* common/membuf.c (put_membuf): Allow NULL for the second arg.
--
There has been such a use case in keybox-blob.c.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/recsel.c (recsel_parse_expr): Add flag -t.
* common/stringhelp.c: Remove assert.h.
(strtokenize): Factor code out to do_strtokenize.
(strtokenize_nt): New.
(do_strtokenize): Add arg trim to support the strtokenize_nt.
* common/t-stringhelp.c (test_strtokenize_nt): New test cases.
* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
flag -t.
--
This fixes a bug with user ids with leading spaces because:
wks-client lists all mail addresses from the key and matches them to the
requested mail address.
If there are several user-ids all with the same mail address
wks-client picks one of them and then extracts exactly that user id.
However, here it does not match by the mail address but by the full
user-id so that we can be sure that there will be only one user-id in
the final key.
The filter built expression unfortunately strips leading blanks but
requires a verbatim match. Thus it won't find the user id again and
errors out.
The new -t flag and a non-trimming strtokenize solves the problem.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
instead of the constant which makes a difference on Windows.
(_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
(gnupg_cachedir): Remove unsued function.
* common/sysutils.c (gnupg_rmdir): New.
* tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
--
That is actually a more correct directory than APPDATA. This fixes
a problem with installations where the APPDATA is non a network drive
and the resulting socket filename is truncated in our socket helper
function (because we use sockaddr also for our local socket
emulation on Windows).
LOCAL_APPDATA is expected to be on the local box and thus in the
majority of cases the resulting socket file name will be short enough.
GnuPG-bug-id: 5537
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and
QT_QPA_PLATFORM.
--
On Unix systems (except Darwin), Qt uses those two environment
variables additionally to DISPLAY and WAYLAND_DISPLAY to figure out
whether to use X11 or Wayland. For example, QT_QPA_PLATFORM needs
to be set to "wayland" to make Qt use Wayland on Gnome.
GnuPG-bug-id: 3659
* kbx/keybox-search-desc.h (struct keydb_search_desc): New flag
name_used.
* common/userids.c (classify_user_id): Set flag.
* kbx/kbxserver.c (struct search_backing_store_s): New.
(cmd_search): use a backing store for the const pointers.
(kbxd_start_command_handler): Release the backing store.
--
Well, the search object partly uses buffers but also const
pointers (for strings and the serial number). This when assigning
such objects to an another one we should really take a deep copy and
not just copy the pointer. The more clean solution would have been to
provide a storage option the search object but that needs checking the
code at too many places so that I decided to use a separate backing
store array here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve
errors.
--
For unknown reasons some versions of Fedora or RHEL provide a patched
version of Libgcrypt with Brainpool support removed. We better ignore
this error because it is a regression in 2.2.28 although that older
versions could not used Brainpool keys.
GnuPG-bug-id: 5502
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on
error.
--
To test this switch the Windows Console to "legacy mode"
set LANG=de
gpg --card-edit
and enter an invalid command. The response contains an Umlaut and old
Windows versions (and the legacy console) don't have a proper font
installed for this. Without this patch this runs into a log_fatal
error.
The mitigation we implement is to fallback to WriteConsoleA, that is
accepting wrong encoding and to print a note about the problem.
GnuPG-bug-id: 5491
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid
an ambiguity in dirmngr by adding a prefix if needed.
* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here. Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--
We now rely on the dirmngr to parse the keyserver specs. Thus a bad
specification will not be caught immediately. However, even before
that dirmngr had stricter tests.
Signed-off-by: Werner Koch <wk@gnupg.org>
Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in decrypt mode.
* tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag
--
We allow GCM in de-vs mode for decryption although this has not been
evaluation. It is decryption and thus no serious harm may happen.
* g10/openfile.c (overwrite_filep): Use gnupg_access.
--
As said, this is just an obvious but partial fix. We need to review
things for the output module.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_genkey): Use goto instead of return.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto.
* agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct
pointer
(agent_genkey): Release memory
* agent/gpg-agent.c (check_own_socket): Free sockname
* agent/protect-tool.c (read_key): Free buf.
(agent_askpin): Free passphrase
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Changed original patch to not add a free before a GPG_ERR_BUG.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 5393
* common/comopt.c, common/comopt.h: New.
* common/Makefile.am: Add them.
* g10/gpg.c: Include comopt.h.
(main): Also parse common.conf.
* sm/gpgsm.c: Include comopt.h.
(main): Set a flag for the --no-logfile option. Parse common.conf.
* tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
pseudo option "use_keyboxd".
(known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
(known_options_gpgsm): Remove "use-keyboxd".
* tests/openpgp/defs.scm (create-gpghome): Create common.conf.
* doc/examples/common.conf: New.
--
Note that --use-keybox still works but prints a warning. We will
eventually remove this option becuase it was marked as an experimental
feature anyway.
It would be too confusing if gpg and gpgsm use different key storages.
Further, other components (e.g. dirmngr or gpg-wks-client) which call
gpg or gpgsm need to be aware that the keyboxd is used and pass that
option on the command line. Now that common.conf is always read (even
if --no-options is used) those tools will work instantly.
* common/openpgp-fpr.c: New.
* common/Makefile.am (common_sources): Add it.
--
This function is targeted to handle keys on smartcards.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (get_compliance_cache): New.
(gnupg_rng_is_compliant): Use per mode cache.
(gnupg_gcrypt_is_compliant): Ditto.
--
This addresses the problem tha the check might be called with
different compliance values and thus it should return the
corresponding cached result.
Signed-off-by: Werner Koch <wk@gnupg.org>
common/openpgp-oid.c (oidtable): Ed448 uses 456-bit signature.
--
While the curve itself is 448-bit, the signature size is 456-bit.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tpm2d: New directory.
* Makefile.am (SUBDIRS): Add directory.
* configure.ac: Detect libtss and decide whether to build tpm2d.
* am/cmacros.am: Add a define.
* util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
* common/homedir.c (gnupg_module_name): Add tpm2d.
* common/mapstrings.c (macros): Add "TPM2DAEMON".
* tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
* tools/gpgconf-comp.c (known_options_tpm2daemon): New.
(gc_component): Add TPM2.
(tpm2daemon_runtime_change): New.
* tpm2d/Makefile.am: New.
* tpm2d/command.c: New.
* tpm2d/ibm-tss.h: New.
* tpm2d/tpm2.c: New.
* tpm2d/tpm2.h: New.
* tpm2d/tpm2daemon.c: New.
* tpm2d/tpm2daemon.h: New.
---
This commit adds and plumbs in a tpm2daemon to the build to mirror the
operation of scdaemon. The architecture of the code is that
tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
updated function prefixes (this argues there could be some further
consolidation of the daemon handling code). Note that although this
commit causes the daemon to be built and installed, nothing actually
starts it or uses it yet.
Command handling
----------------
command.c is copied from the command handler in scd.c except that the
command implementation is now done in terms of tpm2 commands and the
wire protocol is far simpler. The tpm2daemon only responds to 4
commands
IMPORT: import a standard s-expression private key and export it to
TPM2 format. This conversion cannot be undone and the
private key now can *only* be used by the TPM2. To anyone
who gets hold of the private key now, it's just an
encrypted binary blob.
PKSIGN: create a signature from the tpm2 key. The TPM2 form private
key is retrieved by KEYDATA and the hash to be signed by
EXTRA. Note there is no hash specifier because the tpm2
tss deduces the hash type from the length of the EXTRA
data. This is actually a limitation of the tpm2 command
API and it will be interesting to see how this fares if the
tpm2 ever supports say sha3-256 hashes.
PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
The tpm2 for private key is retrieved by KEYDATA and the
information used to create the symmetric key by EXTRA.
KILLTPM2D: stop the daemon
All the tpm2 primitives used by command.c are in tpm2.h and all the
tpm2 specific gunk is confined to tpm2.c, which is the only piece of
this that actually does calls into the tss library.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Changes from James' patch:
- gpgconf: The displayed name is "TPM" and not "TPM2". That
string is used by GUIs and should be something the user
understands. For example we also use "network" instead
of "Dirmngr".
- Removed some commented includes.
- Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
- Silenced a C90 compiler warning and flags unused parameters.
- Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
files so that make distcheck works.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-w32.c (gnupg_spawn_process): Change to use
CreateProcessW.
(gnupg_spawn_process_fd): Ditto.
(gnupg_spawn_process_detached): Ditto.
* g10/exec.c (w32_system): Ditto.
--
GnuPG-bug-id: 4398
We do not use this weirdo CREATE_UNICODE_ENVIRONMENT flag because it
does not make any sense to have non-ASCII names in the environment. I
can't imagine why this should be used at all and rationale for this
API features is, well, sparse.
* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
UTF-8 for input and putput. Switch gettext to UTF-8.
* tools/gpgconf.c (main): Display the input and output codepage if
they differ.
* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
--
With this patch the former patch to use ReadConsoleW and WriteConsoleW
in ttyio.c are kind of superfluous because the ANSI version of these
functions are also able to read/write UTF-8 directly given the console
code page has been set correctly. However, this seems to work only
with recent versions of Windows-10.
GnuPG-bug-id: 4365
* common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
(w32_write_console): New.
(tty_printf, tty_fprintf) [W32]: Use new function.
--
Note that due this change fixed stings (i.e. gettext translations)
printed to the console will not be rendered correctly unless "chcp
65001" has been used. This needs to be fixed by followup patch.
GnuPG-bug-id: 4365
* common/w32-misc.c [W32]: Include windows.h
(struct add_arg_s): New.
(add_arg): New.
(glob_arg): New.
(parse_cmdstring): Add arg argvflags and set it.
(w32_parse_commandline): Add arg r_itemsalloced. Add globing.
* common/init.c (prepare_w32_commandline): Mark glob created items as
leaked.
* common/t-w32-cmdline.c : Include windows.h
(test_all): Add simple glob test for Unix.
(main): Add manual test mode for Windows.
--
GnuPG-bug-id: 4398
* common/t-w32-cmdline.c (test_all): Add new test cases.
* common/w32-misc.c (strip_one_arg): Add arg endquote.
(parse_cmdstring): Take care of backslashes in quotes.
--
I found some new test vectors from Microsoft.
* common/w32-misc.c: New.
* common/t-w32-cmdline.c: New.
* common/init.c: Include w32help.h.
(prepare_w32_commandline): New.
(_init_common_subsystems) [W32]: Call prepare_w32_commandline.
* common/Makefile.am (common_sources) [W32]: Add w32-misc.c
(module_tests): Add t-w32-cmdline
(t_w32_cmdline_LDADD): New.
--
The rules for the command line parser are not cleary specified - if at
all. See the comment in t-w32-cmdline.c.
We can't use the mingw version because that would require to change
all argv handling to be wchar_t and that only for Windows. That would
be too ugly. Parsing the command line into argv by us is much easier
and we can do that only if needed - i.e. if globing is required (we
are prepared for this) or a non-ASCII character has been encountered.
This way we keep things stable and only fix the currently not working
Unicode problem.
GnuPG-bug-id: 4398
* configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION
and set to 1.41.
* common/sysutils.c (gnupg_access): Remove code for older gpgrt
versions.
* kbx/backend-sqlite.c: Ditto.
* sm/gpgsm.c (main): Ditto.
--
We already have a requirement for a newer Libgcrypt and thus we can
also require a more recent libgpgrt (aka libgpg-error) which was
released before Libgcrypt.
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--
This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant. GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/session-env.c (session_env_list_stdenvnames): Extend to allow
return all names as one string.
* agent/command-ssh.c (SSH_REQUEST_EXTENSION): New.
(SSH_RESPONSE_EXTENSION_FAILURE): New.
(request_specs): Add handler for the extension command.
(ssh_handler_extension): New.
--
The extension mechanism is specified in
https://tools.ietf.org/html/draft-miller-ssh-agent-04
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Require at least Libgcrypt 1.9.0. Remove all
GCRYPT_VERSION_NUMBER dependent code.
--
Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (map_w32_to_errno): New.
(gnupg_w32_set_errno): New.
(gnupg_remove) [w32]: Set ERRNO
--
To support Unicode gnupg_remove was changed to use DeleteFileW and not
properly tested because the code was alreadt used in Windows CE.
However, ERRNO was not set and thus Dirmngr failed due to
if (!gnupg_remove (fname))
log_info (_("removed stale te[...] file '%s'\n"), fname);
else if (errno != ENOENT)
{
err = gpg_error_from_syserror ();
log_error (_("problem remov[...] file '%s': %s\n"),
fname, gpg_strerror (err));
goto leave;
}
GnuPG-bug-id: 5230
* common/dotlock.c (dotlock_create_unix): Remove debug output.
--
This was left over from developement about 10 years ago. Exhibits
itself when using sshfs.
GnuPG-bug-id: 5193
* acinclude.m4 (GNUPG_CHECK_ENDIAN): Use AC_COMPILE_IFELSE instead of
AC_TRY_COMPILE. Use AC_RUN_IFELSE instead of AC_TRY_RUN.
(GNUPG_BUILD_PROGRAM): Use AS_HELP_STRING instead of AC_HELP_STRING.
* configure.ac: Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
Use AS_HELP_STRING instead of AC_HELP_STRING.
(AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
(AC_TYPE_SIGNAL): Remove.
* m4/isc-posix.m4: Remove.
* m4/codeset.m4: Update from gnulib.
* m4/gettext.m4: Update from gnulib.
* m4/lcmessage.m4: Update from gnulib.
* m4/socklen.m4: Update from gnulib.
* m4/ldap.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
Use AC_LINK_IFELSE instead of AC_TRY_LINK.
Use AC_RUN_IFELSE instead of AC_TRY_RUN.
* m4/gpg-error.m4: Update from libgpg-error.
* m4/readline.m4: Update from libgpg-error.
* m4/npth.m4: Update from npth.
* m4/libassuan.m4: Update from libassuan.
* m4/libgcrypt.m4: Update from libgcrypt.
* m4/ksba.m4: Update from libksba.
* m4/ntbtls.m4: Update from ntbtls.
* common/signal.c [!HAVE_DOSISH_SYSTEM] (init_one_signal): Replace
RETSIGTYPE to void.
[!HAVE_DOSISH_SYSTEM] (got_fatal_signal, got_usr_signal): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/status.h (STATUS_CANCELED_BY_USER): New.
* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
instead of STATUS_MISSING_PASSPHRASE when canceled is set.
--
This is to prevent further pinentry tries when the pinentry is canceled
by the user during symmetric decryption.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* g10/openfile.c (try_make_homedir): Move core of the code to ...
* common/homedir.c (gnupg_maybe_make_homedir): new.
* sm/keydb.c (try_make_homedir): Implement using new function.
* common/homedir.c: Include i18n.h.
* po/POTFILES.in: Add common/homedir.c.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe
--
In an installation layout where GnuPG is installed as a component
of another software it might be useful to have pinentry placed
in a different bin directory without the forced folder name of
Gpg4win.
(cherry picked from commit b4cb91d5fbe2b8917d76d12eb72aaac0d97ed596)
* common/gettime.c: Include locale.h.
(asctimestamp): Increase buffer. On Windows use setlocale.
--
GnuPG-bug-id: 5073
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all
callers of opendir, readdir, and closedir to use these functions.
--
GnuPG-bug-id: 5098