1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

7696 Commits

Author SHA1 Message Date
Werner Koch
625e292108
gpg: Fail decryption for AES etc message w/o MDC.
* g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC.
--

This change turns the missing MDC warning into an error if the message
has been encrypted using a cipher with a non-64 bit block length cipher
and it is not Twofish.

We can assume that such messages are created by code which should have
been able to create MDC packets.  AES was introduced with 1.0.3 on
2000-09-18 shortly after MDC (1.0.2 on 2000-07-12).  We need to
exclude Twofish because that might have been used before MDC.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 09:44:15 +02:00
NIIBE Yutaka
4a5bd1720f agent: Fix verification of signature for smartcard.
* agent/pksign.c (agent_pksign_do): Use public key smartcard.

--

Since gcry_pk_verify can't handle shadowed private key, public
key SEXP should be prepared for smartcard.
2015-10-06 15:10:25 +09:00
NIIBE Yutaka
ce2a84b588 agent: Fix non-allocation for pinentry_loopback.
* agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will
be allocated by pinentry_loopback.
2015-10-06 07:52:32 +09:00
Werner Koch
f3959f14b6
gpg: Install a dirmngr.conf file.
* g10/dirmngr-conf.skel: New.
* g10/Makefile.am (EXTRA_DIST): Add file.
(install-data-local, uninstall-local): Install that file.
* g10/openfile.c (copy_options_file): Add arg "name", return a value,
simplify with xstrconcat, and factor warning message out to:
(try_make_homedir): here.  Also install dirmngr.conf.
* g10/options.skel: Remove --keyserver entry.
--

The option --keyserver in gpg has been deprecated in favor of
--keyserver in dirmngr.conf.  Thus we need to install a skeleton file
for dirmngr to set a default keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 19:48:47 +02:00
Werner Koch
ae471fa978
gpg: Deprecate the --keyserver option.
* g10/keyserver.c (keyserver_refresh): Change return type to
gpg_error_t.  Use gpg_dirmngr_ks_list to print the name of the
keyserver to use.
(keyserver_search): Do not print the "no keyserver" error
message.  The same error is anyway returned from dirmngr.
* g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
(ks_status_cb): Handle other status keywords.
(gpg_dirmngr_ks_list): New.
* tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
(gc_options_dirmngr): Add "Keyserver" group and "keyserver".
--

Along with the corresponding dirmngr change this option allows to
configure the keyserver only in dirmngr.conf.  Existing
configurations will continue to work.  However, GUIs using gpgconf
now the keyserver option under the dirmngr (aka Key Acquirer) tab
unless they are in export mode in which the keyserver option is also
show for gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 17:52:28 +02:00
Werner Koch
a48e6de603
dirmngr: Add option --keyserver.
* dirmngr/dirmngr.c (oKeyServer): New.
(opts): Add "keyserver".
(parse_rereadable_options): Parse that options
(main): Add option to the gpgconf list.
* dirmngr/dirmngr.h (opt): Add field "keyserver".
* dirmngr/server.c (ensure_keyserver): New.
(make_keyserver_item): New.  Factored out from
(cmd_keyserver): here.  Call ensure_keyserver.
(cmd_ks_search): Call ensure_keyserver.
(cmd_ks_get): Ditto.
(cmd_ks_fetch): Ditto.
(cmd_ks_put): Ditto.
--

This option specifies the keyserver to be used if the client does not
set another keyserver.  We want to fade out the use of --keyserver in
gpg.conf in favor of specifying it here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 17:44:20 +02:00
Werner Koch
438730323a
dirmngr: Make clear that --use-tor is not yet ready for use.
* dirmngr/dirmngr.c (main): Print a warning if --use-tor has been
given.
* tools/gpgconf-comp.c (gc_options_dirmngr): Make --use-tor invisible.
2015-10-05 11:31:31 +02:00
Werner Koch
7392d30182
po: Update the German translation.
--
2015-10-05 11:17:40 +02:00
Werner Koch
c6400c1aa8
gpgconf: Change displayed name of Dirmngr to "Key Acquirer".
* tools/gpgconf-comp.c (gc_component): Change printed name.
--

All network access is handled by Dirmngr so at least in the GUI option
dialog we should acknowledge that by changing the name to an issuer to
understand term.  This is an update of
819bba75aa suggested by Neal Walfield.
The former term "Network Manager" conflicts with the well known GNOME
network manager tool.
2015-10-05 11:08:34 +02:00
Werner Koch
0bae2ff599
tests: Two new OpenPGP test keys from E2E.
--
2015-10-05 10:58:00 +02:00
Werner Koch
bdd180f47c
scd: Use Assuan macro instead of a number constant.
--
2015-10-02 12:21:31 +02:00
Werner Koch
75c64c2b6d
dirmngr: Fix use-after-free due to a realloc shrinking.
* dirmngr/ks-engine-hkp.c (map_host): Do not use original pointer
after realloc.
--

vex01 reported and debugged the problem.

GnuPG-bug-id: 2107
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-02 11:31:45 +02:00
Werner Koch
ddf9dd135a
agent: Fix alignment problem with the second passphrase struct.
* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
PI2.  Check return value of the malloc function.
* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
for PI2.  Wipe PI2.
--

For whatever stupid reasons I once allocated only one memory area and
split that into PI and PI2.  This is actually a common pattern with
malloc but here we used a made up object size and do not take the
extra alignment required into account.  One of these not yet hit by
a (sig)bus PC/VAX hacker bugs.

Instead of trying to fix the alignment, it is better to use a second
calloc for the second struct.

GnuPG-bug-id: 2112
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-02 10:58:40 +02:00
Werner Koch
2acceba5cc
gpg: Fix a practical hang after use of --faked-system-time.
* g10/sign.c (update_keysig_packet): Bail out if we would need to long
for a new timestamp.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-01 17:59:22 +02:00
Werner Koch
2c60663a72
gpg: Print more info with "check selfsig".
* g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
packets.
2015-10-01 17:57:39 +02:00
Werner Koch
13a3f65968
gpg: Add debug helper to --edit-keys's check sub-command.
* g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
print an asterisk for the chosen selfsig.
(check_all_keysigs): Add arg "only_selfsig"
(keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
--

Using "check selfsig" prints only the self-signatures and indicates
the chosen selfsig with an asterisk.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-01 16:24:59 +02:00
NIIBE Yutaka
a9895a5a72 common: Fix strsplit.
* common/stringhelp.c (strsplit): Fix arguments order.
2015-10-01 08:57:06 +09:00
Neal H. Walfield
c8584a1e55 common: Add mkdir_p.
* common/mkdir_p.c: New file.
* common/mkdir_p.h: New file.
* common/Makefile.am (common_sources): Add mkdir_p.c and mkdir_p.h.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-30 12:58:31 +02:00
Neal H. Walfield
5576146ede common: Remove unused files.
* common/xmalloc.c: Remove file.
* common/xmalloc.h: Remove file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-30 12:58:31 +02:00
Neal H. Walfield
270d3f55f9 common: Include <gpg-error.h>.
* common/logging.h: Include <gpg-error.h>.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

logging.h uses estream_t and as such should directly include
<gpg-error.h>.
2015-09-30 12:58:30 +02:00
Neal H. Walfield
8ab63e4b50 g10: Remove unused struct cmp_help_context_s.
* g10/sig-check.c (struct cmp_help_context_s) Remove unused struct.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-29 11:32:40 +02:00
Neal H. Walfield
12443eafa6 g10: Avoid an unnecessary copy.
* g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
Instead, directly use the provided storage.  If none is provided
allocate some.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-29 11:32:39 +02:00
NIIBE Yutaka
5c067d54d3 ssh: Fix fingerprint computation for EdDSA key.
* common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40.
* common/t-ssh-utils.c (sample_keys): Add a new key.

--

Also adding Ed25519 test key.
2015-09-29 15:33:59 +09:00
NIIBE Yutaka
cfbe6ba9cf agent: RSA signature verification by gpg-agent.
* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.

--

RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary.  Newer libgcrypt does so.  For older libgcrypt and
smartcards, gpg-agent does signature verification.
2015-09-29 09:49:44 +09:00
Werner Koch
f1effdc5ec
common: Provide two new error code replacements.
* common/util.h (GPG_ERR_FALSE, GPG_ERR_TRUE): Rew replcements.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-28 18:40:38 +02:00
Werner Koch
348acbe18a
doc,w32: Fix compiler warnings.
--
2015-09-28 18:40:38 +02:00
Werner Koch
83811e3f1f
common: Change calling convention for gnupg_spawn_process.
* common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New.
(GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the
numbers.
* common/exechelp.h (gnupg_spawn_process): Change function to not take
an optional stream for stdin but to return one.
* common/exechelp-posix.c (gnupg_spawn_process): Implement change.
(create_pipe_and_estream): Add args outbound and nonblock.
* common/exechelp-w32.c (gnupg_spawn_process): Implement change.
--

In 2.1 this function is only used at one place and the stdin parameter
is not used.  Thus this change is trivial for the callers but along
with estream's new es_poll it is overall simpler to use.

Note that the Windows version has not been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-28 18:40:38 +02:00
NIIBE Yutaka
6bb7206e35 scd: Handle error correctly.
* scd/apdu.c (apdu_connect): Initialize variables and check an error
of apdu_get_status_internal.
2015-09-28 13:41:59 +09:00
Werner Koch
12ff806d1b
ssh: Add 256, 384 and 521 bit test keys for the fingerprint.
* common/t-ssh-utils.c (sample_keys): Add 3 new keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-22 10:01:31 +02:00
Werner Koch
2167951b27
ssh: Fix fingerprint computation for 384 bit ECDSA keys.
* common/ssh-utils.c (get_fingerprint): Fix hashed string.
--

That was an obvious c+p bug which should have been caught by a test
case.

GnuPG-bug-id: 2075
Debian-bug-id: 795636
2015-09-22 09:28:35 +02:00
NIIBE Yutaka
1542dc604b agent: Fix importing ECC key.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
parameters are stored as opaque.
(apply_protection): ARRAY members are all normal, non-opaque MPI.
(extract_private_key): Get public key as normal, non-opaque MPI.
Remove support of ECC key with '(flags param)'.
Remove support of "ecdsa" and "ecdh" keys of our experiment.
2015-09-19 17:45:17 +09:00
NIIBE Yutaka
708b7eccde scd: Fix KEYTOCARD handling for ECC key.
* scd/app-openpgp.c (ecc_writekey): Only public key can be native
format.
2015-09-19 16:27:36 +09:00
Neal H. Walfield
8499c4f84a common: Add new function strlist_length.
* common/strlist.c (strlist_length): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-19 01:26:48 +02:00
Werner Koch
819bba75aa
gpgconf: Change displayed name of Dirmngr to "Network Manager".
* tools/gpgconf-comp.c (gc_component): Change printed name.
--

All network access is handled by Dirmngr so at least in the GUI
option dialog we should acknowledge that by changing the name to an
issuer to understand term.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 16:21:31 +02:00
Werner Koch
c091816b4a
dirmngr: Add option --use-tor as a stub.
* dirmngr/dirmngr.h (opt): Add field "use_tor".
* dirmngr/dirmngr.c (oUseTor): New.
(opts): Add --use-tor.
(parse_rereadable_options): Set option.
(main): Tell gpgconf about that option.

* dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
return an error if LDAP is used in TOR mode.
(ca_cert_fetch): Return an error in TOR mode.
(start_cert_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
http module.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.  Also pass TOR flag to the
http module.

* dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
(cmd_dns_cert): Return an error in TOR mode.
(cmd_getinfo): Add subcommand "tor"
* tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
--

More work is required to actually make --use-tor useful.  For now it
returns an error for almost all network access but as soon as we have
added the TOR feature to the http module some parts will start to
work.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 16:21:31 +02:00
Werner Koch
d5a3142b8f
gpg: Report a conflict between honor-keyserver-url and TOR.
* g10/call-dirmngr.c (create_context): Send option and print a verbose
error.
--

It is in general a bad idea to use honor-keyserver-url but if Dirmngr
is running in TOR mode we should not allow this option at all.  We let
Dirmngr know about the use of this option and let Dirmngr tell use
whether TOR mode is active so that we can print a hint to disable that
keyserver option.

A future extension in gpgconf may disable that option directly but a
user may still override that and thus we better check.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 16:21:31 +02:00
Werner Koch
b4bc1c8b10
http: Add flag to force use of TOR (part 1)
* common/http.h (HTTP_FLAG_FORCE_TOR): New.
* common/http.c (http_raw_connect, send_request): Detect flag and
return an error for now.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 16:21:30 +02:00
NIIBE Yutaka
f986b23e13 po: Update Japanese translation. 2015-09-17 17:08:27 +09:00
NIIBE Yutaka
6510df3a7c scd: Fix ccid-driver timeout for OpenPGPcard v2.1.
* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
(ccid_transceive_apdu_level, ccid_transceive): Use.

--

It is reported that key generation causes timeout with OpenPGPcard
v2.1.  Ideally, timeout value could be determined at run-time by
examining card's ATR.  Compile-time fixed value is OK for internal
CCID driver.
2015-09-17 11:21:44 +09:00
Werner Koch
93d257c819
agent: New option --pinentry-invisible-char.
* agent/gpg-agent.c (oPinentryInvisibleChar): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* agent/agent.h (opt): Add field pinentry_invisible_char.
* agent/call-pinentry.c (start_pinentry): Pass option to pinentry.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 21:24:14 +02:00
Werner Koch
9e65bbd255
g13: Move some code to a separate module.
* g13/g13-common.c, g13/g13-common.h: New.
* g13/Makefile.am (g13_SOURCES): Add new files.
* g13/g13.c (g13_errors_seen): Move to g13-common.c.
(cmdline_conttype): New.
(main): Use g13_init_signals and g13_install_emergency_cleanup.
(emergency_cleanup, g13_exit): Move to g13-common.c.
* g13/g13.h: Move OPT and some other code to g13-common.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 19:03:09 +02:00
Werner Koch
8eb3a1797a
gpg: Fix skip function dummy parameter.
* g10/trustdb.c (search_skipfnc): Fix dummy argument
--

This is required due to the prototype change in
commit 9acbeac236

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 19:02:35 +02:00
Werner Koch
f71ed902de
gpg: Change last commit to avoid extra translations.
* g10/keyedit.c (keyedit_menu): Do not print usage hints in expert
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 18:55:27 +02:00
Neal H. Walfield
172af881a1 g10: Improve error message.
* g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
must be selected, indicate what command to use to do this.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:31 +02:00
Neal H. Walfield
6845737736 g10: Be more careful when merging self-signed data.
* g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
data belonging to the public key when we encounter an attribute packet
or a subkey packet, not just a user id packet.  When looking for
self-signed data belonging to a user id packet, stop when we see a
user attribute packet.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:30 +02:00
Neal H. Walfield
c31e089129 g10: Simplify some complicated boolean expressions.
* g10/getkey.c (finish_lookup): Simplify logic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:29 +02:00
Neal H. Walfield
77c2ad4a81 g10: Also mark revoked and expired keys as unusable.
* g10/getkey.c (skip_unusable): Also mark the key as unusable if it
has been revoked or has expired.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:29 +02:00
Neal H. Walfield
1b601de06a g10: Release resources when returning an error in get_seckey.
* g10/getkey.c (get_seckey): If the key doesn't have a secret key,
release *PK.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:28 +02:00
Neal H. Walfield
cab581c486 g10: Improve documentation and comments for getkey.c.
* g10/getkey.c: Improve documentation and comments for most
functions.  Move documentation for public functions from here...
* g10/keydb.h: ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:28 +02:00
Neal H. Walfield
7333e704ef g10: Remove unused function have_any_secret_key.
* g10/getkey.c (have_any_secret_key): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:27 +02:00