| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
* g10/ecdh.c [GCRYPT_VERSION_NUMBER] (derive_kek): Conditionalize.
--
Note that it's compile-time check.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/ecdh.c (derive_kek): Use KDF API of libgcrypt.
--
GnuPG-bug-id: 5964
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_send_available_keys): Do not bump
key_counter for ignored keys. Also use opt.debug instead of
opt.verbose and fix a memory leak.
--
The error shown by "ssh-add -l" before this fix was:
error fetching identities: incomplete messag
Fixes-commit: 193fcc2f7a8cca5240ce50499c54f99235a87e1c
GnuPG-bug-id: 5996
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here. Implement --no-user-trustlist.
--
With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt. However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.
The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.
GnuPG-bug-id: 5990
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--
Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong. Fixed by always using a break to
terminate the escape detection loop. Might have happened for all
status lines which may wrap.
GnuPG-bug-id: T6027
|
| |
|
|
|
|
|
|
|
| |
* g10/keygen.c (keygen_set_std_prefs): Use the right variable when
reading AEAD preference string
--
GnuPG-bug-id: 6019
Signed-off-by: Jakub Jelen <[email protected]>
|
| |
|
|
|
|
|
| |
--
validate.c:1103:13: warning: ‘saltlen’ may be used uninitialized
in this function [-Wmaybe-uninitialized]
|
| |
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.
|
| |
|
|
|
|
|
|
|
|
| |
* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--
This is similar to parse_debug_flags but does not support specifying a
value. This way we can more easily change the internal values or
re-use them for other purposes.
|
| |
|
|
|
|
|
|
|
| |
* scd/command.c (cmd_learn): Allow keygrip argument.
--
GnuPG-bug-id: 6002
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_readcert): Allow use of keygrip.
--
GnuPG-bug-id: 6002
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* common/dynload.h (dlopen): Use LoadLibraryEx and remove Windows CE
support.
--
Mingw's libloadapi.h has no prototype for LoadLibrary. Thus we use
LoadLibraryEx which is available Since Windows XP.
|
| |
|
|
|
|
|
|
|
| |
* common/iobuf.c (iobuf_cancel): Use gnupg_remove
* common/mischelp.c (same_file_p): Allow for Unicode names.
--
Note that the second patch is used to handle Unicode filenames which
are symbolic links.
|
| |
|
|
| |
--
|
| |
|
|
|
| |
* tools/gpg-connect-agent.c (enum cmd_and_opt_values): Move
oUnBuffered more to the top so that oNoop won't not get the value 'v'.
|
| |
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_readkey): Handle --format=ssh to return key
in SSH format.
--
GnuPG-bug-id: 6012
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tools/gpg-connect-agent.c (handle_inquire): When the helper program
exit status is not 0, it means cancellation, now.
--
GnuPG-bug-id: 6010
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tools/gpg-connect-agent.c (cmd_and_opt_values): Add oUnBuffered.
(opts, opt): Likewise.
(main): When unbuffered, set gpgrt_stdin/stdout accordingly.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app-nks.c (filelist): Tweak 0x4531.
--
Actually the certificate has no encryption usage but we should also
tell that via KEYINFO so that this key is never tried to create an
encryption certificate.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ...
(parse_keyref): new.
(do_readcert): Use new function instead of partly duplicated code.
Make detection of keygrip more robust.
(do_readkey): Make detection of keygrip more robust.
(do_with_keygrip): Use get_nks_tag.
--
Also added a couple of comments.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-nks.c (find_fid_by_keyref): Disable the cache for now.
(readcert_from_ef): Considere an all zero certificate as not found.
(do_sign): Support ECC and the ESIGN application.
--
This allows me to create qualified signatures using my Telesec card.
There is of course more work to do but this is the first step.
Note: The design of the FID cache needs to be reconsidered. Until
that the lookup here has been disabled. The do_sign code should be
revamped to be similar to what we do in app-p15.
GnuPG-bug-id: 5219, 4938
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/export.c (do_export_stream): Merge the key to get the properties
ready.
--
This makes
gpg --export --export-filter 'drop-subkey=usage=~a'
(Export all subkeys but those with the auth usage)
work without using the workaound of adding
--export-options export-clean
|
| |
|
|
|
|
|
|
|
| |
* agent/findkey.c (prompt_for_card): Add "Prompt" field handling.
--
GnuPG-bug-id: 5987
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (public_key_from_file): Support "Use-for-ssh"
when it's in extended format.
--
GnuPG-bug-id: 5985
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (agent_ssh_key_from_file): New.
* agent/command-ssh.c (get_ssh_keyinfo_on_cards): New.
(ssh_send_available_keys): Loop on the GNUPG_PRIVATE_KEYS_DIR.
Support keys by agent_ssh_key_from_file.
(ssh_handler_request_identities): Move card key handling to
ssh_send_available_keys.
* agent/findkey.c (public_key_from_file): New. Adding handling
for SSH.
(agent_public_key_from_file): Use public_key_from_file.
(agent_ssh_key_from_file): New.
--
GnuPG-bug-id: 5996
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/command.c (get_keyinfo_on_cards): Make it static. Don't
return bogus value on error. Return NULL when scdaemon is disabled.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (struct card_key_info_s): Add USAGE field.
* agent/call-scd.c (card_keyinfo_cb): Parse USAGE field.
Allow optional SERIALNO, IDSTR, and USAGE fields.
Fix releasing on possible allocation error.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (hlp_keyinfo): Update.
(send_keyinfo): Add a USAGE argument.
* scd/scdaemon.h (send_keyinfo): Add a USAGE argument.
* scd/app-nks.c (set_usage_string): New.
(do_learn_status_core, do_readkey): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/app-openpgp.c (get_usage_string): New.
(send_keypair_info): Use get_usage_string.
(send_keyinfo_if_available): Add USAGE to call send_keyinfo,
using get_usage_string.
* scd/app-p15.c (set_usage_string): New.
(send_keypairinfo): Use set_usage_string.
(do_with_keygrip): Add USAGE to call send_keyinfo,
using set_usage_string.
* scd/app-piv.c (do_with_keygrip): Add USAGE to call send_keyinfo.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* scd/app-piv.c (do_readkey): Use "-" for usage when not available.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
and assuan_end_confidential, and wipe the memory after use.
* agent/command.c (cmd_preset_passphrase): Likewise.
(cmd_put_secret): Likewise.
* scd/command.c (pin_cb): Likewise.
--
GnuPG-bug-id: 5977
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* agent/command.c (send_back_passphrase): Fix.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/command.c (cmd_readcert): Select by KEYGRIP.
--
GnuPG-bug-id: 6003
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_handler_request_identities): Don't release
KEY_PUBLIC too early.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_send_available_keys): New.
(ssh_handler_request_identities): Use ssh_send_available_keys.
--
GnuPG-bug-id: 5985
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (prompt_for_card): Use "Label:" field.
(agent_key_from_file): Use KEYMETA.
--
GnuPG-bug-id: 5986
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API.
(divert_pksign, divert_pkdecrypt): Likewise.
* agent/divert-scd.c (ask_for_card): Remove.
(divert_pksign, divert_pkdecrypt): Don't call ask_for_card.
* agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt):
Remove DESC_TEXT argument.
* agent/findkey.c (prompt_for_card): New (was: ask_for_card).
(agent_key_from_file): Call prompt_for_card when it's a key
on card.
* agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API.
* agent/pksign.c (agent_pksign_do): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/findkey.c (agent_key_from_file): Support "Confirm:".
--
GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (agent_key_from_file): Change the semantics of
GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH.
* agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL.
* agent/pksign.c (agent_pksign_do): Likewise.
--
GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (apdu_dev_list_start): Initialize NREADER.
--
Reported-by: Ludovic Rousseau
GnuPG-bug-id: 5979
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (parse_algorithm_attribute): Return the error.
(change_keyattr): Follow the change.
(app_select_openpgp): Handle the error of parse_algorithm_attribute.
--
This change allows following invocation of app_select_openpgp, which
may work well (if the problem is device side for initial connection).
GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
--
BTW, we should add a function to read out the entire table so that you
can ask scdaemon for that list. iirc, Kleopatra still uses a copy of
the table.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (EHOSTUNREACH, EAFNOSUPPORT): Define when not
available.
[HTTP_USE_GNUTLS] (my_gnutls_read): Use recv for Windows.
[HTTP_USE_GNUTLS] (my_gnutls_write): Use send for Windows.
--
Reported-by: Eli Zaretskii
GnuPG-bug-id: 5899
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/tests.scm (in-objdir): Move from...
* g13/all-tests.scm: ... here.
* tests/openpgp/all-tests.scm (keyboxd-enabled?): New.
(tests): Enable when keyboxd-enabled?.
--
GnuPG-bug-id: 5966
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app-p15.c (any_control_or_space_mem): New.
(get_dispserialno): Add new code.
--
This works with my test cards and now reflects what's printed on the
front matter of the card.
|
| |
|
|
|
|
|
|
|
| |
* scd/app-p15.c (any_control_or_space): Fix loop.
--
This check is only done to avoid printing wrongly encoded S/N for
human consumption.
e
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (parse_algorithm_attribute): Skip possibly bogus
octet in a key attribute.
--
GnuPG-bug-id: 5963
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
object has no length info. Add debug output when reading a cert.
(read_p15_info): No more need to disable extended mode for GeNUA cards.
|
| |
|
|
|
|
|
|
|
|
| |
* scd/scdaemon.c (debug_flags): Add "card".
* scd/scdaemon.h (DBG_CARD_VALUE, DBG_CARD): New.
--
Some information from parsing the card are often very helpful.
However, the card_io triggered APDU dumps are in most cases too heavy.
Thus this new debug flag.
|
| |
|
|
|
|
|
| |
* common/openpgp-oid.c (get_keyalgo_string): Do not strdup NULL.
--
GnuPG-bug-id: 5963
|
| |
|
|
|
|
|
|
| |
* tests/gpgscm/ffi.c (do_chdir): Use gpg_error_from_syserror.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
