1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-26 10:59:58 +01:00

9956 Commits

Author SHA1 Message Date
NIIBE Yutaka
c5e8ef3ab9 scd: Internal CCID: Clear the handle after use.
* scd/apdu.c (close_ccid_reader): Clear the handle.
(open_ccid_reader): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-28 13:33:20 +09:00
NIIBE Yutaka
684a52dffa scd: Change handling of SPR532 card reader.
* scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
for SPR532 initialization.
(ccid_slot_status): Send ESCape command after GetSlotStatus.

GnuPG-bug-id: 5065
Fixes-commit: 4fae55f8ee11b3f710524e5e8b8a91b159949f2d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-28 13:29:51 +09:00
Werner Koch
f8fbd9e734
keyboxd: Make use of the config table
* kbx/backend-sqlite.c (DATABASE_VERSION): New.
(table_definitions): Make column name of table config unique.
(create_or_open_database): Read and set the database version.
(get_config_value, set_config_value): New.
--

Well, kind of.  For now we just store the database version.  Note that
for existing databases the config table should first be dropped so
that the UNIQUE constraint can be used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-25 11:53:05 +02:00
NIIBE Yutaka
93e3c97889 scd: For PC/SC, send the ESC command at init for SPR532 reader.
* scd/apdu.c (struct reader_table_s): Remove is_spr532.
(pcsc_vendor_specific_init): Send the ESC command for SPR532.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove no_lc hack.

--

The "no_lc" hack lets PC/SC-lite send the ESC command for SPR532
internally, for pcsc_pinpad_verify.  However, PC/SC-lite doesn't do
that for pcsc_pinpad_modify, unfortunately.  Besides, I'm not sure
this hack works on Windows, which has different implementation of
PC/SC service.

It's better to send the ESC command by the driver explicitly, at the
initialization.  Sending the ESC command results PCSC_E_NOT_TRANSACTED
error when a card is not active (that is the case, usually).  We
ignore this error.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-25 11:24:39 +09:00
NIIBE Yutaka
4fae55f8ee scd: For SPR532, submit the ESCape command at initialization.
* scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
command for VENDOR_SCM.
(ccid_transceive_secure): Don't submit the ESC command every time.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-25 10:35:45 +09:00
Werner Koch
d49a945b12
gpg: New experimental import option "bulk-import"
* g10/options.h (IMPORT_BULK): New.
* g10/import.c (parse_import_options): Add "bulk-import".
* g10/call-keyboxd.c (in_transaction): New var.
(gpg_keyboxd_deinit_session_data): Run a commit if in bulk import
mode.
(create_new_context): Run a begin transaction if in bulk import mode.
--

Initial tests with this option are not very promising.  Importing
about 3000 real world keys with --use-keyboxd and full logging took:

   real    33m31.724s
   user    19m54.265s
   sys     2m49.662s

With bulk-import this saves a mere 12%:

   real    29m36.542s
   user    19m3.391s
   sys     2m46.728s

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 16:47:10 +02:00
Werner Koch
c2b14f5d68
keyboxd: New command TRANSACTION.
* kbx/backend-sqlite.c (be_sqlite_rollback): New.
(be_sqlite_commit): New.
(be_sqlite_search): Take care of global transactions.
(be_sqlite_store): Ditto.
(be_sqlite_delete): Ditto.
* kbx/frontend.c (kbxd_rollback, kbxd_commit): New.
* kbx/keyboxd.h (opt): Add vars for transactions.
* kbx/kbxserver.c (struct server_local_s): Add fields next_session and
client_pid.
(session_list): New var.
(cmd_transaction): New.
(register_commands): Register command.
(kbxd_start_command_handler): Store pids and track sessions.  Do a
final rollback.
--

This command is currently an experiment to allow a client to run
everything in one session.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 16:38:21 +02:00
Werner Koch
b19a60c6f7
tests: Integrate --use-keyboxd into the OpenPGP test suite.
* tests/openpgp/all-tests.scm (all-tests): Replace extended-key-format
mode with a new keyboxd mode.
* tests/openpgp/defs.scm (create-gpghome): Ditto.
* tests/openpgp/gpgv.scm: Adjust for keyboxd mode.
* tests/openpgp/issue2419.scm: Fix to allow setting a log-file into
gpg.conf for debugging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 10:37:42 +02:00
Werner Koch
25ad3c22d7
keyboxd: Implement multiple search descriptions.
* kbx/kbx-client-util.c (kbx_client_data_simple): New.
* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add field descidx.
(be_sqlite_search): Use that.
* g10/call-keyboxd.c (keydb_search): Implement multi mode.
--

With that change the keyboxd is at par with the keybox code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 10:37:42 +02:00
Werner Koch
1f89d50537
keyboxd: Fix UDPATE keyblob SQL statement
* kbx/backend-sqlite.c: Always use ?NNN for SQL parameters.
--

Using :NNN is obviously wrong to get the parameters in the right
order.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 10:37:41 +02:00
Werner Koch
97798eec4b
tests: Fix convenience function to run gpg.
* tests/openpgp/defs.scm (pipe:gpg): Remove stray dash.
--

The extra dash is problematic at export and import because this does
not export a single key as intended by the tests but does two key
lookups where the second fails because that userid is always "-".  For
the current keyring and keybox code this does not matter because it is
ignored.  The keyboxd code however is more picky and returns an error.

Fixes-commit: 9609cb20e4caee739b9fc4fd36797029d2970041
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 10:37:41 +02:00
Werner Koch
0ac003b457
keyboxd: Remove unused variables.
* kbx/kbx-client-util.c (datastream_thread): No need to set PK_NO and
UID_NO.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 10:37:41 +02:00
Werner Koch
acaeba2dbd
keyboxd: Integrate into gpgconf.
* common/asshelp.c (lock_spawning): Use a dedicated name for keyboxd.
* common/homedir.c (keyboxd_socket_name): New.
(gnupg_module_name): Put keyboxd into libexecdir.
* tools/gpgconf-comp.c (known_options_keyboxd): New.
(gc_component): Add entry for keyboxd.
(keyboxd_runtime_change): New.
(gc_component_launch): Support keyboxd.
* tools/gpgconf.c (list_dirs): Emit new item keyboxd-socket.
(main): Also remove keyboxd socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 10:37:41 +02:00
NIIBE Yutaka
7cbb513a2d scd: Fix CCID internal driver for interrupt transfer.
* scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.

--

SPR532 USB Smart Card Reader (also know as SPR332) may send two
messages at once for a single interrupt transfer.  An example transfer
observed was like: 50 03 50 02, which is considered valid, according
to the CCID specification.

GnuPG-bug-id: 5065
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-24 17:05:13 +09:00
Werner Koch
1835097561
gpg: Set the found-by flags in the keyblock in keyboxd mode.
* g10/keydb-private.h (struct keydb_handle_s): Add fields to return
the ordinals of the last found blob.
* g10/call-keyboxd.c (keydb_get_keyblock): Pass them to the keyblock
parser.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-22 16:20:41 +02:00
Werner Koch
b810320b1b
sm: Fix returning of the ephemeral flag in keyboxd mode.
* sm/keydb.c (search_status_cb): Skip over the ubid.
2020-09-22 16:15:47 +02:00
Werner Koch
c81a7b0936
common: Fix name of keyboxd.
* common/homedir.c (gnupg_module_name): Fix name.
2020-09-22 16:14:21 +02:00
Werner Koch
0e892bda4e
keyboxd: Extend PUBKEY_INFO status line with an uid ordinal.
* kbx/backend-sqlite.c (table_definitions): Add column UINO to
userids.
(be_sqlite_local_s): Add fields select_col_uidno and
select_col_subkey.
(run_select_statement): Also select subkey or uidno column.
(be_sqlite_search): Return their values.
(store_into_userid): Store the UIDNO.
* kbx/backend-support.c (be_return_pubkey): Extend PUBKEY_INFO.
--

For an existing database adding the new column to the table userid is
straightforward.  However if the original version of the schema used an
integer for the keyid column, that column has likely be renamed.  Make
sure that the NOT NULL constraint has also be removed; check the
SQLite documentation on how this can be done.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-22 15:42:40 +02:00
Werner Koch
e0a312bfd6
kbx: Add bounds check to detect corrupt keyboxes.
* kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes.
--

kbxutil is a debug tool but nevertheless it should behave well and not
read beyond allocated buffers and in turn crash.

Vincent Ulitzsch and Dominik Maier were kind enough to report these
crashes along with a couple of test keyboxes and crash analysis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-22 11:45:32 +02:00
Werner Koch
26da47ae53
scd: Extend KEYPAIRINFO with an algorithm string.
* scd/app-openpgp.c (send_keypair_info): Emit the algo string as part
of a KEYPAIRINFO.
* scd/command.c (do_readkey): Ditto.
* scd/app-piv.c (do_readkey): Ditto.
* scd/app-nks.c (do_learn_status_core): Ditto.
(struct fid_cache_s): Add field algostr.
(flush_fid_cache): Release it.
(keygripstr_from_pk_file): Fill it and add it to the cache.  Use a
single exit label.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg
r_algostr.  Change all callers.
--

This is helpful so that callers do not need to parse the key for this
basic information.  Use "scd readkey --info-only" to return the info
status line instead of the key material; using just --info returns the
info in addition to the key material.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-21 14:47:53 +02:00
Werner Koch
babd87f2da
doc: Some documentation updates.
--

Also fixed some typos and documented soon to be used OIDs
2020-09-21 09:20:47 +02:00
Werner Koch
c772770574
sm: Implement delete key in keyboxd mode
* sm/keydb.c (keydb_delete): Implement keyboxd mode.
(keydb_update_cert): Disable unused function.
* kbx/backend-sqlite.c (be_sqlite_delete): Delete from issuer.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-21 09:20:40 +02:00
NIIBE Yutaka
8a84a71f3a agent: Fix regression for access through the extra secket.
* agent/command.c (cmd_keyinfo): Allow KEYINFO command for one key.
(cmd_scd): Allow SCD command to invoke GETINFO, GETATTR, and
KEYINFO --list=encr sub commands.

--

GnuPG-bug-id: 5063
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 10:29:54 +09:00
NIIBE Yutaka
dfdcf14738 common,agent,dirmngr,g10,tools: Fix split_fields API.
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.

--

The strings in the ARRAY don't need to be released by caller, as those
are references.  It's easier to follow the code when it's explicitly
const *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 10:20:23 +09:00
NIIBE Yutaka
8ff3663027 scd: Clear PIN cache when changing key attributes.
* scd/app-openpgp.c (change_keyattr): Clear all PINs.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 13:13:29 +09:00
NIIBE Yutaka
f4c07fc3d3 scd: Clear caching PIN at KDF setup.
* scd/app-openpgp.c (do_setattr): Clear PINs.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 13:04:59 +09:00
NIIBE Yutaka
316a8cbc75 scd: Add better support for KDF feature.
* scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 12:58:30 +09:00
NIIBE Yutaka
8dfd0ebfd8 gpg,scd: Fix handling of KDF feature.
* g10/card-util.c (kdf_setup): Fix the default value.
* scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
Zeitcontrol.  Make sure Gnuk and Yubikey work well.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 12:49:20 +09:00
NIIBE Yutaka
6e51f2044a scd: Fix the use case of verify_chv2 by CHECKPIN.
* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
when needed.

--

Confusingly, verify_chv2 has two different purposes;  One for
verifying with CHV2 (in addition to CHV1), and the call by
CHECKPIN.  For the latter, we should check CHV1.

Fixes-commit: af189be481df02a77e088aa0a60a1fc02dfa12bf
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-15 15:31:23 +09:00
Werner Koch
fbc1b199fd
scd:piv: Avoid conflict when writing a cert.
* scd/app-piv.c (map_curve_name_to_oid): New.
(my_cmp_public_key): New.
(do_writecert): Replace simple memcmp by cmp_canon_sexp.
--

GnuPG-bug-id: 5061
2020-09-11 15:47:39 +02:00
Werner Koch
b6ba6a79ce
common: New function cmp_canon_sexp.
* common/sexputil.c (cmp_canon_sexp): New.
(cmp_canon_sexp_def_tcmp): New.
* common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
--

To be used to fix
GnuPG-bug-id: 5061

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-11 15:23:22 +02:00
Werner Koch
9a94db1f66
keyboxd: Implement lookup by short and long keyid.
* kbx/backend-sqlite.c: Change definition of column KID.
(kid_from_mem): Remove.
(kid_from_u32): Rewrite.
(run_sql_bind_int64): Remove.
(run_select_statement): Implement lookup by short keyid.  Fix lookup
by long keyid.
(store_into_fingerprint): Adjust kid arg.
--

The original idea of using an INTEGER, which has the required 64 bits,
didn't worked out due to problems with signed/unsigned mismatch and
the required truncation in a short keyid lookup.  Thus we change the
definition to a blob.

For a database currently in use the change can be done by hand:

  alter table fingerprint rename column kid to deletedkid;
  alter table fingerprint add column kid not null
        default X'0000000000000000';

  update fingerprint set kid = substr (fpr, 13);

The update does only work with 20 octet fingerprints; that is not with
the new v5 OpenPGP keys.  Note that sqlite does not allow to drip a
column, thus we rename it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-11 12:10:05 +02:00
Werner Koch
616c60d93d
keyboxd: Add ephemeral and revoked flag to the sqlite backend.
* kbx/backend-support.c (be_return_pubkey): Add args is_ephemeral and
is_revoked.  Adjust callers.
* kbx/backend-sqlite.c: Alter table pubkey to add new columns.
(run_select_statement): Add new column to all selects.
(be_sqlite_search): Return the new flags.
--

For existing test databases the new column can be added with:

  alter table pubkey add ephemeral integer not null default 0;
  alter table pubkey add revoked integer not null default 0;

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-11 12:10:05 +02:00
Andre Heinecke
d62797ebcc
doc: Update and extend module overview
* doc/gnupg-module-overview.svg: Add examples of GPGME aware
applications

--
Whenever I used this overview I needed to explain what this
meant so giving examples might help a bit and also illustrate
the codesharing between GpgOL, Kleopatra and KMail.
2020-09-10 13:58:47 +02:00
Werner Koch
ed6ebb696e
sm: Implement initial support for keyboxd.
* sm/gpgsm.h (MAX_FINGERPRINT_LEN): New.
* sm/keydb.c (struct keydb_local_s): Change definition of
search_result.
(keydb_get_cert): Implement keyboxd mode.
(keydb_get_flags): Temporary hack for keyboxd mode.  Needs to be
fixed.
(struct store_parm_s, store_inq_cb): New.
(keydb_insert_cert): Implement keyboxd mode.
(keydb_locate_writable): Make static.
(keydb_search_reset): Implement keyboxd mode.
(search_status_cb): New.
(keydb_search): Implement keyboxd mode. Replace return code -1 by
GPG_ERR_NOT_FOUND.
(keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND.
* sm/keylist.c (list_cert_colon): Adjust for replacement of -1 by
GPG_ERR_NOT_FOUND.
(list_internal_keys): Ditto.
* sm/sign.c (add_certificate_list): Ditto.
* sm/certchain.c (find_up_search_by_keyid): Ditto.
(find_up_external, find_up, find_up_dirmngr): Ditto.
(gpgsm_walk_cert_chain): Ditto.
(get_regtp_ca_info): Ditto.
* sm/certlist.c (gpgsm_add_to_certlist): Ditto.
(gpgsm_find_cert): Ditto.
* sm/delete.c (delete_one): Ditto.
* sm/export.c (gpgsm_export): Ditto.
(gpgsm_p12_export): Ditto.
* sm/import.c (gpgsm_import_files): Ditto.
--

Note that keyboxd is not yet able to handle the ephemeral flag.  This
needs fixing here and in keyboxd.  Delete et al. is also not yet
implemented.  A basic key listing works, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 13:05:17 +02:00
Werner Koch
c9677d416e
keyboxd: Add basic support for X.509.
* kbx/keybox-blob.c (x509_email_kludge): Rename to ...
(_keybox_x509_email_kludge): this and make global.
* kbx/backend.h: Include ksba.h.
* kbx/backend-support.c (be_get_x509_serial): New.
(be_get_x509_keygrip): New.
* kbx/backend-sqlite.c (table_definitions): New table 'issuers'.
(run_select_statement): Implements modes ISSUER, ISSUER_SN, SUBJECT.
(store_into_userid): Add arg override_mbox.
(store_into_issuer): New.
(be_sqlite_store): Implement x509 part.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:50:45 +02:00
Werner Koch
6fcc263c18
keyboxd: Use D-lines instead of a separate thread.
* kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'.
* g10/call-keyboxd.c (open_context): Set DLINES to true.
* sm/keydb.c (open_context): Ditto.
--

This allows to compile time switch between the D-line and the
fd-passing data communication between gpg/gpgsm and keyboxd. A quick
test with about 3000 OpenPGP keys showed that D-lines are only 10%
slower than the fd-passing based implementation.  Given that the
thread adds extra complexity we go for now with the D-line approach.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:14:02 +02:00
Werner Koch
29977e21d1
keyboxd: Add options --openpgp and --x509 to SEARCH.
* kbx/keyboxd.h (struct server_control_s): Replace the two request
objects by just one.  Add filter flags.
* kbx/kbxserver.c (cmd_search): Add options --openpgp and --x509.
(cmd_killkeyboxd): Do not return GPG_ERR_EOF.
* kbx/frontend.c (kbxd_release_session_info): Adjust for the new
request object.
(kbxd_search, kbxd_store, kbxd_delete): Ditto.
* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add filter flags.
(run_sql_prepare): Add optional arg 'extra'.  Change callers.
(run_sql_bind_ntext): New.
(run_sql_bind_text): Just call run_sql_bind_ntext.
(run_select_statement): Add ctrl arg.  Implement the filter flags.

* g10/call-keyboxd.c (keydb_search): Use the --openpgp option.
--

As soon as we implement X.509 we need to have a way to return only
openpgp or x.509 certificates.  Gpg/gpgsm will then use the respective
flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:08:48 +02:00
Werner Koch
3cf9bb4d73
gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
* dirmngr/server.c (cmd_killdirmngr): Return 0.
* tools/gpg-connect-agent.c (main): Catch signals.
--

And we also print nicer diagnostics.  The reason we need this is that
for example "gpgconf --kill dirmngr" uses gpg-connect-agent to send a
command to dirmngr.  This may results in a SIGPIPE which in turn leads
to an annoying error message from gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 10:50:40 +02:00
Werner Koch
5a87011c46
dirmngr: Fix the pool keyserver case for a single host in the pool.
* dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
localhost and if there is no pool.
2020-09-10 10:50:40 +02:00
Werner Koch
faabc49797
dirmngr: Align the gnutls use of CAs with the ntbtls code.
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--

The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate.  This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 10:50:39 +02:00
NIIBE Yutaka
d4cb774ddd scd: Flush KDF DO (0x00F9) when it's being set.
* scd/app-openpgp.c (do_setattr): Call flush_cache_item always.

--

Only it was called when there was an object with KDF_DATA_LENGTH_MAX.
No matter the VALUELEN, it should be flushed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-10 15:20:01 +09:00
Werner Koch
8ed85ef3de
agent: Keep some permissions of private-keys-v1.d.
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312
2020-09-09 20:34:59 +02:00
Werner Koch
adec6a84f6
kbx: Change X.509 S/N search definition.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload
SNLLEN with a hex flag.  Add SNHEX.
* kbx/keybox-search.c (keybox_search): Adjust.
* common/userids.c (classify_user_id): Adjust.
* sm/keydb.c (keydb_search_desc_dump): Adjust.
* g10/keydb.c (keydb_search_desc_dump): Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-09 20:34:59 +02:00
NIIBE Yutaka
2bc1ec2944 gpg,tools: Add handling of supported algorithms by a card.
* g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo.
* g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO.
(agent_release_card_info): Release supported_keyalgo.
* tools/gpg-card.h (struct card_info_s): Add supported_keyalgo.
* tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO.
(release_card_info): Release supported_keyalgo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-08 15:34:42 +09:00
NIIBE Yutaka
0db9c83555 scd: Add a workaround for Yubikey.
* scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.

--

Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n
610616049 returns 0x6581, where 0x6a88 is expected.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-08 11:41:33 +09:00
NIIBE Yutaka
270c49b8c6 scd: Fix handling 0x00FA to support OpenPGP card 3.4.
* scd/app-openpgp.c (data_objects): It may be longer.

Fixes-commit: 90d0072165cc5c6888f14462392a211de0c4b232
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-07 14:24:48 +09:00
Werner Koch
0e721b635d
scd: Increase the number of supported readers from 4 to 16.
--

The limit on 4 readers I introduced in 2003 is too low for some of our
use cases.  16 looks better.   TODO: Return a useful error message in
gpg-card if the limit has been reached.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 12:51:54 +02:00
Werner Koch
65eb156980
gpg: Initialize a parameter to silence valgrind.
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--

In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter.  Thus there should be no
problem because the assert call check s buffer first.  For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable.  That does not happen with our
log_assert.

Tested with gnupg 2.2.23 with gcc 8.3.0 and valgrind 3.14.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 11:32:47 +02:00
Werner Koch
b7f56ba5e3
tests: New test run envvar to run gpg under valgrind.
--

Take care: Running under valgrind takes loooong and in some case you
may run into an valgrind internal error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 11:31:43 +02:00