1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

4792 Commits

Author SHA1 Message Date
Werner Koch
fc9a35d2de gpg: Fix regression in notation data regression.
* g10/misc.c (pct_expando): Reorder conditions for clarity.
* g10/sign.c (write_signature_packets): Fix notation data creation.
--

Also re-added the check for signature version > 3.

Reported-by: MFPA
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-15 09:50:19 +01:00
Werner Koch
b4e402cb5c gpg: Avoid extra LF in notaion data listing.
* g10/keylist.c (show_notation): Use log_printf.
2014-12-15 09:47:21 +01:00
Werner Koch
38b583ab3c doc: Typo fixes.
--
2014-12-14 12:15:21 +01:00
Werner Koch
68b4e7c9e4 scd: Fix possibly inhibited checkpin of the admin pin.
* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 20:11:36 +01:00
Werner Koch
f3f9f9b284 gpg: Let --card--status create a shadow key (card key stub).
* agent/command.c (cmd_learn): Add option --sendinfo.
* agent/learncard.c (agent_handle_learn): Add arg "send" andsend
certifciate only if that is set.
* g10/call-agent.c (agent_scd_learn): Use --sendinfo.  Make INFO
optional.
(agent_learn): Remove.
* g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
--

The requirement of using --card-status on the first use of card on a
new box is a bit annoying but the alternative of always checking
whether a card is available before a decryption starts does not sound
promising either.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 12:47:28 +01:00
Werner Koch
193815030d gpg: Fix possible read of unallocated memory
* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--

The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.

This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done.  The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen.  Nevertheless such a bug needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-12 10:41:25 +01:00
Werner Koch
1d8ebe4d54 build: Replace deprecated autconf macro.
* m4/intl.m4: s/AM_PROG_MKDIR_P/AC_PROG_MKDIR_P/
* m4/po.m4: Ditto.
--

In preparation of moving to automake 1.14.

GnuPG-bug-id: 1776
2014-12-11 15:15:43 +01:00
Werner Koch
e8c0ed7795 dirmngr: Improve dead host detection.
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead
also for 2 other error messages.
2014-12-08 17:13:11 +01:00
Werner Koch
6d5f128341 http: Improve diagnostic messages.
* common/http.c (send_request): Print TLS alert info
(connect_server): Detect bogus DNS entry.
--

1. Prints the TLS alert description.

2. Detect case where the DNS returns an IP address but the server is
   not reachable at this address.  This may happen for a server which
   is reachable only at IPv6 but but the local machine has no full
   IPv6 configuration.
2014-12-08 17:12:23 +01:00
Werner Koch
5bf93f4ea7 gpg: Obsolete some keyserver helper options.
* g10/options.h (opt): Remove keyserver_options.other.
* g10/gpg.c (main): Obsolete option --honor-http-proxt.
* g10/keyserver.c (add_canonical_option): Replace by ...
(warn_kshelper_option): New.
(parse_keyserver_uri): Obsolete "x-broken-http".
--

Some of these options are deprecated for 10 years and they do not make
any sense without the keyserver helpers.  For one we print a hint on
how to replace it:

  gpg: keyserver option 'ca-cert-file' is obsolete; \
  please use 'hkp-cacert' in dirmngr.conf

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-08 15:14:35 +01:00
Werner Koch
cdc404fe52 gpg: Add OpenPGP card vendor 0x1337.
--
2014-12-08 11:46:48 +01:00
Werner Koch
b72ece6d74 dirmngr: Return a proper error for all dead hosts.
* dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
Return an error code for all dead hosts.
(make_host_part): Change to return an gpg_error_t.  Change all
callers.
--

The functions used to return an error code via ERRNO.  However, this
does not allow to return extra error codes in a portable way.  Thus we
change the function to directly return a gpg_error_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-08 11:15:26 +01:00
Werner Koch
66ab8f807c gpg: Write a status line for a failed --send-keys.
* g10/keyserver.c (keyserver_put): Write an status error.
2014-12-08 11:15:25 +01:00
NIIBE Yutaka
c50c11d575 scd: Fix for EdDSA.
* scd/app-openpgp.c (get_algo_byte): It catches 22.
(store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.
2014-12-08 10:21:55 +09:00
Andre Heinecke
f4ed04fca8 Document no-allow-mark-trusted option
doc: Document no-allow-mark-trusted for gpg-agent

    * doc/gpg-agent.texi: Change allow-mark-trusted doc to
    no-allow-mark-trusted.

    --
    Since rev. 78a56b14 allow-mark-trusted is the default option
    and was replaced by no-allow-mark-trusted to disable the
    interactive prompt.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2014-12-05 15:26:37 +01:00
NIIBE Yutaka
8720125f5a scd: Fix for NIST P-256.
* g10/card-util.c (card_store_subkey): Error check.
* scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
(do_writekey): Error check.
2014-12-05 14:20:50 +09:00
Werner Koch
63e7891f0f gpg: Allow import of large keys.
* g10/import.c (import): Skip too large keys.
* kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
--

The key which triggered the problem was 0x57930DAB0B86B067.  With this
patch it can be imported.  Keys larger than the now increased limit of
5MB will are skipped and the already existing not_imported counter is
bumped up.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-04 10:53:10 +01:00
Werner Koch
2d37e0c800 indentation: Update g10/import.c
--
2014-12-04 10:45:53 +01:00
Werner Koch
17b4662984 gpg: Remove option aliases --[no-]throw-keyid and --notation-data.
* g10/gpg.c (opts): Remove them.
* g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
--

See mails starting
 http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
2014-12-03 11:28:10 +01:00
Werner Koch
fabcf1440a agent: Replace some sprintf.
* agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex.
* agent/command-ssh.c (ssh_identity_register): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by
put_membuf_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-02 14:13:53 +01:00
Werner Koch
0367a4b8cf tools: Improve watchgnupg portability.
* configure.ac (AC_CHECK_HEADERS): Check for sys.select.h
* tools/watchgnupg.c: Include it.
--

It seems http://www.musl-libc.org/ is quite limited and requires
the use sys/select.h instead of unistd.h et al.
2014-12-01 15:55:28 +01:00
Werner Koch
f1c3eb4b16 gpg: Fix export bug using exact search with only one key in the keybox.
* g10/export.c (do_export_stream): Disable caching.
* g10/keyserver.c (keyidlist): Ditto.
--

GnuPG-bug-id: 1774
2014-12-01 11:54:51 +01:00
Werner Koch
2f90b7c21b scd: Implement socket redirection.
* scd/scdaemon.c (ENAMETOOLONG): New.
(redir_socket_name): New.
(cleanup): Take care of a redirected socket.
(main): Pass redir_socket_name to create_server_socket.
(create_socket_name): Remove superfluous length check.
(create_server_socket): Add arg r_redir_name and implement
redirection.  Replace assert for older Assuan by an error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-01 10:45:06 +01:00
Werner Koch
eede0e59bf dirmngr: Implement socket redirection.
* dirmngr/dirmngr.c (ENAMETOOLONG): new.
(redir_socket_name): New.
(main): Add Assuan socket redirection.
(cleanup): Adjust cleanup for redirection.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-01 09:50:55 +01:00
Werner Koch
cdd451d5c2 agent: Fix compile problem for old Libassuan.
--
2014-12-01 09:49:16 +01:00
Werner Koch
e1f515b19c agent: Implement socket redirection.
* agent/gpg-agent.c (ENAMETOOLONG): New.
(redir_socket_name, redir_socket_name_extra)
(redir_socket_name_ssh): New.
(remove_socket): Take care of the redir names.
(main): Pass the redir names to create_server_socket.
(create_socket_name): Remove length check - that is anyway done later.
(create_server_socket): Add arg r_redir_name and implement redirection
if Libassuan is at least 2.14.
2014-11-28 21:34:35 +01:00
Werner Koch
e59b1cc747 gpg: Change another BUG() call to a regular error message.
* g10/mainproc.c (proc_tree): Replace BUG by a proper error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 12:20:42 +01:00
Werner Koch
7aee3579be Add option --no-autostart.
* g10/gpg.c: Add option --no-autostart.
* sm/gpgsm.c: Ditto.
* g10/options.h (opt): Add field autostart.
* sm/gpgsm.h (opt): Ditto.
* g10/call-agent.c (start_agent): Print note if agent was not
autostarted.
* sm/call-agent.c (start_agent): Ditto.
* g10/call-dirmngr.c (create_context): Likewise.
* sm/call-dirmngr.c (start_dirmngr_ext): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
Мирослав Николић
f173cdcdfb gpg-agent: Add restricted connection feature.
* agent/agent.h (opt): Add field extra_socket.
(server_control_s): Add field restricted.
* agent/command.c: Check restricted flag on many commands.
* agent/gpg-agent.c (oExtraSocket): New.
(opts): Add option --extra-socket.
(socket_name_extra): New.
(cleanup): Cleanup that socket name.
(main): Implement oExtraSocket.
(create_socket_name): Add arg homedir and change all callers.
(create_server_socket): Rename arg is_ssh to primary and change
callers.
(start_connection_thread): Take ctrl as arg.
(start_connection_thread_std): New.
(start_connection_thread_extra): New.
(handle_connections): Add arg listen_fd_extra and replace the
connection starting code by parameterized loop.
* common/asshelp.c (start_new_gpg_agent): Detect the use of the
restricted mode and don't fail on sending the pinentry environment.

* common/util.h (GPG_ERR_FORBIDDEN): New.
2014-11-27 20:41:37 +01:00
Мирослав Николић
ccee34736b agent: Make auditing of the option list easier.
* agent/gpg-agent.c (opts): Use ARGPARSE_ macros.
2014-11-27 17:31:02 +01:00
Kristian Fiskerstrand
68a7ccc0c8 dirmngr: Only report hkps scheme when available
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros.

--
Only report support for the hkps scheme when GnuPG / dirmngr
has been built with a TLS library.

This helps debuging and enable the user to detect whether support
for hkps is included by doing a
`gpg-connect-agent --dirmngr 'keyserver --help' /bye`.
Currently hkps will be listed as a supported scheme but trying to
add a keyserver using it will silently fail.

As a digression, https is never listed as a valid scheme.
2014-11-26 10:25:20 +01:00
Werner Koch
1c2140346d gpg: Change a bug() call to a regular error message.
* g10/decrypt-data.c (decrypt_data): Return an error code instead of
calling BUG().
--

This code path can be triggered by fuzzing gpg and thus with some
likeness also by corrupt messages for other reasons.
2014-11-26 10:21:01 +01:00
Werner Koch
8445ef24fc Fix buffer overflow in openpgp_oid_to_str.
* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.

* common/t-openpgp-oid.c (BADOID): New.
(test_openpgp_oid_to_str): Add test cases.
--

The code has an obvious error by not considering invalid encoding for
arc-2.  A first byte of 0x80 can be used to make a value of less then
80 and we then subtract 80 from that value as required by the OID
encoding rules.  Due to the unsigned integer this results in a pretty
long value which won't fit anymore into the allocated buffer.

The fix is obvious.  Also added a few simple test cases.  Note that we
keep on using sprintf instead of snprintf because managing the
remaining length of the buffer would probably be more error prone than
assuring that the buffer is large enough.  Getting rid of sprintf
altogether by using direct conversion along with membuf_t like code
might be possible.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>

Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7
2014-11-25 11:58:56 +01:00
Werner Koch
28dafd4714 build: Require libgpg-error 1.16.
--

1.15 has a bug which will lead to a segv when sending keys.  Better
updated the requirements to avoid bug reports.
2014-11-24 20:12:38 +01:00
Werner Koch
596ae9f543 gpg: Fix use of uninit.value in listing sig subpkts.
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 18:05:45 +01:00
Werner Koch
0988764397 gpg: Fix off-by-one read in the attribute subpacket parser.
* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 17:28:25 +01:00
Werner Koch
b716e6a699 gpg: Fix batch generation of ECC keys.
* g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
directly.
--

Interactive generation of the keys uses the OpenPGP algorithms numbers
but batch generation allows the use of strings.

Reported-by: Gaetan Bisson.
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-24 11:56:49 +01:00
Werner Koch
0082766aac doc: Update dirmngr.texi
--
2014-11-24 11:23:22 +01:00
Daniel Kahn Gillmor
eed16ccebf Distinguish between ARGPARSE_AMBIGUOUS_{OPTION,COMMAND}
* common/argparse.c (initialize): Use correct value.
--
This avoids a dead path in the argparse code.

It's not clear that this is needed, however, since
ARGPARSE_AMBIGUOUS_COMMAND is never actually used in the code.
Another approach would be to trim out ARGPARSE_AMBIGUOUS_COMMAND
entirely.
2014-11-24 09:48:59 +01:00
Daniel Kahn Gillmor
a3cf781e3b gpg: Refer to --throw-keyids instead of --throw-keyid
* g10/encrypt.c: adjust error message

--
The full option name is --throw-keyids, so we should refer to it
consistently.
2014-11-24 09:45:53 +01:00
Werner Koch
e5697fefbe speedo: Distribute installer graphics.
--
2014-11-24 09:44:48 +01:00
Werner Koch
0bfabe579d Update NEWS
--
2014-11-21 21:38:00 +01:00
Werner Koch
44c9cc1896 gpg: Track number of skipped v3 keys on import.
* g10/import.c (stats_s): Add field v3keys.
(import): Update this field.
(import_print_stats): Print v3 key count.
(read_block): Skip v3 keys and return a count for them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-21 16:15:42 +01:00
Werner Koch
94a5442514 gpg: Fix regression in parse_key.
* g10/parse-packet.c (parse): Better return just the gpg_err_code.
(parse_key): Return the error code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-21 16:13:41 +01:00
Werner Koch
9a85b91e92 speedo: Add simple logos to the installer.
* build-aux/speedo/w32/README.txt: Include GnuPG Readme.
* build-aux/speedo/w32/gnupg-logo-150x57.bmp: New.
* build-aux/speedo/w32/gnupg-logo-164x314.bmp: New.
* build-aux/speedo/w32/inst.nsi: Add logos.
* build-aux/speedo.mk ($(bdir)/NEWS.tmp): Extract news items.
--

The welcome page logo is basically a placeholder until someone has
created a pretty one.
2014-11-21 12:58:50 +01:00
Werner Koch
8f8e94322d speedo: Add libadns to the Windows installer.
--
2014-11-20 21:12:50 +01:00
Werner Koch
f80c2dd78d gpg: Fix hash detection for ECDSA.
* g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
--

This error was introduced with
commit b7f8dec6325f1c80640f878ed3080bbc194fbc78
while separating EdDSA from ECDSA.

Found due to a related bug report from Brian Minton.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-20 20:09:17 +01:00
Werner Koch
cd2c6f36fe Fix linker problem on OS X.
* common/init.c (default_errsource): Move to the .data segmemt.
--

See mails starting at
 http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029089.html
2014-11-20 12:17:50 +01:00
Werner Koch
164a6a9dd4 gpg-connect-agent: Add convenience option --uiserver. 2014-11-19 11:26:50 +01:00
Werner Koch
9a3ca58761 po: Update German translation.
--
2014-11-19 10:47:57 +01:00