1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-30 11:31:32 +01:00

8612 Commits

Author SHA1 Message Date
Daniel Kahn Gillmor
381c46818f agent: unknown flags on ssh signing requests cause an error.
* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
during an signature request that we do not know how to apply, return
GPG_ERR_UNKNOWN_OPTION.

--

https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:

    If the agent does not support the requested flags, or is otherwise
    unable or unwilling to generate the signature (e.g. because it
    doesn't have the specified key, or the user refused confirmation of a
    constrained key), it must reply with a SSH_AGENT_FAILURE message.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3880
2018-04-09 18:06:38 -04:00
Daniel Kahn Gillmor
55435cdd4f agent: change documentation reference for ssh-agent protocol.
* agent/command-ssh.c: repoint documentation reference.

--

Damien Miller is now documenting the ssh-agent protocol via the IETF.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-04-09 18:00:29 -04:00
Werner Koch
30081d2851
Post release updates
--
2018-04-09 22:25:37 +02:00
Werner Koch
6fbe2ddbaf
Release 2.2.6 gnupg-2.2.6 2018-04-09 21:21:38 +02:00
Werner Koch
f1f072c501
po: Auto-update.
--
2018-04-09 21:20:25 +02:00
Werner Koch
b46b143925
po: Update German translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 20:39:48 +02:00
Werner Koch
7fa6f14814
doc: Typo fix in gpg.texi
--

Reported-by: Cody Brownstein
2018-04-09 19:46:54 +02:00
Werner Koch
6da7aa1e7c
gpg,w32: Fix empty homedir when only a drive letter is used.
* common/homedir.c (copy_dir_with_fixup): New.
(default_homedir): Use here.
(gnupg_set_homedir): And here .
--

This actually fixes a couple of cases for Windows.  Both --home-dir
and GNUPGHOME.  The interpretation of "c:" -> "c:/" might not be the
correct one but because we need an absolute dir anyway it is the less
surprising one.  Note that this does not include a full syntax check
and fixup and thus it is very well possible that the result is not an
absolute directory.

GnuPG-bug-id: 3720
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 14:44:21 +02:00
Werner Koch
519e4560e8
doc: Add an example for --default-new-key-algo
--
2018-04-09 10:51:28 +02:00
Werner Koch
a4e26f2ee8
doc: Document --key-edit:change-usage
* g10/keyedit.c (menu_changeusage): Make strings translatable.
--

GnuPG-bug-id: 3816
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 10:36:26 +02:00
Werner Koch
1a5d95e731
gpg: Check that a key may do certifications.
* g10/sig-check.c (check_signature_end_simple): Check key usage for
certifications.
(check_signature_over_key_or_uid): Request usage certification.
--

GnuPG-bug-id: 3844
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:27 +02:00
Werner Koch
0336e5d1a7
gpg: Emit FAILURE stati now in almost all cases.
* g10/cpr.c (write_status_failure): Make it print only once.
* g10/gpg.c (wrong_args): Bump error counter.
(g10_exit): Print a FAILURE status if we ever did a log_error etc.
(main): Use log_error instead of log_fatal at one place.  Print a
FAILURE status for a bad option.  Ditto for certain exit points so
that we can see different error locations.
--

This makes it easier to detect errors by tools which have no way to
get the exit code (e.g. due to double forking).

GnuPG-bug-id: 3872
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:25 +02:00
Werner Koch
cfd0779808
doc: Add a code comment about back signatures.
--
2018-04-06 11:01:46 +02:00
Werner Koch
5ba74a134d
gpg: Re-indent sig-check.c and use signature class macros.
* g10/keydb.h (IS_BACK_SIG): New.
* g10/sig-check.c: Re-indent and use macros.
--

This makes the code easier to understand.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 10:18:53 +02:00
NIIBE Yutaka
80b775bdbb agent: Support SSH signature flags.
* agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
(SSH_AGENT_RSA_SHA2_512): New.
(ssh_handler_sign_request): Override SPEC when FLAGS
is specified.

--

GnuPG-bug-id: 3880
Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-06 14:58:14 +09:00
Werner Koch
d27417d3a5
gpg: Add new OpenPGP card vendor.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-05 15:25:13 +02:00
NIIBE Yutaka
870527df0d g10: Let card-edit/key-attr show message when change.
* g10/card-util.c (ask_card_rsa_keysize): Don't show message here.
(ask_card_keyattr): Show message when change, also for ECC.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-05 10:37:23 +09:00
NIIBE Yutaka
83529e1bd1 tests: Fix no gpg-agent upon removal of GNUPGHOME.
* tests/gpgscm/gnupg.scm (with-ephemeral-home-directory): Add
teadown-fn.
* tests/gpgsm/export.scm: Use -no-atexit version and stop-agent.
* tests/openpgp/decrypt-session-key.scm: Likewise.
* tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
* tests/openpgp/defs.scm (have-opt-always-trust): Likewise.
(setup-environment-no-atexit): New.
(start-agent): Support no use of atexit.
* tests/gpgsm/gpgsm-defs.scm (setup-gpgsm-environment-no-atexit): New.
* tests/migrations/common.scm (untar-armored): Follow the change
of with-ephemeral-home-directory.

--

When gpg-agent detects homedir removal, it will automatically exit.
Then, call of 'gpgconf --kill all' will fail.  So, stop-agent should
be called before the removal of homedir.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-04 20:27:08 +09:00
NIIBE Yutaka
cb1731c23c scd: Writing KDF resets auth state.
* scd/app-openpgp.c (do_setattr): Clear auth state.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-03 20:30:29 +09:00
NIIBE Yutaka
a17d2d1f69 g10: Fix filtering by PK->REQ_USAGE.
* g10/getkey.c (get_pubkey_byfprint): Filter by PK->REQ_USAGE.

--

GnuPG-bug-id: 3844
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-02 17:44:54 +09:00
NIIBE Yutaka
6705ee42a4 po: Update Japanese translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 19:32:02 +09:00
NIIBE Yutaka
130ad98240 g10: Fix card-edit/kdf-setup for single salt.
* g10/card-util.c (gen_kdf_data): Use SALT_USER.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 16:55:01 +09:00
NIIBE Yutaka
0c097575a9 g10,scd: Support single salt for KDF data object.
* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.

--

Gnuk has "admin-less" mode.  To support "admin-less" mode with KDF
feature, salt should be same for user and admin.  Thus, I introduce a
valid use of single salt.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 12:48:04 +09:00
NIIBE Yutaka
820380335a g10: Add "key-attr" command for --card-edit.
* g10/card-util.c (key_attr): New explicit command.
(generate_card_keys, card_generate_subkey): Don't ask key attr change.
(card_edit): Add for cmdKEYATTR.

--

GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 10:59:10 +09:00
NIIBE Yutaka
2969271876 scd: Support changing key attribute back to RSA.
* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.

--

In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent.  Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA.  But, many card
implementation uses P and Q, try this option.  If other cases,
factory-reset would be easier option.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 09:59:09 +09:00
NIIBE Yutaka
a1515b3bbc g10: Support key attribute change at --card-edit/generate.
* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
number 25519 for ed25519/cv25519.  Rename from ask_card_keyattr.
(ask_card_keyattr): Support ECC, as well as RSA.
(do_change_keyattr): Support ECC dropping magical number 25519.
* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
of CURRENT.
(generate_keypair): Follow the change of ask_curve.
(generate_subkeypair): Likewise.

--

GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-29 11:56:02 +09:00
NIIBE Yutaka
02d7bb819f g10: check_pin_for_key_operation should be just before genkey.
* g10/card-util.c (generate_card_keys): Check PIN later.
(card_generate_subkey): Likewise.

--

Changing key attribute resets PIN authentication status.  So, CHECKPIN
should be after that, before key generation.  Note that CHECKPIN is
done for binding signature.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-29 10:48:37 +09:00
NIIBE Yutaka
e610d51f0d g10: Change ask_curve so that it can be used outside.
* g10/call-agent.h (struct key_attr): New.
* g10/keygen.c (ask_curve): Return const char *.  No allocation.
(quick_generate_keypair): Follow the change.
(generate_keypair, generate_subkeypair): Likewise.
(parse_algo_usage_expire): Return const char *.

--

This change is intended for using ask_curve from card-util.c.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-28 18:44:45 +09:00
NIIBE Yutaka
96918346be agent,scd: Use pointer to represent HANDLE.
* agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
* scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-27 16:24:17 +09:00
Werner Koch
02dce8c0cc
agent: Make the request origin a part of the cache items.
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.

* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto.  Take RESTRICTED into account.
(agent_get_cache): Ditto.
--

If requests are coming from different sources they should not share the
same cache.  This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.

GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-27 08:40:58 +02:00
Werner Koch
eb68c2d3d1
gpg: Auto-fix a broken trustdb with just the version record.
* g10/tdbio.c (get_trusthashrec): Create hashtable on error.

GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 18:20:16 +02:00
Werner Koch
a750ebebf3
gpg: Pass CTRL arg to get_trusthashrec.
* g10/tdbio.c (get_trusthashrec): Add arg CTRL.
(tdbio_search_trust_byfpr): Ditto.
(tdbio_search_trust_bypk): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 18:06:43 +02:00
Werner Koch
403aa70c52
gpg: Return better error codes in case of a too short trustdb.
* g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
(tdbio_new_recnum): Never return on error.
(lookup_hashtable): Print a more descriptive error in case of !TABLE.
--

Also: tdbio_new_recnum had a bug in that it returned an error code and
not a record number in the error case.  The function is expected to
always return a valid new record number.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 17:55:03 +02:00
Werner Koch
456a3a8e93
gpg: Fix trustdb updates without lock held.
* g10/tdbio.c (is_locked): Turn into a counter.
(take_write_lock, release_write_lock): Implement recursive locks.
--

On trustdb creation we have this call sequence:

  init_trustdb                 -> takes lock
    tdbio_set_dbname
      create_version_record
       tdbio_write_record
         put_record_into_cache -> takes lock
         put_record_into_cache -> releases lock
  init_trustdb                 -> releases lock

The second take lock does noting but the first release lock has
already released the lock and the second release lock is a thus a NOP.
This is likely the cause for the corrupted trustdb as reported in

GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 16:57:04 +02:00
Werner Koch
5f00531463
gpg: Disable unused code parts in tdbio.c
* g10/tdbio.c (in_transaction): Comment this var.
(put_record_into_cache): Comment the transaction code.
(tdbio_sync): Ditto

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 16:26:46 +02:00
Werner Koch
137644c9cb
sm: Add OPTION request-origin.
* sm/server.c: Include shareddefs.h.
(option_handler): Add option.
--

This is required when running gpgsm in server mode as done by GPGME.
Noet that a command line option takes precedence.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 15:07:56 +01:00
Werner Koch
2cd35df5db
gpg,sm: New option --request-origin.
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
Werner Koch
05c55ee260
agent: New OPTION pretend-request-origin
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--

This allows to pretend that a request originated from the extra or
browser socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 08:37:14 +01:00
NIIBE Yutaka
5400a5bb77 build: Fix the manual source field.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-23 15:16:16 +09:00
Werner Koch
165bc38cef
gpg: Implement --dry-run for --passwd.
* g10/keyedit.c (change_passphrase): Take care of --dry-run.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-22 10:23:35 +01:00
NIIBE Yutaka
0152ba7c98 scd: Support KDF DO setup.
* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
* g10/card-util.c (gen_kdf_data, kdf_setup): New.
(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
* scd/app-openpgp.c (do_getattr): Emit KDF capability.

--

GnuPG-bug-id: 3823
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-22 15:50:31 +09:00
Werner Koch
34ec012561
doc: Typo fix in comment.
--
2018-03-21 19:45:31 +01:00
Werner Koch
983f7b2acb
gpg: Fix out-of-bound read in subpacket enumeration
* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
the type octet.  Print diagnostic.
--

If the final subpacket has only a length header evaluating to zero and
missing the type octet, a read could happen right behind the buffer.
Valgrind detected this.  Fix is obvious.  Note that the further
parsing of the subpacket is still okay because it always checks the
length.  Note further that --list-packets uses a different code path
and already reported an error.

Reported-by: Philippe Antoine

He provided a test file copied below.  Running "gpg -v --verify" on it
triggered the bug.

-----BEGIN PGP ARMORED FILE-----
Comment: Use "gpg --dearmor" for unpacking

kA0DAAoBov87N383R0QBrQJhYgZsb2wucHlaqTVWYnl0ZXMgPSBbMHg1LCAweDY0
LCAweDRjLCAweGM0LCAweDMsIDB4MCwgMHg0LCAweDAsIDB4YWMsIDB4YSwgMHhj
MSwgMHhjMSwgMHgyLCAweDEsIDB4MiwgMHg3LCAweDQwLCAweDIsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDJkLCAweGRkLCAweDIs
IDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4NzcsIDB4ODcsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHg3NywgMHg4NywgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4Miwg
MHgyLCAweDIsIDB4MiwgMHgyLCAweDc3LCAweDg3LCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MCwgMHhhZF0KCmZvciBpIGluIHJhbmdlKGxl
bihieXRlcykpOgogICAgaWYgaSUxNiA9PSAwOgogICAgICAgIHByaW50CiAgICAg
ICAgcHJpbnQgIiUwNngiICUgaSwKICAgIHByaW50ICIlMDJ4ICIgJSBieXRlc1tp
XSwKiQJNBAABCgAeFiEEU+Y3aLjDLA3x+9Epov87N383R0QFAlqpNVYAAAoJEKL/
Ozd/N0dElccP/jBAcFHyeMl7kop71Q7/5NPu3DNULmdUzOZPle8PVjNURT4PSELF
qpJ8bd9PAsO4ZkUGwssY4Kfb1iG5cR/a8ADknNd0Cj9/QA2KMVNmgYtReuttAjvn
hQRm2VY0tvDCVAPI/z8OnV/NpOcbk8kSwE+shLsP7EwqL5MJNMXKqzm1uRxGNYxr
8TNuECo3DO64O2NZLkMDXqq6lg+lSxvDtXKxzKXgVC+GMtOE56lDwxWLqr39f9Ae
Pn0q2fVBKhJfpUODeEbYSYUp2hhmMUIJL/ths9MvyRZ9Z/bHCseFPT58Pgx6g+MP
q+iHnVZEIVb38XG+rTYW9hvctkRZP/azhpa7eO8JAZuFNeBGr4IGapwzFPvQSF4B
wBXBu0+PPrV9VJVe98P4nw2xcuJmkn6mgZhRVYSqDIhY64bSTgQxb/pdtGwrTjtL
WoUKVI+joLRPnDmwexH9+QJCB+uA6RsN/LqsQfDseyr40Z6dHJRqWGgP3ll6iZgw
WF768uiIDJD8d4fegVnkpcH98Hm0I/dKsMR1MGV/sBxYC8mAOcOWwSPNGDqPlwwR
eWPdr1O6CoYEWwiZMicSe0b5TsjB5nkAWMy7c9RyhtMJzCQ/hFpycpj0A0Zs+OGa
eJQMZZV0s8AQZ04JzoX0zRpe0RcTyJn3Tr6QGbVi9tr+QdKHFuDMUqoX
=qYZP
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-21 19:43:33 +01:00
NIIBE Yutaka
11bbd99477 scd: signal mask should be set just after npth_init.
* scd/scdaemon.c (setup_signal_mask): New.
(main): Call setup_signal_mask.
(handle_connections): Remove signal mask setup.

--

For new thread, signal mask is inherited by thread creation.
Thus, it is best to setup signal mask just after npth_init.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-19 16:36:30 +09:00
NIIBE Yutaka
2c85e202bc scd: Better user interaction for factory-reset.
* g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
Connect the card again at the last step.

--

Before the change, a user has to quit the session to continue.  Now,
it is possible to type RET in the session and see if it's really done.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-16 11:27:33 +09:00
NIIBE Yutaka
fd23a0524d scd: Fix suspend/resume handling for CCID driver.
* scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
to see if it's suspend/resume.

--

Upon suspend/resume, LIBUSB_TRANSFER_NO_DEVICE is returned, since all
URBs are cancelled.  We need to see if it's real NODEV error or its by
suspend/resume.  We can distinguish by sending URB again.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-15 23:59:22 +09:00
NIIBE Yutaka
c84bae69e9 scd: After fatal error, shutdown a reader.
* scd/apdu.c (pcsc_send_apdu): Notify main loop after
fatal errors.

--

GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-13 12:53:49 +09:00
NIIBE Yutaka
71e5282c25 scd: Fix for GNU/Linux suspend/resume.
* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.

--

Normally SIGCONT or SIGUSR2 works for unblocking pselect.  But on my
machine with GNU/Linux, when a machine is suspend/resume-ed, pselect
keeps blocked, while signal itself is delivered.

It's better to use pipe.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-13 12:05:57 +09:00
NIIBE Yutaka
655f0b9ad0 scd: Fix typo in previous commit.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-12 10:17:05 +09:00
NIIBE Yutaka
1e27c0e04c scd: More fix with PC/SC for Windows.
* scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS.
Add debug log.

--

GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-09 08:56:50 +09:00