aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.2.35gnupg-2.2.35Werner Koch2022-04-251-2/+5
|
* po: Fix a fuzzy in the German translationWerner Koch2022-04-251-4/+3
| | | | --
* po: Auto updateWerner Koch2022-04-2526-260/+375
| | | | --
* gpg: Avoid NULL ptr access due to corrupted packets.Werner Koch2022-04-251-6/+13
| | | | | | | | | * g10/parse-packet.c (parse_signature): Do not create an opaque MPI with NULL and length > 0 (parse_key): Ditto. -- GnuPG-bug-id: 5940, 5946
* agent: Not writing password into file.NIIBE Yutaka2022-04-251-35/+20
| | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke pattern check program. -- GnuPG-bug-id: 5917 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Emit an ERROR status as hint for a bad passphrase.Werner Koch2022-04-251-8/+20
| | | | | | | | | | | | | | * g10/mainproc.c (proc_symkey_enc): Issue new error code. (proc_encrypted): Ditto. -- This allows GPGME to return a better error message than "bad session key" to the user. Technically we could get run into these errors also in other cases but this more unlikley. For the command line use we don't do anything to not change the expected output of the command line interface. GnuPG-bug-id: 5943
* po: Update German translationWerner Koch2022-04-201-2/+8
| | | | --
* w32: Do no use Registry item DefaultLogFile for the main tools.Werner Koch2022-04-204-4/+5
| | | | | | | | | | | | | | | | * g10/gpg.c (main): Set LOG_NO_REGISTRY. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpgconf.c (main): Ditto. (show_other_registry_entries): Print "DefaultLogFile". -- The intention of this mostly forgotten registry entry was to allow for easy debugging of the tools. However, with the global config files (and in 2.3 with common.conf) things are anyway better. We disable the use for the commonly used tools so that it does not look like calling gpg on the command line seems to block with no output if the log server (e.g. tcp://1.2.3.4:11111) is not reachable.
* Prepare NEWS for the next releaseWerner Koch2022-04-141-0/+36
| | | | --
* gpg: Replace an assert by a log_fatal.Werner Koch2022-04-141-3/+6
| | | | | | * g10/build-packet.c (do_signature): Use log_fatal. -- GnuPG-bug-id: 5809
* scd: Minor code reorganizationWerner Koch2022-04-141-17/+22
| | | | | * scd/ccid-driver.c: Move struct defines to the top. (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
* scd: Fix memory leak in ccid-driver.Werner Koch2022-04-141-9/+9
| | | | | | | | | | | * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. -- Due to an assignment out of bounds this might lead to a crash if there are more than 15 readers. In any case it fixes a memory leak. Kudos to the friendly auditor who found that bug. Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
* scd:p15: Improve the PIN prompt for Genua cards.Werner Koch2022-04-131-4/+26
| | | | | | | * scd/app-p15.c (CARD_PRODUCT_GENUA): New. (cardproduct2str): Add it. (read_p15_info): Detect and set GENUA (make_pin_prompt): Take holder string from the AODF.
* scd:p15: Support for GeNUA cards.Werner Koch2022-04-131-1/+10
| | | | | * scd/app-p15.c (read_p15_info): Disable extended mode for Genua cards.
* scd:p15: Prepare AODF parsing for other authentication types.Werner Koch2022-04-131-329/+372
| | | | | | | | | | | | | | * scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of changes are just indentation changes. There should be no functional change. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e387cc97c82313457e4f79729a137e5871891bc1)
* scd:p15: Add basic support for AET JCOP cards.Werner Koch2022-04-131-5/+46
| | | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_AET): New. (cardtype2str): Add string. (card_atr_list): Add corresponding ATR. (app_local_s): New flag no_extended_mode. Turn two other flags into bit flags. (select_ef_by_path): Hack to handle the 3FFF thing. (readcert_by_cdf): Do not use extended mode for AET. (app_select_p15): Set no_extended_mode. --- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)
* common,unix: Backport dotlock changes from GnuPG 2.3.NIIBE Yutaka2022-03-291-20/+57
| | | | | | | | | | | | * common/dotlock.c (read_lockfile): Return FD in R_FD. (dotlock_take_unix): Fix a race condition by new read_lockfile and checking with fstat. Describe one race condition in comment. (dotlock_release_unix): Follow the change of read_lockfile. -- GnuPG-bug-id: 5884 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Escape more characters in WKD requests.Werner Koch2022-03-281-1/+1
| | | | | | * dirmngr/server.c (proc_wkd_get): Also escape '#' and '+' -- GnuPG-bug-id: 5902
* gpgtar: New option --with-logWerner Koch2022-03-226-38/+56
| | | | | | | | | | * tools/gpgtar.c: New option --with-log. * tools/gpgtar.h (opt): Add field with_log. * tools/gpgtar-extract.c (gpgtar_extract): Move directory string building up. Add option --log-file if needed. * tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it is used outside of its scope. * tools/gpgtar-list.c (gpgtar_list): Ditto.
* dirmngr: Make WKD_GET work even for servers not handling SRV RRs.Werner Koch2022-03-211-1/+8
| | | | | | | | | | | * dirmngr/server.c (proc_wkd_get): Take care of DNS server failures -- Unfortunately there are resolver setups which don't handle SRV records but return a server error. We let a not found error pass, because that merely means the domain does not exists. GnuPG-bug-id: 4729
* gpgtar: Finally use a pipe for decryption.Werner Koch2022-03-216-137/+266
| | | | | | | | | | | | | | | | * tools/gpgtar.h (opt): Add new flags. * tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and --require-compliance. (main): Init signals. * tools/gpgtar-create.c: Add new header files. (gpgtar_create): Rework to use a pipe for encryption and signing. * tools/gpgtar-list.c: Add new header files. (gpgtar_list): Rework to use a pipe for decryption. * tools/gpgtar-extract.c: Add new header files. (gpgtar_extract): Rework to use a pipe for decryption. -- Fixes-commit: 40dbee86f3043aff8a8c2055521e270318e33068
* gpg: Print info about the used AEAD algorithm.Werner Koch2022-03-183-2/+22
| | | | | | | | | | | | | | | | | | * g10/misc.c (openpgp_cipher_algo_mode_name): New. * g10/decrypt-data.c (decrypt_data): Use function here. -- With out this change we would see gpg: cipher algorithm 'AES256' may not be used in --compliance=de-vs mode This is confusing because AES256 is compliant. Now we see gpg: cipher algorithm 'AES256.OCB' may not be used in --compliance=de-vs mode which gives a hint on the problem.
* common: New function map_static_stringsWerner Koch2022-03-184-5/+86
| | | | | | | | | * common/mapstrings.c (struct intmapping_s): New. (map_static_strings): New. * common/stringhelp.c (do_strconcat): Rename to ... (vstrconcat): this and make global. * common/t-mapstrings.c (test_map_static_strings): New test.
* gpg: Allow decryption of symencr even for non-compliant cipher.Werner Koch2022-03-185-18/+47
| | | | | | | | | | | | | | | | | | | | | | * g10/decrypt-data.c (decrypt_data): Add arg compliance_error. Adjust all callers. Fail on compliance error only in --require-compliance mode. Make sure to return an error if the buffer is missing; actually that should be an assert. * g10/mainproc.c (proc_encrypted): Delay printing of the compliance mode status. Consult the compliance error now returned by decrypt_data. -- The actual case here is that we fail hard if a message has been AEAD encrypted with one AEAD capable key and also with one passphrase. In general the preference system takes care of not using AEAD if one recipient's key does not support it. However, if the sender uses her own AEAD-capable key _and_ a passphrase the message will be AEAD encrypted. This change allows to decrypt that anyway along with a warning message. Note that this does currently not work in 2.3 due to a non-compliant libgcrypt. We will however, backport this to 2.2.
* common: New flags for gnupg_spawn_processWerner Koch2022-03-153-9/+29
| | | | | | | | | * common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New. (GNUPG_SPAWN_KEEP_STDOUT): New. (GNUPG_SPAWN_KEEP_STDERR): New. * common/exechelp-posix.c (do_exec): Add arg flags and implement new flags. * common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.
* gpgconf: Silence warnings from parsing the options filesWerner Koch2022-03-091-2/+3
| | | | | | | | | | | * tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose flag for the arg parser only in --verbose mode. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ad1254b59d41e127879fc9f495d392316135b4a5) GnuPG-bug-id: 5874
* sm: Fix parsing encrypted data.NIIBE Yutaka2022-03-091-1/+14
| | | | | | | | | | | | | | * sm/minip12.c (cram_octet_string): Finish when N==0. (parse_bag_encrypted_data): Support constructed data with multiple octet strings. -- Backport master commit of: 6c50834c0905b55ee2da18728194dd4c93c377bf GnuPG-bug-id: 5793 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgsm: New option --require-complianceWerner Koch2022-03-086-3/+47
| | | | | | | | | | | * sm/gpgsm.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * sm/gpgsm.h (opt): Add field require_compliance. (gpgsm_errors_seen): Declare. * sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto.
* gpg: New option --require-compliance.Werner Koch2022-03-085-6/+67
| | | | | | | | | | | | | | * g10/options.h (opt): Add field flags.require_compliance. * g10/gpg.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant. (check_sig_and_print): Ditto. * g10/encrypt.c (encrypt_crypt): Ditto. -- Note that in the --encrypt and --verify cased other checks may kick in earlier than this new --require-compliance controlled one.
* gpg: Give Libgcrypt CFLAGS a higher priority than SQlite.Werner Koch2022-03-081-2/+2
| | | | | | | | | | * g10/Makefile.am (AM_CFLAGS): Reorder. -- The more specific CLFAGS should come first so these are picked up first. We really should improve the build system to enforce this rule. In particular /usr/local/include should come after any more specific location.
* gpgtar,w32: Support file names longer than MAX_PATH.Werner Koch2022-03-043-13/+10
| | | | | | | | | | * tools/gpgtar.c: Replace assert by log_assert. * tools/gpgtar-extract.c: Ditto. (extract_regular): Create files with sysopen flag. * tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar. -- Note that for this change libgpg-error 1.45 is required for Windows.
* common,w32: Support file names longer than MAX_PATH in iobuf.Werner Koch2022-03-041-18/+4
| | | | | * common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar. (any8bitchar): Remove.
* g10: Avoid extra hash contexts when decrypting MDC inputJussi Kivilinna2022-02-241-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (mainproc_context): New member 'seen_pkt_encrypted_mdc'. (release_list): Clear 'seen_pkt_encrypted_mdc'. (proc_encrypted): Set 'seen_pkt_encrypted_mdc'. (have_seen_pkt_encrypted_aead): Rename to... (have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for 'seen_pkt_encrypted_mdc'. (proc_plaintext): Do not enable extra hash contexts when decrypting MDC input. -- Avoiding extra hash contexts speeds up CFB/MDC decryption quite a lot. For example, decrypting symmetric-key AES-256 encrypted 4 GiB file from RAM to /dev/null sees ~3.4x speed increase on AMD Ryzen 5800X: AES256.CFB encryption: 783 MB/s AES256.CFB decryption: 386 MB/s (before) AES256.CFB encryption: 1.3 GB/s (after patch) Note, AEAD is still significantly faster: AES256.OCB encryption: 2.2 GB/s AES256.OCB decryption: 3.0 GB/s GnuPG-bug-id: T5820 Signed-off-by: Jussi Kivilinna <[email protected]> (cherry picked from commit ab177eed514f7f3432d78e7e6521ad24cc0f4762) Even 2.2 with the older Libgcrypt 1.8 gets a threefold speedup; see https://dev.gnupg.org/T5820#155447 (AES-128 vs. AES-256 does not make a substanial difference) Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Used extended mode already for RSA 2048Werner Koch2022-02-211-2/+2
| | | | | * scd/app-p15.c (do_sign, do_decipher): Replace GT by GE. --
* po: Fix typo in German translationWerner Koch2022-02-211-4/+2
| | | | --
* tests: Remove a test case with "quiet" option with gpgconf.NIIBE Yutaka2022-02-171-3/+2
| | | | | | | | | * tests/openpgp/gpgconf.scm: Remove "quiet" test. -- Fixes-commit: 2f2130ff24faf4507fa5949e834c155b4a8e1525 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use lock_slot for apdu_send_direct.NIIBE Yutaka2022-02-171-1/+1
| | | | | | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): Use lock_slot. -- Cherry-pick the master commit of: f808012ac2cf67ec563da178d963f300a7f2564d With trylock_slot, it may return SW_HOST_BUSY. This may occur when apdu_get_status is called by scd_update_reader_status_file. Simply using lock_slot is much easier for user of apdu_send_direct. GnuPG-bug-id: 5831 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: Do not show "quiet" as option.Werner Koch2022-02-091-7/+0
| | | | | | | | * tools/gpgconf-comp.c: Remove "quiet" and two unsupported options -- The --quiet option is not intended for config files and thus should not be displayed by config dialogs.
* Post release updatesWerner Koch2022-02-072-1/+6
| | | | --
* Release 2.2.34gnupg-2.2.34Werner Koch2022-02-072-2/+45
|
* dirmngr: Changes to the linking order.Werner Koch2022-02-071-10/+12
| | | | * dirmngr/Makefile.am: Tweak library order.
* po: msgmerge introduced indenting for ja.poWerner Koch2022-02-071-4/+4
| | | | --
* Update copyright notices.Werner Koch2022-02-074-18/+5
| | | | | | | | | -- Note that for this LTS version we now print g10 Code as the first copyright holder with --version. This is to avoid confusion at our customers, now that we also provide a Linux^WGNU/Linux version of GnuPG VS-Desktop and the Windows version has always shown g10 Code.
* gpgconf: Make gpgconf --launch dirmngr work againWerner Koch2022-02-072-3/+7
| | | | | | | | | | * tools/gpgconf.h (gc_component_id_t): Fix the order. -- The order has not been adjusted here in 2.2 after we have changed the order of the gc_components array to have a more logical layout of the tabs in Gpa and Kleopatra's setting dialogs. In 2.3 everything is correct, probably because we have another component (keyboxd) there.
* gpgconf: Print the used code pages on Windows with --show-configsWerner Koch2022-02-071-0/+9
| | | | * tools/gpgconf.c (show_configs): Add some code
* common: Fix creation of Windows socket directories.Werner Koch2022-02-071-21/+2
| | | | | | | | | | | | | | | | | | | | * common/homedir.c (w32_try_mkdir): Remove. (standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir. (_gnupg_socketdir_internal): Ditto. -- The w32_try_mkdir was once introduced for WindowsCE and unfortunately at a too brief inspection it looks like it does the utf8->wchar conversion. Which it does not. Thus I obviously never tested the switch to from APPDATA to LOCAL_APPDATA with a non-ascii account name. That might have been due to the use of the very same code for the homedir - but there is other code in gpg to create the homedir; thus a failure here is mostly fixed later. The missing error diagnostic was - and is - on purpose to avoid such error messages due to a race between several running gpg instances. GnuPG-bug-id: 5537
* po: Update Japanese Translation.NIIBE Yutaka2022-02-071-35/+18
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Auto updateWerner Koch2022-02-0725-5746/+7012
| | | | --
* po: Update the German translationWerner Koch2022-02-071-228/+255
| | | | --
* m4: Update our library m4 files from masterWerner Koch2022-02-046-162/+353
| | | | | | | | | | | | * m4/gpg-error.m4: Updated * m4/ksba.m4: Updated * m4/libassuan.m4: Updated * m4/libgcrypt.m4: Updated * m4/npth.m4: Updated * m4/ntbtls.m4: Updated -- This better fits with the new gpgrt-config system
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 12:21:47 +0000