aboutsummaryrefslogtreecommitdiffstats
path: root/sm/encrypt.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg,sm: String changes for compliance diagnostics.Werner Koch2017-07-281-2/+1
| | | | Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: Allow encryption (with warning) to any key in de-vs mode.Werner Koch2017-07-271-8/+9
| | | | | | | | | * g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key. * sm/encrypt.c (gpgsm_encrypt): Ditto. -- GnuPG-bug-id: 3306 Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: Check compliance of the RNG.Werner Koch2017-07-171-0/+11
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_rng_is_compliant): New. * g10/call-agent.c (start_agent) [W32]: Check rng compliance. * sm/call-agent.c (start_agent) [W32]: Ditto. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * g10/sign.c (do_sign): Ditto. * sm/sign.c (gpgsm_sign): Ditto. -- Under Windows we need to check that the Jitter RNG is active in de-vs mode. Under Linux this is not necessary because /dev/random can be scrutinized and is believed to provide enough entropy. Signed-off-by: Werner Koch <[email protected]>
* gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.Werner Koch2017-06-231-2/+17
| | | | | | | | | | | | * common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New. * g10/encrypt.c (encrypt_crypt): Emit new status code. * sm/encrypt.c (gpgsm_encrypt): Ditto. -- This status code allows to report whether an encryption operation was compliant to de-vs. Signed-off-by: Werner Koch <[email protected]>
* indent,i18n: Make some new strings translatable. Wrap too long lines.Werner Koch2017-06-231-3/+3
| | | | --
* indent: Always use "_(" and not "_ (" to mark translatable strings.Werner Koch2017-06-191-2/+2
| | | | | | | | -- This makes greping much easier and we have done that since ever. Signed-off-by: Werner Koch <[email protected]>
* common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.Justus Winter2017-06-081-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* Remove -I option to common.NIIBE Yutaka2017-03-071-1/+1
| | | | | | | | | | | | | * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Rename remaining symbols in ksba-io-support.Werner Koch2017-02-161-3/+3
| | | | | | | | | | | | | | | | | | * common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ... (gnupg_ksba_reader_eof_seen): this. Change all callers. (gpgsm_destroy_reader): Rename to ... (gnupg_ksba_destroy_reader): this. Change all callers. (gpgsm_finish_writer): Rename to ... (gnupg_ksba_finish_writer): this. Change all callers. (gpgsm_destroy_writer): Rename to ... (gnupg_ksba_destroy_writer): this. Change all callers. * common/ksba-io-support.c (struct base64_context_s): Rename to ... (gnupg_ksba_io_s): this. * common/ksba-io-support.h (base64_context_s): Ditto. (Base64Context): Rename this typedef to ... (gnupg_ksba_io_t): this. Change all users. Signed-off-by: Werner Koch <[email protected]>
* common: Remove gpgsm dependencies from ksba-io-support.Werner Koch2017-02-161-1/+4
| | | | | | | | | | | | | | | | | * common/ksba-io-support.c: Include ksba-io-support.h instead of ../sm/gpgsm.h. Include util.h. (writer_cb_parm_s): Remove const from 'pem_name'. (gpgsm_destroy_writer): Free 'pem_name'. (gpgsm_create_reader): Rename to ... (gnupg_ksba_create_reader): this. Replace args CTRL and ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate FLAGS. Change all callers to pass the FLAGS. (gpgsm_create_writer): Rename to ... (gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS. Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change all callers to pass the FLAGS and PEM_NAME. Signed-off-by: Werner Koch <[email protected]>
* sm: Remove unused arg SECRET from keydb functions.Werner Koch2016-11-101-1/+1
| | | | | | | | * sm/keydb.c (struct resource_item): Remove field 'secret'. (keydb_add_resource): Remove arg 'secret' and change all callers. (keydb_new): Ditto. Signed-off-by: Werner Koch <[email protected]>
* Change all http://www.gnu.org in license notices to https://Werner Koch2016-11-051-1/+1
| | | | --
* sm: Handle gcry_pk_encrypt return value.NIIBE Yutaka2015-12-151-2/+5
| | | | | | | | | | * sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt. -- Thanks to Sami Farin. GnuPG-bug-id: 2154
* Fix typos spotted during translationsDavid Prévot2012-08-241-1/+1
| | | | | | | | | | | | | | | * agent/genkey.c: s/to to/to/ * sm/*.c: s/failed to allocated/failed to allocate/ * sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/ * g10/seskey.c: missing closing parenthesis * dirmngr/crlcache.c: s/may has/may have/ Consistency fix: * g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax * dirmngr/dirmngr_ldap: no period in Syntax * dirmngr/dirmngr-client.c: infinitive for option description: s/certificates are expected/expect certificates/
* Change all quotes in strings and comments to the new GNU standard.Werner Koch2012-06-051-3/+3
| | | | | | | | | | | | | | | | | | | The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-22/+22
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* s/AES/AES128/ in diagnostics and --list-configWerner Koch2010-12-021-1/+1
|
* Remove superfluous parameter.Werner Koch2010-11-261-1/+1
| | | | | Make self-check interval larger
* Replace use stdio by estream functions.Werner Koch2010-03-081-12/+16
|
* Fix for bug#1066.Werner Koch2009-06-021-15/+3
| | | | | A couple of minor changes.
* Code cleanup.Werner Koch2008-06-231-14/+12
|
* Support DSA2.Werner Koch2007-12-121-2/+18
| | | | | | Support Camellia for testing. More audit stuff.
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* Allow export to work on systems without funopen/fopencookie.Werner Koch2007-03-191-1/+1
|
* Add new SVN only file README.maintWerner Koch2007-02-261-2/+2
| | | | | | | | | | | | | | | | doc/ * gpg.texi (GPG Configuration): Document envvar LANGUAGE. (GPG Configuration Options): Document show-primary-uid-only. g10/ * gpg.c (main): Add verify option show-primary-uid-only. * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New. * mainproc.c (check_sig_and_print): Implement it. * encr-data.c (decrypt_data): Correctly test for unknown algorithm. * import.c (check_prefs): Ditto. * keyedit.c (show_prefs): Ditto. * mainproc.c (proc_symkey_enc): Ditto.
* 2006-12-21 Marcus Brinkmann <[email protected]>Marcus Brinkmann2006-12-211-0/+1
| | | | | * encrypt.c (encrypt_dek): Release S_CIPH.
* The big Assuan error code removal.Werner Koch2006-09-061-5/+5
|
* Updated FSF's address.Werner Koch2006-06-201-1/+2
|
* gcc-4 defaults forced me to edit many many files to get rid of theWerner Koch2005-06-161-6/+6
| | | | | | | char * vs. unsigned char * warnings. The GNU coding standards used to say that these mismatches are okay and better than a bunch of casts. Obviously this has changed now.
* * configure.ac: Require libksba 0.9.7.Werner Koch2004-06-061-2/+2
| | | | | | | | | | | | | | | | * certreqgen.c (get_parameter_uint, create_request): Create an extension for key usage when requested. * gpgsm.c (main): Install emergency_cleanup also as an atexit handler. * verify.c (gpgsm_verify): Removed the separate error code handling for KSBA. We use shared error codes anyway. * export.c (export_p12): Removed debugging code. * encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
* * encrypt.c (init_dek): Check for too weak algorithms.Werner Koch2004-02-131-2/+17
| | | | | | | | | | | | * import.c (parse_p12, popen_protect_tool): New. * base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM. Changed all callers. (base64_reader_cb): Handle it here. (gpgsm_reader_eof_seen): New. (base64_reader_cb): Set a flag for EOF. (simple_reader_cb): Ditto.
* * server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.Werner Koch2003-12-171-3/+9
| | | | | | | | | | | | | | | (cmd_encrypt): Add all enrypt-to marked certs to the list. * encrypt.c (gpgsm_encrypt): Check that real recipients are available. * gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to options work. Pass the list of recients to gpgsm_server. * gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO. (opt): Add NO_ENCRYPT_TO. * certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO. Changed all callers and ignore duplicate entries. (is_cert_in_certlist): New. (gpgsm_add_cert_to_certlist): New.
* Replaced deprecated type names.Werner Koch2003-12-171-7/+7
| | | | | | | | * certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul. (gpgsm_dump_serial): Ditto. * decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
* * encrypt.c (init_dek): Use gry_create_nonce for the IV; there isWerner Koch2003-12-161-2/+2
| | | | | | not need for real strong random here and it even better protect the random bits used for the key.
* Mainly changes to adjust for the changed KSBA API.Werner Koch2003-11-121-21/+19
|
* 2003-08-20 Marcus Brinkmann <[email protected]>Marcus Brinkmann2003-08-201-2/+3
| | | | | | | * encrypt.c (encode_session_key): Allocate enough space. Cast key byte to unsigned char to prevent sign extension. (encrypt_dek): Check return value before error.
* 2003-08-14 Timo Schulz <[email protected]>Timo Schulz2003-08-141-78/+19
| | | | | * encrypt.c (encode_session_key): Use new Libgcrypt interface.
* This commit was manufactured by cvs2svn to create branchRepo Admin2003-08-051-0/+550
| | | | 'GNUPG-1-9-BRANCH'.
* This commit was manufactured by cvs2svn to create branchRepo Admin2002-10-191-549/+0
| | | | 'GNUPG-1-9-BRANCH'.
* * verify.c (gpgsm_verify): Detect certs-only message.Werner Koch2002-03-121-20/+9
|
* * gpgsm.c, gpgsm.h: Add local_user.Werner Koch2002-03-051-41/+2
| | | | | | | | | | | * sign.c (gpgsm_get_default_cert): New. (get_default_signer): Use the new function if local_user is not set otherwise used that value. * encrypt.c (get_default_recipient): Removed. (gpgsm_encrypt): Use gpgsm_get_default_cert. * verify.c (gpgsm_verify): Better error text for a bad signature found by comparing the hashs.
* * certlist.c (gpgsm_add_to_certlist): Check that the specifiedWerner Koch2002-02-071-3/+2
| | | | | | | | | | | | | | | | name identifies a certificate unambiguously. (gpgsm_find_cert): Ditto. * server.c (cmd_listkeys): Check that the data stream is available. (cmd_listsecretkeys): Ditto. (has_option): New. (cmd_sign): Fix ambiguousity in option recognition. * gpgsm.c (main): Enable --logger-fd. * encrypt.c (gpgsm_encrypt): Increased buffer size for better performance. * call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from the agent. * keylist.c (list_cert_colon): Filter out control characters.
* * base64.c (gpgsm_create_writer): Allow to set the object nameWerner Koch2002-01-101-0/+1
| | | | | | | | * server.c (cmd_genkey): New. * certreqgen.c: New. The parameter handling code has been taken from gnupg/g10/keygen.c version 1.0.6. * call-agent.c (gpgsm_agent_genkey): New.
* Changes to be used with the new libksba interface.Werner Koch2001-12-181-2/+8
| | | | | libgcrypt-1.1.5 is required (cvs or tarball)
* * decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*.Werner Koch2001-12-151-0/+2
| | | | | * sign.c (gpgsm_sign): Write a STATUS_SIG_CREATED.
* Fixed test keyWerner Koch2001-12-141-1/+1
|
* Fixed test keyWerner Koch2001-12-141-1/+1
|
* Implemented encryption in server mode.Werner Koch2001-12-111-29/+40
| | | | | | Allow to specify a recipient on the commandline There is still a default hardwired recipient if none has been set.
* --encrypt does now work for a hardwired key.Werner Koch2001-12-101-103/+421
|
* --armor does now produce PEM format.Werner Koch2001-11-271-1/+7
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 13:24:30 +0000