1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

8847 Commits

Author SHA1 Message Date
Werner Koch
0a355b2fe7
gpg: Add compatibility flag "vsd-allow-ocb"
* common/compliance.h (enum gnupg_co_extra_infos): New.
* common/compliance.c (vsd_allow_ocb): New.
(gnupg_cipher_is_compliant): Allow OCB if flag is set.
(gnupg_cipher_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): Change to take two args.  Adjust
callers.
* g10/gpg.c (compatibility_flags): Add "vsd-allow-ocb".
(main): And set it.
* g10/options.h (COMPAT_VSD_ALLOW_OCB): NEw.
--

This is a temporary flag until the new mode has been evaluated and can
always be enabled.

GnuPG-bug-id: 6263
2022-10-31 17:23:41 +01:00
Werner Koch
4a9f3f94c6
gpg: New option --compatibility-flags
* g10/gpg.c (oCompatibilityFlags): New.
(opts): Add option.
(compatibility_flags): New list.
(main): Set flags and print help.
* g10/options.h (opt): Add field compatibility_flags.
--

No flags are yet defined but it is good to have the framework.
2022-10-31 16:20:22 +01:00
Werner Koch
a545e14e8a
gpg: Support OCB encryption.
* g10/build-packet.c (do_encrypted_aead): New.
(do_symkey_enc): Handle version 5.
(build_packet): Support the ENCRYPTED_AEAD packet.
* g10/cipher.c (MIN_PARTIAL_SIZE): Remove unused macro.
(AEAD_ENC_BUFFER_SIZE): New macro.
(my_iobuf_write): New.
(write_header): Rename to write_cfb_header.  Adjust caller.
(set_ocb_nonce_and_ad): New.
(write_ocb_header): New.
(write_ocb_auth_tag): New.
(write_ocb_final_chunk): New.
(do_ocb_flush): New.
(do_ocb_free): New.
(cipher_filter_ocb): New.
* g10/filter.h (cipher_filter_context_t): Add fields for AEAD.
* g10/encrypt.c (encrypt_symmetric): For the use of a session key in
OCB mode.
(encrypt_seskey): Revamp to support OCB.
(use_aead): New.
(encrypt_simple): Support OCB.
(write_symkey_enc): Ditto.
(encrypt_crypt): Ditto.
(encrypt_filter): Handle OCB.
* g10/options.h (opt): Add field force_ocb.
* g10/gpg.c (oForceOCB): New.
(opts): New option "--force-ocb".
(main): Set force_ocb option.
* g10/gpgcompose.c (encrypt_seskey): New.
* g10/keygen.c (aead_available): New global var.
(keygen_set_std_prefs): Set AEAD feature by default in GNUPG mode. Add
parings of aead feature flag.
(keygen_get_std_prefs): Set aead flag.
(add_feature_aead): New.
(keygen_upd_std_prefs): Set OCB as preference if AEAD is enabled.
* g10/pkclist.c (select_aead_from_pklist): New.
(warn_missing_aead_from_pklist): New.
(select_mdc_from_pklist): Remove this unused function.
--

This extends the long available OCB and EAX decryption feature.  Due
to the meanwhile expired patent on OCB there is no more reason for
using EAX.  Thus we forcefully use OCB if the AEAD feature flag is set
on a key.

In GNUPG mode new keys are now created with the AEAD feature flag set.
Option --rfc4880 is one way to disable this.

GnuPG-bug-id: 6263
2022-10-31 14:33:10 +01:00
Werner Koch
aa397fdcdb
gpgsm: Also announce AES256-CBC in signatures.
* sm/sign.c (gpgsm_sign): Add new capability.
--

It might be better to have this.  No concrete bug report, though.
2022-10-28 15:21:26 +02:00
Werner Koch
fd0ddf2699
gpgsm: New compatibility flag "allow-ecc-encr".
* sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): New.
* sm/gpgsm.c (compatibility_flags): Add new flag.
* sm/encrypt.c (encrypt_dek): Allw ECC only if flag is set.
--

ECC encryption was not part of the original VS evaluation.  Until this
has been re-evaluated we hide this feature behind this flag.

GnuPG-bug-id: 6253
2022-10-28 15:19:19 +02:00
Werner Koch
28467f3735
sm: Support encryption using ECDH keys.
* sm/decrypt.c (hash_ecc_cms_shared_info): Make global.
* sm/encrypt.c (ecdh_encrypt): New.
(encrypt_dek): Add arg PK_ALGO and support ECDH.
(gpgsm_encrypt): Pass PK_ALGO.
--

Note: This has only been tested with a messages created and decrypted
by GnuPG.

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: d5051e31a8fc07c339253c6b82426e0d0115a20a
GnuPG-bug-id: 6253
2022-10-28 13:01:09 +02:00
Werner Koch
d770715e15
gpgsm: Allow ECC encryption keys with just keyAgreement specified.
* sm/certlist.c (cert_usage_p): Allow keyAgreement for ECC.
* sm/fingerprint.c (gpgsm_is_ecc_key): New.
--

For ECC encryption keys keyAgreement is the keyUsage we want.

GnuPG-bug-id: 6253
2022-10-28 12:17:46 +02:00
Werner Koch
1cdb67d41a
gpgsm: Use macro constants for cert_usage_p.
* sm/certlist.c (USE_MODE_): New.  Use them for easier reading.
2022-10-28 12:14:54 +02:00
Werner Koch
7ed523ca13
scd:nks: Support non-ESIGN signing with the Signature Card v2
* scd/app-nks.c (do_sign): Handle ECC for NKS cards
--

Backported-from-master: 959c627892121ce9707bfa36f2510216b4f6f247
GnuPG-bug-id: 6252
2022-10-28 12:13:29 +02:00
Werner Koch
12d3b16729
scd: Use app_get_slot at more places.
--

This is helpful for backporting other changes.
2022-10-28 12:07:11 +02:00
Werner Koch
934bbe67c2
scd: Use APP_LEARN_FLAG_KEYPAIRINFO with more apps.
* scd/app-nks.c (do_learn_status_core): Use new flag.
* scd/app-sc-hsm.c (do_learn_status): Ditto.
--

The flag was already backported to some apps but not to these.
2022-10-28 11:55:31 +02:00
Werner Koch
6fa4143284
doc: Make uploading of 2.2 manuals easier
--
2022-10-28 11:46:29 +02:00
NIIBE Yutaka
54d001cc7c
build: Update gpg-error.m4.
* m4/gpg-error.m4: Update from libgpg-error 1.46.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-10-24 12:11:17 +09:00
Werner Koch
ed62b74a17
gpgsm: Create ECC certificates with AKI and SKI by default.
* sm/certreqgen.c (create_request): Create AKI and SKI by default.
--

GnuPG-bug-id: 4098, 6253
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 44676819f2873705b78849e7b2fd22214b691642
2022-10-20 17:34:03 +02:00
Werner Koch
9f1181e1a7
gpgsm: Print the key types as standard key algorithm strings.
* sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
(gpgsm_get_key_algo_info2): new.
* sm/keylist.c (list_cert_colon): Put curve into field 17
(list_cert_raw): Print the unified key algotithm string instead of the
algo and size.
(list_cert_std): Ditto.
--

It is important to known whether a 256 bit ECC uses a NIST or a
Brainpool curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 5c29d25e6c7c0a5a63ab4c46d4624217307adb78
GnuPG-bug-id: 6253
2022-10-20 16:32:11 +02:00
Werner Koch
5ae2632002
gpgsm: Support decryption of ECDH data
* sm/decrypt.c (hash_ecc_cms_shared_info): New.
(ecdh_derive_kek): New global function.
(ecdh_decrypt): New with support for
dhSinglePass-stdDH-sha1kdf-scheme.
(prepare_decryption): Support ECDH.  Add args pk_algo and nbits.
(gpgsm_decrypt): Pass size of curve to prepare_decryption.  Lift some
variables from an inner code block.
--

This has been compiled from these commits in master:
Backported-from-master: 95d83cf906177fe9f00e88ae42d4c118c7db4371
(sm: Support decryption of ECDH data)
Backported-from-master: ee6d29f1797e06977ae3d2edae9edc1165c6f144
(sm: Support decryption of ECDH data using a smartcard.)
Backported-from-master: 68b857df13c8a4e6cae5e3a29fd065bf90764547
(sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.)

GnuPG-bug-id: 6253
Signed-off-by: Werner Koch <wk@gnupg.org>
2022-10-20 15:35:47 +02:00
NIIBE Yutaka
37a853d808
gpgsm: Support key generation with ECC.
* sm/certreqgen.c (pKEYCURVE): New.
(read_parameters): Add pKEYCURVE handling.
(proc_parameters): Support ECC key generation.
--

GnuPG-bug-id: 4888, 6253
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 49ea53b755f0fef468055a1493e790735908f865)
2022-10-20 14:47:28 +02:00
NIIBE Yutaka
8b2c55d3c5
gpgsm: Remove restriction of key generation (only RSA).
* sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA.

--

This is an initial change to support ECC key generation.

GnuPG-bug-id: 4888, 6253
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 238707db8b05a385af5419e606ea5110ace31d2b
2022-10-20 14:45:03 +02:00
Werner Koch
1e69676981
scd:nks: Don't flag the ESIGN keypair EF as encryption capable.
* scd/app-nks.c (filelist): Tweak 0x4531.
--

Actually the certificate has no encryption usage but we should also
tell that via KEYINFO so that this key is never tried to create an
encryption certificate.

(cherry picked from commit 3a2fb1c30633373d17880469e0b84ab2a9524585)
2022-10-20 12:22:08 +02:00
Werner Koch
f24904ee35
scd:nks: Some code cleanup.
* scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ...
(parse_keyref): new.
(do_readcert): Use new function instead of partly duplicated code.
Make detection of keygrip more robust.
(do_readkey): Make detection of keygrip more robust.
(do_with_keygrip): Use get_nks_tag.
--

Also added a couple of comments.

(cherry picked from commit b92b3206e72b635fd815eaf85e7acc67c2a52ffe)
2022-10-20 12:22:08 +02:00
Werner Koch
5cd25f4ca4
scd:nks: Support the Telesec ESIGN application.
* scd/app-nks.c (find_fid_by_keyref): Disable the cache for now.
(readcert_from_ef): Considere an all zero certificate as not found.
(do_sign): Support ECC and the ESIGN application.
--

This allows me to create qualified signatures using my Telesec card.
There is of course more work to do but this is the first step.

Note: The design of the FID cache needs to be reconsidered.  Until
that the lookup here has been disabled.  The do_sign code should be
revamped to be similar to what we do in app-p15.

GnuPG-bug-id: 5219, 4938, 6252
Backported-from-master: 07eaf006c2763a6b40d2734b1c6704da466e0ed0
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
b199582789
scd:nks: Return USAGE information for KEYINFO command.
* scd/app-nks.c (set_usage_string): New.
(do_learn_status_core, do_readkey): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/command.c (send_keyinfo): Add arg usage.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 5264d3f58e8a8362900c3518bdd683ff9a23cccc
GnuPG-bug-id: 6252

This backports only the NKS parts of the original patch

Signed-off-by: Werner Koch <wk@gnupg.org>
2022-10-20 12:22:08 +02:00
Werner Koch
77b008d1e7
scd:nks: Handle APP_READKEY_FLAG_INFO.
* scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error.
(get_nks_tag): New.
(do_learn_status_core): Use it.  Make sure not to mange the
KEYPAIRINFO line if no usage is known.
(do_readkey): Output the KEYPAIRINFO for the keygrip case.
--

Note that this only handles the most common case of providing a
keygrip.  $AUTHKEYID and ODLM are not yet supported.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 63320ba2f8147ee86f4406c9590f6b28cad4771d)
2022-10-20 12:22:08 +02:00
Ingo Klöcker
8bccd95b38
scd:nks: Add support for signing plain SHA-2 digests.
* scd/app-nks.c (do_sign): Handle plain SHA-2 digests and verify
encoding of ASN.1 encoded hashes.
--

This makes it possible to create CSRs for NetKey card keys which are
signed with SHA256 by default.

GnuPG-bug-id: 5184
(cherry picked from commit 8fe976d5b9a0f2902868737dd502c749565222a6)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
3c1acb7b9f
scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.
* scd/app-nks.c (do_readkey): Allow KEYGRIP access.
Support NKS-IDLM.XXXX keyref.

--

GnuPG-bug-id: 5150
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 3b392630881350baabeba16fa760bad04be94d03)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
0979ae3491
scd:nks: Factor out pubkey retrieval from keygrip handling.
* scd/app-nks.c (pubkey_from_pk_file): New.
(keygripstr_from_pk_file): Use pubkey_from_pk_file.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit b7c087375d84c31ab8a645cd81e6b1e6185cb30d)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
1f2823e0be
scd:nks: Add support of KEYGRIP for do_readcert.
* scd/app-nks.c (do_readcert): Support KEYGRIP.

--

GnuPG-bug-id: 5150
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 4020cd9d656264bec5e7fb5e45c5e06eff8656c3)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
ea7234d2f5
scd:nks: Factor out iteration over filelist.
* scd/app-nks.c (iterate_over_filelist): New.
(do_with_keygrip): Use iterate_over_filelist.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 6c4365847666cefac73ccc743a99fac473da2186)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
c9eb4c0632
scd:nks: Fix caching keygrip (more).
* scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID.

--

GnuPG-bug-id: 5150, 5161
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 87d2c579cc38c1d2787945650125fb0e0336652c
Fixes-commit: 00f594e3ecb26b010e87d5491b648369e7a92408
2022-10-20 12:22:08 +02:00
Werner Koch
cf5f6896f8
scd:nks: Minor additions to the basic IDLM application support.
* scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys.
(keygripstr_from_pk_file): Handle special value.
(do_readcert): Ditto.
(do_writecert): Ditto.
--

This allows to get information about the keys from the card.  However
the do_readkey still requires a fallback to readcert.  This does not
work because there are no certificates yet on the card.  The fix is to
fully implement do_readkey.

(cherry picked from commit 806547d9d243b26c2275fc00c645ee39d258b49b)
2022-10-20 12:22:08 +02:00
NIIBE Yutaka
f1bd7369a7
scd,nks: Fix caching keygrip.
* scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if
available.
--

GnuPG-bug-id: 5150, 6252
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Backported-from-master: 920154370834ad8d947aed19c9d914a27dde6baa:
2022-10-20 12:22:08 +02:00
Werner Koch
c1c3331cf9
scd:nks: Emit the algo string with KEYPAIRINFO
* scd/app-nks.c (do_learn_status_core): Emit the algo string as part
of a KEYPAIRINFO.
(struct fid_cache_s): Add field algostr.
(flush_fid_cache): Release it.
(keygripstr_from_pk_file): Fill it and add it to the cache.  Use a
single exit label.  Set algostr.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 26da47ae53d51e16ae6867cd419ddbf124a94933
Backported-from-master: 006944b856ee2202905290e8a2f5523a7877d444
GnuPG-bug-id: 6252, 5144

This has been backported to keep this, and only this, module in sync
with master. All other changes from the original patch have been
stripped.
2022-10-20 12:22:08 +02:00
Werner Koch
fe698586b5
scd:nks: Implement writecert for the Signature card v2.
* scd/iso7816.c (CMD_UPDATE_BINARY): New.
(iso7816_update_binary): New.
* scd/app-nks.c (do_deinit): Factor some code out to...
(flush_fid_cache): new.
(do_writecert): New.
(app_select_nks): Register new handler.
--

This has been backported only to make the following backpoorts easier.
The code is only used in 2.3; for details see the original commit
message.

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: c1663c690b29d2dea8bc782c42de5eca08a24cc9
GnuPG-bug-id: 6252
2022-10-20 12:22:07 +02:00
Werner Koch
c99870f790
scd:nks: Fix certificate read problem with TCOS signature card v2.
* scd/app-nks.c (filelist): Add a dedicated key entry for ESIGN.
(do_readcert): Test for the app_id.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 07aef873ebc77241e9a2be225537319f6fc15a41
GnuPG-bug-id: 6252
2022-10-20 12:22:07 +02:00
Werner Koch
a974d8aefa
scd:nks: Fix remaining tries warning in --reset mode.
* scd/app-nks.c (do_change_pin): Change computation of 'remaining'.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 2429e8559844e27de478d7e90834a714b3748834
GnuPG-bug-id: 6252
2022-10-20 12:22:07 +02:00
Werner Koch
60ba61e78e
scd:nks: Add framework to support IDKey cards.
* scd/app-nks.c (NKS_APP_IDLM): New.
(struct app_local_s): Replace NKS_VERSION by the global APPVERSION.
(do_learn_status): Always send CHV-STATUS.
(find_fid_by_keyref): Basic support for IDLM only use.
(do_learn_status_core): Ditto.
(do_readcert): Ditto.
(verify_pin): Ditto.
(parse_pwidstr): Ditto.
(do_with_keygrip): Ditto.
(switch_application): Ditto.
(app_select_nks): Fallback to IDLM.
--

Backported-from-master: 1f6a39092fe4b5f02bc4741a0a23d102d30f4063
GnuPG-bug-id: 6252

Also not directly required for the Signature Card 2.0, it is easier to
port this patch as well.
2022-10-20 12:22:07 +02:00
Werner Koch
a83281176c
scd:nks: Get the PIN prompts right for the Signature Card
* scd/app-nks.c (get_dispserialno): Move more to the top.
(do_getattr): Add $DISPSERIALNO and SERIALNO.  Make CHV-STATUS work
with NKS15.
(verify_pin): Use dedicated min. PIN lengths.
(parse_pwidstr): Support NKS15
--

GnuPG-bug-id: 4938
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit aecc008acb64ebbb6c667c4a128af4e61da57f84)
2022-10-20 12:22:07 +02:00
Werner Koch
bbef2d1790
scd:nks: Support decryption using ECDH.
* scd/app-nks.c (struct fid_cache_s): Add field 'algo'.
(keygripstr_from_pk_file): Add arg 'r_algo' to return the algo.
(find_fid_by_keyref): Ditto.
(get_dispserialno): New.
(make_prompt): New.
(verify_pin): Provide better prompts.
(do_decipher): Support ECDH.
(parse_pwidstr): Add hack tospecify any pwid..
(do_change_pin): Support Signature Card V2.0 (NKS15) style NullPIN.
Provide a better prompt.
--

GnuPG-bug-id: 4938, 6252
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: af45d884aa1c3eccbc6972a2e5197ece3fd1987a
2022-10-20 12:22:07 +02:00
Werner Koch
f5e0469d6e
scd:nks: Add do_with_keygrip and implement a cache.
* scd/app-nks.c (struct fid_cache_s): New.
(struct app_local_s): Add field 'fid_cache'.
(do_deinit): Release the cache.
(keygripstr_from_pk_file): Implement the cache.
(find_fid_by_keyref): New
(do_sign, do_decipher): Use new function.
(do_with_keygrip): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 1e72a1a218490c0fc07811a02ddad6cc38913f77
GnuPG-bug-id: 6252
2022-10-20 12:22:07 +02:00
Werner Koch
471e610fcd
scd:nks: Allow retrieving certificates from a Signature Card v.20
* scd/app-nks.c: Major rework to support non-RSA cards.
--

This is a fist step so support this ECC card.  The code has been
reworked while taking care that old cards should keep on working.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported-from-master: f05a32e5c9db7d0840c74fccc350a9e0ff5fb819
GnuPG-bug-id: 6252
2022-10-20 12:22:07 +02:00
NIIBE Yutaka
256b3c0578
gpg: Move NETLIBS after GPG_ERROR_LIBS (another).
* g10/Makefile.am (t_keydb_LDADD): Add NETLIBS after GPG_ERROR_LIBS.

--

Fixes-commit: b26bb03ed96f380ad603f7ad902862625233c931
GnuPG-bug-id: 6244
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-10-18 10:24:54 +09:00
NIIBE Yutaka
a5c3821664
dirmngr: Fix build with no LDAP support.
* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize.

--

Cherry-pick master commit of:
	7011286ce6e1fb56c2989fdafbd11b931c489faa

GnuPG-bug-id: 6239
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-10-18 10:16:11 +09:00
NIIBE Yutaka
b26bb03ed9
gpg: Move NETLIBS after GPG_ERROR_LIBS.
* g10/Makefile.am (LDADD): Remove NETLIBS.
(gpg_LDADD, gpgv_LDADD): Add NETLIBS after GPG_ERROR_LIBS.
(gpgcompose_LDADD, t_keydb_get_keyblock_LDADD): Likewise.
(t_stutter_LDADD): Likewise.

--

GnuPG-bug-id: 6244
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-10-18 10:08:20 +09:00
NIIBE Yutaka
6f0066db2c
gpg: Report an error for receiving key from agent.
* g10/export.c (do_export_one_keyblock): Report an error.

--

GnuPG-bug-id: 5151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-10-13 18:35:34 +02:00
Werner Koch
70ec346fb4
Post release updates
--

Also switch speedo to use https instead of ftp for download.
2022-10-13 17:02:47 +02:00
Werner Koch
2e9f8a511d
Release 2.2.40 gnupg-2.2.40 2022-10-10 12:32:35 +02:00
Werner Koch
21db05100d
po: Auto update
--
2022-10-10 11:53:14 +02:00
Werner Koch
5df1c247be
gpg: For de-vs use AES-128 instead of 3DES as implicit preference.
* g10/pkclist.c (select_algo_from_prefs): Change implicit cipher
algorithm.
--

Although 3DES is still a compliant algorithm, some other software does
not consider it has compliant but also does not set preference
accordingly.  Thus it is better to switch the implicit cipher algorithm
similar to what we already did with SHA-1.

Note that in GnuPG 2.3 3DES is already not anymore used here.

GnuPG-bug-id: 6063
2022-10-10 11:22:57 +02:00
Ingo Klöcker
94092793f6
sm: Fix reporting of bad passphrase error
* sm/minip12.c (p12_parse): Set badpass flag to result in ctx.
--

Fixes-commit: 4c14bbf56fb544541bd65f9d6e6e0b81779dcab6
GnuPG-bug-id: 5713, 6037
(cherry picked from commit a47b3a4087349f3873eb04a83dc2a0f512cacf86)
2022-10-10 09:17:10 +02:00
Werner Koch
cd020284c9
wkd: Implement --blacklist option for gpg-wks-client
* tools/gpg-wks-client.c (blacklist_array, blacklist_array_len): New.
(parse_arguments): Install blacklist.
(read_file): New.
(cmp_blacklist, add_blacklist, is_in_blacklist): New.
(mirror_one_key): Check list.
* tools/gpg-wks.h (opt): Remove field blacklist.
--

GnuPG-bug-id: 6224
(cherry picked from commit b0b4e24c4fa80c10d310a229f5a0c65a57ad9393)
2022-10-07 17:44:44 +02:00