aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* card: Run factory-reset in locked stated.Werner Koch2020-11-094-17/+58
| | | | | | | | | | | | | | | | * scd/command.c (reset_notify): Add option --keep-lock. (do_reset): Add arg keep_lock. (cmd_lock): Send progress status. * g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs. * g10/card-util.c (send_apdu): Ditto. (factory_reset): Use lock commands. -- This is required so that for example Kleopatra does not detect the RESET and issues a SERIALNO of its own, thus conflicting with our SERIALNO undefined. Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not print rejected digest algo notes with --quiet.Werner Koch2020-11-091-1/+5
| | | | | | | | | * g10/misc.c (print_digest_rejected_note): Do not print in quiet mode. (print_sha1_keysig_rejected_note): Ditto. -- GnuPG-bug-id: 4893 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix SOS handling when exporting SSH key with libgcrypt 1.8.NIIBE Yutaka2020-11-091-10/+35
| | | | | | | | | * g10/export.c (key_to_sshblob): Fix SOS correctly. -- GnuPG-bug-id: 5116 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix SOS handling with libgcrypt 1.8.NIIBE Yutaka2020-11-091-2/+19
| | | | | | | | | * agent/cvt-openpgp.c (apply_protection): Handle opaque MPI. -- GnuPG-bug-id: 5116 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Minor tweaks to the new genpin inquiry.Werner Koch2020-11-061-43/+53
| | | | | | | | | | | | | | | | | | | | | | * agent/call-pinentry.c (generate_pin): Use STRING random which is sufficient for a passphrase. (inq_cb): s/rc/err/. Do not print two errors in case generate_pin fails. Lowercase strings as per GNU standards. (setup_genpin): Fix translation test. (setup_qualitybar): Ditto. -- Our policy is to use VERY_STRONG for a long term public key but not for symmetric keys. The GNU standards to demand that strings start with a lowercase because that seems to be needed if it follows a prefix of for example "gpg:". I don't actually like this becuase we need different strings in interactive and standard mode but the majory of strings in GnuPGare written this way. If a translation is necessary it can be done with an en_GB or so locale. Signed-off-by: Werner Koch <[email protected]>
* agent: Add genpin inquiry for pinentryAndre Heinecke2020-11-061-8/+116
| | | | | | | | | | | | | | | * agent/call-pinentry.c (agent_get_passphrase): Setup genpin. (do_getpin): Update with new name for inquire callback. (inq_quality): Rename to inq_cb and add genpin support. (inq_cb): Renamed form inq_quality. (generate_pin): New helper to generate a pin. (agent_askpin): Fix some typos. (setup_genpin): Provide new strings for pinentry. -- This implements the gpg-agent side for generating a pin especially for symmetric encryption using libgcrypt randomness and checking it against the gpg-agent constraints.
* gpg: Add canceled status message.Ben Kibbey2020-11-052-1/+2
| | | | | | | | | | | | * common/status.h (STATUS_CANCELED_BY_USER): New. * g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER instead of STATUS_MISSING_PASSPHRASE when canceled is set. -- This is to prevent further pinentry tries when the pinentry is canceled by the user during symmetric decryption. Signed-off-by: Ben Kibbey <[email protected]>
* scd: Use lock_slot for apdu_send_direct.NIIBE Yutaka2020-11-051-1/+1
| | | | | | | | | | | | | * scd/apdu.c (apdu_send_direct): Use lock_slot. -- With trylock_slot, it may return SW_HOST_BUSY. This may occur when apdu_get_status is called by scd_update_reader_status_file. Simply using lock_slot is much easier for user of apdu_send_direct. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver: Fix a race condition on close.NIIBE Yutaka2020-11-051-12/+25
| | | | | | | | | | | | | | | | | | | | | * scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader, return 0 only at the initial call. (bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking the loop, to invoke scd_update_reader_status_file, which calls ccid_slot_status again. (ccid_slot_status): Move the call of ccid_vendor_specific_setup to... (ccid_get_atr): ... here. -- For readers with interrupt transfer support, it is only intr_cb which sets handle->powered_off to 1. Keeping this condition makes no race. The function ccid_slot_status can also detect a communication error, which causes apdu_close_reader (but not setting ->powered_off). GnuPG-bug-id: 5121 Fixes-commit: 920f258eb6018ecec1d63bad6a0fb0772f72affa Signed-off-by: NIIBE Yutaka <[email protected]>
* speedo,w32: Install gpg-check-pattern and example profiles.Werner Koch2020-11-045-3/+40
| | | | | | | | | | | | | | | | | | | * doc/examples/vsnfd.prf: Rename to VS-NfD.prf. * doc/examples/Automatic.prf: New. * doc/Makefile.am (examples): Adjust. * build-aux/speedo/w32/inst.nsi: Install gpg-check-pattern.exe and 3 example files. * build-aux/speedo/w32/wixlib.wxs: Add new files. -- Note that we renamed the existing example profile so that kleopatra shows a nicer name. In fact the gpg4win installer just copies of theses file but it is better to maintain them here. gpg-check-pattern.exe can no be installed because we meanwhile have a regex lib which works also on Windows. Signed-off-by: Werner Koch <[email protected]>
* g13: Include a now missing header file.Werner Koch2020-11-041-0/+1
| | | | | | | | | * g13/create.c: Include sysutuls.h -- This is needed due to the recent switch from stat to gnupg_stat. Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Make sure the homedir exists for --apply-profile.Werner Koch2020-11-041-0/+4
| | | | | | | | | | | | | | * tools/gpgconf.c (main) <aApplyDefaults, aApplyProfile>: Create the standard home directory. -- This fixes a regression due to the fix for GnuPG-bug-id: 4867 Before that change gpgsm implictly created the homedir while options were collected. It is important to have this so that a login script can create config files for new users. Signed-off-by: Werner Koch <[email protected]>
* common: Fix duplicate implementation of try_make_homedir.Werner Koch2020-11-045-48/+42
| | | | | | | | | | | * g10/openfile.c (try_make_homedir): Move core of the code to ... * common/homedir.c (gnupg_maybe_make_homedir): new. * sm/keydb.c (try_make_homedir): Implement using new function. * common/homedir.c: Include i18n.h. * po/POTFILES.in: Add common/homedir.c. Signed-off-by: Werner Koch <[email protected]>
* w32: Add another pinentry search pathAndre Heinecke2020-11-041-0/+2
| | | | | | | | | | | | * common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe -- In an installation layout where GnuPG is installed as a component of another software it might be useful to have pinentry placed in a different bin directory without the forced folder name of Gpg4win. (cherry picked from commit b4cb91d5fbe2b8917d76d12eb72aaac0d97ed596)
* w32: Add windows subsystem variant of gpgconfAndre Heinecke2020-11-042-0/+9
| | | | | | | | | | | | | * tools/Makefile.am (gpgconf-w32): New target. Builds gpgconf with subsystem windows. * build-aux/speedo/w32/wixlib.wxs: Package it. -- This allows us to create scripts that call gpgconf without opening a console. Using subsystem windows is better then to just close the console after start as it avoids the console flashing up. (cherry picked from commit c366e04958481382c3f7b50f169120053186069b)
* w32: Fix strftime problem on Windows.Werner Koch2020-11-031-2/+31
| | | | | | | | | * common/gettime.c: Include locale.h. (asctimestamp): Increase buffer. On Windows use setlocale. -- GnuPG-bug-id: 5073 Signed-off-by: Werner Koch <[email protected]>
* gpg: Switch to AES256 for symmetric encryption in de-vs mode.Werner Koch2020-11-032-4/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs mode. * g10/encrypt.c (setup_symkey): Add extra compliance check. (encrypt_simple): Avoid printing a second error oncplinace failure. -- Because we used the RFC4880 mode as base for the de-vs mode we got 3DES as symmetric encryption algorithm. With the default gnupg mode that was already used. The new extra compliance checks are added to detect whether a --personal-cipher-preference or --cipher-algo option tried to override the algorithms. They are still possible but now non-compliant algorithms will throw an error. Manual testing can be done with commands like this: gpg --no-options --compliance=de-vs \ --personal-cipher-preferences "S1 S7" \ --pinentry-mode loopback -v --passphrase abc -ac </etc/motd Here the command fails due to IDEA (S1) being the preferred cipher algorithm. Using "--s2k-digest-algo SHA1" instead of --personal-cipher-preferences will also fail. Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow setting notations with the empty string as value.Werner Koch2020-11-022-0/+10
| | | | | | | | | | | | | | | * g10/misc.c (pct_expando): Catch special case of the empty string. Also map a NULL to the empty string. * g10/photoid.c (show_photos): Make an empty string used as command fail. -- This patch also fixes a segv when calling gpg wrongly like gpg -N \[email protected] GnuPG-bug-id: 5117 Signed-off-by: Werner Koch <[email protected]>
* build: Remove m4 macro defs which are not anymore used.Werner Koch2020-11-022-166/+0
| | | | | | | | | | | * configure.ac (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Do not use. * acinclude.m4 (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Remove unused macro defs. (GNUPG_CHECK_FAQPROG): Ditto. (GNUPG_CHECK_DOCBOOK_TO_TEXI): Ditto. (GNUPG_CHECK_MLOCK): Ditto. Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not use weak digest algos if selected by recipient prefs.Werner Koch2020-11-024-19/+31
| | | | | | | | | | | | | | | | | | | | | | | * g10/misc.c (is_weak_digest): New. (print_digest_algo_note): Use it here. * g10/sig-check.c (check_signature_end_simple): Use it. * g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in the least of weak digest algorithm. -- If a message is signed and encrypted to several recipients, the to be used digest algorithm is deduced from the preferences of the recipient. This is so that all recipients are able to check the the signature. However, if the sender has a declared an algorithm as week, that algorithm shall not be used - in this case we fallback to the standard way of selecting an algorithm. Note that a smarter way of selecting the algo is to check this while figuring out the algorithm - this needs more testing and thus we do it the simple way. Reported-by: Phil Pennock Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix iteration over signaturesIngo Klöcker2020-11-021-1/+1
| | | | | | | * g10/keyedit.c (keyedit_quick_revsig): Take signature of correct node -- GnuPG-bug-id: 5093
* kbx: Don't put zero-byte for ECC.NIIBE Yutaka2020-11-021-17/+18
| | | | | | * kbx/keybox-openpgp.c (parse_key): Only put zero for non-ECC. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix debug output for key_check_all_keysigs with opaque MPI.NIIBE Yutaka2020-11-021-3/+13
| | | | | | * g10/key-check.c (key_check_all_keysigs): Handle opaque MPI. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix check_signature2 for opaque MPI.NIIBE Yutaka2020-11-021-2/+21
| | | | | | * g10/sig-check.c (check_signature2): Handle the case of opaque MPI. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Change the API for checksum to use const qualifier.NIIBE Yutaka2020-11-022-2/+2
| | | | | | | * g10/main.h (checksum): Use const. * g10/misc.c (checksum): Use const. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix counting buffer size in check_signature2.NIIBE Yutaka2020-11-021-1/+1
| | | | | | * g10/sig-check.c (check_signature2): Use GCRYMPI_FMT_PGP. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix SOS handling with libgcrypt version <= 1.8.NIIBE Yutaka2020-10-301-0/+19
| | | | | | | | | | * g10/misc.c (checksum_mpi): Don't depend new feature of gcry_mpi_print which supports opaque MPI. -- GnuPG-bug-id: 5116 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix first zero-byte case for SOS handling.NIIBE Yutaka2020-10-302-2/+2
| | | | | | | | | | * g10/export.c (transfer_format_to_openpgp): Check the first byte. * g10/pkglue.c (sexp_extract_param_sos): Likewise. -- GnuPG-bug-id: 5116 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New command --quick-revoke-sigWerner Koch2020-10-287-9/+288
| | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig. (opts): Add --quick-revoke-sig. (main): Implement. * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and adjust all callers. (keyedit_quick_revsig): new. * g10/revoke.c (get_default_sig_revocation_reason): New. * g10/keylist.c (cmp_signodes): Make global. -- GnuPG-bug-id: 5093
* gpg: Sort the signatures in standard key listings.Werner Koch2020-10-277-142/+247
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add "sort-sigs". (main): Make it the default. * g10/options.h (LIST_SORT_SIGS): New. * g10/keylist.c (cmp_signodes): New. (list_keyblock_print): Sort signatures and factor signature printing code out to ... (list_signature_print): new. -- In particular together with --full-timestamps this makes it easier to see the history of key signatures and their revocations. The self-signatures are also printed first. To disable this --list-options no-sort-sigs can be used. Also don't print the annoying "no recocation reason specified" message. Signed-off-by: Werner Koch <[email protected]>
* scd: Handle canonical serialno and app specific serialno differently.NIIBE Yutaka2020-10-273-8/+9
| | | | | | | | | | | | | | | * scd/app-common.h (card_get_serialno): Add IS_CANONICAL arg. * scd/app.c (app_send_devinfo): Use app specific serialno. (card_get_serialno): Support two different cases. (app_get_serialno): Return app specific serialno. (send_serialno_and_app_status): Return canonical serialno. * scd/command.c (cmd_serialno): Return app specific serialno. (cmd_learn): Return canonical serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Make call to agent_scd_serialno more robust.Werner Koch2020-10-262-5/+6
| | | | | | | | | | | * g10/call-agent.c (agent_scd_serialno): Make sure that NULL is stored on error at r_serialno. * g10/card-util.c (card_status): Simplify freeing of seriaono. (factory_reset): Ditto. -- This pattern is what we use with other functions returning an allocated string and thus less surprising.
* g10,sm: Use gnupg_access at two more placesWerner Koch2020-10-262-2/+2
| | | | --
* scd: Flush the cache when writing cert data object.NIIBE Yutaka2020-10-261-0/+1
| | | | | | | | | | * scd/app-piv.c (do_writecert): Flush the cache of the data object. -- Suggested-by: Ingo Klöcker GnuPG-bug-id: 5102 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix double free on error.NIIBE Yutaka2020-10-261-1/+2
| | | | | | * g10/card-util.c (card_status): Check an error return. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,tools: Fix detecting OpenPGP card by serialno.NIIBE Yutaka2020-10-262-7/+6
| | | | | | | | | | | | | * tools/gpg-card.c (list_openpgp): Use ->apptype to determine card's APP. * g10/card-util.c (get_info_for_key_operation): Likewise. (current_card_status): Even if its SERIALNO is not like OpenPGP card, it's OpenPGP card when app says so. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver thing only for SPR532.NIIBE Yutaka2020-10-261-6/+14
| | | | | | | | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit only for SPR532, excluding other readers by SCM. (ccid_slot_status): Use ccid_vendor_specific_setup. -- We follow the setup procedure of libccid implementation, which sends the escape command for SPR532 only. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Internal CCID driver limiting only for SPR532.NIIBE Yutaka2020-10-241-1/+1
| | | | | | | * scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for SPR532. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Allow building with released libgpg-error.Werner Koch2020-10-233-8/+12
| | | | | | | | * common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt. -- Fixes-commit: c94ee1386e0d5cdac51086c4d5b92de59c09c9b5 Signed-off-by: Werner Koch <[email protected]>
* scd: Handle Yubikey's multiple apps and serialno.NIIBE Yutaka2020-10-233-7/+72
| | | | | | | | | | | | | | * scd/app-common.h (yubikey_get_serialno): New. * scd/app-openpgp.c (yubikey_get_serialno): New. * scd/app.c (card_get_serialno): Use OpenPGP app's serialno, when it's enabled for Yubikey. (send_serialno_and_app_status): Use card_get_serialno, not directly accessing ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use app_get_serialno for app_getattr.NIIBE Yutaka2020-10-231-1/+1
| | | | | | | | | * scd/app.c (app_getattr): Use app_get_serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't overwrite serialno for Yubikey.NIIBE Yutaka2020-10-231-3/+10
| | | | | | | | | * scd/app-openpgp.c (app_select_openpgp): Keep ->serialno. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,openpgp: Use app_get_serialno function to get SERIALNO.NIIBE Yutaka2020-10-231-16/+17
| | | | | | | | | | * scd/app-openpgp.c (check_keyidstr): Don't directly access app->serialno, but use app_get_serialno. (do_with_keygrip): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: New functions gnupg_opendir et al.Werner Koch2020-10-219-43/+217
| | | | | | | | | | | * common/sysutils.h (struct gnupg_dirent_s): New. * common/sysutils.c: Include dirent.h. (struct gnupg_dir_s): New. (gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all callers of opendir, readdir, and closedir to use these functions. -- GnuPG-bug-id: 5098
* w32: Make gnupg_remove and gnupg_rename_file Unicode awareWerner Koch2020-10-211-3/+33
| | | | | | | | | * common/sysutils.c (w32_rename): New. (gnupg_rename_file) [W32]: Support Unicode. (gnupg_remove) [W32]: Support Unicode. Drop Windows-CE support. -- GnuPG-bug-id: 5098
* Replace all calls to stat by gnupg_stat.Werner Koch2020-10-2022-33/+82
| | | | | | | | | | | * common/sysutils.c (gnupg_stat): New. * common/sysutils.h: Include sys/stat.h. -- Yet another wrapper for Unicode support on Windows. GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <[email protected]>
* Replace most calls to open by a new wrapper.Werner Koch2020-10-208-26/+79
| | | | | | | | | | | | * common/sysutils.c (any8bitchar) [W32]: New. (gnupg_open): New. Replace most calls to open by this. * common/iobuf.c (any8bitchar) [W32]: New. (direct_open) [W32]: Use CreateFileW if needed. -- This is yet another step for full Unicode support on Windows. GnuPG-bug-id: 5098
* w32: Allow Unicode filenames for dotlockWerner Koch2020-10-202-27/+192
| | | | | | | | | | | | * common/dotlock.c (any8bitchar) [W32]: New. (dotlock_create_w32): Use strconcat and CreateFileW. * common/t-dotlock.c: Source include dotlock.c and modify to allow manual testing on Windows. -- GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <[email protected]>
* Replace most of the remaining stdio calls by estream calls.Werner Koch2020-10-2023-216/+220
| | | | | | | | | | | | -- We need to use es_fopen on Windows to cope with non-ascii file names. This is quite a large but fortunately straightforward change. At a very few places we keep using stdio (for example due to the use of popen). GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <[email protected]>
* Replace all calls to access by gnupg_accessWerner Koch2020-10-2028-128/+151
| | | | | | | | | | | | | | | | * common/sysutils.c (gnupg_access): New. Replace all calls to access by this wrapper. * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8 directory name. (standard_homedir): Adjust for change. (w32_commondir, gnupg_cachedir): Ditto. -- Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows. This is required to correctly handle non-ascii filenames on Windows. GnuPG-bug-id: 5098
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 16:31:42 +0000