* g10/keylist.c (list_keyblock_print): Set SECRET to 2 and not 0x32.
--
Reported-by: Danielle McLean <dani@00dani.me>
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (can_handle_critical): Add
SIGSUBPKT_REVOC_REASON.
--
Some software seems to mark that subpacket as criticial. Although gpg
has no special treatment for a revocation reasons (except for
--list-packets) we can accept a criticial marked anyway. There are no
mandatary rules specified on how to handle a revocation reason.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.h (KEYDB_HANDLE): Move typedef to ...
* g10/gpg.h: here.
(struct server_control_s): Add field 'cached_getkey_kdb'.
* g10/gpg.c (gpg_deinit_default_ctrl): Release that keydb handle.
* g10/getkey.c (getkey_end): Cache keydb handle.
(get_pubkey): Use cached keydb handle.
* kbx/keybox-search.c (keybox_search_reset): Use lseek instead of
closing the file.
--
Before this patch a "gpg --check-sigs" opened and closed the keybox
file for almost every signature check. By caching the keydb handle
and using lseek(2) this can be limited to just 2 times. This might
speed up things on Windows.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions. Quite
a lot of changes but fortunately straightforward to do.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking
DEBUG_PARSE_PACKET. This fixes the build with '#define
DEBUG_PARSE_PACKET 0'.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/keydb.c (keyblock_cache): Remove field SIGSTATUS.
(keyblock_cache_clear): Adjust for that removal.
(parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature
cache setting; this is now done in the parser.
(keydb_get_keyblock): Do not set SIGSTATUS.
(build_keyblock_image): Remove arg SIGSTATUS and simplify. Change
caller.
* kbx/keybox-blob.c: Explain that the signature information is not
anymore used.
(_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change
callers.
* kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS
and change callers.
* kbx/keybox-update.c (keybox_insert_keyblock): Likewise.
--
This thing was too complicated and has been replaced by the new ring
trust packet code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
pointer to its struct.
(init_parse_packet): Adjust for LAST_PKT not being a pointer.
* g10/parse-packet.c (parse): Ditto. Free the last packet before
storing a new one in case of a deep link.
(parse_ring_trust): Adjust for LAST_PKT not being a pointer.
* g10/free-packet.c (free_packet): Ditto.
* g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
--
Fixes-commit: afa8680908
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/build-packet.c (do_user_id): Avoid indeterminate length header.
--
We are able to import such user ids but when exporting them the
exported data could not be imported again because the parser bails out
on invalid keyrings. This is now fixed and should be backported.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_trust): Rename to ...
(parse_ring_trust): this. Change args and implement new ring trust
packet format.
(parse): Add special ring trust packet handling.
* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
KEYSRC.
(PKT_public_key): Ditto.
(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
(PKT_ring_trust): New.
(struct packet_struct): Remove member RING_TRUST.
(strcu parse_packet_ctx_s): Add field SKIP_META.
(init_parse_packet): Init SKIPT_META.
* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
(free_user_id): Ditto.
* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
lines.
* g10/build-packet.c (build_packet_and_meta): New.
(do_ring_trust): New.
* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
in backup mode.
(do_export_one_keyblock): Ditto.
* g10/import.c (read_block): Add arg WITH_META. Skip ring trust
packets if that ism not set.
(import): Call read_block WITH_META in restore mode.
* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not
yet used, though.
* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
(build_keyblock_image): Ditto. Use build_packet_and_meta.
* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
ring trust packets.
(write_keyblock): Use build_packet_and_meta. Remove special treatment
of ring trust packets and initialization of the signature caches.
--
This patch introduced the framework to store meta data for keys and
user ids in the keyrings/keyboxes. Ring trust packets are
implementation defined and have always been used in gpg to cache the
signature verification status.
Ring trust packets are only exported with the export option "backup"
and only imported with the import option "restore".
The new code uses a cleaner way to handle the ring trust packets: When
the parser reads a ring trust packet and the previously read packet
matches the type of that ring trust packet, the information is stored
in that previously read packet (signature, user id, or primary key)
and the next packet is read immediately. Thus only the parser sees
the ring trust packets. Ring trust packets are written by using the
new function build_packet_and_meta instead of build_packet. That
function writes a ring trust packet when the needed information is
available.
As a side-effect of this patch the signature status cache works again
and "gpg --check-sigs" is thus much faster.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
FREE_LAST_PKT.
(init_parse_packet): Clear them.
(deinit_parse_packet): New macro. Change all users if
init_parse_packet to also call this macro.
* g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
packet copies in the context. Change all callers.
* g10/parse-packet.c (parse): Store certain packets in the parse
context.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (struct parse_packet_ctx_s): New.
(parse_packet_ctx_t): New type.
(init_parse_packet): New macro.
* g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take
a parse context. Change all callers to provide a context instead of
directly supplying the input stream.
(search_packet, dbg_search_packet): Ditto.
(copy_all_packets, dbg_copy_all_packets): Init an use a parse context.
(copy_some_packets, dbg_copy_some_packets): Ditto.
(skip_some_packets, dbg_skip_some_packets): Ditto.
--
We will need this change to handle ring packets inside the parser.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20.
--
We add them now to early catch error in parsers which arbitrary limit
the number of fields in --with-colon listings.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (aQuickSetPrimaryUid): New const.
(opts): New command --quick-set-primary-uid.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ...
(quick_find_keyblock): new func.
(keyedit_quick_revuid): Use quick_find_keyblock.
(keyedit_quick_set_primary): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (gnupg_pk_is_compliant): New.
* g10/keylist.c (print_compliance_flags): New.
(list_keyblock_colon): Call it here.
* sm/keylist.c (print_compliance_flags): New.
(list_cert_colon): Call it here.
--
This patch is to convey information about DE_VS compliant keys to the
caller. The double digit value is used so that parsers do the right
thing and don't just look for a single digit.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling
get_policy. If POLICY is 'auto' and the default policy is 'ask', make
sure CONFLICT_SET includes the current key.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2959
Debian-bug-id: 854829
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/call-agent.c (select_openpgp): Remove.
--
By this change, the function get_serialno_cb will be also unused. But
please don't remove the function, because it will be soon used.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keylist.c (print_signature_stats): Flush stdout.
(list_keyblock_colon): Use es_flush instead of fflush.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then
make sure that we do not revoke the last valid UID.
(menu_revuid): Make sure that we do not revoke the last valid UID.
* tests/openpgp/quick-key-manipulation.scm: Demonstrate that
'--quick-revoke-uid' can not be used to revoke the last valid UID.
GnuPG-bug-id: 2960
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL.
--
Phil Pennock reported an assertion failure when doing
% gpg --auto-key-locate dane --locate-keys someone
gpg: Ohhhh jeeee: Assertion "uid->ref > 0" in \
free_user_id failed (free-packet.c:310)
on his keyring. This patch is not tested but a good guess.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (impex_filter_getval): Handle PKT_ATTRIBUTE the same as
PKT_USER_ID
(apply_drop_sig_filter): Ditto.
--
The old code was plainly wrong in that it considered PKT_ATTRIBUTE to
use a PKT_signature object.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Always initialize the trust db when generating
keys.
* g10/keygen.c (do_generate_keypair): We can now assume that there is
a trust db.
--
It is important to mark keys we create as ultimately trusted.
Fixes-commit: 4735ab96aa
GnuPG-bug-id: 2695
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/keygen.c (do_generate_keypair): Only update the ownertrust if we
do have a trust database.
* g10/trustdb.c (have_trustdb): New function.
* g10/trustdb.h (have_trustdb): New prototype.
* tests/openpgp/quick-key-manipulation.scm: Remove workaround.
GnuPG-bug-id: 2695
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/keyedit.c (keyedit_quick_revuid): Signal an error when trying to
revoke non-existant UID.
* tests/openpgp/quick-key-manipulation.scm: Test that.
GnuPG-bug-id: 2962
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/export.c (export_seckeys): Add arg OPTIONS and pass it to
do_export.
(export_secsubkeys): Ditto.
* g10/gpg.c (main): Pass opt.export_options to export_seckeys and
export_secsubkeys
--
Back in the old days we did not used the export options for secret
keys export because of a lot of duplicated code and that the old
secring.gpg was anyway smaller that the pubring.gpg. With 2.1 it was
pretty easy to enable it.
Reported-by: Peter Lebbing
GnuPG-bug-id: 2973
* g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
Change to return an error code. Change all callers to to pass False
for NO_CREATE.
(tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test
for a non-existing trustdb. Change all callers to to pass False for
NO_CREATE.
(tdb_get_min_ownertrust): Ditto.
* g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call
init_trustdb for a quick check.
(get_ownertrust_info): Add arg NO_CREATE.
(get_ownertrust_string): Ditto.
* g10/gpgv.c (get_ownertrust_info): Adjust stub.
* g10/test-stubs.c (get_ownertrust_info): Ditto.
* g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
set.
* g10/pubkey-enc.c (get_it): Ditto.
--
Fixes-commit: effa80e0b5
For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to
gnupg-devel 'test failure on git master with
decrypt-session-key.scm (and: continuous integration?)'
Signed-off-by: Werner Koch <wk@gnupg.org>
I already have copyright assignment with the FSF for GDB. I don't
think I'll need to do the DCO thing.
Signed-off-by: Manish Goregaokar <manish@mozilla.com>
* g10/export.c (export_ssh_key): Also check the primary key.
--
If no suitable subkey was found for export, we now check whether the
primary key is suitable for export and export this one. Without this
change it was only possible to export the primary key by using the '!'
suffix in the key specification.
Also added a sample key for testing this.
GnuPG-bug-id: 2957
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/sign.c (write_signature_packets): Free SIG. Also replace
xcalloc by xtrycalloc.
--
If do_sign fails SIG was not released. Note that in the good case SIG
is transferred to PKT and freed by free_packet.
Reported-by: Stephan Müller
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (gnupg_fd_valid): New function.
* common/sysutils.h (gnupg_fd_valid): New declaration.
* common/logging.c (log_set_file): Use the new function.
* g10/cpr.c (set_status_fd): Likewise.
* g10/gpg.c (main): Likewise.
* g10/keylist.c (read_sessionkey_from_fd): Likewise.
* g10/passphrase.c (set_attrib_fd): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/issue2941.scm: New file.
--
Consider a situation where the user passes "--status-fd 3" but file
descriptor 3 is not open.
During the course of executing the rest of the commands, it's possible
that gpg itself will open some files, and file descriptor 3 will get
allocated.
In this situation, the status information will be appended directly to
whatever file happens to have landed on fd 3 (the trustdb? the
keyring?).
This is a potential data destruction issue for all writable file
descriptor options:
--status-fd
--attribute-fd
--logger-fd
It's also a potential issue for readable file descriptor options, but
the risk is merely weird behavior, and not data corruption:
--override-session-key-fd
--passphrase-fd
--command-fd
Fixes this by checking whether the fd is valid early on before using
it.
GnuPG-bug-id: 2941
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Define commands with ARGPARSE_c
instead of ARGPARSE_s_n.
--
These three entries are commands, but they're being treated as a
string-based option for some reason. However, if you try to use them
concurrently with another command like --clearsign, you'll get "gpg:
conflicting commands".
Furthermore, because they're marked as options, their flags differ
from the commands that they alias, they cause ambiguity in
abbreviation (e.g. try "gpg --list-ke") which should have been fixed
by 7249ab0f95.
Marking them explicitly as commands for argparse should be more
accurate and should resolve the abbreviation ambiguity issue.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gpg: fix aliases --list-key, --list-sig, and --check-sig.
* g10/gpg.c: ARGPARSE_OPTS opts[]: define commands with ARGPARSE_c
instead of ARGPARSE_s_n.
--
These three entries are commands, but they're being treated as a
string-based option for some reason. However, if you try to use them
concurrently with another command like --clearsign, you'll get "gpg:
conflicting commands".
Furthermore, because they're marked as options, their flags differ
from the commands that they alias, they cause ambiguity in
abbreviation (e.g. try "gpg --list-ke") which should have been fixed
by 7249ab0f95.
Marking them explicitly as commands for argparse should be more
accurate and should resolve the abbreviation ambiguity issue.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
* g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
that we do not change the code when adding new fields to
PINENTRY_LAUNCHED.
--
This patch changes the --verbose output of gpg to show
for example
gpg: pinentry launched (5228 gtk2 1.0.1-beta10 \
/dev/pts/4 xterm localhost:10.0)
the used tty, its type, and the value of DISPLAY in addiion to the
pid, flavor, and version.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (show_statistics): If there are not records, return 0
instead of NULL.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2853
According to SUSv3:
If the subject sequence is empty or does not have the expected form,
no conversion is performed
...
If no conversion could be performed, 0 is returned and errno may be
set to [EINVAL].
http://pubs.opengroup.org/onlinepubs/007908799/xsh/strtol.html
It appears that MacOS X sets errno to EINVAL, but glibc doesn't.
Hence, we map NULL to 0 explicitly.
* g10/tofu.c (get_trust): Call get_policy before short-circuiting the
policy lookup for ultimately trusted keys to make sure the binding is
added to the bindings table, if necessary.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2929
* g10/tofu.c (tofu_get_validity): If there was a conflict, don't also
print out a warning about too few messages.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP. If
they are not NULL, return the policy and conflict set (if there is
one), respectively. Update callers. If MAY_ASK is FALSE, don't print
out the statistics.
(tofu_register_encryption): If there is a conflict and we haven't yet
printed the statistics about the conflicting bindings, do so now.
(tofu_get_validity): Likewise.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2914
* g10/keyring.c (compare_name): Fix KEYDB_SEARCH_MODE_MAIL* searches
in keyrings when the UID is a plain addr-spec.
--
Previously, 'gpg --list-key "<foo@example.org>"' failed if 1/ the
keyring format is used and 2/ the key's UID is a plain addr-spec
(cf. RFC2822 section 4.3), e.g. 'foo@example.org'.
GnuPG-bug-id: 2930
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
(map_host): Call that to print a warning.
(handle_send_request_error): Ditto and avoid marking the host dead.
Also print a tor_config_problem warning. Add arg CTRL; adjust callers
to pass that new arg.
* g10/call-dirmngr.c (ks_status_cb): Detect and print the new
warnings.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/trustdb.c (check_regexp): Correctly print whether the
regexp matched or not.
--
This patch fixes the log message displayed when gpg attempts to
match the regexp associated with a trust signature with an user ID.
The current message interprets the 'ret' variable backwards, and
displays 'YES' when the regexp actually fails to match.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* g10/export.c (parse_export_options): Add "backup" and its alias
"export-backup".
(do_export_one_keyblock): Export ring trust packets in backup mode.
* g10/import.c (parse_import_options): Add "restore" and its alias
"import-restore".
(read_block): Import ring trust packets.
--
These options are intended to, well, backup and restore keys between
GnuPG implementations. These options may eventually be enhanced to
backup and restore all public key related information.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): If the parameter for --faked-system-time
ends with a '!', freeze time at the specified point.
* common/gettime.c (gnupg_set_time): Allow to freeze the time
at an arbitrary time instead of only the current time.
* doc/gpg.texi: Update documentation for --faked-system-time.
--
This patch allows the user to modify the behavior of the
--faked-system-time option: by appending a '!' to the parameter,
time in GnuPG will be frozen at the specified time, instead of
advancing normally from that time onward.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* g10/keylist.c (show_policy_url): Implement MODE -1.
(show_keyserver_url): Ditto.
(show_notation): Ditto.
* g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and
notation data to the tty.
--
With this change the listing of signatures in the key edit menu does
now include policy URLs et al in order and not possible after leaving
the menu (it used to go to stdout and not the tty).
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets.
(clean_sigs_from_uid): Ditto.
(clean_uid_from_key): Ditto.
(clean_one_uid): Ditto.
(clean_key): Ditto.
--
Since 2.1 secret keys and public keys use identical data structure and
thus we should not restrict those key cleaning functions to work only
with public key packets. This change has no immediate effect but may
come handy in the future.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (keygen_set_std_prefs): Rename variable.
--
I consider it better not to use the name of a commonly used function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tofu.c (write_stats_status): Use the number of days with
signatures / encryptions to compute the validity, not the total number
of signatures / encryptions.
(BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
(FULL_TRUST_THRESHOLD): Likewise.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
line.
* g10/tofu.c (write_stats_status): Take additional parameters
signature_days and encryption_days. Update callers. Include them in
the tfs record and TOFU status lines.
(show_statistics): Compute the number of days on which we saw a
message signed by FINGERPRINT, and the number of days on which we
encrypted a message to it.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and
their statistics on the status fd.
(get_trust): Likewise, if we don't call ask_about_binding.
(show_statistics): Have the caller pass the policy as returned by
get_policy. Add argument only_status_fd and don't emit any output on
stdout if it is set. Update callers.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (main): Avoid translating arguments to 'wrong_args'.
--
Translating these messages is a burden for translators, and we only
have translations for very few of them as it is.
If we want to localize these messages, I'd suggest to translate the
placeholders (e.g. 'filename').
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename options.
(main): Update errors.
* doc/gpg.texi: Update accordingly.
--
I decided not to keep the old versions as aliases in the documentation
because the interface is a fairly recent addition.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename option.
* g10/call-agent.c (agent_scd_learn): Update comment.
* doc/gpg.texi: Update accordingly.
--
This change has a surprising side effect. Previously, --edit was an
alias for --edit-key, because the argument parser actually accepts
unique prefixes of all options. With this change, however, --edit is
ambiguous.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/gpg.c (opts): Rename option.
* doc/gpg.texi: Update accordingly.
--
This is a rather long name, but I believe that this command is rarely
used, and in places where it is used frequently, the process is likely
automated.
GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/gpg.texi: Document that fact.
* g10/keygen.c (quick_generate_keypair): Use a default value.
* tests/openpgp/quick-key-manipulation.scm: Test that fact.
GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>