1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9927 Commits

Author SHA1 Message Date
NIIBE Yutaka
6f5debd36a
Fix the length of ECDSA.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-03-06 11:16:03 +09:00
NIIBE Yutaka
aa8c5d12ef
Fix keygrip computation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-03-03 20:44:24 +09:00
NIIBE Yutaka
395bcbc0ff
Fix listing keys.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-03-03 18:19:12 +09:00
NIIBE Yutaka
22f945cf30
Implement token_keyinfo.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-03-03 14:39:12 +09:00
NIIBE Yutaka
601e1e28df
Add key->flags member.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-03-03 14:02:04 +09:00
NIIBE Yutaka
20ba5794bf
Fix assuan context things.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-03-03 12:02:07 +09:00
NIIBE Yutaka
ef83c46362
Implement token_sign.
Still assuan_context_t should be fixed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-03-02 15:13:59 +09:00
NIIBE Yutaka
338736c0fe
Move functions.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-03-02 13:01:45 +09:00
NIIBE Yutaka
5055718fec
Define routines for pkcs11.c in the header.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-02-27 18:41:31 +09:00
NIIBE Yutaka
d30ce02dd6
Start tkdaemon to offer PKCS#11 module access.
Currently, it's a mock-up.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-02-27 15:54:14 +09:00
NIIBE Yutaka
34abc6cd9b
Some implementations don't offer the information of key mechanisms.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-02-24 14:50:41 +09:00
NIIBE Yutaka
88b832dfab
Logout after use (when login).
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-02-24 13:27:50 +09:00
NIIBE Yutaka
c0a5dd3dcf
Yubikey PIV now somehow works.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-02-24 11:41:26 +09:00
NIIBE Yutaka
0f5e9dea89
Testing pksign.c for access to PKCS#11 module.
Scute and SoftHSMV2: RSA key works

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-02-22 16:13:21 +09:00
NIIBE Yutaka
c82f6b6599
Add test code to handle PKCS#11 module.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-02-21 16:59:49 +09:00
Werner Koch
3d094e2bcf
gpg: New option --add-desig-revoker
* g10/gpg.c (oAddDesigRevoker): New.
(opts): Add new option.
* g10/options.h (opt): Add field desig_revokers.
* g10/keygen.c (get_parameter_idx): New.
(get_parameter): Make use of get_parameter_idx.
(prepare_desig_revoker): New.
(get_parameter_revkey): Add arg idx.
(proc_parameter_file): Add designated revokers.
(do_generate_keypair): Write all designated revokers.
2023-02-16 18:10:03 +01:00
Werner Koch
49fe6a2821
doc: Put the Unattended Usage of GPG section also into the man page.
--
2023-02-16 15:07:40 +01:00
Werner Koch
f118e3b101
gpg: --gen-random code cleanup by using es_set_binary.
* g10/gpg.c (main): Replace setmode by es_set_binary and use only when
needed.
--

It is better to use our es_set_binary than to use a Windows specific
method which still worked but is fragile because estream might be
changed.  We now set binary only when needed.  Note that it does not
harm to call es_set_binary more often than needed.
2023-02-16 13:14:30 +01:00
Werner Koch
3ab6538433
tools: Return a better error message if sendmail is not usable.
* tools/send-mail.c: Include unistd.h
(run_sendmail): Check for bad sendmail.
--

GnuPG-bug-id: 6321
2023-02-08 08:23:31 +01:00
Werner Koch
103acfe9ca
gpg: New list-option --show-unusable-sigs.
* g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New.
* g10/gpg.c (parse_list_options): Add "show-unusable-sigs".
* g10/keydb.h (keyid_eq): New.
(pk_is_primary): New.
* g10/keylist.c (list_signature_print): Early return for weak key
signatures.  Print "self-signature" instead of user-id.
(list_keyblock_print): Simplify and always set self-sig node flag.
--

This patch avoid the printing of often hundreds of "Invalid digest
algorithm" notices during key signature listings if those key
signatures were done with SHA1.  The new option can be used to revert
the behaviour.

We now also print "[self-signature]" with --check-sigs or --list-sigs
instead of the primary user id.  This makes such listing easier to read.
2023-02-07 14:50:03 +01:00
Werner Koch
8b8a8b246c
ssh: Allow to define the order in which keys are returned.
* agent/findkey.c (public_key_from_file): Add arg r_sshorder.
(agent_ssh_key_from_file): Ditto.
* agent/command-ssh.c (struct key_collection_item_s): New.
(struct key_collection_s): New.
(search_control_file): Add art r_lnr.
(add_to_key_array): New.
(free_key_array): New.
(compare_key_collection_items): New.
(ssh_send_available_keys): Rewrite to return the keys in the user
given order.
--

GnuPG-bug-id: 6212

We now first return the keys from active cards, followed by keys
listed in sshcontrol, finally from those with the "Use-for-ssh" key
attribute.  Keys from active cards are returned sorted by their S/N.
Keys from sshcontrol are returned in the order they are given in that
file.  Use-for-ssh keys are ordered by the value assigned to that key
attribute.  The values for the latter are clamped at 99999.
2023-02-01 09:27:28 +01:00
Werner Koch
f9bcec6f8a
gpg: New pseudo option full-help for --list-options et al.
* g10/misc.c (parse_options): Implement "full-help".
--
2023-01-31 11:52:01 +01:00
Werner Koch
5a223303d7
gpg: Make "--list-options show-sig-subpackets=n,m" work again.
* g10/gpg.c (parse_list_options): Set value for show-sig-subpackets.
--

Fixes-commit: 811cfa34cb3e7166f0cf1f94565504dee21cd9f5
and thus a regression in 2.4.0
2023-01-31 11:32:41 +01:00
Werner Koch
d11d3cf85b
gpg: For readibility use macro instead of integers in key-clean.
* g10/key-clean.c (NF_USABLE, NF_CONSIDER): New.
(NF_PROCESSED, NF_REVOC, NF_NOKEY): New.
2023-01-30 15:59:15 +01:00
Werner Koch
851ac88bde
gpgtar: Fix new --status-fd handling.
--

Fixes-commit: f84264e8acf742793c73ce78491cab61fac37051
2023-01-30 15:56:11 +01:00
Werner Koch
f84264e8ac
gpgtar: Emit progress status lines in create mode.
* tools/gpgtar.h (opt): Add field status_stream.
* tools/gpgtar.c (main): Set status_stream.
* tools/gpgtar-create.c (global_header_count): Rename to
global_total_files.
(global_written_files): New.
(global_total_data, global_written_data): New.
(struct scanctrl_s): Add field file_count.
(write_progress): New.
(write_file): Add arg skipped_open. Don't bail out immediatly on open
error.  Write progress lines.
(gpgtar_create): Write progress lines.  Print info aout skipped files.
--

GnuPG-bug-id: 6363
2023-01-30 15:23:38 +01:00
Werner Koch
d5fe8ba721
gpgtar: Fix parent directory creation bug
* tools/gpgtar-extract.c (extract_directory): Ignore EEXIST on parent
directory creation.
2023-01-26 11:54:44 +01:00
Werner Koch
1ab21c82c3
gpgtar: Allow decryption from stdin.
* tools/gpgtar.c (main): Revamp switch and fix usage test for aDecrypt
and aList.
--

GnuPG-bug-id: 6355
2023-01-26 11:40:10 +01:00
NIIBE Yutaka
3de5e00d04
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-01-26 15:24:24 +09:00
Werner Koch
f35e7dbf9e
common: Slight redefinition of nvc_get_boolean.
* common/name-value.c (nvc_get_boolean): Rewrite.
--

The function may now return a positive or negative number instead of
just 1 for true.  All callers were already prepared for this.

GnuPG-bug-id: 6212
2023-01-24 10:07:02 +01:00
Werner Koch
eae28f1bd4
doc: Remove profile and systemd example files.
--

The profiles are not any longer useful because global options are way
more powerful (/etc/gnupg/gpg.conf et al.).  The use of systemd is
deprecated because of additional complexity and the race between
systemd based autolaunching and the explicit gnupg based and lockfile
protected autolaunching.

GnuPG-bug-id: 6336
2023-01-23 16:35:12 +01:00
Werner Koch
d98bf02a03
gpg: Replace --override-compliance-check by a real fix.
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--

The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key.  The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.

Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436
GnuPG-bug-id: 5655
2023-01-20 11:03:40 +01:00
Werner Koch
b9528830d6
gpg: Do not require --status-fd along with --require-compliance.
* g10/mainproc.c (check_sig_and_print): Do not check whether status is
enabled when checking compliance.
2023-01-20 09:23:27 +01:00
Werner Koch
c0a6b6b2d7
doc: Update copyright notices.
--

Note that we now print Copyright g10 Code instead of FSF.
2023-01-20 09:07:20 +01:00
Werner Koch
33b6ee5047
wkd: Support option --output for command --check.
* tools/wks-util.c (write_to_file): Rename to ...
(wks_write_to_file): this, make global, and support NULL for fname.
* tools/gpg-wks-client.c (command_check): Write to key.
2023-01-20 09:00:31 +01:00
Werner Koch
e28b6c301d
doc: Revert last change the gpg --unwrap description
--

Note that --unwrap is an option and not a command.  Thus it modifies
the behaviour of the default operation or of -d.
2023-01-19 16:31:05 +01:00
Werner Koch
9a50be0d05
common: Detect PNG and JPEG file formats.
* common/miscellaneous.c (is_file_compressed): Add detect code.
--

GnuPG-bug-id: 6332
2023-01-19 11:27:25 +01:00
Werner Koch
227c78ce0e
wkd: Let gpg-wks-client --supported print some diagnostics.
* tools/call-dirmngr.c (wkd_get_status_cb): Deetect and output warning
and note stati from dirmngr.
--

This is in particular helpful to check for non-proper TLS
certificates.
2023-01-19 10:52:43 +01:00
Werner Koch
60963d98cf
gpg: Detect already compressed data also when using a pipe.
* common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature.
(file_filter): Implement peeking.
(iobuf_ioctl): Add new IOBUF_IOCTL_PEEK.
* common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New.
* common/miscellaneous.c (is_file_compressed): Rewrite.  Detect PDF.
* g10/encrypt.c (encrypt_simple): Peek before detecting compression.
(encrypt_crypt): Ditto.
* g10/sign.c (sign_file): Also detect already compressed data.

* g10/options.h (opt): Add explicit_compress_option.
* g10/gpg.c (main): Set opt.explicit_compress_option for -z.

--

Note that this patch also introduces a compression check for signing
which was never done in the past.

GnuPG-bug-id: 6332
2023-01-19 10:45:54 +01:00
Werner Koch
94ae43be36
common: Replace all assert by log_assert.
--
2023-01-18 12:17:02 +01:00
Werner Koch
f79d9b9310
gpgtar: Make --status-fd option for fds > 2 work
* tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in
spawn.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--

Note that this fix does not handle file descripotors passed via the
--gpg-args options.

GnuPG-bug-id: 6348
2023-01-18 10:42:53 +01:00
Werner Koch
338a5ecaa1
sm: Fix compliance checking for ECC signature verification.
* common/compliance.c (gnupg_pk_is_compliant): Also consider the
gcrypt vids for ECDSA et al.
(gnupg_pk_is_allowed): Ditto.
* sm/verify.c (gpgsm_verify): Consider the curve.  Print a compliance
notice for a non-compliant key.

* sm/certchain.c (gpgsm_validate_chain): Silence the "switching to
chain model".
2023-01-12 20:52:27 +01:00
Werner Koch
b58cf129f4
dirmngr: Cleanup of the no-Tor check with --gpgconf-* commands
* dirmngr/dirmngr.c (post_option_parsing): Add arg CMD.
(main): Pass the current command.
--

Updates-commit: 9f37e93dd741a5436ff412955628806ae84725ca
2023-01-11 11:40:18 +01:00
Werner Koch
d1298fa287
w32: Make sure DEP is enabled.
* common/init.c (_init_common_subsystems): Test and set the DEP
Policy.
--

Note that this change will now definitely require Windows XP SP3.
2023-01-11 11:33:26 +01:00
Werner Koch
1f7a88ec5e
doc: Minor fix of the --keyserver option.
--

Unfortunately the a reflow took place.
2023-01-11 11:32:50 +01:00
NIIBE Yutaka
e89d57a2cb
tests: Fix tests/gpgme for in-source-tree builds.
* tests/gpgme/Makefile.am: Don't use setup.scm/ dir.
* tests/gpgme/all-tests.scm: Fix the name of the environment.

--

GnuPG-bug-id: 6313
Fixes-commit: c19ea75f10d6278569619f90977ce7c820e9319d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-21 10:52:24 +09:00
Werner Koch
9610faad90
Post release updates
--
2022-12-16 18:30:15 +01:00
Werner Koch
c0556edb80
Release 2.4.0 gnupg-2.4.0 2022-12-16 17:38:03 +01:00
Werner Koch
ca60c02d92
po: update-po
--
2022-12-16 17:37:33 +01:00
Werner Koch
e09750cd39
po: Fixed two new fuzzies in the Czech translation.
--

They were obvious.
2022-12-16 17:36:25 +01:00