1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

9919 Commits

Author SHA1 Message Date
Todd Zullinger
beb79f2705
sm: Use gpg_err_code() instead of -1
* sm/verify.c (gpgsm_verify): use gpg_err_code instead of 'rc == -1'
comparison.
--

In ed6ebb696e (sm: Implement initial support for keyboxd., 2020-09-10),
the return of keydb_search() was changed to use gpg_err_code().  Adjust
gpgsm_verify() to use it.  This provides a nicer error message to users
when a certificate is not found -- the same error that is seen from 2.2.

Prior to this change, when a cert was not found, gpgsm output:

    gpgsm: failed to find the certificate: Not found

as opposed to the more human-readable message from 2.2:

    gpgsm: certificate not found

They now return the same message.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2022-04-25 12:09:50 +02:00
Werner Koch
ca5d5142c6
Deprecate the --supervised options.
* agent/gpg-agent.c (main): Mark --supervised as deprecated.
* dirmngr/dirmngr.c (main): Ditto.
--

The supervised thing causes more trouble than it pretends to solve.
2022-04-25 12:03:45 +02:00
Werner Koch
0f8623d518
gpg: Emit an ERROR status as hint for a bad passphrase.
* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
--

This allows GPGME to return a better error message than "bad session
key" to the user.  Technically we could get run into these errors also
in other cases but this more unlikley.  For the command line use we
don't do anything to not change the expected output of the command
line interface.

GnuPG-bug-id: 5943
2022-04-25 11:24:14 +02:00
NIIBE Yutaka
2fc91e15c6 common:iobuf: Exclude cases with IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP.
* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.

--

GnuPG-bug-id: 5941
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-25 17:37:32 +09:00
NIIBE Yutaka
2848fe4c84 scd: Fix hard-coded constant for RSA auth.
* scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096.

--

OpenPGPcard specification says that it will be rejected by the card
when it's larger.  We have been the check on host side too, but it was
written when it only had a support for RSA-2048.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-25 11:14:10 +09:00
Ingo Klöcker
8b3a24e517 gpg: Fix line end in error message
* g10/keyedit.c (menu_adduid): Move linefeed character to the format
string.
--

This fixes a literal '\n' in the error message and a missing line feed
after the error message.
2022-04-22 10:10:36 +02:00
NIIBE Yutaka
e529c54fe3 agent: Not writing password into file.
* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.

--

GnuPG-bug-id: 5917
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-22 13:33:45 +09:00
NIIBE Yutaka
e8fb8e2b3e scd: Don't inhibit SSH authentication for larger data if it can.
* scd/app-openpgp.c (do_auth): Use command chaining if available.

--

GnuPG-bug-id: 5935
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-22 11:50:19 +09:00
Werner Koch
60fc743da4
Post release updates
--
2022-04-21 17:53:37 +02:00
Werner Koch
a4b25bcfe1
Release 2.3.5 2022-04-21 16:48:34 +02:00
Werner Koch
b400ad2675
po: Auto update
--
2022-04-21 14:20:10 +02:00
Werner Koch
aec972732e
speedo: Fix authenticode signing
--
2022-04-21 14:18:27 +02:00
Werner Koch
9b297a9d44
dirmngr: Fix Makefile
--
Fixes-commit: 89dc9f1e69
2022-04-21 14:18:14 +02:00
NIIBE Yutaka
3560cd0d9d po: Update Simplified Chinese Translation.
--

Reviewed-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: bobwxc <bobwxc@yeah.net>
2022-04-21 13:35:05 +09:00
Werner Koch
ac08517723
po: Update German translation
--
2022-04-20 18:48:42 +02:00
Werner Koch
89dc9f1e69
dirmngr: Changes to the linking order.
* dirmngr/Makefile.am: Tweak library order.
--
(cherry picked from commit 3c79ff34c4)
2022-04-20 18:48:35 +02:00
Werner Koch
3b48465ef9
build: Fix makedist target in m4.
--
2022-04-20 15:48:37 +02:00
Werner Koch
22fef189b1
w32: Do no use Registry item DefaultLogFile for the main tools.
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
--

The intention of this mostly forgotten registry entry was to allow for
easy debugging of the tools.  However, with the global config file
common.conf things are anyway better.  We disable the use for the
commonly used tools so that it does not look like calling gpg on the
command line seems to block with no output if the log
server (e.g. tcp://1.2.3.4:11111) is not reachable.
2022-04-20 09:30:56 +02:00
Werner Koch
41fb46007e
gpg: Replace an assert by a log_fatal.
* g10/build-packet.c (do_signature): Use log_fatal.
--
GnuPG-bug-id: 5809
2022-04-14 13:56:10 +02:00
Werner Koch
46d62d80a2
ssh: Returned faked response for the new session-bind extension.
* agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New.
(SSH_OPT_CONSTRAIN_EXTENSION): New.
(ssh_handler_add_identity): Ignore them.
(ssh_handler_extension): Take success for session-bind.
--

OpenSSH 8.9 does not gracefully allow communication with older agent
implementations.  Until this new OpenSSH feature has been settled we
return a faked response.

Code has not yet been tested.

GnuPG-bug-id: 5931
2022-04-14 12:30:55 +02:00
Werner Koch
dd727ec968
scd: Renamed a constant in ccid-driver.c
* scd/ccid-driver.c (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
--

Just for documentation reasons.
2022-04-14 10:26:40 +02:00
Werner Koch
6294ae282d
scd: Minor code reorganization
* scd/ccid-driver.c: Move struct defines to the top.
--
2022-04-14 10:15:23 +02:00
Werner Koch
8ac92f0e80
scd: Fix memory leak in ccid-driver.
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
--

Due to an assignment out of bounds this might lead to a crash if there
are more than 15 readers.  In any case it fixes a memory leak.
Kudos to the friendly auditor who found that bug.

Fixes-commit: 8a41e73c31
2022-04-14 10:15:23 +02:00
Werner Koch
61038be813
tests: Fix warning in common/t-ssh-utils.c
* common/t-ssh-utils.c (main): Remove continue.
--
Obvious c+p bug.

Fixes-commit: 5e508ffcab
2022-04-14 10:14:51 +02:00
Jakub Jelen
c4436ebfa5 agent: Ignore MD5 Fingerprints for ssh keys
--
* agent/command-ssh.c (add_control_entry): Ignore failure of the MD5
  digest

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-14 11:47:04 +09:00
NIIBE Yutaka
5e508ffcab tests: Fix common/t-ssh-utils.
* common/t-ssh-utils.c (main): Accept an error with MD5 in_fips_mode.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-14 11:46:58 +09:00
Jakub Jelen
1f0651dbfb tests: Honor FIPS mode
* common/t-ssh-utils.c (FLAGS_NOFIPS): New.
  (sample_keys): Add flags member.
  (main): Detect if libgcrypt is in FIPS mode, try SHA256 fingerprints
  first and expect the MD5 ones will fail.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-14 11:46:55 +09:00
Werner Koch
618aa8689a
scd:p15: Improve the PIN prompt for Genua cards.
* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
(cardproduct2str): Add it.
(read_p15_info): Detect and set GENUA
(make_pin_prompt): Take holder string from the AODF.
2022-04-13 13:06:27 +02:00
Werner Koch
137e59a6a5
sm: Print diagnostic about CRL problems due to Tor mode.
* dirmngr/crlfetch.c (crl_fetch, crl_fetch_default)
(ca_cert_fetch, start_cert_fetch): Factor Tor error out to ...
(no_crl_due_to_tor): new.  Print status note.

* dirmngr/ks-engine-ldap.c (ks_ldap_get)
(ks_ldap_search, ks_ldap_put): Factor Tor error out to ...
(no_ldap_due_to_tor): new.  Print status note.

* dirmngr/ocsp.c (do_ocsp_request): Print status note.
* sm/misc.c (gpgsm_print_further_info): New.
* sm/call-dirmngr.c (warning_and_note_printer): New.
(isvalid_status_cb): Call it.
(lookup_status_cb): Ditto.
(run_command_status_cb): Ditto.

* common/asshelp2.c (vprint_assuan_status): Strip a possible trailing
LF.

--
2022-04-11 17:57:14 +02:00
Werner Koch
0dcc249852
scd: Support for GeNUA cards.
* scd/app-p15.c (read_p15_info): Disable extended mode for Genua
cards.
2022-04-11 17:48:45 +02:00
Werner Koch
198fad9fc1
doc: Typo fix in comment
--
2022-04-08 16:07:34 +02:00
Werner Koch
ca3e46a587
tpm: Fix recently introduced syntax error
--

Fixes-commit: 18eff31496
2022-04-08 16:06:09 +02:00
Werner Koch
8945f1aedf
gpg: Remove restrictions for the name part of a user-id.
* g10/keygen.c (ask_user_id): Allow for the name to start with a
digit.  Allow names shorter than 5.
--

The reason for this change is that we don't enforce these constraints
in the --quick-gen-key interface.  I added the constraints right in the
beginning of gnupg to make sure that we have a uniform style for
user-ids.  However, this is all problematic with non-Latin names
and we prefer to use mail addresses anyway.
2022-04-08 16:03:12 +02:00
NIIBE Yutaka
9000081964 agent: Fix for possible support of Cygwin OpenSSH.
* agent/command-ssh.c (start_command_handler_ssh): Use es_sysopen.

--

With new (not-yet-released) libgpg-error, gpg-agent should be able to
handle connection from Cygwin version of OpenSSH.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-07 16:39:40 +09:00
NIIBE Yutaka
b47a23f5fa w32: Exclude tests with HOME.
* common/t-session-env.c [HAVE_W32_SYSTEM] (test_all): HOME is not
defined, so, exclude the tests.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-06 13:28:15 +09:00
NIIBE Yutaka
39d478f5ba w32: Fix for make check.
* common/Makefile.am (module_tests): Exclude t-exechelp and
t-exectool.
* common/t-stringhelp.c (mygetcwd): Convert '\' to '/'.
* tests/cms/Makefile.am: Add $(EXEEXT).
* tests/gpgme/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-06 11:28:00 +09:00
NIIBE Yutaka
48ee11722d agent:w32: Fix for use of socket.
* agent/command-ssh.c (get_client_info): Use type gnupg_fd_t for
socket, until call of socket API.
(start_command_handler_ssh): Don't convert here.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-04 16:39:27 +09:00
NIIBE Yutaka
f584ad9504 scd,tpm2d: Fix for consistent use of socket FD.
* scd/command.c (scd_command_handler): Use gnupg_fd_t for the argument
but no INT2FD to listen.  Use GNUPG_INVALID_FD.
* tpm2d/command.c (tpm2d_command_handler): Likewise.
* scd/scdaemon.c (start_connection_thread): Follow the change.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
* scd/scdaemon.h (scd_command_handler): Use gnupg_fd_t.
* tpm2d/tpm2daemon.h (tpm2d_command_handler): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-31 21:03:13 +09:00
NIIBE Yutaka
01ade6945d dirmngr: Fix for SOCK.
* dirmngr/http.c (connect_with_timeout): Use FD2INT to unwrap SOCK.

--

GnuPG-bug-id: 5899
Reported-by: Eli Zaretskii
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-30 13:05:41 +09:00
NIIBE Yutaka
18eff31496 tpm2d: Fix socket resource leak on Windows.
* tpm2d/tpm2daemon.c (main): Use gnupg_fd_t for socket, and use
assuan_sock_close for the socket allocated by assuan_sock_new.
(handle_connections): Use gnupg_fd_t for listen_fd.
Use assuan_sock_close for the socket by npth_accept.

--

Apply the same change of scdaemon to tpm2daemon.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-30 13:01:14 +09:00
NIIBE Yutaka
2189b4bb63 common,w32: Fix handle_to_fd to match use of _open_osfhandle.
* common/exechelp-w32.c (handle_to_fd): Use intptr_t.
(gnupg_wait_processes): Fix to use pid_to_handle.

--

Both of original MinGW and MinGW-W64 use intptr_t for the first
argument of _open_osfhandle.  So, intptr_t is better here.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-30 11:44:06 +09:00
NIIBE Yutaka
d05221065f dirmngr: Clean up for not supporting WindowsCE.
* dirmngr/Makefile.am (dirmngr_SOURCES): Remove w32-ldap-help.h.
* dirmngr/cdblib.c (cdb_init): Remove for __MINGW32CE__.
* dirmngr/w32-ldap-help.h: Remove.

--

Fixes-commit: 4c295646ba
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-29 13:41:04 +09:00
NIIBE Yutaka
2cebba7274 gpg,tools: Remove use of repo only zlib-riscos.h.
* g10/compress.c: Don't use zlib-riscos.h.
* tools/gpgsplit.c: Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-29 12:07:18 +09:00
NIIBE Yutaka
a67a09be30 scd,w32: Fix socket resource leak.
* scd/scdaemon.c (main): Use gnupg_fd_t for socket, and use
assuan_sock_close for the socket allocated by assuan_sock_new.
(handle_connections): Use gnupg_fd_t for listen_fd.
Use assuan_sock_close for the socket by npth_accept.

--

GnuPG-bug-id: 5029
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-29 09:55:02 +09:00
Werner Koch
435861b9fb
dirmngr: Escape more characters in WKD requests.
* dirmngr/server.c (proc_wkd_get): Also escape '#' and '+'
--
GnuPG-bug-id: 5902
2022-03-28 16:12:03 +02:00
Werner Koch
253fcb9777
gpg: Remove EAX from the preference list.
* g10/gpg.c (main): Remove note about rfc4880bis.
* g10/keygen.c (keygen_set_std_prefs): Use only OCB in the AEAD
preference list.
--

It is more than unlikely that EAX will ever be used in practice and
thus we remove it from the preference list.
2022-03-28 15:25:55 +02:00
NIIBE Yutaka
f0a1c79f60 agent: KEYTOCARD prefers to specified time.
* agent/command.c (cmd_keytocard): Timestamp at "Created:" field is
only used when time is not specified.

--

Fixes-commit: c795be79c1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-28 09:08:08 +09:00
Werner Koch
90caa7ad59
dirmngr: Workaround for a certain broken LDAP URL
* dirmngr/ldap.c (url_fetch_ldap): Detect and replace.
--

The actual URL causing this is

ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,\
C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint

It is actually not very helpful because I had problems finding the
issuer cert:

CN=dgnservice CRL2101 13:PN,O=DGN Deutsches Gesundheitsnetz \
Service GmbH,C=DE
2022-03-25 13:36:20 +01:00
Werner Koch
0f03bdcd2e
common,w32: Fix early home dir creation.
* common/homedir.c (w32_try_mkdir): Remove.
(standard_homedir): Call gnupg_mkdir directly.
(_gnupg_socketdir_internal): Ditto.
--
GnuPG-bug-id: 5895
2022-03-25 13:22:46 +01:00
NIIBE Yutaka
caba9df726 tools:gpgconf: Fix gc_component table.
* tools/gpgconf-comp.c [!BUILD_WITH_TPM2D] (gc_component): Add a dummy
entry.

--

GnuPG-bug-id: 5701
Reported-by: Adriaan de Groot
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-25 14:28:22 +09:00