summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* common: Enhance dotlock, so that we can have a CLI util.NIIBE Yutaka2023-12-192-11/+138
| | | | | | | | | | | | | | | | * common/dotlock.h (DOTLOCK_LOCK_BY_PARENT, DOTLOCK_LOCKED): New. * common/dotlock.c [HAVE_POSIX_SYSTEM]: Include <dirent.h>. (dotlock_get_process_id, dotlock_detect_tname): New. (dotlock_create_unix): Handle the case when no_write option is specified. Not creating the lock file, but detect the the file of tname. (dotlock_create) [HAVE_POSIX_SYSTEM]: Add support of DOTLOCK_LOCK_BY_PARENT and DOTLOCK_LOCKED for dotlock CLI util. (dotlock_take_unix): Support the case of DOTLOCK_LOCK_BY_PARENT. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* kbx: Create public-keys.d, after creating the homedir.NIIBE Yutaka2023-12-192-0/+88
| | | | | | | | | * kbx/keyboxd.c (create_directories): Following the behavior of gpg-agent, call create_public_keys_directory after mkdir. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* keyboxd: Pass lock info back to gpg and gpgsm.Werner Koch2023-12-183-9/+48
| | | | | | | | | | | | | | | * g10/call-keyboxd.c (keydb_default_status_cb): New. (keydb_update_keyblock): Add new status callback. (keydb_insert_keyblock): Ditto. (keydb_delete_keyblock): Ditto. (search_status_cb): Also try the new status callback. * sm/keydb.c (keydb_default_status_cb): New. (keydb_insert_cert): Add new status callback. (keydb_delete): Ditto (search_status_cb): Also try the new status callback. -- GnuPG-bug-id: 6838
* keyboxd: Timeout on failure to get the database lock.Werner Koch2023-12-181-15/+53
| | | | | | | | | | | | | | * kbx/backend-sqlite.c (dblock_info_cb): New. (create_or_open_database): Add arg ctrl. Add a 10 second timeout. Avoid warning on error if not locked. (be_sqlite_add_resource): Do not open the database here. (be_sqlite_search): ... but do it here. -- Note that we need to delay the initalization to the first use of the database so that we actually have a recipient for the status messages. GnuPG-bug-id: 6838
* common: Add an info callback to dotlock.Werner Koch2023-12-183-11/+203
| | | | | | | | | | | | | * common/dotlock.h (enum dotlock_reasons): New. (DOTLOCK_PREPARE_CREATE): New flag. * common/dotlock.c (struct dotlock_handle): Add info_cb and info_cb_value. (dotlock_create): Support the new flag. (dotlock_finish_create): New. (read_lockfile): Silence in case of ENOENT. (dotlock_set_info_cb): New. Use callback after all error and info messages. (dotlock_take_unix, dotlock_take_w32): Allow termination by callback.
* common: Improve error return for dotlock.Werner Koch2023-12-121-2/+8
| | | | | | * common/dotlock.c (dotlock_take_unix): Return a ETIMEDOUT insteaad of EACCESS on timeout. (dotlock_take_w32): Ditto.
* doc: Fix description of scdaemon for --disable-ccid.NIIBE Yutaka2023-12-121-10/+8
| | | | | | | -- GnuPG-bug-id: 6871 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* po: Fix quotes in Polish Translation.Ahelenia Ziemiańska2023-12-071-395/+395
| | | | | | -- Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
* po: Update Portuguese Translation.Daniel Cerqueira2023-11-302-5767/+3530
| | | | | | | | | | -- This commit log (with no ChangeLog entry) is written by gniibe, following the practice; Translation update don't need a ChangeLog entry in a commit log. Signed-off-by: Daniel Cerqueira <dan.git@brilhante.top>
* gpgsm: Set validity flag in keylisting to n for untrusted root cert.Werner Koch2023-11-271-0/+2
| | | | | | | | * sm/keylist.c (list_cert_colon): Map not_trusted to 'n' for non-root certs like we do for root certs. -- GnuPG-bug-id: 6841
* scd:openpgp: Fallback to default ECDH params in writekey.Werner Koch2023-11-231-3/+5
| | | | | | | | | | | | * scd/app-openpgp.c (ecc_writekey): Use default ECDH parameters and remove the now useless check. -- This seems to be better than bailing out. In almost all cases our standard parameters are used and if not, well, the fingerprint will be wrong. GnuPG-bug-id: 6378
* agent: Update the key file only if changed (slight return).Werner Koch2023-11-211-12/+52
| | | | | | | | | | * agent/findkey.c (read_key_file): Add optional arg r_orig_key_value to return the old Key value. Change all callers. (agent_write_private_key): Detect whether the Key entry was really changed. -- GnuPG-bug-id: 6829
* common: Check wether to set the modified flag in nve_set.Werner Koch2023-11-211-22/+8
| | | | | * common/name-value.c (nvc_set): Factor code out to ... (nve_set): here.
* agent: Update the key file only if not changed.Werner Koch2023-11-213-9/+56
| | | | | | | | | | | | | | | | | | | | * common/name-value.c (struct name_value_container): Add flag "modified". (nvc_modified): New. (nvc_new): Set flag. (_nvc_add): Set flag. (nvc_delete): Set flag. (nvc_set): Set flag unless value did not change. (nve_set): Add arg PK. Change the caller. * agent/findkey.c (agent_write_private_key): Update only if modified. -- This helps software which uses a file system watcher to track changes to private keys. In particular smartcard triggered changes are a problem for such software because this may at worst trigger another smartcard read. GnuPG-bug-id: 6829
* scd: New option --debug-allow-pin-logging.Werner Koch2023-11-213-4/+10
| | | | | | | | | | | | | * scd/scdaemon.c (oDebugAllowPINLogging): New. (opts): Add option. (main): Set option. * scd/scdaemon.h (opt): Add debug_allow_pin_logging. * scd/apdu.c (pcsc_send_apdu): Do not hide the PIN dat in the debug output if the option is set. (send_apdu_ccid): Ditto. -- This option is only required during development.
* po: Update Japanese Translation.NIIBE Yutaka2023-11-201-12/+12
| | | | | | -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: Report BEGIN_* status before examining the input.NIIBE Yutaka2023-11-178-189/+174
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/miscellaneous.c (is_openpgp_compressed_packet) (is_file_compressed): Moved to ... * common/iobuf.c: ... in this file. (is_file_compressed): Change the argument to INP, the iobuf. * common/util.h (is_file_compressed): Remove. * common/iobuf.h (is_file_compressed): Add. * g10/cipher-aead.c (write_header): Don't call write_status_printf here. (cipher_filter_aead): Call write_status_printf when called with IOBUFCTRL_INIT. * g10/cipher-cfb.c (write_header): Don't call write_status_printf here. (cipher_filter_cfb): Call write_status_printf when called with IOBUFCTRL_INIT. * g10/encrypt.c (encrypt_simple): Use new is_file_compressed function, after call of iobuf_push_filter. (encrypt_crypt): Likewise. * g10/sign.c (sign_file): Likewise. -- Cherry-pick from master commit of: 2f872fa68c6576724b9dabee9fb0844266f55d0d GnuPG-bug-id: 6481 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd:p15: Basic support for Starcos 3.2.Werner Koch2023-11-161-32/+51
| | | | | | | | | | | | | | | | | | * scd/app-p15.c (CARD_TYPE_STARCOS_32): New. (card_atr_list): Add ATR for my sample card. (cardtype2str): Add starcos string. (select_ef_by_path): Factor all code out to ... (select_by_path): this. Add arg to request a directory. Simplify the case pathlen>1 case. Fix error printing. (select_df_by_path): New. (prepare_verify_pin): For starcos select a DF. (app_select_p15): Don't use extended mode for starcos. -- This allows reading the certificates from my sample cards. Signing does not yet work; I need to do get some I/O traces using other software. The basic support for AET cards shut still work but I have not found my AET card.
* scd: Minor debug output tweakWerner Koch2023-11-162-2/+4
| | | | | * scd/apdu.c (send_le): Do not dump "[all zero]" if tehre is no data. * scd/iso7816.c (iso7816_select_mf): Cosmetic fix.
* gpg,gpgsm: Hide password in debug output also for asked passwords.Werner Koch2023-11-142-1/+10
| | | | | | | | | | | | | * g10/call-agent.c (agent_get_passphrase): Call assuan_begin_confidential and assuan_end_confidential. * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto. -- GnuPG-bug-id: 6654 The drawback of this solution is that we don't see any IPC lines from the assuan_transact. Everything else would require larger changes to libassuan.
* gpgsm: Re-introduce the bad passphrase hint for pkcs#12.Werner Koch2023-11-141-0/+2
| | | | | | * sm/minip12.c (parse_bag_encrypted_data): Set the badpass flag. (parse_shrouded_key_bag): Ditto. --
* gpg,sm: Set confidential in assuan communication for password.NIIBE Yutaka2023-11-092-0/+4
| | | | | | | | | | | | | | * g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential and assuan_end_confidential. * sm/call-agent.c (default_inq_cb): Likewise. -- Cherry pick from master commit of: ec1446f9446506b5fbdf90cdeb9cbe1f410a657e GnuPG-bug-id: 6654 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpgsm: Support ECDSA in de-vs mode.Werner Koch2023-11-086-5/+19
| | | | | | | | | | | * common/compliance.h (PK_ALGO_FLAG_ECC18): New. * common/compliance.c (gnupg_pk_is_allowed): Implement. * sm/decrypt.c (gpgsm_decrypt): Pass new flag. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6802
* common: Declare two LibrePGP constants for future useWerner Koch2023-11-082-1/+4
| | | | | * common/openpgpdefs.h (SIGSUBPKT_META_HASH): New. (SIGSUBPKT_TRUST_ALIAS): New.
* gpgsm: Cleanup of legacy variable name use.Werner Koch2023-11-082-117/+89
| | | | | | | | | | * sm/encrypt.c (gpgsm_encrypt): Unify use of RC and ERR. * sm/sign.c (gpgsm_sign): ditto. -- Initially we didn't used the gpg_error_t thingy and while migrating we sometimes used RC and ERR for tracking the error. This is pretty error prone and thus we better remove it (after 20 years).
* gpg,tools: Handle GPG_ERR_PIN_BLOCKED and GPG_ERR_NO_RESET_CODE.NIIBE Yutaka2023-11-082-0/+12
| | | | | | | | | | | | | * g10/card-util.c (write_sc_op_status): Emit 3 and 4 in status line. * tools/card-call-scd.c (status_sc_op_failure): Likewise. -- Cherry-pick from master commit of: 64f5f7b74e428b15205f6e8ae14dec84663c3076 GnuPG-bug-id: 6425 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools:gpg-card: Fix an error code for Reset Code.NIIBE Yutaka2023-11-081-1/+1
| | | | | | | | | | | | * tools/gpg-card.c (cmd_unblock): Use GPG_ERR_NO_RESET_CODE. -- Cherry-pick from master commit of: 65607fb81def5fc55320a1abfbb8ebdad9512011 GnuPG-bug-id: 6425 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd: Return GPG_ERR_PIN_BLOCKED when it's blocked.NIIBE Yutaka2023-11-081-2/+2
| | | | | | | | | | | | | | * scd/app-openpgp.c (build_enter_admin_pin_prompt): Fix to use GPG_ERR_PIN_BLOCKED. (check_pin): Likewise. -- Cherry-pick from master commit: e6b3d53db36dba8aef640fc0a99cc079551a965a GnuPG-bug-id: 6425 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* w32: Use utf8 for the asctimestamp function.Werner Koch2023-10-272-1/+3
| | | | | | | | * common/gettime.c (asctimestamp) [W32]: Use ".UTF8" for the locale. -- This has been suggested by the reporter of GnuPG-bug-id: 6741
* gpg: Fix minor memory leak during certain smartcard operations.Werner Koch2023-10-271-2/+11
| | | | * g10/keygen.c (card_store_key_with_backup): Fix memory leak on error.
* gpg: Allow expiration time after 2038-01-19 on 32 bit Windows.Werner Koch2023-10-261-5/+16
| | | | | | | | * g10/keygen.c (parse_expire_string_with_ct): Use isotime2epoch_u64. (parse_creation_string): Ditto. -- GnuPG-bug-id: 6736
* common: New functions timegm_u64, isotime2epoch_u64.Werner Koch2023-10-264-154/+176
| | | | | | | | | | | | | | | | | | | * common/mischelp.c (timegm): Move to ... * common/gettime.c (timegm): here. On Windows use timegm_u32. (timegm_u32): New. (isotime2epoch): Factor code out to ... (isotime_make_tm): new helper. (isotime2epoch_u64): New. (_win32_timegm): Remove duplicated code. (parse_timestamp): Use of timegm. (scan_isodatestr): Fallback to isotime2epoch_u64. -- This mainly helps on 32 bit Windows. For Unix we assume everyone is using 64 bit or shall wait until the libc hackers finally provide a time64_t. GnuPG-bug-id: 6736
* sm: Flag Brainpool curves as compliant for all other operations.Werner Koch2023-10-248-25/+27
| | | | | | | | | | | | | | * sm/fingerprint.c (gpgsm_get_key_algo_info2): Rename to (gpgsm_get_key_algo_info): this. Remove the old wrapper. Adjust all callers. * sm/decrypt.c (gpgsm_decrypt): Pass the curve to the compliance checker. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6253
* sm: Flag Brainpool curves as compliant.Werner Koch2023-10-241-3/+3
| | | | | | | | * sm/keylist.c (print_compliance_flags): Add arg curve. (list_cert_colon): Pass curve to the compliance check. -- GnuPG-bug-id: 6253
* common: Provide API to parse BER/TLV encodings.Werner Koch2023-10-244-795/+922
| | | | | | | | | * sm/minip12.c: Factor parsing code out to ... * common/tlv-parser.c: new. Extend function names and provide a few extra functions. * common/Makefile.am (common_sources): Add new file. * sm/minip12.c: Adjust to use the new parser API.
* sm: Another partly rewrite of minip12.cWerner Koch2023-10-243-182/+325
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize. Remove pop_count. Rename offset to length. (dump_tag_info, _dump_tag_info): Rewrite. (dump_tlv_ctx, _dump_tlv_ctx): Rewrite. (tlv_new): Init origbuffer. (_tlv_peek): Add arg ti. (tlv_peek): New. (tlv_peek_null): New. (_tlv_push): Rewrite. (_tlv_pop): Rewrite. (tlv_next): New macro. Move old code to ... (_tlv_next): this. Add arg lno. Pop remaining end tags. (tlv_popped): Remove. (tlv_expect_object): Handle ndef. (tlv_expect_octet_string): Ditto. (parse_bag_encrypted_data): Use nesting level to control the inner loop. (parse_shrouded_key_bag): Likewise. (parse_bag_data): Handle surplus octet strings. (p12_parse): Ditto. * sm/minip12.c (decrypt_block): Strip the padding. (tlv_expect_top_sequence): Remove. Replace callers by tlv_expect_sequence. * tests/cms/samplekeys/t6752-ov-user-ff.p12: New sample key. * tests/cms/samplekeys/Description-p12: Add its description -- This patch improves the BER parser by simplifying it. Now tlv_next pops off and thus closes all containers regardless on whether they are length bounded or ndef. tlv_set_pending is now always used to undo the effect of a tlv_next in a loop condition which was terminated by a nesting level change. Instead of using the length as seen in the decrypted container we now remove the padding and let the BER parser do its work. This might have a negative effect on pkcs#12 objects which are not correctly padded but we don't have any example of such broken objects. GnuPG-bug-id: 6752
* doc: Minor typo fixes.Werner Koch2023-10-181-1/+3
| | | | --
* build: Extend autobuild diagnostics by the usernameWerner Koch2023-10-161-0/+3
| | | | | | | | | * m4/autobuild.m4 (AB_INIT): Add username. -- The old autobuild diagnostics show up in build logs. What they are missing is an information on the user who triggered a build. EMAIL is a common thing to denote the actual user using a service account.
* gpg: Allow to specify seconds since Epoch beyond 2038.Werner Koch2023-10-141-3/+10
| | | | | | | | | | | * g10/keygen.c (parse_expire_string_with_ct): Use new function scan_secondsstr. (parse_creation_string): Ditto. -- Noet that we cap the seconds at the year 2106. GnuPG-bug-id: 6736
* common: New function scan_secondsstr.Werner Koch2023-10-144-2/+76
| | | | | | | * common/gettime.c (scan_secondsstr): New. * common/t-gettime.c (test_scan_secondsstr): (main): Call it.
* gpgsm: Improvements for NDEF in the pkcs#12 parserWerner Koch2023-10-101-10/+23
| | | | | | | | | | | | | * sm/minip12.c (_tlv_push): Handle NDEF more correctly. (tlv_expect_octet_string): Do not bail out on NDEF. (dump_tag_info): Print some more infos. -- We do not have a complete test case for this. We need to further analyze T6752 to see what Mozilla is doing here. In any case with this patch we get a bit further and don't bail out at the ndef. GnuPG-bug-id: 6536, 6752
* scd:openpgp: Return better error codes for the Reset Code.Werner Koch2023-10-066-9/+20
| | | | | | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where appropriate. * common/util.h: Add error codes missing in gpgrt 1.46. * agent/call-pinentry.c (unlock_pinentry): Handle GPG_ERR_BAD_RESET_CODE. (agent_askpin): Ditlo. Also simply condition. (agent_get_passphrase): Ditto. * g10/call-agent.c (status_sc_op_failure): Handle GPG_ERR_BAD_RESET_CODE. * g10/card-util.c (write_sc_op_status): Ditto. * tools/card-call-scd.c (status_sc_op_failure): Ditto.
* sm: Support more HMAC algos in the pkcs#12 parser.Werner Koch2023-10-065-15/+135
| | | | | | | | | | | | | | | | | | | | | | | | * sm/minip12.c (oid_hmacWithSHA1): New. Also for the SHA-2 algos. (digest_algo_from_oid): New. (set_key_iv_pbes2): Add arg digest_algo. (crypt_block): Ditto. (decrypt_block): Ditto. (parse_bag_encrypted_data): Parse the optional prf part and get the hmac algorithm. (parse_shrouded_key_bag): Ditto. (p12_build): Pass SHA1 for digest_algo. * sm/t-minip12.c (run_one_test): Print failed values in verbose mode. * tests/cms/samplekeys/nistp256-openssl-self-signed.p12: New. * tests/cms/samplekeys/Description-p12: Add this one. * tests/cms/Makefile.am (EXTRA_DIST): Ditto. -- This supports the modern algorithms, i.e. using SHA256 for the KDF which is the default in openssl unless the -legacy option is used. GnuPG-bug-id: 6536
* tests:tpm2dtests: Modify tests with SWTPM and relax the condition.NIIBE Yutaka2023-10-063-32/+29
| | | | | | | | | | | | | | | | | * configure.ac (SWTPM_IOCTL): Remove. (TEST_LIBTSS): Fix the condition. * tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Remove SWTPM_IOCTL. * tests/tpm2dtests/start_sw_tpm.sh: Add --flags to invoke SWTPM, not requiring SWTPM_IOCTL and TSSSTARTUP any more. -- Cherry-picked from master commit of: 227b3b14f4be2f33ed721818c2186e7fca4cebdf GnuPG-bug-id: 6052 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests:tpm2dtests: Fix tests with SWTPM.NIIBE Yutaka2023-10-062-4/+7
| | | | | | | | | | | | | | * configure.ac (TEST_LIBTSS): Fix the condition with SWTPM. * tests/tpm2dtests/start_sw_tpm.sh: Use --daemon and --pid to run SWTPM. -- Cherry-picked from master commit of: 98dd6f7af6aa3dcce19f20c22e3f825676e6b184 GnuPG-bug-id: 6052 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* build: Simplify detecting a TPM emulator.NIIBE Yutaka2023-10-061-4/+4
| | | | | | | | | | | | | | | * configure.ac (TPMSERVER): Don't supply hard-coded path. (SWTPM, SWTPM_IOCTL, TSSSTARTUP): Likewise. -- Cherry-picked from master commit of: f2ca727978da5b1ed84f97bf37d604e8a4e60091 Having hard-coded path has bad side effect; It may not be detected even if it's available with PATH. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools: Add TPM2DAEMON_SOCK_NAME for --remove-socketdir.NIIBE Yutaka2023-10-061-3/+7
| | | | | | | | | | | * tools/gpgconf.c (main): Care about tpm2d. Emit correct ERR. -- Cherry-picked from master commit of: 25c84ffd1078e6619761aa731a82dbaf4175c02e Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests:tpm2dtests: Fix tests with TPM2D.NIIBE Yutaka2023-10-063-11/+16
| | | | | | | | | | | | | | * tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Fix. * tests/tpm2dtests/all-tests.scm: Follow the change of gpgscm. * tests/tpm2dtests/run-tests.scm: Likewise. -- Cherry-picked from master commit of: 321f9c0a3f2873cb3007e2bc2a542bbd0b2cc974 GnuPG-bug-id: 6052 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tpm2d: Check SWTPM environment variable for swtpm support.NIIBE Yutaka2023-10-061-3/+9
| | | | | | | | | | | * tpm2d/intel-tss.h (TSS_Create): Check SWTPM. -- Cherry-picked from master commit of: 1da40db03eba4aa056f7cdf8ef90292272a4147d Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
* agent: fix tpm2d keytotpm handlingNIIBE Yutaka2023-10-061-5/+28
| | | | | | | | | | | | | | * agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call agent_delete_key before agent_write_private_key. Recover from an error. -- Cherry-picked from master commit of: eda3997b439e415f1bebaa3be20c8bdb43d3a1d0 Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202 Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 05:46:57 +0100