* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
does not distinguish the detail.
(do_unprotect, convert_from_openpgp_main): Don't call
map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
not the value defined by OpenPGP.
(convert_to_openpgp): It's "ecc".
* agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
* g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
* g10/pubkey-enc.c (get_it): Fix swapping the fields error.
* agent/gpg-agent.c (main): Make sure homedir is absolute.
* common/asshelp.c (lock_spawning): Create lock file with an absolute
name.
(start_new_gpg_agent): Use an absolute name for the socket and pass
option --homedir to the agent.
(start_new_dirmngr): Use an absolute name for the --homedir.
--
This patch makes gpg's --homedir option behave again like in older
versions. This is done by starting a new agent for each different
home directory. Note that this assumes --use-standard-socket is used
which is the default for 2.1.
* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.
--
Note that GUIs may use the gpg status line
[GNUPG:] ERROR check_hijacking 33554509
to detect this and print an appropriate warning.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--
This makes is possible to extract all photos ids from a key to
different files.
* common/estream.c (es_freopen): Remove useless check for STREAM.
* kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
for BLOB.
* tools/sockprox.c (run_proxy): Do not fclose(NULL).
--
Found by Hans-Christoph Steiner with cppcheck.
* agent/cvt-openpgp.c (convert_to_openpgp): Fix use
gcry_sexp_extract_param.
* g10/export.c (do_export_stream): Provide a proper prompt to the
agent.
--
NB: The export needs more work, in particular the ECC algorithms.
* g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings.
* g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
(FORMAT_KEYDESC_EXPORT): New. Use them for clarity.
--
The use of the term "certificate" was more confusing than helpful.
* scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
(struct app_local_s): Add eddsa.
(get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
(get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
(send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
(build_ecc_privkey_template): Rename as it supports both of
ECDSA and EdDSA.
(ecc_writekey): Rename. Support CURVE_ED25519, too.
(do_writekey): Follow the change of ecc_writekey.
(do_auth): Support KEY_TYPE_EDDSA.
(parse_ecc_curve): Support CURVE_ED25519. Bug fix for other curves.
(parse_algorithm_attribute): Bug fix for ECDH. Support EdDSA.
* common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
* dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
(time_for_housekeeping_p): new.
--
I am not sure whether that y2038 hack is really useful but it might
make me smile in my retirement.
* agent/command-ssh.c (ssh_read_key_public_from_blob): Use
es_fopenmem.
(ssh_handler_request_identities): Ditto.
(ssh_request_process): Ditto.
--
es_fopenmem is easier to understand than the more general function
es_mopen. Thus we better use the former for clarity.
* agent/command-ssh.c (ssh_key_type_spec): Add field name.
(ssh_key_types): Add human readable names.
(add_control_entry): Add arg SPEC and print key type as comment.
(ssh_identity_register): Add arg SPEC.
(ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key.
* agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New.
(ssh_key_types): Add entry for ssh-ed25519.
(ssh_identifier_from_curve_name): Move to the top.
(stream_read_skip): New.
(stream_read_blob): New.
(ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move
the s-exp parsing to here.
(ssh_signature_encoder_dsa): Ditto.
(ssh_signature_encoder_ecdsa): Ditto.
(ssh_signature_encoder_eddsa): New.
(sexp_key_construct): Rewrite.
(ssh_key_extract): Rename to ...
(ssh_key_to_blob): .. this and rewrite most of it.
(ssh_receive_key): Add case for EdDSA.
(ssh_convert_key_to_blob, key_secret_to_public): Remove.
(ssh_send_key_public): Rewrite.
(ssh_handler_request_identities): Simplify.
(data_sign): Add rename args. Add new args HASH and HASHLEN. Make
use of es_fopenmen and es_fclose_snatch. Remove parsing into MPIs
which is now doe in the sgnature encoder functions.
(ssh_handler_sign_request): Take care of Ed25519.
(ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string.
--
To make the code easier readable most of the Ed25591 work has been
done using a new explicit code path. Warning: Libgcrypt 1.6.1 uses a
non optimized implementation for Ed25519 and timing attacks might be
possible.
While working on the code I realized that it could need more rework;
it is at some places quite baroque and more complicated than needed.
Given that we require Libgcrypt 1.6 anyway, we should make more use of
modern Libgcrypt functions.
* dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New.
(housekeeping_thread): New.
(handle_tick): Call new function.
* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New.
(struct hostinfo_s): Add field died_at and set it along with the dead
flag.
(ks_hkp_print_hosttable): Print that info.
(ks_hkp_housekeeping): New.
--
The resurrection gives the host a chance to get back to life the next
time a new host is selected.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
* g10/keyserver.c (keyserver_import_name): Implement.
(keyserver_get): Use exact mode for name based import.
(keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers.
* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg. Adjust all users. Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.
--
It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key. This is helpful if
the keyserver is actually a pool of keyservers. This patch does this.
* dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity.
(ks_action_search, ks_action_put): Ditto.
(ks_action_get): Consult only the first server which retruned some
data.
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New.
(map_host): Add arg CTRL and call dirmngr_tick.
(make_host_part): Add arg CTRL.
(mark_host_dead): Allow the use of an URL.
(handle_send_request_error): New.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on
error.
* dirmngr/server.c (cmd_killdirmngr): Factor some code out to ...
(check_owner_permission): here.
(cmd_keyserver): Add options --dead and --alive.
* dirmngr/ks-engine-hkp.c (host_in_pool_p): New.
(ks_hkp_mark_host): New.
--
Also removed the warning that the widnows part has not yet been done.
AFAICS, the current mingw supports the all used socket functions.
* m4/readline.m4: Set gnupg_cv_have_readline.
* configure.ac: Add readline support to summary output.
--
Readline is an optional feature which is build if the readline
development files are available on the build systems. Too often they
are missing on a (new) build machine which at least makes debugging
inconvenient.
Backport useful code from fixes for bug 1447.
* configure.ac: Cehck for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
--
We do not have keyserver helpers anymore but this fixes may come handy
eventually.
* configure.ac: Cehck for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
--
We do not have keyserver helpers anymore but this fixes may come handy
eventually.
* scd/apdu.c (new_reader_slot): Acquire lock.
(open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, open_rapdu_reader): Release lock.
(lock_slot, trylock_slot, unlock_slot): Move more to the top.
--
Fixes a test case of:
No libpcsclite1 installed.
Run gpg-agent
Run command "gpg-connect-agent learn /bye" with no card/token
Sometimes it fails: ERR 100663356 Not supported <SCD>
While it should be always: ERR 100663404 Card error <SCD>
(cherry picked from commit 4f557cb9c2ebe274d6aacc60a09cd919055d01ed)
Resolved conflicts:
scd/apdu.c: pth/npth changes. Move lock helpers to the top.
Take care of removed pcsc_no_service.