1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-28 11:11:32 +01:00

5043 Commits

Author SHA1 Message Date
Werner Koch
fc31d730d8 scd: Use vendor and product id macros also in apdu.c
* scd/ccid-driver.c: Move vendor and product ids to ...
* scd/ccid-driver.h: here.
* scd/apdu.c (CCID_DRIVER_INCLUDE_USB_IDS): Define to include ids.
(pcsc_vendor_specific_init): Use vendor and product id macros.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 09:28:17 +02:00
NIIBE Yutaka
95a3bffeaf scd: PC/SC pinpad input improvement.
* scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
PINPAD_VERLEN_SUPPORTED.
(CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
PCSCv2_PART10_PROPERTY_*): New.
(new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
(pcsc_vendor_specific_init): New.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
pcsc_vendor_specific_init.
(check_pcsc_pinpad): Not detect here but use the result of
pcsc_vendor_specific_init.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.

--

Signed-off-by: NIIBE Yutaka

--
2013-08-30 11:06:50 +09:00
Jonas Borgström
cc67918c08 scd: add support for RSA_CRT and RSA_CRT_N key import.
* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.

--

Updates of original patch by wk:

  -      unsigned char *rsa_u, *rsa_dp, rsa_dq;
  +      unsigned char *rsa_u, *rsa_dp, *rsa_dq;

and AUTHORS.  Missing signed-off-by assumed due to DCO send the other
day.
2013-08-29 17:53:14 +02:00
Werner Koch
3adfaa9bee kbx: Add a few macros for easier readability.
* kbx/keybox-update.c (FILECOPY_INSERT)
(FILECOPY_DELETE, FILECOPY_UPDATE): New macros.  Replace numbers by
them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-29 17:39:35 +02:00
Werner Koch
fdbf76eee6 Fix commit 04e2c83f.
* agent/command-ssh.c (stream_read_string): Do not assign to a NULL
ptr.
2013-08-28 17:58:43 +02:00
Werner Koch
780ba32336 gpg: Make decryption with the OpenPGP card work.
* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt):  Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--

Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available.  Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 17:40:32 +02:00
Werner Koch
04e2c83f18 agent: Fix two compiler warnings.
* agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu
in format string.
* scd/ccid-driver.c (ccid_get_atr): Ditto.
* agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to
avoid maybe_unitialized warning.
--

Actually the first one might have been a problem on big endian
machines.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 13:04:31 +02:00
NIIBE Yutaka
b6d54f1196 scd: fix parsing login-data DO.
* scd/app-openpgp.c (parse_login_data): Release RELPTR.  Fix parsing.

--

Signed-off-by: NIIBE Yutaka
2013-08-27 10:23:09 +09:00
NIIBE Yutaka
54cbab29c7 scd: fix Vega for Alpha reader.
* scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
and size of command.

--

Signed-off-by: NIIBE Yutaka
2013-08-27 10:15:46 +09:00
Werner Koch
5c5e52df4b scd: Make SPRx32 pinpad work with PC/SC on Windows.
* scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
(SCARD_CTL_CODE): Define if not defined.
(reader_table_s): Add is_spr532.
(new_reader_slot): Clear it.
(check_pcsc_pinpad): Set it.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-21 16:45:48 +02:00
Werner Koch
7bde2bf3b0 scd: Improve --enable-pinpad-varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Add
enable-pinpad-varlen.
* scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-21 15:45:07 +02:00
Werner Koch
50c98c7ed6 agent: Extend cmd KEYINFO to return data from sshcontrol.
* agent/command-ssh.c (struct control_file_s): Rename to
ssh_control_file_s.
(ssh_open_control_file, ssh_close_control_file)
(ssh_read_control_file, ssh_search_control_file): New.
(control_file_t):  Rename and move to ...
* agent/agent.h (ssh_control_file_t): here.
* agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
and confirm. Rename unknown keytype indicator from '-' to 'X'.  Extend
output.
(cmd_keyinfo): Add options --ssh-list and --with-ssh.
--

This extension allows the development of frontends to manage the
sshcontrol file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-08 21:22:38 +02:00
Werner Koch
498b9a95dc gpg: No need to create a trustdb when encrypting with --always-trust.
* g10/gpg.c (main): Special case setup_trustdb for --encrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-02 09:10:17 +02:00
Werner Koch
ca6fe88c00 w32: Fix recent patch 9ff72e4.
* common/homedir.c (check_portable_app): Fix the name of the control
file.
2013-08-01 19:54:11 +02:00
Werner Koch
ef6a6d973c agent: Include missing prototype.
* agent/protect.c: Include cvt-openpgp.h.
2013-08-01 11:32:05 +02:00
Werner Koch
9ff72e4e7e w32: Add code to support a portable use of GnuPG.
* common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
(check_portable_app) [W32]: New.
(standard_homedir, default_homedir) [W32]: Support the portable flag.
(w32_rootdir, w32_commondir) [W32]: Ditto.
(gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto.
* common/logging.h (JNLIB_LOG_NO_REGISTRY): New.
* common/logging.c (no_registry): New variable.
(log_set_prefix, log_get_prefix): Set/get that variable.
(do_logv): Do not check the registry if that variable is set.
--

Beware: This code has not been tested because it is not yet possible
to build GnuPG 2.1 for Windows.  However, the code will be the base
for an implementation in 2.0.

A portable use of GnuPG under Windows means that GnuPG uses a home
directory depending on the location of the actual binary.  No registry
variables are considered.  The portable mode is enabled if in the
installation directory of the the binary "gpgconf.exe" and a
file "gpgconf.ctl" are found.  The latter file is empty or consists
only of empty or '#' comment lines.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-01 11:20:48 +02:00
Werner Koch
db4651734f Silence compiler warning about deprecated Libgcrypt symbols
* configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
--

Some gcc versions emit deprecated warning for such flagged Libgcrypt
symbols; even if they are not used.
2013-08-01 11:06:22 +02:00
Werner Koch
6ce54a18c2 w32: Change autogen.sh to use npth.
--
2013-08-01 11:03:24 +02:00
Werner Koch
ef2e2e5402 dirmngr: Define missing LDAP constant
* dirmngr/ldap-url.c (LDAP_SCOPE_DEFAULT): Define if missing.
2013-08-01 11:02:03 +02:00
Werner Koch
25b0357bf0 scd: Fix a syntax error for Apple and Windows.
* scd/apdu.c (pcsc_dword_t) [W32]: Fix syntax error.
2013-08-01 11:01:01 +02:00
Werner Koch
ffa7472db5 common: Fix a build error when using adns.
* common/dns-cert.c (get_dns_cert) [USE_ADNS]: Fix synatx error.
--

(fixes commit 31f548a18aed729c05ea367f2d8a8104480430d5)

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-01 10:30:27 +02:00
Werner Koch
f101f34fff common: Comment out unused code.
* common/w32-reg.c (write_w32_registry_string): Comment out.
2013-07-31 16:25:41 +02:00
Werner Koch
2830fcb83c dirmngr: Remove unused file.
* dirmngr/get-path.c: Remove.
2013-07-31 16:14:00 +02:00
Werner Koch
f254497e09 sm: Remove cruft from source files.
* sm/keydb.c, sm/keydb.h: Remove disabled code parts.
2013-06-27 11:40:12 +02:00
Werner Koch
82c25e67a1 Modernize two format string file name quotes.
--
2013-06-27 09:28:43 +02:00
Werner Koch
043e2728c8 Prepare for newer automake versions.
* configure.ac (AM_INIT_AUTOMAKE): Replace 2 argument form by the
option form.  Add options from the top Makefile.
(AM_CONFIG_HEADER): Rename to AC_CONFIG_HEADER.
* Makefile.am (AUTOMAKE_OPTIONS): Remove.

* kbx/Makefile.am: Remove INCLUDES.  Include cmacros.am.  FActor some
AM_CPPFLAGS options to  AM_CFLAGS.
2013-06-27 09:27:32 +02:00
Werner Koch
95d496cb7a Update AUTHORS.
--
2013-06-26 23:37:40 +02:00
Werner Koch
136f190a2f Fix Makefile regression.
* agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong
resolve conflict 2013-04-25.
(gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps
(gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags.
--

This fixes 88e24341e57c96e31a25e92e09d67989e64cc1c1.  Thanks to
Christian Aistleitner for pinpointing this bug.  Am sorry for accusing
automake to have introduced this bug; I should have washed my own eyes.

GnuPG-bug-id: 1511
2013-06-26 23:23:18 +02:00
Werner Koch
7777e68d04 Implement unattended OpenPGP secret key import.
* agent/command.c (cmd_import_key): Add option --unattended.
* agent/cvt-openpgp.c (convert_transfer_key): New.
(do_unprotect): Factor some code out to ...
(prepare_unprotect): new function.
(convert_from_openpgp): Factor all code out to ...
(convert_from_openpgp_main): this.  Add arg 'passphrase'.  Implement
openpgp-native protection modes.
(convert_from_openpgp_native): New.
* agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion
* agent/protect-tool.c (convert_from_openpgp_native): Ditto.
* agent/protect.c (agent_unprotect): Add arg CTRL.  Adjust all
callers.  Support openpgp-native protection.
* g10/call-agent.c (agent_import_key): Add arg 'unattended'.
* g10/import.c (transfer_secret_keys): Use unattended in batch mode.
--

With the gpg-agent taking care of the secret keys, the user needs to
migrate existing keys from secring.gpg to the agent.  This and also
the standard import of secret keys required the user to unprotect the
secret keys first, so that gpg-agent was able to re-protected them
using its own scheme.  With many secret keys this is quite some
usability hurdle.  In particular if a passphrase is not instantly
available.

To make this migration smoother, this patch implements an unattended
key import/migration which delays the conversion to the gpg-agent
format until the key is actually used.  For example:

   gpg2 --batch --import mysecretkey.gpg

works without any user interaction due to the use of --batch.  Now if
a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent
has to ask for the passphrase anyway, converts the key from the
openpgp format to the internal format, signs, re-encrypts the key and
tries to store it in the gpg-agent format to the disk.  The next time,
the internal format of the key is used.

This patch has only been tested with the old demo keys, more tests
with other protection formats and no protection are needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 10:14:57 +02:00
Werner Koch
cb6a64bb78 New debug functions log_printcanon and log_printsexp.
* common/sexputil.c (sexp_to_string, canon_sexp_to_string): New.
(log_printcanon, log_printsexp): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 09:56:45 +02:00
Werner Koch
0f0e0559f9 agent: Fix length detection of canonical formatted openpgp keys.
* agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to
gcry_sexp_canon_len.
--

We used to pass KEYLEN to the gcry_sexp_canon_len for no good reason:
convert_from_openpgp is guaranteed to return a valid canonical
S-expression and KEYLEN would thus act only as an upper limit.  This
is not a problem because usually the original input key is longer than
the returned unprotected key.  A future patch may change this
assertion and thus we better fix this bug now.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 09:56:30 +02:00
Werner Koch
f2d8a14e1b agent: New option --disable-check-own-socket.
* agent/gpg-agent.c (oDisableCheckOwnSocket): New.
(disable_check_own_socket): New.
(parse_rereadable_options): Set new option.
(check_own_socket): Implement new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 09:56:05 +02:00
Werner Koch
88e24341e5 w32: Add icons and version information.
* common/gnupg.ico: New.  Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit 049b3d9ca0285d15c00c215ac9b533c994196ca4)

Solved conflicts in:

	agent/Makefile.am
	common/Makefile.am
	g10/Makefile.am
	scd/Makefile.am
	sm/Makefile.am
	tools/Makefile.am
2013-05-07 21:35:48 +02:00
Ian Abbott
2c3fc4719b doc: fix some Texinfo warnings.
* doc/gpg.texi: Fix syntax and add missing menu entries.
* doc/gpgsm.texi: Fix subsectioning.
--

These five patches fix some warnings from Texinfo 5 by adding some
missing nodes and changing some sections to subsections, and moving an
'@end ifset' to the start of a line.  I also noticed the 'Deprecated
options' subsection didn't appear in the GPG options menu, so I added
it.  (Texinfo never warned about it because it was after the last node
in the menu.)

1) doc/gpg.texi: move '@end ifset' to start of line
2) doc/gpg.texi: Add missing node for 'Compliance options' section.
3) doc/gpg.texi: add node for 'Deprecated options' subsection.
4) doc/gpg.texi: make 'Unattended key generation' a subsection
5) doc/gpgsm.texi: fix subsectioning for Unattended Usage

(all 5 merged into one patch by wk)

(cherry picked from commit 4d67f59a336bfa0ff19fc23209940724196fd886)

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-07 21:25:27 +02:00
Werner Koch
151b78cc26 Fix potential heap corruption in "gpg -v --version".
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>

(cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1)

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-22 20:43:27 +02:00
Werner Koch
d6798d261c gpgsm: Remove non-implemented commands from --help.
* sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric,
--send-keys, and --recv-keys.

--

GnuPG-bug-id: 1064
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-19 17:55:44 +02:00
Daiki Ueno
e498180d56 Make sure to call fflush if estream_t is backed with stdio
* common/estream.c (es_func_fp_write): Call fflush after fwrite.
2013-04-19 12:16:56 +02:00
Werner Koch
ff6115227a doc: Formatting fixes.
* doc/Makefile.am (.fig.jpg): Correct to use -L jpeg.
* doc/gpg.texi: Fix cross reference for --options.
* doc/gpgsm.texi: Likewise.
* doc/gpl.texi: Fix enumerate and re-indent examples.
--

Reported-by: Ian Abbott
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-19 12:01:22 +02:00
Werner Koch
96fc29950a Add missing file.
--
2013-04-17 11:26:27 +02:00
Werner Koch
e1f7f61d1e Fix doc for the Expire-Date key generation parameter.
--
2013-04-04 14:26:39 +02:00
NIIBE Yutaka
021767d8aa scd: move SCDaemon to libexecdir.
* common/homedir.c (gnupg_module_name): It's now libexecdir.
* scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
(bin_PROGRAMS): Remove scdaemon.
2013-04-01 12:03:32 +09:00
Werner Koch
07227279c4 copyright assignments are not anymore required. 2013-03-29 09:13:05 +01:00
NIIBE Yutaka
64b1a2cf6f scd: PC/SC status fix.
* scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when
PCSC_STATE_PRESENT.

* scd/pcsc-wrapper.c (handle_status): Ditto.
2013-03-26 12:49:03 +09:00
NIIBE Yutaka
b9aceaa442 scd: PC/SC cleanup (more).
* scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use
pcsc_dword_t.
2013-03-26 09:03:55 +09:00
NIIBE Yutaka
1062893832 scd: call update_card_removed only when detecting removal.
* scd/command.c (update_reader_status_file): Add condition
vr->status == 0.

--

To reproduce the bug: (1) insert card,
  (2) run "gpg2 --card-status",
  (3) remove card, (4) invoke "gpg2 --card-edit",
  (5) invoke some command like "verify"
The last step fails (but with no error message to user).
2013-03-26 08:57:22 +09:00
NIIBE Yutaka
ee95c23fcd scd: PC/SC cleanup.
* scd/apdu.c (pcsc_dword_t): New.  It was named as DWORD (double-word)
when a word was 16-bit.
(struct reader_table_s): Fixes for types.
(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
Throughout: Fixes for types.

* scd/pcsc-wrapper.c: Likewise.

--

Problem reported for 1.4.x by the issue 1358.
2013-03-22 10:41:59 +09:00
NIIBE Yutaka
a75a08d6e3 po: Enable ja.po.
* po/LINGUAS: Enable ja.po.
2013-03-21 09:11:15 +09:00
NIIBE Yutaka
ca66f5c779 scd: change default value of pinpad maxlen.
* scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
of maxlen for pinpad input is now 15 (was: 25).

* scd/ccid-driver.c (ccid_transceive_secure): Likewise.

--

For newer PC/SC, it is better to use FEATURE_GET_TLV_PROPERTIES to get
bMaxPINSize.
2013-03-21 09:09:41 +09:00
Werner Koch
eaa6dc3a8b Merge branch 'master' into key-storage-work
--
2013-03-20 10:00:12 +01:00
Werner Koch
2739834206 Add code to allow for late memory cleanup.
* common/init.c (mem_cleanup_item_t): New.
(run_mem_cleanup): New.
(_init_common_subsystems): Add an atexit for it.
(register_mem_cleanup_func): New.

* g10/kbnode.c (cleanup_registered): New.
(release_unused_nodes): New.
(alloc_node): Call register_mem_cleanup_func.
--

It is often time consuming to figure out whether still allocated
memory at process termination is fine (e.g. a cache) or a problem.  To
help for that register_mem_cleanup_func may now be used to cleanup
such memory.  The run time of the program will be longer; if that
turns out to be a problem we can change the code to only run in
debugging mode.
2013-03-20 09:50:17 +01:00