1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9817 Commits

Author SHA1 Message Date
Werner Koch
b067285d59
dirmngr: Fix failed malloc error message.
* dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
2022-08-03 10:49:58 +02:00
Werner Koch
5fb2306b97
gpgconf: Add config file for Windows Registry dumps.
* tools/gpgconf.c (show_registry_entries_from_file): New.
(show_configs): Call it.
* doc/examples/gpgconf.rnames: New.
* doc/Makefile.am (examples): Add it.
2022-08-03 09:31:44 +02:00
Werner Koch
171725c971
g13: Remove unused variable.
--
2022-08-02 18:45:06 +02:00
Werner Koch
e542c4af18
gpg: Make symmetric + pubkey encryption de-vs compliant.
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.

* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
--

The original check was too strong because it is in fact compliant to
encrypt with a symmetric key and and public key.  Thus decryption
should issue a compliance status.

In addition we now check that the cipher algorithms used to
symmetrically encrypt the session key are all compliant.  This is
similar to our check for all public key encrypted session key packets.

GnuPG-bug-id: 6119
Fixes-commit: b03fab09e188f7bb10237d4f20455e4026737e4e

Backported from 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2022-08-02 18:41:23 +02:00
Werner Koch
ea7aba6e60
gpgconf: Improve registry dumping.
* common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and
change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key.  Indicate whether the HKLM fallback was used.
--

Note that this is  backport from 2.2.  The new support there for
REG_DWORD needs to be implemented in libgpg-error, though.
2022-08-02 14:35:38 +02:00
Werner Koch
10f42f313c
tests: Install links for tpm2daemon
* Makefile.am (all-local): Install missing symlinks.
--

GnuPG-bug-id: 6052
2022-08-01 15:10:07 +02:00
Werner Koch
8e63e813c7
common: Add a default OpenPGP ECC mapping.
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map ECC to ECDSA
which is similar to what we do at opther places in gpg.
--

GnuPG-bug-id: 5555
2022-08-01 10:34:16 +02:00
Werner Koch
67e510cbf7
scd:opengpg: Minor vendor name fix
--
2022-07-28 13:06:03 +02:00
Werner Koch
eb675fbc4e
gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
algorithm.
--

GnuPG-bug-id: 6043
2022-07-28 10:41:02 +02:00
Werner Koch
6d9c8a1cbc
scd:openpgp: New vendor
--
2022-07-28 09:01:24 +02:00
Werner Koch
4c8792fa10
wkd: Bind the address to the nonce.
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--

Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <pbreuch@mail.upb.de>
GnuPG-bug-id: 6098
2022-07-27 11:41:34 +02:00
Werner Koch
77090e5260
tests: Add missing file for tpm2d tests to the tarball.
--
GnuPG-bug-id: 6052
2022-07-27 11:40:33 +02:00
Werner Koch
1735b5ffa8
doc: Minor typo fix
--

GnuPG-bug-id: 6092
2022-07-26 10:51:38 +02:00
Werner Koch
8a63a8c825
wkd: Fix path traversal attack on gpg-wks-server.
* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.
2022-07-25 10:21:44 +02:00
NIIBE Yutaka
2791169aa9 build: Update gpg-error.m4.
* gpg-error.m4: Update from libgpg-error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-22 13:24:35 +09:00
NIIBE Yutaka
7e44f88366 build: Update config.guess, config.sub, and config.rpath.
* build-aux/config.guess: Update from upstream.
* build-aux/config.sub: Ditto.
* build-aux/config.rpath: Update from gettext 0.21.

--

GnuPG-bug-id: 6078
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-18 17:48:34 +09:00
NIIBE Yutaka
f34b9147eb scd:openpgp: Fix workaround for Yubikey heuristics.
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.

--

GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-13 10:40:55 +09:00
Werner Koch
95651d1a4f
Post release updates
--
2022-07-11 13:39:39 +02:00
Werner Koch
bc5328f511
Release 2.3.7 gnupg-2.3.7 2022-07-11 12:18:10 +02:00
Werner Koch
1d5bf0050e
gpg-connect-agent: No help string for --unbuffered
--
2022-07-10 16:18:28 +02:00
NIIBE Yutaka
424aa3543d gpg,build: Fix message for newer gettext.
* g10/keyserver.c (keyserver_refresh): Use ngettext.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-05 13:27:41 +09:00
Werner Koch
15a8834b0b
gpgconf: New short options -V and -X
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
--

These changes are helpful for phone support.
2022-06-29 13:14:35 +02:00
NIIBE Yutaka
8aa9f80be0 agent: Add description for "Prompt" field.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-28 10:37:35 +09:00
NIIBE Yutaka
39422f1d63 agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".
* agent/command-ssh.c: Fix comments.
* agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check.

--

GnuPG-bug-id: 5996
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-28 10:25:03 +09:00
Werner Koch
ae2f1f0785
agent: Do not consider --min-passphrase-len for the magic wand.
* agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets.
* g10/gpg.c (main) <aGenRandom>: Add Level 30.
2022-06-27 18:06:40 +02:00
NIIBE Yutaka
99d2931887 agent: Flush before calling ftruncate.
* agent/findkey.c (write_extended_private_key): Make sure
it is flushed out.

--

GnuPG-bug-id: 6035
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-23 11:05:51 +09:00
NIIBE Yutaka
26d5a6e862 agent: KEYATTR only allows access to attribute.
* agent/command.c (cmd_keyattr): Check the ATTRNAME.

--

GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-23 09:57:26 +09:00
NIIBE Yutaka
2c47c66627 agent: Fix KEYATTR command for --delete option.
* agent/command.c (cmd_keyattr): Write the result.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-23 09:23:47 +09:00
NIIBE Yutaka
30b54a0ebb agent: Add KEYATTR command.
* agent/agent.h (agent_raw_key_from_file): Add R_KEYMETA argument.
(agent_update_private_key): New.
* agent/command-ssh.c (data_sign): Follow the change of the function
agent_raw_key_from_file.
* agent/command.c (do_one_keyinfo): Likewise.
(cmd_keyattr): New.
(register_commands): Add an entry of cmd_keyattr.
* agent/findkey.c (agent_update_private_key): New.
(agent_raw_key_from_file): Add R_KEYMETA argument.

--

GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-22 15:45:18 +09:00
NIIBE Yutaka
fe535cf265 agent,gpg,tools: Fix use of log_get_fd.
* agent/call-daemon.c (daemon_start): Don't put file descriptor from
log_get_fd to no_close_list.
* agent/call-pinentry.c (start_pinentry): Likewise.
* common/call-gpg.c (start_gpg): Likewise.
* call-syshelp.c (start_syshelp): Likewise.
* tools/gpg-connect-agent.c (main): Likewise.

--

GnuPG-bug-id: 5921
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-22 13:34:06 +09:00
Werner Koch
52f9e13c0c
sm: Improve pkcs#12 debug output.
* sm/minip12.c (parse_shrouded_key_bag): Fix offset diagnostic.
(parse_cert_bag): Ditto.
(parse_bag_data): Remove debug output.  Pass startoffset.  Fix offset
diagnostic.
2022-06-20 17:24:55 +02:00
Werner Koch
a4e04375e8
sm: Rework the PKCS#12 parser to support DFN issued keys.
* sm/minip12.c (struct p12_parse_ctx_s): New.  Use this instead of
passing several parameters to most functions.
(parse_pag_data): Factor things out to  ...
parse_shrouded_key_bag): new.
(parse_cert_bag): New.
(parse_bag_data): New.
(p12_parse): Setup the parse context.
--

To support newer pkcs#12 files like those issued by the DFN we need to
support another ordering of data elements.  This rework reflects the
P12 data structure a bit better than our old ad-hoc hacks.  Tests could
only be done with the certificate parts and not the encrypted private
keys.

GnuPG-bug-id: 6037
2022-06-20 16:47:41 +02:00
Werner Koch
be5d06dae2
agent: Improve "Insert the card" message.
* agent/findkey.c (prompt_for_card): Don't print "(null").
2022-06-17 12:23:40 +02:00
Werner Koch
2766b9e56c
agent,ssh: Fix for make not-inserted OpenPGP.3 keys available for SSH.
* agent/command-ssh.c (ssh_send_available_keys):  Do not bump
key_counter for ignored keys.  Also use opt.debug instead of
opt.verbose and fix a memory leak.
--

The error shown by "ssh-add -l" before this fix was:
  error fetching identities: incomplete messag

Fixes-commit: 193fcc2f7a8cca5240ce50499c54f99235a87e1c
GnuPG-bug-id: 5996
2022-06-15 16:41:30 +02:00
Werner Koch
1530d04725
agent: New option --no-user-trustlist and --sys-trustlist-name.
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here.  Implement --no-user-trustlist.
--

With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt.  However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.

The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.

GnuPG-bug-id: 5990
2022-06-14 14:25:21 +02:00
Werner Koch
34c649b360
g10: Fix garbled status messages in NOTATION_DATA
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--

Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong.  Fixed by always using a break to
terminate the escape detection loop.  Might have happened for all
status lines which may wrap.

GnuPG-bug-id: T6027
2022-06-14 11:34:17 +02:00
Jakub Jelen
4dbef2addc keygen: Fix reading AEAD preference
* g10/keygen.c (keygen_set_std_prefs): Use the right variable when
  reading AEAD preference string
--

GnuPG-bug-id: 6019
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-06-14 15:37:15 +09:00
Werner Koch
fb3fd553df
dirmngr: Fix a wrong compiler warning.
--

  validate.c:1103:13: warning: ‘saltlen’ may be used uninitialized
  in this function [-Wmaybe-uninitialized]
2022-06-13 17:54:01 +02:00
Werner Koch
f0b373cec9
gpgsm: New option --compatibility-flags.
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.
2022-06-13 17:50:26 +02:00
Werner Koch
ce63eaa4f8
common: New function parse_compatibility_flags.
* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--

This is similar to parse_debug_flags but does not support specifying a
value.  This way we can more easily change the internal values or
re-use them for other purposes.
2022-06-13 17:50:26 +02:00
NIIBE Yutaka
dd600bbc84 scd: Support specifying keygrip for learn command.
* scd/command.c (cmd_learn): Allow keygrip argument.

--

GnuPG-bug-id: 6002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-10 13:54:03 +09:00
NIIBE Yutaka
273b8ec193 scd,openpgp: Support READCERT by keygrip.
* scd/app-openpgp.c (do_readcert): Allow use of keygrip.

--

GnuPG-bug-id: 6002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-10 11:45:26 +09:00
Werner Koch
59c481bb86
common,w32: Use LoadLibraryEx to fix a warning in mingw.
* common/dynload.h (dlopen): Use LoadLibraryEx and remove Windows CE
support.
--

Mingw's libloadapi.h has no prototype for LoadLibrary.  Thus we use
LoadLibraryEx which is available Since Windows XP.
2022-06-03 11:11:28 +02:00
Werner Koch
4ee2009083
w32: Allow Unicode filenames for iobuf_cancel.
* common/iobuf.c (iobuf_cancel): Use gnupg_remove
* common/mischelp.c (same_file_p): Allow for Unicode names.
--

Note that the second patch is used to handle Unicode filenames which
are symbolic links.
2022-06-03 10:54:35 +02:00
Werner Koch
d2d7a2b128
Remove remaining support for WindowsCE
--
2022-06-03 10:08:21 +02:00
Werner Koch
d89557fe95
tools: Minor fix to gpg-connect-agent options.
* tools/gpg-connect-agent.c (enum cmd_and_opt_values): Move
oUnBuffered more to the top so that oNoop won't not get the value 'v'.
2022-06-02 15:56:59 +02:00
NIIBE Yutaka
d7a3c455c5 agent: Support --format=ssh option for READKEY.
* agent/command.c (cmd_readkey): Handle --format=ssh to return key
in SSH format.

--

GnuPG-bug-id: 6012
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-02 20:47:36 +09:00
NIIBE Yutaka
5a327e8001 tools: Add a way to cancell INQUIRE for gpg-connect-agent.
* tools/gpg-connect-agent.c (handle_inquire): When the helper program
exit status is not 0, it means cancellation, now.

--

GnuPG-bug-id: 6010
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-02 15:50:57 +09:00
NIIBE Yutaka
24d02b8a32 tools: Add --unbuffered option to gpg-connect-agent.
* tools/gpg-connect-agent.c (cmd_and_opt_values): Add oUnBuffered.
(opts, opt): Likewise.
(main): When unbuffered, set gpgrt_stdin/stdout accordingly.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-02 13:21:14 +09:00
Werner Koch
3a2fb1c306
scd:nks: Don't flag the ESIGN keypair EF as encryption capable.
* scd/app-nks.c (filelist): Tweak 0x4531.
--

Actually the certificate has no encryption usage but we should also
tell that via KEYINFO so that this key is never tried to create an
encryption certificate.
2022-06-01 17:55:49 +02:00