1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9713 Commits

Author SHA1 Message Date
NIIBE Yutaka
1d8c3a5fb2 build: Require libgpg-error >= 1.46.
* configure.ac (NEED_GPGRT_VERSION): Require 1.46.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-07 08:58:52 +09:00
NIIBE Yutaka
599831264a Remove debug code.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-08-01 14:14:15 +09:00
NIIBE Yutaka
6e5d70b648 Add call to GetNamedPipeClientProcessId for newer Windows.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-08-01 12:31:29 +09:00
NIIBE Yutaka
c0a3748979 Support specifying the pipe name by the option.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-08-01 11:59:43 +09:00
NIIBE Yutaka
30df964607 Simplify the access control.
PIPE_REJECT_REMOTE_CLIENTS would be enough.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-28 15:56:33 +09:00
NIIBE Yutaka
eb8725b195 Fix for return value of ConnectNamedPipe.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-28 13:22:12 +09:00
NIIBE Yutaka
6f9bb301b7 Implement the procedure to handle requests from client.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-27 18:56:17 +09:00
NIIBE Yutaka
f057a71e7f Initial experiment for NamedPipe on Windows.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-27 13:12:02 +09:00
Werner Koch
1735b5ffa8
doc: Minor typo fix
--

GnuPG-bug-id: 6092
2022-07-26 10:51:38 +02:00
Werner Koch
8a63a8c825
wkd: Fix path traversal attack on gpg-wks-server.
* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.
2022-07-25 10:21:44 +02:00
NIIBE Yutaka
2791169aa9 build: Update gpg-error.m4.
* gpg-error.m4: Update from libgpg-error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-22 13:24:35 +09:00
NIIBE Yutaka
7e44f88366 build: Update config.guess, config.sub, and config.rpath.
* build-aux/config.guess: Update from upstream.
* build-aux/config.sub: Ditto.
* build-aux/config.rpath: Update from gettext 0.21.

--

GnuPG-bug-id: 6078
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-18 17:48:34 +09:00
NIIBE Yutaka
f34b9147eb scd:openpgp: Fix workaround for Yubikey heuristics.
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.

--

GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-13 10:40:55 +09:00
Werner Koch
95651d1a4f
Post release updates
--
2022-07-11 13:39:39 +02:00
Werner Koch
bc5328f511
Release 2.3.7 gnupg-2.3.7 2022-07-11 12:18:10 +02:00
Werner Koch
1d5bf0050e
gpg-connect-agent: No help string for --unbuffered
--
2022-07-10 16:18:28 +02:00
NIIBE Yutaka
424aa3543d gpg,build: Fix message for newer gettext.
* g10/keyserver.c (keyserver_refresh): Use ngettext.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-05 13:27:41 +09:00
Werner Koch
15a8834b0b
gpgconf: New short options -V and -X
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
--

These changes are helpful for phone support.
2022-06-29 13:14:35 +02:00
NIIBE Yutaka
8aa9f80be0 agent: Add description for "Prompt" field.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-28 10:37:35 +09:00
NIIBE Yutaka
39422f1d63 agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".
* agent/command-ssh.c: Fix comments.
* agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check.

--

GnuPG-bug-id: 5996
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-28 10:25:03 +09:00
Werner Koch
ae2f1f0785
agent: Do not consider --min-passphrase-len for the magic wand.
* agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets.
* g10/gpg.c (main) <aGenRandom>: Add Level 30.
2022-06-27 18:06:40 +02:00
NIIBE Yutaka
99d2931887 agent: Flush before calling ftruncate.
* agent/findkey.c (write_extended_private_key): Make sure
it is flushed out.

--

GnuPG-bug-id: 6035
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-23 11:05:51 +09:00
NIIBE Yutaka
26d5a6e862 agent: KEYATTR only allows access to attribute.
* agent/command.c (cmd_keyattr): Check the ATTRNAME.

--

GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-23 09:57:26 +09:00
NIIBE Yutaka
2c47c66627 agent: Fix KEYATTR command for --delete option.
* agent/command.c (cmd_keyattr): Write the result.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-23 09:23:47 +09:00
NIIBE Yutaka
30b54a0ebb agent: Add KEYATTR command.
* agent/agent.h (agent_raw_key_from_file): Add R_KEYMETA argument.
(agent_update_private_key): New.
* agent/command-ssh.c (data_sign): Follow the change of the function
agent_raw_key_from_file.
* agent/command.c (do_one_keyinfo): Likewise.
(cmd_keyattr): New.
(register_commands): Add an entry of cmd_keyattr.
* agent/findkey.c (agent_update_private_key): New.
(agent_raw_key_from_file): Add R_KEYMETA argument.

--

GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-22 15:45:18 +09:00
NIIBE Yutaka
fe535cf265 agent,gpg,tools: Fix use of log_get_fd.
* agent/call-daemon.c (daemon_start): Don't put file descriptor from
log_get_fd to no_close_list.
* agent/call-pinentry.c (start_pinentry): Likewise.
* common/call-gpg.c (start_gpg): Likewise.
* call-syshelp.c (start_syshelp): Likewise.
* tools/gpg-connect-agent.c (main): Likewise.

--

GnuPG-bug-id: 5921
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-22 13:34:06 +09:00
Werner Koch
52f9e13c0c
sm: Improve pkcs#12 debug output.
* sm/minip12.c (parse_shrouded_key_bag): Fix offset diagnostic.
(parse_cert_bag): Ditto.
(parse_bag_data): Remove debug output.  Pass startoffset.  Fix offset
diagnostic.
2022-06-20 17:24:55 +02:00
Werner Koch
a4e04375e8
sm: Rework the PKCS#12 parser to support DFN issued keys.
* sm/minip12.c (struct p12_parse_ctx_s): New.  Use this instead of
passing several parameters to most functions.
(parse_pag_data): Factor things out to  ...
parse_shrouded_key_bag): new.
(parse_cert_bag): New.
(parse_bag_data): New.
(p12_parse): Setup the parse context.
--

To support newer pkcs#12 files like those issued by the DFN we need to
support another ordering of data elements.  This rework reflects the
P12 data structure a bit better than our old ad-hoc hacks.  Tests could
only be done with the certificate parts and not the encrypted private
keys.

GnuPG-bug-id: 6037
2022-06-20 16:47:41 +02:00
Werner Koch
be5d06dae2
agent: Improve "Insert the card" message.
* agent/findkey.c (prompt_for_card): Don't print "(null").
2022-06-17 12:23:40 +02:00
Werner Koch
2766b9e56c
agent,ssh: Fix for make not-inserted OpenPGP.3 keys available for SSH.
* agent/command-ssh.c (ssh_send_available_keys):  Do not bump
key_counter for ignored keys.  Also use opt.debug instead of
opt.verbose and fix a memory leak.
--

The error shown by "ssh-add -l" before this fix was:
  error fetching identities: incomplete messag

Fixes-commit: 193fcc2f7a8cca5240ce50499c54f99235a87e1c
GnuPG-bug-id: 5996
2022-06-15 16:41:30 +02:00
Werner Koch
1530d04725
agent: New option --no-user-trustlist and --sys-trustlist-name.
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here.  Implement --no-user-trustlist.
--

With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt.  However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.

The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.

GnuPG-bug-id: 5990
2022-06-14 14:25:21 +02:00
Werner Koch
34c649b360
g10: Fix garbled status messages in NOTATION_DATA
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--

Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong.  Fixed by always using a break to
terminate the escape detection loop.  Might have happened for all
status lines which may wrap.

GnuPG-bug-id: T6027
2022-06-14 11:34:17 +02:00
Jakub Jelen
4dbef2addc keygen: Fix reading AEAD preference
* g10/keygen.c (keygen_set_std_prefs): Use the right variable when
  reading AEAD preference string
--

GnuPG-bug-id: 6019
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-06-14 15:37:15 +09:00
Werner Koch
fb3fd553df
dirmngr: Fix a wrong compiler warning.
--

  validate.c:1103:13: warning: ‘saltlen’ may be used uninitialized
  in this function [-Wmaybe-uninitialized]
2022-06-13 17:54:01 +02:00
Werner Koch
f0b373cec9
gpgsm: New option --compatibility-flags.
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.
2022-06-13 17:50:26 +02:00
Werner Koch
ce63eaa4f8
common: New function parse_compatibility_flags.
* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--

This is similar to parse_debug_flags but does not support specifying a
value.  This way we can more easily change the internal values or
re-use them for other purposes.
2022-06-13 17:50:26 +02:00
NIIBE Yutaka
dd600bbc84 scd: Support specifying keygrip for learn command.
* scd/command.c (cmd_learn): Allow keygrip argument.

--

GnuPG-bug-id: 6002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-10 13:54:03 +09:00
NIIBE Yutaka
273b8ec193 scd,openpgp: Support READCERT by keygrip.
* scd/app-openpgp.c (do_readcert): Allow use of keygrip.

--

GnuPG-bug-id: 6002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-10 11:45:26 +09:00
Werner Koch
59c481bb86
common,w32: Use LoadLibraryEx to fix a warning in mingw.
* common/dynload.h (dlopen): Use LoadLibraryEx and remove Windows CE
support.
--

Mingw's libloadapi.h has no prototype for LoadLibrary.  Thus we use
LoadLibraryEx which is available Since Windows XP.
2022-06-03 11:11:28 +02:00
Werner Koch
4ee2009083
w32: Allow Unicode filenames for iobuf_cancel.
* common/iobuf.c (iobuf_cancel): Use gnupg_remove
* common/mischelp.c (same_file_p): Allow for Unicode names.
--

Note that the second patch is used to handle Unicode filenames which
are symbolic links.
2022-06-03 10:54:35 +02:00
Werner Koch
d2d7a2b128
Remove remaining support for WindowsCE
--
2022-06-03 10:08:21 +02:00
Werner Koch
d89557fe95
tools: Minor fix to gpg-connect-agent options.
* tools/gpg-connect-agent.c (enum cmd_and_opt_values): Move
oUnBuffered more to the top so that oNoop won't not get the value 'v'.
2022-06-02 15:56:59 +02:00
NIIBE Yutaka
d7a3c455c5 agent: Support --format=ssh option for READKEY.
* agent/command.c (cmd_readkey): Handle --format=ssh to return key
in SSH format.

--

GnuPG-bug-id: 6012
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-02 20:47:36 +09:00
NIIBE Yutaka
5a327e8001 tools: Add a way to cancell INQUIRE for gpg-connect-agent.
* tools/gpg-connect-agent.c (handle_inquire): When the helper program
exit status is not 0, it means cancellation, now.

--

GnuPG-bug-id: 6010
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-02 15:50:57 +09:00
NIIBE Yutaka
24d02b8a32 tools: Add --unbuffered option to gpg-connect-agent.
* tools/gpg-connect-agent.c (cmd_and_opt_values): Add oUnBuffered.
(opts, opt): Likewise.
(main): When unbuffered, set gpgrt_stdin/stdout accordingly.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-02 13:21:14 +09:00
Werner Koch
3a2fb1c306
scd:nks: Don't flag the ESIGN keypair EF as encryption capable.
* scd/app-nks.c (filelist): Tweak 0x4531.
--

Actually the certificate has no encryption usage but we should also
tell that via KEYINFO so that this key is never tried to create an
encryption certificate.
2022-06-01 17:55:49 +02:00
Werner Koch
b92b3206e7
scd:nks: Some code cleanup.
* scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ...
(parse_keyref): new.
(do_readcert): Use new function instead of partly duplicated code.
Make detection of keygrip more robust.
(do_readkey): Make detection of keygrip more robust.
(do_with_keygrip): Use get_nks_tag.
--

Also added a couple of comments.
2022-06-01 17:52:42 +02:00
Werner Koch
07eaf006c2
scd:nks: Support the Telesec ESIGN application.
* scd/app-nks.c (find_fid_by_keyref): Disable the cache for now.
(readcert_from_ef): Considere an all zero certificate as not found.
(do_sign): Support ECC and the ESIGN application.
--

This allows me to create qualified signatures using my Telesec card.
There is of course more work to do but this is the first step.

Note: The design of the FID cache needs to be reconsidered.  Until
that the lookup here has been disabled.  The do_sign code should be
revamped to be similar to what we do in app-p15.

GnuPG-bug-id: 5219, 4938
2022-05-29 15:55:26 +02:00
Werner Koch
7aabd94b81
gpg: Setup the 'usage' filter property for export.
* g10/export.c (do_export_stream): Merge the key to get the properties
ready.
--

This makes

  gpg --export --export-filter 'drop-subkey=usage=~a'

(Export all subkeys but those with the auth usage)
work without using the workaound of adding
--export-options export-clean
2022-05-28 17:38:13 +02:00
NIIBE Yutaka
9f1dcfc7a7 agent: New field "Prompt" to prevent asking card key insertion.
* agent/findkey.c (prompt_for_card): Add "Prompt" field handling.

--

GnuPG-bug-id: 5987
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-27 09:59:54 +09:00