gnupg/sm
Werner Koch 4c14bbf56f
sm: Update pkcs#12 module from master
* sm/minip12.c: Update from master.
* sm/import.c (parse_p12): Pass NULL for curve.
--

Over the last years we had a couple of changes not backported to 2.2.
However, to support DFN p12 files and probably other p12 files we need
to update the minip12.c module.  Instead of picking commits we take
the module verbatim, which is relatively easy because it was
originally designed to be a standalone module.

Summary of commits taken from master:

  sm: Improve pkcs#12 debug output.
  sm: Rework the PKCS#12 parser to support DFN issued keys.
  sm: Fix parsing encrypted data.
  sm: Do not print certain issuer not found diags in quiet mode.
  sm: Silence some output on --quiet
  sm: Replace all assert calls by log_assert.
  doc: Typo fixes in code comments
  sm: Add support to export ECC private keys.

Detailed log messages for those commits:

  commit 52f9e13c0c

    sm: Improve pkcs#12 debug output.

    * sm/minip12.c (parse_shrouded_key_bag): Fix offset diagnostic.
    (parse_cert_bag): Ditto.
    (parse_bag_data): Remove debug output.  Pass startoffset.
    Fix offset diagnostic.

  commit a4e04375e8

    sm: Rework the PKCS#12 parser to support DFN issued keys.

    * sm/minip12.c (struct p12_parse_ctx_s): New.  Use this instead of
    passing several parameters to most functions.
    (parse_pag_data): Factor things out to  ...
    parse_shrouded_key_bag): new.
    (parse_cert_bag): New.
    (parse_bag_data): New.
    (p12_parse): Setup the parse context.

    To support newer pkcs#12 files like those issued by the DFN we
    need to support another ordering of data elements.  This rework
    reflects the P12 data structure a bit better than our old ad-hoc
    hacks.  Tests could only be done with the certificate parts and
    not the encrypted private keys.

GnuPG-bug-id: 6037

  commit 6c50834c09

    sm: Fix parsing encrypted data.

    * sm/minip12.c (cram_octet_string): Finish when N==0.
    (parse_bag_encrypted_data): Support constructed data with multiple
    octet strings.

GnuPG-bug-id: 5793

  commit a170f0e73f

    sm: Do not print certain issuer not found diags in quiet mode.

    * sm/certchain.c (find_up_dirmngr): Print one diagnostic only in
    verbose mode.  Do not print issuer not found diags in quiet mode.
    * sm/minip12.c (parse_bag_data): Add missing verbose condition.

GnuPG-bug-id: 4757

  commit 615d2e4fb1

    sm: Silence some output on --quiet

    * sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
    * sm/gpgsm.c: Include minip12.h.
    (set_debug): Call p12_set_verbosity.
    * sm/import.c (parse_p12): Dump keygrip only in debug mode.
    * sm/minip12.c (opt_verbose, p12_set_verbosity): New.
    (parse_bag_encrypted_data): Print info messages only in verbose
    mode.

GnuPG-bug-id: 4757

  commit 9ee975d588

    gpgsm: Replace all assert calls by log_assert.

  commit 9bc9d0818b

    doc: Typo fixes in code comments

  commit 5da6925a33

    sm: Add support to export ECC private keys.

    * sm/minip12.c [TEST]: Remove test code.  Include util.h, tlv.h. and
    openpgpdefs.h.  Remove the class and tag constants and replace
    them by those from tlv.h.
    (builder_add_oid, builder_add_mpi): New.
    (build_key_sequence): Rename to ...
    (build_rsa_key_sequence): this.
    (build_ecc_key_sequence): New.
    (p12_build): Call RSA or ECC builder.
    (p12_raw_build): Ditto.
    * sm/export.c (gpgsm_p12_export): Use correct armor header for ECC.
    (sexp_to_kparms): Support ECC.

GnuPG-bug-id: 4921
2022-06-21 18:22:14 +02:00
..
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
Makefile.am w32: Add manifest files to most binaries 2020-10-02 17:04:12 +02:00
call-agent.c sm: New option --ignore-cert-with-oid. 2022-02-03 14:29:19 +01:00
call-dirmngr.c gpg,sm: Simplify keyserver spec parsing. 2021-05-26 14:30:17 +02:00
certchain.c Replace most of the remaining stdio calls by estream calls. 2020-10-21 21:09:38 +02:00
certcheck.c Assorted memory leak fixes on the error code paths. 2021-05-20 14:51:42 +02:00
certdump.c sm: Fix a bug in the rfc2253 parser 2020-08-28 09:09:34 +02:00
certlist.c sm: Avoid confusing diagnostic for the default key. 2019-05-27 15:48:41 +02:00
certreqgen-ui.c sm: Show the usage flags when generating a key from a card. 2019-08-21 13:59:17 +02:00
certreqgen.c sm: Fix possible NULL deref in error messages of --gen-key. 2020-03-30 17:32:42 +02:00
decrypt.c gpgsm: New option --require-compliance 2022-03-08 19:06:30 +01:00
delete.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
encrypt.c gpgsm: New option --require-compliance 2022-03-08 19:06:30 +01:00
export.c sm: Ask for the password for password based decryption (pwri) 2021-05-17 19:29:06 +02:00
fingerprint.c sm: Exclude rsaPSS from de-vs compliance mode. 2020-07-03 17:08:58 +02:00
gpgsm-w32info.rc w32: Add manifest files to most binaries 2020-10-02 17:04:12 +02:00
gpgsm.c w32: Do no use Registry item DefaultLogFile for the main tools. 2022-04-20 09:20:35 +02:00
gpgsm.h gpgsm: New option --require-compliance 2022-03-08 19:06:30 +01:00
gpgsm.w32-manifest.in w32: Add manifest files to most binaries 2020-10-02 17:04:12 +02:00
import.c sm: Update pkcs#12 module from master 2022-06-21 18:22:14 +02:00
keydb.c sm: Do away with the locked flag in keydb.c 2021-03-02 19:16:28 +01:00
keydb.h sm: On Windows close the kbx files at several places. 2021-03-02 19:01:07 +01:00
keylist.c sm: Detect circular chains in --list-chain. 2021-11-15 17:54:08 +01:00
minip12.c sm: Update pkcs#12 module from master 2022-06-21 18:22:14 +02:00
minip12.h sm: Update pkcs#12 module from master 2022-06-21 18:22:14 +02:00
misc.c sm: Exclude rsaPSS from de-vs compliance mode. 2020-07-03 17:08:58 +02:00
passphrase.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
passphrase.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
qualified.c Replace most of the remaining stdio calls by estream calls. 2020-10-21 21:09:38 +02:00
server.c Assorted memory leak fixes on the error code paths. 2021-05-20 14:51:42 +02:00
sign.c sm: Exclude rsaPSS from de-vs compliance mode. 2020-07-03 17:08:58 +02:00
verify.c gpgsm: New option --require-compliance 2022-03-08 19:06:30 +01:00