1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

3954 Commits

Author SHA1 Message Date
Werner Koch
cd1b696b28 gpg: Fix bug with deeply nested compressed packets.
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-02 09:17:38 +02:00
Marcus Brinkmann
801ea11f21 2009-11-10 Marcus Brinkmann <marcus@g10code.de>
* server.c (cmd_getauditlog): Don't dup FD for es_fdopen_nc as
	this leaks the FD here.

(cherry picked from commit b3cda3f45cdbf3c66538589c7e108cbf73adc850)

Resolved Conflicts:
	sm/ChangeLog-2011 - Removed.

GnuPG-bug-id: 1535
2013-09-18 08:31:53 +02:00
Werner Koch
0f18295ac8 gpg: Use 2048 as the default keysize in batch mode.
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:19:47 +02:00
Werner Koch
4d93e5e3cf gpgtar: Fix building for systems with a separate libintl.
* tools/Makefile.am (gpgtar_LDADD): Add LIBINTL.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 12990efb45ee7c425167aad19fe759d5609c5182)

Resolved conflicts:
	tools/Makefile.am => Libiconv was already there.
2013-08-30 10:11:03 +02:00
NIIBE Yutaka
755f92e2af scd: PC/SC pinpad input improvement.
* scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
PINPAD_VERLEN_SUPPORTED.
(CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
PCSCv2_PART10_PROPERTY_*): New.
(new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
(pcsc_vendor_specific_init): New.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
pcsc_vendor_specific_init.
(check_pcsc_pinpad): Not detect here but use the result of
pcsc_vendor_specific_init.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.

--

(cherry picked from commit 95a3bffeaf07e8bf9487d4b165c336d166236fc1)

Signed-off-by: NIIBE Yutaka

--
2013-08-30 11:15:32 +09:00
Jonas Borgström
6acb1d06f0 scd: add support for RSA_CRT and RSA_CRT_N key import.
* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.

--

Updates of original patch by wk:

  -      unsigned char *rsa_u, *rsa_dp, rsa_dq;
  +      unsigned char *rsa_u, *rsa_dp, *rsa_dq;

and AUTHORS.  Missing signed-off-by assumed due to DCO send the other
day.

(cherry picked from commit cc67918c088e90c1d9a507af5f6288e8faa93d87)

Solved conflicts:
	AUTHORS => Removed
	scd/app-openpgp.c => s/.rsa.format/.format/.
2013-08-29 18:11:01 +02:00
NIIBE Yutaka
9158f58822 scd: fix parsing login-data DO.
* scd/app-openpgp.c (parse_login_data): Release RELPTR.  Fix parsing.

--

Signed-off-by: NIIBE Yutaka
2013-08-27 10:28:50 +09:00
NIIBE Yutaka
6d8f36a045 scd: fix Vega for Alpha reader.
* scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
and size of command.

--

Signed-off-by: NIIBE Yutaka
2013-08-27 10:19:49 +09:00
Werner Koch
b63717031d scd: Make SPRx32 pinpad work with PC/SC on Windows.
* scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
(SCARD_CTL_CODE): Define if not defined.
(reader_table_s): Add is_spr532.
(new_reader_slot): Clear it.
(check_pcsc_pinpad): Set it.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5c5e52df4b92e23045ac87abac09357de58920d4)
2013-08-21 16:47:44 +02:00
Werner Koch
43e85d7bee scd: Improve --enable-pinpad-varlen.
* tools/gpgconf-comp.c (gc_options_scdaemon): Add
enable-pinpad-varlen.
* scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 7bde2bf3b0ddb5d3515a44879e1a7ddb581a5c0b)
2013-08-21 16:47:34 +02:00
Werner Koch
45f43ed5f6 Post release updates.
--
2013-08-19 14:32:51 +02:00
Werner Koch
9cf37aa690 Release 2.0.21 gnupg-2.0.21 2013-08-19 13:09:07 +02:00
Werner Koch
2d360a9637 Require libgpg-error 1.11.
* configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11.
* common/util.h: Remove GPG_ERR_ replacements.
--

The replacement macros actually never worked because gog-error.h uses
enums and not macros.  libgpg-error 1.11 is 6 months old and thus it
should not be a problem to require that version.

Future replacement macros may then use the new
GPG_ERROR_VERSION_NUMBER to detect missing error codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-19 13:08:37 +02:00
Werner Koch
284e387707 po: Auto updates.
--
2013-08-19 11:59:15 +02:00
Jakub Bogusz
bffd8128bf Update the Polish translation 2013-08-19 11:51:38 +02:00
Werner Koch
9f5578c29a agent: Fix UPDATESTARTUPTTY for ssh.
* agent/command-ssh.c (setup_ssh_env): Fix env setting.
--

gniibe reported this to gnupg-devel on 2012-07-04:

  [...]
  (2) UPDATESTARTUPTTY doesn't work to switch TTY for pinentry for
      SSH.

  [...]

  Current implementation:

      In the function start_command_handler_ssh, the logic puts
      priority on ctrl->session_env which is initialized by
      agent_init_default_ctrl.  There are always GPG_TTY and TERM
      defined, because lines around 968 in gpg-agent.c, it says:

  	/* Make sure that we have a default ttyname. */

      While UPDATESTARTUPTTY updates opt.startup_env, it doesn't
      affect at all.

  Here is a patch to point the issue.  Tested and works for me.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-19 11:44:59 +02:00
Werner Koch
0c5d3da96a tests: Make sure not to create files outside the build directory.
* tests/openpgp/Makefile.am (./gpg_dearmor): Add option --homedir.

--

The dearmor code might create files in the source directory during a
test run.  Adding "--homedir ." should solve this.

GnuPG-bug-id: 1498.
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-19 11:35:06 +02:00
Werner Koch
3966eb2445 gpgv: Init Libgcrypt to avoid syslog warning.
* g10/gpgv.c (main): Check libgcrypt version and disable secure
memory.
--

GnuPG-bug-id: 1376
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-19 11:22:11 +02:00
Werner Koch
88914a9e24 agent: Extend cmd KEYINFO to return data from sshcontrol.
* agent/command-ssh.c (struct control_file_s): Rename to
ssh_control_file_s.
(ssh_open_control_file, ssh_close_control_file)
(ssh_read_control_file, ssh_search_control_file): New.
(control_file_t):  Rename and move to ...
* agent/agent.h (ssh_control_file_t): here.
* agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
and confirm. Rename unknown keytype indicator from '-' to 'X'.  Extend
output.
(cmd_keyinfo): Add options --ssh-list and --with-ssh.
--

This extension allows the development of frontends to manage the
sshcontrol file.

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit 50c98c7ed6b542857ee2f902eca36cda37407737)

Conflicts in agent/command.c (due to less information printed by
keyinfo) solved.
2013-08-08 21:44:52 +02:00
Werner Koch
110b52fffa Improve libcurl detection.
* m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been
given.  Suggested by John Marshall.
--

GnuPG-bug-id: 1510
2013-08-06 10:31:54 +02:00
Werner Koch
f3c5cc8bcd gpg: Remove legacy keyserver examples from the template conf file.
* g10/options.skel: Update.
2013-08-06 10:04:12 +02:00
Werner Koch
7c028efc18 gpg: No need to create a trustdb when encrypting with --always-trust.
* g10/gpg.c (main): Special case setup_trustdb for --encrypt.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit 498b9a95dc65c43240835d64cc92d8fb43014d53)
2013-08-02 09:26:32 +02:00
Werner Koch
4f90c7b914 w32: Add code to support a portable use of GnuPG.
* common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
(check_portable_app) [W32]: New.
(standard_homedir, default_homedir) [W32]: Support the portable flag.
(w32_rootdir, w32_commondir) [W32]: Ditto.
(gnupg_bindir) [W32]: Ditto.
--

A portable use of GnuPG under Windows means that GnuPG uses a home
directory depending on the location of the actual binary.  No registry
variables are considered.  The portable mode is enabled if in the
installation directory of the the binary "gpgconf.exe" and a file
"gpgconf.ctl" are found.  The latter file shall be empty or consist
only of empty or '#'-style comment lines.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-01 19:50:52 +02:00
Werner Koch
aff557409c w32: Always require libiconv.
* configure.ac (missing_iconv): Set and die if we have no libiconv.
* m4/iconv.m4: Update from libiconv 1.14.
* tools/Makefile.am (gpgtar_LDADD): Add LIBICONV.
* jnlib/utf8conv.c: Always include iconv.h
(load_libiconv): Remove this w32 only function.
(iconv_open, iconv, iconv_close): Remove W32 function pointer.
(set_native_charset): Do not call load_libiconv.
(jnlib_iconv_open, jnlib_iconv, jnlib_iconv_close): Ditto.
--

This patch removes the on-demand-loading of libiconv which we did for
13 years or so.  The rationale back then was that libiconv is too
large and often not used.  Nowadays all kind of Unix software has been
ported to Windows and many of them require libiconv.  Thus in the end
there is no saving from not requiring it.  It also remove a common
source of trouble with awrong or missing iconv.dll.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-01 19:48:00 +02:00
Werner Koch
1b89863ec1 w32: Remove unused code.
* jnlib/w32-reg.c (write_w32_registry_string): Remove.
2013-08-01 14:02:50 +02:00
Werner Koch
c3a57d7677 po: Auto updates.
--
2013-07-03 15:36:46 +02:00
Werner Koch
ebbce67489 Update the German translation. 2013-07-03 15:21:33 +02:00
Werner Koch
90b419f3e9 agent: Make --allow-mark-trusted the default.
* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
Put this option into the gpgconf-list.
(main): Enable opt.allow_mark_trusted by default.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
allow-mark-trusted by no-allow-mark-trusted.

* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.

--

These changes have been in effect for the Gpg4win Windows version
since 2011-01-24 and thus first released with Gpg4win 2.1.0.  Given
the current state of PKIX it does not make any sense to lure the Unix
user into false security by making it harder to trust self-signed or
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 15:20:25 +02:00
Werner Koch
8b0cf1f59e po: Auto updates.
--
2013-07-03 13:40:16 +02:00
Werner Koch
0c01a04369 Update the German translation. 2013-07-03 13:32:52 +02:00
Werner Koch
9f32499f99 ssh: Add support for Putty.
* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support.  Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
--

This patch enables support for Putty.  It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file.  It
also works with a smartcard key.

May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 13:29:47 +02:00
Werner Koch
ed056d67c7 agent: Fix binary vs. text mode problem in ssh.
* agent/command-ssh.c (file_to_buffer)
(ssh_handler_request_identities): Open streams in binary mode.
(start_command_handler_ssh): Factor some code out to ..
(setup_ssh_env): new function.
--

This is for now a theoretical fix because there is no ssh client yet
which uses the GnuPG style IPC.  OpenSSL for Cygwin uses only a quite
similar one.  gniibe suggested to implement that IPC style in
Libassuan so that a Cygwin version of OpenSSL may be used with GnuPG.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 13:10:29 +02:00
Werner Koch
27e403bff7 Silence deprecated warnings from gcc 4.6.3.
* configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
--

Frankly, I don't understand why gcc prints them.  We don't use them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 12:59:56 +02:00
Werner Koch
9b8518ffc9 estream: Backport es_fopemem_init from master.
* common/estream.c (es_fopenmem_init): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 09:30:22 +02:00
Werner Koch
a1398844ad Update NEWS.
--
2013-07-01 20:49:50 +02:00
Werner Koch
e065969018 ssh: Mark unused arg.
* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Cast spec to
void.
2013-07-01 20:34:55 +02:00
Werner Koch
b4cb20cfc3 ssh: Support ECDSA keys.
* agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
(struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
(ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
(ssh_signature_encoder_t): Add arg spec and adjust all callers.
(ssh_signature_encoder_ecdsa): New.
(sexp_key_construct, sexp_key_extract, ssh_receive_key)
(ssh_convert_key_to_blob): Support ecdsa.
(ssh_identifier_from_curve_name): New.
(ssh_send_key_public): Retrieve and pass the curve_name.
(key_secret_to_public): Ditto.
(data_sign): Add arg SPEC and change callers to pass it.
(ssh_handler_sign_request): Get the hash algo from SPEC.
* common/ssh-utils.c (get_fingerprint): Support ecdsa.

* agent/protect.c (protect_info): Add flag ECC_HACK.
(agent_protect): Allow the use of the "curve" parameter.
* agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.

* agent/command-ssh.c (ssh_key_grip): Print a better error code.
--

The 3 standard curves are now supported in gpg-agent's ssh-agent
protocol implementation.  I tested this with all 3 curves and keys
generated by OpenSSH 5.9p1.

Using existing non-ssh generated keys will likely fail for now. To fix
this, the code should first undergo some more cleanup; then the fixes
are pretty straightforward.  And yes, the data structures are way too
complicated.

(cherry picked from commit 649b31c663b8674bc874b4ef283d714a13dc8cfe)

Solved conflicts:

	agent/protect.c
	agent/t-protect.c
        common/ssh-utils.c (different variabale name)
2013-07-01 20:31:16 +02:00
Werner Koch
4b4df62eaf estream: New function es_fclose_snatch.
* common/estream.c (cookie_ioctl_function_t): New type.
(es_fclose_snatch): New function.
(COOKIE_IOCTL_SNATCH_BUFFER): New constant.
(struct estream_internal): Add field FUNC_IOCTL.
(es_initialize): Clear FUNC_IOCTL.
(es_func_mem_ioctl): New function.
(es_fopenmem): Init FUNC_IOCTL.
--

(back ported from commit id 7737a2c269657189a583cde7f214f20871d264f8)

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-01 20:31:14 +02:00
Werner Koch
cf7f930327 ssh: Rewrite a function for better maintainability
* agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.
--

Using es_fopenmem instead of a preallocated buffer is safer and easier
to read.
(cherry picked from commit f76a0312c3794afd81fe1e172df15eb0612deae0)
2013-07-01 20:31:12 +02:00
Werner Koch
9011625791 ssh: Improve key lookup for many keys.
* agent/command-ssh.c: Remove dirent.h.
(control_file_s): Add struct item.
(rewind_control_file): New.
(search_control_file): Factor code out to ...
(read_control_file_item): New.
(ssh_handler_request_identities): Change to iterate over entries in
sshcontrol.
--

Formerly we scanned the private key directory for matches of entries
in sshcontrol.  This patch changes it to scan the sshcontrol file and
thus considers only keys configured there.  The rationale for this is
that it is common to have only a few ssh keys but many private keys.
Even if that assumption does not hold true, the scanning of the
sshcontrol file is faster than reading the directory and only then
scanning the ssh control for each directory entry.

(cherry picked from commit d2777f84be0ded5906a9bec3bc23cfed0a9be02f)
2013-07-01 20:31:11 +02:00
Werner Koch
336112e519 ssh: Cleanup sshcontrol file access code.
* agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
the direct use of the string.
(struct control_file_s, control_file_t): New.
(open_control_file, close_control_file): New.  Use them instead of
using fopen/fclose directly.
--

(cherry picked from commit 25fb53ab4ae7e1c098500229c776d29b82713a20)

Fixed conflicts in some variabale names.
2013-07-01 20:31:07 +02:00
Werner Koch
fc7d033d8e ssh: Do not look for a card based ssh key if scdaemon is disabled.
* agent/command-ssh.c (ssh_handler_request_identities): Do not call
card_key_available if the scdaemon is disabled.
--

(back ported from commit id 781e9746dff21fc2721373205e63d1d09722d590)
2013-07-01 20:30:56 +02:00
Werner Koch
7ce72c97bf ssh: Make the mode extension "x" portable by a call to es_fopen.
* agent/command-ssh.c (open_control_file): Use_es_fopen to support
the "wx" mode flag.

--

This also patch also specifies a file mode parameter.  However, this
will only be used with an updated version of es_stream which we have
not yet done.
2013-07-01 20:30:30 +02:00
Werner Koch
8ddf604659 Fix syntax error for building on APPLE.
* scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.
--

For W32 and probably for Cygwin we don't need the wrapper, thus the
problems does not exhibit itself.
2013-05-11 21:46:43 +02:00
Werner Koch
9b8760233f Post release version bump.
--
2013-05-10 18:30:30 +02:00
Werner Koch
11ce4c79bb Release 2.0.20 gnupg-2.0.20 2013-05-10 15:54:31 +02:00
Werner Koch
45451565b9 po: Auto updates
--
2013-05-10 15:48:40 +02:00
Werner Koch
3f79a0b4b4 Update gpg-error, libgcrypt, and ksba m4 scripts.
* m4/gpg-error.m4: Update from libgpg-error repo.
* m4/ksba.m4: Likewise.
* m4/libgcrypt.m4: Likewise.
--

GnuPG-bug-id: 1496.
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-10 15:33:04 +02:00
Yuri Chornoivan
0a9a4a38df Update Ukrainian translation. 2013-05-10 15:02:45 +02:00
Werner Koch
e877f9ee12 Note: Wrong author in previous commit 049b3d9.
--

Magit keeps the author and date from the last commit unless reset with
a c-t.  Time for Jim's git-log-fix.
2013-05-07 21:57:56 +02:00