| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| | |
--
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
This commit log (with no ChangeLog entry) is written by gniibe,
following the practice; Translation update don't need a ChangeLog
entry in a commit log.
Signed-off-by: Daniel Cerqueira <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* sm/keylist.c (list_cert_colon): Map not_trusted to 'n' for non-root
certs like we do for root certs.
--
GnuPG-bug-id: 6841
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (ecc_writekey): Use default ECDH parameters and
remove the now useless check.
--
This seems to be better than bailing out. In almost all cases our
standard parameters are used and if not, well, the fingerprint will be
wrong.
GnuPG-bug-id: 6378
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/findkey.c (read_key_file): Add optional arg r_orig_key_value
to return the old Key value. Change all callers.
(agent_write_private_key): Detect whether the Key entry was really
changed.
--
GnuPG-bug-id: 6829
|
| | |
| |
| |
| |
| | |
* common/name-value.c (nvc_set): Factor code out to ...
(nve_set): here.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/name-value.c (struct name_value_container): Add flag
"modified".
(nvc_modified): New.
(nvc_new): Set flag.
(_nvc_add): Set flag.
(nvc_delete): Set flag.
(nvc_set): Set flag unless value did not change.
(nve_set): Add arg PK. Change the caller.
* agent/findkey.c (agent_write_private_key): Update only if modified.
--
This helps software which uses a file system watcher to track changes
to private keys. In particular smartcard triggered changes are a
problem for such software because this may at worst trigger another
smartcard read.
GnuPG-bug-id: 6829
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/scdaemon.c (oDebugAllowPINLogging): New.
(opts): Add option.
(main): Set option.
* scd/scdaemon.h (opt): Add debug_allow_pin_logging.
* scd/apdu.c (pcsc_send_apdu): Do not hide the PIN dat in the debug
output if the option is set.
(send_apdu_ccid): Ditto.
--
This option is only required during development.
|
| | |
| |
| |
| |
| |
| | |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/miscellaneous.c (is_openpgp_compressed_packet)
(is_file_compressed): Moved to ...
* common/iobuf.c: ... in this file.
(is_file_compressed): Change the argument to INP, the iobuf.
* common/util.h (is_file_compressed): Remove.
* common/iobuf.h (is_file_compressed): Add.
* g10/cipher-aead.c (write_header): Don't call write_status_printf
here.
(cipher_filter_aead): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/cipher-cfb.c (write_header): Don't call write_status_printf
here.
(cipher_filter_cfb): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
after call of iobuf_push_filter.
(encrypt_crypt): Likewise.
* g10/sign.c (sign_file): Likewise.
--
Cherry-pick from master commit of:
2f872fa68c6576724b9dabee9fb0844266f55d0d
GnuPG-bug-id: 6481
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-p15.c (CARD_TYPE_STARCOS_32): New.
(card_atr_list): Add ATR for my sample card.
(cardtype2str): Add starcos string.
(select_ef_by_path): Factor all code out to ...
(select_by_path): this. Add arg to request a directory. Simplify the
case pathlen>1 case. Fix error printing.
(select_df_by_path): New.
(prepare_verify_pin): For starcos select a DF.
(app_select_p15): Don't use extended mode for starcos.
--
This allows reading the certificates from my sample cards. Signing
does not yet work; I need to do get some I/O traces using other
software. The basic support for AET cards shut still work but I have
not found my AET card.
|
| | |
| |
| |
| |
| | |
* scd/apdu.c (send_le): Do not dump "[all zero]" if tehre is no data.
* scd/iso7816.c (iso7816_select_mf): Cosmetic fix.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
GnuPG-bug-id: 6654
The drawback of this solution is that we don't see any IPC lines from
the assuan_transact. Everything else would require larger changes to
libassuan.
|
| | |
| |
| |
| |
| |
| | |
* sm/minip12.c (parse_bag_encrypted_data): Set the badpass flag.
(parse_shrouded_key_bag): Ditto.
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.
--
Cherry pick from master commit of:
ec1446f9446506b5fbdf90cdeb9cbe1f410a657e
GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/compliance.h (PK_ALGO_FLAG_ECC18): New.
* common/compliance.c (gnupg_pk_is_allowed): Implement.
* sm/decrypt.c (gpgsm_decrypt): Pass new flag.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6802
|
| | |
| |
| |
| |
| | |
* common/openpgpdefs.h (SIGSUBPKT_META_HASH): New.
(SIGSUBPKT_TRUST_ALIAS): New.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/encrypt.c (gpgsm_encrypt): Unify use of RC and ERR.
* sm/sign.c (gpgsm_sign): ditto.
--
Initially we didn't used the gpg_error_t thingy and while migrating
we sometimes used RC and ERR for tracking the error. This is pretty
error prone and thus we better remove it (after 20 years).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/card-util.c (write_sc_op_status): Emit 3 and 4 in status line.
* tools/card-call-scd.c (status_sc_op_failure): Likewise.
--
Cherry-pick from master commit of:
64f5f7b74e428b15205f6e8ae14dec84663c3076
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpg-card.c (cmd_unblock): Use GPG_ERR_NO_RESET_CODE.
--
Cherry-pick from master commit of:
65607fb81def5fc55320a1abfbb8ebdad9512011
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use
GPG_ERR_PIN_BLOCKED.
(check_pin): Likewise.
--
Cherry-pick from master commit:
e6b3d53db36dba8aef640fc0a99cc079551a965a
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/gpg-agent.c (handle_connections): Don't disable use of inotify
when it has the --disable-check-own-socket option.
--
Before the fix, it checks the homedir using the gnupg_stat function
when --disable-check-own-socket is enabled, without trying use of
inotify.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/command.c (pin_cb): Check if DBG_IPC for log_debug.
(send_client_notifications): Check opt.verbose to output a message.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Cherry-picked from 2.4 branch of the commit:
6b93b92111cb8ce6d06c6f71bd62cfb314663b8c
GnuPG-bug-id: 6871
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Cherry-pick from 2.4 commit of:
fa677a37cef007cad4ae772c96849b03931c5263
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Cherry-picked from 2.4 branch of commit:
a14f73a1921e6cd002a58ff8a5ba3d39129729f3
This commit log (with no ChangeLog entry) is written by gniibe,
following the practice; Translation update don't need a ChangeLog
entry in a commit log.
Signed-off-by: Daniel Cerqueira <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| | |
--
GnuPG-bug-id: 6810
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
* doc/gpgv.texi: Explicitely list all searched default keyrings in the
FILES section.
* doc/gpgv.texi: use ${GNUPGHOME} placeholder to be extra precise.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/misc.c (pubkey_get_nenc): Add ky768 and ky1024 values.
* g10/parse-packet.c (read_octet_string): New.
(read_size_body): Rename to ...
(read_sized_octet_string): this and change args to update-able PKTLEN.
(parse_pubkeyenc): Split general parsing loop for easier reading.
Implement parser for the Kyber algorithms.
--
Take care: this has not been tested at all, it merely passes the
regression test for the other algos.
Kyber is also known as ML-KEM in FIPS-203.
The list mode is slighly changed: In case of a parsing error no data
is printed - before that already parsed data was printed.
GnuPG-bug-id: 6815
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.
--
GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/card-util.c (write_sc_op_status): Emit 3 and 4 in status line.
* tools/card-call-scd.c (status_sc_op_failure): Likewise.
--
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpg-card.c (cmd_unblock): Use GPG_ERR_NO_RESET_CODE.
--
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use
GPG_ERR_PIN_BLOCKED.
(check_pin): Likewise.
--
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |\|
| |
| |
| |
| |
| |
| | |
* common/b64dec.c (b64decode): Move to ...
* common/miscellaneous.c: here.
* common/t-b64.c: Re-inroduce and keep only the b64decode test code.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* common/gettime.c (asctimestamp) [W32]: Use ".UTF8" for the locale.
--
This has been suggested by the reporter of
GnuPG-bug-id: 6741
|
| | |
| |
| |
| | |
* g10/keygen.c (card_store_key_with_backup): Fix memory leak on error.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (parse_expire_string_with_ct): Use isotime2epoch_u64.
(parse_creation_string): Ditto.
--
GnuPG-bug-id: 6736
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/mischelp.c (timegm): Move to ...
* common/gettime.c (timegm): here. On Windows use timegm_u32.
(timegm_u32): New.
(isotime2epoch): Factor code out to ...
(isotime_make_tm): new helper.
(isotime2epoch_u64): New.
(_win32_timegm): Remove duplicated code.
(parse_timestamp): Use of timegm.
(scan_isodatestr): Fallback to isotime2epoch_u64.
--
This mainly helps on 32 bit Windows. For Unix we assume everyone is
using 64 bit or shall wait until the libc hackers finally provide a
time64_t.
GnuPG-bug-id: 6736
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/fingerprint.c (gpgsm_get_key_algo_info2): Rename to
(gpgsm_get_key_algo_info): this. Remove the old wrapper. Adjust all
callers.
* sm/decrypt.c (gpgsm_decrypt): Pass the curve to the compliance
checker.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6253
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* sm/keylist.c (print_compliance_flags): Add arg curve.
(list_cert_colon): Pass curve to the compliance check.
--
GnuPG-bug-id: 6253
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/minip12.c: Factor parsing code out to ...
* common/tlv-parser.c: new. Extend function names and provide a few
extra functions.
* common/Makefile.am (common_sources): Add new file.
* sm/minip12.c: Adjust to use the new parser API.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize.
Remove pop_count. Rename offset to length.
(dump_tag_info, _dump_tag_info): Rewrite.
(dump_tlv_ctx, _dump_tlv_ctx): Rewrite.
(tlv_new): Init origbuffer.
(_tlv_peek): Add arg ti.
(tlv_peek): New.
(tlv_peek_null): New.
(_tlv_push): Rewrite.
(_tlv_pop): Rewrite.
(tlv_next): New macro. Move old code to ...
(_tlv_next): this. Add arg lno. Pop remaining end tags.
(tlv_popped): Remove.
(tlv_expect_object): Handle ndef.
(tlv_expect_octet_string): Ditto.
(parse_bag_encrypted_data): Use nesting level to control the inner
loop.
(parse_shrouded_key_bag): Likewise.
(parse_bag_data): Handle surplus octet strings.
(p12_parse): Ditto.
* sm/minip12.c (decrypt_block): Strip the padding.
(tlv_expect_top_sequence): Remove. Replace callers by
tlv_expect_sequence.
* tests/cms/samplekeys/t6752-ov-user-ff.p12: New sample key.
* tests/cms/samplekeys/Description-p12: Add its description
--
This patch improves the BER parser by simplifying it. Now tlv_next
pops off and thus closes all containers regardless on whether they are
length bounded or ndef. tlv_set_pending is now always used to undo
the effect of a tlv_next in a loop condition which was terminated by a
nesting level change.
Instead of using the length as seen in the decrypted container we now
remove the padding and let the BER parser do its work. This might
have a negative effect on pkcs#12 objects which are not correctly
padded but we don't have any example of such broken objects.
GnuPG-bug-id: 6752
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* m4/autobuild.m4 (AB_INIT): Add username.
--
The old autobuild diagnostics show up in build logs. What they are
missing is an information on the user who triggered a build. EMAIL is
a common thing to denote the actual user using a service account.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (parse_expire_string_with_ct): Use new function
scan_secondsstr.
(parse_creation_string): Ditto.
--
Noet that we cap the seconds at the year 2106.
GnuPG-bug-id: 6736
|
| | |
| |
| |
| |
| |
| |
| | |
* common/gettime.c (scan_secondsstr): New.
* common/t-gettime.c (test_scan_secondsstr):
(main): Call it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/minip12.c (_tlv_push): Handle NDEF more correctly.
(tlv_expect_octet_string): Do not bail out on NDEF.
(dump_tag_info): Print some more infos.
--
We do not have a complete test case for this. We need to further
analyze T6752 to see what Mozilla is doing here. In any case with
this patch we get a bit further and don't bail out at the ndef.
GnuPG-bug-id: 6536, 6752
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where
appropriate.
* common/util.h: Add error codes missing in gpgrt 1.46.
* agent/call-pinentry.c (unlock_pinentry): Handle
GPG_ERR_BAD_RESET_CODE.
(agent_askpin): Ditlo. Also simply condition.
(agent_get_passphrase): Ditto.
* g10/call-agent.c (status_sc_op_failure): Handle
GPG_ERR_BAD_RESET_CODE.
* g10/card-util.c (write_sc_op_status): Ditto.
* tools/card-call-scd.c (status_sc_op_failure): Ditto.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/minip12.c (oid_hmacWithSHA1): New. Also for the SHA-2 algos.
(digest_algo_from_oid): New.
(set_key_iv_pbes2): Add arg digest_algo.
(crypt_block): Ditto.
(decrypt_block): Ditto.
(parse_bag_encrypted_data): Parse the optional prf part and get the
hmac algorithm.
(parse_shrouded_key_bag): Ditto.
(p12_build): Pass SHA1 for digest_algo.
* sm/t-minip12.c (run_one_test): Print failed values in verbose mode.
* tests/cms/samplekeys/nistp256-openssl-self-signed.p12: New.
* tests/cms/samplekeys/Description-p12: Add this one.
* tests/cms/Makefile.am (EXTRA_DIST): Ditto.
--
This supports the modern algorithms, i.e. using SHA256 for the KDF
which is the default in openssl unless the -legacy option is used.
GnuPG-bug-id: 6536
|
