* g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs
mode.
* g10/encrypt.c (setup_symkey): Add extra compliance check.
(encrypt_simple): Avoid printing a second error oncplinace failure.
--
Because we used the RFC4880 mode as base for the de-vs mode we got
3DES as symmetric encryption algorithm. With the default gnupg mode
that was already used. The new extra compliance checks are added to
detect whether a --personal-cipher-preference or --cipher-algo option
tried to override the algorithms. They are still possible but now
non-compliant algorithms will throw an error.
Manual testing can be done with commands like this:
gpg --no-options --compliance=de-vs \
--personal-cipher-preferences "S1 S7" \
--pinentry-mode loopback -v --passphrase abc -ac </etc/motd
Here the command fails due to IDEA (S1) being the preferred cipher
algorithm. Using "--s2k-digest-algo SHA1" instead of
--personal-cipher-preferences will also fail.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1f2a6d9f71cf50318f4891c84aeedb975553896)
* g10/misc.c (pct_expando): Catch special case of the empty string.
Also map a NULL to the empty string.
* g10/photoid.c (show_photos): Make an empty string used as command
fail.
--
This patch also fixes a segv when calling gpg wrongly like
gpg -N \-foo@example.org
GnuPG-bug-id: 5117
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (is_weak_digest): New.
(print_digest_algo_note): Use it here.
* g10/sig-check.c (check_signature_end_simple): Use it.
* g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
the least of weak digest algorithm.
--
If a message is signed and encrypted to several recipients, the to be
used digest algorithm is deduced from the preferences of the
recipient. This is so that all recipients are able to check the the
signature. However, if the sender has a declared an algorithm as
week, that algorithm shall not be used - in this case we fallback to
the standard way of selecting an algorithm.
Note that a smarter way of selecting the algo is to check this while
figuring out the algorithm - this needs more testing and thus we do it
the simple way.
Reported-by: Phil Pennock
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 15746d60d492f5792e4a179ab0a08801b4049695
* agent/cvt-openpgp.c (convert_secret_key): Avoid adding 0x00 at the
beginning of MPI.
--
In master, we handle it as opaque MPI, but in 2.2, we use standard MPI
here.
GnuPG-bug-id: 5114
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit
only for SPR532, excluding other readers by SCM.
(ccid_slot_status): Use ccid_vendor_specific_setup.
--
We follow the setup procedure of libccid implementation, which sends
the escape command for SPR532 only.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all
callers of opendir, readdir, and closedir to use these functions.
--
GnuPG-bug-id: 5098
Backported-from-master: 7e22e08e2ab09cd3c2317f5e80e8ee47d46eff4b
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--
Yet another wrapper for Unicode support on Windows.
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 18e5dd7b03ced51611c9ba1345cf498a0aaf14a6)
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New. Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--
This is yet another step for full Unicode support on Windows.
GnuPG-bug-id: 5098
(cherry picked from commit 4dcef0e17836e8725c31a3b76f2bf7144345c808)
* common/dotlock.c (any8bitchar) [W32]: New.
(dotlock_create_w32): Use strconcat and CreateFileW.
* common/t-dotlock.c: Source include dotlock.c and modify to allow
manual testing on Windows.
--
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b47c355b18d9537ccc3dd3e80cc1825b018ecff7)
--
We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change. At a
very few places we keep using stdio (for example due to the use of
popen).
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 390497ea115e1aca93feec297a5bd6ae7b1ba6dd
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--
Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.
This is required to correctly handle non-ascii filenames on Windows.
GnuPG-bug-id: 5098
(cherry picked from commit c94ee1386e0d5cdac51086c4d5b92de59c09c9b5)
* scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.
--
Backport master commit of:
b1e8072320c19246962beb6d67dc5784b5a72364
With SPR532, at the first connection, it fails by
LIBUSB_ERROR_TIMEOUT, but no retry.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.
--
Backport master commit of:
7cbb513a2dc150a90a30c53316970df2a439d494
SPR532 USB Smart Card Reader (also know as SPR332) may send two
messages at once for a single interrupt transfer. An example transfer
observed was like: 50 03 50 02, which is considered valid, according
to the CCID specification.
GnuPG-bug-id: 5065
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
(ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
determined value. Use value from variable wait_more for bulk_in.
Set wait_more by the value of time extension request.
--
Backport master commit of:
f1cf799a37f320d33cae445c74f3fc1936dd9995
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c: Support a test program by ccid-driver.
--
Backport from master commit:
b31060425226b45deb21915bf5cd8b6ba62bd098
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
* scd/apdu.h: New SW_HOST error codes.
* scd/apdu.c (host_sw_string): Print them
* scd/ccid-driver.c (map_libusb_error): New.
(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
* scd/iso7816.c (map_sw): Map new codes to gpg-error.
--
Backport from master commit:
9a8d7e41bba1926158a21ebdda542241493ef983
This change will help to get low level error conditions from hipher
application code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
control transfer.
--
Backport from master commit:
611faf1579a56925994d53eb08e1290a4b3958cf
This handling is not mondatory, but it's better to do so, because
there are card reader with pinpad and token with ack button, which
support user interaction.
User interaction status should be reset at open time. The status
should be reset when the session is closed/stopped. In practice,
since cleanup routine in a driver may not be called properly, it's
good to submit SET_INTERFACE at open time.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note
that this is anyway an impossible case.
--
Backport master commit of:
8fb14d3b3f9c5c27ff8b9f0e7e7207ec388687ff
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldap.c (start_default_fetch_ldap): Rename to
start_cacert_fetch_ldap and remove arg attr. Instead use
"cACertificate" directly.
* dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
(start_cert_fetch_ldap): Rename arg for clarity.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c: Include exechelp.h. New option --show-versions.
(get_revision_from_blurb): New.
(show_version_gnupg): New.
(show_version_libgcrypt): New.
(show_version_gpgrt): New.
(show_versions_via_dirmngr): New.
(show_versions): New.
* dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
(get_revision_from_blurb): New.
(gpgconf_versions): New.
--
This option should be helpful to gather information for debugging.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 357ad9ae29677c1676b56d2b81282e2f78ec8040
* kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes. Add support
for 32 byte fingerprints.
--
kbxutil is a debug tool but nevertheless it should behave well and not
read beyond allocated buffers and in turn crash.
Vincent Ulitzsch and Dominik Maier were kind enough to report these
crashes along with a couple of test keyboxes and crash analysis.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported from master and while doing that adding also the support
for OpenPGP v5 keys.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (cmd_killdirmngr): Return 0.
* tools/gpg-connect-agent.c (main): Catch signals.
--
And we also print nicer diagnostics. The reason we need this is that
for example "gpgconf --kill dirmngr" uses gpg-connect-agent to send a
command to dirmngr. This may results in a SIGPIPE which in turn leads
to an annoying error message from gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--
The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate. This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.
Signed-off-by: Werner Koch <wk@gnupg.org>