1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

9916 Commits

Author SHA1 Message Date
Werner Koch
07eaf006c2
scd:nks: Support the Telesec ESIGN application.
* scd/app-nks.c (find_fid_by_keyref): Disable the cache for now.
(readcert_from_ef): Considere an all zero certificate as not found.
(do_sign): Support ECC and the ESIGN application.
--

This allows me to create qualified signatures using my Telesec card.
There is of course more work to do but this is the first step.

Note: The design of the FID cache needs to be reconsidered.  Until
that the lookup here has been disabled.  The do_sign code should be
revamped to be similar to what we do in app-p15.

GnuPG-bug-id: 5219, 4938
2022-05-29 15:55:26 +02:00
Werner Koch
7aabd94b81
gpg: Setup the 'usage' filter property for export.
* g10/export.c (do_export_stream): Merge the key to get the properties
ready.
--

This makes

  gpg --export --export-filter 'drop-subkey=usage=~a'

(Export all subkeys but those with the auth usage)
work without using the workaound of adding
--export-options export-clean
2022-05-28 17:38:13 +02:00
NIIBE Yutaka
9f1dcfc7a7 agent: New field "Prompt" to prevent asking card key insertion.
* agent/findkey.c (prompt_for_card): Add "Prompt" field handling.

--

GnuPG-bug-id: 5987
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-27 09:59:54 +09:00
NIIBE Yutaka
d86b6c28fc agent,ssh: Support "Use-for-ssh" flag in private key.
* agent/findkey.c (public_key_from_file): Support "Use-for-ssh"
when it's in extended format.

--

GnuPG-bug-id: 5985
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-26 17:34:16 +09:00
NIIBE Yutaka
193fcc2f7a agent,ssh: Make not-inserted OpenPGP.3 keys available for SSH.
* agent/agent.h (agent_ssh_key_from_file): New.
* agent/command-ssh.c (get_ssh_keyinfo_on_cards): New.
(ssh_send_available_keys): Loop on the GNUPG_PRIVATE_KEYS_DIR.
Support keys by agent_ssh_key_from_file.
(ssh_handler_request_identities): Move card key handling to
ssh_send_available_keys.
* agent/findkey.c (public_key_from_file): New.  Adding handling
for SSH.
(agent_public_key_from_file): Use public_key_from_file.
(agent_ssh_key_from_file): New.

--

GnuPG-bug-id: 5996
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-26 17:11:52 +09:00
NIIBE Yutaka
c07c79a1d7 agent: Fix get_keyinfo_on_cards.
* agent/command.c (get_keyinfo_on_cards): Make it static.  Don't
return bogus value on error.  Return NULL when scdaemon is disabled.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-26 17:07:31 +09:00
NIIBE Yutaka
295a6a7591 agent: Handle USAGE information in KEYINFO.
* agent/agent.h (struct card_key_info_s): Add USAGE field.
* agent/call-scd.c (card_keyinfo_cb): Parse USAGE field.
Allow optional SERIALNO, IDSTR, and USAGE fields.
Fix releasing on possible allocation error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-26 14:01:03 +09:00
NIIBE Yutaka
5264d3f58e scd: Return USAGE information for KEYINFO command.
* scd/command.c (hlp_keyinfo): Update.
(send_keyinfo): Add a USAGE argument.
* scd/scdaemon.h (send_keyinfo): Add a USAGE argument.
* scd/app-nks.c (set_usage_string): New.
(do_learn_status_core, do_readkey): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/app-openpgp.c (get_usage_string): New.
(send_keypair_info): Use get_usage_string.
(send_keyinfo_if_available): Add USAGE to call send_keyinfo,
using get_usage_string.
* scd/app-p15.c (set_usage_string): New.
(send_keypairinfo): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/app-piv.c (do_with_keygrip): Add USAGE to call send_keyinfo.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-26 12:01:16 +09:00
NIIBE Yutaka
64c8786105 scd,piv: Fix status report of KEYPAIRINFO.
* scd/app-piv.c (do_readkey): Use "-" for usage when not available.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-26 11:57:31 +09:00
NIIBE Yutaka
052f58422d agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
and assuan_end_confidential, and wipe the memory after use.
* agent/command.c (cmd_preset_passphrase): Likewise.
(cmd_put_secret): Likewise.
* scd/command.c (pin_cb): Likewise.

--

GnuPG-bug-id: 5977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-25 14:53:06 +09:00
NIIBE Yutaka
8e859331ea agent: Add missing assuan_end_confidential call.
* agent/command.c (send_back_passphrase): Fix.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-25 13:49:21 +09:00
NIIBE Yutaka
ea97683d58 scd: Support automatic card selection for READCERT with keygrip.
* scd/command.c (cmd_readcert): Select by KEYGRIP.

--

GnuPG-bug-id: 6003
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-24 16:17:01 +09:00
NIIBE Yutaka
1b0c4c2778 agent: Fix a bug accessing after release when opt.verbose.
* agent/command-ssh.c (ssh_handler_request_identities): Don't release
KEY_PUBLIC too early.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 15:51:47 +09:00
NIIBE Yutaka
ef3e5fd403 agent: Factor out handling scanning over ssh keys.
* agent/command-ssh.c (ssh_send_available_keys): New.
(ssh_handler_request_identities): Use ssh_send_available_keys.

--

GnuPG-bug-id: 5985
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 15:46:49 +09:00
NIIBE Yutaka
5986310866 agent: Show "Label:" field of private key when prompt the insertion.
* agent/findkey.c (prompt_for_card): Use "Label:" field.
(agent_key_from_file): Use KEYMETA.

--

GnuPG-bug-id: 5986
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 14:38:33 +09:00
NIIBE Yutaka
6a37240cf2 agent: Move confirmation handling into findkey.c.
* agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API.
(divert_pksign, divert_pkdecrypt): Likewise.
* agent/divert-scd.c (ask_for_card): Remove.
(divert_pksign, divert_pkdecrypt): Don't call ask_for_card.
* agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt):
Remove DESC_TEXT argument.
* agent/findkey.c (prompt_for_card): New (was: ask_for_card).
(agent_key_from_file): Call prompt_for_card when it's a key
on card.
* agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API.
* agent/pksign.c (agent_pksign_do): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-20 13:43:08 +09:00
NIIBE Yutaka
598b3fdfaa agent: Pop up dialog window for confirmation, when specified so.
* agent/findkey.c (agent_key_from_file): Support "Confirm:".

--

GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-19 14:37:01 +09:00
NIIBE Yutaka
09357d7eae agent: Supply GRIP=NULL for agent_key_from_file, for real use.
* agent/findkey.c (agent_key_from_file): Change the semantics of
GRIP.  Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH.
* agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL.
* agent/pksign.c (agent_pksign_do): Likewise.

--

GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-19 14:04:33 +09:00
NIIBE Yutaka
1b1684cf61 scd: Fix use of SCardListReaders for PC/SC.
* scd/apdu.c (apdu_dev_list_start): Initialize NREADER.

--

Reported-by: Ludovic Rousseau
GnuPG-bug-id: 5979
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-17 10:19:44 +09:00
NIIBE Yutaka
53eddf9b9e scd: Fail when no good algorithm attribute.
* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
(change_keyattr): Follow the change.
(app_select_openpgp): Handle the error of parse_algorithm_attribute.

--

This change allows following invocation of app_select_openpgp, which
may work well (if the problem is device side for initial connection).

GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-11 11:16:26 +09:00
Werner Koch
5e5df82b5f
scd:openpgp: New card vendor.
--

BTW, we should add a function to read out the entire table so that you
can ask scdaemon for that list.  iirc,  Kleopatra still uses a copy of
the table.
2022-05-10 16:21:27 +02:00
NIIBE Yutaka
14068dfc74 dirmngr: Fix for Windows.
* dirmngr/http.c (EHOSTUNREACH, EAFNOSUPPORT): Define when not
available.
[HTTP_USE_GNUTLS] (my_gnutls_read): Use recv for Windows.
[HTTP_USE_GNUTLS] (my_gnutls_write): Use send for Windows.

--

Reported-by: Eli Zaretskii
GnuPG-bug-id: 5899
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-10 14:54:40 +09:00
NIIBE Yutaka
09df630e4b tests: Enable tests with keyboxd only when it's configured.
* tests/gpgscm/tests.scm (in-objdir): Move from...
* g13/all-tests.scm: ... here.
* tests/openpgp/all-tests.scm (keyboxd-enabled?): New.
(tests): Enable when keyboxd-enabled?.

--

GnuPG-bug-id: 5966
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-10 11:49:06 +09:00
Werner Koch
3d7d7e8bfd
scd:p15: Improve the displayed S/N for Technology Nexus cards.
* scd/app-p15.c (any_control_or_space_mem): New.
(get_dispserialno): Add new code.
--

This works with my test cards and now reflects what's printed on the
front matter of the card.
2022-05-06 11:43:07 +02:00
Werner Koch
6f612fd5f6
scd:p15: Fix the the sanity check of the displayed S/N.
* scd/app-p15.c (any_control_or_space): Fix loop.
--

This check is only done to avoid printing wrongly encoded S/N for
human consumption.
e
2022-05-06 11:39:30 +02:00
NIIBE Yutaka
054d14887e scd: Add workaround for ECC attribute on Yubikey.
* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
octet in a key attribute.

--

GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-06 18:27:11 +09:00
Werner Koch
bbcca7357b
scd:p15: Fix reading certificates without length info.
* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
object has no length info.  Add debug output when reading a cert.
(read_p15_info): No more need to disable extended mode for GeNUA cards.
2022-05-05 13:39:03 +02:00
Werner Koch
7dc5693926
scd: New debug flags "card".
* scd/scdaemon.c (debug_flags): Add "card".
* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.
--

Some information from parsing the card are often very helpful.
However, the card_io triggered APDU dumps are in most cases too heavy.
Thus this new debug flag.
2022-05-05 13:35:56 +02:00
Werner Koch
385f484133
scd:openpgp: Fix a segv for cards supporting unknown curves.
* common/openpgp-oid.c (get_keyalgo_string): Do not strdup NULL.
--

GnuPG-bug-id: 5963
2022-05-05 09:38:32 +02:00
NIIBE Yutaka
4fe8859541 gpgscm: Fix handling an error for chdir.
* tests/gpgscm/ffi.c (do_chdir): Use gpg_error_from_syserror.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-02 14:16:47 +09:00
NIIBE Yutaka
792374edb6 tests: Fix plain invocation of "make check".
* tests/openpgp/run-tests.scm: Check if *args* is null or not.

--

Fixes-commit: ba2f2085a9
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-02 14:03:57 +09:00
NIIBE Yutaka
602c37ac06 tests: Add a test for Ed25519 keys for non-protected secret.
* tests/openpgp/issue5120.scm: New.

--

GnuPG-bug-id: 5120, 5953
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-02 10:39:06 +09:00
NIIBE Yutaka
bd5dbdb813 kbx: Fix a race condition which results no status report.
* kbx/keyboxd.h (kbxd_status_printf): New.
* kbx/backend-support.c (be_return_pubkey): Use kbxd_status_printf.
* kbx/kbxserver.c (kbxd_status_printf): New.
* kbxd_start_command_handler (kbxd_start_command_handler): Don't
use set_assuan_context_func, because the function pointer is
shared by multiple threads.

--

GnuPG-bug-id: 5948
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-27 13:49:30 +09:00
Ingo Klöcker
35b1755070 gpg: Look up user ID to revoke by UID hash
* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
(keyedit_quick_revuid): Use find_userid() instead of iterating over the
nodes of the keyblock.
* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
user ID specified by its hash.
--

This makes it possible to specify the user ID to revoke as UID hash when
calling --quick-revoke-uid.

GnuPG-bug-id: 5936
2022-04-26 11:48:47 +02:00
NIIBE Yutaka
f27a70ecc2 tests: Avoid auto-removal when test fails.
* tests/gpgscm/init.scm (*exit-status*): New.
(exit): Set *exit-status*.
* tests/gpgscm/tests.scm (mkdtemp-autoremove): Check
exit-status and only remove the directory if not zero.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 17:20:08 +09:00
NIIBE Yutaka
ba2f2085a9 tests: Support single invocation with variant.
* tests/openpgp/run-tests.scm: Add GPGSCM_TEST_VARIANT support.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 12:54:07 +09:00
NIIBE Yutaka
d6eb276133 dirmngr: Fix for C90 compiler.
* dirmngr/dirmngr.c (main): Declaration before a statement.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 11:16:28 +09:00
NIIBE Yutaka
03e8668dbb tests: Let make check-all work again.
* Makefile.am (TESTS_ENVIRONMENT): Add GNUPG_BUILD_ROOT.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 11:15:07 +09:00
NIIBE Yutaka
a9754879d1 tests: Use module_tests for testing agent/.
* agent/Makefile.am (module_test): New.
* agent/all-tests.scm: Use module_tests instead of TESTS.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 11:13:54 +09:00
NIIBE Yutaka
adf24ce618 tests: Skip testsing g13 when it's not enabled.
* g13/all-tests.scm: Skip the test by examining $objdir/Makefile.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 11:12:57 +09:00
NIIBE Yutaka
16720e1f54 tests: Fix check-all for tests/openpgp.
* tests/openpgp/Makefile.am: Revert the change by DISABLE_REGEXP.
* tests/openpgp/all-tests.scm: Likewise.

--

Fixes-commit: ba247a114c
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 10:53:30 +09:00
Werner Koch
73ef575fe1
Post release updates
--
2022-04-25 16:37:47 +02:00
Werner Koch
3a8164e69c
Release 2.3.6 2022-04-25 15:48:13 +02:00
Werner Koch
638354b117
po: Auto update
--
2022-04-25 15:47:37 +02:00
Werner Koch
d0a0c3f479
po: Fixed two fuzzies in the Japanese translation
--
2022-04-25 15:45:51 +02:00
Werner Koch
12b3666ebd
po: Update German translation
--
2022-04-25 15:42:31 +02:00
Werner Koch
f6caf5b173
gpg: Avoid NULL ptr access due to corrupted packets.
* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
with NULL and length > 0
(parse_key): Ditto.
--

GnuPG-bug-id: 5940, 5946
2022-04-25 15:21:05 +02:00
Todd Zullinger
beb79f2705
sm: Use gpg_err_code() instead of -1
* sm/verify.c (gpgsm_verify): use gpg_err_code instead of 'rc == -1'
comparison.
--

In ed6ebb696e (sm: Implement initial support for keyboxd., 2020-09-10),
the return of keydb_search() was changed to use gpg_err_code().  Adjust
gpgsm_verify() to use it.  This provides a nicer error message to users
when a certificate is not found -- the same error that is seen from 2.2.

Prior to this change, when a cert was not found, gpgsm output:

    gpgsm: failed to find the certificate: Not found

as opposed to the more human-readable message from 2.2:

    gpgsm: certificate not found

They now return the same message.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2022-04-25 12:09:50 +02:00
Werner Koch
ca5d5142c6
Deprecate the --supervised options.
* agent/gpg-agent.c (main): Mark --supervised as deprecated.
* dirmngr/dirmngr.c (main): Ditto.
--

The supervised thing causes more trouble than it pretends to solve.
2022-04-25 12:03:45 +02:00
Werner Koch
0f8623d518
gpg: Emit an ERROR status as hint for a bad passphrase.
* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
--

This allows GPGME to return a better error message than "bad session
key" to the user.  Technically we could get run into these errors also
in other cases but this more unlikley.  For the command line use we
don't do anything to not change the expected output of the command
line interface.

GnuPG-bug-id: 5943
2022-04-25 11:24:14 +02:00