* common/exechelp-w32.c (gnupg_spawn_process): Change to use
CreateProcessW.
(gnupg_spawn_process_fd): Ditto.
(gnupg_spawn_process_detached): Ditto.
* g10/exec.c (w32_system): Ditto.
--
GnuPG-bug-id: 4398
We do not use this weirdo CREATE_UNICODE_ENVIRONMENT flag because it
does not make any sense to have non-ASCII names in the environment. I
can't imagine why this should be used at all and rationale for this
API features is, well, sparse.
* common/init.c (_init_common_subsystems) [W32]: Set the codepage to
UTF-8 for input and putput. Switch gettext to UTF-8.
* tools/gpgconf.c (main): Display the input and output codepage if
they differ.
* g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
--
With this patch the former patch to use ReadConsoleW and WriteConsoleW
in ttyio.c are kind of superfluous because the ANSI version of these
functions are also able to read/write UTF-8 directly given the console
code page has been set correctly. However, this seems to work only
with recent versions of Windows-10.
GnuPG-bug-id: 4365
* common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
(w32_write_console): New.
(tty_printf, tty_fprintf) [W32]: Use new function.
--
Note that due this change fixed stings (i.e. gettext translations)
printed to the console will not be rendered correctly unless "chcp
65001" has been used. This needs to be fixed by followup patch.
GnuPG-bug-id: 4365
* common/w32-misc.c [W32]: Include windows.h
(struct add_arg_s): New.
(add_arg): New.
(glob_arg): New.
(parse_cmdstring): Add arg argvflags and set it.
(w32_parse_commandline): Add arg r_itemsalloced. Add globing.
* common/init.c (prepare_w32_commandline): Mark glob created items as
leaked.
* common/t-w32-cmdline.c : Include windows.h
(test_all): Add simple glob test for Unix.
(main): Add manual test mode for Windows.
--
GnuPG-bug-id: 4398
* common/t-w32-cmdline.c (test_all): Add new test cases.
* common/w32-misc.c (strip_one_arg): Add arg endquote.
(parse_cmdstring): Take care of backslashes in quotes.
--
I found some new test vectors from Microsoft.
* common/w32-misc.c: New.
* common/t-w32-cmdline.c: New.
* common/init.c: Include w32help.h.
(prepare_w32_commandline): New.
(_init_common_subsystems) [W32]: Call prepare_w32_commandline.
* common/Makefile.am (common_sources) [W32]: Add w32-misc.c
(module_tests): Add t-w32-cmdline
(t_w32_cmdline_LDADD): New.
--
The rules for the command line parser are not cleary specified - if at
all. See the comment in t-w32-cmdline.c.
We can't use the mingw version because that would require to change
all argv handling to be wchar_t and that only for Windows. That would
be too ugly. Parsing the command line into argv by us is much easier
and we can do that only if needed - i.e. if globing is required (we
are prepared for this) or a non-ASCII character has been encountered.
This way we keep things stable and only fix the currently not working
Unicode problem.
GnuPG-bug-id: 4398
* configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION
and set to 1.41.
* common/sysutils.c (gnupg_access): Remove code for older gpgrt
versions.
* kbx/backend-sqlite.c: Ditto.
* sm/gpgsm.c (main): Ditto.
--
We already have a requirement for a newer Libgcrypt and thus we can
also require a more recent libgpgrt (aka libgpg-error) which was
released before Libgcrypt.
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--
This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant. GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/session-env.c (session_env_list_stdenvnames): Extend to allow
return all names as one string.
* agent/command-ssh.c (SSH_REQUEST_EXTENSION): New.
(SSH_RESPONSE_EXTENSION_FAILURE): New.
(request_specs): Add handler for the extension command.
(ssh_handler_extension): New.
--
The extension mechanism is specified in
https://tools.ietf.org/html/draft-miller-ssh-agent-04
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Require at least Libgcrypt 1.9.0. Remove all
GCRYPT_VERSION_NUMBER dependent code.
--
Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (map_w32_to_errno): New.
(gnupg_w32_set_errno): New.
(gnupg_remove) [w32]: Set ERRNO
--
To support Unicode gnupg_remove was changed to use DeleteFileW and not
properly tested because the code was alreadt used in Windows CE.
However, ERRNO was not set and thus Dirmngr failed due to
if (!gnupg_remove (fname))
log_info (_("removed stale te[...] file '%s'\n"), fname);
else if (errno != ENOENT)
{
err = gpg_error_from_syserror ();
log_error (_("problem remov[...] file '%s': %s\n"),
fname, gpg_strerror (err));
goto leave;
}
GnuPG-bug-id: 5230
* common/dotlock.c (dotlock_create_unix): Remove debug output.
--
This was left over from developement about 10 years ago. Exhibits
itself when using sshfs.
GnuPG-bug-id: 5193
* acinclude.m4 (GNUPG_CHECK_ENDIAN): Use AC_COMPILE_IFELSE instead of
AC_TRY_COMPILE. Use AC_RUN_IFELSE instead of AC_TRY_RUN.
(GNUPG_BUILD_PROGRAM): Use AS_HELP_STRING instead of AC_HELP_STRING.
* configure.ac: Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
Use AS_HELP_STRING instead of AC_HELP_STRING.
(AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
(AC_TYPE_SIGNAL): Remove.
* m4/isc-posix.m4: Remove.
* m4/codeset.m4: Update from gnulib.
* m4/gettext.m4: Update from gnulib.
* m4/lcmessage.m4: Update from gnulib.
* m4/socklen.m4: Update from gnulib.
* m4/ldap.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
Use AC_LINK_IFELSE instead of AC_TRY_LINK.
Use AC_RUN_IFELSE instead of AC_TRY_RUN.
* m4/gpg-error.m4: Update from libgpg-error.
* m4/readline.m4: Update from libgpg-error.
* m4/npth.m4: Update from npth.
* m4/libassuan.m4: Update from libassuan.
* m4/libgcrypt.m4: Update from libgcrypt.
* m4/ksba.m4: Update from libksba.
* m4/ntbtls.m4: Update from ntbtls.
* common/signal.c [!HAVE_DOSISH_SYSTEM] (init_one_signal): Replace
RETSIGTYPE to void.
[!HAVE_DOSISH_SYSTEM] (got_fatal_signal, got_usr_signal): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/status.h (STATUS_CANCELED_BY_USER): New.
* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
instead of STATUS_MISSING_PASSPHRASE when canceled is set.
--
This is to prevent further pinentry tries when the pinentry is canceled
by the user during symmetric decryption.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* g10/openfile.c (try_make_homedir): Move core of the code to ...
* common/homedir.c (gnupg_maybe_make_homedir): new.
* sm/keydb.c (try_make_homedir): Implement using new function.
* common/homedir.c: Include i18n.h.
* po/POTFILES.in: Add common/homedir.c.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe
--
In an installation layout where GnuPG is installed as a component
of another software it might be useful to have pinentry placed
in a different bin directory without the forced folder name of
Gpg4win.
(cherry picked from commit b4cb91d5fb)
* common/gettime.c: Include locale.h.
(asctimestamp): Increase buffer. On Windows use setlocale.
--
GnuPG-bug-id: 5073
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all
callers of opendir, readdir, and closedir to use these functions.
--
GnuPG-bug-id: 5098
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--
Yet another wrapper for Unicode support on Windows.
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New. Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--
This is yet another step for full Unicode support on Windows.
GnuPG-bug-id: 5098
* common/dotlock.c (any8bitchar) [W32]: New.
(dotlock_create_w32): Use strconcat and CreateFileW.
* common/t-dotlock.c: Source include dotlock.c and modify to allow
manual testing on Windows.
--
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
--
We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change. At a
very few places we keep using stdio (for example due to the use of
popen).
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--
Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.
This is required to correctly handle non-ascii filenames on Windows.
GnuPG-bug-id: 5098
* common/asshelp.c (lock_spawning): Use a dedicated name for keyboxd.
* common/homedir.c (keyboxd_socket_name): New.
(gnupg_module_name): Put keyboxd into libexecdir.
* tools/gpgconf-comp.c (known_options_keyboxd): New.
(gc_component): Add entry for keyboxd.
(keyboxd_runtime_change): New.
(gc_component_launch): Support keyboxd.
* tools/gpgconf.c (list_dirs): Emit new item keyboxd-socket.
(main): Also remove keyboxd socket.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.
--
The strings in the ARRAY don't need to be released by caller, as those
are references. It's easier to follow the code when it's explicitly
const *.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sexputil.c (cmp_canon_sexp): New.
(cmp_canon_sexp_def_tcmp): New.
* common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
--
To be used to fix
GnuPG-bug-id: 5061
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-posix.c (gnupg_close_pipe): New.
* common/exechelp-w32.c (gnupg_close_pipe): New.
--
This function is mainly for documentation purposes and should be used
along with gnupg_create_pipe.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/utf8conv.c (get_w32_codepage): New.
(wchar_to_native): Use instead oc CP_ACP.
(native_to_wchar): Ditto.
--
This should fix quite some issue; we fixed it when using the iconv
based machinery about 14 years ago. At some point we introduced the
new conversion functions because Windows started to support UTF-8
natively. The fix comes late but well, it is done.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
arg to w32_strerror.
--
This is in particular annoying since we started to use a string
argument sanitizer in the logging code. Before that we just add an
extra blank line.
The second patch corrects a never yet seen error message.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names. Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
(main): Remove tests for --files-from and --null option combinations.
Pass option variables to gpgtar_create.
--
GnuPG-bug-id: 5027
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum
conversion.
* dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from
int to float.
* sm/gpgsm.c (parse_keyserver_line): Initialize ERR.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (close_pcsc_reader): Check if it's not in the loop.
--
GnuPG-bug-id: 4998
Reported-by: Kevin Locke
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS. Adjust all callers.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags. Pass algo flags along.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gpgrlhelp.c (read_write_history): New.
(gnupg_rl_initialize): Register new function.
* common/ttyio.c (my_rl_rw_history): New var.
(tty_private_set_rl_hooks): Add arg read_write_history.
(tty_read_history): New.
(tty_write_history): New.
* tools/gpg-card.c (HISTORYNAME): New.
(oNoHistory): New enum value.
(opts): New option --no-history.
(cmd_history): New.
(cmds): New command "history".
(interactive_loop): Read and save the history.
* tools/gpg-connect-agent.c (HISTORYNAME): New.
(opts): New option --no-history.
(main): Read and save the history. New command /history.
--
Yeah, finally we have stored history; I should have added this much
earlier.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sexputil.c (cipher_mode_to_string): New.
* sm/decrypt.c (prepare_decryption): Show cipher algo and mode.
(gpgsm_decrypt): Show key algo and fingerprint
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (pubkey_algo_to_string): New.
* sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
* sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
* sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
* sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA. Use new pubkey
algo name function
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
(gpgsm_get_key_algo_info2): new.
(gpgsm_pubkey_algo_string): New.
* sm/keylist.c (list_cert_colon): Put curve into field 17
(list_cert_raw): Print the unified key algotithm string instead of the
algo and size.
(list_cert_std): Ditto.
--
It is important to known whether a 256 bit ECC uses a NIST or a
Brainpool curve.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/tlv-builder.c: New.
* common/tlv.c: Remove stuff only used by GnuPG 1.
(put_tlv_to_membuf, get_tlv_length): Move to ...
* common/tlv-builder.c: here.
* common/tlv.h (tlv_builder_t): New.
--
Such code should actually go into libksba and we will eventually do
that. However, for now it is easier to keep it here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (hash_algo_to_string): New.
--
Libgcrypt expects lowercase names and it is cumbersome to downcase
those retrieved via gcry_md_algo_name. It is easier and also faster
to use a dedicated map function.
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
--
If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks. The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list. Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--
There is no need to read the list of options from the components
unless they convey a default value. It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed. Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--
This patch adds support for a to be proposed OpenPGP ferature:
Introduce the Key Block subpacket to align OpenPGP with CMS.
This new subpacket may be used similar to the CertificateSet of
CMS (RFC-5652) and thus allows to start encrypted communication
after having received a signed message. In practice a stripped down
version of the key should be including having only the key material
and the self-signatures which are really useful and shall be used by
the recipient to reply encrypted.
#### Key Block
(1 octet with value 0, N octets of key data)
This subpacket MAY be used to convey key data along with a signature
of class 0x00, 0x01, or 0x02. It MUST contain the key used to create
the signature; either as the primary key or as a subkey. The key
SHOULD contain a primary or subkey capable of encryption and the
entire key must be a valid OpenPGP key including at least one User ID
packet and the corresponding self-signatures.
Implementations MUST ignore this subpacket if the first octet does not
have a value of zero or if the key data does not represent a valid
transferable public key.
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/miscellaneous.c (xreallocarray): New func.
* common/util.h (xtryreallocarray): New macro.
--
Very useful to match calloc behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/gpgscm/main.c: Switch to the new option parser.
* common/argparse.c, common/argparse.h: Remove.
* common/init.c (_init_common_subsystems): Do not call obsolete func.
* common/Makefile.am (common_sources): Remove those files.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h. Do this also for all main modules which use our option
parser except for gpg. Replace calls to strusage by calls to
gpgrt_strusage everywhere.
* g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t. Rework the option
parser to make use of the new gpgrt_argparser.
--
This is not yet finished but a make check works. gpg has the most
complex and oldest option handling and thus this is the first
migration target. SE-Linux checks and version-ed config files are
missing and will be added later.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
don't just rely on the padding chars. This could happen only with
CR+LF termnmated PEM files. Also move the detection into the invalid
character detection branch for a minor parser speedup.
--
GnuPG-bug-id: 4847
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--
In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C. Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.
* g10/main.h: Put util.h before the local header files.
--
This change is required for use with gcc/ld's LTO feature which does
not allow common blocks. Further gcc 10 will make -fno-common the
default and thus this chnage is always needed. What a pitty.
Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 21d9bd8b87)
- Applied respective chnages also to gpg-card and keyboxd.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_oid_or_name_to_curve): New.
(get_keyalgo_string): Use it.
--
We do not always have an OID, so except the name or the alias of the
curve as well. This creates a second entry mapping to the same name
but that does not matter.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_oid_to_str): Remove duplicated call.
--
The removed function was already called. No memleak etc, though.
Fixes-commit: 4a1558d0c7
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (struct keyalgo_string_s): New.
(keyalgo_strings): New.
(keyalgo_strings_size, keyalgo_strings_used): New.
(get_keyalgo_string): New.
--
This function is intended as a more general version of gpg's
pubkey_string function. It has the advantage to avoid mallocs and
uses static table of algorithm strings instead. There should be only
a few dozen of such strings (if at all) and thus all those allocations
we do internally in gpg's pubkey_string and the static buffers all
over the place are not too nice.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (map_pk_gcry_to_openpgp): Move to ...
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): here and rename.
Change all 4 callers.
(map_openpgp_pk_to_gcry): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (inhibit_set_foregound_window): New var.
(gnupg_inhibit_set_foregound_window): New func.
(gnupg_allow_set_foregound_window): Use var.
* g10/gpg.c (main): Inhibit in loopback mode.
* sm/gpgsm.c (main): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-scd.c (handle_pincache_put): Do not decrypt.
(handle_pincache_get): New.
(inq_needpin): Call it.
* scd/command.c (set_key_for_pincache): New.
(pincache_put): Restructure and set key.
(pincache_get): Ditto.
--
This change does away with encrypting and decrypting the cached PIN in
the agent. There is no need for this we can simply cache the
cryptogram and let scdaemon decrypt after retrieving it from the
agent. This way we do not need to share a key between gpg-agent and
scdaemon and further the cached content is invalid after the scdaemon
process has been replaced.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h (UBID_LEN): New. Use it at all places.
* kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item.
* kbx/keybox-dump.c (print_ubib): Remove.
(_keybox_dump_blob): Do not print the now removed ubid flag.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants
for the size of the ubid and grip.
* kbx/keybox-search.c (blob_cmp_ubid): New.
(has_ubid): Make it a simple wrapper around blob_cmp_ubid.
(keybox_get_data): Add arg 'r_ubid'.
* kbx/frontend.h (enum kbxd_store_modes): New.
* kbx/kbxserver.c (cmd_store): Add new option --insert.
* kbx/backend-cache.c (be_cache_initialize): New.
(be_cache_add_resource): Call it here.
* kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'.
(be_kbx_search): Get the UBID from keybox_get_data.
* kbx/backend-support.c (be_fingerprint_from_blob): Replace by ...
(be_ubid_from_blob): new. Change all callers.
* kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but
use the new cache init function.
(kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the
ubid. Take care of the mode.
--
It turned out that using the hash of the entire blob was not helpful.
Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint
of the blob. In case this is a v5 OpenPGP key a left truncated
version of the SHA-256 hash is used; in all other cases the full SHA-1
hash. Using a SHA-256 hash does not make sense because v4 keys are
and will for some time be the majority of keys and thus padding them
with zeroes won't make any difference. Even if fingerprint collisions
can eventually be created we will assume that the keys are bogus and
that it does not make sense to store its twin also in our key storage.
We can also easily extend the update code to detect a collision and
reject the update.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/convert.c (hex2fixedbuf): New.
--
This function is useful for converting hex strings received via assuan
if they have a known length. For example keygrips or the new UBID.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Resolved Conflicts:
* common/asshelp.c: Keep the new code in master for spawing under
Windows.
* g10/Makefile.am: Keep all new file.
* g10/photoid.c: Pass CTRL to pct_expando.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/Makefile.am: Add nPth flags.
* g10/gpg.c: Include npth.h.
(gpg_deinit_default_ctrl): Deinit call-keyboxd local data.
(main): Init nPth.
* g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and
remove the search result and the assuan context.
* g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields.
(lock_datastream, unlock_datastream): New.
(gpg_keyboxd_deinit_session_data): Adjust for changed data structures.
(prepare_data_pipe): New.
(open_context): Return kbl instead of an Assuan context. Init mutexes
etc.
(close_context): Merge into ...
(keydb_release): here. Adjust for changed data structures.
(datastream_thread): New.
(keydb_get_keyblock): Implement datastream stuff.
(keydb_search): Ditto.
* common/asshelp.c (wait_for_sock): Add arg connect_flags.
(start_new_service): Set FDPASSING flag for the keyboxd.
--
This code as a lot of rough edges, in particular it relies on a well
behaving keyboxd. We need to add code to shutdown the datastream
reader thread in case of errors and to properly get it up again. We
also need to make really sure that both threads run in lockstep so
that the datastream thread is only active while we are sending a
command to the keyboxd.
We should also see whether we can depend nPth initialization on the
--use-keyboxd option to avoid any problems with nPth.
And we need to test on Windows.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New.
* g10/keydb.h (IS_ATTST_SIGS): New.
(IS_CERT): Include the new one.
* g10/sign.c (mk_notation_policy_etc): Do not put notations into
attestation key signatures.
* g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo.
Print the attestation sigs.
(parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS.
(can_handle_critical): Ditto.
(enum_sig_subpkt): Pass digest algo to dump_sig_subpkt.
--
This change allows to list the new subpacket with --list-packets.
Example output:
:signature packet: algo 22, keyid C694723A1370EAB1
version 4, created 1567097576, md5len 0, sigclass 0x16
digest algo 8, begin of digest ff 0c
hashed subpkt 2 len 4 (sig created 2019-08-29)
hashed subpkt 37 len 32 (attst-sigs: 1
A794C6E9CCFE2F34C67E07[...])
hashed subpkt 33 len 21 (issuer fpr v4 156A3872[...])
subpkt 16 len 8 (issuer key ID C694723A1370EAB1)
data: [256 bits]
data: [256 bits]
GnuPG-bug-id: 4694
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: New option --keyboxd-pgm.
(KEYBOXD_NAME, KEYBOXD_DISP_NAME): New ac_defines.
* common/util.h: Add substitutes for new error codes.
(GNUPG_MODULE_NAME_KEYBOXD): New.
* common/homedir.c (gnupg_module_name): Support
GNUPG_MODULE_NAME_KEYBOXD.
* common/asshelp.c (SECS_TO_WAIT_FOR_KEYBOXD): New.
(wait_for_sock): Support keyboxd.
(start_new_service): Ditto.
(start_new_keyboxd): New.
* tools/gpg-connect-agent.c: New options --keyboxd and
--keyboxd-program.
(start_agent): Implement new option.
--
This change allows us to test the new keyboxd using our standard
helper. It also provides the necessary code to start keyboxd on the
fly.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (gpg_agent_socket_name): New.
* common/asshelp.c (start_new_service): New. Based on
start_new_gpg_agent.
(start_new_gpg_agent): Divert to start_new_service.
(start_new_dirmngr): Ditto.
--
This prepares for adding yet another service starting function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp2.c (status_printf): Rename to status_no_printf.
(status_printf): New.
--
Using the the status identifier from status.h is a good idea for the
external API but for some inter-component status line a keyword is a
better way.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--
GnuPG-bug-id: 4457
* common/name-value.c (nvc_write): Take care of Key. Factor some code
out to ...
(write_one_entry): new.
--
The key item is in general not manual editable thus we put it at the
end of a file.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-w32.c (gnupg_spawn_process_detached): Add
CREATE_BREAKAWAY_FROM_JOB creation flag if required.
--
When the gpg process is assigned to a W32 "Job" the
child processes are killed once the Job is finished.
As we want our detached processes to linger e.g.
gpg-agent the breakaway flag is required in
that case.
GnuPG-Bug-Id: T4333
Thanks to Jan Echternach for reporting this and providing
a patch.
Signed-off-by: Andre Heinecke <aheinecke@gnupg.org>
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch
all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
--
These search modes were added over time and there has until recently
be no incentive to remove the cruft. With the change for v5 keys I
finally went over all places and allowed the generic fingerprint mode
along with a given length of the fingerprint at all places.
Consequently the other modes can now be removed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/userids.c (classify_user_id): Support 32 byte fingerprints.
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New.
(struct keydb_search_desc): Add field fprlen.
* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field
version and increase size of fpr to 32.
* kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs.
(struct keyboxblob_key): Add field fprlen and increase size of fpr.
(pgp_create_key_part_single): Allow larger fingerprints.
(create_blob_header): Implement blob version 2 and add arg want_fpr32.
(_keybox_create_openpgp_blob): Detect the need for blob version 2.
* kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte
fingerprints.
(blob_cmp_fpr): Ditto.
(blob_cmp_fpr_part): Ditto.
(has_fingerprint): Add arg fprlen and pass on.
(keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for
changed has_fingerprint.
* kbx/keybox-openpgp.c (parse_key): Support version 5 keys.
* kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2.
* g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32.
* g10/export.c (exact_subkey_match_p): Ditto.
* g10/gpg.c (main): Ditto.
* g10/getkey.c (get_pubkey_byfprint): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
* g10/keydb.c (keydb_search_desc_dump): Support
KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR.
(keydb_search): Add new arg fprlen and change all callers.
* g10/keyedit.c (find_by_primary_fpr): Ditto.
* g10/keyid.c (keystr_from_desc): Ditto.
* g10/keyring.c (keyring_search): Ditto.
* g10/keyserver.c (print_keyrec): Ditto.
(parse_keyrec): Ditto.
(keyserver_export): Ditto.
(keyserver_retrieval_screener): Ditto.
(keyserver_import): Ditto.
(keyserver_import_fprint): Ditto.
(keyidlist): Ditto.
(keyserver_get_chunk): Ditto.
* g10/keydb.c (keydb_search): Add new arg fprlen and change all
callers.
* sm/keydb.c (keydb_search_fpr): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
--
This prepares the support for OpenPGP v5 keys. The new version 2 blob
format is needed for the longer fingerprints and we also use this
opportunity to prepare for storing the keygrip in the blob for faster
lookup by keygrip. Right now this is not yet functional.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/ttyio.c (do_get): Re-indent and remove the checking for char
values larger than 0xa0. Use explicy control character checking.
--
The code is really old (mid 1998) and with the checking for 0xa0 it
has an implicit assumption of utf-8 or latin-1. Worse, the check was
for c > 0xa0 and not c == 0xa0 so it never worked as intended.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/card-tool-misc.c (pubkey_algo_string): Move to ...
* common/sexputil.c (pubkey_algo_string): here.
--
The new gpg format for public key algorithms is useful at other places
as well. Thus we make this new function available. Note that the
code we use in gpg is not based on s-expressions and thus a new
function was required.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exectool.c (read_and_log_buffer_t): Take care of a --quiet
argument.
(gnupg_exec_tool_stream): Ditto.
--
If we pass --quiet to a program it should really shutup and the parent
should be quite as well.
* common/miscellaneous.c (decode_c_string): New.
--
This is basically a copy from the code we use in gpgme and gpa.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
to ...
(openpgp_oidbuf_to_str): new.
(openpgp_oidbuf_is_ed25519): New.
(openpgp_oidbuf_is_cv25519): New.
--
At some places it is more convenient (and faster) to directly work on
buffers and avoid the way via opaque MPIs. These 3 new functions
allow for that.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/passphrase.c (encode_s2k_iterations): Move function to ...
* common/openpgp-s2k.c: new file. Remove default intialization code.
* common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
* g10/call-agent.c (agent_get_s2k_count): Change to return the count
and print an error.
* agent/protect.c: Include openpgpdefs.h
* g10/card-util.c (gen_kdf_data): Adjust for changes
* g10/gpgcompose.c: Include call-agent.h.
(sk_esk): Adjust for changes.
* g10/passphrase (passphrase_to_dek): Adjust for changes.
* g10/main.h (S2K_DECODE_COUNT): Remove macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/percent.c (percent_data_escape): Add new args prefix and
plus_escape.
* agent/command.c (cmd_put_secret): Adjust for changed function
* common/t-percent.c (test_percent_data_escape): Extend test for the
prefix.
(test_percent_data_escape_plus): new test for the plus escaping.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.c (gnupg_set_status_fd): New.
(gnupg_status_printf): New.
* po/Makevars (XGETTEXT_OPTIONS): Add gnupg-status_printf.
--
Some of the extra tools take a --status-fd option to print certain
status messages. A generic printf style print function thus makes
sense.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
first sizeof(char*) bytes.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* common/mischelp.h (wipememory): Replace macro with function
prototype.
(wipememory2): Remove.
* common/mischelp.c (wipememory): New.
* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero'.
--
In new wipememory function, memory is cleared through platform
provided secure memory zeroing function, SecureZeroMemory
or explicit_bzero.
If none of these is available, memset is called through
volatile function pointer to so that compiler won't optimize
away the call.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement. Change all callers to pass false for it.
* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--
Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it. After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.
To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command
t-mbox-util --verbose --filter
can be used; to output w/o sub-addresses add --no-sub.
GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/iobuf.c (iobuf_read_line): Add fast path for finding '\n'
character in buffer.
--
This patch reduce per byte overhead in iobuf_read_line by avoiding
using iobuf_get when possible and use memchr to find '\n'. This
speeds armored decryption.
Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.
before patch-set
----------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 13.8 140 MB/s
decrypt-aead: 30.6 68 MB/s
encrypt-cfb: 17.4 114 MB/s
decrypt-cfb: 32.6 64 MB/s
after (decrypt+iobuf opt)
-------------------------
gpg process
armor: user time pipe transfer rate
decrypt-aead: 22.5 92 MB/s
decrypt-cfb: 24.4 85 MB/s
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.
--
When gpg was invoked by a Perl web application on FreeBSD, fstat in
gnupg_reopen_std failed with EBADF. Using fcntl, which is considered
lighter than fstat, it works fine. Since uur purpose is to check if
file descriptor is valid or not, lighter operation is better.
Reported-by: Marcin Gryszkalis <mg@fork.pl>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/iobuf.c (block_filter): Use iobuf_get_noeof.
--
When singed integer has negative value, left shift computation is
undefined in C.
GnuPG-bug-id: 4093
Reported-by: Philippe Antoine
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/asshelp2.c (set_assuan_context_func): New.
(status_printf): New.
* po/Makevars (XGETTEXT_OPTIONS): Add status_printf
--
This is a first patch to unify the status printing functions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_FUNCS): Fold most calls into one.
--
A few functions were tested two times which slightly increases the size
of the configure script. Also put the functions in sorted order into
the macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c: Make --pgp6 an alias for --pgp7.
* common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
* g10/options.h (PGP6): Remove. Adjust all users.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/miscellaneous.c (is_file_compressed): Don't cache the file.
--
This seems to be a pretty old bug. The fix is easy and also reveals
that -z0 can be used as a workaround.
GnuPG-bug-id: 3951
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
instead of SW_MINIMIZE.
--
Spawning minimized shows icons in the task bar so users
see that background processes are started, which is unusual.
I'm pretty sure that the intention of the code was to hide
the window if not in spawn debug mode. This is also what
GPGME does.
This fixes dirmngr_ldap process windows and other
spurious reports about e.g. a gpgv console window from
loadswdb.
GnuPG-Bug-Id: T3937
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* common/homedir.c (copy_dir_with_fixup): New.
(default_homedir): Use here.
(gnupg_set_homedir): And here .
--
This actually fixes a couple of cases for Windows. Both --home-dir
and GNUPGHOME. The interpretation of "c:" -> "c:/" might not be the
correct one but because we need an absolute dir anyway it is the less
surprising one. Note that this does not include a full syntax check
and fixup and thus it is very well possible that the result is not an
absolute directory.
GnuPG-bug-id: 3720
Signed-off-by: Werner Koch <wk@gnupg.org>