From 3ff9a743bf6faeb99e8ee6113fe54af4f34cc288 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 21 Apr 2005 09:33:07 +0000 Subject: [PATCH] * configure.ac: Do not build gpg by default. * gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check. * certchain.c (gpgsm_validate_chain): Make use of it. * certchain.c (gpgsm_validate_chain): Check revocations even for expired certificates. This is required because on signature verification an expired key is fine whereas a revoked one is not. * gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check. --- ChangeLog | 9 +++++++++ README | 5 +++-- TODO | 29 ++++++++--------------------- configure.ac | 11 ++++++++++- doc/gpgsm.texi | 12 ++++++++++++ scd/ChangeLog | 4 ++++ scd/ccid-driver.c | 2 +- scd/command.c | 26 +++++++++++++------------- sm/ChangeLog | 3 +++ sm/certchain.c | 10 ++++++---- sm/gpgsm.c | 12 ++++++++++++ sm/gpgsm.h | 1 + tools/ChangeLog | 8 ++++++++ tools/gpgconf-comp.c | 6 ++++++ tools/symcryptrun.c | 2 +- 15 files changed, 97 insertions(+), 43 deletions(-) diff --git a/ChangeLog b/ChangeLog index 013241648..cfe0f863b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2005-04-21 Werner Koch + + * configure.ac: Do not build gpg by default. + +2005-04-20 Werner Koch + + * configure.ac: Test whether GPG_ERR_LOCKED is declared and + provide a replacement if not. + 2005-04-15 Werner Koch * configure.ac: Require libksba 0.9.11. diff --git a/README b/README index 7e44765a6..7bb83f1f2 100644 --- a/README +++ b/README @@ -11,7 +11,8 @@ available in 1.9. You should use this GnuPG version if you want to use the gpg-agent or gpgsm (the S/MIME variant of gpg). Note that the gpg-agent is also -helpful when using the standard gpg versions (1.2.x or 1.3.x). +helpful when using the standard gpg versions (1.3.x as well as some of +the old 1.2.x). BUILD INSTRUCTIONS @@ -51,7 +52,7 @@ If everything succeeds, you have a working GnuPG with support for S/MIME and smartcards. Note that there is no binary gpg but a gpg2 so that this package won't confict with a GnuPG 1.2 or 1.3 installation. gpg2 behaves just like gpg; it is however suggested to -keep using gpg 1.2.x or 1.3.x. +keep using gpg 1.2.x or 1.3.x. gpg2 is not even build by default. In case of problem please ask on gpa-dev@gnupg.org for advise. Note that this release is only expected to build on GNU and *BSD systems. diff --git a/TODO b/TODO index 26b2cee60..6a0e9b18e 100644 --- a/TODO +++ b/TODO @@ -1,10 +1,5 @@ -*- outline -*- -* IMPORTANT -Check that openpty and pty.h are available and build symcryptrun only -then. Run shred on the temporary files. - - * src/base64 ** Make parsing more robust Currently we don't cope with overlong lines in the best way. @@ -23,14 +18,7 @@ might want to have an agent context for each service request * sm/certchain.c ** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent. -** figure out how to auto retrieve a key by serialno+issuer. - Dirmngr is currently not able to parse more than the CN. -* sm/certlist.c -** ocspSigning usage is not fully implemented - We should review the entire CRL and OCSP validation system. - Okay. This has been fixed in dirmngr when running it in system - daemon mode. * sm/decrypt.c ** replace leading zero in integer hack by a cleaner solution @@ -58,8 +46,6 @@ might want to have an agent context for each service request ** A SIGHUP should also restart the scdaemon But do this only after all connections terminated. As of now we only send a RESET. -** Watch the child process if not invoked as a daemon - and terminate after the child has terminated * agent/command.c ** Make sure that secure memory is used where appropriate @@ -69,7 +55,8 @@ might want to have an agent context for each service request ** Support DSA * agent/divert-scd.c - Remove the agent_reset_scd kludge. + Remove the agent_reset_scd kludge. We will do this after Scdaemon + has been changed to allow multiple sessions. Currently in progress. * Move pkcs-1 encoding into libgcrypt. @@ -93,11 +80,7 @@ might want to have an agent context for each service request ** Explain how to setup a root CA key as trusted ** Explain how trustlist.txt might be managed. ** Write a script to generate man pages from texi. - -* Requirements by the BSI -** Support authorityKeyIdentifier.keyIdentifier - This needs support in libksba/src/cert.c as well as in sm/*.c. - Need test certs as well. Same goes for CRL authorityKeyIdentifier. + In progress (yatm) * Windows port @@ -108,5 +91,9 @@ might want to have an agent context for each service request ** No card status notifications. -* [scdaemon] release the card after use so that gpg 1.4 is abale to access it +* scd/ +** Release the card after use so that gpg 1.4 is able to access it + This won't be a sufficient change. we need to change gpg 1.4 to make + use of the agent. Work is underway. + diff --git a/configure.ac b/configure.ac index d0ffa8ca4..8654785ee 100644 --- a/configure.ac +++ b/configure.ac @@ -62,7 +62,7 @@ have_ksba=no have_opensc=no have_pth=no -GNUPG_BUILD_PROGRAM(gpg, yes) +GNUPG_BUILD_PROGRAM(gpg, no) GNUPG_BUILD_PROGRAM(gpgsm, yes) GNUPG_BUILD_PROGRAM(agent, yes) GNUPG_BUILD_PROGRAM(scdaemon, yes) @@ -313,6 +313,11 @@ AH_BOTTOM([ #define EXEC_TEMPFILE_ONLY #endif +/* Temporary hacks to avoid requring a libgpg-error update. */ +#if !HAVE_DECL_GPG_ERR_LOCKED +#define GPG_ERR_LOCKED 173 +#endif + ]) AM_MAINTAINER_MODE @@ -437,6 +442,10 @@ AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) # AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION", have_gpg_error=yes,have_gpg_error=no) +_tmp_gpg_error_save_cflags="$CFLAGS" +CFLAGS="$CFLAGS $GPG_ERROR_CFLAGS" +AC_CHECK_DECLS(GPG_ERR_LOCKED,,,[#include ]) +CFLAGS="${_tmp_gpg_error_save_cflags}" # diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index df2f71bce..ba98ae87c 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -315,6 +315,18 @@ By default the @acronym{CRL} checks are enabled and the DirMngr is used to check for revoked certificates. The disable option is most useful with an off-line network connection to suppress this check. +@item --enable-trusted-cert-crl-check +@itemx --disable-trusted-cert-crl-check +@opindex enable-trusted-cert-crl-check +@opindex disable-trusted-cert-crl-check +By default the @acronym{CRL} for trusted root certificates are checked +like for any other certificates. This allows a CA to revoke its own +certificates voluntary without the need of putting all ever issued +certificates into a CRL. The disable option may be used to switch this +extra check off. Due to the caching done by the Dirmngr, there won't be +any noticeable performance gain. Note, that this also disables possible +OCSP checks for trusted root certificates. + @item --force-crl-refresh @opindex force-crl-refresh Tell the dirmngr to reload the CRL for each request. For better diff --git a/scd/ChangeLog b/scd/ChangeLog index 9d246ffca..c5a1062b8 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,7 @@ +2005-04-20 Werner Koch + + * command.c: Use GPG_ERR_LOCKED instead of EBUSY. + 2005-04-14 Werner Koch * app-openpgp.c (retrieve_key_material): Rewritten. Return a diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 13e11e4bc..e9666ee17 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1274,7 +1274,7 @@ ccid_poll (ccid_driver_t handle) } -/* Note that this fucntion won't return the error codes NO_CARD or +/* Note that this function won't return the error codes NO_CARD or CARD_INACTIVE */ int ccid_slot_status (ccid_driver_t handle, int *statusbits) diff --git a/scd/command.c b/scd/command.c index 9881b1be0..7d777d8b7 100644 --- a/scd/command.c +++ b/scd/command.c @@ -263,7 +263,7 @@ open_card (ctrl_t ctrl, const char *apptype) return 0; /* Already initialized using a card context. */ if ( IS_LOCKED (ctrl) ) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); if (ctrl->reader_slot != -1) slot = ctrl->reader_slot; @@ -360,7 +360,7 @@ cmd_serialno (assuan_context_t ctx, char *line) if (ctrl->server_local->card_removed) { if ( IS_LOCKED (ctrl) ) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); do_reset (ctrl, 0); } @@ -745,7 +745,7 @@ cmd_setdata (assuan_context_t ctx, char *line) unsigned char *buf; if (locked_session && locked_session != ctrl->server_local) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); /* Parse the hexstring. */ for (p=line,n=0; hexdigitp (p); p++, n++) @@ -817,7 +817,7 @@ cmd_pksign (assuan_context_t ctx, char *line) char *keyidstr; if ( IS_LOCKED (ctrl) ) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; @@ -871,7 +871,7 @@ cmd_pkauth (assuan_context_t ctx, char *line) char *keyidstr; if ( IS_LOCKED (ctrl) ) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; @@ -921,7 +921,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line) char *keyidstr; if ( IS_LOCKED (ctrl) ) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; @@ -1021,7 +1021,7 @@ cmd_setattr (assuan_context_t ctx, char *orig_line) char *line, *linebuf; if ( IS_LOCKED (ctrl) ) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; @@ -1076,7 +1076,7 @@ cmd_genkey (assuan_context_t ctx, char *line) int force = has_option (line, "--force"); if ( IS_LOCKED (ctrl) ) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); /* Skip over options. */ while ( *line == '-' && line[1] == '-' ) @@ -1165,7 +1165,7 @@ cmd_passwd (assuan_context_t ctx, char *line) int reset_mode = has_option (line, "--reset"); if ( IS_LOCKED (ctrl) ) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); /* Skip over options. */ while (*line == '-' && line[1] == '-') @@ -1212,7 +1212,7 @@ cmd_checkpin (assuan_context_t ctx, char *line) char *keyidstr; if ( IS_LOCKED (ctrl) ) - return gpg_error (GPG_ERR_EBUSY); + return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; @@ -1244,7 +1244,7 @@ cmd_checkpin (assuan_context_t ctx, char *line) Grant exclusive card access to this session. Note that there is no lock counter used and a second lock from the same session will get ignore. A single unlock (or RESET) unlocks the session. - Return GPG_ERR_EBUSY if another session has locked the reader. + Return GPG_ERR_LOCKED if another session has locked the reader. If the option --wait is given the command will wait until a lock has been released. @@ -1259,7 +1259,7 @@ cmd_lock (assuan_context_t ctx, char *line) if (locked_session) { if (locked_session != ctrl->server_local) - rc = gpg_error (GPG_ERR_EBUSY); + rc = gpg_error (GPG_ERR_LOCKED); } else locked_session = ctrl->server_local; @@ -1293,7 +1293,7 @@ cmd_unlock (assuan_context_t ctx, char *line) if (locked_session) { if (locked_session != ctrl->server_local) - rc = gpg_error (GPG_ERR_EBUSY); + rc = gpg_error (GPG_ERR_LOCKED); else locked_session = NULL; } diff --git a/sm/ChangeLog b/sm/ChangeLog index b209b9d4b..aa8e8671f 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,5 +1,8 @@ 2005-04-21 Werner Koch + * gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check. + * certchain.c (gpgsm_validate_chain): Make use of it. + * certchain.c (gpgsm_validate_chain): Check revocations even for expired certificates. This is required because on signature verification an expired key is fine whereas a revoked one is not. diff --git a/sm/certchain.c b/sm/certchain.c index 2e491f590..02e5b409f 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -752,13 +752,13 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, } - /* Is this a self-signed certificate? */ + /* Is this a self-issued certificate? */ if (subject && !strcmp (issuer, subject)) { /* Yes. */ if (gpgsm_check_cert_sig (subject_cert, subject_cert) ) { do_list (1, lm, fp, - _("selfsigned certificate has a BAD signature")); + _("self-signed certificate has a BAD signature")); if (DBG_X509) { gpgsm_dump_cert ("self-signing cert", subject_cert); @@ -816,7 +816,9 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, /* Check for revocations etc. */ if ((flags & 1)) - rc = 0; + ; + else if (opt.no_trusted_cert_crl_check) + ; else rc = is_cert_still_valid (ctrl, lm, fp, subject_cert, subject_cert, @@ -1045,7 +1047,7 @@ gpgsm_basic_cert_check (ksba_cert_t cert) rc = gpgsm_check_cert_sig (cert, cert); if (rc) { - log_error ("selfsigned certificate has a BAD signature: %s\n", + log_error ("self-signed certificate has a BAD signature: %s\n", gpg_strerror (rc)); if (DBG_X509) { diff --git a/sm/gpgsm.c b/sm/gpgsm.c index dae547702..fb6533030 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -130,6 +130,8 @@ enum cmd_and_opt_values { oDisableCRLChecks, oEnableCRLChecks, + oDisableTrustedCertCRLCheck, + oEnableTrustedCertCRLCheck, oForceCRLRefresh, oDisableOCSP, @@ -285,6 +287,8 @@ static ARGPARSE_OPTS opts[] = { N_("use system's dirmngr if available")}, { oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")}, { oEnableCRLChecks, "enable-crl-checks", 0, "@"}, + { oDisableTrustedCertCRLCheck, "disable-trusted-cert-crl-check", 0, "@"}, + { oEnableTrustedCertCRLCheck, "enable-trusted-cert-crl-check", 0, "@"}, { oForceCRLRefresh, "force-crl-refresh", 0, "@"}, { oDisableOCSP, "disable-ocsp", 0, "@" }, @@ -973,6 +977,12 @@ main ( int argc, char **argv) case oEnableCRLChecks: opt.no_crl_check = 0; break; + case oDisableTrustedCertCRLCheck: + opt.no_trusted_cert_crl_check = 1; + break; + case oEnableTrustedCertCRLCheck: + opt.no_trusted_cert_crl_check = 0; + break; case oForceCRLRefresh: opt.force_crl_refresh = 1; break; @@ -1352,6 +1362,8 @@ main ( int argc, char **argv) GC_OPT_FLAG_NONE ); printf ("disable-crl-checks:%lu:\n", GC_OPT_FLAG_NONE ); + printf ("disable-trusted-cert-crl-check:%lu:\n", + GC_OPT_FLAG_NONE ); printf ("enable-ocsp:%lu:\n", GC_OPT_FLAG_NONE ); printf ("include-certs:%lu:1:\n", diff --git a/sm/gpgsm.h b/sm/gpgsm.h index aafc4815d..1068e9d5e 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -97,6 +97,7 @@ struct { int ignore_time_conflict; /* Ignore certain time conflicts */ int no_crl_check; /* Don't do a CRL check */ + int no_trusted_cert_crl_check; /* Don't run a CRL check for trusted certs. */ int force_crl_refresh; /* Force refreshing the CRL. */ int enable_ocsp; /* Default to use OCSP checks. */ diff --git a/tools/ChangeLog b/tools/ChangeLog index 7fd4c2899..b5a104ce6 100644 --- a/tools/ChangeLog +++ b/tools/ChangeLog @@ -1,3 +1,11 @@ +2005-04-21 Werner Koch + + * gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check. + +2005-04-20 Werner Koch + + * gpgconf-comp.c: Add gpg-agent:disable-scdaemon. + 2005-04-19 Marcus Brinkmann * symcryptrun.c: Add --input option. diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 5e6777e1f..c49d1dcbb 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -449,6 +449,9 @@ static gc_option_t gc_options_gpg_agent[] = { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT, "gnupg", "|FILE|read options from FILE", GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPG_AGENT }, + { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, + "gnupg", "do not use the SCdaemon", + GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, { "Debug", GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, @@ -651,6 +654,9 @@ static gc_option_t gc_options_gpgsm[] = { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, "gnupg", "never consult a CRL", GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM }, + { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT, + "gnupg", N_("do not check CRLs for root certificates"), + GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM }, { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, "gnupg", "check validity using OCSP", GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM }, diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c index 8637987f8..f5fd496b8 100644 --- a/tools/symcryptrun.c +++ b/tools/symcryptrun.c @@ -124,7 +124,7 @@ enum cmd_and_opt_values oKeyfile, oDecrypt, oEncrypt, - oInput, + oInput };