1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

5886 Commits

Author SHA1 Message Date
Werner Koch
1b460f049e
gpg: Try to use the passphrase from the primary for --quick-addkey.
* agent/command.c (cmd_genkey): Add option --passwd-nonce.
(cmd_passwd): Return a PASSWD_NONCE in verify mode.
* g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
not send a RESET if given.
(agent_passwd): Add arg 'verify'.
* g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
(gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
(generate_subkeypair): Use sepeare hexgrip var for the to be created
for hexgrip feature.  Verify primary key first.  Make use of the
passwd nonce.  Allow for a static passphrase.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
Werner Koch
01285f909e
gpg: Extend the --quick-gen-key command.
* g10/keygen.c (quickgen_set_para): Add arg 'use'.
(quick_generate_keypair): Add args 'algostr', 'usagestr', and
'expirestr'.  Implement primary only key mode.
(parse_algo_usage_expire): Set NBITS for the default algo.
* g10/gpg.c (main): Extend --quick-gen-key command.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 18:38:10 +02:00
Werner Koch
dcc4cd8382
gpg: Improve the new parse_subkey_algostr_usagestr fucntion.
* g10/keygen.c (parse_usagestr): Allow "cert".
(generate_subkeypair): Factor expire parsing out to ...
(parse_subkey_algostr_usagestr): here.  Rename to ...
(parse_algo_usage_expire): this.  Add arg 'for_subkey'.  Set CERT for
primary key and check that it is not set for subkeys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 17:06:39 +02:00
Werner Koch
8f2a053a0f
gpg: New command --quick-addkey.
* g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
(ask_keysize): Factor code out to ...
(get_keysize_range, fixup_keysize): new.
(parse_parameter_usage): Factor parsing out to  ...
(parse_usagestr): new.  Allow use of "encr" as alias for "encrypt".
(parse_subkey_algostr_usagestr): New.
(generate_subkeypair): Add new args.  Implement unattended mode.

* g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
(find_by_primary_fpr): new.
(keyedit_quick_addkey): New.
* g10/gpg.c (aQuickAddKey): New.
(opts): Add --quick-addkey.
(main): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 16:01:48 +02:00
Werner Koch
d837f6b0ea
gpg: Do not abort on certain invalid packets.
* g10/build-packet.c (write_fake_data): Check for non-opaque data.
* g10/seskey.c (do_encode_md): Return NULL instead of abort.
--

The first may happen if the usage flags of an algorithm do not match
the allowed usage.  When writing a backsig this would lead to a
log_bug in libgcrypt due to the use of a regular MPI as opaque data.

The second may happen with all kind of invalid data.  It is easy to
avoid an abort, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:57:59 +02:00
Werner Koch
072acb69be
common: New function openpgp_is_curve_supported.
* common/openpgp-oid.c: Include openpgpdefs.h.
(oidtable): Add field pubkey_algo.
(openpgp_is_curve_supported): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:57:59 +02:00
Werner Koch
c9f9fabdcc
common: Add comments on how to enable backtrace().
--
2016-06-02 15:57:59 +02:00
NIIBE Yutaka
db1ecc8212 g10: Allow User ID length >= 256.
* build-packet.c (do_user_id): Call write_header2 with HDRLEN not set.

--

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 2374
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-01 21:04:41 +09:00
Werner Koch
67a4bc8d53
gpg: New status code NOTATION_FLAGS.
* common/status.h (STATUS_NOTATION_FLAGS: New.
* g10/packet.h (struct notation): Add flags.human.
(notation_t): New typedef.
* g10/build-packet.c (sig_to_notation): Set flags.human.
* g10/keylist.c (show_notation): Write STATUS_NOTATION_FLAGS.
2016-05-31 15:51:18 +02:00
Justus Winter
903328a3ef build: Fix URL.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-31 11:03:18 +02:00
Werner Koch
239a4d5391
common: Add a status callback to gnupg_exec_tool_stream.
* common/exectool.h (exec_tool_status_cb_t): New.
* common/exectool.c: Include missing exectool.h.
(read_and_log_buffer_t): Replace array by pointer.
(gnupg_exec_tool_stream): Add args 'status_cb' and 'status_cb_value'.
Change all callers to pass NULL for them.  Malloc buffer for
FDERRSTATE.
(read_and_log_stderr): Implement status_fd feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-28 00:07:09 +02:00
Werner Koch
44a32455c8
common: Allow a second input stream for gnupg_exec_tool_stream.
* common/exechelp-posix.c (do_exec): Add arg 'except' and pass to
close_all_fds.
(gnupg_spawn_process): Add arg 'except'.  Change callers to pass NULL
for it.
* common/exechelp-w32.c (gnupg_spawn_process): Add dummy arg 'except'.
* common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
* common/exectool.c (copy_buffer_do_copy): Allow NULL for SINK.
(gnupg_exec_tool_stream): Add arg 'inextra'. Change callers to pass
NULL for it.  Allow NULL for OUTPUT.
--

This hack is a first step to allow calling gpg for verification of
signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 22:48:31 +02:00
Werner Koch
e6d9a2d07e
common: Simplify the fd closing patch 512c56a.
* common/exechelp-posix.c (get_max_fds): Use /proc/self.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 22:22:37 +02:00
Werner Koch
512c56af43
common: Speedup closing fds before an exec.
* common/exechelp-posix.c [__linux__]: Include dirent.h.
(get_max_fds) [__linux__]: Return the actual used highest fd.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 22:02:54 +02:00
Werner Koch
ad75ca9c96
tools: Improve debug output of rfc822parse.
* tools/rfc822parse.c (show_event): Add missing events.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 15:51:25 +02:00
Werner Koch
d755bcb89d
build: Remove obsolete tests for funopen and fopencookie.
* configure.ac (AC_CHECK_FUNCS): Remove tests for funopen.
--

Meanwhile we are using the portable functions from libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 15:50:30 +02:00
Werner Koch
5d991e333a
common: Extend gnupg_create_inbound_pipe et al.
* common/exechelp-posix.c (gnupg_create_inbound_pipe): Add args 'r_fp'
and 'nonblock'.
(gnupg_create_outbound_pipe): Ditto.
* common/exechelp-w32.c (gnupg_create_inbound_pipe): Add non yet
functional args 'r_fp' and 'nonblock'.
(gnupg_create_outbound_pipe): Ditto.
* common/exechelp-w32ce.c (gnupg_create_inbound_pipe): Ditto.
(gnupg_create_outbound_pipe): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 15:41:55 +02:00
Werner Koch
96c7901ec1
common: Make use of default_errsource in exechelp.
* common/exechelp-posix.c (my_error_from_syserror, my_error): New.
Use them instead of gpg_error and gpg_error_from_syserror.
(create_pipe_and_estream): Remove arg ERRSOURCE and fix use of
OUTBOUND which has a wrong name.  Adjust callers.
(gnupg_spawn_process): Remove arg ERRSOURCE and replace by use of
DEFAULT_ERRSOURCE.
* common/exechelp-w32.c (gnupg_spawn_process): Ditto.
* common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
* common/exectool.c (gnupg_exec_tool_stream):  Do not pass
GPG_ERROR_FROM_SYSERROR.
* tools/gpgconf-comp.c (gc_component_check_options): Ditto.
(retrieve_options_from_program): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 15:34:22 +02:00
Werner Koch
6c957c3d88
gpg: Keep current and total of PROGESS status lines small enough.
* g10/progress.c (progress_filter): Factor status wrote out to...
(write_status_progress): New.  Scale values down.
--

GnuPG-bug-id: 2368
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 11:29:55 +02:00
NIIBE Yutaka
b3e043ba90 configure: Detection of libusb on FreeBSD.
* configure.ac (LIBUSB_LIBS): Use LIBUSB_NAME for AC_CHECK_LIB.

--

Thanks to Michael Sinatra.

GnuPG-bug-id: 2367
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-05-27 08:48:04 +09:00
Werner Koch
74028096e0
build: Switch to new URL for swdb.lst 2016-05-25 14:44:50 +02:00
Werner Koch
91bc783383
gpgtar: Simplify code by using ccparray.
* tools/gpgtar-create.c (gpgtar_create): Use ccparray functions.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-24 16:07:09 +02:00
Werner Koch
2421f7f7ed
common: Add simple dynamic array function.
* common/ccparray.c: New.
* common/ccparray.h: New.
* common/t-ccparray.c: New.
* common/Makefile.am (common_sources): Add files.
(module_tests): Add test file.
(t_ccparray_LDADD): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-24 15:43:16 +02:00
Werner Koch
f7426b73ce
common,w32: Silence an unused arg warning message.
--
2016-05-24 13:04:29 +02:00
Werner Koch
9bbb841bd9
gpg, w32: Fix build regression.
--

Fixes-commit: 754b1c463034a634a678d8efc76c27fd46aad9b9
2016-05-24 13:04:29 +02:00
Justus Winter
b9d1e099c3 tests: Test the pinentry interactions when exporting keys.
* tests/openpgp/export.test: Test pinentry interactions.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 16:06:53 +02:00
Justus Winter
4994153924 tests: Add support for a passphrase queue to fake pinentry.
* tests/openpgp/fake-pinentry.c (get_passphrase): New function.
(main): Add option --passphrasefile and read passphrases from it.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 16:06:53 +02:00
Justus Winter
41b10c66ec tests: Add logging to fake pinentry.
* tests/openpgp/fake-pinentry.c (log_stream): New variable.
(reply): New function.
(spacep,skip_options,option_value): Copy from common.
(main): Parse arguments, add --logfile option, write logfile.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 16:06:53 +02:00
Justus Winter
a54e89a585 tests: Add export test.
* tests/openpgp/Makefile.am (TESTS): Add new file.
* tests/openpgp/export.test: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 16:06:53 +02:00
Daniel Kahn Gillmor
5beb6ab4b0 g10: Fix typo in comment.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 15:03:59 +02:00
Werner Koch
78bb08425a
gpg: Speed up key listing in Tofu mode.
* g10/tofu.c (get_trust): Add arg PK.  Uses this instead of a an extra
lookup of the public key by fingerrpint.
(tofu_register): Pass PK to get_trust.
(tofu_get_validity): Ditto.

*g10/tofu.c (tofu_register): Remove unused FINGERPRINT_PP.
--

With my test keybox I see a speedup of 10 times (33s to 3.1s).  The
reason for this was the extra key lookup which I hacked in at some
point to make the extraction of a keyid correct also for non v4 keys.
However our caller already has the public key and thus can easily pass
it to get_trust along with the fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 20:38:18 +02:00
Werner Koch
b1ba460d8f
gpg: Avoid name spaces clash with future sqlite versions.
* g10/sqlite.c: Rename to gpgsql.c.  Change function prefixes to
gpgsql_.
* g10/sqlite.h: Rename to gpgsql.h.
* g10/tofu.c: Adjust for changes.
--

We used for our own extensions symbols with an sqlite_ names prefix.
This may in theory lead to duplicated symbols but more important, it
is harder to understand what is from gpg and what is from libsqlite.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 20:06:59 +02:00
Werner Koch
006a612613
gpg: Explicitly close a combined Tofu DB.
* g10/tofu.c (tofu_closedbs): Close combined DB.
2016-05-21 12:51:18 +02:00
Werner Koch
8abd1f53fd
gpg: Remove debug output accidently introduced with 027c4e5.
--

Fixes-commit: 027c4e55522b8e18711a3331932a9869ab89ca26
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 12:33:41 +02:00
Werner Koch
754b1c4630
gpg: Store the Tofu meta handle for databases in CTRL.
* g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations.
(struct server_control_s): Add field tofu.dbs.
* g10/tofu.c (struct dbs): Rename to tofu_dbs_s.  Replace all users by
by tofu_dbs_t.
(opendbs):  Add arg CTRL.  Cache the DBS in CTRL.
(closedbs): Rename to tofu_closedbs and make global.  Add arg CTRL.
(tofu_register): Add arg CTRL.  Change all callers.  Do not call
closedbs.
(tofu_get_validity): Ditto.
(tofu_set_policy): Ditto.
(tofu_get_policy): Ditto.
(tofu_set_policy_by_keyid): Add arg CTRL.
* g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 12:26:44 +02:00
Werner Koch
027c4e5552
gpg: Pass CTRL object down to the trust functions
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
Werner Koch
fd973ee1c1
gpg: Fix the TOFU_STATS_LONG status.
* g10/tofu.c (show_statistics): Print TOFU STATS with formatting
characters.
--

We better leave the non-breaking space character in the status
messages so that the caller can make use of them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:06:24 +02:00
Werner Koch
437c97ab6a
gpg: Print "[ never ]" instead of err for validity.
* g10/trust.c (uid_trust_string_fixed): Handle NEVER.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-19 09:35:20 +02:00
Werner Koch
a69d3c122c
gpg: Add --weak-digest to gpgv's help screen.
--

Suggested-by: Daniel Kahn Gillmor
2016-05-18 17:00:03 +02:00
Werner Koch
cf97769906
dirmngr: Adjust the WKD lookup to specs version -01.
* dirmngr/server.c (cmd_wkd_get): Remove second occurrence of the
domain part.
--

This change updates gnupg to comply with
draft-koch-openpgp-webkey-service-01
2016-05-18 09:46:22 +02:00
Werner Koch
ff71521d96
gpg: Emit new status line KEY_CONSIDERED.
* common/status.h (STATUS_KEY_CONSIDERED): New.
* g10/getkey.c: Include status.h.
(LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
(finish_lookup): Add arg R_FLAGS.  Count expired and revoked keys and
set flag.  Check a requested usage before checking for expiraion or
revocation.
(print_status_key_considered): New.
(lookup): Print new status.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-17 19:13:19 +02:00
NIIBE Yutaka
83a90a916e g10: Fix signature checking.
* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
walk_kbnode.

--

Thanks to Vincent Brillault (Feandil).

GnuPG-bug-id: 2351
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-05-11 19:27:03 +09:00
Werner Koch
ac9ff644b1
gpg: Allow unattended deletion of secret keys.
* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--

Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
Werner Koch
693838f012
gpg: Fix buglet in the check_all_keysigs function.
* g10/keyedit.c (sig_comparison): Actually compare the pubkey
algorithms.
--

This fixes two bugs: The first was a typo which led to us comparing A
with A.  The second problem was the use of an assert at a place where
this can't be asserted: Two signature may have different algorithms;
they won't verify but after all it is about corrupted signatures.

Reported-by: Guilhem Moulin <guilhem@fripost.org>
GnuPG-bug-id: 2236
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-09 21:16:23 +02:00
Werner Koch
d33b35f748
gpg: Request a "save" after cmd "check" fixed something.
* g10/keyedit.c (keyedit_menu) <cmdCHECK>: Set modified.
--

Reported-by: Guilhem Moulin <guilhem@fripost.org>
GnuPG-bug-id: 2236
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-09 21:16:23 +02:00
NIIBE Yutaka
ff870d59f0 po: Update Japanese translation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-05-09 15:05:29 +09:00
Werner Koch
c3db6f58f7
Post release updates.
--
2016-05-04 16:49:19 +02:00
Werner Koch
00df5b1236
Release 2.1.12 gnupg-2.1.12 2016-05-04 15:59:11 +02:00
Werner Koch
fb1e9df484
speedo,w32: Remove the installation directory page.
* build-aux/speedo/w32/inst.nsi (MUI_PAGE_DIRECTORY): Remove.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-04 15:08:17 +02:00
Werner Koch
920b1421b3
gpg: Fix const char pointer mismatch with gettext.
* g10/tofu.c (get_trust): Use const char *.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-04 14:40:16 +02:00