1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

8309 Commits

Author SHA1 Message Date
Vincent Breitmoser
f361141a44 gpg: accept subkeys with a good revocation but no self-sig during import
* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
encounter a valid revocation signature. This allows import of subkey
revocation signatures, even in the absence of a corresponding subkey
binding signature.

--

This fixes the remaining test in import-incomplete.scm.

GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-14 17:07:48 +01:00
Vincent Breitmoser
a1db83d8a3 gpg: allow import of previously known keys, even without UIDs
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
has no user id, as long as we already have a local variant of the cert
that matches the primary key.

--

This fixes two of the three broken tests in import-incomplete.scm.

GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-14 17:07:42 +01:00
Vincent Breitmoser
4c40bfa90b tests: add test cases for import without uid
This commit adds a test case that does the following, in order:
- Import of a primary key plus user id
- Check that import of a subkey works, without a user id present in the
imported key
- Check that import of a subkey revocation works, without a user id or
subkey binding signature present in the imported key
- Check that import of a primary key revocation works, without a user id
present in the imported key

--

Note that this test currently fails.  The following changesets will
fix gpg so that the tests pass.

GnuPG-Bug-id: 4393
Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-14 17:07:27 +01:00
Daniel Kahn Gillmor
6e46862abd fix up 6562de7475b21cd03c7b1a83a591fa563c589f5b
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-14 16:49:27 +01:00
Daniel Kahn Gillmor
6562de7475 doc/gpgsm: explain what "policy-file" refers to.
A new user who sees "policy-file" and searches naively through the
documentation to find it again won't be able to tell what this refers
to, since "policies.txt" doesn't otherwise match the search string
"policy".  This gives them a fighting chance at finding the
documentation.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-11 08:17:06 +01:00
NIIBE Yutaka
1e9d61fb95 gpgparsemail: Die on parse error, printing errno thing.
* tools/gpgparsemail.c (parse_message): Revert the change.
* tools/rfc822parse.c (transition_to_body): Set ERRNO.
(transition_to_header, insert_header): Likewise.

--

In the comment of rfc822parse_* functions, it explicitly explained
setting ERRNO on error.  For parser errors, it may not have
appropriate ERRNO, in such a case, use ENOENT.

Fixes-commit: c13e459ffeffb8c5387c44b3c04bb92b7111a75b
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-07 13:28:07 +09:00
NIIBE Yutaka
72fe8d652f scd: Bring back --card-timeout option as deprecated.
* doc/scdaemon.texi (card-timeout): Add.
* scd/scdaemon.c (main): Revert the change.

--

GnuPG-bug-id: 3383
Fixes-commit: 4262933ef6f7530b4ad55646250a6763de9bf103
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-06 09:55:10 +09:00
NIIBE Yutaka
c13e459ffe gpgparsemail: Die on parse error (not abort).
* tools/gpgparsemail.c (parse_message): Don't use ERRNO.
* tools/rfc822parse.c (transition_to_body): Return -1.
(transition_to_header, insert_header): Likewise.

--

GnuPG-bug-id: 1977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-06 09:32:58 +09:00
Werner Koch
9bf650db02
sm: Print a better diagnostic for encryption certificate selection.
* sm/certlist.c (gpgsm_add_to_certlist): Add diagnostic and fold two
similar branches.
--

Without this patch gpgsm printed:

 gpgsm[23045]: DBG: chan_6 <- RECIPIENT edward.tester@demo.gnupg.com
 gpgsm[23045]: certificate is not usable for encryption
 gpgsm[23045]: certificate is good

with this patch a

 gpgsm[23045]: looking for another certificate

is inserted into the log.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-04 09:24:03 +02:00
NIIBE Yutaka
537fbe13af g10: Block signals in g10_exit.
* g10/gpg.c (g10_exit): Block all signals before calling
emergency_cleanup.

--

There is a race condition here which results crash of the process.
When a signal is delivered in emergency_cleanup, it is called again.
This change fixes the problem.

GnuPG-bug-id: 2747
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 13:39:46 +09:00
NIIBE Yutaka
0076bef202 agent: Allow TERM="".
* agent/call-pinentry.c (start_pinentry): When TERM is none,
don't send OPTION ttytype to pinentry.

--

GnuPG-bug-id: 4137
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 11:35:06 +09:00
NIIBE Yutaka
3a1bb00810 agent: Add pinentry_loopback_confirm declaration.
* agent/agent.h (pinentry_loopback_confirm): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 09:59:08 +09:00
NIIBE Yutaka
4262933ef6 scd: Remove unsupported --card-timeout option.
* doc/scdaemon.texi (card-timeout): Remove.
* scd/scdaemon.c (main): Remove oCardTimeout handling.

--

There was the card-timeout option in GnuPG 2.0, but it was never
implemented correctly.  The intention of this option was to allow
sharing smartcard among multiple applications, but this didn't work
well as user's expectation (it only worked with DISCONNECT command).
This is because other parts of scdaemon assumes exclusive access.  In
GnuPG 2.1, the support of the option was removed, improving
"DISCONNECT" command always works well without this option.

GnuPG-bug-id: 3383
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 09:47:14 +09:00
NIIBE Yutaka
20acc7c022 g10,agent: Support CONFIRM for --delete-key.
* agent/call-pinentry.c (agent_get_confirmation): Add call of
pinentry_loopback_confirm.
(agent_popup_message_start): Likewise.
(agent_popup_message_stop): Return if it's loopback mode.
* agent/command.c (pinentry_loopback_confirm): New.

* g10/call-agent.c (default_inq_cb): Support "CONFIRM" inquery
when PINENTRY_MODE_LOOPBACK mode.
(confirm_status_cb): New.
(agent_delete_key): Supply confirm_status_cb to set the description
string for confirmation.

--

In the Assuan communication, we introduce new interaction:

    [gpg]                            [gpg-agent]
            --- CMD: PKDECRYPT -->
            <-- STATUS: SETDESC "..."
            <-- STATUS: SETOK "..."
            <-- STATUS: SETNOTOK "..."
            <-- INQUERY: CONFIRM 0/1 (0 for display, 1 for user query)
	    --- INQUERY-result: -->
	    <-- RESULT: ...

GnuPG-bug-id: 3465
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 09:17:21 +09:00
NIIBE Yutaka
eaf3b89d11 doc: Add a section for gpg-check-pattern.
* doc/Makefile.am: Add gpg-check-pattern.1.
* doc/tools.texi (GPG-CHECK-PATTERN): New.

--

GnuPG-bug-id: 4031
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-06-04 08:49:05 +09:00
Werner Koch
f2ac6742d4
Return better error code for some getinfo IPC commands.
* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
* g13/server.c (cmd_getinfo): Ditto.
* sm/server.c (cmd_getinfo): Ditto.
--

GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require
a later version for gnupg 2.  Thus we can switch to this more
descriptive code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-03 16:33:10 +02:00
NIIBE Yutaka
6790eaf952 agent: Add A-flag for KEYINFO output for card.
* agent/command.c (do_one_keyinfo): Add ON_CARD argument to put
A-flag.
(cmd_keyinfo): Call agent_card_keyinfo to offer additional information
if it's on card.

--

This is a modification in gpg-agent, intended for better
enum_secret_keys in gpg frontend.

GnuPG-bug-id: 4244
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-29 16:19:46 +09:00
Werner Koch
6b06fb3cc5
Add changes from 2.2 to NEWS.
--
2019-05-28 18:09:13 +02:00
Werner Koch
405f41007c
dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
r_produced_at, and r_md.  Get the hash algo from the signature and
create the context here.
(check_signature): Allow any hash algo.  Print a diagnostic if the
signature does not verify.
--

GnuPG-bug-id: 3966
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-28 12:27:53 +02:00
Werner Koch
4699e294cc
dirmngr: Improve finding OCSP cert.
* dirmngr/certcache.c (find_cert_bysubject): Add better debug output
and try to locate by keyid.
--

This chnages was suggested in
GnuPG-bug-id: 4536
but we do not have any test cases for this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-28 12:27:53 +02:00
Werner Koch
a2a9071746
agent: Make an MD encoding function more robust.
* agent/pksign.c (do_encode_md): Use ascii_tolower and avoid
uninitalized TMP in the error case.
--

This is just in case libgcrypt ever returns an algorithm name longer
than 15 bytes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-28 12:27:52 +02:00
NIIBE Yutaka
19415a2652 agent: Remove unused agent_show_message.
* agent/call-pinentry.c (agent_show_message): Remove.
* agent/genkey.c (take_this_one_anyway): Rename from
take_this_one_anyway2.  Remove a dead path calling agent_show_message.
(check_passphrase_constraints): Use take_this_one_anyway.

--

Fixes-commit: 2778c6f8f40d73272075ce04c07097f65c94054e
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-28 11:29:25 +09:00
Werner Koch
521e7d4644
sm: Avoid confusing diagnostic for the default key.
* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
callers.
(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
Change all callers.
* sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
gpgsm_cert_use_sign_p
--

GnuPG-bug-id: 4535
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-27 15:44:16 +02:00
Werner Koch
b6289af973
gpg: Fixed i18n markup of some strings.
* g10/tofu.c: Removed some translation markups which either make no
sense or are not possble.
--

Error message which are not helpful for the user but indicate a
problem of the installation or the code do not need a translation.
The translator may not understand them correctly and the use support
can't immediately locate the problem because it needs to be reverse
translated.

There is also one case where certain grammar constructs are
assumed (concatenating parts of a sentence at runtime).  Better do not
translate that than getting weird sentences.
2019-05-27 12:55:06 +02:00
Werner Koch
cc6069ac6e
gpg: Allow deletion of subkeys with --delete-[secret-]key.
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--

GnuPG-bug-id: 4457
2019-05-27 10:40:38 +02:00
NIIBE Yutaka
7158a5696d agent: Stop scdaemon after reload when disable_scdaemon.
* agent/call-scd.c (agent_card_killscd): New.
* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.

--

GnuPG-bug-id: 4326
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-23 10:15:18 +09:00
NIIBE Yutaka
265e6d6706 g10: Copy expiredate from primary key when marked expired.
* g10/getkey.c (merge_selfsigs): Update ->expiredate of subkey.

--

GnuPG-bug-id: 3343
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-23 09:40:01 +09:00
Werner Koch
4c7d63cd5b
gpg: Do not bail on an invalid packet in the local keyring.
* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
--

This is in particular useful to run --list-keys on a keyring with
corrupted packets.  The extra flush is to keep the diagnostic close to
the regular --list-key output.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-21 17:27:42 +02:00
Werner Koch
156788a43c
gpg: Do not allow creation of user ids larger than our parser allows.
* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
--

This can lead to keyring corruption becuase we expect that our parser
is abale to parse packts created by us.  Test case is

  gpg --batch --passphrase 'abc' -v  \
      --quick-gen-key $(yes 'a'| head -4000|tr -d '\n')

GnuPG-bug-id: 4532
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-21 16:25:56 +02:00
Werner Koch
126caa34bb
gpg: Unify the the use of the print_pubkey_info functions.
* g10/keylist.c (format_seckey_info): Remove.
(print_pubkey_info, print_seckey_info): Remove.
(format_key_info): New.
(print_key_info): New.
(print_key_info_log): New.
* g10/card-util.c (current_card_status): Use print_key_info and remove
the useless condition on KEYBLOCK.
* g10/delkey.c (do_delete_key): Replace print_pubkey_info and
print_seckey_info by print_key_info.
* g10/keyedit.c (menu_addrevoker): Replace print_pubkey_info by
print_key_info.
* g10/pkclist.c (do_we_trust_pre): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.  Also use print_key_info_log instead of separate
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-21 13:02:32 +02:00
NIIBE Yutaka
1eb93d9229 scd: Fix for SCARD_IO_REQUEST structure.
* scd/apdu.c (struct pcsc_io_request_s): Use pcsc_dword_t for Windows.

--

This fix is for correctness and for the future when we will support
64-bit Windows.

GnuPG-bug-id: 4454
Suggested-by: Juris Ozols
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-21 16:38:23 +09:00
NIIBE Yutaka
479f7bf31c agent: For SSH key, don't put NUL-byte at the end.
* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
the length by the second call of gcry_sexp_sprint.

--

GnuPG-bug-id: 4502
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-21 15:50:28 +09:00
Werner Koch
110a455017
gpg: Do not delete any keys if --dry-run is passed.
* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
Do not clear the ownertrust.  Do not let the agent delete the key.
--

Co-authored-by: Matheus Afonso Martins Moreira
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-20 12:31:55 +02:00
Werner Koch
386bacd974
gpg: Fix using --decrypt along with --use-embedded-filename.
* g10/options.h (opt): Add flags.dummy_outfile.
* g10/decrypt.c (decrypt_message): Set this global flag instead of the
fucntion local flag.
* g10/plaintext.c (get_output_file): Ignore opt.output if that was
used as a dummy option aslong with --use-embedded-filename.
--

The problem here was that an explicit specified --decrypt, as
meanwhile suggested, did not work with that dangerous
--use-embedded-filename.  In contrast it worked when gpg decrypted as
a side-effect of parsing the data.

GnuPG-bug-id: 4500
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-17 13:40:24 +02:00
Werner Koch
7e5847da0f
gpg: Improve the photo image viewer selection.
* g10/exec.c (w32_system): Add "!ShellExecute" special.
* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
under Windows and fallbac to 'display' and 'xdg-open' in the Unix
case.
(show_photos): Flush stdout so that the output is shown before the
image pops up.
--

For Unix this basically syncs the code with what we have in gpg 1.4.
Note that xdg-open may not be used when running as root which we
support here.

For Windows we now use ShellExecute as this seems to be preferred over
"cmd /c start"; however this does not solve the actual problem we had
in the bug report.  To solve that problem we resort to a wait
parameter which defaults to 400ms.  This works on my Windows-10
virtualized test box.  If we can figure out which simple viewers are
commonly installed on Windows we should enhance this patch to test for
them.

GnuPG-bug-id: 4334
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-17 12:47:13 +02:00
Werner Koch
6fc5df1e10
kbx: Fix an endless loop under Windows due to an incomplete fix.
* kbx/keybox-search.c (keybox_search):  We need to seek to the last
position in all cases not just when doing a NEXT.
--

This is because search from the beginning needs a keybox_search_reset.
We can only make an exception for KEYDB_SEARCH_MODE_FIRST..

Fixes-commit: 49b236af0ecbb6df67513feb4b63851f2e159ea2
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-16 13:57:04 +02:00
Werner Koch
50c2f76ae6
gpgconf: Before --launch check that the config file is fine.
* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
* tools/gpgconf.c (gpgconf_failure): Call log_flush.
--
GnuPG-bug-id: 4497
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-16 12:25:07 +02:00
Werner Koch
79c99921e3
scd: Remove unused cruft from GnuPG 1.x
* scd/apdu.c: Remove code used only by GnuPG 1.
* scd/app-openpgp.c: Ditto.
* scd/ccid-driver.c: Ditto.
* scd/iso7816.c: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-16 08:24:42 +02:00
NIIBE Yutaka
dc35b25195 agent,scd: Scan and load all public keys for availability.
* agent/divert-scd.c (ask_for_card): Scan by SERIALNO command.
* scd/app-openpgp.c (do_with_keygrip): Make sure to load pubkey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-16 10:09:41 +09:00
NIIBE Yutaka
1091f22511 agent: Support scdaemon operation using KEYGRIP.
* agent/agent.h (struct card_key_info_s): New.
(divert_pksign, divert_pkdecrypt): New API.
* agent/call-scd.c (card_keyinfo_cb): New.
(agent_card_free_keyinfo, agent_card_keyinfo): New.
* agent/divert-scd.c (ask_for_card): Having GRIP argument,
ask scdaemon with agent_card_keyinfo.
(divert_pksign, divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Supply GRIP.
* agent/pksign.c (agent_pksign_do): Ditto.

--

We are going to relax the requirment for SERIALNO of card.  It's OK,
when a card doesn't have recorded SERIALNO.  If a card has a key
with GRIP, it can be used.

GnuPG-bug-id: 2291, 4301
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-15 17:13:32 +09:00
NIIBE Yutaka
01730529f2 scd: Don't put newline at the end of status.
* scd/command.c (send_keyinfo): Remove newline.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-15 17:12:23 +09:00
Werner Koch
42adb56e66
doc: Do not mention gpg's deprecated --keyserver option.
--
GnuPG-bug-id: 4466
2019-05-15 09:18:28 +02:00
Daniel Kahn Gillmor
392e59a3d4
gpg: enable OpenPGP export of cleartext keys with comments
* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
sublists in private-key S-expression.

--

When gpg-agent learns about a private key from its ssh-agent
interface, it stores its S-expression with the comment attached.  The
export mechanism for OpenPGP keys already in cleartext was too brittle
because it would choke on these comments.  This change lets it ignore
any additional trailing sublists.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Gnupg-Bug-Id: 4490
2019-05-15 09:02:31 +02:00
Werner Koch
a4be077abd
gpgconf: Support --homedir for --launch.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
gnupg_homedir already returns abd absolute name.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
(gc_component_launch): Support --homedir.
--

GnuPG-bug-id: 4496
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-15 08:52:21 +02:00
Werner Koch
6e041b7b35
sm: Add a couple of debug calls to the keydb module.
* sm/gpgsm.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
(DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
* sm/gpgsm.c: new debug flags "lookup" and "clock"
* sm/keydb.c: Add log_clock calls to most functions.
(keydb_search_desc_dump): New.
(keydb_search) [DBG_LOOKUP]: Print descrh decription.
* sm/keylist.c (list_cert_std): Flush FP in debug mode to better
syncronize the output with the debug output
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-15 08:52:21 +02:00
NIIBE Yutaka
62c29af632 scd: Fix return value for KEYINFO command.
* scd/command.c (cmd_keyinfo): Return GPG_ERR_NOT_FOUND if none.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-05-15 15:44:32 +09:00
Werner Koch
49b236af0e
kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
* kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
instead of fclose so that a close is done if the file is opened by
another handle.
* kbx/keybox-search.c (keybox_search): Remember the last offset and
use that in NEXT search mode if we had to re-open the file.
--

GnuPG-bug-id: 4505
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-14 19:05:58 +02:00
Werner Koch
22e274f839
sm: Change keydb code to use the keybox locking.
* kbx/keybox-init.c (keybox_lock): New arg TIMEOUT.  Change all
callers to pass -1 when locking.
* sm/keydb.c (struct resource_item): Remove LOCKANDLE.
(struct keydb_handle): Add KEEP_LOCK.
(keydb_add_resource): Use keybox locking instead of a separate dotlock
for testing whether we can run a compress.
(keydb_release): Reset KEEP_LOCK.
(keydb_lock): Set KEEP_LOCK.
(unlock_all): Take care of KEEP_LOCK.
(lock_all): Use keybox_lock instead of dotlock fucntions.
(keydb_delete): Remove arg UNLOCK.
* sm/delete.c (delete_one): Adjust keydb_delete.  Due to the KEEP_LOCK
the keydb_release takes care of unlocking.
--

This aligns the code more with g10/keydb.c and avoids the separate
calls to dotlock_take.

GnuPG-bug-id: 4505
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-14 13:36:08 +02:00
Werner Koch
54e96c6fd2
agent: Replace most assert by log_assert.
--
2019-05-14 10:31:46 +02:00
Daniel Kahn Gillmor
5651b2c460
agent: correct length for uri and comment on 64-bit big-endian platforms
* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
gcry_sexp_build_array's %b.

--

This is only a problem on big-endian systems where size_t is not the
same size as an int.  It was causing failures on debian's s390x,
powerpc64, and sparc64 platforms.

There may well be other failures with %b on those platforms in the
codebase, and it probably needs an audit.

Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment
or a uri of reasonable length associated with it, this fix can be
tested with:

   gpg-agent --server <<<"READKEY $KEYGRIP"

On the failing platforms, the printed comment will be of length 0.

Gnupg-bug-id: 4501
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-14 10:23:54 +02:00