1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

5761 Commits

Author SHA1 Message Date
NIIBE Yutaka
aecf1a3c57 scd: Fix commit b30c15bf (again).
* g10/keygen.c (do_generate_keypair): Clear the variable S.

--

GnuPG-bug-id: 2201
2015-12-23 16:55:00 +09:00
Neal H. Walfield
5c759924fb gpg: Fix type.
* g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:07:51 +01:00
Neal H. Walfield
4654384fe7 gpg: Fix error message.
* g10/getkey.c (parse_def_secret_key): Fix error message.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:57 +01:00
Neal H. Walfield
7195b94345 gpg: Don't check for ambiguous keys.
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here.  Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here.  Update users.  Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc

This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks.  The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic.  Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality.  Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
2015-12-22 15:03:56 +01:00
Neal H. Walfield
dc52995d85 gpg: Lazily evaluate --default-key.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:54 +01:00
Neal H. Walfield
ffe0b7a6dd gpg: Remove unused parameter.
* g10/pkclist.c (build_pk_list): Remove parameter use, which is always
called set to PUBKEY_USAGE_ENC.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:53 +01:00
Neal H. Walfield
4103850c2e gpg: Improve check for ambiguous keys.
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
encryption-only keys when a signing key is needed and vice-versa.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:52 +01:00
Neal H. Walfield
dc417bf0c5 gpg: Fix TOCTTOU when updating keyblocks.
* g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
current offset.  After taking the lock, extract the fingerprint from
the keyblock, find it and then replace it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2193

Between locating the record to update and actually updating the
keyblock, it is possible that another process modifies the keyring,
which causes the update to corrupt the keyring.  This is due to a time
of check to time of use bug.  The fix is straightforward: both
operations must be done while holding the lock.  This changes the
semantics of the function slightly, but no callers need to be
modified.  Further, it now becomes impossible to replace key A with B;
this function will only ever update B.
2015-12-22 15:03:51 +01:00
Neal H. Walfield
02eb9fc9d5 Only add the user supplied CFLAGS after running any autoconf tests.
* configure.ac: Only add the user supplied CFLAGS after running any
autoconf tests.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

If the user's CFLAGS include -Werror, then some configure tests fail.
To avoid this, we only add the user's CFLAGS after all of the
configure tests have run.
2015-12-22 15:03:50 +01:00
Neal H. Walfield
1cceba163b gpg: Suppress a warning.
* dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to
avoid a warning when ADNS is not available.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:49 +01:00
Neal H. Walfield
4143cc1c37 gpg: Remove dead code.
* kbx/keybox-defs.h (struct keybox_found_s): Remove unused fields
offset and n_packets.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:48 +01:00
Neal H. Walfield
7fe4be0416 gpg: Display the key that is invalid, not the search description.
* g10/getkey.c (parse_def_secret_key): Display the key that is
invalid, not the search description.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:48 +01:00
Neal H. Walfield
478ca6c75b gpg: Mark more options as coming from the config file (when this holds)
* g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
taken from the config file, note this.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 28311d1
2015-12-22 15:03:47 +01:00
Neal H. Walfield
ee8a8ec1cf gpg: Use enums instead of defines.
* g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
(PK_LIST_HIDDEN): Likewise.
(PK_LIST_CONFIG): Likewise.
(PK_LIST_SHIFT): Likewise.n

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Using an enum has the advantage that the symbol can be used in gdb.
2015-12-22 15:03:47 +01:00
NIIBE Yutaka
d8392299f3 po: Update Japanese translation. 2015-12-21 21:28:39 +09:00
NIIBE Yutaka
ab9a9bce77 g10: clean up of headers for card.
* g10/main.h (save_unprotected_key_to_card): Remove.
* g10/options.h (ctapi_driver, pcsc_driver, disable_ccid): Remove.
2015-12-21 20:56:29 +09:00
Werner Koch
98f9e14323
common: New file fwddecl.h.
* common/util.h (server_control_s, ctrl_t): Move to ...
* common/fwddecl.h: New file.
* common/call-gpg.h: Replace typedef by fwddecl.h.  Change include
protection macro name.
* common/Makefile.am (common_sources): Add fwddecl.h.
--

It seems some compilers do not grok a re-declaration.  Thus we factor
it out into a separate file and use the include protection macro to
protect against re-declaration.

GnuPG-bug-id: 2200
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-21 11:37:21 +01:00
Werner Koch
af142854a7
build: Add required macro for pkg-config
* configure.ac (PKG_PROG_PKG_CONFIG): New.
--

GnuPG-bug-id: 2197
2015-12-18 17:10:55 +01:00
NIIBE Yutaka
06436882c3 g10: Fix commit b30c15bf.
--

Remove the backup file g10/keygen.c.~HEAD~
2015-12-18 10:54:02 +09:00
NIIBE Yutaka
72eaff1aa6 g10: Remove deprecated internal functions.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.

--

Now, key generation is done by gpg-agent.  Asking passphrase is done
through pinentry invoked by gpg-agent.  It is done by
new internal function of card_store_key_with_backup.
2015-12-18 10:18:22 +09:00
NIIBE Yutaka
b30c15bf7c g10: Fix a regression for generating card key with backup.
* g10/main.h (receive_seckey_from_agent): Declare.
* g10/keygen.c (card_write_key_to_backup_file): New.
(card_store_key_with_backup): New.
(do_generate_keypair): Create a key on host for encryption key when
backup is requested.  Then, call card_store_key_with_backup.

--

GnuPG-bug-id: 2169
2015-12-18 10:02:38 +09:00
NIIBE Yutaka
e644aa7f59 g10: factor out a function for secret key retrieval.
* g10/export.c (receive_seckey_from_agent): New.
(do_export_stream): Use it.

--

Also fixed a memory leak of WRAPPEDKEY on a successful path of
build_packet.

In the log message, key is now by a hexgrip instead of a format by
keystr_with_sub.
2015-12-17 13:06:28 +09:00
Neal H. Walfield
fc010b6c7f gpg: When checking for ambiguous keys, ignore invalid keys.
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
disabled, revoked and expired keys (if appropriate for the provided
option).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2186
2015-12-16 14:43:20 +01:00
Werner Koch
4ffe44c587
common: Use default_errsource for call-gpg and exectool.
* common/call-gpg.c (my_error_from_syserror, my_error_from_errno): New.
Use these wrappers.
* common/exectool.c (my_error_from_syserror): New.  Use these
wrappers.
--

Function in common should use the error source of the component which
links them.  The global variable DEFAULT_ERRSOURCE is set early by
each component to make this possible.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-15 13:40:10 +01:00
Werner Koch
345ec7323d
gpg: Reduce number of strings to translate.
* g10/getkey.c (parse_def_secret_key): Do not make debug messages
translatable.  Make use of print_reported_error.
--

This patch also passes all required arguments to log_debug ;-).

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-15 13:40:10 +01:00
Werner Koch
2ea1aebc92
gpg: New function to printed a detailed error code.
* g10/misc.c (print_reported_error): New.
--

Often the user is only interested in a catch all error code like "not
found" but sometimes it is useful to also see the real reason.  By
this function this can easily be achieved.  Example:

  err = search_for_key (keyid)
  if (err)
    {
      log_info ("error locating key '%s': %s\n",
                keyid, gpg_strerror (GPG_ERR_NOT_FOUND));
      print_reported_error (err, GPG_ERR_NOT_FOUND);
    }

results in

  gpg: error locating key 'foobar': not found
  gpg: (reported error: no keyring <keybox>)

where the second line is only printed in verbose mode and if ERR is
not GPG_ERR_NOT_FOUND.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-15 13:40:10 +01:00
Neal H. Walfield
f369efd671 gpg: Improve the keyblock cache's transparency.
* kbx/keybox-search.c (keybox_seek): New function.
* g10/keydb.c (keydb_search): When reading from the cache, seek to
just after the cached record.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-15 13:09:50 +01:00
Neal H. Walfield
2e4e10c1dc gpg: Improve the keyblock cache's transparency.
* kbx/keybox-search.c (keybox_offset): New function.
* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
HD->KEYBLOCK_CACHE.OFFSET.
(keydb_search): Don't use the cached result if it comes before the
current file position.  When caching an entry, also record the
position at which it was found.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2187
2015-12-15 12:21:30 +01:00
Neal H. Walfield
0ea186db64 gpg: Use more descriptive names.
* g10/keyring.c (KR_NAME): Rename this...
(KR_RESOURCE): ... to this.  Update users.
(struct keyring_name): Rename this...
(struct keyring_resource): ... to this.  Update users.
(struct off_item): Rename this...
(struct key_present): ... to this.  Update users.
(OffsetHashTable): Rename this...
(key_present_hash_t): ... to this.  Update users.
(kr_offtbl): Rename this...
(key_present_hash): ... to this.  Update users.
(kr_offtbl_ready): Rename this...
(key_present_hash_ready): ... to this.  Update users.
(KEY_PRESENT_HASH_BUCKETS): New define.  Replace use of literals
with this.
(new_offset_item): Rename this...
(key_present_value_new): ... to this.  Update users.
(release_offset_items): Drop dead code.
(new_offset_hash_table): Rename this...
(key_present_hash_new): ... to this.  Update users.
(release_offset_hash_table): Drop dead code.
(lookup_offset_hash_table): Rename this...
(key_present_hash_lookup): ... to this.  Update users.
(update_offset_hash_table): Rename this...
(key_present_hash_update): ... to this.  Drop unused parameter off.
Update users.
(update_offset_hash_table_from_kb): Rename this...
(key_present_hash_update_from_kb): ... to this.  Drop unused parameter
off.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-15 10:45:00 +01:00
NIIBE Yutaka
4ee881bff4 sm: Handle gcry_pk_encrypt return value.
* sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt.

--

Thanks to Sami Farin.

GnuPG-bug-id: 2154
2015-12-15 12:38:25 +09:00
Werner Koch
7baca03307
common: Change license of isascii.c to all-premissive,
* common/isascii.c: Change.
--

Actually this code is too trivial to claim any copyright at all.
2015-12-14 16:21:19 +01:00
Werner Koch
7d129a7391
common: Change license of some modules to LGPLv3+/GPLv2+.
* common/status.c: Change from GPLv3 to LGPLv3+/GPLv2+.
* common/status.h: Ditto.
* common/yesno.c: Ditto.
* common/common-defs.h: Ditto.
* common/gettime.h: Ditto.
* common/keyserver.h: Ditto.
--

This is shared code and trivial enough to allow use under GPLv2+ so to
allow use by GPLv2only software.  Some of the headers are simply
adjusted to the license of their implementation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-14 16:21:19 +01:00
Werner Koch
467e18b74b
common: Change license for exectool to LGPLv3+/GPLv2+.
* common/exectool.c, common/exectool.h: Change license.

--

We always try to use this license for shared code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-14 16:21:19 +01:00
Werner Koch
d80e1bc430
common: Rename sh-exectool to exectool.
* common/sh-exectool.c: Rename to exectool.c.
* common/sh-exectool.h: Rename to exectool.h.
* common/Makefile.am (common_sources): Adjust for rename.
* common/exectool.c (sh_exec_tool_stream): Rename to
gnupg_exec-tool-stream.
(sh_exec_tool): Rename to gnupg_exec_tool.
* tools/gpgtar-create.c (gpgtar_create): Adjust for changes.
* tools/gpgtar-extract.c: Adjust for changes.
* tools/gpgtar-list.c: Adjust for changes.
--

The "sh-" presifx is used by g13 for system helpers which are used by
processes created via userv.  A generic function in common/ should
also have a generic name.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-14 16:21:19 +01:00
Damien Goutte-Gattat
f5aa51aaac gpg: Print ownertrust in TOFU+PGP trust model.
* g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
--

The key editor currently prints out the ownertrust value assigned
to a key only when using the classic or PGP trust models; but
that value is also meaningful in the recently introduced TOFU+PGP
combined model.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2015-12-14 13:09:11 +01:00
Neal H. Walfield
e573e6188d gpg: Fix --default-key checks.
* g10/getkey.c (parse_def_secret_key): Don't just check if a secret
key is available for the public key, also consider subkeys.  Also
check that the key has the signing capability, is not revoked, is not
expired and is not disabled.  Print a warning if there was a least one
value passed to --default-key and all were ignored.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e16d7168
2015-12-14 13:02:50 +01:00
NIIBE Yutaka
d40975cbe8 scd: Fix regression for generating RSA keys on card.
* scd/app-openpgp.c (do_genkey): Strip leading zeros for fingerprint
computation.

--

This bug is difficult to reproduce because the probability is 1/256,
and key generation takes long time.  The regression was introduced
when we add the support for ECC.

GnuPG-bug-id: 2150
2015-12-14 14:37:18 +09:00
Werner Koch
4d3395ef1f
gpg: Use a regular type instead of a void* for import stats.
* g10/import.c (struct stats_s): Rename to import_stats_s.  Change all
users.
* g10/main.h (import_stats_t): New.  Change fucntions to use this
instead of a void pointer.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-12 18:19:35 +01:00
Werner Koch
f0ae40b0c9
Remove replacements for libgpg-error < 1.21.
* common/util.h: Remove replacement macros for libgpg-error<1.21.
* common/types.h: Ditto.
* common/mischelp.h: Ditto.
* common/t-mapstrings.c: Include t-support.h before stringhelp.h
* common/t-stringhelp.c: Ditto.
* common/t-support.h: Always include gpg-error.h.
* kbx/keybox-search.c: Do not include stringhelp.h so that keybox-defs
comes first.
--

This patch enhances commit d6e0149 from  Dec 10.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-12 14:06:30 +01:00
Neal H. Walfield
1605e34fc3 gpg: Fix buffer overflow.
* g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Regression-due-to: 11ec478

Note: this buffer overflow will only occur if --debug=lookup is passed
to gpg and a search by fingerprint is done.
2015-12-11 14:41:34 +01:00
Justus Winter
25f0f053cd agent: Improve error handling.
* agent/pksign.c (agent_pksign_do): Improve error handling.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-11 11:21:42 +01:00
Justus Winter
b78fce3271 agent: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-11 11:21:42 +01:00
Justus Winter
d6e01493ca Fix required libgpg-error version.
* configure.ac (NEED_GPG_ERROR_VERSION): We need version 1.21 for the
poll interface.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-11 11:21:42 +01:00
Neal H. Walfield
6dc37c5fb6 gpg: Don't error out if a key occurs multiple times in the keyring.
* g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple
times in the keyring.  Instead, print a warning.  When printing out
fingerprint prints, use format_hexfingerprint to format them.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-11 11:15:37 +01:00
Daniel Hoffend
d1a97585c5 scd: Fix removal of unplugged usb readers on Windows.
* scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.

--

Signed-off-by: Daniel Hoffend <dh@dotlan.net>
GnuPG-bug-id: 2167

In Windows 8 (and later), PC/SC service only runs when reader/token is
plugged in.  After its removal, it returns PCSC_E_NO_SERVICE error.
This error should be handled as no reader.  This comment is by gniibe.
2015-12-10 11:02:16 +09:00
Justus Winter
1c8eae95a8 tests: Add some more gpgtar tests.
* tests/openpgp/gpgtar.test: Add more tests.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-07 13:05:01 +01:00
Ineiev
ee0fb42cd1
po: Update Russion translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-07 12:06:08 +01:00
Justus Winter
71726b627d dirmngr: Initialize http status code.
* dirmngr/ks-action.c (ks_action_search): Initialize 'http_status' as
it is unused if LDAP is used to search for keys.
--
This amends 6ac57a48.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-07 11:21:47 +01:00
Daiki Ueno
b5cd68852d
gpg: Write ERROR status on delete-key cancellation
* g10/delkey.c (do_delete_key): Write ERROR status code with the error
location "delete_key.secret", when the user cancelled the operation on
Pinentry.
--

I changed the original patch to emit the full gpg_error_t code. -wk
2015-12-04 16:39:10 +01:00
Justus Winter
6d64ef869d dirmngr: Stricter handling of http error codes.
* dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver
responded with a '404 Not Found'.
* dirmngr/ks-engine-hkp.c (send_request): Return http status code.
(ks_hkp_search): Likewise.
(ks_hkp_{get,put}): Adapt call to 'send_request'.
* dirmngr/ks-engine.h (ks_hkp_search): Update prototype.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 13:02:56 +01:00