1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

8516 Commits

Author SHA1 Message Date
Werner Koch
8a6ecc6ff5
dirmngr: Tell gpg about WKD looks resulting from a cache.
* dirmngr/server.c (proc_wkd_get): Print new NOTE status
"wkd_cached_result".
* g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
verbose mode.
--

This little patch is helpful to see why a WKD change still does not
work after it has been updated on the server.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-06 20:04:56 +01:00
Werner Koch
1abb39fdaf
gpg: Use AKL for angle bracketed mail address with -r.
* g10/getkey.c (get_pubkey_byname): Extend is_mbox checking.
(get_best_pubkey_byname): Ditto.
--

With this patch it is now possible to use

  gpg -e -r '<foo@example.org>'

and auto key locate will find the key.  Without that a plain mail
address; i.e.

  gpg -e -r 'foo@example.org'

was required.

GnuPG-bug-id: 4726
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-04 14:39:42 +01:00
Werner Koch
d2ff62dbdf
gpg: Change the way v5 fingerprints are printed.
* g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): Increase by one.
* g10/keyid.c (format_hexfingerprint): Change v5 key formatting.
--

The new format are groups of 5 letters to resemble the CW speed
measurement rules.  Many hams are used to such blocks from their CW
lessons.  Note that there is no double blank in the middle as with the
v4 keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-28 12:05:32 +01:00
Werner Koch
7244666926
gpg: Implement insert, update, and delete via keyboxd.
* g10/call-keyboxd.c (struct store_parm_s): New.
(store_inq_cb): New.
(keydb_update_keyblock): Implement the keyboxd part.
(keydb_insert_keyblock): Ditto.
(keydb_delete_keyblock): Ditto.
(keydb_search_reset): Clear ubid flag.  Also use the correct union
member for building the search string.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-28 11:23:32 +01:00
Werner Koch
490e0cd0ba
kbx: Add new command DELETE.
* kbx/kbxserver.c (cmd_delete): New.
* kbx/frontend.c (kbxd_delete): New.
* kbx/backend-kbx.c (be_kbx_delete): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-28 11:19:33 +01:00
Werner Koch
915297705a
kbx: Redefine the UBID which is now the primary fingerprint.
* common/util.h (UBID_LEN): New.  Use it at all places.
* kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item.
* kbx/keybox-dump.c (print_ubib): Remove.
(_keybox_dump_blob): Do not print the now removed ubid flag.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants
for the size of the ubid and grip.
* kbx/keybox-search.c (blob_cmp_ubid): New.
(has_ubid): Make it a simple wrapper around blob_cmp_ubid.
(keybox_get_data): Add arg 'r_ubid'.

* kbx/frontend.h (enum kbxd_store_modes): New.
* kbx/kbxserver.c (cmd_store): Add new option --insert.

* kbx/backend-cache.c (be_cache_initialize): New.
(be_cache_add_resource): Call it here.
* kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'.
(be_kbx_search): Get the UBID from keybox_get_data.
* kbx/backend-support.c (be_fingerprint_from_blob): Replace by ...
(be_ubid_from_blob): new.  Change all callers.

* kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but
use the new cache init function.
(kbxd_store): Replace arg 'only_update' by 'mode'.  Seek using the
ubid.  Take care of the mode.
--

It turned out that using the hash of the entire blob was not helpful.
Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint
of the blob.  In case this is a v5 OpenPGP key a left truncated
version of the SHA-256 hash is used; in all other cases the full SHA-1
hash.  Using a SHA-256 hash does not make sense because v4 keys are
and will for some time be the majority of keys and thus padding them
with zeroes won't make any difference.  Even if fingerprint collisions
can eventually be created we will assume that the keys are bogus and
that it does not make sense to store its twin also in our key storage.
We can also easily extend the update code to detect a collision and
reject the update.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-28 11:16:13 +01:00
Werner Koch
f59455d054
dirmngr: Replace no-strict-overflow pragma by wrapv pragma.
* dirmngr/dirmngr.c (time_for_housekeeping_p): Build with --fwrapv.
Replace protecting macro.
--

I once replaced all JNLIB macros by GPGRT macros.  However, I missed
to get this right for the push pragma test and used
GPGRT_GCC_HAVE_PUSH_PRAGMA
instead of the correct
GPGRT_HAVE_PRAGMA_GCC_PUSH
Now after fixing this it turned out that no-strict-overflow is not
anymore supported as oprimize pragma and thus I replaced that too
according to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58454 .

Tested with 32 bit Windows but the real test will be in 2038.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-27 20:21:47 +01:00
Werner Koch
61f41cdce5
gpg: Move a keydb function to another file.
* g10/keydb.c (build_keyblock_image): Move to ...
* g10/build-packet.c (build_keyblock_image): here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-27 11:58:47 +01:00
Werner Koch
264c15c72f
dirmngr: Rework of the LDAP code, part 1.
* dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap.
* dirmngr/http.c (do_parse_uri): Set flag.  Do not error out for a
missing slashes in an http scheme if NO_SCHEME_CHECK is active.
* dirmngr/t-http.c (main): Print new flag.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of
checking the scheme.
* dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using
http_parse_uri.
* dirmngr/t-ldap-parse-uri.c (main): Add option --verbose.
--

This patch merely remove the separate parser for checking for an LDAP
scheme.  It is better to let our generic URI parser handle this.  Also
fixes this bug
       || url[4] == 'i' || url[4] == 'i')
to make the rarely used ldapi scheme case-insensitive.

More changes to the LDAP code are planned.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 13:09:35 +01:00
Werner Koch
1009e4e5f7
dirmngr: Make building with a TLS library mandatory
* configure.ac: Do not build dirmngr if no TLS is available.
* dirmngr/http.c: Remove all uses of the USE_TLS macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 12:02:27 +01:00
Werner Koch
8fb14d3b3f
doc: Fixed variable naming.
* kbx/keybox.h: Fix naming of arguments.
* scd/ccid-driver.c (print_error) [TEST]: Add missing break.  Note
that this is anyway an impossible case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 11:24:08 +01:00
Werner Koch
c8783b3a20
agent: Improve --debug-pinentry diagnostics
* agent/call-pinentry.c (atfork_cb): Factor code out to ...
(atfork_core): new.
--

We convey certain envvars directly via the environment to Pinentry and
thus they don't show up in the Assuan logging.  Because we better
don't call a logging function in an atfork handle, this patch splits
the code up and uses the same code to display what was done in at fork
after the connection has been established.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-25 11:39:56 +01:00
Werner Koch
c21267e1c7
doc,dirmngr: Clarify --standard-resolver.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-23 20:29:34 +01:00
Werner Koch
50cd1a58f3
wkd: Let --install-key write a template policy file.
* tools/wks-util.c (ensure_policy_file): New.
(wks_cmd_install_key): Call it.
--

GnuPG-bug-id: 4753
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-23 13:49:27 +01:00
NIIBE Yutaka
116dfb2001 po: Apply removal of dirmngr/ldap-wrapper-ce.c.
* po/POTFILES.in: Update.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-11-19 18:46:06 +09:00
Werner Koch
d9c7935188
dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--

For example a

  gpg -v --locate-external-keys dd9jn@posteo.net

now yields

  gpg: Note: server uses an invalid certificate
  gpg: (further info: bad cert for 'posteo.net': \
                      Hostname does not match the certificate)
  gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
  gpg: error reading key: Wrong name

(without -v the "further info" line is not shown).  Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses.  Anyway, this help to show the feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:26:55 +01:00
Werner Koch
ae9acb8745
dirmngr: Forward http redirect warnings to gpg.
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--

This should make it easier to diagnose problems with bad WKD servers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:24:02 +01:00
Werner Koch
5967cfcc71
dirmngr: Fixed typo in recently added diagnostic.
--
2019-11-18 18:24:01 +01:00
NIIBE Yutaka
1cb9a831f6 scd,ccid: Fix detection of supported readers with pinpad.
* scd/ccid-driver.c (ccid_transceive_secure): When not supported,
return CCID_DRIVER_ERR_NOT_SUPPORTED.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-11-15 15:46:37 +09:00
Werner Koch
12def3a84e
dirmngr: Use IPv4 or IPv6 interface only if available.
* dirmngr/dns-stuff.c (cached_inet_support): New variable.
(dns_stuff_housekeeping): New.
(check_inet_support): New.
* dirmngr/http.c (connect_server): Use only detected interfaces.
* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
--

This currently works only for Windows but that is where users really
ran into problems.  The old workaround was to configure disable-ipv4
or disable-ipv6.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-12 20:35:12 +01:00
Andre Heinecke
40daa0bc0b
dirmngr: Tune down err on missing ldapservers file
* dirmngr/dirmngr.c (parse_ldapservers_file): Tune down error
in case no such file exists.

--
This is hardly an error because by default such a file
does not exist. This caused trouble in support because
people think "Oh the system prints an error".

GnuPG-Bug-Id: T3539
2019-11-12 10:38:41 +01:00
Werner Koch
4c295646ba
dirmngr: Remove cruft from dirmngr_ldap
* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff.  Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--

Note that the ldap_sslinit stuff for Windows has not been tested.

This patch removes the whole wrapper-but-linked business because we do
not need it anymore.  WindowsCE for which we used it is pretty dead.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-11 20:49:04 +01:00
Werner Koch
dd18be979e
gpg: Forbid the creation of SHA-1 third-party key signatures.
* g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New.
(do_sign): Add arg signhints and inhibit SHA-1 signatures.  Change
callers to pass 0.
(complete_sig): Add arg signhints and pass on.
(make_keysig_packet, update_keysig_packet): Set signhints.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-11 11:41:00 +01:00
Werner Koch
eebd43d5b6
dirmngr: Rename an enum value for clarity.
* dirmngr/ldapserver.h: Rename LDAPSERVER_OPT.
--

Using _OPT is not good because it does not describe for what this
configuration group is used.  _SESSION immediately shows the purpose.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-11 09:45:01 +01:00
Werner Koch
6e1c99bc39
gpgsm: Allow sepcification of ldaps servers.
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.

* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.

* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--

There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option.  This
patch fixes this.  Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it.  For backward
compatibility we do not yet do that.

Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used.  Thus the
patch also detects an ldaps scheme and uses this.  That part has not
been tested, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-09 11:29:59 +01:00
Werner Koch
2b9d399cf0
doc: Document gpgsm's --keyserver option.
--

Also fix a few related entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 17:41:19 +01:00
Werner Koch
eae1ea6f39
doc: Improved description of status PLAINTEXT_LENGTH.
--

GnuPG-bug-id: 4741
2019-11-07 15:45:36 +01:00
Werner Koch
6701a38f8e
gpg: Fix a potential loss of key sigs during import with self-sigs-only.
* g10/import.c (import_one_real): Don't do the final clean in the
merge case.
--

This fixes a regression introduced with self-sigs-only.

GnuPG-bug-id: 4628
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 15:07:25 +01:00
Werner Koch
e624c41dba
gpg: Add option --allow-weak-key-signatures.
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 10:36:17 +01:00
Werner Koch
f4047f5605
gpg: Print rfc4880bis note only in verbose mode.
* g10/gpg.c (main): Change condition for an info diagnostic.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 09:24:38 +01:00
Werner Koch
a1f8ca7eee
doc: Make clear that by default RFC-4880bis features are used.
--
2019-11-07 09:07:30 +01:00
Werner Koch
fd88b8847a
gpg: Remove an unused variable.
* g10/delkey.c (do_delete_key): here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-06 14:47:29 +01:00
Werner Koch
584b65ad7e
gpg: Do not require --batch when using --log-file.
* g10/gpg.c (main): Remove a long standing FIXME.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-06 14:44:50 +01:00
Werner Koch
c6be407251
doc: Document the --unwrap command.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-06 14:43:34 +01:00
NIIBE Yutaka
c6702d77d9 scd,ccid: Fix GEMPC_EZIO handling.
* scd/ccid-driver.c (ccid_transceive_secure): Fix for 08e6:34c2.

Fixes-commit: c933c15d587a1c0df3f4b3bf37d8d15164dd318f
GnuPG-bug-id: 4654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-29 07:57:59 +09:00
NIIBE Yutaka
e2c2b0fb2d gpg: More fix of get_best_pubkey_byname.
* g10/getkey.c (get_best_pubkey_byname): Remove useless req_usage
setting of CTX.

Fixes-commit: f2734381ae1431e395a0bed16df2f4d5d13aa2c5
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-17 10:46:34 +09:00
NIIBE Yutaka
286d4c6075 gpg: Fix two other cases in get_best_pubkey_byname.
* g10/getkey.c (pubkey_cmp): Handle a primary key with
PUBKEY_USAGE_ENC, and make sure new key is for encryption.
(get_best_pubkey_byname): Add comment for ranking.

GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-17 09:23:26 +09:00
NIIBE Yutaka
627a990f8e doc: Fix documentation about --locate-keys.
* doc/gpg.texi (--locate-keys): Remove mentioning signing keys.

--

GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-17 08:29:46 +09:00
NIIBE Yutaka
f2734381ae gpg: Fix get_best_pubkey_byname to consider the first match.
* g10/getkey.c (get_best_pubkey_byname): Always use PK0 to search
by get_pubkey_byname.  Add initial call to pubkey_cmp to fill
BEST at first before the loop.

--

Fixes-commit: 44604209c1cfe18532d13eda63d8c1f86a6e12ec
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-16 15:58:26 +09:00
Werner Koch
d1bc12d1b6
gpg: Also delete key-binding signature when deleting a subkey.
* g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
--

GnuPG-bug-id: 4665, 4457
Fixes-commit: cc6069ac6ecd57dcbb808f28d54fd9f89dc55014
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-15 14:30:57 +02:00
NIIBE Yutaka
44604209c1 gpg: Put the first key in candidates correctly.
* g10/getkey.c (get_best_pubkey_byname): After the call of
get_pubkey_byname, set up CTX with KEYDB_SEARCH_MODE_LONG_KID to enter
the loop.

--

Fixes-commit: 7535f1d47a35e30f736f0e842844555f7a4a9841
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-15 19:18:26 +09:00
NIIBE Yutaka
c933c15d58 scd,ccid: Add 08e6:34c2 (GEMPC_EZIO).
* scd/ccid-driver.c (ccid_transceive_secure): Add pinpad support
for 08e6:34c2 which supports extended APDU exchange.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-15 09:40:01 +09:00
Werner Koch
926cccef85
doc: Fix c+p bug in the examples for --import-filter.
--

Reported-by: Steve McIntyre
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-12 12:32:43 +02:00
NIIBE Yutaka
7535f1d47a gpg: The first key should be in candidates.
* g10/getkey.c (get_best_pubkey_byname): Handle the first key
as the initial candidate for the selection.

--

GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-09 09:45:11 +09:00
Werner Koch
2b922465cb
doc: Clarify that code assignments for g10 code and me terminated.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-07 16:03:44 +02:00
Werner Koch
f4bdf8e590
kbx: Implement update for the STORE command.
* kbx/backend-kbx.c (be_kbx_update): New.
* kbx/frontend.c (kbxd_store): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-07 16:02:40 +02:00
NIIBE Yutaka
e28572116f gpg: Fix a memory leak in get_best_pubkey_byname.
* g10/getkey.c (get_best_pubkey_byname): Free the public key parts.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-07 10:41:01 +09:00
Werner Koch
7d9aad63c4
gpg: Ignore all SHA-1 signatures in 3rd party key signatures.
* g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date
and remove debug output.
--

With 2.2 we do not not support SHA-1 key signatures anymore even if
that means that the WoT shrinks.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-03 18:20:59 +02:00
Werner Koch
c4f2d9e3e1
gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
SHA-1 based signatures.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-03 17:43:26 +02:00
Werner Koch
63dbc817e7
gpg: Read the UBID from the keybox and detect wrong blob type.
* g10/keydb-private.h (struct keydb_handle_s): Add fields for UBID.
* g10/call-keyboxd.c (search_status_cb): New.
(keydb_search): Set new UBID fields.
--

The UBID is not yet used but may come handy later.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-01 20:11:54 +02:00