1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-29 19:48:43 +01:00
Commit Graph

10648 Commits

Author SHA1 Message Date
Werner Koch
80bd49224e
doc: Minor fix for the description of gpg's --default-*-expire
--
2024-08-29 15:06:05 +02:00
Werner Koch
8896bbd0f9
gpg: Switch Kyber to the final algo id and add it to the menu.
* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8.
* g10/keygen.c (do_generate_keypair): Remove the experimental algo
note ...
(write_keybinding): and the experimental notation data.
(ask_algo): Add a mode 16 for a Kyber subkey.
(generate_subkeypair): Set parameters for mode 16.
--

GnuPG-bug-id: 6815
2024-08-27 10:44:17 +02:00
Werner Koch
1eb382fb1f
gpg: New option --proc-all-sigs
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
2024-08-23 11:28:30 +02:00
Werner Koch
3171ca9b94
gpg: Warn if a keyring is specified along with --use-keyboxd.
* g10/gpg.c (main): Print the warning.
--
GnuPG-bug-id: 7265
2024-08-23 09:19:55 +02:00
Werner Koch
41b06b5579
common: Do not call the agent with the obsolete --use-standard-socket.
* common/asshelp.c (start_new_service): Drop that option.
--

This avoids a useless warnings.
2024-08-22 18:30:51 +02:00
Werner Koch
60c541f588
doc: Remove included yat2m and build HTML versions of the man pages.
* configure.ac (YAT2M): Use standard detection.
* doc/Makefile.am (EXTRA_DIST): Remove yat2m.c.
(CLEANFILES): Ditto.
(yat2m): Remove targets.
(yat2m-stamp): Also build html versions.
2024-08-19 14:00:26 +02:00
Werner Koch
8bef1e2821
gpg: Minor fix when building with --disable-exec
* g10/photoid.c (show_photo): No return for a void function.
--

GnuPG-bug-id: 7256
2024-08-19 10:31:44 +02:00
Werner Koch
1766efbe5e
doc: Add another example for gpg-mail-tube
--
2024-08-16 14:14:20 +02:00
Werner Koch
2f46029bec
tools: Fix bashishm
--

Fixes-commit: 536fc8d33d
2024-08-16 11:12:44 +02:00
Andre Heinecke
3d015d106f
build-aux: Add PKCS#8 authenticode key support
* tools/gpg-authcode-sign.sh: Assume PKCS#8 if the key file
does not end with .p12 or .pfx.

--
Since using encrypted PKCS#12 containers with askpass
is unpractical when signing many files. This adds support
to use an PKCS#8 key for codesigning.
2024-08-15 22:45:06 +02:00
Andre Heinecke
536fc8d33d
build-aux: Add cleanup to gpg-authcode-sign.sh
* tools/gpg-authcode-sign.sh (cleanup): New.

--
When using osslsigncode it does not delete the
output file on error. Errors or cancels there
can happen easily with either timestamp problems
or a wrong password.
Additionally, if an output file exists, osslsigncode
does not write a good error message but shows
some exception.
2024-08-15 22:44:56 +02:00
Andre Heinecke
d80345244c
speedo,w32: Install ntbtls as a library
* build-aux/speedo.mk (AUTHENTICODE_FILES): Sign ntbtls files.
(speedo_pkg_ntbtls_configure): Remove duplicated
32 bit entry.
* build-aux/speedo/w32/inst.nsi,
build-aux/speedo/w32/wixlib.wxs: Package ntblts dll.

--
This changes ntbtls to be built with default options both
on 64 bit and on 32 bit. Previously on 32 bit Windows it
would have been linked statically. But since the file lists
are hardcoded this should be independent of the architecture.
2024-08-13 10:08:52 +02:00
Werner Koch
882ab7fef9
gpg: Improve decryption diagnostic for an ADSK key.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used.  Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--

This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
  "oops: public key not found for preference check\n"
  due to ADSK keys.  The error is mostly harmless but lets gpg return
  with an exit code of 2.
2024-08-12 14:50:08 +02:00
Werner Koch
1d18c143f4
agent: When diverting to a card show the name of unsupported algos.
* agent/divert-scd.c (divert_pkdecrypt): Improve error message.
2024-08-09 10:08:50 +02:00
Werner Koch
8735b87411
gpg: New debug flag "keydb".
* g10/options.h (DBG_KEYDB_VALUE): New.
* g10/gpg.c (debug_flags): Add it.
* g10/keydb.c: Replace all DBG_LOOKUP by DBG_KEYDB.
* g10/keyring.c: Ditto.
* g10/call-keyboxd.c: Ditto.
--

Using "lookup" also for key search debugging was not a good idea.
This uses a separate flag for the latter.
2024-08-09 09:31:54 +02:00
Werner Koch
7d82fca43d
gpg: Increase compress buffer size.
* g10/compress.c (init_compress): Increase buffersize.
--

This may speed up things a little bit.
2024-08-08 17:31:26 +02:00
Werner Koch
2a0caeb868
doc: Explain that sort-sigs has no effect in colon mode.
--
2024-08-08 17:28:15 +02:00
Andre Heinecke
9e2633937c
speedo,w32: Update libassuan dll name in wxs
* build-aux/speedo/w32/wixlib.wxs: Update name and UID for
libassuan
2024-08-08 15:18:07 +02:00
Andre Heinecke
fd90013a12
speedo,w32: Fix check for gpg-authcode-sign.sh
* build-aux/speedo.mk (AUTHENTICODE_sign): Do version check
in subshell to get the return code.

--
Otherwise this will fail not with the intended error message
but with "no such file or directory."
2024-08-08 15:15:59 +02:00
Daniel Cerqueira
d73beb5398
po: Update pt.po
--

Here is the Git patch of the updated GnuPG pt.po translation.

From d05a67bc357752ab64521a34bdd4bb461998d78d Mon Sep 17 00:00:00 2001
From: Daniel Cerqueira <dan.git@lispclub.com>
Date: Fri, 2 Aug 2024 14:21:47 +0100
Subject: [PATCH GnuPG] po: Update Portuguese Translation.

Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>
2024-08-08 12:26:20 +02:00
Werner Koch
690fd61a0c
sm: More improvements for PKCS#12 parsing for latest IVBB changes.
* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
(tlv_parser_new): New macro.  Rename function with an underscore.
(tlv_next_with_flag): New.
* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
Add fields crammed, lasttlv, and origoff.  Remove bufferlist ands ist
definition.
(dump_to_file): New but disabled debug helper.
(parse_tag): Print more info on error.
(_tlv_parser_new): Add args lasttlv and LNO.  Take a copy of the data.
(_tlv_parser_release): Free the copy of the buffer and return the
recorded TLV object from tlv_parser_new.
(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
(_tlv_push): Record crammed length.
(_tlv_pop): Restore crammed length.
(_tlv_parser_next): Add arg flags.  More debug output.  Handle cramming
here.  Take care of cramming here.
(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
(tlv_expect_octet_string): Remove arg encapsulates.  Adjust for
changes in _tlv_parser_next.  Change all allers.
(tlv_expect_null): New.
(cram_octet_string): Rewrite.
(need_octet_string_cramming): Remove.

* sm/minip12.c (dump_to_file): New.  Enablein debug mode and if a
envvar ist set.  Replace all explict but disabled dumping to call this
function.
(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
optional SET by non-peeking code.
(parse_cert_bag): Ditto.
(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
enable the Mozilla workaround.
(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
tlv_parser_release semantics.
(parse_shrouded_key_bag): Ditto.
(parse_shrouded_key_bag): Create a new context instead of using the
former encapsulated mechanism for tlv_expect_octet_string.
(parse_bag_data): Ditto.
(p12_parse): Ditto.
--

GnuPG-bug-id: 7213

Fixing this took way too long; I should have earlier explained the
code to a co-hacker to find the problem myself in my code by this.
2024-08-06 17:51:01 +02:00
Werner Koch
5409b273a6
sm: Add a debug helper command to t-minip12.c
* sm/t-minip12.c (cram_file): New.
(main): Add option --cram.
--

This is sometimes useful to convert constructed octet strings into
primitive octet strings.
2024-08-06 15:59:26 +02:00
Werner Koch
a8cef7ebc2
scd: New getinfo subcommand "manufacturer"
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--

Example:

  $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
  D Magrathea
  OK
2024-08-05 16:19:32 +02:00
Werner Koch
f1e3a23d9e
scd: New getinfo subcommand "dump_state".
* scd/command.c (cmd_getinfo): Add subcommand.  Always init CTRL for
simplicity.
--

A state dump looks like

  app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1
  app_dump_state:   app=0x00007f1b38018100 type='openpgp'
  app_dump_state:   app=0x00007f1b3800cb70 type='piv'
  app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0
  app_dump_state:   app=0x00007f1b38016fc0 type='openpgp'

and can also be triggered by a SIGUSR1.  This explicit command allows
to dump the state also on Windows.  Use for example

  gpg-connect-agent 'scd getinfo dump_state' /bye
2024-08-02 13:44:57 +02:00
Werner Koch
fa2c15634c
keyboxd: New getinfo subcommand "connections".
* kbx/kbxserver.c (cmd_getinfo): Add subcommand.
2024-08-02 13:29:53 +02:00
Werner Koch
c16604246a
doc: Fix URL to the OpenPGP card specs
--
2024-08-01 12:14:01 +02:00
Werner Koch
a4eefb271f
gpg-mail-tube: Make sure GNUPGHOME is set in vsd mode.
* tools/gpg-mail-tube.c (main): Set GNUPGGHOME.
(start_gpg_encrypt): Improve the "statrt gpg" diagnostic.
(prepare_for_appimage): Start with cleared GNUPGHOME.
2024-07-31 10:25:48 +02:00
Werner Koch
91532dc3f4
doc: Clarify gpgv man page synopsis.
--
GnuPG-bug-id: 7209
2024-07-23 15:09:39 +02:00
Werner Koch
ea123af9b5
Revert "common: Fix tlv-parser for constructed OCTET-STRING."
--
This reverts commit cc78b26a47.
2024-07-23 13:54:15 +02:00
Werner Koch
8b1f35a78f
g13: Finish migration to gpgrt_process_spawn API
--
Fixes-commit: 953dd67368
2024-07-23 13:53:20 +02:00
Werner Koch
62384ba556
Revert "speedo: Use remote gitrep if local does not exist"
--
Fixes-commit: 7a9214b0d4.

Using a remote repo is dangerous; for a local repo it can be expected
that it has been properly pulled and checked.
2024-07-23 13:40:43 +02:00
Jakub Jelen
dd23441938
agent: Avoid memory leak when handling ssh keys.
* agent/command-ssh.c (ssh_send_available_keys): Close file and
directory on error paths.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:40:35 +09:00
Jakub Jelen
be40a33419
agent: Avoid memory leak when handling tpm2.
* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Free memory on
errors.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:40:00 +09:00
Jakub Jelen
4bdd43fdca
dotlock: Avoid leaking directory handle.
* common/dotlock.c (dotlock_detect_tname): Close directory on errors.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:38:09 +09:00
Jakub Jelen
f66e9356f8
export_secret_ssh_key: Avoid memory leak.
* g10/export.c (export_secret_ssh_key): Free memory on errrors.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:35:10 +09:00
Jakub Jelen
b1029031d4
scd: Avoid memory leak.
* scd/app-p15.c (do_sign): Free allocated memory on error.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:32:25 +09:00
Jakub Jelen
e8c8068dec
tools: Avoid memory leaks.
* tools/gpg-auth.c (ssh_authorized_keys): Free list on error.
* tools/gpgtar-extract.c (gpgtar_extract): Free memory on error.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:30:33 +09:00
Andre Heinecke
3caf26f324
speedo,w32: Fix InstallDir usage and x64 install
* build-aux/speedo/w32/inst.nsi (InstallDir): Move to the
MUI definitions for clarity.
(MULTIUSER_INSTALLMODE_INSTDIR): Use pretty name.
(-gnupginst): Handle regviews and upgrades

--
As MultiUser.nsh sets the INSTDIR variable we have
to define MULTIUSER_USE_PROGRAMFILES64.

The resulting installer created by makensis itself
is still a 32bit binary we have to use SetRegView to
use the correct registry hive for 64 bit software.

To better handle the path switch from ProgramFiles (x86)
to ProgramFiles on update we now call the uninstaller
of the previous version before installing the new
version. This additionally ensures that there
are no leftover files and a dirty install directory
after some upgrades.
2024-07-14 11:08:08 +02:00
Andre Heinecke
8e55713921
speedo,w32: Remove share/doc subdir
* build-aux/speedo/w32/inst.nsi (-un.gnupg): Remove additional
dir.

--
Otherwise the folder tree is not completely removed on uninstall.
2024-07-14 08:36:16 +02:00
Andre Heinecke
ed0d61df58
speedo,w32: Fix a nsi translation
* speedo/w32/inst.nsi: Remove superflous brace.

--
This caused a warning and that the translation was
not applied.
2024-07-14 07:07:14 +02:00
Andre Heinecke
26ee947dfd
speedo,w32: configure --libdir for w32 builds
* build-aux/speedo.mk (SETVARS): Set --libdir when cross
compiling.

--
This ensures that the libdir is reliably named "lib" instead
of lib64 for 64 bit builds on systems which have this as
the default. This fixes among other things that PKG_CONFIG_PATH
is then set correctly.
2024-07-14 07:02:27 +02:00
Andre Heinecke
0311239d7b
speedo: Add VERBOSE variable
* build-aux/speedo.mk (VERBOSE): New variable.

--
While the configuration output stays silent by default
having the option to show it can be useful in case of
errors.
2024-07-14 07:02:09 +02:00
Andre Heinecke
7a9214b0d4
speedo: Use remote gitrep if local does not exist
* build-aux/speedo.mk (gitrep): If the local path is not
a directory. Use the remote repo as fallback.
2024-07-14 05:27:15 +02:00
Andre Heinecke
23df03faa0
speedo: Use nproc if available for make jobs
* build-aux/speedo.mk (MAKE_J): Use nproc if it is available.

--
Instead of hardcoding the make jobs value make it dependent
on the build system.
2024-07-14 05:25:17 +02:00
NIIBE Yutaka
cc78b26a47
common: Fix tlv-parser for constructed OCTET-STRING.
* common/tlv-parser.c (tlv_expect_octet_string): Fix assignment of N
value.

--

Before the change, need_octet_string_cramming returns always false,
because N==0.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-12 15:57:48 +09:00
NIIBE Yutaka
1e6b96577f
gpg: Fix agent_probe_any_secret_key.
* g10/call-agent.c (agent_probe_any_secret_key): No second keygrip
is not an error.

--

GnuPG-bug-id: 7195
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-10 15:13:06 +09:00
NIIBE Yutaka
d6017e4b1e
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-10 10:23:45 +09:00
NIIBE Yutaka
2b19474aab
common: On Windows, we care about how PIPE handles are inherited.
* agent/gpg-agent.c (handle_connections): It's for POSIX.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/app.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
tpm2d/tpm2daemon.c (handle_connections): Ditto.
* tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH.
(do_inbound_pipe): Use GNUPG_PIPE_INBOUND.
(do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND.
* common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound.
(_gpg_decrypt): Likewise.
* common/exechelp-posix.c (gnupg_create_pipe): Add an argument.
* common/exechelp-w32.c (create_pipe_and_estream): Care about
how PIPE handles are inherited to child process.
(gnupg_create_pipe): Add an argument.
* common/exechelp.h: Add enum values.

--

Fixes-commit: af6c47b291
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 15:15:13 +09:00
NIIBE Yutaka
1d5cfa9b7f
scd: Add <unistd.h> for read(2) / write(2) .
* scd/app.c: Include <unistd.h>.

--

Reported-by: David Bohman
GnuPG-bug-id: 7193
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 10:48:02 +09:00
NIIBE Yutaka
af6c47b291
common,kbx,tests: Clean up the PIPE function API.
* common/call-gpg.c (_gpg_encrypt, _gpg_decrypt): Simply, use
gnupg_create_pipe.
* tests/gpgscm/ffi.c (do_inbound_pipe): Likewise.
* common/exechelp.h (gnupg_create_inbound_pipe): Use gnupg_fd_t
for native pipe descriptor and don't expose other end of pipe.
(gnupg_create_outbound_pipe): Ditto.
* common/exechelp-posix.c (create_pipe_and_estream): Clean up.
(gnupg_create_inbound_pipe): Fail if R_FD or R_FP is NULL.
(gnupg_create_outbound_pipe: Ditto.
* common/exechelp-w32.c (create_pipe_and_estream): Clean up.
(gnupg_create_inbound_pipe): Fail if R_FD or R_FP is NULL.
(gnupg_create_outbound_pipe: Ditto.
(gnupg_create_pipe): Move the code from original
create_pipe_and_estream to call _open_osfhandle.
* common/exectool.c (gnupg_exec_tool_stream): Follow the change of
API.
* kbx/kbx-client-util.c (prepare_data_pipe): Likewise.

--

GnuPG-bug-id: 7194
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 10:41:03 +09:00