1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Commit Graph

8267 Commits

Author SHA1 Message Date
Werner Koch
4e0696de89
wks: Use dedicated type to convey user ids.
* tools/gpg-wks.h (uidinfo_list_s, uidinfo_list_t): New.
* tools/wks-util.c (append_to_uidinfo_list): New.
(free_uidinfo_list): New.
(wks_list_key): Change arg r_mboxes to uidinfo_list_t.  Use
append_to_uidinfo_list.
* tools/gpg-wks-server.c (sserver_ctx_s): Replace strlist_t by
uidinfo_list_t.
(process_new_key): Ditto.
(check_and_publish): Ditto.
(command_receive_cb): Replace free_strlist by free_uidinfo_list.
* tools/gpg-wks-client.c (command_check): Replace strlist_t by
uidinfo_list_t.  Also print user id in verbose mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-18 11:16:07 +02:00
Werner Koch
006ca124ed
gpgv: Initialize compliance checker.
* g10/gpgv.c (main): Call gnupg_initialize_compliance.
--

The compliance checker needs to be initialize so that it won't let
spit out a "not suitable" message.  We use the module name of gpg.
Because there is no option to change the compliance mode in gpgv we
will always be in the default (CO_GNUPG) mode.  It also does not make
much sense to have it here because gpgv expects a "curated" keyring.

GnuPG-bug-id: 3404
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-13 09:18:15 +02:00
Werner Koch
a821b4f556
wks: Add hack for the broken posteo system
* tools/gpg-wks-client.c (command_send): Additional hack for posteo.
Check the protocol-version flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-12 18:08:09 +02:00
Werner Koch
332c9eaa2a
wks: Add new policy flag protocol-version
* tools/gpg-wks.h (policy_flags_s): Add field protocol_version.
* tools/wks-util.c (wks_parse_policy): Add new policy flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-12 18:05:00 +02:00
Werner Koch
8b5a2474f2
gpg: Fix "Fix key generation with only an email part".
* g10/keygen.c (proc_parameter_file): Don't check the result of
stpcpy.
--

Fixes-commit: 7089dcc540
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-12 14:38:44 +02:00
Werner Koch
c65a7bba73
wks: Use unencrypted draft-1 mode for posteo.de
* tools/gpg-wks-client.c (command_send): Allow sending in draft-1
mode.
--

Obviously Posteo did not implement the current draft and thus it was
not possible to send a request to them.  This hack uses the old method
for posteo.de.  Not sending it encrypted is okay here because they use
authenticated sending anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-12 14:35:11 +02:00
Werner Koch
7d15ee8898
tools: New function mime_maker_add_body_data.
* tools/mime-maker.c (mime_maker_add_body_data): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-12 14:35:06 +02:00
Alon Bar-Lev
384a3748d9
sm: Move qualified.txt from datadir into sysconfdir
* doc/Makefile.am: Move qualified.txt into examples.
* doc/qualified.txt: Move into examples, remove trailing spaces.
* doc/examples/README: Document qualified.txt.
* doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
* sm/qualified.c (read_list): Move qualified.txt from datadir into
sysconfdir.
--

The qualified.txt is maintained by Administrator it is a configuration
file. In the past it was a hybrid, provided by package and controlled
by the Administrator, however, it is no longer maintained by package.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
2017-09-11 12:42:53 +02:00
NIIBE Yutaka
a172759b50
tests: Fix a test which specifies expiration date.
* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.

--

This is a bug fix for Amelia Earhart who is probably in UTC-12.

When expiration date is specified, GnuPG interprets it as noon of the
date in local time.

Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day.  When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.

GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-09-11 11:39:17 +02:00
NIIBE Yutaka
827abe01a7
scd: Fix for large ECC keys.
* scd/app-openpgp.c (do_decipher): Support larger length.

--

Reported-by: Achim Pietig <achim@pietig.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-09-11 11:39:14 +02:00
Werner Koch
7089dcc540
gpg: Fix key generation with only an email part.
* g10/keygen.c (proc_parameter_file): Special case the email only
case.
--

Using a parameter file like

  %ask-passphrase
  key-type:      RSA
  key-length:    2048
  key-usage:     sign
  subkey-type:   RSA
  subkey-length: 2048
  subkey-usage:  encrypt
  name-email:    foo@example.org

with "gpg --gen-key --patch" the result was this key

  pub   rsa2048 2017-09-11 [SC]
        63A8C1BA12CC289A0E8072C971C7F8D4A18CE0BE
  uid           [ultimate]  <foo@example.org>
  sub   rsa2048 2017-09-11 [E]

At least the the extra leading space the left angle bracket is wrong.
Further some mail providers reject keys which consist of more than
just a plain mail address.  Using just a mail address is anyway the
new new suggested content for a user id.  With this patch the key
will be

  pub   rsa2048 2017-09-11 [SC]
        B302343C20EA6DECDB6A155135352F2520397080
  uid           [ultimate] foo@example.org
  sub   rsa2048 2017-09-11 [E]

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-11 11:29:13 +02:00
Daniel Kahn Gillmor
926d07c5fa agent: compile-time configuration of s2k calibration.
* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
AGENT_S2K_CALIBRATION (measured in milliseconds)
* agent/protect.c (calibrate_s2k_count): Calibrate based on
AGENT_S2K_CALIBRATION.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3399
2017-09-08 17:08:57 -04:00
Daniel Kahn Gillmor
73ff075204 gpg: default to AES-256.
* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.

--

It's 2017, and pretty much everyone has AES-256 available.  Symmetric
crypto is also rarely the bottleneck (asymmetric crypto is much more
expensive).  AES-256 provides some level of protection against
large-scale decryption efforts, and longer key lengths provide a hedge
against unforseen cryptanalysis.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-09-08 14:32:49 -04:00
Daniel Kahn Gillmor
909fbca196 gpg: default to 3072-bit RSA keys.
* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0015-gpg-default-to-3072-bit-RSA-keys.patch
2017-09-08 11:37:42 -04:00
Daniel Kahn Gillmor
7955262151 gpgsm: default to 3072-bit keys.
* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
2017-09-08 11:37:42 -04:00
NIIBE Yutaka
17f764dd49 tests: Fix a test which specifies expiration date.
* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.

--

This is a bug fix for Amelia Earhart who is probably in UTC-12.

When expiration date is specified, GnuPG interprets it as noon of the
date in local time.

Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day.  When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.

GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-09-08 14:21:29 +09:00
NIIBE Yutaka
ff7ccd284c scd: Fix for large ECC keys.
* scd/app-openpgp.c (do_decipher): Support larger length.

--

Reported-by: Achim Pietig <achim@pietig.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-08-29 14:35:47 +09:00
Werner Koch
9e3d41bf72
Post release updates
--
2017-08-28 11:57:17 +02:00
Werner Koch
82d9a201dd
Post release updates
--
2017-08-28 11:56:14 +02:00
Werner Koch
9d80fb8e00
Release 2.2.0 2017-08-28 11:18:26 +02:00
Werner Koch
24462fea50
po: Auto update
--
2017-08-28 11:17:39 +02:00
Werner Koch
45d5f5800a
scd: Convey the correct length for Le
* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>

Arnaud wrote:

  Actually, when the incorrect expected response length (i.e. Le
  field) is transmitted to the card, the card's answer is missing a
  byte (i.e. ...  6101) so an additional command has to be sent to the
  card to retrieve the last byte. Using the correct length avoids to
  send the additional command to retrieve the missing byte, when the
  computed length is wrong.

Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-27 16:42:52 +02:00
Werner Koch
13821e15fb
gpg: Fix memory leak while running --check-trustdb.
* g10/trustdb.c (update_min_ownertrust): Free PK.
--

This bug was revealed by the new trust-pgp-2.scm test.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24 22:10:44 +02:00
Werner Koch
b065a69634
gpg: Fix memory leak in sig-check.
* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
condition.  Actually free when SIGNER was allocated by us.
--

SIGNER_ALLOCATED never received a value of -1 but that was tested.

IF SIGNER_ALLOCATED was 2 the memory was never freed:

  if (signer_allocated == 1)
    if (signer_allocated == 2)
      free()

Fixes-commit: 44cdb9d73f

This function needs to be audited more thoroughly.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24 20:26:19 +02:00
Werner Koch
757302cc7a
indent: Change comment style on two functions
--

This is to make those function better readable.

  if (foo)
     /* Comment */
     {

     }

is bad style because it requires extra time to notice the begin of the
block and vice versa when noticing the block it is not clear whether
this is an conditioned or unconditioned block.

Having asterisks on the left is better for view impaired people and
for b/w printouts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24 19:19:23 +02:00
Werner Koch
02a5df614a
build: Remove obsolete option from autogen.rc
* autogen.rc: Remove --enable-gpg2-is-gpg.
--

This option is now the default.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24 17:44:02 +02:00
Werner Koch
565e486b80
gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".
* g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
(main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
* tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible.  Make
"auto-key-retrieve" an expert option.
--

This basically reverts 9bb13a0e81
because --no-auto-key-retrieve is again the default.  Note that we
allow both options for the sake of profiles.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23 16:45:20 +02:00
Werner Koch
b917cb66b7
tests: Do not run trust-pgp-4.scm
* tests/openpgp/Makefile.am (XTESTS): Remove test.
(EXTRA_DIST): Add test file.
--

There are two problems with this test: First a syntax error in the
file name so that the test was not used at all.  Second the test
currently returns FAIL.

Fixes-commit: c23a69970b
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23 15:55:20 +02:00
Werner Koch
008ae0bd86
build: Change SWDB tag "gnupg21" to "gnupg22".
* configure.ac (GNUPG_SWDB_TAG): New ac_define.  Set it to "gnupg22".
* tools/gpgconf.c (query_swdb): Use it.
* build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
* Makefile.am (distcheck-hook): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23 14:52:29 +02:00
Åka Sikrom
fd0e5b60be
po: Update Norwegian translation
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23 14:19:01 +02:00
Andre Heinecke
6158811304
agent: Fix string translation for Windows
* agent/agent.h (L_): Define agent_Lunderscore when simple
gettext is used.

--
This fixes a regression introduced by b3286af3 ENABLE_NLS
is not defined if we use simple gettext and not gettext.

GnuPG-Bug-Id: T3364
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-08-23 11:04:47 +02:00
NIIBE Yutaka
e6fa6b0ce8 po: Update Japanese translation 2017-08-22 11:24:31 +09:00
Damien Goutte-Gattat
c23a69970b
tests: Add tests for the PGP trust model.
* tests/openpgp/trust-pgp-1.scm: New file.
* tests/openpgp/trust-pgp-2.scm: New file.
* tests/openpgp/trust-pgp-3.scm: New file.
* tests/openpgp/trust-pgp-4.scm: New file.
* tests/openpgp/trust-pgp/common.scm: New file.
* tests/openpgp/trust-pgp/scenario1.asc: New file.
* tests/openpgp/trust-pgp/scenario2.asc: New file.
* tests/openpgp/trust-pgp/scenario3.asc: New file.
* tests/openpgp/trust-pgp/scenario4.asc: New file.
* tests/openpgp/trust-pgp/alice.sec.asc: New file.
* tests/openpgp/trust-pgp/bobby.sec.asc: New file.
* tests/openpgp/trust-pgp/carol.sec.asc: New file.
* tests/openpgp/trust-pgp/david.sec.asc: New file.
* tests/openpgp/trust-pgp/frank.sec.asc: New file.
* tests/openpgp/trust-pgp/grace.sec.asc: New file.
* tests/openpgp/trust-pgp/heidi.sec.asc: New file.
* tests/openpgp/Makefile.am (XTESTS): Add new tests.
(TEST_FILES): Add new files.
(EXTRA_DIST): Add new common file.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-08-21 17:12:05 +02:00
Damien Goutte-Gattat
cbe54b28bf
tests: Move some functions into a common module.
* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
module.
(checktrust): Likewise.
* tests/openpgp/defs.scm (gettrust): New function.
(checktrust): Likewise.
--

These functions will be re-used by the tests for the PGP trust
model.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-08-21 16:51:03 +02:00
Damien Goutte-Gattat
0161225457
gpgconf: Make WoT settings configurable by gpgconf.
* tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
completes-needed, and marginals-needed options.
* g10/gpg.c (gpgconf_list): Likewise.
--

Some tests to come for the PGP trust model will need to manipulate
these parameters.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-08-21 16:50:01 +02:00
Justus Winter
6e596b2a74
gpgscm: Fix -Wimplicit-fallthrough warnings.
* tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
is at the front.
(Eval_Cycle): Improve fallthrough annotations.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-21 14:49:29 +02:00
Daniel Kahn Gillmor
e6f84116ab gpg: default to --no-auto-key-retrieve.
* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--

This is a partial reversion of
7e1fe791d1.  Werner and i discussed it
earlier today, and came to the conclusion that:

 * the risk of metadata leakage represented by a default
   --auto-key-retrieve, both in e-mail (as a "web bug") and in other
   contexts where GnuPG is used to verified signatures, is quite high.

 * the advantages of --auto-key-retrieve (in terms of signature
   verification) can sometimes be achieved in other ways, such as when
   a signed message includes a copy of its own key.

 * when those other ways are not useful, a graphical, user-facing
   application can still offer the user the opportunity to choose to
   fetch the key; or it can apply its own policy about when to set
   --auto-key-retrieve, without needing to affect the defaults.

Note that --auto-key-retrieve is specifically about signature
verification.  Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate.  This change
does not touch the --auto-key-locate default of "local,wkd".  The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-11 02:26:52 -04:00
Ineiev
2d6832aa83
po: Update Russian translation
--

There was a small merge conflict.  I hope I did not mess it up. -wk
2017-08-10 12:40:15 +02:00
Justus Winter
23107ba20f
tests: Improve documentation.
* tests/openpgp/README: Add quickstart instructions, how to use
shell.scm, remove no longer used MKDATA.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-10 12:04:43 +02:00
Marcus Brinkmann
977fc5f0eb g10: Write status error on error of --quick-revoke-uid.
* g10/keyedit.c (keyedit_quick_revuid): Write status error on error.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2963
2017-08-09 18:37:20 +02:00
Werner Koch
d6b40a9c86
Post release updates
--
2017-08-09 16:58:47 +02:00
Werner Koch
e8ffa9a6ca
Release 2.1.23
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-09 15:52:48 +02:00
Werner Koch
31a9973363
po: Auto-update
--
2017-08-09 15:45:40 +02:00
Werner Koch
2059dbf201
po: Update German translation 2017-08-09 12:50:44 +02:00
Werner Koch
fb21aa8b50
build: New configure option --enable-all-tests.
* configure.ac: New option --enable-all-tests.
* tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*.
* tests/openpgp/all-tests.scm (all-tests): Use that var instead
of *maintainer-mode*.
* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests.
--

It is better to have a separate option to run all tests than to put
this on top of --enable-maintainer-mode.  This way we can also make
sure to run all tests during "make distcheck".

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-08 17:49:53 +02:00
Werner Koch
0bd19dae11
gpgscm: Make the test summary stand out
* tests/gpgscm/tests.scm (test-pool): Add delimiter lines.
--

This is to make those summaries a bit more simlar to those from
automake.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-08 13:47:00 +02:00
Werner Koch
0a8e20c4c6
sm: Always print the keygrip in colon mode.
* sm/keylist.c (list_cert_colon): Always print the keygrip as
described in the manual.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-08 13:05:50 +02:00
Justus Winter
c4506f624e
gpg: Add option '--disable-dirmngr'.
* doc/gpg.texi: Document new option.
* g10/call-dirmngr.c (create_context): Fail if option is given.
* g10/gpg.c (cmd_and_opt_values): New value.
(opts): New option.
(gpgconf_list): Add new option.
(main): Handle new option.
* g10/options.h (struct opt): New field 'disable_dirmngr'.
* tools/gpgconf-comp.c (gc_options_gpg): New option.

GnuPG-bug-id: 3334
Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-08 11:43:22 +02:00
Daniel Kahn Gillmor
81074c3b02 systemd-user: Drop redundant After=*.socket.
* doc/examples/systemd-user/*.service: Drop redundant After=*.socket
directive.

--

systemd.socket(5) says:

   Socket units will have a Before= dependency on the service which
   they trigger added implicitly.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07 08:01:18 -04:00
Daniel Kahn Gillmor
407da18254 systemd-user: Drop RefuseManualStart=true.
* doc/examples/systemd-user/*.service: drop RefuseManualStart=true

--

These user services can be safely started manually as long as at least
their primary sockets are available.  They'll just start with nothing
to do, which should be fine.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07 08:01:18 -04:00