG magic numbers
instead of JFIF since some programs generate an EXIF header first.
2011-12-15 16:46:28 -05:00
Werner Koch
28c6cef128 Generate the ChangeLog from commit logs.
* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* scripts/git-hooks/commit-msg: New script.
* autogen.sh: Install commit-msg hook for git.
* doc/HACKING: Describe the ChangeLog policy.
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.

Rename all ChangeLog files to ChangeLog-2011.
2011-12-02 19:28:02 +01:00
Werner Koch
e306c18624 Removed some set but unused variables. 2011-08-04 12:22:04 +02:00
Werner Koch
dea8ad4535 Do not print read-only trustdb warning with --quiet.
This is only a warning and gpg would anyway print an error message if
it tries to write to the trustdb.
2011-07-29 10:00:15 +02:00
Werner Koch
3d99d3f5db Print the decoded iteration count with --list-packets.
Fixes bug#1355.
2011-07-22 13:56:14 +02:00
Werner Koch
fb44677c9f Allow generation of card keys up to 4096 bit.
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.
2011-07-07 11:20:53 +02:00
Werner Koch
3fe9938202 Provide pubkey letters e and E
This is only to print those letters instead of a question mark.  It
does not mean ECC is or will be supported in this branch.
2011-07-01 10:33:43 +02:00
Werner Koch
13290b0e0f Fix a for a bug fix in the latest Libgcrypt.
* pkglue.c (mpi_from_sexp, pk_decrypt): Use GCRYMPI_FMT_USG for
	gcry_sexp_nth_mpi.  This fixes a problem with a recent bug fix in
	Libgcrypt.
2011-06-13 14:35:30 +02:00
Werner Koch
18936a1970 Fix bug#1307. 2011-01-10 19:35:10 +01:00
David Shaw
2bd66b59a2 * pkclist.c (select_algo_from_prefs): Make sure the scores can't
overflow when picking an algorithm (not a security issue since we
can't pick something not present in all preference lists, but we might
pick something that isn't scored first choice).

* pkclist.c (select_algo_from_prefs): Slightly improve the handling of
MD5 in preference lists.  Instead of replacing MD5 with SHA-1, just
remove MD5 from the list altogether, and let the next-highest ranked
algorithm be chosen.
2010-10-29 19:54:56 +00:00
Werner Koch
7343086808 Fix memory leak 2010-09-29 18:42:43 +00:00
Werner Koch
420b04a504 Add missing space to Assuan command 2010-09-29 08:43:55 +00:00
Werner Koch
9fbaba32a5 fix for bug1234. 2010-09-28 13:21:42 +00:00