aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* doc: Update description of LDAP keyserversWerner Koch2021-06-161-10/+25
| | | | | | -- (cherry picked from commit 7c4b0eda7462cecf230aba8472d264593257dd0d)
* dirmngr: Fix default port for our redefinition of ldaps.Werner Koch2021-06-162-31/+43
| | | | | | | | | | * dirmngr/server.c (make_keyserver_item): Fix default port for ldaps. Move a tmpstr out of the blocks. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 8de9d54ac83fa20cb52b847b643311841be4d6dc)
* dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.Werner Koch2021-06-163-9/+27
| | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT. * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ... (parse_rereadable_options): here. -- Note that this has not yet been tested. In fact a test with OpenLDAP using a modified route got stuck in the connection attempt. Maybe it works on Windows - will be tested later. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 317d5947b84ae2707e46b89fb0d8318c07174e13)
* dirmngr: New option --ldapserverWerner Koch2021-06-164-16/+128
| | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (opts): Add option --ldapserver. (ldapserver_list_needs_reset): New var. (parse_rereadable_options): Implement option. (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used. * dirmngr/server.c (cmd_ldapserver): Add option --clear and list configured servers if none are given. -- This option allows to specify LDAP keyserver in dirmngr instead of using gpgsm.conf. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ff17aee5d10c8c5ab902253fb4332001c3fc3701)
* dirmngr: Allow for non-URL specified ldap keyservers.Werner Koch2021-06-167-168/+367
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ldapserver): Strip an optional prefix. (make_keyserver_item): Handle non-URL ldap specs. * dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls, ldap_over_tls, and ntds. * dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host string. Improve error messages for the non-file case. Support flags. * dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs. (ks_action_search, ks_action_get, ks_action_put): Ditto. * dirmngr/ks-engine-ldap.c: Include ldapserver.h. (ks_ldap_help): Handle non-URL ldap specs. (my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support URLs and non-URL specified keyservers. (ks_ldap_get): Adjust for changes in my_ldap_connect. (ks_ldap_search): Ditto. (ks_ldap_put): Ditto. -- The idea here is to unify our use of URLS or colon delimited ldap keyserver specification. The requirement for percent escaping, for example the bindname in an URLs, is cumbersome and prone to errors. This we allow our classic colon delimited format as an alternative. That format makes it also easy to specify flags to tell dirmngr whether to use starttls or ldap-over-tls. The code is nearly 100% compatible to existing specification. There is one ambiguity if the hostname for CRL/X509 searches is just "ldap"; this can be solved by prefixing it with "ldap:" (already implemented in gpgsm). GnuPG-bug-id: 5405, 5452 Ported-from: 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b
* gpg,sm: Simplify keyserver spec parsing.Werner Koch2021-06-1610-518/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | * common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <[email protected]> Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
* dirmngr: Support pseudo URI scheme "opaque".Werner Koch2021-06-167-18/+36
| | | | | | | | | | | | | | | * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New. * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers to use the new macro for better readability. (do_parse_uri): Add pseudo scheme "opaque". (uri_query_value): New. -- This scheme can be used to convey arbitrary strings in a parsed_uri_t object. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 72124fadafde153f8ac89a70202006d831829d06)
* card: Fix typo in help messageJiri Kerestes2021-06-121-1/+1
| | | | | -- Signed-off-by: Jiri Kerestes <[email protected]>
* sm: Fix finding of issuer in use-keyboxd mode.Werner Koch2021-06-113-37/+62
| | | | | | | | | | | | | * sm/keydb.c (struct keydb_local_s): Add field saved_search_result. (keydb_push_found_state): Implement for keyboxd. (keydb_pop_found_state): Ditto. (keydb_get_cert): Do not release the cert so that the function can be used again to get the same cert. This is the same behaviour as in pubring.kbx mode. * sm/certchain.c, sm/import.c: Improve some error messages. Signed-off-by: Werner Koch <[email protected]>
* scd: Support clearing of Reset Code by ''.NIIBE Yutaka2021-06-111-2/+3
| | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow null-string. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix typo in Simplified Chinese Translation.NIIBE Yutaka2021-06-111-2/+2
| | | | | | | | | | | -- Forward port 2.2 commit of: 3896e7e625dc9cc8d04dcd6cae9f0c22bfe5b404 GnuPG-bug-id: 5477 Reported-by: Zhongren Gu Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new card vendor.Werner Koch2021-06-101-0/+1
| | | | --
* gpgtar,w32: Fix file size computationWerner Koch2021-06-091-1/+1
| | | | | | | | | | | | | * tools/gpgtar-create.c (fillup_entry_w32): Move parentheses. -- Fixes-commit: 8b8925a2bdbb12dd537dde20a27cdb1416c2f1ae The bug is so obvious that I wonder why it was not reported more often on Windows. (Adding 1 to MAXDWORD (0xfffffff) always gives 0 for the product). Signed-off-by: Werner Koch <[email protected]>
* agent: Fix importing protected secret key.NIIBE Yutaka2021-06-091-21/+49
| | | | | | | | | | * agent/cvt-openpgp.c (do_unprotect): Only modify SKEY when it is correctly decrypted. -- GnuPG-bug-id: 5122 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix serial number detection for Yubikey 5.NIIBE Yutaka2021-06-081-4/+5
| | | | | | | | | * scd/app.c (app_new_register): Handle serial number correctly. -- GnuPG-bug-id: 5442 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix READER-PORT option handling for PC/SC.NIIBE Yutaka2021-06-071-17/+27
| | | | | | | | | * scd/apdu.c (apdu_open_reader): READERNO should be -1 when READER-PORT is specified for PC/SC. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Appropriate error code for importing key with no passwd.NIIBE Yutaka2021-06-041-0/+2
| | | | | | | | | | | | * agent/cvt-openpgp.c (convert_from_openpgp_main): Return GPG_ERR_BAD_SECKEY. -- When non-protected case, error at gcry_pk_testkey results GPG_ERR_BAD_PASSPHRASE. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Support KEYGRIP search with traditional keyring.NIIBE Yutaka2021-06-031-3/+13
| | | | | | | | | * g10/keyring.c (keyring_search): Handle KEYDB_SEARCH_MODE_KEYGRIP. -- GnuPG-bug-id: 5469 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Allow for GCM decryption in de-vs mode.Werner Koch2021-06-023-2/+3
| | | | | | | | | | | * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm in decrypt mode. * tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag -- We allow GCM in de-vs mode for decryption although this has not been evaluation. It is decryption and thus no serious harm may happen.
* sm: Support AES-GCM decryption.Werner Koch2021-06-028-7/+96
| | | | | | | | | | | | * tests/cms/samplemsgs/: Add sample messages. * sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error. * sm/decrypt.c (decrypt_gcm_filter): New. (gpgsm_decrypt): Use this filter if requested. Check authtag. -- Note that the sample message pwri-sample.gcm.p7m is broken: The authtag is duplicated to the authEncryptedContentInfo. I used a temporary code during testing hack to that test message out.
* tests: Rename subdir gpgsm to cms and move sample dirs.Werner Koch2021-05-3170-72/+69
| | | | | | | -- It does not make sense to have the cms stuff at the top level but the openpgp at a dedicated directory. This patch fixes that.
* gpgconf: Make runtime changes with different homedir work.Werner Koch2021-05-281-4/+4
| | | | * tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir first.
* doc: Add notes on how to enable TLS in openldap.Werner Koch2021-05-281-0/+56
| | | | --
* agent: Fix calling handle_pincache_put.NIIBE Yutaka2021-05-281-1/+1
| | | | | | | | | | * agent/call-scd.c (padding_info_cb): Fix the argument. -- GnuPG-bug-id: 5436 Reported-by: Bogdan Luca Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix zero-byte handling in ECC.NIIBE Yutaka2021-05-281-11/+3
| | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte. -- Fixes-commit: a25c99b156ca9acaa7712e9c09a6df0a7a23c833 GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Ed448 and X448 are only for v5 for --full-gen-key.NIIBE Yutaka2021-05-271-1/+24
| | | | | | | | | | * g10/keygen.c (generate_keypair): Set pVERSION = 5, pSUBVERSION = 5, when it's Ed448 or X448. -- Fixes-commit: 36355394d865f5760075e62267d70f7a7d5dd671 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: _DARWIN_C_SOURCE should be 1.NIIBE Yutaka2021-05-271-1/+1
| | | | | | | | | | * configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1. -- GnuPG-bug-id: 5440 Reported-by: Jay Freeman Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Partial fix for Unicode problem in output files.Werner Koch2021-05-252-2/+2
| | | | | | | | | | * g10/openfile.c (overwrite_filep): Use gnupg_access. -- As said, this is just an obvious but partial fix. We need to review things for the output module. Signed-off-by: Werner Koch <[email protected]>
* common: Annotate leaked memory in homedir.cWerner Koch2021-05-213-14/+62
| | | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (how_to_fix_the_trustdb): Use gnupg_homedir. * common/homedir.c (standard_homedir): Annotate leaked memory. (gnupg_daemon_rootdir): Ditto. (gnupg_socketdir): Ditto. (gnupg_sysconfdir): Ditto. (gnupg_bindir): Ditto. (gnupg_libdir): Ditto. (gnupg_datadir): Ditto. (gnupg_localedir): Ditto. (gnupg_cachedir): Ditto. (gpg_agent_socket_name): Ditto. (dirmngr_socket_name): Ditto. (keyboxd_socket_name): Ditto. (get_default_pinentry_name): Ditto. (gnupg_module_name): Ditto. (default_homedir): Ditto. Make static. Signed-off-by: Werner Koch <[email protected]>
* sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.Werner Koch2021-05-201-7/+45
| | | | | | | | | | * sm/keylist.c (list_cert_raw): Print the OpenPGP fpr. -- This is useful for debugging for example if an OpenPGP key is used to create an X.509 cert. Signed-off-by: Werner Koch <[email protected]>
* card: Intialize pointer to avoid double freeJakub Jelen2021-05-201-0/+1
| | | | | | | | | * tools/gpg-card.c (cmd_salut): Initialize data pointer -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* scd: avoid memory leaksJakub Jelen2021-05-203-7/+14
| | | | | | | | | | | | | * scd/app-p15.c (send_certinfo): free labelbuf (do_sign): goto leave instead of return * scd/app-piv.c (do_sign): goto leave instead of return, fix typo in variable name, avoid using uninitialized variables * scd/command.c (cmd_genkey): goto leave instead of return -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* kbx: Avoid uninitialized readJakub Jelen2021-05-204-4/+9
| | | | | | | | | | | | * kbx/kbx-client-util.c (datastream_thread): Initialize pointer * kbx/keybox-dump.c (_keybox_dump_cut_records): free blob * kbx/kbxserver.c (kbxd_start_command_handler): do not free passed ctrl * kbx/keyboxd.c (check_own_socket): free sockname -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* g10: Avoid memory leaksJakub Jelen2021-05-203-18/+30
| | | | | | | | | | | | | | | | | * g10/call-agent.c (card_keyinfo_cb): free keyinfo. Restructure to avoid backward gotos. * g10/keyedit.c (menu_set_keyserver_url): properly enclose the block * g10/keygen.c (gen_card_key): free pk and pkt -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393 Additional changes: - Restructure to avoid backward gotos. Signed-off-by: Werner Koch <[email protected]>
* dirmgr: Avoid double freeJakub Jelen2021-05-202-3/+1
| | | | | | | | | | * dirmgr/http.c (http_prepare_redirect): Avoid double free * dirmgr/ocsp.c (check_signature): Initialize pointer -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* common: Avoid double-freeJakub Jelen2021-05-201-0/+1
| | | | | | | | | | * common/name-value.c (do_nvc_parse): reset to null after ownership change -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* agent: Fix memory leaksJakub Jelen2021-05-203-22/+30
| | | | | | | | | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): free wctp * agent/call-scd.c (agent_card_pksign): return error instead of noop (card_keyinfo_cb): free keyinfo. Restructure to avoid a goto backwards. * agent/protect.c (agent_get_shadow_info_type): allocate only as a last action. Catch xtrymalloc failure. (agent_is_tpm2_key): Free buf. -- Signed-off-by: Jakub Jelen <[email protected]> Additional changes are: - Restructure to avoid a goto backwards. - Catch xtrymalloc failure. GnuPG-bug-id: 5393 Signed-off-by: Werner Koch <[email protected]>
* sm: Avoid memory leaks and double double-freeJakub Jelen2021-05-204-7/+26
| | | | | | | | | | | | | * sm/certcheck.c (extract_pss_params): Avoid double free * sm/decrypt.c (gpgsm_decrypt): goto leave instead of return * sm/encrypt.c (encrypt_dek): release s_pkey * sm/server.c (cmd_export): free list (do_listkeys): free lists -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* g10: Fix memory leaksJakub Jelen2021-05-2010-12/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/card-util.c (change_pin): free answer on errors (ask_card_keyattr): free answer on error * g10/cpr.c (do_get_from_fd): free string * g10/gpg.c (check_permissions): free dir on weird error * g10/import.c (append_new_uid): release knode * g10/keyedit.c (menu_set_keyserver_url): free answer (menu_set_keyserver_url): free user * g10/keygen.c (print_status_key_not_created): move allocation after sanity check (ask_expire_interval): free answer (card_store_key_with_backup): goto leave instaed of return * g10/keyserver.c (parse_keyserver_uri): goto fail instead of return * g10/revoke.c (gen_desig_revoke): release kdbhd (gen_desig_revoke): free answer * g10/tofu.c (ask_about_binding): free sqerr and response * g10/trustdb.c (ask_ownertrust): free pk -- Signed-off-by: Jakub Jelen <[email protected]> Further changes: * g10/card-util.c (change_pin): Do not set answer to NULL. * g10/keyedit.c(menu_set_keyserver_url): Use !func() pattern. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 5393
* dirmgr: clean up memory on error code pathsJakub Jelen2021-05-204-6/+16
| | | | | | | | | | | | * dirmgr/crlcache.c (finish_sig_check): goto leave instead of return * dirmgr/http.c (send_request): free authstr and proxy_authstr * dirmgr/ldap.c (start_cert_fetch_ldap): free proxy * dirmgr/ocsp.c (check_signature): release s_hash -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* agent: Avoid memory leaks in error code paths.Jakub Jelen2021-05-206-8/+23
| | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_genkey): Use goto instead of return. * agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto. * agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct pointer (agent_genkey): Release memory * agent/gpg-agent.c (check_own_socket): Free sockname * agent/protect-tool.c (read_key): Free buf. (agent_askpin): Free passphrase -- Signed-off-by: Jakub Jelen <[email protected]> Changed original patch to not add a free before a GPG_ERR_BUG. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 5393
* dirmngr: For KS_SEARCH return the fingerprint also with LDAP.Werner Koch2021-05-191-48/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (extract_keys): Return the fingerprint if available. (ks_ldap_search): Ditto. (extract_keys): Make sure to free the ldap values also in corner cases. (my_ldap_value_free): New. (ks_ldap_get): Ditto. (ks_ldap_search): Ditto. (my_ldap_connect): Ditto. -- For background see these comments from gpgme: /* The output for external keylistings in GnuPG is different from all the other key listings. We catch this here with a special preprocessor that reformats the colon handler lines. */ /* The format is: pub:<keyid>:<algo>:<keylen>:<creationdate>:<expirationdate>:<flags> as defined in 5.2. Machine Readable Indexes of the OpenPGP HTTP Keyserver Protocol (draft). Modern versions of the SKS keyserver return the fingerprint instead of the keyid. We detect this here and use the v4 fingerprint format to convert it to a key id. We want: pub:o<flags>:<keylen>:<algo>:<keyid>:<creatdate>:<expdate>:::::::: */ Regarding the freeing of values: I was not able to find a specification stating it is okay to pass NULL to ldap_value_free, thus the new wrapper. Also add robustness measures in case ldap_get_value returns an empty array. GnuPG-bug-id: 5441 Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve speed of secret key listing.Werner Koch2021-05-196-53/+244
| | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_keyinfo): Factor some code out to ... (get_keyinfo_on_cards): ... new. (cmd_havekey): Add --list mode. * g10/gpg.h (struct server_control_s): Add new caching vars. * g10/gpg.c (gpg_deinit_default_ctrl): Release cache. * g10/call-agent.c (agent_probe_any_secret_key): Init and try to use the keygrip cache. (agent_genkey): Clear the cache. (agent_import_key): Ditto. * g10/keylist.c (list_all, list_one): Pass ctrl to agent_probe_any_secret_key. * g10/getkey.c (lookup): Ditto. -- With this change we first ask the agent for a list of all secret keygrips and use that list instead of asking the agent for each public key. Speeds up my "gpg -K" with a lot of secret and public keys by more than 25%. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.Werner Koch2021-05-181-75/+21
| | | | | | | | | | * g10/call-dirmngr.c (record_output): Rewrite. -- Thou shalt not percent-escape for C-unescaping. Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7 Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Fix logic for appending product name to MANUFACTURER.Ingo Klöcker2021-05-181-2/+2
| | | | | | * scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if manufacturer_id does not already contain a bracket and if we have a product name.
* gpg: Use a more descriptive prompt for symmetric decryption.Werner Koch2021-05-178-18/+34
| | | | | | | | | | | | | | | | | | | | | * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New. (passphrase_to_dek_ext): Remove this obsolete prototype. * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag value. (passphrase_to_dek): Add arg flags and pass it on. * g10/mainproc.c (proc_symkey_enc): Use new flag. * sm/decrypt.c (pwri_decrypt): Use "passphrase". -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b) Note that we keep on using the term "passphrase" although "password" would be better. There are however so many occurance of this and given it is a bike shedding topic we fix that in the PO files. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: LDAP search by a mailbox now ignores revoked keys.Werner Koch2021-05-171-1/+2
| | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked and disable keys in mail mode. -- The LDAP schema has a revoked and a disabled flag. The former will be set if a revoked key is uploaded; the latter can be set by other means. With this change a search by mailbox does not anymore return keys with these LDAP attributes set. This allows to better maintain a directory with multiple keys per mailbox. Doing the same for expired keys could also be done but requires more effort. Signed-off-by: Werner Koch <[email protected]>
* sm: Ask for the password for password based decryption (pwri)Werner Koch2021-05-173-6/+25
| | | | | | | | | | | | | | | * sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase. * sm/export.c (export_p12): Mark string as translatable. * sm/import.c (parse_p12): Ditto. -- This is finishes the support for PWRI. The N_() marks are added so that we don't rely of the side-effect of having the same strings in protect-tool.c Signed-off-by: Werner Koch <[email protected]>
* sm: Support decryption of password based encryption (pwri)Werner Koch2021-05-141-25/+415
| | | | | | | | | | | | | | | * sm/decrypt.c (pwri_parse_pbkdf2): New. (pwri_decrypt): New. (prepare_decryption): Support pwri. (gpgsm_decrypt): Test for PWRI. Move IS_DE_VS flag to DFPARM. -- Note that this is not finished because we need to implement a password callback. For now "abc" is used as passwort. Latest libksba is also required to return the required info. Signed-off-by: Werner Koch <[email protected]>
* scd: Remove wrong assertion and add protection to PCSC.COUNT.NIIBE Yutaka2021-05-141-1/+2
| | | | | | | * scd/apdu.c (apdu_dev_list_finish): Fix for calling release_pcsc_context. Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 10:18:54 +0000