aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Refactor keyedit module.Justus Winter2017-06-134-39/+70
| | | | | | | | | | | | | * g10/Makefile.am (gpg_SOURCES): Add new file. * g10/keyedit.c (NODFLG_*): Move flags to the new header file. (print_one_sig): Export symbol and rename accordingly. (print_and_check_one_sig): Adapt accordingly. (check_all_keysigs): Likewise. * g10/keyedit.h: New file. * g10/main.h: Drop declarations, include new header. GnuPG-bug-id: 2236 Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Implement querying nameservers over IPv6.Justus Winter2017-06-131-1/+179
| | | | | | | | | | | | | | | | * dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family mismatch. (enum dns_res_state): New states for querying over IPv6. (dns_res_exec): Implement the new states by copying and modifying the IPv4 variants. Branch to their respective counterparts if the current list of resolvers using the current address family is exhausted. -- This allows dirmngr to resolve names on systems where the nameservers are only reachable via IPv6. GnuPG-bug-id: 2990 Signed-off-by: Justus Winter <[email protected]>
* gpg: Disable keydb handle caching only for W32Werner Koch2017-06-131-10/+17
| | | | | | | | | | | * g10/getkey.c (getkey_end) [!W32]: Re-enable caching. -- This change limits of the effects of commit d3d640b9cc98dd0d06b49a2e4d46eb67af96fe29 to W32 system. GnuPG-bug-id: 3097 Signed-off-by: Werner Koch <[email protected]>
* po: Make a string translatable.Werner Koch2017-06-131-3/+6
| | | | --
* common: Fix -Wswitch warning.Werner Koch2017-06-131-1/+0
| | | | | | | | | | * common/compliance.c (gnupg_digest_is_allowed): Don't include GCRY_MD_WHIRLPOOL because it is not a digest_algo_t. -- Note that Whirlpool is not used anywhere in gpg or gpgsm. Signed-off-by: Werner Koch <[email protected]>
* gpg: Send gpgcompose --help output to stdout, not stderr.Neal H. Walfield2017-06-111-7/+7
| | | | | | | * g10/gpgcompose.c (show_help): Send gpgcompose --help output to stdout, not stderr. Reported-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Improve some output of gpgcompose.Neal H. Walfield2017-06-111-2/+5
|
* gpg: Support 'gpgcompose --encrypted-pop --help'Neal H. Walfield2017-06-111-3/+21
| | | | | | | * g10/gpgcompose.c (encrypted_pop_options): New variable. (encrypted_pop): Support the --help option. Reported-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Remove dead code.Neal H. Walfield2017-06-111-7/+1
| | | | | | * g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be PKT_ENCRYPTED_MDC. (encrypted_pop): Likewise and there is no option --encrypted-mdc-pop.
* artwork: Add new banner.Marcus Brinkmann2017-06-0810-0/+695
| | | | | | | | | | | | | | | * artwork/banner/banner-full.png: New file. * artwork/banner/banner-rectangle.png: New file. * artwork/banner/banner.svg: New file. * artwork/banner/Bungee-Regular.ttf: New file. * artwork/banner/Raleway-license.txt: New file. * artwork/banner/banner-half.png: New file. * artwork/banner/banner-skyscraper.png: New file. * artwork/banner/Bungee-license.txt: New file. * artwork/banner/Raleway-ExtraBold.ttf: New file. * artwork/banner/Raleway-SemiBold.ttf: New file. Signed-off-by: Marcus Brinkmann <[email protected]>
* common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.Justus Winter2017-06-0813-21/+504
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* gpg: Fix computation of compliance with CO_DE_VS.Justus Winter2017-06-081-3/+4
| | | | | | | | * g10/mainproc.c (proc_encrypted): Symmetric encryption is also in compliance with CO_DE_VS. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.Werner Koch2017-06-087-8/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New enums. (opts): New options --connect-timeout and --connect-quick-timeout. (DEFAULT_CONNECT_TIMEOUT): New. (DEFAULT_CONNECT_QUICK_TIMEOUT): New. (parse_rereadable_options): Handle new options. (post_option_parsing): New. Use instead of direct calls to set_debug() and set_tor_mode (). (main): Setup default timeouts. (dirmngr_init_default_ctrl): Set standard connect timeout. * dirmngr/dirmngr.h (opt): New fields connect_timeout and connect_quick_timeout. (server_control_s): New field timeout. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to http_raw_connect. * dirmngr/ks-engine-hkp.c (send_request): Call http_session_set_timeout. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get) (cmd_ks_fetch): Implement --quick option. -- The standard connect timeouts are way to long so we add a timeout to the connect calls. Also implement the --quick option which is already used by gpg for non-important requests (e.g. looking up a key for verification). Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Allow a timeout for HTTP and other TCP connects.Werner Koch2017-06-083-17/+200
| | | | | | | | | | | | | | | | | | | | | | | * dirmngr/http.c: Include fcntl.h. (http_session_s): Add field 'connect_timeout'. (http_session_new): Clear that. (http_session_set_timeout): New function. (my_wsagetlasterror) [W32]: New. (connect_with_timeout): New function. (connect_server): Add arg 'timeout' and call connect_with_timeout. (send_request): Add arg 'timeout' and pass it to connect_server. (http_raw_connect): Add arg 'timeout'. (http_open): Pass TIMEOUT from the session to connect_server. -- Note that the non-blocking connect we implement is traditional a pretty non-portable thing due to slighly different semantics. The code uses the strategy W. Richard Stevens suggested in 1998. Hopefully current OS versions got it all right. The code has not been tested on Windows. Signed-off-by: Werner Koch <[email protected]>
* gpg: Avoid failure exit when scdaemon is disabled but not needed.Werner Koch2017-06-081-2/+4
| | | | | | | | | | | | * g10/call-agent.c (warn_version_mismatch): Use log_info if error is "not supported". -- This fix may make the fix for GnuPG-bug-id: 3192 even more robust. Signed-off-by: Werner Koch <[email protected]>
* common: Add cipher mode to compliance predicate.Justus Winter2017-06-074-7/+17
| | | | | | | | | | * common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter. * common/compliance.h (gnupg_cipher_is_compliant): Likewise. * g10/mainproc.c (proc_encrypted): Adapt callsite. * sm/decrypt.c (gpgsm_decrypt): Likewise. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <[email protected]>
* common,gpg,sm: Initialize compliance module.Justus Winter2017-06-074-0/+71
| | | | | | | | | | * common/compliance.c (gnupg_initialize_compliance): New function. * common/compliance.h (gnupg_initialize_compliance): New prototype. * g10/gpg.c (main): Use the new function. * sm/gpgsm.c (main): Likewise. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* common,gpg: Move the compliance option printer.Justus Winter2017-06-078-28/+32
| | | | | | | | | | | | | | * common/compliance.c (gnupg_compliance_option_string): New function. * common/compliance.h (gnupg_compliance_option_string): New prototype. * g10/encrypt.c (write_pubkey_enc_from_list): Update callsite. * g10/gpg.c (main): Likewise. * g10/keyedit.c (keyedit_menu): Likewise. * g10/pkclist.c (build_pk_list): Likewise. * g10/main.h (compliance_option_string): Remove prototype. * g10/misc.c (compliance_option_string): Remove function. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* common,gpg,sm: Move the compliance option parser.Justus Winter2017-06-075-27/+71
| | | | | | | | | | | | | | * common/compliance.c (gnupg_parse_compliance_option): New function. * common/compliance.h (struct gnupg_compliance_option): New type. (gnupg_parse_compliance_option): New prototype. * g10/gpg.c (parse_compliance_option): Remove function. (compliance_options): New variable. (main): Adapt callsite. * sm/gpgsm.c (main): Use the new common function. * sm/gpgsm.h (opt): New field 'compliance'. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* gpg: Improve compliance with CO_DE_VS.Justus Winter2017-06-071-0/+1
| | | | | | | | * g10/gpg.c (set_compliance_option): The specification, section 4.1.1, forbids the use of encryption without integrity protection. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* speedo: Fix a minor memleak in the installerAndre Heinecke2017-06-071-1/+4
| | | | | | | | | | | | | * build-aux/speedo/w32/g4wihelp.c (path_remove): Free path_new on early return. -- It's a weird condition in a once run function in a throwaway process but -- yeah. It's a memleak and static analysis can see it. GnuPG-Bug-Id: T3197 Signed-off-by: Andre Heinecke <[email protected]>
* speedo: Fix source tar call ambiguityAndre Heinecke2017-06-061-2/+2
| | | | | | | | | | | * build-aux/speedo.mk (dist-source): Expand exclude-vc to exclude-vcs. -- Tar 1.29 also has exclude-vcs-ignores so this became ambiguous. Signed-off-by: Andre Heinecke <[email protected]>
* common,g10: Fix typos.Justus Winter2017-06-062-4/+4
| | | | | -- Signed-off-by: Justus Winter <[email protected]>
* gpg: Report compliance with CO_DE_VS.Justus Winter2017-06-017-3/+171
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain parameters. (gnupg_cipher_is_compliant): New function. (gnupg_digest_is_compliant): Likewise. * common/compliance.h (gnupg_cipher_is_compliant): New prototype. (gnupg_digest_is_compliant): Likewise. * common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status. (STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise. * doc/DETAILS: Document the new status lines. * g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS and report that using the new status line. (check_sig_and_print): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- When decrypting data and verifying signatures, report whether the operations are in compliance with the criteria for data classified as VS-NfD. This information will be picked up by the frontend and presented to the user. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <[email protected]>
* common: Improve checking for compliance with CO_DE_VS.Justus Winter2017-06-011-1/+3
| | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key sizes are compliant. Signed-off-by: Justus Winter <[email protected]>
* gpg,common: Move the compliance framework.Justus Winter2017-06-018-102/+207
| | | | | | | | | | | | | | * common/Makefile.am (common_sources): Add new files. * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here, and tweak it to not rely on types private to gpg. * common/compliance.h: New file. Move the compliance enum here. * g10/keylist.c (print_compliance_flags): Adapt callsite. * g10/main.h (gnupg_pk_is_compliant): Remove prototype. * g10/misc.c (gnupg_pk_is_compliant): Remove function. * g10/options.h (opt): Use the new compliance enum. * sm/keylist.c (print_compliance_flags): Use the common functions. Signed-off-by: Justus Winter <[email protected]>
* gpg: Fix compliance computation.Justus Winter2017-05-311-1/+1
| | | | | | | | * g10/misc.c (gnupg_pk_is_compliant): Compare against CO_RFC2440, not RFC2440 which is actually a predicate. Fixes-commit: fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e Signed-off-by: Justus Winter <[email protected]>
* sm: Simplify code.Justus Winter2017-05-311-6/+1
| | | | | | | * sm/verify.c (gpgsm_verify): Simplify by using a newer gcrypt interface. Signed-off-by: Justus Winter <[email protected]>
* sm: Fix typo.Justus Winter2017-05-311-1/+1
| | | | | -- Signed-off-by: Justus Winter <[email protected]>
* doc: Improve documentation.Justus Winter2017-05-311-1/+1
| | | | | | | * doc/gpgsm.texi: Mention that '--with-key-data' implies '--with-colons'. Signed-off-by: Justus Winter <[email protected]>
* agent: Fix error from do_encryption.NIIBE Yutaka2017-05-311-12/+19
| | | | | | | * agent/protect.c (do_encryption): Don't mask failure of OUTBUF allocation. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix error code on failure at usb_init.NIIBE Yutaka2017-05-311-1/+1
| | | | | | * scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Handle a failure of libusb_init.NIIBE Yutaka2017-05-311-4/+15
| | | | | | | | | | * scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle failure. -- Reported-by: Yuriy M. Kaminskiy <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix typos.Justus Winter2017-05-302-3/+3
| | | | | -- Signed-off-by: Justus Winter <[email protected]>
* gpg: Disable keydb handle cachingAndre Heinecke2017-05-301-1/+11
| | | | | | | | | | | | | | | | | | * g10/getkey.c (getkey_end): Disable caching of the open keydb handle. -- This created a big regression for Windows because the keyring is only released after the global ctrl is released. So if an operation does a getkey and then tries to modify the keyring it will fail on Windows with a sharing violation. We need to modify all keyring write operations to also take the ctrl and close the cached_getkey_kdb handle to make writing work. See: https://dev.gnupg.org/T3097 GnuPG-Bug-Id: T3097 Signed-off-by: Andre Heinecke <[email protected]>
* agent: Fix memory leaks.NIIBE Yutaka2017-05-302-4/+11
| | | | | | | * agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP. * agent/gpg-agent.c (create_server_socket): Free UNADDR. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: This towel should better detect a changed resolv.conf.Werner Koch2017-05-251-4/+6
| | | | | | | | | * dirmngr/dns-stuff.c (resolv_conf_changed_p): Fix initialization time issue. -- Fixes-commit: b5f356e9fba2d99909f8f54d7b7e6836bed87b68 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Re-init libdns resolver on towel change of resolv.confWerner Koch2017-05-251-1/+46
| | | | | | | | | | | | | | | * dirmngr/dns-stuff.c: Include sys/stat.h. (RESOLV_CONF_NAME): New macro to replace a string. (resolv_conf_changed_p): New. (libdns_init): Call new function (libdns_res_open): Ditto. -- Don't panic. This is a simple change Suggested-by: Stefan Bühler <[email protected]> to avoid complicated if-up.d hooks to reload resolv.conf. Signed-off-by: Werner Koch <[email protected]>
* agent: Make digest algorithms for ssh fingerprints configurable.Justus Winter2017-05-245-3/+24
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): New field 'ssh_fingerprint_digest'. * agent/command-ssh.c (data_sign, ssh_identity_register): Honor the option for strings used to communicate with the user. * agent/findkey.c (agent_modify_description): Likewise. * agent/gpg-agent.c (cmd_and_opt_values): New value. (opts): New option '--ssh-fingerprint-digest'. (parse_rereadable_options): Set the default to MD5 for now. (main): Handle the new option. * doc/gpg-agent.texi: Document the new option. -- OpenSSH has transitioned from using MD5 to compute key fingerprints to SHA256. This patch makes the digest used when communicating key fingerprints to the user (e.g. in pinentry dialogs) configurable. For now this patch conservatively defaults to MD5. GnuPG-bug-id: 2106 Signed-off-by: Justus Winter <[email protected]>
* agent: Write both ssh fingerprints to 'sshcontrol' file.Justus Winter2017-05-241-4/+18
| | | | | | | | | | * agent/command-ssh.c (add_control_entry): Hand in the key, write both the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file when adding ssh keys. (ssh_identity_register): Adapt callsite. GnuPG-bug-id: 2106 Signed-off-by: Justus Winter <[email protected]>
* common: Correctly render SHA256-based ssh fingerprints.Justus Winter2017-05-242-14/+158
| | | | | | | | | | | | | | * common/ssh-utils.c (dummy_realloc): New function. (dummy_free): Likewise. (get_fingerprint): Prepend the fingerprint with the name of the digest algorithm. Correctly render SHA256-based ssh fingerprints. * common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys. (main): Add an option to dump the keys to gather fingerprints, also print the SHA256 fingerprint for keys given as arguments, and check the SHA256 fingerprints of the test keys. GnuPG-bug-id: 2106 Signed-off-by: Justus Winter <[email protected]>
* common: Support different digest algorithms for ssh fingerprints.Justus Winter2017-05-246-36/+41
| | | | | | | | | | | | | | | | * common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter. (ssh_get_fingerprint{,_string}): Likewise. * common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes. * common/t-ssh-utils.c (main): Adapt accordingly. * agent/command-ssh.c (agent_raw_key_from_file): Likewise. (ssh_identity_register): Likewise. * agent/command.c (do_one_keyinfo): Likewise. * agent/findkey.c (modify_description): Likewise. -- This lays the foundation to support other algorithms. GnuPG-bug-id: 2106 Signed-off-by: Justus Winter <[email protected]>
* Register DCO for William L. Thomson Jr.Justus Winter2017-05-231-0/+3
| | | | | -- Signed-off-by: Justus Winter <[email protected]>
* agent: Add const qualifier for read-only table.NIIBE Yutaka2017-05-224-9/+9
| | | | | | | | | | | | | | * agent/call-pinentry.c (start_pinentry): Add const to tbl. * agent/command-ssh.c (request_specs): Add const. (ssh_key_types): Likewise. (request_spec_lookup): Add const to the return value and SPEC. (ssh_request_process): Likewise. * agent/protect.c (protect_info): Add const. (agent_unprotect): Add const to algotable. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix default-key selection for signing, possibly by card.NIIBE Yutaka2017-05-224-16/+62
| | | | | | | | | | | | | | | * g10/call-agent.c (warn_version_mismatch): Revert. (start_agent): Suppress version mismatch if relevant. * g10/getkey.c (get_seckey_default_or_card): New. * g10/skclist.c (build_sk_list): Use get_seckey_default_or_card. -- The change of 97a2394, which prefers available card than default key specified is too strong. Fixes-commit: 97a2394ecafaa6f58e4a1f70ecfd04408dc15606 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix spellings.Daniel Kahn Gillmor2017-05-181-2/+2
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* docs: Point to https://dev.gnupg.org/ .Daniel Kahn Gillmor2017-05-187-23/+22
| | | | | | | | | Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/. Since the project has transitioned to a better workflow for supporting contributions, we should ensure that our documentation points to the right place. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpgscm: Fix checking for opcode arguments.Justus Winter2017-05-171-1/+2
| | | | | | | | * tests/gpgscm/scheme.c (Eval_Cycle): Update 'pcd' after dispatching an instruction. Fixes-commit: 9c6407d17e0cb9f4a370b1b83e7816577ec7d29d Signed-off-by: Justus Winter <[email protected]>
* tests: Fix agent teardown in release builds.Justus Winter2017-05-171-3/+3
| | | | | | | | | | * tests/openpgp/defs.scm (start-agent,stop-agent): Use gpg-conf which will properly use the '--build-prefix' argument to make gpgconf use tools from the build directory. GnuPG-bug-id: 3165 Fixes-commit: 2c9d9ac55ea455a5ec26428989dced0311ed46cc Signed-off-by: Justus Winter <[email protected]>
* g10: Fix gpgcompose.c.NIIBE Yutaka2017-05-171-1/+1
| | | | | | | | | * g10/gpgcompose.c (show_help): Check return value. -- Fixes-commit: 00b7767bc6fe309aa20375c859ebf708cfc7b9ea Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 17:35:50 +0000