1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

9832 Commits

Author SHA1 Message Date
NIIBE Yutaka
e3ddeff66e po: Update Japanese translation.
* po/ja.po: Fix message with no "%s".

--

Backport of master commit from: 77e2fcb4ff

The wrong message caused segmentation fault for key generation when
no expiration is specified.

GnuPG-bug-id: 3619
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-18 14:22:19 +09:00
NIIBE Yutaka
77e2fcb4ff po: Update Japanese translation.
* po/ja.po: Fix message with no "%s".

--

The wrong message caused segmentation fault for key generation when
no expiration is specified.

GnuPG-bug-id: 3619
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-18 14:09:53 +09:00
Werner Koch
416cf9e9be
gpg: Print a warning for too much data encrypted with 3DES et al.
* g10/filter.h (cipher_filter_context_t): Remove unused filed
'create_mdc'.  Turn field 'header' into a bit field.  Add new fields
'short_blklen_warn' and 'short_blklen_count'.
* g10/cipher.c (write_header): Print a warning if MDC is not used.
(cipher_filter): Print a warning for long messages encrypted with a
short block length algorithm.
--

Note that to test this warning in a reliable way compression needs to
be disabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 13:02:34 +01:00
Werner Koch
b5333e13cb
gpg: Simplify cipher:write_header.
* g10/cipher.c (write_header): Use write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 12:15:40 +01:00
Werner Koch
067e62fe55
indent: Re-indent g10/cipher.c
--
2017-12-13 12:14:52 +01:00
Werner Koch
9f641430dc
gpg: Simplify default_recipient().
* g10/pkclist.c (default_recipient): Use hexfingerprint.
--

Note that on malloc failure this function now returns NULL instead of
terminating the process.  However, under memory pressure any function
called latter will very likely fail as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 11:03:06 +01:00
Werner Koch
cd26c5482b
gpg: Return an error from hexfingerprint on malloc error.
* g10/keyid.c (hexfingerprint): Return NULL on malloc failure.  Chnage
all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 10:52:34 +01:00
Werner Koch
29119a6492
gpg: Remove some xmallocs.
* g10/getkey.c (get_pubkeys): Do not use xmalloc.
--

We eventually need to get rid of all xmallocs so that gpg won't fail
easily when we make more use of the s server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 10:07:30 +01:00
Werner Koch
8602b980df
indent: Re-indent get_pubkeys.
--
2017-12-13 10:07:28 +01:00
Daniel Kahn Gillmor
8ede3ae29a
gpg: default-preference-list: prefer SHA512.
* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order.  When publishing
external preferences, state preference for SHA512 first.

--

SHA-512 has a wider security margin than SHA-256.  It is also slightly
faster on most of the architectures on which GnuPG runs today.  New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.

Specifically, this changes --default-preference-list from:

   SHA256 SHA384 SHA512 SHA224

to:

   SHA512 SHA384 SHA256 SHA224

This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-12-12 15:07:43 +01:00
Werner Koch
c81a447190
Change backlog from 5 to 64 and provide option --listen-backlog.
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--

GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 14:14:40 +01:00
Werner Koch
17efcd2a2a
build: New configure option --enable-run-gnupg-user-socket.
* configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
* common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
--

This allows to build GnuPG with an extra socketdir below /run.  See
https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033250.html
for a longer explanation why this is sometimes useful.

Suggested-by: Rainer Perske
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 09:42:43 +01:00
Werner Koch
20b52be9ca
dirmngr: Check for WKD support at session end
* dirmngr/domaininfo.c (insert_or_update): Copy the name.
* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
* dirmngr/server.c (set_error): Protect CTX.
(dirmngr_status): Protect against missing ASSUAN_CTX.
(dirmngr_status_help): Ditto.
(dirmngr_status_printf): Ditto.
(cmd_wkd_get): Factor code out to ...
(proc_wkd_get): new func.  Support silent operation with no CTX.
(task_check_wkd_support): New.
--

This finalizes the feature to efficiently cache WKD checks.  If a
standard WKD query returns no data, we queue a test to be run after
the end of the session (so that we do not delay the calling client).
This check tests whether the server responsible for the queried
address has WKD at all enabled.  The test is done by checking whether
the "policy" file exists.  We do not check the "submission-address"
file because that is not necessary for the web key operation.  The
policy file is now required.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d4e2302d8f)
2017-12-11 11:31:15 +01:00
Werner Koch
f2997adee0
dirmngr: Add a background task framework.
* dirmngr/workqueue.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
* dirmngr/server.c (server_local_s): New field session_id.
(cmd_wkd_get): Add a task.
(task_check_wkd_support): New stub function.
(cmd_getinfo): New sub-commands "session_id" and "workqueue".
(start_command_handler): Add arg session_id and store it in
SERVER_LOCAL.
(dirmngr_status_helpf): New.
* dirmngr/dirmngr.h (wqtask_t): New type.
* dirmngr/dirmngr.c (main): Pass 0 as session_id to
start_command_handler.
(start_connection_thread): Introduce a session_id and pass it to
start_command_handler.  Run post session tasks.
(housekeeping_thread): Run global workqueue tasks.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96a4fbecd1)
2017-12-11 11:30:45 +01:00
Werner Koch
7a663c296e
dirmngr: Limit the number of cached domains for WKD.
* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
(insert_or_update): Limit the length of a bucket chain.
(domaininfo_print_stats): Print just one summary line.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 26f08343fb)
2017-12-11 11:29:51 +01:00
Werner Koch
6c1dcd79cf
dirmngr: Keep track of domains used for WKD queries
* dirmngr/domaininfo.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
known and tell domaininfo about the results.
--

This adds a registry for domain information to eventually avoid
useless queries for domains which do not support WKD.  The missing
part is a background task to check whether a queried domain supports
WKD at all and to expire old entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 65038e6852)
2017-12-11 11:27:22 +01:00
Werner Koch
b38ca59bdb
Merge branch 'STABLE-BRANCH-2-2' into master 2017-12-11 10:42:38 +01:00
Werner Koch
34defc9bce
Adjust for changed macro names in libgpg-error master.
* common/logging.h (GPGRT_LOGLVL_): New replacement macros for older
libgpg-error versions.

--

Updates-commit: b56dfdfc18
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-11 10:42:23 +01:00
Werner Koch
3e72143023
doc: Typo fix
--
2017-12-11 10:17:59 +01:00
Werner Koch
6d14be22a1
doc: Clarify C90 exceptions and add a new commit tag.
--

The variable definition inside a for statement require to use a c99
option for gcc which we do not want.  It has never been used and thus
we drop it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-08 13:44:24 +01:00
Werner Koch
ddd54d8210
Revert: build: Do not define logging.h constants for ...
---

This reverts commit 2fedf8583b.

We better solve this on the libgpg-error side.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-08 13:27:36 +01:00
Werner Koch
6391de3e62
doc: Fix Dijkstra
--

Edsger Wybe Dijkstra (1930 --2002)
  - Dutch computer scientist
2017-12-08 07:40:06 +01:00
NIIBE Yutaka
5c121d4444 agent: Fix description of shadow format.
* agent/keyformat.txt, agent/protect.c, agent/t-protect.c: Fix.

--

https://lists.gnupg.org/pipermail/gnupg-devel/2015-April/029680.html

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-08 09:19:50 +09:00
Werner Koch
5b8d12a8bd
speedo,w32: Disable FLTK pinentry.
--
2017-12-07 16:29:29 +01:00
Werner Koch
2fedf8583b
build: Do not define logging.h constants for libgpg-error dev versions.
* common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log
constants.
--

logging.h uses constants we plan to use for future versions of
libgpg-error.  My dev version already has the logging functions and
thus I run into a conflict.  This patch protects against this and make
the GnuPG work with later libgpg-error versions.

It was not the best idea to use constants from a planned libgpg-error
in the first place.  The actual problem are the enums, the macros
won't harm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-07 14:53:49 +01:00
NIIBE Yutaka
b9677ba16f
agent: Change intialization of assuan socket system hooks.
* agent/gpg-agent.c (initialize_modules): Add hook again.
(main): Remove setting of the system houk but add scoket system hook
setting after assuan initialization.
--

Thread initialization is better to be deferred after fork (in case of
UNIX).  assuan_sock_init should be earlier.  Thus, we need to change
system hooks for assuan_sock_* interface.  Or else, on Windows, it may
cause hang on server.

Updates-commit: 1524ba9656
GnuPG-bug-id: 3378
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-07 14:33:58 +01:00
NIIBE Yutaka
1524ba9656 agent: Set assuan system hooks before call of assuan_sock_init.
* agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks.
(main): ... here, just before assuan_sock_init.

--

In Assuan, global variable SOCK_CTX is used internally, which is
initialized by assuan_sock_init.  When initialized, system hooks
are copied into SOCK_CTX structure.  Thus, system hooks should
be set, before the call of assuan_sock_init.

GnuPG-bug-id: 3378
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-06 11:20:51 +09:00
NIIBE Yutaka
0d0b9eb0d4 g10: Fix regexp sanitization.
* g10/trustdb.c (sanitize_regexp): Only escape operators.

--

Backport from master commit:
	ccf3ba9208

To sanitize a regular expression, quoting by backslash should be only
done for defined characters.  POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library.  Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-04 19:26:49 +09:00
Daniel Kahn Gillmor
8a2917345b doc: clarify that --encrypt refers to public key encryption
--

A simple read of gpg(1) is ambiguous about whether --encrypt could be
for either symmetric or pubkey encryption.  Closer inference suggests
that --encrypt is about pubkey encryption only.  Make that clearer on
a first read.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-11-30 10:21:58 -05:00
Werner Koch
84af0bcca3
doc: Update copyright notices for common/exechelp*.
--

Verified that all authors are either g10 Code employees or
(in one case) a work for hire.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-29 11:32:42 +01:00
Werner Koch
b56dfdfc18
Use the gpgrt log functions if possible.
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix.  Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex.  Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--

This patch enables the use of the log function from libgpgrt (aka
libgpg-error).  Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions.  Eventually the
whole divert stuff can be removed.

The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string.  Note that this is fully specified
standard C behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
Werner Koch
4cf3cc6e3d
gpg: Do not read from uninitialized memory with --list-packets.
* g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME.
--

This actually does not harm because we merely display a buffer
allocated by ourselves.  However, we better tell Valgrind about it so
that we don't need to track this thing down ever again.

Test using a corrupted literal data packet:

  echo cb 0a 75 ff 59 ae 90 d5  74 65 73 74 | \
    undump |\
    valgrind gpg --list-packets >/dev/null

Reported-by: Sebastian Schinzel
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-26 18:33:49 +01:00
Werner Koch
18af15249d
agent: New option --auto-expand-secmem.
* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--

Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.

GnuPG-bug-id: 3530
2017-11-24 10:30:25 +01:00
Werner Koch
fe96ca8d86
Merge branch 'STABLE-BRANCH-2-2'
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-23 15:12:45 +01:00
Werner Koch
531182b7f8
build: Update distsigkey.gpg
--
2017-11-22 20:54:47 +01:00
Werner Koch
ea28ea18f3
gpg: Fix memory leaking for long inputs via --command-fd.
* g10/cpr.c (do_get_from_fd): Free the old buffer.
--

If the received input is longer than 200 characters we used to leak
the previous allocated buffer.

GnuPG-bug-id: 3528
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-22 20:54:47 +01:00
Daniel Kahn Gillmor
91eb242d63 doc: clarify that --encrypt refers to public key encryption
--

A simple read of gpg(1) is ambiguous about whether --encrypt could be
for either symmetric or pubkey encryption.  Closer inference suggests
that --encrypt is about pubkey encryption only.  Make that clearer on
a first read.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-11-21 11:13:13 -05:00
NIIBE Yutaka
0bb7fd0cab scd: Enable card removal check after select_application.
* scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr.
* scd/app.c (select_application): Always kick the loop if new APP.
* scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open.
(ccid_slot_status): Setup interrupt transfer when !ON_WIRE.

--

We can use the interrupt transfer to be notified about card status
change.  In this case, we don't need to issue PC_to_RDR_GetSlotStatus
command.  This change improve the setup the notification; it should be
done after registration of APP.

When the setup is done just after opening the USB connection (before
issuing PC_to_RDR_IccPowerOn), a reader might notifies about no card
availability (because of not yet powered on), even though the card is
ready to be powered on.

GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-21 12:19:15 +09:00
Werner Koch
918792befd
Include NEWS from 2.2.3
--
2017-11-20 14:58:15 +01:00
Werner Koch
7143729e65
Revert "build: BSD make support for yat2m."
--
This reverts commit e1984969ca
because that was 2.2 only.
2017-11-20 14:55:02 +01:00
Werner Koch
668f6c3de6
Merge branch 'STABLE-BRANCH-2-2' into master 2017-11-20 14:54:54 +01:00
Werner Koch
e0140c0a6a
Post release updates
--
2017-11-20 13:35:36 +01:00
Werner Koch
97f4feaaca
Release 2.2.3 2017-11-20 12:39:16 +01:00
Werner Koch
04d9833e71
build: Use -Werror only for the check.
* configure.ac: Do not add -Werror to mycflags.
--

On Windows and possible also on other platforms we expect to a get a
few errors or warnins.  Thus we can't use -Werror by default.  This is
why we have a separate configure options --enable-werror ;-).

Fixes-commit: 3ecd1a41be
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-20 12:32:31 +01:00
Werner Koch
7ffedfab89
gpg-agent: Avoid getting stuck in shutdown pending state.
* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--

I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds.  The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again.  Actually that should not
hanppen because the

          if (active_connections == 0)
            break; /* ready */

should have terminated the loop.  For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5d83eb9226)
2017-11-20 11:55:34 +01:00
NIIBE Yutaka
760aa8aada
agent: Use clock or clock_gettime for calibration.
* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.

--

For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.

Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC;  The old code with times(3) is not 100% correct,
in terms of POSIX.  It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC.  CLOCKS_PER_SEC is specifically for clock(3).

GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 380bce13d9)
2017-11-20 11:53:44 +01:00
NIIBE Yutaka
3ecd1a41be build: Check -Wlogical-op flag availability with -Werror.
* configure.ac: Use -Werror.

--

Using clang, -Wlogical-op doesn't fail but generates warning.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-20 12:01:31 +09:00
NIIBE Yutaka
e1984969ca build: BSD make support for yat2m.
* configure.ac (YAT2M): Only define when found.
* doc/Makefile.am: Portability fix.

--

This is not intended to apply to master, but 2.2 branch only.  When
new libgpg-error is required, installation of yat2m can be assumed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-20 11:33:26 +09:00
Werner Koch
2aa106d6a4
dirmngr: Fix double free of a hash context in the error case.
* dirmngr/crlcache.c: Clearly document that this fucntions takes
ownership of MD.
(abort_sig_check): Allow NULL for MD.
(crl_parse_insert): Immediately set MD to NULL.  Remove check for md
before a calling abort_sig_check.
--

GnuPG-bug-id: 3510
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-17 10:38:46 +01:00
Werner Koch
0cfdd3b57d
assuan: Fix exponential decay for first second.
* common/asshelp.c (wait_for_sock): Round SECSLEFT.
* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
mode.
* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
--

Without the rounding we saw in verbose mose

 [...]to come up ... (5s)
 [...]to come up ... (4s)

immediately without the expected one second delay.  Waiting for the
next seconds did not work if nanosleep was used due to improper passed
parameters in gnupg_usleep.

Adding --debug-wait for dirmngr in daemon mode is required to test
this change.

GnuPG-bug-id: 3490
Fixes-commit: 149041b0b9
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-15 15:31:52 +01:00