| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (putty_message_proc): Don't call xfree with
MAPSID. It's a reference to an object inside PSD.
--
GnuPG-bug-id: 7799
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/crlfetch.c (fetch_cert_by_url): Use es_free.
* g10/revoke.c (gen_standard_revoke): Likewise.
* g10/tofu.c (ask_about_binding): Likewise.
* scd/command.c (cmd_readkey): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* tools/gpg-wks-client.c (command_create): Likewise.
* tools/call-dirmngr.c (wkd_get_policy_flags): Clean up no use of
BUFFER.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (sexp_key_construct): Use es_free to release
memory allocated by es_fclose_snatch.
(data_sign): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_menu): Factor some code out ...
(maybe_upload_key): New.
(keyedit_quick_adduid): Call it here.
(keyedit_quick_revuid): Ditto.
(keyedit_quick_set_primary): Ditto.
(keyedit_quick_update_pref): Ditto.
(keyedit_quick_sign): Ditto.
(keyedit_quick_revsig): Ditto.
(keyedit_quick_addkey): Ditto.
(keyedit_quick_addadsk): Ditto.
(keyedit_quick_set_expire): Ditto.
--
This should be the final part of
GnuPG-bug-id: 7333
|
| |
|
|
|
|
| |
* g10/gpg.c (oNoAutoKeyUpload): New.
(opts): Add "no-auto-key-upload".
(main): Clear the flag.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_menu): Add an upload flag and set it as
needed. On save upload to the keyserver.
--
That is the second part of
GnuPG-bug-id: 7333
and the next part will be to implement this for the quick commands.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (opt.flags): Add member auto_key_upload.
(EXPORT_NO_STATUS): New.
(KEYSERVER_LDAP_ONLY): New.
(KEYSERVER_WARN_ONLY): New.
* g10/gpg.c (oAutoKeyUpload): New.
(opts): New option --auto-key-upload.
(main): Set option.
* g10/keyserver.c (keyserver_export_pubkey): New.
(keyserver_put): Take care of the WARN_ONLY and LDAP_ONLY options.
Delay printing of the EXPORTED status.
* g10/keygen.c (do_generate_keypair): Export new key if option is set.
* g10/export.c (do_export_one_keyblock): Take care of the NO_STATUS
option.
(print_status_exported): Move function to ...
* g10/cpr.c (write_status_warning): here and make public.
--
This change also fixes a bug with --send-key which used to emit an
EXPORTED line before actually sending the key to the dirmngr. Thus if
the upload failed a EXPORTED status has already been emitted.
GnuPG-bug-id: 7333
This is the first part which handles the new key case. We also need
to implement an upload after key modifications.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (append_adsk_to_key): Add arg sigtimestamp and pass
that as signing time to make_keysig_packet.
* g10/keygen.c (append_all_default_adsks): Likewise.
(do_generate_keypair): Likewise.
--
For not anymore known reasons or maybe because I mixed up creation and
binding time the creation date of the ADSK was also used as the time
for the key binding signature. This works but is a bit surprising.
Now we use either the current time or, on key creation, the time
creation time of the primary key as we also do with the other
self-signatures.
GnuPG-bug-id: 6882
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (append_adsk_to_key): Add arg cache_nonce and pass on
to make_keysig_packet.
* g10/keygen.c (do_generate_keypair): Pass cache_nonce to
append_adsk_to_key.
--
GnuPG-bug-id: 7491
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (read_one_trustfile): Enabled the relax flag be
default. Add new keyword "norelax".
--
In any real world settings the "relax" flag is always set. Thus it is
better to make it the default and provide a way to disable it. In
fact, it is questionable whether this flag make sense at all. It is
some kind of legacy thing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (struct trustitem_s): Add flag "noconsent".
(read_one_trustfile): Set flag.
(istrusted_internal): Emit flag value.
* sm/call-agent.c (istrusted_status_cb): Parse flag.
* sm/certchain.c (do_validate_chain): Handle flag by using a different
true value for an existing variable.
* sm/sign.c (gpgsm_sign): Consult the new flag.
* sm/gpgsm.c (enum cmd_and_opt_values): Add oNoQESNote.
(opts): Add option --no-qes-note.
* sm/gpgsm.h (opt): Add field no_qes_note.
(struct rootca_flags_s): Add flag noconsent.
* sm/sign.c (gpgsm_sign): Take care of the noconsent flag.
* sm/qualified.c (gpgsm_qualified_consent): Take care of no_qes_note.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 7713
|
| |
|
|
|
| |
* sm/gpgsm.c (set_debug): Do not set the IPC debug flag when using
some debug-levels.
|
| |
|
|
|
|
|
| |
* g10/keygen.c (generate_subkeypair): Ask for Kyber variant.
--
GnuPG-bug-id: 7792
|
| |
|
|
| |
* common/sysutils.c (output_debug_string): New.
|
| |
|
|
|
|
|
| |
* g10/keygen.c (ask_algo): Do not show algo 16 in addmode.
--
GnuPG-bug-id: 7788
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
- change po/pt.po and AUTHORS files
Signed-off-by: Daniel Cerqueira <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* tools/gpg-auth.c: Replace most usage of "struct foo" by a typedef
"foo_t". Add comments. Use KEYGRIP_LEN instead of the number 20.
(struct learn_parm_s): Remove this unused struct.
--
GnuPG-bug-id: 5862
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (map_supervised_sockets): Fix spelling of
--deprecated-supervised.
* g10/gpg.c (main): Fix spelling of --quick-set-expire.
* scd/command.c (hlp_checkpin): Fix spelling of modifying.
* g10/decrypt.c (decrypt_message): Fix spelling of mutually.
--
Signed-off-by: Collin Funk <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/dirmngr.h (DBG_LDAP_VALUE, DBG_LDAP): New value and macro.
* dirmngr/dirmngr.c (debug_flags): Add "ldap".
* dirmngr/ks-engine-ldap.c: Improve debug output and use the new debug
flag instead of any debug value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (data_objects): Add more v3 DOs.
(do_setattr): New name GEN-ATTST as pseudo attribute to generate a
Yubikey attestation certificate.
--
Alhough this command seems to work, I am only able to get the
OPENPGP.3 cert back. This might be related to the bug described in
the commit 37b1c5c2004c1147a13b388863aaa8f0caf7d71f which implemented
the select data functionality and showed that it did not work on a
Yubikey. This time the test target was a Yubikey 5.4.3.
|
| |
|
|
| |
* sm/keylist.c (oidtranstbl): Add Yubikey OPGP related extensions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-ldap.c (SERVERINFO_CNFPR): New. Replace all
SERVERINFO_NTDS with this one.
(interrogate_ldap_dn): Parse "cnfpr" flag and set SERVERINFO_CNFPR.
Set this flag also for "ntds".
* doc/ldap/gnupg-ldap-init.ldif (pgpVersion): Suggest the use of the
"cnfpr" flag.
--
Note that SERVERINFO_NTDS is currently not anymore used directly but
we keep it in case we need to do other NTDS specific things in the
future.
The advantage of using a fingerprint for referencing a key is that
there won't be any collisions in the keyid. Further this unifies the
schema with an LDS (Windows) installation where DNs must anyway be
unique. But take care the client needs to support this new flag.
GnuPG-bug-id: 7742
|
| |
|
|
|
| |
* common/iobuf.c (is_file_compressed): Increase size of magic array.
Add magic for 7z.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/pkglue.c (do_encrypt_kem): Length of shared secret is the hash
length in this case, not the scalar length.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
| |
* g10/misc.c (parse_options): Also allow option "fullhelp". Print
current status of the option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (KEYSERVER_UPDATE_BEFORE_SEND): New.
* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_SILENT): New.
(KEYSERVER_IMPORT_FLAG_ONLYFPR): New.
(KEYSERVER_IMPORT_FLAG_UPDSEND): New.
* g10/gpg.c (main): Set default keyserver_options to
update-before-send.
* g10/keyserver.c (keyserver_opts): Add option "update-before-send".
(keyserver_export): Add optional arg assume_new_key.
(keyserver_import): Add arg flags. Act upon the new
KEYSERVER_IMPORT_FLAG_xxx values and pass flags on.
(keyserver_get_chunk): Ditto.
(keyserver_put): Add optional arg assume_new_key. Implement
update-before-send feature.
* g10/import.c (import_one_real): Take care of IMPORT_MERGE_ONLY when
passes in the option arg. Required for the update-before-send
feature.
--
This featureis enabled by default bu can be disabled using
--keyserver-flags no-update-before-send .
GnuPG-bug-id: 7730
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgtar-extract.c (gpgtar_extract): Do not close stderr.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
This is another regression which made it impossible to use use
--status-fd=2 and also swallowed all other stderr output from gpg.
This is somewhat related
GnuPG-bug-id: 7757
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgtar-extract.c (gpgtar_extract): Detect end-of-archive and
break loop.
* tools/gpgtar-list.c (gpgtar_list): Ditto. Also do not print
"running failed" if the exitcode is 0.
--
GnuPG-bug-id: 7757
In the old code (gnupg 2.4) we did not call gnupg_release_process when
cleaning up the gpg process and thus it could keep on running and
deliver its output to the status-fd. The new code does a
gnupg_release_process which sends a SIGTERM to a not yet terminated
process and thus the output was cut off.
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
| |
* g10/sign.c (mk_notation_policy_etc): Do not free ndmanu if not used.
--
GnuPG-bug-id: 7754
Fixes-commit: 11d3a83b04786c74fdbbbcdc99074c75666bd722
|
| |
|
|
|
|
|
| |
* agent/divert-scd.c (agent_card_ecc_kem): Check for 0x41 prefix.
--
GnuPG-bug-id: 7709
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (agent_card_pkdecrypt): Fix the type of R_BUF.
* agent/call-scd.c (agent_card_pkdecrypt): Likewise.
* agent/divert-scd.c (divert_pkdecrypt): Follow the change.
* agent/divert-scd.c (agent_card_ecc_kem): The prefix may be
0x02 or 0x03 depending on hidden y-coordinate.
--
Fixes-commit: 4ad08a8998fa16f8329fb57b0a47fe7a9b973700
GnuPG-bug-id: 7709
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-action.c (ks_action_del): Change some variable names and
comments.
* dirmngr/ks-engine-ldap.c (ks_ldap_del): Implement.
--
GnuPG-bug-id: 5447
Tested using OpenLDAP on Linux and with an LDS and AD on Windows.
|
| |
|
|
|
|
| |
--
I am not sure whether this really works.
|
| |
|
|
|
|
|
| |
--
These were floating around the working directory. Ley's keep them in
the repo.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (print_matching_notations): New.
* g10/mainproc.c (check_sig_and_print): Call this.
* g10/options.h (opt): Add field print_notations.
* g10/gpgv.c (oPrintNotation): New.
(opts): Add "print-notation".
(main): Implement.
--
I had the code floating around but can't remember what triggered me to
write this. But it might eventually be useful, so better apply it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* sm/call-agent.c (istrusted_status_cb): Clear the helper flags.
--
GnuPG-bug-id: 7738
Fixes-commit: ef2be95258d2e02659e96f6c4df5a9a1a233c8fd
which introduced the caching but go the flags wrong. The fallout from
this was that the qualified signature consent was show for non QES
certificates. Other flags are almost always the same and thus no
other harm was done.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_manu_notation_value): New.
* g10/build-packet.c (name_value_to_notation): New.
* g10/options.h (COMPAT_NO_MANU): New.
(LIST_SHOW_HIDDEN_NOTATIONS): New.
(VERIFY_SHOW_HIDDEN_NOTATIONS): New.
* g10/gpg.c (compatibility_flags): Add "no-manu".
(parse_list_options): Add "show-hidden-notations".
(main): Ditto for verify-options.
* g10/import.c (list_standalone_revocation): Implement new list option.
* g10/mainproc.c (check_sig_and_print):Ditto
* g10/keyedit.c (keyedit_print_one_sig): Ditto.
* g10/keylist.c (list_signature_print): Ditto.
(show_notation): Handle hidden notation.
* sm/keylist.c (oidtranstbl): Add OID for manu.
* g10/sign.c (mk_notation_policy_etc): Add arg with_manu and insert
extra notation.
(write_signature_packets): Request manu notation in certain cases.
(make_keysig_packet): Ditto.
--
See DETAILS for a description of the format. Obviously this leaks the
version of the used GnuPG version (major and minor only) and the fact
that it was generated by GnuPG. However, by close inspection of the
order of packets and and other meta data similar information can be
found. We include this information to help the support desk to figure
out problems. Sometimes users have very very old versions and the
help desk needs to employ core developers to figure the cause. Having
this information may eventually allow for better user support. This
feature can be disabled unless certain compliance modes are enabled.
|
| |
|
|
| |
* agent/command.c (cmd_istrusted): Improve arg parser.
|
| |
|
|
|
|
|
|
| |
* g10/sign.c (make_keysig_packet): Use signature class constants.
--
Having macros for the signature classes should make the code easier
to understand for newbies.
|
