1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

7685 Commits

Author SHA1 Message Date
Werner Koch
922bae8082
gpg: Unifiy the message for re-configuring cards.
* g10/card-util.c (ask_card_keyattr): Print "rsaNNNN".
--

This is a separate patch from the previous to avoid string changes
when backporting the other patch to 2.2.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-02 17:20:13 +01:00
Werner Koch
ea09b6cded
gpg: Introduce magic value 25519 to switch a card to ECC.
* g10/card-util.c (show_keysize_warning): Slightly change the text.
(ask_card_keyattr): Handle special value 25519.
(do_change_keyattr): Allow changing to cv25519/ed25519.
(generate_card_keys): Ditto.
(card_generate_subkey): Ditto.
--

This is kludge to make it easier for gnuk to be switched into ECC
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-02 17:16:14 +01:00
NIIBE Yutaka
3da47d19df
agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
* agent/learncard.c (agent_handle_learn): Find SERIALNO.

--

Bug is: "gpg-connect-agent learn /bye" just fails wrongly.

Fixes-commit: 8c8ce8711d9c938fcb982b0341e6b052742cb887
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 5e96fe72e477d09e35ccee48af0fd9ab2b3ae409)
2017-11-02 17:04:03 +01:00
Werner Koch
1651310203
build: Remove configure options --disable-gpg
--

gpg is used by several other components as well as from the test
suite.  We need it.

GnuPG-bug-id: 3479
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-02 16:55:17 +01:00
NIIBE Yutaka
5e96fe72e4 agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
* agent/learncard.c (agent_handle_learn): Find SERIALNO.

--

Bug is: "gpg-connect-agent learn /bye" just fails wrongly.

Fixes-commit: 8c8ce8711d9c938fcb982b0341e6b052742cb887
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-02 16:23:10 +09:00
NIIBE Yutaka
0e5bd473a0
common: Accept the Z-suffix for yymmddThhmmssZ format.
* common/gettime.c (isotime_p): Accept the Z suffix.

--

The intention is use for human interface.

GnuPG-bug-id: 3278
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit ba8afc4966cca1f6aaf9b2a9bfc3220782306c2b)
2017-11-01 18:35:29 +01:00
Werner Koch
fd3f5ca151
Register another OpenPGP card vendor.
--
2017-11-01 18:17:44 +01:00
Werner Koch
87b94e08d7
gpg: Remove trailing comma in an enum.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-01 18:14:26 +01:00
Werner Koch
f795f4529d
gpg: Rename two card related functions in card-util.
* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
(do_change_rsa_keysize): Rename to do_change_keyattr.
--

We want to support other algos than RSA and thus we need a better name
for the functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-01 18:13:25 +01:00
NIIBE Yutaka
6c63a04569 g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
* g10/keygen.c (pSUBKEYGRIP): New.
(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
(do_generate_keypair): Support pSUBKEYGRIP.

--

In the manual, it says "Key-Grip".  gpgsm also supports "Key-Grip".
Adding "Subkey-Grip" now, adding "Key-Grip" makes sense.

GnuPG-bug-id: 3478
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-01 10:19:35 +09:00
NIIBE Yutaka
d63b7966cd g10: Simplify "factory-reset" procedure.
* g10/card-util.c (factory_reset): Simplify.

--

In this summer, I got report about old code before this change didn't
work with newer Yubikey.  I got another report test version of OpenPGP
card V3.3 implementation didn't work, either.  Then, I confirmed that
according to the OpenPGP card specification, the procedure of old code
is not expected by its author.

This change simplify "factory-reset" as simple.

Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this
change.  That's because the factory-reset feature of Gnuk was
introduced by reading the implementation of GnuPG, instead of reading
the specification.  Gnuk 1.2.5 and later works well.  All OpenPGPcard
implementations I have work well (2.0, 2.1, 2.2, test version of 3).

GnuPG-bug-id: 3286
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-30 11:59:11 +09:00
NIIBE Yutaka
3924e1442c
agent: Clean up pinentry access locking.
* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit fb7828676cc2c01047498898378711e049f73fee)
2017-10-27 14:15:58 +02:00
NIIBE Yutaka
4738256f2e
agent: Allow recursive use of pinentry.
* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 3b66a256e3760e88066ca11b7b49d924e42aa46b)
2017-10-27 14:15:50 +02:00
Werner Koch
f6ab97fd96
Merge branch 'STABLE-BRANCH-2-2' into master
--
Resolved Conflicts:
	configure.ac - Adjust due to new log_clock otions
2017-10-27 13:56:15 +02:00
NIIBE Yutaka
fb7828676c agent: Clean up pinentry access locking.
* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-27 09:54:48 +09:00
NIIBE Yutaka
3b66a256e3 agent: Allow recursive use of pinentry.
* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 14:40:38 +09:00
NIIBE Yutaka
05cb87276c agent, tests: Support --disable-scdaemon build case.
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:39:49 +09:00
NIIBE Yutaka
b13972dfbf Fix comment of configure.
* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:38:50 +09:00
NIIBE Yutaka
bf26c08b95 agent, tests: Support --disable-scdaemon build case.
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:24:39 +09:00
NIIBE Yutaka
3549dce4f5 Fix comment of configure.
* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:19:45 +09:00
Werner Koch
84af859e39
gpg: Avoid superfluous sig check info during import.
* g10/key-check.c (print_info): New.
(key_check_all_keysigs): Print sig checking results only in debug
mode.  Prettify the stats info and suppress them in quiet mode.

--

This also makes usable stats by prefixing them with the key and the
program name.

GnuPG-bug-id: 3397
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 21:11:38 +02:00
Werner Koch
812fe29bff
build: New configure option --enable-werror
* configure.ac: Implement that option.
--

This can be used as a workaround in case of bogus autoconf tests.

GnuPG-bug-id: 2423
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 18:44:49 +02:00
Werner Koch
e417aaf698
build: Do not mess with CFLAGS in configure.
* configure.ac: Do not mess with the user provided CFLAGS.
--

A problem was claimed with some configure tests if the user provided
CFLAGS=-Werror.  The commit introducing this

Fixes-commit: 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8

does not mention a concrete case.  Anyway, messing with CFLAGS is a
bad idea because configure tests will then test something different
than what is used later (cf. autoconf manual).  Tests which depend on
the whether -Werror is used needsto be fixed.

Note that in certain cases we modify CFLAGS.  This is only done for
some configure options or if the platform requires the use of special
compiler flags (e.g. on HP/UX).

GnuPG-bug-id: 2423
2017-10-24 18:34:28 +02:00
Rainer Perske
1067403c8a
sm: Do not expect X.509 keyids to be unique
* sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
* sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
(run_command_inq_cb): Ditto.
* sm/gpgsm.c (main): Pass false.
* sm/server.c (cmd_passwd): Pass false.

--

As described in my report T1644, it is possible that multiple
certificates exist with the same Distinguished Name and the same key.
In this case, verifying S/MIME signatures and other actions fail with
"certificate not found: Ambiguous name". For details see the bug
report.

To circumvent the problem, I am patching GnuPG since 2014 so that in
this case the newest of the ambiguous certificates is used.

This is not an ultimate solution of the problem: You should try every
certificate with the same DN until verification succeeds or until all
certificates fail, and if multiple certificates of a chain are
ambiguous you even have to check every combination. You may even
consider checking the keyUsage attributes of the ambiguous certificates
to reduce the number of combinations.

But in the existing case of the certificates in the German Research
Network (DFN) PKI where the newest one is the valid one and all
ambiguous certificates have the same keyUsage attributes, this patch
has proven to be sufficient over the last three years.

With every GnuPG update, I have adapted the patch, luckily I never
needed to change anything except line numbers.

GnuPG-bug-id: 1644

ChangeLog log written by wk, comment taken from mail.  Signed-off line
was missing in the plain diff.  However the mail with the patch and
the DCO posted as reply to that mail were both signed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 17:29:04 +02:00
Werner Koch
f8e2d87532
Register DCO for Rainer Perske
--
2017-10-24 17:16:27 +02:00
Werner Koch
6e808ae470
gpgconf: Ignore non-installed components with --apply-profile.
* tools/gpgconf-comp.c (retrieve_options_from_program): Add arg
only_installed.
(gc_component_retrieve_options): Use this if we want to process all
components.
--

Note that this also also ignores them in --with-defaults.  This is
useful for systems which come without scdaemon.

GnuPG-bug-id: 3313
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 12:01:35 +02:00
Werner Koch
560d85ecff
gpg: Improve the "secret key available" notice in keyedit.c
* g10/keyedit.c (KEYEDIT_NEED_SUBSK): New.
(cmds): Add this flag to keytocard, bkuptocard, expire, and passwd.
(keyedit_menu): Check whether only subkeys are available and take care
of that in the command check and in the HELP listing.  Also print a
different notice if only subkeys are available.
--

Print "Secret key is available" and the bailing out in all commands
which require the _primary_ secret key was surprising.  Now we print
another notice and adjust the checks.

GnuPG-bug-id: 3463
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 10:56:13 +02:00
Werner Koch
016538d828
gpg: Remove unused flags from keyedit.c.
* g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove.
(cmds): Remove them.
--

These flags were cruft from the time we had to switch between secret
and public key view.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 09:35:25 +02:00
Werner Koch
9e3f2a7e0b
doc: Fix "SEE ALSO" section of gpgv.
--
2017-10-20 08:56:39 +02:00
Werner Koch
44fb3fbc85
gpg: Fix creating on-disk subkey with on-card primary key.
* g10/keygen.c (generate_subkeypair): Ignore error code issued for
trying to verify a card based key.
--

We try to verify the primary key and thus seed the passphrase cache
before generating the subkey.  However, the verification does not yet
work for on-card keys and thus the PASSWD --verify send to the agent
returns an error.  This patch detects this error and continues without
a seeded passphrase cache.  After all that pre-seeding is just a
convenience.

GnuPG-bug-id: 3280
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 18:10:37 +02:00
Werner Koch
2c7dccca9b
gpg: Print sec/sbb with --import-option import-show or show-only.
* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--

Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported.  If the secret key
already exists locally another suffix might be printed.  The upshot is
that the suffix has no usefulness.

GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 17:12:36 +02:00
Werner Koch
68c8619114
gpg: Make --dry-run and show-only work for secret keys.
* g10/import.c (import_secret_one): Check for dry-run before
transferring keys.
--

The use of --dry-run or --import-option show-only had no effect when
importing a secret key and the public key already existed.  If the
public key did not exist an error message inhibited the import of the
secret key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 17:05:39 +02:00
Damien Goutte-Gattat
1ba308aa03
dirmngr: Do not follow https-to-http redirects.
* dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from
a https URI to a http URI.
--

GnuPG-bug-id: 3436
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-10-19 15:32:38 +02:00
NIIBE Yutaka
d07de38627
g10: Fix find_and_check_key for multiple keyrings.
* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.

--

When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring.  Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.

Thanks to Guido Günther for the use case and the log.

Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-19 15:03:19 +02:00
Werner Koch
7c73db3d31
gpg: Keep a lock during the read-update/insert cycle in import.
* g10/keydb.c (keydb_handle): New field 'keep_lock'.
(keydb_release): Clear that flag.
(keydb_lock): New function.
(unlock_all): Skip if KEEP_LOCK is set.
* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
requested.
--

That change is straightforward.  It helps to avoid the race condition
that another gpg process inserts a key while the first process is
between the search and the insert.

A similar change is due for gpgsm.

Note that the key edit operations may still suffer from a race.

GnuPG-bug-id: 3446
2017-10-19 15:02:28 +02:00
Werner Koch
8448347b5b
gpg: Improve keydb handling in the main import function.
* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
(get_keyblock_byfprint_fast): .. new function.
* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
handle.  Remove the now surplus keyblock fetch in the merge branch.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 15:01:38 +02:00
Werner Koch
752cae6dd2
gpg: Simplify keydb handling of the main import function.
* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int.  Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto.  Use a single keydb_new and simplify the use of
of keydb_release.
--

Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use.  Note that we also
disable the keydb caching for the insert case.

The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 15:00:05 +02:00
Werner Koch
1bf5cbd3ef
sm: Fix colon listing of fields > 12 in crt records.
* sm/keylist.c (print_capabilities): Move colon printing ...
(list_cert_colon): to here.
--

Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 14:59:34 +02:00
Daniel Kahn Gillmor
28aa689058 agent: Send pinentry the uid of connecting process where possible.
* agent/agent.h (server_control_s): Add field 'client_uid'.
* agent/call-pinentry.c (start_pinentry): Add uid field to assuan
option "owner" sent to pinentry.
* agent/command-ssh.c (peer_info_s): New static struct.
(get_client_pid): Rename to...
(get_client_info): Here, and extract uid in addition to pid.
(start_command_handler_ssh): Use get_client_info() instead of
get_client_pid().
* agent/command.c (start_command_handler): Try assuan_get_peercred,
and only fall back to assuan_get_pid when assuan_get_peercred fails.

--

This also requires an update to pinentry to handle the new uid field.
Distributing the uid as well as the pid makes it harder for a
different user on the same machine to take advantage of any race
conditions between when a requesting process might ask for something
that needs pinentry, and when pinentry gets around to inspecting the
state of that process.

We put the uid before the nodename because the uid is guaranteed to be
a integer (represented in decimal), which makes it much simpler to
parse past than the potentially arbitrarily structured nodename.

Use a / instead of whitespace to delimit pid/uid at Werner's request.

If we were willing to depend on the nodename being
whitespace-delimited (as the current, unreleased pinentry code does),
then we could add the uid after the nodename.  But since no released
pinentry depends on this option anyway, i think we should make the
more conservative, easily-parseable choice and put the user ID first.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-10-19 03:09:44 -04:00
NIIBE Yutaka
995c46ea77 g10: Fix find_and_check_key for multiple keyrings.
* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.

--

When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring.  Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.

Thanks to Guido Günther for the use case and the log.

Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-19 11:08:24 +09:00
Werner Koch
645f30ad31
gpg: Keep a lock during the read-update/insert cycle in import.
* g10/keydb.c (keydb_handle): New field 'keep_lock'.
(keydb_release): Clear that flag.
(keydb_lock): New function.
(unlock_all): Skip if KEEP_LOCK is set.
* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
requested.
--

That change is straightforward.  It helps to avoid the race condition
that another gpg process inserts a key while the first process is
between the search and the insert.

A similar change is due for gpgsm.

Note that the key edit operations may still suffer from a race.

GnuPG-bug-id: 3446
2017-10-18 18:28:52 +02:00
Werner Koch
3bb06531d3
gpg: Improve keydb handling in the main import function.
* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
(get_keyblock_byfprint_fast): .. new function.
* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
handle.  Remove the now surplus keyblock fetch in the merge branch.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-18 17:52:41 +02:00
Werner Koch
d353287f72
gpg: Simplify keydb handling of the main import function.
* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int.  Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto.  Use a single keydb_new and simplify the use of
of keydb_release.
--

Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use.  Note that we also
disable the keydb caching for the insert case.

The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-18 13:56:14 +02:00
Werner Koch
18e5946aef
gpg: Fix wrong Tofu DB consistency check.
* g10/tofu.c (build_conflict_set): Do not assume MAX_FINGERPRINT_LEN
is the size of the fingerprint.
--

This problem was exhibited by
commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-18 13:56:12 +02:00
Werner Koch
825abec0e7
gpg,sm: New option --with-key-screening.
* common/pkscreening.c: New.
* common/pkscreening.h: New.
* common/Makefile.am (common_sources): Add them.
* g10/gpg.c (opts): New option --with-key-screening.
* g10/options.h (struct opt): New field with_key_screening.
* g10/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(list_keyblock_print): Call it.
(print_compliance_flags): Call it.
* sm/gpgsm.c (opts): New option --with-key-screening.
* sm/gpgsm.h (scruct opt): New field with_key_screening.
* sm/keylist.c:  Include pkscreening.h.
(print_pk_screening): New.
(print_compliance_flags): Call it.  Add new arg cert.
(list_cert_colon): Pass arg cert
(list_cert_std): Call print_pk_screening.
* sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
--

This new option can be used to detect ROCA affected keys.  To scan an
entire keyring and print the affected fingerprints use this:

  gpg -k --with-key-screening --with-colons | gawk -F: \
       '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next};
        $1=="fpr" && found {print $10}; {found=0}'

The same works for gpgsm.  Note that we need gawk due to the "\<" in
the r.e.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-17 21:10:19 +02:00
Werner Koch
69e579d785
sm: Fix colon listing of fields > 12 in crt records.
* sm/keylist.c (print_capabilities): Move colon printing ...
(list_cert_colon): to here.
--

Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-17 20:56:55 +02:00
Neal H. Walfield
1ed21eee79 gpg: Fix comparison.
* g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
not one or fewer.

Signed-off-by: Neal H. Walfield <neal@walfield.org>
2017-10-06 11:53:51 +02:00
Werner Koch
b509d81cab
gpg: Workaround for junk after --trusted-key.
* g10/trust.c (register_trusted_key): Cut off everthing starting as a
hash sign.
--

This problem is fallout from
commit f99830b72812395da5451152bdd2f2d90a7cb7fb
which fixes
GnuPG-bug-id: 1206

The same could happen with other options taking keyids but we won't
change that because a trailing '#' does not indicate a comment.  So
this is really only a workaround and eventually we will
deprecate --trusted-key anyway or require a fingerprint as a value.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-28 14:10:12 +02:00
Werner Koch
e725c4d653
doc: Make --check-sigs more prominent.
--

It seems people are using --list-sigs instead of --check-sigs and do
not realize that the signatures are not checked at all.  We better
highlight the use of --check-sigs to avoid this UI problem.

Suggested-by: Andrew Gallagher
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-27 17:24:31 +02:00
Werner Koch
98c260e057
doc: Make --check-sigs more prominent.
--

It seems people are using --list-sigs instead of --check-sigs and do
not realize that the signatures are not checked at all.  We better
highlight the use of --check-sigs to avoid this UI problem.

Suggested-by: Andrew Gallagher
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-09-27 17:18:55 +02:00