| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
* common/homedir.c (check_portable_app): Fix the name of the control
file.
|
| |
|
|
| |
* agent/protect.c: Include cvt-openpgp.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
(check_portable_app) [W32]: New.
(standard_homedir, default_homedir) [W32]: Support the portable flag.
(w32_rootdir, w32_commondir) [W32]: Ditto.
(gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto.
* common/logging.h (JNLIB_LOG_NO_REGISTRY): New.
* common/logging.c (no_registry): New variable.
(log_set_prefix, log_get_prefix): Set/get that variable.
(do_logv): Do not check the registry if that variable is set.
--
Beware: This code has not been tested because it is not yet possible
to build GnuPG 2.1 for Windows. However, the code will be the base
for an implementation in 2.0.
A portable use of GnuPG under Windows means that GnuPG uses a home
directory depending on the location of the actual binary. No registry
variables are considered. The portable mode is enabled if in the
installation directory of the the binary "gpgconf.exe" and a
file "gpgconf.ctl" are found. The latter file is empty or consists
only of empty or '#' comment lines.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
--
Some gcc versions emit deprecated warning for such flagged Libgcrypt
symbols; even if they are not used.
|
| |
|
|
| |
--
|
| |
|
|
| |
* dirmngr/ldap-url.c (LDAP_SCOPE_DEFAULT): Define if missing.
|
| |
|
|
| |
* scd/apdu.c (pcsc_dword_t) [W32]: Fix syntax error.
|
| |
|
|
|
|
|
|
|
| |
* common/dns-cert.c (get_dns_cert) [USE_ADNS]: Fix synatx error.
--
(fixes commit 31f548a18aed729c05ea367f2d8a8104480430d5)
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* common/w32-reg.c (write_w32_registry_string): Comment out.
|
| |
|
|
| |
* dirmngr/get-path.c: Remove.
|
| |
|
|
| |
* sm/keydb.c, sm/keydb.h: Remove disabled code parts.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac (AM_INIT_AUTOMAKE): Replace 2 argument form by the
option form. Add options from the top Makefile.
(AM_CONFIG_HEADER): Rename to AC_CONFIG_HEADER.
* Makefile.am (AUTOMAKE_OPTIONS): Remove.
* kbx/Makefile.am: Remove INCLUDES. Include cmacros.am. FActor some
AM_CPPFLAGS options to AM_CFLAGS.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong
resolve conflict 2013-04-25.
(gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps
(gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags.
--
This fixes 88e24341e57c96e31a25e92e09d67989e64cc1c1. Thanks to
Christian Aistleitner for pinpointing this bug. Am sorry for accusing
automake to have introduced this bug; I should have washed my own eyes.
GnuPG-bug-id: 1511
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_import_key): Add option --unattended.
* agent/cvt-openpgp.c (convert_transfer_key): New.
(do_unprotect): Factor some code out to ...
(prepare_unprotect): new function.
(convert_from_openpgp): Factor all code out to ...
(convert_from_openpgp_main): this. Add arg 'passphrase'. Implement
openpgp-native protection modes.
(convert_from_openpgp_native): New.
* agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion
* agent/protect-tool.c (convert_from_openpgp_native): Ditto.
* agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all
callers. Support openpgp-native protection.
* g10/call-agent.c (agent_import_key): Add arg 'unattended'.
* g10/import.c (transfer_secret_keys): Use unattended in batch mode.
--
With the gpg-agent taking care of the secret keys, the user needs to
migrate existing keys from secring.gpg to the agent. This and also
the standard import of secret keys required the user to unprotect the
secret keys first, so that gpg-agent was able to re-protected them
using its own scheme. With many secret keys this is quite some
usability hurdle. In particular if a passphrase is not instantly
available.
To make this migration smoother, this patch implements an unattended
key import/migration which delays the conversion to the gpg-agent
format until the key is actually used. For example:
gpg2 --batch --import mysecretkey.gpg
works without any user interaction due to the use of --batch. Now if
a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent
has to ask for the passphrase anyway, converts the key from the
openpgp format to the internal format, signs, re-encrypts the key and
tries to store it in the gpg-agent format to the disk. The next time,
the internal format of the key is used.
This patch has only been tested with the old demo keys, more tests
with other protection formats and no protection are needed.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* common/sexputil.c (sexp_to_string, canon_sexp_to_string): New.
(log_printcanon, log_printsexp): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to
gcry_sexp_canon_len.
--
We used to pass KEYLEN to the gcry_sexp_canon_len for no good reason:
convert_from_openpgp is guaranteed to return a valid canonical
S-expression and KEYLEN would thus act only as an upper limit. This
is not a problem because usually the original input key is longer than
the returned unprotected key. A future patch may change this
assertion and thus we better fix this bug now.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oDisableCheckOwnSocket): New.
(disable_check_own_socket): New.
(parse_rereadable_options): Set new option.
(check_own_socket): Implement new option.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/gnupg.ico: New. Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.
--
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 049b3d9ca0285d15c00c215ac9b533c994196ca4)
Solved conflicts in:
agent/Makefile.am
common/Makefile.am
g10/Makefile.am
scd/Makefile.am
sm/Makefile.am
tools/Makefile.am
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* doc/gpg.texi: Fix syntax and add missing menu entries.
* doc/gpgsm.texi: Fix subsectioning.
--
These five patches fix some warnings from Texinfo 5 by adding some
missing nodes and changing some sections to subsections, and moving an
'@end ifset' to the start of a line. I also noticed the 'Deprecated
options' subsection didn't appear in the GPG options menu, so I added
it. (Texinfo never warned about it because it was after the last node
in the menu.)
1) doc/gpg.texi: move '@end ifset' to start of line
2) doc/gpg.texi: Add missing node for 'Compliance options' section.
3) doc/gpg.texi: add node for 'Deprecated options' subsection.
4) doc/gpg.texi: make 'Unattended key generation' a subsection
5) doc/gpgsm.texi: fix subsectioning for Unattended Usage
(all 5 merged into one patch by wk)
(cherry picked from commit 4d67f59a336bfa0ff19fc23209940724196fd886)
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--
This fixes an obvious bug in locales where the translated string is
longer than the original. The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.
En passant we also removed the trailing white space on continued
lines.
Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
(cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1)
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric,
--send-keys, and --recv-keys.
--
GnuPG-bug-id: 1064
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* common/estream.c (es_func_fp_write): Call fflush after fwrite.
|
| |
|
|
|
|
|
|
|
|
|
| |
* doc/Makefile.am (.fig.jpg): Correct to use -L jpeg.
* doc/gpg.texi: Fix cross reference for --options.
* doc/gpgsm.texi: Likewise.
* doc/gpl.texi: Fix enumerate and re-indent examples.
--
Reported-by: Ian Abbott
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
* common/homedir.c (gnupg_module_name): It's now libexecdir.
* scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
(bin_PROGRAMS): Remove scdaemon.
|
| | |
|
| |
|
|
|
|
|
| |
* scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when
PCSC_STATE_PRESENT.
* scd/pcsc-wrapper.c (handle_status): Ditto.
|
| |
|
|
|
|
| |
* scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use
pcsc_dword_t.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (update_reader_status_file): Add condition
vr->status == 0.
--
To reproduce the bug: (1) insert card,
(2) run "gpg2 --card-status",
(3) remove card, (4) invoke "gpg2 --card-edit",
(5) invoke some command like "verify"
The last step fails (but with no error message to user).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word)
when a word was 16-bit.
(struct reader_table_s): Fixes for types.
(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
Throughout: Fixes for types.
* scd/pcsc-wrapper.c: Likewise.
--
Problem reported for 1.4.x by the issue 1358.
|
| |
|
|
| |
* po/LINGUAS: Enable ja.po.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
of maxlen for pinpad input is now 15 (was: 25).
* scd/ccid-driver.c (ccid_transceive_secure): Likewise.
--
For newer PC/SC, it is better to use FEATURE_GET_TLV_PROPERTIES to get
bMaxPINSize.
|
| |\
| |
| |
| | |
--
|
| | |
| |
| |
| | |
* g10/keylist.c (print_capabilities): Print '?' for unknown usage.
|
| | |
| |
| |
| | |
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--
We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature. Thus if key
flags are used in any way, the default key capabilities are never
used.
This allows to create a key with key flags set to all zero so it can't
be used. This better reflects common sense.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
APDU.
--
This is still ad hoc change, but it's OK. Supporting full extended
APDU exchange level is not worth yet.
|
| | |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (du_auth): Fix.
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (do_sign): Only prepend message digest block
for RSA or do_auth.
(do_auth): Remove message digest block for ECDSA.
--
If we don't need to check the message digest block by SCDaemon, we
don't requite the message digest block for ECDSA by gpg-agent.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (key_type_t): New.
(CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
(struct app_local_s): Change keyattr to have key_type and union.
(get_ecc_key_parameters, get_curve_name): New.
(send_key_attr, get_public_key): Support ECDSA.
(build_privkey_template, do_writekey, do_genkey): Follow the change
of the member KEY_ATTR.
(parse_historical): New.
(parse_algorithm_attribute): Support ECDSA.
--
Add ECDSA support to OpenPGP card.
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| | |
* configure.ac: Require libgpg-error 1.11.
* common/util.h (GPG_ERR_NO_KEYSERVER, GPG_ERR_INV_CURVE)
(GPG_ERR_UNKNOWN_CURVE): Remove fallback definitions.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/agent.h (divert_pksign): Add R_SIGLEN argument.
* agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN.
* agent/call-scd.c (agent_card_pksign): Move composition of
S-expression to...
* agent/pksign.c (agent_pksign_do): ... here.
--
Composing S-expression would be better to be done by SCDaemon.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
|
| | |
| |
| |
| |
| |
| |
| | |
* tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused
used_components.
* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg.
* g13/g13.c (main): Comment variable of yet unimplemented options.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.
* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--
Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released. If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.
|
| | |
| |
| |
| | |
* g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
|
