aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * scd:p15: Add ECC support for D-Trust Card 4.1/4.4Mario Haustein2024-02-201-6/+4
| | | | | | | | | | | | * scd/app-p15.c (do_sign): Add MSE RESTORE parameters for D-Trust ECC cards. (do_decipher): Ditto.
| * scd:p15: Take derive usage into account for decryption (2).Werner Koch2024-02-201-1/+2
| | | | | | | | | | | | | | * scd/app-p15.c (do_getattr): Yet another palce to fix. -- GnuPG-bug-id: 7000 Co-authored-by: Mario Haustein <[email protected]>
| * scd:p15: Handle duplicate certificate ids.Werner Koch2024-02-201-2/+44
| | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (struct app_local_s): Add field cdf_dup_counter. (objid_in_cdflist_p): New. (read_p15_info): Clear the counter. (read_ef_cdf): Detect and fix duplicate IDs. -- GnuPG-bug-id: 7001 Reported-by: Mario Haustein <[email protected]>
| * scd:p15: Take derive usage into account for decryption.Werner Koch2024-02-201-15/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'. (do_auth): Allow usageflags.sign_recover. (do_decipher): Allow usageflags.derive. (do_with_keygrip): Take usageflags.derive into account. (do_gettatr): Ditto. (do_decipher): Take a missing AODF for authentication not needed. -- This is required for D-Trust ECC cards. The AODF thing is unrelated but seems to be a good idea. GnuPG-bug-id: 7000
| * dirmngr: Fix keep-alive flag handling.NIIBE Yutaka2024-02-161-1/+9
| | | | | | | | | | | | | | | | | | | | * dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic Authentication. Fix resource leak of FP_WRITE. -- GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <[email protected]>
| * dirmngr: Fix the regression of use of proxy for TLS connection.NIIBE Yutaka2024-02-161-12/+2
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it causes resource leak of FP_WRITE. Don't try to read response body to fix the hang. -- GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <[email protected]>
| * speedo: Add config variable for the timestamp service.Werner Koch2024-02-151-4/+11
| | | | | | | | --
| * dirmngr: Fix proxy with TLS.NIIBE Yutaka2024-02-151-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/http.c (proxy_get_token, run_proxy_connect): Always available regardless of USE_TLS. (run_proxy_connect): Use log_debug_string. (send_request): Remove USE_TLS. -- Since the commit of 1009e4e5f71347a1fe194e59a9d88c8034a67016 Building with TLS library is mandatory. GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <[email protected]>
| * gpg: Add option --assert-pubkey_algo.Werner Koch2024-02-1020-59/+425
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
| * doc: Suggest the use of a fingerprint for --default-key.Werner Koch2024-02-051-18/+23
| | | | | | | | | | | | -- GnuPG-bug-id: 6975
| * doc: Improve warning for --use-embedded-filename.Werner Koch2024-02-051-1/+15
| | | | | | | | | | | | -- GnuPG-bug-id: 6972
| * gpgsm: Increase salt size in pkcs#12 parser.Werner Koch2024-02-051-1/+1
| | | | | | | | | | | | | | * sm/minip12.c (parse_bag_encrypted_data): Need 32 bytes. -- GnuPG-bug-id: 6757
| * gpgsm: cleanup on error pathsÁngel González2024-02-051-19/+22
| | | | | | | | | | | | | | | | | | | | * sm/minip12.c (p12_parse): set err on the different error paths -- GnuPG-bug-id: 6973 Fixes-commit: 101433dfb42b333e48427baf9dd58ac4787c9786 Signed-off-by: Ángel González <[email protected]>
| * scd:openpgp: Allow PIN length of 6 also with a reset code.Werner Koch2024-01-301-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b scd:openpgp: Allow PIN length of 6 also with a reset code. * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: 2376cdff1318688d94c95fd01adc4b2139c4a8c7
| * w32, msi: Fix directory of gpg-card, add keyboxdAndre Heinecke2024-01-301-1/+4
| | | | | | | | | | * build-aux/speedo/w32/wixlib.wxs: Fix gpg-card directory id. Add keyboxd.
| * po: update Polish translationJakub Bogusz2024-01-291-548/+91
| |
| * gpg: Minor code cleanup for fingerprint computation.Werner Koch2024-01-291-9/+5
| | | | | | | | * g10/keyid.c (do_hash_public_key): Simplify code for clarity.
| * gpg: Hide --textmode from the help output.Werner Koch2024-01-291-1/+1
| | | | | | | | --
| * doc: Mark --textmode as legacy option.Werner Koch2024-01-292-18/+21
| | | | | | | | --
| * doc: Fix spelling errors found by lintian.Werner Koch2024-01-2920-36/+36
| | | | | | | | | | | | -- Reported-by: Andreas Metzler <[email protected]>
| * speedo: Improve parsing of the ~./.gnupg-autogen.rcWerner Koch2024-01-262-5/+7
| | | | | | | | | | | | -- We now allow spaces around the variable name and the value.
| * dirmngr: For CRL issuer verification trust the system's root CA.Werner Koch2024-01-261-0/+1
| | | | | | | | | | | | | | | | * dirmngr/crlcache.c (crl_parse_insert): Add VALIDATE_FLAG_TRUST_SYSTEM. -- GnuPG-bug-id: 6963
| * common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR.Werner Koch2024-01-261-1/+1
| | | | | | | | | | | | | | | | * common/exechelp-w32.c (gnupg_spawn_process): Fix macro. -- Fixes-commit: 6d6438a361d25f3b269f702e017f5e39fd1f5c38 GnuPG-bug-id: 6961
* | gpg: Fix a possible segv due to an uninitialized gcrypt context.Werner Koch2024-03-061-1/+1
| | | | | | | | | | | | | | | | | | * g10/sign.c (sign_symencrypt_file): Initialize MD for the error case. -- Reported-by: Falko Strenzke Fixes-commit: 1ddd69935da629188dcf9215cd9e7a8f68b34a97 in the not yet released master branch.
* | doc: Document the "grp" record in colon listings.Werner Koch2024-02-221-3/+8
| | | | | | | | --
* | common,dirmngr:w32: Add include files.NIIBE Yutaka2024-02-154-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/dynload.h: Include windows.h. Don't define RTLD_LAZY, if already defined. * common/init.c: Include wctype.h. * dirmngr/certcache.c: Include wincrypt.h. * dirmngr/dns-stuff.c: Include ws2tcpip.h. -- GnuPG-bug-id: 5894 Signed-off-by: NIIBE Yutaka <[email protected]>
* | dirmngr:w32: Add include files.NIIBE Yutaka2024-02-151-0/+2
| | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c: Include winldap.h and winber.h. -- Definition of ber_free is in winber.h. Signed-off-by: NIIBE Yutaka <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-01-2688-1421/+2657
|\| | | | | | | | | | | | | | | -- Fixed conflicts: NEWS configure.ac doc/gpg.texi
| * Post release updatesWerner Koch2024-01-252-1/+8
| | | | | | | | --
| * Release 2.4.4gnupg-2.4.4Werner Koch2024-01-251-2/+9
| |
| * po: msgmergeWerner Koch2024-01-2524-256/+353
| | | | | | | | --
| * card: Tweak the checkcmds sub-command.Werner Koch2024-01-252-5/+42
| | | | | | | | * tools/gpg-card.c (cmd_checkkeys): Skip not found keys.
| * po: Update Japanese Translation.NIIBE Yutaka2024-01-251-2/+5
| | | | | | | | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
| * gpg: Add sub-option ignore-attributes to --import-options.Werner Koch2024-01-243-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_IGNORE_ATTRIBUTES): New. * g10/import.c (parse_import_options): Add new sub-option. (read_block): Implement sub-option. -- Suggested-by: Robin H. Johnson Tested using the import-export feature: gpg --export KEY_WITH_PICTURE \ | gpg --import --import-options import-export,ignore-attributes \ | gpg --show-key
| * po: Update German translation.Werner Koch2024-01-241-16/+20
| | | | | | | | | | | | -- Just the new string for gpg-card's checkkeys.
| * speedo: Build zlib, bzip2 and sqlite also on Unix.Werner Koch2024-01-241-9/+4
| | | | | | | | | | | | | | | | | | -- This avoids extra build dependencies. Note that bzip2 is not necessary statically linked but an existing bzip2 SO might be used. We would need to fix the bzip2 SO building and also provide a gnupg configure option to build statically against bzip2.
| * card: flush stdout to get checkcmd's info messages in order.Werner Koch2024-01-241-0/+1
| | | | | | | | * tools/gpg-card.c (cmd_checkkeys): Insert an fflush.
| * speedo: Add a hint to run ldconfigWerner Koch2024-01-233-1/+4
| | | | | | | | --
| * tests: Add two more sample p12 filesWerner Koch2024-01-234-0/+14
| | | | | | | | | | -- GnuPG-bug-id: 6940
| * speedo: Minor fix to the install targetWerner Koch2024-01-232-7/+7
| | | | | | | | --
| * sm: Fix ECDH encryption with dhSinglePass-stdDH-sha384kdf-scheme.NIIBE Yutaka2024-01-231-1/+1
| | | | | | | | | | | | | | | | * sm/encrypt.c (ecdh_encrypt): Cipher is AES192 for id-aes192-wrap. -- Signed-off-by: NIIBE Yutaka <[email protected]>
| * gpg: Use ephemeral mode for generating card keys.Werner Koch2024-01-224-19/+104
| | | | | | | | | | | | | | | | | | | | * g10/call-agent.c (agent_set_ephemeral_mode): New. * g10/keyedit.c (keyedit_menu) <bkuptocard>: Switch to ephemeral mode. * g10/keygen.c (do_generate_keypair): Switch to ephemeral mode for card keys with backup. -- GnuPG-bug-id: 6944
| * agent: Add "ephemeral" Assuan option.Werner Koch2024-01-2211-207/+497
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (struct ephemeral_private_key_s): New. (struct server_control_s): Add ephemeral_mode and ephemeral_keys. (GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New. * agent/genkey.c (clear_ephemeral_keys): New. (store_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_genkey): Replace args no_protection and preset by a generic new flags arg. * agent/findkey.c (wipe_and_fclose): New. (agent_write_private_key): Add arg ctrl and implement ephemeral_mode. Change all callers. (agent_update_private_key): Ditto (read_key_file): Ditto. (agent_key_available): Ditto. * agent/command-ssh.c (card_key_available): Do not update display s/n in ephemeral mode. This is however enver triggred. * agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral keys. * agent/command.c (cmd_genkey): Use the new flags instead of separate vars. (cmd_readkey): Create a shadow key only in non-ephemeral_mode. (cmd_getinfo): Add sub-command "ephemeral". (option_handler): Add option "ephemeral". -- The idea here that a session can be switched in an ephemeral mode which does not store or read keys from disk but keeps them local to the session. GnuPG-bug-id: 6944
| * doc: Fix description of gpg --unwrapWerner Koch2024-01-221-6/+5
| | | | | | | | --
| * gpg: Add a communication object to the key generation code.Werner Koch2024-01-221-22/+72
| | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (struct common_gen_cb_parm_s): New. (common_gen): Add args common_gen_cb and common_gen_cb_parm. Adjust all callers. (do_generate_keypair): Clarify the code by using a better var name. -- We may eventually also replace the long arg list with that object. The immediate reason for this change is the followup commit.
| * card: New subcommand "checkkeys".Werner Koch2024-01-224-11/+265
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_havekey): Add new option --info. * tools/card-call-scd.c (scd_readkey): Allow using without result arg. (struct havekey_status_parm_s): New. (havekey_status_cb): New. (scd_havekey_info): New. (scd_delete_key): New. * tools/gpg-card.c (print_keygrip): Add arg with_lf. (cmd_checkkeys): New. (cmdCHECKKEYS): New. (cmds): Add command "checkkeys". (dispatch_command, interactive_loop): Call cmd_checkkeys. -- GnuPG-bug-id: 6943
| * doc: Document Backup-info in keyformat.txtWerner Koch2024-01-221-0/+10
| | | | | | | | | | | | | | -- This name is used by Kleopatra for quite some time now but was missing a specification.
| * Pass PINENTRY_GEOM_HINT environment variable to pinentryTobias Fella2024-01-221-1/+2
| | | | | | | | | | | | | | | | * common/session-env.c: Add PINENTRY_GEOM_HINT to variables. -- GnuPG-Bug-ID: 6930
| * gpg: For v5 key generation for X448 also in parm file mode.Werner Koch2024-01-161-56/+114
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (curve_is_448): New. (do_create_from_keygrip): Pass arg keygen_flags byref so that it can be updated. Set v5 flag for X448. (gen_ecc): Ditto. (do_create): Change keygen_flags as above. For robustness change checking for Ed448. (do_generate_keypair): Change keygen_flags as above (generate_subkeypair): Ditto. (gen_card_key): Ditto. Support v5 keys. -- GnuPG-bug-id: 6942
| * gpg: When using a parm file w/o usage don't set the RENC usage.Werner Koch2024-01-161-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (proc_parameter_file): Don't include RENC in the default usage. -- Testplan: $ gpg --gen-key --batch <<EOF Key-Type: EDDSA Key-Curve: ed448 Key-Usage: cert Name-Real: Meh Muh Name-Email: [email protected] Expire-Date: 2025-01-01 Passphrase: abc subkey-type: ecdh Subkey-curve: cv448 EOF and check that the R flag does not show up in the usage.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 12:09:18 +0000