1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

9500 Commits

Author SHA1 Message Date
NIIBE Yutaka
37d758e5f2 sm: Fix card access.
* sm/call-agent.c (gpgsm_scd_pksign): Cast to integer for %b.

--

This fix is needed on big endian machine where size_t is bigger
than integer.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-09 16:59:56 +09:00
NIIBE Yutaka
c51a568555 scd: ccid-driver: Initial getting ATR more robustly.
* scd/ccid-driver.c (send_power_off): New.
(do_close_reader): Use send_power_off.
(ccid_get_atr): Add error recovery.

GnuPG-bug-id: 4616
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-09 10:56:09 +09:00
NIIBE Yutaka
39c40e572c scd: Fix keygrip search.
* scd/app.c (app_do_with_keygrip): Break the entire loop.

Fixes-commit: 5a5288d051
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-08 12:26:51 +09:00
Werner Koch
96bf8f4778
gpg: With --auto-key-retrieve prefer WKD over keyservers.
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver.  Remove keyserver lookup just by the
keyid.  Try a WKD lookup before a keyserver lookup.
--

The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.

GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-05 10:33:13 +02:00
Werner Koch
b0e8724b10
wkd: Change client/server limit back to 64 KiB
* tools/wks-receive.c (decrypt_data): Change limit.
--

The former limit ~1MiB of was used during development.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-05 10:33:13 +02:00
NIIBE Yutaka
38b9da7de3 sm: Return the last error for pubkey decryption.
* sm/decrypt.c: Use TMP_RC for ksba_cms_get_issuer_serial,
and return the last error when no key is available.
Fix the error report with TMP_RC for second call of
ksba_cms_get_issuer_serial.

GnuPG-bug-id: 4561
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-05 15:46:19 +09:00
NIIBE Yutaka
6cc4119ec0 gpg: Return the last error for pubkey decryption.
* g10/mainproc.c (proc_encrypted): Check ->result against -1.
When c->dek == NULL, put GPG_ERR_NO_SECKEY only when not set.
* g10/pubkey-enc.c (get_session_key): Set k->result by the result of
get_it.
When no secret key is available for some reasons, return the last
specific error, if any.

GnuPG-bug-id: 4561
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-05 15:16:08 +09:00
Daniel Kahn Gillmor
064aeb14c9
dirmngr: fix handling of HTTPS redirections during HKP
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.

--
inspired by patch from Damien Goutte-Gattat <dgouttegattat@incenp.org>

GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Originally applied to 2.2.  Here a minor conflict fix was needed.
2019-07-04 16:36:18 +02:00
Werner Koch
23c9786408
gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
* g10/gpg.c (main): Change default.
--

Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures.  That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.

To revert to the old behavior add

  keyserver-optiions  no-self-sigs-only,no-import-clean

to gpg.conf.

GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:45:39 +02:00
Werner Koch
91a6ba3234
gpg: Avoid printing false AKL error message.
* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
and skipped-local.
--

This change avoids error message like

  gpg: error retrieving 'foo@example.org' via None: No public key

A 'None' mechanism is something internal.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:21:39 +02:00
Werner Koch
d00c8024e5
gpg: New command --locate-external-key.
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
(get_best_pubkey_byname): Add arg 'mode' and pass on to
get_pubkey_byname.  Change callers.
* g10/keylist.c (public_key_list): Add arg 'no_local'.
(locate_one): Ditto.  Pass on to get_best_pubkey_byname.
--

This new command is a shortcut for

  --auto-key-locate nodefault,clear,wkd,... --locate-key

and uses the default or configured AKL list but does so without local.

See also
GnuPG-bug-id: 4599

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:13:26 +02:00
Werner Koch
9980f81da7
gpg: Make the get_pubkey_byname interface easier to understand.
* g10/keydb.h (enum get_pubkey_modes): New.
* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
change all callers.
--

This change prepares the implementation of GET_PUBKEY_NO_LOCAL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 10:42:48 +02:00
Werner Koch
8b113bb148
dirmngr: Avoid endless loop in case of HTTP error 503.
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
(handle_send_request_error): Use it for 503 and 504.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
extra_tries.
--

This is a pretty stupid fix but one which works without much risk of
regressions.  We could have used the existing TRIES but in that case
the fallback to other host would have been too limited.  With the used
value we can have several fallbacks to other hosts.  Note that the
TRIES is still cumulative and not per host.

GnuPG-bug-id: 4600
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-03 17:39:53 +02:00
Werner Koch
37f0c55c7b
dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
same.
--

GnuPG-bug-id: 4603
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-03 16:20:00 +02:00
Peter Lebbing
cf92f7d96f
Mention --sender in documentation 2019-07-02 13:34:15 +02:00
Werner Koch
3a403ab04e
gpg: Fallback to import with self-sigs-only on too large keyblocks.
* g10/import.c (import_one): Rename to ...
(import_one_real): this.  Do not print and update stats on keyring
write errors.
(import_one): New.  Add fallback code.
--

GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-01 21:53:55 +02:00
Werner Koch
2e349bb617
gpg: New import and keyserver option "self-sigs-only"
* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
* g10/import.c (parse_import_options): Add option "self-sigs-only".
(read_block): Handle that option.
--

This option is intended to help against importing keys with many bogus
key-signatures.  It has obvious drawbacks and is not a bullet-proof
solution because a self-signature can also be faked and would be
detected only later.

GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-01 15:15:30 +02:00
Werner Koch
894b72d796
gpg: Make read_block in import.c more flexible.
* g10/import.c: Change arg 'with_meta' to 'options'.  Change callers.
--

This chnage allows to pass more options to read_block.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-01 15:15:29 +02:00
NIIBE Yutaka
7c877f942a tools: gpgconf: Killing order is children-first.
* tools/gpgconf-comp.c (gc_component_kill): Reverse the order.

--

The order matters in a corner case; On a busy machine, there was a
race condition between gpg-agent's running KILLAGENT command and its
accepting incoming request on the socket.  If a request by
gpg-connect-agent was accepted, it resulted an error by sudden
shutdown.  This change of the order can remove such a race.

Here, we know backend=0 is none.

GnuPG-bug-id: 4577
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-01 13:07:22 +09:00
NIIBE Yutaka
374a077554 agent: Close a dialog cleanly when gpg/ssh is killed for CONFIRM.
* agent/call-pinentry.c (watch_sock_start): Factor out
from do_getpin.
(watch_sock_end): Likewise.
(do_getpin): Use those functions.
(agent_get_confirmation): Likewise.
(popup_message_thread): Likewise.

--

Pinentry's dialog for confirmation should be also closed cleanly, as
well as the dialog for pin-input.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-28 09:33:30 +09:00
NIIBE Yutaka
f05fd37266 po: Update Japanese Translation.
--

Thanks to Philippe.

Reported-by: Phillppe Antoine
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-27 08:30:25 +09:00
Werner Koch
92ba831758
scd: Do not conflict if a card with another serialno is demanded.
* scd/app.c (check_application_conflict): Add args to pass a serialno.
* scd/command.c (open_card_with_request): Pass the serialno to
check_application_conflict.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-25 09:48:18 +02:00
Werner Koch
c8e62965bc
scd: Return a stable list with "getinfo card_list".
* scd/app.c (compare_card_list_items): New.
(app_send_card_list): Sort the card objects by slot.
--

This is required so that in gpg-card a "list N" command always returns
the expected card.  Sorting by slot should be sufficient.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-25 09:23:38 +02:00
Werner Koch
d803b3bb3c
scd: Add an re-select mechanism to switch apps.
* scd/app-common.h (struct app_ctx_s): Add func ptr 'reselect'.
* scd/app-piv.c (do_reselect): New.
(app_select_piv): Move AID constant to file scope.
* scd/app-openpgp.c (do_reselect): New.
(app_select_openpgp): Move AID constant to file scope.
* scd/app.c (apptype_from_name): New.
(check_application_conflict): Check against all apps of the card.
Always set current_apptype.
(select_additional_application): New.
(maybe_switch_app): New.
(app_write_learn_status, app_readcert, app_readkey, app_getattr)
(app_setattr, app_sign, app_auth, app_decipher, app_writecert)
(app_writekey, app_genkey, app_change_pin, app_check_pin): Use it here.
(app_do_with_keygrip): Force reselect on success.
(app_new_register): Move setting of CURRENT_APPTYPE to ...
(select_application): here so that it will be set to the requested
card.
* scd/command.c (open_card_with_request): Select additional
application if possible.
--

Noet that we will likely need to rework this even more so to get well
defined semantics for card access.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-25 09:21:14 +02:00
Daniel Kahn Gillmor
d7d1ff4557 spelling: Fix "synchronize"
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-23 20:21:02 -04:00
Werner Koch
b304c006a3
scd: Take the card look while running app->with_keygrip.
* scd/app.c (app_do_with_keygrip): Lock the card.
--

Better safe than sorry.

We should also review the card reference counting to see whether we
better ref the returned card object already here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 14:51:55 +02:00
Werner Koch
0400a4eb17
scd: Take the lock earlier in the function dispatchers.
* scd/app.c: Chnage all function dispatcher.
--

This change will allow us to easier integrate an app swithcing logic.
The change should have no user visible effect.  The error checking we
do now with the card locked will rarely be asserted.  It is the
correct thing to do anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 14:01:06 +02:00
Werner Koch
1b78e4951e
scd: Add code to check whether app switching is possible.
* scd/app.c (check_conflict): Fold into ...
(check_application_conflict): this and adjust callers.  Return a
different error code if it is possible to switch apps.
--

Right now this change does nothing visible.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:44:25 +02:00
Werner Koch
91e2931caa
scd: Track the currently selected app.
* scd/scdaemon.h (struct server_control_s): Add 'current_apptype'.
* scd/command.c (scd_clear_current_app): New.
* scd/app.c (app_new_register): Set it.
(deallocate_card): Clear it.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:42:59 +02:00
Werner Koch
43dcf93407
scd: Simplify inclusion of app-common.h.
* scd/scdaemon.h: Include app-common.h.  Remove inclusion of that
header from all other files.
(card_t, app_t): Move typedef to ...
* scd/app-common.h: here.  Use them in the defs.
--

In another patch we will need apptype_t in the ctrl object and thus we
need to reorganize things a bit now.  Given that most files need
app-common anyway it makes sense to always include it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:42:59 +02:00
Werner Koch
4256e9f0f1
gpg: Very minor code cleanup.
* g10/decrypt-data.c (decrypt_data): Remove superfluous test.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:42:59 +02:00
Werner Koch
9551275857
scd: Use enums for cardtype and apptype.
* scd/app-common.h (cardtype_t): New.
(apptype_t): New.
(struct card_ctx_s): Change type of cardtype.
(struct app_ctx_s): Change type of apptype.  Adjust all users.
* scd/app.c (struct app_priority_list_s): Add field apptype.
(strcardtype): New.  Use as needed.
(strapptype): New.  Use as needed.
--

Using strcmp is lame and we can't use a switch to let the compiler
complain about missed cases.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-21 11:42:58 +02:00
NIIBE Yutaka
0ccb5ddef1 po: Update Japanese Translation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-20 15:11:20 +09:00
NIIBE Yutaka
d5287f43fd tools: Fix error handling for gpg-pair-tool.
* tools/gpg-pair-tool.c (read_message): Initialize ERR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-20 11:29:27 +09:00
Werner Koch
5a5288d051
scd: Split data structures into app and card related objects.
* scd/app-common.h (struct card_ctx_s): New.
(struct app_ctx_s): Factor card specific fields out to card_ctx_s.
(app_get_slot): New.
* scd/scdaemon.h (card_t): New.
(struct server_control_s): Rename field app_ctx to card_ctx and change
all users.
* scd/app-dinsig.c: Use app_get_slot and adjust for chang in card
related fields.
* scd/app-geldkarte.c: Ditto.
* scd/app-nks.c: Ditto.
* scd/app-openpgp.c: Ditto.
* scd/app-p15.c: Ditto.
* scd/app-sc-hsm.c: Ditto.
* scd/app.c: Lost of changes to adjust for the changed data
structures.  Change all callers.
(app_list_lock): Rename to card_list_lock.
(app_top): Remove.
(card_top): New.
(lock_app): Rename to lock_card and change arg type.
(unlock_app): Rename to unlock_card.
(app_dump_state): Print card and app info.
(app_reset): Rename to card_reset.
(app_new_register): Change for the new data structure.
(deallocate_card): Dealloc card and all apps.
(app_ref): Rename to card_ref.
(app_unref): Rename to card_unref.
(app_unref_locked): Rename to card_unref_locked.
(card_get_serialno): New.
* scd/command.c (cmd_pkdecrypt): Actually use the looked up card and
former app object and not the standard one from the context.
--

Although quite large, this is a straightforward change to separate
card/token related data from card application related data.  Before
this change there was a one-to-one relation between card and
application and no way to represent several applications on a card.
The new data structure will allow for such a representation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-19 08:50:40 +02:00
NIIBE Yutaka
c3dd53a65d scd: KEYINFO: Send LF for --data.
* scd/command.c (send_keyinfo): Send LF for --data.

--

Fixes-commit: 01730529f2
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-18 10:13:40 +09:00
Werner Koch
e900bf2973
scd:piv: Add the do_with_keygrip feature.
* scd/app-piv.c (do_with_keygrip): New.
(app_select_piv): Register function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-17 18:04:36 +02:00
Werner Koch
c594dcfc93
scd: Add explict functions for 'app' reference counting.
* scd/app.c (app_ref): New.
(app_unref): New.
(release_application): Renamed to ...
(app_unref_locked): this and remove arg locked_already.  Change
callers to use this or app_ref.
* scd/command.c (open_card_with_request):
(cmd_pksign, cmd_pkauth, cmd_pkdecrypt): Use app_ref and app_unref
instead of accessing the counter directly.
--

This is better in case we need to debug stuff.  There is a real change
however: We now lock and unlock the app before changing the reference
count.

The whole app locking business should be reviewed because we pass
pointers along without immediately bumping the refcount.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-17 16:19:22 +02:00
Werner Koch
70f7b26287
scd: Slight change to app->fnc.do_with_keygrip.
* scd/app-openpgp.c (do_with_keygrip): Return a real error code to
avoid misinterpretation of the result.  Also fix the case for a too
small buffer.
--

The only real chnage is the case for a too small buffer.  That should
in general never happen but if so we now return an error instead of
success.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-17 14:35:21 +02:00
Werner Koch
479c2775d5
scd: Use the correct gpg for the v1.0 OpenPGP card hack.
* scd/app-openpgp.c (get_public_key): Use gnupg_module_name instead of
just "gpg".
--

There is no bug report regarding this and it would be very unlikely
but we should always use the gpg belonging to our code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-17 13:56:32 +02:00
Werner Koch
6260f41318
note: previous commit 6e46862 fixes another minor doc issue fix.
--

Please use useful subjects so that there is no need to lookup what a
fix is.  A commit fix should be indicated with the keyword
"Fixes-commit: xxxxx"
2019-06-17 09:26:36 +02:00
Daniel Kahn Gillmor
6e46862abd fix up 6562de7475
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-14 16:49:27 +01:00
Daniel Kahn Gillmor
6562de7475 doc/gpgsm: explain what "policy-file" refers to.
A new user who sees "policy-file" and searches naively through the
documentation to find it again won't be able to tell what this refers
to, since "policies.txt" doesn't otherwise match the search string
"policy".  This gives them a fighting chance at finding the
documentation.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-11 08:17:06 +01:00
NIIBE Yutaka
1e9d61fb95 gpgparsemail: Die on parse error, printing errno thing.
* tools/gpgparsemail.c (parse_message): Revert the change.
* tools/rfc822parse.c (transition_to_body): Set ERRNO.
(transition_to_header, insert_header): Likewise.

--

In the comment of rfc822parse_* functions, it explicitly explained
setting ERRNO on error.  For parser errors, it may not have
appropriate ERRNO, in such a case, use ENOENT.

Fixes-commit: c13e459ffe
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-07 13:28:07 +09:00
NIIBE Yutaka
72fe8d652f scd: Bring back --card-timeout option as deprecated.
* doc/scdaemon.texi (card-timeout): Add.
* scd/scdaemon.c (main): Revert the change.

--

GnuPG-bug-id: 3383
Fixes-commit: 4262933ef6
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-06 09:55:10 +09:00
NIIBE Yutaka
c13e459ffe gpgparsemail: Die on parse error (not abort).
* tools/gpgparsemail.c (parse_message): Don't use ERRNO.
* tools/rfc822parse.c (transition_to_body): Return -1.
(transition_to_header, insert_header): Likewise.

--

GnuPG-bug-id: 1977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-06 09:32:58 +09:00
Werner Koch
9bf650db02
sm: Print a better diagnostic for encryption certificate selection.
* sm/certlist.c (gpgsm_add_to_certlist): Add diagnostic and fold two
similar branches.
--

Without this patch gpgsm printed:

 gpgsm[23045]: DBG: chan_6 <- RECIPIENT edward.tester@demo.gnupg.com
 gpgsm[23045]: certificate is not usable for encryption
 gpgsm[23045]: certificate is good

with this patch a

 gpgsm[23045]: looking for another certificate

is inserted into the log.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-04 09:24:03 +02:00
NIIBE Yutaka
537fbe13af g10: Block signals in g10_exit.
* g10/gpg.c (g10_exit): Block all signals before calling
emergency_cleanup.

--

There is a race condition here which results crash of the process.
When a signal is delivered in emergency_cleanup, it is called again.
This change fixes the problem.

GnuPG-bug-id: 2747
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 13:39:46 +09:00
NIIBE Yutaka
0076bef202 agent: Allow TERM="".
* agent/call-pinentry.c (start_pinentry): When TERM is none,
don't send OPTION ttytype to pinentry.

--

GnuPG-bug-id: 4137
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 11:35:06 +09:00
NIIBE Yutaka
3a1bb00810 agent: Add pinentry_loopback_confirm declaration.
* agent/agent.h (pinentry_loopback_confirm): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 09:59:08 +09:00