| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private
keys.
(pubkey_algo_string): Ditto.
* scd/app-openpgp.c (do_writekey): Switch key attributes
--
The scd WRITEKEY command for OpenPGP cards missed proper support to
aautomagically switch key attributes based on the new key. We had
this only in GENKEY.
GnuPG-bug-id: 6378
|
|
* dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New.
* dirmngr/crlcache.c (cache_isvalid): Set this status.
(crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
(crl_cache_reload_crl): Move diagnostic to ...
* dirmngr/crlfetch.c (crl_fetch): here.
* dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
* dirmngr/validate.c (check_revocations): Handle new status. Improve
diagnostics.
* common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ.
* common/audit.c (proc_type_verify): Ditto.
--
This avoids repeated loading of CRLs in case of untrusted root
certificates.
|
|
* common/ksba-io-support.c: Include tlv.h
(struct reader_cb_parm_s): Add new fields.
(starts_with_sequence): New.
(simple_reader_cb): Handle stripping.
* common/ksba-io-support.h (GNUPG_KSBA_IO_STRIP): New.
(gnupg_ksba_create_reader): Handle the new flag.
* sm/verify.c (gpgsm_verify): Use the new flag for detached
signatures.
--
Note that this works only if --assume-binary is given. The use case
for the feature is PDF signature checking where the PDF specs require
that the detached signature is padded with zeroes.
|
|
--
|
|
* common/openpgp-oid.c (oidtable): Add them.
(oid_ed25519_v5, oid_cv25519_v5): New.
(openpgp_oidbuf_is_ed25519): Take new OID in account.
(openpgp_oidbuf_is_cv25519): Ditto.
--
ed25519 is used in GnuPG and other implementations since 2015 and thus
we can't simply switch to the shorter OIDs. However, we have not
widely used them with v5 keys (only ed448 forced the use of v5) and
thus it might be possible to use the new OIDs with v5 keys.
Note that Libgcrypt supports the new OIDs even in 1.8.
|
|
* common/name-value.c (nvc_get_boolean): Rewrite.
--
The function may now return a positive or negative number instead of
just 1 for true. All callers were already prepared for this.
GnuPG-bug-id: 6212
|
|
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--
The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key. The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.
Fixes-commit: fb26e144adfd93051501d58f5d0d4f8826ddf436
GnuPG-bug-id: 5655
|
|
--
Note that we now print Copyright g10 Code instead of FSF.
|
|
* common/miscellaneous.c (is_file_compressed): Add detect code.
--
GnuPG-bug-id: 6332
|
|
* common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature.
(file_filter): Implement peeking.
(iobuf_ioctl): Add new IOBUF_IOCTL_PEEK.
* common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New.
* common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF.
* g10/encrypt.c (encrypt_simple): Peek before detecting compression.
(encrypt_crypt): Ditto.
* g10/sign.c (sign_file): Also detect already compressed data.
* g10/options.h (opt): Add explicit_compress_option.
* g10/gpg.c (main): Set opt.explicit_compress_option for -z.
--
Note that this patch also introduces a compression check for signing
which was never done in the past.
GnuPG-bug-id: 6332
|
|
--
|
|
* common/compliance.c (gnupg_pk_is_compliant): Also consider the
gcrypt vids for ECDSA et al.
(gnupg_pk_is_allowed): Ditto.
* sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance
notice for a non-compliant key.
* sm/certchain.c (gpgsm_validate_chain): Silence the "switching to
chain model".
|
|
* common/init.c (_init_common_subsystems): Test and set the DEP
Policy.
--
Note that this change will now definitely require Windows XP SP3.
|
|
* common/mapstrings.c (map_static_macro_string): Add hack.
--
|
|
* common/all-tests.scm: Conditionalize by *win32*.
* tests/cms/Makefile.am (GPGSM): Add missing GPGSM.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Add EXEEXT.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* Makefile.am (check-all): Add EXEEXT.
* agent/all-tests.scm: Append EXEEXT.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.c (gnupg_unsetenv): Don't use nonstandard extension
of "NAME", but "NAME=".
--
Microsoft implementation of putenv works to remove an environment
variable by "NAME=".
POSIX doesn't say that putenv with "NAME=" has same effect. GNU
implementation doesn't support this way for removal of environment
variable.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.c (gnupg_tmpfile): Use different value for next
attempt.
--
The resolution of system timer is typically in the range of 10
milliseconds to 16 milliseconds. Thus, before the change, it may
fail. Actually, it failed with Wine emulation.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/Makefile.am (HAVE_W32CE_SYSTEM): Remove conditional build.
(common_sources): Remove exechelp-w32ce.c.
* common/asshelp.c [HAVE_W32CE_SYSTEM]: Remove the support.
* common/common-defs.h [HAVE_W32CE_SYSTEM]: Likewise.
* common/dotlock.c [HAVE_W32CE_SYSTEM]: Likewise.
* common/exechelp-posix.c [HAVE_W32CE_SYSTEM]: Likewise.
* common/exechelp-w32.c [HAVE_W32CE_SYSTEM]: Likewise.
* common/gettime.c [HAVE_W32CE_SYSTEM]: Likewise.
* common/exechelp-w32ce.c: Remove.
* po/POTFILES.in: Update to remove common/exechelp-w32ce.c.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/exechelp-posix.c (do_exec): Remove PREEXEC argument.
(gnupg_spawn_process): Likewise.
(gnupg_spawn_process_fd): Follow the change of do_exec.
(gnupg_spawn_process_detached): Likewise.
* common/exechelp-w32.c (gnupg_spawn_process): Remove PREEXEC.
* common/exechelp.h (gnupg_spawn_process): Remove PREEXEC.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* tests/gpgscm/ffi.c (do_spawn_process): Likewise.
* tools/gpgconf-comp.c (gc_component_check_options): Likewise.
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.
--
PREEXEC is not portable feature and it's not used.
GnuPG-bug-id: 6249
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.c [HAVE_W32_SYSTEM] (gnupg_stat): Select
appropriate structure.
--
GnuPG-bug-id: 5897
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/iobuf.c [!HAVE_W32_SYSTEM] (iobuf_get_filelength): Use fp.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/tlv.c (parse_ber_header): Protect agains integer overflow.
--
Although there is no concrete case where we use the (nhdr + length),
it is better to protect against this already here.
|
|
* common/iobuf.c (iobuf_copy): Use log_assert. Explicitly cast error
return value.
* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.
* g10/encrypt.c (encrypt_filter): Immediately set header_okay.
--
The second fix avoids repeated error message about non-compliant keys.
Updates-commit: a51067a21f688086bd8e44234a88ae367582cc76
Ported-from: aa0c942521d89f4f0aac90bacaf8a7a7cefc88d8
GnuPG-bug-id: 6174
|
|
* common/homedir.c (unix_rootdir): Add ".enable" statement to
gpgconf.ctl
* tests/gpgconf.ctl.in: Use this statement.
* tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Enable .enable.
(TESTS_ENVIRONMENT): Ditto.
* tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/migrations/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto.
--
Without that it was required to delete the gpgconf.ctl to run manual
tests.
What a hack.
|
|
* common/init.h: Remove GPG_ERR_SOURCE_UNKNOWN check.
--
GnuPG-bug-id: 6200
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/t-recsel.c (main): Don't need to call init_common_subsystems.
--
GnuPG-bug-id: 6200
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/gettime.c (gnupg_get_time): It has no arguments.
* common/signal.c (gnupg_block_all_signals): Likewise.
(gnupg_unblock_all_signals): Likewise.
* common/utf8conv.c (get_native_charset): Likewise.
* g10/cpr.c (is_status_enabled, cpr_enabled): Likewise.
* g10/getkey.c (getkey_disable_caches): Likewise.
* g10/keygen.c (ask_expiredate): Likewise.
* g10/passphrase.c (have_static_passphrase): Likewise.
(get_last_passphrase): Likewise.
* g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise.
(tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise.
(tdbio_read_nextcheck): Likewise.
* g10/trustdb.c (how_to_fix_the_trustdb): Likewise.
* scd/scdaemon.c (scd_get_socket_name): Likewise.
* sm/passphrase.c (have_static_passphrase): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
This reverts commit 8e63e813c7404e1dae1def98e0f45d148f71082d.
The change broke adding existing ECDH encryption subkeys to a key.
GnuPG-bug-id: 5555
|
|
* common/ssh-utils.c (ssh_public_key_in_base64): Use standard name for
ECC curve.
--
See oidtable in common/openpgp-oid.c.
Fixes-commit: 8e650dbd48fa5fde6d8f08154e6a892d495e9227
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/name-value.c (nvc_first): Allow for NULL arg.
(nvc_lookup): Allow for PK being NULL.
--
GnuPG-bug-id: 6176
|
|
* common/comopt.c (opts): Add "no-autostart".
(parse_comopt): Set it.
* common/comopt.h (comopt): Add no_autostart.
* g10/gpg.c (main): Take care of the new option.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add.
(main): Parse common options and handle new option.
* tools/gpg-card.c (main): Ditto.
(cmd_yubikey): Fix minor error reporting issue.
* common/util.h (GNUPG_MODULE_NAME_CARD): New const.
* common/homedir.c (gnupg_module_name): Support it.
--
Having a global option makes it easier to use disable autostart on a
server which is required to use a remote gpg-agent reliable.
|
|
* common/name-value.c (nvc_get_boolean): New.
|
|
* common/sysutils.c (gnupg_allow_set_foregound_window): Print warning
only with debug flag set.
|
|
* common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and
change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key. Indicate whether the HKLM fallback was used.
--
Note that this is backport from 2.2. The new support there for
REG_DWORD needs to be implemented in libgpg-error, though.
|
|
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map ECC to ECDSA
which is similar to what we do at opther places in gpg.
--
GnuPG-bug-id: 5555
|
|
* agent/call-daemon.c (daemon_start): Don't put file descriptor from
log_get_fd to no_close_list.
* agent/call-pinentry.c (start_pinentry): Likewise.
* common/call-gpg.c (start_gpg): Likewise.
* call-syshelp.c (start_syshelp): Likewise.
* tools/gpg-connect-agent.c (main): Likewise.
--
GnuPG-bug-id: 5921
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--
This is similar to parse_debug_flags but does not support specifying a
value. This way we can more easily change the internal values or
re-use them for other purposes.
|
|
* common/dynload.h (dlopen): Use LoadLibraryEx and remove Windows CE
support.
--
Mingw's libloadapi.h has no prototype for LoadLibrary. Thus we use
LoadLibraryEx which is available Since Windows XP.
|
|
* common/iobuf.c (iobuf_cancel): Use gnupg_remove
* common/mischelp.c (same_file_p): Allow for Unicode names.
--
Note that the second patch is used to handle Unicode filenames which
are symbolic links.
|
|
--
|
|
* common/openpgp-oid.c (get_keyalgo_string): Do not strdup NULL.
--
GnuPG-bug-id: 5963
|
|
* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.
--
GnuPG-bug-id: 5941
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/t-ssh-utils.c (main): Remove continue.
--
Obvious c+p bug.
Fixes-commit: 5e508ffcab185eb8149e2fb2833ce15820140368
|
|
* common/t-ssh-utils.c (main): Accept an error with MD5 in_fips_mode.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/t-ssh-utils.c (FLAGS_NOFIPS): New.
(sample_keys): Add flags member.
(main): Detect if libgcrypt is in FIPS mode, try SHA256 fingerprints
first and expect the MD5 ones will fail.
--
Signed-off-by: Jakub Jelen <[email protected]>
|
|
* dirmngr/crlfetch.c (crl_fetch, crl_fetch_default)
(ca_cert_fetch, start_cert_fetch): Factor Tor error out to ...
(no_crl_due_to_tor): new. Print status note.
* dirmngr/ks-engine-ldap.c (ks_ldap_get)
(ks_ldap_search, ks_ldap_put): Factor Tor error out to ...
(no_ldap_due_to_tor): new. Print status note.
* dirmngr/ocsp.c (do_ocsp_request): Print status note.
* sm/misc.c (gpgsm_print_further_info): New.
* sm/call-dirmngr.c (warning_and_note_printer): New.
(isvalid_status_cb): Call it.
(lookup_status_cb): Ditto.
(run_command_status_cb): Ditto.
* common/asshelp2.c (vprint_assuan_status): Strip a possible trailing
LF.
--
|
|
* common/t-session-env.c [HAVE_W32_SYSTEM] (test_all): HOME is not
defined, so, exclude the tests.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/Makefile.am (module_tests): Exclude t-exechelp and
t-exectool.
* common/t-stringhelp.c (mygetcwd): Convert '\' to '/'.
* tests/cms/Makefile.am: Add $(EXEEXT).
* tests/gpgme/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/exechelp-w32.c (handle_to_fd): Use intptr_t.
(gnupg_wait_processes): Fix to use pid_to_handle.
--
Both of original MinGW and MinGW-W64 use intptr_t for the first
argument of _open_osfhandle. So, intptr_t is better here.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
