aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* dirmngr: Support pseudo URI scheme "opaque".Werner Koch2021-05-267-18/+36
| | | | | | | | | | | | | | * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New. * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers to use the new macro for better readability. (do_parse_uri): Add pseudo scheme "opaque". (uri_query_value): New. -- This scheme can be used to convey arbitrary strings in a parsed_uri_t object. Signed-off-by: Werner Koch <[email protected]>
* po: Update Japanese Translation.NIIBE Yutaka2021-05-211-11/+7
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Release memory for RDRNAME.NIIBE Yutaka2021-05-211-0/+2
| | | | | | | | * scd/apdu.c (apdu_close_reader): Free RDRNAME field. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: avoid memory leaksJakub Jelen2021-05-202-14/+24
| | | | | | | | | | | | | | | | | | * scd/app-p15.c (send_certinfo): free labelbuf (do_sign): goto leave instead of return * scd/command.c (cmd_genkey): goto leave instead of return -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393 Modifified for this backport: * scd/command.c (cmd_genkey): Make it easier to read by replacing keyno with orig_line. Signed-off-by: Werner Koch <[email protected]>
* common: Avoid double-freeJakub Jelen2021-05-201-0/+1
| | | | | | | | | | * common/name-value.c (do_nvc_parse): reset to null after ownership change -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* Assorted memory leak fixes on the error code paths.Werner Koch2021-05-205-8/+23
| | | | | | | | | | | | | | | | | | -- These are taken from these commits: 98c52ae * card: Intialize pointer to avoid double free fc5fac8 * kbx: Avoid uninitialized read fa0771f * g10: Avoid memory leaks 25aa353 * dirmgr: Avoid double free 33a2362 * agent: Fix memory leaks e6132bc * sm: Avoid memory leaks and double double-free 2af7bb2 * g10: Fix memory leaks 0d2c1e9 * dirmgr: clean up memory on error code paths GnuPG-bug-id: 5393 Signed-off-by: Werner Koch <[email protected]>
* po: Updated the Russian translationWerner Koch2021-05-201-10/+6
| | | | | | -- Done with the help of Ineiev.
* po: Update Russian translation.Ineiev2021-05-191-18/+12
|
* dirmngr: For KS_SEARCH return the fingerprint also with LDAP.Werner Koch2021-05-191-48/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (extract_keys): Return the fingerprint if available. (ks_ldap_search): Ditto. (extract_keys): Make sure to free the ldap values also in corner cases. (my_ldap_value_free): New. (ks_ldap_get): Ditto. (ks_ldap_search): Ditto. (my_ldap_connect): Ditto. -- For background see these comments from gpgme: /* The output for external keylistings in GnuPG is different from all the other key listings. We catch this here with a special preprocessor that reformats the colon handler lines. */ /* The format is: pub:<keyid>:<algo>:<keylen>:<creationdate>:<expirationdate>:<flags> as defined in 5.2. Machine Readable Indexes of the OpenPGP HTTP Keyserver Protocol (draft). Modern versions of the SKS keyserver return the fingerprint instead of the keyid. We detect this here and use the v4 fingerprint format to convert it to a key id. We want: pub:o<flags>:<keylen>:<algo>:<keyid>:<creatdate>:<expdate>:::::::: */ Regarding the freeing of values: I was not able to find a specification stating it is okay to pass NULL to ldap_value_free, thus the new wrapper. Also add robustness measures in case ldap_get_value returns an empty array. GnuPG-bug-id: 5441 Signed-off-by: Werner Koch <[email protected]>
* po: Auto updatesWerner Koch2021-05-1825-2/+358
| | | | | | -- Also fixed two fuzzies in fr.po and it.po
* gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.Werner Koch2021-05-181-75/+21
| | | | | | | | | | * g10/call-dirmngr.c (record_output): Rewrite. -- Thou shalt not percent-escape for C-unescaping. Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7 Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Fix logic for appending product name to MANUFACTURER.Ingo Klöcker2021-05-181-2/+2
| | | | | | * scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if manufacturer_id does not already contain a bracket and if we have a product name.
* po: In German always use "Passwort" instead of "Passphrase".Werner Koch2021-05-171-71/+79
| | | | | | | | | | | | | | | -- This is a several decade old debate how to name this. Meanwhile in Germany it seems to be more clean to use the term "Passwort" instead of "Passphrase" (or that "Mantra" thing). It is easier to explain to users that a password may include spaces etc than to to explain the difference between passphrase and password. So let's keep the things in the code as is but change the translations. Signed-off-by: Werner Koch <[email protected]>
* gpg: Use a more descriptive prompt for symmetric decryption.Werner Koch2021-05-177-17/+35
| | | | | | | | | | | * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New. (passphrase_to_dek_ext): Remove this obsolete prototype. * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag value. (passphrase_to_dek): Add arg flags and pass it on. * g10/mainproc.c (proc_symkey_enc): Use new flag. Signed-off-by: Werner Koch <[email protected]>
* sm: Ask for the password for password based decryption (pwri)Werner Koch2021-05-173-6/+25
| | | | | | | | | | | | | | | | * sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase. * sm/export.c (export_p12): Mark string as translatable. * sm/import.c (parse_p12): Ditto. -- This is finishes the support for PWRI. The N_() marks are added so that we don't rely of the side-effect of having the same strings in protect-tool.c Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit eeb65d3bbd7d461694d30009631739735a2b9bad)
* sm: Support decryption of password based encryption (pwri)Werner Koch2021-05-173-59/+495
| | | | | | | | | | | | | | | | | | | | | | | | * sm/decrypt.c (string_from_gcry_buffer): New. (pwri_parse_pbkdf2): New. (pwri_decrypt): New. (prepare_decryption): Support pwri. (gpgsm_decrypt): Test for PWRI. Move IS_DE_VS flag to DFPARM. * common/sexputil.c (cipher_mode_to_string): New. -- Note that this is not finished because we need to implement a password callback. For now "abc" is used as passwort. Latest libksba is also required to return the required info. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 02029f9eab87e9fd667829dfb083846275576398 Note that this change also prints the used algorithm and shows some existsing diagnostics only in verbose mode. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: LDAP search by a mailbox now ignores revoked keys.Werner Koch2021-05-171-1/+2
| | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked and disable keys in mail mode. -- The LDAP schema has a revoked and a disabled flag. The former will be set if a revoked key is uploaded; the latter can be set by other means. With this change a search by mailbox does not anymore return keys with these LDAP attributes set. This allows to better maintain a directory with multiple keys per mailbox. Doing the same for expired keys could also be done but requires more effort. Signed-off-by: Werner Koch <[email protected]>
* scd,pcsc: Use a single context.NIIBE Yutaka2021-05-071-150/+167
| | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (pcsc): New variable. (struct reader_table_s): Remove pcsc.context from member. (pcsc_get_status, connect_pcsc_card): Use pcsc.context. (close_pcsc_reader): Release pcsc.context here with reference count. (apdu_open_one_reader): Move API loading to ... (pcsc_init): new. (apdu_open_one_reader): Remove. (apdu_open_reader): Call open_pcsc_reader instead of apdu_open_one_reader. (open_pcsc_reader): Call pcsc_init if needed. Call close_pcsc_reader instead of pcsc_release_context. Make reader parsing more robust. (apdu_init): Initialize pcsc.count and pcsc.context. -- Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 1080e91efd60cb41c2d6dbafaee810e5967a3161) The backport also adds some other chnages as described above. Signed-off-by: Werner Koch <[email protected]>
* po: auto updatesWerner Koch2021-05-0426-238/+238
| | | | --
* build: Silence a cimpiler warning also in non-maintainer mode.Werner Koch2021-05-041-0/+3
| | | | | | -- This yields less warnings during a release build.
* gpg: Allow ECDH with a smartcard returning just the x-coordinate.Werner Koch2021-05-044-100/+143
| | | | | | | | | | | | | | | | | | | * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Factor extraction part out to ... (extract_secret_x): new. Allow for x-only coordinate. (pk_ecdh_encrypt_with_shared_point): Change arg shared_mpi to (shared,nshared). Move param check to the top. Add extra safety check. (pk_ecdh_decrypt): Adjust for change. * g10/pkglue.c (get_data_from_sexp): New. (pk_encrypt): Use it for "s" and adjusted for changed pk_ecdh_encrypt_with_shared_point. * g10/pubkey-enc.c (get_it): Remove conversion to an MPI and call pk_ecdh_decrypt with the frame buffer. -- Backported-from-master: f129b0e97730b47d62482fba9599db39b526f3d2) Signed-off-by: Werner Koch <[email protected]>
* build: Silence two compiler warnings.Werner Koch2021-05-042-1/+2
| | | | --
* scd: Fix possible PC/SC removed card problemWerner Koch2021-05-041-0/+12
| | | | | | | | | * scd/apdu.c (pcsc_cancel): New. (pcsc_init): Load new function. (connect_pcsc_card): Use it after a removed card error. -- Backported-from-master: 8d81fd7c01e8dfacc719ff190f8e364014e32fdf
* scd: Add string for another PC/SC error code.Werner Koch2021-05-042-1/+5
| | | | | | | | * scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): New. (pcsc_error_string): Add a description for this. * scd/scdaemon.c (scd_kick_the_loop): Fix diagnostic. Signed-off-by: Werner Koch <[email protected]>
* build: Allow running sign-release target from the dist dir.Werner Koch2021-05-041-1/+1
| | | | | | | | | -- This is a kludge to avoid a new configure run only to then cd down do dist. Just cd to dist and run make sign-release. (cherry picked from commit 178e4eb6555e3dffcae3eda1b45c1dbf1d87c103)
* scd: Fix unblock PIN by a Reset Code with KDF.Kirill Elagin2021-05-041-1/+1
| | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for pin2hash_if_kdf, for user's PIN. -- GnuPG-bug-id: 5413 Signed-off-by: Kirill Elagin <[email protected]> (cherry picked from commit f209d7d2db0e963a6ad1fa8c4f0c034ba0297842)
* gpg: Fix mailbox based search via AKL keyserver method.Werner Koch2021-05-045-13/+11
| | | | | | | | | | | | | | | | | | * g10/keyserver.c (keyserver_import_name): Rename to ... (keyserver_import_mbox): this. And use mail search mode. * g10/getkey.c (get_pubkey_byname): Change the two callers. -- In contrast to a search via keyserver_import_ntds the older keyserver_import_name used a full match of the provided name despite that it is only called with an addr-spec (mbox). Due to the mode the pattern send to dirmngr was prefixed with a '=' and thus dirmngr used an exact search;. This did only work for provided user ids like "[email protected]" but not for "<[email protected]>" or "Foo <[email protected]>". The old code dates back to 2010. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 4fcfac6feb2a6c2b14883ba406afc917e8d4be42)
* gpg: Auto import keys specified with --trusted-keys.Werner Koch2021-05-044-6/+47
| | | | | | | * g10/getkey.c (get_pubkey_with_ldap_fallback): New. * g10/trustdb.c (verify_own_keys): Use it. (cherry picked from commit 100037ac0f558e8959fc065d4703c85c2962489e)
* gpg: Allow decryption w/o public key but with correct card inserted.Werner Koch2021-05-043-7/+64
| | | | | | | | | | | | * agent/command.c (cmd_readkey): Add option --no-data and special handling for $SIGNKEYID and $AUTHKEYID. * g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR output. * g10/skclist.c (enum_secret_keys): Automagically get a missing public key for the current card. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 50293ec2ebf2a997dbad9a47166d694efcc0709a)
* speedo: Automatically select Authenticode signing cert.Werner Koch2021-05-041-1/+1
| | | | | | | | | | | -- This is required because GlobalSign re-issued the certificate (which actually required to install InternetExploder in addition to Edge) and now we have two certs to select from. The /a option seems to use the latest generated certificate. (cherry picked from commit 4237a2b0a50999885c1577d27419ef8c49cd32db)
* agent: Silence error messages for READKEY --cardWerner Koch2021-05-042-6/+9
| | | | | | | * agent/command.c (cmd_readkey): Test for shadow key before creating it. (cherry picked from commit 8f2c9cb73538baab7da8107f2cceb2f6fc49642a)
* gpg: Allow fingerprint based lookup with --locate-external-key.Werner Koch2021-05-037-53/+204
| | | | | | | | | | | | | | | | | | * g10/keyserver.c (keyserver_import_fprint_ntds): New. * g10/getkey.c (get_pubkey_byname): Detect an attempt to search by fingerprint in no_local mode. -- See the man page. For testing use gpg --auto-key-locate local,wkd,keyserver --locate-external-key \ FINGERPRINT with at least one LDAP keyserver given in dirmngr.conf. On Windows "ntds" may be used instead or in addtion to "keyserver". Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ec36eca08cdbf6653e7362e8e0e6c5f2c75b4a60)
* gpg: Lookup a missing public key of the current card via LDAP.Werner Koch2021-05-0311-41/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_seckey_default_or_card): Lookup a missing public key from the current card via LDAP. * g10/call-dirmngr.c: Include keyserver-intetnal.h. (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the new LDAP flag. * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New. Replace the use of the value 1 for the former quick arg. (KEYSERVER_IMPORT_FLAG_LDAP): New. * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line length. * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only. * dirmngr/server.c (cmd_ks_get): Add option --ldap. -- This change makes it easy to start working with gnupg: Just insert the smartcard or token provided to you and the first time you sign a message the public key associated with the current card will be imported and everything is set without any configuration. This works only with an LDAP directory because it can be expected that the public key has been put into the LDAP during card personalization. Of course an LDAP server needs to be configured; in a Windows AD domain this can be a mere "keyserver ldap:///" in dirmngr.conf. Other configured keyservers are ignored. Requirements for the card driver: The $SIGNKEYID attribute must exists and a query for the KEY-FPR attribute needs to return the OpenPGP fingerprint for that key. This is currently supported for OpenPGP cards and certain PKCS#15 cards. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d7e707170fbe2956deb3d81e2802d21352079722)
* gpg: Minor restructuring of a function.Werner Koch2021-05-032-43/+51
| | | | | | | | -- This is for easier reading and future changing. (cherry picked from commit d984de172c29cd9a56e3a397bdb573519ff74e92)
* scd: Add option --info to emit KEYPAIRINFO by readkey command.Werner Koch2021-05-033-13/+65
| | | | | | | | | | | * scd/command.c (do_readkey): Implement this. * scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP parm optional. Add arg R_ALGOSTR. -- This patch basically mimics what we do in 2.3. Signed-off-by: Werner Koch <[email protected]>
* common: Fix gnupg_wait_processes, by skipping invalid PID.NIIBE Yutaka2021-05-031-1/+6
| | | | | | | | | * common/exechelp-posix.c (gnupg_wait_processes): Skip invalid PID. -- Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit d82dae5d2229a30dbc78aadc4d544d30dac76a1c)
* agent: Skip unknown unknown ssh curves seen on cards.Werner Koch2021-05-031-7/+17
| | | | | | | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Skip unknown curves. -- For example when using my standard ed25519 token and testing cards with only Brainpool support, the ssh-agent failed due to the unknown curves seen on the card. This patches fixes this by ignoring keys with unknown curves. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2d2391dfc25cfe160581b1bb4b4b8fc4764ac304)
* gpgconf: Do not i18n an empty string to the PO files meta data.Werner Koch2021-04-291-0/+3
| | | | | | | | * tools/gpgconf-comp.c (my_dgettext): Ignore empty strings. -- GnuPG-bug-id: 5363 (cherry picked from commit 18d884f8411a0ca263a8aa588bb49eb0dae9ee19)
* gpg: No warning in quiet mode for S2K mode 0.Werner Koch2021-04-291-1/+2
| | | | --
* doc: Fix option name.Werner Koch2021-04-291-1/+1
| | | | --
* w32: Silence a compiler warning in dirmngr.cWerner Koch2021-04-291-3/+3
| | | | | | -- (cherry picked from commit 683ff00bb1454d82914b2bddbf316057221971c1)
* scd: New option --pcsc-shared.Werner Koch2021-04-295-3/+14
| | | | | | | | | | | | | | | | | | * scd/scdaemon.h (opt): Add field opcsc_shared. * scd/scdaemon.c (opcscShared): New. (opts): Add "--pcsc-shared". (main): Set flag. * scd/apdu.c (connect_pcsc_card): Use it. (pcsc_get_status): Take flag in account. * scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared mode. -- This option should in general not be used. The patch tries to limit bad effects but using shared mode is somewhat dangerous depending on the other PC/SC users. (cherry picked from commit 5732e7a8e97cebf8e850c472e644e2a9b040836f)
* scd: Rewrite READKEY to allow for compressed points.Werner Koch2021-04-293-43/+75
| | | | | | | | | | | | | | | * scd/app-help.c (app_help_pubkey_from_cert): New. Taken from 2.3. * scd/command.c (cmd_readkey): Rewrite using new helper. -- Actually the readkey functions needs to return the uncompressed points but if there is no readkey function, like in app-p15.c, readcert is used and here we need to extract and the key and uncompress the point. Noet that the --advanced flag did not and still does not work if the key is fetched via readcert. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Update from current GnuPG 2.3Werner Koch2021-04-291-838/+2726
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- This reflects the state of commit 1f846823b397d68eaa8a31422f78c99f8e9ff738 featuring these commits: 1f846823b scd:p15: Fix the name of a card. cc5aa68b6 scd:p15: Fix last commit and improve D-TRUST detection. 21e3f750b scd:p15: Shorten the displayed s/n of RSCS cards 30f90fc85 scd:p15: Support attribute KEY-FPR. ecb9265b8 scd:p15: Match private keys with certificates also by ... e17d3f866 scd:p15: New flag APP_LEARN_FLAG_REREAD. 1c16878ef scd: Replace all assert macros by the log_assert macro. 7f9126363 scd:p15: Return labels for keys and certificates. 651c07a73 scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED. de4d3c99a scd:p15: Return the creation time of the keys. 592f48011 scd:p15: Make RSA with SHA512 work with CardOS. a494b29af scd:p15: Support ECDSA and ECDH for CardOS. 964363e78 scd:p15: Make $SIGNKEY et al determination more fault ... 85082a83c scd:p15: Allow to use an auth object label with cmd CHECKPIN. ef29a960b scd:p15: New attribute CHV-LABEL. bf1d7bc36 scd:p15: Implement CHV-STATUS attribute 0f191a070 scd:p15: Fix faulty removal of a test code change. 08b5ac492 scd:p15: Support special extended usage flags for OpenPGP ... d51a5ca10 scd:p15: Read out the access flags. cfdaf2bcc scd:p15: Get the label value of all objects for better diag... 33aaa37e5 scd:p15: Make it code work again for D-Trust cards. 488eaedc9 scd:p15: Extract extended usage flagsand act upon them. 0c080ed57 scd:p15: Read PuKDF and minor refactoring. 1e197c29e scd:p15: Make file selection more robust. 5bcbc8cee scd:p15: Factor the commonKeyAttributes parser out. fb84674d6 scd:p15: Factor the commonObjectAttributes parser out. fc287c055 scd:p15: First step towards real CardOS 5 support. 60499d989 scd:p15: Show the ATR as part of the TokenInfo diagnostics. 00037f499 scd:p15: Print the internal card type. c7b9a4ee4 scd:p15: Improve support for some CardOS based cards. Signed-off-by: Werner Koch <[email protected]>
* common: Extend the openpgp_curve_to_oid function.Werner Koch2021-04-298-14/+24
| | | | | | | | | | | * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS. Change all callers. -- In particular for ed25519 and cv25519 it is quite useful to have an ability to get the required algorithm. (cherry picked from commit 24095101a5069f15a9aea7512498ac436a76814a)
* common: New module to compute openpgp fingerprintsWerner Koch2021-04-293-0/+306
| | | | | | | | | | | | * common/openpgp-fpr.c: New. * common/Makefile.am (common_sources): Add it. -- This function is targeted to handle keys on smartcards. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 2f2bdd9c0894eb43f719da8b529b4c7a46f742a0) Signed-off-by: Werner Koch <[email protected]>
* common: New function to uncompress an ECC public key.Werner Koch2021-04-293-1/+593
| | | | | | | | | | | | | * common/sexputil.c (ec2os): New. (uncompress_ecc_q_in_canon_sexp): New. * common/t-sexputil.c (fail2): new. (test_ecc_uncompress): New. (main): Run new test. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 935765b451aadc63fbba763a4a00f4efa0254436)
* common: New function cmp_canon_sexp.Werner Koch2021-04-294-2/+200
| | | | | | | | | | | | | * common/sexputil.c (cmp_canon_sexp): New. (cmp_canon_sexp_def_tcmp): New. * common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test. -- To be used to fix GnuPG-bug-id: 5061 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit b6ba6a79ce9336f1b53f16f3d1190dd009fb166e)
* scd: New function send_keyinfo to assist in backporting.Werner Koch2021-04-292-0/+30
| | | | * scd/command.c (send_keyinfo): New.
* scd: Minor changes to assist in backporting from 2.3Werner Koch2021-04-293-5/+9
| | | | | * scd/command.c (send_status_direct): Return an error code. * scd/app-common.h (APP_LEARN_FLAG_REREAD): New.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 18:28:12 +0000