1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

1917 Commits

Author SHA1 Message Date
Justus Winter
c1c35fb887 g10,sm: Spell out --passwd.
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.
* doc/gpgsm.texi: Likewise.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:49:47 +01:00
Justus Winter
ec1bd3ae68 g10: Spell out --gen-revoke.
* g10/gpg.c (opts): Spell out option.
* doc/gpg.texi: Update accordingly.
* po: Update translations.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:43:22 +01:00
Justus Winter
09163a6390 g10: Spell out --full-gen-key.
* g10/gpg.c (opts): Spell out option.
(main): Likewise.
* g10/keygen.c (generate_keypair): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:55 +01:00
Justus Winter
892c827e72 g10,sm: Spell out --gen-key.
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:55 +01:00
Justus Winter
9147737f1c g10,sm: Spell out --check-sigs.
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:55 +01:00
Justus Winter
a6d6e4afe4 g10,sm: Spell out --list-sigs.
* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:54 +01:00
Justus Winter
04754ce3a7 g10: Hyphenate --clearsign.
* g10/gpg.c (opts): Hyphenate option.
* doc/gpg.texi: Update accordingly.
* po: Update translations.
* tests/openpgp: Update tests.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:54 +01:00
Justus Winter
ca59815234 g10: Spell out --recv-keys.
* g10/gpg.c (opts): Spell out option.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 17:30:54 +01:00
Justus Winter
dd3dde07a9 g10: Create expiring keys in quick key generation mode.
* doc/gpg.texi: Document that fact.
* g10/keygen.c (quick_generate_keypair): Use a default value.
* tests/openpgp/quick-key-manipulation.scm: Test that fact.

GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-13 16:35:08 +01:00
Werner Koch
98433c7043
gpg: Fix memory leak in ecc key generation.
* g10/keygen.c (ecckey_from_sexp): Release curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 14:02:14 +01:00
Werner Koch
f1304ee9b2
gpg: Do not use a fixed string for --gpgconf-list:default_pubkey_algo.
* g10/keygen.c (get_default_pubkey_algo): New.
(parse_key_parameter_string): Use it.
* g10/gpg.c (gpgconf_list): Take value from new function.
--

Note that consumers of that gpgconf-list value may need to be adjusted
to that new value.  It should anyway only be used to display the
default algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 10:50:42 +01:00
Werner Koch
522e6f798d
gpg: Fix algo string parsing of --quick-addkey.
* g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
(parse_key_parameter_part): Use default key size if only "rsa", "dsa",
or "elg" is given.
--

The first change is the actual fix.  The second change avoids the
error "Invalid Curve" when only "rsa" instead of RSA2048 is given.

Fixes-commit: ce29272e24
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-12 10:13:06 +01:00
Justus Winter
d568a15616 g10: Create keys that expire in simple key generation mode.
* g10/keygen.c (default_expiration_interval): New variable.
(generate_keypair): Use the new default.
--
Cursory discussion on gnupg-devel@ suggested two years as a good
default expiration interval.

GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 14:38:31 +01:00
Justus Winter
c8100fc0fa g10: List compression algorithms using human-readable names.
* g10/gpg.c (list_config): List all enabled compression algorithms
under the key 'compressname'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 13:13:45 +01:00
Justus Winter
3de9bad359 g10: Fix memory leak.
* g10/sign.c (do_sign): Release old signature data.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-09 13:13:45 +01:00
Werner Koch
cb4c7abb77
Fix 2 compiler warnings.
* dirmngr/loadswdb.c: Set ERR on malloc failure.
* g10/passphrase.c (passphrase_to_dek): Initialize all fields of
HELP_S2K.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 19:02:56 +01:00
Werner Koch
a75790b740
gpg: Fix the fix out-of-bounds access.
* g10/tofu.c (build_conflict_set): Revert to int* and fix calloc.
--

The original code used an int array and thus better keep that and do
not limit it to 128 entries.

Fixes-commit: c3008bffac
Fixes-commit: 3b5b94ceab
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 17:03:26 +01:00
Justus Winter
3b5b94ceab g10: Fix out-of-bounds access.
* g10/tofu.c (build_conflict_set): Use 'char'.

Fixes-commit: c3008bffac
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-08 14:19:09 +01:00
Werner Koch
c3008bffac
gpg: Fix portability problem.
* g10/tofu.c (build_conflict_set): Replace variable dynamic array.
--

Note that clang complained that CONFLICT_SET_COUNT could be negative.
Thus I added an assert.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 13:08:02 +01:00
Neal H. Walfield
6102099985 g10: Avoid a memory leak.
* g10/gpg.c (main): Free KB when we're done with it.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-06 12:16:59 +01:00
Neal H. Walfield
bd9ebe1404 g10: Remove dead code.
* g10/tofu.c (tofu_set_policy_by_keyid): Remove function.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-06 12:16:56 +01:00
Werner Koch
41b3d0975d
gpg: New option --quick-set-expire.
* g10/gpg.c (aQuickSetExpire): New.
(opts): New option --quick-set-expire.
(main): Implement option.
* g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and
NEWEXPIRATION.  Change semantics of the return value.  Change caller.
(keyedit_quick_set_expire): New.
--

This patch partly solves
GnuPG-bug-id: 2701
2016-12-05 11:00:11 +01:00
Werner Koch
ef10c348bf
gpg: Fix error code arg in ERRSIG status line.
* g10/mainproc.c (check_sig_and_print): Use gpg_err_code to return an
error code in ERRSIG.
--

Debian-bug-id: 846834
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-03 21:36:14 +01:00
Werner Koch
ce29272e24
gpg: New option --default-new-key-algo.
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

This new option is intended to be used in the forthcoming
--set-profile command of gpgconf.  It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:47:40 +01:00
Neal H. Walfield
cd532bb7b8 g10: Improve debugging output.
* g10/tofu.c (string_to_long): Improve debugging output.
(string_to_ulong): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-02 11:07:04 +01:00
Neal H. Walfield
bd1a1d8582 g10: In the TOFU module, make strings easier to translate.
* g10/tofu.c: Remove dead code.
(time_ago_str): Simplify implementation since we only want the most
significant unit.
(format_conflict_msg_part1): Use ngettext.
(ask_about_binding): Likewise and only emit full sentences.
(show_statistics): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-12-01 22:12:56 +01:00
Werner Koch
86efc3ee53
gpg: Let only Dirmngr decide whether CERT is supported.
* g10/getkey.c (parse_auto_key_locate): Do not build parts depending
on USE_DNS_CERT.
--

This also removes USE_DNS_SRV from commented code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-01 16:40:32 +01:00
Werner Koch
a5910e00ac
gpg: Make --decrypt with output '-&nnnn' work.
* g10/plaintext.c (get_output_file): Check and open special filename
before falling back to stdout.
--

GnuPG-bug-id: 2677
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:54:36 +01:00
Werner Koch
60b4982836
gpg,sm: Merge the two versions of check_special_filename.
* sm/gpgsm.c (check_special_filename): Move to ..
* common/sysutils.c (check_special_filename): here.  Add arg
NOTRANSLATE.
(allow_special_filenames): New local var.
(enable_special_filenames): New public functions.
* sm/gpgsm.c (allow_special_filenames): Remove var.
(main): Call enable_special_filenames instead of setting the var.
(open_read, open_es_fread, open_es_fwrite): Call
check_special_filename with 0 for NOTRANSLATE.
* common/iobuf.c (special_names_enabled): Remove var.
(iobuf_enable_special_filenames): Remove func.
(check_special_filename): Remove func.
(iobuf_is_pipe_filename): Call new version of the function with
NOTRANSLATE set.
(do_open): Ditto.
* g10/gpg.c (main): Call enable_special_filenames instead of
iobuf_enable_special_filenames.
* g10/gpgv.c (main): Ditto.
--

Note that we keep the iobuf.c:translate_file_handle because it is a
bit different (for whatever reasons) than the translate function from
sysutils.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:54:36 +01:00
Justus Winter
52385a2ba1 g10: Fix memory leak.
* g10/decrypt.c (decrypt_messages): Properly decrease the reference
count of the armor filters after pushing them.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-29 16:48:35 +01:00
Neal H. Walfield
522f74f7e3 Improve some comments. 2016-11-29 14:56:00 +01:00
Neal H. Walfield
2f27cb12e3 g10: Extend TOFU_STATS to always show the validity
* doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY.  Add
a new field called VALIDITY.
* g10/tofu.c (write_stats_status): Update output accordingly.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Change TOFU_STATS as discussed offline with Werner, Justus and Andre.
2016-11-29 14:55:59 +01:00
Justus Winter
4db9a42564 g10: Fix iteration over getkey results.
* g10/getkey.c (getkey_next): Only ask 'lookup' for the exact match if
our caller requested the key.  Fixes a crash in 'lookup'.

GnuPG-bug-id: 2848
Fixes-commit: 1d03cc77e1
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-28 13:48:19 +01:00
Neal H. Walfield
03a65a5323 g10: Avoid gratuitously loading a keyblock when it is already available
* g10/trust.c (get_validity): Add new, optional parameter KB.  Only
load the keyblock if KB is NULL.  Update callers.
(get_validity): Likewise.
* g10/trustdb.c (tdb_get_validity_core): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2812
2016-11-23 12:29:22 +01:00
Neal H. Walfield
bfeafe2d3f g10: Use es_fopen instead of open.
* g10/tofu.c: Don't include <utime.h>, <fcntl.h> or <unistd.h>.
(busy_handler): Replace use of open with es_fopen.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Thanks for Werner for pointing this out: es_fopen is more portable
than open.
2016-11-22 17:12:38 +01:00
Neal H. Walfield
44c17bcb00 g10: If the set of UTKs changes, invalidate any changed policies.
* g10/trustdb.c (tdb_utks): New function.
* g10/tofu.c (check_utks): New function.
(initdb): Call it.
* tests/openpgp/tofu.scm: Modify test to check the effective policy of
keys whose effective policy changes when we change the set of UTKs.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

If the set of ultimately trusted keys changes, then it is possible
that a binding's effective policy changes.  To deal with this, we
detect when the set of ultimately trusted keys changes and invalidate
all cached policies.
2016-11-22 15:24:05 +01:00
Justus Winter
6ce14a805f g10: Fix memory leak.
* g10/tofu.c (tofu_notice_key_changed): Remove spurious duplicate call
to 'hexfingerprint'.

Fixes-commit: 037f9de092
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-22 12:09:47 +01:00
Neal H. Walfield
037f9de092 g10: Cache the effective policy. Recompute it when required.
* g10/tofu.c (initdb): Add column effective_policy to the bindings
table.
(record_binding): New parameters effective_policy and set_conflict.
Save the effective policy.  If SET_CONFLICT is set, then set conflict
according to CONFLICT.  Otherwise, preserve the current value of
conflict.  Update callers.
(get_trust): Don't compute the effective policy here...
(get_policy): ... do it here, if it was not cached.  Take new
parameters, PK, the public key, and NOW, the time that the operation
started.  Update callers.
(show_statistics): New parameter PK.  Pass it to get_policy.  Update
callers.
(tofu_notice_key_changed): New function.
* g10/gpgv.c (tofu_notice_key_changed): New stub.
* g10/import.c (import_revoke_cert): Take additional argument CTRL.
Pass it to keydb_update_keyblock.
* g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL.
Update callers.
[USE_TOFU]: Call tofu_notice_key_changed.
* g10/test-stubs.c (tofu_notice_key_changed): New stub.
* tests/openpgp/tofu.scm: Assume that manually setting a binding's
policy to auto does not cause the tofu engine to forget about any
conflict.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

We now store the computed policy in the tofu DB (in the
effective_policy column of the bindings table) to avoid computing it
every time, which is expensive.  Further, policy is never overridden
in case of a conflict.  Instead, we detect a conflict if CONFLICT is
not empty.

This change is backwards compatible to existing DBs.  The only minor
incompatibility is that unresolved conflicts won't be automatically
resolved in case we import a direct signature, or cross signatures.
2016-11-21 22:47:30 +01:00
Neal H. Walfield
182efc5b5d g10: Correctly parameterize ngettext.
* g10/tofu.c (ask_about_binding): Correctly parameterize ngettext.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-11-21 21:22:02 +01:00
Neal H. Walfield
7142b293c8 g10: Don't use the same variable for multiple SQL compiled statements
* g10/tofu.c (struct tofu_dbs_s): Remove unused field
record_binding_update2.  Replace register_insert with
register_signature and register_encryption.
(tofu_register_signature): Don't use dbs->s.register_insert, but
dbs->s.register_signature.
(tofu_register_encryption): Don't use dbs->s.register_insert, but
dbs->s.register_encryption.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-11-21 21:13:15 +01:00
Neal H. Walfield
91a0483c5d g10: Add a convenience function for checking if a key is a primary key
* g10/keydb.h (pk_is_primary): New function.
* g10/tofu.c (get_trust): Use it.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.
(tofu_set_policy): Likewise.
(tofu_get_policy): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-11-21 16:39:53 +01:00
NIIBE Yutaka
1c0b140ccc g10: Fix flags to open for lock of ToFU.
* g10/tofu.c (busy_handler): Fix the flags and utime is not needed.

--

The argument flags must include one of O_RDONLY, O_WRONLY, or O_RDWR.
Adding O_TRUNC, the file is updated.  So, utime is not needed.

Fixes-commit: b2e1b17efa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-18 20:32:22 +09:00
NIIBE Yutaka
b2e1b17efa g10: Fix creating a lock for ToFU.
* g10/tofu.c (busy_handler): Add third argument which is mandatory for
O_CREATE flag.

--

Reported-by: Kristian Fiskerstrand
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-18 09:32:34 +09:00
Werner Koch
5210ff70bc
doc: Typo fixes.
--

Reported-by: Nathan Musoke <nathan.musoke@gmail.com>
2016-11-17 15:29:35 +01:00
Werner Koch
c4506a3f15
common: Rename keybox_file_rename to gnupg_rename_file.
* kbx/keybox-util.c (keybox_file_rename): Rename to ...
* common/sysutils.c (gnupg_rename_file): this.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 17:43:59 +01:00
Werner Koch
43bfaf2c54
gpg: New option --override-session-key-fd.
* g10/gpg.c (oOverrideSessionKeyFD): New.
(opts): Add option --override-session-key-fd.
(main): Handle that option.
(read_sessionkey_from_fd): New.
--

The override-session-key feature was designed to mitigate the effect
of the British RIP act by allowing to keep the private key private and
hand out only a session key.  For that use case the leaking of the
session key would not be a problem.  However there are other use
cases, for example fast re-decryption after an initial decryption,
which would benefit from concealing the session key from other users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 09:03:03 +01:00
Werner Koch
500e594c2d
gpgv: New option --enable-special-filenames.
* g10/gpgv.c (oEnableSpecialFilenames): New.
(opts): Add option --enable-special-filenames.
(main): Implement that option.
--

This is the same option we have in gpg.  It allows to use commands
like

 gpgv --enable-special-filenames -- '-&3' - <msg 3<msg.sig

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 20:11:59 +01:00
Werner Koch
b47603a0ac
gpg: Add new compliance mode "de-vs".
* g10/options.h (CO_DE_VS): New.
(GNUPG): Also allow CO_DE_VS.
* g10/gpg.c (oDE_VS): New.
(parse_compliance_option): Add "de-vs".
(set_compliance_option): Set "de-vs".
* g10/misc.c (compliance_option_string): Return a description string.
(compliance_failure): Ditto.
* g10/keygen.c (ask_algo): Take care of CO_DE_VS.
(get_keysize_range): Ditto.
(ask_curve): Add new field to CURVES and trun flags into bit flags.
Allow only Brainpool curves in CO_DE_VS mode.
--

As of now this compliance mode only restricts the set of algorithms
and curves which can be created.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 17:50:03 +01:00
Werner Koch
4bd12b571e
doc: Add comment to make clear that KBNODE is deprecated.
--

kbnode_t has replaced KBNODE for new code years ago, but that should
be documented.  No bulk changes please to keep git blame easy to read.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 16:29:08 +01:00
Werner Koch
8ea3b4c410
gpg: Use usual free semantics for packet structure free functions.
* g10/free-packet.c (free_attributes): Turn function into a nop for a
NULL arg.
(free_user_id): Ditto.
(free_compressed): Ditto.
(free_encrypted): Ditto.
(free_plaintext): Ditto.
(release_public_key_parts): Avoid extra check for NULL.
* g10/getkey.c (get_best_pubkey_byname): Ditto.
--

This change avoid surprises because it is common that function named
like free and taking a pointer also have similar semantics.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 16:24:09 +01:00
Justus Winter
12834e84ac g10: Optimize key iteration.
* g10/getkey.c (get_best_pubkey_byname): Use the node returned by
'getkey_next' instead of doing another lookup.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 15:38:09 +01:00
Justus Winter
d20107f6da g10: Fix memory leak.
* g10/getkey.c (finish_lookup): Clarify that we do not return a
reference.
(lookup): Clarify the relation between RET_KEYBLOCK and RET_FOUND_KEY.
Check arguments.  Actually release the node if it is not returned.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 15:38:09 +01:00
Justus Winter
1d03cc77e1 g10: Fix iteration over getkey results.
* g10/getkey.c (getkey_next): Fix invocation of 'lookup'.  If we want
to use RET_FOUND_KEY, RET_KEYBLOCK must be valid.

Fixes-commit: 8ea72a776a
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 15:38:09 +01:00
Justus Winter
bd60742925 g10: Fix use-after-free.
* g10/getkey.c (pubkey_cmp): Make a copy of the user id.
(get_best_pubkey_byname): Free the user ids.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 15:38:09 +01:00
NIIBE Yutaka
1f7639ebbe g10: Fix memory leak.
* g10/keyedit.c (menu_adduid): Don't copy 'sig'.

--

Fixes-commit: 809d67e740
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-15 21:10:51 +09:00
Werner Koch
f86b1a15ad
gpg: New option --compliance.
* g10/gpg.c (oCompliance): New.
(opts): Add "--compliance".
(parse_tofu_policy): Use a generic description string for "help".
(parse_compliance_option): New.
(main): Add option oCompliance.  Factor out code for compliance
setting to ...
(set_compliance_option): new.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-15 13:06:49 +01:00
Justus Winter
809d67e740 g10: Fix memory leak.
* g10/keyedit.c (menu_adduid): Deallocate 'sig'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-15 11:46:40 +01:00
Justus Winter
2cd281c4de g10: Fix memory leak.
* g10/mainproc.c (check_sig_and_print): Free 'pk'.

Fixes-commit: 37e3c89725
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-14 17:33:18 +01:00
Werner Koch
5d13581f47
gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.
* g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
file-global.  Write a STATUS_ERROR.
(maybe_create_keyring_or_box): Check for non-accessible but existant
file.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.
* sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
and make file-global.  Write a STATUS_ERROR.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.  Also add new arg CTRL and change
all callers to pass it down.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-10 17:07:28 +01:00
Werner Koch
088d955bd8
gpg: Improve error message for --quick-gen-key.
* g10/keygen.c (parse_algo_usage_expire): Use a different error
message for an unknown algorithm name.
--

GnuPG-bug-id: 2832
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-10 12:18:33 +01:00
Justus Winter
5840353d8b g10: Fix crash.
* g10/getkey.c (get_best_pubkey_byname): If 'get_pubkey_byname' does
not return a getkey context, then it can return at most one key,
therefore there is nothing to rank.  Also, always initialize '*retctx'
to be on the safe side.

GnuPG-bug-id: 2828
Fixes: ab89164be0
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-07 12:57:30 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch
2312a7f836
indent: Move comments inside the block.
--

This fixes a few

  if (foo)
    /* A comment
       with several
       lines.  */
    {
    }

Which has the problem that the block is visually not related to the
"if" and might thus falsely be considered a standalone block.

Also adds a asterisk on the left side of longer comments.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-04 14:52:08 +01:00
Werner Koch
c1ea0b577a
agent: Extend the PINENTRY_LAUNCHED inquiry and status.
* agent/call-pinentry.c (start_pinentry): Get flavor and version and
pass it to agent_inq_pinentry_launched.
* agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
* g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-03 20:10:38 +01:00
Justus Winter
ab89164be0 g10: Improve and unify key selection for -r and --locate-keys.
* g10/getkey.c (struct pubkey_cmp_cookie): New type.
(key_is_ok, uid_is_ok, subkey_is_ok): New functions.
(pubkey_cmp): Likewise.
(get_best_pubkey_byname): Likewise.
* g10/keydb.h (get_best_pubkey_byname): New prototype.
* g10/keylist.c (locate_one): Use the new function.
* g10/pkclist.c (find_and_check_key): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add new test.
(TEST_FILES): Add new files.
* tests/openpgp/key-selection.scm: New file.
* tests/openpgp/key-selection/0.asc: Likewise.
* tests/openpgp/key-selection/1.asc: Likewise.
* tests/openpgp/key-selection/2.asc: Likewise.
* tests/openpgp/key-selection/3.asc: Likewise.
* tests/openpgp/key-selection/4.asc: Likewise.
--

When a name resembling a mail address is given to either --locate-keys
or --recipient, rank the search results and use only the most relevant
key.

This also lets us query which key will be used for encryption using
--locate-keys.  However, note that --locate-keys may also return keys
incapable of encryption, though it will prefer keys that have an
encryption subkey.

GnuPG-bug-id: 2359
Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-03 15:04:18 +01:00
Werner Koch
488b183811
common: Improve compare_string_versions.
* common/stringhelp.c: Include limits.h.
(compare_version_strings): Change semantics to behave like strcmp.
Include the patch lebel in the comparison.  Allow checking a single
version string.
* common/t-stringhelp.c (test_compare_version_strings): Adjust test
vectors and a few new vectors.
* g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-02 17:58:11 +01:00
Daniel Kahn Gillmor
68b59bbc42 Spelling: correct spelling of "passphrase".
There were several different variant spellings of "passphrase".  This
should fix them all for all English text.

I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-02 12:53:58 +01:00
Justus Winter
5d4f1408d0 g10,w32: Fix build on Windows.
* g10/tofu.c (begin_transaction): Use the new 'gnupg_usleep'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-02 12:45:18 +01:00
Neal H. Walfield
7a634e48b1 g10: Avoid gratuitious SQLite aborts and starving writers.
* g10/tofu.c: Include <time.h>, <utime.h>, <fcntl.h> and <unistd.h>.
(tofu_dbs_s): Add fields want_lock_file and want_lock_file_ctime.
(begin_transaction): Only yield if DBS->WANT_LOCK_FILE_CTIME has
changed since we took the lock.  Don't use gpgrt_yield to yield, but
sleep for 100ms.  After taking the batch lock, update
DBS->WANT_LOCK_FILE_CTIME.  Also take the batch lock the first time we
take the real lock.  When taking the real lock, use immediate not
deferred mode to avoid gratuitious aborts.
(end_transaction): When dropping the outermost real lock, drop the
batch lock.
(busy_handler): New function.
(opendbs): Set the busy handler to it when opening the DB.  Initialize
CTRL->TOFU.DBS->WANT_LOCK_FILE.
(tofu_closedbs): Free DBS->WANT_LOCK_FILE.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

By default, SQLite defers transactions until they are actually needed.
A consequence of this is that if we have two readers and both decide
to do a write, then one has to abort.  To avoid this problem, we can
make the outermost transaction an immediate transaction.  This has the
disadvantage that we only allow a single reader at a time, but at
least we don't have gratuitous aborts anymore.

A second problem is that SQLite apparently doesn't actually create a
queue of waiters.  The result is that doing a sched_yield between
dropping and retaking the batch transaction is not enough to allow the
other process to make progress.  Instead, we need to wait a
while (emperically: 100ms seems reasonable).  To avoid waiting when
there is no contention, we use a new file's timestamp to signal that
there is a waiter.
2016-10-30 19:10:42 -07:00
Neal H. Walfield
eec365a02b g10: Avoid reading in keys when possible.
* g10/tofu.c (build_conflict_set): If CONFLICT_SET contains a single
element, don't bother to check for cross sigs.  Add parameter PK.
Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-30 11:03:51 -07:00
Neal H. Walfield
614ca00676 g10: Fix bit setting.
* g10/tofu.c (build_conflict_set): Fix bit setting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 1f1f56e606
2016-10-30 10:55:58 -07:00
Werner Koch
b6f08dbb0b
gpg: Enable the Issuer Fingerprint from rfc4880bis
* g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new
Issuer Fingerprint sub-packet.
* g10/mainproc.c (check_sig_and_print): Always consider that
sub-packet.
--

The specs for this sub-packet have been pushed to the OpenPGP WG's
repo today.

See-also: https://mailarchive.ietf.org/arch/msg/\
	openpgp/GvPo2eSL9GW9WcGhOocY7KBa9FY

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-28 21:01:51 +02:00
Werner Koch
8fced66be3
gpg: Verify multiple detached signatures with different hash algos.
* g10/mainproc.c (proc_tree): Loose check.  Enable all algos.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-27 19:56:42 +02:00
Justus Winter
8ea72a776a g10: Fix iteration over getkey results.
* g10/getkey.c (getkey_next): Return the public key in PK even if
RET_KEYBLOCK is NULL.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 15:31:30 +02:00
Justus Winter
445f0c13d7 Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:59:56 +02:00
Justus Winter
66a0091d74 g10: Assert preconditions.
* g10/getkey.c (get_pubkey_byname): Assert preconditions.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:43:29 +02:00
Werner Koch
a15ed5a1fd
gpg: Convey --quick option to dirmngr for --auto-key-retrieve.
* g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'.
(gpg_dirmngr_wkd_get): Ditto.
* g10/keyserver.c (keyserver_get): Add arg 'quick'.
(keyserver_get_chunk): Add arg 'quick'.
(keyserver_import_fprint): Ditto.  Change callers to pass 0 for it.
(keyserver_import_keyid): Ditto.
(keyserver_import_wkd): Ditto.
* g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with
QUICK set.
--

Note that this option has not yet been implemented by dirmngr.
Dirmngr will simply ignore it for now.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-27 09:06:10 +02:00
NIIBE Yutaka
ca0ee4e381 g10: Fix ECDH, clarifying the format.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when
it's short.  Clarify the format.  Handle other prefixes correctly.

--
With the scdaemon's change, there is no case NBYTES < SECRET_X_SIZE.
This fixes the break of ECDH with X25519.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-27 13:04:45 +09:00
Arnaud Fontaine
b648f28f9f g10: ECDH shared point format.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of
ECDH shared point format.

--
This handles the case where the result comes from scdaemon.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
2016-10-27 12:16:30 +09:00
Werner Koch
9d6146d6f9
gpg: Replace two sprintf calls.
* g10/keygen.c (print_status_key_created): Use snprintf for now.
(ask_expire_interval): Replace xmalloc and sprintf by xasprintf.
--

Future updates: Replace code like

   r = xcalloc (1, sizeof *r + 20 );
   r->key = pKEYLENGTH;
   sprintf( r->u.value, "%u", info.key_attr[0].nbits);

by something like

   r = new_r_with_value ("%u", info.key_attr[0].nbits);
   r->key = pKEYLENGTH;

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-24 13:12:05 +02:00
NIIBE Yutaka
b1828c17fc scd: Use canonical curve name of libgcrypt.
* scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
(ecdh_params): New.
(ecc_read_pubkey): Use ecdh_params.  Use curve name.
(ecc_writekey): Likewise.
(ecc_curve): Rename from ecc_oid.
(parse_algorithm_attribute): Use ecc_curve.
* g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
intern the curve name string.
* g10/card-util.c (card_status): Conver curve name to alias for print.
--
Now, sdcaemon answer for KEY-ATTR is in the canonical curve name
instead of the alias.  Since it is used of key generation for
card encryption key with backup, it should be canonical name.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-24 11:22:44 +09:00
NIIBE Yutaka
acef095164 g10: Fix card keygen for decryption.
* g10/keygen.c (do_generate_keypair): Fix arguments.

--

Reported-by: Grumpy
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-24 07:52:40 +09:00
NIIBE Yutaka
987bbb2276 g10: More card key generation change.
* g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
Don't get ALGO by KEY-ATTR by this function.  It's caller to provide
ALGO.  Don't do that by both of caller and callee.
(generate_keypair): Only put paramerters needed.  Use parameters
for ALGO to call gen_card_key.
(generate_card_subkeypair): Get ALGO and call gen_card_key with it.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-22 08:45:35 +09:00
Andre Heinecke
f7e50634be g10: Write first keybox record in binary mode
* g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode.

--
This fixes keybox corruption on windows.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2016-10-21 15:02:19 +02:00
NIIBE Yutaka
d2653b1a6d g10,scd: Fix ECC keygen.
* g10/keygen.c (generate_keypair): For card key generation, fill
parameters by KEY-ATTR.

* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
after its reference by OIDBUF is finished.
(ecc_writekey): Likewise.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 21:37:04 +09:00
NIIBE Yutaka
dafce6f698 g10: Don't ask keysize for for non-RSA card.
* g10/card-util.c (card_status): Bug fix for keyno.
(ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
(generate_card_keys): Only ask keysize when RSA.
(card_generate_subkey): Likewise.

--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 14:15:05 +09:00
NIIBE Yutaka
161cb22f13 g10: Support ECC for gen_card_key.
* g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
(do_generate_keypair, generate_card_subkeypair): Follow the change.

--
ALGO is determined by the key attribute of the card.

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 13:59:09 +09:00
NIIBE Yutaka
6e85ac77af Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
NIIBE Yutaka
9a34e2142b agent, g10: Fix keygen.
* agent/command.c (cmd_readkey): Get length after card_readkey.
* g10/keygen.c (gen_card_key): Fix off-by-one error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 20:01:46 +09:00
NIIBE Yutaka
980c037bed g10: smartcard keygen change.
* g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
(scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
(agent_scd_genkey): Remove INFO argument.  CREATETIME is now in/out
argument.
(agent_readkey): Use READKEY --card instead of SCD READKEY.
* g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
to retrieve public key information from card and let the agent make
a file for private key with shadow info.
--

This change removes gpg's KEY-DATA handling for SCD GENKEY.  Information
with KEY-DATA is simply not used.  Instead, it is read by READKEY --card
command of gpg-agent.  This can consolidate public key handling in a
single method by READKEY.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 13:30:47 +09:00
Neal H. Walfield
95d0f3e5ee g10: Be more careful when checking if a binding is signed by a UTK.
* g10/tofu.c (signed_by_utk): When checking if a key is signed by an
ultimately trusted key, only consider the signatures on the specified
user id.
* tests/openpgp/tofu.scm: Add test for the above.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-13 21:14:55 +02:00
Neal H. Walfield
4c0389f8eb g10: Be more careful when checking cross signatures.
* g10/tofu.c (cross_sigs): When checking cross signatures, only
consider the signatures on the specified user id.
* tests/openpgp/tofu.scm: Add test for the above.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg:
  New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/README: New file.

--
Signed-off-by: Neal H. Walfield
2016-10-13 12:44:59 +02:00
Neal H. Walfield
e09166c772 g10: Still check if the key is an UTK or cross signed in batch mode.
* g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
bail immediately.  Instead, check if the key in question is an
ultimately trusted key or cross signed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-13 12:40:03 +02:00
Neal H. Walfield
5bf92e51df g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL
* g10/tofu.c (get_policy): If an sqlite operation fails, map the error
  code to GPG_ERR_GENERAL.
(ask_about_binding): Likewise.
(build_conflict_set): Likewise.
(get_trust): Likewise.
(show_statistics): Likewise.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-13 12:32:03 +02:00
Neal H. Walfield
3ad17e72fa g10: When changing a TOFU binding's policy, update the conflict info
* g10/tofu.c (record_binding): Take an additional argument, CONFLICT.
Set the binding's conflict accordingly.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-12 21:42:10 +02:00
Neal H. Walfield
ca84f65c7c g10: Make a singular string singular.
* g10/tofu.c (ask_about_binding): Make the singular string singular.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-12 21:40:03 +02:00
Neal H. Walfield
6fdf37f083 g10: Correctly determine whether a binding has a conflict.
* g10/tofu.c (build_conflict_set): A binding has a conflict is
conflict is *not* NULL, not if it is NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-10-12 21:39:12 +02:00
Neal H. Walfield
78eda335fd g10: Fix a column's type in TOFU DB.
* g10/tofu.c (initdb): Change policy from a boolean to an integer.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Note: sqlite ignores type information so this change has no real
impact.
2016-10-12 21:37:34 +02:00
Werner Koch
1a24c67e20
Revert "g10: Fix singular term."
--

This reverts commit b0d2526bc4.

The number of format elements may not change in ngettext.  The entire
construct is anyway wrong because ngettext is passed a different value
than what is used in the printf.

We need to rework the use of most strings in tofu.c.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 08:06:13 +02:00
Werner Koch
5d43d28aa3
gpg: Put extra parens around bit tests.
* g10/options.h (DBG_MPI): New.
* g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
* g10/parse-packet.c (set_packet_list_mode): Use dbg macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-07 07:54:38 +02:00
Justus Winter
b0d2526bc4 g10: Fix singular term.
* g10/tofu.c (ask_about_binding): Fix singular message.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-06 14:33:20 +02:00
Justus Winter
73000d1ce0 g10: Use appropriate variant of 'abs'.
* g10/tofu.c (ask_about_binding): Use 'labs' instead of 'abs'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-06 14:32:10 +02:00
Justus Winter
6b626824c8 g10: Fix testing for debug flag.
* g10/parse-packet.c (set_packet_list_mode): Fix testing for debug
flag.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-06 14:17:55 +02:00
Werner Koch
a43739a245
agent: Remove the warning for the GKR hijacking.
* g10/call-agent.c (check_hijacking): Remove.
(start_agent): Remove call.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-30 19:38:03 +02:00
Werner Koch
cbf2ac6669
gpg: Improve WKD by importing only the requested UID.
* g10/keyserver.c: Include mbox-util.h.
(keyserver_import_wkd): Do not use the global import options but
employ an import filter.
--

We also make sure that an mbox has been passed to keyserver_import_wkd
so it may also be called with a complete user id (which is currently
not the case).

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-28 15:35:31 +02:00
Werner Koch
80393661bd
gpg: Reject import if an import filter removed all user ids.
* g10/import.c (any_uid_left): New.
(import_one): Check that a UID is left.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-28 15:32:04 +02:00
Werner Koch
c9237bf2ba
gpg: Make import filter data object more flexible.
* g10/main.h (import_filter_t): New.
* g10/import.c (struct import_filter_s): Declare struct.
(import_keep_uid, import_drop_sig): Replace by ...
(import_filter): new.  Adjust all users.
(cleanup_import_globals): Move code to ...
(release_import_filter): new.
(save_and_clear_import_filter): New.
(restore_import_filter): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-28 13:47:34 +02:00
Werner Koch
829949f382
gpg: Make sure that internal key import is done with a binary stream.
* g10/import.c (import_keys_internal): Open stream in binary mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-28 13:36:28 +02:00
NIIBE Yutaka
4e4843e735 agent, sm: Set CTX after start_agent.
* g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent.
* sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign)
(gpgsm_agent_readkey, gpgsm_agent_scd_serialno)
(gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted)
(gpgsm_agent_passwd, gpgsm_agent_get_confirmation)
(gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key)
(gpgsm_agent_export_key): Likewise.

--

Reported-by: Rainer Perske
GnuPG-bug-id: 2699
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-27 14:45:21 +09:00
Neal H. Walfield
df5353b95e g10: When adding a user id, make sure the keyblock has been prepared.
* g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on
KEYBLOCK before adding the user id.
* tests/openpgp/quick-key-manipulation.scm: Make sure that the key
capabilities don't change when adding a user id.
(key-data): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2697
2016-09-22 21:32:31 +02:00
Werner Koch
998643666c
gpg: Fix regression in fingerprint printing.
* g10/keylist.c (list_keyblock_print): Do not depend calling
print_fingerprint on opt.keyid_format.
--

Regression-due-to: d757009a24
Debian-bug-id: 838153
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-19 17:48:04 +02:00
Justus Winter
086d219d96 g10: Fix memory leak.
* g10/tofu.c (build_conflict_set): Free 'kb_all'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-19 12:32:50 +02:00
Werner Koch
18bbefa27f
gpg: Avoid malloc failure due to no key signatures
* g10/keyedit.c (check_all_keysigs): Check early for no key
signatures.  Use xtrycalloc.
--

GnuPG-bug-id: 2690
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-19 08:27:56 +02:00
Daniel Kahn Gillmor
0d67241e31 Fix more spelling
* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
  tests/pkits/README, tools/applygnupgdefaults,
  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
  minor spelling cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-17 16:00:37 +09:00
Neal H. Walfield
6e930f0e40 g10: On failure, propagate the return code.
* g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:21 +02:00
Neal H. Walfield
3825847300 g10: Improve some comments and a string.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:20 +02:00
Neal H. Walfield
221b0bd0e5 g10: Don't ignore failure. On failure, rollback.
* g10/tofu.c (tofu_set_policy): If record_binding fails, fail.  If the
function fails, rollback the transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:20 +02:00
Neal H. Walfield
c2e563421e g10: Load the key block if the supplied user id list is NULL.
* g10/tofu.c (tofu_register_encryption): Load the key block if
USER_ID_LIST is NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:19 +02:00
Neal H. Walfield
af196342bf g10: Use the accessor functions for accessing and comparing key ids
* g10/tofu.c (get_trust): Use the pk_main_keyid accessor function.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.
(tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-16 15:35:18 +02:00
Justus Winter
c0e620cee8 g10: Add missing header.
* g10/trustdb.c: Include 'mbox-util.h'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-15 14:46:06 +02:00
Neal H. Walfield
3f7f744731 g10: Only consider bindings matching the signer's user id.
* g10/trustdb.c (tdb_get_validity_core): If the signer's user id
subpacket is present, only consider matching user ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-15 12:21:35 +02:00
Neal H. Walfield
dcc6466305 g10: Don't include the signature when printing a binding's validity.
* g10/mainproc.c (check_sig_and_print): When printing information
about a binding don't include the current signature.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-15 12:21:34 +02:00
Neal H. Walfield
9799b5d18f g10: Fix whitespace.
* g10/tofu.c (show_statistics): Fix whitespace.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:11 +02:00
Neal H. Walfield
05b2b13efd g10: Correctly compute the euclidean distance.
* g10/tofu.c (write_stats_status): Correctly compute the euclidean
distance.
(show_statistics): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:10 +02:00
Neal H. Walfield
ca91caabb5 g10: Change the default TOFU policy for UTKs to good.
* g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to
good.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:09 +02:00
Neal H. Walfield
9d62b79e62 g10: Add missing static qualifier.
* g10/tofu.c (cross_sigs): Add missing static qualifier.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:09 +02:00
Neal H. Walfield
8df8aa13c7 g10: Default to the "good" TOFU policy for keys signed by a UTK.
* g10/tofu.c (signed_by_utk): New function.
(get_trust): If a key is signed by an ultimately trusted key, then
set any bindings to good.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-14 15:22:08 +02:00
Werner Koch
f4e11f2e9e
gpg: Emit a new error status line in --quick-adduid.
* g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing
user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-14 10:59:18 +02:00
Werner Koch
0fd332bc1f
gpg: Allow use of "default" algo for--quick-addkey.
* g10/keygen.c (quick_generate_keypair): Write a status error.
(parse_algo_usage_expire): Set a default curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-14 09:46:10 +02:00
Werner Koch
30a011cfd6
gpg: Improve usability of --quick-gen-key.
* g10/keygen.c (FUTURE_STD_): New constants.
(parse_expire_string): Handle special keywords.
(parse_algo_usage_expire): Allow "future-default".  Simplify call to
parse_expire_string.
(quick_generate_keypair): Always allow an expiration date.  Replace
former "test-default" by "future-default".
--

Using an expiration date is pretty common, thus we now allow the
creation of a standard key with expiration date.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-13 11:30:54 +02:00
Werner Koch
31fc420727
gpg: Avoid mixing up status and colon line output.
* g10/keylist.c (list_keyblock_colon): Avoid calling functions which
trigger a status line output before having printed a LF.
--

Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the
colons output, like here:

  pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...]

Reported-by: Andreas Stieger <astieger@suse.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-12 17:45:01 +02:00
Ben Kibbey
937ec53eff Fix symbol conflict.
* g10/gpgcompose.c: Rename struct siginfo to signinfo.
--

Fixes android-ndk and OpenIndiana (Solaris) builds.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-09-10 13:42:09 -04:00
Daniel Kahn Gillmor
d757009a24
gpg: print fingerprint regardless of keyid-format
* g10/keylist.c (print_fingerprint): use compact format independent of
  keyid-format; (print_key_line): always print the fingerprint

--

The choice of fingerprint display should be independent of the
keyid-format.

Currently, the representation of the fingerprint changes depending on
whether the user has specified --keyid-format to anything besides
"none".  (this is common, for example, if someone happens to have
"keyid-format long" in their gpg.conf for interoperability with older
versions of gpg)

With this changeset, keyid-format governs only the format of the
displayed keyID, while the fingerprint display is governed only by the
fingerprint options:

 [default]::
    compact fpr of pubkey only
 --with-fingerprint::
    human-readable form of fpr of pubkey only
 --with-fingerprint --with-fingerprint::
    human-readable form of pubkey and subkey
 --with-subkey-fingerprint:
    compact fpr for pubkey and subkeys

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-09 08:17:49 +02:00
Werner Koch
30a9f53a0f
gpg: Remove option --yes from gpgv
* g10/gpgv.c (opts): Remove --yes.
(main): Always set opt.ANSWER_YES.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-08 14:34:13 +02:00
Werner Koch
a8363b7d0b
gpg: Add options --output and --yes to gpgv.
* g10/gpgv.c (oOutput, oAnswerYes): New.
(opts): Add --output and --yes.
(main): Implement options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-08 10:50:51 +02:00
Werner Koch
bbe940c095
gpg: Make --output work with --verify.
* g10/mainproc.c (proc_plaintext): Handle opt.output.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-08 00:45:45 +02:00
Neal H. Walfield
bde29a46ce g10: Use the time a signature was seen, not the embedded time, for stats
* g10/tofu.c (ask_about_binding): Use the time that a signature was
seen, not allegedly generated, when generating statistics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-07 11:17:47 +02:00
Neal H. Walfield
ee06b3f788 g10: Check for a new binding a bit later.
* g10/tofu.c (build_conflict_set): Check for the current key after
looking for conflicts and removing any '!'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 1f1f56e6
2016-09-07 10:53:28 +02:00
Neal H. Walfield
7b3e8572e3 g10: Change TOFU code to respect --faked-system-time.
* g10/tofu.c (record_binding): New parameter now.  Update callers.
Don't use SQLite's strftime('%s','now') to get the current time, use
NOW.
(ask_about_binding): Likewise.
(get_trust): New parameter now.  Update callers.
(show_statistics): Likewise.
(tofu_register_signature): Don't use SQLite's strftime('%s','now') to
get the current time, use gnupg_get_time().
(tofu_register_encryption): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-07 10:28:39 +02:00
Neal H. Walfield
56c18408d4 g10: Use the correct conversion function.
* g10/tofu.c (show_statistics): Use string_to_ulong, not
string_to_long.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 875ac921
2016-09-07 10:06:58 +02:00
Neal H. Walfield
1f90d3c71e g10: Add missing sqrtu32.h and sqrtu32.c.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 875ac92.
2016-09-07 08:55:17 +02:00
Werner Koch
97a67d42dc
gpg: Fix format string issues in tofu.
* g10/tofu.c (write_stats_status): Use ulong for MESSSAGES.  Fix
format strings.  Simplify by using the new write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-07 08:41:48 +02:00
Werner Koch
c894fa8d37
g10: Temporary hack to repalce missing sqrtu32.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-07 08:40:18 +02:00
Neal H. Walfield
13ddc17ddb g10: Make sure some functions are passed a primary key.
* g10/tofu.c (get_trust): Make sure the caller provides a primary key.
(tofu_register_signature): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 22:40:59 +02:00
Neal H. Walfield
ee19eacd1d g10: Tweak TOFU's verbosity.
* g10/tofu.c (time_ago_str): Only show the most significant unit.
* g10/tofu.c (show_statistics): Tweak the output.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 22:40:01 +02:00
Neal H. Walfield
67cef405cb g10: Only show the TOFU warning once per key.
* g10/tofu.c (show_statistics): Return whether to call show_warning.
Move the warning from here...
(show_warning): ... to this new function.
(tofu_get_validity): If show_statistics returns a non-zero value, call
show_warning.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 22:10:57 +02:00
Neal H. Walfield
875ac9216f g10: Record and show statistics for encrypted messages when using TOFU
* g10/tofu.c: Include "sqrtu32.h".
(struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
get_trust_gather_signature_stats.  Add new field
get_trust_gather_encryption_stats.
(initdb): Create the encryptions table.
(ask_about_binding): Show the encryption statistics too.
(tofu_register): Rename from this...
(tofu_register_signature): ... to this and update callers.
(tofu_register_encryption): New function.
(write_stats_status): Add parameters encryption_count,
encryption_first_done and encryption_most_recent.  Update callers.
Compute the trust using the euclidean distance of the signature and
signature count.  Compare with twice the threshold.  Include
encryption count information in the TFS and TOFU_STATS lines.
(show_statistics): Also get information about the encrypted messages.
* g10/trustdb.c (tdb_get_validity_core): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 21:37:48 +02:00
Neal H. Walfield
a9e6db6c7e g10: Simplify the binding statistics shown for a TOFU conflict.
* g10/tofu.c (ask_about_binding): Simplify binding statistics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 21:37:47 +02:00
Neal H. Walfield
9082bde01c g10: Don't add user attributes to the TOFU DB.
* g10/trustdb.c (tdb_get_validity_core): Skip user attributes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-05 16:48:51 +02:00
Neal H. Walfield
1f1f56e606 g10: Refactor cross sig check code.
* g10/tofu.c (BINDING_NEW): New enum value.
(BINDING_CONFLICT): Likewise.
(BINDING_EXPIRED): Likewise.
(BINDING_REVOKED): Likewise.
(ask_about_binding): Move cross sig check from here...
(get_trust): ... and the conflict set building from here...
(build_conflict_set): ... to this new function.
(format_conflict_msg_part1): Replace parameter conflict with
conflict_set.  Drop parameter fingerprint.  Update callers.
(ask_about_binding): Drop unused parameter conflict and redundant
parameter bindings_with_this_email_count.  Rename parameter
bindings_with_this_email to conflict_set.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-05 15:14:27 +02:00
Werner Koch
0ac671f8a2
common: Add an assuan logging monitor.
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 11:58:48 +02:00
Werner Koch
0a4a03e531
gpg: New export filter drop-subkey.
* g10/import.c (impex_filter_getval): Add properties for key packets.
* g10/export.c (export_drop_subkey): New var.
(cleanup_export_globals): Release that var.
(parse_and_set_export_filter): Add filter "drop-subkey".
(apply_drop_subkey_filter): New.
(do_export_stream): Run that filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 09:52:04 +02:00
Werner Koch
c8e0d37f41
gpg: Use a common filter_getval for import and export.
* g10/import.c (filter_getval): Rename to ...
(impex_filter_getval): this.  Make global.
(apply_keep_uid_filter, apply_drop_sig_filter): Adjust.
* g10/export.c (filter_getval): Remove.
(apply_drop_sig_filter): Use impex_filter_getval.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 09:52:04 +02:00
Neal H. Walfield
85fad6c34c g10: End transaction earlier.
* g10/tofu.c (ask_about_binding): End the transaction earlier.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 23:32:00 +02:00
Neal H. Walfield
b410a3cb76 g10: Don't consider cross-signed keys to be in conflict.
* g10/tofu.c (cross_sigs): New function.
(ask_about_binding): If apparently conflicting keys are cross signed,
then don't mark them as conflicting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

If two keys are cross signed, then the same person (probably)
controlled them both.  In this case, don't raise a TOFU conflict.
This usually occurs when someone transitions to a new key.  When that
person rotates to a third key, she will typically only cross sign it
with the second key.  As such, we check this transitively to avoid
declaring a conflict between the 1st and 3rd key.
2016-09-01 23:32:00 +02:00
Werner Koch
38d369de13
gpg: Avoid homedir creation by --list-config
* g10/gpg.c (main): Do not register a key for the list config
commands.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 19:22:48 +02:00
Werner Koch
fde9fa81d3
gpg: Simplify code to print VALIDSIG.
* g10/mainproc.c (check_sig_and_print): Use hexfingerprint and
write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 16:39:41 +02:00
Werner Koch
6bdadae005
gpg: Add new function write_status_printf.
* g10/cpr.c (write_status_printf): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 16:39:41 +02:00
Werner Koch
37e3c89725
gpg: Fix printing of pubkey algo in --verbose signature verify.
* g10/sig-check.c (check_signature2): Replace arg PK by R_PK and
change the semantics.  Also clear the other R_ args on function entry,
use gpg_error() and change retturn type to gpg_error_t.
* g10/mainproc.c (do_check_sig): Add arg R_PK.
(list_node): Pass NULL for new arg.
(check_sig_and_print): Rework to make use of the returned PK.
--

The output

gpg: textmode signature, digest algorithm SHA256, key algorithm rsa2048

showed the pubkey algo of the primary key which was surprising.
Changed to print the algo of the subkey used for verification.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 16:39:41 +02:00
Neal H. Walfield
44690befad g10: Fix typo.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 14:31:55 +02:00
Neal H. Walfield
3d44e5e8a8 g10: When asking about a TOFU binding conflict, default to unknown.
* g10/tofu.c (ask_about_binding): Default to unknown.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 14:31:31 +02:00
Neal H. Walfield
f2e5cb6ffb g10: Add support for TRUST_NEVER.
* g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
returned by the TOFU trust model.
(do_we_trust_pre): Print a different message if TRUSTLEVEL is
TRUST_NEVER.
(check_signatures_trust): Improve comment.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 13:29:56 +02:00
Neal H. Walfield
0cb0ea1633 g10: Improve text.
* g10/tofu.c (show_statistics): Improve the text (key and user id, not
just key).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 13:17:54 +02:00
Neal H. Walfield
00c2850393 g10: Remove unused parameter.
* g10/tofu.c (show_statistics): Remove unused parameter sig_exclude.
Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 13:17:06 +02:00
Werner Koch
3e67b50490
gpg: Copy the correct digest for use by TOFU.
* g10/mainproc.c (do_check_sig): Use the current digest algo.
--

Note that the digest context may have several algos enabled, which is
is case if keys with different hash preferences signed the data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 12:52:21 +02:00
Neal H. Walfield
4cbd2a690c g10: Be careful to not be in a transaction during long operations
* g10/tofu.c (begin_transaction): New parameter only_batch.  If set,
only start a batch transaction if there is none and one has been
requested.  Update callers.
(tofu_suspend_batch_transaction): New function.
(tofu_resume_batch_transaction): Likewise.
(ask_about_binding): Take a ctrl_t, not a tofu_dbs_t.  Update
callers.  Gather statistics within a transaction.  Suspend any batch
transaction when getting user input.
(get_trust): Take a ctrl_t, not a tofu_dbs_t.  Update callers.
Enclose in a transaction.
(tofu_get_validity): Use a batch transaction, not a normal
transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-01 12:43:34 +02:00
Neal H. Walfield
edfb6934ca g10: On a TOFU conflict, show whether the uids are expired or revoked
* g10/tofu.c (struct signature_stats): Add fields is_expired and
is_revoked.
(signature_stats_prepend): Clear *stats when allocating it.
(ask_about_binding): Also show whether the user ids are expired or
revoked.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 17:52:50 +02:00
Neal H. Walfield
28c235ae75 g10: Always trust ultimately trusted keys.
* g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately
trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 13:53:36 +02:00
Neal H. Walfield
5b48960a8a g10: Fix error detection.
* g10/tofu.c: first_seen == 0 is not an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Fixes-commit: 0f1f02ac
Regression-due-to: 45bb9a2a
2016-08-31 12:11:58 +02:00
Neal H. Walfield
e4d5e3cb0d g10: Update a key's TOFU policy in a transaction.
* g10/tofu.c (tofu_set_policy): Do the update in a transaction.
* g10/gpg.c (main): Do a TOFU policy update in a batch transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 11:47:50 +02:00
Neal H. Walfield
247eef005c g10: Fix the show old policy functionality when changing a TOFU policy.
* g10/tofu.c (record_binding): Fix the show old policy functionality.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 11:39:35 +02:00
Neal H. Walfield
70df5a8fd7 g10: Drop unused argument.
* g10/tofu.c (begin_transaction): Remove unused option only_batch.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 10:58:18 +02:00
Neal H. Walfield
268f6b7a34 gpg: Move state local to tofu.c to a private structure.
* g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction
and batch_update_started from here...
* g10/tofu.c (struct tofu_dbs_s): ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 10:47:05 +02:00
Neal H. Walfield
b8184d2d74 gpg: Avoid name spaces clash with future sqlite versions (2).
* g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to
GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG
to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and
SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB.

--
This commit completes the work started in b1ba460.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-31 10:14:19 +02:00
Werner Koch
76304a971f
gpg: Fix regression in gpgv's printing of the keyid.
* g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT.
--

Debian-bug-id: 836144
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-31 08:48:28 +02:00
Neal H. Walfield
371ae66e9d g10: Improve TOFU batch update code.
* g10/gpg.h (tofu): Rename field batch_update_ref to
batch_updated_wanted.
* g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to
in_batch_transaction.
(begin_transaction): Only end an extant batch transaction if we are
not in a normal transaction.  When ending a batch transaction, really
end it.  Update ctrl->tofu.batch_update_started when starting a batch
transaction.
(end_transaction): Only release a batch transaction if ONLY_BATCH is
true.  When releasing a batch transaction, assert that there is no
open normal transaction.  Only allow DBS to be NULL if ONLY_BATCH is
true.
(tofu_begin_batch_update): Don't update
ctrl->tofu.batch_update_started.
(opendbs): Call end_transaction unconditionally.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 16:06:40 +02:00
Neal H. Walfield
3beeaa70bd g10: Improve TOFU debugging output and some comments.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 16:06:39 +02:00
Neal H. Walfield
d0451440c0 g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.
* g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired)
user ids, change TOFU to return TRUST_NEVER.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 16:06:38 +02:00
Neal H. Walfield
6052c14709 g10: Change tofu_register & tofu_get_validity to process multiple uids.
* g10/tofu.c (tofu_register): Take a list of user ids, not a single
user id.  Only register the bindings, don't compute the trust.  Thus,
change return type to an int and remove the may_ask parameter.  Update
callers.
(tofu_get_validity): Take a list of user ids, not a single user id.
Update callers.  Observe signatures made by expired user ids, but
don't include them in the trust calculation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 16:06:37 +02:00
Neal H. Walfield
33e97813d7 g10: Support nested transactions on the TOFU DB.
* g10/gpg.h (struct server_control_s): New field in_transaction.
* g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and
savepoint_inner_commit.
(begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION.  Name the
savepoint according to the nesting level.
(end_transaction): Name the savepoint according to the nesting level.
Decrement CTRL->TOFU.IN_TRANSACTION.
(rollback_transaction): Likewise.  Only ever rollback a non-batch
transaction.
(opendbs): Assert that there are no outstanding transactions.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 15:54:41 +02:00
Neal H. Walfield
4c2abb221b g10: Print the info text in more situations.
* g10/tofu.c (ask_about_binding): Print the info text when the policy
is ask and there are multiple bindings with the email address.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 15:54:40 +02:00
Neal H. Walfield
0858f141a8 g10: Print the formatted text.
* g10/tofu.c (ask_about_binding): Print the formatted text, not the
unformatted text.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 15:54:39 +02:00
Neal H. Walfield
8dda861ad8 g10: When showing a user id's trust, pass the current signature.
* g10/mainproc.c (check_sig_and_print): Consistently pass SIG to
get_validity.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 15:54:38 +02:00
Werner Koch
bdbd03608b
gpg: Make decryption of -R work w/o --try-secret-key or --default-key.
* g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all
cases not just when --try-all-secrets is used.
--

Regression-due-to: 82b90eee10
Reported-by: Carola Grunwald
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-29 07:56:03 +02:00
Werner Koch
0a5a854510
gpg: Fix false negatives in Ed25519 signature verification.
* g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values.
* tests/openpgp/verify.scm (msg_ed25519_rshort): New
(msg_ed25519_sshort): New.
("Checking that a valid Ed25519 signature is verified as such"): New.
--

About one out of 256 signature won't verify due to stripped zero
bytes.  See the source comment for details.

Reported-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 16:18:00 +02:00
Werner Koch
74a082bc10
common: Rename an odd named function.
* common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519.
(openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519.  Change
callers.

--

We use "cv25519" everywhere else and thus the test function should not
have a surprising name.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 15:16:32 +02:00
Werner Koch
19d12be3ce
gpg: New option --with-tofu-info.
* g10/gpg.c (oWithTofuInfo): New.
(opts): Add --with-tofu-info.
(main): Set opt.with_tofu_info.
* g10/options.h (struct opt): Add field WITH_TOFU_INFO.
* g10/tofu.c (show_statistics): Add optional arg OUTFP and enter
special mode if not NULL.  Change all callers.
(tofu_write_tfs_record): New.
* g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as
part of the "uid" record.  Print a new "tfs" record if the new option
is set.
* tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record.
--

A separate option is required to avoid slowing down key listings.
Foer example the current code takes for a keylisting in tofu+pgp mode
17 seconds while it takes more than 5 minutes if the option is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-25 09:37:56 +02:00
Werner Koch
0f1f02acc1
gpg: Change TOFU_STATS to return timestamps.
* g10/tofu.c (write_stats_status): Add arg FP to print a colon
formated line.  Adjust for changed TOFU_STATS interface.
(show_statistics): Let the query return timestamps and use
gnupg_get-time to compute the "time ago" values.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-24 19:56:14 +02:00
Werner Koch
1b55e86442
gpg: Add import filter "drop-sig".
* g10/import.c (import_drop_sig): New variable.
(cleanup_import_globals): Release that.
(parse_and_set_import_filter): Add filter "drop-sig".
(filter_getval): Implement properties for drop-sig.
(apply_drop_sig_filter): New.
(import_one): Apply that filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 16:15:49 +02:00
Werner Koch
de6e3217cd
gpg: New option --sender
* g10/options.h (struct opt): Add field 'sender_list'.
* g10/gpg.c: Include mbox-util.h.
(oSender): New.
(opts): Add option "--sender".
(main): Parse option.
--

This option will eventually be used for more advanced purposes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-18 10:08:34 +02:00
Daniel Kahn Gillmor
61c2a1fa6d
Call log_set_prefix() with human-readable labels.
* agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
* dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
* g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
* tests/gpgscm/main.c, tools/gpg-check-pattern.c
* tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
* tools/symcryptrun.c: Invoke log_set_prefix() with
human-readable labels.

--

Some invocations of log_set_prefix() were done with raw numeric values
instead of values that humans can understand.  Use symbolic
representations instead of numeric for better readability.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-12 12:16:19 +02:00
Werner Koch
70b5d7c43a
gpg: New option --input-size-hint.
* g10/options.h: Include stdint.h.
(struct opt): Add field 'input_size_hint'.
* g10/gpg.c (oInputSizeHint): New.
(opts): Add --input-size-hint.
(main): Set opt.input_size_hint.
* g10/progress.c (write_status_progress): Use the hint.
--

This is a prerequisite to fix
GnuPG-bug-id: 2368

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-11 21:32:55 +02:00
Werner Koch
ed5c1b0b8a
gpg: Print the signer's UID during verification.
* g10/parse-packet.c (parse_signature): Sanitize the value stored in
SIGNERS_UID.
* g10/mainproc.c (issuer_fpr_string): New.
(check_sig_and_print): Print the signers' UID.  Print the issuer
fingerprint in --rfc4880bis mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-10 19:53:53 +02:00
Werner Koch
5b59999ce0
gpg: Remove tofu database format "split".
* g10/options.h (struct opt): Remove field tofu_db_format.
* g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and
tofu.batch_update_started.
* g10/gpg.c (parse_tofu_db_format): Remove.
(main): Make option --tofu-db-format obsolete.
* g10/tofu.c: Major rework.  Remove the pretty complicated and slower
split format and with that all the caching.  Use the dbs struct
directly.  Move global vars for batch update into CTRL.  Change
calling conventions of some function to take CTRL or DBS pointers
instead of  the former low-level database pointer.
--

The split database format might have been nice for use with Unison but
it bypasses the concept of a relational database by doing parts of
this itself and also risking deadlocks.  Working with the Tofu
database for debugging or experiments is also not possible with parts
of the database logic implemented in gpg.

The Tofu support is quite new and we can assume that it is not in real
use now.  Thus we better remove that now so that we do not need to
maintain it for all future.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-10 16:55:04 +02:00
Justus Winter
a27410a251 g10: Fix opening of trust database.
* g10/tdbio.c (tdbio_set_dbname): This function explicitly checks for
the file size, but handled the case of a zero-sized file incorrectly
by returning success.  Fix this by initializing the database in that
case.
* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/issue2417.scm: New file.

GnuPG-bug-id: 2417
Signed-off-by: Justus Winter <justus@g10code.com>
2016-08-10 16:50:29 +02:00
Werner Koch
16feb1e0ea
gpg: Extend the PROGRESS line to give the used unit.
* g10/progress.c (write_status_progress): Print the units parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-09 16:28:39 +02:00
Ben Kibbey
49829c29e5 Cleanup initialization of libgcrypt.
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.

--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-08-09 10:47:46 +02:00
Werner Koch
491d6fdabb
gpg: Cleanup of dek_to_passphrase function (part 2).
* g10/passphrase.c (passphrase_get): Remove arg KEYID.  Change arg
MODE to NOCACHE.
(passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO.  Split arg
MODE into CREATE and NOCACHE.  Change all callers and adjust stubs.
(passphrase_clear_cache): Remove args KEYID and ALGO.  They are not
used.  Change caller.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-08 20:32:08 +02:00
Werner Koch
5b614973fe
gpg: Cleanup of dek_to_passphrase function (part 1).
* g10/passphrase.c (passphrase_to_dek_ext): Remove args CUSTDESC and
CUSTPROMPT.  Merge into the passphrase_to_dek wrapper.
(passphrase_get): Remove args CUSTOM_DESCRIPTION and CUSTOM_PROMPT.
--

The function is nowadays only used for symmetric encryption.  Thus we
do not need all the former advanced stuff.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-08 18:47:27 +02:00
Daniel Kahn Gillmor
c9387e41db
gpg: Avoid publishing the GnuPG version by default
* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version

--

The version of GnuPG in use is not particularly helpful.  It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.

Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.

It's probably better to take the more parsimonious approach to
metadata production by default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-05 12:23:04 +02:00