* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.
--
In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent. Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA. But, many card
implementation uses P and Q, try this option. If other cases,
factory-reset would be easier option.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
number 25519 for ed25519/cv25519. Rename from ask_card_keyattr.
(ask_card_keyattr): Support ECC, as well as RSA.
(do_change_keyattr): Support ECC dropping magical number 25519.
* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
of CURRENT.
(generate_keypair): Follow the change of ask_curve.
(generate_subkeypair): Likewise.
--
GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (generate_card_keys): Check PIN later.
(card_generate_subkey): Likewise.
--
Changing key attribute resets PIN authentication status. So, CHECKPIN
should be after that, before key generation. Note that CHECKPIN is
done for binding signature.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.
* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto. Take RESTRICTED into account.
(agent_get_cache): Ditto.
--
If requests are coming from different sources they should not share the
same cache. This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.
GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
(tdbio_new_recnum): Never return on error.
(lookup_hashtable): Print a more descriptive error in case of !TABLE.
--
Also: tdbio_new_recnum had a bug in that it returned an error code and
not a record number in the error case. The function is expected to
always return a valid new record number.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tdbio.c (is_locked): Turn into a counter.
(take_write_lock, release_write_lock): Implement recursive locks.
--
On trustdb creation we have this call sequence:
init_trustdb -> takes lock
tdbio_set_dbname
create_version_record
tdbio_write_record
put_record_into_cache -> takes lock
put_record_into_cache -> releases lock
init_trustdb -> releases lock
The second take lock does noting but the first release lock has
already released the lock and the second release lock is a thus a NOP.
This is likely the cause for the corrupted trustdb as reported in
GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tdbio.c (in_transaction): Comment this var.
(put_record_into_cache): Comment the transaction code.
(tdbio_sync): Ditto
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/server.c: Include shareddefs.h.
(option_handler): Add option.
--
This is required when running gpgsm in server mode as done by GPGME.
Noet that a command line option takes precedence.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--
This allows to pretend that a request originated from the extra or
browser socket.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
the type octet. Print diagnostic.
--
If the final subpacket has only a length header evaluating to zero and
missing the type octet, a read could happen right behind the buffer.
Valgrind detected this. Fix is obvious. Note that the further
parsing of the subpacket is still okay because it always checks the
length. Note further that --list-packets uses a different code path
and already reported an error.
Reported-by: Philippe Antoine
He provided a test file copied below. Running "gpg -v --verify" on it
triggered the bug.
-----BEGIN PGP ARMORED FILE-----
Comment: Use "gpg --dearmor" for unpacking
kA0DAAoBov87N383R0QBrQJhYgZsb2wucHlaqTVWYnl0ZXMgPSBbMHg1LCAweDY0
LCAweDRjLCAweGM0LCAweDMsIDB4MCwgMHg0LCAweDAsIDB4YWMsIDB4YSwgMHhj
MSwgMHhjMSwgMHgyLCAweDEsIDB4MiwgMHg3LCAweDQwLCAweDIsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDJkLCAweGRkLCAweDIs
IDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4NzcsIDB4ODcsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHg3NywgMHg4NywgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4Miwg
MHgyLCAweDIsIDB4MiwgMHgyLCAweDc3LCAweDg3LCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MCwgMHhhZF0KCmZvciBpIGluIHJhbmdlKGxl
bihieXRlcykpOgogICAgaWYgaSUxNiA9PSAwOgogICAgICAgIHByaW50CiAgICAg
ICAgcHJpbnQgIiUwNngiICUgaSwKICAgIHByaW50ICIlMDJ4ICIgJSBieXRlc1tp
XSwKiQJNBAABCgAeFiEEU+Y3aLjDLA3x+9Epov87N383R0QFAlqpNVYAAAoJEKL/
Ozd/N0dElccP/jBAcFHyeMl7kop71Q7/5NPu3DNULmdUzOZPle8PVjNURT4PSELF
qpJ8bd9PAsO4ZkUGwssY4Kfb1iG5cR/a8ADknNd0Cj9/QA2KMVNmgYtReuttAjvn
hQRm2VY0tvDCVAPI/z8OnV/NpOcbk8kSwE+shLsP7EwqL5MJNMXKqzm1uRxGNYxr
8TNuECo3DO64O2NZLkMDXqq6lg+lSxvDtXKxzKXgVC+GMtOE56lDwxWLqr39f9Ae
Pn0q2fVBKhJfpUODeEbYSYUp2hhmMUIJL/ths9MvyRZ9Z/bHCseFPT58Pgx6g+MP
q+iHnVZEIVb38XG+rTYW9hvctkRZP/azhpa7eO8JAZuFNeBGr4IGapwzFPvQSF4B
wBXBu0+PPrV9VJVe98P4nw2xcuJmkn6mgZhRVYSqDIhY64bSTgQxb/pdtGwrTjtL
WoUKVI+joLRPnDmwexH9+QJCB+uA6RsN/LqsQfDseyr40Z6dHJRqWGgP3ll6iZgw
WF768uiIDJD8d4fegVnkpcH98Hm0I/dKsMR1MGV/sBxYC8mAOcOWwSPNGDqPlwwR
eWPdr1O6CoYEWwiZMicSe0b5TsjB5nkAWMy7c9RyhtMJzCQ/hFpycpj0A0Zs+OGa
eJQMZZV0s8AQZ04JzoX0zRpe0RcTyJn3Tr6QGbVi9tr+QdKHFuDMUqoX
=qYZP
-----END PGP ARMORED FILE-----
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/argparse.c, common/argparse.h: Change license
--
On 2011-09-30 the license of these two files were changed from
LGPLv2.1 to LGPLv3+/GPLv2+. This was part of a general change from
files with either GPLv3+ or LGPv2.1+ to this combination so to allow
the use of these files with GPLv2only code.
Since then the code was only modified by employees of g10 Code GmbH
under my direction and myself. The following changes
commit 7249ab0f95
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
AuthorDate: Tue Jan 10 15:59:36 2017 -0500
commit eed16ccebf
Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
AuthorDate: Fri Nov 21 17:04:42 2014 -0500
and a few typo fixes are minor and thus not copyright-able.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/scdaemon.c (setup_signal_mask): New.
(main): Call setup_signal_mask.
(handle_connections): Remove signal mask setup.
--
For new thread, signal mask is inherited by thread creation.
Thus, it is best to setup signal mask just after npth_init.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
Connect the card again at the last step.
--
Before the change, a user has to quit the session to continue. Now,
it is possible to type RET in the session and see if it's really done.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
to see if it's suspend/resume.
--
Upon suspend/resume, LIBUSB_TRANSFER_NO_DEVICE is returned, since all
URBs are cancelled. We need to see if it's real NODEV error or its by
suspend/resume. We can distinguish by sending URB again.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.
--
Normally SIGCONT or SIGUSR2 works for unblocking pselect. But on my
machine with GNU/Linux, when a machine is suspend/resume-ed, pselect
keeps blocked, while signal itself is delivered.
It's better to use pipe.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (struct reader_table_s): Add field of current_state.
(new_reader_slot): Initialize current_state.
(pcsc_get_status): Keep the status in READER_TABLE array.
Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
* scd/scdaemon.c (handle_connections): Silence a warning.
--
To detect some change of card status, including suspend/resume
possibly, SCardGetStatusChange should be used keeping the
dwCurrentState field.
This change could improve situation for suspend/resume with Yubikey on
Windows. Even not, this is doing the Right Thing.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
WIN32_LEAN_AND_MEAN is required to avoid definitions of grp1, grp2,
and grp3 in dlgs.h, which is included by windows.h.
Fixes-commit: fd595c9d36
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--
This change mitigates the risk of having cached items in a post mortem
dump.
GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Sorry, I accidentally pushed the last commit without having amended it
with this fix.
Fixes-commit: fd595c9d36
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
grp3.
* g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
(learn_status_cb): Parse KEYPARIINFO int the grpX fields.
* g10/card-util.c (print_keygrip): New.
(current_card_status): Print "grp:" records or with --with-keygrip a
human readable keygrip.
--
Suggested-by: Peter Lebbing <peter@digitalbrains.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.
--
The homedir of GnuPG on Windows can be on a network share
e.g. if %APPDATA% is redirected to a network share. The
file API calls work and GnuPG itself works nicely
with such paths so gpgconf should work with them, too.
GnuPG-Bug-Id: T3818
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
(write_final_chunk): Do not increase chunkindex.
(do_flush): Call set_nonce_and_ad immediately before the first
encryption of a chunk. Bump up the chunkindex after writing the tag.
(do_free): Do not insert a zero length last chunk.
* g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
--
This fixes a bug in writing a zero length last chunk right before the
final chunk (which has by design a zero length). We also need to
adjust the decryption part because that assumed this zero length last
chunk.
Note that we use the term "last chunk" for the chunk which directly
precedes the "final chunk" which ends the entire encryption.
GnuPG-bug-id: 3774
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ...
(set_nonce_and_ad): new function.
(write_auth_tag): Print error message here.
(do_flush): Rename var newchunk to finalize.
--
There is no need to have separate functions here. We should also
print a error message for writing the final tag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ...
(aead_set_nonce_and_ad): new single function. Change callers.
(decrypt_data): Do not set the nonce and ad here.
(aead_underflow): Get rid of the LAST_CHUNK_DONE hack.
--
The main change here is that we now re-init the context only right
before we decrypt and not after a checktag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/decrypt-data.c (aead_underflow): Factor reading and checking
code code out to ...
(fill_buffer, aead_checktag): new functions.
--
Here is a simple test script to check against a set of encrypted files
with naming convention like "symenc-aead-eax-c6-56.asc"
# ------------------------ >8 ------------------------
set -e
GPG=../g10/gpg
for file in "$@"; do
echo "${file##*/}" | ( IFS=- read dummy1 dummy2 mode cbyte len rest
len="${len%.*}"
cbyte="${cbyte#c}"
[ "$dummy1" != "symenc" -o "$dummy2" != "aead" ] && continue
echo "checking mode=$mode chunkbyte=$cbyte length=$len"
if ! $GPG --no-options --rfc4880bis --batch --passphrase "abc" \
-d < $file >tmp.plain 2>/dev/null; then
echo "Decryption failed for $file" >&2
exit 2
fi
plainlen=$(wc -c <tmp.plain)
if [ $plainlen -ne $len ]; then
echo "Plaintext length mismatch for $file (want=$len have=$plainlen)" >&2
exit 2
fi
)
done
echo "all files are okay" >&2
# ------------------------ 8< ------------------------
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
index if the previous chunk was empty.
* g10/decrypt-data.c (aead_underflow): Likewise. Also handle a other
corner cases. Add more debug output.
--
GnuPG-bug-id: 3774
This fixes the reported case when the encrypted data is a multiple of
the chunk size. Then the chunk index for the final chunk was wrongly
incremented by 2. The actual fix makes use of the fact that the
current dfx->CHUNKLEN is 0 in this case. There is also some other
reorganizing to help with debugging. The thing seems to work now but
the code is not very clean - should be reworked. Creating test files
can be done with this script:
--8<---------------cut here---------------start------------->8---
csize=6
for len in 0 55 56 57; do
awk </dev/null -v i=$len 'BEGIN{while(i){i--;printf"~"}}' \
| gpg --no-options -v --rfc4880bis --batch --passphrase "abc" \
--s2k-count 1025 --s2k-digest-algo sha256 -z0 \
--force-aead --aead-algo eax --cipher aes -a \
--chunk-size $csize -c >symenc-aead-eax-c$csize-$len.asc
done
--8<---------------cut here---------------end--------------->8---
A LEN of 56 triggered the bug which can be seen by looking at the
"authdata:" line in the --debug=crypt,filter output.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
error codes.
--
Handle the two possible connect failures related to missing IPv6 support
gracefully by marking the host dead and retrying with another one.
If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL.
If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT.
This makes it possible to use dual-stack hkp servers on hosts not having
IPv6 without random connection failures.
GnuPG-bug-id: 3331
--
The above description seems to be for Linux, so it is possible that
other systems might behave different. However, it is worth to try
this patch.
Signed-off-by: Werner Koch <wk@gnupg.org>
NIIBE Yutaka