diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/Makefile.am | 10 | ||||
| -rw-r--r-- | g10/call-keyboxd.c | 2 | ||||
| -rw-r--r-- | g10/cipher-aead.c | 4 | ||||
| -rw-r--r-- | g10/decrypt-data.c | 14 | ||||
| -rw-r--r-- | g10/encrypt.c | 36 | ||||
| -rw-r--r-- | g10/export.c | 15 | ||||
| -rw-r--r-- | g10/gpg.c | 17 | ||||
| -rw-r--r-- | g10/mainproc.c | 2 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/sig-check.c | 11 | ||||
| -rw-r--r-- | g10/sign.c | 21 |
11 files changed, 81 insertions, 53 deletions
diff --git a/g10/Makefile.am b/g10/Makefile.am index 3fd38517b..80b5b8919 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -47,9 +47,7 @@ endif # NB: We use noinst_ for gpg and gpgv so that we can install them with # the install-hook target under the name gpg2/gpgv2. noinst_PROGRAMS = gpg -if !HAVE_W32CE_SYSTEM noinst_PROGRAMS += gpgv -endif noinst_PROGRAMS += $(module_tests) if DISABLE_TESTS TESTS = @@ -173,12 +171,12 @@ LDADD = $(needed_libs) ../common/libgpgrl.a \ $(ZLIBS) $(LIBINTL) $(CAPLIBS) gpg_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(resource_objs) $(extra_sys_libs) -gpg_LDFLAGS = $(extra_bin_ldflags) + $(LIBICONV) $(resource_objs) +gpg_LDFLAGS = gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ $(LIBASSUAN_LIBS) $(NPTH_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(resource_objs) $(extra_sys_libs) -gpgv_LDFLAGS = $(extra_bin_ldflags) + $(LIBICONV) $(resource_objs) +gpgv_LDFLAGS = t_common_ldadd = diff --git a/g10/call-keyboxd.c b/g10/call-keyboxd.c index e2fede235..7f4d5f493 100644 --- a/g10/call-keyboxd.c +++ b/g10/call-keyboxd.c @@ -106,7 +106,7 @@ gpg_keyboxd_deinit_session_data (ctrl_t ctrl) err = assuan_transact (kbl->ctx, "TRANSACTION commit", NULL, NULL, NULL, NULL, NULL, NULL); if (err) - log_error ("error commiting last transaction: %s\n", + log_error ("error committing last transaction: %s\n", gpg_strerror (err)); in_transaction = 0; } diff --git a/g10/cipher-aead.c b/g10/cipher-aead.c index 8eea70372..640d8432f 100644 --- a/g10/cipher-aead.c +++ b/g10/cipher-aead.c @@ -295,9 +295,9 @@ do_flush (cipher_filter_context_t *cfx, iobuf_t a, byte *buf, size_t size) size_t n1 = cfx->chunksize - (cfx->chunklen + cfx->buflen); finalize = 1; if (DBG_FILTER) - log_debug ("chunksize %"PRIu64" reached;" + log_debug ("chunksize %llu reached;" " cur buflen=%zu using %zu of %zu\n", - cfx->chunksize, cfx->buflen, + (unsigned long long)cfx->chunksize, cfx->buflen, n1, n); n = n1; } diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index bdc3e2214..86e208d01 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -675,8 +675,10 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) /* Decrypt the buffer. This first requires a loop to handle the * case when a chunk ends within the buffer. */ if (DBG_FILTER) - log_debug ("decrypt: chunklen=%"PRIu64" total=%"PRIu64" size=%zu len=%zu%s\n", - dfx->chunklen, dfx->total, size, len, + log_debug ("decrypt: chunklen=%llu total=%llu size=%zu len=%zu%s\n", + (unsigned long long)dfx->chunklen, + (unsigned long long)dfx->total, + size, len, dfx->eof_seen? " eof":""); while (len && dfx->chunklen + len >= dfx->chunksize) @@ -712,8 +714,8 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) len -= n; if (DBG_FILTER) - log_debug ("ndecrypted: %zu (nchunk=%"PRIu64") bytes left: %zu at off=%zu\n", - totallen, dfx->chunklen, len, off); + log_debug ("ndecrypted: %zu (nchunk=%llu) bytes left: %zu at off=%zu\n", + totallen, (unsigned long long)dfx->chunklen, len, off); /* Check the tag. */ if (len < 16) @@ -794,8 +796,8 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) dfx->chunklen += len; dfx->total += len; if (DBG_FILTER) - log_debug ("ndecrypted: %zu (nchunk=%"PRIu64")\n", - totallen, dfx->chunklen); + log_debug ("ndecrypted: %zu (nchunk=%llu)\n", + totallen, (unsigned long long)dfx->chunklen); } if (dfx->eof_seen) diff --git a/g10/encrypt.c b/g10/encrypt.c index 1151fd9a0..687b4344e 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -1,7 +1,7 @@ /* encrypt.c - Main encryption driver * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, * 2006, 2009 Free Software Foundation, Inc. - * Copyright (C) 2016 g10 Code GmbH + * Copyright (C) 2016, 2023 g10 Code GmbH * * This file is part of GnuPG. * @@ -17,6 +17,7 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, see <https://www.gnu.org/licenses/>. + * SPDX-License-Identifier: GPL-3.0-or-later */ #include <config.h> @@ -409,6 +410,8 @@ encrypt_simple (const char *filename, int mode, int use_seskey) text_filter_context_t tfx; progress_filter_context_t *pfx; int do_compress = !!default_compress_algo(); + char peekbuf[32]; + int peekbuflen; if (!gnupg_rng_is_compliant (opt.compliance)) { @@ -445,6 +448,14 @@ encrypt_simple (const char *filename, int mode, int use_seskey) return rc; } + peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf); + if (peekbuflen < 0) + { + peekbuflen = 0; + if (DBG_FILTER) + log_debug ("peeking at input failed\n"); + } + handle_progress (pfx, inp, filename); if (opt.textmode) @@ -470,8 +481,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) if (use_seskey && s2k->mode != 1 && s2k->mode != 3) { use_seskey = 0; - log_info (_("can't use a SKESK packet" - "due to the S2K mode\n")); + log_info (_("can't use a SKESK packet due to the S2K mode\n")); } /* See whether we want to use AEAD. */ @@ -510,10 +520,11 @@ encrypt_simple (const char *filename, int mode, int use_seskey) if (do_compress && cfx.dek && (cfx.dek->use_mdc || cfx.dek->use_aead) - && is_file_compressed(filename, &rc)) + && !opt.explicit_compress_option + && is_file_compressed (peekbuf, peekbuflen)) { if (opt.verbose) - log_info(_("'%s' already compressed\n"), filename); + log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]"); do_compress = 0; } @@ -781,6 +792,8 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, progress_filter_context_t *pfx; PK_LIST pk_list; int do_compress; + char peekbuf[32]; + int peekbuflen; if (filefd != -1 && filename) return gpg_error (GPG_ERR_INV_ARG); /* Both given. */ @@ -853,6 +866,14 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, if (opt.verbose) log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp)); + peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf); + if (peekbuflen < 0) + { + peekbuflen = 0; + if (DBG_FILTER) + log_debug ("peeking at input failed\n"); + } + handle_progress (pfx, inp, filename); if (opt.textmode) @@ -885,10 +906,11 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, * ciphertext attacks. */ if (do_compress && (cfx.dek->use_mdc || cfx.dek->use_aead) - && is_file_compressed (filename, &rc2)) + && !opt.explicit_compress_option + && is_file_compressed (peekbuf, peekbuflen)) { if (opt.verbose) - log_info(_("'%s' already compressed\n"), filename); + log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]"); do_compress = 0; } if (rc2) diff --git a/g10/export.c b/g10/export.c index cab00d10c..b3ad69718 100644 --- a/g10/export.c +++ b/g10/export.c @@ -2026,7 +2026,16 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, hexgrip, pk, NULL); if (err) { - if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) + /* If we receive a fully canceled error we stop + * immediately. If we receive a cancel for a public + * key we also stop immediately because a + * public/secret key is always required first + * (right, we could instead write a stub key but + * that is also kind of surprising). If we receive + * a subkey we skip to the next subkey. */ + if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED + || (node->pkt->pkttype == PKT_PUBLIC_KEY + && gpg_err_code (err) == GPG_ERR_CANCELED)) goto leave; write_status_error ("export_keys.secret", err); skip_until_subkey = 1; @@ -2455,8 +2464,8 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, keydb_release (kdbhd); if (err || !keyblock_out) release_kbnode( keyblock ); - if( !*any ) - log_info(_("WARNING: nothing exported\n")); + if( !*any && !opt.quiet) + log_info (_("WARNING: nothing exported\n")); return err; } @@ -360,7 +360,6 @@ enum cmd_and_opt_values oShowSessionKey, oOverrideSessionKey, oOverrideSessionKeyFD, - oOverrideComplianceCheck, oNoRandomSeedFile, oAutoKeyRetrieve, oNoAutoKeyRetrieve, @@ -878,7 +877,6 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"), ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), - ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), ARGPARSE_header (NULL, N_("Options for unattended use")), @@ -972,6 +970,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oNoop, "aead-algo", "@"), ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), ARGPARSE_group (302, N_( @@ -3203,6 +3202,7 @@ main (int argc, char **argv) case oCompress: /* this is the -z command line option */ opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int; + opt.explicit_compress_option = 1; break; case oCompressLevel: opt.compress_level = pargs.r.ret_int; break; case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break; @@ -3665,10 +3665,6 @@ main (int argc, char **argv) opt.flags.allow_old_cipher_algos = 1; break; - case oOverrideComplianceCheck: - opt.flags.override_compliance_check = 1; - break; - case oFakedSystemTime: { size_t len = strlen (pargs.r.ret_str); @@ -3878,15 +3874,6 @@ main (int argc, char **argv) g10_exit(2); } - /* We allow overriding the compliance check only in non-batch mode - * so that the user has a chance to see the message. */ - if (opt.flags.override_compliance_check && opt.batch) - { - opt.flags.override_compliance_check = 0; - log_info ("Note: '%s' ignored due to batch mode\n", - "--override-compliance-check"); - } - set_debug (debug_level); if (opt.verbose) /* Print the compatibility flags. */ parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags); diff --git a/g10/mainproc.c b/g10/mainproc.c index 330ad10c5..4710386ea 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -2516,7 +2516,7 @@ check_sig_and_print (CTX c, kbnode_t node) } /* Compute compliance with CO_DE_VS. */ - if (pk && is_status_enabled () + if (pk && gnupg_gcrypt_is_compliant (CO_DE_VS) && gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey, nbits_from_pk (pk), NULL) diff --git a/g10/options.h b/g10/options.h index c10862687..74a6cdb16 100644 --- a/g10/options.h +++ b/g10/options.h @@ -98,6 +98,7 @@ struct int def_digest_algo; int cert_digest_algo; int compress_algo; + int explicit_compress_option; /* A compress option was explicitly given. */ int compress_level; int bz2_compress_level; int bz2_decompress_lowmem; @@ -244,7 +245,6 @@ struct unsigned int allow_old_cipher_algos:1; unsigned int allow_weak_digest_algos:1; unsigned int allow_weak_key_signatures:1; - unsigned int override_compliance_check:1; unsigned int large_rsa:1; unsigned int disable_signer_uid:1; unsigned int include_key_block:1; diff --git a/g10/sig-check.c b/g10/sig-check.c index 7c48c0601..7a2c934cd 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -78,17 +78,10 @@ check_key_verify_compliance (PKT_public_key *pk) NULL)) { /* Compliance failure. */ - log_info (_("key %s may not be used for signing in %s mode\n"), + log_error (_("key %s may not be used for signing in %s mode\n"), keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance)); - if (opt.flags.override_compliance_check) - log_info (_("continuing verification anyway due to option %s\n"), - "--override-compliance-failure"); - else - { - log_inc_errorcount (); /* We used log info above. */ - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - } + err = gpg_error (GPG_ERR_PUBKEY_ALGO); } return err; diff --git a/g10/sign.c b/g10/sign.c index 385254987..a66410ebd 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1037,6 +1037,9 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, int multifile = 0; u32 duration=0; pt_extra_hash_data_t extrahash = NULL; + char peekbuf[32]; + int peekbuflen = 0; + pfx = new_progress_context (); afx = new_armor_context (); @@ -1095,6 +1098,14 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, goto leave; } + peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf); + if (peekbuflen < 0) + { + peekbuflen = 0; + if (DBG_FILTER) + log_debug ("peeking at input failed\n"); + } + handle_progress (pfx, inp, fname); } @@ -1251,8 +1262,14 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, { int compr_algo = opt.compress_algo; - /* If not forced by user */ - if (compr_algo==-1) + if (!opt.explicit_compress_option + && is_file_compressed (peekbuf, peekbuflen)) + { + if (opt.verbose) + log_info(_("'%s' already compressed\n"), fname? fname: "[stdin]"); + compr_algo = 0; + } + else if (compr_algo==-1) { /* If we're not encrypting, then select_algo_from_prefs * will fail and we'll end up with the default. If we are |