aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* dirmngr: Support gpgMailbox for mode MAILSUB and MAILEND.Werner Koch2022-09-261-2/+8
| | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Use gpgMailbox if server supports this.
* gpg: Don't consider unknown keys as non-compliant while decrypting.Werner Koch2022-09-261-4/+4
| | | | | | | | | | * g10/mainproc.c (proc_encrypted): Change compliance logic. -- For the description of the proplem see https://dev.gnupg.org/T6205#163306 GnuPG-bug-id: 6205
* dirmngr: Factor out interrogate_ldap_dn function.NIIBE Yutaka2022-09-261-66/+69
| | | | | | | | | * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): New. -- GnuPG-bug-id: 6047 Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Need to set the dir for common.confWerner Koch2022-09-213-3/+8
| | | | | | | * tools/gpg-connect-agent.c (main): Set dirs. * tools/gpg-card.c (main): Ditto. -- Fixes-commit: 203dcc19eb48228c60036691fe87fb37e29369a4
* dirmngr: Fix CRL DP error fallback to other schemes.Werner Koch2022-09-161-28/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop. Remove the unused issuername_uri stuff. -- It is quite common that LDAP servers are blocked and thuis the HTTP access point should be used instead. This worked well for certificates where the DP are given in this form: crlDP: ldap://x500.bund.de/[...] http://x500.bund.de/[...] issuer: none but it failed for this form crlDP: ldap://x500.bund.de/[...] issuer: none crlDP: http://x500.bund.de/[...] issuer: none because the LAST_ERR thing terminated the outer loop. This pacth fixes this and also cleans up the code to be more robust. Note that the common workaround of using --ignore-ldap-dp will now only be needed if the firewall uses packet dropping instead of proper ICMP rejects.
* doc: Keep list of RFCs only in DETAILSWerner Koch2022-09-162-25/+9
| | | | --
* dirmngr:dns,doc,gpg: Fix for noreturn for C11.NIIBE Yutaka2022-09-163-3/+3
| | | | | | | | | | | * dirmngr/dns.c: Use __noreturn__. * doc/yat2m.c: Likewise. * g10/main.h: Likewise. -- GnuPG-bug-id: 4002 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Use LDAP_DEPRECATED to detect ldap library.NIIBE Yutaka2022-09-151-0/+2
| | | | | | | | * m4/ldap.m4: Define LDAP_DEPRECATED when test. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update .gitignore for translations under po/.NIIBE Yutaka2022-09-151-0/+1
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Restrict the use of gpgconf.ctl to make check.Werner Koch2022-09-148-1/+39
| | | | | | | | | | | | | | | | | | | * common/homedir.c (unix_rootdir): Add ".enable" statement to gpgconf.ctl * tests/gpgconf.ctl.in: Use this statement. * tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Enable .enable. (TESTS_ENVIRONMENT): Ditto. * tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/migrations/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto. -- Without that it was required to delete the gpgconf.ctl to run manual tests. What a hack.
* common: Fix for GPG_ERR_SOURCE_DEFAULT check.NIIBE Yutaka2022-09-141-2/+0
| | | | | | | | | * common/init.h: Remove GPG_ERR_SOURCE_UNKNOWN check. -- GnuPG-bug-id: 6200 Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: Fix for GPG_ERR_SOURCE_DEFAULT.NIIBE Yutaka2022-09-142-8/+3
| | | | | | | | | | | * kbx/keybox-defs.h (GPG_ERR_SOURCE_DEFAULT): Define here, when not defined. * kbx/kbxutil.c: Let keybox-defs.h include gpg-error.h. -- GnuPG-bug-id: 6200 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix for USE_LDAP.NIIBE Yutaka2022-09-142-0/+7
| | | | | | | | | | * dirmngr/ks-action.c [USE_LDAP] (ks_action_help): Recover variables. * dirmngr/server.c [USE_LDAP] (dirmngr/server.c): Likewise. -- Fixes-commit: 3d7dbf16618db4d0dc602daadbde098d4a14b528 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix t-recsel.NIIBE Yutaka2022-09-141-2/+0
| | | | | | | | | * common/t-recsel.c (main): Don't need to call init_common_subsystems. -- GnuPG-bug-id: 6200 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr:dns: Fixes for function prototypes.NIIBE Yutaka2022-09-141-59/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dns.c (dns_a_parse0, dns_a_push0, dns_a_cmp0): New. (dns_a_print0, dns_aaaa_parse0, dns_aaaa_cmp0): New. (dns_aaaa_print0, dns_mx_parse0, dns_mx_push0, dns_mx_cmp0): New. (dns_mx_print0, dns_mx_cname0, dns_ns_parse0, dns_ns_push0): New. (dns_ns_cmp0, dns_ns_print0, dns_ns_cname0, dns_cname_parse0): New. (dns_cname_push0, dns_cname_cmp0, dns_cname_print0): New. (dns_cname_cname0, dns_soa_parse0, dns_soa_push0): New. (dns_soa_cmp0, dns_soa_print0, dns_srv_parse0, dns_srv_push0): New. (dns_srv_cmp0, dns_srv_print0, dns_srv_cname0, dns_opt_parse0): New. (dns_opt_push0, dns_opt_cmp0, dns_opt_print0, dns_ptr_parse0): New. (dns_ptr_push0, dns_ptr_cmp0, dns_ptr_print0, dns_ptr_cname0): New. (dns_sshfp_parse0, dns_sshfp_push0, dns_sshfp_cmp0): New. (dns_sshfp_print0, dns_txt_parse0, dns_txt_push0, dns_txt_cmp0): New. (struct dns_rrtype): Add function prototypes. (dns_rrtypes): Use "0" variant of functions. (DNS_PRAGMA_PUSH, DNS_PRAGMA_POP): Remove. -- Original code was pretty badly written ignoring the type system of C, but modern compiler encourages use of the type system. No architectural changes, but only things mechanically possible. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,dirmngr,gpg,scd: Clean up for modern compiler.NIIBE Yutaka2022-09-1410-8/+11
| | | | | | | | | | | | | | | | | | * agent/protect.c (agent_get_shadow_info_type): It's a write only variable, useful for debugging. * g10/key-check.c (key_check_all_keysigs): Likewise. * g10/keyedit.c (show_basic_key_info, menu_expire): Likewise. * scd/app-sc-hsm.c (read_ef_prkd): Likewise. * dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars. * dirmngr/ks-action.c (ks_action_help): Remove unused variables. * dirmngr/server.c (make_keyserver_item): Likewise. * dirmngr/validate.c (check_cert_sig): Initialize the variable. * scd/app-p15.c (select_and_read_record): Likewise. * tests/gpgscm/scheme.c (scheme_init_new): A function with no args. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tools:gpg-auth: Enhance it to support use case for login.NIIBE Yutaka2022-09-132-12/+39
| | | | | | | | | * tools/Makefile.am: gpg-auth is one in libexec_PROGRAMS. * tools/gpg-auth.c: Support use by root for login user. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,common,scd,sm: Function prototype fixes for modern compiler.NIIBE Yutaka2022-09-1311-19/+19
| | | | | | | | | | | | | | | | | | | | | | * common/gettime.c (gnupg_get_time): It has no arguments. * common/signal.c (gnupg_block_all_signals): Likewise. (gnupg_unblock_all_signals): Likewise. * common/utf8conv.c (get_native_charset): Likewise. * g10/cpr.c (is_status_enabled, cpr_enabled): Likewise. * g10/getkey.c (getkey_disable_caches): Likewise. * g10/keygen.c (ask_expiredate): Likewise. * g10/passphrase.c (have_static_passphrase): Likewise. (get_last_passphrase): Likewise. * g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise. (tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise. (tdbio_read_nextcheck): Likewise. * g10/trustdb.c (how_to_fix_the_trustdb): Likewise. * scd/scdaemon.c (scd_get_socket_name): Likewise. * sm/passphrase.c (have_static_passphrase): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Fix reporting of bad passphrase errorIngo Klöcker2022-09-091-1/+4
| | | | | | | | * sm/minip12.c (p12_parse): Set badpass flag to result in ctx. -- Fixes-commit: a4e04375e84ecb7ea0d02e153cb27988fca4c2d0 GnuPG-bug-id: 5713, 6037
* Revert "common: Add a default OpenPGP ECC mapping."Ingo Klöcker2022-09-091-1/+0
| | | | | | | | This reverts commit 8e63e813c7404e1dae1def98e0f45d148f71082d. The change broke adding existing ECDH encryption subkeys to a key. GnuPG-bug-id: 5555
* agent: Don't start in --supervised mode if no-autostart is enabled.Werner Koch2022-09-072-0/+14
| | | | | * agent/gpg-agent.c (main): Print an error message if no-autostart is set in common.conf.
* gpg: Support key flags for RENC, TIME, and GROUP.Werner Koch2022-09-077-3/+70
| | | | | | | | | | | | | | | | | | * g10/packet.h (PUBKEY_USAGE_RENC): New. (PUBKEY_USAGE_TIME): New. (PUBKEY_USAGE_GROUP): New. * g10/getkey.c (parse_key_usage): Set the new key flags. * g10/keyedit.c (show_key_with_all_names_colon): Show the new key flags. * g10/keyid.c (usagestr_from_pk): Ditto * g10/keylist.c (print_capabilities): Ditto. * g10/keygen.c (parse_usagestr): Parse line and set new flags. (quickgen_set_para): Show flags. -- See draft-koch-openpgp-2015-rfc4880bis-00 for the current version. Actually these flags have been in the draft for years now. This patch is a first step to make use of them.
* tools:gpg-auth: Support use of pinpad.NIIBE Yutaka2022-09-061-14/+27
| | | | | | | | | * tools/gpg-auth.c (getpin): Use comment. (inq_needpin): Support "POPUPPINPADPROMPT" protocol response. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix to determine ECC curve for SSH.NIIBE Yutaka2022-09-061-3/+3
| | | | | | | | | | | | * common/ssh-utils.c (ssh_public_key_in_base64): Use standard name for ECC curve. -- See oidtable in common/openpgp-oid.c. Fixes-commit: 8e650dbd48fa5fde6d8f08154e6a892d495e9227 Signed-off-by: NIIBE Yutaka <[email protected]>
* tools:gpg-auth: Show SSH key comment when asking PIN.NIIBE Yutaka2022-09-051-3/+21
| | | | | | | | | | * tools/gpg-auth.c (authenticate): Put key_list->comment to assuan user's pointer. (getpin): Show SSH key comment if any. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Fix gpg-auth.NIIBE Yutaka2022-09-021-15/+42
| | | | | | | | | | | | | | | | | | * tools/gpg-auth.c (my_strusage): Fix usage string. (main): Use gpg-agent to get scdaemon socket. (authenticate): Return GPG_ERR_NOT_FOUND when no success. (ga_scd_connect): Use DBG_IPC. (inq_needpin): Change API for getpin. (put_second_field_cb): New, to get the second field. (scd_get_pubkey): Use put_second_field_cb. (ga_filter_by_authorized_keys): Put NULL at the PREV->next. (getpin): Flush the standard output. Include the last terminating NUL. Return the length. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tools:gpg-auth: New tool for authentication.NIIBE Yutaka2022-09-022-1/+924
| | | | | | | | | | | * tools/Makefile.am (bin_PROGRAMS): Add gpg-auth. (gpg_auth_SOURCES, gpg_auth_LDADD): * tools/gpg-auth.c: New. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Make nvc_lookup more robust.Werner Koch2022-09-011-1/+12
| | | | | | | | * common/name-value.c (nvc_first): Allow for NULL arg. (nvc_lookup): Allow for PK being NULL. -- GnuPG-bug-id: 6176
* po: Update Japanese Translation.NIIBE Yutaka2022-09-011-26/+13
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: New option --debug-cache-expired-certs.Werner Koch2022-08-313-3/+14
| | | | | | | | * dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs: * dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New. (opts): Add option. (parse_rereadable_options): Set option. * dirmngr/certcache.c (put_cert): Handle the option.
* dirmngr: Reject certificate which is not valid into cache.NIIBE Yutaka2022-08-261-0/+14
| | | | | | | | | | | | | | | | * dirmngr/certcache.c (put_cert): When PERMANENT, reject the certificate which is obviously invalid. -- With this change, invalid certificates from system won't be registered into cache. Then, an intermediate certificate which is issued by an entity certified by such an invalid certificate will be also rejected with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache, it helps the validate_cert_chain function work better. GnuPG-bug-id: 6142 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add npth_unprotect/npth_protect for blocking operations.NIIBE Yutaka2022-08-251-0/+20
| | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Name the thread. (ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap blocking operations by npth_unprotect/npth_protect. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a libusb debug level.Werner Koch2022-08-221-1/+33
| | | | | | | | | | * scd/ccid-driver.c (USE_LIBUSB_DEBUG_CB): New const. (debug_libusb_cb): new. (ccid_set_debug_level): Use it. -- This allows to see the libusb log in our usual debug output. For this the option debug-ccid-driver needs to be given 5 or more times.
* common: New common option no-autostart.Werner Koch2022-08-228-2/+39
| | | | | | | | | | | | | | | | | | | | * common/comopt.c (opts): Add "no-autostart". (parse_comopt): Set it. * common/comopt.h (comopt): Add no_autostart. * g10/gpg.c (main): Take care of the new option. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add. (main): Parse common options and handle new option. * tools/gpg-card.c (main): Ditto. (cmd_yubikey): Fix minor error reporting issue. * common/util.h (GNUPG_MODULE_NAME_CARD): New const. * common/homedir.c (gnupg_module_name): Support it. -- Having a global option makes it easier to use disable autostart on a server which is required to use a remote gpg-agent reliable.
* dirmngr: Fix NTBTLS include for testAndre Heinecke2022-08-161-1/+2
| | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add NTBTLS. -- This fixes the build in case every lib is installed into its own prefix.
* gpg: Fix --card-status to handle lowercase APPTYPEsWerner Koch2022-08-161-6/+6
| | | | * g10/card-util.c (current_card_status): Use ascii_strcasecmp.
* doc: Update description of the key format.Werner Koch2022-08-162-11/+21
| | | | --
* gpg: Improve --edit-key setpref.Werner Koch2022-08-121-5/+17
| | | | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Allow extra spaces before preference elements. Detect the bracketed versions of the strings. Ignore "aead". -- This allows to c+p the list shown by pref with out remove the brackets.
* agent: New option --need-attr for KEYINFO.Werner Koch2022-08-112-17/+73
| | | | | | | | | | | | | | * agent/command.c (do_one_keyinfo): New arg need_Attr. (cmd_keyinfo): New option --need-attr. * agent/findkey.c (public_key_from_file): Use nvc_get_boolean. -- This option makes it easier to list keys suitable only for certain purposes. The second patch makes if compliant to the description in keyformat.txt
* common: New function nvc_get_boolean.Werner Koch2022-08-112-0/+25
| | | | * common/name-value.c (nvc_get_boolean): New.
* gpg: Emit an ERROR status if --quick-set-primary-uid failsIngo Klöcker2022-08-091-3/+9
| | | | | | | | | | * g10/keyedit.c (keyedit_quick_set_primary): Issue a status error. -- This allows GpgME to detect and report a failure if setting the primary user ID of a key failed. GnuPG-bug-id: 6126
* gpg: Look up user ID to mark as primary by UID hashIngo Klöcker2022-08-082-26/+25
| | | | | | | | | | | | | | | | * g10/keyedit.c (find_userid_by_namehash, find_userid): Add argument want_valid. Skip invalid user IDs if valid is wanted. (keyedit_quick_revuid): Ask find_userid() for any matching user ID. (keyedit_quick_set_primary): Use find_userid() to find the user ID to mark as primary. * tests/openpgp/quick-key-manipulation.scm: Change second call of the quick-set-primary-uid test to specify the user ID by its hash. -- This makes it possible to specify the user ID to mark as primary via its UID hash when calling --quick-set-primary-uid. GnuPG-bug-id: 6126
* gpg: Fix wrong error message for keytocard.Werner Koch2022-08-041-3/+1
| | | | | | | * g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE. -- GnuPG-bug-id: 6122
* common: Silence warnings from AllowSetForegroundWindow.Werner Koch2022-08-032-2/+12
| | | | | * common/sysutils.c (gnupg_allow_set_foregound_window): Print warning only with debug flag set.
* dirmngr: Fix failed malloc error message.Werner Koch2022-08-031-2/+5
| | | | * dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
* gpgconf: Add config file for Windows Registry dumps.Werner Koch2022-08-033-1/+85
| | | | | | | * tools/gpgconf.c (show_registry_entries_from_file): New. (show_configs): Call it. * doc/examples/gpgconf.rnames: New. * doc/Makefile.am (examples): Add it.
* g13: Remove unused variable.Werner Koch2022-08-021-1/+0
| | | | --
* gpg: Make symmetric + pubkey encryption de-vs compliant.Werner Koch2022-08-021-5/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption de-vs compliant. * g10/mainproc.c (struct symlist_item): New. (struct mainproc_context): Add field symenc_list. (release_list): Free that list. (proc_symkey_enc): Record infos from symmetric session packet. (proc_encrypted): Check symkey packet algos -- The original check was too strong because it is in fact compliant to encrypt with a symmetric key and and public key. Thus decryption should issue a compliance status. In addition we now check that the cipher algorithms used to symmetrically encrypt the session key are all compliant. This is similar to our check for all public key encrypted session key packets. GnuPG-bug-id: 6119 Fixes-commit: b03fab09e188f7bb10237d4f20455e4026737e4e Backported from 2.2 Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Improve registry dumping.Werner Koch2022-08-024-15/+31
| | | | | | | | | | | | * common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and change all callers. (show_configs): Indicate whether the HKLM fallback was used. * tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin Registry key. Indicate whether the HKLM fallback was used. -- Note that this is backport from 2.2. The new support there for REG_DWORD needs to be implemented in libgpg-error, though.
* tests: Install links for tpm2daemonWerner Koch2022-08-012-1/+3
| | | | | | | * Makefile.am (all-local): Install missing symlinks. -- GnuPG-bug-id: 6052
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 21:26:17 +0000