1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

8580 Commits

Author SHA1 Message Date
Werner Koch
773b8fbbe9
gpg: New option --override-compliance-check
* g10/gpg.c (oOverrideComplianceCheck): New.
(opts): Add new option.
(main): Set option and add check for batch mode.
* g10/options.h (opt): Add flags.override_compliance_check.

* g10/sig-check.c (check_signature2): Factor complaince checking out
to ...
(check_key_verify_compliance): new.  Turn error into a warning in
override mode.
--

There is one important use case for this: For systems configured
globally to use de-vs mode, Ed25519 and other key types are not
allowed because they are not listred in the BSI algorithm catalog.
Now, our release signing keys happen to be Ed25519 and thus we need to
offer a way for users to check new versions even if the system is in
de-vs mode.  This does on purpose not work in --batch mode so that
scripted solutions won't accidently pass a signature check.

GnuPG-bug-id: 5655
Backported-from-master: fb26e144adfd93051501d58f5d0d4f8826ddf436
2021-10-13 17:34:12 +02:00
Werner Koch
bb750cf4ba
Post release updates
--
2021-10-06 21:15:11 +02:00
Werner Koch
476096099d
Release 2.2.32 gnupg-2.2.32 2021-10-06 20:23:37 +02:00
NIIBE Yutaka
a17f1b6074
gpg: Skip the packet when not used for AEAD.
* g10/free-packet.c (free_packet): Add the case for case
PKT_ENCRYPTED_AEAD.
--

GnuPG-bug-id: 5584
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(bug id fixed in this backport)
2021-10-06 20:03:34 +02:00
Werner Koch
323a20399d
dirmngr: New option --ignore-cert
* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.
--

This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
GnuPG-bug-id: 5639
Backported-from-master: 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d
2021-10-06 11:06:01 +02:00
Werner Koch
341ab0123a
dirmngr: Fix Let's Encrypt certificate chain validation.
* dirmngr/certcache.c (find_cert_bysubject): Return the first trusted
certififcate if any.
--

This is basically the same as using OpenSSL with ist
X509_V_FLAG_TRUSTED_FIRST flag. See
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

GnuPG-bug-id: 5639
2021-10-06 10:56:43 +02:00
Werner Koch
48dc463ada
Post release updates
--
2021-09-16 11:54:18 +02:00
Werner Koch
ecf4c2f611
Release 2.2.31 gnupg-2.2.31 2021-09-15 16:43:23 +02:00
Werner Koch
6eb6304c04
po: Change German descriptions for password constraints.
--
2021-09-15 16:39:30 +02:00
Werner Koch
13e4e322eb
Update release signing keys.
--

These are now

# ------------------------ >8 ------------------------
pub   rsa3072 2017-03-17 [SC] [expires: 2027-03-15]
      5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
sig    R     BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
uid                      Andre Heinecke (Release Signing Key)
sig 3        BCEF7E294B092E28 2017-03-17  Andre Heinecke (Release Signing Key)
sig          1FDF723CF462B6B1 2017-03-17  Andre Heinecke <aheinecke@intevation.de>

pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
      6DAA6E64A76D2840571B4902528897B826403ADA
uid                      Werner Koch (dist signing 2020)
sig 3        528897B826403ADA 2020-08-24  Werner Koch (dist signing 2020)
sig          249B39D24F25E3B6 2020-08-24  Werner Koch (dist sig)
sig          63113AE866587D0A 2020-08-24  wk@gnupg.org
sig          E3FDFF218E45B72B 2020-08-24  Werner Koch (wheatstone commit signing)
sig          F2AD85AC1E42B367 2020-08-24  Werner Koch <wk@gnupg.org>

pub   ed25519 2021-05-19 [SC] [expires: 2027-04-04]
      AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
uid                      Niibe Yutaka (GnuPG Release Key)
sig 3        E98E9B2D19C6C8BD 2021-05-19  Niibe Yutaka (GnuPG Release Key)
sig          00B45EBD4CA7BABE 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>
sig          E267B052364F028D 2021-09-14  NIIBE Yutaka <gniibe@fsij.org>
2021-09-14 13:50:47 +02:00
Werner Koch
67e1834ad4
scd: Remove context reference counting from pc/sc
* scd/apdu.c (pcsc): Add flag context_valid, remove count.
(close_pcsc_reader): Use new flag instead of looking at magic context
value.
(pcsc_init): Set new flag.
(open_pcsc_reader): Use new flag.
(apdu_init): Clear new flag.

* scd/apdu.c: Remove assert.h.  Replace all assert by log_assert.
--

The previous fix 192113552faa98f40cc91fe014ec55861474626c did not
help, thus the new hypothesis is that PC/SC might return a valid
context with the value -1.  We now use a dedicated flag to track the
validity of the context.

The reference counting seems to be superfluous and is a relict due to
backporting from 2.3.  Removed.
2021-09-14 13:41:05 +02:00
Werner Koch
117afec018
common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
* common/exechelp-w32.c (gnupg_spawn_process_detached): Silence
breakaway messages and turn them again into debug messages.
2021-09-13 17:12:23 +02:00
Werner Koch
92f5cbb018
doc: Clarify some gpg keyring options
--
GnuPG-bug-id: 5594
2021-09-09 17:45:33 +02:00
Werner Koch
f32994b0bf
scd: Support PC/SC for "getinfo reader_list".
* scd/apdu.c: Include membuf.h.
(pcsc): Add reader_list field.
(open_pcsc_reader): Fill that field.
(apdu_get_reader_list): New.
* scd/command.c: Remove header ccid-driver.h.
(pretty_assuan_send_data): New.
(cmd_getinfo): Print all reader names.
--

Note that depending on the card backend (ccid or PC/SC) it might be
necessary to first send a reset followed by SERIALNO to get an updated
list of reader.  Or well send KILLSCD.

The pretty printing of Assuan data lines does only work if you connect
direct to scdaemon because the wrapper in gpg-agent does not know
about this and combines the Assuan lines again.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-09-08 15:50:28 +02:00
Werner Koch
192113552f
scd: Fix possible assertion in close_pcsc_reader.
* scd/apdu.c (close_pcsc_reader): Don't ref-count if the context is
invalid.
(open_pcsc_reader): Compare the context against -1 which is our
indicator for an invalid context.
--

I got a crash report for Windows:

  DBG: chan_0x000000a4 <- RESTART
  DBG: chan_0x000000a4 -> OK
  DBG: chan_0x000000a4 <- SERIALNO
  DBG: open_pcsc_reader(portstr=(null))
  reader slot 0: not connected
  DBG: open_pcsc_reader => slot=0
  DBG: enter: apdu_connect: slot=0
  pcsc_connect failed: invalid PC/SC error code (0x6)
  reader slot 0: not connected
  DBG: leave: apdu_connect => sw=0x1000b
  DBG: enter: apdu_close_reader: slot=0
  DBG: enter: apdu_disconnect: slot=0
  DBG: leave: apdu_disconnect => sw=0x0
  Ohhhh jeeee: Assertion "pcsc.count > 0" in
    close_pcsc_reader failed (...2.2.28/scd/apdu.c:817)

no smartcard reader was connected but the box might sport a virtual
reader.  This patch should make it more robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-09-07 16:40:09 +02:00
Werner Koch
4b2cfec2dc
agent: Fix segv in GET_PASSPHRASE (regression)
* agent/command.c (cmd_get_passphrase): Do not deref PI.  PI is always
NULL.
--

Fixes-commit: db5dc7a91af3774cfbce0bc533e0f0b5498402fe
GnuPG-bug-id: 5577
2021-09-07 09:03:44 +02:00
Werner Koch
1f726b4123
gpg: Print a note about the obsolete option --secret-keyring.
--

GnuPG-bug-id: 2749
2021-08-28 18:37:41 +02:00
Werner Koch
b03a38355d
Fix announcement mail URL
--
2021-08-27 15:25:02 +02:00
NIIBE Yutaka
7e431e009e common: Fix put_membuf.
* common/membuf.c (put_membuf): Allow NULL for the second arg.

--

Cherry-picked from master commit of:
	f271c6916469c0054c143adb4cee0588866a2a61

There has been such a use case in keybox-blob.c.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-27 17:22:25 +09:00
NIIBE Yutaka
0ca84cbdf0 build: Fix removal of AC_TYPE_SIGNAL.
* configure.ac: AC_TYPE_SIGNAL is still needed.

--

Fixes-commit: d5f9481186eaf2ff28d7ab04fd36f0bbd1c9714d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-27 09:58:47 +09:00
NIIBE Yutaka
a8ffc52cec po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-27 08:57:19 +09:00
NIIBE Yutaka
d5f9481186 common: Fix get_signal_name for GNU/Linux.
* common/signal.c (get_signal_name): Use sigdescr_np if available.
* configure.ac: Check the function.

--

Backport master commit of:
	c4ba712736ddeda66055567874d573e79d22666b

GnuPG-bug-id: 5568
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-27 08:50:12 +09:00
Werner Koch
f64e0f63d6
Post release updates
--
2021-08-26 21:13:30 +02:00
Werner Koch
d583e750a6
Release 2.2.30 gnupg-2.2.30 2021-08-26 18:18:36 +02:00
Werner Koch
f151587d85
po: Auto update
--
2021-08-26 18:11:48 +02:00
Werner Koch
712930f8dd
po: Update German translation
--
2021-08-26 18:10:14 +02:00
Werner Koch
2b65f4e953
wkd: Properly unescape the user-id from a key listing.
* tools/wks-util.c (append_to_uidinfo_list): Unescape UID.
2021-08-20 16:24:14 +02:00
Werner Koch
17e2ec488f
common: New function decode_c_string.
* common/miscellaneous.c (decode_c_string): New.
--

This is basically a copy from the code we use in gpgme and gpa.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6ecedd0b25b6b1a33be63b99f2a8256370000521)
2021-08-20 16:24:13 +02:00
Werner Koch
5ed8e598fa
agent: Use the sysconfdir for a pattern file.
* agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
2021-08-20 16:22:44 +02:00
Werner Koch
db5dc7a91a
agent: Ignore passphrase constraints for a generated passphrase.
* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
(MAX_GENPIN_TRIES): Remove.
* agent/call-pinentry.c (struct entry_parm_s):
(struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
(is_generated_pin): New.
(inq_cb): Suppress constraints checking for a generated passphrase.
No more need for several tries to generate the passphrase.
(do_getpin): Store a generated passphrase/pin in the status field.
(agent_askpin): Suppress constraints checking for a generated
passphrase.
(agent_get_passphrase): Ditto.
* agent/command.c (cmd_get_passphrase): Ditto.
--

A generated passphrase has enough entropy so that all kind of extra
checks would only reduce the actual available entropy.  We thus detect
if a passphrase has been generated (and not changed) and skip all
passphrase constraints checking.
2021-08-20 10:18:11 +02:00
Werner Koch
576e429d41
wkd: Fix client issue with leading or trailing spaces in user-ids.
* common/recsel.c (recsel_parse_expr): Add flag -t.
* common/stringhelp.c (strtokenize): Factor code out to
do_strtokenize.
(strtokenize_nt): New.
(do_strtokenize): Add arg trim to support the strtokenize_nt.
* common/t-stringhelp.c (test_strtokenize_nt): New test cases.

* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
flag -t.
--

This fixes a bug with user ids with leading spaces because:

wks-client lists all mail addresses from the key and matches them to the
requested mail address.

If there are several user-ids all with the same mail address
wks-client picks one of them and then extracts exactly that user id.
However, here it does not match by the mail address but by the full
user-id so that we can be sure that there will be only one user-id in
the final key.

The filter built expression unfortunately strips leading blanks but
requires a verbatim match.  Thus it won't find the user id again and
errors out.

The new -t flag and a non-trimming strtokenize solves the problem.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-20 09:58:35 +02:00
Werner Koch
6685696ada
gpg: Return SUCCESS/FAILURE status also for --card-edit/name.
* g10/card-util.c (change_name): Call write_sc_op_status.
--

Reported-by: Joey Berkovitz
2021-08-20 09:54:00 +02:00
Werner Koch
2e69ce878f
agent: Improve the GENPIN callback.
* agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by  ...
(DEFAULT_GENPIN_BITS): this and increase to 150.
(generate_pin): Make sure that we use at least 128 bits.
2021-08-18 11:34:10 +02:00
Werner Koch
4855888c0a
agent: Fix for zero length help string in pinentry hints.
* agent/call-pinentry.c: Remove unused assert.h.
(inq_cb): Fix use use of assuan_end_confidential in case of nested
use.
(do_getpin): Ditto.
(setup_formatted_passphrase): Escape the help string.
(setup_enforced_constraints): Ignore empty help strings.
2021-08-18 10:20:22 +02:00
Werner Koch
ec2f1b3898
common,w32: Replace log_debug by log_info for InProcessJobs
* common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.
2021-08-18 09:41:17 +02:00
Werner Koch
4dfa951a0a
w32: Move socketdir to LOCAL_APPDATA
* common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
instead of the constant which makes a difference on Windows.
(_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
(gnupg_cachedir): Remove unsued function.

* common/sysutils.c (gnupg_rmdir): New.
* tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
--

That is actually a more correct directory than APPDATA.  This fixes
a problem with installations where the APPDATA is non a network drive
and the resulting socket filename is truncated in our socket helper
function (because we use sockaddr also for our local socket
emulation on Windows).

LOCAL_APPDATA is expected to be on the local box and thus in the
majority of cases the resulting socket file name will be short enough.

GnuPG-bug-id: 5537
Signed-off-by: Werner Koch <wk@gnupg.org>
Backport-from-master: 0802cbb59b21e06e16b4fd8596934c5565e7f659
2021-08-17 10:53:26 +02:00
Werner Koch
013f2e4672
gpgconf,w32: Print more registry diagnostics with --list-dirs.
* tools/gpgconf.c (list_dirs): Figure out classes with the key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-17 10:42:38 +02:00
Werner Koch
455ba49071
agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient
* agent/call-pinentry.c (atfork_core): Pass DISPLAY.
2021-08-17 10:42:18 +02:00
Werner Koch
c6a4a660fd
agent: New option --check-sym-passphrase-pattern.
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg.  Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing.  Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constraints flag from the supplied pinentry
struct.
--

Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different.  Thus a
the use of a different pattern file will be useful.  Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.

GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 7c45a69eb988e9c0329d75900af0c5b1e47291b7
agent: New option --check-sym-passphrase-pattern.
2021-08-17 10:40:23 +02:00
Ingo Klöcker
9832566e45
agent: Add checkpin inquiry for pinentry
* agent/call-pinentry.c: Include zb32.
(MAX_GENPIN_TRIES): New.
(DEFAULT_GENPIN_BYTES): New.
(generate_pin): New.
(setup_genpin): New.
(inq_quality): Rename to ...
(inq_cb): this.  Handle checkpin inquiry.
(setup_enforced_constraints): New.
(agent_get_passphrase): Call sertup_genpin.  Call
setup_enforced_constraints if new passphrase is requested.
--

This implements the gpg-agent side for checking whether a new passphrase
entered by the user in pinentry satisfies the passphrase constraints.
Performing a checkpin inquiry is only allowed if the passphrase
constraints are enforced. setup_enforced_constraints sends necessary
options and translated strings to pinentry.

The patch also merges 557ddbde32585c534626b57a595a2ccf28fd585e et
al. from master to add the genpin inquiry machinery.

The suggested passphrase has the required entropy of 128 bits.

GnuPG-bug-id: 5517, 5532
2021-08-17 10:11:24 +02:00
Ingo Klöcker
32fbdddf8b
agent: New option --pinentry-formatted-passphrase
* agent/agent.h (opt): Add field pinentry_formatted_passphrase.
* agent/call-pinentry.c (setup_formatted_passphrase): New.
(agent_get_passphrase): Pass option to pinentry.
* agent/gpg-agent.c (oPinentryFormattedPassphrase): New.
(opts): Add option.
(parse_rereadable_options): Set option.
--

GnuPG-bug-id: 5553, 5517

This is a squashed backport of two commits from master.
Backport-from-master: bf20a80f68449cc83b67c53ba9a0a84c45827ac4
Backport-from-master: 99601778f4a9dc1c9fee792361c959f5e0732cfd

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-16 12:45:37 +02:00
Ingo Klöcker
8fff61de94
common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry
* common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and
QT_QPA_PLATFORM.
--

On Unix systems (except Darwin), Qt uses those two environment
variables additionally to DISPLAY and WAYLAND_DISPLAY to figure out
whether to use X11 or Wayland. For example, QT_QPA_PLATFORM needs
to be set to "wayland" to make Qt use Wayland on Gnome.

GnuPG-bug-id: 3659
2021-08-16 12:01:00 +02:00
Werner Koch
5ca15e58b2
tools: Extend gpg-check-pattern.
* tools/gpg-check-pattern.c: Major rewrite.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 73c03e02322880c740310207dd2151cfd843792e

Here is a simple pattern file:

====================
# Pattern to reject passwords which do not comply to
#   - at least 1 uppercase letter
#   - at least 1 lowercase letter
#   - at least one number
#   - at least one special character
# and a few extra things to show the reject mode

# Reject is the default mode, ignore case is the default
#[reject]
#[icase]

# If the password starts with "foo" (case insensitive) it is rejected.
/foo.*/

[case]

# If the password starts with "bar" (case sensitive) it is rejected.
/bar.*/

# Switch to accept mode: Only if all patterns up to the next "accept"
# or "reject" tag or EOF match, the password is accepted.  Otherwise
# the password is rejected.

[accept]

/[A-Z]+/
/[a-z]+/
/[0-9]+/
/[^A-Za-z0-9]+/
=================
2021-08-16 11:59:29 +02:00
Werner Koch
4952ed9584
Post release updates
--
2021-07-04 17:23:56 +02:00
Werner Koch
695a879af8
Release 2.2.29 gnupg-2.2.29 2021-07-04 16:15:29 +02:00
Werner Koch
3283cf3a7a
Update OpenPGP card vendor list.
--
2021-07-04 15:49:50 +02:00
Werner Koch
51310497ef
po: Remove removed files.
--
2021-07-02 14:43:34 +02:00
Werner Koch
47c4e3e00a
dirmngr: Change the default keyserver.
* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
keyserver.ubuntu.com.

* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/http.c (http_session_new): Ditto.

* dirmngr/server.c (make_keyserver_item): Use a different mapping for
the gnupg.net names.
--

Due to the unfortunate shutdown of the keyserver pool, the long term
defaults won't work anymore.  Thus it is better to change them.

For https access keyserver.ubuntu.com is now used because it can be
expected that this server can stand the load from newer gnupg LTS
versions.

For http based access the Dutch Surfnet keyserver is used.  However
due to a non-standard TLS certificate this server can not easily be
made the default for https.

Note: that the default server will be changed again as soon as a new
connected keyserver infrastructure has been established.
2021-06-25 19:15:24 +02:00
Werner Koch
5fe4b97887
gpg: Let --fetch-key return an exit code on failure.
* g10/keyserver.c (keyserver_fetch): Return an error code.
* g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data.
--

GnuPG-bug-id: 5376
2021-06-25 10:35:24 +02:00
NIIBE Yutaka
b90c55fa66 scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.
* scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW.

--

Backport-master-commit: 25ae80b8eb6e9011049d76440ad7d250c1d02f7c
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-06-23 12:10:01 +09:00