aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* agent: Add checkpin inquiry for pinentryikloecker/pinentry-formatted-passphraseIngo Klöcker2021-07-281-0/+104
| | | | | | | | | | | | | | | | * agent/call-pinentry.c (inq_cb): Handle checkpin inquiry. (setup_enforced_constraints): New. (agent_get_passphrase): Call setup_enforced_constraints if new passphrase is requested. -- This implements the gpg-agent side for checking whether a new passphrase entered by the user in pinentry satisfies the passphrase constraints. Performing a checkpin inquiry is only allowed if the passphrase constraints are enforced. setup_enforced_constraints sends necessary options and translated strings to pinentry. GnuPG-bug-id: 5517, 5532
* agent: New option --pinentry-formatted-passphraseIngo Klöcker2021-07-154-0/+104
| | | | | | | | | | | | * agent/agent.h (opt): Add field pinentry_formatted_passphrase. * agent/call-pinentry.c (setup_formatted_passphrase): New. (agent_get_passphrase): Pass option to pinentry. * agent/gpg-agent.c (oPinentryFormattedPassphrase): New. (opts): Add option. (parse_rereadable_options): Set option. -- GnuPG-bug-id: 5517
* po: Fix typo in German translation.Ingo Klöcker2021-07-121-1/+1
| | | | --
* scd: Silence compiler waring about unused args.Werner Koch2021-07-082-0/+6
| | | | --
* kbx: Improve debugging of the search descriptions in keyboxd.Werner Koch2021-07-081-3/+69
| | | | | | | * kbx/frontend.c (dump_search_desc): New. (kbxd_search): Actually log the search descriptions. Signed-off-by: Werner Koch <[email protected]>
* kbx: Fix keyboxd searching with multiple patterns.Werner Koch2021-07-083-10/+95
| | | | | | | | | | | | | | | | | | | | * kbx/keybox-search-desc.h (struct keydb_search_desc): New flag name_used. * common/userids.c (classify_user_id): Set flag. * kbx/kbxserver.c (struct search_backing_store_s): New. (cmd_search): use a backing store for the const pointers. (kbxd_start_command_handler): Release the backing store. -- Well, the search object partly uses buffers but also const pointers (for strings and the serial number). This when assigning such objects to an another one we should really take a deep copy and not just copy the pointer. The more clean solution would have been to provide a storage option the search object but that needs checking the code at too many places so that I decided to use a separate backing store array here. Signed-off-by: Werner Koch <[email protected]>
* scd: Detect external interference when PCSC_SHARED.NIIBE Yutaka2021-07-064-2/+72
| | | | | | | | | | | | | | * scd/app-common.h (check_aid): New method. * scd/app-openpgp.c (do_check_aid): New. * scd/app-piv.c (do_check_aid): New. * scd/app.c (check_external_interference): New. (maybe_switch_app): Check interference to determine switching is needed. -- GnuPG-bug-id: 5484 Signed-off-by: NIIBE Yutaka <[email protected]>
* artwork: Explain the license for the logoWerner Koch2021-06-291-4/+7
|
* agent: Fix regression in agent_get_shadow_info_type.Werner Koch2021-06-251-2/+6
| | | | | | | | | * agent/protect.c (agent_get_shadow_info_type): Return the correct value. -- Fixes-commit: 33a2362e566c0e0d7011abf2e5fa5704d7cb4206 GnuPG-bug-id: 5393
* gpg: Let --fetch-key return an exit code on failure.Werner Koch2021-06-252-4/+20
| | | | | | | | * g10/keyserver.c (keyserver_fetch): Return an error code. * g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data. -- GnuPG-bug-id: 5376
* tools: Tweak ccidmon output.Werner Koch2021-06-251-4/+4
| | | | --
* scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.NIIBE Yutaka2021-06-231-0/+5
| | | | | | * scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW. Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Extend ccidmon to print T=1 APDUsWerner Koch2021-06-221-1/+93
| | | | | | | | | * tools/ccidmon.c (print_as_ascii): New. (print_t1_block): New. (print_p2r_xfrblock): Print APDUs (print_r2p_datablock): Ditto. Signed-off-by: Werner Koch <[email protected]>
* tests: Cope with broken Libgcrypt versionsWerner Koch2021-06-221-11/+27
| | | | | | | | | | | | | | * common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve errors. -- For unknown reasons some versions of Fedora or RHEL provide a patched version of Libgcrypt with Brainpool support removed. We better ignore this error because it is a regression in 2.2.28 although that older versions could not used Brainpool keys. GnuPG-bug-id: 5502 Signed-off-by: Werner Koch <[email protected]>
* w32: Add fallback in case the Windows console can't cope with Unicode.Werner Koch2021-06-221-4/+18
| | | | | | | | | | | | | | | | | | | | | * common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on error. -- To test this switch the Windows Console to "legacy mode" set LANG=de gpg --card-edit and enter an invalid command. The response contains an Umlaut and old Windows versions (and the legacy console) don't have a proper font installed for this. Without this patch this runs into a log_fatal error. The mitigation we implement is to fallback to WriteConsoleA, that is accepting wrong encoding and to print a note about the problem. GnuPG-bug-id: 5491
* scd:p15: Prepare AODF parsing for other authentication types.Werner Koch2021-06-221-329/+372
| | | | | | | | | | | | | * scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of chnages are just indentation chnages. There should be no functional change. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix regression in KS_GET for mail address pattern.Werner Koch2021-06-211-1/+39
| | | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern. (ks_hkp_get): Allow for mail addresses. - Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail address as an exact pattern (e.g. "[email protected]"). Since 2.2.28 the mail address is detected gpg gpg and we see for example "<[email protected]>". This patch fixes this to turn a mail address into an exact match again. GnuPG-bug-id: 5497 Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Add pre-check for ascii-numeric PINs.Werner Koch2021-06-181-1/+9
| | | | * scd/app-p15.c (verify_pin): acii-numerix is different than BCD.
* scd:p15: Add basic support for AET JCOP cards.Werner Koch2021-06-181-5/+42
| | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_AET): New. (cardtype2str): Add string. (card_atr_list): Add corresponding ATR. (app_local_s): New flag no_extended_mode. Turn two other flags into bit flags. (select_ef_by_path): Hack to handle the 3FFF thing. (readcert_by_cdf): Do not use etxended mode for AET. (app_select_p15): Set no_extended_mode. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Handle cards with bad encoded path objects.Werner Koch2021-06-181-12/+16
| | | | | | | | | * scd/app-p15.c (read_ef_prkdf, read_ef_pukdf) (read_ef_cdf, read_ef_aodf): Allow for a zero length path and correctly skip unsupported auth types. -- Signed-off-by: Werner Koch <[email protected]>
* scd: Improve reading of binary records.Werner Koch2021-06-183-11/+10
| | | | | | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the same as 6b00. * scd/apdu.c (apdu_get_atr): Modify debug messages. * scd/app-p15.c (app_select_p15): Print FCI on error. (read_p15_info): Clean up diag in presence of debug options. -- Some cards return 6a86 instead of 6b00. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix RESET handling.NIIBE Yutaka2021-06-171-1/+5
| | | | | | | | * scd/app.c (scd_update_reader_status_file): Clear ->reset_requested. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix Simplified Chinese Translation.NIIBE Yutaka2021-06-171-17/+17
| | | | | | | | -- GnuPG-bug-id: 5477 Reported-by: Zhongren Gu Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix build with --disable-ldap.NIIBE Yutaka2021-06-161-0/+2
| | | | | | | | | | | * dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]: Conditionalize. -- Reported-by: Phil Pennock Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083)
* sm: New option --ldapserver as an alias for --keyserver.Werner Koch2021-06-162-29/+11
| | | | | | | | | | | | | * sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an alias. -- We should use "keyserver" for OpenPGP and thus it is better to allow for "ldapserver" here - it is the same convention as now used in dirmngr. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093)
* dirmngr: Allow to pass no filter args to dirmngr_ldap.Werner Koch2021-06-161-5/+11
| | | | | | | | | | | * dirmngr/dirmngr_ldap.c (main): Handle no args case. -- This is required for example for CRLs. The old code did not require this because the hos was taken from the URL given has arg. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f6e45671aa26f3e7abb968a876de7bbdb4fca3f1)
* dirmngr: Rewrite the LDAP wrapper toolWerner Koch2021-06-1612-694/+1250
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ldap-misc.c: New. * dirmngr/ldap-misc.h: New. * dirmngr/ks-engine-ldap.c: Include ldap-misc.h. (ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c. * dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug mode. * dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND the saqme as GPG_ERR_NO_DATA. * dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds. Remove arg url. Adjust for changes in dirmngr_ldap. (url_fetch_ldap): Remove args host and port. Parse the URL and use these values to call run_ldap_wrapper. (attr_fetch_ldap): Pass tls flags to run_ldap_wrapper. (rfc2254_need_escape, rfc2254_escape): New. (extfilt_need_escape, extfilt_escape): New. (parse_one_pattern): Rename to ... (make_one_filter): this. Change for new dirmngr_ldap calling convention. Make issuer DN searching partly work. (escape4url, make_url): Remove. (start_cert_fetch_ldap): Change for new dirmngr_ldap calling convention. * dirmngr/dirmngr_ldap.c: Major rewrite. * dirmngr/t-ldap-misc.c: New. * dirmngr/t-support.h (DIM, DIMof): New. * dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c (module_tests) [USE_LDAP]: Add t-ldap-misc. (t_ldap_parse_uri_SOURCES): Ditto. (t_ldap_misc_SOURCES): New. -- This rewrite allows to properly handle TLS and avoids some code duplication. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 39815c023f0371dea01f7c51469b19c06ad18718)
* dirmngr: Remove useless code.Werner Koch2021-06-161-5/+0
| | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the password_param thing because we set the password directly without an intermediate var. -- Reported-by: Ingo Kloecker (cherry picked from commit 8bd5172539e1399b407aa2a9d56fa51b8e040ae3)
* doc: Update description of LDAP keyserversWerner Koch2021-06-161-10/+25
| | | | | | -- (cherry picked from commit 7c4b0eda7462cecf230aba8472d264593257dd0d)
* dirmngr: Fix default port for our redefinition of ldaps.Werner Koch2021-06-162-31/+43
| | | | | | | | | | * dirmngr/server.c (make_keyserver_item): Fix default port for ldaps. Move a tmpstr out of the blocks. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 8de9d54ac83fa20cb52b847b643311841be4d6dc)
* dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.Werner Koch2021-06-163-9/+27
| | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT. * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ... (parse_rereadable_options): here. -- Note that this has not yet been tested. In fact a test with OpenLDAP using a modified route got stuck in the connection attempt. Maybe it works on Windows - will be tested later. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 317d5947b84ae2707e46b89fb0d8318c07174e13)
* dirmngr: New option --ldapserverWerner Koch2021-06-164-16/+128
| | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (opts): Add option --ldapserver. (ldapserver_list_needs_reset): New var. (parse_rereadable_options): Implement option. (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used. * dirmngr/server.c (cmd_ldapserver): Add option --clear and list configured servers if none are given. -- This option allows to specify LDAP keyserver in dirmngr instead of using gpgsm.conf. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ff17aee5d10c8c5ab902253fb4332001c3fc3701)
* dirmngr: Allow for non-URL specified ldap keyservers.Werner Koch2021-06-167-168/+367
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ldapserver): Strip an optional prefix. (make_keyserver_item): Handle non-URL ldap specs. * dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls, ldap_over_tls, and ntds. * dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host string. Improve error messages for the non-file case. Support flags. * dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs. (ks_action_search, ks_action_get, ks_action_put): Ditto. * dirmngr/ks-engine-ldap.c: Include ldapserver.h. (ks_ldap_help): Handle non-URL ldap specs. (my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support URLs and non-URL specified keyservers. (ks_ldap_get): Adjust for changes in my_ldap_connect. (ks_ldap_search): Ditto. (ks_ldap_put): Ditto. -- The idea here is to unify our use of URLS or colon delimited ldap keyserver specification. The requirement for percent escaping, for example the bindname in an URLs, is cumbersome and prone to errors. This we allow our classic colon delimited format as an alternative. That format makes it also easy to specify flags to tell dirmngr whether to use starttls or ldap-over-tls. The code is nearly 100% compatible to existing specification. There is one ambiguity if the hostname for CRL/X509 searches is just "ldap"; this can be solved by prefixing it with "ldap:" (already implemented in gpgsm). GnuPG-bug-id: 5405, 5452 Ported-from: 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b
* gpg,sm: Simplify keyserver spec parsing.Werner Koch2021-06-1610-518/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | * common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <[email protected]> Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
* dirmngr: Support pseudo URI scheme "opaque".Werner Koch2021-06-167-18/+36
| | | | | | | | | | | | | | | * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New. * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers to use the new macro for better readability. (do_parse_uri): Add pseudo scheme "opaque". (uri_query_value): New. -- This scheme can be used to convey arbitrary strings in a parsed_uri_t object. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 72124fadafde153f8ac89a70202006d831829d06)
* card: Fix typo in help messageJiri Kerestes2021-06-121-1/+1
| | | | | -- Signed-off-by: Jiri Kerestes <[email protected]>
* sm: Fix finding of issuer in use-keyboxd mode.Werner Koch2021-06-113-37/+62
| | | | | | | | | | | | | * sm/keydb.c (struct keydb_local_s): Add field saved_search_result. (keydb_push_found_state): Implement for keyboxd. (keydb_pop_found_state): Ditto. (keydb_get_cert): Do not release the cert so that the function can be used again to get the same cert. This is the same behaviour as in pubring.kbx mode. * sm/certchain.c, sm/import.c: Improve some error messages. Signed-off-by: Werner Koch <[email protected]>
* scd: Support clearing of Reset Code by ''.NIIBE Yutaka2021-06-111-2/+3
| | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow null-string. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix typo in Simplified Chinese Translation.NIIBE Yutaka2021-06-111-2/+2
| | | | | | | | | | | -- Forward port 2.2 commit of: 3896e7e625dc9cc8d04dcd6cae9f0c22bfe5b404 GnuPG-bug-id: 5477 Reported-by: Zhongren Gu Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new card vendor.Werner Koch2021-06-101-0/+1
| | | | --
* gpgtar,w32: Fix file size computationWerner Koch2021-06-091-1/+1
| | | | | | | | | | | | | * tools/gpgtar-create.c (fillup_entry_w32): Move parentheses. -- Fixes-commit: 8b8925a2bdbb12dd537dde20a27cdb1416c2f1ae The bug is so obvious that I wonder why it was not reported more often on Windows. (Adding 1 to MAXDWORD (0xfffffff) always gives 0 for the product). Signed-off-by: Werner Koch <[email protected]>
* agent: Fix importing protected secret key.NIIBE Yutaka2021-06-091-21/+49
| | | | | | | | | | * agent/cvt-openpgp.c (do_unprotect): Only modify SKEY when it is correctly decrypted. -- GnuPG-bug-id: 5122 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix serial number detection for Yubikey 5.NIIBE Yutaka2021-06-081-4/+5
| | | | | | | | | * scd/app.c (app_new_register): Handle serial number correctly. -- GnuPG-bug-id: 5442 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix READER-PORT option handling for PC/SC.NIIBE Yutaka2021-06-071-17/+27
| | | | | | | | | * scd/apdu.c (apdu_open_reader): READERNO should be -1 when READER-PORT is specified for PC/SC. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Appropriate error code for importing key with no passwd.NIIBE Yutaka2021-06-041-0/+2
| | | | | | | | | | | | * agent/cvt-openpgp.c (convert_from_openpgp_main): Return GPG_ERR_BAD_SECKEY. -- When non-protected case, error at gcry_pk_testkey results GPG_ERR_BAD_PASSPHRASE. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Support KEYGRIP search with traditional keyring.NIIBE Yutaka2021-06-031-3/+13
| | | | | | | | | * g10/keyring.c (keyring_search): Handle KEYDB_SEARCH_MODE_KEYGRIP. -- GnuPG-bug-id: 5469 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Allow for GCM decryption in de-vs mode.Werner Koch2021-06-023-2/+3
| | | | | | | | | | | * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm in decrypt mode. * tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag -- We allow GCM in de-vs mode for decryption although this has not been evaluation. It is decryption and thus no serious harm may happen.
* sm: Support AES-GCM decryption.Werner Koch2021-06-028-7/+96
| | | | | | | | | | | | * tests/cms/samplemsgs/: Add sample messages. * sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error. * sm/decrypt.c (decrypt_gcm_filter): New. (gpgsm_decrypt): Use this filter if requested. Check authtag. -- Note that the sample message pwri-sample.gcm.p7m is broken: The authtag is duplicated to the authEncryptedContentInfo. I used a temporary code during testing hack to that test message out.
* tests: Rename subdir gpgsm to cms and move sample dirs.Werner Koch2021-05-3170-72/+69
| | | | | | | -- It does not make sense to have the cms stuff at the top level but the openpgp at a dedicated directory. This patch fixes that.
* gpgconf: Make runtime changes with different homedir work.Werner Koch2021-05-281-4/+4
| | | | * tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir first.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 16:00:52 +0000