aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* scd:p15: Add basic support for AET JCOP cards.Werner Koch2021-06-181-5/+42
| | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_AET): New. (cardtype2str): Add string. (card_atr_list): Add corresponding ATR. (app_local_s): New flag no_extended_mode. Turn two other flags into bit flags. (select_ef_by_path): Hack to handle the 3FFF thing. (readcert_by_cdf): Do not use etxended mode for AET. (app_select_p15): Set no_extended_mode. Signed-off-by: Werner Koch <[email protected]>
* scd:p15: Handle cards with bad encoded path objects.Werner Koch2021-06-181-12/+16
| | | | | | | | | * scd/app-p15.c (read_ef_prkdf, read_ef_pukdf) (read_ef_cdf, read_ef_aodf): Allow for a zero length path and correctly skip unsupported auth types. -- Signed-off-by: Werner Koch <[email protected]>
* scd: Improve reading of binary records.Werner Koch2021-06-183-11/+10
| | | | | | | | | | | | | * scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the same as 6b00. * scd/apdu.c (apdu_get_atr): Modify debug messages. * scd/app-p15.c (app_select_p15): Print FCI on error. (read_p15_info): Clean up diag in presence of debug options. -- Some cards return 6a86 instead of 6b00. Signed-off-by: Werner Koch <[email protected]>
* scd: Fix RESET handling.NIIBE Yutaka2021-06-171-1/+5
| | | | | | | | * scd/app.c (scd_update_reader_status_file): Clear ->reset_requested. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix Simplified Chinese Translation.NIIBE Yutaka2021-06-171-17/+17
| | | | | | | | -- GnuPG-bug-id: 5477 Reported-by: Zhongren Gu Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix build with --disable-ldap.NIIBE Yutaka2021-06-161-0/+2
| | | | | | | | | | | * dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]: Conditionalize. -- Reported-by: Phil Pennock Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083)
* sm: New option --ldapserver as an alias for --keyserver.Werner Koch2021-06-162-29/+11
| | | | | | | | | | | | | * sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an alias. -- We should use "keyserver" for OpenPGP and thus it is better to allow for "ldapserver" here - it is the same convention as now used in dirmngr. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093)
* dirmngr: Allow to pass no filter args to dirmngr_ldap.Werner Koch2021-06-161-5/+11
| | | | | | | | | | | * dirmngr/dirmngr_ldap.c (main): Handle no args case. -- This is required for example for CRLs. The old code did not require this because the hos was taken from the URL given has arg. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit f6e45671aa26f3e7abb968a876de7bbdb4fca3f1)
* dirmngr: Rewrite the LDAP wrapper toolWerner Koch2021-06-1612-694/+1250
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ldap-misc.c: New. * dirmngr/ldap-misc.h: New. * dirmngr/ks-engine-ldap.c: Include ldap-misc.h. (ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c. * dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug mode. * dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND the saqme as GPG_ERR_NO_DATA. * dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds. Remove arg url. Adjust for changes in dirmngr_ldap. (url_fetch_ldap): Remove args host and port. Parse the URL and use these values to call run_ldap_wrapper. (attr_fetch_ldap): Pass tls flags to run_ldap_wrapper. (rfc2254_need_escape, rfc2254_escape): New. (extfilt_need_escape, extfilt_escape): New. (parse_one_pattern): Rename to ... (make_one_filter): this. Change for new dirmngr_ldap calling convention. Make issuer DN searching partly work. (escape4url, make_url): Remove. (start_cert_fetch_ldap): Change for new dirmngr_ldap calling convention. * dirmngr/dirmngr_ldap.c: Major rewrite. * dirmngr/t-ldap-misc.c: New. * dirmngr/t-support.h (DIM, DIMof): New. * dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c (module_tests) [USE_LDAP]: Add t-ldap-misc. (t_ldap_parse_uri_SOURCES): Ditto. (t_ldap_misc_SOURCES): New. -- This rewrite allows to properly handle TLS and avoids some code duplication. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 39815c023f0371dea01f7c51469b19c06ad18718)
* dirmngr: Remove useless code.Werner Koch2021-06-161-5/+0
| | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the password_param thing because we set the password directly without an intermediate var. -- Reported-by: Ingo Kloecker (cherry picked from commit 8bd5172539e1399b407aa2a9d56fa51b8e040ae3)
* doc: Update description of LDAP keyserversWerner Koch2021-06-161-10/+25
| | | | | | -- (cherry picked from commit 7c4b0eda7462cecf230aba8472d264593257dd0d)
* dirmngr: Fix default port for our redefinition of ldaps.Werner Koch2021-06-162-31/+43
| | | | | | | | | | * dirmngr/server.c (make_keyserver_item): Fix default port for ldaps. Move a tmpstr out of the blocks. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 8de9d54ac83fa20cb52b847b643311841be4d6dc)
* dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.Werner Koch2021-06-163-9/+27
| | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT. * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ... (parse_rereadable_options): here. -- Note that this has not yet been tested. In fact a test with OpenLDAP using a modified route got stuck in the connection attempt. Maybe it works on Windows - will be tested later. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 317d5947b84ae2707e46b89fb0d8318c07174e13)
* dirmngr: New option --ldapserverWerner Koch2021-06-164-16/+128
| | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (opts): Add option --ldapserver. (ldapserver_list_needs_reset): New var. (parse_rereadable_options): Implement option. (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used. * dirmngr/server.c (cmd_ldapserver): Add option --clear and list configured servers if none are given. -- This option allows to specify LDAP keyserver in dirmngr instead of using gpgsm.conf. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ff17aee5d10c8c5ab902253fb4332001c3fc3701)
* dirmngr: Allow for non-URL specified ldap keyservers.Werner Koch2021-06-167-168/+367
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ldapserver): Strip an optional prefix. (make_keyserver_item): Handle non-URL ldap specs. * dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls, ldap_over_tls, and ntds. * dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host string. Improve error messages for the non-file case. Support flags. * dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs. (ks_action_search, ks_action_get, ks_action_put): Ditto. * dirmngr/ks-engine-ldap.c: Include ldapserver.h. (ks_ldap_help): Handle non-URL ldap specs. (my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support URLs and non-URL specified keyservers. (ks_ldap_get): Adjust for changes in my_ldap_connect. (ks_ldap_search): Ditto. (ks_ldap_put): Ditto. -- The idea here is to unify our use of URLS or colon delimited ldap keyserver specification. The requirement for percent escaping, for example the bindname in an URLs, is cumbersome and prone to errors. This we allow our classic colon delimited format as an alternative. That format makes it also easy to specify flags to tell dirmngr whether to use starttls or ldap-over-tls. The code is nearly 100% compatible to existing specification. There is one ambiguity if the hostname for CRL/X509 searches is just "ldap"; this can be solved by prefixing it with "ldap:" (already implemented in gpgsm). GnuPG-bug-id: 5405, 5452 Ported-from: 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b
* gpg,sm: Simplify keyserver spec parsing.Werner Koch2021-06-1610-518/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | * common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <[email protected]> Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
* dirmngr: Support pseudo URI scheme "opaque".Werner Koch2021-06-167-18/+36
| | | | | | | | | | | | | | | * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New. * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers to use the new macro for better readability. (do_parse_uri): Add pseudo scheme "opaque". (uri_query_value): New. -- This scheme can be used to convey arbitrary strings in a parsed_uri_t object. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 72124fadafde153f8ac89a70202006d831829d06)
* card: Fix typo in help messageJiri Kerestes2021-06-121-1/+1
| | | | | -- Signed-off-by: Jiri Kerestes <[email protected]>
* sm: Fix finding of issuer in use-keyboxd mode.Werner Koch2021-06-113-37/+62
| | | | | | | | | | | | | * sm/keydb.c (struct keydb_local_s): Add field saved_search_result. (keydb_push_found_state): Implement for keyboxd. (keydb_pop_found_state): Ditto. (keydb_get_cert): Do not release the cert so that the function can be used again to get the same cert. This is the same behaviour as in pubring.kbx mode. * sm/certchain.c, sm/import.c: Improve some error messages. Signed-off-by: Werner Koch <[email protected]>
* scd: Support clearing of Reset Code by ''.NIIBE Yutaka2021-06-111-2/+3
| | | | | | | | * scd/app-openpgp.c (do_change_pin): Allow null-string. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix typo in Simplified Chinese Translation.NIIBE Yutaka2021-06-111-2/+2
| | | | | | | | | | | -- Forward port 2.2 commit of: 3896e7e625dc9cc8d04dcd6cae9f0c22bfe5b404 GnuPG-bug-id: 5477 Reported-by: Zhongren Gu Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add new card vendor.Werner Koch2021-06-101-0/+1
| | | | --
* gpgtar,w32: Fix file size computationWerner Koch2021-06-091-1/+1
| | | | | | | | | | | | | * tools/gpgtar-create.c (fillup_entry_w32): Move parentheses. -- Fixes-commit: 8b8925a2bdbb12dd537dde20a27cdb1416c2f1ae The bug is so obvious that I wonder why it was not reported more often on Windows. (Adding 1 to MAXDWORD (0xfffffff) always gives 0 for the product). Signed-off-by: Werner Koch <[email protected]>
* agent: Fix importing protected secret key.NIIBE Yutaka2021-06-091-21/+49
| | | | | | | | | | * agent/cvt-openpgp.c (do_unprotect): Only modify SKEY when it is correctly decrypted. -- GnuPG-bug-id: 5122 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix serial number detection for Yubikey 5.NIIBE Yutaka2021-06-081-4/+5
| | | | | | | | | * scd/app.c (app_new_register): Handle serial number correctly. -- GnuPG-bug-id: 5442 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix READER-PORT option handling for PC/SC.NIIBE Yutaka2021-06-071-17/+27
| | | | | | | | | * scd/apdu.c (apdu_open_reader): READERNO should be -1 when READER-PORT is specified for PC/SC. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Appropriate error code for importing key with no passwd.NIIBE Yutaka2021-06-041-0/+2
| | | | | | | | | | | | * agent/cvt-openpgp.c (convert_from_openpgp_main): Return GPG_ERR_BAD_SECKEY. -- When non-protected case, error at gcry_pk_testkey results GPG_ERR_BAD_PASSPHRASE. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Support KEYGRIP search with traditional keyring.NIIBE Yutaka2021-06-031-3/+13
| | | | | | | | | * g10/keyring.c (keyring_search): Handle KEYDB_SEARCH_MODE_KEYGRIP. -- GnuPG-bug-id: 5469 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Allow for GCM decryption in de-vs mode.Werner Koch2021-06-023-2/+3
| | | | | | | | | | | * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm in decrypt mode. * tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag -- We allow GCM in de-vs mode for decryption although this has not been evaluation. It is decryption and thus no serious harm may happen.
* sm: Support AES-GCM decryption.Werner Koch2021-06-028-7/+96
| | | | | | | | | | | | * tests/cms/samplemsgs/: Add sample messages. * sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error. * sm/decrypt.c (decrypt_gcm_filter): New. (gpgsm_decrypt): Use this filter if requested. Check authtag. -- Note that the sample message pwri-sample.gcm.p7m is broken: The authtag is duplicated to the authEncryptedContentInfo. I used a temporary code during testing hack to that test message out.
* tests: Rename subdir gpgsm to cms and move sample dirs.Werner Koch2021-05-3170-72/+69
| | | | | | | -- It does not make sense to have the cms stuff at the top level but the openpgp at a dedicated directory. This patch fixes that.
* gpgconf: Make runtime changes with different homedir work.Werner Koch2021-05-281-4/+4
| | | | * tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir first.
* doc: Add notes on how to enable TLS in openldap.Werner Koch2021-05-281-0/+56
| | | | --
* agent: Fix calling handle_pincache_put.NIIBE Yutaka2021-05-281-1/+1
| | | | | | | | | | * agent/call-scd.c (padding_info_cb): Fix the argument. -- GnuPG-bug-id: 5436 Reported-by: Bogdan Luca Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix zero-byte handling in ECC.NIIBE Yutaka2021-05-281-11/+3
| | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte. -- Fixes-commit: a25c99b156ca9acaa7712e9c09a6df0a7a23c833 GnuPG-bug-id: 5163 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Ed448 and X448 are only for v5 for --full-gen-key.NIIBE Yutaka2021-05-271-1/+24
| | | | | | | | | | * g10/keygen.c (generate_keypair): Set pVERSION = 5, pSUBVERSION = 5, when it's Ed448 or X448. -- Fixes-commit: 36355394d865f5760075e62267d70f7a7d5dd671 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: _DARWIN_C_SOURCE should be 1.NIIBE Yutaka2021-05-271-1/+1
| | | | | | | | | | * configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1. -- GnuPG-bug-id: 5440 Reported-by: Jay Freeman Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Partial fix for Unicode problem in output files.Werner Koch2021-05-252-2/+2
| | | | | | | | | | * g10/openfile.c (overwrite_filep): Use gnupg_access. -- As said, this is just an obvious but partial fix. We need to review things for the output module. Signed-off-by: Werner Koch <[email protected]>
* common: Annotate leaked memory in homedir.cWerner Koch2021-05-213-14/+62
| | | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (how_to_fix_the_trustdb): Use gnupg_homedir. * common/homedir.c (standard_homedir): Annotate leaked memory. (gnupg_daemon_rootdir): Ditto. (gnupg_socketdir): Ditto. (gnupg_sysconfdir): Ditto. (gnupg_bindir): Ditto. (gnupg_libdir): Ditto. (gnupg_datadir): Ditto. (gnupg_localedir): Ditto. (gnupg_cachedir): Ditto. (gpg_agent_socket_name): Ditto. (dirmngr_socket_name): Ditto. (keyboxd_socket_name): Ditto. (get_default_pinentry_name): Ditto. (gnupg_module_name): Ditto. (default_homedir): Ditto. Make static. Signed-off-by: Werner Koch <[email protected]>
* sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.Werner Koch2021-05-201-7/+45
| | | | | | | | | | * sm/keylist.c (list_cert_raw): Print the OpenPGP fpr. -- This is useful for debugging for example if an OpenPGP key is used to create an X.509 cert. Signed-off-by: Werner Koch <[email protected]>
* card: Intialize pointer to avoid double freeJakub Jelen2021-05-201-0/+1
| | | | | | | | | * tools/gpg-card.c (cmd_salut): Initialize data pointer -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* scd: avoid memory leaksJakub Jelen2021-05-203-7/+14
| | | | | | | | | | | | | * scd/app-p15.c (send_certinfo): free labelbuf (do_sign): goto leave instead of return * scd/app-piv.c (do_sign): goto leave instead of return, fix typo in variable name, avoid using uninitialized variables * scd/command.c (cmd_genkey): goto leave instead of return -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* kbx: Avoid uninitialized readJakub Jelen2021-05-204-4/+9
| | | | | | | | | | | | * kbx/kbx-client-util.c (datastream_thread): Initialize pointer * kbx/keybox-dump.c (_keybox_dump_cut_records): free blob * kbx/kbxserver.c (kbxd_start_command_handler): do not free passed ctrl * kbx/keyboxd.c (check_own_socket): free sockname -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* g10: Avoid memory leaksJakub Jelen2021-05-203-18/+30
| | | | | | | | | | | | | | | | | * g10/call-agent.c (card_keyinfo_cb): free keyinfo. Restructure to avoid backward gotos. * g10/keyedit.c (menu_set_keyserver_url): properly enclose the block * g10/keygen.c (gen_card_key): free pk and pkt -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393 Additional changes: - Restructure to avoid backward gotos. Signed-off-by: Werner Koch <[email protected]>
* dirmgr: Avoid double freeJakub Jelen2021-05-202-3/+1
| | | | | | | | | | * dirmgr/http.c (http_prepare_redirect): Avoid double free * dirmgr/ocsp.c (check_signature): Initialize pointer -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* common: Avoid double-freeJakub Jelen2021-05-201-0/+1
| | | | | | | | | | * common/name-value.c (do_nvc_parse): reset to null after ownership change -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* agent: Fix memory leaksJakub Jelen2021-05-203-22/+30
| | | | | | | | | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): free wctp * agent/call-scd.c (agent_card_pksign): return error instead of noop (card_keyinfo_cb): free keyinfo. Restructure to avoid a goto backwards. * agent/protect.c (agent_get_shadow_info_type): allocate only as a last action. Catch xtrymalloc failure. (agent_is_tpm2_key): Free buf. -- Signed-off-by: Jakub Jelen <[email protected]> Additional changes are: - Restructure to avoid a goto backwards. - Catch xtrymalloc failure. GnuPG-bug-id: 5393 Signed-off-by: Werner Koch <[email protected]>
* sm: Avoid memory leaks and double double-freeJakub Jelen2021-05-204-7/+26
| | | | | | | | | | | | | * sm/certcheck.c (extract_pss_params): Avoid double free * sm/decrypt.c (gpgsm_decrypt): goto leave instead of return * sm/encrypt.c (encrypt_dek): release s_pkey * sm/server.c (cmd_export): free list (do_listkeys): free lists -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
* g10: Fix memory leaksJakub Jelen2021-05-2010-12/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/card-util.c (change_pin): free answer on errors (ask_card_keyattr): free answer on error * g10/cpr.c (do_get_from_fd): free string * g10/gpg.c (check_permissions): free dir on weird error * g10/import.c (append_new_uid): release knode * g10/keyedit.c (menu_set_keyserver_url): free answer (menu_set_keyserver_url): free user * g10/keygen.c (print_status_key_not_created): move allocation after sanity check (ask_expire_interval): free answer (card_store_key_with_backup): goto leave instaed of return * g10/keyserver.c (parse_keyserver_uri): goto fail instead of return * g10/revoke.c (gen_desig_revoke): release kdbhd (gen_desig_revoke): free answer * g10/tofu.c (ask_about_binding): free sqerr and response * g10/trustdb.c (ask_ownertrust): free pk -- Signed-off-by: Jakub Jelen <[email protected]> Further changes: * g10/card-util.c (change_pin): Do not set answer to NULL. * g10/keyedit.c(menu_set_keyserver_url): Use !func() pattern. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 5393
* dirmgr: clean up memory on error code pathsJakub Jelen2021-05-204-6/+16
| | | | | | | | | | | | * dirmgr/crlcache.c (finish_sig_check): goto leave instead of return * dirmgr/http.c (send_request): free authstr and proxy_authstr * dirmgr/ldap.c (start_cert_fetch_ldap): free proxy * dirmgr/ocsp.c (check_signature): release s_hash -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 15:57:53 +0000