gnupg.git
4 years agog10: Fix keytocard.
NIIBE Yutaka [Fri, 3 Apr 2015 08:39:59 +0000 (17:39 +0900)]
g10: Fix keytocard.

g10/call-agent.h (agent_scd_learn): Add FORCE option.
g10/call-agent.c (agent_scd_learn): Implement FORCE option.
g10/keygen.c (gen_card_key): Follow the change of option.
g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
g10/keyedit.c (keyedit_menu): Update private key storage by
agent_scd_learn.
--

This is not a perfect solution since there is a possibility user
unplug card before quitting 'gpg --keyedit' session.  Usually,
it works well.

GnuPG-bug-id: 1846

4 years agoagent: Add --force option for LEARN.
NIIBE Yutaka [Fri, 3 Apr 2015 08:33:11 +0000 (17:33 +0900)]
agent: Add --force option for LEARN.

* agent/command.c (cmd_learn): Handle --force option.
(cmd_keytocard): Don't update key storage file.
* agent/agent.h (agent_handle_learn): Add FORCE.
* agent/learncard.c (agent_handle_learn): Implement FORCE to update
key stroage file.
--

4 years agodirmngr: Don't use alloca.
Neal H. Walfield [Tue, 31 Mar 2015 12:48:31 +0000 (14:48 +0200)]
dirmngr: Don't use alloca.

* dirmngr/ks-engine-ldap.c (ks_ldap_put): Replace use of alloca with
xmalloc and xfree.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agodirmngr: Simplify truncation of long strings in debug code.
Neal H. Walfield [Tue, 31 Mar 2015 12:23:13 +0000 (14:23 +0200)]
dirmngr: Simplify truncation of long strings in debug code.

* dirmngr/ks-engine-ldap.c (modlist_dump): Simplify truncation of long
strings.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agodirmngr: Correct indentation.
Neal H. Walfield [Tue, 31 Mar 2015 10:26:59 +0000 (12:26 +0200)]
dirmngr: Correct indentation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agodirmngr: Use a better error code.
Neal H. Walfield [Tue, 31 Mar 2015 10:07:39 +0000 (12:07 +0200)]
dirmngr: Use a better error code.

* dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return
GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agogpg: Remove gratuitous extern qualifier from declaration.
Neal H. Walfield [Tue, 31 Mar 2015 10:00:58 +0000 (12:00 +0200)]
gpg: Remove gratuitous extern qualifier from declaration.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agodirmngr: Better encapsulate the keyservers variable.
Neal H. Walfield [Sat, 28 Mar 2015 16:23:56 +0000 (17:23 +0100)]
dirmngr: Better encapsulate the keyservers variable.

* dirmngr/dirmngr.h (struct server_control_s): Move field keyservers
from here...
* dirmngr/server.c (struct server_local_s): ... to here.  Update
users.
* dirmngr/ks-action.h (ks_action_resolve): Add argument keyservers.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.
* dirmngr/ks-action.c (ks_action_resolve): Add argument keyservers.
Use it instead of ctrl->keyservers.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agogpg: Only use the last specified keyserver.
Neal H. Walfield [Sat, 28 Mar 2015 15:55:10 +0000 (16:55 +0100)]
gpg: Only use the last specified keyserver.

* g10/gpg.c (main): Only use the last specified keyserver.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agodirmngr: Fix resource leaks and check rare errors.
Werner Koch [Wed, 25 Mar 2015 18:39:27 +0000 (19:39 +0100)]
dirmngr: Fix resource leaks and check rare errors.

* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource
leak.
(ks_ldap_search): Check error from es_fopenmem.  Use LDAP_ERR where
required.
(modlist_dump): Check error from es_fopenmem.
(uncescape): s/int/size_t/.  Use existing macros.
(extract_attributes): Use existing trim function.
(ks_ldap_put): Do not segv on error from modlist_dump.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr: Minor cleanups.
Werner Koch [Wed, 25 Mar 2015 18:33:59 +0000 (19:33 +0100)]
dirmngr: Minor cleanups.

* dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h.
(ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/.
(tm2ldaptime): Use snprintf.
(ldap_connect): Get error code prior to log_error and and use modern
function.   Use xfree, xtrustrdup etc.
(modlist_lookup): Use GNUPG_GCC_A_USED.
(modlist_free): Use xfree.
--

sprintf has been replaced by snprintf to avoid warnings on some
platforms.

xfree et al. is required so that replacement functions are
used if defined.  For example the Libgcrypt functions which may not be
fully compatible with standard free.

Impossible conditions should use GPG_ERR_INTERNAL.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Add macro GNUPG_GCC_A_USED.
Werner Koch [Wed, 25 Mar 2015 18:19:38 +0000 (19:19 +0100)]
common: Add macro GNUPG_GCC_A_USED.

* common/util.h (GNUPG_GCC_A_USED): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodoc: Document the changed default algos for gpgsm.
Werner Koch [Wed, 25 Mar 2015 09:16:37 +0000 (10:16 +0100)]
doc: Document the changed default algos for gpgsm.

--

4 years agosm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).
Werner Koch [Wed, 25 Mar 2015 09:12:11 +0000 (10:12 +0100)]
sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).

* sm/certreqgen.c (create_request): Change default hash algo.
* sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change default bulk cipher algo.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg,w32: Handle forward slash in --keyring option.
Werner Koch [Tue, 24 Mar 2015 12:30:57 +0000 (13:30 +0100)]
gpg,w32: Handle forward slash in --keyring option.

* g10/keydb.c (keydb_add_resource): Allow forward slash under Windows.
--

GnuPG-bug-id: 1546

4 years agodoc: Mention that --use-standard-socket-p always returns true.
Werner Koch [Tue, 24 Mar 2015 08:22:24 +0000 (09:22 +0100)]
doc: Mention that --use-standard-socket-p always returns true.

--

4 years agocommon:stringhelp.c: Replace use of jblib_malloc with xtrymalloc, etc. neal/dirmngr-ldap
Neal H. Walfield [Thu, 12 Mar 2015 12:45:27 +0000 (13:45 +0100)]
common:stringhelp.c: Replace use of jblib_malloc with xtrymalloc, etc.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoImprove documentation for ks_hkp_get.
Neal H. Walfield [Thu, 19 Mar 2015 10:15:53 +0000 (11:15 +0100)]
Improve documentation for ks_hkp_get.

* dirmngr/ks-engine-hkp.c (ks_hkp_get): Improvement documentation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoImprove spelling and grammar of some comments.
Neal H. Walfield [Thu, 19 Mar 2015 10:14:52 +0000 (11:14 +0100)]
Improve spelling and grammar of some comments.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoImprove documenation of http_parse_uri.
Neal H. Walfield [Thu, 19 Mar 2015 10:12:43 +0000 (11:12 +0100)]
Improve documenation of http_parse_uri.

* common/http.c (http_parse_uri): Improve documentation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoAdd support to talking to LDAP key servers.
Neal H. Walfield [Thu, 19 Mar 2015 10:02:46 +0000 (11:02 +0100)]
Add support to talking to LDAP key servers.

* g10/call-dirmngr.c (record_output): New function.
(ks_put_inq_cb): Use it here to generate a --with-colons like output
instead of a custom format.
* dirmngr/ks-action.c: Include "ldap-parse-uri.h".
(ks_action_help): If the provided URI is an LDAP URI, then use
ldap_parse_uri to parse.  Call ks_ldap_help.
(ks_action_search): If passed an LDAP URI, then call ks_ldap_search.
(ks_action_get): Likewise.
(ks_action_put): Likewise.  Also, change data from a 'const void *' to
a 'void *' and add info and infolen parameters.  Add note that
function may modify DATA.
* dirmngr/ks-action.h (ks_action_put): Update declaration accordingly.
* dirmngr/server.c: Include "ldap-parse-uri.h".
(cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using
ldap_parse_uri.
(hlp_ks_put): Improve documentation.
(cmd_ks_put): Also pass info and infolen to ks_action_put.  Improve
documentation.
* dirmngr/ks-engine.h (ks_ldap_help): New declaration.
(ks_ldap_search): Likewise.
(ks_ldap_get): Likewise.
(ks_ldap_put): Likewise.
* dirmngr/ks-engine-ldap.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c,
ldap-parse-uri.c and ldap-parse-uri.h.
(dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs).

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoImport _gpgme_parse_timestamp from gpgme as parse_timestamp.
Neal H. Walfield [Mon, 23 Mar 2015 12:22:48 +0000 (13:22 +0100)]
Import _gpgme_parse_timestamp from gpgme as parse_timestamp.

* common/gettime.h (parse_timestamp): New declaration.
* common/gettime.c (_win32_timegm): New function imported from
gpgme/src/conversion.c:_gpgme_timegm.
(parse_timestamp): New function imported from
gpgme/src/conversion.c:_gpgme_parse_timestamp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoMove copy_stream function to misc.c.
Neal H. Walfield [Fri, 13 Mar 2015 12:44:18 +0000 (13:44 +0100)]
Move copy_stream function to misc.c.

* dirmngr/ks-action.c (copy_stream): Move function from here...
* dirmngr/misc.c (copy_stream): ... to here and drop the static
qualifier.
* dirmngr/misc.h (copy_stream): Add declaration.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoMove armor_data to misc.c.
Neal H. Walfield [Fri, 13 Mar 2015 12:42:00 +0000 (13:42 +0100)]
Move armor_data to misc.c.

* dirmngr/ks-engine-hkp.c (armor_data): Move function from here...
* dirmngr/misc.c (armor_data): ... to here and drop static qualifier.
* dirmngr/misc.h: New declaration.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoAdd new LDAP utility functions.
Neal H. Walfield [Fri, 13 Mar 2015 12:39:40 +0000 (13:39 +0100)]
Add new LDAP utility functions.

* dirmngr/Makefile.am (module_tests): New variable.
(noinst_PROGRAMS): New primary.  Set it to $(module_tests).
(TESTS): New variable.  Set it to $(module_tests).
(t_common_src): New variable.
(t_common_ldadd): Likewise.
(t_ldap_parse_uri_SOURCES): New primary.
(t_ldap_parse_uri_LDADD): Likewise.
* dirmngr/ldap-parse-uri.c: New file.
* dirmngr/ldap-parse-uri.h: Likewise.
* dirmngr/t-ldap-parse-uri.c: Likewise.
* dirmngr/t-support.h: Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoAdd new function uri_query_lookup.
Neal H. Walfield [Thu, 19 Mar 2015 08:59:20 +0000 (09:59 +0100)]
Add new function uri_query_lookup.

* common/http.h (uri_query_lookup): New declaration.
* common/http.c (uri_query_lookup): The corresponding implementation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agoAdd new function strlist_find.
Neal H. Walfield [Fri, 13 Mar 2015 14:08:22 +0000 (15:08 +0100)]
Add new function strlist_find.

* common/strlist.h (strlist_find): New declaration.
* common/strlist.c (strlist_find): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agocommon: Add new helper function, strsplit.
Neal H. Walfield [Thu, 12 Mar 2015 12:03:50 +0000 (13:03 +0100)]
common: Add new helper function, strsplit.

* common/stringhelp.h (strsplit): New declaration.
* common/stringhelp.c (strsplit): New function.
* common/t-stringhelp.c (test_strsplit): New function.
(main): Call it here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
4 years agogpg: Consider a mailbox only userid in mail search mode.
Werner Koch [Fri, 20 Mar 2015 14:43:32 +0000 (15:43 +0100)]
gpg: Consider a mailbox only userid in mail search mode.

* kbx/keybox-search.c: Include mbox-util.h.
(blob_cmp_mail): Improve OpenPGP uid parsing.
--

GnuPG-bug-id: 1927

4 years agocommon: Add function is_valid_mailbox_mem.
Werner Koch [Fri, 20 Mar 2015 14:39:49 +0000 (15:39 +0100)]
common: Add function is_valid_mailbox_mem.

* common/mbox-util.c (mem_count_chr): New.
(my_memstr): New.
(has_invalid_email_chars): Change args to work on a buffer.
(is_valid_mailbox_mem): New.
(is_valid_mailbox): Rewrite to use is_valid_mailbox_mem.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Find keys using mail addresses with garbage after the '>'
Werner Koch [Fri, 20 Mar 2015 12:29:20 +0000 (13:29 +0100)]
gpg: Find keys using mail addresses with garbage after the '>'

* kbx/keybox-search.c (blob_cmp_mail): Stop comparing at the '>'.
--

This change allows to find mail addresses like

  Joe Doe <joe@example.org> bar
  Joe Doe <joe@example.org> (comment)

using the command

   gpg  -k '<joe@example.org'

or (with syntactic sugar)

   gpg  -k '<joe@example.org>'

These UIDs are ill-formed according to gpg checks but nevertheless are
seen in the wild.

Note, that it does only work with the new keybox format.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Fix syntax error when building with gnutls
Werner Koch [Fri, 20 Mar 2015 12:20:04 +0000 (13:20 +0100)]
common: Fix syntax error when building with gnutls

* common/http.c (send_request): Add missing comma.
--

This fixes commit dc10d46.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Emit status line NEWSIG before signature verification starts.
Werner Koch [Thu, 19 Mar 2015 19:38:25 +0000 (20:38 +0100)]
gpg: Emit status line NEWSIG before signature verification starts.

* g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG.
--

gpgsm does this for a long time but somehow it never made it into gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Compute correct MPI length header for protected ECC keys.
Werner Koch [Thu, 19 Mar 2015 17:01:58 +0000 (18:01 +0100)]
agent: Compute correct MPI length header for protected ECC keys.

* agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from
opaque MPIs to comply with the OpenPGP spec.
--

This patch is the protected private key counterpart to commit ab17f7b.
Thanks to andy_s for describing the problem.

GnuPG-bug-id: 1853
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agohkps: Fix host name verification when using pools.
Werner Koch [Thu, 19 Mar 2015 14:37:05 +0000 (15:37 +0100)]
hkps: Fix host name verification when using pools.

* common/http.c (send_request): Set the requested for SNI.
* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
the selecting a host.
--

GnuPG-bug-id: 1792

Thanks to davidw for figuring out the problem.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoDefine replacement error codes from libgpg-error 1.19.
Werner Koch [Thu, 19 Mar 2015 08:34:08 +0000 (09:34 +0100)]
Define replacement error codes from libgpg-error 1.19.

* common/util.h: Add GPG_ERR_LDAP codes for libgpg-error < 1.19.

4 years agogpgtar: Fix extracting files with !(size % 512)
Andre Heinecke [Tue, 17 Mar 2015 09:48:09 +0000 (10:48 +0100)]
gpgtar: Fix extracting files with !(size % 512)

* tools/gpgtar-extract.c (extract_regular): Handle size multiples
  of RECORDSIZE.

--
  If a hdr->size was a multiple of 512 the last record would
  not have been written and the files corrupted accordingly.

GnuPG-bug-id: 1926

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
Changed to use only if-else.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Add feature to ease using argparse's usage().
Werner Koch [Tue, 17 Mar 2015 10:22:28 +0000 (11:22 +0100)]
common: Add feature to ease using argparse's usage().

* common/argparse.c (show_help): Take care of flag value
(usage): Ditto.
--

It is common that the long usage note starts with the short usage
note.  The new flag feature allows to combine both.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Allow standalone build of argparse.c
Werner Koch [Tue, 17 Mar 2015 08:19:55 +0000 (09:19 +0100)]
common: Allow standalone build of argparse.c

* common/argparse.h: Remove types.h - not required.
* common/argparse.c: Change to allow standalone use.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoTypo fix.
Werner Koch [Tue, 17 Mar 2015 08:18:23 +0000 (09:18 +0100)]
Typo fix.

--

4 years agogpg: Create all MPIs with RFC-4880 correct length headers.
Werner Koch [Mon, 16 Mar 2015 19:14:58 +0000 (20:14 +0100)]
gpg: Create all MPIs with RFC-4880 correct length headers.

* g10/build-packet.c (gpg_mpi_write): Strip leading zeroes.
--

This used not to work with opaque MPI as returned by Libgcrypt from
ECC operations.  This patch fixes this.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Allow printing of MPI values in --list-mode.
Werner Koch [Mon, 16 Mar 2015 18:57:11 +0000 (19:57 +0100)]
gpg: Allow printing of MPI values in --list-mode.

* g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode.
* g10/misc.c (mpi_print): Do not print an extra leading zero.
--

This was in older versions possible using "--debug 4" but that was
disabled in 2.1 due to a conflict using this values also for
Libgcrypt.  Now the values are dumped either with --debug 4 or using
--list-packets along with --verbose.

Because OpenPGP only uses unsigned integers an extra leading zero will
not be printed anymore.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix broken write of opaque MPI length header.
Werner Koch [Mon, 16 Mar 2015 18:51:06 +0000 (19:51 +0100)]
gpg: Fix broken write of opaque MPI length header.

* g10/build-packet.c (gpg_mpi_write): Use a char array for the length.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix possible dead code elimination.
Werner Koch [Sun, 15 Mar 2015 13:01:36 +0000 (14:01 +0100)]
gpg: Fix possible dead code elimination.

* g10/encrypt.c: Change condition for detecting a real file.
--

Detected by Stack 3.0:

  bug: anti-dce
  model: |
    %tobool155 = icmp ne i32 %call154, 0, !dbg !1298
    -->  true
    ************************************************************
    land.lhs.true156:
    %96 = icmp eq i8* %filename, null
    call void @opt.bugon(i1 %96), !dbg !1298, !bug !1250
    %97 = load i8* %filename, align 1, !dbg !1298
    %conv157 = sext i8 %97 to i32, !dbg !1298
    %tobool158 = icmp ne i32 %conv157, 0, !dbg !1298
    br i1 %tobool158, label %land.lhs.true159, label %if.else177,\
          !dbg !1298
  stack:
    - /home/wk/s/gnupg/g10/encrypt.c:639:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/encrypt.c:639:0
      - null pointer dereference

4 years agog13: Fix pointer wrap check.
Werner Koch [Sun, 15 Mar 2015 12:33:26 +0000 (13:33 +0100)]
g13: Fix pointer wrap check.

* g13/utils.c (find_tuple, next_tuple): Cast pointer to size_t before
doing an overflow check.
--

Detected by Stack 0.3:

    bug: anti-simplify
  model: |
    %cmp4 = icmp ult i8* %add.ptr3, %s.0, !dbg !568
    -->  false
  stack:
    - /home/wk/s/gnupg/g13/utils.c:127:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g13/utils.c:127:0
      - pointer overflow

4 years agoagent: Remove useless conditions in command.c.
Werner Koch [Sun, 15 Mar 2015 12:11:44 +0000 (13:11 +0100)]
agent: Remove useless conditions in command.c.

* agent/command.c (cmd_setkeydesc): Remove NULL check.
(cmd_get_passphrase): Ditto.
(cmd_clear_passphrase): Ditto.
(cmd_get_confirmation): Ditto.
(cmd_getval): Ditto.
(cmd_putval): Ditto.
--

Detected by Stack 0.3.

4 years agoagent: Fix length test in sshcontrol parser.
Werner Koch [Sun, 15 Mar 2015 12:04:48 +0000 (13:04 +0100)]
agent: Fix length test in sshcontrol parser.

* agent/command-ssh.c (ssh_search_control_file): Check S before
upcasing it.
--

In contradiction to the comment we did not check the length of HEXGRIP
and thus the GPG_ERR_INV_LENGTH was never triggered.

Detected by Stack 0.3:

  bug: anti-simplify
  model: |
    %cmp8 = icmp ne i32 %i.0, 40, !dbg !986
    -->  false
  stack:
    - /home/wk/s/gnupg/agent/command-ssh.c:1226:0
  ncore: 2
  core:
    - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
      - buffer overflow
    - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
      - buffer overflow

4 years agoagent: Remove useless conditions.
Werner Koch [Sun, 15 Mar 2015 11:57:13 +0000 (12:57 +0100)]
agent: Remove useless conditions.

* agent/genkey.c (agent_ask_new_passphrase): Remove useless condition.
* agent/command-ssh.c (ssh_identity_register): Ditto.
--

Detected by Stack 0.3:

  bug: anti-simplify
  model: |
    %tobool22 = icmp ne i8* %arraydecay21, null, !dbg !717
    -->  true
  stack:
    - /home/wk/s/gnupg/agent/genkey.c:385:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/agent/genkey.c:362:0
      - pointer overflow

  bug: anti-simplify
  model: |
    %tobool35 = icmp ne i8* %arraydecay34, null, !dbg !1053
    -->  true
  stack:
    - /home/wk/s/gnupg/agent/command-ssh.c:3120:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/agent/command-ssh.c:3103:0
      - pointer overflow

4 years agogpg: Remove useless condition.
Werner Koch [Sun, 15 Mar 2015 11:30:06 +0000 (12:30 +0100)]
gpg: Remove useless condition.

* g10/keylist.c (list_keyblock_colon): Remove useless condition (PK).
(list_keyblock_print):  Likewise.
--

PK is already derefed above and thus testing for PK is dead code.
Detected by Stack 0.3:

  bug: anti-simplify
  model: |
    %tobool200 = icmp ne %struct.PKT_public_key* %3, null, !dbg !1498
    -->  true
  stack:
    - /home/wk/s/gnupg/g10/keylist.c:1367:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/keylist.c:1319:0
      - null pointer dereference

  bug: anti-simplify
  model: |
    %tobool102 = icmp ne %struct.PKT_public_key* %4, null, !dbg !1462
    -->  true
  stack:
    - /home/wk/s/gnupg/g10/keylist.c:978:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/keylist.c:955:0
      - null pointer dereference

  bug: anti-simplify
  model: |
    %tobool128 = icmp ne %struct.PKT_public_key* %4, null, !dbg !1469
    -->  true
  stack:
    - /home/wk/s/gnupg/g10/keylist.c:990:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/g10/keylist.c:955:0
      - null pointer dereference

4 years agoscd: Fix possible NULL deref in apdu.c
Werner Koch [Sun, 15 Mar 2015 11:15:55 +0000 (12:15 +0100)]
scd: Fix possible NULL deref in apdu.c

* scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
(control_pcsc_wrapped): Ditto.
--

pcsc_vendor_specific_init calls the above with BUFFER and BUFLEN as
NULL.

Reported by Stack 0.3:

  bug: anti-dce
  model: |
    control_pcsc.exit77:
    %retval.0.i.i76 = phi i32 [ %rc.0.i.i.i73, \
            %pcsc_error_to_sw.exit.i.i74 ], [ 0, %if.end.i.i75 ]
    %tobool198 = icmp ne i32 %retval.0.i.i76, 0, !dbg !728
    br i1 %tobool198, label %if.then199, label %if.end200, !dbg !728
  stack:
    - /home/wk/s/gnupg/scd/apdu.c:1882:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/scd/apdu.c:1309:0
      - buffer overflow

4 years agocommon: Make openpgp_oid_to_str more robust.
Werner Koch [Sun, 15 Mar 2015 11:07:21 +0000 (12:07 +0100)]
common: Make openpgp_oid_to_str more robust.

* common/openpgp-oid.c (openpgp_oid_to_str): Take care of
gcry_mpi_get_opaque returning NULL.  Remove useless condition !BUF.
--

It is possible that an opaque MPI stores just a NULL pointer.  Take
care of that before incrementing the pointer.  We return an error in
this case because at least a length byte is required.

Found due to hint from stack 0.3:

  bug: anti-simplify
  model: |
    %tobool15 = icmp ne i8* %incdec.ptr, null, !dbg !567
    -->  true
  stack:
    - /home/wk/s/gnupg/common/openpgp-oid.c:220:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/common/openpgp-oid.c:212:0
      - pointer overflow

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Improve error reporting from Pinentry.
Werner Koch [Wed, 11 Mar 2015 15:28:32 +0000 (16:28 +0100)]
agent: Improve error reporting from Pinentry.

* agent/call-pinentry.c (unlock_pinentry): Add error logging.  Map
error source of uncommon errors to Pinentry.
--

With this change it is possible to detect whether an error like
GPG_ERR_ASS_INV_RESPONSE has its origin in a call to Pinentry or comes
from another part of gpg-agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Change --print-pka-records into an option.
Werner Koch [Tue, 10 Mar 2015 12:44:40 +0000 (13:44 +0100)]
gpg: Change --print-pka-records into an option.

* g10/gpg.c (aPrintPKARecords): Rename to oPrintPKARecords and do not
use it as a command.
* g10/keylist.c (list_keyblock): List PKA rceords also for secret
keys.
--

An option allows to use it more flexible.  For example to select only
secret keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Add --list-gcrypt-config and "curve" item for --list-config.
Werner Koch [Tue, 10 Mar 2015 14:26:02 +0000 (15:26 +0100)]
gpg: Add --list-gcrypt-config and "curve" item for --list-config.

* common/openpgp-oid.c (curve_supported_p): New.
(openpgp_enum_curves): New.
* common/t-openpgp-oid.c (test_openpgp_enum_curves): New.
(main): Add option --verbose.
* g10/gpg.c (opts): Add --list-gcrypt-config.
(list_config): Add items "curve" and "curveoid".  Remove unused code.
--

GnuPG-bug-id: 1917
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoscd: fix for 64-bit arch.
NIIBE Yutaka [Mon, 9 Mar 2015 02:00:03 +0000 (11:00 +0900)]
scd: fix for 64-bit arch.

* agent/pksign.c (agent_pksign_do): Use int.
* scd/app-openpgp.c (get_public_key): Likewise.

--

On 64-bit architecture, int and size_t might be different.
For the first argument for '%b', int is expected.

4 years agodoc: Some typo fixes.
Werner Koch [Fri, 6 Mar 2015 09:46:40 +0000 (10:46 +0100)]
doc: Some typo fixes.

--

4 years agodoc: Fix FAQ stub and remove faq build rules.
Werner Koch [Wed, 4 Mar 2015 14:10:52 +0000 (15:10 +0100)]
doc: Fix FAQ stub and remove faq build rules.

--

The FAQ is maintained in the gnupg-doc repo.

4 years agogpg: avoid chatter about trustdb when --quiet
Daniel Kahn Gillmor [Sat, 21 Feb 2015 16:04:13 +0000 (11:04 -0500)]
gpg: avoid chatter about trustdb when --quiet

* g10/trustdb.c (tdb_check_trustdb_stale): avoid log_info() when
  opt.quiet
--

gpg(1) says:

       -q, --quiet
              Try to be as quiet as possible.

While the mentions about the stale trustdb information are edifying,
they aren't necessary, and shouldn't be emitted when the user requests
--quiet.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4 years agogpg: Lowercase mailbox for PKA lookups.
Werner Koch [Thu, 26 Feb 2015 17:16:45 +0000 (18:16 +0100)]
gpg: Lowercase mailbox for PKA lookups.

* common/stringhelp.c (ascii_strlwr): New.
* common/mbox-util.c (mailbox_from_userid): Downcase result.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoRemove an unused variable.
Werner Koch [Thu, 26 Feb 2015 17:15:10 +0000 (18:15 +0100)]
Remove an unused variable.

--

4 years agogpg: Fix memory leak due to PKA lookup.
Werner Koch [Thu, 26 Feb 2015 17:01:13 +0000 (18:01 +0100)]
gpg: Fix memory leak due to PKA lookup.

* g10/keyserver.c (keyserver_import_pka): Move the xfree.

4 years agodoc: Fix name of keep-ownertrust.
Werner Koch [Thu, 26 Feb 2015 14:06:00 +0000 (15:06 +0100)]
doc: Fix name of keep-ownertrust.

--

Reported-by: Guilhem Moulin <guilhem@fripost.org>
(cherry picked from commit 0d286a11c857a8f84b084b6f4e8a38737adca034)

4 years agodoc: Update the description of the S2K extension.
Werner Koch [Thu, 26 Feb 2015 10:57:06 +0000 (11:57 +0100)]
doc: Update the description of the S2K extension.

--

4 years agogpg: Switch to a hash and CERT record based PKA system.
Werner Koch [Wed, 25 Feb 2015 15:34:19 +0000 (16:34 +0100)]
gpg: Switch to a hash and CERT record based PKA system.

* common/dns-cert.c (get_dns_cert): Make r_key optional.
* common/pka.c: Rewrite for the new hash based lookup.
* common/t-pka.c: New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.

--

Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.

The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time.  Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified.  Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key.  Having a solid way of getting a key matching
a mail address is however a must have.

More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase.  The auto-key-locate mechanism
should also be able to continue key fetching with another methods once
the fingerprint has been retrieved with PKA.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Allow requesting a specific certtype with get_dns_cert()
Werner Koch [Wed, 25 Feb 2015 11:03:21 +0000 (12:03 +0100)]
common: Allow requesting a specific certtype with get_dns_cert()

* common/dns-cert.c (get_dns_cert): Add arg want_certtype.  Change all
callers.
(CERTTYPE_): Move constants to ...
* common/dns-cert.h: here as DNS_CERTTYPE_.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoMove new mailbox.c source file to common/.
Werner Koch [Wed, 25 Feb 2015 10:43:50 +0000 (11:43 +0100)]
Move new mailbox.c source file to common/.

* g10/mailbox.c: Move to ...
* common/mbox-util.c: new file.
* common/mbox-util.h: New. Include where needed.
* g10/t-mailbox.c: Move to ...
* common/t-mbox-util.c: new file.
--

This will make it easier to use the code by other modules in common/.

4 years agogpg: Add command --print-pka-records.
Werner Koch [Tue, 24 Feb 2015 18:31:59 +0000 (19:31 +0100)]
gpg: Add command --print-pka-records.

* g10/gpg.c (main): Add command --print-pka-records.
* g10/options.h (struct opt): Add field "print_pka_records".
* g10/keylist.c (list_keyblock_pka): New.
(list_keyblock): Call it if new option is set.
(print_fingerprint): Add mode 10.
--

This is a fist step towards a slightly updated PKA implementation.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Add function to extract the mailbox.
Werner Koch [Tue, 24 Feb 2015 16:43:57 +0000 (17:43 +0100)]
gpg: Add function to extract the mailbox.

* g10/misc.c (has_invalid_email_chars, is_valid_mailbox)
(is_valid_user_id): Move to ...
* g10/mailbox.c: new file.
(string_has_ctrl_or_space, has_dotdot_after_at): New.
(has_invalid_email_chars): New.

* g10/t-mailbox.c: New.
* g10/Makefile.am (module_tests): Add t-mailbox.
(t_mailbox_SOURCES, t_mailbox_LDADD): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Add another test case to zb32.c
Werner Koch [Tue, 24 Feb 2015 16:02:00 +0000 (17:02 +0100)]
common: Add another test case to zb32.c

--

Fingerprints may eventually be used with zb32 and thus thre should be
a test case.

4 years agogpg: Add option to print fingerprints in ICAO spelling.
Werner Koch [Mon, 23 Feb 2015 16:54:05 +0000 (17:54 +0100)]
gpg: Add option to print fingerprints in ICAO spelling.

* g10/gpg.c: Add option --with-icao-spelling.
* g10/options.h (struct opt): Add with_icao_spelling.
* g10/keylist.c (print_icao_hexdigit): New.
(print_fingerprint): Print ICAO spelling.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Skip legacy keys while searching keyrings.
Werner Koch [Mon, 23 Feb 2015 15:37:57 +0000 (16:37 +0100)]
gpg: Skip legacy keys while searching keyrings.

* g10/getkey.c (search_modes_are_fingerprint): New.
(lookup): Skip over legacy keys.
--

GnuPG-bug-id: 1847
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Fix regression due to commit 2183683b.
Werner Koch [Mon, 23 Feb 2015 14:25:37 +0000 (15:25 +0100)]
common: Fix regression due to commit 2183683b.

* common/dns-cert.c (get_dns_cert): Remove cruft.
--

GnuPG-bug-id: 1850
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Replace remaining uses of stdio by estream.
Werner Koch [Thu, 19 Feb 2015 16:22:27 +0000 (17:22 +0100)]
gpg: Replace remaining uses of stdio by estream.

* g10/sign.c (sign_file):  Use log_printf instead of stderr.
* g10/tdbdump.c (export_ownertrust): Use estream fucntions.
(import_ownertrust): Ditto.
* g10/tdbio.c (tdbio_dump_record): Ditto.  Change arg to estream_t.
--

Reported-by: Guilhem Moulin <guilhem@fripost.org>
  Needed for unattended key edits with --status-fd, because since 2.1
  status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd)
  not fflush(3), so the standard output may not be flushed before each
  prompt. (Which breaks scripts using select(2) to multiplex between
  the standard and status outputs.)

His patch only affected print_and_check_one_sig_colon() but there are
many more places where stdio and estream are mixed.  This patch now
replaces most of them in g10/.  At some places stdio is still used,
but that is local to a function and should not have side effects.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix segv due to NULL value stored as opaque MPI.
Werner Koch [Thu, 19 Feb 2015 15:29:58 +0000 (16:29 +0100)]
gpg: Fix segv due to NULL value stored as opaque MPI.

* g10/build-packet.c (gpg_mpi_write): Check for NULL return from
gcry_mpi_get_opaque.
(gpg_mpi_write_nohdr, do_key): Ditto.
* g10/keyid.c (hash_public_key): Ditto.
--

This fix extends commmit 0835d2f44ef62eab51fce6a927908f544e01cf8f.

  gpg2 --export --no-default-keyring --keyring TESTDATA

With TESTDATA being below after unpacking.

-----BEGIN PGP ARMORED FILE-----

mBMEhdkMmS8BcX8F//8F5voEhQAQmBMEnAAAZwAAo4D/f/8EhQAAAIAEnP8EhQAQ
iBMEnP8AAAAABf8jIID///8EhQYQmBMEnIUAEIgTBKT/AAAAAAUAACCA/f//BIUA
EJgTBJx/AP8ABPPzBJx/AP8ABPPz
=2yE0
-----END PGP ARMORED FILE-----

Reported-by: Jodie Cunningham
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoscd: Fix regression in 2.1.2 (due to commit 2183683)
Werner Koch [Thu, 12 Feb 2015 19:40:39 +0000 (20:40 +0100)]
scd: Fix regression in 2.1.2 (due to commit 2183683)

* scd/apdu.c (pcsc_vendor_specific_init): Replace use of
bufNN_to_uint by direct code.
--

Hey, that was little endian.

4 years agodirmngr: Initialize cache from sysconfig dir
Andre Heinecke [Thu, 5 Feb 2015 12:58:50 +0000 (13:58 +0100)]
dirmngr: Initialize cache from sysconfig dir

* dirmngr/certcache.c (cert_cache_init): Load certificates
from sysconfig dir instead of the homeidr.
* dirmngr/dirmngr.c (main): Removed parsing of obsolete
homedir_data option.
* dirmngr/dirmngr.h (opt): Removed homedir_data.
* doc/dirmngr.texi: Update and clarify certs directory doc.

--

Using the homedir for extra-certs and trusted-certs makes
little sense when dirmngr is used with a caller that
manages it's own store of certificates and can
provide those through the SENDCERT command.
You can use trusted-certs and extra-certs to provide
users with a base of locally available certificates that are
not already in store of the applications.

4 years agoPost release updates.
Werner Koch [Wed, 11 Feb 2015 18:48:21 +0000 (19:48 +0100)]
Post release updates.

--

4 years agoRelease 2.1.2 gnupg-2.1.2
Werner Koch [Wed, 11 Feb 2015 18:22:25 +0000 (19:22 +0100)]
Release 2.1.2

4 years agopo: Auto update.
Werner Koch [Wed, 11 Feb 2015 18:20:46 +0000 (19:20 +0100)]
po: Auto update.

--

4 years agodirmngr: Avoid warning about unused function.
Werner Koch [Wed, 11 Feb 2015 18:01:11 +0000 (19:01 +0100)]
dirmngr: Avoid warning about unused function.

* dirmngr/dirmngr.c (my_gnutls_log): Build only if gnutls is used.

4 years agobuild: Update standard build-aux files.
Werner Koch [Wed, 11 Feb 2015 17:51:00 +0000 (18:51 +0100)]
build: Update standard build-aux files.

4 years agodoc: Add another use case for --show-session-key.
Werner Koch [Wed, 11 Feb 2015 11:21:30 +0000 (12:21 +0100)]
doc: Add another use case for --show-session-key.

--
GnuPG-bug-id: 1835

4 years agodoc: Change remaining http links to gnupg.org to https
Werner Koch [Wed, 11 Feb 2015 11:10:39 +0000 (12:10 +0100)]
doc: Change remaining http links to gnupg.org to https

--
GnuPG-bug-id: 1830

4 years agoUse inline functions to convert buffer data to scalars.
Werner Koch [Wed, 11 Feb 2015 09:27:57 +0000 (10:27 +0100)]
Use inline functions to convert buffer data to scalars.

* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Prevent an invalid memory read using a garbled keyring.
Werner Koch [Mon, 9 Feb 2015 14:46:00 +0000 (15:46 +0100)]
gpg: Prevent an invalid memory read using a garbled keyring.

* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.
* g10/keydb.c (parse_keyblock_image): Ditto.
--

The keyring DB code did not reject packets which don't belong into a
keyring.  If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

Reported-by: Hanno Böck <hanno@hboeck.de>
Test data:

  gpg2 --no-default-keyring --keyring FILE --export >/dev/null

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----

mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86
sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt
DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAGs
CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx
kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS
l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF
eyTtxs+wAgAD
=uIt9
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix a NULL-deref in export due to invalid packet lengths.
Werner Koch [Mon, 9 Feb 2015 09:54:06 +0000 (10:54 +0100)]
gpg: Fix a NULL-deref in export due to invalid packet lengths.

* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
opaque MPI.
--

Reported-by: Hanno Böck <hanno@hboeck.de>
Test data:

     gpg2 --no-default-keyring --keyring FILE --export

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v2
Comment: Use "gpg --dearmor" for unpacking

mI0EGRkZGRkZGRkZGRkZGRkBGRkZGRkZGRkZGRkZGQAZGRkZGRkZGRkZGRkZGRkZ
GRkZInzgDbpa/9gQ4wq9////f3Vy81CkyVq3HQaqgZLZOeqPjM7XgGh5hJvAkpec
9wAAAgDHe0FVFbkppJZXP+gFs6z3gobS0qUFeyTtxs+wAgAD
=JDFT
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix a NULL-deref due to empty ring trust packets.
Werner Koch [Mon, 9 Feb 2015 09:21:19 +0000 (10:21 +0100)]
gpg: Fix a NULL-deref due to empty ring trust packets.

* g10/parse-packet.c (parse_trust): Always allocate a packet.
--

Reported-by: Hanno Böck <hanno@hboeck.de>
Signed-off-by: Werner Koch <wk@gnupg.org>
Test data:

 gpg2 --no-default-keyring --keyring FILE --export

With this unpacked data for FILE:

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v2
Comment: Use "gpg --dearmor" for unpacking

mI0EVNP2zQEEALvETPVDCJDBXkegF4esiV1fqlne40yJnCmJeDEJYocwFPXfFA86
sSGjInzgDbpbC9gQPwq91Qe9x3Vy81CkyVonPOejhINlzfpzqAAa3A6viJccZTwt
DJ8E/I9jg53sbYW8q+VgfLn1hlggH/XQRT0HkXMP5y9ClURYnTsNwJhXABEBAAG0
CXRlc3QgdGVzdIi5BBMBCgAjBQJU0/bNAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC
HgECF4AACgkQlsmuCapsqYLvtQP/byY0tM0Lc3moftbHQZ2eHj9ykLjsCjeMDfPx
kZUUtUS3HQaqgZLZOeqPjM7XgGh5hJsd9pfhmRWJ0x+iGB47XQNpRTtdLBV/WMCS
l5z3uW7e9Md7QVUVuSlJnBgQHTS6EgP8JQadPkAiF+jgpJZXP+gFs2j3gobS0qUF
eyTtxs+wAAAD
=puSt
-----END PGP ARMORED FILE-----

4 years agogpg-agent: Use "pinentry-basic" as fallback.
Werner Koch [Wed, 4 Feb 2015 09:09:28 +0000 (10:09 +0100)]
gpg-agent: Use "pinentry-basic" as fallback.

* common/homedir.c (get_default_pinentry_name): New.
(gnupg_module_name): Use that for the default pinentry.
(gnupg_module_name_flush_some): New.
* agent/gpg-agent.c (agent_sighup_action): Flush some module names.
* agent/call-pinentry.c (start_pinentry): Do not modify
opt.pinentry_program.
--

The idea with this change is that under Windows we can install a
simple native Windows pinentry as "pinentry-basic" and a full GUI
version may then later install pinentry-gtk etc which would then
automatically be used.

Unfortunately installing another pinentry from a different package
would clobber the GnuPG core directory which is not nice.  To fix that
we would need to agree on standard installation directories for GUIs
to also look there.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agow32: Add manifest to gpg.
Werner Koch [Tue, 3 Feb 2015 18:11:44 +0000 (19:11 +0100)]
w32: Add manifest to gpg.

* g10/gpg.w32-manifest.in: New.
* g10/gpg-w32info.rc: Add manifest.
* g10/Makefile.am (EXTRA_DIST): Add manifest.
(gpg-w32info.o): Depend on manifest.
* configure.ac (BUILD_VERSION): New.
(AC_CONFIG_FILES): Add manifest.
--

There are no dependencies yet defined - we need to do this for the
libs first.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoUpdate copyright years.
Werner Koch [Tue, 3 Feb 2015 08:12:45 +0000 (09:12 +0100)]
Update copyright years.

* common/w32info-rc.h.in (W32INFO_COMPANYNAME): Change to "The GnuPG
Project".

4 years agow32: Change default Windows install dir and add bin to PATH.
Werner Koch [Sun, 1 Feb 2015 14:35:57 +0000 (15:35 +0100)]
w32: Change default Windows install dir and add bin to PATH.

* build-aux/speedo.mk (WITH_GUI): New macro.  The Windows installer is
now build by default without any GUI stuff.
* build-aux/speedo/w32/inst.nsi: Change standard installation
directory.
(AddToPath, un.RemoveFromPath): New.
(gnupginst): Add bin directory to the PATH.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agow32: Allow for Unicocde installation directory.
Werner Koch [Sun, 1 Feb 2015 14:27:32 +0000 (15:27 +0100)]
w32: Allow for Unicocde installation directory.

* common/homedir.c (w32_rootdir): Use Unicode fucntion not only for
WinCE.
--

This uses the same code We used for WindowsCE.  It has not been tested
with a Unicode requiring installation directory.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agokbx: Fix resource leak.
Joshua Rogers [Fri, 30 Jan 2015 02:42:52 +0000 (11:42 +0900)]
kbx: Fix resource leak.

* kbx/keybox-update.c (blob_filecopy): Fix resource leak.  On error
return, 'fp' and 'newfp' was never closed.

--

Signed-off-by: Joshua Rogers <git@internot.info>
[Log entry reformatted, and added more fixes - gniibe]

4 years agoagent: Fix use of imported but unprotected openpgp keys.
Werner Koch [Thu, 29 Jan 2015 15:26:07 +0000 (16:26 +0100)]
agent: Fix use of imported but unprotected openpgp keys.

* agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New.
* agent/command.c (do_one_keyinfo): Implement it.
* agent/findkey.c (agent_key_from_file): Ditto.
(agent_key_info_from_file): Ditto.
(agent_delete_key): Ditto.
* agent/protect.c (agent_private_key_type): Add detection for openpgp
"none" method.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agopo: Update Japanese Translation.
NIIBE Yutaka [Thu, 29 Jan 2015 06:00:30 +0000 (15:00 +0900)]
po: Update Japanese Translation.

4 years agogpg: Limit the size of key packets to a sensible value.
Werner Koch [Wed, 28 Jan 2015 19:32:28 +0000 (20:32 +0100)]
gpg: Limit the size of key packets to a sensible value.

* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
(MAX_UID_PACKET_LENGTH): New.
(MAX_COMMENT_PACKET_LENGTH): New.
(MAX_ATTR_PACKET_LENGTH): New.
(parse_key): Limit the size of a key packet to 256k.
(parse_user_id): Use macro for the packet size limit.
(parse_attribute): Ditto.
(parse_comment): Ditto.
--

Without that it is possible to force gpg to allocate large amounts of
memory by using a bad encoded MPI.  This would be an too easy DoS.
Another way to mitigate would be to change the MPI read function to
allocate memory dynamically while reading the MPI.  However, that
complicates and possibly slows down the code.  A too large key packet
is in any case a sign for broken data and thus gpg should not use it.

Reported-by: Hanno Böck
GnuPG-bug-id: 1823
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix buffering problem in --list-config.
Werner Koch [Wed, 28 Jan 2015 19:12:21 +0000 (20:12 +0100)]
gpg: Fix buffering problem in --list-config.

* g10/gpg.c (list_config): Replace print_sanitized_string2 by
es_write_sanitized.

* common/stringhelp.c (print_sanitized_buffer2): Remove.
(print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
(print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
(print_sanitized_string): Remove.

* sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
(pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
--

Mixing stdio and estream is never a good idea.  This fix also allows
us to remove a lot of garbage.

Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
GnuPG-bug-id: 1822
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoAdd a hook to be called right after main.
Werner Koch [Wed, 28 Jan 2015 18:57:22 +0000 (19:57 +0100)]
Add a hook to be called right after main.

* common/init.c (early_system_init): New stub function.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Allow predefined names as answer to the keygen.algo prompt.
Werner Koch [Wed, 28 Jan 2015 08:11:02 +0000 (09:11 +0100)]
gpg: Allow predefined names as answer to the keygen.algo prompt.

* g10/keygen.c (ask_algo): Add list of strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Add some extra robustness to extract_private_key
Werner Koch [Tue, 27 Jan 2015 09:22:47 +0000 (10:22 +0100)]
agent: Add some extra robustness to extract_private_key

* agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
Make sure that R_FLAGS and R_CURVE are set to NULL.
--

Given that extract_private_key is not file local it is good to have some
extra asserts to protect against future wrong use.

Signed-off-by: Werner Koch <wk@gnupg.org>