1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Commit Graph

197 Commits

Author SHA1 Message Date
Werner Koch
bdb6135177
gpg: Silence message about ignoring revoked user ids.
* g10/trustdb.c (tdb_get_validity_core): Print message only in debug
mode.
--

This makes only sense for debugging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-20 15:51:18 +01:00
Werner Koch
437965e562
Use ngettext for some strings.
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for
some diagnostics.
(do_genkey): Ditto.
* g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto.
* g10/keylist.c (print_signature_stats): Ditto.
* g10/keyserver.c (keyserver_refresh): Ditto.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/sign.c (do_sign): Ditto.
* g10/trustdb.c (reset_trust_records): Ditto.
(validate_keys): Use a table like diagnostic output.
--

Suggested-by: Ineiev <ineiev@gnu.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-18 11:20:15 +01:00
Werner Koch
8a56a38387
gpg: Avoid warnings about possible NULL deref.
* g10/getkey.c (cache_public_key): Protect deref of CE which actually
can't happen.
* g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
* g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
DB.
* g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
ERR.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
008aa6e6d4
gpg: Fix warnings about useless assignments.
* g10/armor.c (parse_hash_header): Remove duplicate var assignment.
* g10/getkey.c (cache_user_id): Ditto.
* g10/keygen.c (ask_curve): Ditto.  This also fixes a small memory
leak.

* g10/keygen.c (proc_parameter_file): Remove useless assignment or
pointer increment.
(generate_keypair): Ditto.
* g10/getkey.c (finish_lookup, lookup): Ditto.
* g10/card-util.c (change_pin): Ditto.
* g10/gpg.c (main) <aVerify>: Ditto.
* g10/import.c (import): Ditto.
(print_import_check): Ditto
* g10/keyring.c (do_copy): Ditto.
* g10/tdbio.c (tdbio_read_record): Ditto.
* g10/trustdb.c (tdb_update_ownertrust): Ditto.
(update_validity): Ditto.

* g10/server.c (cmd_passwd): Remove useless call to skip_options.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
a28ac99efe
gpg: Take care of keydb_new returning NULL.
* g10/keydb.c (keydb_new): Print an error message if needed.  Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.

* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.

* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--

Commit 04a6b903 changed keydb_new to return an error.  However the
error was not checked at most places which we fix with this patch.  To
make things easier keydb_new prints an error message itself.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:18:32 +01:00
Werner Koch
022342e284
Silence unused variable or parameter warnings.
--
2015-11-27 18:32:26 +01:00
Neal H. Walfield
58e4a492e2 gpg: Change keydb_search to not return legacy keys.
* g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
If set, skip any legacy keys.  Update callers.
* g10/keydb.c (keydb_search): Skip any legacy keys.
(keydb_search_first): Don't skip legacy keys.  Treat them
as an error.
(keydb_search_next): Likewise.
(keydb_search_fpr): Likewise.
* g10/export.c (do_export_stream): Likewise.
* g10/getkey.c (lookup): Likewise.
(have_secret_key_with_kid): Likewise.
* g10/keylist.c (list_all): Likewise.
(keyring_rebuild_cache): Likewise.
* g10/keyserver.c (keyidlist): Likewise.
* g10/trustdb.c (validate_key_list): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:05 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Werner Koch
e7d7160ab7
gpg: Simplify the tofu interface by using the public key packet.
* g10/tofu.c (fingerprint_str): Remove.
(tofu_register): Take a public key instead of a fingerprint as arg.
Use hexfingerprint() to get a fpr from the PK.
(tofu_get_validity): Ditto.
(tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
* g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
instead of the fingerprint to the tofu functions.
--

This change has the advantage that we are not bound to a specific
fingerprint length and will thus helps us to implement rfc4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-13 16:42:59 +01:00
Neal H. Walfield
67c701d1e5 gpg: Default to the the PGP trust model.
* g10/trustdb.c (init_trustdb): If we can't read the trust model from
the trust DB, default to TM_PGP, not TM_TOFU_PGP.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-10 08:05:17 +01:00
Neal H. Walfield
641df615da gpg: Display the correct error message.
* g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
RC does not contain the error code.  Save the error code in rc2 and
use that.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:42 +01:00
Neal H. Walfield
d68bdc553a gpg: Eliminate a memory leak.
* g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
failure.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:41 +01:00
Neal H. Walfield
9afeb4cca1 gpg: If the saved trust model is unknown, default to tofu+pgp.
* g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
default to tofu+pgp instead of pgp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:50 +02:00
Neal H. Walfield
8c3b7915d6 gpg: Don't accidentally free UTK_LIST.
* g10/trustdb.c (validate_keys): Don't free UTK_LIST.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:49 +02:00
Neal H. Walfield
cbaca254ac gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
* g10/trustdb.c (validate_one_keyblock): When checking trust regular
expressions, treat the tofu+pgp trust model the same as the pgp trust
model.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:49 +02:00
Neal H. Walfield
d05ff81732 gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
possibly saved trust models.  Also register the ultimately trusted
keys if the trust model is tofu or tofu+pgp.
(check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
(update_trustdb): Likewise.
(tdb_check_trustdb_stale): Likewise.
(validate_keys): If the trust model is TOFU, just write out the
ultimately trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:48 +02:00
Neal H. Walfield
243f90afba gpg: Factor out code into a standalone function.
* g10/trustdb.c (tdb_keyid_is_utk): New function.
(add_utk): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:47 +02:00
Werner Koch
734c61dc9d
build: Allow building without SQLlite support.
* configure.ac: Add option --dsiable-tofu and --disable-sqlite.
(NEED_SQLITE_VERSION): New var.
(USE_TOFU): New ac_define and am_conditional.
* autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
pkg-config find the correct .pc file.

* g10/Makefile.am (tofu_source): New.  Build only if enabled.
* g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
(parse_tofu_policy)[!USE_TOFU]: Disable all.
(parse_tofu_db_format)[!USE_TOFU]: Disable all.
(main) <aTOFUPolicy>[!USE_TOFU]: Skip.
* g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
call tofu functions.
* g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
* g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
processing.
--

This allows to build a minimal version of GnuPG.  It is also currently
required to build for Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 17:32:23 +02:00
Werner Koch
c2c4007148
gpg: Silence two more warnings.
* g10/trustdb.c (tdb_get_validity_core): Silence a warning.
* g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top
so that it is not uninitialized in case of an early error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-18 20:17:24 +02:00
Neal H. Walfield
f77913e0ff g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask.  Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask.  Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask.  Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask.  If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level.  Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:45:40 +02:00
Werner Koch
8eb3a1797a
gpg: Fix skip function dummy parameter.
* g10/trustdb.c (search_skipfnc): Fix dummy argument
--

This is required due to the prototype change in
commit 9acbeac236

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 19:02:35 +02:00
Neal H. Walfield
1f03d4cd94 g10: Use a symbolic constant instead of a literal.
* g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define.
(new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal.
(release_key_hash_table): Likewise.
(test_key_hash_table): Likewise.
(add_key_hash_table): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 15:08:57 +02:00
Werner Koch
a4a15195c2
gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c
* g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND.
* g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND.
* g10/trustdb.c (read_trust_record): Ditto.
(tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust, update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts, update_validity): Ditto.
(tdb_cache_disabled_value): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-04 18:08:26 +02:00
Werner Koch
b03a264729
gpg: Avoid cluttering stdout with trustdb info in verbose mode.
* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
mode.
--

I guess that is a left-over from an early attempt to output
information on the trustdb for use by other tools.  Maybe related to
the former --list-trust-path command.  Sending it to stdout is
probably useful so we do this now only in debug mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:30:04 +02:00
Daniel Kahn Gillmor
82146af85b
gpg: avoid chatter about trustdb when --quiet
* g10/trustdb.c (tdb_check_trustdb_stale): avoid log_info() when
  opt.quiet
--

gpg(1) says:

       -q, --quiet
              Try to be as quiet as possible.

While the mentions about the stale trustdb information are edifying,
they aren't necessary, and shouldn't be emitted when the user requests
--quiet.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-03-04 14:31:45 +01:00
Werner Koch
d2a70fd834
gpg: Replace remaining uses of stdio by estream.
* g10/sign.c (sign_file):  Use log_printf instead of stderr.
* g10/tdbdump.c (export_ownertrust): Use estream fucntions.
(import_ownertrust): Ditto.
* g10/tdbio.c (tdbio_dump_record): Ditto.  Change arg to estream_t.
--

Reported-by: Guilhem Moulin <guilhem@fripost.org>

  Needed for unattended key edits with --status-fd, because since 2.1
  status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd)
  not fflush(3), so the standard output may not be flushed before each
  prompt. (Which breaks scripts using select(2) to multiplex between
  the standard and status outputs.)

His patch only affected print_and_check_one_sig_colon() but there are
many more places where stdio and estream are mixed.  This patch now
replaces most of them in g10/.  At some places stdio is still used,
but that is local to a function and should not have side effects.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
Werner Koch
09e8f35d38 gpg: Improve skipping of PGP-2 keys.
* g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy
keys.
* g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY.
(prepare_search): Ditto.
(keyring_rebuild_cache): Skip legacy keys.
* g10/keyserver.c (keyidlist): Ditto.
* g10/trustdb.c (validate_key_list): Ditto.
--

This is not the most elegant way to handle it but it reduces the
chance for unwanted side effects.

GnuPG-bug-id: 1816
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 16:36:28 +01:00
Werner Koch
11142e0ad7 gpg: Replace remaining old error code macros by GPG_ERR_.
* g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
gpg_strerror.
(G10ERR_): Remove all macros and change all occurrences by their
GPG_ERR_ counterparts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
Werner Koch
094aa2589e w32: Silence warnings about unused vars.
* agent/gpg-agent.c (main) [W32]: Mark unused vars.
* sm/gpgsm.c (run_protect_tool) [W32]: Ditto.
* g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto.
* scd/scdaemon.c (main) [W32]: Ditto.
(handle_connections) [W32]: Ditto.
(handle_signal) [W32]: Do not build the function at all.
* scd/apdu.c (pcsc_send_apdu_direct): Ditto.
(connect_pcsc_card): s/long/pcsc_dword_t/.
(open_pcsc_reader_direct): Remove var listlen.
2014-03-07 16:11:15 +01:00
Werner Koch
d8f0b83e4f gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(tdb_get_ownertrust): Ditto.
(tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts): Ditto.
(tdb_cache_disabled_value): Ditto.
(tdb_check_trustdb_stale): Ditto.
(tdb_get_validity_core): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1a0eeaacd1)

Resolved conflicts:
	NEWS
	g10/trustdb.c: Manually apply changes due to changed
                       function names.

Note that this also includes the fix for clear_ownertrust, see
GnuPG-bug-id: 1622.
2014-03-07 10:44:27 +01:00
Werner Koch
62fb86c658 gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above.  Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.

* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.

* tests/openpgp/defs.inc (opt_always): New.  Use in all tests instead
of --always-trust.
2014-02-10 17:46:40 +01:00
Werner Koch
f3f5721e68 gpg: Remove a function wrapper.
* g10/keydb.h (keydb_search): Remove macro.
* g10/keydb.c (keydb_search2): Rename to keydb_search.  Change all
callers.
2013-01-08 09:43:21 +01:00
David Prévot
94e663885b Actually show translators comments in PO files
--
2012-08-24 09:42:31 +02:00
Werner Koch
096e7457ec Change all quotes in strings and comments to the new GNU standard.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems.  We now use two \x27 characters ('...').

The proper solution would be to use the correct Unicode symmetric
quotes here.  However this has the disadvantage that the system
requires Unicode support.  We don't want that today.  If Unicode is
available a generated po file can be used to output proper quotes.  A
simple sed script like the one used for en@quote is sufficient to
change them.

The changes have been done by applying

  sed -i "s/\`\([^'\`]*\)'/'\1'/g"

to most files and fixing obvious problems by hand.  The msgid strings in
the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
David Shaw
deee8147aa Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level

* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
  pending_check_trustdb is true (set when we detect a trustdb
  parameter has changed).

* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
  listing for min_cert_level not matching.

* g10/tdbio.c (tdbio_update_version_record, create_version_record,
  tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
  tdbio_write_record): Add a byte for min_cert_level in the tdbio
  version record.
2012-01-20 16:50:42 -05:00
Werner Koch
afe5c1a370 Re-indentation of keydb.c and error code changes.
Returning -1 as an error code is not very clean given that gpg error
has more descriptive error codes.  Thus we now return
GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.
2011-04-29 15:07:11 +02:00
Werner Koch
5da12674ea Fix regression in gpg's mail address parsing.
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'.  This happened when I merged the user id
classification code of gpgsm and gpg.
2011-04-25 23:59:25 +02:00
Werner Koch
b008274afd Nuked almost all trailing white space.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Werner Koch
cc99c37549 Make public key data structure easier to read.
Check vor v1 card while signing.
2010-10-20 11:33:50 +00:00
Werner Koch
a1412b05de More changes on the way to remove secring.gpg. 2010-04-21 16:26:17 +00:00
Werner Koch
fb2ba98963 Finished the bulk of changes to use estream in most places instead of
stdio.
2010-03-15 11:15:45 +00:00
Werner Koch
be45bf3d54 Add dummu option --passwd for gpg.
Collected changes.
2010-01-08 19:18:49 +00:00
Werner Koch
9a96043be4 Unification of the search descriptor usage. 2009-12-08 16:30:33 +00:00
Werner Koch
c11c23b6ac Rename encode.c to encrypt.c.
Rename function in a simlar way.
Re-indent encrypt.c
2009-09-28 14:37:48 +00:00
Werner Koch
5d310a8de7 Print verbose instructions in case of a corrupted trustdb. 2009-07-22 09:43:10 +00:00
Werner Koch
9874c62a10 Flush keyserver search output.
Add trustdb chnages from 1.4.
Check algo usage for batch key generation.
2008-12-09 10:46:29 +00:00
Werner Koch
0a5f742466 Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
Werner Koch
56bd419029 Doc fixes.
Add more files to POTFILES.
Protect against malloc bombs.
2007-12-12 16:47:52 +00:00
Werner Koch
55ba204bfa Started to implement the audit log feature.
Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry.
Improved support for the quality bar.
Minor internal restructuring.
Translation fixes.
2007-11-19 16:03:50 +00:00
Werner Koch
15d0cb42a1 Implemented more gpg-agen options to support certain passphrase policies.
New tool gpg-check-pattern.
2007-08-27 18:10:27 +00:00
Werner Koch
93d3811abc Changed to GPLv3.
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
29b23dea97 Merged with gpg 1.4.3 code.
The gpg part does not yet build.
2006-04-19 11:26:11 +00:00
Werner Koch
23fa5c9792 * card-util.c (print_name): Fixed bad format string usage.
(print_isoname): Ditto.

* trustdb.c (check_regexp): s/exp/expr/.

* keyedit.c (trustsig_prompt): Removed a "> 255" term; it is
always false due to the data type.

* passphrase.c (agent_get_passphrase): Use xasprintf and avoid
non-literal format strings.

* tdbio.c (upd_hashtable, drop_from_hashtable, lookup_hashtable):
Fixed log_error format string bugs.  Kudos to the now working
gcc-3.3 -Wformat-nonliteral and Florian Weimer's investigations in
gnupg 1.2.3.
2003-12-17 12:26:56 +00:00
Werner Koch
4c66e94ff9 Merged most of David Shaw's changes in 1.3 since 2003-06-03. 2003-09-23 17:48:33 +00:00
Werner Koch
c0c2c58054 Finished the bulk of changes for gnupg 1.9. This included switching
to libgcrypt functions, using shared error codes from libgpg-error,
replacing the old functions we used to have in ../util by those in
../jnlib and ../common, renaming the malloc functions and a couple of
types.  Note, that not all changes are listed below becuause they are
too similar and done at far too many places.  As of today the code
builds using the current libgcrypt from CVS but it is very unlikely
that it actually works.
2003-06-18 19:56:13 +00:00
Repo Admin
7250331472 This commit was manufactured by cvs2svn to create branch
'GNUPG-1-9-BRANCH'.
2003-06-05 07:14:21 +00:00
Repo Admin
82a17c9fb3 This commit was manufactured by cvs2svn to create branch
'GNUPG-1-9-BRANCH'.
2002-10-19 07:55:27 +00:00
David Shaw
58972f24c4 * import.c (import_secret_one): Check for an illegal (>110) protection
cipher when importing a secret key.

* keylist.c (list_keyblock_print): Show a '#' for a secret-parts-missing
key.

* parse_packet.c (parse_key): Some comments.

* revoke.c (gen_revoke): Remove some debugging code.

* trustdb.c (verify_own_keys): Make trusted-key a non-deprecated option
again.

* seckey-cert.c (do_check): Don't give the IDEA warning unless the cipher
in question is in fact IDEA.
2002-10-02 22:01:29 +00:00
David Shaw
3f51f7db3d Update head to match stable 1.0 2002-06-29 13:46:34 +00:00
Werner Koch
5a9ea8ff5c Changed keyring handling - saving still does not work.
Added new cipher mode and updated cipher test program.
2000-10-10 12:58:43 +00:00
Werner Koch
986d928ce2 See ChangeLog: Mon Sep 18 16:35:45 CEST 2000 Werner Koch 2000-09-18 14:35:34 +00:00
Werner Koch
92cd255508 See ChangeLog: Fri Jul 14 19:38:23 CEST 2000 Werner Koch 2000-07-14 17:34:53 +00:00
Werner Koch
baa30ad117 See ChangeLog: Thu Jan 27 18:00:44 CET 2000 Werner Koch 2000-01-27 16:50:45 +00:00
Werner Koch
0070faa0ff See ChangeLog: Mon Jan 24 13:04:28 CET 2000 Werner Koch 2000-01-24 11:55:49 +00:00
Werner Koch
881e513237 See ChangeLog: Sat Nov 13 17:44:23 CET 1999 Werner Koch 1999-11-13 16:43:23 +00:00
Werner Koch
cf70ca8d68 See ChangeLog: Tue Oct 26 14:10:21 CEST 1999 Werner Koch 1999-10-26 12:14:37 +00:00
Werner Koch
0428ca6da6 See ChangeLog: Wed Sep 1 15:30:44 CEST 1999 Werner Koch 1999-09-01 13:40:07 +00:00
Werner Koch
4dbfb24dbb See ChangeLog: Mon Jul 26 09:34:46 CEST 1999 Werner Koch 1999-07-26 07:44:46 +00:00
Werner Koch
68512418bd See ChangeLog: Tue Jul 13 17:39:25 CEST 1999 Werner Koch 1999-07-13 15:41:14 +00:00
Werner Koch
c5ca275573 See ChangeLog: Thu Jul 8 16:21:27 CEST 1999 Werner Koch 1999-07-08 14:24:35 +00:00
Werner Koch
bd7298cf0d See ChangeLog: Wed Jul 7 13:23:40 CEST 1999 Werner Koch 1999-07-07 11:28:26 +00:00
Werner Koch
86abac78a2 See ChangeLog: Fri Jul 2 11:45:54 CEST 1999 Werner Koch 1999-07-02 09:50:57 +00:00
Werner Koch
28eb86c006 See ChangeLog: Thu Jul 1 12:47:31 CEST 1999 Werner Koch 1999-07-01 10:53:35 +00:00
Werner Koch
75ed03c960 See ChangeLog: Tue Jun 29 21:44:25 CEST 1999 Werner Koch 1999-06-29 19:50:54 +00:00
Werner Koch
7cb8838061 See ChangeLog: Thu May 6 14:18:17 CEST 1999 Werner Koch 1999-05-06 12:26:10 +00:00
Werner Koch
8d255ff264 See ChangeLog: Wed Mar 17 13:09:03 CET 1999 Werner Koch 1999-03-17 12:13:04 +00:00
Werner Koch
e95a22a6d2 See ChangeLog: Thu Mar 11 16:39:46 CET 1999 Werner Koch 1999-03-11 15:42:06 +00:00
Werner Koch
b31145f3e2 See ChangeLog: Mon Mar 8 20:47:17 CET 1999 Werner Koch 1999-03-08 19:50:18 +00:00
Werner Koch
c27c7416d5 See ChangeLog: Tue Mar 2 10:38:42 CET 1999 Werner Koch 1999-03-02 09:41:49 +00:00
Werner Koch
946916a53d See ChangeLog: Thu Feb 25 18:47:39 CET 1999 Werner Koch 1999-02-25 17:51:55 +00:00
Werner Koch
d1b9b359a6 See ChangeLog: Wed Feb 24 11:07:27 CET 1999 Werner Koch 1999-02-24 10:12:32 +00:00
Werner Koch
e1a1b3fc90 See ChangeLog: Tue Feb 16 14:10:02 CET 1999 Werner Koch 1999-02-16 13:16:33 +00:00
Werner Koch
9a4f506a18 See ChangeLog: Wed Feb 10 17:15:39 CET 1999 Werner Koch 1999-02-10 16:22:40 +00:00
Werner Koch
11c378119d See ChangeLog: Sat Jan 9 18:54:57 CET 1999 Werner Koch 1999-01-09 17:59:58 +00:00
Werner Koch
d6fa538a95 See ChangeLog: Tue Dec 29 19:55:38 CET 1998 Werner Koch 1998-12-29 18:58:27 +00:00
Werner Koch
6e08b235cb See ChangeLog: Tue Dec 29 14:41:47 CET 1998 Werner Koch 1998-12-29 13:47:31 +00:00
Werner Koch
750d74333c See ChangeLog: Wed Dec 23 13:34:22 CET 1998 Werner Koch 1998-12-23 12:41:40 +00:00
Werner Koch
b1e5c79926 See ChangeLog: Thu Dec 17 18:31:15 CET 1998 Werner Koch 1998-12-17 17:36:05 +00:00
Werner Koch
ab986970eb See ChangeLog: Tue Dec 8 13:15:16 CET 1998 Werner Koch 1998-12-08 12:20:53 +00:00
Werner Koch
f9d2bd8cb9 some bug fixes 1998-11-18 19:59:06 +00:00
Werner Koch
17ea875ab0 See ChangeLog ;-). Key validation should now be faster 1998-11-13 19:41:41 +00:00
Werner Koch
b076ce3021 Some bug fixes of the last release 1998-11-10 12:59:59 +00:00
Werner Koch
35c1054507 ready to release 0.4.3 1998-11-08 17:23:14 +00:00
Werner Koch
aad7f1a0fc overhauled the trustdb stuff 1998-11-05 18:00:08 +00:00
Werner Koch
b9dd2ebb2c (Does not compile yet) 1998-11-03 19:38:58 +00:00
Werner Koch
5ccb92591e some random changes 1998-10-25 19:00:01 +00:00
Werner Koch
e309a875cb Epxerimenta support for GDBM keyings. 1998-10-21 17:34:36 +00:00
Werner Koch
6e16296864 Snapshot release 0.4.2 1998-10-18 15:21:22 +00:00
Werner Koch
e81e0970f7 last local commit 1998-10-16 16:00:17 +00:00
Werner Koch
8477407e79 backup 1998-10-12 20:16:38 +00:00