1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

947 Commits

Author SHA1 Message Date
Werner Koch
d9b31d3a20
gpg: Allow deletion of subkeys with --delete-[secret-]key.
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--

GnuPG-bug-id: 4457
2019-05-27 11:41:35 +02:00
NIIBE Yutaka
ee766b2b5d common: Fix AWK portability.
* common/Makefile.am: Use pkg_namespace.
* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.

--

Cherry-picked from master commit:
	b6f0b0efa1

GnuPG-bug-Bug: 4459
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-04-16 13:27:44 +09:00
NIIBE Yutaka
6e422b5135 common: Fix gnupg_wait_processes.
* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
even if we already see an error.

--

Cherry-picked master commit of:
	eeb3da6eb7

The value stored by waitpid for exit code is encoded;  It requires
decoded by WEXITSTATUS macro, regardless of an error.

For example, when one of processes is already exited and another is
still running, it resulted wrong value of in r_exitcodes[n].

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 15:49:55 +09:00
Werner Koch
7922e2dd1c
Release 2.2.13 2019-02-12 16:30:31 +01:00
Werner Koch
d29d73264f
common: Provide function to get public key algo names in our format.
* common/sexputil.c (pubkey_algo_string): New.
--

The new gpg format for public key algorithms is useful at other places
as well.  Thus we make this new function available.  Note that the
code we use in gpg is not based on s-expressions and thus a new
function was required.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 03bf8e967a)

Not yet used in 2.2 but will likely be needed by future backports.
2019-02-11 10:59:35 +01:00
Werner Koch
ee8d1a9e6c
common: New functions get_option_value and ascii_strupr.
* common/server-help.c (get_option_value): New.
* common/stringhelp.c (ascii_strupr): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e2f18023b3)

This might come handy when we eventually backport other changes.
2019-02-11 10:59:34 +01:00
Werner Koch
b78f293cf0
common: Provide some convenient OpenPGP related constants.
* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
(OPENPGP_MAX_NSKEY): New.
(OPENPGP_MAX_NSIG): New.
(OPENPGP_MAX_NENC): New.
* g10/packet.h: Define PUBKEY_MAX using the new consts.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f382984966)
2019-01-29 20:18:52 +01:00
Werner Koch
dddbb26155
common: New helper functions for OpenPGP curve OIDs.
* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
to ...
(openpgp_oidbuf_to_str): new.
(openpgp_oidbuf_is_ed25519): New.
(openpgp_oidbuf_is_cv25519): New.
--

At some places it is more convenient (and faster) to directly work on
buffers and avoid the way via opaque MPIs.  These 3 new functions
allow for that.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4a1558d0c7)
2019-01-29 20:17:29 +01:00
Jussi Kivilinna
ebd434a45e
common/iobuf: fix memory wiping in iobuf_copy
* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
first sizeof(char*) bytes.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit 654e353d9b)
2018-12-05 08:25:48 +01:00
Jussi Kivilinna
21fdef6963
common: Use platform memory zeroing function for wipememory
* common/mischelp.h (wipememory): Replace macro with function
prototype.
(wipememory2): Remove.
* common/mischelp.c (wipememory): New.
* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
remove duplicated checks.
--

In new wipememory function, memory is cleared through platform
provided secure memory zeroing function, SecureZeroMemory
or explicit_bzero.

If none of these is available, memset is called through
volatile function pointer to so that compiler won't optimize
away the call.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit 2a650772b4)
2018-12-05 08:23:57 +01:00
Werner Koch
e53253485c
agent: Fix possible uninitalized use of CTX in simple_pwquery.
* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
--

GnuPG-bug-id: 4223
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit bafcf70951)
2018-10-24 20:30:17 +02:00
NIIBE Yutaka
8f844ae1cd common: Fix gnupg_reopen_std.
* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.

--

Cherry-pick from master commit of:
	50b02dba20

When gpg was invoked by a Perl web application on FreeBSD, fstat in
gnupg_reopen_std failed with EBADF.  Using fcntl, which is considered
lighter than fstat, it works fine.  Since uur purpose is to check if
file descriptor is valid or not, lighter operation is better.

Reported-by: Marcin Gryszkalis <mg@fork.pl>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-02 14:31:56 +09:00
NIIBE Yutaka
0383e7fed7 common: Use iobuf_get_noeof to avoid undefined behaviors.
* common/iobuf.c (block_filter): Use iobuf_get_noeof.

--

Cherry-pick from master commit of:
	f80346f42d

When singed integer has negative value, left shift computation is
undefined in C.

GnuPG-bug-id: 4093
Reported-by: Philippe Antoine
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-10 13:59:14 +09:00
NIIBE Yutaka
f0fdee2e24 Fix use of strncpy, which is actually good to use memcpy.
* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.

--

Cherry-pick of master commit of:
	625ced6e67

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-06 11:46:20 +09:00
Werner Koch
38eb7c360b
assuan: Fix exponential decay for first second.
* common/asshelp.c (wait_for_sock): Round SECSLEFT.
* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
mode.
* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
--

Without the rounding we saw in verbose mose

 [...]to come up ... (5s)
 [...]to come up ... (4s)

immediately without the expected one second delay.  Waiting for the
next seconds did not work if nanosleep was used due to improper passed
parameters in gnupg_usleep.

Adding --debug-wait for dirmngr in daemon mode is required to test
this change.

GnuPG-bug-id: 3490
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0cfdd3b57d)
Fixes-commit: 1189df2cd7
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28 16:47:38 +02:00
Daniel Kahn Gillmor
1189df2cd7
assuan: Use exponential decay for first 1s of spinlock.
* common/asshelp.c (wait_for_sock): instead of checking the socket
every second, we check 10 times in the first second (with exponential
decay).
--

This cuts the wall clock time for the standard test suite roughly by
half.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 149041b0b9)
2018-08-28 16:41:47 +02:00
Daniel Kahn Gillmor
a22a55b994
assuan: Reorganize waiting for socket.
* common/asshelp.c (wait_for_sock): New function, collecting
codepaths from...
(start_new_gpg_agent) here and...
(start_new_dirmngr) here.
--

This has no functional change, but makes it easier to make this
function more efficient.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 0471ff9d3b)
2018-08-28 16:41:35 +02:00
Werner Koch
4f59187a17
common: New function to validate domain names.
* common/mbox-util.c (is_valid_domain_name): New.
* common/t-mbox-util.c (run_dns_test): New test.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ddee9f9409)
2018-07-29 18:39:32 +02:00
Werner Koch
f7f3043653
gpg: Fix "Too many open files" when using --multifile.
* common/miscellaneous.c (is_file_compressed): Don't cache the file.
--

This seems to be a pretty old bug.  The fix is easy and also reveals
that -z0 can be used as a workaround.

GnuPG-bug-id: 3951
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-02 19:03:07 +02:00
Andre Heinecke
3bd793256e
common,w32: Hide spawned processes by default
* common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
instead of SW_MINIMIZE.

--
Spawning minimized shows icons in the task bar so users
see that background processes are started, which is unusual.

I'm pretty sure that the intention of the code was to hide
the window if not in spawn debug mode. This is also what
GPGME does.

This fixes dirmngr_ldap process windows and other
spurious reports about e.g. a gpgv console window from
loadswdb.

GnuPG-Bug-Id: T3937
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-05-02 14:07:39 +02:00
Werner Koch
6da7aa1e7c
gpg,w32: Fix empty homedir when only a drive letter is used.
* common/homedir.c (copy_dir_with_fixup): New.
(default_homedir): Use here.
(gnupg_set_homedir): And here .
--

This actually fixes a couple of cases for Windows.  Both --home-dir
and GNUPGHOME.  The interpretation of "c:" -> "c:/" might not be the
correct one but because we need an absolute dir anyway it is the less
surprising one.  Note that this does not include a full syntax check
and fixup and thus it is very well possible that the result is not an
absolute directory.

GnuPG-bug-id: 3720
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 14:44:21 +02:00
Werner Koch
05c55ee260
agent: New OPTION pretend-request-origin
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--

This allows to pretend that a request originated from the extra or
browser socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 08:37:14 +01:00
Werner Koch
9581a65ccc
Release 2.2.5
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-22 15:32:36 +01:00
Werner Koch
f19ff78f0f
common: Use new function to print status strings.
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2018-02-14 12:21:44 +01:00
Werner Koch
f3ba66781a
kbx: Simplify by removing custom memory functions.
* kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
(_keybox_malloc, _keybox_calloc, keybox_realloc)
(_keybox_free): Remove.
(keybox_file_rename): Remove.  Was not used.
* sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
* kbx/kbxutil.c (main): Ditto.
* kbx/keybox-defs.h: Remove all separate includes.  Include util.h.
remove convenience macros.
* common/logging.h (return_if_fail): New.  Originally from
keybox-defs.h but now using log_debug.
(return_null_if_fail): Ditto.
(return_val_if_fail): Ditto.
(never_reached): Ditto.
--

Originally the KBX code was written to allow standalone use.  However
this required lot of ugliness like separate memory allocators and
such.  It also precludes the use of some standard functions from
common due to their use of the common gnupg malloc functions.
Dropping all that makes things easier.  Minor disadvantages: the kbx
call done for gpg will now use gcry malloc fucntions and not the
standard malloc functions.  This might be a bit slower but removing
them even fixes a possible bug in keybox_tmp_names which is used in
gpg and uses gpg's xfree which is actually gcry_free.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-22 12:55:46 +01:00
Werner Koch
290348e349
common: Use larger buffer for homedir in case of 64 bit UIDs.
* common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
bytes for "/gnupg".
--

The temporary buffer was to short for the extra "/gnupg".  However the
20 bytes for the UID is large enough for all 32 bit UIDs and would
only fail (detected) if  a 64 bit UID is used.

Fixes-commit: 17efcd2a2a
Reported-by: Rainer Perske.
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-20 15:37:29 +01:00
Werner Koch
17efcd2a2a
build: New configure option --enable-run-gnupg-user-socket.
* configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
* common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
--

This allows to build GnuPG with an extra socketdir below /run.  See
https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033250.html
for a longer explanation why this is sometimes useful.

Suggested-by: Rainer Perske
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 09:42:43 +01:00
Werner Koch
ddd54d8210
Revert: build: Do not define logging.h constants for ...
---

This reverts commit 2fedf8583b.

We better solve this on the libgpg-error side.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-08 13:27:36 +01:00
Werner Koch
2fedf8583b
build: Do not define logging.h constants for libgpg-error dev versions.
* common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log
constants.
--

logging.h uses constants we plan to use for future versions of
libgpg-error.  My dev version already has the logging functions and
thus I run into a conflict.  This patch protects against this and make
the GnuPG work with later libgpg-error versions.

It was not the best idea to use constants from a planned libgpg-error
in the first place.  The actual problem are the enums, the macros
won't harm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-07 14:53:49 +01:00
NIIBE Yutaka
0e5bd473a0
common: Accept the Z-suffix for yymmddThhmmssZ format.
* common/gettime.c (isotime_p): Accept the Z suffix.

--

The intention is use for human interface.

GnuPG-bug-id: 3278
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit ba8afc4966)
2017-11-01 18:35:29 +01:00
Werner Koch
a21ca77988
indent: Wrap overlong lines in argparse.c
--
2017-08-01 08:28:01 +02:00
Werner Koch
6502bb0d2a
gpg: Tweak compliance checking for verification
* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--

We should be able to verify all signatures.  So we only print a
warning.  That is the same beheavour as for untrusted keys etc.

GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-27 16:22:36 +02:00
Werner Koch
a0d0cbee76
gpg,sm: Fix compliance checking for decryption.
* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
signing check.  We don't support Elgamal signing at all.
(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
Check the curvenames for ECDH.
* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
is not compliant.
* sm/decrypt.c (gpgsm_decrypt): Ditto.  Use the same string as in gpg
so that we have only one translation.
--

We always allow decryption and print only a note if the key was not
complaint at the encryption site.

GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-27 13:56:38 +02:00
Werner Koch
24c7aa0d58
common: Strip trailing slashes from the homedir.
* common/homedir.c (default_homedir): Strip trailing slashes.
(gnupg_set_homedir): Ditto.

--

is_gnupg_default_homedir() does not ignore trailing slashes when
comparing directory names.  This can lead to multiple agents started
on the same directory if the homedir was specified with --homedir or
GNUPGHOME without or with a number of slashes.

We now make sure that the home directory name never ends in a
slash (except for the roo of course).

GnuPG-bug-id: 3295
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 15:22:48 +02:00
Werner Koch
226f143ca0
common: New functions gnupg_daemon_rootdir and gnupg_chdir.
* common/sysutils.c (gnupg_chdir): New.
* common/homedir.c (gnupg_daemon_rootdir): New.
* agent/gpg-agent.c (main): Use these functions instead chdir("/").
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 12:43:37 +02:00
Werner Koch
bddc2e04f1
common: New function print_utf9_string.
* common/miscellaneous.c (print_utf8_string): New.
--

This is a simple convenience function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-20 18:13:40 +02:00
NIIBE Yutaka
84146b3ec4 common: logstream fix.
* common/logging.c (set_file_fd): Don't close es_stderr.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-20 16:37:56 +09:00
Marcus Brinkmann
f17862d47d common: Allow abbreviations of standard options.
* argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION,
ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New
macros.
(ARGPARSE_end): Add some placeholders for standard options.
* argparse.c (arg_parse): Fill in missing standard options so
default machinery works.  Check for standard options in new way.
Do not write out standard options for --dump-options.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 1747
2017-07-18 18:08:25 +02:00
Werner Koch
a149afe338
gpg,sm: Check compliance of the RNG.
* common/compliance.c (gnupg_rng_is_compliant): New.
* g10/call-agent.c (start_agent) [W32]: Check rng compliance.
* sm/call-agent.c (start_agent) [W32]: Ditto.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* g10/sign.c (do_sign): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
--

Under Windows we need to check that the Jitter RNG is active in de-vs
mode.  Under Linux this is not necessary because /dev/random can be
scrutinized and is believed to provide enough entropy.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-17 15:53:16 +02:00
Werner Koch
849467870e
common: New function split_fields_colon.
* common/stringhelp.c (split_fields_colon): New.
* common/t-stringhelp.c (test_split_fields_colon): New test.
(main): Call that test.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-17 15:53:16 +02:00
Werner Koch
1ead1ca818
agent: Shutdown on removal of the home directory.
* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--

GnuPG-bug-id: 3218

Note that we should add this also to dirmngr.  And for non-Linux
systems a stat in ticker should be implemented.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-23 13:20:42 +02:00
Werner Koch
f31dc2540a
gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--

This status code allows to report whether an encryption operation was
compliant to de-vs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-23 12:01:20 +02:00
Werner Koch
3621dbe525
gpg,gpgsm: Fix compliance check for DSA and avoid an assert.
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check.  Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check.  Replace
assert by debug message.

--

Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative.  Better use a boolean test.

The assert could have lead to a regression for no good reason.  Not
being compliant is better than breaking existing users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 19:57:11 +02:00
Werner Koch
6cc4702767
indent: Always use "_(" and not "_ (" to mark translatable strings.
--

This makes greping much easier and we have done that since ever.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 19:57:11 +02:00
Werner Koch
3419a339d9
Change license of some files to LGPLv2.1.
* COPYING.LIB: Rename to COPYING.LGPL3.
* COPYING.LGPL21: New.
* COPYING.GPL2: New.
* Makefile.am: Distribute them.
* AUTHORS: Update license pointers.  Add BSI as copyright holder.
* common/compliance.c, common/compliance.h: Add BSI copyright notice.
Break overlong lines.
* dirmngr/loadswdb.c: Add BSI copyright notices.
* dirmngr/server.c: Ditto.
* tools/call-dirmngr.c: Change license to LGPLv2.1.  Add BSI
copyright notice.
* tools/call-dirmngr.h: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpg-wks.h: Ditto.
* tools/mime-maker.c: Ditto.
* tools/mime-maker.h: Ditto.
* tools/mime-parser.c: Ditto.
* tools/mime-parser.h: Ditto.
* tools/send-mail.c: Ditto.
* tools/send-mail.h: Ditto.
* tools/wks-receive.c: Ditto.
* tools/wks-util.c: Ditto.
* tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
--

For better deployment it seems to be better to make the Web Key
Directory code more easily available.

Some code was been developed under contract of the BSI.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:42:13 +02:00
Justus Winter
6e23416fe6
gpg: Disable compliance module for other GnuPG components.
* common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
false if the module is not initialized.
(gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
not initialized.
(gnupg_status_compliance_flag): Do not assert that the module is
initialized.
(gnupg_parse_compliance_option): Likewise.
(gnupg_compliance_option_string): Likewise.
--

This implements a default policy for modules not explicitly using the
compliance module.  The default policy is to allow all algorithms, but
mark none of them as compliant.

Fixes gpgv.

GnuPG-bug-id: 3210
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-19 11:00:04 +02:00
Werner Koch
7c91b48f0e
common: Fix -Wswitch warning.
* common/compliance.c (gnupg_digest_is_allowed): Don't include
GCRY_MD_WHIRLPOOL because it is not a digest_algo_t.
--

Note that Whirlpool is not used anywhere in gpg or gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-13 09:01:24 +02:00
Justus Winter
a64a55e104
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
* common/compliance.c (gnupg_pk_is_allowed): New function.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* common/compliance.h (enum pk_use_case): New definition.
(gnupg_pk_is_allowed): New prototype.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
the new predicates.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/gpg.c (main): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sig-check.c (check_signature2): Likewise.
* g10/sign.c (do_sign): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (main): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

With this change, policies can effectively restrict what algorithms
are used for different purposes.  The algorithm policy for CO_DE_VS is
implemented.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-08 14:22:54 +02:00
Justus Winter
e051e39615
common: Add cipher mode to compliance predicate.
* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
* g10/mainproc.c (proc_encrypted): Adapt callsite.
* sm/decrypt.c (gpgsm_decrypt): Likewise.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:54:44 +02:00
Justus Winter
21fc2508c9
common,gpg,sm: Initialize compliance module.
* common/compliance.c (gnupg_initialize_compliance): New function.
* common/compliance.h (gnupg_initialize_compliance): New prototype.
* g10/gpg.c (main): Use the new function.
* sm/gpgsm.c (main): Likewise.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:54:42 +02:00