1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

2803 Commits

Author SHA1 Message Date
Justus Winter
8095d16b3e
gpg: Refactor keyedit module.
* g10/Makefile.am (gpg_SOURCES): Add new file.
* g10/keyedit.c (NODFLG_*): Move flags to the new header file.
(print_one_sig): Export symbol and rename accordingly.
(print_and_check_one_sig): Adapt accordingly.
(check_all_keysigs): Likewise.
* g10/keyedit.h: New file.
* g10/main.h: Drop declarations, include new header.

GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-13 15:36:47 +02:00
Werner Koch
e80925171d
gpg: Disable keydb handle caching only for W32
* g10/getkey.c (getkey_end) [!W32]: Re-enable caching.
--

This change limits of the effects of commit
d3d640b9cc to W32 system.

GnuPG-bug-id: 3097
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-13 09:05:40 +02:00
Werner Koch
a36c48a780
po: Make a string translatable.
--
2017-06-13 09:02:12 +02:00
Neal H. Walfield
7aeac20f12 gpg: Send gpgcompose --help output to stdout, not stderr.
* g10/gpgcompose.c (show_help): Send gpgcompose --help output to
stdout, not stderr.

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-06-11 14:10:46 +02:00
Neal H. Walfield
cb0484e076 gpg: Improve some output of gpgcompose. 2017-06-11 14:07:02 +02:00
Neal H. Walfield
4ddf4e114c gpg: Support 'gpgcompose --encrypted-pop --help'
* g10/gpgcompose.c (encrypted_pop_options): New variable.
(encrypted_pop): Support the --help option.

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-06-11 14:06:44 +02:00
Neal H. Walfield
8a90668656 gpg: Remove dead code.
* g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be
PKT_ENCRYPTED_MDC.
(encrypted_pop): Likewise and there is no option --encrypted-mdc-pop.
2017-06-11 13:59:31 +02:00
Justus Winter
a64a55e104
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
* common/compliance.c (gnupg_pk_is_allowed): New function.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* common/compliance.h (enum pk_use_case): New definition.
(gnupg_pk_is_allowed): New prototype.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
the new predicates.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/gpg.c (main): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sig-check.c (check_signature2): Likewise.
* g10/sign.c (do_sign): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (main): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

With this change, policies can effectively restrict what algorithms
are used for different purposes.  The algorithm policy for CO_DE_VS is
implemented.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-08 14:22:54 +02:00
Justus Winter
b03fab09e1
gpg: Fix computation of compliance with CO_DE_VS.
* g10/mainproc.c (proc_encrypted): Symmetric encryption is also in
compliance with CO_DE_VS.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-08 13:57:53 +02:00
Werner Koch
17e5afd80f
gpg: Avoid failure exit when scdaemon is disabled but not needed.
* g10/call-agent.c (warn_version_mismatch): Use log_info if error is
"not supported".
--

This fix may make the fix for
GnuPG-bug-id: 3192
even more robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-08 09:37:36 +02:00
Justus Winter
e051e39615
common: Add cipher mode to compliance predicate.
* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
* g10/mainproc.c (proc_encrypted): Adapt callsite.
* sm/decrypt.c (gpgsm_decrypt): Likewise.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:54:44 +02:00
Justus Winter
21fc2508c9
common,gpg,sm: Initialize compliance module.
* common/compliance.c (gnupg_initialize_compliance): New function.
* common/compliance.h (gnupg_initialize_compliance): New prototype.
* g10/gpg.c (main): Use the new function.
* sm/gpgsm.c (main): Likewise.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:54:42 +02:00
Justus Winter
f440cf73ea
common,gpg: Move the compliance option printer.
* common/compliance.c (gnupg_compliance_option_string): New function.
* common/compliance.h (gnupg_compliance_option_string): New prototype.
* g10/encrypt.c (write_pubkey_enc_from_list): Update callsite.
* g10/gpg.c (main): Likewise.
* g10/keyedit.c (keyedit_menu): Likewise.
* g10/pkclist.c (build_pk_list): Likewise.
* g10/main.h (compliance_option_string): Remove prototype.
* g10/misc.c (compliance_option_string): Remove function.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:53:32 +02:00
Justus Winter
842d233d40
common,gpg,sm: Move the compliance option parser.
* common/compliance.c (gnupg_parse_compliance_option): New function.
* common/compliance.h (struct gnupg_compliance_option): New type.
(gnupg_parse_compliance_option): New prototype.
* g10/gpg.c (parse_compliance_option): Remove function.
(compliance_options): New variable.
(main): Adapt callsite.
* sm/gpgsm.c (main): Use the new common function.
* sm/gpgsm.h (opt): New field 'compliance'.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:53:31 +02:00
Justus Winter
027ce4ba37
gpg: Improve compliance with CO_DE_VS.
* g10/gpg.c (set_compliance_option): The specification, section 4.1.1,
forbids the use of encryption without integrity protection.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:53:29 +02:00
Justus Winter
216f0804c1
common,g10: Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:08:45 +02:00
Justus Winter
be8ca88526
gpg: Report compliance with CO_DE_VS.
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information will be picked up by the frontend and
presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 13:16:18 +02:00
Justus Winter
8a012280e0
gpg,common: Move the compliance framework.
* common/Makefile.am (common_sources): Add new files.
* common/compliance.c: New file.  Move 'gnupg_pk_is_compliant' here,
and tweak it to not rely on types private to gpg.
* common/compliance.h: New file.  Move the compliance enum here.
* g10/keylist.c (print_compliance_flags): Adapt callsite.
* g10/main.h (gnupg_pk_is_compliant): Remove prototype.
* g10/misc.c (gnupg_pk_is_compliant): Remove function.
* g10/options.h (opt): Use the new compliance enum.
* sm/keylist.c (print_compliance_flags): Use the common functions.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 12:09:43 +02:00
Justus Winter
02af509dfc
gpg: Fix compliance computation.
* g10/misc.c (gnupg_pk_is_compliant): Compare against CO_RFC2440, not
RFC2440 which is actually a predicate.

Fixes-commit: fe0b37e123
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-31 17:38:21 +02:00
Justus Winter
663e5ed073
gpg: Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-30 14:30:43 +02:00
Andre Heinecke
d3d640b9cc
gpg: Disable keydb handle caching
* g10/getkey.c (getkey_end): Disable caching of the open keydb
handle.

--
This created a big regression for Windows because the keyring
is only released after the global ctrl is released. So if an operation
does a getkey and then tries to modify the keyring it will fail on
Windows with a sharing violation. We need to modify all
keyring write operations to also take the ctrl and close the
cached_getkey_kdb handle to make writing work. See:
https://dev.gnupg.org/T3097

GnuPG-Bug-Id: T3097

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-05-30 10:22:35 +02:00
NIIBE Yutaka
fbb2259d22 g10: Fix default-key selection for signing, possibly by card.
* g10/call-agent.c (warn_version_mismatch): Revert.
(start_agent): Suppress version mismatch if relevant.
* g10/getkey.c (get_seckey_default_or_card): New.
* g10/skclist.c (build_sk_list): Use get_seckey_default_or_card.

--

The change of 97a2394, which prefers available card than default key
specified is too strong.

Fixes-commit: 97a2394eca
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-22 09:27:36 +09:00
NIIBE Yutaka
ae95a7f533 g10: Fix gpgcompose.c.
* g10/gpgcompose.c (show_help): Check return value.

--

Fixes-commit: 00b7767bc6
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-17 10:14:43 +09:00
NIIBE Yutaka
a8dd96826f g10: Suppress error for card availability check.
* g10/call-agent.c (start_agent): Add semantics for card; Suppress
error for card check.
(warn_version_mismatch): Ignore an error for scdaemon.
(agent_scd_serialno): Call start_agent with
FLAG_FOR_CARD_SUPPRESS_ERRORS.

--

GnuPG-bug-id: 3165
Fixes-commit: 97a2394eca
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-17 09:46:06 +09:00
Werner Koch
2d381b0f0b
gpg: Do not mark ", " translatable.
* g10/tofu.c (ask_about_binding): Remove useless translation markers.
--

Translation and in particular punctuation marks can only be translated
with context.  Thus making a sole comma translatable is useless.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-05-15 15:56:46 +02:00
Werner Koch
00b7767bc6
common: Let format_text return an error.
* common/stringhelp.c (format_text): Return NULL on error.
* common/t-stringhelp.c (test_format_text): Adjust for change.
* g10/gpgcompose.c (show_help): Abort on out of core.
* g10/tofu.c (ask_about_binding): Abort on format_text error.
(show_statistics): Ditto.
(show_warning): Ditto.
--

For better re-usability function in common/ shot  better not use
xmalloc functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-05-15 09:58:27 +02:00
Justus Winter
f4365790da
tests: Make it possible to run all tests using our infrastructure.
* Makefile.am (TESTS_ENVIRONMENT): New variable.
(check-all): New phony target to run all tests.
* tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
whether the GPGME test suite is available instead of exiting the
process.
* tests/gpgscm/init.scm (export): New macro.
* tests/gpgscm/tests.scm (run-tests): New function.
(load-tests): Likewise.
* tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
of tests to 'all-tests.scm'.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.
* tests/gpgme/Makefile.am: To select the tests to run, use the
variable 'TESTS'.  This harmonizes the interface with the automake
test suite.
* tests/gpgsm/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.
* tests/openpgp/README: Likewise.
* agent/all-tests.scm: New file.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.
* tests/gpgme/all-tests.scm: Likewise.
* tests/gpgsm/all-tests.scm: Likewise.
* tests/migrations/all-tests.scm: Likewise.
* tests/openpgp/all-tests.scm: Likewise.
* tests/run-tests.scm: Likewise.
--

This change allows us to run all tests in parallel and write one XML
report capturing the results of every test.  It also lays the
foundation to parametrize test suites.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-11 18:12:37 +02:00
NIIBE Yutaka
0ce94a9698 g10, sm, dirmngr, common: Add comment for fall through.
* common/b64dec.c (b64dec_proc): Comment to clarify.
* dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify.
* dirmngr/dirmngr-client.c (read_pem_certificate): Likewise.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise.
* g10/armor.c (unarmor_pump): Likewise.
* g10/gpg.c (main): Likewise.
* g10/import.c (read_block): Likewise.
* g10/keygen.c (make_backsig): Likewise.
* g10/pkclist.c (check_signatures_trust):  Likewise.
* sm/gpgsm.c (main): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-10 11:13:12 +09:00
NIIBE Yutaka
98b759119c g10: Stop compiler warning for t-stutter.
* g10/t-stutter.c (do_test): Refer current_test_group_failed.

--

Since this test does not follow the framework of TEST/TEST_P/ABORT,
the variable is not used.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-10 11:13:03 +09:00
Justus Winter
22739433e9
gpg: Properly account for ring trust packets.
* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
instead of counting ourself.
* g10/packet.h (struct parse_packet_ctx_s): New field
'n_parsed_packets'.
(init_parse_packet): Initialize new field.
* g10/parse-packet.c (parse): Count packets.
--

The 'keyring' keystore depends on the number of packets for delete and
update operations.  With the rework of the ring trust packets, the
trust packets were no longer properly accounted for leading to keyring
corruptions.

The 'keybox' store was not affected.

GnuPG-bug-id: 3123
GnuPG-bug-id: 3135
GnuPG-bug-id: 3144
Fixes-commit: a8895c99a7
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-08 14:33:11 +02:00
Justus Winter
692208fd6c
gpg: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-08 14:33:09 +02:00
Daniel Kahn Gillmor
201f868030 g10: Remove skeleton options files.
* build-aux/speed/w32/inst.nsi: stop installing skeleton files.
* doc/gpg.texi: stop documenting skeleton files.
* g10/Makefile.am: stop installing skeleton files.
* g10/openfile.c (copy_options_file): Remove.
(try_make_homedir): do not call copy_options_file.

--

The defaults for gpg and dirmngr are good.  Both programs should work
fine for the simple case without any config file.  The skeleton config
files were being copied at first use (when the defaults are fine).
But when the user needs to fiddle with them (after they've become
sophisticated users), they're likely out of date because gpg has been
upgraded since then.  So they're used for documentation, but they're
stale documentation, which is probably worse than a clean empty file.

GnuPG-bug-id: 3086
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-05-02 18:55:32 +09:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka
97a2394eca g10: For signing, prefer available card key when no -u option.
* g10/skclist.c (build_sk_list): Ask gpg-agent if card is available.
Then, use the card key if any.

--

GnuPG-bug-id: 1983
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-27 10:33:58 +09:00
NIIBE Yutaka
2262a80c5f g10: Minor clean up.
* g10/main.h (complete_sig): Remove declaration.
* g10/sign.c (complete_sig): Make it static.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-26 11:39:28 +09:00
NIIBE Yutaka
116cfd6077 g10: invalidate the fd cache for keyring.
* g10/keyring.c (keyring_search_reset): Don't keep the FD cache.

--

GnuPG-bug-id: 3096
Fixes-commit: 5556eca5ac
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-25 07:48:51 +09:00
Andre Heinecke
2e71bf30f0
w32: Enable wildcard expansion with mingw-w64
* g10/gpg.c: Define _dowildcard = -1;

--
If this value is defined wildcard support in the c runtime
is enabled again. This fixes a regression caused by switching to
mingw 3.0

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2017-04-24 18:10:04 +02:00
Justus Winter
ed4d23d75e
tests: Locate resources and scripts relative to top source dir.
--

Locate every resource and every script used in the tests using a path
relative to the top of the source tree.

This is a purely mechanical change, mostly done using regular
expressions, with a few manual fixups here and there.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-24 14:14:05 +02:00
NIIBE Yutaka
256e861bce g10: Fix parse_ring_trust.
* g10/parse-packet.c (parse_ring_trust): Fix condition.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-17 09:33:19 +09:00
NIIBE Yutaka
0dec0cc281 g10: Minor fixes.
* g10/export.c (cleartext_secret_key_to_openpgp): No initialization.
(do_export_one_keyblock): Initialize with GPG_ERR_NOT_FOUND.
* g10/getkey.c (get_best_pubkey_byname): Add non-null check.
* g10/tofu.c (tofu_set_policy): ERR initialize to 0.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-17 09:15:13 +09:00
NIIBE Yutaka
af5f8ecf51 g10: Fix import/export filter property match.
* g10/import.c (impex_filter_getval): Fix to "else if".

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-17 09:08:31 +09:00
NIIBE Yutaka
74258278ef common, g10: Fix enumeration types.
* common/openpgpdefs.h (CIPHER_ALGO_PRIVATE10, PUBKEY_ALGO_PRIVATE10)
(DIGEST_ALGO_PRIVATE10, COMPRESS_ALGO_PRIVATE10): New.
* g10/misc.c (map_pk_gcry_to_openpgp): Add type conversion.
(map_cipher_openpgp_to_gcry, openpgp_cipher_algo_name)
(openpgp_pk_test_algo2, map_md_openpgp_to_gcry)
(pubkey_get_npkey): Add default handling.

--

Compilers may emit code assuming the maximum value of enum type.
According to OpenPGP specification, there are cases for private uses.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 12:54:52 +09:00
NIIBE Yutaka
7b4edf14bb common: Simplify format_text.
* common/stringhelp.c (format_text): Don't allow IN_PLACE formatting.
* common/stringhelp.h: Change the API with no IN_PLACE.
* common/t-stringhelp.c (test_format_text): Follow the change.
* g10/gpgcompose.c (show_help): Likewise.
* g10/tofu.c (format_conflict_msg_part1, ask_about_binding)
(show_statistics, show_warning): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 14:47:30 +09:00
NIIBE Yutaka
0521882958 g10: Minor clean up for export.c.
* g10/export.c (export_ssh_key): Check IDENTIFIER for error.
Release base64 thing on error of get_membuf.

--

Compiler (older) may misunderstand the variable IDENTIFIER is not
initialized, while good one can do better analysys on the value for
ERR (and thus, IDENTIFIER).

On the error of get_membuf, still, b64enc_finish should be called,
even if it lost the ERR value.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 08:47:23 +09:00
NIIBE Yutaka
03d77b60be g10,tools: Fix bzlib.h include order.
* g10/compress-bz2.c: Include bzlib.h after gcrypt.h.
* tools/gpgsplit.c: Likewise.

--

bzlib.h may include windows.h on Windows.  It is better
after gcrypt.h which may include winsock2.h.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-11 13:52:19 +09:00
NIIBE Yutaka
f079822b2c g10: Minor clean up for TOFU.
* g10/tofu.c (ask_about_binding): Fix for qualifier.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-11 12:51:47 +09:00
Werner Koch
547bc01d57
gpg: Fix printing of offline taken subkey.
* g10/keylist.c (list_keyblock_print): Set SECRET to 2 and not 0x32.
--

Reported-by: Danielle McLean <dani@00dani.me>
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-07 10:13:09 +02:00
Werner Koch
3f6d949011
gpg: Handle critical marked 'Reason for Revocation'.
* g10/parse-packet.c (can_handle_critical): Add
SIGSUBPKT_REVOC_REASON.
--

Some software seems to mark that subpacket as criticial.  Although gpg
has no special treatment for a revocation reasons (except for
--list-packets) we can accept a criticial marked anyway.  There are no
mandatary rules specified on how to handle a revocation reason.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 08:51:52 +02:00
Werner Koch
5556eca5ac
gpg: Avoid multiple open calls to the keybox file.
* g10/keydb.h (KEYDB_HANDLE): Move typedef to ...
* g10/gpg.h: here.
(struct server_control_s): Add field 'cached_getkey_kdb'.
* g10/gpg.c (gpg_deinit_default_ctrl): Release that keydb handle.
* g10/getkey.c (getkey_end): Cache keydb handle.
(get_pubkey): Use cached keydb handle.
* kbx/keybox-search.c (keybox_search_reset): Use lseek instead of
closing the file.
--

Before this patch a "gpg --check-sigs" opened and closed the keybox
file for almost every signature check.  By caching the keydb handle
and using lseek(2) this can be limited to just 2 times.  This might
speed up things on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 21:27:16 +02:00
Werner Koch
aca5f494a8
gpg: Pass CTRL also to getkey_end.
* g10/getkey.c (getkey_end): Add arg CTRL.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:35:28 +02:00
Werner Koch
3a10de3bfd
gpg: Print more stats for the keydb and the signature cache.
* g10/sig-check.c (sig_check_dump_stats): New.
(cache_stats): New struct.
(check_key_signature2): Update stats.
* g10/gpg.c (g10_exit): Call new function.
* g10/keydb.c (kid_not_found_cache_count): Replace by ...
(kid_not_found_stats): ... new struct.  Change users.
(keydb_stats): New struct.  Update the counters.
(keydb_dump_stats): Print all stats.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:08:23 +02:00
Werner Koch
52ba5e67ca
gpg: Assert that an opaque parameter is really what we expect.
* g10/gpg.h (SERVER_CONTROL_MAGIC): New const.
(server_control_s): Add field 'magic'.
* g10/gpg.c (gpg_init_default_ctrl): Init MAGIC.
* g10/import.c (impex_filter_getval): Assert MAGIC.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:07:33 +02:00
Werner Koch
8f2671d2cc
gpg: Pass CTRL to many more functions.
--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:07:20 +02:00
Justus Winter
5e89144cbc
gpg: Consistent use of preprocessor conditionals.
* g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking
DEBUG_PARSE_PACKET.  This fixes the build with '#define
DEBUG_PARSE_PACKET 0'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-30 16:13:45 +02:00
Werner Koch
a6142dbdbc
gpg: Remove the use of the signature information from a KBX.
* g10/keydb.c (keyblock_cache): Remove field SIGSTATUS.
(keyblock_cache_clear): Adjust for that removal.
(parse_keyblock_image): Remove arg SIGSTATUS.  Remove the signature
cache setting; this is now done in the parser.
(keydb_get_keyblock): Do not set SIGSTATUS.
(build_keyblock_image): Remove arg SIGSTATUS and simplify.  Change
caller.
* kbx/keybox-blob.c: Explain that the signature information is not
anymore used.
(_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change
callers.
* kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS
and change callers.
* kbx/keybox-update.c (keybox_insert_keyblock): Likewise.
--

This thing was too complicated and has been replaced by the new ring
trust packet code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 16:01:55 +02:00
Werner Koch
7bf24e8146
gpg: Fix actual leak and possible leaks in the packet parser.
* g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
pointer to its struct.
(init_parse_packet): Adjust for LAST_PKT not being a pointer.
* g10/parse-packet.c (parse): Ditto. Free the last packet before
storing a new one in case of a deep link.
(parse_ring_trust): Adjust for LAST_PKT not being a pointer.
* g10/free-packet.c (free_packet): Ditto.
* g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
--

Fixes-commit: afa8680908
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 16:01:52 +02:00
Werner Koch
64665404e4
gpg: Fix export porting of zero length user ID packets.
* g10/build-packet.c (do_user_id): Avoid indeterminate length header.
--

We are able to import such user ids but when exporting them the
exported data could not be imported again because the parser bails out
on invalid keyrings.  This is now fixed and should be backported.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 10:35:20 +02:00
Werner Koch
a8895c99a7
gpg: Revamp reading and writing of ring trust packets.
* g10/parse-packet.c (parse_trust): Rename to ...
(parse_ring_trust): this.  Change args and implement new ring trust
packet format.
(parse): Add special ring trust packet handling.
* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
KEYSRC.
(PKT_public_key): Ditto.
(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
(PKT_ring_trust): New.
(struct packet_struct): Remove member RING_TRUST.
(strcu parse_packet_ctx_s): Add field SKIP_META.
(init_parse_packet): Init SKIPT_META.
* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
(free_user_id): Ditto.
* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
lines.
* g10/build-packet.c (build_packet_and_meta): New.
(do_ring_trust): New.
* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
in backup mode.
(do_export_one_keyblock): Ditto.
* g10/import.c (read_block): Add arg WITH_META.  Skip ring trust
packets if that ism not set.
(import): Call read_block WITH_META in restore mode.
* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants.  They are not
yet used, though.
* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
(build_keyblock_image): Ditto.  Use build_packet_and_meta.
* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
ring trust packets.
(write_keyblock): Use build_packet_and_meta.  Remove special treatment
of ring trust packets and initialization of the signature caches.
--

This patch introduced the framework to store meta data for keys and
user ids in the keyrings/keyboxes.  Ring trust packets are
implementation defined and have always been used in gpg to cache the
signature verification status.

Ring trust packets are only exported with the export option "backup"
and only imported with the import option "restore".

The new code uses a cleaner way to handle the ring trust packets: When
the parser reads a ring trust packet and the previously read packet
matches the type of that ring trust packet, the information is stored
in that previously read packet (signature, user id, or primary key)
and the next packet is read immediately.  Thus only the parser sees
the ring trust packets.  Ring trust packets are written by using the
new function build_packet_and_meta instead of build_packet.  That
function writes a ring trust packet when the needed information is
available.

As a side-effect of this patch the signature status cache works again
and "gpg --check-sigs" is thus much faster.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 09:07:02 +02:00
Werner Koch
afa8680908
gpg: Extend free_packet to handle a packet parser context.
* g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
FREE_LAST_PKT.
(init_parse_packet): Clear them.
(deinit_parse_packet): New macro.  Change all users if
init_parse_packet to also call this macro.
* g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
packet copies in the context.  Change all callers.
* g10/parse-packet.c (parse): Store certain packets in the parse
context.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-29 12:08:31 +02:00
Werner Koch
ba57f8302a
indent: Re-indent function free-packet.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-29 11:28:30 +02:00
Werner Koch
0526c99164
gpg: Change parse_packet to take a context.
* g10/packet.h (struct parse_packet_ctx_s): New.
(parse_packet_ctx_t): New type.
(init_parse_packet): New macro.
* g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take
a parse context.  Change all callers to provide a context instead of
directly supplying the input stream.
(search_packet, dbg_search_packet): Ditto.
(copy_all_packets, dbg_copy_all_packets): Init an use a parse context.
(copy_some_packets, dbg_copy_some_packets): Ditto.
(skip_some_packets, dbg_skip_some_packets): Ditto.
--

We will need this change to handle ring packets inside the parser.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-29 10:06:29 +02:00
Werner Koch
f5b565a5b8
gpg: Export ring trust packets in backup mode.
* g10/export.c (write_keyblock_to_output): Export ring trust packets.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-29 10:06:29 +02:00
Werner Koch
5b3523d3e0
indent: Re-indent parts of build-packet.c
--
2017-03-29 10:06:29 +02:00
Werner Koch
4af389c972
gpg: Prepare for listing last_update and key origin data.
* g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20.

--

We add them now to early catch error in parsers which arbitrary limit
the number of fields in --with-colon listings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-28 12:32:05 +02:00
Justus Winter
6d3edfd972
g10: Fix memory leak.
* g10/decrypt-data.c (decrypt_data): Free 'filename'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-28 12:11:02 +02:00
NIIBE Yutaka
c1e6302b34 g10: Support specifying SERIALNO for --card-status.
* g10/gpg.c (main): Allow an argument for --card-status.
* g10/card-util.c (current_card_status): Rename from card_status.
(card_status): New, which supports multiple cards.
(get_one_name): Use current_card_status.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-27 14:02:01 +09:00
Werner Koch
74c1f30ad6
gpg: New command --quick-set-primary-uid.
* g10/gpg.c (aQuickSetPrimaryUid): New const.
(opts): New command --quick-set-primary-uid.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ...
(quick_find_keyblock): new func.
(keyedit_quick_revuid): Use quick_find_keyblock.
(keyedit_quick_set_primary): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-21 15:09:30 +01:00
Werner Koch
fe0b37e123
gpg: Add new field no 18 to the colon listing.
* g10/misc.c (gnupg_pk_is_compliant): New.
* g10/keylist.c (print_compliance_flags): New.
(list_keyblock_colon): Call it here.
* sm/keylist.c (print_compliance_flags): New.
(list_cert_colon): Call it here.
--

This patch is to convey information about DE_VS compliant keys to the
caller.  The double digit value is used so that parsers do the right
thing and don't just look for a single digit.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-20 10:09:40 +01:00
Werner Koch
e2c63a13e2
gpg: Remove unused stuff.
* g10/OPTIONS: Remove.
* g10/options.h (struct opt): Remove 'shm_coprocess'.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-20 08:40:21 +01:00
Neal H. Walfield
b1106b4d64 gpg: Make sure the conflict set includes the current key.
* g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling
get_policy.  If POLICY is 'auto' and the default policy is 'ask', make
sure CONFLICT_SET includes the current key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2959
Debian-bug-id: 854829

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2017-03-17 14:35:00 +01:00
NIIBE Yutaka
8c8ce8711d agent,g10: Remove redundant SERIALNO request.
* agent/learncard.c (agent_handle_learn): Don't call
agent_card_serialno.  Get the serialno in status response.
* g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO".
(agent_scd_serialno): New.
(card_cardlist_cb, agent_scd_cardlist): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 14:32:51 +09:00
NIIBE Yutaka
61785b679c g10: Fix check of serialno.
* g10/card-util.c (card_status): Fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-15 16:50:48 +09:00
NIIBE Yutaka
ed3248219e g10: Remove unused function.
* g10/call-agent.c (select_openpgp): Remove.

--

By this change, the function get_serialno_cb will be also unused.  But
please don't remove the function, because it will be soon used.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-15 16:48:01 +09:00
Werner Koch
9a77b3b6e4
gpg: Flush stdout before printing stats with --check-sigs.
* g10/keylist.c (print_signature_stats): Flush stdout.
(list_keyblock_colon): Use es_flush instead of fflush.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-13 17:43:07 +01:00
Justus Winter
2649fdfff5
g10: Move more flags into the flag bitfield.
* g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and
'is_expired' into the flags bitfield, and drop the prefix.
* g10/call-dirmngr.c: Adapt accordingly.
* g10/export.c: Likewise.
* g10/getkey.c: Likewise.
* g10/import.c: Likewise.
* g10/kbnode.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyserver.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
--

This patch has been created by applying the following semantic patch:

    @@
    expression E;
    @@
    -E->is_expired
    +E->flags.expired

    @@
    expression E;
    @@
    -E->is_primary
    +E->flags.primary

    @@
    expression E;
    @@
    -E->is_revoked
    +E->flags.revoked

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-08 13:31:10 +01:00
Werner Koch
8f02864223
dirmngr: Do not put a keyserver into a new dirmngr.conf
* g10/dirmngr-conf.skel: Do not define keyservers.
--
2017-03-08 11:35:53 +01:00
Justus Winter
591b6a9d87
gpg: Do not allow the user to revoke the last valid UID.
* g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then
make sure that we do not revoke the last valid UID.
(menu_revuid): Make sure that we do not revoke the last valid UID.
* tests/openpgp/quick-key-manipulation.scm: Demonstrate that
'--quick-revoke-uid' can not be used to revoke the last valid UID.

GnuPG-bug-id: 2960
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-07 13:46:20 +01:00
NIIBE Yutaka
d6c7bf1f8a More change for common.
* g10, scd, test, tools: Follow the change of removal of -Icommon.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:32:09 +09:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Werner Koch
4a130bbc2c
gpg: Fix attempt to double free an UID structure.
* g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL.
--

Phil Pennock reported an assertion failure when doing

  % gpg --auto-key-locate dane --locate-keys someone
  gpg: Ohhhh jeeee: Assertion "uid->ref > 0" in \
         free_user_id failed (free-packet.c:310)

on his keyring.  This patch is not tested but a good guess.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-06 07:57:08 +01:00
Werner Koch
5f6f3f5cae
gpg: Fix possible segv when attribute packets are filtered.
* g10/import.c (impex_filter_getval): Handle PKT_ATTRIBUTE the same as
PKT_USER_ID
(apply_drop_sig_filter): Ditto.
--

The old code was plainly wrong in that it considered PKT_ATTRIBUTE to
use a PKT_signature object.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-03 09:50:40 +01:00
Werner Koch
1813f3be23
gpg: Add new variables to the import and export filters.
* g10/import.c (impex_filter_getval): Add new variables "expired",
"revoked", and "disabled".

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-03 09:22:40 +01:00
Justus Winter
0c4d0620d3
gpg: Always initialize the trust db when generating keys.
* g10/gpg.c (main): Always initialize the trust db when generating
keys.
* g10/keygen.c (do_generate_keypair): We can now assume that there is
a trust db.
--
It is important to mark keys we create as ultimately trusted.

Fixes-commit: 4735ab96aa
GnuPG-bug-id: 2695
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-02 16:25:20 +01:00
Justus Winter
4735ab96aa
gpg: Fix (quick) key generation with --always-trust.
* g10/keygen.c (do_generate_keypair): Only update the ownertrust if we
do have a trust database.
* g10/trustdb.c (have_trustdb): New function.
* g10/trustdb.h (have_trustdb): New prototype.
* tests/openpgp/quick-key-manipulation.scm: Remove workaround.

GnuPG-bug-id: 2695
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-02 14:50:23 +01:00
Justus Winter
62d21a4ab4
g10: Signal an error when trying to revoke non-existant UID.
* g10/keyedit.c (keyedit_quick_revuid): Signal an error when trying to
revoke non-existant UID.
* tests/openpgp/quick-key-manipulation.scm: Test that.

GnuPG-bug-id: 2962
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-02 11:39:00 +01:00
Werner Koch
891ab23411
gpg: Make --export-options work with --export-secret-keys.
* g10/export.c (export_seckeys): Add arg OPTIONS and pass it to
do_export.
(export_secsubkeys): Ditto.
* g10/gpg.c (main): Pass opt.export_options to export_seckeys and
export_secsubkeys
--

Back in the old days we did not used the export options for secret
keys export because of a lot of duplicated code and that the old
secring.gpg was anyway smaller that the pubring.gpg.  With 2.1 it was
pretty easy to enable it.

Reported-by: Peter Lebbing
GnuPG-bug-id: 2973
2017-03-01 14:41:47 +01:00
Werner Koch
2bbdeb8ee8
gpg: Allow creating keys using an existing ECC key.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO.
Change to return the algo id.  Reimplement using get_pk_algo_from_key.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Ditto.
--

GnuPG-bug-id: 2976
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-01 13:36:01 +01:00
Werner Koch
e182542e90
gpg: Do not require a trustdb for decryption.
* g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
Change to return an error code.  Change all callers to to pass False
for NO_CREATE.
(tdb_get_ownertrust): New arg NO_CREATE.  Call init_trustdb to test
for a non-existing trustdb.  Change all callers to to pass False for
NO_CREATE.
(tdb_get_min_ownertrust): Ditto.
* g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE.  Call
init_trustdb for a quick check.
(get_ownertrust_info): Add arg NO_CREATE.
(get_ownertrust_string): Ditto.
* g10/gpgv.c (get_ownertrust_info): Adjust stub.
* g10/test-stubs.c (get_ownertrust_info): Ditto.
* g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
set.
* g10/pubkey-enc.c (get_it): Ditto.
--

Fixes-commit: effa80e0b5

For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to
gnupg-devel 'test failure on git master with
decrypt-session-key.scm (and: continuous integration?)'

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-28 20:30:48 +01:00
Justus Winter
d379a0174c
gpg,tools: Make auto-key-retrieve configurable via gpgconf.
* g10/gpg.c (gpgconf_list): Add 'auto-key-retrieve'.
* tools/gpgconf-comp.c (gc_options_gpg): Likewise.

GnuPG-bug-id: 2381
Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-28 14:59:11 +01:00
Justus Winter
ebeccd73eb
gpg,tools: Make trust-model configurable via gpgconf.
* g10/gpg.c (gpgconf_list): Add 'trust-model'.
* tools/gpgconf-comp.c (gc_options_gpg): Likewise.

GnuPG-bug-id: 2381
Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-28 13:15:42 +01:00
Werner Koch
8a67dc4c43
gpgv,w32: Fix --status-fd.
* g10/gpgv.c (main): Use translate_sys2libc_fd_int for --status-fd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-28 09:39:10 +01:00
Daniel Kahn Gillmor
ddf01a67d6 trustdb: Respect --quiet during --import-ownertrust.
* g10/tdbdump.c (import_ownertrust): If opt.quiet is set, do not send
log_info messages.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-25 22:46:54 -08:00
Manish Goregaokar
64ec21bebd g10: fix typo
I already have copyright assignment with the FSF for GDB. I don't
think I'll need to do the DCO thing.

Signed-off-by: Manish Goregaokar <manish@mozilla.com>
2017-02-25 22:46:32 -08:00
Werner Koch
7af5d61c6e
gpgv: New options --log-file and --debug
* g10/gpgv.c (oLoggerFile, oDebug): New consts.
(opts): Add options --log-file and --debug.
(main): Implement options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-24 13:23:16 +01:00
Werner Koch
effa80e0b5
gpg: Emit new status DECRYPTION_KEY
* common/status.h (STATUS_DECRYPTION_KEY): New.
* g10/pubkey-enc.c (get_it): Emit that status.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 19:59:21 +01:00
Daniel Kahn Gillmor
ccb420380b Fix spelling.
--

Clean up several other misspellings noticed while reviewing Yuri's
de-duplication patch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
NIIBE Yutaka
3fc69224b7 g10: Support primary key generation by keygrip.
* g10/keygen.c (para_name): Add pKEYGRIP.
(generate_keypair): Use pKEYGRIP for key generation.
(do_generate_keypair): Call do_create_from_keygrip with pKEYGRIP.

--

https://lists.gnupg.org/pipermail/gnupg-devel/2017-February/032591.html

Reported-by: Alon Bar-Lev <alon.barlev@gmail.com>
Suggested-by: Peter Lebbing <peter@digitalbrains.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-21 08:27:23 +09:00
Werner Koch
b456e5be91
gpg: Make --export-ssh-key work for the primary key.
* g10/export.c (export_ssh_key): Also check the primary key.
--

If no suitable subkey was found for export, we now check whether the
primary key is suitable for export and export this one.  Without this
change it was only possible to export the primary key by using the '!'
suffix in the key specification.

Also added a sample key for testing this.

GnuPG-bug-id: 2957
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-14 10:55:13 +01:00
Werner Koch
810adfd478
gpg: Print a warning if no command has been given.
* g10/gpg.c (main): Print in the default case.
--

GnuPG-bug-id: 2943
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-13 20:13:05 +01:00
Werner Koch
5996c7bf99
gpg: Fix memory leak in the error case of signature creation.
* g10/sign.c (write_signature_packets): Free SIG.  Also replace
xcalloc by xtrycalloc.
--

If do_sign fails SIG was not released.  Note that in the good case SIG
is transferred to PKT and freed by free_packet.

Reported-by: Stephan Müller
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-10 17:58:26 +01:00
Justus Winter
6823ed4658
gpg,common: Make sure that all fd given are valid.
* common/sysutils.c (gnupg_fd_valid): New function.
* common/sysutils.h (gnupg_fd_valid): New declaration.
* common/logging.c (log_set_file): Use the new function.
* g10/cpr.c (set_status_fd): Likewise.
* g10/gpg.c (main): Likewise.
* g10/keylist.c (read_sessionkey_from_fd): Likewise.
* g10/passphrase.c (set_attrib_fd): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/issue2941.scm: New file.
--

Consider a situation where the user passes "--status-fd 3" but file
descriptor 3 is not open.

During the course of executing the rest of the commands, it's possible
that gpg itself will open some files, and file descriptor 3 will get
allocated.

In this situation, the status information will be appended directly to
whatever file happens to have landed on fd 3 (the trustdb? the
keyring?).

This is a potential data destruction issue for all writable file
descriptor options:

   --status-fd
   --attribute-fd
   --logger-fd

It's also a potential issue for readable file descriptor options, but
the risk is merely weird behavior, and not data corruption:

   --override-session-key-fd
   --passphrase-fd
   --command-fd

Fixes this by checking whether the fd is valid early on before using
it.

GnuPG-bug-id: 2941
Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-08 14:28:49 +01:00
Daniel Kahn Gillmor
f31120a5aa
gpg: Fix aliases --list-key, --list-sig, and --check-sig.
* g10/gpg.c (opts): Define commands with ARGPARSE_c
instead of ARGPARSE_s_n.

--

These three entries are commands, but they're being treated as a
string-based option for some reason.  However, if you try to use them
concurrently with another command like --clearsign, you'll get "gpg:
conflicting commands".

Furthermore, because they're marked as options, their flags differ
from the commands that they alias, they cause ambiguity in
abbreviation (e.g. try "gpg --list-ke") which should have been fixed
by 7249ab0f95.

Marking them explicitly as commands for argparse should be more
accurate and should resolve the abbreviation ambiguity issue.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gpg: fix aliases --list-key, --list-sig, and --check-sig.

* g10/gpg.c: ARGPARSE_OPTS opts[]: define commands with ARGPARSE_c
instead of ARGPARSE_s_n.

--

These three entries are commands, but they're being treated as a
string-based option for some reason.  However, if you try to use them
concurrently with another command like --clearsign, you'll get "gpg:
conflicting commands".

Furthermore, because they're marked as options, their flags differ
from the commands that they alias, they cause ambiguity in
abbreviation (e.g. try "gpg --list-ke") which should have been fixed
by 7249ab0f95.

Marking them explicitly as commands for argparse should be more
accurate and should resolve the abbreviation ambiguity issue.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-05 18:05:17 +01:00
Werner Koch
7052a0d77c
gpg: More diagnostics for a launched pinentry.
* agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
* g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
that we do not change the code when adding new fields to
PINENTRY_LAUNCHED.
--

This patch changes the --verbose output of gpg to show
for example

  gpg: pinentry launched (5228 gtk2 1.0.1-beta10 \
  /dev/pts/4 xterm localhost:10.0)

the used tty, its type, and the value of DISPLAY in addiion to the
pid, flavor, and version.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-03 12:05:16 +01:00
Neal H. Walfield
407f5f9bae gpg: Don't assume that strtoul interprets "" as 0.
* g10/tofu.c (show_statistics): If there are not records, return 0
instead of NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2853

According to SUSv3:

  If the subject sequence is empty or does not have the expected form,
  no conversion is performed
  ...
  If no conversion could be performed, 0 is returned and errno may be
  set to [EINVAL].

  http://pubs.opengroup.org/onlinepubs/007908799/xsh/strtol.html

It appears that MacOS X sets errno to EINVAL, but glibc doesn't.
Hence, we map NULL to 0 explicitly.
2017-02-02 15:48:45 +01:00
Neal H. Walfield
769272ba87 gpg: Ensure TOFU bindings associated with UTKs are registered as usual
* g10/tofu.c (get_trust): Call get_policy before short-circuiting the
policy lookup for ultimately trusted keys to make sure the binding is
added to the bindings table, if necessary.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2929
2017-02-02 14:24:38 +01:00
Neal H. Walfield
a08c781739 gpg: If there is a TOFU conflict, elide the too few message warning.
* g10/tofu.c (tofu_get_validity): If there was a conflict, don't also
print out a warning about too few messages.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2017-02-02 13:26:42 +01:00
Neal H. Walfield
027b81b35f gpg: Only print out TOFU statistics for conflicts in interactive mode
* g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP.  If
they are not NULL, return the policy and conflict set (if there is
one), respectively.  Update callers.  If MAY_ASK is FALSE, don't print
out the statistics.
(tofu_register_encryption): If there is a conflict and we haven't yet
printed the statistics about the conflicting bindings, do so now.
(tofu_get_validity): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2914
2017-02-02 13:26:42 +01:00
Neal H. Walfield
74268180e5 gpg: Add newline to output.
* g10/tofu.c (ask_about_binding): Add newline to output.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2017-02-02 13:26:41 +01:00
Neal H. Walfield
6f9d8a956b gpg: Remove period at end of warning.
* g10/tofu.c (tofu_register_encryption): Remove period at end of
warning.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2017-02-02 13:26:41 +01:00
Justus Winter
3f4f20ee6e gpg: Fix searching for mail addresses in keyrings.
* g10/keyring.c (compare_name): Fix KEYDB_SEARCH_MODE_MAIL* searches
in keyrings when the UID is a plain addr-spec.
--
Previously, 'gpg --list-key "<foo@example.org>"' failed if 1/ the
keyring format is used and 2/ the key's UID is a plain addr-spec
(cf. RFC2822 section 4.3), e.g. 'foo@example.org'.

GnuPG-bug-id: 2930
Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-25 16:58:46 +01:00
Werner Koch
770b75a746
gpg: Print a warning on Tor problems.
* dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
(map_host): Call that to print a warning.
(handle_send_request_error): Ditto and avoid marking the host dead.
Also print a tor_config_problem warning.  Add arg CTRL; adjust callers
to pass that new arg.
* g10/call-dirmngr.c (ks_status_cb): Detect and print the new
warnings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-24 20:52:24 +01:00
Werner Koch
707c47f559
Update copyright notices for 2017.
--

Also some http:// -> https:// fixes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 19:16:55 +01:00
Damien Goutte-Gattat
a85731ada2
gpg: Fix misleading log message when checking regexp.
* src/trustdb.c (check_regexp): Correctly print whether the
regexp matched or not.
--

This patch fixes the log message displayed when gpg attempts to
match the regexp associated with a trust signature with an user ID.
The current message interprets the 'ret' variable backwards, and
displays 'YES' when the regexp actually fails to match.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-01-23 10:48:06 +01:00
Werner Koch
953d4ec6af
gpg: New export and import options "backup" and "restore".
* g10/export.c (parse_export_options): Add "backup" and its alias
"export-backup".
(do_export_one_keyblock): Export ring trust packets in backup mode.
* g10/import.c (parse_import_options): Add "restore" and its alias
"import-restore".
(read_block): Import ring trust packets.
--

These options are intended to, well, backup and restore keys between
GnuPG implementations.  These options may eventually be enhanced to
backup and restore all public key related information.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 10:13:26 +01:00
Damien Goutte-Gattat
3daeef702b gpg: Allow to freeze faked system time.
* g10/gpg.c (main): If the parameter for --faked-system-time
ends with a '!', freeze time at the specified point.
* common/gettime.c (gnupg_set_time): Allow to freeze the time
at an arbitrary time instead of only the current time.
* doc/gpg.texi: Update documentation for --faked-system-time.
--

This patch allows the user to modify the behavior of the
--faked-system-time option: by appending a '!' to the parameter,
time in GnuPG will be frozen at the specified time, instead of
advancing normally from that time onward.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-01-19 10:39:06 +01:00
Werner Koch
701f54eccf
gpg: Remove unused definitions.
* g10/keydb.h (rt_UNKNOWN, rt_RING): Remove constants.
(keyblock_pos_struct, KBPOS): Remove struct and type.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-18 10:07:53 +01:00
Werner Koch
356323768a
gpg: Clean bogus subkey binding when cleaning a key.
* g10/trust.c (clean_key): Also clean bogus subkey bindings.
--

GnuPG-bug-id: 2922
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-17 10:26:34 +01:00
Werner Koch
766c25018b
gpg: Sync print of additional sig data in --edit-key.
* g10/keylist.c (show_policy_url): Implement MODE -1.
(show_keyserver_url): Ditto.
(show_notation): Ditto.
* g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and
notation data to the tty.
--

With this change the listing of signatures in the key edit menu does
now include policy URLs et al in order and not possible after leaving
the menu (it used to go to stdout and not the tty).

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-17 10:23:52 +01:00
Werner Koch
adbfbf608e
gpg: Prepare some key cleaning function for use with secret key packets.
* g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets.
(clean_sigs_from_uid): Ditto.
(clean_uid_from_key): Ditto.
(clean_one_uid): Ditto.
(clean_key): Ditto.
--

Since 2.1 secret keys and public keys use identical data structure and
thus we should not restrict those key cleaning functions to work only
with public key packets.  This change has no immediate effect but may
come handy in the future.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-17 09:14:44 +01:00
Werner Koch
c99a09f111
gpg: Rename a var to avoid a shadowing warning.
* g10/keygen.c (keygen_set_std_prefs): Rename variable.
--

I consider it better not to use the name of a commonly used function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-12 10:40:43 +01:00
Daniel Kahn Gillmor
38671cfe5a g10: avoid warning when --disable-tofu
If configured with --disable-tofu, we see compiler warnings about an
unused variable.  This should remove those warnings.
2017-01-04 13:18:04 -05:00
Werner Koch
6b84ecbf31
Replace use of variable-length-arrays.
* common/t-iobuf.c (main): Replace variable-length-array.
* g10/gpgcompose.c (mksubpkt_callback): Ditto.
(encrypted): Ditto.
* g10/t-stutter.c (log_hexdump): Ditto.
(oracle_test): Ditto.
* g10/tofu.c (get_policy): Ditto.  Use "%zu" for size_t.
* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
Check for zero length OID_LEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-02 13:29:18 +01:00
Werner Koch
b8b0d2f4c1
build: Update distributed signature key.
--

This update is required because gniibe prolonged his key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-20 10:22:05 +01:00
Werner Koch
10dae15186
typo: Fix a string in do_we_trust_pre.
--
2016-12-19 16:39:26 +01:00
Werner Koch
e384405b6e
Remove unused debug flags and add "dns" and "network".
* g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
* g10/gpg.c (debug_flags): Remove "cardio".
* agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* agent/gpg-agent.c (debug_flags): Remove "command".
* scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* scd/scdaemon.c (debug_flags): Remove "command".
* dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
(DBG_NETWORK_VALUE, DNG_NETWORK): New.
* dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
--

Note that "dns" and "network" are not yet used but will soon be added
to dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 09:41:15 +01:00
Werner Koch
48671f295f
gpg,sm: A few more option for --gpgconf-list.
* g10/gpg.c (gpgconf_list): Add --compliance and
--default-new-key-algo.
(parse_compliance_option):
* sm/gpgsm.c (main) <gpgconf-list>: Add --enable-crl-checks.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-16 16:05:02 +01:00
Neal H. Walfield
4a2c210b75 g10: Use total days, not total messages to compute TOFU validity
* g10/tofu.c (write_stats_status): Use the number of days with
signatures / encryptions to compute the validity, not the total number
of signatures / encryptions.
(BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
(FULL_TRUST_THRESHOLD): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-16 14:51:15 +01:00
Neal H. Walfield
94f6b9010d g10: Extend TOFU_STATS to emit <sign-days> and <encyrption-days>
* doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
line.
* g10/tofu.c (write_stats_status): Take additional parameters
signature_days and encryption_days.  Update callers.  Include them in
the tfs record and TOFU status lines.
(show_statistics): Compute the number of days on which we saw a
message signed by FINGERPRINT, and the number of days on which we
encrypted a message to it.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-16 14:32:39 +01:00
Neal H. Walfield
fea9da4a8a g10: On a TOFU conflict, write the conflicting keys to the status fd
* g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and
their statistics on the status fd.
(get_trust): Likewise, if we don't call ask_about_binding.
(show_statistics): Have the caller pass the policy as returned by
get_policy.  Add argument only_status_fd and don't emit any output on
stdout if it is set.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-16 11:11:17 +01:00
Neal H. Walfield
6caa2d0ba2 g10: Add missing space.
* g10/tofu.c (tofu_register_encryption): Add missing space.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-16 11:11:16 +01:00
Justus Winter
6b16b02109 g10: Avoid translating simple error messages.
* g10/gpg.c (main): Avoid translating arguments to 'wrong_args'.
--
Translating these messages is a burden for translators, and we only
have translations for very few of them as it is.

If we want to localize these messages, I'd suggest to translate the
placeholders (e.g. 'filename').

Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 16:14:23 +01:00
Justus Winter
41ad04d403 g10: Rework the --quick-* interface.
* g10/gpg.c (opts): Rename options.
(main): Update errors.
* doc/gpg.texi: Update accordingly.
--
I decided not to keep the old versions as aliases in the documentation
because the interface is a fairly recent addition.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 15:32:51 +01:00
Justus Winter
6e4396723e g10: Rename 'card-edit' to 'edit-card'.
* g10/gpg.c (opts): Rename option.
* g10/call-agent.c (agent_scd_learn): Update comment.
* doc/gpg.texi: Update accordingly.
--
This change has a surprising side effect.  Previously, --edit was an
alias for --edit-key, because the argument parser actually accepts
unique prefixes of all options.  With this change, however, --edit is
ambiguous.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 14:50:10 +01:00
Justus Winter
3c691097ca g10: Spell out --desig-revoke.
* g10/gpg.c (opts): Rename option.
* doc/gpg.texi: Update accordingly.
--
This is a rather long name, but I believe that this command is rarely
used, and in places where it is used frequently, the process is likely
automated.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 13:59:48 +01:00
Justus Winter
c252627c6f g10: Shorten unreasonably long option.
* g10/gpg.c (opts): Rename 'generate-revocation-certificate' to
'generate-revocation'.
* doc/gpg.texi: Update accordingly.
* po: Update translations.

GnuPG-bug-id: 2700
Fixes-commit: ec1bd3ae68
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-15 13:01:03 +01:00
Justus Winter
c1c35fb887 g10,sm: Spell out --passwd.
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.
* doc/gpgsm.texi: Likewise.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:49:47 +01:00
Justus Winter
ec1bd3ae68 g10: Spell out --gen-revoke.
* g10/gpg.c (opts): Spell out option.
* doc/gpg.texi: Update accordingly.
* po: Update translations.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:43:22 +01:00
Justus Winter
09163a6390 g10: Spell out --full-gen-key.
* g10/gpg.c (opts): Spell out option.
(main): Likewise.
* g10/keygen.c (generate_keypair): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:55 +01:00
Justus Winter
892c827e72 g10,sm: Spell out --gen-key.
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:55 +01:00
Justus Winter
9147737f1c g10,sm: Spell out --check-sigs.
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:55 +01:00
Justus Winter
a6d6e4afe4 g10,sm: Spell out --list-sigs.
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:54 +01:00
Justus Winter
04754ce3a7 g10: Hyphenate --clearsign.
* g10/gpg.c (opts): Hyphenate option.
* doc/gpg.texi: Update accordingly.
* po: Update translations.
* tests/openpgp: Update tests.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:54 +01:00
Justus Winter
ca59815234 g10: Spell out --recv-keys.
* g10/gpg.c (opts): Spell out option.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:54 +01:00
Justus Winter
dd3dde07a9 g10: Create expiring keys in quick key generation mode.
* doc/gpg.texi: Document that fact.
* g10/keygen.c (quick_generate_keypair): Use a default value.
* tests/openpgp/quick-key-manipulation.scm: Test that fact.

GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 16:35:08 +01:00
Werner Koch
98433c7043
gpg: Fix memory leak in ecc key generation.
* g10/keygen.c (ecckey_from_sexp): Release curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 14:02:14 +01:00
Werner Koch
f1304ee9b2
gpg: Do not use a fixed string for --gpgconf-list:default_pubkey_algo.
* g10/keygen.c (get_default_pubkey_algo): New.
(parse_key_parameter_string): Use it.
* g10/gpg.c (gpgconf_list): Take value from new function.
--

Note that consumers of that gpgconf-list value may need to be adjusted
to that new value.  It should anyway only be used to display the
default algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 10:50:42 +01:00
Werner Koch
522e6f798d
gpg: Fix algo string parsing of --quick-addkey.
* g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
(parse_key_parameter_part): Use default key size if only "rsa", "dsa",
or "elg" is given.
--

The first change is the actual fix.  The second change avoids the
error "Invalid Curve" when only "rsa" instead of RSA2048 is given.

Fixes-commit: ce29272e24
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 10:13:06 +01:00
Justus Winter
d568a15616 g10: Create keys that expire in simple key generation mode.
* g10/keygen.c (default_expiration_interval): New variable.
(generate_keypair): Use the new default.
--
Cursory discussion on gnupg-devel@ suggested two years as a good
default expiration interval.

GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 14:38:31 +01:00
Justus Winter
c8100fc0fa g10: List compression algorithms using human-readable names.
* g10/gpg.c (list_config): List all enabled compression algorithms
under the key 'compressname'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 13:13:45 +01:00
Justus Winter
3de9bad359 g10: Fix memory leak.
* g10/sign.c (do_sign): Release old signature data.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 13:13:45 +01:00
Werner Koch
cb4c7abb77
Fix 2 compiler warnings.
* dirmngr/loadswdb.c: Set ERR on malloc failure.
* g10/passphrase.c (passphrase_to_dek): Initialize all fields of
HELP_S2K.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 19:02:56 +01:00
Werner Koch
a75790b740
gpg: Fix the fix out-of-bounds access.
* g10/tofu.c (build_conflict_set): Revert to int* and fix calloc.
--

The original code used an int array and thus better keep that and do
not limit it to 128 entries.

Fixes-commit: c3008bffac
Fixes-commit: 3b5b94ceab
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 17:03:26 +01:00
Justus Winter
3b5b94ceab g10: Fix out-of-bounds access.
* g10/tofu.c (build_conflict_set): Use 'char'.

Fixes-commit: c3008bffac
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-08 14:19:09 +01:00
Werner Koch
c3008bffac
gpg: Fix portability problem.
* g10/tofu.c (build_conflict_set): Replace variable dynamic array.
--

Note that clang complained that CONFLICT_SET_COUNT could be negative.
Thus I added an assert.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 13:08:02 +01:00
Neal H. Walfield
6102099985 g10: Avoid a memory leak.
* g10/gpg.c (main): Free KB when we're done with it.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-06 12:16:59 +01:00
Neal H. Walfield
bd9ebe1404 g10: Remove dead code.
* g10/tofu.c (tofu_set_policy_by_keyid): Remove function.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-06 12:16:56 +01:00
Werner Koch
41b3d0975d
gpg: New option --quick-set-expire.
* g10/gpg.c (aQuickSetExpire): New.
(opts): New option --quick-set-expire.
(main): Implement option.
* g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and
NEWEXPIRATION.  Change semantics of the return value.  Change caller.
(keyedit_quick_set_expire): New.
--

This patch partly solves
GnuPG-bug-id: 2701
2016-12-05 11:00:11 +01:00
Werner Koch
ef10c348bf
gpg: Fix error code arg in ERRSIG status line.
* g10/mainproc.c (check_sig_and_print): Use gpg_err_code to return an
error code in ERRSIG.
--

Debian-bug-id: 846834
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-03 21:36:14 +01:00
Werner Koch
ce29272e24
gpg: New option --default-new-key-algo.
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

This new option is intended to be used in the forthcoming
--set-profile command of gpgconf.  It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:47:40 +01:00
Neal H. Walfield
cd532bb7b8 g10: Improve debugging output.
* g10/tofu.c (string_to_long): Improve debugging output.
(string_to_ulong): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-02 11:07:04 +01:00
Neal H. Walfield
bd1a1d8582 g10: In the TOFU module, make strings easier to translate.
* g10/tofu.c: Remove dead code.
(time_ago_str): Simplify implementation since we only want the most
significant unit.
(format_conflict_msg_part1): Use ngettext.
(ask_about_binding): Likewise and only emit full sentences.
(show_statistics): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-01 22:12:56 +01:00
Werner Koch
86efc3ee53
gpg: Let only Dirmngr decide whether CERT is supported.
* g10/getkey.c (parse_auto_key_locate): Do not build parts depending
on USE_DNS_CERT.
--

This also removes USE_DNS_SRV from commented code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-01 16:40:32 +01:00
Werner Koch
a5910e00ac
gpg: Make --decrypt with output '-&nnnn' work.
* g10/plaintext.c (get_output_file): Check and open special filename
before falling back to stdout.
--

GnuPG-bug-id: 2677
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:54:36 +01:00
Werner Koch
60b4982836
gpg,sm: Merge the two versions of check_special_filename.
* sm/gpgsm.c (check_special_filename): Move to ..
* common/sysutils.c (check_special_filename): here.  Add arg
NOTRANSLATE.
(allow_special_filenames): New local var.
(enable_special_filenames): New public functions.
* sm/gpgsm.c (allow_special_filenames): Remove var.
(main): Call enable_special_filenames instead of setting the var.
(open_read, open_es_fread, open_es_fwrite): Call
check_special_filename with 0 for NOTRANSLATE.
* common/iobuf.c (special_names_enabled): Remove var.
(iobuf_enable_special_filenames): Remove func.
(check_special_filename): Remove func.
(iobuf_is_pipe_filename): Call new version of the function with
NOTRANSLATE set.
(do_open): Ditto.
* g10/gpg.c (main): Call enable_special_filenames instead of
iobuf_enable_special_filenames.
* g10/gpgv.c (main): Ditto.
--

Note that we keep the iobuf.c:translate_file_handle because it is a
bit different (for whatever reasons) than the translate function from
sysutils.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:54:36 +01:00
Justus Winter
52385a2ba1 g10: Fix memory leak.
* g10/decrypt.c (decrypt_messages): Properly decrease the reference
count of the armor filters after pushing them.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-29 16:48:35 +01:00
Neal H. Walfield
522f74f7e3 Improve some comments. 2016-11-29 14:56:00 +01:00
Neal H. Walfield
2f27cb12e3 g10: Extend TOFU_STATS to always show the validity
* doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY.  Add
a new field called VALIDITY.
* g10/tofu.c (write_stats_status): Update output accordingly.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Change TOFU_STATS as discussed offline with Werner, Justus and Andre.
2016-11-29 14:55:59 +01:00
Justus Winter
4db9a42564 g10: Fix iteration over getkey results.
* g10/getkey.c (getkey_next): Only ask 'lookup' for the exact match if
our caller requested the key.  Fixes a crash in 'lookup'.

GnuPG-bug-id: 2848
Fixes-commit: 1d03cc77e1
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-28 13:48:19 +01:00
Neal H. Walfield
03a65a5323 g10: Avoid gratuitously loading a keyblock when it is already available
* g10/trust.c (get_validity): Add new, optional parameter KB.  Only
load the keyblock if KB is NULL.  Update callers.
(get_validity): Likewise.
* g10/trustdb.c (tdb_get_validity_core): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2812
2016-11-23 12:29:22 +01:00
Neal H. Walfield
bfeafe2d3f g10: Use es_fopen instead of open.
* g10/tofu.c: Don't include <utime.h>, <fcntl.h> or <unistd.h>.
(busy_handler): Replace use of open with es_fopen.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Thanks for Werner for pointing this out: es_fopen is more portable
than open.
2016-11-22 17:12:38 +01:00
Neal H. Walfield
44c17bcb00 g10: If the set of UTKs changes, invalidate any changed policies.
* g10/trustdb.c (tdb_utks): New function.
* g10/tofu.c (check_utks): New function.
(initdb): Call it.
* tests/openpgp/tofu.scm: Modify test to check the effective policy of
keys whose effective policy changes when we change the set of UTKs.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

If the set of ultimately trusted keys changes, then it is possible
that a binding's effective policy changes.  To deal with this, we
detect when the set of ultimately trusted keys changes and invalidate
all cached policies.
2016-11-22 15:24:05 +01:00
Justus Winter
6ce14a805f g10: Fix memory leak.
* g10/tofu.c (tofu_notice_key_changed): Remove spurious duplicate call
to 'hexfingerprint'.

Fixes-commit: 037f9de092
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-22 12:09:47 +01:00
Neal H. Walfield
037f9de092 g10: Cache the effective policy. Recompute it when required.
* g10/tofu.c (initdb): Add column effective_policy to the bindings
table.
(record_binding): New parameters effective_policy and set_conflict.
Save the effective policy.  If SET_CONFLICT is set, then set conflict
according to CONFLICT.  Otherwise, preserve the current value of
conflict.  Update callers.
(get_trust): Don't compute the effective policy here...
(get_policy): ... do it here, if it was not cached.  Take new
parameters, PK, the public key, and NOW, the time that the operation
started.  Update callers.
(show_statistics): New parameter PK.  Pass it to get_policy.  Update
callers.
(tofu_notice_key_changed): New function.
* g10/gpgv.c (tofu_notice_key_changed): New stub.
* g10/import.c (import_revoke_cert): Take additional argument CTRL.
Pass it to keydb_update_keyblock.
* g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL.
Update callers.
[USE_TOFU]: Call tofu_notice_key_changed.
* g10/test-stubs.c (tofu_notice_key_changed): New stub.
* tests/openpgp/tofu.scm: Assume that manually setting a binding's
policy to auto does not cause the tofu engine to forget about any
conflict.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

We now store the computed policy in the tofu DB (in the
effective_policy column of the bindings table) to avoid computing it
every time, which is expensive.  Further, policy is never overridden
in case of a conflict.  Instead, we detect a conflict if CONFLICT is
not empty.

This change is backwards compatible to existing DBs.  The only minor
incompatibility is that unresolved conflicts won't be automatically
resolved in case we import a direct signature, or cross signatures.
2016-11-21 22:47:30 +01:00
Neal H. Walfield
182efc5b5d g10: Correctly parameterize ngettext.
* g10/tofu.c (ask_about_binding): Correctly parameterize ngettext.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-11-21 21:22:02 +01:00
Neal H. Walfield
7142b293c8 g10: Don't use the same variable for multiple SQL compiled statements
* g10/tofu.c (struct tofu_dbs_s): Remove unused field
record_binding_update2.  Replace register_insert with
register_signature and register_encryption.
(tofu_register_signature): Don't use dbs->s.register_insert, but
dbs->s.register_signature.
(tofu_register_encryption): Don't use dbs->s.register_insert, but
dbs->s.register_encryption.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-11-21 21:13:15 +01:00
Neal H. Walfield
91a0483c5d g10: Add a convenience function for checking if a key is a primary key
* g10/keydb.h (pk_is_primary): New function.
* g10/tofu.c (get_trust): Use it.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.
(tofu_set_policy): Likewise.
(tofu_get_policy): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-11-21 16:39:53 +01:00
NIIBE Yutaka
1c0b140ccc g10: Fix flags to open for lock of ToFU.
* g10/tofu.c (busy_handler): Fix the flags and utime is not needed.

--

The argument flags must include one of O_RDONLY, O_WRONLY, or O_RDWR.
Adding O_TRUNC, the file is updated.  So, utime is not needed.

Fixes-commit: b2e1b17efa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-18 20:32:22 +09:00
NIIBE Yutaka
b2e1b17efa g10: Fix creating a lock for ToFU.
* g10/tofu.c (busy_handler): Add third argument which is mandatory for
O_CREATE flag.

--

Reported-by: Kristian Fiskerstrand
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-18 09:32:34 +09:00
Werner Koch
5210ff70bc
doc: Typo fixes.
--

Reported-by: Nathan Musoke <nathan.musoke@gmail.com>
2016-11-17 15:29:35 +01:00
Werner Koch
c4506a3f15
common: Rename keybox_file_rename to gnupg_rename_file.
* kbx/keybox-util.c (keybox_file_rename): Rename to ...
* common/sysutils.c (gnupg_rename_file): this.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 17:43:59 +01:00
Werner Koch
43bfaf2c54
gpg: New option --override-session-key-fd.
* g10/gpg.c (oOverrideSessionKeyFD): New.
(opts): Add option --override-session-key-fd.
(main): Handle that option.
(read_sessionkey_from_fd): New.
--

The override-session-key feature was designed to mitigate the effect
of the British RIP act by allowing to keep the private key private and
hand out only a session key.  For that use case the leaking of the
session key would not be a problem.  However there are other use
cases, for example fast re-decryption after an initial decryption,
which would benefit from concealing the session key from other users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:03:03 +01:00
Werner Koch
500e594c2d
gpgv: New option --enable-special-filenames.
* g10/gpgv.c (oEnableSpecialFilenames): New.
(opts): Add option --enable-special-filenames.
(main): Implement that option.
--

This is the same option we have in gpg.  It allows to use commands
like

 gpgv --enable-special-filenames -- '-&3' - <msg 3<msg.sig

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 20:11:59 +01:00
Werner Koch
b47603a0ac
gpg: Add new compliance mode "de-vs".
* g10/options.h (CO_DE_VS): New.
(GNUPG): Also allow CO_DE_VS.
* g10/gpg.c (oDE_VS): New.
(parse_compliance_option): Add "de-vs".
(set_compliance_option): Set "de-vs".
* g10/misc.c (compliance_option_string): Return a description string.
(compliance_failure): Ditto.
* g10/keygen.c (ask_algo): Take care of CO_DE_VS.
(get_keysize_range): Ditto.
(ask_curve): Add new field to CURVES and trun flags into bit flags.
Allow only Brainpool curves in CO_DE_VS mode.
--

As of now this compliance mode only restricts the set of algorithms
and curves which can be created.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 17:50:03 +01:00
Werner Koch
4bd12b571e
doc: Add comment to make clear that KBNODE is deprecated.
--

kbnode_t has replaced KBNODE for new code years ago, but that should
be documented.  No bulk changes please to keep git blame easy to read.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 16:29:08 +01:00
Werner Koch
8ea3b4c410
gpg: Use usual free semantics for packet structure free functions.
* g10/free-packet.c (free_attributes): Turn function into a nop for a
NULL arg.
(free_user_id): Ditto.
(free_compressed): Ditto.
(free_encrypted): Ditto.
(free_plaintext): Ditto.
(release_public_key_parts): Avoid extra check for NULL.
* g10/getkey.c (get_best_pubkey_byname): Ditto.
--

This change avoid surprises because it is common that function named
like free and taking a pointer also have similar semantics.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 16:24:09 +01:00
Justus Winter
12834e84ac g10: Optimize key iteration.
* g10/getkey.c (get_best_pubkey_byname): Use the node returned by
'getkey_next' instead of doing another lookup.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 15:38:09 +01:00
Justus Winter
d20107f6da g10: Fix memory leak.
* g10/getkey.c (finish_lookup): Clarify that we do not return a
reference.
(lookup): Clarify the relation between RET_KEYBLOCK and RET_FOUND_KEY.
Check arguments.  Actually release the node if it is not returned.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 15:38:09 +01:00
Justus Winter
1d03cc77e1 g10: Fix iteration over getkey results.
* g10/getkey.c (getkey_next): Fix invocation of 'lookup'.  If we want
to use RET_FOUND_KEY, RET_KEYBLOCK must be valid.

Fixes-commit: 8ea72a776a
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 15:38:09 +01:00
Justus Winter
bd60742925 g10: Fix use-after-free.
* g10/getkey.c (pubkey_cmp): Make a copy of the user id.
(get_best_pubkey_byname): Free the user ids.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 15:38:09 +01:00
NIIBE Yutaka
1f7639ebbe g10: Fix memory leak.
* g10/keyedit.c (menu_adduid): Don't copy 'sig'.

--

Fixes-commit: 809d67e740
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-15 21:10:51 +09:00
Werner Koch
f86b1a15ad
gpg: New option --compliance.
* g10/gpg.c (oCompliance): New.
(opts): Add "--compliance".
(parse_tofu_policy): Use a generic description string for "help".
(parse_compliance_option): New.
(main): Add option oCompliance.  Factor out code for compliance
setting to ...
(set_compliance_option): new.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:06:49 +01:00
Justus Winter
809d67e740 g10: Fix memory leak.
* g10/keyedit.c (menu_adduid): Deallocate 'sig'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 11:46:40 +01:00
Justus Winter
2cd281c4de g10: Fix memory leak.
* g10/mainproc.c (check_sig_and_print): Free 'pk'.

Fixes-commit: 37e3c89725
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-14 17:33:18 +01:00
Werner Koch
5d13581f47
gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.
* g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
file-global.  Write a STATUS_ERROR.
(maybe_create_keyring_or_box): Check for non-accessible but existant
file.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.
* sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
and make file-global.  Write a STATUS_ERROR.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.  Also add new arg CTRL and change
all callers to pass it down.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-10 17:07:28 +01:00
Werner Koch
088d955bd8
gpg: Improve error message for --quick-gen-key.
* g10/keygen.c (parse_algo_usage_expire): Use a different error
message for an unknown algorithm name.
--

GnuPG-bug-id: 2832
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-10 12:18:33 +01:00
Justus Winter
5840353d8b g10: Fix crash.
* g10/getkey.c (get_best_pubkey_byname): If 'get_pubkey_byname' does
not return a getkey context, then it can return at most one key,
therefore there is nothing to rank.  Also, always initialize '*retctx'
to be on the safe side.

GnuPG-bug-id: 2828
Fixes: ab89164be0
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-07 12:57:30 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch
2312a7f836
indent: Move comments inside the block.
--

This fixes a few

  if (foo)
    /* A comment
       with several
       lines.  */
    {
    }

Which has the problem that the block is visually not related to the
"if" and might thus falsely be considered a standalone block.

Also adds a asterisk on the left side of longer comments.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-04 14:52:08 +01:00
Werner Koch
c1ea0b577a
agent: Extend the PINENTRY_LAUNCHED inquiry and status.
* agent/call-pinentry.c (start_pinentry): Get flavor and version and
pass it to agent_inq_pinentry_launched.
* agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
* g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-03 20:10:38 +01:00
Justus Winter
ab89164be0 g10: Improve and unify key selection for -r and --locate-keys.
* g10/getkey.c (struct pubkey_cmp_cookie): New type.
(key_is_ok, uid_is_ok, subkey_is_ok): New functions.
(pubkey_cmp): Likewise.
(get_best_pubkey_byname): Likewise.
* g10/keydb.h (get_best_pubkey_byname): New prototype.
* g10/keylist.c (locate_one): Use the new function.
* g10/pkclist.c (find_and_check_key): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add new test.
(TEST_FILES): Add new files.
* tests/openpgp/key-selection.scm: New file.
* tests/openpgp/key-selection/0.asc: Likewise.
* tests/openpgp/key-selection/1.asc: Likewise.
* tests/openpgp/key-selection/2.asc: Likewise.
* tests/openpgp/key-selection/3.asc: Likewise.
* tests/openpgp/key-selection/4.asc: Likewise.
--

When a name resembling a mail address is given to either --locate-keys
or --recipient, rank the search results and use only the most relevant
key.

This also lets us query which key will be used for encryption using
--locate-keys.  However, note that --locate-keys may also return keys
incapable of encryption, though it will prefer keys that have an
encryption subkey.

GnuPG-bug-id: 2359
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-03 15:04:18 +01:00
Werner Koch
488b183811
common: Improve compare_string_versions.
* common/stringhelp.c: Include limits.h.
(compare_version_strings): Change semantics to behave like strcmp.
Include the patch lebel in the comparison.  Allow checking a single
version string.
* common/t-stringhelp.c (test_compare_version_strings): Adjust test
vectors and a few new vectors.
* g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-02 17:58:11 +01:00
Daniel Kahn Gillmor
68b59bbc42 Spelling: correct spelling of "passphrase".
There were several different variant spellings of "passphrase".  This
should fix them all for all English text.

I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-02 12:53:58 +01:00
Justus Winter
5d4f1408d0 g10,w32: Fix build on Windows.
* g10/tofu.c (begin_transaction): Use the new 'gnupg_usleep'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-02 12:45:18 +01:00
Neal H. Walfield
7a634e48b1 g10: Avoid gratuitious SQLite aborts and starving writers.
* g10/tofu.c: Include <time.h>, <utime.h>, <fcntl.h> and <unistd.h>.
(tofu_dbs_s): Add fields want_lock_file and want_lock_file_ctime.
(begin_transaction): Only yield if DBS->WANT_LOCK_FILE_CTIME has
changed since we took the lock.  Don't use gpgrt_yield to yield, but
sleep for 100ms.  After taking the batch lock, update
DBS->WANT_LOCK_FILE_CTIME.  Also take the batch lock the first time we
take the real lock.  When taking the real lock, use immediate not
deferred mode to avoid gratuitious aborts.
(end_transaction): When dropping the outermost real lock, drop the
batch lock.
(busy_handler): New function.
(opendbs): Set the busy handler to it when opening the DB.  Initialize
CTRL->TOFU.DBS->WANT_LOCK_FILE.
(tofu_closedbs): Free DBS->WANT_LOCK_FILE.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

By default, SQLite defers transactions until they are actually needed.
A consequence of this is that if we have two readers and both decide
to do a write, then one has to abort.  To avoid this problem, we can
make the outermost transaction an immediate transaction.  This has the
disadvantage that we only allow a single reader at a time, but at
least we don't have gratuitous aborts anymore.

A second problem is that SQLite apparently doesn't actually create a
queue of waiters.  The result is that doing a sched_yield between
dropping and retaking the batch transaction is not enough to allow the
other process to make progress.  Instead, we need to wait a
while (emperically: 100ms seems reasonable).  To avoid waiting when
there is no contention, we use a new file's timestamp to signal that
there is a waiter.
2016-10-30 19:10:42 -07:00
Neal H. Walfield
eec365a02b g10: Avoid reading in keys when possible.
* g10/tofu.c (build_conflict_set): If CONFLICT_SET contains a single
element, don't bother to check for cross sigs.  Add parameter PK.
Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-30 11:03:51 -07:00
Neal H. Walfield
614ca00676 g10: Fix bit setting.
* g10/tofu.c (build_conflict_set): Fix bit setting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 1f1f56e606
2016-10-30 10:55:58 -07:00
Werner Koch
b6f08dbb0b
gpg: Enable the Issuer Fingerprint from rfc4880bis
* g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new
Issuer Fingerprint sub-packet.
* g10/mainproc.c (check_sig_and_print): Always consider that
sub-packet.
--

The specs for this sub-packet have been pushed to the OpenPGP WG's
repo today.

See-also: https://mailarchive.ietf.org/arch/msg/\
	openpgp/GvPo2eSL9GW9WcGhOocY7KBa9FY

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-28 21:01:51 +02:00
Werner Koch
8fced66be3
gpg: Verify multiple detached signatures with different hash algos.
* g10/mainproc.c (proc_tree): Loose check.  Enable all algos.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-27 19:56:42 +02:00
Justus Winter
8ea72a776a g10: Fix iteration over getkey results.
* g10/getkey.c (getkey_next): Return the public key in PK even if
RET_KEYBLOCK is NULL.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 15:31:30 +02:00
Justus Winter
445f0c13d7 Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:59:56 +02:00
Justus Winter
66a0091d74 g10: Assert preconditions.
* g10/getkey.c (get_pubkey_byname): Assert preconditions.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:43:29 +02:00
Werner Koch
a15ed5a1fd
gpg: Convey --quick option to dirmngr for --auto-key-retrieve.
* g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'.
(gpg_dirmngr_wkd_get): Ditto.
* g10/keyserver.c (keyserver_get): Add arg 'quick'.
(keyserver_get_chunk): Add arg 'quick'.
(keyserver_import_fprint): Ditto.  Change callers to pass 0 for it.
(keyserver_import_keyid): Ditto.
(keyserver_import_wkd): Ditto.
* g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with
QUICK set.
--

Note that this option has not yet been implemented by dirmngr.
Dirmngr will simply ignore it for now.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-27 09:06:10 +02:00
NIIBE Yutaka
ca0ee4e381 g10: Fix ECDH, clarifying the format.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when
it's short.  Clarify the format.  Handle other prefixes correctly.

--
With the scdaemon's change, there is no case NBYTES < SECRET_X_SIZE.
This fixes the break of ECDH with X25519.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-27 13:04:45 +09:00
Arnaud Fontaine
b648f28f9f g10: ECDH shared point format.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of
ECDH shared point format.

--
This handles the case where the result comes from scdaemon.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
2016-10-27 12:16:30 +09:00
Werner Koch
9d6146d6f9
gpg: Replace two sprintf calls.
* g10/keygen.c (print_status_key_created): Use snprintf for now.
(ask_expire_interval): Replace xmalloc and sprintf by xasprintf.
--

Future updates: Replace code like

   r = xcalloc (1, sizeof *r + 20 );
   r->key = pKEYLENGTH;
   sprintf( r->u.value, "%u", info.key_attr[0].nbits);

by something like

   r = new_r_with_value ("%u", info.key_attr[0].nbits);
   r->key = pKEYLENGTH;

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-24 13:12:05 +02:00
NIIBE Yutaka
b1828c17fc scd: Use canonical curve name of libgcrypt.
* scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
(ecdh_params): New.
(ecc_read_pubkey): Use ecdh_params.  Use curve name.
(ecc_writekey): Likewise.
(ecc_curve): Rename from ecc_oid.
(parse_algorithm_attribute): Use ecc_curve.
* g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
intern the curve name string.
* g10/card-util.c (card_status): Conver curve name to alias for print.
--
Now, sdcaemon answer for KEY-ATTR is in the canonical curve name
instead of the alias.  Since it is used of key generation for
card encryption key with backup, it should be canonical name.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-24 11:22:44 +09:00
NIIBE Yutaka
acef095164 g10: Fix card keygen for decryption.
* g10/keygen.c (do_generate_keypair): Fix arguments.

--

Reported-by: Grumpy
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-24 07:52:40 +09:00
NIIBE Yutaka
987bbb2276 g10: More card key generation change.
* g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
Don't get ALGO by KEY-ATTR by this function.  It's caller to provide
ALGO.  Don't do that by both of caller and callee.
(generate_keypair): Only put paramerters needed.  Use parameters
for ALGO to call gen_card_key.
(generate_card_subkeypair): Get ALGO and call gen_card_key with it.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-22 08:45:35 +09:00
Andre Heinecke
f7e50634be g10: Write first keybox record in binary mode
* g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode.

--
This fixes keybox corruption on windows.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2016-10-21 15:02:19 +02:00
NIIBE Yutaka
d2653b1a6d g10,scd: Fix ECC keygen.
* g10/keygen.c (generate_keypair): For card key generation, fill
parameters by KEY-ATTR.

* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
after its reference by OIDBUF is finished.
(ecc_writekey): Likewise.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 21:37:04 +09:00
NIIBE Yutaka
dafce6f698 g10: Don't ask keysize for for non-RSA card.
* g10/card-util.c (card_status): Bug fix for keyno.
(ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
(generate_card_keys): Only ask keysize when RSA.
(card_generate_subkey): Likewise.

--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 14:15:05 +09:00
NIIBE Yutaka
161cb22f13 g10: Support ECC for gen_card_key.
* g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
(do_generate_keypair, generate_card_subkeypair): Follow the change.

--
ALGO is determined by the key attribute of the card.

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 13:59:09 +09:00
NIIBE Yutaka
6e85ac77af Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
NIIBE Yutaka
9a34e2142b agent, g10: Fix keygen.
* agent/command.c (cmd_readkey): Get length after card_readkey.
* g10/keygen.c (gen_card_key): Fix off-by-one error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 20:01:46 +09:00
NIIBE Yutaka
980c037bed g10: smartcard keygen change.
* g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
(scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
(agent_scd_genkey): Remove INFO argument.  CREATETIME is now in/out
argument.
(agent_readkey): Use READKEY --card instead of SCD READKEY.
* g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
to retrieve public key information from card and let the agent make
a file for private key with shadow info.
--

This change removes gpg's KEY-DATA handling for SCD GENKEY.  Information
with KEY-DATA is simply not used.  Instead, it is read by READKEY --card
command of gpg-agent.  This can consolidate public key handling in a
single method by READKEY.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 13:30:47 +09:00
Neal H. Walfield
95d0f3e5ee g10: Be more careful when checking if a binding is signed by a UTK.
* g10/tofu.c (signed_by_utk): When checking if a key is signed by an
ultimately trusted key, only consider the signatures on the specified
user id.
* tests/openpgp/tofu.scm: Add test for the above.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-13 21:14:55 +02:00
Neal H. Walfield
4c0389f8eb g10: Be more careful when checking cross signatures.
* g10/tofu.c (cross_sigs): When checking cross signatures, only
consider the signatures on the specified user id.
* tests/openpgp/tofu.scm: Add test for the above.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg:
  New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/README: New file.

--
Signed-off-by: Neal H. Walfield
2016-10-13 12:44:59 +02:00
Neal H. Walfield
e09166c772 g10: Still check if the key is an UTK or cross signed in batch mode.
* g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
bail immediately.  Instead, check if the key in question is an
ultimately trusted key or cross signed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-13 12:40:03 +02:00
Neal H. Walfield
5bf92e51df g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL
* g10/tofu.c (get_policy): If an sqlite operation fails, map the error
  code to GPG_ERR_GENERAL.
(ask_about_binding): Likewise.
(build_conflict_set): Likewise.
(get_trust): Likewise.
(show_statistics): Likewise.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-13 12:32:03 +02:00
Neal H. Walfield
3ad17e72fa g10: When changing a TOFU binding's policy, update the conflict info
* g10/tofu.c (record_binding): Take an additional argument, CONFLICT.
Set the binding's conflict accordingly.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-12 21:42:10 +02:00
Neal H. Walfield
ca84f65c7c g10: Make a singular string singular.
* g10/tofu.c (ask_about_binding): Make the singular string singular.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-12 21:40:03 +02:00
Neal H. Walfield
6fdf37f083 g10: Correctly determine whether a binding has a conflict.
* g10/tofu.c (build_conflict_set): A binding has a conflict is
conflict is *not* NULL, not if it is NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-12 21:39:12 +02:00
Neal H. Walfield
78eda335fd g10: Fix a column's type in TOFU DB.
* g10/tofu.c (initdb): Change policy from a boolean to an integer.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Note: sqlite ignores type information so this change has no real
impact.
2016-10-12 21:37:34 +02:00
Werner Koch
1a24c67e20
Revert "g10: Fix singular term."
--

This reverts commit b0d2526bc4.

The number of format elements may not change in ngettext.  The entire
construct is anyway wrong because ngettext is passed a different value
than what is used in the printf.

We need to rework the use of most strings in tofu.c.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 08:06:13 +02:00
Werner Koch
5d43d28aa3
gpg: Put extra parens around bit tests.
* g10/options.h (DBG_MPI): New.
* g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
* g10/parse-packet.c (set_packet_list_mode): Use dbg macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 07:54:38 +02:00
Justus Winter
b0d2526bc4 g10: Fix singular term.
* g10/tofu.c (ask_about_binding): Fix singular message.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-06 14:33:20 +02:00
Justus Winter
73000d1ce0 g10: Use appropriate variant of 'abs'.
* g10/tofu.c (ask_about_binding): Use 'labs' instead of 'abs'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-06 14:32:10 +02:00
Justus Winter
6b626824c8 g10: Fix testing for debug flag.
* g10/parse-packet.c (set_packet_list_mode): Fix testing for debug
flag.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-06 14:17:55 +02:00
Werner Koch
a43739a245
agent: Remove the warning for the GKR hijacking.
* g10/call-agent.c (check_hijacking): Remove.
(start_agent): Remove call.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-30 19:38:03 +02:00
Werner Koch
cbf2ac6669
gpg: Improve WKD by importing only the requested UID.
* g10/keyserver.c: Include mbox-util.h.
(keyserver_import_wkd): Do not use the global import options but
employ an import filter.
--

We also make sure that an mbox has been passed to keyserver_import_wkd
so it may also be called with a complete user id (which is currently
not the case).

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-28 15:35:31 +02:00
Werner Koch
80393661bd
gpg: Reject import if an import filter removed all user ids.
* g10/import.c (any_uid_left): New.
(import_one): Check that a UID is left.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-28 15:32:04 +02:00
Werner Koch
c9237bf2ba
gpg: Make import filter data object more flexible.
* g10/main.h (import_filter_t): New.
* g10/import.c (struct import_filter_s): Declare struct.
(import_keep_uid, import_drop_sig): Replace by ...
(import_filter): new.  Adjust all users.
(cleanup_import_globals): Move code to ...
(release_import_filter): new.
(save_and_clear_import_filter): New.
(restore_import_filter): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-28 13:47:34 +02:00
Werner Koch
829949f382
gpg: Make sure that internal key import is done with a binary stream.
* g10/import.c (import_keys_internal): Open stream in binary mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-28 13:36:28 +02:00
NIIBE Yutaka
4e4843e735 agent, sm: Set CTX after start_agent.
* g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent.
* sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign)
(gpgsm_agent_readkey, gpgsm_agent_scd_serialno)
(gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted)
(gpgsm_agent_passwd, gpgsm_agent_get_confirmation)
(gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key)
(gpgsm_agent_export_key): Likewise.

--

Reported-by: Rainer Perske
GnuPG-bug-id: 2699
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-27 14:45:21 +09:00
Neal H. Walfield
df5353b95e g10: When adding a user id, make sure the keyblock has been prepared.
* g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on
KEYBLOCK before adding the user id.
* tests/openpgp/quick-key-manipulation.scm: Make sure that the key
capabilities don't change when adding a user id.
(key-data): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2697
2016-09-22 21:32:31 +02:00
Werner Koch
998643666c
gpg: Fix regression in fingerprint printing.
* g10/keylist.c (list_keyblock_print): Do not depend calling
print_fingerprint on opt.keyid_format.
--

Regression-due-to: d757009a24
Debian-bug-id: 838153
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-19 17:48:04 +02:00
Justus Winter
086d219d96 g10: Fix memory leak.
* g10/tofu.c (build_conflict_set): Free 'kb_all'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-19 12:32:50 +02:00
Werner Koch
18bbefa27f
gpg: Avoid malloc failure due to no key signatures
* g10/keyedit.c (check_all_keysigs): Check early for no key
signatures.  Use xtrycalloc.
--

GnuPG-bug-id: 2690
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-19 08:27:56 +02:00
Daniel Kahn Gillmor
0d67241e31 Fix more spelling
* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
  tests/pkits/README, tools/applygnupgdefaults,
  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
  minor spelling cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-17 16:00:37 +09:00
Neal H. Walfield
6e930f0e40 g10: On failure, propagate the return code.
* g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:21 +02:00
Neal H. Walfield
3825847300 g10: Improve some comments and a string.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:20 +02:00
Neal H. Walfield
221b0bd0e5 g10: Don't ignore failure. On failure, rollback.
* g10/tofu.c (tofu_set_policy): If record_binding fails, fail.  If the
function fails, rollback the transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:20 +02:00
Neal H. Walfield
c2e563421e g10: Load the key block if the supplied user id list is NULL.
* g10/tofu.c (tofu_register_encryption): Load the key block if
USER_ID_LIST is NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:19 +02:00
Neal H. Walfield
af196342bf g10: Use the accessor functions for accessing and comparing key ids
* g10/tofu.c (get_trust): Use the pk_main_keyid accessor function.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.
(tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:18 +02:00
Justus Winter
c0e620cee8 g10: Add missing header.
* g10/trustdb.c: Include 'mbox-util.h'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-15 14:46:06 +02:00
Neal H. Walfield
3f7f744731 g10: Only consider bindings matching the signer's user id.
* g10/trustdb.c (tdb_get_validity_core): If the signer's user id
subpacket is present, only consider matching user ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-15 12:21:35 +02:00
Neal H. Walfield
dcc6466305 g10: Don't include the signature when printing a binding's validity.
* g10/mainproc.c (check_sig_and_print): When printing information
about a binding don't include the current signature.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-15 12:21:34 +02:00
Neal H. Walfield
9799b5d18f g10: Fix whitespace.
* g10/tofu.c (show_statistics): Fix whitespace.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:11 +02:00
Neal H. Walfield
05b2b13efd g10: Correctly compute the euclidean distance.
* g10/tofu.c (write_stats_status): Correctly compute the euclidean
distance.
(show_statistics): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:10 +02:00
Neal H. Walfield
ca91caabb5 g10: Change the default TOFU policy for UTKs to good.
* g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to
good.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:09 +02:00
Neal H. Walfield
9d62b79e62 g10: Add missing static qualifier.
* g10/tofu.c (cross_sigs): Add missing static qualifier.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:09 +02:00
Neal H. Walfield
8df8aa13c7 g10: Default to the "good" TOFU policy for keys signed by a UTK.
* g10/tofu.c (signed_by_utk): New function.
(get_trust): If a key is signed by an ultimately trusted key, then
set any bindings to good.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:08 +02:00
Werner Koch
f4e11f2e9e
gpg: Emit a new error status line in --quick-adduid.
* g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing
user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-14 10:59:18 +02:00
Werner Koch
0fd332bc1f
gpg: Allow use of "default" algo for--quick-addkey.
* g10/keygen.c (quick_generate_keypair): Write a status error.
(parse_algo_usage_expire): Set a default curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-14 09:46:10 +02:00
Werner Koch
30a011cfd6
gpg: Improve usability of --quick-gen-key.
* g10/keygen.c (FUTURE_STD_): New constants.
(parse_expire_string): Handle special keywords.
(parse_algo_usage_expire): Allow "future-default".  Simplify call to
parse_expire_string.
(quick_generate_keypair): Always allow an expiration date.  Replace
former "test-default" by "future-default".
--

Using an expiration date is pretty common, thus we now allow the
creation of a standard key with expiration date.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-13 11:30:54 +02:00
Werner Koch
31fc420727
gpg: Avoid mixing up status and colon line output.
* g10/keylist.c (list_keyblock_colon): Avoid calling functions which
trigger a status line output before having printed a LF.
--

Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the
colons output, like here:

  pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...]

Reported-by: Andreas Stieger <astieger@suse.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-12 17:45:01 +02:00
Ben Kibbey
937ec53eff Fix symbol conflict.
* g10/gpgcompose.c: Rename struct siginfo to signinfo.
--

Fixes android-ndk and OpenIndiana (Solaris) builds.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-09-10 13:42:09 -04:00
Daniel Kahn Gillmor
d757009a24
gpg: print fingerprint regardless of keyid-format
* g10/keylist.c (print_fingerprint): use compact format independent of
  keyid-format; (print_key_line): always print the fingerprint

--

The choice of fingerprint display should be independent of the
keyid-format.

Currently, the representation of the fingerprint changes depending on
whether the user has specified --keyid-format to anything besides
"none".  (this is common, for example, if someone happens to have
"keyid-format long" in their gpg.conf for interoperability with older
versions of gpg)

With this changeset, keyid-format governs only the format of the
displayed keyID, while the fingerprint display is governed only by the
fingerprint options:

 [default]::
    compact fpr of pubkey only
 --with-fingerprint::
    human-readable form of fpr of pubkey only
 --with-fingerprint --with-fingerprint::
    human-readable form of pubkey and subkey
 --with-subkey-fingerprint:
    compact fpr for pubkey and subkeys

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-09 08:17:49 +02:00
Werner Koch
30a9f53a0f
gpg: Remove option --yes from gpgv
* g10/gpgv.c (opts): Remove --yes.
(main): Always set opt.ANSWER_YES.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-08 14:34:13 +02:00
Werner Koch
a8363b7d0b
gpg: Add options --output and --yes to gpgv.
* g10/gpgv.c (oOutput, oAnswerYes): New.
(opts): Add --output and --yes.
(main): Implement options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-08 10:50:51 +02:00
Werner Koch
bbe940c095
gpg: Make --output work with --verify.
* g10/mainproc.c (proc_plaintext): Handle opt.output.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-08 00:45:45 +02:00
Neal H. Walfield
bde29a46ce g10: Use the time a signature was seen, not the embedded time, for stats
* g10/tofu.c (ask_about_binding): Use the time that a signature was
seen, not allegedly generated, when generating statistics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-07 11:17:47 +02:00
Neal H. Walfield
ee06b3f788 g10: Check for a new binding a bit later.
* g10/tofu.c (build_conflict_set): Check for the current key after
looking for conflicts and removing any '!'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 1f1f56e6
2016-09-07 10:53:28 +02:00
Neal H. Walfield
7b3e8572e3 g10: Change TOFU code to respect --faked-system-time.
* g10/tofu.c (record_binding): New parameter now.  Update callers.
Don't use SQLite's strftime('%s','now') to get the current time, use
NOW.
(ask_about_binding): Likewise.
(get_trust): New parameter now.  Update callers.
(show_statistics): Likewise.
(tofu_register_signature): Don't use SQLite's strftime('%s','now') to
get the current time, use gnupg_get_time().
(tofu_register_encryption): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-07 10:28:39 +02:00
Neal H. Walfield
56c18408d4 g10: Use the correct conversion function.
* g10/tofu.c (show_statistics): Use string_to_ulong, not
string_to_long.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 875ac921
2016-09-07 10:06:58 +02:00
Neal H. Walfield
1f90d3c71e g10: Add missing sqrtu32.h and sqrtu32.c.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 875ac92.
2016-09-07 08:55:17 +02:00
Werner Koch
97a67d42dc
gpg: Fix format string issues in tofu.
* g10/tofu.c (write_stats_status): Use ulong for MESSSAGES.  Fix
format strings.  Simplify by using the new write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-07 08:41:48 +02:00
Werner Koch
c894fa8d37
g10: Temporary hack to repalce missing sqrtu32.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-07 08:40:18 +02:00
Neal H. Walfield
13ddc17ddb g10: Make sure some functions are passed a primary key.
* g10/tofu.c (get_trust): Make sure the caller provides a primary key.
(tofu_register_signature): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 22:40:59 +02:00
Neal H. Walfield
ee19eacd1d g10: Tweak TOFU's verbosity.
* g10/tofu.c (time_ago_str): Only show the most significant unit.
* g10/tofu.c (show_statistics): Tweak the output.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 22:40:01 +02:00
Neal H. Walfield
67cef405cb g10: Only show the TOFU warning once per key.
* g10/tofu.c (show_statistics): Return whether to call show_warning.
Move the warning from here...
(show_warning): ... to this new function.
(tofu_get_validity): If show_statistics returns a non-zero value, call
show_warning.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 22:10:57 +02:00
Neal H. Walfield
875ac9216f g10: Record and show statistics for encrypted messages when using TOFU
* g10/tofu.c: Include "sqrtu32.h".
(struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
get_trust_gather_signature_stats.  Add new field
get_trust_gather_encryption_stats.
(initdb): Create the encryptions table.
(ask_about_binding): Show the encryption statistics too.
(tofu_register): Rename from this...
(tofu_register_signature): ... to this and update callers.
(tofu_register_encryption): New function.
(write_stats_status): Add parameters encryption_count,
encryption_first_done and encryption_most_recent.  Update callers.
Compute the trust using the euclidean distance of the signature and
signature count.  Compare with twice the threshold.  Include
encryption count information in the TFS and TOFU_STATS lines.
(show_statistics): Also get information about the encrypted messages.
* g10/trustdb.c (tdb_get_validity_core): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 21:37:48 +02:00
Neal H. Walfield
a9e6db6c7e g10: Simplify the binding statistics shown for a TOFU conflict.
* g10/tofu.c (ask_about_binding): Simplify binding statistics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 21:37:47 +02:00
Neal H. Walfield
9082bde01c g10: Don't add user attributes to the TOFU DB.
* g10/trustdb.c (tdb_get_validity_core): Skip user attributes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-05 16:48:51 +02:00
Neal H. Walfield
1f1f56e606 g10: Refactor cross sig check code.
* g10/tofu.c (BINDING_NEW): New enum value.
(BINDING_CONFLICT): Likewise.
(BINDING_EXPIRED): Likewise.
(BINDING_REVOKED): Likewise.
(ask_about_binding): Move cross sig check from here...
(get_trust): ... and the conflict set building from here...
(build_conflict_set): ... to this new function.
(format_conflict_msg_part1): Replace parameter conflict with
conflict_set.  Drop parameter fingerprint.  Update callers.
(ask_about_binding): Drop unused parameter conflict and redundant
parameter bindings_with_this_email_count.  Rename parameter
bindings_with_this_email to conflict_set.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-05 15:14:27 +02:00
Werner Koch
0ac671f8a2
common: Add an assuan logging monitor.
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 11:58:48 +02:00
Werner Koch
0a4a03e531
gpg: New export filter drop-subkey.
* g10/import.c (impex_filter_getval): Add properties for key packets.
* g10/export.c (export_drop_subkey): New var.
(cleanup_export_globals): Release that var.
(parse_and_set_export_filter): Add filter "drop-subkey".
(apply_drop_subkey_filter): New.
(do_export_stream): Run that filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 09:52:04 +02:00
Werner Koch
c8e0d37f41
gpg: Use a common filter_getval for import and export.
* g10/import.c (filter_getval): Rename to ...
(impex_filter_getval): this.  Make global.
(apply_keep_uid_filter, apply_drop_sig_filter): Adjust.
* g10/export.c (filter_getval): Remove.
(apply_drop_sig_filter): Use impex_filter_getval.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 09:52:04 +02:00
Neal H. Walfield
85fad6c34c g10: End transaction earlier.
* g10/tofu.c (ask_about_binding): End the transaction earlier.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 23:32:00 +02:00
Neal H. Walfield
b410a3cb76 g10: Don't consider cross-signed keys to be in conflict.
* g10/tofu.c (cross_sigs): New function.
(ask_about_binding): If apparently conflicting keys are cross signed,
then don't mark them as conflicting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

If two keys are cross signed, then the same person (probably)
controlled them both.  In this case, don't raise a TOFU conflict.
This usually occurs when someone transitions to a new key.  When that
person rotates to a third key, she will typically only cross sign it
with the second key.  As such, we check this transitively to avoid
declaring a conflict between the 1st and 3rd key.
2016-09-01 23:32:00 +02:00
Werner Koch
38d369de13
gpg: Avoid homedir creation by --list-config
* g10/gpg.c (main): Do not register a key for the list config
commands.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 19:22:48 +02:00
Werner Koch
fde9fa81d3
gpg: Simplify code to print VALIDSIG.
* g10/mainproc.c (check_sig_and_print): Use hexfingerprint and
write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 16:39:41 +02:00
Werner Koch
6bdadae005
gpg: Add new function write_status_printf.
* g10/cpr.c (write_status_printf): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 16:39:41 +02:00
Werner Koch
37e3c89725
gpg: Fix printing of pubkey algo in --verbose signature verify.
* g10/sig-check.c (check_signature2): Replace arg PK by R_PK and
change the semantics.  Also clear the other R_ args on function entry,
use gpg_error() and change retturn type to gpg_error_t.
* g10/mainproc.c (do_check_sig): Add arg R_PK.
(list_node): Pass NULL for new arg.
(check_sig_and_print): Rework to make use of the returned PK.
--

The output

gpg: textmode signature, digest algorithm SHA256, key algorithm rsa2048

showed the pubkey algo of the primary key which was surprising.
Changed to print the algo of the subkey used for verification.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 16:39:41 +02:00
Neal H. Walfield
44690befad g10: Fix typo.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 14:31:55 +02:00
Neal H. Walfield
3d44e5e8a8 g10: When asking about a TOFU binding conflict, default to unknown.
* g10/tofu.c (ask_about_binding): Default to unknown.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 14:31:31 +02:00
Neal H. Walfield
f2e5cb6ffb g10: Add support for TRUST_NEVER.
* g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
returned by the TOFU trust model.
(do_we_trust_pre): Print a different message if TRUSTLEVEL is
TRUST_NEVER.
(check_signatures_trust): Improve comment.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 13:29:56 +02:00
Neal H. Walfield
0cb0ea1633 g10: Improve text.
* g10/tofu.c (show_statistics): Improve the text (key and user id, not
just key).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 13:17:54 +02:00
Neal H. Walfield
00c2850393 g10: Remove unused parameter.
* g10/tofu.c (show_statistics): Remove unused parameter sig_exclude.
Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 13:17:06 +02:00
Werner Koch
3e67b50490
gpg: Copy the correct digest for use by TOFU.
* g10/mainproc.c (do_check_sig): Use the current digest algo.
--

Note that the digest context may have several algos enabled, which is
is case if keys with different hash preferences signed the data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 12:52:21 +02:00
Neal H. Walfield
4cbd2a690c g10: Be careful to not be in a transaction during long operations
* g10/tofu.c (begin_transaction): New parameter only_batch.  If set,
only start a batch transaction if there is none and one has been
requested.  Update callers.
(tofu_suspend_batch_transaction): New function.
(tofu_resume_batch_transaction): Likewise.
(ask_about_binding): Take a ctrl_t, not a tofu_dbs_t.  Update
callers.  Gather statistics within a transaction.  Suspend any batch
transaction when getting user input.
(get_trust): Take a ctrl_t, not a tofu_dbs_t.  Update callers.
Enclose in a transaction.
(tofu_get_validity): Use a batch transaction, not a normal
transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 12:43:34 +02:00
Neal H. Walfield
edfb6934ca g10: On a TOFU conflict, show whether the uids are expired or revoked
* g10/tofu.c (struct signature_stats): Add fields is_expired and
is_revoked.
(signature_stats_prepend): Clear *stats when allocating it.
(ask_about_binding): Also show whether the user ids are expired or
revoked.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 17:52:50 +02:00
Neal H. Walfield
28c235ae75 g10: Always trust ultimately trusted keys.
* g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately
trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 13:53:36 +02:00
Neal H. Walfield
5b48960a8a g10: Fix error detection.
* g10/tofu.c: first_seen == 0 is not an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Fixes-commit: 0f1f02ac
Regression-due-to: 45bb9a2a
2016-08-31 12:11:58 +02:00
Neal H. Walfield
e4d5e3cb0d g10: Update a key's TOFU policy in a transaction.
* g10/tofu.c (tofu_set_policy): Do the update in a transaction.
* g10/gpg.c (main): Do a TOFU policy update in a batch transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 11:47:50 +02:00
Neal H. Walfield
247eef005c g10: Fix the show old policy functionality when changing a TOFU policy.
* g10/tofu.c (record_binding): Fix the show old policy functionality.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 11:39:35 +02:00
Neal H. Walfield
70df5a8fd7 g10: Drop unused argument.
* g10/tofu.c (begin_transaction): Remove unused option only_batch.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 10:58:18 +02:00
Neal H. Walfield
268f6b7a34 gpg: Move state local to tofu.c to a private structure.
* g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction
and batch_update_started from here...
* g10/tofu.c (struct tofu_dbs_s): ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 10:47:05 +02:00
Neal H. Walfield
b8184d2d74 gpg: Avoid name spaces clash with future sqlite versions (2).
* g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to
GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG
to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and
SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB.

--
This commit completes the work started in b1ba460.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 10:14:19 +02:00
Werner Koch
76304a971f
gpg: Fix regression in gpgv's printing of the keyid.
* g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT.
--

Debian-bug-id: 836144
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-31 08:48:28 +02:00
Neal H. Walfield
371ae66e9d g10: Improve TOFU batch update code.
* g10/gpg.h (tofu): Rename field batch_update_ref to
batch_updated_wanted.
* g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to
in_batch_transaction.
(begin_transaction): Only end an extant batch transaction if we are
not in a normal transaction.  When ending a batch transaction, really
end it.  Update ctrl->tofu.batch_update_started when starting a batch
transaction.
(end_transaction): Only release a batch transaction if ONLY_BATCH is
true.  When releasing a batch transaction, assert that there is no
open normal transaction.  Only allow DBS to be NULL if ONLY_BATCH is
true.
(tofu_begin_batch_update): Don't update
ctrl->tofu.batch_update_started.
(opendbs): Call end_transaction unconditionally.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 16:06:40 +02:00
Neal H. Walfield
3beeaa70bd g10: Improve TOFU debugging output and some comments.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 16:06:39 +02:00
Neal H. Walfield
d0451440c0 g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.
* g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired)
user ids, change TOFU to return TRUST_NEVER.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 16:06:38 +02:00
Neal H. Walfield
6052c14709 g10: Change tofu_register & tofu_get_validity to process multiple uids.
* g10/tofu.c (tofu_register): Take a list of user ids, not a single
user id.  Only register the bindings, don't compute the trust.  Thus,
change return type to an int and remove the may_ask parameter.  Update
callers.
(tofu_get_validity): Take a list of user ids, not a single user id.
Update callers.  Observe signatures made by expired user ids, but
don't include them in the trust calculation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 16:06:37 +02:00
Neal H. Walfield
33e97813d7 g10: Support nested transactions on the TOFU DB.
* g10/gpg.h (struct server_control_s): New field in_transaction.
* g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and
savepoint_inner_commit.
(begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION.  Name the
savepoint according to the nesting level.
(end_transaction): Name the savepoint according to the nesting level.
Decrement CTRL->TOFU.IN_TRANSACTION.
(rollback_transaction): Likewise.  Only ever rollback a non-batch
transaction.
(opendbs): Assert that there are no outstanding transactions.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 15:54:41 +02:00
Neal H. Walfield
4c2abb221b g10: Print the info text in more situations.
* g10/tofu.c (ask_about_binding): Print the info text when the policy
is ask and there are multiple bindings with the email address.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 15:54:40 +02:00
Neal H. Walfield
0858f141a8 g10: Print the formatted text.
* g10/tofu.c (ask_about_binding): Print the formatted text, not the
unformatted text.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 15:54:39 +02:00
Neal H. Walfield
8dda861ad8 g10: When showing a user id's trust, pass the current signature.
* g10/mainproc.c (check_sig_and_print): Consistently pass SIG to
get_validity.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 15:54:38 +02:00
Werner Koch
bdbd03608b
gpg: Make decryption of -R work w/o --try-secret-key or --default-key.
* g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all
cases not just when --try-all-secrets is used.
--

Regression-due-to: 82b90eee10
Reported-by: Carola Grunwald
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-29 07:56:03 +02:00
Werner Koch
0a5a854510
gpg: Fix false negatives in Ed25519 signature verification.
* g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values.
* tests/openpgp/verify.scm (msg_ed25519_rshort): New
(msg_ed25519_sshort): New.
("Checking that a valid Ed25519 signature is verified as such"): New.
--

About one out of 256 signature won't verify due to stripped zero
bytes.  See the source comment for details.

Reported-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 16:18:00 +02:00
Werner Koch
74a082bc10
common: Rename an odd named function.
* common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519.
(openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519.  Change
callers.

--

We use "cv25519" everywhere else and thus the test function should not
have a surprising name.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 15:16:32 +02:00
Werner Koch
19d12be3ce
gpg: New option --with-tofu-info.
* g10/gpg.c (oWithTofuInfo): New.
(opts): Add --with-tofu-info.
(main): Set opt.with_tofu_info.
* g10/options.h (struct opt): Add field WITH_TOFU_INFO.
* g10/tofu.c (show_statistics): Add optional arg OUTFP and enter
special mode if not NULL.  Change all callers.
(tofu_write_tfs_record): New.
* g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as
part of the "uid" record.  Print a new "tfs" record if the new option
is set.
* tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record.
--

A separate option is required to avoid slowing down key listings.
Foer example the current code takes for a keylisting in tofu+pgp mode
17 seconds while it takes more than 5 minutes if the option is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 09:37:56 +02:00
Werner Koch
0f1f02acc1
gpg: Change TOFU_STATS to return timestamps.
* g10/tofu.c (write_stats_status): Add arg FP to print a colon
formated line.  Adjust for changed TOFU_STATS interface.
(show_statistics): Let the query return timestamps and use
gnupg_get-time to compute the "time ago" values.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-24 19:56:14 +02:00
Werner Koch
1b55e86442
gpg: Add import filter "drop-sig".
* g10/import.c (import_drop_sig): New variable.
(cleanup_import_globals): Release that.
(parse_and_set_import_filter): Add filter "drop-sig".
(filter_getval): Implement properties for drop-sig.
(apply_drop_sig_filter): New.
(import_one): Apply that filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 16:15:49 +02:00
Werner Koch
de6e3217cd
gpg: New option --sender
* g10/options.h (struct opt): Add field 'sender_list'.
* g10/gpg.c: Include mbox-util.h.
(oSender): New.
(opts): Add option "--sender".
(main): Parse option.
--

This option will eventually be used for more advanced purposes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 10:08:34 +02:00
Daniel Kahn Gillmor
61c2a1fa6d
Call log_set_prefix() with human-readable labels.
* agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
* dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
* g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
* tests/gpgscm/main.c, tools/gpg-check-pattern.c
* tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
* tools/symcryptrun.c: Invoke log_set_prefix() with
human-readable labels.

--

Some invocations of log_set_prefix() were done with raw numeric values
instead of values that humans can understand.  Use symbolic
representations instead of numeric for better readability.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-12 12:16:19 +02:00
Werner Koch
70b5d7c43a
gpg: New option --input-size-hint.
* g10/options.h: Include stdint.h.
(struct opt): Add field 'input_size_hint'.
* g10/gpg.c (oInputSizeHint): New.
(opts): Add --input-size-hint.
(main): Set opt.input_size_hint.
* g10/progress.c (write_status_progress): Use the hint.
--

This is a prerequisite to fix
GnuPG-bug-id: 2368

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 21:32:55 +02:00
Werner Koch
ed5c1b0b8a
gpg: Print the signer's UID during verification.
* g10/parse-packet.c (parse_signature): Sanitize the value stored in
SIGNERS_UID.
* g10/mainproc.c (issuer_fpr_string): New.
(check_sig_and_print): Print the signers' UID.  Print the issuer
fingerprint in --rfc4880bis mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-10 19:53:53 +02:00
Werner Koch
5b59999ce0
gpg: Remove tofu database format "split".
* g10/options.h (struct opt): Remove field tofu_db_format.
* g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and
tofu.batch_update_started.
* g10/gpg.c (parse_tofu_db_format): Remove.
(main): Make option --tofu-db-format obsolete.
* g10/tofu.c: Major rework.  Remove the pretty complicated and slower
split format and with that all the caching.  Use the dbs struct
directly.  Move global vars for batch update into CTRL.  Change
calling conventions of some function to take CTRL or DBS pointers
instead of  the former low-level database pointer.
--

The split database format might have been nice for use with Unison but
it bypasses the concept of a relational database by doing parts of
this itself and also risking deadlocks.  Working with the Tofu
database for debugging or experiments is also not possible with parts
of the database logic implemented in gpg.

The Tofu support is quite new and we can assume that it is not in real
use now.  Thus we better remove that now so that we do not need to
maintain it for all future.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-10 16:55:04 +02:00
Justus Winter
a27410a251 g10: Fix opening of trust database.
* g10/tdbio.c (tdbio_set_dbname): This function explicitly checks for
the file size, but handled the case of a zero-sized file incorrectly
by returning success.  Fix this by initializing the database in that
case.
* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/issue2417.scm: New file.

GnuPG-bug-id: 2417
Signed-off-by: Justus Winter <justus@g10code.com>
2016-08-10 16:50:29 +02:00
Werner Koch
16feb1e0ea
gpg: Extend the PROGRESS line to give the used unit.
* g10/progress.c (write_status_progress): Print the units parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-09 16:28:39 +02:00
Ben Kibbey
49829c29e5 Cleanup initialization of libgcrypt.
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.

--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-08-09 10:47:46 +02:00
Werner Koch
491d6fdabb
gpg: Cleanup of dek_to_passphrase function (part 2).
* g10/passphrase.c (passphrase_get): Remove arg KEYID.  Change arg
MODE to NOCACHE.
(passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO.  Split arg
MODE into CREATE and NOCACHE.  Change all callers and adjust stubs.
(passphrase_clear_cache): Remove args KEYID and ALGO.  They are not
used.  Change caller.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-08 20:32:08 +02:00
Werner Koch
5b614973fe
gpg: Cleanup of dek_to_passphrase function (part 1).
* g10/passphrase.c (passphrase_to_dek_ext): Remove args CUSTDESC and
CUSTPROMPT.  Merge into the passphrase_to_dek wrapper.
(passphrase_get): Remove args CUSTOM_DESCRIPTION and CUSTOM_PROMPT.
--

The function is nowadays only used for symmetric encryption.  Thus we
do not need all the former advanced stuff.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-08 18:47:27 +02:00
Daniel Kahn Gillmor
c9387e41db
gpg: Avoid publishing the GnuPG version by default
* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version

--

The version of GnuPG in use is not particularly helpful.  It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.

Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.

It's probably better to take the more parsimonious approach to
metadata production by default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-05 12:23:04 +02:00
Werner Koch
c8cc804f56
gpg: Make sure that keygrips are printed for each subkey.
* g10/keylist.c (list_keyblock_colon): Print an emprty grip in case of
an error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-04 15:34:14 +02:00
Werner Koch
54a1ed20e2
gpg: Always print the fingerprint in colons mode.
* g10/keylist.c (list_keyblock_colon): Remove arg FPR.  Always print
fingerprint records.  For secret keys always print keygrip records.
--

The fingerprint should always be used thus we should always print it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-04 15:01:52 +02:00
NIIBE Yutaka
6f284e6ed6 g10: Fix checking key for signature validation.
* g10/sig-check.c (check_signature2): Not only subkey, but also primary
key should have flags.valid=1.

--

The tweak of gpgv in e32c575e0f only makes
sense with this change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-04 16:21:39 +09:00
Daniel Kahn Gillmor
dc107b7850 More cleanup of "allow to".
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
  common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
  dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
  doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
  doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
  g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
  m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
  po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
  po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
  po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
  po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
  scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
  sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
  with clearer text.

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:55:33 +02:00
Daniel Kahn Gillmor
cd45cf782b Fix spelling and grammar.
* agent/learncard.c: s/coccured/occurred/
* doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/,
  s/reponses/responses/i
* doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows
  to" to more conventional english usage.
* doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm,
  tests/openpgp/armor.test: s/occured/occurred/
* tools/gpgsplit.c: s/calcualting/calculating/
* sm/server.c: s/formated/formatted/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:54:01 +02:00
Werner Koch
48a2c93a18
gpg,gpgsm: Block signals during keyring/keybox update.
* kbx/keybox-util.c (keybox_file_rename): Add arg BLOCK_SIGNALS.
* kbx/keybox-update.c (rename_tmp_file): Block all signals when doing
a double rename.
* g10/keyring.c (rename_tmp_file): Block all signals during the double
rename.
--

This might fix
Debian-bug-id: 831510

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-03 15:31:27 +02:00
Justus Winter
4ba11251af g10: Fix key import statistics.
'transfer_secret_keys' collects statistics on a subkey-basis, while
the other code does not.  This leads to inflated numbers when
importing secret keys.  E.g. 'count' is incremented by the main
parsing loop in 'import', and again in 'transfer_secret_keys', leading
to a total of 3 if one key with two secret subkeys is imported.

* g10/import.c (import_secret_one): Adjust to the fact that
'transfer_secret_keys' collects subkey statistics.
* tests/openpgp/Makefile.am (TESTS): Add new test.
* tests/openpgp/issue2346.scm: New file.
* tests/openpgp/samplekeys/issue2346.gpg: Likewise.

GnuPG-bug-id: 2346
Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-25 12:50:35 +02:00
Justus Winter
d9839c9d30 g10: Properly ignore legacy keys in the keyring cache.
* g10/keyring.c (keyring_rebuild_cache): Properly ignore legacy keys
in the keyring cache.
* tests/migrations/Makefile.am (TESTS): Add new test.
* tests/migrations/common.scm (GPG-no-batch): New variable.
(run-test): New function.
* tests/migrations/issue2276.scm: New file.
* tests/migrations/issue2276.tar.asc: Likewise.

GnuPG-bug-id: 2276
Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-22 14:17:24 +02:00
Justus Winter
45bb9a2a46 g10: Fix error handling.
* g10/tofu.c (show_statistics): Fix error handling, 0 is a valid
duration.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-21 18:22:18 +02:00
Justus Winter
8a6f8e1e39 g10: Drop superfluous begin transaction.
* g10/tofu.c (record_binding): We only need a transaction for the
split format.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-21 18:07:22 +02:00
Justus Winter
1af2fd44f0 g10: Fix crash.
* g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the
cache limit.  Previously, this would crash if db_cache_count == count.

Reported-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-21 11:49:33 +02:00
Justus Winter
d21efa3988 g10: Fix building without trust models.
* g10/pkclist.c (write_trust_status): Fall back to the previous
behavior.

Fixes-commit: ae188932
Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-15 12:35:08 +02:00
Werner Koch
1e9bc66a9a
gpg: Remove options --print-dane-records and --print-pka-records.
* g10/gpg.c (main): Remove options but print a dedicated warning.
* g10/options.h (struct opt): Remove fields 'print_dane_records' and
'print_pka_records'.
* g10/keylist.c (list_keyblock): Do not call list_keyblock_pka.
(list_keyblock_pka): Remove.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 15:19:36 +02:00
Werner Koch
3b8ed7650d
gpg: Fix regression due to the new --mimemode options.
* g10/gpg.c (opts): Re-add oTextmodeShort.
--

Regression-due-to: e148c3caa9
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 18:29:40 +02:00
Daiki Ueno
82b90eee10
gpg: Make --try-all-secrets work for hidden recipients
* g10/getkey.c (enum_secret_keys): Really enumerate all secret
keys if --try-all-secrets is specified.
--

GnuPG-bug-id: 1985
Signed-off-by: Daiki Ueno <ueno@gnu.org>

- Add new arg CTRL to getkey_byname call.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 18:15:52 +02:00
Werner Koch
7b96a8d736
gpg: Do not print a the short keyid if the high word is zero.
* g10/keyid.c (format_keyid): Always returh long keyid ifor KF_LONG.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 17:19:56 +02:00
Werner Koch
e148c3caa9
gpg: New option --mimemode.
* g10/gpg.c (oMimemode): New.
(opts): Add --mimemode.
(main): Use --mimemode only in rfc4880bis compliance mode.
* g10/options.h (struct opt): Add field "mimemode".
* g10/build-packet.c (do_plaintext): Allow for mode 'm'.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested.
* g10/plaintext.c (handle_plaintext): Handle 'm' mode.
* g10/sign.c (write_plaintext_packet): Handle 'm' mode.
(sign_file, sign_symencrypt_file): Use 'm' if requested.
--

Thsi patch prepares for a proposed change in RFC4880bis to support a
MIME flag.  A literal data packet with the mime flag set is handled
like a 't' or 'u' but CR are not removed.  The PLAINTEXT status line
will also indicate a MIME content.

If --mimemode is used without --rfc4880bis 't' will be used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-13 13:31:12 +02:00
Werner Koch
9b075575cd
gpg: Extend import-option import-export to print PKA or DANE.
* g10/export.c (do_export_stream): Move PKA and DANE printing helper
code to ...
(print_pka_or_dane_records): this fucntion.
(write_keyblock_to_output): Add arg OPTIOSN and call
print_pka_or_dane_records if requested.
--

It is now possible to print a DANE record given a a file with a key
without importing the key first:

  gpg --export-options export-dane \
      --import-options import-export \
      --import-filter keep-uid='mbox =~ alpha' \
      --import FILE_WITH_KEY

Using the filter we only print a user id with the substring "alpha" in
the addr-spec.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-12 15:13:34 +02:00
Werner Koch
0f5b105d96
gpg: Move a function from import.c to export.c.
* g10/import.c (write_keyblock_to_output): Move to ...
* g10/export.c (write_keyblock_to_output): here.  Add arg WITH_ARMOR.
Also make sure never to export ring trust packets.
2016-07-12 15:13:34 +02:00
NIIBE Yutaka
e32c575e0f gpgv: Tweak default options for extra security.
* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status.  Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.

--

It is common that an organization distributes binary keyrings with
signature cache (Tag 12, Trust Packet) and people use gpgv to validate
signature with such keyrings.  In such a use case, it is possible that
the key validation itself is skipped.

For the purpose of gpgv validation of signatures, we should not depend
on signature cache in keyrings (if any), but we should validate the key
by its self signature for primary key, and back signature for subkey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-09 10:20:02 +09:00
Werner Koch
cbe467e794
gpg: Add export options "export-pka" and "export-dane".
* g10/options.h (EXPORT_PKA_FORMAT): New.
* g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
* g10/export.c: Include zb32.h.
(parse_export_options): Add options "export-pka" and "export-dane".
(do_export): Do not armor if either of these option is set.
(print_pka_or_dane_records): New.
(do_export_stream): Implement new options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-07 17:35:20 +02:00
Werner Koch
b05878f32a
gpg: Split a too large export function.
* g10/export.c (do_export_stream): Factor some code out to ...
(do_export_one_keyblock): new.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-07 17:35:20 +02:00
Werner Koch
a479804c86
gpg: New options --recipient-file and --hidden-recipient-file.
* g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
(opts): Add options --recipient-file and --hidden-recipient-file.
(main): Implement them.  Also remove duplicate code from similar
options.
* g10/keydb.h (PK_LIST_FROM_FILE): New.
(PK_LIST_SHIFT): Bump up.
* g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
(find_and_check_key): Add and implement arg FROM_FILE.
(build_pk_list): Pass new value for new arg.
* g10/getkey.c (get_pubkey_fromfile): New.
* g10/gpgv.c (read_key_from_file): New stub.
* g10/test-stubs.c (read_key_from_file): New stub.
* g10/server.c (cmd_recipient): Add flag --file.
* g10/import.c (read_key_from_file): New.

* tests/openpgp/defs.scm (key-file1): New.
(key-file2): New.
* tests/openpgp/setup.scm: Add their private keys and import the
key-file1.
* tests/openpgp/encrypt.scm: Add new test.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:35:19 +02:00
Werner Koch
073be51a86
gpg: New option --no-keyring.
* g10/gpg.c (oNoKeyring): New.
(opts): Add "--no-keyring".
(main): Do not register any keyring if the option is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 15:33:53 +02:00
Werner Koch
fdfde91595
gpg: Document use of node flags in import.c and remove unused args.
* g10/import.c (NODE_GOOD_SELFSIG): New.  Use instead of 1.
(NODE_BAD_SELFSIG): New.  Use instead of 2.
(NODE_DELETION_MARK): New.  Use instead of 4.
(NODE_FLAG_A): New.  Use to mark new nodes in merge_blocks.
(chk_self_sigs): Remove unused args FNAME and PK.
(import_one): Adjust call.  Simplify error return because
chk_self_sigs does not return an error code.
(append_uid, append_key, merge_sigs, merge_keysigs): Remove unsued
args FNAME and KEYID.
(merge_blocks, import_one, import_secret_one)
(import_revoke_cert): Remove unused arg FNAME.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 11:29:19 +02:00
Werner Koch
7e0c48eb6f
gpg: Get rid of an unused arg in a function in getkey.c.
* g10/getkey.c (pk_from_block): Remove unused arg CTX.  Change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 08:55:34 +02:00
Werner Koch
9385dfeb9d
gpg: Change calling convention for a function in getkey.c
* g10/getkey.c (merge_selfsigs): Remove arg CTX.  Add args REQ_USAGE
and WANT_EXACT.
(finish_lookup): Adjust caller.  Set LOOKUP_NOT_SELECTED here...
(lookup): and not here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 08:55:30 +02:00
Werner Koch
5d1a9c4dc8
gpg: Fix possible out-of-bounds read in is_armored.
* g10/armor.c (check_input): Call is_armored only if LEN >= 2.
(unarmor_pump): Use a 2 byte buffer for is_armored.
--

Fixes-commit: 605276ef8c
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-05 18:49:06 +02:00
Justus Winter
a6b87981f7 g10: Fix out-of-bounds read.
* g10/armor.c (use_armor_filter): We need two bytes for 'is_armored'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-05 12:38:15 +02:00
Werner Koch
9177a89773
gpg: Avoid spurious failures on keyblocks with no or only deleted nodes.
* g10/import.c (write_keyblock_to_output): Clear ERR on success.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-03 11:56:10 +02:00
Werner Koch
7bfc86c938
gpg: New option --export-filter
* g10/gpg.c (oExportFilter): New.
(opts): Add --export-filter.
(main): Handle option.
* g10/export.c: Include recsel.h, init.h, and mbox-util.h.
(export_keep_uid): New global var.
(cleanup_export_globals): New.
(parse_and_set_export_filter): New.
(filter_getval): New.
(apply_keep_uid_filter): New.
(do_export_stream): Apply filter if set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:50:12 +02:00
Werner Koch
5137bf73cc
gpg: New option --import-filter
* g10/gpg.c (oImportFilter): New.
(opts): Add --import-filter.
(main): Handle option.
* g10/import.c: Include recsel.h, init.h, and mbox-util.h.
(import_keep_uid): New global var.
(cleanup_import_globals): New.
(parse_and_set_import_filter): New.
(filter_getval): New.
(apply_keep_uid_filter): New.
(import_one): Apply filter if set.
--

Funny new option.  It can for example be used to export a key with
only one user id:

  gpg --no-options --import --import-options import-export \
      --import-filter keep-uid='mbox=wk@gnupg.org'         \
     < full-key.pub > key-with-one-uid.pub

More features will eventually be added.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:28:29 +02:00
Werner Koch
f015552374
gpg: Allow to cache the mbox in a user id struct.
* g10/packet.h (PKT_user_id): Add field 'mbox'.
* g10/free-packet.c (free_user_id): Free that.
--

This will be required by the coming import filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:27:43 +02:00
Werner Koch
d8bce478be
gpg: Make sure a user ID packet has always a terminating Nul in memory.
* g10/keygen.c (write_uid): Avoid overflow.
--

Also the actual length if the user ID is given by LEN, using NAME
diretcly is often more convenient.
2016-07-01 16:27:43 +02:00
Justus Winter
78aeb236fe g10: Fix memory leak.
* g10/keyserver.c (parse_keyserver_uri): Free URI.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-01 14:16:18 +02:00
Justus Winter
c454922ffa g10: Fix memory leak.
* g10/import.c (transfer_secret_keys): Release curve from the previous
iteration.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-01 13:43:01 +02:00
Justus Winter
ff77b92aae g10: Fix build with disabled kbnode cache.
* g10/kbnode.c (release_unused_nodes): Fix build with disabled kbnode
cache.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-01 12:50:29 +02:00
Justus Winter
44d4c69572 g10: Fix memory leak.
* g10/trustdb.c (tdb_get_validity_core): Fix kbnode leak.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-01 12:48:57 +02:00
Justus Winter
5fafd18d47 g10: Fix memory leak.
* g10/keygen.c (keygen_set_std_prefs): Fix memory leak.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-01 11:41:20 +02:00
Justus Winter
6bfbc368f9 Fix trivial memory leaks in tests.
* dirmngr/t-ldap-parse-uri.c (check_ldap_escape_filter): Free result.
* g10/t-stutter.c (main): Free file name.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-01 09:47:48 +02:00
Justus Winter
401db0eebb g10: Fix memory leak.
* g10/export.c (do_export_stream): Free secret parameters.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 18:50:16 +02:00
Justus Winter
eb4cdbefb0 g10: Fix memory leak.
* g10/keygen.c (read_parameter_file): Free 'line'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 18:50:16 +02:00
Justus Winter
1de362af90 g10: Fix memory leak.
* g10/sign.c (mk_notation_policy_etc): Free 'mbox'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 18:50:16 +02:00
Justus Winter
6b9a89e4c7 common: Fix memory leak.
* g10/textfilter.c (copy_clearsig_text): Free buffer.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 18:50:16 +02:00
Justus Winter
29beea6462 g10: Fix keybox-related memory leaks.
* g10/keydb.c (keydb_release): Clear keyblock cache.
(keydb_get_keyblock): Revert previous change.
* kbx/keybox-blob.c (create_blob_finish): Free previous buffer, free
fixups after applying them.
(_keybox_release_blob): Free buffer.  Currently, the buffer has been
extracted before the keybox is released, but this is the right thing
to do here.

Fixes-commit: c57501cc
Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 18:50:16 +02:00
Justus Winter
5869f518cb g10: Fix memory leak.
* g10/compress.c (release_context): Free buffers.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 18:50:16 +02:00
Justus Winter
84f262102b g10: Fix memory leak.
* g10/sign.c (write_plaintext_packet): Free packet.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 18:50:16 +02:00
Justus Winter
abae8a9dc8 g10: Fix memory leak.
* g10/mainproc.c (release_list): Do not exit early if list is NULL,
there are other resources that must be released.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 15:31:37 +02:00
Justus Winter
dbcb342eaf w32: Fix build.
* g10/keyedit.c (keyedit_quick_revuid): Fix call to
'check_trustdb_stale'.

Fixes-commit: 55d112ee
Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-30 15:28:42 +02:00
Daniel Kahn Gillmor
55d112eeb0
g10: Implement gpg --quick-revuid
* g10/revoke.c (get_default_uid_revocation_reason): New.
* g10/keyedit.c (menu_revuid): Break out creation of uid revocation
into new function core_revuid.
* g10/keyedit.c (keyedit_quick_revuid): New. Selects key and
uid, invokes core_revuid.
* g10/gpg.c (main): Handle --quick-revuid argument.
* doc/gpg.texi: Document --quick-revuid.

--

This functionality is a counterpart to --quick-adduid, and will be
useful for projects that depend programmatically on gpg to revoke user
IDs (one such example is "monkeysphere-host revoke-servicename").

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

- Minor re-indentation work.
- Changed a "0 == memcmp" to "!memcmp"
- Removed tests/openpgp/quick-key-manipulation.test from the
  Makefile.  This test needs to be converted to gpgscm.
- Removed example from whats-new-in-2.1.txt because that is generated.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-30 11:45:13 +02:00
Justus Winter
c57501cc5f g10: Fix memory leaks.
* g10/keydb.c (keydb_get_keyblock): Free 'sigstatus' and 'iobuf'.
* g10/t-keydb-get-keyblock.c: Fix trivial memory leaks.
* g10/t-keydb.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-06-28 18:21:50 +02:00
Werner Koch
20ca075d96
gpg: Add hack to --quick-gen-key to create Curve25519 keys.
* g10/keygen.c (quick_generate_keypair): Add special algo string
"test-default".
--

Well, this is a hack to quickly create keys with the algorithms we
will eventually use as defaults.  Usage:

  gpg -v --quick-gen-key --passphrase '' --batch USERID test-default

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-28 15:53:59 +02:00
NIIBE Yutaka
52f65281f9 g10: Fix --list-packets.
* g10/gpg.c (main): Call set_packet_list_mode after assignment of
opt.list_packets.
* g10/mainproc.c (do_proc_packets): Don't stop processing with
--list-packets as the comment says.
* g10/options.h (list_packets): Fix the comment.
* g10/parse-packet.c: Fix the condition for opt.list_packets.

--

Debian-bug-id: 828109
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-28 15:56:48 +09:00
Werner Koch
7bca3be65e
gpg: New import option "import-export".
* g10/import.c (parse_import_options): Add option "import-export".
(write_keyblock_to_output): New.
(import_one): Implement option.
--

We are now in the import export business.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-24 13:11:37 +02:00
Werner Koch
1e5959ec05
gpg: New import option "import-show".
* g10/options.h (IMPORT_SHOW): New.
* g10/import.c (parse_import_options): Add "import-show".
(import_one): Implement that.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 20:01:15 +02:00
Werner Koch
09c6f71351
gpg: Do not print the validity after key generation.
* g10/keylist.c (struct keylist_context): Add field NO_VALIDITY.
(list_keyblock_print): Take care of it.
(list_keyblock_direct): Add arg NO_VALIDITY.
* g10/keygen.c (do_generate_keypair): Merge keyblock and print w/o
validity.
--

It will always be ultimate and by not printing it we avoid a lot of
garbage output due to the trustdb re-calculation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 20:01:15 +02:00
NIIBE Yutaka
6f5ff1cfe4 g10: Fix regression of card-edit/fetch.
* g10/card-util.c (fetch_url): Call keyserver_fetch instead of
keyserver_import_fprint.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-23 12:12:43 +09:00
Werner Koch
955baf0436
gpg: Add experimental support for an issuer fpr.
* common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New.
* g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and
insert the issuer fpr if needed.
* g10/sign.c (write_signature_packets): Pass signing key.
(make_keysig_packet): Ditto.
(update_keysig_packet): Ditto.
* g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr.
(parse_one_sig_subpkt): Detect issuer fpr.
(can_handle_critical): Add issuer fpr.
* g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint.
* g10/gpgv.c (keyserver_import_fprint): New stub.
* g10/test-stubs.c (keyserver_import_fprint): New stub.
--

This support is enabled with the --rfc4880bis option and intended to
test to recently proposed issuer fpr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 23:59:18 +02:00
Werner Koch
ee2d9061d7
gpg: New option --rfc4880bis.
* g10/options.h (struct opt): Add field flags.rfc4880bis.
* g10/gpg.c (oRFC4880bis): new.
(opts): add --rfc4880bis.
(main): Implement that and print a warning.
--

This is option enables experimental features which may be dropped or
changed with the next release.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 23:59:18 +02:00
Niibe Yutaka
35a3ce2acf g10: Fix another race condition for trustdb access.
* g10/tdbio.c (create_version_record): Call create_hashtable to always
make hashtable, together with the version record.
(get_trusthashrec): Remove call to create_hashtable.

--

GnuPG-bug-id: 1675
Thanks to Scott Moser for a reproducible script and patience.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-15 08:49:50 +09:00
Werner Koch
b56aebe766
gpg: Print the subkey's curve and not the primary key curve.
* g10/keylist.c (list_keyblock_colon): Use PK2 for the subkey's curve.
--

Reported-by: mantorix at vollbio punkt de
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-14 23:15:32 +02:00
Werner Koch
f980cd2e0e
gpg: Avoid endless loop in a tofu error case.
* g10/tofu.c (get_trust): Do not jump to out.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-14 12:04:01 +02:00
Werner Koch
1affdf1efc
gpg: Split tofu's get_trust function into several smaller ones.
* g10/tofu.c (get_trust): Factor code out to ...
(format_conflict_msg_part1): new and to ...
(ask_about_binding): new.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-14 12:02:22 +02:00
Werner Koch
5ddccf4fc6
doc: Consistently use 'keyserver'.
--
GnuPG-bug-id: 2383

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-14 09:06:44 +02:00
Werner Koch
9e126af215
gpg: Un-deprecate option --auto-key-retrieve.
* g10/gpg.c (main): Remove deprecation warning.
--

Most options for the keyserver have been moved to dirmngr and thus it
does not make sense to favor "--keyserver-options auto-key-retrieve"
over the direct options --auto-key-retrieve and --no-auto-key-retrieve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:32:38 +02:00
Werner Koch
61e7fd68c0
gpg: New option --disable-signer-uid, create Signer's UID sub-packet.
* g10/gpg.c (oDisableSignerUID): New.
(opts): New option '--disable-signer-uid'.
(main): Set option.
* g10/options.h (opt): Add field flags.disable_signer_uid.
* g10/sign.c: Include mbox-util.h.
(mk_notation_policy_etc): Embed the signer's uid.
* g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
retrieval if --disable-signer-uid is used.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 11:24:09 +02:00
Werner Koch
08c82b1b55
gpg: Try Signer's User ID sub-packet with --auto-key-retrieve.
* g10/packet.h (PKT_signature): Add field 'signers_uid'.
* g10/parse-packet.c (parse_signature): Set this field.
* g10/free-packet.c (free_seckey_enc): Free field.
(copy_signature): Copy field.
* g10/mainproc.c (akl_has_wkd_method): New.
(check_sig_and_print): Extend NEWSIG status.  If WKD is enabled try to
locate a missing key via the signature's Signer's User ID sub-packet.
Do this right before trying a keyserver lookup.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 10:40:34 +02:00
Werner Koch
18b03e756b
gpg,indent: Re-indent and chnage var names in sign.c
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 09:37:53 +02:00
Werner Koch
334e993a71
gpg: Remove C-99ism, re-indent, and simplify one function.
* g10/call-agent.c (struct keyinfo_data): Rename to
keyinfo_data_parm_s.
(agent_get_keyinfo): Replace C-99 style init.
(keyinfo_status_cb): Use new fucntion split_fields.
* g10/export.c (match_curve_skey_pk): Add missings returns error
cases.
(cleartext_secret_key_to_openpgp): Better clear PK->PKEY first.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-11 20:42:28 +02:00
Daniel Kahn Gillmor
c41c46fa84
g10: Export cleartext keys as cleartext
* g10/export.c (do_export_stream): If a key is stored by the agent in
cleartext, then try to export it as cleartext.
* tests/openpgp/export.test: For secret keys that are stored in
cleartext, test should try to export without pinentry interaction.
--

This restores the behavior of GnuPG 2.0 and 1.4 when exporting
passphraseless secret keys, and fixes the test suite accordingly.

GnuPG-bug-id: 2070, 2324
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-11 11:18:58 +02:00
Daniel Kahn Gillmor
a3cb72af79
g10: Allow receiving cleartext secret keys from agent
* g10/export.c (match_curve_skey_pk): New function, testing whether an
OpenPGP public key and an S-expression use the same curve.
* g10/export.c (cleartext_secret_key_to_openpgp): New function,
filling in the secret key parameters of a PKT_public_key object from
a corresponding cleartext S-expression.
* g10/export.c, g10/main.h (receive_seckey_from_agent): Add cleartext
parameter, enabling retrieval of the secret key, unlocked.
* g10/export.c (do_export_stream): Send cleartext as 0, keeping current
behavior.
* g10/keygen.c (card_store_key_with_backup): Use cleartext=0 to ensure
that smartcard backups are all passphrase-locked.
--

This sets up internal functionality to be capable of exporting
cleartext secret keys, but does not change any existing behavior.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-11 11:16:19 +02:00
Daniel Kahn Gillmor
7de7432076
g10: Add openpgp_protected flag to agent secret key export functions
* g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): Request openpgp_protected
secret keys from agent.
* agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
brief description of the effect of --openpgp.
--

The --openpgp flag for gpg-agent's EXPORT_KEY actually forces
encryption in a certain (RFC 4880-compatible format).  This changeset
exposes that functionality in internal functions, and clarifies
functionality in the agent's help text.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-11 11:14:00 +02:00
Daniel Kahn Gillmor
00f30cc01c
g10: report whether key in agent is passphrase-protected or not
* g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add
  r_cleartext parameter to report whether a key is stored without
  passphrase protection.
* g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to
  match new API.
* g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c,
  g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet
  need to know whether agent is passphrase-protected.

--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-11 11:09:09 +02:00
Werner Koch
6790115fd9
w32: Fix recent build regression.
* common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition
for NAME.
* g10/gpg.c (main) [W32]:  Fix use og gnupg_homedir.

* agent/gpg-agent.c (remove_socket): Remove unused var P.
* scd/scdaemon.c (cleanup): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 15:14:06 +02:00
Werner Koch
fb88f37c40
common: Remove homedir arg from start_new_{dirmngr,gpg_agent}.
* common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in
favor of gnupg_homedir ().  Change all callers.
(start_new_dirmngr): Ditto.
* common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg
'homedir'.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 13:09:00 +02:00
Werner Koch
22a7ef01aa
Replace use of opt.homedir by accessor functions.
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--

This will make detection of a non-default homedir easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
NIIBE Yutaka
abeeb84a94 gpg: Fix command line parsing of --quick-addkey and --quick-gen-key.
* g10/gpg.c (main): Compose a block by curly braces.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-07 14:16:32 +09:00
Werner Koch
7257ea2d45
gpg: Use --keyid-format=none by default.
* g10/gpg.c (main): Init keyid_format to KF_NONE.
* g10/keyid.c (format_keyid): Ditto.
(keystrlen): Ditto.
--

GnuPG-bug-id: 2379
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 17:03:47 +02:00
Werner Koch
1d1cb86694
gpg: Add option --with-subkey-fingerprint.
* g10/gpg.c (oWithSubkeyFingerprint): New.
(opts): Add --with-subkey-fingerprint[s].
(main): Set that option.
* g10/options.h (struct opt): Add 'with_subkey_fingerprint'.
* g10/keylist.c (list_keyblock_print): Print subkey fingerprint.
(print_fingerprint): Tweak printing to use compact format if
desirable.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:56:18 +02:00
Werner Koch
b047388d57
gpg: Implement --keyid-format=none.
* g10/gpg.c (main): Add option "none" to --keyid-format.
* g10/options.h (KF_NONE): New.
* g10/keyid.c (format_keyid): Implement that.
(keystr): Use format "long" is KF_NONE is in use.
(keystr_with_sub): Ditto.
* g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE.
Factor some code out to ...
(print_key_line): new.
(print_fingerprint): Add mode 20.
* g10/mainproc.c (list_node): Use print_key_line.  Replace MAINKEY by
flags.primary in the PK.  Fix putting a " revoked..." string into the
colons format.
* g10/pkclist.c (do_edit_ownertrust): Use print_key_line.  This
slightly changes the putput format.
* g10/revoke.c (gen_standard_revoke): Use print_key_line.  This may
also put "expires: " into the output.
--

Due to user experience problems with the keyid and we better allow to
show the fingerprint instead.  Note that we do not support v3 keys
anymore and thus there is no technical need for a user to know the
keyid.

GnuPG-bug-id: 2379
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-06 16:03:22 +02:00
Werner Koch
e792eb1bb4
indent: Wrap strings in debug messages.
--
2016-06-06 12:24:53 +02:00
Werner Koch
8d976a6b07
gpg: Add the fingerprint to KEY_CREATED for subkeys.
* g10/keygen.c (print_status_key_created): Make more robust by
allowing a NULL for PK.
(generate_subkeypair): Use print_status_key_created.
(generate_card_subkeypair): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 22:01:51 +02:00
Werner Koch
1b460f049e
gpg: Try to use the passphrase from the primary for --quick-addkey.
* agent/command.c (cmd_genkey): Add option --passwd-nonce.
(cmd_passwd): Return a PASSWD_NONCE in verify mode.
* g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
not send a RESET if given.
(agent_passwd): Add arg 'verify'.
* g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
(gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
(generate_subkeypair): Use sepeare hexgrip var for the to be created
for hexgrip feature.  Verify primary key first.  Make use of the
passwd nonce.  Allow for a static passphrase.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
Werner Koch
01285f909e
gpg: Extend the --quick-gen-key command.
* g10/keygen.c (quickgen_set_para): Add arg 'use'.
(quick_generate_keypair): Add args 'algostr', 'usagestr', and
'expirestr'.  Implement primary only key mode.
(parse_algo_usage_expire): Set NBITS for the default algo.
* g10/gpg.c (main): Extend --quick-gen-key command.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 18:38:10 +02:00
Werner Koch
dcc4cd8382
gpg: Improve the new parse_subkey_algostr_usagestr fucntion.
* g10/keygen.c (parse_usagestr): Allow "cert".
(generate_subkeypair): Factor expire parsing out to ...
(parse_subkey_algostr_usagestr): here.  Rename to ...
(parse_algo_usage_expire): this.  Add arg 'for_subkey'.  Set CERT for
primary key and check that it is not set for subkeys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 17:06:39 +02:00
Werner Koch
8f2a053a0f
gpg: New command --quick-addkey.
* g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
(ask_keysize): Factor code out to ...
(get_keysize_range, fixup_keysize): new.
(parse_parameter_usage): Factor parsing out to  ...
(parse_usagestr): new.  Allow use of "encr" as alias for "encrypt".
(parse_subkey_algostr_usagestr): New.
(generate_subkeypair): Add new args.  Implement unattended mode.

* g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
(find_by_primary_fpr): new.
(keyedit_quick_addkey): New.
* g10/gpg.c (aQuickAddKey): New.
(opts): Add --quick-addkey.
(main): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 16:01:48 +02:00
Werner Koch
d837f6b0ea
gpg: Do not abort on certain invalid packets.
* g10/build-packet.c (write_fake_data): Check for non-opaque data.
* g10/seskey.c (do_encode_md): Return NULL instead of abort.
--

The first may happen if the usage flags of an algorithm do not match
the allowed usage.  When writing a backsig this would lead to a
log_bug in libgcrypt due to the use of a regular MPI as opaque data.

The second may happen with all kind of invalid data.  It is easy to
avoid an abort, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 15:57:59 +02:00
NIIBE Yutaka
db1ecc8212 g10: Allow User ID length >= 256.
* build-packet.c (do_user_id): Call write_header2 with HDRLEN not set.

--

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 2374
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-06-01 21:04:41 +09:00
Werner Koch
67a4bc8d53
gpg: New status code NOTATION_FLAGS.
* common/status.h (STATUS_NOTATION_FLAGS: New.
* g10/packet.h (struct notation): Add flags.human.
(notation_t): New typedef.
* g10/build-packet.c (sig_to_notation): Set flags.human.
* g10/keylist.c (show_notation): Write STATUS_NOTATION_FLAGS.
2016-05-31 15:51:18 +02:00
Werner Koch
6c957c3d88
gpg: Keep current and total of PROGESS status lines small enough.
* g10/progress.c (progress_filter): Factor status wrote out to...
(write_status_progress): New.  Scale values down.
--

GnuPG-bug-id: 2368
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-27 11:29:55 +02:00
Werner Koch
9bbb841bd9
gpg, w32: Fix build regression.
--

Fixes-commit: 754b1c4630
2016-05-24 13:04:29 +02:00
Daniel Kahn Gillmor
5beb6ab4b0 g10: Fix typo in comment.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 15:03:59 +02:00
Werner Koch
78bb08425a
gpg: Speed up key listing in Tofu mode.
* g10/tofu.c (get_trust): Add arg PK.  Uses this instead of a an extra
lookup of the public key by fingerrpint.
(tofu_register): Pass PK to get_trust.
(tofu_get_validity): Ditto.

*g10/tofu.c (tofu_register): Remove unused FINGERPRINT_PP.
--

With my test keybox I see a speedup of 10 times (33s to 3.1s).  The
reason for this was the extra key lookup which I hacked in at some
point to make the extraction of a keyid correct also for non v4 keys.
However our caller already has the public key and thus can easily pass
it to get_trust along with the fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 20:38:18 +02:00
Werner Koch
b1ba460d8f
gpg: Avoid name spaces clash with future sqlite versions.
* g10/sqlite.c: Rename to gpgsql.c.  Change function prefixes to
gpgsql_.
* g10/sqlite.h: Rename to gpgsql.h.
* g10/tofu.c: Adjust for changes.
--

We used for our own extensions symbols with an sqlite_ names prefix.
This may in theory lead to duplicated symbols but more important, it
is harder to understand what is from gpg and what is from libsqlite.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 20:06:59 +02:00
Werner Koch
006a612613
gpg: Explicitly close a combined Tofu DB.
* g10/tofu.c (tofu_closedbs): Close combined DB.
2016-05-21 12:51:18 +02:00
Werner Koch
8abd1f53fd
gpg: Remove debug output accidently introduced with 027c4e5.
--

Fixes-commit: 027c4e5552
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 12:33:41 +02:00
Werner Koch
754b1c4630
gpg: Store the Tofu meta handle for databases in CTRL.
* g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations.
(struct server_control_s): Add field tofu.dbs.
* g10/tofu.c (struct dbs): Rename to tofu_dbs_s.  Replace all users by
by tofu_dbs_t.
(opendbs):  Add arg CTRL.  Cache the DBS in CTRL.
(closedbs): Rename to tofu_closedbs and make global.  Add arg CTRL.
(tofu_register): Add arg CTRL.  Change all callers.  Do not call
closedbs.
(tofu_get_validity): Ditto.
(tofu_set_policy): Ditto.
(tofu_get_policy): Ditto.
(tofu_set_policy_by_keyid): Add arg CTRL.
* g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 12:26:44 +02:00
Werner Koch
027c4e5552
gpg: Pass CTRL object down to the trust functions
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
Werner Koch
fd973ee1c1
gpg: Fix the TOFU_STATS_LONG status.
* g10/tofu.c (show_statistics): Print TOFU STATS with formatting
characters.
--

We better leave the non-breaking space character in the status
messages so that the caller can make use of them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:06:24 +02:00
Werner Koch
437c97ab6a
gpg: Print "[ never ]" instead of err for validity.
* g10/trust.c (uid_trust_string_fixed): Handle NEVER.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-19 09:35:20 +02:00
Werner Koch
a69d3c122c
gpg: Add --weak-digest to gpgv's help screen.
--

Suggested-by: Daniel Kahn Gillmor
2016-05-18 17:00:03 +02:00
Werner Koch
ff71521d96
gpg: Emit new status line KEY_CONSIDERED.
* common/status.h (STATUS_KEY_CONSIDERED): New.
* g10/getkey.c: Include status.h.
(LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
(finish_lookup): Add arg R_FLAGS.  Count expired and revoked keys and
set flag.  Check a requested usage before checking for expiraion or
revocation.
(print_status_key_considered): New.
(lookup): Print new status.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-17 19:13:19 +02:00
NIIBE Yutaka
83a90a916e g10: Fix signature checking.
* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
walk_kbnode.

--

Thanks to Vincent Brillault (Feandil).

GnuPG-bug-id: 2351
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-05-11 19:27:03 +09:00
Werner Koch
ac9ff644b1
gpg: Allow unattended deletion of secret keys.
* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--

Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
Werner Koch
693838f012
gpg: Fix buglet in the check_all_keysigs function.
* g10/keyedit.c (sig_comparison): Actually compare the pubkey
algorithms.
--

This fixes two bugs: The first was a typo which led to us comparing A
with A.  The second problem was the use of an assert at a place where
this can't be asserted: Two signature may have different algorithms;
they won't verify but after all it is about corrupted signatures.

Reported-by: Guilhem Moulin <guilhem@fripost.org>
GnuPG-bug-id: 2236
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-09 21:16:23 +02:00
Werner Koch
d33b35f748
gpg: Request a "save" after cmd "check" fixed something.
* g10/keyedit.c (keyedit_menu) <cmdCHECK>: Set modified.
--

Reported-by: Guilhem Moulin <guilhem@fripost.org>
GnuPG-bug-id: 2236
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-09 21:16:23 +02:00
Werner Koch
920b1421b3
gpg: Fix const char pointer mismatch with gettext.
* g10/tofu.c (get_trust): Use const char *.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-04 14:40:16 +02:00
Werner Koch
d00625dae6
Some minor string changes and fixed a printf format.
* g10/build-packet.c (notation_value_to_human_readable_string): Use
%zu for size_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-04 11:05:13 +02:00
Werner Koch
33aacc3d4b
tests: Silence output of some tests.
* common/t-exechelp.c (print_open_fds): Silence non-verbose output.
(test_close_all_fds): Ditto.
* common/t-session-env.c (show_stdnames): Indent output.
* g10/test.c (TEST): Silence non-verbose okay output.
(exit_tests): Ditto.
* tools/gpg-zip.in (tar_verbose_opt): Add option --quiet.
* tests/openpgp/gpgtar.test (GPGZIP): Pass option --quiet.
* tests/openpgp/mds.test: Indent MD5 notice.
* tests/openpgp/version.test: Indent --version output.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-03 11:26:06 +02:00
Werner Koch
83865be35c
gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.
* g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD.
(FULL_TRUST_THRESHOLD): New.
(write_stats_status): New.
(show_statistics): Call new function.  Print TOFU_STATS_LONG.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-03 10:26:55 +02:00
Werner Koch
ae1889320b
gpg: Extend TRUST_foo status lines with the trust model.
* g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New.
* g10/trustdb.c (trust_model_string): Lowercase the strings.  Add arg
"model" and change callers to call with OPT.TRUST_MODEL.
* g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED.
* g10/pkclist.c (write_trust_status): New.
(check_signatures_trust): Call new function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-02 19:10:59 +02:00
Werner Koch
5cef611858
gpg: Improve line wrapping for a tofu message.
* g10/tofu.c (time_ago_str): Mark non-breakable spaces.
(show_statistics): Remove marks.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-02 13:18:20 +02:00
Werner Koch
d73e83c3b6
gpg: Re-format some tofu messages.
* common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS)
(STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New.
* g10/tofu.c (NO_WARNING_THRESHOLD): New.
(record_binding, tofu_register): Take care of --dry-run.
(show_statistics): Print STATUS_TOFU_USER.  Reformat some messages.
Fix the ngettext/strcmp thing.  Use log_string instead of log_info.
Use NO_WARNING_THRESHOLD constant.
(get_trust): Use format_text and print a compact fingerprint.

--

The use of log_string makes long messages better readable; instead of

  gpg: Warning: if you think you've seen more[...]
  key, then this key might be a forgery!  Car[...]
  address for small variations.  If the key i[...]

we now have

  gpg: Warning: if you think you've seen more[...]
       key, then this key might be a forgery![...]
       address for small variations.  If the [...]

We also put the key information after the message and not between the
user id and the last used info like here:

  gpg: Verified 7 messages signed by "Werner Koch <werner@eifzilla.de>"
       in the past 4 days, 16 hours.
       The most recent message was verified 3 days, 13 hours ago.
       (key: 8061 5870 F5BA D690 3336  [...] 1E42 B367, policy: auto)

This also makes the key info a separate translatable string.

Further a compact version of the fingerprint (hex w/o spaces) is
printed in some messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-02 13:18:20 +02:00
Werner Koch
dcad99c986
gpg: Factor some code code out of tofu.c
* g10/tofu.c (string_to_long): New.
(string_to_ulong): New.
(get_single_unsigned_long_cb): Replace strtol/strtoul by new function.
(get_single_long_cb): Ditto.
(signature_stats_collect_cb):  Ditto.
(get_policy): Ditto.
(show_statistics): Ditto.  Uese es_free instead of free.
--

There is one minor semantic change: We now accept "nnn.0" always.  The
old code did not checked for ".0: in show_statistics.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 15:41:10 +02:00
Werner Koch
64bfeafa52
gpg: Remove all assert.h and s/assert/log_assert/.
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 11:05:24 +02:00
Werner Koch
87de9e19ed
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.
* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method.  Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt):  Add field 'with_wkd_hash'.
(AKL_WKD): New.

* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--

The Web Key Directory is an experimental feature to retrieve a key via
https.  It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.

For example the URI to lookup the key for Joe.Doe@Example.ORG is:

    https://example.org/.well-known/openpgpkey/
    hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q

(line has been wrapped for rendering purposes).  The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part.  The
address wk@gnupg.org can be used for testing.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-27 08:34:29 +02:00
Werner Koch
07dbd061bd
gpg: Add OpenPGP card vendor 0x2342.
--
2016-04-26 15:51:46 +02:00
Werner Koch
d81de224ec
w32: Use --enable-gpg2-is-gpg by default.
* autogen.rc: Add option also for plain Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-21 09:18:29 +02:00
Werner Koch
d02de6c0a4
gpg: Improve UID selction of --quick-sign-key.
* g10/keyedit.c (keyedit_quick_sign): Improve UID selection and print
error for non-found userids.
--

GnuPG-bug-id: 2315
2016-04-19 17:57:21 +02:00
Werner Koch
085b19fc9a
gpg: Avoid debug like output at start of --edit-key.
* g10/keyedit.c (check_all_keysigs): Print info only after something
has been modified.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-19 17:57:21 +02:00
Justus Winter
02cf1357dd g10: Fix exporting secret keys of certain sizes.
* g10/build-packet.c (do_key): Do not use the header length specified
by the public key packet from the keyring, but let 'write_header2'
compute the required length.
--
Specifically exporting RSA keys of length 1024 failed, as the encoded
public key packet requires 141 bytes a length that fits into one byte,
but the secret key is significantly larger, making the export fail.

GnuPG-bug-id: 2307
Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-07 13:55:42 +02:00
Justus Winter
71040f48ef g10: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-07 13:51:26 +02:00
Justus Winter
76ca869197 Revert "g10: Support armored keyrings in gpgv."
This reverts commit abb352de51.
2016-04-06 11:34:11 +02:00
Werner Koch
f45ed07a0f
build: Fix for: Build gpgcompose only in maintainer mode
* g10/Makefile.am (noinst_PROGRAMS): Always add module_tests.
--

Fixes-commit: 4b5341d
2016-04-05 15:24:56 +02:00
Werner Koch
4b5341dc33
build: Build gpgcompose only in maintainer mode
* g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose only in maintainer
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-05 11:18:45 +02:00
Werner Koch
7b58a1118d
gpg: Replace use of "gpg2" by GPG_NAME
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-05 11:11:11 +02:00
Werner Koch
96bcd4220f
Now build "gpg" binary but install as "gpg2"
* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--

Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-04 18:40:25 +02:00
Justus Winter
abb352de51 g10: Support armored keyrings in gpgv.
* doc/gpgv.texi: Document the feature.
* g10/Makefile.am (gpgv2_SOURCES): Add dearmor.c.
* g10/dearmor.c (dearmor_file): Add sink argument.
* g10/gpg.c (main): Adapt accordingly.
* g10/gpgv.c (make_temp_dir): New function.
(main): De-armor keyrings.
* g10/main.h (dearmor_file): Adapt prototype.

GnuPG-bug-id: 2290
Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-04 17:53:03 +02:00
Justus Winter
b74185b6ea g10: Remove option --always-trust if compiled without trust models.
* g10/gpg.c (opts): Remove option --always-trust if compiled without
trust models.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-01 14:57:27 +02:00
Justus Winter
8be9dab2dd g10: Use gpg-error abstraction of sched_yield.
* g10/tofu.c (begin_transaction): Use 'gpgrt_yield'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-31 17:23:31 +02:00
Werner Koch
e2c5781788
gpg: Fix NULL-segv for missing tofu DB.
* g10/tofu.c (opendb): Guard call to timeout function.
--

GnuPG-bug-id: 2294

Fix not tested but is pretty obvious.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-29 13:30:19 +02:00
Werner Koch
fc30c079a3
gpg: Improve message when asking for key capabilities.
* g10/keygen.c (ask_key_flags): Improve message.
--

Because the curve is only selected after the capabilities are queried
we do not know whether ECDSA or EdDSA will eventually be used.  When
printing the possible capabilities we now use print "ECDSA/EdDSA" for
the algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-22 20:24:52 +01:00
Werner Koch
7f919063d3
gpg: Remove the extra prompt for Curve25519.
* g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
(ask_curve): Use a fixed table of curve names and reserve a slot for
Curve448.  Simplify CurveNNNN/EdNNNN switching.
(ask_curve): Remove the Curve25519 is non-standard prompt.
--

Given that ECC generation is only available in export mode and that
gpg will in any case support our current ed2559/cv25519 definition the
extra prompt does not make anymore sense.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-22 19:55:25 +01:00
Werner Koch
af9a4afbf0
gpg: Silence trustdb computation with --quiet.
* g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-19 14:43:28 +01:00
NIIBE Yutaka
b752d2c937 g10: Add const qualifier.
* g10/gpgcompose.c (show_help): Those are strings not to be modified.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-03-16 11:52:41 +09:00
Werner Koch
60b34f96f4
gpg: Do not rely on a certain evaluation order.
* g10/keyedit.c (print_and_check_one_sig): Call check_key_signature
before derefing IS_SELFSIG.
--

Fixes-commit: 5fbd80579a
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-15 09:22:24 +01:00
Werner Koch
834b84c0ee
scd: Add manufacturer id 0x000a
* g10/card-util.c (get_manufacturer): Add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-14 17:51:43 +01:00
Kevin J. McCarthy
4f578cb2fc g10: Silence message if --quiet is given.
* g10/getkey.c (parse_def_secret_key): Silence message if --quiet is
given.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-10 12:41:06 +01:00
Neal H. Walfield
b17577eac6 gpg: Add a new test.
* g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc.
(module_tests): Add t-stutter.
(t_stutter_SOURCES): New variable.
(t_stutter_LDADD): New variable.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Add a test to check that the Mister and Zuccerato attack described in
"An Attack on CFB Mode Encryption As Used by OpenPGP" works.
2016-03-08 14:08:49 +01:00
Justus Winter
1e4b782300 g10: Drop superfluous declaration.
* g10/main.h (disable_core_dumps): Drop declaration.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-04 13:33:04 +01:00
Justus Winter
40f6529cee g10: Guard code against errors.
* g10/keygen.c (do_generate_keypair): Check for errors, in which case
'pri_psk' is NULL.

Fixes-commit: bf9d1248
Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-04 13:29:45 +01:00
Neal H. Walfield
d040628ddf gpg: Add new program gpgcompose.
* g10/packet.h: Include "util.h".
* g10/encrypt.c (encrypt_seskey): Don't mark as static.
* g10/gpgcompose.c: New file.
* g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose.
(gpg2_SOURCES): Split everything but gpg.c into...
(gpg_sources): ... this new variable.
(gpgcompose_SOURCES): New variable.
(gpgcompose_LDADD): Likewise.
(gpgcompose_LDFLAGS): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-03-02 20:36:19 +01:00
Neal H. Walfield
605276ef8c gpg: More robustly detect valid non-armored OpenPGP messages.
* g10/armor.c (is_armored): More robustly detect valid non-armored
OpenPGP messages.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-03-02 20:36:18 +01:00
Neal H. Walfield
7eac4942b5 gpg: Split write_pubkey_enc_from_list.
* g10/encrypt.c (write_pubkey_enc_from_list): Split the body of this
function out into...
(write_pubkey_enc): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-03-02 20:36:15 +01:00
Neal H. Walfield
2fdb950471 gpg: Allow the caller to write the contents of a plaintext packet.
* g10/build-packet.c (do_plaintext): Change the semantics such that if
PT->BUF is NULL, it is the caller's responsibility to write the
content (and disable partial body length mode, if appropriate).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-03-02 20:36:14 +01:00
Neal H. Walfield
1a62458614 gpg: Add a new function for creating binary notations.
* g10/build-packet.c (blob_to_notation): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-03-02 20:36:13 +01:00
Neal H. Walfield
fd2d00ccf5 gpg: Refactor the printing of binary notations.
* g10/build-packet.c (sig_to_notation): Break printing of binary
notations into...
(notation_value_to_human_readable_string): ... this new function.
Provide a small preview of the binary data substituting non-printable
characters with '?'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-03-02 20:36:12 +01:00
Justus Winter
e77c85577d common: Consolidate Assuan server argument handling.
* common/Makefile.am (common_sources): Add new files.
* common/server-help.c: New file.
* common/server-help.h: Likewise.
* agent/command.c: Drop argument handling primitives in favor of using
the consolidated ones.
* dirmngr/server.c: Likewise.
* g10/server.c: Likewise.
* g13/server.c: Likewise.
* scd/command.c: Likewise.
* sm/server.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-02 14:14:33 +01:00
Werner Koch
2de0d41219
gpg: Prettify a 2 octet hex output.
* g10/sig-check.c (check_key_signature2): Wrap line and use %02x.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-26 11:41:18 +01:00
Neal H. Walfield
87515e3929 gpg: Show debugging info if a sig with an unsupported sig class is used.
* g10/sig-check.c (check_key_signature2): If SIG->CLASS is
unsupported, show some debugging information.  Don't use BUG to fail.
Just return GPG_ERR_BAD_SIGNATURE.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-25 21:25:27 +01:00
Neal H. Walfield
960f5e26f2 gpg: More carefully encode a packet's length.
* g10/build-packet.c (write_header2): Make sure the length bits are
cleared.  Fail if HDRLEN is set and the specified length can't be
encoded in the available space.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-25 21:20:32 +01:00
Neal H. Walfield
105a5629c7 gpg: Avoid directly twiddling bits.
* g10/build-packet.c (do_plaintext): Use ctb_new_format_p to check the
packet's format.
(write_header2): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-25 21:16:41 +01:00
Neal H. Walfield
b7b4a1bdd9 gpg: Improve documentation and comments related to OpenPGP packets.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-25 21:08:56 +01:00
Neal H. Walfield
c9636a1acc gpg: Add some asserts.
* g10/build-packet.c (ctb_new_format_p): New function.
(ctb_pkttype): New function.
(do_user_id): Add some asserts.
(do_key): Likewise.
(do_symkey_enc): Likewise.
(do_pubkey_enc): Likewise.
(do_plaintext): Likewise.
(do_encrypted): Likewise.
(do_encrypted_mdc): Likewise.
(do_compressed): Likewise.
(do_signature): Likewise.
(do_signature): Likewise.
(write_header2): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-25 15:24:25 +01:00
Neal H. Walfield
512bc72e1f gpg: Avoid an unnecessary copy.
* g10/build-packet.c (sig_to_notation): Avoid an unnecessary copy of
the data: the size of the packet is fixed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-25 14:51:55 +01:00
Neal H. Walfield
33ac735a78 gpg: Use higher-level functions.
* g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of
iobuf_put in a loop.  Use iobuf_copy instead of iobuf_read and
iobuf_write in a loop.  Move the memory wiping from here...
* common/iobuf.c (iobuf_copy): ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-23 21:10:51 +01:00
Neal H. Walfield
903466e124 common: More accurately name function.
* common/iobuf.c (iobuf_set_partial_block_mode): Rename from this...
(iobuf_set_partial_body_length_mode): ... to this.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-23 20:49:47 +01:00
Neal H. Walfield
2d1d795481 gpg: Systematically detect and fix signatures that are out of order.
* g10/keyedit.c (sig_comparison): New function.
(fix_key_signature_order): Merge functionality into...
(check_all_keysigs): ... this function.  Rewrite to eliminate
duplicates and use a systematic approach to detecting and moving
signatures that are out of order instead of a heuristic.
(fix_keyblock): Don't call fix_key_signature_order.  Call
check_all_keysigs instead after collapsing the uids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2236
2016-02-19 16:38:27 +01:00
Neal H. Walfield
44cdb9d73f gpg: Split check_key_signature2.
* g10/sig-check.c (hash_uid_node): Rename from this...
(hash_uid_packet): ... to this.  Take a PKT_user_id instead of a
KBNODE.
(check_key_signature2): Split the basic signature checking
functionality into...
(check_signature_over_key_or_uid): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:38:26 +01:00
Neal H. Walfield
5fbd80579a gpg: Split print_and_check_one_sig.
* g10/keyedit.c (print_and_check_one_sig): Split the print
functionality into...
(print_one_sig): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:03 +01:00
Neal H. Walfield
ac5aea9545 gpg: Split the function check_signature_end.
* g10/sig-check.c (check_signature_end): Break the basic signature
check into...
(check_signature_end_simple): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:02 +01:00
Neal H. Walfield
10671c3a4c gpg: Use format_keyid rather than manually formatting the keyid.
* g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
manually formatting the keyid.
* g10/keygen.c (card_write_key_to_backup_file): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:02 +01:00
Neal H. Walfield
bf9d1248c8 gpg: Initialize the primary key when generating a key.
* g10/keygen.c (do_generate_keypair): Initialize
pri_psk->flags.primary, pri_psk->keyid and pri_psk->main_keyid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-19 16:13:01 +01:00
Neal H. Walfield
c45633a571 gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid.
* g10/keydb.h (keyid_cmp): New function.
* g10/keyid.c (pk_keyid): New function.
(pk_main_keyid): New function.
(keyid_copy): New function.
(pk_keyid_str): New function.
* g10/packet.h (PKT_public_key): Update comments for main_keyid and
keyid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk,
NULL) to ensure that pk->keyid is valid.  Because it is easy to forget
to do this, these accessor functions take care of it.
2016-02-19 16:13:00 +01:00
Daniel Kahn Gillmor
813df2fe66
gpg: Clean up dangling agent_open and agent_closed declarations.
* g10/keydb.h: Remove agent_open, agent_close declarations/
* g10/migrate.c: #include <unistd.h> for access()

--
agent_open() is only defined statically in common/simple-pw-query.c,
it is neither used nor referenced anywhere else.  agent_close doesn't
exist anywhere.  The removal of these declarations removes an
unecessary inclusion of libassuan.h.

migrate.c was relying on keydb.h -> libassuan.h -> unistd.h for the
declaration of access(), so we now handle that explicitly instead.
2016-02-18 12:11:16 +01:00
Neal H. Walfield
2f02ed75a9 gpg: Make ASCII armor decoding more robust to encoding errors.
* g10/armor.c (radix64_read): If the = is followed by the string "3D",
check if the following four characters are valid radix 64 and are
followed by a new line.  If so, warn and ignore the '3D'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2250
2016-02-16 13:09:32 +01:00
NIIBE Yutaka
ea9cfcfbf7 common, g10: Fix indentation to silence GCC-6.
* common/iobuf.c (iobuf_ioctl): Fix.
* g10/encrypt.c (encrypt_filter): Likewise.
* g10/keyring.c (prepare_search): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-02-15 11:05:29 +09:00
Werner Koch
772f6b29b5
Put asterisks in front of two function descriptions.
--

This helps visual impaired hackers to easier read comments and also
helps use when looking at a printout.
2016-02-14 16:11:06 +01:00
Werner Koch
9b28b82e7c
gpg: Add hidden key-edit subcommand "change-usage".
* g10/keyedit.c (cmdCHANGEUSAGE): New.
(cmds): Add command "change-usage".
(keyedit_menu): Handle that command.
(menu_changeusage): New.
* g10/keygen.c (keygen_add_key_flags): New.
(ask_key_flags): Add optional arg current.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-14 16:01:53 +01:00
Neal H. Walfield
9663b08848 gpg: Improve API documentation.
* g10/seskey.c (make_session_key): Improve documentation.
(encode_session_key): Improve documentation.
* g10/encrypt.c (encrypt_seskey): Remove gratuitous initialization.
* g10/dek.h (DEK): Improve documenation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-14 14:46:30 +01:00
Neal H. Walfield
5cdde08ea8 gpg: Fix calc_header_length when LEN is 0 and improve documentation.
* g10/build-packet.c (calc_header_length): Return the correct haeder
size when LEN is 0.  Fix documentation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2240
2016-02-14 14:46:24 +01:00
Neal H. Walfield
c0268c449d gpg: Fix format_keyid when dynamically allocating the buffer.
* g10/keyid.c (format_keyid): Return a char *, not a const char *.  If
BUFFER is NULL, then set LEN to the static buffer's size.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-14 14:46:20 +01:00
NIIBE Yutaka
d9f9b3be03 g10: Make sure to have the directory for trustdb.
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE.  Check
the directory and create it if none before calling take_write_lock.

--

Thanks to Marc Deslauriers for the bug report and his patch.

GnuPG-bug-id: 2246

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-02-12 10:10:33 +09:00
Werner Koch
ab7d41b69c
gpg: Shorten the --tofu-policy help text
--

Using "help" as value lists the options.  Not having the current
options in the help text also makes it easier to keep translations
clean.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-27 14:00:15 +01:00
Werner Koch
7313c5fd5a
Update copyright years.
--
2016-01-26 13:20:59 +01:00
NIIBE Yutaka
b8bb16c6c0 g10: Fix segfault on unsupported curve.
* g10/call-agent.c (learn_status_cb): Don't use NULL for strcmp.
--

With libgcrypt not supporting cv25519, gpg segfaults.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-01-26 11:12:33 +09:00
Werner Koch
fbe1cf67aa
gpg: Print PROGRESS status lines during key generation.
* g10/call-agent.c (cache_nonce_status_cb): Rewrite by using
has_leading_keyword.  Handle PROGRESS lines.
--

GnuPG-bug-id: 1415
Co-authored-by: Daiki Ueno <ueno@gnu.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:35:45 +01:00
Werner Koch
361820a3be
gpg: Rework gpg-conf.skel
--

Some of the options are too rarley used to deserve an entry in the
skeleton config file.  Some are even the default for many years.
Added auto-key-locate because that is a very useful option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-22 10:54:10 +01:00
Werner Koch
fc0c71dfe5
gpg: Allow new user ids with only the mail address.
* g10/keygen.c (ask_user_id): Allow empty name.
--

The --quick-gen-key command allows this and further some mail
providers require that a key has only the mail address to allow for
anonymous accounts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-22 10:35:19 +01:00
Werner Koch
bb99b40bd1
gpg: Improve header text of the auto-created revocations.
* g10/revoke.c (gen_standard_revoke): Improve header text for the
file.  Add info output.
--

GnuPG-bug-id: 1724
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-21 18:30:51 +01:00
Werner Koch
09117e769a
gpg: Make --auto-key-retrieve work with dirmngr configured server.
* g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
* g10/keyserver.c (keyserver_any_configured): New.
(keyserver_put): Remove arg keyserver because this will always receive
opt.keyserver which is anyway used when connecting dirmngr.  Do not
check opt.keyserver.
(keyserver_import_cert): Replace opt.keyserver by
keyserver_any_configured.
* g10/mainproc.c (check_sig_and_print): Ditto.
* g10/import.c (revocation_present): Ditto.
* g10/getkey.c (get_pubkey_byname): Ditto.
* g10/gpgv.c (keyserver_any_configured): Add stub.
* g10/test-stubs.c (keyserver_any_configured): Add stub.
--

The keyserver should be configured in dirmngr.conf and thus we can't
use opt.keyserver in gpg to decide whether a keyserver has been
configured.

GnuPG-bug-id: 2147
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-21 11:49:27 +01:00
Werner Koch
bdb6135177
gpg: Silence message about ignoring revoked user ids.
* g10/trustdb.c (tdb_get_validity_core): Print message only in debug
mode.
--

This makes only sense for debugging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-20 15:51:18 +01:00
Werner Koch
cfa41890bb
gpg: Streamline use of error messages in tofu.c
* g10/tofu.c: Make use of print_further_info to reduce the number of
different error messages to be translated.  Also streamline some
messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-19 16:29:27 +01:00
Werner Koch
d96e76d15f
gpg: Add function print_further_info.
* g10/misc.c (print_further_info): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-19 16:25:31 +01:00
Werner Koch
79778a8dd5
g10: Improve strings printed by tofu.c.
* g10/tofu.c: Include ttyio.h.  Change many strings to help
translating.  Make use of ngettext wehere needed.
(CONTROL_L): New.
(TIME_AGO_UNIT_SMALL_NAME): Remove this and all similar *_NAME macros.
(time_ago_unit): Remove.
(get_trust): Use tty_prints and cpr_get only for the actual prompt.
Add Ctrl-L hack.
(show_statistics): Use two English strings for singular and plural.

* po/POTFILES.in: Add tofu.c.
--

These changes are required for proper translation.  More to changes
may be needed, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-18 18:54:46 +01:00
Werner Koch
576fedc5f6
gpg: Minor string changes.
--
2016-01-18 12:15:09 +01:00
Werner Koch
9309bda958
gpg: Use "days" in "...newer than..." diagnostics.
* g10/sig-check.c (check_signature_metadata_validity): Use days if
useful.
--

Using days instead of a high number of seconds is for the majority of
users a better measurement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-18 11:35:26 +01:00
Werner Koch
437965e562
Use ngettext for some strings.
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for
some diagnostics.
(do_genkey): Ditto.
* g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto.
* g10/keylist.c (print_signature_stats): Ditto.
* g10/keyserver.c (keyserver_refresh): Ditto.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/sign.c (do_sign): Ditto.
* g10/trustdb.c (reset_trust_records): Ditto.
(validate_keys): Use a table like diagnostic output.
--

Suggested-by: Ineiev <ineiev@gnu.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-18 11:20:15 +01:00
Werner Koch
663c5d129a
w32: Fix deadlock introduced by keybox_file_rename.
* g10/keyring.c (keyring_lock) [W32]: Flush the close cache before
locking.
* kbx/keybox-init.c (keybox_lock) [W32]: Close the file before
locking.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 20:45:33 +01:00
Werner Koch
3b1248e007
gpg: Detect race between pubring.gpg and pubring.kbx use.
* g10/keydb.c (maybe_create_keyring_or_box): Detect race condition.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 18:29:26 +01:00
Werner Koch
8241ed59d0
kbx: New function keybox_file_rename to replace rename.
* kbx/keybox-util.c: Include windows.h.
(keybox_file_rename): New.
* kbx/keybox-update.c (rename_tmp_file): Replace remove+rename by
keybox_file_rename.
* g10/keyring.c (rename_tmp_file): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 16:50:24 +01:00
Werner Koch
f5cceef115
kbx: Add function keybox_tmp_names to avoid code duplication.
* kbx/keybox-update.c (create_tmp_file): Move some code to...
* kbx/keybox-util.c (keybox_tmp_names): new.
* g10/keyring.c: Include keybox.h.
(create_tmp_file): Replace parts by keybox_tmp_names.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 16:47:42 +01:00
Werner Koch
360534bde7
gpg: Make --list-options show-usage the default.
* g10/gpg.c (main): Add LIST_SHOW_USAGE.
--

The usage flags are often useful and they don't take away much space
in a key listing.  Thus it is better to have them enabled by default.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 12:22:33 +01:00
Werner Koch
9b6c91469a
gpg: Improve error code from lock_all.
* g10/keydb.c (lock_all): Do not clobber RC during failur cleanup.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-13 14:48:02 +01:00
Werner Koch
9dc355ad3a
gpg: Make sure to mark a duplicate registered keybox as primary.
* kbx/keybox-init.c (keybox_register_file): Change interface to return
the token even if the file has already been registered.
* g10/keydb.c (primary_keyring): Rename to primary_keydb.
(maybe_create_keyring_or_box): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Mark an already registered as primary.
* sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t.
(keydb_add_resource): Ditto. s/rc/err/.
(keydb_add_resource): Adjust for changed keybox_register_file.
--

This change aligns the registering of keyboxes with those of
keyrings.  This fixes a potential bug:

  gpg --keyring foo.kbx --keyring bar.gpg --keyring foo.kbx

would have marked bar.gpg as primary resource and thus inserting new
keys there.  The correct and now fixed behavior is to insert to
foo.kbx.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-13 10:43:33 +01:00
Werner Koch
4619ea8e51
gpg: Re-indent check_key_signature2.
--

I am considering some changes and thus better start off by switching
to standard GNU indentation.  This patch also changes comment lines
like

      if (foo)
        /* Comment on foo.  */
        {

to

      if (foo)
        { /* Comment on foo.  */

or

      if (foo) /* Comment on foo.  */
        {

to make the brace of the opening block stand out immediately.

Further stars on the left are added to longer comments because that
makes the code easier to read by disabled hackers, when reading
without font locking, and for reading black-white printouts.
2016-01-12 10:42:48 +01:00
NIIBE Yutaka
3f52c7da39 common: Fix iobuf API of filter function for alignment.
* common/iobuf.h (IOBUFCTRL_DESC): Change the call semantics.
* common/iobuf.c (iobuf_desc): Add the second argument DESC.
(print_chain, iobuf_close, do_open, iobuf_sockopen, iobuf_ioctl)
(iobuf_push_filter2, pop_filter, iobuf_write_temp): Change calls
of iobuf_desc.
(file_filter, file_es_filter, sock_filter, block_filter): Fill the
description.
* common/t-iobuf.c (every_other_filter, double_filter): Likewise.
* g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
g10/decrypt-data.c, g10/encrypt.c, g10/mdfilter.c, g10/progress.c,
g10/textfilter.c: Likewise.

--

Newer GCC warns against possible alignment difference of pointers.
This change can silence those warnings.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-01-12 10:32:20 +09:00
Werner Koch
0617a05eb5
gpg: Move documentation from keydb.h to keydb.c and getkey.c.
--

When using tags (e.g. GNU global) to navigate the source code it is
way easier to have the documentation close to the function we are
looking at.  Having the documentation in the header file would require
an extra manual lookup to understand the function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
Werner Koch
b280aa6423
gpg: Fix NULL de-ref for ambiguous key check in --export-ssh-keys.
* g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
--

This change adds the expected behavior for the getkey_next function
to fix this NULL de-ref.

GnuPG-bug-id: 2212
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 10:59:13 +01:00
Werner Koch
eb9c021631
tools: Remove gpgkey2ssh.
* tools/gpgkey2ssh.c: Remove.
* tools/Makefile.am (bin_PROGRAMS): Ditto.
--

Also remove it form the docs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-09 11:28:42 +01:00
Werner Koch
b2da3951a3
gpg: Support ECDSA keys with --export-ssh-key.
* g10/export.c (key_to_sshblob): Add hack for ECDSA.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 20:37:25 +01:00
Werner Koch
4970868d8d
gpg: New command --export-ssh-key
* g10/export.c: Include membuf.h and host2net.h.
(key_to_sshblob): New.
(export_ssh_key): New.
* g10/gpg.c (aExportSshKey): New.
(opts): Add command.
(main): Implement that command.
--

GnuPG-bug-id: 2212

I have done only a few tests rights now and the ECDSA curves do not
yet work.  However ssh-keygen -l accept RSA and ed25519 keys exported
using this command.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 17:22:32 +01:00
Werner Koch
34bca9cd4b
gpg: Add an exact search flag to the PK struct.
* g10/getkey.c (merge_selfsigs_subkey): Clear exact flag.
(finish_lookup): Set exact flag.
* g10/packet.h (PKT_public_key): Add field flags.exact.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 15:16:12 +01:00
Werner Koch
2aa42baaf3
Print warnings if old daemon versions are used.
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--

We have seen too often bug reports which are due to still running old
versions of the daemons.  To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 10:33:19 +01:00
Werner Koch
496643291e
common: New function get_assuan_server_version.
* common/asshelp.c: Include membuf.h.
(get_assuan_server_version): New.
* g10/call-agent.c (agent_get_version): Use new function.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:42:29 +01:00
Werner Koch
833ba5faa1
common: New put_membuf_cb to replace static membuf_data_cb.
* common/membuf.c (put_membuf_cb): New.
* agent/call-scd.c (membuf_data_cb): Remove.  Change callers to use
put_membuf_cb.
* common/get-passphrase.c (membuf_data_cb): Ditto.
* g10/call-agent.c (membuf_data_cb): Ditto.
* sm/call-agent.c (membuf_data_cb): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
Werner Koch
8fd406c317
gpg: Return an error code from keygrip_from_pk.
* g10/keyid.c (keygrip_from_pk): Return an error code.
--

The error was show but the function did not return it.  This change
should improve error messages for unknown algorithms.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
8a56a38387
gpg: Avoid warnings about possible NULL deref.
* g10/getkey.c (cache_public_key): Protect deref of CE which actually
can't happen.
* g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
* g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
DB.
* g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
ERR.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
008aa6e6d4
gpg: Fix warnings about useless assignments.
* g10/armor.c (parse_hash_header): Remove duplicate var assignment.
* g10/getkey.c (cache_user_id): Ditto.
* g10/keygen.c (ask_curve): Ditto.  This also fixes a small memory
leak.

* g10/keygen.c (proc_parameter_file): Remove useless assignment or
pointer increment.
(generate_keypair): Ditto.
* g10/getkey.c (finish_lookup, lookup): Ditto.
* g10/card-util.c (change_pin): Ditto.
* g10/gpg.c (main) <aVerify>: Ditto.
* g10/import.c (import): Ditto.
(print_import_check): Ditto
* g10/keyring.c (do_copy): Ditto.
* g10/tdbio.c (tdbio_read_record): Ditto.
* g10/trustdb.c (tdb_update_ownertrust): Ditto.
(update_validity): Ditto.

* g10/server.c (cmd_passwd): Remove useless call to skip_options.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
a41638acf4
gpg: Fix DNS cert lookup returning an URL.
* g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL
param.  The old code was entirely buggy (c+p error).
--

Fixes-commit: 154f3ed2
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:15 +01:00
Daniel Kahn Gillmor
2c3e67430d Fix keystrlen to work when OPT.KEYID_FORMAT is KF_DEFAULT.
* g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset,
default to KF_SHORT.
(format_keyid): Default to KF_SHORT, not KF_0xLONG.

--
Without this fix, gpgv2 fails with:

gpgv: Ohhhh jeeee: ... this is a bug (keyid.c:342:keystrlen)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-01-06 15:05:21 +01:00
Werner Koch
c7389ae90f
gpg: Silence some regression tests.
* g10/test.c (TEST): Print diagnostics only in verbose mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:49:45 +01:00
Werner Koch
85cc7449fb
gpg: Avoid using an uninitialized SALT on premature EOF.
* g10/parse-packet.c (parse_key): Check for premature end of salt.
--

This has no security implications because an arbitrary salt could have
also been inset by an attacker.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:48:44 +01:00
Werner Koch
09accc0e3d
gpg: Silence warnings found by static analyzer.
* g10/keyedit.c (change_passphrase): Remove useless init of ANY.
(keyedit_quick_adduid): Remove useless setting of ERR.
* g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
it has been checked before the loop.
(parse_plaintext): Remove useless init of PKTLEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:45:01 +01:00
Werner Koch
7990586828
gpg: Comment on false positives by static analyzers.
--
2016-01-06 08:42:07 +01:00
Werner Koch
e70f7a54f2
gpg: Align notes about minimal keysize with actual checks.
* g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
export mode.  Improve readability.
--

GnuPG-bug-id: 2209
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-05 13:51:05 +01:00
Neal H. Walfield
575c15a090 gpg: Fix double free.
* g10/getkey.c (get_pubkeys): Fix double free.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7195b943

Note: this error is not a security problem, because this code path is
currently never executed.
2016-01-04 12:46:11 +01:00
Neal H. Walfield
bf694cbc68 Revert commit 4654384fe7.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Werner pointed out that a special error message is not needed: the
error code (as displayed by gpg_strerror) will indicate what went
wrong.
2016-01-04 12:44:14 +01:00
NIIBE Yutaka
5ca57f1a69 g10: Use --force when importing key for bkuptocard.
* g10/call-agent.c (agent_import_key): Add an argument FORCE.
* g10/import.c (transfer_secret_keys): Likewise.
(import_secret_one): Call transfer_secret_keys with FORCE=0.
* g10/keyedit.c (keyedit_menu): Call with FORCE=1.
2015-12-24 14:15:58 +09:00
NIIBE Yutaka
44aee35e69 g10: Remove subcommand checkbkupkey for --key-edit.
* g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.

--

GnuPG-bug-id: 2169

It was introduced by the commit 9e834047 in 2009.  Then, we moved
private key handling to gpg-agent which broke this subcommand.

Note: This subcommand was not supported in 1.4 and 2.0.
2015-12-24 11:48:47 +09:00
NIIBE Yutaka
ee433d2b00 g10: Allow relative path for specifying the file for bkuptocard.
* g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME.
Also support tilda expansion.
2015-12-24 11:48:16 +09:00
NIIBE Yutaka
40959add1b g10: fix regression of bkuptocard subcommand in --edit-key.
* g10/keyedit.c (keyedit_menu): Call transfer_secret_keys.
* g10/import.c (transfer_secret_keys): Make it global function.
Allow stats==NULL.

--

GnuPG-bug-id: 2169
2015-12-24 09:54:23 +09:00
Werner Koch
ae3e5c25ca
dirmngr: Change the Onion keyserver in the conf template.
--

I must have mixed the up during testing.  The old one is just one
keyserver and the new one is the OnionBalance hidden service.  See

  https://sks-keyservers.net/overview-of-pools.php

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 20:06:49 +01:00
Werner Koch
a9cbdcfd9c
gpg: Rename struct pubkey to pukey_s and add pubkey_t.
* g10/keydb.h (struct pubkey): Rename to pubkey_s.
(pubkey_t): New.  Change all struct pubkey_s to use this type.
* g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
--

It is common in GnuPG to use a suffix of _s for struct names.  There
is no technical need for this (actually this pattern comes from pre
ANSI C compilers which had no separate namespaces) but it avoid
surprises when reading the code.

Adding the pubkey_t type is mainly to improve font locking by using
the common suffix _t for a typedefed type.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:46:09 +01:00
Werner Koch
363ed2e892
gpg: Simplify status message code from commit b30c15bf.
* g10/keygen.c (card_write_key_to_backup_file): Simplify by using
hexfingerprint.
--

Note that the extra blank added to FPRBUF in the old code was not
needed because write_status_text_and_buffer already ensures that
there will be a space.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:46:05 +01:00
Werner Koch
04c9cddda9
gpg: Add standard free() semantic to pubkey_free.
* g10/getkey.c (pubkey_free): Check for NULL arg.
--

We don't like surprises ;-)

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:17:50 +01:00
Werner Koch
ef7b7e9160
gpg: Fix use of assert from commit dc417bf0.
* g10/keydb.c (keydb_update_keyblock): De-ref after the assert.  Use
%zu for size_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:16:02 +01:00
Werner Koch
b0c9867fb7
gpg: Do not translate debug output.
* g10/getkey.c (parse_def_secret_key): Do not make strings passed to
log_debug translatable.
--

Debug output is intended to be used along with the source or to be
send to the developers.  Thus translations are at best not helpful.
2015-12-23 15:13:21 +01:00
NIIBE Yutaka
aecf1a3c57 scd: Fix commit b30c15bf (again).
* g10/keygen.c (do_generate_keypair): Clear the variable S.

--

GnuPG-bug-id: 2201
2015-12-23 16:55:00 +09:00
Neal H. Walfield
5c759924fb gpg: Fix type.
* g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:07:51 +01:00
Neal H. Walfield
4654384fe7 gpg: Fix error message.
* g10/getkey.c (parse_def_secret_key): Fix error message.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:57 +01:00
Neal H. Walfield
7195b94345 gpg: Don't check for ambiguous keys.
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here.  Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here.  Update users.  Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc

This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks.  The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic.  Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality.  Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
2015-12-22 15:03:56 +01:00
Neal H. Walfield
dc52995d85 gpg: Lazily evaluate --default-key.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:54 +01:00
Neal H. Walfield
ffe0b7a6dd gpg: Remove unused parameter.
* g10/pkclist.c (build_pk_list): Remove parameter use, which is always
called set to PUBKEY_USAGE_ENC.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:53 +01:00
Neal H. Walfield
4103850c2e gpg: Improve check for ambiguous keys.
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
encryption-only keys when a signing key is needed and vice-versa.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:52 +01:00
Neal H. Walfield
dc417bf0c5 gpg: Fix TOCTTOU when updating keyblocks.
* g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
current offset.  After taking the lock, extract the fingerprint from
the keyblock, find it and then replace it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2193

Between locating the record to update and actually updating the
keyblock, it is possible that another process modifies the keyring,
which causes the update to corrupt the keyring.  This is due to a time
of check to time of use bug.  The fix is straightforward: both
operations must be done while holding the lock.  This changes the
semantics of the function slightly, but no callers need to be
modified.  Further, it now becomes impossible to replace key A with B;
this function will only ever update B.
2015-12-22 15:03:51 +01:00
Neal H. Walfield
7fe4be0416 gpg: Display the key that is invalid, not the search description.
* g10/getkey.c (parse_def_secret_key): Display the key that is
invalid, not the search description.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:48 +01:00
Neal H. Walfield
478ca6c75b gpg: Mark more options as coming from the config file (when this holds)
* g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
taken from the config file, note this.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 28311d1
2015-12-22 15:03:47 +01:00
Neal H. Walfield
ee8a8ec1cf gpg: Use enums instead of defines.
* g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
(PK_LIST_HIDDEN): Likewise.
(PK_LIST_CONFIG): Likewise.
(PK_LIST_SHIFT): Likewise.n

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Using an enum has the advantage that the symbol can be used in gdb.
2015-12-22 15:03:47 +01:00
NIIBE Yutaka
ab9a9bce77 g10: clean up of headers for card.
* g10/main.h (save_unprotected_key_to_card): Remove.
* g10/options.h (ctapi_driver, pcsc_driver, disable_ccid): Remove.
2015-12-21 20:56:29 +09:00
NIIBE Yutaka
06436882c3 g10: Fix commit b30c15bf.
--

Remove the backup file g10/keygen.c.~HEAD~
2015-12-18 10:54:02 +09:00
NIIBE Yutaka
72eaff1aa6 g10: Remove deprecated internal functions.
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.

--

Now, key generation is done by gpg-agent.  Asking passphrase is done
through pinentry invoked by gpg-agent.  It is done by
new internal function of card_store_key_with_backup.
2015-12-18 10:18:22 +09:00
NIIBE Yutaka
b30c15bf7c g10: Fix a regression for generating card key with backup.
* g10/main.h (receive_seckey_from_agent): Declare.
* g10/keygen.c (card_write_key_to_backup_file): New.
(card_store_key_with_backup): New.
(do_generate_keypair): Create a key on host for encryption key when
backup is requested.  Then, call card_store_key_with_backup.

--

GnuPG-bug-id: 2169
2015-12-18 10:02:38 +09:00
NIIBE Yutaka
e644aa7f59 g10: factor out a function for secret key retrieval.
* g10/export.c (receive_seckey_from_agent): New.
(do_export_stream): Use it.

--

Also fixed a memory leak of WRAPPEDKEY on a successful path of
build_packet.

In the log message, key is now by a hexgrip instead of a format by
keystr_with_sub.
2015-12-17 13:06:28 +09:00
Neal H. Walfield
fc010b6c7f gpg: When checking for ambiguous keys, ignore invalid keys.
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
disabled, revoked and expired keys (if appropriate for the provided
option).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2186
2015-12-16 14:43:20 +01:00
Werner Koch
345ec7323d
gpg: Reduce number of strings to translate.
* g10/getkey.c (parse_def_secret_key): Do not make debug messages
translatable.  Make use of print_reported_error.
--

This patch also passes all required arguments to log_debug ;-).

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-15 13:40:10 +01:00
Werner Koch
2ea1aebc92
gpg: New function to printed a detailed error code.
* g10/misc.c (print_reported_error): New.
--

Often the user is only interested in a catch all error code like "not
found" but sometimes it is useful to also see the real reason.  By
this function this can easily be achieved.  Example:

  err = search_for_key (keyid)
  if (err)
    {
      log_info ("error locating key '%s': %s\n",
                keyid, gpg_strerror (GPG_ERR_NOT_FOUND));
      print_reported_error (err, GPG_ERR_NOT_FOUND);
    }

results in

  gpg: error locating key 'foobar': not found
  gpg: (reported error: no keyring <keybox>)

where the second line is only printed in verbose mode and if ERR is
not GPG_ERR_NOT_FOUND.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-15 13:40:10 +01:00
Neal H. Walfield
f369efd671 gpg: Improve the keyblock cache's transparency.
* kbx/keybox-search.c (keybox_seek): New function.
* g10/keydb.c (keydb_search): When reading from the cache, seek to
just after the cached record.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-15 13:09:50 +01:00
Neal H. Walfield
2e4e10c1dc gpg: Improve the keyblock cache's transparency.
* kbx/keybox-search.c (keybox_offset): New function.
* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
HD->KEYBLOCK_CACHE.OFFSET.
(keydb_search): Don't use the cached result if it comes before the
current file position.  When caching an entry, also record the
position at which it was found.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2187
2015-12-15 12:21:30 +01:00
Neal H. Walfield
0ea186db64 gpg: Use more descriptive names.
* g10/keyring.c (KR_NAME): Rename this...
(KR_RESOURCE): ... to this.  Update users.
(struct keyring_name): Rename this...
(struct keyring_resource): ... to this.  Update users.
(struct off_item): Rename this...
(struct key_present): ... to this.  Update users.
(OffsetHashTable): Rename this...
(key_present_hash_t): ... to this.  Update users.
(kr_offtbl): Rename this...
(key_present_hash): ... to this.  Update users.
(kr_offtbl_ready): Rename this...
(key_present_hash_ready): ... to this.  Update users.
(KEY_PRESENT_HASH_BUCKETS): New define.  Replace use of literals
with this.
(new_offset_item): Rename this...
(key_present_value_new): ... to this.  Update users.
(release_offset_items): Drop dead code.
(new_offset_hash_table): Rename this...
(key_present_hash_new): ... to this.  Update users.
(release_offset_hash_table): Drop dead code.
(lookup_offset_hash_table): Rename this...
(key_present_hash_lookup): ... to this.  Update users.
(update_offset_hash_table): Rename this...
(key_present_hash_update): ... to this.  Drop unused parameter off.
Update users.
(update_offset_hash_table_from_kb): Rename this...
(key_present_hash_update_from_kb): ... to this.  Drop unused parameter
off.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-15 10:45:00 +01:00
Damien Goutte-Gattat
f5aa51aaac gpg: Print ownertrust in TOFU+PGP trust model.
* g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
--

The key editor currently prints out the ownertrust value assigned
to a key only when using the classic or PGP trust models; but
that value is also meaningful in the recently introduced TOFU+PGP
combined model.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2015-12-14 13:09:11 +01:00
Neal H. Walfield
e573e6188d gpg: Fix --default-key checks.
* g10/getkey.c (parse_def_secret_key): Don't just check if a secret
key is available for the public key, also consider subkeys.  Also
check that the key has the signing capability, is not revoked, is not
expired and is not disabled.  Print a warning if there was a least one
value passed to --default-key and all were ignored.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e16d7168
2015-12-14 13:02:50 +01:00
Werner Koch
4d3395ef1f
gpg: Use a regular type instead of a void* for import stats.
* g10/import.c (struct stats_s): Rename to import_stats_s.  Change all
users.
* g10/main.h (import_stats_t): New.  Change fucntions to use this
instead of a void pointer.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-12 18:19:35 +01:00
Neal H. Walfield
1605e34fc3 gpg: Fix buffer overflow.
* g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Regression-due-to: 11ec478

Note: this buffer overflow will only occur if --debug=lookup is passed
to gpg and a search by fingerprint is done.
2015-12-11 14:41:34 +01:00
Neal H. Walfield
6dc37c5fb6 gpg: Don't error out if a key occurs multiple times in the keyring.
* g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple
times in the keyring.  Instead, print a warning.  When printing out
fingerprint prints, use format_hexfingerprint to format them.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-11 11:15:37 +01:00
Daiki Ueno
b5cd68852d
gpg: Write ERROR status on delete-key cancellation
* g10/delkey.c (do_delete_key): Write ERROR status code with the error
location "delete_key.secret", when the user cancelled the operation on
Pinentry.
--

I changed the original patch to emit the full gpg_error_t code. -wk
2015-12-04 16:39:10 +01:00
Werner Koch
28311d1fa5
gpg: Do not pre-check keys given on the command line.
* g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
(PK_LIST_SHIFT): New.
* g10/pkclist.c (build_pk_list): Use them here.
* g10/gpg.c (check_user_ids, main): Ditto.

* g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
(check_user_ids): Skip check for command line specified options.
--

If a key has been given on the command line and it has not been
given by one of the encrypt-to options, we now skip the checks.  The
reason is that the actual key selection code does its own checks and
provides proper status message to the caller to detect the wrong keys.
Without this we would break most frontends because they expect for
example STATUS_INV_RECP.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
Werner Koch
59f6192cb7
gpg: Allow "help" as value for --tofu-policy.
* g10/gpg.c (parse_tofu_policy): Add keyword "help".
(parse_tofu_db_format): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 07:36:14 +01:00
Werner Koch
218a52787a
Do not translate messages printed with log_debug.
* common/asshelp.c (start_new_gpg_agent): Do not i18n string.
(start_new_dirmngr): Ditto.
* g10/mainproc.c (proc_encrypted): Ditto.  Print only if debug is
enabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 07:36:14 +01:00
Werner Koch
5e2c5e9ec5
gpg: Add variant of 'key "%s" not found: %s' error message.
* g10/gpg.c (check_user_ids): Change error message.
* g10/delkey.c (do_delete_key): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:25:37 +01:00
Werner Koch
50a568e738
gpg: Make keyidlist more robust in case of errors.
* g10/keyserver.c (keyidlist): Clear *KLIST on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:19:30 +01:00
Werner Koch
a28ac99efe
gpg: Take care of keydb_new returning NULL.
* g10/keydb.c (keydb_new): Print an error message if needed.  Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.

* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.

* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--

Commit 04a6b903 changed keydb_new to return an error.  However the
error was not checked at most places which we fix with this patch.  To
make things easier keydb_new prints an error message itself.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:18:32 +01:00
Werner Koch
9fcc047d92
gpg: Change some error messages.
* g10/getkey.c (parse_def_secret_key): Change error message.  Replace
log_debug by log_info.
* g10/gpg.c (check_user_ids): Make function static.  Change error
messages.
(main): Change error messages.
* g10/revoke.c (gen_revoke): Ditto.
--

There are other smaller changes not described above.

This change tries to avoid new error messages so not to increase the
the number of translated strings or break too many existing
translations.  It also tries to use existing strings and changes the
quoting to the most common style used in gpg.

Key specifications should in general use double quotes.  Other values
should use single quotes.  However. sometimes it is not easy to
distinguish between values given on the command line and key
specifications.  According to old GNU coding standards diagnostics
should not start capitalized - whether this is a good idea is a
different thing but we used this rules for most strings.  However,
strings which are used interactively should be properly capitalized
and end with a dot.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:40:05 +01:00
Neal H. Walfield
cedbd4709e gpg: Use the matching key if the search description is exact.
* g10/gpg.c (check_user_ids): If the search description is for an
exact match (a keyid or fingerprint that ends in '!'), then use the
matching key, not the primary key.
* tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test.
(priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc,
privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc,
privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc,
privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and
privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc.
(sample_keys): Add
samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc.
* tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc:
New file.
* tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc:
New file.
* tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc:
New file.
* tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc:
New file.
* tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc:
New file.
* tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc:
New file.
* tests/openpgp/use-exact-key.test: New file.
* tests/openpgp/version.test: Install the new private keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Reported-by: Kristian Fiskerstrand
  <kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: 10cca02
2015-12-03 00:00:54 +01:00
Neal H. Walfield
28195f8d27 gpg: Improve documentation.
* g10/tofu.c (initdb): Improve documentation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-02 15:21:58 +01:00
Neal H. Walfield
c73d75103c gpg: Fix type mismatch resulting in a buffer overflow.
* g10/tofu.c (record_binding): Change policy_old's type from an enum
tofu_policy to a long: this variable is passed by reference and a long
is expected.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Justus Winter <justus@g10code.com>
Fixes-commit: f77913e
2015-12-02 15:21:57 +01:00
Werner Koch
28e2513721
dirmngr: Switch to an onion address if Tor is running.
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--

This feature is independent of --use-tor and automagically uses Tor if
available.  The dirmngr.conf file needs to specify two keyservers to
make this work.  For new installations this is done using the skeleton
file.  This feature requires the Libassuan 2.4.2 to work.

This patch also fixes a memory leak of opt.keyserver en passant.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 12:27:35 +01:00
Neal H. Walfield
10cca02c4c common,gpg: Fix processing of search descriptions ending in '!'.
* g10/gpg.c (check_user_ids): If the search description describes a
keyid or fingerprint and ends in a '!', include the '!' in the
rewritten description.
* common/userids.c (classify_user_id): Accept keyids and fingerprints
ending in '!'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Kristian Fiskerstrand
  <kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: f99830b7
Fixes-commit: e8c53fca
2015-12-02 12:03:28 +01:00
Werner Koch
686f31c3d5
gpg: Avoid extra translation strings.
* g10/keyedit.c (menu_expire): Use only one prompt.
--

The old code was anyway not fully i18n because it did not used
ngettext.  Further we ran into const char*/char* conflicts on Windows
where we use a different gettext implementation.

FWIW: A better pattern in the case of a static and a malloced string
w/o error return on malloc failure would be:

  const char *s;
  char *s_buf;
  s_buf = xtryasprintf ("%d foo", n);
  if (!s_buf)
    s = "several foo";
  else
    s = s_buf;
  bar (s);
  xfree (s_buf);
2015-11-27 18:32:27 +01:00
Werner Koch
7c856f9914
gpg,w32: Fix a format string error.
* g10/keyring.c (keyring_search): Fix format string for off_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-27 18:32:26 +01:00
Werner Koch
022342e284
Silence unused variable or parameter warnings.
--
2015-11-27 18:32:26 +01:00
Neal H. Walfield
e9c16fee25 gpg: When comparing keyids, use the keyid, not the fingerprint's suffix.
* g10/keyedit.c (menu_select_key): Use spacep and hexdigitp instead of
inline tests.  Don't compare P to the suffix of the fingerprint.  If P
appears to be a keyid, do an exact compare against the keyid.  If it
appears to be a fingerprint, do an exact compare against the
fingerprint.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-24 13:03:24 +01:00
Neal H. Walfield
19362a8dd7 gpg: Reflow long texts.
* common/stringhelp.c (format_text): New function.
* common/t-stringhelp.c (stresc): New function.
(test_format_text): New function.  Test format_text.
* g10/tofu.c (get_trust): Use format_text to reflow long texts.
(show_statistics): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 22:23:38 +01:00
Neal H. Walfield
5b84b0d660 common: Extend utf8_charcount to include the string's length.
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len.  Process at most LEN bytes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 22:23:37 +01:00
Neal H. Walfield
b64b33bb80 gpg: Allow updating the expiration time of multiple subkeys at once.
* g10/keyedit.c (menu_expire): Allow updating the expiration time of
multiple subkeys at once.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1944
2015-11-23 12:16:33 +01:00
Neal H. Walfield
19f099463c gpg: Don't crash if key is not passed an argument.
* g10/keyedit.c (menu_select_key): Don't crash if P is NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 11:21:24 +01:00
Neal H. Walfield
178af9c3f5 gpg: Fail if the search description passed to --gen-revoke is ambiguous.
* g10/revoke.c (gen_revoke): Error out if the search description is
ambiguous.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-20 13:00:19 +01:00
Neal H. Walfield
f8a65ac96b gpg: Refactor print_seckey_info.
* g10/keylist.c (print_seckey_info): Break formatting functionality
into...
(format_seckey_info): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-20 12:52:04 +01:00
Neal H. Walfield
46e128d44a gpg: Improve an error message.
* g10/revoke.c (gen_revoke): Provide a more descriptive error message
if searching for a key fails.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1987
2015-11-20 12:17:13 +01:00
Justus Winter
52f7f195b1 g10: Avoid undefined behavior.
* g10/trust.c (clean_one_uid): Avoid a computation involving an
uninitialized value.
--
Found using the Clang Static Analyzer.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-19 15:48:01 +01:00
Neal H. Walfield
0b86c7463c gpg: Allow selecting subkeys using a keyid.
* g10/keyedit.c (menu_select_key): Take an additional argument, p.
Update callers.  If P is a hex string, then assume that P is a key id
or fingerprint and select subkeys with matching key ids or
fingerprints.
* doc/gpg.texi: Update documentation for the key subcommand.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1423
Debian-bug-id: 610336
2015-11-17 21:23:16 +01:00
Neal H. Walfield
58e4a492e2 gpg: Change keydb_search to not return legacy keys.
* g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
If set, skip any legacy keys.  Update callers.
* g10/keydb.c (keydb_search): Skip any legacy keys.
(keydb_search_first): Don't skip legacy keys.  Treat them
as an error.
(keydb_search_next): Likewise.
(keydb_search_fpr): Likewise.
* g10/export.c (do_export_stream): Likewise.
* g10/getkey.c (lookup): Likewise.
(have_secret_key_with_kid): Likewise.
* g10/keylist.c (list_all): Likewise.
(keyring_rebuild_cache): Likewise.
* g10/keyserver.c (keyidlist): Likewise.
* g10/trustdb.c (validate_key_list): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:05 +01:00
Neal H. Walfield
848726f5c0 gpg: Correctly handle an error.
* g10/keyring.c (keyring_search): If a compare function returns an
error, treat it as an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:04 +01:00
Neal H. Walfield
ad9befab12 gpg: Correctly handle keyblocks followed by legacy keys.
* g10/keyring.c (keyring_get_keyblock): If we encounter a legacy
packet after already having some non-legacy packets, then treat the
legacy packet as a keyblock boundary, not as part of the keyblock.
* g10/t-keydb-get-keyblock.c: New file.
* g10/t-keydb-get-keyblock.gpg: New file.
* g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg.
(module_tests): Add t-keydb-get-keyblock.
(t_keydb_get_keyblock_SOURCES): New variable.
(t_keydb_get_keyblock_LDADD): Likewise.

--
Signed-off-by: Neal H. Walfield
GnuPG-bug-id: 2151
2015-11-17 14:53:03 +01:00
Neal H. Walfield
8f6099ac51 gpg: Add some debugging output.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:02 +01:00
Neal H. Walfield
11ec4785df gpg: Make debugging search descriptors easier.
* g10/keydb.c (dump_search_desc): Rename from this...
(keydb_search_desc_dump): ... to this.  Only process a single search
descriptor.  Improve output.  Don't mark as static.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:01 +01:00
Neal H. Walfield
a052c30d31 gpg: Add function format_keyid.
* g10/options.h (opt.keyid_format): Add new value KF_DEFAULT.
* g10/keyid.c (format_keyid): New function.
(keystr): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:00 +01:00
Neal H. Walfield
eae982ed6d gpg: Use a more appropriate error code.
* g10/gpg.c (check_user_ids): Return a more appropriate error code if
a user id is ambiguous.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:52:59 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Neal H. Walfield
8e2bea22b0 gpg: Fix error checking and improve error reporting.
* g10/gpg.c (check_user_ids): Differentiate between a second result
and an error.  If the key specification is ambiguous or an error
occurs, set RC appropriately.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Werner Koch <wk@gnupg.org>
Suggested-by: NIIBE Yutaka <gniibe@fsij.org>
2015-11-16 10:34:01 +01:00
Werner Koch
3689c2105a
gpg: Use only one fingerprint formatting function.
* g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New.
* g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN.
Change all callers.
(format_hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Change to use hexfingerprint.
* g10/tofu.c (fingerprint_format): Remove.  Replace calls by
format_hexfingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-14 09:13:02 +01:00
Werner Koch
e7d7160ab7
gpg: Simplify the tofu interface by using the public key packet.
* g10/tofu.c (fingerprint_str): Remove.
(tofu_register): Take a public key instead of a fingerprint as arg.
Use hexfingerprint() to get a fpr from the PK.
(tofu_get_validity): Ditto.
(tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
* g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
instead of the fingerprint to the tofu functions.
--

This change has the advantage that we are not bound to a specific
fingerprint length and will thus helps us to implement rfc4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-13 16:42:59 +01:00
Werner Koch
7de8376430
gpg: Make trusted-key override for Tofu robust against swapped tofu.db.
* g10/tofu.c (get_trust): For the UTK check lookup the key by
fingerprint.
--

Extracting the keyid form the fingerprint is not a good idea because
that only works for v4 keys.  It is also better to first read the key
and then extract the keyid from the actual available key.

The entire trusted-key stuff should be reworked to make use of
fingerprints.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-13 16:09:30 +01:00
Werner Koch
7e59fb21f7
gpg: Fix regression in --locate-keys (in 2.1.9).
* g10/getkey.c (getkey_ctx_s): Add field "extra_list".
(get_pubkey_byname): Store strings in the context.
(getkey_end): Free EXTRA_LIST.
--

This fixes a use-after-free bug.  It showed up with:

  gpg --auto-key-locate local --locate-key wk@gnupg.org

The key was shown but also all other following keys in the keyring.
Bisecting showed d47e84946e as culprit
but the actual cause was a part of:

Regression-due-to: b06f96ba4f
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-13 12:57:54 +01:00
Werner Koch
2038adf16d
gpg: Print a new EXPORTED status line.
* common/status.h (STATUS_EXPORTED): New.
* g10/export.c (print_status_exported): New.
(do_export_stream): Call that function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 17:02:18 +01:00
Werner Koch
e3c48335f9
gpg: Print export statistics to the status-fd.
* common/status.h (STATUS_EXPORT_RES): New.
* g10/main.h (export_stats_t): New.
* g10/export.c (export_stats_s): New.
(export_new_stats, export_release_stats): New.
(export_print_stats): New.
(export_pubkeys, export_seckeys, export_secsubkeys)
(export_pubkey_buffer, do_export): Add arg "stats".
(do_export_stream): Add arg stats and update it.
* g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create,
pass, and print a stats object to the export function calls.

* g10/export.c (export_pubkeys_stream): Remove unused function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-12 16:44:00 +01:00
Neal H. Walfield
7546e81879 gpg: Fix cache consistency problem.
g10/keyring.c (keyring_search): Only mark the cache as completely
filled if we start the scan from the beginning of the keyring.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: NIIBE Yutaka <gniibe@fsij.org>

A new feature (e8c53fc) turned up a bug whereby checking if a search
term matches multiple keys in the keyring causes the cache to be
inconsistent.

When we look for a key on the keyring, we iterate over each of the
keyblocks starting with the keyblock following the last result.  For
each keyblock, we iterate over the public key and any subkeys.  As we
iterate over each key, we first insert it into the cache and then
check if the key matches.  If so, we are done.

In pseudo code:

  for (i = last_result + 1; i < num_records; i ++)
    keyblock = get_keyblock (i)
    for (j = 1; j < len(keyblock); j ++)
      key = keyblock[j]
      update_cache (key)
      if (compare (key, search_terms))
        return ok
  cache_filled = true
  return ENOFOUND

When we look for the next match, we start with the following keyblock.
The result is that any subkeys following the key that matched are not
added to the cache (in other words, when a keyblock matches, the inner
loop did not necessarily complete and the subsequent search doesn't
resume it).

This patch includes a straightforward fix: only indicate the cache as
complete if we started the scan from the beginning of the keyring and
really didn't find anything.
2015-11-11 18:32:16 +01:00
Neal H. Walfield
67c701d1e5 gpg: Default to the the PGP trust model.
* g10/trustdb.c (init_trustdb): If we can't read the trust model from
the trust DB, default to TM_PGP, not TM_TOFU_PGP.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-10 08:05:17 +01:00
Neal H. Walfield
951f277b6b gpg: Default to the flat TOFU DB format.
* g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there
is no TOFU DB, default to the flat format.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-10 08:03:57 +01:00
NIIBE Yutaka
bce0e3f71d scd: Add reder information to --card-status.
* g10/call-agent.h, g10/call-agent.c (agent_release_card_info)
g10/card-util.c (card_status): Add READER.
* scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME.
(apdu_get_reader_name): New.
* scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P.
* scd/command.c (cmd_learn): Return READER information.
2015-11-09 16:15:44 +09:00
Werner Koch
2242658efe
gpg: Avoid new strings.
* g10/decrypt-data.c (decrypt_data): Use already translated strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-06 13:29:01 +01:00
Neal H. Walfield
28e198201e gpg: Fix formatting string.
* g10/decrypt-data.c (decrypt_data): Fix formatting string.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-06 13:16:38 +01:00
Neal H. Walfield
a74aeb5dae gpg: Add new option --only-sign-text-ids.
* g10/options.h (opt): Add field only_sign_text_ids.
* g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
(opts): Handle oOnlySignTextIDs.
(main): Likewise.
* g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
select non-text based IDs automatically.
(keyedit_menu): Adapt the prompt asking to sign all user ids according
to OPT.ONLY_SIGN_TEXT_IDS.
* doc/gpg.texi: Document the new option --only-sign-text-ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1241
Debian-bug-id: 569702
2015-11-06 13:16:37 +01:00
Neal H. Walfield
e8c53fca95 gpg: Check for ambiguous or non-matching key specs.
* g10/gpg.c (check_user_ids): New function.
(main): Check that any user id specifications passed to --local-user
and --remote-user correspond to exactly 1 user.  Check that any user
id specifications passed to --default-key correspond to at most 1
user.  Warn if any user id specifications passed to --local-user or
--default-user are possible ambiguous (are not specified by long keyid
or fingerprint).
* g10/getkey.c (parse_def_secret_key): Don't warn about possible
ambiguous key descriptions here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1128
Debian-debug-id: 544490
2015-11-06 12:04:35 +01:00
Neal H. Walfield
a958ffd148 gpg: Indicate which characters are invalid.
* g10/keygen.c (ask_user_id): Indicate which characters are invalid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1143
2015-11-05 14:31:58 +01:00
Neal H. Walfield
ec409e62ae gpg: Add support for unwrapping the outer level of encryption.
* g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set,
copy the data to the output file instead of continuing to process it.
* g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap.
(opts): Handle oUnwrap.
(main): Likewise.
* g10/options.h (opt): Add field unwrap_encryption.
* g10/plaintext.c (handle_plaintext): Break the output file selection
functionality into ...
(get_output_file): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1060
Debian-bug-id: 282061
2015-11-05 14:16:33 +01:00
Neal H. Walfield
6897bbf1aa gpg: Print a better error message for --multifile --sign --encrypt.
* g10/gpg.c (main): Print a better error message for --multifile
--sign --encrypt.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1009
2015-11-04 13:27:49 +01:00
Neal H. Walfield
de9b234015 gpg: Add --encrypt-to-default-key.
* g10/getkey.c (parse_def_secret_key): Drop the static qualifier and
export the function.
* g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey.
(opts): Handle oEncryptToDefaultKey.
(main): Likewise.
* g10/options.h (opt): Add field encrypt_to_default_key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 807
2015-11-04 13:19:54 +01:00
Neal H. Walfield
e16d7168c5 gpg: Allow multiple --default-key options. Take the last available key.
* g10/getkey.c (parse_def_secret_key): New function.
(get_seckey_default): Add parameter ctrl.  Update callers.  Use
parse_def_secret_key to get the default secret key, if any.
(getkey_byname): Likewise.
(enum_secret_keys): Likewise.
* g10/options.h (opt): Change def_secret_key's type from a char * to a
strlist_t.
* g10/gpg.c (main): When processing --default-key, add the key to
OPT.DEF_SECRET_KEY.
* g10/gpgv.c (get_session_key): Add parameter ctrl.  Update callers.
* g10/mainproc.c (proc_pubkey_enc): Likewise.
(do_proc_packets): Likewise.
* g10/pkclist.c (default_recipient): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sign.c (clearsign_file): Likewise.
(sign_symencrypt_file): Likewise.
* g10/skclist.c (build_sk_list): Likewise.
* g10/test-stubs.c (get_session_key): Likewise.

--
Signed-off-by: Neal H. Walield <neal@g10code.com>
GnuPG-bug-id: 806
2015-11-04 13:19:52 +01:00
Werner Koch
44ad9f29d4
gpg: Change out of core error message.
* g10/tofu.c (fingerprint_str): Die with the error code returned by
the failed function.
(time_ago_str): Ditto.  Do not make a comma translatable.
(fingerprint_format): Use "%zu" for a size_t.
--

Also wrapped some long strings.

In general we should not use log_fatal or use xmalloc functions but
properly return an error code and use xtrymalloc like functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-03 23:20:46 +01:00
Werner Koch
62b8cd5495
gpg: Make translation easier.
* g10/import.c (import_secret_one): Split info string for easier
translation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-03 20:44:14 +01:00
Neal H. Walfield
621afac37e gpg: Also show when the most recently signed message was observed.
* g10/tofu.c (show_statistics): Also show when the most recently
signed message was observed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Suggested-by: MFPA <2014-667rhzu3dc-lists-groups@riseup.net>
2015-11-03 16:33:01 +01:00
Neal H. Walfield
3632611229 gpg: Split a utility function out of a large function.
* g10/tofu.c (show_statistics): Break the time delta to string code
into...
(time_ago_str): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-03 16:33:00 +01:00
Neal H. Walfield
c8ef9f9a64 gpg: Fix message formatting.
* g10/tofu.c (get_trust): Fix message formatting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-03 16:33:00 +01:00
Neal H. Walfield
8ae3946d28 gpg: Don't store formatting fingerprints in the TOFU DB.
* g10/tofu.c (fingerprint_pp): Split this function into...
(fingerprint_str): ... this function...
(fingerprint_format): ... and this function.
(record_binding): Store the unformatted fingerprint in the DB.  Only
use the formatting fingerprint when displaying a message to the user.
(get_trust): Likewise.
(show_statistics): Likewise.
(tofu_register): Likewise.
(tofu_get_validity): Likewise.
(tofu_set_policy): Likewise.
(tofu_get_policy): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-03 16:32:59 +01:00
NIIBE Yutaka
06f3eadb22 g10: notify a user when importing stub is skipped.
* g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED
when stub_key_skipped.
(import_secret_one): Notify a user, suggesting --card-status.

--

Migration to 2.1 might be confusing with smartcard.  With this patch,
a user can learn to run gpg ---card-status.

Thanks to intrigeri for the report.

Debian-bug-id: 795881
2015-11-02 14:33:38 +09:00
Neal H. Walfield
18cd09246f gpg: Consider newlines to be whitespace in an SQL statement.
* g10/sqlite.c (sqlite3_stepx): When making sure that there is no
second SQL statement, ignore newlines.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-31 01:50:51 +01:00
Werner Koch
5aadb4b62d
common: Add separate header for zb32.c.
* common/util.h (zb32_encode): Move prototype to ...
* common/zb32.h: new.  Include this for all callers of zb32_encode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-30 12:33:40 +01:00
Neal H. Walfield
641df615da gpg: Display the correct error message.
* g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
RC does not contain the error code.  Save the error code in rc2 and
use that.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:42 +01:00
Neal H. Walfield
d68bdc553a gpg: Eliminate a memory leak.
* g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
failure.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:41 +01:00
Neal H. Walfield
ef052591ba gpg: Remove unused prototype.
g10/keyring.h (keyring_locate_writable): Remove unused prototype.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:41 +01:00
Neal H. Walfield
89eee5f6b7 gpg: Eliminate a memory leak.
* g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:40 +01:00
Neal H. Walfield
99c84b49b7 gpg: Fix keyring support.
* g10/keydb.c (keydb_rebuild_caches): Only mark the cached as prepared
if it is actually prepared, which it only is if the resource is a
keybox.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:39 +01:00
Neal H. Walfield
421827424f gpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.
* g10/sqlite.h (enum sqlite_arg_type): Add SQLITE_ARG_BLOB.
(sqlite3_stepx_callback): New declaration.
(sqlite3_stepx): Change the callback's type to sqlite3_stepx_callback,
which passes an additional parameter, the sqlite3_stmt *.  Update
users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:39 +01:00
Neal H. Walfield
351f4213e1 gpg: Move sqlite helper functions into their own file.
* g10/tofu.c (sqlite3_exec_printf): Move from here...
* g10/sqlite.c (sqlite3_exec_printf): ... to this new file.  Don't
mark as static.
* g10/tofu.c (sqlite3_stepx): Move from here...
* g10/sqlite.c (sqlite3_stepx): ... to this new file.  Don't
mark as static.
* g10/tofu.c (enum sqlite_arg_type): Move from here...
* g10/sqlite.h (enum sqlite_arg_type): ... to this new file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:38 +01:00
Werner Koch
a6c2c09843
gpg: Do not call an extra get_validity if no-show-uid-validity is used.
* g10/mainproc.c (check_sig_and_print): Do not call the informational
get_validity if we are not going to use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 20:36:16 +01:00
Daniel Kahn Gillmor
91015d021b
gpg: Ensure all weak digest rejection notices are shown
* g10/main.h: Add rejection_shown flag to each weakhash struct
* g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
treat MD5 separately; (print_digest_rejected_note): Use
weakhash.rejection_shown instead of static shown.
* g10/options.h (opt): Change from additional_weak_digests to
weak_digests.
* g10/sig-check.c: Do not treat MD5 separately.
* g10/gpg.c (main): Explicitly set MD5 as weak.
* g10/gpgv.c (main): Explicitly set MD5 as weak.

--

Previously, only one weak digest rejection message was shown, of
whichever was the first type encountered.  This meant that if "gpg
--weak-digest SHA224" encountered both an MD5 digest and a SHA224
digest, it would only show the user that the MD5 digest was rejected.

In order to let the user know which algorithms were rejected, we
needed to move the "shown" flag into a per-weak-algorithm location.
Given this additional complication, it made no sense to continue to
treat MD5 specially, so it is added as a default weak algorithm in the
same opt.weak_digests data structure as any other.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-26 16:56:56 +01:00
Werner Koch
0d37a40fc3
w32: Make it build again if Tofu support is not available.
* g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-26 16:38:41 +01:00
Werner Koch
68100b4a0b
dirmngr: Add example Tor hidden service.
--
2015-10-26 16:34:19 +01:00
Neal H. Walfield
c18fb0d99b gpg: Make sure we only have a single SQL statement.
* g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
statement.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-26 13:41:59 +01:00
Neal H. Walfield
5b0ed7674d gpg: When the TOFU DB is in batch mode, periodically drop the locks.
* g10/tofu.c: Include <sched.h>.
(batch_update_started): New variable.
(begin_transaction): If we've been in batch mode for a while, then
commit any extant batch transactions.
(tofu_begin_batch_update): If we are not in batch mode, initialize
batch_update_started.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-26 13:41:59 +01:00
Neal H. Walfield
7f65e84ac0 gpg: Provide an interface to patch TOFU updates.
* g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch.
Rename end_transaction to savepoint_batch_commit.  Update users.
Remove field rollback.  Add fields savepoint_inner and
savepoint_inner_commit.  Add field batch_update.
(dump_cache): New function.
(batch_update): New variable.
(begin_transaction). New function.
(end_transaction): New function.
(rollback_transaction): New function.
(tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.
(closedb): End any pending batch transaction.
(closedbs): Assert that none of the DBs have a started batch
transaction if we not in batch mode.
(record_binding): Use the begin_transaction, end_transaction and
rollback_transaction functions instead of including the SQL inline.
Also start a batch mode transaction if we are using the flat format.
(tofu_register): Use the begin_transaction, end_transaction and
rollback_transaction functions instead of including the SQL inline.
* g10/gpgv.c (tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.
* g10/test-stubs.c (tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-23 17:38:17 +02:00
Neal H. Walfield
297cf8660c gpg: Cache prepared SQL queries and open DB connections.
* g10/tofu.c: Include <stdarg.h>.
(prepares_saved) [DEBUG_TOFU_CACHE]: New variable.
(queries) [DEBUG_TOFU_CACHE]: New variable.
(struct db): Add fields prevp, begin_transaction, end_transaction,
rollback, record_binding_get_old_policy, record_binding_update,
record_binding_update2, get_policy_select_policy_and_conflict,
get_trust_bindings_with_this_email, get_trust_gather_other_user_ids,
get_trust_gather_other_keys, register_already_seen, and
register_insert.
[DEBUG_TOFU_CACHE]: Add field hits.
(STRINGIFY): New macro.
(STRINGIFY2): New macro.
(enum sqlite_arg_type): New enum.
(sqlite3_stepx): New function.
(combined_db): Remove variable.
(opendb): Don't cache the combined db.
(struct dbs): New struct.  Update users to use this as the head of the
local DB list rather than overloading struct db.
(unlink_db): New function.
(link_db): New function.
(db_cache): New variable.
(db_cache_count): New variable.
(DB_CACHE_ENTRIES): Define.
(getdb): If the dbs specific cache doesn't include the DB, look at
DB_CACHE.  Only if that also doesn't include the DB open the
corresponding DB.
(closedb): New function.
(opendbs): Don't open the combined DB.  Just return an initialized
struct dbs.
(closedbs): Don't close the dbs specific dbs.  Attach them to the
front of DB_CACHE.  If DB_CACHE contains more than DB_CACHE_ENTRIES,
close enough dbs from the end of the DB_CACHE list such that DB_CACHE
only contains DB_CACHE_ENTRIES.  Don't directly close the dbs, instead
use the new closedb function.
[DEBUG_TOFU_CACHE]: Print out some statistics.
(record_binding): Use sqlite3_stepx instead of sqlite3_exec or
sqlite3_exec_printf.
(get_policy): Likewise.
(get_trust): Likewise.
(tofu_register): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-23 17:38:16 +02:00
Neal H. Walfield
cd879d4bd6 gpg: Return the DBs meta-handle rather than the sqlite3 handle.
* g10/tofu.c (getdb): Return a struct db * instead of an sqlite *.
Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-23 17:38:15 +02:00
Neal H. Walfield
3c4c89cc35 gpg: Use the proper type.
* g10/options.h: Include "tofu.h".
(opt.tofu_default_policy): Change type to enum tofu_policy.
* g10/gpgv.c (enum tofu_policy): Don't redeclare.
* g10/test-stubs.c (enum tofu_policy): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-23 17:38:15 +02:00
Werner Koch
41bb01ae79
Move SRV RR code from common/ to dirmngr/.
* common/srv.c: Merge into dirmngr/dns-stuff.c.  Delete file.
* common/srv.h: Merge into dirmngr/dns-stuff.h.  Delete file.
* common/Makefile.am (common_sources): Remove srv.c and srv.h.
* g10/keyserver.c: Do not include srv.h.  The code using it is anyway
disabled.
* dirmngr/http.c: Remove header srv.h and stubs.
* dirmngr/t-dns-stuff.c: Add option --srv.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-22 09:22:41 +02:00
Werner Koch
03e230f0ea
gpg: Add a new OpenPGP card vendor.
--
2015-10-21 18:23:25 +02:00
Werner Koch
9ffcb77e25
Change capitalization of TOR to Tor.
--
2015-10-21 18:14:24 +02:00
Neal H. Walfield
9afeb4cca1 gpg: If the saved trust model is unknown, default to tofu+pgp.
* g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
default to tofu+pgp instead of pgp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:50 +02:00
Neal H. Walfield
8c3b7915d6 gpg: Don't accidentally free UTK_LIST.
* g10/trustdb.c (validate_keys): Don't free UTK_LIST.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:49 +02:00
Neal H. Walfield
cbaca254ac gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
* g10/trustdb.c (validate_one_keyblock): When checking trust regular
expressions, treat the tofu+pgp trust model the same as the pgp trust
model.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:49 +02:00
Neal H. Walfield
df57390d68 gpg: If a key is ultimate trusted, return that in the tofu model.
* g10/tofu.c (get_trust): If the policy is auto or none, check if the
key is ultimately trusted.  If so, return that.
(tofu_register): If the key is ultimately trusted, don't show any
statistics.
(tofu_get_validity): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Andre Heinecke <aheinecke@intevation.de>
2015-10-21 13:45:48 +02:00
Neal H. Walfield
d05ff81732 gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
possibly saved trust models.  Also register the ultimately trusted
keys if the trust model is tofu or tofu+pgp.
(check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
(update_trustdb): Likewise.
(tdb_check_trustdb_stale): Likewise.
(validate_keys): If the trust model is TOFU, just write out the
ultimately trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:48 +02:00
Neal H. Walfield
243f90afba gpg: Factor out code into a standalone function.
* g10/trustdb.c (tdb_keyid_is_utk): New function.
(add_utk): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:47 +02:00
Neal H. Walfield
85bd7d9491 gpg: Make the tofu DB check and initialization atomic.
* g10/tofu.c (initdb): Make the version check and the database
initialization atomic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Co-authored-by: Andre Heinecke <aheinecke@intevation.de>
2015-10-21 13:45:45 +02:00
Werner Koch
734c61dc9d
build: Allow building without SQLlite support.
* configure.ac: Add option --dsiable-tofu and --disable-sqlite.
(NEED_SQLITE_VERSION): New var.
(USE_TOFU): New ac_define and am_conditional.
* autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
pkg-config find the correct .pc file.

* g10/Makefile.am (tofu_source): New.  Build only if enabled.
* g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
(parse_tofu_policy)[!USE_TOFU]: Disable all.
(parse_tofu_db_format)[!USE_TOFU]: Disable all.
(main) <aTOFUPolicy>[!USE_TOFU]: Skip.
* g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
call tofu functions.
* g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
* g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
processing.
--

This allows to build a minimal version of GnuPG.  It is also currently
required to build for Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-20 17:32:23 +02:00
Neal H. Walfield
26d457c218 gpg: Don't die immediately if the TOFU DB is locked.
* g10/tofu.c (opendb): Don't die immediately if the DB is locked.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 15:12:23 +02:00
Neal H. Walfield
bc9ff6c85e gpg: Improve output.
* g10/tofu.c (get_trust): Also show the binding when indicating a
conflict occurred.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 14:53:29 +02:00
Neal H. Walfield
251c070f91 gpg: Synchronize translation template.
* g10/tofu.c (show_statistics): Synchronize translation template.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 14:52:39 +02:00
Neal H. Walfield
d3eca51774 gpg: When showing conflicts, also show bindings with no recorded sigs.
* g10/tofu.c (signature_stats_collect_cb): If the time_ago column is
NULL, then both time_ago and count should be 0.
(get_trust): Reverse the direction of the join so that we also get
statistics about bindings without any signatures.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 14:50:21 +02:00
Neal H. Walfield
445f94bc81 gpg: Improve text.
* g10/tofu.c (show_statistics): Improve text.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Suggested-by: Malte <malte@wk3.org>
2015-10-20 13:42:20 +02:00
Neal H. Walfield
4957e32367 gpg: Use the right variable to display the information.
* g10/tofu.c (get_trust): Use the right variable to display the
conflicting key.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Reported-by: Andre Heinecke <aheinecke@intevation.de>
2015-10-20 13:40:37 +02:00
Neal H. Walfield
eb8a0b051f gpg: Make failing to create a directory a soft error.
* g10/tofu.c (getdb): Don't exit if we can't create the directory.
Just return an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 13:15:19 +02:00
Neal H. Walfield
d1a0b520b1 gpg: Remove unused prototype digest_algo_from_sig.
* g10/packet.h (digest_algo_from_sig): Remove prototype without a
corresponding implementation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 10:21:40 +02:00
Neal H. Walfield
c37621166e gpg: Fix --desig-revoke.
* g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl.
Check that the secret key is available.  If not, display an error
message.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 8459bcf9
2015-10-19 20:11:03 +02:00
Neal H. Walfield
a608ee750d gpg: Improve function documentation and some comments.
* g10/main.h: Improve function documentation.
* g10/packet.h.h: Improve function documentation.
* g10/sig-check.c: Improve function documentation and some comments.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 20:11:02 +02:00
Neal H. Walfield
0433e66702 gpg: Improve and regularize naming of signature checking functions.
* g10/packet.h (signature_check): Rename from this...
(check_signature): ... to this.  Update users.
(signature_check2): Rename from this...
(check_signature2): ... to this.  Update users.
* g10/sig-check.c (do_check): Rename from this...
(check_signature_end): ... to this.  Update users.
(do_check_messages): Rename from this...
(check_signature_metadata_validity): ... to this.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 20:11:01 +02:00
Neal H. Walfield
547a1b3fb8 gpg: Mark local function as static.
* g10/tdbio.c (put_record_into_cache): Mark as static.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 20:11:00 +02:00
Daniel Kahn Gillmor
b98939812a
gpg: Print warning when rejecting weak digests
* g10/misc.c (print_md5_rejected_note): Rename to ..
(print_digest_rejected_note): this.  Parameterize function to take an
enum gcry_md_algos.
* g10/sig-check.c: Use print_digest_rejected_note() when rejecting
signatures.

--

76afaed65e allowed extra --weak-digests,
but removed the one call to print_md5_rejected_note().  This replaces
and generalizes that warning.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-19 17:33:07 +02:00
Daniel Kahn Gillmor
76afaed65e
gpg: Add option --weak-digest to gpg and gpgv.
* g10/options.h: Add additional_weak_digests linked list to opts.
* g10/main.h: Declare weakhash linked list struct and
additional_weak_digest() function to insert newly-declared weak
digests into opts.
* g10/misc.c: (additional_weak_digest): New function.
(print_digest_algo_note): Check for deprecated digests; use proper
gcry_md_algos type.
* g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
* g10/gpg.c: Add --weak-digest option to gpg.
* doc/gpg.texi: Document gpg --weak-digest option.
* g10/gpgv.c: Add --weak-digest option to gpgv.
* doc/gpgv.texi: Document gpgv --weak-digest option.

--
gpg and gpgv treat signatures made over MD5 as unreliable, unless the
user supplies --allow-weak-digests to gpg.  Signatures over any other
digest are considered acceptable.

Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC
4880, the collision-resistance of SHA-1 is weaker than anyone would
like it to be.

Some operators of high-value targets that depend on OpenPGP signatures
may wish to require their signers to use a stronger digest algorithm
than SHA1, even if the OpenPGP ecosystem at large cannot deprecate
SHA1 entirely today.

This changeset adds a new "--weak-digest DIGEST" option for both gpg
and gpgv, which makes it straightforward for anyone to treat any
signature or certification made over the specified digest as
unreliable.

This option can be supplied multiple times if the operator wishes to
deprecate multiple digest algorithms, and will be ignored completely
if the operator supplies --allow-weak-digests (as before).

MD5 is still always considered weak, regardless of any further
--weak-digest options supplied.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Capitialized some comments, shorted a line in do_check, and changed
subject to name the option.  -wk
2015-10-19 14:24:27 +02:00
Neal H. Walfield
253afa2444 gpg: Fix formatting.
* g10/tofu.c (get_trust): Fix formatting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 10:36:21 +02:00
Neal H. Walfield
e56a116f9a gpg: Don't forget to free some memory.
* g10/tofu.c (tofu_register): Free SIG_DIGEST before returning.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 10:35:38 +02:00
Neal H. Walfield
55d8845465 gpg: If a conflict occurs in batch mode, record that.
* g10/tofu.c (get_trust): If a conflict occurs when MAY_ASK is false,
set conflict to the key.  When prompting the user, don't show the
conflicting key if the conflicting key is the current key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 10:34:15 +02:00
Werner Koch
c2c4007148
gpg: Silence two more warnings.
* g10/trustdb.c (tdb_get_validity_core): Silence a warning.
* g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top
so that it is not uninitialized in case of an early error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-18 20:17:24 +02:00
Werner Koch
558bcd43ae
gpg: Fix harmless compiler warnings.
* g10/tofu.h (_tofu_GET_POLICY_ERROR): New.  This avoids warnings
about undefined enum values in a switch.
* g10/trustdb.h (_tofu_GET_TRUST_ERROR): New.
* g10/tofu.c (TIME_AGO_FUTURE_IGNORE): Move to the top.
(opendbs): Avoid compiler warning (use braces).
(GET_POLICY_ERROR): Replace define by enum _tofu_GET_POLICY_ERROR.
(get_policy): Remove assert.
(GET_TRUST_ERROR): Replace by _tofu_GET_TRUST_ERROR macro.
(show_statistics): Undef MIN_SECS et al. after use.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-18 20:08:38 +02:00
Neal H. Walfield
128a456e77 g10: Fix assert.
* g10/tofu.c (get_trust): Fix assert.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 19:08:18 +02:00
Neal H. Walfield
f77913e0ff g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask.  Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask.  Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask.  Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask.  If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level.  Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:45:40 +02:00
Werner Koch
4584125802
gpg: Try hard to use MDC also for sign+symenc.
* g10/encrypt.c (use_mdc): Make it a global func.
* g10/sign.c (sign_symencrypt_file): Use that function to decide
whether to use an MDC.
* tests/openpgp/conventional-mdc.test: Add a simple test case.
--

We used --force-mdc in sign+symenc mode (-cs) only with --force-mdc.
That broke our assumption from commit 625e292 (GnuPG 2.1.9) that all
uses of modern ciphers are using MDC.

Reported-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-12 09:31:44 +02:00
Werner Koch
d7b8e76f99
gpg: Add option --print-dane-records.
* g10/options.h (opt): Add field "print_dane_records".
* g10/gpg.c (oPrintDANERecords): new.
(opts): Add --print-dane-records.
(main): Set that option.
* g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
(do_export_stream): Add EXPORT_DANE_FORMAT handling.
* g10/keylist.c (list_keyblock_pka): Implement DANE record printing.

* g10/gpgv.c (export_pubkey_buffer): New stub.
* g10/test-stubs.c (export_pubkey_buffer): New stub.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 15:40:53 +02:00
Werner Koch
a2600e42f9
Fix two unused/possible-uninitialized var warnings.
--
2015-10-08 14:58:26 +02:00
Werner Koch
b6d621583f
gpg: Pass CTRL parameter to all key listing functions.
* g10/keylist.c (public_key_list): Add arg CTRL.
(secret_key_list): Ditto.
(list_all, list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_pka): Ditto.
(list_keyblock): Ditto.
(list_keyblock_direct): Ditto.
* g10/keygen.c (proc_parameter_file): Add arg CTRL.
(read_parameter_file): Ditto.
(quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
(generate_keypair): Pass arg CTRL.
* g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
--

This will help use to implement the --server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-08 14:55:07 +02:00
Werner Koch
a400958323
gpg: Remove unfinished experimental code to export as S-expressions.
* g10/options.h (EXPORT_SEXP_FORMAT): Remove.
(EXPORT_DANE_FORMAT): New.
* g10/export.c (parse_export_options): Remove "export-sexp-format".
(export_seckeys): Adjust for removed option.
(export_secsubkeys): Ditto.
(do_export): Prepare for DANE format.
(build_sexp, build_sexp_seckey): Remove.
(do_export_stream): Remove use of removed functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-07 16:55:15 +02:00
Werner Koch
9ac31f91b1
gpg: Add new --auto-key-locate mechanism "dane".
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
* g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
* g10/options.h (AKL_DANE): New.
* g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
(parse_auto_key_locate): Ditto.
--

To test this use

  gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 20:31:43 +02:00
Werner Koch
9db6547a00
dirmngr: Do tilde expansion for --hkp-cacert.
* dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
check for cert file existance in option --hkp-cacert.
--

GnuPG-bug-id: 2120
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 13:10:26 +02:00
Werner Koch
625e292108
gpg: Fail decryption for AES etc message w/o MDC.
* g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC.
--

This change turns the missing MDC warning into an error if the message
has been encrypted using a cipher with a non-64 bit block length cipher
and it is not Twofish.

We can assume that such messages are created by code which should have
been able to create MDC packets.  AES was introduced with 1.0.3 on
2000-09-18 shortly after MDC (1.0.2 on 2000-07-12).  We need to
exclude Twofish because that might have been used before MDC.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-06 09:44:15 +02:00
Werner Koch
f3959f14b6
gpg: Install a dirmngr.conf file.
* g10/dirmngr-conf.skel: New.
* g10/Makefile.am (EXTRA_DIST): Add file.
(install-data-local, uninstall-local): Install that file.
* g10/openfile.c (copy_options_file): Add arg "name", return a value,
simplify with xstrconcat, and factor warning message out to:
(try_make_homedir): here.  Also install dirmngr.conf.
* g10/options.skel: Remove --keyserver entry.
--

The option --keyserver in gpg has been deprecated in favor of
--keyserver in dirmngr.conf.  Thus we need to install a skeleton file
for dirmngr to set a default keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 19:48:47 +02:00
Werner Koch
ae471fa978
gpg: Deprecate the --keyserver option.
* g10/keyserver.c (keyserver_refresh): Change return type to
gpg_error_t.  Use gpg_dirmngr_ks_list to print the name of the
keyserver to use.
(keyserver_search): Do not print the "no keyserver" error
message.  The same error is anyway returned from dirmngr.
* g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
(ks_status_cb): Handle other status keywords.
(gpg_dirmngr_ks_list): New.
* tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
(gc_options_dirmngr): Add "Keyserver" group and "keyserver".
--

Along with the corresponding dirmngr change this option allows to
configure the keyserver only in dirmngr.conf.  Existing
configurations will continue to work.  However, GUIs using gpgconf
now the keyserver option under the dirmngr (aka Key Acquirer) tab
unless they are in export mode in which the keyserver option is also
show for gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-05 17:52:28 +02:00
Werner Koch
2acceba5cc
gpg: Fix a practical hang after use of --faked-system-time.
* g10/sign.c (update_keysig_packet): Bail out if we would need to long
for a new timestamp.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-01 17:59:22 +02:00
Werner Koch
2c60663a72
gpg: Print more info with "check selfsig".
* g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
packets.
2015-10-01 17:57:39 +02:00
Werner Koch
13a3f65968
gpg: Add debug helper to --edit-keys's check sub-command.
* g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
print an asterisk for the chosen selfsig.
(check_all_keysigs): Add arg "only_selfsig"
(keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
--

Using "check selfsig" prints only the self-signatures and indicates
the chosen selfsig with an asterisk.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-01 16:24:59 +02:00
Neal H. Walfield
8ab63e4b50 g10: Remove unused struct cmp_help_context_s.
* g10/sig-check.c (struct cmp_help_context_s) Remove unused struct.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-29 11:32:40 +02:00
Neal H. Walfield
12443eafa6 g10: Avoid an unnecessary copy.
* g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
Instead, directly use the provided storage.  If none is provided
allocate some.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-29 11:32:39 +02:00
NIIBE Yutaka
cfbe6ba9cf agent: RSA signature verification by gpg-agent.
* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.

--

RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary.  Newer libgcrypt does so.  For older libgcrypt and
smartcards, gpg-agent does signature verification.
2015-09-29 09:49:44 +09:00
Werner Koch
d5a3142b8f
gpg: Report a conflict between honor-keyserver-url and TOR.
* g10/call-dirmngr.c (create_context): Send option and print a verbose
error.
--

It is in general a bad idea to use honor-keyserver-url but if Dirmngr
is running in TOR mode we should not allow this option at all.  We let
Dirmngr know about the use of this option and let Dirmngr tell use
whether TOR mode is active so that we can print a hint to disable that
keyserver option.

A future extension in gpgconf may disable that option directly but a
user may still override that and thus we better check.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-18 16:21:31 +02:00
Werner Koch
8eb3a1797a
gpg: Fix skip function dummy parameter.
* g10/trustdb.c (search_skipfnc): Fix dummy argument
--

This is required due to the prototype change in
commit 9acbeac236

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 19:02:35 +02:00
Werner Koch
f71ed902de
gpg: Change last commit to avoid extra translations.
* g10/keyedit.c (keyedit_menu): Do not print usage hints in expert
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 18:55:27 +02:00
Neal H. Walfield
172af881a1 g10: Improve error message.
* g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
must be selected, indicate what command to use to do this.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:31 +02:00
Neal H. Walfield
6845737736 g10: Be more careful when merging self-signed data.
* g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
data belonging to the public key when we encounter an attribute packet
or a subkey packet, not just a user id packet.  When looking for
self-signed data belonging to a user id packet, stop when we see a
user attribute packet.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:30 +02:00
Neal H. Walfield
c31e089129 g10: Simplify some complicated boolean expressions.
* g10/getkey.c (finish_lookup): Simplify logic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:29 +02:00
Neal H. Walfield
77c2ad4a81 g10: Also mark revoked and expired keys as unusable.
* g10/getkey.c (skip_unusable): Also mark the key as unusable if it
has been revoked or has expired.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:29 +02:00
Neal H. Walfield
1b601de06a g10: Release resources when returning an error in get_seckey.
* g10/getkey.c (get_seckey): If the key doesn't have a secret key,
release *PK.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:28 +02:00
Neal H. Walfield
cab581c486 g10: Improve documentation and comments for getkey.c.
* g10/getkey.c: Improve documentation and comments for most
functions.  Move documentation for public functions from here...
* g10/keydb.h: ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:28 +02:00
Neal H. Walfield
7333e704ef g10: Remove unused function have_any_secret_key.
* g10/getkey.c (have_any_secret_key): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:27 +02:00
Neal H. Walfield
5e233e12f5 g10: Bring cache semantics closer to non-cache semantics.
* g10/getkey.c (get_pubkey_fast): When reading from the cache, only
consider primary keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:26 +02:00
Neal H. Walfield
3940f10af7 g10: Break out of the loop earlier.
* g10/getkey.c (have_secret_key_with_kid): Once we find the relevent
key or subkey, stop searching.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

Only a single key or subkey will ever be selected per keyblock.
2015-09-16 15:15:26 +02:00
Neal H. Walfield
50affffe93 g10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT
* g10/getkey.c (lookup): Also don't skip legacy keys if the search
mode is KEYDB_SEARCH_MODE_NEXT.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

We currently don't skip keys if the search mode is
KEYDB_SEARCH_MODE_FIRST.  Since we change KEYDB_SEARCH_MODE_FIRST to
KEYDB_SEARCH_MODE_NEXT (to avoid a reset), it only makes sense to have
the same semantics for KEYDB_SEARCH_MODE_NEXT.
2015-09-16 15:15:25 +02:00
Neal H. Walfield
efbaa8f891 g10: Remove unused function get_seckeyblock_byfprint.
* g10/keydb.h (get_seckeyblock_byfprint): Remove prototype.
* g10/getkey.c (get_seckeyblock_byfprint): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:25 +02:00
Neal H. Walfield
e2b300801e g10: Remove unused function get_seckey_byfprint.
* g10/keydb.h (get_seckey_byfprint): Remove prototype.
* g10/getkey.c (get_seckey_byfprint): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:24 +02:00
Neal H. Walfield
80dbf8006f g10: Simplify get_seckey_byname: it was never called with NAME not NULL.
* g10/keydb.h (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this.  Drop the parameter name.  Update
users.
* g10/getkey.c (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this.  Drop the parameter name.  Drop the
code which assumed that NAME is not NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:23 +02:00
Neal H. Walfield
dc69804ab0 g10: Eliminate the redundant function get_keyblock_byfprint.
* g10/keydb.h (get_keyblock_byfprint): Remove prototype.  Replace use
of this function with get_pubkey_byfprint.
* g10/getkey.c (get_pubkey_byname): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:23 +02:00
Neal H. Walfield
911fcca36d g10: Simplify semantics of get_pubkey_byname.
* g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return
the keyblock in R_KEYBLOCK independent of whether PK is set or not.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

Currently, no caller invokes get_pubkey_byname with PK==NULL and
R_KEYBLOCK != NULL.  Thus, this change does not change any behavior.
2015-09-16 15:15:22 +02:00
Neal H. Walfield
b4672e4d48 g10: Eliminate the redundant function get_pubkey_byname.
* g10/getkey.c (get_pubkey_byname): Remove function.
(lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:22 +02:00
Neal H. Walfield
65e58ae674 g10: Eliminate the redundant function get_pubkey_end.
* g10/keydb.h (get_pubkey_end): Remove declaration.  Replace use of
function with getkey_end.
* g10/getkey.c (get_pubkey_byname): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:21 +02:00
Neal H. Walfield
be6743b2e1 g10: Eliminate the redundant function get_pubkey_next.
* g10/keydb.h (get_pubkey_next): Remove prototype.
* g10/getkey.c (get_pubkey_next): Remove function.
* g10/keylist.c (locate_one): Use getkey_next instead of
get_pubkey_next.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:20 +02:00
Neal H. Walfield
9acbeac236 kbx: Change skipfnc's prototype so that we can provide all information.
* kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change
third parameter to be the index of the user id packet in the keyblock
rather than the packet itself.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

The keybox code doesn't work directly with keyblocks.  As such, the
matched user packet is not readily available to pass to
DESC[n].SKIPFNC.  But, we do know the index of the user id packet that
matched.  Thus, pass that instead.  If the skip function needs the
user id packet, it can use the key id to look up the key block and
find the appropriate packet.
2015-09-16 15:15:20 +02:00
Neal H. Walfield
83e17ab1b4 g10: Remove unused prototype (get_pubkey_byfpr).
* g10/keydb.h (get_pubkey_byfpr): Remove unused prototype.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:19 +02:00
Neal H. Walfield
b06f96ba4f g10: Remove unused function (get_pubkey_bynames).
* g10/keydb.h (get_pubkey_bynames): Remove prototype.
* g10/getkey.c (get_pubkey_bynames): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:19 +02:00
Neal H. Walfield
d47e84946e g10: Simplify code. Turn struct getkey_ctx_s.found_key into an argument
* g10/getkey.c (struct getkey_ctx_s): Remove field found_key.
(lookup): Add argument ret_found_key.  If not NULL, set it to the
found key.  Update callers.
(pk_from_block): Add argument found_key.  Use it instead of
CTX->FOUND_KEY.  Update callers.
(finish_lookup): Return a KBNODE (the found key) instead of an int.
Don't set CTX->FOUND_KEY.  Return the found key instead.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:18 +02:00
Neal H. Walfield
c110e186e0 g10: Remove unused field struct getkey_ctx_s.kbpos.
* g10/getkey.c (struct getkey_ctx_s): Remove field kbpos.
(getkey_end): Don't clear CTX->KBPOS.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:17 +02:00
Neal H. Walfield
3798f73c07 g10: Simplify code: remove field struct getkey_ctx_s.keyblock.
* g10/getkey.c (struct getkey_ctx_s): Remove field keyblock.
(finish_lookup): Add parameter keyblock.  Update caller to pass this.
(lookup): Add new local variable keyblock.  Use this instead of
ctx->keyblock for referencing the keyblock.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 15:15:17 +02:00
Werner Koch
e92a8ab021
g10: Fix make distcheck problem.
* g10/test.c: Include string.h.
(prepend_srcdir): New.  Taken from Libgcrypt.
(test_free): New.
* g10/t-keydb.c (do_test): Malloc the filename.
* g10/Makefile.am (AM_CPPFLAGS): Remove -DSOURCE_DIR
(EXTRA_DIST): Add t-keydb-keyring.kbx.
--

Using SOURCE_DIR should in general work but we have seen problems when
doing this in Libgcrypt.  Using the srcdir variable gives us anyway
more flexibility and aligns with the way we do it in tests/openpgp.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-10 18:12:20 +02:00
Werner Koch
fbf24cd09a
g10: Improve portability of the new test driver.
* g10/test.c: Include stdio.h and stdlib.h.
(verbose): New.
(print_results): Rename to exit_tests.
(main): Remove atexit and call exit_tests.  Set verbose.
(ASSERT, ABORT): Call exit_tests instead of exit.
--

Calling exit from an exit handler is undefined behaviour.  It works on
Linux but other systems will hit an endless loop.  That is indeed
unfortunate but we can't do anything about it.  Calling _exit() would
be possible but that may lead to other problems.  Thus we change to
call a custom exit function :-(.

Using "make check verbose=1" is supported by tests/openpgp and thus
we add the same mechanism here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-10 17:43:37 +02:00
Werner Koch
56bf1061f8
doc: Minor comment fixes.
--
2015-09-09 15:14:35 +02:00
Neal H. Walfield
bd0c902f1d g10: Remove unused field req_algo.
* g10/packet.h (PKT_public_key): Remove unused field req_algo.  Remove
users.
* g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo.
Remove users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 15:08:58 +02:00
Neal H. Walfield
1f03d4cd94 g10: Use a symbolic constant instead of a literal.
* g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define.
(new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal.
(release_key_hash_table): Likewise.
(test_key_hash_table): Likewise.
(add_key_hash_table): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 15:08:57 +02:00
Neal H. Walfield
ee7ec1256b g10: Add test for keydb as well as new testing infrastructure.
* g10/Makefile.am (EXTRA_DIST): Add test.c.
(AM_CPPFLAGS): Add -DSOURCE_DIR="\"$(srcdir)\"".
(module_tests): Add t-keydb.
(t_keydb_SOURCES): New variable.
(t_keydb_LDADD): Likewise.
* g10/t-keydb.c: New file.
* g10/t-keydb-keyring.kbx: New file.
* g10/test-stubs.c: New file.
* g10/test.c: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 15:08:57 +02:00
Neal H. Walfield
60bc518645 g10: Make the keyblock cache per-handle rather than global.
* g10/keydb.c (keyblock_cache): Don't declare this variable.  Instead...
(struct keyblock_cache): ... turn its type into this first class
object...
(struct keydb_handle): ... and instantiate it once per database
handle.  Update all users.
(keydb_rebuild_caches): Don't invalidate the keyblock cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 10:52:01 +02:00
Neal H. Walfield
f076fa190e g10: If iobuf_seek fails when reading from the cache, do a hard read.
* g10/keydb.c (keydb_get_keyblock): If the iobuf_seek fails when
reading from the cache, then simply clear the cache and try reading
from the database.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 10:38:42 +02:00
Werner Koch
f9c83d84e7
gpg: Remove option --no-sig-create-check.
* g10/gpg.c (opts): Remove --no-sig-create-check.
* g10/options.h (struct opt): Remove field no_sig_create_check.
* g10/sign.c (do_sign): Always check unless it is RSA and we are using
Libgcrypt 1.7.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-01 07:37:12 +02:00
Neal H. Walfield
04a6b903d0 g10: Don't leak memory if we fail to initialize a new database handle.
* g10/keydb.c (keydb_new): If we fail to open a keyring or keybox
correctly release all resources.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:57 +02:00
Neal H. Walfield
360b699e9b g10: Improve interface documentation of the keydb API.
* g10/keydb.c: Improve code comments and documentation of internal
interfaces.  Improve documentation of public APIs and move that to...
* g10/keydb.h: ... this file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:56 +02:00
Neal H. Walfield
efd1ead9e7 g10: Don't cache search results if the search didn't scan the whole DB.
* g10/keydb.c (struct keydb_handle): Add new field is_reset.
(keydb_new): Initialize hd->is_reset to 1.
(keydb_locate_writable): Set hd->is_reset to 1.
(keydb_search): Set hd->is_reset to 0.  Don't cache a key not found if
the search started from the beginning of the database.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:55 +02:00
Neal H. Walfield
11d8ffc939 g10: Have keydb_search_first call keydb_search_reset before searching.
* g10/keydb.c (keydb_search_first): Reset the handle before starting
the search.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

This bug hasn't shown up yet in practice, because keydb_search_first
is always called immediately after a keydb_new.  This changes cleans
up the semantics and will hopefully prevent future bugs.
2015-08-31 11:30:55 +02:00
Neal H. Walfield
0377db4b35 g10: Remove unused parameter.
* g10/keydb.h (keydb_locate_writable): Remove unused parameter
reserved.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:30:54 +02:00
Neal H. Walfield
fad91071ca g10: Simplify cache. Only include data that is actually used.
* g10/keydb.c (struct kid_list_s): Rename from this...
(struct kid_not_found_cache_bucket): ... to this.  Update users.
Remove field state.
(kid_list_t): Remove type.
(KID_NOT_FOUND_CACHE_BUCKETS): Define.  Use this instead of a literal.
(kid_found_table): Rename from this...
(kid_not_found_cache_bucket): ... to this.  Update users.
(kid_found_table_count): Rename from this...
(kid_not_found_cache_count): ... to this.  Update users.
(kid_not_found_p): Only return whether a key with the specified key id
is definitely not in the database.
(kid_not_found_insert): Remove parameter found.  Update callers.
(keydb_search): Only insert a key id in the not found cache if it is
not found.  Rename local variable once_found to already_in_cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.

Commit e0873a33 started tracking whether key ids where definitely in
the database.  This information is, however, never used and thus just
unnecessarily inflates the cache.  This patch effectively reverts that
change (however, e0873a33 contains two separate changes and this only
reverts that change).
2015-08-26 12:25:53 +02:00
Werner Koch
51b9b8fba4
gpg: Emit ERROR status for key signing failures.
* g10/keyedit.c (sign_uids): Write an ERROR status for a signing
failure.
(menu_adduid, menu_addrevoker, menu_revsig): Ditto.
(menu_revuid, menu_revkey, menu_revsubkey): Ditto.
--

This change helps GPA to show better error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 15:26:50 +02:00
Werner Koch
9cdff09743
gpg: Print a new FAILURE status after most commands.
* common/status.h (STATUS_FAILURE): New.
* g10/cpr.c (write_status_failure): New.
* g10/gpg.c (main): Call write_status_failure for all commands which
print an error message here.
* g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
set the pinentry mode.
--

This status line can be used similar to the error code returned by
commands send over the Assuan interface in gpgsm.  We don't emit them
in gpgsm because there we already have that Assuan interface to return
proper error code.  This change helps GPGME to return better error
codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-25 15:26:33 +02:00
Werner Koch
88317ae8c8
gpg: Fix regression in packet parser from Aug 19.
* g10/parse-packet.c (parse): Use an int to compare to -1.  Use
buf32_to_ulong.
--

Regression-due-to: 0add91ae1c
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-23 12:17:43 +02:00
Werner Koch
00def10d36
gpg: Show not found keys with --locate-key --verbose.
* g10/keylist.c (locate_one): Print a diagnostic for a not-found key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-23 11:56:17 +02:00
Neal H. Walfield
09f2a7bca6 common: Don't incorrectly reject 4 GB - 1 sized packets.
* g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
Add the constraint that the type must be 63.
* kbx/keybox-openpgp.c (next_packet): Likewise.
* tests/openpgp/4gb-packet.asc: New file.
* tests/openpgp/4gb-packet.test: New file.
* tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
(TEST_FILES): Add 4gb-packet.asc.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:13 +02:00
Neal H. Walfield
4f37820334 common: Don't assume on-disk layout matches in-memory layout.
* g10/packet.h (PKT_signature): Change revkey's type from a struct
revocation_key ** to a struct revocation_key *.  Update users.

--
revkey was a pointer into the raw data.  But, C doesn't guarantee that
there is no padding.  Thus, we copy the data.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:08 +02:00
Neal H. Walfield
b3226cadf9 common: Don't incorrectly copy packets with partial lengths.
* g10/parse-packet.c (parse): We don't handle copying packets with a
partial body length to an output stream.  If this occurs, log an error
and abort.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:04 +02:00
Neal H. Walfield
0143d5c1ca common: Check parameters more rigorously.
* g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not
NULL.
(copy_all_packets): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:00 +02:00
Neal H. Walfield
48e792cc95 common: Don't continuing processing on error.
* g10/parse-packet.c (dbg_parse_packet): Also return if parse returns
an error.
(parse_packet): Likewise.
(dbg_search_packet): Likewise.
(search_packet): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:20:54 +02:00
Neal H. Walfield
73af66a0aa common: Better respect the packet's length when reading it.
* g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't
underflow.  Be more careful that a read doesn't read more data than
PKTLEN says is available.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:20:43 +02:00
Neal H. Walfield
0add91ae1c g10/parse-packet.c:parse: Try harder to not ignore an EOF.
* g10/parse-packet.c (parse): Be more robust: make sure to process any
EOF.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:31 +02:00
Neal H. Walfield
24a72dffa7 g10/parse-packet.c: Replace literal with symbolic expression.
* g10/parse-packet.c (dump_hex_line): Use sizeof rather than the
buffer's size.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:30 +02:00
Neal H. Walfield
026feff4a8 Add documentation for g10/parse-packet.c.
* g10/packet.h: Add documentation for functions defined in
parse-packet.c.
* g10/parse-packet.c: Improve comments for many functions.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:29 +02:00
Neal H. Walfield
c46e8bfe9a g10/packet.h: Remove unused argument from enum_sig_subpkt.
* g10/packet.h (enum_sig_subpkt): Remove argument RET_N.  Update
callers.
* g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N.

--
Remove the RET_N argument, because it is unused and because it is
meaningless: it's not clear whether it is an offset into SIG->HASHED
or SIG->UNHASHED.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:29 +02:00
Neal H. Walfield
c271feb536 g10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions.
* g10/parse-packet.c (mpi_read): Improve documentation.  Correctly
handle an EOF.  On overflow, correctly return the number of bytes read
from the pipeline.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:28 +02:00
Neal H. Walfield
8402815d8e common/iobuf.h: Remove iobuf_open_fd_or_name.
* common/iobuf.h (iobuf_open_fd_or_name): Remove prototype.  Replace
use with either iobuf_open or iobuf_fdopen_nc, as appropriate.
* common/iobuf.c (iobuf_open): Remove function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:22 +02:00
Werner Koch
91357b7722
gpg: Avoid linking to Libksba
* kbx/keybox.h (KEYBOX_WITH_X509): Do not define.
* sm/Makefile.am (AM_CPPFLAGS): Define it here.
(common_libs): Change to libkeybox509.a
* g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS.
(gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS
* kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a.
(libkeybox509_a_SOURCES): New.
(libkeybox_a_CFLAGS): New.
(libkeybox509_a_CFLAGS): New.
(kbxutil_CFLAGS): New.
* kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args
as unused.
--

There is no real need to link to Libksba in gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-17 16:17:19 +02:00
Ben Kibbey
93f5295df5 Fix sending INQUIRE_MAXLEN for symmetric data.
* g10/passphrase.c (passphrase_to_dek_ext): Write the status message.
2015-08-16 12:54:04 -04:00
Ben Kibbey
f126ca6156 Inform a user about inquire length limit.
* common/status.h (INQUIRE_MAXLEN): New.
* g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN.
client when inquiring a passphrase over pinentry-loopback.

--
This is to inform a user about the maximum length of a passphrase. The
limit is the same that gpg-agent uses.
2015-08-15 17:14:13 -04:00
Ben Kibbey
233b5fedab Allow --gen-key to inquire a passphrase.
* g10/gpg.c (main): test for --command-fd during --gen-key parse.

When --command-fd is set then imply --batch to let gpg inquire a
passphrase rather than requiring a pinentry.
2015-08-15 17:14:13 -04:00
Werner Koch
5b7a80b1ab
gpg: Allow gpgv to work with a trustedkeys.kbx file.
* g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New.
* g10/keydb.c (keydb_add_resource): Take care of new flag.
* g10/gpgv.c (main): Use new flag.
--

GnuPG-bug-id: 2025
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-07 15:53:56 +02:00
Werner Koch
fb754dc617
gpg: Remove duplicated printing of the curve name in "sub" lines.
* g10/keylist.c (list_keyblock_print): Do not print extra curve name.
--

This was cruft from the time before we changed to the new algo/size
string.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-06 18:12:31 +02:00
Werner Koch
fbb6c25ab5
gpg: Add commands "fpr *" and "grip" to --edit-key.
* g10/keyedit.c (cmdGRIP): New.
(cmds): Add command "grip".
(keyedit_menu) <cmdFPR>: Print subkeys with argument "*".
(keyedit_menu) <cmdGRIP>: Print keygrip.
(show_key_and_fingerprint): Add arg "with_subkeys".
(show_key_and_grip): New.
* g10/keylist.c (print_fingerprint): Add mode 4.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-06 18:00:12 +02:00
Werner Koch
969542c8c2
gpg: Adjust UID line indentation for common key algos.
* g10/keylist.c (list_keyblock_print): Change UID line indentation
* g10/mainproc.c (list_node): Ditto.
--

Due to the new keyalgo/size format the UID was not anymore printed
properly aligned to the creation date.  Although we can't do that in
any case, this change does it for common algos like "rsa2048",
"dsa2048", and "ed25519".

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-06 17:09:27 +02:00
NIIBE Yutaka
e5891a82c3 Curve25519 support.
* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.
2015-08-06 17:00:41 +09:00
NIIBE Yutaka
a6e4053089 common: extend API of openpgp_oid_to_curve for canonical name.
* common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
* common/util.h: Update.
* g10/import.c (transfer_secret_keys): Follow the change.
* g10/keyid.c (pubkey_string): Likewise.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
* parse-packet.c (parse_key): Likewise.
* scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.

--

Change the function so that caller can select canonical name of curve
or name for printing.  Suggested by wk.
2015-08-06 16:51:14 +09:00
Werner Koch
4a326d7c9a
gpg: Fix duplicate key import due to legacy key in keyring.
* g10/keydb.c (keydb_search_fpr): Skip legacy keys.
--

A test case for this problem can be found at
GnuPG-bug-id: 2031

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-04 17:32:08 +02:00
Werner Koch
f05a63b104
gpg: Properly handle legacy keys while looking for a secret key.
* g10/getkey.c (have_secret_key_with_kid): Skip legacy keys.
--

This fixes
GnuPG-bug-id: 2031

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-04 12:28:17 +02:00
Werner Koch
328a6b6459
gpg: Fix endless loop for expired keys given by fpr.
* g10/getkey.c (lookup): Disable keydb caching when continuing a
search.
--

Caches are Fierce Creatures.

Reported-by: Patrick Brunschwig
2015-07-31 12:02:08 +02:00
Werner Koch
23d8609f4b
gpg: Do not return "Legacy Key" from lookup if a key is expired.
* g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY.
--

If an expired key is directly followed by a legacy key in the keyring,
the lookup function incorrectly returned "legacy key" instead of
"unusable key".  We fix it by handling not found identical to a legacy
key if the last finish lookup failed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-07-29 16:11:17 +02:00
Werner Koch
8b2b988309
gpg: Indicate secret keys and cards in a key-edit listing.
* g10/keyedit.c (sign_uids): Add arg "ctrl".
(show_key_with_all_names_colon): Ditto.
(show_key_with_all_names): Ditto.

* g10/keyedit.c (show_key_with_all_names): Print key record
indicators by checking with gpg-agent.
(show_key_with_all_names): Ditto.  May now also print sec/sbb.
--

This also fixes a problem in the --with-colons mode.  Before this
patch the --with-colons output of --edit-key always showed pub/sub
regardless of the old toogle state.  Now it also prints sec/sbb.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-07-29 09:48:20 +02:00
Werner Koch
7ef09afd1a
gpg: Remove the edit-key toggle command.
* g10/keyedit.c (cmds): Remove helptext from "toggle".
(keyedit_menu): Remove "toggle" var and remove the sub/pub check
against toggle.
--

Because it is now easily possible to have only secret keys for some of
the main/subkeys the current check on whether any secret is available
is not really useful.  A finer grained check should eventually be
implemented.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-07-28 17:43:29 +02:00
Werner Koch
d382242fb6
Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--

Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places.  For now we need repalcement
macros, though.
2015-07-26 12:50:24 +02:00
NIIBE Yutaka
ef080d5c7f scd: support any curves defined by libgcrypt.
* g10/call-agent.h (struct agent_card_info_s): Add curve field.
* g10/call-agent.c (learn_status_cb): Use curve name.
* g10/card-util.c (card_status): Show pubkey name.
* scd/app-openpgp.c (struct app_local_s): Record OID and flags.
(store_fpr): Use ALGO instead of key type.
(send_key_attr): Use curve name instead of OID.
(get_public_key): Clean up by OID to curve name.
(ecc_writekey): Support any curves in libgcrypt.
(do_genkey, do_auth, ): Follow the change.
(ecc_oid): New.
(parse_algorithm_attribute): Show OID here.
2015-07-25 12:09:23 +09:00
NIIBE Yutaka
dbf4534f49 scd: Format change to specify "rsa2048" for KEY-ATTR.
* g10/card-util.c (do_change_keysize): Put "rsa".
* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Change the command format.
(rsa_writekey): Check key type.
(do_writekey): Remove "ecdh" and "ecdsa" support which was available
in experimental libgcrypt before 1.6.0.
2015-07-23 14:10:03 +09:00
Neal H. Walfield
f2ee673c99 Don't segfault if the first 'auto-key-locate' option is 'clear'.
* g10/getkey.c (free_akl): If AKL is NULL, just return.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Reported-by: Sami Farin.
GnuPG-bug-id: 2045
2015-07-16 09:57:41 +02:00
NIIBE Yutaka
5b46726931 g10: Use canonical name for curve.
* g10/import.c (transfer_secret_keys): Use canonical name.
* common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error.
* g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/parse-packet.c (parse_key): Ditto.
2015-07-08 15:05:06 +09:00
Werner Koch
d8bc89ab88
Remove obsolete file g10/comment.c.
--
2015-06-30 11:56:01 +02:00
Werner Koch
740c4af703
doc: Updated HACKING.
--

Added used commit keywords.
Add some comments to the list of files.
2015-06-30 11:55:17 +02:00
Werner Koch
010e4281c3
gpg: Make show-sig-subpackets work again.
* g10/gpg.c (parse_list_options): Fix offset for subpackets.
--

Regression-due-to: 7d0492075e
GnuPG-bug-id: 2008
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-30 11:01:16 +02:00
Werner Koch
b607657931
agent: Prepare for Libassuan with Cygwin support.
* agent/gpg-agent.c (create_server_socket): Add arg "cygwin".  Call
assuan_sock_set_flag if Assuan version is recent enough.
(main): Create ssh server socket with Cygwin flag set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-29 21:28:59 +02:00
Neal H. Walfield
68c217f457 Improve the description of old packets with an indeterminate length.
* g10/parse-packet.c (parse): Make the description more accurate when
listing packets: old format packets don't support partial lengths,
only indeterminate lengths (RFC 4880, Section 4.2).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-06-29 15:53:45 +02:00
Werner Koch
4698e5b203
gpg: Allow debug flag names for --debug.
* g10/gpg.c (opts): Change arg for oDebug to a string.
(debug_flags): New; factored out from set_debug.
(set_debug): Remove "--debug-level help".  Use parse_debug_flag to
print the used flags.
(main): Use parse_debug_flag for oDebug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 21:01:10 +02:00
Werner Koch
e0873a3372
gpg: Fix regression due to recent commit 6500f33
* g10/keydb.c (kid_list_s): Keep a state in the table.
(kid_not_found_table): Rename to kid_found_table.
(n_kid_not_found_table): Rename to kid_found_table_count.
(kid_not_found_p): Return found state.
(kid_not_found_insert): Add arg found.
(keydb_search): Store found state in the table.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-22 15:16:58 +02:00
Werner Koch
0948c4f217
gpg: Print number of good signatures with --check-sigs.
* g10/keylist.c (keylist_context): Add field good_sigs.
(list_keyblock_print): Updated good_sigs.
(print_signature_stats): Print number of good signatures and use
log_info instead of tty_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-20 15:05:32 +02:00
Werner Koch
6500f338a3
gpg: Improve speed of --check-sigs and --lish-sigs.
* g10/keydb.c (kid_list_t): New.
(kid_not_found_table, n_kid_not_found_table): New.
(kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New.
(keydb_insert_keyblock): Flush the new cache.
(keydb_delete_keyblock): Ditto.
(keydb_update_keyblock): Ditto.
(keydb_search): Use the new cache.
(keydb_dump_stats): New.
* g10/gpg.c (g10_exit): Dump keydb stats.
--

What we do here is to keep track of key searches by long keyids (as
stored in all signatures) so that we do not need to scan the keybox
again after we already found that this keyid will result in
not-found.  As soon as we change gpg to run as a co-process we should
store this table per session because other instances of gpg may have
updated the keybox without us knowing.

On a test ring with

  gpg: 94721 good signatures
  gpg: 6831 bad signatures
  gpg: 150703 signatures not checked due to missing keys
  gpg: 5 signatures not checked due to errors
  gpg: keydb: kid_not_found_table: total: 14132

this new cache speeds a --check-sigs listing up from 28 minutes to
less than 3 minutes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-20 15:03:32 +02:00
Werner Koch
53e9b86085
gpg: Add more log_clock calls to keydb.c
* g10/keydb.c (keydb_get_keyblock): Add log_clock calls.
2015-06-19 16:59:46 +02:00
Werner Koch
663a31f1ea
gpg: Print available debug flags using "--debug-level help".
* g10/gpg.c (set_debug): Add "help" option and use a table for the
flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-19 14:56:46 +02:00
Werner Koch
c5604eeee4
gpg: Fix export problem in case an old keyring has PGP-2 keys.
* g10/export.c (do_export_stream): Skip legacy keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-19 12:39:29 +02:00
Werner Koch
010d26a85b
agent: Print a warning for obsolete options.
* g10/misc.c (obsolete_scdaemon_option): Move to
* common/miscellaneous.c (obsolete_option): ... here.
* agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete
options.
--

GnuPG-bug-id: 2016
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-17 12:59:29 +02:00
Neal H. Walfield
eac081ba12 Don't prompt for the password multiple times in pinentry loopback mode.
* g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK,
clear OPT.PASSPHRASE_REPEAT.
2015-06-16 16:00:39 +02:00
Werner Koch
a4a15195c2
gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c
* g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND.
* g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND.
* g10/trustdb.c (read_trust_record): Ditto.
(tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust, update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts, update_validity): Ditto.
(tdb_cache_disabled_value): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-04 18:08:26 +02:00
Werner Koch
f170240ef7
gpg: Cleanup error code path in case of a bad trustdb.
* g10/tdbio.c (tdbio_read_record): Fix returning of the error.
--

Actually the returned error will anyway be GPG_ERR_TRUSTDB but the old
code was not correct.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-04 17:39:55 +02:00
Werner Koch
bf06d04f53
gpg: Fix output in case of a corrupted trustdb.
* g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass
es_stdout.
* g10/tdbio.c (upd_hashtable): On a corrupted trustdb call
list_trustdb only in verbose > 1 mode and let it dump to stderr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-04 17:34:55 +02:00
Werner Koch
840f807a90
gpg: Re-indent and improve documentation of g10/tdbio.c
--
2015-06-04 17:26:44 +02:00
NIIBE Yutaka
fe5c6edaed g10: Fix a race condition initially creating trustdb.
* g10/tdbio.c (take_write_lock, release_write_lock): New.
(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
new lock functions.
(tdbio_set_dbname): Fix the race.
(open_db): Don't call dotlock_create.

--

GnuPG-bug-id: 1675
2015-05-28 17:18:35 +09:00
NIIBE Yutaka
6cb18a8f97 g10: Remove g10/signal.c.
* g10/signal.c: Remove.
* g10/main.h: Remove old function API.
* g10/tdbio.c: Use new API, even in the dead code.

--

We use common/signal.c now.  The file g10/signal.c has been useless
since 2003-06-27.  Now, the removal.
2015-05-27 10:22:32 +09:00
NIIBE Yutaka
c771963140 g10: detects public key encryption packet error properly.
g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
encryption.
2015-05-19 10:32:07 +09:00
Werner Koch
43ea8f5d88
build: Make --disable-gpgsm work.
* Makefile.am: Always build kbx/
* g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS.
--

Note that "make check" still prints a warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-15 13:20:52 +02:00
Werner Koch
b03a264729
gpg: Avoid cluttering stdout with trustdb info in verbose mode.
* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
mode.
--

I guess that is a left-over from an early attempt to output
information on the trustdb for use by other tools.  Maybe related to
the former --list-trust-path command.  Sending it to stdout is
probably useful so we do this now only in debug mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:30:04 +02:00
Werner Koch
7039f87375
gpg: Fix wrong output in list mode.
* g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to
LISTFP.
--

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

This was an oversight from the conversion to estream or a separate
listing stream.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:20:26 +02:00
Werner Koch
64e809b791
gpg: New command --quick-adduid.
* g10/keygen.c (ask_user_id): Factor some code out to ...
(uid_already_in_keyblock): new.
(generate_user_id): Add arg UIDSTR.  Fix leaked P.
* g10/keyedit.c (menu_adduid): Add new arg uidstring.  Adjust caller.
(keyedit_quick_adduid): New.
* g10/gpg.c (aQuickAddUid): New.
(opts):  Add command --quick-adduid.
(main): Implement that.
--

GnuPG-bug-id: 1956
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
Werner Koch
3c439c0447
gpg: Add push/pop found state feature to keydb.
* g10/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init new field.
(keydb_push_found_state, keydb_pop_found_state): New.
* g10/keyring.c (kyring_handle): Add field saved_found.
(keyring_push_found_state, keyring_pop_found_state): New.
--

We have the same feature in gpgsm.  It is very useful to check for an
unambiguous user id with a follow up update of the keyblock.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 15:51:11 +02:00
Werner Koch
b772e459fa
gpg: Minor code merging in keyedit.
* g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order.
(fix_keyblock): New.  Call fix_key_signature_order and other fix
functions.
(keyedit_menu): Factor code out to new fix_keyblock.
(keyedit_quick_sign): Ditto.  Check for primary fpr before calling
fix_keyblock.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 12:18:36 +02:00
Werner Koch
874ef16e70
gpg: Improve 'General key info' line of --card-status.
* g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".

* g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK.
* g10/keyid.c (keyid_from_fingerprint): Adjust for change.
* g10/revoke.c (gen_desig_revoke): Adjust for change.
* g10/card-util.c (card_status): Simplify by using new arg.  Align
card-no string.

* g10/card-util.c (card_status): Remove not used GnuPG-1 code.
--

This now prints "sub" if the first used card key is actually a subkey.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-07 12:12:41 +02:00
Werner Koch
173b26c8f8
gpg: Fix regression not displaying the card serial number
* g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO.
--

This regression is due to
commit 585d5c62ee
from February 2013!

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-07 11:54:34 +02:00
NIIBE Yutaka
f77fd572db g10: fix cmp_public_key.
* g10/free-packet.c (cmp_public_keys): Compare opaque
data at the first entry of the array when it's unknown algo.

--

(forwardported from 2.0 commit 43429c7869)

GnuPG-bug-id: 1962
2015-05-01 13:58:18 +09:00
Werner Koch
26d7e0d7ac
common: Rename log and gcc attribute macros (jnlib merge).
* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--

JNLIB has no more meaning.  Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-24 16:10:47 +02:00
Werner Koch
575230d91b
common: Remove two JNLIB_ macros (jnlib merge).
* configure.ac: Merge seperate jnlib checks.
(HAVE_JNLIB_LOGGING): Remove.
* common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL):
Rename to GNUPG_COMMON_NEED_AFLOCAL.  Change all tests.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-24 16:10:15 +02:00
Werner Koch
154f3ed2bf
gpg: Move all DNS access to Dirmngr.
* common/dns-cert.h: Move to ../dirmngr/.
* common/dns-cert.c: Move to ../dirmngr/.  Change args to return the
key as a buffer.
* common/t-dns-cert.c: Move to ../dirmngr/.
* common/pka.c, common/pka.h, common/t-pka.c: Remove.

* dirmngr/server.c (data_line_cookie_write): Factor code out to
data_line_write and make it a wrapper for that.
(data_line_write): New.
(cmd_dns_cert): New.
(register_commands): Register new command.

* g10/Makefile.am (LDADD): Remove DNSLIBS.
* g10/call-dirmngr.c (dns_cert_parm_s): New.
(dns_cert_data_cb, dns_cert_status_cb): New.
(gpg_dirmngr_dns_cert): New.
(gpg_dirmngr_get_pka): New.
* g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
* g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
gpg_dirmngr_dns_cert.
(keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
* g10/mainproc.c: Include call-dirmngr.h.
(pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
gpg_dirmngr_get_pka.
--

With this patch gpg does not do any network access itself but uses
dirmngr for that.  Note that we need to keep linking to NETLIBS due to
the logging code and because we need TCP for our socket emulation
under Windows.  Probably also required for Solaris etc.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-23 15:52:39 +02:00
Werner Koch
c4d98734c5
gpg: Make keyserver-option http_proxy work.
* g10/options.h (opt): Add field keyserver_options.http_proxy.
* g10/keyserver.c (warn_kshelper_option): Add arg noisy.
(parse_keyserver_options): Parse into new http_proxy field.
* g10/call-dirmngr.c (create_context): Send the http-proxy option.
2015-04-21 19:29:53 +02:00
Werner Koch
727fe4f8d7
gpg: Do not use honor-keyserver-url sub-option by default. 2015-04-21 15:46:13 +02:00
Werner Koch
ae0d65f864
gpg: Make preferred keyservers work.
* g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done.
(create_context): Move keyserver setting to ...
(open_context): here.
(clear_context_flags): New.
(gpg_dirmngr_ks_get): Add arg override_keyserver.
* g10/keyserver.c (keyserver_refresh): Improve diagnostics.
(keyserver_get_chunk): Ditto.  Pass OVERRIDE_KEYSERVER to ks_get.
--

It used to ignore the given server but showed a diagnostics that it
will be used.
2015-04-21 15:36:30 +02:00
Werner Koch
da1990bac7
gpg: Update sub-options of --keyserver-options
* g10/options.h (KEYSERVER_HTTP_PROXY): New.
(KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove.
(KEYSERVER_TIMEOUT): New.
* common/keyserver.h (KEYSERVER_TIMEOUT): Remove.
* g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files"
and "keep-temp-files". Add "http-proxy" and "timeout".
(parse_keyserver_options): Remove 1.2 compatibility option
"honor-http_proxy".  Remove "use-temp-files" and "keep-temp-files"
code.
--

Note that many of these options where implicitly used by passing any
unknown option down to the former keyserver helpers.  The don't exist
anymore thus we need to make them explicit.  Another patch will convey
them to dirmngr.  Temp files are not anymore used thus they can be
removed and will be ignored when used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-21 10:15:04 +02:00
Werner Koch
25fce93ba1
gpg: Fix NULL-segv due to invalid imported data.
* g10/free-packet.c (my_mpi_copy): New.
(copy_public_key, copy_signature): Use instead of mpi_copy.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-13 17:19:46 +02:00
Werner Koch
67158ff155
Remove obsolete directories from AM_CPPFLAGS. 2015-04-10 13:11:59 +02:00
Werner Koch
c2383407bb
gpg: Print the user id in --fast-list-mode.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Change.
2015-04-06 20:23:05 +02:00
Werner Koch
67a58118ab
gpg: Prepare to pass additional context to the list functions.
* g10/keylist.c (struct sig_stats): Rename to keylist_context and add
field check_sigs.
(keylist_context_release): New.
(list_all): Set listctx.check_sigs and call release func.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_print): Use .check_sigs field.  Repalce arg opaque by
listctx.
(list_keyblock): Ditto.  Make static.
(list_keyblock_direct): New.
* g10/keygen.c (do_generate_keypair): Replace list_keyblock by
list_keyblock_direct.
--

This is in preparation for the server mode and for a patch to speed up
--list-sigs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 19:46:25 +02:00
Werner Koch
f577d5c1a7
gpg: Merge duplicated code for get_user_id et al.
* g10/getkey.c (get_user_id_string): Add args mode and r_LEN.
(get_user_id_string_native): Add new args.
(get_long_user_id_string, get_user_id): Rewrite using
get_user_id_string.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 19:09:50 +02:00
Werner Koch
c581ed717a
gpg: Add new option --debug-iolbf.
* g10/gpg.c (oDebugIOLBF): new.
(opts): Add --debug-iolbf.
(main): Set option.
--

This option is convenient for debugging to make sure that debug output
to stderr is synced with output to stdout.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-06 14:07:50 +02:00
Werner Koch
24a75201da
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG.
* g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
Werner Koch
2f099eb62a
Fix use of DBG_CACHE and DBG_LOOKUP
* dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
* g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
* g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
2015-04-06 13:27:26 +02:00
Werner Koch
4de8a58e44
gpg: Rename a debug macro.
* g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE.
(DBG_CIPHER): Rename to DBG_CRYPTO.
2015-04-06 13:07:09 +02:00
Werner Koch
d901efceba
gpg: Fix DoS while parsing mangled secret key packets.
* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
et al.
--

Due to the missing length checks PKTLEN may turn negative.  Because
PKTLEN is an unsigned int the malloc in read_rest would try to malloc
a too large number and terminate the process with "error reading rest
of packet: Cannot allocate memory".

Reported-by: Hanno Böck.
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-05 12:49:26 +02:00
NIIBE Yutaka
f82c4a6d0d g10: Fix keytocard.
g10/call-agent.h (agent_scd_learn): Add FORCE option.
g10/call-agent.c (agent_scd_learn): Implement FORCE option.
g10/keygen.c (gen_card_key): Follow the change of option.
g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
g10/keyedit.c (keyedit_menu): Update private key storage by
agent_scd_learn.
--

This is not a perfect solution since there is a possibility user
unplug card before quitting 'gpg --keyedit' session.  Usually,
it works well.

GnuPG-bug-id: 1846
2015-04-03 17:39:59 +09:00
Neal H. Walfield
f26ba14028 gpg: Only use the last specified keyserver.
* g10/gpg.c (main): Only use the last specified keyserver.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-03-28 16:55:37 +01:00
Werner Koch
bdd22e3a08
gpg,w32: Handle forward slash in --keyring option.
* g10/keydb.c (keydb_add_resource): Allow forward slash under Windows.
--

GnuPG-bug-id: 1546
2015-03-24 13:30:57 +01:00
Neal H. Walfield
51341badb6 Add support to talking to LDAP key servers.
* g10/call-dirmngr.c (record_output): New function.
(ks_put_inq_cb): Use it here to generate a --with-colons like output
instead of a custom format.
* dirmngr/ks-action.c: Include "ldap-parse-uri.h".
(ks_action_help): If the provided URI is an LDAP URI, then use
ldap_parse_uri to parse.  Call ks_ldap_help.
(ks_action_search): If passed an LDAP URI, then call ks_ldap_search.
(ks_action_get): Likewise.
(ks_action_put): Likewise.  Also, change data from a 'const void *' to
a 'void *' and add info and infolen parameters.  Add note that
function may modify DATA.
* dirmngr/ks-action.h (ks_action_put): Update declaration accordingly.
* dirmngr/server.c: Include "ldap-parse-uri.h".
(cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using
ldap_parse_uri.
(hlp_ks_put): Improve documentation.
(cmd_ks_put): Also pass info and infolen to ks_action_put.  Improve
documentation.
* dirmngr/ks-engine.h (ks_ldap_help): New declaration.
(ks_ldap_search): Likewise.
(ks_ldap_get): Likewise.
(ks_ldap_put): Likewise.
* dirmngr/ks-engine-ldap.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c,
ldap-parse-uri.c and ldap-parse-uri.h.
(dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs).

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
2015-03-23 19:58:29 +01:00
Werner Koch
e7ddaad0fd
gpg: Emit status line NEWSIG before signature verification starts.
* g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG.
--

gpgsm does this for a long time but somehow it never made it into gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-19 20:38:25 +01:00
Werner Koch
ab17f7b6c3
gpg: Create all MPIs with RFC-4880 correct length headers.
* g10/build-packet.c (gpg_mpi_write): Strip leading zeroes.
--

This used not to work with opaque MPI as returned by Libgcrypt from
ECC operations.  This patch fixes this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 20:14:58 +01:00
Werner Koch
bcc8250bc5
gpg: Allow printing of MPI values in --list-mode.
* g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode.
* g10/misc.c (mpi_print): Do not print an extra leading zero.
--

This was in older versions possible using "--debug 4" but that was
disabled in 2.1 due to a conflict using this values also for
Libgcrypt.  Now the values are dumped either with --debug 4 or using
--list-packets along with --verbose.

Because OpenPGP only uses unsigned integers an extra leading zero will
not be printed anymore.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 20:12:44 +01:00
Werner Koch
8bc1debfef
gpg: Fix broken write of opaque MPI length header.
* g10/build-packet.c (gpg_mpi_write): Use a char array for the length.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 19:51:06 +01:00
Werner Koch
1a9f13bc66
gpg: Fix possible dead code elimination.
* g10/encrypt.c: Change condition for detecting a real file.
--

Detected by Stack 3.0:

  bug: anti-dce
  model: |
    %tobool155 = icmp ne i32 %call154, 0, !dbg !1298
    -->  true
    ************************************************************
    land.lhs.true156:
    %96 = icmp eq i8* %filename, null
    call void @opt.bugon(i1 %96), !dbg !1298, !bug !1250
    %97 = load i8* %filename, align 1, !dbg !1298
    %conv157 = sext i8 %97 to i32, !dbg !1298
    %tobool158 = icmp ne i32 %conv157, 0, !dbg !1298
    br i1 %tobool158, label %land.lhs.true159, label %if.else177,\
          !dbg !1298
  stack:
    - /home/wk/s/gnupg/g10/encrypt.c:639:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/encrypt.c:639:0
      - null pointer dereference
2015-03-15 14:01:36 +01:00
Werner Koch
c59b410cf1
gpg: Remove useless condition.
* g10/keylist.c (list_keyblock_colon): Remove useless condition (PK).
(list_keyblock_print):  Likewise.
--

PK is already derefed above and thus testing for PK is dead code.
Detected by Stack 0.3:

  bug: anti-simplify
  model: |
    %tobool200 = icmp ne %struct.PKT_public_key* %3, null, !dbg !1498
    -->  true
  stack:
    - /home/wk/s/gnupg/g10/keylist.c:1367:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/keylist.c:1319:0
      - null pointer dereference

  bug: anti-simplify
  model: |
    %tobool102 = icmp ne %struct.PKT_public_key* %4, null, !dbg !1462
    -->  true
  stack:
    - /home/wk/s/gnupg/g10/keylist.c:978:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/keylist.c:955:0
      - null pointer dereference

  bug: anti-simplify
  model: |
    %tobool128 = icmp ne %struct.PKT_public_key* %4, null, !dbg !1469
    -->  true
  stack:
    - /home/wk/s/gnupg/g10/keylist.c:990:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/keylist.c:955:0
      - null pointer dereference
2015-03-15 12:39:56 +01:00
Werner Koch
7b5b52f326
gpg: Change --print-pka-records into an option.
* g10/gpg.c (aPrintPKARecords): Rename to oPrintPKARecords and do not
use it as a command.
* g10/keylist.c (list_keyblock): List PKA rceords also for secret
keys.
--

An option allows to use it more flexible.  For example to select only
secret keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:37:16 +01:00
Werner Koch
14af2be022
gpg: Add --list-gcrypt-config and "curve" item for --list-config.
* common/openpgp-oid.c (curve_supported_p): New.
(openpgp_enum_curves): New.
* common/t-openpgp-oid.c (test_openpgp_enum_curves): New.
(main): Add option --verbose.
* g10/gpg.c (opts): Add --list-gcrypt-config.
(list_config): Add items "curve" and "curveoid".  Remove unused code.
--

GnuPG-bug-id: 1917
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-10 15:35:30 +01:00
Daniel Kahn Gillmor
82146af85b
gpg: avoid chatter about trustdb when --quiet
* g10/trustdb.c (tdb_check_trustdb_stale): avoid log_info() when
  opt.quiet
--

gpg(1) says:

       -q, --quiet
              Try to be as quiet as possible.

While the mentions about the stale trustdb information are edifying,
they aren't necessary, and shouldn't be emitted when the user requests
--quiet.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-03-04 14:31:45 +01:00
Werner Koch
91baea2dcd
gpg: Fix memory leak due to PKA lookup.
* g10/keyserver.c (keyserver_import_pka): Move the xfree.
2015-02-26 18:01:13 +01:00
Werner Koch
2fc27c8696
gpg: Switch to a hash and CERT record based PKA system.
* common/dns-cert.c (get_dns_cert): Make r_key optional.
* common/pka.c: Rewrite for the new hash based lookup.
* common/t-pka.c: New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.

--

Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.

The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time.  Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified.  Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key.  Having a solid way of getting a key matching
a mail address is however a must have.

More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase.  The auto-key-locate mechanism
should also be able to continue key fetching with another methods once
the fingerprint has been retrieved with PKA.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-25 16:34:19 +01:00
Werner Koch
af60152a46
common: Allow requesting a specific certtype with get_dns_cert()
* common/dns-cert.c (get_dns_cert): Add arg want_certtype.  Change all
callers.
(CERTTYPE_): Move constants to ...
* common/dns-cert.h: here as DNS_CERTTYPE_.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-25 12:03:21 +01:00
Werner Koch
9913253610
Move new mailbox.c source file to common/.
* g10/mailbox.c: Move to ...
* common/mbox-util.c: new file.
* common/mbox-util.h: New. Include where needed.
* g10/t-mailbox.c: Move to ...
* common/t-mbox-util.c: new file.
--

This will make it easier to use the code by other modules in common/.
2015-02-25 11:43:50 +01:00
Werner Koch
e2d9340280
gpg: Add command --print-pka-records.
* g10/gpg.c (main): Add command --print-pka-records.
* g10/options.h (struct opt): Add field "print_pka_records".
* g10/keylist.c (list_keyblock_pka): New.
(list_keyblock): Call it if new option is set.
(print_fingerprint): Add mode 10.
--

This is a fist step towards a slightly updated PKA implementation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-24 19:31:59 +01:00
Werner Koch
93fa3d5c17
gpg: Add function to extract the mailbox.
* g10/misc.c (has_invalid_email_chars, is_valid_mailbox)
(is_valid_user_id): Move to ...
* g10/mailbox.c: new file.
(string_has_ctrl_or_space, has_dotdot_after_at): New.
(has_invalid_email_chars): New.

* g10/t-mailbox.c: New.
* g10/Makefile.am (module_tests): Add t-mailbox.
(t_mailbox_SOURCES, t_mailbox_LDADD): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-24 17:46:22 +01:00
Werner Koch
ae09515b9d
gpg: Add option to print fingerprints in ICAO spelling.
* g10/gpg.c: Add option --with-icao-spelling.
* g10/options.h (struct opt): Add with_icao_spelling.
* g10/keylist.c (print_icao_hexdigit): New.
(print_fingerprint): Print ICAO spelling.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-23 17:54:05 +01:00
Werner Koch
a8116aacd9
gpg: Skip legacy keys while searching keyrings.
* g10/getkey.c (search_modes_are_fingerprint): New.
(lookup): Skip over legacy keys.
--

GnuPG-bug-id: 1847
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-23 16:37:57 +01:00
Werner Koch
d2a70fd834
gpg: Replace remaining uses of stdio by estream.
* g10/sign.c (sign_file):  Use log_printf instead of stderr.
* g10/tdbdump.c (export_ownertrust): Use estream fucntions.
(import_ownertrust): Ditto.
* g10/tdbio.c (tdbio_dump_record): Ditto.  Change arg to estream_t.
--

Reported-by: Guilhem Moulin <guilhem@fripost.org>

  Needed for unattended key edits with --status-fd, because since 2.1
  status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd)
  not fflush(3), so the standard output may not be flushed before each
  prompt. (Which breaks scripts using select(2) to multiplex between
  the standard and status outputs.)

His patch only affected print_and_check_one_sig_colon() but there are
many more places where stdio and estream are mixed.  This patch now
replaces most of them in g10/.  At some places stdio is still used,
but that is local to a function and should not have side effects.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 17:22:27 +01:00
Werner Koch
76c8122adf
gpg: Fix segv due to NULL value stored as opaque MPI.
* g10/build-packet.c (gpg_mpi_write): Check for NULL return from
gcry_mpi_get_opaque.
(gpg_mpi_write_nohdr, do_key): Ditto.
* g10/keyid.c (hash_public_key): Ditto.
--

This fix extends commmit 0835d2f44e.

  gpg2 --export --no-default-keyring --keyring TESTDATA

With TESTDATA being below after unpacking.

-----BEGIN PGP ARMORED FILE-----

mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ
iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA
EJgTBJx/AP8ABPPzBJx/AP8ABPPz
=2yE0
-----END PGP ARMORED FILE-----

Reported-by: Jodie Cunningham
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-19 16:29:58 +01:00
Werner Koch
15fad6b1b9 doc: Change remaining http links to gnupg.org to https
--
GnuPG-bug-id: 1830
2015-02-11 12:10:39 +01:00
Werner Koch
2183683bd6 Use inline functions to convert buffer data to scalars.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a388 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-11 10:28:25 +01:00
Werner Koch
f0f71a721c gpg: Prevent an invalid memory read using a garbled keyring.
* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.
* g10/keydb.c (parse_keyblock_image): Ditto.
--

The keyring DB code did not reject packets which don't belong into a
keyring.  If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

Reported-by: Hanno Böck <hanno@hboeck.de>

Test data:

  gpg2 --no-default-keyring --keyring FILE --export >/dev/null

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----

mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86
sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt
DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAGs
CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx
kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS
l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF
eyTtxs+wAgAD
=uIt9
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-09 15:46:00 +01:00
Werner Koch
0835d2f44e gpg: Fix a NULL-deref in export due to invalid packet lengths.
* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
opaque MPI.
--

Reported-by: Hanno Böck <hanno@hboeck.de>

Test data:

     gpg2 --no-default-keyring --keyring FILE --export

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v2
Comment: Use "gpg --dearmor" for unpacking

mI0EGRkZGRkZGRkZGRkZGRkBGRkZGRkZGRkZGRkZGQAZGRkZGRkZGRkZGRkZGRkZ
GRkZInzgDbpa/9gQ4wq9////f3Vy81CkyVq3HQaqgZLZOeqPjM7XgGh5hJvAkpec
9wAAAgDHe0FVFbkppJZXP+gFs6z3gobS0qUFeyTtxs+wAgAD
=JDFT
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-09 10:54:06 +01:00
Werner Koch
3997848786 gpg: Fix a NULL-deref due to empty ring trust packets.
* g10/parse-packet.c (parse_trust): Always allocate a packet.
--

Reported-by: Hanno Böck <hanno@hboeck.de>
Signed-off-by: Werner Koch <wk@gnupg.org>

Test data:

 gpg2 --no-default-keyring --keyring FILE --export

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v2
Comment: Use "gpg --dearmor" for unpacking

mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86
sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt
DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAG0
CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx
kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS
l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF
eyTtxs+wAAAD
=puSt
-----END PGP ARMORED FILE-----
2015-02-09 10:31:31 +01:00
Werner Koch
05428d1256 w32: Add manifest to gpg.
* g10/gpg.w32-manifest.in: New.
* g10/gpg-w32info.rc: Add manifest.
* g10/Makefile.am (EXTRA_DIST): Add manifest.
(gpg-w32info.o): Depend on manifest.
* configure.ac (BUILD_VERSION): New.
(AC_CONFIG_FILES): Add manifest.
--

There are no dependencies yet defined - we need to do this for the
libs first.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-04 09:15:34 +01:00
Werner Koch
382ba4b137 gpg: Limit the size of key packets to a sensible value.
* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
(MAX_UID_PACKET_LENGTH): New.
(MAX_COMMENT_PACKET_LENGTH): New.
(MAX_ATTR_PACKET_LENGTH): New.
(parse_key): Limit the size of a key packet to 256k.
(parse_user_id): Use macro for the packet size limit.
(parse_attribute): Ditto.
(parse_comment): Ditto.
--

Without that it is possible to force gpg to allocate large amounts of
memory by using a bad encoded MPI.  This would be an too easy DoS.
Another way to mitigate would be to change the MPI read function to
allocate memory dynamically while reading the MPI.  However, that
complicates and possibly slows down the code.  A too large key packet
is in any case a sign for broken data and thus gpg should not use it.

Reported-by: Hanno Böck
GnuPG-bug-id: 1823
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 20:32:28 +01:00
Werner Koch
d8eea25b8b gpg: Fix buffering problem in --list-config.
* g10/gpg.c (list_config): Replace print_sanitized_string2 by
es_write_sanitized.

* common/stringhelp.c (print_sanitized_buffer2): Remove.
(print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
(print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
(print_sanitized_string): Remove.

* sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
(pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
--

Mixing stdio and estream is never a good idea.  This fix also allows
us to remove a lot of garbage.

Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
GnuPG-bug-id: 1822
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 20:12:21 +01:00
Werner Koch
0c2bfd9d5a Add a hook to be called right after main.
* common/init.c (early_system_init): New stub function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 19:57:22 +01:00
Werner Koch
b1d5ed6ac8 gpg: Allow predefined names as answer to the keygen.algo prompt.
* g10/keygen.c (ask_algo): Add list of strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 09:12:36 +01:00
Werner Koch
6eebc56687 gpg: Fix segv introduced to commit 4d7c9b0.
* g10/keygen.c (get_parameter_passphrase): Take care of R == NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-27 09:11:58 +01:00
Werner Koch
297b1a0d15 gpg,sm: Remove unnecessary duplicated checks
--

Reported-by: Günther Noack <gnoack@google.com>
2015-01-23 15:30:03 +01:00
Werner Koch
09e8f35d38 gpg: Improve skipping of PGP-2 keys.
* g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy
keys.
* g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY.
(prepare_search): Ditto.
(keyring_rebuild_cache): Skip legacy keys.
* g10/keyserver.c (keyidlist): Ditto.
* g10/trustdb.c (validate_key_list): Ditto.
--

This is not the most elegant way to handle it but it reduces the
chance for unwanted side effects.

GnuPG-bug-id: 1816
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 16:36:28 +01:00
Werner Koch
6f3d11d883 gpg: Add dedicated error code for PGP-2 keys.
* g10/parse-packet.c (parse_key): Return GPG_ERR_LEGACY_KEY for PGP2
keys.
* g10/import.c (read_block): Simplify by checking GPG_ERR_LEGACY_KEY.
* g10/getkey.c (lookup): Silence error message for PGP-2 keys.

* common/util.h (GPG_ERR_LEGACY_KEY): Add replacement for older
libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 14:39:31 +01:00
Werner Koch
11142e0ad7 gpg: Replace remaining old error code macros by GPG_ERR_.
* g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
gpg_strerror.
(G10ERR_): Remove all macros and change all occurrences by their
GPG_ERR_ counterparts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-22 12:06:11 +01:00
Werner Koch
a23c30fb59 gpg: Remove an unused variable.
* g10/getkey.c (getkey_ctx_s): Remove last_rc.
2015-01-22 09:45:57 +01:00
Werner Koch
4d7c9b0e9a gpg: Support --passphrase with --quick-gen-key.
* g10/keygen.c: Include shareddefs.h.
(quick_generate_keypair): Support static passphrase.
(get_parameter_passphrase): New.
(do_generate_keypair): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 12:45:22 +01:00
Werner Koch
aa99ebde77 gpg: Re-enable the "Passphrase" parameter for batch key generation.
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
Werner Koch
616e511f27 gpg: Remove unused args from a function.
* g10/keyserver.c (parse_keyserver_uri): Remove args configname and
configlineno.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:36 +01:00
Werner Koch
56e6888233 gpg: Clear a possible rest of the KDF secret buffer.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
--

That bug has been here since the beginning.  The entire function needs
a review or be be moved to Libgcrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-05 15:15:28 +01:00
Werner Koch
ce92129240 gpg: Show private DO information in the card status.
* g10/call-agent.c (agent_release_card_info): Free private_do.
(learn_status_cb): Parse PRIVATE-DO-n stati.
--

Reported-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>

Provided patch extended to release the memory.
2014-12-16 13:10:09 +01:00
Werner Koch
dd65e21cb4 gpg: Add sub-command "factory-reset" to --card-edit.
* common/util.h (GPG_ERR_OBJ_TERM_STATE): New.
* scd/iso7816.c (map_sw): Add this error code.
* scd/app-openpgp.c (do_getattr): Return the life cycle indicator.
* scd/app.c (select_application): Allow a return value of
GPG_ERR_OBJ_TERM_STATE.
* scd/scdaemon.c (set_debug): Print the DBG_READER value.
* g10/call-agent.c (start_agent): Print a status line for the
termination state.
(agent_scd_learn): Make arg "info" optional.
(agent_scd_apdu): New.
* g10/card-util.c (send_apdu): New.
(factory_reset): New.
(card_edit): Add command factory-reset.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 17:38:40 +01:00
Werner Koch
fc9a35d2de gpg: Fix regression in notation data regression.
* g10/misc.c (pct_expando): Reorder conditions for clarity.
* g10/sign.c (write_signature_packets): Fix notation data creation.
--

Also re-added the check for signature version > 3.

Reported-by: MFPA
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 09:50:19 +01:00
Werner Koch
b4e402cb5c gpg: Avoid extra LF in notaion data listing.
* g10/keylist.c (show_notation): Use log_printf.
2014-12-15 09:47:21 +01:00
Werner Koch
f3f9f9b284 gpg: Let --card--status create a shadow key (card key stub).
* agent/command.c (cmd_learn): Add option --sendinfo.
* agent/learncard.c (agent_handle_learn): Add arg "send" andsend
certifciate only if that is set.
* g10/call-agent.c (agent_scd_learn): Use --sendinfo.  Make INFO
optional.
(agent_learn): Remove.
* g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
--

The requirement of using --card-status on the first use of card on a
new box is a bit annoying but the alternative of always checking
whether a card is available before a decryption starts does not sound
promising either.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 12:47:28 +01:00
Werner Koch
193815030d gpg: Fix possible read of unallocated memory
* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--

The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.

This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done.  The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen.  Nevertheless such a bug needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 10:41:25 +01:00
Werner Koch
5bf93f4ea7 gpg: Obsolete some keyserver helper options.
* g10/options.h (opt): Remove keyserver_options.other.
* g10/gpg.c (main): Obsolete option --honor-http-proxt.
* g10/keyserver.c (add_canonical_option): Replace by ...
(warn_kshelper_option): New.
(parse_keyserver_uri): Obsolete "x-broken-http".
--

Some of these options are deprecated for 10 years and they do not make
any sense without the keyserver helpers.  For one we print a hint on
how to replace it:

  gpg: keyserver option 'ca-cert-file' is obsolete; \
  please use 'hkp-cacert' in dirmngr.conf

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-08 15:14:35 +01:00
Werner Koch
cdc404fe52 gpg: Add OpenPGP card vendor 0x1337.
--
2014-12-08 11:46:48 +01:00
Werner Koch
66ab8f807c gpg: Write a status line for a failed --send-keys.
* g10/keyserver.c (keyserver_put): Write an status error.
2014-12-08 11:15:25 +01:00
NIIBE Yutaka
8720125f5a scd: Fix for NIST P-256.
* g10/card-util.c (card_store_subkey): Error check.
* scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
(do_writekey): Error check.
2014-12-05 14:20:50 +09:00
Werner Koch
63e7891f0f gpg: Allow import of large keys.
* g10/import.c (import): Skip too large keys.
* kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
--

The key which triggered the problem was 0x57930DAB0B86B067.  With this
patch it can be imported.  Keys larger than the now increased limit of
5MB will are skipped and the already existing not_imported counter is
bumped up.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-04 10:53:10 +01:00
Werner Koch
2d37e0c800 indentation: Update g10/import.c
--
2014-12-04 10:45:53 +01:00
Werner Koch
17b4662984 gpg: Remove option aliases --[no-]throw-keyid and --notation-data.
* g10/gpg.c (opts): Remove them.
* g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
--

See mails starting
 http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
2014-12-03 11:28:10 +01:00
Werner Koch
f1c3eb4b16 gpg: Fix export bug using exact search with only one key in the keybox.
* g10/export.c (do_export_stream): Disable caching.
* g10/keyserver.c (keyidlist): Ditto.
--

GnuPG-bug-id: 1774
2014-12-01 11:54:51 +01:00
Werner Koch
e59b1cc747 gpg: Change another BUG() call to a regular error message.
* g10/mainproc.c (proc_tree): Replace BUG by a proper error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 12:20:42 +01:00
Werner Koch
7aee3579be Add option --no-autostart.
* g10/gpg.c: Add option --no-autostart.
* sm/gpgsm.c: Ditto.
* g10/options.h (opt): Add field autostart.
* sm/gpgsm.h (opt): Ditto.
* g10/call-agent.c (start_agent): Print note if agent was not
autostarted.
* sm/call-agent.c (start_agent): Ditto.
* g10/call-dirmngr.c (create_context): Likewise.
* sm/call-dirmngr.c (start_dirmngr_ext): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
Werner Koch
1c2140346d gpg: Change a bug() call to a regular error message.
* g10/decrypt-data.c (decrypt_data): Return an error code instead of
calling BUG().
--

This code path can be triggered by fuzzing gpg and thus with some
likeness also by corrupt messages for other reasons.
2014-11-26 10:21:01 +01:00
Werner Koch
596ae9f543 gpg: Fix use of uninit.value in listing sig subpkts.
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 18:05:45 +01:00
Werner Koch
0988764397 gpg: Fix off-by-one read in the attribute subpacket parser.
* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 17:28:25 +01:00
Werner Koch
b716e6a699 gpg: Fix batch generation of ECC keys.
* g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
directly.
--

Interactive generation of the keys uses the OpenPGP algorithms numbers
but batch generation allows the use of strings.

Reported-by: Gaetan Bisson.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 11:56:49 +01:00
Daniel Kahn Gillmor
a3cf781e3b gpg: Refer to --throw-keyids instead of --throw-keyid
* g10/encrypt.c: adjust error message

--
The full option name is --throw-keyids, so we should refer to it
consistently.
2014-11-24 09:45:53 +01:00
Werner Koch
44c9cc1896 gpg: Track number of skipped v3 keys on import.
* g10/import.c (stats_s): Add field v3keys.
(import): Update this field.
(import_print_stats): Print v3 key count.
(read_block): Skip v3 keys and return a count for them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-21 16:15:42 +01:00
Werner Koch
94a5442514 gpg: Fix regression in parse_key.
* g10/parse-packet.c (parse): Better return just the gpg_err_code.
(parse_key): Return the error code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-21 16:13:41 +01:00
Werner Koch
f80c2dd78d gpg: Fix hash detection for ECDSA.
* g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
--

This error was introduced with
commit b7f8dec632
while separating EdDSA from ECDSA.

Found due to a related bug report from Brian Minton.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-20 20:09:17 +01:00
Werner Koch
592faa7dc4 Comment typo fixes.
--
2014-11-19 10:47:57 +01:00
Werner Koch
0e7dd40342 Add "gpgconf --kill dirmngr" and avoid useless launch before a kill.
* common/asshelp.c (start_new_gpg_agent): Add arg autostart.  Change
all callers to use 1 for it.
(start_new_dirmngr): Ditto.
* tools/gpg-connect-agent.c: Add option --no-autostart.
(main): Default autostart to 1.
(start_agent): Implement no-autostart.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Use --no-autostart.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-19 10:47:56 +01:00
Werner Koch
32e85668b8 gpg: Fix a NULL-deref for invalid input data.
* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-17 13:08:23 +01:00
Werner Koch
69384568f6 gpg: Make the use of "--verify FILE" for detached sigs harder.
* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 17:39:31 +01:00
Werner Koch
22748338da gpg: Fix a missing LF in debug output.
* g10/kbnode.c (dump_kbnode): Print a LF.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 17:01:17 +01:00
Werner Koch
63c6514415 gpg: Re-indent two files.
--
2014-11-13 15:21:10 +01:00
Werner Koch
e30cb8f617 gpg: Remove PGP-2 related cruft.
* g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash
header.
(fake_packet): Remove pgp-2 workaround for white space stripping.
* g10/filter.h (armor_filter_context_t): Remove field pgp2mode.
* g10/options.h (opt): Remove field pgp2_workarounds.
* g10/gpg.c (main): Do not set this field.
* g10/gpgv.c (main): Ditto.
* g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash
  algo.  Using MD5 here is useless.
(proc_plaintext): Remove PGP-2 related woraround
(proc_tree): Remove another workaround but keep the one for PGP-5.
--

The removed code was either not anymore used or its use would have
caused an error message later anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 12:01:42 +01:00
Werner Koch
81e177be10 gpg: Improve perceived speed of secret key listings.
* g10/keylist.c (list_keyblock): Flush stdout for secret keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-12 12:41:20 +01:00
Werner Koch
eecbed004c gpg: Fix regression in --refresh-keys
* g10/keyserver.c (keyserver_get): Factor all code out to ...
(keyserver_get_chunk): new.  Extimate line length.
(keyserver_get): Split up requests into chunks.
--

Note that refreshing all keys still requires way to much memory
because we build an in-memory list of all keys first.  It is required
to first get a list of all keys to avoid conflicts while updating the
key store in the process of receiving keys.  A better strategy would
be a background process and tracking the last update in the key store.

GnuPG-bug-id: 1755
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-12 12:14:32 +01:00
Werner Koch
ffc2307843 gpg: Add import options "keep-ownertrust".
* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
* g10/import.c (parse_import_options): Add "keep-ownertrust".
(import_one): Act upon new option.
--

This option is in particular useful to convert from a pubring.gpg to
the new pubring.kbx in GnuPG 2.1 or vice versa:

gpg1 --export | gpg2 --import-options keep-ownertrust --import
2014-11-12 09:56:40 +01:00
Werner Koch
b8cdfac353 Remove use of gnulib (part 2)
* configure.ac (strpbrk): Add to AC_CHECK_FUNCS.
(gl_EARLY): Remove.
* common/stringhelp.c (strpbrk) [!HAVE_STRPBRK]: New.
* common/sysutils.c (gnupg_mkdtemp): New.  Based on code from
glibc-2.6.
(gnupg_setenv): Rewrite.
(gnupg_unsetenv): Rewrite.
* g10/exec.c: Include sysutils.h and replace mkdtemp by gnupg_mkdtemp.
* g13/be-encfs.c: Ditto.
* g13/mount.c: Ditto.
* tools/symcryptrun.c (confucius_mktmpdir): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-11 15:14:31 +01:00
Werner Koch
1adf719b2d Remove use of gnulib (part 1)
* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.

* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"

* common/t-timestuff.c: Use putenv if setenv is not available.
--

gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X.  This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.

In part two we will address the functions

 mkdtemp
 setenv
 unsetenv
 strpbrk

which may bot be implemented on all platforms.  They are not required
on a libc based system.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-11 10:13:10 +01:00
Werner Koch
91b826a388 Avoid sign extension when shifting the MSB.
* sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before
shifting.
* g10/build-packet.c (delete_sig_subpkt): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-05 08:23:15 +01:00
Werner Koch
b3ebecfc7c Add open card manufacturer 0x0008.
--
2014-11-04 16:32:30 +01:00
Werner Koch
cf41763cdf Change a couple of files to use abbreviated copyright notes.
--

Also fixed some of my own copyright notices due to the termination of
my assignment.  The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
2014-11-04 16:28:03 +01:00
Werner Koch
587a0956b9 gpg: Print use --full-gen-key note using the installed name of gpg.
--
2014-11-04 10:53:12 +01:00
Werner Koch
f8c993fbe2 gpg: Avoid extra pinentries for each subkey in --export-secret-keys.
* agent/command.c (cmd_export_key): Actually implement the cache_nonce
feature.
* g10/export.c (do_export_stream): Make use of a cache_nonce.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 17:51:30 +01:00
Werner Koch
d95f05c314 gpg: Fix endless loop in keylisting with fingerprint.
* g10/getkey.c (getkey_next): Disable cache.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 16:36:40 +01:00
Werner Koch
440e8f5170 gpg: Minor cleanup for key listing related code.
* g10/getkey.c (get_pubkey_next): Divert to getkey_next.
(get_pubkey_end): Move code to getkey_end.
* g10/keydb.c (keydb_search_reset): Add a debug statement.
(dump_search_desc): Add arg HD and print the handle.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 16:31:30 +01:00
Werner Koch
a929f36693 gpg: Do not show an useless passphrase prompt in batch mode.
* g10/keygen.c: Remove unused PASSPHRASE related code.
(proc_parameter_file): Remove useless asking for a passphrase in batch
mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 15:43:52 +01:00
Werner Koch
f4df71aa2d gpg: Remove superfluous check for Libgcrypt >= 1.4.0.
* g10/gpg.c (main): Remove check.
--

We require 1.6.0 anyway.
2014-10-31 14:47:02 +01:00
Werner Koch
f74ca872df Add more signing keys.
--
The keys which may be used to sign GnuPG packages are:

  rsa2048/4F25E3B6 2011-01-12 [expires: 2019-12-31]
  D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
  Werner Koch (dist sig)

  rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
  46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
  David Shaw (GnuPG Release Signing Key) <dshaw@jabberwocky.com>

  rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
  031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
  NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org>

  rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
  D238 EA65 D64C 67ED 4C30  73F2 8A86 1B1C 7EFD 60D9
  Werner Koch (Release Signing Key)

These keys are all created and used on tokens.  7EFD60D9 is currently
not used but ready to replace 4F25E3B6 in case the former token break.
2014-10-31 14:21:34 +01:00
Werner Koch
935edf88ab kbx: Let keydb_search skip unwanted blobs.
* kbx/keybox.h (keybox_blobtype_t): New.
* kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
* kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
non-matching blobs.
* sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
* g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
--

Without this fix a listing of all keys would fail because the wrong
blob type would be returned for the gpg or gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 12:15:34 +01:00
Werner Koch
28ae8ad70b gpg: Fix --rebuild-keydb-caches.
* g10/parse-packet.c (parse_key): Store even unsupported packet
versions.
* g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
versions less than 4.
--

That function, which is implicitly called while checking the keydb, led
to corruption of v3 key packets in the keyring which would later spit
out "packet(6)too short" messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 10:31:11 +01:00
Werner Koch
433208a553 gpg: Fix testing for secret key availability.
* g10/getkey.c (have_secret_key_with_kid): Do not change the search
mode.
--

The search mode was accidentally changed to search-next after finding
the first keyblock.  The intention was to look for a duplicate keyid
in the keydb which works by not doing a keydb_search_reset.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 09:22:47 +01:00
Werner Koch
cb46e32628 gpg: Remove commented code.
--
2014-10-31 09:14:03 +01:00
Werner Koch
472a4a0d82 gpg: Silence "packet with obsolete versoin" warnings.
* g10/parse-packet.c (parse_key): Print warning only in very verbose
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:17:23 +02:00
Werner Koch
1b8decc476 gpg: Make card key generation work again.
* g10/call-agent.c (agent_scd_learn): Rename from agent_learn.
(agent_learn): New.
* g10/keygen.c (gen_card_key): Call new agent-learn.
--

Without a shadow key we can't create the self-signatures.  Thus we
need to issue the learn command after each key generation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00
Werner Koch
8fd150b05b gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 13:32:16 +02:00
Werner Koch
fab89f159b gpg: Remove extra RSA import status line.
* g10/import.c (stats_s): Remove field "imported_rsa".
(import_print_stats): Do not print separate value for RSA.
(import_one): Remove the RSA counter.
--

RSA is the standard key format and thus there is no more need to have
a separate counter.  This is a remain from the RSA patent times.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 15:08:58 +02:00
Werner Koch
21c0ea6baf gpg: Fix informative printing of user ids.
* g10/getkey.c (keyid_list): Add field "fpr".
(cache_user_id): Store fpr and check for dups only by fpr.
(get_pubkey_byfpr): New.
(get_user_id_string): Make static and use xasprintf.
(get_long_user_id_string): Use xasprintf.
(get_user_id_byfpr): New.
(get_user_id_byfpr_native): New.
* g10/keyid.c (fingerprint_from_pk): Make arg RET_LEN optional.
* g10/import.c (import_one): Use get_user_id_byfpr_native.
--

We now cache the userids using the fingerprint.  This allows to print
the correct user id for keys with a duplicated key id.  We should
eventually start to retire the use of all the old keyid based
functions.  However, at some places we only have the keyid and thus
some of them will need to be kept (maybe changed with an indication to
show that more than several user ids are matching).

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 14:54:26 +02:00
Werner Koch
c60814a5ce gpg: Allow importing keys with duplicated long key ids.
* g10/keydb.c (keydb_handle): Add field no_caching.
(keyblock_cache): Repalce field kid by fpr.
(keydb_disable_caching): New.
(keydb_search): Use the fingerprint as cache index.

* g10/import.c (import_one): Use the fingerprint and not the kid to
lookup the key.  Call keydb_disable_caching beofre re-searching for
update.

* tests/openpgp/import.test: Add a test case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 14:01:29 +02:00
Werner Koch
2d68dc437e gpg: Minor change for better readability.
* g10/build-packet.c (write_version): Remove.
(do_pubkey_enc, do_onepass_sig): Write version directly.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-12 19:16:13 +02:00
Werner Koch
54ffe2045a Use a unique capitalization for "Note:".
--
2014-10-10 15:29:42 +02:00
Daniel Kahn Gillmor
6cabb7a2a1 gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.

--

This is a cherry-pick of 534e2876ac from
STABLE-BRANCH-1-4 against master

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424

Minor edits by wk.

GnuPG-bug-id: 1732
2014-10-10 13:40:38 +02:00
Werner Koch
2ca90f78ce gpg: Skip overlong keys and a print a warning.
* kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too
long blobs.
* sm/keydb.c (keydb_search): Call keybox_search with a dummy param.
* g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs.
(keydb_search_reset): Reset that field.
(keydb_search): Update that field.
(keydb_get_skipped_counter): New.
* g10/keylist.c (list_all): Print count of skipped keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 21:01:49 +02:00
Werner Koch
60e21d8b85 gpg: Sync keylist output and warning messages.
* g10/keylist.c (list_all): Flush stdout before logging.
* g10/misc.c (print_pubkey_algo_note): Ditto.
(print_cipher_algo_note): Ditto.
(print_digest_algo_note): Ditto.
(print_md5_rejected_note): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 20:57:02 +02:00
Werner Koch
ec332d58ef gpg: Take care to use pubring.kbx if it has ever been used.
* kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
* kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
flag.
* kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
and set header flag.
* kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
and add arg for_openpgp.
(keybox_new_openpgp, keybox_new_x509): New.  Use them instead of the
former keybox_new.
* kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
openpgp header flags.

* g10/keydb.c (rt_from_file): New.  Factored out and extended from
keydb_add_resource.
(keydb_add_resource): Switch to the kbx file if it has the openpgp
flag set.

* kbx/keybox-dump.c (dump_header_blob): Print header flags.
--

The problem was reported by dkg on gnupg-devel (2014-10-07):

  I just discovered a new problem, though, which will affect people on
  systems that have gpg and gpg2 coinstalled:

   0) create a new keyring with gpg2, and use it exclusively with gpg2
  for a while.
   1) somehow (accidentally?) use gpg (1.4.x) again -- this creates
  ~/.gnupg/pubring.gpg
   2) future runs of gpg2 now only look at pubring.gpg and ignore
  pubring.kbx -- the keys you had accumulated in the keybox are no
  longer listed in the output of gpg2 --list-keys

Note that gpgsm has always used pubring.kbx and thus this file might
already be there but without gpg ever inserted a key.  The new flag in
the KBX header gives us an indication whether a KBX file has ever been
written by gpg >= 2.1.  If that is the case we will use it instead of
the default pubring.gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 19:10:32 +02:00