* common/status.h (STATUS_KEY_CONSIDERED): New.
* g10/getkey.c: Include status.h.
(LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
(finish_lookup): Add arg R_FLAGS. Count expired and revoked keys and
set flag. Check a requested usage before checking for expiraion or
revocation.
(print_status_key_considered): New.
(lookup): Print new status.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method. Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt): Add field 'with_wkd_hash'.
(AKL_WKD): New.
* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--
The Web Key Directory is an experimental feature to retrieve a key via
https. It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.
For example the URI to lookup the key for Joe.Doe@Example.ORG is:
https://example.org/.well-known/openpgpkey/
hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q
(line has been wrapped for rendering purposes). The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part. The
address wk@gnupg.org can be used for testing.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
* g10/keyserver.c (keyserver_any_configured): New.
(keyserver_put): Remove arg keyserver because this will always receive
opt.keyserver which is anyway used when connecting dirmngr. Do not
check opt.keyserver.
(keyserver_import_cert): Replace opt.keyserver by
keyserver_any_configured.
* g10/mainproc.c (check_sig_and_print): Ditto.
* g10/import.c (revocation_present): Ditto.
* g10/getkey.c (get_pubkey_byname): Ditto.
* g10/gpgv.c (keyserver_any_configured): Add stub.
* g10/test-stubs.c (keyserver_any_configured): Add stub.
--
The keyserver should be configured in dirmngr.conf and thus we can't
use opt.keyserver in gpg to decide whether a keyserver has been
configured.
GnuPG-bug-id: 2147
Signed-off-by: Werner Koch <wk@gnupg.org>
--
When using tags (e.g. GNU global) to navigate the source code it is
way easier to have the documentation close to the function we are
looking at. Having the documentation in the header file would require
an extra manual lookup to understand the function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
--
This change adds the expected behavior for the getkey_next function
to fix this NULL de-ref.
GnuPG-bug-id: 2212
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_pubkeys): Fix double free.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7195b943
Note: this error is not a security problem, because this code path is
currently never executed.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Werner pointed out that a special error message is not needed: the
error code (as displayed by gpg_strerror) will indicate what went
wrong.
* g10/keydb.h (struct pubkey): Rename to pubkey_s.
(pubkey_t): New. Change all struct pubkey_s to use this type.
* g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
--
It is common in GnuPG to use a suffix of _s for struct names. There
is no technical need for this (actually this pattern comes from pre
ANSI C compilers which had no separate namespaces) but it avoid
surprises when reading the code.
Adding the pubkey_t type is mainly to improve font locking by using
the common suffix _t for a typedefed type.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_def_secret_key): Do not make strings passed to
log_debug translatable.
--
Debug output is intended to be used along with the source or to be
send to the developers. Thus translations are at best not helpful.
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here. Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here. Update users. Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc
This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks. The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic. Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality. Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
* g10/getkey.c (parse_def_secret_key): Display the key that is
invalid, not the search description.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/getkey.c (parse_def_secret_key): Do not make debug messages
translatable. Make use of print_reported_error.
--
This patch also passes all required arguments to log_debug ;-).
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_def_secret_key): Don't just check if a secret
key is available for the public key, also consider subkeys. Also
check that the key has the signing capability, is not revoked, is not
expired and is not disabled. Print a warning if there was a least one
value passed to --default-key and all were ignored.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e16d7168
* g10/keydb.c (keydb_new): Print an error message if needed. Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.
* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.
* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--
Commit 04a6b903 changed keydb_new to return an error. However the
error was not checked at most places which we fix with this patch. To
make things easier keydb_new prints an error message itself.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_def_secret_key): Change error message. Replace
log_debug by log_info.
* g10/gpg.c (check_user_ids): Make function static. Change error
messages.
(main): Change error messages.
* g10/revoke.c (gen_revoke): Ditto.
--
There are other smaller changes not described above.
This change tries to avoid new error messages so not to increase the
the number of translated strings or break too many existing
translations. It also tries to use existing strings and changes the
quoting to the most common style used in gpg.
Key specifications should in general use double quotes. Other values
should use single quotes. However. sometimes it is not easy to
distinguish between values given on the command line and key
specifications. According to old GNU coding standards diagnostics
should not start capitalized - whether this is a good idea is a
different thing but we used this rules for most strings. However,
strings which are used interactively should be properly capitalized
and end with a dot.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (getkey_ctx_s): Add field "extra_list".
(get_pubkey_byname): Store strings in the context.
(getkey_end): Free EXTRA_LIST.
--
This fixes a use-after-free bug. It showed up with:
gpg --auto-key-locate local --locate-key wk@gnupg.org
The key was shown but also all other following keys in the keyring.
Bisecting showed d47e84946e as culprit
but the actual cause was a part of:
Regression-due-to: b06f96ba4f
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (check_user_ids): New function.
(main): Check that any user id specifications passed to --local-user
and --remote-user correspond to exactly 1 user. Check that any user
id specifications passed to --default-key correspond to at most 1
user. Warn if any user id specifications passed to --local-user or
--default-user are possible ambiguous (are not specified by long keyid
or fingerprint).
* g10/getkey.c (parse_def_secret_key): Don't warn about possible
ambiguous key descriptions here.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1128
Debian-debug-id: 544490
* g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
data belonging to the public key when we encounter an attribute packet
or a subkey packet, not just a user id packet. When looking for
self-signed data belonging to a user id packet, stop when we see a
user attribute packet.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/getkey.c (skip_unusable): Also mark the key as unusable if it
has been revoked or has expired.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/getkey.c: Improve documentation and comments for most
functions. Move documentation for public functions from here...
* g10/keydb.h: ... to here.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/getkey.c (have_secret_key_with_kid): Once we find the relevent
key or subkey, stop searching.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Only a single key or subkey will ever be selected per keyblock.
* g10/getkey.c (lookup): Also don't skip legacy keys if the search
mode is KEYDB_SEARCH_MODE_NEXT.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
We currently don't skip keys if the search mode is
KEYDB_SEARCH_MODE_FIRST. Since we change KEYDB_SEARCH_MODE_FIRST to
KEYDB_SEARCH_MODE_NEXT (to avoid a reset), it only makes sense to have
the same semantics for KEYDB_SEARCH_MODE_NEXT.
* g10/keydb.h (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this. Drop the parameter name. Update
users.
* g10/getkey.c (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this. Drop the parameter name. Drop the
code which assumed that NAME is not NULL.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/keydb.h (get_keyblock_byfprint): Remove prototype. Replace use
of this function with get_pubkey_byfprint.
* g10/getkey.c (get_pubkey_byname): Remove function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return
the keyblock in R_KEYBLOCK independent of whether PK is set or not.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Currently, no caller invokes get_pubkey_byname with PK==NULL and
R_KEYBLOCK != NULL. Thus, this change does not change any behavior.
* g10/getkey.c (get_pubkey_byname): Remove function.
(lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/keydb.h (get_pubkey_end): Remove declaration. Replace use of
function with getkey_end.
* g10/getkey.c (get_pubkey_byname): Remove function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change
third parameter to be the index of the user id packet in the keyblock
rather than the packet itself. Update users.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
The keybox code doesn't work directly with keyblocks. As such, the
matched user packet is not readily available to pass to
DESC[n].SKIPFNC. But, we do know the index of the user id packet that
matched. Thus, pass that instead. If the skip function needs the
user id packet, it can use the key id to look up the key block and
find the appropriate packet.
* g10/getkey.c (struct getkey_ctx_s): Remove field found_key.
(lookup): Add argument ret_found_key. If not NULL, set it to the
found key. Update callers.
(pk_from_block): Add argument found_key. Use it instead of
CTX->FOUND_KEY. Update callers.
(finish_lookup): Return a KBNODE (the found key) instead of an int.
Don't set CTX->FOUND_KEY. Return the found key instead.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
