1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

10318 Commits

Author SHA1 Message Date
Werner Koch
74e4dd3668
gpg: Prepare for a new export option export-realclean.
* g10/options.h (EXPORT_REALCLEAN): New.  Also re-assign other values
to keep them more in sync with the corresponding import values.
* g10/export.c (parse_export_options): Add "export-realclean".
(do_export_stream): Call clean_all_uids directly with the options
arg.
* g10/import.c (import_one_real): Change for direct use of options in
clean_all_uids.
* g10/key-clean.c (is_trusted_key_sig): New.  Stub for now.
(clean_sigs_from_uid): Re-purpose self_only to a general options arg.
Implement EXPORT_REALCLEAN code path.
(clean_one_uid): Re-purpose self_only to a general options arg.
(clean_all_uids): Ditto.
* g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple
flag.
(menu_clean): Re-purpose self_only to a general options arg.

* g10/keyid.c (fpr20_from_pk): Factor code out to ....
(fpr20_from_fpr): new.  Remove useless case for ARRAY being NULL.
* g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use
fpr20_from_fpr if needed.
(tdbio_search_trust_bypk): Pass 20 for the fingerprint length.
--

Note that this code has no function yet.  Another patch will follow to
extract the trusted-keys flag from the trustdb.
2024-03-04 14:22:42 +01:00
Werner Koch
233bf39323
build: Extend getswdb.sh to allow a verified download
--
2024-02-29 15:35:27 +01:00
Werner Koch
c27e5be50b
build: Make getswdb.sh usable outside the GniPG tree.
--
2024-02-29 10:21:33 +01:00
Werner Koch
dcab895e4c
gpg: Emit status lines for errors in the compression layer.
* g10/compress-bz2.c: Replace all log_fatal by log_error,
write_status_error, and g10_exit.
(do_uncompress): Ditto.
--

This gives gpgme a better way to detect corrupted data in the
compression layer.
GnuPG-bug-id: 6977
2024-02-27 11:33:21 +01:00
Werner Koch
962058f704
Allow tilde expansion for the foo-program options.
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program.  Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise.  Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--

GnuPG-bug-id: 7017
2024-02-27 10:36:22 +01:00
Werner Koch
adf4db6e20
agent: Allow GET_PASSPHRASE in restricted mode.
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode
but ignore the cacheid.
--

The use case is symmetric encryption via the extra-socket.  To avoid
that the gpg running on the server has access to the cache we set the
cache id to NULL so that the cache is not used at all.
2024-02-25 16:03:54 +01:00
Werner Koch
2372f6a403
gpg: Fix gpg_mpi_write for the unused opaque case.
* g10/build-packet.c (gpg_mpi_write): Take care of the fact that
get_opaque already returns a bit-exact value.
--

Fixes-commit: ab17f7b6c3
Reported-by: Falko Strenzke <falko.strenzke@mtg.de>
2024-02-21 15:55:14 +01:00
Werner Koch
a09157ccb2
wks: Allow command style args for gpg-wks-client.
* tools/gpg-wks-client.c (wrong_args): Take two args.  Change all
callers.
(main): Pass ARGPARSE_FLAG_COMMAND for recent gpgrt version.
--

This requires gpgrt 1.48.  Of course "gpg-wks-client --create ..."
continues to work.
2024-02-21 14:07:06 +01:00
Werner Koch
95bc592ab5
g13: Allow command line style "g13 mount foo".
* g13/g13.c (main): Set flag ARGPARSE_FLAG_COMMAND.
--

This requires gpgrt 1.48.  Of course "g13 --mount foo" continues to
work.
2024-02-20 11:40:49 +01:00
Mario Haustein
3aa02027cd
scd:p15: Fix typo in a comment 2024-02-20 10:34:39 +01:00
Mario Haustein
557f29d2c1
scd:p15: Add ECC support for D-Trust Card 4.1/4.4
* scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC
cards.
(do_decipher): Ditto.
2024-02-20 10:32:08 +01:00
Werner Koch
1e496cf2e5
scd:p15: Take derive usage into account for decryption (2).
* scd/app-p15.c (do_getattr): Yet another palce to fix.
--
GnuPG-bug-id: 7000
Co-authored-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
2024-02-20 10:29:25 +01:00
Werner Koch
3341017ff1
scd:p15: Handle duplicate certificate ids.
* scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter.
(objid_in_cdflist_p): New.
(read_p15_info): Clear the counter.
(read_ef_cdf): Detect and fix duplicate IDs.
--

GnuPG-bug-id: 7001
Reported-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
2024-02-20 09:17:38 +01:00
Werner Koch
ad4bc3e04d
scd:p15: Take derive usage into account for decryption.
* scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'.
(do_auth): Allow usageflags.sign_recover.
(do_decipher): Allow usageflags.derive.
(do_with_keygrip): Take usageflags.derive into account.
(do_gettatr): Ditto.
(do_decipher): Take a missing AODF for authentication not needed.
--

This is required for D-Trust ECC cards.

The AODF thing is unrelated but seems to be a good idea.

GnuPG-bug-id: 7000
2024-02-20 09:17:38 +01:00
NIIBE Yutaka
2810b93464
dirmngr: Fix keep-alive flag handling.
* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
Authentication.  Fix resource leak of FP_WRITE.

--

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-16 16:24:26 +09:00
NIIBE Yutaka
848546b05a
dirmngr: Fix the regression of use of proxy for TLS connection.
* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
causes resource leak of FP_WRITE.
Don't try to read response body to fix the hang.

--

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-16 11:38:57 +09:00
Werner Koch
0370678536
speedo: Add config variable for the timestamp service.
--
2024-02-15 14:53:28 +01:00
NIIBE Yutaka
04cbc3074a
dirmngr: Fix proxy with TLS.
* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
available regardless of USE_TLS.
(run_proxy_connect): Use log_debug_string.
(send_request): Remove USE_TLS.

--

Since the commit of

	1009e4e5f7

Building with TLS library is mandatory.

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-15 15:38:34 +09:00
Werner Koch
302afcb6f6
gpg: Add option --assert-pubkey_algo.
* g10/keyid.c (parse_one_algo_string): New.
(compare_pubkey_string_part): New.
(compare_pubkey_string): New.
* g10/verify.c (check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo.
* g10/options.h (opt): Add field assert_pubkey_algos.
* g10/gpg.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Reorder RC modifications.  Check assert_pubkey_algo_false.
* common/status.h (ASSERT_PUBKEY_ALGOS): new.
* common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if
this macro is set.

* g10/gpgv.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Check assert_pubkey_algo_false.

* g10/t-keyid.c: New.
* g10/Makefile.am: Add t-keyid.
* g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and
remove from other tests.
(check_assert_signer_list): Ditto.
(check_assert_pubkey_algo): Ditto.
--

GnuPG-bug-id: 6946
2024-02-10 14:26:55 +01:00
Werner Koch
5842eee805
doc: Suggest the use of a fingerprint for --default-key.
--

GnuPG-bug-id: 6975
2024-02-05 08:53:06 +01:00
Werner Koch
e5f24218fc
doc: Improve warning for --use-embedded-filename.
--

GnuPG-bug-id: 6972
2024-02-05 08:42:56 +01:00
Werner Koch
214d3ffe0f
gpgsm: Increase salt size in pkcs#12 parser.
* sm/minip12.c (parse_bag_encrypted_data): Need 32 bytes.
--

GnuPG-bug-id: 6757
2024-02-05 08:00:20 +01:00
Ángel González
375c3a238a
gpgsm: cleanup on error paths
* sm/minip12.c (p12_parse): set err on the different error paths

--

GnuPG-bug-id: 6973
Fixes-commit: 101433dfb4
Signed-off-by: Ángel González <angel@pgp.16bits.net>
2024-02-05 07:54:14 +01:00
Werner Koch
40b85d8e8c
scd:openpgp: Allow PIN length of 6 also with a reset code.
* scd/app-openpgp.c (do_change_pin): Fix PIN length check.  Add "R"
flag to the reset code prompt.
--

When using the reset code it was not possible to set a PIN of length
6.  The "R" flags fixes a funny prompt.

Fixes-commit: efe325ffdf
scd:openpgp: Allow PIN length of 6 also with a reset code.

* scd/app-openpgp.c (do_change_pin): Fix PIN length check.  Add "R"
flag to the reset code prompt.
--

When using the reset code it was not possible to set a PIN of length
6.  The "R" flags fixes a funny prompt.

Fixes-commit: 2376cdff13
2024-01-30 15:58:14 +01:00
Andre Heinecke
d6dedda3f2
w32, msi: Fix directory of gpg-card, add keyboxd
* build-aux/speedo/w32/wixlib.wxs: Fix gpg-card directory id.
Add keyboxd.
2024-01-30 10:20:43 +01:00
Jakub Bogusz
300c9eeace
po: update Polish translation 2024-01-29 10:59:13 +01:00
Werner Koch
03207f62e8
gpg: Minor code cleanup for fingerprint computation.
* g10/keyid.c (do_hash_public_key): Simplify code for clarity.
2024-01-29 10:30:51 +01:00
Werner Koch
ae0a755e0d
gpg: Hide --textmode from the help output.
--
2024-01-29 09:26:26 +01:00
Werner Koch
78eae9ffe8
doc: Mark --textmode as legacy option.
--
2024-01-29 09:24:19 +01:00
Werner Koch
2ed1f68b48
doc: Fix spelling errors found by lintian.
--

Reported-by: Andreas Metzler <ametzler@debian.org>
2024-01-29 09:16:21 +01:00
Werner Koch
97b2837653
speedo: Improve parsing of the ~./.gnupg-autogen.rc
--

We now allow spaces around the variable name and the value.
2024-01-26 16:01:06 +01:00
Werner Koch
4dc09bc5e7
dirmngr: For CRL issuer verification trust the system's root CA.
* dirmngr/crlcache.c (crl_parse_insert): Add
VALIDATE_FLAG_TRUST_SYSTEM.
--

GnuPG-bug-id: 6963
2024-01-26 13:14:35 +01:00
Werner Koch
eaf6a7ab87
common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR.
* common/exechelp-w32.c (gnupg_spawn_process): Fix macro.
--

Fixes-commit: 6d6438a361
GnuPG-bug-id: 6961
2024-01-26 10:29:08 +01:00
Werner Koch
367ae86019
Post release updates
--
2024-01-25 11:30:37 +01:00
Werner Koch
a43271cc08
Release 2.4.4 2024-01-25 11:06:01 +01:00
Werner Koch
c5429644e9
po: msgmerge
--
2024-01-25 11:05:58 +01:00
Werner Koch
2a4180812a
card: Tweak the checkcmds sub-command.
* tools/gpg-card.c (cmd_checkkeys): Skip not found keys.
2024-01-25 10:35:34 +01:00
NIIBE Yutaka
6481d410ec
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-01-25 09:07:11 +09:00
Werner Koch
d4976e35d2
gpg: Add sub-option ignore-attributes to --import-options.
* g10/options.h (IMPORT_IGNORE_ATTRIBUTES): New.
* g10/import.c (parse_import_options): Add new sub-option.
(read_block): Implement sub-option.
--

Suggested-by: Robin H. Johnson

Tested using the import-export feature:

  gpg --export KEY_WITH_PICTURE \
   | gpg --import --import-options import-export,ignore-attributes \
   | gpg --show-key
2024-01-24 18:26:01 +01:00
Werner Koch
a227a0d54d
po: Update German translation.
--

Just the new string for gpg-card's checkkeys.
2024-01-24 14:06:32 +01:00
Werner Koch
154ecf17bd
speedo: Build zlib, bzip2 and sqlite also on Unix.
--

This avoids extra build dependencies.  Note that bzip2 is not
necessary statically linked but an existing bzip2 SO might be used.
We would need to fix the bzip2 SO building and also provide a gnupg
configure option to build statically against bzip2.
2024-01-24 13:41:04 +01:00
Werner Koch
bea31c845a
card: flush stdout to get checkcmd's info messages in order.
* tools/gpg-card.c (cmd_checkkeys): Insert an fflush.
2024-01-24 10:40:03 +01:00
Werner Koch
fd6c38605a
speedo: Add a hint to run ldconfig
--
2024-01-23 14:19:40 +01:00
Werner Koch
34d19d448d
tests: Add two more sample p12 files
--
GnuPG-bug-id: 6940
2024-01-23 13:55:43 +01:00
Werner Koch
b7c1594861
speedo: Minor fix to the install target
--
2024-01-23 09:04:10 +01:00
NIIBE Yutaka
9408c6bf51
sm: Fix ECDH encryption with dhSinglePass-stdDH-sha384kdf-scheme.
* sm/encrypt.c (ecdh_encrypt): Cipher is AES192 for id-aes192-wrap.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-01-23 15:36:26 +09:00
Werner Koch
ead2982286
gpg: Use ephemeral mode for generating card keys.
* g10/call-agent.c (agent_set_ephemeral_mode): New.
* g10/keyedit.c (keyedit_menu) <bkuptocard>: Switch to ephemeral mode.
* g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for
card keys with backup.
--

GnuPG-bug-id: 6944
2024-01-22 16:52:22 +01:00
Werner Koch
434a641d40
agent: Add "ephemeral" Assuan option.
* agent/agent.h (struct ephemeral_private_key_s): New.
(struct server_control_s): Add ephemeral_mode and ephemeral_keys.
(GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New.
* agent/genkey.c (clear_ephemeral_keys): New.
(store_key): Add arg ctrl and implement ephemeral_mode.  Change all
callers.
(agent_genkey): Replace args no_protection and preset by a generic new
flags arg.
* agent/findkey.c (wipe_and_fclose): New.
(agent_write_private_key): Add arg ctrl and implement ephemeral_mode.
Change all callers.
(agent_update_private_key): Ditto
(read_key_file): Ditto.
(agent_key_available): Ditto.
* agent/command-ssh.c (card_key_available): Do not update display s/n
in ephemeral mode.  This is however enver triggred.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral
keys.
* agent/command.c (cmd_genkey): Use the new flags instead of separate
vars.
(cmd_readkey): Create a shadow key only in non-ephemeral_mode.
(cmd_getinfo): Add sub-command "ephemeral".
(option_handler): Add option "ephemeral".
--

The idea here that a session can be switched in an ephemeral mode
which does not store or read keys from disk but keeps them local to
the session.

GnuPG-bug-id: 6944
2024-01-22 16:49:54 +01:00
Werner Koch
18320d692c
doc: Fix description of gpg --unwrap
--
2024-01-22 10:16:03 +01:00
Werner Koch
ee56f71c8a
gpg: Add a communication object to the key generation code.
* g10/keygen.c (struct common_gen_cb_parm_s): New.
(common_gen): Add args common_gen_cb and common_gen_cb_parm.  Adjust
all callers.
(do_generate_keypair): Clarify the code by using a better var name.
--

We may eventually also replace the long arg list with that object.
The immediate reason for this change is the followup commit.
2024-01-22 10:16:03 +01:00