From fee00cee1bbe0de698f4969528e8d607b8992871 Mon Sep 17 00:00:00 2001 From: DongHun Kwak Date: Fri, 16 Sep 2022 07:45:26 +0900 Subject: Imported Upstream version 2.3.4 --- common/Makefile.in | 4 +- common/compliance.c | 33 +++++++-- common/compliance.h | 2 + common/dynload.h | 4 +- common/exechelp-w32.c | 2 + common/gettime.c | 4 + common/homedir.c | 14 +++- common/init.c | 10 ++- common/membuf.c | 12 +++ common/membuf.h | 1 + common/t-w32-reg.c | 43 ++++++----- common/utf8conv.c | 4 + common/w32-reg.c | 200 ++++++++++---------------------------------------- common/w32help.h | 1 + 14 files changed, 137 insertions(+), 197 deletions(-) (limited to 'common') diff --git a/common/Makefile.in b/common/Makefile.in index 3e49c78..9b4355b 100644 --- a/common/Makefile.in +++ b/common/Makefile.in @@ -168,8 +168,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \ $(top_srcdir)/m4/ntbtls.m4 $(top_srcdir)/m4/pkg.m4 \ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ $(top_srcdir)/m4/readline.m4 $(top_srcdir)/m4/socklen.m4 \ - $(top_srcdir)/m4/sys_socket_h.m4 $(top_srcdir)/acinclude.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) @@ -789,7 +788,6 @@ STRIP = @STRIP@ SWTPM = @SWTPM@ SWTPM_IOCTL = @SWTPM_IOCTL@ SYSROOT = @SYSROOT@ -SYS_SOCKET_H = @SYS_SOCKET_H@ TPMSERVER = @TPMSERVER@ TSSSTARTUP = @TSSSTARTUP@ TSS_INCLUDE = @TSS_INCLUDE@ diff --git a/common/compliance.c b/common/compliance.c index 6c2fcd5..33a19fe 100644 --- a/common/compliance.c +++ b/common/compliance.c @@ -40,6 +40,10 @@ static int initialized; static int module; +/* This value is used by DSA and RSA checks in addition to the hard + * coded length checks. It allows to increase the required key length + * using a confue file. */ +static unsigned int min_compliant_rsa_length; /* Return the address of a compliance cache variable for COMPLIANCE. * If no such variable exists NULL is returned. FOR_RNG returns the @@ -176,9 +180,10 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo, break; case is_rsa: - result = (keylength == 2048 - || keylength == 3072 - || keylength == 4096); + result = ((keylength == 2048 + || keylength == 3072 + || keylength == 4096) + && keylength >= min_compliant_rsa_length); /* Although rsaPSS was not part of the original evaluation * we got word that we can claim compliance. */ (void)algo_flags; @@ -190,7 +195,8 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo, size_t P = gcry_mpi_get_nbits (key[0]); size_t Q = gcry_mpi_get_nbits (key[1]); result = (Q == 256 - && (P == 2048 || P == 3072)); + && (P == 2048 || P == 3072) + && P >= min_compliant_rsa_length); } break; @@ -256,9 +262,10 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance, break; case PK_USE_ENCRYPTION: case PK_USE_SIGNING: - result = (keylength == 2048 - || keylength == 3072 - || keylength == 4096); + result = ((keylength == 2048 + || keylength == 3072 + || keylength == 4096) + && keylength >= min_compliant_rsa_length); break; default: log_assert (!"reached"); @@ -273,7 +280,9 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance, { size_t P = gcry_mpi_get_nbits (key[0]); size_t Q = gcry_mpi_get_nbits (key[1]); - result = (Q == 256 && (P == 2048 || P == 3072)); + result = (Q == 256 + && (P == 2048 || P == 3072) + && keylength >= min_compliant_rsa_length); } break; @@ -679,3 +688,11 @@ gnupg_compliance_option_string (enum gnupg_compliance_mode compliance) log_assert (!"invalid compliance mode"); } + + +/* Set additional infos for example taken from config files at startup. */ +void +gnupg_set_compliance_extra_info (unsigned int min_rsa) +{ + min_compliant_rsa_length = min_rsa; +} diff --git a/common/compliance.h b/common/compliance.h index 2f70392..455efa5 100644 --- a/common/compliance.h +++ b/common/compliance.h @@ -91,5 +91,7 @@ int gnupg_parse_compliance_option (const char *string, const char *gnupg_compliance_option_string (enum gnupg_compliance_mode compliance); +void gnupg_set_compliance_extra_info (unsigned int min_rsa); + #endif /*GNUPG_COMMON_COMPLIANCE_H*/ diff --git a/common/dynload.h b/common/dynload.h index 54a47b2..f6ec875 100644 --- a/common/dynload.h +++ b/common/dynload.h @@ -34,7 +34,9 @@ #ifndef __MINGW32__ # include #else -# include +# include +# include +# include # include "utf8conv.h" # include "mischelp.h" # define RTLD_LAZY 0 diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c index 92be5cd..dee96f5 100644 --- a/common/exechelp-w32.c +++ b/common/exechelp-w32.c @@ -65,6 +65,8 @@ #include "sysutils.h" #include "exechelp.h" +#include + /* Define to 1 do enable debugging. */ #define DEBUG_W32_SPAWN 0 diff --git a/common/gettime.c b/common/gettime.c index 03c152f..cbf2436 100644 --- a/common/gettime.c +++ b/common/gettime.c @@ -42,6 +42,10 @@ #include "i18n.h" #include "gettime.h" +#ifdef HAVE_W32_SYSTEM +#include +#endif + #ifdef HAVE_UNSIGNED_TIME_T # define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1)) #else diff --git a/common/homedir.c b/common/homedir.c index 455c188..174d961 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -68,7 +68,11 @@ * text was read. */ #if __linux__ # define MYPROC_SELF_EXE "/proc/self/exe" -#else /* Assume *BSD*/ +#elif defined(__NetBSD__) +# define MYPROC_SELF_EXE "/proc/curproc/exe" +#elif defined(__illumos__) || defined(__sun) +# define MYPROC_SELF_EXE "/proc/self/path/a.out" +#else /* Assume other BSDs */ # define MYPROC_SELF_EXE "/proc/curproc/file" #endif @@ -495,13 +499,13 @@ unix_rootdir (int want_sysconfdir) if (nread < 0) { err = gpg_error_from_syserror (); - log_info ("error reading symlink '%s': %s\n", - MYPROC_SELF_EXE, gpg_strerror (err)); buffer[0] = 0; if ((name = getenv ("GNUPG_BUILD_ROOT")) && *name == '/') { /* Try a fallback for systems w/o a supported /proc - * file system. */ + * file system if we are running a regression test. */ + log_info ("error reading symlink '%s': %s\n", + MYPROC_SELF_EXE, gpg_strerror (err)); xfree (buffer); buffer = xstrconcat (name, "/bin/gpgconf", NULL); log_info ("trying fallback '%s'\n", buffer); @@ -632,6 +636,8 @@ unix_rootdir (int want_sysconfdir) es_fclose (fp); xfree (buffer); xfree (line); + xfree (rootdir); + xfree (sysconfdir); checked = 1; return NULL; } diff --git a/common/init.c b/common/init.c index 7b6b4ae..b9f05f3 100644 --- a/common/init.c +++ b/common/init.c @@ -208,8 +208,14 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp) gettext_use_utf8 (1); if (!SetConsoleCP (CP_UTF8) || !SetConsoleOutputCP (CP_UTF8)) { - log_info ("SetConsoleCP failed: %s\n", w32_strerror (-1)); - log_info ("Warning: Garbled console data possible\n"); + /* Don't show the error if the program does not have a console. + * This is for example the case for daemons. */ + int rc = GetLastError (); + if (rc != ERROR_INVALID_HANDLE) + { + log_info ("SetConsoleCP failed: %s\n", w32_strerror (rc)); + log_info ("Warning: Garbled console data possible\n"); + } } #endif diff --git a/common/membuf.c b/common/membuf.c index 009fbc3..60491b5 100644 --- a/common/membuf.c +++ b/common/membuf.c @@ -231,3 +231,15 @@ peek_membuf (membuf_t *mb, size_t *len) *len = mb->len; return p; } + +/* To assist using membuf with function returning an error, this + * function sets the membuf into the error state. */ +void +set_membuf_err (membuf_t *mb, gpg_error_t err) +{ + if (!mb->out_of_core) + { + int myerr = gpg_err_code_to_errno (gpg_err_code (err)); + mb->out_of_core = myerr? myerr : EINVAL; + } +} diff --git a/common/membuf.h b/common/membuf.h index 1497bcd..4b2be1a 100644 --- a/common/membuf.h +++ b/common/membuf.h @@ -60,5 +60,6 @@ void put_membuf_printf (membuf_t *mb, const char *format, void *get_membuf (membuf_t *mb, size_t *len); void *get_membuf_shrink (membuf_t *mb, size_t *len); const void *peek_membuf (membuf_t *mb, size_t *len); +void set_membuf_err (membuf_t *mb, gpg_error_t err); #endif /*GNUPG_COMMON_MEMBUF_H*/ diff --git a/common/t-w32-reg.c b/common/t-w32-reg.c index 01816db..9665003 100644 --- a/common/t-w32-reg.c +++ b/common/t-w32-reg.c @@ -44,25 +44,28 @@ static void test_read_registry (void) { - char *string; + char *string1, *string2; -#ifdef HAVE_W32CE_SYSTEM - string = read_w32_registry_string ("HKEY_CLASSES_ROOT", - "BOOTSTRAP\\CLSID", NULL); - if (!string) - fail (0); - fprintf (stderr, "Bootstrap clsid: %s\n", string); - xfree (string); -#endif - - string = read_w32_registry_string + string1 = read_w32_registry_string ("HKEY_CURRENT_USER", "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "User Agent"); - if (!string) + if (!string1) fail (0); - fprintf (stderr, "User agent: %s\n", string); - xfree (string); + fprintf (stderr, "User agent: %s\n", string1); + + string2 = read_w32_reg_string + ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion" + "\\Internet Settings:User Agent"); + if (!string2) + fail (1); + fprintf (stderr, "User agent: %s\n", string2); + if (strcmp (string1, string2)) + fail (2); + + + xfree (string1); + xfree (string2); } @@ -71,10 +74,14 @@ test_read_registry (void) int main (int argc, char **argv) { - (void)argc; - (void)argv; - - test_read_registry (); + if (argc > 1) + { + char *string = read_w32_reg_string (argv[1]); + printf ("%s -> %s\n", argv[1], string? string : "(null)"); + xfree (string); + } + else + test_read_registry (); return 0; } diff --git a/common/utf8conv.c b/common/utf8conv.c index bdab225..1f01841 100644 --- a/common/utf8conv.c +++ b/common/utf8conv.c @@ -55,6 +55,10 @@ #include "stringhelp.h" #include "utf8conv.h" +#ifdef HAVE_W32_SYSTEM +#include +#endif + #ifndef MB_LEN_MAX #define MB_LEN_MAX 16 #endif diff --git a/common/w32-reg.c b/common/w32-reg.c index d8d94b9..94049a2 100644 --- a/common/w32-reg.c +++ b/common/w32-reg.c @@ -47,184 +47,62 @@ #include "w32help.h" -static HKEY -get_root_key(const char *root) -{ - HKEY root_key; - - if (!root) - root_key = HKEY_CURRENT_USER; - else if (!strcmp( root, "HKEY_CLASSES_ROOT" ) ) - root_key = HKEY_CLASSES_ROOT; - else if (!strcmp( root, "HKEY_CURRENT_USER" ) ) - root_key = HKEY_CURRENT_USER; - else if (!strcmp( root, "HKEY_LOCAL_MACHINE" ) ) - root_key = HKEY_LOCAL_MACHINE; - else if (!strcmp( root, "HKEY_USERS" ) ) - root_key = HKEY_USERS; - else if (!strcmp( root, "HKEY_PERFORMANCE_DATA" ) ) - root_key = HKEY_PERFORMANCE_DATA; - else if (!strcmp( root, "HKEY_CURRENT_CONFIG" ) ) - root_key = HKEY_CURRENT_CONFIG; - else - return NULL; - - return root_key; -} - - /* Return a string from the Win32 Registry or NULL in case of error. Caller must release the return value. A NULL for root is an alias for HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE in turn. */ char * read_w32_registry_string (const char *root, const char *dir, const char *name) { -#ifdef HAVE_W32CE_SYSTEM - HKEY root_key, key_handle; - DWORD n1, nbytes, type; - char *result = NULL; - wchar_t *wdir, *wname; - - if ( !(root_key = get_root_key(root) ) ) - return NULL; - - wdir = utf8_to_wchar (dir); - if (!wdir) - return NULL; - - if (RegOpenKeyEx (root_key, wdir, 0, KEY_READ, &key_handle) ) - { - if (root) - { - xfree (wdir); - return NULL; /* No need for a RegClose, so return immediately. */ - } - /* It seems to be common practise to fall back to HKLM. */ - if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, wdir, 0, KEY_READ, &key_handle) ) - { - xfree (wdir); - return NULL; /* Still no need for a RegClose. */ - } - } - xfree (wdir); + return gpgrt_w32_reg_query_string (root, dir, name); +} - if (name) - { - wname = utf8_to_wchar (name); - if (!wname) - goto leave; - } - else - wname = NULL; - nbytes = 2; - if (RegQueryValueEx (key_handle, wname, 0, NULL, NULL, &nbytes)) - goto leave; - result = xtrymalloc ((n1=nbytes+2)); - if (!result) - goto leave; - if (RegQueryValueEx (key_handle, wname, 0, &type, result, &n1)) - { - xfree (result); - result = NULL; - goto leave; - } - result[nbytes] = 0; /* Make sure it is a string. */ - result[nbytes+1] = 0; - if (type == REG_SZ || type == REG_EXPAND_SZ) - { - wchar_t *tmp = (void*)result; - result = wchar_to_utf8 (tmp); - xfree (tmp); - } - - leave: - xfree (wname); - RegCloseKey (key_handle); - return result; -#else /*!HAVE_W32CE_SYSTEM*/ - HKEY root_key, key_handle; - DWORD n1, nbytes, type; - char *result = NULL; +/* Compact version of read_w32_registry_string. This version expects + * a single string as key described here using an example: + * + * HKCU\Software\GNU\GnuPG:HomeDir + * + * HKCU := the class, other supported classes are HKLM, HKCR, HKU, and + * HKCC. If no class is given and the string thus starts with + * a backslash HKCU with a fallback to HKLM is used. + * Software\GNU\GnuPG := The actual key. + * HomeDir := the name of the item. The name is optional to use the default + * value. + * + * Note that the first backslash and the first colon act as delimiters. + * + * Returns a malloced string or NULL if not found. + */ +char * +read_w32_reg_string (const char *key_arg) +{ + char *key; + char *p1, *p2; + char *result; - if ( !(root_key = get_root_key(root) ) ) + if (!key_arg) return NULL; - - if (RegOpenKeyEx (root_key, dir, 0, KEY_READ, &key_handle) ) + key = xtrystrdup (key_arg); + if (!key) { - if (root) - return NULL; /* No need for a RegClose, so return immediately. */ - /* It seems to be common practise to fall back to HKLM. */ - if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, dir, 0, KEY_READ, &key_handle) ) - return NULL; /* Still no need for a RegClose. */ + log_info ("warning: malloc failed while reading registry key\n"); + return NULL; } - nbytes = 1; - if (RegQueryValueEx( key_handle, name, 0, NULL, NULL, &nbytes ) ) - goto leave; - result = xtrymalloc ((n1=nbytes+1)); - if (!result) - goto leave; - if (RegQueryValueEx( key_handle, name, 0, &type, result, &n1 )) + p1 = strchr (key, '\\'); + if (!p1) { - xfree (result); - result = NULL; - goto leave; - } - result[nbytes] = 0; /* Make sure it is a string. */ - if (type == REG_EXPAND_SZ && strchr (result, '%')) - { - char *tmp; - - n1 += 1000; - tmp = xtrymalloc (n1+1); - if (!tmp) - goto leave; - nbytes = ExpandEnvironmentStrings (result, tmp, n1); - if (nbytes && nbytes > n1) - { - xfree (tmp); - n1 = nbytes; - tmp = xtrymalloc (n1 + 1); - if (!tmp) - goto leave; - nbytes = ExpandEnvironmentStrings (result, tmp, n1); - if (nbytes && nbytes > n1) - { - /* Oops - truncated, better don't expand at all. */ - xfree (tmp); - goto leave; - } - tmp[nbytes] = 0; - xfree (result); - result = tmp; - } - else if (nbytes) - { - /* Okay, reduce the length. */ - tmp[nbytes] = 0; - xfree (result); - result = xtrymalloc (strlen (tmp)+1); - if (!result) - result = tmp; - else - { - strcpy (result, tmp); - xfree (tmp); - } - } - else - { - /* Error - don't expand. */ - xfree (tmp); - } + xfree (key); + return NULL; } + *p1++ = 0; + p2 = strchr (p1, ':'); + if (p2) + *p2++ = 0; - leave: - RegCloseKey (key_handle); + result = gpgrt_w32_reg_query_string (*key? key : NULL, p1, p2); + xfree (key); return result; -#endif /*!HAVE_W32CE_SYSTEM*/ } - #endif /*HAVE_W32_SYSTEM*/ diff --git a/common/w32help.h b/common/w32help.h index edb51b8..a79081f 100644 --- a/common/w32help.h +++ b/common/w32help.h @@ -44,6 +44,7 @@ char **w32_parse_commandline (char *cmdline, int globing, int *r_argv, /*-- w32-reg.c --*/ char *read_w32_registry_string (const char *root, const char *dir, const char *name ); +char *read_w32_reg_string (const char *key); /* Other stuff. */ #ifdef HAVE_W32CE_SYSTEM -- cgit v1.2.3