aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* scd: Renamed a constant in ccid-driver.cWerner Koch2022-04-141-3/+3
| | | | | | | * scd/ccid-driver.c (MAX_DEVICE): Rename to CCID_MAX_DEVICE. -- Just for documentation reasons.
* scd: Minor code reorganizationWerner Koch2022-04-141-16/+22
| | | | | * scd/ccid-driver.c: Move struct defines to the top. --
* scd: Fix memory leak in ccid-driver.Werner Koch2022-04-141-9/+9
| | | | | | | | | | | * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. -- Due to an assignment out of bounds this might lead to a crash if there are more than 15 readers. In any case it fixes a memory leak. Kudos to the friendly auditor who found that bug. Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
* tests: Fix warning in common/t-ssh-utils.cWerner Koch2022-04-141-1/+0
| | | | | | | | * common/t-ssh-utils.c (main): Remove continue. -- Obvious c+p bug. Fixes-commit: 5e508ffcab185eb8149e2fb2833ce15820140368
* agent: Ignore MD5 Fingerprints for ssh keysJakub Jelen2022-04-141-2/+4
| | | | | | | | -- * agent/command-ssh.c (add_control_entry): Ignore failure of the MD5 digest Signed-off-by: Jakub Jelen <[email protected]>
* tests: Fix common/t-ssh-utils.NIIBE Yutaka2022-04-141-6/+10
| | | | | | | | * common/t-ssh-utils.c (main): Accept an error with MD5 in_fips_mode. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Honor FIPS modeJakub Jelen2022-04-141-11/+47
| | | | | | | | | | * common/t-ssh-utils.c (FLAGS_NOFIPS): New. (sample_keys): Add flags member. (main): Detect if libgcrypt is in FIPS mode, try SHA256 fingerprints first and expect the MD5 ones will fail. -- Signed-off-by: Jakub Jelen <[email protected]>
* scd:p15: Improve the PIN prompt for Genua cards.Werner Koch2022-04-131-4/+26
| | | | | | | * scd/app-p15.c (CARD_PRODUCT_GENUA): New. (cardproduct2str): Add it. (read_p15_info): Detect and set GENUA (make_pin_prompt): Take holder string from the AODF.
* sm: Print diagnostic about CRL problems due to Tor mode.Werner Koch2022-04-117-23/+122
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlfetch.c (crl_fetch, crl_fetch_default) (ca_cert_fetch, start_cert_fetch): Factor Tor error out to ... (no_crl_due_to_tor): new. Print status note. * dirmngr/ks-engine-ldap.c (ks_ldap_get) (ks_ldap_search, ks_ldap_put): Factor Tor error out to ... (no_ldap_due_to_tor): new. Print status note. * dirmngr/ocsp.c (do_ocsp_request): Print status note. * sm/misc.c (gpgsm_print_further_info): New. * sm/call-dirmngr.c (warning_and_note_printer): New. (isvalid_status_cb): Call it. (lookup_status_cb): Ditto. (run_command_status_cb): Ditto. * common/asshelp2.c (vprint_assuan_status): Strip a possible trailing LF. --
* scd: Support for GeNUA cards.Werner Koch2022-04-111-1/+10
| | | | | * scd/app-p15.c (read_p15_info): Disable extended mode for Genua cards.
* doc: Typo fix in commentWerner Koch2022-04-081-1/+1
| | | | --
* tpm: Fix recently introduced syntax errorWerner Koch2022-04-081-2/+2
| | | | | | -- Fixes-commit: 18eff31496a34156d58d757a2a110bcfde6c9908
* gpg: Remove restrictions for the name part of a user-id.Werner Koch2022-04-081-7/+0
| | | | | | | | | | | | * g10/keygen.c (ask_user_id): Allow for the name to start with a digit. Allow names shorter than 5. -- The reason for this change is that we don't enforce these constraints in the --quick-gen-key interface. I added the constraints right in the beginning of gnupg to make sure that we have a uniform style for user-ids. However, this is all problematic with non-Latin names and we prefer to use mail addresses anyway.
* agent: Fix for possible support of Cygwin OpenSSH.NIIBE Yutaka2022-04-071-1/+5
| | | | | | | | | | | * agent/command-ssh.c (start_command_handler_ssh): Use es_sysopen. -- With new (not-yet-released) libgpg-error, gpg-agent should be able to handle connection from Cygwin version of OpenSSH. Signed-off-by: NIIBE Yutaka <[email protected]>
* w32: Exclude tests with HOME.NIIBE Yutaka2022-04-061-0/+4
| | | | | | | | | * common/t-session-env.c [HAVE_W32_SYSTEM] (test_all): HOME is not defined, so, exclude the tests. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* w32: Fix for make check.NIIBE Yutaka2022-04-066-8/+15
| | | | | | | | | | | | | | * common/Makefile.am (module_tests): Exclude t-exechelp and t-exectool. * common/t-stringhelp.c (mygetcwd): Convert '\' to '/'. * tests/cms/Makefile.am: Add $(EXEEXT). * tests/gpgme/Makefile.am: Likewise. * tests/migrations/Makefile.am: Likewise. * tests/openpgp/Makefile.am: Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:w32: Fix for use of socket.NIIBE Yutaka2022-04-041-7/+7
| | | | | | | | | | * agent/command-ssh.c (get_client_info): Use type gnupg_fd_t for socket, until call of socket API. (start_command_handler_ssh): Don't convert here. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,tpm2d: Fix for consistent use of socket FD.NIIBE Yutaka2022-03-316-10/+10
| | | | | | | | | | | | | | * scd/command.c (scd_command_handler): Use gnupg_fd_t for the argument but no INT2FD to listen. Use GNUPG_INVALID_FD. * tpm2d/command.c (tpm2d_command_handler): Likewise. * scd/scdaemon.c (start_connection_thread): Follow the change. * tpm2d/tpm2daemon.c (start_connection_thread): Likewise. * scd/scdaemon.h (scd_command_handler): Use gnupg_fd_t. * tpm2d/tpm2daemon.h (tpm2d_command_handler): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix for SOCK.NIIBE Yutaka2022-03-301-1/+1
| | | | | | | | | | * dirmngr/http.c (connect_with_timeout): Use FD2INT to unwrap SOCK. -- GnuPG-bug-id: 5899 Reported-by: Eli Zaretskii Signed-off-by: NIIBE Yutaka <[email protected]>
* tpm2d: Fix socket resource leak on Windows.NIIBE Yutaka2022-03-301-24/+26
| | | | | | | | | | | | | * tpm2d/tpm2daemon.c (main): Use gnupg_fd_t for socket, and use assuan_sock_close for the socket allocated by assuan_sock_new. (handle_connections): Use gnupg_fd_t for listen_fd. Use assuan_sock_close for the socket by npth_accept. -- Apply the same change of scdaemon to tpm2daemon. Signed-off-by: NIIBE Yutaka <[email protected]>
* common,w32: Fix handle_to_fd to match use of _open_osfhandle.NIIBE Yutaka2022-03-301-6/+5
| | | | | | | | | | | | * common/exechelp-w32.c (handle_to_fd): Use intptr_t. (gnupg_wait_processes): Fix to use pid_to_handle. -- Both of original MinGW and MinGW-W64 use intptr_t for the first argument of _open_osfhandle. So, intptr_t is better here. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Clean up for not supporting WindowsCE.NIIBE Yutaka2022-03-293-174/+1
| | | | | | | | | | | * dirmngr/Makefile.am (dirmngr_SOURCES): Remove w32-ldap-help.h. * dirmngr/cdblib.c (cdb_init): Remove for __MINGW32CE__. * dirmngr/w32-ldap-help.h: Remove. -- Fixes-commit: 4c295646ba0e175743e6be13457308c1e6d21dd3 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,tools: Remove use of repo only zlib-riscos.h.NIIBE Yutaka2022-03-292-19/+0
| | | | | | | | | * g10/compress.c: Don't use zlib-riscos.h. * tools/gpgsplit.c: Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,w32: Fix socket resource leak.NIIBE Yutaka2022-03-291-23/+26
| | | | | | | | | | | | * scd/scdaemon.c (main): Use gnupg_fd_t for socket, and use assuan_sock_close for the socket allocated by assuan_sock_new. (handle_connections): Use gnupg_fd_t for listen_fd. Use assuan_sock_close for the socket by npth_accept. -- GnuPG-bug-id: 5029 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Escape more characters in WKD requests.Werner Koch2022-03-281-1/+1
| | | | | | * dirmngr/server.c (proc_wkd_get): Also escape '#' and '+' -- GnuPG-bug-id: 5902
* gpg: Remove EAX from the preference list.Werner Koch2022-03-282-8/+1
| | | | | | | | | | * g10/gpg.c (main): Remove note about rfc4880bis. * g10/keygen.c (keygen_set_std_prefs): Use only OCB in the AEAD preference list. -- It is more than unlikely that EAX will ever be used in practice and thus we remove it from the preference list.
* agent: KEYTOCARD prefers to specified time.NIIBE Yutaka2022-03-281-12/+11
| | | | | | | | | | * agent/command.c (cmd_keytocard): Timestamp at "Created:" field is only used when time is not specified. -- Fixes-commit: c795be79c14fac01b984bdc2e2041d2141f27612 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Workaround for a certain broken LDAP URLWerner Koch2022-03-251-3/+19
| | | | | | | | | | | | | | | | * dirmngr/ldap.c (url_fetch_ldap): Detect and replace. -- The actual URL causing this is ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,\ C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint It is actually not very helpful because I had problems finding the issuer cert: CN=dgnservice CRL2101 13:PN,O=DGN Deutsches Gesundheitsnetz \ Service GmbH,C=DE
* common,w32: Fix early home dir creation.Werner Koch2022-03-251-20/+2
| | | | | | | | * common/homedir.c (w32_try_mkdir): Remove. (standard_homedir): Call gnupg_mkdir directly. (_gnupg_socketdir_internal): Ditto. -- GnuPG-bug-id: 5895
* tools:gpgconf: Fix gc_component table.NIIBE Yutaka2022-03-251-0/+2
| | | | | | | | | | | * tools/gpgconf-comp.c [!BUILD_WITH_TPM2D] (gc_component): Add a dummy entry. -- GnuPG-bug-id: 5701 Reported-by: Adriaan de Groot Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Use "Created:" field for creation time.NIIBE Yutaka2022-03-255-21/+36
| | | | | | | | | | | | | | * agent/agent.h (agent_key_from_file): Change the declaration. * agent/findkey.c (agent_key_from_file): Return timestamp. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change. * agent/pksign.c (agent_pkdecrypt): Likewise. * agent/command.c (cmd_passwd, cmd_export_key): Likewise. (cmd_keytocard): Use timestamp in private key file in "Created:". -- GnuPG-bug-id: 5538 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Suppress error message on trial reading as PEM format.NIIBE Yutaka2022-03-241-5/+7
| | | | | | | | | | | * dirmngr/dirmngr-client.c (read_pem_certificate): Add NO_ERRMSG argument to suppress the error message. (read_certificate, squid_loop_body): Follow the change. -- GnuPG-bug-id: 5531 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Clear the error count to try certificate as binary.NIIBE Yutaka2022-03-241-0/+2
| | | | | | | | | | * dirmngr/dirmngr-client.c (read_certificate): Call log_get_errorcount. -- GnuPG-bug-id: 5531 Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: Fix searching for FPR20 in version 2 blob.NIIBE Yutaka2022-03-241-4/+2
| | | | | | | | | | | | * kbx/keybox-search.c (blob_cmp_fpr_part): Don't change FPROFF, since it's caller which tweaks the offset. (has_short_kid, has_long_kid): Examine the key flags to determine if fingerprint 32 or 20. -- GnuPG-bug-id: 5888 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgtar: New option --with-logWerner Koch2022-03-226-38/+56
| | | | | | | | | | * tools/gpgtar.c: New option --with-log. * tools/gpgtar.h (opt): Add field with_log. * tools/gpgtar-extract.c (gpgtar_extract): Move directory string building up. Add option --log-file if needed. * tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it is used outside of its scope. * tools/gpgtar-list.c (gpgtar_list): Ditto.
* dirmngr: Make WKD_GET work even for servers not handling SRV RRs.Werner Koch2022-03-211-1/+8
| | | | | | | | | | | * dirmngr/server.c (proc_wkd_get): Take care of DNS server failures -- Unfortunately there are resolver setups which don't handle SRV records but return a server error. We let a not found error pass, because that merely means the domain does not exists. GnuPG-bug-id: 4729
* gpgtar: Finally use a pipe for decryption.Werner Koch2022-03-216-137/+266
| | | | | | | | | | | | | | | | * tools/gpgtar.h (opt): Add new flags. * tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and --require-compliance. (main): Init signals. * tools/gpgtar-create.c: Add new header files. (gpgtar_create): Rework to use a pipe for encryption and signing. * tools/gpgtar-list.c: Add new header files. (gpgtar_list): Rework to use a pipe for decryption. * tools/gpgtar-extract.c: Add new header files. (gpgtar_extract): Rework to use a pipe for decryption. -- Fixes-commit: 40dbee86f3043aff8a8c2055521e270318e33068
* common: Fix another race condition, and address the other one.NIIBE Yutaka2022-03-191-12/+34
| | | | | | | | | | * common/dotlock.c (dotlock_take_unix): Do same when same PID process detects stale lockfile. Add comment. -- GnuPG-bug-id: 5884 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Always use version >= 4 to generate signature.NIIBE Yutaka2022-03-191-0/+9
| | | | | | | | | * g10/sign.c (update_keysig_packet): Make sure sig->version >= 4. -- GnuPG-bug-id: 5809 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Print info about the used AEAD algorithm in the compliance msg.Werner Koch2022-03-183-5/+18
| | | | | | | | | | | | | | | | | | | | | * g10/misc.c (openpgp_cipher_algo_mode_name): New. * g10/decrypt-data.c (decrypt_data): Use function here. -- Note that openpgp_cipher_algo_mode_name is different from the version 2.2 becuase we append ".CFB" here. Without this change we would see gpg: cipher algorithm 'AES256' may not be used in --compliance=de-vs mode This is confusing because AES256 is compliant. Now we see gpg: cipher algorithm 'AES256.OCB' may not be used in --compliance=de-vs mode which gives a hint on the problem.
* common: New function map_static_stringsWerner Koch2022-03-184-5/+86
| | | | | | | | | * common/mapstrings.c (struct intmapping_s): New. (map_static_strings): New. * common/stringhelp.c (do_strconcat): Rename to ... (vstrconcat): this and make global. * common/t-mapstrings.c (test_map_static_strings): New test.
* gpg: Allow decryption of symencr even for non-compliant cipher.Werner Koch2022-03-185-18/+47
| | | | | | | | | | | | | | | | | | | | | | * g10/decrypt-data.c (decrypt_data): Add arg compliance_error. Adjust all callers. Fail on compliance error only in --require-compliance mode. Make sure to return an error if the buffer is missing; actually that should be an assert. * g10/mainproc.c (proc_encrypted): Delay printing of the compliance mode status. Consult the compliance error now returned by decrypt_data. -- The actual case here is that we fail hard if a message has been AEAD encrypted with one AEAD capable key and also with one passphrase. In general the preference system takes care of not using AEAD if one recipient's key does not support it. However, if the sender uses her own AEAD-capable key _and_ a passphrase the message will be AEAD encrypted. This change allows to decrypt that anyway along with a warning message. Note that this does currently not work in 2.3 due to a non-compliant libgcrypt. We will however, backport this to 2.2.
* common: New flags for gnupg_spawn_processWerner Koch2022-03-183-9/+29
| | | | | | | | | * common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New. (GNUPG_SPAWN_KEEP_STDOUT): New. (GNUPG_SPAWN_KEEP_STDERR): New. * common/exechelp-posix.c (do_exec): Add arg flags and implement new flags. * common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.
* common: Fix a race condition removing stale lockfile.NIIBE Yutaka2022-03-181-9/+24
| | | | | | | | | | | * common/dotlock.c (read_lockfile): Return the file descriptor when R_FD is available. (dotlock_take_unix): Check the case the lockfile was already removed. -- GnuPG-bug-id: 5884 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: More heavy test condition for t-dotlock.c.NIIBE Yutaka2022-03-181-4/+21
| | | | | | | | | | | * common/t-dotlock.c (lock_and_unlock): Use usleep and faster. Loop at least once. Use getrandom for random time. (main): Add new option --one-shot to run lock/unlock once. -- GnuPG-bug-id: 5884 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix DEVINFO with no --watch.NIIBE Yutaka2022-03-152-2/+2
| | | | | | | | | * scd/app.c (app_send_devinfo): Fix for outputing once. * scd/command.c (hlp_devinfo): Fix comment. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix previous commit.NIIBE Yutaka2022-03-111-1/+4
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Enhance PASSWD command to accept KEYGRIP optionally.NIIBE Yutaka2022-03-101-3/+8
| | | | | | | | | * scd/command.c (cmd_passwd): Handle KEYGRIP optionally. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Use same idiom for same work.NIIBE Yutaka2022-03-101-4/+4
| | | | | | | | | * scd/command.c (cmd_serialno, cmd_getattr): Use 'while' instead of 'for'. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* sign: Construct valid AEAD packets.Jakub Jelen2022-03-091-1/+2
| | | | | | | | | | * g10/sign.c (sign_symencrypt_file): Insert correct version and AEAD information into symkey packet. -- GnuPG-bug-id: 5856 Signed-off-by: Jakub Jelen <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 14:26:20 +0000