aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* common: Incorporate upstream changes of regexp.NIIBE Yutaka2023-04-211-3/+6
| | | | | | | | | | | | | | * regexp/jimregexp.c (regatom): Raise REG_ERR_UNMATCHED_BRACKET when no matching end bracket. (regmatch): Fix the end of word check. -- Original changes: Signed-off-by: Steve Bennett <[email protected]> GnuPG-bug-id: 6455 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,p15: Enforce a min. PIN length for certain cards.Werner Koch2023-04-201-5/+10
| | | | * scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
* common: Fix minor bug in the jimregexp code.Werner Koch2023-04-201-2/+3
| | | | | | | | | | * regexp/jimregexp.c (regatom): Make error checking for stray backslash at end of the string work. Check that the pattern class is closed by a bracket. -- GnuPG-bug-id: 6455 Co-authored-by: Guldrelokk
* po: Fix in German translationEva Bolten2023-04-061-2/+2
| | | | --
* gpg: Take care not to encrypt with OCB in de-vs modeWerner Koch2023-04-061-0/+4
| | | | | * g10/encrypt.c (use_aead): In de-vs mode use OCB only if the compatibility flag ist set.
* speedo: Fix regression due to switching from gcc 8.3 to 10.2Werner Koch2023-03-281-1/+5
| | | | * build-aux/speedo.mk (speedo_pkg_zlib_make_args): Use -static-libgcc.
* build: Remove obsolete --with-regex from autogen.rcWerner Koch2023-03-271-1/+0
| | | | | | | -- We always use the included regex library. This patch avoids a warning when building for Windows.
* doc: Remove the obsolete VS-NfD.prfWerner Koch2023-03-274-30/+1
| | | | | | -- The apply-profile thing is not anymore used.
* gpg,gpgsm: Extend the use of allow-ecc-encr and vsd-allow-ocbWerner Koch2023-03-242-1/+6
| | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Set OCB only with VSD compatibility flag. * sm/certreqgen.c (proc_parameters): All ECC generation only with allow-ecc-encr. --
* gpgtar: Do not allow the use of stdout for --status-fdWerner Koch2023-03-151-2/+6
| | | | | | | | | | | * tools/gpgtar.c (main): Don't allow logging via the Registry. Forbid using stdout for status-fd in crypt mode. -- Without that check a status output would be mixed up with the input to the internal call of gpg. Using the Registry key to enable logging is very annoying.
* gpgtar: Print a result status with skipped files.Werner Koch2023-03-154-11/+70
| | | | | | | * tools/gpgtar.h (struct tarinfo_s): Add new fields. * tools/gpgtar-extract.c (check_suspicious_name): Add arg info. (extract_regular): Count files. (gpgtar_extract): Print stats.
* gpgtar: Emit progress status lines in create mode.Werner Koch2023-03-154-13/+142
| | | | | | | | | | | | | | | | | | * tools/gpgtar.h (opt): Add field status_stream. * tools/gpgtar.c (main): Set status_stream. * tools/gpgtar-create.c (global_header_count): Rename to global_total_files. (global_written_files): New. (global_total_data, global_written_data): New. (struct scanctrl_s): Add field file_count. (write_progress): New. (write_file): Add arg skipped_open. Don't bail out immediatly on open error. Write progress lines. (gpgtar_create): Write progress lines. Print info aout skipped files. -- GnuPG-bug-id: 6363 (cherry picked from commit f84264e8acf742793c73ce78491cab61fac37051)
* gpg: Delete secret key after "keytocard".Werner Koch2023-03-153-9/+48
| | | | | | | | | | | | | | * g10/card-util.c (card_store_subkey): Add arg processed_keys. * g10/keyedit.c (keyedit_menu): Delete secret key. -- This used to work using the gpg-agent: learn we called at "save" time. However, the recent change inhibited the creation of a shadow key by learn if a regular key still exists. Now we do an explicit delete key at save time. This syncs the behaviour with the description of the man page. GnuPG-bug-id: 6378
* scd,openpgp: Switch key attributes between RSA and ECC in writekey.Werner Koch2023-03-142-6/+32
| | | | | | | | | | | | | | * common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private keys. (pubkey_algo_string): Ditto. * scd/app-openpgp.c (do_writekey): Switch key attributes -- The scd WRITEKEY command for OpenPGP cards missed proper support to aautomagically switch key attributes based on the new key. We had this only in GENKEY. GnuPG-bug-id: 6378
* gpg: Allow no version information of YubikeyWerner Koch2023-03-141-1/+2
| | | | | | | | * g10/call-agent.c (learn_status_cb): Set is_v2 always for Yubikeys. -- GnuPG-bug-id: 5100, 6378 Backported-from-master: 1cd615afe3010d2c3919de489d7c9a78513c8694
* agent: Do not overwrite a key file by a shadow key file.Werner Koch2023-03-141-157/+126
| | | | | | | | | | | | | | | * agent/findkey.c: Remove assert.h and use log_assert all over the file. (fname_from_keygrip): Add arg for_new. (is_shadowed_key): New. (agent_write_private_key): Rewrite to use read, write to new file, rename pattern. Ignore attempts to overwrite a regular key file by a shadow key file. (read_key_file): Move all cleanup code to the end of the function. -- GnuPG-bug-id: 6386 I am not shure whether we should allow overwriting with FORCE set.
* agent: Make --disable-extended-key-format a dummy option.Werner Koch2023-03-1312-449/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Remove enable_extended_key_format. * agent/gpg-agent.c (enum cmd_and_opt_values): Turn oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy options. * agent/protect.c (do_encryption): Remove arg use_ocb and corresponding code. (agent_protect): Ditto. Change all callers. * agent/command.c (cmd_readkey): Do not test for key availability here but defer that agent_write_shadow_key. * agent/findkey.c (agent_write_private_key): Simplify due to the removal of disable-extended-key-format. (write_extended_private_key): Fold into agent_write_private_key. Remove the maybe_update arg. (agent_write_shadow_key): Ditto. Simplify. -- GnuPG-bug-id: 6386 Backported-from-master: 6d792ae2eb46b3c411d36a87f0d08fbfc1b65cc9 But with large changes to get 2.2 more aligned with master again. This is not finished; in particular the bug is not fixed; this comes wit the next patch.
* gpgconf,w32: Also print a GnuPG Install Directory Registry entryWerner Koch2023-03-131-1/+2
| | | | * tools/gpgconf.c (show_other_registry_entries): Add another dir.
* scd: Fix checking memory allocation.NIIBE Yutaka2023-03-081-1/+1
| | | | | | | | * scd/app-openpgp.c (read_public_key): Fix the memory. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add translatable text for Caps Lock hintIngo Klöcker2023-03-071-0/+1
| | | | | | | | * agent/call-pinentry.c (start_pinentry): Add new default text. -- GnuPG-bug-id: 4950 (cherry picked from commit b2a6e5b5169602052ae87d38588bdd3bd76fddad)
* gpg: Implement encryption to ADSKs.Werner Koch2023-03-036-24/+54
| | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_fromfile): Add optional arg r_keyblock. * g10/pkclist.c (find_and_check_key): Also encrypt to RENC subkeys. * g10/getkey.c (parse_key_usage): Make public. * g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in account. * g10/packet.h (PKT_public_key): Change pubkey_usage from byte to u16. (PKT_user_id): Cosmetic fix: change help_key_usage from int to u16. * g10/sig-check.c (check_signature_metadata_validity): Handle time conflict for ADSKs. -- GnuPG-bug-id: 6395 This patch handles ADSK keys and encrypts to them. It does not yet allow the creation of them. We backport this from master early to get this part of the code out into the field.
* gpg: Get the signature keyid from the issuer fpr.Werner Koch2023-03-031-2/+15
| | | | | | | | | | | | * g10/parse-packet.c (parse_signature): Parse the ISSUER_FPR subpacket and use that to get the keyid. -- Because ADSKs are created w/o the issuer subpacket (despite that this is still a v4 signature) we need to get the key id from the issuer_fpr. This does not harm and we still fallback to the the issuer. Note that for ease of future backporting we also take v5 fingerprints into account.
* gpg: Support key flags for RENC, TIME, and GROUP.Werner Koch2023-03-037-3/+58
| | | | | | | | | | | | | | | | | | * g10/packet.h (PUBKEY_USAGE_RENC): New. (PUBKEY_USAGE_TIME): New. (PUBKEY_USAGE_GROUP): New. * g10/getkey.c (parse_key_usage): Set the new key flags. * g10/keyedit.c (show_key_with_all_names_colon): Show the new key flags. * g10/keyid.c (usagestr_from_pk): Ditto * g10/keylist.c (print_capabilities): Ditto. * g10/keygen.c (parse_usagestr): Parse line and set new flags. (quickgen_set_para): Show flags. -- See draft-koch-openpgp-2015-rfc4880bis-00 for the current version. Actually these flags have been in the draft for years now. This patch is a first step to make use of them.
* gpgconf: Print some standard envvars with -XWerner Koch2023-02-281-0/+18
| | | | | | | | | * tools/gpgconf.c (show_configs): Add a list of envvars and print them. -- Note that for simplicity we to not distinguish between Windows and Linux here.
* gpgsm: Improve cert lookup callback from dirmngr.Werner Koch2023-02-263-5/+13
| | | | | | | | | | | | | | | | | * sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New. (FIND_CERT_WITH_EPHEM): New. * sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a generic flags arg. Implement the new flag FIND_CERT_WITH_EPHEM. * sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked certs. -- The dirmngr may need to get a certificate from gpgsm's store in the course of verifying a CRL. In some cases the certificate is still marked as epehemeral - this needs to be returned as well. This _may_ also fix GnuPG-bug-id: 4436
* sm: Fix issuer certificate look error due to legacy error code.Werner Koch2023-02-248-101/+115
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/certchain.c (find_up): Get rid of the legacy return code -1 and chnage var name rc to err. (gpgsm_walk_cert_chain): Change var name rc to err. (do_validate_chain): Get rid of the legacy return code -1. * sm/keydb.c (keydb_search): Replace return code -1 by GPG_ERR_NOT_FOUND. (keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND. * sm/certchain.c (find_up_search_by_keyid): Ditto. (find_up_external, find_up, find_up_dirmngr): Ditto. (gpgsm_walk_cert_chain): Ditto. (get_regtp_ca_info): Ditto. * sm/certlist.c (gpgsm_add_to_certlist): Ditto. (gpgsm_find_cert): Ditto. * sm/delete.c (delete_one): Ditto. * sm/export.c (gpgsm_export): Ditto. (gpgsm_p12_export): Ditto. * sm/import.c (gpgsm_import_files): Ditto. * sm/keylist.c (list_cert_colon): Ditto. (list_internal_keys): Ditto. * sm/sign.c (add_certificate_list): Ditto. -- This bug was detected while fixing GnuPG-bug-id: 4757 Backported-from-master: 473b83d1b9efe51fcca68708580597dddf3f50b7 Some extra code has been taken from commit ed6ebb696e4063dc664d7ee74fc492025881c459
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2023-02-172-1/+131
| | | | | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. -- Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: eba2563dabbb4f61537900289fbe3ae113904733 Backported-from-master: 43bbc25b0f57dec24412886ff46041e0b1f3de26
* scd:p15: Add pre-check for ascii-numeric PINs.Werner Koch2023-02-171-3/+11
| | | | | | | * scd/app-p15.c (verify_pin): ascii-numeric is different than BCD. (cherry picked from commit 029924a46e08ffcda038d89f06abfb41c980a9ad) Added a few typo fixes.
* scd:p15: Use APP_CARD macro at some other places.Werner Koch2023-02-171-4/+4
| | | | | | -- This makes back porting easier.
* scd: Improve reading of binary records.Werner Koch2023-02-173-10/+5
| | | | | | | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the same as 6b00. * scd/apdu.c (apdu_get_atr): Modify debug messages. * scd/app-p15.c (app_select_p15): Print FCI on error. (read_p15_info): Clean up diag in presence of debug options. -- Some cards return 6a86 instead of 6b00. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 44f977d0e332e77fb8a775c4837c00118bbe08cb
* scd:p15: Handle cards with bad encoded path objects.Werner Koch2023-02-171-9/+13
| | | | | | | | | | * scd/app-p15.c (read_ef_prkdf, read_ef_pukdf) (read_ef_cdf, read_ef_aodf): Allow for a zero length path and correctly skip unsupported auth types. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 7a8545c91b09277b0833dc0e5881ba5d1c8dbca3
* gpg: --gen-random code cleanup by using es_set_binary.Werner Koch2023-02-163-4/+4
| | | | | | | | | | | * g10/gpg.c (main): Replace setmode by es_set_binary and use only when needed. -- It is better to use our es_set_binary than to use a Windows specific method which still worked but is fragile because estream might be changed. We now set binary only when needed. Note that it does not harm to call es_set_binary more often than needed.
* agent: Do not consider --min-passphrase-len for the magic wand.Werner Koch2023-02-163-14/+38
| | | | | | | * agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets. * g10/gpg.c (main) <aGenRandom>: Add Level 30. (cherry picked from commit ae2f1f0785e429d6dbb577a1fcf9a880aaff8e49)
* gpg: Add level 16 to --gen-randomWerner Koch2023-02-161-32/+45
| | | | | | | | | | | | * g10/gpg.c (main): Add that hack. -- This is an yet undocumented hack to allow printing hex encoded random number with gpg. The level is forced to be 1 which is is good for almost all uses. Note that --armor is ignored. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: d847f0651ab4304129145b55353501636b4e4728
* gpg: Make "--list-options show-sig-subpackets=n,m" work again.Werner Koch2023-01-311-4/+11
| | | | | | | * g10/gpg.c (parse_list_options): Set value for show-sig-subpackets. -- Fixes-commit: b6ba7054a04a759ea690c1b1bdc023acd9214fe2
* gpgtar: Fix parent directory creation bugWerner Koch2023-01-261-0/+3
| | | | | * tools/gpgtar-extract.c (extract_directory): Ignore EEXIST on parent directory creation.
* gpgtar: Allow decryption from stdin.Werner Koch2023-01-262-19/+20
| | | | | | | | * tools/gpgtar.c (main): Revamp switch and fix usage test for aDecrypt and aList. -- GnuPG-bug-id: 6355
* po: Update Japanese Translation.NIIBE Yutaka2023-01-261-25/+15
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Replace --override-compliance-check by a real fix.Werner Koch2023-01-205-32/+8
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA. * g10/gpg.c (oOverrideComplianceCheck): Remove. (opts): Turn --override-compliance-check into a dummy option. * g10/options.h (opt): Remove override_compliance_check. * g10/sig-check.c (check_key_verify_compliance): Remove use of that option. -- The introduction of --override-compliance-check actually hid the real cause for the signature verification problem in de-vs mode for the Ed25519 key. The real fix is to handle the EdDSA algorithm in gnupg_pk_is_allowed. Fixes-commit: 773b8fbbe915449c723302f5268d7906b40d84d3 GnuPG-bug-id: 5655
* gpg: Do not require --status-fd along with --require-compliance.Werner Koch2023-01-201-1/+1
| | | | | * g10/mainproc.c (check_sig_and_print): Do not check whether status is enabled when checking compliance.
* common: Detect PNG and JPEG file formats.Werner Koch2023-01-191-6/+24
| | | | | | | * common/miscellaneous.c (is_file_compressed): Add detect code. -- GnuPG-bug-id: 6332
* gpg: Detect already compressed data also when using a pipe.Werner Koch2023-01-199-344/+488
| | | | | | | | | | | | | | | | | | | | | | | | | * common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature. (file_filter): Implement peeking. (iobuf_ioctl): Add new IOBUF_IOCTL_PEEK. * common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New. * common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF. * g10/encrypt.c (encrypt_simple): Peek before detecting compression. (encrypt_crypt): Ditto. * g10/sign.c (sign_file): Also detect already compressed data. * g10/options.h (opt): Add explicit_compress_option. * g10/gpg.c (main): Set opt.explicit_compress_option for -z. -- Note that this patch also introduces a compression check for signing which was never done in the past. GnuPG-bug-id: 6332 Backported-from-master: 60963d98cfd8e60f88ee43c2d992f6dd3bbbd74c Note that sign.c (sign_file) has been re-indented to ease future backports.
* common: Replace all assert in iobuf by log_assert.Werner Koch2023-01-191-32/+32
| | | | --
* gpgtar: Make --status-fd option for fds > 2 workWerner Koch2023-01-193-3/+15
| | | | | | | | | | | | | * tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in spawn. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- Note that this fix does not handle file descripotors passed via the --gpg-args options. GnuPG-bug-id: 6348
* Update copyright noticesWerner Koch2023-01-164-5/+5
| | | | --
* scd:openpgp: Allow auto-changing of the key attributes in genkey.Werner Koch2023-01-133-69/+215
| | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add field keyalgo. (parse_algorithm_attribute): Store the new keyalgo field. (change_keyattr): Change info message. (change_keyattr_from_string): Rewrite to also accept a keyref and a keyalgo string. (do_genkey): Change the keyattr if a keyalgo string is given. * scd/command.c (cmd_genkey): Add option --algo. -- Having this feature makes it easier to use OpenPGP cards in a similar way to other cards. Note that the explicit changing via SETATTR is still supported. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d7d75da50543bc7259c5a6e6367b58cbca7f1b7b) (cherry picked from commit b349adc5c0d00d2fc405a45bd078f1580b5610cc)
* common: New function get_keyalgo_string.Werner Koch2023-01-134-6/+240
| | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (struct keyalgo_string_s): New. (keyalgo_strings): New. (keyalgo_strings_size, keyalgo_strings_used): New. (openpgp_oid_or_name_to_curve): New. (get_keyalgo_string): New. -- This function is intended as a more general version of gpg's pubkey_string function. It has the advantage to avoid mallocs and uses static table of algorithm strings instead. There should be only a few dozen of such strings (if at all) and thus all those allocations we do internally in gpg's pubkey_string and the static buffers all over the place are not too nice. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3a1fa13eedb969b561bae18cd3d7c2fb0b63d6ab) (cherry picked from commit 332a72f7340895e7db1e9c5f89046f722bb7465b)
* scd: Return CARDTYPE, CARDVERSION, and APPVERSION.Werner Koch2023-01-131-2/+31
| | | | | | * scd/app.c (strcardtype): New. (app_write_learn_status): Return more info. (app_getattr): Allow for CARDTYPE.
* sm: Support generation of card-based ECDSA CSR.Damien Goutte-Gattat via Gnupg-devel2023-01-131-16/+43
| | | | | | | | | | | | | | | | | | * sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key and format resulting S-expression accordingly. -- Current GpgSM implementation assumes card-based keys are RSA keys. This patch introduces support for ECDSA keys. GnuPG-bug-id: 4092 Signed-off-by: Damien Goutte-Gattat <[email protected]> (cherry picked from commit 74e9b579ca273fc07be090bb5fb7800a97b1b452) - Removed already applied changes from the original commit. - Allow for SHA384 and SHA512 Signed-off-by: Werner Koch <[email protected]>
* sm: Fix regression due to the new ECC cert generationWerner Koch2023-01-131-1/+5
| | | | | | | * sm/certreqgen.c (create_request): Also set SIGKEYLEN. -- Fixes-commit: ed62b74a175ef092fd3ac8b2d54b3213fe56af5b
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 08:28:25 +0000