summaryrefslogtreecommitdiffstats
path: root/sm (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg,common,scd,sm: Function prototype fixes for modern compiler.NIIBE Yutaka2022-09-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | * common/gettime.c (gnupg_get_time): It has no arguments. * common/signal.c (gnupg_block_all_signals): Likewise. (gnupg_unblock_all_signals): Likewise. * common/utf8conv.c (get_native_charset): Likewise. * g10/cpr.c (is_status_enabled, cpr_enabled): Likewise. * g10/getkey.c (getkey_disable_caches): Likewise. * g10/keygen.c (ask_expiredate): Likewise. * g10/passphrase.c (have_static_passphrase): Likewise. (get_last_passphrase): Likewise. * g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise. (tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise. (tdbio_read_nextcheck): Likewise. * g10/trustdb.c (how_to_fix_the_trustdb): Likewise. * scd/scdaemon.c (scd_get_socket_name): Likewise. * sm/passphrase.c (have_static_passphrase): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm: Fix reporting of bad passphrase errorIngo Klöcker2022-09-091-1/+4
| | | | | | | | * sm/minip12.c (p12_parse): Set badpass flag to result in ctx. -- Fixes-commit: a4e04375e84ecb7ea0d02e153cb27988fca4c2d0 GnuPG-bug-id: 5713, 6037
* common: New common option no-autostart.Werner Koch2022-08-221-0/+3
| | | | | | | | | | | | | | | | | | | | * common/comopt.c (opts): Add "no-autostart". (parse_comopt): Set it. * common/comopt.h (comopt): Add no_autostart. * g10/gpg.c (main): Take care of the new option. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add. (main): Parse common options and handle new option. * tools/gpg-card.c (main): Ditto. (cmd_yubikey): Fix minor error reporting issue. * common/util.h (GNUPG_MODULE_NAME_CARD): New const. * common/homedir.c (gnupg_module_name): Support it. -- Having a global option makes it easier to use disable autostart on a server which is required to use a remote gpg-agent reliable.
* sm: Improve pkcs#12 debug output.Werner Koch2022-06-201-7/+9
| | | | | | | * sm/minip12.c (parse_shrouded_key_bag): Fix offset diagnostic. (parse_cert_bag): Ditto. (parse_bag_data): Remove debug output. Pass startoffset. Fix offset diagnostic.
* sm: Rework the PKCS#12 parser to support DFN issued keys.Werner Koch2022-06-201-177/+341
| | | | | | | | | | | | | | | | | | | * sm/minip12.c (struct p12_parse_ctx_s): New. Use this instead of passing several parameters to most functions. (parse_pag_data): Factor things out to ... parse_shrouded_key_bag): new. (parse_cert_bag): New. (parse_bag_data): New. (p12_parse): Setup the parse context. -- To support newer pkcs#12 files like those issued by the DFN we need to support another ordering of data elements. This rework reflects the P12 data structure a bit better than our old ad-hoc hacks. Tests could only be done with the certificate parts and not the encrypted private keys. GnuPG-bug-id: 6037
* gpgsm: New option --compatibility-flags.Werner Koch2022-06-134-9/+68
| | | | | | | | | | * sm/gpgsm.c (oCompatibilityFlags): New option. (compatibility_flags): new. (main): Parse and print them in verbose mode. * sm/gpgsm.h (opt): Add field compat_glags.: (COMPAT_ALLOW_KA_TO_ENCR): New. * sm/keylist.c (print_capabilities): Take care of the new flag. * sm/certlist.c (cert_usage_p): Ditto.
* Remove remaining support for WindowsCEWerner Koch2022-06-031-14/+1
| | | | --
* sm: Use gpg_err_code() instead of -1Todd Zullinger2022-04-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | * sm/verify.c (gpgsm_verify): use gpg_err_code instead of 'rc == -1' comparison. -- In ed6ebb696e (sm: Implement initial support for keyboxd., 2020-09-10), the return of keydb_search() was changed to use gpg_err_code(). Adjust gpgsm_verify() to use it. This provides a nicer error message to users when a certificate is not found -- the same error that is seen from 2.2. Prior to this change, when a cert was not found, gpgsm output: gpgsm: failed to find the certificate: Not found as opposed to the more human-readable message from 2.2: gpgsm: certificate not found They now return the same message. Signed-off-by: Todd Zullinger <tmz@pobox.com>
* w32: Do no use Registry item DefaultLogFile for the main tools.Werner Koch2022-04-201-1/+1
| | | | | | | | | | | | | | | | * g10/gpg.c (main): Set LOG_NO_REGISTRY. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpgconf.c (main): Ditto. (show_other_registry_entries): Print "DefaultLogFile". -- The intention of this mostly forgotten registry entry was to allow for easy debugging of the tools. However, with the global config file common.conf things are anyway better. We disable the use for the commonly used tools so that it does not look like calling gpg on the command line seems to block with no output if the log server (e.g. tcp://1.2.3.4:11111) is not reachable.
* sm: Print diagnostic about CRL problems due to Tor mode.Werner Koch2022-04-113-0/+79
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlfetch.c (crl_fetch, crl_fetch_default) (ca_cert_fetch, start_cert_fetch): Factor Tor error out to ... (no_crl_due_to_tor): new. Print status note. * dirmngr/ks-engine-ldap.c (ks_ldap_get) (ks_ldap_search, ks_ldap_put): Factor Tor error out to ... (no_ldap_due_to_tor): new. Print status note. * dirmngr/ocsp.c (do_ocsp_request): Print status note. * sm/misc.c (gpgsm_print_further_info): New. * sm/call-dirmngr.c (warning_and_note_printer): New. (isvalid_status_cb): Call it. (lookup_status_cb): Ditto. (run_command_status_cb): Ditto. * common/asshelp2.c (vprint_assuan_status): Strip a possible trailing LF. --
* doc: Typo fix in commentWerner Koch2022-04-081-1/+1
| | | | --
* sm: Fix parsing encrypted data.NIIBE Yutaka2022-03-091-1/+14
| | | | | | | | | | | * sm/minip12.c (cram_octet_string): Finish when N==0. (parse_bag_encrypted_data): Support constructed data with multiple octet strings. -- GnuPG-bug-id: 5793 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpgsm: New option --require-complianceWerner Koch2022-03-085-3/+35
| | | | | | | | | | | | * sm/gpgsm.c (oRequireCompliance): New. (opts): Add --require-compliance. (main): Set option. * sm/gpgsm.h (opt): Add field require_compliance. (gpgsm_errors_seen): Declare. * sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. --
* agent: New flag "qual" for the trustlist.txt.Werner Koch2022-02-273-3/+10
| | | | | | | | | | * agent/trustlist.c (struct trustitem_s): Add flag "qual". (read_one_trustfile): Rename arg "allow_include" to "systrust" and change callers. Parse new flag "qual". (istrusted_internal): Print all flags. * sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag. * sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified". * sm/certchain.c (do_validate_chain): Take care of the qualified flag.
* sm: Fix use of value NONE in gnupg_isotime_t type.NIIBE Yutaka2022-02-185-7/+13
| | | | | | | | | | | | | | * common/gettime.h (GNUPG_ISOTIME_NONE): New. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it. * sm/certlist.c (gpgsm_add_to_certlist): Likewise. * sm/import.c (check_and_store): Likewise. * sm/keylist.c (list_cert_colon, list_cert_raw): Likewise. (list_cert_std): Likewise. * sm/sign.c (gpgsm_sign): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm: New option --ignore-cert-with-oid.Werner Koch2022-02-033-0/+44
| | | | | | | * sm/gpgsm.c (oIgnoreCertWithOID): New. (opts): Add option. (main): Store its value. * sm/call-agent.c (learn_cb): Test against that list.
* sm: Partly revert last commit.Werner Koch2022-02-011-6/+0
| | | | | | | | | * sm/gpgsm.c (set_debug): Remove doubled code. -- It was already there; sorry. Fixes-commit: 51edea995d352a7b557fb0315fa5091dc42065cb
* gpg,sm: Set --verbose and clear --quiet in debug mode.Werner Koch2022-02-011-0/+6
| | | | | * g10/gpg.c (set_debug): Tweak options. * sm/gpgsm.c (set_debug): Ditto.
* gpgsm: Retire the new --ldapserver.Werner Koch2022-01-271-1/+6
| | | | | | | | | | | * sm/gpgsm.c (oKeyServer_deprecated): New. (opts): Assign "ldapserver" to the new option and mark it as obsolete. -- We want to use "ldapserver" in dirmngr but need to keep using "keyserver" in gpgsm for existant versions of Kleopatra etc. GnuPG-bug-id: 5801
* gpgconf: Return --ldapserver and --keyserver from dirmngr.Werner Koch2022-01-251-2/+1
| | | | | | | | | | | * dirmngr/dirmngr.c: Reorder two option groups. * tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to "ldapserver" and set level to invisible. (known_options_dirmngr): Add "ldapserver" at the basic level. * sm/gpgsm.c (opts): No more help text for "ldapserver". -- GnuPG-bug-id: 5800
* gpg,gpgsm: Add option --min-rsa-length.Werner Koch2021-11-182-1/+7
| | | | | | | | | | | | | | | * common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
* sm: Detect circular chains in --list-chain.Werner Koch2021-11-151-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/keylist.c (list_cert_chain): Break loop for a too long chain. -- This avoids endless loops in case of circular chain definitions. We use such a limit at other palces as well. Example for such a chain is # ------------------------ >8 ------------------------ ID: 0xBE231B05 S/N: 51260A931CE27F9CC3A55F79E072AE82 (dec): 107864989418777835411218143713715990146 Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53 sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05 md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6 pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678 certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82 keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9 notBefore: 2005-06-07 08:09:10 notAfter: 2019-06-24 19:06:30 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A authKeyId: [none] authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F [...] Certified by ID: 0xCE2E4C63 S/N: 46EAF096054CC5E3FA65EA6E9F42C664 (dec): 94265836834010752231943569188608722532 Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73 sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63 md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27 pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840 certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664 keygrip: 10678FB5A458D99B7692851E49849F507688B847 notBefore: 2005-06-07 08:09:10 notAfter: 2020-05-30 10:48:38 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F authKeyId: [none] authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A keyUsage: certSign crlSign [...] Which has a circular dependency on subKeyId/authkeyId.ki.
* sm: Add LotW support to the key listingWerner Koch2021-09-092-1/+9
| | | | | | | | | | * sm/certdump.c (parse_dn_part): Translate OID to "Callsign" * sm/keylist.c (oidtranstbl): Some more OIDs. -- This is Ham thingy to make it easier to read LotW certificates. Signed-off-by: Werner Koch <wk@gnupg.org>
* build: Fix "ksba.h not found" problemIngo Klöcker2021-09-081-1/+1
| | | | | | | * sm/Makefile.am (t_minip12_CFLAGS): Add KSBA_CFLAGS. -- GnuPG-bug-id: 5592
* sm: Fix pwri.NIIBE Yutaka2021-08-051-3/+3
| | | | | | | | | | * sm/decrypt.c (pwri_parse_pbkdf2): Use int for digest algo. (pwri_decrypt): Use int for cipher algo and digest algo. -- Fixes-commit: 02029f9eab87e9fd667829dfb083846275576398 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm,w32: Fix Unicode problem on key box creation.Werner Koch2021-07-291-1/+1
| | | | * sm/keydb.c (maybe_create_keybox): Replace access by gnupg_access
* sm: New option --ldapserver as an alias for --keyserver.Werner Koch2021-06-161-1/+2
| | | | | | | | | | | | | * sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an alias. -- We should use "keyserver" for OpenPGP and thus it is better to allow for "ldapserver" here - it is the same convention as now used in dirmngr. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093)
* gpg,sm: Simplify keyserver spec parsing.Werner Koch2021-06-163-164/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | * common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <wk@gnupg.org> Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
* sm: Fix finding of issuer in use-keyboxd mode.Werner Koch2021-06-113-37/+62
| | | | | | | | | | | | | * sm/keydb.c (struct keydb_local_s): Add field saved_search_result. (keydb_push_found_state): Implement for keyboxd. (keydb_pop_found_state): Ditto. (keydb_get_cert): Do not release the cert so that the function can be used again to get the same cert. This is the same behaviour as in pubring.kbx mode. * sm/certchain.c, sm/import.c: Improve some error messages. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support AES-GCM decryption.Werner Koch2021-06-022-7/+84
| | | | | | | | | | | | * tests/cms/samplemsgs/: Add sample messages. * sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error. * sm/decrypt.c (decrypt_gcm_filter): New. (gpgsm_decrypt): Use this filter if requested. Check authtag. -- Note that the sample message pwri-sample.gcm.p7m is broken: The authtag is duplicated to the authEncryptedContentInfo. I used a temporary code during testing hack to that test message out.
* sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.Werner Koch2021-05-201-7/+45
| | | | | | | | | | * sm/keylist.c (list_cert_raw): Print the OpenPGP fpr. -- This is useful for debugging for example if an OpenPGP key is used to create an X.509 cert. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Avoid memory leaks and double double-freeJakub Jelen2021-05-204-7/+26
| | | | | | | | | | | | | * sm/certcheck.c (extract_pss_params): Avoid double free * sm/decrypt.c (gpgsm_decrypt): goto leave instead of return * sm/encrypt.c (encrypt_dek): release s_pkey * sm/server.c (cmd_export): free list (do_listkeys): free lists -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> GnuPG-bug-id: 5393
* gpg: Use a more descriptive prompt for symmetric decryption.Werner Koch2021-05-171-1/+1
| | | | | | | | | | | | | | | | | | | | | * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New. (passphrase_to_dek_ext): Remove this obsolete prototype. * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag value. (passphrase_to_dek): Add arg flags and pass it on. * g10/mainproc.c (proc_symkey_enc): Use new flag. * sm/decrypt.c (pwri_decrypt): Use "passphrase". -- Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b) Note that we keep on using the term "passphrase" although "password" would be better. There are however so many occurance of this and given it is a bike shedding topic we fix that in the PO files. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Ask for the password for password based decryption (pwri)Werner Koch2021-05-173-6/+25
| | | | | | | | | | | | | | | * sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase. * sm/export.c (export_p12): Mark string as translatable. * sm/import.c (parse_p12): Ditto. -- This is finishes the support for PWRI. The N_() marks are added so that we don't rely of the side-effect of having the same strings in protect-tool.c Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support decryption of password based encryption (pwri)Werner Koch2021-05-141-25/+415
| | | | | | | | | | | | | | | * sm/decrypt.c (pwri_parse_pbkdf2): New. (pwri_decrypt): New. (prepare_decryption): Support pwri. (gpgsm_decrypt): Test for PWRI. Move IS_DE_VS flag to DFPARM. -- Note that this is not finished because we need to implement a password callback. For now "abc" is used as passwort. Latest libksba is also required to return the required info. Signed-off-by: Werner Koch <wk@gnupg.org>
* keyboxd: Fix searching for exact mail addresses.Werner Koch2021-04-211-1/+2
| | | | | | | | | | | | | | | | | | | * kbx/kbxserver.c (cmd_search): Use the openpgp hack for calling classify_user_id. * kbx/backend-sqlite.c (run_select_statement): Remove angle brackets in exact addrspec mode. * g10/call-keyboxd.c (keydb_search): Do not duplicate the left angle bracket. * sm/keydb.c (keydb_search): Ditto. -- Note that the openpgp hack flag of classify_user_id is actually a misnomer because we actually hack a round a problem in gpgsm. And it is only over there that we don't set it there. In keyboxd the flag should be set. And we need to remove the angle brackets of course because that is how we create the addrspec column values. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,sm: Ignore the log-file option from common.conf.Werner Koch2021-04-211-8/+1
| | | | | | | | | | | * g10/gpg.c (main): Don't use the default log file from common.conf. * sm/gpgsm.c (main): Ditto. -- That was acutally not intended and contradicts the description in doc/example/common.conf. Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: New command --show-certsWerner Koch2021-04-203-0/+109
| | | | | | | | | | | | | | | * sm/keylist.c (do_show_certs): New. (gpgsm_show_certs): New. * sm/gpgsm.c (aShowCerts): New. (opts): Add --show-certs. (main): Call gpgsm_show_certs. -- I have been using libksba test programs for countless times to look at certificates and I always wanted to add such a feature to gpgsm. This is simply much more convenient. Signed-off-by: Werner Koch <wk@gnupg.org>
* build: Fix build problems on macOS for gpgsm tests and gpg-card.Werner Koch2021-04-191-1/+1
| | | | | | | | | * tools/gpg-card.c: Include ctype.h. * sm/Makefile.am (t_common_ldadd): Add LIBICONV. -- GnuPG-bug-id: 5400 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,gpgsm: Move use-keyboxd to the new conf file common.confWerner Koch2021-04-191-2/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/comopt.c, common/comopt.h: New. * common/Makefile.am: Add them. * g10/gpg.c: Include comopt.h. (main): Also parse common.conf. * sm/gpgsm.c: Include comopt.h. (main): Set a flag for the --no-logfile option. Parse common.conf. * tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add pseudo option "use_keyboxd". (known_pseudo_options_gpg): Add pseudo option "use_keyboxd". (known_options_gpgsm): Remove "use-keyboxd". * tests/openpgp/defs.scm (create-gpghome): Create common.conf. * doc/examples/common.conf: New. -- Note that --use-keybox still works but prints a warning. We will eventually remove this option becuase it was marked as an experimental feature anyway. It would be too confusing if gpg and gpgsm use different key storages. Further, other components (e.g. dirmngr or gpg-wks-client) which call gpg or gpgsm need to be aware that the keyboxd is used and pass that option on the command line. Now that common.conf is always read (even if --no-options is used) those tools will work instantly.
* sm: Add a few more OIDs to the table for nicer keylistingsWerner Koch2021-03-241-0/+4
| | | | --
* sm: Init nPth which might be used by some helper code.Werner Koch2021-03-081-2/+11
| | | | | | | | | | | | | | * sm/gpgsm.c: Include npth.h. (main): Init nPth. -- Actually we currently do not use extra threads but we need to link to the npth version of the common functions because there is an option to use threads. Now, without initialized npth, we could experience a crash in gnupg_sleep, which uses npth_usleep in the npth based common functions. Fixes-commit: 046f419f806036248c058c4bd44368f8596287b7
* sm: Do not print certain issuer not found diags in quiet mode.Werner Koch2021-02-252-21/+28
| | | | | | | | | * sm/certchain.c (find_up_dirmngr): Print one diagnostic only in verbose mode. Do not print issuer not found diags in quiet mode. * sm/minip12.c (parse_bag_data): Add missing verbose condition. -- GnuPG-bug-id: 4757
* sm: Fix issuer certificate look error due to legacy error code.Werner Koch2021-02-251-65/+69
| | | | | | | | | | | * sm/certchain.c (find_up): Get rid of the legacy return code -1 and chnage var name rc to err. (gpgsm_walk_cert_chain): Change var name rc to err. (do_validate_chain): Get rid of the legacy return code -1. -- This was detected while fixing GnuPG-bug-id: 4757
* sm: Silence some output on --quietWerner Koch2021-02-245-7/+29
| | | | | | | | | | | | * sm/encrypt.c (gpgsm_encrypt): Take care of --quiet. * sm/gpgsm.c: Include minip12.h. (set_debug): Call p12_set_verbosity. * sm/import.c (parse_p12): Dump keygrip only in debug mode. * sm/minip12.c (opt_verbose, p12_set_verbosity): New. (parse_bag_encrypted_data): Print info messages only in verbose mode. -- GnuPG-bug-id: 4757
* sm: Extend the list of known OIDs.Werner Koch2021-02-221-4/+16
| | | | | * sm/keylist.c (oidtranstbl): Add a couple of OIDs and mark them for key usage.
* Require GpgRT version 1.41.Werner Koch2021-02-101-5/+0
| | | | | | | | | | | | | | * configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION and set to 1.41. * common/sysutils.c (gnupg_access): Remove code for older gpgrt versions. * kbx/backend-sqlite.c: Ditto. * sm/gpgsm.c (main): Ditto. -- We already have a requirement for a newer Libgcrypt and thus we can also require a more recent libgpgrt (aka libgpg-error) which was released before Libgcrypt.
* sm: Add a few OIDs and merge OID tables.Werner Koch2021-02-011-52/+44
| | | | | | | | | | * sm/keylist.c (OID_FLAG_KP): New. (key_purpose_map): Merge into ... (oidtranstbl): this. (get_oid_desc): New arg 'matchflag'. Use function in place of direct access to key_purpose_map. Signed-off-by: Werner Koch <wk@gnupg.org>
* Include the library version in the compliance checks.Werner Koch2021-01-283-2/+3
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_gcrypt_is_compliant): New. (gnupg_rng_is_compliant): Also check library version. * g10/mainproc.c (proc_encrypted): Use new function. (check_sig_and_print): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/verify.c (gpgsm_verify): Ditto -- This will eventually allow us to declare Libgcrypt 1.9 to be de-vs compliant. GnuPG can use this information then for its own checks. As of now GnuPG tests the version of the used library but that is a bit cumbersome to maintain. Signed-off-by: Werner Koch <wk@gnupg.org>
* Require Libgcrypt 1.9Werner Koch2021-01-191-11/+0
| | | | | | | | | | | * configure.ac: Require at least Libgcrypt 1.9.0. Remove all GCRYPT_VERSION_NUMBER dependent code. -- Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in RFC4880bis. Signed-off-by: Werner Koch <wk@gnupg.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 16:05:03 +0100