gnupg.git
4 months agogpg: Fix printing of the user id during import.
Werner Koch [Fri, 5 Apr 2019 15:02:43 +0000 (17:02 +0200)]
gpg: Fix printing of the user id during import.

* g10/getkey.c (struct keyid_list): Add field fprlen.
(cache_user_id): Set and test it.
(get_user_id_byfpr): Make static, add arg fprlen and use it.
(get_user_id_byfpr_native): Add arg fprlen and change all callers.
--

This was a regression in the 2.3 base.
GnuPG-bug-id: 3801

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoscd:piv: Fix RSA decryption.
Werner Koch [Thu, 4 Apr 2019 10:51:21 +0000 (12:51 +0200)]
scd:piv: Fix RSA decryption.

* scd/app-piv.c (do_decipher): Fixup leading zero byte.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agodoc: Minor change to the included yat2m.
Werner Koch [Thu, 4 Apr 2019 10:49:06 +0000 (12:49 +0200)]
doc: Minor change to the included yat2m.

--

Getting the rendering of man pages is not really easy; let's see
whether this is better.  The change has also been done upstream.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoscd: Better handling of timeout and time extension.
NIIBE Yutaka [Thu, 4 Apr 2019 06:58:21 +0000 (15:58 +0900)]
scd: Better handling of timeout and time extension.

* scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
(ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
determined value.  Use value from variable wait_more for bulk_in.
Set wait_more by the value of time extension request.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agogpg: Improve the code to decrypt using PIV cards.
Werner Koch [Wed, 3 Apr 2019 15:45:35 +0000 (17:45 +0200)]
gpg: Improve the code to decrypt using PIV cards.

* g10/call-agent.c (agent_scd_keypairinfo): Add arg 'keyref'.
* g10/keygen.c (ask_algo): Adjust.
* g10/skclist.c (enum_secret_keys): Request the keyref directly.
--

This improves commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4 to avoid
looping over all keypairinfos.  This way scdaemon does not need to
compute all the keypairinfos for all keys of a card.  This patch is
possible due the enhanced READKEY command in scdaemon.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoscd: New options --info and --info-only for READKEY.
Werner Koch [Wed, 3 Apr 2019 15:31:09 +0000 (17:31 +0200)]
scd: New options --info and --info-only for READKEY.

* scd/command.c (cmd_readkey): New options --info and --info-only.
* scd/app.c (app_readkey): New arg 'flags'.
* scd/app-common.h (APP_READKEY_FLAG_INFO): New.
(struct app_ctx_s): New args 'ctrl' and 'flags' for member readkey.
Change all implementers.
* scd/app-nks.c (do_readkey): Stub implementation of
APP_READKEY_FLAG_INFO.
* scd/app-openpgp.c (do_readkey): Implement APP_READKEY_FLAG_INFO.
* scd/app-piv.c (do_readkey): Ditto.
--

This feature allows to quickly get the keygrip and in most cases also
the usage flags for one specific keyref.  Example:

 <- readkey --info-only  PIV.9D
 -> S KEYPAIRINFO FC6061FB457224370B85C6F34DD56CD29E669620 PIV.9D e
 -> OK

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Allow decryption using PIV cards.
Werner Koch [Wed, 3 Apr 2019 13:30:10 +0000 (15:30 +0200)]
gpg: Allow decryption using PIV cards.

* g10/call-agent.c (struct getattr_one_parm_s): New.
(getattr_one_status_cb): New.
(agent_scd_getattr_one): New.
* g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
pkcs#1.
* g10/skclist.c (enum_secret_keys): Handle non-OpenPGP cards.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoscd: New standard attributes $ENCRKEYID and $SIGNKEYID.
Werner Koch [Wed, 3 Apr 2019 11:16:22 +0000 (13:16 +0200)]
scd: New standard attributes $ENCRKEYID and $SIGNKEYID.

* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
"$SIGNKEYID".
* scd/app-piv.c (do_getattr): Ditto.
--

We already have $AUTHKEYID to locate the keyref of the key to be used
with ssh.  It will also be useful to have default keyref for
encryption and signing.  For example, this will allow us to repalce
the use of "OPENPGP.2" by a app type specific keyref.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Avoid endless loop if a card's serial number can't be read.
Werner Koch [Wed, 3 Apr 2019 09:26:14 +0000 (11:26 +0200)]
gpg: Avoid endless loop if a card's serial number can't be read.

* g10/skclist.c (enum_secret_keys): Move list forward on error.
--

The error is not easy to reproduce but may occur if a card is removed
at the wrong time.  Tested by changing the code.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agocard: Allow card selection with LIST.
Werner Koch [Wed, 3 Apr 2019 08:27:08 +0000 (10:27 +0200)]
card: Allow card selection with LIST.

* tools/card-call-scd.c (start_agent): Request serialno only whean
started.
(scd_serialno): Allow NULL for r_serialno.
* tools/gpg-card.c (cmd_factoryreset): Use changed scd_serialno.
(cmd_list): New.
(dispatch_command): Use cmd_list for cmdLIST.
(interactive_loop): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Print modern style key info for non-decryptable keys.
Werner Koch [Wed, 3 Apr 2019 07:04:49 +0000 (09:04 +0200)]
gpg: Print modern style key info for non-decryptable keys.

* g10/mainproc.c (print_pkenc_list): Simplify.
--

This changes the output from

# ------------------------ >8 ------------------------
  gpg: encrypted with 2048-bit RSA key, ID D20073D46DF6C97D, created 2019-04-02
        "Test with PIV card"

to

  gpg: encrypted with rsa2048 key, ID D20073D46DF6C97D, created 2019-04-02
        "Test with PIV card"

Signed-off-by: Werner Koch <wk@gnupg.org>
# ------------------------ 8< ------------------------

4 months agogpg: Allow direct key generation from card with --full-gen-key.
Werner Koch [Tue, 2 Apr 2019 16:57:09 +0000 (18:57 +0200)]
gpg: Allow direct key generation from card with --full-gen-key.

* g10/call-agent.c (agent_scd_readkey): New.
* g10/keygen.c (ask_key_flags): Factor code out to ..
(ask_key_flags_with_mask): new.
(ask_algo): New mode 14.
--

Note that this new menu 14 is always displayed.  The usage flags can
be changed only in --expert mode, though.  Creating and using signing
keys works but decryption does not yet work; we will need to tweak a
couple of other places for that.  Tested with a Yubikey's PIV app.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agocommon: Extend function pubkey_algo_string.
Werner Koch [Tue, 2 Apr 2019 16:49:51 +0000 (18:49 +0200)]
common: Extend function pubkey_algo_string.

* common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
* tools/gpg-card.c (list_one_kinfo): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agodirmngr: Improve domaininfo cache update algorithm.
Werner Koch [Tue, 2 Apr 2019 11:22:32 +0000 (13:22 +0200)]
dirmngr: Improve domaininfo cache update algorithm.

* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
(insert_or_update): Implement new update algorithm.

--

The old algorithm limited the length of a bucket chain by purging the
last 50% or the entries.  Thus the first domains entered into the
cache were never purged.  The new algorithm is a bit better: It also
limits the chain length on overflow to 50% but tries to keep the
entries indicating that a WKD is available in the cache.  If there is
still space to keep more, those which clearly do not support WKD are
also kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agosm: Show the usage flags when generating a key from a card.
Werner Koch [Mon, 1 Apr 2019 17:58:33 +0000 (19:58 +0200)]
sm: Show the usage flags when generating a key from a card.

* g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
flags.
* sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Prepare card code to allow other than OpenPGP cards.
Werner Koch [Mon, 1 Apr 2019 17:24:33 +0000 (19:24 +0200)]
gpg: Prepare card code to allow other than OpenPGP cards.

* g10/call-agent.c (start_agent): Use card app auto selection.
* g10/card-util.c (current_card_status): Print the Application type.
(card_status): Put empty line between card listings.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: New card function agent_scd_keypairinfo.
Werner Koch [Mon, 1 Apr 2019 16:37:02 +0000 (18:37 +0200)]
gpg: New card function agent_scd_keypairinfo.

* g10/call-agent.c (scd_keypairinfo_status_cb)
(agent_scd_keypairinfo): New.  Taken from gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Remove two unused card related functions.
Werner Koch [Mon, 1 Apr 2019 16:34:19 +0000 (18:34 +0200)]
gpg: Remove two unused card related functions.

* g10/call-agent.c (inq_writekey_parms): Remove.
(agent_scd_writekey): Remove.
(agent_clear_pin_cache): Remove this stub.

4 months agogpg: Remove unused arg in a card related function.
Werner Koch [Mon, 1 Apr 2019 16:12:35 +0000 (18:12 +0200)]
gpg: Remove unused arg in a card related function.

* g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agodirmngr: Better for error code for http status 413.
Werner Koch [Fri, 29 Mar 2019 13:20:47 +0000 (14:20 +0100)]
dirmngr: Better for error code for http status 413.

* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoscd: New option --application-priority.
Werner Koch [Thu, 28 Mar 2019 16:05:20 +0000 (17:05 +0100)]
scd: New option --application-priority.

* scd/scdaemon.c (oApplicationPriority): New.
(opts): Add "application_priority".
(main): Process option.
* scd/app.c (app_update_priority_list): New.
(get_supported_applications): Take apps from global list.

* tools/gpgconf-comp.c (gc_options_scdaemon): Add option.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agocard: For passwd add a PIV menu and make the OpenPGP menu optional.
Werner Koch [Thu, 28 Mar 2019 13:46:05 +0000 (14:46 +0100)]
card: For passwd add a PIV menu and make the OpenPGP menu optional.

* tools/gpg-card.c (get_selection): New.
(cmd_passwd): Reworked.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agocard: Allow "yubikey disable" only for Yubikey-5 and later.
Werner Koch [Thu, 28 Mar 2019 09:56:28 +0000 (10:56 +0100)]
card: Allow "yubikey disable" only for Yubikey-5 and later.

* tools/card-yubikey.c (yubikey_commands): Add new arg INFO and test
for Yubikey-5.
* tools/gpg-card.c (cmd_yubikey): Pass info to yubikey_commands.
--

The configuration can be read from a Yubikey-4 but not be written.
The mode command is also not useful because it allows only the
selection of transports.  It does not allow to disable single
applications based on one transport (like OPGP and PIV).  Thsi patch
shows an appropriate error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoscd: Support reading the Yubikey 4 firmware version.
Werner Koch [Wed, 27 Mar 2019 16:34:50 +0000 (17:34 +0100)]
scd: Support reading the Yubikey 4 firmware version.

* scd/app.c (app_new_register): Detect yk4 version numbers.
--

Having the version of the yubikey is important to select which other
methods can be used with a Yubikey.  Note that we do not detect the
formfactor of a Yubikey 4 and instead use 0 for our serial number
prefix.  This does not affect app-openpgp becuase there we use the app
specific serial number.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Don't use EdDSA algo ID for ECDSA curves.
Trevor Bentley [Mon, 25 Mar 2019 14:19:47 +0000 (15:19 +0100)]
gpg: Don't use EdDSA algo ID for ECDSA curves.

* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
an EdDSA curve.

--

This change matters when it is called from ask_card_keyattr.

Some-comments-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agosm: Allow decryption even if expired other keys are configured.
Werner Koch [Tue, 26 Mar 2019 12:31:06 +0000 (13:31 +0100)]
sm: Allow decryption even if expired other keys are configured.

* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
mode.
--

The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to
a decryption command.  With that patch the errors are printed but
decryption continues and the process returns success unless other
errors occur.

GnuPG-bug-id: 4431
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoagent: Allow other ssh fingerprint algos in KEYINFO.
Werner Koch [Tue, 26 Mar 2019 08:02:19 +0000 (09:02 +0100)]
agent: Allow other ssh fingerprint algos in KEYINFO.

* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO.  Default to
the standard algo.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agodoc: Add relevant NEWS items from 2.2.
Werner Koch [Mon, 25 Mar 2019 14:39:18 +0000 (15:39 +0100)]
doc: Add relevant NEWS items from 2.2.

--

4 months agowkd: New command --print-wkd-url for gpg-wks-client.
Werner Koch [Mon, 25 Mar 2019 14:13:59 +0000 (15:13 +0100)]
wkd: New command --print-wkd-url for gpg-wks-client.

* tools/gpg-wks-client.c (aPrintWKDURL): New.
(opts): Add option.
(main): Implement.
* tools/wks-util.c (wks_cmd_print_wkd_url): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agodoc: Clarify option --no-keyring.
Werner Koch [Mon, 25 Mar 2019 13:47:31 +0000 (14:47 +0100)]
doc: Clarify option --no-keyring.

--
GnuPG-bug-id: 4424

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agosm, w32: Translate logger and status fd to handles
Andre Heinecke [Mon, 25 Mar 2019 13:05:52 +0000 (14:05 +0100)]
sm, w32: Translate logger and status fd to handles

* sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
convert the FDs.

--
This is required to actually pass gpgsm an fd on windows
and not a windows handle.

For the passphrase-fd this was already done.

4 months agolibdns: Don't use _[A-Z] which are reserved names.
NIIBE Yutaka [Mon, 25 Mar 2019 10:39:44 +0000 (19:39 +0900)]
libdns: Don't use _[A-Z] which are reserved names.

* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
reserved "_[A-Z]".

--

GnuPG-bug-id: 4420
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agodoc: fix formatting error
Daniel Kahn Gillmor [Fri, 22 Mar 2019 22:49:03 +0000 (23:49 +0100)]
doc: fix formatting error

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4 months agodoc: Add a spec comment to app-piv.c
Werner Koch [Fri, 22 Mar 2019 11:29:02 +0000 (12:29 +0100)]
doc: Add a spec comment to app-piv.c

--

4 months agowkd: New command --print-wkd-hash for gpg-wks-client.
Werner Koch [Fri, 22 Mar 2019 10:40:01 +0000 (11:40 +0100)]
wkd: New command --print-wkd-hash for gpg-wks-client.

* tools/gpg-wks-client.c (aPrintWKDHash): New.
(opts) : Add "--print-wkd-hash".
(main): Implement that command.
(proc_userid_from_stdin): New.
* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
(wks_cmd_print_wkd_hash): New.
--

GnuPG-bug-id: 4418
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoscd: Refactor the app selection code.
Werner Koch [Fri, 22 Mar 2019 08:44:04 +0000 (09:44 +0100)]
scd: Refactor the app selection code.

* scd/app.c (app_priority_list): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agotests: Add a first v5 sample key
Werner Koch [Wed, 20 Mar 2019 08:16:46 +0000 (09:16 +0100)]
tests: Add a first v5 sample key

--

5 months agospeedo: Fix installer build with NSIS-3
Andre Heinecke [Mon, 18 Mar 2019 15:08:23 +0000 (16:08 +0100)]
speedo: Fix installer build with NSIS-3

* build-aux/speedo.mk: Add charset for nsis 3.

--
NSIS-3 defaults to UTF-8 but for NSIS-2 compatibility
we still stay on CP1252 for now.

5 months agogpg: Allow import of PGP desktop exported secret keys.
Werner Koch [Mon, 18 Mar 2019 12:07:14 +0000 (13:07 +0100)]
gpg: Allow import of PGP desktop exported secret keys.

* g10/import.c (NODE_TRANSFER_SECKEY): New.
(import): Add attic kludge.
(transfer_secret_keys): Add arg only_marked.
(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
r_removedsecs.
(import_secret_one): New arg r_secattic.  Change to take ownership of
arg keyblock.  Implement extra secret key import logic.  Factor some
code out to ...
(do_transfer): New.
(import_matching_seckeys): New.
--

The PGP desktops exported secret keys are really stupid.  And they
even a have kind of exception in rfc4880 which does not rule that
out (section 11.2):

  [...]  Implementations SHOULD include self-signatures on any user
  IDs and subkeys, as this allows for a complete public key to be
  automatically extracted from the transferable secret key.
  Implementations MAY choose to omit the self-signatures, especially
  if a transferable public key accompanies the transferable secret
  key.

Now if they would only put the public key before the secret
key. Anyway we now have a workaround for that ugliness.

GnuPG-bug-id: 4392
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Avoid importing secret keys if the keyblock is not valid.
Werner Koch [Fri, 15 Mar 2019 18:50:37 +0000 (19:50 +0100)]
gpg: Avoid importing secret keys if the keyblock is not valid.

* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
* g10/import.c (import_one): Add arg r_valid.
(sec_to_pub_keyblock): Set tags.
(resync_sec_with_pub_keyblock): New.
(import_secret_one): Change return code to gpg_error_t.   Return an
error code if sec_to_pub_keyblock failed.  Resync secret keyblock.
--

When importing an invalid secret key ring for example without key
binding signatures or no UIDs, gpg used to let gpg-agent store the
secret keys anyway.  This is clearly a bug because the diagnostics
before claimed that for example the subkeys have been skipped.
Importing the secret key parameters then anyway is surprising in
particular because a gpg -k does not show the key.  After importing
the public key the secret keys suddenly showed up.

This changes the behaviour of
GnuPG-bug-id: 4392
to me more consistent but is not a solution to the actual bug.

Caution: The ecc.scm test now fails because two of the sample keys
         don't have binding signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agotests: Add sample secret key w/o binding signatures.
Werner Koch [Fri, 15 Mar 2019 18:40:02 +0000 (19:40 +0100)]
tests: Add sample secret key w/o binding signatures.

--

GnuPG-bug-id: 4392

5 months agogpg: During secret key import print "sec" instead of "pub".
Werner Koch [Fri, 15 Mar 2019 18:11:32 +0000 (19:11 +0100)]
gpg: During secret key import print "sec" instead of "pub".

* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'.  Remove
useless code for "sub" and "ssb".
* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info.  Do
not print the first  keyinfo in FROM_SK mode.
printing.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Simplify an interactive import status line.
Werner Koch [Fri, 15 Mar 2019 12:02:44 +0000 (13:02 +0100)]
gpg: Simplify an interactive import status line.

* g10/cpr.c (write_status_printf): Escape CR and LF.
* g10/import.c (print_import_check): Simplify by using
write_status_printf and hexfingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Fix recently introduced use after free.
Werner Koch [Fri, 15 Mar 2019 07:55:06 +0000 (08:55 +0100)]
gpg: Fix recently introduced use after free.

* g10/mainproc.c (proc_plaintext): Do not use freed memory.
--

GnuPG-bug-id: 4407
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agokbx: Unify the fingerprint search modes.
Werner Koch [Thu, 14 Mar 2019 13:55:06 +0000 (14:55 +0100)]
kbx: Unify the fingerprint search modes.

* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove.  Switch
all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
--

These search modes were added over time and there has until recently
be no incentive to remove the cruft.  With the change for v5 keys I
finally went over all places and allowed the generic fingerprint mode
along with a given length of the fingerprint at all places.
Consequently the other modes can now be removed.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Make rfc4880bis the default.
Werner Koch [Thu, 14 Mar 2019 10:23:56 +0000 (11:23 +0100)]
gpg: Make rfc4880bis the default.

* g10/gpg.c (set_compliance_option, main): Change CO_GNUPG to include
rfc4880bis features.
(main): Change rfc4880bis warning to a note.
--

Note that the default is CO_GNUPG and not CO_OPENPGP.  CO_OPENPGP does
not include rfc4880bis yet and has a couple of things we don't like,
like --allow-non-selfsigned-uids.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Implement v5 keys and v5 signatures.
Werner Koch [Thu, 14 Mar 2019 10:20:07 +0000 (11:20 +0100)]
gpg: Implement v5 keys and v5 signatures.

* g10/build-packet.c (gpg_mpi_write): New optional arg
R_NWRITTEN.  Allow NULL for OUT.  Change all callers.
(do_key): Support v5 keys.
(build_sig_subpkt_from_sig): Support 32 byte fingerprints.
* g10/parse-packet.c (parse_signature): First try to set the keyid
from the issuer fingerprint.
(parse_key): Support v5 keys.
(create_gpg_control): Better make sure to always allocate the static
size of the struct in case future compilers print warnings.
* g10/keyid.c (hash_public_key): Add v5 support.
(keyid_from_pk): Ditto.
(keyid_from_fingerprint): Ditto.
(fingerprint_from_pk): Ditto.
* g10/keygen.c (KEYGEN_FLAG_CREATE_V5_KEY): New.
(pVERSION, pSUBVERSION): New.
(add_feature_v5): New.
(keygen_upd_std_prefs): Call it.
(do_create_from_keygrip): Add arg keygen_flags and support the v5
flag.
(common_gen): Support the v5 flag.
(parse_key_parameter_part): New flags v4 and v5.
(parse_key_parameter_string): Add args for version and subversion.
(read_parameter_file): New keywords "Key-Version" and
"Subkey-Version".
(quickgen_set_para): Add arg 'version'.
(quick_generate_keypair, generate_keypair): Support version parms.
(do_generate_keypair): Support v5 key flag.
(generate_subkeypair): Ditto.
(generate_card_subkeypair): Preparse for keyflags.
(gen_card_key): Ditto.
* g10/sig-check.c (check_signature2): Add args extrahash and
extrahashlen.
(check_signature_end): Ditto.
(check_signature_end_simple): Ditto.  Use them.
* g10/mainproc.c (proc_plaintext): Put extra hash infor into the
control packet.
(do_check_sig): Add args extrahas and extrahashlen and pass them on.
(issuer_fpr_raw): Support 32 byte fingerprint.
(check_sig_and_print): get extra hash data and pass it on.
--

Note that this is only basic support and requires more fine
tuning/fixing.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agokbx: Add support for 32 byte fingerprints.
Werner Koch [Thu, 14 Mar 2019 07:54:59 +0000 (08:54 +0100)]
kbx: Add support for 32 byte fingerprints.

* common/userids.c (classify_user_id): Support 32 byte fingerprints.
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New.
(struct keydb_search_desc): Add field fprlen.
* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field
version and increase size of fpr to 32.
* kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs.
(struct keyboxblob_key): Add field fprlen and increase size of fpr.
(pgp_create_key_part_single): Allow larger fingerprints.
(create_blob_header): Implement blob version 2 and add arg want_fpr32.
(_keybox_create_openpgp_blob): Detect the need for blob version 2.
* kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte
fingerprints.
(blob_cmp_fpr): Ditto.
(blob_cmp_fpr_part): Ditto.
(has_fingerprint): Add arg fprlen and pass on.
(keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for
changed has_fingerprint.
* kbx/keybox-openpgp.c (parse_key): Support version 5 keys.
* kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2.

* g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32.
* g10/export.c (exact_subkey_match_p): Ditto.
* g10/gpg.c (main): Ditto.
* g10/getkey.c (get_pubkey_byfprint): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
* g10/keydb.c (keydb_search_desc_dump): Support
KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR.
(keydb_search): Add new arg fprlen and change all callers.
* g10/keyedit.c (find_by_primary_fpr): Ditto.
* g10/keyid.c (keystr_from_desc): Ditto.
* g10/keyring.c (keyring_search): Ditto.
* g10/keyserver.c (print_keyrec): Ditto.
(parse_keyrec): Ditto.
(keyserver_export): Ditto.
(keyserver_retrieval_screener): Ditto.
(keyserver_import): Ditto.
(keyserver_import_fprint): Ditto.
(keyidlist): Ditto.
(keyserver_get_chunk): Ditto.

* g10/keydb.c (keydb_search): Add new arg fprlen and change all
callers.

* sm/keydb.c (keydb_search_fpr): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
--

This prepares the support for OpenPGP v5 keys.  The new version 2 blob
format is needed for the longer fingerprints and we also use this
opportunity to prepare for storing the keygrip in the blob for faster
lookup by keygrip.  Right now this is not yet functional.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Implemented latest rfc4880bis version 5 packet hashing.
Werner Koch [Tue, 12 Mar 2019 10:09:52 +0000 (11:09 +0100)]
gpg: Implemented latest rfc4880bis version 5 packet hashing.

* configure.ac (AC_CHECK_SIZEOF): Test size_t.
* g10/sig-check.c (check_signature_end_simple): Support v5 signatures
as per current rfc4880bis.  For correctness also allow for N > 2^32.
* g10/sign.c (pt_extra_hash_data_t): New.
(hash_sigversion_to_magic): New arg EXTRAHASH.
(write_plaintext_packet): New arg R_EXTRAHASH.
(write_signature_packets): Pass EXTRAHASH.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
--

Take care: The code path for v5 sigs has not yet been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoFix the previous commit.
NIIBE Yutaka [Wed, 13 Mar 2019 23:23:38 +0000 (08:23 +0900)]
Fix the previous commit.

* g10/ecdh.c (kek_params_table): Revert the change.
* scd/app-openpgp.c (ecdh_params): Use CIPHER_ALGO_AES256
for 384-bit key.

--

Avoiding CIPHER_ALGO_AES192 is intentional here.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agog10: Fix symmetric cipher algo constant for ECDH.
NIIBE Yutaka [Wed, 13 Mar 2019 00:12:14 +0000 (09:12 +0900)]
g10: Fix symmetric cipher algo constant for ECDH.

* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.

--

Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agodirmngr: Avoid testing for Tor with --gpgconf-list.
Werner Koch [Mon, 11 Mar 2019 17:15:05 +0000 (18:15 +0100)]
dirmngr: Avoid testing for Tor with --gpgconf-list.

* dirmngr/dirmngr.c (post_option_parsing): Do not call set_tor_mode.
(dirmngr_sighup_action): Call it here.
(main): Call it here unless in --gpgconf-list mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocommon: Minor rework of tty_get.
Werner Koch [Thu, 7 Mar 2019 13:11:46 +0000 (14:11 +0100)]
common: Minor rework of tty_get.

* common/ttyio.c (do_get): Re-indent and remove the checking for char
values larger than 0xa0.  Use explicy control character checking.
--

The code is really old (mid 1998) and with the checking for 0xa0 it
has an implicit assumption of utf-8 or latin-1.  Worse, the check was
for c > 0xa0 and not c == 0xa0 so it never worked as intended.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Add CSRF protection exception for protonmail.
Werner Koch [Thu, 7 Mar 2019 10:34:03 +0000 (11:34 +0100)]
dirmngr: Add CSRF protection exception for protonmail.

* dirmngr/http.c (same_host_p): Add exception table.
--

Please: Adding entries to this table shall be an exception and not the
rule.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpgv: Improve documentation for keyring choices
Daniel Kahn Gillmor [Sun, 3 Mar 2019 15:22:34 +0000 (10:22 -0500)]
gpgv: Improve documentation for keyring choices

* doc/gpgv.texi: Improve documentation for keyring choices

--

From the existing documentation, it's not clear whether the default
keyring will always be mixed into the set of keyrings, or whether it
will be skipped if a --keyring is present.  The updated text here
attempts to describe the keyring selection logic more completely.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agogpgtar: Make option -C work for archive creation.
Werner Koch [Wed, 6 Mar 2019 19:08:26 +0000 (20:08 +0100)]
gpgtar: Make option -C work for archive creation.

* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
--

The -C option is pretty useful given that pattern are always relative
to the current directory.  In contrast to GNU tar, the switching is
done only once.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent: Re-introduce --enable-extended-key-format.
Werner Koch [Wed, 6 Mar 2019 16:58:39 +0000 (17:58 +0100)]
agent: Re-introduce --enable-extended-key-format.

* agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce.
(parse_rereadable_options): Handle it in a special way.
* agent/protect.c (agent_protect): Be safe and set use_ocb only to 1
or 0.
* tools/gpgconf-comp.c: Add --enable-extended-key-format again.
--

This is required for backward compatible with profiles.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpgtar: Improve error messages.
Werner Koch [Wed, 6 Mar 2019 16:46:40 +0000 (17:46 +0100)]
gpgtar: Improve error messages.

* tools/gpgtar.h (struct tarinfo_s): New.
* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
global vars more to the top.
(set_cmd): Rename 'cmd' to 'c'.
* tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
messages.
(read_header): Add arg 'info' and update counter.
(skip_data): Ditto.
(gpgtar_list): Pass info object to read functions.
(gpgtar_read_header): Add arg 'info'.
* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
(extract_regular): Add arg 'info' and update counter.
--

This now prints the block number of a header with error.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent: Default to extended key format.
Werner Koch [Wed, 6 Mar 2019 13:09:57 +0000 (14:09 +0100)]
agent: Default to extended key format.

* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(oEnableExtendedKeyFormat): Remove.
(opts): Make --enable-extended-key-format a dummy option.  Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
--

Extended key format is supported since vesion 2.1.12 which should have
long been replaced by a newer version inh all installations.  Thus for
2.3 we will make use of the extended-key-format by default.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodoc: First take on instructions on how to init PIV cards
Werner Koch [Wed, 6 Mar 2019 11:46:09 +0000 (12:46 +0100)]
doc: First take on instructions on how to init PIV cards

--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocard: Allow PEM encoded certificates in "writecert".
Werner Koch [Wed, 6 Mar 2019 11:40:45 +0000 (12:40 +0100)]
card: Allow PEM encoded certificates in "writecert".

* tools/gpg-card.c (cmd_writecert): Convert from base64.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocard: Print the keyref also for non-initialized slots.
Werner Koch [Wed, 6 Mar 2019 09:23:56 +0000 (10:23 +0100)]
card: Print the keyref also for non-initialized slots.

* tools/gpg-card.c (list_one_kinfo): Add arg label_keyref and change
callers.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent: Fix detection of exit of scdaemon.
NIIBE Yutaka [Wed, 6 Mar 2019 01:33:54 +0000 (10:33 +0900)]
agent: Fix detection of exit of scdaemon.

* agent/call-scd.c (start_scd): Acquire START_SCD_LOCK for
SCD_LOCAL_LIST.  Move common case code to fast path.
Release START_SCD_LOCK before calling unlock_scd.
When new CTX is allocated, clear INVALID flag.
(agent_reset_scd): Serialize the access to SCD_LOCAL_LIST by
START_SCD_LOCK.

--

GnuPG-bug-id: 4377
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agocard: Print card version. Check for bad Yubikeys.
Werner Koch [Tue, 5 Mar 2019 16:40:08 +0000 (17:40 +0100)]
card: Print card version.  Check for bad Yubikeys.

* scd/app.c (app_new_register): Set card version for Yubikeys.
(app_write_learn_status): Print CARDVERSION and APPVERSION.
* tools/card-call-scd.c (learn_status_cb): Detect them.
* tools/gpg-card.h (struct card_info_s): Add appversion and
cardversion.
* tools/gpg-card.c (list_openpgp): Remove version printing from serial
number.
(print_a_version): New.
(list_card): Print card and app version.
(cmd_generate): Do not allow broken Yubikeys.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoscd: Rename a shared info field name.
Werner Koch [Tue, 5 Mar 2019 16:17:39 +0000 (17:17 +0100)]
scd: Rename a shared info field name.

* scd/app-piv.c (app_select_piv):
* scd/app-common.h (struct app_ctx_s): Rename 'card_version' to
'cardversion'.  Rename all users.  Add 'appversion'.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoscd:piv: Implement import of private keys for Yubikeys.
Werner Koch [Tue, 5 Mar 2019 14:49:20 +0000 (15:49 +0100)]
scd:piv: Implement import of private keys for Yubikeys.

* scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
 callers.
(writekey_rsa, writekey_ecc): New.
(do_writekey): New.
(do_writecert): Provide a better error message for an empty cert.
(app_select_piv): Register do_writekey.
* scd/iso7816.c (iso7816_send_apdu): New.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
* agent/command.c (cmd_keytocard): Make the timestamp optional.
* tools/card-call-scd.c (inq_writekey_parms): Remove.
(scd_writekey): Rewrite.
* tools/gpg-card.c (cmd_writekey): New.
(enum cmdids): Add cmdWRITEKEY.
(dispatch_command, interactive_loop): Call cmd_writekey.
--

This has been tested with gpgsm and RSA keys.  For ECC keys only
partly tested using the sample OpenPGP nistp256 and nistp384 keys
because gpgsm does not yet support ECC certificates and thus we can't
write the certificates to the cert object after a writekey.  Note that
they nevertheless show up in "gpgcard list" because gpg-card searches
for them in gpg and gpgsm.  However, this does not work completely.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Make invalid primary key algos obvious in key listings.
Werner Koch [Tue, 5 Mar 2019 11:39:11 +0000 (12:39 +0100)]
gpg: Make invalid primary key algos obvious in key listings.

* g10/keylist.c (print_key_line): Print a warning for invalid algos.
--

Non-OpenPGP compliant keys now show a warning flag on the sec or pub
line like in:

  gpg: can't encode a 256 bit MD into a 88 bits frame, algo=8
  sec   cv25519 2019-01-30 [INVALID_ALGO]
        4239F3D606A19258E7A88C3F9A3F4F909C5034C5
  uid           [ultimate] ffffff

Instead of showing the usage flags "[CE]".  Without this patch only
the error message is printed and the reason for it was not immediately
obvious (cv25519 is encryption only but we always consider the primary
key as having the "C" flag).

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent: Minor change to the KEYTOCARD command.
Werner Koch [Tue, 5 Mar 2019 11:08:27 +0000 (12:08 +0100)]
agent: Minor change to the KEYTOCARD command.

* agent/command.c (cmd_keytocard): Make timestamp optional.  Use
modern parser function.
* agent/call-scd.c (agent_card_writekey): Rename an arg and for
clarity return gpg_error_t instead of int.
* agent/divert-scd.c (divert_writekey): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agosm: Print Yubikey attestation extensions with --dump-cert.
Werner Koch [Fri, 1 Mar 2019 14:23:49 +0000 (15:23 +0100)]
sm: Print Yubikey attestation extensions with --dump-cert.

* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
(OID_FLAG_HEX): New.
(print_hex_extn): New.
(list_cert_raw): Make use of that flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoscd:piv: Add feature to read Yubikey attestation certificates.
Werner Koch [Fri, 1 Mar 2019 13:04:29 +0000 (14:04 +0100)]
scd:piv: Add feature to read Yubikey attestation certificates.

* scd/app-piv.c (do_readcert): Add hack to read Yubikey attestaions.
--

Use
  gpg-card 'readcert PIV.ATST.9A >x.crt'
to store the attestation certificate for 9A into X.CRT.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoscd:piv: Allow writecert to only write matching certs.
Werner Koch [Fri, 1 Mar 2019 11:58:56 +0000 (12:58 +0100)]
scd:piv: Allow writecert to only write matching certs.

* scd/app-piv.c (do_readkey): Read the key from the cert here instead
of letting the upper layer do this.
(do_writecert): Check that the cert matches the key and that a key has
already been generated.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocard: Remove the "admin" command.
Werner Koch [Fri, 1 Mar 2019 11:20:24 +0000 (12:20 +0100)]
card: Remove the "admin" command.

* tools/gpg-card.c (cmd_passwd): Remove arg allow_admin.
(enum cmdids): Rename cmdAUTHENTICATE to cmdAUTH and cmdFACTORYRESET
to cmdFACTRST.
(cmds): Remove column 'admin_only'.
(interactive_loop): Remove admin_only stuff.
--

That command has always been an annoyance.  Symbols have been renamed
for source cosmetics.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agosm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.
Werner Koch [Thu, 28 Feb 2019 13:43:42 +0000 (14:43 +0100)]
sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.

* sm/keylist.c (print_compliance_flags): Also check the diges_also.
--

A certificate with algorithm sha1WithRSAEncryption can be de-vs
compliant (e.g. if the next in the chain used sha256WithRSAEncryption
to sign it and RSA is long enough) but flagging it as such is useless
because that certificate can't be used because it will create
signatures using the non-compliant SHA-1 algorithm.

Well, it could be used for encryption.  But also evaluating the
key-usage flags here would make it harder for the user to understand
why certain certificates are listed as de-vs compliant and others are
not.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent: PKSIGN should return signature in same format for card.
NIIBE Yutaka [Wed, 27 Feb 2019 01:37:26 +0000 (10:37 +0900)]
agent: PKSIGN should return signature in same format for card.

* agent/pksign.c (agent_pksign_do):

--

It's best to keep same data format by libgcrypt.

For card (due to historical reasons), gpg-agent or scdaemon used to
prefix 0x00 when it starts 0x80, so that it can be parsed signed MPI
as well as unsigned MPI.  It used to do nothing for preceding zeros.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agoscd: Simplify the app_readkey parameters.
Werner Koch [Tue, 26 Feb 2019 15:42:50 +0000 (16:42 +0100)]
scd: Simplify the app_readkey parameters.

* scd/app-help.c (app_help_pubkey_from_cert): New.
* scd/command.c (cmd_readkey): Refactor to use that new function and
handle the --advanced flag only here.
* scd/app.c (app_readkey): Remove parm advanced.
* scd/app-common.h (struct app_ctx_s): Remove parm advanced from the
readkey member.
* scd/app-nks.c (do_readkey): Adjust for removed parm.
* scd/app-piv.c (do_readkey): Ditto.
* scd/app-openpgp.c (do_readkey): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoconf: New option --show-socket.
Werner Koch [Mon, 25 Feb 2019 14:55:13 +0000 (15:55 +0100)]
conf: New option --show-socket.

* tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
* tools/gpgconf.h: here.
* tools/gpgconf.c (oShowSocket): New.
(opts): Add new option.
(main): Implement new option.
--

This is a convenience options for software which directly connects to
gpg-agent and thus needs to new the socket.  By using --show-socket
along with --launch that software can also autostart the agent or the
dirmngr.  Without this two calls to gpgconf would be required.

Actually the same behaviour can be achieved by running
gpg-connect-agent to query the running gpg-agent's socket via GETINFO.
The gpg-connect also makes sure that the agent is started.  This is
not anymore suggested because gpgconf shall in future be used for all
such things.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agolibdns: Avoid using compound literals (8).
NIIBE Yutaka [Tue, 26 Feb 2019 03:26:02 +0000 (12:26 +0900)]
libdns: Avoid using compound literals (8).

* dirmngr/dns.h (dns_quietinit): Remove.
(dns_hints_i_new): Remove.

--

Even before our change, dns_quietinit was questionable macro;  There
was no place in dns.c which requires overrides in initializer list.
Only redundant zero were.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agolibdns: Avoid using compound literals (7).
NIIBE Yutaka [Tue, 26 Feb 2019 03:13:35 +0000 (12:13 +0900)]
libdns: Avoid using compound literals (7).

* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
automatic variable for opts.
* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
Likewise.

--

In fact, DNS_OPTS_INIT was only needed when args are none.  With
partially specified initialization, C99 guarantees zero-ed other
members just like static object.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agolibdns: Avoid using compound literals (6).
NIIBE Yutaka [Tue, 26 Feb 2019 02:55:32 +0000 (11:55 +0900)]
libdns: Avoid using compound literals (6).

* dirmngr/dns.h (dns_rr_i_new): Remove.
(dns_rr_i_init): Remove unused second argument.
* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
(parse_packet): Use automatic variable for struct dns_rr_i.
(dns_d_cname): No need to call dns_rr_i_init after memset 0.
(dns_rr_i_init): Remove unused second argument.  Return nothing.
* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
(getsrv_libdns): Follow the change of dns_rr_i_init.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agolibdns: Avoid using compound literals (5).
NIIBE Yutaka [Tue, 26 Feb 2019 02:43:10 +0000 (11:43 +0900)]
libdns: Avoid using compound literals (5).

* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
Call dns_rr_grep with NULL.
* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.

--

Here we still use C99 feature of struct member initialization in
dns_rr_foreach, for struct dns_rr_i.  Note that in C99, it guarantees
non-specified member fields are initialized by zero.  So, there's no
need to use dns_rr_i_new at all.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agolibdns: Avoid using compound literals (4).
NIIBE Yutaka [Tue, 26 Feb 2019 01:58:16 +0000 (10:58 +0900)]
libdns: Avoid using compound literals (4).

* dirmngr/dns.h (dns_d_new*): Remove.
* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
variable.
(parse_domain): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agolibdns: Avoid using compound literals (3).
NIIBE Yutaka [Tue, 26 Feb 2019 01:34:03 +0000 (10:34 +0900)]
libdns: Avoid using compound literals (3).

* dirmngr/dns.h (dns_p_new): Remove.
* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
variable.
(dns_hints_query, dns_res_glue, parse_packet, query_hosts)
(send_query, show_hints, echo_port): Likewise.

--

Implicit automatic allocation by compound literals is confusing
for C90 code.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agolibdns: Avoid using compound literals (2).
NIIBE Yutaka [Tue, 26 Feb 2019 01:04:09 +0000 (10:04 +0900)]
libdns: Avoid using compound literals (2).

* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
(dns_strclass1, dns_strclass3): Remove.
(dns_strtype1, dns_strtype3): Remove.
(dns_strsection, dns_strclass, dns_strtype): Directly use the
function.
* dirmngr/dns.c (dns_strsection): Use automatic variable.
(dns_strclass, dns_strtype): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agolibdns: Avoid using compound literals.
NIIBE Yutaka [Tue, 26 Feb 2019 00:42:54 +0000 (09:42 +0900)]
libdns: Avoid using compound literals.

* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
variables.
(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.

--

Compound literals is a feature of C99.  Because we only use C90 plus
some limited features, in the project, it's better to avoid it.

Besides, we make sure when it's read-only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agoscd: PIV: Always require a PIN for signing with 9C.
Werner Koch [Mon, 25 Feb 2019 10:29:30 +0000 (11:29 +0100)]
scd: PIV: Always require a PIN for signing with 9C.

* scd/app-piv.c (verify_chv): Add arg 'force'.
(do_sign): Use force for 0x9c.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocard: Rename gpg-card-tool to gpg-card.
Werner Koch [Mon, 25 Feb 2019 08:28:22 +0000 (09:28 +0100)]
card: Rename gpg-card-tool to gpg-card.

* tools/card-tool-keys.c: Rename to card-keys.c.
* tools/card-tool-misc.c: Rename to card-misc.c.
* tools/card-tool-yubikey.c: Rename to card-yubikey.c.
* tools/card-tool.h: Rename to gpg-card.h.
* tools/gpg-card-tool-w32info.rc: Rename to gpg-card-w32info.rc
* doc/card-tool.texi: Rename top gpg-card.texi

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent: Fix for suggested Libgcrypt use.
Werner Koch [Fri, 22 Feb 2019 13:09:02 +0000 (14:09 +0100)]
agent: Fix for suggested Libgcrypt use.

* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
--

The libgcrypt docs say that a "flags" parameter should always be used
in the input of pkdecrypt.  Thus we should allow that parameter also
when parsing an s-expression to figure out the algorithm for use with
scdaemon.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpgscm: Build well even if NDEBUG defined.
NIIBE Yutaka [Mon, 25 Feb 2019 01:44:16 +0000 (10:44 +0900)]
gpgscm: Build well even if NDEBUG defined.

* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.

--

Picked from libgpg-error commit of:
8a9397896fd202dcfb3fb46259e43bc05a0ddd2e

In some build environment, NDEBUG is defined (although it's
bad practice).  This change supports such a situation.

GnuPG-bug-id: 3959
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agoscd: internal driver: Submit SET_INTERFACE control transfer.
NIIBE Yutaka [Fri, 22 Feb 2019 11:05:09 +0000 (20:05 +0900)]
scd: internal driver: Submit SET_INTERFACE control transfer.

* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
control transfer.

--

This handling is not mondatory, but it's better to do so, because
there are card reader with pinpad and token with ack button, which
support user interaction.

User interaction status should be reset at open time.  The status
should be reset when the session is closed/stopped.  In practice,
since cleanup routine in a driver may not be called properly, it's
good to submit SET_INTERFACE at open time.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agosm: Fix certificate creation with key on card.
Werner Koch [Thu, 21 Feb 2019 16:32:39 +0000 (17:32 +0100)]
sm: Fix certificate creation with key on card.

* sm/certreqgen.c (create_request): Fix for certmode.
--

When using an existing key from a card for certificate signing (in
contrast to the default of generating a CSR), the code tried to use
the same key for signing instead of the Signing-Key parameter.  It is
perfectly okay to use the regular signing path via gpg-agent for
certificate creation - only self-signed certificates with a key on the
card require the direct use of the card key (via "SCD PKSIGN").

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocard: Print usage info for each key.
Werner Koch [Thu, 21 Feb 2019 11:43:07 +0000 (12:43 +0100)]
card: Print usage info for each key.

* tools/card-call-scd.c (learn_status_cb): Handle extended
KEYPARIRINFO.
* tools/card-tool.h (struct key_info_s): Add field 'usage'.
* tools/gpg-card-tool.c (list_one_kinfo): Show usage flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoscd: Extend KEYPAIRINFO by key usage info.
Werner Koch [Thu, 21 Feb 2019 08:24:37 +0000 (09:24 +0100)]
scd: Extend KEYPAIRINFO by key usage info.

* scd/app-openpgp.c (send_keypair_info): Append usage string.
* scd/app-piv.c (struct data_object_s): Remove column 'binary'.  Add
column 'usage'.
(dump_all_do): Adjust for removed 'binary'.
(send_keypair_and_cert_info): Append usage string.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocard: Print the keyref in the listing.
Werner Koch [Thu, 21 Feb 2019 07:42:33 +0000 (08:42 +0100)]
card: Print the keyref in the listing.

* tools/gpg-card-tool.c (list_one_kinfo): Print the keyref.
--

The named keys are nice but knowing the actual keyref mapping to them
is also useful.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoscd: Don't let the "undefined" app cause a conflict error.
Werner Koch [Thu, 21 Feb 2019 07:40:59 +0000 (08:40 +0100)]
scd: Don't let the "undefined" app cause a conflict error.

* scd/app.c (check_conflict): Ignore "undefined".

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agosm: Prepare algo mapping to handle values > 255.
Werner Koch [Thu, 21 Feb 2019 07:51:27 +0000 (08:51 +0100)]
sm: Prepare algo mapping to handle values > 255.

* sm/misc.c (transform_sigval): Allow for larger values of MDALGO and
PKALGO.
--

Libgcrypt already defines larger values for them, so we should be
prepared in case we use them in the future.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoscd: Clear CHV status on timeout error.
NIIBE Yutaka [Thu, 21 Feb 2019 06:50:43 +0000 (15:50 +0900)]
scd: Clear CHV status on timeout error.

* scd/app-openpgp.c (clear_chv_status): New.
(do_change_pin): Use clear_chv_status.
(do_sign): Call clear_chv_status on GPG_ERR_TIMEOUT.
(do_auth, do_decipher): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agoscd: Handle ack button timeout as GPG_ERR_TIMEOUT.
NIIBE Yutaka [Thu, 21 Feb 2019 06:16:11 +0000 (15:16 +0900)]
scd: Handle ack button timeout as GPG_ERR_TIMEOUT.

* scd/apdu.h (SW_ACK_TIMEOUT): New.
* scd/iso7816.c (map_sw): Return GPG_ERR_TIMEOUT for SW_ACK_TIMEOUT.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agotests: Add "disable-scdaemon" in gpg-agent.conf.
NIIBE Yutaka [Thu, 21 Feb 2019 03:26:09 +0000 (12:26 +0900)]
tests: Add "disable-scdaemon" in gpg-agent.conf.

* tests/openpgp/defs.scm: Add "disable-scdaemon".  Remove
  "scdaemon-program".
* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"

--

Before this change, running "make check" accesses USB device by
scdaemon on host computer.  If there is any smartcard/token available,
it may affect test results.  Because default key choice depends on
smartcard/token availability now and existing tests have nothing about
testing smartcard/token, disabling scdaemon is good.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agoagent: Terminate pinentry process gracefully, by watching socket.
NIIBE Yutaka [Tue, 19 Feb 2019 05:36:50 +0000 (14:36 +0900)]
agent: Terminate pinentry process gracefully, by watching socket.

* agent/call-pinentry.c (watch_sock): New.
(do_getpin): Spawn the watching thread.

--

While we don't have npth_cancel (and it's difficult to implement it
correctly), this is a kind of best compromise allowing a thread's
polling when pinentry is active.

GnuPG-bug-id: 2011
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agoagent: Minor change for pinentry status handling.
NIIBE Yutaka [Tue, 19 Feb 2019 04:12:07 +0000 (13:12 +0900)]
agent: Minor change for pinentry status handling.

* agent/call-pinentry.c (struct entry_parm_s): Add status.
(do_getpin): Use param->status.
(agent_askpin): Copy param->status. to pininfo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>