* tests/openpgp/fake-pinentry.c (parse_pinentry_user_data): New.
(main): Don't use PINENTRY_USER_DATA env var.
--
Since environment variable is unreliable, use the option only.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/fake-pinentry.c (main): Override PINENTRY_USER_DATA,
by the option.
--
In the Assuan implementation for Windows, spawn function doesn't call
the atfork callback. Thus, the environment variable is not updated by
gpg-agent when it spawns pinentry. Reliable way is the interaction
to override the option.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/defs.scm [*win32*]: Use --build-prefix option.
--
On the semihosted environment, output of simple gpgconf
--list-components includes drive name (like Z:), which results failure
of command invocation. This is a workaround.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sysutils.c (gnupg_unsetenv): Don't use nonstandard extension
of "NAME", but "NAME=".
--
Microsoft implementation of putenv works to remove an environment
variable by "NAME=".
POSIX doesn't say that putenv with "NAME=" has same effect. GNU
implementation doesn't support this way for removal of environment
variable.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-wks.h (opt): Add add_revocs.
* tools/wks-util.c (wks_get_key): Add arg 'binary'.
(wks_armor_key): New.
(wks_find_add_revocs): New.
(wks_cmd_install_key): Get key in binary mode and add revocations if
enabled.
* tools/gpg-wks-client.c (oAddRevocs): New.
(opts): Add --add-revocs.
(parse_arguments): Set option,
(command_send): Get key in binary mode, add revocations if enabled,
and explictly armor key. Remove kludge to skip the Content-type line
in no_encrypt mode.
(mirror_one_keys_userid): Always filter the key to get rid of the
armor as received from dirmngr. Add revocations from the local
keyring.
--
Note that this also fixes an oddity of the new mirror command which
used to store the keys armored as received from dirmngr.
* g10/mainproc.c (proc_encrypted): Set complaince_de_vs also if
require-compliance is set.
--
Without this fix require-compliance would fail if no --status-fd was
used.
* g10/gpg.c (oListFilter): New.
(opts): Add --list-filter.
(main): Parse oListFilter.
* g10/keylist.c: Include init.h and recsel.h.
(struct list_filter_s, list_filter): New.
(release_list_filter): New.
(cleanup_keylist_globals): New.
(parse_and_set_list_filter): New.
(list_keyblock): Implement --list-filter type "select".
* g10/import.c (impex_filter_getval): Add scope support and new
property names "key-size", "algostr", "origin", "lastupd", and "url".
--
This option is pretty useful to select keys based on their properties.
The scope thing can be sued to limit a selection to just the primary
key or to subkeys. For example:
gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519'
Lists all non-revoked keys with an ed25519 (signing)-subkey.
* tests/migrations/from-classic.scm (assert-migrated): Handle the case
on Windows.
--
Forward port from 2.2 branch of:
754175a46d3bc34e9ef8098dbd05abdfd61ada64
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/gpgscm/ffi.c (do_get_temp_path): Remove the last backslash.
--
Forward port from 2.2 branch of:
9a75460652d6055983930e80e022396f613ed6f7
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/gpgscm/tests.scm (open-log-file): Keep the log file in objdir.
--
Forward port from 2.2 branch of:
1c88104a3f00f7ca3790fbaab8f67b2b68cd6e18
Before the change, it is at ephemeral temp directory which is removed.
This is not useful at all. Possibly, it was done before the introduce
of ephemeral temp directory for each test and not changed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/issue2941.scm: Use 233.
--
Forward port from 2.2 branch of:
43722438a826e1a162723a23452018ccf1b640ec
On Windows machine (emulated by Wine), 23 may be valid value for
handle.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/sysutils.c (gnupg_tmpfile): Use different value for next
attempt.
--
The resolution of system timer is typically in the range of 10
milliseconds to 16 milliseconds. Thus, before the change, it may
fail. Actually, it failed with Wine emulation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (pcsc_send_apdu) [DBG_CARD_IO]: Detect and redact a
VERIFY.
(send_apdu_ccid): Ditto.
--
This should handle the most common case.
GnuPG-bug-id: 5085
* sm/keylist.c (print_capabilities): Add arg algo and use it to check
for ECC capabilities.
(list_cert_colon): Call with algo.
--
This will mark certificates with only keyAgreement usage correctly in
the --with-colons listing.
* dirmngr/crlcache.c (finish_sig_check): Use raw value for the data.
--
This had the usual signed/unsigned problem. By using the modern form
we enforce Libgcrypt internal parsing as unsigned integer.
* g10/gpg.c (aQuickUpdatePref): New.
(opts): Add --quick-update-pref.
(main): Implement.
* g10/keyedit.c (keyedit_quick_update_pref): New.
(menu_set_preferences): Add arg 'unattended' and adjust caller.
--
This new quick command is in particular useful to update existing keys
so that they can be used with OCB mode.
* g10/armor.c (is_armored): Add PKT_ENCRYPTED_AEAD.
--
With this fix it is now possible to feed a vanilla packet of type 20
without first forcing gpg to assume binary mode.
* tests/openpgp/decrypt-sym.scm: New.
* tests/openpgp/samplemsgs/enc-sym-cfb-1.asc: New.
* tests/openpgp/samplemsgs/enc-sym-cfb-2.asc: New.
* tests/openpgp/samplemsgs/enc-sym-ocb-1.asc: New.
* tests/openpgp/samplemsgs/enc-sym-ocb-2.asc: New.
--
It's time to have some OCB tests in our suite so that we don't forget
to run the tests from our RNP interop tests. Also adds new tests for
CFB messages.
* agent/command-ssh.c (card_key_available): Replace blanks.
--
For managing the authorized_key file of ssh it is convenient if the
comment does not have any spaces. Thus we now return
cardno:FFFE_50FF3D01
instead of
cardno:FFFE 50FF3D01
Note that gpg --export-ssh-key uses the keyid as comment because it
does not known the S/N of the card. Gpg-agent however does not know
about OpenPGP and uses the s/n.
* g10/gpg.c (oRFC4880bis): Remove.
(opts): Make --rfc4880bis a Noop.
(compliance_options): Make rfc4880bis to gnupg.
(set_compliance_option): Remove rfc4880bis stuff.
(main): Ditto. Note that this now activates the --mimemode option.
* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection.
(keygen_upd_std_prefs): Always announce support for v5 keys.
(read_parameter_file): Activate the v4 and v5 keywords.
--
* g10/gpg.c (opts): New option--force-ocb as alias for force-aead.
Turn --aead-algo and --personal-aead-preferences into dummy options.
(build_list_md_test_algo, build_list_aead_algo_name): Remove.
(my_strusage): Remove output of AEAD algos.
(main): Remove code from the --aead options.
* g10/encrypt.c (encrypt_seskey): Make file local.
(use_aead): Remove requirement for rfc4880bis. Always return
AEAD_ALGO_OCB.
* g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro.
* g10/misc.c (default_aead_algo): Remove.
* g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0.
(select_algo_from_prefs): Remove personal AEAD algo setting.
* g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option
parsing.
* g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs.
--
Due to the meanwhile expired patent on OCB there is no more reason for
using EAX. Thus we forcefully use OCB if the AEAD feature flag is set
on a key.
* g10/gpg.c (oCompatibilityFlags): New.
(opts): Add option.
(compatibility_flags): New list.
(main): Set flags and print help.
* g10/options.h (opt): Add field compatibility_flags.
--
No flags are yet defined but it is good to have the framework.
* g10/kbnode.c (new_kbnode2): New.
* g10/import.c (delete_inv_parts): New arg r_otherrevsigs to store
misplaced revocations.
(import_revoke_cert): Allow to pass an entire list.
(import_one): Import revocations found by delete_inv_parts.
--
It might be useful to distribute revocations of old keys along with
new keys. This is in particicualrr useful for WKD stored keys. This
patch allows to put unrelated standalone revocations into a key. For
example they can simply appended to a keyblock. Right now it is a bit
inaesthetic to see diagnostics about misplaced or bad revocation
signatures.
* agent/command.c (cmd_keyattr): Reject when disabled extended key
format. Handle the case when key is in non-extended format.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>