gnupg.git
2 hours agoagent: Fix build regression for Windows. master
Werner Koch [Mon, 22 Oct 2018 15:24:58 +0000 (17:24 +0200)]
agent: Fix build regression for Windows.

* agent/command-ssh.c (get_client_info): Turn client_uid into an int.
Fix setting of it in case of a failed getsocketopt.
* agent/command.c (start_command_handler): Fix setting of the pid and
uid for Windows.
--

Fixes-commit: 28aa6890588cc108639951bb4bef03ac17743046
which obviously was only added to master.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 hours agodirmngr: In verbose mode print the OCSP responder id.
Werner Koch [Mon, 22 Oct 2018 12:23:11 +0000 (14:23 +0200)]
dirmngr: In verbose mode print the OCSP responder id.

* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.

Signed-off-by: Werner Koch <wk@gnupg.org>
7 days agotools: Replace duplicated code in mime-maker.
Werner Koch [Mon, 15 Oct 2018 09:32:19 +0000 (11:32 +0200)]
tools: Replace duplicated code in mime-maker.

* tools/rfc822parse.c (HEADER_NAME_CHARS): New.  Taken from
mime-maker.c.
(rfc822_valid_header_name_p): New.  Based on code from mime-maker.c.
(rfc822_capitalize_header_name): New.  Copied from mime-maker.c.
(capitalize_header_name): Remove.  Replace calls by new func.
(my_toupper, my_strcasecmp): New.
* tools/mime-maker.c: Include rfc822parse.h.
(HEADER_NAME_CHARS, capitalize_header_name): Remove.
(add_header): Replace check and capitalization by new functions.
--

This is a straightforward change with two minor chnages:

- In rfc822parse.c the capitalization handles MIME-Version special.
- The check in mime-maker bow detects a zero-length name as invalid.

my_toupper and my_strcasecmp are introduced to allow standalone use
of that file.

Signed-off-by: Werner Koch <wk@gnupg.org>
7 days agoscd: Fix signing authentication status.
NIIBE Yutaka [Mon, 15 Oct 2018 02:10:15 +0000 (11:10 +0900)]
scd: Fix signing authentication status.

* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.

--

We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".

GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
10 days agoagent: Fix message for ACK button.
NIIBE Yutaka [Fri, 12 Oct 2018 02:36:59 +0000 (11:36 +0900)]
agent: Fix message for ACK button.

* agent/divert-scd.c (getpin_cb): Display correct message.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
11 days agoscd: Support "acknowledge button" feature.
NIIBE Yutaka [Thu, 11 Oct 2018 06:41:49 +0000 (15:41 +0900)]
scd: Support "acknowledge button" feature.

* scd/apdu.c (set_prompt_cb): New member function.
(set_prompt_cb_ccid_reader): New function.
(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
(apdu_set_prompt_cb): New.
* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
* ccid-driver.c (ccid_set_prompt_cb): New.
(bulk_in): Call ->prompt_cb when timer extension.
* scd/command.c (popup_prompt): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
11 days agoagent: Support --ack option for POPUPPINPADPROMPT.
NIIBE Yutaka [Thu, 11 Oct 2018 04:37:24 +0000 (13:37 +0900)]
agent: Support --ack option for POPUPPINPADPROMPT.

* agent/divert-scd.c (getpin_cb): Support --ack option.

--

We are now introducing "acknowledge button" feature to scdaemon,
so that we can support OpenPGPcard User Interaction Flag.

We will (re)use the mechanism of POPUPPINPADPROMPT for this.  Perhaps,
we will change the name of POPUPPINPADPROMPT, since it will be no
longer for PINPAD only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 days agogpg: Don't take the a TOFU trust model from the trustdb,
Werner Koch [Wed, 10 Oct 2018 09:46:16 +0000 (11:46 +0200)]
gpg: Don't take the a TOFU trust model from the trustdb,

* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--

This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb.  This also requires that
the tofu trust model is requested on the command line.  If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,

GnuPG-bug-id: 4134

2 weeks agogpg: Fix extra check for sign usage of a data signature.
Werner Koch [Mon, 8 Oct 2018 14:14:17 +0000 (16:14 +0200)]
gpg: Fix extra check for sign usage of a data signature.

* g10/sig-check.c (check_signature_end_simple):
--

Obviously we should not ignore a back signature here.

Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5
GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
2 weeks agogpg: Make --skip-hidden-recipients work again.
Werner Koch [Mon, 8 Oct 2018 13:38:37 +0000 (15:38 +0200)]
gpg: Make --skip-hidden-recipients work again.

* g10/pubkey-enc.c (get_session_key): Take care of
opt.skip_hidden_recipients.
--
This was lost due to
Fixes-commit: ce2f71760155b71a71418fe145a557c99bd52290
GnuPG-bug-id: 4169

Signed-off-by: Werner Koch <wk@gnupg.org>
2 weeks agogpg: Add new card vendor
Werner Koch [Thu, 4 Oct 2018 07:57:03 +0000 (09:57 +0200)]
gpg: Add new card vendor

--

2 weeks agogpg: New options import-drop-uids and export-drop-uids.
Werner Koch [Tue, 2 Oct 2018 09:02:08 +0000 (11:02 +0200)]
gpg: New options import-drop-uids and export-drop-uids.

* g10/options.h (IMPORT_DROP_UIDS): New.
(EXPORT_DROP_UIDS): New.
* g10/import.c (parse_import_options): Add option "import-drop-uids".
(import_one): Don't bail out with that options and no uids found.
Also remove all uids.
(remove_all_uids): New.
* g10/export.c (parse_export_options): Add option "export-drop-uids".
(do_export_one_keyblock): Implement option.
--

These options are required for experiments with changes to the
keyserver infrastructure.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 weeks agocommon: Fix gnupg_reopen_std.
NIIBE Yutaka [Tue, 2 Oct 2018 05:22:24 +0000 (14:22 +0900)]
common: Fix gnupg_reopen_std.

* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.

--

When gpg was invoked by a Perl web application on FreeBSD, fstat in
gnupg_reopen_std failed with EBADF.  Using fcntl, which is considered
lighter than fstat, it works fine.  Since uur purpose is to check if
file descriptor is valid or not, lighter operation is better.

Reported-by: Marcin Gryszkalis <mg@fork.pl>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agog10,scd: Support UIF changing command.
NIIBE Yutaka [Thu, 27 Sep 2018 07:45:27 +0000 (16:45 +0900)]
g10,scd: Support UIF changing command.

* g10/card-util.c (uif, cmdUIF): New.
(card_edit): Add call to uif by cmdUIF.
* scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3.
(do_setattr): Likewise.
(do_learn_status): Learn UIF-1, UIF-2, and UIF-3.

--

GnuPG-bug-id: 4158
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 weeks agog10: Fix memory leak for --card-status.
NIIBE Yutaka [Tue, 18 Sep 2018 00:34:00 +0000 (09:34 +0900)]
g10: Fix memory leak for --card-status.

* g10/card-util.c (card_status): Release memory of serial number.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agog10: Fix another memory leak.
NIIBE Yutaka [Thu, 13 Sep 2018 23:11:45 +0000 (08:11 +0900)]
g10: Fix another memory leak.

* g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t.

--

The use of pubkey_t was wrong.  The use is just a list of keys, not
with keyblock.  With SK_LIST, release_sk_list releases memory by
free_public_key.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agog10: Fix memory leak (more).
NIIBE Yutaka [Thu, 13 Sep 2018 23:02:16 +0000 (08:02 +0900)]
g10: Fix memory leak (more).

* g10/skclist.c (enum_secret_keys): Free SERIALNO on update.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agog10: Fix memory leak in enum_secret_keys.
NIIBE Yutaka [Thu, 13 Sep 2018 22:55:20 +0000 (07:55 +0900)]
g10: Fix memory leak in enum_secret_keys.

* g10/skclist.c (enum_secret_keys): Don't forget to call
free_public_key in the error return paths.

--

Reported-by: Philippe Antoine
GnuPG-bug-id: 4140
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agoRevert "dirmngr: hkp: Avoid potential race condition when some hosts die."
NIIBE Yutaka [Tue, 11 Sep 2018 05:04:37 +0000 (14:04 +0900)]
Revert "dirmngr: hkp: Avoid potential race condition when some hosts die."

This reverts commit 04b56eff118ec34432c368b87e724bce1ac683f9.

--

Now the access to hosttable is serialized correctly.

5 weeks agodirmngr: Serialize access to hosttable.
NIIBE Yutaka [Tue, 11 Sep 2018 04:54:49 +0000 (13:54 +0900)]
dirmngr: Serialize access to hosttable.

* dirmngr/dirmngr.h (ks_hkp_init): New.
* dirmngr/dirmngr.c (main): Call ks_hkp_init.
* dirmngr/ks-engine-hkp.c (ks_hkp_init): New.
(ks_hkp_mark_host): Serialize access to hosttable.
(ks_hkp_print_hosttable, make_host_part): Likewise.
(ks_hkp_housekeeping, ks_hkp_reload): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agocommon: Use iobuf_get_noeof to avoid undefined behaviors.
NIIBE Yutaka [Mon, 10 Sep 2018 04:44:47 +0000 (13:44 +0900)]
common: Use iobuf_get_noeof to avoid undefined behaviors.

* common/iobuf.c (block_filter): Use iobuf_get_noeof.

--

When singed integer has negative value, left shift computation is
undefined in C.

GnuPG-bug-id: 4093
Reported-by: Philippe Antoine
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agoagent: Fix error code check from npth_mutex_init.
NIIBE Yutaka [Mon, 10 Sep 2018 00:16:50 +0000 (09:16 +0900)]
agent: Fix error code check from npth_mutex_init.

* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
error when npth_mutex_init returns non-zero.

--

Actually, initialize_module_call_pinentry is only called once from
main.  So, this bug had no harm and having the static variable
INITIALIZED is not needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agodirmngr: Emit SOURCE status also on NO_DATA.
Werner Koch [Fri, 7 Sep 2018 09:48:18 +0000 (11:48 +0200)]
dirmngr: Emit SOURCE status also on NO_DATA.

* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--

If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 weeks agodirmngr: hkp: Avoid potential race condition when some hosts die.
Daniel Kahn Gillmor [Sat, 29 Oct 2016 05:25:05 +0000 (01:25 -0400)]
dirmngr: hkp: Avoid potential race condition when some hosts die.

* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
through the host table instead of risking out-of-bounds write.

--

Multiple threads may write to hosttable[x]->dead while
select_random_host() is running.  For example, a housekeeping thread
might clear the ->dead bit on some entries, or another connection to
dirmngr might manually mark a host as alive.

If one or more hosts are resurrected between the two loops over a
given table in select_random_host(), then the allocation of tbl might
not be large enough, resulting in a write past the end of tbl on the
second loop.

This change collapses the two loops into a single loop to avoid this
discrepancy: each host's "dead" bit is now only checked once.

As Werner points out, this isn't currently strictly necessary, since
npth will not switch threads unless a blocking system call is made,
and no blocking system call is made in these two loops.

However, in a subsequent change in this series, we will call a
function in this loop, and that function may sometimes write(2), or
call other functions, which may themselves block.  Keeping this as a
single-pass loop avoids the need to keep track of what might block and
what might not.

GnuPG-bug-id: 2836
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 weeks agog10: Fix memory leak.
NIIBE Yutaka [Fri, 7 Sep 2018 04:01:52 +0000 (13:01 +0900)]
g10: Fix memory leak.

* g10/import.c (read_block): Call free_packet to skip the packet.

--

Reported-by: Philippe Antoine
GnuPG-bug-id: 3916
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agogpgscm: Suppress warnings for GCC > 6.
NIIBE Yutaka [Thu, 6 Sep 2018 05:53:35 +0000 (14:53 +0900)]
gpgscm: Suppress warnings for GCC > 6.

* tests/gpgscm/scheme.c (CASE): Use unused attribute for GCC > 6.
(FALLTHROUGH): New for fallthrough.
(Eval_Cycle): Use FALLTHROUGH.  Remove not-needed comment of
fallthrough.

--

Since GCC combines C preprocessor macro expansion, the fallthrough
comment doesn't work well to suppress warnings for
-Wimplicit-fallthrough, near the macro CASE.  To handle this
problem, we use GCC's extension of unused label and fallthrough
attributes.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agoFix use of strncpy, which is actually good to use memcpy.
NIIBE Yutaka [Thu, 6 Sep 2018 02:41:13 +0000 (11:41 +0900)]
Fix use of strncpy, which is actually good to use memcpy.

* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
7 weeks agoartwork: State license of the logo
Werner Koch [Thu, 30 Aug 2018 08:33:28 +0000 (10:33 +0200)]
artwork: State license of the logo

--

7 weeks agogpg: Explain error message in key generation with --batch
Werner Koch [Wed, 29 Aug 2018 13:14:29 +0000 (15:14 +0200)]
gpg: Explain error message in key generation with --batch

* g10/keygen.c (generate_keypair): Show more info.
--

GnuPG-bug-id: 3912
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agodoc: Minor additions to the gpg man page
Werner Koch [Wed, 29 Aug 2018 13:04:44 +0000 (15:04 +0200)]
doc: Minor additions to the gpg man page

--

Includes a fix for
GnuPG-bug-id: 3906

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Remove unused function get_pubkeys.
Werner Koch [Wed, 29 Aug 2018 09:53:59 +0000 (11:53 +0200)]
gpg: Remove unused function get_pubkeys.

* g10/getkey.c (get_pubkeys): Remove.
(pubkey_free): Remove and use code directly ...
(pubkeys_free): ... here.

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agodoc: Show how to list envvars send to gpg-agent.
Werner Koch [Wed, 29 Aug 2018 07:53:06 +0000 (09:53 +0200)]
doc: Show how to list envvars send to gpg-agent.

--

GnuPG-bug: 3353
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: New option --known-notation.
Werner Koch [Wed, 29 Aug 2018 07:36:09 +0000 (09:36 +0200)]
gpg: New option --known-notation.

* g10/gpg.c (oKnownNotation): New const.
(opts): Add option --known-notation.
(main): Set option.
* g10/parse-packet.c (known_notations_list): New local var.
(register_known_notation): New.
(can_handle_critical_notation): Rewrite to handle the new feature.
Also print the name of unknown notations in verbose mode.
--

GnuPG-bug-id: 4060
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Refresh expired keys originating from the WKD.
Werner Koch [Tue, 28 Aug 2018 13:22:35 +0000 (15:22 +0200)]
gpg: Refresh expired keys originating from the WKD.

* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
(get_pubkey_byname): Set it.
(only_expired_enc_subkeys): New.
(get_best_pubkey_byname): Add support to refresh expired keys from the
WKD.
--

A little drawback of that code is that if the WKD has no update for an
expired key each access of the key will trigger a WKD lookup (unless
cached by the dirmngr).  To avoid this we need to record the last time
we have checked for an update but that would in turn require that we
update the keyring for each check.  We defer this until we have a
better key database which allows for fast updates of meta data.

Testing the code is currently a bit cumbersome because it requires to
update a key in the WKD several times.  Eventually we we need a
network emulation layer to provide sample data for the regression
tests.

GnuPG-bug-id: 2917
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Remove unused arg from a function.
Werner Koch [Tue, 28 Aug 2018 13:11:10 +0000 (15:11 +0200)]
gpg: Remove unused arg from a function.

* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
Change both callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agogpg: Prepare for longer card fingerprints.
Werner Koch [Mon, 27 Aug 2018 14:57:04 +0000 (16:57 +0200)]
gpg: Prepare for longer card fingerprints.

* g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to
"*len".
* g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to
return the actual length.
(agent_release_card_info): Adjust for these changes.
* g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add
arg FPRLEN.  Change all callers to pass the length.
(print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg
FPRLEN.  Change all callers to pass the length.
(fpr_is_zero): Add arg FPRLEN.
(fpr_is_ff): Ditto.
(show_card_key_info): Use the new functions.
* g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN.
--

This is not needed right now but we should get rid of all hard coded
fingerprint lengths.  Thus this change.

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agog10: Fix enum_secret_keys for card keys.
NIIBE Yutaka [Tue, 12 Jun 2018 07:20:21 +0000 (16:20 +0900)]
g10: Fix enum_secret_keys for card keys.

* g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns
fingerprint in binary, change it to hex string.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
8 weeks agog10: Prefer to available card keys for decryption.
NIIBE Yutaka [Tue, 12 Jun 2018 01:42:24 +0000 (10:42 +0900)]
g10: Prefer to available card keys for decryption.

* g10/skclist.c (enum_secret_keys): Add logic to prefer
decryption keys on cards.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
8 weeks agog10: Move enum_secret_keys to skclist.c.
NIIBE Yutaka [Tue, 12 Jun 2018 01:36:59 +0000 (10:36 +0900)]
g10: Move enum_secret_keys to skclist.c.

* g10/getkey.c (enum_secret_keys): Move to...
* g10/skclist.c (enum_secret_keys): ... here.

--

The function enum_secret_keys is not used by gpgv.c, but it is in
getkey.c.  Extending enum_secret_keys will require change of gpgv.c,
so moving the function to the file for gpg is better.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
8 weeks agog10: Fix comment of enum_secret_keys.
NIIBE Yutaka [Mon, 11 Jun 2018 06:02:57 +0000 (15:02 +0900)]
g10: Fix comment of enum_secret_keys.

* g10/getkey.c (enum_secret_keys): Fix comment for usage of
enum_secret_keys, following the previous change.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
8 weeks agog10: Enumerated keys for decryption should be unique.
NIIBE Yutaka [Mon, 11 Jun 2018 02:48:14 +0000 (11:48 +0900)]
g10: Enumerated keys for decryption should be unique.

* g10/getkey.c (enum_secret_keys): Collecting keys in the context,
check duplicate to make sure returning only unique keys.
* g10/pubkey-enc.c (get_session_key): Now, it's the responsibility of
enum_secret_keys to free keys.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
8 weeks agog10: Change decryption key selection for public key encryption.
NIIBE Yutaka [Mon, 27 Aug 2018 04:12:31 +0000 (13:12 +0900)]
g10: Change decryption key selection for public key encryption.

* g10/mainproc.c (struct mainproc_context): It's now pubkey_enc_list.
(do_proc_packets): Remove the first arg CTRL.  Fix call of
proc_pubkey_enc.
(release_list): Handle pubkey_enc_list.
(proc_pubkey_enc): Remove the first arg CTRL.  Simply put the packet
to pubkey_enc_list.
(print_pkenc_list): Remove the last arg FAILED.
(proc_encrypted): Only call print_pkenc_list once.
Handle DEK here.
(proc_packets, proc_signature_packets, proc_signature_packets_by_fd)
(proc_encryption_packets): Fix call of do_proc_packets.
* g10/packet.h (struct pubkey_enc_list): Define.
* g10/pubkey-enc.c (get_it): Change the second argument K.
(get_session_key): Select session key by LIST, using enum_secret_keys.
* g10/gpgv.c (get_session_key): Change the second argument K.
* g10/test-stubs.c (get_session_key): Likewise.

--

Collect all PKT_PUBKEY_ENC packets, and then, process the
PKT_ENCRYPTED* packet.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agog10: Fix undefined behavior when EOF in parsing packet for S2K.
NIIBE Yutaka [Fri, 10 Aug 2018 06:29:06 +0000 (15:29 +0900)]
g10: Fix undefined behavior when EOF in parsing packet for S2K.

* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
(parse_key): Likewise.

--

When EOF comes at parsing s2k.count, it is possible the value will
be (unsigned long)-1.  Then, the result of S2K_DECODE_COUNT will be
undefined.  This patch fixes undefined behavior.

Reported-by: Philippe Antoine
GnuPG-bug-id: 4093
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agogpg: Set a limit for a WKD import of 256 KiB.
Werner Koch [Fri, 27 Jul 2018 15:35:00 +0000 (17:35 +0200)]
gpg: Set a limit for a WKD import of 256 KiB.

* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
(gpg_dirmngr_wkd_get): Use it.
--

WKD should return only a single key with just one UID.  For key
rollover 2 keys may be send.  A total of 256 KiB seems to be a
generous limit here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agodirmngr: Validate SRV records in WKD queries.
Werner Koch [Fri, 27 Jul 2018 10:23:38 +0000 (12:23 +0200)]
dirmngr: Validate SRV records in WKD queries.

* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
to mitigate rogue DNS servers.
--

I am not sure wether this really is very useful because the security
relies on a trustworthy DNS system anyway.  However, that check is
easy enough to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agocommon: New function to validate domain names.
Werner Koch [Fri, 27 Jul 2018 09:56:06 +0000 (11:56 +0200)]
common: New function to validate domain names.

* common/mbox-util.c (is_valid_domain_name): New.
* common/t-mbox-util.c (run_dns_test): New test.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agoscd: Add support for Trustica Cryptoucan.
Jiří Keresteš [Tue, 17 Jul 2018 15:11:42 +0000 (17:11 +0200)]
scd: Add support for Trustica Cryptoucan.

2 months agoRegister DCO for Jiri Kerestes.
NIIBE Yutaka [Thu, 26 Jul 2018 02:44:10 +0000 (11:44 +0900)]
Register DCO for Jiri Kerestes.

--

2 months agodirmngr: Print a WARNING status for DNS config problems.
Werner Koch [Wed, 25 Jul 2018 12:35:04 +0000 (14:35 +0200)]
dirmngr: Print a WARNING status for DNS config problems.

* dirmngr/dirmngr-status.h: New.
* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
to that file.
* dirmngr/t-support.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h.
(t_common_src): Add t-support.c.
* dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL.
* dirmngr/dns-stuff.c: Include dirmngr-status.h.
(libdns_init): Print WARNING status line.  Change call callers to take
and pass a CTRL argument.
* g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING
status.
--

To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run
gpg --recv-key -v SOMETHING.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agogpg: Use 128 MiB as default AEAD chunk size.
Werner Koch [Tue, 24 Jul 2018 07:50:02 +0000 (09:50 +0200)]
gpg: Use 128 MiB as default AEAD chunk size.

* g10/gpg.c (oDebugAllowLargeChunks): New.
(opts): New option --debug-allow-large-chunks.
(main): Implement that option.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agoRegister DCO fo Michael Haubenwallner.
NIIBE Yutaka [Tue, 17 Jul 2018 05:14:39 +0000 (14:14 +0900)]
Register DCO fo Michael Haubenwallner.

--

3 months agodoc: Add NEWS about the 2.2.9 release
Werner Koch [Thu, 12 Jul 2018 18:51:02 +0000 (20:51 +0200)]
doc: Add NEWS about the 2.2.9 release

--

3 months agogpg: Remove multiple subkey bindings during export-clean.
Werner Koch [Mon, 9 Jul 2018 10:01:02 +0000 (12:01 +0200)]
gpg: Remove multiple subkey bindings during export-clean.

* g10/key-clean.c (clean_one_subkey_dupsigs): New.
(clean_all_subkeys): Call it.
--

GnuPG-bug-id: 3804
Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agogpg: Let export-clean remove expired subkeys.
Werner Koch [Mon, 9 Jul 2018 07:49:09 +0000 (09:49 +0200)]
gpg: Let export-clean remove expired subkeys.

* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
* g10/key-clean.c (clean_one_subkey): New.
(clean_all_subkeys): Add arg CLEAN_LEVEL.
* g10/import.c (import_one): Call clean_all_subkeys with
KEY_CLEAN_NONE.
* g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
the export clean options.
--

GnuPG-bug-id: 3622
Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agogpg: Split key cleaning function for clarity.
Werner Koch [Fri, 6 Jul 2018 09:48:38 +0000 (11:48 +0200)]
gpg: Split key cleaning function for clarity.

* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
subkey cleaning into ...
(clean_all_subkeys): new.  Call that always after the former clean_key
invocations.
--

Note that the clean_all_subkeys function will later be extended.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agogpg: Move key cleaning functions to a separate file.
Werner Koch [Fri, 6 Jul 2018 09:40:16 +0000 (11:40 +0200)]
gpg: Move key cleaning functions to a separate file.

* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/key-clean.h: New.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
new header.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agopo: Add flag options for xgettext.
Werner Koch [Thu, 5 Jul 2018 19:39:53 +0000 (21:39 +0200)]
po: Add flag options for xgettext.

* po/Makevars (XGETTEXT_OPTIONS): Add --flag options.
--

GnuPG-bug-id: 4053, 4054
Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agogpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
Werner Koch [Thu, 5 Jul 2018 18:55:32 +0000 (20:55 +0200)]
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.

* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--

GnuPG-bug-id: 4046

The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agodoc: Typo fix in a comment.
Werner Koch [Thu, 5 Jul 2018 07:42:06 +0000 (09:42 +0200)]
doc: Typo fix in a comment.

--

3 months agogpg: Ignore too large user ids during import.
Werner Koch [Wed, 4 Jul 2018 07:53:10 +0000 (09:53 +0200)]
gpg: Ignore too large user ids during import.

* g10/import.c (read_block): Add special treatment for bad user ids
and comment packets.
--

See
GnuPG-bug-id: 4022
for an example of a bogus user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agoindent: Fix indentation of read_block in g10/import.c
Werner Koch [Wed, 4 Jul 2018 07:45:52 +0000 (09:45 +0200)]
indent: Fix indentation of read_block in g10/import.c

--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agogpg: Extra check for sign usage when verifying a data signature.
Werner Koch [Wed, 4 Jul 2018 06:59:12 +0000 (08:59 +0200)]
gpg: Extra check for sign usage when verifying a data signature.

* g10/sig-check.c (check_signature_end_simple): Check sign usage.
--

Without this patch the signature verification fails only due to the
missing back signature.  This check better explains what went wrong.

GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agog10: Fix memory leak for PKT_signature.
NIIBE Yutaka [Tue, 3 Jul 2018 00:07:03 +0000 (09:07 +0900)]
g10: Fix memory leak for PKT_signature.

* g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
* g10/gpgcompose.c (signature): Likewise.
* g10/sign.c (write_signature_packets): Likewise.

--

Reported-by: Philippe Antoine
GnuPG-bug-id: 4047
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 months agoagent: New commands PUT_SECRET and GET_SECRET.
Werner Koch [Mon, 2 Jul 2018 19:24:15 +0000 (21:24 +0200)]
agent: New commands PUT_SECRET and GET_SECRET.

* agent/agent.h (CACHE_MODE_DATA): New const.
* agent/cache.c (DEF_CACHE_TTL_DATA): new.
(housekeeping): Tweak for CACHE_MODE_DATA.
(cache_mode_equal): Ditto.
(agent_get_cache): Ditto.
(agent_put_cache): Implement CACHE_MODE_DATA.
* agent/command.c (MAXLEN_PUT_SECRET): New.
(parse_ttl): New.
(cmd_get_secret): New.
(cmd_put_secret): New.
(register_commands): Register new commands.
--

These commands allow to store secrets in memory for the lifetime of
the gpg-agent process.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agocommon: New function percent_data_escape.
Werner Koch [Mon, 2 Jul 2018 18:24:10 +0000 (20:24 +0200)]
common: New function percent_data_escape.

* common/percent.c (percent_data_escape): New.
* common/t-percent.c (test_percent_data_escape): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agoagent: Fix segv running in --server mode
Werner Koch [Mon, 2 Jul 2018 18:22:42 +0000 (20:22 +0200)]
agent: Fix segv running in --server mode

* agent/command.c (start_command_handler): Do not write to
CLIENT_CREDS after an error.
--

assuan_get_peercred is special insofar that it returns a pointer into
CTX.  Writing data via this pointer should never be done.

Fixes-commit: 28aa6890588cc108639951bb4bef03ac17743046
Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agolibdns: For SOCKS connection, just fails.
NIIBE Yutaka [Mon, 2 Jul 2018 01:37:49 +0000 (10:37 +0900)]
libdns: For SOCKS connection, just fails.

* dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
iterate to other server, but return the error immediately.

--

In the function libdns_switch_port_p in dns-stuff.c, this patch
allows to fallback using TOR_PORT2 correctly.

Fixes-commit: bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agogpg: Print revocation reason for "rev" records.
Werner Koch [Thu, 21 Jun 2018 18:28:40 +0000 (20:28 +0200)]
gpg: Print revocation reason for "rev" records.

* g10/main.h: Add prototype.
* g10/keylist.c (list_keyblock_print): Print revocation info.
(list_keyblock_colon): Ditto.

* g10/test-stubs.c (get_revocation_reason): New stub.
* g10/gpgv.c (get_revocation_reason): New stub.
--

GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Print revocation reason for "rvs" records.
Werner Koch [Thu, 21 Jun 2018 16:32:13 +0000 (18:32 +0200)]
gpg: Print revocation reason for "rvs" records.

* g10/import.c (get_revocation_reason): New.
(list_standalone_revocation): Extend function.
--

Note that this function extends the "rvs" field signature-class (field
11) with the revocation reason.  GPGME does not yet parse this but it
can be expected that the comma delimiter does not break other parsers.

A new field is added to the "rvs" (and in future also the "rev")
record to carry a record specific comment.  Hopefully all parsers
meanwhile learned the lesson from other new fields and don't bail out
on more fields than they know about.

This is partial solution to
GnuPG-bug-id: 1173

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Let --show-keys print revocation certificates.
Werner Koch [Thu, 21 Jun 2018 13:06:30 +0000 (15:06 +0200)]
gpg: Let --show-keys print revocation certificates.

* g10/import.c (list_standalone_revocation): New.
(import_revoke_cert): Call new function.
--

GnuPG-bug-id: 4018
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agobuild: Remove duplicates from AC_CHECK_FUNCS
Werner Koch [Thu, 21 Jun 2018 10:56:40 +0000 (12:56 +0200)]
build: Remove duplicates from AC_CHECK_FUNCS

* configure.ac (AC_CHECK_FUNCS): Fold most calls into one.
--

A few functions were tested two times which slightly increases the size
of the configure script.  Also put the functions in sorted order into
the macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agolibdns: Let kernel to decide the local port.
NIIBE Yutaka [Tue, 19 Jun 2018 23:59:05 +0000 (08:59 +0900)]
libdns: Let kernel to decide the local port.

* dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
(dns_socket): Don't select ephemeral port in user space.

--

There is no good reason to bind local port aggressively.  It might be
some reason to do so, then, a user can specify it in /etc/resolv.conf
by the second argument of "interface" directive.

At least, it causes a problem on Windows.  Binding a specified port in
user space can trigger the Firewall dialog on Windows.  Since it can
be considered valid question, it is better not to bind with an
ephemeral port which is selected in user space, by default.

GnuPG-bug-id: 3610
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agowks: Take name of sendmail from configure.
Werner Koch [Tue, 19 Jun 2018 06:06:50 +0000 (08:06 +0200)]
wks: Take name of sendmail from configure.

* configure.ac (NAME_OF_SENDMAIL): New ac_define.
* tools/send-mail.c (run_sendmail): Use it.
--

We used to ac_subst the SENDMAIL in the old keyserver via mail script.
We cab reuse this to avoid a fixed name for sendmail in the
send-mail.c helper.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agolibdns: Fix for non-FQDN hostname.
NIIBE Yutaka [Mon, 18 Jun 2018 01:13:35 +0000 (10:13 +0900)]
libdns: Fix for non-FQDN hostname.

* dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN
hostname.

--

GnuPG-bug-id: T3803
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agolibdns: Fix connect and try next nameserver when ECONNREFUSED.
NIIBE Yutaka [Fri, 15 Jun 2018 03:58:29 +0000 (12:58 +0900)]
libdns: Fix connect and try next nameserver when ECONNREFUSED.

* dirmngr/dns.c (dns_so_check): When EINVAL, release the association
by connect with AF_UNSPEC and try again.  Also try again for
ECONNREFUSED.
(dns_res_exec): Try next nameserver when ECONNREFUSED.

--

GnuPG-bug-id: T3374
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agolibdns: Clear struct sockaddr_storage by zero.
NIIBE Yutaka [Fri, 15 Jun 2018 01:38:22 +0000 (10:38 +0900)]
libdns: Clear struct sockaddr_storage by zero.

* dirmngr/dns.c (dns_resconf_pton): Clear SS.
(dns_resconf_setiface): Clear ->IFACE.
(dns_hints_root, send_query): Clear SS.

--

POSIX requires clear the structure of struct sockaddr_in6.  On macOS,
in some case like bind, it is better to clear even for struct
sockaddr_in.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agolibdns: Sync to upstream.
NIIBE Yutaka [Thu, 14 Jun 2018 04:10:57 +0000 (13:10 +0900)]
libdns: Sync to upstream.

* dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark.

--

Reverting local change, merge upstream's debug-tracing branch.
(commit 21281fc1b63bb74d51762b8e363c49b1a258783d)

Fixes-commit: d4c0187dd93163f12e9f953366adef81ecf526a6
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agodirmngr: Fix recursive resolver mode.
NIIBE Yutaka [Thu, 14 Jun 2018 04:01:45 +0000 (13:01 +0900)]
dirmngr: Fix recursive resolver mode.

* dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.

--

To reproduce an error, run:

    ./t-dns-stuff --debug --recursive-resolver www.gnupg.org

Then, it returns "No name" error.  That's because there was only setup
for root servers, and no setup for recursive query in fact.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agoSome preparations to eventuallt use gpgrt_argparse.
Werner Koch [Tue, 12 Jun 2018 14:11:19 +0000 (16:11 +0200)]
Some preparations to eventuallt use gpgrt_argparse.

* configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New.
* tools/watchgnupg.c (print_version): USe this macro.
* common/init.c (_init_common_subsystems): Register argparse
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoRequire libgpg-error 1.29 and remove internal logging functions.
Werner Koch [Tue, 12 Jun 2018 11:46:00 +0000 (13:46 +0200)]
Require libgpg-error 1.29 and remove internal logging functions.

* configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.29
* common/util.h: Remove replacement error codes.
* common/logging.h: Remove fallback to internal logging functions.
* common/logging.c: Remove.
* common/Makefile.am (common_sources): Remove logging.c

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Do not import revocations with --show-keys.
Werner Koch [Tue, 12 Jun 2018 06:44:55 +0000 (08:44 +0200)]
gpg: Do not import revocations with --show-keys.

* g10/import.c (import_revoke_cert): Add arg 'options'.  Take care of
IMPORT_DRY_RUN.
--

GnuPG-bug-id: 4017
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agocard: Fix memory leak for fetch-url sub command.
NIIBE Yutaka [Tue, 12 Jun 2018 06:54:18 +0000 (15:54 +0900)]
card: Fix memory leak for fetch-url sub command.

* g10/card-util.c (fetch_url): Release INFO.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agogpg: Add new usage option for drop-subkey filters.
Daniel Kahn Gillmor [Tue, 12 Jun 2018 04:41:59 +0000 (00:41 -0400)]
gpg: Add new usage option for drop-subkey filters.

* g10/import.c (impex_filter_getval): Add new "usage" property for
drop-subkey filter.
--

For example, this permits extraction of only encryption-capable
subkeys like so:

    gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR

GnuPG-Bug-id: 4019
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4 months agodoc: Include release info from 2.2.8
Werner Koch [Mon, 11 Jun 2018 06:55:20 +0000 (08:55 +0200)]
doc: Include release info from 2.2.8

--

4 months agogpg: Set some list options with --show-keys
Werner Koch [Mon, 11 Jun 2018 06:46:37 +0000 (08:46 +0200)]
gpg: Set some list options with --show-keys

* g10/gpg.c (main): Set some list options.
--

The new command --show-keys is commonly used to check the content of a
file with keys.  In this case it can be expected that all included
subkeys and uids are of interested, even when they are already expired
or have been revoked.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Sanitize diagnostic with the original file name.
Werner Koch [Fri, 8 Jun 2018 08:45:21 +0000 (10:45 +0200)]
gpg: Sanitize diagnostic with the original file name.

* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--

This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic.  The mention CVE is about using this to inject
status-fd lines into the stderr output.  Other harm good as well be
done.  Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.

CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012

4 months agogpg: Improve import's repair-key duplicate signature detection.
Werner Koch [Thu, 7 Jun 2018 16:41:17 +0000 (18:41 +0200)]
gpg: Improve import's repair-key duplicate signature detection.

* g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
(remove_duplicate_sigs): new.
(key_check_all_keysigs): Call remove_duplicate_sigs again after
reordering.
--

This is a follupup for commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba
to cleanup the code and to add a second de-duplicate step when needed.

GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Fix import's repair-key duplicate signature detection.
Werner Koch [Thu, 7 Jun 2018 15:22:58 +0000 (17:22 +0200)]
gpg: Fix import's repair-key duplicate signature detection.

* g10/packet.h (PKG_siganture): Add field 'help_counter'.
* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
(key_check_all_keysigs): De-duplicate on a per-block base.
--

The key_check_all_keysigs first does a detection of duplicate
signature.  This is done over all signatures at once.  The problem
here is for example:

   key
   uid_1
     sig_uid_1.1
     sig_uid_1.2
   subkey_1
     sig_sub_1.1
   subkey_2
     sig_sub_2.1
     sig_sub_2.2  (duplicate of sig_sub_1.1)

Now the de-duplication deletes the first signature and keeps the
second.  That works in most cases for foreign signature on userids but
in the above constellation the code simply removes sig_sub_1.1 so that
subkey_1 has no binding signature anymore.  In a later step during
import the missing binding is detected and subkey_1 is removed because
it is not anymore valid.  The sig_sub_2.2 will also be removed later
because it does not check out for subkey_2 (that is as expected).

The fix is to let the de-duplication work only on blocks (ie. within
the signatures of a user id or a subkey).  This will not detect all
duplicates but that does not harm because later steps will detect and
remove them.

In the above case (with this patch applied) the second phase of
key_check_all_keysigs will reorder key signatures and move the
duplicate sig_sub_2.2 directly after sig_sub_1.1.  This duplicates the
signature and for cleanness we should kick the de-duplication process
again.  This will be done with a followup patch.

GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Improve verbose output during import.
Werner Koch [Thu, 7 Jun 2018 08:30:07 +0000 (10:30 +0200)]
gpg: Improve verbose output during import.

* g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
keyid.
(delete_inv_parts): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoagent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
Werner Koch [Wed, 6 Jun 2018 16:28:44 +0000 (18:28 +0200)]
agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.

* agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list
with the standard list.
--

Although the function agent_copy_startup_env is newer than
session_env_list_stdenvnames the latter was not used.  When
DBUS_SESSION_BUS_ADDRESS was added to the latter it was forgotten to
add it to the former as well.  Having all stdnames here seems to be
the Right Thing (tm) to do.

GnuPG-bug-id: 3947
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agodoc: Typo fixes
Werner Koch [Wed, 6 Jun 2018 15:25:51 +0000 (17:25 +0200)]
doc: Typo fixes

--

Reported-by: Claus Assmann <ca+gnupg-users@esmtp.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Also detect a plaintext packet before an encrypted packet.
Werner Koch [Wed, 6 Jun 2018 13:46:24 +0000 (15:46 +0200)]
gpg: Also detect a plaintext packet before an encrypted packet.

* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--

Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line.  We fail only later to get more information.  Callers
need to check and act upon the decryption error code anyway.

Thanks to Marcus for pointing out this case.

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: New command --show-keys.
Werner Koch [Wed, 6 Jun 2018 09:50:58 +0000 (11:50 +0200)]
gpg: New command --show-keys.

* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--

Using

  --import --import-options show-only

to look at a key is too cumbersome.  Provide this shortcut and also
remove some diagnostic cruft in this case.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agog10: Remove bogus comment.
NIIBE Yutaka [Tue, 5 Jun 2018 02:22:10 +0000 (11:22 +0900)]
g10: Remove bogus comment.

* g10/mainproc.c (proc_pubkey_enc): Remove a comment.

--

GnuPG always uses the OpenPGP algo number in its status report.
We can find a function in GPGME, it's _gpgme_map_pk_algo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agogpg: Print a hint on how to decrypt a non-mdc message anyway.
Werner Koch [Thu, 31 May 2018 10:59:40 +0000 (12:59 +0200)]
gpg: Print a hint on how to decrypt a non-mdc message anyway.

* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
MDC.  Also print a dedicated status error code

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Ignore the multiple message override options.
Werner Koch [Wed, 30 May 2018 20:05:57 +0000 (22:05 +0200)]
gpg: Ignore the multiple message override options.

* g10/gpg.c (oAllowMultisigVerification)
(oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
(opts): Turn --allow-multisig-verification, --allow-multiple-messages
and --no-allow-multiple-messages into NOPs
* g10/options.h (struct opt): Remove flags.allow_multiple_messages.
* g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
false.
--

These options are very old compatibility hacks and should not be used
anymore.  We keep them as dummy options in case someone has them in
the conf file.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Detect multiple literal plaintext packets more reliable.
Werner Koch [Wed, 30 May 2018 19:45:37 +0000 (21:45 +0200)]
gpg: Detect multiple literal plaintext packets more reliable.

* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
--

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Remove PGP6 compliance mode.
Werner Koch [Tue, 29 May 2018 11:01:12 +0000 (13:01 +0200)]
gpg: Remove PGP6 compliance mode.

* g10/gpg.c: Make --pgp6 an alias for --pgp7.
* common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
* g10/options.h (PGP6): Remove.  Adjust all users.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agodoc: Add a hint about gpgsm and DECRYPTION_INFO.
Werner Koch [Tue, 29 May 2018 10:43:39 +0000 (12:43 +0200)]
doc: Add a hint about gpgsm and DECRYPTION_INFO.

--

4 months agogpg: Remove MDC options
Werner Koch [Tue, 29 May 2018 10:42:44 +0000 (12:42 +0200)]
gpg: Remove MDC options

* g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify.  MDC is now almost always used.
(use_aead): Ignore MDC options. Print warning for missing MDC feature
flags.
* g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
(warn_missing_aead_from_pklist): this and adjust.
--

The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.

Signed-off-by: Werner Koch <wk@gnupg.org>