1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Commit Graph

9110 Commits

Author SHA1 Message Date
Werner Koch
dd5fd4a760
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
(cherry picked from commit c94ee1386e)
2020-10-21 20:49:18 +02:00
NIIBE Yutaka
25bec16d0b scd: Add a workaround for Yubikey.
* scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.

--

Backport master commit of:

	0db9c83555

Yubikey version 5 s/n 609074582 returns 0x6982, version 5.2.4 s/n
610616049 returns 0x6581, where 0x6a88 is expected.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 17:15:49 +09:00
NIIBE Yutaka
0f4c956a76 scd: Silence compiler warning.
* scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size.

--

Cherry-picked from master commit of:

	2a34a2afea

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 12:01:13 +09:00
NIIBE Yutaka
7c8823bf82 scd: Report any error for LEARN command.
* scd/app-openpgp.c (do_learn_status): Report any error.

--

Backport master commit of:

	862d9c6fac

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:52:24 +09:00
NIIBE Yutaka
1f1b68eef7 scd: Internal CCID driver: More fix for SPR532.
* scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb.

--

Backport master commit of:

	920f258eb6

GnuPG-bug-id: 5065
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:46:13 +09:00
NIIBE Yutaka
33a2d4bd7f scd: Internal CCID driver fix.
* scd/ccid-driver.c (intr_cb): More useful debug output.
(ccid_slot_status): Remove redundant condition.

--

Backport master commit of:

	1444203ca3

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:45:45 +09:00
NIIBE Yutaka
48565e7a08 scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.
* scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint.
(ccid_vendor_specific_init): Don't call libusb_clear_halt.

--

Backport master commit of:

	6af978713e

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:44:57 +09:00
NIIBE Yutaka
30693dfb6f scd: Internal CCID driver: Fix a failure path.
* scd/ccid-driver.c (ccid_open_usb_reader): On error, call
libusb_release_interface.

--

Backport master commit of:

	d561c936a2

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:44:21 +09:00
NIIBE Yutaka
498cd38019 scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.
* scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.

--

Backport master commit of:

	b1e8072320

With SPR532, at the first connection, it fails by
LIBUSB_ERROR_TIMEOUT, but no retry.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:43:48 +09:00
NIIBE Yutaka
7db836c0e9 scd: Change handling of SPR532 card reader.
* scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
for SPR532 initialization.
(ccid_slot_status): Send ESCape command after GetSlotStatus.

--

Backport master commit of:

	684a52dffa

GnuPG-bug-id: 5065
Fixes-commit: 4fae55f8ee
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:43:13 +09:00
NIIBE Yutaka
11d8d1e050 scd: For SPR532, submit the ESCape command at initialization.
* scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
command for VENDOR_SCM.
(ccid_transceive_secure): Don't submit the ESC command every time.

--

Backport master commit of:

	4fae55f8ee

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:42:23 +09:00
NIIBE Yutaka
dd7cc24d5f scd: Fix CCID internal driver for interrupt transfer.
* scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.

--

Backport master commit of:

	7cbb513a2d

SPR532 USB Smart Card Reader (also know as SPR332) may send two
messages at once for a single interrupt transfer.  An example transfer
observed was like: 50 03 50 02, which is considered valid, according
to the CCID specification.

GnuPG-bug-id: 5065
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:41:25 +09:00
NIIBE Yutaka
186d11896c scd: Better handling of timeout and time extension.
* scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
(ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
determined value.  Use value from variable wait_more for bulk_in.
Set wait_more by the value of time extension request.

--

Backport master commit of:

	f1cf799a37

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:38:40 +09:00
NIIBE Yutaka
60af035c22 scd: Fix internal CCID driver, so that -DTEST works.
* scd/ccid-driver.c: Support a test program by ccid-driver.

--

Backport from master commit:

	b310604252

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:27:41 +09:00
NIIBE Yutaka
165312dca9 scd: ccid-driver: Initial getting ATR more robustly.
* scd/ccid-driver.c (send_power_off): New.
(do_close_reader): Use send_power_off.
(ccid_get_atr): Add error recovery.

--

Backport from master commit of:

	c51a568555

GnuPG-bug-id: 4616
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:21:42 +09:00
NIIBE Yutaka
1efc01ff98 scd: Clean up the structure for future fix of PC/SC.
* scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
(open_ccid_reader): Follow the change.
(apdu_dev_list_start, apdu_dev_list_finish): Likewise.
(apdu_open_reader): Likewise.
* scd/ccid-driver.c (ccid_dev_scan): Use void *.
(ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
* scd/ccid-driver.h: Change the APIs.

--

Backport from master commit of:

	f44aa290c1

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:17:58 +09:00
Werner Koch
5b985b0264 scd: Map some error codes from libusb to ccid-driver error codes.
* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
* scd/apdu.h: New SW_HOST error codes.
* scd/apdu.c (host_sw_string): Print them
* scd/ccid-driver.c (map_libusb_error): New.
(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
* scd/iso7816.c (map_sw): Map new codes to gpg-error.
--

Backport from master commit:

	9a8d7e41bb

This change will help to get low level error conditions from hipher
application code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-06 11:14:59 +09:00
NIIBE Yutaka
cccdca61a8 scd: internal driver: Submit SET_INTERFACE control transfer.
* scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
control transfer.

--

Backport from master commit:

	611faf1579

This handling is not mondatory, but it's better to do so, because
there are card reader with pinpad and token with ack button, which
support user interaction.

User interaction status should be reset at open time.  The status
should be reset when the session is closed/stopped.  In practice,
since cleanup routine in a driver may not be called properly, it's
good to submit SET_INTERFACE at open time.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-06 11:14:29 +09:00
NIIBE Yutaka
e3a12b09dc scd: Internal CCID driver: Spelling cleanup.
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Backport master commit of:
	0904b8ef34
2020-10-06 11:06:53 +09:00
NIIBE Yutaka
7b531fe580 scd: Internal CCID driver: Clean up backport from master.
* scd/ccid-driver.c (print_error) [TEST]: Add missing break.  Note
    that this is anyway an impossible case.

--

Backport master commit of:

	8fb14d3b3f

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-06 11:02:24 +09:00
Werner Koch
ffbef54d36
dirmngr: Minor cleanup for better readability.
* dirmngr/ldap.c (start_default_fetch_ldap): Rename to
start_cacert_fetch_ldap and remove arg attr.  Instead use
"cACertificate" directly.
* dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
(start_cert_fetch_ldap): Rename arg for clarity.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-05 17:21:55 +02:00
Werner Koch
77e416741a
build: Fix SENDMAIL define for a PATH with spaces.
* configure.ac: Fix use of $PATH
2020-10-04 20:47:13 +02:00
Werner Koch
c81f02c959
w32: Add manifest files to most binaries
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-02 17:04:12 +02:00
Werner Koch
e12e5b3dab
common,w32: Change copyright holder notice.
--
2020-10-02 16:38:18 +02:00
Werner Koch
239e60a37f
gpgconf,w32: Add manifest so we get the correct windows version.
* common/w32info-rc.h.in: Update copyright info.
* tools/gpg-connect-agent-w32info.rc: Tweak file info.
* tools/gpgconf-w32info.rc: New.
* tools/gpgconf.w32-manifest.in: New.
* configure.ac: Add new .in file.
* tools/Makefile.am (EXTRA_DIST): Add them.
(gpg_connect_agent_robjs, gpgconf_robjs): New.
(gpgconf_LDADD): Add resource file.
(gpg_connect_agent_LDADD): Change name of resource macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-02 14:24:04 +02:00
Werner Koch
a298ba02ee
gpgconf: New option --show-versions.
* tools/gpgconf.c: Include exechelp.h.  New option --show-versions.
(get_revision_from_blurb): New.
(show_version_gnupg): New.
(show_version_libgcrypt): New.
(show_version_gpgrt): New.
(show_versions_via_dirmngr): New.
(show_versions): New.
* dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
(get_revision_from_blurb): New.
(gpgconf_versions): New.
--

This option should be helpful to gather information for debugging.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported-from-master: 357ad9ae29
2020-10-02 12:45:52 +02:00
Werner Koch
c10ba8e883
doc: Typo fixes
--
2020-10-02 12:32:37 +02:00
Andre Heinecke
d833030f8c
doc: Remove enable-extended-key-format in vsnfd
* doc/examples/vsnfd.prf: Remove enable-extended-key-format

--
This is no longer a valid option for gpg-agent because it
is now the default.
2020-10-01 18:22:44 +02:00
Werner Koch
be8b30f8eb
kbx: Add bounds check to detect corrupt keyboxes.
* kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes.  Add support
for 32 byte fingerprints.
--

kbxutil is a debug tool but nevertheless it should behave well and not
read beyond allocated buffers and in turn crash.

Vincent Ulitzsch and Dominik Maier were kind enough to report these
crashes along with a couple of test keyboxes and crash analysis.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master and while doing that adding also the support
for OpenPGP v5 keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-22 11:53:01 +02:00
NIIBE Yutaka
61aea64b3c scd: Fix the use case of verify_chv2 by CHECKPIN.
* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
when needed.

--

Backport of master commit of:
	6e51f2044a

Fixes-commit: d2f1a0a791
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 12:46:50 +09:00
Werner Koch
a084924d07
gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
* dirmngr/server.c (cmd_killdirmngr): Return 0.
* tools/gpg-connect-agent.c (main): Catch signals.
--

And we also print nicer diagnostics.  The reason we need this is that
for example "gpgconf --kill dirmngr" uses gpg-connect-agent to send a
command to dirmngr.  This may results in a SIGPIPE which in turn leads
to an annoying error message from gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 11:05:37 +02:00
Werner Koch
72e04b03b1
dirmngr: Fix the pool keyserver case for a single host in the pool.
* dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
localhost and if there is no pool.
2020-09-10 11:04:46 +02:00
Werner Koch
e4f3b74c91
dirmngr: Align the gnutls use of CAs with the ntbtls code.
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--

The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate.  This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 11:04:15 +02:00
Werner Koch
7de9ed521e
agent: Keep some permissions of private-keys-v1.d.
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 07:46:25 +02:00
Werner Koch
5b6cfef620
build: Fix recent commit for SOURCE_DATE_EPOCH.
--

Fixes-commit: 5ade2b68db
which was recently pushed to make use of $SOURCE_DATE_EPOCH
as fallback.

(cherry picked from commit 61bb75d045)
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-09 15:40:08 +02:00
Werner Koch
8a2193380c
tests: New test run envvar to run gpg under valgrind.
--

Take care: Running under valgrind takes loooong and in some case you
may run into an valgrind internal error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 11:29:32 +02:00
Werner Koch
6ce8fdc4b2
gpg: Initialize a parameter to silence valgrind.
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--

In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter.  Thus there should be no
problem because the assert call check s buffer first.  For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable.  That does not happen with our
log_assert.  Tested with gcc 8.3.0 and valgrind 3.14.0.
2020-09-04 11:24:34 +02:00
Werner Koch
390ae3c309
Post release updates
--
2020-09-03 17:49:21 +02:00
Werner Koch
e234d04c3c
Release 2.2.23 2020-09-03 17:06:37 +02:00
Werner Koch
aeb8272ca8
gpg: Fix AEAD preference list overflow
* g10/getkey.c (fixup_uidnode): Increase size of prefs array.
--

GnuPG-bug-id: 5050
Fixes-commit: ab7a0b0702
which introduced a feature to show the AEAD preferences of keys
created with rfc4880bis capable software (e.g. GnuPG 2.3-beta).
The same code in 2.3 is correct, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-03 17:06:29 +02:00
Werner Koch
0383146653
po: auto update
--
2020-09-03 17:05:17 +02:00
Yuri Chornoivan
1a4b0fd793
po: Update Ukrainian translation
--

The provided patch did not cleany apply (3 of 31 hunks failed).

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-03 17:05:12 +02:00
Jakub Bogusz
93d10403ad
po: Update Polish translation
--
2020-09-03 17:05:10 +02:00
Werner Koch
a8a8105bc7
po: Add key-check.c to the list of translatable sources.
--
2020-09-03 17:05:09 +02:00
Petr Pisar
cad9955ac9
po: Update Czech translation.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-03 17:05:06 +02:00
Werner Koch
896c528ba0
gpg: Fix segv importing certain keys.
* g10/key-check.c (key_check_all_keysigs): Initialize issuer.
--

Fixes-commit: 404fa8211b
from 2017

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 16:06:46 +02:00
NIIBE Yutaka
0a9665187a scd: Fix a regression for OpenPGP card.
* scd/app-openpgp.c (verify_chv2): Make sure loading keys.

--

Fixes-commit: d2f1a0a791
Reported-by: Michał Górny
GnuPG-bug-id: 5039
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-01 15:23:59 +09:00
Nagy Ferenc László
bcae9cd4e3
po: Minor update to the Hungarian translation.
--
2020-08-28 12:31:14 +02:00
Werner Koch
d2fe2ffd75
sm: Fix a bug in the rfc2253 parser
* sm/certdump.c (parse_dn_part): Fix parser flaw.
--

This could in theory result in reading bytes after a after Nul in a
string and thus possible segv on unallocated memory or reading other
parts of the memory.  However, it is harmless because the rfc2253
strings have been constructed by libksba.

GnuPG-bug-id: 5037
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-28 09:09:34 +02:00
Werner Koch
f799b3ddbb
Post release updates
--
2020-08-27 14:55:48 +02:00