1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-21 10:09:57 +01:00

10705 Commits

Author SHA1 Message Date
Werner Koch
8cbcac89fe
gpg: Do not show RENC if no key capabilities are found for a key.
* g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New.
* g10/getkey.c (merge_selfsigs_subkey): Mask the default.
(merge_selfsigs_main): Ditto.
2024-06-05 10:01:44 +02:00
Werner Koch
9d618d1273
gpg: Print designated revokers also in a standard listing.
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--

Designated revokers were only printed in --with-colons mode.  For
quick inspection of a key it is useful to see them right away.
2024-06-05 10:01:43 +02:00
Werner Koch
465ea9116d
gpg: Autoload designated revoker key and ADSK when needed.
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--

The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.

GnuPG-bug-id: 7133
2024-06-05 10:01:36 +02:00
Werner Koch
068ebb6f1e
gpg: Implement the LDAP AKL method.
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove.  It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--

The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.
2024-06-04 18:02:02 +02:00
Werner Koch
04ce6765f4
gpg: Rename functions with an "fprint" part to "fpr"
--

The fprint is too uncommon in our code base and to similar to fprintf.
2024-06-04 15:27:41 +02:00
NIIBE Yutaka
8624482160
common:w32: Fix INEXTRA handling.
* common/exectool.c (gnupg_exec_tool_stream): On Windows, it's
HANDLE which a child process inherits.

--

GnuPG-bug-id: 7139
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-04 14:53:10 +09:00
Werner Koch
ed118e2ed5
gpg: New option --default-new-key-adsk.
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
2024-06-03 18:52:06 +02:00
Werner Koch
d2dca58338
common: New function tokenize_to_strlist.
* common/strlist.c (append_to_strlist_try): Factor code out to ...
(do_append_to_strlist): new.
(tokenize_to_strlist): New.

* common/t-strlist.c (test_tokenize_to_strlist): New.
2024-05-31 17:36:41 +02:00
Daniel Kahn Gillmor
42b0e9558a
indent: Fix spelling
--

These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.

With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.

GnuPG-bug-id: 7116
2024-05-31 12:28:32 +02:00
Werner Koch
253a701ed7
g13: Adjust for changed gnupg_process_spawn.
* g13/be-encfs.c (run_umount_helper): Adjust gnupg_process_spawn.
(run_encfs_tool): Ditto:
2024-05-31 12:28:30 +02:00
NIIBE Yutaka
fc3fde1bde
spawn: Remove spawn callback, introduce gnupg_spawn_actions.
* common/exechelp-posix.c (call_spawn_cb): Remove.
(gnupg_spawn_actions_new, gnupg_spawn_actions_release)
(gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork)
(gnupg_spawn_actions_set_redirect)
(gnupg_spawn_actions_set_inherit_fds): New.
(my_exec, spawn_detached): Use spawn actions.
(gnupg_spawn_helper): Remove.
(gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions.
* common/exechelp-w32.c: Ditto.
* common/exechelp.h: Ditto.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change of
gnupg_process_spawn API.
* common/asshelp.c (start_new_service): Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* common/t-exechelp.c (test_pipe_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Likewise.
* scd/app.c (report_change): Likewise.
* tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd):
Likewise.
* tools/gpg-card.c (cmd_gpg): Likewise.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise.
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-31 15:36:39 +09:00
NIIBE Yutaka
34045ed9e1
common: Fix process termination check at release.
* src/exechelp-posix.c (gnupg_process_release): When NOT terminated,
terminate and wait.
* src/exechelp-w32.c (gnupg_process_release): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-30 13:39:31 +09:00
NIIBE Yutaka
aedeef6acf
m4: Update from each library.
* m4/ksba.m4: Update from its master.
* m4/libassuan.m4: Ditto.
* m4/libgcrypt.m4: Ditto.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-30 13:36:58 +09:00
Jakub Jelen
9adaa79ab4
gpg-auth: Fix use after free.
* tools/gpg-auth.c (ssh_authorized_keys): Move free after printing error
message.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
2024-05-28 17:19:37 +02:00
Jakub Jelen
dcb0b6fd48
gpgsm: Avoid double free when checking rsaPSS signatures.
* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.

--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
2024-05-28 17:15:03 +02:00
Werner Koch
28c705a3be
gpgsm: Silence a lint warning
* sm/keydb.c (keydb_search): Init skipped.
--

Skipped is not actually used.
This is part of
GnuPG-bug-id: 7129
Reported-by: Jakub Jelen <jjelen@redhat.com>
2024-05-28 17:08:12 +02:00
Jakub Jelen
4c1b007035
scd: Avoid buffer overrun with more than 16 PC/SC readers.
* scd/apdu.c (apdu_dev_list_start): Fix end condition.

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

This is part of
GnuPG-bug-id: 7129
Fixes-commit: e8534f899915a039610973a84042cbe25a5e7ce2
2024-05-28 16:57:58 +02:00
Jakub Jelen
379fc5569d
agent: Avoid uninitialized access in GENKEY command on parameter error.
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

This is part of
GnuPG-bug-id: 7129
2024-05-28 16:50:59 +02:00
Werner Koch
bdbf5cee2f
agent: Avoid double free of empty string in the PIN caching.
* agent/call-scd.c (handle_pincache_get): Set PIN to NULL.  Also add
DBG_CACHE conditionals and don't return the pin in the debug output.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
2024-05-28 16:44:18 +02:00
Werner Koch
fdc5003956
agent: Make sure to return success in ephemeral store mode.
* agent/genkey.c (store_key): Clear ERR on success.
--

This fixes a real problem which might let ephemeral store mode fail
randomly.

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
2024-05-28 16:37:25 +02:00
Werner Koch
021c27510b
wks: Make sure that ERR is always initialized.
* tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case
the loop is never run.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
2024-05-28 13:54:57 +02:00
Werner Koch
bcc002cd45
gpg: Avoid a double free on error in the key generation.
* g10/keygen.c (card_store_key_with_backup): Avoid double free and
simplify error handling.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
2024-05-28 13:46:45 +02:00
Werner Koch
d631c8198c
tpm: Improve error handling and check returned lengths.
* tpm2d/command.c (cmd_pkdecrypt): Handle unknown algo.  Also slightly
rework error handling.
* tpm2d/tpm2.c (sexp_to_tpm2_public_ecc): Check length before checking
for 0x04.  Rework error handling.
(tpm2_ObjectPublic_GetName): Check the return value of
TSS_GetDigestSize before use.  Erro handling rework.
(tpm2_SensitiveToDuplicate): Ditto.
(tpm2_import_key): Ditto.
* tpm2d/intel-tss.h (TSS_Hash_Generate): Check passed length for
negative values.  Check return value of TSS_GetDigestSize.  Use
dedicated 16 bit length variable.
--

These are reworked and improved fixes as reported in
GnuPG-bug-id: 7129
2024-05-28 12:57:44 +02:00
Werner Koch
2e4b1f7850
tpm: Do not use fprintf for logging.
* tpm2d/intel-tss.h (TSS_Create): Replace fprintf logging by
log_error.
2024-05-28 11:52:04 +02:00
Werner Koch
610a452bb5
scd:openpgp: Add new vendor.
--
2024-05-22 10:47:45 +02:00
Werner Koch
cdc798db5c
tools: Fix help output for gpg-authcode-sign.sh
--
2024-05-22 10:45:49 +02:00
Werner Koch
287e717b55
Merge branch 'STABLE-BRANCH-2-4' into master
--
Fixed conflicts in:
	NEWS
	g10/call-agent.c
	g10/options.h
	kbx/kbxutil.c
	tools/gpgconf.c
2024-05-16 09:46:36 +02:00
Werner Koch
5355d08855
card: Fix compiler warning.
* tools/gpg-card.h (opt): Make gpg_program, gpgsm_program, and
agent_program const.
2024-05-16 09:34:52 +02:00
Werner Koch
7f661aa129
kbx: Use standard function to setup gcrypt logging in kbxutil.
* kbx/kbxutil.c (main): Use setup_libgcrypt_logging.
(my_gcry_logger): Remove.
2024-05-16 09:34:46 +02:00
Werner Koch
758cd4ccfc
po: Enable Dutch translation
--

Although it is largely outdated, it does not harm too much.
GnuPG-bug-id: 7120
2024-05-16 09:24:14 +02:00
NIIBE Yutaka
6b2ebc36a9
scd:openpgp: Robust Data Object handling for constructed case.
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.

--

Cherry-pick master commit of:
	35ef87d8d9db42c3077996317781986a692552cc

GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-16 09:42:47 +09:00
NIIBE Yutaka
0eefa08295
gpg: Allow no CRC24 checksum in armor.
* g10/armor.c (radix64_read): Detect the end of armor when
there is no CRC24 checksum.

--

Cherry-pick master commit of:
	3a344d6236521d768793e8b34a96a18ce13bab0e

GnuPG-bug-id: 7071
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-16 09:42:39 +09:00
Werner Koch
3bbfcab606
Update NEWS
--
2024-05-15 12:31:33 +02:00
Werner Koch
b36e557c5b
gpg: Terminate key listing on output write error.
* g10/keylist.c (list_all): Handle error from list_keyblock.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock): Detect write error, print, and return it.
(list_keyblock_direct): Return error from list_keyblock.
* g10/import.c (import_one_real): Break on listing error.
--

Test by using
  gpg -k >/dev/full

GnuPG-bug-id: 6185
2024-05-15 09:56:40 +02:00
NIIBE Yutaka
e0543f97be
tpm2d: Use BYTE type to acces TPM2B object.
* tpm2d/tpm2.c (tpm2_SensitiveToDuplicate): Don't use the cast
of (TPM2B *).

--

While it works (since the actual access is done by the macros),
compiler may complain the alignment property of type BYTE * and TPM2B
object is different.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-15 15:27:20 +09:00
NIIBE Yutaka
0cb7f6fbb7
common: Remove unused function.
* common/exechelp-posix.c (my_error): Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-15 11:57:49 +09:00
NIIBE Yutaka
14534e72e1
dirmngr: Fix a call of calloc.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Fix arguments.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-14 15:48:45 +09:00
Werner Koch
351fc6e6fa
gpg: Algo "kyber" is now a shortcut for ky768_bp256.
* g10/keygen.c (parse_key_parameter_part): Change Kyber defaults.
--

Also kyber1024 is now a shortcut for ky1024_bp384.  This change is to
align it with the original wussler draft.
2024-05-06 10:47:01 +02:00
Werner Koch
473f37a53e
scd:piv: Support listing of retired keys with KEYINFO.
* scd/app-piv.c (data_objects): Mark returned key as having a keypair.
(do_with_keygrip): Check against encrusage and not used one tag.

* tools/gpg-card.c (piv_keyref_is_retired): New.
(list_all_kinfo): Pretty print retired keys.
--

This allows to list all existing retired keys without using separate
readkey commands.
2024-05-06 09:48:20 +02:00
Werner Koch
467239dccb
speedo: Update the instructions to use the gnupg26 tag.
--
2024-05-02 21:13:32 +02:00
Werner Koch
f415d96fac
gpg: Add a notation to Kyber encryption subkeys
* g10/keygen.c (struct opaque_data_usage_and_pk): New.
(do_add_notation): New.
(keygen_add_key_flags_from_oduap): New.
(write_keybinding): Prepare for de-vs cplimance notation.  Add a
notation to Kyber subkeys.
--

This code is based on the 2.2
commit b284412786d71c1cf382e1dff3a36ec6cce11556
However the de-vs notation is currently ineffective as long as
Libgcrypt won't claim compliance.

The new notation fips203.ipd.2023-08-24 has been added to allow
detection of subkeys which have been crated with a pre-final FIPS203
spec for Kyber.
2024-05-02 21:11:55 +02:00
Werner Koch
516b530126
speedo: Change install directory for Windows
--

Given that we will build only 64 bit versions, we need to switch where
stuff is installed on Windows.
2024-04-26 15:17:49 +02:00
Werner Koch
c8a3b711f0
speedo: Do not use the gpg-error-config in the build system
--

With that installed we don't get proper suport for SYSROOT.
2024-04-26 15:17:49 +02:00
Werner Koch
c1d62418d5
speedo: Prepare for building 64 bit Windows versions.
--
2024-04-26 15:17:48 +02:00
Werner Koch
351f5e814b
speedo: Set gnupg_ver macro to gnupg26_ver.
--

Also fixed a syntax erro rin AUTHENTICODE_sign
2024-04-26 15:17:48 +02:00
NIIBE Yutaka
9128d81bb7
agent:kem:ecc: Support a key on smartcard.
* agent/agent.h (agent_card_ecc_kem): New.
* agent/divert-scd.c (agent_card_ecc_kem): New.
* agent/pkdecrypt.c (ecc_extract_pk_from_key): New.
(ecc_extract_sk_from_key): New.
(ecc_raw_kem, get_cardkey, ecc_get_curve): New.
(ecc_pgp_kem_decrypt): Support a key on smartcard for ECC.
(composite_pgp_kem_decrypt): Handle a case of a key on smartcard.
* common/sexputil.c (get_ecc_curve_from_key): New.
* common/util.h (get_ecc_curve_from_key): New.

--

GnuPG-bug-id: 7097
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-26 14:18:03 +09:00
Werner Koch
83e2dede0a
speedo: Use gpg-authcode-sign.sh and change archive label to v2.5.
--
2024-04-25 11:37:53 +02:00
Werner Koch
d3b41e7611
Install the new gpg-authcode-sign.sh script.
* tools/gpg-authcode-sign.sh: New.
* tools/Makefile.am (bin_SCRIPTS): Add that tool.
--

This script makes use of gpg anyway and thus it is best to have it
also installed with the gpg version used to cross-build our software.
The script was orginally developed for gpg4win.
2024-04-25 11:00:18 +02:00
NIIBE Yutaka
02b056ef77
agent:kem: Fix memory leaks.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Release shadow_info
memory.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 13:51:47 +09:00
NIIBE Yutaka
2593dcbceb
agent: Allow NULL for R_PADDING, when calling scd and tpm2d.
* agent/call-scd.c (padding_info_cb): Allow NULL.
(agent_card_pkdecrypt): Likewise.
* agent/divert-scd.c (divert_pkdecrypt): Likewise.
* agent/divert-tpm2.c (divert_tpm2_pkdecrypt): Likewise.

--

It's for RSA PKCD#1 encoding if the decrypt operation removes padding
or not.  When caller knows it's not RSA, this information is no use
and it is better to allow NULL with the variable R_PADDING.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-25 13:13:04 +09:00