aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpgconf: Extend --show-config to show envvars.Werner Koch2021-11-171-19/+112
| | | | | | | | | * tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain things. (show_configs_one_file): New arg LISTP to be passed thru. (show_configs): Show envars and regisiry values. Signed-off-by: Werner Koch <[email protected]>
* common,w32: New function read_w32_reg_string.Werner Koch2021-11-173-179/+65
| | | | | | | * common/w32-reg.c (get_root_key): Remove. (read_w32_registry_string): Turn into a wrapper for the gpgrt function. (read_w32_reg_string): New.
* sm: Detect circular chains in --list-chain.Werner Koch2021-11-151-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/keylist.c (list_cert_chain): Break loop for a too long chain. -- This avoids endless loops in case of circular chain definitions. We use such a limit at other palces as well. Example for such a chain is # ------------------------ >8 ------------------------ ID: 0xBE231B05 S/N: 51260A931CE27F9CC3A55F79E072AE82 (dec): 107864989418777835411218143713715990146 Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53 sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05 md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6 pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678 certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82 keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9 notBefore: 2005-06-07 08:09:10 notAfter: 2019-06-24 19:06:30 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A authKeyId: [none] authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F [...] Certified by ID: 0xCE2E4C63 S/N: 46EAF096054CC5E3FA65EA6E9F42C664 (dec): 94265836834010752231943569188608722532 Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73 sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63 md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27 pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840 certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664 keygrip: 10678FB5A458D99B7692851E49849F507688B847 notBefore: 2005-06-07 08:09:10 notAfter: 2020-05-30 10:48:38 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F authKeyId: [none] authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A keyUsage: certSign crlSign [...] Which has a circular dependency on subKeyId/authkeyId.ki.
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Print the non-option warning earlier.Werner Koch2021-11-141-10/+10
| | | | | | | | * agent/gpg-agent.c (main): Move detection up. -- The problem is that PARGS is re-used and when detecting a possible incorrect use, the flag that "--" has already been seen has gone.
* Update release signing keysWerner Koch2021-11-131-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- The last key is new. As usual the key is on a dedicated card with the Admin PIN accessible to a few core hackers. # ------------------------ >8 ------------------------ pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15] 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) uid Andre Heinecke (Release Signing Key) sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <[email protected]> pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid Werner Koch (dist signing 2020) sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020) sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig) sig 63113AE866587D0A 2020-08-24 [email protected] sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing) sig F2AD85AC1E42B367 2020-08-24 Werner Koch <[email protected]> pub ed25519 2021-05-19 [SC] [expires: 2027-04-04] AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD uid Niibe Yutaka (GnuPG Release Key) sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key) sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <[email protected]> sig E267B052364F028D 2021-09-14 NIIBE Yutaka <[email protected]> pub brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31] 02F38DFF731FF97CB039A1DA549E695E905BA208 uid GnuPG.com (Release Signing Key 2021) sig 3 549E695E905BA208 2021-10-15 GnuPG.com (Release Signing Key 2021) sig 528897B826403ADA 2021-10-15 Werner Koch (dist signing 2020) sig E3FDFF218E45B72B 2021-10-15 Werner Koch (wheatstone commit signing)
* gpg: Remove stale ultimately trusted keys from the trustdb.Werner Koch2021-11-137-18/+73
| | | | | | | | | | | | | | | | * g10/tdbdump.c (export_ownertrust): Skip records marked with the option --trusted-key. (import_ownertrust): Clear the trusted-key flag. * g10/tdbio.h (struct trust_record): Add field flags. * g10/tdbio.c (tdbio_dump_record): Improve output. (tdbio_read_record, tdbio_write_record): Handle flags. * g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set the flag for new --trusted-keys. (tdb_update_ownertrust): Add arg as_trusted_key. Update callers. -- GnuPG-bug-id: 5685 Signed-off-by: Werner Koch <[email protected]>
* keyboxd: New option --steal-socket.Werner Koch2021-11-131-8/+20
| | | | | | | | | * kbx/keyboxd.c (oStealSocket): New const. (opts): Add option. (steal_socket): New file global flag. (main): Set option. (create_server_socket): Implement option. --
* agent,dirmngr: New option --steal-socketWerner Koch2021-11-133-9/+41
| | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. (create_server_socket): Implement option. * dirmngr/dirmngr.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. Add comment to eventually implement it. -- Note that --steal-socket has currently no effect on dirmngr because dirmngr does this anway. Signed-off-by: Werner Koch <[email protected]>
* doc: Clarify the "ntds" AKL mechanism.Werner Koch2021-11-121-1/+3
| | | | --
* gpg: Don't use malloc for kek_params.NIIBE Yutaka2021-11-121-8/+5
| | | | | | | | | * g10/ecdh.c (pk_ecdh_default_params): Use stack for kek_params. -- GnuPG-bug-id: 5393 Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: Avoid use of uninitialized value.Jakub Jelen2021-11-121-2/+2
| | | | | | | | | | | | * kbx/backend-kbx.c (be_kbx_search): Initialize skipped_long_blobs value which is passed to keybox_search and incremented there. (be_kbx_seek): Likewise. -- GnuPG-bug-id: 5393 Co-authored-by: NIIBE Yutaka <[email protected]> Signed-off-by: Jakub Jelen <[email protected]>
* gpg: Avoid uninitialized revkey.fprlen.Jakub Jelen2021-11-121-0/+2
| | | | | | | | | | * g10/keygen.c (parse_revocation_key): Store the fingerprint length in created structure. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* agent: Avoid uninitialized buffer.Jakub Jelen2021-11-121-1/+1
| | | | | | | | | | | * agent/sexp-secret.c (fixup_when_ecc_private_key): Initialize buffer to avoid its use on unexpected inputs. -- GnuPG-bug-id: 5393 Co-authored-by: NIIBE Yutaka <[email protected]> Signed-off-by: Jakub Jelen <[email protected]>
* agent: Correctly free memory on error path.Jakub Jelen2021-11-121-1/+4
| | | | | | | | | * agent/protect.c (merge_lists): Free memory on error. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* scd: Avoid memory leak.Jakub Jelen2021-11-121-0/+1
| | | | | | | | | * scd/command.c (cmd_readkey): Free allocated memory on failure path. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* tools: Avoid memory leak from gpgspilt.Jakub Jelen2021-11-121-0/+1
| | | | | | | | | * tools/gpgsplit.c (write_part): Free memory when no longer needed. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* gpg-pair-tool: Fix typos in protocol description.Jakub Jelen2021-11-121-7/+7
| | | | | | | -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* wks: Do not mark key files as executableBernhard M. Wiedemann2021-11-091-1/+1
|
* wks: Allow access to newly created dirsBernhard M. Wiedemann2021-11-091-2/+2
|
* gpg: Fix indentation of --print-mds and --print-md sha512.Werner Koch2021-11-041-4/+4
| | | | | | | * g10/gpg.c (print_hex): Fix indentation. -- GnuPG-bug-id: 5679
* gpgconf: New command --show-configs.Werner Koch2021-11-041-5/+155
| | | | | | | | | | | | | | | | | | * tools/gpgconf.c (aShowConfigs): New. (opts): Add --show-configs. (CUTLINE_FMT): New. (show_version_gnupg): Add arg "prefix" and adjust caller. (my_copy_file): New. (show_configs_one_file): New.New. (show_configs): New. (main): Call show_configs. -- The ability to have a consolidated list of all config files is very useful for support cases. This is in particular important due to the global config files and their conditional constructs. Signed-off-by: Werner Koch <[email protected]>
* scd: Add new OpenPGP card vendor.Werner Koch2021-11-041-0/+1
| | | | --
* gpgconf: Allow changing gpg's deprecated keyserver optionikloecker/t5462Ingo Klöcker2021-11-031-0/+1
| | | | | | | | | | * tools/gpgconf-comp.c (known_options_gpg): Add "keyserver". -- This allows Kleopatra to read and change the keyserver that is used by gpg if the deprecated keyserver option in gpg.conf is set. GnuPG-bug-id: 5462
* scd: Simplify the loop of DEVINFO.NIIBE Yutaka2021-11-021-11/+5
| | | | | | | | * scd/app.c (app_send_devinfo): Factor out lock/unlock. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix the previous commit.NIIBE Yutaka2021-10-291-5/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Modify DEVINFO behavior to support looping forever.NIIBE Yutaka2021-10-293-79/+104
| | | | | | | | | | | | | | | | | | | | | * scd/app.c (struct mrsw_lock): Add notify_cond member. (notify_cond): Remove. (card_list_r_lock, card_list_r_unlock): Rename. (card_list_w_lock, card_list_w_unlock): Rename. (card_list_signal, card_list_wait): New, fixing thinko about notify/wakeup with MRSW lock. (app_send_devinfo): Support looping. (select_application): Notify app_send_devinfo thread for newly detected device. (initialize_module_command): Initialize notify_cond member. (app_wait): Remove. * scd/command.c (cmd_devinfo): Use new API of app_send_devinfo. * scd/scdaemon.h (app_wait): Remove. -- GnuPG-bug-id: 5359 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Support MYPROC_SELF_EXE for SolarisWerner Koch2021-10-272-1/+3
| | | | | | | * common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS. -- GnuPG-bug-id: 5671
* gpg: Fix printing of binary notations.Werner Koch2021-10-221-2/+6
| | | | | | | * g10/keylist.c (show_notation): Print binary notation from BDAT. -- GnuPG-bug-id: 5667
* common: Silence warning from unix_rootdir on systems w/o /procWerner Koch2021-10-201-4/+6
| | | | | | | | | * common/homedir.c (unix_rootdir): Silence diagnostic in the common case. (MYPROC_SELF_EXE): Support NetBSD. -- GnuPG-bug-id: 5656
* common,w32: Do not always print "Garbled console data" warning.Werner Koch2021-10-201-2/+8
| | | | | * common/init.c (_init_common_subsystems): Silence message. --
* dns: Make reading resolv.conf more robust.NIIBE Yutaka2021-10-151-1/+6
| | | | | | | | | | * dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which begins with '.'. -- GnuPG-bug-id: 5657 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New option --override-compliance-checkWerner Koch2021-10-134-12/+56
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oOverrideComplianceCheck): New. (opts): Add new option. (main): Set option and add check for batch mode. * g10/options.h (opt): Add flags.override_compliance_check. * g10/sig-check.c (check_signature2): Factor complaince checking out to ... (check_key_verify_compliance): this. Turn error into a warning in override mode. -- There is one important use case for this: For systems configured globally to use de-vs mode, Ed25519 and other key types are not allowed because they are not listred in the BSI algorithm catalog. Now, our release signing keys happen to be Ed25519 and thus we need to offer a way for users to check new versions even if the system is in de-vs mode. This does on purpose not work in --batch mode so that scripted solutions won't accidently pass a signature check. GnuPG-bug-id: 5655
* Post release updatesWerner Koch2021-10-122-1/+7
| | | | --
* Release 2.3.3gnupg-2.3.3Werner Koch2021-10-121-1/+29
|
* speedo: Put the keyboxd into the Windows installerWerner Koch2021-10-123-6/+18
| | | | | | * build-aux/speedo/w32/inst.nsi: Install keyboxd. * Makefile.am (sign-release): Sign the wixlib only if generated. * autogen.rc: Remove meanwhile obsolete option --with-regex.
* tests: New way to make use of gpgconf.ctl in tests.Werner Koch2021-10-129-55/+61
| | | | | | | | | | | | | | | | | | | | | | | * Makefile.am (all-local): New to setup symlinks. (distclean-local): New. * tests/Makefile.am: Remove the gpgconf related targets. Just keep gpgconf.ctl.in in EXTRA_DIST * tests/cms/Makefile.am (GNUPG_BUILD_ROOT): * tests/gpgme/Makefile.am (GPGSCM_PATH): * tests/openpgp/Makefile.am (GNUPG_BUILD_ROOT): * tests/pkits/Makefile.am (GNUPG_BUILD_ROOT): * tests/tpm2dtests/defs.scm (tools): Revert to the former values. * tests/openpgp/defs.scm (tools): Ditto. -- This Fixes-commit: 399ebf6d873d4178c1d527aa4df34bf16a76360e Fixes-commit: 84fcd8e6eb7e0786399e1f6461c3f60b0db2d070 because we ran into problems with the idea of first doing a test-install for the checks. "make distcheck" turned out to be too problematic. Symlinks are a better way of doing this. Also fixes GnuPG-bug-id: 5634
* build: Let the release target also sign the wixlib.Werner Koch2021-10-111-1/+3
| | | | --
* Do not build keyxboxd if sqlite has been disabled.Werner Koch2021-10-101-1/+4
| | | | | | | * configure.ac: Move clearing of build_keyboxd out of the conditional. -- GnuPG-bug-id: 5588
* common: Respect gpgconf.ctl when looking up translationsIngo Klöcker2021-10-062-4/+4
| | | | | | | | | | | | | * common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR. (i18n_localegettext): Ditto. * tools/gpgconf-comp.c (my_dgettext): Ditto. -- On Unix, gnupg_localedir() returns the locale directory relative to the root directory of the gnupg installation if specified in the gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR. GnuPG-bug-id: 5999
* dirmngr: New option --ignore-certWerner Koch2021-10-065-7/+98
| | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen. (opt): Add field ignored_certs. * dirmngr/dirmngr.c: Add option --ignore-cert (parse_rereadable_options): Handle that option. (parse_ocsp_signer): Rename to ... (parse_fingerprint_item): this and add two args. * dirmngr/certcache.c (put_cert): Ignore all to be igored certs. Change callers to handle the new error return. -- This option is useful as a workaround in case we ill run into other chain validation errors like what we fixed in GnuPG-bug-id: 5639
* dirmngr: Fix Let's Encrypt certificate chain validation.Werner Koch2021-10-061-8/+31
| | | | | | | | | | | | * dirmngr/certcache.c (find_cert_bysubject): Return the first trusted certififcate if any. -- This is basically the same as using OpenSSL with ist X509_V_FLAG_TRUSTED_FIRST flag. See https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ GnuPG-bug-id: 5639
* agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.NIIBE Yutaka2021-10-059-13/+13
| | | | | | | | | | | | | | | | * agent/findkey.c (unprotect): Use gnupg_sleep. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/crlfetch.c (handle_connections): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * tpm2d/tpm3daemon.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * scd/command.c (cmd_lock): Likewise. * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise. (ldap_wrapper_wait_connections): Use gnupg_usleep. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix calibrate_get_time use of clock_gettime.NIIBE Yutaka2021-10-051-1/+22
| | | | | | | | | | | * agent/protect.c (USE_CLOCK_GETTIME): New macro. (calibrate_get_time): Only use clock_gettime if USE_CLOCK_GETTIME. -- GnuPG-bug-id: 5623 Fixes-commit: 380bce13d94ff03c96e39ac1d834f382c5c730a1 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Use the new gpgconf.ctl based method.Werner Koch2021-10-013-46/+33
| | | | | | | | | | | | | * tests/openpgp/defs.scm: We expect that stuff is now installed. (tools): Fix the names. (intsalled?, bin-prefix): Remove. (tool-hardcoded): Simplify. (gpg-conf'): Simplify. (GNUPG_BUILDDIR): Do not anymore set this envvar. * tests/tpm2dtests/defs.scm: Ditto. -- This simplifies things a bit.
* build: Prepare for using installed versions for tests.Werner Koch2021-10-018-3/+51
| | | | | | | | | | | | | | | | | | | | | | | * tests/gpgconf.ctl.in: New. * tests/Makefile.am (EXTRA_DIST): Add new file. (TESTINST_DIRS): New. (clean-local): New. (clean-local-testinst): New. (check-recursive): New hook. (bin/gpgconf.ctl): Run a test install. * tests/cms/Makefile.am (TESTS_ENVIRONMENT): Set new envvar GNUPG_BUILD_ROOT. * tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto. -- Right now this helps only with the global configuraion dir which is now not set and thus the build host'ss own /etc/gnupg does not anymore affect the build. Signed-off-by: Werner Koch <[email protected]>
* common: Support gpgconf.ctl also for BSDs.Werner Koch2021-10-012-10/+31
| | | | | | | | | | * common/homedir.c (MYPROC_SELF_EXE): New. (unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as fallback. -- In addition this adds a fallback method for AIX etc which do not have an easy way to get the info.
* common: Add keyword sysconfdir to the optional gpgconf.ctl file.Werner Koch2021-10-011-18/+69
| | | | | | | | | | * common/homedir.c (unix_rootdir): Add arg want_sysconfdir. (gnupg_sysconfdir): Return it. -- Our regression test suite has the problem that we can't disable the use of the global config files or test them using the regualr binaries. This new keyword will allow us to overcome the problem.
* kbx: Let it include keybox.h to avoid multiple typedefs.NIIBE Yutaka2021-09-301-6/+1
| | | | | | | | | * kbx/backend.h: Include keybox.h. -- GnuPG-bug-id: 5630 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Handle backsig for v5 signature.NIIBE Yutaka2021-09-291-6/+8
| | | | | | | | | * g10/getkey.c (merge_selfsigs_subkey): Check v5 signature correctly. -- GnuPG-bug-id: 5628 Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 16:24:51 +0000