1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

8088 Commits

Author SHA1 Message Date
Werner Koch
c1dc7a8329
gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
* g10/sign.c (update_keysig_packet): Convert digest algo when needed.
--

Several gpg commands try to keep most properties of a key signature
when updating (i.e. creating a new version of a key signature).  This
included the use of the current hash-algorithm.  This patch changes
this so that SHA-1 or RMD160 are replaced by SHA-256 if
possible (i.e. for RSA signatures).  Affected commands are for example
--quick-set-expire and --quick-set-primary-uid.

GnuPG-bug-id: 4508
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-13 19:29:34 +02:00
Werner Koch
8d0d61aca3
sm: Fix a warning in an es_fopencooie function.
* sm/certdump.c (format_name_writer): Take care of a flush request.
--

We won't see a flush here so that fix does not solve a real bug but we
want to be correct.  Note that this function seems to predate the
es_fopenmem function and thus in master (2.3) we should replace it
entirely.

GnuPG-bug-id: 4495
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-12 20:41:32 +02:00
Daniel Kahn Gillmor
be116f871d doc: correct documentation for gpgconf --kill
* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)
2019-05-10 12:43:01 -04:00
Werner Koch
7c4029110a
dirmngr: Add a CSRF expection for pm.me
--

Also comment typo fix.
2019-05-09 14:51:49 +02:00
Werner Koch
e6901c2bc8
build: Sign all Windows binaries.
* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
(AUTHENTICODE_TOOL): New.
(AUTHENTICODE_FILES): New.
(installer): Sign listed files.
(AUTHENTICODE_SIGNHOST): New macro.
(sign-installer): Use that macro instead of direct use of osslsigncode.
--

This also adds code to support signing via a Token.  Because there is
no specification of that token, I was not able to write a free driver
for it.  Thus we resort to use a running Windows-10 instance with an
enabled ssh server to do the code signing.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-09 14:23:59 +02:00
Werner Koch
781d2c5c89
doc: Minor doc fix to dirmngr.
--

Reported-by: dkg
2019-05-03 16:15:54 +02:00
Werner Koch
05204b7249
gpg: Use just the addrspec from the Signer's UID.
* g10/parse-packet.c (parse_signature): Take only the addrspec from a
Signer's UID subpacket.
--

This is to address a problem in the currentr OpenKeychain which put
the entire UID into the subpacket.  For example our Tofu code can only
use the addrspec and not the entire UID.

Reported-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-03 15:57:10 +02:00
NIIBE Yutaka
caa61fb7da po: Update Japanese Translation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-04-23 12:55:21 +09:00
Andre Heinecke
35899dc290 g10: Fix double free when locating by mbox
* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
to NULL after use.

--
pubkey_cmp is not guranteed to set new.uid.
So if the diff < 0 case is reached best is set to new.

If then diff > 0 is reached without modifying new.uid
e.g. if the key has no matching mboxes. new.uid is
free'd even though the uid is still referenced in
best.

GnuPG-Bug-Id: T4462
(cherry picked from commit e57954ed278cb5e6e725005b1ecaf7ce70006ce0)
2019-04-18 14:26:42 +02:00
NIIBE Yutaka
ee766b2b5d common: Fix AWK portability.
* common/Makefile.am: Use pkg_namespace.
* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.

--

Cherry-picked from master commit:
	b6f0b0efa19e0434024bc16e246032b613fd448a

GnuPG-bug-Bug: 4459
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-04-16 13:27:44 +09:00
Werner Koch
dc4c7f65e3
gpg: Accept also armored data from the WKD.
* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
--

We may even adjust the specs to allow that.  It should not be a
problem for any OpenPGP implementation because armored keys are very
common and de-armoring code is de-facto a mandatory feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-11 10:05:08 +02:00
Werner Koch
e9fcb0361a
gpg: Set a limit of 5 to the number of keys imported from the WKD.
* g10/import.c (import): Limit the number of considered keys to 5.
(import_one): Return the first fingerprint in case of WKD.
--

The Web Key Directory should carry only one key.  However, some
providers like to put old or expired keys also into the WKD.  I don't
thunk that this is a good idea but I heard claims that this is needed
for them to migrate existing key data bases.

This patch puts a limit on 5 on it (we had none right now) and also
fixes the issue that gpg could not work immediately with the requested
key because the code uses the fingerprint of the key to use the
imported key.  Now the first key is used.  On a second try (w/o
accessing the WKD) the regular key selection mechanism would be in
effect.  I think this is the most conservative approach.  Let's see
whether it helps.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-11 10:05:05 +02:00
Werner Koch
cb20659674
scd: Add dummy option --application-priority.
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 13:32:25 +02:00
Werner Koch
48e7977709
dirmngr: Improve domaininfo cache update algorithm.
* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
(insert_or_update): Implement new update algorithm.

--

The old algorithm limited the length of a bucket chain by purging the
last 50% or the entries.  Thus the first domains entered into the
cache were never purged.  The new algorithm is a bit better: It also
limits the chain length on overflow to 50% but tries to keep the
entries indicating that a WKD is available in the cache.  If there is
still space to keep more, those which clearly do not support WKD are
also kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 13:25:48 +02:00
Werner Koch
0a30ce036a
dirmngr: Better error code for http status 413.
* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 13:25:31 +02:00
Daniel Kahn Gillmor
5b1b5be65f NEWS: correct typo in header 2019-04-01 10:25:11 -04:00
NIIBE Yutaka
38c2a9a644
g10: Fix symmetric cipher algo constant for ECDH.
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.

--

Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c)
2019-03-27 12:29:45 +01:00
Trevor Bentley
2f455d18ab gpg: Don't use EdDSA algo ID for ECDSA curves.
* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
an EdDSA curve.

--

(cherry picked from commit 4324560b2c0bb76a1769535c383424a042e505ae)

This change matters when it is called from ask_card_keyattr.

Some-comments-by: NIIBE Yutaka <gniibe@fsij.org>
2019-03-27 11:10:30 +09:00
Werner Koch
644cabc6b3
Post release updates
--
2019-03-26 15:10:38 +01:00
Werner Koch
dc93e57226
Release 2.2.15 gnupg-2.2.15 2019-03-26 14:27:25 +01:00
Werner Koch
30972d2182
sm: Allow decryption even if expired other keys are configured.
* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
mode.
--

The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to
a decryption command.  With that patch the errors are printed but
decryption continues and the process returns success unless other
errors occur.

GnuPG-bug-id: 4431
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-26 13:35:18 +01:00
Werner Koch
1c2fa8b6d7
agent: Allow other ssh fingerprint algos in KEYINFO.
* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO.  Default to
the standard algo.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-26 09:04:53 +01:00
Werner Koch
2f3eebf186
wkd: New command --print-wkd-url for gpg-wks-client.
* tools/gpg-wks-client.c (aPrintWKDURL): New.
(opts): Add option.
(main): Implement.
* tools/wks-util.c (wks_cmd_print_wkd_url): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-25 15:14:32 +01:00
Werner Koch
7a38af6a10
doc: Clarify option --no-keyring.
--
GnuPG-bug-id: 4424

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-25 14:48:28 +01:00
NIIBE Yutaka
a975fd127a
libdns: Don't use _[A-Z] which are reserved names.
* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
reserved "_[A-Z]".

--

GnuPG-bug-id: 4420
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-03-25 14:42:01 +01:00
Werner Koch
64621f1f40
wkd: New command --print-wkd-hash for gpg-wks-client.
* tools/gpg-wks-client.c (aPrintWKDHash): New.
(opts) : Add "--print-wkd-hash".
(main): Implement that command.
(proc_userid_from_stdin): New.
* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
(wks_cmd_print_wkd_hash): New.
--

GnuPG-bug-id: 4418
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-25 14:41:44 +01:00
Andre Heinecke
b9d2759da1
sm, w32: Translate logger and status fd to handles
* sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
convert the FDs.

--
This is required to actually pass gpgsm an fd on windows
and not a windows handle.

For the passphrase-fd this was already done.

(cherry picked from commit e4e0804ed123516fa00f8a876a862b2c6d34ba5c)
2019-03-25 14:09:46 +01:00
Daniel Kahn Gillmor
93782de23f doc: fix formatting error
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-03-22 23:49:03 +01:00
Werner Koch
d9af95de47
Post release updates
--
2019-03-19 12:10:18 +01:00
Werner Koch
813de13e73
Release 2.2.14 gnupg-2.2.14 2019-03-19 11:35:37 +01:00
Werner Koch
099cf37ee5
po: Auto update
--
2019-03-19 11:31:48 +01:00
Jan Kowalski
68c29eb37e
po: Minor update to the Polish translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-18 18:14:08 +01:00
Ineiev
dc00947b21
po: Update Russian translation 2019-03-18 18:10:32 +01:00
Werner Koch
de70a2f377
gpg: Do not bail out on v5 keys in the local keyring.
* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
instead of invalid packet.
* g10/keydb.c (parse_keyblock_image): Do not map the unknown version
error to invalid keyring.
(keydb_search): Skip unknown version errors simlar to legacy keys.
* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
versions.
* g10/import.c (read_block): Handle unknown version.
--

When using gpg 2.3 the local keyring may contain v5 keys.  This patch
allows the use of such a keyring also with a 2.2 version which does
not support v5 keys.  We will probably need some more tweaking here
but this covers the most common cases of listing keys and also
importing v5 keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-18 14:10:16 +01:00
Werner Koch
0e73214dd2
gpg: Allow import of PGP desktop exported secret keys.
* g10/import.c (NODE_TRANSFER_SECKEY): New.
(import): Add attic kludge.
(transfer_secret_keys): Add arg only_marked.
(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
r_removedsecs.
(import_secret_one): New arg r_secattic.  Change to take ownership of
arg keyblock.  Implement extra secret key import logic.  Factor some
code out to ...
(do_transfer): New.
(import_matching_seckeys): New.
--

The PGP desktops exported secret keys are really stupid.  And they
even a have kind of exception in rfc4880 which does not rule that
out (section 11.2):

  [...]  Implementations SHOULD include self-signatures on any user
  IDs and subkeys, as this allows for a complete public key to be
  automatically extracted from the transferable secret key.
  Implementations MAY choose to omit the self-signatures, especially
  if a transferable public key accompanies the transferable secret
  key.

Now if they would only put the public key before the secret
key. Anyway we now have a workaround for that ugliness.

GnuPG-bug-id: 4392
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5205512fc092c53c0a52c8379ef2a129ce6e58a9)
2019-03-18 13:16:51 +01:00
Werner Koch
43b23aa82b
gpg: Avoid importing secret keys if the keyblock is not valid.
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
* g10/import.c (import_one): Add arg r_valid.
(sec_to_pub_keyblock): Set tags.
(resync_sec_with_pub_keyblock): New.
(import_secret_one): Change return code to gpg_error_t.   Return an
error code if sec_to_pub_keyblock failed.  Resync secret keyblock.
--

When importing an invalid secret key ring for example without key
binding signatures or no UIDs, gpg used to let gpg-agent store the
secret keys anyway.  This is clearly a bug because the diagnostics
before claimed that for example the subkeys have been skipped.
Importing the secret key parameters then anyway is surprising in
particular because a gpg -k does not show the key.  After importing
the public key the secret keys suddenly showed up.

This changes the behaviour of
GnuPG-bug-id: 4392
to me more consistent but is not a solution to the actual bug.

Caution: The ecc.scm test now fails because two of the sample keys
         don't have binding signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f799e9728bcadb3d4148a47848c78c5647860ea4)
2019-03-18 13:16:35 +01:00
Werner Koch
61fc831885
tests: Add sample secret key w/o binding signatures.
--

GnuPG-bug-id: 4392
(cherry picked from commit 8c20a363c221438373439cde8c242e04c1bd925e)
2019-03-18 13:13:35 +01:00
Werner Koch
db2d75f1ff
gpg: During secret key import print "sec" instead of "pub".
* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'.  Remove
useless code for "sub" and "ssb".
* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info.  Do
not print the first  keyinfo in FROM_SK mode.
printing.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f64477db86568bdc28c313bfeb8b95d8edf05a3c)
2019-03-18 13:13:14 +01:00
Werner Koch
184fbf014a
gpg: Simplify an interactive import status line.
* g10/cpr.c (write_status_printf): Escape CR and LF.
* g10/import.c (print_import_check): Simplify by using
write_status_printf and hexfingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>

Fixed one conlict in a comment.
2019-03-18 13:12:13 +01:00
NIIBE Yutaka
ee08a15e31
libdns: Avoid using compound literals (8).
* dirmngr/dns.h (dns_quietinit): Remove.
(dns_hints_i_new): Remove.

--

Even before our change, dns_quietinit was questionable macro;  There
was no place in dns.c which requires overrides in initializer list.
Only redundant zero were.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 371ae25f8f6f2d1ac030bf984bca479393a5ed43)
2019-03-07 13:03:26 +01:00
NIIBE Yutaka
4ab0fef5dc
libdns: Avoid using compound literals (7).
* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
automatic variable for opts.
* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
Likewise.

--

In fact, DNS_OPTS_INIT was only needed when args are none.  With
partially specified initialization, C99 guarantees zero-ed other
members just like static object.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d661acd483236d34720a4959fc816d05f89c2cb7)
2019-03-07 13:03:15 +01:00
NIIBE Yutaka
f3af170769
libdns: Avoid using compound literals (6).
* dirmngr/dns.h (dns_rr_i_new): Remove.
(dns_rr_i_init): Remove unused second argument.
* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
(parse_packet): Use automatic variable for struct dns_rr_i.
(dns_d_cname): No need to call dns_rr_i_init after memset 0.
(dns_rr_i_init): Remove unused second argument.  Return nothing.
* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
(getsrv_libdns): Follow the change of dns_rr_i_init.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a)
2019-03-07 13:02:59 +01:00
NIIBE Yutaka
500151e6da
libdns: Avoid using compound literals (5).
* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
Call dns_rr_grep with NULL.
* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.

--

Here we still use C99 feature of struct member initialization in
dns_rr_foreach, for struct dns_rr_i.  Note that in C99, it guarantees
non-specified member fields are initialized by zero.  So, there's no
need to use dns_rr_i_new at all.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit a1ccfe2b37847cce0db2fb94a7365c9fa501eda4)
2019-03-07 13:02:48 +01:00
NIIBE Yutaka
229302aecf
libdns: Avoid using compound literals (4).
* dirmngr/dns.h (dns_d_new*): Remove.
* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
variable.
(parse_domain): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8)
2019-03-07 13:02:29 +01:00
NIIBE Yutaka
f0de4fc990
libdns: Avoid using compound literals (3).
* dirmngr/dns.h (dns_p_new): Remove.
* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
variable.
(dns_hints_query, dns_res_glue, parse_packet, query_hosts)
(send_query, show_hints, echo_port): Likewise.

--

Implicit automatic allocation by compound literals is confusing
for C90 code.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 72efb7840258808cd892b90d871ea1cc1c31d7f5)
2019-03-07 13:02:05 +01:00
NIIBE Yutaka
ff7d01fc6d
libdns: Avoid using compound literals (2).
* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
(dns_strclass1, dns_strclass3): Remove.
(dns_strtype1, dns_strtype3): Remove.
(dns_strsection, dns_strclass, dns_strtype): Directly use the
function.
* dirmngr/dns.c (dns_strsection): Use automatic variable.
(dns_strclass, dns_strtype): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3)
2019-03-07 13:01:47 +01:00
NIIBE Yutaka
1318d1e2d5
libdns: Avoid using compound literals.
* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
variables.
(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.

--

Compound literals is a feature of C99.  Because we only use C90 plus
some limited features, in the project, it's better to avoid it.

Besides, we make sure when it's read-only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 1c405499388fd5bed0968ab5c6c5d1b3373537b9)
2019-03-07 13:01:34 +01:00
Werner Koch
557c721e78
dirmngr: Add CSRF protection exception for protonmail.
* dirmngr/http.c (same_host_p): Add exception table.
--

Please: Adding entries to this table shall be an exception and not the
rule.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 134c3c16523b1a267ebdd2df6339240fd9e1e3b3)
2019-03-07 11:34:59 +01:00
Werner Koch
5d73c231e4
gpgtar: Make option -C work for archive creation.
* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
--

The -C option is pretty useful given that pattern are always relative
to the current directory.  In contrast to GNU tar, the switching is
done only once.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b3a7a5140784b5a015107b5c5c73b15ae44e71dc)
2019-03-07 10:56:18 +01:00
Werner Koch
2e4151a341
gpgtar: Improve error messages.
* tools/gpgtar.h (struct tarinfo_s): New.
* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
global vars more to the top.
(set_cmd): Rename 'cmd' to 'c'.
* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
messages.
(read_header): Add arg 'info' and update counter.
(skip_data): Ditto.
(gpgtar_list): Pass info object to read functions.
(gpgtar_read_header): Add arg 'info'.
* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
(extract_regular): Add arg 'info' and update counter.
--

This now prints the block number of a header with error.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 72feb8fa8280aba674573a1afc955a92e8065242)
2019-03-07 10:55:21 +01:00