| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* common/gettime.c (gnupg_get_time): It has no arguments.
* common/signal.c (gnupg_block_all_signals): Likewise.
(gnupg_unblock_all_signals): Likewise.
* common/utf8conv.c (get_native_charset): Likewise.
* g10/cpr.c (is_status_enabled, cpr_enabled): Likewise.
* g10/getkey.c (getkey_disable_caches): Likewise.
* g10/keygen.c (ask_expiredate): Likewise.
* g10/passphrase.c (have_static_passphrase): Likewise.
(get_last_passphrase): Likewise.
* g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise.
(tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise.
(tdbio_read_nextcheck): Likewise.
* g10/trustdb.c (how_to_fix_the_trustdb): Likewise.
* scd/scdaemon.c (scd_get_socket_name): Likewise.
* sm/passphrase.c (have_static_passphrase): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* sm/minip12.c (p12_parse): Set badpass flag to result in ctx.
--
Fixes-commit: a4e04375e84ecb7ea0d02e153cb27988fca4c2d0
GnuPG-bug-id: 5713, 6037
|
|
This reverts commit 8e63e813c7404e1dae1def98e0f45d148f71082d.
The change broke adding existing ECDH encryption subkeys to a key.
GnuPG-bug-id: 5555
|
|
* agent/gpg-agent.c (main): Print an error message if no-autostart is
set in common.conf.
|
|
* g10/packet.h (PUBKEY_USAGE_RENC): New.
(PUBKEY_USAGE_TIME): New.
(PUBKEY_USAGE_GROUP): New.
* g10/getkey.c (parse_key_usage): Set the new key flags.
* g10/keyedit.c (show_key_with_all_names_colon): Show the new key
flags.
* g10/keyid.c (usagestr_from_pk): Ditto
* g10/keylist.c (print_capabilities): Ditto.
* g10/keygen.c (parse_usagestr): Parse line and set new flags.
(quickgen_set_para): Show flags.
--
See draft-koch-openpgp-2015-rfc4880bis-00 for the current version.
Actually these flags have been in the draft for years now. This patch
is a first step to make use of them.
|
|
* tools/gpg-auth.c (getpin): Use comment.
(inq_needpin): Support "POPUPPINPADPROMPT" protocol response.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* common/ssh-utils.c (ssh_public_key_in_base64): Use standard name for
ECC curve.
--
See oidtable in common/openpgp-oid.c.
Fixes-commit: 8e650dbd48fa5fde6d8f08154e6a892d495e9227
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* tools/gpg-auth.c (authenticate): Put key_list->comment to assuan
user's pointer.
(getpin): Show SSH key comment if any.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* tools/gpg-auth.c (my_strusage): Fix usage string.
(main): Use gpg-agent to get scdaemon socket.
(authenticate): Return GPG_ERR_NOT_FOUND when no success.
(ga_scd_connect): Use DBG_IPC.
(inq_needpin): Change API for getpin.
(put_second_field_cb): New, to get the second field.
(scd_get_pubkey): Use put_second_field_cb.
(ga_filter_by_authorized_keys): Put NULL at the PREV->next.
(getpin): Flush the standard output.
Include the last terminating NUL.
Return the length.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* tools/Makefile.am (bin_PROGRAMS): Add gpg-auth.
(gpg_auth_SOURCES, gpg_auth_LDADD):
* tools/gpg-auth.c: New.
--
GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* common/name-value.c (nvc_first): Allow for NULL arg.
(nvc_lookup): Allow for PK being NULL.
--
GnuPG-bug-id: 6176
|
|
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs:
* dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* dirmngr/certcache.c (put_cert): Handle the option.
|
|
* dirmngr/certcache.c (put_cert): When PERMANENT, reject the
certificate which is obviously invalid.
--
With this change, invalid certificates from system won't be registered
into cache. Then, an intermediate certificate which is issued by an
entity certified by such an invalid certificate will be also rejected
with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache,
it helps the validate_cert_chain function work better.
GnuPG-bug-id: 6142
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/ccid-driver.c (ccid_open_usb_reader): Name the thread.
(ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap
blocking operations by npth_unprotect/npth_protect.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/ccid-driver.c (USE_LIBUSB_DEBUG_CB): New const.
(debug_libusb_cb): new.
(ccid_set_debug_level): Use it.
--
This allows to see the libusb log in our usual debug output. For this
the option debug-ccid-driver needs to be given 5 or more times.
|
|
* common/comopt.c (opts): Add "no-autostart".
(parse_comopt): Set it.
* common/comopt.h (comopt): Add no_autostart.
* g10/gpg.c (main): Take care of the new option.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add.
(main): Parse common options and handle new option.
* tools/gpg-card.c (main): Ditto.
(cmd_yubikey): Fix minor error reporting issue.
* common/util.h (GNUPG_MODULE_NAME_CARD): New const.
* common/homedir.c (gnupg_module_name): Support it.
--
Having a global option makes it easier to use disable autostart on a
server which is required to use a remote gpg-agent reliable.
|
|
* dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add NTBTLS.
--
This fixes the build in case every lib is installed into its
own prefix.
|
|
* g10/card-util.c (current_card_status): Use ascii_strcasecmp.
|
|
--
|
|
* g10/keygen.c (keygen_set_std_prefs): Allow extra spaces before
preference elements. Detect the bracketed versions of the strings.
Ignore "aead".
--
This allows to c+p the list shown by pref with out remove the
brackets.
|
|
* agent/command.c (do_one_keyinfo): New arg need_Attr.
(cmd_keyinfo): New option --need-attr.
* agent/findkey.c (public_key_from_file): Use nvc_get_boolean.
--
This option makes it easier to list keys suitable only for certain
purposes.
The second patch makes if compliant to the description in
keyformat.txt
|
|
* common/name-value.c (nvc_get_boolean): New.
|
|
* g10/keyedit.c (keyedit_quick_set_primary): Issue a status error.
--
This allows GpgME to detect and report a failure if setting the primary
user ID of a key failed.
GnuPG-bug-id: 6126
|
|
* g10/keyedit.c (find_userid_by_namehash, find_userid): Add argument
want_valid. Skip invalid user IDs if valid is wanted.
(keyedit_quick_revuid): Ask find_userid() for any matching user ID.
(keyedit_quick_set_primary): Use find_userid() to find the user ID to
mark as primary.
* tests/openpgp/quick-key-manipulation.scm: Change second call of the
quick-set-primary-uid test to specify the user ID by its hash.
--
This makes it possible to specify the user ID to mark as primary via its
UID hash when calling --quick-set-primary-uid.
GnuPG-bug-id: 6126
|
|
* g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE.
--
GnuPG-bug-id: 6122
|
|
* common/sysutils.c (gnupg_allow_set_foregound_window): Print warning
only with debug flag set.
|
|
* dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
|
|
* tools/gpgconf.c (show_registry_entries_from_file): New.
(show_configs): Call it.
* doc/examples/gpgconf.rnames: New.
* doc/Makefile.am (examples): Add it.
|
|
--
|
|
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.
* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
--
The original check was too strong because it is in fact compliant to
encrypt with a symmetric key and and public key. Thus decryption
should issue a compliance status.
In addition we now check that the cipher algorithms used to
symmetrically encrypt the session key are all compliant. This is
similar to our check for all public key encrypted session key packets.
GnuPG-bug-id: 6119
Fixes-commit: b03fab09e188f7bb10237d4f20455e4026737e4e
Backported from 2.2
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and
change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key. Indicate whether the HKLM fallback was used.
--
Note that this is backport from 2.2. The new support there for
REG_DWORD needs to be implemented in libgpg-error, though.
|
|
* Makefile.am (all-local): Install missing symlinks.
--
GnuPG-bug-id: 6052
|
|
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): Map ECC to ECDSA
which is similar to what we do at opther places in gpg.
--
GnuPG-bug-id: 5555
|
|
--
|
|
* g10/pkclist.c (select_algo_from_prefs): Change implicit hash
algorithm.
--
GnuPG-bug-id: 6043
|
|
--
|
|
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--
Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <pbreuch@mail.upb.de>
GnuPG-bug-id: 6098
|
|
--
GnuPG-bug-id: 6052
|
|
--
GnuPG-bug-id: 6092
|
|
* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.
|
|
* gpg-error.m4: Update from libgpg-error.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* build-aux/config.guess: Update from upstream.
* build-aux/config.sub: Ditto.
* build-aux/config.rpath: Update from gettext 0.21.
--
GnuPG-bug-id: 6078
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case
of firmware 5.4, too.
--
GnuPG-bug-id: 6070
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
--
|
|
|
|
--
|
|
* g10/keyserver.c (keyserver_refresh): Use ngettext.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
--
These changes are helpful for phone support.
|
|
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
