| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/scdaemon.c (oDebugAllowPINLogging): New.
(opts): Add option.
(main): Set option.
* scd/scdaemon.h (opt): Add debug_allow_pin_logging.
* scd/apdu.c (pcsc_send_apdu): Do not hide the PIN dat in the debug
output if the option is set.
(send_apdu_ccid): Ditto.
--
This option is only required during development.
|
| | |
| |
| |
| |
| |
| | |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/miscellaneous.c (is_openpgp_compressed_packet)
(is_file_compressed): Moved to ...
* common/iobuf.c: ... in this file.
(is_file_compressed): Change the argument to INP, the iobuf.
* common/util.h (is_file_compressed): Remove.
* common/iobuf.h (is_file_compressed): Add.
* g10/cipher-aead.c (write_header): Don't call write_status_printf
here.
(cipher_filter_aead): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/cipher-cfb.c (write_header): Don't call write_status_printf
here.
(cipher_filter_cfb): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
after call of iobuf_push_filter.
(encrypt_crypt): Likewise.
* g10/sign.c (sign_file): Likewise.
--
Cherry-pick from master commit of:
2f872fa68c6576724b9dabee9fb0844266f55d0d
GnuPG-bug-id: 6481
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-p15.c (CARD_TYPE_STARCOS_32): New.
(card_atr_list): Add ATR for my sample card.
(cardtype2str): Add starcos string.
(select_ef_by_path): Factor all code out to ...
(select_by_path): this. Add arg to request a directory. Simplify the
case pathlen>1 case. Fix error printing.
(select_df_by_path): New.
(prepare_verify_pin): For starcos select a DF.
(app_select_p15): Don't use extended mode for starcos.
--
This allows reading the certificates from my sample cards. Signing
does not yet work; I need to do get some I/O traces using other
software. The basic support for AET cards shut still work but I have
not found my AET card.
|
| | |
| |
| |
| |
| | |
* scd/apdu.c (send_le): Do not dump "[all zero]" if tehre is no data.
* scd/iso7816.c (iso7816_select_mf): Cosmetic fix.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
GnuPG-bug-id: 6654
The drawback of this solution is that we don't see any IPC lines from
the assuan_transact. Everything else would require larger changes to
libassuan.
|
| | |
| |
| |
| |
| |
| | |
* sm/minip12.c (parse_bag_encrypted_data): Set the badpass flag.
(parse_shrouded_key_bag): Ditto.
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.
--
Cherry pick from master commit of:
ec1446f9446506b5fbdf90cdeb9cbe1f410a657e
GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/compliance.h (PK_ALGO_FLAG_ECC18): New.
* common/compliance.c (gnupg_pk_is_allowed): Implement.
* sm/decrypt.c (gpgsm_decrypt): Pass new flag.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6802
|
| | |
| |
| |
| |
| | |
* common/openpgpdefs.h (SIGSUBPKT_META_HASH): New.
(SIGSUBPKT_TRUST_ALIAS): New.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/encrypt.c (gpgsm_encrypt): Unify use of RC and ERR.
* sm/sign.c (gpgsm_sign): ditto.
--
Initially we didn't used the gpg_error_t thingy and while migrating
we sometimes used RC and ERR for tracking the error. This is pretty
error prone and thus we better remove it (after 20 years).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/card-util.c (write_sc_op_status): Emit 3 and 4 in status line.
* tools/card-call-scd.c (status_sc_op_failure): Likewise.
--
Cherry-pick from master commit of:
64f5f7b74e428b15205f6e8ae14dec84663c3076
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpg-card.c (cmd_unblock): Use GPG_ERR_NO_RESET_CODE.
--
Cherry-pick from master commit of:
65607fb81def5fc55320a1abfbb8ebdad9512011
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use
GPG_ERR_PIN_BLOCKED.
(check_pin): Likewise.
--
Cherry-pick from master commit:
e6b3d53db36dba8aef640fc0a99cc079551a965a
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/gpg-agent.c (handle_connections): Don't disable use of inotify
when it has the --disable-check-own-socket option.
--
Before the fix, it checks the homedir using the gnupg_stat function
when --disable-check-own-socket is enabled, without trying use of
inotify.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/command.c (pin_cb): Check if DBG_IPC for log_debug.
(send_client_notifications): Check opt.verbose to output a message.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Cherry-picked from 2.4 branch of the commit:
6b93b92111cb8ce6d06c6f71bd62cfb314663b8c
GnuPG-bug-id: 6871
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Cherry-pick from 2.4 commit of:
fa677a37cef007cad4ae772c96849b03931c5263
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Cherry-picked from 2.4 branch of commit:
a14f73a1921e6cd002a58ff8a5ba3d39129729f3
This commit log (with no ChangeLog entry) is written by gniibe,
following the practice; Translation update don't need a ChangeLog
entry in a commit log.
Signed-off-by: Daniel Cerqueira <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| | |
--
GnuPG-bug-id: 6810
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
* doc/gpgv.texi: Explicitely list all searched default keyrings in the
FILES section.
* doc/gpgv.texi: use ${GNUPGHOME} placeholder to be extra precise.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/misc.c (pubkey_get_nenc): Add ky768 and ky1024 values.
* g10/parse-packet.c (read_octet_string): New.
(read_size_body): Rename to ...
(read_sized_octet_string): this and change args to update-able PKTLEN.
(parse_pubkeyenc): Split general parsing loop for easier reading.
Implement parser for the Kyber algorithms.
--
Take care: this has not been tested at all, it merely passes the
regression test for the other algos.
Kyber is also known as ML-KEM in FIPS-203.
The list mode is slighly changed: In case of a parsing error no data
is printed - before that already parsed data was printed.
GnuPG-bug-id: 6815
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.
--
GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/card-util.c (write_sc_op_status): Emit 3 and 4 in status line.
* tools/card-call-scd.c (status_sc_op_failure): Likewise.
--
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpg-card.c (cmd_unblock): Use GPG_ERR_NO_RESET_CODE.
--
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use
GPG_ERR_PIN_BLOCKED.
(check_pin): Likewise.
--
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |\|
| |
| |
| |
| |
| |
| | |
* common/b64dec.c (b64decode): Move to ...
* common/miscellaneous.c: here.
* common/t-b64.c: Re-inroduce and keep only the b64decode test code.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* common/gettime.c (asctimestamp) [W32]: Use ".UTF8" for the locale.
--
This has been suggested by the reporter of
GnuPG-bug-id: 6741
|
| | |
| |
| |
| | |
* g10/keygen.c (card_store_key_with_backup): Fix memory leak on error.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (parse_expire_string_with_ct): Use isotime2epoch_u64.
(parse_creation_string): Ditto.
--
GnuPG-bug-id: 6736
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/mischelp.c (timegm): Move to ...
* common/gettime.c (timegm): here. On Windows use timegm_u32.
(timegm_u32): New.
(isotime2epoch): Factor code out to ...
(isotime_make_tm): new helper.
(isotime2epoch_u64): New.
(_win32_timegm): Remove duplicated code.
(parse_timestamp): Use of timegm.
(scan_isodatestr): Fallback to isotime2epoch_u64.
--
This mainly helps on 32 bit Windows. For Unix we assume everyone is
using 64 bit or shall wait until the libc hackers finally provide a
time64_t.
GnuPG-bug-id: 6736
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/fingerprint.c (gpgsm_get_key_algo_info2): Rename to
(gpgsm_get_key_algo_info): this. Remove the old wrapper. Adjust all
callers.
* sm/decrypt.c (gpgsm_decrypt): Pass the curve to the compliance
checker.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6253
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* sm/keylist.c (print_compliance_flags): Add arg curve.
(list_cert_colon): Pass curve to the compliance check.
--
GnuPG-bug-id: 6253
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/minip12.c: Factor parsing code out to ...
* common/tlv-parser.c: new. Extend function names and provide a few
extra functions.
* common/Makefile.am (common_sources): Add new file.
* sm/minip12.c: Adjust to use the new parser API.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize.
Remove pop_count. Rename offset to length.
(dump_tag_info, _dump_tag_info): Rewrite.
(dump_tlv_ctx, _dump_tlv_ctx): Rewrite.
(tlv_new): Init origbuffer.
(_tlv_peek): Add arg ti.
(tlv_peek): New.
(tlv_peek_null): New.
(_tlv_push): Rewrite.
(_tlv_pop): Rewrite.
(tlv_next): New macro. Move old code to ...
(_tlv_next): this. Add arg lno. Pop remaining end tags.
(tlv_popped): Remove.
(tlv_expect_object): Handle ndef.
(tlv_expect_octet_string): Ditto.
(parse_bag_encrypted_data): Use nesting level to control the inner
loop.
(parse_shrouded_key_bag): Likewise.
(parse_bag_data): Handle surplus octet strings.
(p12_parse): Ditto.
* sm/minip12.c (decrypt_block): Strip the padding.
(tlv_expect_top_sequence): Remove. Replace callers by
tlv_expect_sequence.
* tests/cms/samplekeys/t6752-ov-user-ff.p12: New sample key.
* tests/cms/samplekeys/Description-p12: Add its description
--
This patch improves the BER parser by simplifying it. Now tlv_next
pops off and thus closes all containers regardless on whether they are
length bounded or ndef. tlv_set_pending is now always used to undo
the effect of a tlv_next in a loop condition which was terminated by a
nesting level change.
Instead of using the length as seen in the decrypted container we now
remove the padding and let the BER parser do its work. This might
have a negative effect on pkcs#12 objects which are not correctly
padded but we don't have any example of such broken objects.
GnuPG-bug-id: 6752
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* m4/autobuild.m4 (AB_INIT): Add username.
--
The old autobuild diagnostics show up in build logs. What they are
missing is an information on the user who triggered a build. EMAIL is
a common thing to denote the actual user using a service account.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (parse_expire_string_with_ct): Use new function
scan_secondsstr.
(parse_creation_string): Ditto.
--
Noet that we cap the seconds at the year 2106.
GnuPG-bug-id: 6736
|
| | |
| |
| |
| |
| |
| |
| | |
* common/gettime.c (scan_secondsstr): New.
* common/t-gettime.c (test_scan_secondsstr):
(main): Call it.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/minip12.c (_tlv_push): Handle NDEF more correctly.
(tlv_expect_octet_string): Do not bail out on NDEF.
(dump_tag_info): Print some more infos.
--
We do not have a complete test case for this. We need to further
analyze T6752 to see what Mozilla is doing here. In any case with
this patch we get a bit further and don't bail out at the ndef.
GnuPG-bug-id: 6536, 6752
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where
appropriate.
* common/util.h: Add error codes missing in gpgrt 1.46.
* agent/call-pinentry.c (unlock_pinentry): Handle
GPG_ERR_BAD_RESET_CODE.
(agent_askpin): Ditlo. Also simply condition.
(agent_get_passphrase): Ditto.
* g10/call-agent.c (status_sc_op_failure): Handle
GPG_ERR_BAD_RESET_CODE.
* g10/card-util.c (write_sc_op_status): Ditto.
* tools/card-call-scd.c (status_sc_op_failure): Ditto.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* sm/minip12.c (oid_hmacWithSHA1): New. Also for the SHA-2 algos.
(digest_algo_from_oid): New.
(set_key_iv_pbes2): Add arg digest_algo.
(crypt_block): Ditto.
(decrypt_block): Ditto.
(parse_bag_encrypted_data): Parse the optional prf part and get the
hmac algorithm.
(parse_shrouded_key_bag): Ditto.
(p12_build): Pass SHA1 for digest_algo.
* sm/t-minip12.c (run_one_test): Print failed values in verbose mode.
* tests/cms/samplekeys/nistp256-openssl-self-signed.p12: New.
* tests/cms/samplekeys/Description-p12: Add this one.
* tests/cms/Makefile.am (EXTRA_DIST): Ditto.
--
This supports the modern algorithms, i.e. using SHA256 for the KDF
which is the default in openssl unless the -legacy option is used.
GnuPG-bug-id: 6536
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* configure.ac (SWTPM_IOCTL): Remove.
(TEST_LIBTSS): Fix the condition.
* tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Remove
SWTPM_IOCTL.
* tests/tpm2dtests/start_sw_tpm.sh: Add --flags to invoke SWTPM,
not requiring SWTPM_IOCTL and TSSSTARTUP any more.
--
Cherry-picked from master commit of:
227b3b14f4be2f33ed721818c2186e7fca4cebdf
GnuPG-bug-id: 6052
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* configure.ac (TEST_LIBTSS): Fix the condition with SWTPM.
* tests/tpm2dtests/start_sw_tpm.sh: Use --daemon and --pid
to run SWTPM.
--
Cherry-picked from master commit of:
98dd6f7af6aa3dcce19f20c22e3f825676e6b184
GnuPG-bug-id: 6052
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* configure.ac (TPMSERVER): Don't supply hard-coded path.
(SWTPM, SWTPM_IOCTL, TSSSTARTUP): Likewise.
--
Cherry-picked from master commit of:
f2ca727978da5b1ed84f97bf37d604e8a4e60091
Having hard-coded path has bad side effect; It may not be detected
even if it's available with PATH.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpgconf.c (main): Care about tpm2d. Emit correct ERR.
--
Cherry-picked from master commit of:
25c84ffd1078e6619761aa731a82dbaf4175c02e
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Fix.
* tests/tpm2dtests/all-tests.scm: Follow the change of gpgscm.
* tests/tpm2dtests/run-tests.scm: Likewise.
--
Cherry-picked from master commit of:
321f9c0a3f2873cb3007e2bc2a542bbd0b2cc974
GnuPG-bug-id: 6052
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tpm2d/intel-tss.h (TSS_Create): Check SWTPM.
--
Cherry-picked from master commit of:
1da40db03eba4aa056f7cdf8ef90292272a4147d
Signed-off-by: James Bottomley <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call
agent_delete_key before agent_write_private_key. Recover
from an error.
--
Cherry-picked from master commit of:
eda3997b439e415f1bebaa3be20c8bdb43d3a1d0
Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202
Signed-off-by: James Bottomley <[email protected]>
|
