* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--
GnuPG-bug-id: 1653.
Note that this works only if --output has been used.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--
It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
* agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
of the curve parameters.
* g10/export.c (canon_pubkey_algo): Rename to ...
(canon_pk_algo): this. Support ECC.
(transfer_format_to_openpgp): Expect curve name.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--
A packet like (a3 01 5b ff) leads to an infinite loop. Using
--max-output won't help if it is a partial packet. This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.
Thanks to Olivier Levillain and Florian Maury for their detailed
report.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret. Also move
the token string from the wrong field 14 to 15.
--
This option is useful for key managers which need to know whether a
key has a secret key. This change allows to collect this information
in one pass.
* g10/keyid.c (hash_public_key): Take care of NULL keys.
* g10/misc.c (pubkey_nbits): Ditto.
--
This problem was mainly due to our ECC code while checking for opaque
MPIs with the curve name.
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--
This gets gpg 2.x in sync to what gpg 1.4 does. No need to die for a
broken MPI.
GnuPG-bug-id: 1593
Resolved conflicts:
g10/parse-packet.c - whitespaces fixes.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.
* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--
The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte. With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte. Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".
The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
* kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.
--
This only affects the new keybox for OpenPGP keys in 2.1. The bug
exhibited itself by running GPA's backup command on Windows.
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--
The separate diagnostic was introduced for debugging a problems. For
explaining an MDC error a single error message is easier to
understand.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--
This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.
GnuPG-bug-id: 1639
* g10/mainproc.c (check_sig_and_print): Factor common code out to ...
(print_good_bad_signature): here.
--
P was not released if the key had no user id.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey. Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp): Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
"NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.
* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
does not distinguish the detail.
(do_unprotect, convert_from_openpgp_main): Don't call
map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
not the value defined by OpenPGP.
(convert_to_openpgp): It's "ecc".
* agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
* g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
* g10/pubkey-enc.c (get_it): Fix swapping the fields error.
* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.
--
Note that GUIs may use the gpg status line
[GNUPG:] ERROR check_hijacking 33554509
to detect this and print an appropriate warning.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--
This makes is possible to extract all photos ids from a key to
different files.
* agent/cvt-openpgp.c (convert_to_openpgp): Fix use
gcry_sexp_extract_param.
* g10/export.c (do_export_stream): Provide a proper prompt to the
agent.
--
NB: The export needs more work, in particular the ECC algorithms.
* g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings.
* g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
(FORMAT_KEYDESC_EXPORT): New. Use them for clarity.
--
The use of the term "certificate" was more confusing than helpful.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
* g10/keyserver.c (keyserver_import_name): Implement.
(keyserver_get): Use exact mode for name based import.
(keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers.
* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg. Adjust all users. Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.
--
It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key. This is helpful if
the keyserver is actually a pool of keyservers. This patch does this.
* dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var.
* dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/.
* dirmngr/dirmngr.c (w32_service_control): Mark unused args.
(call_real_main): New.
(main) [W32]: Use new function to match prototype.
(real_main) [W32]: Mark unused vars.
(handle_signal) [W32]: Do not build the function at all.
(handle_connections) [W32]: Do not define signo.
* dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars.
* g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined.
* agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
(start_pinentry): Ditto.
* common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
* common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
prototypes on Windows and some other platforms.
* common/logging.c (fun_writer): Declare addrbuf only if needed.
* g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
* g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
mode.
* g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
by -1 as temporary hack for Windows.
* g10/export.c (do_export): Ditto.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
* g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
--
The gpg server mode is not actual working and thus we can avoid the
warnings by explicitly disabling the mode. We keep it working under
Unix, though.