1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-30 19:58:44 +01:00
Commit Graph

10328 Commits

Author SHA1 Message Date
Werner Koch
c6cecbd89a
gpg: New option --default-new-key-adsk.
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
(cherry picked from commit ed118e2ed5)
2024-07-01 15:00:16 +02:00
Werner Koch
28dd05a079
common: New function tokenize_to_strlist.
* common/strlist.c (append_to_strlist_try): Factor code out to ...
(do_append_to_strlist): new.
(tokenize_to_strlist): New.

* common/t-strlist.c (test_tokenize_to_strlist): New.

(cherry picked from commit d2dca58338)
2024-07-01 14:58:42 +02:00
Werner Koch
6551281ca3
gpg: Implement the LDAP AKL method.
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove.  It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--

The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.

(cherry picked from commit 068ebb6f1e)
2024-07-01 14:48:48 +02:00
NIIBE Yutaka
5746c944cd
agent: Require use of "SCD DEVINFO --watch" command with socket.
* agent/call-scd.c (agent_card_devinfo): Check if client connects
by a socket.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit c4ff9c5def)
2024-07-01 14:38:51 +02:00
NIIBE Yutaka
81fc7b291e
agent: Initialize thread_startup.fd for pipe connection.
* agent/gpg-agent.c (main): Let it have defined value.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 14400b2fb3)
2024-07-01 14:38:50 +02:00
Werner Koch
0ed8e9ae3e
agent: Handle SCD DEVINFO --watch command in a special way.
* agent/call-scd.c (devinfo_watch_thread): New.
(agent_card_devinfo): New.
(agent_card_scd): Call agent_card_devinfo when it's
DEVINFO_WATCH_COMMAND.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit b3f1f2cd19)
2024-07-01 14:38:46 +02:00
NIIBE Yutaka
fd9872295b
agent:daemon: Add an argument to specify requiring socket connection.
* agent/agent.h (daemon_start): Add REQ_SOCK argument.
* agent/call-daemon.c (daemon_start): Support specifying a socket
connection.
* agent/call-scd.c (start_scd): Connection don't care.
* agent/call-tpm2d.c (start_tpm2d): Likewise.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 5d980802ac)
2024-07-01 14:17:09 +02:00
NIIBE Yutaka
59e785b543
scd: Restrict use of DEVINFO --watch command for socket connection.
* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d98521b934)
2024-07-01 14:16:48 +02:00
NIIBE Yutaka
6996e5f6ff
scd: Finish DEVINFO --watch command on input close.
* scd/app.c (card_list_signal): Use pipe on POSIX system, event on
Windows.
(card_list_wait): Detect input change as well as card list event
change.
(app_send_devinfo): Finish the command on input close.
(initialize_module_command): Initialize pipe or event.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 36d8cffc6c)
2024-07-01 14:16:18 +02:00
NIIBE Yutaka
fc732131a1
scd: Factor out scd_init_event function.
* scd/scdaemon.c (scd_init_event): New.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 9aa6faaf10)
2024-07-01 14:15:39 +02:00
NIIBE Yutaka
e94f793ebf
Fix the previous commit.
* scd/scdaemon.c (start_connection_thread): Recover call of
scd_command_handler.

--

GnuPG-bug-id: 7160
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 9bc3f2ad52)
2024-07-01 14:14:59 +02:00
NIIBE Yutaka
70bb9c5127
scd: Fix how scdaemon pipe server finishes.
* scd/scdaemon.h (scd_command_handler): Fix the return type.
* scd/command.c (scd_command_handler): Not return a value.
* scd/scdaemon.c (pipe_server): Make it auto variable in main.
(main): Use auto PIPE_SERVER variable.
(start_connection_thread): When it's a pipe connection and it
finishes, let the service shutdown.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 01fa318be0)
2024-07-01 14:14:49 +02:00
NIIBE Yutaka
76066d71f4
agent: Clean up for scdaemon handling.
* agent/call-daemon.c (struct daemon_local_s): Remove G field.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 55559c8b66)
2024-07-01 14:13:51 +02:00
NIIBE Yutaka
c868d23f61
agent: Fix a race condition which results accessing finished scd.
* agent/call-daemon.c (daemon_start): Decision of connection/reuse of
CTX and assignment to ->ctx should be done with the lock.

--

When scdaemon is exiting and agent tries to spawn/connect/reconnect,
there is a race condition between detecting finish of scd and
spawn/connect/reconnect.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 563bfbb0be)
2024-07-01 14:13:10 +02:00
Werner Koch
a564a9f66c
gpg-mail-tube: New utility.
* tools/gpg-mail-tube.c: New.
* tools/Makefile.am: Add it.
--

Backported-from-master: 28a080bc9f

We had to use the old spawn interface from gnupg-2.4 here.
2024-07-01 12:16:12 +02:00
Werner Koch
2130760904
tools: New support functions for the mail parser.
* tools/rfc822parse.h (RFC822PARSE_HEADER_SEEN): New.
* tools/rfc822parse.c (rfc822_cmp_header_name): New.
(insert_header): Run header seen callback.
(rfc822parse_last_header_line): New.
(rfc822_free): New.
* tools/wks-receive.c (t2body): Use it here.
* tools/mime-parser.c (parse_message_cb): and here.
---

Backported-from-master: 675b12ddd8
2024-07-01 10:50:18 +02:00
Frans Spiesschaert
afcac631f1
po: Update Dutch translation
--
2024-06-25 09:48:15 +02:00
Todd Zullinger via Gnupg-devel
95062e27c6
doc: fix home dir path in common.conf
* doc/examples/common.conf: fix home dir path

--

Fix a few typos in user-specific path of common.conf added in d13c5bc24
(gpg,gpgsm: Move use-keyboxd to the new conf file common.conf,
2021-04-19).  The file is in the GnuPG home dir.  Replace 'use if' with
'use of' as well.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2024-06-25 09:43:23 +02:00
Werner Koch
489b9c6ebb
gpg: Rename recently added import option no-seckeys to only-pubkeys.
* g10/import.c (parse_import_options): Rename option.
* g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS.
Change all users.
--

GnuPG-bug-id: 7146
2024-06-24 11:49:51 +02:00
Werner Koch
db556fcb7a
gpg: Add --import-option "no-seckeys".
* g10/import.c (parse_import_options): Add "no-seckeys".
--

GnuPG-bug-id: 7146
2024-06-11 15:54:09 +02:00
Werner Koch
d6bbb90f1e
gpg: Do not bail out on secret keys with an unknown algo
* g10/getkey.c (lookup): Skip keys with unknown algos.
--

If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out.  Thus decryption of proper
messages was not possible.  This fix skips such secret keys.
2024-06-11 12:41:51 +02:00
Werner Koch
025a9853c7
build: Now uses an external gpg-authcode-sign.sh
--
2024-06-10 11:35:15 +02:00
Werner Koch
02fc728b41
Update NEWS
--
2024-06-10 09:30:40 +02:00
Werner Koch
a2966c9d89
gpg: Do not show RENC if no key capabilities are found for a key.
* g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New.
* g10/getkey.c (merge_selfsigs_subkey): Mask the default.
(merge_selfsigs_main): Ditto.
2024-06-05 11:18:13 +02:00
Jakub Jelen
f549446933
gpg-auth: Fix use after free.
* tools/gpg-auth.c (ssh_authorized_keys): Move free after printing error
message.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
(cherry picked from commit 9adaa79ab4)
2024-05-29 11:49:10 +02:00
Jakub Jelen
ece154562f
gpgsm: Avoid double free when checking rsaPSS signatures.
* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.

--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40c
(cherry picked from commit dcb0b6fd48)
2024-05-29 11:48:54 +02:00
Jakub Jelen
524e3a9345
scd: Avoid buffer overrun with more than 16 PC/SC readers.
* scd/apdu.c (apdu_dev_list_start): Fix end condition.

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

This is part of
GnuPG-bug-id: 7129
Fixes-commit: e8534f8999

(cherry picked from commit 4c1b007035)
2024-05-29 11:48:31 +02:00
Jakub Jelen
521455df07
agent: Avoid uninitialized access in GENKEY command on parameter error.
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

This is part of
GnuPG-bug-id: 7129

(cherry picked from commit 379fc5569d)
2024-05-29 11:48:17 +02:00
Werner Koch
5e7ea64305
agent: Avoid double free of empty string in the PIN caching.
* agent/call-scd.c (handle_pincache_get): Set PIN to NULL.  Also add
DBG_CACHE conditionals and don't return the pin in the debug output.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit bdbf5cee2f)
2024-05-29 11:48:02 +02:00
Werner Koch
19d93a239d
agent: Make sure to return success in ephemeral store mode.
* agent/genkey.c (store_key): Clear ERR on success.
--

This fixes a real problem which might let ephemeral store mode fail
randomly.

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit fdc5003956)
2024-05-29 11:47:28 +02:00
Werner Koch
0b52f83780
wks: Make sure that ERR is always initialized.
* tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case
the loop is never run.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit 021c27510b)
2024-05-29 11:47:13 +02:00
Werner Koch
234e9db3c3
gpg: Avoid a double free on error in the key generation.
* g10/keygen.c (card_store_key_with_backup): Avoid double free and
simplify error handling.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit bcc002cd45)
2024-05-29 11:46:48 +02:00
Werner Koch
f46d75f0b2
scd:openpgp: Add new vendor.
--
2024-05-29 11:46:03 +02:00
Werner Koch
5355d08855
card: Fix compiler warning.
* tools/gpg-card.h (opt): Make gpg_program, gpgsm_program, and
agent_program const.
2024-05-16 09:34:52 +02:00
Werner Koch
7f661aa129
kbx: Use standard function to setup gcrypt logging in kbxutil.
* kbx/kbxutil.c (main): Use setup_libgcrypt_logging.
(my_gcry_logger): Remove.
2024-05-16 09:34:46 +02:00
Werner Koch
758cd4ccfc
po: Enable Dutch translation
--

Although it is largely outdated, it does not harm too much.
GnuPG-bug-id: 7120
2024-05-16 09:24:14 +02:00
NIIBE Yutaka
6b2ebc36a9
scd:openpgp: Robust Data Object handling for constructed case.
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.

--

Cherry-pick master commit of:
	35ef87d8d9

GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-16 09:42:47 +09:00
NIIBE Yutaka
0eefa08295
gpg: Allow no CRC24 checksum in armor.
* g10/armor.c (radix64_read): Detect the end of armor when
there is no CRC24 checksum.

--

Cherry-pick master commit of:
	3a344d6236

GnuPG-bug-id: 7071
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-16 09:42:39 +09:00
Werner Koch
3bbfcab606
Update NEWS
--
2024-05-15 12:31:33 +02:00
Werner Koch
7728a179e0
tests: Avoid new C23 keyword true.
* tests/asschk.c (eval_boolean): s/true/tru/
--

GnuPG-bug-is: 7093
2024-04-22 08:05:28 +02:00
Werner Koch
2a0a706eb2
gpg: Mark disabled keys and add show-ownertrust list option.
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".

* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--

Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
2024-04-17 12:57:53 +02:00
Werner Koch
967678d972
gpg: New command --quick-set-ownertrust.
* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
2024-04-17 12:56:19 +02:00
Werner Koch
b261478c06
agent: Fix error handling of READKEY.
* agent/command.c (cmd_readkey): Jump to leave on reading error.
--

Fixes-commit: d7a3c455c5
2024-04-05 14:45:05 +02:00
Werner Koch
548fd7bca7
gpg: Don't show the "fast path listing" diagnostic with --quiet.
* g10/call-agent.c (agent_probe_any_secret_key): Act on --quiet.
--

When using the extra-socket this disagnostic will be printed because a
listing of all secret keys is not allowed by a remote gpg.
2024-04-05 11:02:43 +02:00
Werner Koch
0b1f7427b3
gpg: Do not allow to accidently set the RENC usage.
* g10/keygen.c (print_key_flags): Print "RENC" if set.
(ask_key_flags_with_mask): Remove RENC from the possible set of
usages.  Add a direct way to set it iff the key is encryption capable.
--

This could be done by using "set your own capabilities" for an RSA
key.  In fact it was always set in this case.

GnuPG-bug-id: 7072
2024-04-04 16:39:14 +02:00
Werner Koch
98e287ba6d
gpgconf: Change layout of the gpgconf -X output.
* tools/gpgconf.c (list_dirs): Change the config mode output.
(my_copy_file): Adjust output for org-mode style.
(show_configs_one_file): Ditto.
(show_other_registry_entries): Ditto.
(show_registry_entries_from_file): Ditto.
(show_configs): Ditto.
2024-04-04 15:53:54 +02:00
Werner Koch
759adb2493
gpgconf: Check readability of some files with -X
* tools/gpgconf.c (list_dirs): Rename arg from special to
show_config_mode. Add "S.Uiserver" test and test existsing files for
readability.
2024-03-18 11:14:19 +01:00
Werner Koch
122803bf1a
gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag.
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--

GnuPG-bug-id: 7042

Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
2024-03-14 21:51:27 +01:00
Werner Koch
c27534de95
gpg-check-pattern: Consider an empty pattern file as valid
* tools/gpg-check-pattern.c (read_file): Check length before calling
fread.
--

The problem with an empty file is that es_fread is called to read one
element of length zero which seems to be undefined behaviour and
results in ENOENT on my test box.
2024-03-13 15:33:03 +01:00
Werner Koch
609b1ec0c6
Post release updates
--
2024-03-07 15:10:47 +01:00