| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (PQC_STD_KEY_PARAM): New.
(quickgen_set_para): Always store the provided NBITS.
(parse_key_parameter_string): Detect the special value "pqc".
(quick_generate_keypair): Ditto.
--
With this change we can finally do a
gpg --quick-gen-key --batch --passphrase='' foo@example.org pqc
and get a full key. Currently with a brainpoolp386r1 primary key and
a Kyber768_brainpoolp256 subkey.
|
| |
|
|
|
|
|
|
|
| |
* g10/getkey.c (lookup): Skip keys with unknown algos.
--
If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out. Thus decryption of proper
messages was not possible. This fix skips such secret keys.
|
| |
|
|
|
|
|
|
| |
* tools/gpg-authcode-sign.sh: Return on HTTP status 500
--
We have seen timestamping failures after signing some file using
GlobalSign certs.
|
| |
|
|
|
|
|
|
| |
* agent/call-daemon.c (struct daemon_local_s): Remove G field.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-daemon.c (daemon_start): Decision of connection/reuse of
CTX and assignment to ->ctx should be done with the lock.
--
When scdaemon is exiting and agent tries to spawn/connect/reconnect,
there is a race condition between detecting finish of scd and
spawn/connect/reconnect.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
| |
* agent/call-scd.c (handle_pincache_put): Use log_debug only in cache
debug mode.
|
| |
|
|
|
|
|
|
|
| |
* common/exectool.c (gnupg_exec_tool_stream): 64-bit Windows is LLP64.
--
GnuPG-bug-id: 7139
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--
GnuPG-bug-id: 6882
|
| |
|
|
|
|
| |
* g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New.
* g10/getkey.c (merge_selfsigs_subkey): Mask the default.
(merge_selfsigs_main): Ditto.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--
Designated revokers were only printed in --with-colons mode. For
quick inspection of a key it is useful to see them right away.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--
The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.
GnuPG-bug-id: 7133
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove. It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--
The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.
|
| |
|
|
|
|
| |
--
The fprint is too uncommon in our code base and to similar to fprintf.
|
| |
|
|
|
|
|
|
|
|
| |
* common/exectool.c (gnupg_exec_tool_stream): On Windows, it's
HANDLE which a child process inherits.
--
GnuPG-bug-id: 7139
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new. Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--
GnuPG-bug-id: 6882
|
| |
|
|
|
|
|
|
| |
* common/strlist.c (append_to_strlist_try): Factor code out to ...
(do_append_to_strlist): new.
(tokenize_to_strlist): New.
* common/t-strlist.c (test_tokenize_to_strlist): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
--
These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.
With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.
GnuPG-bug-id: 7116
|
| |
|
|
|
| |
* g13/be-encfs.c (run_umount_helper): Adjust gnupg_process_spawn.
(run_encfs_tool): Ditto:
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/exechelp-posix.c (call_spawn_cb): Remove.
(gnupg_spawn_actions_new, gnupg_spawn_actions_release)
(gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork)
(gnupg_spawn_actions_set_redirect)
(gnupg_spawn_actions_set_inherit_fds): New.
(my_exec, spawn_detached): Use spawn actions.
(gnupg_spawn_helper): Remove.
(gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions.
* common/exechelp-w32.c: Ditto.
* common/exechelp.h: Ditto.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change of
gnupg_process_spawn API.
* common/asshelp.c (start_new_service): Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* common/t-exechelp.c (test_pipe_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Likewise.
* scd/app.c (report_change): Likewise.
* tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd):
Likewise.
* tools/gpg-card.c (cmd_gpg): Likewise.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise.
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* src/exechelp-posix.c (gnupg_process_release): When NOT terminated,
terminate and wait.
* src/exechelp-w32.c (gnupg_process_release): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* m4/ksba.m4: Update from its master.
* m4/libassuan.m4: Ditto.
* m4/libgcrypt.m4: Ditto.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* tools/gpg-auth.c (ssh_authorized_keys): Move free after printing error
message.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
|
| |
|
|
|
|
|
|
|
|
|
| |
* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.
--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
|
| |
|
|
|
|
|
|
|
|
| |
* sm/keydb.c (keydb_search): Init skipped.
--
Skipped is not actually used.
This is part of
GnuPG-bug-id: 7129
Reported-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (apdu_dev_list_start): Fix end condition.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
Fixes-commit: e8534f899915a039610973a84042cbe25a5e7ce2
|
| |
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
|
| |
|
|
|
|
|
|
|
|
| |
* agent/call-scd.c (handle_pincache_get): Set PIN to NULL. Also add
DBG_CACHE conditionals and don't return the pin in the debug output.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/genkey.c (store_key): Clear ERR on success.
--
This fixes a real problem which might let ephemeral store mode fail
randomly.
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
* tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case
the loop is never run.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (card_store_key_with_backup): Avoid double free and
simplify error handling.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tpm2d/command.c (cmd_pkdecrypt): Handle unknown algo. Also slightly
rework error handling.
* tpm2d/tpm2.c (sexp_to_tpm2_public_ecc): Check length before checking
for 0x04. Rework error handling.
(tpm2_ObjectPublic_GetName): Check the return value of
TSS_GetDigestSize before use. Erro handling rework.
(tpm2_SensitiveToDuplicate): Ditto.
(tpm2_import_key): Ditto.
* tpm2d/intel-tss.h (TSS_Hash_Generate): Check passed length for
negative values. Check return value of TSS_GetDigestSize. Use
dedicated 16 bit length variable.
--
These are reworked and improved fixes as reported in
GnuPG-bug-id: 7129
|
| |
|
|
|
| |
* tpm2d/intel-tss.h (TSS_Create): Replace fprintf logging by
log_error.
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Fixed conflicts in:
NEWS
g10/call-agent.c
g10/options.h
kbx/kbxutil.c
tools/gpgconf.c
|
| | |
| |
| |
| |
| | |
* tools/gpg-card.h (opt): Make gpg_program, gpgsm_program, and
agent_program const.
|
| | |
| |
| |
| |
| | |
* kbx/kbxutil.c (main): Use setup_libgcrypt_logging.
(my_gcry_logger): Remove.
|
| | |
| |
| |
| |
| |
| |
| | |
--
Although it is largely outdated, it does not harm too much.
GnuPG-bug-id: 7120
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.
--
Cherry-pick master commit of:
35ef87d8d9db42c3077996317781986a692552cc
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/armor.c (radix64_read): Detect the end of armor when
there is no CRC24 checksum.
--
Cherry-pick master commit of:
3a344d6236521d768793e8b34a96a18ce13bab0e
GnuPG-bug-id: 7071
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| | |
* tests/asschk.c (eval_boolean): s/true/tru/
--
GnuPG-bug-is: 7093
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".
* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--
Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
|
| | |
| |
| |
| |
| |
| |
| | |
* g10/gpg.c (aQuickSetOwnertrust): New.
(opts): Add new command.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_set_ownertrust): New.
|
| | |
| |
| |
| |
| |
| |
| | |
* agent/command.c (cmd_readkey): Jump to leave on reading error.
--
Fixes-commit: d7a3c455c5e29b19b66772f86dda925064e34896
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (agent_probe_any_secret_key): Act on --quiet.
--
When using the extra-socket this disagnostic will be printed because a
listing of all secret keys is not allowed by a remote gpg.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (print_key_flags): Print "RENC" if set.
(ask_key_flags_with_mask): Remove RENC from the possible set of
usages. Add a direct way to set it iff the key is encryption capable.
--
This could be done by using "set your own capabilities" for an RSA
key. In fact it was always set in this case.
GnuPG-bug-id: 7072
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* tools/gpgconf.c (list_dirs): Change the config mode output.
(my_copy_file): Adjust output for org-mode style.
(show_configs_one_file): Ditto.
(show_other_registry_entries): Ditto.
(show_registry_entries_from_file): Ditto.
(show_configs): Ditto.
|
| | |
| |
| |
| |
| |
| | |
* tools/gpgconf.c (list_dirs): Rename arg from special to
show_config_mode. Add "S.Uiserver" test and test existsing files for
readability.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--
GnuPG-bug-id: 7042
Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
|
