| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* g10/keygen.c (curve_is_448): New.
(do_create_from_keygrip): Pass arg keygen_flags byref so that it can
be updated. Set v5 flag for X448.
(gen_ecc): Ditto.
(do_create): Change keygen_flags as above. For robustness change
checking for Ed448.
(do_generate_keypair): Change keygen_flags as above
(generate_subkeypair): Ditto.
(gen_card_key): Ditto. Support v5 keys.
--
GnuPG-bug-id: 6942
|
|
* g10/keygen.c (proc_parameter_file): Don't include RENC in the
default usage.
--
Testplan:
$ gpg --gen-key --batch <<EOF
Key-Type: EDDSA
Key-Curve: ed448
Key-Usage: cert
Name-Real: Meh Muh
Name-Email: [email protected]
Expire-Date: 2025-01-01
Passphrase: abc
subkey-type: ecdh
Subkey-curve: cv448
EOF
and check that the R flag does not show up in the usage.
|
|
* g10/getkey.c (parse_def_secret_key): Track reason for skipping keys.
--
GnuPG-bug-id: 4704
|
|
* g10/keygen.c (parse_revocation_key): Actually allow for v4
fingerprints.
--
Note that the use of the parameter file is deprecated.
GnuPG-bug-id: 6923
|
|
* g10/sign.c (do_sign): Skip compliance check for revocation certs.
--
It just does not make sense to inhibit the creation of revocations
depending on the compliance mode. We do this only for key revocation
but not for another kind of revocation because the rationale for uid
or subkey revocation is more complicated to explain.
|
|
* g10/parse-packet.c (parse_key): Detect the SKI algo 253.
--
As long as we have not yet implemented this we should at least be
able to detect this case.
|
|
* g10/keyedit.c (keyedit_quick_addkey): Emit a ERROR status line.
(keyedit_quick_addadsk): Ditto.
--
GnuPG-bug-id: 6880
|
|
* g10/call-agent.c (agent_probe_secret_key): Do not return an error
but 0.
* g10/getkey.c (finish_lookup): Improve the selection of secret keys.
--
GnuPG-bug-id: 6831
|
|
* g10/keydb.c (keydb_add_resource): Check the FLAGS to call
keybox_compress.
--
GnuPG-bug-id: 6811
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/call-keyboxd.c (keydb_default_status_cb): New.
(keydb_update_keyblock): Add new status callback.
(keydb_insert_keyblock): Ditto.
(keydb_delete_keyblock): Ditto.
(search_status_cb): Also try the new status callback.
* sm/keydb.c (keydb_default_status_cb): New.
(keydb_insert_cert): Add new status callback.
(keydb_delete): Ditto
(search_status_cb): Also try the new status callback.
--
GnuPG-bug-id: 6838
|
|
* common/miscellaneous.c (is_openpgp_compressed_packet)
(is_file_compressed): Moved to ...
* common/iobuf.c: ... in this file.
(is_file_compressed): Change the argument to INP, the iobuf.
* common/util.h (is_file_compressed): Remove.
* common/iobuf.h (is_file_compressed): Add.
* g10/cipher-aead.c (write_header): Don't call write_status_printf
here.
(cipher_filter_aead): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/cipher-cfb.c (write_header): Don't call write_status_printf
here.
(cipher_filter_cfb): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
after call of iobuf_push_filter.
(encrypt_crypt): Likewise.
* g10/sign.c (sign_file): Likewise.
--
Cherry-pick from master commit of:
2f872fa68c6576724b9dabee9fb0844266f55d0d
GnuPG-bug-id: 6481
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/call-agent.c (agent_get_passphrase): Call
assuan_begin_confidential and assuan_end_confidential.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
GnuPG-bug-id: 6654
The drawback of this solution is that we don't see any IPC lines from
the assuan_transact. Everything else would require larger changes to
libassuan.
|
|
* g10/misc.c (pubkey_get_nenc): Add ky768 and ky1024 values.
* g10/parse-packet.c (read_octet_string): New.
(read_size_body): Rename to ...
(read_sized_octet_string): this and change args to update-able PKTLEN.
(parse_pubkeyenc): Split general parsing loop for easier reading.
Implement parser for the Kyber algorithms.
--
Take care: this has not been tested at all, it merely passes the
regression test for the other algos.
Kyber is also known as ML-KEM in FIPS-203.
The list mode is slighly changed: In case of a parsing error no data
is printed - before that already parsed data was printed.
GnuPG-bug-id: 6815
|
|
* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.
--
Cherry pick from master commit of:
ec1446f9446506b5fbdf90cdeb9cbe1f410a657e
GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/call-agent.c (default_inq_cb): Call assuan_begin_confidential
and assuan_end_confidential.
* sm/call-agent.c (default_inq_cb): Likewise.
--
GnuPG-bug-id: 6654
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/openpgpdefs.h (SIGSUBPKT_META_HASH): New.
(SIGSUBPKT_TRUST_ALIAS): New.
|
|
* g10/card-util.c (write_sc_op_status): Emit 3 and 4 in status line.
* tools/card-call-scd.c (status_sc_op_failure): Likewise.
--
Cherry-pick from master commit of:
64f5f7b74e428b15205f6e8ae14dec84663c3076
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/card-util.c (write_sc_op_status): Emit 3 and 4 in status line.
* tools/card-call-scd.c (status_sc_op_failure): Likewise.
--
GnuPG-bug-id: 6425
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/sign.c (sign_file): Initialize gcry_md_hd_t to NULL.
--
There are several jumps to leave before gcry_md_open is called so
md should be initialized to NULL to avoid calling gcry_md_close
on an uninitalized variable.
GnuPG-Bug-Id: T6780
|
|
* g10/keygen.c (card_store_key_with_backup): Fix memory leak on error.
|
|
* g10/keygen.c (parse_expire_string_with_ct): Use isotime2epoch_u64.
(parse_creation_string): Ditto.
--
GnuPG-bug-id: 6736
|
|
* g10/keygen.c (parse_expire_string_with_ct): Use new function
scan_secondsstr.
(parse_creation_string): Ditto.
--
Noet that we cap the seconds at the year 2106.
GnuPG-bug-id: 6736
|
|
* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where
appropriate.
* common/util.h: Add error codes missing in gpgrt 1.46.
* agent/call-pinentry.c (unlock_pinentry): Handle
GPG_ERR_BAD_RESET_CODE.
(agent_askpin): Ditlo. Also simply condition.
(agent_get_passphrase): Ditto.
* g10/call-agent.c (status_sc_op_failure): Handle
GPG_ERR_BAD_RESET_CODE.
* g10/card-util.c (write_sc_op_status): Ditto.
* tools/card-call-scd.c (status_sc_op_failure): Ditto.
|
|
* agent/trustlist.c (struct trustitem_s): Use unsigned int.
* common/audit.c (struct log_item_s): Likewise.
* g10/packet.h (struct seckey_info): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/Makefile.am (common_sources): Remove b64enc.c and b64dec.c.
(module_maint_tests): Remove t-b64.
(t_b64_LDADD): Remove.
* common/util.h: Remove the internal API.
* common/ssh-utils.c (get_fingerprint): Use the gpgrt_b64 API.
(ssh_public_key_in_base64): Likewise.
* dirmngr/crlfetch.c (my_es_read, crl_close_reader): Likewise.
* dirmngr/dirmngr-client.c (data_cb, do_lookup): Likewise.
* dirmngr/misc.c (armor_data): Likewise.
* g10/export.c (export_one_ssh_key, export_secret_ssh_key): Likewise.
* tools/gpg-card.c (cmd_writecert): Likewise.
* tools/mime-parser.c (parse_message_cb, mime_parser_release)
(process_part_data): Likewise.
* tools/wks-util.c (wks_armor_key): Likewise.
--
GnuPG-bug-id: 6734
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/gpg.c (main): Ignore --no-utf8-strings only on Windows.
--
Fixes-commit: 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8
Reported-by: Ingo Klöcker
|
|
Modelled after key_expires/key_expires_d.
This should be useful to detect upcoming certification expiry, so the
certifications can be renewed in advance of the expiry.
Signed-off-by: Robin H. Johnson <[email protected]>
|
|
* g10/trustdb.c (tdb_clear_ownertrusts): Detect stale validity
records.
--
GnuPG-bug-id: 6399
This problem was introduced by an actually very useful patch
2002-12-13 David Shaw <[email protected]>
[...]
* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.
[the last part]
The bug exhibited itself only after signing a key, deleting that key
and then re-importing the original non-signed key.
|
|
* g10/keyid.c (hash_public_key): Do not pass the version.
--
Fixes-commit: 1be7882344c5b3eae35539f6c3f490df197574bf
|
|
* g10/keyid.c (hash_public_key): Do not pass the version.
--
Fixes-commit: 1f76cbca35133969ccccfa324d633556e19a386c
|
|
* g10/gpg.c (oWithV5Fingerprint): New.
(opts): Add new option.
(main): Set option.
* g10/options.h (opt): Add with_v5_fingerprint.
* g10/keyid.c (hash_public_key): Factor out to ...
(do_hash_public_key): this. Add new arg to foce v5 style hashing.
(v5_fingerprint_from_pk): New.
(v5hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys
if the option is set.
--
GnuPG-bug-id: 6705
|
|
* g10/gpg.c (oWithV5Fingerprint): New.
(opts): Add new option.
(main): Set option.
* g10/options.h (opt): Add with_v5_fingerprint.
* g10/keyid.c (hash_public_key): Factor out to ...
(do_hash_public_key): this. Add new arg to foce v5 style hashing.
(v5_fingerprint_from_pk): New.
(v5hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys
if the option is set.
--
GnuPG-bug-id: 6705
|
|
* common/asshelp.h (ASSHELP_FLAG_AUTOSTART): New.
* common/asshelp.c (start_new_service): Rename arg autostart to flags
and adjust checks.
(start_new_gpg_agent): Likewise. Change all callers.
(start_new_keyboxd): Likewise. Change all callers.
(start_new_dirmngr): Likewise. Change all callers.
--
It is easier to have a generic flags arg instead of adding more and
more dedicated args. verbose and debug are kept as they are because
they are not boolean.
|
|
* agent/gpg-agent.c (thread_init_once): Call assuan_control.
* g10/gpg.c (main): Likewise.
* g13/g13.c (main): Likewise.
* kbx/keyboxd.c (thread_init_once): Likewise.
* scd/scdaemon.c (main): Likewise.
* sm/gpgsm.c (main): Likewise.
* tpm2d/tpm2daemon.c (main): Likewise.
--
GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* dirmngr/dirmngr.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(thread_init): Don't call assuan_set_system_hooks.
* g10/gpg.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* g13/g13.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Set the syscall clamp with gpgrt_set_syscall_clamp.
Don't call assuan_set_system_hooks.
* kbx/keyboxd.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* scd/scdaemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* sm/gpgsm.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* tpm2d/tpm2daemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
--
GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/options.h (COMPAT_PARALLELIZED): New.
* g10/filter.h (md_thd_filter_context_t): New type.
(md_thd_filter_set_md, md_thd_filter): New.
* g10/gpg.c (compatibility_flags): Update to support
COMPAT_PARALLELIZED.
* g10/mdfilter.c (struct md_thd_filter_context): New.
(lock_md, unlock_md, get_buffer_to_hash, put_buffer_to_recv): New.
(get_buffer_to_fill, put_buffer_to_send, md_thread): New.
(md_thd_filter, md_thd_filter_set_md): New.
* g10/sign.c (sign_file): Add support for md_thd_filter.
(sign_symencrypt_file): Likewise.
--
GnuPG-bug-id: 6570
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/keygen.c (enum para_name): Add pSUBKEYEXPIREDATE.
(proc_parameter_file): Add support for pSUBKEYEXPIREDATE.
(read_parameter_file): Add "Subkey-Expire-Date".
--
Cherry-pick from master commit of:
23bcb78d279ebc81ec9340356401d19cf89985f1
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/keygen.c (parse_expire_string_with_ct): New function, optionally
supply the creation time.
(parse_expire_string): Use parse_expire_string_with_ct with no
creation time.
(proc_parameter_file): Use parse_expire_string_with_ct possibly with
the creation time.
--
Cherry-pick from master commit of:
b07b5144ff6a9208ea27fe1e1518270bd22b382c
GnuPG-bug-id: 5252
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.h (FD_DBG): New.
* agent/gpg-agent.c (check_nonce): Use FD_DBG.
(do_start_connection_thread, start_connection_thread_ssh): Likewise.
* common/iobuf.c (fd_cache_close, file_filter, do_open): Likewise.
(do_iobuf_fdopen): Likewise.
* dirmngr/dirmngr.c (check_nonce, start_connection_thread)
(handle_connections): Likewise.
* dirmngr/http.c (_my_socket_new, _my_socket_ref): Likewise.
(_my_socket_unref): Likewise.
* g10/decrypt.c (decrypt_message_fd): Likewise.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/openfile.c (open_outfile): Likewise.
* g10/plaintext.c (get_output_file, hash_datafile_by_fd): Likewise.
* g10/verify.c (gpg_verify): Likewise.
* kbx/keyboxd.c (check_nonce, do_start_connection_thread): Likewise.
* scd/scdaemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.
* sm/gpgsm.c (open_es_fread, open_es_fwrite): Likewise.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.
--
GnuPG-bug-id: 6597
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/iobuf.c (iobuf_get_fd): Return type is now gnupg_fd_t.
* common/iobuf.h (iobuf_get_fd): Fix the return type.
* g10/misc.c (is_secured_file): Argument is now gnupg_fd_t.
* g10/main.h (is_secured_file): Fix the argument type.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/gpg.c (print_mds): Check by is_secured_filename, earlier.
* g10/tdbdump.c (import_ownertrust): Likewise.
--
GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/keygen.c (enum para_name): Add pSUBKEYEXPIREDATE.
(proc_parameter_file): Add support for pSUBKEYEXPIREDATE.
(read_parameter_file): Add "Subkey-Expire-Date".
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/keygen.c (parse_expire_string_with_ct): New function, optionally
supply the creation time.
(parse_expire_string): Use parse_expire_string_with_ct with no
creation time.
(proc_parameter_file): Use parse_expire_string_with_ct possibly with
the creation time.
--
GnuPG-bug-id: 5252
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/decrypt.c (decrypt_message_fd): Call is_secured_file here.
* g10/plaintext.c (get_output_file): Remove the call.
--
Fixes-commit: 71625f56fd98ab37bc05f1806b4b49a2e418ac37
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.h (gnupg_check_special_filename): New.
* common/sysutils.c (gnupg_check_special_filename): New.
* common/iobuf.c (translate_file_handle): Remove.
(iobuf_is_pipe_filename): Use gnupg_check_special_filename.
(do_open): Use gnupg_check_special_filename.
* g10/plaintext.c (get_output_file): Use gnupg_check_special_filename
and open_stream_nc.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/sysutils.h (open_stream_nc): New.
* common/sysutils.c (open_stream_nc): New.
* g10/decrypt.c (decrypt_message_fd): Use open_stream_nc.
* g10/server.c (cmd_verify): Likewise.
* kbx/kbxserver.c (prepare_outstream): Likewise.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* common/openpgpdefs.h (PUBKEY_ALGO_KY768_25519): New.
(PUBKEY_ALGO_KY1024_448): New.
(PUBKEY_ALGO_DIL3_25519): New.
(PUBKEY_ALGO_DIL5_448): New.
(PUBKEY_ALGO_SPHINX_SHA2): New.
* g10/keygen.c (parse_key_parameter_part): Force v5 keys for these
algos.
* g10/keyid.c (pubkey_string): Add mapping.
* g10/misc.c (openpgp_pk_algo_usage): Add standard key usage.
--
See draft-wussler-openpgp-pqc-01.txt for the code points. To limit
the number of algorithms, only MUST and SHOULD algorithms are
considered.
|
|
* g10/server.c (cmd_encrypt): Don't translate_sys2libc_fd, since it
requires HANDLE on Windows.
(cmd_decrypt): Likewise.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/openfile.c (open_outfile): Cast to int.
* g10/encrypt.c (encrypt_crypt): Ditto.
* g10/decrypt.c (decrypt_message_fd): Ditto.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/decrypt.c (decrypt_message_fd): Use gnupg_fd_t.
* g10/plaintext.c (hash_datafile_by_fd): Use gnupg_fd_t.
* g10/main.h: Fix the declarations.
* g10/mainproc.c (struct mainproc_context): Use gnupg_fd_t for
DATA_FD.
(proc_compressed_cb, proc_signature_packets): Follow the change.
(proc_signature_packets_by_fd): Use gnupg_fd_t.
* g10/packet.h: Fix the declaration.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
