1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

8372 Commits

Author SHA1 Message Date
Werner Koch
b304c006a3
scd: Take the card look while running app->with_keygrip.
* scd/app.c (app_do_with_keygrip): Lock the card.
--

Better safe than sorry.

We should also review the card reference counting to see whether we
better ref the returned card object already here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 14:51:55 +02:00
Werner Koch
0400a4eb17
scd: Take the lock earlier in the function dispatchers.
* scd/app.c: Chnage all function dispatcher.
--

This change will allow us to easier integrate an app swithcing logic.
The change should have no user visible effect.  The error checking we
do now with the card locked will rarely be asserted.  It is the
correct thing to do anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 14:01:06 +02:00
Werner Koch
1b78e4951e
scd: Add code to check whether app switching is possible.
* scd/app.c (check_conflict): Fold into ...
(check_application_conflict): this and adjust callers.  Return a
different error code if it is possible to switch apps.
--

Right now this change does nothing visible.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:44:25 +02:00
Werner Koch
91e2931caa
scd: Track the currently selected app.
* scd/scdaemon.h (struct server_control_s): Add 'current_apptype'.
* scd/command.c (scd_clear_current_app): New.
* scd/app.c (app_new_register): Set it.
(deallocate_card): Clear it.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:42:59 +02:00
Werner Koch
43dcf93407
scd: Simplify inclusion of app-common.h.
* scd/scdaemon.h: Include app-common.h.  Remove inclusion of that
header from all other files.
(card_t, app_t): Move typedef to ...
* scd/app-common.h: here.  Use them in the defs.
--

In another patch we will need apptype_t in the ctrl object and thus we
need to reorganize things a bit now.  Given that most files need
app-common anyway it makes sense to always include it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:42:59 +02:00
Werner Koch
4256e9f0f1
gpg: Very minor code cleanup.
* g10/decrypt-data.c (decrypt_data): Remove superfluous test.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:42:59 +02:00
Werner Koch
9551275857
scd: Use enums for cardtype and apptype.
* scd/app-common.h (cardtype_t): New.
(apptype_t): New.
(struct card_ctx_s): Change type of cardtype.
(struct app_ctx_s): Change type of apptype.  Adjust all users.
* scd/app.c (struct app_priority_list_s): Add field apptype.
(strcardtype): New.  Use as needed.
(strapptype): New.  Use as needed.
--

Using strcmp is lame and we can't use a switch to let the compiler
complain about missed cases.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:42:58 +02:00
NIIBE Yutaka
0ccb5ddef1 po: Update Japanese Translation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-20 15:11:20 +09:00
NIIBE Yutaka
d5287f43fd tools: Fix error handling for gpg-pair-tool.
* tools/gpg-pair-tool.c (read_message): Initialize ERR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-20 11:29:27 +09:00
Werner Koch
5a5288d051
scd: Split data structures into app and card related objects.
* scd/app-common.h (struct card_ctx_s): New.
(struct app_ctx_s): Factor card specific fields out to card_ctx_s.
(app_get_slot): New.
* scd/scdaemon.h (card_t): New.
(struct server_control_s): Rename field app_ctx to card_ctx and change
all users.
* scd/app-dinsig.c: Use app_get_slot and adjust for chang in card
related fields.
* scd/app-geldkarte.c: Ditto.
* scd/app-nks.c: Ditto.
* scd/app-openpgp.c: Ditto.
* scd/app-p15.c: Ditto.
* scd/app-sc-hsm.c: Ditto.
* scd/app.c: Lost of changes to adjust for the changed data
structures.  Change all callers.
(app_list_lock): Rename to card_list_lock.
(app_top): Remove.
(card_top): New.
(lock_app): Rename to lock_card and change arg type.
(unlock_app): Rename to unlock_card.
(app_dump_state): Print card and app info.
(app_reset): Rename to card_reset.
(app_new_register): Change for the new data structure.
(deallocate_card): Dealloc card and all apps.
(app_ref): Rename to card_ref.
(app_unref): Rename to card_unref.
(app_unref_locked): Rename to card_unref_locked.
(card_get_serialno): New.
* scd/command.c (cmd_pkdecrypt): Actually use the looked up card and
former app object and not the standard one from the context.
--

Although quite large, this is a straightforward change to separate
card/token related data from card application related data.  Before
this change there was a one-to-one relation between card and
application and no way to represent several applications on a card.
The new data structure will allow for such a representation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-19 08:50:40 +02:00
NIIBE Yutaka
c3dd53a65d scd: KEYINFO: Send LF for --data.
* scd/command.c (send_keyinfo): Send LF for --data.

--

Fixes-commit: 01730529f2
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-18 10:13:40 +09:00
Werner Koch
e900bf2973
scd:piv: Add the do_with_keygrip feature.
* scd/app-piv.c (do_with_keygrip): New.
(app_select_piv): Register function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-17 18:04:36 +02:00
Werner Koch
c594dcfc93
scd: Add explict functions for 'app' reference counting.
* scd/app.c (app_ref): New.
(app_unref): New.
(release_application): Renamed to ...
(app_unref_locked): this and remove arg locked_already.  Change
callers to use this or app_ref.
* scd/command.c (open_card_with_request):
(cmd_pksign, cmd_pkauth, cmd_pkdecrypt): Use app_ref and app_unref
instead of accessing the counter directly.
--

This is better in case we need to debug stuff.  There is a real change
however: We now lock and unlock the app before changing the reference
count.

The whole app locking business should be reviewed because we pass
pointers along without immediately bumping the refcount.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-17 16:19:22 +02:00
Werner Koch
70f7b26287
scd: Slight change to app->fnc.do_with_keygrip.
* scd/app-openpgp.c (do_with_keygrip): Return a real error code to
avoid misinterpretation of the result.  Also fix the case for a too
small buffer.
--

The only real chnage is the case for a too small buffer.  That should
in general never happen but if so we now return an error instead of
success.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-17 14:35:21 +02:00
Werner Koch
479c2775d5
scd: Use the correct gpg for the v1.0 OpenPGP card hack.
* scd/app-openpgp.c (get_public_key): Use gnupg_module_name instead of
just "gpg".
--

There is no bug report regarding this and it would be very unlikely
but we should always use the gpg belonging to our code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-17 13:56:32 +02:00
Werner Koch
6260f41318
note: previous commit 6e46862 fixes another minor doc issue fix.
--

Please use useful subjects so that there is no need to lookup what a
fix is.  A commit fix should be indicated with the keyword
"Fixes-commit: xxxxx"
2019-06-17 09:26:36 +02:00
Daniel Kahn Gillmor
6e46862abd fix up 6562de7475
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-14 16:49:27 +01:00
Daniel Kahn Gillmor
6562de7475 doc/gpgsm: explain what "policy-file" refers to.
A new user who sees "policy-file" and searches naively through the
documentation to find it again won't be able to tell what this refers
to, since "policies.txt" doesn't otherwise match the search string
"policy".  This gives them a fighting chance at finding the
documentation.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-11 08:17:06 +01:00
NIIBE Yutaka
1e9d61fb95 gpgparsemail: Die on parse error, printing errno thing.
* tools/gpgparsemail.c (parse_message): Revert the change.
* tools/rfc822parse.c (transition_to_body): Set ERRNO.
(transition_to_header, insert_header): Likewise.

--

In the comment of rfc822parse_* functions, it explicitly explained
setting ERRNO on error.  For parser errors, it may not have
appropriate ERRNO, in such a case, use ENOENT.

Fixes-commit: c13e459ffe
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-07 13:28:07 +09:00
NIIBE Yutaka
72fe8d652f scd: Bring back --card-timeout option as deprecated.
* doc/scdaemon.texi (card-timeout): Add.
* scd/scdaemon.c (main): Revert the change.

--

GnuPG-bug-id: 3383
Fixes-commit: 4262933ef6
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-06 09:55:10 +09:00
NIIBE Yutaka
c13e459ffe gpgparsemail: Die on parse error (not abort).
* tools/gpgparsemail.c (parse_message): Don't use ERRNO.
* tools/rfc822parse.c (transition_to_body): Return -1.
(transition_to_header, insert_header): Likewise.

--

GnuPG-bug-id: 1977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-06 09:32:58 +09:00
Werner Koch
9bf650db02
sm: Print a better diagnostic for encryption certificate selection.
* sm/certlist.c (gpgsm_add_to_certlist): Add diagnostic and fold two
similar branches.
--

Without this patch gpgsm printed:

 gpgsm[23045]: DBG: chan_6 <- RECIPIENT edward.tester@demo.gnupg.com
 gpgsm[23045]: certificate is not usable for encryption
 gpgsm[23045]: certificate is good

with this patch a

 gpgsm[23045]: looking for another certificate

is inserted into the log.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-04 09:24:03 +02:00
NIIBE Yutaka
537fbe13af g10: Block signals in g10_exit.
* g10/gpg.c (g10_exit): Block all signals before calling
emergency_cleanup.

--

There is a race condition here which results crash of the process.
When a signal is delivered in emergency_cleanup, it is called again.
This change fixes the problem.

GnuPG-bug-id: 2747
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 13:39:46 +09:00
NIIBE Yutaka
0076bef202 agent: Allow TERM="".
* agent/call-pinentry.c (start_pinentry): When TERM is none,
don't send OPTION ttytype to pinentry.

--

GnuPG-bug-id: 4137
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 11:35:06 +09:00
NIIBE Yutaka
3a1bb00810 agent: Add pinentry_loopback_confirm declaration.
* agent/agent.h (pinentry_loopback_confirm): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 09:59:08 +09:00
NIIBE Yutaka
4262933ef6 scd: Remove unsupported --card-timeout option.
* doc/scdaemon.texi (card-timeout): Remove.
* scd/scdaemon.c (main): Remove oCardTimeout handling.

--

There was the card-timeout option in GnuPG 2.0, but it was never
implemented correctly.  The intention of this option was to allow
sharing smartcard among multiple applications, but this didn't work
well as user's expectation (it only worked with DISCONNECT command).
This is because other parts of scdaemon assumes exclusive access.  In
GnuPG 2.1, the support of the option was removed, improving
"DISCONNECT" command always works well without this option.

GnuPG-bug-id: 3383
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 09:47:14 +09:00
NIIBE Yutaka
20acc7c022 g10,agent: Support CONFIRM for --delete-key.
* agent/call-pinentry.c (agent_get_confirmation): Add call of
pinentry_loopback_confirm.
(agent_popup_message_start): Likewise.
(agent_popup_message_stop): Return if it's loopback mode.
* agent/command.c (pinentry_loopback_confirm): New.

* g10/call-agent.c (default_inq_cb): Support "CONFIRM" inquery
when PINENTRY_MODE_LOOPBACK mode.
(confirm_status_cb): New.
(agent_delete_key): Supply confirm_status_cb to set the description
string for confirmation.

--

In the Assuan communication, we introduce new interaction:

    [gpg]                            [gpg-agent]
            --- CMD: PKDECRYPT -->
            <-- STATUS: SETDESC "..."
            <-- STATUS: SETOK "..."
            <-- STATUS: SETNOTOK "..."
            <-- INQUERY: CONFIRM 0/1 (0 for display, 1 for user query)
	    --- INQUERY-result: -->
	    <-- RESULT: ...

GnuPG-bug-id: 3465
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 09:17:21 +09:00
NIIBE Yutaka
eaf3b89d11 doc: Add a section for gpg-check-pattern.
* doc/Makefile.am: Add gpg-check-pattern.1.
* doc/tools.texi (GPG-CHECK-PATTERN): New.

--

GnuPG-bug-id: 4031
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 08:49:05 +09:00
Werner Koch
f2ac6742d4
Return better error code for some getinfo IPC commands.
* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
* g13/server.c (cmd_getinfo): Ditto.
* sm/server.c (cmd_getinfo): Ditto.
--

GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require
a later version for gnupg 2.  Thus we can switch to this more
descriptive code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-03 16:33:10 +02:00
NIIBE Yutaka
6790eaf952 agent: Add A-flag for KEYINFO output for card.
* agent/command.c (do_one_keyinfo): Add ON_CARD argument to put
A-flag.
(cmd_keyinfo): Call agent_card_keyinfo to offer additional information
if it's on card.

--

This is a modification in gpg-agent, intended for better
enum_secret_keys in gpg frontend.

GnuPG-bug-id: 4244
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-29 16:19:46 +09:00
Werner Koch
6b06fb3cc5
Add changes from 2.2 to NEWS.
--
2019-05-28 18:09:13 +02:00
Werner Koch
405f41007c
dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
r_produced_at, and r_md.  Get the hash algo from the signature and
create the context here.
(check_signature): Allow any hash algo.  Print a diagnostic if the
signature does not verify.
--

GnuPG-bug-id: 3966
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-28 12:27:53 +02:00
Werner Koch
4699e294cc
dirmngr: Improve finding OCSP cert.
* dirmngr/certcache.c (find_cert_bysubject): Add better debug output
and try to locate by keyid.
--

This chnages was suggested in
GnuPG-bug-id: 4536
but we do not have any test cases for this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-28 12:27:53 +02:00
Werner Koch
a2a9071746
agent: Make an MD encoding function more robust.
* agent/pksign.c (do_encode_md): Use ascii_tolower and avoid
uninitalized TMP in the error case.
--

This is just in case libgcrypt ever returns an algorithm name longer
than 15 bytes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-28 12:27:52 +02:00
NIIBE Yutaka
19415a2652 agent: Remove unused agent_show_message.
* agent/call-pinentry.c (agent_show_message): Remove.
* agent/genkey.c (take_this_one_anyway): Rename from
take_this_one_anyway2.  Remove a dead path calling agent_show_message.
(check_passphrase_constraints): Use take_this_one_anyway.

--

Fixes-commit: 2778c6f8f4
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-28 11:29:25 +09:00
Werner Koch
521e7d4644
sm: Avoid confusing diagnostic for the default key.
* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
callers.
(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
Change all callers.
* sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
gpgsm_cert_use_sign_p
--

GnuPG-bug-id: 4535
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-27 15:44:16 +02:00
Werner Koch
b6289af973
gpg: Fixed i18n markup of some strings.
* g10/tofu.c: Removed some translation markups which either make no
sense or are not possble.
--

Error message which are not helpful for the user but indicate a
problem of the installation or the code do not need a translation.
The translator may not understand them correctly and the use support
can't immediately locate the problem because it needs to be reverse
translated.

There is also one case where certain grammar constructs are
assumed (concatenating parts of a sentence at runtime).  Better do not
translate that than getting weird sentences.
2019-05-27 12:55:06 +02:00
Werner Koch
cc6069ac6e
gpg: Allow deletion of subkeys with --delete-[secret-]key.
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--

GnuPG-bug-id: 4457
2019-05-27 10:40:38 +02:00
NIIBE Yutaka
7158a5696d agent: Stop scdaemon after reload when disable_scdaemon.
* agent/call-scd.c (agent_card_killscd): New.
* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.

--

GnuPG-bug-id: 4326
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-23 10:15:18 +09:00
NIIBE Yutaka
265e6d6706 g10: Copy expiredate from primary key when marked expired.
* g10/getkey.c (merge_selfsigs): Update ->expiredate of subkey.

--

GnuPG-bug-id: 3343
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-23 09:40:01 +09:00
Werner Koch
4c7d63cd5b
gpg: Do not bail on an invalid packet in the local keyring.
* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
--

This is in particular useful to run --list-keys on a keyring with
corrupted packets.  The extra flush is to keep the diagnostic close to
the regular --list-key output.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-21 17:27:42 +02:00
Werner Koch
156788a43c
gpg: Do not allow creation of user ids larger than our parser allows.
* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
--

This can lead to keyring corruption becuase we expect that our parser
is abale to parse packts created by us.  Test case is

  gpg --batch --passphrase 'abc' -v  \
      --quick-gen-key $(yes 'a'| head -4000|tr -d '\n')

GnuPG-bug-id: 4532
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-21 16:25:56 +02:00
Werner Koch
126caa34bb
gpg: Unify the the use of the print_pubkey_info functions.
* g10/keylist.c (format_seckey_info): Remove.
(print_pubkey_info, print_seckey_info): Remove.
(format_key_info): New.
(print_key_info): New.
(print_key_info_log): New.
* g10/card-util.c (current_card_status): Use print_key_info and remove
the useless condition on KEYBLOCK.
* g10/delkey.c (do_delete_key): Replace print_pubkey_info and
print_seckey_info by print_key_info.
* g10/keyedit.c (menu_addrevoker): Replace print_pubkey_info by
print_key_info.
* g10/pkclist.c (do_we_trust_pre): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.  Also use print_key_info_log instead of separate
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-21 13:02:32 +02:00
NIIBE Yutaka
1eb93d9229 scd: Fix for SCARD_IO_REQUEST structure.
* scd/apdu.c (struct pcsc_io_request_s): Use pcsc_dword_t for Windows.

--

This fix is for correctness and for the future when we will support
64-bit Windows.

GnuPG-bug-id: 4454
Suggested-by: Juris Ozols
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-21 16:38:23 +09:00
NIIBE Yutaka
479f7bf31c agent: For SSH key, don't put NUL-byte at the end.
* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
the length by the second call of gcry_sexp_sprint.

--

GnuPG-bug-id: 4502
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-21 15:50:28 +09:00
Werner Koch
110a455017
gpg: Do not delete any keys if --dry-run is passed.
* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
Do not clear the ownertrust.  Do not let the agent delete the key.
--

Co-authored-by: Matheus Afonso Martins Moreira
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-20 12:31:55 +02:00
Werner Koch
386bacd974
gpg: Fix using --decrypt along with --use-embedded-filename.
* g10/options.h (opt): Add flags.dummy_outfile.
* g10/decrypt.c (decrypt_message): Set this global flag instead of the
fucntion local flag.
* g10/plaintext.c (get_output_file): Ignore opt.output if that was
used as a dummy option aslong with --use-embedded-filename.
--

The problem here was that an explicit specified --decrypt, as
meanwhile suggested, did not work with that dangerous
--use-embedded-filename.  In contrast it worked when gpg decrypted as
a side-effect of parsing the data.

GnuPG-bug-id: 4500
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-17 13:40:24 +02:00
Werner Koch
7e5847da0f
gpg: Improve the photo image viewer selection.
* g10/exec.c (w32_system): Add "!ShellExecute" special.
* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
under Windows and fallbac to 'display' and 'xdg-open' in the Unix
case.
(show_photos): Flush stdout so that the output is shown before the
image pops up.
--

For Unix this basically syncs the code with what we have in gpg 1.4.
Note that xdg-open may not be used when running as root which we
support here.

For Windows we now use ShellExecute as this seems to be preferred over
"cmd /c start"; however this does not solve the actual problem we had
in the bug report.  To solve that problem we resort to a wait
parameter which defaults to 400ms.  This works on my Windows-10
virtualized test box.  If we can figure out which simple viewers are
commonly installed on Windows we should enhance this patch to test for
them.

GnuPG-bug-id: 4334
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-17 12:47:13 +02:00
Werner Koch
6fc5df1e10
kbx: Fix an endless loop under Windows due to an incomplete fix.
* kbx/keybox-search.c (keybox_search):  We need to seek to the last
position in all cases not just when doing a NEXT.
--

This is because search from the beginning needs a keybox_search_reset.
We can only make an exception for KEYDB_SEARCH_MODE_FIRST..

Fixes-commit: 49b236af0e
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-16 13:57:04 +02:00
Werner Koch
50c2f76ae6
gpgconf: Before --launch check that the config file is fine.
* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
* tools/gpgconf.c (gpgconf_failure): Call log_flush.
--
GnuPG-bug-id: 4497
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-16 12:25:07 +02:00