[git] GnuPG - branch, master, updated. gnupg-2.1.19-78-g0b3770c
by Werner Koch
cvs at cvs.gnupg.org
Fri Mar 24 17:02:46 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 0b3770c421a35b64823a805fa8d49ddd5c653d50 (commit)
via 2c237c13628a88ba23742da34ea18d3e205d7c53 (commit)
via 6fab7bba879d7794e32112cf3eddd8d87130a5d7 (commit)
via 26086b362ff47d21b1abefaf674a6464bf0a8921 (commit)
from 2c9d9ac55ea455a5ec26428989dced0311ed46cc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0b3770c421a35b64823a805fa8d49ddd5c653d50
Author: Werner Koch <wk at gnupg.org>
Date: Fri Mar 24 11:51:44 2017 +0100
gpg: Improve check for already compressed packets.
* common/miscellaneous.c (is_openpgp_compressed_packet): New.
(is_file_compressed): Rerad 2 more bytes and call new function.
--
Note that this does not yet allow to detect compressed data piped to
gpg. This requires a proper read-ahead in iobuf.c which is
complicated due to the auto-removal of filter functions. Thus such an
read-ahead needs to be done in the I/O backend of iobuf.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/miscellaneous.c b/common/miscellaneous.c
index c988975..c9c603d 100644
--- a/common/miscellaneous.c
+++ b/common/miscellaneous.c
@@ -318,6 +318,50 @@ make_printable_string (const void *p, size_t n, int delim )
}
+/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
+ * packet. LEN should be at least 6. */
+static int
+is_openpgp_compressed_packet (unsigned char *buf, size_t len)
+{
+ int c, ctb, pkttype;
+ int lenbytes;
+
+ ctb = *buf++; len--;
+ if (!(ctb & 0x80))
+ return 0; /* Invalid packet. */
+
+ if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */
+ {
+ pkttype = (ctb & 0x3f);
+ if (!len)
+ return 0; /* Expected first length octet missing. */
+ c = *buf++; len--;
+ if (c < 192)
+ ;
+ else if (c < 224)
+ {
+ if (!len)
+ return 0; /* Expected second length octet missing. */
+ }
+ else if (c == 255)
+ {
+ if (len < 4)
+ return 0; /* Expected length octets missing */
+ }
+ }
+ else /* Old style CTB. */
+ {
+ pkttype = (ctb>>2)&0xf;
+ lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
+ if (len < lenbytes)
+ return 0; /* Not enough length bytes. */
+ }
+
+ return (pkttype == 8);
+}
+
+
+
/*
* Check if the file is compressed.
*/
@@ -325,8 +369,9 @@ int
is_file_compressed (const char *s, int *ret_rc)
{
iobuf_t a;
- byte buf[4];
- int i, rc = 0;
+ byte buf[6];
+ int i;
+ int rc = 0;
int overflow;
struct magic_compress_s {
@@ -347,12 +392,12 @@ is_file_compressed (const char *s, int *ret_rc)
return 0;
}
- if ( iobuf_get_filelength( a, &overflow ) < 4 && !overflow) {
+ if ( iobuf_get_filelength( a, &overflow ) < 6 && !overflow) {
*ret_rc = 0;
goto leave;
}
- if ( iobuf_read( a, buf, 4 ) == -1 ) {
+ if ( iobuf_read( a, buf, 6 ) == -1 ) {
*ret_rc = a->error;
goto leave;
}
@@ -361,11 +406,17 @@ is_file_compressed (const char *s, int *ret_rc)
if ( !memcmp( buf, magic[i].magic, magic[i].len ) ) {
*ret_rc = 0;
rc = 1;
- break;
+ goto leave;
}
}
-leave:
+ if (is_openpgp_compressed_packet (buf, 6))
+ {
+ *ret_rc = 0;
+ rc = 1;
+ }
+
+ leave:
iobuf_close( a );
return rc;
}
commit 2c237c13628a88ba23742da34ea18d3e205d7c53
Author: Werner Koch <wk at gnupg.org>
Date: Fri Mar 24 10:30:17 2017 +0100
agent: New option --enable-extended-key-format.
* agent/gpg-agent.c (oEnableExtendedKeyFormat): New const.
(opts): New option --enable-extended-key-format.
(parse_rereadable_options): Set option
* agent/findkey.c (write_extended_private_key): Add arg 'update'.
(agent_write_private_key): Implement new option.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/agent.h b/agent/agent.h
index 3b53ba4..01e675b 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -124,6 +124,9 @@ struct
passphrase change. */
int enable_passphrase_history;
+ /* If set the extended key format is used for new keys. */
+ int enable_extended_key_format;
+
int running_detached; /* We are running detached from the tty. */
/* If this global option is true, the passphrase cache is ignored
diff --git a/agent/findkey.c b/agent/findkey.c
index 4429b7a..0b2ddf1 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -52,23 +52,38 @@ struct try_unprotect_arg_s
};
+/* Note: Ownership of FNAME and FP are moved to this function. */
static gpg_error_t
-write_extended_private_key (char *fname, estream_t fp,
+write_extended_private_key (char *fname, estream_t fp, int update,
const void *buf, size_t len)
{
gpg_error_t err;
nvc_t pk = NULL;
gcry_sexp_t key = NULL;
int remove = 0;
- int line;
- err = nvc_parse_private_key (&pk, &line, fp);
- if (err)
+ if (update)
{
- log_error ("error parsing '%s' line %d: %s\n",
- fname, line, gpg_strerror (err));
- goto leave;
+ int line;
+
+ err = nvc_parse_private_key (&pk, &line, fp);
+ if (err && gpg_err_code (err) != GPG_ERR_ENOENT)
+ {
+ log_error ("error parsing '%s' line %d: %s\n",
+ fname, line, gpg_strerror (err));
+ goto leave;
+ }
}
+ else
+ {
+ pk = nvc_new_private_key ();
+ if (!pk)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ }
+ es_clearerr (fp);
err = gcry_sexp_sscan (&key, NULL, buf, len);
if (err)
@@ -111,8 +126,7 @@ write_extended_private_key (char *fname, estream_t fp,
bump_key_eventcounter ();
leave:
- if (fp)
- es_fclose (fp);
+ es_fclose (fp);
if (remove)
gnupg_remove (fname);
xfree (fname);
@@ -193,11 +207,19 @@ agent_write_private_key (const unsigned char *grip,
if (first != '(')
{
- /* Key is in extended format. */
- return write_extended_private_key (fname, fp, buffer, length);
+ /* Key is already in the extended format. */
+ return write_extended_private_key (fname, fp, 1, buffer, length);
+ }
+ if (first == '(' && opt.enable_extended_key_format)
+ {
+ /* Key is in the old format - but we want the extended format. */
+ return write_extended_private_key (fname, fp, 0, buffer, length);
}
}
+ if (opt.enable_extended_key_format)
+ return write_extended_private_key (fname, fp, 0, buffer, length);
+
if (es_fwrite (buffer, length, 1, fp) != 1)
{
gpg_error_t tmperr = gpg_error_from_syserror ();
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index c84dce7..49b10c1 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -111,6 +111,7 @@ enum cmd_and_opt_values
oCheckPassphrasePattern,
oMaxPassphraseDays,
oEnablePassphraseHistory,
+ oEnableExtendedKeyFormat,
oUseStandardSocket,
oNoUseStandardSocket,
oExtraSocket,
@@ -238,6 +239,7 @@ static ARGPARSE_OPTS opts[] = {
/* */ "@"
#endif
),
+ ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"),
/* Dummy options for backward compatibility. */
ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
@@ -790,6 +792,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.check_passphrase_pattern = NULL;
opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
opt.enable_passphrase_history = 0;
+ opt.enable_extended_key_format = 0;
opt.ignore_cache_for_signing = 0;
opt.allow_mark_trusted = 1;
opt.allow_external_cache = 1;
@@ -859,6 +862,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.enable_passphrase_history = 1;
break;
+ case oEnableExtendedKeyFormat:
+ opt.enable_extended_key_format = 1;
+ break;
+
case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index b72892c..ca9d469 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -571,6 +571,15 @@ local gpg-agent and use its private keys. This enables decrypting or
signing data on a remote machine without exposing the private keys to the
remote machine.
+ at anchor{option --enable-extended-key-format}
+ at item --enable-extended-key-format
+ at opindex enable-extended-key-format
+This option creates keys in the extended private key format. Changing
+the passphrase of a key will also convert the key to that new format.
+Using this option makes the private keys unreadable for gpg-agent
+versions before 2.1.12. The advantage of the extended private key
+format is that it is text based and can carry additional meta data.
+
@anchor{option --enable-ssh-support}
@item --enable-ssh-support
commit 6fab7bba879d7794e32112cf3eddd8d87130a5d7
Author: Werner Koch <wk at gnupg.org>
Date: Fri Mar 24 09:02:02 2017 +0100
agent: New option --stub-only for DELETE_KEY
* agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
* agent/command.c (cmd_delete_key): Add option --stub-only.
--
This option can be used to savely remove stub keys.
diff --git a/agent/agent.h b/agent/agent.h
index e98a246..3b53ba4 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -406,7 +406,8 @@ gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
int *r_keytype,
unsigned char **r_shadow_info);
gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text,
- const unsigned char *grip, int force);
+ const unsigned char *grip,
+ int force, int only_stubs);
/*-- call-pinentry.c --*/
void initialize_module_call_pinentry (void);
diff --git a/agent/command.c b/agent/command.c
index 79fb0ce..1f8f7c2 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2433,23 +2433,25 @@ cmd_export_key (assuan_context_t ctx, char *line)
static const char hlp_delete_key[] =
- "DELETE_KEY [--force] <hexstring_with_keygrip>\n"
+ "DELETE_KEY [--force|--stub-only] <hexstring_with_keygrip>\n"
"\n"
"Delete a secret key from the key store. If --force is used\n"
"and a loopback pinentry is allowed, the agent will not ask\n"
- "the user for confirmation.";
+ "the user for confirmation. If --stub-only is used the key will\n"
+ "only be deleted if it is a reference to a token.";
static gpg_error_t
cmd_delete_key (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
- int force;
+ int force, stub_only;
unsigned char grip[20];
if (ctrl->restricted)
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
force = has_option (line, "--force");
+ stub_only = has_option (line, "--stub-only");
line = skip_options (line);
/* If the use of a loopback pinentry has been disabled, we assume
@@ -2461,7 +2463,8 @@ cmd_delete_key (assuan_context_t ctx, char *line)
if (err)
goto leave;
- err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip, force );
+ err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip,
+ force, stub_only);
if (err)
goto leave;
diff --git a/agent/findkey.c b/agent/findkey.c
index a196fdc..4429b7a 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -1413,18 +1413,20 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
/* Delete the key with GRIP from the disk after having asked for
- confirmation using DESC_TEXT. If FORCE is set the function won't
- require a confirmation via Pinentry or warns if the key is also
- used by ssh.
-
- Common error codes are:
- GPG_ERR_NO_SECKEY
- GPG_ERR_KEY_ON_CARD
- GPG_ERR_NOT_CONFIRMED
-*/
+ * confirmation using DESC_TEXT. If FORCE is set the function won't
+ * require a confirmation via Pinentry or warns if the key is also
+ * used by ssh. If ONLY_STUBS is set only stub keys (references to
+ * smartcards) will be affected.
+ *
+ * Common error codes are:
+ * GPG_ERR_NO_SECKEY
+ * GPG_ERR_KEY_ON_CARD
+ * GPG_ERR_NOT_CONFIRMED
+ * GPG_ERR_FORBIDDEN - Not a stub key and ONLY_STUBS requested.
+ */
gpg_error_t
agent_delete_key (ctrl_t ctrl, const char *desc_text,
- const unsigned char *grip, int force)
+ const unsigned char *grip, int force, int only_stubs)
{
gpg_error_t err;
gcry_sexp_t s_skey = NULL;
@@ -1435,6 +1437,7 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
ssh_control_file_t cf = NULL;
char hexgrip[40+4+1];
char *default_desc = NULL;
+ int key_type;
err = read_key_file (grip, &s_skey);
if (gpg_err_code (err) == GPG_ERR_ENOENT)
@@ -1446,7 +1449,14 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
if (err)
goto leave;
- switch (agent_private_key_type (buf))
+ key_type = agent_private_key_type (buf);
+ if (only_stubs && key_type != PRIVATE_KEY_SHADOWED)
+ {
+ err = gpg_error (GPG_ERR_FORBIDDEN);
+ goto leave;
+ }
+
+ switch (key_type)
{
case PRIVATE_KEY_CLEAR:
case PRIVATE_KEY_OPENPGP_NONE:
commit 26086b362ff47d21b1abefaf674a6464bf0a8921
Author: Werner Koch <wk at gnupg.org>
Date: Thu Mar 23 09:38:19 2017 +0100
common: Implicitly do a gpgconf --create-socketdir.
* common/homedir.c (_gnupg_socketdir_internal): Create the
sub-directory.
--
Although there is no auto cleanup (yet) this should be helpful. Let's
see whether possibly leaving stale directories around is better than
running into trouble when --create-socketdir was not used.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/homedir.c b/common/homedir.c
index 3055a32..ee4438c 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -542,7 +542,7 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
/* If a non default homedir is used, we check whether an
* corresponding sub directory below the socket dir is available
- * and use that. We has the non default homedir to keep the new
+ * and use that. We hash the non default homedir to keep the new
* subdir short enough. */
if (non_default_homedir)
{
@@ -566,16 +566,27 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
goto leave;
}
- /* Stat that directory and check constraints. Note that we
- * do not auto create such a directory because we would not
- * have a way to remove it. Thus the directory needs to be
- * pre-created. The command
- * gpgconf --create-socketdir
- * can be used tocreate that directory. */
+ /* Stat that directory and check constraints.
+ * The command
+ * gpgconf --remove-socketdir
+ * can be used to remove that directory. */
if (stat (name, &sb))
{
if (errno != ENOENT)
*r_info |= 1; /* stat failed. */
+ else if (!skip_checks)
+ {
+ /* Try to create the directory and check again. */
+ if (gnupg_mkdir (name, "-rwx"))
+ *r_info |= 16; /* mkdir failed. */
+ else if (stat (prefix, &sb))
+ {
+ if (errno != ENOENT)
+ *r_info |= 1; /* stat failed. */
+ else
+ *r_info |= 64; /* Subdir does not exist. */
+ }
+ }
else
*r_info |= 64; /* Subdir does not exist. */
if (!skip_checks)
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 6 +++-
agent/command.c | 11 +++++---
agent/findkey.c | 76 +++++++++++++++++++++++++++++++++++---------------
agent/gpg-agent.c | 7 +++++
common/homedir.c | 25 ++++++++++++-----
common/miscellaneous.c | 63 +++++++++++++++++++++++++++++++++++++----
doc/gpg-agent.texi | 9 ++++++
7 files changed, 157 insertions(+), 40 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list