1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

5603 Commits

Author SHA1 Message Date
Werner Koch
b280aa6423
gpg: Fix NULL de-ref for ambiguous key check in --export-ssh-keys.
* g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
--

This change adds the expected behavior for the getkey_next function
to fix this NULL de-ref.

GnuPG-bug-id: 2212
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 10:59:13 +01:00
Werner Koch
eb9c021631
tools: Remove gpgkey2ssh.
* tools/gpgkey2ssh.c: Remove.
* tools/Makefile.am (bin_PROGRAMS): Ditto.
--

Also remove it form the docs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-09 11:28:42 +01:00
Werner Koch
b2da3951a3
gpg: Support ECDSA keys with --export-ssh-key.
* g10/export.c (key_to_sshblob): Add hack for ECDSA.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 20:37:25 +01:00
Werner Koch
4970868d8d
gpg: New command --export-ssh-key
* g10/export.c: Include membuf.h and host2net.h.
(key_to_sshblob): New.
(export_ssh_key): New.
* g10/gpg.c (aExportSshKey): New.
(opts): Add command.
(main): Implement that command.
--

GnuPG-bug-id: 2212

I have done only a few tests rights now and the ECDSA curves do not
yet work.  However ssh-keygen -l accept RSA and ed25519 keys exported
using this command.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 17:22:32 +01:00
Werner Koch
34bca9cd4b
gpg: Add an exact search flag to the PK struct.
* g10/getkey.c (merge_selfsigs_subkey): Clear exact flag.
(finish_lookup): Set exact flag.
* g10/packet.h (PKT_public_key): Add field flags.exact.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 15:16:12 +01:00
Werner Koch
2aa42baaf3
Print warnings if old daemon versions are used.
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--

We have seen too often bug reports which are due to still running old
versions of the daemons.  To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 10:33:19 +01:00
Werner Koch
4d7ac43ff7
common: New function compare_version_strings.
* common/stringhelp.c (parse_version_number): New.
(parse_version_string): New.
(compare_version_strings): New.
* common/t-stringhelp.c (test_compare_version_strings): New.
(main): Call test.  Return ERRCOUNT instead of 0.
--

The code for that function is based on code from libgcrypt.  Similar
code is in all GnuPG related libraries this function is
a candidates for inclusion in libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 08:58:21 +01:00
Werner Koch
496643291e
common: New function get_assuan_server_version.
* common/asshelp.c: Include membuf.h.
(get_assuan_server_version): New.
* g10/call-agent.c (agent_get_version): Use new function.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:42:29 +01:00
Werner Koch
833ba5faa1
common: New put_membuf_cb to replace static membuf_data_cb.
* common/membuf.c (put_membuf_cb): New.
* agent/call-scd.c (membuf_data_cb): Remove.  Change callers to use
put_membuf_cb.
* common/get-passphrase.c (membuf_data_cb): Ditto.
* g10/call-agent.c (membuf_data_cb): Ditto.
* sm/call-agent.c (membuf_data_cb): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
Werner Koch
8fd406c317
gpg: Return an error code from keygrip_from_pk.
* g10/keyid.c (keygrip_from_pk): Return an error code.
--

The error was show but the function did not return it.  This change
should improve error messages for unknown algorithms.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
8a56a38387
gpg: Avoid warnings about possible NULL deref.
* g10/getkey.c (cache_public_key): Protect deref of CE which actually
can't happen.
* g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
* g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
DB.
* g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
ERR.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
008aa6e6d4
gpg: Fix warnings about useless assignments.
* g10/armor.c (parse_hash_header): Remove duplicate var assignment.
* g10/getkey.c (cache_user_id): Ditto.
* g10/keygen.c (ask_curve): Ditto.  This also fixes a small memory
leak.

* g10/keygen.c (proc_parameter_file): Remove useless assignment or
pointer increment.
(generate_keypair): Ditto.
* g10/getkey.c (finish_lookup, lookup): Ditto.
* g10/card-util.c (change_pin): Ditto.
* g10/gpg.c (main) <aVerify>: Ditto.
* g10/import.c (import): Ditto.
(print_import_check): Ditto
* g10/keyring.c (do_copy): Ditto.
* g10/tdbio.c (tdbio_read_record): Ditto.
* g10/trustdb.c (tdb_update_ownertrust): Ditto.
(update_validity): Ditto.

* g10/server.c (cmd_passwd): Remove useless call to skip_options.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
126aebbb82
sm: Avoid warnings about useless assignments.
* sm/call-dirmngr.c (prepare_dirmngr): Remove setting of ERR.
(unhexify_fpr): Remove useless computation on N.
* sm/certchain.c (do_validate_chain): Remove clearing of RC.  Remove
useless setting of RC.
* sm/fingerprint.c (gpgsm_get_keygrip): Remove setting of RC.
* sm/gpgsm.c (build_list): Replace final stpcpy by strcpy.
* sm/keydb.c (keydb_clear_some_cert_flags): Remove clearing of RC.
* sm/server.c (cmd_getauditlog): Comment unused skip_options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
0de7d61437
kbx: Avoid warnings about useless assignments.
* kbx/keybox-dump.c (_keybox_dump_blob): Remove setting of IN_RANGE
and the last increment of P.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:15 +01:00
Werner Koch
a41638acf4
gpg: Fix DNS cert lookup returning an URL.
* g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL
param.  The old code was entirely buggy (c+p error).
--

Fixes-commit: 154f3ed2
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:15 +01:00
Daniel Kahn Gillmor
2c3e67430d Fix keystrlen to work when OPT.KEYID_FORMAT is KF_DEFAULT.
* g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset,
default to KF_SHORT.
(format_keyid): Default to KF_SHORT, not KF_0xLONG.

--
Without this fix, gpgv2 fails with:

gpgv: Ohhhh jeeee: ... this is a bug (keyid.c:342:keystrlen)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-01-06 15:05:21 +01:00
Werner Koch
c7389ae90f
gpg: Silence some regression tests.
* g10/test.c (TEST): Print diagnostics only in verbose mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:49:45 +01:00
Werner Koch
85cc7449fb
gpg: Avoid using an uninitialized SALT on premature EOF.
* g10/parse-packet.c (parse_key): Check for premature end of salt.
--

This has no security implications because an arbitrary salt could have
also been inset by an attacker.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:48:44 +01:00
Werner Koch
09accc0e3d
gpg: Silence warnings found by static analyzer.
* g10/keyedit.c (change_passphrase): Remove useless init of ANY.
(keyedit_quick_adduid): Remove useless setting of ERR.
* g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
it has been checked before the loop.
(parse_plaintext): Remove useless init of PKTLEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:45:01 +01:00
Werner Koch
7990586828
gpg: Comment on false positives by static analyzers.
--
2016-01-06 08:42:07 +01:00
Werner Koch
db82b6131d
kbx: Avoid faulty fclose in an error case.
* kbx/keybox-update.c (blob_filecopy): Do not close an uninitialized
file pointer after a failure to create a temp file.
* kbx/keybox-openpgp.c (next_packet): Remove duplicate assignment of
PKTLEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:39:08 +01:00
Werner Koch
6deafb92ab
dirmngr: Silence one regression test.
* dirmngr/t-dns-stuff.c (main): Do not print info during standard
"make check".

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:37:03 +01:00
Werner Koch
e64317c15e
common: Avoid warnings about useless assignments.
* common/b64enc.c (b64enc_finish): Remove var assignment which is not
used later.
* common/iobuf.c (file_filter): Ditto.
* common/tlv.c (do_find_tlv): Ditto.
* common/userids.c (classify_user_id): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:35:56 +01:00
Werner Koch
1fbfa1bf0a
tests: Use info and error instead of a plain echo.
* tests/openpgp/4gb-packet.test: Use error and info.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:34:14 +01:00
Werner Koch
0a00115ee2
common: Do not deref vars in tests after a fail().
* common/t-convert.c (test_bin2hex): Turn if conditions into if-else
chains to avoid accessing unchecked data.
(test_bin2hexcolon): Ditto.
* common/t-mapstrings.c (test_map_static_macro_string): Ditto.
* common/t-stringhelp.c (test_percent_escape): Ditto.
(test_make_filename_try): Ditto.
(test_make_absfilename_try): Ditto.
* common/t-timestuff.c (test_timegm): Ditto.
--

Note that these dereference only occur after failed regression tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:31:38 +01:00
Werner Koch
e70f7a54f2
gpg: Align notes about minimal keysize with actual checks.
* g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
export mode.  Improve readability.
--

GnuPG-bug-id: 2209
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-05 13:51:05 +01:00
Werner Koch
f2ecbf7454
agent: Typo fix for help text.
--
2016-01-05 13:51:04 +01:00
NIIBE Yutaka
ff3b607fc8 agent: Fix RSA verification for card.
* agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
of shadowed key.

--

Reported-by: Justus Winter
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-01-05 10:15:49 +09:00
Neal H. Walfield
575c15a090 gpg: Fix double free.
* g10/getkey.c (get_pubkeys): Fix double free.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7195b943

Note: this error is not a security problem, because this code path is
currently never executed.
2016-01-04 12:46:11 +01:00
Neal H. Walfield
bf694cbc68 Revert commit 4654384fe7a4dcee113dacf27c398b13dea5d0be.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Werner pointed out that a special error message is not needed: the
error code (as displayed by gpg_strerror) will indicate what went
wrong.
2016-01-04 12:44:14 +01:00
NIIBE Yutaka
79b51bb872 agent: IMPORT_KEY with --force option fix.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not
to check existing key.
(convert_from_openpgp): Ditto.
(convert_from_openpgp_native): Call convert_from_openpgp_main with
dontcare_exist=0.
* agent/command.c (cmd_import_key): Call with dontcare_exist=force.
2015-12-24 14:19:53 +09:00
NIIBE Yutaka
5ca57f1a69 g10: Use --force when importing key for bkuptocard.
* g10/call-agent.c (agent_import_key): Add an argument FORCE.
* g10/import.c (transfer_secret_keys): Likewise.
(import_secret_one): Call transfer_secret_keys with FORCE=0.
* g10/keyedit.c (keyedit_menu): Call with FORCE=1.
2015-12-24 14:15:58 +09:00
NIIBE Yutaka
44aee35e69 g10: Remove subcommand checkbkupkey for --key-edit.
* g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.

--

GnuPG-bug-id: 2169

It was introduced by the commit 9e834047 in 2009.  Then, we moved
private key handling to gpg-agent which broke this subcommand.

Note: This subcommand was not supported in 1.4 and 2.0.
2015-12-24 11:48:47 +09:00
NIIBE Yutaka
ee433d2b00 g10: Allow relative path for specifying the file for bkuptocard.
* g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME.
Also support tilda expansion.
2015-12-24 11:48:16 +09:00
NIIBE Yutaka
40959add1b g10: fix regression of bkuptocard subcommand in --edit-key.
* g10/keyedit.c (keyedit_menu): Call transfer_secret_keys.
* g10/import.c (transfer_secret_keys): Make it global function.
Allow stats==NULL.

--

GnuPG-bug-id: 2169
2015-12-24 09:54:23 +09:00
NIIBE Yutaka
e684c634df agent: Support --force option for IMPORT_KEY.
* agent/command.c (cmd_keywrap_key): New option --force.
2015-12-24 09:52:48 +09:00
Werner Koch
ae3e5c25ca
dirmngr: Change the Onion keyserver in the conf template.
--

I must have mixed the up during testing.  The old one is just one
keyserver and the new one is the OnionBalance hidden service.  See

  https://sks-keyservers.net/overview-of-pools.php

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 20:06:49 +01:00
Werner Koch
a9cbdcfd9c
gpg: Rename struct pubkey to pukey_s and add pubkey_t.
* g10/keydb.h (struct pubkey): Rename to pubkey_s.
(pubkey_t): New.  Change all struct pubkey_s to use this type.
* g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
--

It is common in GnuPG to use a suffix of _s for struct names.  There
is no technical need for this (actually this pattern comes from pre
ANSI C compilers which had no separate namespaces) but it avoid
surprises when reading the code.

Adding the pubkey_t type is mainly to improve font locking by using
the common suffix _t for a typedefed type.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:46:09 +01:00
Werner Koch
363ed2e892
gpg: Simplify status message code from commit b30c15bf.
* g10/keygen.c (card_write_key_to_backup_file): Simplify by using
hexfingerprint.
--

Note that the extra blank added to FPRBUF in the old code was not
needed because write_status_text_and_buffer already ensures that
there will be a space.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:46:05 +01:00
Werner Koch
04c9cddda9
gpg: Add standard free() semantic to pubkey_free.
* g10/getkey.c (pubkey_free): Check for NULL arg.
--

We don't like surprises ;-)

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:17:50 +01:00
Werner Koch
ef7b7e9160
gpg: Fix use of assert from commit dc417bf0.
* g10/keydb.c (keydb_update_keyblock): De-ref after the assert.  Use
%zu for size_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:16:02 +01:00
Werner Koch
b0c9867fb7
gpg: Do not translate debug output.
* g10/getkey.c (parse_def_secret_key): Do not make strings passed to
log_debug translatable.
--

Debug output is intended to be used along with the source or to be
send to the developers.  Thus translations are at best not helpful.
2015-12-23 15:13:21 +01:00
NIIBE Yutaka
aecf1a3c57 scd: Fix commit b30c15bf (again).
* g10/keygen.c (do_generate_keypair): Clear the variable S.

--

GnuPG-bug-id: 2201
2015-12-23 16:55:00 +09:00
Neal H. Walfield
5c759924fb gpg: Fix type.
* g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:07:51 +01:00
Neal H. Walfield
4654384fe7 gpg: Fix error message.
* g10/getkey.c (parse_def_secret_key): Fix error message.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:57 +01:00
Neal H. Walfield
7195b94345 gpg: Don't check for ambiguous keys.
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here.  Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here.  Update users.  Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc

This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks.  The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic.  Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality.  Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
2015-12-22 15:03:56 +01:00
Neal H. Walfield
dc52995d85 gpg: Lazily evaluate --default-key.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:54 +01:00
Neal H. Walfield
ffe0b7a6dd gpg: Remove unused parameter.
* g10/pkclist.c (build_pk_list): Remove parameter use, which is always
called set to PUBKEY_USAGE_ENC.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:53 +01:00
Neal H. Walfield
4103850c2e gpg: Improve check for ambiguous keys.
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
encryption-only keys when a signing key is needed and vice-versa.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:52 +01:00
Neal H. Walfield
dc417bf0c5 gpg: Fix TOCTTOU when updating keyblocks.
* g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
current offset.  After taking the lock, extract the fingerprint from
the keyblock, find it and then replace it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2193

Between locating the record to update and actually updating the
keyblock, it is possible that another process modifies the keyring,
which causes the update to corrupt the keyring.  This is due to a time
of check to time of use bug.  The fix is straightforward: both
operations must be done while holding the lock.  This changes the
semantics of the function slightly, but no callers need to be
modified.  Further, it now becomes impossible to replace key A with B;
this function will only ever update B.
2015-12-22 15:03:51 +01:00