1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

8841 Commits

Author SHA1 Message Date
Werner Koch
ebb736b2c3
gpgconf: Add config file for Windows Registry dumps.
* tools/gpgconf.c (show_registry_entries_from_file): New.
(show_configs): Call it.
* doc/examples/gpgconf.rnames: New.
* doc/Makefile.am (examples): Add it.
2022-08-03 09:26:44 +02:00
Werner Koch
e8011a7cec
gpg: Make symmetric + pubkey encryption de-vs compliant.
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.

* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
--

The original check was too strong because it is in fact compliant to
encrypt with a symmetric key and and public key.  Thus decryption
should issue a compliance status.

In addition we now check that the cipher algorithms used to
symmetrically encrypt the session key are all compliant.  This is
similar to our check for all public key encrypted session key packets.

GnuPG-bug-id: 6119
Fixes-commit: b03fab09e1
2022-08-02 18:36:56 +02:00
Werner Koch
6bc9592318
gpgconf: Improve registry dumping.
* common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a
string.
(read_w32_reg_string): Add arg r_hklm_fallback and change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key.  Indicate whether the HKLM fallback was used.
2022-08-02 12:25:23 +02:00
Werner Koch
890e616593
gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
algorithm.
--

GnuPG-bug-id: 6043
2022-07-28 10:39:45 +02:00
Werner Koch
d0bd91ba73
agent: New option --no-user-trustlist and --sys-trustlist-name.
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here.  Implement --no-user-trustlist.  Also
repalce "allow_include" by "systrust" and adjust callers.
--

With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt.  However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.

The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.

GnuPG-bug-id: 5990
Backported-from-master: 1530d04725
2022-07-27 17:02:29 +02:00
Ingo Klöcker
abe69b2094
gpg: Look up user ID to revoke by UID hash
* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
(keyedit_quick_revuid): Use find_userid() instead of iterating over the
nodes of the keyblock.
* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
user ID specified by its hash.
--

This makes it possible to specify the user ID to revoke as UID hash when
calling --quick-revoke-uid.

GnuPG-bug-id: 5936
(cherry picked from commit 35b1755070)
2022-07-27 16:35:59 +02:00
Werner Koch
73a98c1396
wkd: Bind the address to the nonce.
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--

Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <pbreuch@mail.upb.de>
GnuPG-bug-id: 6098
2022-07-27 11:44:44 +02:00
Ingo Klöcker
22e8dc7927
dirmngr: Ask keyservers to provide the key fingerprints
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to
request URL.
--

Some keyservers, e.g. keyserver.ubuntu.com (Hockeypuck), do not
provide the key fingerprints by default. Therefore, we ask for the
fingerprints explicitly.

GnuPG-bug-id: 5741
(cherry picked from commit c7fa4c7f8b)
2022-07-26 09:46:15 +02:00
Ingo Klöcker
ee8f1c10a7
gpg: Request keygrip of key to add via command interface
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
--

This change makes it possible to add an existing (sub)key to
another key via the status/command interface.

GnuPG-bug-id: 5771
(cherry picked from commit 19b1a28621)
2022-07-25 15:17:42 +02:00
Werner Koch
c1489ca0e1
wkd: Fix path traversal attack on gpg-wks-server.
* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.
2022-07-25 14:50:15 +02:00
NIIBE Yutaka
8c9f879d4a scd:openpgp: Fix workaround for Yubikey heuristics.
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.

--

Cherry-picked master commit of:
	f34b9147eb

GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-13 10:53:56 +09:00
NIIBE Yutaka
225c66f13b scd: Fail when no good algorithm attribute.
* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
(change_keyattr): Follow the change.
(app_select_openpgp): Handle the error of parse_algorithm_attribute.

--

Backport master commit of:
	53eddf9b9e

This change allows following invocation of app_select_openpgp, which
may work well (if the problem is device side for initial connection).

GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-13 09:47:32 +09:00
NIIBE Yutaka
07e43eda8d scd: Don't inhibit SSH authentication for larger data if it can.
* scd/app-openpgp.c (do_auth): Use command chaining if available.

--

Cherry-picked from master branch of:
	e8fb8e2b3e

GnuPG-bug-id: 5935
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-07-12 16:11:08 +09:00
Werner Koch
3777bc6528
Post release updates
--
2022-07-06 20:17:29 +02:00
Werner Koch
491645b50e
Release 2.3.36 2022-07-06 19:29:56 +02:00
Werner Koch
f357a5f239
gpgconf: New short options -V and -X
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
--

These changes are helpful for phone support.
2022-06-29 13:17:35 +02:00
NIIBE Yutaka
9e2307ddf0 agent: Flush before calling ftruncate.
* agent/findkey.c (write_extended_private_key): Make sure
it is flushed out.

--

Cherry-picked from master commit of:
	99d2931887

GnuPG-bug-id: 6035
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-24 08:41:10 +09:00
Werner Koch
4c14bbf56f
sm: Update pkcs#12 module from master
* sm/minip12.c: Update from master.
* sm/import.c (parse_p12): Pass NULL for curve.
--

Over the last years we had a couple of changes not backported to 2.2.
However, to support DFN p12 files and probably other p12 files we need
to update the minip12.c module.  Instead of picking commits we take
the module verbatim, which is relatively easy because it was
originally designed to be a standalone module.

Summary of commits taken from master:

  sm: Improve pkcs#12 debug output.
  sm: Rework the PKCS#12 parser to support DFN issued keys.
  sm: Fix parsing encrypted data.
  sm: Do not print certain issuer not found diags in quiet mode.
  sm: Silence some output on --quiet
  sm: Replace all assert calls by log_assert.
  doc: Typo fixes in code comments
  sm: Add support to export ECC private keys.

Detailed log messages for those commits:

  commit 52f9e13c0c

    sm: Improve pkcs#12 debug output.

    * sm/minip12.c (parse_shrouded_key_bag): Fix offset diagnostic.
    (parse_cert_bag): Ditto.
    (parse_bag_data): Remove debug output.  Pass startoffset.
    Fix offset diagnostic.

  commit a4e04375e8

    sm: Rework the PKCS#12 parser to support DFN issued keys.

    * sm/minip12.c (struct p12_parse_ctx_s): New.  Use this instead of
    passing several parameters to most functions.
    (parse_pag_data): Factor things out to  ...
    parse_shrouded_key_bag): new.
    (parse_cert_bag): New.
    (parse_bag_data): New.
    (p12_parse): Setup the parse context.

    To support newer pkcs#12 files like those issued by the DFN we
    need to support another ordering of data elements.  This rework
    reflects the P12 data structure a bit better than our old ad-hoc
    hacks.  Tests could only be done with the certificate parts and
    not the encrypted private keys.

GnuPG-bug-id: 6037

  commit 6c50834c09

    sm: Fix parsing encrypted data.

    * sm/minip12.c (cram_octet_string): Finish when N==0.
    (parse_bag_encrypted_data): Support constructed data with multiple
    octet strings.

GnuPG-bug-id: 5793

  commit a170f0e73f

    sm: Do not print certain issuer not found diags in quiet mode.

    * sm/certchain.c (find_up_dirmngr): Print one diagnostic only in
    verbose mode.  Do not print issuer not found diags in quiet mode.
    * sm/minip12.c (parse_bag_data): Add missing verbose condition.

GnuPG-bug-id: 4757

  commit 615d2e4fb1

    sm: Silence some output on --quiet

    * sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
    * sm/gpgsm.c: Include minip12.h.
    (set_debug): Call p12_set_verbosity.
    * sm/import.c (parse_p12): Dump keygrip only in debug mode.
    * sm/minip12.c (opt_verbose, p12_set_verbosity): New.
    (parse_bag_encrypted_data): Print info messages only in verbose
    mode.

GnuPG-bug-id: 4757

  commit 9ee975d588

    gpgsm: Replace all assert calls by log_assert.

  commit 9bc9d0818b

    doc: Typo fixes in code comments

  commit 5da6925a33

    sm: Add support to export ECC private keys.

    * sm/minip12.c [TEST]: Remove test code.  Include util.h, tlv.h. and
    openpgpdefs.h.  Remove the class and tag constants and replace
    them by those from tlv.h.
    (builder_add_oid, builder_add_mpi): New.
    (build_key_sequence): Rename to ...
    (build_rsa_key_sequence): this.
    (build_ecc_key_sequence): New.
    (p12_build): Call RSA or ECC builder.
    (p12_raw_build): Ditto.
    * sm/export.c (gpgsm_p12_export): Use correct armor header for ECC.
    (sexp_to_kparms): Support ECC.

GnuPG-bug-id: 4921
2022-06-21 18:22:14 +02:00
Werner Koch
d21ced1e35
common: Add an easy to use DER builder.
* common/tlv-builder.c: New.
* common/tlv.c: Remove stuff only used by GnuPG 1.
(put_tlv_to_membuf, get_tlv_length): Move to ...
* common/tlv-builder.c: here.
* common/tlv.h (tlv_builder_t): New.
--

Such code should actually go into libksba and we will eventually do
that.  However, for now it is easier to keep it here.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5ea878274e)

- Add coverity meta comment from
  commit a95ddffdcd
2022-06-20 15:54:29 +02:00
Werner Koch
7b1db7192e
g10: Fix garbled status messages in NOTATION_DATA
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--

Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong.  Fixed by always using a break to
terminate the escape detection loop.  Might have happened for all
status lines which may wrap.

GnuPG-bug-id: T6027
2022-06-14 11:39:31 +02:00
NIIBE Yutaka
aeee62593a agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
and assuan_end_confidential, and wipe the memory after use.
* agent/command.c (cmd_preset_passphrase): Likewise.
* scd/command.c (pin_cb): Likewise.

--

Backport the change of master commit of:
	052f58422d

GnuPG-bug-id: 5977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-09 14:28:08 +09:00
Werner Koch
cc1d475f98
dirmngr,w32: Silence compiler warnings for the LDAP API.
--
2022-06-03 15:36:58 +02:00
Werner Koch
dfc01118ce
w32: Avoid warning about not including winsock2.h after windows.h
* common/dynload.h: Include winsock2.h first.
2022-06-03 15:00:20 +02:00
Werner Koch
10db566489
w32: Allow Unicode filenames for iobuf_cancel.
* common/iobuf.c (iobuf_cancel): Use gnupg_remove
* common/mischelp.c (same_file_p): Allow for Unicode names.
--

Note that the second patch is used to handle Unicode filenames which
are symbolic links.
2022-06-03 11:19:09 +02:00
Werner Koch
e3db6c74a6
scd:p15: Fix accidental commit of debug code
* scd/app-p15.c (do_sign): Revert MSE setting.
--

Fixes-commit: 91acbdc93c
2022-06-01 12:19:56 +02:00
Werner Koch
62becf599e
scd: Shorten cardio debug output for all zeroes.
* scd/apdu.c (all_zero_p): New.
(send_le): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9b6f574928)
2022-06-01 12:07:05 +02:00
NIIBE Yutaka
7bc794c311 scd: Fix use of SCardListReaders for PC/SC.
* scd/apdu.c (open_pcsc_reader): Initialize NREADER.

--

Backport master commit of:
	1b1684cf61

Reported-by: Ludovic Rousseau
GnuPG-bug-id: 5979
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-17 10:25:34 +09:00
NIIBE Yutaka
a5217c9000 scd: Add workaround for ECC attribute on Yubikey.
* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
octet in a key attribute.

--

Apply master commit of:
	054d14887e

GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-10 14:21:09 +09:00
Werner Koch
91acbdc93c
scd:p15: Improve the displayed S/N for Technology Nexus cards.
* scd/app-p15.c (any_control_or_space_mem): New.
(get_dispserialno): Add new code.
--

This works with my test cards and now reflects what's printed on the
front matter of the card.
2022-05-06 11:37:47 +02:00
Werner Koch
8efe738c4a
scd:p15: Fix the the sanity check of the displayed S/N.
* scd/app-p15.c (any_control_or_space): Fix loop.
--

This check is only done to avoid printing wrongly encoded S/N for
human consumption.
e
2022-05-06 11:35:02 +02:00
Werner Koch
7f029eef6c
scd:p15: Fix reading certificates without length info.
* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
object has no length info.  Add debug output when reading a cert.
(read_p15_info): No more need to disable extended mode for GeNUA cards.
2022-05-05 14:12:50 +02:00
Werner Koch
d60f930d9b
scd: New debug flags "card".
* scd/scdaemon.c (debug_flags): Add "card".
* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.
--

Some information from parsing the card are often very helpful.
However, the card_io triggered APDU dumps are in most cases too heavy.
Thus this new debug flag.
2022-05-05 14:12:23 +02:00
Werner Koch
36a5509e11
gpg: Minor robustness fix.
* g10/parse-packet.c (mpi_read_detect_0_removal): Protect agains
failed gcry_mpi_scan.
--

Fixes-commit: 3fcef73714
2022-05-05 14:02:02 +02:00
NIIBE Yutaka
06e82e997a tests: Add a test for Ed25519 keys for non-protected secret.
* tests/openpgp/issue5120.scm: New.

--

Applied the master commit of:
	602c37ac06

GnuPG-bug-id: 5120, 5953
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-05-02 10:41:15 +09:00
NIIBE Yutaka
3fcef73714 gpg: Handle leading-zeros private key for Ed25519.
* g10/parse-packet.c (mpi_read_detect_0_removal): New.
(parse_key): Use mpi_read_detect_0_removal for PUBKEY_ALGO_EDDSA
to tweak the checksum.

--

GnuPG-bug-id: 5120
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-28 15:12:01 +09:00
NIIBE Yutaka
3192939a10 Revert "gpg: Accept Ed25519 private key in SOS which reserves leading zeros."
This reverts commit 14de7b1e59.
2022-04-28 11:09:44 +09:00
bobwxc
e5c6ead817 po: Update Simplified Chinese Translation.
--

Reviewed-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: bobwxc <bobwxc@yeah.net>
2022-04-28 09:49:38 +09:00
Werner Koch
740c02f33a
Post release updates
--

This also includes a speedo update for the Scute based authenticode
thing which has been manually added to speedo.mk at the end of the
release process of 2.2.35.
2022-04-25 19:05:15 +02:00
Werner Koch
f7bc6f5049
Release 2.2.35 2022-04-25 18:07:53 +02:00
Werner Koch
47ee0101dd
po: Fix a fuzzy in the German translation
--
2022-04-25 18:05:53 +02:00
Werner Koch
fd93b1a48f
po: Auto update
--
2022-04-25 18:04:21 +02:00
Werner Koch
86d84464ae
gpg: Avoid NULL ptr access due to corrupted packets.
* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
with NULL and length > 0
(parse_key): Ditto.
--

GnuPG-bug-id: 5940, 5946
2022-04-25 15:29:11 +02:00
NIIBE Yutaka
9c0a24b4a5
agent: Not writing password into file.
* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.

--

GnuPG-bug-id: 5917
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-25 11:45:12 +02:00
Werner Koch
f021ecd576
gpg: Emit an ERROR status as hint for a bad passphrase.
* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
--

This allows GPGME to return a better error message than "bad session
key" to the user.  Technically we could get run into these errors also
in other cases but this more unlikley.  For the command line use we
don't do anything to not change the expected output of the command
line interface.

GnuPG-bug-id: 5943
2022-04-25 11:18:40 +02:00
Werner Koch
24ab4f933f
po: Update German translation
--
2022-04-20 09:26:32 +02:00
Werner Koch
a5faaf8bee
w32: Do no use Registry item DefaultLogFile for the main tools.
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
--

The intention of this mostly forgotten registry entry was to allow for
easy debugging of the tools.  However, with the global config
files (and in 2.3 with common.conf) things are anyway better.  We
disable the use for the commonly used tools so that it does not look
like calling gpg on the command line seems to block with no output if
the log server (e.g. tcp://1.2.3.4:11111) is not reachable.
2022-04-20 09:20:35 +02:00
Werner Koch
74f9e3e6c4
Prepare NEWS for the next release
--
2022-04-14 15:44:12 +02:00
Werner Koch
c8c71fc716
gpg: Replace an assert by a log_fatal.
* g10/build-packet.c (do_signature): Use log_fatal.
--
GnuPG-bug-id: 5809
2022-04-14 13:53:55 +02:00
Werner Koch
58532fe56c
scd: Minor code reorganization
* scd/ccid-driver.c: Move struct defines to the top.
(MAX_DEVICE): Rename to CCID_MAX_DEVICE.
2022-04-14 10:25:15 +02:00
Werner Koch
c4b14be48f
scd: Fix memory leak in ccid-driver.
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
--

Due to an assignment out of bounds this might lead to a crash if there
are more than 15 readers.  In any case it fixes a memory leak.
Kudos to the friendly auditor who found that bug.

Fixes-commit: 8a41e73c31
2022-04-14 10:17:28 +02:00