1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10362 Commits

Author SHA1 Message Date
Werner Koch
685acf650a
build: Also cleanup generated html file in a make distcheck
* doc/Makefile.am (myman_pages): Add gpg and gpgv.
(USE_GPG2_HACK): Remove conditional.
(myhtmlman_pages): New.
(DISTCLEANFILES): Add html pages.
--
2024-09-19 13:20:47 +02:00
Werner Koch
b8ddffead5
doc: Updated comments in speedo.mk
--
2024-09-19 13:19:07 +02:00
NIIBE Yutaka
a17584d000
gpg: Fix getting key by IPGP.
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key.

--

GnuPG-bug-id: 7288
Reported-by: Wilfried Teiken
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:18:56 +02:00
Werner Koch
178c3fe62c
gpg: Improve detection of input data read errors.
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--

Fixes-commit: 2fdb950471bd36f046672254ff26ca94797cc9f1
GnuPG-bug-id: 6528

The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
2024-09-19 13:18:20 +02:00
Werner Koch
e16728f3d6
gpg: Make --no-literal work again for -c and --store.
* g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy.
(enarmor_file): Ditto.
* g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy
(encrypt_crypt): Use iobuf_copy.
--

Fixes-commit: 756c0bd5d89bd0a773f844fbc2ec508c1a36c63d
GnuPG-bug-id: 5852
2024-09-19 13:15:34 +02:00
Werner Koch
0f0c59d6ff
gpg: remove workaround for Libgcrypt < 1.8.6
* g10/free-packet.c (is_mpi_copy_broken): Remove.
2024-09-19 13:12:41 +02:00
Werner Koch
e8598390be
gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--

This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.

Fixes-commit: 122803bf1ac9ee720d9fc214f5ae5c2a0ec22bf5
GnuPG-bug-id: 7042
2024-09-19 10:02:29 +02:00
Werner Koch
6ff13380a2
agent: Fix detection of the trustflag de-vs.
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--

Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f
GnuPG-bug-Id: 5079
2024-09-17 13:39:52 +02:00
NIIBE Yutaka
730593affa
common:w32: Don't expose unused functions.
* common/exechelp.h [HAVE_W32_SYSTEM] (get_max_fds): Don't expose.
(close_all_fds, get_all_open_fds): Likewise.
* common/exechelp-w32.c: Don't expose unused functions.

--

GnuPG-bug-id: 7293
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-17 09:24:41 +09:00
Werner Koch
54e06273c0
gpgsm: New option --assert-signer
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--

GnuPG-bug-id: 7286
2024-09-13 16:37:37 +02:00
Werner Koch
f7f939234b
gpgconf: Add missing linefeed to the -X output.
* tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.
2024-09-03 11:16:48 +02:00
NIIBE Yutaka
5a1bf7e552
agent: Fix KEYTOCARD for the use case with loopback pinentry.
* agent/command.c (cmd_keytocard): Copy LINE.

--

GnuPG-bug-id: 7283
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-03 11:13:20 +02:00
Werner Koch
1ea66b6df3
doc: Explain why we use D-Lines for keyboxd communication.
--
2024-08-28 10:11:39 +02:00
Werner Koch
cb739bb2a5
gpg: New option --proc-all-sigs
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (check_sig_and_print): Do not stop signature checking
if this new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
Backported-from-master: 1eb382fb1f431575872b47dc160807858b7df3e5
2024-08-23 11:46:06 +02:00
Werner Koch
92667aa8c2
gpg: Warn if a keyring is specified along with --use-keyboxd.
* g10/gpg.c (main): Print the warning.
--
GnuPG-bug-id: 7265
2024-08-23 09:20:58 +02:00
Werner Koch
c884e22140
gpg: Minor fix when building with --disable-exec
* g10/photoid.c (show_photo): No return for a void function.
--

GnuPG-bug-id: 7256
2024-08-19 10:32:33 +02:00
Werner Koch
1af3c09831
gpg: Improve decryption diagnostic for an ADSK key.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used.  Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--

This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
  "oops: public key not found for preference check\n"
  due to ADSK keys.  The error is mostly harmless but lets gpg return
  with an exit code of 2.

Backported-from-master: 6fa4d7973db34d118b7735d5a3d1aa8cc4412f46
2024-08-12 15:05:44 +02:00
Werner Koch
6fa4d7973d
agent: When diverting to a card show the name of unsupported algos.
* agent/divert-scd.c (divert_pkdecrypt): Improve error message.
2024-08-12 15:03:40 +02:00
Werner Koch
5d8bc309c7
doc: Explain that sort-sigs has no effect in colon mode.
--
2024-08-12 15:03:17 +02:00
Andre Heinecke
6878634c25
speedo,w32: Update libassuan dll name in wxs
* build-aux/speedo/w32/wixlib.wxs: Update name and UID for
libassuan
2024-08-12 15:02:24 +02:00
Daniel Cerqueira
4349855bd3
po: Update pt.po
--

Here is the Git patch of the updated GnuPG pt.po translation.

From d05a67bc357752ab64521a34bdd4bb461998d78d Mon Sep 17 00:00:00 2001
From: Daniel Cerqueira <dan.git@lispclub.com>
Date: Fri, 2 Aug 2024 14:21:47 +0100
Subject: [PATCH GnuPG] po: Update Portuguese Translation.

Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>

Backported-from-master: d73beb5398c6052ff0c091903d0bd6990bd69dc7
(I hope that I did not break too much)
2024-08-12 15:01:32 +02:00
Werner Koch
3a28da61ae
sm: More improvements for PKCS#12 parsing for latest IVBB changes.
* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
(tlv_parser_new): New macro.  Rename function with an underscore.
(tlv_next_with_flag): New.
* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
Add fields crammed, lasttlv, and origoff.  Remove bufferlist ands ist
definition.
(dump_to_file): New but disabled debug helper.
(parse_tag): Print more info on error.
(_tlv_parser_new): Add args lasttlv and LNO.  Take a copy of the data.
(_tlv_parser_release): Free the copy of the buffer and return the
recorded TLV object from tlv_parser_new.
(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
(_tlv_push): Record crammed length.
(_tlv_pop): Restore crammed length.
(_tlv_parser_next): Add arg flags.  More debug output.  Handle cramming
here.  Take care of cramming here.
(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
(tlv_expect_octet_string): Remove arg encapsulates.  Adjust for
changes in _tlv_parser_next.  Change all allers.
(tlv_expect_null): New.
(cram_octet_string): Rewrite.
(need_octet_string_cramming): Remove.

* sm/minip12.c (dump_to_file): New.  Enablein debug mode and if a
envvar ist set.  Replace all explict but disabled dumping to call this
function.
(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
optional SET by non-peeking code.
(parse_cert_bag): Ditto.
(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
enable the Mozilla workaround.
(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
tlv_parser_release semantics.
(parse_shrouded_key_bag): Ditto.
(parse_shrouded_key_bag): Create a new context instead of using the
former encapsulated mechanism for tlv_expect_octet_string.
(parse_bag_data): Ditto.
(p12_parse): Ditto.
--

GnuPG-bug-id: 7213

Fixing this took way too long; I should have earlier explained the
code to a co-hacker to find the problem myself in my code by this.

Backported-from-master: 690fd61a0cf2b4b51ee64811656692eb644d2918
2024-08-07 10:22:01 +02:00
Werner Koch
e4298d5684
scd: New getinfo subcommand "manufacturer"
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--

Example:

  $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
  D Magrathea
  OK
2024-08-07 10:20:21 +02:00
Werner Koch
b614309876
scd: New getinfo subcommand "dump_state".
* scd/command.c (cmd_getinfo): Add subcommand.  Always init CTRL for
simplicity.
--

A state dump looks like

  app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1
  app_dump_state:   app=0x00007f1b38018100 type='openpgp'
  app_dump_state:   app=0x00007f1b3800cb70 type='piv'
  app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0
  app_dump_state:   app=0x00007f1b38016fc0 type='openpgp'

and can also be triggered by a SIGUSR1.  This explicit command allows
to dump the state also on Windows.  Use for example

  gpg-connect-agent 'scd getinfo dump_state' /bye
2024-08-07 10:20:19 +02:00
Werner Koch
658a139d68
doc: Fix URL to the OpenPGP card specs
--
2024-08-07 10:20:12 +02:00
Werner Koch
5d3f3c8076
speedo,w32: Also sign the new libassuan SO name.
--
2024-07-01 17:25:32 +02:00
Werner Koch
5d3995b16b
speedo,w32: Add extra flags for gpgrt and fix SO name of libassuan.
--

Due to the recently introduced use of STARTUPINFOEXW in gpgrt we now
need at least Windows Vista.  Version 8 of Mingw defaults to XP SP2
which requires us to explicit override that default.

The SO number of libassuan needs an update too.
2024-07-01 16:59:38 +02:00
Werner Koch
83ede262b7
Update NEWS
--
2024-07-01 15:48:28 +02:00
Werner Koch
4d901904d7
gpgconf: Allow listing of some new options
--

Also one old option.

GnuPG-bug-id: 6882
(cherry picked from commit df977729ff3879fdeab7bce339b95ee3fd8ecc42)
2024-07-01 15:47:37 +02:00
Werner Koch
3765b42383
sm: Emit user IDs in colon mode even if the Subject is empty.
* sm/keylist.c (list_cert_colon): Rework listing of user IDs.
--

Only in colon mode this did not work.  Note that an updated libksba is
anyway required to parse a certificate with an empty Subject.

GnuPG-bug-id: 7171
(cherry picked from commit 1067e544c29d652f6f19e47ed2d563e570611e43)
2024-07-01 15:12:09 +02:00
Werner Koch
dc9a52cb4e
agent: Silence debug output from the PIN caching.
* agent/call-scd.c (handle_pincache_put): Use log_debug only in cache
debug mode.

(cherry picked from commit fee890a2ab7f0baeb6575418ffcac0d695411e50)
2024-07-01 15:07:37 +02:00
Werner Koch
ce75af47eb
gpg: Add magic parameter "default" to --quick-add-adsk.
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--

GnuPG-bug-id: 6882
(cherry picked from commit 77afc9ee1c75a28083edf6d98888f9b472c3e39d)
2024-07-01 15:07:03 +02:00
Werner Koch
222045d850
gpg: Print designated revokers also in a standard listing.
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--

Designated revokers were only printed in --with-colons mode.  For
quick inspection of a key it is useful to see them right away.

(cherry picked from commit 9d618d1273120ca2cca97028730352768b0c1897)
2024-07-01 15:01:50 +02:00
Werner Koch
330354972a
gpg: Autoload designated revoker key and ADSK when needed.
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--

The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.

GnuPG-bug-id: 7133
(cherry picked from commit 465ea9116d1f9467814143ed35b515034a849e86)
2024-07-01 15:01:14 +02:00
Werner Koch
c6cecbd89a
gpg: New option --default-new-key-adsk.
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
(cherry picked from commit ed118e2ed521d82c1be7765a0a19d5b4f19afe10)
2024-07-01 15:00:16 +02:00
Werner Koch
28dd05a079
common: New function tokenize_to_strlist.
* common/strlist.c (append_to_strlist_try): Factor code out to ...
(do_append_to_strlist): new.
(tokenize_to_strlist): New.

* common/t-strlist.c (test_tokenize_to_strlist): New.

(cherry picked from commit d2dca58338a4936b293c3ec6be4572d0e74b6a0d)
2024-07-01 14:58:42 +02:00
Werner Koch
6551281ca3
gpg: Implement the LDAP AKL method.
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove.  It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--

The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.

(cherry picked from commit 068ebb6f1eee37d31f5ffb44b7f8069d9ca3f7b8)
2024-07-01 14:48:48 +02:00
NIIBE Yutaka
5746c944cd
agent: Require use of "SCD DEVINFO --watch" command with socket.
* agent/call-scd.c (agent_card_devinfo): Check if client connects
by a socket.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit c4ff9c5def1aaf76f7cec82d9aa7e5cb1b77f044)
2024-07-01 14:38:51 +02:00
NIIBE Yutaka
81fc7b291e
agent: Initialize thread_startup.fd for pipe connection.
* agent/gpg-agent.c (main): Let it have defined value.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 14400b2fb3d4e97307799325bb8f704476ce6354)
2024-07-01 14:38:50 +02:00
Werner Koch
0ed8e9ae3e
agent: Handle SCD DEVINFO --watch command in a special way.
* agent/call-scd.c (devinfo_watch_thread): New.
(agent_card_devinfo): New.
(agent_card_scd): Call agent_card_devinfo when it's
DEVINFO_WATCH_COMMAND.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit b3f1f2cd192b71f2c19ec6f871ece0c175d46db0)
2024-07-01 14:38:46 +02:00
NIIBE Yutaka
fd9872295b
agent:daemon: Add an argument to specify requiring socket connection.
* agent/agent.h (daemon_start): Add REQ_SOCK argument.
* agent/call-daemon.c (daemon_start): Support specifying a socket
connection.
* agent/call-scd.c (start_scd): Connection don't care.
* agent/call-tpm2d.c (start_tpm2d): Likewise.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 5d980802acb3e385c6d2a10e8b3ae95d362da953)
2024-07-01 14:17:09 +02:00
NIIBE Yutaka
59e785b543
scd: Restrict use of DEVINFO --watch command for socket connection.
* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d98521b934ec6a5abb0ad18e39a26009a8806c52)
2024-07-01 14:16:48 +02:00
NIIBE Yutaka
6996e5f6ff
scd: Finish DEVINFO --watch command on input close.
* scd/app.c (card_list_signal): Use pipe on POSIX system, event on
Windows.
(card_list_wait): Detect input change as well as card list event
change.
(app_send_devinfo): Finish the command on input close.
(initialize_module_command): Initialize pipe or event.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 36d8cffc6cd2838e7cb439c566fdd2b3dd076c15)
2024-07-01 14:16:18 +02:00
NIIBE Yutaka
fc732131a1
scd: Factor out scd_init_event function.
* scd/scdaemon.c (scd_init_event): New.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 9aa6faaf10cf6739b0ddf5b42b6181a5c2a0000c)
2024-07-01 14:15:39 +02:00
NIIBE Yutaka
e94f793ebf
Fix the previous commit.
* scd/scdaemon.c (start_connection_thread): Recover call of
scd_command_handler.

--

GnuPG-bug-id: 7160
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 9bc3f2ad52ce527a3eb1a713eef3268affa0697e)
2024-07-01 14:14:59 +02:00
NIIBE Yutaka
70bb9c5127
scd: Fix how scdaemon pipe server finishes.
* scd/scdaemon.h (scd_command_handler): Fix the return type.
* scd/command.c (scd_command_handler): Not return a value.
* scd/scdaemon.c (pipe_server): Make it auto variable in main.
(main): Use auto PIPE_SERVER variable.
(start_connection_thread): When it's a pipe connection and it
finishes, let the service shutdown.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 01fa318be0f8ca60c78d99403fbfb75edb521b16)
2024-07-01 14:14:49 +02:00
NIIBE Yutaka
76066d71f4
agent: Clean up for scdaemon handling.
* agent/call-daemon.c (struct daemon_local_s): Remove G field.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 55559c8b66ff495fa7102d1f856cb2c00b76efbd)
2024-07-01 14:13:51 +02:00
NIIBE Yutaka
c868d23f61
agent: Fix a race condition which results accessing finished scd.
* agent/call-daemon.c (daemon_start): Decision of connection/reuse of
CTX and assignment to ->ctx should be done with the lock.

--

When scdaemon is exiting and agent tries to spawn/connect/reconnect,
there is a race condition between detecting finish of scd and
spawn/connect/reconnect.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 563bfbb0be4ebbc85bc56426541f666839e6aa13)
2024-07-01 14:13:10 +02:00
Werner Koch
a564a9f66c
gpg-mail-tube: New utility.
* tools/gpg-mail-tube.c: New.
* tools/Makefile.am: Add it.
--

Backported-from-master: 28a080bc9f9478f63a7edffa420512eaed3555ff

We had to use the old spawn interface from gnupg-2.4 here.
2024-07-01 12:16:12 +02:00
Werner Koch
2130760904
tools: New support functions for the mail parser.
* tools/rfc822parse.h (RFC822PARSE_HEADER_SEEN): New.
* tools/rfc822parse.c (rfc822_cmp_header_name): New.
(insert_header): Run header seen callback.
(rfc822parse_last_header_line): New.
(rfc822_free): New.
* tools/wks-receive.c (t2body): Use it here.
* tools/mime-parser.c (parse_message_cb): and here.
---

Backported-from-master: 675b12ddd8ca742314d96a02bc95b837841070fb
2024-07-01 10:50:18 +02:00