| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (struct cdf_object_s): Add fields authid, authidlen,
and label.
(struct prkdf_object_s): Add field label.
(struct aodf_object_s): Ditto.
(release_cdflist): Free new fields.
(release_prkdflist): Free new field.
(release_aodf_object): Ditto.
(parse_common_obj_attr): Return the label.
(read_ef_prkdf): Store the label.
(read_ef_pukdf): Ditto.
(read_ef_cdf): Use parse_common_obj_attr and store authid and label.
Print them im verbose mode.
(read_ef_aodf): Store the label and print it.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
* sm/gpgsm.c: Include minip12.h.
(set_debug): Call p12_set_verbosity.
* sm/import.c (parse_p12): Dump keygrip only in debug mode.
* sm/minip12.c (opt_verbose, p12_set_verbosity): New.
(parse_bag_encrypted_data): Print info messages only in verbose mode.
--
GnuPG-bug-id: 4757
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (select_and_read_binary): Allow to skip the select.
(select_and_read_record): Return the statusword. Silence error
message for SW_FILE_STRUCT.
(select_ef_by_path): Fix selection with a home_DF.
(read_first_record): Fallback to read_binary for CardOS and return
info about this.
(read_ef_prkdf): Use info from read_first_record to decide whether to
use record or binary mode.
(read_ef_pukdf): Ditto.
(read_ef_aodf): Ditto.
(read_ef_cdf): Ditto. New arg cdftype for diagnostics.
(read_p15_info): Pass cdftype.
* scd/apdu.h (SW_FILE_STRUCT): New.
* scd/apdu.c (apdu_strerror): Map that one to a string.
* scd/iso7816.c (map_sw): and to a gpg-error.
|
| |
|
|
|
|
|
|
| |
* scd/command.c (do_readkey): Make --info also work if a readkey
command is available.
* scd/app-p15.c (cdf_object_from_certid): Fix a but introduced with
the previous commit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c: Add a couple of oid constants.
(struct cdf_object_s): Replace fields image and imagelen by cert.
(struct prkdf_object_s): Add extusage flags
(send_keypairinfo): Use them.
(cdf_object_from_certid): Factor parts out to ...
(cdf_object_from_objid): new function.
(read_ef_prkdf): Move info printing to ...
(read_p15_info): here. Fill the extusage flags.
(readcert_by_cdf): Cache the ksba cert object instead of the binary
cert.
* scd/app.c (select_additional_application): Fix a log_debug call.
(scd_update_reader_status_file): Ditto.
--
This allows us to return only KEYPAIRINFO lines for keys we can
actually use.
|
| |
|
|
|
| |
* sm/keylist.c (oidtranstbl): Add a couple of OIDs and mark them for
key usage.
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
--
gpg-wks-client is a pretty useful command on the command line.
Thus we now install it at bin and provide a compatibility wrapper.
|
| |
|
|
|
|
|
|
| |
* configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional.
* tools/Makefile.am (gpg_pair_tool_SOURCES): We build it always.
--
This is because we require libgcrypt 1.9 anyway.
|
| |
|
|
|
|
|
|
| |
* scd/app-common.h (APP_CARD): New. Use it in app-*.c to access
app->card.
--
This should help to make backporting to 2.2 easier.
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
--
Using "Botschaft" as we used to do is better than "Nachricht" as used
in tofu and some other places.
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
| |
* agent/call-pinentry.c (setup_genpin): Do not make the fallback
translatable.
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* build-aux/speedo.mk: Update from 2.2. Add target w32-msi-release.
* build-aux/speedo/w32/inst.nsi: Fix location of doc files.
* build-aux/speedo/w32/wixlib.wxs: Add gpg-card and fix a wrong name.
* Makefile.am (release): Support a WITH_MSI variable.
(wixlibfile): Improve copying to archive.
(release): Use AMTAR instead of TAR.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
extension.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
hostname - which is NULL and thus the same if not given. Fix minor
error in error code handling.
--
Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet
been officially regisetered. Thus for correctness the OID can be
used:
1.3.6.1.4.1.11591.2.5 LDAP URL extensions
1.3.6.1.4.1.11591.2.5.1 gpgNtds=1 (auth. with current user)
Note that the value must be 1; all other values won't enable AD
authentication and are resevered for future use.
This has been cherry-picked from the 2.2 branch,
commit 55f46b33df08e8e0ea520ade5f73b321bc01d705
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* m4/gpg-error.m4: Update from libgpg-error.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* m4/gpg-error.m4: Update from libgpg-error.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* m4/gpg-error.m4: Update from libgpg-error.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g13/Makefile.am (t_common_ldadd): Add GPG_ERROR_LIBS.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c: New option --allow-old-cipher-algos.
(set_compliance_option): Set --rfc4880bis explictly to SHA256 and
AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440.
* g10/options.h (opt): Add flags.allow_old_cipher_algos.
* g10/misc.c (print_sha1_keysig_rejected_note): Always print the note
unless in --quiet mode.
* g10/encrypt.c (setup_symkey): Disallow by default algos with a
blocklengt < 128.
(encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES.
* g10/pkclist.c (algo_available): Take care of old cipher also.
(select_algo_from_prefs): Use AES as implicit algorithm by default.
* tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos.
--
GnuPG-bug-id: 3415
|
| |
|
|
|
|
|
|
| |
* m4/gnupg-pth.m4: Remove.
* m4/libcurl.m4: Remove.
--
Both macros are not used for ages.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION
and set to 1.41.
* common/sysutils.c (gnupg_access): Remove code for older gpgrt
versions.
* kbx/backend-sqlite.c: Ditto.
* sm/gpgsm.c (main): Ditto.
--
We already have a requirement for a newer Libgcrypt and thus we can
also require a more recent libgpgrt (aka libgpg-error) which was
released before Libgcrypt.
|
| |
|
|
|
|
|
| |
* m4/Makefile.am (EXTRA_DIST): Remove isc-posix.m4
--
Fixes-commit: d66fb3aa53a6c4a815fe35a15e3c61886c5df628
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/symcryptrun.c: Remove.
* tools/Makefile.am: Ditto.
* doc/tools.texi: Remove man page.
* configure.ac: Remove build option and tests used only by this tool.
* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Do not build
symcryptrun.
--
symcryptrun is too ancient to be of any use and has not been tested in
many years. Thus we should not distribute it anymore.
|
| |
|
|
|
|
|
|
|
| |
* g10/getkey.c (pubkey_cmp): Handle the case of TRUST_EXPIRED.
--
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oPrintPKARecords): Remove.
(opts): Remove --print-pka-records.
(main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
* g10/options.h (EXPORT_DANE_FORMAT): Remove.
(VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
(KEYSERVER_HONOR_PKA_RECORD): Remove.
* g10/packet.h (pka_info_t): Remove.
(PKT_signature): Remove flags.pka_tried and pka_info.
* g10/parse-packet.c (register_known_notation): Remove
"[email protected]".
* g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
* g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
* g10/export.c (parse_export_options): Remove "export-pka".
(do_export): Adjust for this.
(write_keyblock_to_output): Ditto.
(do_export_stream): Ditto.
(print_pka_or_dane_records): Rename to ...
(print_dane_records): this and remove two args. Remove PKA printing.
* g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
pka_info field.
* g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
* g10/keyserver.c: Remove "honor-pka-record".
(keyserver_import_pka): Remove.
* g10/mainproc.c (get_pka_address): Remove.
(pka_uri_from_sig): Remove.
(check_sig_and_print): Remove code for PKA.
--
PKA (Public Key Association) was a DNS based key discovery method
which looked up fingerprint by mail addresses in the DNS. This goes
back to the conference where DKIM was suggested to show that we
already had a better method for this available with PGP/MIME. PKA was
was later superseded by an experimental DANE method and is today not
anymore relevant. It is anyway doubtful whether PKA was ever widely
used.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/gpgcompose.c: Remove
--
This tool duplicated a lot of code and was hard to maintain. IIRC, it
was part of some Univerity assignment and of no real use anymore.
|
| |
|
|
|
|
|
|
|
| |
* g10/options.h (IMPORT_DROP_UIDS, EXPORT_DROP_UIDS): Remove.
* g10/import.c (parse_import_options): Remove option import-drop-uids.
(import_one_real): Remove drop uids code.
(remove_all_uids): Remove function.
* g10/export.c (parse_export_options): Remove option export-drop-uids.
(do_export_one_keyblock): Remove drop uids code.
|
| |
|
|
|
| |
* tools/gpg-card.c (list_p15): New.
(list_card): Call it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (pukdf_object_t): New.
(struct app_local_s): Add field public_key_info.
(release_pukdflist): New.
(select_and_read_record): No diagnostic in case of not_found.
(read_first_record): New. Factored out from the read_ef_ fucntions.
(read_ef_pukdf): New. Basically a copy of read_ef_prkdf for now.
(read_p15_info): Also read the public keys.
(cardtype2str): New.
(read_ef_tokeninfo): Print a string with the cardtype.
|
| |
|
|
|
|
|
|
|
|
| |
* sm/keylist.c (OID_FLAG_KP): New.
(key_purpose_map): Merge into ...
(oidtranstbl): this.
(get_oid_desc): New arg 'matchflag'. Use function in place of direct
access to key_purpose_map.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--
This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant. GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c: Include host2net.h.
(DEFAULT_HOME_DF): New.
(select_and_read_binary): Replace slot by app. Change callers. Use
select_ef_by_path.
(select_and_read_record): ditto.
(select_ef_by_path): Make use use the home_df.
(parse_certid): Adjust for always set home_df.
(print_tokeninfo_tokenflags): Ditto.
(app_select_p15): Take the home_df from the FCI returned by select.
--
This uses modern APDUs and always selectd starting at the PCKS-15 home
DF. We could have made this much simpler but the goal is to keep
support for older cards although we can't test that easily.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* scd/apdu.h (SW_NO_CURRENT_EF): New.
--
This merely to show better diagnostics.
Used for example by CardOS 5.3.
|
| |
|
|
|
|
|
| |
* scd/app-p15.c (read_ef_prkdf): Fix detection of unsupported key
objects. Factor some code out to ...
(parse_common_key_attr): new.
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
algorithm.
--
Trying to encrypt data created with
printf "\x8c\x49\x05\x0e\x0a\x03\x01"
fails in version 2.2.19 with
gpg: packet(3) with unknown version 5
but with later versions with
gpg: encrypted with unknown algorithm 14
gpg: Ohhhh jeeee: ... this is a bug \
([...]/passphrase.c:433:passphrase_to_dek)
so we better catch this case earlier.
Reported-by: Tavis Ormandy
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* scd/app-p15.c (parse_common_obj_attr): New.
(read_ef_prkdf): Use new function.
(read_ef_aodf): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/iso7816.c (iso7816_select_path): Add arg from_cdf.
* scd/app-nks.c (do_readkey): Adjust for this change.
* scd/app-p15.c (CARD_TYPE_CARDOS_53): New.
(IS_CARDOS_5): New.
(card_atr_list): Add standard ATR for CardOS 5.3.
(select_and_read_binary): Remove the fallback to record read hack.
(select_and_read_record): New.
(select_ef_by_path): Rework and support CardOS feature.
(read_ef_prkdf): Use read record for CardOS.
(read_ef_cdf): Ditto.
(read_ef_aodf): Ditto. Also fix bug in the detection of other
unsupported attribute types.
(verify_pin): Use IS_CARDOS_5 macro.
(app_select_p15): Force direct method for CardOS.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/session-env.c (session_env_list_stdenvnames): Extend to allow
return all names as one string.
* agent/command-ssh.c (SSH_REQUEST_EXTENSION): New.
(SSH_RESPONSE_EXTENSION_FAILURE): New.
(request_specs): Add handler for the extension command.
(ssh_handler_extension): New.
--
The extension mechanism is specified in
https://tools.ietf.org/html/draft-miller-ssh-agent-04
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app-p15.c (read_ef_tokeninfo): Print the ATR in verbose mode.
--
It is convenient to see the ATR close to the other info,
Signed-off-by: Werner Koch <[email protected]>
|
