* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix. Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex. Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--
This patch enables the use of the log function from libgpgrt (aka
libgpg-error). Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions. Eventually the
whole divert stuff can be removed.
The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string. Note that this is fully specified
standard C behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/keydb.c (maybe_create_keybox): Open new keybox in bin mode.
--
As the header contains a timestamp we will have the conversion
problems if the keybox is not opened in binary mode.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
* sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
(run_command_inq_cb): Ditto.
* sm/gpgsm.c (main): Pass false.
* sm/server.c (cmd_passwd): Pass false.
--
As described in my report T1644, it is possible that multiple
certificates exist with the same Distinguished Name and the same key.
In this case, verifying S/MIME signatures and other actions fail with
"certificate not found: Ambiguous name". For details see the bug
report.
To circumvent the problem, I am patching GnuPG since 2014 so that in
this case the newest of the ambiguous certificates is used.
This is not an ultimate solution of the problem: You should try every
certificate with the same DN until verification succeeds or until all
certificates fail, and if multiple certificates of a chain are
ambiguous you even have to check every combination. You may even
consider checking the keyUsage attributes of the ambiguous certificates
to reduce the number of combinations.
But in the existing case of the certificates in the German Research
Network (DFN) PKI where the newest one is the valid one and all
ambiguous certificates have the same keyUsage attributes, this patch
has proven to be sufficient over the last three years.
With every GnuPG update, I have adapted the patch, luckily I never
needed to change anything except line numbers.
GnuPG-bug-id: 1644
ChangeLog log written by wk, comment taken from mail. Signed-off line
was missing in the plain diff. However the mail with the patch and
the DCO posted as reply to that mail were both signed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/pkscreening.c: New.
* common/pkscreening.h: New.
* common/Makefile.am (common_sources): Add them.
* g10/gpg.c (opts): New option --with-key-screening.
* g10/options.h (struct opt): New field with_key_screening.
* g10/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(list_keyblock_print): Call it.
(print_compliance_flags): Call it.
* sm/gpgsm.c (opts): New option --with-key-screening.
* sm/gpgsm.h (scruct opt): New field with_key_screening.
* sm/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(print_compliance_flags): Call it. Add new arg cert.
(list_cert_colon): Pass arg cert
(list_cert_std): Call print_pk_screening.
* sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
--
This new option can be used to detect ROCA affected keys. To scan an
entire keyring and print the affected fingerprints use this:
gpg -k --with-key-screening --with-colons | gawk -F: \
'$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next};
$1=="fpr" && found {print $10}; {found=0}'
The same works for gpgsm. Note that we need gawk due to the "\<" in
the r.e.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/Makefile.am: Move qualified.txt into examples.
* doc/qualified.txt: Move into examples, remove trailing spaces.
* doc/examples/README: Document qualified.txt.
* doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
* sm/qualified.c (read_list): Move qualified.txt from datadir into
sysconfdir.
--
The qualified.txt is maintained by Administrator it is a configuration
file. In the past it was a hybrid, provided by package and controlled
by the Administrator, however, it is no longer maintained by package.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.
--
3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch
* g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
allowed in the current compliance mode.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
--
The idea here is that the owner of the key created a non-compliant key
and later receives a mail encrypted to that key. The sender should
have checked this key too but we can't guarantee that. By hard
failing here the owner of the key will notice that he had created a
non-compliant key and thus has a chance to generate a new compliant
key. In case the compliant criteria changes and the owner wants to
decrypt an old message he can still switch gpg to another compliant
mode.
Fixes-commit: a0d0cbee76
GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.c (warn_version_mismatch): Print a note on how to
restart the servers.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
--
We should move this fucntion to common. However, the status output
functions are different and would need to be streamlined too.
GnuPG-bug-id: 3117
Debian-bug-id: 860745
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
GnuPG-bug-id: 3306
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
signing check. We don't support Elgamal signing at all.
(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
Check the curvenames for ECDH.
* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
is not compliant.
* sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg
so that we have only one translation.
--
We always allow decryption and print only a note if the key was not
complaint at the encryption site.
GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_rng_is_compliant): New.
* g10/call-agent.c (start_agent) [W32]: Check rng compliance.
* sm/call-agent.c (start_agent) [W32]: Ditto.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* g10/sign.c (do_sign): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
--
Under Windows we need to check that the Jitter RNG is active in de-vs
mode. Under Linux this is not necessary because /dev/random can be
scrutinized and is believed to provide enough entropy.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
This status code allows to report whether an encryption operation was
compliant to de-vs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check. Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace
assert by debug message.
--
Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative. Better use a boolean test.
The assert could have lead to a regression for no good reason. Not
being compliant is better than breaking existing users.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_parse_compliance_option): New function.
* common/compliance.h (struct gnupg_compliance_option): New type.
(gnupg_parse_compliance_option): New prototype.
* g10/gpg.c (parse_compliance_option): Remove function.
(compliance_options): New variable.
(main): Adapt callsite.
* sm/gpgsm.c (main): Use the new common function.
* sm/gpgsm.h (opt): New field 'compliance'.
GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information will be picked up by the frontend and
presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
* common/Makefile.am (common_sources): Add new files.
* common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here,
and tweak it to not rely on types private to gpg.
* common/compliance.h: New file. Move the compliance enum here.
* g10/keylist.c (print_compliance_flags): Adapt callsite.
* g10/main.h (gnupg_pk_is_compliant): Remove prototype.
* g10/misc.c (gnupg_pk_is_compliant): Remove function.
* g10/options.h (opt): Use the new compliance enum.
* sm/keylist.c (print_compliance_flags): Use the common functions.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/misc.c (gnupg_pk_is_compliant): New.
* g10/keylist.c (print_compliance_flags): New.
(list_keyblock_colon): Call it here.
* sm/keylist.c (print_compliance_flags): New.
(list_cert_colon): Call it here.
--
This patch is to convey information about DE_VS compliant keys to the
caller. The double digit value is used so that parsers do the right
thing and don't just look for a single digit.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/ksba-io-support.c: Include ksba-io-support.h instead of
../sm/gpgsm.h. Include util.h.
(writer_cb_parm_s): Remove const from 'pem_name'.
(gpgsm_destroy_writer): Free 'pem_name'.
(gpgsm_create_reader): Rename to ...
(gnupg_ksba_create_reader): this. Replace args CTRL and
ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate
FLAGS. Change all callers to pass the FLAGS.
(gpgsm_create_writer): Rename to ...
(gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS.
Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change
all callers to pass the FLAGS and PEM_NAME.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/gpgsm.c (check_special_filename): Move to ..
* common/sysutils.c (check_special_filename): here. Add arg
NOTRANSLATE.
(allow_special_filenames): New local var.
(enable_special_filenames): New public functions.
* sm/gpgsm.c (allow_special_filenames): Remove var.
(main): Call enable_special_filenames instead of setting the var.
(open_read, open_es_fread, open_es_fwrite): Call
check_special_filename with 0 for NOTRANSLATE.
* common/iobuf.c (special_names_enabled): Remove var.
(iobuf_enable_special_filenames): Remove func.
(check_special_filename): Remove func.
(iobuf_is_pipe_filename): Call new version of the function with
NOTRANSLATE set.
(do_open): Ditto.
* g10/gpg.c (main): Call enable_special_filenames instead of
iobuf_enable_special_filenames.
* g10/gpgv.c (main): Ditto.
--
Note that we keep the iobuf.c:translate_file_handle because it is a
bit different (for whatever reasons) than the translate function from
sysutils.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
file-global. Write a STATUS_ERROR.
(maybe_create_keyring_or_box): Check for non-accessible but existant
file.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.
* sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
and make file-global. Write a STATUS_ERROR.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND. Also add new arg CTRL and change
all callers to pass it down.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/stringhelp.c: Include limits.h.
(compare_version_strings): Change semantics to behave like strcmp.
Include the patch lebel in the comparison. Allow checking a single
version string.
* common/t-stringhelp.c (test_compare_version_strings): Adjust test
vectors and a few new vectors.
* g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this. Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature. Remove system dameon
feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--
We are now starting dirmngr as needed as a user daemon. The
deprecated system daemon mode does not anymore make sense. In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
* dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
* g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
* tests/gpgscm/main.c, tools/gpg-check-pattern.c
* tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
* tools/symcryptrun.c: Invoke log_set_prefix() with
human-readable labels.
--
Some invocations of log_set_prefix() were done with raw numeric values
instead of values that humans can understand. Use symbolic
representations instead of numeric for better readability.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.
--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* sm/gpgsm.c (main): Add AES192 cipher. Allow SERPENT256.
--
Note that currently released Libcgrypt versions miss OIDs for Serpent
and thus Serpent can only be used with tye forthcoming Libgcrypt
1.7.1.
GnuPG-bug-id: 2273
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/keydb.c (maybe_create_keybox): Create the header blob.
--
This is required so that g10/keydb.c can properly detect that a keybox
file is actually there. Just writing a 0 zero length keybox file is
not sufficient because a file with that name may also be an old-style
OpenPGP keyring.
GnuPG-bug-id: 2275
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'.
* sm/Makefile.am (gpgsm_SOURCES): Add new files
* sm/call-agent.c (struct default_inq_parm_s): New definition.
(start_agent): Pass in the pinentry mode.
(default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries.
Adapt all call sites to the new callback cookie.
* sm/gpgsm.c (cmd_and_opt_values): Add new values.
(opts): Add new options.
(main): Handle new options.
* sm/gpgsm.h (struct opt): Add field 'pinentry_mode'.
* sm/passphrase.c: New file.
* sm/passphrase.h: Likewise.
GnuPG-bug-id: 1970
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpgsm.texi: Drop description.
* sm/gpgsm.c (cmd_and_opt_values): Drop enum value.
(opts): Drop argument.
(main): Drop argument handling.
* sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'.
Signed-off-by: Justus Winter <justus@g10code.com>
* kbx/keybox-init.c (keybox_register_file): Change interface to return
the token even if the file has already been registered.
* g10/keydb.c (primary_keyring): Rename to primary_keydb.
(maybe_create_keyring_or_box): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Mark an already registered as primary.
* sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Adjust for changed keybox_register_file.
--
This change aligns the registering of keyboxes with those of
keyrings. This fixes a potential bug:
gpg --keyring foo.kbx --keyring bar.gpg --keyring foo.kbx
would have marked bar.gpg as primary resource and thus inserting new
keys there. The correct and now fixed behavior is to insert to
foo.kbx.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--
We have seen too often bug reports which are due to still running old
versions of the daemons. To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t.
* dirmngr/server.c (data_line_cookie_write): Ditto.
* sm/certdump.c (format_name_writer): Ditto.
* sm/server.c (data_line_cookie_write): Ditto.
* dirmngr/http.c (cookie_read, cookie_write): Ditto.
--
See the release notes of libgpg-error 1.15 for background info on
gpgrt_ssize_t.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox.h (KEYBOX_WITH_X509): Do not define.
* sm/Makefile.am (AM_CPPFLAGS): Define it here.
(common_libs): Change to libkeybox509.a
* g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS.
(gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS
* kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a.
(libkeybox509_a_SOURCES): New.
(libkeybox_a_CFLAGS): New.
(libkeybox509_a_CFLAGS): New.
(kbxutil_CFLAGS): New.
* kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args
as unused.
--
There is no real need to link to Libksba in gpg.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--
Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places. For now we need repalcement
macros, though.
* sm/server.c (option_handler): Add "offline".
(cmd_getinfo): Ditto.
* sm/certchain.c (is_cert_still_valid):
(do_validate_chain):
* sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
of --disable-dirmngr.
* sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
ctrl->offline.
--
Adding this option makes it easier to implement the corresponding
feature in gpgme.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/keydb.c (keydb_store_cert): Clear ephemeral flag for
existing certs if store should not be ephemeral.
--
Previously keydb_store_cert would ignore ephemeral certificates
when asked to store a non ephemeral certificate and insert
it again without the flags. This resulted in duplicated
certificates in the keybox.
GnuPG-bug-id: 1921
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* g13/g13.c: Make use of debug_parse_flag.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto
* agent/gpg-agent.c: Ditto. But do not terminate on "help"
* dirmngr/dirmngr.c: Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--
JNLIB has no more meaning. Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/call-dirmngr.c (get_cached_cert): Fix typo in LOOKUP command.
--
This bug has been here since the code was written. The commit message
for commit 2d0ca28a22 actually had the
warning that the code has not been tested. Now the funny thing is
that when the code was backported to the 2.0 branch just a few minutes
later that typo was fixed en passant in that branch.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
Commit 91b826a388 was not enough to
avoid all sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (list_config): Replace print_sanitized_string2 by
es_write_sanitized.
* common/stringhelp.c (print_sanitized_buffer2): Remove.
(print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
(print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
(print_sanitized_string): Remove.
* sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
(pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
--
Mixing stdio and estream is never a good idea. This fix also allows
us to remove a lot of garbage.
Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
GnuPG-bug-id: 1822
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/minip12.c (p12_build): Release PWBUF only at the end.
--
Suggested-by: Eygene Ryabinkin <rea@codelabs.ru>
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/misc.c (transform_sigval): Init RSA_S_LEN.
* g13/mount.c (read_keyblob): Init HEADERLEN.
--
Not a bug but the compiler (gcc 4.9.1) can't detect that it is not
used uninitialized.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
double-free of pwbuf.
--
Observed by Joshua Rogers <honey@internot.info>, who proposed a
slightly different fix.
Debian-Bug-Id: 773472
Added fix at a second place - wk.
* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
* sm/gpgsm.c (parse_keyserver_line): Ditto.
--
Reported-by: Joshua Rogers <git@internot.info>
"If something inside the ldapserver_parse_one function failed,
'server' would be freed, then returned, leading to a
use-after-free. This code is likely copied from sm/gpgsm.c, which
was also susceptible to this bug."
Signed-off-by: Werner Koch <wk@gnupg.org>
* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.
* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"
* common/t-timestuff.c: Use putenv if setenv is not available.
--
gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X. This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.
In part two we will address the functions
mkdtemp
setenv
unsetenv
strpbrk
which may bot be implemented on all platforms. They are not required
on a libc based system.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Also fixed some of my own copyright notices due to the termination of
my assignment. The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
* kbx/keybox.h (keybox_blobtype_t): New.
* kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
* kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
non-matching blobs.
* sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
* g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
--
Without this fix a listing of all keys would fail because the wrong
blob type would be returned for the gpg or gpgsm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too
long blobs.
* sm/keydb.c (keydb_search): Call keybox_search with a dummy param.
* g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs.
(keydb_search_reset): Reset that field.
(keydb_search): Update that field.
(keydb_get_skipped_counter): New.
* g10/keylist.c (list_all): Print count of skipped keys.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
* kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
flag.
* kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
and set header flag.
* kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
and add arg for_openpgp.
(keybox_new_openpgp, keybox_new_x509): New. Use them instead of the
former keybox_new.
* kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
openpgp header flags.
* g10/keydb.c (rt_from_file): New. Factored out and extended from
keydb_add_resource.
(keydb_add_resource): Switch to the kbx file if it has the openpgp
flag set.
* kbx/keybox-dump.c (dump_header_blob): Print header flags.
--
The problem was reported by dkg on gnupg-devel (2014-10-07):
I just discovered a new problem, though, which will affect people on
systems that have gpg and gpg2 coinstalled:
0) create a new keyring with gpg2, and use it exclusively with gpg2
for a while.
1) somehow (accidentally?) use gpg (1.4.x) again -- this creates
~/.gnupg/pubring.gpg
2) future runs of gpg2 now only look at pubring.gpg and ignore
pubring.kbx -- the keys you had accumulated in the keybox are no
longer listed in the output of gpg2 --list-keys
Note that gpgsm has always used pubring.kbx and thus this file might
already be there but without gpg ever inserted a key. The new flag in
the KBX header gives us an indication whether a KBX file has ever been
written by gpg >= 2.1. If that is the case we will use it instead of
the default pubring.gpg.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap
* g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not
need $(LIBASSUAN_LIBS)
* sm/Makefile.am: gpgsm does not need $(ZLIBS)
* tools/Makefile.am: gpgconf does not need $(NPTH_LIBS)
--
In the course of building GnuPG 2.1.0 beta864 on debian, i found that
several of the installed executables were linked to libraries that
they did not need to be linked to, which would cause unnecessary
package dependencies at runtime.
The changeset here removes these unnecessary libraries from linking.
Something similar could possibly also be done by passing --as-needed
to the linker, but trimming the depenencies seems more parsimonious.
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options. Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--
The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
* sm/gpgsm.h (opt): Add field "no_homedir_creation".
* sm/gpgsm.c (main): Set it if --no-options is used.
* sm/keydb.c (try_make_homedir): New. Similar to the one from
g10/openfile.c.
(maybe_create_keybox): New. Similar to the one from g10/keydb.c.
(keydb_add_resource): Replace some code by maybe_create_keybox.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret. Also move
the token string from the wrong field 14 to 15.
--
This option is useful for key managers which need to know whether a
key has a secret key. This change allows to collect this information
in one pass.
* sm/certchain.c (find_up_search_by_keyid): Consider all matching
certificates.
(find_up): Add some debug messages.
--
The DFN-Verein recently re-issued its CA certificates without
generating new keys. Thus looking up the chain using the authority
keyids works but may use still existing old certificates. This may
break the CRL lookup in the Dirmngr. The hack to fix this is by using
the latest issued certificate with the same subject key identifier.
As usual Peter Gutman's X.509 style guide has some comments on that
re-issuing.
GnuPG-bug-id: 1644
* kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.
--
This only affects the new keybox for OpenPGP keys in 2.1. The bug
exhibited itself by running GPA's backup command on Windows.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.
* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
* configure.ac (HAVE_BROKEN_TTYNAME): New ac_define set for Android
systems.
* common/util.h (gnupg_ttyname): New macro. Change all callers of
ttyname to use this macro instead.
(ttyname) [W32]: Rename to _gnupg_ttyname and use also if
HAVE_BROKEN_TTYNAME is defined.
* common/simple-pwquery.c (agent_send_all_options): Keep on using
ttyname unless HAVE_BROKEN_TTYNAME is set. This is because this file
may be used standalone.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems. We now use two \x27 characters ('...').
The proper solution would be to use the correct Unicode symmetric
quotes here. However this has the disadvantage that the system
requires Unicode support. We don't want that today. If Unicode is
available a generated po file can be used to output proper quotes. A
simple sed script like the one used for en@quote is sufficient to
change them.
The changes have been done by applying
sed -i "s/\`\([^'\`]*\)'/'\1'/g"
to most files and fixing obvious problems by hand. The msgid strings in
the po files were fixed with a similar command.
GnuPG requires that options are given before other arguments. This
can sometimes be confusing. We now print a warning if we found an
argument looking alike a long option without being preceded by the
stop option. This is bug#1343.
* common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New.
* common/argparse.c (arg_parse): Set new flag.
* g10/gpg.c (main): Print the warning.
* agent/gpg-agent.c (main): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
* g13/g13.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
For the shared code parts it is cumbersome to pass an error sourse
variable to each function. Its value is always a constant for a given
binary and thus a global variable makes things a lot easier than the
former macro stuff.
* common/init.c (default_errsource): New global var.
(init_common_subsystems): Rename to _init_common_subsystems. Set
DEFAULT_ERRSOURCE.
* common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT.
(init_common_subsystems): New macro.
* common/util.h (default_errsource): Add declaration.
* kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute. Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--
This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html . The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known). Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
This should always work because the dirmngr asked us to validate the
given certificate. This should make OCSP configuration easier because
there is less requirement to install all certificates for Dirmngr and
gpgsm.
CAUTION: This code has not yet been tested.
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'. This happened when I merged the user id
classification code of gpgsm and gpg.
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.
Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file. An example parameter file
is
Key-Type: RSA
Key-Length: 1024
Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
Key-Usage: sign, encrypt
Serial: random
Name-DN: CN=some test key
Name-Email: foo@example.org
Name-Email: bar@exmaple.org
Hash-Algo: SHA384
not-after: 2038-01-16 12:44
This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm. The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
2010-06-10 Marcus Brinkmann <marcus@g10code.de>
* estream.c (_es_get_std_stream): Fix cut&paste bug.
sm/
2010-06-10 Marcus Brinkmann <marcus@g10code.de>
* server.c (SERVER_STDIN, SERVER_STDOUT): New macros.
(gpgsm_server): Use them with assuan_fdopen.
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* command.c (start_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
scd/
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* command.c (scd_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
sm/
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on
fds.
g10/
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds.
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not
assuan_pipe_connect_ext.
* command.c (start_command_handler): Change
assuan_init_socket_server_ext into assuan_init_socket_server.
* call-scd.c (start_scd): Update use of assuan_socket_connect and
assuan_pipe_connect.
* gpg-agent.c (check_own_socket_thread, check_for_running_agent):
Update use of assuan_socket_connect.
common/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Update use of
assuan_socket_connect and assuan_pipe_connect.
scd/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* command.c (scd_command_handler): Call assuan_init_socket_server,
not assuan_init_socket_server_ext.
sm/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* call-dirmngr.c (start_dirmngr_ext): Update use of
assuan_pipe_connect and assuan_socket_connect.
tools/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (start_agent): Update use of
assuan_socket_connect and assuan_pipe_connect.