summaryrefslogtreecommitdiffstats
path: root/common (follow)
Commit message (Collapse)AuthorAgeFilesLines
* scd,openpgp: Switch key attributes between RSA and ECC in writekey.Werner Koch2023-03-151-1/+4
| | | | | | | | | | | | | | * common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private keys. (pubkey_algo_string): Ditto. * scd/app-openpgp.c (do_writekey): Switch key attributes -- The scd WRITEKEY command for OpenPGP cards missed proper support to aautomagically switch key attributes based on the new key. We had this only in GENKEY. GnuPG-bug-id: 6378
* dirmngr: Distinguish between "no crl" and "crl not trusted".Werner Koch2023-03-092-1/+3
| | | | | | | | | | | | | | | | | * dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New. * dirmngr/crlcache.c (cache_isvalid): Set this status. (crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED. (crl_cache_reload_crl): Move diagnostic to ... * dirmngr/crlfetch.c (crl_fetch): here. * dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED. * dirmngr/validate.c (check_revocations): Handle new status. Improve diagnostics. * common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ. * common/audit.c (proc_type_verify): Ditto. -- This avoids repeated loading of CRLs in case of untrusted root certificates.
* gpgsm: Strip trailing zeroes from detached signatures.Werner Koch2023-03-083-3/+108
| | | | | | | | | | | | | | | | * common/ksba-io-support.c: Include tlv.h (struct reader_cb_parm_s): Add new fields. (starts_with_sequence): New. (simple_reader_cb): Handle stripping. * common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New. (gnupg_ksba_create_reader): Handle the new flag. * sm/verify.c (gpgsm_verify): Use the new flag for detached signatures. -- Note that this works only if --assume-binary is given. The use case for the feature is PDF signature checking where the PDF specs require that the detached signature is padded with zeroes.
* doc: Minor comment fixes.Werner Koch2023-02-231-1/+2
| | | | --
* gpg: Prepare to accept shorter OIDs for ed25519 and cv25519.Werner Koch2023-02-211-6/+20
| | | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add them. (oid_ed25519_v5, oid_cv25519_v5): New. (openpgp_oidbuf_is_ed25519): Take new OID in account. (openpgp_oidbuf_is_cv25519): Ditto. -- ed25519 is used in GnuPG and other implementations since 2015 and thus we can't simply switch to the shorter OIDs. However, we have not widely used them with v5 keys (only ed448 forced the use of v5) and thus it might be possible to use the new OIDs with v5 keys. Note that Libgcrypt supports the new OIDs even in 1.8.
* common: Slight redefinition of nvc_get_boolean.Werner Koch2023-01-242-6/+11
| | | | | | | | | | * common/name-value.c (nvc_get_boolean): Rewrite. -- The function may now return a positive or negative number instead of just 1 for true. All callers were already prepared for this. GnuPG-bug-id: 6212
* gpg: Replace --override-compliance-check by a real fix.Werner Koch2023-01-201-0/+4
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA. * g10/gpg.c (oOverrideComplianceCheck): Remove. (opts): Turn --override-compliance-check into a dummy option. * g10/options.h (opt): Remove override_compliance_check. * g10/sig-check.c (check_key_verify_compliance): Remove use of that option. -- The introduction of --override-compliance-check actually hid the real cause for the signature verification problem in de-vs mode for the Ed25519 key. The real fix is to handle the EdDSA algorithm in gnupg_pk_is_allowed. Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436 GnuPG-bug-id: 5655
* doc: Update copyright notices.Werner Koch2023-01-201-1/+1
| | | | | | -- Note that we now print Copyright g10 Code instead of FSF.
* common: Detect PNG and JPEG file formats.Werner Koch2023-01-191-6/+24
| | | | | | | * common/miscellaneous.c (is_file_compressed): Add detect code. -- GnuPG-bug-id: 6332
* gpg: Detect already compressed data also when using a pipe.Werner Koch2023-01-194-51/+134
| | | | | | | | | | | | | | | | | | | | | * common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature. (file_filter): Implement peeking. (iobuf_ioctl): Add new IOBUF_IOCTL_PEEK. * common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New. * common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF. * g10/encrypt.c (encrypt_simple): Peek before detecting compression. (encrypt_crypt): Ditto. * g10/sign.c (sign_file): Also detect already compressed data. * g10/options.h (opt): Add explicit_compress_option. * g10/gpg.c (main): Set opt.explicit_compress_option for -z. -- Note that this patch also introduces a compression check for signing which was never done in the past. GnuPG-bug-id: 6332
* common: Replace all assert by log_assert.Werner Koch2023-01-181-31/+31
| | | | --
* sm: Fix compliance checking for ECC signature verification.Werner Koch2023-01-122-3/+15
| | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Also consider the gcrypt vids for ECDSA et al. (gnupg_pk_is_allowed): Ditto. * sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance notice for a non-compliant key. * sm/certchain.c (gpgsm_validate_chain): Silence the "switching to chain model".
* w32: Make sure DEP is enabled.Werner Koch2023-01-111-1/+18
| | | | | | | | * common/init.c (_init_common_subsystems): Test and set the DEP Policy. -- Note that this change will now definitely require Windows XP SP3.
* common: Fix translations in --help for gpgrt < 1.47Werner Koch2022-12-161-0/+8
| | | | | * common/mapstrings.c (map_static_macro_string): Add hack. --
* tests: More fix for semihosted environment.NIIBE Yutaka2022-12-011-21/+24
| | | | | | | | | | * common/all-tests.scm: Conditionalize by *win32*. * tests/cms/Makefile.am (GPGSM): Add missing GPGSM. * tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Add EXEEXT. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests: Support semihosted environment.NIIBE Yutaka2022-12-011-3/+4
| | | | | | | | | | | | * Makefile.am (check-all): Add EXEEXT. * agent/all-tests.scm: Append EXEEXT. * common/all-tests.scm: Likewise. * g10/all-tests.scm: Likewise. * g13/all-tests.scm: Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* w32: Fix gnupg_unsetenv.NIIBE Yutaka2022-11-301-2/+11
| | | | | | | | | | | | | | | | * common/sysutils.c (gnupg_unsetenv): Don't use nonstandard extension of "NAME", but "NAME=". -- Microsoft implementation of putenv works to remove an environment variable by "NAME=". POSIX doesn't say that putenv with "NAME=" has same effect. GNU implementation doesn't support this way for removal of environment variable. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* w32: Fix gnupg_tmpfile for possible failure.NIIBE Yutaka2022-11-181-6/+3
| | | | | | | | | | | | | * common/sysutils.c (gnupg_tmpfile): Use different value for next attempt. -- The resolution of system timer is typically in the range of 10 milliseconds to 16 milliseconds. Thus, before the change, it may fail. Actually, it failed with Wine emulation. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common: Remove Windows CE support in common.NIIBE Yutaka2022-11-168-920/+5
| | | | | | | | | | | | | | | | | * common/Makefile.am (HAVE_W32CE_SYSTEM): Remove conditional build. (common_sources): Remove exechelp-w32ce.c. * common/asshelp.c [HAVE_W32CE_SYSTEM]: Remove the support. * common/common-defs.h [HAVE_W32CE_SYSTEM]: Likewise. * common/dotlock.c [HAVE_W32CE_SYSTEM]: Likewise. * common/exechelp-posix.c [HAVE_W32CE_SYSTEM]: Likewise. * common/exechelp-w32.c [HAVE_W32CE_SYSTEM]: Likewise. * common/gettime.c [HAVE_W32CE_SYSTEM]: Likewise. * common/exechelp-w32ce.c: Remove. * po/POTFILES.in: Update to remove common/exechelp-w32ce.c. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument.NIIBE Yutaka2022-10-204-14/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (do_exec): Remove PREEXEC argument. (gnupg_spawn_process): Likewise. (gnupg_spawn_process_fd): Follow the change of do_exec. (gnupg_spawn_process_detached): Likewise. * common/exechelp-w32.c (gnupg_spawn_process): Remove PREEXEC. * common/exechelp.h (gnupg_spawn_process): Remove PREEXEC. * agent/genkey.c (do_check_passphrase_pattern): Follow the change. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * tests/gpgscm/ffi.c (do_spawn_process): Likewise. * tools/gpgconf-comp.c (gc_component_check_options): Likewise. (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- PREEXEC is not portable feature and it's not used. GnuPG-bug-id: 6249 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common,w32: Fix struct stat on Windows.NIIBE Yutaka2022-10-141-1/+11
| | | | | | | | | | * common/sysutils.c [HAVE_W32_SYSTEM] (gnupg_stat): Select appropriate structure. -- GnuPG-bug-id: 5897 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common: Don't use FD2INT for POSIX-only code.NIIBE Yutaka2022-10-141-1/+1
| | | | | | | | * common/iobuf.c [!HAVE_W32_SYSTEM] (iobuf_get_filelength): Use fp. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common: Protect against a theoretical integer overflow in tlv.cWerner Koch2022-10-071-0/+5
| | | | | | | | * common/tlv.c (parse_ber_header): Protect agains integer overflow. -- Although there is no concrete case where we use the (nhdr + length), it is better to protect against this already here.
* gpg: Fix assertion failure due to errors in encrypt_filter.Werner Koch2022-09-291-4/+4
| | | | | | | | | | | | | | | * common/iobuf.c (iobuf_copy): Use log_assert. Explicitly cast error return value. * g10/build-packet.c (do_plaintext): Check for iobuf_copy error. * g10/encrypt.c (encrypt_filter): Immediately set header_okay. -- The second fix avoids repeated error message about non-compliant keys. Updates-commit: a51067a21f688086bd8e44234a88ae367582cc76 Ported-from: aa0c942521d89f4f0aac90bacaf8a7a7cefc88d8 GnuPG-bug-id: 6174
* tests: Restrict the use of gpgconf.ctl to make check.Werner Koch2022-09-141-1/+29
| | | | | | | | | | | | | | | | | | | * common/homedir.c (unix_rootdir): Add ".enable" statement to gpgconf.ctl * tests/gpgconf.ctl.in: Use this statement. * tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Enable .enable. (TESTS_ENVIRONMENT): Ditto. * tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/migrations/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto. -- Without that it was required to delete the gpgconf.ctl to run manual tests. What a hack.
* common: Fix for GPG_ERR_SOURCE_DEFAULT check.NIIBE Yutaka2022-09-141-2/+0
| | | | | | | | | * common/init.h: Remove GPG_ERR_SOURCE_UNKNOWN check. -- GnuPG-bug-id: 6200 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common: Fix t-recsel.NIIBE Yutaka2022-09-141-2/+0
| | | | | | | | | * common/t-recsel.c (main): Don't need to call init_common_subsystems. -- GnuPG-bug-id: 6200 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg,common,scd,sm: Function prototype fixes for modern compiler.NIIBE Yutaka2022-09-133-4/+4
| | | | | | | | | | | | | | | | | | | | | | * common/gettime.c (gnupg_get_time): It has no arguments. * common/signal.c (gnupg_block_all_signals): Likewise. (gnupg_unblock_all_signals): Likewise. * common/utf8conv.c (get_native_charset): Likewise. * g10/cpr.c (is_status_enabled, cpr_enabled): Likewise. * g10/getkey.c (getkey_disable_caches): Likewise. * g10/keygen.c (ask_expiredate): Likewise. * g10/passphrase.c (have_static_passphrase): Likewise. (get_last_passphrase): Likewise. * g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise. (tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise. (tdbio_read_nextcheck): Likewise. * g10/trustdb.c (how_to_fix_the_trustdb): Likewise. * scd/scdaemon.c (scd_get_socket_name): Likewise. * sm/passphrase.c (have_static_passphrase): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Revert "common: Add a default OpenPGP ECC mapping."Ingo Klöcker2022-09-091-1/+0
| | | | | | | | This reverts commit 8e63e813c7404e1dae1def98e0f45d148f71082d. The change broke adding existing ECDH encryption subkeys to a key. GnuPG-bug-id: 5555
* common: Fix to determine ECC curve for SSH.NIIBE Yutaka2022-09-061-3/+3
| | | | | | | | | | | | * common/ssh-utils.c (ssh_public_key_in_base64): Use standard name for ECC curve. -- See oidtable in common/openpgp-oid.c. Fixes-commit: 8e650dbd48fa5fde6d8f08154e6a892d495e9227 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common: Make nvc_lookup more robust.Werner Koch2022-09-011-1/+12
| | | | | | | | * common/name-value.c (nvc_first): Allow for NULL arg. (nvc_lookup): Allow for PK being NULL. -- GnuPG-bug-id: 6176
* common: New common option no-autostart.Werner Koch2022-08-224-1/+12
| | | | | | | | | | | | | | | | | | | | * common/comopt.c (opts): Add "no-autostart". (parse_comopt): Set it. * common/comopt.h (comopt): Add no_autostart. * g10/gpg.c (main): Take care of the new option. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add. (main): Parse common options and handle new option. * tools/gpg-card.c (main): Ditto. (cmd_yubikey): Fix minor error reporting issue. * common/util.h (GNUPG_MODULE_NAME_CARD): New const. * common/homedir.c (gnupg_module_name): Support it. -- Having a global option makes it easier to use disable autostart on a server which is required to use a remote gpg-agent reliable.
* common: New function nvc_get_boolean.Werner Koch2022-08-112-0/+25
| | | | * common/name-value.c (nvc_get_boolean): New.
* common: Silence warnings from AllowSetForegroundWindow.Werner Koch2022-08-031-2/+6
| | | | | * common/sysutils.c (gnupg_allow_set_foregound_window): Print warning only with debug flag set.
* gpgconf: Improve registry dumping.Werner Koch2022-08-023-6/+20
| | | | | | | | | | | | * common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and change all callers. (show_configs): Indicate whether the HKLM fallback was used. * tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin Registry key. Indicate whether the HKLM fallback was used. -- Note that this is backport from 2.2. The new support there for REG_DWORD needs to be implemented in libgpg-error, though.
* common: Add a default OpenPGP ECC mapping.Werner Koch2022-08-011-0/+1
| | | | | | | | * common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map ECC to ECDSA which is similar to what we do at opther places in gpg. -- GnuPG-bug-id: 5555
* agent,gpg,tools: Fix use of log_get_fd.NIIBE Yutaka2022-06-221-2/+0
| | | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): Don't put file descriptor from log_get_fd to no_close_list. * agent/call-pinentry.c (start_pinentry): Likewise. * common/call-gpg.c (start_gpg): Likewise. * call-syshelp.c (start_syshelp): Likewise. * tools/gpg-connect-agent.c (main): Likewise. -- GnuPG-bug-id: 5921 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common: New function parse_compatibility_flags.Werner Koch2022-06-132-0/+89
| | | | | | | | | | * common/miscellaneous.c (parse_compatibility_flags): New. * common/util.h (struct compatibility_flags_s): New. -- This is similar to parse_debug_flags but does not support specifying a value. This way we can more easily change the internal values or re-use them for other purposes.
* common,w32: Use LoadLibraryEx to fix a warning in mingw.Werner Koch2022-06-031-13/+2
| | | | | | | | | * common/dynload.h (dlopen): Use LoadLibraryEx and remove Windows CE support. -- Mingw's libloadapi.h has no prototype for LoadLibrary. Thus we use LoadLibraryEx which is available Since Windows XP.
* w32: Allow Unicode filenames for iobuf_cancel.Werner Koch2022-06-032-3/+20
| | | | | | | | | * common/iobuf.c (iobuf_cancel): Use gnupg_remove * common/mischelp.c (same_file_p): Allow for Unicode names. -- Note that the second patch is used to handle Unicode filenames which are symbolic links.
* Remove remaining support for WindowsCEWerner Koch2022-06-0311-282/+22
| | | | --
* scd:openpgp: Fix a segv for cards supporting unknown curves.Werner Koch2022-05-051-2/+2
| | | | | | | * common/openpgp-oid.c (get_keyalgo_string): Do not strdup NULL. -- GnuPG-bug-id: 5963
* common:iobuf: Exclude cases with IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP.NIIBE Yutaka2022-04-251-4/+7
| | | | | | | | | | * common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP. (iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP. -- GnuPG-bug-id: 5941 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests: Fix warning in common/t-ssh-utils.cWerner Koch2022-04-141-1/+0
| | | | | | | | * common/t-ssh-utils.c (main): Remove continue. -- Obvious c+p bug. Fixes-commit: 5e508ffcab185eb8149e2fb2833ce15820140368
* tests: Fix common/t-ssh-utils.NIIBE Yutaka2022-04-141-6/+10
| | | | | | | | * common/t-ssh-utils.c (main): Accept an error with MD5 in_fips_mode. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests: Honor FIPS modeJakub Jelen2022-04-141-11/+47
| | | | | | | | | | * common/t-ssh-utils.c (FLAGS_NOFIPS): New. (sample_keys): Add flags member. (main): Detect if libgcrypt is in FIPS mode, try SHA256 fingerprints first and expect the MD5 ones will fail. -- Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* sm: Print diagnostic about CRL problems due to Tor mode.Werner Koch2022-04-111-0/+4
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlfetch.c (crl_fetch, crl_fetch_default) (ca_cert_fetch, start_cert_fetch): Factor Tor error out to ... (no_crl_due_to_tor): new. Print status note. * dirmngr/ks-engine-ldap.c (ks_ldap_get) (ks_ldap_search, ks_ldap_put): Factor Tor error out to ... (no_ldap_due_to_tor): new. Print status note. * dirmngr/ocsp.c (do_ocsp_request): Print status note. * sm/misc.c (gpgsm_print_further_info): New. * sm/call-dirmngr.c (warning_and_note_printer): New. (isvalid_status_cb): Call it. (lookup_status_cb): Ditto. (run_command_status_cb): Ditto. * common/asshelp2.c (vprint_assuan_status): Strip a possible trailing LF. --
* w32: Exclude tests with HOME.NIIBE Yutaka2022-04-061-0/+4
| | | | | | | | | * common/t-session-env.c [HAVE_W32_SYSTEM] (test_all): HOME is not defined, so, exclude the tests. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* w32: Fix for make check.NIIBE Yutaka2022-04-062-4/+11
| | | | | | | | | | | | | | * common/Makefile.am (module_tests): Exclude t-exechelp and t-exectool. * common/t-stringhelp.c (mygetcwd): Convert '\' to '/'. * tests/cms/Makefile.am: Add $(EXEEXT). * tests/gpgme/Makefile.am: Likewise. * tests/migrations/Makefile.am: Likewise. * tests/openpgp/Makefile.am: Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common,w32: Fix handle_to_fd to match use of _open_osfhandle.NIIBE Yutaka2022-03-301-6/+5
| | | | | | | | | | | | * common/exechelp-w32.c (handle_to_fd): Use intptr_t. (gnupg_wait_processes): Fix to use pid_to_handle. -- Both of original MinGW and MinGW-W64 use intptr_t for the first argument of _open_osfhandle. So, intptr_t is better here. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 22:47:22 +0100