1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-25 10:49:57 +01:00

8701 Commits

Author SHA1 Message Date
Werner Koch
60f08969e1
gpg: Set default keysize to rsa3072
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
(gen_rsa): Set fallback to 3072.
(get_keysize_range): Set default to 3072.
* doc/examples/vsnfd.prf: No more need for default-new-key-algo.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 13:08:25 +02:00
Werner Koch
0847133e4c
sm: Do not require a default keyring for --gpgconf-list.
* sm/gpgsm.c (main): No default keyring for gpgconf mode.
--

GnuPG-bug-id: 4867
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 11:38:44 +02:00
Werner Koch
adea5ba7e7
agent: Allow using --gogconf-list even if HOME does not exist.
* agent/gpg-agent.c (main): Do not create directories in gpgconf mode.
--

GnuPG-bug-id: 4866
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 11:17:35 +02:00
Werner Koch
f148803277
Add a new dist signing key
--

This is

  pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
        6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA
  uid                      Werner Koch (dist signing 2020)
2020-08-24 19:48:13 +02:00
Werner Koch
5ac0cf1b81
gpg,gpgsm: Record the creation time of a private key.
* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
(gpgsm_agent_import_key): Ditto.
* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
(agent_import_key): Ditto.
* g10/import.c (transfer_secret_keys): Pass the creation date to the
agent.
* g10/keygen.c (common_gen): Ditto.
--

Having the creation time in the private key file makes it a lot easier
to re-create an OpenPGP public keyblock in case it was accidentally
lost.

Signed-off-by: Werner Koch <wk@gnupg.org>
Cherry-picked-from-master: 4031c42bfd0135874a5b362df175de93a19f1b51
2020-08-23 12:31:18 +02:00
Werner Koch
051830d7b4
agent: Allow to pass a timestamp to genkey and import.
* agent/command.c (cmd_genkey): Add option --timestamp.
(cmd_import_key): Ditto.
* agent/genkey.c (store_key): Add arg timestamp and change callers.
(agent_genkey): Ditto.
* agent/findkey.c (write_extended_private_key): Add args timestamp and
newkey to write a Created line.
(agent_write_private_key): Add arg timestamp.
(agent_write_shadow_key): Ditto.
* agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 0da923a1240ac78d60c92cdd8488c4e405c3243b
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-23 12:28:00 +02:00
Werner Koch
5b927b7b27
agent: Default to extended key format.
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(opts): Make --enable-extended-key-format a dummy option.  Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
* agent/protect.c (agent_protect): Be safe and set use_ocb either to
to 1 or 0.
--

Extended key format is supported since version 2.1.12 which should have
long been replaced by a newer version in all installations.  Thus for
2.2.22 we will make use of the extended-key-format by default.

This is a backport of the commits:
05eff1f6623c272fcabd4e238842afc832710324
91ae3e7fb66271691f6fe507262a62fc7e2663a3

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 15:10:08 +02:00
Werner Koch
843890663b
gpgtar,w32: Handle Unicode file names.
* tools/gpgtar.c (oUtf8Strings): New.
(opts): Add option --utf8-strings.
(parse_arguments): Set option.
* tools/gpgtar.h (opt): Add field utf8strings.
* tools/gpgtar-create.c (name_to_utf8): New.
(fillup_entry_w32): Use that.
(scan_directory): Ditto.
(scan_directory) [W32]: Convert file name to utf8.
(gpgtar_create): Convert pattern.
--

Note that this works only with file names read from a file or if the
specified files on the command line are plain ascii.  When recursing
into a directory Unicode file names work again.  This limitation is
due to  main(int, char**) which can't get the wchar version.  We could
fix that but is needs a bit more work in our init code.

GnuPG-bug-id: 4083
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:38:20 +02:00
Werner Koch
364cef997c
common: Use gpgrt functions for mkdir and chdir if available
* common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
(gnupg_chdir): Divert to gpgrt_chdir
--

To avoid bumping up the build dependency on libgpg-error 1.28 we use
the gpgrt version only if at least this libgpg-error version was used
at build time.  This won't fix any bugs though and it is in general
advisable to use the latest libgpg-error.  There are actually a couple
of very useful bug fixes for Windows in the upcoming libgpg-error 1.39
but on Unix you can live without them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:37:44 +02:00
Werner Koch
bef68efd8d
common,w32: Do not assume the ANSI codepage during string conversion.
* common/utf8conv.c (get_w32_codepage): New.
(wchar_to_native): Use instead oc CP_ACP.
(native_to_wchar): Ditto.
--

This should fix quite some issue; we fixed it when using the iconv
based machinery about 14 years ago.  At some point we introduced the
new conversion functions because Windows started to support UTF-8
natively.  The fix comes late but well, it is done.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:23:05 +02:00
Werner Koch
73b0fdabdb
common: Strip trailing CR,LF from w32_strerror.
* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
arg to w32_strerror.

--

This is in particular annoying since we started to use a string
argument sanitizer in the logging code.  Before that we just add an
extra blank line.

The second patch corrects a never yet seen error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:22:01 +02:00
Werner Koch
1efe99f3d9
gpgtar: Make --files-from and --null work as described.
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names.  Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
(main): Remove tests for --files-from and --null option combinations.
Pass option variables to gpgtar_create.
--

GnuPG-bug-id: 5027
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-20 15:53:06 +02:00
Werner Koch
829bc3bc60
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:58:52 +02:00
Werner Koch
77f97eec49
doc: Describe the relation between pubring.gpg and pubring.kbx
--
GnuPG-bug-id: 4958
2020-08-20 10:16:10 +02:00
Werner Koch
a4d73b1c8e
gpg: Fix regression for non-default --passphrase-repeat option.
* agent/command.c (cmd_get_passphrase): Take care of --repeat with
--newsymkey.
--

GnuPG-bug-id: 4997
2020-08-20 09:35:58 +02:00
Werner Koch
f0f8b124f0
gpg: Ignore personal_digest_prefs for ECDSA keys.
* g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
--

GnuPG-bug-id: 5021
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-13 11:37:20 +02:00
Werner Koch
714b468538
tools: Install gpgsplit again
--

We will also set the gpgsplit from 1.4 to noninstall.

GnuPG-bug-id: 5023
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-13 11:01:58 +02:00
Werner Koch
3cf920a1e3
common: Pass the WAYLAND_DISPLAY envvar along
* common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.
--
GnuPG-bug-id: 5016

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-12 09:28:20 +02:00
Werner Koch
fdcf536f70
build: Remove expired key of David Shaw from distsigkey.gpg.
--
2020-08-06 11:27:22 +02:00
Werner Koch
9c57de75cf
sm: Also show the SHA-256 fingerprint.
* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
(list_cert_raw): Print the SHA2 fingerprint.
(list_cert_std): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: e7d70923901eeb6a2c26445aee9db7e78f6f7f3a

Here in 2.2 we keep the string "fingerprint:" and no not change it to
"sha1 fpr" as we did in master (2.3).
2020-08-04 11:15:47 +02:00
Werner Koch
b2590f2e47
tests: Improve handling of spaces in $PATH
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-04 10:20:53 +02:00
Werner Koch
e9736995c8
speedo: Tie build to libgcrypt 1.8
--

With 2.2 we want to use libgcrypt 1.8 as long as this is maintained.
This is in particular necessary for the approved GnuPG VS Desktop
release.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-04 10:14:44 +02:00
NIIBE Yutaka
8d9ce32c30 w32: More adding NETLIBS.
* common/Makefile.am (t_common_ldadd): Add $(NETLIBS).

--

Cherry-picked master commit of:
	5fa4427419c875e46d051ae6ed376d5ad6037401

GnuPG-bug-id: 4994
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-30 15:11:11 +09:00
NIIBE Yutaka
f95d923090 w32: Add link to $(NETLIB) for -lws2_32.
* dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS).
* sm/Makefile.am (gpgsm_LDADD): Ditto.
* tools/Makefile.am (gpg_wks_client_LDADD): Ditto.

--

Cherry-picked master commit of:
	d69f5570ee5e1b099e39fdf64e18add23ff5c815

GnuPG-bug-id: 4994
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-30 15:10:15 +09:00
Werner Koch
970e431305
gpg: Do not close stdout after --export-ssh-key
* g10/export.c (export_ssh_key): Do not close stdout.
--

stdout should never be closed; this fixes this minor bug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-16 11:38:40 +02:00
NIIBE Yutaka
b4cbb5f58a tools: Use internal regexp routines.
* tools/gpg-check-pattern.c: Use jimregexp.h.

--

Backport master commit of:
	7ee2a9687da9560a5d17c7046c87c2f7a6733d5c

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-15 14:19:29 +09:00
NIIBE Yutaka
1d1f2aa943 regexp: Import change from JimTcl.
* regexp/jimregexp.h, regexp/jimregexp.c: Fix from JimTcl.

--

Backport master commit of:
	91cb46d948db234be1ea8092f5db9e14294f1b79

Apply the change in JimTcl:

    commit ac35b8a6ec417f75b5ec86ca64ea1614a8170a38
    Author: Steve Bennett <steveb@workware.net.au>
    Date:   Mon May 4 20:43:46 2020 +1000

    regexp: Improved error message

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-15 14:18:47 +09:00
NIIBE Yutaka
8904b18822 regexp: Fix generation of _unicode_mapping.c.
* configure.ac (AWK_HEX_NUMBER_OPTION): Detect GNU Awk.
* regexp/Makefile.am: Use AWK_HEX_NUMBER_OPTION.
* regexp/parse-unidata.awk: Don't use strtonum.

--

Backport master commit of:
	50b320952e99ea20f9b77c6c501280fe37fd2598

GnuPG-bug-id: 4915
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-15 14:18:09 +09:00
NIIBE Yutaka
199309190a gpg: Add regular expression support.
* AUTHORS, COPYING.other: Update.
* Makefile.am (SUBDIRS): Add regexp sub directory.
* configure.ac (DISABLE_REGEX): Remove.
* g10/Makefile.am (needed_libs): Add libregexp.a.
* g10/trustdb.c: Remove DISABLE_REGEX support.
* regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
  regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
* regexp/UnicodeData.txt: New from Unicode.
* regexp/Makefile.am, regexp/parse-unidata.awk: New.
* tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
* tools/Makefile.am: Remove DISABLE_REGEX support.

--

Backport master commit of:
	ba247a114c75a84473c11c1484013b09fbb9bcd1

GnuPG-bug-id: 4843
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-15 14:16:57 +09:00
Werner Koch
c5ab1dcd54
gpgsm: Make rsaPSS a compliant scheme in de-vs mode.
--

GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 5fe3cdfc7646c2c88beb168ba34fc64f9dd2c156
2020-07-14 12:30:36 +02:00
Werner Koch
d9ea47f702
agent: Fix regression with --newsymkey in loopback mode.
* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
same as with !OPT_NEWSYMKEY.
--

In loopback mode there shall not be any repeat because the caller is
expected to do any confirmation before passing a new passphrase to
gpg.

Fixes-commit: d9e2dfa4c585de7c261fde13c18bd0f82415d6c3
as unfortunately released with 2.2.21.
GnuPG-bug-id: 4991

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-13 14:30:43 +02:00
NIIBE Yutaka
ce793fc2f8 dirmngr: Handle EAFNOSUPPORT at connect_server.
* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.

--

Cherry-pick from master commit of:
	109d16e8f644da97ed9c00e6f9010a53097f587a

GnuPG-bug-id: 4977
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-13 10:04:12 +09:00
Werner Koch
68dd4f4398
Post release updates
--
2020-07-09 13:06:32 +02:00
Werner Koch
be6fc39ed9
Release 2.2.21 gnupg-2.2.21 2020-07-09 11:55:17 +02:00
Werner Koch
211465ed63
po: Auto update
--
2020-07-09 11:37:38 +02:00
Nagy Ferenc László
ca9eb912d6
po: Minor update to the Hungarian translation
--
2020-07-09 11:36:34 +02:00
Werner Koch
3a6eaf89e0
po: Update the German translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-09 11:34:54 +02:00
Werner Koch
5cb0156504
gpg: Print a note if no args are given to --delete-key
--

It is a bit surprising that nothing happens if no key is specified to
--delete-key et al.  Although this is common Unix behaviour the use
might have expected that it behaves like --export and deletes all
keys.  Sure we don't do the latter, so a short notice will help.

GnuPG-bug-id: 4959
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-09 11:25:53 +02:00
Werner Koch
b451c4f5ea
Do not use the pinentry's qualitybar
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--

The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.

Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 16:14:43 +02:00
Werner Koch
ae8b88c635
gpg: Use integrated passphrase repeat entry also for -c.
* g10/call-agent.c (agent_get_passphrase): Add arg newsymkey.
* g10/passphrase.c (passphrase_get): Add arg newsymkey.
(passphrase_to_dek): Pass it on.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 16:13:57 +02:00
Werner Koch
d9e2dfa4c5
agent: New option --newsymkey for GET_PASSPHRASE
* agent/call-pinentry.c (do_getpin): New.
(agent_askpin): Use do_getpin.
(agent_get_passphrase): Add arg pininfo.  Use do_getpin.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
--

This new option allows to present a passphrase with the usual repeat
box as it is used by gpg-agent's internal key generation.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: eace4bbe1ded8b01f9ad52ebc1871f2fd13c3a08
2020-07-08 16:13:43 +02:00
Werner Koch
7b6071a45f
gpg: Fix flaw in symmetric algorithm selection in mixed mode.
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo.  Fix error code.
(encrypt_simple): Use setup_symkey.
--

Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion.  The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported-from-master: 6864bba78e76a1ff72aec140ae9f4e752454c463
2020-07-07 13:03:01 +02:00
NIIBE Yutaka
34c9cfd3d7 po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-07 09:39:07 +09:00
Werner Koch
4a36adaa64
sm: Exclude rsaPSS from de-vs compliance mode.
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS.  Adjust all callers.
* common/util.c (pubkey_algo_to_string): New.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg.  Add arg pkalgoflags.  Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags.  Pass algo flags along.  Change some of the
info output to be more like current master.
--
Signed-off-by: Werner Koch <wk@gnupg.org>

This backport from master
commit 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
also includes some changes taken from
commit a759fa963a42e0652134130029217270b6d5d00b
(sm: Improve readability of the data verification output.)

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-03 17:08:58 +02:00
Werner Koch
daca1a011b
dirmngr: Silence annoying warning for missing default ldap server file.
* dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent.
(main): Use that arg for the default file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-02 16:22:29 +02:00
Werner Koch
0795ab1c8f
dirmngr: Fix case handling of "ldapi" scheme.
* dirmngr/ldap-parse-uri.c (ldap_uri_p): s/'i'/'I'.
--

GnuPG-bug-id: 4758
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-02 16:05:40 +02:00
Werner Koch
ad6bf5d67f
sm: Print the serial number of a cert also in decimal.
* sm/certdump.c: Include membuf.h.
(gpgsm_print_serial_decimal): New.
* sm/keylist.c (list_cert_raw): Print s/n also in decimal
(list_cert_std): Ditto.
--

Many CA's print the serial number in decimal on their cards.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-26 15:27:51 +02:00
Werner Koch
5ade2b68db
doc: Minor enhancement for reproducibility.
* doc/Makefile.am (defsincdate): In no repo mode and with
SOURCE_DATE_EPOCH set, use that instead of blanking the date.
--

GnuPG-bug-id: 4947
2020-06-03 17:16:44 +02:00
Werner Koch
381c54179c
common: Add missing error code GPG_ERR_WRONG_NAME.
* configure.ac: Require libgpg-error 1.25.
* common/util.h: Define some extra error codes.
--

This actually defines a few more error ocdes in case they are used by
backported code.  The requirement chnaged to 1.25 because erro codes
from there are also required.

GnuPG-bug-id: 4965
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-03 10:29:18 +02:00
Werner Koch
4e3a7aa060
Prepare news for 2.2.21
--
2020-06-02 08:22:07 +02:00