1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

10550 Commits

Author SHA1 Message Date
Werner Koch
3fbe10172f
w32: Add missing manifests and set a requestedExecutionLevel.
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--

This avoids the use of the VirtualStore uner Windows.

GnuPG-bug-id: 6503
2023-05-24 12:06:37 +02:00
NIIBE Yutaka
2f872fa68c
gpg: Report BEGIN_* status before examining the input.
* common/miscellaneous.c (is_openpgp_compressed_packet)
(is_file_compressed): Moved to ...
* common/iobuf.c: ... in this file.
(is_file_compressed): Change the argument to INP, the iobuf.
* common/util.h (is_file_compressed): Remove.
* common/iobuf.h (is_file_compressed): Add.
* g10/cipher-aead.c (write_header): Don't call write_status_printf
here.
(cipher_filter_aead): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/cipher-cfb.c (write_header): Don't call write_status_printf
here.
(cipher_filter_cfb): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
after call of iobuf_push_filter.
(encrypt_crypt): Likewise.
* g10/sign.c (sign_file): Likewise.

--

GnuPG-bug-id: 6481
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-24 10:36:04 +09:00
Werner Koch
48b5648554
common,w32: Set a proper error code when creating an output file.
* common/iobuf.c (direct_open) [W32]: Set errno.
(fd_cache_open): Ditto.
--
2023-05-23 14:50:22 +02:00
Werner Koch
5f46bcaaa0
sm: Emit STATUS_FAILURE for non-implemented commands.
* sm/gpgsm.c (main): Do it here.
2023-05-22 17:00:54 +02:00
Werner Koch
cd7f286486
gpgtar: Emit FAILURE status line.
* tools/gpgtar.c (main): Write status line before exit.
--

Due to the new way we support gpgtar in GPGME we need status lines to
detect a final error.

GnuPG-bug-id: 6497
2023-05-19 13:06:18 +02:00
Werner Koch
6944aefa3c
kbx,w32: Disable the fd-passing.
* kbx/kbxserver.c (kbxd_start_command_handler): No fd-passing udner
Windows.
--

file descriptor passing does not work reliable in libassuan for
Windows and we actually don't need it here.  It is not even used by
gpg or gpgsm.  As soon as we enable fd-passing in gpgme for Windows
and see that it is robust enough we should back out this patch.
2023-05-17 15:54:40 +02:00
NIIBE Yutaka
b789ada2b0
scd: Fix send_client_notifications for Windows.
* scd/command.c (send_client_notifications): Don't use assuan_get_pid
for Windows.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-17 15:28:01 +09:00
NIIBE Yutaka
d221062769
w32: Also use _putenv_s for gnupg_unsetenv.
* common/sysutils.c (gnupg_setenv): Only enable use of _putenv_s with
Security Feature in the CRT.
(gnupg_unsetenv): Use _putenv_s when available.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-16 19:11:16 +09:00
NIIBE Yutaka
86cdb49097
w32: Use _putenv_s.
* common/sysutils.c (gnupg_setenv): Use _putenv_s.

--

This may break build on original MinGW, but works well with MinGW-W64.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-16 16:25:13 +09:00
NIIBE Yutaka
5c7c6065f3
w32: Remove support of Windows 95/98/Me.
* g10/photoid.c (VER_PLATFORM_WIN32_WINDOWS): Remove fallback
definition.
(get_default_photo_command): Remove use of "start /w" for Windows 95.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-16 10:19:02 +09:00
Werner Koch
23bb92b755
common: Fix malloc nit in regression test.
* common/t-iobuf.c: Add boilerplate.
(xmalloc): New.  Use it everywhere.
--

GnuPG-bug-id: 6483
2023-05-11 15:52:05 +02:00
NIIBE Yutaka
a035938216
common,agent,gpg,dirmngr,g13,scd,tests,tools: New spawn function.
* common/exechelp-posix.c (do_exec, gnupg_spawn_process): Remove.
(check_syscall_func, pre_syscall, post_syscall) : New.
(do_create_socketpair, posix_open_null, call_spawn_cb): New.
(my_exec, spawn_detached, gnupg_spawn_helper): New.
(gnupg_process_spawn, process_kill, gnupg_process_terminate): New.
(gnupg_process_get_fds, gnupg_process_get_streams): New.
(process_vctl, gnupg_process_ctl): New.
(gnupg_process_wait, gnupg_process_release): New.
(gnupg_process_wait_list): New.
* common/exechelp-w32.c: Add definition of _WIN32_WINNT as 0x600.
(check_syscall_func, pre_syscall, post_syscall): New.
(gnupg_spawn_process): Remove.
(check_windows_version): New.
(spawn_detached, gnupg_spawn_helper, gnupg_process_spawn): New.
(gnupg_process_get_fds, gnupg_process_get_streams): New.
(process_kill, process_vctl, gnupg_process_ctl): New.
(gnupg_process_wait, gnupg_process_terminate): New.
(gnupg_process_release, gnupg_process_wait_list): New.
* common/exechelp.h: Re-write for new API.
* common/exectool.c (gnupg_exec_tool_stream): Follow the change.
* common/asshelp.c (start_new_service): Likewise.
* agent/genkey.c (do_check_passphrase_pattern): Likewise.
* dirmngr/ldap-wrapper.c (struct wrapper_context_s): Use PROC.
(destroy_wrapper): Follow the change of API.
(read_log_data): Follow the change of API, use printable_pid.
(ldap_reaper_thread, ldap_wrapper_release_context): Likewise.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Follow the change of API.
(show_photo): Likewise.
* g13/be-encfs.c (run_umount_helper): Likewise.
(run_encfs_tool): Likewise.
* g13/g13.c: Add including ./common/exechelp.h.
* g13/mount.c: Likewise.
* g13/runner.c: Follow the change of API.
* g13/runner.h: Follow the change of API.
* scd/app.c (setup_env): New.
(report_change): Follow the change of API.
* tests/gpgscm/ffi.c (proc_object_finalize): New.
(proc_object_to_string): New.
(proc_wrap, proc_unwrap): New.
(do_spawn_process): Remove.
(do_process_spawn): New.
(setup_std_fds): New.
(do_spawn_process_fd): Remove.
(do_process_spawn_fd): New.
(do_wait_process): Remove.
(do_process_wait): New.
(do_wait_processes): Remove.
* tests/gpgscm/t-child.scm: Follow the change of API.
* tests/gpgscm/tests.scm: Likewise.
* tests/openpgp/defs.scm: Likewise.
* tests/tpm2dtests/defs.scm: Likewise.
* tools/gpg-card.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgconf.c: Likewise.
* tools/gpgtar-create.c: Likewise.
* tools/gpgtar-extract.c: Likewise.
* tools/gpgtar-list.c: Likewise.

--

GnuPG-bug-id: 6275
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-11 19:18:21 +09:00
Werner Koch
1e41878bf2
Prepare new development cycle
--
gnupg-2.5-base gnupg-2.6-base
2023-05-10 10:23:59 +02:00
Werner Koch
c30d5829c9
gpg: New option --debug-ignore-expiration to help with testing.
* g10/gpg.c (oDebugIgnoreExpiration): New.
(opts): Add option.
(main): Set flag.
* g10/options.h (opt): Add field ignore_expiration.
* g10/pkclist.c (do_we_trust): Handle the option.
* g10/getkey.c (skip_unusable): Ditto.
(finish_lookup): Ditto.
--

GnuPG-bug-id: 2703
2023-05-09 08:17:30 +02:00
Werner Koch
ef2c3d50fa
gpg: Print a warning if no more encryption subkey was left over.
* g10/keyedit.c (no_usable_encr_subkeys_warning): New.
(keyedit_menu): Call it after running an expire command.
* g10/import.c (import_one_real): Call it in the show_key case.
--
2023-05-08 13:10:47 +02:00
Werner Koch
a2c199affb
kbx: For non-Windows use 64k buffers by default instead of 128k.
* kbx/keybox-init.c (DEFAULT_LL_BUFFER_SIZE): New.
--

A simple gpg --check-sigs benchmark showed on Linux a small
performance peak at around 64k (5m52 vs. 6m8 for 128k and 6m33 for
system size).
2023-05-08 13:09:27 +02:00
Werner Koch
08ff55bd44
kbx: Use custom estream buffering
* kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k
(stream_buffers): New var.
(keybox_set_buffersize): New.
(_keybox_ll_open, _keybox_ll_close): Implement buffering.

* sm/gpgsm.c (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.

* g10/gpg.c: Include keybox.h.
* (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.
--

Running a test on Windows using a pubring.kbx with
Total number of blobs:     2098
              openpgp:     1294
                 x509:      803
and a size of 42MiB with

gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul

gives these performance figures using procmon

| N(k) | file events | time(s) |
|------+-------------+---------|
|    0 |     4900000 |      86 |
|   16 |     2456000 |      58 |
|   32 |     1233000 |      43 |
|   64 |      622000 |      37 |
|  128 |      317000 |      32 |
|  256 |      164000 |      31 |
|  512 |       88000 |      30 |

Using _open instead of CreateFile give the same number of file events
but increased the time slight by one second for the measured buffer
size of 64k and 128k.   Benchmarks for gpg have not been conducted.
2023-05-08 09:40:14 +02:00
Werner Koch
a6c4d6413a
kbx: Use wrapper functions for es_fclose and es_fopen.
* kbx/keybox-defs.h (KEYBOX_LL_OPEN_READ)
(KEYBOX_LL_OPEN_UPDATE, KEYBOX_LL_OPEN_CREATE): New.
* kbx/keybox-init.c (_keybox_ll_open): New.  Replace all keybox use of
es_fopen by this function.
(_keybox_ll_close): New.  Replace all keybox use of es_fclose by this
function.
--

Note that this has not been done for the utilities and the backend-kbx
of keyboxd.
2023-05-05 11:54:37 +02:00
Werner Koch
a7dbf11954
kbx: Add extra flags to fopen for use by Windows.
* kbx/keybox-search.c (open_file): Use sysopen and sequential.
* kbx/keybox-update.c (create_tmp_file): Ditto.
(blob_filecopy): Ditto.
(keybox_set_flags): Ditto.
(keybox_delete): Ditto.
(keybox_compress): Ditto.
--

Under Windows "sysopen" requests that direct API calls (CreateFile et
al.) are used instead of the libc wrappers.  This may or may not
improve the performance.

Using "sequential" is a hint to Windows to assume that a file is in
general access in a sequential manner.  This will have an affect only
with a future libgpg-error.
2023-05-04 14:37:48 +02:00
Werner Koch
68613a6a9d
gpgsm: Cache the non-existence of the policy file.
* sm/certchain.c (check_cert_policy): Add simple static cache.
--

It is quite common that a policy file does not exist.  Thus we can
avoid the overhead of trying to open it over and over again just to
assert that it does not exists.
2023-05-04 14:35:31 +02:00
NIIBE Yutaka
0fe99d69f0
dirmngr: Fix API of functions wrt their error type.
* dirmngr/crlcache.h (fakecrl_isvalid): Fix return type.
* dirmngr/http.c (parse_response): Fix return type to gpg_error_t,
modifying the function implementation.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-01 11:39:24 +09:00
NIIBE Yutaka
698caf30b9
common: Fix parsing ECC key.
* common/sexputil.c (get_ecc_q_from_canon_sexp): Initialize ECC_Q_LEN.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-01 11:38:20 +09:00
NIIBE Yutaka
3cf5fc2e2f
scd: Fix cmd_apdu on error.
* scd/command.c (cmd_apdu): Fix the code path on error.

--

GnuPG-bug-id: 6476
Reported-by: Robin Krahl
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-01 11:36:36 +09:00
Werner Koch
625bd92410
Post release updates
--
2023-04-28 14:16:52 +02:00
Werner Koch
b331ae1c3f
Release 2.4.1 gnupg-2.4.1 2023-04-28 11:16:29 +02:00
Werner Koch
51975712e9
po: msgmerge done
--
2023-04-28 10:50:50 +02:00
Werner Koch
2b8109d102
po: Update German translation
--
2023-04-28 10:44:41 +02:00
NIIBE Yutaka
23c5634485
regexp: Update UnicodeData for Unicode 15.0.0.
* regexp/UnicodeData.txt: Update from upstream.

--

https://www.unicode.org/Public/15.0.0/ucd/UnicodeData.txt

See: https://www.unicode.org/versions/Unicode15.0.0/
     https://www.unicode.org/reports/tr44/

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-27 09:10:39 +09:00
Werner Koch
7e1f36b242
speedo,w32: Adjustments for the new Unicode NSIS plugins.
* build-aux/speedo/w32/inst.nsi: Convert to UTF-8.  Add Unicode
statement.
* build-aux/speedo.mk (installer): Remove -INPUTCHARSET.
--

GnuPG-bug-id: 6448
2023-04-26 09:10:39 +02:00
Werner Koch
7359665add
speedo: Update NSIS helper DLL from Gpg4win
* build-aux/speedo/w32/inst.nsi: Re-enable run-once check.
* build-aux/speedo/w32/exdll.c: New.
* build-aux/speedo.mk (g4wihelp.dll): Change build commands.
--

GnuPG-bug-id: 6448
2023-04-26 09:10:39 +02:00
NIIBE Yutaka
c4a456e5ff
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-26 13:37:39 +09:00
NIIBE Yutaka
0ec10fbd0d
gpg: Fix for overridden key import.
* g10/import.c (do_transfer): Force the overridden key import
even when smartcard is available.

--

Fixes-commit: 2c1297055041b4657ea1a927acac978c2b09a483
GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-25 13:47:49 +09:00
Werner Koch
c03ba92576
gpg: Fix writing ECDH keys to OpenPGP smartcards.
* agent/command.c (cmd_keytocard): Add new arg for ECDH params.
* scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to
compute the fingerprint.
* g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str.
* g10/keyid.c (ecdh_param_str_from_pk): New.
* g10/card-util.c (card_store_subkey): Pass ECDH params to writekey.
* g10/keygen.c (card_store_key_with_backup): Ditto.

* scd/app-openpgp.c (store_fpr): Add arg update.
(rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid
writing the fingerprint back to the card if not set.
(read_public_key): Also add arg meta_update.
(get_public_key): Do not pass it as true here...
(do_genkey): ... but here.
(rsa_write_key, ecc_writekey): Force string the fingerprint.
--

The problem showed up because in 2.4 we changed the standard ECDH
parameter some years ago.  Now when trying to write an ECDH key
created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong
fingerprint and thus gpg was not able to find the key again by
fingerprint.

The patch also avoids updating the stored fingerprint in certain
situations.

This fix is somewhat related to
GnuPG-bug-id: 6378
2023-04-21 15:23:29 +02:00
NIIBE Yutaka
762b7d07ea
common: Incorporate upstream changes of regexp.
* regexp/jimregexp.c (regatom): Raise REG_ERR_UNMATCHED_BRACKET when
no matching end bracket.
(regmatch): Fix the end of word check.

--

Original changes:
	Signed-off-by: Steve Bennett <steveb@workware.net.au>

GnuPG-bug-id: 6455
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-21 11:51:47 +09:00
Werner Koch
af3724d383
scd,p15: Enforce a min. PIN length for certain cards.
* scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
2023-04-20 12:41:08 +02:00
Werner Koch
a82e6f310a
common: Fix minor bug in the jimregexp code.
* regexp/jimregexp.c (regatom): Make error checking for stray
backslash at end of the string work.  Check that the pattern class is
closed by a bracket.
--

GnuPG-bug-id: 6455
Co-authored-by: Guldrelokk
2023-04-20 12:26:40 +02:00
Werner Koch
e1663c0450
gpg: New command "openpgp" for --card-edit.
* g10/card-util.c (current_card_status): Print a hint for fishy
outputs.
(enum cmdids): Add cmdOPENPGP.
(cmds): Add "openpgp".
(card_edit): Implement that command.
--

If a Yubikey has been used in PIV mode the initial listing does not
look correct.  Although we explicitly switch to the OpenPGP app when
needed, we don't want to do this in listing mode.  Instead we offer a
new command "openpgp" to force the openpgp mode.  The ultimate goal
will be to enhance the gpg-card tool to completely take over the
--card-edit features.  But we are not yet there.

GnuPG-bug-id: 6462
2023-04-20 12:10:54 +02:00
Werner Koch
80d4ae1215
Use keyboxd on a fresh install also on Windows.
* common/homedir.c (gnupg_maybe_make_homedir): Factor some code out to
...
(create_common_conf): new.
(standard_homedir): Call it also from here.
--

Fixes-commit: d9e7488b17fdc617eec735e2c0485b69285ba511
2023-04-19 11:05:42 +02:00
Werner Koch
fa4f716917
gpg: Make sure that we are not accidently working with the PIV app.
* g10/call-agent.c (agent_scd_switchapp): New.
* g10/card-util.c (get_info_for_key_operation): Call it.
--

It may happen that the active card was last used for PIV and in that
case certain commands will fail because they assume the OpenPGP app.
Fortunately we have a pretty central place to assure that the right
app has been selected.

The bug can be easily noticed on Windows.

GnuPG-bug-id: 6378
2023-04-18 17:07:04 +02:00
Werner Koch
f7e00dc73d
scd: On a Yubikey re-select the last app after the use of APDU.
* scd/app-common.h (struct card_ctx_s): Add maybe_check_aid flag.
* scd/command.c (cmd_apdu): Set it.
* scd/app.c (check_external_interference): Consult this flag.
(maybe_switch_app): Do a re-select if this flag is set.
--

After the gpg-card tool has issued a Yubikey specific command the
current application is not anymore correctly selected.  This then
results in all kind of errors.  We detect this now and try to
re-select the last app.
2023-04-18 12:04:15 +02:00
Werner Koch
98b8c518fa
ssh: Allow to prefer on-disk keys over active card keys.
* agent/command-ssh.c (ssh_send_available_keys): Redefine the order of
keys.
--

GnuPG-bug-id: 6212
2023-04-18 09:04:27 +02:00
Werner Koch
ba67fea5b9
gpgtar: Read common.conf for the log-file option.
* common/util.h (GNUPG_MODULE_NAME_GPGTAR): New.
* common/homedir.c (gnupg_module_name): Add it.
* tools/gpgtar.c: Include comopt.h.
(enum cmd_and_opt_values): Add oDebug.
(opts): Add --debug.
(any_debug): New.
(main): Parse common.conf.
--

Having a way to see the output of gpgtar is often useful for
debugging.  The only effect of the debug option is to show whether
common.conf was read.
2023-04-18 08:04:48 +02:00
NIIBE Yutaka
2c12970550
gpg: Allow overridden key import when stub exists.
* g10/import.c (do_transfer): Force importing when it's card
reference.

--

GnuPG-bug-id: 3456
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-18 09:53:24 +09:00
Werner Koch
d965ee8d65
gpg: Curvenames may now compared case insensitive.
* common/openpgp-oid.c (openpgp_curve_to_oid): Repalce strmcp by
ascii_strcasecmp.
(openpgp_oid_or_name_to_curve): Ditto.
(openpgp_is_curve_supported): Ditto.
(get_keyalgo_string): Ditto.
--

It was just to hard to remember the correct capitalization of
names like brainpoolP512r1.
2023-04-12 17:10:08 +02:00
Eva Bolten
3013137f74
po: Fix in German translation
--
2023-04-06 10:30:56 +02:00
NIIBE Yutaka
cb055ecb91
gpg: Fix handling of importing cv25519 secret key.
* g10/import.c (transfer_secret_keys): Only emit a warning when secret
key is not encrypted.

--

Fixing-commit: dbfb7f809b89cfe05bdacafdb91a2d485b9fe2e0
GnuPG-bug-id: 6322
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-06 11:32:52 +09:00
Werner Koch
c9e95b8dee
gpg: New option --assert-signer.
* g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner.
(opts): Add "assert-signer".
(main): Set option.
(assert_signer_true): New var.
(g10_exit): Evaluate new var.
* g10/main.h (assert_signer_true): Declare new var.
* common/status.h (STATUS_ASSERT_SIGNER): New.
* g10/options.h (opt): Add field assert_signer_list.
* g10/verify.c (is_fingerprint): New.
(check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call that function.  Clear
assert_signer_true on a warning.

* g10/gpgv.c: Add dummy function and vars.
* g10/t-keydb-get-keyblock.c: Ditto.
* g10/t-keydb.c: Ditto.
* g10/t-stutter.c: Ditto.
--
2023-04-05 21:32:23 +02:00
Werner Koch
42ccbd6c78
speedo,w32: Remove removed profiles and temporary disable runonce.
--
2023-04-05 15:01:18 +02:00
NIIBE Yutaka
946a851d17
build: Update gpg-error.m4.
* m4/gpg-error.m4: Update from libgpg-error master.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-05 15:56:05 +09:00
Werner Koch
d261f5e5d0
common: Change allocation of the comopt symbol.
* common/comopt.h (struct gnupg_comopt_s): New.
* common/comopt.c (struct gnupg_comopt_s): Define here in the data
segment.
2023-04-04 16:51:58 +02:00