1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

8916 Commits

Author SHA1 Message Date
NIIBE Yutaka
1d66b518ca gpg: Fix condition of string_to_aead_algo.
* g10/misc.c (string_to_aead_algo): Only compare if not NULL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-19 15:18:42 +09:00
NIIBE Yutaka
cc0d53905c dns: Fix memory use-after-free.
* dirmngr/dns.c (dns_res_stub): Fix RESCONF usage.

--

Note that this is dead code.  It is for making a static analyzer happy.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-19 15:16:34 +09:00
NIIBE Yutaka
f58d441bee common: Fix iobuf.c.
* common/iobuf.c (iobuf_cancel): Initialize DUMMY.
(do_iobuf_fdopen): Initialize LEN.
(iobuf_read_line): Fix the loop condition.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-19 14:48:06 +09:00
NIIBE Yutaka
f3e424d4e7 Silence compiler warnings.
* common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum
conversion.
* dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from
int to float.
* sm/gpgsm.c (parse_keyserver_line): Initialize ERR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-19 13:21:32 +09:00
NIIBE Yutaka
4fa0a65676 scd: Fix possible uninitialized variables.
* scd/app-openpgp.c (do_change_pin): Initialize resultlen2.
(do_change_pin): Don't call wipe_and_free on the error path.
Initialize bufferlen2.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-19 11:39:22 +09:00
Werner Koch
0da923a124
agent: Allow to pass a timestamp to genkey and import.
* agent/command.c (cmd_genkey): Add option --timestamp.
(cmd_import_key): Ditto.
* agent/genkey.c (store_key): Add arg timestamp and change callers.
(agent_genkey): Ditto.
* agent/findkey.c (write_extended_private_key): Add args timestamp and
new key to write a Created line.
(agent_write_private_key): Add arg timestamp.
(agent_write_shadow_key): Ditto.
 agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-17 15:05:49 +02:00
Werner Koch
6bcb609e1b
Add --chuid to gpg, gpg-card, and gpg-connect-agent.
* g10/gpg.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.  Delay setting of homedir until the new
chuid is done.
* sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
done.
* tools/gpg-card.c (oChUid): New.
(opts): Add --chuid.
(changeuser): New helper var.
(main): Implement --chuid.
* tools/gpg-connect-agent.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
Werner Koch
53d84f9815
gpg: Ignore personal_digest_prefs for ECDSA keys.
* g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
--

GnuPG-bug-id: 5021
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-13 11:19:22 +02:00
Werner Koch
d516ae685e
doc: Add a list of RFCS to DETAIL.
--
2020-08-13 11:00:59 +02:00
Werner Koch
d240b5ac27
tools: Install gpgsplit again
--

We will also set the gpgsplit from 1.4 to noninstall.

GnuPG-bug-id: 5023
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-13 11:00:23 +02:00
Werner Koch
2af884c643
scd: Log info about CCIDs with permission problems.
* scd/apdu.c (open_ccid_reader): Add arg r_cciderr.
(apdu_open_reader): Print a note on EPERM of the USB device.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-12 16:44:22 +02:00
Werner Koch
9a8d7e41bb
scd: Map some error codes from libusb to ccid-driver error codes.
* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
* scd/apdu.h: New SW_HOST error codes.
* scd/apdu.c (host_sw_string): Print them
* scd/ccid-driver.c (map_libusb_error): New.
(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
* scd/iso7816.c (map_sw): Map new codes to gpg-error.
--

This change will help to get low level error conditions from hipher
application code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-12 16:06:49 +02:00
Werner Koch
3944430ffe
common: Pass the WAYLAND_DISPLAY envvar along
* common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.
--
GnuPG-bug-id: 5016

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-12 09:27:08 +02:00
Werner Koch
cbf203801e
scd:piv: Allow signing using PSS.
* scd/app-piv.c (do_sign): Allow for PSS.
--

This has been tested with Scute and Openvpn.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-10 10:22:42 +02:00
Werner Koch
bb096905b9
agent: Add option --pss to pksign to be used by smartcards.
* agent/command.c (cmd_sethash): Add option --pss and allow for
--hash=null.
* agent/agent.h (struct server_control_s): Add digest.is_pss and
zero where needed.
* agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
* scd/command.c (cmd_pksign): Add for --hash=none.
--

This is not a full implementaion of PSS but allows scdaemon card
drivers to detect already PSS formatted data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-10 10:22:42 +02:00
NIIBE Yutaka
373c975859 gpg: Fix trustdb for v5key.
* g10/keydb.h (fpr20_from_pk): New.
* g10/keyid.c (fpr20_from_pk): New.
* g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk.
* g10/trustdb.c (keyid_from_fpr20): New.
(verify_own_keys): Use keyid_from_fpr20.
(tdb_update_ownertrust): Use fpr20_from_pk.
(update_min_ownertrust): Likewise.
(update_validity): Likewise.

--

For the compatibility of existing implementation, we keep the format
of trustdb untouched.  The format of trustdb uses 20-byte fingerprint
for the trust record entry.  To handle both of v4key (with 20-byte
fingerprint) and v5 key (with 32-byte fingerprint), we introduce FPR20
fingerprint, internally.  For v4key, FPR20 is as same as v4
fingerprint.  For v5key, FPR20 is constructed from v5key fingerprint.

GnuPG-bug-id: 5000
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-07 13:02:47 +09:00
NIIBE Yutaka
20982bbd75 gpg: Fix short key ID for v5key.
* g10/keyid.c (keyid_from_pk): Return keyid[0] for v5key.
* g10/keyring.c (keyring_search): Handle short key ID for v5key.

--

GnuPG-bug-id: 5000
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-07 13:02:40 +09:00
Werner Koch
646a30fd39
gpgsm: New option --chuid.
* sm/gpgsm.c (oChUid, opts): New option --chuid.
(main): Implement option.
--

This option will at least be useful for Scute.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-06 16:03:57 +02:00
Werner Koch
d10f45184c
gpgconf: New option --chuid.
* tools/gpgconf.c (oChUid, opts): New option --chuid.
(main): Implement.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-06 16:03:57 +02:00
Werner Koch
8ff00ef0de
common: New helper function gnupg_chuid.
* common/sysutils.c (try_set_envvar): New.
(gnupg_chuid): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-06 16:03:56 +02:00
NIIBE Yutaka
df531848a9 kbx: Support v5key for short kid and long kid.
* kbx/keybox-search.c (has_short_kid): Support v5key.
(has_long_kid): Likewise.

GnuPG-bug-id: 5000
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-06 19:24:49 +09:00
Werner Koch
0774482257
build: Remove expired key of David Shaw from distsigkey.gpg.
--
2020-08-06 11:26:57 +02:00
Werner Koch
d847f0651a
gpg: Add level 16 to --gen-random
* g10/gpg.c (main): Add that hack.
--

This is an yet undocumented hack to allow printing hex encoded random
number with gpg.  The level is forced to be 1 which is is good for
almost all uses.  Note that --armor is ignored.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-05 16:53:34 +02:00
Werner Koch
e7d7092390
sm: Also show the SHA-256 fingerprint.
* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
(list_cert_raw): Print the SHA2 fingerprint.
(list_cert_std): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-04 11:11:22 +02:00
NIIBE Yutaka
8e04cf969e w32: Fix cast from intptr_t of _get_osfhandle.
* common/exectool.c (gnupg_exec_tool_stream): Cast to unsigned long.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-03 13:34:26 +09:00
NIIBE Yutaka
da3a4c54a8 agent: Fix coercion for pinentry_pid handling.
* agent/call-pinentry.c (start_pinentry): Don't use pid_t.

--

When pid_t is 64-bit integer and unsigned long is 32-bit,
it never matches, because left hand side does not fill
upper 32-bit.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-31 17:20:31 +09:00
NIIBE Yutaka
2a34a2afea scd: Silence compiler warning.
* scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-31 17:03:09 +09:00
NIIBE Yutaka
c1f81eb9fc w32: Add NETLIBS for sm/t-minip12.
* sm/Makefile.am (t_minip12_LDADD): Add NETLIBS.

--

GnuPG-bug-id: 4944
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-30 15:01:55 +09:00
NIIBE Yutaka
5fa4427419 w32: More adding NETLIBS.
* common/Makefile.am (t_common_ldadd): Add $(NETLIBS).

--

GnuPG-bug-id: 4994
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-30 14:59:05 +09:00
NIIBE Yutaka
d69f5570ee w32: Add link to $(NETLIB) for -lws2_32.
* dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS).
* sm/Makefile.am (gpgsm_LDADD): Ditto.
* tools/Makefile.am (gpg_wks_client_LDADD): Ditto.

--

GnuPG-bug-id: 4994
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-30 11:34:01 +09:00
NIIBE Yutaka
d17b838921 Revert patches applied wrongly.
--

In the experiment for 4994, and patches were wrongly applied.

Fixes-commit: 46d185f603
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-28 16:57:52 +09:00
NIIBE Yutaka
fa4a2bd7a1 kbx: Fix short KID and long KID handling for FPR32.
* kbx/keybox-search.c (blob_cmp_fpr_part): For FPR32, it's
the first part in the fingerprint.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-27 15:30:20 +09:00
NIIBE Yutaka
daa2cec6a5 scd: Fix closing reader and reeleasing context in PC/SC.
* scd/apdu.c (close_pcsc_reader): Unlock the reader_table_lock.
(apdu_dev_list_finish): Release the context when no readers.

--

Fixes-commit: 46d185f603
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-17 20:42:38 +09:00
NIIBE Yutaka
f484ac2b2d Use gpgrt's new option parser for symcryptrun.
* tools/symcryptrun.c: Follow API change of the new option parser.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-17 15:17:43 +09:00
NIIBE Yutaka
46d185f603 scd: PC/SC: Don't release the context when it's in use.
* scd/apdu.c (close_pcsc_reader): Check if it's not in the loop.

--

GnuPG-bug-id: 4998
Reported-by: Kevin Locke
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-17 11:11:45 +09:00
NIIBE Yutaka
43000b0434 gpg-card: Fix type of historyname.
* tools/gpg-card.c (interactive_loop): Remove const qualifier.

--

Fixes-commit: d70b8769c8
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-17 09:05:26 +09:00
Werner Koch
5c514a274c
gpg: Do not close stdout after --export-ssh-key
* g10/export.c (export_ssh_key): Do not close stdout.
--

stdout should never be closed; this fixes this minor bug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-16 11:31:13 +02:00
NIIBE Yutaka
8abf065307 common: Avoid undefined behavior of left shift operator.
* common/iobuf.c (block_filter): Handle an error earlier.
Make sure it's unsigned.

--

GnuPG-bug-id: 4975
Suggested-by: lutianxiong <lutianxiong@huawei.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-16 11:00:45 +09:00
NIIBE Yutaka
91cb46d948 regexp: Import change from JimTcl.
* regexp/jimregexp.h, regexp/jimregexp.c: Fix from JimTcl.

--

Apply the change in JimTcl:

    commit ac35b8a6ec417f75b5ec86ca64ea1614a8170a38
    Author: Steve Bennett <steveb@workware.net.au>
    Date:   Mon May 4 20:43:46 2020 +1000

    regexp: Improved error message

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-15 09:44:43 +09:00
Werner Koch
5fe3cdfc76
gpgsm: Make rsaPSS a compliant scheme in de-vs mode.
--

GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-14 12:27:45 +02:00
Werner Koch
0a6af6dc12
agent: Fix regression with --newsymkey in loopback mode.
* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
same as with !OPT_NEWSYMKEY.
--

In loopback mode there shall not be any repeat because the caller is
expected to do any confirmation before passing a new passphrase to
gpg.

Fixes-commit: eace4bbe1d
GnuPG-bug-id: 4991
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-14 11:04:23 +02:00
Werner Koch
3e730c55e7
gpg: Reword warning about decryption w/o using a non-encrypt key.
--
2020-07-14 11:01:45 +02:00
NIIBE Yutaka
109d16e8f6 dirmngr: Handle EAFNOSUPPORT at connect_server.
* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.

--

GnuPG-bug-id: 4977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-13 10:03:09 +09:00
NIIBE Yutaka
31ae0718ba gpg: For decryption, support use of a key with no 'encrypt' usage.
* g10/pubkey-enc.c (get_session_key): Don't skip at no PUBKEY_USAGE_ENC.
Emit information the key has no 'encrypt' usage.

--

GnuPG-bug-id: 4246
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-10 10:00:00 +09:00
Werner Koch
b4501fc826
doc: Add news entries from the latest 2.2 releases.
--
2020-07-09 14:46:30 +02:00
Werner Koch
212f9b20b5
gpg: Print a note if no args are given to --delete-key
--

It is a bit surprising that nothing happens if no key is specified to
--delete-key et al.  Although this is common Unix behaviour the use
might have expected that it behaves like --export and deletes all
keys.  Sure we don't do the latter, so a short notice will help.

GnuPG-bug-id: 4959
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-09 11:24:54 +02:00
Werner Koch
999d25d47d
Do not use the pinentry's qualitybar
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--

The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.

Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:54:10 +02:00
Werner Koch
9ee975d588
gpgsm: Replace all assert calls by log_assert.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:40:34 +02:00
Werner Koch
a6a4bbf6de
gpg: Use integrated passphrase repeat entry also for -c.
* g10/call-agent.c (agent_get_passphrase): Add arg newsymkey.
* g10/passphrase.c (passphrase_get): Add arg newsymkey.
(passphrase_to_dek): Pass it on.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:33:25 +02:00
Werner Koch
eace4bbe1d
agent: New option --newsymkey for GET_PASSPHRASE
* agent/call-pinentry.c (agent_get_passphrase): Add arg pininfo.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
--

This new option allows to present a passphrase with the usual repeat
box as it is used by gpg-agent's internal key generation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:20:01 +02:00