aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.2.42gnupg-2.2.42Werner Koch2023-11-281-1/+1
|
* po: Update po filesWerner Koch2023-11-2826-231/+530
| | | | | * g10/keyserver.c (keyserver_refresh): Use ngettext to avoid msgmerge warnings.
* gpgsm: Set validity flag in keylisting to n for untrusted root cert.Werner Koch2023-11-271-0/+2
| | | | | | | | * sm/keylist.c (list_cert_colon): Map not_trusted to 'n' for non-root certs like we do for root certs. -- GnuPG-bug-id: 6841
* scd:openpgp: Print a diagnostic for the use of default ECDH params.Werner Koch2023-11-231-10/+7
| | | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Remove the useless check and print a diagnostic if the default params are used. -- Note that here in 2.2 we use different default ECDH parameters than in 2.4 (AES192 instead of AES256 for 384 bit curves). GnuPG-bug-id: 6378
* Update NEWSWerner Koch2023-11-211-0/+2
| | | | --
* agent: Update the key file only if changed (slight return).Werner Koch2023-11-211-13/+52
| | | | | | | | | | * agent/findkey.c (read_key_file): Add optional arg r_orig_key_value to return the old Key value. Change all callers. (agent_write_private_key): Detect whether the Key entry was really changed. -- GnuPG-bug-id: 6829
* agent: Update the key file only if not changed.Werner Koch2023-11-213-8/+56
| | | | | | | | | | | | | | | | | | | | * common/name-value.c (struct name_value_container): Add flag "modified". (nvc_modified): New. (nvc_new): Set flag. (_nvc_add): Set flag. (nvc_delete): Set flag. (nve_set): Add arg PK. Change the caller. Check whether to change at all. * agent/findkey.c (agent_write_private_key): Update only if modified. -- This helps software which uses a file system watcher to track changes to private keys. In particular smartcard triggered changes are a problem for such software because this may at worst trigger another smartcard read. GnuPG-bug-id: 6829
* po: Update Japanese Translation.NIIBE Yutaka2023-11-201-2/+6
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update the German translationWerner Koch2023-11-171-16/+32
| | | | --
* w32: Actually add the manifest to the dirmngr.Werner Koch2023-11-151-1/+1
| | | | | | | | * dirmngr/Makefile.am (dirmngr_LDADD): Fix type in dirmngr_rc_objs. -- We had a dependency but due to the typo the resource file was not linked.
* gpg,gpgsm: Hide password in debug output also for asked passwords.Werner Koch2023-11-142-1/+10
| | | | | | | | | | | | | * g10/call-agent.c (agent_get_passphrase): Call assuan_begin_confidential and assuan_end_confidential. * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto. -- GnuPG-bug-id: 6654 The drawback of this solution is that we don't see any IPC lines from the assuan_transact. Everything else would require larger changes to libassuan.
* gpgsm: Re-introduce the bad passphrase hint for pkcs#12.Werner Koch2023-11-141-0/+2
| | | | | | * sm/minip12.c (parse_bag_encrypted_data): Set the badpass flag. (parse_shrouded_key_bag): Ditto. --
* Update NEWS.Werner Koch2023-11-101-0/+2
| | | | --
* gpg,sm: Set confidential in assuan communication for password.NIIBE Yutaka2023-11-102-0/+4
| | | | | | | | | | | | | | * g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential and assuan_end_confidential. * sm/call-agent.c (default_inq_cb): Likewise. -- Cherry pick from master commit of: ec1446f9446506b5fbdf90cdeb9cbe1f410a657e GnuPG-bug-id: 6654 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgsm: Support ECDSA in de-vs mode.Werner Koch2023-11-086-6/+18
| | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_ECC18): New. * common/compliance.c (gnupg_pk_is_allowed): Implement. * sm/decrypt.c (gpgsm_decrypt): Pass new flag. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6802
* gpgsm: Cleanup of legacy variable name use.Werner Koch2023-11-082-117/+89
| | | | | | | | | | * sm/encrypt.c (gpgsm_encrypt): Unify use of RC and ERR. * sm/sign.c (gpgsm_sign): ditto. -- Initially we didn't used the gpg_error_t thingy and while migrating we sometimes used RC and ERR for tracking the error. This is pretty error prone and thus we better remove it (after 20 years).
* scd:openpgp: Fix a segv for cards supporting unknown curves.Werner Koch2023-11-071-2/+2
| | | | | | | | | | * common/openpgp-oid.c (get_keyalgo_string): Do not strdup NULL. -- Cherry pick 2.4/master commit of: 385f4841330e277949ddf2f13939b97481d2d29c GnuPG-bug-id: 5963
* w32: Use utf8 for the asctimestamp function.Werner Koch2023-10-272-1/+6
| | | | | | | | * common/gettime.c (asctimestamp) [W32]: Use ".UTF8" for the locale. -- This has been suggested by the reporter of GnuPG-bug-id: 6741
* gpg: Pass ECDH parameters to OpenPGP smartcardsWerner Koch2023-10-276-11/+68
| | | | | | | | | | | | | | * g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str. * g10/keyid.c (ecdh_param_str_from_pk): New. * g10/card-util.c (card_store_subkey): Pass ECDH params to writekey. * g10/keygen.c (card_store_key_with_backup): Ditto. -- Backported from 2.4 - here the gpg part. See-commit: c03ba92576e34f791430ab1c68814ff16c81407b This is related to GnuPG-bug-id: 6378
* agent: Add optional ecdh parameter arg to KEYTOCARD.Werner Koch2023-10-275-71/+127
| | | | | | | | | | | | | | | | | | | | | * agent/command.c (KEYTOCARD_TIMESTAMP_FORMAT): Remove and use format string direct. (cmd_keytocard): Change timestamp to an u64 and use the new u64 parser functions. Use split_fields. Add ecdh parameter stuff. Take the default timestamp from the keyfile. * agent/findkey.c (agent_key_from_file): Add arg timestamp and set it. Adjust all callers. -- This is backport from 2.4 but only the agent part. We consider it more relibale if we also pass the ECDH parameters along in 2.2. Adding the timestamp stuff should not harm either. Because we now have the u64 time string parser, we use them here. See-commit: c03ba92576e34f791430ab1c68814ff16c81407b See-commit: c795be79c14fac01b984bdc2e2041d2141f27612 This patch is somewhat related to: GnuPG-bug-id: 6378, 5538
* gpg: Allow expiration time after 2013-01-19 on 32 bit Windows.Werner Koch2023-10-261-7/+18
| | | | | | | | * g10/keygen.c (parse_expire_string): Use isotime2epoch_u64. (parse_creation_string): Ditto. -- GnuPG-bug-id: 6736
* common: New functions timegm_u64, isotime2epoch_u64.Werner Koch2023-10-264-154/+176
| | | | | | | | | | | | | | | | | | | * common/mischelp.c (timegm): Move to ... * common/gettime.c (timegm): here. On Windows use timegm_u32. (timegm_u32): New. (isotime2epoch): Factor code out to ... (isotime_make_tm): new helper. (isotime2epoch_u64): New. (_win32_timegm): Remove duplicated code. (parse_timestamp): Use of timegm. (scan_isodatestr): Fallback to isotime2epoch_u64. -- This mainly helps on 32 bit Windows. For Unix we assume everyone is using 64 bit or shall wait until the libc hackers finally provide a time64_t. GnuPG-bug-id: 6736
* build: Add mising file for make distcheck.Werner Koch2023-10-251-0/+1
| | | | 00
* Add new NEWS itemsWerner Koch2023-10-251-0/+5
| | | | --
* sm: Flag Brainpool curves as compliant for all other operations.Werner Koch2023-10-247-23/+25
| | | | | | | | | | | | | | * sm/fingerprint.c (gpgsm_get_key_algo_info2): Rename to (gpgsm_get_key_algo_info): this. Remove the old wrapper. Adjust all callers. * sm/decrypt.c (gpgsm_decrypt): Pass the curve to the compliance checker. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6253
* sm: Flag Brainpool curves as compliant.Werner Koch2023-10-241-3/+3
| | | | | | | | * sm/keylist.c (print_compliance_flags): Add arg curve. (list_cert_colon): Pass curve to the compliance check. -- GnuPG-bug-id: 6253
* sm: Another partly rewrite of minip12.cWerner Koch2023-10-243-180/+336
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize. Remove pop_count. Rename offset to length. (dump_tag_info, _dump_tag_info): Rewrite. (dump_tlv_ctx, _dump_tlv_ctx): Rewrite. (tlv_new): Init origbuffer. (_tlv_peek): Add arg ti. (tlv_peek): New. (tlv_peek_null): New. (_tlv_push): Rewrite. (_tlv_pop): Rewrite. (tlv_next): New macro. Move old code to ... (_tlv_next): this. Add arg lno. Pop remaining end tags. (tlv_popped): Remove. (tlv_expect_object): Handle ndef. (tlv_expect_octet_string): Ditto. (parse_bag_encrypted_data): Use nesting level to control the inner loop. (parse_shrouded_key_bag): Likewise. (parse_bag_data): Handle surplus octet strings. (p12_parse): Ditto. * sm/minip12.c (decrypt_block): Strip the padding. (tlv_expect_top_sequence): Remove. Replace callers by tlv_expect_sequence. * tests/samplekeys/t6752-ov-user-ff.p12: New sample key. * tests/samplekeys/Description-p12: Add its description -- This patch improves the BER parser by simplifying it. Now tlv_next pops off and thus closes all containers regardless on whether they are length bounded or ndef. tlv_set_pending is now always used to undo the effect of a tlv_next in a loop condition which was terminated by a nesting level change. Instead of using the length as seen in the decrypted container we now remove the padding and let the BER parser do its work. This might have a negative effect on pkcs#12 objects which are not correctly padded but we don't have any example of such broken objects. GnuPG-bug-id: 6752
* sm: Minor robustness fix for a regression test.Werner Koch2023-10-171-1/+4
| | | | | | | | | * sm/t-minip12.c (run_one_test): Don't hash if we have no parameters at all. -- This fix handles the case that an empty result array is returned by minip12.c
* sm: Support import of PKCS#12 encoded ECC private keys.Werner Koch2023-10-171-31/+76
| | | | | | | | | | | * sm/import.c (parse_p12): Support ECC import. -- Although I extended the parser and its test the actual import missed the required code. GnuPG-bug-id: 6253 Backported-from-master: 8dfef5197af9f655697e0095c6613137d51c91e7
* build: Extend autobuild diagnostics by the usernameWerner Koch2023-10-161-0/+3
| | | | | | | | | * m4/autobuild.m4 (AB_INIT): Add username. -- The old autobuild diagnostics show up in build logs. What they are missing is an information on the user who triggered a build. EMAIL is a common thing to denote the actual user using a service account.
* gpg: Allow to specify seconds since Epoch beyond 2038.Werner Koch2023-10-141-3/+10
| | | | | | | | | | | * g10/keygen.c (parse_expire_string_with_ct): Use new function scan_secondsstr. (parse_creation_string): Ditto. -- Noet that we cap the seconds at the year 2106. GnuPG-bug-id: 6736
* common: New function scan_secondsstr.Werner Koch2023-10-144-2/+76
| | | | | | | * common/gettime.c (scan_secondsstr): New. * common/t-gettime.c (test_scan_secondsstr): (main): Call it.
* scd:openpgp: Use a special compare for the serialno.Werner Koch2023-10-111-2/+9
| | | | | | | | | | | | | | * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also compare case insensitive. (do_learn_status): Add mssing error handling. -- This is required because we changed what we emit as serialno of OpenPGP cards but existing keys still use the old form of the serial number (i.e. with a firmware version). This is so that existing stub keys of gpg-agent will continue to work. GnuPG-bug-id: 5100
* scd:openpgp: Allow the reading the key by keygrip.Werner Koch2023-10-111-4/+39
| | | | | | | | | * scd/app-openpgp.c (do_readkey): Allow the keygrip for the keyid. Use case insensitive match forthe keyid. (do_readcert): Allow the keygrip for the keyid. -- This patch is only to sync ths up with master.
* scd:openpgp: Extend KEYPAIRINFO with an algorithm string.Werner Koch2023-10-111-7/+56
| | | | | | | | * scd/app-openpgp.c (retrieve_fprtime_from_card): New. (send_keypair_info): Add more to KEYPAIRINFO. -- This is mainly needed to sync this version with master.
* scd:openpgp: Use shared fucntion for the dispserialno.Werner Koch2023-10-111-32/+46
| | | | | | | | | | | | | * scd/app-openpgp.c (wipe_and_free): New. (wipe_and_free_string): New. (get_disp_serialno): Remove. Replace callers by function app_get_dispserialno. (get_usage_string): New. (send_keypair_info): Use new function. -- The new function has the same behaviour. The wipe functions are not yet used.
* scd:openpgp: Some comment updatesWerner Koch2023-10-101-18/+29
| | | | --
* scd: Add handling of "Algorithm Information" DO.NIIBE Yutaka2023-10-101-0/+1
| | | | | | | | | | | | | | * cd/app-openpgp.c (data_objects): Add 0x00FA. (do_getattr): Add KEY-ATTR-INFO. -- See the section 4.4.3.11 Algorithm Information in the OpenPGP card functional specification version 3.4.1. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 90d0072165cc5c6888f14462392a211de0c4b232) Some parts where already here.
* scd:openpgp: New KEY-STATUS attribute.Werner Koch2023-10-101-1/+2
| | | | | | | | * scd/app-openpgp.c (do_getattr): Return KEY-STATUS -- (cherry picked from commit 21496761226c1020a98e3ec7dd2b9dd013d4386b) Some things from the original commit where already here.
* scd:openpgp: Add attribute "UIF" for convenience.Werner Koch2023-10-101-7/+13
| | | | | | | | | | | | | * scd/app-openpgp.c (do_getattr): New attrubute "UIF". (do_learn_status): Use that. -- Actually this is not just convenience but will make it easier to add new keys to an openpgp card - we will need to change this only at one place. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 11f0700282c1eeaee8db6686c38aca0900271351)
* scd: Add handling of Ed448 key.NIIBE Yutaka2023-10-101-13/+12
| | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add ecc.algo field. (send_key_attr): Use ecc.algo field. (ecc_read_pubkey): Use ecc.algo field. (ecc_writekey): Ed448 means EdDSA. (parse_algorithm_attribute): Set ecc.algo field from card. Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag. -- There used to be a possible support of Ed25519 with ECDSA, (instead of EdDSA). To distinguish key for Ed25519 for EdDSA, we use the flag: (flags eddsa). Ed448 has no support for ECDSA and defaults to EdDSA even if no such flag. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit b743942a9719be59f1da67cd338248fe7ee5aeab)
* scd:openpgp: Support the ecdh-params arg for writing keys.Werner Koch2023-10-101-20/+72
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to compute the fingerprint. Add a default for use by gnupg 2.2. (store_fpr): Add arg update. (rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid writing the fingerprint back to the card if not set. (read_public_key): Also add arg meta_update. (get_public_key): Do not pass it as true here... (do_genkey): ... but here. -- This is based on commit c03ba92576e34f791430ab1c68814ff16c81407b and done here to ease backporting. There is no functional change. GnuPG-bug-id: 6378
* scd:openpgp: Handle wrong error return code of Yubikey.Werner Koch2023-10-101-5/+6
| | | | | | | | | | * scd/app-openpgp.c (get_public_key): Handle wrong error code by Yubikeys. -- This has been taken from commits 0db9c83555b4a8a0c52f96e96ec20dbfd3d75272 946555ea3ceb823b95ed13654ae4fd667daa4337
* scd: Fix description string.NIIBE Yutaka2023-10-101-2/+2
| | | | | | | * scd/app-openpgp.c (data_objects): Capitalize the word for usage. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit e6b7e0ff9990813ac9f11b2d9d92596d6379ebfe)
* scd:openpgp: Support UIF changing command.NIIBE Yutaka2023-10-101-4/+22
| | | | | | | | | | | | | | | | | | | * g10/card-util.c (uif, cmdUIF): New. (card_edit): Add call to uif by cmdUIF. * scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3. (do_setattr): Likewise. (do_learn_status): Learn UIF-1, UIF-2, and UIF-3. -- GnuPG-bug-id: 4158 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 0cb65564e022fface5ada4de8e0c2c4c3d0ac8ad) Also included the relevant part from commit 0240345728a84d8f235ce05889e83963e52742eb Note that this patch is mainly to simplifying backporting and not to support the UIF.
* scd:openpgp: Small speedup reading card properties.Werner Koch2023-10-101-2/+19
| | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add new flag. (get_cached_data): Force chace use if flag is set. (app_select_openpgp): Avoid reading DO 6E multiple times. -- The do not cache property of 6E was introduced so that we can change for example key attributes without getting into with the cache. However, for initial reading the cache makes a lot of sense and thus we now use this hack to only temporary cache. A better strategy would be to clear the cache when we change card data but that is more error prone. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d5fb5983232cf4d60cf6aa00d0ae5a16cf948e19)
* scd:openpgp: Allow reading and writing user certs for keys 1 and 2Werner Koch2023-10-103-22/+127
| | | | | | | | | | | | | | | * scd/iso7816.c (CMD_SELECT_DATA): New. (iso7816_select_data): New. * scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2 (do_writecert): Ditto. (do_setattr): Add CERT-1 and CERT-2. -- This has been tested with a Zeitcontrol 3.4 card. A test with a Yubikey 5 (firmware 5.2.6) claiming to support 3.4 failed. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 37b1c5c2004c1147a13b388863aaa8f0caf7d71f)
* scd: Allow standard keyref scheme for app-openpgp.Werner Koch2023-10-101-0/+11
| | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with "OPENPGP." -- The generic keyref allows for better error detection in case a keyref is send to a wrong card. This has been taken from master commit 3231ecdafd71ac47b734469b07170756979ede72 which has additional changed for gpg-card-tool, which is only available there. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 6651a0640d0f1b4dd161210dc55974d9b93b7253)
* scd:openpgp: Support GET DATA response with no header for DO 0x00FA.NIIBE Yutaka2023-10-101-2/+2
| | | | | | | | * scd/app-openpgp.c (do_getattr): Support Gnuk, as well. -- Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 43bbc25b0f57dec24412886ff46041e0b1f3de26)
* scd:openpgp: Pass arg ctrl to more functions.Werner Koch2023-10-101-50/+49
| | | | | | | | | | | | | | | * scd/app-openpgp.c (verify_a_chv): Add currently unused arg ctrl. Adjust callers. (verify_chv3): Ditto. (verify_chv2): Add arg ctrl. Adjust callers. (change_keyattr): Ditto. (change_rsa_keyattr): Ditto. (change_keyattr_from_string): Ditto. (rsa_writekey): Ditto. (ecc_writekey): Ditto. -- This helps in backporting from master.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 22:30:31 +0000