1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

1054 Commits

Author SHA1 Message Date
Werner Koch
c825117c5f
common: New function to uncompress an ECC public key.
* common/sexputil.c (ec2os): New.
(uncompress_ecc_q_in_canon_sexp): New.

* common/t-sexputil.c (fail2): new.
(test_ecc_uncompress): New.
(main): Run new test.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 935765b451aadc63fbba763a4a00f4efa0254436)
2021-04-29 12:31:14 +02:00
Werner Koch
473e649ea1
common: New function cmp_canon_sexp.
* common/sexputil.c (cmp_canon_sexp): New.
(cmp_canon_sexp_def_tcmp): New.
* common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
--

To be used to fix
GnuPG-bug-id: 5061

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b6ba6a79ce9336f1b53f16f3d1190dd009fb166e)
2021-04-29 12:25:46 +02:00
Werner Koch
855d14d390
scd: Extend iso7816_select_path
* scd/iso7816.c (iso7816_select_path): Add arg top_fd.
* scd/app-nks.c (do_readkey): Adjust for this change
(select_ef_by_path: Ditto.

* common/tlv.h: Include membuf.h.
--

Including membuf.h is just for easier backporting.  In 2.3 it is
actually required in tlv.h but in 2.2 we right now only use it
indirect.
2021-04-29 10:38:29 +02:00
Werner Koch
8ef0f53cb0
common: Make the compliance check more robust.
* common/compliance.c (get_compliance_cache): New.
(gnupg_rng_is_compliant): Use per mode cache.
(gnupg_gcrypt_is_compliant): Ditto.
--

This addresses the problem tha the check might be called with
different compliance values and thus it should return the
corresponding cached result.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from 2.3.  Added PGP6 support which was removed from 2.3.
2021-04-01 13:21:33 +02:00
Werner Koch
67b82a9c60
common: New function dotlock_is_locked.
* common/dotlock.c (dotlock_is_locked): New.
(dotlock_take): Set locked flag also in disabled mode.  No more
warning if the lock has already been taken.
(dotlock_release): Clear locked flag also in disabled mode.  No more
warning if the lock has not been taken.
--

This allow to use dotlock_take and dotlock_release even if they have
already been called.  Before this changes this worked too but a
diagnostic was printed.
2021-03-02 19:11:53 +01:00
Werner Koch
3c7b1f3f5f
common: Fix compiler warning
--
2021-02-17 15:28:05 +01:00
Werner Koch
6e258babe7
Include the library version in the compliance checks.
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--

This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant.  GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 90c514868ff5fcf6d39490d4874ac3a31ba9e85f)
2021-01-28 16:01:53 +01:00
Werner Koch
4c53b2b867
Update copyright notices.
--
2021-01-11 18:40:45 +01:00
Werner Koch
3901c1a8c5
gpg,w32: Fix gnupg_remove.
* common/sysutils.c (map_w32_to_errno): New.
(gnupg_w32_set_errno): New.
(gnupg_remove) [w32]: Set ERRNO
--

To support Unicode gnupg_remove was changed to use DeleteFileW and not
properly tested because the code was alreadt used in Windows CE.
However, ERRNO was not set and thus Dirmngr failed due to

 if (!gnupg_remove (fname))
   log_info (_("removed stale te[...] file '%s'\n"), fname);
 else if (errno != ENOENT)
   {
     err = gpg_error_from_syserror ();
     log_error (_("problem remov[...] file '%s': %s\n"),
                fname, gpg_strerror (err));
     goto leave;
   }

GnuPG-bug-id: 5230
(cherry picked from commit b6967d31912912ad3c0a2ff6bf6eb9822a194562)
2021-01-11 14:26:27 +01:00
Werner Koch
323a69ef65
common: Remove superfluous debug output from dotlock.c.
* common/dotlock.c (dotlock_create_unix): Remove debug output.
--

This was left over from developement about 10 years ago.  Exhibits
itself when using sshfs.

GnuPG-bug-id: 5193
2020-12-21 17:37:58 +01:00
Werner Koch
09dc59f6d4
common: Fix the "ignore" meta command in argparse.c
* src/argparse.c (gnupg_argparse): Factor some code out to ...
(prepare_arg_return): new.
(gnupg_argparse): No missing arg error in ignore sections.
* common/sysutils.c: Include pwd.h.
(gnupg_getusername): New.
--

Options in an [ignore] section do not anymore lead to an error if an
argument is missing.  However, if the option is also in a force
section the error is thrown.

This is a port of the fix from libgpg-error.  Also fixes the
username fixme.
2020-12-21 17:24:34 +01:00
Werner Koch
a028f24136
Backport of the new option parser from 2.3
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* common/argparse.c, common/argparse.h: Rewrite.
* tests/gpgscm/main.c: Switch to the new option parser.

* g10/gpg.c: Switch to the new option parser and enable a global conf
file.
* g10/gpgv.c: Ditto.
* agent/gpg-agent.c: Ditto.
* agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c: Ditto.
* scd/scdaemon.c: Ditto.
* dirmngr/dirmngr.c: Ditto.
* dirmngr/dirmngr_ldap.c: Ditto
* dirmngr/dirmngr-client.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto.  Do not force verbose mode.
* sm/gpgsm.c: Ditto. Add option --no-options.
--

This is backport from master

commit cdbe10b762f38449b86da69076209324b0c99982
commit ba463128ce65a0f347643f7246a8e097c5be19f1
commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59

but without changing all functions names to gpgrt.  Instead we use
wrapper functions which, when building against old Libgpg-error
versions, are implemented in argparse.c using code from the current
libgpg-error.  This allows to keep the dependency requirement at
libgpg-error 1.27 to support older distributions.  Tested builds
against 1.27 and 1.40-beta.

Note that g13-syshelp does not anymore default to --verbose because
that can now be enabled in /etc/gnupg/g13-syshelp.conf.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-04 12:12:20 +01:00
NIIBE Yutaka
7d7a50ba72
common: Fix fallback handling to utf-8.
* common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.

--

GnuPG-bug-id: 5038
Fixes-commit: 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 393dcdd61c3b2da00a97176c647d9bd1c908ceba)
2020-11-27 17:46:29 +01:00
Werner Koch
163e4ff195
w32: Support Unicode also for config files etc.
* common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed.   Use
new function in most places where fopen is used.
--

The config files in 2.2 are still read using fopen - we need to change
this to allow Unicode directory names.  There is also one case where
files are written using the old fopen.  The new option parser in 2.3
does not have this problem but at some places fopen is also still used.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-10 12:09:11 +01:00
Werner Koch
9188a3c6b7
w32: Support utf8 for getcwd even if build with gpgrt < 1.40.
* common/sysutils.c (gnupg_getcwd) [W32]: Use Unicode version.
--

gpgrt 1.40 has not yet been released, so to make getcwd work properly
on Windows we need to have the code here as well.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-10 10:11:11 +01:00
Werner Koch
fc01ae5071
Require Libgpg-error 1.27
* configure.ac (NEED_GPG_ERROR_VERSION): Require 1.27
* common/util.h: Remove compatibility macros.
--

This is just a minor change to align with the need for Libgcrypt 1.8.
The latter was first released in summer 2017 while Libgpg-error 1.27
was released earlier in spring that year.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09 12:10:48 +01:00
Werner Koch
99ab3aed15
Require Libgcrypt 1.8
* configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.8.
* tools/gpgconf.c (show_version_libgcrypt): Remove conditional case
for Libgcrypt < 1.8.
* common/compliance.c (gnupg_rng_is_compliant): Ditto.
* agent/pksign.c: Ditto.
* agent/gpg-agent.c (thread_init_once): Ditto.
(agent_libgcrypt_progress_cb): Ditto.
* agent/command.c (cmd_getinfo): Ditto.
--

Libgcrypt 1.7 reached end-of-life more than a year ago.  Thus there is
no reason to keep backward support for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09 12:03:19 +01:00
Ben Kibbey
f05d1772c4
gpg: Add canceled status message.
* common/status.h (STATUS_CANCELED_BY_USER): New.
* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
instead of STATUS_MISSING_PASSPHRASE when canceled is set.
--

This is to prevent further pinentry tries when the pinentry is canceled
by the user during symmetric decryption.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
(cherry picked from commit 31e47dfad0f40e31e8b3113b933696e8e4105136)
2020-11-09 11:53:33 +01:00
Werner Koch
6fe5c8c06e
common: Fix duplicate implementation of try_make_homedir.
* g10/openfile.c (try_make_homedir): Move core of the code to ...
* common/homedir.c (gnupg_maybe_make_homedir): new.
* sm/keydb.c (try_make_homedir): Implement using new function.

* common/homedir.c: Include i18n.h.
* po/POTFILES.in: Add common/homedir.c.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-04 16:25:57 +01:00
Andre Heinecke
b4cb91d5fb
w32: Add another pinentry search path
* common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe

--
In an installation layout where GnuPG is installed as a component
of another software it might be useful to have pinentry placed
in a different bin directory without the forced folder name of
Gpg4win.
2020-11-04 13:48:18 +01:00
Werner Koch
d633e92233
w32: Fix strftime problem on Windows.
* common/gettime.c: Include locale.h.
(asctimestamp): Increase buffer.  On Windows use setlocale.
--

GnuPG-bug-id: 5073
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-03 19:31:12 +01:00
Werner Koch
56a77f57db
common: Fix gnupg_access for older libgpg-error.
--

Fixes-commit: dd5fd4a760b8cf6ae05ff878bcf36cf2465e744c
2020-10-26 12:35:28 +01:00
Werner Koch
5f8123df78
common: New functions gnupg_opendir et al.
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New.  Change all
callers of opendir, readdir, and closedir to use these functions.
--

GnuPG-bug-id: 5098
Backported-from-master: 7e22e08e2ab09cd3c2317f5e80e8ee47d46eff4b
2020-10-23 11:24:09 +02:00
Werner Koch
4252cd7b18
w32: Make gnupg_remove and gnupg_rename_file Unicode aware
* common/sysutils.c (w32_rename): New.
(gnupg_rename_file) [W32]: Support Unicode.
(gnupg_remove) [W32]: Support Unicode.  Drop Windows-CE support.
--

GnuPG-bug-id: 5098
(cherry picked from commit 9a0197b6fe412cfc66b0cece521267180e454416)
2020-10-23 11:20:24 +02:00
Werner Koch
157030271f
Replace all calls to stat by gnupg_stat.
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--

Yet another wrapper for Unicode support on Windows.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 18e5dd7b03ced51611c9ba1345cf498a0aaf14a6)
2020-10-23 11:15:59 +02:00
Werner Koch
86e52e3c33
Replace most calls to open by a new wrapper.
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New.  Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--

This is yet another step for full Unicode support on Windows.

GnuPG-bug-id: 5098
(cherry picked from commit 4dcef0e17836e8725c31a3b76f2bf7144345c808)
2020-10-23 10:02:25 +02:00
Werner Koch
d65ea29683
w32: Allow Unicode filenames for dotlock
* common/dotlock.c (any8bitchar) [W32]: New.
(dotlock_create_w32): Use strconcat and CreateFileW.

* common/t-dotlock.c: Source include dotlock.c and modify to allow
manual testing on Windows.
--

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b47c355b18d9537ccc3dd3e80cc1825b018ecff7)
2020-10-21 21:10:27 +02:00
Werner Koch
5c6e9b44cc
Replace most of the remaining stdio calls by estream calls.
--

We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change.  At a
very few places we keep using stdio (for example due to the use of
popen).

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 390497ea115e1aca93feec297a5bd6ae7b1ba6dd
2020-10-21 21:09:38 +02:00
Werner Koch
dd5fd4a760
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
(cherry picked from commit c94ee1386e0d5cdac51086c4d5b92de59c09c9b5)
2020-10-21 20:49:18 +02:00
Werner Koch
e12e5b3dab
common,w32: Change copyright holder notice.
--
2020-10-02 16:38:18 +02:00
Werner Koch
239e60a37f
gpgconf,w32: Add manifest so we get the correct windows version.
* common/w32info-rc.h.in: Update copyright info.
* tools/gpg-connect-agent-w32info.rc: Tweak file info.
* tools/gpgconf-w32info.rc: New.
* tools/gpgconf.w32-manifest.in: New.
* configure.ac: Add new .in file.
* tools/Makefile.am (EXTRA_DIST): Add them.
(gpg_connect_agent_robjs, gpgconf_robjs): New.
(gpgconf_LDADD): Add resource file.
(gpg_connect_agent_LDADD): Change name of resource macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-02 14:24:04 +02:00
Werner Koch
7de9ed521e
agent: Keep some permissions of private-keys-v1.d.
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 07:46:25 +02:00
Werner Koch
364cef997c
common: Use gpgrt functions for mkdir and chdir if available
* common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
(gnupg_chdir): Divert to gpgrt_chdir
--

To avoid bumping up the build dependency on libgpg-error 1.28 we use
the gpgrt version only if at least this libgpg-error version was used
at build time.  This won't fix any bugs though and it is in general
advisable to use the latest libgpg-error.  There are actually a couple
of very useful bug fixes for Windows in the upcoming libgpg-error 1.39
but on Unix you can live without them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:37:44 +02:00
Werner Koch
bef68efd8d
common,w32: Do not assume the ANSI codepage during string conversion.
* common/utf8conv.c (get_w32_codepage): New.
(wchar_to_native): Use instead oc CP_ACP.
(native_to_wchar): Ditto.
--

This should fix quite some issue; we fixed it when using the iconv
based machinery about 14 years ago.  At some point we introduced the
new conversion functions because Windows started to support UTF-8
natively.  The fix comes late but well, it is done.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:23:05 +02:00
Werner Koch
73b0fdabdb
common: Strip trailing CR,LF from w32_strerror.
* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
arg to w32_strerror.

--

This is in particular annoying since we started to use a string
argument sanitizer in the logging code.  Before that we just add an
extra blank line.

The second patch corrects a never yet seen error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:22:01 +02:00
Werner Koch
1efe99f3d9
gpgtar: Make --files-from and --null work as described.
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names.  Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
(main): Remove tests for --files-from and --null option combinations.
Pass option variables to gpgtar_create.
--

GnuPG-bug-id: 5027
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-20 15:53:06 +02:00
Werner Koch
829bc3bc60
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:58:52 +02:00
Werner Koch
3cf920a1e3
common: Pass the WAYLAND_DISPLAY envvar along
* common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.
--
GnuPG-bug-id: 5016

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-12 09:28:20 +02:00
NIIBE Yutaka
8d9ce32c30 w32: More adding NETLIBS.
* common/Makefile.am (t_common_ldadd): Add $(NETLIBS).

--

Cherry-picked master commit of:
	5fa4427419c875e46d051ae6ed376d5ad6037401

GnuPG-bug-id: 4994
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-30 15:11:11 +09:00
Werner Koch
c5ab1dcd54
gpgsm: Make rsaPSS a compliant scheme in de-vs mode.
--

GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 5fe3cdfc7646c2c88beb168ba34fc64f9dd2c156
2020-07-14 12:30:36 +02:00
Werner Koch
4a36adaa64
sm: Exclude rsaPSS from de-vs compliance mode.
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS.  Adjust all callers.
* common/util.c (pubkey_algo_to_string): New.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg.  Add arg pkalgoflags.  Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags.  Pass algo flags along.  Change some of the
info output to be more like current master.
--
Signed-off-by: Werner Koch <wk@gnupg.org>

This backport from master
commit 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
also includes some changes taken from
commit a759fa963a42e0652134130029217270b6d5d00b
(sm: Improve readability of the data verification output.)

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-03 17:08:58 +02:00
Werner Koch
381c54179c
common: Add missing error code GPG_ERR_WRONG_NAME.
* configure.ac: Require libgpg-error 1.25.
* common/util.h: Define some extra error codes.
--

This actually defines a few more error ocdes in case they are used by
backported code.  The requirement chnaged to 1.25 because erro codes
from there are also required.

GnuPG-bug-id: 4965
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 10:29:18 +02:00
Werner Koch
c6324ee07a
common: Change argument order of log_printhex.
* common/logging.c (log_printhex): Chnage order of args.  Make it
printf alike.  Change all callers.
* configure.ac: Add -Wno-format-zero-length
--

This makes it consistent with modern libgpgrt logging and thus eases
back porting from newer GnuPG versions which use libgpgrt logging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-12 18:51:47 +02:00
Werner Koch
1dfe71c62b
gpg: Support decryption of the new AEAD packet
* common/openpgpdefs.h (aead_algo_t): New.
(pkttype_t): Add PKT_ENCRYPTED_AEAD.
* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
AEAD.
(aead_set_nonce_and_ad): New.
(aead_checktag): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/dek.h (DEK): Add field use_aead.  Turn use_mdc,
algo_info_printed, and symmetric into bit flags.
* g10/mainproc.c (struct mainproc_context): Add field
seen_pkt_encrypted_aead.
(release_list): Clear it.
(have_seen_pkt_encrypted_aead): New.
(symkey_decrypt_seskey): Support AEAD.
(proc_symkey_enc): Ditto.
(proc_encrypted): Ditto.
(proc_plaintext): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(openpgp_aead_algo_info): New.
* g10/packet.h (PKT_symkey_enc): Add field use_aead.
(PKT_user_id): Add field flags.aead
(PKT_public_key): Ditto.
(PKT_encrypted): Add fields for AEAD.
* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
(parse_symkeyenc): Support AEAD.
(parse_encrypted): Ditto.
(dump_sig_subpkt): Dump AEAD preference packet.
(parse_encrypted_aead): New.
--

This patch allows to decrypt data encrypted using the new AEAD
mechanism as specified in rfc4880bis.  Although preferences are used
to enable this new mode, it is useful to have at least a decryption
option in case a user switches between GnuPG 2.2 and newer versions.

The new AEAD mechanism is much faster than the current CFB+MDC and
thus 2.2 will allow faster decryption of symmetric only decryption.

This patch is based on the current master (2.3) code base and includes
a few other patches.  In particular
commit 44be675b759d27bac310c2de8bae1b7882a26b65
(gpg: More check for symmetric key encryption.)
is included.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 08:25:55 +02:00
Werner Koch
4d37cc72b8
common: New function to map hash algo names.
* common/sexputil.c (hash_algo_to_string): New.
--

Libgcrypt expects lowercase names and it is cumbersome to downcase
those retrieved via gcry_md_algo_name.  It is easier and also faster
to use a dedicated map function.
2020-04-15 15:43:00 +02:00
Werner Koch
471b06e91b
scd:p15: Fix decrypt followed by sign problem for D-Trust cards.
* scd/iso7816.c (iso7816_select_mf): New.
* scd/app-p15.c (card_product_t): New.
(struct app_local_s): Add field 'card_product'.
(read_ef_tokeninfo): Detect D-Trust card.
(prepare_verify_pin): Switch to D-Trust AID.
(do_decipher): Restore a SE for D-TRust cards.  Change the padding
indicator to 0x81.

* common/percent.c (percent_data_escape): new.  Taken from master.
--

Using what I learned from a USB trace running the Governikus Signer
Software on Windows this fixes the left over problem with the new
D-Trust card support.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.  This required to add the percent_data_escape
function we introduced in master on 2018-07-02:

    commit 58baf40af641f8cbf597e508a292e85ae94688f1
    common: New function percent_data_escape.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:31:56 +02:00
Werner Koch
e730444e7b
scd:p15: Support signing with CardOS 5 cards.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_pkey and change all callers.
(app_help_get_keygrip_string): Ditto.
* scd/app-p15.c (struct cdf_object_s): Use bit flags
(struct aodf_object_s): Ditto.  Add field 'fid'.
(struct prkdf_object_s): Ditto.  Add fields keygrip, keyalgo, and
keynbits.
(parse_certid): Allow a keygrip instead of a certid aka keyref.
(read_ef_aodf): Store the FID.
(keygripstr_from_prkdf): Rename to ...
(keygrip_from_prkdf): this.  Remove arg r_gripstr and implement cache.
Change callers to directly use the values from the object.  Also store
the algo and length of the key ion the object.
(keyref_from_keyinfo): New. Factored out code.
(do_sign): Support SHA-256 and >2048 bit RSA keys.
common/scd:p15: Support signing with CardOS 5 cards.
* common/util.h (KEYGRIP_LEN): New.
--

This has been tested with a D-Trust card featuring 3072 bit keys.
Note that non-repudiation key for a qualified signature does not yet
work because we do not yet support rsaPSS padding.  Thus a gpgsm
--learn shows a couple of Bad Signature errors for this key.

Signed-off-by: Werner Koch <wk@gnupg.org>

Back ported from master:
- Removed do_with_keygrip
- Added KEYGRIP_LEN
- app_help_get_keygrip_string_pk actually added.
- Move keygrip_from_prkdf in do_sign before the verification.
  It used to work in master only because there it is implictly
  called prior to signing by do_with_keygrip

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-01 16:00:31 +02:00
Werner Koch
1424c12e4c
sm: Consider certificates w/o CRL DP as valid.
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
--

If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks.  The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from master)
2020-03-27 21:20:13 +01:00
Werner Koch
b27d30df62
Copyright notice updates et al.
--
2020-03-19 15:48:12 +01:00
Werner Koch
d79ebee64e
gpg: New option --include-key-block.
* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--

This patch adds support for a to be proposed OpenPGP ferature:

  Introduce the Key Block subpacket to align OpenPGP with CMS.

  This new subpacket may be used similar to the CertificateSet of
  CMS (RFC-5652) and thus allows to start encrypted communication
  after having received a signed message.  In practice a stripped down
  version of the key should be including having only the key material
  and the self-signatures which are really useful and shall be used by
  the recipient to reply encrypted.

  #### Key Block

  (1 octet with value 0, N octets of key data)

  This subpacket MAY be used to convey key data along with a signature
  of class 0x00, 0x01, or 0x02.  It MUST contain the key used to create
  the signature; either as the primary key or as a subkey.  The key
  SHOULD contain a primary or subkey capable of encryption and the
  entire key must be a valid OpenPGP key including at least one User ID
  packet and the corresponding self-signatures.

  Implementations MUST ignore this subpacket if the first octet does not
  have a value of zero or if the key data does not represent a valid
  transferable public key.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:38:09 +01:00
Werner Koch
e952026e19
sm: Remove left over debug output.
--
2020-02-17 11:38:23 +01:00
Werner Koch
38f819bd6d
gpgsm: Fix import of some CR,LF ternminated certificates
* common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
don't just rely on the padding chars.  This could happen only with
CR+LF termnmated PEM files.  Also move the detection into the invalid
character detection branch for a minor parser speedup.
--

GnuPG-bug-id: 4847
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6248739799fd4a877529089375e2a4103d33e6f4)
2020-02-15 19:21:35 +01:00
Werner Koch
21d9bd8b87
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:37:34 +01:00
Werner Koch
47f514fde6
common: Also protect log_inc_errorcount against counter overflow.
* common/logging.c (log_inc_errorcount): Also protect against
overflow.
(log_error): Call log_inc_errorcount instead of directly bumping the
counter.
--

We already had an overflow checking for log_error but not for the
silent increment function.

This is basically the same fix we have in libgpg-error
(libgpg-error commit d72c1ddfde09ffa69745ec2439c5a16d15e2202f)

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 14:55:53 +01:00
Werner Koch
a265d3997a
gpgconf,w32: Print a warning for a suspicious homedir.
* tools/gpgconf.c (list_dirs): Check whether the homedir has been
taken from the registry.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 7f12fb55f9757cd68147eca8f162c85378538405)
2020-01-17 14:28:13 +01:00
Werner Koch
0353cb0a5e
common: Extend function pubkey_algo_string.
* common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8)

Removed the changes in gpg-card which is not part of 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-21 10:23:05 +02:00
NIIBE Yutaka
6e6078c8d0 common: Fix line break handling, finding a space.
* common/name-value.c (assert_raw_value): Correctly find a space.

--

Cherry-pick master commit of:
	f588dd8d1766de48c90a5501cf2d537f256d003e

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-12 10:46:26 +09:00
Werner Koch
d9b31d3a20
gpg: Allow deletion of subkeys with --delete-[secret-]key.
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--

GnuPG-bug-id: 4457
2019-05-27 11:41:35 +02:00
NIIBE Yutaka
ee766b2b5d common: Fix AWK portability.
* common/Makefile.am: Use pkg_namespace.
* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.

--

Cherry-picked from master commit:
	b6f0b0efa19e0434024bc16e246032b613fd448a

GnuPG-bug-Bug: 4459
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-04-16 13:27:44 +09:00
NIIBE Yutaka
6e422b5135 common: Fix gnupg_wait_processes.
* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
even if we already see an error.

--

Cherry-picked master commit of:
	eeb3da6eb717ed6a1a1069a7611eb37503e8672d

The value stored by waitpid for exit code is encoded;  It requires
decoded by WEXITSTATUS macro, regardless of an error.

For example, when one of processes is already exited and another is
still running, it resulted wrong value of in r_exitcodes[n].

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 15:49:55 +09:00
Werner Koch
7922e2dd1c
Release 2.2.13 2019-02-12 16:30:31 +01:00
Werner Koch
d29d73264f
common: Provide function to get public key algo names in our format.
* common/sexputil.c (pubkey_algo_string): New.
--

The new gpg format for public key algorithms is useful at other places
as well.  Thus we make this new function available.  Note that the
code we use in gpg is not based on s-expressions and thus a new
function was required.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 03bf8e967adb2dd13329ba1089deb419d49e55c0)

Not yet used in 2.2 but will likely be needed by future backports.
2019-02-11 10:59:35 +01:00
Werner Koch
ee8d1a9e6c
common: New functions get_option_value and ascii_strupr.
* common/server-help.c (get_option_value): New.
* common/stringhelp.c (ascii_strupr): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e2f18023b3b3b7e55b35218f65e37448d1011172)

This might come handy when we eventually backport other changes.
2019-02-11 10:59:34 +01:00
Werner Koch
b78f293cf0
common: Provide some convenient OpenPGP related constants.
* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
(OPENPGP_MAX_NSKEY): New.
(OPENPGP_MAX_NSIG): New.
(OPENPGP_MAX_NENC): New.
* g10/packet.h: Define PUBKEY_MAX using the new consts.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)
2019-01-29 20:18:52 +01:00
Werner Koch
dddbb26155
common: New helper functions for OpenPGP curve OIDs.
* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
to ...
(openpgp_oidbuf_to_str): new.
(openpgp_oidbuf_is_ed25519): New.
(openpgp_oidbuf_is_cv25519): New.
--

At some places it is more convenient (and faster) to directly work on
buffers and avoid the way via opaque MPIs.  These 3 new functions
allow for that.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4a1558d0c7190cf13d35385e47291a7aa121be3e)
2019-01-29 20:17:29 +01:00
Jussi Kivilinna
ebd434a45e
common/iobuf: fix memory wiping in iobuf_copy
* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
first sizeof(char*) bytes.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit 654e353d9b20f10fa275e7ae10cc50480654f079)
2018-12-05 08:25:48 +01:00
Jussi Kivilinna
21fdef6963
common: Use platform memory zeroing function for wipememory
* common/mischelp.h (wipememory): Replace macro with function
prototype.
(wipememory2): Remove.
* common/mischelp.c (wipememory): New.
* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
remove duplicated checks.
--

In new wipememory function, memory is cleared through platform
provided secure memory zeroing function, SecureZeroMemory
or explicit_bzero.

If none of these is available, memset is called through
volatile function pointer to so that compiler won't optimize
away the call.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit 2a650772b4e1c78a4fd20bc88433930e5551fe9c)
2018-12-05 08:23:57 +01:00
Werner Koch
e53253485c
agent: Fix possible uninitalized use of CTX in simple_pwquery.
* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
--

GnuPG-bug-id: 4223
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit bafcf7095159493a656382997f8b0d0bb11a20e8)
2018-10-24 20:30:17 +02:00
NIIBE Yutaka
8f844ae1cd common: Fix gnupg_reopen_std.
* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.

--

Cherry-pick from master commit of:
	50b02dba2060a8969da47b18d9c0ecdccbd30db4

When gpg was invoked by a Perl web application on FreeBSD, fstat in
gnupg_reopen_std failed with EBADF.  Using fcntl, which is considered
lighter than fstat, it works fine.  Since uur purpose is to check if
file descriptor is valid or not, lighter operation is better.

Reported-by: Marcin Gryszkalis <mg@fork.pl>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-02 14:31:56 +09:00
NIIBE Yutaka
0383e7fed7 common: Use iobuf_get_noeof to avoid undefined behaviors.
* common/iobuf.c (block_filter): Use iobuf_get_noeof.

--

Cherry-pick from master commit of:
	f80346f42df4bdc7d0a9741c3922129aceae4f81

When singed integer has negative value, left shift computation is
undefined in C.

GnuPG-bug-id: 4093
Reported-by: Philippe Antoine
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-10 13:59:14 +09:00
NIIBE Yutaka
f0fdee2e24 Fix use of strncpy, which is actually good to use memcpy.
* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.

--

Cherry-pick of master commit of:
	625ced6e672daa892d334323cce6b3d42a6f929f

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-06 11:46:20 +09:00
Werner Koch
38eb7c360b
assuan: Fix exponential decay for first second.
* common/asshelp.c (wait_for_sock): Round SECSLEFT.
* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
mode.
* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
--

Without the rounding we saw in verbose mose

 [...]to come up ... (5s)
 [...]to come up ... (4s)

immediately without the expected one second delay.  Waiting for the
next seconds did not work if nanosleep was used due to improper passed
parameters in gnupg_usleep.

Adding --debug-wait for dirmngr in daemon mode is required to test
this change.

GnuPG-bug-id: 3490
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0cfdd3b57d592fb6baa7dafe8fde124e8a6c7798)
Fixes-commit: 1189df2cd7d4b6896ba22aa204c159ff2a425ead
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28 16:47:38 +02:00
Daniel Kahn Gillmor
1189df2cd7
assuan: Use exponential decay for first 1s of spinlock.
* common/asshelp.c (wait_for_sock): instead of checking the socket
every second, we check 10 times in the first second (with exponential
decay).
--

This cuts the wall clock time for the standard test suite roughly by
half.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 149041b0b917f4298239fe18b5ebd5ead71584a6)
2018-08-28 16:41:47 +02:00
Daniel Kahn Gillmor
a22a55b994
assuan: Reorganize waiting for socket.
* common/asshelp.c (wait_for_sock): New function, collecting
codepaths from...
(start_new_gpg_agent) here and...
(start_new_dirmngr) here.
--

This has no functional change, but makes it easier to make this
function more efficient.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 0471ff9d3bf8d6b9a359f3c426d70d0935066907)
2018-08-28 16:41:35 +02:00
Werner Koch
4f59187a17
common: New function to validate domain names.
* common/mbox-util.c (is_valid_domain_name): New.
* common/t-mbox-util.c (run_dns_test): New test.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72)
2018-07-29 18:39:32 +02:00
Werner Koch
f7f3043653
gpg: Fix "Too many open files" when using --multifile.
* common/miscellaneous.c (is_file_compressed): Don't cache the file.
--

This seems to be a pretty old bug.  The fix is easy and also reveals
that -z0 can be used as a workaround.

GnuPG-bug-id: 3951
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-02 19:03:07 +02:00
Andre Heinecke
3bd793256e
common,w32: Hide spawned processes by default
* common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
instead of SW_MINIMIZE.

--
Spawning minimized shows icons in the task bar so users
see that background processes are started, which is unusual.

I'm pretty sure that the intention of the code was to hide
the window if not in spawn debug mode. This is also what
GPGME does.

This fixes dirmngr_ldap process windows and other
spurious reports about e.g. a gpgv console window from
loadswdb.

GnuPG-Bug-Id: T3937
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-05-02 14:07:39 +02:00
Werner Koch
6da7aa1e7c
gpg,w32: Fix empty homedir when only a drive letter is used.
* common/homedir.c (copy_dir_with_fixup): New.
(default_homedir): Use here.
(gnupg_set_homedir): And here .
--

This actually fixes a couple of cases for Windows.  Both --home-dir
and GNUPGHOME.  The interpretation of "c:" -> "c:/" might not be the
correct one but because we need an absolute dir anyway it is the less
surprising one.  Note that this does not include a full syntax check
and fixup and thus it is very well possible that the result is not an
absolute directory.

GnuPG-bug-id: 3720
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 14:44:21 +02:00
Werner Koch
05c55ee260
agent: New OPTION pretend-request-origin
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--

This allows to pretend that a request originated from the extra or
browser socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 08:37:14 +01:00
Werner Koch
9581a65ccc
Release 2.2.5
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-22 15:32:36 +01:00
Werner Koch
f19ff78f0f
common: Use new function to print status strings.
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2018-02-14 12:21:44 +01:00
Werner Koch
f3ba66781a
kbx: Simplify by removing custom memory functions.
* kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
(_keybox_malloc, _keybox_calloc, keybox_realloc)
(_keybox_free): Remove.
(keybox_file_rename): Remove.  Was not used.
* sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
* kbx/kbxutil.c (main): Ditto.
* kbx/keybox-defs.h: Remove all separate includes.  Include util.h.
remove convenience macros.
* common/logging.h (return_if_fail): New.  Originally from
keybox-defs.h but now using log_debug.
(return_null_if_fail): Ditto.
(return_val_if_fail): Ditto.
(never_reached): Ditto.
--

Originally the KBX code was written to allow standalone use.  However
this required lot of ugliness like separate memory allocators and
such.  It also precludes the use of some standard functions from
common due to their use of the common gnupg malloc functions.
Dropping all that makes things easier.  Minor disadvantages: the kbx
call done for gpg will now use gcry malloc fucntions and not the
standard malloc functions.  This might be a bit slower but removing
them even fixes a possible bug in keybox_tmp_names which is used in
gpg and uses gpg's xfree which is actually gcry_free.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-22 12:55:46 +01:00
Werner Koch
290348e349
common: Use larger buffer for homedir in case of 64 bit UIDs.
* common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
bytes for "/gnupg".
--

The temporary buffer was to short for the extra "/gnupg".  However the
20 bytes for the UID is large enough for all 32 bit UIDs and would
only fail (detected) if  a 64 bit UID is used.

Fixes-commit: 17efcd2a2acdc3b7f00711272aa51e5be2476921
Reported-by: Rainer Perske.
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-20 15:37:29 +01:00
Werner Koch
17efcd2a2a
build: New configure option --enable-run-gnupg-user-socket.
* configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
* common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
--

This allows to build GnuPG with an extra socketdir below /run.  See
https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033250.html
for a longer explanation why this is sometimes useful.

Suggested-by: Rainer Perske
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 09:42:43 +01:00
Werner Koch
ddd54d8210
Revert: build: Do not define logging.h constants for ...
---

This reverts commit 2fedf8583bcc493f587c90bc9632d25dfd10bd10.

We better solve this on the libgpg-error side.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-08 13:27:36 +01:00
Werner Koch
2fedf8583b
build: Do not define logging.h constants for libgpg-error dev versions.
* common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log
constants.
--

logging.h uses constants we plan to use for future versions of
libgpg-error.  My dev version already has the logging functions and
thus I run into a conflict.  This patch protects against this and make
the GnuPG work with later libgpg-error versions.

It was not the best idea to use constants from a planned libgpg-error
in the first place.  The actual problem are the enums, the macros
won't harm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-07 14:53:49 +01:00
NIIBE Yutaka
0e5bd473a0
common: Accept the Z-suffix for yymmddThhmmssZ format.
* common/gettime.c (isotime_p): Accept the Z suffix.

--

The intention is use for human interface.

GnuPG-bug-id: 3278
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit ba8afc4966cca1f6aaf9b2a9bfc3220782306c2b)
2017-11-01 18:35:29 +01:00
Werner Koch
a21ca77988
indent: Wrap overlong lines in argparse.c
--
2017-08-01 08:28:01 +02:00
Werner Koch
6502bb0d2a
gpg: Tweak compliance checking for verification
* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--

We should be able to verify all signatures.  So we only print a
warning.  That is the same beheavour as for untrusted keys etc.

GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-27 16:22:36 +02:00
Werner Koch
a0d0cbee76
gpg,sm: Fix compliance checking for decryption.
* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
signing check.  We don't support Elgamal signing at all.
(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
Check the curvenames for ECDH.
* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
is not compliant.
* sm/decrypt.c (gpgsm_decrypt): Ditto.  Use the same string as in gpg
so that we have only one translation.
--

We always allow decryption and print only a note if the key was not
complaint at the encryption site.

GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-27 13:56:38 +02:00
Werner Koch
24c7aa0d58
common: Strip trailing slashes from the homedir.
* common/homedir.c (default_homedir): Strip trailing slashes.
(gnupg_set_homedir): Ditto.

--

is_gnupg_default_homedir() does not ignore trailing slashes when
comparing directory names.  This can lead to multiple agents started
on the same directory if the homedir was specified with --homedir or
GNUPGHOME without or with a number of slashes.

We now make sure that the home directory name never ends in a
slash (except for the roo of course).

GnuPG-bug-id: 3295
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 15:22:48 +02:00
Werner Koch
226f143ca0
common: New functions gnupg_daemon_rootdir and gnupg_chdir.
* common/sysutils.c (gnupg_chdir): New.
* common/homedir.c (gnupg_daemon_rootdir): New.
* agent/gpg-agent.c (main): Use these functions instead chdir("/").
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 12:43:37 +02:00
Werner Koch
bddc2e04f1
common: New function print_utf9_string.
* common/miscellaneous.c (print_utf8_string): New.
--

This is a simple convenience function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-20 18:13:40 +02:00
NIIBE Yutaka
84146b3ec4 common: logstream fix.
* common/logging.c (set_file_fd): Don't close es_stderr.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-20 16:37:56 +09:00
Marcus Brinkmann
f17862d47d common: Allow abbreviations of standard options.
* argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION,
ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New
macros.
(ARGPARSE_end): Add some placeholders for standard options.
* argparse.c (arg_parse): Fill in missing standard options so
default machinery works.  Check for standard options in new way.
Do not write out standard options for --dump-options.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 1747
2017-07-18 18:08:25 +02:00
Werner Koch
a149afe338
gpg,sm: Check compliance of the RNG.
* common/compliance.c (gnupg_rng_is_compliant): New.
* g10/call-agent.c (start_agent) [W32]: Check rng compliance.
* sm/call-agent.c (start_agent) [W32]: Ditto.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* g10/sign.c (do_sign): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
--

Under Windows we need to check that the Jitter RNG is active in de-vs
mode.  Under Linux this is not necessary because /dev/random can be
scrutinized and is believed to provide enough entropy.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-17 15:53:16 +02:00
Werner Koch
849467870e
common: New function split_fields_colon.
* common/stringhelp.c (split_fields_colon): New.
* common/t-stringhelp.c (test_split_fields_colon): New test.
(main): Call that test.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-17 15:53:16 +02:00
Werner Koch
1ead1ca818
agent: Shutdown on removal of the home directory.
* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--

GnuPG-bug-id: 3218

Note that we should add this also to dirmngr.  And for non-Linux
systems a stat in ticker should be implemented.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-23 13:20:42 +02:00
Werner Koch
f31dc2540a
gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--

This status code allows to report whether an encryption operation was
compliant to de-vs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-23 12:01:20 +02:00
Werner Koch
3621dbe525
gpg,gpgsm: Fix compliance check for DSA and avoid an assert.
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check.  Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check.  Replace
assert by debug message.

--

Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative.  Better use a boolean test.

The assert could have lead to a regression for no good reason.  Not
being compliant is better than breaking existing users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 19:57:11 +02:00