aboutsummaryrefslogtreecommitdiffstats
path: root/common (follow)
Commit message (Collapse)AuthorAgeFilesLines
* sm: More improvements for PKCS#12 parsing for latest IVBB changes.Werner Koch2024-08-062-246/+285
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/tlv.h (TLV_PARSER_FLAG_T5793): New. (tlv_parser_new): New macro. Rename function with an underscore. (tlv_next_with_flag): New. * common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer. Add fields crammed, lasttlv, and origoff. Remove bufferlist ands ist definition. (dump_to_file): New but disabled debug helper. (parse_tag): Print more info on error. (_tlv_parser_new): Add args lasttlv and LNO. Take a copy of the data. (_tlv_parser_release): Free the copy of the buffer and return the recorded TLV object from tlv_parser_new. (_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove. (_tlv_push): Record crammed length. (_tlv_pop): Restore crammed length. (_tlv_parser_next): Add arg flags. More debug output. Handle cramming here. Take care of cramming here. (tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next. (tlv_expect_octet_string): Remove arg encapsulates. Adjust for changes in _tlv_parser_next. Change all allers. (tlv_expect_null): New. (cram_octet_string): Rewrite. (need_octet_string_cramming): Remove. * sm/minip12.c (dump_to_file): New. Enablein debug mode and if a envvar ist set. Replace all explict but disabled dumping to call this function. (parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an optional SET by non-peeking code. (parse_cert_bag): Ditto. (parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code. (parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to enable the Mozilla workaround. (parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new tlv_parser_release semantics. (parse_shrouded_key_bag): Ditto. (parse_shrouded_key_bag): Create a new context instead of using the former encapsulated mechanism for tlv_expect_octet_string. (parse_bag_data): Ditto. (p12_parse): Ditto. -- GnuPG-bug-id: 7213 Fixing this took way too long; I should have earlier explained the code to a co-hacker to find the problem myself in my code by this.
* Revert "common: Fix tlv-parser for constructed OCTET-STRING."Werner Koch2024-07-231-4/+1
| | | | | -- This reverts commit cc78b26a4729db2280334214e21a8847e95d2ab0.
* dotlock: Avoid leaking directory handle.Jakub Jelen2024-07-221-0/+2
| | | | | | | | | * common/dotlock.c (dotlock_detect_tname): Close directory on errors. -- GnuPG-bug-id: 7201 Signed-off-by: Jakub Jelen <[email protected]>
* common: Fix tlv-parser for constructed OCTET-STRING.NIIBE Yutaka2024-07-121-1/+4
| | | | | | | | | | | | * common/tlv-parser.c (tlv_expect_octet_string): Fix assignment of N value. -- Before the change, need_octet_string_cramming returns always false, because N==0. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: On Windows, we care about how PIPE handles are inherited.NIIBE Yutaka2024-07-094-19/+46
| | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (handle_connections): It's for POSIX. * kbx/keyboxd.c (handle_connections): Ditto. * scd/app.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. tpm2d/tpm2daemon.c (handle_connections): Ditto. * tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH. (do_inbound_pipe): Use GNUPG_PIPE_INBOUND. (do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND. * common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound. (_gpg_decrypt): Likewise. * common/exechelp-posix.c (gnupg_create_pipe): Add an argument. * common/exechelp-w32.c (create_pipe_and_estream): Care about how PIPE handles are inherited to child process. (gnupg_create_pipe): Add an argument. * common/exechelp.h: Add enum values. -- Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834 Signed-off-by: NIIBE Yutaka <[email protected]>
* common,kbx,tests: Clean up the PIPE function API.NIIBE Yutaka2024-07-095-102/+122
| | | | | | | | | | | | | | | | | | | | | | | | | * common/call-gpg.c (_gpg_encrypt, _gpg_decrypt): Simply, use gnupg_create_pipe. * tests/gpgscm/ffi.c (do_inbound_pipe): Likewise. * common/exechelp.h (gnupg_create_inbound_pipe): Use gnupg_fd_t for native pipe descriptor and don't expose other end of pipe. (gnupg_create_outbound_pipe): Ditto. * common/exechelp-posix.c (create_pipe_and_estream): Clean up. (gnupg_create_inbound_pipe): Fail if R_FD or R_FP is NULL. (gnupg_create_outbound_pipe: Ditto. * common/exechelp-w32.c (create_pipe_and_estream): Clean up. (gnupg_create_inbound_pipe): Fail if R_FD or R_FP is NULL. (gnupg_create_outbound_pipe: Ditto. (gnupg_create_pipe): Move the code from original create_pipe_and_estream to call _open_osfhandle. * common/exectool.c (gnupg_exec_tool_stream): Follow the change of API. * kbx/kbx-client-util.c (prepare_data_pipe): Likewise. -- GnuPG-bug-id: 7194 Signed-off-by: NIIBE Yutaka <[email protected]>
* Use gpgrt_process_spawn API from libgpg-error.NIIBE Yutaka2024-07-096-1882/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API. * common/asshelp.c (start_new_service): Ditto. * common/exechelp.h: Remove gnupg_process_spawn API. * common/exechelp-posix.c: Remove gnupg_process_spawn implementation. * common/exechelp-w32.c: Likewise. * common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API. * common/t-exechelp.c (test_pipe_stream): Remove. * dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use the gpgrt API. (ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto. * dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h. * g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API. * g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto. * g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h. * scd/apdu.c: No need to include exechelp.h. * scd/app.c (report_change): Use the gpgrt API. * sm/export.c, sm/import.c: No need to include exechelp.h. * tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap) (do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the gpgrt API. * tools/gpg-auth.c: No need to include exechelp.h. * tools/gpg-card.c (cmd_gpg): Use the gpgrt API. * tools/gpg-connect-agent.c: No need to include exechelp.h. * tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage) (start_gpg_encrypt): Use the gpgrt API. * tools/gpgconf-comp.c (gpg_agent_runtime_change) (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Ditto. * tools/gpgconf.c (show_versions_via_dirmngr): Ditto. * tools/gpgtar-create.c (gpgtar_create): Ditto. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- GnuPG-bug-id: 7192 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Print a warning if the (draft) Kyber algorithm is used.Werner Koch2024-07-051-0/+1
| | | | * g10/keygen.c (do_generate_keypair): Check for draf Kyber stuff.
* common:w32: Fix for 64-bit Windows.NIIBE Yutaka2024-06-051-0/+5
| | | | | | | | | * common/exectool.c (gnupg_exec_tool_stream): 64-bit Windows is LLP64. -- GnuPG-bug-id: 7139 Signed-off-by: NIIBE Yutaka <[email protected]>
* common:w32: Fix INEXTRA handling.NIIBE Yutaka2024-06-041-6/+20
| | | | | | | | | | * common/exectool.c (gnupg_exec_tool_stream): On Windows, it's HANDLE which a child process inherits. -- GnuPG-bug-id: 7139 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: New function tokenize_to_strlist.Werner Koch2024-05-313-18/+292
| | | | | | | | * common/strlist.c (append_to_strlist_try): Factor code out to ... (do_append_to_strlist): new. (tokenize_to_strlist): New. * common/t-strlist.c (test_tokenize_to_strlist): New.
* indent: Fix spellingDaniel Kahn Gillmor2024-05-3121-25/+25
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* spawn: Remove spawn callback, introduce gnupg_spawn_actions.NIIBE Yutaka2024-05-316-119/+240
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (call_spawn_cb): Remove. (gnupg_spawn_actions_new, gnupg_spawn_actions_release) (gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork) (gnupg_spawn_actions_set_redirect) (gnupg_spawn_actions_set_inherit_fds): New. (my_exec, spawn_detached): Use spawn actions. (gnupg_spawn_helper): Remove. (gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions. * common/exechelp-w32.c: Ditto. * common/exechelp.h: Ditto. * agent/genkey.c (do_check_passphrase_pattern): Follow the change of gnupg_process_spawn API. * common/asshelp.c (start_new_service): Likewise. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * common/t-exechelp.c (test_pipe_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * g10/photoid.c (run_with_pipe): Likewise. * scd/app.c (report_change): Likewise. * tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd): Likewise. * tools/gpg-card.c (cmd_gpg): Likewise. * tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise. (scdaemon_runtime_change, tpm2daemon_runtime_change) (dirmngr_runtime_change, keyboxd_runtime_change) (gc_component_launch, gc_component_check_options) (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix process termination check at release.NIIBE Yutaka2024-05-302-2/+2
| | | | | | | | | | * src/exechelp-posix.c (gnupg_process_release): When NOT terminated, terminate and wait. * src/exechelp-w32.c (gnupg_process_release): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Remove unused function.NIIBE Yutaka2024-05-151-6/+0
| | | | | | | | * common/exechelp-posix.c (my_error): Remove. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:kem:ecc: Support a key on smartcard.NIIBE Yutaka2024-04-262-0/+45
| | | | | | | | | | | | | | | | | * agent/agent.h (agent_card_ecc_kem): New. * agent/divert-scd.c (agent_card_ecc_kem): New. * agent/pkdecrypt.c (ecc_extract_pk_from_key): New. (ecc_extract_sk_from_key): New. (ecc_raw_kem, get_cardkey, ecc_get_curve): New. (ecc_pgp_kem_decrypt): Support a key on smartcard for ECC. (composite_pgp_kem_decrypt): Handle a case of a key on smartcard. * common/sexputil.c (get_ecc_curve_from_key): New. * common/util.h (get_ecc_curve_from_key): New. -- GnuPG-bug-id: 7097 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Support Kyber with Brainpool512r1.Werner Koch2024-04-231-1/+2
| | | | | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add GCRY_KEM_RAW_BP512. * agent/pkdecrypt.c (ecc_table): Support bp512 * g10/pkglue.c (do_encrypt_kem): Ditto. * tests/openpgp/samplekeys: Add sample keys for kyber_bp256, bp384, and bp512. * tests/openpgp/privkeys: Add corresponding private keys. * tests/openpgp/samplemsgs: Add sample messages for those keys. -- GnuPG-bug-id: 6815
* gpg: Support encryption with kyber_bp256 and kyber_bp384Werner Koch2024-04-231-2/+4
| | | | | | | | | | * common/openpgp-oid.c (oidtable): Support KEM for bp256 and bp384. * g10/pkglue.c (do_encrypt_kem): Ditto. -- GnuPG-bug-id: 6815 Note, this needs the very latest Libgcrypt to work properly
* Remove the deprecated gcry_set_log_handler.Werner Koch2024-04-231-22/+0
| | | | | | | | * common/miscellaneous.c (my_gcry_logger): Remove. (setup_libgcrypt_logging): Do not call the deprecated gcry_set_log_handler. * kbx/kbxutil.c (my_gcry_logger): Remove. * tools/no-libgcrypt.c (gcry_set_log_handler): Remove stub.
* gpg: Support encryption with kyber_cv448.Werner Koch2024-04-231-1/+1
| | | | | | | | | | | | | | * g10/pkglue.c (do_encrypt_kem): Support cv25519 w/o 0x40 prefix. Support X448. (ECC_POINT_LEN_MAX): New. (ECC_HASH_LEN_MAX): New. * common/openpgp-oid.c (oidtable): Support X448 KEM. -- This needs more work. For example we should use a parameter table like what we do in agent/pkdecrypt.c. GnuPG-bug-id: 6815
* Require Libgcrypt 1.11.0Werner Koch2024-04-231-4/+1
| | | | | | | | | | * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.11.0 * agent/pkdecrypt.c (struct ecc_params): Move constants to the top. -- It does not make anymore sense to allow building with older Libgcrypt versions. After all PQ key support is a major feature and for this we need Libgcrypt.
* gpg: Prepare Kyber encryption code for more variants.Werner Koch2024-04-182-2/+27
| | | | | | | | * common/openpgp-oid.c (oidtable): Add field kem_algo. (openpgp_oid_to_kem_algo): New. * g10/pkglue.c (do_encrypt_kem): Add support for Kyber1024. -- GnuPG-bug-id: 6815
* gpg: Fix minor Kyber display things.Werner Koch2024-04-151-1/+9
| | | | | * common/compliance.c (gnupg_pk_is_compliant): Make Kyber known. * g10/misc.c (openpgp_pk_algo_name): Add "Kyber".
* gpg: Add arg session_algo to pk_decrypt.Werner Koch2024-04-151-9/+23
| | | | | | | | | | | | | * common/kem.c: Move constants to the top. Add some documentation. * g10/pkglue.c (pk_encrypt): Add arguments session_key and factor code out to ... (do_encrypt_rsa_elg): here, (do_encrypt_ecdh): and here, (do_encrypt_kem): and here. * g10/encrypt.c (write_pubkey_enc): Call with session key algorithm. -- This makes it easier to review the code.
* gpg: Make Kyber creation more flexible.Werner Koch2024-04-101-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgp-oid.c (openpgp_is_curve_supported): Allow the abbreviated curve name. * g10/pkglue.c (pk_encrypt): Add debug output. * g10/seskey.c (encode_session_key): Handle Kyber session key like ECDH. This is just a stub. * g10/keygen.c (ecckey_from_sexp): Use the modern OID for cv25519. (parse_key_parameter_part): Allow more Kyber variants. -- Test by creating an ed25519 key and using gpg --quick-add-key --batch --passphrase "" <fingerprint> <algo> to create several subkeys. Tested with ALGOs: kyber768 kyber1024 ky768_cv25519 ky768_bp256 kyber768_nistp256 ky1024_cv448 All curves capable of encryption should work. GnuPG-bug-id: 6815
* common: Rename to kem.c from kmac.c.NIIBE Yutaka2024-04-102-1/+1
| | | | | | | | | * common/Makefile.am (common_sources): Fix to kem.c. * common/kem.c: Rename. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common,agent: Factor out KEM functions into common/kem.c.NIIBE Yutaka2024-04-102-7/+87
| | | | | | | | | | | | | * common/util.h (compute_kmac256): Remove. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * common/kmac.c (compute_kmac256): Don't expose. (gnupg_ecc_kem_kdf, gnupg_kem_combiner): New. * agent/pkdecrypt.c (agent_hybrid_pgp_kem_decrypt): Use gnupg_ecc_kem_kdf and gnupg_kem_combiner. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Allow to create a Kyber key from keygrips.Werner Koch2024-04-052-1/+2
| | | | | | | | | | | | | | | | * agent/cvt-openpgp.c (extract_private_key): Support Kyber algorithms. * common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map KEM to Kyber. * common/sexputil.c (get_pk_algo_from_key): Increase buffer for use with "kyber1024". * g10/call-agent.c (agent_get_keyinfo): Fix warning. * g10/keygen.c (do_create_from_keygrip): Support Kyber. (ask_algo): Ditto. -- To test create a standard key and the use --edit-key and "addkey" with selection 13 and use the comma delimited keygrips. GnuPG-bug-id: 7014
* gpg: Initial support for generating Kyber subkeys.Werner Koch2024-04-031-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgpdefs.h (PUBKEY_ALGO_KY768_25519): Remove. (PUBKEY_ALGO_KY1024_448): Remove. (PUBKEY_ALGO_KYBER): New. Use them everywhere instead of the removed. * g10/build-packet.c (gpg_mpi_write_nohdr): Rename to (gpg_mpi_write_opaque_nohdr): this. Change callers. (gpg_mpi_write_opaque_32): New. (do_key): Support Kyber keys using the revised format. * g10/gpg.h (MAX_EXTERN_KEYPARM_BITS): New. * g10/parse-packet.c (read_octet_string): Add arg nbytes so support reading with a length prefix. Adjust callers. (parse_key): Parse Kyber public keys. * g10/misc.c (pubkey_get_npkey): Support Kyber. (pubkey_get_nskey): Ditto. * g10/keyid.c (pubkey_string): Support dual algorithms. (do_hash_public_key): Support Kyber. (nbits_from_pk): Ditto. (keygrip_from_pk): Return the Kyber part for the ECC+Kyber dual algo. * g10/keygen.c (struct common_gen_cb_parm_s): Add genkey_result2. Note that this callback is not yet used. (ecckey_from_sexp): Add optional arg sexp2 and use it for Kyber. Change callers. (ecckey_from_sexp): Do not leak LIST in case of an error. (common_gen): Add arg keyparms2, change callers, and support Kyber. (gen_kyber): New. (get_keysize_range): Support Kyber. (fixup_keysize): Simplify and support Kyber. (do_create): Handle Kyber. (parse_key_parameter_part): Remove algo strings "ky768" and "ky1024" and add a generic "kyber" with default parameters. -- This uses a revised format which is more aligned with the usual OpenPGP structure. A lot of things are still missing. For example support for handling two keygrips and checking both of them in a -K listing. There is also only ky768_bp384 as fixed algorithm for now. No passphrase for the Kyber part of the dual algorithm is on purpose. A test was done using gpg --quick-gen-key pqc1 nistp256 and then running gpg -v --quick-add-key <fingerprint> kyber which creates a v5 subkey on a v4 primary key. A second test using gpg --quick-gen-key pqc2 Ed448 followed by a --quick-add-key created a v5 key with a v5 subkey. GnuPG-bug-id: 6815
* common: Extend openpgp_oid_to_curve to return an abbreviated name.Werner Koch2024-04-032-14/+39
| | | | | | | | | | | * common/openpgp-oid.c (oidtable): Add column "abbr" and set them for Brainpool. (openpgp_oid_to_curve): Rename arg "canon" to "mode" and implement mode 2. -- For dual algorithms (PQC) we need shorter versions of brainpool to avoid names which otherwise might be capped when printed.
* common: Allow building with libgcrypt 1.10 for now.Werner Koch2024-04-031-0/+4
| | | | | | | | | * common/kmac.c (compute_kmac256): Return an error for older gcrypt versions. -- Except for the new KEM module there is no hard requirement for libgcrypt 1.11 *yet*.
* common: Add KMAC.NIIBE Yutaka2024-03-293-2/+140
| | | | | | | | | | * common/Makefile.am (common_sources): Add kmac.c. * common/kmac.c: New. * common/util.h (compute_kmac256): New. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,gpgsm: New option --disable-fd-translation.Werner Koch2024-03-262-8/+19
| | | | | | | | | | | | | | * common/sysutils.c (no_translate_sys2libc_fd) [W32]: New global. (disable_translate_sys2libc_fd): New. (translate_sys2libc_fd): Make static and cobuild only for Windows. (translate_sys2libc_fd_int): Use no_translate_sys2libc_fd flag. * g10/gpg.c, sm/gpgsm.c (oDisableFdTranslation): New const. (opts): Add option "disable-fd-translation". (main): Set option. -- GnuPG-bug-id: 7060
* Allow installation with a gpgconf.ctl changed homedir.Werner Koch2024-03-212-16/+120
| | | | | | | | | | | | | | | | | | | | | | | * common/homedir.c (gpgconf_ctl): Add field "gnupg". (parse_gpgconf_ctl): Support keyword "gnupg". (my_gnupg_dirname): New. (my_fixed_default_homedir): New. (gnupg_registry_dir): New. (standard_homedir): Use my_gnupg_dirname and my_fixed_default_homedir. (default_homedir): Use gnupg_registry_dir and my_fixed_default_homedir. (_gnupg_socketdir_internal): Use my_gnupg_dirname. Increase size of prefixbuffer. (gnupg_sysconfdir): Use my_gnupg_dirname. * tools/gpgconf.c (list_dirs): Use gnupg_registry_dir. (show_other_registry_entries): Ditto. -- This will be useful to install versions of GnuPG VS-Desktop and GnuPG Desktop in addition to a standard GnuPG version. Only basic tests on Unix done; Windows testing is still outstanding. GnuPG-bug-id: 7040
* common: Use a common gpgconf.ctl parser for Unix and Windows.Werner Koch2024-03-211-201/+250
| | | | | | | | | | | | | | | | | * common/homedir.c (gpgconf_ctl): new struct. (string_is_true): New. (parse_gpgconf_ctl): New. Based on the former code in unix_rootdir. (check_portable_app): Use parse_gpgconf_ctl and the new struct. (unix_rootdir): Ditto. -- This is a unification of the gpgconf.ctl mechanism. For backward compatibility we need to keep the empty (or actually only comments) method as used formerly under Windows. Iff one really wants a portable application the new portable keyword should be used, though. Noet that the Windows portable stuff has not been tested for quite some time.
* Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-03-125-8/+14
|\ | | | | | | | | | | | | | | -- Resolved conflicts: NEWS common/exechelp-w32.c configure.ac
| * gpg: Add option --assert-pubkey_algo.Werner Koch2024-02-102-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
| * doc: Fix spelling errors found by lintian.Werner Koch2024-01-292-2/+2
| | | | | | | | | | | | -- Reported-by: Andreas Metzler <[email protected]>
| * common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR.Werner Koch2024-01-261-1/+1
| | | | | | | | | | | | | | | | * common/exechelp-w32.c (gnupg_spawn_process): Fix macro. -- Fixes-commit: 6d6438a361d25f3b269f702e017f5e39fd1f5c38 GnuPG-bug-id: 6961
* | common,dirmngr:w32: Add include files.NIIBE Yutaka2024-02-152-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/dynload.h: Include windows.h. Don't define RTLD_LAZY, if already defined. * common/init.c: Include wctype.h. * dirmngr/certcache.c: Include wincrypt.h. * dirmngr/dns-stuff.c: Include ws2tcpip.h. -- GnuPG-bug-id: 5894 Signed-off-by: NIIBE Yutaka <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-01-265-3/+32
|\| | | | | | | | | | | | | | | -- Fixed conflicts: NEWS configure.ac doc/gpg.texi
| * Pass PINENTRY_GEOM_HINT environment variable to pinentryTobias Fella2024-01-221-1/+2
| | | | | | | | | | | | | | | | * common/session-env.c: Add PINENTRY_GEOM_HINT to variables. -- GnuPG-Bug-ID: 6930
| * speedo: Patch ELF binaries to use built librariesWerner Koch2024-01-121-1/+1
| | | | | | | | | | | | | | | | * build-aux/speedo.mk: Remove GUI stuff. Add patchelf feature. * Makefile.am (speedo): New target. -- GnuPG-bug-id: 6710
| * g13: New option --no-mount.Werner Koch2024-01-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g13/g13.c (oNoMount): New. (opts): Add --no-mount. (main): Implement this. * g13/g13-common.h (opt): Add field no_mount. * common/status.h (STATUS_PLAINDEV): New. * g13/sh-cmd.c (has_option): Uncomment. (cmd_mount): Add option --no-mount and pass down. * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Add arg nomount and emit PLAINDEV status line. (sh_dmcrypt_umount_container): Rund findmnt before umount. -- This option can be used to decrypt a device but not to mount it. For example to run fsck first. A command or option to run fsck before a mount will eventually be added. The use of findmnt is needed so that we can easily remove a device which has not been mounted.
| * common,w32: Remove duplicated backslashes when setting the homedir.Werner Koch2024-01-091-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | * common/homedir.c (copy_dir_with_fixup) [W32]: Fold double backslashes. -- This is in general no problem but when we hash or compare the directory to test whether tit is the standard home directory, we may use a different socket file and thus a second instance of a daemon. GnuPG-bug-id: 6833
| * scd: Add support for SCE 7.0Werner Koch2024-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (CARDTYPE_SCE7): New. * scd/app.c (strcardtype): Support it. (atr_to_cardtype): New. (app_new_register): Try to get the cardtype from atr_to_cardtype. * scd/app-piv.c (app_select_piv): Tweak for SCE7. Add general method to construct a S/N from the Card UUID. -- The test cards I have are rsa2048 with X.509 certificates. I don't have the entire chain but loading the certificates work. For testing I created an OpenPGP key from the keys and tested signing and decryption. GnuPG-bug-id: 6919
* | common: Remove t-b64.c.NIIBE Yutaka2023-12-262-156/+1
| | | | | | | | | | | | | | | | | | | | | | * common/Makefile.am (module_tests): Remove t-b64. (t_b64_LDADD): Remove. * common/t-b64.c: Remove. -- GnuPG-bug-id: 6734 Signed-off-by: NIIBE Yutaka <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-4'Werner Koch2023-12-229-120/+538
|\| | | | | | | | | | | | | | | | | | | -- Fixed conflicts in NEWS g10/encrypt.c sm/encrypt.c sm/sign.c
| * common: Add keyword socketdir to gpgconf.ctlWerner Koch2023-12-221-44/+91
| | | | | | | | | | | | | | | | | | | | | | * common/homedir.c (enum wantdir_values): New enums. (unix_rootdir): Change arg to use the enums. Adjust all callers. Add support for the socketdir keyword. (_gnupg_socketdir_internal): Take care of the socketdir keyword in gpgconf.ctl. * doc/tools.texi (Files used by gpgconf): Briefly explain the gpgconf.ctl syntax.
| * common: Clean up the temporary file at dotlock_destroy.NIIBE Yutaka2023-12-201-0/+6
| | | | | | | | | | | | | | | | | | * common/dotlock.c (dotlock_destroy): Clean up the temporary file created when it fails. -- Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 13:29:32 +0000