1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10675 Commits

Author SHA1 Message Date
NIIBE Yutaka
b1f2695d24
scd: Fix resource leaks on error paths.
* scd/app-dinsig.c (do_readcert): Don't return directly but care about
releasing memory.
* scd/app-nks.c (readcert_from_ef): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-11 09:51:54 +09:00
Werner Koch
d37971b45f
gpg: Improve wording for only-pubkeys.
* g10/import.c (parse_import_options): Add a description to
only-pubkeys.
--

See gnupg-devel for a brief discussion.
2024-11-08 08:35:04 +01:00
Werner Koch
74e81f830d
gpgtar: Make sure to create upper directories for regular files.
* tools/gpgtar-extract.c (extract_directory): Factor parent directory
creation out to ..
(try_mkdir_p): new.
(extract_regular): Create directory on ENOENT.

* g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the
public key was not found for preference checking.
--

If tarball was created with
    tar cf tarball file1.txt foo/file2.txt
the tarball has no entry for foo/ and thus the extraction fails. This
patch fixes this.

GnuPG-bug-id: 7380

The second patch avoid a wrong exist status status line due to the use
of log_error.  But the actual cause needs stuill needs tobe
investigated.
2024-11-07 15:06:17 +01:00
Werner Koch
567fb6eaa0
gpg-mail-type: Assume text/plain for missing content-type.
* tools/gpg-mail-tube.c (mail_tube_encrypt): Rename var ct_text for
clarity.  Replace debug diagnostic by log_info. Assume text/plain for
missing content-type.
--

Without this fix we would create message/rfc822 attachment instead of
a text/plain attachment with the encrypted body.
2024-11-07 10:51:04 +01:00
Werner Koch
b389e04ef5
gpgtar: Use log-file from common.conf only in --batch mode.
* tools/gpgtar.c (main): Do it.
--

This makes the interactive use of gpgtar more convenient and is more
aligned to what gpg and gpgsm do.
2024-11-07 10:51:04 +01:00
NIIBE Yutaka
8359f2e498
scd: Fix getinfo active_apps.
* scd/app.c (send_card_and_app_list): Avoid locking recursively.

--

Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-07 08:59:01 +09:00
NIIBE Yutaka
25a140542a
scd: Serialize CARD access for send_card_and_app_list.
* scd/app.c (send_card_and_app_list): Lock the CARD.

--

GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-06 11:36:48 +09:00
Werner Koch
88b04b47e7
po: Align German trustlist question to what we use in Kleopatra.
--

This replaces our long standing wedding style prompt to something more
straight.
2024-11-05 11:49:57 +01:00
Werner Koch
d30e345692
gpg: Allow the use of an ADSK subkey as ADSK subkey.
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--

If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage.  However, it used to have that E usage when it was added.

While testing this I found another pecularity: If you do
  gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error.  I hesitate to fix that due to
possible side-effects.

GnuPG-bug-id: 6882
2024-10-31 15:11:55 +01:00
NIIBE Yutaka
a7c81efe51
agent: Fix status output for LISTTRUSTED.
* agent/trustlist.c (istrusted_internal): When LISTMODE is enabled,
TRUSTLISTFPR status output should be done.

--

GnuPG-bug-id: 7363
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Fixes-commit: 4275d5fa7a51731544d243ba16628a9958ffe3ce
2024-10-31 09:33:40 +01:00
Werner Koch
48aa9e8265
gpg: Do not fail with an error for a "Note:" diagnostic
* g10/trustdb.c (validate_keys): Use log_info instead of log_error for
not found or expired UTKs.
--

Actually the not-found case used log_error for decades.  The
semantically simialr expired case did thus the same.  The actual
problem is for example in the import case where gpg exits with a
failure despite that a key validation was requested.

GnuPG-bug-id: 7351
2024-10-30 08:13:55 +01:00
Werner Koch
39aa206dc5
speedo: Enable additional runtime protections on Windows.
* build-aux/speedo.mk (speedo_w32_cflags): Remove -mms-bitfields
because it is for a long time the gcc default.  Enable control flow
protection.
--

Note that due to mingw static linking problems with libssp the stack
protector is not yet enabled.

(cherry picked from commit afe87ffc08e14317f4ef5bbe2940d07203a43808)
2024-10-29 13:45:14 +01:00
Werner Koch
18081e2ecf
gpgsm: Terminate key listing on output write error.
* sm/keylist.c (list_internal_keys): Detect write errors to the output
stream.

* sm/server.c (any_failure_printed): New var.
(gpgsm_status2): Handle new var.  Move statusfp init to ...
(gpgsm_init_statusfp): new function.
(gpgsm_exit_failure_status): New.
* sm/gpgsm.c (main): Explicit statusfp init.
(gpgsm_exit): Print failure status on error.
--
Test by using

  gpgsm -k >/dev/full
  gpgsm -k --wit-colons >/dev/full

and also by redirecting to a file on a small partition.

GnuPG-bug-id: 6185
2024-10-23 11:43:08 +02:00
NIIBE Yutaka
40707c8bff
agent: Fix resource leak for PRIMARY_CTX.
* agent/call-daemon.c (wait_child_thread): Call assuan_release for
PRIMARY_CTX when it's kept for reuse.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-10-22 09:51:03 +09:00
Werner Koch
51b7bb9106
common: Fix test for the assumed compliance.
* common/compliance.c (gnupg_status_compliance_flag): Fix test.
--

In general the cache is used to query this flag but in this function
it is used directly and we need to adjust the test.

Thanks to Ingo for reporting this.
2024-10-21 17:08:59 +02:00
NIIBE Yutaka
347ab07c62
build: Don't remove --disable-endian-check.
* configure.ac (WORDS_BIGENDIAN): Use the autoconf macro,
instead of our own BIG_ENDIAN_HOST.
(DISABLED_ENDIAN_CHECK): Keep --disable-endian-check supported.
* g10/rmd160.c (transform): Use WORDS_BIGENDIAN.

--

Fixes-commit: f8bf5e01f76620cc550253cc2575754872cf64aa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-10-16 11:41:46 +09:00
NIIBE Yutaka
71840b57f4
common: Fix a race condition in creating socketdir.
* common/homedir.c (_gnupg_socketdir_internal): Check return code
of gnupg_mkdir and handle the case of GPG_ERR_EEXIST.

--

GnuPG-bug-id: 7332
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-10-16 10:04:18 +09:00
Werner Koch
374195e741
gpgsm: Fix cached istrusted lookup.
* sm/call-agent.c (gpgsm_agent_istrusted): Actually set istrusted
list.
--

Fixes-commit: 9087c1d3637cf1c61744ece0002dc0dc5675d7c9
2024-10-15 09:45:55 +02:00
Werner Koch
f8b1b7b4df
dirmngr: Print a brief list of URLs with LISTCRLS.
* dirmngr/crlcache.c (crl_cache_list): Print a summary of URLs.

* sm/call-dirmngr.c (gpgsm_dirmngr_run_command): Print a notice to
stdout if the dirmngr has been disabled.
--

GnuPG-bug-id: 7337
2024-10-14 16:48:37 +02:00
NIIBE Yutaka
f8bf5e01f7
build: Use AC_C_BIGENDIAN for detecting endian.
* acinclude.m4 (GNUPG_CHECK_ENDIAN): Remove.
* configure.ac (BIG_ENDIAN_HOST): Use AC_C_BIGENDIAN
to detect endian and set BIG_ENDIAN_HOST.

--

Reported-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-10-11 09:57:49 +09:00
NIIBE Yutaka
57dce1ee62
common,gpg,scd,sm: Fix for Curve25519 OID supporting new and old.
* common/util.h (openpgp_curve_to_oid): Add new argument to select OID
by OpenPGP version.
* common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning
selected OID for Curve25519.
* common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change,
selecting by the version.
* g10/export.c (match_curve_skey_pk): Likewise.
(transfer_format_to_openpgp): Likewise.
* g10/gpg.c (list_config): Likewise, print new OID.
* g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version.
* sm/encrypt.c (ecdh_encrypt): Likewise, don't care.
* sm/minip12.c (build_ecc_key_sequence): Likewise, new OID.
* scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't
care.
(ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise,
old OID.

--

GnuPG-bug-id: 7316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-10-08 15:25:41 +09:00
NIIBE Yutaka
f5703994d4
common,gpg,scd,sm: Use openpgp_oid_or_name_to_curve to get curve.
* common/sexputil.c (pubkey_algo_string): Use
openpgp_oid_or_name_to_curve.
* g10/card-util.c (current_card_status, ask_card_keyattr): Likewise.
* scd/app-piv.c (writekey_ecc): Likewise.
* sm/fingerprint.c (gpgsm_get_key_algo_info): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-10-08 14:58:29 +09:00
Werner Koch
b287fb5775
Implement GNUPG_ASSUME_COMPLIANCE envvar for testing
* common/compliance.c (assumed_de_vs_compliance): New.
(get_compliance_cache): Check envvar and fake compliance.
(gnupg_status_compliance_flag): Return 2023 for de-vs if in faked
mode.
* g10/gpg.c (gpgconf_list): For compliance_de_vs return 23 or 2023.
--

The user visible changes are that

   GNUPG_ASSUME_COMPLIANCE=de-vs gpgconf --list-options gpg \
     | awk -F: '$1=="compliance_de_vs" {print $8}'

returns 2023 if "compliance de-vs" is found in gpg.conf.  If
eventually the software is arpproved the returned value will be 23 and
not 1 as it was before.  Consumers should check whether they see value
of true (Kleopatra does this right now) and also check whether the
value is > 2000 and in this case print a beta/non-approved warning.

The envvar is currently used to assume that the underlying libgcrypt
is compliant and approved.  This is not yet the case but eventually
libgcrypt will announce this itself and from then on the envvar is not
anymore required for testing.
2024-10-07 09:59:26 +02:00
Werner Koch
e8858807bc
gpg: Emit status error for an invalid ADSK.
* g10/keygen.c (prepare_adsk): Emit status error.
--

This is useful for GPGME.

GnuPG-bug-id: 7322
2024-10-07 08:24:04 +02:00
Werner Koch
f8f6c6c761
gpgsm: Add compatibility flag no-keyinfo-cache
* sm/gpgsm.c (compatibility_flags): Add flag.
* sm/gpgsm.h (COMPAT_NO_KEYINFO_CACHE): New.
* sm/call-agent.c (gpgsm_agent_istrusted): Act upon it.
(gpgsm_agent_keyinfo): Ditto.
2024-10-04 12:24:00 +02:00
Werner Koch
241971fac0
gpgsm: Implement a cache for the KEYINFO queries.
* sm/gpgsm.h (struct keyinfo_cache_item_s): New.
(struct server_control_s): Add keyinfo_cache and keyinfo_cache_valid.
* sm/call-agent.c (keyinfo_cache_disabled): New flag.
(release_a_keyinfo_cache): New.
(gpgsm_flush_keyinfo_cache): New.
(struct keyinfo_status_parm_s): New.
(keyinfo_status_cb): Implement a fill mode.
(gpgsm_agent_keyinfo): Implement a cache.
* sm/server.c (reset_notify): Flush the cache.
* sm/gpgsm.c (gpgsm_deinit_default_ctrl): Ditto.
--

In almost all cases we have just a few private keys in the agent and
thus it is better to fetch them early.  This does not work in a
restricted connection but we take care and disable the cache in this
case.

This cache gives a a minor speed up.

GnuPG-bug-id: 7308
2024-10-02 16:45:09 +02:00
Werner Koch
ef2be95258
gpgsm: Use a cache for ISTRUSTED queries.
* sm/call-agent.c (struct istrusted_cache_s): New.
(istrusted_cache, istrusted_cache_valid): New.
(istrusted_cache_disabled): New.
(flush_istrusted_cache): New.
(struct istrusted_status_parm_s): New.
(istrusted_status_cb): Fill the cache.
(gpgsm_agent_istrusted): Implement a cache.
--

Not a really measurable performance improvements on Linux but maybe
somewhat on Windows (not yet tested).  However, it does not clutter
the log files with IPC calls returning NOT_TRUSTED.

GnuPG-bug-id: 7308
2024-10-02 16:45:01 +02:00
Werner Koch
4275d5fa7a
agent: Add option --status to the LISTRUSTED command.
* agent/trustlist.c (istrusted_internal): Add arg listmode and print
new status line in this mode.  Adjust callers.
(agent_listtrusted): Add new args ctrl and status_mode.  Get all
trusted keys and then call is_trusted_internal for all of them.

* agent/command.c (cmd_listtrusted): Add new option --status.
--

This allows in a non-restricted connection to list all trusted keys in
one go.
2024-10-01 18:07:32 +02:00
Werner Koch
f50dde6269
gpgsm: Possible improvement for some rare P12 files.
* sm/minip12.c (parse_shrouded_key_bag): Increase size of salt buffer.
--

Reported on the mailing list.  The change does not seem to have a big
regression risk, thus applied.  See below for the mail

# ------------------------ >8 ------------------------
https://lists.gnupg.org/pipermail/gnupg-users/2024-September/067312.html
2024-10-01 12:36:16 +02:00
Werner Koch
f197fe34f2
gpgconf: Add list flag to trusted-key et al.
* tools/gpgconf-comp.c (known_options_gpg): Add list flag to sume
options.
--

GnuPG-bug-id: 7313
2024-10-01 10:51:13 +02:00
NIIBE Yutaka
e789122578
gpg: Robust error handling for SCD READKEY.
* g10/keygen.c (ask_algo): List the card key only when it's valid.

--

GnuPG-bug-id: 7309
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-10-01 10:55:11 +09:00
Werner Koch
0e283a0ebc
gpgsm: Silence messages about dirmngr cache lookup failed.
* sm/certchain.c (find_up_dirmngr): Skip if we know that there is no
dirmngr.
2024-09-30 18:47:31 +02:00
Werner Koch
8190853642
gpgsm: Silence the fingerprint output in quiet mode.
* sm/certchain.c (ask_marktrusted): Avoid fingerprint printing in
quiet mode
--

And also don't print it anymore after the agent told us that the
feature has been disabled.
2024-09-30 18:33:26 +02:00
Werner Koch
ce0580a599
gpgsm: Use a cache to speed up parent certificate lookup.
* sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New.
(struct cert_cache_item_s, cert_cache_item_t): New.
(struct server_control_s): Add parent_cert_cache.
* sm/gpgsm.c (compatibility_flags): Add "no-chain-cache".
(parent_cache_stats): New.
(gpgsm_exit): Print the stats with --debug=memstat.
(gpgsm_deinit_default_ctrl): Release the cache.
* sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates.
(do_validate_chain): Ditto.
--

This gives another boost of 30% (from 6.5 to 4.0 seconds in the test
environment with ~1000 certs).  do_validate_chain actually brings us
the speedup becuase the gpgsm_walk_cert_chain is not used during a key
listing.  For the latter we actually cache all certificates because
that was easier.

GnuPG-bug-id: 7308
2024-09-30 18:22:25 +02:00
Werner Koch
cb6c506e4e
sm: Optmize clearing of the ephemeral flag.
* kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the
cert object.
* sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral
flag if we know that it is not set.
--

GnuPG-bug-id: 7308
2024-09-27 15:50:51 +02:00
Werner Koch
ca953ae5f7
agent: Replace hack for old Libgcrypt versions for auto-expand-secmem.
* agent/gpg-agent.c (main) <oAutoExpandSecmem>: Use Libgcrypt const.
2024-09-27 10:59:49 +02:00
Werner Koch
19871fa08c
agent: Better diagnostic for a failed key unprotection.
* agent/findkey.c (unprotect): Print a diagnostic if unprotection
failed.
--

GnuPG-bug-id: 6375
2024-09-27 10:55:45 +02:00
Werner Koch
19f2f00bfd
gpg: Exclude expired trusted keys from the key validation process.
* g10/trustdb.c (copy_key_item): New.
(validate_keys): Use a stripped down UTK list w/o expired keys.
--

This patch makes sure that an expired trusted key is not used for
trust computation.  The test case is to delete a trusted key from the
keyring, import a copy of that key which has already expired, check
that a signed key is not anymore fully trusted and finally import a
prolonged version of the trusted key and check that the signed key is
now again fully trusted.

GnuPG-bug-id: 7200
2024-09-25 15:21:55 +02:00
Werner Koch
a0aea09264
gpg: Validate the trustdb after the import of a trusted key.
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--

The revalidation mark was only set if the imported key had a new key
signature.  This is in general correct but not if the imported key is
a trusted key.

GnuPG-bug-id: 7200
2024-09-25 15:21:30 +02:00
Werner Koch
c59eeda3c4
gpg: Remove useless variable in validate_keys.
* g10/trustdb.c (store_validation_status): Remove arg  'stored'.
(validate_keys): Remove keyhashtable 'stored' which was never used.
--

This has been here since 2003.  The variable was never evaluated -
only stored.

Also added some comments.
2024-09-25 15:21:20 +02:00
NIIBE Yutaka
79ad6a8b43
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-25 14:26:38 +09:00
NIIBE Yutaka
a269a27c4c
common: Fix gnupg_exec_tool_stream for INEXTRA==NULL.
* common/exectool.c (gnupg_exec_tool_stream): Initialize extrapipe.

--

Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-25 11:17:51 +09:00
Ingo Klöcker
79298e87d8 gpg: Fix --quick-set-expire for V5 subkey fingerprints
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--

The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.

GnuPG-bug-id: 7298
2024-09-24 23:05:13 +02:00
Werner Koch
11387b24a5
common: Add debug code to gnupg_exec_tool_stream
* common/exectool.c (gnupg_exec_tool_stream): Add diagnostic.
--

This should help if something is broken with poll.
2024-09-24 15:26:58 +02:00
Werner Koch
6ed2857d54
w32: Fix last commit to build on Windows.
* scd/app.c (struct mrsw_lock): Move notify_watchers out of the system
specific condition.
--

Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
2024-09-20 14:07:04 +02:00
NIIBE Yutaka
0a94582af5
scd: Fix DEVINFO, allowing no clients which watch the change.
* scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers.
(card_list_signal): Only when watchers wait, kick by write(2).
(card_list_wait): Increment/decrement notify_watchers field.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-20 10:39:35 +09:00
Werner Koch
8c0ac05f06
speedo: Make use of wget more robust
* build-aux/getswdb.sh: Add option --wgetopt.
* build-aux/speedo.mk (WGETOPT): New.
(getswdb_options): Pass to getswdb.
(unpack): Use wget with new options.
2024-09-19 16:33:27 +02:00
Daniel Cerqueira
e7ff519116
po: Update Portuguese Translation.
--

Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>
2024-09-19 14:53:39 +02:00
Werner Koch
2770efa75b
gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--

This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.

Fixes-commit: 50e81ad38d2b5a5028fa6815da358c0496aa927e
GnuPG-bug-id: 7042
2024-09-19 10:06:55 +02:00
Werner Koch
6432d17385
agent: Fix detection of the trustflag de-vs.
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--

Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f
GnuPG-bug-Id: 5079
2024-09-19 10:03:37 +02:00