security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

Merge branch 'STABLE-BRANCH-2-2' into master

Browse source 
--
Resolved Conflicts:
	configure.ac - Adjust due to new log_clock otions
This commit is contained in:
Werner Koch 2017-10-27 13:56:15 +02:00
commit f6ab97fd96
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
15 changed files with 251 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

5
g10/import.c
View file

@ -1778,7 +1778,7 @@ import_one (ctrl_t ctrl,
merge_keys_done = 1;
/* Note that we do not want to show the validity because the key
* has not yet imported. */
list_keyblock_direct (ctrl, keyblock, 0, 0,
list_keyblock_direct (ctrl, keyblock, from_sk, 0,
opt.fingerprint || opt.with_fingerprint, 1);
es_fflush (es_stdout);
}
@ -2532,7 +2532,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
/* At least we cancel the secret key import when the public key
import was skipped due to MERGE_ONLY option and a new
key. */
if (stats->skipped_new_keys <= nr_prev)
if (!(opt.dry_run || (options & IMPORT_DRY_RUN))
&& stats->skipped_new_keys <= nr_prev)
{
/* Read the keyblock again to get the effects of a merge. */
/* Fixme: we should do this based on the fingerprint or

139
g10/key-check.c
View file

@ -32,6 +32,27 @@
#include "key-check.h"
/* Print PREFIX followed by TEXT. With mode > 0 use log_info, with
* mode < 0 use ttyio, else print to stdout. If TEXT is not NULL, it
* may be modified by this function. */
static void
print_info (int mode, const char *prefix, char *text)
{
char *p;
if (!text)
text = "";
else if ((p = strchr (text,'\n')))
*p = 0; /* Strip LF. */
if (mode > 0)
log_info ("%s %s\n", prefix, text);
else
tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text);
}
/* Order two signatures. The actual ordering isn't important. Our
* goal is to ensure that identical signatures occur together. */
static int
@ -100,7 +121,6 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb,
int only_selected, int only_selfsigs)
{
gpg_error_t err;
estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout;
PKT_public_key *pk;
KBNODE n, n_next, *n_prevp, n2;
char *pending_desc = NULL;
@ -476,8 +496,9 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb,
has_selfsig = 1;
}
if ((n2 && n2 != last_printed_component)
|| (! n2 && last_printed_component != current_component))
if (DBG_PACKET
&& ((n2 && n2 != last_printed_component)
|| (! n2 && last_printed_component != current_component)))
{
int is_reordered = n2 && n2 != current_component;
if (n2)
@ -489,36 +510,34 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb,
;
else if (last_printed_component->pkt->pkttype == PKT_USER_ID)
{
tty_fprintf (fp, "uid ");
tty_print_utf8_string2 (fp,
last_printed_component
->pkt->pkt.user_id->name,
last_printed_component
->pkt->pkt.user_id->len, 0);
log_debug ("uid ");
print_utf8_buffer (log_get_stream (),
last_printed_component
->pkt->pkt.user_id->name,
last_printed_component
->pkt->pkt.user_id->len);
log_flush ();
}
else if (last_printed_component->pkt->pkttype
== PKT_PUBLIC_KEY)
tty_fprintf (fp, "pub %s",
pk_keyid_str (last_printed_component
log_debug ("pub %s\n",
pk_keyid_str (last_printed_component
->pkt->pkt.public_key));
else
tty_fprintf (fp, "sub %s",
pk_keyid_str (last_printed_component
->pkt->pkt.public_key));
log_debug ("sub %s\n",
pk_keyid_str (last_printed_component
->pkt->pkt.public_key));
if (modified)
{
if (is_reordered)
tty_fprintf (fp, _(" (reordered signatures follow)"));
if (mode > 0)
log_printf ("\n");
else
tty_fprintf (fp, "\n");
log_debug ("%s\n", _(" (reordered signatures follow)"));
}
}
if (modified)
keyedit_print_one_sig (ctrl, fp, rc, kb, n, NULL, NULL, NULL,
if (DBG_PACKET && modified)
keyedit_print_one_sig (ctrl, log_get_stream (),
rc, kb, n, NULL, NULL, NULL,
has_selfsig, 0, only_selfsigs);
}
@ -624,32 +643,62 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb,
}
}
if (dups || missing_issuer || bad_signature || reordered)
tty_fprintf (fp, _("key %s:\n"), pk_keyid_str (pk));
if (!opt.quiet)
{
char prefix[100];
char *p;
if (dups)
tty_fprintf (fp,
ngettext ("%d duplicate signature removed\n",
"%d duplicate signatures removed\n", dups), dups);
if (missing_issuer)
tty_fprintf (fp,
ngettext ("%d signature not checked due to a missing key\n",
"%d signatures not checked due to missing keys\n",
missing_issuer), missing_issuer);
if (bad_signature)
tty_fprintf (fp,
ngettext ("%d bad signature\n",
"%d bad signatures\n",
bad_signature), bad_signature);
if (reordered)
tty_fprintf (fp,
ngettext ("%d signature reordered\n",
"%d signatures reordered\n",
reordered), reordered);
/* To avoid string changes in 2.2 we strip the LF here. */
snprintf (prefix, sizeof prefix, _("key %s:\n"), pk_keyid_str (pk));
p = strrchr (prefix, '\n');
if (p)
*p = 0;
if (only_selfsigs && (bad_signature || reordered))
tty_fprintf (fp, _("Warning: errors found and only checked self-signatures,"
" run '%s' to check all signatures.\n"), "check");
if (dups)
{
p = xtryasprintf
(ngettext ("%d duplicate signature removed\n",
"%d duplicate signatures removed\n", dups), dups);
print_info (mode, prefix, p);
xfree (p);
}
if (missing_issuer)
{
p = xtryasprintf
(ngettext ("%d signature not checked due to a missing key\n",
"%d signatures not checked due to missing keys\n",
missing_issuer), missing_issuer);
print_info (mode, prefix, p);
xfree (p);
}
if (bad_signature)
{
p = xtryasprintf (ngettext ("%d bad signature\n",
"%d bad signatures\n",
bad_signature), bad_signature);
print_info (mode, prefix, p);
xfree (p);
}
if (reordered)
{
p = xtryasprintf (ngettext ("%d signature reordered\n",
"%d signatures reordered\n",
reordered), reordered);
print_info (mode, prefix, p);
xfree (p);
}
if (only_selfsigs && (bad_signature || reordered))
{
p = xtryasprintf
(_("Warning: errors found and only checked self-signatures,"
" run '%s' to check all signatures.\n"), "check");
print_info (mode, prefix, p);
xfree (p);
}
}
return modified;
}

100
g10/keyedit.c
View file

@ -1223,10 +1223,8 @@ parse_sign_type (const char *str, int *localsig, int *nonrevokesig,
/* Need an SK for this command */
#define KEYEDIT_NEED_SK 1
/* Cannot be viewing the SK for this command */
#define KEYEDIT_NOT_SK 2
/* Must be viewing the SK for this command */
#define KEYEDIT_ONLY_SK 4
/* Need an SUB KEY for this command */
#define KEYEDIT_NEED_SUBSK 2
/* Match the tail of the string */
#define KEYEDIT_TAIL_MATCH 8
@ -1268,12 +1266,12 @@ static struct
{ "key", cmdSELKEY, 0, N_("select subkey N")},
{ "check", cmdCHECK, 0, N_("check signatures")},
{ "c", cmdCHECK, 0, NULL},
{ "change-usage", cmdCHANGEUSAGE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
{ "cross-certify", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
{ "backsign", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
{ "sign", cmdSIGN, KEYEDIT_NOT_SK | KEYEDIT_TAIL_MATCH,
{ "change-usage", cmdCHANGEUSAGE, KEYEDIT_NEED_SK, NULL},
{ "cross-certify", cmdBACKSIGN, KEYEDIT_NEED_SK, NULL},
{ "backsign", cmdBACKSIGN, KEYEDIT_NEED_SK, NULL},
{ "sign", cmdSIGN, KEYEDIT_TAIL_MATCH,
N_("sign selected user IDs [* see below for related commands]")},
{ "s", cmdSIGN, KEYEDIT_NOT_SK, NULL},
{ "s", cmdSIGN, 0, NULL},
/* "lsign" and friends will never match since "sign" comes first
and it is a tail match. They are just here so they show up in
the help menu. */
@ -1282,62 +1280,62 @@ static struct
{ "nrsign", cmdNOP, 0,
N_("sign selected user IDs with a non-revocable signature")},
{ "debug", cmdDEBUG, 0, NULL},
{ "adduid", cmdADDUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a user ID")},
{ "addphoto", cmdADDPHOTO, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "adduid", cmdADDUID, KEYEDIT_NEED_SK, N_("add a user ID")},
{ "addphoto", cmdADDPHOTO, KEYEDIT_NEED_SK,
N_("add a photo ID")},
{ "deluid", cmdDELUID, KEYEDIT_NOT_SK, N_("delete selected user IDs")},
{ "deluid", cmdDELUID, 0, N_("delete selected user IDs")},
/* delphoto is really deluid in disguise */
{ "delphoto", cmdDELUID, KEYEDIT_NOT_SK, NULL},
{ "addkey", cmdADDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a subkey")},
{ "delphoto", cmdDELUID, 0, NULL},
{ "addkey", cmdADDKEY, KEYEDIT_NEED_SK, N_("add a subkey")},
#ifdef ENABLE_CARD_SUPPORT
{ "addcardkey", cmdADDCARDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "addcardkey", cmdADDCARDKEY, KEYEDIT_NEED_SK,
N_("add a key to a smartcard")},
{ "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK,
{ "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK,
N_("move a key to a smartcard")},
{ "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK,
{ "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK,
N_("move a backup key to a smartcard")},
#endif /*ENABLE_CARD_SUPPORT */
{ "delkey", cmdDELKEY, KEYEDIT_NOT_SK, N_("delete selected subkeys")},
{ "addrevoker", cmdADDREVOKER, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "delkey", cmdDELKEY, 0, N_("delete selected subkeys")},
{ "addrevoker", cmdADDREVOKER, KEYEDIT_NEED_SK,
N_("add a revocation key")},
{ "delsig", cmdDELSIG, KEYEDIT_NOT_SK,
{ "delsig", cmdDELSIG, 0,
N_("delete signatures from the selected user IDs")},
{ "expire", cmdEXPIRE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "expire", cmdEXPIRE, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK,
N_("change the expiration date for the key or selected subkeys")},
{ "primary", cmdPRIMARY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "primary", cmdPRIMARY, KEYEDIT_NEED_SK,
N_("flag the selected user ID as primary")},
{ "toggle", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, /* Dummy command. */
{ "t", cmdTOGGLE, KEYEDIT_NEED_SK, NULL},
{ "pref", cmdPREF, KEYEDIT_NOT_SK, N_("list preferences (expert)")},
{ "showpref", cmdSHOWPREF, KEYEDIT_NOT_SK, N_("list preferences (verbose)")},
{ "setpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "pref", cmdPREF, 0, N_("list preferences (expert)")},
{ "showpref", cmdSHOWPREF, 0, N_("list preferences (verbose)")},
{ "setpref", cmdSETPREF, KEYEDIT_NEED_SK,
N_("set preference list for the selected user IDs")},
{ "updpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
{ "keyserver", cmdPREFKS, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "updpref", cmdSETPREF, KEYEDIT_NEED_SK, NULL},
{ "keyserver", cmdPREFKS, KEYEDIT_NEED_SK,
N_("set the preferred keyserver URL for the selected user IDs")},
{ "notation", cmdNOTATION, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "notation", cmdNOTATION, KEYEDIT_NEED_SK,
N_("set a notation for the selected user IDs")},
{ "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "passwd", cmdPASSWD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK,
N_("change the passphrase")},
{ "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
{ "password", cmdPASSWD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, NULL},
#ifndef NO_TRUST_MODELS
{ "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")},
{ "trust", cmdTRUST, 0, N_("change the ownertrust")},
#endif /*!NO_TRUST_MODELS*/
{ "revsig", cmdREVSIG, KEYEDIT_NOT_SK,
{ "revsig", cmdREVSIG, 0,
N_("revoke signatures on the selected user IDs")},
{ "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "revuid", cmdREVUID, KEYEDIT_NEED_SK,
N_("revoke selected user IDs")},
{ "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL},
{ "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK,
{ "revphoto", cmdREVUID, KEYEDIT_NEED_SK, NULL},
{ "revkey", cmdREVKEY, KEYEDIT_NEED_SK,
N_("revoke key or selected subkeys")},
#ifndef NO_TRUST_MODELS
{ "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")},
{ "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")},
{ "enable", cmdENABLEKEY, 0, N_("enable key")},
{ "disable", cmdDISABLEKEY, 0, N_("disable key")},
#endif /*!NO_TRUST_MODELS*/
{ "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")},
{ "clean", cmdCLEAN, KEYEDIT_NOT_SK,
{ "clean", cmdCLEAN, 0,
N_("compact unusable user IDs and remove unusable signatures from key")},
{ "minimize", cmdMINIMIZE, KEYEDIT_NOT_SK,
{ "minimize", cmdMINIMIZE, 0,
N_("compact unusable user IDs and remove all signatures from key")},
{ NULL, cmdNONE, 0, NULL}
@ -1406,6 +1404,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
KBNODE keyblock = NULL;
KEYDB_HANDLE kdbhd = NULL;
int have_seckey = 0;
int have_anyseckey = 0;
char *answer = NULL;
int redisplay = 1;
int modified = 0;
@ -1448,9 +1447,18 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
/* See whether we have a matching secret key. */
if (seckey_check)
{
have_seckey = !agent_probe_any_secret_key (ctrl, keyblock);
have_anyseckey = !agent_probe_any_secret_key (ctrl, keyblock);
if (have_anyseckey
&& !agent_probe_secret_key (ctrl, keyblock->pkt->pkt.public_key))
{
/* The primary key is also available. */
have_seckey = 1;
}
if (have_seckey && !quiet)
tty_printf (_("Secret key is available.\n"));
tty_printf (_("Secret key is available.\n"));
else if (have_anyseckey && !quiet)
tty_printf (_("Secret subkeys are available.\n"));
}
/* Main command loop. */
@ -1548,12 +1556,14 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
else if (!ascii_strcasecmp (answer, cmds[i].name))
break;
}
if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey)
if ((cmds[i].flags & (KEYEDIT_NEED_SK|KEYEDIT_NEED_SUBSK))
&& !(((cmds[i].flags & KEYEDIT_NEED_SK) && have_seckey)
|| ((cmds[i].flags & KEYEDIT_NEED_SUBSK) && have_anyseckey)))
{
tty_printf (_("Need the secret key to do this.\n"));
cmd = cmdNOP;
}
else
else
cmd = cmds[i].id;
}
@ -1563,7 +1573,9 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
case cmdHELP:
for (i = 0; cmds[i].name; i++)
{
if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey)
if ((cmds[i].flags & (KEYEDIT_NEED_SK|KEYEDIT_NEED_SUBSK))
&& !(((cmds[i].flags & KEYEDIT_NEED_SK) && have_seckey)
||((cmds[i].flags&KEYEDIT_NEED_SUBSK)&&have_anyseckey)))
; /* Skip those item if we do not have the secret key. */
else if (cmds[i].desc)
tty_printf ("%-11s %s\n", cmds[i].name, _(cmds[i].desc));

3
g10/keygen.c
View file

@ -5050,6 +5050,9 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/,
&cache_nonce, &passwd_nonce);
xfree (desc);
if (gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED
&& gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT)
err = 0; /* Very likely that the key is on a card. */
if (err)
goto leave;
}

20
g10/trust.c
View file

@ -66,6 +66,26 @@ register_trusted_key (const char *string)
#ifdef NO_TRUST_MODELS
(void)string;
#else
/* Some users have conf files with entries like
* trusted-key 0x1234567812345678 # foo
* That is obviously wrong. Before fixing bug#1206 trailing garbage
* on a key specification if was ignored. We detect the above use case
* here and cut off the junk-looking-like-a comment. */
if (strchr (string, '#'))
{
char *buf;
buf = xtrystrdup (string);
if (buf)
{
*strchr (buf, '#') = 0;
tdb_register_trusted_key (buf);
xfree (buf);
return;
}
}
tdb_register_trusted_key (string);
#endif
}