1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

4938 Commits

Author SHA1 Message Date
Werner Koch
154f3ed2bf
gpg: Move all DNS access to Dirmngr.
* common/dns-cert.h: Move to ../dirmngr/.
* common/dns-cert.c: Move to ../dirmngr/.  Change args to return the
key as a buffer.
* common/t-dns-cert.c: Move to ../dirmngr/.
* common/pka.c, common/pka.h, common/t-pka.c: Remove.

* dirmngr/server.c (data_line_cookie_write): Factor code out to
data_line_write and make it a wrapper for that.
(data_line_write): New.
(cmd_dns_cert): New.
(register_commands): Register new command.

* g10/Makefile.am (LDADD): Remove DNSLIBS.
* g10/call-dirmngr.c (dns_cert_parm_s): New.
(dns_cert_data_cb, dns_cert_status_cb): New.
(gpg_dirmngr_dns_cert): New.
(gpg_dirmngr_get_pka): New.
* g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
* g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
gpg_dirmngr_dns_cert.
(keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
* g10/mainproc.c: Include call-dirmngr.h.
(pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
gpg_dirmngr_get_pka.
--

With this patch gpg does not do any network access itself but uses
dirmngr for that.  Note that we need to keep linking to NETLIBS due to
the logging code and because we need TCP for our socket emulation
under Windows.  Probably also required for Solaris etc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-23 15:52:39 +02:00
Werner Koch
ce11cc39ea
common: Minor change of hex2str to allow for embedded nul.
* common/convert.c (hex2str): Set ERRNO.  Return adjusted COUNT.
--

hex2str is only used at one place for in-place converting an hex
encoded passphrase.  This change does not affect this use.  The change
is however useful to use the function for in-place conversion of
arbitrary hex encoded strings.

Take care for in-place conversion of a hex string encoding binary data
you need to use it this way:

  if (hex2str (string, string, strlen (string) + 1, &length)
     oops ("probably out of memory but see ERRNO");
  for (i=0; i < length; i++)
     foo (string[i));

Note that strlen() + 1.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-23 15:51:51 +02:00
NIIBE Yutaka
a7264e3a6a common: removal of t-support.c from t_jnlib_src.
* common/Makefile.am (t_jnlib_src): Remove t-support.c.

--

Since test programs are linked to libgcrypt and libgpg-error, there
is no need to include t-support.c.

GnuPG-bug-id: 1862, 1915
2015-04-23 10:51:33 +09:00
Werner Koch
c4d98734c5
gpg: Make keyserver-option http_proxy work.
* g10/options.h (opt): Add field keyserver_options.http_proxy.
* g10/keyserver.c (warn_kshelper_option): Add arg noisy.
(parse_keyserver_options): Parse into new http_proxy field.
* g10/call-dirmngr.c (create_context): Send the http-proxy option.
2015-04-21 19:29:53 +02:00
Werner Koch
54e55149f2
common: Make proper use of http proxy parameter.
* common/http.c (is_hostname_port): New.
(send_request): Fix proxy name parsing.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 19:27:22 +02:00
Werner Koch
a0dead5edc
dirmngr: Add http proxy support for keyservers.
* dirmngr/dirmngr.h (server_control_s): Add field http_proxy.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value
from OPT.
(dirmngr_deinit_default_ctrl): New.
(main): Call dirmngr_deinit_default_ctrl.
* dirmngr/server.c (start_command_handler): Ditto.
(option_handler): Add option "http-proxy".
* dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
* dirmngr/ks-engine-hkp.c (send_request): Add proxy support.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 17:15:34 +02:00
Werner Koch
727fe4f8d7
gpg: Do not use honor-keyserver-url sub-option by default. 2015-04-21 15:46:13 +02:00
Werner Koch
ae0d65f864
gpg: Make preferred keyservers work.
* g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done.
(create_context): Move keyserver setting to ...
(open_context): here.
(clear_context_flags): New.
(gpg_dirmngr_ks_get): Add arg override_keyserver.
* g10/keyserver.c (keyserver_refresh): Improve diagnostics.
(keyserver_get_chunk): Ditto.  Pass OVERRIDE_KEYSERVER to ks_get.
--

It used to ignore the given server but showed a diagnostics that it
will be used.
2015-04-21 15:36:30 +02:00
Werner Koch
da1990bac7
gpg: Update sub-options of --keyserver-options
* g10/options.h (KEYSERVER_HTTP_PROXY): New.
(KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove.
(KEYSERVER_TIMEOUT): New.
* common/keyserver.h (KEYSERVER_TIMEOUT): Remove.
* g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files"
and "keep-temp-files". Add "http-proxy" and "timeout".
(parse_keyserver_options): Remove 1.2 compatibility option
"honor-http_proxy".  Remove "use-temp-files" and "keep-temp-files"
code.
--

Note that many of these options where implicitly used by passing any
unknown option down to the former keyserver helpers.  The don't exist
anymore thus we need to make them explicit.  Another patch will convey
them to dirmngr.  Temp files are not anymore used thus they can be
removed and will be ignored when used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 10:15:04 +02:00
Werner Koch
62b2cee85f
Remove the obsolete keyserver directory from the repo.
--

We also merge dirmngr/ChangeLog.1 into dirmngr/ChangeLog-2011
and rename keyserver/ChangeLog-2011 to dirmngr/ChangeLog-2011-ks.
2015-04-20 18:20:45 +02:00
Werner Koch
2180845959
agent: Send the new SETKEYINFO command to the Pinentry.
* agent/call-pinentry.c (agent_askpin): Add args keyinfo and
cache_mode.  Change all callers to pass (NULL,0) for them.  Send
SETKEYINFO command.
* agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for
the new args.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-14 18:41:05 +02:00
NIIBE Yutaka
971d558e86 scd: better handling of extended APDU.
* scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0.
* scd/app-common.h (struct app_ctx_s): Use bit fields for flags.
* scd/ccid-driver.c (CCID_MAX_BUF): New.  Only for OpenPGPcard.
(struct ccid_driver_s): New field of max_ccid_msglen.
 Remove ifsd field.
(parse_ccid_descriptor): Initialize max_ccid_msglen.
(ccid_transceive_apdu_level): Implement sending extended APDU in
chain of CCID message.

--

With this patch, we won't need PC/SC library/service any more.
GnuPG-bug-id: 1947
2015-04-14 14:17:03 +09:00
Werner Koch
25fce93ba1
gpg: Fix NULL-segv due to invalid imported data.
* g10/free-packet.c (my_mpi_copy): New.
(copy_public_key, copy_signature): Use instead of mpi_copy.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-13 17:19:46 +02:00
Neal H. Walfield
5cde5bf373 dirmngr: If LDAP is not enable, don't build the LDAP bits.
* dirmngr/Makefile.am (dirmngr_SOURCES): Only include
ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP
is TRUE.
(module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE.
* dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.
* dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1949
2015-04-13 12:02:40 +02:00
Werner Koch
454f60399c
common: Do without nested fucntions to support non-gcc.
* common/t-stringhelp.c (test_strsplit): Remove nested function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-13 09:57:33 +02:00
Werner Koch
eb54282e39
build: Update gpg-error.m4.
--
2015-04-12 19:58:28 +02:00
Werner Koch
482b2f8b5d
Post release updates.
--
2015-04-11 13:33:41 +02:00
Werner Koch
b1e1959d59
Release 2.1.3. gnupg-2.1.3 2015-04-11 13:14:43 +02:00
Yuri Chornoivan
896f438967
po: Update Ukrainian translation 2015-04-11 13:13:36 +02:00
Ineiev
b69d7064f3
po: Update and review Russian translation 2015-04-11 12:55:22 +02:00
Werner Koch
c8bb5000d4
dirmngr,w32: Make it build for Windows.
* dirmngr/Makefile.am (t_common_ldadd): Add missing libs.
2015-04-10 15:08:50 +02:00
Werner Koch
67158ff155
Remove obsolete directories from AM_CPPFLAGS. 2015-04-10 13:11:59 +02:00
Werner Koch
0fb224c2c5
dirmngr,w32: Replace functions not available under Windows.
* dirmngr/ks-engine-ldap.c (extract_attributes): Replace isoptime and
gmtime_r.
2015-04-10 13:09:58 +02:00
Werner Koch
5d60c7f7e0
common: Add new function gnupg_gmtime.
* common/gettime.c (gnupg_gmtime): New.
(gnupg_get_isotime): Use it.  Also take care of an gmtime_t returning
an error.
--

The fix in gnupg_get_isotime is only to cover up a theoretical broken
time (e.g. a value of (time_t)(-2) which is not mapped beyond 2038 on
32 bit systems).

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-10 13:09:39 +02:00
Werner Koch
f6670100b7
common: Add new function isodate_human_to_tm
* common/gettime.c (isotime_human_p): Add arg date_only.
(isodate_human_to_tm): New.
* common/t-gettime.c (test_isodate_human_to_tm): New.
(main): Call new test.
--

This function in intended as replacement for

 strptime (foo, "%Y-%m-%d", &bar)

which is not available under Windows.
2015-04-10 13:09:37 +02:00
Werner Koch
6ad95fe6f1
dirmngr,w32: Avoid name clash with existing function
* dirmngr/ks-engine-ldap.c (ldap_connect): Rename to my_ldap_connect.
2015-04-10 13:09:35 +02:00
Werner Koch
9433661419
gpgparsemail: Fix last commit (3f2bdac)
* tools/rfc822parse.c (parse_field): Replace break by goto.
--

Brown paper bag bug: Changing an IF to a WHILE inside another loop
requires to fix the inner break.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-10 08:34:35 +02:00
Werner Koch
3f2bdac2f2
speedo: Fix libgpg-error build in w64 builds
--

This typo was recently introduced.
2015-04-09 19:08:57 +02:00
Werner Koch
787cb8e261
tools: Remove trailing spaces.
--
2015-04-09 19:07:21 +02:00
Werner Koch
3fbeba64a8
gpgparsemail: Fix case of zero length continuation lines.
* tools/rfc822parse.c (parse_field): Loop after continuation line.
--

Using header lines like

  Name:[lf]
  [space][lf]
  [lf]

resulted in running into the "(s2 = strchr (delimiters2, *s)" branch
and inserting a new token for the empty continuation line.  This also
led to one byte read after the string which is what Hanno figured.
The new code should handle empty continuation lines correct.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-09 19:06:33 +02:00
Werner Koch
6619ead2cf
sm: Fix certificate lookup in dirmngr cache.
* sm/call-dirmngr.c (get_cached_cert): Fix typo in LOOKUP command.
--

This bug has been here since the code was written.  The commit message
for commit 2d0ca28a226773b9779a93c39bba9bace13232fe actually had the
warning that the code has not been tested.  Now the funny thing is
that when the code was backported to the 2.0 branch just a few minutes
later that typo was fixed en passant in that branch.
2015-04-08 16:19:56 +02:00
Werner Koch
c2383407bb
gpg: Print the user id in --fast-list-mode.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Change.
2015-04-06 20:23:05 +02:00
Werner Koch
67a58118ab
gpg: Prepare to pass additional context to the list functions.
* g10/keylist.c (struct sig_stats): Rename to keylist_context and add
field check_sigs.
(keylist_context_release): New.
(list_all): Set listctx.check_sigs and call release func.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_print): Use .check_sigs field.  Repalce arg opaque by
listctx.
(list_keyblock): Ditto.  Make static.
(list_keyblock_direct): New.
* g10/keygen.c (do_generate_keypair): Replace list_keyblock by
list_keyblock_direct.
--

This is in preparation for the server mode and for a patch to speed up
--list-sigs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 19:46:25 +02:00
Werner Koch
f577d5c1a7
gpg: Merge duplicated code for get_user_id et al.
* g10/getkey.c (get_user_id_string): Add args mode and r_LEN.
(get_user_id_string_native): Add new args.
(get_long_user_id_string, get_user_id): Rewrite using
get_user_id_string.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 19:09:50 +02:00
Werner Koch
c581ed717a
gpg: Add new option --debug-iolbf.
* g10/gpg.c (oDebugIOLBF): new.
(opts): Add --debug-iolbf.
(main): Set option.
--

This option is convenient for debugging to make sure that debug output
to stderr is synced with output to stdout.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 14:07:50 +02:00
Werner Koch
24a75201da
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG.
* g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
Werner Koch
2f099eb62a
Fix use of DBG_CACHE and DBG_LOOKUP
* dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
* g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
* g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
2015-04-06 13:27:26 +02:00
Werner Koch
4de8a58e44
gpg: Rename a debug macro.
* g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE.
(DBG_CIPHER): Rename to DBG_CRYPTO.
2015-04-06 13:07:09 +02:00
Werner Koch
d901efceba
gpg: Fix DoS while parsing mangled secret key packets.
* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
et al.
--

Due to the missing length checks PKTLEN may turn negative.  Because
PKTLEN is an unsigned int the malloc in read_rest would try to malloc
a too large number and terminate the process with "error reading rest
of packet: Cannot allocate memory".

Reported-by: Hanno Böck.
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-05 12:49:26 +02:00
NIIBE Yutaka
f82c4a6d0d g10: Fix keytocard.
g10/call-agent.h (agent_scd_learn): Add FORCE option.
g10/call-agent.c (agent_scd_learn): Implement FORCE option.
g10/keygen.c (gen_card_key): Follow the change of option.
g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
g10/keyedit.c (keyedit_menu): Update private key storage by
agent_scd_learn.
--

This is not a perfect solution since there is a possibility user
unplug card before quitting 'gpg --keyedit' session.  Usually,
it works well.

GnuPG-bug-id: 1846
2015-04-03 17:39:59 +09:00
NIIBE Yutaka
4ffadb74b3 agent: Add --force option for LEARN.
* agent/command.c (cmd_learn): Handle --force option.
(cmd_keytocard): Don't update key storage file.
* agent/agent.h (agent_handle_learn): Add FORCE.
* agent/learncard.c (agent_handle_learn): Implement FORCE to update
key stroage file.
--
2015-04-03 17:33:11 +09:00
Neal H. Walfield
d0ff2ee041 dirmngr: Don't use alloca.
* dirmngr/ks-engine-ldap.c (ks_ldap_put): Replace use of alloca with
xmalloc and xfree.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-31 14:48:31 +02:00
Neal H. Walfield
802eec0ca4 dirmngr: Simplify truncation of long strings in debug code.
* dirmngr/ks-engine-ldap.c (modlist_dump): Simplify truncation of long
strings.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-31 14:23:13 +02:00
Neal H. Walfield
6d5aee23c3 dirmngr: Correct indentation.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-31 12:26:59 +02:00
Neal H. Walfield
7f6d7948c1 dirmngr: Use a better error code.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return
GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-31 12:07:39 +02:00
Neal H. Walfield
44297d0821 gpg: Remove gratuitous extern qualifier from declaration.
--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-31 12:00:58 +02:00
Neal H. Walfield
348c520040 dirmngr: Better encapsulate the keyservers variable.
* dirmngr/dirmngr.h (struct server_control_s): Move field keyservers
from here...
* dirmngr/server.c (struct server_local_s): ... to here.  Update
users.
* dirmngr/ks-action.h (ks_action_resolve): Add argument keyservers.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.
* dirmngr/ks-action.c (ks_action_resolve): Add argument keyservers.
Use it instead of ctrl->keyservers.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-31 11:58:41 +02:00
Neal H. Walfield
f26ba14028 gpg: Only use the last specified keyserver.
* g10/gpg.c (main): Only use the last specified keyserver.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-28 16:55:37 +01:00
Werner Koch
bec10ae4b5
dirmngr: Fix resource leaks and check rare errors.
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource
leak.
(ks_ldap_search): Check error from es_fopenmem.  Use LDAP_ERR where
required.
(modlist_dump): Check error from es_fopenmem.
(uncescape): s/int/size_t/.  Use existing macros.
(extract_attributes): Use existing trim function.
(ks_ldap_put): Do not segv on error from modlist_dump.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-25 19:39:27 +01:00
Werner Koch
6c701af121
dirmngr: Minor cleanups.
* dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h.
(ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/.
(tm2ldaptime): Use snprintf.
(ldap_connect): Get error code prior to log_error and and use modern
function.   Use xfree, xtrustrdup etc.
(modlist_lookup): Use GNUPG_GCC_A_USED.
(modlist_free): Use xfree.
--

sprintf has been replaced by snprintf to avoid warnings on some
platforms.

xfree et al. is required so that replacement functions are
used if defined.  For example the Libgcrypt functions which may not be
fully compatible with standard free.

Impossible conditions should use GPG_ERR_INTERNAL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-25 19:33:59 +01:00