* kbx/keybox-init.c (keybox_register_file): Change interface to return
the token even if the file has already been registered.
* g10/keydb.c (primary_keyring): Rename to primary_keydb.
(maybe_create_keyring_or_box): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Mark an already registered as primary.
* sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Adjust for changed keybox_register_file.
--
This change aligns the registering of keyboxes with those of
keyrings. This fixes a potential bug:
gpg --keyring foo.kbx --keyring bar.gpg --keyring foo.kbx
would have marked bar.gpg as primary resource and thus inserting new
keys there. The correct and now fixed behavior is to insert to
foo.kbx.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
I am considering some changes and thus better start off by switching
to standard GNU indentation. This patch also changes comment lines
like
if (foo)
/* Comment on foo. */
{
to
if (foo)
{ /* Comment on foo. */
or
if (foo) /* Comment on foo. */
{
to make the brace of the opening block stand out immediately.
Further stars on the left are added to longer comments because that
makes the code easier to read by disabled hackers, when reading
without font locking, and for reading black-white printouts.
--
When using tags (e.g. GNU global) to navigate the source code it is
way easier to have the documentation close to the function we are
looking at. Having the documentation in the header file would require
an extra manual lookup to understand the function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
--
This change adds the expected behavior for the getkey_next function
to fix this NULL de-ref.
GnuPG-bug-id: 2212
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/export.c: Include membuf.h and host2net.h.
(key_to_sshblob): New.
(export_ssh_key): New.
* g10/gpg.c (aExportSshKey): New.
(opts): Add command.
(main): Implement that command.
--
GnuPG-bug-id: 2212
I have done only a few tests rights now and the ECDSA curves do not
yet work. However ssh-keygen -l accept RSA and ed25519 keys exported
using this command.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--
We have seen too often bug reports which are due to still running old
versions of the daemons. To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp.c: Include membuf.h.
(get_assuan_server_version): New.
* g10/call-agent.c (agent_get_version): Use new function.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyid.c (keygrip_from_pk): Return an error code.
--
The error was show but the function did not return it. This change
should improve error messages for unknown algorithms.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL
param. The old code was entirely buggy (c+p error).
--
Fixes-commit: 154f3ed2
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset,
default to KF_SHORT.
(format_keyid): Default to KF_SHORT, not KF_0xLONG.
--
Without this fix, gpgv2 fails with:
gpgv: Ohhhh jeeee: ... this is a bug (keyid.c:342:keystrlen)
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/parse-packet.c (parse_key): Check for premature end of salt.
--
This has no security implications because an arbitrary salt could have
also been inset by an attacker.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (change_passphrase): Remove useless init of ANY.
(keyedit_quick_adduid): Remove useless setting of ERR.
* g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
it has been checked before the loop.
(parse_plaintext): Remove useless init of PKTLEN.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
export mode. Improve readability.
--
GnuPG-bug-id: 2209
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_pubkeys): Fix double free.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7195b943
Note: this error is not a security problem, because this code path is
currently never executed.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Werner pointed out that a special error message is not needed: the
error code (as displayed by gpg_strerror) will indicate what went
wrong.
* g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.
--
GnuPG-bug-id: 2169
It was introduced by the commit 9e834047 in 2009. Then, we moved
private key handling to gpg-agent which broke this subcommand.
Note: This subcommand was not supported in 1.4 and 2.0.
--
I must have mixed the up during testing. The old one is just one
keyserver and the new one is the OnionBalance hidden service. See
https://sks-keyservers.net/overview-of-pools.php
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.h (struct pubkey): Rename to pubkey_s.
(pubkey_t): New. Change all struct pubkey_s to use this type.
* g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
--
It is common in GnuPG to use a suffix of _s for struct names. There
is no technical need for this (actually this pattern comes from pre
ANSI C compilers which had no separate namespaces) but it avoid
surprises when reading the code.
Adding the pubkey_t type is mainly to improve font locking by using
the common suffix _t for a typedefed type.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (card_write_key_to_backup_file): Simplify by using
hexfingerprint.
--
Note that the extra blank added to FPRBUF in the old code was not
needed because write_status_text_and_buffer already ensures that
there will be a space.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (parse_def_secret_key): Do not make strings passed to
log_debug translatable.
--
Debug output is intended to be used along with the source or to be
send to the developers. Thus translations are at best not helpful.
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here. Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here. Update users. Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc
This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks. The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic. Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality. Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/pkclist.c (build_pk_list): Remove parameter use, which is always
called set to PUBKEY_USAGE_ENC. Update callers.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
encryption-only keys when a signing key is needed and vice-versa.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
current offset. After taking the lock, extract the fingerprint from
the keyblock, find it and then replace it.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2193
Between locating the record to update and actually updating the
keyblock, it is possible that another process modifies the keyring,
which causes the update to corrupt the keyring. This is due to a time
of check to time of use bug. The fix is straightforward: both
operations must be done while holding the lock. This changes the
semantics of the function slightly, but no callers need to be
modified. Further, it now becomes impossible to replace key A with B;
this function will only ever update B.
* g10/getkey.c (parse_def_secret_key): Display the key that is
invalid, not the search description.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
taken from the config file, note this.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 28311d1
* g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
(PK_LIST_HIDDEN): Likewise.
(PK_LIST_CONFIG): Likewise.
(PK_LIST_SHIFT): Likewise.n
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Using an enum has the advantage that the symbol can be used in gdb.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.
--
Now, key generation is done by gpg-agent. Asking passphrase is done
through pinentry invoked by gpg-agent. It is done by
new internal function of card_store_key_with_backup.