aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* scd: Better user interaction for factory-reset.NIIBE Yutaka2018-03-161-6/+21
| | | | | | | | | | | | * g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte. Connect the card again at the last step. -- Before the change, a user has to quit the session to continue. Now, it is possible to type RET in the session and see if it's really done. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix suspend/resume handling for CCID driver.NIIBE Yutaka2018-03-151-1/+2
| | | | | | | | | | | | | * scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb to see if it's suspend/resume. -- Upon suspend/resume, LIBUSB_TRANSFER_NO_DEVICE is returned, since all URBs are cancelled. We need to see if it's real NODEV error or its by suspend/resume. We can distinguish by sending URB again. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: After fatal error, shutdown a reader.NIIBE Yutaka2018-03-131-0/+9
| | | | | | | | | | * scd/apdu.c (pcsc_send_apdu): Notify main loop after fatal errors. -- GnuPG-bug-id: 3825 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix for GNU/Linux suspend/resume.NIIBE Yutaka2018-03-132-5/+4
| | | | | | | | | | | | | | | * configure.ac (require_pipe_to_unblock_pselect): Default is "yes". * scd/scdaemon.c (scd_kick_the_loop): Minor clean up. -- Normally SIGCONT or SIGUSR2 works for unblocking pselect. But on my machine with GNU/Linux, when a machine is suspend/resume-ed, pselect keeps blocked, while signal itself is delivered. It's better to use pipe. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix typo in previous commit.NIIBE Yutaka2018-03-121-1/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: More fix with PC/SC for Windows.NIIBE Yutaka2018-03-081-18/+20
| | | | | | | | | | * scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS. Add debug log. -- GnuPG-bug-id: 3825 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix status check when using PC/SC.NIIBE Yutaka2018-03-082-3/+14
| | | | | | | | | | | | | | | | | | | * scd/apdu.c (struct reader_table_s): Add field of current_state. (new_reader_slot): Initialize current_state. (pcsc_get_status): Keep the status in READER_TABLE array. Return SW_HOST_NO_READER when PCSC_STATE_CHANGED. * scd/scdaemon.c (handle_connections): Silence a warning. -- To detect some change of card status, including suspend/resume possibly, SCardGetStatusChange should be used keeping the dwCurrentState field. This change could improve situation for suspend/resume with Yubikey on Windows. Even not, this is doing the Right Thing. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix build on Windows.NIIBE Yutaka2018-03-082-0/+5
| | | | | | | | | | -- WIN32_LEAN_AND_MEAN is required to avoid definitions of grp1, grp2, and grp3 in dlgs.h, which is included by windows.h. Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: man page grammarBen McGinnes2018-03-071-2/+2
| | | | | | -- Fixed two grammatical errors: their vs. there and oneself vs. one (one's self would still be too stilted).
* agent: Also evict cached items via a timer.Werner Koch2018-03-064-1/+28
| | | | | | | | | | | | * agent/cache.c (agent_cache_housekeeping): New func. * agent/gpg-agent.c (handle_tick): Call it. -- This change mitigates the risk of having cached items in a post mortem dump. GnuPG-bug-id: 3829 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix regression in last --card-status patchWerner Koch2018-03-011-1/+1
| | | | | | | | | | -- Sorry, I accidentally pushed the last commit without having amended it with this fix. Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94 Signed-off-by: Werner Koch <[email protected]>
* gpg: Print the keygrip with --card-statusWerner Koch2018-03-013-7/+58
| | | | | | | | | | | | | | * g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and grp3. * g10/call-agent.c (unhexify_fpr): Allow for space as delimiter. (learn_status_cb): Parse KEYPARIINFO int the grpX fields. * g10/card-util.c (print_keygrip): New. (current_card_status): Print "grp:" records or with --with-keygrip a human readable keygrip. -- Suggested-by: Peter Lebbing <[email protected]> Signed-off-by: Werner Koch <[email protected]>
* gpgconf, w32: Allow UNC pathsAndre Heinecke2018-02-281-1/+3
| | | | | | | | | | | | | * tools/gpgconf-comp.c (get_config_filename): Allow UNC paths. -- The homedir of GnuPG on Windows can be on a network share e.g. if %APPDATA% is redirected to a network share. The file API calls work and GnuPG itself works nicely with such paths so gpgconf should work with them, too. GnuPG-Bug-Id: T3818 Signed-off-by: Andre Heinecke <[email protected]>
* dirmngr: Handle failures related to missing IPv6 gracefullyMichał Górny2018-02-221-0/+2
| | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more error codes. -- Handle the two possible connect failures related to missing IPv6 support gracefully by marking the host dead and retrying with another one. If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL. If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT. This makes it possible to use dual-stack hkp servers on hosts not having IPv6 without random connection failures. GnuPG-bug-id: 3331 -- The above description seems to be for Linux, so it is possible that other systems might behave different. However, it is worth to try this patch. Signed-off-by: Werner Koch <[email protected]>
* doc: Fix recently introduced typo in gpgsm.texi.Werner Koch2018-02-221-1/+1
| | | | --
* Post release updates.Werner Koch2018-02-222-1/+5
| | | | --
* Release 2.2.5gnupg-2.2.5Werner Koch2018-02-226-12/+55
| | | | Signed-off-by: Werner Koch <[email protected]>
* gpg: Don't let gpg return failure on an invalid packet in a keyblock.Werner Koch2018-02-222-6/+3
| | | | | | | | | | | | * g10/keydb.c (parse_keyblock_image): Use log_info instead of log_error for skipped packets. * g10/keyring.c (keyring_get_keyblock): Ditto. -- log_info should be sufficient and makes this more robust. Some tools (e.g. Enigmail) are too picky on return codes from gpg. Signed-off-by: Werner Koch <[email protected]>
* g10: Select a secret key by checking availability under gpg-agent.NIIBE Yutaka2018-02-221-4/+11
| | | | | | | | | | | | * g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm by agent_probe_secret_key. (get_pubkey_fromfile, lookup): Supply WANT_SECRET argument. -- GnuPG-bug-id: 1967 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6)
* doc: Clarify -export-secret-key-p12Werner Koch2018-02-221-3/+3
| | | | | | | -- GnuPG-bug-id: 3788 Signed-off-by: Werner Koch <[email protected]>
* build: Update autogen.shWerner Koch2018-02-212-2/+7
| | | | | | | | -- Now installs a git patch prefix. Signed-off-by: Werner Koch <[email protected]>
* doc: Add extra hint on unattended use of gpg.Werner Koch2018-02-211-0/+13
| | | | --
* wks: Add special mode to --install-key.Werner Koch2018-02-205-134/+153
| | | | | | | | | | | * tools/gpg-wks-client.c (get_key_status_parm_s) (get_key_status_cb, get_key): Move to ... * tools/wks-util.c: ...here. (get_key): Rename to wks_get_key. * tools/gpg-wks-server.c: Include userids.h. (command_install_key): Allow use of a fingerprint. Signed-off-by: Werner Koch <[email protected]>
* wks: Implement server command --install-key.Werner Koch2018-02-205-40/+216
| | | | | | | | | | | * tools/wks-util.c (wks_filter_uid): Add arg 'binary'. * tools/gpg-wks-server.c (main): Expect 2 args for --install-key. (write_to_file): New. (check_and_publish): Factor some code out to ... (compute_hu_fname): ... new. (command_install_key): Implement. Signed-off-by: Werner Koch <[email protected]>
* wks: Support alternative submission address.Werner Koch2018-02-204-14/+67
| | | | | | | | | | | | * tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'. * tools/wks-util.c (wks_parse_policy): Parse that field. (wks_free_policy): New. * tools/gpg-wks-client.c (command_send): Also try to take the submission-address from the policy file. Free POLICY. * tools/gpg-wks-server.c (process_new_key): Free POLICYBUF. (command_list_domains): Free POLICY. Signed-off-by: Werner Koch <[email protected]>
* speedo: Use --enable-wks-tools for non-W32 builds.Werner Koch2018-02-201-1/+1
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* speedo: Add new option STATIC=1Werner Koch2018-02-191-1/+24
| | | | | | | | | | | | | | | -- This can be used to build GnuPG with static versions of the core gnupg libraries. For example: make -f build-aux/speedo.mk STATIC=1 SELFCHECK=0 \ INSTALL_PREFIX=/somewhere/gnupg22 native The SELFCHECK=0 is only needed to build from a non-released version. You don't need it with a released tarball. Signed-off-by: Werner Koch <[email protected]>
* kbx: Fix detection of corrupted keyblocks on 32 bit systems.Werner Koch2018-02-151-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN checking. (blob_cmp_fpr_part): Ditto. (blob_cmp_name): Ditto. (blob_cmp_mail): Ditto. (blob_x509_has_grip): Ditto. (keybox_get_keyblock): Check OFF and LEN using a 64 bit var. (keybox_get_cert): Ditto. -- On most 32 bit systems size_t is 32 bit and thus the check size_t cert_off = get32 (buffer+8); size_t cert_len = get32 (buffer+12); if (cert_off+cert_len > length) return gpg_error (GPG_ERR_TOO_SHORT); does not work as intended for all supplied values. The simplest solution here is to cast them to 64 bit. In general it will be better to avoid size_t at all and work with uint64_t. We did not do this in the past because uint64_t was not universally available. GnuPG-bug-id: 3770 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix reversed messages for --only-sign-text-ids.NIIBE Yutaka2018-02-151-2/+2
| | | | | | | | | | * g10/keyedit.c (keyedit_menu): Fix messages. -- GnuPG-bug-id: 3787 Fixes-commit: a74aeb5dae1f673fcd98b39a6a0496f3c622709a Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Avoid appending a '\0' byte to the response of READKEYKatsuhiro Ueno2018-02-141-1/+2
| | | | | * agent/command.c (cmd_readkey): Set pkbuflen to the length of the output without an extra '\0' byte.
* sm: Fix minor memory leak in --export-p12.Werner Koch2018-02-141-0/+1
| | | | | | * sm/export.c (gpgsm_p12_export): Free KEYGRIP. Signed-off-by: Werner Koch <[email protected]>
* sm: Fix a wrong key parameter in an exported private key fileKatsuhiro Ueno2018-02-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | * sm/export.c (sexp_to_kparms): Fix the computation of array[6], which must be 'd mod (q-1)' but was 'p mod (q-1)'. -- This bug is not serious but makes some consistency checks fail. For example, 'openssl rsa -check' reports the following error: $ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX $ openssl rsa -check -noout -inform DER -in my.key RSA key error: dmq1 not congruent to d -- Let me(wk) add this: This bug was introduced with Fixes-commit: 91056b1976bfb7b755e53b1302f4ede2b5cbc05d right at the start of GnuPG 2.1 in July 2010. Before that (in 2.0) we used gpg-protect-tool which got it right. We probably never noticed this because gpgsm, and maybe other tools too, fix things up during import. Signed-off-by: Werner Koch <[email protected]>
* common: Use new function to print status strings.Werner Koch2018-02-148-116/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | * common/asshelp2.c (vprint_assuan_status_strings): New. (print_assuan_status_strings): New. * agent/command.c (agent_write_status): Replace by call to new function. * dirmngr/server.c (dirmngr_status): Ditto. * g13/server.c (g13_status): Ditto. * g13/sh-cmd.c (g13_status): Ditto. * sm/server.c (gpgsm_status2): Ditto. * scd/command.c (send_status_info): Bump up N. -- This fixes a potential overflow if LFs are passed to the status string functions. This is actually not the case and would be wrong because neither the truncating in libassuan or our escaping is not the Right Thing. In any case the functions need to be more robust and comply to the promised interface. Thus the code has been factored out to a helper function and N has been bumped up correctly and checked in all cases. For some uses this changes the behaviour in the error case (i.e. CR or LF passed): It will now always be C-escaped and not passed to libassuan which would truncate the line at the first LF. Reported-by: private_pers
* scd: Improve KDF-DO supportArnaud Fontaine2018-02-131-1/+2
| | | | | | | | | | * scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO. -- Length check added by gniibe. Signed-off-by: Arnaud Fontaine <[email protected]>
* scd: Fix handling for Data Object with no data.NIIBE Yutaka2018-02-121-2/+6
| | | | | | | | | | | | | | * scd/app-openpgp.c (get_cached_data): Return NULL for Data Object with no data. -- When GET_DATA returns no data with success (90 00), this routine firstly returned buffer with length zero, and secondly (with cache) returned NULL, which is inconsistent. Now, it returns NULL for both cases. Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Add compliance de-vs to gpgsm in vsnfd.prfAndre Heinecke2018-02-091-0/+1
| | | | * doc/examples/vsnfd.prf: Set complaince mode for gpgsm.
* scd: Use pipe to kick the loop on NetBSD.NIIBE Yutaka2018-02-072-3/+52
| | | | | | | | | | | | | | * configure.ac (HAVE_PSELECT_NO_EINTR): New. * scd/scdaemon.c (scd_kick_the_loop): Write to pipe. (handle_connections): Use pipe. -- On NetBSD, signal to the same process cannot unblock pselect, with unknown reason. Use pipe instead, for such systems. GnuPG-bug-id: 3778 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Update list of card vendors from masterWerner Koch2018-02-011-0/+2
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* tests: Fix for NetBSD with __func__.NIIBE Yutaka2018-01-291-1/+1
| | | | | | | | | | * tests/asschk.c: Don't define __func__ if available. -- NetBSD 7.0 has __func__ defined. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Improve assuan error comment for cmd keyserver.Werner Koch2018-01-271-2/+7
| | | | | | | | | * dirmngr/server.c: Add error comment in case --resolve fails in ensure_keyserver. -- GnuPG-bug-id: 3756 Signed-off-by: Werner Koch <[email protected]>
* agent: Fix last commit.NIIBE Yutaka2018-01-262-1/+4
| | | | | | | | | | | | * configure.ac: Check ucred.h as well as sys/ucred.h. * agent/command-ssh.c: Add inclusion of ucred.h. -- It was T2981, adding ucred.h for Solaris. We also need sys/ucred.h for FreeBSD and macOS. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: More fix for get_client_pid for portability.NIIBE Yutaka2018-01-262-3/+3
| | | | | | | | | | | | * configure.ac: Check sys/ucred.h instead of ucred.h. * agent/command-ssh.c: Include sys/ucred.h. -- It's *BSD and macOS thing. Fixes-commit: f7f806afa5083617f4aba02fc3b285b06a7d73d4 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Note --quick-gen-key as an alias for --quick-generate-keyWerner Koch2018-01-251-0/+2
| | | | --
* scd: Support KDF Data Object of OpenPGPcard V3.3.NIIBE Yutaka2018-01-221-25/+94
| | | | | | | | | | | | | * scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support. (pin2hash_if_kdf): New. (verify_a_chv): Add PINLEN arg. Use pin2hash_if_kdf. (verify_chv2, do_sign): Follow the change of verify_a_chv. (verify_chv3, do_change_pin): Use pin2hash_if_kdf. -- GnuPG-bug-id: 3152 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix the use of future-default with --quick-add-key.Werner Koch2018-01-181-12/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Add arg clear_cert. (parse_key_parameter_string): Add arg suggested_use and implement fallback. Change callers to pass 0 for new arg. (parse_algo_usage_expire): Pass the parsed USAGESTR to parse_key_parameter_string so that it can use it in case a subkey is to be created. -- The problem here was that future-default gives the primary and subkey algorithm. However, when using future-default for adding a key, the second part was always used which is for encryption. If the caller now wanted to create a signing subkey using the future-default parameters this did not worked. gpg --batch --passphrase "" --quick-add-key FPR future-default encr aready worked as did gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign but gpg --batch --passphrase "" --quick-add-key FPR future-default sign does only work with this fix. GnuPG-bug-id: 3747 Signed-off-by: Werner Koch <[email protected]>
* doc: Note pinentry-mode for passphrase optsAndre Heinecke2018-01-091-6/+11
| | | | | | | * doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd): Note that pinentry-mode needs to be loopback. Signed-off-by: Andre Heinecke <[email protected]>
* gpg: Print all keys with --decrypt --list-only.Werner Koch2018-01-081-4/+6
| | | | | | | | | | | | | * g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for list-only and put the key into PKENC_LIST. (print_pkenc_list): Take care of the new error code. -- If the secret keys exist in --list-only mode it was not printed in --list-only mode. GnuPG-bug-id: 3718 Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow "futuredefault" as alias for "future-default".Werner Koch2018-01-011-6/+8
| | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and use case-insensitive matching (quick_generate_keypair): Ditto. (parse_algo_usage_expire): Ditto. -- The man page is sometimes rendered in a way that the hyphen may be not be considered as part of the string. And while at it we also allow case-insensitivity. GnuPG-bug-id: 3655 Signed-off-by: Werner Koch <[email protected]>
* gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.Werner Koch2017-12-291-0/+7
| | | | | | | | | | * g10/keygen.c (gen_ecc): Map curve names. -- See https://lists.gnupg.org/pipermail/gnupg-users/2017-December/059619.html Signed-off-by: Werner Koch <[email protected]>
* scd: Fix for inactive card at start by internal CCID driver.NIIBE Yutaka2017-12-271-2/+15
| | | | | | | | | | | | | | * scd/ccid-driver.c (do_close_reader): Set NULL on close. (bulk_in): Move DEBUGOUT and check by EP_INTR. (ccid_get_atr): Clear powered_off flag after initial status check. -- Many card readers automatically turn on inserted card, but some defaults to turning off at start. GnuPG-bug-id: 3508 Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-16 03:05:43 +0000