1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10241 Commits

Author SHA1 Message Date
NIIBE Yutaka
0eefa08295
gpg: Allow no CRC24 checksum in armor.
* g10/armor.c (radix64_read): Detect the end of armor when
there is no CRC24 checksum.

--

Cherry-pick master commit of:
	3a344d6236521d768793e8b34a96a18ce13bab0e

GnuPG-bug-id: 7071
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-16 09:42:39 +09:00
Werner Koch
3bbfcab606
Update NEWS
--
2024-05-15 12:31:33 +02:00
Werner Koch
7728a179e0
tests: Avoid new C23 keyword true.
* tests/asschk.c (eval_boolean): s/true/tru/
--

GnuPG-bug-is: 7093
2024-04-22 08:05:28 +02:00
Werner Koch
2a0a706eb2
gpg: Mark disabled keys and add show-ownertrust list option.
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".

* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--

Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
2024-04-17 12:57:53 +02:00
Werner Koch
967678d972
gpg: New command --quick-set-ownertrust.
* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
2024-04-17 12:56:19 +02:00
Werner Koch
b261478c06
agent: Fix error handling of READKEY.
* agent/command.c (cmd_readkey): Jump to leave on reading error.
--

Fixes-commit: d7a3c455c5e29b19b66772f86dda925064e34896
2024-04-05 14:45:05 +02:00
Werner Koch
548fd7bca7
gpg: Don't show the "fast path listing" diagnostic with --quiet.
* g10/call-agent.c (agent_probe_any_secret_key): Act on --quiet.
--

When using the extra-socket this disagnostic will be printed because a
listing of all secret keys is not allowed by a remote gpg.
2024-04-05 11:02:43 +02:00
Werner Koch
0b1f7427b3
gpg: Do not allow to accidently set the RENC usage.
* g10/keygen.c (print_key_flags): Print "RENC" if set.
(ask_key_flags_with_mask): Remove RENC from the possible set of
usages.  Add a direct way to set it iff the key is encryption capable.
--

This could be done by using "set your own capabilities" for an RSA
key.  In fact it was always set in this case.

GnuPG-bug-id: 7072
2024-04-04 16:39:14 +02:00
Werner Koch
98e287ba6d
gpgconf: Change layout of the gpgconf -X output.
* tools/gpgconf.c (list_dirs): Change the config mode output.
(my_copy_file): Adjust output for org-mode style.
(show_configs_one_file): Ditto.
(show_other_registry_entries): Ditto.
(show_registry_entries_from_file): Ditto.
(show_configs): Ditto.
2024-04-04 15:53:54 +02:00
Werner Koch
759adb2493
gpgconf: Check readability of some files with -X
* tools/gpgconf.c (list_dirs): Rename arg from special to
show_config_mode. Add "S.Uiserver" test and test existsing files for
readability.
2024-03-18 11:14:19 +01:00
Werner Koch
122803bf1a
gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag.
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--

GnuPG-bug-id: 7042

Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
2024-03-14 21:51:27 +01:00
Werner Koch
c27534de95
gpg-check-pattern: Consider an empty pattern file as valid
* tools/gpg-check-pattern.c (read_file): Check length before calling
fread.
--

The problem with an empty file is that es_fread is called to read one
element of length zero which seems to be undefined behaviour and
results in ENOENT on my test box.
2024-03-13 15:33:03 +01:00
Werner Koch
609b1ec0c6
Post release updates
--
2024-03-07 15:10:47 +01:00
Werner Koch
cbff323b3b
Release 2.4.5 gnupg-2.4.5 2024-03-07 14:03:25 +01:00
Werner Koch
348de4a829
po: msgmerge
--
2024-03-07 14:01:59 +01:00
Werner Koch
3ffcd533d4
po: Fix a fuzzy in the German, Polish and Japanese translation
--
2024-03-07 14:01:22 +01:00
Werner Koch
09431d1762
scd: Improve code reability of ccid-driver.c
* scd/ccid-driver.c (my_npth_unprotect, my_npth_protect): New.
Replace all direct uses by these wrappers.
2024-03-07 13:44:30 +01:00
Werner Koch
1682ca9f01
scd: Add support for ACR-122U
* scd/ccid-driver.h (VENDOR_ACR, ACR_122U): New.
* scd/ccid-driver.c (ccid_open_usb_reader): Do not call
libsub_set_interface_alt_setting for this reader.
--

Co-authored-by: markus.montkowski@gnupg.com
2024-03-07 13:44:00 +01:00
Werner Koch
a1ea3b13e0
scd: Let the CCID module auto detach the kernel driver.
* scd/ccid-driver.c (ccid_open_usb_reader): Call
libusb_set_auto_detach_kernel_driver.

* scd/scdaemon.c (oCompatibilityFlags): New.
(opts): Add option "compatibility-flags".
(compatibility_flags): New.
(main): Parse flags.
* scd/scdaemon.h (opt): Add field compat_flags.
(COMPAT_CCID_NO_AUTO_DETACH): New.
2024-03-07 13:21:43 +01:00
Werner Koch
00b877ecda
doc: Typo fix in comment
--
2024-03-06 11:54:33 +01:00
Werner Koch
37cc255e49
wks: Make gpg-wks-client --mirror work w/o args.
* tools/gpg-wks-client.c (mirror_one_key): Test for no domain
specified.
--

The code did not really work if no domain was given.  It worked but
filtered out all keys so that no key was actually exported.
2024-03-06 10:00:37 +01:00
Werner Koch
345794cfe6
gpg: Fix mixed invocation with --trusted-keys and --no-options.
* g10/trustdb.c: Move a function and some definitions around.
(user_utk_list): Rename to trusted_key_list.  Change all users.
(any_trusted_key_seen): New.
(tdb_register_trusted_key): Set it here.  Handle the new value "none".
(verify_own_keys): Do not delete a trusted key from the trustdb if a
trusted-key option was not used.
--

GnuPG-bug-id: 7025
2024-03-04 14:58:45 +01:00
Werner Koch
36a3550bff
wks: Add option --realclean to gpg-wks-client.
* tools/gpg-wks-client.c (oRealClean): New.
(opts): Add "realclean".
(parse_arguments): Implement.
(main): Take a copy of the module name to fix bad assignment from a
former patch.
* tools/gpg-wks-server.c (main): Ditto.
* tools/gpg-wks.h (opt): Add field realclean.
* tools/wks-util.c (wks_get_key): Call gpg with export-realclean
depending on the new option.
--

The default for gpg-wks-client is to install keys with all valid key
signatures.  The new option will eventually allow to install the keys
only with key signatures done by trusted-keys.  Also the export-option
is in gpg, it requires one more gpg patch to make it actually work.
2024-03-04 14:28:48 +01:00
Werner Koch
74e4dd3668
gpg: Prepare for a new export option export-realclean.
* g10/options.h (EXPORT_REALCLEAN): New.  Also re-assign other values
to keep them more in sync with the corresponding import values.
* g10/export.c (parse_export_options): Add "export-realclean".
(do_export_stream): Call clean_all_uids directly with the options
arg.
* g10/import.c (import_one_real): Change for direct use of options in
clean_all_uids.
* g10/key-clean.c (is_trusted_key_sig): New.  Stub for now.
(clean_sigs_from_uid): Re-purpose self_only to a general options arg.
Implement EXPORT_REALCLEAN code path.
(clean_one_uid): Re-purpose self_only to a general options arg.
(clean_all_uids): Ditto.
* g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple
flag.
(menu_clean): Re-purpose self_only to a general options arg.

* g10/keyid.c (fpr20_from_pk): Factor code out to ....
(fpr20_from_fpr): new.  Remove useless case for ARRAY being NULL.
* g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use
fpr20_from_fpr if needed.
(tdbio_search_trust_bypk): Pass 20 for the fingerprint length.
--

Note that this code has no function yet.  Another patch will follow to
extract the trusted-keys flag from the trustdb.
2024-03-04 14:22:42 +01:00
Werner Koch
233bf39323
build: Extend getswdb.sh to allow a verified download
--
2024-02-29 15:35:27 +01:00
Werner Koch
c27e5be50b
build: Make getswdb.sh usable outside the GniPG tree.
--
2024-02-29 10:21:33 +01:00
Werner Koch
dcab895e4c
gpg: Emit status lines for errors in the compression layer.
* g10/compress-bz2.c: Replace all log_fatal by log_error,
write_status_error, and g10_exit.
(do_uncompress): Ditto.
--

This gives gpgme a better way to detect corrupted data in the
compression layer.
GnuPG-bug-id: 6977
2024-02-27 11:33:21 +01:00
Werner Koch
962058f704
Allow tilde expansion for the foo-program options.
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program.  Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise.  Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--

GnuPG-bug-id: 7017
2024-02-27 10:36:22 +01:00
Werner Koch
adf4db6e20
agent: Allow GET_PASSPHRASE in restricted mode.
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode
but ignore the cacheid.
--

The use case is symmetric encryption via the extra-socket.  To avoid
that the gpg running on the server has access to the cache we set the
cache id to NULL so that the cache is not used at all.
2024-02-25 16:03:54 +01:00
Werner Koch
2372f6a403
gpg: Fix gpg_mpi_write for the unused opaque case.
* g10/build-packet.c (gpg_mpi_write): Take care of the fact that
get_opaque already returns a bit-exact value.
--

Fixes-commit: ab17f7b6c392782718f57eaea94fc18a0ff49389
Reported-by: Falko Strenzke <falko.strenzke@mtg.de>
2024-02-21 15:55:14 +01:00
Werner Koch
a09157ccb2
wks: Allow command style args for gpg-wks-client.
* tools/gpg-wks-client.c (wrong_args): Take two args.  Change all
callers.
(main): Pass ARGPARSE_FLAG_COMMAND for recent gpgrt version.
--

This requires gpgrt 1.48.  Of course "gpg-wks-client --create ..."
continues to work.
2024-02-21 14:07:06 +01:00
Werner Koch
95bc592ab5
g13: Allow command line style "g13 mount foo".
* g13/g13.c (main): Set flag ARGPARSE_FLAG_COMMAND.
--

This requires gpgrt 1.48.  Of course "g13 --mount foo" continues to
work.
2024-02-20 11:40:49 +01:00
Mario Haustein
3aa02027cd
scd:p15: Fix typo in a comment 2024-02-20 10:34:39 +01:00
Mario Haustein
557f29d2c1
scd:p15: Add ECC support for D-Trust Card 4.1/4.4
* scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC
cards.
(do_decipher): Ditto.
2024-02-20 10:32:08 +01:00
Werner Koch
1e496cf2e5
scd:p15: Take derive usage into account for decryption (2).
* scd/app-p15.c (do_getattr): Yet another palce to fix.
--
GnuPG-bug-id: 7000
Co-authored-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
2024-02-20 10:29:25 +01:00
Werner Koch
3341017ff1
scd:p15: Handle duplicate certificate ids.
* scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter.
(objid_in_cdflist_p): New.
(read_p15_info): Clear the counter.
(read_ef_cdf): Detect and fix duplicate IDs.
--

GnuPG-bug-id: 7001
Reported-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
2024-02-20 09:17:38 +01:00
Werner Koch
ad4bc3e04d
scd:p15: Take derive usage into account for decryption.
* scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'.
(do_auth): Allow usageflags.sign_recover.
(do_decipher): Allow usageflags.derive.
(do_with_keygrip): Take usageflags.derive into account.
(do_gettatr): Ditto.
(do_decipher): Take a missing AODF for authentication not needed.
--

This is required for D-Trust ECC cards.

The AODF thing is unrelated but seems to be a good idea.

GnuPG-bug-id: 7000
2024-02-20 09:17:38 +01:00
NIIBE Yutaka
2810b93464
dirmngr: Fix keep-alive flag handling.
* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
Authentication.  Fix resource leak of FP_WRITE.

--

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-16 16:24:26 +09:00
NIIBE Yutaka
848546b05a
dirmngr: Fix the regression of use of proxy for TLS connection.
* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
causes resource leak of FP_WRITE.
Don't try to read response body to fix the hang.

--

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-16 11:38:57 +09:00
Werner Koch
0370678536
speedo: Add config variable for the timestamp service.
--
2024-02-15 14:53:28 +01:00
NIIBE Yutaka
04cbc3074a
dirmngr: Fix proxy with TLS.
* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
available regardless of USE_TLS.
(run_proxy_connect): Use log_debug_string.
(send_request): Remove USE_TLS.

--

Since the commit of

	1009e4e5f71347a1fe194e59a9d88c8034a67016

Building with TLS library is mandatory.

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-15 15:38:34 +09:00
Werner Koch
302afcb6f6
gpg: Add option --assert-pubkey_algo.
* g10/keyid.c (parse_one_algo_string): New.
(compare_pubkey_string_part): New.
(compare_pubkey_string): New.
* g10/verify.c (check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo.
* g10/options.h (opt): Add field assert_pubkey_algos.
* g10/gpg.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Reorder RC modifications.  Check assert_pubkey_algo_false.
* common/status.h (ASSERT_PUBKEY_ALGOS): new.
* common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if
this macro is set.

* g10/gpgv.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Check assert_pubkey_algo_false.

* g10/t-keyid.c: New.
* g10/Makefile.am: Add t-keyid.
* g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and
remove from other tests.
(check_assert_signer_list): Ditto.
(check_assert_pubkey_algo): Ditto.
--

GnuPG-bug-id: 6946
2024-02-10 14:26:55 +01:00
Werner Koch
5842eee805
doc: Suggest the use of a fingerprint for --default-key.
--

GnuPG-bug-id: 6975
2024-02-05 08:53:06 +01:00
Werner Koch
e5f24218fc
doc: Improve warning for --use-embedded-filename.
--

GnuPG-bug-id: 6972
2024-02-05 08:42:56 +01:00
Werner Koch
214d3ffe0f
gpgsm: Increase salt size in pkcs#12 parser.
* sm/minip12.c (parse_bag_encrypted_data): Need 32 bytes.
--

GnuPG-bug-id: 6757
2024-02-05 08:00:20 +01:00
Ángel González
375c3a238a
gpgsm: cleanup on error paths
* sm/minip12.c (p12_parse): set err on the different error paths

--

GnuPG-bug-id: 6973
Fixes-commit: 101433dfb42b333e48427baf9dd58ac4787c9786
Signed-off-by: Ángel González <angel@pgp.16bits.net>
2024-02-05 07:54:14 +01:00
Werner Koch
40b85d8e8c
scd:openpgp: Allow PIN length of 6 also with a reset code.
* scd/app-openpgp.c (do_change_pin): Fix PIN length check.  Add "R"
flag to the reset code prompt.
--

When using the reset code it was not possible to set a PIN of length
6.  The "R" flags fixes a funny prompt.

Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b
scd:openpgp: Allow PIN length of 6 also with a reset code.

* scd/app-openpgp.c (do_change_pin): Fix PIN length check.  Add "R"
flag to the reset code prompt.
--

When using the reset code it was not possible to set a PIN of length
6.  The "R" flags fixes a funny prompt.

Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
2024-01-30 15:58:14 +01:00
Andre Heinecke
d6dedda3f2
w32, msi: Fix directory of gpg-card, add keyboxd
* build-aux/speedo/w32/wixlib.wxs: Fix gpg-card directory id.
Add keyboxd.
2024-01-30 10:20:43 +01:00
Jakub Bogusz
300c9eeace
po: update Polish translation 2024-01-29 10:59:13 +01:00
Werner Koch
03207f62e8
gpg: Minor code cleanup for fingerprint computation.
* g10/keyid.c (do_hash_public_key): Simplify code for clarity.
2024-01-29 10:30:51 +01:00