aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* scd: Add npth_unprotect/npth_protect for blocking operations.NIIBE Yutaka2022-08-251-0/+20
| | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Name the thread. (ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap blocking operations by npth_unprotect/npth_protect. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a libusb debug level.Werner Koch2022-08-221-1/+33
| | | | | | | | | | * scd/ccid-driver.c (USE_LIBUSB_DEBUG_CB): New const. (debug_libusb_cb): new. (ccid_set_debug_level): Use it. -- This allows to see the libusb log in our usual debug output. For this the option debug-ccid-driver needs to be given 5 or more times.
* common: New common option no-autostart.Werner Koch2022-08-228-2/+39
| | | | | | | | | | | | | | | | | | | | * common/comopt.c (opts): Add "no-autostart". (parse_comopt): Set it. * common/comopt.h (comopt): Add no_autostart. * g10/gpg.c (main): Take care of the new option. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add. (main): Parse common options and handle new option. * tools/gpg-card.c (main): Ditto. (cmd_yubikey): Fix minor error reporting issue. * common/util.h (GNUPG_MODULE_NAME_CARD): New const. * common/homedir.c (gnupg_module_name): Support it. -- Having a global option makes it easier to use disable autostart on a server which is required to use a remote gpg-agent reliable.
* dirmngr: Fix NTBTLS include for testAndre Heinecke2022-08-161-1/+2
| | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add NTBTLS. -- This fixes the build in case every lib is installed into its own prefix.
* gpg: Fix --card-status to handle lowercase APPTYPEsWerner Koch2022-08-161-6/+6
| | | | * g10/card-util.c (current_card_status): Use ascii_strcasecmp.
* doc: Update description of the key format.Werner Koch2022-08-162-11/+21
| | | | --
* gpg: Improve --edit-key setpref.Werner Koch2022-08-121-5/+17
| | | | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Allow extra spaces before preference elements. Detect the bracketed versions of the strings. Ignore "aead". -- This allows to c+p the list shown by pref with out remove the brackets.
* agent: New option --need-attr for KEYINFO.Werner Koch2022-08-112-17/+73
| | | | | | | | | | | | | | * agent/command.c (do_one_keyinfo): New arg need_Attr. (cmd_keyinfo): New option --need-attr. * agent/findkey.c (public_key_from_file): Use nvc_get_boolean. -- This option makes it easier to list keys suitable only for certain purposes. The second patch makes if compliant to the description in keyformat.txt
* common: New function nvc_get_boolean.Werner Koch2022-08-112-0/+25
| | | | * common/name-value.c (nvc_get_boolean): New.
* gpg: Emit an ERROR status if --quick-set-primary-uid failsIngo Klöcker2022-08-091-3/+9
| | | | | | | | | | * g10/keyedit.c (keyedit_quick_set_primary): Issue a status error. -- This allows GpgME to detect and report a failure if setting the primary user ID of a key failed. GnuPG-bug-id: 6126
* gpg: Look up user ID to mark as primary by UID hashIngo Klöcker2022-08-082-26/+25
| | | | | | | | | | | | | | | | * g10/keyedit.c (find_userid_by_namehash, find_userid): Add argument want_valid. Skip invalid user IDs if valid is wanted. (keyedit_quick_revuid): Ask find_userid() for any matching user ID. (keyedit_quick_set_primary): Use find_userid() to find the user ID to mark as primary. * tests/openpgp/quick-key-manipulation.scm: Change second call of the quick-set-primary-uid test to specify the user ID by its hash. -- This makes it possible to specify the user ID to mark as primary via its UID hash when calling --quick-set-primary-uid. GnuPG-bug-id: 6126
* gpg: Fix wrong error message for keytocard.Werner Koch2022-08-041-3/+1
| | | | | | | * g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE. -- GnuPG-bug-id: 6122
* common: Silence warnings from AllowSetForegroundWindow.Werner Koch2022-08-032-2/+12
| | | | | * common/sysutils.c (gnupg_allow_set_foregound_window): Print warning only with debug flag set.
* dirmngr: Fix failed malloc error message.Werner Koch2022-08-031-2/+5
| | | | * dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
* gpgconf: Add config file for Windows Registry dumps.Werner Koch2022-08-033-1/+85
| | | | | | | * tools/gpgconf.c (show_registry_entries_from_file): New. (show_configs): Call it. * doc/examples/gpgconf.rnames: New. * doc/Makefile.am (examples): Add it.
* g13: Remove unused variable.Werner Koch2022-08-021-1/+0
| | | | --
* gpg: Make symmetric + pubkey encryption de-vs compliant.Werner Koch2022-08-021-5/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption de-vs compliant. * g10/mainproc.c (struct symlist_item): New. (struct mainproc_context): Add field symenc_list. (release_list): Free that list. (proc_symkey_enc): Record infos from symmetric session packet. (proc_encrypted): Check symkey packet algos -- The original check was too strong because it is in fact compliant to encrypt with a symmetric key and and public key. Thus decryption should issue a compliance status. In addition we now check that the cipher algorithms used to symmetrically encrypt the session key are all compliant. This is similar to our check for all public key encrypted session key packets. GnuPG-bug-id: 6119 Fixes-commit: b03fab09e188f7bb10237d4f20455e4026737e4e Backported from 2.2 Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Improve registry dumping.Werner Koch2022-08-024-15/+31
| | | | | | | | | | | | * common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and change all callers. (show_configs): Indicate whether the HKLM fallback was used. * tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin Registry key. Indicate whether the HKLM fallback was used. -- Note that this is backport from 2.2. The new support there for REG_DWORD needs to be implemented in libgpg-error, though.
* tests: Install links for tpm2daemonWerner Koch2022-08-012-1/+3
| | | | | | | * Makefile.am (all-local): Install missing symlinks. -- GnuPG-bug-id: 6052
* common: Add a default OpenPGP ECC mapping.Werner Koch2022-08-011-0/+1
| | | | | | | | * common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map ECC to ECDSA which is similar to what we do at opther places in gpg. -- GnuPG-bug-id: 5555
* scd:opengpg: Minor vendor name fixWerner Koch2022-07-281-1/+1
| | | | --
* gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.Werner Koch2022-07-281-2/+10
| | | | | | | | * g10/pkclist.c (select_algo_from_prefs): Change implicit hash algorithm. -- GnuPG-bug-id: 6043
* scd:openpgp: New vendorWerner Koch2022-07-281-0/+1
| | | | --
* wkd: Bind the address to the nonce.Werner Koch2022-07-271-6/+67
| | | | | | | | | | | | * tools/gpg-wks-server.c (make_pending_fname): New. (store_key_as_pending, check_and_publish): Use here. (process_new_key): Pass addrspec to store_key_as_pending. (expire_one_domain): Expire also the new files. -- Along with the pass traversal bug this enhancement was Suggested-by: Philipp Breuch <[email protected]> GnuPG-bug-id: 6098
* tests: Add missing file for tpm2d tests to the tarball.Werner Koch2022-07-271-1/+1
| | | | | -- GnuPG-bug-id: 6052
* doc: Minor typo fixWerner Koch2022-07-261-1/+1
| | | | | | -- GnuPG-bug-id: 6092
* wkd: Fix path traversal attack on gpg-wks-server.Werner Koch2022-07-252-0/+25
| | | | | | | | * tools/gpg-wks-server.c (check_and_publish): Check for invalid characters in sender controlled data. * tools/wks-util.c (wks_fname_from_userid): Ditto. (wks_compute_hu_fname): Ditto. (ensure_policy_file): Ditto.
* build: Update gpg-error.m4.NIIBE Yutaka2022-07-221-1/+2
| | | | | | | | * gpg-error.m4: Update from libgpg-error. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update config.guess, config.sub, and config.rpath.NIIBE Yutaka2022-07-183-1965/+2324
| | | | | | | | | | | * build-aux/config.guess: Update from upstream. * build-aux/config.sub: Ditto. * build-aux/config.rpath: Update from gettext 0.21. -- GnuPG-bug-id: 6078 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix workaround for Yubikey heuristics.NIIBE Yutaka2022-07-131-8/+21
| | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2022-07-1128-200/+369
| | | | --
* Release 2.3.7gnupg-2.3.7Werner Koch2022-07-111-1/+75
|
* gpg-connect-agent: No help string for --unbufferedWerner Koch2022-07-101-1/+1
| | | | --
* gpg,build: Fix message for newer gettext.NIIBE Yutaka2022-07-051-1/+3
| | | | | | | | * g10/keyserver.c (keyserver_refresh): Use ngettext. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: New short options -V and -XWerner Koch2022-06-291-4/+39
| | | | | | | | * tools/gpgconf.c: Assign short options -X and -V (show_version_gnupg): Print the vsd version if available. -- These changes are helpful for phone support.
* agent: Add description for "Prompt" field.NIIBE Yutaka2022-06-281-0/+6
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".NIIBE Yutaka2022-06-282-17/+3
| | | | | | | | | | * agent/command-ssh.c: Fix comments. * agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Do not consider --min-passphrase-len for the magic wand.Werner Koch2022-06-273-14/+38
| | | | | * agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets. * g10/gpg.c (main) <aGenRandom>: Add Level 30.
* agent: Flush before calling ftruncate.NIIBE Yutaka2022-06-231-0/+2
| | | | | | | | | | * agent/findkey.c (write_extended_private_key): Make sure it is flushed out. -- GnuPG-bug-id: 6035 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: KEYATTR only allows access to attribute.NIIBE Yutaka2022-06-231-0/+8
| | | | | | | | | * agent/command.c (cmd_keyattr): Check the ATTRNAME. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix KEYATTR command for --delete option.NIIBE Yutaka2022-06-231-1/+5
| | | | | | | | * agent/command.c (cmd_keyattr): Write the result. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add KEYATTR command.NIIBE Yutaka2022-06-224-7/+139
| | | | | | | | | | | | | | | | | * agent/agent.h (agent_raw_key_from_file): Add R_KEYMETA argument. (agent_update_private_key): New. * agent/command-ssh.c (data_sign): Follow the change of the function agent_raw_key_from_file. * agent/command.c (do_one_keyinfo): Likewise. (cmd_keyattr): New. (register_commands): Add an entry of cmd_keyattr. * agent/findkey.c (agent_update_private_key): New. (agent_raw_key_from_file): Add R_KEYMETA argument. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,gpg,tools: Fix use of log_get_fd.NIIBE Yutaka2022-06-225-19/+5
| | | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): Don't put file descriptor from log_get_fd to no_close_list. * agent/call-pinentry.c (start_pinentry): Likewise. * common/call-gpg.c (start_gpg): Likewise. * call-syshelp.c (start_syshelp): Likewise. * tools/gpg-connect-agent.c (main): Likewise. -- GnuPG-bug-id: 5921 Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Improve pkcs#12 debug output.Werner Koch2022-06-201-7/+9
| | | | | | | * sm/minip12.c (parse_shrouded_key_bag): Fix offset diagnostic. (parse_cert_bag): Ditto. (parse_bag_data): Remove debug output. Pass startoffset. Fix offset diagnostic.
* sm: Rework the PKCS#12 parser to support DFN issued keys.Werner Koch2022-06-201-177/+341
| | | | | | | | | | | | | | | | | | | * sm/minip12.c (struct p12_parse_ctx_s): New. Use this instead of passing several parameters to most functions. (parse_pag_data): Factor things out to ... parse_shrouded_key_bag): new. (parse_cert_bag): New. (parse_bag_data): New. (p12_parse): Setup the parse context. -- To support newer pkcs#12 files like those issued by the DFN we need to support another ordering of data elements. This rework reflects the P12 data structure a bit better than our old ad-hoc hacks. Tests could only be done with the certificate parts and not the encrypted private keys. GnuPG-bug-id: 6037
* agent: Improve "Insert the card" message.Werner Koch2022-06-171-1/+2
| | | | * agent/findkey.c (prompt_for_card): Don't print "(null").
* agent,ssh: Fix for make not-inserted OpenPGP.3 keys available for SSH.Werner Koch2022-06-151-5/+8
| | | | | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Do not bump key_counter for ignored keys. Also use opt.debug instead of opt.verbose and fix a memory leak. -- The error shown by "ssh-add -l" before this fix was: error fetching identities: incomplete messag Fixes-commit: 193fcc2f7a8cca5240ce50499c54f99235a87e1c GnuPG-bug-id: 5996
* agent: New option --no-user-trustlist and --sys-trustlist-name.Werner Koch2022-06-144-10/+71
| | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New. (opts): Add new option names. (parse_rereadable_options): Parse options. (finalize_rereadable_options): Reset allow-mark-trusted for the new option. * agent/agent.h (opt): Add fields no_user_trustlist and sys_trustlist_name. * agent/trustlist.c (make_sys_trustlist_name): New. (read_one_trustfile): Use here. (read_trustfiles): Use here. Implement --no-user-trustlist. -- With the global options we can now avoid that a user changes the Root-CA trust by editing the trustlist.txt. However, to implement this we need a new option so that we don't need to rely on some magic like --no-allow-mark-trusted has been put into a force section. The second option makes system administration easier as it allows to keep the trustlist in a non-distributed file. GnuPG-bug-id: 5990
* g10: Fix garbled status messages in NOTATION_DATAWerner Koch2022-06-141-9/+4
| | | | | | | | | | | | * g10/cpr.c (write_status_text_and_buffer): Fix off-by-one -- Depending on the escaping and line wrapping the computed remaining buffer length could be wrong. Fixed by always using a break to terminate the escape detection loop. Might have happened for all status lines which may wrap. GnuPG-bug-id: T6027
* keygen: Fix reading AEAD preferenceJakub Jelen2022-06-141-1/+1
| | | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Use the right variable when reading AEAD preference string -- GnuPG-bug-id: 6019 Signed-off-by: Jakub Jelen <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 18:24:42 +0000