1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

9075 Commits

Author SHA1 Message Date
NIIBE Yutaka
cfb1c66ef6
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-26 13:43:33 +09:00
NIIBE Yutaka
464e85d435
common: Incorporate upstream changes of regexp.
* regexp/jimregexp.c (regatom): Raise REG_ERR_UNMATCHED_BRACKET when
no matching end bracket.
(regmatch): Fix the end of word check.

--

Original changes:
	Signed-off-by: Steve Bennett <steveb@workware.net.au>

GnuPG-bug-id: 6455
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-21 11:57:30 +09:00
Werner Koch
e60544520b
scd,p15: Enforce a min. PIN length for certain cards.
* scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
2023-04-20 12:42:08 +02:00
Werner Koch
3ad4b339b8
common: Fix minor bug in the jimregexp code.
* regexp/jimregexp.c (regatom): Make error checking for stray
backslash at end of the string work.  Check that the pattern class is
closed by a bracket.
--

GnuPG-bug-id: 6455
Co-authored-by: Guldrelokk
2023-04-20 12:28:09 +02:00
Eva Bolten
d9a4517d62
po: Fix in German translation
--
2023-04-06 10:21:52 +02:00
Werner Koch
b349ceedfc
gpg: Take care not to encrypt with OCB in de-vs mode
* g10/encrypt.c (use_aead): In de-vs mode use OCB only if the
compatibility flag ist set.
2023-04-06 09:21:33 +02:00
Werner Koch
04f1d9649c
speedo: Fix regression due to switching from gcc 8.3 to 10.2
* build-aux/speedo.mk (speedo_pkg_zlib_make_args): Use -static-libgcc.
2023-03-28 10:39:35 +02:00
Werner Koch
5e33ae3ab4
build: Remove obsolete --with-regex from autogen.rc
--

We always use the included regex library.  This patch avoids a
warning when building for Windows.
2023-03-27 12:51:46 +02:00
Werner Koch
3ec685d32f
doc: Remove the obsolete VS-NfD.prf
--

The apply-profile thing is not anymore used.
2023-03-27 12:28:53 +02:00
Werner Koch
fc351de879
gpg,gpgsm: Extend the use of allow-ecc-encr and vsd-allow-ocb
* g10/keygen.c (keygen_set_std_prefs): Set OCB only with VSD
compatibility flag.
* sm/certreqgen.c (proc_parameters): All ECC generation only with
allow-ecc-encr.
--
2023-03-24 13:50:37 +01:00
Werner Koch
da04477631
gpgtar: Do not allow the use of stdout for --status-fd
* tools/gpgtar.c (main): Don't allow logging via the Registry.  Forbid
using stdout for status-fd in crypt mode.
--

Without that check a status output would be mixed up with the input to
the internal call of gpg.

Using the Registry key to enable logging is very annoying.
2023-03-15 12:05:45 +01:00
Werner Koch
0045583cd2
gpgtar: Print a result status with skipped files.
* tools/gpgtar.h (struct tarinfo_s): Add new fields.
* tools/gpgtar-extract.c (check_suspicious_name): Add arg info.
(extract_regular): Count files.
(gpgtar_extract): Print stats.
2023-03-15 11:50:34 +01:00
Werner Koch
ed9a420a22
gpgtar: Emit progress status lines in create mode.
* tools/gpgtar.h (opt): Add field status_stream.
* tools/gpgtar.c (main): Set status_stream.
* tools/gpgtar-create.c (global_header_count): Rename to
global_total_files.
(global_written_files): New.
(global_total_data, global_written_data): New.
(struct scanctrl_s): Add field file_count.
(write_progress): New.
(write_file): Add arg skipped_open. Don't bail out immediatly on open
error.  Write progress lines.
(gpgtar_create): Write progress lines.  Print info aout skipped files.
--

GnuPG-bug-id: 6363
(cherry picked from commit f84264e8acf742793c73ce78491cab61fac37051)
2023-03-15 11:28:16 +01:00
Werner Koch
706d557a64
gpg: Delete secret key after "keytocard".
* g10/card-util.c (card_store_subkey): Add arg processed_keys.
* g10/keyedit.c (keyedit_menu): Delete secret key.
--

This used to work using the gpg-agent: learn we called at "save" time.
However, the recent change inhibited the creation of a shadow key by
learn if a regular key still exists.  Now we do an explicit delete key
at save time.  This syncs the behaviour with the description of the
man page.

GnuPG-bug-id: 6378
2023-03-15 09:36:36 +01:00
Werner Koch
2630872cff
scd,openpgp: Switch key attributes between RSA and ECC in writekey.
* common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private
keys.
(pubkey_algo_string): Ditto.
* scd/app-openpgp.c (do_writekey): Switch key attributes
--

The scd WRITEKEY command for OpenPGP cards missed proper support to
aautomagically switch key attributes based on the new key.  We had
this only in GENKEY.

GnuPG-bug-id: 6378
2023-03-14 16:16:40 +01:00
Werner Koch
08cc349114
gpg: Allow no version information of Yubikey
* g10/call-agent.c (learn_status_cb): Set is_v2 always for Yubikeys.
--

GnuPG-bug-id: 5100, 6378
Backported-from-master: 1cd615afe3010d2c3919de489d7c9a78513c8694
2023-03-14 11:28:41 +01:00
Werner Koch
b28d9ff865
agent: Do not overwrite a key file by a shadow key file.
* agent/findkey.c: Remove assert.h and use log_assert all over the
file.
(fname_from_keygrip): Add arg for_new.
(is_shadowed_key): New.
(agent_write_private_key): Rewrite to use read, write to new file,
rename pattern.  Ignore attempts to overwrite a regular key file by a
shadow key file.
(read_key_file): Move all cleanup code to the end of the function.
--

GnuPG-bug-id: 6386
I am not shure whether we should allow overwriting with FORCE set.
2023-03-14 10:09:41 +01:00
Werner Koch
4f754caad8
agent: Make --disable-extended-key-format a dummy option.
* agent/agent.h (opt): Remove enable_extended_key_format.
* agent/gpg-agent.c (enum cmd_and_opt_values): Turn
oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy
options.

* agent/protect.c (do_encryption): Remove arg use_ocb and
corresponding code.
(agent_protect): Ditto.  Change all callers.

* agent/command.c (cmd_readkey): Do not test for key availability here
but defer that agent_write_shadow_key.

* agent/findkey.c (agent_write_private_key): Simplify due to the
removal of disable-extended-key-format.
(write_extended_private_key): Fold into agent_write_private_key.
Remove the maybe_update arg.
(agent_write_shadow_key): Ditto.  Simplify.
--

GnuPG-bug-id: 6386
Backported-from-master: 6d792ae2eb46b3c411d36a87f0d08fbfc1b65cc9
But with large changes to get 2.2 more aligned with master again.  This
is not finished; in particular the bug is not fixed; this comes wit
the next patch.
2023-03-13 12:28:10 +01:00
Werner Koch
db73f17f0c
gpgconf,w32: Also print a GnuPG Install Directory Registry entry
* tools/gpgconf.c (show_other_registry_entries): Add another dir.
2023-03-13 07:45:08 +01:00
NIIBE Yutaka
abcf0116ee
scd: Fix checking memory allocation.
* scd/app-openpgp.c (read_public_key): Fix the memory.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-03-08 11:04:15 +01:00
Ingo Klöcker
37d7ee8b98
agent: Add translatable text for Caps Lock hint
* agent/call-pinentry.c (start_pinentry): Add new default text.
--

GnuPG-bug-id: 4950
(cherry picked from commit b2a6e5b5169602052ae87d38588bdd3bd76fddad)
2023-03-07 14:08:38 +01:00
Werner Koch
e4f61df850
gpg: Implement encryption to ADSKs.
* g10/getkey.c (get_pubkey_fromfile): Add optional arg r_keyblock.
* g10/pkclist.c (find_and_check_key): Also encrypt to RENC subkeys.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
account.
* g10/packet.h (PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/sig-check.c (check_signature_metadata_validity): Handle time
conflict for ADSKs.
--

GnuPG-bug-id: 6395

This patch handles ADSK keys and encrypts to them.  It does not yet
allow the creation of them.  We backport this from master early to get
this part of the code out into the field.
2023-03-03 10:09:47 +01:00
Werner Koch
fde59f9ae6
gpg: Get the signature keyid from the issuer fpr.
* g10/parse-packet.c (parse_signature): Parse the ISSUER_FPR subpacket
and use that to get the keyid.
--

Because ADSKs are created w/o the issuer subpacket (despite that this
is still a v4 signature) we need to get the key id from the
issuer_fpr.  This does not harm and we still fallback to the the
issuer.  Note that for ease of future backporting we also take v5
fingerprints into account.
2023-03-03 10:09:45 +01:00
Werner Koch
202ed9e281
gpg: Support key flags for RENC, TIME, and GROUP.
* g10/packet.h (PUBKEY_USAGE_RENC): New.
(PUBKEY_USAGE_TIME): New.
(PUBKEY_USAGE_GROUP): New.
* g10/getkey.c (parse_key_usage): Set the new key flags.
* g10/keyedit.c (show_key_with_all_names_colon): Show the new key
flags.
* g10/keyid.c (usagestr_from_pk): Ditto
* g10/keylist.c (print_capabilities): Ditto.
* g10/keygen.c (parse_usagestr): Parse line and set new flags.
(quickgen_set_para): Show flags.
--

See draft-koch-openpgp-2015-rfc4880bis-00 for the current version.
Actually these flags have been in the draft for years now.  This patch
is a first step to make use of them.
2023-03-03 09:04:29 +01:00
Werner Koch
a5d9be1e28
gpgconf: Print some standard envvars with -X
* tools/gpgconf.c (show_configs): Add a list of envvars and print
them.
--

Note that for simplicity we to not distinguish between Windows and
Linux here.
2023-02-28 14:43:53 +01:00
Werner Koch
ffc2522855
gpgsm: Improve cert lookup callback from dirmngr.
* sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New.
(FIND_CERT_WITH_EPHEM): New.
* sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a
generic flags arg.  Implement the new flag FIND_CERT_WITH_EPHEM.
* sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked
certs.
--

The dirmngr may need to get a certificate from gpgsm's store in the
course of verifying a CRL.  In some cases the certificate is still
marked as epehemeral - this needs to be returned as well.

This _may_ also fix
GnuPG-bug-id: 4436
2023-02-26 19:11:27 +01:00
Werner Koch
332098a0f7
sm: Fix issuer certificate look error due to legacy error code.
* sm/certchain.c (find_up): Get rid of the legacy return code -1 and
chnage var name rc to err.
(gpgsm_walk_cert_chain): Change var name rc to err.
(do_validate_chain): Get rid of the legacy return code -1.

* sm/keydb.c (keydb_search): Replace return code -1 by
GPG_ERR_NOT_FOUND.
(keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND.
* sm/certchain.c (find_up_search_by_keyid): Ditto.
(find_up_external, find_up, find_up_dirmngr): Ditto.
(gpgsm_walk_cert_chain): Ditto.
(get_regtp_ca_info): Ditto.
* sm/certlist.c (gpgsm_add_to_certlist): Ditto.
(gpgsm_find_cert): Ditto.
* sm/delete.c (delete_one): Ditto.
* sm/export.c (gpgsm_export): Ditto.
(gpgsm_p12_export): Ditto.
* sm/import.c (gpgsm_import_files): Ditto.
* sm/keylist.c (list_cert_colon): Ditto.
(list_internal_keys): Ditto.
* sm/sign.c (add_certificate_list): Ditto.

--

This bug was detected while fixing
GnuPG-bug-id: 4757
Backported-from-master: 473b83d1b9efe51fcca68708580597dddf3f50b7

Some extra code has been taken from
commit ed6ebb696e4063dc664d7ee74fc492025881c459
2023-02-24 17:46:39 +01:00
NIIBE Yutaka
d6aa8bcbbb
scd: Parse "Algorithm Information" data object in scdaemon.
* scd/app-openpgp.c (data_objects): 0x00FA for binary data.
(do_getattr): Parse the data and send it in status lines.
(get_algorithm_attribute_string): New.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: eba2563dabbb4f61537900289fbe3ae113904733
Backported-from-master: 43bbc25b0f57dec24412886ff46041e0b1f3de26
2023-02-17 13:04:09 +01:00
Werner Koch
1915b95ffd
scd:p15: Add pre-check for ascii-numeric PINs.
* scd/app-p15.c (verify_pin): ascii-numeric is different than BCD.

(cherry picked from commit 029924a46e08ffcda038d89f06abfb41c980a9ad)
Added a few typo fixes.
2023-02-17 12:15:08 +01:00
Werner Koch
326f6fa166
scd:p15: Use APP_CARD macro at some other places.
--

This makes back porting easier.
2023-02-17 12:09:57 +01:00
Werner Koch
adf387b3f1
scd: Improve reading of binary records.
* scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the
same as 6b00.
* scd/apdu.c (apdu_get_atr): Modify debug messages.
* scd/app-p15.c (app_select_p15): Print FCI on error.
(read_p15_info): Clean up diag in presence of debug options.
--

Some cards return 6a86 instead of 6b00.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 44f977d0e332e77fb8a775c4837c00118bbe08cb
2023-02-17 12:02:35 +01:00
Werner Koch
88606cc484
scd:p15: Handle cards with bad encoded path objects.
* scd/app-p15.c (read_ef_prkdf, read_ef_pukdf)
(read_ef_cdf, read_ef_aodf): Allow for a zero length path and
correctly skip unsupported auth types.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 7a8545c91b09277b0833dc0e5881ba5d1c8dbca3
2023-02-17 11:38:57 +01:00
Werner Koch
1d6ed0a1b4
gpg: --gen-random code cleanup by using es_set_binary.
* g10/gpg.c (main): Replace setmode by es_set_binary and use only when
needed.
--

It is better to use our es_set_binary than to use a Windows specific
method which still worked but is fragile because estream might be
changed.  We now set binary only when needed.  Note that it does not
harm to call es_set_binary more often than needed.
2023-02-16 13:17:56 +01:00
Werner Koch
af9a1b5599
agent: Do not consider --min-passphrase-len for the magic wand.
* agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets.
* g10/gpg.c (main) <aGenRandom>: Add Level 30.

(cherry picked from commit ae2f1f0785e429d6dbb577a1fcf9a880aaff8e49)
2023-02-16 12:12:55 +01:00
Werner Koch
1d8191faee
gpg: Add level 16 to --gen-random
* g10/gpg.c (main): Add that hack.
--

This is an yet undocumented hack to allow printing hex encoded random
number with gpg.  The level is forced to be 1 which is is good for
almost all uses.  Note that --armor is ignored.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: d847f0651ab4304129145b55353501636b4e4728
2023-02-16 12:05:03 +01:00
Werner Koch
67a2973bf9
gpg: Make "--list-options show-sig-subpackets=n,m" work again.
* g10/gpg.c (parse_list_options): Set value for show-sig-subpackets.
--

Fixes-commit: b6ba7054a04a759ea690c1b1bdc023acd9214fe2
2023-01-31 11:36:32 +01:00
Werner Koch
fbc1813779
gpgtar: Fix parent directory creation bug
* tools/gpgtar-extract.c (extract_directory): Ignore EEXIST on parent
directory creation.
2023-01-26 12:01:12 +01:00
Werner Koch
c66dacb98a
gpgtar: Allow decryption from stdin.
* tools/gpgtar.c (main): Revamp switch and fix usage test for aDecrypt
and aList.
--

GnuPG-bug-id: 6355
2023-01-26 11:58:25 +01:00
NIIBE Yutaka
92e4f856c5
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-01-26 15:20:46 +09:00
Werner Koch
aecebdf705
gpg: Replace --override-compliance-check by a real fix.
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--

The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key.  The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.

Fixes-commit: 773b8fbbe915449c723302f5268d7906b40d84d3
GnuPG-bug-id: 5655
2023-01-20 11:12:13 +01:00
Werner Koch
de292078a5
gpg: Do not require --status-fd along with --require-compliance.
* g10/mainproc.c (check_sig_and_print): Do not check whether status is
enabled when checking compliance.
2023-01-20 11:07:15 +01:00
Werner Koch
6df8a513dc
common: Detect PNG and JPEG file formats.
* common/miscellaneous.c (is_file_compressed): Add detect code.
--

GnuPG-bug-id: 6332
2023-01-19 16:14:31 +01:00
Werner Koch
ce8ffd71b7
gpg: Detect already compressed data also when using a pipe.
* common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature.
(file_filter): Implement peeking.
(iobuf_ioctl): Add new IOBUF_IOCTL_PEEK.
* common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New.
* common/miscellaneous.c (is_file_compressed): Rewrite.  Detect PDF.
* g10/encrypt.c (encrypt_simple): Peek before detecting compression.
(encrypt_crypt): Ditto.
* g10/sign.c (sign_file): Also detect already compressed data.

* g10/options.h (opt): Add explicit_compress_option.
* g10/gpg.c (main): Set opt.explicit_compress_option for -z.

--

Note that this patch also introduces a compression check for signing
which was never done in the past.

GnuPG-bug-id: 6332
Backported-from-master: 60963d98cfd8e60f88ee43c2d992f6dd3bbbd74c

Note that sign.c (sign_file) has been re-indented to ease future
backports.
2023-01-19 16:14:03 +01:00
Werner Koch
ca822a2339
common: Replace all assert in iobuf by log_assert.
--
2023-01-19 16:14:02 +01:00
Werner Koch
417e8588f3
gpgtar: Make --status-fd option for fds > 2 work
* tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in
spawn.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--

Note that this fix does not handle file descripotors passed via the
--gpg-args options.

GnuPG-bug-id: 6348
2023-01-19 16:13:57 +01:00
Werner Koch
841c691128
Update copyright notices
--
2023-01-16 13:25:22 +01:00
Werner Koch
210ba98355
scd:openpgp: Allow auto-changing of the key attributes in genkey.
* scd/app-openpgp.c (struct app_local_s): Add field keyalgo.
(parse_algorithm_attribute): Store the new keyalgo field.
(change_keyattr): Change info message.
(change_keyattr_from_string): Rewrite to also accept a keyref and a
keyalgo string.
(do_genkey): Change the keyattr if a keyalgo string is given.
* scd/command.c (cmd_genkey): Add option --algo.
--

Having this feature makes it easier to use OpenPGP cards in a similar
way to other cards.  Note that the explicit changing via SETATTR is
still supported.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d7d75da50543bc7259c5a6e6367b58cbca7f1b7b)
(cherry picked from commit b349adc5c0d00d2fc405a45bd078f1580b5610cc)
2023-01-13 14:54:23 +01:00
Werner Koch
2e39fed109
common: New function get_keyalgo_string.
* common/openpgp-oid.c (struct keyalgo_string_s): New.
(keyalgo_strings): New.
(keyalgo_strings_size, keyalgo_strings_used): New.
(openpgp_oid_or_name_to_curve): New.
(get_keyalgo_string): New.
--

This function is intended as a more general version of gpg's
pubkey_string function.  It has the advantage to avoid mallocs and
uses static table of algorithm strings instead.  There should be only
a few dozen of such strings (if at all) and thus all those allocations
we do internally in gpg's pubkey_string and the static buffers all
over the place are not too nice.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3a1fa13eedb969b561bae18cd3d7c2fb0b63d6ab)
(cherry picked from commit 332a72f7340895e7db1e9c5f89046f722bb7465b)
2023-01-13 14:54:20 +01:00
Werner Koch
398cec3ac7
scd: Return CARDTYPE, CARDVERSION, and APPVERSION.
* scd/app.c (strcardtype): New.
(app_write_learn_status): Return more info.
(app_getattr): Allow for CARDTYPE.
2023-01-13 13:59:20 +01:00
Damien Goutte-Gattat via Gnupg-devel
6f276fc17b
sm: Support generation of card-based ECDSA CSR.
* sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key
and format resulting S-expression accordingly.
--

Current GpgSM implementation assumes card-based keys are RSA keys.
This patch introduces support for ECDSA keys.

GnuPG-bug-id: 4092
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
(cherry picked from commit 74e9b579ca273fc07be090bb5fb7800a97b1b452)

- Removed already applied changes from the original commit.
- Allow for SHA384 and SHA512

Signed-off-by: Werner Koch <wk@gnupg.org>
2023-01-13 10:31:20 +01:00