1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

1100 Commits

Author SHA1 Message Date
Werner Koch
7aee3579be Add option --no-autostart.
* g10/gpg.c: Add option --no-autostart.
* sm/gpgsm.c: Ditto.
* g10/options.h (opt): Add field autostart.
* sm/gpgsm.h (opt): Ditto.
* g10/call-agent.c (start_agent): Print note if agent was not
autostarted.
* sm/call-agent.c (start_agent): Ditto.
* g10/call-dirmngr.c (create_context): Likewise.
* sm/call-dirmngr.c (start_dirmngr_ext): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
Werner Koch
1c2140346d gpg: Change a bug() call to a regular error message.
* g10/decrypt-data.c (decrypt_data): Return an error code instead of
calling BUG().
--

This code path can be triggered by fuzzing gpg and thus with some
likeness also by corrupt messages for other reasons.
2014-11-26 10:21:01 +01:00
Werner Koch
596ae9f543 gpg: Fix use of uninit.value in listing sig subpkts.
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 18:05:45 +01:00
Werner Koch
0988764397 gpg: Fix off-by-one read in the attribute subpacket parser.
* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 17:28:25 +01:00
Werner Koch
b716e6a699 gpg: Fix batch generation of ECC keys.
* g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
directly.
--

Interactive generation of the keys uses the OpenPGP algorithms numbers
but batch generation allows the use of strings.

Reported-by: Gaetan Bisson.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 11:56:49 +01:00
Daniel Kahn Gillmor
a3cf781e3b gpg: Refer to --throw-keyids instead of --throw-keyid
* g10/encrypt.c: adjust error message

--
The full option name is --throw-keyids, so we should refer to it
consistently.
2014-11-24 09:45:53 +01:00
Werner Koch
44c9cc1896 gpg: Track number of skipped v3 keys on import.
* g10/import.c (stats_s): Add field v3keys.
(import): Update this field.
(import_print_stats): Print v3 key count.
(read_block): Skip v3 keys and return a count for them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-21 16:15:42 +01:00
Werner Koch
94a5442514 gpg: Fix regression in parse_key.
* g10/parse-packet.c (parse): Better return just the gpg_err_code.
(parse_key): Return the error code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-21 16:13:41 +01:00
Werner Koch
f80c2dd78d gpg: Fix hash detection for ECDSA.
* g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
--

This error was introduced with
commit b7f8dec6325f1c80640f878ed3080bbc194fbc78
while separating EdDSA from ECDSA.

Found due to a related bug report from Brian Minton.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-20 20:09:17 +01:00
Werner Koch
592faa7dc4 Comment typo fixes.
--
2014-11-19 10:47:57 +01:00
Werner Koch
0e7dd40342 Add "gpgconf --kill dirmngr" and avoid useless launch before a kill.
* common/asshelp.c (start_new_gpg_agent): Add arg autostart.  Change
all callers to use 1 for it.
(start_new_dirmngr): Ditto.
* tools/gpg-connect-agent.c: Add option --no-autostart.
(main): Default autostart to 1.
(start_agent): Implement no-autostart.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Use --no-autostart.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-19 10:47:56 +01:00
Werner Koch
32e85668b8 gpg: Fix a NULL-deref for invalid input data.
* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-17 13:08:23 +01:00
Werner Koch
69384568f6 gpg: Make the use of "--verify FILE" for detached sigs harder.
* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 17:39:31 +01:00
Werner Koch
22748338da gpg: Fix a missing LF in debug output.
* g10/kbnode.c (dump_kbnode): Print a LF.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 17:01:17 +01:00
Werner Koch
63c6514415 gpg: Re-indent two files.
--
2014-11-13 15:21:10 +01:00
Werner Koch
e30cb8f617 gpg: Remove PGP-2 related cruft.
* g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash
header.
(fake_packet): Remove pgp-2 workaround for white space stripping.
* g10/filter.h (armor_filter_context_t): Remove field pgp2mode.
* g10/options.h (opt): Remove field pgp2_workarounds.
* g10/gpg.c (main): Do not set this field.
* g10/gpgv.c (main): Ditto.
* g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash
  algo.  Using MD5 here is useless.
(proc_plaintext): Remove PGP-2 related woraround
(proc_tree): Remove another workaround but keep the one for PGP-5.
--

The removed code was either not anymore used or its use would have
caused an error message later anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 12:01:42 +01:00
Werner Koch
81e177be10 gpg: Improve perceived speed of secret key listings.
* g10/keylist.c (list_keyblock): Flush stdout for secret keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-12 12:41:20 +01:00
Werner Koch
eecbed004c gpg: Fix regression in --refresh-keys
* g10/keyserver.c (keyserver_get): Factor all code out to ...
(keyserver_get_chunk): new.  Extimate line length.
(keyserver_get): Split up requests into chunks.
--

Note that refreshing all keys still requires way to much memory
because we build an in-memory list of all keys first.  It is required
to first get a list of all keys to avoid conflicts while updating the
key store in the process of receiving keys.  A better strategy would
be a background process and tracking the last update in the key store.

GnuPG-bug-id: 1755
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-12 12:14:32 +01:00
Werner Koch
ffc2307843 gpg: Add import options "keep-ownertrust".
* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
* g10/import.c (parse_import_options): Add "keep-ownertrust".
(import_one): Act upon new option.
--

This option is in particular useful to convert from a pubring.gpg to
the new pubring.kbx in GnuPG 2.1 or vice versa:

gpg1 --export | gpg2 --import-options keep-ownertrust --import
2014-11-12 09:56:40 +01:00
Werner Koch
b8cdfac353 Remove use of gnulib (part 2)
* configure.ac (strpbrk): Add to AC_CHECK_FUNCS.
(gl_EARLY): Remove.
* common/stringhelp.c (strpbrk) [!HAVE_STRPBRK]: New.
* common/sysutils.c (gnupg_mkdtemp): New.  Based on code from
glibc-2.6.
(gnupg_setenv): Rewrite.
(gnupg_unsetenv): Rewrite.
* g10/exec.c: Include sysutils.h and replace mkdtemp by gnupg_mkdtemp.
* g13/be-encfs.c: Ditto.
* g13/mount.c: Ditto.
* tools/symcryptrun.c (confucius_mktmpdir): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-11 15:14:31 +01:00
Werner Koch
1adf719b2d Remove use of gnulib (part 1)
* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.

* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"

* common/t-timestuff.c: Use putenv if setenv is not available.
--

gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X.  This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.

In part two we will address the functions

 mkdtemp
 setenv
 unsetenv
 strpbrk

which may bot be implemented on all platforms.  They are not required
on a libc based system.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-11 10:13:10 +01:00
Werner Koch
91b826a388 Avoid sign extension when shifting the MSB.
* sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before
shifting.
* g10/build-packet.c (delete_sig_subpkt): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-05 08:23:15 +01:00
Werner Koch
b3ebecfc7c Add open card manufacturer 0x0008.
--
2014-11-04 16:32:30 +01:00
Werner Koch
cf41763cdf Change a couple of files to use abbreviated copyright notes.
--

Also fixed some of my own copyright notices due to the termination of
my assignment.  The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
2014-11-04 16:28:03 +01:00
Werner Koch
587a0956b9 gpg: Print use --full-gen-key note using the installed name of gpg.
--
2014-11-04 10:53:12 +01:00
Werner Koch
f8c993fbe2 gpg: Avoid extra pinentries for each subkey in --export-secret-keys.
* agent/command.c (cmd_export_key): Actually implement the cache_nonce
feature.
* g10/export.c (do_export_stream): Make use of a cache_nonce.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 17:51:30 +01:00
Werner Koch
d95f05c314 gpg: Fix endless loop in keylisting with fingerprint.
* g10/getkey.c (getkey_next): Disable cache.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 16:36:40 +01:00
Werner Koch
440e8f5170 gpg: Minor cleanup for key listing related code.
* g10/getkey.c (get_pubkey_next): Divert to getkey_next.
(get_pubkey_end): Move code to getkey_end.
* g10/keydb.c (keydb_search_reset): Add a debug statement.
(dump_search_desc): Add arg HD and print the handle.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 16:31:30 +01:00
Werner Koch
a929f36693 gpg: Do not show an useless passphrase prompt in batch mode.
* g10/keygen.c: Remove unused PASSPHRASE related code.
(proc_parameter_file): Remove useless asking for a passphrase in batch
mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 15:43:52 +01:00
Werner Koch
f4df71aa2d gpg: Remove superfluous check for Libgcrypt >= 1.4.0.
* g10/gpg.c (main): Remove check.
--

We require 1.6.0 anyway.
2014-10-31 14:47:02 +01:00
Werner Koch
f74ca872df Add more signing keys.
--
The keys which may be used to sign GnuPG packages are:

  rsa2048/4F25E3B6 2011-01-12 [expires: 2019-12-31]
  D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
  Werner Koch (dist sig)

  rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
  46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
  David Shaw (GnuPG Release Signing Key) <dshaw@jabberwocky.com>

  rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
  031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
  NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org>

  rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
  D238 EA65 D64C 67ED 4C30  73F2 8A86 1B1C 7EFD 60D9
  Werner Koch (Release Signing Key)

These keys are all created and used on tokens.  7EFD60D9 is currently
not used but ready to replace 4F25E3B6 in case the former token break.
2014-10-31 14:21:34 +01:00
Werner Koch
935edf88ab kbx: Let keydb_search skip unwanted blobs.
* kbx/keybox.h (keybox_blobtype_t): New.
* kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
* kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
non-matching blobs.
* sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
* g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
--

Without this fix a listing of all keys would fail because the wrong
blob type would be returned for the gpg or gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 12:15:34 +01:00
Werner Koch
28ae8ad70b gpg: Fix --rebuild-keydb-caches.
* g10/parse-packet.c (parse_key): Store even unsupported packet
versions.
* g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
versions less than 4.
--

That function, which is implicitly called while checking the keydb, led
to corruption of v3 key packets in the keyring which would later spit
out "packet(6)too short" messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 10:31:11 +01:00
Werner Koch
433208a553 gpg: Fix testing for secret key availability.
* g10/getkey.c (have_secret_key_with_kid): Do not change the search
mode.
--

The search mode was accidentally changed to search-next after finding
the first keyblock.  The intention was to look for a duplicate keyid
in the keydb which works by not doing a keydb_search_reset.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 09:22:47 +01:00
Werner Koch
cb46e32628 gpg: Remove commented code.
--
2014-10-31 09:14:03 +01:00
Werner Koch
472a4a0d82 gpg: Silence "packet with obsolete versoin" warnings.
* g10/parse-packet.c (parse_key): Print warning only in very verbose
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:17:23 +02:00
Werner Koch
1b8decc476 gpg: Make card key generation work again.
* g10/call-agent.c (agent_scd_learn): Rename from agent_learn.
(agent_learn): New.
* g10/keygen.c (gen_card_key): Call new agent-learn.
--

Without a shadow key we can't create the self-signatures.  Thus we
need to issue the learn command after each key generation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00
Werner Koch
8fd150b05b gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 13:32:16 +02:00
Werner Koch
fab89f159b gpg: Remove extra RSA import status line.
* g10/import.c (stats_s): Remove field "imported_rsa".
(import_print_stats): Do not print separate value for RSA.
(import_one): Remove the RSA counter.
--

RSA is the standard key format and thus there is no more need to have
a separate counter.  This is a remain from the RSA patent times.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 15:08:58 +02:00
Werner Koch
21c0ea6baf gpg: Fix informative printing of user ids.
* g10/getkey.c (keyid_list): Add field "fpr".
(cache_user_id): Store fpr and check for dups only by fpr.
(get_pubkey_byfpr): New.
(get_user_id_string): Make static and use xasprintf.
(get_long_user_id_string): Use xasprintf.
(get_user_id_byfpr): New.
(get_user_id_byfpr_native): New.
* g10/keyid.c (fingerprint_from_pk): Make arg RET_LEN optional.
* g10/import.c (import_one): Use get_user_id_byfpr_native.
--

We now cache the userids using the fingerprint.  This allows to print
the correct user id for keys with a duplicated key id.  We should
eventually start to retire the use of all the old keyid based
functions.  However, at some places we only have the keyid and thus
some of them will need to be kept (maybe changed with an indication to
show that more than several user ids are matching).

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 14:54:26 +02:00
Werner Koch
c60814a5ce gpg: Allow importing keys with duplicated long key ids.
* g10/keydb.c (keydb_handle): Add field no_caching.
(keyblock_cache): Repalce field kid by fpr.
(keydb_disable_caching): New.
(keydb_search): Use the fingerprint as cache index.

* g10/import.c (import_one): Use the fingerprint and not the kid to
lookup the key.  Call keydb_disable_caching beofre re-searching for
update.

* tests/openpgp/import.test: Add a test case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 14:01:29 +02:00
Werner Koch
2d68dc437e gpg: Minor change for better readability.
* g10/build-packet.c (write_version): Remove.
(do_pubkey_enc, do_onepass_sig): Write version directly.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-12 19:16:13 +02:00
Werner Koch
54ffe2045a Use a unique capitalization for "Note:".
--
2014-10-10 15:29:42 +02:00
Daniel Kahn Gillmor
6cabb7a2a1 gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.

--

This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from
STABLE-BRANCH-1-4 against master

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424

Minor edits by wk.

GnuPG-bug-id: 1732
2014-10-10 13:40:38 +02:00
Werner Koch
2ca90f78ce gpg: Skip overlong keys and a print a warning.
* kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too
long blobs.
* sm/keydb.c (keydb_search): Call keybox_search with a dummy param.
* g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs.
(keydb_search_reset): Reset that field.
(keydb_search): Update that field.
(keydb_get_skipped_counter): New.
* g10/keylist.c (list_all): Print count of skipped keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 21:01:49 +02:00
Werner Koch
60e21d8b85 gpg: Sync keylist output and warning messages.
* g10/keylist.c (list_all): Flush stdout before logging.
* g10/misc.c (print_pubkey_algo_note): Ditto.
(print_cipher_algo_note): Ditto.
(print_digest_algo_note): Ditto.
(print_md5_rejected_note): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 20:57:02 +02:00
Werner Koch
ec332d58ef gpg: Take care to use pubring.kbx if it has ever been used.
* kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
* kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
flag.
* kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
and set header flag.
* kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
and add arg for_openpgp.
(keybox_new_openpgp, keybox_new_x509): New.  Use them instead of the
former keybox_new.
* kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
openpgp header flags.

* g10/keydb.c (rt_from_file): New.  Factored out and extended from
keydb_add_resource.
(keydb_add_resource): Switch to the kbx file if it has the openpgp
flag set.

* kbx/keybox-dump.c (dump_header_blob): Print header flags.
--

The problem was reported by dkg on gnupg-devel (2014-10-07):

  I just discovered a new problem, though, which will affect people on
  systems that have gpg and gpg2 coinstalled:

   0) create a new keyring with gpg2, and use it exclusively with gpg2
  for a while.
   1) somehow (accidentally?) use gpg (1.4.x) again -- this creates
  ~/.gnupg/pubring.gpg
   2) future runs of gpg2 now only look at pubring.gpg and ignore
  pubring.kbx -- the keys you had accumulated in the keybox are no
  longer listed in the output of gpg2 --list-keys

Note that gpgsm has always used pubring.kbx and thus this file might
already be there but without gpg ever inserted a key.  The new flag in
the KBX header gives us an indication whether a KBX file has ever been
written by gpg >= 2.1.  If that is the case we will use it instead of
the default pubring.gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 19:10:32 +02:00
Werner Koch
d8c01d826f gpg: Change wording of a migration error message.
--
2014-10-09 10:56:25 +02:00
Daniel Kahn Gillmor
27fe067efe Avoid unnecessary library linkage
* dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap
* g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not
need $(LIBASSUAN_LIBS)
* sm/Makefile.am: gpgsm does not need $(ZLIBS)
* tools/Makefile.am: gpgconf does not need $(NPTH_LIBS)

--

In the course of building GnuPG 2.1.0 beta864 on debian, i found that
several of the installed executables were linked to libraries that
they did not need to be linked to, which would cause unnecessary
package dependencies at runtime.

The changeset here removes these unnecessary libraries from linking.

Something similar could possibly also be done by passing --as-needed
to the linker, but trimming the depenencies seems more parsimonious.
2014-10-09 08:17:32 +02:00
Werner Koch
3ae6afc133 gpg: Avoid error exit if keygrip computations fails in a key listing.
* g10/keyid.c (keygrip_from_pk): Use log_info and clear array on error.
--

This may happen due to algorithms or curves not supported by
Libgcrypt.  We should only print a warning and not have gpg return
with failure for a secret key listing.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-08 21:43:28 +02:00
Werner Koch
bc8583f247 gpg: Allow creating a cert-only primary key.
* g10/keygen.c (ask_key_flags): Allow a 'c' in direct entry.
--

GnuPG-bug-id: 1726
2014-10-03 15:05:47 +02:00
Andre Heinecke
a6fcdbc9e0 gpg: Check gpg-agent version before 2.1 migration.
* g10/call-agent.c, g10/call-agent.h (agent_get_version): New.
* g10/migrate.c (migrate_secring): Abort migration if
agent_get_version returns not at least 2.1.0

--
GnuPG-bug-id: 1718

On the first installation of GnuPG 2.1 it is likely that an
old gpg-agent is still running in the environment. In that
case the migration would fail.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2014-10-03 12:19:07 +02:00
Werner Koch
9c380384da Remove support for the GPG_AGENT_INFO envvar.
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options.  Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--

The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
2014-10-03 11:58:58 +02:00
Werner Koch
688a903b4b gpg: Fix regression removing SHA256.
* g10/misc.c (map_md_openpgp_to_gcry): Always use SHA256.
--

Regression due to commit d33246700578cddd1cb8ed8164cfbba50aba4ef3

GnuPG-bug-id: 1733.
2014-10-02 19:17:34 +02:00
Werner Koch
d332467005 gpg: Default to SHA-256 for all signature types on RSA keys.
* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
* configure.ac: Do not allow to disable sha256.
2014-09-27 15:28:17 +02:00
Werner Koch
f3625bb018 gpg: Simplify command --gen-key and add --full-gen-key.
* g10/gpg.c (aFullKeygen): New.
(opts): Add command --full-key-gen.
(main): Implement it.
* g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
the value is identical.
(DEFAULT_STD_CURVE): New.
(DEFAULT_STD_SUBALGO): New.
(DEFAULT_STD_SUBKEYSIZE): New.
(DEFAULT_STD_SUBCURVE): New.
(quick_generate_keypair): Use new macros here.
(generate_keypair): Add arg "full" and fix call callers. Do not ask
for keysize in non-full node.
(ask_user_id): Add arg "full" and simplify for non-full mode.
2014-09-27 15:14:13 +02:00
Werner Koch
7ff4ea2160 gpg: Add shortcut for setting key capabilities.
* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.
2014-09-26 14:43:48 +02:00
Werner Koch
20c6da50d4 gpg: Do not always print dashes in obsolete_option.
* g10/gpg.c (main): Pass option names to obsolete_option without
double dash.
* g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double
dash only for command line options.
2014-09-25 22:14:30 +02:00
Daniel Kahn Gillmor
371c2b14b0 gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
* g10/gpg.c: Add config options that should belong in scdaemon.conf
* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.

--

In gpg2, the following options are only relevant for scdaemon:

 reader-port
 ctapi-driver
 pcsc-driver
 disable-ccid

but in gpg1, they are options for gpg itself.

Some users of gpg1 might have these options in their
~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that
config file.

gpg2 should not fail hard, though giving a warning (and suggesting a
move to scdaemon.conf) seems OK.

This patch does *not* reintroduce any documentation for these options
in gpg.texi, even to indicate that they are "dummy" options, since
scdaemon.texi contains the appropriate documentation.

Debian-bug-id: 762844

- Program names factored out from obsolete_scdaemon_option to make
  reuse without new translations easier. -wk
2014-09-25 22:05:29 +02:00
Werner Koch
bc2f5c1d1a gpg: Create default keyring with .kbx suffix.
* g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity.
(keydb_add_resource): Fix order of args to maybe_create_keyring_or_box
and check and create .kbx.
2014-09-22 08:36:24 +02:00
Werner Koch
1d33d03f0b gpg: --delete-secret-key - check that a secret key exists.
* g10/delkey.c (do_delete_key): Check availibility of a secret key.
--

Actually we check that at least one secret subkey exists.
2014-09-20 16:27:16 +02:00
Werner Koch
cf648fc5c8 gpg: Make algorithm selection prompt for ECC more clear.
* g10/keygen.c (ask_algo): Change 9 to "ECC and ECC".
2014-09-20 15:17:11 +02:00
Werner Koch
6a0c3fa19c gpg: Silence a compiler warning.
* g10/parse-packet.c (enum_sig_subpkt): Replace hack.
2014-09-18 15:09:10 +02:00
Werner Koch
327134934d gpg: Replace a hash algo test function.
* g10/gpg.c (print_mds): Replace openpgp_md_test_algo.
--

This is actually not required because as of now the used OpenPGP and
Gcrypt hash algorithm numbers are identical.  But that might change in
the future.

This changes the behavior of GnuPG in case it has been build with
some algorithms disabled: If those algorithms are available in
Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
Werner Koch
0af533abd3 gpg: Re-indent a function.
--
2014-09-18 14:50:02 +02:00
Werner Koch
ae3d1bbb65 gpg: Print a warning if the subkey expiration may not be what you want.
* g10/keyedit.c (subkey_expire_warning): New.
(keyedit_menu): Call it when needed.
--
GnuPG-bug-id: 1715

The heuristic to detect a problem is not very advanced but it should
catch the most common cases.
2014-09-17 16:27:37 +02:00
Werner Koch
457bce5cd3 gpg: Improve passphrase caching.
* agent/cache.c (last_stored_cache_key): New.
(agent_get_cache): Allow NULL for KEY.
(agent_store_cache_hit): New.
* agent/findkey.c (unprotect): Call new function and try to use the
last stored key.

* g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
make_keysig_packet.
(gen_standard_revoke): Add arg CACHE_NONCE and pass to
create_revocation.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
cache nonce.
--

This patch adds two features:

1. The key for the last passphrase successfully used for unprotecting
a key is stored away.  On a cache miss the stored away passphrase is
tried as well.  This helps for the common GPG use case of having a
signing and encryption (sub)key with the same passphrase.  See the
code for more comments.

2. The now auto-generated revocation certificate does not anymore
popup a passphrase prompt.  Thus for standard key generation the
passphrase needs to be given only once (well, two with the
confirmation).
2014-09-17 15:12:08 +02:00
Werner Koch
83c2d2396c gpg: Use algorithm id 22 for EdDSA.
* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
--

In the hope that the IETF will eventually assign 22 for EdDSA using
the draft-koch-eddsa-for-openpgp-01 specs we start using this number.
2014-09-12 11:31:49 +02:00
Werner Koch
3d250d21d3 gpg: Stop early on bogus old style comment packets.
* g10/parse-packet.c (parse_key): Take care of too short packets for
old style commet packets.
--

GnuPG-bug-id: 1714
2014-09-11 16:40:45 +02:00
Werner Koch
98f65291d7 gpg: Fix memory leak in ECC encryption.
* g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
handling.
2014-09-08 18:25:06 +02:00
Kyle Butt
4054d86abc gpg: Fix export of ecc secret keys by adjusting check ordering.
* g10/export.c (transfer_format_to_openpgp): Move the check against
PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of
parameters.
2014-09-01 10:20:17 +02:00
Werner Koch
be98b5960e gpg: Do not show "MD5" and triplicated "RSA" in --version.
* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.
2014-08-28 16:02:04 +02:00
Werner Koch
15cfd9a3bc gpg: Remove CAST5 from the default prefs and order SHA-1 last.
* g10/keygen.c (keygen_set_std_prefs): Update prefs.
2014-08-26 23:20:07 +02:00
Werner Koch
a731c22952 gpg: Allow for positional parameters in the passphrase prompt.
* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
--

Without that at least the French translation does not always work
because it requires positional parameters.  Windows for example does
not support them as they are not defined by C99 but by POSIX.
2014-08-26 10:16:04 +02:00
Werner Koch
cb680c5ea5 gpg: Fix "can't handle public key algorithm" warning.
* g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign
capabilities.
2014-08-20 09:59:36 +02:00
Werner Koch
e5da80bc18 gpg: Install the current release signing pubkey.
* g10/distsigkey.gpg: New.
--

This might be useful to help installing updates.
2014-08-18 16:38:13 +02:00
Werner Koch
3981ff15f3 agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.
* agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
* agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.
2014-08-18 15:42:54 +02:00
Werner Koch
57df1121c1 gpg: Change default cipher for --symmetric from CAST5 to AES-128.
* g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES
depending on configure option.
* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.
2014-08-18 11:45:00 +02:00
Werner Koch
a13198d9bc Release 2.1.0-beta783 2014-08-14 17:16:21 +02:00
Werner Koch
c23c18c154 gpg: Screen keyserver responses.
* g10/main.h (import_screener_t): New.
* g10/import.c (import): Add screener callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (struct ks_retrieval_screener_arg_s): New.
(keyserver_retrieval_screener): New.
(keyserver_get): Pass screener to import_keys_es_stream().
--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring
that the keys fetched from the keyserver are in fact those selected by
the user beforehand.

Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de>

This is an extended and fixed versions of Stefan's patch.  In addition
to the changes done in gnupg 2.0, namely the commits

  5e933008beffbeae7255ece02383606481f9c169
  044847a0e2013a2833605c1a9f80cfa6ef353309
  088f82c0b5e39687f70e44d3ab719854e808eeb6

the symbol names have been changed to "screener" to void mixing them
up with the iobuf filter feature and it has been changed to be used
with the dirmngr based keyserver lookup.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-08-14 15:21:21 +02:00
Werner Koch
ae29b52119 gpg: Disable an MD5 workaround for pgp2 by default.
* g10/sig-check.c (do_check): Move some code to ...
* g10/misc.c (print_md5_rejected_note): new function.
* g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround
only if option --allow-weak-digest-algos is used.
2014-08-14 11:28:11 +02:00
Werner Koch
2b8d8369d5 gpg: Remove options --pgp2 and --rfc1991.
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.
2014-08-14 11:03:55 +02:00
Werner Koch
71b55e91f0 gpg: Remove --compress-keys and --compress-sigs feature.
* g10/gpg.c (oCompressKeys, oCompressSigs): Remove.
(opts): Turn --compress-keys and --compress-signs in NOPs.
* g10/options.h (opt): Remove fields compress_keys and compress_sigs.
* g10/export.c (do_export): Remove compress_keys feature.
* g10/sign.c (sign_file): Remove compress_sigs feature.
--

These features are disabled in GnuPG since the very early days and
they fulfill no real purpose.  For now we keep the command line
options as dummys.
2014-08-14 09:55:09 +02:00
Werner Koch
7d0492075e gpg: Add list-option "show-usage".
* g10/gpg.c (parse_list_options): Add "show-usage".
* g10/options.h (LIST_SHOW_USAGE): New.
* g10/keyid.c (usagestr_from_pk): Add arg FILL.  Change caller.
* g10/keylist.c (list_keyblock_print): Print usage info.
2014-08-13 10:11:36 +02:00
Werner Koch
a57c33c855 gpg: Make --with-colons work again for --search-keys.
* g10/keyserver.c (search_line_handler): Replace log_debug by
es_printf.
2014-08-12 16:19:44 +02:00
Werner Koch
557cc11a60 gpg: Switch to an EdDSA format with prefix byte.
* g10/keygen.c (gen_ecc): USe "comp" for EdDSA.
2014-07-25 08:25:06 +02:00
Werner Koch
ea186540db gpg: Add command --quick-gen-key
* g10/gpg.c (aQuickKeygen): New.
* g10/misc.c (is_valid_user_id): New stub.
* g10/keygen.c (quickgen_set_para): New.
(quick_generate_keypair): New.
--

Note that the validation of the specified user id has not yet been
implemented.
2014-07-23 15:12:43 +02:00
Werner Koch
75127bc456 common: Add cpr_get_answer_is_yes_def()
* g10/cpr.c (cpr_get_answer_is_yes): Factor code out to ....
(cpr_get_answer_is_yes_def): ...new.
2014-07-23 14:35:22 +02:00
Werner Koch
17404b2fcc gpg: Make --quick-sign-key promote local key signatures.
* g10/keyedit.c (sign_uids): Promote local sigs in quick mode.
2014-07-23 12:18:19 +02:00
Werner Koch
5b34e347b6 gpg: Improve --list-packets output for faulty packets.
* g10/parse-packet.c: Add list_mode output for certain failures.
2014-07-21 14:37:13 +02:00
Werner Koch
bab9cdd971 gpg: Cap size of attribute packets at 16MB.
* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.
--

Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload.  This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte.  The fix is
obvious.

In addition we cap the size of attribute packets similar to what we do
with user id packets.  OpenPGP keys are not the proper way to store
movies.
2014-07-21 13:50:36 +02:00
Werner Koch
5214d8f02b gpg: Make show-uid-validity the default. 2014-07-03 11:04:23 +02:00
Werner Koch
03018ef9ee gpg: Auto-create revocation certificates.
* configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
--

GnuPG-bug-id: 1042
2014-06-30 16:40:55 +02:00
Werner Koch
3a01b22071 gpg: Rearrange code in gen_revoke.
* g10/revoke.c (gen_revoke): Factor some code out to ...
(create_revocation): new.
2014-06-30 11:05:35 +02:00
Werner Koch
c434de4d83 gpg: Create exported secret files and revocs with mode 700.
* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM.  Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--

GnuPG-bug-id: 1653.

Note that this works only if --output has been used.
2014-06-30 09:12:48 +02:00
Werner Koch
c2e3eb9888 po: Update the German (de) translation 2014-06-27 20:14:54 +02:00
Werner Koch
03f0b51fe4 gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--

It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
2014-06-26 21:53:38 +02:00
Werner Koch
572502bd2c gpg,gpgsm: Simplify wrong_args function. 2014-06-26 17:07:47 +02:00
Werner Koch
f171fd226e gpg: Allow key-to-card upload for cert-only keys
* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
--

Suggested-by: Dominik Heidler <dominik@heidler.eu>
2014-06-25 09:21:32 +02:00
Werner Koch
f4fcaa2936 gpg: Make export of ECC keys work again.
* agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
of the curve parameters.
* g10/export.c (canon_pubkey_algo): Rename to ...
(canon_pk_algo): this.  Support ECC.
(transfer_format_to_openpgp): Expect curve name.
2014-06-20 14:54:01 +02:00
Werner Koch
d6ca407a27 gpg: Avoid infinite loop in uncompressing garbled packets.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--

A packet like (a3 01 5b ff) leads to an infinite loop.  Using
--max-output won't help if it is a partial packet.  This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.

Thanks to Olivier Levillain and Florian Maury for their detailed
report.
2014-06-20 10:41:38 +02:00
Kristian Fiskerstrand
3f17b74aa5 gpg: Fix a couple of spelling errors 2014-06-17 11:42:39 +02:00
Werner Koch
d8314e31c5 gpg: Improve the output of --list-packets
* g10/parse-packet.c (parse): Print packet meta info in list mode.
--

In particular having the file offset of the packets is often useful.
2014-06-12 14:41:40 +02:00
Werner Koch
45ed901c46 gpg: Use more specific reason codes for INV_RECP.
* g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific
reasons codes for INV_RECP.
--

GnuPG-bug-id: 1650
2014-06-10 14:54:55 +02:00
Werner Koch
9c9e26d41e gpg: Require confirmation for --gen-key with experimental curves.
* g10/keygen.c (ask_curve): Add arg both.  Require confirmation for
Curve25519.
2014-06-05 12:03:27 +02:00
Werner Koch
4f0625889b gpg: Auto-migrate existing secring.gpg.
* g10/migrate.c: New.
* g10/import.c (import_old_secring): New.
(import_one): Add arg silent.
(transfer_secret_keys): Add arg batch.
(import_secret_one): Add args batch and for_migration.
* g10/gpg.c (main): Call migration function.
2014-06-05 11:19:59 +02:00
Werner Koch
be07ed65e1 Add new option --with-secret.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret.  Also move
the token string from the wrong field 14 to 15.
--

This option is useful for key managers which need to know whether a
key has a secret key.  This change allows to collect this information
in one pass.
2014-06-03 21:35:59 +02:00
Werner Koch
958e5f292f gpg: Avoid NULL-deref in default key listing.
* g10/keyid.c (hash_public_key): Take care of NULL keys.
* g10/misc.c (pubkey_nbits): Ditto.
--

This problem was mainly due to our ECC code while checking for opaque
MPIs with the curve name.
2014-06-02 19:54:22 +02:00
Werner Koch
f3249b1c4d gpg: Simplify default key listing.
* g10/mainproc.c (list_node): Rework.
--

GnuPG-bug-id: 1640
2014-06-02 19:50:18 +02:00
Werner Koch
d9cde7ba7d gpg: Graceful skip reading of corrupt MPIs.
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--

This gets gpg 2.x in sync to what gpg 1.4 does.  No need to die for a
broken MPI.

GnuPG-bug-id: 1593

Resolved conflicts:
	g10/parse-packet.c - whitespaces fixes.
2014-06-02 18:42:45 +02:00
Werner Koch
99972bd6e9 gpg: Fix bug parsing a zero length user id.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.

* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--

The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte.  With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte.  Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".

The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
2014-06-02 11:47:25 +02:00
Werner Koch
25036ec6ab gpg: Fix uninitialized access to search descindex with gpg keyboxes.
* kbx/keybox-search.c (keybox_search): Add arg  R_DESCINDEX.  Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.
--

This only affects the new keybox for OpenPGP keys in 2.1.  The bug
exhibited itself by running GPA's backup command on Windows.
2014-05-14 18:13:11 +02:00
Werner Koch
455a4a2212 gpg: Remove useless diagnostic in MDC verification.
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--

The separate diagnostic was introduced for debugging a problems.  For
explaining an MDC error a single error message is easier to
understand.
2014-05-14 08:56:39 +02:00
Werner Koch
b2945c451d gpg: Fix glitch entering a full expiration time.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639
2014-05-14 08:56:36 +02:00
Werner Koch
cb2aeb4e11 Make more use of *_NAME macros.
* configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New.
(GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New.
(DIRMNGR_DISP_NAME, G13_DISP_NAME): New.
(GPGCONF_DISP_NAME): New.
(SCDAEMON_SOCK_NAME): New.
* common/argparse.c (show_help): Map description string.
2014-05-08 10:28:23 +02:00
Werner Koch
359c643d74 gpg: Print the key algorithm/curve with signature info.
* g10/mainproc.c (check_sig_and_print): Print the name and curve.
2014-05-07 15:05:34 +02:00
Werner Koch
e73edfb175 gpg: Fix memleak in signature verification of bogus keys.
* g10/mainproc.c (check_sig_and_print): Factor common code out to ...
(print_good_bad_signature): here.
--

P was not released if the key had no user id.
2014-05-07 14:36:34 +02:00
Werner Koch
e5279c85a0 gpg: Fix indendation of check_sig_and_print.
--
2014-05-07 14:08:42 +02:00
Werner Koch
09055aa0f7 gpg: Mark experimental algorithms in the key listing.
* g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
Print a note for experimental algorithms.
* g10/misc.c (print_pubkey_algo_note): Fix warning message.
2014-05-07 13:50:00 +02:00
Werner Koch
8fee6c1ce6 gpg: Finish experimental support for Ed25519.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey.  Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp):  Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.

* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
 "NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.

* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
2014-05-07 13:27:43 +02:00
Werner Koch
6477e51919 Use "samethread" mode keyword for some es_fopenmem.
* dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* scd/atr.c (atr_dump): Ditto.
2014-05-06 09:49:26 +02:00
NIIBE Yutaka
21dab64030 ECC Fixes.
* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
does not distinguish the detail.
(do_unprotect, convert_from_openpgp_main): Don't call
map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
not the value defined by OpenPGP.
(convert_to_openpgp): It's "ecc".
* agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
* g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
* g10/pubkey-enc.c (get_it): Fix swapping the fields error.
2014-04-28 10:36:16 +09:00
Werner Koch
ffa39be5eb gpg: Print a warning if GKR has hijacked gpg-agent.
* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.
--

Note that GUIs may use the gpg status line

[GNUPG:] ERROR check_hijacking 33554509

to detect this and print an appropriate warning.
2014-04-22 12:50:15 +02:00
Werner Koch
e184a11f94 gpg: New %U expando for the photo viewer.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--

This makes is possible to extract all photos ids from a key to
different files.
2014-04-17 21:44:09 +02:00
Werner Koch
db3b528239 gpg: Re-enable secret key deletion.
* g10/call-agent.c (agent_delete_key): New.
* g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
* g10/passphrase.c (gpg_format_keydesc): Support new format.
* g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 19:44:50 +02:00
Werner Koch
d25d00b89e gpg: Re-indent a file.
* g10/delkey.c: Re-indent.
(do_delete_key, delete_keys): Change return type top gpg_error_t.
2014-04-15 19:44:48 +02:00
Werner Koch
c4d983239a gpg: Fix regression in secret key export.
* agent/cvt-openpgp.c (convert_to_openpgp): Fix use
gcry_sexp_extract_param.
* g10/export.c (do_export_stream): Provide a proper prompt to the
agent.
--

NB: The export needs more work, in particular the ECC algorithms.
2014-04-15 19:44:42 +02:00
Werner Koch
e549799db6 gpg: Change pinentry prompt to talk about "secret key".
* g10/passphrase.c (gpg_format_keydesc): Add mode 2.  Change strings.
* g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
(FORMAT_KEYDESC_EXPORT): New.  Use them for clarity.
--

The use of the term "certificate" was more confusing than helpful.
2014-04-15 19:29:57 +02:00
NIIBE Yutaka
40c3b0741e g10: EdDSA support.
* g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key.
* g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA.
* common/openpgp-oid.c (oid_ed25519): Update.
2014-04-08 11:59:39 +09:00
Werner Koch
b6786cc3ec gpg: Add commands --quick-sign-key and --quick-lsign-key.
* g10/gpg.c (main): Add commands --quick-sign-key and
--quick-lsign-key.
* g10/keyedit.c (sign_uids): Add args FP and QUICK.
(keyedit_quick_sign): New.
(show_key_with_all_names): Add arg NOWARN.
2014-03-27 16:33:40 +01:00
Werner Koch
4f50ec98dd Change some keyedit functions to allow printing to arbitrary streams.
* common/ttyio.c (tty_print_string): Add optional arg FP. Change all
callers.
(tty_print_utf8_string2): Ditto.
* g10/keyedit.c (show_prefs):  Ditto.
(show_key_with_all_names_colon): Ditto.
(show_names): Ditto.
* g10/keylist.c (print_revokers): Ditto.
(print_fingerprint): Ditto.
2014-03-27 12:59:55 +01:00
Werner Koch
f90cfe6b66 gpg: Reject signatures made with MD5.
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
2014-03-17 18:14:23 +01:00
Werner Koch
1e2e39c575 gpg: Make --auto-key-locate work again with keyservers.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
* g10/keyserver.c (keyserver_import_name): Implement.
(keyserver_get): Use exact mode for name based import.
(keyserver_get): Add args R_FPR and R_FPRLEN.  Change all callers.
2014-03-17 15:39:33 +01:00
Werner Koch
1d642d3ca8 gpg: New mechanism "clear" for --auto-key-locate.
* g10/getkey.c (parse_auto_key_locate): Implement "clear".
2014-03-17 15:36:15 +01:00
Werner Koch
a401f768ca gpg: Print the actual used keyserver address.
* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg.  Adjust all users.  Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.
--

It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key.  This is helpful if
the keyserver is actually a pool of keyservers.  This patch does this.
2014-03-14 16:12:54 +01:00
Werner Koch
6dd5d99a61 gpg: Add option --dirmngr-program.
* g10/gpg.c: Add option --dirmngr-program.
* g10/options.h (struct opt): Add field dirmngr_program.
* g10/call-dirmngr.c (create_context): Use new var.

* dirmngr/dirmngr.c: Include gc-opt-flags.h.
(main): Remove GC_OPT_FLAG_*.
* tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
* common/gc-opt-flags.h: here.
2014-03-12 18:35:36 +01:00
Werner Koch
99135b89ce Comment typo fixes
--
2014-03-12 14:33:51 +01:00
Werner Koch
8e9b1aa563 Comment fixes.
--

Reported-by: Daniel Kahn Gillmor
(cherry picked from commit 7db5c81e3a40b60e146f29c6744a33fd1b88c090)
2014-03-10 15:13:12 +01:00
Werner Koch
4387ecb11c Silence more warnings about unused vars and args.
* dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var.
* dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/.
* dirmngr/dirmngr.c (w32_service_control): Mark unused args.
(call_real_main): New.
(main) [W32]: Use new function to match prototype.
(real_main) [W32]: Mark unused vars.
(handle_signal) [W32]: Do not build the function at all.
(handle_connections) [W32]: Do not define signo.
* dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars.
* g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined.
2014-03-07 19:05:41 +01:00
Werner Koch
094aa2589e w32: Silence warnings about unused vars.
* agent/gpg-agent.c (main) [W32]: Mark unused vars.
* sm/gpgsm.c (run_protect_tool) [W32]: Ditto.
* g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto.
* scd/scdaemon.c (main) [W32]: Ditto.
(handle_connections) [W32]: Ditto.
(handle_signal) [W32]: Do not build the function at all.
* scd/apdu.c (pcsc_send_apdu_direct): Ditto.
(connect_pcsc_card): s/long/pcsc_dword_t/.
(open_pcsc_reader_direct): Remove var listlen.
2014-03-07 16:11:15 +01:00
Werner Koch
3032fc3ad7 Silence several warnings when building under Windows.
* agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
(start_pinentry): Ditto.
* common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
* common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
prototypes on Windows and some other platforms.
* common/logging.c (fun_writer): Declare addrbuf only if needed.
* g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
* g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
mode.
* g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
by -1 as temporary hack for Windows.
* g10/export.c (do_export): Ditto.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
* g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
--

The gpg server mode is not actual working and thus we can avoid the
warnings by explicitly disabling the mode.  We keep it working under
Unix, though.
2014-03-07 16:06:35 +01:00
Werner Koch
cb0dcc3408 w32: Include winsock2.h to silence warnings. 2014-03-07 14:18:43 +01:00
Werner Koch
d8f0b83e4f gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(tdb_get_ownertrust): Ditto.
(tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts): Ditto.
(tdb_cache_disabled_value): Ditto.
(tdb_check_trustdb_stale): Ditto.
(tdb_get_validity_core): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e)

Resolved conflicts:
	NEWS
	g10/trustdb.c: Manually apply changes due to changed
                       function names.

Note that this also includes the fix for clear_ownertrust, see
GnuPG-bug-id: 1622.
2014-03-07 10:44:27 +01:00
Werner Koch
dfb25d47a9 gpg: Print a "not found" message for an unknown key in --key-edit.
* g10/keyedit.c (keyedit_menu): Print message.
--

GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0bf54e60d31389812d05c3fd29bece876204561d)

Resolved conflicts:
	g10/keyedit.c: Fix white spaces
2014-03-07 10:18:32 +01:00
Werner Koch
db1f74ba53 gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe)

Resolved conflicts:
	g10/import.c
	g10/keyserver.c
2014-03-07 10:14:05 +01:00
Werner Koch
7c4bfa599f gpgv: Init Libgcrypt to avoid syslog warning.
* g10/gpgv.c (main): Check libgcrypt version and disable secure
memory.
--

GnuPG-bug-id: 1376
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3966eb244518d5612385d35a5149f7164a9fb707)

Resolved conflicts:
	g10/gpgv.c
2014-03-07 09:58:22 +01:00
Werner Koch
0ab752cc2d gpg: Remove legacy keyserver examples from the template conf file.
* g10/options.skel: Update.

(cherry picked from commit f3c5cc8bcd37e38b5d65db6a50466e22d03d1f0c)
2014-03-07 09:53:29 +01:00
NIIBE Yutaka
5ed8e9335f Fix g10/trust.c.
* g10/trust.c (register_trusted_keyid, register_trusted_key)
(update_ownertrust): Call functions with tdb_.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-03-06 16:23:10 +09:00
Werner Koch
47e6b6bad1 gpg: Silent more compiler warnings due to some configure options.
* g10/keygen.c (generate_keypair, gen_card_key)
(gen_card_key_with_backup) [!ENABLE_CARD_SUPPORT]: Mark unused args.
2014-02-10 23:15:34 +01:00
Werner Koch
7901c5c2a3 gpg: Cleanup compiler warnings due to some configure options.
* g10/photoid.c (show_photos) [DISABLE_PHOTO_VIEWER]: Mark args as
unused.
* tools/gpgconf-comp.c (my_dgettext): Mark DOMAIN as unused if NLS is
not configured.
2014-02-10 23:15:28 +01:00