1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

5370 Commits

Author SHA1 Message Date
Werner Koch
c4b60cdae8 sm: Create homedir and lock empty keybox creation.
* sm/gpgsm.h (opt): Add field "no_homedir_creation".
* sm/gpgsm.c (main): Set it if --no-options is used.
* sm/keydb.c (try_make_homedir): New.  Similar to the one from
g10/openfile.c.
(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
(keydb_add_resource): Replace some code by maybe_create_keybox.
2014-08-14 17:15:50 +02:00
Werner Koch
21e5125e44 build: Yet another autogen.sh --find-version change.
--
2014-08-14 17:15:25 +02:00
Werner Koch
c23c18c154 gpg: Screen keyserver responses.
* g10/main.h (import_screener_t): New.
* g10/import.c (import): Add screener callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (struct ks_retrieval_screener_arg_s): New.
(keyserver_retrieval_screener): New.
(keyserver_get): Pass screener to import_keys_es_stream().
--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring
that the keys fetched from the keyserver are in fact those selected by
the user beforehand.

Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de>

This is an extended and fixed versions of Stefan's patch.  In addition
to the changes done in gnupg 2.0, namely the commits

  5e933008be
  044847a0e2
  088f82c0b5

the symbol names have been changed to "screener" to void mixing them
up with the iobuf filter feature and it has been changed to be used
with the dirmngr based keyserver lookup.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-08-14 15:21:21 +02:00
Werner Koch
a61b28df1f scd: Minor changes to app-sc-hsm.
* scd/app-sc-hsm.c: Re-indendet some parts and set some vars to NULL
after xfree for improbed robustness.
(read_ef_prkd): Replace serial operator by blocks for better
readability.
(apply_PKCS_padding): Rewrite for easier auditing.
(strip_PKCS15_padding): Ditto.  Add stricter check on SRCLEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-08-14 14:09:37 +02:00
Werner Koch
ae29b52119 gpg: Disable an MD5 workaround for pgp2 by default.
* g10/sig-check.c (do_check): Move some code to ...
* g10/misc.c (print_md5_rejected_note): new function.
* g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround
only if option --allow-weak-digest-algos is used.
2014-08-14 11:28:11 +02:00
Werner Koch
2b8d8369d5 gpg: Remove options --pgp2 and --rfc1991.
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.
2014-08-14 11:03:55 +02:00
Werner Koch
49c9a958e0 build: Fix autogen.sh base version hack.
* autogen.sh <find-version>: Fix.
2014-08-14 09:55:13 +02:00
Werner Koch
71b55e91f0 gpg: Remove --compress-keys and --compress-sigs feature.
* g10/gpg.c (oCompressKeys, oCompressSigs): Remove.
(opts): Turn --compress-keys and --compress-signs in NOPs.
* g10/options.h (opt): Remove fields compress_keys and compress_sigs.
* g10/export.c (do_export): Remove compress_keys feature.
* g10/sign.c (sign_file): Remove compress_sigs feature.
--

These features are disabled in GnuPG since the very early days and
they fulfill no real purpose.  For now we keep the command line
options as dummys.
2014-08-14 09:55:09 +02:00
Werner Koch
7d0492075e gpg: Add list-option "show-usage".
* g10/gpg.c (parse_list_options): Add "show-usage".
* g10/options.h (LIST_SHOW_USAGE): New.
* g10/keyid.c (usagestr_from_pk): Add arg FILL.  Change caller.
* g10/keylist.c (list_keyblock_print): Print usage info.
2014-08-13 10:11:36 +02:00
Werner Koch
cb127024b9 po: Remove extra LF from ja.po
--
2014-08-12 16:28:01 +02:00
Werner Koch
a57c33c855 gpg: Make --with-colons work again for --search-keys.
* g10/keyserver.c (search_line_handler): Replace log_debug by
es_printf.
2014-08-12 16:19:44 +02:00
Werner Koch
1bde869d11 speedo: Comment typo fix
--
2014-08-12 11:33:10 +02:00
Werner Koch
e30e5381bd common: Fix typo in header inclusion protection macro.
--
GnuPG-bug-id: 1669
2014-08-11 17:22:47 +02:00
NIIBE Yutaka
2d9f76e070 po: Update Japanese translation. 2014-08-08 10:00:46 +09:00
Werner Koch
2e936915cf scd: Minor and editorial changes to app-sc-hsm.c
* scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro.
(parse_certid): Remove useless test.
(send_certinfo, send_keypairinfo): Shrink malloc to the needed size.
(do_getattr): Ditto.
(verify_pin): Use SW_ macro.
(do_decipher): Replace OFS variable and extend comment.
--

Code parts which have not been audited are marked with a warning
pragma.
2014-07-25 11:04:53 +02:00
Werner Koch
e49c851ff5 scd: Add a new status word code.
* scd/apdu.h (SW_REF_DATA_INV): New.
* scd/apdu.c (apdu_strerror): Add string.
2014-07-25 10:58:57 +02:00
Werner Koch
07b64eec14 scd: Comment typo fixes.
--
2014-07-25 10:56:51 +02:00
Andreas Schwier
8eb9224f32 scd: Support for SmartCard-HSM
* scd/app-sc-hsm.c: New.
* scd/app.c (select_application, get_supported_applications): Register
new app.

--
Add a read/only driver for scdaemon that provides access to keys and
certificates on a SmartCard-HSM (www.smartcard-hsm.com).

The driver supports RSA and ECC keys on SmartCard-HSM cards and
USB-Sticks.

The driver does not yet support the MicroSD edition.

--
ChangeLog and FSF copyright year fix by wk.
2014-07-25 09:43:29 +02:00
Werner Koch
557cc11a60 gpg: Switch to an EdDSA format with prefix byte.
* g10/keygen.c (gen_ecc): USe "comp" for EdDSA.
2014-07-25 08:25:06 +02:00
Werner Koch
f2011e4622 po: Update the German (de) translation
--
2014-07-23 21:12:58 +02:00
Werner Koch
b3378b3a56 agent: Show just one warning with all failed passphrase constraints.
* agent/genkey.c (check_passphrase_constraints): Build a final warning
after all checks.
2014-07-23 19:51:52 +02:00
Werner Koch
a24510d53b agent: Only one confirmation prompt for an empty passphrase.
* agent/genkey.c (check_passphrase_constraints): Moev empty passphrase
check to the front.
2014-07-23 19:16:51 +02:00
Werner Koch
ea186540db gpg: Add command --quick-gen-key
* g10/gpg.c (aQuickKeygen): New.
* g10/misc.c (is_valid_user_id): New stub.
* g10/keygen.c (quickgen_set_para): New.
(quick_generate_keypair): New.
--

Note that the validation of the specified user id has not yet been
implemented.
2014-07-23 15:12:43 +02:00
Werner Koch
75127bc456 common: Add cpr_get_answer_is_yes_def()
* g10/cpr.c (cpr_get_answer_is_yes): Factor code out to ....
(cpr_get_answer_is_yes_def): ...new.
2014-07-23 14:35:22 +02:00
Werner Koch
17404b2fcc gpg: Make --quick-sign-key promote local key signatures.
* g10/keyedit.c (sign_uids): Promote local sigs in quick mode.
2014-07-23 12:18:19 +02:00
Werner Koch
834b4a28f7 Register DCO for Andreas Schwier
--
2014-07-23 08:52:10 +02:00
Werner Koch
bc6b452129 scd: Do not use the pcsc-wrapper.
* scd/apdu.c (NEED_PCSC_WRAPPER): Do not define.
* scd/Makefile.am (libexec_PROGRAMS): Remove gnupg-pcsc-wrapper
(gnupg_pcsc_wrapper_SOURCES): Remove.
(gnupg_pcsc_wrapper_LDADD): Remove.
(gnupg_pcsc_wrapper_CFLAGS): Remove.
2014-07-22 16:20:00 +02:00
Werner Koch
5b34e347b6 gpg: Improve --list-packets output for faulty packets.
* g10/parse-packet.c: Add list_mode output for certain failures.
2014-07-21 14:37:13 +02:00
Werner Koch
bab9cdd971 gpg: Cap size of attribute packets at 16MB.
* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.
--

Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload.  This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte.  The fix is
obvious.

In addition we cap the size of attribute packets similar to what we do
with user id packets.  OpenPGP keys are not the proper way to store
movies.
2014-07-21 13:50:36 +02:00
Werner Koch
97f887a0f5 Post beta release update
--
2014-07-03 11:51:52 +02:00
Werner Koch
5ae34f574b Release 2.1.0-beta751 2014-07-03 11:33:55 +02:00
Werner Koch
980a5669a1 po: Auto-update
--
2014-07-03 11:30:56 +02:00
Werner Koch
5214d8f02b gpg: Make show-uid-validity the default. 2014-07-03 11:04:23 +02:00
Werner Koch
3533860ee3 tests: Fix end-of-all-ticks test for Western locales.
* common/t-timestuff.c (test_timegm): Use timegm if available.
(main): Set TX to UTC if timegm is not available.
--

On OpenBSD 5.3 i386 that test failed due to the use of mktime.

Reported-by: Claus Assmann
2014-07-03 11:04:23 +02:00
Kristian Fiskerstrand
b51af333bd gpg: Spelling error 2014-07-03 11:04:23 +02:00
Werner Koch
8366503f0f speedo: Update w32 installer
--
2014-07-03 11:04:23 +02:00
Werner Koch
5f6b77afe8 doc: Add gnupg-logo.pdf
--
2014-07-03 11:03:22 +02:00
Werner Koch
03018ef9ee gpg: Auto-create revocation certificates.
* configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
--

GnuPG-bug-id: 1042
2014-06-30 16:40:55 +02:00
Werner Koch
aa5b4392aa estream: Fix minor glitch in "%.*s" format.
* common/estream-printf.c (pr_string): Take care of non-nul terminated
strings.
2014-06-30 16:31:21 +02:00
Werner Koch
3a01b22071 gpg: Rearrange code in gen_revoke.
* g10/revoke.c (gen_revoke): Factor some code out to ...
(create_revocation): new.
2014-06-30 11:05:35 +02:00
Werner Koch
c434de4d83 gpg: Create exported secret files and revocs with mode 700.
* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM.  Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--

GnuPG-bug-id: 1653.

Note that this works only if --output has been used.
2014-06-30 09:12:48 +02:00
Werner Koch
35fdfaa0b9 common: Minor code cleanup for a legacy OS.
* common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals.
2014-06-30 08:51:26 +02:00
Werner Koch
adad1872b4 speedo: Fix the w32 installer name 2014-06-27 20:17:14 +02:00
Werner Koch
c67d270140 po: Auto-update
--
2014-06-27 20:16:14 +02:00
Werner Koch
1ef7870fc9 po: Update some strings of the French (fr) translation. 2014-06-27 20:15:45 +02:00
Werner Koch
c2e3eb9888 po: Update the German (de) translation 2014-06-27 20:14:54 +02:00
Werner Koch
a1dff86da8 agent: Adjust for changed npth_eselect under W32.
* agent/gpg-agent.c (handle_connections) [W32]: Make events_set an
unsigned int to match the changed prototype.
2014-06-27 19:19:24 +02:00
Werner Koch
5e1f9b5e14 dirmngr: Use the homedir based socket also under W32.
* common/homedir.c (dirmngr_user_socket_name): Use same code for all
platforms.
2014-06-27 19:10:09 +02:00
Yuri Chornoivan
2c40255761 po: Update and enable Ukrainian (uk) translation. 2014-06-27 16:58:02 +02:00
Yuri Chornoivan
e56a2d6a56 Fix typos in messages 2014-06-27 15:38:33 +02:00