aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.3.36gnupg-2.2.36Werner Koch2022-07-061-1/+25
|
* gpgconf: New short options -V and -XWerner Koch2022-06-291-5/+40
| | | | | | | | * tools/gpgconf.c: Assign short options -X and -V (show_version_gnupg): Print the vsd version if available. -- These changes are helpful for phone support.
* agent: Flush before calling ftruncate.NIIBE Yutaka2022-06-231-0/+2
| | | | | | | | | | | | | * agent/findkey.c (write_extended_private_key): Make sure it is flushed out. -- Cherry-picked from master commit of: 99d2931887e5ba0db9007024b3420b110603d5be GnuPG-bug-id: 6035 Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Update pkcs#12 module from masterWerner Koch2022-06-213-361/+761
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/minip12.c: Update from master. * sm/import.c (parse_p12): Pass NULL for curve. -- Over the last years we had a couple of changes not backported to 2.2. However, to support DFN p12 files and probably other p12 files we need to update the minip12.c module. Instead of picking commits we take the module verbatim, which is relatively easy because it was originally designed to be a standalone module. Summary of commits taken from master: sm: Improve pkcs#12 debug output. sm: Rework the PKCS#12 parser to support DFN issued keys. sm: Fix parsing encrypted data. sm: Do not print certain issuer not found diags in quiet mode. sm: Silence some output on --quiet sm: Replace all assert calls by log_assert. doc: Typo fixes in code comments sm: Add support to export ECC private keys. Detailed log messages for those commits: commit 52f9e13c0cb3b42c469e2d00352ab36948ca1e55 sm: Improve pkcs#12 debug output. * sm/minip12.c (parse_shrouded_key_bag): Fix offset diagnostic. (parse_cert_bag): Ditto. (parse_bag_data): Remove debug output. Pass startoffset. Fix offset diagnostic. commit a4e04375e84ecb7ea0d02e153cb27988fca4c2d0 sm: Rework the PKCS#12 parser to support DFN issued keys. * sm/minip12.c (struct p12_parse_ctx_s): New. Use this instead of passing several parameters to most functions. (parse_pag_data): Factor things out to ... parse_shrouded_key_bag): new. (parse_cert_bag): New. (parse_bag_data): New. (p12_parse): Setup the parse context. To support newer pkcs#12 files like those issued by the DFN we need to support another ordering of data elements. This rework reflects the P12 data structure a bit better than our old ad-hoc hacks. Tests could only be done with the certificate parts and not the encrypted private keys. GnuPG-bug-id: 6037 commit 6c50834c0905b55ee2da18728194dd4c93c377bf sm: Fix parsing encrypted data. * sm/minip12.c (cram_octet_string): Finish when N==0. (parse_bag_encrypted_data): Support constructed data with multiple octet strings. GnuPG-bug-id: 5793 commit a170f0e73f38e474b6d4463433fe344eca865fa5 sm: Do not print certain issuer not found diags in quiet mode. * sm/certchain.c (find_up_dirmngr): Print one diagnostic only in verbose mode. Do not print issuer not found diags in quiet mode. * sm/minip12.c (parse_bag_data): Add missing verbose condition. GnuPG-bug-id: 4757 commit 615d2e4fb15859320ea0ebec1bb457c692c57f0a sm: Silence some output on --quiet * sm/encrypt.c (gpgsm_encrypt): Take care of --quiet. * sm/gpgsm.c: Include minip12.h. (set_debug): Call p12_set_verbosity. * sm/import.c (parse_p12): Dump keygrip only in debug mode. * sm/minip12.c (opt_verbose, p12_set_verbosity): New. (parse_bag_encrypted_data): Print info messages only in verbose mode. GnuPG-bug-id: 4757 commit 9ee975d588ee99550917e3d459dd6f79057f5c30 gpgsm: Replace all assert calls by log_assert. commit 9bc9d0818b0e636a9dbc0dd24edf53eae95dd8e7 doc: Typo fixes in code comments commit 5da6925a334c68d736804d8f19a684a678409d99 sm: Add support to export ECC private keys. * sm/minip12.c [TEST]: Remove test code. Include util.h, tlv.h. and openpgpdefs.h. Remove the class and tag constants and replace them by those from tlv.h. (builder_add_oid, builder_add_mpi): New. (build_key_sequence): Rename to ... (build_rsa_key_sequence): this. (build_ecc_key_sequence): New. (p12_build): Call RSA or ECC builder. (p12_raw_build): Ditto. * sm/export.c (gpgsm_p12_export): Use correct armor header for ECC. (sexp_to_kparms): Support ECC. GnuPG-bug-id: 4921
* common: Add an easy to use DER builder.Werner Koch2022-06-204-12/+417
| | | | | | | | | | | | | | | | | | * common/tlv-builder.c: New. * common/tlv.c: Remove stuff only used by GnuPG 1. (put_tlv_to_membuf, get_tlv_length): Move to ... * common/tlv-builder.c: here. * common/tlv.h (tlv_builder_t): New. -- Such code should actually go into libksba and we will eventually do that. However, for now it is easier to keep it here. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 5ea878274ef51c819368f021c69c518b9aef6f82) - Add coverity meta comment from commit a95ddffdcd58383cce93677be5e7e11c5c229a98
* g10: Fix garbled status messages in NOTATION_DATAWerner Koch2022-06-141-9/+4
| | | | | | | | | | | | * g10/cpr.c (write_status_text_and_buffer): Fix off-by-one -- Depending on the escaping and line wrapping the computed remaining buffer length could be wrong. Fixed by always using a break to terminate the escape detection loop. Might have happened for all status lines which may wrap. GnuPG-bug-id: T6027
* agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.NIIBE Yutaka2022-06-093-3/+17
| | | | | | | | | | | | | | | * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential and assuan_end_confidential, and wipe the memory after use. * agent/command.c (cmd_preset_passphrase): Likewise. * scd/command.c (pin_cb): Likewise. -- Backport the change of master commit of: 052f58422dca1044aba7acb4cf57416e7a8cb01f GnuPG-bug-id: 5977 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr,w32: Silence compiler warnings for the LDAP API.Werner Koch2022-06-033-2/+26
| | | | --
* w32: Avoid warning about not including winsock2.h after windows.hWerner Koch2022-06-031-0/+3
| | | | * common/dynload.h: Include winsock2.h first.
* w32: Allow Unicode filenames for iobuf_cancel.Werner Koch2022-06-033-35/+24
| | | | | | | | | * common/iobuf.c (iobuf_cancel): Use gnupg_remove * common/mischelp.c (same_file_p): Allow for Unicode names. -- Note that the second patch is used to handle Unicode filenames which are symbolic links.
* scd:p15: Fix accidental commit of debug codeWerner Koch2022-06-011-6/+3
| | | | | | | * scd/app-p15.c (do_sign): Revert MSE setting. -- Fixes-commit: 91acbdc93c8a6ae06b483a27c8bb7c33a978108d
* scd: Shorten cardio debug output for all zeroes.Werner Koch2022-06-011-4/+33
| | | | | | | | * scd/apdu.c (all_zero_p): New. (send_le): Use it. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 9b6f574928546e6905a92c3e74d72478f1585c66)
* scd: Fix use of SCardListReaders for PC/SC.NIIBE Yutaka2022-05-171-1/+1
| | | | | | | | | | | | | * scd/apdu.c (open_pcsc_reader): Initialize NREADER. -- Backport master commit of: 1b1684cf6192d9edb90a54ebe4a0e66b3d59a44b Reported-by: Ludovic Rousseau GnuPG-bug-id: 5979 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add workaround for ECC attribute on Yubikey.NIIBE Yutaka2022-05-101-1/+2
| | | | | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus octet in a key attribute. -- Apply master commit of: 054d14887ef8fa1cbadef4ed2ea28213f25f5d25 GnuPG-bug-id: 5963 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:p15: Improve the displayed S/N for Technology Nexus cards.Werner Koch2022-05-061-6/+42
| | | | | | | | | * scd/app-p15.c (any_control_or_space_mem): New. (get_dispserialno): Add new code. -- This works with my test cards and now reflects what's printed on the front matter of the card.
* scd:p15: Fix the the sanity check of the displayed S/N.Werner Koch2022-05-061-2/+6
| | | | | | | | | * scd/app-p15.c (any_control_or_space): Fix loop. -- This check is only done to avoid printing wrongly encoded S/N for human consumption. e
* scd:p15: Fix reading certificates without length info.Werner Koch2022-05-051-6/+23
| | | | | | * scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF object has no length info. Add debug output when reading a cert. (read_p15_info): No more need to disable extended mode for GeNUA cards.
* scd: New debug flags "card".Werner Koch2022-05-052-1/+4
| | | | | | | | | | * scd/scdaemon.c (debug_flags): Add "card". * scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New. -- Some information from parsing the card are often very helpful. However, the card_io triggered APDU dumps are in most cases too heavy. Thus this new debug flag.
* gpg: Minor robustness fix.Werner Koch2022-05-051-6/+9
| | | | | | | | * g10/parse-packet.c (mpi_read_detect_0_removal): Protect agains failed gcry_mpi_scan. -- Fixes-commit: 3fcef7371480cce392d690897d42955f1b19c12a
* tests: Add a test for Ed25519 keys for non-protected secret.NIIBE Yutaka2022-05-021-0/+69
| | | | | | | | | | | | * tests/openpgp/issue5120.scm: New. -- Applied the master commit of: 602c37ac0678d690a5b68d6c1749b8daa3d5f328 GnuPG-bug-id: 5120, 5953 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Handle leading-zeros private key for Ed25519.NIIBE Yutaka2022-04-281-1/+94
| | | | | | | | | | | * g10/parse-packet.c (mpi_read_detect_0_removal): New. (parse_key): Use mpi_read_detect_0_removal for PUBKEY_ALGO_EDDSA to tweak the checksum. -- GnuPG-bug-id: 5120 Signed-off-by: NIIBE Yutaka <[email protected]>
* Revert "gpg: Accept Ed25519 private key in SOS which reserves leading zeros."NIIBE Yutaka2022-04-281-74/+1
| | | | This reverts commit 14de7b1e5904e78fcbe413a82d0f19b750bd8830.
* po: Update Simplified Chinese Translation.bobwxc2022-04-281-52/+32
| | | | | | | -- Reviewed-by: NIIBE Yutaka <[email protected]> Signed-off-by: bobwxc <[email protected]>
* Post release updatesWerner Koch2022-04-253-1/+27
| | | | | | | | -- This also includes a speedo update for the Scute based authenticode thing which has been manually added to speedo.mk at the end of the release process of 2.2.35.
* Release 2.2.35gnupg-2.2.35Werner Koch2022-04-251-2/+5
|
* po: Fix a fuzzy in the German translationWerner Koch2022-04-251-4/+3
| | | | --
* po: Auto updateWerner Koch2022-04-2526-260/+375
| | | | --
* gpg: Avoid NULL ptr access due to corrupted packets.Werner Koch2022-04-251-6/+13
| | | | | | | | | * g10/parse-packet.c (parse_signature): Do not create an opaque MPI with NULL and length > 0 (parse_key): Ditto. -- GnuPG-bug-id: 5940, 5946
* agent: Not writing password into file.NIIBE Yutaka2022-04-251-35/+20
| | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke pattern check program. -- GnuPG-bug-id: 5917 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Emit an ERROR status as hint for a bad passphrase.Werner Koch2022-04-251-8/+20
| | | | | | | | | | | | | | * g10/mainproc.c (proc_symkey_enc): Issue new error code. (proc_encrypted): Ditto. -- This allows GPGME to return a better error message than "bad session key" to the user. Technically we could get run into these errors also in other cases but this more unlikley. For the command line use we don't do anything to not change the expected output of the command line interface. GnuPG-bug-id: 5943
* po: Update German translationWerner Koch2022-04-201-2/+8
| | | | --
* w32: Do no use Registry item DefaultLogFile for the main tools.Werner Koch2022-04-204-4/+5
| | | | | | | | | | | | | | | | * g10/gpg.c (main): Set LOG_NO_REGISTRY. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpgconf.c (main): Ditto. (show_other_registry_entries): Print "DefaultLogFile". -- The intention of this mostly forgotten registry entry was to allow for easy debugging of the tools. However, with the global config files (and in 2.3 with common.conf) things are anyway better. We disable the use for the commonly used tools so that it does not look like calling gpg on the command line seems to block with no output if the log server (e.g. tcp://1.2.3.4:11111) is not reachable.
* Prepare NEWS for the next releaseWerner Koch2022-04-141-0/+36
| | | | --
* gpg: Replace an assert by a log_fatal.Werner Koch2022-04-141-3/+6
| | | | | | * g10/build-packet.c (do_signature): Use log_fatal. -- GnuPG-bug-id: 5809
* scd: Minor code reorganizationWerner Koch2022-04-141-17/+22
| | | | | * scd/ccid-driver.c: Move struct defines to the top. (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
* scd: Fix memory leak in ccid-driver.Werner Koch2022-04-141-9/+9
| | | | | | | | | | | * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. -- Due to an assignment out of bounds this might lead to a crash if there are more than 15 readers. In any case it fixes a memory leak. Kudos to the friendly auditor who found that bug. Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
* scd:p15: Improve the PIN prompt for Genua cards.Werner Koch2022-04-131-4/+26
| | | | | | | * scd/app-p15.c (CARD_PRODUCT_GENUA): New. (cardproduct2str): Add it. (read_p15_info): Detect and set GENUA (make_pin_prompt): Take holder string from the AODF.
* scd:p15: Support for GeNUA cards.Werner Koch2022-04-131-1/+10
| | | | | * scd/app-p15.c (read_p15_info): Disable extended mode for Genua cards.
* scd:p15: Prepare AODF parsing for other authentication types.Werner Koch2022-04-131-329/+372
| | | | | | | | | | | | | | * scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of changes are just indentation changes. There should be no functional change. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e387cc97c82313457e4f79729a137e5871891bc1)
* scd:p15: Add basic support for AET JCOP cards.Werner Koch2022-04-131-5/+46
| | | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_AET): New. (cardtype2str): Add string. (card_atr_list): Add corresponding ATR. (app_local_s): New flag no_extended_mode. Turn two other flags into bit flags. (select_ef_by_path): Hack to handle the 3FFF thing. (readcert_by_cdf): Do not use extended mode for AET. (app_select_p15): Set no_extended_mode. --- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 544ec7872aed24c296ea34fac777eca287f7bb47)
* common,unix: Backport dotlock changes from GnuPG 2.3.NIIBE Yutaka2022-03-291-20/+57
| | | | | | | | | | | | * common/dotlock.c (read_lockfile): Return FD in R_FD. (dotlock_take_unix): Fix a race condition by new read_lockfile and checking with fstat. Describe one race condition in comment. (dotlock_release_unix): Follow the change of read_lockfile. -- GnuPG-bug-id: 5884 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Escape more characters in WKD requests.Werner Koch2022-03-281-1/+1
| | | | | | * dirmngr/server.c (proc_wkd_get): Also escape '#' and '+' -- GnuPG-bug-id: 5902
* gpgtar: New option --with-logWerner Koch2022-03-226-38/+56
| | | | | | | | | | * tools/gpgtar.c: New option --with-log. * tools/gpgtar.h (opt): Add field with_log. * tools/gpgtar-extract.c (gpgtar_extract): Move directory string building up. Add option --log-file if needed. * tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it is used outside of its scope. * tools/gpgtar-list.c (gpgtar_list): Ditto.
* dirmngr: Make WKD_GET work even for servers not handling SRV RRs.Werner Koch2022-03-211-1/+8
| | | | | | | | | | | * dirmngr/server.c (proc_wkd_get): Take care of DNS server failures -- Unfortunately there are resolver setups which don't handle SRV records but return a server error. We let a not found error pass, because that merely means the domain does not exists. GnuPG-bug-id: 4729
* gpgtar: Finally use a pipe for decryption.Werner Koch2022-03-216-137/+266
| | | | | | | | | | | | | | | | * tools/gpgtar.h (opt): Add new flags. * tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and --require-compliance. (main): Init signals. * tools/gpgtar-create.c: Add new header files. (gpgtar_create): Rework to use a pipe for encryption and signing. * tools/gpgtar-list.c: Add new header files. (gpgtar_list): Rework to use a pipe for decryption. * tools/gpgtar-extract.c: Add new header files. (gpgtar_extract): Rework to use a pipe for decryption. -- Fixes-commit: 40dbee86f3043aff8a8c2055521e270318e33068
* gpg: Print info about the used AEAD algorithm.Werner Koch2022-03-183-2/+22
| | | | | | | | | | | | | | | | | | * g10/misc.c (openpgp_cipher_algo_mode_name): New. * g10/decrypt-data.c (decrypt_data): Use function here. -- With out this change we would see gpg: cipher algorithm 'AES256' may not be used in --compliance=de-vs mode This is confusing because AES256 is compliant. Now we see gpg: cipher algorithm 'AES256.OCB' may not be used in --compliance=de-vs mode which gives a hint on the problem.
* common: New function map_static_stringsWerner Koch2022-03-184-5/+86
| | | | | | | | | * common/mapstrings.c (struct intmapping_s): New. (map_static_strings): New. * common/stringhelp.c (do_strconcat): Rename to ... (vstrconcat): this and make global. * common/t-mapstrings.c (test_map_static_strings): New test.
* gpg: Allow decryption of symencr even for non-compliant cipher.Werner Koch2022-03-185-18/+47
| | | | | | | | | | | | | | | | | | | | | | * g10/decrypt-data.c (decrypt_data): Add arg compliance_error. Adjust all callers. Fail on compliance error only in --require-compliance mode. Make sure to return an error if the buffer is missing; actually that should be an assert. * g10/mainproc.c (proc_encrypted): Delay printing of the compliance mode status. Consult the compliance error now returned by decrypt_data. -- The actual case here is that we fail hard if a message has been AEAD encrypted with one AEAD capable key and also with one passphrase. In general the preference system takes care of not using AEAD if one recipient's key does not support it. However, if the sender uses her own AEAD-capable key _and_ a passphrase the message will be AEAD encrypted. This change allows to decrypt that anyway along with a warning message. Note that this does currently not work in 2.3 due to a non-compliant libgcrypt. We will however, backport this to 2.2.
* common: New flags for gnupg_spawn_processWerner Koch2022-03-153-9/+29
| | | | | | | | | * common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New. (GNUPG_SPAWN_KEEP_STDOUT): New. (GNUPG_SPAWN_KEEP_STDERR): New. * common/exechelp-posix.c (do_exec): Add arg flags and implement new flags. * common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.
* gpgconf: Silence warnings from parsing the options filesWerner Koch2022-03-091-2/+3
| | | | | | | | | | | * tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose flag for the arg parser only in --verbose mode. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ad1254b59d41e127879fc9f495d392316135b4a5) GnuPG-bug-id: 5874
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 08:20:01 +0000