1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

10318 Commits

Author SHA1 Message Date
Werner Koch
ed5edb4315
speedo: Add ntbtls to the wixlib
--
2024-09-19 15:16:12 +02:00
Werner Koch
15aea30de0
speedo: Update to be more aligned with the version in master
--
2024-09-19 14:21:47 +02:00
Werner Koch
35d80ebd78
doc: Add support for generating HTML versions of the man pages.
* doc/Makefile.am (yat2m-stamp): Also call yat2m with --html options.
* doc/yat2m.c (main): Add dummy options.
--

Note that the generated html versions of the man pages will only be
correct if the external yat2m tool is installed - at least for the
maintainers of the website this will be the case.
2024-09-19 14:00:32 +02:00
NIIBE Yutaka
a698adbb53
kbx: Fix a race condition on DATABASE_HD.
* kbx/backend-sqlite.c (create_or_open_database): Protect
the access to DATABASE_HD.

--

GnuPG-bug-id: 7294
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:24:28 +02:00
NIIBE Yutaka
32476f870d
scd: Fix DEVINFO to allow multiple clients.
* scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:24:22 +02:00
Werner Koch
e76bac2ef2
build: Fix make distclean for gnupg.7.html
--
2024-09-19 13:21:15 +02:00
Werner Koch
685acf650a
build: Also cleanup generated html file in a make distcheck
* doc/Makefile.am (myman_pages): Add gpg and gpgv.
(USE_GPG2_HACK): Remove conditional.
(myhtmlman_pages): New.
(DISTCLEANFILES): Add html pages.
--
2024-09-19 13:20:47 +02:00
Werner Koch
b8ddffead5
doc: Updated comments in speedo.mk
--
2024-09-19 13:19:07 +02:00
NIIBE Yutaka
a17584d000
gpg: Fix getting key by IPGP.
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key.

--

GnuPG-bug-id: 7288
Reported-by: Wilfried Teiken
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:18:56 +02:00
Werner Koch
178c3fe62c
gpg: Improve detection of input data read errors.
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--

Fixes-commit: 2fdb950471
GnuPG-bug-id: 6528

The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
2024-09-19 13:18:20 +02:00
Werner Koch
e16728f3d6
gpg: Make --no-literal work again for -c and --store.
* g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy.
(enarmor_file): Ditto.
* g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy
(encrypt_crypt): Use iobuf_copy.
--

Fixes-commit: 756c0bd5d8
GnuPG-bug-id: 5852
2024-09-19 13:15:34 +02:00
Werner Koch
0f0c59d6ff
gpg: remove workaround for Libgcrypt < 1.8.6
* g10/free-packet.c (is_mpi_copy_broken): Remove.
2024-09-19 13:12:41 +02:00
Werner Koch
e8598390be
gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--

This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.

Fixes-commit: 122803bf1a
GnuPG-bug-id: 7042
2024-09-19 10:02:29 +02:00
Werner Koch
6ff13380a2
agent: Fix detection of the trustflag de-vs.
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--

Fixes-commit: a5360ae4c7
GnuPG-bug-Id: 5079
2024-09-17 13:39:52 +02:00
NIIBE Yutaka
730593affa
common:w32: Don't expose unused functions.
* common/exechelp.h [HAVE_W32_SYSTEM] (get_max_fds): Don't expose.
(close_all_fds, get_all_open_fds): Likewise.
* common/exechelp-w32.c: Don't expose unused functions.

--

GnuPG-bug-id: 7293
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-17 09:24:41 +09:00
Werner Koch
54e06273c0
gpgsm: New option --assert-signer
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--

GnuPG-bug-id: 7286
2024-09-13 16:37:37 +02:00
Werner Koch
f7f939234b
gpgconf: Add missing linefeed to the -X output.
* tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.
2024-09-03 11:16:48 +02:00
NIIBE Yutaka
5a1bf7e552
agent: Fix KEYTOCARD for the use case with loopback pinentry.
* agent/command.c (cmd_keytocard): Copy LINE.

--

GnuPG-bug-id: 7283
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-03 11:13:20 +02:00
Werner Koch
1ea66b6df3
doc: Explain why we use D-Lines for keyboxd communication.
--
2024-08-28 10:11:39 +02:00
Werner Koch
cb739bb2a5
gpg: New option --proc-all-sigs
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (check_sig_and_print): Do not stop signature checking
if this new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
Backported-from-master: 1eb382fb1f
2024-08-23 11:46:06 +02:00
Werner Koch
92667aa8c2
gpg: Warn if a keyring is specified along with --use-keyboxd.
* g10/gpg.c (main): Print the warning.
--
GnuPG-bug-id: 7265
2024-08-23 09:20:58 +02:00
Werner Koch
c884e22140
gpg: Minor fix when building with --disable-exec
* g10/photoid.c (show_photo): No return for a void function.
--

GnuPG-bug-id: 7256
2024-08-19 10:32:33 +02:00
Werner Koch
1af3c09831
gpg: Improve decryption diagnostic for an ADSK key.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used.  Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--

This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
  "oops: public key not found for preference check\n"
  due to ADSK keys.  The error is mostly harmless but lets gpg return
  with an exit code of 2.

Backported-from-master: 6fa4d7973d
2024-08-12 15:05:44 +02:00
Werner Koch
6fa4d7973d
agent: When diverting to a card show the name of unsupported algos.
* agent/divert-scd.c (divert_pkdecrypt): Improve error message.
2024-08-12 15:03:40 +02:00
Werner Koch
5d8bc309c7
doc: Explain that sort-sigs has no effect in colon mode.
--
2024-08-12 15:03:17 +02:00
Andre Heinecke
6878634c25
speedo,w32: Update libassuan dll name in wxs
* build-aux/speedo/w32/wixlib.wxs: Update name and UID for
libassuan
2024-08-12 15:02:24 +02:00
Daniel Cerqueira
4349855bd3
po: Update pt.po
--

Here is the Git patch of the updated GnuPG pt.po translation.

From d05a67bc357752ab64521a34bdd4bb461998d78d Mon Sep 17 00:00:00 2001
From: Daniel Cerqueira <dan.git@lispclub.com>
Date: Fri, 2 Aug 2024 14:21:47 +0100
Subject: [PATCH GnuPG] po: Update Portuguese Translation.

Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>

Backported-from-master: d73beb5398
(I hope that I did not break too much)
2024-08-12 15:01:32 +02:00
Werner Koch
3a28da61ae
sm: More improvements for PKCS#12 parsing for latest IVBB changes.
* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
(tlv_parser_new): New macro.  Rename function with an underscore.
(tlv_next_with_flag): New.
* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
Add fields crammed, lasttlv, and origoff.  Remove bufferlist ands ist
definition.
(dump_to_file): New but disabled debug helper.
(parse_tag): Print more info on error.
(_tlv_parser_new): Add args lasttlv and LNO.  Take a copy of the data.
(_tlv_parser_release): Free the copy of the buffer and return the
recorded TLV object from tlv_parser_new.
(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
(_tlv_push): Record crammed length.
(_tlv_pop): Restore crammed length.
(_tlv_parser_next): Add arg flags.  More debug output.  Handle cramming
here.  Take care of cramming here.
(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
(tlv_expect_octet_string): Remove arg encapsulates.  Adjust for
changes in _tlv_parser_next.  Change all allers.
(tlv_expect_null): New.
(cram_octet_string): Rewrite.
(need_octet_string_cramming): Remove.

* sm/minip12.c (dump_to_file): New.  Enablein debug mode and if a
envvar ist set.  Replace all explict but disabled dumping to call this
function.
(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
optional SET by non-peeking code.
(parse_cert_bag): Ditto.
(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
enable the Mozilla workaround.
(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
tlv_parser_release semantics.
(parse_shrouded_key_bag): Ditto.
(parse_shrouded_key_bag): Create a new context instead of using the
former encapsulated mechanism for tlv_expect_octet_string.
(parse_bag_data): Ditto.
(p12_parse): Ditto.
--

GnuPG-bug-id: 7213

Fixing this took way too long; I should have earlier explained the
code to a co-hacker to find the problem myself in my code by this.

Backported-from-master: 690fd61a0c
2024-08-07 10:22:01 +02:00
Werner Koch
e4298d5684
scd: New getinfo subcommand "manufacturer"
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--

Example:

  $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
  D Magrathea
  OK
2024-08-07 10:20:21 +02:00
Werner Koch
b614309876
scd: New getinfo subcommand "dump_state".
* scd/command.c (cmd_getinfo): Add subcommand.  Always init CTRL for
simplicity.
--

A state dump looks like

  app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1
  app_dump_state:   app=0x00007f1b38018100 type='openpgp'
  app_dump_state:   app=0x00007f1b3800cb70 type='piv'
  app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0
  app_dump_state:   app=0x00007f1b38016fc0 type='openpgp'

and can also be triggered by a SIGUSR1.  This explicit command allows
to dump the state also on Windows.  Use for example

  gpg-connect-agent 'scd getinfo dump_state' /bye
2024-08-07 10:20:19 +02:00
Werner Koch
658a139d68
doc: Fix URL to the OpenPGP card specs
--
2024-08-07 10:20:12 +02:00
Werner Koch
5d3f3c8076
speedo,w32: Also sign the new libassuan SO name.
--
2024-07-01 17:25:32 +02:00
Werner Koch
5d3995b16b
speedo,w32: Add extra flags for gpgrt and fix SO name of libassuan.
--

Due to the recently introduced use of STARTUPINFOEXW in gpgrt we now
need at least Windows Vista.  Version 8 of Mingw defaults to XP SP2
which requires us to explicit override that default.

The SO number of libassuan needs an update too.
2024-07-01 16:59:38 +02:00
Werner Koch
83ede262b7
Update NEWS
--
2024-07-01 15:48:28 +02:00
Werner Koch
4d901904d7
gpgconf: Allow listing of some new options
--

Also one old option.

GnuPG-bug-id: 6882
(cherry picked from commit df977729ff)
2024-07-01 15:47:37 +02:00
Werner Koch
3765b42383
sm: Emit user IDs in colon mode even if the Subject is empty.
* sm/keylist.c (list_cert_colon): Rework listing of user IDs.
--

Only in colon mode this did not work.  Note that an updated libksba is
anyway required to parse a certificate with an empty Subject.

GnuPG-bug-id: 7171
(cherry picked from commit 1067e544c2)
2024-07-01 15:12:09 +02:00
Werner Koch
dc9a52cb4e
agent: Silence debug output from the PIN caching.
* agent/call-scd.c (handle_pincache_put): Use log_debug only in cache
debug mode.

(cherry picked from commit fee890a2ab)
2024-07-01 15:07:37 +02:00
Werner Koch
ce75af47eb
gpg: Add magic parameter "default" to --quick-add-adsk.
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--

GnuPG-bug-id: 6882
(cherry picked from commit 77afc9ee1c)
2024-07-01 15:07:03 +02:00
Werner Koch
222045d850
gpg: Print designated revokers also in a standard listing.
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--

Designated revokers were only printed in --with-colons mode.  For
quick inspection of a key it is useful to see them right away.

(cherry picked from commit 9d618d1273)
2024-07-01 15:01:50 +02:00
Werner Koch
330354972a
gpg: Autoload designated revoker key and ADSK when needed.
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--

The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.

GnuPG-bug-id: 7133
(cherry picked from commit 465ea9116d)
2024-07-01 15:01:14 +02:00
Werner Koch
c6cecbd89a
gpg: New option --default-new-key-adsk.
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
(cherry picked from commit ed118e2ed5)
2024-07-01 15:00:16 +02:00
Werner Koch
28dd05a079
common: New function tokenize_to_strlist.
* common/strlist.c (append_to_strlist_try): Factor code out to ...
(do_append_to_strlist): new.
(tokenize_to_strlist): New.

* common/t-strlist.c (test_tokenize_to_strlist): New.

(cherry picked from commit d2dca58338)
2024-07-01 14:58:42 +02:00
Werner Koch
6551281ca3
gpg: Implement the LDAP AKL method.
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove.  It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--

The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.

(cherry picked from commit 068ebb6f1e)
2024-07-01 14:48:48 +02:00
NIIBE Yutaka
5746c944cd
agent: Require use of "SCD DEVINFO --watch" command with socket.
* agent/call-scd.c (agent_card_devinfo): Check if client connects
by a socket.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit c4ff9c5def)
2024-07-01 14:38:51 +02:00
NIIBE Yutaka
81fc7b291e
agent: Initialize thread_startup.fd for pipe connection.
* agent/gpg-agent.c (main): Let it have defined value.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 14400b2fb3)
2024-07-01 14:38:50 +02:00
Werner Koch
0ed8e9ae3e
agent: Handle SCD DEVINFO --watch command in a special way.
* agent/call-scd.c (devinfo_watch_thread): New.
(agent_card_devinfo): New.
(agent_card_scd): Call agent_card_devinfo when it's
DEVINFO_WATCH_COMMAND.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit b3f1f2cd19)
2024-07-01 14:38:46 +02:00
NIIBE Yutaka
fd9872295b
agent:daemon: Add an argument to specify requiring socket connection.
* agent/agent.h (daemon_start): Add REQ_SOCK argument.
* agent/call-daemon.c (daemon_start): Support specifying a socket
connection.
* agent/call-scd.c (start_scd): Connection don't care.
* agent/call-tpm2d.c (start_tpm2d): Likewise.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 5d980802ac)
2024-07-01 14:17:09 +02:00
NIIBE Yutaka
59e785b543
scd: Restrict use of DEVINFO --watch command for socket connection.
* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d98521b934)
2024-07-01 14:16:48 +02:00
NIIBE Yutaka
6996e5f6ff
scd: Finish DEVINFO --watch command on input close.
* scd/app.c (card_list_signal): Use pipe on POSIX system, event on
Windows.
(card_list_wait): Detect input change as well as card list event
change.
(app_send_devinfo): Finish the command on input close.
(initialize_module_command): Initialize pipe or event.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 36d8cffc6c)
2024-07-01 14:16:18 +02:00
NIIBE Yutaka
fc732131a1
scd: Factor out scd_init_event function.
* scd/scdaemon.c (scd_init_event): New.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 9aa6faaf10)
2024-07-01 14:15:39 +02:00