gnupg.git
12 days agodoc: Include release info from 2.2.6 master
Werner Koch [Tue, 10 Apr 2018 06:37:27 +0000 (08:37 +0200)]
doc: Include release info from 2.2.6

--

12 days agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Tue, 10 Apr 2018 08:14:30 +0000 (10:14 +0200)]
Merge branch 'STABLE-BRANCH-2-2' into master

--
Fixed conflicts:
  NEWS            - keep master
  configure.ac    - merge
  g10/card-util.c - mostly 2.2
  g10/sig-check.c - 2.2

12 days agoagent: Improve the unknown ssh flag detection.
Werner Koch [Tue, 10 Apr 2018 05:59:52 +0000 (07:59 +0200)]
agent: Improve the unknown ssh flag detection.

* agent/command-ssh.c (ssh_handler_sign_request): Simplify detection
of flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
12 days agoagent: unknown flags on ssh signing requests cause an error. T3880 T3880-fix
Daniel Kahn Gillmor [Mon, 9 Apr 2018 22:06:38 +0000 (18:06 -0400)]
agent: unknown flags on ssh signing requests cause an error.

* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
during an signature request that we do not know how to apply, return
GPG_ERR_UNKNOWN_OPTION.

--

https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:

    If the agent does not support the requested flags, or is otherwise
    unable or unwilling to generate the signature (e.g. because it
    doesn't have the specified key, or the user refused confirmation of a
    constrained key), it must reply with a SSH_AGENT_FAILURE message.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3880

12 days agoagent: change documentation reference for ssh-agent protocol.
Daniel Kahn Gillmor [Thu, 5 Apr 2018 15:49:44 +0000 (11:49 -0400)]
agent: change documentation reference for ssh-agent protocol.

* agent/command-ssh.c: repoint documentation reference.

--

Damien Miller is now documenting the ssh-agent protocol via the IETF.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12 days agoPost release updates
Werner Koch [Mon, 9 Apr 2018 20:25:37 +0000 (22:25 +0200)]
Post release updates

--

12 days agoRelease 2.2.6 gnupg-2.2.6
Werner Koch [Mon, 9 Apr 2018 19:21:38 +0000 (21:21 +0200)]
Release 2.2.6

12 days agopo: Auto-update.
Werner Koch [Mon, 9 Apr 2018 19:20:25 +0000 (21:20 +0200)]
po: Auto-update.

--

12 days agopo: Update German translation
Werner Koch [Mon, 9 Apr 2018 18:39:48 +0000 (20:39 +0200)]
po: Update German translation

--

Signed-off-by: Werner Koch <wk@gnupg.org>
12 days agodoc: Typo fix in gpg.texi
Werner Koch [Mon, 9 Apr 2018 17:46:54 +0000 (19:46 +0200)]
doc: Typo fix in gpg.texi

--

Reported-by: Cody Brownstein
12 days agogpg,w32: Fix empty homedir when only a drive letter is used.
Werner Koch [Mon, 9 Apr 2018 12:44:21 +0000 (14:44 +0200)]
gpg,w32: Fix empty homedir when only a drive letter is used.

* common/homedir.c (copy_dir_with_fixup): New.
(default_homedir): Use here.
(gnupg_set_homedir): And here .
--

This actually fixes a couple of cases for Windows.  Both --home-dir
and GNUPGHOME.  The interpretation of "c:" -> "c:/" might not be the
correct one but because we need an absolute dir anyway it is the less
surprising one.  Note that this does not include a full syntax check
and fixup and thus it is very well possible that the result is not an
absolute directory.

GnuPG-bug-id: 3720
Signed-off-by: Werner Koch <wk@gnupg.org>
13 days agodoc: Add an example for --default-new-key-algo
Werner Koch [Mon, 9 Apr 2018 08:44:44 +0000 (10:44 +0200)]
doc: Add an example for --default-new-key-algo

--

13 days agodoc: Document --key-edit:change-usage
Werner Koch [Mon, 9 Apr 2018 08:36:02 +0000 (10:36 +0200)]
doc: Document --key-edit:change-usage

* g10/keyedit.c (menu_changeusage): Make strings translatable.
--

GnuPG-bug-id: 3816
Signed-off-by: Werner Koch <wk@gnupg.org>
2 weeks agogpg: Check that a key may do certifications.
Werner Koch [Fri, 6 Apr 2018 09:04:04 +0000 (11:04 +0200)]
gpg: Check that a key may do certifications.

* g10/sig-check.c (check_signature_end_simple): Check key usage for
certifications.
(check_signature_over_key_or_uid): Request usage certification.
--

GnuPG-bug-id: 3844
Signed-off-by: Werner Koch <wk@gnupg.org>
2 weeks agogpg: Emit FAILURE stati now in almost all cases.
Werner Koch [Fri, 6 Apr 2018 15:32:08 +0000 (17:32 +0200)]
gpg: Emit FAILURE stati now in almost all cases.

* g10/cpr.c (write_status_failure): Make it print only once.
* g10/gpg.c (wrong_args): Bump error counter.
(g10_exit): Print a FAILURE status if we ever did a log_error etc.
(main): Use log_error instead of log_fatal at one place.  Print a
FAILURE status for a bad option.  Ditto for certain exit points so
that we can see different error locations.
--

This makes it easier to detect errors by tools which have no way to
get the exit code (e.g. due to double forking).

GnuPG-bug-id: 3872
Signed-off-by: Werner Koch <wk@gnupg.org>
2 weeks agodoc: Add a code comment about back signatures.
Werner Koch [Fri, 6 Apr 2018 09:01:46 +0000 (11:01 +0200)]
doc: Add a code comment about back signatures.

--

2 weeks agogpg: Re-indent sig-check.c and use signature class macros.
Werner Koch [Fri, 6 Apr 2018 08:18:53 +0000 (10:18 +0200)]
gpg: Re-indent sig-check.c and use signature class macros.

* g10/keydb.h (IS_BACK_SIG): New.
* g10/sig-check.c: Re-indent and use macros.
--

This makes the code easier to understand.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 weeks agoagent: Support SSH signature flags.
NIIBE Yutaka [Fri, 6 Apr 2018 05:58:14 +0000 (14:58 +0900)]
agent: Support SSH signature flags.

* agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
(SSH_AGENT_RSA_SHA2_512): New.
(ssh_handler_sign_request): Override SPEC when FLAGS
is specified.

--

GnuPG-bug-id: 3880
Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 weeks agogpg: Add new OpenPGP card vendor.
Werner Koch [Thu, 5 Apr 2018 13:25:13 +0000 (15:25 +0200)]
gpg: Add new OpenPGP card vendor.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 weeks agog10: Let card-edit/key-attr show message when change.
NIIBE Yutaka [Thu, 5 Apr 2018 01:37:23 +0000 (10:37 +0900)]
g10: Let card-edit/key-attr show message when change.

* g10/card-util.c (ask_card_rsa_keysize): Don't show message here.
(ask_card_keyattr): Show message when change, also for ECC.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 weeks agotests: Fix no gpg-agent upon removal of GNUPGHOME.
NIIBE Yutaka [Wed, 4 Apr 2018 11:27:08 +0000 (20:27 +0900)]
tests: Fix no gpg-agent upon removal of GNUPGHOME.

* tests/gpgscm/gnupg.scm (with-ephemeral-home-directory): Add
teadown-fn.
* tests/gpgsm/export.scm: Use -no-atexit version and stop-agent.
* tests/openpgp/decrypt-session-key.scm: Likewise.
* tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
* tests/openpgp/defs.scm (have-opt-always-trust): Likewise.
(setup-environment-no-atexit): New.
(start-agent): Support no use of atexit.
* tests/gpgsm/gpgsm-defs.scm (setup-gpgsm-environment-no-atexit): New.
* tests/migrations/common.scm (untar-armored): Follow the change
of with-ephemeral-home-directory.

--

When gpg-agent detects homedir removal, it will automatically exit.
Then, call of 'gpgconf --kill all' will fail.  So, stop-agent should
be called before the removal of homedir.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 weeks agoscd: Writing KDF resets auth state.
NIIBE Yutaka [Tue, 3 Apr 2018 11:30:29 +0000 (20:30 +0900)]
scd: Writing KDF resets auth state.

* scd/app-openpgp.c (do_setattr): Clear auth state.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 weeks agog10: Fix filtering by PK->REQ_USAGE.
NIIBE Yutaka [Mon, 2 Apr 2018 08:41:50 +0000 (17:41 +0900)]
g10: Fix filtering by PK->REQ_USAGE.

* g10/getkey.c (get_pubkey_byfprint): Filter by PK->REQ_USAGE.

--

GnuPG-bug-id: 3844
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agopo: Update Japanese translation.
NIIBE Yutaka [Fri, 30 Mar 2018 10:32:02 +0000 (19:32 +0900)]
po: Update Japanese translation.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agog10: Fix card-edit/kdf-setup for single salt.
NIIBE Yutaka [Fri, 30 Mar 2018 07:55:01 +0000 (16:55 +0900)]
g10: Fix card-edit/kdf-setup for single salt.

* g10/card-util.c (gen_kdf_data): Use SALT_USER.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agog10,scd: Support single salt for KDF data object.
NIIBE Yutaka [Fri, 30 Mar 2018 03:48:04 +0000 (12:48 +0900)]
g10,scd: Support single salt for KDF data object.

* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.

--

Gnuk has "admin-less" mode.  To support "admin-less" mode with KDF
feature, salt should be same for user and admin.  Thus, I introduce a
valid use of single salt.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agog10: Add "key-attr" command for --card-edit.
NIIBE Yutaka [Fri, 30 Mar 2018 01:59:10 +0000 (10:59 +0900)]
g10: Add "key-attr" command for --card-edit.

* g10/card-util.c (key_attr): New explicit command.
(generate_card_keys, card_generate_subkey): Don't ask key attr change.
(card_edit): Add for cmdKEYATTR.

--

GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agoscd: Support changing key attribute back to RSA.
NIIBE Yutaka [Fri, 30 Mar 2018 00:59:09 +0000 (09:59 +0900)]
scd: Support changing key attribute back to RSA.

* scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.

--

In the OpenPGP card specification, there are multiple options to
support RSA (having P and Q or not, etc.), and it is implementation
dependent.  Since GnuPG doesn't have knowledge which card
implementation support which option and there is no way (yet) for card
to express itself which key attributes are supported, we haven't
supported key attribute change back to RSA.  But, many card
implementation uses P and Q, try this option.  If other cases,
factory-reset would be easier option.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agog10: Support key attribute change at --card-edit/generate.
NIIBE Yutaka [Thu, 29 Mar 2018 02:56:02 +0000 (11:56 +0900)]
g10: Support key attribute change at --card-edit/generate.

* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
number 25519 for ed25519/cv25519.  Rename from ask_card_keyattr.
(ask_card_keyattr): Support ECC, as well as RSA.
(do_change_keyattr): Support ECC dropping magical number 25519.
* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
of CURRENT.
(generate_keypair): Follow the change of ask_curve.
(generate_subkeypair): Likewise.

--

GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agog10: check_pin_for_key_operation should be just before genkey.
NIIBE Yutaka [Thu, 29 Mar 2018 01:48:37 +0000 (10:48 +0900)]
g10: check_pin_for_key_operation should be just before genkey.

* g10/card-util.c (generate_card_keys): Check PIN later.
(card_generate_subkey): Likewise.

--

Changing key attribute resets PIN authentication status.  So, CHECKPIN
should be after that, before key generation.  Note that CHECKPIN is
done for binding signature.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agog10: Change ask_curve so that it can be used outside.
NIIBE Yutaka [Wed, 28 Mar 2018 09:44:45 +0000 (18:44 +0900)]
g10: Change ask_curve so that it can be used outside.

* g10/call-agent.h (struct key_attr): New.
* g10/keygen.c (ask_curve): Return const char *.  No allocation.
(quick_generate_keypair): Follow the change.
(generate_keypair, generate_subkeypair): Likewise.
(parse_algo_usage_expire): Return const char *.

--

This change is intended for using ask_curve from card-util.c.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agoagent,scd: Use pointer to represent HANDLE.
NIIBE Yutaka [Tue, 27 Mar 2018 07:24:17 +0000 (16:24 +0900)]
agent,scd: Use pointer to represent HANDLE.

* agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
* scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Tue, 27 Mar 2018 06:48:00 +0000 (08:48 +0200)]
Merge branch 'STABLE-BRANCH-2-2' into master

3 weeks agoagent: Make the request origin a part of the cache items.
Werner Koch [Tue, 27 Mar 2018 06:40:58 +0000 (08:40 +0200)]
agent: Make the request origin a part of the cache items.

* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.

* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto.  Take RESTRICTED into account.
(agent_get_cache): Ditto.
--

If requests are coming from different sources they should not share the
same cache.  This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.

GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <wk@gnupg.org>
3 weeks agogpg: Auto-fix a broken trustdb with just the version record.
Werner Koch [Mon, 26 Mar 2018 16:20:16 +0000 (18:20 +0200)]
gpg: Auto-fix a broken trustdb with just the version record.

* g10/tdbio.c (get_trusthashrec): Create hashtable on error.

GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
3 weeks agogpg: Pass CTRL arg to get_trusthashrec.
Werner Koch [Mon, 26 Mar 2018 16:06:43 +0000 (18:06 +0200)]
gpg: Pass CTRL arg to get_trusthashrec.

* g10/tdbio.c (get_trusthashrec): Add arg CTRL.
(tdbio_search_trust_byfpr): Ditto.
(tdbio_search_trust_bypk): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 weeks agogpg: Return better error codes in case of a too short trustdb.
Werner Koch [Mon, 26 Mar 2018 15:43:40 +0000 (17:43 +0200)]
gpg: Return better error codes in case of a too short trustdb.

* g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
(tdbio_new_recnum): Never return on error.
(lookup_hashtable): Print a more descriptive error in case of !TABLE.
--

Also: tdbio_new_recnum had a bug in that it returned an error code and
not a record number in the error case.  The function is expected to
always return a valid new record number.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 weeks agogpg: Fix trustdb updates without lock held.
Werner Koch [Mon, 26 Mar 2018 14:57:04 +0000 (16:57 +0200)]
gpg: Fix trustdb updates without lock held.

* g10/tdbio.c (is_locked): Turn into a counter.
(take_write_lock, release_write_lock): Implement recursive locks.
--

On trustdb creation we have this call sequence:

  init_trustdb                 -> takes lock
    tdbio_set_dbname
      create_version_record
       tdbio_write_record
         put_record_into_cache -> takes lock
         put_record_into_cache -> releases lock
  init_trustdb                 -> releases lock

The second take lock does noting but the first release lock has
already released the lock and the second release lock is a thus a NOP.
This is likely the cause for the corrupted trustdb as reported in

GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
3 weeks agogpg: Disable unused code parts in tdbio.c
Werner Koch [Mon, 26 Mar 2018 14:26:46 +0000 (16:26 +0200)]
gpg: Disable unused code parts in tdbio.c

* g10/tdbio.c (in_transaction): Comment this var.
(put_record_into_cache): Comment the transaction code.
(tdbio_sync): Ditto

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agosm: Add OPTION request-origin.
Werner Koch [Fri, 23 Mar 2018 14:07:56 +0000 (15:07 +0100)]
sm: Add OPTION request-origin.

* sm/server.c: Include shareddefs.h.
(option_handler): Add option.
--

This is required when running gpgsm in server mode as done by GPGME.
Noet that a command line option takes precedence.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agogpg,sm: New option --request-origin.
Werner Koch [Fri, 23 Mar 2018 08:06:20 +0000 (09:06 +0100)]
gpg,sm: New option --request-origin.

* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agoagent: New OPTION pretend-request-origin
Werner Koch [Fri, 23 Mar 2018 07:14:58 +0000 (08:14 +0100)]
agent: New OPTION pretend-request-origin

* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--

This allows to pretend that a request originated from the extra or
browser socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agobuild: Fix the manual source field.
NIIBE Yutaka [Fri, 23 Mar 2018 06:16:16 +0000 (15:16 +0900)]
build: Fix the manual source field.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 weeks agogpg: Implement --dry-run for --passwd.
Werner Koch [Thu, 22 Mar 2018 09:23:00 +0000 (10:23 +0100)]
gpg: Implement --dry-run for --passwd.

* g10/keyedit.c (change_passphrase): Take care of --dry-run.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agoscd: Support KDF DO setup.
NIIBE Yutaka [Thu, 22 Mar 2018 06:50:31 +0000 (15:50 +0900)]
scd: Support KDF DO setup.

* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
* g10/card-util.c (gen_kdf_data, kdf_setup): New.
(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
* scd/app-openpgp.c (do_getattr): Emit KDF capability.

--

GnuPG-bug-id: 3823
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 weeks agodoc: Typo fix in comment.
Werner Koch [Wed, 21 Mar 2018 18:45:31 +0000 (19:45 +0100)]
doc: Typo fix in comment.

--

4 weeks agogpg: Fix out-of-bound read in subpacket enumeration
Werner Koch [Thu, 15 Mar 2018 07:44:52 +0000 (08:44 +0100)]
gpg: Fix out-of-bound read in subpacket enumeration

* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
the type octet.  Print diagnostic.
--

If the final subpacket has only a length header evaluating to zero and
missing the type octet, a read could happen right behind the buffer.
Valgrind detected this.  Fix is obvious.  Note that the further
parsing of the subpacket is still okay because it always checks the
length.  Note further that --list-packets uses a different code path
and already reported an error.

Reported-by: Philippe Antoine
He provided a test file copied below.  Running "gpg -v --verify" on it
triggered the bug.

-----BEGIN PGP ARMORED FILE-----
Comment: Use "gpg --dearmor" for unpacking

kA0DAAoBov87N383R0QBrQJhYgZsb2wucHlaqTVWYnl0ZXMgPSBbMHg1LCAweDY0
LCAweDRjLCAweGM0LCAweDMsIDB4MCwgMHg0LCAweDAsIDB4YWMsIDB4YSwgMHhj
MSwgMHhjMSwgMHgyLCAweDEsIDB4MiwgMHg3LCAweDQwLCAweDIsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDJkLCAweGRkLCAweDIs
IDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4NzcsIDB4ODcsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHg3NywgMHg4NywgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4Miwg
MHgyLCAweDIsIDB4MiwgMHgyLCAweDc3LCAweDg3LCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MCwgMHhhZF0KCmZvciBpIGluIHJhbmdlKGxl
bihieXRlcykpOgogICAgaWYgaSUxNiA9PSAwOgogICAgICAgIHByaW50CiAgICAg
ICAgcHJpbnQgIiUwNngiICUgaSwKICAgIHByaW50ICIlMDJ4ICIgJSBieXRlc1tp
XSwKiQJNBAABCgAeFiEEU+Y3aLjDLA3x+9Epov87N383R0QFAlqpNVYAAAoJEKL/
Ozd/N0dElccP/jBAcFHyeMl7kop71Q7/5NPu3DNULmdUzOZPle8PVjNURT4PSELF
qpJ8bd9PAsO4ZkUGwssY4Kfb1iG5cR/a8ADknNd0Cj9/QA2KMVNmgYtReuttAjvn
hQRm2VY0tvDCVAPI/z8OnV/NpOcbk8kSwE+shLsP7EwqL5MJNMXKqzm1uRxGNYxr
8TNuECo3DO64O2NZLkMDXqq6lg+lSxvDtXKxzKXgVC+GMtOE56lDwxWLqr39f9Ae
Pn0q2fVBKhJfpUODeEbYSYUp2hhmMUIJL/ths9MvyRZ9Z/bHCseFPT58Pgx6g+MP
q+iHnVZEIVb38XG+rTYW9hvctkRZP/azhpa7eO8JAZuFNeBGr4IGapwzFPvQSF4B
wBXBu0+PPrV9VJVe98P4nw2xcuJmkn6mgZhRVYSqDIhY64bSTgQxb/pdtGwrTjtL
WoUKVI+joLRPnDmwexH9+QJCB+uA6RsN/LqsQfDseyr40Z6dHJRqWGgP3ll6iZgw
WF768uiIDJD8d4fegVnkpcH98Hm0I/dKsMR1MGV/sBxYC8mAOcOWwSPNGDqPlwwR
eWPdr1O6CoYEWwiZMicSe0b5TsjB5nkAWMy7c9RyhtMJzCQ/hFpycpj0A0Zs+OGa
eJQMZZV0s8AQZ04JzoX0zRpe0RcTyJn3Tr6QGbVi9tr+QdKHFuDMUqoX
=qYZP
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agoChange license of argparse.c back to LGPLv2.1
Werner Koch [Wed, 21 Mar 2018 08:15:13 +0000 (09:15 +0100)]
Change license of argparse.c back to LGPLv2.1

* common/argparse.c, common/argparse.h: Change license

--

On 2011-09-30 the license of these two files were changed from
LGPLv2.1 to LGPLv3+/GPLv2+.  This was part of a general change from
files with either GPLv3+ or LGPv2.1+ to this combination so to allow
the use of these files with GPLv2only code.

Since then the code was only modified by employees of g10 Code GmbH
under my direction and myself.  The following changes

  commit 7249ab0f95d1f6cb8ee61eefedc79801bb56398f
  Author:     Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  AuthorDate: Tue Jan 10 15:59:36 2017 -0500

  commit eed16ccebf8fd1fdf9709affbd5c831f6957b8ae
  Author:     Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  AuthorDate: Fri Nov 21 17:04:42 2014 -0500

and a few typo fixes are minor and thus not copyright-able.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agoscd: signal mask should be set just after npth_init.
NIIBE Yutaka [Mon, 19 Mar 2018 07:36:30 +0000 (16:36 +0900)]
scd: signal mask should be set just after npth_init.

* scd/scdaemon.c (setup_signal_mask): New.
(main): Call setup_signal_mask.
(handle_connections): Remove signal mask setup.

--

For new thread, signal mask is inherited by thread creation.
Thus, it is best to setup signal mask just after npth_init.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agoscd: Better user interaction for factory-reset.
NIIBE Yutaka [Fri, 16 Mar 2018 02:27:33 +0000 (11:27 +0900)]
scd: Better user interaction for factory-reset.

* g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
Connect the card again at the last step.

--

Before the change, a user has to quit the session to continue.  Now,
it is possible to type RET in the session and see if it's really done.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agoscd: Fix suspend/resume handling for CCID driver.
NIIBE Yutaka [Thu, 15 Mar 2018 14:59:22 +0000 (23:59 +0900)]
scd: Fix suspend/resume handling for CCID driver.

* scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
to see if it's suspend/resume.

--

Upon suspend/resume, LIBUSB_TRANSFER_NO_DEVICE is returned, since all
URBs are cancelled.  We need to see if it's real NODEV error or its by
suspend/resume.  We can distinguish by sending URB again.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agoscd: After fatal error, shutdown a reader.
NIIBE Yutaka [Tue, 13 Mar 2018 03:53:49 +0000 (12:53 +0900)]
scd: After fatal error, shutdown a reader.

* scd/apdu.c (pcsc_send_apdu): Notify main loop after
fatal errors.

--

GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agoscd: Fix for GNU/Linux suspend/resume.
NIIBE Yutaka [Tue, 13 Mar 2018 03:05:57 +0000 (12:05 +0900)]
scd: Fix for GNU/Linux suspend/resume.

* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.

--

Normally SIGCONT or SIGUSR2 works for unblocking pselect.  But on my
machine with GNU/Linux, when a machine is suspend/resume-ed, pselect
keeps blocked, while signal itself is delivered.

It's better to use pipe.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agoscd: Fix typo in previous commit.
NIIBE Yutaka [Mon, 12 Mar 2018 01:17:05 +0000 (10:17 +0900)]
scd: Fix typo in previous commit.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agodoc: Register DCOs for Ben McGinnes and James Bottomley
Werner Koch [Fri, 9 Mar 2018 09:41:44 +0000 (10:41 +0100)]
doc: Register DCOs for Ben McGinnes and James Bottomley

--

6 weeks agoscd: More fix with PC/SC for Windows.
NIIBE Yutaka [Thu, 8 Mar 2018 23:56:50 +0000 (08:56 +0900)]
scd: More fix with PC/SC for Windows.

* scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS.
Add debug log.

--

GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agoscd: Fix status check when using PC/SC.
NIIBE Yutaka [Thu, 8 Mar 2018 07:51:51 +0000 (16:51 +0900)]
scd: Fix status check when using PC/SC.

* scd/apdu.c (struct reader_table_s): Add field of current_state.
(new_reader_slot): Initialize current_state.
(pcsc_get_status): Keep the status in READER_TABLE array.
Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
* scd/scdaemon.c (handle_connections): Silence a warning.

--

To detect some change of card status, including suspend/resume
possibly, SCardGetStatusChange should be used keeping the
dwCurrentState field.

This change could improve situation for suspend/resume with Yubikey on
Windows.  Even not, this is doing the Right Thing.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agogpg: Fix build on Windows.
NIIBE Yutaka [Thu, 8 Mar 2018 05:08:51 +0000 (14:08 +0900)]
gpg: Fix build on Windows.

--

WIN32_LEAN_AND_MEAN is required to avoid definitions of grp1, grp2,
and grp3 in dlgs.h, which is included by windows.h.

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agodoc: man page grammar
Ben McGinnes [Tue, 6 Mar 2018 23:28:48 +0000 (10:28 +1100)]
doc: man page grammar

--
Fixed two grammatical errors: their vs. there and oneself vs. one
(one's self would still be too stilted).

6 weeks agoMerge branch 'STABLE-BRANCH-2-2' into wk-master
Werner Koch [Tue, 6 Mar 2018 15:26:26 +0000 (16:26 +0100)]
Merge branch 'STABLE-BRANCH-2-2' into wk-master

6 weeks agoagent: Also evict cached items via a timer.
Werner Koch [Tue, 6 Mar 2018 15:22:42 +0000 (16:22 +0100)]
agent: Also evict cached items via a timer.

* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--

This change mitigates the risk of having cached items in a post mortem
dump.

GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Fix regression in last --card-status patch
Werner Koch [Thu, 1 Mar 2018 18:10:10 +0000 (19:10 +0100)]
gpg: Fix regression in last --card-status patch

--

Sorry, I accidentally pushed the last commit without having amended it
with this fix.

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Print the keygrip with --card-status
Werner Koch [Thu, 1 Mar 2018 18:03:23 +0000 (19:03 +0100)]
gpg: Print the keygrip with --card-status

* g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
grp3.
* g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
(learn_status_cb): Parse KEYPARIINFO int the grpX fields.
* g10/card-util.c (print_keygrip): New.
(current_card_status): Print "grp:" records or with --with-keygrip a
human readable keygrip.
--

Suggested-by: Peter Lebbing <peter@digitalbrains.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpgconf, w32: Allow UNC paths
Andre Heinecke [Wed, 28 Feb 2018 15:29:56 +0000 (16:29 +0100)]
gpgconf, w32: Allow UNC paths

* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.

--
The homedir of GnuPG on Windows can be on a network share
e.g. if %APPDATA% is redirected to a network share. The
file API calls work and GnuPG itself works nicely
with such paths so gpgconf should work with them, too.

GnuPG-Bug-Id: T3818
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
7 weeks agogpg: Avoid writing a zero length last chunk in AEAD mode.
Werner Koch [Wed, 28 Feb 2018 08:31:39 +0000 (09:31 +0100)]
gpg: Avoid writing a zero length last chunk in AEAD mode.

* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
(write_final_chunk): Do not increase chunkindex.
(do_flush): Call set_nonce_and_ad immediately before the first
encryption of a chunk.  Bump up the chunkindex after writing the tag.
(do_free): Do not insert a zero length last chunk.
* g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
--

This fixes a bug in writing a zero length last chunk right before the
final chunk (which has by design a zero length).  We also need to
adjust the decryption part because that assumed this zero length last
chunk.

Note that we use the term "last chunk" for the chunk which directly
precedes the "final chunk" which ends the entire encryption.

GnuPG-bug-id: 3774
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Merge two functions in cipher-aead.c
Werner Koch [Wed, 28 Feb 2018 07:36:46 +0000 (08:36 +0100)]
gpg: Merge two functions in cipher-aead.c

* g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ...
(set_nonce_and_ad): new function.
(write_auth_tag): Print error message here.
(do_flush): Rename var newchunk to finalize.
--

There is no need to have separate functions here.  We should also
print a error message for writing the final tag.

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Simplify the AEAD decryption function.
Werner Koch [Tue, 27 Feb 2018 20:11:20 +0000 (21:11 +0100)]
gpg: Simplify the AEAD decryption function.

* g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ...
(aead_set_nonce_and_ad): new single function.  Change callers.
(decrypt_data): Do not set the nonce and ad here.
(aead_underflow): Get rid of the LAST_CHUNK_DONE hack.
--

The main change here is that we now re-init the context only right
before we decrypt and not after a checktag.

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Factor common code out of the AEAD decryption function.
Werner Koch [Tue, 27 Feb 2018 18:50:54 +0000 (19:50 +0100)]
gpg: Factor common code out of the AEAD decryption function.

* g10/decrypt-data.c (aead_underflow): Factor reading and checking
code code out to ...
(fill_buffer, aead_checktag): new functions.
--

Here is a simple test script to check against a set of encrypted files
with naming convention like "symenc-aead-eax-c6-56.asc"

# ------------------------ >8 ------------------------
set -e
GPG=../g10/gpg
for file in "$@"; do
  echo "${file##*/}" | ( IFS=- read dummy1 dummy2 mode cbyte len rest
  len="${len%.*}"
  cbyte="${cbyte#c}"
  [ "$dummy1" != "symenc" -o "$dummy2" != "aead" ] && continue
  echo "checking mode=$mode chunkbyte=$cbyte length=$len"
  if ! $GPG --no-options --rfc4880bis --batch --passphrase "abc" \
             -d < $file >tmp.plain 2>/dev/null; then
      echo "Decryption failed for $file" >&2
      exit 2
  fi
  plainlen=$(wc -c <tmp.plain)
  if [ $plainlen -ne $len ]; then
      echo "Plaintext length mismatch for $file (want=$len have=$plainlen)" >&2
      exit 2
  fi

  )
done
echo "all files are okay" >&2
# ------------------------ 8< ------------------------

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Rename cipher.c to cipher-cfb.c
Werner Koch [Tue, 27 Feb 2018 12:57:24 +0000 (13:57 +0100)]
gpg: Rename cipher.c to cipher-cfb.c

* g10/cipher.c: Rename to ...
* g10/cipher-cfb.c: this.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agogpg: Fix corner cases in AEAD encryption.
Werner Koch [Tue, 27 Feb 2018 12:53:52 +0000 (13:53 +0100)]
gpg: Fix corner cases in AEAD encryption.

* g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
index if the previous chunk was empty.
* g10/decrypt-data.c (aead_underflow): Likewise.  Also handle a other
corner cases.  Add more debug output.
--

GnuPG-bug-id: 3774

This fixes the reported case when the encrypted data is a multiple of
the chunk size.  Then the chunk index for the final chunk was wrongly
incremented by 2.  The actual fix makes use of the fact that the
current dfx->CHUNKLEN is 0 in this case.  There is also some other
reorganizing to help with debugging.  The thing seems to work now but
the code is not very clean - should be reworked.  Creating test files
can be done with this script:

--8<---------------cut here---------------start------------->8---
csize=6
for len in 0 55 56 57; do
   awk </dev/null -v i=$len 'BEGIN{while(i){i--;printf"~"}}' \
     | gpg --no-options -v --rfc4880bis --batch --passphrase "abc" \
           --s2k-count 1025 --s2k-digest-algo sha256 -z0 \
           --force-aead --aead-algo eax --cipher aes -a \
           --chunk-size $csize -c >symenc-aead-eax-c$csize-$len.asc
done
--8<---------------cut here---------------end--------------->8---

A LEN of 56 triggered the bug which can be seen by looking at the
"authdata:" line in the --debug=crypt,filter output.

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agogpg: Try to mitigate the problem of wrong CFB symkey passphrases.
Werner Koch [Fri, 23 Feb 2018 09:49:19 +0000 (10:49 +0100)]
gpg: Try to mitigate the problem of wrong CFB symkey passphrases.

* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo.
--

GnuPG-bug-id: 3795
Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agodirmngr: Handle failures related to missing IPv6 gracefully
Michał Górny [Wed, 31 Jan 2018 15:57:19 +0000 (16:57 +0100)]
dirmngr: Handle failures related to missing IPv6 gracefully

* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
error codes.

--
Handle the two possible connect failures related to missing IPv6 support
gracefully by marking the host dead and retrying with another one.
If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL.
If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT.
This makes it possible to use dual-stack hkp servers on hosts not having
IPv6 without random connection failures.

GnuPG-bug-id: 3331

--

The above description seems to be for Linux, so it is possible that
other systems might behave different.  However, it is worth to try
this patch.

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agodoc: Fix recently introduced typo in gpgsm.texi.
Werner Koch [Thu, 22 Feb 2018 15:39:52 +0000 (16:39 +0100)]
doc: Fix recently introduced typo in gpgsm.texi.

--

8 weeks agobuild: Update swdb tags and include release info from 2.2.5
Werner Koch [Thu, 22 Feb 2018 15:34:36 +0000 (16:34 +0100)]
build: Update swdb tags and include release info from 2.2.5

8 weeks agoMerge branch 'STABLE-BRANCH-2-2'
Werner Koch [Thu, 22 Feb 2018 15:19:56 +0000 (16:19 +0100)]
Merge branch 'STABLE-BRANCH-2-2'

8 weeks agoPost release updates.
Werner Koch [Thu, 22 Feb 2018 15:10:20 +0000 (16:10 +0100)]
Post release updates.

--

8 weeks agoRelease 2.2.5 gnupg-2.2.5
Werner Koch [Thu, 22 Feb 2018 14:32:36 +0000 (15:32 +0100)]
Release 2.2.5

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agogpg: Don't let gpg return failure on an invalid packet in a keyblock.
Werner Koch [Thu, 22 Feb 2018 13:23:01 +0000 (14:23 +0100)]
gpg: Don't let gpg return failure on an invalid packet in a keyblock.

* g10/keydb.c (parse_keyblock_image): Use log_info instead of
log_error for skipped packets.
* g10/keyring.c (keyring_get_keyblock): Ditto.
--

log_info should be sufficient and makes this more robust.  Some
tools (e.g. Enigmail) are too picky on return codes from gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agog10: Select a secret key by checking availability under gpg-agent.
NIIBE Yutaka [Tue, 26 Sep 2017 02:02:05 +0000 (11:02 +0900)]
g10: Select a secret key by checking availability under gpg-agent.

* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
by agent_probe_secret_key.
(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.

--

GnuPG-bug-id: 1967
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6)

8 weeks agodoc: Clarify -export-secret-key-p12
Werner Koch [Thu, 22 Feb 2018 09:24:24 +0000 (10:24 +0100)]
doc: Clarify -export-secret-key-p12

--

GnuPG-bug-id: 3788
Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agobuild: Update autogen.sh to set a git PATCH prefix.
Werner Koch [Wed, 21 Feb 2018 17:03:59 +0000 (18:03 +0100)]
build: Update autogen.sh to set a git PATCH prefix.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agobuild: Update autogen.sh
Werner Koch [Wed, 21 Feb 2018 16:56:40 +0000 (17:56 +0100)]
build: Update autogen.sh

--

Now installs a git patch prefix.

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agodoc: Add extra hint on unattended use of gpg.
Werner Koch [Wed, 21 Feb 2018 09:17:20 +0000 (10:17 +0100)]
doc: Add extra hint on unattended use of gpg.

--

2 months agowks: Add special mode to --install-key.
Werner Koch [Tue, 20 Feb 2018 14:23:19 +0000 (15:23 +0100)]
wks: Add special mode to --install-key.

* tools/gpg-wks-client.c (get_key_status_parm_s)
(get_key_status_cb, get_key): Move to ...
* tools/wks-util.c: ...here.
(get_key): Rename to wks_get_key.
* tools/gpg-wks-server.c: Include userids.h.
(command_install_key): Allow use of a fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agowks: Implement server command --install-key.
Werner Koch [Tue, 20 Feb 2018 10:45:58 +0000 (11:45 +0100)]
wks: Implement server command --install-key.

* tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
* tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
(write_to_file): New.
(check_and_publish): Factor some code out to ...
(compute_hu_fname): ... new.
(command_install_key): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agowks: Support alternative submission address.
Werner Koch [Tue, 20 Feb 2018 08:00:00 +0000 (09:00 +0100)]
wks: Support alternative submission address.

* tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'.
* tools/wks-util.c (wks_parse_policy): Parse that field.
(wks_free_policy): New.
* tools/gpg-wks-client.c (command_send): Also try to take the
submission-address from the policy file.  Free POLICY.
* tools/gpg-wks-server.c (process_new_key): Free POLICYBUF.
(command_list_domains): Free POLICY.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agospeedo: Use --enable-wks-tools for non-W32 builds.
Werner Koch [Tue, 20 Feb 2018 07:57:28 +0000 (08:57 +0100)]
speedo: Use --enable-wks-tools for non-W32 builds.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agospeedo: Add new option STATIC=1
Werner Koch [Mon, 19 Feb 2018 09:51:27 +0000 (10:51 +0100)]
speedo: Add new option STATIC=1

--

This can be used to build GnuPG with static versions of the core
gnupg libraries.  For example:

 make -f build-aux/speedo.mk STATIC=1 SELFCHECK=0 \
     INSTALL_PREFIX=/somewhere/gnupg22  native

The SELFCHECK=0 is only needed to build from a non-released version.
You don't need it with a released tarball.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agokbx: Fix detection of corrupted keyblocks on 32 bit systems.
Werner Koch [Thu, 15 Feb 2018 10:17:28 +0000 (11:17 +0100)]
kbx: Fix detection of corrupted keyblocks on 32 bit systems.

* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
checking.
(blob_cmp_fpr_part): Ditto.
(blob_cmp_name): Ditto.
(blob_cmp_mail): Ditto.
(blob_x509_has_grip): Ditto.
(keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
(keybox_get_cert): Ditto.
--

On most 32 bit systems size_t is 32 bit and thus the check

  size_t cert_off = get32 (buffer+8);
  size_t cert_len = get32 (buffer+12);
  if (cert_off+cert_len > length)
    return gpg_error (GPG_ERR_TOO_SHORT);

does not work as intended for all supplied values.  The simplest
solution here is to cast them to 64 bit.

In general it will be better to avoid size_t at all and work with
uint64_t.  We did not do this in the past because uint64_t was not
universally available.

GnuPG-bug-id: 3770
Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agogpg: Fix reversed messages for --only-sign-text-ids.
NIIBE Yutaka [Thu, 15 Feb 2018 05:22:06 +0000 (14:22 +0900)]
gpg: Fix reversed messages for --only-sign-text-ids.

* g10/keyedit.c (keyedit_menu): Fix messages.

--

GnuPG-bug-id: 3787
Fixes-commit: a74aeb5dae1f673fcd98b39a6a0496f3c622709a
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agoagent: Avoid appending a '\0' byte to the response of READKEY
Katsuhiro Ueno [Wed, 7 Feb 2018 09:52:37 +0000 (18:52 +0900)]
agent: Avoid appending a '\0' byte to the response of READKEY

* agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
without an extra '\0' byte.

2 months agosm: Fix minor memory leak in --export-p12.
Werner Koch [Wed, 14 Feb 2018 13:54:51 +0000 (14:54 +0100)]
sm: Fix minor memory leak in --export-p12.

* sm/export.c (gpgsm_p12_export): Free KEYGRIP.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agosm: Fix a wrong key parameter in an exported private key file
Katsuhiro Ueno [Wed, 7 Feb 2018 09:46:54 +0000 (18:46 +0900)]
sm: Fix a wrong key parameter in an exported private key file

* sm/export.c (sexp_to_kparms): Fix the computation of array[6],
which must be 'd mod (q-1)' but was 'p mod (q-1)'.
--

This bug is not serious but makes some consistency checks fail.
For example, 'openssl rsa -check' reports the following error:

$ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX
$ openssl rsa -check -noout -inform DER -in my.key
RSA key error: dmq1 not congruent to d

--
Let me(wk) add this:

This bug was introduced with
Fixes-commit: 91056b1976bfb7b755e53b1302f4ede2b5cbc05d
right at the start of GnuPG 2.1 in July 2010.  Before that (in 2.0) we
used gpg-protect-tool which got it right.  We probably never noticed
this because gpgsm, and maybe other tools too, fix things up during
import.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agoRegister DCO for Jussi.
Werner Koch [Wed, 14 Feb 2018 13:01:36 +0000 (14:01 +0100)]
Register DCO for Jussi.

--

Also sorted the list.

2 months agocommon: Use new function to print status strings.
Werner Koch [Wed, 14 Feb 2018 11:21:23 +0000 (12:21 +0100)]
common: Use new function to print status strings.

* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2 months agoscd: Improve KDF-DO support
Arnaud Fontaine [Thu, 8 Feb 2018 18:03:08 +0000 (19:03 +0100)]
scd: Improve KDF-DO support

* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.

--

Length check added by gniibe.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
2 months agoscd: Fix handling for Data Object with no data.
NIIBE Yutaka [Mon, 12 Feb 2018 09:56:58 +0000 (18:56 +0900)]
scd: Fix handling for Data Object with no data.

* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.

--

When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent.  Now, it returns NULL for both
cases.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agodoc: Add compliance de-vs to gpgsm in vsnfd.prf
Andre Heinecke [Fri, 9 Feb 2018 08:45:28 +0000 (09:45 +0100)]
doc: Add compliance de-vs to gpgsm in vsnfd.prf

* doc/examples/vsnfd.prf: Set complaince mode for gpgsm.

2 months agoscd: Use pipe to kick the loop on NetBSD.
NIIBE Yutaka [Wed, 7 Feb 2018 03:43:07 +0000 (12:43 +0900)]
scd: Use pipe to kick the loop on NetBSD.

* configure.ac (HAVE_PSELECT_NO_EINTR): New.
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.

--

On NetBSD, signal to the same process cannot unblock pselect,
with unknown reason.  Use pipe instead, for such systems.

GnuPG-bug-id: 3778
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agogpg: Fix packet length checking in symkeyenc parser.
Werner Koch [Tue, 6 Feb 2018 16:34:08 +0000 (17:34 +0100)]
gpg: Fix packet length checking in symkeyenc parser.

* g10/parse-packet.c (parse_symkeyenc): Move error printing to the
end.  Add additional check to cope for the 0je extra bytes needed for
AEAD.
--

Fixes-commit: 9aab9167bca38323973e853845ca95ae8e9b6871
GnuPG-bug-id: 3780