aboutsummaryrefslogtreecommitdiffstats
path: root/sm/sign.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpgsm: Support ECDSA in de-vs mode.Werner Koch2023-11-081-2/+2
| | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_ECC18): New. * common/compliance.c (gnupg_pk_is_allowed): Implement. * sm/decrypt.c (gpgsm_decrypt): Pass new flag. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6802
* gpgsm: Cleanup of legacy variable name use.Werner Koch2023-11-081-72/+56
| | | | | | | | | | * sm/encrypt.c (gpgsm_encrypt): Unify use of RC and ERR. * sm/sign.c (gpgsm_sign): ditto. -- Initially we didn't used the gpg_error_t thingy and while migrating we sometimes used RC and ERR for tracking the error. This is pretty error prone and thus we better remove it (after 20 years).
* sm: Flag Brainpool curves as compliant for all other operations.Werner Koch2023-10-241-2/+5
| | | | | | | | | | | | | | * sm/fingerprint.c (gpgsm_get_key_algo_info2): Rename to (gpgsm_get_key_algo_info): this. Remove the old wrapper. Adjust all callers. * sm/decrypt.c (gpgsm_decrypt): Pass the curve to the compliance checker. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6253
* gpgsm: Create binary detached sigs with definite form length octets.Werner Koch2023-09-071-4/+250
| | | | | | | | | | | * sm/sign.c: Include tlv.h. (write_detached_signature): New, (gpgsm_sign): Fixup binary detached signatures. -- This helps some other software to verify detached signatures. (cherry picked from commit 8996b0b655952fa6b5bb678a92d3106f72f80f2a)
* sm: Fix use of value NONE in gnupg_isotime_t type.NIIBE Yutaka2023-08-281-1/+2
| | | | | | | | | | | | | | | * common/gettime.h (GNUPG_ISOTIME_NONE): New. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it. * sm/certlist.c (gpgsm_add_to_certlist): Likewise. * sm/import.c (check_and_store): Likewise. * sm/keylist.c (list_cert_colon, list_cert_raw): Likewise. (list_cert_std): Likewise. * sm/sign.c (gpgsm_sign): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 05fdaa1737523fad72b6ffb9e7a90d5344ff64a5)
* gpgsm: New option --input-size-hint.Werner Koch2023-07-051-0/+2
| | | | | | | | | | | | | | | | | | * sm/gpgsm.c (oInputSizeHint): New. (opts): Add "--input-size-hint". (main): Set option. * sm/server.c (option_handler): Add option "input-size-hint". * sm/gpgsm.h (struct server_control_s): Add field input_size_hint. * sm/encrypt.c (gpgsm_encrypt): Set the toatl file size. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- This option allows to set a value for the progress output line. Note that as of now there is no other way to set the file size. GnuPG-bug-id: 6534
* gpgsm: Print PROGRESS status lines.Werner Koch2023-07-051-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | * common/ksba-io-support.c (struct writer_cb_parm_s): Add field progress. (struct gnupg_ksba_io_s): Add field is_writer. (update_write_progress): New. (base64_writer_cb, plain_writer_cb): Call update_write_progress. (base64_finish_write): Ditto. (gnupg_ksba_create_writer): Set is_writer. (gnupg_ksba_set_progress_cb): New. (gnupg_ksba_set_total): New. * common/ksba-io-support.h (gnupg_ksba_progress_cb_t): New type. * sm/server.c (gpgsm_status2): Return error from statusfp writes. (gpgsm_progress_cb): New. * sm/decrypt.c (gpgsm_decrypt): Set progress handler. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6534 Backported-from: c58067415fe93fbd5d3de2594ccca4761ad25103 Backported-from: a88aeee12990478c218abff7f38728e47ee824bc
* sm: Fix issuer certificate look error due to legacy error code.Werner Koch2023-02-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/certchain.c (find_up): Get rid of the legacy return code -1 and chnage var name rc to err. (gpgsm_walk_cert_chain): Change var name rc to err. (do_validate_chain): Get rid of the legacy return code -1. * sm/keydb.c (keydb_search): Replace return code -1 by GPG_ERR_NOT_FOUND. (keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND. * sm/certchain.c (find_up_search_by_keyid): Ditto. (find_up_external, find_up, find_up_dirmngr): Ditto. (gpgsm_walk_cert_chain): Ditto. (get_regtp_ca_info): Ditto. * sm/certlist.c (gpgsm_add_to_certlist): Ditto. (gpgsm_find_cert): Ditto. * sm/delete.c (delete_one): Ditto. * sm/export.c (gpgsm_export): Ditto. (gpgsm_p12_export): Ditto. * sm/import.c (gpgsm_import_files): Ditto. * sm/keylist.c (list_cert_colon): Ditto. (list_internal_keys): Ditto. * sm/sign.c (add_certificate_list): Ditto. -- This bug was detected while fixing GnuPG-bug-id: 4757 Backported-from-master: 473b83d1b9efe51fcca68708580597dddf3f50b7 Some extra code has been taken from commit ed6ebb696e4063dc664d7ee74fc492025881c459
* gpgsm: Support signing using ECDSA.Werner Koch2022-11-151-33/+52
| | | | | | | | | | | * sm/gpgsm.h (struct certlist_s): Add helper field pk_algo. * sm/sign.c (gpgsm_sign): Store the public key algo. Take the hash algo from the curve. Improve diagnostic output in verbose mode. -- GnuPG-bug-id: 4098, 6253 Signed-off-by: Werner Koch <[email protected]> Backported-from-master: f44d395bdfec464b1e2a0a1aef39561e6e48a45c
* gpgsm: Also announce AES256-CBC in signatures.Werner Koch2022-10-281-7/+10
| | | | | | | * sm/sign.c (gpgsm_sign): Add new capability. -- It might be better to have this. No concrete bug report, though.
* sm: Exclude rsaPSS from de-vs compliance mode.Werner Koch2020-07-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_RSAPSS): New. * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and test rsaPSS. Adjust all callers. * common/util.c (pubkey_algo_to_string): New. (gnupg_pk_is_allowed): Ditto. * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function. (gpgsm_get_hash_algo_from_sigval): New. * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS. * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to also get the algo flags. Pass algo flags along. Change some of the info output to be more like current master. -- Signed-off-by: Werner Koch <[email protected]> This backport from master commit 969abcf40cdfc65f3ee859c5e62889e1a8ccde91 also includes some changes taken from commit a759fa963a42e0652134130029217270b6d5d00b (sm: Improve readability of the data verification output.) Signed-off-by: Werner Koch <[email protected]>
* sm: Avoid confusing diagnostic for the default key.Werner Koch2019-05-271-3/+3
| | | | | | | | | | | | | * sm/certlist.c (cert_usage_p): Add arg 'silent' and change all callers. (gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p. Change all callers. * sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling gpgsm_cert_use_sign_p -- GnuPG-bug-id: 4535 Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: String changes for compliance diagnostics.Werner Koch2017-07-281-5/+7
| | | | Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: Check compliance of the RNG.Werner Koch2017-07-171-0/+11
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_rng_is_compliant): New. * g10/call-agent.c (start_agent) [W32]: Check rng compliance. * sm/call-agent.c (start_agent) [W32]: Ditto. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * g10/sign.c (do_sign): Ditto. * sm/sign.c (gpgsm_sign): Ditto. -- Under Windows we need to check that the Jitter RNG is active in de-vs mode. Under Linux this is not necessary because /dev/random can be scrutinized and is believed to provide enough entropy. Signed-off-by: Werner Koch <[email protected]>
* indent: Always use "_(" and not "_ (" to mark translatable strings.Werner Koch2017-06-191-2/+2
| | | | | | | | -- This makes greping much easier and we have done that since ever. Signed-off-by: Werner Koch <[email protected]>
* common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.Justus Winter2017-06-081-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* Spelling fixes in docs and comments.NIIBE Yutaka2017-04-281-1/+1
| | | | | | | | | | -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <[email protected]>
* Remove -I option to common.NIIBE Yutaka2017-03-071-1/+1
| | | | | | | | | | | | | * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Rename remaining symbols in ksba-io-support.Werner Koch2017-02-161-3/+3
| | | | | | | | | | | | | | | | | | * common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ... (gnupg_ksba_reader_eof_seen): this. Change all callers. (gpgsm_destroy_reader): Rename to ... (gnupg_ksba_destroy_reader): this. Change all callers. (gpgsm_finish_writer): Rename to ... (gnupg_ksba_finish_writer): this. Change all callers. (gpgsm_destroy_writer): Rename to ... (gnupg_ksba_destroy_writer): this. Change all callers. * common/ksba-io-support.c (struct base64_context_s): Rename to ... (gnupg_ksba_io_s): this. * common/ksba-io-support.h (base64_context_s): Ditto. (Base64Context): Rename this typedef to ... (gnupg_ksba_io_t): this. Change all users. Signed-off-by: Werner Koch <[email protected]>
* common: Remove gpgsm dependencies from ksba-io-support.Werner Koch2017-02-161-1/+4
| | | | | | | | | | | | | | | | | * common/ksba-io-support.c: Include ksba-io-support.h instead of ../sm/gpgsm.h. Include util.h. (writer_cb_parm_s): Remove const from 'pem_name'. (gpgsm_destroy_writer): Free 'pem_name'. (gpgsm_create_reader): Rename to ... (gnupg_ksba_create_reader): this. Replace args CTRL and ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate FLAGS. Change all callers to pass the FLAGS. (gpgsm_create_writer): Rename to ... (gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS. Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change all callers to pass the FLAGS and PEM_NAME. Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.Werner Koch2016-11-101-3/+3
| | | | | | | | | | | | | | | | * g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED file-global. Write a STATUS_ERROR. (maybe_create_keyring_or_box): Check for non-accessible but existant file. (keydb_search): Write a STATUS_ERROR if no keyring has been registered but continue to return NOT_FOUND. * sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED and make file-global. Write a STATUS_ERROR. (keydb_search): Write a STATUS_ERROR if no keyring has been registered but continue to return NOT_FOUND. Also add new arg CTRL and change all callers to pass it down. Signed-off-by: Werner Koch <[email protected]>
* sm: Remove unused arg SECRET from keydb functions.Werner Koch2016-11-101-3/+3
| | | | | | | | * sm/keydb.c (struct resource_item): Remove field 'secret'. (keydb_add_resource): Remove arg 'secret' and change all callers. (keydb_new): Ditto. Signed-off-by: Werner Koch <[email protected]>
* Change all http://www.gnu.org in license notices to https://Werner Koch2016-11-051-1/+1
| | | | --
* More cleanup of "allow to".Daniel Kahn Gillmor2016-08-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | * README, agent/command.c, agent/keyformat.txt, common/i18n.c, common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c, dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE, doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi, doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt, g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4, m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po, po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po, po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po, po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po, scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c, sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to" with clearer text. In standard English, the normal construction is "${XXX} allows ${YYY} to" -- that is, the subject (${XXX}) of the sentence is allowing the object (${YYY}) to do something. When the object is missing, the phrasing sounds awkward, even if the object is implied by context. There's almost always a better construction that isn't as awkward. These changes should make the language a bit clearer. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Fix typos spotted during translationsDavid Prévot2012-08-241-1/+1
| | | | | | | | | | | | | | | * agent/genkey.c: s/to to/to/ * sm/*.c: s/failed to allocated/failed to allocate/ * sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/ * g10/seskey.c: missing closing parenthesis * dirmngr/crlcache.c: s/may has/may have/ Consistency fix: * g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax * dirmngr/dirmngr_ldap: no period in Syntax * dirmngr/dirmngr-client.c: infinitive for option description: s/certificates are expected/expect certificates/
* Change all quotes in strings and comments to the new GNU standard.Werner Koch2012-06-051-1/+1
| | | | | | | | | | | | | | | | | | | The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
* Replace gcry_md_start_debug by gcry_md_debug.Werner Koch2011-09-201-2/+2
| | | | | This is to allow building with Libgcrypt master (1.6) which has some cleanups in the API/ABI.
* Fix regression in gpg's mail address parsing.Werner Koch2011-04-251-1/+1
| | | | | | Since 2009-12-08 gpg was not able to find email addresses indicated by a leading '<'. This happened when I merged the user id classification code of gpgsm and gpg.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-28/+28
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Remove superfluous parameter.Werner Koch2010-11-261-1/+1
| | | | | Make self-check interval larger
* Whole lot of changes to support CE.Werner Koch2010-04-141-21/+24
|
* Replace use stdio by estream functions.Werner Koch2010-03-081-17/+19
|
* Unification of the search descriptor usage.Werner Koch2009-12-081-1/+1
|
* More stuff for the audit-log.Werner Koch2009-12-021-15/+37
|
* Improved detection of bad/invalid signer keys.Werner Koch2009-08-061-1/+11
|
* Fixed a bunch of little bugs as reported by Fabian Keil.Werner Koch2009-06-241-1/+1
| | | | | Still one problem left; marked with a gcc #warning.
* Signing using Netkey 3 cards does now work.Werner Koch2009-03-261-1/+13
|
* Remove hacks which are not anymore needed since we now require Libgcrypt 1.4Werner Koch2008-09-291-4/+1
|
* Fix gpg-preset-passphrase bug.Werner Koch2008-09-031-1/+4
| | | | | Cleanups
* Start support of TCOS 3 cards.Werner Koch2008-06-261-39/+74
| | | | | | | Support restriction attribute. Fix utf-8 printing problems. Use AES by default.
* Always search missing certifcates using a running Dirmngr's cache.Werner Koch2008-02-131-1/+1
|
* Allow verification of some broken S-TRUST generated signatures.Werner Koch2007-12-131-2/+2
|
* Implemented the chain model for X.509 validation.Werner Koch2007-08-101-1/+1
|
* Typo fixes.Werner Koch2007-07-171-5/+5
| | | | | | Made --default-key work for gpgsm Add --default-key and --encrypt-to to gpgconf.
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* Allow export to work on systems without funopen/fopencookie.Werner Koch2007-03-191-1/+1
|
* Fixed aegypten bug 372Werner Koch2006-10-171-11/+14
|
* The big Assuan error code removal.Werner Koch2006-09-061-4/+4
|
* Updated FSF's address.Werner Koch2006-06-201-1/+2
|
* Print a note that the software has not been approved for qualified signatures.Werner Koch2005-11-231-6/+6
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-22 14:33:31 +0000