security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity
gnupg/g10
History
Werner Koch 773b8fbbe9
gpg: New option --override-compliance-check 
* g10/gpg.c (oOverrideComplianceCheck): New.
(opts): Add new option.
(main): Set option and add check for batch mode.
* g10/options.h (opt): Add flags.override_compliance_check.

* g10/sig-check.c (check_signature2): Factor complaince checking out
to ...
(check_key_verify_compliance): new.  Turn error into a warning in
override mode.
--

There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode.  This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.

GnuPG-bug-id: 5655
Backported-from-master: fb26e144ad
 		2021-10-13 17:34:12 +02:00
..
ChangeLog-2011 Spelling: correct spelling of "passphrase". 2016-11-02 12:53:58 +01:00
Makefile.am w32: Add manifest files to most binaries 2020-10-02 17:04:12 +02:00
all-tests.scm tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
armor.c g10: Fix possible null dereference. 2019-05-14 11:24:35 +09:00
build-packet.c gpg: Do not allow creation of user ids larger than our parser allows. 2019-05-21 16:28:11 +02:00
call-agent.c gpg: Allow decryption w/o public key but with correct card inserted. 2021-05-04 10:06:57 +02:00
call-agent.h gpg,gpgsm: Record the creation time of a private key. 2020-08-23 12:31:18 +02:00
call-dirmngr.c gpg,sm: Simplify keyserver spec parsing. 2021-05-26 14:30:17 +02:00
call-dirmngr.h gpg: Lookup a missing public key of the current card via LDAP. 2021-05-03 20:28:33 +02:00
card-util.c gpg: Return SUCCESS/FAILURE status also for --card-edit/name. 2021-08-20 09:54:00 +02:00
cipher.c gpg: Remove MDC options 2018-05-31 12:08:22 +02:00
compress-bz2.c g10,tools: Fix bzlib.h include order. 2017-04-11 13:52:19 +09:00
compress.c gpg: Fix minor memory leak in the compress filter. 2018-05-02 20:15:10 +02:00
cpr.c spelling: Fix "synchronize" 2019-06-23 20:17:47 -04:00
dearmor.c Revert "g10: Always save standard revocation certificate in file." 2017-08-01 19:08:16 +02:00
decrypt-data.c common: Change argument order of log_printhex. 2020-05-12 18:51:47 +02:00
decrypt.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:42:42 +02:00
dek.h gpg: Support decryption of the new AEAD packet 2020-04-16 08:25:55 +02:00
delkey.c gpg: Print a hint for --batch mode and --delete-secret-key. 2020-03-18 15:26:43 +01:00
distsigkey.gpg Update release signing keys. 2021-09-14 13:50:47 +02:00
ecdh.c gpg: Allow ECDH with a smartcard returning just the x-coordinate. 2021-05-04 11:51:34 +02:00
encrypt.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:30:15 +02:00
exec.c w32: Change spawn functions to use Unicode version of CreateProcess. 2021-06-08 10:52:45 +02:00
exec.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
export.c common: Extend the openpgp_curve_to_oid function. 2021-04-29 12:57:00 +02:00
filter.h gpg: Fix minor memory leak in the compress filter. 2018-05-02 20:15:10 +02:00
free-packet.c gpg: Skip the packet when not used for AEAD. 2021-10-06 20:03:34 +02:00
getkey.c gpg: Fix mailbox based search via AKL keyserver method. 2021-05-04 10:23:20 +02:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c gpg: New option --override-compliance-check 2021-10-13 17:34:12 +02:00
gpg.h gpg: Fix build on Windows. 2018-03-08 14:08:51 +09:00
gpg.w32-manifest.in w32: Add manifest files to most binaries 2020-10-02 17:04:12 +02:00
gpgcompose.c build: Always use EXTERN_UNLESS_MAIN_MODULE pattern. 2020-02-10 16:37:34 +01:00
gpgsql.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
gpgsql.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
gpgv-w32info.rc w32: Add manifest files to most binaries 2020-10-02 17:04:12 +02:00
gpgv.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:30:15 +02:00
gpgv.w32-manifest.in w32: Add manifest files to most binaries 2020-10-02 17:04:12 +02:00
helptext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
import.c gpg: Do not use self-sigs-only for LDAP keyserver imports. 2021-04-13 14:50:05 +02:00
kbnode.c gpg: Avoid importing secret keys if the keyblock is not valid. 2019-03-18 13:16:35 +01:00
key-check.c gpg: Fix segv importing certain keys. 2020-09-02 16:06:46 +02:00
key-check.h gpg: Avoid output to the tty during import. 2017-07-27 11:38:57 +02:00
key-clean.c gpg: Remove multiple subkey bindings during export-clean. 2018-07-09 12:07:24 +02:00
key-clean.h gpg: Let export-clean remove expired subkeys. 2018-07-09 10:25:06 +02:00
keydb.c w32: Support Unicode also for config files etc. 2020-11-10 12:09:11 +01:00
keydb.h gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:30:15 +02:00
keyedit.c gpg: New option --force-sign-key 2021-03-11 11:32:00 +01:00
keyedit.h gpg: New command --quick-revoke-sig 2020-10-28 18:10:01 +01:00
keygen.c common: Extend the openpgp_curve_to_oid function. 2021-04-29 12:57:00 +02:00
keyid.c common: Change argument order of log_printhex. 2020-05-12 18:51:47 +02:00
keylist.c build: Silence two compiler warnings. 2021-05-04 10:45:30 +02:00
keyring.c Replace all calls to stat by gnupg_stat. 2020-10-23 11:15:59 +02:00
keyring.h gpg: Pass CTRL to many more functions. 2017-03-31 20:07:20 +02:00
keyserver-internal.h gpg,sm: Simplify keyserver spec parsing. 2021-05-26 14:30:17 +02:00
keyserver.c gpg: Let --fetch-key return an exit code on failure. 2021-06-25 10:35:24 +02:00
main.h gpg: Do not use weak digest algos if selected by recipient prefs. 2020-11-02 17:48:02 +01:00
mainproc.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:30:15 +02:00
mdfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
migrate.c Replace most of the remaining stdio calls by estream calls. 2020-10-21 21:09:38 +02:00
misc.c gpg: Do not print rejected digest algo notes with --quiet. 2020-11-09 08:34:24 +01:00
openfile.c gpg: Partial fix for Unicode problem in output files. 2021-06-10 12:44:30 +02:00
options.h gpg: New option --override-compliance-check 2021-10-13 17:34:12 +02:00
packet.h gpg: Show AEAD preferences 2020-04-16 08:36:28 +02:00
parse-packet.c gpg: Support decryption of the new AEAD packet 2020-04-16 08:25:55 +02:00
passphrase.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:30:15 +02:00
photoid.c gpg: Keep temp files when opening images via xdg-open 2021-03-01 09:47:21 +01:00
photoid.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
pkclist.c gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. 2020-11-13 16:02:00 +01:00
pkglue.c gpg: Allow ECDH with a smartcard returning just the x-coordinate. 2021-05-04 11:51:34 +02:00
pkglue.h gpg: Allow ECDH with a smartcard returning just the x-coordinate. 2021-05-04 11:51:34 +02:00
plaintext.c w32: Support Unicode also for config files etc. 2020-11-10 12:09:11 +01:00
progress.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pubkey-enc.c gpg: Allow ECDH with a smartcard returning just the x-coordinate. 2021-05-04 11:51:34 +02:00
pubring.asc Update copyright notices for 2017. 2017-01-23 19:16:55 +01:00
revoke.c gpg: New command --quick-revoke-sig 2020-10-28 18:10:01 +01:00
rmd160.c Clean up word replication. 2017-02-21 13:11:46 -05:00
rmd160.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
seckey-cert.c More change for common. 2017-03-07 20:32:09 +09:00
server.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
seskey.c Spelling fixes in docs and comments. 2017-04-28 10:06:33 +09:00
sig-check.c gpg: New option --override-compliance-check 2021-10-13 17:34:12 +02:00
sign.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:30:15 +02:00
skclist.c gpg: Allow decryption w/o public key but with correct card inserted. 2021-05-04 10:06:57 +02:00
t-keydb-get-keyblock.c gpg: Fix actual leak and possible leaks in the packet parser. 2017-03-30 16:01:52 +02:00
t-keydb-get-keyblock.gpg gpg: Correctly handle keyblocks followed by legacy keys. 2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx g10: Add test for keydb as well as new testing infrastructure. 2015-09-02 15:08:57 +02:00
t-keydb.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-rmd160.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-stutter-data.asc gpg: Add a new test. 2016-03-08 14:08:49 +01:00
t-stutter.c g10: Stop compiler warning for t-stutter. 2017-05-10 11:13:03 +09:00
tdbdump.c gpg: Pass CTRL arg to get_trusthashrec. 2018-03-26 18:06:43 +02:00
tdbio.c Replace all calls to stat by gnupg_stat. 2020-10-23 11:15:59 +02:00
tdbio.h gpg: Pass CTRL arg to get_trusthashrec. 2018-03-26 18:06:43 +02:00
test-stubs.c gpg: Use a more descriptive prompt for symmetric decryption. 2021-05-17 19:30:15 +02:00
test.c build: Always use EXTERN_UNLESS_MAIN_MODULE pattern. 2020-02-10 16:37:34 +01:00
textfilter.c gpg: Initialize a parameter to silence valgrind. 2020-09-04 11:24:34 +02:00
tofu.c Replace all calls to stat by gnupg_stat. 2020-10-23 11:15:59 +02:00
tofu.h g10: Remove dead code. 2016-12-06 12:16:56 +01:00
trust.c gpg: Move key cleaning functions to a separate file. 2018-07-09 10:24:37 +02:00
trustdb.c gpg: Auto import keys specified with --trusted-keys. 2021-05-04 10:21:14 +02:00
trustdb.h gpg: Move key cleaning functions to a separate file. 2018-07-09 10:24:37 +02:00
verify.c gpg: Make really sure that --verify-files always returns an error. 2020-02-10 15:33:53 +01:00
zlib-riscos.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00