* g10/export.c (export_ssh_key): Do not close stdout.
--
stdout should never be closed; this fixes this minor bug.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
same as with !OPT_NEWSYMKEY.
--
In loopback mode there shall not be any repeat because the caller is
expected to do any confirmation before passing a new passphrase to
gpg.
Fixes-commit: d9e2dfa4c585de7c261fde13c18bd0f82415d6c3
as unfortunately released with 2.2.21.
GnuPG-bug-id: 4991
Signed-off-by: Werner Koch <wk@gnupg.org>
--
It is a bit surprising that nothing happens if no key is specified to
--delete-key et al. Although this is common Unix behaviour the use
might have expected that it behaves like --export and deletes all
keys. Sure we don't do the latter, so a short notice will help.
GnuPG-bug-id: 4959
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.
Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (do_getpin): New.
(agent_askpin): Use do_getpin.
(agent_get_passphrase): Add arg pininfo. Use do_getpin.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
--
This new option allows to present a passphrase with the usual repeat
box as it is used by gpg-agent's internal key generation.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: eace4bbe1ded8b01f9ad52ebc1871f2fd13c3a08
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo. Fix error code.
(encrypt_simple): Use setup_symkey.
--
Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion. The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 6864bba78e76a1ff72aec140ae9f4e752454c463
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS. Adjust all callers.
* common/util.c (pubkey_algo_to_string): New.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags. Pass algo flags along. Change some of the
info output to be more like current master.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
This backport from master
commit 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
also includes some changes taken from
commit a759fa963a42e0652134130029217270b6d5d00b
(sm: Improve readability of the data verification output.)
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent.
(main): Use that arg for the default file.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/certdump.c: Include membuf.h.
(gpgsm_print_serial_decimal): New.
* sm/keylist.c (list_cert_raw): Print s/n also in decimal
(list_cert_std): Ditto.
--
Many CA's print the serial number in decimal on their cards.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Require libgpg-error 1.25.
* common/util.h: Define some extra error codes.
--
This actually defines a few more error ocdes in case they are used by
backported code. The requirement chnaged to 1.25 because erro codes
from there are also required.
GnuPG-bug-id: 4965
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns.h (dns_strsection, dns_strclass)
(dns_strtype): Change APIs.
* dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
(dns_rr_print): Use __dst for dns_strclass and dns_strtype.
(dns_trace_dump): Likewise.
(dns_ai_print): Use __dst for dns_strtype.
(dns_strsection): Add an argument __dst for storage.
(dns_strclass, dns_strtype): Likewise.
(parse_packet): Use __dst for dns_strsection.
(send_query): Use __dst for dns_strtype.
(isection): Use __dst for dns_strsection.
(iclass): Use __dst for dns_strclass.
(itype): Use __dst for dns_strtype.
--
Backport master commit of:
30eef28bc0f5deaa1b4b7f04293a6527524280a9
GnuPG-bug-id: 4934
Reported-by: Tomas Mraz
Fixes-commit: ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/logging.c (log_printhex): Chnage order of args. Make it
printf alike. Change all callers.
* configure.ac: Add -Wno-format-zero-length
--
This makes it consistent with modern libgpgrt logging and thus eases
back porting from newer GnuPG versions which use libgpgrt logging.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/certchain.c (find_up): Disable external lookups in offline mode.
Always allow AKI lookup if CRLs are also enabled.
--
GnuPG-bug-id: 4898
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and
adjust all callers.
* sm/certchain.c (oidstr_caIssuers): New.
(struct find_up_store_certs_s): Add additional fields.
(find_up_store_certs_cb): Store the fingerprint.
(find_up_via_auth_info_access): New.
(find_up): Try the AIA URI first.
--
Note that --auto-issuer-key-retrieve is required to use that.
GnuPG-bug-id: 4898
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (opts): Add it.
--
This got lost when backporting from master.
Fixes-commit: 95b42278cafe7520d87168fb993ba715699e6bb6
GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/decrypt-data.c (decrypt_data): Move aead algo detection up.
--
Note that the AEAD modes are not yet approved for --compliance=de-vs
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (preftype_t): Add PREFTYPE_AEAD.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
* g10/getkey.c (fixup_uidnode): Set AEAD flags.
(merge_selfsigs): Ditto.
--
Although we are not able to create such keys we should be abale to
show them.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (aead_algo_t): New.
(pkttype_t): Add PKT_ENCRYPTED_AEAD.
* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
AEAD.
(aead_set_nonce_and_ad): New.
(aead_checktag): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/dek.h (DEK): Add field use_aead. Turn use_mdc,
algo_info_printed, and symmetric into bit flags.
* g10/mainproc.c (struct mainproc_context): Add field
seen_pkt_encrypted_aead.
(release_list): Clear it.
(have_seen_pkt_encrypted_aead): New.
(symkey_decrypt_seskey): Support AEAD.
(proc_symkey_enc): Ditto.
(proc_encrypted): Ditto.
(proc_plaintext): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(openpgp_aead_algo_info): New.
* g10/packet.h (PKT_symkey_enc): Add field use_aead.
(PKT_user_id): Add field flags.aead
(PKT_public_key): Ditto.
(PKT_encrypted): Add fields for AEAD.
* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
(parse_symkeyenc): Support AEAD.
(parse_encrypted): Ditto.
(dump_sig_subpkt): Dump AEAD preference packet.
(parse_encrypted_aead): New.
--
This patch allows to decrypt data encrypted using the new AEAD
mechanism as specified in rfc4880bis. Although preferences are used
to enable this new mode, it is useful to have at least a decryption
option in case a user switches between GnuPG 2.2 and newer versions.
The new AEAD mechanism is much faster than the current CFB+MDC and
thus 2.2 will allow faster decryption of symmetric only decryption.
This patch is based on the current master (2.3) code base and includes
a few other patches. In particular
commit 44be675b759d27bac310c2de8bae1b7882a26b65
(gpg: More check for symmetric key encryption.)
is included.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/decrypt-data.c (mdc_decode_filter, decode_filter): Fatcor buffer
filling code out to ...
(fill_buffer): new.
--
This patch includes the master commit
d989373f1a46139ed0fbc4d4a91069b78617ad9
and
5d6c080522e1666943b75c99124fb69b985b6941
Benchmarking on our usual X220 shows for a 1.3GiB non-compressed
non-armored AES encrypted file (ECDH encrypted but the symmetric
decryption takes the majority of the time, reading from stdin writing
to /dev/null):
| | before | after |
|------------+-----------+-----------|
| real | 0m15.006s | 0m11.849s |
| user | 0m14.304s | 0m11.259s |
| sys | 0m0.640s | 0m0.537s |
| throughput | 90 MiB/s | 115 MiB/s |
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/decrypt-data.c (struct decode_filter_context_s): Rename 'defer'
to 'holdback' and 'defer_filled' to 'holdbacklen'. Increase size of
holdback to allow for future AEAD decryption. Turn 'partial' and
'eof_seen' into bit fields.
(decrypt_data): Replace write_status_text by write_Status_printf.
Indent parts of the code.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/validate.c (hash_algo_from_buffer): New.
(uint_from_buffer): New.
(check_cert_sig): Support rsaPSS.
* sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on
error.
--
Yes, I know that there is a lot of code duplication. In fact some of
the code is ugly and it would be better if we enhance Libgcrypt to
guarantee that returned memory buffers via gcry_sexp_extract_param are
allways Nul terminated and we should also enhance that function to
directly extract into an unsigned int or char *.
GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (hash_algo_to_string): New.
--
Libgcrypt expects lowercase names and it is cumbersome to downcase
those retrieved via gcry_md_algo_name. It is easier and also faster
to use a dedicated map function.
* scd/app-p15.c (make_pin_prompt): Factor some code out to ...
(get_dispserialno): this.
(do_getattr): Use new fucntion for a $DISPSERIALNO.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-p15.c (struct prkdf_object_s): New fields common_name and
serial_number.
(release_prkdflist): Free them.
(keygrip_from_prkdf): Parse cert and set them.
(any_control_or_space): New.
(make_pin_prompt): New.
(verify_pin): Construct a pretty PIN prompt.
(do_sign): Remove debug output.
--
The D-Trust card has the SerialNumber part of the Subject printed on
the front matter, we assume this is also possible with other cards and
thus we show this as serial number.
The holder of the card is also extracted from the card's subject.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported from master.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/iso7816.c (map_sw): Detect 0x63Cn status code.
--
I really wonder when that got lost and we ended up with a simple card
error.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported from master.
* scd/iso7816.c (iso7816_select_mf): New.
* scd/app-p15.c (card_product_t): New.
(struct app_local_s): Add field 'card_product'.
(read_ef_tokeninfo): Detect D-Trust card.
(prepare_verify_pin): Switch to D-Trust AID.
(do_decipher): Restore a SE for D-TRust cards. Change the padding
indicator to 0x81.
* common/percent.c (percent_data_escape): new. Taken from master.
--
Using what I learned from a USB trace running the Governikus Signer
Software on Windows this fixes the left over problem with the new
D-Trust card support.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported from master. This required to add the percent_data_escape
function we introduced in master on 2018-07-02:
commit 58baf40af641f8cbf597e508a292e85ae94688f1
common: New function percent_data_escape.
Signed-off-by: Werner Koch <wk@gnupg.org>