* g10/getkey.c (lookup): Skip keys with unknown algos.
--
If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out. Thus decryption of proper
messages was not possible. This fix skips such secret keys.
* tools/gpg-auth.c (ssh_authorized_keys): Move free after printing error
message.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
(cherry picked from commit 9adaa79ab4)
* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.
--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40c
(cherry picked from commit dcb0b6fd48)
* scd/apdu.c (apdu_dev_list_start): Fix end condition.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
Fixes-commit: e8534f8999
(cherry picked from commit 4c1b007035)
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
(cherry picked from commit 379fc5569d)
* agent/call-scd.c (handle_pincache_get): Set PIN to NULL. Also add
DBG_CACHE conditionals and don't return the pin in the debug output.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit bdbf5cee2f)
* agent/genkey.c (store_key): Clear ERR on success.
--
This fixes a real problem which might let ephemeral store mode fail
randomly.
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit fdc5003956)
* tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case
the loop is never run.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 021c27510b)
* g10/keygen.c (card_store_key_with_backup): Avoid double free and
simplify error handling.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit bcc002cd45)
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.
--
Cherry-pick master commit of:
35ef87d8d9
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/armor.c (radix64_read): Detect the end of armor when
there is no CRC24 checksum.
--
Cherry-pick master commit of:
3a344d6236
GnuPG-bug-id: 7071
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/options.h (LIST_SHOW_OWNERTRUST): New.
* g10/keylist.c (print_key_line): Show wonertrust and always show
whether a key is disabled.
* g10/gpg.c (parse_list_options): Add "show-ownertrust".
* g10/gpgv.c (get_ownertrust_string): Add stub.
* g10/test-stubs.c (get_ownertrust_string): Add stub.
--
Note that in a --with-colons listing the ownertrust has always been
emitted and the disabled state is marked in that listing with a
special 'D' usage.
* g10/call-agent.c (agent_probe_any_secret_key): Act on --quiet.
--
When using the extra-socket this disagnostic will be printed because a
listing of all secret keys is not allowed by a remote gpg.
* g10/keygen.c (print_key_flags): Print "RENC" if set.
(ask_key_flags_with_mask): Remove RENC from the possible set of
usages. Add a direct way to set it iff the key is encryption capable.
--
This could be done by using "set your own capabilities" for an RSA
key. In fact it was always set in this case.
GnuPG-bug-id: 7072
* g10/mainproc.c (proc_encrypted): Force a decryption failure if any
error has been seen.
* g10/decrypt-data.c (aead_checktag): Issue an ERROR line.
--
GnuPG-bug-id: 7042
Note that gpg in any case returns a failure exit code but due to
double forking GPGME would not see it.
* tools/gpg-check-pattern.c (read_file): Check length before calling
fread.
--
The problem with an empty file is that es_fread is called to read one
element of length zero which seems to be undefined behaviour and
results in ENOENT on my test box.
* scd/ccid-driver.h (VENDOR_ACR, ACR_122U): New.
* scd/ccid-driver.c (ccid_open_usb_reader): Do not call
libsub_set_interface_alt_setting for this reader.
--
Co-authored-by: markus.montkowski@gnupg.com
* tools/gpg-wks-client.c (mirror_one_key): Test for no domain
specified.
--
The code did not really work if no domain was given. It worked but
filtered out all keys so that no key was actually exported.
* g10/trustdb.c: Move a function and some definitions around.
(user_utk_list): Rename to trusted_key_list. Change all users.
(any_trusted_key_seen): New.
(tdb_register_trusted_key): Set it here. Handle the new value "none".
(verify_own_keys): Do not delete a trusted key from the trustdb if a
trusted-key option was not used.
--
GnuPG-bug-id: 7025
* tools/gpg-wks-client.c (oRealClean): New.
(opts): Add "realclean".
(parse_arguments): Implement.
(main): Take a copy of the module name to fix bad assignment from a
former patch.
* tools/gpg-wks-server.c (main): Ditto.
* tools/gpg-wks.h (opt): Add field realclean.
* tools/wks-util.c (wks_get_key): Call gpg with export-realclean
depending on the new option.
--
The default for gpg-wks-client is to install keys with all valid key
signatures. The new option will eventually allow to install the keys
only with key signatures done by trusted-keys. Also the export-option
is in gpg, it requires one more gpg patch to make it actually work.
* g10/options.h (EXPORT_REALCLEAN): New. Also re-assign other values
to keep them more in sync with the corresponding import values.
* g10/export.c (parse_export_options): Add "export-realclean".
(do_export_stream): Call clean_all_uids directly with the options
arg.
* g10/import.c (import_one_real): Change for direct use of options in
clean_all_uids.
* g10/key-clean.c (is_trusted_key_sig): New. Stub for now.
(clean_sigs_from_uid): Re-purpose self_only to a general options arg.
Implement EXPORT_REALCLEAN code path.
(clean_one_uid): Re-purpose self_only to a general options arg.
(clean_all_uids): Ditto.
* g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple
flag.
(menu_clean): Re-purpose self_only to a general options arg.
* g10/keyid.c (fpr20_from_pk): Factor code out to ....
(fpr20_from_fpr): new. Remove useless case for ARRAY being NULL.
* g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use
fpr20_from_fpr if needed.
(tdbio_search_trust_bypk): Pass 20 for the fingerprint length.
--
Note that this code has no function yet. Another patch will follow to
extract the trusted-keys flag from the trustdb.
* g10/compress-bz2.c: Replace all log_fatal by log_error,
write_status_error, and g10_exit.
(do_uncompress): Ditto.
--
This gives gpgme a better way to detect corrupted data in the
compression layer.
GnuPG-bug-id: 6977
* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program. Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--
GnuPG-bug-id: 7017
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode
but ignore the cacheid.
--
The use case is symmetric encryption via the extra-socket. To avoid
that the gpg running on the server has access to the cache we set the
cache id to NULL so that the cache is not used at all.
* g10/build-packet.c (gpg_mpi_write): Take care of the fact that
get_opaque already returns a bit-exact value.
--
Fixes-commit: ab17f7b6c3
Reported-by: Falko Strenzke <falko.strenzke@mtg.de>
* tools/gpg-wks-client.c (wrong_args): Take two args. Change all
callers.
(main): Pass ARGPARSE_FLAG_COMMAND for recent gpgrt version.
--
This requires gpgrt 1.48. Of course "gpg-wks-client --create ..."
continues to work.
