| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* common/name-value.c (nvc_first): Allow for NULL arg.
(nvc_lookup): Allow for PK being NULL.
--
GnuPG-bug-id: 6176
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs:
* dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* dirmngr/certcache.c (put_cert): Handle the option.
|
| |
|
|
|
|
|
| |
--
Actually we once had them but they got lost at some point. The German
translation is also up-to-date now.
|
| |
|
|
|
|
|
|
| |
* common/gettime.c (w32_strftime) [W32]: New function.
(strftime) [W32]: New refinition macro.
--
GnuPG-bug-id: 5073
|
| |
|
|
|
|
|
|
| |
* g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG. Print
compliance failure error and status for CO_DE_VS.
* g10/mainproc.c (proc_encrypted): Call compliance_failure in the
require-compliance error case.
* g10/encrypt.c (check_encryption_compliance): Ditto.
|
| |
|
|
|
|
|
|
|
|
| |
* scd/ccid-driver.c (ccid_open_usb_reader): Name the thread.
(ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap
blocking operations by npth_unprotect/npth_protect.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/certcache.c (put_cert): When PERMANENT, reject the
certificate which is obviously invalid.
--
With this change, invalid certificates from system won't be registered
into cache. Then, an intermediate certificate which is issued by an
entity certified by such an invalid certificate will be also rejected
with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache,
it helps the validate_cert_chain function work better.
GnuPG-bug-id: 6142
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/iobuf.c (iobuf_copy): Use log_assert. Explicitly cast error
return value.
* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.
* g10/encrypt.c (encrypt_filter): Immediately set header_okay.
--
Fixes-commit: 8066f8a3470f9d2f3682a28641a7b09eca29a105
which caused the assertion failure on error.
The second fix avoids repeated error message about non-compliant keys.
GnuPG-bug-id: 6174
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code
out to ...
(create_dek_with_warnings): new
(check_encryption_compliance): and new.
* g10/encrypt.c (encrypt_filter): Add the compliance check.
--
GnuPG-bug-id: 6174
|
| |
|
|
| |
* g10/cipher.c (cipher_filter): Rename to cipher_file_cfb.
|
| |
|
|
|
| |
* g10/decrypt-data.c (decrypt_data): Show also the aead algo with
--show-session-key. Remove meanwhile superfluous NULL-ptr test.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/decrypt-data.c (decrypt_data): Disable estream buffering for
output file.
--
Here estream is filled with iobuf_copy which already uses large buffers
so additional buffering in estream was just adding memory copy overhead.
GnuPG-bug-id: T5828
Signed-off-by: Jussi Kivilinna <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.
* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--
Backported-from-master: f0b373cec93bb01f02b9c0a3ab1f3e242b381c3f
Backported-from-master: ce63eaa4f8f3f41aafcaddd8d658dacd522334a8
|
| |
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c: Add options.
--
Fixes-commit: 7a3a1ef3707194e1086c452d005319c519905d3e
GnuPG-bug-id: 6138
|
| |
|
|
|
|
|
| |
* agent/findkey.c (agent_write_private_key): Fix condition.
--
Fixes-commit: 755920d4335730fbf25e24342dc9c8a8a772dac3
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/card-util.c (get_info_for_key_operation): Get the APPTYPE before
testing for it.
* g10/card-util.c (current_card_status): Always try to update the
shadow keys.
* g10/call-agent.c (agent_scd_getattr): Handle $AUTHKEYID.
--
The first part fixed a regression introduced today.
GnuPG-bug-id: 5100
The second part is usually not required because our ssh-agent code
anyway looks for the OpenPGP.3 key. However, this helps to put the
Display S/N into the shadow key so that we get a better prompt to
insert the card.
|
| |
|
|
|
|
|
| |
* agent/command.c (cmd_readkey): Also allow for $AUTHKEYID in card
mode.
* g10/call-agent.c (agent_update_shadow_keys): new.
* g10/card-util.c (current_card_status): Call it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (agent_write_private_key): Factor file name
generation out to ...
(fname_from_keygrip): new.
(write_extended_private_key): Add and implement new arg MAYBE_UPDATE.
(agent_write_shadow_key): Ditto.
* agent/command.c (cmd_readkey): Update the shadow-key in card mode.
--
GnuPG-bug-id 6135
|
| |
|
|
| |
* g10/card-util.c (current_card_status): Use ascii_strcasecmp.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/card-util.c (get_info_for_key_operation): Use ->apptype to
determine card's APP.
(current_card_status): Even if its SERIALNO is not like OpenPGP card,
it's OpenPGP card when app says so.
--
GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <[email protected]>
Backported-from-master: 157f1de64e437cecd75335e9f4077ba9835e3da0
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/name-value.c (nvc_write): Take care of Key. Factor some code
out to ...
(write_one_entry): new.
--
The key item is in general not manual editable thus we put it at the
end of a file.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit c9fa28bfad297b17e76341ffb40383ce92da5d44)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/divert-scd.c (linefeed_to_percent0A): New.
(ask_for_card): Add arg grip. Read Token and Label items and use
them.
(divert_pksign, divert_pkdecrypt): Pass down grip.
* agent/findkey.c (write_extended_private_key): Add args serialno,
keyref, and dispserialno. Writen Token item.
(agent_write_private_key): Add args serialno, keyref, and
dispserialno.
(read_key_file): Add arg r_keymeta.
(agent_keymeta_from_file): New.
(agent_write_shadow_key): Remove leading spaces from serialno and keyid.
* agent/protect-tool.c (agent_write_private_key): Ditto.
* agent/learncard.c (agent_handle_learn): Get DISPSERIALNO and pass to
agent_write_shadow_key.
* agent/command-ssh.c (card_key_available): Ditto.
--
GnuPG-bug-id: 6135
This patch backports some changes from master but also adds the
Display-S/N tracking.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/name-value.c (nve_set): New.
(nvc_set): Use nve_set.
(nvc_delete_named): New.
(nvc_get_string): New.
(nvc_get_boolean): New.
--
This function is required to allow updating a specific line. The
other new functions are backported from master
|
| |
|
|
|
|
|
| |
* g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE.
--
GnuPG-bug-id: 6122
|
| |
|
|
|
| |
* common/sysutils.c (gnupg_allow_set_foregound_window): Print warning
only with debug flag set.
|
| |
|
|
| |
* dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
|
| |
|
|
|
|
|
| |
* tools/gpgconf.c (show_registry_entries_from_file): New.
(show_configs): Call it.
* doc/examples/gpgconf.rnames: New.
* doc/Makefile.am (examples): Add it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.
* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
--
The original check was too strong because it is in fact compliant to
encrypt with a symmetric key and and public key. Thus decryption
should issue a compliance status.
In addition we now check that the cipher algorithms used to
symmetrically encrypt the session key are all compliant. This is
similar to our check for all public key encrypted session key packets.
GnuPG-bug-id: 6119
Fixes-commit: b03fab09e188f7bb10237d4f20455e4026737e4e
|
| |
|
|
|
|
|
|
|
| |
* common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a
string.
(read_w32_reg_string): Add arg r_hklm_fallback and change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key. Indicate whether the HKLM fallback was used.
|
| |
|
|
|
|
|
|
| |
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
algorithm.
--
GnuPG-bug-id: 6043
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here. Implement --no-user-trustlist. Also
repalce "allow_include" by "systrust" and adjust callers.
--
With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt. However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.
The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.
GnuPG-bug-id: 5990
Backported-from-master: 1530d04725d475bf29328eab40b42f72ff8aa06b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
(keyedit_quick_revuid): Use find_userid() instead of iterating over the
nodes of the keyblock.
* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
user ID specified by its hash.
--
This makes it possible to specify the user ID to revoke as UID hash when
calling --quick-revoke-uid.
GnuPG-bug-id: 5936
(cherry picked from commit 35b17550706c8b7479ae96654feb97c05263cfc9)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--
Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <[email protected]>
GnuPG-bug-id: 6098
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to
request URL.
--
Some keyservers, e.g. keyserver.ubuntu.com (Hockeypuck), do not
provide the key fingerprints by default. Therefore, we ask for the
fingerprints explicitly.
GnuPG-bug-id: 5741
(cherry picked from commit c7fa4c7f8bf375e3739ef8361f38b6b31113b8bf)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
--
This change makes it possible to add an existing (sub)key to
another key via the status/command interface.
GnuPG-bug-id: 5771
(cherry picked from commit 19b1a28621c614b81f596e363b1ce49dd9fae115)
|
| |
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.
--
Cherry-picked master commit of:
f34b9147eb3070bce80d53febaa564164cd6c977
GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
(change_keyattr): Follow the change.
(app_select_openpgp): Handle the error of parse_algorithm_attribute.
--
Backport master commit of:
53eddf9b9ea01210f71b851b5cb92a5f1cdb6f7d
This change allows following invocation of app_select_openpgp, which
may work well (if the problem is device side for initial connection).
GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_auth): Use command chaining if available.
--
Cherry-picked from master branch of:
e8fb8e2b3e66d5ea8a3dc90afdc14611abf2c3da
GnuPG-bug-id: 5935
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
| |
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
--
These changes are helpful for phone support.
|
