aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* po: Auto update translationsWerner Koch2021-08-2425-4428/+3725
| | | | --
* po: Update German translationWerner Koch2021-08-241-171/+160
| | | | --
* gpg: Report the status of NO_SECKEY for decryption.NIIBE Yutaka2021-08-241-2/+2
| | | | | | | | | | * g10/mainproc.c (proc_encrypted): Fix the condition to report NO_SECKEY even when the key was not considered by get_session_key. -- GnuPG-bug-id: 5562 Signed-off-by: NIIBE Yutaka <[email protected]>
* wkd: Properly unescape the user-id from a key listing.Werner Koch2021-08-201-6/+16
| | | | * tools/wks-util.c (append_to_uidinfo_list): Unescape UID.
* wkd: Fix client issue with leading or trailing spaces in user-ids.Werner Koch2021-08-206-20/+200
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/recsel.c (recsel_parse_expr): Add flag -t. * common/stringhelp.c: Remove assert.h. (strtokenize): Factor code out to do_strtokenize. (strtokenize_nt): New. (do_strtokenize): Add arg trim to support the strtokenize_nt. * common/t-stringhelp.c (test_strtokenize_nt): New test cases. * tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel flag -t. -- This fixes a bug with user ids with leading spaces because: wks-client lists all mail addresses from the key and matches them to the requested mail address. If there are several user-ids all with the same mail address wks-client picks one of them and then extracts exactly that user id. However, here it does not match by the mail address but by the full user-id so that we can be sure that there will be only one user-id in the final key. The filter built expression unfortunately strips leading blanks but requires a verbatim match. Thus it won't find the user id again and errors out. The new -t flag and a non-trimming strtokenize solves the problem. Signed-off-by: Werner Koch <[email protected]>
* scd: Don't release the context until list_finish for PC/SC.NIIBE Yutaka2021-08-201-1/+8
| | | | | | | | | | | * scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here. (apdu_dev_list_finish): Decrement PCSC.COUNT. -- GnuPG-bug-id: 5416 Fixes-commit: 32baa9acfb153004bdb2509f9516482b78f256a4 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Return SUCCESS/FAILURE status also for --card-edit/name.Werner Koch2021-08-191-3/+8
| | | | | | | * g10/card-util.c (change_name): Call write_sc_op_status. -- Reported-by: Joey Berkovitz
* agent: Use the sysconfdir for a pattern file.Werner Koch2021-08-182-5/+34
| | | | * agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
* agent: Ignore passphrase constraints for a generated passphrase.Werner Koch2021-08-184-35/+74
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. (MAX_GENPIN_TRIES): Remove. * agent/call-pinentry.c (struct entry_parm_s): (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. (is_generated_pin): New. (inq_cb): Suppress constraints checking for a generated passphrase. No more need for several tries to generate the passphrase. (do_getpin): Store a generated passphrase/pin in the status field. (agent_askpin): Suppress constraints checking for a generated passphrase. (agent_get_passphrase): Ditto. * agent/command.c (cmd_get_passphrase): Ditto. -- A generated passphrase has enough entropy so that all kind of extra checks would only reduce the actual available entropy. We thus detect if a passphrase has been generated (and not changed) and skip all passphrase constraints checking.
* agent: Improve the GENPIN callback.Werner Koch2021-08-181-9/+14
| | | | | | * agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ... (DEFAULT_GENPIN_BITS): this and increase to 150. (generate_pin): Make sure that we use at least 128 bits.
* agent: Fix for zero length help string in pinentry hints.Werner Koch2021-08-181-13/+31
| | | | | | | | | | | | * agent/call-pinentry.c: Remove unused assert.h. (inq_cb): Fix use use of assuan_end_confidential in case of nested use. (do_getpin): Ditto. (setup_formatted_passphrase): Escape the help string. (setup_enforced_constraints): Ignore empty help strings. -- (Ported from 2.2)
* common,w32: Replace log_debug by log_info for InProcessJobsWerner Koch2021-08-181-3/+3
| | | | * common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.
* doc: Add sample texts for Pinentry hintsWerner Koch2021-08-181-1/+27
| | | | --
* agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pientWerner Koch2021-08-131-1/+8
| | | | * agent/call-pinentry.c (atfork_core): Pass DISPLAY.
* agent: New option --check-sym-passphrase-pattern.Werner Koch2021-08-137-29/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oCheckSymPassphrasePattern): New. (opts): Add --check-sym-passphrase-pattern. (parse_rereadable_options): Set option. (main): Return option info. * tools/gpgconf-comp.c: Add new option. * agent/agent.h (opt): Add var check_sym_passphrase_pattern. (struct pin_entry_info_s): Add var constraints_flags. (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1. (CHECK_CONSTRAINTS_NEW_SYMKEY): New. * agent/genkey.c (check_passphrase_pattern): Rename to ... (do_check_passphrase_pattern): this to make code reading easier. Handle the --check-sym-passphrase-pattern option. (check_passphrase_constraints): Replace arg no_empty by a generic flags arg. Also handle --check-sym-passphrase-pattern here. * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass CHECK_CONSTRAINTS_NEW_SYMKEY flag. * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags. (struct inq_cb_parm_s): New. (inq_cb): Use new struct for parameter passing. Pass flags to teh constraints checking. (do_getpin): Pass constraints flag down. (agent_askpin): Take constrainst flag from the supplied pinentry struct. -- Requirements for a passphrase to protect a private key and for a passphrase used for symmetric encryption are different. Thus a the use of a different pattern file will be useful. Note that a pattern file can be used to replace the other passphrase constraints options and thus we don't need to duplicate them for symmetric encryption. GnuPG-bug-id: 5517 Signed-off-by: Werner Koch <[email protected]>
* indent: Add a git blame ignore fileWerner Koch2021-08-131-0/+2
| | | | --
* agent: Make --pinentry-formatted-passphrase a simple flagIngo Klöcker2021-08-124-39/+8
| | | | | | | | | | | | | | * agent/agent.h (opt): Change type of pinentry_formatted_passphrase to int (as for other flags). * agent/call-pinentry.c (setup_formatted_passphrase): Remove no longer needed translated strings. Write option without value to Assuan connection. * agent/gpg-agent.c (opts): Use ARGPARSE_s_n for oPinentryFormattedPassphrase. (parse_rereadable_options): Set option to 1. -- GnuPG-bug-id: 5553, 5517
* w32: Move socketdir to LCOAL_APPDATAWerner Koch2021-08-115-87/+152
| | | | | | | | | | | | | | | | | | | | | | | * common/homedir.c (is_gnupg_default_homedir): Use standard_homedir instead of the constant which makes a difference on Windows. (_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA. (gnupg_cachedir): Remove unsued function. * common/sysutils.c (gnupg_rmdir): New. * tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/. -- That is actually a more correct directory than APPDATA. This fixes a problem with installations where the APPDATA is non a network drive and the resulting socket filename is truncated in our socket helper function (because we use sockaddr also for our local socket emulation on Windows). LOCAL_APPDATA is expected to be on the local box and thus in the majority of cases the resulting socket file name will be short enough. GnuPG-bug-id: 5537 Signed-off-by: Werner Koch <[email protected]>
* gpgconf,w32: Print more registry diagnostics with --list-dirs.Werner Koch2021-08-111-2/+36
| | | | | | * tools/gpgconf.c (list_dirs): Figure out classes with the key. Signed-off-by: Werner Koch <[email protected]>
* agent: Add checkpin inquiry for pinentryIngo Klöcker2021-08-101-0/+104
| | | | | | | | | | | | | | | | * agent/call-pinentry.c (inq_cb): Handle checkpin inquiry. (setup_enforced_constraints): New. (agent_get_passphrase): Call setup_enforced_constraints if new passphrase is requested. -- This implements the gpg-agent side for checking whether a new passphrase entered by the user in pinentry satisfies the passphrase constraints. Performing a checkpin inquiry is only allowed if the passphrase constraints are enforced. setup_enforced_constraints sends necessary options and translated strings to pinentry. GnuPG-bug-id: 5517, 5532
* agent: New option --pinentry-formatted-passphraseIngo Klöcker2021-08-104-0/+104
| | | | | | | | | | | | * agent/agent.h (opt): Add field pinentry_formatted_passphrase. * agent/call-pinentry.c (setup_formatted_passphrase): New. (agent_get_passphrase): Pass option to pinentry. * agent/gpg-agent.c (oPinentryFormattedPassphrase): New. (opts): Add option. (parse_rereadable_options): Set option. -- GnuPG-bug-id: 5517
* build: Simplify for string.h and getopt.h.NIIBE Yutaka2021-08-053-7/+1
| | | | | | | | | | | | | * configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h. * dirmngr/ks-engine-ldap.c: Remove including getopt.h. * tools/make-dns-cert.c: Likewise. -- Checking string.h is supported by AC_HEADER_STDC. Use of getopt.h is only needed for getopt_long of GNU extention. Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Fix pwri.NIIBE Yutaka2021-08-051-3/+3
| | | | | | | | | | * sm/decrypt.c (pwri_parse_pbkdf2): Use int for digest algo. (pwri_decrypt): Use int for cipher algo and digest algo. -- Fixes-commit: 02029f9eab87e9fd667829dfb083846275576398 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Remove duplication of AC_HEADER_TIME.NIIBE Yutaka2021-08-051-3/+1
| | | | | | * configure.ac: Have a single AC_HEADER_TIME. Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update checking headers.NIIBE Yutaka2021-08-051-2/+2
| | | | | | | | | * configure.ac (AC_CHECK_HEADERS): Remove pty.h utmp.h, util.h, and libutil.h. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentryIngo Klöcker2021-08-021-0/+5
| | | | | | | | | | | | | * common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and QT_QPA_PLATFORM. -- On Unix systems (except Darwin), Qt uses those two environment variables additionally to DISPLAY and WAYLAND_DISPLAY to figure out whether to use X11 or Wayland. For example, QT_QPA_PLATFORM needs to be set to "wayland" to make Qt use Wayland on Gnome. GnuPG-bug-id: 3659
* sm,w32: Fix Unicode problem on key box creation.Werner Koch2021-07-291-1/+1
| | | | * sm/keydb.c (maybe_create_keybox): Replace access by gnupg_access
* tools: Extend gpg-check-pattern.Werner Koch2021-07-292-25/+207
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-check-pattern.c: Major rewrite. -- Signed-off-by: Werner Koch <[email protected]> Here is a simple pattern file: ==================== # Pattern to reject passwords which do not comply to # - at least 1 uppercase letter # - at least 1 lowercase letter # - at least one number # - at least one special character # and a few extra things to show the reject mode # Reject is the default mode, ignore case is the default #[reject] #[icase] # If the password starts with "foo" (case insensitive) it is rejected. /foo.*/ [case] # If the password starts with "bar" (case sensitive) it is rejected. /bar.*/ # Switch to accept mode: Only if all patterns up to the next "accept" # or "reject" tag or EOF match, the password is accepted. Otherwise # the password is rejected. [accept] /[A-Z]+/ /[a-z]+/ /[0-9]+/ /[^A-Za-z0-9]+/ ================= Someone™ please write regression tests.
* scd: Small clean up for card access.NIIBE Yutaka2021-07-222-10/+11
| | | | | | | * scd/app.c (app_get_challenge): Remove the check to ref_count. * scd/command.c (send_client_notifications): Update comments. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix direct use of card with no ctrl->card_ctx.NIIBE Yutaka2021-07-221-1/+1
| | | | | | | | | * scd/app.c (maybe_switch_app): Remove check of ref_count. -- Fixes-commit: 0d6b4210cf31d1c3ca0e8b034537a158fe3caca8 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add translatable text for Caps Lock hintIngo Klöcker2021-07-211-0/+1
| | | | | | | * agent/call-pinentry.c (start_pinentry): Add new default text. -- GnuPG-bug-id: 4950
* scd: Fix access to list of cards (3/3).NIIBE Yutaka2021-07-213-315/+315
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (card_reset): Simplify more. (select_additional_application): Supply CARD. (card_ref, card_unref): Remove. (card_get, card_put): New. * scd/app.c (card_reset): No locking/unlocking inside. (app_switch_current_card): Fix comment. (select_additional_application): No locking/unlocking inside. (do_with_keygrip): New, unlocked version. (card_get): New, with support of KEYGRIP. (card_unref): Remove. (card_put): New. (app_write_learn_status, app_readcert: No locking/unlocking inside. (app_readkey, app_getattr, app_setattr, app_sign, app_auth): Likewise. (app_decipher, app_writecert, app_writekey): Likewise. (app_genkey, app_get_challenge, app_change_pin): Likewise. (app_check_pin, app_switch_active_app): Likewise. * scd/command.c (do_reset): Use card_get/card_put. (open_card_with_request): Use card_get/card_put, return CARD locked. (cmd_serialno): Follow the change of open_card_with_request. (cmd_switchapp): Use card_get/card_put. (cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign): Likewise. (cmd_pkauth, cmd_pkdecrypt, cmd_getattr): Likewise. (cmd_setattr, cmd_writecert, cmd_writekey): Likewise. (cmd_genkey, cmd_random, cmd_passwd): Likewise. (cmd_checkpin, cmd_getinfo, cmd_restart): Likewise. (cmd_disconnect, cmd_apdu, cmd_devinfo): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix access to list of cards (2/3).NIIBE Yutaka2021-07-213-30/+28
| | | | | | | | | | | * scd/app-common.h (card_reset, select_application): Simplify. * scd/app.c (card_reset, select_application): Simplify. * scd/command.c (do_reset): Follow the change. (open_card, open_card_with_request): Follow the change. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix access to list of cards (1/3).NIIBE Yutaka2021-07-211-22/+115
| | | | | | | | | | | | | | | | * scd/app.c (card_list_lock): Use MRSW lock. (lock_r_card_list, unlock_r_card_list): New. (lock_w_card_list, unlock_w_card_list): New. (app_dump_state, app_send_devinfo): Use the MRSW lock. (select_application, app_switch_current_card): Likewise. (scd_update_reader_status_file): Likewise. (initialize_module_command, send_card_and_app_list): Likewise. (app_do_with_keygrip, app_wait): Likewise. -- GnuPG-bug-id: 5524 Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix typo in German translation.Ingo Klöcker2021-07-121-1/+1
| | | | --
* scd: Silence compiler waring about unused args.Werner Koch2021-07-082-0/+6
| | | | --
* kbx: Improve debugging of the search descriptions in keyboxd.Werner Koch2021-07-081-3/+69
| | | | | | | * kbx/frontend.c (dump_search_desc): New. (kbxd_search): Actually log the search descriptions. Signed-off-by: Werner Koch <[email protected]>
* kbx: Fix keyboxd searching with multiple patterns.Werner Koch2021-07-083-10/+95
| | | | | | | | | | | | | | | | | | | | * kbx/keybox-search-desc.h (struct keydb_search_desc): New flag name_used. * common/userids.c (classify_user_id): Set flag. * kbx/kbxserver.c (struct search_backing_store_s): New. (cmd_search): use a backing store for the const pointers. (kbxd_start_command_handler): Release the backing store. -- Well, the search object partly uses buffers but also const pointers (for strings and the serial number). This when assigning such objects to an another one we should really take a deep copy and not just copy the pointer. The more clean solution would have been to provide a storage option the search object but that needs checking the code at too many places so that I decided to use a separate backing store array here. Signed-off-by: Werner Koch <[email protected]>
* scd: Detect external interference when PCSC_SHARED.NIIBE Yutaka2021-07-064-2/+72
| | | | | | | | | | | | | | * scd/app-common.h (check_aid): New method. * scd/app-openpgp.c (do_check_aid): New. * scd/app-piv.c (do_check_aid): New. * scd/app.c (check_external_interference): New. (maybe_switch_app): Check interference to determine switching is needed. -- GnuPG-bug-id: 5484 Signed-off-by: NIIBE Yutaka <[email protected]>
* artwork: Explain the license for the logoWerner Koch2021-06-291-4/+7
|
* agent: Fix regression in agent_get_shadow_info_type.Werner Koch2021-06-251-2/+6
| | | | | | | | | * agent/protect.c (agent_get_shadow_info_type): Return the correct value. -- Fixes-commit: 33a2362e566c0e0d7011abf2e5fa5704d7cb4206 GnuPG-bug-id: 5393
* gpg: Let --fetch-key return an exit code on failure.Werner Koch2021-06-252-4/+20
| | | | | | | | * g10/keyserver.c (keyserver_fetch): Return an error code. * g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data. -- GnuPG-bug-id: 5376
* tools: Tweak ccidmon output.Werner Koch2021-06-251-4/+4
| | | | --
* scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.NIIBE Yutaka2021-06-231-0/+5
| | | | | | * scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW. Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Extend ccidmon to print T=1 APDUsWerner Koch2021-06-221-1/+93
| | | | | | | | | * tools/ccidmon.c (print_as_ascii): New. (print_t1_block): New. (print_p2r_xfrblock): Print APDUs (print_r2p_datablock): Ditto. Signed-off-by: Werner Koch <[email protected]>
* tests: Cope with broken Libgcrypt versionsWerner Koch2021-06-221-11/+27
| | | | | | | | | | | | | | * common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve errors. -- For unknown reasons some versions of Fedora or RHEL provide a patched version of Libgcrypt with Brainpool support removed. We better ignore this error because it is a regression in 2.2.28 although that older versions could not used Brainpool keys. GnuPG-bug-id: 5502 Signed-off-by: Werner Koch <[email protected]>
* w32: Add fallback in case the Windows console can't cope with Unicode.Werner Koch2021-06-221-4/+18
| | | | | | | | | | | | | | | | | | | | | * common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on error. -- To test this switch the Windows Console to "legacy mode" set LANG=de gpg --card-edit and enter an invalid command. The response contains an Umlaut and old Windows versions (and the legacy console) don't have a proper font installed for this. Without this patch this runs into a log_fatal error. The mitigation we implement is to fallback to WriteConsoleA, that is accepting wrong encoding and to print a note about the problem. GnuPG-bug-id: 5491
* scd:p15: Prepare AODF parsing for other authentication types.Werner Koch2021-06-221-329/+372
| | | | | | | | | | | | | * scd/app-p15.c (auth_type_t): New. (struct aodf_object_s): Add field auth_type. (read_ef_aodf): Distinguish between pin and authkey types. Include the authtype in the verbose mode diags. -- Note that the bulk of chnages are just indentation chnages. There should be no functional change. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix regression in KS_GET for mail address pattern.Werner Koch2021-06-211-1/+39
| | | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern. (ks_hkp_get): Allow for mail addresses. - Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail address as an exact pattern (e.g. "[email protected]"). Since 2.2.28 the mail address is detected gpg gpg and we see for example "<[email protected]>". This patch fixes this to turn a mail address into an exact match again. GnuPG-bug-id: 5497 Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Add pre-check for ascii-numeric PINs.Werner Koch2021-06-181-1/+9
| | | | * scd/app-p15.c (verify_pin): acii-numerix is different than BCD.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 16:02:48 +0000