1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-30 11:31:32 +01:00

8823 Commits

Author SHA1 Message Date
NIIBE Yutaka
f747b8f073 g10: Fix memory leak in check_sig_and_print.
* g10/mainproc.c (check_sig_and_print): Free the public key.

--

GnuPG-bug-id: 3900
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-13 16:42:34 +09:00
NIIBE Yutaka
c31abf8465 g10: Push compress filter only if compressed.
* g10/compress.c (handle_compressed): Fix memory leak.

--

All other calls of push_compress_filter checks ALGO,
so, do it here, too.

GnuPG-bug-id: 3898
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-13 10:09:02 +09:00
emma peel
40fcddd3a9 po: Update Spanish translation
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-04-12 14:26:42 -04:00
Werner Koch
69c3e7acb7
gpg: Extend the "sig" record in --list-mode.
* g10/getkey.c (get_user_id_string): Add arg R_NOUID.  Change call
callers.
(get_user_id): Add arg R_NOUID.  Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode.  Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--

Scripts used to rely on the "User ID not found" string even in the
--with-colons listing.  However, that is not a good idea because that
string is subject to translations etc.  Now we have an explicit way of
telling that a key is missing.  For example:

  gpg --list-sigs --with-colons | \
    awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'

Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 17:53:17 +02:00
Werner Koch
23a714598c
gpg: Extend the ERRSIG status line with a fingerprint.
* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR.  Use ISSUER_FPR_RAW.
Use write_status_printf.  Extend ERRSIG status.
--

Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature.  This is also useful in error messages and thus we add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 16:41:18 +02:00
Werner Koch
e2bd152a92
gpg: Relax printing of STATUS_FAILURE.
* g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
return code and not on the presence of any call to log_error.
--

This fixes an actual regression in GPGME where FAILURE is considered
for example by a signature verify operation.  The operation will simply
fail and not just record that that a signature could not be verified.
In particular for files with more than one signature a log_error if
often called to show that a pubkey is missing for one of the
signatures.  Using that log_error is correct in that case.

Fixes-commit: 0336e5d1a7b9d46e06c838e6a98aecfcc9542882
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 11:49:36 +02:00
Werner Koch
bbb5bfacc0
agent,dirmngr: Add "getenv" to the getinfo command.
* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--

It is sometimes helpful to be able to inspect certain envvars in a
running agent.  For example "http_proxy".

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 11:25:58 +02:00
Andre Heinecke
327fece0ae
build: Update getswdb version check to 2.2
* build-aux/getswdb.sh: Check for gnupg22_ver gnupg21_ver no
longer exists.
2018-04-12 08:56:00 +02:00
NIIBE Yutaka
bb2680a45a po: Update Japanese translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-12 10:52:51 +09:00
Werner Koch
789d240cb4
gpg: New option --no-symkey-cache.
* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-11 20:35:40 +02:00
Werner Koch
9f69dbeb90
agent: Improve the unknown ssh flag detection.
* agent/command-ssh.c (ssh_handler_sign_request): Simplify detection
of flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-10 07:59:52 +02:00
Daniel Kahn Gillmor
381c46818f agent: unknown flags on ssh signing requests cause an error.
* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
during an signature request that we do not know how to apply, return
GPG_ERR_UNKNOWN_OPTION.

--

https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:

    If the agent does not support the requested flags, or is otherwise
    unable or unwilling to generate the signature (e.g. because it
    doesn't have the specified key, or the user refused confirmation of a
    constrained key), it must reply with a SSH_AGENT_FAILURE message.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3880
2018-04-09 18:06:38 -04:00
Daniel Kahn Gillmor
55435cdd4f agent: change documentation reference for ssh-agent protocol.
* agent/command-ssh.c: repoint documentation reference.

--

Damien Miller is now documenting the ssh-agent protocol via the IETF.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-04-09 18:00:29 -04:00
Werner Koch
30081d2851
Post release updates
--
2018-04-09 22:25:37 +02:00
Werner Koch
6fbe2ddbaf
Release 2.2.6 gnupg-2.2.6 2018-04-09 21:21:38 +02:00
Werner Koch
f1f072c501
po: Auto-update.
--
2018-04-09 21:20:25 +02:00
Werner Koch
b46b143925
po: Update German translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 20:39:48 +02:00
Werner Koch
7fa6f14814
doc: Typo fix in gpg.texi
--

Reported-by: Cody Brownstein
2018-04-09 19:46:54 +02:00
Werner Koch
6da7aa1e7c
gpg,w32: Fix empty homedir when only a drive letter is used.
* common/homedir.c (copy_dir_with_fixup): New.
(default_homedir): Use here.
(gnupg_set_homedir): And here .
--

This actually fixes a couple of cases for Windows.  Both --home-dir
and GNUPGHOME.  The interpretation of "c:" -> "c:/" might not be the
correct one but because we need an absolute dir anyway it is the less
surprising one.  Note that this does not include a full syntax check
and fixup and thus it is very well possible that the result is not an
absolute directory.

GnuPG-bug-id: 3720
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 14:44:21 +02:00
Werner Koch
519e4560e8
doc: Add an example for --default-new-key-algo
--
2018-04-09 10:51:28 +02:00
Werner Koch
a4e26f2ee8
doc: Document --key-edit:change-usage
* g10/keyedit.c (menu_changeusage): Make strings translatable.
--

GnuPG-bug-id: 3816
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 10:36:26 +02:00
Werner Koch
1a5d95e731
gpg: Check that a key may do certifications.
* g10/sig-check.c (check_signature_end_simple): Check key usage for
certifications.
(check_signature_over_key_or_uid): Request usage certification.
--

GnuPG-bug-id: 3844
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:27 +02:00
Werner Koch
0336e5d1a7
gpg: Emit FAILURE stati now in almost all cases.
* g10/cpr.c (write_status_failure): Make it print only once.
* g10/gpg.c (wrong_args): Bump error counter.
(g10_exit): Print a FAILURE status if we ever did a log_error etc.
(main): Use log_error instead of log_fatal at one place.  Print a
FAILURE status for a bad option.  Ditto for certain exit points so
that we can see different error locations.
--

This makes it easier to detect errors by tools which have no way to
get the exit code (e.g. due to double forking).

GnuPG-bug-id: 3872
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:25 +02:00
Werner Koch
cfd0779808
doc: Add a code comment about back signatures.
--
2018-04-06 11:01:46 +02:00
Werner Koch
5ba74a134d
gpg: Re-indent sig-check.c and use signature class macros.
* g10/keydb.h (IS_BACK_SIG): New.
* g10/sig-check.c: Re-indent and use macros.
--

This makes the code easier to understand.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 10:18:53 +02:00
NIIBE Yutaka
80b775bdbb agent: Support SSH signature flags.
* agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
(SSH_AGENT_RSA_SHA2_512): New.
(ssh_handler_sign_request): Override SPEC when FLAGS
is specified.

--

GnuPG-bug-id: 3880
Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-06 14:58:14 +09:00
Werner Koch
d27417d3a5
gpg: Add new OpenPGP card vendor.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-05 15:25:13 +02:00
NIIBE Yutaka
870527df0d g10: Let card-edit/key-attr show message when change.
* g10/card-util.c (ask_card_rsa_keysize): Don't show message here.
(ask_card_keyattr): Show message when change, also for ECC.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-05 10:37:23 +09:00
NIIBE Yutaka
83529e1bd1 tests: Fix no gpg-agent upon removal of GNUPGHOME.
* tests/gpgscm/gnupg.scm (with-ephemeral-home-directory): Add
teadown-fn.
* tests/gpgsm/export.scm: Use -no-atexit version and stop-agent.
* tests/openpgp/decrypt-session-key.scm: Likewise.
* tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
* tests/openpgp/defs.scm (have-opt-always-trust): Likewise.
(setup-environment-no-atexit): New.
(start-agent): Support no use of atexit.
* tests/gpgsm/gpgsm-defs.scm (setup-gpgsm-environment-no-atexit): New.
* tests/migrations/common.scm (untar-armored): Follow the change
of with-ephemeral-home-directory.

--

When gpg-agent detects homedir removal, it will automatically exit.
Then, call of 'gpgconf --kill all' will fail.  So, stop-agent should
be called before the removal of homedir.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-04 20:27:08 +09:00
NIIBE Yutaka
cb1731c23c scd: Writing KDF resets auth state.
* scd/app-openpgp.c (do_setattr): Clear auth state.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-03 20:30:29 +09:00
NIIBE Yutaka
a17d2d1f69 g10: Fix filtering by PK->REQ_USAGE.
* g10/getkey.c (get_pubkey_byfprint): Filter by PK->REQ_USAGE.

--

GnuPG-bug-id: 3844
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-02 17:44:54 +09:00
NIIBE Yutaka
6705ee42a4 po: Update Japanese translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 19:32:02 +09:00
NIIBE Yutaka
130ad98240 g10: Fix card-edit/kdf-setup for single salt.
* g10/card-util.c (gen_kdf_data): Use SALT_USER.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 16:55:01 +09:00
NIIBE Yutaka
0c097575a9 g10,scd: Support single salt for KDF data object.
* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.

--

Gnuk has "admin-less" mode.  To support "admin-less" mode with KDF
feature, salt should be same for user and admin.  Thus, I introduce a
valid use of single salt.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 12:48:04 +09:00
NIIBE Yutaka
820380335a g10: Add "key-attr" command for --card-edit.
* g10/card-util.c (key_attr): New explicit command.
(generate_card_keys, card_generate_subkey): Don't ask key attr change.
(card_edit): Add for cmdKEYATTR.

--

GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 10:59:10 +09:00
NIIBE Yutaka
2969271876 scd: Support changing key attribute back to RSA.
* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.

--

In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent.  Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA.  But, many card
implementation uses P and Q, try this option.  If other cases,
factory-reset would be easier option.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 09:59:09 +09:00
NIIBE Yutaka
a1515b3bbc g10: Support key attribute change at --card-edit/generate.
* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
number 25519 for ed25519/cv25519.  Rename from ask_card_keyattr.
(ask_card_keyattr): Support ECC, as well as RSA.
(do_change_keyattr): Support ECC dropping magical number 25519.
* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
of CURRENT.
(generate_keypair): Follow the change of ask_curve.
(generate_subkeypair): Likewise.

--

GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-29 11:56:02 +09:00
NIIBE Yutaka
02d7bb819f g10: check_pin_for_key_operation should be just before genkey.
* g10/card-util.c (generate_card_keys): Check PIN later.
(card_generate_subkey): Likewise.

--

Changing key attribute resets PIN authentication status.  So, CHECKPIN
should be after that, before key generation.  Note that CHECKPIN is
done for binding signature.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-29 10:48:37 +09:00
NIIBE Yutaka
e610d51f0d g10: Change ask_curve so that it can be used outside.
* g10/call-agent.h (struct key_attr): New.
* g10/keygen.c (ask_curve): Return const char *.  No allocation.
(quick_generate_keypair): Follow the change.
(generate_keypair, generate_subkeypair): Likewise.
(parse_algo_usage_expire): Return const char *.

--

This change is intended for using ask_curve from card-util.c.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-28 18:44:45 +09:00
NIIBE Yutaka
96918346be agent,scd: Use pointer to represent HANDLE.
* agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
* scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-27 16:24:17 +09:00
Werner Koch
02dce8c0cc
agent: Make the request origin a part of the cache items.
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.

* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto.  Take RESTRICTED into account.
(agent_get_cache): Ditto.
--

If requests are coming from different sources they should not share the
same cache.  This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.

GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-27 08:40:58 +02:00
Werner Koch
eb68c2d3d1
gpg: Auto-fix a broken trustdb with just the version record.
* g10/tdbio.c (get_trusthashrec): Create hashtable on error.

GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 18:20:16 +02:00
Werner Koch
a750ebebf3
gpg: Pass CTRL arg to get_trusthashrec.
* g10/tdbio.c (get_trusthashrec): Add arg CTRL.
(tdbio_search_trust_byfpr): Ditto.
(tdbio_search_trust_bypk): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 18:06:43 +02:00
Werner Koch
403aa70c52
gpg: Return better error codes in case of a too short trustdb.
* g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
(tdbio_new_recnum): Never return on error.
(lookup_hashtable): Print a more descriptive error in case of !TABLE.
--

Also: tdbio_new_recnum had a bug in that it returned an error code and
not a record number in the error case.  The function is expected to
always return a valid new record number.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 17:55:03 +02:00
Werner Koch
456a3a8e93
gpg: Fix trustdb updates without lock held.
* g10/tdbio.c (is_locked): Turn into a counter.
(take_write_lock, release_write_lock): Implement recursive locks.
--

On trustdb creation we have this call sequence:

  init_trustdb                 -> takes lock
    tdbio_set_dbname
      create_version_record
       tdbio_write_record
         put_record_into_cache -> takes lock
         put_record_into_cache -> releases lock
  init_trustdb                 -> releases lock

The second take lock does noting but the first release lock has
already released the lock and the second release lock is a thus a NOP.
This is likely the cause for the corrupted trustdb as reported in

GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 16:57:04 +02:00
Werner Koch
5f00531463
gpg: Disable unused code parts in tdbio.c
* g10/tdbio.c (in_transaction): Comment this var.
(put_record_into_cache): Comment the transaction code.
(tdbio_sync): Ditto

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 16:26:46 +02:00
Werner Koch
137644c9cb
sm: Add OPTION request-origin.
* sm/server.c: Include shareddefs.h.
(option_handler): Add option.
--

This is required when running gpgsm in server mode as done by GPGME.
Noet that a command line option takes precedence.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 15:07:56 +01:00
Werner Koch
2cd35df5db
gpg,sm: New option --request-origin.
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
Werner Koch
05c55ee260
agent: New OPTION pretend-request-origin
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--

This allows to pretend that a request originated from the extra or
browser socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 08:37:14 +01:00
NIIBE Yutaka
5400a5bb77 build: Fix the manual source field.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-23 15:16:16 +09:00