1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

1676 Commits

Author SHA1 Message Date
Werner Koch
f5cceef115
kbx: Add function keybox_tmp_names to avoid code duplication.
* kbx/keybox-update.c (create_tmp_file): Move some code to...
* kbx/keybox-util.c (keybox_tmp_names): new.
* g10/keyring.c: Include keybox.h.
(create_tmp_file): Replace parts by keybox_tmp_names.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 16:47:42 +01:00
Werner Koch
360534bde7
gpg: Make --list-options show-usage the default.
* g10/gpg.c (main): Add LIST_SHOW_USAGE.
--

The usage flags are often useful and they don't take away much space
in a key listing.  Thus it is better to have them enabled by default.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 12:22:33 +01:00
Werner Koch
9b6c91469a
gpg: Improve error code from lock_all.
* g10/keydb.c (lock_all): Do not clobber RC during failur cleanup.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-13 14:48:02 +01:00
Werner Koch
9dc355ad3a
gpg: Make sure to mark a duplicate registered keybox as primary.
* kbx/keybox-init.c (keybox_register_file): Change interface to return
the token even if the file has already been registered.
* g10/keydb.c (primary_keyring): Rename to primary_keydb.
(maybe_create_keyring_or_box): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Mark an already registered as primary.
* sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Adjust for changed keybox_register_file.
--

This change aligns the registering of keyboxes with those of
keyrings.  This fixes a potential bug:

  gpg --keyring foo.kbx --keyring bar.gpg --keyring foo.kbx

would have marked bar.gpg as primary resource and thus inserting new
keys there.  The correct and now fixed behavior is to insert to
foo.kbx.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-13 10:43:33 +01:00
Werner Koch
4619ea8e51
gpg: Re-indent check_key_signature2.
--

I am considering some changes and thus better start off by switching
to standard GNU indentation.  This patch also changes comment lines
like

      if (foo)
        /* Comment on foo.  */
        {

to

      if (foo)
        { /* Comment on foo.  */

or

      if (foo) /* Comment on foo.  */
        {

to make the brace of the opening block stand out immediately.

Further stars on the left are added to longer comments because that
makes the code easier to read by disabled hackers, when reading
without font locking, and for reading black-white printouts.
2016-01-12 10:42:48 +01:00
NIIBE Yutaka
3f52c7da39 common: Fix iobuf API of filter function for alignment.
* common/iobuf.h (IOBUFCTRL_DESC): Change the call semantics.
* common/iobuf.c (iobuf_desc): Add the second argument DESC.
(print_chain, iobuf_close, do_open, iobuf_sockopen, iobuf_ioctl)
(iobuf_push_filter2, pop_filter, iobuf_write_temp): Change calls
of iobuf_desc.
(file_filter, file_es_filter, sock_filter, block_filter): Fill the
description.
* common/t-iobuf.c (every_other_filter, double_filter): Likewise.
* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
g10/decrypt-data.c, g10/encrypt.c, g10/mdfilter.c, g10/progress.c,
g10/textfilter.c: Likewise.

--

Newer GCC warns against possible alignment difference of pointers.
This change can silence those warnings.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-01-12 10:32:20 +09:00
Werner Koch
0617a05eb5
gpg: Move documentation from keydb.h to keydb.c and getkey.c.
--

When using tags (e.g. GNU global) to navigate the source code it is
way easier to have the documentation close to the function we are
looking at.  Having the documentation in the header file would require
an extra manual lookup to understand the function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
Werner Koch
b280aa6423
gpg: Fix NULL de-ref for ambiguous key check in --export-ssh-keys.
* g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
--

This change adds the expected behavior for the getkey_next function
to fix this NULL de-ref.

GnuPG-bug-id: 2212
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 10:59:13 +01:00
Werner Koch
eb9c021631
tools: Remove gpgkey2ssh.
* tools/gpgkey2ssh.c: Remove.
* tools/Makefile.am (bin_PROGRAMS): Ditto.
--

Also remove it form the docs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-09 11:28:42 +01:00
Werner Koch
b2da3951a3
gpg: Support ECDSA keys with --export-ssh-key.
* g10/export.c (key_to_sshblob): Add hack for ECDSA.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 20:37:25 +01:00
Werner Koch
4970868d8d
gpg: New command --export-ssh-key
* g10/export.c: Include membuf.h and host2net.h.
(key_to_sshblob): New.
(export_ssh_key): New.
* g10/gpg.c (aExportSshKey): New.
(opts): Add command.
(main): Implement that command.
--

GnuPG-bug-id: 2212

I have done only a few tests rights now and the ECDSA curves do not
yet work.  However ssh-keygen -l accept RSA and ed25519 keys exported
using this command.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 17:22:32 +01:00
Werner Koch
34bca9cd4b
gpg: Add an exact search flag to the PK struct.
* g10/getkey.c (merge_selfsigs_subkey): Clear exact flag.
(finish_lookup): Set exact flag.
* g10/packet.h (PKT_public_key): Add field flags.exact.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 15:16:12 +01:00
Werner Koch
2aa42baaf3
Print warnings if old daemon versions are used.
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--

We have seen too often bug reports which are due to still running old
versions of the daemons.  To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 10:33:19 +01:00
Werner Koch
496643291e
common: New function get_assuan_server_version.
* common/asshelp.c: Include membuf.h.
(get_assuan_server_version): New.
* g10/call-agent.c (agent_get_version): Use new function.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:42:29 +01:00
Werner Koch
833ba5faa1
common: New put_membuf_cb to replace static membuf_data_cb.
* common/membuf.c (put_membuf_cb): New.
* agent/call-scd.c (membuf_data_cb): Remove.  Change callers to use
put_membuf_cb.
* common/get-passphrase.c (membuf_data_cb): Ditto.
* g10/call-agent.c (membuf_data_cb): Ditto.
* sm/call-agent.c (membuf_data_cb): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
Werner Koch
8fd406c317
gpg: Return an error code from keygrip_from_pk.
* g10/keyid.c (keygrip_from_pk): Return an error code.
--

The error was show but the function did not return it.  This change
should improve error messages for unknown algorithms.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
8a56a38387
gpg: Avoid warnings about possible NULL deref.
* g10/getkey.c (cache_public_key): Protect deref of CE which actually
can't happen.
* g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
* g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
DB.
* g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
ERR.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
008aa6e6d4
gpg: Fix warnings about useless assignments.
* g10/armor.c (parse_hash_header): Remove duplicate var assignment.
* g10/getkey.c (cache_user_id): Ditto.
* g10/keygen.c (ask_curve): Ditto.  This also fixes a small memory
leak.

* g10/keygen.c (proc_parameter_file): Remove useless assignment or
pointer increment.
(generate_keypair): Ditto.
* g10/getkey.c (finish_lookup, lookup): Ditto.
* g10/card-util.c (change_pin): Ditto.
* g10/gpg.c (main) <aVerify>: Ditto.
* g10/import.c (import): Ditto.
(print_import_check): Ditto
* g10/keyring.c (do_copy): Ditto.
* g10/tdbio.c (tdbio_read_record): Ditto.
* g10/trustdb.c (tdb_update_ownertrust): Ditto.
(update_validity): Ditto.

* g10/server.c (cmd_passwd): Remove useless call to skip_options.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
a41638acf4
gpg: Fix DNS cert lookup returning an URL.
* g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL
param.  The old code was entirely buggy (c+p error).
--

Fixes-commit: 154f3ed2
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:15 +01:00
Daniel Kahn Gillmor
2c3e67430d Fix keystrlen to work when OPT.KEYID_FORMAT is KF_DEFAULT.
* g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset,
default to KF_SHORT.
(format_keyid): Default to KF_SHORT, not KF_0xLONG.

--
Without this fix, gpgv2 fails with:

gpgv: Ohhhh jeeee: ... this is a bug (keyid.c:342:keystrlen)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-01-06 15:05:21 +01:00
Werner Koch
c7389ae90f
gpg: Silence some regression tests.
* g10/test.c (TEST): Print diagnostics only in verbose mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:49:45 +01:00
Werner Koch
85cc7449fb
gpg: Avoid using an uninitialized SALT on premature EOF.
* g10/parse-packet.c (parse_key): Check for premature end of salt.
--

This has no security implications because an arbitrary salt could have
also been inset by an attacker.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:48:44 +01:00
Werner Koch
09accc0e3d
gpg: Silence warnings found by static analyzer.
* g10/keyedit.c (change_passphrase): Remove useless init of ANY.
(keyedit_quick_adduid): Remove useless setting of ERR.
* g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
it has been checked before the loop.
(parse_plaintext): Remove useless init of PKTLEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:45:01 +01:00
Werner Koch
7990586828
gpg: Comment on false positives by static analyzers.
--
2016-01-06 08:42:07 +01:00
Werner Koch
e70f7a54f2
gpg: Align notes about minimal keysize with actual checks.
* g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
export mode.  Improve readability.
--

GnuPG-bug-id: 2209
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-05 13:51:05 +01:00
Neal H. Walfield
575c15a090 gpg: Fix double free.
* g10/getkey.c (get_pubkeys): Fix double free.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7195b943

Note: this error is not a security problem, because this code path is
currently never executed.
2016-01-04 12:46:11 +01:00
Neal H. Walfield
bf694cbc68 Revert commit 4654384fe7.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Werner pointed out that a special error message is not needed: the
error code (as displayed by gpg_strerror) will indicate what went
wrong.
2016-01-04 12:44:14 +01:00
NIIBE Yutaka
5ca57f1a69 g10: Use --force when importing key for bkuptocard.
* g10/call-agent.c (agent_import_key): Add an argument FORCE.
* g10/import.c (transfer_secret_keys): Likewise.
(import_secret_one): Call transfer_secret_keys with FORCE=0.
* g10/keyedit.c (keyedit_menu): Call with FORCE=1.
2015-12-24 14:15:58 +09:00
NIIBE Yutaka
44aee35e69 g10: Remove subcommand checkbkupkey for --key-edit.
* g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.

--

GnuPG-bug-id: 2169

It was introduced by the commit 9e834047 in 2009.  Then, we moved
private key handling to gpg-agent which broke this subcommand.

Note: This subcommand was not supported in 1.4 and 2.0.
2015-12-24 11:48:47 +09:00
NIIBE Yutaka
ee433d2b00 g10: Allow relative path for specifying the file for bkuptocard.
* g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME.
Also support tilda expansion.
2015-12-24 11:48:16 +09:00
NIIBE Yutaka
40959add1b g10: fix regression of bkuptocard subcommand in --edit-key.
* g10/keyedit.c (keyedit_menu): Call transfer_secret_keys.
* g10/import.c (transfer_secret_keys): Make it global function.
Allow stats==NULL.

--

GnuPG-bug-id: 2169
2015-12-24 09:54:23 +09:00
Werner Koch
ae3e5c25ca
dirmngr: Change the Onion keyserver in the conf template.
--

I must have mixed the up during testing.  The old one is just one
keyserver and the new one is the OnionBalance hidden service.  See

  https://sks-keyservers.net/overview-of-pools.php

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 20:06:49 +01:00
Werner Koch
a9cbdcfd9c
gpg: Rename struct pubkey to pukey_s and add pubkey_t.
* g10/keydb.h (struct pubkey): Rename to pubkey_s.
(pubkey_t): New.  Change all struct pubkey_s to use this type.
* g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
--

It is common in GnuPG to use a suffix of _s for struct names.  There
is no technical need for this (actually this pattern comes from pre
ANSI C compilers which had no separate namespaces) but it avoid
surprises when reading the code.

Adding the pubkey_t type is mainly to improve font locking by using
the common suffix _t for a typedefed type.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:46:09 +01:00
Werner Koch
363ed2e892
gpg: Simplify status message code from commit b30c15bf.
* g10/keygen.c (card_write_key_to_backup_file): Simplify by using
hexfingerprint.
--

Note that the extra blank added to FPRBUF in the old code was not
needed because write_status_text_and_buffer already ensures that
there will be a space.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:46:05 +01:00
Werner Koch
04c9cddda9
gpg: Add standard free() semantic to pubkey_free.
* g10/getkey.c (pubkey_free): Check for NULL arg.
--

We don't like surprises ;-)

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:17:50 +01:00
Werner Koch
ef7b7e9160
gpg: Fix use of assert from commit dc417bf0.
* g10/keydb.c (keydb_update_keyblock): De-ref after the assert.  Use
%zu for size_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:16:02 +01:00
Werner Koch
b0c9867fb7
gpg: Do not translate debug output.
* g10/getkey.c (parse_def_secret_key): Do not make strings passed to
log_debug translatable.
--

Debug output is intended to be used along with the source or to be
send to the developers.  Thus translations are at best not helpful.
2015-12-23 15:13:21 +01:00
NIIBE Yutaka
aecf1a3c57 scd: Fix commit b30c15bf (again).
* g10/keygen.c (do_generate_keypair): Clear the variable S.

--

GnuPG-bug-id: 2201
2015-12-23 16:55:00 +09:00
Neal H. Walfield
5c759924fb gpg: Fix type.
* g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:07:51 +01:00
Neal H. Walfield
4654384fe7 gpg: Fix error message.
* g10/getkey.c (parse_def_secret_key): Fix error message.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:57 +01:00
Neal H. Walfield
7195b94345 gpg: Don't check for ambiguous keys.
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here.  Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here.  Update users.  Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc

This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks.  The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic.  Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality.  Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
2015-12-22 15:03:56 +01:00
Neal H. Walfield
dc52995d85 gpg: Lazily evaluate --default-key.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:54 +01:00
Neal H. Walfield
ffe0b7a6dd gpg: Remove unused parameter.
* g10/pkclist.c (build_pk_list): Remove parameter use, which is always
called set to PUBKEY_USAGE_ENC.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:53 +01:00
Neal H. Walfield
4103850c2e gpg: Improve check for ambiguous keys.
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
encryption-only keys when a signing key is needed and vice-versa.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:52 +01:00
Neal H. Walfield
dc417bf0c5 gpg: Fix TOCTTOU when updating keyblocks.
* g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
current offset.  After taking the lock, extract the fingerprint from
the keyblock, find it and then replace it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2193

Between locating the record to update and actually updating the
keyblock, it is possible that another process modifies the keyring,
which causes the update to corrupt the keyring.  This is due to a time
of check to time of use bug.  The fix is straightforward: both
operations must be done while holding the lock.  This changes the
semantics of the function slightly, but no callers need to be
modified.  Further, it now becomes impossible to replace key A with B;
this function will only ever update B.
2015-12-22 15:03:51 +01:00
Neal H. Walfield
7fe4be0416 gpg: Display the key that is invalid, not the search description.
* g10/getkey.c (parse_def_secret_key): Display the key that is
invalid, not the search description.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:48 +01:00
Neal H. Walfield
478ca6c75b gpg: Mark more options as coming from the config file (when this holds)
* g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
taken from the config file, note this.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 28311d1
2015-12-22 15:03:47 +01:00
Neal H. Walfield
ee8a8ec1cf gpg: Use enums instead of defines.
* g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
(PK_LIST_HIDDEN): Likewise.
(PK_LIST_CONFIG): Likewise.
(PK_LIST_SHIFT): Likewise.n

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Using an enum has the advantage that the symbol can be used in gdb.
2015-12-22 15:03:47 +01:00
NIIBE Yutaka
ab9a9bce77 g10: clean up of headers for card.
* g10/main.h (save_unprotected_key_to_card): Remove.
* g10/options.h (ctapi_driver, pcsc_driver, disable_ccid): Remove.
2015-12-21 20:56:29 +09:00
NIIBE Yutaka
06436882c3 g10: Fix commit b30c15bf.
--

Remove the backup file g10/keygen.c.~HEAD~
2015-12-18 10:54:02 +09:00
NIIBE Yutaka
72eaff1aa6 g10: Remove deprecated internal functions.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.

--

Now, key generation is done by gpg-agent.  Asking passphrase is done
through pinentry invoked by gpg-agent.  It is done by
new internal function of card_store_key_with_backup.
2015-12-18 10:18:22 +09:00
NIIBE Yutaka
b30c15bf7c g10: Fix a regression for generating card key with backup.
* g10/main.h (receive_seckey_from_agent): Declare.
* g10/keygen.c (card_write_key_to_backup_file): New.
(card_store_key_with_backup): New.
(do_generate_keypair): Create a key on host for encryption key when
backup is requested.  Then, call card_store_key_with_backup.

--

GnuPG-bug-id: 2169
2015-12-18 10:02:38 +09:00
NIIBE Yutaka
e644aa7f59 g10: factor out a function for secret key retrieval.
* g10/export.c (receive_seckey_from_agent): New.
(do_export_stream): Use it.

--

Also fixed a memory leak of WRAPPEDKEY on a successful path of
build_packet.

In the log message, key is now by a hexgrip instead of a format by
keystr_with_sub.
2015-12-17 13:06:28 +09:00
Neal H. Walfield
fc010b6c7f gpg: When checking for ambiguous keys, ignore invalid keys.
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
disabled, revoked and expired keys (if appropriate for the provided
option).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2186
2015-12-16 14:43:20 +01:00
Werner Koch
345ec7323d
gpg: Reduce number of strings to translate.
* g10/getkey.c (parse_def_secret_key): Do not make debug messages
translatable.  Make use of print_reported_error.
--

This patch also passes all required arguments to log_debug ;-).

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-15 13:40:10 +01:00
Werner Koch
2ea1aebc92
gpg: New function to printed a detailed error code.
* g10/misc.c (print_reported_error): New.
--

Often the user is only interested in a catch all error code like "not
found" but sometimes it is useful to also see the real reason.  By
this function this can easily be achieved.  Example:

  err = search_for_key (keyid)
  if (err)
    {
      log_info ("error locating key '%s': %s\n",
                keyid, gpg_strerror (GPG_ERR_NOT_FOUND));
      print_reported_error (err, GPG_ERR_NOT_FOUND);
    }

results in

  gpg: error locating key 'foobar': not found
  gpg: (reported error: no keyring <keybox>)

where the second line is only printed in verbose mode and if ERR is
not GPG_ERR_NOT_FOUND.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-15 13:40:10 +01:00
Neal H. Walfield
f369efd671 gpg: Improve the keyblock cache's transparency.
* kbx/keybox-search.c (keybox_seek): New function.
* g10/keydb.c (keydb_search): When reading from the cache, seek to
just after the cached record.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-15 13:09:50 +01:00
Neal H. Walfield
2e4e10c1dc gpg: Improve the keyblock cache's transparency.
* kbx/keybox-search.c (keybox_offset): New function.
* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
HD->KEYBLOCK_CACHE.OFFSET.
(keydb_search): Don't use the cached result if it comes before the
current file position.  When caching an entry, also record the
position at which it was found.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2187
2015-12-15 12:21:30 +01:00
Neal H. Walfield
0ea186db64 gpg: Use more descriptive names.
* g10/keyring.c (KR_NAME): Rename this...
(KR_RESOURCE): ... to this.  Update users.
(struct keyring_name): Rename this...
(struct keyring_resource): ... to this.  Update users.
(struct off_item): Rename this...
(struct key_present): ... to this.  Update users.
(OffsetHashTable): Rename this...
(key_present_hash_t): ... to this.  Update users.
(kr_offtbl): Rename this...
(key_present_hash): ... to this.  Update users.
(kr_offtbl_ready): Rename this...
(key_present_hash_ready): ... to this.  Update users.
(KEY_PRESENT_HASH_BUCKETS): New define.  Replace use of literals
with this.
(new_offset_item): Rename this...
(key_present_value_new): ... to this.  Update users.
(release_offset_items): Drop dead code.
(new_offset_hash_table): Rename this...
(key_present_hash_new): ... to this.  Update users.
(release_offset_hash_table): Drop dead code.
(lookup_offset_hash_table): Rename this...
(key_present_hash_lookup): ... to this.  Update users.
(update_offset_hash_table): Rename this...
(key_present_hash_update): ... to this.  Drop unused parameter off.
Update users.
(update_offset_hash_table_from_kb): Rename this...
(key_present_hash_update_from_kb): ... to this.  Drop unused parameter
off.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-15 10:45:00 +01:00
Damien Goutte-Gattat
f5aa51aaac gpg: Print ownertrust in TOFU+PGP trust model.
* g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
--

The key editor currently prints out the ownertrust value assigned
to a key only when using the classic or PGP trust models; but
that value is also meaningful in the recently introduced TOFU+PGP
combined model.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2015-12-14 13:09:11 +01:00
Neal H. Walfield
e573e6188d gpg: Fix --default-key checks.
* g10/getkey.c (parse_def_secret_key): Don't just check if a secret
key is available for the public key, also consider subkeys.  Also
check that the key has the signing capability, is not revoked, is not
expired and is not disabled.  Print a warning if there was a least one
value passed to --default-key and all were ignored.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e16d7168
2015-12-14 13:02:50 +01:00
Werner Koch
4d3395ef1f
gpg: Use a regular type instead of a void* for import stats.
* g10/import.c (struct stats_s): Rename to import_stats_s.  Change all
users.
* g10/main.h (import_stats_t): New.  Change fucntions to use this
instead of a void pointer.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-12 18:19:35 +01:00
Neal H. Walfield
1605e34fc3 gpg: Fix buffer overflow.
* g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Regression-due-to: 11ec478

Note: this buffer overflow will only occur if --debug=lookup is passed
to gpg and a search by fingerprint is done.
2015-12-11 14:41:34 +01:00
Neal H. Walfield
6dc37c5fb6 gpg: Don't error out if a key occurs multiple times in the keyring.
* g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple
times in the keyring.  Instead, print a warning.  When printing out
fingerprint prints, use format_hexfingerprint to format them.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-11 11:15:37 +01:00
Daiki Ueno
b5cd68852d
gpg: Write ERROR status on delete-key cancellation
* g10/delkey.c (do_delete_key): Write ERROR status code with the error
location "delete_key.secret", when the user cancelled the operation on
Pinentry.
--

I changed the original patch to emit the full gpg_error_t code. -wk
2015-12-04 16:39:10 +01:00
Werner Koch
28311d1fa5
gpg: Do not pre-check keys given on the command line.
* g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
(PK_LIST_SHIFT): New.
* g10/pkclist.c (build_pk_list): Use them here.
* g10/gpg.c (check_user_ids, main): Ditto.

* g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
(check_user_ids): Skip check for command line specified options.
--

If a key has been given on the command line and it has not been
given by one of the encrypt-to options, we now skip the checks.  The
reason is that the actual key selection code does its own checks and
provides proper status message to the caller to detect the wrong keys.
Without this we would break most frontends because they expect for
example STATUS_INV_RECP.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
Werner Koch
59f6192cb7
gpg: Allow "help" as value for --tofu-policy.
* g10/gpg.c (parse_tofu_policy): Add keyword "help".
(parse_tofu_db_format): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 07:36:14 +01:00
Werner Koch
218a52787a
Do not translate messages printed with log_debug.
* common/asshelp.c (start_new_gpg_agent): Do not i18n string.
(start_new_dirmngr): Ditto.
* g10/mainproc.c (proc_encrypted): Ditto.  Print only if debug is
enabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 07:36:14 +01:00
Werner Koch
5e2c5e9ec5
gpg: Add variant of 'key "%s" not found: %s' error message.
* g10/gpg.c (check_user_ids): Change error message.
* g10/delkey.c (do_delete_key): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:25:37 +01:00
Werner Koch
50a568e738
gpg: Make keyidlist more robust in case of errors.
* g10/keyserver.c (keyidlist): Clear *KLIST on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:19:30 +01:00
Werner Koch
a28ac99efe
gpg: Take care of keydb_new returning NULL.
* g10/keydb.c (keydb_new): Print an error message if needed.  Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.

* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.

* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--

Commit 04a6b903 changed keydb_new to return an error.  However the
error was not checked at most places which we fix with this patch.  To
make things easier keydb_new prints an error message itself.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:18:32 +01:00
Werner Koch
9fcc047d92
gpg: Change some error messages.
* g10/getkey.c (parse_def_secret_key): Change error message.  Replace
log_debug by log_info.
* g10/gpg.c (check_user_ids): Make function static.  Change error
messages.
(main): Change error messages.
* g10/revoke.c (gen_revoke): Ditto.
--

There are other smaller changes not described above.

This change tries to avoid new error messages so not to increase the
the number of translated strings or break too many existing
translations.  It also tries to use existing strings and changes the
quoting to the most common style used in gpg.

Key specifications should in general use double quotes.  Other values
should use single quotes.  However. sometimes it is not easy to
distinguish between values given on the command line and key
specifications.  According to old GNU coding standards diagnostics
should not start capitalized - whether this is a good idea is a
different thing but we used this rules for most strings.  However,
strings which are used interactively should be properly capitalized
and end with a dot.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:40:05 +01:00
Neal H. Walfield
cedbd4709e gpg: Use the matching key if the search description is exact.
* g10/gpg.c (check_user_ids): If the search description is for an
exact match (a keyid or fingerprint that ends in '!'), then use the
matching key, not the primary key.
* tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test.
(priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc,
privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc,
privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc,
privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and
privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc.
(sample_keys): Add
samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc.
* tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc:
New file.
* tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc:
New file.
* tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc:
New file.
* tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc:
New file.
* tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc:
New file.
* tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc:
New file.
* tests/openpgp/use-exact-key.test: New file.
* tests/openpgp/version.test: Install the new private keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Reported-by: Kristian Fiskerstrand
  <kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: 10cca02
2015-12-03 00:00:54 +01:00
Neal H. Walfield
28195f8d27 gpg: Improve documentation.
* g10/tofu.c (initdb): Improve documentation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-02 15:21:58 +01:00
Neal H. Walfield
c73d75103c gpg: Fix type mismatch resulting in a buffer overflow.
* g10/tofu.c (record_binding): Change policy_old's type from an enum
tofu_policy to a long: this variable is passed by reference and a long
is expected.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Justus Winter <justus@g10code.com>
Fixes-commit: f77913e
2015-12-02 15:21:57 +01:00
Werner Koch
28e2513721
dirmngr: Switch to an onion address if Tor is running.
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--

This feature is independent of --use-tor and automagically uses Tor if
available.  The dirmngr.conf file needs to specify two keyservers to
make this work.  For new installations this is done using the skeleton
file.  This feature requires the Libassuan 2.4.2 to work.

This patch also fixes a memory leak of opt.keyserver en passant.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 12:27:35 +01:00
Neal H. Walfield
10cca02c4c common,gpg: Fix processing of search descriptions ending in '!'.
* g10/gpg.c (check_user_ids): If the search description describes a
keyid or fingerprint and ends in a '!', include the '!' in the
rewritten description.
* common/userids.c (classify_user_id): Accept keyids and fingerprints
ending in '!'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Kristian Fiskerstrand
  <kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: f99830b7
Fixes-commit: e8c53fca
2015-12-02 12:03:28 +01:00
Werner Koch
686f31c3d5
gpg: Avoid extra translation strings.
* g10/keyedit.c (menu_expire): Use only one prompt.
--

The old code was anyway not fully i18n because it did not used
ngettext.  Further we ran into const char*/char* conflicts on Windows
where we use a different gettext implementation.

FWIW: A better pattern in the case of a static and a malloced string
w/o error return on malloc failure would be:

  const char *s;
  char *s_buf;
  s_buf = xtryasprintf ("%d foo", n);
  if (!s_buf)
    s = "several foo";
  else
    s = s_buf;
  bar (s);
  xfree (s_buf);
2015-11-27 18:32:27 +01:00
Werner Koch
7c856f9914
gpg,w32: Fix a format string error.
* g10/keyring.c (keyring_search): Fix format string for off_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-27 18:32:26 +01:00
Werner Koch
022342e284
Silence unused variable or parameter warnings.
--
2015-11-27 18:32:26 +01:00
Neal H. Walfield
e9c16fee25 gpg: When comparing keyids, use the keyid, not the fingerprint's suffix.
* g10/keyedit.c (menu_select_key): Use spacep and hexdigitp instead of
inline tests.  Don't compare P to the suffix of the fingerprint.  If P
appears to be a keyid, do an exact compare against the keyid.  If it
appears to be a fingerprint, do an exact compare against the
fingerprint.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-24 13:03:24 +01:00
Neal H. Walfield
19362a8dd7 gpg: Reflow long texts.
* common/stringhelp.c (format_text): New function.
* common/t-stringhelp.c (stresc): New function.
(test_format_text): New function.  Test format_text.
* g10/tofu.c (get_trust): Use format_text to reflow long texts.
(show_statistics): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 22:23:38 +01:00
Neal H. Walfield
5b84b0d660 common: Extend utf8_charcount to include the string's length.
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len.  Process at most LEN bytes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 22:23:37 +01:00
Neal H. Walfield
b64b33bb80 gpg: Allow updating the expiration time of multiple subkeys at once.
* g10/keyedit.c (menu_expire): Allow updating the expiration time of
multiple subkeys at once.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1944
2015-11-23 12:16:33 +01:00
Neal H. Walfield
19f099463c gpg: Don't crash if key is not passed an argument.
* g10/keyedit.c (menu_select_key): Don't crash if P is NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 11:21:24 +01:00
Neal H. Walfield
178af9c3f5 gpg: Fail if the search description passed to --gen-revoke is ambiguous.
* g10/revoke.c (gen_revoke): Error out if the search description is
ambiguous.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-20 13:00:19 +01:00
Neal H. Walfield
f8a65ac96b gpg: Refactor print_seckey_info.
* g10/keylist.c (print_seckey_info): Break formatting functionality
into...
(format_seckey_info): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-20 12:52:04 +01:00
Neal H. Walfield
46e128d44a gpg: Improve an error message.
* g10/revoke.c (gen_revoke): Provide a more descriptive error message
if searching for a key fails.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1987
2015-11-20 12:17:13 +01:00
Justus Winter
52f7f195b1 g10: Avoid undefined behavior.
* g10/trust.c (clean_one_uid): Avoid a computation involving an
uninitialized value.
--
Found using the Clang Static Analyzer.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-19 15:48:01 +01:00
Neal H. Walfield
0b86c7463c gpg: Allow selecting subkeys using a keyid.
* g10/keyedit.c (menu_select_key): Take an additional argument, p.
Update callers.  If P is a hex string, then assume that P is a key id
or fingerprint and select subkeys with matching key ids or
fingerprints.
* doc/gpg.texi: Update documentation for the key subcommand.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1423
Debian-bug-id: 610336
2015-11-17 21:23:16 +01:00
Neal H. Walfield
58e4a492e2 gpg: Change keydb_search to not return legacy keys.
* g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
If set, skip any legacy keys.  Update callers.
* g10/keydb.c (keydb_search): Skip any legacy keys.
(keydb_search_first): Don't skip legacy keys.  Treat them
as an error.
(keydb_search_next): Likewise.
(keydb_search_fpr): Likewise.
* g10/export.c (do_export_stream): Likewise.
* g10/getkey.c (lookup): Likewise.
(have_secret_key_with_kid): Likewise.
* g10/keylist.c (list_all): Likewise.
(keyring_rebuild_cache): Likewise.
* g10/keyserver.c (keyidlist): Likewise.
* g10/trustdb.c (validate_key_list): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:05 +01:00
Neal H. Walfield
848726f5c0 gpg: Correctly handle an error.
* g10/keyring.c (keyring_search): If a compare function returns an
error, treat it as an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:04 +01:00
Neal H. Walfield
ad9befab12 gpg: Correctly handle keyblocks followed by legacy keys.
* g10/keyring.c (keyring_get_keyblock): If we encounter a legacy
packet after already having some non-legacy packets, then treat the
legacy packet as a keyblock boundary, not as part of the keyblock.
* g10/t-keydb-get-keyblock.c: New file.
* g10/t-keydb-get-keyblock.gpg: New file.
* g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg.
(module_tests): Add t-keydb-get-keyblock.
(t_keydb_get_keyblock_SOURCES): New variable.
(t_keydb_get_keyblock_LDADD): Likewise.

--
Signed-off-by: Neal H. Walfield
GnuPG-bug-id: 2151
2015-11-17 14:53:03 +01:00
Neal H. Walfield
8f6099ac51 gpg: Add some debugging output.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:02 +01:00
Neal H. Walfield
11ec4785df gpg: Make debugging search descriptors easier.
* g10/keydb.c (dump_search_desc): Rename from this...
(keydb_search_desc_dump): ... to this.  Only process a single search
descriptor.  Improve output.  Don't mark as static.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:01 +01:00
Neal H. Walfield
a052c30d31 gpg: Add function format_keyid.
* g10/options.h (opt.keyid_format): Add new value KF_DEFAULT.
* g10/keyid.c (format_keyid): New function.
(keystr): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:00 +01:00
Neal H. Walfield
eae982ed6d gpg: Use a more appropriate error code.
* g10/gpg.c (check_user_ids): Return a more appropriate error code if
a user id is ambiguous.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:52:59 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Neal H. Walfield
8e2bea22b0 gpg: Fix error checking and improve error reporting.
* g10/gpg.c (check_user_ids): Differentiate between a second result
and an error.  If the key specification is ambiguous or an error
occurs, set RC appropriately.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Werner Koch <wk@gnupg.org>
Suggested-by: NIIBE Yutaka <gniibe@fsij.org>
2015-11-16 10:34:01 +01:00
Werner Koch
3689c2105a
gpg: Use only one fingerprint formatting function.
* g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New.
* g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN.
Change all callers.
(format_hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Change to use hexfingerprint.
* g10/tofu.c (fingerprint_format): Remove.  Replace calls by
format_hexfingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-14 09:13:02 +01:00
Werner Koch
e7d7160ab7
gpg: Simplify the tofu interface by using the public key packet.
* g10/tofu.c (fingerprint_str): Remove.
(tofu_register): Take a public key instead of a fingerprint as arg.
Use hexfingerprint() to get a fpr from the PK.
(tofu_get_validity): Ditto.
(tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
* g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
instead of the fingerprint to the tofu functions.
--

This change has the advantage that we are not bound to a specific
fingerprint length and will thus helps us to implement rfc4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-13 16:42:59 +01:00
Werner Koch
7de8376430
gpg: Make trusted-key override for Tofu robust against swapped tofu.db.
* g10/tofu.c (get_trust): For the UTK check lookup the key by
fingerprint.
--

Extracting the keyid form the fingerprint is not a good idea because
that only works for v4 keys.  It is also better to first read the key
and then extract the keyid from the actual available key.

The entire trusted-key stuff should be reworked to make use of
fingerprints.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-13 16:09:30 +01:00
Werner Koch
7e59fb21f7
gpg: Fix regression in --locate-keys (in 2.1.9).
* g10/getkey.c (getkey_ctx_s): Add field "extra_list".
(get_pubkey_byname): Store strings in the context.
(getkey_end): Free EXTRA_LIST.
--

This fixes a use-after-free bug.  It showed up with:

  gpg --auto-key-locate local --locate-key wk@gnupg.org

The key was shown but also all other following keys in the keyring.
Bisecting showed d47e84946e as culprit
but the actual cause was a part of:

Regression-due-to: b06f96ba4f
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-13 12:57:54 +01:00
Werner Koch
2038adf16d
gpg: Print a new EXPORTED status line.
* common/status.h (STATUS_EXPORTED): New.
* g10/export.c (print_status_exported): New.
(do_export_stream): Call that function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 17:02:18 +01:00
Werner Koch
e3c48335f9
gpg: Print export statistics to the status-fd.
* common/status.h (STATUS_EXPORT_RES): New.
* g10/main.h (export_stats_t): New.
* g10/export.c (export_stats_s): New.
(export_new_stats, export_release_stats): New.
(export_print_stats): New.
(export_pubkeys, export_seckeys, export_secsubkeys)
(export_pubkey_buffer, do_export): Add arg "stats".
(do_export_stream): Add arg stats and update it.
* g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create,
pass, and print a stats object to the export function calls.

* g10/export.c (export_pubkeys_stream): Remove unused function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:44:00 +01:00
Neal H. Walfield
7546e81879 gpg: Fix cache consistency problem.
g10/keyring.c (keyring_search): Only mark the cache as completely
filled if we start the scan from the beginning of the keyring.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: NIIBE Yutaka <gniibe@fsij.org>

A new feature (e8c53fc) turned up a bug whereby checking if a search
term matches multiple keys in the keyring causes the cache to be
inconsistent.

When we look for a key on the keyring, we iterate over each of the
keyblocks starting with the keyblock following the last result.  For
each keyblock, we iterate over the public key and any subkeys.  As we
iterate over each key, we first insert it into the cache and then
check if the key matches.  If so, we are done.

In pseudo code:

  for (i = last_result + 1; i < num_records; i ++)
    keyblock = get_keyblock (i)
    for (j = 1; j < len(keyblock); j ++)
      key = keyblock[j]
      update_cache (key)
      if (compare (key, search_terms))
        return ok
  cache_filled = true
  return ENOFOUND

When we look for the next match, we start with the following keyblock.
The result is that any subkeys following the key that matched are not
added to the cache (in other words, when a keyblock matches, the inner
loop did not necessarily complete and the subsequent search doesn't
resume it).

This patch includes a straightforward fix: only indicate the cache as
complete if we started the scan from the beginning of the keyring and
really didn't find anything.
2015-11-11 18:32:16 +01:00
Neal H. Walfield
67c701d1e5 gpg: Default to the the PGP trust model.
* g10/trustdb.c (init_trustdb): If we can't read the trust model from
the trust DB, default to TM_PGP, not TM_TOFU_PGP.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-10 08:05:17 +01:00
Neal H. Walfield
951f277b6b gpg: Default to the flat TOFU DB format.
* g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there
is no TOFU DB, default to the flat format.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-10 08:03:57 +01:00
NIIBE Yutaka
bce0e3f71d scd: Add reder information to --card-status.
* g10/call-agent.h, g10/call-agent.c (agent_release_card_info)
g10/card-util.c (card_status): Add READER.
* scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME.
(apdu_get_reader_name): New.
* scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P.
* scd/command.c (cmd_learn): Return READER information.
2015-11-09 16:15:44 +09:00
Werner Koch
2242658efe
gpg: Avoid new strings.
* g10/decrypt-data.c (decrypt_data): Use already translated strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-06 13:29:01 +01:00
Neal H. Walfield
28e198201e gpg: Fix formatting string.
* g10/decrypt-data.c (decrypt_data): Fix formatting string.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-06 13:16:38 +01:00
Neal H. Walfield
a74aeb5dae gpg: Add new option --only-sign-text-ids.
* g10/options.h (opt): Add field only_sign_text_ids.
* g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
(opts): Handle oOnlySignTextIDs.
(main): Likewise.
* g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
select non-text based IDs automatically.
(keyedit_menu): Adapt the prompt asking to sign all user ids according
to OPT.ONLY_SIGN_TEXT_IDS.
* doc/gpg.texi: Document the new option --only-sign-text-ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1241
Debian-bug-id: 569702
2015-11-06 13:16:37 +01:00
Neal H. Walfield
e8c53fca95 gpg: Check for ambiguous or non-matching key specs.
* g10/gpg.c (check_user_ids): New function.
(main): Check that any user id specifications passed to --local-user
and --remote-user correspond to exactly 1 user.  Check that any user
id specifications passed to --default-key correspond to at most 1
user.  Warn if any user id specifications passed to --local-user or
--default-user are possible ambiguous (are not specified by long keyid
or fingerprint).
* g10/getkey.c (parse_def_secret_key): Don't warn about possible
ambiguous key descriptions here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1128
Debian-debug-id: 544490
2015-11-06 12:04:35 +01:00
Neal H. Walfield
a958ffd148 gpg: Indicate which characters are invalid.
* g10/keygen.c (ask_user_id): Indicate which characters are invalid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1143
2015-11-05 14:31:58 +01:00
Neal H. Walfield
ec409e62ae gpg: Add support for unwrapping the outer level of encryption.
* g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set,
copy the data to the output file instead of continuing to process it.
* g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap.
(opts): Handle oUnwrap.
(main): Likewise.
* g10/options.h (opt): Add field unwrap_encryption.
* g10/plaintext.c (handle_plaintext): Break the output file selection
functionality into ...
(get_output_file): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1060
Debian-bug-id: 282061
2015-11-05 14:16:33 +01:00
Neal H. Walfield
6897bbf1aa gpg: Print a better error message for --multifile --sign --encrypt.
* g10/gpg.c (main): Print a better error message for --multifile
--sign --encrypt.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1009
2015-11-04 13:27:49 +01:00
Neal H. Walfield
de9b234015 gpg: Add --encrypt-to-default-key.
* g10/getkey.c (parse_def_secret_key): Drop the static qualifier and
export the function.
* g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey.
(opts): Handle oEncryptToDefaultKey.
(main): Likewise.
* g10/options.h (opt): Add field encrypt_to_default_key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 807
2015-11-04 13:19:54 +01:00
Neal H. Walfield
e16d7168c5 gpg: Allow multiple --default-key options. Take the last available key.
* g10/getkey.c (parse_def_secret_key): New function.
(get_seckey_default): Add parameter ctrl.  Update callers.  Use
parse_def_secret_key to get the default secret key, if any.
(getkey_byname): Likewise.
(enum_secret_keys): Likewise.
* g10/options.h (opt): Change def_secret_key's type from a char * to a
strlist_t.
* g10/gpg.c (main): When processing --default-key, add the key to
OPT.DEF_SECRET_KEY.
* g10/gpgv.c (get_session_key): Add parameter ctrl.  Update callers.
* g10/mainproc.c (proc_pubkey_enc): Likewise.
(do_proc_packets): Likewise.
* g10/pkclist.c (default_recipient): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sign.c (clearsign_file): Likewise.
(sign_symencrypt_file): Likewise.
* g10/skclist.c (build_sk_list): Likewise.
* g10/test-stubs.c (get_session_key): Likewise.

--
Signed-off-by: Neal H. Walield <neal@g10code.com>
GnuPG-bug-id: 806
2015-11-04 13:19:52 +01:00
Werner Koch
44ad9f29d4
gpg: Change out of core error message.
* g10/tofu.c (fingerprint_str): Die with the error code returned by
the failed function.
(time_ago_str): Ditto.  Do not make a comma translatable.
(fingerprint_format): Use "%zu" for a size_t.
--

Also wrapped some long strings.

In general we should not use log_fatal or use xmalloc functions but
properly return an error code and use xtrymalloc like functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-03 23:20:46 +01:00
Werner Koch
62b8cd5495
gpg: Make translation easier.
* g10/import.c (import_secret_one): Split info string for easier
translation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-03 20:44:14 +01:00
Neal H. Walfield
621afac37e gpg: Also show when the most recently signed message was observed.
* g10/tofu.c (show_statistics): Also show when the most recently
signed message was observed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Suggested-by: MFPA <2014-667rhzu3dc-lists-groups@riseup.net>
2015-11-03 16:33:01 +01:00
Neal H. Walfield
3632611229 gpg: Split a utility function out of a large function.
* g10/tofu.c (show_statistics): Break the time delta to string code
into...
(time_ago_str): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-03 16:33:00 +01:00
Neal H. Walfield
c8ef9f9a64 gpg: Fix message formatting.
* g10/tofu.c (get_trust): Fix message formatting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-03 16:33:00 +01:00
Neal H. Walfield
8ae3946d28 gpg: Don't store formatting fingerprints in the TOFU DB.
* g10/tofu.c (fingerprint_pp): Split this function into...
(fingerprint_str): ... this function...
(fingerprint_format): ... and this function.
(record_binding): Store the unformatted fingerprint in the DB.  Only
use the formatting fingerprint when displaying a message to the user.
(get_trust): Likewise.
(show_statistics): Likewise.
(tofu_register): Likewise.
(tofu_get_validity): Likewise.
(tofu_set_policy): Likewise.
(tofu_get_policy): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-03 16:32:59 +01:00
NIIBE Yutaka
06f3eadb22 g10: notify a user when importing stub is skipped.
* g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED
when stub_key_skipped.
(import_secret_one): Notify a user, suggesting --card-status.

--

Migration to 2.1 might be confusing with smartcard.  With this patch,
a user can learn to run gpg ---card-status.

Thanks to intrigeri for the report.

Debian-bug-id: 795881
2015-11-02 14:33:38 +09:00
Neal H. Walfield
18cd09246f gpg: Consider newlines to be whitespace in an SQL statement.
* g10/sqlite.c (sqlite3_stepx): When making sure that there is no
second SQL statement, ignore newlines.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-31 01:50:51 +01:00
Werner Koch
5aadb4b62d
common: Add separate header for zb32.c.
* common/util.h (zb32_encode): Move prototype to ...
* common/zb32.h: new.  Include this for all callers of zb32_encode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-30 12:33:40 +01:00
Neal H. Walfield
641df615da gpg: Display the correct error message.
* g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
RC does not contain the error code.  Save the error code in rc2 and
use that.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:42 +01:00
Neal H. Walfield
d68bdc553a gpg: Eliminate a memory leak.
* g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
failure.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:41 +01:00
Neal H. Walfield
ef052591ba gpg: Remove unused prototype.
g10/keyring.h (keyring_locate_writable): Remove unused prototype.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:41 +01:00
Neal H. Walfield
89eee5f6b7 gpg: Eliminate a memory leak.
* g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:40 +01:00
Neal H. Walfield
99c84b49b7 gpg: Fix keyring support.
* g10/keydb.c (keydb_rebuild_caches): Only mark the cached as prepared
if it is actually prepared, which it only is if the resource is a
keybox.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:39 +01:00
Neal H. Walfield
421827424f gpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.
* g10/sqlite.h (enum sqlite_arg_type): Add SQLITE_ARG_BLOB.
(sqlite3_stepx_callback): New declaration.
(sqlite3_stepx): Change the callback's type to sqlite3_stepx_callback,
which passes an additional parameter, the sqlite3_stmt *.  Update
users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:39 +01:00
Neal H. Walfield
351f4213e1 gpg: Move sqlite helper functions into their own file.
* g10/tofu.c (sqlite3_exec_printf): Move from here...
* g10/sqlite.c (sqlite3_exec_printf): ... to this new file.  Don't
mark as static.
* g10/tofu.c (sqlite3_stepx): Move from here...
* g10/sqlite.c (sqlite3_stepx): ... to this new file.  Don't
mark as static.
* g10/tofu.c (enum sqlite_arg_type): Move from here...
* g10/sqlite.h (enum sqlite_arg_type): ... to this new file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:38 +01:00
Werner Koch
a6c2c09843
gpg: Do not call an extra get_validity if no-show-uid-validity is used.
* g10/mainproc.c (check_sig_and_print): Do not call the informational
get_validity if we are not going to use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 20:36:16 +01:00
Daniel Kahn Gillmor
91015d021b
gpg: Ensure all weak digest rejection notices are shown
* g10/main.h: Add rejection_shown flag to each weakhash struct
* g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
treat MD5 separately; (print_digest_rejected_note): Use
weakhash.rejection_shown instead of static shown.
* g10/options.h (opt): Change from additional_weak_digests to
weak_digests.
* g10/sig-check.c: Do not treat MD5 separately.
* g10/gpg.c (main): Explicitly set MD5 as weak.
* g10/gpgv.c (main): Explicitly set MD5 as weak.

--

Previously, only one weak digest rejection message was shown, of
whichever was the first type encountered.  This meant that if "gpg
--weak-digest SHA224" encountered both an MD5 digest and a SHA224
digest, it would only show the user that the MD5 digest was rejected.

In order to let the user know which algorithms were rejected, we
needed to move the "shown" flag into a per-weak-algorithm location.
Given this additional complication, it made no sense to continue to
treat MD5 specially, so it is added as a default weak algorithm in the
same opt.weak_digests data structure as any other.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-26 16:56:56 +01:00
Werner Koch
0d37a40fc3
w32: Make it build again if Tofu support is not available.
* g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 16:38:41 +01:00
Werner Koch
68100b4a0b
dirmngr: Add example Tor hidden service.
--
2015-10-26 16:34:19 +01:00
Neal H. Walfield
c18fb0d99b gpg: Make sure we only have a single SQL statement.
* g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
statement.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-26 13:41:59 +01:00
Neal H. Walfield
5b0ed7674d gpg: When the TOFU DB is in batch mode, periodically drop the locks.
* g10/tofu.c: Include <sched.h>.
(batch_update_started): New variable.
(begin_transaction): If we've been in batch mode for a while, then
commit any extant batch transactions.
(tofu_begin_batch_update): If we are not in batch mode, initialize
batch_update_started.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-26 13:41:59 +01:00
Neal H. Walfield
7f65e84ac0 gpg: Provide an interface to patch TOFU updates.
* g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch.
Rename end_transaction to savepoint_batch_commit.  Update users.
Remove field rollback.  Add fields savepoint_inner and
savepoint_inner_commit.  Add field batch_update.
(dump_cache): New function.
(batch_update): New variable.
(begin_transaction). New function.
(end_transaction): New function.
(rollback_transaction): New function.
(tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.
(closedb): End any pending batch transaction.
(closedbs): Assert that none of the DBs have a started batch
transaction if we not in batch mode.
(record_binding): Use the begin_transaction, end_transaction and
rollback_transaction functions instead of including the SQL inline.
Also start a batch mode transaction if we are using the flat format.
(tofu_register): Use the begin_transaction, end_transaction and
rollback_transaction functions instead of including the SQL inline.
* g10/gpgv.c (tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.
* g10/test-stubs.c (tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-23 17:38:17 +02:00
Neal H. Walfield
297cf8660c gpg: Cache prepared SQL queries and open DB connections.
* g10/tofu.c: Include <stdarg.h>.
(prepares_saved) [DEBUG_TOFU_CACHE]: New variable.
(queries) [DEBUG_TOFU_CACHE]: New variable.
(struct db): Add fields prevp, begin_transaction, end_transaction,
rollback, record_binding_get_old_policy, record_binding_update,
record_binding_update2, get_policy_select_policy_and_conflict,
get_trust_bindings_with_this_email, get_trust_gather_other_user_ids,
get_trust_gather_other_keys, register_already_seen, and
register_insert.
[DEBUG_TOFU_CACHE]: Add field hits.
(STRINGIFY): New macro.
(STRINGIFY2): New macro.
(enum sqlite_arg_type): New enum.
(sqlite3_stepx): New function.
(combined_db): Remove variable.
(opendb): Don't cache the combined db.
(struct dbs): New struct.  Update users to use this as the head of the
local DB list rather than overloading struct db.
(unlink_db): New function.
(link_db): New function.
(db_cache): New variable.
(db_cache_count): New variable.
(DB_CACHE_ENTRIES): Define.
(getdb): If the dbs specific cache doesn't include the DB, look at
DB_CACHE.  Only if that also doesn't include the DB open the
corresponding DB.
(closedb): New function.
(opendbs): Don't open the combined DB.  Just return an initialized
struct dbs.
(closedbs): Don't close the dbs specific dbs.  Attach them to the
front of DB_CACHE.  If DB_CACHE contains more than DB_CACHE_ENTRIES,
close enough dbs from the end of the DB_CACHE list such that DB_CACHE
only contains DB_CACHE_ENTRIES.  Don't directly close the dbs, instead
use the new closedb function.
[DEBUG_TOFU_CACHE]: Print out some statistics.
(record_binding): Use sqlite3_stepx instead of sqlite3_exec or
sqlite3_exec_printf.
(get_policy): Likewise.
(get_trust): Likewise.
(tofu_register): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-23 17:38:16 +02:00
Neal H. Walfield
cd879d4bd6 gpg: Return the DBs meta-handle rather than the sqlite3 handle.
* g10/tofu.c (getdb): Return a struct db * instead of an sqlite *.
Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-23 17:38:15 +02:00
Neal H. Walfield
3c4c89cc35 gpg: Use the proper type.
* g10/options.h: Include "tofu.h".
(opt.tofu_default_policy): Change type to enum tofu_policy.
* g10/gpgv.c (enum tofu_policy): Don't redeclare.
* g10/test-stubs.c (enum tofu_policy): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-23 17:38:15 +02:00
Werner Koch
41bb01ae79
Move SRV RR code from common/ to dirmngr/.
* common/srv.c: Merge into dirmngr/dns-stuff.c.  Delete file.
* common/srv.h: Merge into dirmngr/dns-stuff.h.  Delete file.
* common/Makefile.am (common_sources): Remove srv.c and srv.h.
* g10/keyserver.c: Do not include srv.h.  The code using it is anyway
disabled.
* dirmngr/http.c: Remove header srv.h and stubs.
* dirmngr/t-dns-stuff.c: Add option --srv.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-22 09:22:41 +02:00
Werner Koch
03e230f0ea
gpg: Add a new OpenPGP card vendor.
--
2015-10-21 18:23:25 +02:00
Werner Koch
9ffcb77e25
Change capitalization of TOR to Tor.
--
2015-10-21 18:14:24 +02:00
Neal H. Walfield
9afeb4cca1 gpg: If the saved trust model is unknown, default to tofu+pgp.
* g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
default to tofu+pgp instead of pgp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:50 +02:00
Neal H. Walfield
8c3b7915d6 gpg: Don't accidentally free UTK_LIST.
* g10/trustdb.c (validate_keys): Don't free UTK_LIST.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:49 +02:00
Neal H. Walfield
cbaca254ac gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
* g10/trustdb.c (validate_one_keyblock): When checking trust regular
expressions, treat the tofu+pgp trust model the same as the pgp trust
model.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:49 +02:00
Neal H. Walfield
df57390d68 gpg: If a key is ultimate trusted, return that in the tofu model.
* g10/tofu.c (get_trust): If the policy is auto or none, check if the
key is ultimately trusted.  If so, return that.
(tofu_register): If the key is ultimately trusted, don't show any
statistics.
(tofu_get_validity): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Andre Heinecke <aheinecke@intevation.de>
2015-10-21 13:45:48 +02:00
Neal H. Walfield
d05ff81732 gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
possibly saved trust models.  Also register the ultimately trusted
keys if the trust model is tofu or tofu+pgp.
(check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
(update_trustdb): Likewise.
(tdb_check_trustdb_stale): Likewise.
(validate_keys): If the trust model is TOFU, just write out the
ultimately trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:48 +02:00
Neal H. Walfield
243f90afba gpg: Factor out code into a standalone function.
* g10/trustdb.c (tdb_keyid_is_utk): New function.
(add_utk): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:47 +02:00
Neal H. Walfield
85bd7d9491 gpg: Make the tofu DB check and initialization atomic.
* g10/tofu.c (initdb): Make the version check and the database
initialization atomic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Co-authored-by: Andre Heinecke <aheinecke@intevation.de>
2015-10-21 13:45:45 +02:00
Werner Koch
734c61dc9d
build: Allow building without SQLlite support.
* configure.ac: Add option --dsiable-tofu and --disable-sqlite.
(NEED_SQLITE_VERSION): New var.
(USE_TOFU): New ac_define and am_conditional.
* autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
pkg-config find the correct .pc file.

* g10/Makefile.am (tofu_source): New.  Build only if enabled.
* g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
(parse_tofu_policy)[!USE_TOFU]: Disable all.
(parse_tofu_db_format)[!USE_TOFU]: Disable all.
(main) <aTOFUPolicy>[!USE_TOFU]: Skip.
* g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
call tofu functions.
* g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
* g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
processing.
--

This allows to build a minimal version of GnuPG.  It is also currently
required to build for Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 17:32:23 +02:00
Neal H. Walfield
26d457c218 gpg: Don't die immediately if the TOFU DB is locked.
* g10/tofu.c (opendb): Don't die immediately if the DB is locked.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 15:12:23 +02:00
Neal H. Walfield
bc9ff6c85e gpg: Improve output.
* g10/tofu.c (get_trust): Also show the binding when indicating a
conflict occurred.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 14:53:29 +02:00
Neal H. Walfield
251c070f91 gpg: Synchronize translation template.
* g10/tofu.c (show_statistics): Synchronize translation template.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 14:52:39 +02:00
Neal H. Walfield
d3eca51774 gpg: When showing conflicts, also show bindings with no recorded sigs.
* g10/tofu.c (signature_stats_collect_cb): If the time_ago column is
NULL, then both time_ago and count should be 0.
(get_trust): Reverse the direction of the join so that we also get
statistics about bindings without any signatures.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 14:50:21 +02:00
Neal H. Walfield
445f94bc81 gpg: Improve text.
* g10/tofu.c (show_statistics): Improve text.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Suggested-by: Malte <malte@wk3.org>
2015-10-20 13:42:20 +02:00
Neal H. Walfield
4957e32367 gpg: Use the right variable to display the information.
* g10/tofu.c (get_trust): Use the right variable to display the
conflicting key.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Reported-by: Andre Heinecke <aheinecke@intevation.de>
2015-10-20 13:40:37 +02:00
Neal H. Walfield
eb8a0b051f gpg: Make failing to create a directory a soft error.
* g10/tofu.c (getdb): Don't exit if we can't create the directory.
Just return an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 13:15:19 +02:00
Neal H. Walfield
d1a0b520b1 gpg: Remove unused prototype digest_algo_from_sig.
* g10/packet.h (digest_algo_from_sig): Remove prototype without a
corresponding implementation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 10:21:40 +02:00
Neal H. Walfield
c37621166e gpg: Fix --desig-revoke.
* g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl.
Check that the secret key is available.  If not, display an error
message.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 8459bcf9
2015-10-19 20:11:03 +02:00
Neal H. Walfield
a608ee750d gpg: Improve function documentation and some comments.
* g10/main.h: Improve function documentation.
* g10/packet.h.h: Improve function documentation.
* g10/sig-check.c: Improve function documentation and some comments.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 20:11:02 +02:00
Neal H. Walfield
0433e66702 gpg: Improve and regularize naming of signature checking functions.
* g10/packet.h (signature_check): Rename from this...
(check_signature): ... to this.  Update users.
(signature_check2): Rename from this...
(check_signature2): ... to this.  Update users.
* g10/sig-check.c (do_check): Rename from this...
(check_signature_end): ... to this.  Update users.
(do_check_messages): Rename from this...
(check_signature_metadata_validity): ... to this.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 20:11:01 +02:00
Neal H. Walfield
547a1b3fb8 gpg: Mark local function as static.
* g10/tdbio.c (put_record_into_cache): Mark as static.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 20:11:00 +02:00
Daniel Kahn Gillmor
b98939812a
gpg: Print warning when rejecting weak digests
* g10/misc.c (print_md5_rejected_note): Rename to ..
(print_digest_rejected_note): this.  Parameterize function to take an
enum gcry_md_algos.
* g10/sig-check.c: Use print_digest_rejected_note() when rejecting
signatures.

--

76afaed65e allowed extra --weak-digests,
but removed the one call to print_md5_rejected_note().  This replaces
and generalizes that warning.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-19 17:33:07 +02:00
Daniel Kahn Gillmor
76afaed65e
gpg: Add option --weak-digest to gpg and gpgv.
* g10/options.h: Add additional_weak_digests linked list to opts.
* g10/main.h: Declare weakhash linked list struct and
additional_weak_digest() function to insert newly-declared weak
digests into opts.
* g10/misc.c: (additional_weak_digest): New function.
(print_digest_algo_note): Check for deprecated digests; use proper
gcry_md_algos type.
* g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
* g10/gpg.c: Add --weak-digest option to gpg.
* doc/gpg.texi: Document gpg --weak-digest option.
* g10/gpgv.c: Add --weak-digest option to gpgv.
* doc/gpgv.texi: Document gpgv --weak-digest option.

--
gpg and gpgv treat signatures made over MD5 as unreliable, unless the
user supplies --allow-weak-digests to gpg.  Signatures over any other
digest are considered acceptable.

Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC
4880, the collision-resistance of SHA-1 is weaker than anyone would
like it to be.

Some operators of high-value targets that depend on OpenPGP signatures
may wish to require their signers to use a stronger digest algorithm
than SHA1, even if the OpenPGP ecosystem at large cannot deprecate
SHA1 entirely today.

This changeset adds a new "--weak-digest DIGEST" option for both gpg
and gpgv, which makes it straightforward for anyone to treat any
signature or certification made over the specified digest as
unreliable.

This option can be supplied multiple times if the operator wishes to
deprecate multiple digest algorithms, and will be ignored completely
if the operator supplies --allow-weak-digests (as before).

MD5 is still always considered weak, regardless of any further
--weak-digest options supplied.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Capitialized some comments, shorted a line in do_check, and changed
subject to name the option.  -wk
2015-10-19 14:24:27 +02:00
Neal H. Walfield
253afa2444 gpg: Fix formatting.
* g10/tofu.c (get_trust): Fix formatting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 10:36:21 +02:00
Neal H. Walfield
e56a116f9a gpg: Don't forget to free some memory.
* g10/tofu.c (tofu_register): Free SIG_DIGEST before returning.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 10:35:38 +02:00
Neal H. Walfield
55d8845465 gpg: If a conflict occurs in batch mode, record that.
* g10/tofu.c (get_trust): If a conflict occurs when MAY_ASK is false,
set conflict to the key.  When prompting the user, don't show the
conflicting key if the conflicting key is the current key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 10:34:15 +02:00
Werner Koch
c2c4007148
gpg: Silence two more warnings.
* g10/trustdb.c (tdb_get_validity_core): Silence a warning.
* g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top
so that it is not uninitialized in case of an early error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-18 20:17:24 +02:00
Werner Koch
558bcd43ae
gpg: Fix harmless compiler warnings.
* g10/tofu.h (_tofu_GET_POLICY_ERROR): New.  This avoids warnings
about undefined enum values in a switch.
* g10/trustdb.h (_tofu_GET_TRUST_ERROR): New.
* g10/tofu.c (TIME_AGO_FUTURE_IGNORE): Move to the top.
(opendbs): Avoid compiler warning (use braces).
(GET_POLICY_ERROR): Replace define by enum _tofu_GET_POLICY_ERROR.
(get_policy): Remove assert.
(GET_TRUST_ERROR): Replace by _tofu_GET_TRUST_ERROR macro.
(show_statistics): Undef MIN_SECS et al. after use.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-18 20:08:38 +02:00
Neal H. Walfield
128a456e77 g10: Fix assert.
* g10/tofu.c (get_trust): Fix assert.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 19:08:18 +02:00
Neal H. Walfield
f77913e0ff g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask.  Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask.  Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask.  Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask.  If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level.  Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:45:40 +02:00
Werner Koch
4584125802
gpg: Try hard to use MDC also for sign+symenc.
* g10/encrypt.c (use_mdc): Make it a global func.
* g10/sign.c (sign_symencrypt_file): Use that function to decide
whether to use an MDC.
* tests/openpgp/conventional-mdc.test: Add a simple test case.
--

We used --force-mdc in sign+symenc mode (-cs) only with --force-mdc.
That broke our assumption from commit 625e292 (GnuPG 2.1.9) that all
uses of modern ciphers are using MDC.

Reported-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-12 09:31:44 +02:00
Werner Koch
d7b8e76f99
gpg: Add option --print-dane-records.
* g10/options.h (opt): Add field "print_dane_records".
* g10/gpg.c (oPrintDANERecords): new.
(opts): Add --print-dane-records.
(main): Set that option.
* g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
(do_export_stream): Add EXPORT_DANE_FORMAT handling.
* g10/keylist.c (list_keyblock_pka): Implement DANE record printing.

* g10/gpgv.c (export_pubkey_buffer): New stub.
* g10/test-stubs.c (export_pubkey_buffer): New stub.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 15:40:53 +02:00
Werner Koch
a2600e42f9
Fix two unused/possible-uninitialized var warnings.
--
2015-10-08 14:58:26 +02:00
Werner Koch
b6d621583f
gpg: Pass CTRL parameter to all key listing functions.
* g10/keylist.c (public_key_list): Add arg CTRL.
(secret_key_list): Ditto.
(list_all, list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_pka): Ditto.
(list_keyblock): Ditto.
(list_keyblock_direct): Ditto.
* g10/keygen.c (proc_parameter_file): Add arg CTRL.
(read_parameter_file): Ditto.
(quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
(generate_keypair): Pass arg CTRL.
* g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
--

This will help use to implement the --server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 14:55:07 +02:00
Werner Koch
a400958323
gpg: Remove unfinished experimental code to export as S-expressions.
* g10/options.h (EXPORT_SEXP_FORMAT): Remove.
(EXPORT_DANE_FORMAT): New.
* g10/export.c (parse_export_options): Remove "export-sexp-format".
(export_seckeys): Adjust for removed option.
(export_secsubkeys): Ditto.
(do_export): Prepare for DANE format.
(build_sexp, build_sexp_seckey): Remove.
(do_export_stream): Remove use of removed functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-07 16:55:15 +02:00
Werner Koch
9ac31f91b1
gpg: Add new --auto-key-locate mechanism "dane".
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
* g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
* g10/options.h (AKL_DANE): New.
* g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
(parse_auto_key_locate): Ditto.
--

To test this use

  gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 20:31:43 +02:00
Werner Koch
9db6547a00
dirmngr: Do tilde expansion for --hkp-cacert.
* dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
check for cert file existance in option --hkp-cacert.
--

GnuPG-bug-id: 2120
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 13:10:26 +02:00
Werner Koch
625e292108
gpg: Fail decryption for AES etc message w/o MDC.
* g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC.
--

This change turns the missing MDC warning into an error if the message
has been encrypted using a cipher with a non-64 bit block length cipher
and it is not Twofish.

We can assume that such messages are created by code which should have
been able to create MDC packets.  AES was introduced with 1.0.3 on
2000-09-18 shortly after MDC (1.0.2 on 2000-07-12).  We need to
exclude Twofish because that might have been used before MDC.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 09:44:15 +02:00
Werner Koch
f3959f14b6
gpg: Install a dirmngr.conf file.
* g10/dirmngr-conf.skel: New.
* g10/Makefile.am (EXTRA_DIST): Add file.
(install-data-local, uninstall-local): Install that file.
* g10/openfile.c (copy_options_file): Add arg "name", return a value,
simplify with xstrconcat, and factor warning message out to:
(try_make_homedir): here.  Also install dirmngr.conf.
* g10/options.skel: Remove --keyserver entry.
--

The option --keyserver in gpg has been deprecated in favor of
--keyserver in dirmngr.conf.  Thus we need to install a skeleton file
for dirmngr to set a default keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 19:48:47 +02:00
Werner Koch
ae471fa978
gpg: Deprecate the --keyserver option.
* g10/keyserver.c (keyserver_refresh): Change return type to
gpg_error_t.  Use gpg_dirmngr_ks_list to print the name of the
keyserver to use.
(keyserver_search): Do not print the "no keyserver" error
message.  The same error is anyway returned from dirmngr.
* g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
(ks_status_cb): Handle other status keywords.
(gpg_dirmngr_ks_list): New.
* tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
(gc_options_dirmngr): Add "Keyserver" group and "keyserver".
--

Along with the corresponding dirmngr change this option allows to
configure the keyserver only in dirmngr.conf.  Existing
configurations will continue to work.  However, GUIs using gpgconf
now the keyserver option under the dirmngr (aka Key Acquirer) tab
unless they are in export mode in which the keyserver option is also
show for gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 17:52:28 +02:00
Werner Koch
2acceba5cc
gpg: Fix a practical hang after use of --faked-system-time.
* g10/sign.c (update_keysig_packet): Bail out if we would need to long
for a new timestamp.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-01 17:59:22 +02:00
Werner Koch
2c60663a72
gpg: Print more info with "check selfsig".
* g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
packets.
2015-10-01 17:57:39 +02:00
Werner Koch
13a3f65968
gpg: Add debug helper to --edit-keys's check sub-command.
* g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
print an asterisk for the chosen selfsig.
(check_all_keysigs): Add arg "only_selfsig"
(keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
--

Using "check selfsig" prints only the self-signatures and indicates
the chosen selfsig with an asterisk.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-01 16:24:59 +02:00
Neal H. Walfield
8ab63e4b50 g10: Remove unused struct cmp_help_context_s.
* g10/sig-check.c (struct cmp_help_context_s) Remove unused struct.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-29 11:32:40 +02:00
Neal H. Walfield
12443eafa6 g10: Avoid an unnecessary copy.
* g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
Instead, directly use the provided storage.  If none is provided
allocate some.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-29 11:32:39 +02:00
NIIBE Yutaka
cfbe6ba9cf agent: RSA signature verification by gpg-agent.
* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.

--

RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary.  Newer libgcrypt does so.  For older libgcrypt and
smartcards, gpg-agent does signature verification.
2015-09-29 09:49:44 +09:00
Werner Koch
d5a3142b8f
gpg: Report a conflict between honor-keyserver-url and TOR.
* g10/call-dirmngr.c (create_context): Send option and print a verbose
error.
--

It is in general a bad idea to use honor-keyserver-url but if Dirmngr
is running in TOR mode we should not allow this option at all.  We let
Dirmngr know about the use of this option and let Dirmngr tell use
whether TOR mode is active so that we can print a hint to disable that
keyserver option.

A future extension in gpgconf may disable that option directly but a
user may still override that and thus we better check.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 16:21:31 +02:00
Werner Koch
8eb3a1797a
gpg: Fix skip function dummy parameter.
* g10/trustdb.c (search_skipfnc): Fix dummy argument
--

This is required due to the prototype change in
commit 9acbeac236

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 19:02:35 +02:00
Werner Koch
f71ed902de
gpg: Change last commit to avoid extra translations.
* g10/keyedit.c (keyedit_menu): Do not print usage hints in expert
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 18:55:27 +02:00
Neal H. Walfield
172af881a1 g10: Improve error message.
* g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
must be selected, indicate what command to use to do this.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:31 +02:00
Neal H. Walfield
6845737736 g10: Be more careful when merging self-signed data.
* g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
data belonging to the public key when we encounter an attribute packet
or a subkey packet, not just a user id packet.  When looking for
self-signed data belonging to a user id packet, stop when we see a
user attribute packet.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:30 +02:00
Neal H. Walfield
c31e089129 g10: Simplify some complicated boolean expressions.
* g10/getkey.c (finish_lookup): Simplify logic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:29 +02:00
Neal H. Walfield
77c2ad4a81 g10: Also mark revoked and expired keys as unusable.
* g10/getkey.c (skip_unusable): Also mark the key as unusable if it
has been revoked or has expired.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:29 +02:00
Neal H. Walfield
1b601de06a g10: Release resources when returning an error in get_seckey.
* g10/getkey.c (get_seckey): If the key doesn't have a secret key,
release *PK.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:28 +02:00
Neal H. Walfield
cab581c486 g10: Improve documentation and comments for getkey.c.
* g10/getkey.c: Improve documentation and comments for most
functions.  Move documentation for public functions from here...
* g10/keydb.h: ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:28 +02:00
Neal H. Walfield
7333e704ef g10: Remove unused function have_any_secret_key.
* g10/getkey.c (have_any_secret_key): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:27 +02:00
Neal H. Walfield
5e233e12f5 g10: Bring cache semantics closer to non-cache semantics.
* g10/getkey.c (get_pubkey_fast): When reading from the cache, only
consider primary keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:26 +02:00
Neal H. Walfield
3940f10af7 g10: Break out of the loop earlier.
* g10/getkey.c (have_secret_key_with_kid): Once we find the relevent
key or subkey, stop searching.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

Only a single key or subkey will ever be selected per keyblock.
2015-09-16 15:15:26 +02:00
Neal H. Walfield
50affffe93 g10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT
* g10/getkey.c (lookup): Also don't skip legacy keys if the search
mode is KEYDB_SEARCH_MODE_NEXT.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

We currently don't skip keys if the search mode is
KEYDB_SEARCH_MODE_FIRST.  Since we change KEYDB_SEARCH_MODE_FIRST to
KEYDB_SEARCH_MODE_NEXT (to avoid a reset), it only makes sense to have
the same semantics for KEYDB_SEARCH_MODE_NEXT.
2015-09-16 15:15:25 +02:00
Neal H. Walfield
efbaa8f891 g10: Remove unused function get_seckeyblock_byfprint.
* g10/keydb.h (get_seckeyblock_byfprint): Remove prototype.
* g10/getkey.c (get_seckeyblock_byfprint): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:25 +02:00
Neal H. Walfield
e2b300801e g10: Remove unused function get_seckey_byfprint.
* g10/keydb.h (get_seckey_byfprint): Remove prototype.
* g10/getkey.c (get_seckey_byfprint): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:24 +02:00
Neal H. Walfield
80dbf8006f g10: Simplify get_seckey_byname: it was never called with NAME not NULL.
* g10/keydb.h (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this.  Drop the parameter name.  Update
users.
* g10/getkey.c (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this.  Drop the parameter name.  Drop the
code which assumed that NAME is not NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:23 +02:00
Neal H. Walfield
dc69804ab0 g10: Eliminate the redundant function get_keyblock_byfprint.
* g10/keydb.h (get_keyblock_byfprint): Remove prototype.  Replace use
of this function with get_pubkey_byfprint.
* g10/getkey.c (get_pubkey_byname): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:23 +02:00
Neal H. Walfield
911fcca36d g10: Simplify semantics of get_pubkey_byname.
* g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return
the keyblock in R_KEYBLOCK independent of whether PK is set or not.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

Currently, no caller invokes get_pubkey_byname with PK==NULL and
R_KEYBLOCK != NULL.  Thus, this change does not change any behavior.
2015-09-16 15:15:22 +02:00
Neal H. Walfield
b4672e4d48 g10: Eliminate the redundant function get_pubkey_byname.
* g10/getkey.c (get_pubkey_byname): Remove function.
(lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:22 +02:00
Neal H. Walfield
65e58ae674 g10: Eliminate the redundant function get_pubkey_end.
* g10/keydb.h (get_pubkey_end): Remove declaration.  Replace use of
function with getkey_end.
* g10/getkey.c (get_pubkey_byname): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:21 +02:00
Neal H. Walfield
be6743b2e1 g10: Eliminate the redundant function get_pubkey_next.
* g10/keydb.h (get_pubkey_next): Remove prototype.
* g10/getkey.c (get_pubkey_next): Remove function.
* g10/keylist.c (locate_one): Use getkey_next instead of
get_pubkey_next.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:20 +02:00
Neal H. Walfield
9acbeac236 kbx: Change skipfnc's prototype so that we can provide all information.
* kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change
third parameter to be the index of the user id packet in the keyblock
rather than the packet itself.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

The keybox code doesn't work directly with keyblocks.  As such, the
matched user packet is not readily available to pass to
DESC[n].SKIPFNC.  But, we do know the index of the user id packet that
matched.  Thus, pass that instead.  If the skip function needs the
user id packet, it can use the key id to look up the key block and
find the appropriate packet.
2015-09-16 15:15:20 +02:00
Neal H. Walfield
83e17ab1b4 g10: Remove unused prototype (get_pubkey_byfpr).
* g10/keydb.h (get_pubkey_byfpr): Remove unused prototype.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:19 +02:00
Neal H. Walfield
b06f96ba4f g10: Remove unused function (get_pubkey_bynames).
* g10/keydb.h (get_pubkey_bynames): Remove prototype.
* g10/getkey.c (get_pubkey_bynames): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:19 +02:00
Neal H. Walfield
d47e84946e g10: Simplify code. Turn struct getkey_ctx_s.found_key into an argument
* g10/getkey.c (struct getkey_ctx_s): Remove field found_key.
(lookup): Add argument ret_found_key.  If not NULL, set it to the
found key.  Update callers.
(pk_from_block): Add argument found_key.  Use it instead of
CTX->FOUND_KEY.  Update callers.
(finish_lookup): Return a KBNODE (the found key) instead of an int.
Don't set CTX->FOUND_KEY.  Return the found key instead.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:18 +02:00
Neal H. Walfield
c110e186e0 g10: Remove unused field struct getkey_ctx_s.kbpos.
* g10/getkey.c (struct getkey_ctx_s): Remove field kbpos.
(getkey_end): Don't clear CTX->KBPOS.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:17 +02:00
Neal H. Walfield
3798f73c07 g10: Simplify code: remove field struct getkey_ctx_s.keyblock.
* g10/getkey.c (struct getkey_ctx_s): Remove field keyblock.
(finish_lookup): Add parameter keyblock.  Update caller to pass this.
(lookup): Add new local variable keyblock.  Use this instead of
ctx->keyblock for referencing the keyblock.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:17 +02:00
Werner Koch
e92a8ab021
g10: Fix make distcheck problem.
* g10/test.c: Include string.h.
(prepend_srcdir): New.  Taken from Libgcrypt.
(test_free): New.
* g10/t-keydb.c (do_test): Malloc the filename.
* g10/Makefile.am (AM_CPPFLAGS): Remove -DSOURCE_DIR
(EXTRA_DIST): Add t-keydb-keyring.kbx.
--

Using SOURCE_DIR should in general work but we have seen problems when
doing this in Libgcrypt.  Using the srcdir variable gives us anyway
more flexibility and aligns with the way we do it in tests/openpgp.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-10 18:12:20 +02:00
Werner Koch
fbf24cd09a
g10: Improve portability of the new test driver.
* g10/test.c: Include stdio.h and stdlib.h.
(verbose): New.
(print_results): Rename to exit_tests.
(main): Remove atexit and call exit_tests.  Set verbose.
(ASSERT, ABORT): Call exit_tests instead of exit.
--

Calling exit from an exit handler is undefined behaviour.  It works on
Linux but other systems will hit an endless loop.  That is indeed
unfortunate but we can't do anything about it.  Calling _exit() would
be possible but that may lead to other problems.  Thus we change to
call a custom exit function :-(.

Using "make check verbose=1" is supported by tests/openpgp and thus
we add the same mechanism here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-10 17:43:37 +02:00
Werner Koch
56bf1061f8
doc: Minor comment fixes.
--
2015-09-09 15:14:35 +02:00
Neal H. Walfield
bd0c902f1d g10: Remove unused field req_algo.
* g10/packet.h (PKT_public_key): Remove unused field req_algo.  Remove
users.
* g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo.
Remove users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 15:08:58 +02:00
Neal H. Walfield
1f03d4cd94 g10: Use a symbolic constant instead of a literal.
* g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define.
(new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal.
(release_key_hash_table): Likewise.
(test_key_hash_table): Likewise.
(add_key_hash_table): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 15:08:57 +02:00
Neal H. Walfield
ee7ec1256b g10: Add test for keydb as well as new testing infrastructure.
* g10/Makefile.am (EXTRA_DIST): Add test.c.
(AM_CPPFLAGS): Add -DSOURCE_DIR="\"$(srcdir)\"".
(module_tests): Add t-keydb.
(t_keydb_SOURCES): New variable.
(t_keydb_LDADD): Likewise.
* g10/t-keydb.c: New file.
* g10/t-keydb-keyring.kbx: New file.
* g10/test-stubs.c: New file.
* g10/test.c: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 15:08:57 +02:00
Neal H. Walfield
60bc518645 g10: Make the keyblock cache per-handle rather than global.
* g10/keydb.c (keyblock_cache): Don't declare this variable.  Instead...
(struct keyblock_cache): ... turn its type into this first class
object...
(struct keydb_handle): ... and instantiate it once per database
handle.  Update all users.
(keydb_rebuild_caches): Don't invalidate the keyblock cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 10:52:01 +02:00
Neal H. Walfield
f076fa190e g10: If iobuf_seek fails when reading from the cache, do a hard read.
* g10/keydb.c (keydb_get_keyblock): If the iobuf_seek fails when
reading from the cache, then simply clear the cache and try reading
from the database.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 10:38:42 +02:00
Werner Koch
f9c83d84e7
gpg: Remove option --no-sig-create-check.
* g10/gpg.c (opts): Remove --no-sig-create-check.
* g10/options.h (struct opt): Remove field no_sig_create_check.
* g10/sign.c (do_sign): Always check unless it is RSA and we are using
Libgcrypt 1.7.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-01 07:37:12 +02:00
Neal H. Walfield
04a6b903d0 g10: Don't leak memory if we fail to initialize a new database handle.
* g10/keydb.c (keydb_new): If we fail to open a keyring or keybox
correctly release all resources.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:57 +02:00
Neal H. Walfield
360b699e9b g10: Improve interface documentation of the keydb API.
* g10/keydb.c: Improve code comments and documentation of internal
interfaces.  Improve documentation of public APIs and move that to...
* g10/keydb.h: ... this file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:56 +02:00
Neal H. Walfield
efd1ead9e7 g10: Don't cache search results if the search didn't scan the whole DB.
* g10/keydb.c (struct keydb_handle): Add new field is_reset.
(keydb_new): Initialize hd->is_reset to 1.
(keydb_locate_writable): Set hd->is_reset to 1.
(keydb_search): Set hd->is_reset to 0.  Don't cache a key not found if
the search started from the beginning of the database.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:55 +02:00
Neal H. Walfield
11d8ffc939 g10: Have keydb_search_first call keydb_search_reset before searching.
* g10/keydb.c (keydb_search_first): Reset the handle before starting
the search.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

This bug hasn't shown up yet in practice, because keydb_search_first
is always called immediately after a keydb_new.  This changes cleans
up the semantics and will hopefully prevent future bugs.
2015-08-31 11:30:55 +02:00
Neal H. Walfield
0377db4b35 g10: Remove unused parameter.
* g10/keydb.h (keydb_locate_writable): Remove unused parameter
reserved.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:54 +02:00
Neal H. Walfield
fad91071ca g10: Simplify cache. Only include data that is actually used.
* g10/keydb.c (struct kid_list_s): Rename from this...
(struct kid_not_found_cache_bucket): ... to this.  Update users.
Remove field state.
(kid_list_t): Remove type.
(KID_NOT_FOUND_CACHE_BUCKETS): Define.  Use this instead of a literal.
(kid_found_table): Rename from this...
(kid_not_found_cache_bucket): ... to this.  Update users.
(kid_found_table_count): Rename from this...
(kid_not_found_cache_count): ... to this.  Update users.
(kid_not_found_p): Only return whether a key with the specified key id
is definitely not in the database.
(kid_not_found_insert): Remove parameter found.  Update callers.
(keydb_search): Only insert a key id in the not found cache if it is
not found.  Rename local variable once_found to already_in_cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

Commit e0873a33 started tracking whether key ids where definitely in
the database.  This information is, however, never used and thus just
unnecessarily inflates the cache.  This patch effectively reverts that
change (however, e0873a33 contains two separate changes and this only
reverts that change).
2015-08-26 12:25:53 +02:00
Werner Koch
51b9b8fba4
gpg: Emit ERROR status for key signing failures.
* g10/keyedit.c (sign_uids): Write an ERROR status for a signing
failure.
(menu_adduid, menu_addrevoker, menu_revsig): Ditto.
(menu_revuid, menu_revkey, menu_revsubkey): Ditto.
--

This change helps GPA to show better error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 15:26:50 +02:00
Werner Koch
9cdff09743
gpg: Print a new FAILURE status after most commands.
* common/status.h (STATUS_FAILURE): New.
* g10/cpr.c (write_status_failure): New.
* g10/gpg.c (main): Call write_status_failure for all commands which
print an error message here.
* g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
set the pinentry mode.
--

This status line can be used similar to the error code returned by
commands send over the Assuan interface in gpgsm.  We don't emit them
in gpgsm because there we already have that Assuan interface to return
proper error code.  This change helps GPGME to return better error
codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 15:26:33 +02:00
Werner Koch
88317ae8c8
gpg: Fix regression in packet parser from Aug 19.
* g10/parse-packet.c (parse): Use an int to compare to -1.  Use
buf32_to_ulong.
--

Regression-due-to: 0add91ae1c
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-23 12:17:43 +02:00
Werner Koch
00def10d36
gpg: Show not found keys with --locate-key --verbose.
* g10/keylist.c (locate_one): Print a diagnostic for a not-found key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-23 11:56:17 +02:00
Neal H. Walfield
09f2a7bca6 common: Don't incorrectly reject 4 GB - 1 sized packets.
* g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
Add the constraint that the type must be 63.
* kbx/keybox-openpgp.c (next_packet): Likewise.
* tests/openpgp/4gb-packet.asc: New file.
* tests/openpgp/4gb-packet.test: New file.
* tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
(TEST_FILES): Add 4gb-packet.asc.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:13 +02:00
Neal H. Walfield
4f37820334 common: Don't assume on-disk layout matches in-memory layout.
* g10/packet.h (PKT_signature): Change revkey's type from a struct
revocation_key ** to a struct revocation_key *.  Update users.

--
revkey was a pointer into the raw data.  But, C doesn't guarantee that
there is no padding.  Thus, we copy the data.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:08 +02:00
Neal H. Walfield
b3226cadf9 common: Don't incorrectly copy packets with partial lengths.
* g10/parse-packet.c (parse): We don't handle copying packets with a
partial body length to an output stream.  If this occurs, log an error
and abort.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:04 +02:00
Neal H. Walfield
0143d5c1ca common: Check parameters more rigorously.
* g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not
NULL.
(copy_all_packets): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:00 +02:00
Neal H. Walfield
48e792cc95 common: Don't continuing processing on error.
* g10/parse-packet.c (dbg_parse_packet): Also return if parse returns
an error.
(parse_packet): Likewise.
(dbg_search_packet): Likewise.
(search_packet): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:20:54 +02:00
Neal H. Walfield
73af66a0aa common: Better respect the packet's length when reading it.
* g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't
underflow.  Be more careful that a read doesn't read more data than
PKTLEN says is available.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:20:43 +02:00
Neal H. Walfield
0add91ae1c g10/parse-packet.c:parse: Try harder to not ignore an EOF.
* g10/parse-packet.c (parse): Be more robust: make sure to process any
EOF.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:31 +02:00
Neal H. Walfield
24a72dffa7 g10/parse-packet.c: Replace literal with symbolic expression.
* g10/parse-packet.c (dump_hex_line): Use sizeof rather than the
buffer's size.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:30 +02:00
Neal H. Walfield
026feff4a8 Add documentation for g10/parse-packet.c.
* g10/packet.h: Add documentation for functions defined in
parse-packet.c.
* g10/parse-packet.c: Improve comments for many functions.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:29 +02:00
Neal H. Walfield
c46e8bfe9a g10/packet.h: Remove unused argument from enum_sig_subpkt.
* g10/packet.h (enum_sig_subpkt): Remove argument RET_N.  Update
callers.
* g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N.

--
Remove the RET_N argument, because it is unused and because it is
meaningless: it's not clear whether it is an offset into SIG->HASHED
or SIG->UNHASHED.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:29 +02:00
Neal H. Walfield
c271feb536 g10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions.
* g10/parse-packet.c (mpi_read): Improve documentation.  Correctly
handle an EOF.  On overflow, correctly return the number of bytes read
from the pipeline.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:28 +02:00
Neal H. Walfield
8402815d8e common/iobuf.h: Remove iobuf_open_fd_or_name.
* common/iobuf.h (iobuf_open_fd_or_name): Remove prototype.  Replace
use with either iobuf_open or iobuf_fdopen_nc, as appropriate.
* common/iobuf.c (iobuf_open): Remove function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:22 +02:00
Werner Koch
91357b7722
gpg: Avoid linking to Libksba
* kbx/keybox.h (KEYBOX_WITH_X509): Do not define.
* sm/Makefile.am (AM_CPPFLAGS): Define it here.
(common_libs): Change to libkeybox509.a
* g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS.
(gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS
* kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a.
(libkeybox509_a_SOURCES): New.
(libkeybox_a_CFLAGS): New.
(libkeybox509_a_CFLAGS): New.
(kbxutil_CFLAGS): New.
* kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args
as unused.
--

There is no real need to link to Libksba in gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-17 16:17:19 +02:00
Ben Kibbey
93f5295df5 Fix sending INQUIRE_MAXLEN for symmetric data.
* g10/passphrase.c (passphrase_to_dek_ext): Write the status message.
2015-08-16 12:54:04 -04:00
Ben Kibbey
f126ca6156 Inform a user about inquire length limit.
* common/status.h (INQUIRE_MAXLEN): New.
* g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN.
client when inquiring a passphrase over pinentry-loopback.

--
This is to inform a user about the maximum length of a passphrase. The
limit is the same that gpg-agent uses.
2015-08-15 17:14:13 -04:00
Ben Kibbey
233b5fedab Allow --gen-key to inquire a passphrase.
* g10/gpg.c (main): test for --command-fd during --gen-key parse.

When --command-fd is set then imply --batch to let gpg inquire a
passphrase rather than requiring a pinentry.
2015-08-15 17:14:13 -04:00
Werner Koch
5b7a80b1ab
gpg: Allow gpgv to work with a trustedkeys.kbx file.
* g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New.
* g10/keydb.c (keydb_add_resource): Take care of new flag.
* g10/gpgv.c (main): Use new flag.
--

GnuPG-bug-id: 2025
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-07 15:53:56 +02:00
Werner Koch
fb754dc617
gpg: Remove duplicated printing of the curve name in "sub" lines.
* g10/keylist.c (list_keyblock_print): Do not print extra curve name.
--

This was cruft from the time before we changed to the new algo/size
string.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-06 18:12:31 +02:00
Werner Koch
fbb6c25ab5
gpg: Add commands "fpr *" and "grip" to --edit-key.
* g10/keyedit.c (cmdGRIP): New.
(cmds): Add command "grip".
(keyedit_menu) <cmdFPR>: Print subkeys with argument "*".
(keyedit_menu) <cmdGRIP>: Print keygrip.
(show_key_and_fingerprint): Add arg "with_subkeys".
(show_key_and_grip): New.
* g10/keylist.c (print_fingerprint): Add mode 4.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-06 18:00:12 +02:00
Werner Koch
969542c8c2
gpg: Adjust UID line indentation for common key algos.
* g10/keylist.c (list_keyblock_print): Change UID line indentation
* g10/mainproc.c (list_node): Ditto.
--

Due to the new keyalgo/size format the UID was not anymore printed
properly aligned to the creation date.  Although we can't do that in
any case, this change does it for common algos like "rsa2048",
"dsa2048", and "ed25519".

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-06 17:09:27 +02:00
NIIBE Yutaka
e5891a82c3 Curve25519 support.
* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.
2015-08-06 17:00:41 +09:00
NIIBE Yutaka
a6e4053089 common: extend API of openpgp_oid_to_curve for canonical name.
* common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
* common/util.h: Update.
* g10/import.c (transfer_secret_keys): Follow the change.
* g10/keyid.c (pubkey_string): Likewise.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
* parse-packet.c (parse_key): Likewise.
* scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.

--

Change the function so that caller can select canonical name of curve
or name for printing.  Suggested by wk.
2015-08-06 16:51:14 +09:00
Werner Koch
4a326d7c9a
gpg: Fix duplicate key import due to legacy key in keyring.
* g10/keydb.c (keydb_search_fpr): Skip legacy keys.
--

A test case for this problem can be found at
GnuPG-bug-id: 2031

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-04 17:32:08 +02:00
Werner Koch
f05a63b104
gpg: Properly handle legacy keys while looking for a secret key.
* g10/getkey.c (have_secret_key_with_kid): Skip legacy keys.
--

This fixes
GnuPG-bug-id: 2031

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-04 12:28:17 +02:00
Werner Koch
328a6b6459
gpg: Fix endless loop for expired keys given by fpr.
* g10/getkey.c (lookup): Disable keydb caching when continuing a
search.
--

Caches are Fierce Creatures.

Reported-by: Patrick Brunschwig
2015-07-31 12:02:08 +02:00
Werner Koch
23d8609f4b
gpg: Do not return "Legacy Key" from lookup if a key is expired.
* g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY.
--

If an expired key is directly followed by a legacy key in the keyring,
the lookup function incorrectly returned "legacy key" instead of
"unusable key".  We fix it by handling not found identical to a legacy
key if the last finish lookup failed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-07-29 16:11:17 +02:00
Werner Koch
8b2b988309
gpg: Indicate secret keys and cards in a key-edit listing.
* g10/keyedit.c (sign_uids): Add arg "ctrl".
(show_key_with_all_names_colon): Ditto.
(show_key_with_all_names): Ditto.

* g10/keyedit.c (show_key_with_all_names): Print key record
indicators by checking with gpg-agent.
(show_key_with_all_names): Ditto.  May now also print sec/sbb.
--

This also fixes a problem in the --with-colons mode.  Before this
patch the --with-colons output of --edit-key always showed pub/sub
regardless of the old toogle state.  Now it also prints sec/sbb.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-07-29 09:48:20 +02:00
Werner Koch
7ef09afd1a
gpg: Remove the edit-key toggle command.
* g10/keyedit.c (cmds): Remove helptext from "toggle".
(keyedit_menu): Remove "toggle" var and remove the sub/pub check
against toggle.
--

Because it is now easily possible to have only secret keys for some of
the main/subkeys the current check on whether any secret is available
is not really useful.  A finer grained check should eventually be
implemented.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-07-28 17:43:29 +02:00
Werner Koch
d382242fb6
Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--

Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places.  For now we need repalcement
macros, though.
2015-07-26 12:50:24 +02:00
NIIBE Yutaka
ef080d5c7f scd: support any curves defined by libgcrypt.
* g10/call-agent.h (struct agent_card_info_s): Add curve field.
* g10/call-agent.c (learn_status_cb): Use curve name.
* g10/card-util.c (card_status): Show pubkey name.
* scd/app-openpgp.c (struct app_local_s): Record OID and flags.
(store_fpr): Use ALGO instead of key type.
(send_key_attr): Use curve name instead of OID.
(get_public_key): Clean up by OID to curve name.
(ecc_writekey): Support any curves in libgcrypt.
(do_genkey, do_auth, ): Follow the change.
(ecc_oid): New.
(parse_algorithm_attribute): Show OID here.
2015-07-25 12:09:23 +09:00
NIIBE Yutaka
dbf4534f49 scd: Format change to specify "rsa2048" for KEY-ATTR.
* g10/card-util.c (do_change_keysize): Put "rsa".
* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Change the command format.
(rsa_writekey): Check key type.
(do_writekey): Remove "ecdh" and "ecdsa" support which was available
in experimental libgcrypt before 1.6.0.
2015-07-23 14:10:03 +09:00
Neal H. Walfield
f2ee673c99 Don't segfault if the first 'auto-key-locate' option is 'clear'.
* g10/getkey.c (free_akl): If AKL is NULL, just return.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Reported-by: Sami Farin.
GnuPG-bug-id: 2045
2015-07-16 09:57:41 +02:00
NIIBE Yutaka
5b46726931 g10: Use canonical name for curve.
* g10/import.c (transfer_secret_keys): Use canonical name.
* common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error.
* g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/parse-packet.c (parse_key): Ditto.
2015-07-08 15:05:06 +09:00
Werner Koch
d8bc89ab88
Remove obsolete file g10/comment.c.
--
2015-06-30 11:56:01 +02:00
Werner Koch
740c4af703
doc: Updated HACKING.
--

Added used commit keywords.
Add some comments to the list of files.
2015-06-30 11:55:17 +02:00
Werner Koch
010e4281c3
gpg: Make show-sig-subpackets work again.
* g10/gpg.c (parse_list_options): Fix offset for subpackets.
--

Regression-due-to: 7d0492075e
GnuPG-bug-id: 2008
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-30 11:01:16 +02:00
Werner Koch
b607657931
agent: Prepare for Libassuan with Cygwin support.
* agent/gpg-agent.c (create_server_socket): Add arg "cygwin".  Call
assuan_sock_set_flag if Assuan version is recent enough.
(main): Create ssh server socket with Cygwin flag set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-29 21:28:59 +02:00
Neal H. Walfield
68c217f457 Improve the description of old packets with an indeterminate length.
* g10/parse-packet.c (parse): Make the description more accurate when
listing packets: old format packets don't support partial lengths,
only indeterminate lengths (RFC 4880, Section 4.2).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-06-29 15:53:45 +02:00
Werner Koch
4698e5b203
gpg: Allow debug flag names for --debug.
* g10/gpg.c (opts): Change arg for oDebug to a string.
(debug_flags): New; factored out from set_debug.
(set_debug): Remove "--debug-level help".  Use parse_debug_flag to
print the used flags.
(main): Use parse_debug_flag for oDebug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 21:01:10 +02:00
Werner Koch
e0873a3372
gpg: Fix regression due to recent commit 6500f33
* g10/keydb.c (kid_list_s): Keep a state in the table.
(kid_not_found_table): Rename to kid_found_table.
(n_kid_not_found_table): Rename to kid_found_table_count.
(kid_not_found_p): Return found state.
(kid_not_found_insert): Add arg found.
(keydb_search): Store found state in the table.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 15:16:58 +02:00
Werner Koch
0948c4f217
gpg: Print number of good signatures with --check-sigs.
* g10/keylist.c (keylist_context): Add field good_sigs.
(list_keyblock_print): Updated good_sigs.
(print_signature_stats): Print number of good signatures and use
log_info instead of tty_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-20 15:05:32 +02:00
Werner Koch
6500f338a3
gpg: Improve speed of --check-sigs and --lish-sigs.
* g10/keydb.c (kid_list_t): New.
(kid_not_found_table, n_kid_not_found_table): New.
(kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New.
(keydb_insert_keyblock): Flush the new cache.
(keydb_delete_keyblock): Ditto.
(keydb_update_keyblock): Ditto.
(keydb_search): Use the new cache.
(keydb_dump_stats): New.
* g10/gpg.c (g10_exit): Dump keydb stats.
--

What we do here is to keep track of key searches by long keyids (as
stored in all signatures) so that we do not need to scan the keybox
again after we already found that this keyid will result in
not-found.  As soon as we change gpg to run as a co-process we should
store this table per session because other instances of gpg may have
updated the keybox without us knowing.

On a test ring with

  gpg: 94721 good signatures
  gpg: 6831 bad signatures
  gpg: 150703 signatures not checked due to missing keys
  gpg: 5 signatures not checked due to errors
  gpg: keydb: kid_not_found_table: total: 14132

this new cache speeds a --check-sigs listing up from 28 minutes to
less than 3 minutes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-20 15:03:32 +02:00
Werner Koch
53e9b86085
gpg: Add more log_clock calls to keydb.c
* g10/keydb.c (keydb_get_keyblock): Add log_clock calls.
2015-06-19 16:59:46 +02:00
Werner Koch
663a31f1ea
gpg: Print available debug flags using "--debug-level help".
* g10/gpg.c (set_debug): Add "help" option and use a table for the
flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-19 14:56:46 +02:00
Werner Koch
c5604eeee4
gpg: Fix export problem in case an old keyring has PGP-2 keys.
* g10/export.c (do_export_stream): Skip legacy keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-19 12:39:29 +02:00
Werner Koch
010d26a85b
agent: Print a warning for obsolete options.
* g10/misc.c (obsolete_scdaemon_option): Move to
* common/miscellaneous.c (obsolete_option): ... here.
* agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete
options.
--

GnuPG-bug-id: 2016
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-17 12:59:29 +02:00
Neal H. Walfield
eac081ba12 Don't prompt for the password multiple times in pinentry loopback mode.
* g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK,
clear OPT.PASSPHRASE_REPEAT.
2015-06-16 16:00:39 +02:00
Werner Koch
a4a15195c2
gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c
* g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND.
* g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND.
* g10/trustdb.c (read_trust_record): Ditto.
(tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust, update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts, update_validity): Ditto.
(tdb_cache_disabled_value): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-04 18:08:26 +02:00
Werner Koch
f170240ef7
gpg: Cleanup error code path in case of a bad trustdb.
* g10/tdbio.c (tdbio_read_record): Fix returning of the error.
--

Actually the returned error will anyway be GPG_ERR_TRUSTDB but the old
code was not correct.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-04 17:39:55 +02:00
Werner Koch
bf06d04f53
gpg: Fix output in case of a corrupted trustdb.
* g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass
es_stdout.
* g10/tdbio.c (upd_hashtable): On a corrupted trustdb call
list_trustdb only in verbose > 1 mode and let it dump to stderr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-04 17:34:55 +02:00
Werner Koch
840f807a90
gpg: Re-indent and improve documentation of g10/tdbio.c
--
2015-06-04 17:26:44 +02:00
NIIBE Yutaka
fe5c6edaed g10: Fix a race condition initially creating trustdb.
* g10/tdbio.c (take_write_lock, release_write_lock): New.
(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
new lock functions.
(tdbio_set_dbname): Fix the race.
(open_db): Don't call dotlock_create.

--

GnuPG-bug-id: 1675
2015-05-28 17:18:35 +09:00
NIIBE Yutaka
6cb18a8f97 g10: Remove g10/signal.c.
* g10/signal.c: Remove.
* g10/main.h: Remove old function API.
* g10/tdbio.c: Use new API, even in the dead code.

--

We use common/signal.c now.  The file g10/signal.c has been useless
since 2003-06-27.  Now, the removal.
2015-05-27 10:22:32 +09:00
NIIBE Yutaka
c771963140 g10: detects public key encryption packet error properly.
g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
encryption.
2015-05-19 10:32:07 +09:00
Werner Koch
43ea8f5d88
build: Make --disable-gpgsm work.
* Makefile.am: Always build kbx/
* g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS.
--

Note that "make check" still prints a warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-15 13:20:52 +02:00
Werner Koch
b03a264729
gpg: Avoid cluttering stdout with trustdb info in verbose mode.
* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
mode.
--

I guess that is a left-over from an early attempt to output
information on the trustdb for use by other tools.  Maybe related to
the former --list-trust-path command.  Sending it to stdout is
probably useful so we do this now only in debug mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:30:04 +02:00
Werner Koch
7039f87375
gpg: Fix wrong output in list mode.
* g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to
LISTFP.
--

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

This was an oversight from the conversion to estream or a separate
listing stream.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:20:26 +02:00
Werner Koch
64e809b791
gpg: New command --quick-adduid.
* g10/keygen.c (ask_user_id): Factor some code out to ...
(uid_already_in_keyblock): new.
(generate_user_id): Add arg UIDSTR.  Fix leaked P.
* g10/keyedit.c (menu_adduid): Add new arg uidstring.  Adjust caller.
(keyedit_quick_adduid): New.
* g10/gpg.c (aQuickAddUid): New.
(opts):  Add command --quick-adduid.
(main): Implement that.
--

GnuPG-bug-id: 1956
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
Werner Koch
3c439c0447
gpg: Add push/pop found state feature to keydb.
* g10/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init new field.
(keydb_push_found_state, keydb_pop_found_state): New.
* g10/keyring.c (kyring_handle): Add field saved_found.
(keyring_push_found_state, keyring_pop_found_state): New.
--

We have the same feature in gpgsm.  It is very useful to check for an
unambiguous user id with a follow up update of the keyblock.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 15:51:11 +02:00
Werner Koch
b772e459fa
gpg: Minor code merging in keyedit.
* g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order.
(fix_keyblock): New.  Call fix_key_signature_order and other fix
functions.
(keyedit_menu): Factor code out to new fix_keyblock.
(keyedit_quick_sign): Ditto.  Check for primary fpr before calling
fix_keyblock.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 12:18:36 +02:00
Werner Koch
874ef16e70
gpg: Improve 'General key info' line of --card-status.
* g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".

* g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK.
* g10/keyid.c (keyid_from_fingerprint): Adjust for change.
* g10/revoke.c (gen_desig_revoke): Adjust for change.
* g10/card-util.c (card_status): Simplify by using new arg.  Align
card-no string.

* g10/card-util.c (card_status): Remove not used GnuPG-1 code.
--

This now prints "sub" if the first used card key is actually a subkey.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-07 12:12:41 +02:00
Werner Koch
173b26c8f8
gpg: Fix regression not displaying the card serial number
* g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO.
--

This regression is due to
commit 585d5c62ee
from February 2013!

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-07 11:54:34 +02:00
NIIBE Yutaka
f77fd572db g10: fix cmp_public_key.
* g10/free-packet.c (cmp_public_keys): Compare opaque
data at the first entry of the array when it's unknown algo.

--

(forwardported from 2.0 commit 43429c7869)

GnuPG-bug-id: 1962
2015-05-01 13:58:18 +09:00
Werner Koch
26d7e0d7ac
common: Rename log and gcc attribute macros (jnlib merge).
* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--

JNLIB has no more meaning.  Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-24 16:10:47 +02:00
Werner Koch
575230d91b
common: Remove two JNLIB_ macros (jnlib merge).
* configure.ac: Merge seperate jnlib checks.
(HAVE_JNLIB_LOGGING): Remove.
* common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL):
Rename to GNUPG_COMMON_NEED_AFLOCAL.  Change all tests.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-24 16:10:15 +02:00
Werner Koch
154f3ed2bf
gpg: Move all DNS access to Dirmngr.
* common/dns-cert.h: Move to ../dirmngr/.
* common/dns-cert.c: Move to ../dirmngr/.  Change args to return the
key as a buffer.
* common/t-dns-cert.c: Move to ../dirmngr/.
* common/pka.c, common/pka.h, common/t-pka.c: Remove.

* dirmngr/server.c (data_line_cookie_write): Factor code out to
data_line_write and make it a wrapper for that.
(data_line_write): New.
(cmd_dns_cert): New.
(register_commands): Register new command.

* g10/Makefile.am (LDADD): Remove DNSLIBS.
* g10/call-dirmngr.c (dns_cert_parm_s): New.
(dns_cert_data_cb, dns_cert_status_cb): New.
(gpg_dirmngr_dns_cert): New.
(gpg_dirmngr_get_pka): New.
* g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
* g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
gpg_dirmngr_dns_cert.
(keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
* g10/mainproc.c: Include call-dirmngr.h.
(pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
gpg_dirmngr_get_pka.
--

With this patch gpg does not do any network access itself but uses
dirmngr for that.  Note that we need to keep linking to NETLIBS due to
the logging code and because we need TCP for our socket emulation
under Windows.  Probably also required for Solaris etc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-23 15:52:39 +02:00
Werner Koch
c4d98734c5
gpg: Make keyserver-option http_proxy work.
* g10/options.h (opt): Add field keyserver_options.http_proxy.
* g10/keyserver.c (warn_kshelper_option): Add arg noisy.
(parse_keyserver_options): Parse into new http_proxy field.
* g10/call-dirmngr.c (create_context): Send the http-proxy option.
2015-04-21 19:29:53 +02:00
Werner Koch
727fe4f8d7
gpg: Do not use honor-keyserver-url sub-option by default. 2015-04-21 15:46:13 +02:00
Werner Koch
ae0d65f864
gpg: Make preferred keyservers work.
* g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done.
(create_context): Move keyserver setting to ...
(open_context): here.
(clear_context_flags): New.
(gpg_dirmngr_ks_get): Add arg override_keyserver.
* g10/keyserver.c (keyserver_refresh): Improve diagnostics.
(keyserver_get_chunk): Ditto.  Pass OVERRIDE_KEYSERVER to ks_get.
--

It used to ignore the given server but showed a diagnostics that it
will be used.
2015-04-21 15:36:30 +02:00
Werner Koch
da1990bac7
gpg: Update sub-options of --keyserver-options
* g10/options.h (KEYSERVER_HTTP_PROXY): New.
(KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove.
(KEYSERVER_TIMEOUT): New.
* common/keyserver.h (KEYSERVER_TIMEOUT): Remove.
* g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files"
and "keep-temp-files". Add "http-proxy" and "timeout".
(parse_keyserver_options): Remove 1.2 compatibility option
"honor-http_proxy".  Remove "use-temp-files" and "keep-temp-files"
code.
--

Note that many of these options where implicitly used by passing any
unknown option down to the former keyserver helpers.  The don't exist
anymore thus we need to make them explicit.  Another patch will convey
them to dirmngr.  Temp files are not anymore used thus they can be
removed and will be ignored when used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 10:15:04 +02:00
Werner Koch
25fce93ba1
gpg: Fix NULL-segv due to invalid imported data.
* g10/free-packet.c (my_mpi_copy): New.
(copy_public_key, copy_signature): Use instead of mpi_copy.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-13 17:19:46 +02:00
Werner Koch
67158ff155
Remove obsolete directories from AM_CPPFLAGS. 2015-04-10 13:11:59 +02:00
Werner Koch
c2383407bb
gpg: Print the user id in --fast-list-mode.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Change.
2015-04-06 20:23:05 +02:00
Werner Koch
67a58118ab
gpg: Prepare to pass additional context to the list functions.
* g10/keylist.c (struct sig_stats): Rename to keylist_context and add
field check_sigs.
(keylist_context_release): New.
(list_all): Set listctx.check_sigs and call release func.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_print): Use .check_sigs field.  Repalce arg opaque by
listctx.
(list_keyblock): Ditto.  Make static.
(list_keyblock_direct): New.
* g10/keygen.c (do_generate_keypair): Replace list_keyblock by
list_keyblock_direct.
--

This is in preparation for the server mode and for a patch to speed up
--list-sigs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 19:46:25 +02:00
Werner Koch
f577d5c1a7
gpg: Merge duplicated code for get_user_id et al.
* g10/getkey.c (get_user_id_string): Add args mode and r_LEN.
(get_user_id_string_native): Add new args.
(get_long_user_id_string, get_user_id): Rewrite using
get_user_id_string.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 19:09:50 +02:00
Werner Koch
c581ed717a
gpg: Add new option --debug-iolbf.
* g10/gpg.c (oDebugIOLBF): new.
(opts): Add --debug-iolbf.
(main): Set option.
--

This option is convenient for debugging to make sure that debug output
to stderr is synced with output to stdout.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 14:07:50 +02:00
Werner Koch
24a75201da
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG.
* g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
Werner Koch
2f099eb62a
Fix use of DBG_CACHE and DBG_LOOKUP
* dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
* g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
* g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
2015-04-06 13:27:26 +02:00
Werner Koch
4de8a58e44
gpg: Rename a debug macro.
* g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE.
(DBG_CIPHER): Rename to DBG_CRYPTO.
2015-04-06 13:07:09 +02:00
Werner Koch
d901efceba
gpg: Fix DoS while parsing mangled secret key packets.
* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
et al.
--

Due to the missing length checks PKTLEN may turn negative.  Because
PKTLEN is an unsigned int the malloc in read_rest would try to malloc
a too large number and terminate the process with "error reading rest
of packet: Cannot allocate memory".

Reported-by: Hanno Böck.
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-05 12:49:26 +02:00
NIIBE Yutaka
f82c4a6d0d g10: Fix keytocard.
g10/call-agent.h (agent_scd_learn): Add FORCE option.
g10/call-agent.c (agent_scd_learn): Implement FORCE option.
g10/keygen.c (gen_card_key): Follow the change of option.
g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
g10/keyedit.c (keyedit_menu): Update private key storage by
agent_scd_learn.
--

This is not a perfect solution since there is a possibility user
unplug card before quitting 'gpg --keyedit' session.  Usually,
it works well.

GnuPG-bug-id: 1846
2015-04-03 17:39:59 +09:00
Neal H. Walfield
f26ba14028 gpg: Only use the last specified keyserver.
* g10/gpg.c (main): Only use the last specified keyserver.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-28 16:55:37 +01:00
Werner Koch
bdd22e3a08
gpg,w32: Handle forward slash in --keyring option.
* g10/keydb.c (keydb_add_resource): Allow forward slash under Windows.
--

GnuPG-bug-id: 1546
2015-03-24 13:30:57 +01:00
Neal H. Walfield
51341badb6 Add support to talking to LDAP key servers.
* g10/call-dirmngr.c (record_output): New function.
(ks_put_inq_cb): Use it here to generate a --with-colons like output
instead of a custom format.
* dirmngr/ks-action.c: Include "ldap-parse-uri.h".
(ks_action_help): If the provided URI is an LDAP URI, then use
ldap_parse_uri to parse.  Call ks_ldap_help.
(ks_action_search): If passed an LDAP URI, then call ks_ldap_search.
(ks_action_get): Likewise.
(ks_action_put): Likewise.  Also, change data from a 'const void *' to
a 'void *' and add info and infolen parameters.  Add note that
function may modify DATA.
* dirmngr/ks-action.h (ks_action_put): Update declaration accordingly.
* dirmngr/server.c: Include "ldap-parse-uri.h".
(cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using
ldap_parse_uri.
(hlp_ks_put): Improve documentation.
(cmd_ks_put): Also pass info and infolen to ks_action_put.  Improve
documentation.
* dirmngr/ks-engine.h (ks_ldap_help): New declaration.
(ks_ldap_search): Likewise.
(ks_ldap_get): Likewise.
(ks_ldap_put): Likewise.
* dirmngr/ks-engine-ldap.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c,
ldap-parse-uri.c and ldap-parse-uri.h.
(dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs).

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-23 19:58:29 +01:00
Werner Koch
e7ddaad0fd
gpg: Emit status line NEWSIG before signature verification starts.
* g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG.
--

gpgsm does this for a long time but somehow it never made it into gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-19 20:38:25 +01:00
Werner Koch
ab17f7b6c3
gpg: Create all MPIs with RFC-4880 correct length headers.
* g10/build-packet.c (gpg_mpi_write): Strip leading zeroes.
--

This used not to work with opaque MPI as returned by Libgcrypt from
ECC operations.  This patch fixes this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 20:14:58 +01:00
Werner Koch
bcc8250bc5
gpg: Allow printing of MPI values in --list-mode.
* g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode.
* g10/misc.c (mpi_print): Do not print an extra leading zero.
--

This was in older versions possible using "--debug 4" but that was
disabled in 2.1 due to a conflict using this values also for
Libgcrypt.  Now the values are dumped either with --debug 4 or using
--list-packets along with --verbose.

Because OpenPGP only uses unsigned integers an extra leading zero will
not be printed anymore.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 20:12:44 +01:00
Werner Koch
8bc1debfef
gpg: Fix broken write of opaque MPI length header.
* g10/build-packet.c (gpg_mpi_write): Use a char array for the length.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 19:51:06 +01:00
Werner Koch
1a9f13bc66
gpg: Fix possible dead code elimination.
* g10/encrypt.c: Change condition for detecting a real file.
--

Detected by Stack 3.0:

  bug: anti-dce
  model: |
    %tobool155 = icmp ne i32 %call154, 0, !dbg !1298
    -->  true
    ************************************************************
    land.lhs.true156:
    %96 = icmp eq i8* %filename, null
    call void @opt.bugon(i1 %96), !dbg !1298, !bug !1250
    %97 = load i8* %filename, align 1, !dbg !1298
    %conv157 = sext i8 %97 to i32, !dbg !1298
    %tobool158 = icmp ne i32 %conv157, 0, !dbg !1298
    br i1 %tobool158, label %land.lhs.true159, label %if.else177,\
          !dbg !1298
  stack:
    - /home/wk/s/gnupg/g10/encrypt.c:639:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/encrypt.c:639:0
      - null pointer dereference
2015-03-15 14:01:36 +01:00
Werner Koch
c59b410cf1
gpg: Remove useless condition.
* g10/keylist.c (list_keyblock_colon): Remove useless condition (PK).
(list_keyblock_print):  Likewise.
--

PK is already derefed above and thus testing for PK is dead code.
Detected by Stack 0.3:

  bug: anti-simplify
  model: |
    %tobool200 = icmp ne %struct.PKT_public_key* %3, null, !dbg !1498
    -->  true
  stack:
    - /home/wk/s/gnupg/g10/keylist.c:1367:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/keylist.c:1319:0
      - null pointer dereference

  bug: anti-simplify
  model: |
    %tobool102 = icmp ne %struct.PKT_public_key* %4, null, !dbg !1462
    -->  true
  stack:
    - /home/wk/s/gnupg/g10/keylist.c:978:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/keylist.c:955:0
      - null pointer dereference

  bug: anti-simplify
  model: |
    %tobool128 = icmp ne %struct.PKT_public_key* %4, null, !dbg !1469
    -->  true
  stack:
    - /home/wk/s/gnupg/g10/keylist.c:990:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/keylist.c:955:0
      - null pointer dereference
2015-03-15 12:39:56 +01:00
Werner Koch
7b5b52f326
gpg: Change --print-pka-records into an option.
* g10/gpg.c (aPrintPKARecords): Rename to oPrintPKARecords and do not
use it as a command.
* g10/keylist.c (list_keyblock): List PKA rceords also for secret
keys.
--

An option allows to use it more flexible.  For example to select only
secret keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:37:16 +01:00
Werner Koch
14af2be022
gpg: Add --list-gcrypt-config and "curve" item for --list-config.
* common/openpgp-oid.c (curve_supported_p): New.
(openpgp_enum_curves): New.
* common/t-openpgp-oid.c (test_openpgp_enum_curves): New.
(main): Add option --verbose.
* g10/gpg.c (opts): Add --list-gcrypt-config.
(list_config): Add items "curve" and "curveoid".  Remove unused code.
--

GnuPG-bug-id: 1917
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:35:30 +01:00
Daniel Kahn Gillmor
82146af85b
gpg: avoid chatter about trustdb when --quiet
* g10/trustdb.c (tdb_check_trustdb_stale): avoid log_info() when
  opt.quiet
--

gpg(1) says:

       -q, --quiet
              Try to be as quiet as possible.

While the mentions about the stale trustdb information are edifying,
they aren't necessary, and shouldn't be emitted when the user requests
--quiet.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-03-04 14:31:45 +01:00
Werner Koch
91baea2dcd
gpg: Fix memory leak due to PKA lookup.
* g10/keyserver.c (keyserver_import_pka): Move the xfree.
2015-02-26 18:01:13 +01:00
Werner Koch
2fc27c8696
gpg: Switch to a hash and CERT record based PKA system.
* common/dns-cert.c (get_dns_cert): Make r_key optional.
* common/pka.c: Rewrite for the new hash based lookup.
* common/t-pka.c: New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.

--

Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.

The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time.  Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified.  Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key.  Having a solid way of getting a key matching
a mail address is however a must have.

More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase.  The auto-key-locate mechanism
should also be able to continue key fetching with another methods once
the fingerprint has been retrieved with PKA.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-25 16:34:19 +01:00
Werner Koch
af60152a46
common: Allow requesting a specific certtype with get_dns_cert()
* common/dns-cert.c (get_dns_cert): Add arg want_certtype.  Change all
callers.
(CERTTYPE_): Move constants to ...
* common/dns-cert.h: here as DNS_CERTTYPE_.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-25 12:03:21 +01:00
Werner Koch
9913253610
Move new mailbox.c source file to common/.
* g10/mailbox.c: Move to ...
* common/mbox-util.c: new file.
* common/mbox-util.h: New. Include where needed.
* g10/t-mailbox.c: Move to ...
* common/t-mbox-util.c: new file.
--

This will make it easier to use the code by other modules in common/.
2015-02-25 11:43:50 +01:00
Werner Koch
e2d9340280
gpg: Add command --print-pka-records.
* g10/gpg.c (main): Add command --print-pka-records.
* g10/options.h (struct opt): Add field "print_pka_records".
* g10/keylist.c (list_keyblock_pka): New.
(list_keyblock): Call it if new option is set.
(print_fingerprint): Add mode 10.
--

This is a fist step towards a slightly updated PKA implementation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-24 19:31:59 +01:00
Werner Koch
93fa3d5c17
gpg: Add function to extract the mailbox.
* g10/misc.c (has_invalid_email_chars, is_valid_mailbox)
(is_valid_user_id): Move to ...
* g10/mailbox.c: new file.
(string_has_ctrl_or_space, has_dotdot_after_at): New.
(has_invalid_email_chars): New.

* g10/t-mailbox.c: New.
* g10/Makefile.am (module_tests): Add t-mailbox.
(t_mailbox_SOURCES, t_mailbox_LDADD): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-24 17:46:22 +01:00
Werner Koch
ae09515b9d
gpg: Add option to print fingerprints in ICAO spelling.
* g10/gpg.c: Add option --with-icao-spelling.
* g10/options.h (struct opt): Add with_icao_spelling.
* g10/keylist.c (print_icao_hexdigit): New.
(print_fingerprint): Print ICAO spelling.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-23 17:54:05 +01:00
Werner Koch
a8116aacd9
gpg: Skip legacy keys while searching keyrings.
* g10/getkey.c (search_modes_are_fingerprint): New.
(lookup): Skip over legacy keys.
--

GnuPG-bug-id: 1847
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-23 16:37:57 +01:00
Werner Koch
d2a70fd834
gpg: Replace remaining uses of stdio by estream.
* g10/sign.c (sign_file):  Use log_printf instead of stderr.
* g10/tdbdump.c (export_ownertrust): Use estream fucntions.
(import_ownertrust): Ditto.
* g10/tdbio.c (tdbio_dump_record): Ditto.  Change arg to estream_t.
--

Reported-by: Guilhem Moulin <guilhem@fripost.org>

  Needed for unattended key edits with --status-fd, because since 2.1
  status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd)
  not fflush(3), so the standard output may not be flushed before each
  prompt. (Which breaks scripts using select(2) to multiplex between
  the standard and status outputs.)

His patch only affected print_and_check_one_sig_colon() but there are
many more places where stdio and estream are mixed.  This patch now
replaces most of them in g10/.  At some places stdio is still used,
but that is local to a function and should not have side effects.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
Werner Koch
76c8122adf
gpg: Fix segv due to NULL value stored as opaque MPI.
* g10/build-packet.c (gpg_mpi_write): Check for NULL return from
gcry_mpi_get_opaque.
(gpg_mpi_write_nohdr, do_key): Ditto.
* g10/keyid.c (hash_public_key): Ditto.
--

This fix extends commmit 0835d2f44e.

  gpg2 --export --no-default-keyring --keyring TESTDATA

With TESTDATA being below after unpacking.

-----BEGIN PGP ARMORED FILE-----

mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ
iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA
EJgTBJx/AP8ABPPzBJx/AP8ABPPz
=2yE0
-----END PGP ARMORED FILE-----

Reported-by: Jodie Cunningham
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 16:29:58 +01:00
Werner Koch
15fad6b1b9 doc: Change remaining http links to gnupg.org to https
--
GnuPG-bug-id: 1830
2015-02-11 12:10:39 +01:00
Werner Koch
2183683bd6 Use inline functions to convert buffer data to scalars.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a388 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-11 10:28:25 +01:00
Werner Koch
f0f71a721c gpg: Prevent an invalid memory read using a garbled keyring.
* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.
* g10/keydb.c (parse_keyblock_image): Ditto.
--

The keyring DB code did not reject packets which don't belong into a
keyring.  If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

Reported-by: Hanno Böck <hanno@hboeck.de>

Test data:

  gpg2 --no-default-keyring --keyring FILE --export >/dev/null

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----

mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86
sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt
DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAGs
CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx
kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS
l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF
eyTtxs+wAgAD
=uIt9
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-09 15:46:00 +01:00
Werner Koch
0835d2f44e gpg: Fix a NULL-deref in export due to invalid packet lengths.
* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
opaque MPI.
--

Reported-by: Hanno Böck <hanno@hboeck.de>

Test data:

     gpg2 --no-default-keyring --keyring FILE --export

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v2
Comment: Use "gpg --dearmor" for unpacking

mI0EGRkZGRkZGRkZGRkZGRkBGRkZGRkZGRkZGRkZGQAZGRkZGRkZGRkZGRkZGRkZ
GRkZInzgDbpa/9gQ4wq9////f3Vy81CkyVq3HQaqgZLZOeqPjM7XgGh5hJvAkpec
9wAAAgDHe0FVFbkppJZXP+gFs6z3gobS0qUFeyTtxs+wAgAD
=JDFT
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-09 10:54:06 +01:00
Werner Koch
3997848786 gpg: Fix a NULL-deref due to empty ring trust packets.
* g10/parse-packet.c (parse_trust): Always allocate a packet.
--

Reported-by: Hanno Böck <hanno@hboeck.de>
Signed-off-by: Werner Koch <wk@gnupg.org>

Test data:

 gpg2 --no-default-keyring --keyring FILE --export

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v2
Comment: Use "gpg --dearmor" for unpacking

mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86
sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt
DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAG0
CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx
kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS
l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF
eyTtxs+wAAAD
=puSt
-----END PGP ARMORED FILE-----
2015-02-09 10:31:31 +01:00
Werner Koch
05428d1256 w32: Add manifest to gpg.
* g10/gpg.w32-manifest.in: New.
* g10/gpg-w32info.rc: Add manifest.
* g10/Makefile.am (EXTRA_DIST): Add manifest.
(gpg-w32info.o): Depend on manifest.
* configure.ac (BUILD_VERSION): New.
(AC_CONFIG_FILES): Add manifest.
--

There are no dependencies yet defined - we need to do this for the
libs first.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-04 09:15:34 +01:00
Werner Koch
382ba4b137 gpg: Limit the size of key packets to a sensible value.
* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
(MAX_UID_PACKET_LENGTH): New.
(MAX_COMMENT_PACKET_LENGTH): New.
(MAX_ATTR_PACKET_LENGTH): New.
(parse_key): Limit the size of a key packet to 256k.
(parse_user_id): Use macro for the packet size limit.
(parse_attribute): Ditto.
(parse_comment): Ditto.
--

Without that it is possible to force gpg to allocate large amounts of
memory by using a bad encoded MPI.  This would be an too easy DoS.
Another way to mitigate would be to change the MPI read function to
allocate memory dynamically while reading the MPI.  However, that
complicates and possibly slows down the code.  A too large key packet
is in any case a sign for broken data and thus gpg should not use it.

Reported-by: Hanno Böck
GnuPG-bug-id: 1823
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 20:32:28 +01:00
Werner Koch
d8eea25b8b gpg: Fix buffering problem in --list-config.
* g10/gpg.c (list_config): Replace print_sanitized_string2 by
es_write_sanitized.

* common/stringhelp.c (print_sanitized_buffer2): Remove.
(print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
(print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
(print_sanitized_string): Remove.

* sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
(pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
--

Mixing stdio and estream is never a good idea.  This fix also allows
us to remove a lot of garbage.

Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
GnuPG-bug-id: 1822
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 20:12:21 +01:00
Werner Koch
0c2bfd9d5a Add a hook to be called right after main.
* common/init.c (early_system_init): New stub function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 19:57:22 +01:00