* g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of
iobuf_put in a loop. Use iobuf_copy instead of iobuf_read and
iobuf_write in a loop. Move the memory wiping from here...
* common/iobuf.c (iobuf_copy): ... to here.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (sig_comparison): New function.
(fix_key_signature_order): Merge functionality into...
(check_all_keysigs): ... this function. Rewrite to eliminate
duplicates and use a systematic approach to detecting and moving
signatures that are out of order instead of a heuristic.
(fix_keyblock): Don't call fix_key_signature_order. Call
check_all_keysigs instead after collapsing the uids.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2236
* g10/sig-check.c (hash_uid_node): Rename from this...
(hash_uid_packet): ... to this. Take a PKT_user_id instead of a
KBNODE.
(check_key_signature2): Split the basic signature checking
functionality into...
(check_signature_over_key_or_uid): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (print_and_check_one_sig): Split the print
functionality into...
(print_one_sig): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/sig-check.c (check_signature_end): Break the basic signature
check into...
(check_signature_end_simple): ... this new function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
manually formatting the keyid.
* g10/keygen.c (card_write_key_to_backup_file): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keydb.h (keyid_cmp): New function.
* g10/keyid.c (pk_keyid): New function.
(pk_main_keyid): New function.
(keyid_copy): New function.
(pk_keyid_str): New function.
* g10/packet.h (PKT_public_key): Update comments for main_keyid and
keyid.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk,
NULL) to ensure that pk->keyid is valid. Because it is easy to forget
to do this, these accessor functions take care of it.
* g10/keydb.h: Remove agent_open, agent_close declarations/
* g10/migrate.c: #include <unistd.h> for access()
--
agent_open() is only defined statically in common/simple-pw-query.c,
it is neither used nor referenced anywhere else. agent_close doesn't
exist anywhere. The removal of these declarations removes an
unecessary inclusion of libassuan.h.
migrate.c was relying on keydb.h -> libassuan.h -> unistd.h for the
declaration of access(), so we now handle that explicitly instead.
* g10/armor.c (radix64_read): If the = is followed by the string "3D",
check if the following four characters are valid radix 64 and are
followed by a new line. If so, warn and ignore the '3D'.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2250
* g10/build-packet.c (calc_header_length): Return the correct haeder
size when LEN is 0. Fix documentation.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2240
* g10/keyid.c (format_keyid): Return a char *, not a const char *. If
BUFFER is NULL, then set LEN to the static buffer's size.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check
the directory and create it if none before calling take_write_lock.
--
Thanks to Marc Deslauriers for the bug report and his patch.
GnuPG-bug-id: 2246
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
Using "help" as value lists the options. Not having the current
options in the help text also makes it easier to keep translations
clean.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.c (learn_status_cb): Don't use NULL for strcmp.
--
With libgcrypt not supporting cv25519, gpg segfaults.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
Some of the options are too rarley used to deserve an entry in the
skeleton config file. Some are even the default for many years.
Added auto-key-locate because that is a very useful option.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (ask_user_id): Allow empty name.
--
The --quick-gen-key command allows this and further some mail
providers require that a key has only the mail address to allow for
anonymous accounts.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/revoke.c (gen_standard_revoke): Improve header text for the
file. Add info output.
--
GnuPG-bug-id: 1724
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
* g10/keyserver.c (keyserver_any_configured): New.
(keyserver_put): Remove arg keyserver because this will always receive
opt.keyserver which is anyway used when connecting dirmngr. Do not
check opt.keyserver.
(keyserver_import_cert): Replace opt.keyserver by
keyserver_any_configured.
* g10/mainproc.c (check_sig_and_print): Ditto.
* g10/import.c (revocation_present): Ditto.
* g10/getkey.c (get_pubkey_byname): Ditto.
* g10/gpgv.c (keyserver_any_configured): Add stub.
* g10/test-stubs.c (keyserver_any_configured): Add stub.
--
The keyserver should be configured in dirmngr.conf and thus we can't
use opt.keyserver in gpg to decide whether a keyserver has been
configured.
GnuPG-bug-id: 2147
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/trustdb.c (tdb_get_validity_core): Print message only in debug
mode.
--
This makes only sense for debugging.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c: Make use of print_further_info to reduce the number of
different error messages to be translated. Also streamline some
messages.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c: Include ttyio.h. Change many strings to help
translating. Make use of ngettext wehere needed.
(CONTROL_L): New.
(TIME_AGO_UNIT_SMALL_NAME): Remove this and all similar *_NAME macros.
(time_ago_unit): Remove.
(get_trust): Use tty_prints and cpr_get only for the actual prompt.
Add Ctrl-L hack.
(show_statistics): Use two English strings for singular and plural.
* po/POTFILES.in: Add tofu.c.
--
These changes are required for proper translation. More to changes
may be needed, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/sig-check.c (check_signature_metadata_validity): Use days if
useful.
--
Using days instead of a high number of seconds is for the majority of
users a better measurement.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyring.c (keyring_lock) [W32]: Flush the close cache before
locking.
* kbx/keybox-init.c (keybox_lock) [W32]: Close the file before
locking.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-update.c (create_tmp_file): Move some code to...
* kbx/keybox-util.c (keybox_tmp_names): new.
* g10/keyring.c: Include keybox.h.
(create_tmp_file): Replace parts by keybox_tmp_names.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Add LIST_SHOW_USAGE.
--
The usage flags are often useful and they don't take away much space
in a key listing. Thus it is better to have them enabled by default.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-init.c (keybox_register_file): Change interface to return
the token even if the file has already been registered.
* g10/keydb.c (primary_keyring): Rename to primary_keydb.
(maybe_create_keyring_or_box): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Mark an already registered as primary.
* sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Adjust for changed keybox_register_file.
--
This change aligns the registering of keyboxes with those of
keyrings. This fixes a potential bug:
gpg --keyring foo.kbx --keyring bar.gpg --keyring foo.kbx
would have marked bar.gpg as primary resource and thus inserting new
keys there. The correct and now fixed behavior is to insert to
foo.kbx.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
I am considering some changes and thus better start off by switching
to standard GNU indentation. This patch also changes comment lines
like
if (foo)
/* Comment on foo. */
{
to
if (foo)
{ /* Comment on foo. */
or
if (foo) /* Comment on foo. */
{
to make the brace of the opening block stand out immediately.
Further stars on the left are added to longer comments because that
makes the code easier to read by disabled hackers, when reading
without font locking, and for reading black-white printouts.
--
When using tags (e.g. GNU global) to navigate the source code it is
way easier to have the documentation close to the function we are
looking at. Having the documentation in the header file would require
an extra manual lookup to understand the function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
--
This change adds the expected behavior for the getkey_next function
to fix this NULL de-ref.
GnuPG-bug-id: 2212
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/export.c: Include membuf.h and host2net.h.
(key_to_sshblob): New.
(export_ssh_key): New.
* g10/gpg.c (aExportSshKey): New.
(opts): Add command.
(main): Implement that command.
--
GnuPG-bug-id: 2212
I have done only a few tests rights now and the ECDSA curves do not
yet work. However ssh-keygen -l accept RSA and ed25519 keys exported
using this command.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--
We have seen too often bug reports which are due to still running old
versions of the daemons. To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp.c: Include membuf.h.
(get_assuan_server_version): New.
* g10/call-agent.c (agent_get_version): Use new function.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyid.c (keygrip_from_pk): Return an error code.
--
The error was show but the function did not return it. This change
should improve error messages for unknown algorithms.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL
param. The old code was entirely buggy (c+p error).
--
Fixes-commit: 154f3ed2
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset,
default to KF_SHORT.
(format_keyid): Default to KF_SHORT, not KF_0xLONG.
--
Without this fix, gpgv2 fails with:
gpgv: Ohhhh jeeee: ... this is a bug (keyid.c:342:keystrlen)
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/parse-packet.c (parse_key): Check for premature end of salt.
--
This has no security implications because an arbitrary salt could have
also been inset by an attacker.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (change_passphrase): Remove useless init of ANY.
(keyedit_quick_adduid): Remove useless setting of ERR.
* g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
it has been checked before the loop.
(parse_plaintext): Remove useless init of PKTLEN.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
export mode. Improve readability.
--
GnuPG-bug-id: 2209
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_pubkeys): Fix double free.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7195b943
Note: this error is not a security problem, because this code path is
currently never executed.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Werner pointed out that a special error message is not needed: the
error code (as displayed by gpg_strerror) will indicate what went
wrong.
* g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.
--
GnuPG-bug-id: 2169
It was introduced by the commit 9e834047 in 2009. Then, we moved
private key handling to gpg-agent which broke this subcommand.
Note: This subcommand was not supported in 1.4 and 2.0.
--
I must have mixed the up during testing. The old one is just one
keyserver and the new one is the OnionBalance hidden service. See
https://sks-keyservers.net/overview-of-pools.php
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.h (struct pubkey): Rename to pubkey_s.
(pubkey_t): New. Change all struct pubkey_s to use this type.
* g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
--
It is common in GnuPG to use a suffix of _s for struct names. There
is no technical need for this (actually this pattern comes from pre
ANSI C compilers which had no separate namespaces) but it avoid
surprises when reading the code.
Adding the pubkey_t type is mainly to improve font locking by using
the common suffix _t for a typedefed type.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (card_write_key_to_backup_file): Simplify by using
hexfingerprint.
--
Note that the extra blank added to FPRBUF in the old code was not
needed because write_status_text_and_buffer already ensures that
there will be a space.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_def_secret_key): Do not make strings passed to
log_debug translatable.
--
Debug output is intended to be used along with the source or to be
send to the developers. Thus translations are at best not helpful.
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here. Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here. Update users. Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc
This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks. The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic. Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality. Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/pkclist.c (build_pk_list): Remove parameter use, which is always
called set to PUBKEY_USAGE_ENC. Update callers.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
encryption-only keys when a signing key is needed and vice-versa.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
current offset. After taking the lock, extract the fingerprint from
the keyblock, find it and then replace it.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2193
Between locating the record to update and actually updating the
keyblock, it is possible that another process modifies the keyring,
which causes the update to corrupt the keyring. This is due to a time
of check to time of use bug. The fix is straightforward: both
operations must be done while holding the lock. This changes the
semantics of the function slightly, but no callers need to be
modified. Further, it now becomes impossible to replace key A with B;
this function will only ever update B.
* g10/getkey.c (parse_def_secret_key): Display the key that is
invalid, not the search description.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
taken from the config file, note this.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 28311d1
* g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
(PK_LIST_HIDDEN): Likewise.
(PK_LIST_CONFIG): Likewise.
(PK_LIST_SHIFT): Likewise.n
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Using an enum has the advantage that the symbol can be used in gdb.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.
--
Now, key generation is done by gpg-agent. Asking passphrase is done
through pinentry invoked by gpg-agent. It is done by
new internal function of card_store_key_with_backup.
* g10/export.c (receive_seckey_from_agent): New.
(do_export_stream): Use it.
--
Also fixed a memory leak of WRAPPEDKEY on a successful path of
build_packet.
In the log message, key is now by a hexgrip instead of a format by
keystr_with_sub.
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
disabled, revoked and expired keys (if appropriate for the provided
option).
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2186
* g10/getkey.c (parse_def_secret_key): Do not make debug messages
translatable. Make use of print_reported_error.
--
This patch also passes all required arguments to log_debug ;-).
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (print_reported_error): New.
--
Often the user is only interested in a catch all error code like "not
found" but sometimes it is useful to also see the real reason. By
this function this can easily be achieved. Example:
err = search_for_key (keyid)
if (err)
{
log_info ("error locating key '%s': %s\n",
keyid, gpg_strerror (GPG_ERR_NOT_FOUND));
print_reported_error (err, GPG_ERR_NOT_FOUND);
}
results in
gpg: error locating key 'foobar': not found
gpg: (reported error: no keyring <keybox>)
where the second line is only printed in verbose mode and if ERR is
not GPG_ERR_NOT_FOUND.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-search.c (keybox_seek): New function.
* g10/keydb.c (keydb_search): When reading from the cache, seek to
just after the cached record.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* kbx/keybox-search.c (keybox_offset): New function.
* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
HD->KEYBLOCK_CACHE.OFFSET.
(keydb_search): Don't use the cached result if it comes before the
current file position. When caching an entry, also record the
position at which it was found.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2187
* g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
--
The key editor currently prints out the ownertrust value assigned
to a key only when using the classic or PGP trust models; but
that value is also meaningful in the recently introduced TOFU+PGP
combined model.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* g10/getkey.c (parse_def_secret_key): Don't just check if a secret
key is available for the public key, also consider subkeys. Also
check that the key has the signing capability, is not revoked, is not
expired and is not disabled. Print a warning if there was a least one
value passed to --default-key and all were ignored.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e16d7168
* g10/import.c (struct stats_s): Rename to import_stats_s. Change all
users.
* g10/main.h (import_stats_t): New. Change fucntions to use this
instead of a void pointer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow.
--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Regression-due-to: 11ec478
Note: this buffer overflow will only occur if --debug=lookup is passed
to gpg and a search by fingerprint is done.
* g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple
times in the keyring. Instead, print a warning. When printing out
fingerprint prints, use format_hexfingerprint to format them.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/delkey.c (do_delete_key): Write ERROR status code with the error
location "delete_key.secret", when the user cancelled the operation on
Pinentry.
--
I changed the original patch to emit the full gpg_error_t code. -wk
* g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
(PK_LIST_SHIFT): New.
* g10/pkclist.c (build_pk_list): Use them here.
* g10/gpg.c (check_user_ids, main): Ditto.
* g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
(check_user_ids): Skip check for command line specified options.
--
If a key has been given on the command line and it has not been
given by one of the encrypt-to options, we now skip the checks. The
reason is that the actual key selection code does its own checks and
provides proper status message to the caller to detect the wrong keys.
Without this we would break most frontends because they expect for
example STATUS_INV_RECP.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp.c (start_new_gpg_agent): Do not i18n string.
(start_new_dirmngr): Ditto.
* g10/mainproc.c (proc_encrypted): Ditto. Print only if debug is
enabled.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.c (keydb_new): Print an error message if needed. Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.
* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.
* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--
Commit 04a6b903 changed keydb_new to return an error. However the
error was not checked at most places which we fix with this patch. To
make things easier keydb_new prints an error message itself.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_def_secret_key): Change error message. Replace
log_debug by log_info.
* g10/gpg.c (check_user_ids): Make function static. Change error
messages.
(main): Change error messages.
* g10/revoke.c (gen_revoke): Ditto.
--
There are other smaller changes not described above.
This change tries to avoid new error messages so not to increase the
the number of translated strings or break too many existing
translations. It also tries to use existing strings and changes the
quoting to the most common style used in gpg.
Key specifications should in general use double quotes. Other values
should use single quotes. However. sometimes it is not easy to
distinguish between values given on the command line and key
specifications. According to old GNU coding standards diagnostics
should not start capitalized - whether this is a good idea is a
different thing but we used this rules for most strings. However,
strings which are used interactively should be properly capitalized
and end with a dot.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (check_user_ids): If the search description is for an
exact match (a keyid or fingerprint that ends in '!'), then use the
matching key, not the primary key.
* tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test.
(priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc,
privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc,
privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc,
privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and
privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc.
(sample_keys): Add
samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc.
* tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc:
New file.
* tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc:
New file.
* tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc:
New file.
* tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc:
New file.
* tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc:
New file.
* tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc:
New file.
* tests/openpgp/use-exact-key.test: New file.
* tests/openpgp/version.test: Install the new private keys.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Reported-by: Kristian Fiskerstrand
<kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: 10cca02
* g10/tofu.c (record_binding): Change policy_old's type from an enum
tofu_policy to a long: this variable is passed by reference and a long
is expected.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Justus Winter <justus@g10code.com>
Fixes-commit: f77913e
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--
This feature is independent of --use-tor and automagically uses Tor if
available. The dirmngr.conf file needs to specify two keyservers to
make this work. For new installations this is done using the skeleton
file. This feature requires the Libassuan 2.4.2 to work.
This patch also fixes a memory leak of opt.keyserver en passant.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (check_user_ids): If the search description describes a
keyid or fingerprint and ends in a '!', include the '!' in the
rewritten description.
* common/userids.c (classify_user_id): Accept keyids and fingerprints
ending in '!'.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Kristian Fiskerstrand
<kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: f99830b7
Fixes-commit: e8c53fca
* g10/keyedit.c (menu_expire): Use only one prompt.
--
The old code was anyway not fully i18n because it did not used
ngettext. Further we ran into const char*/char* conflicts on Windows
where we use a different gettext implementation.
FWIW: A better pattern in the case of a static and a malloced string
w/o error return on malloc failure would be:
const char *s;
char *s_buf;
s_buf = xtryasprintf ("%d foo", n);
if (!s_buf)
s = "several foo";
else
s = s_buf;
bar (s);
xfree (s_buf);
* g10/keyedit.c (menu_select_key): Use spacep and hexdigitp instead of
inline tests. Don't compare P to the suffix of the fingerprint. If P
appears to be a keyid, do an exact compare against the keyid. If it
appears to be a fingerprint, do an exact compare against the
fingerprint.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* common/stringhelp.c (format_text): New function.
* common/t-stringhelp.c (stresc): New function.
(test_format_text): New function. Test format_text.
* g10/tofu.c (get_trust): Use format_text to reflow long texts.
(show_statistics): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len. Process at most LEN bytes.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keyedit.c (menu_expire): Allow updating the expiration time of
multiple subkeys at once.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1944
* g10/revoke.c (gen_revoke): Provide a more descriptive error message
if searching for a key fails.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1987
* g10/trust.c (clean_one_uid): Avoid a computation involving an
uninitialized value.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/keyedit.c (menu_select_key): Take an additional argument, p.
Update callers. If P is a hex string, then assume that P is a key id
or fingerprint and select subkeys with matching key ids or
fingerprints.
* doc/gpg.texi: Update documentation for the key subcommand.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1423
Debian-bug-id: 610336
* g10/keyring.c (keyring_get_keyblock): If we encounter a legacy
packet after already having some non-legacy packets, then treat the
legacy packet as a keyblock boundary, not as part of the keyblock.
* g10/t-keydb-get-keyblock.c: New file.
* g10/t-keydb-get-keyblock.gpg: New file.
* g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg.
(module_tests): Add t-keydb-get-keyblock.
(t_keydb_get_keyblock_SOURCES): New variable.
(t_keydb_get_keyblock_LDADD): Likewise.
--
Signed-off-by: Neal H. Walfield
GnuPG-bug-id: 2151
* g10/keydb.c (dump_search_desc): Rename from this...
(keydb_search_desc_dump): ... to this. Only process a single search
descriptor. Improve output. Don't mark as static. Update callers.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/options.h (opt.keyid_format): Add new value KF_DEFAULT.
* g10/keyid.c (format_keyid): New function.
(keystr): Use it.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (check_user_ids): Differentiate between a second result
and an error. If the key specification is ambiguous or an error
occurs, set RC appropriately.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Werner Koch <wk@gnupg.org>
Suggested-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/tofu.c (fingerprint_str): Remove.
(tofu_register): Take a public key instead of a fingerprint as arg.
Use hexfingerprint() to get a fpr from the PK.
(tofu_get_validity): Ditto.
(tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
* g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
instead of the fingerprint to the tofu functions.
--
This change has the advantage that we are not bound to a specific
fingerprint length and will thus helps us to implement rfc4880bis.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (get_trust): For the UTK check lookup the key by
fingerprint.
--
Extracting the keyid form the fingerprint is not a good idea because
that only works for v4 keys. It is also better to first read the key
and then extract the keyid from the actual available key.
The entire trusted-key stuff should be reworked to make use of
fingerprints.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (getkey_ctx_s): Add field "extra_list".
(get_pubkey_byname): Store strings in the context.
(getkey_end): Free EXTRA_LIST.
--
This fixes a use-after-free bug. It showed up with:
gpg --auto-key-locate local --locate-key wk@gnupg.org
The key was shown but also all other following keys in the keyring.
Bisecting showed d47e84946e as culprit
but the actual cause was a part of:
Regression-due-to: b06f96ba4f
Signed-off-by: Werner Koch <wk@gnupg.org>
g10/keyring.c (keyring_search): Only mark the cache as completely
filled if we start the scan from the beginning of the keyring.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: NIIBE Yutaka <gniibe@fsij.org>
A new feature (e8c53fc) turned up a bug whereby checking if a search
term matches multiple keys in the keyring causes the cache to be
inconsistent.
When we look for a key on the keyring, we iterate over each of the
keyblocks starting with the keyblock following the last result. For
each keyblock, we iterate over the public key and any subkeys. As we
iterate over each key, we first insert it into the cache and then
check if the key matches. If so, we are done.
In pseudo code:
for (i = last_result + 1; i < num_records; i ++)
keyblock = get_keyblock (i)
for (j = 1; j < len(keyblock); j ++)
key = keyblock[j]
update_cache (key)
if (compare (key, search_terms))
return ok
cache_filled = true
return ENOFOUND
When we look for the next match, we start with the following keyblock.
The result is that any subkeys following the key that matched are not
added to the cache (in other words, when a keyblock matches, the inner
loop did not necessarily complete and the subsequent search doesn't
resume it).
This patch includes a straightforward fix: only indicate the cache as
complete if we started the scan from the beginning of the keyring and
really didn't find anything.
* g10/trustdb.c (init_trustdb): If we can't read the trust model from
the trust DB, default to TM_PGP, not TM_TOFU_PGP.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there
is no TOFU DB, default to the flat format.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/options.h (opt): Add field only_sign_text_ids.
* g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
(opts): Handle oOnlySignTextIDs.
(main): Likewise.
* g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
select non-text based IDs automatically.
(keyedit_menu): Adapt the prompt asking to sign all user ids according
to OPT.ONLY_SIGN_TEXT_IDS.
* doc/gpg.texi: Document the new option --only-sign-text-ids.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1241
Debian-bug-id: 569702
* g10/gpg.c (check_user_ids): New function.
(main): Check that any user id specifications passed to --local-user
and --remote-user correspond to exactly 1 user. Check that any user
id specifications passed to --default-key correspond to at most 1
user. Warn if any user id specifications passed to --local-user or
--default-user are possible ambiguous (are not specified by long keyid
or fingerprint).
* g10/getkey.c (parse_def_secret_key): Don't warn about possible
ambiguous key descriptions here.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1128
Debian-debug-id: 544490