* g10/options.h (opt): Add show_only_session_key and turn
show_session_key into a bit flag.
* g10/gpg.c (oShowOnlySessionKey): New.
(opts): Add "show-only-session-key".
(main): Set flag.
* g10/mainproc.c (proc_encrypted): Handle the new option.
* g10/decrypt-data.c (decrypt_data): Ditto. Add compliance error flag
to the DECRYPTION_INFO status line.
--
This new option is somehow related to
GnuPG-bug-id: 1825
* sm/keylist.c (list_cert_colon): Rework listing of user IDs.
--
Only in colon mode this did not work. Note that an updated libksba is
anyway required to parse a certificate with an empty Subject.
GnuPG-bug-id: 7171
* scd/scdaemon.h (scd_command_handler): Fix the return type.
* scd/command.c (scd_command_handler): Not return a value.
* scd/scdaemon.c (pipe_server): Make it auto variable in main.
(main): Use auto PIPE_SERVER variable.
(start_connection_thread): When it's a pipe connection and it
finishes, let the service shutdown.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keygen.c (PQC_STD_KEY_PARAM): New.
(quickgen_set_para): Always store the provided NBITS.
(parse_key_parameter_string): Detect the special value "pqc".
(quick_generate_keypair): Ditto.
--
With this change we can finally do a
gpg --quick-gen-key --batch --passphrase='' foo@example.org pqc
and get a full key. Currently with a brainpoolp386r1 primary key and
a Kyber768_brainpoolp256 subkey.
* g10/getkey.c (lookup): Skip keys with unknown algos.
--
If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out. Thus decryption of proper
messages was not possible. This fix skips such secret keys.
* agent/call-daemon.c (daemon_start): Decision of connection/reuse of
CTX and assignment to ->ctx should be done with the lock.
--
When scdaemon is exiting and agent tries to spawn/connect/reconnect,
there is a race condition between detecting finish of scd and
spawn/connect/reconnect.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--
Designated revokers were only printed in --with-colons mode. For
quick inspection of a key it is useful to see them right away.
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--
The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.
GnuPG-bug-id: 7133
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove. It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--
The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.
* common/exectool.c (gnupg_exec_tool_stream): On Windows, it's
HANDLE which a child process inherits.
--
GnuPG-bug-id: 7139
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.
With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.
GnuPG-bug-id: 7116
* tools/gpg-auth.c (ssh_authorized_keys): Move free after printing error
message.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.
--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40c
* sm/keydb.c (keydb_search): Init skipped.
--
Skipped is not actually used.
This is part of
GnuPG-bug-id: 7129
Reported-by: Jakub Jelen <jjelen@redhat.com>
* scd/apdu.c (apdu_dev_list_start): Fix end condition.
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
Fixes-commit: e8534f8999
* agent/call-scd.c (handle_pincache_get): Set PIN to NULL. Also add
DBG_CACHE conditionals and don't return the pin in the debug output.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
* agent/genkey.c (store_key): Clear ERR on success.
--
This fixes a real problem which might let ephemeral store mode fail
randomly.
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
* tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case
the loop is never run.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
* g10/keygen.c (card_store_key_with_backup): Avoid double free and
simplify error handling.
--
This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>
* tpm2d/command.c (cmd_pkdecrypt): Handle unknown algo. Also slightly
rework error handling.
* tpm2d/tpm2.c (sexp_to_tpm2_public_ecc): Check length before checking
for 0x04. Rework error handling.
(tpm2_ObjectPublic_GetName): Check the return value of
TSS_GetDigestSize before use. Erro handling rework.
(tpm2_SensitiveToDuplicate): Ditto.
(tpm2_import_key): Ditto.
* tpm2d/intel-tss.h (TSS_Hash_Generate): Check passed length for
negative values. Check return value of TSS_GetDigestSize. Use
dedicated 16 bit length variable.
--
These are reworked and improved fixes as reported in
GnuPG-bug-id: 7129
* scd/app-openpgp.c (get_cached_data): When it comes with
its tag and length for the constructed Data Object, remove
them.
--
Cherry-pick master commit of:
35ef87d8d9
GnuPG-bug-id: 7058
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/armor.c (radix64_read): Detect the end of armor when
there is no CRC24 checksum.
--
Cherry-pick master commit of:
3a344d6236
GnuPG-bug-id: 7071
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keylist.c (list_all): Handle error from list_keyblock.
(list_one): Ditto.
(locate_one): Ditto.
(list_keyblock): Detect write error, print, and return it.
(list_keyblock_direct): Return error from list_keyblock.
* g10/import.c (import_one_real): Break on listing error.
--
Test by using
gpg -k >/dev/full
GnuPG-bug-id: 6185
* tpm2d/tpm2.c (tpm2_SensitiveToDuplicate): Don't use the cast
of (TPM2B *).
--
While it works (since the actual access is done by the macros),
compiler may complain the alignment property of type BYTE * and TPM2B
object is different.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
