1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

2257 Commits

Author SHA1 Message Date
Werner Koch
1f59c4c8e2
gpg: Prepare for globing with UTF-8.
* g10/gpg.c (_dowildcard): Remove.
(my_strusage): Enable wildcards using our new system.
--

This patch actually removes the current globing using a mingw
feature.  We are not able to use this because it does not handle
Unicode filenames.  The plan is to implement this in init.c.  This
patch merely configures gpg to request globing.

GnuPG-bug-id: 4398
(cherry picked from commit 8e15506d6680bbee85bc01453da28fc90b4cb673)
2021-06-08 09:24:39 +02:00
Werner Koch
9f586700ec
gpg,sm: Simplify keyserver spec parsing.
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist.  Avoid
an ambiguity in dirmngr by adding a prefix if needed.

* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here.  Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--

We now rely on the dirmngr to parse the keyserver specs.  Thus a bad
specification will not be caught immediately.  However, even before
that dirmngr had stricter tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-26 14:30:17 +02:00
Werner Koch
7bf8530e75
gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
* g10/call-dirmngr.c (record_output): Rewrite.
--

Thou shalt not percent-escape for C-unescaping.

Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-18 22:54:16 +02:00
Werner Koch
03f83bcda5
gpg: Use a more descriptive prompt for symmetric decryption.
* g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
(passphrase_to_dek_ext): Remove this obsolete prototype.
* g10/passphrase.c (passphrase_get): Add arg flags.  Use new flag
value.
(passphrase_to_dek): Add arg flags and pass it on.
* g10/mainproc.c (proc_symkey_enc): Use new flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-17 19:30:15 +02:00
Werner Koch
b203325ce1
gpg: Allow ECDH with a smartcard returning just the x-coordinate.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Factor extraction
part out to  ...
(extract_secret_x): new.  Allow for x-only coordinate.
(pk_ecdh_encrypt_with_shared_point): Change arg shared_mpi
to (shared,nshared).  Move param check to the top.  Add extra safety
check.
(pk_ecdh_decrypt): Adjust for change.
* g10/pkglue.c (get_data_from_sexp): New.
(pk_encrypt): Use it for "s" and adjusted for changed
pk_ecdh_encrypt_with_shared_point.
* g10/pubkey-enc.c (get_it): Remove conversion to an MPI and call
pk_ecdh_decrypt with the frame buffer.
--

Backported-from-master: f129b0e97730b47d62482fba9599db39b526f3d2)
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-04 11:51:34 +02:00
Werner Koch
b410c95fe9
build: Silence two compiler warnings.
--
2021-05-04 10:45:30 +02:00
Werner Koch
22fe23f46d
gpg: Fix mailbox based search via AKL keyserver method.
* g10/keyserver.c (keyserver_import_name): Rename to ...
(keyserver_import_mbox): this.  And use mail search mode.
* g10/getkey.c (get_pubkey_byname): Change the two callers.
--

In contrast to a search via keyserver_import_ntds the older
keyserver_import_name used a full match of the provided name despite
that it is only called with an addr-spec (mbox).  Due to the mode the
pattern send to dirmngr was prefixed with a '=' and thus dirmngr used
an exact search;.  This did only work for provided user ids like
"foo@example.org" but not for "<foo@example.org>" or
"Foo <foo@xample.org>".  The old code dates back to 2010.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4fcfac6feb2a6c2b14883ba406afc917e8d4be42)
2021-05-04 10:23:20 +02:00
Werner Koch
e7251be84c
gpg: Auto import keys specified with --trusted-keys.
* g10/getkey.c (get_pubkey_with_ldap_fallback): New.
* g10/trustdb.c (verify_own_keys): Use it.

(cherry picked from commit 100037ac0f558e8959fc065d4703c85c2962489e)
2021-05-04 10:21:14 +02:00
Werner Koch
e53f603728
gpg: Allow decryption w/o public key but with correct card inserted.
* agent/command.c (cmd_readkey): Add option --no-data and special
handling for $SIGNKEYID and $AUTHKEYID.
* g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
output.
* g10/skclist.c (enum_secret_keys): Automagically get a missing public
key for the current card.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 50293ec2ebf2a997dbad9a47166d694efcc0709a)
2021-05-04 10:06:57 +02:00
Werner Koch
2af217ecd7
gpg: Allow fingerprint based lookup with --locate-external-key.
* g10/keyserver.c (keyserver_import_fprint_ntds): New.
* g10/getkey.c (get_pubkey_byname): Detect an attempt to search by
fingerprint in no_local mode.
--

See the man page.  For testing use

  gpg --auto-key-locate local,wkd,keyserver --locate-external-key  \
    FINGERPRINT

with at least one LDAP keyserver given in dirmngr.conf.  On Windows
"ntds" may be used instead or in addtion to "keyserver".

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ec36eca08cdbf6653e7362e8e0e6c5f2c75b4a60)
2021-05-03 20:53:15 +02:00
Werner Koch
b59af0e2a0
gpg: Lookup a missing public key of the current card via LDAP.
* g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
key from the current card via LDAP.
* g10/call-dirmngr.c: Include keyserver-intetnal.h.
(gpg_dirmngr_ks_get): Rename arg quick into flags.  Take care of the
new LDAP flag.
* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
Replace the use of the value 1 for the former quick arg.
(KEYSERVER_IMPORT_FLAG_LDAP): New.
* g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
length.
* dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
* dirmngr/server.c (cmd_ks_get): Add option --ldap.
--

This change makes it easy to start working with gnupg: Just insert the
smartcard or token provided to you and the first time you sign a
message the public key associated with the current card will be
imported and everything is set without any configuration.

This works only with an LDAP directory because it can be expected that
the public key has been put into the LDAP during card personalization.
Of course an LDAP server needs to be configured; in a Windows AD
domain this can be a mere "keyserver ldap:///" in dirmngr.conf.  Other
configured keyservers are ignored.

Requirements for the card driver: The $SIGNKEYID attribute must exists
and a query for the KEY-FPR attribute needs to return the OpenPGP
fingerprint for that key.  This is currently supported for OpenPGP
cards and certain PKCS#15 cards.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d7e707170fbe2956deb3d81e2802d21352079722)
2021-05-03 20:28:33 +02:00
Werner Koch
79f5ffb1ad
gpg: Minor restructuring of a function.
--

This is for easier reading and future changing.

(cherry picked from commit d984de172c29cd9a56e3a397bdb573519ff74e92)
2021-05-03 20:22:47 +02:00
Werner Koch
26a024057d
gpg: No warning in quiet mode for S2K mode 0.
--
2021-04-29 19:51:39 +02:00
Werner Koch
5b8593135f
common: Extend the openpgp_curve_to_oid function.
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--

In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.

(cherry picked from commit 24095101a5069f15a9aea7512498ac436a76814a)
2021-04-29 12:57:00 +02:00
Werner Koch
1303b0ed84
gpg: Do not use self-sigs-only for LDAP keyserver imports.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--

I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are.  Thus we
can allow the import of key signature from LDAP keyservers by default.

GnuPG-bug-id: 5387
2021-04-13 14:50:05 +02:00
Werner Koch
18551c6dc2
gpg: Fix new pseudo option compliance_de_vs
* g10/gpg.c (gpgconf_list): Take opt.compliance also in account.
--

This makes it a one-stop check.
2021-04-06 09:30:24 +02:00
Werner Koch
9feffc03f3
gpgconf: Return a new pseudo option compliance_de_vs.
* tools/gpgconf-comp.c (gc_options_gpg): Add "compliance_de_vs".
* g10/gpg.c (gpgconf_list): Return that pseudo option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-01 13:19:10 +02:00
Werner Koch
87d7b7e075
gpg: New option --force-sign-key
* g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
(main): Set it.
* g10/options.h (opt): New flag flags.force_sign_key.
* g10/keyedit.c (sign_uids): Use new flag.
--

GnuPG-bug-id: 4584
2021-03-11 11:32:00 +01:00
Nicolas Fella via Gnupg-devel
0441ed6e1c
gpg: Keep temp files when opening images via xdg-open
* g10/photoid.c (get_default_photo_command): Change parameter for
xdg-open.
--

xdg-open spawns the user's preferred image viewer and then exits.
Therefore we must not remove the temp file when it exits,
otherwise by the time the actual image viewer is started the file
doesn't exist any more.

Signed-off-by: Nicolas Fella <nicolas.fella@gmx.de>
2021-03-01 09:47:21 +01:00
Werner Koch
6e258babe7
Include the library version in the compliance checks.
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--

This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant.  GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 90c514868ff5fcf6d39490d4874ac3a31ba9e85f)
2021-01-28 16:01:53 +01:00
Werner Koch
9037be5f40
gpg: Fix ugly error message for an unknown symkey algorithm.
* g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
algorithm.
--

Trying to encrypt data created with

 printf "\x8c\x49\x05\x0e\x0a\x03\x01"

fails in version 2.2.19 with

 gpg: packet(3) with unknown version 5

but with later versions with

  gpg: encrypted with unknown algorithm 14
  gpg: Ohhhh jeeee: ... this is a bug \
       ([...]/passphrase.c:433:passphrase_to_dek)

so we better catch this case earlier.

Reported-by: Tavis Ormandy
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-27 11:45:33 +01:00
Werner Koch
9f37d3e6f3
gpg: Fix --gpgconf-list case with no conf files at all.
* g10/gpg.c (get_default_configname): Remove unused function.
(main): Provide a proper filename to gpgconf_list.
--

With the new option pasrer we used "UNKOWN" in this case.  The problem
was that gpgconf --list-options chekcs that an absolute file is
provided and thus bails out if no config file is in /etc/gnupg or in
~/.gnupg/.

get_default_configname was not anymore in use because its function is
part of the new option parser.
2021-01-08 14:09:59 +01:00
Werner Koch
83e875a2d1
gpg: Initialize a variable even in a never used code path.
* g10/sign.c (write_signature_packets): Init ERR.
--

Actually we could also remove the conditional or replace it by a
log_assert.

GnuPG-bug-id: 5204
2020-12-23 16:06:09 +01:00
Werner Koch
8a2e5025eb
gpg: Fix --trusted-key with fingerprint arg.
* g10/trustdb.c (tdb_register_trusted_key): Take care of that
other constant.
--

Fixes-commit: 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-18 17:10:01 +01:00
Werner Koch
9e8d299e18
Merge branch 'wk/stable-2.2-global-options' into STABLE-BRANCH-2-2
--
2020-12-18 11:23:01 +01:00
Werner Koch
559efd23e9
gpg: New AKL method "ntds"
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
support for KEYDB_SEARCH_MODE_MAIL.
(ks_ldap_get): Add a debug.
* g10/options.h (AKL_NTDS): New.
* g10/keyserver.c (keyserver_import_ntds): New.
(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
* g10/getkey.c (parse_auto_key_locate): Support "ntds".
(get_pubkey_byname): Ditto.
2020-12-17 18:19:01 +01:00
Werner Koch
c28cb5282b
dirmngr: Store all version 2 schema attributes.
* g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
* dirmngr/ks-engine-ldap.c (extract_attributes): Add args
extract-state and schemav2.  Add data for the new schema version.
remove the legacy code to handle UIDs in the "pub" line.
(ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from 2.3
2020-12-17 11:08:31 +01:00
Werner Koch
0e88c73bc9
dirmngr: Do not store the useless pgpSignerID in the LDAP.
* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
pgpSignerID.
* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
--

The pgpSignerID has no use in the LDAP and thus don't store it.
David's idea back in 2004 was
              /* This bit is really for the benefit of people who
                 store their keys in LDAP servers.  It makes it easy
                 to do queries for things like "all keys signed by
                 Isabella".  */
See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5

I consider this dangerous because such a query is not able to validate
the signature, does not get revocation signatures, and also has no
information about the validity of the signatures.  Further many keys
are spammed tehse days with faked signatures and it does not make
sense to blow up the LDAP with such garbage.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 11:02:49 +01:00
Werner Koch
a028f24136
Backport of the new option parser from 2.3
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* common/argparse.c, common/argparse.h: Rewrite.
* tests/gpgscm/main.c: Switch to the new option parser.

* g10/gpg.c: Switch to the new option parser and enable a global conf
file.
* g10/gpgv.c: Ditto.
* agent/gpg-agent.c: Ditto.
* agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c: Ditto.
* scd/scdaemon.c: Ditto.
* dirmngr/dirmngr.c: Ditto.
* dirmngr/dirmngr_ldap.c: Ditto
* dirmngr/dirmngr-client.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto.  Do not force verbose mode.
* sm/gpgsm.c: Ditto. Add option --no-options.
--

This is backport from master

commit cdbe10b762f38449b86da69076209324b0c99982
commit ba463128ce65a0f347643f7246a8e097c5be19f1
commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59

but without changing all functions names to gpgrt.  Instead we use
wrapper functions which, when building against old Libgpg-error
versions, are implemented in argparse.c using code from the current
libgpg-error.  This allows to keep the dependency requirement at
libgpg-error 1.27 to support older distributions.  Tested builds
against 1.27 and 1.40-beta.

Note that g13-syshelp does not anymore default to --verbose because
that can now be enabled in /etc/gnupg/g13-syshelp.conf.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-04 12:12:20 +01:00
Werner Koch
5d98f95aa9
gpg: Provide better diagnostic for replaced card keys.
* agent/divert-scd.c (divert_pksign): Add arg 'grip'.  Replace OPENPGP
key reference to keygrips.
(divert_pkdecrypt): Ditto.
* agent/protect.c (parse_shadow_info): Trim spaces.
* agent/pkdecrypt.c (agent_pkdecrypt): Pass the keygrip.
* agent/pksign.c (agent_pksign_do): Ditto.

* g10/mainproc.c (print_pkenc_list): Print extra info for an invalid
id error.
* g10/sign.c (do_sign): Ditto.
--

Using the keygrip instead of the identifier works on OpenPGP cards and
thus we use that to make sure that we are working on the right card.
For other cards we better don't do that to avoid regressions.  Those
other cards are also usually provided and do not allow to
self-generate the keys.

Note that old versions of the code (gpg 1.4) used the fingerprint as
additional check but that was eventually removed and now that we use
the keygrip all over the place, it is best to use this to identify a
key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-13 16:06:59 +01:00
Werner Koch
aeed0b93ff
gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.
* g10/keydb.h (pref_hint): Change from union to struct and add field
'exact'.  Adjust callers.
* g10/pkclist.c (algo_available): Take care of the exact hint.
* g10/sign.c (sign_file): Fix indentation.  Rework the hash from
recipient prefs.
--

This fixes a encrypt+sign case like: One recipient key has SHA512 as
highest ranked hash preference but the the signing key is a 256 bit
curve.  Because we don't want to use a truncated hash with ECDSA, we
need to have an exact match - this is in particular important for
smartcard which check that the hash matches the curves.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-13 16:02:00 +01:00
Werner Koch
966fe1e9d9
gpg: Support brainpool keygen with "key from card".
* g10/keygen.c (ask_algo): Add brainpool hack in the same as for Nist
curves.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-11 14:52:32 +01:00
Werner Koch
163e4ff195
w32: Support Unicode also for config files etc.
* common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed.   Use
new function in most places where fopen is used.
--

The config files in 2.2 are still read using fopen - we need to change
this to allow Unicode directory names.  There is also one case where
files are written using the old fopen.  The new option parser in 2.3
does not have this problem but at some places fopen is also still used.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-10 12:09:11 +01:00
Werner Koch
7f765a98fd
card: Run factory-reset in locked stated.
* scd/command.c (reset_notify): Add option --keep-lock.
(do_reset): Add arg keep_lock.
(cmd_lock): Send progress status.
* g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
* g10/card-util.c (send_apdu): Ditto.
(factory_reset): Use lock commands.
--

This is required so that for example Kleopatra does not detect the
RESET and issues a SERIALNO of its own, thus conflicting with our
SERIALNO undefined.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09 13:04:38 +01:00
Werner Koch
21d5323f5d
gpg: Fix recent commit for weak digest algos and smartcards.
* g10/sign.c (sign_file): Fix condition.
--

Fixes-commit: 4c181d51a6f1fd05b7f190a18769ba5e9f892f6a
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09 12:21:27 +01:00
Ben Kibbey
f05d1772c4
gpg: Add canceled status message.
* common/status.h (STATUS_CANCELED_BY_USER): New.
* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
instead of STATUS_MISSING_PASSPHRASE when canceled is set.
--

This is to prevent further pinentry tries when the pinentry is canceled
by the user during symmetric decryption.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
(cherry picked from commit 31e47dfad0f40e31e8b3113b933696e8e4105136)
2020-11-09 11:53:33 +01:00
Werner Koch
c373735e79
gpg: Do not print rejected digest algo notes with --quiet.
* g10/misc.c (print_digest_rejected_note): Do not print in quiet mode.
(print_sha1_keysig_rejected_note): Ditto.
--

GnuPG-bug-id: 4893
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e08e1d62d089a154ec5d7c80cd58e8e3b18d2d6b)
2020-11-09 08:34:24 +01:00
Werner Koch
6fe5c8c06e
common: Fix duplicate implementation of try_make_homedir.
* g10/openfile.c (try_make_homedir): Move core of the code to ...
* common/homedir.c (gnupg_maybe_make_homedir): new.
* sm/keydb.c (try_make_homedir): Implement using new function.

* common/homedir.c: Include i18n.h.
* po/POTFILES.in: Add common/homedir.c.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-04 16:25:57 +01:00
Werner Koch
166e779634
gpg: Switch to AES256 for symmetric encryption in de-vs mode.
* g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs
mode.
* g10/encrypt.c (setup_symkey): Add extra compliance check.
(encrypt_simple): Avoid printing a second error oncplinace failure.
--

Because we used the RFC4880 mode as base for the de-vs mode we got
3DES as symmetric encryption algorithm.  With the default gnupg mode
that was already used.  The new extra compliance checks are added to
detect whether a --personal-cipher-preference or --cipher-algo option
tried to override the algorithms.  They are still possible but now
non-compliant algorithms will throw an error.

Manual testing can be done with commands like this:

  gpg --no-options --compliance=de-vs \
   --personal-cipher-preferences "S1 S7" \
   --pinentry-mode loopback -v --passphrase abc -ac </etc/motd

Here the command fails due to IDEA (S1) being the preferred cipher
algorithm.  Using "--s2k-digest-algo SHA1" instead of
--personal-cipher-preferences will also fail.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1f2a6d9f71cf50318f4891c84aeedb975553896)
2020-11-03 15:42:59 +01:00
Werner Koch
f007d79533
gpg: Allow setting notations with the empty string as value.
* g10/misc.c (pct_expando): Catch special case of the empty string.
Also map a NULL to the empty string.
* g10/photoid.c (show_photos): Make an empty string used as command
fail.
--

This patch also fixes a segv when calling gpg wrongly like

  gpg -N \-foo@example.org

GnuPG-bug-id: 5117
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-02 17:48:39 +01:00
Werner Koch
4c181d51a6
gpg: Do not use weak digest algos if selected by recipient prefs.
* g10/misc.c (is_weak_digest): New.
(print_digest_algo_note): Use it here.
* g10/sig-check.c (check_signature_end_simple): Use it.
* g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
the least of weak digest algorithm.
--

If a message is signed and encrypted to several recipients, the to be
used digest algorithm is deduced from the preferences of the
recipient.  This is so that all recipients are able to check the the
signature.  However, if the sender has a declared an algorithm as
week, that algorithm shall not be used - in this case we fallback to
the standard way of selecting an algorithm.

Note that a smarter way of selecting the algo is to check this while
figuring out the algorithm - this needs more testing and thus we do it
the simple way.

Reported-by: Phil Pennock
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 15746d60d492f5792e4a179ab0a08801b4049695
2020-11-02 17:48:02 +01:00
Ingo Klöcker
8a94142808 gpg: Fix iteration over signatures
* g10/keyedit.c (keyedit_quick_revsig): Take signature of correct node
--

GnuPG-bug-id: 5093
(cherry picked from commit db3854f55c91ca9c34cf6a306081c3709798db3d)
2020-10-30 15:52:16 +01:00
Werner Koch
7ec56b0336
gpg: New command --quick-revoke-sig
* g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
(opts): Add --quick-revoke-sig.
(main): Implement.
* g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and
adjust all callers.
(keyedit_quick_revsig): new.
* g10/revoke.c (get_default_sig_revocation_reason): New.
* g10/keylist.c (cmp_signodes): New.
--

GnuPG-bug-id: 5093
Backported-from-master: 243f9176e799b2328f2e5bed93099bfc474fdc5a
2020-10-28 18:10:01 +01:00
Werner Koch
fc0fc4c2d3
g10,sm: Use gnupg_access at two more places.
--
2020-10-26 12:36:38 +01:00
Werner Koch
157030271f
Replace all calls to stat by gnupg_stat.
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--

Yet another wrapper for Unicode support on Windows.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 18e5dd7b03ced51611c9ba1345cf498a0aaf14a6)
2020-10-23 11:15:59 +02:00
Werner Koch
86e52e3c33
Replace most calls to open by a new wrapper.
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New.  Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--

This is yet another step for full Unicode support on Windows.

GnuPG-bug-id: 5098
(cherry picked from commit 4dcef0e17836e8725c31a3b76f2bf7144345c808)
2020-10-23 10:02:25 +02:00
Werner Koch
5c6e9b44cc
Replace most of the remaining stdio calls by estream calls.
--

We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change.  At a
very few places we keep using stdio (for example due to the use of
popen).

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 390497ea115e1aca93feec297a5bd6ae7b1ba6dd
2020-10-21 21:09:38 +02:00
Werner Koch
dd5fd4a760
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
(cherry picked from commit c94ee1386e0d5cdac51086c4d5b92de59c09c9b5)
2020-10-21 20:49:18 +02:00
Werner Koch
c81f02c959
w32: Add manifest files to most binaries
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-02 17:04:12 +02:00
Werner Koch
6ce8fdc4b2
gpg: Initialize a parameter to silence valgrind.
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--

In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter.  Thus there should be no
problem because the assert call check s buffer first.  For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable.  That does not happen with our
log_assert.  Tested with gcc 8.3.0 and valgrind 3.14.0.
2020-09-04 11:24:34 +02:00