1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-25 15:27:03 +01:00

10716 Commits

Author SHA1 Message Date
Werner Koch
33e571a74a
gpgsm: New option --assert-signer
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--

GnuPG-bug-id: 7286
2024-09-11 14:30:40 +02:00
Werner Koch
2125f228d3
build: Remove configure option --enable-gpg-is-gpg2
* configure.ac (--enable-gpg-is-gpg2): Remove option.
(USE_GPG2_HACK): Remove var.
* common/homedir.c (gnupg_module_name): Remove code for gpg2
installation option.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (noinst_PROGRAMS): Ditto.
* doc/gpg.texi: Ditto.
* doc/gpgv.texi: Ditto.
--

This option and all its build stuff does not make anymore sense.  gpg1
is way too old for anyone to use on a regualar base along with a
standard gpg.  It is better to rename that single gpg (1.4) binary to
gpg1 and adjust any scripts.
2024-09-11 14:30:40 +02:00
Werner Koch
51bccae168
build: Also cleanup generated html file in a make distcheck
* doc/Makefile.am (myman_pages): Add gpg and gpgv.
(USE_GPG2_HACK): Remove conditional.
(myhtmlman_pages): New.
(DISTCLEANFILES): Add html pages.
--
2024-09-11 14:30:40 +02:00
Werner Koch
138e018592
tests: Updated PQC test data to the final Kyber algo id.
--

We actually reuse the private keys here by having deleted the subkey
and crated a new one using the option "From existing key".  Of course
the encrypted data changed while the plaintext stayed the same.
2024-09-11 14:30:39 +02:00
Werner Koch
6b7868fc0e
doc: Updated comments in speedo.mk
--
2024-09-11 14:30:39 +02:00
NIIBE Yutaka
7e321c2c2a
gpg: Fix getting key by IPGP.
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key.

--

GnuPG-bug-id: 7288
Reported-by: Wilfried Teiken
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-11 13:51:16 +09:00
Werner Koch
d528d0b065
gpg: New commands --add-recipients and --change-recipients.
* g10/gpg.c (aAddRecipients, aChangeRecipients): New consts.
(opts): Add --add-recipients and --change-recipients.
(main): Handle them.
* g10/gpg.h (struct server_control_s): Add fields modify_recipients,
clear_recipients, and last_read_ctb.
* g10/armor.c (was_armored): New.
* g10/decrypt.c (decrypt_message): Add optional arg 'remusr'.  Handle
re-encryption if desired.
* g10/encrypt.c (write_pubkey_enc): Factor info printing out to ...
(show_encrypted_for_user_info): new.
(reencrypt_to_new_recipients): New.
* g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc
and last_ctb.
(init_parse_packet): Clear them.
* g10/parse-packet.c (parse): Store CTB in the context.  Early return
on pubkey_enc and symkey_enc packets if requested.
* g10/mainproc.c (proc_encrypted): Allow for PKT being NULL.  Return
early in modify-recipients mode.
(proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'.
Adjust callers.  Call do_proc_packets in modify-recipients mode
depending on the optional args.
(do_proc_packets): Add arg 'keep_dek_and_list'.  Adjust callers.  Save
the last read CTB in CTRL and return after the last fooenc_enc
packets.
--

This basically works but does not yet handle symmetric encrypted
packets (symkey_enc).

GnuPG-bug-id: 1825
(Yes, this is an at least 9 year old feature request)
2024-09-09 16:47:04 +02:00
Werner Koch
2cc340eca0
gpg: Improve detection of input data read errors.
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--

Fixes-commit: 695cb04af5218cd7b42c7eaaefc186472b99a995
GnuPG-bug-id: 6528

The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
2024-09-06 16:09:49 +02:00
Werner Koch
9a741aba3d
gpg: Make --no-literal work again for -c and --store.
* g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy.
(enarmor_file): Ditto.
* g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy
(encrypt_crypt): Use iobuf_copy.
--

Fixes-commit: 756c0bd5d89bd0a773f844fbc2ec508c1a36c63d
GnuPG-bug-id: 5852
2024-09-06 16:09:49 +02:00
Werner Koch
1eaf1e236e
gpg: Simplify the pubkey_enc_list object
* g10/packet.h (struct pubkey_enc_list): Replace most by a
PKT_pubkey_enc member.
* g10/free-packet.c (free_pubkey_enc): Factor most stuff out to ...
(release_pubkey_enc_parts): new.
(copy_pubkey_enc_parts): New.
* g10/mainproc.c (release_list): Adjust for above change.
(proc_pubkey_enc): Ditto.
(print_pkenc_list): Ditto.
(proc_encrypted): Ditto.
2024-09-06 16:09:49 +02:00
Werner Koch
1e25157266
gpg: remove workaround for Libgcrypt < 1.8.6
* g10/free-packet.c (is_mpi_copy_broken): Remove.
2024-09-06 16:09:49 +02:00
NIIBE Yutaka
412e183e55
scd:w32: Fix for setting an environment block with GNUPGHOME.
* scd/app.c (report_change): It's ASCII or multi-byte encoded string.
It's gpgrt's spawn function which converts it to wide char string
internally if needed.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-06 10:46:36 +09:00
NIIBE Yutaka
c9677e9501
scd:w32: Export GNUPGHOME for scd-event.
* scd/app.c (report_change): Set up GNUPGHOME.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-05 13:37:21 +09:00
Werner Koch
aac5a8f008
gpgconf: Add missing linefeed to the -X output.
* tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.
2024-09-03 11:17:26 +02:00
NIIBE Yutaka
4a4c1efac5
agent: Fix KEYTOCARD for the use case with loopback pinentry.
* agent/command.c (cmd_keytocard): Copy LINE.

--

GnuPG-bug-id: 7283
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-03 14:06:48 +09:00
Werner Koch
05be36720d
tests: Add two plaintext test mails
--
2024-08-29 19:31:08 +02:00
Werner Koch
4511997e9e
gpg-mail-tube: New feature --as-attach.
* tools/gpg-mail-tube.c (oAsAttach): NEw.
(opts): Add --as-attach.
(opt): Add .as_attach.
(parse_arguments): Set it.
(mail_tube_encrypt): Detect plain text and hhandle new option.
2024-08-29 17:46:39 +02:00
Werner Koch
ac30449867
tools: Improve rfc822parse to allow access to headers for longer.
* tools/rfc822parse.c (struct rfc822parse_context): Add field
this_part.
(release_handle_data): Clear this_part.
(rfc822parse_open): Set this_part.
(set_current_part_to_parent): Ditto.
(insert_header): Ditto.
(rfc822parse_enum_header_lines): Replace current_part by this_part.
(find_header): Ditto.

* tools/rfc822parse.c (my_strcasecmp): Remove.
(same_header_name): New.
(rfc822_capitalize_header_name): Use new function instead.
--

With this change the header function can now be sued after the
transition to the body.  Thus up until thenext MIME block is reached
the headers of the former MIME block are returned.

This also fixes a problem with the "MIME-Version" header name
capitalization.
2024-08-29 17:42:19 +02:00
Werner Koch
80bd49224e
doc: Minor fix for the description of gpg's --default-*-expire
--
2024-08-29 15:06:05 +02:00
Werner Koch
8896bbd0f9
gpg: Switch Kyber to the final algo id and add it to the menu.
* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8.
* g10/keygen.c (do_generate_keypair): Remove the experimental algo
note ...
(write_keybinding): and the experimental notation data.
(ask_algo): Add a mode 16 for a Kyber subkey.
(generate_subkeypair): Set parameters for mode 16.
--

GnuPG-bug-id: 6815
2024-08-27 10:44:17 +02:00
Werner Koch
1eb382fb1f
gpg: New option --proc-all-sigs
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
2024-08-23 11:28:30 +02:00
Werner Koch
3171ca9b94
gpg: Warn if a keyring is specified along with --use-keyboxd.
* g10/gpg.c (main): Print the warning.
--
GnuPG-bug-id: 7265
2024-08-23 09:19:55 +02:00
Werner Koch
41b06b5579
common: Do not call the agent with the obsolete --use-standard-socket.
* common/asshelp.c (start_new_service): Drop that option.
--

This avoids a useless warnings.
2024-08-22 18:30:51 +02:00
Werner Koch
60c541f588
doc: Remove included yat2m and build HTML versions of the man pages.
* configure.ac (YAT2M): Use standard detection.
* doc/Makefile.am (EXTRA_DIST): Remove yat2m.c.
(CLEANFILES): Ditto.
(yat2m): Remove targets.
(yat2m-stamp): Also build html versions.
2024-08-19 14:00:26 +02:00
Werner Koch
8bef1e2821
gpg: Minor fix when building with --disable-exec
* g10/photoid.c (show_photo): No return for a void function.
--

GnuPG-bug-id: 7256
2024-08-19 10:31:44 +02:00
Werner Koch
1766efbe5e
doc: Add another example for gpg-mail-tube
--
2024-08-16 14:14:20 +02:00
Werner Koch
2f46029bec
tools: Fix bashishm
--

Fixes-commit: 536fc8d33db571108459493d1881cdfc8371d3cc
2024-08-16 11:12:44 +02:00
Andre Heinecke
3d015d106f
build-aux: Add PKCS#8 authenticode key support
* tools/gpg-authcode-sign.sh: Assume PKCS#8 if the key file
does not end with .p12 or .pfx.

--
Since using encrypted PKCS#12 containers with askpass
is unpractical when signing many files. This adds support
to use an PKCS#8 key for codesigning.
2024-08-15 22:45:06 +02:00
Andre Heinecke
536fc8d33d
build-aux: Add cleanup to gpg-authcode-sign.sh
* tools/gpg-authcode-sign.sh (cleanup): New.

--
When using osslsigncode it does not delete the
output file on error. Errors or cancels there
can happen easily with either timestamp problems
or a wrong password.
Additionally, if an output file exists, osslsigncode
does not write a good error message but shows
some exception.
2024-08-15 22:44:56 +02:00
Andre Heinecke
d80345244c
speedo,w32: Install ntbtls as a library
* build-aux/speedo.mk (AUTHENTICODE_FILES): Sign ntbtls files.
(speedo_pkg_ntbtls_configure): Remove duplicated
32 bit entry.
* build-aux/speedo/w32/inst.nsi,
build-aux/speedo/w32/wixlib.wxs: Package ntblts dll.

--
This changes ntbtls to be built with default options both
on 64 bit and on 32 bit. Previously on 32 bit Windows it
would have been linked statically. But since the file lists
are hardcoded this should be independent of the architecture.
2024-08-13 10:08:52 +02:00
Werner Koch
882ab7fef9
gpg: Improve decryption diagnostic for an ADSK key.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used.  Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--

This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
  "oops: public key not found for preference check\n"
  due to ADSK keys.  The error is mostly harmless but lets gpg return
  with an exit code of 2.
2024-08-12 14:50:08 +02:00
Werner Koch
1d18c143f4
agent: When diverting to a card show the name of unsupported algos.
* agent/divert-scd.c (divert_pkdecrypt): Improve error message.
2024-08-09 10:08:50 +02:00
Werner Koch
8735b87411
gpg: New debug flag "keydb".
* g10/options.h (DBG_KEYDB_VALUE): New.
* g10/gpg.c (debug_flags): Add it.
* g10/keydb.c: Replace all DBG_LOOKUP by DBG_KEYDB.
* g10/keyring.c: Ditto.
* g10/call-keyboxd.c: Ditto.
--

Using "lookup" also for key search debugging was not a good idea.
This uses a separate flag for the latter.
2024-08-09 09:31:54 +02:00
Werner Koch
7d82fca43d
gpg: Increase compress buffer size.
* g10/compress.c (init_compress): Increase buffersize.
--

This may speed up things a little bit.
2024-08-08 17:31:26 +02:00
Werner Koch
2a0caeb868
doc: Explain that sort-sigs has no effect in colon mode.
--
2024-08-08 17:28:15 +02:00
Andre Heinecke
9e2633937c
speedo,w32: Update libassuan dll name in wxs
* build-aux/speedo/w32/wixlib.wxs: Update name and UID for
libassuan
2024-08-08 15:18:07 +02:00
Andre Heinecke
fd90013a12
speedo,w32: Fix check for gpg-authcode-sign.sh
* build-aux/speedo.mk (AUTHENTICODE_sign): Do version check
in subshell to get the return code.

--
Otherwise this will fail not with the intended error message
but with "no such file or directory."
2024-08-08 15:15:59 +02:00
Daniel Cerqueira
d73beb5398
po: Update pt.po
--

Here is the Git patch of the updated GnuPG pt.po translation.

From d05a67bc357752ab64521a34bdd4bb461998d78d Mon Sep 17 00:00:00 2001
From: Daniel Cerqueira <dan.git@lispclub.com>
Date: Fri, 2 Aug 2024 14:21:47 +0100
Subject: [PATCH GnuPG] po: Update Portuguese Translation.

Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>
2024-08-08 12:26:20 +02:00
Werner Koch
690fd61a0c
sm: More improvements for PKCS#12 parsing for latest IVBB changes.
* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
(tlv_parser_new): New macro.  Rename function with an underscore.
(tlv_next_with_flag): New.
* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
Add fields crammed, lasttlv, and origoff.  Remove bufferlist ands ist
definition.
(dump_to_file): New but disabled debug helper.
(parse_tag): Print more info on error.
(_tlv_parser_new): Add args lasttlv and LNO.  Take a copy of the data.
(_tlv_parser_release): Free the copy of the buffer and return the
recorded TLV object from tlv_parser_new.
(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
(_tlv_push): Record crammed length.
(_tlv_pop): Restore crammed length.
(_tlv_parser_next): Add arg flags.  More debug output.  Handle cramming
here.  Take care of cramming here.
(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
(tlv_expect_octet_string): Remove arg encapsulates.  Adjust for
changes in _tlv_parser_next.  Change all allers.
(tlv_expect_null): New.
(cram_octet_string): Rewrite.
(need_octet_string_cramming): Remove.

* sm/minip12.c (dump_to_file): New.  Enablein debug mode and if a
envvar ist set.  Replace all explict but disabled dumping to call this
function.
(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
optional SET by non-peeking code.
(parse_cert_bag): Ditto.
(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
enable the Mozilla workaround.
(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
tlv_parser_release semantics.
(parse_shrouded_key_bag): Ditto.
(parse_shrouded_key_bag): Create a new context instead of using the
former encapsulated mechanism for tlv_expect_octet_string.
(parse_bag_data): Ditto.
(p12_parse): Ditto.
--

GnuPG-bug-id: 7213

Fixing this took way too long; I should have earlier explained the
code to a co-hacker to find the problem myself in my code by this.
2024-08-06 17:51:01 +02:00
Werner Koch
5409b273a6
sm: Add a debug helper command to t-minip12.c
* sm/t-minip12.c (cram_file): New.
(main): Add option --cram.
--

This is sometimes useful to convert constructed octet strings into
primitive octet strings.
2024-08-06 15:59:26 +02:00
Werner Koch
a8cef7ebc2
scd: New getinfo subcommand "manufacturer"
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--

Example:

  $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
  D Magrathea
  OK
2024-08-05 16:19:32 +02:00
Werner Koch
f1e3a23d9e
scd: New getinfo subcommand "dump_state".
* scd/command.c (cmd_getinfo): Add subcommand.  Always init CTRL for
simplicity.
--

A state dump looks like

  app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1
  app_dump_state:   app=0x00007f1b38018100 type='openpgp'
  app_dump_state:   app=0x00007f1b3800cb70 type='piv'
  app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0
  app_dump_state:   app=0x00007f1b38016fc0 type='openpgp'

and can also be triggered by a SIGUSR1.  This explicit command allows
to dump the state also on Windows.  Use for example

  gpg-connect-agent 'scd getinfo dump_state' /bye
2024-08-02 13:44:57 +02:00
Werner Koch
fa2c15634c
keyboxd: New getinfo subcommand "connections".
* kbx/kbxserver.c (cmd_getinfo): Add subcommand.
2024-08-02 13:29:53 +02:00
Werner Koch
c16604246a
doc: Fix URL to the OpenPGP card specs
--
2024-08-01 12:14:01 +02:00
Werner Koch
a4eefb271f
gpg-mail-tube: Make sure GNUPGHOME is set in vsd mode.
* tools/gpg-mail-tube.c (main): Set GNUPGGHOME.
(start_gpg_encrypt): Improve the "statrt gpg" diagnostic.
(prepare_for_appimage): Start with cleared GNUPGHOME.
2024-07-31 10:25:48 +02:00
Werner Koch
91532dc3f4
doc: Clarify gpgv man page synopsis.
--
GnuPG-bug-id: 7209
2024-07-23 15:09:39 +02:00
Werner Koch
ea123af9b5
Revert "common: Fix tlv-parser for constructed OCTET-STRING."
--
This reverts commit cc78b26a4729db2280334214e21a8847e95d2ab0.
2024-07-23 13:54:15 +02:00
Werner Koch
8b1f35a78f
g13: Finish migration to gpgrt_process_spawn API
--
Fixes-commit: 953dd67368ceaeb8b42cfb8f9b5f3c4de8afdbe0
2024-07-23 13:53:20 +02:00
Werner Koch
62384ba556
Revert "speedo: Use remote gitrep if local does not exist"
--
Fixes-commit: 7a9214b0d41ecf1aacada79a850da05d558320ff.

Using a remote repo is dangerous; for a local repo it can be expected
that it has been properly pulled and checked.
2024-07-23 13:40:43 +02:00
Jakub Jelen
dd23441938
agent: Avoid memory leak when handling ssh keys.
* agent/command-ssh.c (ssh_send_available_keys): Close file and
directory on error paths.

--

GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-22 13:40:35 +09:00