1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

1101 Commits

Author SHA1 Message Date
Werner Koch
4122896a39
common,w32: Support file names longer than MAX_PATH in iobuf.
* common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar.
(any8bitchar): Remove.
2022-03-04 14:54:26 +01:00
Werner Koch
ce6e0b172e
Update copyright notices.
--

Note that for this LTS version we now print g10 Code as the first
copyright holder with --version.  This is to avoid confusion at our
customers, now that we also provide a Linux^WGNU/Linux version of
GnuPG VS-Desktop and the Windows version has always shown g10 Code.
2022-02-07 18:22:30 +01:00
Werner Koch
7d1215cb9c
common: Fix creation of Windows socket directories.
* common/homedir.c (w32_try_mkdir): Remove.
(standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
(_gnupg_socketdir_internal): Ditto.
--

The w32_try_mkdir was once introduced for WindowsCE and unfortunately
at a too brief inspection it looks like it does the utf8->wchar
conversion.  Which it does not.  Thus I obviously never tested the
switch to from APPDATA to LOCAL_APPDATA with a non-ascii account name.
That might have been due to the use of the very same code for the
homedir - but there is other code in gpg to create the homedir; thus a
failure here is mostly fixed later.

The missing error diagnostic was - and is - on purpose to avoid such
error messages due to a race between several running gpg instances.

GnuPG-bug-id: 5537
2022-02-07 17:59:22 +01:00
Werner Koch
eefa2d19ee
gpgconf: Some more fixes for the backported stuff.
* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
have a default.  Remove runtime flag.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
(known_options_gpg_agent): Add a few missing runtime flags.  Remove
"options".  Add "check-sym-passphrase-pattern".
(known_options_scdaemon, known_options_gpgsm): Remove "options".
(dirmngr): Ditto.

* tools/gpgconf-comp.c (is_known_option): Return only options having a
value for name.  Thus we list list options from the known_options
tables.
2022-01-26 16:43:46 +01:00
Werner Koch
d8e6d1e9ed
common: Fix returning of option attributes for options with args.
* common/argparse.c (gnupg_argparse): Set attribute flags
--
GnuPG-bug-id: 5799

This is a backport from the fix in libgpg-error in case gnupg 2.2 is
build against an older version of libgpg-error.
2022-01-25 19:05:16 +01:00
Werner Koch
96db487a4d
common,w32: Improve HKCU->HKLM fallback
* common/w32-reg.c (read_w32_registry_string): Add another fallback.
--

We use the same method in gpgme and libgpg-error since 2017 - should
be done here as well.  Thus the fallback also happens if the key
exists but not the actual entry.
2022-01-12 14:48:55 +01:00
Werner Koch
f0d034ebf4
common: New function xreallocarray
* common/miscellaneous.c (gnupg_reallocarray): New.
(xreallocarray): New.
--

Taken from libgpg-error so that we can build with older versions of
libgpg-error.
2021-12-29 09:21:00 +01:00
Werner Koch
1af559a9a2
common,w32: Sync read_w32_registry_string with the gpgrt version
* common/w32-reg.c (get_root_key): Add short version of the root
classes.
--

The code here is only used by gpgconf's new --show-configs command.
Usually on Windows the code from gpgrt is used for reading the
registry.  This one here is an exception and when backporting it I
missed to add the HKCU etc al string.

Fixes-commit: 6c6c404883e52545ed38293384c95fdacb7227c4
GnuPG-bug-id: 5724
2021-12-13 19:25:48 +01:00
Werner Koch
6c6c404883
common,w32: New function read_w32_reg_string.
* common/w32-reg.c (read_w32_reg_string): New.

* common/t-w32-reg.c (test_read_registry): Add another test.
2021-11-18 21:45:02 +01:00
Werner Koch
6ee01c1d26
gpg,gpgsm: Add option --min-rsa-length.
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
2021-11-18 21:11:10 +01:00
Werner Koch
006131f628
common: Support MYPROC_SELF_EXE for Solaris
* common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS.
--

GnuPG-bug-id: 5671
2021-11-02 20:57:10 +01:00
Werner Koch
bcd8f0239d
common: Silence warning from unix_rootdir on systems w/o /proc
* common/homedir.c (unix_rootdir): Silence diagnostic in the common
case.
(MYPROC_SELF_EXE): Support NetBSD.
--

GnuPG-bug-id: 5656
2021-11-02 20:57:03 +01:00
Ingo Klöcker
947fedf0e7
common: Respect gpgconf.ctl when looking up translations
* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
(i18n_localegettext): Ditto.
* tools/gpgconf-comp.c (my_dgettext): Ditto.
--

On Unix, gnupg_localedir() returns the locale directory relative to
the root directory of the gnupg installation if specified in the
gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR.

GnuPG-bug-id: 5999
2021-11-02 20:56:25 +01:00
Werner Koch
49d589c409
common: Support gpgconf.ctl also for BSDs.
* common/homedir.c (MYPROC_SELF_EXE): New.
(unix_rootdir): Use it here.  Also support GNUPG_BUILD_ROOT as
fallback.
--

In addition this adds a fallback method for AIX etc which do not have
an easy way to get the info.
2021-11-02 20:55:24 +01:00
Werner Koch
3828dd7a40
common: Add keyword sysconfdir to the optional gpgconf.ctl file.
* common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
(gnupg_sysconfdir): Return it.
--

Our regression test suite has the problem that we can't disable the
use of the global config files or test them using the regualr
binaries.  This new keyword will allow us to overcome the problem.
2021-11-02 20:55:20 +01:00
Werner Koch
82328165cf
common: Support a gpgconf.ctl file under Unix.
* common/homedir.c (unix_rootdir): New.
(gnupg_bindir): Use it.
(gnupg_libexecdir): Use it.
(gnupg_libdir): Use it.
(gnupg_datadir): Use it.
(gnupg_localedir): Use it.
--

This feature is useful for building and using an AppImage version of
gnupg and probably also for some other use cases.

GnuPG-bug-id: 5999

Here is a sample gpgconf.ctl file
--8<---------------cut here---------------start------------->8---
# gpgconf.ctl
#
# This file is used to change the directories where the gpg components
# are installed.  It does not change the configuration directories.
# The file is expected in the same directory as gpgconf.  The physical
# installation directories are evaluated and no symlinks.  Blank lines
# and lines starting with pound signed are ignored.  No errors are
# printed for unknown keywords or commands.  The only defined key for
# now is "rootdir" which must be followed by one optional space, an
# equal sign, and the value for the root directory.  Environment
# variables are substituted in standard shell manner, the final value
# must start with a slash, trailing slashed are stripped.

rootdir = $APPDIR/gnupg
--8<---------------cut here---------------end--------------->8---
2021-11-02 20:55:04 +01:00
Werner Koch
f0162afb6b
common: New function substitute_envvars.
* common/stringhelp.c (substitute_envvars): New.  Based on code in
gpg-connect-agent.
* common/t-stringhelp.c: Include sysutils.h.
(test_substitute_envvars): New.
--

GnuPG-bug-id: 5599
2021-11-02 20:54:03 +01:00
Werner Koch
a756a61f19
common,w32: Do not always print "Garbled console data" warning.
* common/init.c (_init_common_subsystems): Silence message.
--
2021-11-02 20:50:34 +01:00
Werner Koch
323a20399d
dirmngr: New option --ignore-cert
* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.
--

This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
GnuPG-bug-id: 5639
Backported-from-master: 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d
2021-10-06 11:06:01 +02:00
Werner Koch
117afec018
common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
* common/exechelp-w32.c (gnupg_spawn_process_detached): Silence
breakaway messages and turn them again into debug messages.
2021-09-13 17:12:23 +02:00
NIIBE Yutaka
7e431e009e common: Fix put_membuf.
* common/membuf.c (put_membuf): Allow NULL for the second arg.

--

Cherry-picked from master commit of:
	f271c6916469c0054c143adb4cee0588866a2a61

There has been such a use case in keybox-blob.c.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-27 17:22:25 +09:00
NIIBE Yutaka
d5f9481186 common: Fix get_signal_name for GNU/Linux.
* common/signal.c (get_signal_name): Use sigdescr_np if available.
* configure.ac: Check the function.

--

Backport master commit of:
	c4ba712736ddeda66055567874d573e79d22666b

GnuPG-bug-id: 5568
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-27 08:50:12 +09:00
Werner Koch
17e2ec488f
common: New function decode_c_string.
* common/miscellaneous.c (decode_c_string): New.
--

This is basically a copy from the code we use in gpgme and gpa.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6ecedd0b25b6b1a33be63b99f2a8256370000521)
2021-08-20 16:24:13 +02:00
Werner Koch
576e429d41
wkd: Fix client issue with leading or trailing spaces in user-ids.
* common/recsel.c (recsel_parse_expr): Add flag -t.
* common/stringhelp.c (strtokenize): Factor code out to
do_strtokenize.
(strtokenize_nt): New.
(do_strtokenize): Add arg trim to support the strtokenize_nt.
* common/t-stringhelp.c (test_strtokenize_nt): New test cases.

* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
flag -t.
--

This fixes a bug with user ids with leading spaces because:

wks-client lists all mail addresses from the key and matches them to the
requested mail address.

If there are several user-ids all with the same mail address
wks-client picks one of them and then extracts exactly that user id.
However, here it does not match by the mail address but by the full
user-id so that we can be sure that there will be only one user-id in
the final key.

The filter built expression unfortunately strips leading blanks but
requires a verbatim match.  Thus it won't find the user id again and
errors out.

The new -t flag and a non-trimming strtokenize solves the problem.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-20 09:58:35 +02:00
Werner Koch
ec2f1b3898
common,w32: Replace log_debug by log_info for InProcessJobs
* common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.
2021-08-18 09:41:17 +02:00
Werner Koch
4dfa951a0a
w32: Move socketdir to LOCAL_APPDATA
* common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
instead of the constant which makes a difference on Windows.
(_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
(gnupg_cachedir): Remove unsued function.

* common/sysutils.c (gnupg_rmdir): New.
* tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
--

That is actually a more correct directory than APPDATA.  This fixes
a problem with installations where the APPDATA is non a network drive
and the resulting socket filename is truncated in our socket helper
function (because we use sockaddr also for our local socket
emulation on Windows).

LOCAL_APPDATA is expected to be on the local box and thus in the
majority of cases the resulting socket file name will be short enough.

GnuPG-bug-id: 5537
Signed-off-by: Werner Koch <wk@gnupg.org>
Backport-from-master: 0802cbb59b21e06e16b4fd8596934c5565e7f659
2021-08-17 10:53:26 +02:00
Ingo Klöcker
8fff61de94
common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry
* common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and
QT_QPA_PLATFORM.
--

On Unix systems (except Darwin), Qt uses those two environment
variables additionally to DISPLAY and WAYLAND_DISPLAY to figure out
whether to use X11 or Wayland. For example, QT_QPA_PLATFORM needs
to be set to "wayland" to make Qt use Wayland on Gnome.

GnuPG-bug-id: 3659
2021-08-16 12:01:00 +02:00
Werner Koch
af2fd9f0af
tests: Cope with broken Libgcrypt versions
* common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve
errors.
--

For unknown reasons some versions of Fedora or RHEL provide a patched
version of Libgcrypt with Brainpool support removed.  We better ignore
this error because it is a regression in 2.2.28 although that older
versions could not used Brainpool keys.

GnuPG-bug-id: 5502
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-22 12:29:59 +02:00
Werner Koch
e94dfa21d2
w32: Add fallback in case the Windows console can't cope with Unicode.
* common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on
error.
--

To test this switch the Windows Console to "legacy mode"

  set LANG=de
  gpg --card-edit

and enter an invalid command.  The response contains an Umlaut and old
Windows versions (and the legacy console) don't have a proper font
installed for this.  Without this patch this runs into a log_fatal
error.

The mitigation we implement is to fallback to WriteConsoleA, that is
accepting wrong encoding and to print a note about the problem.

GnuPG-bug-id: 5491
2021-06-22 11:08:05 +02:00
Werner Koch
845711d142
gpg: Partial fix for Unicode problem in output files.
* g10/openfile.c (overwrite_filep): Use gnupg_access.
--

As said, this is just an obvious but partial fix.  We need to review
things for the output module.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-10 12:44:30 +02:00
Werner Koch
7a98e45e74
w32: Change spawn functions to use Unicode version of CreateProcess.
* common/exechelp-w32.c (gnupg_spawn_process): Change to use
CreateProcessW.
(gnupg_spawn_process_fd): Ditto.
(gnupg_spawn_process_detached): Ditto.
* g10/exec.c (w32_system): Ditto.
--

GnuPG-bug-id: 4398

We do not use this weirdo CREATE_UNICODE_ENVIRONMENT flag because it
does not make any sense to have non-ASCII names in the environment.  I
can't imagine why this should be used at all and rationale for this
API features is, well, sparse.

(cherry picked from commit cf2f6d8a3f0594c03c383b4989a3041e9c4536d7)
2021-06-08 10:52:45 +02:00
Andre Heinecke
f20e9a4644
common,w32: Breakaway detached childs when in job
* common/exechelp-w32.c (gnupg_spawn_process_detached): Add
CREATE_BREAKAWAY_FROM_JOB creation flag if required.

--
When the gpg process is assigned to a W32 "Job" the
child processes are killed once the Job is finished.
As we want our detached processes to linger e.g.
gpg-agent the breakaway flag is required in
that case.

GnuPG-Bug-Id: T4333

Thanks to Jan Echternach for reporting this and providing
a patch.

Signed-off-by: Andre Heinecke <aheinecke@gnupg.org>
(cherry picked from commit 03df28b18b92b3fd3d2ba1000903c088dc5b0fcf)
2021-06-08 10:50:18 +02:00
Werner Koch
b912f07cdf
w32: Always use Unicode for console input and output.
* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
UTF-8 for input and putput.  Switch gettext to UTF-8.
* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
--

With this patch the former patch to use ReadConsoleW and WriteConsoleW
in ttyio.c are kind of superfluous because the ANSI version of these
functions are also able to read/write UTF-8 directly given the console
code page has been set correctly.  However, this seems to work only
with recent versions of Windows-10.

GnuPG-bug-id: 4365
(cherry picked from commit 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8)
Removed changes for "gpgconf --show-codepages" of the original patch.
2021-06-08 10:34:54 +02:00
Werner Koch
ebdb62a98a
w32: Free memory allocated by new function w32_write_console.
* common/ttyio.c (w32_write_console): Free buffer.
--

(cherry picked from commit 31b708e268ebb725307856865f34a61670a35586)
2021-06-08 10:29:08 +02:00
Werner Koch
90aadf69f7
common,w32: Allow Unicode input and output with the console.
* common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
(w32_write_console): New.
(tty_printf, tty_fprintf) [W32]: Use new function.
--

Note that due this change fixed stings (i.e. gettext translations)
printed to the console will not be rendered correctly unless "chcp
65001" has been used.  This needs to be fixed by followup patch.

GnuPG-bug-id: 4365
(cherry picked from commit f165c8a737cc968554c9d78932c69869456108ff)
2021-06-08 10:27:43 +02:00
Werner Koch
521e176a60
common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support
* common/ttyio.c: Remove cruft like EMX and RISCOS support.  Translate
a few strings.  Re-indent.
--

Backported-from-master: 8622f53994249d8fb49a488cfe480ffbeb8cbfba
2021-06-08 10:26:00 +02:00
Werner Koch
d7d9a5ba3c
common: Rename w32-misc.c to w32-cmdline.c
* common/w32-misc.c: Rename to ....
* common/w32-cmdline.c: this.
* common/Makefile.am: Adjust.
--

(cherry picked from commit 7262d602d802c4a3840097d5de217fcfb9728b49)
2021-06-08 10:08:03 +02:00
Werner Koch
09f49b4c9a
common,w32: Implement globing of command line args.
* common/w32-misc.c [W32]: Include windows.h
(struct add_arg_s): New.
(add_arg): New.
(glob_arg): New.
(parse_cmdstring): Add arg argvflags and set it.
(w32_parse_commandline): Add arg r_itemsalloced.  Add globing.

* common/init.c (prepare_w32_commandline): Mark glob created items as
leaked.

* common/t-w32-cmdline.c : Include windows.h
(test_all): Add simple glob test for Unix.
(main): Add manual test mode for Windows.

* common/xasprintf.c (xtryreallocarray): New.
--

GnuPG-bug-id: 4398
Backported-from-master: 089c9439674e8ecbc64f0ba924e6fb447bbc2b9d)
2021-06-08 10:05:27 +02:00
Werner Koch
4d6807b215
common,w32: Refine the command line parsing for \ in quotes.
* common/t-w32-cmdline.c (test_all): Add new test cases.
* common/w32-misc.c (strip_one_arg): Add arg endquote.
(parse_cmdstring): Take care of backslashes in quotes.
--

I found some new test vectors from Microsoft.

(cherry picked from commit 20c60076866904187a09393de596deef286116f8)
2021-06-08 09:36:54 +02:00
Werner Koch
90ddd1cf13
common: First take on handling Unicode command line args.
* common/w32-misc.c: New.
* common/t-w32-cmdline.c: New.
* common/init.c: Include w32help.h.
(prepare_w32_commandline): New.
(_init_common_subsystems) [W32]: Call prepare_w32_commandline.

* common/Makefile.am (common_sources) [W32]: Add w32-misc.c
(module_tests): Add t-w32-cmdline
(t_w32_cmdline_LDADD): New.
--

The rules for the command line parser are not cleary specified - if at
all.  See the comment in t-w32-cmdline.c.

We can't use the mingw version because that would require to change
all argv handling to be wchar_t and that only for Windows.  That would
be too ugly.  Parsing the command line into argv by us is much easier
and we can do that only if needed - i.e. if globing is required (we
are prepared for this) or a non-ASCII character has been encountered.
This way we keep things stable and only fix the currently not working
Unicode problem.

GnuPG-bug-id: 4398
(cherry picked from commit deb6c94362c0f179de1cac18707aad2f51a21e10)
2021-06-08 09:29:49 +02:00
Werner Koch
b722fd755c
sm: Support AES-GCM decryption.
* sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error if gpgrt
supports this.
* sm/decrypt.c (decrypt_gcm_filter): New.
(gpgsm_decrypt): Use this filter if requested.  Check authtag.
* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in consumer (decrypt) de-vs mode.
--

Backported-from-master: 4980fb3c6dde8c1dda975e8a36d6086c8456a631

We allow GCM in de-vs mode for decryption although this has not been
evaluation.  It is decryption and thus no serious harm may happen.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-02 19:11:42 +02:00
Werner Koch
9f586700ec
gpg,sm: Simplify keyserver spec parsing.
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist.  Avoid
an ambiguity in dirmngr by adding a prefix if needed.

* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here.  Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--

We now rely on the dirmngr to parse the keyserver specs.  Thus a bad
specification will not be caught immediately.  However, even before
that dirmngr had stricter tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-26 14:30:17 +02:00
Jakub Jelen
4dc4b025d6
common: Avoid double-free
* common/name-value.c (do_nvc_parse): reset to null after ownership
change

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
2021-05-20 14:52:08 +02:00
Werner Koch
6f31acac76
sm: Support decryption of password based encryption (pwri)
* sm/decrypt.c (string_from_gcry_buffer): New.
(pwri_parse_pbkdf2): New.
(pwri_decrypt): New.
(prepare_decryption): Support pwri.
(gpgsm_decrypt): Test for PWRI.  Move IS_DE_VS flag to DFPARM.

* common/sexputil.c (cipher_mode_to_string): New.
--

Note that this is not finished because we need to implement a password
callback.  For now "abc" is used as passwort.

Latest libksba is also required to return the required info.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 02029f9eab87e9fd667829dfb083846275576398

Note that this change also prints the used algorithm and shows some
existsing diagnostics only in verbose mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-17 18:26:34 +02:00
NIIBE Yutaka
c2ba6bea4c
common: Fix gnupg_wait_processes, by skipping invalid PID.
* common/exechelp-posix.c (gnupg_wait_processes): Skip invalid PID.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d82dae5d2229a30dbc78aadc4d544d30dac76a1c)
2021-05-03 19:05:14 +02:00
Werner Koch
5b8593135f
common: Extend the openpgp_curve_to_oid function.
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--

In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.

(cherry picked from commit 24095101a5069f15a9aea7512498ac436a76814a)
2021-04-29 12:57:00 +02:00
Werner Koch
f3c98b8cb5
common: New module to compute openpgp fingerprints
* common/openpgp-fpr.c: New.
* common/Makefile.am (common_sources): Add it.
--

This function is targeted to handle keys on smartcards.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 2f2bdd9c0894eb43f719da8b529b4c7a46f742a0)
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-29 12:37:04 +02:00
Werner Koch
c825117c5f
common: New function to uncompress an ECC public key.
* common/sexputil.c (ec2os): New.
(uncompress_ecc_q_in_canon_sexp): New.

* common/t-sexputil.c (fail2): new.
(test_ecc_uncompress): New.
(main): Run new test.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 935765b451aadc63fbba763a4a00f4efa0254436)
2021-04-29 12:31:14 +02:00
Werner Koch
473e649ea1
common: New function cmp_canon_sexp.
* common/sexputil.c (cmp_canon_sexp): New.
(cmp_canon_sexp_def_tcmp): New.
* common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
--

To be used to fix
GnuPG-bug-id: 5061

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b6ba6a79ce9336f1b53f16f3d1190dd009fb166e)
2021-04-29 12:25:46 +02:00
Werner Koch
855d14d390
scd: Extend iso7816_select_path
* scd/iso7816.c (iso7816_select_path): Add arg top_fd.
* scd/app-nks.c (do_readkey): Adjust for this change
(select_ef_by_path: Ditto.

* common/tlv.h: Include membuf.h.
--

Including membuf.h is just for easier backporting.  In 2.3 it is
actually required in tlv.h but in 2.2 we right now only use it
indirect.
2021-04-29 10:38:29 +02:00
Werner Koch
8ef0f53cb0
common: Make the compliance check more robust.
* common/compliance.c (get_compliance_cache): New.
(gnupg_rng_is_compliant): Use per mode cache.
(gnupg_gcrypt_is_compliant): Ditto.
--

This addresses the problem tha the check might be called with
different compliance values and thus it should return the
corresponding cached result.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from 2.3.  Added PGP6 support which was removed from 2.3.
2021-04-01 13:21:33 +02:00
Werner Koch
67b82a9c60
common: New function dotlock_is_locked.
* common/dotlock.c (dotlock_is_locked): New.
(dotlock_take): Set locked flag also in disabled mode.  No more
warning if the lock has already been taken.
(dotlock_release): Clear locked flag also in disabled mode.  No more
warning if the lock has not been taken.
--

This allow to use dotlock_take and dotlock_release even if they have
already been called.  Before this changes this worked too but a
diagnostic was printed.
2021-03-02 19:11:53 +01:00
Werner Koch
3c7b1f3f5f
common: Fix compiler warning
--
2021-02-17 15:28:05 +01:00
Werner Koch
6e258babe7
Include the library version in the compliance checks.
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--

This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant.  GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 90c514868ff5fcf6d39490d4874ac3a31ba9e85f)
2021-01-28 16:01:53 +01:00
Werner Koch
4c53b2b867
Update copyright notices.
--
2021-01-11 18:40:45 +01:00
Werner Koch
3901c1a8c5
gpg,w32: Fix gnupg_remove.
* common/sysutils.c (map_w32_to_errno): New.
(gnupg_w32_set_errno): New.
(gnupg_remove) [w32]: Set ERRNO
--

To support Unicode gnupg_remove was changed to use DeleteFileW and not
properly tested because the code was alreadt used in Windows CE.
However, ERRNO was not set and thus Dirmngr failed due to

 if (!gnupg_remove (fname))
   log_info (_("removed stale te[...] file '%s'\n"), fname);
 else if (errno != ENOENT)
   {
     err = gpg_error_from_syserror ();
     log_error (_("problem remov[...] file '%s': %s\n"),
                fname, gpg_strerror (err));
     goto leave;
   }

GnuPG-bug-id: 5230
(cherry picked from commit b6967d31912912ad3c0a2ff6bf6eb9822a194562)
2021-01-11 14:26:27 +01:00
Werner Koch
323a69ef65
common: Remove superfluous debug output from dotlock.c.
* common/dotlock.c (dotlock_create_unix): Remove debug output.
--

This was left over from developement about 10 years ago.  Exhibits
itself when using sshfs.

GnuPG-bug-id: 5193
2020-12-21 17:37:58 +01:00
Werner Koch
09dc59f6d4
common: Fix the "ignore" meta command in argparse.c
* src/argparse.c (gnupg_argparse): Factor some code out to ...
(prepare_arg_return): new.
(gnupg_argparse): No missing arg error in ignore sections.
* common/sysutils.c: Include pwd.h.
(gnupg_getusername): New.
--

Options in an [ignore] section do not anymore lead to an error if an
argument is missing.  However, if the option is also in a force
section the error is thrown.

This is a port of the fix from libgpg-error.  Also fixes the
username fixme.
2020-12-21 17:24:34 +01:00
Werner Koch
a028f24136
Backport of the new option parser from 2.3
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* common/argparse.c, common/argparse.h: Rewrite.
* tests/gpgscm/main.c: Switch to the new option parser.

* g10/gpg.c: Switch to the new option parser and enable a global conf
file.
* g10/gpgv.c: Ditto.
* agent/gpg-agent.c: Ditto.
* agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c: Ditto.
* scd/scdaemon.c: Ditto.
* dirmngr/dirmngr.c: Ditto.
* dirmngr/dirmngr_ldap.c: Ditto
* dirmngr/dirmngr-client.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto.  Do not force verbose mode.
* sm/gpgsm.c: Ditto. Add option --no-options.
--

This is backport from master

commit cdbe10b762f38449b86da69076209324b0c99982
commit ba463128ce65a0f347643f7246a8e097c5be19f1
commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59

but without changing all functions names to gpgrt.  Instead we use
wrapper functions which, when building against old Libgpg-error
versions, are implemented in argparse.c using code from the current
libgpg-error.  This allows to keep the dependency requirement at
libgpg-error 1.27 to support older distributions.  Tested builds
against 1.27 and 1.40-beta.

Note that g13-syshelp does not anymore default to --verbose because
that can now be enabled in /etc/gnupg/g13-syshelp.conf.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-04 12:12:20 +01:00
NIIBE Yutaka
7d7a50ba72
common: Fix fallback handling to utf-8.
* common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.

--

GnuPG-bug-id: 5038
Fixes-commit: 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 393dcdd61c3b2da00a97176c647d9bd1c908ceba)
2020-11-27 17:46:29 +01:00
Werner Koch
163e4ff195
w32: Support Unicode also for config files etc.
* common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed.   Use
new function in most places where fopen is used.
--

The config files in 2.2 are still read using fopen - we need to change
this to allow Unicode directory names.  There is also one case where
files are written using the old fopen.  The new option parser in 2.3
does not have this problem but at some places fopen is also still used.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-10 12:09:11 +01:00
Werner Koch
9188a3c6b7
w32: Support utf8 for getcwd even if build with gpgrt < 1.40.
* common/sysutils.c (gnupg_getcwd) [W32]: Use Unicode version.
--

gpgrt 1.40 has not yet been released, so to make getcwd work properly
on Windows we need to have the code here as well.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-10 10:11:11 +01:00
Werner Koch
fc01ae5071
Require Libgpg-error 1.27
* configure.ac (NEED_GPG_ERROR_VERSION): Require 1.27
* common/util.h: Remove compatibility macros.
--

This is just a minor change to align with the need for Libgcrypt 1.8.
The latter was first released in summer 2017 while Libgpg-error 1.27
was released earlier in spring that year.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09 12:10:48 +01:00
Werner Koch
99ab3aed15
Require Libgcrypt 1.8
* configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.8.
* tools/gpgconf.c (show_version_libgcrypt): Remove conditional case
for Libgcrypt < 1.8.
* common/compliance.c (gnupg_rng_is_compliant): Ditto.
* agent/pksign.c: Ditto.
* agent/gpg-agent.c (thread_init_once): Ditto.
(agent_libgcrypt_progress_cb): Ditto.
* agent/command.c (cmd_getinfo): Ditto.
--

Libgcrypt 1.7 reached end-of-life more than a year ago.  Thus there is
no reason to keep backward support for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-09 12:03:19 +01:00
Ben Kibbey
f05d1772c4
gpg: Add canceled status message.
* common/status.h (STATUS_CANCELED_BY_USER): New.
* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
instead of STATUS_MISSING_PASSPHRASE when canceled is set.
--

This is to prevent further pinentry tries when the pinentry is canceled
by the user during symmetric decryption.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
(cherry picked from commit 31e47dfad0f40e31e8b3113b933696e8e4105136)
2020-11-09 11:53:33 +01:00
Werner Koch
6fe5c8c06e
common: Fix duplicate implementation of try_make_homedir.
* g10/openfile.c (try_make_homedir): Move core of the code to ...
* common/homedir.c (gnupg_maybe_make_homedir): new.
* sm/keydb.c (try_make_homedir): Implement using new function.

* common/homedir.c: Include i18n.h.
* po/POTFILES.in: Add common/homedir.c.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-04 16:25:57 +01:00
Andre Heinecke
b4cb91d5fb
w32: Add another pinentry search path
* common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe

--
In an installation layout where GnuPG is installed as a component
of another software it might be useful to have pinentry placed
in a different bin directory without the forced folder name of
Gpg4win.
2020-11-04 13:48:18 +01:00
Werner Koch
d633e92233
w32: Fix strftime problem on Windows.
* common/gettime.c: Include locale.h.
(asctimestamp): Increase buffer.  On Windows use setlocale.
--

GnuPG-bug-id: 5073
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-03 19:31:12 +01:00
Werner Koch
56a77f57db
common: Fix gnupg_access for older libgpg-error.
--

Fixes-commit: dd5fd4a760b8cf6ae05ff878bcf36cf2465e744c
2020-10-26 12:35:28 +01:00
Werner Koch
5f8123df78
common: New functions gnupg_opendir et al.
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New.  Change all
callers of opendir, readdir, and closedir to use these functions.
--

GnuPG-bug-id: 5098
Backported-from-master: 7e22e08e2ab09cd3c2317f5e80e8ee47d46eff4b
2020-10-23 11:24:09 +02:00
Werner Koch
4252cd7b18
w32: Make gnupg_remove and gnupg_rename_file Unicode aware
* common/sysutils.c (w32_rename): New.
(gnupg_rename_file) [W32]: Support Unicode.
(gnupg_remove) [W32]: Support Unicode.  Drop Windows-CE support.
--

GnuPG-bug-id: 5098
(cherry picked from commit 9a0197b6fe412cfc66b0cece521267180e454416)
2020-10-23 11:20:24 +02:00
Werner Koch
157030271f
Replace all calls to stat by gnupg_stat.
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--

Yet another wrapper for Unicode support on Windows.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 18e5dd7b03ced51611c9ba1345cf498a0aaf14a6)
2020-10-23 11:15:59 +02:00
Werner Koch
86e52e3c33
Replace most calls to open by a new wrapper.
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New.  Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--

This is yet another step for full Unicode support on Windows.

GnuPG-bug-id: 5098
(cherry picked from commit 4dcef0e17836e8725c31a3b76f2bf7144345c808)
2020-10-23 10:02:25 +02:00
Werner Koch
d65ea29683
w32: Allow Unicode filenames for dotlock
* common/dotlock.c (any8bitchar) [W32]: New.
(dotlock_create_w32): Use strconcat and CreateFileW.

* common/t-dotlock.c: Source include dotlock.c and modify to allow
manual testing on Windows.
--

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b47c355b18d9537ccc3dd3e80cc1825b018ecff7)
2020-10-21 21:10:27 +02:00
Werner Koch
5c6e9b44cc
Replace most of the remaining stdio calls by estream calls.
--

We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change.  At a
very few places we keep using stdio (for example due to the use of
popen).

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 390497ea115e1aca93feec297a5bd6ae7b1ba6dd
2020-10-21 21:09:38 +02:00
Werner Koch
dd5fd4a760
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
(cherry picked from commit c94ee1386e0d5cdac51086c4d5b92de59c09c9b5)
2020-10-21 20:49:18 +02:00
Werner Koch
e12e5b3dab
common,w32: Change copyright holder notice.
--
2020-10-02 16:38:18 +02:00
Werner Koch
239e60a37f
gpgconf,w32: Add manifest so we get the correct windows version.
* common/w32info-rc.h.in: Update copyright info.
* tools/gpg-connect-agent-w32info.rc: Tweak file info.
* tools/gpgconf-w32info.rc: New.
* tools/gpgconf.w32-manifest.in: New.
* configure.ac: Add new .in file.
* tools/Makefile.am (EXTRA_DIST): Add them.
(gpg_connect_agent_robjs, gpgconf_robjs): New.
(gpgconf_LDADD): Add resource file.
(gpg_connect_agent_LDADD): Change name of resource macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-02 14:24:04 +02:00
Werner Koch
7de9ed521e
agent: Keep some permissions of private-keys-v1.d.
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 07:46:25 +02:00
Werner Koch
364cef997c
common: Use gpgrt functions for mkdir and chdir if available
* common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
(gnupg_chdir): Divert to gpgrt_chdir
--

To avoid bumping up the build dependency on libgpg-error 1.28 we use
the gpgrt version only if at least this libgpg-error version was used
at build time.  This won't fix any bugs though and it is in general
advisable to use the latest libgpg-error.  There are actually a couple
of very useful bug fixes for Windows in the upcoming libgpg-error 1.39
but on Unix you can live without them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:37:44 +02:00
Werner Koch
bef68efd8d
common,w32: Do not assume the ANSI codepage during string conversion.
* common/utf8conv.c (get_w32_codepage): New.
(wchar_to_native): Use instead oc CP_ACP.
(native_to_wchar): Ditto.
--

This should fix quite some issue; we fixed it when using the iconv
based machinery about 14 years ago.  At some point we introduced the
new conversion functions because Windows started to support UTF-8
natively.  The fix comes late but well, it is done.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:23:05 +02:00
Werner Koch
73b0fdabdb
common: Strip trailing CR,LF from w32_strerror.
* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
arg to w32_strerror.

--

This is in particular annoying since we started to use a string
argument sanitizer in the logging code.  Before that we just add an
extra blank line.

The second patch corrects a never yet seen error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:22:01 +02:00
Werner Koch
1efe99f3d9
gpgtar: Make --files-from and --null work as described.
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names.  Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
(main): Remove tests for --files-from and --null option combinations.
Pass option variables to gpgtar_create.
--

GnuPG-bug-id: 5027
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-20 15:53:06 +02:00
Werner Koch
829bc3bc60
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:58:52 +02:00
Werner Koch
3cf920a1e3
common: Pass the WAYLAND_DISPLAY envvar along
* common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.
--
GnuPG-bug-id: 5016

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-12 09:28:20 +02:00
NIIBE Yutaka
8d9ce32c30 w32: More adding NETLIBS.
* common/Makefile.am (t_common_ldadd): Add $(NETLIBS).

--

Cherry-picked master commit of:
	5fa4427419c875e46d051ae6ed376d5ad6037401

GnuPG-bug-id: 4994
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-30 15:11:11 +09:00
Werner Koch
c5ab1dcd54
gpgsm: Make rsaPSS a compliant scheme in de-vs mode.
--

GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 5fe3cdfc7646c2c88beb168ba34fc64f9dd2c156
2020-07-14 12:30:36 +02:00
Werner Koch
4a36adaa64
sm: Exclude rsaPSS from de-vs compliance mode.
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS.  Adjust all callers.
* common/util.c (pubkey_algo_to_string): New.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg.  Add arg pkalgoflags.  Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags.  Pass algo flags along.  Change some of the
info output to be more like current master.
--
Signed-off-by: Werner Koch <wk@gnupg.org>

This backport from master
commit 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
also includes some changes taken from
commit a759fa963a42e0652134130029217270b6d5d00b
(sm: Improve readability of the data verification output.)

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-03 17:08:58 +02:00
Werner Koch
381c54179c
common: Add missing error code GPG_ERR_WRONG_NAME.
* configure.ac: Require libgpg-error 1.25.
* common/util.h: Define some extra error codes.
--

This actually defines a few more error ocdes in case they are used by
backported code.  The requirement chnaged to 1.25 because erro codes
from there are also required.

GnuPG-bug-id: 4965
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 10:29:18 +02:00
Werner Koch
c6324ee07a
common: Change argument order of log_printhex.
* common/logging.c (log_printhex): Chnage order of args.  Make it
printf alike.  Change all callers.
* configure.ac: Add -Wno-format-zero-length
--

This makes it consistent with modern libgpgrt logging and thus eases
back porting from newer GnuPG versions which use libgpgrt logging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-12 18:51:47 +02:00
Werner Koch
1dfe71c62b
gpg: Support decryption of the new AEAD packet
* common/openpgpdefs.h (aead_algo_t): New.
(pkttype_t): Add PKT_ENCRYPTED_AEAD.
* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
AEAD.
(aead_set_nonce_and_ad): New.
(aead_checktag): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/dek.h (DEK): Add field use_aead.  Turn use_mdc,
algo_info_printed, and symmetric into bit flags.
* g10/mainproc.c (struct mainproc_context): Add field
seen_pkt_encrypted_aead.
(release_list): Clear it.
(have_seen_pkt_encrypted_aead): New.
(symkey_decrypt_seskey): Support AEAD.
(proc_symkey_enc): Ditto.
(proc_encrypted): Ditto.
(proc_plaintext): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(openpgp_aead_algo_info): New.
* g10/packet.h (PKT_symkey_enc): Add field use_aead.
(PKT_user_id): Add field flags.aead
(PKT_public_key): Ditto.
(PKT_encrypted): Add fields for AEAD.
* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
(parse_symkeyenc): Support AEAD.
(parse_encrypted): Ditto.
(dump_sig_subpkt): Dump AEAD preference packet.
(parse_encrypted_aead): New.
--

This patch allows to decrypt data encrypted using the new AEAD
mechanism as specified in rfc4880bis.  Although preferences are used
to enable this new mode, it is useful to have at least a decryption
option in case a user switches between GnuPG 2.2 and newer versions.

The new AEAD mechanism is much faster than the current CFB+MDC and
thus 2.2 will allow faster decryption of symmetric only decryption.

This patch is based on the current master (2.3) code base and includes
a few other patches.  In particular
commit 44be675b759d27bac310c2de8bae1b7882a26b65
(gpg: More check for symmetric key encryption.)
is included.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 08:25:55 +02:00
Werner Koch
4d37cc72b8
common: New function to map hash algo names.
* common/sexputil.c (hash_algo_to_string): New.
--

Libgcrypt expects lowercase names and it is cumbersome to downcase
those retrieved via gcry_md_algo_name.  It is easier and also faster
to use a dedicated map function.
2020-04-15 15:43:00 +02:00
Werner Koch
471b06e91b
scd:p15: Fix decrypt followed by sign problem for D-Trust cards.
* scd/iso7816.c (iso7816_select_mf): New.
* scd/app-p15.c (card_product_t): New.
(struct app_local_s): Add field 'card_product'.
(read_ef_tokeninfo): Detect D-Trust card.
(prepare_verify_pin): Switch to D-Trust AID.
(do_decipher): Restore a SE for D-TRust cards.  Change the padding
indicator to 0x81.

* common/percent.c (percent_data_escape): new.  Taken from master.
--

Using what I learned from a USB trace running the Governikus Signer
Software on Windows this fixes the left over problem with the new
D-Trust card support.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.  This required to add the percent_data_escape
function we introduced in master on 2018-07-02:

    commit 58baf40af641f8cbf597e508a292e85ae94688f1
    common: New function percent_data_escape.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:31:56 +02:00
Werner Koch
e730444e7b
scd:p15: Support signing with CardOS 5 cards.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_pkey and change all callers.
(app_help_get_keygrip_string): Ditto.
* scd/app-p15.c (struct cdf_object_s): Use bit flags
(struct aodf_object_s): Ditto.  Add field 'fid'.
(struct prkdf_object_s): Ditto.  Add fields keygrip, keyalgo, and
keynbits.
(parse_certid): Allow a keygrip instead of a certid aka keyref.
(read_ef_aodf): Store the FID.
(keygripstr_from_prkdf): Rename to ...
(keygrip_from_prkdf): this.  Remove arg r_gripstr and implement cache.
Change callers to directly use the values from the object.  Also store
the algo and length of the key ion the object.
(keyref_from_keyinfo): New. Factored out code.
(do_sign): Support SHA-256 and >2048 bit RSA keys.
common/scd:p15: Support signing with CardOS 5 cards.
* common/util.h (KEYGRIP_LEN): New.
--

This has been tested with a D-Trust card featuring 3072 bit keys.
Note that non-repudiation key for a qualified signature does not yet
work because we do not yet support rsaPSS padding.  Thus a gpgsm
--learn shows a couple of Bad Signature errors for this key.

Signed-off-by: Werner Koch <wk@gnupg.org>

Back ported from master:
- Removed do_with_keygrip
- Added KEYGRIP_LEN
- app_help_get_keygrip_string_pk actually added.
- Move keygrip_from_prkdf in do_sign before the verification.
  It used to work in master only because there it is implictly
  called prior to signing by do_with_keygrip

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-01 16:00:31 +02:00
Werner Koch
1424c12e4c
sm: Consider certificates w/o CRL DP as valid.
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
--

If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks.  The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from master)
2020-03-27 21:20:13 +01:00
Werner Koch
b27d30df62
Copyright notice updates et al.
--
2020-03-19 15:48:12 +01:00
Werner Koch
d79ebee64e
gpg: New option --include-key-block.
* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--

This patch adds support for a to be proposed OpenPGP ferature:

  Introduce the Key Block subpacket to align OpenPGP with CMS.

  This new subpacket may be used similar to the CertificateSet of
  CMS (RFC-5652) and thus allows to start encrypted communication
  after having received a signed message.  In practice a stripped down
  version of the key should be including having only the key material
  and the self-signatures which are really useful and shall be used by
  the recipient to reply encrypted.

  #### Key Block

  (1 octet with value 0, N octets of key data)

  This subpacket MAY be used to convey key data along with a signature
  of class 0x00, 0x01, or 0x02.  It MUST contain the key used to create
  the signature; either as the primary key or as a subkey.  The key
  SHOULD contain a primary or subkey capable of encryption and the
  entire key must be a valid OpenPGP key including at least one User ID
  packet and the corresponding self-signatures.

  Implementations MUST ignore this subpacket if the first octet does not
  have a value of zero or if the key data does not represent a valid
  transferable public key.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:38:09 +01:00
Werner Koch
e952026e19
sm: Remove left over debug output.
--
2020-02-17 11:38:23 +01:00
Werner Koch
38f819bd6d
gpgsm: Fix import of some CR,LF ternminated certificates
* common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
don't just rely on the padding chars.  This could happen only with
CR+LF termnmated PEM files.  Also move the detection into the invalid
character detection branch for a minor parser speedup.
--

GnuPG-bug-id: 4847
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6248739799fd4a877529089375e2a4103d33e6f4)
2020-02-15 19:21:35 +01:00
Werner Koch
21d9bd8b87
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:37:34 +01:00