1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9499 Commits

Author SHA1 Message Date
NIIBE Yutaka
4aeeaa65ad gpg: Fix adding the list of ultimate trusted keys.
* g10/keygen.c (do_generate_keypair): Remove another call to
update_ownertrust.
* g10/trust.c (update_ownertrust): Add call to tdb_update_utk.
* g10/trustdb.c (tdb_update_utk): New.
* g10/trustdb.h (tdb_update_utk): New.

--

GnuPG-bug-id: 5742
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-12 13:34:31 +09:00
Ingo Klöcker
b66854ac93 gpg: Report failed generation of subkey pair via status interface
* g10/keygen.c (generate_subkeypair): On error, write error and
"key not created" message to status interface.
--

This change allows users of the status/command interface to detect
errors when adding a subkey to a key. Similar status messages are
output by do_generate_keypair.

GnuPG-bug-id: 5771
2022-01-11 10:12:07 +01:00
Ingo Klöcker
19b1a28621 gpg: Request keygrip of key to add via command interface
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
--

This change makes it possible to add an existing (sub)key to
another key via the status/command interface.

GnuPG-bug-id: 5771
2022-01-11 10:12:07 +01:00
Werner Koch
d445e19365
dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver.
* dirmngr/server.c (make_keyserver_item): Change mapping.
--

It turned out that having the old surfnet keyserver for unencrypted
connections is problematic because that server does not sync with the
Ubuntu server.

GnuPG-bug-id: 5751
2022-01-10 09:13:43 +01:00
Werner Koch
99a8b1f138
gpgtar: List and extract using extended headers.
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--

GnuPG-bug-id: 5754
2022-01-09 18:37:56 +01:00
Werner Koch
3a1c556b2c
gpgtar: Create extended header for long file names
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr.  Detect and store long file and link
names.  Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--

GnuPG-bug-id: 5754
2022-01-09 18:37:56 +01:00
NIIBE Yutaka
f9c9938b28 scd,pcsc: Fix error handling for a reader with reader-port.
* scd/apdu.c (apdu_open_reader): Make sure dl->idx is always
incremented to handle error from open_pcsc_reader correctly.

--

Reported-by: Anže Jenšterle
GnuPG-bug-id: 5758
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-01-04 14:56:29 +09:00
Werner Koch
4d52ba9431
doc: Fix the title of the man pages to GnuPG 2.3
--
2022-01-03 11:59:46 +01:00
Werner Koch
e836923175
po: Fix German translation
--

Option descriptions of --help should start with an uppercase letter.
2021-12-30 10:25:50 +01:00
Werner Koch
ec311425ca
doc: Typo fixes.
--
2021-12-30 10:24:36 +01:00
Werner Koch
42785d7c8a
gpgconf: Do not list ignored options and mark forced options as r/o.
* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
the no_change flag for forced options.
(retrieve_options_from_program): Put the attributes into the option
table.
--
2021-12-30 10:19:55 +01:00
NIIBE Yutaka
85db1b1a3b build: Remove unused old m4 files.
* m4/glibc2.m4, m4/glibc21.m4: Remove.
* m4/intl.m4, m4/intldir.m4, m4/lock.m4: Remove.
* m4/intdiv0.m4, m4/intmax.m4, m4/inttypes-pri.m4: Remove.
* m4/inttypes.m4, m4/inttypes_h.m4, m4/longdouble.m4: Remove.
* m4/printf-posix.m4, m4/signed.m4, m4/size_max.m4: Remove.
* m4/stdint_h.m4, m4/sys_socket_h.m4, m4/uintmax_t.m4: Remove.
* m4/visibility.m4, m4/wchar_t.m4, m4/wint_t.m4, m4/xsize.m4: Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-22 13:30:10 +09:00
NIIBE Yutaka
6b4441a7de build: Update for newer autoconf.
* configure.ac (AC_PREREQ): Use >= 2.69.
(AC_CONFIG_HEADERS): Use it, instead of AC_CONFIG_HEADER.
(AC_HEADER_STDC, AC_HEADER_TIME): Remove obsolete macros.
(sys/time.h): Add the check of the header.
(time_t): Don't use TIME_WITH_SYS_TIME.
* acinclude.m4 (AC_HEADER_TIME): Don't require.
Don't use TIME_WITH_SYS_TIME.
* dirmngr/dns.c: Don't use TIME_WITH_SYS_TIME.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-22 10:36:26 +09:00
NIIBE Yutaka
82b289328d po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-21 10:12:46 +09:00
NIIBE Yutaka
c3db27fa85 agent: Fix comment for .po generation.
* agent/call-pinentry.c (setup_formatted_passphrase): Move comment to
inside.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-21 10:11:04 +09:00
Werner Koch
02b59e282e
Post release updates.
--
2021-12-20 23:02:49 +01:00
Werner Koch
f74c65fd9b
Release 2.3.4 gnupg-2.3.4 2021-12-20 22:03:05 +01:00
Werner Koch
6105287252
gpg: Correctly set the ownertrust for a new key.
* g10/keygen.c (do_generate_keypair): Use update_ownertrust.
--

GnuPG-bug-id: 5742
2021-12-20 22:03:03 +01:00
Werner Koch
69195ab255
po: auto update 2021-12-20 20:53:54 +01:00
Werner Koch
2559407c95
po: Update German translation
--
2021-12-20 20:52:45 +01:00
Werner Koch
afe5fcda52
gpg: Add unfinished code for --export-secret-ssh-key.
* g10/gpg.c (exportSecretSshKey): New.
(opts): Add --export-secret-ssh-key.
(main): Implement option.
* g10/export.c (do_export_stream): Factor keywrap key code out to ...
(get_keywrap_key): new.
(mb_write_uint32, mb_write_uint8)
(mb_write_data, mb_write_cstring)
(mb_write_string, mb_write_mpi): New.
(receive_raw_seckey_from_agent): New.
(export_secret_ssh_key): New.
--

Due to time constraints the code is not yet ready.
2021-12-20 19:34:34 +01:00
Werner Koch
ace15e1b09
gpg: Allow passing a keygrip as description to pinentry.
* g10/keydb.h (FORMAT_KEYDESC_KEYGRIP): New.
* g10/passphrase.c (gpg_format_keydesc): Add new mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-12-20 19:34:34 +01:00
Werner Koch
da39102216
common: Add set_membuf_err.
* common/membuf.c (set_membuf_err): New.
2021-12-20 19:34:34 +01:00
Werner Koch
038136ea48
wkd: Don't beg for donations
* tools/gpg-wks-server.c (send_congratulation_message): Remove
donation hint from message.
--
2021-12-20 19:34:34 +01:00
Ingo Klöcker
c7fa4c7f8b dirmngr: Ask keyservers to provide the key fingerprints
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to
request URL.
--

Some keyservers, e.g. keyserver.ubuntu.com (Hockeypuck), do not
provide the key fingerprints by default. Therefore, we ask for the
fingerprints explicitly.

GnuPG-bug-id: 5741
2021-12-20 09:25:26 +01:00
NIIBE Yutaka
a9b95b20a8 dirmngr: Fix ldap-url.c.
* dirmngr/ldap-url.c (ldap_charray2str): Use memcpy instead of strncpy
when length is computed by strlen beforhand.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-17 13:33:40 +09:00
NIIBE Yutaka
e08225030d w32: Prepare for the case gcrypt.h will not include winsock2.h.
* common/dynload.h: Include specific headers only.
* common/exechelp-w32.c: Include <windows.h>.
* common/gettime.c: Likewise.
* common/utf8conv.c: Likewise.
* tests/gpgscm/ffi.c: Likewise.
* tools/gpgconf.c: Likewise.
* configure.ac: Check winsock2.h, removing gl_HEADER_SYS_SOCKET.

--

GnuPG-bug-id: 5731
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-17 13:32:14 +09:00
NIIBE Yutaka
61ac580a20 gpg: Emit compatible Ed25519 signature.
* g10/pkglue.c (sexp_extract_param_sos_nlz): New.
* g10/pkglue.h: Add the declaration.
* g10/sign.c (do_sign): Use sexp_extract_param_sos_nlz for Ed25519.

--

Ed25519 signature in GnuPG 2.2 has no leading zeros.

GnuPG-bug-id: 5331
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-10 15:43:28 +09:00
Jakub Jelen
426d82fcf1 gpg: Fix function prototype to match declaration.
* g10/test-stubs.c (keyserver_import_mbox): Fix prototype
--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-24 10:50:48 +09:00
Jakub Jelen
46efee8cb7 kbx: Fix allocation check
* kbx/kbxserver.c (cmd_search): Fix allocation check
--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-24 10:50:33 +09:00
Jakub Jelen
6ee3eb4202 homedir: Avoid memory leaks on errors
* common/homedir.c (unix_rootdir): Free allocated memory on error path
--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-24 10:50:33 +09:00
Jakub Jelen
940af3f052 dirmngr: Avoid memory leaks on errors
* dirmngr/ldap-misc.c (ldap_parse_extfilter): Avoid direct return
  without freeing resources on errors.
--

GnuPG-bug-id: 5393
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2021-11-24 10:50:33 +09:00
NIIBE Yutaka
a9be9f4e6e gpg: Fix format_keyid.
* g10/keyid.c (format_keyid): Allocate buffer earlier.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-11-24 10:43:38 +09:00
NIIBE Yutaka
07671917e4 gpg: Fix key conversion for SSH.
* g10/export.c (key_to_sshblob): Use put_membuf with length counted
beforehand, and use memcmp instead of strncmp.

--

GnuPG-bug-id: 5393
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-11-24 10:32:57 +09:00
Werner Koch
c397ba3ac0
gpg: New option --forbid-gen-key.
* g10/gpg.c (oForbidGenKey, opts): New option.
(mopt): New local struct
(gen_key_forbidden): New.
(main): Set and handle the option.
--

In large system installation it is sometimes useful to make it a bit
harder for users to generate their own keys.  An example is a policy
to not use on-disk keys.
2021-11-22 20:59:22 +01:00
Werner Koch
b091a250d1
gpgconf: Fix last commit.
--
Oops, I noticed the warning only after backporting to 2.2.
2021-11-19 09:38:26 +01:00
Werner Koch
a0fb78ee0f
gpgconf: Include output of --list-dirs in --show-configs.
* tools/gpgconf.c (list_dirs): Add arg special.
(show_other_registry_entries): Print the Homedir.
(show_configs): List directories.
2021-11-19 09:29:37 +01:00
Werner Koch
5f39db70c0
gpg,gpgsm: Add option --min-rsa-length.
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
2021-11-18 20:49:37 +01:00
Werner Koch
749bb80cb7
gpgconf: --show-configs now prints a bunch of Registry entries.
* tools/gpgconf.c (show_other_registry_entries): New.
(show_configs): Call it.  Minor reformatting.
--
2021-11-17 18:15:55 +01:00
Werner Koch
9172fbc084
gpgconf: Extend --show-config to show envvars.
* tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain
things.
(show_configs_one_file): New arg LISTP to be passed thru.
(show_configs): Show envars and regisiry values.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-17 09:53:05 +01:00
Werner Koch
5053939480
common,w32: New function read_w32_reg_string.
* common/w32-reg.c (get_root_key): Remove.
(read_w32_registry_string): Turn into a wrapper for the gpgrt
function.
(read_w32_reg_string): New.
2021-11-17 09:30:48 +01:00
Werner Koch
74c5b35062
sm: Detect circular chains in --list-chain.
* sm/keylist.c (list_cert_chain): Break loop for a too long chain.
--

This avoids endless loops in case of circular chain definitions.  We
use such a limit at other palces as well.  Example for such a chain is

# ------------------------ >8 ------------------------
           ID: 0xBE231B05
          S/N: 51260A931CE27F9CC3A55F79E072AE82
        (dec): 107864989418777835411218143713715990146
       Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
      Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
     sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53
     sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05
      md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6
      pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678
       certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82
      keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9
    notBefore: 2005-06-07 08:09:10
     notAfter: 2019-06-24 19:06:30
     hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
      keyType: rsa2048
    subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A
    authKeyId: [none]
 authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
[...]

Certified by
           ID: 0xCE2E4C63
          S/N: 46EAF096054CC5E3FA65EA6E9F42C664
        (dec): 94265836834010752231943569188608722532
       Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
      Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
     sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73
     sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63
      md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27
      pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840
       certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664
      keygrip: 10678FB5A458D99B7692851E49849F507688B847
    notBefore: 2005-06-07 08:09:10
     notAfter: 2020-05-30 10:48:38
     hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
      keyType: rsa2048
    subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
    authKeyId: [none]
 authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A
     keyUsage: certSign crlSign
[...]

Which has a circular dependency on subKeyId/authkeyId.ki.
2021-11-15 17:51:38 +01:00
NIIBE Yutaka
a575b0aba5 scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.
* scd/app-openpgp.c (do_auth): Use extended Lc, when supported.

--

GnuPG-bug-id: 5682
Co-authored-by: Klas Lindfors
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-11-15 11:40:41 +09:00
Werner Koch
bd5c775878
agent: Print the non-option warning earlier.
* agent/gpg-agent.c (main): Move detection up.
--

The problem is that PARGS is re-used and when detecting a possible
incorrect use, the flag that "--" has already been seen has gone.
2021-11-14 18:06:33 +01:00
Werner Koch
a9bc8e1695
Update release signing keys
--

The last key is new.  As usual the key is on a dedicated card with the
Admin PIN accessible to a few core hackers.

# ------------------------ >8 ------------------------

pub   rsa3072 2017-03-17 [SC] [expires: 2027-03-15]
      5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
sig    R     BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
uid                      Andre Heinecke (Release Signing Key)
sig 3        BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
sig          1FDF723CF462B6B1 2017-03-17  Andre Heinecke <aheinecke@intevation.de>

pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
      6DAA6E64A76D2840571B4902528897B826403ADA
uid                      Werner Koch (dist signing 2020)
sig 3        528897B826403ADA 2020-08-24  Werner Koch (dist signing 2020)
sig          249B39D24F25E3B6 2020-08-24  Werner Koch (dist sig)
sig          63113AE866587D0A 2020-08-24  wk@gnupg.org
sig          E3FDFF218E45B72B 2020-08-24  Werner Koch (wheatstone commit signing)
sig          F2AD85AC1E42B367 2020-08-24  Werner Koch <wk@gnupg.org>

pub   ed25519 2021-05-19 [SC] [expires: 2027-04-04]
      AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
uid                      Niibe Yutaka (GnuPG Release Key)
sig 3        E98E9B2D19C6C8BD 2021-05-19  Niibe Yutaka (GnuPG Release Key)
sig          00B45EBD4CA7BABE 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>
sig          E267B052364F028D 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>

pub   brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31]
      02F38DFF731FF97CB039A1DA549E695E905BA208
uid                      GnuPG.com (Release Signing Key 2021)
sig 3        549E695E905BA208 2021-10-15  GnuPG.com (Release Signing Key 2021)
sig          528897B826403ADA 2021-10-15  Werner Koch (dist signing 2020)
sig          E3FDFF218E45B72B 2021-10-15  Werner Koch (wheatstone commit signing)
2021-11-13 21:03:02 +01:00
Werner Koch
99ef78aa0c
gpg: Remove stale ultimately trusted keys from the trustdb.
* g10/tdbdump.c (export_ownertrust): Skip records marked with the
option --trusted-key.
(import_ownertrust): Clear the trusted-key flag.
* g10/tdbio.h (struct trust_record): Add field flags.
* g10/tdbio.c (tdbio_dump_record): Improve output.
(tdbio_read_record, tdbio_write_record): Handle flags.
* g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set
the flag for new --trusted-keys.
(tdb_update_ownertrust): Add arg as_trusted_key.  Update callers.
--

GnuPG-bug-id: 5685
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-13 20:34:06 +01:00
Werner Koch
b0079ab39d
keyboxd: New option --steal-socket.
* kbx/keyboxd.c (oStealSocket): New const.
(opts): Add option.
(steal_socket): New file global flag.
(main): Set option.
(create_server_socket): Implement option.
--
2021-11-13 15:01:17 +01:00
Werner Koch
dd708f60d5
agent,dirmngr: New option --steal-socket
* agent/gpg-agent.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.
(create_server_socket): Implement option.

* dirmngr/dirmngr.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.  Add comment to eventually implement it.
--

Note that --steal-socket has currently no effect on dirmngr because
dirmngr does this anway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-11-13 14:56:40 +01:00
Werner Koch
6d52cb966e
doc: Clarify the "ntds" AKL mechanism.
--
2021-11-12 16:11:56 +01:00
NIIBE Yutaka
b124bca592 gpg: Don't use malloc for kek_params.
* g10/ecdh.c (pk_ecdh_default_params): Use stack for kek_params.

--

GnuPG-bug-id: 5393
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-11-12 15:39:30 +09:00