1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

9013 Commits

Author SHA1 Message Date
Werner Koch
3dc39add6a
gpg: Do not continue the export after a cancel for the primary key.
* g10/export.c (do_export_one_keyblock): Handle a cancel for the
primary key special.
--

GnuPG-bug-id: 6093
(cherry picked from commit 49d16f4f6edf872babf04ae383974d891871a33b)
2023-08-25 15:37:16 +02:00
Werner Koch
8dd30e27e2
dirmngr: Extend the AD_QUERY command.
* dirmngr/server.c (cmd_ad_query): Add options --help and --subst.
(cmd_getinfo): Add sub-command "sid".
* dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New.
* dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New.
(getval_for_filter): New.
(map_rid_to_dn): New.
(ks_ldap_query): Support variables.
--

The new variables features makes it easier to write AD queries without
requiring domain specific expressions.

(cherry picked from commit 207c99567ced260aab04c471c77f179943d492f4)
2023-08-25 14:50:17 +02:00
Werner Koch
eeda4ef7d2
common: New function substitute_vars.
* common/stringhelp.c (substitute_envvars): Factor code out to
(substitute_vars): new.
(subst_getenv): New.
--

This is a generalized version of substitute_envvars.

(cherry picked from commit 7b7fdf45e5d8b3b066c5efbf6ec872e1249f3a24)
2023-08-25 14:41:35 +02:00
Werner Koch
159fb5cdbb
dirmngr: Fix LDAP time parser.
* dirmngr/ldap-misc.c (rfc4517toisotime): Correct index.
--

Obviously the parser assumes the standard ISO format with the 'T'
before the hour.  That is not correct here.  We need this parser for
the modifyTimestamp thingy.
2023-08-25 14:35:56 +02:00
Werner Koch
bdc69f73a4
dirmngr: Return modifyTimestamp and add server option --newer.
* dirmngr/server.c (cmd_ks_get): Add option --newer.
(cmd_ad_query): Ditto.
* dirmngr/ldap-misc.c (isotime2rfc4517): New.
(rfc4517toisotime): New.
* dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on.
(ks_action_query): Ditto.
* dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record.
(ks_ldap_get): Add arg newer.  Modify filter with newer arg.
(ks_ldap_search): Print the modifyTimestamp.
(ks_ldap_query): Add arg newer.  Modify filter with newer arg.
--

Note that the modifyTimestamp is also available on Windows, where its
value is more commonly known as whenChanged.  Both are constructed
attributes.

Note that the --newer option is a bit of a misnomer because LDAP has
only a greater-or-equal and no greater-than operator.

(cherry picked from commit 56d309133f0e54ac5e2f95871fb74f8cb97e2636)
2023-08-25 14:34:33 +02:00
Werner Koch
2a3bad5985
dirmngr: New command AD_QUERY.
* dirmngr/dirmngr.h: Include name-value.h
(struct server_control_s): Add rootdse and rootdse_tried.
* dirmngr/dirmngr.c (dirmngr_deinit_default_ctrl): Release them.
* dirmngr/ks-engine.h (KS_GET_FLAG_ROOTDSE): Add two new flags.
* dirmngr/ks-engine-ldap.c: Include ks-action.h
(SERVERINFO_GENERIC): New.
(struct ks_engine_ldap_local_s): Add scope.
(ks_ldap_new_state): Set a default scope.
(ks_ldap_clear_state): Ditto.
(my_ldap_connect): Add flag generic.
(return_all_attributes): New.
(fetch_rootdse): New.
(basedn_from_rootdse): New.
(ks_ldap_get): Move some code out to ...
(ks_ldap_prepare_my_state): New.
(ks_ldap_query): New.
* dirmngr/ks-action.c (ks_action_parse_uri): Factored out from server.c
(ks_action_query): New.
* dirmngr/server.c (make_keyserver_item): Factored most code out to
ks_action_parse_uri.
(cmd_ad_query): New.

* dirmngr/ks-engine-ldap.c (no_ldap_due_to_tor): New common error
printing.  Now also with status line.
--

This command allows to query the Windows Active directory.

(cherry picked from commit 625aeb65b0e75192a414fdca5383cb67c996adee)

no_ldap_due_to_tor has been backported from 2.4
2023-08-25 14:23:39 +02:00
Werner Koch
944479e21d
gpg: Return ERROR status for --quick-sign-key.
* g10/keyedit.c (keyedit_quick_sign): Return an error status line.
--
2023-07-05 14:51:13 +02:00
Werner Koch
a6dad932f4
sm: Complete rewrite of the PKCS#12 parser
* sm/minip12.c: Reworked most of the parser.
(p12_set_verbosity): Add arg debug and change all callers.

* sm/t-minip12.c: New.
* sm/Makefile.am (module_maint): Add it.

* tests/samplekeys/Description-p12: New.
* tests/samplekeys/t5793-openssl.pfx: New from T5793.
* tests/samplekeys/t5793-test.pfx: Ditto.
* tests/samplekeys/Description-p12: Add them.
* tests/Makefile.am (EXTRA_DIST): Add samplekeys.
--

GnuPG-bug-id: 6536
Backported_from: 101433dfb42b333e48427baf9dd58ac4787c9786
Backported_from: 5f694dc0be994e8cd3bc009139d1349f3b1fcf62
2023-07-05 14:21:16 +02:00
Werner Koch
1b4247e010
sm: Remove duplicated code.
* sm/minip12.c (struct tag_info): Change type of length and nhdr.
(dump_tag_info): Adjust.
(parse_tag): Re-implement using the parse_ber_header.
2023-07-05 12:14:35 +02:00
Werner Koch
67d57fae3f
wks: Make --add-revocs the default.
* tools/gpg-wks-client.c (opt): New option --no-add-revocs.
(main): Make --add-revocs the default.

(command_send): Rename to ...
(command_create): to match the command name.
2023-07-05 12:12:46 +02:00
Werner Koch
505e770b4c
wks: Use export-clean for --mirror and --create.
* tools/wks-util.c (wks_get_key): Change from export-minimal to
export-clean
--

To properly work with tusted introducers et al. it is important to also
upload valid key signatures to the Web Key Directory.
2023-07-05 12:12:38 +02:00
Werner Koch
ed92b45c47
dirmngr: New option --ignore-crl-extensions.
* dirmngr/dirmngr.c (oIgnoreCRLExtension): New.
(opts): Add --ignore-crl-extension.
(parse_rereadable_options): Add to list/
* dirmngr/dirmngr.h (opt): Add ignored_crl_extensions.
* dirmngr/crlcache.c (crl_cache_insert): Implement option.
--

This option is is useful for debugging problems with new CRL
extensions.  It is similar to --ignore-cert-extension.

GnuPG-bug-id: 6545
2023-07-05 12:12:18 +02:00
Werner Koch
24a9c77f36
gpgsm: Support SENDCERT_SKI for --call-dirmngr
* sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI.

* dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with
the unknown OID nortice.
2023-07-05 12:11:03 +02:00
Werner Koch
ff81ded48d
dirmngr: New dummy option --compatibility-flags.
* dirmngr/dirmngr.c (oCompatibilityFlags): New.
(opts): Add option --compatibility-flags.
(compatibility_flags): New.
(parse_rereadable_options): Parse them.
2023-07-05 12:10:29 +02:00
Werner Koch
47cce2020d
gpgtar: New option --no-compress.
* tools/gpgtar.c: Add option --no-compress.
* tools/gpgtar.h (opt): Add field no_compress.
* tools/gpgtar-create.c (gpgtar_create): Pass -z0 to gpg.
--

This option is probably easier to remember than --gpg-args '-z0'.
2023-07-05 12:05:57 +02:00
Werner Koch
0bed46cae2
gpg: New option --no-compress as alias for -z0. 2023-07-05 12:05:35 +02:00
Werner Koch
bd545346b5
gpgsm: New option --input-size-hint.
* sm/gpgsm.c (oInputSizeHint): New.
(opts): Add "--input-size-hint".
(main): Set option.
* sm/server.c (option_handler): Add option "input-size-hint".
* sm/gpgsm.h (struct server_control_s): Add field input_size_hint.
* sm/encrypt.c (gpgsm_encrypt): Set the toatl file size.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--

This option allows to set a value for the progress output line.  Note
that as of now there is no other way to set the file size.

GnuPG-bug-id: 6534
2023-07-05 12:04:08 +02:00
Werner Koch
ce0d3238f0
gpgsm: Print PROGRESS status lines.
* common/ksba-io-support.c (struct writer_cb_parm_s): Add field
progress.
(struct gnupg_ksba_io_s): Add field is_writer.
(update_write_progress): New.
(base64_writer_cb, plain_writer_cb): Call update_write_progress.
(base64_finish_write): Ditto.
(gnupg_ksba_create_writer): Set is_writer.
(gnupg_ksba_set_progress_cb): New.
(gnupg_ksba_set_total): New.
* common/ksba-io-support.h (gnupg_ksba_progress_cb_t): New type.
* sm/server.c (gpgsm_status2): Return error from statusfp writes.
(gpgsm_progress_cb): New.
* sm/decrypt.c (gpgsm_decrypt): Set progress handler.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--

GnuPG-bug-id: 6534

Backported-from: c58067415fe93fbd5d3de2594ccca4761ad25103
Backported-from: a88aeee12990478c218abff7f38728e47ee824bc
2023-07-05 12:02:33 +02:00
Werner Koch
1b60aab2c4
gpg: Make progress work for large files on Windows.
* common/iobuf.c (iobuf_get_filelength): Change return type to
uint64_t and remove the overflow args.  For Windows always use
GetFileSizeEx which is available since the long EOL-ed Windows XP.

* g10/sign.c (write_plaintext_packet): Adjust for changed
iobuf_get_filelength.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto.
* g10/photoid.c (generate_photo_id): Ditto.  Also add an upper limit.

* g10/filter.h (progress_filter_context_t): Change amount values to
use uint64_t.
* g10/progress.c (write_status_progress): Change accordingly.

--
GnuPG-bug-id: 6534

Backported-from: 808494b48577c2efb894a0877f59d9c4ed664f56
2023-07-05 11:30:16 +02:00
Werner Koch
8425cdcc8e
gpg: Print status line and proper diagnostics for write errors.
* common/iobuf.c (file_filter): Improve diagnostics.
* g10/build-packet.c (do_plaintext): Make sure to cache all error
cases.
--

GnuPG-bug-id: 6528
2023-07-05 11:15:55 +02:00
Werner Koch
51e44da6fa
w32: Map ERROR_FILE_INVALID to EIO.
* common/sysutils.c (map_w32_to_errno): Add mapping.
--

We see this error sometimes when writing to an USB connected disk.
2023-07-05 11:13:20 +02:00
Werner Koch
8613230602
gpg: Set default expiration date to 3 years.
* g10/keygen.c (default_expiration_interval): Change.
--

This is a revision of
GnuPG-bug-id: 2701
2023-07-05 11:12:56 +02:00
Werner Koch
5825daaf11
speedo: Do not fail if osslsigncode verify can't be run.
--
2023-07-05 11:10:01 +02:00
zhangguangzhi
3efd005285
kbx: Close file handle when return.
* kbx/keybox-dump.c (_keybox_dump_find_dups): Close FP on the error
paths.

--

GnuPG-bug-id: 6495
Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>
2023-06-20 09:21:10 +09:00
zhangguangzhi
96e3579f6d
delete redundant characters
--

GnuPG-bug-id: 6482
Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>
2023-06-20 09:06:30 +09:00
Werner Koch
0d223fa9b0
sm: Emit STATUS_FAILURE for non-implemented commands.
* sm/gpgsm.c (main): Do it here.
2023-05-26 15:55:59 +02:00
Werner Koch
ea28689547
gpgtar: Emit FAILURE status line.
* tools/gpgtar.c (main): Write status line before exit.
--

Due to the new way we support gpgtar in GPGME we need status lines to
detect a final error.

GnuPG-bug-id: 6497
2023-05-26 15:55:54 +02:00
Werner Koch
7cf8c5c291
agent: Fix printed error in findkey.
* agent/findkey.c (agent_write_private_key): Fix error reporting.
2023-05-26 14:20:07 +02:00
NIIBE Yutaka
fe881167c5
agent,w32: Fix resource leak for a process.
* agent/call-scd.c (agent_scd_check_aliveness): Call assuan_set_flag
only for !HAVE_W32_SYSTEM.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-26 10:08:07 +09:00
Werner Koch
a391d8f4be
gpg: Skip keys found via ADSKs.
* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--

If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to.  The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.

This is related to
GnuPG-bug-id: 6504
2023-05-25 16:54:29 +02:00
Werner Koch
625fb54899
w32: Add missing manifests and set a requestedExecutionLevel.
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--

This avoids the use of the VirtualStore uner Windows.

GnuPG-bug-id: 6503

Backported from 2.4; some manifest files already existed in 2.2 but
not in 2.4
2023-05-25 11:10:21 +02:00
NIIBE Yutaka
709ab03bc2
common: Fix parsing ECC key.
* common/sexputil.c (get_ecc_q_from_canon_sexp): Initialize ECC_Q_LEN.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-10 10:09:55 +02:00
NIIBE Yutaka
c40e764108
scd: Fix cmd_apdu on error.
* scd/command.c (cmd_apdu): Fix the code path on error.

--

GnuPG-bug-id: 6476
Reported-by: Robin Krahl
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-10 10:08:27 +02:00
Werner Koch
ed3b285cdc
kbx: For non-Windows use 64k buffers by default instead of 128k.
* kbx/keybox-init.c (DEFAULT_LL_BUFFER_SIZE): New.
--

A simple gpg --check-sigs benchmark showed on Linux a small
performance peak at around 64k (5m52 vs. 6m8 for 128k and 6m33 for
system size).
2023-05-10 10:07:41 +02:00
Werner Koch
69b0fa55f6
kbx: Use custom estream buffering
* kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k
(stream_buffers): New var.
(keybox_set_buffersize): New.
(_keybox_ll_open, _keybox_ll_close): Implement buffering.

* sm/gpgsm.c (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.

* g10/gpg.c: Include keybox.h.
* (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.
--

Commit message from 2.4:

Running a test on Windows using a pubring.kbx with
Total number of blobs:     2098
              openpgp:     1294
                 x509:      803
and a size of 42MiB with

gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul

gives these performance figures using procmon

| N(k) | file events | time(s) |
|------+-------------+---------|
|    0 |     4900000 |      86 |
|   16 |     2456000 |      58 |
|   32 |     1233000 |      43 |
|   64 |      622000 |      37 |
|  128 |      317000 |      32 |
|  256 |      164000 |      31 |
|  512 |       88000 |      30 |

Using _open instead of CreateFile give the same number of file events
but increased the time slight by one second for the measured buffer
size of 64k and 128k.   Benchmarks for gpg have not been conducted.
2023-05-10 10:07:32 +02:00
Werner Koch
0a4ccab3bd
kbx: Use wrapper functions for es_fclose and es_fopen.
* kbx/keybox-defs.h (KEYBOX_LL_OPEN_READ)
(KEYBOX_LL_OPEN_UPDATE, KEYBOX_LL_OPEN_CREATE): New.
* kbx/keybox-init.c (_keybox_ll_open): New.  Replace all keybox use of
es_fopen by this function.
(_keybox_ll_close): New.  Replace all keybox use of es_fclose by this
function.
--

Note that this has not been done for the utilities and the backend-kbx
of keyboxd.
2023-05-10 10:05:34 +02:00
Werner Koch
9526d4f721
kbx: Add extra flags to fopen for use by Windows.
* kbx/keybox-search.c (open_file): Use sysopen and sequential.
* kbx/keybox-update.c (create_tmp_file): Ditto.
(blob_filecopy): Ditto.
(keybox_set_flags): Ditto.
(keybox_delete): Ditto.
(keybox_compress): Ditto.
--

Under Windows "sysopen" requests that direct API calls (CreateFile et
al.) are used instead of the libc wrappers.  This may or may not
improve the performance.

Using "sequential" is a hint to Windows to assume that a file is in
general access in a sequential manner.  This will have an affect only
with a future libgpg-error.
2023-05-10 09:57:10 +02:00
Werner Koch
b73ced9386
gpgsm: Cache the non-existence of the policy file.
* sm/certchain.c (check_cert_policy): Add simple static cache.
--

It is quite common that a policy file does not exist.  Thus we can
avoid the overhead of trying to open it over and over again just to
assert that it does not exists.
2023-05-10 09:52:33 +02:00
NIIBE Yutaka
cfb1c66ef6
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-26 13:43:33 +09:00
NIIBE Yutaka
464e85d435
common: Incorporate upstream changes of regexp.
* regexp/jimregexp.c (regatom): Raise REG_ERR_UNMATCHED_BRACKET when
no matching end bracket.
(regmatch): Fix the end of word check.

--

Original changes:
	Signed-off-by: Steve Bennett <steveb@workware.net.au>

GnuPG-bug-id: 6455
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-04-21 11:57:30 +09:00
Werner Koch
e60544520b
scd,p15: Enforce a min. PIN length for certain cards.
* scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
2023-04-20 12:42:08 +02:00
Werner Koch
3ad4b339b8
common: Fix minor bug in the jimregexp code.
* regexp/jimregexp.c (regatom): Make error checking for stray
backslash at end of the string work.  Check that the pattern class is
closed by a bracket.
--

GnuPG-bug-id: 6455
Co-authored-by: Guldrelokk
2023-04-20 12:28:09 +02:00
Eva Bolten
d9a4517d62
po: Fix in German translation
--
2023-04-06 10:21:52 +02:00
Werner Koch
b349ceedfc
gpg: Take care not to encrypt with OCB in de-vs mode
* g10/encrypt.c (use_aead): In de-vs mode use OCB only if the
compatibility flag ist set.
2023-04-06 09:21:33 +02:00
Werner Koch
04f1d9649c
speedo: Fix regression due to switching from gcc 8.3 to 10.2
* build-aux/speedo.mk (speedo_pkg_zlib_make_args): Use -static-libgcc.
2023-03-28 10:39:35 +02:00
Werner Koch
5e33ae3ab4
build: Remove obsolete --with-regex from autogen.rc
--

We always use the included regex library.  This patch avoids a
warning when building for Windows.
2023-03-27 12:51:46 +02:00
Werner Koch
3ec685d32f
doc: Remove the obsolete VS-NfD.prf
--

The apply-profile thing is not anymore used.
2023-03-27 12:28:53 +02:00
Werner Koch
fc351de879
gpg,gpgsm: Extend the use of allow-ecc-encr and vsd-allow-ocb
* g10/keygen.c (keygen_set_std_prefs): Set OCB only with VSD
compatibility flag.
* sm/certreqgen.c (proc_parameters): All ECC generation only with
allow-ecc-encr.
--
2023-03-24 13:50:37 +01:00
Werner Koch
da04477631
gpgtar: Do not allow the use of stdout for --status-fd
* tools/gpgtar.c (main): Don't allow logging via the Registry.  Forbid
using stdout for status-fd in crypt mode.
--

Without that check a status output would be mixed up with the input to
the internal call of gpg.

Using the Registry key to enable logging is very annoying.
2023-03-15 12:05:45 +01:00
Werner Koch
0045583cd2
gpgtar: Print a result status with skipped files.
* tools/gpgtar.h (struct tarinfo_s): Add new fields.
* tools/gpgtar-extract.c (check_suspicious_name): Add arg info.
(extract_regular): Count files.
(gpgtar_extract): Print stats.
2023-03-15 11:50:34 +01:00