* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--
Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line. We fail only later to get more information. Callers
need to check and act upon the decryption error code anyway.
Thanks to Marcus for pointing out this case.
GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 344b548dc7)
* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--
Using
--import --import-options show-only
to look at a key is too cumbersome. Provide this shortcut and also
remove some diagnostic cruft in this case.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 257661d6ae)
* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
MDC. Also print a dedicated status error code
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 874e391665)
* g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
* g10/cipher.c (write_header): Include extra hint and make
translatable.
* g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.
--
The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.
This is a stripped down version of commit
253e8bdd90 which could not directly be
applied due to the AEAD mechanisms there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1431901f0)
Resolved Conflicts:
g10/mainproc.c - Remove AEAD stuff.
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--
Users should not be allowed to suppress the warning that they are
shooting into their foot.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96350c5d5a)
* g10/compress.c (push_compress_filter2): Return an error if no filter
was pushed.
(push_compress_filter): Ditto.
(handle_compressed): Free CFX if no filter was pushed.
* g10/import.c (read_block): Ditto.
--
GnuPG-bug-id: 3898, 3930
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/miscellaneous.c (is_file_compressed): Don't cache the file.
--
This seems to be a pretty old bug. The fix is easy and also reveals
that -z0 can be used as a workaround.
GnuPG-bug-id: 3951
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Add option --enable-npth-debug
--
This requires a not yet release nPth version to have an effect.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
instead of SW_MINIMIZE.
--
Spawning minimized shows icons in the task bar so users
see that background processes are started, which is unusual.
I'm pretty sure that the intention of the code was to hide
the window if not in spawn debug mode. This is also what
GPGME does.
This fixes dirmngr_ldap process windows and other
spurious reports about e.g. a gpgv console window from
loadswdb.
GnuPG-Bug-Id: T3937
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
(ldap_reaper_thread): Protect all list modification with a mutex. Use
a condition var to wake up the reaper thread.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
portability.
* configure.ac: Always use the ldap wrapper.
--
Since the migration from GNU Pth to nPth the ldap wrapper never worked
reliable on Windows. Our long term use of the old Window CE wrapper
thing didn't fixed this either. The new code uses the portable
es_poll function and thus code which is tested at several other
places. It Should(tm) fix the Windows issues.
GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr_ldap.c: Remove assert.h.
(main): Replace assert by log_assert.
* dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass
verbose options to dirmngr_ldap.
(start_cert_fetch_ldap): Ditto.
--
verbose is a pretty common option in dirmngr.conf and it would clutter
the logs with output from dirmngr_ldap. Now we require DBG_EXTPROG
or DBG_LOOKUP to make dirmngr_ldap more verbose.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease.
(INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely
for development.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST.
* dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net.
--
For a description of the problem see the comment in
make_keyserver_item.
GnuPG-bug-id: 3755
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--
We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag.
(KS_HTTP_FETCH_TRUST_CFG): Ditto.
(KS_HTTP_FETCH_NO_CRL): Ditto.
(KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache
and extra_http_trust_flags by a new flags arg. Allow redirectiong
from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set.
* dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE.
* dirmngr/ks-action.c (ks_action_get): Ditto.
(ks_action_fetch): Ditto.
* dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
* dirmngr/http.c (http_register_cfg_ca): New.
(http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
* dirmngr/certcache.c (load_certs_from_dir): Call new function.
(cert_cache_deinit): Ditto.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
'send_no_cache' and 'extra_http_trust_flags'. Change all callers to
provide the default value.
* dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
ks_http_fetch.
--
The old code simply did not use https for downloading of CRLS.
Instead it rewrote https to http under the assumption that the CRL
service was also available without encryption. Note that a CRL is
self-standing and thus it does not need to have extra authenticity as
provided by TLS. These days we should not use any unencrypted content
and thus this patch.
Be aware that cacert.org give a https CRL DP but that currently
redirects to to http! This is a downgrade attack which we detect and
don't allow. The outcome is that it is right now not possible to use
CAcert certificates.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (cmd_isvalid): Use option second arg to trigger
OCSP checkibng. Fallback to CRL if no default OCSP responder has been
configured.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
The changed tags need to be kept localized because the description
text refers them. Using the English for the tag and then the
translated version in the description confuses users.
Fixes-commit: a5290dace7.
--
The changed tags need to be kept localized because the description
text refers them. Using the English for the tag and then the
translated version in the description confuses users.
Fixes-commit: e124754295.
* dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache
file in binary mode.
--
CRLs on Windows would have line ending entries converted. This
did not cause problems in a surprising amount of cases but
can lead to unexpected and random parse / read errors. Especially
with large CRLs like cacert.
This bug has been around since 2004.
GnuPG-Bug-Id: T3923
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* Makefile.am (RELEASE_ARCHIVE_DIR): New.
(RELEASE_SIGNING_KEY): New.
(AM_DISTCHECK_CONFIGURE_FLAGS): Remove removed --enable-gpg2-is-gpg,
(RELEASE_NAME, RELEASE_W32_STEM_NAME): New.
(release, sign-release): New.
--
This requires GNU make and also some other decent utilities; however,
they are anyway required for building the W32 installer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/compress.c (handle_compressed): Fix memory leak.
--
All other calls of push_compress_filter checks ALGO,
so, do it here, too.
GnuPG-bug-id: 3898
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call
callers.
(get_user_id): Add arg R_NOUID. Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode. Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--
Scripts used to rely on the "User ID not found" string even in the
--with-colons listing. However, that is not a good idea because that
string is subject to translations etc. Now we have an explicit way of
telling that a key is missing. For example:
gpg --list-sigs --with-colons | \
awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'
Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW.
Use write_status_printf. Extend ERRSIG status.
--
Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature. This is also useful in error messages and thus we add it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
return code and not on the presence of any call to log_error.
--
This fixes an actual regression in GPGME where FAILURE is considered
for example by a signature verify operation. The operation will simply
fail and not just record that that a signature could not be verified.
In particular for files with more than one signature a log_error if
often called to show that a pubkey is missing for one of the
signatures. Using that log_error is correct in that case.
Fixes-commit: 0336e5d1a7
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--
It is sometimes helpful to be able to inspect certain envvars in a
running agent. For example "http_proxy".
Signed-off-by: Werner Koch <wk@gnupg.org>
