* dirmngr/dns.c (dns_res_stub): Fix RESCONF usage.
--
Note that this is dead code. It is for making a static analyzer happy.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum
conversion.
* dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from
int to float.
* sm/gpgsm.c (parse_keyserver_line): Initialize ERR.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid. Delay setting of homedir until the new
chuid is done.
* sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
done.
* tools/gpg-card.c (oChUid): New.
(opts): Add --chuid.
(changeuser): New helper var.
(main): Implement --chuid.
* tools/gpg-connect-agent.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (open_ccid_reader): Add arg r_cciderr.
(apdu_open_reader): Print a note on EPERM of the USB device.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
* scd/apdu.h: New SW_HOST error codes.
* scd/apdu.c (host_sw_string): Print them
* scd/ccid-driver.c (map_libusb_error): New.
(ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
* scd/iso7816.c (map_sw): Map new codes to gpg-error.
--
This change will help to get low level error conditions from hipher
application code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_sethash): Add option --pss and allow for
--hash=null.
* agent/agent.h (struct server_control_s): Add digest.is_pss and
zero where needed.
* agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
* scd/command.c (cmd_pksign): Add for --hash=none.
--
This is not a full implementaion of PSS but allows scdaemon card
drivers to detect already PSS formatted data.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.h (fpr20_from_pk): New.
* g10/keyid.c (fpr20_from_pk): New.
* g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk.
* g10/trustdb.c (keyid_from_fpr20): New.
(verify_own_keys): Use keyid_from_fpr20.
(tdb_update_ownertrust): Use fpr20_from_pk.
(update_min_ownertrust): Likewise.
(update_validity): Likewise.
--
For the compatibility of existing implementation, we keep the format
of trustdb untouched. The format of trustdb uses 20-byte fingerprint
for the trust record entry. To handle both of v4key (with 20-byte
fingerprint) and v5 key (with 32-byte fingerprint), we introduce FPR20
fingerprint, internally. For v4key, FPR20 is as same as v4
fingerprint. For v5key, FPR20 is constructed from v5key fingerprint.
GnuPG-bug-id: 5000
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm/gpgsm.c (oChUid, opts): New option --chuid.
(main): Implement option.
--
This option will at least be useful for Scute.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Add that hack.
--
This is an yet undocumented hack to allow printing hex encoded random
number with gpg. The level is forced to be 1 which is is good for
almost all uses. Note that --armor is ignored.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
(list_cert_raw): Print the SHA2 fingerprint.
(list_cert_std): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (start_pinentry): Don't use pid_t.
--
When pid_t is 64-bit integer and unsigned long is 32-bit,
it never matches, because left hand side does not fill
upper 32-bit.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (close_pcsc_reader): Unlock the reader_table_lock.
(apdu_dev_list_finish): Release the context when no readers.
--
Fixes-commit: 46d185f603
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (close_pcsc_reader): Check if it's not in the loop.
--
GnuPG-bug-id: 4998
Reported-by: Kevin Locke
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/export.c (export_ssh_key): Do not close stdout.
--
stdout should never be closed; this fixes this minor bug.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
same as with !OPT_NEWSYMKEY.
--
In loopback mode there shall not be any repeat because the caller is
expected to do any confirmation before passing a new passphrase to
gpg.
Fixes-commit: eace4bbe1d
GnuPG-bug-id: 4991
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pubkey-enc.c (get_session_key): Don't skip at no PUBKEY_USAGE_ENC.
Emit information the key has no 'encrypt' usage.
--
GnuPG-bug-id: 4246
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
It is a bit surprising that nothing happens if no key is specified to
--delete-key et al. Although this is common Unix behaviour the use
might have expected that it behaves like --export and deletes all
keys. Sure we don't do the latter, so a short notice will help.
GnuPG-bug-id: 4959
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--
The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.
Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (agent_get_passphrase): Add arg pininfo.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
--
This new option allows to present a passphrase with the usual repeat
box as it is used by gpg-agent's internal key generation.
Signed-off-by: Werner Koch <wk@gnupg.org>