| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (print_key_flags): Print "RENC" if set.
(ask_key_flags_with_mask): Remove RENC from the possible set of
usages. Add a direct way to set it iff the key is encryption capable.
--
This could be done by using "set your own capabilities" for an RSA
key. In fact it was always set in this case.
GnuPG-bug-id: 7072
|
| |
|
|
|
|
|
|
|
| |
* tools/gpgconf.c (list_dirs): Change the config mode output.
(my_copy_file): Adjust output for org-mode style.
(show_configs_one_file): Ditto.
(show_other_registry_entries): Ditto.
(show_registry_entries_from_file): Ditto.
(show_configs): Ditto.
|
| |
|
|
| |
* m4/npth.m4: Update.
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
* tools/gpgconf.c (list_dirs): Rename arg from special to
show_config_mode. Add "S.Uiserver" test and test existsing files for
readability.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--
GnuPG-bug-id: 7042
Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
|
| |
|
|
|
|
|
|
|
|
| |
* tools/gpg-check-pattern.c (read_file): Check length before calling
fread.
--
The problem with an empty file is that es_fread is called to read one
element of length zero which seems to be undefined behaviour and
results in ENOENT on my test box.
|
| |
|
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (mirror_one_key): Test for no domain
specified.
--
The code did not really work if no domain was given. It worked but
filtered out all keys so that no key was actually exported.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/trustdb.c: Move some definitions around.
(user_utk_list): Rename to trusted_key_list. Change all users.
(any_trusted_key_seen): New.
(tdb_register_trusted_key): Set it here. Handle the new value "none".
(verify_own_keys): Do not delete a trusted key from the trustdb if a
trusted-key option was not used.
--
GnuPG-bug-id: 7025
|
| |
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_keyinfo): Only forbid list command.
--
GnuPG-bug-id: 7003
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
Authentication. Fix resource leak of FP_WRITE.
--
GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
causes resource leak of FP_WRITE.
Don't try to read response body to fix the hang.
--
GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
available regardless of USE_TLS.
(send_request): Remove USE_TLS.
--
Since quite some time building w/o TLS won't work.
GnuPG-bug-id: 6997
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Require libgpg-error 1.38 and libksba 1.4.0
* common/util.h: Remove error number substitutes.
--
These versions were already needed for a successful compilation,
but it was not reflected by configure.
GnuPG-bug-id: 6974
Signed-off-by: Ángel González <[email protected]>
util.h patch by wk.
|
| |
|
|
|
|
|
| |
* sm/minip12.c (parse_bag_encrypted_data): Need 32 bytes.
--
GnuPG-bug-id: 6757
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_change_pin): Make sure new PIN length
is longer than MINLEN.
--
GnuPG-bug-id: 6843
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 2376cdff1318688d94c95fd01adc4b2139c4a8c7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (wipe_and_free_string, wipe_and_free): Enable
functions.
(pin2hash_if_kdf): Change interface. The input PIN is not anymore
changed. Further there are no more assumptions about the length of
the provided buffer.
(verify_a_chv): Adjust for changed pin2hash_if_kdf.
(verify_chv2): Ditto
(verify_chv3): Ditto.
(do_change_pin): Ditto.
(do_sign): Ditto.
--
Note that this a part of the patch
63bda3aad8ec4163b0241f64e8b587d665d650c3 which we used in 2.4 to
implement a PIN cache. For easier backporting we need to add this
here.
|
| |
|
|
|
|
|
|
|
|
| |
* tools/gpgconf.c (opts): Use ARGPARSE macros.
--
GnuPG-bug-id: 6902
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 2be53b214d1c9205f5326ca663115200609d8df4)
|
| |
|
|
|
|
|
|
| |
* dirmngr/crlcache.c (crl_parse_insert): Add
VALIDATE_FLAG_TRUST_SYSTEM.
--
GnuPG-bug-id: 6963
|
| |
|
|
|
|
|
|
| |
* common/exechelp-w32.c (gnupg_spawn_process): Fix macro.
--
Fixes-commit: 7ba44d15ca2f800c402a56eb71bb524f91ea2ffa
GnuPG-bug-id: 6961
|
| |
|
|
|
|
| |
--
Was already fixed in 2.4. A 2.2 user reported this to g10 Code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_learn): Add option --reallyforce.
* agent/findkey.c (agent_write_private_key): Implement reallyforce.
Also add arg reallyforce and pass it along the call chain.
* g10/call-agent.c (agent_scd_learn): Pass --reallyforce with a
special force value.
* g10/keygen.c (card_store_key_with_backup): Use that force value.
--
This was a regression in 2.2.42. We took the easy path to fix it by
getting the behaviour back to what we did prior to 2.2.42. With GnuPG
2.4.4 we use an entire different and safer approach by introducing an
ephemeral private key store.
GnuPG-bug-id: 6944
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* g10/sign.c (do_sign): Skip compliance check for revocation certs.
--
It just does not make sense to inhibit the creation of revocations
depending on the compliance mode. We do this only for key revocation
but not for another kind of revocation because the rationale for uid
or subkey revocation is more complicated to explain.
|
| |
|
|
|
|
|
|
| |
* tools/gpgconf.c (show_version_gnupg): Read and parse the entire
VERSION file.
--
GnuPG-bug-id: 6918
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (copy_dir_with_fixup) [W32]: Fold double
backslashes.
--
This is in general no problem but when we hash or compare the directory
to test whether tit is the standard home directory, we may use a
different socket file and thus a second instance of a daemon.
GnuPG-bug-id: 6833
|
| | |
|
| | |
|
| |
|
|
|
| |
* g10/keyserver.c (keyserver_refresh): Use ngettext to avoid msgmerge
warnings.
|
| |
|
|
|
|
|
|
| |
* sm/keylist.c (list_cert_colon): Map not_trusted to 'n' for non-root
certs like we do for root certs.
--
GnuPG-bug-id: 6841
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (ecc_writekey): Remove the useless check and print
a diagnostic if the default params are used.
--
Note that here in 2.2 we use different default ECDH parameters than in
2.4 (AES192 instead of AES256 for 384 bit curves).
GnuPG-bug-id: 6378
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (read_key_file): Add optional arg r_orig_key_value
to return the old Key value. Change all callers.
(agent_write_private_key): Detect whether the Key entry was really
changed.
--
GnuPG-bug-id: 6829
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/name-value.c (struct name_value_container): Add flag
"modified".
(nvc_modified): New.
(nvc_new): Set flag.
(_nvc_add): Set flag.
(nvc_delete): Set flag.
(nve_set): Add arg PK. Change the caller. Check whether to change at
all.
* agent/findkey.c (agent_write_private_key): Update only if modified.
--
This helps software which uses a file system watcher to track changes
to private keys. In particular smartcard triggered changes are a
problem for such software because this may at worst trigger another
smartcard read.
GnuPG-bug-id: 6829
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* dirmngr/Makefile.am (dirmngr_LDADD): Fix type in dirmngr_rc_objs.
--
We had a dependency but due to the typo the resource file was not
linked.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
GnuPG-bug-id: 6654
The drawback of this solution is that we don't see any IPC lines from
the assuan_transact. Everything else would require larger changes to
libassuan.
|
| |
|
|
|
|
| |
* sm/minip12.c (parse_bag_encrypted_data): Set the badpass flag.
(parse_shrouded_key_bag): Ditto.
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.
--
Cherry pick from master commit of:
ec1446f9446506b5fbdf90cdeb9cbe1f410a657e
GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/compliance.h (PK_ALGO_FLAG_ECC18): New.
* common/compliance.c (gnupg_pk_is_allowed): Implement.
* sm/decrypt.c (gpgsm_decrypt): Pass new flag.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6802
|
| |
|
|
|
|
|
|
|
|
| |
* sm/encrypt.c (gpgsm_encrypt): Unify use of RC and ERR.
* sm/sign.c (gpgsm_sign): ditto.
--
Initially we didn't used the gpg_error_t thingy and while migrating
we sometimes used RC and ERR for tracking the error. This is pretty
error prone and thus we better remove it (after 20 years).
|
| |
|
|
|
|
|
|
|
|
| |
* common/openpgp-oid.c (get_keyalgo_string): Do not strdup NULL.
--
Cherry pick 2.4/master commit of:
385f4841330e277949ddf2f13939b97481d2d29c
GnuPG-bug-id: 5963
|
| |
|
|
|
|
|
|
| |
* common/gettime.c (asctimestamp) [W32]: Use ".UTF8" for the locale.
--
This has been suggested by the reporter of
GnuPG-bug-id: 6741
|
