* common/homedir.c (get_default_pinentry_name): New.
(gnupg_module_name): Use that for the default pinentry.
(gnupg_module_name_flush_some): New.
* agent/gpg-agent.c (agent_sighup_action): Flush some module names.
* agent/call-pinentry.c (start_pinentry): Do not modify
opt.pinentry_program.
--
The idea with this change is that under Windows we can install a
simple native Windows pinentry as "pinentry-basic" and a full GUI
version may then later install pinentry-gtk etc which would then
automatically be used.
Unfortunately installing another pinentry from a different package
would clobber the GnuPG core directory which is not nice. To fix that
we would need to agree on standard installation directories for GUIs
to also look there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.w32-manifest.in: New.
* g10/gpg-w32info.rc: Add manifest.
* g10/Makefile.am (EXTRA_DIST): Add manifest.
(gpg-w32info.o): Depend on manifest.
* configure.ac (BUILD_VERSION): New.
(AC_CONFIG_FILES): Add manifest.
--
There are no dependencies yet defined - we need to do this for the
libs first.
Signed-off-by: Werner Koch <wk@gnupg.org>
* build-aux/speedo.mk (WITH_GUI): New macro. The Windows installer is
now build by default without any GUI stuff.
* build-aux/speedo/w32/inst.nsi: Change standard installation
directory.
(AddToPath, un.RemoveFromPath): New.
(gnupginst): Add bin directory to the PATH.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (w32_rootdir): Use Unicode fucntion not only for
WinCE.
--
This uses the same code We used for WindowsCE. It has not been tested
with a Unicode requiring installation directory.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-update.c (blob_filecopy): Fix resource leak. On error
return, 'fp' and 'newfp' was never closed.
--
Signed-off-by: Joshua Rogers <git@internot.info>
[Log entry reformatted, and added more fixes - gniibe]
* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
(MAX_UID_PACKET_LENGTH): New.
(MAX_COMMENT_PACKET_LENGTH): New.
(MAX_ATTR_PACKET_LENGTH): New.
(parse_key): Limit the size of a key packet to 256k.
(parse_user_id): Use macro for the packet size limit.
(parse_attribute): Ditto.
(parse_comment): Ditto.
--
Without that it is possible to force gpg to allocate large amounts of
memory by using a bad encoded MPI. This would be an too easy DoS.
Another way to mitigate would be to change the MPI read function to
allocate memory dynamically while reading the MPI. However, that
complicates and possibly slows down the code. A too large key packet
is in any case a sign for broken data and thus gpg should not use it.
Reported-by: Hanno Böck
GnuPG-bug-id: 1823
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (list_config): Replace print_sanitized_string2 by
es_write_sanitized.
* common/stringhelp.c (print_sanitized_buffer2): Remove.
(print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
(print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
(print_sanitized_string): Remove.
* sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
(pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
--
Mixing stdio and estream is never a good idea. This fix also allows
us to remove a lot of garbage.
Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
GnuPG-bug-id: 1822
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
Make sure that R_FLAGS and R_CURVE are set to NULL.
--
Given that extract_private_key is not file local it is good to have some
extra asserts to protect against future wrong use.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (store_fpr): Remove CARD_VERSION from the
arguments.
(rsa_writekey): Follow the change.
(do_genkey): Likewise.
(ecc_writekey): Likewise. Cast to size_t.
--
KEYTOCARD caused SEGV of scdaemon on 64-bit arch. That's because
int is 32-bit, but size_t is 64-bit.
* agent/cvt-openpgp.c (extract_private_key): New.
(convert_to_openpgp): Use extract_private_key.
* agent/findkey.c (agent_public_key_from_file): Use
extract_private_key.
--
This patch add support of ECC key with a curve name and flags. Since
same functionality is also needed for convert_to_openpgp, it was
factored out into the extract_private_key function.
* sm/minip12.c (p12_build): Release PWBUF only at the end.
--
Suggested-by: Eygene Ryabinkin <rea@codelabs.ru>
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'.
--
Variable 'rc' in send_escape_cmd was overwritten before it was
returned, leading to incorrect computation.
Signed-off-by: Joshua Rogers <git@internot.info>
[Log entry reformatted - wk]
(cherry picked from commit 3d9f8bf1dc)
* tools/gpgconf-comp.c (option_check_validity): Enable check for
UINT32.
--
Reported-by: Günther Noack <gnoack@google.com>
This is actually a bug which inhibited the checking of values of type
UINT32.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
GnuPG-bug-id: 1602
I added options shown with --help but missing in the man page.
However, --help won't show everything listed in the man age and
frankly there are even more options not listed anywhere (to see them
use --dump-options).
* g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy
keys.
* g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY.
(prepare_search): Ditto.
(keyring_rebuild_cache): Skip legacy keys.
* g10/keyserver.c (keyidlist): Ditto.
* g10/trustdb.c (validate_key_list): Ditto.
--
This is not the most elegant way to handle it but it reduces the
chance for unwanted side effects.
GnuPG-bug-id: 1816
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
gpg_strerror.
(G10ERR_): Remove all macros and change all occurrences by their
GPG_ERR_ counterparts.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c: Include shareddefs.h.
(quick_generate_keypair): Support static passphrase.
(get_parameter_passphrase): New.
(do_generate_keypair): Use it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-search.c (blob_get_keyid): Rename to
blob_get_first_keyid. Check number of keys and remove blob type check.
--
There is no need to check the blob type. We already know that it is a
key blob type and keyids are used for X.509 and OpenPGP. Also added
check for number of keys because the other parser functions do it as
well.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-search.c (blob_get_keyid): New.
(keybox-search): Call skipfnc callback function.
--
This patch (tentatively) fixes
GnuPG-bug-id: 1794
The keybox_search function in kbx/keybox-search.c currently ignores
the skipfnc callback, but the validate_key_list function in
g10/trustdb.c uses such a callback to exclude ultimately trusted keys.
* scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
allow for larger certificates.
--
Cherry-pick from 5798673156.
Forward ported from 2.0.
* dirmngr/ks-engine-hkp.c (map_host): Fix error return.
--
In ks-engine-hkp.c on line 509 'reftbl' is freed, but it is then
used on line 511. I'm guessing this is a missing return;.
Reported-by: Joshua Rogers <honey@internot.info>
Debian-Bug-Id: 773520
Other fixes on error added too.
* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.
--
Inside the get_public_key function, 'fp' was opened using popen, but
incorrectly closed using fclose.
Debian-Bug-Id: 773474
* sm/misc.c (transform_sigval): Init RSA_S_LEN.
* g13/mount.c (read_keyblob): Init HEADERLEN.
--
Not a bug but the compiler (gcc 4.9.1) can't detect that it is not
used uninitialized.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
--
That bug has been here since the beginning. The entire function needs
a review or be be moved to Libgcrypt.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
double-free of pwbuf.
--
Observed by Joshua Rogers <honey@internot.info>, who proposed a
slightly different fix.
Debian-Bug-Id: 773472
Added fix at a second place - wk.
* scd/command.c (cmd_readkey): avoid double-free of cert
--
When ksba_cert_new() fails, cert will be double-freed.
Debian-Bug-Id: 773471
Original patch changed by wk to do the free only at leave.
* common/iobuf.c: (iobuf_open): initialize len
--
In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
(via file_filter()) on fcx, passing in a pointer to an uninitialized
len.
With these two commands, file_filter doesn't actually do anything with
the value of len, so there's no actual risk of use of uninitialized
memory in the code as it stands.
However, some static analysis tools might flag this situation with a
warning, and initializing the value doesn't hurt anything, so i think
this trivial cleanup is warranted.
Debian-Bug-Id: 773469
* common/dotlock.c: (dotlock_create_unix) avoid double-close()
in unusual situations.
--
close(2) says:
close() should not be retried after an EINTR since this may
cause a reused descriptor from another thread to be closed.
Before this patch was applied, if close(fd) failed with EINTR, it
would be closed again in the write_failed: block.
It could also have been closed a second time in the case that
(use_hardlinks_p (h->tname)) evaluated to something other than 0 or 1.
This patch avoids both of those scenarios.
Note that close() could still be called twice on the same file
descriptor if the first close(fd) fails but errno is not EINTR. I'm
not sure the right thing to do in that scenario. An alternate
resolution could be to unequivocally set fd to -1 after the first
failed close(fd), avoiding the errno == EINTR test.
Debian-Bug-Id: 773423