1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Commit Graph

108 Commits

Author SHA1 Message Date
Werner Koch
8f2671d2cc
gpg: Pass CTRL to many more functions.
--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:07:20 +02:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Justus Winter
6823ed4658
gpg,common: Make sure that all fd given are valid.
* common/sysutils.c (gnupg_fd_valid): New function.
* common/sysutils.h (gnupg_fd_valid): New declaration.
* common/logging.c (log_set_file): Use the new function.
* g10/cpr.c (set_status_fd): Likewise.
* g10/gpg.c (main): Likewise.
* g10/keylist.c (read_sessionkey_from_fd): Likewise.
* g10/passphrase.c (set_attrib_fd): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/issue2941.scm: New file.
--

Consider a situation where the user passes "--status-fd 3" but file
descriptor 3 is not open.

During the course of executing the rest of the commands, it's possible
that gpg itself will open some files, and file descriptor 3 will get
allocated.

In this situation, the status information will be appended directly to
whatever file happens to have landed on fd 3 (the trustdb? the
keyring?).

This is a potential data destruction issue for all writable file
descriptor options:

   --status-fd
   --attribute-fd
   --logger-fd

It's also a potential issue for readable file descriptor options, but
the risk is merely weird behavior, and not data corruption:

   --override-session-key-fd
   --passphrase-fd
   --command-fd

Fixes this by checking whether the fd is valid early on before using
it.

GnuPG-bug-id: 2941
Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-08 14:28:49 +01:00
Werner Koch
cb4c7abb77
Fix 2 compiler warnings.
* dirmngr/loadswdb.c: Set ERR on malloc failure.
* g10/passphrase.c (passphrase_to_dek): Initialize all fields of
HELP_S2K.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 19:02:56 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
NIIBE Yutaka
6e85ac77af Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
Werner Koch
491d6fdabb
gpg: Cleanup of dek_to_passphrase function (part 2).
* g10/passphrase.c (passphrase_get): Remove arg KEYID.  Change arg
MODE to NOCACHE.
(passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO.  Split arg
MODE into CREATE and NOCACHE.  Change all callers and adjust stubs.
(passphrase_clear_cache): Remove args KEYID and ALGO.  They are not
used.  Change caller.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-08 20:32:08 +02:00
Werner Koch
5b614973fe
gpg: Cleanup of dek_to_passphrase function (part 1).
* g10/passphrase.c (passphrase_to_dek_ext): Remove args CUSTDESC and
CUSTPROMPT.  Merge into the passphrase_to_dek wrapper.
(passphrase_get): Remove args CUSTOM_DESCRIPTION and CUSTOM_PROMPT.
--

The function is nowadays only used for symmetric encryption.  Thus we
do not need all the former advanced stuff.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-08 18:47:27 +02:00
Werner Koch
64bfeafa52
gpg: Remove all assert.h and s/assert/log_assert/.
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 11:05:24 +02:00
Ben Kibbey
93f5295df5 Fix sending INQUIRE_MAXLEN for symmetric data.
* g10/passphrase.c (passphrase_to_dek_ext): Write the status message.
2015-08-16 12:54:04 -04:00
Werner Koch
592faa7dc4 Comment typo fixes.
--
2014-11-19 10:47:57 +01:00
Werner Koch
a731c22952 gpg: Allow for positional parameters in the passphrase prompt.
* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
--

Without that at least the French translation does not always work
because it requires positional parameters.  Windows for example does
not support them as they are not defined by C99 but by POSIX.
2014-08-26 10:16:04 +02:00
Werner Koch
03018ef9ee gpg: Auto-create revocation certificates.
* configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
--

GnuPG-bug-id: 1042
2014-06-30 16:40:55 +02:00
Werner Koch
db3b528239 gpg: Re-enable secret key deletion.
* g10/call-agent.c (agent_delete_key): New.
* g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
* g10/passphrase.c (gpg_format_keydesc): Support new format.
* g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 19:44:50 +02:00
Werner Koch
e549799db6 gpg: Change pinentry prompt to talk about "secret key".
* g10/passphrase.c (gpg_format_keydesc): Add mode 2.  Change strings.
* g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
(FORMAT_KEYDESC_EXPORT): New.  Use them for clarity.
--

The use of the term "certificate" was more confusing than helpful.
2014-04-15 19:29:57 +02:00
Werner Koch
ea8a1685f7 gpg: Remove cipher.h and put algo ids into a common file.
* common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t)
(compress_algo_t): New.
* agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h.
* g10/cipher.h (DEK): Move to ...
* g10/dek.h: new file.
* g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA)
(PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC)
(PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT)
(PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to
* g10/packet.h: here.
* g10/cipher.h: Remove.  Remove from all files.
* g10/filter.h, g10/packet.h:  Include dek.h.
* g10/Makefile.am (common_source): Remove cipher.h.  Add dek.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-29 20:35:05 +01:00
Werner Koch
273bb38cd7 gpg: Fix a memory leak in batch key generation
* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.

* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--

Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released.  If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.
2013-02-21 20:35:10 +01:00
Werner Koch
21feecd48f gpg: Add pinentry-mode feature.
* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry.  Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.

* g10/call-agent.c (struct default_inq_parm_s): New.  Change all
similar structs to reference this one.  Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs.  This change will help to eventually get rid of global
variables.
--

This new features allows to use gpg without a Pinentry.  As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry).  For example

  gpg2 --pinentry-mode=loopback FILE.gpg

may be used to decrypt FILE.gpg while entering the passphrase on the
tty.  If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process.  Note that there are no try-again prompts in case of a bad
passphrase.
2013-02-07 20:37:58 +01:00
Werner Koch
6cf8890dc1 Allow NULL for free_public_key. 2011-09-20 19:24:52 +02:00
Werner Koch
b9bcc77d6c Make use of gcry_kdf_derive.
Factoring common code out is always a Good Thing.  Also added a
configure test to print an error if gcry_kdf_derive is missing in
Libgcrypt.
2011-03-10 18:39:34 +01:00
Werner Koch
4659c923a0 Sample ECC keys and message do now work.
Import and export of secret keys does now work.  Encryption has been
fixed to be compatible with the sample messages.

This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
2011-02-02 15:48:54 +01:00
Andrey Jivsov
e0972d3d96 Integrating http://code.google.com/p/gnupg-ecc/source/detail?r=15 .
The following works:
   gpg2 --gen-key (ECC)
   gpg2 --list-keys
   gpg2 --list-packets ~/.gnupg/pubring.gpg
   gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>

ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
2011-01-05 17:33:17 -08:00
Werner Koch
02e4c3cb7e Re-implemented GPG's --passwd command and improved it. 2010-10-26 09:10:29 +00:00
Werner Koch
54591341a4 More agent support for gpg. 2010-10-13 15:57:08 +00:00
Werner Koch
299ed4c9e2 Removed more secret key related code.
It builds fine and passes some of the tests but there are quite some
features which don't work yet.
2010-09-06 19:57:42 +00:00
Werner Koch
a0b9ebfb7d Even less prompts for a new key now. 2010-09-01 12:49:05 +00:00
Werner Koch
03d34be425 Provide a useful pinentry prompt. 2010-04-27 14:11:41 +00:00
Werner Koch
be45bf3d54 Add dummu option --passwd for gpg.
Collected changes.
2010-01-08 19:18:49 +00:00
Werner Koch
7cde92403c 2009-08-20 Daiki Ueno <ueno@unixuser.org>
* mainproc.c (proc_encrypted): Clear passphrase cached with S2K
      cache ID if decryption failed.
    * passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid.
    * gpgv.c (passphrase_clear_cache): New stub.
2009-08-20 08:41:15 +00:00
Werner Koch
2c7a03d54b Comment changes.
Changed --learn-card.
2009-07-30 16:45:06 +00:00
Werner Koch
2e0ce7d97f Fixed a bunch of little bugs as reported by Fabian Keil.
Still one problem left; marked with a gcc #warning.
2009-06-24 14:03:09 +00:00
David Shaw
047d97e95e Add full Camellia support.
* configure.ac: Remove Camellia restriction.

* gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia
restriction.

* misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for
openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and
openpgp_cipher_get_algo_blklen to wrap around the corresponding gcry_*
functions, but pass the algorithm number through
map_cipher_openpgp_to_gcry.  This is needed in case the gcry algorithm
number doesn't match the OpenPGP number (c.f. Camellia).

* encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c, seskey.c,
passphrase.c, seckey-cert.c: Use new openpgp_cipher_* macros here.
2009-06-05 14:11:03 +00:00
Werner Koch
387a51f951 New gpgsm server option no-encrypt-to.
Add caching for symkey encryption.
Minor cleanups.
2009-05-18 17:38:34 +00:00
Werner Koch
c4e92c3344 Made card key generate with backup key work for 2048 bit.
Improved card key generation prompts.
2009-05-15 19:26:46 +00:00
Werner Koch
f8b4cd7650 Import/export of pkcs#12 now uses the gpg-agent directly.
Removed duplicated code (percent unescaping).
2009-04-01 10:51:53 +00:00
Werner Koch
6e7c855d98 Move password repetition from gpg to gpg-agent. 2009-03-17 12:13:32 +00:00
Werner Koch
fb12b4fad3 Add rmd160.c.
Emit anotehr error code status line.
2008-12-12 12:01:20 +00:00
Werner Koch
0a5f742466 Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
Werner Koch
6a78bca874 Fixed an email/DN bug.
Changed pinentry prompts.
2008-03-13 08:46:08 +00:00
Werner Koch
c12ce55b25 Factored utf8 switching code out to i18n.c. 2007-10-19 15:58:38 +00:00
Werner Koch
93d3811abc Changed to GPLv3.
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
2c9791db55 First steps towards supporting W32.
This is mainly source code reorganization.
Update gnulib.
g10/ does currently not build.
2007-06-06 18:12:30 +00:00
Marcus Brinkmann
bc078f97a9 2007-05-19 Marcus Brinkmann <marcus@g10code.de>
* passphrase.c (passphrase_get): Use PACKAGE_GT, not PACKAGE.
2007-05-18 23:32:51 +00:00
Marcus Brinkmann
b9042f1cec agent/
2007-05-19  Marcus Brinkmann  <marcus@g10code.de>

	* protect-tool.c (get_passphrase): Free ORIG_CODESET on error.

g10/
2007-05-19  Marcus Brinkmann  <marcus@g10code.de>

	* passphrase.c (passphrase_get): Free ORIG_CODESET on error.

sm/
2007-05-18  Marcus Brinkmann  <marcus@g10code.de>

	* qualified.c (gpgsm_qualified_consent,
	gpgsm_not_qualified_warning): Free ORIG_CODESET on error.
	* certdump.c (gpgsm_format_keydesc): Likewise.

tools/
2007-05-19  Marcus Brinkmann  <marcus@g10code.de>

	* symcryptrun.c (confucius_get_pass): Free ORIG_CODESET on error.
2007-05-18 22:58:59 +00:00
Marcus Brinkmann
1843485de9 2007-04-26 Marcus Brinkmann <marcus@g10code.de>
* passphrase.c (passphrase_to_dek): Write missing passphrase
	status message in case of cancellation.
2007-04-28 16:04:44 +00:00
Werner Koch
b861561e47 Included LIBICONV in all Makefiles.
g10/
	* passphrase.c (passphrase_get): Set the cancel flag on all error
	from the agent.  Fixes a bug reported by Tom Duerbusch.
sm/
	* gpgsm.c (main): Let --gen-key print a more informative error
	message.
2007-01-31 14:24:41 +00:00
Werner Koch
0173cd5a98 Fixes for CVE-2006-6235 2006-12-06 10:16:50 +00:00
David Shaw
884d1af0ae * options.h, gpg.c (main), passphrase.c (passphrase_to_dek): Add
--passphrase-repeat option to control how many times gpg will
re-prompt for a passphrase to ensure the user has typed it correctly.
Defaults to 1.
2006-12-03 04:41:59 +00:00
David Shaw
c6465b0654 * parse-packet.c (parse_symkeyenc): Show the unpacked as well as the
packed s2k iteration count.

* main.h, options.h, gpg.c (encode_s2k_iterations, main), passphrase.c
(hash_passphrase): Add --s2k-count option to specify the number of s2k
hash iterations.
2006-10-13 04:06:24 +00:00
Werner Koch
3b1f186c87 Re-enabled --passphrase-fd 2006-10-04 17:22:24 +00:00