Imported Upstream version 2.3.4upstream/2.3.4

author: DongHun Kwak <dh0128.kwak@samsung.com> 2022-09-16 07:45:26 +0900
committer: DongHun Kwak <dh0128.kwak@samsung.com> 2022-09-16 07:45:26 +0900
commit: fee00cee1bbe0de698f4969528e8d607b8992871 (patch)
tree: b06e2154d45b31e5a3e8178283c71c2c1630e2c6 /common
parent: 4497851adccf3cd3a801797b36bacc8d6f0920f0 (diff)
download: gpg2-fee00cee1bbe0de698f4969528e8d607b8992871.tar.gz
gpg2-fee00cee1bbe0de698f4969528e8d607b8992871.tar.bz2
gpg2-fee00cee1bbe0de698f4969528e8d607b8992871.zip
14 files changed, 137 insertions, 197 deletions
diff --git a/common/Makefile.in b/common/Makefile.in
index 3e49c78..9b4355b 100644
--- a/common/Makefile.in
+++ b/common/Makefile.in
@@ -168,8 +168,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \
 	$(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \
 	$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
 	$(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \
-	$(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \
-	$(top_srcdir)/configure.ac
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
@@ -789,7 +788,6 @@ STRIP = @STRIP@
 SWTPM = @SWTPM@
 SWTPM_IOCTL = @SWTPM_IOCTL@
 SYSROOT = @SYSROOT@
-SYS_SOCKET_H = @SYS_SOCKET_H@
 TPMSERVER = @TPMSERVER@
 TSSSTARTUP = @TSSSTARTUP@
 TSS_INCLUDE = @TSS_INCLUDE@
diff --git a/common/compliance.c b/common/compliance.c
index 6c2fcd5..33a19fe 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -40,6 +40,10 @@
 static int initialized;
 static int module;
 
+/* This value is used by DSA and RSA checks in addition to the hard
+ * coded length checks.  It allows to increase the required key length
+ * using a confue file.  */
+static unsigned int min_compliant_rsa_length;
 
 /* Return the address of a compliance cache variable for COMPLIANCE.
  * If no such variable exists NULL is returned.  FOR_RNG returns the
@@ -176,9 +180,10 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
           break;
 
         case is_rsa:
-          result = (keylength == 2048
-                    || keylength == 3072
-                    || keylength == 4096);
+          result = ((keylength == 2048
+                     || keylength == 3072
+                     || keylength == 4096)
+                    && keylength >= min_compliant_rsa_length);
           /* Although rsaPSS was not part of the original evaluation
            * we got word that we can claim compliance.  */
           (void)algo_flags;
@@ -190,7 +195,8 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
 	      size_t P = gcry_mpi_get_nbits (key[0]);
 	      size_t Q = gcry_mpi_get_nbits (key[1]);
 	      result = (Q == 256
-			&& (P == 2048 || P == 3072));
+			&& (P == 2048 || P == 3072)
+                        && P >= min_compliant_rsa_length);
 	    }
 	  break;
 
@@ -256,9 +262,10 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
               break;
 	    case PK_USE_ENCRYPTION:
 	    case PK_USE_SIGNING:
-	      result = (keylength == 2048
-                        || keylength == 3072
-                        || keylength == 4096);
+	      result = ((keylength == 2048
+                         || keylength == 3072
+                         || keylength == 4096)
+                        && keylength >= min_compliant_rsa_length);
               break;
 	    default:
 	      log_assert (!"reached");
@@ -273,7 +280,9 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
 	    {
 	      size_t P = gcry_mpi_get_nbits (key[0]);
 	      size_t Q = gcry_mpi_get_nbits (key[1]);
-	      result = (Q == 256 && (P == 2048 || P == 3072));
+	      result = (Q == 256
+                        && (P == 2048 || P == 3072)
+                        && keylength >= min_compliant_rsa_length);
             }
           break;
 
@@ -679,3 +688,11 @@ gnupg_compliance_option_string (enum gnupg_compliance_mode compliance)
 
   log_assert (!"invalid compliance mode");
 }
+
+
+/* Set additional infos for example taken from config files at startup.  */
+void
+gnupg_set_compliance_extra_info (unsigned int min_rsa)
+{
+  min_compliant_rsa_length = min_rsa;
+}
diff --git a/common/compliance.h b/common/compliance.h
index 2f70392..455efa5 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -91,5 +91,7 @@ int gnupg_parse_compliance_option (const char *string,
 const char *gnupg_compliance_option_string (enum gnupg_compliance_mode
                                             compliance);
 
+void gnupg_set_compliance_extra_info (unsigned int min_rsa);
+
 
 #endif /*GNUPG_COMMON_COMPLIANCE_H*/
diff --git a/common/dynload.h b/common/dynload.h
index 54a47b2..f6ec875 100644
--- a/common/dynload.h
+++ b/common/dynload.h
@@ -34,7 +34,9 @@
 #ifndef __MINGW32__
 # include <dlfcn.h>
 #else
-# include <windows.h>
+# include <errhandlingapi.h>
+# include <handleapi.h>
+# include <libloaderapi.h>
 # include "utf8conv.h"
 # include "mischelp.h"
 # define RTLD_LAZY 0
diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
index 92be5cd..dee96f5 100644
--- a/common/exechelp-w32.c
+++ b/common/exechelp-w32.c
@@ -65,6 +65,8 @@
 #include "sysutils.h"
 #include "exechelp.h"
 
+#include <windows.h>
+
 /* Define to 1 do enable debugging.  */
 #define DEBUG_W32_SPAWN 0
 
diff --git a/common/gettime.c b/common/gettime.c
index 03c152f..cbf2436 100644
--- a/common/gettime.c
+++ b/common/gettime.c
@@ -42,6 +42,10 @@
 #include "i18n.h"
 #include "gettime.h"
 
+#ifdef HAVE_W32_SYSTEM
+#include <windows.h>
+#endif
+
 #ifdef HAVE_UNSIGNED_TIME_T
 # define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1))
 #else
diff --git a/common/homedir.c b/common/homedir.c
index 455c188..174d961 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -68,7 +68,11 @@
  * text was read.  */
 #if __linux__
 # define MYPROC_SELF_EXE "/proc/self/exe"
-#else /* Assume *BSD*/
+#elif defined(__NetBSD__)
+# define MYPROC_SELF_EXE "/proc/curproc/exe"
+#elif defined(__illumos__) || defined(__sun)
+# define MYPROC_SELF_EXE "/proc/self/path/a.out"
+#else /* Assume other BSDs */
 # define MYPROC_SELF_EXE "/proc/curproc/file"
 #endif
 
@@ -495,13 +499,13 @@ unix_rootdir (int want_sysconfdir)
           if (nread < 0)
             {
               err = gpg_error_from_syserror ();
-              log_info ("error reading symlink '%s': %s\n",
-                        MYPROC_SELF_EXE, gpg_strerror (err));
               buffer[0] = 0;
               if ((name = getenv ("GNUPG_BUILD_ROOT")) && *name == '/')
                 {
                   /* Try a fallback for systems w/o a supported /proc
-                   * file system.  */
+                   * file system if we are running a regression test.  */
+                  log_info ("error reading symlink '%s': %s\n",
+                            MYPROC_SELF_EXE, gpg_strerror (err));
                   xfree  (buffer);
                   buffer = xstrconcat (name, "/bin/gpgconf", NULL);
                   log_info ("trying fallback '%s'\n", buffer);
@@ -632,6 +636,8 @@ unix_rootdir (int want_sysconfdir)
           es_fclose (fp);
           xfree (buffer);
           xfree (line);
+          xfree (rootdir);
+          xfree (sysconfdir);
           checked = 1;
           return NULL;
         }
diff --git a/common/init.c b/common/init.c
index 7b6b4ae..b9f05f3 100644
--- a/common/init.c
+++ b/common/init.c
@@ -208,8 +208,14 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp)
   gettext_use_utf8 (1);
   if (!SetConsoleCP (CP_UTF8) || !SetConsoleOutputCP (CP_UTF8))
     {
-      log_info ("SetConsoleCP failed: %s\n", w32_strerror (-1));
-      log_info ("Warning: Garbled console data possible\n");
+      /* Don't show the error if the program does not have a console.
+       * This is for example the case for daemons.  */
+      int rc = GetLastError ();
+      if (rc != ERROR_INVALID_HANDLE)
+        {
+          log_info ("SetConsoleCP failed: %s\n", w32_strerror (rc));
+          log_info ("Warning: Garbled console data possible\n");
+        }
     }
 #endif
 
diff --git a/common/membuf.c b/common/membuf.c
index 009fbc3..60491b5 100644
--- a/common/membuf.c
+++ b/common/membuf.c
@@ -231,3 +231,15 @@ peek_membuf (membuf_t *mb, size_t *len)
     *len = mb->len;
   return p;
 }
+
+/* To assist using membuf with function returning an error, this
+ * function sets the membuf into the error state.  */
+void
+set_membuf_err (membuf_t *mb, gpg_error_t err)
+{
+  if (!mb->out_of_core)
+    {
+      int myerr = gpg_err_code_to_errno (gpg_err_code (err));
+      mb->out_of_core = myerr? myerr : EINVAL;
+    }
+}
diff --git a/common/membuf.h b/common/membuf.h
index 1497bcd..4b2be1a 100644
--- a/common/membuf.h
+++ b/common/membuf.h
@@ -60,5 +60,6 @@ void put_membuf_printf (membuf_t *mb, const char *format,
 void *get_membuf (membuf_t *mb, size_t *len);
 void *get_membuf_shrink (membuf_t *mb, size_t *len);
 const void *peek_membuf (membuf_t *mb, size_t *len);
+void set_membuf_err (membuf_t *mb, gpg_error_t err);
 
 #endif /*GNUPG_COMMON_MEMBUF_H*/
diff --git a/common/t-w32-reg.c b/common/t-w32-reg.c
index 01816db..9665003 100644
--- a/common/t-w32-reg.c
+++ b/common/t-w32-reg.c
@@ -44,25 +44,28 @@
 static void
 test_read_registry (void)
 {
-  char *string;
+  char *string1, *string2;
 
-#ifdef HAVE_W32CE_SYSTEM
-  string = read_w32_registry_string ("HKEY_CLASSES_ROOT",
-                                     "BOOTSTRAP\\CLSID", NULL);
-  if (!string)
-    fail (0);
-  fprintf (stderr, "Bootstrap clsid: %s\n", string);
-  xfree (string);
-#endif
-
-  string = read_w32_registry_string
+  string1 = read_w32_registry_string
     ("HKEY_CURRENT_USER",
      "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
      "User Agent");
-  if (!string)
+  if (!string1)
     fail (0);
-  fprintf (stderr, "User agent: %s\n", string);
-  xfree (string);
+  fprintf (stderr, "User agent: %s\n", string1);
+
+  string2 = read_w32_reg_string
+    ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion"
+     "\\Internet Settings:User Agent");
+  if (!string2)
+    fail (1);
+  fprintf (stderr, "User agent: %s\n", string2);
+  if (strcmp (string1, string2))
+    fail (2);
+
+
+  xfree (string1);
+  xfree (string2);
 }
 
 
@@ -71,10 +74,14 @@ test_read_registry (void)
 int
 main (int argc, char **argv)
 {
-  (void)argc;
-  (void)argv;
-
-  test_read_registry ();
+  if (argc > 1)
+    {
+      char *string = read_w32_reg_string (argv[1]);
+      printf ("%s -> %s\n", argv[1], string? string : "(null)");
+      xfree (string);
+    }
+  else
+    test_read_registry ();
 
   return 0;
 }
diff --git a/common/utf8conv.c b/common/utf8conv.c
index bdab225..1f01841 100644
--- a/common/utf8conv.c
+++ b/common/utf8conv.c
@@ -55,6 +55,10 @@
 #include "stringhelp.h"
 #include "utf8conv.h"
 
+#ifdef HAVE_W32_SYSTEM
+#include <windows.h>
+#endif
+
 #ifndef MB_LEN_MAX
 #define MB_LEN_MAX 16
 #endif
diff --git a/common/w32-reg.c b/common/w32-reg.c
index d8d94b9..94049a2 100644
--- a/common/w32-reg.c
+++ b/common/w32-reg.c
@@ -47,184 +47,62 @@
 #include "w32help.h"
 
 
-static HKEY
-get_root_key(const char *root)
-{
-  HKEY root_key;
-
-  if (!root)
-    root_key = HKEY_CURRENT_USER;
-  else if (!strcmp( root, "HKEY_CLASSES_ROOT" ) )
-    root_key = HKEY_CLASSES_ROOT;
-  else if (!strcmp( root, "HKEY_CURRENT_USER" ) )
-    root_key = HKEY_CURRENT_USER;
-  else if (!strcmp( root, "HKEY_LOCAL_MACHINE" ) )
-    root_key = HKEY_LOCAL_MACHINE;
-  else if (!strcmp( root, "HKEY_USERS" ) )
-    root_key = HKEY_USERS;
-  else if (!strcmp( root, "HKEY_PERFORMANCE_DATA" ) )
-    root_key = HKEY_PERFORMANCE_DATA;
-  else if (!strcmp( root, "HKEY_CURRENT_CONFIG" ) )
-    root_key = HKEY_CURRENT_CONFIG;
-  else
-    return NULL;
-
-  return root_key;
-}
-
-
 /* Return a string from the Win32 Registry or NULL in case of error.
    Caller must release the return value.  A NULL for root is an alias
    for HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE in turn.  */
 char *
 read_w32_registry_string (const char *root, const char *dir, const char *name)
 {
-#ifdef HAVE_W32CE_SYSTEM
-  HKEY root_key, key_handle;
-  DWORD n1, nbytes, type;
-  char *result = NULL;
-  wchar_t *wdir, *wname;
-
-  if ( !(root_key = get_root_key(root) ) )
-    return NULL;
-
-  wdir = utf8_to_wchar (dir);
-  if (!wdir)
-    return NULL;
-
-  if (RegOpenKeyEx (root_key, wdir, 0, KEY_READ, &key_handle) )
-    {
-      if (root)
-        {
-          xfree (wdir);
-          return NULL; /* No need for a RegClose, so return immediately. */
-        }
-      /* It seems to be common practise to fall back to HKLM. */
-      if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, wdir, 0, KEY_READ, &key_handle) )
-        {
-          xfree (wdir);
-          return NULL; /* Still no need for a RegClose. */
-        }
-    }
-  xfree (wdir);
+  return gpgrt_w32_reg_query_string (root, dir, name);
+}
 
-  if (name)
-    {
-      wname = utf8_to_wchar (name);
-      if (!wname)
-        goto leave;
-    }
-  else
-    wname = NULL;
 
-  nbytes = 2;
-  if (RegQueryValueEx (key_handle, wname, 0, NULL, NULL, &nbytes))
-    goto leave;
-  result = xtrymalloc ((n1=nbytes+2));
-  if (!result)
-    goto leave;
-  if (RegQueryValueEx (key_handle, wname, 0, &type, result, &n1))
-    {
-      xfree (result);
-      result = NULL;
-      goto leave;
-    }
-  result[nbytes] = 0;   /* Make sure it is a string.  */
-  result[nbytes+1] = 0;
-  if (type == REG_SZ || type == REG_EXPAND_SZ)
-    {
-      wchar_t *tmp = (void*)result;
-      result = wchar_to_utf8 (tmp);
-      xfree (tmp);
-    }
-
- leave:
-  xfree (wname);
-  RegCloseKey (key_handle);
-  return result;
-#else /*!HAVE_W32CE_SYSTEM*/
-  HKEY root_key, key_handle;
-  DWORD n1, nbytes, type;
-  char *result = NULL;
+/* Compact version of read_w32_registry_string.  This version expects
+ * a single string as key described here using an example:
+ *
+ *    HKCU\Software\GNU\GnuPG:HomeDir
+ *
+ * HKCU := the class, other supported classes are HKLM, HKCR, HKU, and
+ *         HKCC.  If no class is given and the string thus starts with
+ *         a backslash HKCU with a fallback to HKLM is used.
+ * Software\GNU\GnuPG := The actual key.
+ * HomeDir := the name of the item.  The name is optional to use the default
+ *            value.
+ *
+ * Note that the first backslash and the first colon act as delimiters.
+ *
+ * Returns a malloced string or NULL if not found.
+ */
+char *
+read_w32_reg_string (const char *key_arg)
+{
+  char *key;
+  char *p1, *p2;
+  char *result;
 
-  if ( !(root_key = get_root_key(root) ) )
+  if (!key_arg)
     return NULL;
-
-  if (RegOpenKeyEx (root_key, dir, 0, KEY_READ, &key_handle) )
+  key = xtrystrdup (key_arg);
+  if (!key)
     {
-      if (root)
-        return NULL; /* No need for a RegClose, so return immediately. */
-      /* It seems to be common practise to fall back to HKLM. */
-      if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, dir, 0, KEY_READ, &key_handle) )
-        return NULL; /* Still no need for a RegClose. */
+      log_info ("warning: malloc failed while reading registry key\n");
+      return NULL;
     }
 
-  nbytes = 1;
-  if (RegQueryValueEx( key_handle, name, 0, NULL, NULL, &nbytes ) )
-    goto leave;
-  result = xtrymalloc ((n1=nbytes+1));
-  if (!result)
-    goto leave;
-  if (RegQueryValueEx( key_handle, name, 0, &type, result, &n1 ))
+  p1 = strchr (key, '\\');
+  if (!p1)
     {
-      xfree (result);
-      result = NULL;
-      goto leave;
-    }
-  result[nbytes] = 0; /* Make sure it is a string.  */
-  if (type == REG_EXPAND_SZ && strchr (result, '%'))
-    {
-      char *tmp;
-
-      n1 += 1000;
-      tmp = xtrymalloc (n1+1);
-      if (!tmp)
-        goto leave;
-      nbytes = ExpandEnvironmentStrings (result, tmp, n1);
-      if (nbytes && nbytes > n1)
-        {
-          xfree (tmp);
-          n1 = nbytes;
-          tmp = xtrymalloc (n1 + 1);
-          if (!tmp)
-            goto leave;
-          nbytes = ExpandEnvironmentStrings (result, tmp, n1);
-          if (nbytes && nbytes > n1)
-            {
-              /* Oops - truncated, better don't expand at all.  */
-              xfree (tmp);
-              goto leave;
-            }
-          tmp[nbytes] = 0;
-          xfree (result);
-          result = tmp;
-        }
-      else if (nbytes)
-        {
-          /* Okay, reduce the length.  */
-          tmp[nbytes] = 0;
-          xfree (result);
-          result = xtrymalloc (strlen (tmp)+1);
-          if (!result)
-            result = tmp;
-            else
-              {
-                strcpy (result, tmp);
-                xfree (tmp);
-              }
-        }
-      else
-        {
-          /* Error - don't expand.  */
-          xfree (tmp);
-        }
+      xfree (key);
+      return NULL;
     }
+  *p1++ = 0;
+  p2 = strchr (p1, ':');
+  if (p2)
+    *p2++ = 0;
 
- leave:
-  RegCloseKey (key_handle);
+  result = gpgrt_w32_reg_query_string (*key? key : NULL, p1, p2);
+  xfree (key);
   return result;
-#endif /*!HAVE_W32CE_SYSTEM*/
 }
 
-
 #endif /*HAVE_W32_SYSTEM*/
diff --git a/common/w32help.h b/common/w32help.h
index edb51b8..a79081f 100644
--- a/common/w32help.h
+++ b/common/w32help.h
@@ -44,6 +44,7 @@ char **w32_parse_commandline (char *cmdline, int globing, int *r_argv,
 /*-- w32-reg.c --*/
 char *read_w32_registry_string (const char *root,
 				const char *dir, const char *name );
+char *read_w32_reg_string (const char *key);
 
 /* Other stuff.  */
 #ifdef HAVE_W32CE_SYSTEM
author	DongHun Kwak <dh0128.kwak@samsung.com>	2022-09-16 07:45:26 +0900
committer	DongHun Kwak <dh0128.kwak@samsung.com>	2022-09-16 07:45:26 +0900
commit	fee00cee1bbe0de698f4969528e8d607b8992871 (patch)
tree	b06e2154d45b31e5a3e8178283c71c2c1630e2c6 /common
parent	4497851adccf3cd3a801797b36bacc8d6f0920f0 (diff)
download	gpg2-fee00cee1bbe0de698f4969528e8d607b8992871.tar.gz gpg2-fee00cee1bbe0de698f4969528e8d607b8992871.tar.bz2 gpg2-fee00cee1bbe0de698f4969528e8d607b8992871.zip