* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
keyserver.ubuntu.com.
* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/http.c (http_session_new): Ditto.
* dirmngr/server.c (make_keyserver_item): Use a different mapping for
the gnupg.net names.
--
Due to the unfortunate shutdown of the keyserver pool, the long term
defaults won't work anymore. Thus it is better to change them.
For https access keyserver.ubuntu.com is now used because it can be
expected that this server can stand the load from newer gnupg LTS
versions.
For http based access the Dutch Surfnet keyserver is used. However
due to a non-standard TLS certificate this server can not easily be
made the default for https.
Note: that the default server will be changed again as soon as a new
connected keyserver infrastructure has been established.
* scd/ccid-driver.c (abort_cmd): Add INIT argument to support
synchronize until success, even ignoring timeout.
(bulk_in): Normal use case of abort_cmd.
(ccid_vendor_specific_init): Initial use case of abort_cmd.
--
Another backport to stabilize SCM SPR332/SPR532 card reader.
GnuPG-bug-id: 5297
Backport-master-commit: a9aa30ed2c
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve
errors.
--
For unknown reasons some versions of Fedora or RHEL provide a patched
version of Libgcrypt with Brainpool support removed. We better ignore
this error because it is a regression in 2.2.28 although that older
versions could not used Brainpool keys.
GnuPG-bug-id: 5502
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on
error.
--
To test this switch the Windows Console to "legacy mode"
set LANG=de
gpg --card-edit
and enter an invalid command. The response contains an Umlaut and old
Windows versions (and the legacy console) don't have a proper font
installed for this. Without this patch this runs into a log_fatal
error.
The mitigation we implement is to fallback to WriteConsoleA, that is
accepting wrong encoding and to print a note about the problem.
GnuPG-bug-id: 5491
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern.
(ks_hkp_get): Allow for mail addresses.
-
Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail
address as an exact pattern (e.g. "=foo@example.org"). Since 2.2.28
the mail address is detected gpg gpg and we see for example
"<foo@example.org>". This patch fixes this to turn a mail address
into an exact match again.
GnuPG-bug-id: 5497
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/iso7816.c (map_sw): Recognize 6A86.
--
Yubikey NEO does not support the YK4_GET_CAPA command (001D000000),
and it will be screwed up with the command.
GnuPG-bug-id: 5487
Back-port-master-commit: 13bc0431ff
Fixes-commit: ec56996029
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/openfile.c (overwrite_filep): Use gnupg_access.
--
As said, this is just an obvious but partial fix. We need to review
things for the output module.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgtar-create.c (fillup_entry_w32): Move parentheses.
--
Fixes-commit: 8b8925a2bd
The bug is so obvious that I wonder why it was not reported more often
on Windows. (Adding 1 to MAXDWORD (0xfffffff) always gives 0 for the
product).
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
alias.
--
We should use "keyserver" for OpenPGP and thus it is better to allow
for "ldapserver" here - it is the same convention as now used in
dirmngr.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr_ldap.c (main): Handle no args case.
--
This is required for example for CRLs. The old code did not require
this because the hos was taken from the URL given has arg.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-w32.c (gnupg_spawn_process): Change to use
CreateProcessW.
(gnupg_spawn_process_fd): Ditto.
(gnupg_spawn_process_detached): Ditto.
* g10/exec.c (w32_system): Ditto.
--
GnuPG-bug-id: 4398
We do not use this weirdo CREATE_UNICODE_ENVIRONMENT flag because it
does not make any sense to have non-ASCII names in the environment. I
can't imagine why this should be used at all and rationale for this
API features is, well, sparse.
(cherry picked from commit cf2f6d8a3f)
* common/exechelp-w32.c (gnupg_spawn_process_detached): Add
CREATE_BREAKAWAY_FROM_JOB creation flag if required.
--
When the gpg process is assigned to a W32 "Job" the
child processes are killed once the Job is finished.
As we want our detached processes to linger e.g.
gpg-agent the breakaway flag is required in
that case.
GnuPG-Bug-Id: T4333
Thanks to Jan Echternach for reporting this and providing
a patch.
Signed-off-by: Andre Heinecke <aheinecke@gnupg.org>
(cherry picked from commit 03df28b18b)
* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
UTF-8 for input and putput. Switch gettext to UTF-8.
* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
--
With this patch the former patch to use ReadConsoleW and WriteConsoleW
in ttyio.c are kind of superfluous because the ANSI version of these
functions are also able to read/write UTF-8 directly given the console
code page has been set correctly. However, this seems to work only
with recent versions of Windows-10.
GnuPG-bug-id: 4365
(cherry picked from commit 8c41b8aac3)
Removed changes for "gpgconf --show-codepages" of the original patch.
* common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
(w32_write_console): New.
(tty_printf, tty_fprintf) [W32]: Use new function.
--
Note that due this change fixed stings (i.e. gettext translations)
printed to the console will not be rendered correctly unless "chcp
65001" has been used. This needs to be fixed by followup patch.
GnuPG-bug-id: 4365
(cherry picked from commit f165c8a737)
* common/t-w32-cmdline.c (test_all): Add new test cases.
* common/w32-misc.c (strip_one_arg): Add arg endquote.
(parse_cmdstring): Take care of backslashes in quotes.
--
I found some new test vectors from Microsoft.
(cherry picked from commit 20c6007686)
* common/w32-misc.c: New.
* common/t-w32-cmdline.c: New.
* common/init.c: Include w32help.h.
(prepare_w32_commandline): New.
(_init_common_subsystems) [W32]: Call prepare_w32_commandline.
* common/Makefile.am (common_sources) [W32]: Add w32-misc.c
(module_tests): Add t-w32-cmdline
(t_w32_cmdline_LDADD): New.
--
The rules for the command line parser are not cleary specified - if at
all. See the comment in t-w32-cmdline.c.
We can't use the mingw version because that would require to change
all argv handling to be wchar_t and that only for Windows. That would
be too ugly. Parsing the command line into argv by us is much easier
and we can do that only if needed - i.e. if globing is required (we
are prepared for this) or a non-ASCII character has been encountered.
This way we keep things stable and only fix the currently not working
Unicode problem.
GnuPG-bug-id: 4398
(cherry picked from commit deb6c94362)
* g10/gpg.c (_dowildcard): Remove.
(my_strusage): Enable wildcards using our new system.
--
This patch actually removes the current globing using a mingw
feature. We are not able to use this because it does not handle
Unicode filenames. The plan is to implement this in init.c. This
patch merely configures gpg to request globing.
GnuPG-bug-id: 4398
(cherry picked from commit 8e15506d66)
* agent/cvt-openpgp.c (convert_from_openpgp_main): Return
GPG_ERR_BAD_SECKEY.
--
Backport master commit of:
21ef425e22
When non-protected case, error at gcry_pk_testkey results
GPG_ERR_BAD_PASSPHRASE. Here, it should be converted to
GPG_ERR_BAD_SECKEY, or else, user will be asked passwd even if it's
not protected.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the
password_param thing because we set the password directly without an
intermediate var.
--
Reported-by: Ingo Kloecker
* sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error if gpgrt
supports this.
* sm/decrypt.c (decrypt_gcm_filter): New.
(gpgsm_decrypt): Use this filter if requested. Check authtag.
* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in consumer (decrypt) de-vs mode.
--
Backported-from-master: 4980fb3c6d
We allow GCM in de-vs mode for decryption although this has not been
evaluation. It is decryption and thus no serious harm may happen.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (make_keyserver_item): Fix default port for ldaps.
Move a tmpstr out of the blocks.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT.
* dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ...
(parse_rereadable_options): here.
--
Note that this has not yet been tested. In fact a test with OpenLDAP
using a modified route got stuck in the connection attempt. Maybe it
works on Windows - will be tested later.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (opts): Add option --ldapserver.
(ldapserver_list_needs_reset): New var.
(parse_rereadable_options): Implement option.
(main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used.
* dirmngr/server.c (cmd_ldapserver): Add option --clear and list
configured servers if none are given.
--
This option allows to specify LDAP keyserver in dirmngr instead of
using gpgsm.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (cmd_ldapserver): Strip an optional prefix.
(make_keyserver_item): Handle non-URL ldap specs.
* dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls,
ldap_over_tls, and ntds.
* dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host
string. Improve error messages for the non-file case. Support flags.
* dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs.
(ks_action_search, ks_action_get, ks_action_put): Ditto.
* dirmngr/ks-engine-ldap.c: Include ldapserver.h.
(ks_ldap_help): Handle non-URL ldap specs.
(my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support
URLs and non-URL specified keyservers.
(ks_ldap_get): Adjust for changes in my_ldap_connect.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
--
The idea here is to unify our use of URLS or colon delimited ldap
keyserver specification. The requirement for percent escaping, for
example the bindname in an URLs, is cumbersome and prone to errors.
This we allow our classic colon delimited format as an alternative.
That format makes it also easy to specify flags to tell dirmngr
whether to use starttls or ldap-over-tls. The code is nearly 100%
compatible to existing specification. There is one ambiguity if the
hostname for CRL/X509 searches is just "ldap"; this can be solved by
prefixing it with "ldap:" (already implemented in gpgsm).
GnuPG-bug-id: 5405, 5452
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid
an ambiguity in dirmngr by adding a prefix if needed.
* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here. Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--
We now rely on the dirmngr to parse the keyserver specs. Thus a bad
specification will not be caught immediately. However, even before
that dirmngr had stricter tests.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch