1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

10500 Commits

Author SHA1 Message Date
Werner Koch
4b981e415f
tests: Add a sample PDF with a signature
--
2024-04-03 09:52:14 +02:00
Werner Koch
fa33b18940
common: Allow building with libgcrypt 1.10 for now.
* common/kmac.c (compute_kmac256): Return an error for older gcrypt
versions.
--

Except for the new KEM module there is no hard requirement for
libgcrypt 1.11 *yet*.
2024-04-03 09:43:37 +02:00
NIIBE Yutaka
c69363e8c7
agent: Add --another option for hybrid crypto.
* agent/agent.h (struct server_control_s): Add have_keygrip1.
* agent/command.c (reset_notify): Clear have_keygrip1 field.
(cmd_havekey): Add --another option handling.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-04-01 14:38:51 +09:00
NIIBE Yutaka
1fa24e2841
common: Add KMAC.
* common/Makefile.am (common_sources): Add kmac.c.
* common/kmac.c: New.
* common/util.h (compute_kmac256): New.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-03-29 15:26:42 +09:00
Werner Koch
571a768ac6
gpgsm: Allow to add extensions at the --gen-key prompt.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Add a prompt for
extensions.
--

An example for an extension would be extKeyUsage for authentication:

   2.5.29.37 n 301406082B0601050507030206082B06010505070301
2024-03-27 12:12:52 +01:00
NIIBE Yutaka
984a0c6982
scd:openpgp: Fix data_objects specification for F9 and FA.
* scd/app-openpgp.c (data_objects): These are constructed objects.

--

GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-03-27 10:27:04 +09:00
Werner Koch
f9919bcc48
gpg,gpgsm: New option --disable-fd-translation.
* common/sysutils.c (no_translate_sys2libc_fd) [W32]: New global.
(disable_translate_sys2libc_fd): New.
(translate_sys2libc_fd): Make static and cobuild only for Windows.
(translate_sys2libc_fd_int): Use no_translate_sys2libc_fd flag.

* g10/gpg.c, sm/gpgsm.c (oDisableFdTranslation): New const.
(opts): Add option "disable-fd-translation".
(main): Set option.
--

GnuPG-bug-id: 7060
2024-03-26 15:46:56 +01:00
Werner Koch
cec1fde1bc
scd: Add new OpenPGP vendor
--
2024-03-26 14:57:52 +01:00
Werner Koch
a0bfbdaaa2
Allow installation with a gpgconf.ctl changed homedir.
* common/homedir.c (gpgconf_ctl): Add field "gnupg".
(parse_gpgconf_ctl): Support keyword "gnupg".
(my_gnupg_dirname): New.
(my_fixed_default_homedir): New.
(gnupg_registry_dir): New.
(standard_homedir): Use my_gnupg_dirname and my_fixed_default_homedir.
(default_homedir): Use gnupg_registry_dir and
my_fixed_default_homedir.
(_gnupg_socketdir_internal): Use my_gnupg_dirname.  Increase size of
prefixbuffer.
(gnupg_sysconfdir): Use my_gnupg_dirname.
* tools/gpgconf.c (list_dirs): Use gnupg_registry_dir.
(show_other_registry_entries): Ditto.
--

This will be useful to install versions of GnuPG VS-Desktop and GnuPG
Desktop in addition to a standard GnuPG version.  Only basic tests on
Unix done; Windows testing is still outstanding.

GnuPG-bug-id: 7040
2024-03-21 17:41:10 +01:00
Werner Koch
fb3fe38d28
common: Use a common gpgconf.ctl parser for Unix and Windows.
* common/homedir.c (gpgconf_ctl): new struct.
(string_is_true): New.
(parse_gpgconf_ctl): New.  Based on the former code in unix_rootdir.
(check_portable_app): Use parse_gpgconf_ctl and the new struct.
(unix_rootdir): Ditto.
--

This is a unification of the gpgconf.ctl mechanism.  For backward
compatibility we need to keep the empty (or actually only comments)
method as used formerly under Windows.  Iff one really wants a
portable application the new portable keyword should be used, though.

Noet that the Windows portable stuff has not been tested for quite
some time.
2024-03-21 15:47:43 +01:00
Werner Koch
759adb2493
gpgconf: Check readability of some files with -X
* tools/gpgconf.c (list_dirs): Rename arg from special to
show_config_mode. Add "S.Uiserver" test and test existsing files for
readability.
2024-03-18 11:14:19 +01:00
Werner Koch
122803bf1a
gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag.
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--

GnuPG-bug-id: 7042

Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
2024-03-14 21:51:27 +01:00
Werner Koch
50e81ad38d
gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag.
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--

GnuPG-bug-id: 7042

Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
2024-03-14 21:41:48 +01:00
Werner Koch
f78501c545
gpg: new list-option store-x509-notations.
* g10/options.h (LIST_STORE_X509_NOTATIONS): New.
* g10/gpg.c (parse_list_options): Add "store-x509-notations".
* g10/keylist.c (print_x509_notations): Add arg PK and code to write a
file.
(list_signature_print): Add arg lastpk and handle new option.
(list_keyblock_print): Track last key or subkey and pass to
list_signature_print.
2024-03-14 20:58:01 +01:00
Werner Koch
c27534de95
gpg-check-pattern: Consider an empty pattern file as valid
* tools/gpg-check-pattern.c (read_file): Check length before calling
fread.
--

The problem with an empty file is that es_fread is called to read one
element of length zero which seems to be undefined behaviour and
results in ENOENT on my test box.
2024-03-13 15:33:03 +01:00
Werner Koch
14c1b73093
gpg: new list-option show-x509-notations
* g10/gpg.c (parse_list_options): Add new option.
* g10/options.h (LIST_SHOW_X509_NOTATIONS): New.
* g10/build-packet.c (search_sig_notations): New.
* g10/keylist.c (print_x509_notations): New.
(list_signature_print): Use macros for the sig classes.  Call
print_x509_notations.
(list_keyblock_print): Call list_signature_print if x509 notation
printing is enabled.
2024-03-12 18:01:24 +01:00
Werner Koch
81536535f8
card: Use xstrdup for module names.
--
2024-03-12 16:04:19 +01:00
Werner Koch
4485930f9f
Merge branch 'STABLE-BRANCH-2-4'
--
Resolved conflicts:
	NEWS
	common/exechelp-w32.c
	configure.ac
2024-03-12 16:00:55 +01:00
Werner Koch
609b1ec0c6
Post release updates
--
2024-03-07 15:10:47 +01:00
Werner Koch
cbff323b3b
Release 2.4.5 2024-03-07 14:03:25 +01:00
Werner Koch
348de4a829
po: msgmerge
--
2024-03-07 14:01:59 +01:00
Werner Koch
3ffcd533d4
po: Fix a fuzzy in the German, Polish and Japanese translation
--
2024-03-07 14:01:22 +01:00
Werner Koch
09431d1762
scd: Improve code reability of ccid-driver.c
* scd/ccid-driver.c (my_npth_unprotect, my_npth_protect): New.
Replace all direct uses by these wrappers.
2024-03-07 13:44:30 +01:00
Werner Koch
1682ca9f01
scd: Add support for ACR-122U
* scd/ccid-driver.h (VENDOR_ACR, ACR_122U): New.
* scd/ccid-driver.c (ccid_open_usb_reader): Do not call
libsub_set_interface_alt_setting for this reader.
--

Co-authored-by: markus.montkowski@gnupg.com
2024-03-07 13:44:00 +01:00
Werner Koch
a1ea3b13e0
scd: Let the CCID module auto detach the kernel driver.
* scd/ccid-driver.c (ccid_open_usb_reader): Call
libusb_set_auto_detach_kernel_driver.

* scd/scdaemon.c (oCompatibilityFlags): New.
(opts): Add option "compatibility-flags".
(compatibility_flags): New.
(main): Parse flags.
* scd/scdaemon.h (opt): Add field compat_flags.
(COMPAT_CCID_NO_AUTO_DETACH): New.
2024-03-07 13:21:43 +01:00
Werner Koch
79d0e52b2d
gpg: Fix a possible segv due to an uninitialized gcrypt context.
* g10/sign.c (sign_symencrypt_file): Initialize MD for the error case.
--

Reported-by: Falko Strenzke
Fixes-commit: 1ddd69935d
in the not yet released master branch.
2024-03-06 15:49:51 +01:00
Werner Koch
00b877ecda
doc: Typo fix in comment
--
2024-03-06 11:54:33 +01:00
Werner Koch
37cc255e49
wks: Make gpg-wks-client --mirror work w/o args.
* tools/gpg-wks-client.c (mirror_one_key): Test for no domain
specified.
--

The code did not really work if no domain was given.  It worked but
filtered out all keys so that no key was actually exported.
2024-03-06 10:00:37 +01:00
Werner Koch
345794cfe6
gpg: Fix mixed invocation with --trusted-keys and --no-options.
* g10/trustdb.c: Move a function and some definitions around.
(user_utk_list): Rename to trusted_key_list.  Change all users.
(any_trusted_key_seen): New.
(tdb_register_trusted_key): Set it here.  Handle the new value "none".
(verify_own_keys): Do not delete a trusted key from the trustdb if a
trusted-key option was not used.
--

GnuPG-bug-id: 7025
2024-03-04 14:58:45 +01:00
Werner Koch
36a3550bff
wks: Add option --realclean to gpg-wks-client.
* tools/gpg-wks-client.c (oRealClean): New.
(opts): Add "realclean".
(parse_arguments): Implement.
(main): Take a copy of the module name to fix bad assignment from a
former patch.
* tools/gpg-wks-server.c (main): Ditto.
* tools/gpg-wks.h (opt): Add field realclean.
* tools/wks-util.c (wks_get_key): Call gpg with export-realclean
depending on the new option.
--

The default for gpg-wks-client is to install keys with all valid key
signatures.  The new option will eventually allow to install the keys
only with key signatures done by trusted-keys.  Also the export-option
is in gpg, it requires one more gpg patch to make it actually work.
2024-03-04 14:28:48 +01:00
Werner Koch
74e4dd3668
gpg: Prepare for a new export option export-realclean.
* g10/options.h (EXPORT_REALCLEAN): New.  Also re-assign other values
to keep them more in sync with the corresponding import values.
* g10/export.c (parse_export_options): Add "export-realclean".
(do_export_stream): Call clean_all_uids directly with the options
arg.
* g10/import.c (import_one_real): Change for direct use of options in
clean_all_uids.
* g10/key-clean.c (is_trusted_key_sig): New.  Stub for now.
(clean_sigs_from_uid): Re-purpose self_only to a general options arg.
Implement EXPORT_REALCLEAN code path.
(clean_one_uid): Re-purpose self_only to a general options arg.
(clean_all_uids): Ditto.
* g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple
flag.
(menu_clean): Re-purpose self_only to a general options arg.

* g10/keyid.c (fpr20_from_pk): Factor code out to ....
(fpr20_from_fpr): new.  Remove useless case for ARRAY being NULL.
* g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use
fpr20_from_fpr if needed.
(tdbio_search_trust_bypk): Pass 20 for the fingerprint length.
--

Note that this code has no function yet.  Another patch will follow to
extract the trusted-keys flag from the trustdb.
2024-03-04 14:22:42 +01:00
Werner Koch
233bf39323
build: Extend getswdb.sh to allow a verified download
--
2024-02-29 15:35:27 +01:00
Werner Koch
c27e5be50b
build: Make getswdb.sh usable outside the GniPG tree.
--
2024-02-29 10:21:33 +01:00
Werner Koch
dcab895e4c
gpg: Emit status lines for errors in the compression layer.
* g10/compress-bz2.c: Replace all log_fatal by log_error,
write_status_error, and g10_exit.
(do_uncompress): Ditto.
--

This gives gpgme a better way to detect corrupted data in the
compression layer.
GnuPG-bug-id: 6977
2024-02-27 11:33:21 +01:00
Werner Koch
962058f704
Allow tilde expansion for the foo-program options.
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program.  Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise.  Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--

GnuPG-bug-id: 7017
2024-02-27 10:36:22 +01:00
Werner Koch
adf4db6e20
agent: Allow GET_PASSPHRASE in restricted mode.
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode
but ignore the cacheid.
--

The use case is symmetric encryption via the extra-socket.  To avoid
that the gpg running on the server has access to the cache we set the
cache id to NULL so that the cache is not used at all.
2024-02-25 16:03:54 +01:00
Werner Koch
40227e42ea
doc: Document the "grp" record in colon listings.
--
2024-02-22 17:05:04 +01:00
Werner Koch
2372f6a403
gpg: Fix gpg_mpi_write for the unused opaque case.
* g10/build-packet.c (gpg_mpi_write): Take care of the fact that
get_opaque already returns a bit-exact value.
--

Fixes-commit: ab17f7b6c3
Reported-by: Falko Strenzke <falko.strenzke@mtg.de>
2024-02-21 15:55:14 +01:00
Werner Koch
a09157ccb2
wks: Allow command style args for gpg-wks-client.
* tools/gpg-wks-client.c (wrong_args): Take two args.  Change all
callers.
(main): Pass ARGPARSE_FLAG_COMMAND for recent gpgrt version.
--

This requires gpgrt 1.48.  Of course "gpg-wks-client --create ..."
continues to work.
2024-02-21 14:07:06 +01:00
Werner Koch
95bc592ab5
g13: Allow command line style "g13 mount foo".
* g13/g13.c (main): Set flag ARGPARSE_FLAG_COMMAND.
--

This requires gpgrt 1.48.  Of course "g13 --mount foo" continues to
work.
2024-02-20 11:40:49 +01:00
Mario Haustein
3aa02027cd
scd:p15: Fix typo in a comment 2024-02-20 10:34:39 +01:00
Mario Haustein
557f29d2c1
scd:p15: Add ECC support for D-Trust Card 4.1/4.4
* scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC
cards.
(do_decipher): Ditto.
2024-02-20 10:32:08 +01:00
Werner Koch
1e496cf2e5
scd:p15: Take derive usage into account for decryption (2).
* scd/app-p15.c (do_getattr): Yet another palce to fix.
--
GnuPG-bug-id: 7000
Co-authored-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
2024-02-20 10:29:25 +01:00
Werner Koch
3341017ff1
scd:p15: Handle duplicate certificate ids.
* scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter.
(objid_in_cdflist_p): New.
(read_p15_info): Clear the counter.
(read_ef_cdf): Detect and fix duplicate IDs.
--

GnuPG-bug-id: 7001
Reported-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
2024-02-20 09:17:38 +01:00
Werner Koch
ad4bc3e04d
scd:p15: Take derive usage into account for decryption.
* scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'.
(do_auth): Allow usageflags.sign_recover.
(do_decipher): Allow usageflags.derive.
(do_with_keygrip): Take usageflags.derive into account.
(do_gettatr): Ditto.
(do_decipher): Take a missing AODF for authentication not needed.
--

This is required for D-Trust ECC cards.

The AODF thing is unrelated but seems to be a good idea.

GnuPG-bug-id: 7000
2024-02-20 09:17:38 +01:00
NIIBE Yutaka
2810b93464
dirmngr: Fix keep-alive flag handling.
* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
Authentication.  Fix resource leak of FP_WRITE.

--

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-16 16:24:26 +09:00
NIIBE Yutaka
848546b05a
dirmngr: Fix the regression of use of proxy for TLS connection.
* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
causes resource leak of FP_WRITE.
Don't try to read response body to fix the hang.

--

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-16 11:38:57 +09:00
Werner Koch
0370678536
speedo: Add config variable for the timestamp service.
--
2024-02-15 14:53:28 +01:00
NIIBE Yutaka
04cbc3074a
dirmngr: Fix proxy with TLS.
* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
available regardless of USE_TLS.
(run_proxy_connect): Use log_debug_string.
(send_request): Remove USE_TLS.

--

Since the commit of

	1009e4e5f7

Building with TLS library is mandatory.

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-15 15:38:34 +09:00
NIIBE Yutaka
874918ab91
common,dirmngr:w32: Add include files.
* common/dynload.h: Include windows.h.  Don't define RTLD_LAZY, if
already defined.
* common/init.c: Include wctype.h.
* dirmngr/certcache.c: Include wincrypt.h.
* dirmngr/dns-stuff.c: Include ws2tcpip.h.

--

GnuPG-bug-id: 5894
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-15 14:40:33 +09:00