| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow
empty string.
GnuPG-bug-id: 4633
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* g10/call-agent.c (learn_status_cb): Parse the KDF DO.
* g10/card-util.c (current_card_status): Show it correctly.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* scd/app-openpgp.c (check_keyidstr0: Relax the check.
Fixes-commit: b0f0791e4ade845b2a0e2a94dbda4f3bf1ceb039
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* g10/card-util.c (kdf_setup): Can be "off".
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | | |
| | | |
| | | |
| | | | |
--
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* kbx/keybox-update.c (keybox_compress): Use make_timestamp.
Signed-off-by: Werner Koch <[email protected]>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* g10/dek.h (DEK): Use debugger friendly type of unsigned int.
* g10/mainproc.c (symkey_decrypt_seskey): Add another check.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* doc/DETAILS: Fix.
GnuPG-bug-id: 4105
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
* dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear
add_system_cas.
GnuPG-bug-id: 4594
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/apdu.c (): Remove never set and useless macro.
* scd/ccid-driver.c: Ditto.
* scd/iso7816.c: Ditto.
--
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* doc/Makefile.am [MAINTAINER_MODE] (.svg.eps, etc.): Enable only
when maintainer-mode.
GnuPG-bug-id: 4280
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* common/openpgp-s2k.c: Fix.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/mainproc.c (proc_encrypted): Only call get_session_key when
PKENC_LIST is not NULL.
Return GPG_ERR_BAD_KEY, instead of GPG_ERR_NO_SECKEY, when
it's encrypted only by symmetric key.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* agent/call-pinentry.c (start_pinentry): It's not fatal when
pinentry doesn't support no-grab/grab option.
GnuPG-bug-id: 4587
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* scd/ccid-driver.c: Support a test program by ccid-driver.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/ccid-driver.c [GNUPG_MAJOR_VERSION] (DEBUGOUT): Use log_debug.
Fixes-commit: 79c99921e35921140c83d7c101829d95f038f3da
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/getkey.c (user_id_db): Remove, as no use anymore.
(get_user_id_string): Use cache_get_uid_bykid.
(get_user_id_byfpr): Use cache_get_uid_byfpr.
* g10/objcache.c (cache_get_uid_byfpr): New.
* g10/objcache.h (cache_get_uid_byfpr): New.
Fixes-commit: 64a5fd37271a3e454c0d59ac3500e1a1b232e4f7
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/import.c (read_block): Avoid O(N^2) append.
(sec_to_pub_keyblock): Likewise.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append.
GnuPG-bug-id: 4592
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* g10/import.c (import_one): Check options.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
--
Reported-by: Phil Pennock
Fixes-commit: 2e349bb6173789e0e9e42c32873d89c7bc36cea4
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* sm/call-agent.c (gpgsm_scd_pksign): Cast to integer for %b.
--
This fix is needed on big endian machine where size_t is bigger
than integer.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/ccid-driver.c (send_power_off): New.
(do_close_reader): Use send_power_off.
(ccid_get_atr): Add error recovery.
GnuPG-bug-id: 4616
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/app.c (app_do_with_keygrip): Break the entire loop.
Fixes-commit: 5a5288d051a551a1a8f169225e62572f6ee8cb10
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver. Remove keyserver lookup just by the
keyid. Try a WKD lookup before a keyserver lookup.
--
The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.
GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* tools/wks-receive.c (decrypt_data): Change limit.
--
The former limit ~1MiB of was used during development.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* sm/decrypt.c: Use TMP_RC for ksba_cms_get_issuer_serial,
and return the last error when no key is available.
Fix the error report with TMP_RC for second call of
ksba_cms_get_issuer_serial.
GnuPG-bug-id: 4561
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/mainproc.c (proc_encrypted): Check ->result against -1.
When c->dek == NULL, put GPG_ERR_NO_SECKEY only when not set.
* g10/pubkey-enc.c (get_session_key): Set k->result by the result of
get_it.
When no secret key is available for some reasons, return the last
specific error, if any.
GnuPG-bug-id: 4561
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.
--
inspired by patch from Damien Goutte-Gattat <[email protected]>
GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Originally applied to 2.2. Here a minor conflict fix was needed.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/gpg.c (main): Change default.
--
Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures. That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.
To revert to the old behavior add
keyserver-optiions no-self-sigs-only,no-import-clean
to gpg.conf.
GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
and skipped-local.
--
This change avoids error message like
gpg: error retrieving '[email protected]' via None: No public key
A 'None' mechanism is something internal.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
(get_best_pubkey_byname): Add arg 'mode' and pass on to
get_pubkey_byname. Change callers.
* g10/keylist.c (public_key_list): Add arg 'no_local'.
(locate_one): Ditto. Pass on to get_best_pubkey_byname.
--
This new command is a shortcut for
--auto-key-locate nodefault,clear,wkd,... --locate-key
and uses the default or configured AKL list but does so without local.
See also
GnuPG-bug-id: 4599
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/keydb.h (enum get_pubkey_modes): New.
* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
change all callers.
--
This change prepares the implementation of GET_PUBKEY_NO_LOCAL.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
(handle_send_request_error): Use it for 503 and 504.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
extra_tries.
--
This is a pretty stupid fix but one which works without much risk of
regressions. We could have used the existing TRIES but in that case
the fallback to other host would have been too limited. With the used
value we can have several fallbacks to other hosts. Note that the
TRIES is still cumulative and not per host.
GnuPG-bug-id: 4600
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
same.
--
GnuPG-bug-id: 4603
Signed-off-by: Werner Koch <[email protected]>
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/import.c (import_one): Rename to ...
(import_one_real): this. Do not print and update stats on keyring
write errors.
(import_one): New. Add fallback code.
--
GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
* g10/import.c (parse_import_options): Add option "self-sigs-only".
(read_block): Handle that option.
--
This option is intended to help against importing keys with many bogus
key-signatures. It has obvious drawbacks and is not a bullet-proof
solution because a self-signature can also be faked and would be
detected only later.
GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* g10/import.c: Change arg 'with_meta' to 'options'. Change callers.
--
This chnage allows to pass more options to read_block.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* tools/gpgconf-comp.c (gc_component_kill): Reverse the order.
--
The order matters in a corner case; On a busy machine, there was a
race condition between gpg-agent's running KILLAGENT command and its
accepting incoming request on the socket. If a request by
gpg-connect-agent was accepted, it resulted an error by sudden
shutdown. This change of the order can remove such a race.
Here, we know backend=0 is none.
GnuPG-bug-id: 4577
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* agent/call-pinentry.c (watch_sock_start): Factor out
from do_getpin.
(watch_sock_end): Likewise.
(do_getpin): Use those functions.
(agent_get_confirmation): Likewise.
(popup_message_thread): Likewise.
--
Pinentry's dialog for confirmation should be also closed cleanly, as
well as the dialog for pin-input.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
--
Thanks to Philippe.
Reported-by: Phillppe Antoine
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/app.c (check_application_conflict): Add args to pass a serialno.
* scd/command.c (open_card_with_request): Pass the serialno to
check_application_conflict.
--
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/app.c (compare_card_list_items): New.
(app_send_card_list): Sort the card objects by slot.
--
This is required so that in gpg-card a "list N" command always returns
the expected card. Sorting by slot should be sufficient.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/app-common.h (struct app_ctx_s): Add func ptr 'reselect'.
* scd/app-piv.c (do_reselect): New.
(app_select_piv): Move AID constant to file scope.
* scd/app-openpgp.c (do_reselect): New.
(app_select_openpgp): Move AID constant to file scope.
* scd/app.c (apptype_from_name): New.
(check_application_conflict): Check against all apps of the card.
Always set current_apptype.
(select_additional_application): New.
(maybe_switch_app): New.
(app_write_learn_status, app_readcert, app_readkey, app_getattr)
(app_setattr, app_sign, app_auth, app_decipher, app_writecert)
(app_writekey, app_genkey, app_change_pin, app_check_pin): Use it here.
(app_do_with_keygrip): Force reselect on success.
(app_new_register): Move setting of CURRENT_APPTYPE to ...
(select_application): here so that it will be set to the requested
card.
* scd/command.c (open_card_with_request): Select additional
application if possible.
--
Noet that we will likely need to rework this even more so to get well
defined semantics for card access.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/app.c (app_do_with_keygrip): Lock the card.
--
Better safe than sorry.
We should also review the card reference counting to see whether we
better ref the returned card object already here.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/app.c: Chnage all function dispatcher.
--
This change will allow us to easier integrate an app swithcing logic.
The change should have no user visible effect. The error checking we
do now with the card locked will rarely be asserted. It is the
correct thing to do anyway.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/app.c (check_conflict): Fold into ...
(check_application_conflict): this and adjust callers. Return a
different error code if it is possible to switch apps.
--
Right now this change does nothing visible.
Signed-off-by: Werner Koch <[email protected]>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* scd/scdaemon.h (struct server_control_s): Add 'current_apptype'.
* scd/command.c (scd_clear_current_app): New.
* scd/app.c (app_new_register): Set it.
(deallocate_card): Clear it.
--
Signed-off-by: Werner Koch <[email protected]>
|
