aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* scd:p15: Use APP_CARD macro at some other places.Werner Koch2023-02-171-4/+4
| | | | | | -- This makes back porting easier.
* scd: Improve reading of binary records.Werner Koch2023-02-173-10/+5
| | | | | | | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the same as 6b00. * scd/apdu.c (apdu_get_atr): Modify debug messages. * scd/app-p15.c (app_select_p15): Print FCI on error. (read_p15_info): Clean up diag in presence of debug options. -- Some cards return 6a86 instead of 6b00. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 44f977d0e332e77fb8a775c4837c00118bbe08cb
* scd:p15: Handle cards with bad encoded path objects.Werner Koch2023-02-171-9/+13
| | | | | | | | | | * scd/app-p15.c (read_ef_prkdf, read_ef_pukdf) (read_ef_cdf, read_ef_aodf): Allow for a zero length path and correctly skip unsupported auth types. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 7a8545c91b09277b0833dc0e5881ba5d1c8dbca3
* gpg: --gen-random code cleanup by using es_set_binary.Werner Koch2023-02-163-4/+4
| | | | | | | | | | | * g10/gpg.c (main): Replace setmode by es_set_binary and use only when needed. -- It is better to use our es_set_binary than to use a Windows specific method which still worked but is fragile because estream might be changed. We now set binary only when needed. Note that it does not harm to call es_set_binary more often than needed.
* agent: Do not consider --min-passphrase-len for the magic wand.Werner Koch2023-02-163-14/+38
| | | | | | | * agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets. * g10/gpg.c (main) <aGenRandom>: Add Level 30. (cherry picked from commit ae2f1f0785e429d6dbb577a1fcf9a880aaff8e49)
* gpg: Add level 16 to --gen-randomWerner Koch2023-02-161-32/+45
| | | | | | | | | | | | * g10/gpg.c (main): Add that hack. -- This is an yet undocumented hack to allow printing hex encoded random number with gpg. The level is forced to be 1 which is is good for almost all uses. Note that --armor is ignored. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: d847f0651ab4304129145b55353501636b4e4728
* gpg: Make "--list-options show-sig-subpackets=n,m" work again.Werner Koch2023-01-311-4/+11
| | | | | | | * g10/gpg.c (parse_list_options): Set value for show-sig-subpackets. -- Fixes-commit: b6ba7054a04a759ea690c1b1bdc023acd9214fe2
* gpgtar: Fix parent directory creation bugWerner Koch2023-01-261-0/+3
| | | | | * tools/gpgtar-extract.c (extract_directory): Ignore EEXIST on parent directory creation.
* gpgtar: Allow decryption from stdin.Werner Koch2023-01-262-19/+20
| | | | | | | | * tools/gpgtar.c (main): Revamp switch and fix usage test for aDecrypt and aList. -- GnuPG-bug-id: 6355
* po: Update Japanese Translation.NIIBE Yutaka2023-01-261-25/+15
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Replace --override-compliance-check by a real fix.Werner Koch2023-01-205-32/+8
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA. * g10/gpg.c (oOverrideComplianceCheck): Remove. (opts): Turn --override-compliance-check into a dummy option. * g10/options.h (opt): Remove override_compliance_check. * g10/sig-check.c (check_key_verify_compliance): Remove use of that option. -- The introduction of --override-compliance-check actually hid the real cause for the signature verification problem in de-vs mode for the Ed25519 key. The real fix is to handle the EdDSA algorithm in gnupg_pk_is_allowed. Fixes-commit: 773b8fbbe915449c723302f5268d7906b40d84d3 GnuPG-bug-id: 5655
* gpg: Do not require --status-fd along with --require-compliance.Werner Koch2023-01-201-1/+1
| | | | | * g10/mainproc.c (check_sig_and_print): Do not check whether status is enabled when checking compliance.
* common: Detect PNG and JPEG file formats.Werner Koch2023-01-191-6/+24
| | | | | | | * common/miscellaneous.c (is_file_compressed): Add detect code. -- GnuPG-bug-id: 6332
* gpg: Detect already compressed data also when using a pipe.Werner Koch2023-01-199-344/+488
| | | | | | | | | | | | | | | | | | | | | | | | | * common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature. (file_filter): Implement peeking. (iobuf_ioctl): Add new IOBUF_IOCTL_PEEK. * common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New. * common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF. * g10/encrypt.c (encrypt_simple): Peek before detecting compression. (encrypt_crypt): Ditto. * g10/sign.c (sign_file): Also detect already compressed data. * g10/options.h (opt): Add explicit_compress_option. * g10/gpg.c (main): Set opt.explicit_compress_option for -z. -- Note that this patch also introduces a compression check for signing which was never done in the past. GnuPG-bug-id: 6332 Backported-from-master: 60963d98cfd8e60f88ee43c2d992f6dd3bbbd74c Note that sign.c (sign_file) has been re-indented to ease future backports.
* common: Replace all assert in iobuf by log_assert.Werner Koch2023-01-191-32/+32
| | | | --
* gpgtar: Make --status-fd option for fds > 2 workWerner Koch2023-01-193-3/+15
| | | | | | | | | | | | | * tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in spawn. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- Note that this fix does not handle file descripotors passed via the --gpg-args options. GnuPG-bug-id: 6348
* Update copyright noticesWerner Koch2023-01-164-5/+5
| | | | --
* scd:openpgp: Allow auto-changing of the key attributes in genkey.Werner Koch2023-01-133-69/+215
| | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add field keyalgo. (parse_algorithm_attribute): Store the new keyalgo field. (change_keyattr): Change info message. (change_keyattr_from_string): Rewrite to also accept a keyref and a keyalgo string. (do_genkey): Change the keyattr if a keyalgo string is given. * scd/command.c (cmd_genkey): Add option --algo. -- Having this feature makes it easier to use OpenPGP cards in a similar way to other cards. Note that the explicit changing via SETATTR is still supported. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d7d75da50543bc7259c5a6e6367b58cbca7f1b7b) (cherry picked from commit b349adc5c0d00d2fc405a45bd078f1580b5610cc)
* common: New function get_keyalgo_string.Werner Koch2023-01-134-6/+240
| | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (struct keyalgo_string_s): New. (keyalgo_strings): New. (keyalgo_strings_size, keyalgo_strings_used): New. (openpgp_oid_or_name_to_curve): New. (get_keyalgo_string): New. -- This function is intended as a more general version of gpg's pubkey_string function. It has the advantage to avoid mallocs and uses static table of algorithm strings instead. There should be only a few dozen of such strings (if at all) and thus all those allocations we do internally in gpg's pubkey_string and the static buffers all over the place are not too nice. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3a1fa13eedb969b561bae18cd3d7c2fb0b63d6ab) (cherry picked from commit 332a72f7340895e7db1e9c5f89046f722bb7465b)
* scd: Return CARDTYPE, CARDVERSION, and APPVERSION.Werner Koch2023-01-131-2/+31
| | | | | | * scd/app.c (strcardtype): New. (app_write_learn_status): Return more info. (app_getattr): Allow for CARDTYPE.
* sm: Support generation of card-based ECDSA CSR.Damien Goutte-Gattat via Gnupg-devel2023-01-131-16/+43
| | | | | | | | | | | | | | | | | | * sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key and format resulting S-expression accordingly. -- Current GpgSM implementation assumes card-based keys are RSA keys. This patch introduces support for ECDSA keys. GnuPG-bug-id: 4092 Signed-off-by: Damien Goutte-Gattat <[email protected]> (cherry picked from commit 74e9b579ca273fc07be090bb5fb7800a97b1b452) - Removed already applied changes from the original commit. - Allow for SHA384 and SHA512 Signed-off-by: Werner Koch <[email protected]>
* sm: Fix regression due to the new ECC cert generationWerner Koch2023-01-131-1/+5
| | | | | | | * sm/certreqgen.c (create_request): Also set SIGKEYLEN. -- Fixes-commit: ed62b74a175ef092fd3ac8b2d54b3213fe56af5b
* sm: Fix compliance checking for ECC signature verification.Werner Koch2023-01-124-7/+34
| | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Also consider the gcrypt vids for ECDSA et al. (gnupg_pk_is_allowed): Ditto. * sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance notice for a non-compliant key. * sm/certchain.c (gpgsm_validate_chain): Silence the "switching to chain model". -- Backported-from-master: 338a5ecaa1f11abf24514c8df994170bdb1018f4
* dirmngr: Do not check for Tor for --gpgconf-* optionsWerner Koch2023-01-111-4/+15
| | | | | * dirmngr/dirmngr.c (post_option_parsing): Add arg CMD. (main): Pass the current command.
* po: Auto updateWerner Koch2023-01-1125-480/+833
| | | | --
* po: Update German translationWerner Koch2023-01-111-21/+29
| | | | --
* gpg: Remove duplicated diagnostic.Werner Koch2023-01-111-4/+0
| | | | | | -- Fixes-commit: a545e14e8a74453a3110e32533af8858f88492be
* gpg: Add missing space to a diagnostic.Werner Koch2023-01-111-2/+1
| | | | --
* w32: Make sure DEP is enabled.Werner Koch2023-01-111-1/+18
| | | | | | | | * common/init.c (_init_common_subsystems): Test and set the DEP Policy. -- Note that this change will now definitely require Windows XP SP3.
* doc: Minor man page fixes.Werner Koch2023-01-112-4/+3
| | | | --
* Merge branch 'STABLE-BRANCH-2-2.40' into STABLE-BRANCH-2-2Werner Koch2022-12-2345-142/+836
|\ | | | | | | --
| * Post release updatesSTABLE-BRANCH-2-2.40Werner Koch2022-12-092-1/+7
| | | | | | | | --
| * Release 2.2.41gnupg-2.2.41Werner Koch2022-12-091-4/+5
| |
| * po: Auto updateWerner Koch2022-12-0925-0/+250
| | | | | | | | --
| * po: Update German translationWerner Koch2022-12-091-51/+9
| | | | | | | | --
| * scd:p15: Skip deleted records.Werner Koch2022-12-081-8/+37
| | | | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (select_and_read_record): Special case deleted records. Support 3 byte TLVs. (read_ef_prkdf): Skip deleted records. (read_ef_pukdf): Ditto. (read_ef_cdf): Ditto. (read_ef_aodf): Ditto. -- This fixes a problem with some CardOS 5 applications.
| * speedo: Support CUSTOM_SWDB builds.Werner Koch2022-12-072-14/+33
| | | | | | | | --
| * speedo: Introduce the OVERRIDE_TARBALLS featureWerner Koch2022-12-061-0/+11
| | | | | | | | --
| * doc: Prepare NEWSWerner Koch2022-12-062-6/+17
| | | | | | | | --
| * wkd: Do not send/install/mirror expired user ids.Werner Koch2022-12-064-8/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (struct uidinfo_list_s): Add fields expired and revoked. * tools/wks-util.c (append_to_uidinfo_list): Add args expired and revoked. (set_expired_revoked): New. (wks_list_key): Set expired and revoked. (wks_cmd_install_key): Skip expired uids. * tools/gpg-wks-client.c (command_check): Print flags. (command_send): Ignore expired keys. (mirror_one_key): Ditto. * g10/export.c (do_export_stream): Silence warning. -- GnuPG-bug-id: 6292 Backported-from-master: 278f85d1bc6cd012b3b2e87536e50954b21d2d91
| * gpgsm: Silence the "non-critical certificate policy not allowed".Werner Koch2022-12-061-2/+3
| | | | | | | | | | | | | | * sm/certchain.c (check_cert_policy): Print non-critical policy warning only in verbose mode. (cherry picked from commit 4f1b9e3abb337470e5e4809b3a7f2df33f5a63a4)
| * wkd: New option --add-revocs and some fixes.Werner Koch2022-11-304-33/+228
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (opt): Add add_revocs. * tools/wks-util.c (wks_get_key): Add arg 'binary'. (wks_armor_key): New. (wks_find_add_revocs): New. (wks_cmd_install_key): Get key in binary mode and add revocations if enabled. * tools/gpg-wks-client.c (oAddRevocs): New. (opts): Add --add-revocs. (parse_arguments): Set option, (command_send): Get key in binary mode, add revocations if enabled, and explictly armor key. Remove kludge to skip the Content-type line in no_encrypt mode. (mirror_one_keys_userid): Always filter the key to get rid of the armor as received from dirmngr. Add revocations from the local keyring. -- Note that this also fixes an oddity of the new mirror command which used to store the keys armored as received from dirmngr.
| * wkd: Make use of --debug extprog.Werner Koch2022-11-301-1/+20
| | | | | | | | | | | | | | | | * tools/wks-util.c (debug_gpg_invocation): New. (get_key_status_cb): Enable debug output. (wks_get_key): Show gpg invocation. (wks_list_key): Ditto. (wks_filter_uid): Ditto.
| * gpg: New export-filter export-revocsWerner Koch2022-11-303-5/+129
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (EXPORT_REVOCS): New. * g10/export.c (export_select_filter): New. (struct export_filter_attic_s): Add field. (cleanup_export_globals): Cleanup. (parse_export_options): Add option "export-revocs". (parse_and_set_export_filter): Parse the select type. (do_export_revocs): New. (do_export_stream): Add a way to select things for export. -- Backported-from-master: c985b52e71a83d14099f00f80e3588bd3ad28b98
| * gpg: Fix double-free in gpg --card-edit.NIIBE Yutaka2022-11-291-1/+0
| | | | | | | | | | | | | | | | * g10/card-util.c (change_name): Don't free ISONAME here. -- Signed-off-by: NIIBE Yutaka <[email protected]>
| * gpg: use iobuf_read for higher detached signing speedWerner Koch2022-11-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/sign.c (sign_file): Use iobuf_read instead of iobuf_get for reading data from detached file. -- This patch reduces iobuf_read per byte processing overhead and speeds up detached signing. Detached signing speed on AMD Ryzen 5800X (4.3GiB file, SHA256): gpg process user time before: 3.951s after: 1.898s (2.0x faster) GnuPG-bug-id: T5826 Signed-off-by: Jussi Kivilinna <[email protected]> Backported-from-master: f8943ce098f6f193da791faf43fff823568697d9 Numbers above are given for the version in master but should be similar for here (2.2).
| * g10/plaintext: do_hash: use iobuf_read for higher performanceJussi Kivilinna2022-11-291-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/plaintext.c (do_hash): Use iobuf_read instead of iobuf_get for reading data; Use gcry_md_write instead of gcry_md_putc for hash data. -- This patch reduces iobuf_read per byte processing overhead and speeds up detached signature verifying. Detached verifying speed on AMD Ryzen 5800X (4.3GiB file, SHA256): gpg process user time before: 9.410s after: 1.913s (4.9x faster) GnuPG-bug-id: T5826 Signed-off-by: Jussi Kivilinna <[email protected]> (cherry picked from commit 4e27b9defc608f1fa31ca50f1ed1d5761b73b480)
| * gpg: Make --require-compliance work with out --status-fdWerner Koch2022-11-281-1/+1
| | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Set complaince_de_vs also if require-compliance is set. -- Without this fix require-compliance would fail if no --status-fd was used.
| * Update NEWS for 2.2.41Werner Koch2022-11-251-0/+15
| | | | | | | | --
| * w32: Fix for make check.NIIBE Yutaka2022-11-251-1/+1
| | | | | | | | | | | | | | | | | | * tests/gpgsm/Makefile.am: Add $(EXEEXT). -- Fixes-commit: a27e6505daabd7ea1405244d128ad3c2ef5bb6f6 Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 23:25:35 +0000