* g10/call-agent.c (agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
GnuPG-bug-id: 4652
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/photoid.c (exec_write, exec_read, exec_finish): Remove.
(setup_input_file): Rename from make_tempdir.
(expand_args): Drop support of 'o' and 'O'.
(fill_command_argv, run_with_pipe, create_temp_file) New.
(show_photo): New with gnupg_spawn_process_fd and gnupg_wait_process.
(show_photos): Call show_photo.
GnuPG-bug-id: 4362
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/dek.h (DEK): Use debugger friendly type of unsigned int.
* g10/mainproc.c (symkey_decrypt_seskey): Add another check.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/mainproc.c (proc_encrypted): Only call get_session_key when
PKENC_LIST is not NULL.
Return GPG_ERR_BAD_KEY, instead of GPG_ERR_NO_SECKEY, when
it's encrypted only by symmetric key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
--
Reported-by: Phil Pennock
Fixes-commit: 2e349bb617
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver. Remove keyserver lookup just by the
keyid. Try a WKD lookup before a keyserver lookup.
--
The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.
GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_encrypted): Check ->result against -1.
When c->dek == NULL, put GPG_ERR_NO_SECKEY only when not set.
* g10/pubkey-enc.c (get_session_key): Set k->result by the result of
get_it.
When no secret key is available for some reasons, return the last
specific error, if any.
GnuPG-bug-id: 4561
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (main): Change default.
--
Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures. That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.
To revert to the old behavior add
keyserver-optiions no-self-sigs-only,no-import-clean
to gpg.conf.
GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
and skipped-local.
--
This change avoids error message like
gpg: error retrieving 'foo@example.org' via None: No public key
A 'None' mechanism is something internal.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
(get_best_pubkey_byname): Add arg 'mode' and pass on to
get_pubkey_byname. Change callers.
* g10/keylist.c (public_key_list): Add arg 'no_local'.
(locate_one): Ditto. Pass on to get_best_pubkey_byname.
--
This new command is a shortcut for
--auto-key-locate nodefault,clear,wkd,... --locate-key
and uses the default or configured AKL list but does so without local.
See also
GnuPG-bug-id: 4599
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.h (enum get_pubkey_modes): New.
* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
change all callers.
--
This change prepares the implementation of GET_PUBKEY_NO_LOCAL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (import_one): Rename to ...
(import_one_real): this. Do not print and update stats on keyring
write errors.
(import_one): New. Add fallback code.
--
GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
* g10/import.c (parse_import_options): Add option "self-sigs-only".
(read_block): Handle that option.
--
This option is intended to help against importing keys with many bogus
key-signatures. It has obvious drawbacks and is not a bullet-proof
solution because a self-signature can also be faked and would be
detected only later.
GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c: Change arg 'with_meta' to 'options'. Change callers.
--
This chnage allows to pass more options to read_block.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (g10_exit): Block all signals before calling
emergency_cleanup.
--
There is a race condition here which results crash of the process.
When a signal is delivered in emergency_cleanup, it is called again.
This change fixes the problem.
GnuPG-bug-id: 2747
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/tofu.c: Removed some translation markups which either make no
sense or are not possble.
--
Error message which are not helpful for the user but indicate a
problem of the installation or the code do not need a translation.
The translator may not understand them correctly and the use support
can't immediately locate the problem because it needs to be reverse
translated.
There is also one case where certain grammar constructs are
assumed (concatenating parts of a sentence at runtime). Better do not
translate that than getting weird sentences.
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--
GnuPG-bug-id: 4457
* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
--
This is in particular useful to run --list-keys on a keyring with
corrupted packets. The extra flush is to keep the diagnostic close to
the regular --list-key output.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
--
This can lead to keyring corruption becuase we expect that our parser
is abale to parse packts created by us. Test case is
gpg --batch --passphrase 'abc' -v \
--quick-gen-key $(yes 'a'| head -4000|tr -d '\n')
GnuPG-bug-id: 4532
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
Do not clear the ownertrust. Do not let the agent delete the key.
--
Co-authored-by: Matheus Afonso Martins Moreira
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (opt): Add flags.dummy_outfile.
* g10/decrypt.c (decrypt_message): Set this global flag instead of the
fucntion local flag.
* g10/plaintext.c (get_output_file): Ignore opt.output if that was
used as a dummy option aslong with --use-embedded-filename.
--
The problem here was that an explicit specified --decrypt, as
meanwhile suggested, did not work with that dangerous
--use-embedded-filename. In contrast it worked when gpg decrypted as
a side-effect of parsing the data.
GnuPG-bug-id: 4500
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/exec.c (w32_system): Add "!ShellExecute" special.
* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
under Windows and fallbac to 'display' and 'xdg-open' in the Unix
case.
(show_photos): Flush stdout so that the output is shown before the
image pops up.
--
For Unix this basically syncs the code with what we have in gpg 1.4.
Note that xdg-open may not be used when running as root which we
support here.
For Windows we now use ShellExecute as this seems to be preferred over
"cmd /c start"; however this does not solve the actual problem we had
in the bug report. To solve that problem we resort to a wait
parameter which defaults to 400ms. This works on my Windows-10
virtualized test box. If we can figure out which simple viewers are
commonly installed on Windows we should enhance this patch to test for
them.
GnuPG-bug-id: 4334
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
sublists in private-key S-expression.
--
When gpg-agent learns about a private key from its ssh-agent
interface, it stores its S-expression with the comment attached. The
export mechanism for OpenPGP keys already in cleartext was too brittle
because it would choke on these comments. This change lets it ignore
any additional trailing sublists.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Gnupg-Bug-Id: 4490
* kbx/keybox-init.c (keybox_lock): New arg TIMEOUT. Change all
callers to pass -1 when locking.
* sm/keydb.c (struct resource_item): Remove LOCKANDLE.
(struct keydb_handle): Add KEEP_LOCK.
(keydb_add_resource): Use keybox locking instead of a separate dotlock
for testing whether we can run a compress.
(keydb_release): Reset KEEP_LOCK.
(keydb_lock): Set KEEP_LOCK.
(unlock_all): Take care of KEEP_LOCK.
(lock_all): Use keybox_lock instead of dotlock fucntions.
(keydb_delete): Remove arg UNLOCK.
* sm/delete.c (delete_one): Adjust keydb_delete. Due to the KEEP_LOCK
the keydb_release takes care of unlocking.
--
This aligns the code more with g10/keydb.c and avoids the separate
calls to dotlock_take.
GnuPG-bug-id: 4505
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyserver.c (keyserver_search): Remove a specialized error
message.
--
Dirmngr comes with a default keyserver and the suggestion to use
gpg --keyserver
is not good because that option is deprecated. An error message
"No keyserver available" is sufficient.
GnuPG-bug-id: 4512
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/sign.c (update_keysig_packet): Convert digest algo when needed.
--
Several gpg commands try to keep most properties of a key signature
when updating (i.e. creating a new version of a key signature). This
included the use of the current hash-algorithm. This patch changes
this so that SHA-1 or RMD160 are replaced by SHA-256 if
possible (i.e. for RSA signatures). Affected commands are for example
--quick-set-expire and --quick-set-primary-uid.
GnuPG-bug-id: 4508
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/sign.c (make_keysig_packet): Remove obsolete arg diegst_algo
which was always passed as 0. Change all callers.
* g10/gpgcompose.c (signature): Warn when trying to set a digest algo.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_signature): Take only rthe addrspec from a
Signer's UID subpacket.
--
This is to address a problem in the currentr OpenKeychain which put
the entire UID into the subpacket. For example our Tofu code can only
use the addrspec and not the entire UID.
Reported-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/gpgsm.c (opts): New options --authenticode and --attribute.
* sm/gpgsm.h (opt): Add vars authenticode and attribute_list.
* sm/sign.c (add_signed_attribute): New but inactive.
(gpgsm_sign): Use new options.
--
Because libksba 1.4 is not yet ready the new code is not yet active.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
to NULL after use.
--
pubkey_cmp is not guranteed to set new.uid.
So if the diff < 0 case is reached best is set to new.
If then diff > 0 is reached without modifying new.uid
e.g. if the key has no matching mboxes. new.uid is
free'd even though the uid is still referenced in
best.
GnuPG-Bug-Id: T4462
* g10/objcache.c: New.
* g10/objcache.h: New.
* g10/Makefile.am (common_source): Add them.
* g10/gpg.c: Include objcache.h.
(g10_exit): Call objcache_dump_stats.
* g10/getkey.c: Include objcache.h.
(get_primary_uid, release_keyid_list): Remove.
(cache_user_id): Remove.
(finish_lookup): Call the new cache_put_keyblock instead of
cache_user_id.
(get_user_id_string): Remove code for mode 2.
(get_user_id): Implement using cache_get_uid_bykid.
--
This generic caching module is better than the ad-hoc code we used in
getkey.c. More cleanup in getkey is still required but it is a
start. There is also a small performance increase with the new cache:
With a large keyring and --list-sigs I get these numbers:
| | before | after |
|------+------------+------------|
| real | 14m1.028s | 12m16.186s |
| user | 2m18.484s | 1m36.040s |
| sys | 11m42.420s | 10m40.044s |
Note the speedup in the user time which is due to the improved cache
algorithm. This is obvious, because the old cache was just a long
linked list; the new cache are two hash tables.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (PKT_public_key): Add fields fpr and fprlen.
* g10/keyid.c (do_fingerprint_md): Remove.
(compute_fingerprint): New.
(keyid_from_pk): Simplify.
(fingerprint_from_pk): Simplify.
(hexfingerprint): Avoid using extra array.
--
This is similar to what we are doing with the keyid for a long time.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
--
We may even adjust the specs to allow that. It should not be a
problem for any OpenPGP implementation because armored keys are very
common and de-armoring code is de-facto a mandatory feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (import): Limit the number of considered keys to 5.
(import_one): Return the first fingerprint in case of WKD.
--
The Web Key Directory should carry only one key. However, some
providers like to put old or expired keys also into the WKD. I don't
thunk that this is a good idea but I heard claims that this is needed
for them to migrate existing key data bases.
This patch puts a limit on 5 on it (we had none right now) and also
fixes the issue that gpg could not work immediately with the requested
key because the code uses the fingerprint of the key to use the
imported key. Now the first key is used. On a second try (w/o
accessing the WKD) the regular key selection mechanism would be in
effect. I think this is the most conservative approach. Let's see
whether it helps.
Signed-off-by: Werner Koch <wk@gnupg.org>
