aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* tests: Add symmetric decryption tests.Werner Koch2022-11-026-0/+83
| | | | | | | | | | | | | * tests/openpgp/decrypt-sym.scm: New. * tests/openpgp/samplemsgs/enc-sym-cfb-1.asc: New. * tests/openpgp/samplemsgs/enc-sym-cfb-2.asc: New. * tests/openpgp/samplemsgs/enc-sym-ocb-1.asc: New. * tests/openpgp/samplemsgs/enc-sym-ocb-2.asc: New. -- It's time to have some OCB tests in our suite so that we don't forget to run the tests from our RNP interop tests. Also adds new tests for CFB messages.
* tests: Add tr:assert-same function.Werner Koch2022-11-023-5/+13
| | | | | * tests/gpgscm/tests.scm (tr:assert-same-string): New. * tests/openpgp/shell.scm: Option to drop into a REPL.
* agent: Avoid blanks in the ssh key's comment.Werner Koch2022-11-021-0/+5
| | | | | | | | | | | | | | | | | | * agent/command-ssh.c (card_key_available): Replace blanks. -- For managing the authorized_key file of ssh it is convenient if the comment does not have any spaces. Thus we now return cardno:FFFE_50FF3D01 instead of cardno:FFFE 50FF3D01 Note that gpg --export-ssh-key uses the keyid as comment because it does not known the S/N of the card. Gpg-agent however does not know about OpenPGP and uses the s/n.
* build: Update m4 files.NIIBE Yutaka2022-11-025-10/+10
| | | | | | | | | | | | | * m4/ksba.m4: Update from libksba master. * m4/libassuan.m4: Update from libassuan master. * m4/libgcrypt.m4: Update from libgcrypt master. * m4/npth.m4: Update from npth master. * m4/ntbtls.m4: Update from npth master. -- GnuPG-bug-id: 5034 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Merge --rfc4880bis features into --gnupgWerner Koch2022-10-312-50/+15
| | | | | | | | | | | | * g10/gpg.c (oRFC4880bis): Remove. (opts): Make --rfc4880bis a Noop. (compliance_options): Make rfc4880bis to gnupg. (set_compliance_option): Remove rfc4880bis stuff. (main): Ditto. Note that this now activates the --mimemode option. * g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection. (keygen_upd_std_prefs): Always announce support for v5 keys. (read_parameter_file): Activate the v4 and v5 keywords. --
* gpg: Allow only OCB for AEAD encryption.Werner Koch2022-10-318-140/+20
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (opts): New option--force-ocb as alias for force-aead. Turn --aead-algo and --personal-aead-preferences into dummy options. (build_list_md_test_algo, build_list_aead_algo_name): Remove. (my_strusage): Remove output of AEAD algos. (main): Remove code from the --aead options. * g10/encrypt.c (encrypt_seskey): Make file local. (use_aead): Remove requirement for rfc4880bis. Always return AEAD_ALGO_OCB. * g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro. * g10/misc.c (default_aead_algo): Remove. * g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0. (select_algo_from_prefs): Remove personal AEAD algo setting. * g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option parsing. * g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs. -- Due to the meanwhile expired patent on OCB there is no more reason for using EAX. Thus we forcefully use OCB if the AEAD feature flag is set on a key.
* gpg: New option --compatibility-flagsWerner Koch2022-10-313-1/+35
| | | | | | | | | | | * g10/gpg.c (oCompatibilityFlags): New. (opts): Add option. (compatibility_flags): New list. (main): Set flags and print help. * g10/options.h (opt): Add field compatibility_flags. -- No flags are yet defined but it is good to have the framework.
* gpgsm: Also announce AES256-CBC in signatures.Werner Koch2022-10-281-7/+10
| | | | | | | * sm/sign.c (gpgsm_sign): Add new capability. -- It might be better to have this. No concrete bug report, though.
* gpg: Fix trusted introducer for user-ids with only the mbox.Werner Koch2022-10-281-19/+31
| | | | | | | | * g10/trustdb.c (check_regexp): Kludge to match user-ids with only an mbox. -- (Also re-indented the function) GnuPG-bug-id: 6238
* gpg: Import stray revocation certificates.Werner Koch2022-10-283-13/+65
| | | | | | | | | | | | | | | | * g10/kbnode.c (new_kbnode2): New. * g10/import.c (delete_inv_parts): New arg r_otherrevsigs to store misplaced revocations. (import_revoke_cert): Allow to pass an entire list. (import_one): Import revocations found by delete_inv_parts. -- It might be useful to distribute revocations of old keys along with new keys. This is in particicualrr useful for WKD stored keys. This patch allows to put unrelated standalone revocations into a key. For example they can simply appended to a keyblock. Right now it is a bit inaesthetic to see diagnostics about misplaced or bad revocation signatures.
* agent: Automatically convert to extended key format by KEYATTR.NIIBE Yutaka2022-10-281-6/+15
| | | | | | | | | * agent/command.c (cmd_keyattr): Reject when disabled extended key format. Handle the case when key is in non-extended format. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* card: New commands "gpg" and "gpgsm".Werner Koch2022-10-251-2/+63
| | | | | | | | | | | | | | | * tools/gpg-card.c: Include exechelp.h (cmd_gpg): New. (enum cmdids): Add cmdGPG and cmdGPGSM. (cmds): Add commands "gpg" and "gpgsm" (dispatch_command, interactive_loop): Call them. -- It is too cumbersome to leave the gpg-card shell just for running a quick gpg or gpgsm command. Thus we add these new commands. Take care: As of now we don't have proper shell-quoting rules implemented. This will eventually be done.
* card: Also show fingerprints of known X.509 certificatesWerner Koch2022-10-251-1/+4
| | | | | | | * tools/gpg-card.c (list_one_kinfo): Show fpr. -- The fingerprint is actually more useful than the Subject-DN.
* scd:nks: Support non-ESIGN signing with the Signature Card v2Werner Koch2022-10-251-8/+20
| | | | * scd/app-nks.c (do_sign): Handle ECC for NKS cards
* gpgsm: Allow ECC encryption keys with just keyAgreement specified.Werner Koch2022-10-253-1/+11
| | | | | | | | * sm/certlist.c (cert_usage_p): Allow keyAgreement for ECC. * sm/fingerprint.c (gpgsm_is_ecc_key): New. -- For ECC encryption keys keyAgreement is the keyUsage we want.
* gpgsm: Use macro constants for cert_usage_p.Werner Koch2022-10-251-15/+27
| | | | * sm/certlist.c (USE_MODE_): New. Use them for easier reading.
* build: Update gpg-error.m4.NIIBE Yutaka2022-10-241-1/+5
| | | | | | | | * m4/gpg-error.m4: Update from libgpg-error 1.46. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update Simplified Chinese Translation.bobwxc2022-10-241-31/+16
| | | | | | | -- Reviewed-by: NIIBE Yutaka <[email protected]> Signed-off-by: bobwxc <[email protected]>
* agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument.NIIBE Yutaka2022-10-2012-24/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (do_exec): Remove PREEXEC argument. (gnupg_spawn_process): Likewise. (gnupg_spawn_process_fd): Follow the change of do_exec. (gnupg_spawn_process_detached): Likewise. * common/exechelp-w32.c (gnupg_spawn_process): Remove PREEXEC. * common/exechelp.h (gnupg_spawn_process): Remove PREEXEC. * agent/genkey.c (do_check_passphrase_pattern): Follow the change. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * tests/gpgscm/ffi.c (do_spawn_process): Likewise. * tools/gpgconf-comp.c (gc_component_check_options): Likewise. (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- PREEXEC is not portable feature and it's not used. GnuPG-bug-id: 6249 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Move NETLIBS after GPG_ERROR_LIBS.NIIBE Yutaka2022-10-181-6/+6
| | | | | | | | | | | | | | | * g10/Makefile.am (LDADD): Remove NETLIBS. (gpg_LDADD, gpgv_LDADD): Add NETLIBS after GPG_ERROR_LIBS. ((t_keydb_LDADD, t_keydb_get_keyblock_LDADD): Likewise. (t_stutter_LDADD): Likewise. -- Forward port 2.2 commit of: b26bb03ed96f380ad603f7ad902862625233c931 GnuPG-bug-id: 6244 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future.NIIBE Yutaka2022-10-141-0/+23
| | | | | | | | | | | | | | * g10/ecdh.c (derive_kek): Use GCRY_KDF_ONESTEP_KDF. -- This change is not yet enabled. We will be able to use the code when we update NEED_LIBGCRYPT_VERSION to 1.11.0. Before the update, gpg compiled with libgcrypt 1.11.0 can't work with older libgcrypt runtime. GnuPG-bug-id: 5964 Signed-off-by: NIIBE Yutaka <[email protected]>
* common,w32: Fix struct stat on Windows.NIIBE Yutaka2022-10-141-1/+11
| | | | | | | | | | * common/sysutils.c [HAVE_W32_SYSTEM] (gnupg_stat): Select appropriate structure. -- GnuPG-bug-id: 5897 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,w32: Support Win32-OpenSSH emulation by gpg-agent.NIIBE Yutaka2022-10-144-36/+164
| | | | | | | | | | | | | | | | * agent/agent.h (start_command_handler_ssh_stream): New. * agent/command-ssh.c (start_command_handler_ssh_stream): New. * agent/gpg-agent.c (oWin32OpenSSHSupport): New. (W32_DEFAILT_AGENT_PIPE_NAME): New. (main): Add oWin32OpenSSHSupport support. (win32_openssh_thread): New. (handle_connections): Spawn win32_openssh_thread. * configure.ac (NEED_GPGRT_VERSION): Require libgpg-error 1.46. -- GnuPG-bug-id: 3883 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Don't use FD2INT for POSIX-only code.NIIBE Yutaka2022-10-141-1/+1
| | | | | | | | * common/iobuf.c [!HAVE_W32_SYSTEM] (iobuf_get_filelength): Use fp. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix build with no LDAP support.NIIBE Yutaka2022-10-141-0/+2
| | | | | | | | | * dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize. -- GnuPG-bug-id: 6239 Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2022-10-133-2/+6
| | | | --
* Release 2.3.8gnupg-2.3.8Werner Koch2022-10-133-8/+62
|
* speedo: Fix location of gpg-wks-clientWerner Koch2022-10-131-1/+1
| | | | --
* speedo: Fix for a libgpg-error-config regression.Werner Koch2022-10-131-2/+2
| | | | --
* po: Auto updateWerner Koch2022-10-1327-1008/+967
| | | | --
* po: Update Turkish translationEmir SARI2022-10-131-4473/+2513
| | | | --
* po: Update Czech translation.Petr Pisar2022-10-131-698/+571
| | | | --
* wkd: gpg-wks-client --send checks if build with sendmail supportAlexander Kulbartsch2022-10-131-0/+8
| | | | | * tools/gpg-wks-client.c (main): Return GPG_ERR_NOT_IMPLEMENTED if gnupg was build without sendmail support. (NAME_OF_SENDMAIL=="")
* agent: Introduce attribute "Remote-list" to KEYINFO.Werner Koch2022-10-122-22/+27
| | | | | | | * agent/command.c (do_one_keyinfo): Add arg list_mode. Check attribute Remote-list. (cmd_keyinfo): Change semantics to return nothing in restricted list mode.
* wkd: Implement --blacklist option for gpg-wks-clientWerner Koch2022-10-073-4/+193
| | | | | | | | | | | | * tools/gpg-wks-client.c (blacklist_array, blacklist_array_len): New. (parse_arguments): Install blacklist. (read_file): New. (cmp_blacklist, add_blacklist, is_in_blacklist): New. (mirror_one_key): Check list. * tools/gpg-wks.h (opt): Remove field blacklist. -- GnuPG-bug-id: 6224
* wkd: Restrict gpg-wks-client --mirror to the given domains.Werner Koch2022-10-071-16/+62
| | | | | | | | | | | | | * tools/gpg-wks-client.c (domain_matches_mbox): New. (mirror_one_key): Skip non-matching domains. (command_mirror): Change args to allow for several domains. -- Although dirmngr returns only the keys matching a certain domain, those keys still may have user ids from other domains. Now we publish only the user-ids as specified on the command line. GnuPG-bug-id: T6224
* wkd: Silence gpg-wks-client diagnostics from gpg.Werner Koch2022-10-072-13/+13
| | | | | | | | | | | * tools/gpg-wks-client.c (add_user_id): PAss --quiet to gpg unless we are running in double verbose mode. (decrypt_stream): Ditto (encrypt_response): Ditto. (mirror_one_keys_userid): Ditto. * tools/wks-util.c (wks_get_key): Ditto. (wks_list_key): Ditto. (wks_filter_uid): Ditto.
* common: Protect against a theoretical integer overflow in tlv.cWerner Koch2022-10-071-0/+5
| | | | | | | | * common/tlv.c (parse_ber_header): Protect agains integer overflow. -- Although there is no concrete case where we use the (nhdr + length), it is better to protect against this already here.
* po: Fix wrong LF in the German translationWerner Koch2022-10-071-12/+5
| | | | | | | | -- Reported-by: [email protected] Also fix one fuzzy and and a German Typo
* gpg: Fix wrong use of FD2INT with iobuf_fdopen_nc.NIIBE Yutaka2022-10-072-3/+3
| | | | | | | | | | | | | | | * g10/decrypt.c (decrypt_message_fd): Use INPUT_FD directly. * g10/encrypt.c (encrypt_crypt): Use FILEFD directly. -- Before 8402815d, original code was with iobuf_open_fd_or_name, which used gnupg_fd_t for the file descriptor (FD2INT was relevant at that time). After the change, because it's not gnupg_fd_t but int, use of FD2INT is irrelevant. Fixes-commit: 8402815d8e0e04a44362968f88b3d484d2395402 Signed-off-by: NIIBE Yutaka <[email protected]>
* wkd: New command --mirror for gpg-wks-client.Werner Koch2022-10-065-30/+316
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New. (opts): Add ----mirror, --no-autostart, and --blacklist. (parse_arguments): Parse new options. (main): Parse common.conf. Implement aMirror. (mirror_one_key_parm): New. (mirror_one_keys_userid, mirror_one_key): New. (command_mirror): New. * tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags. * tools/wks-util.c (wks_cmd_install_key): Factor some code out to ... (wks_install_key_core): new. * tools/call-dirmngr.c (wkd_dirmngr_ks_get): New. -- This implements the basic LDAP to WKD mirroring. The blacklist option and domain restrictions are not yet fully implemented. Take care: In OpenLDAP you may need to increase the paged result limit by using a configuration like: dn: olcDatabase={1}mdb,cn=config changetype: modify replace: olcLimits olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited GnuPG-bug-id: 6224
* dirmngr: Support paged LDAP mode for KS_GETWerner Koch2022-10-053-37/+214
| | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (PAGE_SIZE): New. (struct ks_engine_ldap_local_s): Add several new fields. (ks_ldap_clear_state): Release them. (search_and_parse): Factored out from ks_ldap_get and extended to support the paged mode. (ks_ldap_get): Implement the pages mode for --first and --next. * dirmngr/server.c (cmd_ks_get): Provide a dummy passphrase in --first mode. * dirmngr/Makefile.am (dirmngr_LDADD): Add LBER_LIBS. -- The paged mode allows to retrieve more items than the servers usually limit (e.g. 1000 for an LDS). This patch also allows to use --first without a patter to retrieve all keyblocks (except for disabled and revoked keys). GnuPG-bug-id: 6224
* dirmngr: New options --first and --next for KS_GET.Werner Koch2022-10-046-133/+345
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ks_get): Add option --first and --next. (start_command_handler): Free that new ldap state. * dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New. (ks_ldap_new_state, ks_ldap_clear_state): New. (ks_ldap_free_state): New. (return_one_keyblock): New. Mostly factored out from .... (ks_ldap_get): here. Implement --first/--next feature. * dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to ks_get_flags. * dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New. (KS_GET_FLAG_FIRST): New. (KS_GET_FLAG_NEXT): New. * dirmngr/dirmngr.h (struct server_control_s): Add member ks_get_state. (struct ks_engine_ldap_local_s): New forward reference. -- This feature allows to fetch keyblock by keyblock from an LDAP server. This way tools can process and maybe filter each keyblock in a more flexible way. Here is an example where two keyblocks for one mail address are returned: $ gpg-connect-agent --dirmngr > ks_get --ldap --first <[email protected]> [... First keyblock is returned ] OK > ks_get --next [ ... Next keyblock is returned ] OK > ks_get --next ERR 167772218 No data <Dirmngr> GnuPG_bug_id: 6224
* gpg: Show just keyserver and port with --send-keys.Werner Koch2022-09-301-0/+25
| | | | * g10/call-dirmngr.c (ks_status_cb): Mangle the keyserver url
* dirmngr: Minor fix for baseDN fallback.Werner Koch2022-09-291-37/+22
| | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Avoid passing data behind the EOS. (interrogate_ldap_dn): Stylistic change. -- This also updates the my_ldap_connect description. GnuPG-bug-id: 6047
* gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant.Werner Koch2022-09-291-2/+7
| | | | | | | | | * g10/encrypt.c (check_encryption_compliance): Check gcrypt compliance before emitting an ENCRYPTION_COMPLIANCE_MODE status. -- GnuPG-bug-id: 6221 Ported-from: 07c6743148d4abd30fb8bf08b07eb9755fdfff2d
* gpg: Fix assertion failure due to errors in encrypt_filter.Werner Koch2022-09-293-5/+9
| | | | | | | | | | | | | | | * common/iobuf.c (iobuf_copy): Use log_assert. Explicitly cast error return value. * g10/build-packet.c (do_plaintext): Check for iobuf_copy error. * g10/encrypt.c (encrypt_filter): Immediately set header_okay. -- The second fix avoids repeated error message about non-compliant keys. Updates-commit: a51067a21f688086bd8e44234a88ae367582cc76 Ported-from: aa0c942521d89f4f0aac90bacaf8a7a7cefc88d8 GnuPG-bug-id: 6174
* gpg: Make --require-compliance work for -seWerner Koch2022-09-291-156/+146
| | | | | | | | | | | | | * g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code out to ... (create_dek_with_warnings): new (check_encryption_compliance): and new. * g10/encrypt.c (encrypt_filter): Add the compliance check. -- GnuPG-bug-id: 6174 Ported-from: f88cb12f8e3c1234a094d09e2505d3a3eec4cbfe
* dirnmgr: Fix the function prototype.NIIBE Yutaka2022-09-291-1/+1
| | | | | | | | | * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): It's with no arguments. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Change interrogate_ldap_dn for better memory semantics.NIIBE Yutaka2022-09-291-28/+12
| | | | | | | | | | | * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): Return BASEDN found, memory allocated. (my_ldap_connect): Follow the change, removing needless allocation. -- GnuPG-bug-id: 6047 Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 06:04:53 +0000