summaryrefslogtreecommitdiffstats
path: root/g10/encrypt.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-08-28Release 2.2.0gnupg-2.2.0Werner Koch4-32/+68
2017-08-28po: Auto updateWerner Koch2-3/+5
--
2017-08-27scd: Convey the correct length for LeWerner Koch1-2/+2
* scd/app-openpgp.c (determine_rsa_response): Round bits up. -- Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr> Arnaud wrote: Actually, when the incorrect expected response length (i.e. Le field) is transmitted to the card, the card's answer is missing a byte (i.e. ... 6101) so an additional command has to be sent to the card to retrieve the last byte. Using the correct length avoids to send the additional command to retrieve the missing byte, when the computed length is wrong. Note that an value of 65537 for E is pretty standard and thus we can avoid the 6101 return code inmost cases. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24gpg: Fix memory leak while running --check-trustdb.Werner Koch1-0/+3
* g10/trustdb.c (update_min_ownertrust): Free PK. -- This bug was revealed by the new trust-pgp-2.scm test. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24gpg: Fix memory leak in sig-check.Werner Koch1-2/+5
* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless condition. Actually free when SIGNER was allocated by us. -- SIGNER_ALLOCATED never received a value of -1 but that was tested. IF SIGNER_ALLOCATED was 2 the memory was never freed: if (signer_allocated == 1) if (signer_allocated == 2) free() Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec This function needs to be audited more thoroughly. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24indent: Change comment style on two functionsWerner Koch1-63/+71
-- This is to make those function better readable. if (foo) /* Comment */ { } is bad style because it requires extra time to notice the begin of the block and vice versa when noticing the block it is not clear whether this is an conditioned or unconditioned block. Having asterisks on the left is better for view impaired people and for b/w printouts. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24build: Remove obsolete option from autogen.rcWerner Koch1-2/+2
* autogen.rc: Remove --enable-gpg2-is-gpg. -- This option is now the default. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".Werner Koch2-8/+9
* g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve". (main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE. * tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible. Make "auto-key-retrieve" an expert option. -- This basically reverts 9bb13a0e819334681caca38c9074bd7bfc04e45e because --no-auto-key-retrieve is again the default. Note that we allow both options for the sake of profiles. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23tests: Do not run trust-pgp-4.scmWerner Koch1-2/+5
* tests/openpgp/Makefile.am (XTESTS): Remove test. (EXTRA_DIST): Add test file. -- There are two problems with this test: First a syntax error in the file name so that the test was not used at all. Second the test currently returns FAIL. Fixes-commit: c23a69970ba38edae9d3b2603825d18fbb732423 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23build: Change SWDB tag "gnupg21" to "gnupg22".Werner Koch4-4/+8
* configure.ac (GNUPG_SWDB_TAG): New ac_define. Set it to "gnupg22". * tools/gpgconf.c (query_swdb): Use it. * build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22". * Makefile.am (distcheck-hook): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23po: Update Norwegian translationÅka Sikrom1-1336/+240
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-23agent: Fix string translation for WindowsAndre Heinecke1-1/+1
* agent/agent.h (L_): Define agent_Lunderscore when simple gettext is used. -- This fixes a regression introduced by b3286af3 ENABLE_NLS is not defined if we use simple gettext and not gettext. GnuPG-Bug-Id: T3364 Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-08-22po: Update Japanese translationNIIBE Yutaka1-18/+16
2017-08-21tests: Add tests for the PGP trust model.Damien Goutte-Gattat17-2/+630
* tests/openpgp/trust-pgp-1.scm: New file. * tests/openpgp/trust-pgp-2.scm: New file. * tests/openpgp/trust-pgp-3.scm: New file. * tests/openpgp/trust-pgp-4.scm: New file. * tests/openpgp/trust-pgp/common.scm: New file. * tests/openpgp/trust-pgp/scenario1.asc: New file. * tests/openpgp/trust-pgp/scenario2.asc: New file. * tests/openpgp/trust-pgp/scenario3.asc: New file. * tests/openpgp/trust-pgp/scenario4.asc: New file. * tests/openpgp/trust-pgp/alice.sec.asc: New file. * tests/openpgp/trust-pgp/bobby.sec.asc: New file. * tests/openpgp/trust-pgp/carol.sec.asc: New file. * tests/openpgp/trust-pgp/david.sec.asc: New file. * tests/openpgp/trust-pgp/frank.sec.asc: New file. * tests/openpgp/trust-pgp/grace.sec.asc: New file. * tests/openpgp/trust-pgp/heidi.sec.asc: New file. * tests/openpgp/Makefile.am (XTESTS): Add new tests. (TEST_FILES): Add new files. (EXTRA_DIST): Add new common file. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-08-21tests: Move some functions into a common module.Damien Goutte-Gattat2-24/+24
* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm module. (checktrust): Likewise. * tests/openpgp/defs.scm (gettrust): New function. (checktrust): Likewise. -- These functions will be re-used by the tests for the PGP trust model. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-08-21gpgconf: Make WoT settings configurable by gpgconf.Damien Goutte-Gattat2-0/+15
* tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth, completes-needed, and marginals-needed options. * g10/gpg.c (gpgconf_list): Likewise. -- Some tests to come for the PGP trust model will need to manipulate these parameters. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-08-21gpgscm: Fix -Wimplicit-fallthrough warnings.Justus Winter1-2/+12
* tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement is at the front. (Eval_Cycle): Improve fallthrough annotations. Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-11gpg: default to --no-auto-key-retrieve.Daniel Kahn Gillmor2-3/+2
* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the default keyserver options. * doc/gpg.texi: document this change. -- This is a partial reversion of 7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it earlier today, and came to the conclusion that: * the risk of metadata leakage represented by a default --auto-key-retrieve, both in e-mail (as a "web bug") and in other contexts where GnuPG is used to verified signatures, is quite high. * the advantages of --auto-key-retrieve (in terms of signature verification) can sometimes be achieved in other ways, such as when a signed message includes a copy of its own key. * when those other ways are not useful, a graphical, user-facing application can still offer the user the opportunity to choose to fetch the key; or it can apply its own policy about when to set --auto-key-retrieve, without needing to affect the defaults. Note that --auto-key-retrieve is specifically about signature verification. Decisions about how and whether to look up a key during message encryption are governed by --auto-key-locate. This change does not touch the --auto-key-locate default of "local,wkd". The user deliberately asking gpg to encrypt to an e-mail address is a different scenario than having an incoming e-mail trigger a potentially unique network request. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-10po: Update Russian translationIneiev1-56/+37
-- There was a small merge conflict. I hope I did not mess it up. -wk
2017-08-10tests: Improve documentation.Justus Winter1-3/+40
* tests/openpgp/README: Add quickstart instructions, how to use shell.scm, remove no longer used MKDATA. Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-09g10: Write status error on error of --quick-revoke-uid.Marcus Brinkmann1-1/+4
* g10/keyedit.c (keyedit_quick_revuid): Write status error on error. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2963
2017-08-09Post release updatesgnupg-2.2-baseWerner Koch2-2/+6
--
2017-08-09Release 2.1.23gnupg-2.1.23Werner Koch1-1/+39
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-09po: Auto-updateWerner Koch26-176/+265
--
2017-08-09po: Update German translationWerner Koch1-13/+14
2017-08-08build: New configure option --enable-all-tests.Werner Koch5-3/+28
* configure.ac: New option --enable-all-tests. * tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*. * tests/openpgp/all-tests.scm (all-tests): Use that var instead of *maintainer-mode*. * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests. -- It is better to have a separate option to run all tests than to put this on top of --enable-maintainer-mode. This way we can also make sure to run all tests during "make distcheck". Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-08gpgscm: Make the test summary stand outWerner Koch1-0/+2
* tests/gpgscm/tests.scm (test-pool): Add delimiter lines. -- This is to make those summaries a bit more simlar to those from automake. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-08sm: Always print the keygrip in colon mode.Werner Koch2-11/+13
* sm/keylist.c (list_cert_colon): Always print the keygrip as described in the manual. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-08gpg: Add option '--disable-dirmngr'.Justus Winter5-0/+15
* doc/gpg.texi: Document new option. * g10/call-dirmngr.c (create_context): Fail if option is given. * g10/gpg.c (cmd_and_opt_values): New value. (opts): New option. (gpgconf_list): Add new option. (main): Handle new option. * g10/options.h (struct opt): New field 'disable_dirmngr'. * tools/gpgconf-comp.c (gc_options_gpg): New option. GnuPG-bug-id: 3334 Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-07systemd-user: Drop redundant After=*.socket.Daniel Kahn Gillmor2-2/+0
* doc/examples/systemd-user/*.service: Drop redundant After=*.socket directive. -- systemd.socket(5) says: Socket units will have a Before= dependency on the service which they trigger added implicitly. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07systemd-user: Drop RefuseManualStart=true.Daniel Kahn Gillmor2-4/+0
* doc/examples/systemd-user/*.service: drop RefuseManualStart=true -- These user services can be safely started manually as long as at least their primary sockets are available. They'll just start with nothing to do, which should be fine. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07tests: Do not run all tests unless in maintainer mode.Justus Winter3-15/+38
* configure.ac: Leak the maintainer mode flag into 'config.h'. * tests/gpgscm/ffi.c: Pass it into the scheme environment. * tests/openpgp/all-tests.scm: Only run tests against non-default configurations (keyring, extended-key-format) in maintainer mode. -- Werner is concerned that the tests do take up too much time and asked me to reduce the runtime of the tests for normal users. Signed-off-by: Justus Winter <justus@g10code.com>
2017-08-07Fix spelling.Daniel Kahn Gillmor1-1/+1
* doc/gpg.texi: s/occured/occurred/ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-07Simple typo fix.Daniel Kahn Gillmor1-1/+1
* agent/gpg-agent.c: Correct spelling in comment. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-08-05gpg: Install gpg by default under the name gpg.Werner Koch3-21/+18
* configure.ac: Remove option --enable-gpg2-is-gpg. Add option --enable-gpg-is-gpg2. * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove --enable-gpg2-is-gpg. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-05gpg: gpgconf needs to support the now default --auto-key-retrieve.Werner Koch1-0/+2
* tools/gpgconf-comp.c (gc_options_gpg): Re-add "auto-key_retrieve". -- Although this option is invisible, it might be in use by gpgconf profiles. We don't want to break them. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04gpg: Fix memory leak in parse_auto_key_locate.Werner Koch1-3/+4
* g10/getkey.c (parse_auto_key_locate): Fix freeing of OPTIONS. -- It was probably too late for me to hack. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04tests: Adjust tests for changed --auto-key-locate default.Werner Koch1-0/+2
* tests/openpgp/defs.scm (create-gpghome): Disable new defaults. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04gpg: Make --no-auto-key-retrieve gpgconf-igurable.Werner Koch2-2/+2
* g10/gpg.c (gpgconf_list): Print no-auto-key-retrieve instead of auto-key-retrieve. * tools/gpgconf-comp.c (gc_options_gpg): Replace auto-key-retrieve by no-auto-key-retrieve and chnage level from invisible to advanced. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.Werner Koch4-13/+32
* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04agent: Make --no-grab the default.Werner Koch3-9/+23
* agent/gpg-agent.c (oGrab): New const. (opts): New option --grab. Remove description for --no-grab. (parse_rereadable_options): Make --no-grab the default. (finalize_rereadable_options): Allow --grab to override --no-grab. (main) <gpgconflist>: Add "grab". * tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab". Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04gpg: Avoid double fingerprint printing with import-show.Werner Koch1-1/+2
* g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint options. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04gpg: New import option show-only.Werner Koch3-2/+9
* g10/options.h (IMPORT_DRY_RUN): New. * g10/import.c (parse_import_options): Add "show-only". (import_one): use that as alternative to opt.dry_run. -- This is just a convenience thing for --import-options import-show --dry-run Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-03wks: Allow gpg-wks-client --supported with just the domain nameWerner Koch1-1/+8
* tools/gpg-wks-client.c (command_supported): Hack for missing local part. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-02g10: Always save standard revocation certificate in file.Marcus Brinkmann1-0/+4
* g10/revoke.c (gen_standard_revocation): Set opt.outfile to NULL temporarily to create certificate in right place. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 3015
2017-08-01Revert "g10: Always save standard revocation certificate in file."Marcus Brinkmann7-18/+16
This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.
2017-08-01g10: Always save standard revocation certificate in file.Marcus Brinkmann7-16/+18
* g10/main.h (open_outfile): New parameter NO_OUTFILE. * g10/openfile.c (open_outfile): New parameter NO_OUTFILE. If given, never use opt.outfile. * g10/revoke.c (create_revocation): If FILENAME is true, also set NO_OUTFILE to true (for standard revocation certificates). * g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c, g10/sign.c: Adjust all other callers. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 3015
2017-08-01artwork: Add icons.Marcus Brinkmann29-0/+108
* artwork/icons/index.css: New file. * artwork/icons/index.html: New file. * artwork/icons/lock-12.png: New file. * artwork/icons/lock-128.png: New file. * artwork/icons/lock-16.png: New file. * artwork/icons/lock-24.png: New file. * artwork/icons/lock-256.png: New file. * artwork/icons/lock-32.png: New file. * artwork/icons/lock-48.png: New file. * artwork/icons/lock-64.png: New file. * artwork/icons/lock-wing-12.png: New file. * artwork/icons/lock-wing-128.png: New file. * artwork/icons/lock-wing-16.png: New file. * artwork/icons/lock-wing-24.png: New file. * artwork/icons/lock-wing-256.png: New file. * artwork/icons/lock-wing-32.png: New file. * artwork/icons/lock-wing-48.png: New file. * artwork/icons/lock-wing-64.png: New file. * artwork/icons/lock-wing.svg: New file. * artwork/icons/lock.svg: New file. * artwork/icons/wing-12.png: New file. * artwork/icons/wing-128.png: New file. * artwork/icons/wing-16.png: New file. * artwork/icons/wing-24.png: New file. * artwork/icons/wing-256.png: New file. * artwork/icons/wing-32.png: New file. * artwork/icons/wing-48.png: New file. * artwork/icons/wing-64.png: New file. * artwork/icons/wing.svg: New file. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 3019
2017-08-01gpg,sm: Error out on compliance mismatch while decrypting.Werner Koch2-25/+36
* g10/pubkey-enc.c (get_session_key): Bail out if the algo is not allowed in the current compliance mode. * sm/decrypt.c (gpgsm_decrypt): Ditto. -- The idea here is that the owner of the key created a non-compliant key and later receives a mail encrypted to that key. The sender should have checked this key too but we can't guarantee that. By hard failing here the owner of the key will notice that he had created a non-compliant key and thus has a chance to generate a new compliant key. In case the compliant criteria changes and the owner wants to decrypt an old message he can still switch gpg to another compliant mode. Fixes-commit: a0d0cbee7654ad7582400efaa92d493cd8e669e9 GnuPG-bug-id: 3308 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-01indent: Wrap overlong lines in argparse.cWerner Koch1-5/+10
--