* agent/gpg-agent.c (create_private_keys_directory): Set permissions.
* common/sysutils.c (modestr_to_mode): New function.
(gnupg_mkdir): Use new function.
(gnupg_chmod): New function.
* common/sysutils.h (gnupg_chmod): New prototype.
* tests/migrations/from-classic.test: Test migration with existing
directory.
GnuPG-bug-id: 2312
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--
Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/Makefile.am: Build new program.
* tests/openpgp/defs.inc: Use the new program.
* tests/openpgp/fake-pinentry.c: New file.
--
Building an executable that does not require an interpreter makes it
easier to use on Windows.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/plain-largeo.asc: New file.
* tests/openpgp/version.test: Dearmor the new file instead of relying
on the source being present.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* tests/openpgp/gpgtar.test: Add test case.
* tools/gpgtar-create.c (gpgtar_create): Pass '--symmetric' flag to
gpg.
* tools/gpgtar.c (parse_arguments): We do handle the argument now.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/openpgp/gpgtar.test: Test signing.
* tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the
appropriate gpg arguments to implement signing and selecting the local
user.
* tools/gpgtar.c (parse_options): We do handle '--local-user' now.
(main): Handle signing, encrypting, and doing both when creating an
archive.
* tools/gpgtar.h (gpgtar_create): Update prototype.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (check_user_ids): If the search description is for an
exact match (a keyid or fingerprint that ends in '!'), then use the
matching key, not the primary key.
* tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test.
(priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc,
privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc,
privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc,
privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and
privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc.
(sample_keys): Add
samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc.
* tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc:
New file.
* tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc:
New file.
* tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc:
New file.
* tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc:
New file.
* tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc:
New file.
* tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc:
New file.
* tests/openpgp/use-exact-key.test: New file.
* tests/openpgp/version.test: Install the new private keys.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Reported-by: Kristian Fiskerstrand
<kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: 10cca02
* tools/gpgtar.c (enum cmd_and_opt_values): New value.
(opts): Add new group for tar options, rearrange a little, add
'--tar-args'.
(tar_opts): New variable.
(shell_parse_stringlist): New function.
(shell_parse_argv): Likewise.
(parse_arguments): Add option argument, handle '--tar-args'.
(main): Fix invokation of 'parse_arguments'.
* tests/openpgp/gpgtar.test: Simplify decryption.
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac: Define the automake conditional SQLITE3.
* tests/openpgp/Makefile.am (TESTS): Move the sqlite3 dependent tests
to...
(sqlite3_dependent_tests): ... this new variable. If SQLITE3 is not
defined, then clear this variable.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/encrypt.c (use_mdc): Make it a global func.
* g10/sign.c (sign_symencrypt_file): Use that function to decide
whether to use an MDC.
* tests/openpgp/conventional-mdc.test: Add a simple test case.
--
We used --force-mdc in sign+symenc mode (-cs) only with --force-mdc.
That broke our assumption from commit 625e292 (GnuPG 2.1.9) that all
uses of modern ciphers are using MDC.
Reported-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys. Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.
* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto. Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures. Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.
* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--
v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys. Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.
We have also kept support for v3 signatures until now. With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures. What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures. The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages. These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (stats_s): Remove field "imported_rsa".
(import_print_stats): Do not print separate value for RSA.
(import_one): Remove the RSA counter.
--
RSA is the standard key format and thus there is no more need to have
a separate counter. This is a remain from the RSA patent times.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.c (keydb_handle): Add field no_caching.
(keyblock_cache): Repalce field kid by fpr.
(keydb_disable_caching): New.
(keydb_search): Use the fingerprint as cache index.
* g10/import.c (import_one): Use the fingerprint and not the kid to
lookup the key. Call keydb_disable_caching beofre re-searching for
update.
* tests/openpgp/import.test: Add a test case.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/conventional-mdc.test: Add an s2k-count option.
* tests/openpgp/conventional.test: Ditto.
--
Due to measuring the iteration count for the passphrase hashing, the
conventional encryption tests are running quite slow. This patch
fixes it by using a fixed and lower value for the iteration count.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
--
In the hope that the IETF will eventually assign 22 for EdDSA using
the draft-koch-eddsa-for-openpgp-01 specs we start using this number.
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users.
(RFC2440, PGP2): Remove. Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--
The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5). Thus we remove all support for
_creating_ PGP 2 compatible messages.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey. Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp): Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
"NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.
* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems. We now use two \x27 characters ('...').
The proper solution would be to use the correct Unicode symmetric
quotes here. However this has the disadvantage that the system
requires Unicode support. We don't want that today. If Unicode is
available a generated po file can be used to output proper quotes. A
simple sed script like the one used for en@quote is sufficient to
change them.
The changes have been done by applying
sed -i "s/\`\([^'\`]*\)'/'\1'/g"
to most files and fixing obvious problems by hand. The msgid strings in
the po files were fixed with a similar command.
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
[spotted by coverity]
This is only in tests/, but easy to fix, so...
I've included extra context so you can see how var->value would
be used in the following atoi call.
>From cf9ae83fd2da8d7a289b048ef0feed4096f6d263 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Tue, 20 Sep 2011 16:32:59 +0200
Subject: [PATCH] avoid use of free'd pointer
* asschk.c (set_type_var): Set var->value to NULL after freeing it,
to avoid subsequent use of freed pointer.
The import test imports the keys as needed and because they are
passphrase protected we now need a pinentry script to convey the
passphrase to gpg-agent.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
Import and export of secret keys does now work. Encryption has been
fixed to be compatible with the sample messages.
This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
select returns with -1.
* tools.texi (gpg-connect-agent): New.
* app-openpgp.c (get_one_do): Never try to get a non cacheable
object from the cache.
(get_one_do): Add new arg to return an error code. Changed all
callers.
(do_getattr): Let it return a proper error code.
* app.c (select_application): Return an error code and the
application context in an new arg.
* command.c (open_card): Adjusted for that. Don't use the
fallback if no card is present. Return an error if the card has
been removed without a reset.
(do_reset, cmd_serialno): Clear that error flag.
(TEST_CARD_REMOVAL): New. Use it with all command handlers.
* scdaemon.c (ticker_thread): Termintate if a shutdown is pending.
* apdu.c: Added some PCSC error codes.
(pcsc_error_to_sw): New.
(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
(open_pcsc_reader): Do proper error code mapping.
* gpg-connect-agent.c: New.
* Makefile.am: Add it.
--with-validation is set.
* certchain.c (gpgsm_basic_cert_check): Print more detailed error
messages.
* certcheck.c (do_encode_md): Partly support DSA. Add new arg
PKALGO. Changed all callers to pass it.
(pk_algo_from_sexp): New.
tests/pkits: New directory
* asschk.c (start_server): Close the parent's file descriptors in
the child.
(read_assuan): Variable NREAD removed. Cut off the received line
currectly if more than one line was read.