aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* scd: One new and one improved 7816 function.Werner Koch2019-01-226-27/+90
| | | | | | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): New arg R_SW. * scd/command.c (cmd_apdu): Ditto. * scd/iso7816.c (iso7816_apdu_direct): New arg R_SW. (iso7816_general_authenticate): New. * scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new arg. -- iso7816_general_authenticate will be used for the PIV card support. The new arg to iso7816_apdu_direct and apdu_send_direct allows to get the raw status word back without the need to handle an output buffer. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70bb5c7931598590b1acfae90bf4657f5911d2d3)
* ssh: Simplify the curve name lookup.Werner Koch2019-01-221-84/+54
| | | | | | | | | | | | | | | | | | | | | | * agent/command-ssh.c (struct ssh_key_type_spec): Add field alt_curve_name. (ssh_key_types): Add some alternate curve names. (ssh_identifier_from_curve_name): Lookup also bey alternative names and return the canonical name. (ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve instead of the explicit mapping. (ssh_receive_key): Likewise. Use ssh_identifier_from_curve_name to validate the curve name. Remove the reverse mapping because since GnuPG-2.2 Libgcrypt 1.7 is required. (ssh_handler_request_identities): Log an error message. -- This change will make it easier to support other curves, in particular those from tokens. Libgcrypt has a large list of alias names which we now use to to make the mapping more flexible. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d93797c8a7892fe26672c551017468e9f8099ef6)
* gpg: Stop early when trying to create a primary Elgamal key.Werner Koch2019-01-221-0/+7
| | | | | | | | | | | | | | * g10/misc.c (openpgp_pk_test_algo2): Add extra check. -- The problem is that --key-gen --batch with a parameter file didn't detect that Elgamal is not capable of signing and so an error was only triggered at the time the self-signature was created. See the code comment for details. GnuPG-bug-id: 4329 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8)
* scd: Fix for USB INTERRUPT transfer.NIIBE Yutaka2019-01-161-2/+1
| | | | | | | | | | | | | | | | | * scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE, just handle this event as failure. -- Cherry-picked from master commit: 5ab3bc422a5cc1a646c168b547f2b6538b3a4ffa It used to try another interrupt transfer request to make sure if it fails again. GnuPG-bug-id: 4308 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix message for ACK button.NIIBE Yutaka2018-12-191-13/+35
| | | | | | | | | | | * agent/divert-scd.c (getpin_cb): Display correct message. -- Cherry-picked master commit of: 4ed941ff26783c4fabfe2079029f8e436eb7e340 Signed-off-by: NIIBE Yutaka <[email protected]>
* Silence compiler warnings new with gcc 8.Werner Koch2018-12-182-5/+24
| | | | | | | | | | | | * dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc. * tests/gpgscm/scheme.c: Include gpgrt.h. (Eval_Cycle): Ignore -Wimplicit-fallthrough. -- The funny use of case and labels in the CASE macro seems confuse the fallthrough detection. Signed-off-by: Werner Koch <[email protected]>
* wks: Do not use compression for the encrypted data.Werner Koch2018-12-182-0/+2
| | | | | | | | | | | | | | | | | | | * tools/gpg-wks-client.c (encrypt_response): Add arg -z0. * tools/gpg-wks-server.c (encrypt_stream): Ditto. -- If for example a server was built without the development packages of the compression libraries installed, the server will not be able to decrypt a request. In theory this can't happen due to the preference system but it is just to easy to create the server's key using a different version of gpg and then use gpg-wks-server built differently. For the short messages we exchange compression is not really required and thus we better do without to make the system more robust. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70a8db0333e3c22403b3647f8b5f924f6dace719)
* po: Update Japanese translation.NIIBE Yutaka2018-12-181-3/+2
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Support "acknowledge button" feature.NIIBE Yutaka2018-12-187-1/+97
| | | | | | | | | | | | | | | | | | * scd/apdu.c (set_prompt_cb): New member function. (set_prompt_cb_ccid_reader): New function. (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader. (apdu_set_prompt_cb): New. * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb. * ccid-driver.c (ccid_set_prompt_cb): New. (bulk_in): Call ->prompt_cb when timer extension. * scd/command.c (popup_prompt): New. -- Cherry-picked master commit of: 7a5a4c4cac8709f7c413e94cd0b40f4123baa1e5 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Support --ack option for POPUPPINPADPROMPT.NIIBE Yutaka2018-12-181-1/+1
| | | | | | | | | | | | | | | | | | * agent/divert-scd.c (getpin_cb): Support --ack option. -- Cherry-picked master commit of: 827529339a4854886dbb5625238e7e01013efdcd We are now introducing "acknowledge button" feature to scdaemon, so that we can support OpenPGPcard User Interaction Flag. We will (re)use the mechanism of POPUPPINPADPROMPT for this. Perhaps, we will change the name of POPUPPINPADPROMPT, since it will be no longer for PINPAD only. Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2018-12-142-1/+5
| | | | --
* Release 2.2.12gnupg-2.2.12Werner Koch2018-12-142-9/+38
|
* po: Auto-updateWerner Koch2018-12-1426-318/+472
| | | | --
* New simplified Chinese translationChuhao Li2018-12-141-4271/+2609
| | | | | | | | -- Signed-off-by: Werner Koch <[email protected]> This is a complete rework of the original file from 1.4.
* agent: Make the S2K calibration time runtime configurable.Werner Koch2018-12-114-9/+43
| | | | | | | | | | | | | | | | | | | * agent/protect.c (s2k_calibration_time): New file global var. (calibrate_s2k_count): Use it here. (get_calibrated_s2k_count): Replace function static var by ... (s2k_calibrated_count): new file global var. (set_s2k_calibration_time): New function. * agent/gpg-agent.c (oS2KCalibration): New const. (opts): New option --s2k-calibration. (parse_rereadable_options): Parse that option. -- Note that using an unrelistic high value (like 60000) takes quite some time for calibration. GnuPG-bug-id: 3399 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit cbcc8c19541fe8407f3b6588fce1535c64cf6b25)
* agent: compile-time configuration of s2k calibration.Daniel Kahn Gillmor2018-12-112-4/+12
| | | | | | | | | | | * configure.ac: add --with-agent-s2k-calibration=MSEC, introduces AGENT_S2K_CALIBRATION (measured in milliseconds) * agent/protect.c (calibrate_s2k_count): Calibrate based on AGENT_S2K_CALIBRATION. Signed-off-by: Daniel Kahn Gillmor <[email protected]> GnuPG-bug-id: 3399 (cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549)
* dirmngr: Retry another server from the pool on 502, 503, 504.Werner Koch2018-12-111-7/+33
| | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg http_status and handle it. (ks_hkp_search): Get http_status froms end_request and pass on to handle_send_request_error. (ks_hkp_get): Ditto. (ks_hkp_put): Ditto. -- GnuPG-bug-id: 4175 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 05ef6282784495a77f4faf76c0de5bc85dfecf06)
* dirmngr: New function http_status2string.Werner Koch2018-12-112-0/+26
| | | | | | | | | | * dirmngr/http.c (http_status2string): New. -- Right now only the standard 5xx codes. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit dc61f4ecea5c9815cb00aeb25439978337c1fd64)
* gpg: In search-keys return "Not found" instead of "No Data".Werner Koch2018-12-111-1/+3
| | | | | | | | | * g10/keyserver.c (keyserver_search): Check for NO_DATA. -- GnuPG-bug-id: 3830 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e7252ae57f3c9da557f23295268f74dd25fee3a1)
* tools: Use POSIX compatible arguments for findTomi Leppänen2018-12-111-1/+1
| | | | * tools/addgnupghome (filelist): Remove bashism.
* scd: Make "learn" report about KDF data object.NIIBE Yutaka2018-12-062-0/+6
| | | | | | | | | | * scd/app-openpgp.c (do_learn_status): Report KDF attr. * g10/card-util.c (current_card_status): Output KDF for with_colons. -- Backport of master commit: 05d163aebc04db109ec5e004eb04a4b3796f6421 Signed-off-by: NIIBE Yutaka <[email protected]>
* card: Display if KDF is enabled or not.NIIBE Yutaka2018-12-063-2/+12
| | | | | | | | | | | * g10/call-agent.h (kdf_do_enabled): New field. * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available. * g10/card-util.c (current_card_status): Inform the availability. -- Cherry pick of master commit: a5542a4a702c2210facf58a98bc8d3d16089b6ab Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix memory leak for --card-status.NIIBE Yutaka2018-12-061-4/+3
| | | | | | | | | * g10/card-util.c (card_status): Release memory of serial number. -- Cherry pick of master commit: fe8b6339542f3b1228b5fd56fc710ea3b07a3a2b Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix print_pubkey_info new line output.NIIBE Yutaka2018-12-051-1/+1
| | | | | | | | | | | | | | | * g10/keylist.c (print_pubkey_info): Reverse the condition. -- This mistakes were introduced when replacing by estream. It resulted 'gpg --card-status' from a process with no controlling terminal fails. Fixes-commit: fb2ba98963beea249474f5d6d7345cf9b4b7f570 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit e154fba30ba0d5f29040a33f5c1b5c25b441b69f)
* gpg: New list-option "show-only-fpr-mbox".Werner Koch2018-12-054-1/+65
| | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. * g10/keylist.c (list_keyblock_simple): New. (list_keyblock): Call it. (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX mode. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49) * g10/keylist.c (list_keyblock_simple): Remove optional arg from mailbox_from_userid
* wks: Fix filter expression syntax flaw.Werner Koch2018-12-051-4/+10
| | | | | | | | | | | | | | * tools/wks-util.c (wks_get_key, wks_filter_uid): The filter expression needs a space before the value. (install_key_from_spec_file): Replace es_getline by es_read_line and remove debug output. -- A value of starting with '<' was considered an invalid operator due to our tokenization method. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0c36ec241d285545f286069843de4f663cd274a3)
* wks: Allow reading of --install-key arguments from stdin.Werner Koch2018-12-054-10/+81
| | | | | | | | | | * tools/wks-util.c (install_key_from_spec_file): New. (wks_cmd_install_key): Call it. * tools/gpg-wks-client.c (main): Allow --install-key w/o arguments. * tools/gpg-wks-server.c (main): Ditto. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
* wks: Create sub-directoriesWerner Koch2018-12-051-5/+25
| | | | | | | | * tools/wks-util.c (wks_compute_hu_fname): Stat and create directory if needed. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0)
* wks: Add new commands --install-key and --remove-key to the client.Werner Koch2018-12-052-0/+68
| | | | | | | | | | | | | | | * tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New. (opts): Add "--install-key", "--remove-key" and "-C". (parse_arguments): Parse them. (main): Check that the given directory exists. Implement the new commands. -- These commands maybe useful to prepare a WKD directory on a non-Unix box using the standard wks client. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 602b1909632925d5a2e0778c102d66109795c627)
* wks: Move a few server functions to wks-util.Werner Koch2018-12-053-309/+317
| | | | | | | | | | | | | | | | * tools/gpg-wks-server.c (write_to_file): Move to ... * tools/wks-util.c: here. * tools/gpg-wks-server.c (compute_hu_fname): Move to ... * tools/wks-util.c (wks_compute_hu_fname): here. * tools/gpg-wks-server.c (fname_from_userid): Move to ... * tools/wks-util.c (wks_fname_from_userid): here. * tools/gpg-wks-server.c (command_install_key): Move to ... * tools/wks-util.c (wks_cmd_install_key): here and change caller. * tools/gpg-wks-server.c (command_remove_key): Move to ... * tools/wks-util.c (wks_cmd_remove_key): here and change callers. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)
* g10/mainproc: disable hash contexts when --skip-verify is usedJussi Kivilinna2018-12-051-3/+8
| | | | | | | | | * g10/mainproc.c (proc_plaintext): Do not enable hash contexts when opt.skip_verify is set. -- Signed-off-by: Jussi Kivilinna <[email protected]> (cherry picked from commit 73e74de0e33bbb76300f96a4174024779047df06)
* common/iobuf: fix memory wiping in iobuf_copyJussi Kivilinna2018-12-051-1/+6
| | | | | | | | | * common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of first sizeof(char*) bytes. -- Signed-off-by: Jussi Kivilinna <[email protected]> (cherry picked from commit 654e353d9b20f10fa275e7ae10cc50480654f079)
* common: Use platform memory zeroing function for wipememoryJussi Kivilinna2018-12-053-21/+30
| | | | | | | | | | | | | | | | | | | | | * common/mischelp.h (wipememory): Replace macro with function prototype. (wipememory2): Remove. * common/mischelp.c (wipememory): New. * configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and remove duplicated checks. -- In new wipememory function, memory is cleared through platform provided secure memory zeroing function, SecureZeroMemory or explicit_bzero. If none of these is available, memset is called through volatile function pointer to so that compiler won't optimize away the call. Signed-off-by: Jussi Kivilinna <[email protected]> (cherry picked from commit 2a650772b4e1c78a4fd20bc88433930e5551fe9c)
* gpg: Improve error message about failed keygrip computation.Werner Koch2018-12-051-1/+6
| | | | | | | * g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc)
* dirmngr: Avoid possible CSRF attacks via http redirects.Werner Koch2018-11-237-95/+435
| | | | | | | | | | | | | | | | | | | | | * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path. (http_redir_info_t): New. * dirmngr/http.c (do_parse_uri): Set new fields. (same_host_p): New. (http_prepare_redirect): New. * dirmngr/t-http-basic.c: New test. * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect instead of the open code. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. -- With this change a http query will not follow a redirect unless the Location header gives the same host. If the host is different only the host and port is taken from the Location header and the original path and query parts are kept. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144)
* doc: Clarify use of clear and nodefault in the AKL.Werner Koch2018-11-212-2/+4
| | | | | | -- (cherry picked from commit e5c3a6999a374813134a9e68744444c25c3017f6)
* tools: Let gpg-zip print a deprecation warning.Werner Koch2018-11-151-0/+3
| | | | | | | -- GnuPG-bug-id: 4251 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add FLUSHCRLs commandAndre Heinecke2018-11-122-1/+18
| | | | | | | | | | | | | | | | | Summary: * dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache. * dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New. (register_commands): Add FLUSHCRLS. -- This allows it to flush the CRL cache of a running dirmngr server. This can be useful to debug / analyze CRL issues. GnuPG-Bug-Id: T3967 Differential Revision: https://dev.gnupg.org/D469 Signed-off-by: Andre Heinecke <[email protected]>
* Post release updates.Werner Koch2018-11-062-1/+5
| | | | --
* Release 2.1.11gnupg-2.2.11Werner Koch2018-11-061-7/+48
| | | | Signed-off-by: Werner Koch <[email protected]>
* po: Update Czech translationPetr Pisar2018-11-061-97/+67
| | | | --
* po: Update German translationWerner Koch2018-11-061-10/+7
| | | | --
* g10: Fix print_keygrip for smartcard.NIIBE Yutaka2018-11-061-1/+1
| | | | | | | | | * g10/card-util.c (print_keygrip): Use tty_fprintf. -- Reported-by: Joey Pabalinas <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* wks: New option --with-colons for gpg-wks-client.Werner Koch2018-11-054-68/+230
| | | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (opt): Add field with_colons. * tools/gpg-wks-client.c (oWithColons): New const. (opts, parse_arguments): Add option --with-colons. (main): Change aSupported to take several domains in --with-colons mode. (command_send): Factor policy getting code out to ... (get_policy_and_sa): New function. (command_supported): Make use of new function. -- In addition to this the --create command now also supports a submission address only in the policy file. That means the submission-address file is not anymore required and can be replaced by the policy file. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e3a1e80d13487c9336640a99b2f6d385d7d6f55c)
* speedo: Remove obsolete configure option of gpgme.Werner Koch2018-11-051-2/+2
| | | | | | | | | | | * build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove --disable-w32-qt option. -- This option is obsolete since GPGME 1.7 (in 2016) Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d7323bb2d957fbeb8192c0ecbd99b1d14d302912)
* speedo: Include Windows patch for gpgme 1.12.0Werner Koch2018-11-052-0/+37
| | | | | | | -- We don't want to do a release of gpgme right now, so we include just this minimal but important fix.
* dirmngr: In verbose mode print the OCSP responder id.Werner Koch2018-11-051-0/+27
| | | | | | | * dirmngr/ocsp.c (ocsp_isvalid): Print the responder id. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209)
* tools: Replace duplicated code in mime-maker.Werner Koch2018-11-053-62/+90
| | | | | | | | | | | | | | | | | | | | | | | | * tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from mime-maker.c. (rfc822_valid_header_name_p): New. Based on code from mime-maker.c. (rfc822_capitalize_header_name): New. Copied from mime-maker.c. (capitalize_header_name): Remove. Replace calls by new func. (my_toupper, my_strcasecmp): New. * tools/mime-maker.c: Include rfc822parse.h. (HEADER_NAME_CHARS, capitalize_header_name): Remove. (add_header): Replace check and capitalization by new functions. -- This is a straightforward change with two minor chnages: - In rfc822parse.c the capitalization handles MIME-Version special. - The check in mime-maker bow detects a zero-length name as invalid. my_toupper and my_strcasecmp are introduced to allow standalone use of that file. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f03928b16c4fb00077d22d8ec141575ef6d26913)
* gpg: Don't take the a TOFU trust model from the trustdb,Werner Koch2018-11-052-5/+27
| | | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. (create_version_record): Don't init as TOFU. (tdbio_db_matches_options): Don't indicate a change in case TOFU is stored in an old trustdb file. -- This change allows to switch between a tofu and pgp or tofu+pgp trust model without an auto rebuild of the trustdb. This also requires that the tofu trust model is requested on the command line. If TOFU will ever be the default we need to tweak the model detection via TM_AUTO by also looking into the TOFU data base, GnuPG-bug-id: 4134 (cherry picked from commit 150a33df41944d764621f037038683f3d605aa3f)
* gpg: Add new card vendorWerner Koch2018-11-051-0/+1
| | | | | | -- (cherry picked from commit 3c2ffd27f36dfe77005aa01005145904761d8743)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-14 21:37:10 +0000