1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10462 Commits

Author SHA1 Message Date
Tobias Fella
cb8eb366cb
Pass PINENTRY_GEOM_HINT environment variable to pinentry
* common/session-env.c: Add PINENTRY_GEOM_HINT to variables.

--

GnuPG-Bug-ID: 6930
2024-01-22 09:07:36 +01:00
Werner Koch
5402e6fb93
gpg: For v5 key generation for X448 also in parm file mode.
* g10/keygen.c (curve_is_448): New.
(do_create_from_keygrip): Pass arg keygen_flags byref so that it can
be updated.  Set v5 flag for X448.
(gen_ecc): Ditto.
(do_create): Change keygen_flags as above.  For robustness change
checking for Ed448.
(do_generate_keypair): Change keygen_flags as above
(generate_subkeypair): Ditto.
(gen_card_key): Ditto. Support v5 keys.
--

GnuPG-bug-id: 6942
2024-01-16 14:32:04 +01:00
Werner Koch
1a2c8267f5
gpg: When using a parm file w/o usage don't set the RENC usage.
* g10/keygen.c (proc_parameter_file): Don't include RENC in the
default usage.
--

Testplan:

  $ gpg --gen-key --batch <<EOF
  Key-Type: EDDSA
  Key-Curve: ed448
  Key-Usage: cert
  Name-Real: Meh Muh
  Name-Email: test-3@example.org
  Expire-Date: 2025-01-01
  Passphrase: abc
  subkey-type: ecdh
  Subkey-curve: cv448
  EOF

and check that the R flag does not show up in the usage.
2024-01-16 14:02:42 +01:00
Werner Koch
daedb3c965
doc: Describe the ssh-agent protocol options for Windows.
--

Also fix a typo in a macro.
2024-01-15 17:21:24 +01:00
Jakub Bogusz
4cdfc1d0d9
po: Update parts of the Polish translation
--

Jakub provided the translation in October but at this time it did
cleanly apply anymore due to string changes.  Thus only parts of his
changes are here.  -wk
2024-01-15 11:28:00 +01:00
Werner Koch
0cb622d632
gpgsm: Allow parsing of PKCS#12 files with two private keys.
* sm/minip12.c (struct p12_parse_ctx_s): Add privatekey2.
(parse_shrouded_key_bag): Handle a second private key.
(p12_parse_free_kparms): New.

* sm/import.c (parse_p12): Factor some code out to ...
(p12_to_skey): this.
(parse_p12): Use p12_parse_free_kparms.
--

Take care: We allow parsing of a second private key but we are not yet
able to import the second private key.

The whole things is required to at least import the certificates of
current pkcs#12 files as created by the German Elster tax system.  No
test data, sorry.
2024-01-15 09:56:07 +01:00
Werner Koch
092154e17e
gpgsm: Improve the status line for --verify errors.
* sm/verify.c (gpgsm_verify): Improve verify.leave status line.
--

Suggested-by: Jakob Bohm
2024-01-15 09:13:46 +01:00
Mario Haustein
3d60ad5c8c
po: Fix indentation for key generation options
--
2024-01-15 09:02:03 +01:00
Werner Koch
b97a36f52d
Prepare the NEWS
--
2024-01-12 16:53:53 +01:00
Werner Koch
3f12e3dacb
speedo: Add install target for Unix.
* build-aux/speedo.mk: Default to SELFCHECK=0.
(install, install-speedo): New targets.
--

GnuPG-bug-id: 6710
2024-01-12 13:50:50 +01:00
Werner Koch
5a6df94a9a
speedo: Patch ELF binaries to use built libraries
* build-aux/speedo.mk: Remove GUI stuff.  Add patchelf feature.
* Makefile.am (speedo): New target.
--

GnuPG-bug-id: 6710
2024-01-12 10:52:00 +01:00
Werner Koch
bbad0a2644
gpg: Improve error message for expired default keys.
* g10/getkey.c (parse_def_secret_key): Track reason for skipping keys.
--

GnuPG-bug-id: 4704
2024-01-11 15:54:27 +01:00
Werner Koch
e65720f286
doc: Document the gpgconf --unlock command.
* tools/gpgconf.c (main): Fix usage message.
--

GnuPG-bug-id: 6838
2024-01-11 15:30:12 +01:00
Werner Koch
8dfbad0c41
gpg: Fix regression in the Revoker keyword of the parmeter file.
* g10/keygen.c (parse_revocation_key): Actually allow for v4
fingerprints.
--

Note that the use of the parameter file is deprecated.

GnuPG-bug-id: 6923
2024-01-11 09:08:54 +01:00
Werner Koch
b7f45ee6ad
gpg: Allow to create revocations even with non-compliant algos.
* g10/sign.c (do_sign): Skip compliance check for revocation certs.
--

It just does not make sense to inhibit the creation of revocations
depending on the compliance mode.  We do this only for key revocation
but not for another kind of revocation because the rationale for uid
or subkey revocation is more complicated to explain.
2024-01-10 17:18:34 +01:00
Werner Koch
275ced5067
scd:p15: Allow signing for CVISION cards
* scd/app-p15.c (do_sign): Add code for Starcos 3.2 and the CVISION
product.
--

The code for the Starcos cards has been implemented according to the
3.52 manual However, this does not work with my test cards.  Protocol
analysis shows that decryption can be used for the cryptovision
product.  Thus we do it the same for now.
2024-01-10 14:35:26 +01:00
Werner Koch
6233a17ac9
g13: New option --no-mount.
* g13/g13.c (oNoMount): New.
(opts): Add --no-mount.
(main): Implement this.
* g13/g13-common.h (opt): Add field no_mount.
* common/status.h (STATUS_PLAINDEV): New.
* g13/sh-cmd.c (has_option): Uncomment.
(cmd_mount): Add option --no-mount and pass down.
* g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Add arg nomount and
emit PLAINDEV status line.
(sh_dmcrypt_umount_container): Rund findmnt before umount.
--

This option can be used to decrypt a device but not to mount it.  For
example to run fsck first.  A command or option to run fsck before a
mount will eventually be added.

The use of findmnt is needed so that we can easily remove a device
which has not been mounted.
2024-01-09 19:52:04 +01:00
Werner Koch
4ca017e43b
gpg: Print a useful error id SKI algo 253 is found.
* g10/parse-packet.c (parse_key): Detect the SKI algo 253.
--

As long as we have not yet implemented this we should at least be
able to detect this case.
2024-01-09 17:25:48 +01:00
Werner Koch
880dde8e5b
scd:p15: Allow PIN verification and decryption for CVISION cards.
* scd/app-p15.c (CARD_PRODUCT_CVISION): New.
(IS_STARCOS_3): New.
(read_p15_info): Detect this product.
(prepare_verify_pin): Add special handling for this product.
(do_decipher): Use dedicated MSE for Starcos 3 cards.
--

To check the verification run

  gpg-card verify User_PIN

For our test cards the "Benutzer-PIN" must be given.  For decryption
tests gpgsm can be used; --always-trust helps to avoid chain issues.
2024-01-09 17:12:20 +01:00
Werner Koch
35fd89b168
gpgconf: Adjust -X command for the new VERSION file format
* tools/gpgconf.c (show_version_gnupg): Read and parse the entire
VERSION file.
--

GnuPG-bug-id: 6918
2024-01-09 12:52:57 +01:00
Werner Koch
45f6357881
common,w32: Remove duplicated backslashes when setting the homedir.
* common/homedir.c (copy_dir_with_fixup) [W32]: Fold double
backslashes.
--

This is in general no problem but when we hash or compare the directory
to test whether tit is the standard home directory, we may use a
different socket file and thus a second instance of a daemon.

GnuPG-bug-id: 6833
2024-01-09 10:13:54 +01:00
Werner Koch
2cb97713e9
gpg: Improve error return for --quick-add-subkey and -add-adsk.
* g10/keyedit.c (keyedit_quick_addkey): Emit a ERROR status line.
(keyedit_quick_addadsk): Ditto.
--

GnuPG-bug-id: 6880
2024-01-05 11:33:51 +01:00
Werner Koch
3f8cb9b339
scd: Add support for SCE 7.0
* scd/app-common.h (CARDTYPE_SCE7): New.
* scd/app.c (strcardtype): Support it.
(atr_to_cardtype): New.
(app_new_register): Try to get the cardtype from atr_to_cardtype.
* scd/app-piv.c (app_select_piv): Tweak for SCE7.  Add general method
to construct a S/N from the Card UUID.
--

The test cards I have are rsa2048 with X.509 certificates.  I don't
have the entire chain but loading the certificates work.  For testing
I created an OpenPGP key from the keys and tested signing and
decryption.

GnuPG-bug-id: 6919
2024-01-04 16:29:33 +01:00
Werner Koch
4c04143d81
gpg: Choose key from inserted card over a non-inserted card
* g10/call-agent.c (agent_probe_secret_key): Do not return an error
but 0.
* g10/getkey.c (finish_lookup): Improve the selection of secret keys.
--

GnuPG-bug-id: 6831
2024-01-02 10:19:57 +01:00
NIIBE Yutaka
591a53d716
gpg: Don't call keybox_compress when KEYDB_RESOURCE_FLAG_READONLY.
* g10/keydb.c (keydb_add_resource): Check the FLAGS to call
keybox_compress.

--

GnuPG-bug-id: 6811
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-29 10:57:26 +09:00
NIIBE Yutaka
6ddaf2be9f
common: Remove t-b64.c.
* common/Makefile.am (module_tests): Remove t-b64.
(t_b64_LDADD): Remove.
* common/t-b64.c: Remove.

--

GnuPG-bug-id: 6734
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-26 15:07:44 +09:00
NIIBE Yutaka
7cde533ce8
agent,kbx: Fix reliable_homedir_inotify (2/2).
* agent/gpg-agent.c (main): The value of reliable_homedir_inotify
doesn't not related to nodetach, and it's only zero in the specific
condition.
* kbx/keyboxd.c (handle_connections): Remove the last argument.
(main): Remove reliable_homedir_inotify, as it's always one.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-26 13:29:49 +09:00
NIIBE Yutaka
c44f0bc91e
agent,kbx: Fix reliable_homedir_inotify (1/2).
* agent/gpg-agent.c (reliable_homedir_inotify): Remove the global.
(handle_connections): Add reliable_homedir_inotify as an arg.
Don't call gnupg_inotify_watch_delete_self when it's not reliable.
(check_others_thread): No check of reliable_homedir_inotify repeatedly
in the loop.
* kbx/keyboxd.c (reliable_homedir_inotify): Remove the global.
(handle_connections): Add reliable_homedir_inotify as an arg.
(handle_tick): No check of reliable_homedir_inotify in the loop.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-26 13:29:40 +09:00
NIIBE Yutaka
2be53b214d
tools: Fix argparse table of gpgconf.
* tools/gpgconf.c (opts): Use ARGPARSE macros.

--

GnuPG-bug-id: 6902
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-25 10:09:41 +09:00
Werner Koch
2764ee309a
Merge branch 'STABLE-BRANCH-2-4'
--

Fixed conflicts in
        NEWS
	g10/encrypt.c
	sm/encrypt.c
	sm/sign.c
2023-12-22 13:45:02 +01:00
Werner Koch
431239b83d
doc: Explain why socket activation is a problem
--
2023-12-22 13:19:40 +01:00
Werner Koch
239c1fdc28
common: Add keyword socketdir to gpgconf.ctl
* common/homedir.c (enum wantdir_values): New enums.
(unix_rootdir): Change arg to use the enums.  Adjust all callers.  Add
support for the socketdir keyword.
(_gnupg_socketdir_internal): Take care of the socketdir keyword in
gpgconf.ctl.

* doc/tools.texi (Files used by gpgconf): Briefly explain the
gpgconf.ctl syntax.
2023-12-22 12:47:39 +01:00
NIIBE Yutaka
2376cdff13
scd:openpgp: Add the length check for new PIN.
* scd/app-openpgp.c (do_change_pin): Make sure new PIN length
is longer than MINLEN.

--

GnuPG-bug-id: 6843
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-22 13:32:40 +09:00
Werner Koch
853f36e596
Register DCO for Mario Haustein
--
2023-12-21 11:50:16 +01:00
NIIBE Yutaka
91255c3afd
tools: Remove the dotlock tool.
* tools/Makefile.am (libexec_PROGRAMS): Remove dotlock.
* tools/dotlock.c: Remove.

--

It's integrated into gpgconf (--lock/--unlock).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-21 12:35:55 +09:00
Werner Koch
f2904737e5
scd:p15: Add a diagnostic for unsupported DTRUST4 features.
* scd/app-p15.c (do_sign): Add a diagnostic.
2023-12-20 16:52:47 +01:00
Mario Haustein via Gnupg-devel
0b85a9ac09
scd:p15: Add support for D-Trust Card 4.1/4.4
* scd/app-p15.c (CARD_PRODUCT_DTRUST4) New.
(app_select_p15): This cards uses a different AID for PKCS#15
application
(do_sign): The card doesn't support MSE SET, but requires MSE RESTORE to
a predefined template.
(do_decipher): Ditto.
2023-12-20 16:47:25 +01:00
Mario Haustein via Gnupg-devel
812f988059
scd:p15: Add support for CardOS 5.4
* scd/app-p15.c (CARD_TYPE_CARDOS_54): New.
2023-12-20 16:42:00 +01:00
Werner Koch
5d651fc8fd
doc: Explain what to put into mailcap for gpg-wks-client.
--
2023-12-20 15:30:37 +01:00
NIIBE Yutaka
4dd4e9d2f1
agent: Fix homedir check wrt --disable-check-own-socket option.
* agent/gpg-agent.c (handle_connections): Don't disable use of inotify
when it has the --disable-check-own-socket option.

--

Before the fix, it checks the homedir using the gnupg_stat function
when --disable-check-own-socket is enabled, without trying use of
inotify.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20 16:13:49 +09:00
NIIBE Yutaka
93b5ba38dc
tools: Integrate the dotlock tool into gpgconf.
* tools/gpgconf.c (dotlock_tool): New.
(main): Add --lock and --unlock commands.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20 11:06:03 +09:00
NIIBE Yutaka
1f04993cd0
common: Add dotlock util under libexec.
* tools/Makefile.am (libexec_PROGRAMS): Add dotlock.
* tools/dotlock.c: Finish the first implementation.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20 11:05:50 +09:00
NIIBE Yutaka
b298322d36
common: Clean up the temporary file at dotlock_destroy.
* common/dotlock.c (dotlock_destroy): Clean up the temporary file
created when it fails.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20 11:05:36 +09:00
NIIBE Yutaka
2f6fec3f48
common: Support not-removing the lockfile by dotlock_destroy.
* common/dotlock.c (dotlock_destroy): Keep the lock
when DOTLOCK_LOCK_BY_PARENT.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20 11:05:22 +09:00
NIIBE Yutaka
5488ad0517
common: Fix a possible resource leak for dotlock.
* common/dotlock.c (dotlock_destroy_unix): Don't release ->TNAME here.
(dotlock_destroy): Release the memory unconditionally.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-20 11:05:12 +09:00
Werner Koch
8eff1d4c51
common: Improve the parsing of gpgconf.ctl variables.
* common/homedir.c (unix_rootdir): Simplify.
--

This also relaxes the syntax in that the equal sign may now be
surrounded by any number of spaces.
2023-12-19 10:04:49 +01:00
NIIBE Yutaka
6b4fd3a5da
common: Enhance dotlock, so that we can have a CLI util.
* common/dotlock.h (DOTLOCK_LOCK_BY_PARENT, DOTLOCK_LOCKED): New.
* common/dotlock.c [HAVE_POSIX_SYSTEM]: Include <dirent.h>.
(dotlock_get_process_id, dotlock_detect_tname): New.
(dotlock_create_unix): Handle the case when no_write option is
specified.  Not creating the lock file, but detect the the file of
tname.
(dotlock_create) [HAVE_POSIX_SYSTEM]: Add support of
DOTLOCK_LOCK_BY_PARENT and DOTLOCK_LOCKED for dotlock CLI util.
(dotlock_take_unix): Support the case of DOTLOCK_LOCK_BY_PARENT.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-19 15:59:41 +09:00
NIIBE Yutaka
1c5584c395
kbx: Create public-keys.d, after creating the homedir.
* kbx/keyboxd.c (create_directories): Following the behavior of
gpg-agent, call create_public_keys_directory after mkdir.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-12-19 15:56:13 +09:00
Werner Koch
bd8346f7ab
keyboxd: Pass lock info back to gpg and gpgsm.
* g10/call-keyboxd.c (keydb_default_status_cb): New.
(keydb_update_keyblock): Add new status callback.
(keydb_insert_keyblock): Ditto.
(keydb_delete_keyblock): Ditto.
(search_status_cb): Also try the new status callback.
* sm/keydb.c (keydb_default_status_cb): New.
(keydb_insert_cert): Add new status callback.
(keydb_delete): Ditto
(search_status_cb): Also try the new status callback.
--

GnuPG-bug-id: 6838
2023-12-18 16:23:19 +01:00
Werner Koch
c99282fc78
keyboxd: Timeout on failure to get the database lock.
* kbx/backend-sqlite.c (dblock_info_cb): New.
(create_or_open_database): Add arg ctrl.  Add a 10 second timeout.
Avoid warning on error if not locked.
(be_sqlite_add_resource): Do not open the database here.
(be_sqlite_search): ... but do it here.
--

Note that we need to delay the initalization to the first use of the
database so that we actually have a recipient for the status messages.

GnuPG-bug-id: 6838
2023-12-18 15:25:45 +01:00