1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

9849 Commits

Author SHA1 Message Date
NIIBE Yutaka
598884699d
dirmngr: Fix for USE_LDAP.
* dirmngr/ks-action.c [USE_LDAP] (ks_action_help): Recover variables.
* dirmngr/server.c [USE_LDAP] (dirmngr/server.c): Likewise.

--

Fixes-commit: 3d7dbf1661
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 16:45:22 +09:00
NIIBE Yutaka
0b532627e8
common: Fix t-recsel.
* common/t-recsel.c (main): Don't need to call init_common_subsystems.

--

GnuPG-bug-id: 6200
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 15:42:03 +09:00
NIIBE Yutaka
23d7b7cfb0
dirmngr:dns: Fixes for function prototypes.
* dirmngr/dns.c (dns_a_parse0, dns_a_push0, dns_a_cmp0): New.
(dns_a_print0, dns_aaaa_parse0, dns_aaaa_cmp0): New.
(dns_aaaa_print0, dns_mx_parse0, dns_mx_push0, dns_mx_cmp0): New.
(dns_mx_print0, dns_mx_cname0, dns_ns_parse0, dns_ns_push0): New.
(dns_ns_cmp0, dns_ns_print0, dns_ns_cname0, dns_cname_parse0): New.
(dns_cname_push0, dns_cname_cmp0, dns_cname_print0): New.
(dns_cname_cname0, dns_soa_parse0, dns_soa_push0): New.
(dns_soa_cmp0, dns_soa_print0, dns_srv_parse0, dns_srv_push0): New.
(dns_srv_cmp0, dns_srv_print0, dns_srv_cname0, dns_opt_parse0): New.
(dns_opt_push0, dns_opt_cmp0, dns_opt_print0, dns_ptr_parse0): New.
(dns_ptr_push0, dns_ptr_cmp0, dns_ptr_print0, dns_ptr_cname0): New.
(dns_sshfp_parse0, dns_sshfp_push0, dns_sshfp_cmp0): New.
(dns_sshfp_print0, dns_txt_parse0, dns_txt_push0, dns_txt_cmp0): New.
(struct dns_rrtype): Add function prototypes.
(dns_rrtypes): Use "0" variant of functions.
(DNS_PRAGMA_PUSH, DNS_PRAGMA_POP): Remove.

--

Original code was pretty badly written ignoring the type system of C,
but modern compiler encourages use of the type system.  No
architectural changes, but only things mechanically possible.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 14:53:13 +09:00
NIIBE Yutaka
3d7dbf1661
agent,dirmngr,gpg,scd: Clean up for modern compiler.
* agent/protect.c (agent_get_shadow_info_type): It's a write only
variable, useful for debugging.
* g10/key-check.c (key_check_all_keysigs): Likewise.
* g10/keyedit.c (show_basic_key_info, menu_expire): Likewise.
* scd/app-sc-hsm.c (read_ef_prkd): Likewise.
* dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars.
* dirmngr/ks-action.c (ks_action_help): Remove unused variables.
* dirmngr/server.c (make_keyserver_item): Likewise.
* dirmngr/validate.c (check_cert_sig): Initialize the variable.
* scd/app-p15.c (select_and_read_record): Likewise.
* tests/gpgscm/scheme.c (scheme_init_new): A function with no args.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 12:08:58 +09:00
NIIBE Yutaka
e133bcb1cd
tools:gpg-auth: Enhance it to support use case for login.
* tools/Makefile.am: gpg-auth is one in libexec_PROGRAMS.
* tools/gpg-auth.c: Support use by root for login user.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-13 16:41:10 +09:00
NIIBE Yutaka
87d4338ed1
gpg,common,scd,sm: Function prototype fixes for modern compiler.
* common/gettime.c (gnupg_get_time): It has no arguments.
* common/signal.c (gnupg_block_all_signals): Likewise.
(gnupg_unblock_all_signals): Likewise.
* common/utf8conv.c (get_native_charset): Likewise.
* g10/cpr.c (is_status_enabled, cpr_enabled): Likewise.
* g10/getkey.c (getkey_disable_caches): Likewise.
* g10/keygen.c (ask_expiredate): Likewise.
* g10/passphrase.c (have_static_passphrase): Likewise.
(get_last_passphrase): Likewise.
* g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise.
(tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise.
(tdbio_read_nextcheck): Likewise.
* g10/trustdb.c (how_to_fix_the_trustdb): Likewise.
* scd/scdaemon.c (scd_get_socket_name): Likewise.
* sm/passphrase.c (have_static_passphrase): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-13 16:34:00 +09:00
Ingo Klöcker
a47b3a4087
sm: Fix reporting of bad passphrase error
* sm/minip12.c (p12_parse): Set badpass flag to result in ctx.
--

Fixes-commit: a4e04375e8
GnuPG-bug-id: 5713, 6037
2022-09-09 18:23:11 +02:00
Ingo Klöcker
07b0786939
Revert "common: Add a default OpenPGP ECC mapping."
This reverts commit 8e63e813c7.

The change broke adding existing ECDH encryption subkeys to a key.

GnuPG-bug-id: 5555
2022-09-09 18:23:11 +02:00
Werner Koch
abf7d3c545
agent: Don't start in --supervised mode if no-autostart is enabled.
* agent/gpg-agent.c (main): Print an error message if no-autostart is
set in common.conf.
2022-09-07 11:54:23 +02:00
Werner Koch
0988e49c45
gpg: Support key flags for RENC, TIME, and GROUP.
* g10/packet.h (PUBKEY_USAGE_RENC): New.
(PUBKEY_USAGE_TIME): New.
(PUBKEY_USAGE_GROUP): New.
* g10/getkey.c (parse_key_usage): Set the new key flags.
* g10/keyedit.c (show_key_with_all_names_colon): Show the new key
flags.
* g10/keyid.c (usagestr_from_pk): Ditto
* g10/keylist.c (print_capabilities): Ditto.
* g10/keygen.c (parse_usagestr): Parse line and set new flags.
(quickgen_set_para): Show flags.
--

See draft-koch-openpgp-2015-rfc4880bis-00 for the current version.
Actually these flags have been in the draft for years now.  This patch
is a first step to make use of them.
2022-09-07 11:54:23 +02:00
NIIBE Yutaka
dc9227ca57 tools:gpg-auth: Support use of pinpad.
* tools/gpg-auth.c (getpin): Use comment.
(inq_needpin): Support "POPUPPINPADPROMPT" protocol response.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-06 13:52:51 +09:00
NIIBE Yutaka
f7e0b0c8a5 common: Fix to determine ECC curve for SSH.
* common/ssh-utils.c (ssh_public_key_in_base64): Use standard name for
ECC curve.

--

See oidtable in common/openpgp-oid.c.

Fixes-commit: 8e650dbd48
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-06 13:43:03 +09:00
NIIBE Yutaka
7a22f764d5 tools:gpg-auth: Show SSH key comment when asking PIN.
* tools/gpg-auth.c (authenticate): Put key_list->comment to assuan
user's pointer.
(getpin): Show SSH key comment if any.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-05 14:42:06 +09:00
NIIBE Yutaka
3e5f99e648 tools: Fix gpg-auth.
* tools/gpg-auth.c (my_strusage): Fix usage string.
(main): Use gpg-agent to get scdaemon socket.
(authenticate): Return GPG_ERR_NOT_FOUND when no success.
(ga_scd_connect): Use DBG_IPC.
(inq_needpin): Change API for getpin.
(put_second_field_cb): New, to get the second field.
(scd_get_pubkey): Use put_second_field_cb.
(ga_filter_by_authorized_keys): Put NULL at the PREV->next.
(getpin): Flush the standard output.
Include the last terminating NUL.
Return the length.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-02 19:00:20 +09:00
NIIBE Yutaka
d49788ef9f tools:gpg-auth: New tool for authentication.
* tools/Makefile.am (bin_PROGRAMS): Add gpg-auth.
(gpg_auth_SOURCES, gpg_auth_LDADD):
* tools/gpg-auth.c: New.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-02 14:52:17 +09:00
Werner Koch
cd7570f02e
common: Make nvc_lookup more robust.
* common/name-value.c (nvc_first): Allow for NULL arg.
(nvc_lookup): Allow for PK being NULL.
--

GnuPG-bug-id: 6176
2022-09-01 17:44:50 +02:00
NIIBE Yutaka
c26393a2cb po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-01 14:48:35 +09:00
Werner Koch
17073c9abc
dirmngr: New option --debug-cache-expired-certs.
* dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs:
* dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* dirmngr/certcache.c (put_cert): Handle the option.
2022-08-31 18:11:36 +02:00
NIIBE Yutaka
0662b9444b dirmngr: Reject certificate which is not valid into cache.
* dirmngr/certcache.c (put_cert): When PERMANENT, reject the
certificate which is obviously invalid.

--

With this change, invalid certificates from system won't be registered
into cache.  Then, an intermediate certificate which is issued by an
entity certified by such an invalid certificate will be also rejected
with GPG_ERR_INV_CERT_OBJ.  With less invalid certificates in cache,
it helps the validate_cert_chain function work better.

GnuPG-bug-id: 6142
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-08-26 09:24:00 +09:00
NIIBE Yutaka
6df8608c3e scd: Add npth_unprotect/npth_protect for blocking operations.
* scd/ccid-driver.c (ccid_open_usb_reader): Name the thread.
(ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap
blocking operations by npth_unprotect/npth_protect.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-08-25 13:13:11 +09:00
Werner Koch
f4b01ddc6a
scd: Add a libusb debug level.
* scd/ccid-driver.c (USE_LIBUSB_DEBUG_CB): New const.
(debug_libusb_cb): new.
(ccid_set_debug_level): Use it.
--

This allows to see the libusb log in our usual debug output.  For this
the option debug-ccid-driver needs to be given 5 or more times.
2022-08-22 12:05:18 +02:00
Werner Koch
203dcc19eb
common: New common option no-autostart.
* common/comopt.c (opts): Add "no-autostart".
(parse_comopt): Set it.
* common/comopt.h (comopt): Add no_autostart.

* g10/gpg.c (main): Take care of the new option.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add.
(main): Parse common options and handle new option.
* tools/gpg-card.c (main): Ditto.
(cmd_yubikey): Fix minor error reporting issue.

* common/util.h (GNUPG_MODULE_NAME_CARD): New const.
* common/homedir.c (gnupg_module_name): Support it.
--

Having a global option makes it easier to use disable autostart on a
server which is required to use a remote gpg-agent reliable.
2022-08-22 12:05:02 +02:00
Andre Heinecke
bca00f1fba
dirmngr: Fix NTBTLS include for test
* dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add NTBTLS.

--
This fixes the build in case every lib is installed into its
own prefix.
2022-08-16 16:28:45 +02:00
Werner Koch
287597cb22
gpg: Fix --card-status to handle lowercase APPTYPEs
* g10/card-util.c (current_card_status): Use ascii_strcasecmp.
2022-08-16 12:34:00 +02:00
Werner Koch
7046001b07
doc: Update description of the key format.
--
2022-08-16 12:33:26 +02:00
Werner Koch
1908fa8b83
gpg: Improve --edit-key setpref.
* g10/keygen.c (keygen_set_std_prefs): Allow extra spaces before
preference elements.  Detect the bracketed versions of the strings.
Ignore "aead".
--

This allows to c+p the list shown by pref with out remove the
brackets.
2022-08-12 11:46:30 +02:00
Werner Koch
989eae648c
agent: New option --need-attr for KEYINFO.
* agent/command.c (do_one_keyinfo): New arg need_Attr.
(cmd_keyinfo): New option --need-attr.

* agent/findkey.c (public_key_from_file): Use nvc_get_boolean.
--

This option makes it easier to list keys suitable only for certain
purposes.

The second patch makes if compliant to the description in
keyformat.txt
2022-08-11 11:25:49 +02:00
Werner Koch
40f0fcfaa4
common: New function nvc_get_boolean.
* common/name-value.c (nvc_get_boolean): New.
2022-08-11 11:25:49 +02:00
Ingo Klöcker
2cbb5760d7 gpg: Emit an ERROR status if --quick-set-primary-uid fails
* g10/keyedit.c (keyedit_quick_set_primary): Issue a status error.
--

This allows GpgME to detect and report a failure if setting the primary
user ID of a key failed.

GnuPG-bug-id: 6126
2022-08-09 12:02:28 +02:00
Ingo Klöcker
82c53efd63 gpg: Look up user ID to mark as primary by UID hash
* g10/keyedit.c (find_userid_by_namehash, find_userid): Add argument
want_valid. Skip invalid user IDs if valid is wanted.
(keyedit_quick_revuid): Ask find_userid() for any matching user ID.
(keyedit_quick_set_primary): Use find_userid() to find the user ID to
mark as primary.
* tests/openpgp/quick-key-manipulation.scm: Change second call of the
quick-set-primary-uid test to specify the user ID by its hash.
--

This makes it possible to specify the user ID to mark as primary via its
UID hash when calling --quick-set-primary-uid.

GnuPG-bug-id: 6126
2022-08-08 12:31:15 +02:00
Werner Koch
189102ac17
gpg: Fix wrong error message for keytocard.
* g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE.
--

GnuPG-bug-id: 6122
2022-08-04 12:41:33 +02:00
Werner Koch
4ef8516a79
common: Silence warnings from AllowSetForegroundWindow.
* common/sysutils.c (gnupg_allow_set_foregound_window): Print warning
only with debug flag set.
2022-08-03 11:11:22 +02:00
Werner Koch
b067285d59
dirmngr: Fix failed malloc error message.
* dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
2022-08-03 10:49:58 +02:00
Werner Koch
5fb2306b97
gpgconf: Add config file for Windows Registry dumps.
* tools/gpgconf.c (show_registry_entries_from_file): New.
(show_configs): Call it.
* doc/examples/gpgconf.rnames: New.
* doc/Makefile.am (examples): Add it.
2022-08-03 09:31:44 +02:00
Werner Koch
171725c971
g13: Remove unused variable.
--
2022-08-02 18:45:06 +02:00
Werner Koch
e542c4af18
gpg: Make symmetric + pubkey encryption de-vs compliant.
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.

* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
--

The original check was too strong because it is in fact compliant to
encrypt with a symmetric key and and public key.  Thus decryption
should issue a compliance status.

In addition we now check that the cipher algorithms used to
symmetrically encrypt the session key are all compliant.  This is
similar to our check for all public key encrypted session key packets.

GnuPG-bug-id: 6119
Fixes-commit: b03fab09e1

Backported from 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2022-08-02 18:41:23 +02:00
Werner Koch
ea7aba6e60
gpgconf: Improve registry dumping.
* common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and
change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key.  Indicate whether the HKLM fallback was used.
--

Note that this is  backport from 2.2.  The new support there for
REG_DWORD needs to be implemented in libgpg-error, though.
2022-08-02 14:35:38 +02:00
Werner Koch
10f42f313c
tests: Install links for tpm2daemon
* Makefile.am (all-local): Install missing symlinks.
--

GnuPG-bug-id: 6052
2022-08-01 15:10:07 +02:00
Werner Koch
8e63e813c7
common: Add a default OpenPGP ECC mapping.
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map ECC to ECDSA
which is similar to what we do at opther places in gpg.
--

GnuPG-bug-id: 5555
2022-08-01 10:34:16 +02:00
Werner Koch
67e510cbf7
scd:opengpg: Minor vendor name fix
--
2022-07-28 13:06:03 +02:00
Werner Koch
eb675fbc4e
gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
algorithm.
--

GnuPG-bug-id: 6043
2022-07-28 10:41:02 +02:00
Werner Koch
6d9c8a1cbc
scd:openpgp: New vendor
--
2022-07-28 09:01:24 +02:00
Werner Koch
4c8792fa10
wkd: Bind the address to the nonce.
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--

Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <pbreuch@mail.upb.de>
GnuPG-bug-id: 6098
2022-07-27 11:41:34 +02:00
Werner Koch
77090e5260
tests: Add missing file for tpm2d tests to the tarball.
--
GnuPG-bug-id: 6052
2022-07-27 11:40:33 +02:00
Werner Koch
1735b5ffa8
doc: Minor typo fix
--

GnuPG-bug-id: 6092
2022-07-26 10:51:38 +02:00
Werner Koch
8a63a8c825
wkd: Fix path traversal attack on gpg-wks-server.
* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.
2022-07-25 10:21:44 +02:00
NIIBE Yutaka
2791169aa9 build: Update gpg-error.m4.
* gpg-error.m4: Update from libgpg-error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-22 13:24:35 +09:00
NIIBE Yutaka
7e44f88366 build: Update config.guess, config.sub, and config.rpath.
* build-aux/config.guess: Update from upstream.
* build-aux/config.sub: Ditto.
* build-aux/config.rpath: Update from gettext 0.21.

--

GnuPG-bug-id: 6078
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-18 17:48:34 +09:00
NIIBE Yutaka
f34b9147eb scd:openpgp: Fix workaround for Yubikey heuristics.
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.

--

GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-13 10:40:55 +09:00
Werner Koch
95651d1a4f
Post release updates
--
2022-07-11 13:39:39 +02:00