* agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to
gcry_sexp_canon_len.
--
We used to pass KEYLEN to the gcry_sexp_canon_len for no good reason:
convert_from_openpgp is guaranteed to return a valid canonical
S-expression and KEYLEN would thus act only as an upper limit. This
is not a problem because usually the original input key is longer than
the returned unprotected key. A future patch may change this
assertion and thus we better fix this bug now.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oDisableCheckOwnSocket): New.
(disable_check_own_socket): New.
(parse_rereadable_options): Set new option.
(check_own_socket): Implement new option.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpg.texi: Fix syntax and add missing menu entries.
* doc/gpgsm.texi: Fix subsectioning.
--
These five patches fix some warnings from Texinfo 5 by adding some
missing nodes and changing some sections to subsections, and moving an
'@end ifset' to the start of a line. I also noticed the 'Deprecated
options' subsection didn't appear in the GPG options menu, so I added
it. (Texinfo never warned about it because it was after the last node
in the menu.)
1) doc/gpg.texi: move '@end ifset' to start of line
2) doc/gpg.texi: Add missing node for 'Compliance options' section.
3) doc/gpg.texi: add node for 'Deprecated options' subsection.
4) doc/gpg.texi: make 'Unattended key generation' a subsection
5) doc/gpgsm.texi: fix subsectioning for Unattended Usage
(all 5 merged into one patch by wk)
(cherry picked from commit 4d67f59a33)
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--
This fixes an obvious bug in locales where the translated string is
longer than the original. The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.
En passant we also removed the trailing white space on continued
lines.
Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
(cherry picked from commit 3402a84720)
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (update_reader_status_file): Add condition
vr->status == 0.
--
To reproduce the bug: (1) insert card,
(2) run "gpg2 --card-status",
(3) remove card, (4) invoke "gpg2 --card-edit",
(5) invoke some command like "verify"
The last step fails (but with no error message to user).
* scd/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word)
when a word was 16-bit.
(struct reader_table_s): Fixes for types.
(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
Throughout: Fixes for types.
* scd/pcsc-wrapper.c: Likewise.
--
Problem reported for 1.4.x by the issue 1358.
* scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
of maxlen for pinpad input is now 15 (was: 25).
* scd/ccid-driver.c (ccid_transceive_secure): Likewise.
--
For newer PC/SC, it is better to use FEATURE_GET_TLV_PROPERTIES to get
bMaxPINSize.
* common/init.c (mem_cleanup_item_t): New.
(run_mem_cleanup): New.
(_init_common_subsystems): Add an atexit for it.
(register_mem_cleanup_func): New.
* g10/kbnode.c (cleanup_registered): New.
(release_unused_nodes): New.
(alloc_node): Call register_mem_cleanup_func.
--
It is often time consuming to figure out whether still allocated
memory at process termination is fine (e.g. a cache) or a problem. To
help for that register_mem_cleanup_func may now be used to cleanup
such memory. The run time of the program will be longer; if that
turns out to be a problem we can change the code to only run in
debugging mode.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--
We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature. Thus if key
flags are used in any way, the default key capabilities are never
used.
This allows to create a key with key flags set to all zero so it can't
be used. This better reflects common sense.
* scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
APDU.
--
This is still ad hoc change, but it's OK. Supporting full extended
APDU exchange level is not worth yet.
* scd/app-openpgp.c (do_sign): Only prepend message digest block
for RSA or do_auth.
(do_auth): Remove message digest block for ECDSA.
--
If we don't need to check the message digest block by SCDaemon, we
don't requite the message digest block for ECDSA by gpg-agent.
* scd/app-openpgp.c (key_type_t): New.
(CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
(struct app_local_s): Change keyattr to have key_type and union.
(get_ecc_key_parameters, get_curve_name): New.
(send_key_attr, get_public_key): Support ECDSA.
(build_privkey_template, do_writekey, do_genkey): Follow the change
of the member KEY_ATTR.
(parse_historical): New.
(parse_algorithm_attribute): Support ECDSA.
--
Add ECDSA support to OpenPGP card.
* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.
* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--
Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released. If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.
* configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
LDFLAGS.
--
Back in ~2000 we introduced a quick hack to make building of Libgcrypt
on FreeBSD easier by always adding -I/usr/local/include and
-L/usr/local/lib . It turned out that this is a bad idea if one wants
to build with library version which is not installed in /usr/local.
The hack made was eventually (in 2003) copied from Libgcrypt to
GnuPG-2.
* agent/command.c (cmd_keytocard): Decrement KEYDATALEN.
* agent/findkey.c (agent_public_key_from_file): Increment for ELEMS.
--
For ECDSA and ECDH, there are 6 elements.
* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.
* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--
Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released. If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.
* configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
LDFLAGS.
--
Back in ~2000 we introduced a quick hack to make building of Libgcrypt
on FreeBSD easier by always adding -I/usr/local/include and
-L/usr/local/lib . It turned out that this is a bad idea if one wants
to build with library version which is not installed in /usr/local.
The hack made was eventually (in 2003) copied from Libgcrypt to
GnuPG-2.
Werner Koch