aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.2.45gnupg-2.2.45Werner Koch2024-10-222-11/+5
|
* po: msgmergeWerner Koch2024-10-2225-98/+1006
| | | | --
* po: Update German translationWerner Koch2024-10-221-5/+37
| | | | --
* dirmngr: Print a brief list of URLs with LISTCRLS.Werner Koch2024-10-143-0/+10
| | | | | | | | | | * dirmngr/crlcache.c (crl_cache_list): Print a summary of URLs. * sm/call-dirmngr.c (gpgsm_dirmngr_run_command): Print a notice to stdout if the dirmngr has been disabled. -- GnuPG-bug-id: 7337
* gpgsm: Fix cached istrusted lookup.Werner Koch2024-10-101-0/+2
| | | | | | | | * sm/call-agent.c (gpgsm_agent_istrusted): Actually set istrusted list. -- Fixes-commit: 9087c1d3637cf1c61744ece0002dc0dc5675d7c9
* gpg: Emit status error for an invalid ADSK.Werner Koch2024-10-072-0/+3
| | | | | | | | | * g10/keygen.c (prepare_adsk): Emit status error. -- This is useful for GPGME. GnuPG-bug-id: 7322
* gpgsm: Add compatibility flag no-keyinfo-cacheWerner Koch2024-10-043-0/+9
| | | | | | | * sm/gpgsm.c (compatibility_flags): Add flag. * sm/gpgsm.h (COMPAT_NO_KEYINFO_CACHE): New. * sm/call-agent.c (gpgsm_agent_istrusted): Act upon it. (gpgsm_agent_keyinfo): Ditto.
* gpgsm: Implement a cache for the KEYINFO queries.Werner Koch2024-10-044-20/+154
| | | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (struct keyinfo_cache_item_s): New. (struct server_control_s): Add keyinfo_cache and keyinfo_cache_valid. * sm/call-agent.c (keyinfo_cache_disabled): New flag. (release_a_keyinfo_cache): New. (gpgsm_flush_keyinfo_cache): New. (struct keyinfo_status_parm_s): New. (keyinfo_status_cb): Implement a fill mode. (gpgsm_agent_keyinfo): Implement a cache. * sm/server.c (reset_notify): Flush the cache. * sm/gpgsm.c (gpgsm_deinit_default_ctrl): Ditto. -- In almost all cases we have just a few private keys in the agent and thus it is better to fetch them early. This does not work in a restricted connection but we take care and disable the cache in this case. This cache gives a a minor speed up. GnuPG-bug-id: 7308 (cherry picked from commit 241971fac0fc52efc87ed5753a01d18b0672d900)
* gpgsm: Use a cache for ISTRUSTED queries.Werner Koch2024-10-041-19/+122
| | | | | | | | | | | | | | | | | | * sm/call-agent.c (struct istrusted_cache_s): New. (istrusted_cache, istrusted_cache_valid): New. (istrusted_cache_disabled): New. (flush_istrusted_cache): New. (struct istrusted_status_parm_s): New. (istrusted_status_cb): Fill the cache. (gpgsm_agent_istrusted): Implement a cache. -- Not a really measurable performance improvements on Linux but maybe somewhat on Windows (not yet tested). However, it does not clutter the log files with IPC calls returning NOT_TRUSTED. GnuPG-bug-id: 7308 (cherry picked from commit ef2be95258d2e02659e96f6c4df5a9a1a233c8fd)
* agent: Add option --status to the LISTRUSTED command.Werner Koch2024-10-043-16/+60
| | | | | | | | | | | | | | | * agent/trustlist.c (istrusted_internal): Add arg listmode and print new status line in this mode. Adjust callers. (agent_listtrusted): Add new args ctrl and status_mode. Get all trusted keys and then call is_trusted_internal for all of them. * agent/command.c (cmd_listtrusted): Add new option --status. -- This allows in a non-restricted connection to list all trusted keys in one go. (cherry picked from commit 4275d5fa7a51731544d243ba16628a9958ffe3ce)
* Update NEWSWerner Koch2024-10-011-0/+27
| | | | --
* gpgsm: Possible improvement for some rare P12 files.Werner Koch2024-10-011-1/+1
| | | | | | | | | | | * sm/minip12.c (parse_shrouded_key_bag): Increase size of salt buffer. -- Reported on the mailing list. The change does not seem to have a big regression risk, thus applied. See below for the mail # ------------------------ >8 ------------------------ https://lists.gnupg.org/pipermail/gnupg-users/2024-September/067312.html
* gpgconf: Allow listing of some new optionsWerner Koch2024-10-011-0/+3
| | | | | | | | | -- Also one old option. GnuPG-bug-id: 6882 (cherry picked from commit df977729ff3879fdeab7bce339b95ee3fd8ecc42)
* gpgsm: Use a cache to speed up parent certificate lookup.Werner Koch2024-09-304-8/+125
| | | | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New. (struct cert_cache_item_s, cert_cache_item_t): New. (struct server_control_s): Add parent_cert_cache. * sm/gpgsm.c (compatibility_flags): Add "no-chain-cache". (parent_cache_stats): New. (gpgsm_exit): Print the stats with --debug=memstat. (gpgsm_deinit_default_ctrl): Release the cache. * sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates. (do_validate_chain): Ditto. -- This gives another boost of 30% (from 6.5 to 4.0 seconds in the test environment with ~1000 certs). do_validate_chain actually brings us the speedup becuase the gpgsm_walk_cert_chain is not used during a key listing. For the latter we actually cache all certificates because that was easier. GnuPG-bug-id: 7308 Adjusted for 2.2: - Add gpgsm_deinit_default_ctrl - Remove ctrl arg from keydb_new
* sm: Optmize clearing of the ephemeral flag.Werner Koch2024-09-272-0/+25
| | | | | | | | | | * kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the cert object. * sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral flag if we know that it is not set. -- GnuPG-bug-id: 7308
* gpg: Add magic parameter "default" to --quick-add-adsk.Werner Koch2024-09-266-17/+117
| | | | | | | | | | | * g10/getkey.c (has_key_with_fingerprint): New. * g10/keyedit.c (menu_addadsk): Replace code by new function. (keyedit_quick_addadsk): Handle magic arg "default". * g10/keygen.c (append_all_default_adsks): New. -- GnuPG-bug-id: 6882 (cherry picked from commit 77afc9ee1c75a28083edf6d98888f9b472c3e39d)
* gpg: New command --quick-add-adskWerner Koch2024-09-264-1/+89
| | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add aQuickAddADSK. (opts): Add --quick-add-adsk. (main): Call the actual function. * g10/keyedit.c (keyedit_quick_addadsk): New. (menu_addadsk): Add arg adskfpr and change caller. -- GnuPG-bug-id: 6395 (cherry picked from commit 9f27e448bf1f825906f3c53e3428087d34bbd8fc)
* gpg: New option --default-new-key-adsk and "addadsk" for edit-key.Werner Koch2024-09-2612-56/+496
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/free-packet.c (copy_public_key): Factor some code out to ... (copy_public_key_basics): new. * keygen.c (keygen_add_key_flags_and_expire): Rewrite and make public. * g10/keyedit.c (enum cmdids): Add cmdADDADSK. (keyedit_menu): Add command "addadsk". (menu_addadsk): New. * g10/options.h (opt): Add field def_new_key_adsks. * g10/gpg.c (oDefaultNewKeyADSK): New. (opts): Add --default-new-key-adsk. (main): Parse option. * g10/keyedit.c (menu_addadsk): Factor some code out to ... (append_adsk_to_key): new. Add compliance check. * g10/keygen.c (pADSK): New. (para_data_s): Add adsk to the union. (release_parameter_list): Free the adsk. (prepare_adsk): New. (get_parameter_adsk): New. (get_parameter_revkey): Remove unneeded arg key and change callers. (proc_parameter_file): Prepare adsk parameter from the configured fingerprints. (do_generate_keypair): Create adsk. -- GnuPG-bug-id: 6882 (cherry picked from commit ed118e2ed521d82c1be7765a0a19d5b4f19afe10) and modified to adjust to other code changes
* common: New function tokenize_to_strlist.Werner Koch2024-09-253-18/+292
| | | | | | | | | | * common/strlist.c (append_to_strlist_try): Factor code out to ... (do_append_to_strlist): new. (tokenize_to_strlist): New. * common/t-strlist.c (test_tokenize_to_strlist): New. (cherry picked from commit d2dca58338a4936b293c3ec6be4572d0e74b6a0d)
* common:w32: Don't expose unused functions.NIIBE Yutaka2024-09-252-2/+12
| | | | | | | | | | | * common/exechelp.h [HAVE_W32_SYSTEM] (get_max_fds): Don't expose. (close_all_fds, get_all_open_fds): Likewise. * common/exechelp-w32.c: Don't expose unused functions. -- GnuPG-bug-id: 7293 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Exclude expired trusted keys from the key validation process.Werner Koch2024-09-251-14/+47
| | | | | | | | | | | | | | | * g10/trustdb.c (copy_key_item): New. (validate_keys): Use a stripped down UTK list w/o expired keys. -- This patch makes sure that an expired trusted key is not used for trust computation. The test case is to delete a trusted key from the keyring, import a copy of that key which has already expired, check that a signed key is not anymore fully trusted and finally import a prolonged version of the trusted key and check that the signed key is now again fully trusted. GnuPG-bug-id: 7200
* gpg: Validate the trustdb after the import of a trusted key.Werner Koch2024-09-251-4/+16
| | | | | | | | | | | | | * g10/import.c (import_one_real): Rename non_self to non_self_or_utk. If not set after chk_self_sigs check whether the imported key is an ultimately trusted key. -- The revalidation mark was only set if the imported key had a new key signature. This is in general correct but not if the imported key is a trusted key. GnuPG-bug-id: 7200
* gpg: Remove useless variable in validate_keys.Werner Koch2024-09-251-30/+34
| | | | | | | | | | | * g10/trustdb.c (store_validation_status): Remove arg 'stored'. (validate_keys): Remove keyhashtable 'stored' which was never used. -- This has been here since 2003. The variable was never evaluated - only stored. Also added some comments.
* gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.Werner Koch2024-09-192-5/+10
| | | | | | | | | | | | | | | | | | | | | | * g10/decrypt-data.c (struct decode_filter_context_s): Add flag checktag_failed. (aead_checktag): Set flag. (decrypt_data): Initially clear that flag and check the flag after the decryption. * g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based check. -- This fixes a bug where for an OCB encrypted and signed message with the signing key missing during decryption the DECRYPTION_FAILED status line was printed along with "WARNING: encrypted message has been manipulated". This was because we use log_error to show that the signature could not be verified due to the missing pubkey; the original fix looked at the error counter and thus triggered the decryption failed status. Fixes-commit: 82b39fe254703776209cebb88f428bf2d1eb596b GnuPG-bug-id: 7042
* agent: Fix detection of the trustflag de-vs.Werner Koch2024-09-171-1/+1
| | | | | | | | * agent/trustlist.c (read_one_trustfile): Fix comparison. -- Fixes-commit: 6d45fcdd3c3e8d039b05f7276e7619c19fc957d1 GnuPG-bug-Id: 5079
* gpg: Don't bail out for unknown subkey packet versions.Werner Koch2024-09-122-2/+6
| | | | | | | | | | | | | | | | | * g10/import.c (read_block): Don't show a warning for unbnown version also for non-primary-key packets. * g10/parse-packet.c (parse_key): Use log_info for unsupported v5 packets. -- This fixes the problem that 2.2 can't import keys with a v5 subkey. This fix allows a gnupg 2.6. version to export a key with an additional PQC subkey and 2.2 can still import the other subkeys. The second patch avoids that gpg returns with an error code. Updates-commit: de70a2f377c1647417fb8a2b6476c3744a901296
* agent: Fix KEYTOCARD for the use case with loopback pinentry.NIIBE Yutaka2024-09-031-0/+7
| | | | | | | | | * agent/command.c (cmd_keytocard): Copy LINE. -- GnuPG-bug-id: 7283 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: Add missing linefeed to the -X output.Werner Koch2024-09-031-1/+11
| | | | * tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.
* gpg: New option --proc-all-sigsWerner Koch2024-08-235-1/+21
| | | | | | | | | | | | | | * g10/options.h (flags): Add proc_all_sigs. * g10/mainproc.c (check_sig_and_print): Do not stop signature checking if this new option is used. * g10/gpg.c (oProcAllSigs): New. (opts): Add "proc-all-sigs". (main): Set it. -- GnuPG-bug-id: 7261 Backported-from-master: 1eb382fb1f431575872b47dc160807858b7df3e5 (cherry picked from commit cb739bb2a5796b8d48cbb92c615538bf53bcd482)
* w32: Add two more registry entries for use with -XWerner Koch2024-08-211-0/+2
| | | | * tools/gpgconf.c (show_other_registry_entries): Add entries.
* Post release updatesWerner Koch2024-08-162-1/+7
| | | | --
* Release 2.2.44gnupg-2.2.44Werner Koch2024-08-124-5/+25
|
* speedo,w32: Add extra flags for gpgrt and fix SO name of libassuan.Werner Koch2024-08-122-3/+5
| | | | | | | | | | | | -- Due to the recently introduced use of STARTUPINFOEXW in gpgrt we now need at least Windows Vista. Version 8 of Mingw defaults to XP SP2 which requires us to explicit override that default. The SO number of libassuan needs an update too. (cherry picked from commit d56b63a66181b4f029e91dcea095e9eb149895b7)
* gpgconf: Print the full commit id.Werner Koch2024-08-123-43/+75
| | | | | | | | | | * autogen.sh: Update to version 2024-07-04 from libgpg-error. * configure.ac (BUILD_REVISION): Rename the ac_define by BUILD_COMMITID. * tools/gpgconf.c (show_version_gnupg): Use it here. -- (cherry picked from commit 736579331b14035db5b857812d18b493678f7769)
* po: msgmergeWerner Koch2024-08-1225-0/+124
| | | | --
* po: Add German translation for a new string.Werner Koch2024-08-121-1/+5
| | | | --
* gpg: Improve decryption diagnostic for an ADSK key.Werner Koch2024-08-124-8/+37
| | | | | | | | | | | | | | | | | | | | | * g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant. * g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant. * g10/pubkey-enc.c (get_it): Print a note if an ADSK key was used. Use the new get_pubkeyblock flag. * g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk. (get_pubkeyblock): Factor all code out to ... (get_pubkeyblock_ext): new. (finish_lookup): Add new arg allow_adsk and make use of it. -- This patch solves two purposes: - We write a note that the ADSK key was used for decryption - We avoid running into a "oops: public key not found for preference check\n" due to ADSK keys. The error is mostly harmless but lets gpg return with an exit code of 2. Backported-from-master: 882ab7fef9bf4440900c32d7463469307224f11a
* speedo,w32: Update libassuan dll name in wxsAndre Heinecke2024-08-121-2/+2
| | | | | * build-aux/speedo/w32/wixlib.wxs: Update name and UID for libassuan
* agent: Fix an unitialized variable in an error path.Werner Koch2024-08-081-1/+1
| | | | | | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Init FP. -- With Fixes-commit: 3b69d8bf7146b8d10737d0cfea9c97affc60ad73 we took a shortcut but forgot to init FP which is usually set after the new check. At least in the AppImage this always triggered a segv and gpg or Kleopatra had to restart the agent. Not a problem in 2.4 becuase this code is a hack we don't need in 2.4 due to that new ephemeral key storing feature. GnuPG-bug-id: 6944
* common: Allow building with libgpg-error < 1.47Werner Koch2024-08-081-0/+5
| | | | | | | | | * common/util.h (GPG_ERR_BAD_RESET_CODE): New replacement. (GPG_ERR_NO_RESET_CODE): New. (GPG_ERR_BAD_PUK): New. -- But as least 1.38 is required. Tested with 1.42
* common: Add missing file to repoWerner Koch2024-08-081-0/+827
| | | | | -- Fixes-commit: 0dcd1504babb4b98898f7bd738d7aaa1e4a73a05
* sm: More improvements for PKCS#12 parsing for latest IVBB changes.Werner Koch2024-08-073-887/+306
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/tlv.h (TLV_PARSER_FLAG_T5793): New. (tlv_parser_new): New macro. Rename function with an underscore. (tlv_next_with_flag): New. * common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer. Add fields crammed, lasttlv, and origoff. Remove bufferlist ands ist definition. (dump_to_file): New but disabled debug helper. (parse_tag): Print more info on error. (_tlv_parser_new): Add args lasttlv and LNO. Take a copy of the data. (_tlv_parser_release): Free the copy of the buffer and return the recorded TLV object from tlv_parser_new. (_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove. (_tlv_push): Record crammed length. (_tlv_pop): Restore crammed length. (_tlv_parser_next): Add arg flags. More debug output. Handle cramming here. Take care of cramming here. (tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next. (tlv_expect_octet_string): Remove arg encapsulates. Adjust for changes in _tlv_parser_next. Change all allers. (tlv_expect_null): New. (cram_octet_string): Rewrite. (need_octet_string_cramming): Remove. * sm/minip12.c (dump_to_file): New. Enable in debug mode and if an envvar ist set. Replace all explict but disabled dumping to call this function. (parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an optional SET by non-peeking code. (parse_cert_bag): Ditto. (parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code. (parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to enable the Mozilla workaround. (parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new tlv_parser_release semantics. (parse_shrouded_key_bag): Ditto. (parse_shrouded_key_bag): Create a new context instead of using the former encapsulated mechanism for tlv_expect_octet_string. (parse_bag_data): Ditto. (p12_parse): Ditto. * common/tlv-parser.c: New * common/Makefile.am: Add new file. -- GnuPG-bug-id: 7213 Backported-from-master: 690fd61a0cf2b4b51ee64811656692eb644d2918 This backport required to introduce the new tlv-parser.c file and remove most source copied stuff from minip12.c. Thus the above ChangeList is not fully correct.
* scd: New getinfo subcommand "manufacturer"Werner Koch2024-08-073-15/+24
| | | | | | | | | | | | | | | * scd/command.c (cmd_getinfo): Add subcommand "manufacturer". * scd/app-openpgp.c (get_manufacturer): Rename to ... (app_openpgp_manufacturer): this and make global. -- Example: $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye D Magrathea OK Backported-from-master: a8cef7ebc2b8c3aa1477b61fecfaa8e5d63446d7
* doc: Fix URL to the OpenPGP card specsWerner Koch2024-08-071-3/+2
| | | | --
* gpg: Rename recently added import option no-seckeys to only-pubkeys.Werner Koch2024-06-244-8/+8
| | | | | | | | | * g10/import.c (parse_import_options): Rename option. * g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS. Change all users. -- GnuPG-bug-id: 7146
* gpg: Add --import-option "no-seckeys".Werner Koch2024-06-112-0/+5
| | | | | | | * g10/import.c (parse_import_options): Add "no-seckeys". -- GnuPG-bug-id: 7146
* gpg: Do not bail out on secret keys with an unknown algoWerner Koch2024-06-111-0/+2
| | | | | | | | | * g10/getkey.c (lookup): Skip keys with unknown algos. -- If the local store has private keys with an algorithm not supported by thi version of gpg, gpg used to bail out. Thus decryption of proper messages was not possible. This fix skips such secret keys.
* gpg: Do not show RENC if no key capabilities are found for a key.Werner Koch2024-06-052-2/+9
| | | | | | | * g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New. * g10/getkey.c (merge_selfsigs_subkey): Mask the default. (merge_selfsigs_main): Ditto. --
* gpgsm: Avoid double free when checking rsaPSS signatures.Jakub Jelen2024-05-291-2/+0
| | | | | | | | | | | | * sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on error. Its owned and freed by the caller. -- This is part of GnuPG-bug-id: 7129 Signed-off-by: Jakub Jelen <[email protected]> Fixes-commit: 969abcf40cdfc65f3ee859c5e62889e1a8ccde91 (cherry picked from commit dcb0b6fd4822107d68bcb046d4d0650d02c82522)
* agent: Avoid uninitialized access in GENKEY command on parameter error.Jakub Jelen2024-05-291-2/+2
| | | | | | | | | | | | * agent/command.c (cmd_genkey): Moved init_membuf to the top. -- Signed-off-by: Jakub Jelen <[email protected]> This is part of GnuPG-bug-id: 7129 (cherry picked from commit 379fc5569d604c4a7b5f12b2bbfc4106893c2a9e)