* scd/app-p15.c (set_usage_string): Map usageflags.derive also to 'e'.
(do_auth): Allow usageflags.sign_recover.
(do_decipher): Allow usageflags.derive.
(do_with_keygrip): Take usageflags.derive into account.
(do_gettatr): Ditto.
(do_decipher): Take a missing AODF for authentication not needed.
--
This is required for D-Trust ECC cards.
The AODF thing is unrelated but seems to be a good idea.
GnuPG-bug-id: 7000
* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
causes resource leak of FP_WRITE.
Don't try to read response body to fix the hang.
--
GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
available regardless of USE_TLS.
(run_proxy_connect): Use log_debug_string.
(send_request): Remove USE_TLS.
--
Since the commit of
1009e4e5f7
Building with TLS library is mandatory.
GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm/minip12.c (p12_parse): set err on the different error paths
--
GnuPG-bug-id: 6973
Fixes-commit: 101433dfb4
Signed-off-by: Ángel González <angel@pgp.16bits.net>
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: efe325ffdf
scd:openpgp: Allow PIN length of 6 also with a reset code.
* scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R"
flag to the reset code prompt.
--
When using the reset code it was not possible to set a PIN of length
6. The "R" flags fixes a funny prompt.
Fixes-commit: 2376cdff13
* g10/ecdh.c (pk_ecdh_decrypt): Allocate just the right size of memory
for the session key, simplifying the decrypt process.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
This avoids extra build dependencies. Note that bzip2 is not
necessary statically linked but an existing bzip2 SO might be used.
We would need to fix the bzip2 SO building and also provide a gnupg
configure option to build statically against bzip2.
* agent/agent.h (struct ephemeral_private_key_s): New.
(struct server_control_s): Add ephemeral_mode and ephemeral_keys.
(GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New.
* agent/genkey.c (clear_ephemeral_keys): New.
(store_key): Add arg ctrl and implement ephemeral_mode. Change all
callers.
(agent_genkey): Replace args no_protection and preset by a generic new
flags arg.
* agent/findkey.c (wipe_and_fclose): New.
(agent_write_private_key): Add arg ctrl and implement ephemeral_mode.
Change all callers.
(agent_update_private_key): Ditto
(read_key_file): Ditto.
(agent_key_available): Ditto.
* agent/command-ssh.c (card_key_available): Do not update display s/n
in ephemeral mode. This is however enver triggred.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral
keys.
* agent/command.c (cmd_genkey): Use the new flags instead of separate
vars.
(cmd_readkey): Create a shadow key only in non-ephemeral_mode.
(cmd_getinfo): Add sub-command "ephemeral".
(option_handler): Add option "ephemeral".
--
The idea here that a session can be switched in an ephemeral mode
which does not store or read keys from disk but keeps them local to
the session.
GnuPG-bug-id: 6944
* g10/keygen.c (struct common_gen_cb_parm_s): New.
(common_gen): Add args common_gen_cb and common_gen_cb_parm. Adjust
all callers.
(do_generate_keypair): Clarify the code by using a better var name.
--
We may eventually also replace the long arg list with that object.
The immediate reason for this change is the followup commit.