| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* g10/key-clean.c (clean_one_subkey_dupsigs): New.
(clean_all_subkeys): Call it.
--
GnuPG-bug-id: 3804
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
* g10/key-clean.c (clean_one_subkey): New.
(clean_all_subkeys): Add arg CLEAN_LEVEL.
* g10/import.c (import_one): Call clean_all_subkeys with
KEY_CLEAN_NONE.
* g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
the export clean options.
--
GnuPG-bug-id: 3622
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
subkey cleaning into ...
(clean_all_subkeys): new. Call that always after the former clean_key
invocations.
--
Note that the clean_all_subkeys function will later be extended.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/key-clean.h: New.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
new header.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
--
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--
GnuPG-bug-id: 4046
The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
* g10/import.c (read_block): Add special treatment for bad user ids
and comment packets.
--
See
GnuPG-bug-id: 4022
for an example of a bogus user id.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/sig-check.c (check_signature_end_simple): Check sign usage.
--
Without this patch the signature verification fails only due to the
missing back signature. This check better explains what went wrong.
GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
* g10/gpgcompose.c (signature): Likewise.
* g10/sign.c (write_signature_packets): Likewise.
--
Reported-by: Philippe Antoine
GnuPG-bug-id: 4047
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/main.h: Add prototype.
* g10/keylist.c (list_keyblock_print): Print revocation info.
(list_keyblock_colon): Ditto.
* g10/test-stubs.c (get_revocation_reason): New stub.
* g10/gpgv.c (get_revocation_reason): New stub.
--
GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/import.c (get_revocation_reason): New.
(list_standalone_revocation): Extend function.
--
Note that this function extends the "rvs" field signature-class (field
11) with the revocation reason. GPGME does not yet parse this but it
can be expected that the comma delimiter does not break other parsers.
A new field is added to the "rvs" (and in future also the "rev")
record to carry a record specific comment. Hopefully all parsers
meanwhile learned the lesson from other new fields and don't bail out
on more fields than they know about.
This is partial solution to
GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/import.c (list_standalone_revocation): New.
(import_revoke_cert): Call new function.
--
GnuPG-bug-id: 4018
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New.
* tools/watchgnupg.c (print_version): USe this macro.
* common/init.c (_init_common_subsystems): Register argparse
functions.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns
fingerprint in binary, change it to hex string.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/import.c (import_revoke_cert): Add arg 'options'. Take care of
IMPORT_DRY_RUN.
--
GnuPG-bug-id: 4017
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/card-util.c (fetch_url): Release INFO.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/import.c (impex_filter_getval): Add new "usage" property for
drop-subkey filter.
--
For example, this permits extraction of only encryption-capable
subkeys like so:
gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR
GnuPG-Bug-id: 4019
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* g10/skclist.c (enum_secret_keys): Add logic to prefer
decryption keys on cards.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/getkey.c (enum_secret_keys): Move to...
* g10/skclist.c (enum_secret_keys): ... here.
--
The function enum_secret_keys is not used by gpgv.c, but it is in
getkey.c. Extending enum_secret_keys will require change of gpgv.c,
so moving the function to the file for gpg is better.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/gpg.c (main): Set some list options.
--
The new command --show-keys is commonly used to check the content of a
file with keys. In this case it can be expected that all included
subkeys and uids are of interested, even when they are already expired
or have been revoked.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/getkey.c (enum_secret_keys): Fix comment for usage of
enum_secret_keys, following the previous change.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/getkey.c (enum_secret_keys): Collecting keys in the context,
check duplicate to make sure returning only unique keys.
* g10/pubkey-enc.c (get_session_key): Now, it's the responsibility of
enum_secret_keys to free keys.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--
This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic. The mention CVE is about using this to inject
status-fd lines into the stderr output. Other harm good as well be
done. Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.
CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012
|
|
* g10/packet.h (struct pubkey_enc_list): New.
* g10/gpgv.c (get_session_key): Supply struct pubkey_enc_list.
* g10/test-stubs.c (get_session_key): Likewise.
* g10/mainproc.c (struct kidlist_item): Remove.
(release_list): Use struct pubkey_enc_list.
(proc_pubkey_enc, print_pkenc_list): Likewise.
(proc_encrypted): Don't loop for pkenc_list, but just supply the list
to get_session_key.
* g10/pubkey-enc.c (get_session_key): Loop for secret key available,
and check pkenc_list for each secret key.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/mainproc.c (struct kidlist_item): Remove REASON. Add DATA.
(release_list): Release DATA.
(proc_pubkey_enc): Don't get DEK here.
(print_pkenc_list): Don't output failure reason here.
(proc_encrypted): Get DEK here, and output failure reason.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
(remove_duplicate_sigs): new.
(key_check_all_keysigs): Call remove_duplicate_sigs again after
reordering.
--
This is a follupup for commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba
to cleanup the code and to add a second de-duplicate step when needed.
GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/packet.h (PKG_siganture): Add field 'help_counter'.
* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
(key_check_all_keysigs): De-duplicate on a per-block base.
--
The key_check_all_keysigs first does a detection of duplicate
signature. This is done over all signatures at once. The problem
here is for example:
key
uid_1
sig_uid_1.1
sig_uid_1.2
subkey_1
sig_sub_1.1
subkey_2
sig_sub_2.1
sig_sub_2.2 (duplicate of sig_sub_1.1)
Now the de-duplication deletes the first signature and keeps the
second. That works in most cases for foreign signature on userids but
in the above constellation the code simply removes sig_sub_1.1 so that
subkey_1 has no binding signature anymore. In a later step during
import the missing binding is detected and subkey_1 is removed because
it is not anymore valid. The sig_sub_2.2 will also be removed later
because it does not check out for subkey_2 (that is as expected).
The fix is to let the de-duplication work only on blocks (ie. within
the signatures of a user id or a subkey). This will not detect all
duplicates but that does not harm because later steps will detect and
remove them.
In the above case (with this patch applied) the second phase of
key_check_all_keysigs will reorder key signatures and move the
duplicate sig_sub_2.2 directly after sig_sub_1.1. This duplicates the
signature and for cleanness we should kick the de-duplication process
again. This will be done with a followup patch.
GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
keyid.
(delete_inv_parts): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--
Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line. We fail only later to get more information. Callers
need to check and act upon the decryption error code anyway.
Thanks to Marcus for pointing out this case.
GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--
Using
--import --import-options show-only
to look at a key is too cumbersome. Provide this shortcut and also
remove some diagnostic cruft in this case.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/mainproc.c (proc_pubkey_enc): Remove a comment.
--
GnuPG always uses the OpenPGP algo number in its status report.
We can find a function in GPGME, it's _gpgme_map_pk_algo.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
MDC. Also print a dedicated status error code
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c (oAllowMultisigVerification)
(oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
(opts): Turn --allow-multisig-verification, --allow-multiple-messages
and --no-allow-multiple-messages into NOPs
* g10/options.h (struct opt): Remove flags.allow_multiple_messages.
* g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
false.
--
These options are very old compatibility hacks and should not be used
anymore. We keep them as dummy options in case someone has them in
the conf file.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
--
GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c: Make --pgp6 an alias for --pgp7.
* common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
* g10/options.h (PGP6): Remove. Adjust all users.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
(use_aead): Ignore MDC options. Print warning for missing MDC feature
flags.
* g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
(warn_missing_aead_from_pklist): this and adjust.
--
The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/getkey.c (fixup_uidnode): Use bitmask 0x02.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--
Users should not be allowed to suppress the warning that they are
shooting into their foot.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/compress.c (push_compress_filter2): Return an error if no filter
was pushed.
(push_compress_filter): Ditto.
(handle_compressed): Free CFX if no filter was pushed.
* g10/import.c (read_block): Ditto.
--
GnuPG-bug-id: 3898, 3930
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/card-util.c (current_card_status): Keygrip for Auth is 3.
--
Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/mainproc.c (check_sig_and_print): Free the public key.
--
GnuPG-bug-id: 3900
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/compress.c (handle_compressed): Fix memory leak.
--
All other calls of push_compress_filter checks ALGO,
so, do it here, too.
GnuPG-bug-id: 3898
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call
callers.
(get_user_id): Add arg R_NOUID. Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode. Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--
Scripts used to rely on the "User ID not found" string even in the
--with-colons listing. However, that is not a good idea because that
string is subject to translations etc. Now we have an explicit way of
telling that a key is missing. For example:
gpg --list-sigs --with-colons | \
awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'
Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW.
Use write_status_printf. Extend ERRSIG status.
--
Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature. This is also useful in error messages and thus we add it.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
return code and not on the presence of any call to log_error.
--
This fixes an actual regression in GPGME where FAILURE is considered
for example by a signature verify operation. The operation will simply
fail and not just record that that a signature could not be verified.
In particular for files with more than one signature a log_error if
often called to show that a pubkey is missing for one of the
signatures. Using that log_error is correct in that case.
Fixes-commit: 0336e5d1a7b9d46e06c838e6a98aecfcc9542882
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/keyedit.c (menu_changeusage): Make strings translatable.
--
GnuPG-bug-id: 3816
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/sig-check.c (check_signature_end_simple): Check key usage for
certifications.
(check_signature_over_key_or_uid): Request usage certification.
--
GnuPG-bug-id: 3844
Signed-off-by: Werner Koch <[email protected]>
|
