aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpgconf: Print some standard envvars with -XWerner Koch2023-02-281-0/+18
| | | | | | | | | * tools/gpgconf.c (show_configs): Add a list of envvars and print them. -- Note that for simplicity we to not distinguish between Windows and Linux here.
* gpgsm: Improve cert lookup callback from dirmngr.Werner Koch2023-02-263-5/+13
| | | | | | | | | | | | | | | | | * sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New. (FIND_CERT_WITH_EPHEM): New. * sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a generic flags arg. Implement the new flag FIND_CERT_WITH_EPHEM. * sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked certs. -- The dirmngr may need to get a certificate from gpgsm's store in the course of verifying a CRL. In some cases the certificate is still marked as epehemeral - this needs to be returned as well. This _may_ also fix GnuPG-bug-id: 4436
* sm: Fix issuer certificate look error due to legacy error code.Werner Koch2023-02-248-101/+115
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/certchain.c (find_up): Get rid of the legacy return code -1 and chnage var name rc to err. (gpgsm_walk_cert_chain): Change var name rc to err. (do_validate_chain): Get rid of the legacy return code -1. * sm/keydb.c (keydb_search): Replace return code -1 by GPG_ERR_NOT_FOUND. (keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND. * sm/certchain.c (find_up_search_by_keyid): Ditto. (find_up_external, find_up, find_up_dirmngr): Ditto. (gpgsm_walk_cert_chain): Ditto. (get_regtp_ca_info): Ditto. * sm/certlist.c (gpgsm_add_to_certlist): Ditto. (gpgsm_find_cert): Ditto. * sm/delete.c (delete_one): Ditto. * sm/export.c (gpgsm_export): Ditto. (gpgsm_p12_export): Ditto. * sm/import.c (gpgsm_import_files): Ditto. * sm/keylist.c (list_cert_colon): Ditto. (list_internal_keys): Ditto. * sm/sign.c (add_certificate_list): Ditto. -- This bug was detected while fixing GnuPG-bug-id: 4757 Backported-from-master: 473b83d1b9efe51fcca68708580597dddf3f50b7 Some extra code has been taken from commit ed6ebb696e4063dc664d7ee74fc492025881c459
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2023-02-172-1/+131
| | | | | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. -- Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: eba2563dabbb4f61537900289fbe3ae113904733 Backported-from-master: 43bbc25b0f57dec24412886ff46041e0b1f3de26
* scd:p15: Add pre-check for ascii-numeric PINs.Werner Koch2023-02-171-3/+11
| | | | | | | * scd/app-p15.c (verify_pin): ascii-numeric is different than BCD. (cherry picked from commit 029924a46e08ffcda038d89f06abfb41c980a9ad) Added a few typo fixes.
* scd:p15: Use APP_CARD macro at some other places.Werner Koch2023-02-171-4/+4
| | | | | | -- This makes back porting easier.
* scd: Improve reading of binary records.Werner Koch2023-02-173-10/+5
| | | | | | | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the same as 6b00. * scd/apdu.c (apdu_get_atr): Modify debug messages. * scd/app-p15.c (app_select_p15): Print FCI on error. (read_p15_info): Clean up diag in presence of debug options. -- Some cards return 6a86 instead of 6b00. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 44f977d0e332e77fb8a775c4837c00118bbe08cb
* scd:p15: Handle cards with bad encoded path objects.Werner Koch2023-02-171-9/+13
| | | | | | | | | | * scd/app-p15.c (read_ef_prkdf, read_ef_pukdf) (read_ef_cdf, read_ef_aodf): Allow for a zero length path and correctly skip unsupported auth types. -- Signed-off-by: Werner Koch <[email protected]> Backported-from-master: 7a8545c91b09277b0833dc0e5881ba5d1c8dbca3
* gpg: --gen-random code cleanup by using es_set_binary.Werner Koch2023-02-163-4/+4
| | | | | | | | | | | * g10/gpg.c (main): Replace setmode by es_set_binary and use only when needed. -- It is better to use our es_set_binary than to use a Windows specific method which still worked but is fragile because estream might be changed. We now set binary only when needed. Note that it does not harm to call es_set_binary more often than needed.
* agent: Do not consider --min-passphrase-len for the magic wand.Werner Koch2023-02-163-14/+38
| | | | | | | * agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets. * g10/gpg.c (main) <aGenRandom>: Add Level 30. (cherry picked from commit ae2f1f0785e429d6dbb577a1fcf9a880aaff8e49)
* gpg: Add level 16 to --gen-randomWerner Koch2023-02-161-32/+45
| | | | | | | | | | | | * g10/gpg.c (main): Add that hack. -- This is an yet undocumented hack to allow printing hex encoded random number with gpg. The level is forced to be 1 which is is good for almost all uses. Note that --armor is ignored. Signed-off-by: Werner Koch <[email protected]> Backported-from-master: d847f0651ab4304129145b55353501636b4e4728
* gpg: Make "--list-options show-sig-subpackets=n,m" work again.Werner Koch2023-01-311-4/+11
| | | | | | | * g10/gpg.c (parse_list_options): Set value for show-sig-subpackets. -- Fixes-commit: b6ba7054a04a759ea690c1b1bdc023acd9214fe2
* gpgtar: Fix parent directory creation bugWerner Koch2023-01-261-0/+3
| | | | | * tools/gpgtar-extract.c (extract_directory): Ignore EEXIST on parent directory creation.
* gpgtar: Allow decryption from stdin.Werner Koch2023-01-262-19/+20
| | | | | | | | * tools/gpgtar.c (main): Revamp switch and fix usage test for aDecrypt and aList. -- GnuPG-bug-id: 6355
* po: Update Japanese Translation.NIIBE Yutaka2023-01-261-25/+15
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Replace --override-compliance-check by a real fix.Werner Koch2023-01-205-32/+8
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA. * g10/gpg.c (oOverrideComplianceCheck): Remove. (opts): Turn --override-compliance-check into a dummy option. * g10/options.h (opt): Remove override_compliance_check. * g10/sig-check.c (check_key_verify_compliance): Remove use of that option. -- The introduction of --override-compliance-check actually hid the real cause for the signature verification problem in de-vs mode for the Ed25519 key. The real fix is to handle the EdDSA algorithm in gnupg_pk_is_allowed. Fixes-commit: 773b8fbbe915449c723302f5268d7906b40d84d3 GnuPG-bug-id: 5655
* gpg: Do not require --status-fd along with --require-compliance.Werner Koch2023-01-201-1/+1
| | | | | * g10/mainproc.c (check_sig_and_print): Do not check whether status is enabled when checking compliance.
* common: Detect PNG and JPEG file formats.Werner Koch2023-01-191-6/+24
| | | | | | | * common/miscellaneous.c (is_file_compressed): Add detect code. -- GnuPG-bug-id: 6332
* gpg: Detect already compressed data also when using a pipe.Werner Koch2023-01-199-344/+488
| | | | | | | | | | | | | | | | | | | | | | | | | * common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature. (file_filter): Implement peeking. (iobuf_ioctl): Add new IOBUF_IOCTL_PEEK. * common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New. * common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF. * g10/encrypt.c (encrypt_simple): Peek before detecting compression. (encrypt_crypt): Ditto. * g10/sign.c (sign_file): Also detect already compressed data. * g10/options.h (opt): Add explicit_compress_option. * g10/gpg.c (main): Set opt.explicit_compress_option for -z. -- Note that this patch also introduces a compression check for signing which was never done in the past. GnuPG-bug-id: 6332 Backported-from-master: 60963d98cfd8e60f88ee43c2d992f6dd3bbbd74c Note that sign.c (sign_file) has been re-indented to ease future backports.
* common: Replace all assert in iobuf by log_assert.Werner Koch2023-01-191-32/+32
| | | | --
* gpgtar: Make --status-fd option for fds > 2 workWerner Koch2023-01-193-3/+15
| | | | | | | | | | | | | * tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in spawn. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- Note that this fix does not handle file descripotors passed via the --gpg-args options. GnuPG-bug-id: 6348
* Update copyright noticesWerner Koch2023-01-164-5/+5
| | | | --
* scd:openpgp: Allow auto-changing of the key attributes in genkey.Werner Koch2023-01-133-69/+215
| | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add field keyalgo. (parse_algorithm_attribute): Store the new keyalgo field. (change_keyattr): Change info message. (change_keyattr_from_string): Rewrite to also accept a keyref and a keyalgo string. (do_genkey): Change the keyattr if a keyalgo string is given. * scd/command.c (cmd_genkey): Add option --algo. -- Having this feature makes it easier to use OpenPGP cards in a similar way to other cards. Note that the explicit changing via SETATTR is still supported. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d7d75da50543bc7259c5a6e6367b58cbca7f1b7b) (cherry picked from commit b349adc5c0d00d2fc405a45bd078f1580b5610cc)
* common: New function get_keyalgo_string.Werner Koch2023-01-134-6/+240
| | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (struct keyalgo_string_s): New. (keyalgo_strings): New. (keyalgo_strings_size, keyalgo_strings_used): New. (openpgp_oid_or_name_to_curve): New. (get_keyalgo_string): New. -- This function is intended as a more general version of gpg's pubkey_string function. It has the advantage to avoid mallocs and uses static table of algorithm strings instead. There should be only a few dozen of such strings (if at all) and thus all those allocations we do internally in gpg's pubkey_string and the static buffers all over the place are not too nice. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 3a1fa13eedb969b561bae18cd3d7c2fb0b63d6ab) (cherry picked from commit 332a72f7340895e7db1e9c5f89046f722bb7465b)
* scd: Return CARDTYPE, CARDVERSION, and APPVERSION.Werner Koch2023-01-131-2/+31
| | | | | | * scd/app.c (strcardtype): New. (app_write_learn_status): Return more info. (app_getattr): Allow for CARDTYPE.
* sm: Support generation of card-based ECDSA CSR.Damien Goutte-Gattat via Gnupg-devel2023-01-131-16/+43
| | | | | | | | | | | | | | | | | | * sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key and format resulting S-expression accordingly. -- Current GpgSM implementation assumes card-based keys are RSA keys. This patch introduces support for ECDSA keys. GnuPG-bug-id: 4092 Signed-off-by: Damien Goutte-Gattat <[email protected]> (cherry picked from commit 74e9b579ca273fc07be090bb5fb7800a97b1b452) - Removed already applied changes from the original commit. - Allow for SHA384 and SHA512 Signed-off-by: Werner Koch <[email protected]>
* sm: Fix regression due to the new ECC cert generationWerner Koch2023-01-131-1/+5
| | | | | | | * sm/certreqgen.c (create_request): Also set SIGKEYLEN. -- Fixes-commit: ed62b74a175ef092fd3ac8b2d54b3213fe56af5b
* sm: Fix compliance checking for ECC signature verification.Werner Koch2023-01-124-7/+34
| | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Also consider the gcrypt vids for ECDSA et al. (gnupg_pk_is_allowed): Ditto. * sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance notice for a non-compliant key. * sm/certchain.c (gpgsm_validate_chain): Silence the "switching to chain model". -- Backported-from-master: 338a5ecaa1f11abf24514c8df994170bdb1018f4
* dirmngr: Do not check for Tor for --gpgconf-* optionsWerner Koch2023-01-111-4/+15
| | | | | * dirmngr/dirmngr.c (post_option_parsing): Add arg CMD. (main): Pass the current command.
* po: Auto updateWerner Koch2023-01-1125-480/+833
| | | | --
* po: Update German translationWerner Koch2023-01-111-21/+29
| | | | --
* gpg: Remove duplicated diagnostic.Werner Koch2023-01-111-4/+0
| | | | | | -- Fixes-commit: a545e14e8a74453a3110e32533af8858f88492be
* gpg: Add missing space to a diagnostic.Werner Koch2023-01-111-2/+1
| | | | --
* w32: Make sure DEP is enabled.Werner Koch2023-01-111-1/+18
| | | | | | | | * common/init.c (_init_common_subsystems): Test and set the DEP Policy. -- Note that this change will now definitely require Windows XP SP3.
* doc: Minor man page fixes.Werner Koch2023-01-112-4/+3
| | | | --
* Merge branch 'STABLE-BRANCH-2-2.40' into STABLE-BRANCH-2-2Werner Koch2022-12-2345-142/+836
|\ | | | | | | --
| * Post release updatesSTABLE-BRANCH-2-2.40Werner Koch2022-12-092-1/+7
| | | | | | | | --
| * Release 2.2.41gnupg-2.2.41Werner Koch2022-12-091-4/+5
| |
| * po: Auto updateWerner Koch2022-12-0925-0/+250
| | | | | | | | --
| * po: Update German translationWerner Koch2022-12-091-51/+9
| | | | | | | | --
| * scd:p15: Skip deleted records.Werner Koch2022-12-081-8/+37
| | | | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (select_and_read_record): Special case deleted records. Support 3 byte TLVs. (read_ef_prkdf): Skip deleted records. (read_ef_pukdf): Ditto. (read_ef_cdf): Ditto. (read_ef_aodf): Ditto. -- This fixes a problem with some CardOS 5 applications.
| * speedo: Support CUSTOM_SWDB builds.Werner Koch2022-12-072-14/+33
| | | | | | | | --
| * speedo: Introduce the OVERRIDE_TARBALLS featureWerner Koch2022-12-061-0/+11
| | | | | | | | --
| * doc: Prepare NEWSWerner Koch2022-12-062-6/+17
| | | | | | | | --
| * wkd: Do not send/install/mirror expired user ids.Werner Koch2022-12-064-8/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (struct uidinfo_list_s): Add fields expired and revoked. * tools/wks-util.c (append_to_uidinfo_list): Add args expired and revoked. (set_expired_revoked): New. (wks_list_key): Set expired and revoked. (wks_cmd_install_key): Skip expired uids. * tools/gpg-wks-client.c (command_check): Print flags. (command_send): Ignore expired keys. (mirror_one_key): Ditto. * g10/export.c (do_export_stream): Silence warning. -- GnuPG-bug-id: 6292 Backported-from-master: 278f85d1bc6cd012b3b2e87536e50954b21d2d91
| * gpgsm: Silence the "non-critical certificate policy not allowed".Werner Koch2022-12-061-2/+3
| | | | | | | | | | | | | | * sm/certchain.c (check_cert_policy): Print non-critical policy warning only in verbose mode. (cherry picked from commit 4f1b9e3abb337470e5e4809b3a7f2df33f5a63a4)
| * wkd: New option --add-revocs and some fixes.Werner Koch2022-11-304-33/+228
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (opt): Add add_revocs. * tools/wks-util.c (wks_get_key): Add arg 'binary'. (wks_armor_key): New. (wks_find_add_revocs): New. (wks_cmd_install_key): Get key in binary mode and add revocations if enabled. * tools/gpg-wks-client.c (oAddRevocs): New. (opts): Add --add-revocs. (parse_arguments): Set option, (command_send): Get key in binary mode, add revocations if enabled, and explictly armor key. Remove kludge to skip the Content-type line in no_encrypt mode. (mirror_one_keys_userid): Always filter the key to get rid of the armor as received from dirmngr. Add revocations from the local keyring. -- Note that this also fixes an oddity of the new mirror command which used to store the keys armored as received from dirmngr.
| * wkd: Make use of --debug extprog.Werner Koch2022-11-301-1/+20
| | | | | | | | | | | | | | | | * tools/wks-util.c (debug_gpg_invocation): New. (get_key_status_cb): Enable debug output. (wks_get_key): Show gpg invocation. (wks_list_key): Ditto. (wks_filter_uid): Ditto.
| * gpg: New export-filter export-revocsWerner Koch2022-11-303-5/+129
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (EXPORT_REVOCS): New. * g10/export.c (export_select_filter): New. (struct export_filter_attic_s): Add field. (cleanup_export_globals): Cleanup. (parse_export_options): Add option "export-revocs". (parse_and_set_export_filter): Parse the select type. (do_export_revocs): New. (do_export_stream): Add a way to select things for export. -- Backported-from-master: c985b52e71a83d14099f00f80e3588bd3ad28b98
| * gpg: Fix double-free in gpg --card-edit.NIIBE Yutaka2022-11-291-1/+0
| | | | | | | | | | | | | | | | * g10/card-util.c (change_name): Don't free ISONAME here. -- Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 04:09:42 +0000