* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--
Yet another wrapper for Unicode support on Windows.
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New. Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--
This is yet another step for full Unicode support on Windows.
GnuPG-bug-id: 5098
* common/dotlock.c (any8bitchar) [W32]: New.
(dotlock_create_w32): Use strconcat and CreateFileW.
* common/t-dotlock.c: Source include dotlock.c and modify to allow
manual testing on Windows.
--
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
--
We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change. At a
very few places we keep using stdio (for example due to the use of
popen).
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--
Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.
This is required to correctly handle non-ascii filenames on Windows.
GnuPG-bug-id: 5098
* common/asshelp.c (lock_spawning): Use a dedicated name for keyboxd.
* common/homedir.c (keyboxd_socket_name): New.
(gnupg_module_name): Put keyboxd into libexecdir.
* tools/gpgconf-comp.c (known_options_keyboxd): New.
(gc_component): Add entry for keyboxd.
(keyboxd_runtime_change): New.
(gc_component_launch): Support keyboxd.
* tools/gpgconf.c (list_dirs): Emit new item keyboxd-socket.
(main): Also remove keyboxd socket.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.
--
The strings in the ARRAY don't need to be released by caller, as those
are references. It's easier to follow the code when it's explicitly
const *.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sexputil.c (cmp_canon_sexp): New.
(cmp_canon_sexp_def_tcmp): New.
* common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
--
To be used to fix
GnuPG-bug-id: 5061
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-posix.c (gnupg_close_pipe): New.
* common/exechelp-w32.c (gnupg_close_pipe): New.
--
This function is mainly for documentation purposes and should be used
along with gnupg_create_pipe.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/utf8conv.c (get_w32_codepage): New.
(wchar_to_native): Use instead oc CP_ACP.
(native_to_wchar): Ditto.
--
This should fix quite some issue; we fixed it when using the iconv
based machinery about 14 years ago. At some point we introduced the
new conversion functions because Windows started to support UTF-8
natively. The fix comes late but well, it is done.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
arg to w32_strerror.
--
This is in particular annoying since we started to use a string
argument sanitizer in the logging code. Before that we just add an
extra blank line.
The second patch corrects a never yet seen error message.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names. Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
(main): Remove tests for --files-from and --null option combinations.
Pass option variables to gpgtar_create.
--
GnuPG-bug-id: 5027
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum
conversion.
* dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from
int to float.
* sm/gpgsm.c (parse_keyserver_line): Initialize ERR.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
In the experiment for 4994, and patches were wrongly applied.
Fixes-commit: 46d185f60397f68830bfdfb99627b29aea5016f1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (close_pcsc_reader): Check if it's not in the loop.
--
GnuPG-bug-id: 4998
Reported-by: Kevin Locke
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS. Adjust all callers.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags. Pass algo flags along.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gpgrlhelp.c (read_write_history): New.
(gnupg_rl_initialize): Register new function.
* common/ttyio.c (my_rl_rw_history): New var.
(tty_private_set_rl_hooks): Add arg read_write_history.
(tty_read_history): New.
(tty_write_history): New.
* tools/gpg-card.c (HISTORYNAME): New.
(oNoHistory): New enum value.
(opts): New option --no-history.
(cmd_history): New.
(cmds): New command "history".
(interactive_loop): Read and save the history.
* tools/gpg-connect-agent.c (HISTORYNAME): New.
(opts): New option --no-history.
(main): Read and save the history. New command /history.
--
Yeah, finally we have stored history; I should have added this much
earlier.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sexputil.c (cipher_mode_to_string): New.
* sm/decrypt.c (prepare_decryption): Show cipher algo and mode.
(gpgsm_decrypt): Show key algo and fingerprint
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (pubkey_algo_to_string): New.
* sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
* sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
* sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
* sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA. Use new pubkey
algo name function
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
(gpgsm_get_key_algo_info2): new.
(gpgsm_pubkey_algo_string): New.
* sm/keylist.c (list_cert_colon): Put curve into field 17
(list_cert_raw): Print the unified key algotithm string instead of the
algo and size.
(list_cert_std): Ditto.
--
It is important to known whether a 256 bit ECC uses a NIST or a
Brainpool curve.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/tlv-builder.c: New.
* common/tlv.c: Remove stuff only used by GnuPG 1.
(put_tlv_to_membuf, get_tlv_length): Move to ...
* common/tlv-builder.c: here.
* common/tlv.h (tlv_builder_t): New.
--
Such code should actually go into libksba and we will eventually do
that. However, for now it is easier to keep it here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (hash_algo_to_string): New.
--
Libgcrypt expects lowercase names and it is cumbersome to downcase
those retrieved via gcry_md_algo_name. It is easier and also faster
to use a dedicated map function.
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
--
If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks. The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list. Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--
There is no need to read the list of options from the components
unless they convey a default value. It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed. Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--
This patch adds support for a to be proposed OpenPGP ferature:
Introduce the Key Block subpacket to align OpenPGP with CMS.
This new subpacket may be used similar to the CertificateSet of
CMS (RFC-5652) and thus allows to start encrypted communication
after having received a signed message. In practice a stripped down
version of the key should be including having only the key material
and the self-signatures which are really useful and shall be used by
the recipient to reply encrypted.
#### Key Block
(1 octet with value 0, N octets of key data)
This subpacket MAY be used to convey key data along with a signature
of class 0x00, 0x01, or 0x02. It MUST contain the key used to create
the signature; either as the primary key or as a subkey. The key
SHOULD contain a primary or subkey capable of encryption and the
entire key must be a valid OpenPGP key including at least one User ID
packet and the corresponding self-signatures.
Implementations MUST ignore this subpacket if the first octet does not
have a value of zero or if the key data does not represent a valid
transferable public key.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/miscellaneous.c (xreallocarray): New func.
* common/util.h (xtryreallocarray): New macro.
--
Very useful to match calloc behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpgscm/main.c: Switch to the new option parser.
* common/argparse.c, common/argparse.h: Remove.
* common/init.c (_init_common_subsystems): Do not call obsolete func.
* common/Makefile.am (common_sources): Remove those files.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h. Do this also for all main modules which use our option
parser except for gpg. Replace calls to strusage by calls to
gpgrt_strusage everywhere.
* g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t. Rework the option
parser to make use of the new gpgrt_argparser.
--
This is not yet finished but a make check works. gpg has the most
complex and oldest option handling and thus this is the first
migration target. SE-Linux checks and version-ed config files are
missing and will be added later.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>