aboutsummaryrefslogtreecommitdiffstats
path: root/g10/mainproc.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Sanitize diagnostic with the original file name.Werner Koch2018-06-081-1/+5
| | | | | | | | | | | | | | | * g10/mainproc.c (proc_plaintext): Sanitize verbose output. -- This fixes a forgotten sanitation of user supplied data in a verbose mode diagnostic. The mention CVE is about using this to inject status-fd lines into the stderr output. Other harm good as well be done. Note that GPGME based applications are not affected because GPGME does not fold status output into stderr. CVE-id: CVE-2018-12020 GnuPG-bug-id: 4012 (cherry picked from commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b)
* g10: Fix --list-packets.NIIBE Yutaka2016-06-281-1/+1
| | | | | | | | | | | | | | | | | | * g10/gpg.c (main): Call set_packet_list_mode after assignment of opt.list_packets. * g10/mainproc.c (do_proc_packets): Don't stop processing with --list-packets as the comment says. * g10/options.h (list_packets): Fix the comment. * g10/parse-packet.c: Fix the condition for opt.list_packets. -- (backport from 2.0 commit 4f336ed780cc2783395f3ff2b12b3ebb8e097f7b which is backport of master commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a) Debian-bug-id: 828109 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: detects public key encryption packet error properly.NIIBE Yutaka2015-05-191-3/+3
| | | | | | | | | g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for encryption. -- (backported from 2.1 commit c771963140cad7c1c25349bcde27e427effc0058)
* Switch to a hash and CERT record based PKA system.Werner Koch2015-02-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * util/pka.c: Rewrite. (get_pka_info): Add arg fprbuflen. Change callers to pass this. * util/strgutil.c (ascii_strlwr): New. * configure.ac: Remove option --disable-dns-pka. (USE_DNS_PKA): Remove ac_define. * g10/getkey.c (parse_auto_key_locate): Always include PKA. -- Note that although PKA is now always build, it will only work if support for looking up via DNS has not been disabled. The new PKA only works with the IPGP DNS certtype and shall be used only to retrieve the fingerprint and optional the key for the first time. Due to the security problems with DNSSEC the former assumption to validate the key using DNSSEC is not anymore justified. Instead an additional layer (e.g. Trust-On-First-Use) needs to be implemented to track change to the key. Having a solid way of getting a key matching a mail address is however a must have. More work needs to go into a redefinition of the --verify-options pka-lookups and pka-trust-increase. The auto-key-locate mechanism should also be able to continue key fetching with another method once the fingerprint has been retrieved with PKA. Signed-off-by: Werner Koch <[email protected]> This is a backport from master. (backported from commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b)
* gpg: Fix a NULL-deref for invalid input data.Werner Koch2014-11-241-2/+8
| | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse entry. -- GnuPG-bug-id: 1761 Signed-off-by: Werner Koch <[email protected]> (backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e)
* gpg: Make the use of "--verify FILE" for detached sigs harder.Werner Koch2014-11-141-0/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/openfile.c (open_sigfile): Factor some code out to ... (get_matching_datafile): new function. * g10/plaintext.c (hash_datafiles): Do not try to find matching file in batch mode. * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly matching data file is not used by a standard signatures. -- Allowing to use the abbreviated form for detached signatures is a long standing bug which has only been noticed by the public with the release of 2.1.0. :-( What we do is to remove the ability to check detached signature in --batch using the one file abbreviated mode. This should exhibit problems in scripts which use this insecure practice. We also print a warning if a matching data file exists but was not considered because the detached signature was actually a standard signature: gpgv: Good signature from "Werner Koch (dist sig)" gpgv: WARNING: not a detached signature; \ file 'gnupg-2.1.0.tar.bz2' was NOT verified! We can only print a warning because it is possible that a standard signature is indeed to be verified but by coincidence a file with a matching name is stored alongside the standard signature. Reported-by: Simon Nicolussi (to gnupg-users on Nov 7) Signed-off-by: Werner Koch <[email protected]> (backported from commit 69384568f66a48eff3968bb1714aa13925580e9f) Updated doc/gpg.texi.
* gpg: Allow compressed data with algorithm 0.Werner Koch2014-08-201-4/+1
| | | | | | | | | | * g10/mainproc.c (proc_compressed): Remove superfluous check for an algorithm number of 0. -- (backport from commit 88633bf3d417aeb5ea0f75508aba8e32adc8acef) GnuPG-bug-id: 1326, 1684
* Change --show-session-key to print the session key earlier.Werner Koch2013-12-111-10/+1
| | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Move show_session_key code to ... * g10/decrypt-data.c (decrypt_data): here. -- This feature can be used to return the session key for just a part of a file. For example to downloading just the first 32k of a huge file, decrypting that incomplete part and while ignoring all the errors break out the session key. The session key may then be used on the server to decrypt the entire file without the need to have the private key on the server. This is the same feature as commit 101a54add351ff62793cbfbf3877787c4791f833 for 2.1 and commit 3ae90ff28c500967cb90b1176299d2ca01ef450f for 2.0. GnuPG-bug-id: 1389 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix bug with deeply nested compressed packets.Werner Koch2013-10-021-9/+43
| | | | | | | | | | * g10/mainproc.c (MAX_NESTING_DEPTH): New. (proc_compressed): Return an error code. (check_nesting): New. (do_proc_packets): Check packet nesting depth. Handle errors from check_compressed. Signed-off-by: Werner Koch <[email protected]>
* Support the not anymore patented IDEA cipher algorithm.Werner Koch2012-11-081-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | * cipher/idea.c: New. Take from Libgcrypt master and adjust for direct use in GnuPG. * cipher/idea-stub.c: Remove. * cipher/Makefile.am: Add idea.c and remove idea-stub.c rules. * configure.ac: Remove idea-stub code. * g10/gpg.c (check_permissions): Remove code path for ITEM==2. (main): Make --load-extension a dummy option. * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA. * g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA. * g10/status.h (STATUS_RSA_OR_IDEA): Remove. -- To keep the number of actually used algorithms low, we support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available.
* Add pubkey letters e and E for ECC.Werner Koch2011-07-011-30/+32
| | | | | | | This does not mean we have any kind of ECC support now. It is merely to avoid printing a question mark for the algorithm. Trailing white space changes as usual.
* Minor fixesWerner Koch2010-08-311-0/+8
|
* * main.h, mainproc.c (check_sig_and_print), keylist.cDavid Shaw2008-10-031-3/+4
| | | | | | | | | (list_keyblock_print), pkclist.c (do_edit_ownertrust), keyedit.c (menu_showphoto), photoid.c (generate_photo_id, show_photos), misc.c (pct_expando): Add %v and %V expandos so that displaying photo IDs can show the attribute validity tag (%v) and string (%V). Originally by Daniel Gillmor.
* Updated ZH po file.Werner Koch2007-12-121-1/+1
| | | | | | Allow de/encryption using legacy type 20 keys. Updated config.{sub,guess}
* Allow decryption using type 20 Elgamal keys.Werner Koch2007-12-111-3/+10
|
* Switched to GPLv3.Werner Koch2007-10-231-4/+2
| | | | | Updated gettext.
* * packet.h, mainproc.c (reset_literals_seen): New function to resetDavid Shaw2007-04-171-2/+8
| | | | | | | | | the literals count. * verify.c (verify_one_file), decrypt.c (decrypt_messages): Call it here so we allow multiple literals in --multifile mode (in different files - not concatenated together).
* Preparing 1.4.7gnupg-1.4.7Werner Koch2007-03-051-15/+47
|
* Fixed segvWerner Koch2006-04-081-2/+4
|
* * mainproc.c (get_pka_address): Fix bug introduced as part ofDavid Shaw2006-03-221-1/+1
| | | | | sig_to_notation conversion. Noted by Peter Palfradrer.
* Preparing for an RC23Werner Koch2006-03-091-2/+2
|
* * mainproc.c (get_pka_address), keylist.c (show_notation): RemoveDavid Shaw2006-03-091-35/+20
| | | | | duplicate code by using notation functions.
* * options.h, mainproc.c (check_sig_and_print), gpg.c (main):David Shaw2006-03-081-1/+1
| | | | | | | | | pka-lookups, not pka-lookup. * options.h, gpg.c (main), keyedit.c [cmds], sig-check.c (signature_check2): Rename "backsign" to "cross-certify" as a more accurate name.
* * options.h, gpg.c (main, parse_trust_model), pkclist.cDavid Shaw2006-03-071-2/+3
| | | | | | | (check_signatures_trust), mainproc.c (check_sig_and_print, pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it is a verify-option now.
* More tests added; make distcheck worksWerner Koch2006-03-071-3/+12
|
* * mainproc.c (proc_compressed): "Uncompressed" is not a valid compressionDavid Shaw2006-03-061-1/+3
| | | | | algorithm.
* Stricter test of allowed signature packet compositions.Werner Koch2006-03-061-98/+111
| | | | | There is still one problem to solve.
* Fixed problem with PGP2 style signatures and mutilple plaintext dataWerner Koch2006-03-061-33/+57
|
* Replaced an assert and fixed batch mode issue in cardglue.Werner Koch2006-03-051-1/+6
|
* * options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.cDavid Shaw2006-02-221-4/+3
| | | | | | (keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be consistent with honor-keyserver-url.
* Fixed a wrong return code with gpg --verifyWerner Koch2006-02-141-23/+39
|
* * mainproc.c (check_sig_and_print), keyserver.cDavid Shaw2006-01-011-1/+1
| | | | | | | (keyserver_import_pka), card-util.c (fetch_url): Always require a scheme:// for keyserver URLs except when used as part of the --keyserver command for backwards compatibility.
* Finished PKA featureWerner Koch2005-12-201-1/+1
|
* Made strings translatable. Minor fixes.Werner Koch2005-12-081-1/+1
|
* * mainproc.c (proc_symkey_enc): Take care of a canceled passphraseWerner Koch2005-09-201-1/+16
| | | | | prompt.
* auto retrieve keys from PKA. Thsi allows to specify an email addressWerner Koch2005-08-051-2/+5
| | | | | | so that gpg can get the key from DNS. This helps with opportunistic encryption. No integration with the trust modell yet.
* Implemented PKA trust modelWerner Koch2005-07-281-3/+112
|
* Converted all m_free to xfree etc.Werner Koch2005-07-271-32/+32
|
* Updated FSF street address and preparations for a release candidate.Werner Koch2005-05-311-1/+2
|
* * mainproc.c (symkey_decrypt_seskey): There is no need to have anDavid Shaw2005-04-221-33/+33
| | | | | | | extra check for a bad passphrase and/or unknown cipher algorithm here. We'll fail quite happily later, and usually with a better error message to boot.
* * mainproc.c (proc_plaintext): Properly handle SIG+LITERAL (old-style PGP)David Shaw2005-04-011-19/+35
| | | | | signatures that use hashes other than SHA-1, RIPEMD160, or MD5.
* Disable the "quick check" bytes for PK decryptions. This is inDavid Shaw2005-02-101-2/+4
| | | | | regards to the Mister and Zuccherato attack on OpenPGP CFB mode.
* Updated to match the switch to the NSIS installer.Werner Koch2005-02-031-1/+1
|
* * options.h, g10.c (main), mainproc.c (check_sig_and_print): RenameDavid Shaw2004-10-211-2/+2
| | | | | | | | verify-option show-validity to show-uid-validity to match the similar list-option. * app-openpgp.c (verify_chv3): Fix typo.
* * pkclist.c (do_edit_ownertrust): Use the same translated string forDavid Shaw2004-10-111-6/+3
| | | | | | | | | | | | | | showing the user ID as mainproc.c:print_pkenc_list. * mainproc.c (print_pkenc_list): Allow translating the quotes around the user ID. * card-util.c, g10.c, photoid.c, trustdb.c: The last of the \"%s\" -> `%s' quoting for things that aren't user IDs. * keyserver.c (keyserver_spawn): If there is no keyserver host, print the whole URI since it is self-contained.
* * pkclist.c (build_pk_list): Keystrify.David Shaw2004-10-071-22/+41
| | | | | | * mainproc.c (check_sig_and_print), pkclist.c (do_edit_ownertrust): Improve translatability of user ID prompts.
* * keyedit.c, keylist.c, keyserver.c, mainproc.c: TheDavid Shaw2004-10-061-2/+10
| | | | | | revoked/expired/expires string change of 2004-09-29 was too simple. Use two styles for each tag.
* * keyedit.c, keylist.c, keyserver.c, mainproc.c: Reduce the manyDavid Shaw2004-09-291-2/+2
| | | | | | variations of "revoked" ("revoked", "[revoked]", " [revoked]", "[revoked] ") "and" expired down to two to simplify translation.
* * mainproc.c (check_sig_and_print), keyedit.c (show_prefs,David Shaw2004-09-221-1/+1
| | | | | | menu_set_keyserver_url): Make sure that keyserver URLs with control characters inside are printed properly. In fact, handle them as UTF8.
* * keyedit.c (sign_uids): Properly handle remaking a self-sig on revoked orDavid Shaw2004-07-151-0/+7
| | | | | | | | | | | | | | expired user IDs. Also, once we've established that a given uid cannot or will not be signed, don't continue to ask about each sig. * mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check the S2K hash algorithm before we try to generate a passphrase using it. This prevents hitting BUG() when generating a passphrase using a hash that we don't have. * sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign --symmetric messages.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 17:32:00 +0000