1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-15 00:29:49 +02:00
Commit Graph

10025 Commits

Author SHA1 Message Date
Werner Koch
1a85ee9a43
gpg: New export option "mode1003".
* agent/command.c (cmd_export_key): Add option --mode1003.
(command_has_option): Ditto.
* g10/build-packet.c (do_key): Implement mode 1003.
* g10/parse-packet.c (parse_key): Ditto.
* g10/options.h (EXPORT_MODE1003): New.o
* g10/call-agent.c (agent_export_key): Add arg mode1003.
* g10/export.c (parse_export_options): Add "mode1003"
(secret_key_to_mode1003): New.
(receive_seckey_from_agent): Add arg mode1003.
(do_export_one_keyblock): Pass option down.
--

This option allows to export a secret key in GnuPG's native format.
Thus no re-encryption is required and further the public key parameters
are also authenticated if a protection passphrase has been used.

Note that --import is not yet able to handle this new mode.  Although
old version of GnuPG will bail out with "invalid packet" if a mode1003
exported secret key is seen.
2022-12-02 10:09:58 +01:00
Werner Koch
1d88e14de7
gpg: Remove a mostly duplicated function.
* g10/export.c (receive_seckey_from_agent): Add arg r_key.
(do_export_one_keyblock): Pass NULL for new arg.
(receive_raw_seckey_from_agent): Remove.
(export_secret_ssh_key): Use receive_seckey_from_agent.
* g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.
2022-12-02 10:09:58 +01:00
NIIBE Yutaka
0a93b5b96a
tests: Simplify fake-pinentry to use the option only.
* tests/openpgp/fake-pinentry.c (parse_pinentry_user_data): New.
(main): Don't use PINENTRY_USER_DATA env var.

--

Since environment variable is unreliable, use the option only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-02 16:55:49 +09:00
NIIBE Yutaka
7c6b014d3b
tests: Fix fake-pinentry for Windows.
* tests/openpgp/fake-pinentry.c (main): Override PINENTRY_USER_DATA,
by the option.

--

In the Assuan implementation for Windows, spawn function doesn't call
the atfork callback.  Thus, the environment variable is not updated by
gpg-agent when it spawns pinentry.  Reliable way is the interaction
to override the option.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-02 16:16:07 +09:00
NIIBE Yutaka
7663fdd983
tests: Fix make check-all.
* Makefile.am (TESTS_ENVIRONMENT): Add GNUPG_IN_TEST_SUITE.

--

Fixes-commit: 50d12860ef
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-02 09:58:51 +09:00
Werner Koch
e094616cb7
agent: Fix import of protected v5 keys.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Take care of
version 5 keys.
--

GnuPG-bug-id: 6294
2022-12-01 10:12:21 +01:00
Werner Koch
2d8ac55d26
gpgsm: Change default algo to AES-256.
* sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change.
2022-12-01 10:12:21 +01:00
NIIBE Yutaka
1b434111a1
tests: Put a workaround for semihosted environment.
* tests/openpgp/defs.scm [*win32*]: Use --build-prefix option.

--

On the semihosted environment, output of simple gpgconf
--list-components includes drive name (like Z:), which results failure
of command invocation.  This is a workaround.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 17:11:32 +09:00
NIIBE Yutaka
594c3274d6
tests: More fix for semihosted environment.
* common/all-tests.scm: Conditionalize by *win32*.
* tests/cms/Makefile.am (GPGSM): Add missing GPGSM.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Add EXEEXT.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 17:09:45 +09:00
NIIBE Yutaka
f182c284fb
tests: Support semihosted environment.
* Makefile.am (check-all): Add EXEEXT.
* agent/all-tests.scm: Append EXEEXT.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 13:59:06 +09:00
NIIBE Yutaka
a9a1ee8726
tests: Fix tests under cms.
* tests/cms/all-tests.scm: Remove merge mistake.

--

Fixes-commit: 1246e16432
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 10:33:20 +09:00
NIIBE Yutaka
e1e26a49bf
tests,w32: Fix for semihosted environment.
* tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Add EXEEXT.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 09:21:41 +09:00
NIIBE Yutaka
50c6515360
w32: Fix for tests on semihosted environment.
* Makefile.am (all-local): Make links with EXEEXT.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-30 16:50:10 +09:00
NIIBE Yutaka
8e8971403f
w32: Fix gnupg_unsetenv.
* common/sysutils.c (gnupg_unsetenv): Don't use nonstandard extension
of "NAME", but "NAME=".

--

Microsoft implementation of putenv works to remove an environment
variable by "NAME=".

POSIX doesn't say that putenv with "NAME=" has same effect.  GNU
implementation doesn't support this way for removal of environment
variable.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-30 15:56:03 +09:00
NIIBE Yutaka
de0c563f29
doc: Deprecate scd-event option of scdaemon.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-30 11:47:01 +09:00
NIIBE Yutaka
97cbb507fa
w32: Fix spawn functions for Windows for _fd use case.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-30 11:35:41 +09:00
NIIBE Yutaka
bd062b1dbd
w32: Use call back when ASFW is needed.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-30 11:05:15 +09:00
NIIBE Yutaka
f9af139685
posix: factor out call_spawn_cb.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-30 10:03:29 +09:00
Werner Koch
c3f9f2d497
wkd: New option --add-revocs and some fixes.
* tools/gpg-wks.h (opt): Add add_revocs.
* tools/wks-util.c (wks_get_key): Add arg 'binary'.
(wks_armor_key): New.
(wks_find_add_revocs): New.
(wks_cmd_install_key): Get key in binary mode and add revocations if
enabled.
* tools/gpg-wks-client.c (oAddRevocs): New.
(opts): Add --add-revocs.
(parse_arguments): Set option,
(command_send): Get key in binary mode, add revocations if enabled,
and explictly armor key.  Remove kludge to skip the Content-type line
in no_encrypt mode.

(mirror_one_keys_userid): Always filter the key to get rid of the
armor as received from dirmngr.  Add revocations from the local
keyring.
--

Note that this also fixes an oddity of the new mirror command which
used to store the keys armored as received from dirmngr.
2022-11-29 17:17:50 +01:00
Werner Koch
fbc52f5501
doc: Comment typo fix
--
2022-11-29 15:28:35 +01:00
NIIBE Yutaka
236a8a3cfb
common: Support new spawn functions for Windows.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-29 19:27:15 +09:00
Werner Koch
34fafa50f1
wkd: Make use of --debug extprog.
* tools/wks-util.c (debug_gpg_invocation): New.
(get_key_status_cb): Enable debug output.
(wks_get_key): Show gpg invocation.
(wks_list_key): Ditto.
(wks_filter_uid): Ditto.
2022-11-29 10:43:54 +01:00
Werner Koch
c985b52e71
gpg: New export-filter export-revocs
* g10/options.h (EXPORT_REVOCS): New.
* g10/export.c (export_select_filter): New.
(struct export_filter_attic_s): Add field.
(cleanup_export_globals): Cleanup.
(parse_export_options): Add option "export-revocs".
(parse_and_set_export_filter): Parse the select type.
(do_export_revocs): New.
(do_export_stream): Add a way to select things for export.
2022-11-28 12:44:02 +01:00
NIIBE Yutaka
a4698d0fb2
gpg: Fix double-free in gpg --card-edit.
* g10/card-util.c (change_name): Don't free ISONAME here.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-28 16:59:21 +09:00
Werner Koch
2aacd843ad
gpg: Make --require-compliance work with out --status-fd
* g10/mainproc.c (proc_encrypted): Set complaince_de_vs also if
require-compliance is set.
--

Without this fix require-compliance would fail if no --status-fd was
used.
2022-11-28 08:21:59 +01:00
NIIBE Yutaka
588f353db1
Replace gnupg_spawn_process_detached for POSIX.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-28 13:55:50 +09:00
NIIBE Yutaka
be35640db3
tests: Replace spawn-process by process-spawn.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-28 13:45:38 +09:00
NIIBE Yutaka
8bd75655cb
tests: Replace spawn_process_fd functions by the new spawn_process.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-28 13:12:07 +09:00
NIIBE Yutaka
b35c3980c1
Tweak the spawn API, again for POSIX.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-28 13:10:48 +09:00
NIIBE Yutaka
60b6cfe71f
posix: Fix for spawn_cb.
--

Fixes: 7571fd4cd0
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-28 09:43:24 +09:00
Werner Koch
1324dc3490
gpg: New option --list-filter
* g10/gpg.c (oListFilter): New.
(opts): Add --list-filter.
(main): Parse oListFilter.
* g10/keylist.c: Include init.h and recsel.h.
(struct list_filter_s, list_filter): New.
(release_list_filter): New.
(cleanup_keylist_globals): New.
(parse_and_set_list_filter): New.
(list_keyblock): Implement --list-filter type "select".

* g10/import.c (impex_filter_getval): Add scope support and new
property names "key-size", "algostr", "origin", "lastupd", and "url".
--

This option is pretty useful to select keys based on their properties.
The scope thing can be sued to limit a selection to just the primary
key or to subkeys.  For example:

  gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519'

Lists all non-revoked keys with an ed25519 (signing)-subkey.
2022-11-25 16:04:54 +01:00
NIIBE Yutaka
7571fd4cd0
Change spawn_cb semantics.
--

So that the callback can replace fds for stdin/out/err.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-25 20:10:31 +09:00
Werner Koch
d70779bdc6
dirmngr: Silence ocsp debug output.
* dirmngr/ocsp.c (check_signature_core): No debug output
--

Also typo and doc fixes.
2022-11-25 09:26:30 +01:00
NIIBE Yutaka
202d7b47e7
Replace other use cases of gnupg_spawn_process_fd.
--

 by gnupg_process_spawn

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-25 13:18:17 +09:00
NIIBE Yutaka
62496e9f30
Support gnupg_process_spawn with R_PROC=NULL.
--

The use case of system(3) call.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-25 13:04:57 +09:00
NIIBE Yutaka
af4a6fff0d
Fix gnupg_process_release.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-25 12:04:54 +09:00
NIIBE Yutaka
d579fa1b04
Replace pipe+gnupg_spawn_process_fd by gnupg_process_spawn.
--

For g13.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-25 10:57:11 +09:00
NIIBE Yutaka
2227411d77
Replace pipe+gnupg_spawn_process_fd by gnupg_process_spawn.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-25 10:20:25 +09:00
NIIBE Yutaka
1246e16432
tests: Fix to support --enable-all-tests and variants.
* tests/gpgscm/tests.scm (test::scm): Add VARIANT argument.
(tests::new): Likewise.
(open-log-file, report): Support VARIANT.
* tests/gpgme/all-tests.scm (setup-c, setup-py): Follow the change.
* tests/cms/all-tests.scm: Likewise.
* tests/cms/run-tests.scm: Likewise.
* tests/migrations/all-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/all-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.

--

Forward port from 2.2 branch of:
	0fd7a90207

Fixes-commit: 1c88104a3f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-24 15:57:25 +09:00
NIIBE Yutaka
7071f30762
tests:w32: Fix for non-dot file name for Windows.
* tests/migrations/from-classic.scm (assert-migrated): Handle the case
on Windows.

--

Forward port from 2.2 branch of:
	754175a46d

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-24 11:46:36 +09:00
NIIBE Yutaka
7fe524e182
tests:gpgscm:w32: Fix for GetTempPath.
* tests/gpgscm/ffi.c (do_get_temp_path): Remove the last backslash.

--

Forward port from 2.2 branch of:
	9a75460652

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-24 11:45:46 +09:00
NIIBE Yutaka
1372b17731
tests: Keep .log files in objdir.
* tests/gpgscm/tests.scm (open-log-file): Keep the log file in objdir.

--

Forward port from 2.2 branch of:
	1c88104a3f

Before the change, it is at ephemeral temp directory which is removed.
This is not useful at all.  Possibly, it was done before the introduce
of ephemeral temp directory for each test and not changed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-24 11:45:11 +09:00
NIIBE Yutaka
7ab2e4386f
tests: Use 233 for invalid value of FD.
* tests/openpgp/issue2941.scm: Use 233.

--

Forward port from 2.2 branch of:
	43722438a8

On Windows machine (emulated by Wine), 23 may be valid value for
handle.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-24 11:43:44 +09:00
NIIBE Yutaka
ce5bed2800
w32: Fix gnupg_tmpfile for possible failure.
* common/sysutils.c (gnupg_tmpfile): Use different value for next
attempt.

--

The resolution of system timer is typically in the range of 10
milliseconds to 16 milliseconds.  Thus, before the change, it may
fail.  Actually, it failed with Wine emulation.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-18 19:23:09 +09:00
NIIBE Yutaka
f5eb3710b4
try to control inherited HANDLE for new Windows.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-18 14:29:13 +09:00
Werner Koch
9f7ff43672
scd: Redact --debug cardio output of a VERIFY APDU.
* scd/apdu.c (pcsc_send_apdu) [DBG_CARD_IO]: Detect and redact a
VERIFY.
(send_apdu_ccid): Ditto.
--

This should handle the most common case.
GnuPG-bug-id: 5085
2022-11-17 14:33:18 +01:00
NIIBE Yutaka
4736debd01
change the semantics of spawn_cb routine.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-17 15:16:03 +09:00
NIIBE Yutaka
729951f4c2
common,tools,dirmngr: Introduce gnupg_process_spawn.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-17 14:12:51 +09:00
NIIBE Yutaka
18a3ce1c9b
common: Remove Windows CE support in common.
* common/Makefile.am (HAVE_W32CE_SYSTEM): Remove conditional build.
(common_sources): Remove exechelp-w32ce.c.
* common/asshelp.c [HAVE_W32CE_SYSTEM]: Remove the support.
* common/common-defs.h [HAVE_W32CE_SYSTEM]: Likewise.
* common/dotlock.c [HAVE_W32CE_SYSTEM]: Likewise.
* common/exechelp-posix.c [HAVE_W32CE_SYSTEM]: Likewise.
* common/exechelp-w32.c [HAVE_W32CE_SYSTEM]: Likewise.
* common/gettime.c [HAVE_W32CE_SYSTEM]: Likewise.
* common/exechelp-w32ce.c: Remove.
* po/POTFILES.in: Update to remove common/exechelp-w32ce.c.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-16 10:05:37 +09:00
Werner Koch
f5c3f13609
gpgsm: Fix colon outout of ECC encryption certificates
* sm/keylist.c (print_capabilities): Add arg algo and use it to check
for ECC capabilities.
(list_cert_colon): Call with algo.
--

This will mark certificates with only keyAgreement usage correctly in
the --with-colons listing.
2022-11-15 16:31:46 +01:00