| Commit message (Collapse) | Author | Files | Lines |
|---|
|
--
|
|
* g10/keygen.c (card_write_key_to_backup_file): Fix error handing by
removing the RC variable. Add warning note.
--
GnuPG-bug-id: 2169
|
|
* g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if
PQC encryption was required or if all recipient keys are Kyber keys.
--
If --require-pqc-encryption was set, then it should be safe to always
force AES-256, without even checking if we are encrypting to Kyber keys
(if some recipients do not have Kyber keys, --require-pqc-encryption
will fail elsewhere).
Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless
the user explicitly requested another algo, in which case we assume they
know what they are doing.
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Man page entry extended
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/pubkey-enc.c (get_it): Do not error out when decrypting a session
key of less than 32 octets encrypted to a Kyber key.
--
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
|
|
--
(proofread by the debian-l10n-french team)
GnuPG-bug-id:7469
Changed original patch to use positional arguments for
"un hachage de %1$u bits n'est pa[...]"
|
|
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/app.c (report_change): Use gpgrt_spawn_actions_set_env_rev.
--
It's UTF-8 string.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* agent/call-scd.c (agent_card_pkdecrypt): Remove unused variables.
--
Fixes-commit: fe147645d2397dd77b646a253965c5994f360f26
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/keygen.c (ask_algo): Fix condition. Continue the loop when
failure.
--
Fixes-commit: e7891225788ab5f6d050a06643b1f488c227771f
GnuPG-bug-id: 7309, 7457
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/parse-packet.c (parse_signature): Increase the cap for hashed
subpackets to 30000. Print the value in the error message. Do not
return an error but skip a too long signature.
--
The limit of 10000 served us well for decades but given the option to
put a key into the signature, a larger limit will eventually be
useful. The second part makes things a bit robust against rogue
subpackets on a keyserver.
|
|
* build-aux/speedo.mk (W32VERSION): Default to 64 bit.
* build-aux/speedo/w32/inst.nsi: Remove the doc dir.
|
|
* g10/trustdb.c (validate_keys): Take care of --quiet.
--
GnuPG-bug-id: 7351
|
|
--
|
|
|
|
--
|
|
--
|
|
* agent/call-scd.c (prepare_setdata): New.
(agent_card_pksign): Use prepare_setdata for SETDATA.
(agent_card_pkdecrypt): Likewise.
--
GnuPG-bug-id: 7436
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* configure.ac (NEED_GPGRT_VERSION): Bump to 1.51.
* g10/keydb.c (internal_keydb_update_keyblock) [!USE_TOFU]: Mark an
arg unused.
* common/homedir.c (create_common_conf) [!BUILD_WITH_KEYBOXD]: Mark an
arg unused.
|
|
* common/compliance.c (get_assumed_de_vs_compliance): Also consider a
registry entry.
--
On Windows it is easier to set the registry key than to use an envvar.
|
|
Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>
|
|
--
- Follow conventions from other zh_TW user interfaces
- Use "確定" for "OK" like KDE
- Remove extra space between keyboard accelerator like in "取消(_C)"
- Follow conventions of modern zh_TW
- Character -> 字元
- 衹有 -> 「只」有
- Fix some "pinentry" translations
Sometimes it was translated as an entry of PIN codes among a list and
not the "pinentry" tool
Signed-off-by: Kisaragi Hiu <mail@kisaragi-hiu.com>
|
|
* g10/pkglue.c (pk_verify): When fixing R and S, make sure those are
copies.
--
GnuPG-bug-id: 7426
Fixing-commit: 0a5a854510fda6e6990938a3fca424df868fe676
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Also avoid clearing the error by the S code of a failed mpi_print of
R.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* common/asshelp.c (SECS_TO_WAIT_FOR_AGENT): Change from 5 to 8
seconds.
(SECS_TO_WAIT_FOR_KEYBOXD): Ditto.
(SECS_TO_WAIT_FOR_DIRMNGR): Ditto.
--
Experience on Windows showed that right after re-booting we may need
some more time to get things up.
|
|
* g10/keyid.c (extra_algo_strength_offset): New.
(compare_pubkey_string_part): Use the mapping.
--
GnuPG-bug-id: 6425
|
|
--
|
|
* scd/app.c (new_card_lock): New.
(select_application): Scanning is serialized by NEW_CARD_LOCK.
For app_new_register, we hold the W-lock.
(initialize_module): Initialize NEW_CARD_LOCK.
--
GnuPG-bug-id: 7402
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* tools/gpgconf.c (query_swdb): Parse the new minver tag.
|
|
* common/compliance.c (gnupg_pk_is_compliant) <CO_DE_VS>: Consider
Brainpool Kyber variants compliant.
(gnupg_pk_is_allowed): Ditto.
(assumed_de_vs_compliance): Remove variable.
(get_assumed_de_vs_compliance): New.
(get_compliance_cache): Use new accessor.
(gnupg_status_compliance_flag): Ditto.
--
Use
GNUPG_ASSUME_COMPLIANCE=de-vs gpg --compliance=de-vs ....
for testing. This returns 2023 instead of 23 to indicate the
non-approval state.
GnuPG-bug-id: 6638
|
|
* g10/keygen.c (get_parameter_algo): Make "KYBER" to
PUBKEY_ALGO_KYBER.
--
GnuPG-bug-id: 7397
|
|
* g10/keylist.c (list_keyblock_colon): Put the algo string into the
curve field for Kyber.
--
GnuPG-bug-id: 6638
|
|
* g10/keygen.c (PQC_STD_KEY_PARAM_PRI, PQC_STD_KEY_PARAM_SUB): New.
(PQC_STD_KEY_PARAM): Construct from above.
(gen_kyber): Allow short curve names.
(ask_algo): Add Entry for ecc+kyber.
(ask_kyber_variant): New.
(generate_keypair): Generate ECC primary and Kyber sub.
--
GnuPG-bug-id: 6638
|
|
* dirmngr/dirmngr.c (gpgconf_versions): Get and show nPth version.
--
Note that this requires nPth 1.8
|
|
* tools/gpg-mail-tube.c (mail_tube_encrypt): Fix content type for an
attached message.
--
We can't use message/rfc822 if we encrypt this message as a simple PGP
file.
|
|
* scd/app.c (send_card_and_app_list): Only handle the case with
WANTCARD=NULL.
(app_send_card_list): Follow the change.
(app_send_active_apps): Factor out the case with WANTCARD!=NULL.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/app-dinsig.c (do_readcert): Don't return directly but care about
releasing memory.
* scd/app-nks.c (readcert_from_ef): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/import.c (parse_import_options): Add a description to
only-pubkeys.
--
See gnupg-devel for a brief discussion.
|
|
* tools/gpgtar-extract.c (extract_directory): Factor parent directory
creation out to ..
(try_mkdir_p): new.
(extract_regular): Create directory on ENOENT.
* g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the
public key was not found for preference checking.
--
If tarball was created with
tar cf tarball file1.txt foo/file2.txt
the tarball has no entry for foo/ and thus the extraction fails. This
patch fixes this.
GnuPG-bug-id: 7380
The second patch avoid a wrong exist status status line due to the use
of log_error. But the actual cause needs stuill needs tobe
investigated.
|
|
* tools/gpg-mail-tube.c (mail_tube_encrypt): Rename var ct_text for
clarity. Replace debug diagnostic by log_info. Assume text/plain for
missing content-type.
--
Without this fix we would create message/rfc822 attachment instead of
a text/plain attachment with the encrypted body.
|
|
* tools/gpgtar.c (main): Do it.
--
This makes the interactive use of gpgtar more convenient and is more
aligned to what gpg and gpgsm do.
|
|
* scd/app.c (send_card_and_app_list): Avoid locking recursively.
--
Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/app.c (send_card_and_app_list): Lock the CARD.
--
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
--
This replaces our long standing wedding style prompt to something more
straight.
|
|
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--
If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage. However, it used to have that E usage when it was added.
While testing this I found another pecularity: If you do
gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error. I hesitate to fix that due to
possible side-effects.
GnuPG-bug-id: 6882
|
|
* agent/trustlist.c (istrusted_internal): When LISTMODE is enabled,
TRUSTLISTFPR status output should be done.
--
GnuPG-bug-id: 7363
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Fixes-commit: 4275d5fa7a51731544d243ba16628a9958ffe3ce
|
|
* g10/trustdb.c (validate_keys): Use log_info instead of log_error for
not found or expired UTKs.
--
Actually the not-found case used log_error for decades. The
semantically simialr expired case did thus the same. The actual
problem is for example in the import case where gpg exits with a
failure despite that a key validation was requested.
GnuPG-bug-id: 7351
|
|
* build-aux/speedo.mk (speedo_w32_cflags): Remove -mms-bitfields
because it is for a long time the gcc default. Enable control flow
protection.
--
Note that due to mingw static linking problems with libssp the stack
protector is not yet enabled.
(cherry picked from commit afe87ffc08e14317f4ef5bbe2940d07203a43808)
|
|
* sm/keylist.c (list_internal_keys): Detect write errors to the output
stream.
* sm/server.c (any_failure_printed): New var.
(gpgsm_status2): Handle new var. Move statusfp init to ...
(gpgsm_init_statusfp): new function.
(gpgsm_exit_failure_status): New.
* sm/gpgsm.c (main): Explicit statusfp init.
(gpgsm_exit): Print failure status on error.
--
Test by using
gpgsm -k >/dev/full
gpgsm -k --wit-colons >/dev/full
and also by redirecting to a file on a small partition.
GnuPG-bug-id: 6185
|
|
* agent/call-daemon.c (wait_child_thread): Call assuan_release for
PRIMARY_CTX when it's kept for reuse.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* common/compliance.c (gnupg_status_compliance_flag): Fix test.
--
In general the cache is used to query this flag but in this function
it is used directly and we need to adjust the test.
Thanks to Ingo for reporting this.
|
