1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-29 11:21:32 +01:00

8278 Commits

Author SHA1 Message Date
Werner Koch
6cc4702767
indent: Always use "_(" and not "_ (" to mark translatable strings.
--

This makes greping much easier and we have done that since ever.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 19:57:11 +02:00
Justus Winter
61ef43546b
gpgscm: Limit the number of parallel jobs.
* ffi.c (do_wait_processes): Suppress the timeout error.
* tests.scm (semaphore): New definition.
(test-pool): Only run a bounded number of tests in parallel.
(test::started?): New function.
(run-tests-parallel): Do not report results, do not start the tests.
(run-tests-sequential): Adapt.
(run-tests): Parse the number of parallel jobs.
--

This change limits the number of tests that are run in parallel.  This
way we do not overwhelm the operating systems' scheduler.  As a
side-effect, we also get more accurate runtime information, and it
will be easy to implement timeouts on top of this.

Use TESTFLAGS to limit the number of jobs:

    $ make check-all TESTFLAGS=--parallel=16

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-19 16:51:32 +02:00
Justus Winter
e555e7ed7d
gpgscm: Improve option parsing.
* tests/gpgscm/tests.scm (flag): Accept arguments of the form
'--foo=bar'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-19 16:51:31 +02:00
Justus Winter
6639aedaee
gpgscm: Improve error handling of foreign functions.
* tests/gpgscm/ffi.scm (ffi-fail): Do not needlessly join the error
message.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-19 16:51:29 +02:00
Justus Winter
4c8be58fd4
gpgscm: Improve error reporting.
* tests/gpgscm/init.scm (throw'): Guard against 'args' being atomic.
* tests/gpgscm/scheme.c (Eval_Cycle): Remove any superfluous colons in
error messages.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-19 16:51:28 +02:00
Justus Winter
b766d3d103
tests: Run the OpenPGP tests using the new extended key format.
* tests/openpgp/all-tests.scm: Generalize a bit, and also add a
variant that uses the new extended key format.
* tests/openpgp/defs.scm (create-gpghome): Conditionally enable the
new extended key format.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-19 16:51:26 +02:00
Werner Koch
3419a339d9
Change license of some files to LGPLv2.1.
* COPYING.LIB: Rename to COPYING.LGPL3.
* COPYING.LGPL21: New.
* COPYING.GPL2: New.
* Makefile.am: Distribute them.
* AUTHORS: Update license pointers.  Add BSI as copyright holder.
* common/compliance.c, common/compliance.h: Add BSI copyright notice.
Break overlong lines.
* dirmngr/loadswdb.c: Add BSI copyright notices.
* dirmngr/server.c: Ditto.
* tools/call-dirmngr.c: Change license to LGPLv2.1.  Add BSI
copyright notice.
* tools/call-dirmngr.h: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpg-wks.h: Ditto.
* tools/mime-maker.c: Ditto.
* tools/mime-maker.h: Ditto.
* tools/mime-parser.c: Ditto.
* tools/mime-parser.h: Ditto.
* tools/send-mail.c: Ditto.
* tools/send-mail.h: Ditto.
* tools/wks-receive.c: Ditto.
* tools/wks-util.c: Ditto.
* tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
--

For better deployment it seems to be better to make the Web Key
Directory code more easily available.

Some code was been developed under contract of the BSI.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:42:13 +02:00
Justus Winter
6e23416fe6
gpg: Disable compliance module for other GnuPG components.
* common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
false if the module is not initialized.
(gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
not initialized.
(gnupg_status_compliance_flag): Do not assert that the module is
initialized.
(gnupg_parse_compliance_option): Likewise.
(gnupg_compliance_option_string): Likewise.
--

This implements a default policy for modules not explicitly using the
compliance module.  The default policy is to allow all algorithms, but
mark none of them as compliant.

Fixes gpgv.

GnuPG-bug-id: 3210
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-19 11:00:04 +02:00
Justus Winter
9b12b45aa5
gpg: Check and fix keys on import.
* doc/gpg.texi: Document the new import option.
* g10/gpg.c (main): Make the new option default to yes.
* g10/import.c (parse_import_options): Parse the new option.
(import_one): Act on the new option.
* g10/options.h (IMPORT_REPAIR_KEYS): New macro.

GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-14 09:36:28 +02:00
Justus Winter
404fa8211b
gpg: Refactor key checking and fixing.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/gpgcompose.c (keyedit_print_one_sig): New stub.
* g10/keyedit.c (sig_comparison): Move to new module.
(check_all_keysigs): Likewise.
(fix_keyblock): Adapt callsite.
(keyedit_menu): Likewise.
* g10/key-check.c: New file.
* g10/key-check.h: Likewise.

GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-14 09:35:47 +02:00
Justus Winter
8095d16b3e
gpg: Refactor keyedit module.
* g10/Makefile.am (gpg_SOURCES): Add new file.
* g10/keyedit.c (NODFLG_*): Move flags to the new header file.
(print_one_sig): Export symbol and rename accordingly.
(print_and_check_one_sig): Adapt accordingly.
(check_all_keysigs): Likewise.
* g10/keyedit.h: New file.
* g10/main.h: Drop declarations, include new header.

GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-13 15:36:47 +02:00
Justus Winter
15d2a00993
dirmngr: Implement querying nameservers over IPv6.
* dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family
mismatch.
(enum dns_res_state): New states for querying over IPv6.
(dns_res_exec): Implement the new states by copying and modifying the
IPv4 variants.  Branch to their respective counterparts if the current
list of resolvers using the current address family is exhausted.
--

This allows dirmngr to resolve names on systems where the nameservers
are only reachable via IPv6.

GnuPG-bug-id: 2990
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-13 11:33:06 +02:00
Werner Koch
e80925171d
gpg: Disable keydb handle caching only for W32
* g10/getkey.c (getkey_end) [!W32]: Re-enable caching.
--

This change limits of the effects of commit
d3d640b9cc98dd0d06b49a2e4d46eb67af96fe29 to W32 system.

GnuPG-bug-id: 3097
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-13 09:05:40 +02:00
Werner Koch
a36c48a780
po: Make a string translatable.
--
2017-06-13 09:02:12 +02:00
Werner Koch
7c91b48f0e
common: Fix -Wswitch warning.
* common/compliance.c (gnupg_digest_is_allowed): Don't include
GCRY_MD_WHIRLPOOL because it is not a digest_algo_t.
--

Note that Whirlpool is not used anywhere in gpg or gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-13 09:01:24 +02:00
Neal H. Walfield
7aeac20f12 gpg: Send gpgcompose --help output to stdout, not stderr.
* g10/gpgcompose.c (show_help): Send gpgcompose --help output to
stdout, not stderr.

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-06-11 14:10:46 +02:00
Neal H. Walfield
cb0484e076 gpg: Improve some output of gpgcompose. 2017-06-11 14:07:02 +02:00
Neal H. Walfield
4ddf4e114c gpg: Support 'gpgcompose --encrypted-pop --help'
* g10/gpgcompose.c (encrypted_pop_options): New variable.
(encrypted_pop): Support the --help option.

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-06-11 14:06:44 +02:00
Neal H. Walfield
8a90668656 gpg: Remove dead code.
* g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be
PKT_ENCRYPTED_MDC.
(encrypted_pop): Likewise and there is no option --encrypted-mdc-pop.
2017-06-11 13:59:31 +02:00
Marcus Brinkmann
bc5503b2bf artwork: Add new banner.
* artwork/banner/banner-full.png: New file.
* artwork/banner/banner-rectangle.png: New file.
* artwork/banner/banner.svg: New file.
* artwork/banner/Bungee-Regular.ttf: New file.
* artwork/banner/Raleway-license.txt: New file.
* artwork/banner/banner-half.png: New file.
* artwork/banner/banner-skyscraper.png: New file.
* artwork/banner/Bungee-license.txt: New file.
* artwork/banner/Raleway-ExtraBold.ttf: New file.
* artwork/banner/Raleway-SemiBold.ttf: New file.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
2017-06-08 18:29:46 +02:00
Justus Winter
a64a55e104
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
* common/compliance.c (gnupg_pk_is_allowed): New function.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* common/compliance.h (enum pk_use_case): New definition.
(gnupg_pk_is_allowed): New prototype.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
the new predicates.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/gpg.c (main): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sig-check.c (check_signature2): Likewise.
* g10/sign.c (do_sign): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (main): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

With this change, policies can effectively restrict what algorithms
are used for different purposes.  The algorithm policy for CO_DE_VS is
implemented.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-08 14:22:54 +02:00
Justus Winter
b03fab09e1
gpg: Fix computation of compliance with CO_DE_VS.
* g10/mainproc.c (proc_encrypted): Symmetric encryption is also in
compliance with CO_DE_VS.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-08 13:57:53 +02:00
Werner Koch
9b43220b8a
dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.
* dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New
enums.
(opts): New options --connect-timeout and --connect-quick-timeout.
(DEFAULT_CONNECT_TIMEOUT): New.
(DEFAULT_CONNECT_QUICK_TIMEOUT): New.
(parse_rereadable_options): Handle new options.
(post_option_parsing): New.  Use instead of direct calls to
set_debug() and set_tor_mode ().
(main): Setup default timeouts.
(dirmngr_init_default_ctrl): Set standard connect timeout.
* dirmngr/dirmngr.h (opt): New fields connect_timeout and
connect_quick_timeout.
(server_control_s): New field timeout.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to
http_raw_connect.
* dirmngr/ks-engine-hkp.c (send_request): Call
http_session_set_timeout.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get)
(cmd_ks_fetch): Implement --quick option.
--

The standard connect timeouts are way to long so we add a timeout to
the connect calls.  Also implement the --quick option which is already
used by gpg for non-important requests (e.g. looking up a key for
verification).

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 09:37:36 +02:00
Werner Koch
5b9025cfa1
dirmngr: Allow a timeout for HTTP and other TCP connects.
* dirmngr/http.c: Include fcntl.h.
(http_session_s): Add field 'connect_timeout'.
(http_session_new): Clear that.
(http_session_set_timeout): New function.
(my_wsagetlasterror) [W32]: New.
(connect_with_timeout): New function.
(connect_server): Add arg 'timeout' and call connect_with_timeout.
(send_request): Add arg 'timeout' and pass it to connect_server.
(http_raw_connect): Add arg 'timeout'.
(http_open): Pass TIMEOUT from the session to connect_server.
--

Note that the non-blocking connect we implement is traditional a
pretty non-portable thing due to slighly different semantics.  The
code uses the strategy W. Richard Stevens suggested in 1998.
Hopefully current OS versions got it all right.

The code has not been tested on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 09:37:36 +02:00
Werner Koch
17e5afd80f
gpg: Avoid failure exit when scdaemon is disabled but not needed.
* g10/call-agent.c (warn_version_mismatch): Use log_info if error is
"not supported".
--

This fix may make the fix for
GnuPG-bug-id: 3192
even more robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 09:37:36 +02:00
Justus Winter
e051e39615
common: Add cipher mode to compliance predicate.
* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
* g10/mainproc.c (proc_encrypted): Adapt callsite.
* sm/decrypt.c (gpgsm_decrypt): Likewise.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:54:44 +02:00
Justus Winter
21fc2508c9
common,gpg,sm: Initialize compliance module.
* common/compliance.c (gnupg_initialize_compliance): New function.
* common/compliance.h (gnupg_initialize_compliance): New prototype.
* g10/gpg.c (main): Use the new function.
* sm/gpgsm.c (main): Likewise.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:54:42 +02:00
Justus Winter
f440cf73ea
common,gpg: Move the compliance option printer.
* common/compliance.c (gnupg_compliance_option_string): New function.
* common/compliance.h (gnupg_compliance_option_string): New prototype.
* g10/encrypt.c (write_pubkey_enc_from_list): Update callsite.
* g10/gpg.c (main): Likewise.
* g10/keyedit.c (keyedit_menu): Likewise.
* g10/pkclist.c (build_pk_list): Likewise.
* g10/main.h (compliance_option_string): Remove prototype.
* g10/misc.c (compliance_option_string): Remove function.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:53:32 +02:00
Justus Winter
842d233d40
common,gpg,sm: Move the compliance option parser.
* common/compliance.c (gnupg_parse_compliance_option): New function.
* common/compliance.h (struct gnupg_compliance_option): New type.
(gnupg_parse_compliance_option): New prototype.
* g10/gpg.c (parse_compliance_option): Remove function.
(compliance_options): New variable.
(main): Adapt callsite.
* sm/gpgsm.c (main): Use the new common function.
* sm/gpgsm.h (opt): New field 'compliance'.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:53:31 +02:00
Justus Winter
027ce4ba37
gpg: Improve compliance with CO_DE_VS.
* g10/gpg.c (set_compliance_option): The specification, section 4.1.1,
forbids the use of encryption without integrity protection.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:53:29 +02:00
Andre Heinecke
13dc75a4e7
speedo: Fix a minor memleak in the installer
* build-aux/speedo/w32/g4wihelp.c (path_remove): Free path_new on
early return.

--
It's a weird condition in a once run function in a throwaway
process but -- yeah. It's a memleak and static analysis can
see it.

GnuPG-Bug-Id: T3197
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-06-07 15:34:30 +02:00
Andre Heinecke
96acbdd726
speedo: Fix source tar call ambiguity
* build-aux/speedo.mk (dist-source): Expand exclude-vc to
exclude-vcs.

--
Tar 1.29 also has exclude-vcs-ignores so this became
ambiguous.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-06-06 16:40:40 +02:00
Justus Winter
216f0804c1
common,g10: Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:08:45 +02:00
Justus Winter
be8ca88526
gpg: Report compliance with CO_DE_VS.
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information will be picked up by the frontend and
presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 13:16:18 +02:00
Justus Winter
3b70f62423
common: Improve checking for compliance with CO_DE_VS.
* common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key
sizes are compliant.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 12:26:17 +02:00
Justus Winter
8a012280e0
gpg,common: Move the compliance framework.
* common/Makefile.am (common_sources): Add new files.
* common/compliance.c: New file.  Move 'gnupg_pk_is_compliant' here,
and tweak it to not rely on types private to gpg.
* common/compliance.h: New file.  Move the compliance enum here.
* g10/keylist.c (print_compliance_flags): Adapt callsite.
* g10/main.h (gnupg_pk_is_compliant): Remove prototype.
* g10/misc.c (gnupg_pk_is_compliant): Remove function.
* g10/options.h (opt): Use the new compliance enum.
* sm/keylist.c (print_compliance_flags): Use the common functions.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 12:09:43 +02:00
Justus Winter
02af509dfc
gpg: Fix compliance computation.
* g10/misc.c (gnupg_pk_is_compliant): Compare against CO_RFC2440, not
RFC2440 which is actually a predicate.

Fixes-commit: fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-31 17:38:21 +02:00
Justus Winter
f9cb15b385
sm: Simplify code.
* sm/verify.c (gpgsm_verify): Simplify by using a newer gcrypt
interface.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-31 17:38:19 +02:00
Justus Winter
30c71a9476
sm: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-31 17:38:18 +02:00
Justus Winter
485b5a6e6d
doc: Improve documentation.
* doc/gpgsm.texi: Mention that '--with-key-data' implies
'--with-colons'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-31 17:38:16 +02:00
NIIBE Yutaka
c03e0eb01d agent: Fix error from do_encryption.
* agent/protect.c (do_encryption): Don't mask failure of OUTBUF
allocation.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-31 18:42:55 +09:00
NIIBE Yutaka
8defb21d34 scd: Fix error code on failure at usb_init.
* scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-31 10:05:36 +09:00
NIIBE Yutaka
5c33649782 scd: Handle a failure of libusb_init.
* scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle
failure.

--

Reported-by: Yuriy M. Kaminskiy <yumkam@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-31 09:49:54 +09:00
Justus Winter
663e5ed073
gpg: Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-30 14:30:43 +02:00
Andre Heinecke
d3d640b9cc
gpg: Disable keydb handle caching
* g10/getkey.c (getkey_end): Disable caching of the open keydb
handle.

--
This created a big regression for Windows because the keyring
is only released after the global ctrl is released. So if an operation
does a getkey and then tries to modify the keyring it will fail on
Windows with a sharing violation. We need to modify all
keyring write operations to also take the ctrl and close the
cached_getkey_kdb handle to make writing work. See:
https://dev.gnupg.org/T3097

GnuPG-Bug-Id: T3097

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-05-30 10:22:35 +02:00
NIIBE Yutaka
996544626e agent: Fix memory leaks.
* agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP.
* agent/gpg-agent.c (create_server_socket): Free UNADDR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-30 13:56:20 +09:00
Werner Koch
de3a0988ef
dirmngr: This towel should better detect a changed resolv.conf.
* dirmngr/dns-stuff.c (resolv_conf_changed_p): Fix initialization time
issue.
--

Fixes-commit: b5f356e9fba2d99909f8f54d7b7e6836bed87b68
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-05-25 20:26:54 +02:00
Werner Koch
b5f356e9fb
dirmngr: Re-init libdns resolver on towel change of resolv.conf
* dirmngr/dns-stuff.c: Include sys/stat.h.
(RESOLV_CONF_NAME): New macro to replace a string.
(resolv_conf_changed_p): New.
(libdns_init): Call new function
(libdns_res_open): Ditto.
--

Don't panic.  This is a simple change
Suggested-by: Stefan Bühler <stbuehler@web.de>
to avoid complicated if-up.d hooks to reload resolv.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-05-25 11:37:21 +02:00
Justus Winter
525f2c482a
agent: Make digest algorithms for ssh fingerprints configurable.
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--

OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256.  This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-24 18:09:07 +02:00
Justus Winter
a5f046d99a
agent: Write both ssh fingerprints to 'sshcontrol' file.
* agent/command-ssh.c (add_control_entry): Hand in the key, write both
the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
when adding ssh keys.
(ssh_identity_register): Adapt callsite.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-24 17:32:58 +02:00