aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpgconf: Add config file for Windows Registry dumps.Werner Koch2022-08-033-1/+85
| | | | | | | * tools/gpgconf.c (show_registry_entries_from_file): New. (show_configs): Call it. * doc/examples/gpgconf.rnames: New. * doc/Makefile.am (examples): Add it.
* g13: Remove unused variable.Werner Koch2022-08-021-1/+0
| | | | --
* gpg: Make symmetric + pubkey encryption de-vs compliant.Werner Koch2022-08-021-5/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption de-vs compliant. * g10/mainproc.c (struct symlist_item): New. (struct mainproc_context): Add field symenc_list. (release_list): Free that list. (proc_symkey_enc): Record infos from symmetric session packet. (proc_encrypted): Check symkey packet algos -- The original check was too strong because it is in fact compliant to encrypt with a symmetric key and and public key. Thus decryption should issue a compliance status. In addition we now check that the cipher algorithms used to symmetrically encrypt the session key are all compliant. This is similar to our check for all public key encrypted session key packets. GnuPG-bug-id: 6119 Fixes-commit: b03fab09e188f7bb10237d4f20455e4026737e4e Backported from 2.2 Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Improve registry dumping.Werner Koch2022-08-024-15/+31
| | | | | | | | | | | | * common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and change all callers. (show_configs): Indicate whether the HKLM fallback was used. * tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin Registry key. Indicate whether the HKLM fallback was used. -- Note that this is backport from 2.2. The new support there for REG_DWORD needs to be implemented in libgpg-error, though.
* tests: Install links for tpm2daemonWerner Koch2022-08-012-1/+3
| | | | | | | * Makefile.am (all-local): Install missing symlinks. -- GnuPG-bug-id: 6052
* common: Add a default OpenPGP ECC mapping.Werner Koch2022-08-011-0/+1
| | | | | | | | * common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map ECC to ECDSA which is similar to what we do at opther places in gpg. -- GnuPG-bug-id: 5555
* scd:opengpg: Minor vendor name fixWerner Koch2022-07-281-1/+1
| | | | --
* gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference.Werner Koch2022-07-281-2/+10
| | | | | | | | * g10/pkclist.c (select_algo_from_prefs): Change implicit hash algorithm. -- GnuPG-bug-id: 6043
* scd:openpgp: New vendorWerner Koch2022-07-281-0/+1
| | | | --
* wkd: Bind the address to the nonce.Werner Koch2022-07-271-6/+67
| | | | | | | | | | | | * tools/gpg-wks-server.c (make_pending_fname): New. (store_key_as_pending, check_and_publish): Use here. (process_new_key): Pass addrspec to store_key_as_pending. (expire_one_domain): Expire also the new files. -- Along with the pass traversal bug this enhancement was Suggested-by: Philipp Breuch <[email protected]> GnuPG-bug-id: 6098
* tests: Add missing file for tpm2d tests to the tarball.Werner Koch2022-07-271-1/+1
| | | | | -- GnuPG-bug-id: 6052
* doc: Minor typo fixWerner Koch2022-07-261-1/+1
| | | | | | -- GnuPG-bug-id: 6092
* wkd: Fix path traversal attack on gpg-wks-server.Werner Koch2022-07-252-0/+25
| | | | | | | | * tools/gpg-wks-server.c (check_and_publish): Check for invalid characters in sender controlled data. * tools/wks-util.c (wks_fname_from_userid): Ditto. (wks_compute_hu_fname): Ditto. (ensure_policy_file): Ditto.
* build: Update gpg-error.m4.NIIBE Yutaka2022-07-221-1/+2
| | | | | | | | * gpg-error.m4: Update from libgpg-error. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update config.guess, config.sub, and config.rpath.NIIBE Yutaka2022-07-183-1965/+2324
| | | | | | | | | | | * build-aux/config.guess: Update from upstream. * build-aux/config.sub: Ditto. * build-aux/config.rpath: Update from gettext 0.21. -- GnuPG-bug-id: 6078 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:openpgp: Fix workaround for Yubikey heuristics.NIIBE Yutaka2022-07-131-8/+21
| | | | | | | | | | * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2022-07-1128-200/+369
| | | | --
* Release 2.3.7gnupg-2.3.7Werner Koch2022-07-111-1/+75
|
* gpg-connect-agent: No help string for --unbufferedWerner Koch2022-07-101-1/+1
| | | | --
* gpg,build: Fix message for newer gettext.NIIBE Yutaka2022-07-051-1/+3
| | | | | | | | * g10/keyserver.c (keyserver_refresh): Use ngettext. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: New short options -V and -XWerner Koch2022-06-291-4/+39
| | | | | | | | * tools/gpgconf.c: Assign short options -X and -V (show_version_gnupg): Print the vsd version if available. -- These changes are helpful for phone support.
* agent: Add description for "Prompt" field.NIIBE Yutaka2022-06-281-0/+6
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".NIIBE Yutaka2022-06-282-17/+3
| | | | | | | | | | * agent/command-ssh.c: Fix comments. * agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Do not consider --min-passphrase-len for the magic wand.Werner Koch2022-06-273-14/+38
| | | | | * agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets. * g10/gpg.c (main) <aGenRandom>: Add Level 30.
* agent: Flush before calling ftruncate.NIIBE Yutaka2022-06-231-0/+2
| | | | | | | | | | * agent/findkey.c (write_extended_private_key): Make sure it is flushed out. -- GnuPG-bug-id: 6035 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: KEYATTR only allows access to attribute.NIIBE Yutaka2022-06-231-0/+8
| | | | | | | | | * agent/command.c (cmd_keyattr): Check the ATTRNAME. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix KEYATTR command for --delete option.NIIBE Yutaka2022-06-231-1/+5
| | | | | | | | * agent/command.c (cmd_keyattr): Write the result. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add KEYATTR command.NIIBE Yutaka2022-06-224-7/+139
| | | | | | | | | | | | | | | | | * agent/agent.h (agent_raw_key_from_file): Add R_KEYMETA argument. (agent_update_private_key): New. * agent/command-ssh.c (data_sign): Follow the change of the function agent_raw_key_from_file. * agent/command.c (do_one_keyinfo): Likewise. (cmd_keyattr): New. (register_commands): Add an entry of cmd_keyattr. * agent/findkey.c (agent_update_private_key): New. (agent_raw_key_from_file): Add R_KEYMETA argument. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,gpg,tools: Fix use of log_get_fd.NIIBE Yutaka2022-06-225-19/+5
| | | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): Don't put file descriptor from log_get_fd to no_close_list. * agent/call-pinentry.c (start_pinentry): Likewise. * common/call-gpg.c (start_gpg): Likewise. * call-syshelp.c (start_syshelp): Likewise. * tools/gpg-connect-agent.c (main): Likewise. -- GnuPG-bug-id: 5921 Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Improve pkcs#12 debug output.Werner Koch2022-06-201-7/+9
| | | | | | | * sm/minip12.c (parse_shrouded_key_bag): Fix offset diagnostic. (parse_cert_bag): Ditto. (parse_bag_data): Remove debug output. Pass startoffset. Fix offset diagnostic.
* sm: Rework the PKCS#12 parser to support DFN issued keys.Werner Koch2022-06-201-177/+341
| | | | | | | | | | | | | | | | | | | * sm/minip12.c (struct p12_parse_ctx_s): New. Use this instead of passing several parameters to most functions. (parse_pag_data): Factor things out to ... parse_shrouded_key_bag): new. (parse_cert_bag): New. (parse_bag_data): New. (p12_parse): Setup the parse context. -- To support newer pkcs#12 files like those issued by the DFN we need to support another ordering of data elements. This rework reflects the P12 data structure a bit better than our old ad-hoc hacks. Tests could only be done with the certificate parts and not the encrypted private keys. GnuPG-bug-id: 6037
* agent: Improve "Insert the card" message.Werner Koch2022-06-171-1/+2
| | | | * agent/findkey.c (prompt_for_card): Don't print "(null").
* agent,ssh: Fix for make not-inserted OpenPGP.3 keys available for SSH.Werner Koch2022-06-151-5/+8
| | | | | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Do not bump key_counter for ignored keys. Also use opt.debug instead of opt.verbose and fix a memory leak. -- The error shown by "ssh-add -l" before this fix was: error fetching identities: incomplete messag Fixes-commit: 193fcc2f7a8cca5240ce50499c54f99235a87e1c GnuPG-bug-id: 5996
* agent: New option --no-user-trustlist and --sys-trustlist-name.Werner Koch2022-06-144-10/+71
| | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New. (opts): Add new option names. (parse_rereadable_options): Parse options. (finalize_rereadable_options): Reset allow-mark-trusted for the new option. * agent/agent.h (opt): Add fields no_user_trustlist and sys_trustlist_name. * agent/trustlist.c (make_sys_trustlist_name): New. (read_one_trustfile): Use here. (read_trustfiles): Use here. Implement --no-user-trustlist. -- With the global options we can now avoid that a user changes the Root-CA trust by editing the trustlist.txt. However, to implement this we need a new option so that we don't need to rely on some magic like --no-allow-mark-trusted has been put into a force section. The second option makes system administration easier as it allows to keep the trustlist in a non-distributed file. GnuPG-bug-id: 5990
* g10: Fix garbled status messages in NOTATION_DATAWerner Koch2022-06-141-9/+4
| | | | | | | | | | | | * g10/cpr.c (write_status_text_and_buffer): Fix off-by-one -- Depending on the escaping and line wrapping the computed remaining buffer length could be wrong. Fixed by always using a break to terminate the escape detection loop. Might have happened for all status lines which may wrap. GnuPG-bug-id: T6027
* keygen: Fix reading AEAD preferenceJakub Jelen2022-06-141-1/+1
| | | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Use the right variable when reading AEAD preference string -- GnuPG-bug-id: 6019 Signed-off-by: Jakub Jelen <[email protected]>
* dirmngr: Fix a wrong compiler warning.Werner Koch2022-06-131-1/+1
| | | | | | | -- validate.c:1103:13: warning: ‘saltlen’ may be used uninitialized in this function [-Wmaybe-uninitialized]
* gpgsm: New option --compatibility-flags.Werner Koch2022-06-135-9/+76
| | | | | | | | | | * sm/gpgsm.c (oCompatibilityFlags): New option. (compatibility_flags): new. (main): Parse and print them in verbose mode. * sm/gpgsm.h (opt): Add field compat_glags.: (COMPAT_ALLOW_KA_TO_ENCR): New. * sm/keylist.c (print_capabilities): Take care of the new flag. * sm/certlist.c (cert_usage_p): Ditto.
* common: New function parse_compatibility_flags.Werner Koch2022-06-132-0/+89
| | | | | | | | | | * common/miscellaneous.c (parse_compatibility_flags): New. * common/util.h (struct compatibility_flags_s): New. -- This is similar to parse_debug_flags but does not support specifying a value. This way we can more easily change the internal values or re-use them for other purposes.
* scd: Support specifying keygrip for learn command.NIIBE Yutaka2022-06-101-2/+8
| | | | | | | | | * scd/command.c (cmd_learn): Allow keygrip argument. -- GnuPG-bug-id: 6002 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,openpgp: Support READCERT by keygrip.NIIBE Yutaka2022-06-101-1/+22
| | | | | | | | | * scd/app-openpgp.c (do_readcert): Allow use of keygrip. -- GnuPG-bug-id: 6002 Signed-off-by: NIIBE Yutaka <[email protected]>
* common,w32: Use LoadLibraryEx to fix a warning in mingw.Werner Koch2022-06-031-13/+2
| | | | | | | | | * common/dynload.h (dlopen): Use LoadLibraryEx and remove Windows CE support. -- Mingw's libloadapi.h has no prototype for LoadLibrary. Thus we use LoadLibraryEx which is available Since Windows XP.
* w32: Allow Unicode filenames for iobuf_cancel.Werner Koch2022-06-033-6/+24
| | | | | | | | | * common/iobuf.c (iobuf_cancel): Use gnupg_remove * common/mischelp.c (same_file_p): Allow for Unicode names. -- Note that the second patch is used to handle Unicode filenames which are symbolic links.
* Remove remaining support for WindowsCEWerner Koch2022-06-0323-415/+44
| | | | --
* tools: Minor fix to gpg-connect-agent options.Werner Koch2022-06-022-2/+9
| | | | | * tools/gpg-connect-agent.c (enum cmd_and_opt_values): Move oUnBuffered more to the top so that oNoop won't not get the value 'v'.
* agent: Support --format=ssh option for READKEY.NIIBE Yutaka2022-06-021-13/+40
| | | | | | | | | | * agent/command.c (cmd_readkey): Handle --format=ssh to return key in SSH format. -- GnuPG-bug-id: 6012 Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Add a way to cancell INQUIRE for gpg-connect-agent.NIIBE Yutaka2022-06-021-5/+7
| | | | | | | | | | * tools/gpg-connect-agent.c (handle_inquire): When the helper program exit status is not 0, it means cancellation, now. -- GnuPG-bug-id: 6010 Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Add --unbuffered option to gpg-connect-agent.NIIBE Yutaka2022-06-021-0/+9
| | | | | | | | | | * tools/gpg-connect-agent.c (cmd_and_opt_values): Add oUnBuffered. (opts, opt): Likewise. (main): When unbuffered, set gpgrt_stdin/stdout accordingly. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Don't flag the ESIGN keypair EF as encryption capable.Werner Koch2022-06-011-1/+1
| | | | | | | | | * scd/app-nks.c (filelist): Tweak 0x4531. -- Actually the certificate has no encryption usage but we should also tell that via KEYINFO so that this key is never tried to create an encryption certificate.
* scd:nks: Some code cleanup.Werner Koch2022-06-011-107/+100
| | | | | | | | | | | | * scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ... (parse_keyref): new. (do_readcert): Use new function instead of partly duplicated code. Make detection of keygrip more robust. (do_readkey): Make detection of keygrip more robust. (do_with_keygrip): Use get_nks_tag. -- Also added a couple of comments.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 09:02:13 +0000