-2021-06-10 Werner Koch <wk@gnupg.org>
+2021-04-20 Werner Koch <wk@gnupg.org>
+
+ Release 2.3.1.
+ + commit cbbdb88627fe57ebf02b8b4bf9002d356e57e2e4
+
+
+ Support log-file option from common.conf for all daemon.
+ + commit 45918813f0599505e4f84bd44b09fb708b4e7f23
+ * agent/gpg-agent.c: Include comopt.h.
+ (main): Read log-file option from common.conf.
+ (reread_configuration): Ditto.
+ * dirmngr/dirmngr.c: Include comopt.h.
+ (main): Read log-file option from common.conf.
+ (reread_configuration): Ditto.
+ * kbx/keyboxd.c: Include comopt.h.
+ (main): Read log-file option from common.conf.
+ (reread_configuration): Ditto.
+ * scd/scdaemon.c: Include comopt.h.
+ (main): Read log-file option from common.conf.
+
+ gpgconf: Fix a diagnostic output.
+ + commit b657d6c3bd8103d40d511a3293313a891a26a9f5
+ * tools/gpgconf-comp.c (gc_component_launch): Fix diagnostic.
+ * doc/examples/common.conf: Fix example.
+
+ sm: New command --show-certs.
+ + commit 51419d63415ae2aa029f8829099b6789b264edc5
+ * sm/keylist.c (do_show_certs): New.
+ (gpgsm_show_certs): New.
+ * sm/gpgsm.c (aShowCerts): New.
+ (opts): Add --show-certs.
+ (main): Call gpgsm_show_certs.
+
+2021-04-19 Werner Koch <wk@gnupg.org>
+
+ build: Fix build problems on macOS for gpgsm tests and gpg-card.
+ + commit 5fe60576d50f7c857d0a865a9630212422fa1ad1
+ * tools/gpg-card.c: Include ctype.h.
+ * sm/Makefile.am (t_common_ldadd): Add LIBICONV.
+
+2021-04-19 Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>
+
+ build: Allow selection of TSS library.
+ + commit 93c88d0af36b70a406997b40c49bfc14c17b4cd2
+ * configure.ac: New option --with-tss to force the use of a
+ specific TSS library.
+
+ gpg: Fix showpref to list AEAD feature.
+ + commit 86f446fd446fcc7295ecf6b37a3f4cca45a165f1
+ * g10/keyedit.c (show_prefs): Show 'AEAD' if flags.aead is set.
+
+2021-04-19 Werner Koch <wk@gnupg.org>
+
+ gpg,gpgsm: Move use-keyboxd to the new conf file common.conf.
+ + commit d13c5bc244ce1daed285424d920171fc2bcd7290
+ * common/comopt.c, common/comopt.h: New.
+ * common/Makefile.am: Add them.
+ * g10/gpg.c: Include comopt.h.
+ (main): Also parse common.conf.
+ * sm/gpgsm.c: Include comopt.h.
+ (main): Set a flag for the --no-logfile option. Parse common.conf.
+
+ * tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
+ pseudo option "use_keyboxd".
+ (known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
+ (known_options_gpgsm): Remove "use-keyboxd".
+
+ * tests/openpgp/defs.scm (create-gpghome): Create common.conf.
+
+ * doc/examples/common.conf: New.
+
+2021-04-16 Werner Koch <wk@gnupg.org>
- Release 2.2.28.
- + commit 9f6076868ecd313e832c112ea79cfcffed3dc342
-
-
- gpg: Partial fix for Unicode problem in output files.
- + commit 845711d1420cc01289c15ba49deb03200a5cd102
- * g10/openfile.c (overwrite_filep): Use gnupg_access.
-
- scd: Fix serial number detection for Yubikey 5.
- + commit c2f02797cdefdce5afd8b29bb8e51d4515a70a96
- * scd/app.c (app_new_register): Handle serial number correctly.
-
-2021-06-09 Werner Koch <wk@gnupg.org>
-
- gpgtar,w32: Fix file size computation.
- + commit 198b240b195596974e8b61e2b79fb6e8dc78f89a
- * tools/gpgtar-create.c (fillup_entry_w32): Move parentheses.
-
- sm: New option --ldapserver as an alias for --keyserver.
- + commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093
- * sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
- alias.
-
- dirmngr: Allow to pass no filter args to dirmngr_ldap.
- + commit f6e45671aa26f3e7abb968a876de7bbdb4fca3f1
- * dirmngr/dirmngr_ldap.c (main): Handle no args case.
-
-2021-06-08 Werner Koch <wk@gnupg.org>
-
- w32: Change spawn functions to use Unicode version of CreateProcess.
- + commit 7a98e45e74ec2883c24689964d6119796da0969f
- * common/exechelp-w32.c (gnupg_spawn_process): Change to use
- CreateProcessW.
- (gnupg_spawn_process_fd): Ditto.
- (gnupg_spawn_process_detached): Ditto.
- * g10/exec.c (w32_system): Ditto.
-
-2021-06-08 Andre Heinecke <aheinecke@gnupg.org>
-
- common,w32: Breakaway detached childs when in job.
- + commit f20e9a464487443552b6cbdf918c6448d3cb643f
- * common/exechelp-w32.c (gnupg_spawn_process_detached): Add
- CREATE_BREAKAWAY_FROM_JOB creation flag if required.
-
-2021-06-08 Werner Koch <wk@gnupg.org>
-
- w32: Always use Unicode for console input and output.
- + commit b912f07cdf00043b97fca54e4113fab277726e03
- * common/init.c (_init_common_subsystems) [W32]: Set the codepage to
- UTF-8 for input and putput. Switch gettext to UTF-8.
- * g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
-
- w32: Free memory allocated by new function w32_write_console.
- + commit ebdb62a98a6e917bafb795b5f50483a95790e739
- * common/ttyio.c (w32_write_console): Free buffer.
-
- common,w32: Allow Unicode input and output with the console.
- + commit 90aadf69f730ff1bd053abcd6cc8bc67518ecf4b
- * common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
- (w32_write_console): New.
- (tty_printf, tty_fprintf) [W32]: Use new function.
-
- common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support.
- + commit 521e176a605e6b6229825761906005b05608daf5
- * common/ttyio.c: Remove cruft like EMX and RISCOS support. Translate
- a few strings. Re-indent.
-
- common: Rename w32-misc.c to w32-cmdline.c.
- + commit d7d9a5ba3cbf9cf7e22a8871474032b525825eed
- * common/w32-misc.c: Rename to ....
- * common/w32-cmdline.c: this.
- * common/Makefile.am: Adjust.
-
- common,w32: Implement globing of command line args.
- + commit 09f49b4c9aae46c40a189b1270e215bc978dbc3c
- * common/w32-misc.c [W32]: Include windows.h
- (struct add_arg_s): New.
- (add_arg): New.
- (glob_arg): New.
- (parse_cmdstring): Add arg argvflags and set it.
- (w32_parse_commandline): Add arg r_itemsalloced. Add globing.
-
- * common/init.c (prepare_w32_commandline): Mark glob created items as
- leaked.
-
- * common/t-w32-cmdline.c : Include windows.h
- (test_all): Add simple glob test for Unix.
- (main): Add manual test mode for Windows.
+ gpg: Lookup a missing public key of the current card via LDAP.
+ + commit d7e707170fbe2956deb3d81e2802d21352079722
+ * g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
+ key from the current card via LDAP.
+ * g10/call-dirmngr.c: Include keyserver-intetnal.h.
+ (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the
+ new LDAP flag.
+ * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
+ Replace the use of the value 1 for the former quick arg.
+ (KEYSERVER_IMPORT_FLAG_LDAP): New.
+ * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
+ length.
+ * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
+ * dirmngr/server.c (cmd_ks_get): Add option --ldap.
- * common/xasprintf.c (xtryreallocarray): New.
+ scd:p15: Support attribute KEY-FPR.
+ + commit 30f90fc8574be4c48ac8d3ff41479481414c0dee
+ * scd/app-p15.c: Include openpgpdefs.h.
+ (struct prkdf_object_s): Add fields have_keytime and ecdh_kdf.
+ (read_p15_info): Set ecdh_kdf.
+ (keygrip_from_prkdf): Flag that we have the keytime.
+ (send_keypairinfo): Send the key time only if valid.
+ (send_key_fpr_line): New.
+ (send_key_fpr): New.
+ (do_getattr): Add KEY-FPR.
- common,w32: Refine the command line parsing for \ in quotes.
- + commit 4d6807b215e7541fd52caf7e4adc40d77670f99f
- * common/t-w32-cmdline.c (test_all): Add new test cases.
- * common/w32-misc.c (strip_one_arg): Add arg endquote.
- (parse_cmdstring): Take care of backslashes in quotes.
+ common: New module to compute openpgp fingerprints.
+ + commit 2f2bdd9c0894eb43f719da8b529b4c7a46f742a0
+ * common/openpgp-fpr.c: New.
+ * common/Makefile.am (common_sources): Add it.
- common: First take on handling Unicode command line args.
- + commit 90ddd1cf13cd6bb88d5bb8c1846d7297ca8ac81c
- * common/w32-misc.c: New.
- * common/t-w32-cmdline.c: New.
- * common/init.c: Include w32help.h.
- (prepare_w32_commandline): New.
- (_init_common_subsystems) [W32]: Call prepare_w32_commandline.
+2021-04-13 Werner Koch <wk@gnupg.org>
- * common/Makefile.am (common_sources) [W32]: Add w32-misc.c
- (module_tests): Add t-w32-cmdline
- (t_w32_cmdline_LDADD): New.
+ gpg: Do not use self-sigs-only for LDAP keyserver imports.
+ + commit 6c26e593df51475921410ac97e9227df6b258618
+ * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
+ * g10/options.h (opts): New field expl_import_self_sigs_only.
+ * g10/import.c (parse_import_options): Set it.
+ * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
- gpg: Prepare for globing with UTF-8.
- + commit 1f59c4c8e2cfa2b111f0798212546864668383f9
- * g10/gpg.c (_dowildcard): Remove.
- (my_strusage): Enable wildcards using our new system.
+2021-04-13 Jakub Jelen <jjelen@redhat.com>
- dirmngr: Rewrite the LDAP wrapper tool.
- + commit 39815c023f0371dea01f7c51469b19c06ad18718
- * dirmngr/ldap-misc.c: New.
- * dirmngr/ldap-misc.h: New.
- * dirmngr/ks-engine-ldap.c: Include ldap-misc.h.
- (ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c.
- * dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug
- mode.
- * dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND
- the saqme as GPG_ERR_NO_DATA.
- * dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds.
- Remove arg url. Adjust for changes in dirmngr_ldap.
- (url_fetch_ldap): Remove args host and port. Parse the URL and use
- these values to call run_ldap_wrapper.
- (attr_fetch_ldap): Pass tls flags to run_ldap_wrapper.
- (rfc2254_need_escape, rfc2254_escape): New.
- (extfilt_need_escape, extfilt_escape): New.
- (parse_one_pattern): Rename to ...
- (make_one_filter): this. Change for new dirmngr_ldap calling
- convention. Make issuer DN searching partly work.
- (escape4url, make_url): Remove.
- (start_cert_fetch_ldap): Change for new dirmngr_ldap calling
- convention.
- * dirmngr/dirmngr_ldap.c: Major rewrite.
-
- * dirmngr/t-ldap-misc.c: New.
- * dirmngr/t-support.h (DIM, DIMof): New.
- * dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c
- (module_tests) [USE_LDAP]: Add t-ldap-misc.
- (t_ldap_parse_uri_SOURCES): Ditto.
- (t_ldap_misc_SOURCES): New.
+ common: Fix memory leaks.
+ + commit a16f726f9404f173705cc3bef71daee38d2c094b
+ * common/name-value.c (do_nvc_parse): Free NAME.
+ * common/recsel.c (recsel_parse_expr): Release SE_HEAD and EXPR_BUFFER.
-2021-06-08 NIIBE Yutaka <gniibe@fsij.org>
+ kbx: Fix memory leak.
+ + commit 51bbd99a3c9b09a78e766a312d97a1d40372c6cd
+ * kbx/keybox-update.c (blob_filecopy): Goto leave instead of return.
- agent: Appropriate error code for importing key with no passwd.
- + commit 2f98d8a0f92dc991bff406e159690a111202fcb4
- * agent/cvt-openpgp.c (convert_from_openpgp_main): Return
- GPG_ERR_BAD_SECKEY.
+ tools: Fix memory leaks.
+ + commit 4c8be54cc430bbebd41fd7c452ff4ff9e8ff2bd5
+ * tools/gpgsplit.c (write_part): Free BLOB on error.
-2021-06-04 Werner Koch <wk@gnupg.org>
+ scd: Fix memory leaks.
+ + commit 7cbe29c4fb4f593e194b6c25cb31633b4a6e0b2b
+ * scd/apdu.c (apdu_dev_list_start): Free DL.
+ * scd/app-nks.c (pubkey_from_pk_file): Fix typo in condition.
+
+ agent,kbx: Add LIBASSUAN_CLFAGS.
+ + commit cd66b2eb0d34b135175899362e191fff81588608
+ * agent/Makefile.am (gpg_preset_passphrase_CFLAGS, t_protect_CFLAGS):
+ Add LIBASSUAN_CFLAGS.
+ * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS):
+ Likewise.
- dirmngr: Remove useless code.
- + commit 8bd5172539e1399b407aa2a9d56fa51b8e040ae3
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the
- password_param thing because we set the password directly without an
- intermediate var.
+2021-04-12 Werner Koch <wk@gnupg.org>
-2021-06-02 Werner Koch <wk@gnupg.org>
+ scd:p15: Match private keys with certificates also by labels.
+ + commit ecb9265b8dc03a153044e19be804d4c2d2caa4e8
+ * scd/app-p15.c (cdf_object_from_label): New.
+ (cdf_object_from_certid): Fallback to label matching.
+ (read_p15_info): Ditto.
+ (keygrip_from_prkdf): Ditto. Replace duplicated code by a call to
+ cdf_object_from_objid.
- sm: Support AES-GCM decryption.
- + commit b722fd755c77cbba12478f6de8913c73213d78ee
- * sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error if gpgrt
- supports this.
- * sm/decrypt.c (decrypt_gcm_filter): New.
- (gpgsm_decrypt): Use this filter if requested. Check authtag.
- * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
- in consumer (decrypt) de-vs mode.
+2021-04-08 Werner Koch <wk@gnupg.org>
-2021-05-28 Werner Koch <wk@gnupg.org>
+ scd:nks: Handle APP_READKEY_FLAG_INFO.
+ + commit 63320ba2f8147ee86f4406c9590f6b28cad4771d
+ * scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error.
+ (get_nks_tag): New.
+ (do_learn_status_core): Use it. Make sure not to mange the
+ KEYPAIRINFO line if no usage is known.
+ (do_readkey): Output the KEYPAIRINFO for the keygrip case.
- gpgconf: Make runtime changes with different homedir work.
- + commit c8f0b02936c73b6ef3c99a1bea9ae63f74da0768
- * tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir
- first. Remove unused variable.
+ scd: Fix duplicate output of KEYPAIRINFO by readkey command.
+ + commit 22fd48e48d007a0cba6c8a8f6ad6cb4fe7470534
+ * scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
+ parm optional.
+ * scd/command.c (do_readkey): Remove duplicate output of keypairinfo
+ lines.
- dirmngr: Fix default port for our redefinition of ldaps.
- + commit 8de9d54ac83fa20cb52b847b643311841be4d6dc
- * dirmngr/server.c (make_keyserver_item): Fix default port for ldaps.
- Move a tmpstr out of the blocks.
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics.
+2021-04-08 NIIBE Yutaka <gniibe@fsij.org>
-2021-05-27 NIIBE Yutaka <gniibe@fsij.org>
+ gpg: Ed448 and X448 are only for v5.
+ + commit 36355394d865f5760075e62267d70f7a7d5dd671
+ * g10/keygen.c (parse_key_parameter_part): Generate with version 5
+ packet, when it's Ed448 or X448.
- build: _DARWIN_C_SOURCE should be 1.
- + commit 40b2890b4349781ddb0330193aed0286b1d23dad
- * configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.
+ scd: Fix CCID driver for SCM SPR332/SPR532.
+ + commit ab66c4357595b8a10ca25fd735f439fe795919b2
+ * scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New.
+ (ccid_vendor_specific_setup): Only send CLEAR_HALT.
+ (ccid_transceive_secure): Each time, use send_escape_cmd.
-2021-05-26 Werner Koch <wk@gnupg.org>
+ common: Fix gnupg_wait_processes, by skipping invalid PID.
+ + commit d82dae5d2229a30dbc78aadc4d544d30dac76a1c
+ * common/exechelp-posix.c (gnupg_wait_processes): Skip invalid PID.
- dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.
- + commit 317d5947b84ae2707e46b89fb0d8318c07174e13
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT.
+2021-04-07 Werner Koch <wk@gnupg.org>
- * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ...
- (parse_rereadable_options): here.
+ Release GnuPG 2.3.0.
+ + commit c922a798a341261f1aafaf7c1c0217e4ce3e3acf
- dirmngr: New option --ldapserver.
- + commit ff17aee5d10c8c5ab902253fb4332001c3fc3701
- * dirmngr/dirmngr.c (opts): Add option --ldapserver.
- (ldapserver_list_needs_reset): New var.
- (parse_rereadable_options): Implement option.
- (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used.
-
- * dirmngr/server.c (cmd_ldapserver): Add option --clear and list
- configured servers if none are given.
-
- dirmngr: Allow for non-URL specified ldap keyservers.
- + commit 2b4cddf9086faaf5b35f64a7db97a5ce8804c05b
- * dirmngr/server.c (cmd_ldapserver): Strip an optional prefix.
- (make_keyserver_item): Handle non-URL ldap specs.
- * dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls,
- ldap_over_tls, and ntds.
-
- * dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host
- string. Improve error messages for the non-file case. Support flags.
- * dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs.
- (ks_action_search, ks_action_get, ks_action_put): Ditto.
- * dirmngr/ks-engine-ldap.c: Include ldapserver.h.
- (ks_ldap_help): Handle non-URL ldap specs.
- (my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support
- URLs and non-URL specified keyservers.
- (ks_ldap_get): Adjust for changes in my_ldap_connect.
- (ks_ldap_search): Ditto.
- (ks_ldap_put): Ditto.
- gpg,sm: Simplify keyserver spec parsing.
- + commit 9f586700ec4ceac97fd47cd799878a8847342ffa
- * common/keyserver.h: Remove.
- * sm/gpgsm.h (struct keyserver_spec): Remove.
- (opt): Change keyserver to a strlist_t.
- * sm/gpgsm.c (keyserver_list_free): Remove.
- (parse_keyserver_line): Remove.
- (main): Store keyserver in an strlist.
- * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid
- an ambiguity in dirmngr by adding a prefix if needed.
-
- * g10/options.h (struct keyserver_spec): Move definition from
- keyserver.h to here. Remove most fields.
- * g10/keyserver.c (free_keyserver_spec): Adjust.
- (cmp_keyserver_spec): Adjust.
- (parse_keyserver_uri): Simplify.
- (keyidlist): Remove fakev3 arg which does not make any sense because
- we don't even support v3 keys.
-
- dirmngr: Support pseudo URI scheme "opaque".
- + commit 72124fadafde153f8ac89a70202006d831829d06
- * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New.
- * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers
- to use the new macro for better readability.
- (do_parse_uri): Add pseudo scheme "opaque".
- (uri_query_value): New.
-
-2021-05-21 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Release memory for RDRNAME.
- + commit 5be0d075b1ad03a46a6169bf16cd3ee6102e1358
- * scd/apdu.c (apdu_close_reader): Free RDRNAME field.
-
-2021-05-20 Jakub Jelen <jjelen@redhat.com>
-
- scd: avoid memory leaks.
- + commit 678e1b20d3531e642fa8871ea56c6c7d5c208fbe
- * scd/app-p15.c (send_certinfo): free labelbuf
- (do_sign): goto leave instead of return
- * scd/command.c (cmd_genkey): goto leave instead of return
-
- common: Avoid double-free.
- + commit 4dc4b025d6dd194a96b11ccfd64d763d2c902a91
- * common/name-value.c (do_nvc_parse): reset to null after ownership
- change
-
-2021-05-19 Ineiev <ineiev@gnu.org>
+2021-04-01 Werner Koch <wk@gnupg.org>
- po: Update Russian translation.
- + commit 17b7048732e265450323cc3e01a48c9d492edf0c
+ gpgconf: Return a new pseudo option compliance_de_vs.
+ + commit a78475fbb7b60ca96137fbe179d8b939cfe2cd89
+ * tools/gpgconf-comp.c (known_pseudo_options_gpg): Add
+ "compliance_de_vs".
+ * g10/gpg.c (gpgconf_list): Returh that pseudo option.
+ common: Make the compliance check more robust.
+ + commit 1d1ec1146c04415c7051af62e133459a4537c945
+ * common/compliance.c (get_compliance_cache): New.
+ (gnupg_rng_is_compliant): Use per mode cache.
+ (gnupg_gcrypt_is_compliant): Ditto.
-2021-05-19 Werner Koch <wk@gnupg.org>
+ card: New flag --reread for LIST.
+ + commit c727951a2440913bbab5b250c9bd2bb1d35ab0d7
+ * tools/gpg-card.c (cmd_list): Add flag --reread.
+ * tools/card-call-scd.c (scd_learn): New arg reread.
+
+ * tools/card-call-scd.c (release_card_info): Fix releasing of the new
+ label var.
+
+ scd: New flag --reread for LEARN.
+ + commit ff87f4e578f412332ae59fdab016f0a5304baaf9
+ * scd/command.c (cmd_learn): Add flag --reread.
+ * scd/app-common.h (struct app_ctx_s): New field need_reset.
+ * scd/app.c (write_learn_status_core): Set need_reset if we notice an
+ error after returning from a reread. Change all callers of card
+ functions to return GPG_ERR_CARD_RESET so that that app is not anymore
+ used.
- dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
- + commit f0e538619d5079fcd87c31e853e6deb28564a321
- * dirmngr/ks-engine-ldap.c (extract_keys): Return the fingerprint if
- available.
- (ks_ldap_search): Ditto.
- (extract_keys): Make sure to free the ldap values also in corner
- cases.
- (my_ldap_value_free): New.
- (ks_ldap_get): Ditto.
- (ks_ldap_search): Ditto.
- (my_ldap_connect): Ditto.
+ scd:p15: New flag APP_LEARN_FLAG_REREAD.
+ + commit e17d3f866057543d142d63379fd4f4a36d79147f
+ * scd/app-p15.c (do_deinit): Factor code out to ...
+ (release_lists, release_tokeninfo): new.
+ (read_ef_tokeninfo): Reset all data before reading.
+ (read_p15_info): Ditto.
+ (do_learn_status): Implement reread flag.
-2021-05-18 Werner Koch <wk@gnupg.org>
+2021-03-31 Werner Koch <wk@gnupg.org>
- gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
- + commit 7bf8530e75d05a712d00a333d59b0a8cf663b9cb
- * g10/call-dirmngr.c (record_output): Rewrite.
+ scd: Replace all assert macros by the log_assert macro.
+ + commit 1c16878efd0bcf036f56abef93d64ac41ce9e95b
-2021-05-18 Ingo Klöcker <dev@ingo-kloecker.de>
- scd:p15: Fix logic for appending product name to MANUFACTURER.
- + commit aa6288140481bccc366e87fcdc6781dc82d0af31
- * scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if
- manufacturer_id does not already contain a bracket and if we have a
- product name.
+ build: Require automake 1.16.3.
+ + commit 6ca540715139899137e1f86c7e1dcbd0288f15b3
+ * configure.ac (min_automake_version): Bump to 1.16.3
-2021-05-17 Werner Koch <wk@gnupg.org>
+2021-03-31 NIIBE Yutaka <gniibe@fsij.org>
- gpg: Use a more descriptive prompt for symmetric decryption.
- + commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b
- * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
- (passphrase_to_dek_ext): Remove this obsolete prototype.
- * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag
- value.
- (passphrase_to_dek): Add arg flags and pass it on.
- * g10/mainproc.c (proc_symkey_enc): Use new flag.
+ build: Update gpg-error.m4.
+ + commit 8d6152a4cfd8a4cf176c01f99e1d49eeecab4367
+ * m4/gpg-error.m4: Update from libgpg-error.
- sm: Ask for the password for password based decryption (pwri)
- + commit 50ea1b67e8260aaebbeba0c4cd73e21443a74636
- * sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase.
+2021-03-30 Werner Koch <wk@gnupg.org>
- * sm/export.c (export_p12): Mark string as translatable.
- * sm/import.c (parse_p12): Ditto.
+ card: Print the key's label if available.
+ + commit 0d6f276f61c583d776687029c715b1ee4280e4ed
+ * tools/gpg-card.h (struct key_info_s): Add field 'label'.
+ * tools/card-call-scd.c (learn_status_cb): Parse KEY-LABEL.
+ (scd_learn): Always request KEY-LABEL.
+ * tools/gpg-card.c (nullnone): New.
+ (list_one_kinfo, list_card): Use it. Print the label.
- sm: Support decryption of password based encryption (pwri)
- + commit 6f31acac767f2ec67729c0491f29061b26fe14b9
- * sm/decrypt.c (string_from_gcry_buffer): New.
- (pwri_parse_pbkdf2): New.
- (pwri_decrypt): New.
- (prepare_decryption): Support pwri.
- (gpgsm_decrypt): Test for PWRI. Move IS_DE_VS flag to DFPARM.
+ scd:p15: Return labels for keys and certificates.
+ + commit 7f9126363265a6b6fe4223d68fc4e87678c4ddfc
+ * scd/app-p15.c (send_certinfo): Extend certinfo.
+ (do_getattr): Support KEY-LABEL.
- * common/sexputil.c (cipher_mode_to_string): New.
+ scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED.
+ + commit 651c07a7301c33229af051d83edbf898bae52e8b
+ * scd/app-p15.c (verify_pin): Take care of verify status.
- dirmngr: LDAP search by a mailbox now ignores revoked keys.
- + commit b6f8cd7eef4b00a2c6ccaac743382f1dd83bde6a
- * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked
- and disable keys in mail mode.
+ scd:p15: Return the creation time of the keys.
+ + commit de4d3c99aa58ee06ae978d59e7e3aa7bace1c440
+ * scd/app-p15.c (struct prkdf_object_s): Add keytime and keyalgostr.
+ (keygrip_from_prkdf): Set them.
+ (send_keypairinfo): Extend KEYPAIRINFO.
-2021-05-07 NIIBE Yutaka <gniibe@fsij.org>
+2021-03-30 NIIBE Yutaka <gniibe@fsij.org>
- scd,pcsc: Use a single context.
- + commit 987b8168602286d06debbbc8d4deebd35f454e29
- * scd/apdu.c (pcsc): New variable.
- (struct reader_table_s): Remove pcsc.context from member.
- (pcsc_get_status, connect_pcsc_card): Use pcsc.context.
- (close_pcsc_reader): Release pcsc.context here with reference count.
- (apdu_open_one_reader): Move API loading to ...
- (pcsc_init): new.
- (apdu_open_one_reader): Remove.
- (apdu_open_reader): Call open_pcsc_reader instead of
- apdu_open_one_reader.
- (open_pcsc_reader): Call pcsc_init if needed. Call close_pcsc_reader
- instead of pcsc_release_context. Make reader parsing more robust.
- (apdu_init): Initialize pcsc.count and pcsc.context.
+ build: Fix for make distcheck, no EPS support.
+ + commit d1bac0a3be7081a4bfc7f813f9d626e1396ad5c1
+ * Makefile.am (AM_DISTCHECK_DVI_TARGET): Specify 'pdf'.
+ * doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Remove EPS files.
+ (gnupg.dvi): Remove.
-2021-05-04 Werner Koch <wk@gnupg.org>
-
- gpg: Allow ECDH with a smartcard returning just the x-coordinate.
- + commit b203325ce112c223a5164081cecd14744a01ff69
- * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Factor extraction
- part out to ...
- (extract_secret_x): new. Allow for x-only coordinate.
- (pk_ecdh_encrypt_with_shared_point): Change arg shared_mpi
- to (shared,nshared). Move param check to the top. Add extra safety
- check.
- (pk_ecdh_decrypt): Adjust for change.
- * g10/pkglue.c (get_data_from_sexp): New.
- (pk_encrypt): Use it for "s" and adjusted for changed
- pk_ecdh_encrypt_with_shared_point.
- * g10/pubkey-enc.c (get_it): Remove conversion to an MPI and call
- pk_ecdh_decrypt with the frame buffer.
-
- scd: Fix possible PC/SC removed card problem.
- + commit 9d83bfb639680d3bc756fcfe2b7f83b18bed8dff
- * scd/apdu.c (pcsc_cancel): New.
- (pcsc_init): Load new function.
- (connect_pcsc_card): Use it after a removed card error.
-
- scd: Add string for another PC/SC error code.
- + commit a475bb725be7e275a06e0625b0088f607f36634c
- * scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): New.
- (pcsc_error_string): Add a description for this.
- * scd/scdaemon.c (scd_kick_the_loop): Fix diagnostic.
-
-2021-05-04 Kirill Elagin <kirelagin@gmail.com>
-
- scd: Fix unblock PIN by a Reset Code with KDF.
- + commit 6c4216094ef4771d1d5011b7aee35f241e3bcc4d
- * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for
- pin2hash_if_kdf, for user's PIN.
-
-2021-05-04 Werner Koch <wk@gnupg.org>
-
- gpg: Fix mailbox based search via AKL keyserver method.
- + commit 22fe23f46d3179cb0a68f58bf6f722b89c0c4d9c
- * g10/keyserver.c (keyserver_import_name): Rename to ...
- (keyserver_import_mbox): this. And use mail search mode.
- * g10/getkey.c (get_pubkey_byname): Change the two callers.
-
- gpg: Auto import keys specified with --trusted-keys.
- + commit e7251be84c797ddbc3f0a5212886761666e3aa33
- * g10/getkey.c (get_pubkey_with_ldap_fallback): New.
- * g10/trustdb.c (verify_own_keys): Use it.
-
- (cherry picked from commit 100037ac0f558e8959fc065d4703c85c2962489e)
-
- gpg: Allow decryption w/o public key but with correct card inserted.
- + commit e53f6037283e1a4f18b1c5d66d2678888c701cea
- * agent/command.c (cmd_readkey): Add option --no-data and special
- handling for $SIGNKEYID and $AUTHKEYID.
- * g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
- output.
- * g10/skclist.c (enum_secret_keys): Automagically get a missing public
- key for the current card.
+2021-03-29 Werner Koch <wk@gnupg.org>
- agent: Silence error messages for READKEY --card.
- + commit aa612d752ebb1851f23184df084aed5314b72e3a
- * agent/command.c (cmd_readkey): Test for shadow key before creating
- it.
+ scd:p15: Make RSA with SHA512 work with CardOS.
+ + commit 592f48011790e30d4bcfd9093eb58b786c8c9a8b
+ * scd/app-p15.c (do_sign): Rewrite.
- (cherry picked from commit 8f2c9cb73538baab7da8107f2cceb2f6fc49642a)
+ agent: Skip unknown unknown ssh curves seen on cards.
+ + commit 2d2391dfc25cfe160581b1bb4b4b8fc4764ac304
+ * agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
+ curves.
-2021-05-03 Werner Koch <wk@gnupg.org>
+ scd:p15: Support ECDSA and ECDH for CardOS.
+ + commit a494b29af9cc9c4c8c8323bae20e845d5a390448
+ * scd/iso7816.c (iso7816_pso_csv): New.
+ * scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if
+ needed.
+
+ * scd/app-p15.c (CARD_PRODUCT_RSCS): New.
+ (struct prkdf_object_s): Add fields is_ecc, token_label, and
+ tokenflags.
+ (do_deinit): Free new fields.
+ (cardproduct2str): New.
+ (read_ef_prkdf): Set new is_ecc flag.
+ (read_ef_tokeninfo): Store some data and move Tokeninfo diags to ...
+ (read_p15_info): here. set the product info here after all data has
+ been gathered.
+ (send_keypairinfo): Chnage the way the gpgusage flags are used.
+ (make_pin_prompt): If the token has a label and the current cert has
+ no CN, show the label as holder info.
+ (do_sign): Support ECDSA. Take care of the gpgusage flags.
+ (do_decipher): Support ECDH. Take care of the gpgusage flags.
+
+ gpg: Allow ECDH with a smartcard returning just the x-ccordinate.
+ + commit f129b0e97730b47d62482fba9599db39b526f3d2
+ * g10/ecdh.c (extract_secret_x): Add extra safety check. Allow for
+ x-only coordinate.
+
+2021-03-28 Werner Koch <wk@gnupg.org>
- gpg: Allow fingerprint based lookup with --locate-external-key.
- + commit 2af217ecd7e4242be2b35bc0085eccaf13cc2027
- * g10/keyserver.c (keyserver_import_fprint_ntds): New.
- * g10/getkey.c (get_pubkey_byname): Detect an attempt to search by
- fingerprint in no_local mode.
+ gpgconf: Do not i18n an empty string to the PO files meta data.
+ + commit 18d884f8411a0ca263a8aa588bb49eb0dae9ee19
+ * tools/gpgconf-comp.c (my_dgettext): Ignore empty strings.
- gpg: Lookup a missing public key of the current card via LDAP.
- + commit b59af0e2a05a3714b0bcbe7e775c6ffacfbc7119
- * g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
- key from the current card via LDAP.
- * g10/call-dirmngr.c: Include keyserver-intetnal.h.
- (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the
- new LDAP flag.
- * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
- Replace the use of the value 1 for the former quick arg.
- (KEYSERVER_IMPORT_FLAG_LDAP): New.
- * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
- length.
- * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
- * dirmngr/server.c (cmd_ks_get): Add option --ldap.
+2021-03-26 Werner Koch <wk@gnupg.org>
- scd: Add option --info to emit KEYPAIRINFO by readkey command.
- + commit b8df8321e1ef38147f42af1166d2c60805f88b9c
- * scd/command.c (do_readkey): Implement this.
- * scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
- parm optional. Add arg R_ALGOSTR.
+ tests: Make sure the built keyboxd is used by the tests.
+ + commit a5e72b663b3649c939d32d6526b5e2b3347dedd9
+ * tests/openpgp/defs.scm (tool): Add keyboxd.
+ * tests/openpgp/setup.scm: Ditto.
-2021-05-03 NIIBE Yutaka <gniibe@fsij.org>
+ gpgconf: Fix another argv overflow if --homedir is used.
+ + commit 057131159b445d2d49392e95c677ad7b4cd4ae9c
+ * tools/gpgconf-comp.c (gc_component_check_options): Increase array.
- common: Fix gnupg_wait_processes, by skipping invalid PID.
- + commit c2ba6bea4ce81a066765c285c4b7c1dc6d39f144
- * common/exechelp-posix.c (gnupg_wait_processes): Skip invalid PID.
+ gpgconf: Fix argv overflow if --homedir is used.
+ + commit d3d57a1bc88ece0c12c91f54b089482cce92c5a0
+ * tools/gpgconf-comp.c (gc_component_launch): Fix crasg due to too
+ small array.
+ (gpg_agent_runtime_change): Fix error message.
+ (scdaemon_runtime_change): Ditto.
+ (tpm2daemon_runtime_change): Ditto.
+ (dirmngr_runtime_change): Ditto.
+ (keyboxd_runtime_change): Ditto.
-2021-05-03 Werner Koch <wk@gnupg.org>
+ agent: Add debug output for failed RSA signature verification.
+ + commit 6de1ec3ba59fa54ab60b2923ba9caa77fc9d5281
+ * agent/pksign.c (agent_pksign_do): Support ECC and DSA verification
+ and print some debug info in the error case.
- agent: Skip unknown unknown ssh curves seen on cards.
- + commit bbf4bd3bfcb51e9d91e08ceefba3ff016bae50ff
- * agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
- curves.
+ common: New function to uncompress an ECC public key.
+ + commit 935765b451aadc63fbba763a4a00f4efa0254436
+ * common/sexputil.c (ec2os): New.
+ (uncompress_ecc_q_in_canon_sexp): New.
-2021-04-29 Werner Koch <wk@gnupg.org>
+ * common/t-sexputil.c (fail2): new.
+ (test_ecc_uncompress): New.
+ (main): Run new test.
- gpgconf: Do not i18n an empty string to the PO files meta data.
- + commit a456303ae306fbfda0cf89ff41678d50c24bf6fc
- * tools/gpgconf-comp.c (my_dgettext): Ignore empty strings.
+2021-03-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix PC/SC error handling at apdu_dev_list_start.
+ + commit d4e5979c630c2960cf1fd5796f1060419e71cb04
+ * scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): Add.
+ (pcsc_error_to_sw): Handle PCSC_E_NO_READERS_AVAILABLE.
+ (apdu_dev_list_start): Return error correctly.
+
+2021-03-24 Werner Koch <wk@gnupg.org>
+
+ card: Add option --use-default-pin to command "login".
+ + commit 73bad368dacf5334bf78af15b243d06fd1273849
+ * tools/gpg-card.c (cmd_login): Add option.
+
+ scd:p15: Make $SIGNKEY et al determination more fault tolerant.
+ + commit 964363e788210f96a471e31ffa8fd17b534c0aa8
+ * scd/app-p15.c (do_getattr): Change how we use gpgUsage to figure out
+ the keys to use.
+
+2021-03-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix v5 signature for clearsign.
+ + commit 14ef703ad65850fa22d394c4d521ba602ff2cc8d
+ * g10/sign.c (clearsign_file): Prepare EXTRAHASH.
+
+ gpg: Support ECDH with v5 key.
+ + commit 90a5b4e648b3c8a6fe645df7e61654dfdb3548be
+ * g10/ecdh.c (build_kdf_params): Use the first 20 octets.
+ * g10/pkglue.c (pk_encrypt): Remove length check to 20.
+ * g10/pubkey-enc.c (get_it): Likewise.
+
+2021-03-23 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Fix listing of default_pubkey_algo.
+ + commit a107b24ddb45c9eef432d456f302c1acea3af27c
+ * tools/gpgconf-comp.c (known_options_gpg, known_options_gpgsm): No
+ flags needed for pseudo options.
+ (known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
+ (gc_component): Add field known_pseudo_options.
+ (struct read_line_wrapper_parm_s): New.
+ (read_line_wrapper): New.
+ (retrieve_options_from_program): Use read_line_wrapper to handle
+ pseudo options.
+
+2021-03-22 Werner Koch <wk@gnupg.org>
+
+ kbxd: Group the options.
+ + commit ed82ef91459f72b955f4e342ab88a7a0949c436b
+ * kbx/keyboxd.h (opt): Remove unused field 'batch'.
+ * kbx/keyboxd.c (opts): Remove --batch. Add group descriptions.
+
+2021-03-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Support exporting Ed448 SSH key.
+ + commit 1524a942b645d9facbedd9ed4a472e343838b6a1
+ * common/openpgp-oid.c (oid_ed448, openpgp_oidbuf_is_ed448): New.
+ (openpgp_oid_is_ed448): New.
+ * common/util.h (openpgp_oid_is_ed448): New.
+ * g10/export.c (export_one_ssh_key): Support Ed448 key.
+
+ gpg: Fix exporting SSH key.
+ + commit 0b45c5a9941094bd4529c3bf5b1cb8ce2584b9a4
+ * g10/export.c (export_one_ssh_key): Finish base 64 encoder before
+ writing out the comment string.
+
+2021-03-19 Werner Koch <wk@gnupg.org>
+
+ card: Support OpenPGP.1 and OpenPGP.2 for readcert and writecert.
+ + commit 475644e049436c49de7620a1539515479ad2aa4f
+ * tools/gpg-card.c (cmd_writecert): Allow the other key references.
+ (cmd_readcert): Ditto.
+
+ scd:openpgp: Allow reading and writing user certs for keys 1 and 2.
+ + commit 37b1c5c2004c1147a13b388863aaa8f0caf7d71f
+ * scd/iso7816.c (CMD_SELECT_DATA): New.
+ (iso7816_select_data): New.
+ * scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2
+ (do_writecert): Ditto.
+ (do_setattr): Add CERT-1 and CERT-2.
+
+ scd:openpgp: Rename an internal variable.
+ + commit bbdb48ec0ddd99ce23fcba42949c00a2594fb9a5
+ * scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/.
+ s/max_certlen_3/max_certlen. Change users.
+
+ scd:openpgp: Small speedup reading card properties.
+ + commit d5fb5983232cf4d60cf6aa00d0ae5a16cf948e19
+ * scd/app-openpgp.c (struct app_local_s): Add new flag.
+ (get_cached_data): Force chace use if flag is set.
+ (app_select_openpgp): Avoid reading DO 6E multiple times.
+
+2021-03-18 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Allow to use an auth object label with cmd CHECKPIN.
+ + commit 85082a83c2c1bda50fe6b7aa2ac68cef4faca4c7
+ * scd/app-p15.c (prepare_verify_pin): Allow for PRKDF to be NULL.
+ (make_pin_prompt): Ditto.
+ (verify_pin): Ditto.
+ (do_check_pin): Allow using the Label to specify a PIN.
+
+ card: Print PIN descriptions and fix number of printed retry counters.
+ + commit 1ac189f2df6cedab3a133baca69558fdf6a908d4
+ * tools/gpg-card.h (struct card_info_s): Add fields nmaxlen, nchvinfo,
+ and chvlabels.
+ * tools/card-call-scd.c (release_card_info): Free chvlabels.
+ (learn_status_cb): Parse CHV-LABEL. Set nmaxlen and nchvinfo.
+ * tools/gpg-card.c (list_retry_counter): Print CHV labels.
+
+ scd:p15: New attribute CHV-LABEL.
+ + commit ef29a960bf06005c34093cd9a6bca5a202ed359a
+ * scd/app-p15.c (parse_common_obj_attr): Map spaces in the lapel to
+ underscores.
+ (read_ef_aodf): Prettify printing of the type.
+ (do_getattr): New attribute CHV-LABEL
+ (do_learn_status): Emit CHV-LABEL.
+ (verify_pin): Distinguish the PIN prompts.
+
+ agent: Simplify a function.
+ + commit 26215cb211ad93ad9cc51fb4f8257b9e3c254a4e
+ * agent/findkey.c (agent_public_key_from_file): Use a membuf instead
+ of handcounting space.
+
+2021-03-16 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Implement CHV-STATUS attribute.
+ + commit bf1d7bc3697c7d650994ba94d3704af189594657
+ * scd/command.c (send_status_direct): Return an error.
+ * scd/app-p15.c (do_learn_status): Emit CHV-STATUS.
+ (compare_aodf_objid): New.
+ (do_getattr): Implement CHV-STATUS.
+
+ card: Generalize the CHV counter printing.
+ + commit e4c2d7be22ffb47b41a3b6c1152bd75dceed74e2
+ * tools/gpg-card.c (list_retry_counter): New. Factored out from the
+ other functions.
+ (cmd_verify): Re-read the chv status.
+
+2021-03-16 Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>
+
+ build: Check for the IBM TSS tools to run the tpm2d tests.
+ + commit c0f50811fcf81e5ebe2df326342081cfdacfbbfc
+ * configure.ac (TEST_LIBTSS): Make that conditional depend on the
+ detection of tssstartup.
+
+ build: Fix distcheck when tpm2dtests are run.
+ + commit ad481666ea6ef3743041ec6d043a3e6901ebab33
+ * tests/tpm2dtests/Makefile.am (EXTRA_DIST): Distribute test files.
+ (CLEANFILES): Make sure to remove log files.
+
+2021-03-15 James Bottomley <James.Bottomley@HansenPartnership.com>
+
+ tests:tpm2d: add missing start_sw_tpm.sh script.
+ + commit a788f2e8306d80f7f3df34eb62ec7ce1a62d48e1
+ * tests/tpm2dtests/start_sw_tpm.sh: New.
+ * tests/tpm2dtests/Makefile.am: Add.
+
+2021-03-15 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --no-auto-trust-new-key.
+ + commit 1523b5f76f6e600c4f2d153b49a807ff2dc8d268
+ * g10/gpg.c (oNoAutoTrustNewKey): New.
+ (opts): Add --no-auto-trust-new-key.
+ (main): Set it.
+ * g10/options.h (opt): Add flags.no_auto_trust_new_key.
+
+ build: new option to disable building of tpm2daemon.
+ + commit 8d6123faa8cae0bad6f82c9021e9ac6686b2f55d
+ * configure.ac (build_tpmd): New configure option --disable-tpm2d
+ (BUILD_WITH_TPM2D): New.
+ * Makefile.am (tests): Use conditionally BUILD_TPM2D instead of
+ HAVE_LIBTSS.
+ * build-aux/speedo.mk (speedo_pkg_gnupg_configure) [W32]: Do not build
+ tpm2d.
+ * autogen.rc: Ditto.
+
+2021-03-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add handling of Ed448 key.
+ + commit b743942a9719be59f1da67cd338248fe7ee5aeab
+ * scd/app-openpgp.c (struct app_local_s): Add ecc.algo field.
+ (send_key_attr): Use ecc.algo field.
+ (ecc_read_pubkey): Use ecc.algo field.
+ (ecc_writekey): Ed448 means EdDSA.
+ (parse_algorithm_attribute): Set ecc.algo field from card.
+ Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag.
+
+ scd: Fix count_sos_bits handling.
+ + commit f482e4bd121ff2862bfb53a82f1d5c2cf3524a10
+ * scd/app-openpgp.c (count_sos_bits): Handle an exceptional case.
+
+ common: Fix the NBITS of Ed448in OIDTABLE.
+ + commit 373b52e69a6ca609a663a0c4a018358fdf52dc7e
+ common/openpgp-oid.c (oidtable): Ed448 uses 456-bit signature.
+
+2021-03-12 Werner Koch <wk@gnupg.org>
scd: New option --pcsc-shared.
- + commit 5eec40f3d82777b4fb807a9bf1b71422a8caa2f9
+ + commit 5732e7a8e97cebf8e850c472e644e2a9b040836f
* scd/scdaemon.h (opt): Add field opcsc_shared.
* scd/scdaemon.c (opcscShared): New.
(opts): Add "--pcsc-shared".
(main): Set flag.
* scd/apdu.c (connect_pcsc_card): Use it.
(pcsc_get_status): Take flag in account.
- * scd/app-openpgp.c (verify_chv2): Do not auto verify chv1 in shared
- mode.
+ * scd/app-openpgp.c (cache_pin): Bypass in shared mode.
+ (verify_chv2: Do not auto verify chv1 in shared mode.
+ * scd/app-piv.c (cache_pin): By pass caceh in shared mode.
- scd: Rewrite READKEY to allow for compressed points.
- + commit 96577e2e46e4c5b66a2685cb605e07be0a6a09a5
- * scd/app-help.c (app_help_pubkey_from_cert): New. Taken from 2.3.
- * scd/command.c (cmd_readkey): Rewrite using new helper.
+2021-03-12 NIIBE Yutaka <gniibe@fsij.org>
- common: Extend the openpgp_curve_to_oid function.
- + commit 5b8593135fa6e88ecc459444ec19b9a824f12a15
- * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
- Change all callers.
+ scd: Fix computing fingerprint for ECC with SOS.
+ + commit 95156ef9bfb6a3a525454d50ae2f5b538ccbd774
+ * scd/app-openpgp.c (count_sos_bits): New. Count as sos_write does.
+ (store_fpr): For ECC, use count_sos_bits.
- common: New module to compute openpgp fingerprints.
- + commit f3c98b8cb5adcac17043fa6066b73bd08c8ef41a
- * common/openpgp-fpr.c: New.
- * common/Makefile.am (common_sources): Add it.
+ gpg: Fix compute_fingerprint for ECC with SOS.
+ + commit cfc1497efa8c98cf490f5efc9b280a6ec44514bd
+ * g10/keyid.c (hash_public_key): Tweak NBITS just as sos_write does.
- common: New function to uncompress an ECC public key.
- + commit c825117c5fa562fced0d3cafc22fd878cf615b42
- * common/sexputil.c (ec2os): New.
- (uncompress_ecc_q_in_canon_sexp): New.
+2021-03-11 Valtteri Vuorikoski <vuori@notcom.org>
- * common/t-sexputil.c (fail2): new.
- (test_ecc_uncompress): New.
- (main): Run new test.
+ scd:piv: Improve APT parser compatibility.
+ + commit 8cad11d13b15b0ef672545b06450dfbea1fef18e
+ * scd/app-piv.c (app_select_piv): Allow for full AID.
- common: New function cmp_canon_sexp.
- + commit 473e649ea1a69e82b7f99a17fbff4d641936c61c
- * common/sexputil.c (cmp_canon_sexp): New.
- (cmp_canon_sexp_def_tcmp): New.
- * common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
-
- scd: New function send_keyinfo to assist in backporting.
- + commit 0eed0ced9bcd3c14621076d26cf4d9f809e1873c
- * scd/command.c (send_keyinfo): New.
-
- scd: Minor changes to assist in backporting from 2.3.
- + commit 3db99b8861a7544efee13be45d14bbac63c0c868
- * scd/command.c (send_status_direct): Return an error code.
- * scd/app-common.h (APP_LEARN_FLAG_REREAD): New.
-
- scd: Extend an internal function to also return the algo.
- + commit 72a7d45a230bf28e2ba7e8a57b702c98998ea0a3
- * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
- r_algo. Change all callers.
- (app_help_get_keygrip_string): Ditto.
+2021-03-11 Werner Koch <wk@gnupg.org>
- scd: New function for iso7816 PSO_CSV.
- + commit 91dd74f3d7e3630bb7f298fe4d392f8a6cef9acb
- * scd/iso7816.c (iso7816_pso_csv): New.
+ gpg: New option --force-sign-key.
+ + commit fe02ef04500c1b35cd27132fb99ac1961f555193
+ * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
+ (main): Set it.
+ * g10/options.h (opt): New flag flags.force_sign_key.
+ * g10/keyedit.c (sign_uids): Use new flag.
- scd: Extend iso7816_select_path.
- + commit 855d14d390e8dd8464f2f38187dbccb19a13e815
- * scd/iso7816.c (iso7816_select_path): Add arg top_fd.
- * scd/app-nks.c (do_readkey): Adjust for this change
- (select_ef_by_path: Ditto.
+2021-03-11 James Bottomley via Gnupg-devel <gnupg-devel@gnupg.org>
+
+ tpmd2: Add Support for the Intel TSS.
+ + commit b9c560e3a400da83073b232ee12fae090b21d20c
+ * configure.ac: Check for Intel TSS.
+ * tpm2d/intel-tss.h: New.
+ * tpm2d/tpm2.h (HAVE_INTEL_TSS): Use the Intel code.
+
+2021-03-10 James Bottomley <James.Bottomley@HansenPartnership.com>
+
+ tpm2d: add tests for the tpm2daemon.
+ + commit 6720f1343aef9342127380b155c19e12c92d65ac
+ * configure.ac: Detect TPM emulator and enable tests.
+ * tests/tpm2dtests/: New test suite.
+ * tests/Makefile.am: Run tests.
+
+ gpg: Add new command keytotpm to convert a private key to TPM format.
+ + commit 92b601fceec7da64939591001dba94e202f6e6a0
+ * agent/command.c (cmd_keytotpm): New.
+ (agent/command.c): Register new command KEYTOTPM.
+ * g10/call-agent.c (agent_keytotpm): New.
+ * g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
+ (keyedit_menu): Implement.
+
+ agent: Add new shadow key type and functions to call tpm2daemon.
+ + commit 1f995b9ba42b76c1d83b484e5362548a54a70dab
+ * agent/call-tpm2d.c: New.
+ * divert-tpm2.c: New.
+ * agent/Makefile.am: Add new files.
+ * agent/agent.h (DAEMON_TPM2D): New. Add stub fucntions.
+ * agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New.
+ * agent/command.c (do_one_keyinfo): Handle tpmv2.
+ * agent/gpg-agent.c (oTpm2daemonProgram): New.
+ (opts): New option --tpm2daemon-program.
+ (parse_rereadable_options): Handle option.
+ * agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d.
+ (agent_pksign_do): Ditto.
+ ---
+
+ A new shadow key type: "tpm2-v1" is introduced signalling that the
+ shadowed key is handled by the tpm2daemon. A function to identify
+ this type is introduced and diversions to the tpm2daemon functions are
+ conditioned on this function for pkign and pkdecrypt where the same
+ diversions to scd are currently done. The (info) field of the
+ shadowed key stores the actual TPM key. The TPM key is encrypted so
+ only the physical TPM it was created on can read it (so no special
+ protection is required for the info filed), but if the (info) field
+ becomes corrupt or damaged, the key will be lost (unlike the token
+ case, where the key is actually moved inside the token).
+
+ Note, this commit adds handling for existing TPM format shadow keys,
+ but there is still no way to create them.
+
+
+ Additional changes:
+ * Add ChangeLog entries.
+ * Some minor indentation fixes.
+ * agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck
+ work.
+ * agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an
+ gpg_error_t. Mark args as unused.
+ * agent/protect.c (agent_is_tpm2_key): Free BUF.
+
+ tpm2d: Add tpm2daemon code.
+ + commit 62a7854816b8f3661fb41f05463289e5b96663ee
+ * tpm2d: New directory.
+ * Makefile.am (SUBDIRS): Add directory.
+ * configure.ac: Detect libtss and decide whether to build tpm2d.
+ * am/cmacros.am: Add a define.
+ * util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
+ * common/homedir.c (gnupg_module_name): Add tpm2d.
+ * common/mapstrings.c (macros): Add "TPM2DAEMON".
+ * tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
+ * tools/gpgconf-comp.c (known_options_tpm2daemon): New.
+ (gc_component): Add TPM2.
+ (tpm2daemon_runtime_change): New.
+ * tpm2d/Makefile.am: New.
+ * tpm2d/command.c: New.
+ * tpm2d/ibm-tss.h: New.
+ * tpm2d/tpm2.c: New.
+ * tpm2d/tpm2.h: New.
+ * tpm2d/tpm2daemon.c: New.
+ * tpm2d/tpm2daemon.h: New.
+
+ ---
+ This commit adds and plumbs in a tpm2daemon to the build to mirror the
+ operation of scdaemon. The architecture of the code is that
+ tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
+ updated function prefixes (this argues there could be some further
+ consolidation of the daemon handling code). Note that although this
+ commit causes the daemon to be built and installed, nothing actually
+ starts it or uses it yet.
+
+ Command handling
+ ----------------
+
+ command.c is copied from the command handler in scd.c except that the
+ command implementation is now done in terms of tpm2 commands and the
+ wire protocol is far simpler. The tpm2daemon only responds to 4
+ commands
+
+ IMPORT: import a standard s-expression private key and export it to
+ TPM2 format. This conversion cannot be undone and the
+ private key now can *only* be used by the TPM2. To anyone
+ who gets hold of the private key now, it's just an
+ encrypted binary blob.
+
+ PKSIGN: create a signature from the tpm2 key. The TPM2 form private
+ key is retrieved by KEYDATA and the hash to be signed by
+ EXTRA. Note there is no hash specifier because the tpm2
+ tss deduces the hash type from the length of the EXTRA
+ data. This is actually a limitation of the tpm2 command
+ API and it will be interesting to see how this fares if the
+ tpm2 ever supports say sha3-256 hashes.
+
+ PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
+ The tpm2 for private key is retrieved by KEYDATA and the
+ information used to create the symmetric key by EXTRA.
+
+ KILLTPM2D: stop the daemon
+
+ All the tpm2 primitives used by command.c are in tpm2.h and all the
+ tpm2 specific gunk is confined to tpm2.c, which is the only piece of
+ this that actually does calls into the tss library.
+
+
+ Changes from James' patch:
+
+ - gpgconf: The displayed name is "TPM" and not "TPM2". That
+ string is used by GUIs and should be something the user
+ understands. For example we also use "network" instead
+ of "Dirmngr".
+ - Removed some commented includes.
+ - Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
+ - Silenced a C90 compiler warning and flags unused parameters.
+ - Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
+ files so that make distcheck works.
+
+2021-03-10 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Support special extended usage flags for OpenPGP keys.
+ + commit 08b5ac492afc6c6e7eaaa1f70d67c81cbda2c9be
+ * scd/app-p15.c (struct gpgusage_flags_s): New.
+ (struct prkdf_object_s): Add field gpgusage.
+ (struct app_local_s): Add field any_gpgusage.
+ (dump_gpgusage_flags): New.
+ (read_p15_info): Parse athe gpgusage flags.
+ (do_getattr): Take care of the gpgusage flags.
+
+2021-03-08 Werner Koch <wk@gnupg.org>
+
+ sm: Init nPth which might be used by some helper code.
+ + commit a4021d9be4aeac7429bf6a8e9f336dbb62cacfc4
+ * sm/gpgsm.c: Include npth.h.
+ (main): Init nPth.
+
+ w32: Cleanup use of pid_t in call-daemon.
+ + commit 33c492dcb955bff01fffae31fb7750f88e07b8ff
+ * agent/call-daemon.c (struct wait_child_thread_parm_s) [W32]: Do not
+ use HANDLE for pid_t.
+ (wait_child_thread): Ditto.
- * common/tlv.h: Include membuf.h.
+ w32: Change spawn functions to use Unicode version of CreateProcess.
+ + commit cf2f6d8a3f0594c03c383b4989a3041e9c4536d7
+ * common/exechelp-w32.c (gnupg_spawn_process): Change to use
+ CreateProcessW.
+ (gnupg_spawn_process_fd): Ditto.
+ (gnupg_spawn_process_detached): Ditto.
+ * g10/exec.c (w32_system): Ditto.
- scd: Add new status codes.
- + commit 3ce69d8387925d444d529ce0bb5beed9e880aad7
- * scd/apdu.h (SW_SM_NOT_SUP, SW_CC_NOT_SUP, SW_FILE_STRUCT)
- (SW_NO_CURRENT_EF): New.
- * scd/apdu.c (apdu_strerror): Map them to strings.
- * scd/iso7816.c (map_sw): ... and to gpg-error.
+2021-03-08 NIIBE Yutaka <gniibe@fsij.org>
- scd: Extend ISO binary and record reading functions.
- + commit ec9e8e0d6a1fe47dbf42652c4246e1c34fdf0288
- * scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and
- change callers.
- (iso7816_read_record): Factor all code out to ...
- (iso7816_read_record_ext): New.
+ scd: Fix for X448.
+ + commit fc99f77b14b6c2cdfb547607651922c16863dcf0
+ * scd/app-openpgp.c (do_decipher): Support with no prefix.
-2021-04-13 Werner Koch <wk@gnupg.org>
+2021-03-05 Werner Koch <wk@gnupg.org>
- gpg: Do not use self-sigs-only for LDAP keyserver imports.
- + commit 1303b0ed84da57b48d88343ab43f83546e508aba
- * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
- * g10/options.h (opts): New field expl_import_self_sigs_only.
- * g10/import.c (parse_import_options): Set it.
- * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
+ w32: Always use Unicode for console input and output.
+ + commit 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8
+ * common/init.c (_init_common_subsystems) [W32]: Set the codepage to
+ UTF-8 for input and putput. Switch gettext to UTF-8.
+ * tools/gpgconf.c (main): Display the input and output codepage if
+ they differ.
+ * g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
-2021-04-08 NIIBE Yutaka <gniibe@fsij.org>
+ w32: Free memory allocated by new function w32_write_console.
+ + commit 31b708e268ebb725307856865f34a61670a35586
+ * common/ttyio.c (w32_write_console): Free buffer.
- scd: Fix CCID driver for SCM SPR332/SPR532.
- + commit f8ae51977ce4079d638d1ae2f3dd1da41c02a6d7
- * scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New.
- (ccid_vendor_specific_setup): Only send CLEAR_HALT.
- (ccid_transceive_secure): Each time, use send_escape_cmd.
+ common,w32: Allow Unicode input and output with the console.
+ + commit f165c8a737cc968554c9d78932c69869456108ff
+ * common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
+ (w32_write_console): New.
+ (tty_printf, tty_fprintf) [W32]: Use new function.
-2021-04-06 Werner Koch <wk@gnupg.org>
+ common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support.
+ + commit 8622f53994249d8fb49a488cfe480ffbeb8cbfba
+ * common/ttyio.c: Remove cruft like EMX and RISCOS support. Translate
+ a few strings. Re-indent.
- gpg: Fix new pseudo option compliance_de_vs.
- + commit 18551c6dc2c33f856d05053b27a1210c4c607cef
- * g10/gpg.c (gpgconf_list): Take opt.compliance also in account.
+2021-03-04 Werner Koch <wk@gnupg.org>
-2021-04-01 Werner Koch <wk@gnupg.org>
+ common: Rename w32-misc.c to w32-cmdline.c.
+ + commit 7262d602d802c4a3840097d5de217fcfb9728b49
+ * common/w32-misc.c: Rename to ....
+ * common/w32-cmdline.c: this.
+ * common/Makefile.am: Adjust.
- common: Make the compliance check more robust.
- + commit 8ef0f53cb0014026d0d58b8de2133310d96bc1e3
- * common/compliance.c (get_compliance_cache): New.
- (gnupg_rng_is_compliant): Use per mode cache.
- (gnupg_gcrypt_is_compliant): Ditto.
+ common,w32: Implement globing of command line args.
+ + commit 089c9439674e8ecbc64f0ba924e6fb447bbc2b9d
+ * common/w32-misc.c [W32]: Include windows.h
+ (struct add_arg_s): New.
+ (add_arg): New.
+ (glob_arg): New.
+ (parse_cmdstring): Add arg argvflags and set it.
+ (w32_parse_commandline): Add arg r_itemsalloced. Add globing.
- gpgconf: Return a new pseudo option compliance_de_vs.
- + commit 9feffc03f36499162342609897484b4b32fd53a7
- * tools/gpgconf-comp.c (gc_options_gpg): Add "compliance_de_vs".
- * g10/gpg.c (gpgconf_list): Return that pseudo option.
+ * common/init.c (prepare_w32_commandline): Mark glob created items as
+ leaked.
-2021-03-26 Werner Koch <wk@gnupg.org>
- cbiedl@gnupg.com
+ * common/t-w32-cmdline.c : Include windows.h
+ (test_all): Add simple glob test for Unix.
+ (main): Add manual test mode for Windows.
- gpgconf: Fix argv overflow if --homedir is used.
- + commit a50093893cd100c74a32cbacc749aab582154625
- * tools/gpgconf-comp.c (gc_component_launch): Fix crash due to too
- small array.
+ common,w32: Refine the command line parsing for \ in quotes.
+ + commit 20c60076866904187a09393de596deef286116f8
+ * common/t-w32-cmdline.c (test_all): Add new test cases.
+ * common/w32-misc.c (strip_one_arg): Add arg endquote.
+ (parse_cmdstring): Take care of backslashes in quotes.
-2021-03-11 Werner Koch <wk@gnupg.org>
+ gpg: Prepare for globing with UTF-8.
+ + commit 8e15506d6680bbee85bc01453da28fc90b4cb673
+ * g10/gpg.c (_dowildcard): Remove.
+ (my_strusage): Enable wildcards using our new system.
- gpg: New option --force-sign-key.
- + commit 87d7b7e07565bdba9e9e8b8698f7094046d4f762
- * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
- (main): Set it.
- * g10/options.h (opt): New flag flags.force_sign_key.
- * g10/keyedit.c (sign_uids): Use new flag.
+ common: First take on handling Unicode command line args.
+ + commit deb6c94362c0f179de1cac18707aad2f51a21e10
+ * common/w32-misc.c: New.
+ * common/t-w32-cmdline.c: New.
+ * common/init.c: Include w32help.h.
+ (prepare_w32_commandline): New.
+ (_init_common_subsystems) [W32]: Call prepare_w32_commandline.
-2021-03-02 Werner Koch <wk@gnupg.org>
-
- sm: Do away with the locked flag in keydb.c.
- + commit f3e68e39da7609f594572833528a0f2b9c20bf2d
- * sm/keydb.c (struct keydb_handle): Remove field locked.
- (keydb_lock): Remove use of locked flag.
- (lock_all): Ditto.
- (unlock_all): Ditto.
- (keydb_set_flags): Use dotlock_is_locked instead of the locked flag.
- (keydb_insert_cert): Ditto.
- (keydb_delete): Ditto.
- (keydb_search): s/keydb_lock/lock_all/.
- (keydb_set_cert_flags): Ditto.
- (keydb_clear_some_cert_flags): Ditto.
-
- * sm/keydb.c (maybe_create_keybox): s/access/gnupg_access/.
-
- common: New function dotlock_is_locked.
- + commit 67b82a9c607e1488972a85a30015f48c68245af0
- * common/dotlock.c (dotlock_is_locked): New.
- (dotlock_take): Set locked flag also in disabled mode. No more
- warning if the lock has already been taken.
- (dotlock_release): Clear locked flag also in disabled mode. No more
- warning if the lock has not been taken.
-
- sm: Lock kbx files also before a search.
- + commit 677245ba0e7d6c0bc85ac998f47e3f220b736840
- * sm/keydb.c (keydb_search): Lock files.
-
- sm: On Windows close the kbx files at several places.
- + commit 2b9ae79ad81a0d3eff011fabe6629e371cd7c5b4
- * kbx/keybox-search.c (keybox_search_reset) [W32]: Always close.
-
- * kbx/keybox-init.c (keybox_close_all_files): New.
- * sm/keydb.c (keydb_close_all_files): New.
- * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Call new function.
- (gpgsm_dirmngr_lookup): Ditto.
- (gpgsm_dirmngr_run_command): Ditto.
-
- sm: Remove unused function.
- + commit c99f3599d80d351dda1400314b43ea8ccdcc7b7d
- * sm/keydb.c (keydb_insert_cert): Remove.
- * kbx/keybox-update.c (keybox_update_cert): Remove stub.
+ * common/Makefile.am (common_sources) [W32]: Add w32-misc.c
+ (module_tests): Add t-w32-cmdline
+ (t_w32_cmdline_LDADD): New.
2021-03-01 Nicolas Fella via Gnupg-devel <gnupg-devel@gnupg.org>
gpg: Keep temp files when opening images via xdg-open.
- + commit 0441ed6e1c1d7eac81bfbec6ce51f319d9d20eb7
+ + commit be2da244565822ad1f268f84dc88a23e5aa8d26a
* g10/photoid.c (get_default_photo_command): Change parameter for
xdg-open.
-2021-03-01 Werner Koch <wk@gnupg.org>
-
- sm: Silence some other pkcs#12 import prattle.
- + commit e5af401fc4c3294de9a4f10630b200185329230b
- * sm/minip12.c (parse_bag_data): Print a regular log_info only in
- verbose mode.
+2021-02-25 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Read out the access flags.
+ + commit d51a5ca1084c69c0ed304126a7aaa0a648b2eba6
+ * scd/app-p15.c (struct keyaccess_flags_s): New.
+ (struct prkdf_object_s): Add field accessflags.
+ (dump_keyusage_flags): New.
+ (dump_keyaccess_flags): New.
+ (parse_keyaccess_flags): New.
+ (parse_common_key_attr): Return access flags.
+ (read_ef_prkdf): Parse the access flags. Allow for ECkeys.
+ (read_ef_pukdf): Ditto. Use new functions for printing.
+ (read_p15_info): Use new fucntion for printing.
+
+ sm: Do not print certain issuer not found diags in quiet mode.
+ + commit a170f0e73f38e474b6d4463433fe344eca865fa5
+ * sm/certchain.c (find_up_dirmngr): Print one diagnostic only in
+ verbose mode. Do not print issuer not found diags in quiet mode.
+ * sm/minip12.c (parse_bag_data): Add missing verbose condition.
+
+ sm: Fix issuer certificate look error due to legacy error code.
+ + commit 473b83d1b9efe51fcca68708580597dddf3f50b7
+ * sm/certchain.c (find_up): Get rid of the legacy return code -1 and
+ chnage var name rc to err.
+ (gpgsm_walk_cert_chain): Change var name rc to err.
+ (do_validate_chain): Get rid of the legacy return code -1.
2021-02-24 Werner Koch <wk@gnupg.org>
+ scd:p15: Get the label value of all objects for better diagnostics.
+ + commit cfdaf2bcc85b3b6f16904006f239b400a3487ff8
+ * scd/app-p15.c (struct cdf_object_s): Add fields authid, authidlen,
+ and label.
+ (struct prkdf_object_s): Add field label.
+ (struct aodf_object_s): Ditto.
+ (release_cdflist): Free new fields.
+ (release_prkdflist): Free new field.
+ (release_aodf_object): Ditto.
+ (parse_common_obj_attr): Return the label.
+ (read_ef_prkdf): Store the label.
+ (read_ef_pukdf): Ditto.
+ (read_ef_cdf): Use parse_common_obj_attr and store authid and label.
+ Print them im verbose mode.
+ (read_ef_aodf): Store the label and print it.
+
sm: Silence some output on --quiet.
- + commit bcdbf0fcf3c1c210504cbed53f524704747deaaa
+ + commit 615d2e4fb15859320ea0ebec1bb457c692c57f0a
* sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
* sm/gpgsm.c: Include minip12.h.
(set_debug): Call p12_set_verbosity.
* sm/minip12.c (opt_verbose, p12_set_verbosity): New.
(parse_bag_encrypted_data): Print info messages only in verbose mode.
+2021-02-23 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Make it code work again for D-Trust cards.
+ + commit 33aaa37e5bc0beb75305cdf9d8be850daccaee5e
+ * scd/app-p15.c (select_and_read_binary): Allow to skip the select.
+ (select_and_read_record): Return the statusword. Silence error
+ message for SW_FILE_STRUCT.
+ (select_ef_by_path): Fix selection with a home_DF.
+ (read_first_record): Fallback to read_binary for CardOS and return
+ info about this.
+ (read_ef_prkdf): Use info from read_first_record to decide whether to
+ use record or binary mode.
+ (read_ef_pukdf): Ditto.
+ (read_ef_aodf): Ditto.
+ (read_ef_cdf): Ditto. New arg cdftype for diagnostics.
+ (read_p15_info): Pass cdftype.
+
+ * scd/apdu.h (SW_FILE_STRUCT): New.
+ * scd/apdu.c (apdu_strerror): Map that one to a string.
+ * scd/iso7816.c (map_sw): and to a gpg-error.
+
+2021-02-22 Werner Koch <wk@gnupg.org>
+
+ scd: Fix readkey --info in case a readkey command is available.
+ + commit 2490f4e8e1d1feecb44aefa79bd71f5f8b06c9a4
+ * scd/command.c (do_readkey): Make --info also work if a readkey
+ command is available.
+
+ * scd/app-p15.c (cdf_object_from_certid): Fix a but introduced with
+ the previous commit.
+
+ scd:p15: Extract extended usage flagsand act upon them.
+ + commit 488eaedc9a332d8164dea22e469354fc10b0a253
+ * scd/app-p15.c: Add a couple of oid constants.
+ (struct cdf_object_s): Replace fields image and imagelen by cert.
+ (struct prkdf_object_s): Add extusage flags
+ (send_keypairinfo): Use them.
+ (cdf_object_from_certid): Factor parts out to ...
+ (cdf_object_from_objid): new function.
+ (read_ef_prkdf): Move info printing to ...
+ (read_p15_info): here. Fill the extusage flags.
+ (readcert_by_cdf): Cache the ksba cert object instead of the binary
+ cert.
+ * scd/app.c (select_additional_application): Fix a log_debug call.
+ (scd_update_reader_status_file): Ditto.
+
+ sm: Extend the list of known OIDs.
+ + commit 4c9b509d2402f79668e502a9db5879280a4f683b
+ * sm/keylist.c (oidtranstbl): Add a couple of OIDs and mark them for
+ key usage.
+
2021-02-19 Werner Koch <wk@gnupg.org>
- scd: Change parameters of readkey fucntion pointer.
- + commit 41979ed7308ef3ab1c877d3f110ce9b61eb17bec
- * scd/app-common.h (APP_READKEY_FLAG_ADVANCED): New.
- (struct app_ctx_s): Replace param advanced by flags in readkey.
- Change all users.
+ build: Remove now obsolete HAVE_NEWER_LIBGCRYPT AM conditional.
+ + commit 5573ab714b92f6ee899a816998e56e1238f4c573
+ * configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional.
+ * tools/Makefile.am (gpg_pair_tool_SOURCES): We build it always.
- scd: Pass ctrl parameter to more app functions.
- + commit 669786cf646d8636de85a3cb8b3aa83ba709d207
- * scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function
- pointers for readkey, setattr, sign, auth, decipher, and check_pin.
-
- scd: Detect Yubikey and provide nicer display-s/n.
- + commit f8588369bcb0e66118725793b53e871ce2acb10d
- * scd/app-common.h (struct app_ctx_s): Rename unused field
- card_version to cardversion.
- * scd/app.c (app_new_register): Add code rom 2.3 to detect the Yubikey
- and set cardversion.
- (app_get_dispserialno): New.
- * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
+ scd: Minor tweak for easier backporting.
+ + commit 6d4280b13ddc928ff6bc41bdf482030f0f814fdb
+ * scd/app-common.h (APP_CARD): New. Use it in app-*.c to access
+ app->card.
- scd: Change the apptype from a string to an enum.
- + commit 43b3ec5aee40172890c077485e438d2d4994d81d
- * scd/app-common.h (cardtype_t): New.
- (apptype_t): New.
- (struct app_ctx_s): Change type of field apptype. Add fields
- appversion and cardtype. Adjust all app-*.c for the new type.
- * scd/app.c (supported_app_list): New.
- (strapptype): New.
- (apptype_from_name): New.
- (app_dump_state): Use strapptype.
- (app_write_learn_status): Ditto.
- (app_getattr): Ditto.
- (check_conflict): Use apptype_from_name and integer comparison.
- * scd/app-openpgp.c: Replace app->card_version by app->appversion.
+2021-02-18 Werner Koch <wk@gnupg.org>
- scd: Add some compatibility code for easier backporting.
- + commit 6380126b31aacb2e8ad3aae4866d4d384186bf97
- * scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
- (APP_READKEY_FLAG_INFO): New.
- (APP_LEARN_FLAG_KEYPAIRINFO): New.
- (APP_LEARN_FLAG_MULTI): New.
- (struct app_ctx_s): New forward declaration.
- (struct app_ctx_s): Add members prep_reselect, reselect, and
- with_keygrip.
- (KEYGRIP_ACTION_SEND_DATA): New.
- (KEYGRIP_ACTION_WRITE_STATUS): New.
- (KEYGRIP_ACTION_LOOKUP): New.
- (APP_CARD): New macro.
- * scd/scdaemon.h: Include app-common.h and remove from all other
- files.
- (app_t): Move typedef to ...
- * scd/app-common.h: here.
+ po: Change translatability of a fallback string.
+ + commit 0be4861762c21ebfb4c2e28bb9a3e5cfbc08e1a9
+ * agent/call-pinentry.c (setup_genpin): Do not make the fallback
+ translatable.
+
+ speedo: Update w32 stuff from 2.2.
+ + commit 919a969354d4021f2e64a948b4c224cd37323713
+ * build-aux/speedo.mk: Update from 2.2. Add target w32-msi-release.
+ * build-aux/speedo/w32/inst.nsi: Fix location of doc files.
+ * build-aux/speedo/w32/wixlib.wxs: Add gpg-card and fix a wrong name.
+ * Makefile.am (release): Support a WITH_MSI variable.
+ (wixlibfile): Improve copying to archive.
+ (release): Use AMTAR instead of TAR.
2021-02-17 Werner Koch <wk@gnupg.org>
dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
- + commit 55f46b33df08e8e0ea520ade5f73b321bc01d705
+ + commit ab7dc4b524c3e2ad5153acfdbfa879a9e62d2dbe
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
extension.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
hostname - which is NULL and thus the same if not given. Fix minor
error in error code handling.
- dirmngr: Rewrite a weird function by straighter code.
- + commit cdc828f6902667196eb3870f9287045afe7144d5
- * dirmngr/ldap-parse-uri.c (ldap_uri_p): Use ascii-memcasecmp.
+2021-02-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update gpg-error.m4 again.
+ + commit 3fa1fa747b61867076e344c3eb07a66826c1983a
+ * m4/gpg-error.m4: Update from libgpg-error.
+
+2021-02-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update gpg-error.m4.
+ + commit 985e85dc0e6c54aa465a2af610c5a04fc10649a0
+ * m4/gpg-error.m4: Update from libgpg-error.
+
+2021-02-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update gpg-error.m4.
+ + commit e1e3f1db4660b5416828aeb636a7f767fadcc7a4
+ * m4/gpg-error.m4: Update from libgpg-error.
+
+ build: Fix library dependency of g13 test program.
+ + commit 83e0a9d6b990aa517bc338b578f7faf393ae1b0d
+ * g13/Makefile.am (t_common_ldadd): Add GPG_ERROR_LIBS.
+
+2021-02-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Do not allow old cipher algorithms for encryption.
+ + commit 825dd7220ff6079cbe2d0df7fde93526c077fb6d
+ * g10/gpg.c: New option --allow-old-cipher-algos.
+ (set_compliance_option): Set --rfc4880bis explictly to SHA256 and
+ AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440.
+ * g10/options.h (opt): Add flags.allow_old_cipher_algos.
+ * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note
+ unless in --quiet mode.
+ * g10/encrypt.c (setup_symkey): Disallow by default algos with a
+ blocklengt < 128.
+ (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES.
+ * g10/pkclist.c (algo_available): Take care of old cipher also.
+ (select_algo_from_prefs): Use AES as implicit algorithm by default.
+
+ * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos.
+
+ Remove obsolete M4 macros.
+ + commit 6e730c18816fbb3e074d93840396ed18f00ab7e2
+ * m4/gnupg-pth.m4: Remove.
+ * m4/libcurl.m4: Remove.
+
+ Require GpgRT version 1.41.
+ + commit 2b75b256054427119a284792540243c3471267d4
+ * configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION
+ and set to 1.41.
+ * common/sysutils.c (gnupg_access): Remove code for older gpgrt
+ versions.
+ * kbx/backend-sqlite.c: Ditto.
+ * sm/gpgsm.c (main): Ditto.
+
+2021-02-09 Werner Koch <wk@gnupg.org>
+
+ build: Make make distcheck work again.
+ + commit f9e4dae08d7caed741d35916c46b8302e098d521
+ * m4/Makefile.am (EXTRA_DIST): Remove isc-posix.m4
+
+ tools: Remove the symcryptrun tool.
+ + commit 209b7113f3493bd829ec5c90275ff95a273d9dd4
+ * tools/symcryptrun.c: Remove.
+ * tools/Makefile.am: Ditto.
+ * doc/tools.texi: Remove man page.
+ * configure.ac: Remove build option and tests used only by this tool.
+ * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Do not build
+ symcryptrun.
+
+2021-02-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix selection of key.
+ + commit 390f597868a5b5934f21f81ebf6ff110b6792283
+ * g10/getkey.c (pubkey_cmp): Handle the case of TRUST_EXPIRED.
+
+2021-02-02 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove support for PKA.
+ + commit 7f3ce66ec56a5aea6170b7eb1bda5626eb208c83
+ * g10/gpg.c (oPrintPKARecords): Remove.
+ (opts): Remove --print-pka-records.
+ (main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
+ * g10/options.h (EXPORT_DANE_FORMAT): Remove.
+ (VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
+ (KEYSERVER_HONOR_PKA_RECORD): Remove.
+ * g10/packet.h (pka_info_t): Remove.
+ (PKT_signature): Remove flags.pka_tried and pka_info.
+ * g10/parse-packet.c (register_known_notation): Remove
+ "pka-address@gnupg.org".
+ * g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
+ * g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
+ * g10/export.c (parse_export_options): Remove "export-pka".
+ (do_export): Adjust for this.
+ (write_keyblock_to_output): Ditto.
+ (do_export_stream): Ditto.
+ (print_pka_or_dane_records): Rename to ...
+ (print_dane_records): this and remove two args. Remove PKA printing.
+ * g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
+ pka_info field.
+ * g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
+ * g10/keyserver.c: Remove "honor-pka-record".
+ (keyserver_import_pka): Remove.
+ * g10/mainproc.c (get_pka_address): Remove.
+ (pka_uri_from_sig): Remove.
+ (check_sig_and_print): Remove code for PKA.
+
+ gpg: Remove more or less useless tool gpgcompose.
+ + commit fde7d833573d358b2c5b5eb7d837bc27c6dcb3d1
+ * g10/gpgcompose.c: Remove
+
+ gpg: Remove experimental feature to export w/o user-ids.
+ + commit 3491faa3bb62c1c96c6dd5947516128b2a966535
+ * g10/options.h (IMPORT_DROP_UIDS, EXPORT_DROP_UIDS): Remove.
+ * g10/import.c (parse_import_options): Remove option import-drop-uids.
+ (import_one_real): Remove drop uids code.
+ (remove_all_uids): Remove function.
+ * g10/export.c (parse_export_options): Remove option export-drop-uids.
+ (do_export_one_keyblock): Remove drop uids code.
+
+ card: List keys of pkcs#15 cards.
+ + commit a06c79b6143fc49e6f5169b8a9f53c691031d6ca
+ * tools/gpg-card.c (list_p15): New.
+ (list_card): Call it.
+
+ scd:p15: Read PuKDF and minor refactoring.
+ + commit 0c080ed5791ecf1606d1c2fddc0c55362fd171d3
+ * scd/app-p15.c (pukdf_object_t): New.
+ (struct app_local_s): Add field public_key_info.
+ (release_pukdflist): New.
+ (select_and_read_record): No diagnostic in case of not_found.
+ (read_first_record): New. Factored out from the read_ef_ fucntions.
+ (read_ef_pukdf): New. Basically a copy of read_ef_prkdf for now.
+ (read_p15_info): Also read the public keys.
+
+ (cardtype2str): New.
+ (read_ef_tokeninfo): Print a string with the cardtype.
+
+2021-02-01 Werner Koch <wk@gnupg.org>
+
+ sm: Add a few OIDs and merge OID tables.
+ + commit 0737dc8187a0eb9ca4661e2ad45954c718daa451
+ * sm/keylist.c (OID_FLAG_KP): New.
+ (key_purpose_map): Merge into ...
+ (oidtranstbl): this.
+ (get_oid_desc): New arg 'matchflag'. Use function in place of direct
+ access to key_purpose_map.
2021-01-28 Werner Koch <wk@gnupg.org>
Include the library version in the compliance checks.
- + commit 6e258babe7ccc52a7fb621339c2e2fc5f0f23bc9
+ + commit 90c514868ff5fcf6d39490d4874ac3a31ba9e85f
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
2021-01-27 Werner Koch <wk@gnupg.org>
+ scd:p15: Make file selection more robust.
+ + commit 1e197c29ed95d021f5693cd3652b6acb07d928ea
+ * scd/app-p15.c: Include host2net.h.
+ (DEFAULT_HOME_DF): New.
+ (select_and_read_binary): Replace slot by app. Change callers. Use
+ select_ef_by_path.
+ (select_and_read_record): ditto.
+ (select_ef_by_path): Make use use the home_df.
+ (parse_certid): Adjust for always set home_df.
+ (print_tokeninfo_tokenflags): Ditto.
+ (app_select_p15): Take the home_df from the FCI returned by select.
+
+ scd: Define new status word.
+ + commit 7620473cd007c074b0625a678caa6105a4c87142
+ * scd/apdu.h (SW_NO_CURRENT_EF): New.
+
+ scd:p15: Factor the commonKeyAttributes parser out.
+ + commit 5bcbc8cee310067aa3cc48665b0fb0595c64ae4d
+ * scd/app-p15.c (read_ef_prkdf): Fix detection of unsupported key
+ objects. Factor some code out to ...
+ (parse_common_key_attr): new.
+
gpg: Fix ugly error message for an unknown symkey algorithm.
- + commit 9037be5f40da409a7734a2672e64345472f294fc
+ + commit b08418d22cc898c9d135217e07ca77f3daf3c9e9
* g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
algorithm.
-2021-01-11 Werner Koch <wk@gnupg.org>
-
- Release 2.2.27.
- + commit 0c103cde00098bdf1cec8f27e764300d192210e4
+2021-01-26 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Factor the commonObjectAttributes parser out.
+ + commit fb84674d6c645a423b8ed9835437d25e4893e183
+ * scd/app-p15.c (parse_common_obj_attr): New.
+ (read_ef_prkdf): Use new function.
+ (read_ef_aodf): Ditto.
+
+ scd:p15: First step towards real CardOS 5 support.
+ + commit fc287c0552b0fe489c66bb493879f4330c34f287
+ * scd/iso7816.c (iso7816_select_path): Add arg from_cdf.
+ * scd/app-nks.c (do_readkey): Adjust for this change.
+
+ * scd/app-p15.c (CARD_TYPE_CARDOS_53): New.
+ (IS_CARDOS_5): New.
+ (card_atr_list): Add standard ATR for CardOS 5.3.
+ (select_and_read_binary): Remove the fallback to record read hack.
+ (select_and_read_record): New.
+ (select_ef_by_path): Rework and support CardOS feature.
+ (read_ef_prkdf): Use read record for CardOS.
+ (read_ef_cdf): Ditto.
+ (read_ef_aodf): Ditto. Also fix bug in the detection of other
+ unsupported attribute types.
+ (verify_pin): Use IS_CARDOS_5 macro.
+ (app_select_p15): Force direct method for CardOS.
+
+2021-01-25 Werner Koch <wk@gnupg.org>
+
+ agent: Support ssh-agent extensions for environment variables.
+ + commit 224e26cf7b67f22bb0140133eac6b4ad24f3b1b7
+ * common/session-env.c (session_env_list_stdenvnames): Extend to allow
+ return all names as one string.
+ * agent/command-ssh.c (SSH_REQUEST_EXTENSION): New.
+ (SSH_RESPONSE_EXTENSION_FAILURE): New.
+ (request_specs): Add handler for the extension command.
+ (ssh_handler_extension): New.
+
+2021-01-21 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Show the ATR as part of the TokenInfo diagnostics.
+ + commit 60499d98940d4b7a1673b8584cafe0f7ac2901dd
+ * scd/app-p15.c (read_ef_tokeninfo): Print the ATR in verbose mode.
+
+2021-01-19 Werner Koch <wk@gnupg.org>
+
+ Require Libgcrypt 1.9.
+ + commit 9500432b7ae10d98b30c58de4357e2ffb93bf795
+ * configure.ac: Require at least Libgcrypt 1.9.0. Remove all
+ GCRYPT_VERSION_NUMBER dependent code.
+
+2021-01-12 Werner Koch <wk@gnupg.org>
+
+ tools: Add option --clock to watchgnupg.
+ + commit 93d5d7ea2a8b110b3ad88be25f2f67d706361e44
+ * tools/watchgnupg.c (print_fd_and_time) [ENABLE_LOG_CLOCK]: Use
+ clock_gettime.
+ (print_version): New option --clock.
+2021-01-11 Werner Koch <wk@gnupg.org>
gpg,w32: Fix gnupg_remove.
- + commit 3901c1a8c59a436ea4509d5aaebbecc5a0268391
+ + commit b6967d31912912ad3c0a2ff6bf6eb9822a194562
* common/sysutils.c (map_w32_to_errno): New.
(gnupg_w32_set_errno): New.
(gnupg_remove) [w32]: Set ERRNO
-2021-01-08 Werner Koch <wk@gnupg.org>
+2021-01-06 Ingo Klöcker <dev@ingo-kloecker.de>
- gpg: Fix --gpgconf-list case with no conf files at all.
- + commit 9f37d3e6f307a9460c0a356afa1f8b991c527d6c
- * g10/gpg.c (get_default_configname): Remove unused function.
- (main): Provide a proper filename to gpgconf_list.
+ I meant "SHA-2 digests" in the previous commit.
+ + commit 7eef40cc1143fb19132786ebcca1c9a6c9a85e6e
-2021-01-07 Werner Koch <wk@gnupg.org>
- gpgconf: Fix description of two new options.
- + commit ff30fcd3dc78c00ed87ce6bd3414b828bdf51e84
- * tools/gpgconf-comp.c: Fix auto-key-import and include-key-block.
+ scd:nks: Add support for signing plain SHA-3 digests.
+ + commit 8fe976d5b9a0f2902868737dd502c749565222a6
+ * scd/app-nks.c (do_sign): Handle plain SHA-3 digests and verify
+ encoding of ASN.1 encoded hashes.
2020-12-30 Werner Koch <wk@gnupg.org>
wkd: Minor permission fix for created files.
- + commit fdc54850263b2b888398f95be7816134b45a60d3
+ + commit c008e8d20e12c8845403ad7dad499f6a196ecc6a
* tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file.
(ensure_policy_file): No need to make the policy file group writable.
-2020-12-23 Werner Koch <wk@gnupg.org>
-
- gpg: Initialize a variable even in a never used code path.
- + commit 83e875a2d1e7560b9626266373c89e6e6eb7cb50
- * g10/sign.c (write_signature_packets): Init ERR.
-
2020-12-21 Werner Koch <wk@gnupg.org>
- Release 2.2.26.
- + commit c77bb1a750f0e2d6538d23fdc0af0e3ff3d56781
-
-
common: Remove superfluous debug output from dotlock.c.
- + commit 323a69ef65e0d48fb9d038ecca01a70688ad3325
+ + commit fc0eaa9add3c9bc93d4404988be3e1eb8f88ffa2
* common/dotlock.c (dotlock_create_unix): Remove debug output.
doc: Explain LDAP keyserver parameters.
- + commit 261fb98c6f034f3f96abee79ea73febd115420ae
+ + commit e0cbb97925a109fee7c0a7450bcac120f2766ed2
- common: Fix the "ignore" meta command in argparse.c.
- + commit 09dc59f6d43f5e81781429913b8f377581825be0
- * src/argparse.c (gnupg_argparse): Factor some code out to ...
- (prepare_arg_return): new.
- (gnupg_argparse): No missing arg error in ignore sections.
- * common/sysutils.c: Include pwd.h.
- (gnupg_getusername): New.
-
2020-12-18 Werner Koch <wk@gnupg.org>
- gpg: Fix --trusted-key with fingerprint arg.
- + commit 8a2e5025eb0f9537a4e776cf2886771a507121f1
- * g10/trustdb.c (tdb_register_trusted_key): Take care of that
- other constant.
-
dirmngr: Do not block threads in LDAP keyserver calls.
- + commit 15bfd189c07ef0f1bb94db0aee9ad26441ddc494
+ + commit 355e2992c043dd3241a9e838255f01418490ef33
* dirmngr/ks-engine-ldap.c: Wrap some ldap calls.
- dirmngr: Fix backport of the new option parser from 2.3.
- + commit 9b886adba4f83ca462f8015060bcea8a7ceb6bb0
- * dirmngr/dirmngr.c (main) <aGPGConfList>: Re-introduce
- gpgconf-dirmngr.conf.
-
2020-12-17 Werner Koch <wk@gnupg.org>
gpg: New AKL method "ntds"
- + commit 559efd23e936536435a42646b62fe8c4f8585d38
+ + commit 4a3836e2b2f9a91995d5ce058820e1121298f548
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
support for KEYDB_SEARCH_MODE_MAIL.
(ks_ldap_get): Add a debug.
(get_pubkey_byname): Ditto.
dirmngr: Support "ldap:///" for the current AD user.
- + commit 776bef74c778c6740a6aac8a05801a958868346d
+ + commit 1194e4f7e2dff620e0da87f212f3a35f8021b142
* dirmngr/http.h (struct parsed_uri_s): Add field ad_current.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
dirmngr: Allow LDAP searches via fingerprint.
- + commit c75fd75532905a2922288e0e8ac01fcd0226fc52
+ + commit 2cadcce3e877c857bb8859574762b59b9c193b44
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg
serverinfo and allow searching by fingerprint.
(ks_ldap_get, ks_ldap_search): First connect then create teh filter.
+2020-12-15 Werner Koch <wk@gnupg.org>
+
dirmngr: Store all version 2 schema attributes.
- + commit c28cb5282b149f1e34df6f923e88e1998a60cc4a
+ + commit a2434ccabdd1956876b44e05e07c3c3630c50f8f
* g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
* dirmngr/ks-engine-ldap.c (extract_attributes): Add args
extract-state and schemav2. Add data for the new schema version.
remove the legacy code to handle UIDs in the "pub" line.
(ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.
-
- This is a backport from 2.3
+2020-12-14 Werner Koch <wk@gnupg.org>
dirmngr: Support the new Active Directory schema.
- + commit ac8ece92662d83b79b03a369df07362d320fd118
+ + commit e9ddd61fe979b1b8e1a4801f7f916d0222397245
* dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants.
(my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new
serverinfo arg. Set the new info flags.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto. Replace xmalloc by xtrymalloc. Change the DN
for use with NTDS (aka Active Directory).
+ * doc/ldap/gnupg-ldap-init.ldif (pgpSoftware): Update definition of
+ pgpVersion.
+ * doc/ldap/gnupg-ldap-ad-init.ldif: New.
+ * doc/ldap/gnupg-ldap-ad-schema.ldif: New.
dirmngr: Do not store the useless pgpSignerID in the LDAP.
- + commit 0e88c73bc94fbca224f06d95bb024030bb3a73bb
+ + commit cc056eb534c1b8f7d1a90af3b9ecb9d6b2f322fa
* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
pgpSignerID.
* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
dirmngr: Fix adding keys to an LDAP server.
- + commit e47de853820000ddf383e7b790fbc435e3378d66
+ + commit 37a899d0e4fd49512d522e7f6f86b6968309fece
* dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into
addlist.
-2020-12-16 NIIBE Yutaka <gniibe@fsij.org>
+2020-12-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.
+ + commit 3b392630881350baabeba16fa760bad04be94d03
+ * scd/app-nks.c (do_readkey): Allow KEYGRIP access.
+ Support NKS-IDLM.XXXX keyref.
+
+ scd:nks: Factor out pubkey retrieval from keygrip handling.
+ + commit b7c087375d84c31ab8a645cd81e6b1e6185cb30d
+ * scd/app-nks.c (pubkey_from_pk_file): New.
+ (keygripstr_from_pk_file): Use pubkey_from_pk_file.
+
+2020-12-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:nks: Add support of KEYGRIP for do_readcert.
+ + commit 4020cd9d656264bec5e7fb5e45c5e06eff8656c3
+ * scd/app-nks.c (do_readcert): Support KEYGRIP.
+
+ scd:nks: Factor out iteration over filelist.
+ + commit 6c4365847666cefac73ccc743a99fac473da2186
+ * scd/app-nks.c (iterate_over_filelist): New.
+ (do_with_keygrip): Use iterate_over_filelist.
+
+2020-12-09 Werner Koch <wk@gnupg.org>
+
+ wks-client: Improve an error message.
+ + commit c7c88648b71b8ce3a5507946afb91761fc6d931e
+ * tools/gpg-wks-client.c (read_confirmation_request): Print trust
+ letter.
+
+2020-12-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:ccid:spr532: Extend abort_cmd for initialization time.
+ + commit a9aa30ed2c2c399c2baa6a5aa2624d8fdee6286f
+ * scd/ccid-driver.c (abort_cmd): Add INIT argument to support
+ synchronize until success, even ignoring timeout.
+ (bulk_in): Normal use case of abort_cmd.
+ (ccid_vendor_specific_init): Initial use case of abort_cmd.
scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.
- + commit 3c55e15cee4bfed6ef96fbc97a0d2f00afceebe3
+ + commit f50373027222f28ab9d37843178a5d44cc1e3cc0
* scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532,
call libusb_clear_halt.
scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.
- + commit 585cfca0a60bd910012a8a2218f74889840b2546
+ + commit ffabc29d5eadfe81b9f62b7d4fe6e858b191354d
* scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt.
+2020-12-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd:yubikey: Fix support of Yubikey NEO.
+ + commit 946555ea3ceb823b95ed13654ae4fd667daa4337
+ * scd/app-openpgp.c (get_public_key): Yubikey NEO also has this issue.
+
+ agent: Allow decryption with card but no file.
+ + commit eda3c688fc2e85c7cd63029cb9caf06552d203b4
+ * agent/pkdecrypt.c (agent_pkdecrypt): Support decryption with card
+ but without a stub key.
+
+ agent: Clean up the API of agent_pkdecrypt.
+ + commit 9beab36dfa39106f6efd1bb89551a581bcf9df60
+ * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type.
+ * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type.
+
+ agent: Allow pksign operation with card but no file.
+ + commit cbb0e069f55bc45037bbd69d54ce23dae2af2ac6
+ * agent/pksign.c (agent_pksign_do): Add support with no file.
+
+2020-12-07 Ingo Klöcker <dev@ingo-kloecker.de>
+
+ gpg: Make quick-gen-key with algo "card" work for keys without keytime.
+ + commit 255d33d65126df00bc036580d0b32735d7178c8b
+ * g10/keygen.c (quick_generate_keypair): Set pCARDKEY flag if algostr
+ is "card" or "card/...".
+
2020-12-07 NIIBE Yutaka <gniibe@fsij.org>
- scd:openpgp: Fix writing ECC key to card.
- + commit 5a03bf61304d0c2c8b4df53a1a7680cd0eb91cb1
- * scd/app-openpgp.c (build_privkey_template): Adding another argument
- of ecc_d_fixed_len to handle variable-size MPI.
+ gpg,card: Allow no version information of Yubikey.
+ + commit 1cd615afe3010d2c3919de489d7c9a78513c8694
+ * g10/call-agent.c (learn_status_cb): Assume >= 2 when no version.
+ * tools/card-call-scd.c (learn_status_cb): Likewise.
-2020-12-04 Werner Koch <wk@gnupg.org>
+2020-12-03 NIIBE Yutaka <gniibe@fsij.org>
- Backport of the new option parser from 2.3.
- + commit a028f24136a062f55408a5fec84c6d31201b2143
- * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
- * common/argparse.c, common/argparse.h: Rewrite.
- * tests/gpgscm/main.c: Switch to the new option parser.
+ scd:nks: Fix caching keygrip (more).
+ + commit 87d2c579cc38c1d2787945650125fb0e0336652c
+ * scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID.
- * g10/gpg.c: Switch to the new option parser and enable a global conf
- file.
- * g10/gpgv.c: Ditto.
- * agent/gpg-agent.c: Ditto.
- * agent/preset-passphrase.c: Ditto.
- * agent/protect-tool.c: Ditto.
- * scd/scdaemon.c: Ditto.
- * dirmngr/dirmngr.c: Ditto.
- * dirmngr/dirmngr_ldap.c: Ditto
- * dirmngr/dirmngr-client.c: Ditto.
- * kbx/kbxutil.c: Ditto.
- * tools/gpg-card.c: Ditto.
- * tools/gpg-check-pattern.c: Ditto.
- * tools/gpg-connect-agent.c: Ditto.
- * tools/gpg-pair-tool.c: Ditto.
- * tools/gpg-wks-client.c: Ditto.
- * tools/gpg-wks-server.c: Ditto.
- * tools/gpgconf.c: Ditto.
- * tools/gpgsplit.c: Ditto.
- * tools/gpgtar.c: Ditto.
- * g13/g13.c: Ditto.
- * g13/g13-syshelp.c: Ditto. Do not force verbose mode.
- * sm/gpgsm.c: Ditto. Add option --no-options.
+ scd: Fix KEYINFO command with --data option.
+ + commit 54b88ae4606265f3d51c1ca603dbf846f3dfd678
+ * scd/command.c (cmd_keyinfo): Handle --data option correctly.
+
+ scd:openpgp: Fix writing ECC key to card.
+ + commit a25c99b156ca9acaa7712e9c09a6df0a7a23c833
+ * scd/app-openpgp.c (build_privkey_template): Adding another argument
+ of ecc_d_fixed_len to handle variable-size MPI.
2020-12-02 Werner Koch <wk@gnupg.org>
kbx: Better error message in case of a crippled Libgcrypt.
- + commit acafa695e1e7998b892a6a621ef06d57bbc82722
+ + commit 63ed2054a1f3cfbdff5cda390952f10a512dab83
* kbx/keybox-openpgp.c (keygrip_from_keyparm): Detect missing curve.
2020-12-01 Jens Meißner <meissner@b1-systems.de>
doc: Add parameters for batch generation of ECC keys.
- + commit a3f95a29b97d603c606936620e4638cc6db10ec9
+ + commit 4f9ac5dac093300ac18fd3732bffdd2a3fc38776
* doc/gpg.texi: Add parameters for batch generation of ECC keys.
-2020-11-27 NIIBE Yutaka <gniibe@fsij.org>
+2020-11-30 Werner Koch <wk@gnupg.org>
- common: Fix fallback handling to utf-8.
- + commit 7d7a50ba7231bd4432b1254c7067a7f287890632
- * common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.
+ scd:nks: Minor additions to the basic IDLM application support.
+ + commit 806547d9d243b26c2275fc00c645ee39d258b49b
+ * scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys.
+ (keygripstr_from_pk_file): Handle special value.
+ (do_readcert): Ditto.
+ (do_writecert): Ditto.
-2020-11-23 Werner Koch <wk@gnupg.org>
+2020-11-27 Werner Koch <wk@gnupg.org>
- Release 2.2.25.
- + commit 40f75823d25548abbc52dd6121963a55d99b1230
+ card: Let the APDU command prints a description of the status word.
+ + commit ad469609b101fe6c1128135180fef8eae13279ff
+ * tools/card-call-scd.c (scd_apdu_strerror): New.
+ * tools/gpg-card.c (cmd_apdu): Print a description.
+ scd: New getinfo sub-command apdu_strerror.
+ + commit 0e34683a6c4b037aa50ca0f97ddb9d5c4e499084
+ * scd/apdu.c (apdu_strerror): Add missing status codes.
+ * scd/command.c (cmd_getinfo): New sub-command apdu_strerror.
-2020-11-19 Werner Koch <wk@gnupg.org>
+ card: Netkey improvement for passwd.
+ + commit 5804db1a13d2cf8f4010d1257c586bed978c3173
+ * tools/gpg-card.c (cmd_passwd) [Netkey]: No Standard/QES menu if the
+ card does not support it. Print no error in cases the user canceled.
- gpgconf: Also print revision of libksba.
- + commit 6594dc31f58916b6f8b31de070e85d56221e3b94
- * dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty
- string.
- (gpgconf_versions): Print ksba revision.
+2020-11-27 NIIBE Yutaka <gniibe@fsij.org>
-2020-11-19 Jakub Bogusz <qboosh@pld-linux.org>
+ scd:ccid-driver: Fix pinpad error handling for cancel/timeout.
+ + commit bb591222c3c5cb1a1750b1b1dd26d0bc53b347cb
+ * scd/apdu.h (SW_HOST_UI_CANCELLED, SW_HOST_UI_TIMEOUT): New.
+ * scd/ccid-driver.h (CCID_DRIVER_ERR_UI_CANCELLED): New.
+ (CCID_DRIVER_ERR_UI_TIMEOUT): New.
+ * scd/ccid-driver.c (bulk_in): Handle PIN input cancel/timeout error.
+ * scd/iso7816.c (map_sw): Support SW_HOST_UI_CANCELLED and
+ SW_HOST_UI_TIMEOUT.
- po: Update Polish translation.
- + commit f7cbf68fdd1e42cdbabec7e06f2149f6b3f1d1dc
+2020-11-26 Werner Koch <wk@gnupg.org>
+ agent: Fix YK s/n and prettify the request card prompt for Yubikeys.
+ + commit 7113263a00d8c9b09f0dfdb9590bfe2bab1bc776
+ * agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey
+ prompt.
+ * scd/app.c (app_munge_serialno): Fix Yubikey s/n munging.
+ (card_get_dispserialno): Ditto.
+ * scd/app-openpgp.c (get_disp_serialno): Remove.
+ (get_prompt_info): Use app_get_dispserialno.--
+
+ scd: Do not try to use a non-enabled app after card switching.
+ + commit d784e763495c8d53e29a2debdd9c0e0578f15a6a
+ * scd/app.c (app_dump_state): Also print the refcount.
+ (maybe_switch_app): Make sure the app exists on the card.
+
+ scd: Add special serialno compare for OpenPGP cards.
+ + commit 764c69a841abc1a4dff2fa86b4cd0b63ec737860
+ * scd/app.c (is_same_serialno): New.
+ (check_application_conflict): Use this.
+ (select_application): Ditto.
+ (app_switch_current_card): Ditto.
+ * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also
+ compare case insensitive.
+
+2020-11-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Report an error for receiving key from agent.
+ + commit 605ab99912ac632363d1b4378a710229e40ca99e
+ * g10/export.c (do_export_one_keyblock): Report an error.
+
+ scd,nks: Fix caching keygrip.
+ + commit 920154370834ad8d947aed19c9d914a27dde6baa
+ * scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if
+ available.
-2020-11-19 NIIBE Yutaka <gniibe@fsij.org>
+2020-11-25 Werner Koch <wk@gnupg.org>
- scd:openpgp: Public keys should be available for check_keyidstr.
- + commit 84020385be19556800b22cc5b0ce098acd424298
- * scd/app-openpgp.c (check_keyidstr): Call get_public_key.
+ scd:p15: Print the internal card type.
+ + commit 00037f499db830c75fee2111dfbef72fa11bd98a
+ * scd/app-p15.c (read_ef_tokeninfo): Print the internal card type.
-2020-11-17 Werner Koch <wk@gnupg.org>
+ scd:p15: Improve support for some CardOS based cards.
+ + commit c7b9a4ee439eca5a4bde4781f7d8983af3b9201e
+ * scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and
+ change callers.
+ (iso7816_read_record): Factor all code out to ...
+ (iso7816_read_record_ext): new.
+ * scd/app-p15.c (select_and_read_binary): Fallback to record reading.
+ (read_ef_aodf): Clear EOF error.
+
+ scd: Rework the handling of the displayed serial number.
+ + commit 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7
+ * scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys.
+ (app_munge_serialno): Handle Yubikey serial numbers.
+ (card_get_serialno): Remove special Yubikey treatment. Drop arg
+ is_canonical.
+ (app_get_serialno): Clear ERRNO on error.
+ (card_get_dispserialno): New. Also change formatting of Yubikey and
+ OpenPGP numbers to match those printed on the card.
+ (app_get_dispserialno): New.
+ * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
+ (yubikey_get_serialno): Remove.
+ * scd/app-piv.c (get_dispserialno): Remove.
+ (do_getattr): Use app_get_dispserialno.
- Release 2.2.24.
- + commit 5751c48035764d938ae0459fcecd37194133bfb7
+2020-11-25 NIIBE Yutaka <gniibe@fsij.org>
+ scd: Fix an error return for READKEY.
+ + commit c3a20c88fb30b0fc4ce50a01de97fae333003682
+ * scd/command.c (cmd_readkey): Return when error.
-2020-11-16 Werner Koch <wk@gnupg.org>
- NIIBE Yutaka <gniibe@fsij.org>
+ scd,nks: Fix SEGV for learn for older card.
+ + commit 006944b856ee2202905290e8a2f5523a7877d444
+ * scd/app-nks.c (keygripstr_from_pk_file): Set algostr.
- scd:openpgp: Allow keygrip to be used to reference a key.
- + commit 1049f06c6d2e1a833af4c73ea67a05417bbd0967
- * scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
- (store_keygrip): New.
- (read_public_key): Store the keygrip.
- (get_public_key): Sitto.
- (send_keypair_info): USe the stored keygrip.
- (check_keyidstr): New. Factored out from other functions and
- extended.
- (do_sign): Use check_keyidstr.
- (do_auth): Ditto.
- (do_decipher): Ditto.
- (do_check_pin): Ditto.
+2020-11-20 NIIBE Yutaka <gniibe@fsij.org>
-2020-11-13 Werner Koch <wk@gnupg.org>
+ gpg: Change API of agent_scd_serialno.
+ + commit 777019faf0b8f10a897c3ee477d35f9b29f02224
+ * g10/call-agent.c (agent_scd_serialno): Extend API to allow with
+ R_SERIALNO == NULL.
+ * g10/card-util.c (card_status): Use NULL for agent_scd_serialno.
+ (factory_reset): Likewise.
+ * g10/skclist.c (build_sk_list): Likewise.
- gpg: Provide better diagnostic for replaced card keys.
- + commit 5d98f95aa90c290a88ce97525d9f98f0aaf9e5aa
- * agent/divert-scd.c (divert_pksign): Add arg 'grip'. Replace OPENPGP
- key reference to keygrips.
- (divert_pkdecrypt): Ditto.
- * agent/protect.c (parse_shadow_info): Trim spaces.
- * agent/pkdecrypt.c (agent_pkdecrypt): Pass the keygrip.
- * agent/pksign.c (agent_pksign_do): Ditto.
+ Fix the previous comment changes help doc string.
+ + commit cc8b99d18e26397028ca185e44d0886a94cc1bf6
+ * scd/command.c (hlp_learn): Fix the doc string.
- * g10/mainproc.c (print_pkenc_list): Print extra info for an invalid
- id error.
- * g10/sign.c (do_sign): Ditto.
+2020-11-19 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Also print revision of libksba.
+ + commit 4070f302e4decc8d54d1305cbd30f6dab052ef7e
+ * dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty
+ string.
+ (gpgconf_versions): Print ksba revision.
+
+2020-11-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix creating shadow key on card key generation.
+ + commit 8ddadbbdbbe20b9e87eb2bfa142577e26dae297e
+ * agent/command.c (cmd_readkey): Fix handling --card option.
+
+ gpg: Fix --card-edit command.
+ + commit e45455d3020ca8f21c54112b6dfb1cc9bd3f2623
+ * g10/card-util.c (get_info_for_key_operation): Revert the change.
+
+2020-11-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update to newer autoconf constructs.
+ + commit d66fb3aa53a6c4a815fe35a15e3c61886c5df628
+ * acinclude.m4 (GNUPG_CHECK_ENDIAN): Use AC_COMPILE_IFELSE instead of
+ AC_TRY_COMPILE. Use AC_RUN_IFELSE instead of AC_TRY_RUN.
+ (GNUPG_BUILD_PROGRAM): Use AS_HELP_STRING instead of AC_HELP_STRING.
+ * configure.ac: Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
+ Use AS_HELP_STRING instead of AC_HELP_STRING.
+ (AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
+ (AC_TYPE_SIGNAL): Remove.
+ * m4/isc-posix.m4: Remove.
+ * m4/codeset.m4: Update from gnulib.
+ * m4/gettext.m4: Update from gnulib.
+ * m4/lcmessage.m4: Update from gnulib.
+ * m4/socklen.m4: Update from gnulib.
+ * m4/ldap.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
+ Use AC_LINK_IFELSE instead of AC_TRY_LINK.
+ Use AC_RUN_IFELSE instead of AC_TRY_RUN.
+ * m4/gpg-error.m4: Update from libgpg-error.
+ * m4/readline.m4: Update from libgpg-error.
+ * m4/npth.m4: Update from npth.
+ * m4/libassuan.m4: Update from libassuan.
+ * m4/libgcrypt.m4: Update from libgcrypt.
+ * m4/ksba.m4: Update from libksba.
+ * m4/ntbtls.m4: Update from ntbtls.
+ * common/signal.c [!HAVE_DOSISH_SYSTEM] (init_one_signal): Replace
+ RETSIGTYPE to void.
+ [!HAVE_DOSISH_SYSTEM] (got_fatal_signal, got_usr_signal): Likewise.
+
+ build: Use modern Autoconf check for types.
+ + commit aeeb8e975dc740cb79954de7fec4fcfe902d3a42
+ * common/types.h: Use HAVE_TYPE_BYTE, HAVE_USHORT_TYPEDEF,
+ HAVE_ULONG_TYPEDEF, HAVE_U16_TYPEDEF, and HAVE_TYPE_U32.
+ * configure.ac (byte, ushort, ulong, u16, u32): Use AC_CHECK_TYPES.
+
+2020-11-13 Werner Koch <wk@gnupg.org>
gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.
- + commit aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe
+ + commit e37c2e184448f64e285f925ab9636b5f21be99f7
* g10/keydb.h (pref_hint): Change from union to struct and add field
'exact'. Adjust callers.
* g10/pkclist.c (algo_available): Take care of the exact hint.
- * g10/sign.c (sign_file): Fix indentation. Rework the hash from
+ * g10/sign.c (sign_file): Rework the hash detection from
recipient prefs.
2020-11-12 Werner Koch <wk@gnupg.org>
gpgconf: Yet another fix for --apply-profile.
- + commit f400ff4e7dfb424fbfcf7dfc5f80d89757ece5ab
+ + commit e546cc78b75978a696298f2fcc072faeb7f69be4
* tools/gpgconf.c (main): Use gnupg_homedir instead of
default_homedir. Check for existance of the directory.
- scd: Skip unknown options in command SERIALNO.
- + commit 7076f6cafbac0cfbb3ab11e0f27c5d04ca956e8f
- * scd/command.c (cmd_serialno): Skip options.
-
2020-11-11 Werner Koch <wk@gnupg.org>
- gpg: Support brainpool keygen with "key from card".
- + commit 966fe1e9d98a0345da9b506ce9be0ad398f12d43
- * g10/keygen.c (ask_algo): Add brainpool hack in the same as for Nist
- curves.
+ w32: Replace some fopen by es_fopen.
+ + commit d574213ce21c495d9432eeb5956e8857826876c6
+ * agent/protect-tool.c (read_file): Replace fopen by es_fopen.
+ * dirmngr/dirmngr-client.c (read_pem_certificate): Ditto.
+ (read_certificate): Ditto.
+ * g10/keydb.c (rt_from_file): Ditto.
+ * kbx/kbxutil.c (read_file): Ditto.
+ * g10/plaintext.c (get_output_file) [__riscos__]: Remove code.
-2020-11-10 Werner Koch <wk@gnupg.org>
+2020-11-11 NIIBE Yutaka <gniibe@fsij.org>
- w32: Support Unicode also for config files etc.
- + commit 163e4ff1959788781403ddf85f808054de414fd6
- * common/sysutils.c (gnupg_fopen) [W32]: Use _wfopen if needed. Use
- new function in most places where fopen is used.
+ gpg: Fix the previous commit.
+ + commit dd2703096f3ee7f4b6b96e2b649daf85aa8d6030
+ * g10/delkey.c (do_delete_key): Fix the condition for the error.
- w32: Support utf8 for getcwd even if build with gpgrt < 1.40.
- + commit 9188a3c6b7eb871f711a0979620ca72f99522d53
- * common/sysutils.c (gnupg_getcwd) [W32]: Use Unicode version.
+2020-11-10 NIIBE Yutaka <gniibe@fsij.org>
-2020-11-09 NIIBE Yutaka <gniibe@fsij.org>
+ gpg: In batch mode, delete-secret-key is not okay without --yes.
+ + commit f9bbc751633f38f58fecb71c33aae735e9b30241
+ * g10/delkey.c (do_delete_key): Emit an error when not --yes.
- scd: Internal CCID driver: Fix a race condition on close.
- + commit 8e206c1721564c91dd05ea46b5262670011155ab
- * scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
- return 0 only at the initial call.
- (bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
- the loop, to invoke scd_update_reader_status_file, which calls
- ccid_slot_status again.
- (ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
- (ccid_get_atr): ... here.
+ gpg: Fix agent_delete_key interaction.
+ + commit 9854369a729b9fde43eac2e2f7154f5187378787
+ * g10/call-agent.c (agent_delete_key): Set up CTX.
2020-11-09 Werner Koch <wk@gnupg.org>
+ card: Run factory-reset in locked stated also in gpg-card.
+ + commit 12fd10791f1dec4ec42810d7b92c69e1ae2327b9
+ * tools/card-call-scd.c (scd_apdu): Add more pseudo APDUs.
+ * tools/card-misc.c (send_apdu): Handle them.
+ * tools/gpg-card.c (cmd_factoryreset): Use lock commands.
+
card: Run factory-reset in locked stated.
- + commit 7f765a98fd662f345baf30d93392103e5f85ace1
+ + commit 8fb0d5e3c775f40e321689b35431d81425406237
* scd/command.c (reset_notify): Add option --keep-lock.
(do_reset): Add arg keep_lock.
(cmd_lock): Send progress status.
* g10/card-util.c (send_apdu): Ditto.
(factory_reset): Use lock commands.
- gpg: Fix recent commit for weak digest algos and smartcards.
- + commit 21d5323f5d029758fd55eae1dfdfb88b718ceada
- * g10/sign.c (sign_file): Fix condition.
+ gpg: Do not print rejected digest algo notes with --quiet.
+ + commit e08e1d62d089a154ec5d7c80cd58e8e3b18d2d6b
+ * g10/misc.c (print_digest_rejected_note): Do not print in quiet mode.
+ (print_sha1_keysig_rejected_note): Ditto.
+
+2020-11-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix SOS handling when exporting SSH key with libgcrypt 1.8.
+ + commit bf3a9377d147d8a83d9c71ca5a7284897c913951
+ * g10/export.c (key_to_sshblob): Fix SOS correctly.
+
+ agent: Fix SOS handling with libgcrypt 1.8.
+ + commit ba4f68416742eb241ec5490d16f88b0eb0bdc811
+ * agent/cvt-openpgp.c (apply_protection): Handle opaque MPI.
+
+2020-11-06 Werner Koch <wk@gnupg.org>
- Require libksba 1.3.5.
- + commit 549dc8cfe9a44fe7eb8a6a90662d4cbb1958a556
- * configure.ac (NEED_KSBA_VERSION): Set to 1.3.5.
+ agent: Minor tweaks to the new genpin inquiry.
+ + commit c896112fa3f7f3289b5198bfac992160feb0ad0a
+ * agent/call-pinentry.c (generate_pin): Use STRING random which is
+ sufficient for a passphrase.
+ (inq_cb): s/rc/err/. Do not print two errors in case generate_pin
+ fails. Lowercase strings as per GNU standards.
+ (setup_genpin): Fix translation test.
+ (setup_qualitybar): Ditto.
- Require Libgpg-error 1.27.
- + commit fc01ae50718b4030fbfdf3ca65ddb3e3107eacda
- * configure.ac (NEED_GPG_ERROR_VERSION): Require 1.27
- * common/util.h: Remove compatibility macros.
+2020-11-06 Andre Heinecke <aheinecke@gnupg.org>
- Require Libgcrypt 1.8.
- + commit 99ab3aed15c8a84347e39fbe49bd5748aeefe31a
- * configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.8.
- * tools/gpgconf.c (show_version_libgcrypt): Remove conditional case
- for Libgcrypt < 1.8.
- * common/compliance.c (gnupg_rng_is_compliant): Ditto.
- * agent/pksign.c: Ditto.
- * agent/gpg-agent.c (thread_init_once): Ditto.
- (agent_libgcrypt_progress_cb): Ditto.
- * agent/command.c (cmd_getinfo): Ditto.
+ agent: Add genpin inquiry for pinentry.
+ + commit 557ddbde32585c534626b57a595a2ccf28fd585e
+ * agent/call-pinentry.c (agent_get_passphrase): Setup genpin.
+ (do_getpin): Update with new name for inquire callback.
+ (inq_quality): Rename to inq_cb and add genpin support.
+ (inq_cb): Renamed form inq_quality.
+ (generate_pin): New helper to generate a pin.
+ (agent_askpin): Fix some typos.
+ (setup_genpin): Provide new strings for pinentry.
-2020-11-09 Ben Kibbey <bjk@luxsci.net>
+2020-11-05 Ben Kibbey <bjk@luxsci.net>
gpg: Add canceled status message.
- + commit f05d1772c47b71cf77f79519b8edbc682002d303
+ + commit 31e47dfad0f40e31e8b3113b933696e8e4105136
* common/status.h (STATUS_CANCELED_BY_USER): New.
* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
instead of STATUS_MISSING_PASSPHRASE when canceled is set.
-2020-11-09 Werner Koch <wk@gnupg.org>
+2020-11-05 NIIBE Yutaka <gniibe@fsij.org>
- gpg: Do not print rejected digest algo notes with --quiet.
- + commit c373735e79a1b6240e9eca972c2bbb0c9f3247c4
- * g10/misc.c (print_digest_rejected_note): Do not print in quiet mode.
- (print_sha1_keysig_rejected_note): Ditto.
+ scd: Use lock_slot for apdu_send_direct.
+ + commit f808012ac2cf67ec563da178d963f300a7f2564d
+ * scd/apdu.c (apdu_send_direct): Use lock_slot.
+
+ scd: Internal CCID driver: Fix a race condition on close.
+ + commit 484bafda4dbf5ffe9e7c41ef24fbc5bd791a3b32
+ * scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
+ return 0 only at the initial call.
+ (bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
+ the loop, to invoke scd_update_reader_status_file, which calls
+ ccid_slot_status again.
+ (ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
+ (ccid_get_atr): ... here.
2020-11-04 Werner Koch <wk@gnupg.org>
speedo,w32: Install gpg-check-pattern and example profiles.
- + commit a4fa4b5d4ba38e51436914505af1a8f3483ed945
+ + commit f5a81953e172a7bb4d02f2dc0e398f379c39ec84
* doc/examples/vsnfd.prf: Rename to VS-NfD.prf.
* doc/examples/Automatic.prf: New.
* doc/Makefile.am (examples): Adjust.
* build-aux/speedo/w32/wixlib.wxs: Add new files.
g13: Include a now missing header file.
- + commit d4089b04a5f15c1cc1a4809cb8f0d59fc1cdf564
+ + commit b7f4e2d71fe3dee680f834cfc3dd620352830147
* g13/create.c: Include sysutuls.h
- * g13/sh-dmcrypt.c: Ditto.
gpgconf: Make sure the homedir exists for --apply-profile.
- + commit 1fbf085bc8b4a92772d1da8bfea507f4f97434b1
+ + commit 7d95f2e7e7a09e3d433d449b117e3470f9dd38c7
* tools/gpgconf.c (main) <aApplyDefaults, aApplyProfile>: Create the
standard home directory.
common: Fix duplicate implementation of try_make_homedir.
- + commit 6fe5c8c06e8cd162913ee5b0eb741eb4beebf44a
+ + commit dabc314b71378f585fac2753149f3358e32ec621
* g10/openfile.c (try_make_homedir): Move core of the code to ...
* common/homedir.c (gnupg_maybe_make_homedir): new.
* sm/keydb.c (try_make_homedir): Implement using new function.
2020-11-04 Andre Heinecke <aheinecke@gnupg.org>
w32: Add another pinentry search path.
- + commit b4cb91d5fbe2b8917d76d12eb72aaac0d97ed596
+ + commit c8f6f6bbc8b203e633d382aa84862807c1aeb3d1
* common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe
w32: Add windows subsystem variant of gpgconf.
- + commit c366e04958481382c3f7b50f169120053186069b
+ + commit e2659f4bf603693c43af0444239bc52744291edc
* tools/Makefile.am (gpgconf-w32): New target. Builds gpgconf with
subsystem windows.
* build-aux/speedo/w32/wixlib.wxs: Package it.
2020-11-03 Werner Koch <wk@gnupg.org>
w32: Fix strftime problem on Windows.
- + commit d633e92233f4a4afc82d3d9282220f303974525b
+ + commit e8aae18b997b3fdbfac86c644be94044aa67224d
* common/gettime.c: Include locale.h.
(asctimestamp): Increase buffer. On Windows use setlocale.
gpg: Switch to AES256 for symmetric encryption in de-vs mode.
- + commit 166e779634ea5fe2a7beeb186807e3a81128c717
+ + commit d1f2a6d9f71cf50318f4891c84aeedb975553896
* g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs
mode.
* g10/encrypt.c (setup_symkey): Add extra compliance check.
(encrypt_simple): Avoid printing a second error oncplinace failure.
-2020-11-03 Andre Heinecke <aheinecke@gnupg.org>
-
- po: Major update of italian translation.
- + commit ccecdc1f34a973dcd8d00b6ee9c830e0ddc8d08b
- * po/it.po: Update to a recent 2.2 version.
-
2020-11-02 Werner Koch <wk@gnupg.org>
gpg: Allow setting notations with the empty string as value.
- + commit f007d79533e638e395e1a3cf99233fd900cc805c
+ + commit e1bafa3574ccd56d9f8f8c1deb3d8fb9fd7025cc
* g10/misc.c (pct_expando): Catch special case of the empty string.
Also map a NULL to the empty string.
* g10/photoid.c (show_photos): Make an empty string used as command
fail.
+ build: Remove m4 macro defs which are not anymore used.
+ + commit 6397cf5fbe3bbc1f616431b011f76e031a387d4c
+ * configure.ac (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Do not use.
+ * acinclude.m4 (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Remove unused macro
+ defs.
+ (GNUPG_CHECK_FAQPROG): Ditto.
+ (GNUPG_CHECK_DOCBOOK_TO_TEXI): Ditto.
+ (GNUPG_CHECK_MLOCK): Ditto.
+
gpg: Do not use weak digest algos if selected by recipient prefs.
- + commit 4c181d51a6f1fd05b7f190a18769ba5e9f892f6a
+ + commit 15746d60d492f5792e4a179ab0a08801b4049695
* g10/misc.c (is_weak_digest): New.
(print_digest_algo_note): Use it here.
* g10/sig-check.c (check_signature_end_simple): Use it.
* g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
the least of weak digest algorithm.
-2020-10-30 Ingo Klöcker <dev@ingo-kloecker.de>
+2020-11-02 Ingo Klöcker <dev@ingo-kloecker.de>
gpg: Fix iteration over signatures.
- + commit 8a941428086bc173a65d4e8687308ca923394738
+ + commit b004701adca89ba85f75e12a4d284297147fe4f2
* g10/keyedit.c (keyedit_quick_revsig): Take signature of correct node
+2020-11-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ kbx: Don't put zero-byte for ECC.
+ + commit 8211d0bc3ba5ed15d0668050c08a6e28228b08a4
+ * kbx/keybox-openpgp.c (parse_key): Only put zero for non-ECC.
+
+ gpg: Fix debug output for key_check_all_keysigs with opaque MPI.
+ + commit 90c3d623ce37695a1eb29c0a7276b23490d14603
+ * g10/key-check.c (key_check_all_keysigs): Handle opaque MPI.
+
+ gpg: Fix check_signature2 for opaque MPI.
+ + commit 029ba6dc961c683d6683c97667d3c0e103738aa4
+ * g10/sig-check.c (check_signature2): Handle the case of opaque MPI.
+
+ gpg: Change the API for checksum to use const qualifier.
+ + commit 21d8927f794bd901b13feaaac6d31d463349a64f
+ * g10/main.h (checksum): Use const.
+ * g10/misc.c (checksum): Use const.
+
+ gpg: Fix counting buffer size in check_signature2.
+ + commit 3151210e455f14848921fac838a5064749258d9f
+ * g10/sig-check.c (check_signature2): Use GCRYMPI_FMT_PGP.
+
2020-10-30 NIIBE Yutaka <gniibe@fsij.org>
- agent: Fix secret key import for Ed25519.
- + commit ba321b60bc3bfc29dfc6fa325dcabad4fac29f9c
- * agent/cvt-openpgp.c (convert_secret_key): Avoid adding 0x00 at the
- beginning of MPI.
+ gpg: Fix SOS handling with libgcrypt version <= 1.8.
+ + commit 813e24108a139c8059dad8bc679b2ab76b807ed9
+ * g10/misc.c (checksum_mpi): Don't depend new feature
+ of gcry_mpi_print which supports opaque MPI.
+
+ gpg: Fix first zero-byte case for SOS handling.
+ + commit dd4fb1c8f668f78fbcf5052e80c5c40d4cdad20c
+ * g10/export.c (transfer_format_to_openpgp): Check the first byte.
+ * g10/pkglue.c (sexp_extract_param_sos): Likewise.
2020-10-28 Werner Koch <wk@gnupg.org>
gpg: New command --quick-revoke-sig.
- + commit 7ec56b033647a1b14d56f771d51c563dbd25f1b7
+ + commit 243f9176e799b2328f2e5bed93099bfc474fdc5a
* g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
(opts): Add --quick-revoke-sig.
(main): Implement.
adjust all callers.
(keyedit_quick_revsig): new.
* g10/revoke.c (get_default_sig_revocation_reason): New.
+ * g10/keylist.c (cmp_signodes): Make global.
+
+2020-10-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Sort the signatures in standard key listings.
+ + commit 742e2729f4bcadfeb93260107462f4faa108d3b2
+ * g10/gpg.c (parse_list_options): Add "sort-sigs".
+ (main): Make it the default.
+ * g10/options.h (LIST_SORT_SIGS): New.
* g10/keylist.c (cmp_signodes): New.
+ (list_keyblock_print): Sort signatures and factor signature printing
+ code out to ...
+ (list_signature_print): new.
+
+2020-10-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Handle canonical serialno and app specific serialno differently.
+ + commit e59d2b3632d8c778bd2c4375a1c3ba9c786c4360
+ * scd/app-common.h (card_get_serialno): Add IS_CANONICAL arg.
+ * scd/app.c (app_send_devinfo): Use app specific serialno.
+ (card_get_serialno): Support two different cases.
+ (app_get_serialno): Return app specific serialno.
+ (send_serialno_and_app_status): Return canonical serialno.
+ * scd/command.c (cmd_serialno): Return app specific serialno.
+ (cmd_learn): Return canonical serialno.
+
+2020-10-26 Werner Koch <wk@gnupg.org>
+
+ g10: Make call to agent_scd_serialno more robust.
+ + commit 0f780b1aebb1b1bde219401735a1c24c1f0a7978
+ * g10/call-agent.c (agent_scd_serialno): Make sure that NULL is stored
+ on error at r_serialno.
+ * g10/card-util.c (card_status): Simplify freeing of seriaono.
+ (factory_reset): Ditto.
2020-10-26 NIIBE Yutaka <gniibe@fsij.org>
+ scd: Flush the cache when writing cert data object.
+ + commit 8264b10d33e46d2caac2f2c38ccb5f764c31ad77
+ * scd/app-piv.c (do_writecert): Flush the cache of the data object.
+
+ gpg: Fix double free on error.
+ + commit a153d0f7691486efe0aadfb1e226544ae6d20ffd
+ * g10/card-util.c (card_status): Check an error return.
+
+ gpg,tools: Fix detecting OpenPGP card by serialno.
+ + commit 157f1de64e437cecd75335e9f4077ba9835e3da0
+ * tools/gpg-card.c (list_openpgp): Use ->apptype to determine card's
+ APP.
+ * g10/card-util.c (get_info_for_key_operation): Likewise.
+ (current_card_status): Even if its SERIALNO is not like OpenPGP card,
+ it's OpenPGP card when app says so.
+
scd: Internal CCID driver thing only for SPR532.
- + commit 38040ffee81e3c7a6972c9eae42af44eaaeb6ce6
+ + commit 31def32eeed8cff705ca827e4bbc0bfcc80c512f
* scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit
only for SPR532, excluding other readers by SCM.
(ccid_slot_status): Use ccid_vendor_specific_setup.
+2020-10-24 NIIBE Yutaka <gniibe@fsij.org>
+
scd: Internal CCID driver limiting only for SPR532.
- + commit d1c9cc3ca03d2134a0feecab6db3c4af308c7fa7
+ + commit 3c6b5dfa2a2379a5f5eaa052f7dbc73462097425
* scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for
SPR532.
-2020-10-23 Werner Koch <wk@gnupg.org>
+2020-10-23 Werner Koch <wk@gnupg.org>
+
+ common: Allow building with released libgpg-error.
+ + commit 32f336d9555f18464d72a5068c290ab82ee92617
+ * common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt.
+
+2020-10-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Handle Yubikey's multiple apps and serialno.
+ + commit 2d4de4b6f06c87cd0f72b2a0d09950e1b50841b2
+ * scd/app-common.h (yubikey_get_serialno): New.
+ * scd/app-openpgp.c (yubikey_get_serialno): New.
+ * scd/app.c (card_get_serialno): Use OpenPGP app's serialno,
+ when it's enabled for Yubikey.
+ (send_serialno_and_app_status): Use card_get_serialno, not
+ directly accessing ->serialno.
+
+ scd: Use app_get_serialno for app_getattr.
+ + commit c8cc35dd2c106d91a793667690c0b200560d5d2d
+ * scd/app.c (app_getattr): Use app_get_serialno.
+
+ scd: Don't overwrite serialno for Yubikey.
+ + commit 65c91e601ae93aee1a5fa399d4a5d4498ad76eda
+ * scd/app-openpgp.c (app_select_openpgp): Keep ->serialno.
+
+ scd,openpgp: Use app_get_serialno function to get SERIALNO.
+ + commit 41505f0ae544535b524a409d87aa2540607fc9a4
+ * scd/app-openpgp.c (check_keyidstr): Don't directly access
+ app->serialno, but use app_get_serialno.
+ (do_with_keygrip): Likewise.
+
+2020-10-21 Werner Koch <wk@gnupg.org>
common: New functions gnupg_opendir et al.
- + commit 5f8123df7856b724a062177026fe669ae49be263
+ + commit 7e22e08e2ab09cd3c2317f5e80e8ee47d46eff4b
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
callers of opendir, readdir, and closedir to use these functions.
w32: Make gnupg_remove and gnupg_rename_file Unicode aware.
- + commit 4252cd7b18b41a0d91076e46df9ba857e743406b
+ + commit 9a0197b6fe412cfc66b0cece521267180e454416
* common/sysutils.c (w32_rename): New.
(gnupg_rename_file) [W32]: Support Unicode.
(gnupg_remove) [W32]: Support Unicode. Drop Windows-CE support.
+2020-10-20 Werner Koch <wk@gnupg.org>
+
Replace all calls to stat by gnupg_stat.
- + commit 157030271f2d88d0756788a60c43e455870ec124
+ + commit 18e5dd7b03ced51611c9ba1345cf498a0aaf14a6
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
Replace most calls to open by a new wrapper.
- + commit 86e52e3c33843f67a7972181ccbf33b48a40e557
+ + commit 4dcef0e17836e8725c31a3b76f2bf7144345c808
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New. Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
-2020-10-21 Werner Koch <wk@gnupg.org>
-
w32: Allow Unicode filenames for dotlock.
- + commit d65ea29683eeecfcf12e74744a490e8acfc1a5cf
+ + commit b47c355b18d9537ccc3dd3e80cc1825b018ecff7
* common/dotlock.c (any8bitchar) [W32]: New.
(dotlock_create_w32): Use strconcat and CreateFileW.
manual testing on Windows.
Replace all calls to access by gnupg_access.
- + commit dd5fd4a760b8cf6ae05ff878bcf36cf2465e744c
+ + commit c94ee1386e0d5cdac51086c4d5b92de59c09c9b5
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
-2020-10-06 NIIBE Yutaka <gniibe@fsij.org>
+2020-10-09 NIIBE Yutaka <gniibe@fsij.org>
- scd: Add a workaround for Yubikey.
- + commit 25bec16d0bdcb9829a7b35c403cbb778b3b0c097
- * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.
+ gpg,ecc: Fix SOS handling when receiving from agent.
+ + commit 228836f79f64559c9582ac2d475e50af57684bf8
+ * g10/export.c (transfer_format_to_openpgp): It's not simple opaque
+ MPI, but SOS.
- scd: Silence compiler warning.
- + commit 0f4c956a76614bebf0f86bef79eba0e850e23df4
- * scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size.
+ agent: Fix SEGV when debuging for cache enabled.
+ + commit 33cb1655f1b7c597d1ebdcb38447648477e6ac9f
+ * agent/cache.c (agent_get_cache): Avoid dereferencing NULL.
- scd: Report any error for LEARN command.
- + commit 7c8823bf82daade7417aeaebc34fefe3aa7c1856
- * scd/app-openpgp.c (do_learn_status): Report any error.
+2020-10-05 Werner Koch <wk@gnupg.org>
+
+ gpgsm: Fix detection of too old keyboxd.
+ + commit 4eb9ce847825e8c6a07ce27d303c56233e85d007
+ * sm/keydb.c (warn_version_mismatch): Add arg ctrl and pass on.
+ (create_new_context): Pass ctrl to warn function.
+
+ dirmngr: Minor cleanup for better readability.
+ + commit b258f8de7e9fc436d72c4d4ff8f98e9b86d2f3f5
+ * dirmngr/ldap.c (start_default_fetch_ldap): Rename to
+ start_cacert_fetch_ldap and remove arg attr. Instead use
+ "cACertificate" directly.
+ * dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
+ (start_cert_fetch_ldap): Rename arg for clarity.
+
+ dirmngr: Add warning on the use of --add-servers.
+ + commit 210575d8826ea61e4914e4b61eff7b875c972b85
+ * tools/gpgconf-comp.c (known_options_dirmngr): Degrade add-servers to
+ expert mode.
+
+ gpg: Switch to ed25519+cv25519 as default algo.
+ + commit ff31dde456f32950f0df6c974b4c41f1d650d68f
+ * g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future
+ default ago.
+ (ask_algo): Change default and also the way we indicate the default
+ algo in the list of algos.
+ (ask_curve): Indicate the default curve.
+
+ keyboxd: Fix duplicates when listing keys by uid.
+ + commit 194034f813a09a0021e6aa82d64ea0693b37c8d0
+ * kbx/backend-sqlite.c (struct be_sqlite_local_s): Add fields
+ lastubid_valid and lastubid.
+ (run_sql_prepare): Add optional extra2 arg and chage callers.
+ (run_select_statement): Add an ORDER BY clause to most SELECTs.
+ (be_sqlite_search): Skip duplicated keyblocks in a search.
+
+2020-10-04 Werner Koch <wk@gnupg.org>
+
+ build: Fix SENDMAIL define for a PATH with spaces.
+ + commit 6c36b8bb23bb033aaae5f1dff3b38d8e0e44717c
+ * configure.ac: Fix use of $PATH
+
+ (cherry picked from commit 77e416741abb0a871733bd46cbc81329859de96e)
+
+2020-10-02 Werner Koch <wk@gnupg.org>
+
+ gpgconf: New option --show-versions.
+ + commit 357ad9ae29677c1676b56d2b81282e2f78ec8040
+ * tools/gpgconf.c: Include exechelp.h. New option --show-versions.
+ (get_revision_from_blurb): New.
+ (show_version_gnupg): New.
+ (show_version_libgcrypt): New.
+ (show_version_gpgrt): New.
+ (show_versions_via_dirmngr): New.
+ (show_versions): New.
+ * tools/gpgconf-comp.c (GPGNAME): Remove unused macro.
+ * dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
+ (get_revision_from_blurb): New.
+ (gpgconf_versions): New.
+
+ w32: Silence warning due to recent change of split_fields.
+ + commit 371228a244232f2b74181e0aa3c44d698df840ce
+ * common/compliance.c (gnupg_rng_is_compliant): Make fields const.
+
+ gpg: Fix parameter parsing form ed448.
+ + commit e824e27d36021a868c855244d22c7d40a88a396e
+ * g10/keygen.c (parse_key_parameter_part): Set algo also for 448.
+
+2020-10-01 Andre Heinecke <aheinecke@gnupg.org>
+
+ doc: Remove enable-extended-key-format in vsnfd.
+ + commit d84862cf109c75ae30ed5e2531b4554083c6a558
+ * doc/examples/vsnfd.prf: Remove enable-extended-key-format
+
+2020-09-30 NIIBE Yutaka <gniibe@fsij.org>
scd: Internal CCID driver: More fix for SPR532.
- + commit 1f1b68eef72bed9bb7ac1eb8102f6f51d587dbc0
+ + commit 920f258eb6018ecec1d63bad6a0fb0772f72affa
* scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb.
+ scd: Report any error for LEARN command.
+ + commit 862d9c6face9b4ad61f6e59bf1ba9b5f5d05c58c
+ * scd/app-openpgp.c (do_learn_status): Report any error.
+
+2020-09-29 NIIBE Yutaka <gniibe@fsij.org>
+
scd: Internal CCID driver fix.
- + commit 33a2d4bd7ffc6ad10d7ddb0f29fe4e21609806f7
+ + commit 1444203ca32ccfa4bd5097d2d49565c4055c620b
* scd/ccid-driver.c (intr_cb): More useful debug output.
(ccid_slot_status): Remove redundant condition.
scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.
- + commit 48565e7a08d64e3628da8baa80541841af0a6166
+ + commit 6af978713e4c69d7814f47e709f1dfb3fe9076d1
* scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint.
(ccid_vendor_specific_init): Don't call libusb_clear_halt.
+2020-09-28 NIIBE Yutaka <gniibe@fsij.org>
+
scd: Internal CCID driver: Fix a failure path.
- + commit 30693dfb6fe970dba195bf00a77d854e6fbc1ed0
+ + commit d561c936a217627bc29aac628a8d01f7003dcd28
* scd/ccid-driver.c (ccid_open_usb_reader): On error, call
libusb_release_interface.
scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.
- + commit 498cd38019b8122824d69fd194675ab532501423
+ + commit b1e8072320c19246962beb6d67dc5784b5a72364
* scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.
+ scd: Internal CCID: Clear the handle after use.
+ + commit c5e8ef3ab980012b64f5894f437e2ff568b02f43
+ * scd/apdu.c (close_ccid_reader): Clear the handle.
+ (open_ccid_reader): Likewise.
+
scd: Change handling of SPR532 card reader.
- + commit 7db836c0e9223a4d5f30636e35e18156a97e6b91
+ + commit 684a52dffa8b7f79b26fe53b3ab10d7748a8fb37
* scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
for SPR532 initialization.
(ccid_slot_status): Send ESCape command after GetSlotStatus.
- scd: For SPR532, submit the ESCape command at initialization.
- + commit 11d8d1e0505645f7d14bcc1c01d17a566e033705
- * scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
- command for VENDOR_SCM.
- (ccid_transceive_secure): Don't submit the ESC command every time.
-
- scd: Fix CCID internal driver for interrupt transfer.
- + commit dd7cc24d5f9274579f0966de3be7ae8b0c19bacd
- * scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.
-
- scd: Better handling of timeout and time extension.
- + commit 186d11896ca2751eac8a7f54845ec71cc7f6fcc3
- * scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
- (ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
- determined value. Use value from variable wait_more for bulk_in.
- Set wait_more by the value of time extension request.
+2020-09-25 Werner Koch <wk@gnupg.org>
- scd: Fix internal CCID driver, so that -DTEST works.
- + commit 60af035c22b9fbdc10c8c0a69399c46908801c66
- * scd/ccid-driver.c: Support a test program by ccid-driver.
+ keyboxd: Make use of the config table.
+ + commit f8fbd9e7346ee0c3b09271ec2cdb589282eae1c9
+ * kbx/backend-sqlite.c (DATABASE_VERSION): New.
+ (table_definitions): Make column name of table config unique.
+ (create_or_open_database): Read and set the database version.
+ (get_config_value, set_config_value): New.
- scd: ccid-driver: Initial getting ATR more robustly.
- + commit 165312dca90a198ebc0be4ed6b0791297c90b085
- * scd/ccid-driver.c (send_power_off): New.
- (do_close_reader): Use send_power_off.
- (ccid_get_atr): Add error recovery.
+2020-09-25 NIIBE Yutaka <gniibe@fsij.org>
- scd: Clean up the structure for future fix of PC/SC.
- + commit 1efc01ff987dde4adf6777d4df44b5a00f6f0d8d
- * scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
- (open_ccid_reader): Follow the change.
- (apdu_dev_list_start, apdu_dev_list_finish): Likewise.
- (apdu_open_reader): Likewise.
- * scd/ccid-driver.c (ccid_dev_scan): Use void *.
- (ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
- * scd/ccid-driver.h: Change the APIs.
+ scd: For PC/SC, send the ESC command at init for SPR532 reader.
+ + commit 93e3c97889120dd17d79b7c8dd04293553785c9b
+ * scd/apdu.c (struct reader_table_s): Remove is_spr532.
+ (pcsc_vendor_specific_init): Send the ESC command for SPR532.
+ (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove no_lc hack.
-2020-10-06 Werner Koch <wk@gnupg.org>
+ scd: For SPR532, submit the ESCape command at initialization.
+ + commit 4fae55f8ee11b3f710524e5e8b8a91b159949f2d
+ * scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
+ command for VENDOR_SCM.
+ (ccid_transceive_secure): Don't submit the ESC command every time.
- scd: Map some error codes from libusb to ccid-driver error codes.
- + commit 5b985b026418213a4c75291cb041ca8aa798cec3
- * scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
- * scd/apdu.h: New SW_HOST error codes.
- * scd/apdu.c (host_sw_string): Print them
- * scd/ccid-driver.c (map_libusb_error): New.
- (ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
- * scd/iso7816.c (map_sw): Map new codes to gpg-error.
+2020-09-24 Werner Koch <wk@gnupg.org>
-2020-10-06 NIIBE Yutaka <gniibe@fsij.org>
+ gpg: New experimental import option "bulk-import"
+ + commit d49a945b12d98fadd0d37f4e50b5e02799e16305
+ * g10/options.h (IMPORT_BULK): New.
+ * g10/import.c (parse_import_options): Add "bulk-import".
+ * g10/call-keyboxd.c (in_transaction): New var.
+ (gpg_keyboxd_deinit_session_data): Run a commit if in bulk import
+ mode.
+ (create_new_context): Run a begin transaction if in bulk import mode.
+
+ keyboxd: New command TRANSACTION.
+ + commit c2b14f5d6852fb9efaca8aeec7961e9d036203e8
+ * kbx/backend-sqlite.c (be_sqlite_rollback): New.
+ (be_sqlite_commit): New.
+ (be_sqlite_search): Take care of global transactions.
+ (be_sqlite_store): Ditto.
+ (be_sqlite_delete): Ditto.
+ * kbx/frontend.c (kbxd_rollback, kbxd_commit): New.
+ * kbx/keyboxd.h (opt): Add vars for transactions.
+ * kbx/kbxserver.c (struct server_local_s): Add fields next_session and
+ client_pid.
+ (session_list): New var.
+ (cmd_transaction): New.
+ (register_commands): Register command.
+ (kbxd_start_command_handler): Store pids and track sessions. Do a
+ final rollback.
+
+ tests: Integrate --use-keyboxd into the OpenPGP test suite.
+ + commit b19a60c6f7e892635db9e22499a7a44087c86c41
+ * tests/openpgp/all-tests.scm (all-tests): Replace extended-key-format
+ mode with a new keyboxd mode.
+ * tests/openpgp/defs.scm (create-gpghome): Ditto.
+ * tests/openpgp/gpgv.scm: Adjust for keyboxd mode.
+ * tests/openpgp/issue2419.scm: Fix to allow setting a log-file into
+ gpg.conf for debugging.
+
+ keyboxd: Implement multiple search descriptions.
+ + commit 25ad3c22d79d06c16a5fc652b0a6e3ffd99ad2b6
+ * kbx/kbx-client-util.c (kbx_client_data_simple): New.
+ * kbx/backend-sqlite.c (struct be_sqlite_local_s): Add field descidx.
+ (be_sqlite_search): Use that.
+ * g10/call-keyboxd.c (keydb_search): Implement multi mode.
+
+ keyboxd: Fix UDPATE keyblob SQL statement.
+ + commit 1f89d50537b3b16165e921df60734ce6203650cb
+ * kbx/backend-sqlite.c: Always use ?NNN for SQL parameters.
+
+ tests: Fix convenience function to run gpg.
+ + commit 97798eec4b77470b3aecdbee9729fa76b8550dfe
+ * tests/openpgp/defs.scm (pipe:gpg): Remove stray dash.
+
+ keyboxd: Remove unused variables.
+ + commit 0ac003b4576392ca3e930304a98bbf8183ab5f8b
+ * kbx/kbx-client-util.c (datastream_thread): No need to set PK_NO and
+ UID_NO.
+
+ keyboxd: Integrate into gpgconf.
+ + commit acaeba2dbdb9bbd68a823c671d5c3577fef5d26d
+ * common/asshelp.c (lock_spawning): Use a dedicated name for keyboxd.
+ * common/homedir.c (keyboxd_socket_name): New.
+ (gnupg_module_name): Put keyboxd into libexecdir.
+ * tools/gpgconf-comp.c (known_options_keyboxd): New.
+ (gc_component): Add entry for keyboxd.
+ (keyboxd_runtime_change): New.
+ (gc_component_launch): Support keyboxd.
+ * tools/gpgconf.c (list_dirs): Emit new item keyboxd-socket.
+ (main): Also remove keyboxd socket.
+
+2020-09-24 NIIBE Yutaka <gniibe@fsij.org>
- scd: internal driver: Submit SET_INTERFACE control transfer.
- + commit cccdca61a841228475da573aab8b57c659a9631a
- * scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
- control transfer.
+ scd: Fix CCID internal driver for interrupt transfer.
+ + commit 7cbb513a2dc150a90a30c53316970df2a439d494
+ * scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.
- scd: Internal CCID driver: Clean up backport from master.
- + commit 7b531fe5801b0ad47414c4a6ed961665ba5a2541
- * scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note
- that this is anyway an impossible case.
+2020-09-22 Werner Koch <wk@gnupg.org>
-2020-10-05 Werner Koch <wk@gnupg.org>
+ gpg: Set the found-by flags in the keyblock in keyboxd mode.
+ + commit 183509756179fadd95d1cc740047b94dc16bb279
+ * g10/keydb-private.h (struct keydb_handle_s): Add fields to return
+ the ordinals of the last found blob.
+ * g10/call-keyboxd.c (keydb_get_keyblock): Pass them to the keyblock
+ parser.
+
+ sm: Fix returning of the ephemeral flag in keyboxd mode.
+ + commit b810320b1bf76209dc1087cb91ca34232d9268c3
+ * sm/keydb.c (search_status_cb): Skip over the ubid.
+
+ common: Fix name of keyboxd.
+ + commit c81a7b09368a474de4e3572fbb527d1597408ab1
+ * common/homedir.c (gnupg_module_name): Fix name.
+
+ keyboxd: Extend PUBKEY_INFO status line with an uid ordinal.
+ + commit 0e892bda4e0bf9db9116d7d5585d4e7b0d2eae57
+ * kbx/backend-sqlite.c (table_definitions): Add column UINO to
+ userids.
+ (be_sqlite_local_s): Add fields select_col_uidno and
+ select_col_subkey.
+ (run_select_statement): Also select subkey or uidno column.
+ (be_sqlite_search): Return their values.
+ (store_into_userid): Store the UIDNO.
+ * kbx/backend-support.c (be_return_pubkey): Extend PUBKEY_INFO.
- dirmngr: Minor cleanup for better readability.
- + commit ffbef54d36d4c2c150b63a57c79872d2e1f2a68e
- * dirmngr/ldap.c (start_default_fetch_ldap): Rename to
- start_cacert_fetch_ldap and remove arg attr. Instead use
- "cACertificate" directly.
- * dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
- (start_cert_fetch_ldap): Rename arg for clarity.
+ kbx: Add bounds check to detect corrupt keyboxes.
+ + commit e0a312bfd646485ae8a0ae5e26720fc1667c5490
+ * kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes.
+
+2020-09-21 Werner Koch <wk@gnupg.org>
+
+ scd: Extend KEYPAIRINFO with an algorithm string.
+ + commit 26da47ae53d51e16ae6867cd419ddbf124a94933
+ * scd/app-openpgp.c (send_keypair_info): Emit the algo string as part
+ of a KEYPAIRINFO.
+ * scd/command.c (do_readkey): Ditto.
+ * scd/app-piv.c (do_readkey): Ditto.
+ * scd/app-nks.c (do_learn_status_core): Ditto.
+ (struct fid_cache_s): Add field algostr.
+ (flush_fid_cache): Release it.
+ (keygripstr_from_pk_file): Fill it and add it to the cache. Use a
+ single exit label.
+ * scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg
+ r_algostr. Change all callers.
+
+ sm: Implement delete key in keyboxd mode.
+ + commit c772770574ea2d337f8745ff304b1b8acd8a2e4c
+ * sm/keydb.c (keydb_delete): Implement keyboxd mode.
+ (keydb_update_cert): Disable unused function.
+ * kbx/backend-sqlite.c (be_sqlite_delete): Delete from issuer.
+
+2020-09-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix regression for access through the extra secket.
+ + commit 8a84a71f3a58a3e943f238b70743cd6408477eba
+ * agent/command.c (cmd_keyinfo): Allow KEYINFO command for one key.
+ (cmd_scd): Allow SCD command to invoke GETINFO, GETATTR, and
+ KEYINFO --list=encr sub commands.
+
+ common,agent,dirmngr,g10,tools: Fix split_fields API.
+ + commit dfdcf14738976c6b236f4fa1c3b68af351024b3c
+ * common/stringhelp.h (split_fields): Use const * for the strings in
+ the ARRAY.
+ (split_fields_colon): Likewise.
+ * common/stringhelp.c (split_fields, split_fields_colon): Fix
+ the implementation.
+ * agent/call-scd.c, agent/command.c: Follow the change.
+ * common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
+ * g10/call-agent.c, tools/card-call-scd.c: Likewise.
+ * tools/card-yubikey.c, tools/gpg-card.c: Likewise.
+ * tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
+ * tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
+ * tools/wks-util.c: Likewise.
-2020-10-04 Werner Koch <wk@gnupg.org>
+2020-09-16 NIIBE Yutaka <gniibe@fsij.org>
- build: Fix SENDMAIL define for a PATH with spaces.
- + commit 77e416741abb0a871733bd46cbc81329859de96e
- * configure.ac: Fix use of $PATH
+ scd: Clear PIN cache when changing key attributes.
+ + commit 8ff36630277f05fbe4e43c7d757eb90da8645e3f
+ * scd/app-openpgp.c (change_keyattr): Clear all PINs.
-2020-10-02 Werner Koch <wk@gnupg.org>
+ scd: Clear caching PIN at KDF setup.
+ + commit f4c07fc3d3c32e96d4306f6daa60b6de7fba7dc5
+ * scd/app-openpgp.c (do_setattr): Clear PINs.
- gpgconf,w32: Add manifest so we get the correct windows version.
- + commit 239e60a37f63d3880d1107b6981a964f437761ae
- * common/w32info-rc.h.in: Update copyright info.
- * tools/gpg-connect-agent-w32info.rc: Tweak file info.
- * tools/gpgconf-w32info.rc: New.
- * tools/gpgconf.w32-manifest.in: New.
- * configure.ac: Add new .in file.
- * tools/Makefile.am (EXTRA_DIST): Add them.
- (gpg_connect_agent_robjs, gpgconf_robjs): New.
- (gpgconf_LDADD): Add resource file.
- (gpg_connect_agent_LDADD): Change name of resource macro.
+ scd: Add better support for KDF feature.
+ + commit 316a8cbc7523560d999e46eb524165db11682210
+ * scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk.
- gpgconf: New option --show-versions.
- + commit a298ba02ee76a9291ef5cec1a3564d8e254b9ca7
- * tools/gpgconf.c: Include exechelp.h. New option --show-versions.
- (get_revision_from_blurb): New.
- (show_version_gnupg): New.
- (show_version_libgcrypt): New.
- (show_version_gpgrt): New.
- (show_versions_via_dirmngr): New.
- (show_versions): New.
- * dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
- (get_revision_from_blurb): New.
- (gpgconf_versions): New.
+ gpg,scd: Fix handling of KDF feature.
+ + commit 8dfd0ebfd8cf2b6bcecbd91c8f7fad6db583aa5a
+ * g10/card-util.c (kdf_setup): Fix the default value.
+ * scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
+ Zeitcontrol. Make sure Gnuk and Yubikey work well.
-2020-10-01 Andre Heinecke <aheinecke@gnupg.org>
+2020-09-15 NIIBE Yutaka <gniibe@fsij.org>
- doc: Remove enable-extended-key-format in vsnfd.
- + commit d833030f8cf646b5de83d01fc3e412ad77ec4b1c
- * doc/examples/vsnfd.prf: Remove enable-extended-key-format
+ scd: Fix the use case of verify_chv2 by CHECKPIN.
+ + commit 6e51f2044aebb885ea81dae259db1b7f477b1c44
+ * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
+ when needed.
-2020-09-22 Werner Koch <wk@gnupg.org>
+2020-09-11 Werner Koch <wk@gnupg.org>
- kbx: Add bounds check to detect corrupt keyboxes.
- + commit be8b30f8ebf637a7e476ff8902349a56924bf20f
- * kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes. Add support
- for 32 byte fingerprints.
+ scd:piv: Avoid conflict when writing a cert.
+ + commit fbc1b199fdc8fd9a4ab422f005b4eb521b594c5c
+ * scd/app-piv.c (map_curve_name_to_oid): New.
+ (my_cmp_public_key): New.
+ (do_writecert): Replace simple memcmp by cmp_canon_sexp.
-2020-09-16 NIIBE Yutaka <gniibe@fsij.org>
+ common: New function cmp_canon_sexp.
+ + commit b6ba6a79ce9336f1b53f16f3d1190dd009fb166e
+ * common/sexputil.c (cmp_canon_sexp): New.
+ (cmp_canon_sexp_def_tcmp): New.
+ * common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
- scd: Fix the use case of verify_chv2 by CHECKPIN.
- + commit 61aea64b3c1717a7e304c82cda92e08ce5a6c533
- * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
- when needed.
+ keyboxd: Implement lookup by short and long keyid.
+ + commit 9a94db1f662a1c5973b57b25e25aeab1bc33250e
+ * kbx/backend-sqlite.c: Change definition of column KID.
+ (kid_from_mem): Remove.
+ (kid_from_u32): Rewrite.
+ (run_sql_bind_int64): Remove.
+ (run_select_statement): Implement lookup by short keyid. Fix lookup
+ by long keyid.
+ (store_into_fingerprint): Adjust kid arg.
+
+ keyboxd: Add ephemeral and revoked flag to the sqlite backend.
+ + commit 616c60d93dfab27dde00e1489c6c51340ec93b6c
+ * kbx/backend-support.c (be_return_pubkey): Add args is_ephemeral and
+ is_revoked. Adjust callers.
+ * kbx/backend-sqlite.c: Alter table pubkey to add new columns.
+ (run_select_statement): Add new column to all selects.
+ (be_sqlite_search): Return the new flags.
+
+2020-09-10 Andre Heinecke <aheinecke@gnupg.org>
+
+ doc: Update and extend module overview.
+ + commit d62797ebcc15ffac52664fe08759d18a92491ddc
+ * doc/gnupg-module-overview.svg: Add examples of GPGME aware
+ applications
2020-09-10 Werner Koch <wk@gnupg.org>
+ sm: Implement initial support for keyboxd.
+ + commit ed6ebb696e4063dc664d7ee74fc492025881c459
+ * sm/gpgsm.h (MAX_FINGERPRINT_LEN): New.
+ * sm/keydb.c (struct keydb_local_s): Change definition of
+ search_result.
+ (keydb_get_cert): Implement keyboxd mode.
+ (keydb_get_flags): Temporary hack for keyboxd mode. Needs to be
+ fixed.
+ (struct store_parm_s, store_inq_cb): New.
+ (keydb_insert_cert): Implement keyboxd mode.
+ (keydb_locate_writable): Make static.
+ (keydb_search_reset): Implement keyboxd mode.
+ (search_status_cb): New.
+ (keydb_search): Implement keyboxd mode. Replace return code -1 by
+ GPG_ERR_NOT_FOUND.
+ (keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND.
+ * sm/keylist.c (list_cert_colon): Adjust for replacement of -1 by
+ GPG_ERR_NOT_FOUND.
+ (list_internal_keys): Ditto.
+ * sm/sign.c (add_certificate_list): Ditto.
+ * sm/certchain.c (find_up_search_by_keyid): Ditto.
+ (find_up_external, find_up, find_up_dirmngr): Ditto.
+ (gpgsm_walk_cert_chain): Ditto.
+ (get_regtp_ca_info): Ditto.
+ * sm/certlist.c (gpgsm_add_to_certlist): Ditto.
+ (gpgsm_find_cert): Ditto.
+ * sm/delete.c (delete_one): Ditto.
+ * sm/export.c (gpgsm_export): Ditto.
+ (gpgsm_p12_export): Ditto.
+ * sm/import.c (gpgsm_import_files): Ditto.
+
+ keyboxd: Add basic support for X.509.
+ + commit c9677d416e6ff190c589af35b514a01a787085fb
+ * kbx/keybox-blob.c (x509_email_kludge): Rename to ...
+ (_keybox_x509_email_kludge): this and make global.
+ * kbx/backend.h: Include ksba.h.
+ * kbx/backend-support.c (be_get_x509_serial): New.
+ (be_get_x509_keygrip): New.
+ * kbx/backend-sqlite.c (table_definitions): New table 'issuers'.
+ (run_select_statement): Implements modes ISSUER, ISSUER_SN, SUBJECT.
+ (store_into_userid): Add arg override_mbox.
+ (store_into_issuer): New.
+ (be_sqlite_store): Implement x509 part.
+
+ keyboxd: Use D-lines instead of a separate thread.
+ + commit 6fcc263c182fc49d9ba2d1bd7649b4af1e9f3e3a
+ * kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'.
+ * g10/call-keyboxd.c (open_context): Set DLINES to true.
+ * sm/keydb.c (open_context): Ditto.
+
+ keyboxd: Add options --openpgp and --x509 to SEARCH.
+ + commit 29977e21d18188e16e50fee95a95e05fdbd97caf
+ * kbx/keyboxd.h (struct server_control_s): Replace the two request
+ objects by just one. Add filter flags.
+ * kbx/kbxserver.c (cmd_search): Add options --openpgp and --x509.
+ (cmd_killkeyboxd): Do not return GPG_ERR_EOF.
+ * kbx/frontend.c (kbxd_release_session_info): Adjust for the new
+ request object.
+ (kbxd_search, kbxd_store, kbxd_delete): Ditto.
+ * kbx/backend-sqlite.c (struct be_sqlite_local_s): Add filter flags.
+ (run_sql_prepare): Add optional arg 'extra'. Change callers.
+ (run_sql_bind_ntext): New.
+ (run_sql_bind_text): Just call run_sql_bind_ntext.
+ (run_select_statement): Add ctrl arg. Implement the filter flags.
+
+ * g10/call-keyboxd.c (keydb_search): Use the --openpgp option.
+
gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
- + commit a084924d07be16dbbbf4b34d463c67c8d4c117be
+ + commit 3cf9bb4d73cfe78d3d48734e7c8a65d9a98112a5
* dirmngr/server.c (cmd_killdirmngr): Return 0.
* tools/gpg-connect-agent.c (main): Catch signals.
dirmngr: Fix the pool keyserver case for a single host in the pool.
- + commit 72e04b03b1a7aee5521156c6d549ca10a81ac529
+ + commit 5a87011c46b5b01659c3cbc3c7a04da94ae5ca9e
* dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
localhost and if there is no pool.
dirmngr: Align the gnutls use of CAs with the ntbtls code.
- + commit e4f3b74c91063d83395ba0bc37f67cb22d47ca8f
+ + commit faabc49797df43c4904b6230f83e8c6677e88b22
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
+2020-09-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Flush KDF DO (0x00F9) when it's being set.
+ + commit d4cb774ddd8830836c9c87a90db01f749ac8d67c
+ * scd/app-openpgp.c (do_setattr): Call flush_cache_item always.
+
+2020-09-09 Werner Koch <wk@gnupg.org>
+
agent: Keep some permissions of private-keys-v1.d.
- + commit 7de9ed521e516879a72ec6ff6400aed4bdce5920
+ + commit 8ed85ef3de9cdeee86e281a8b46be1bd49a36e7a
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
+ kbx: Change X.509 S/N search definition.
+ + commit adec6a84f6ee176764391da358ae150f92b1f1e4
+ * kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload
+ SNLLEN with a hex flag. Add SNHEX.
+ * kbx/keybox-search.c (keybox_search): Adjust.
+ * common/userids.c (classify_user_id): Adjust.
+ * sm/keydb.c (keydb_search_desc_dump): Adjust.
+ * g10/keydb.c (keydb_search_desc_dump): Adjust.
+
+2020-09-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg,tools: Add handling of supported algorithms by a card.
+ + commit 2bc1ec294422504e2d2e5d20716aba68f1c2b0d7
+ * g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo.
+ * g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO.
+ (agent_release_card_info): Release supported_keyalgo.
+ * tools/gpg-card.h (struct card_info_s): Add supported_keyalgo.
+ * tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO.
+ (release_card_info): Release supported_keyalgo.
+
+ scd: Add a workaround for Yubikey.
+ + commit 0db9c83555b4a8a0c52f96e96ec20dbfd3d75272
+ * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.
+
+2020-09-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix handling 0x00FA to support OpenPGP card 3.4.
+ + commit 270c49b8c6eaf99df7b417f9d0e45eba0acfb423
+ * scd/app-openpgp.c (data_objects): It may be longer.
+
2020-09-04 Werner Koch <wk@gnupg.org>
gpg: Initialize a parameter to silence valgrind.
- + commit 6ce8fdc4b2a05bb2c1cf2aa9faa76f1c7a4fdb28
+ + commit 65eb1569809a3c42e8afb064f6194fac2e34a03a
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
+2020-09-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Support GET DATA response with no header for DO 0x00FA.
+ + commit 43bbc25b0f57dec24412886ff46041e0b1f3de26
+ * scd/app-openpgp.c (do_getattr): Support Gnuk, as well.
+
+ scd: Parse "Algorithm Information" data object in scdaemon.
+ + commit eba2563dabbb4f61537900289fbe3ae113904733
+ * scd/app-openpgp.c (data_objects): 0x00FA for binary data.
+ (do_getattr): Parse the data and send it in status lines.
+ (get_algorithm_attribute_string): New.
+
2020-09-03 Werner Koch <wk@gnupg.org>
- Release 2.2.23.
- + commit e234d04c3c91cd4e84cb5790a131bf6a8b6733c4
+ sm: New options to prepare the use of keyboxd.
+ + commit 046f419f806036248c058c4bd44368f8596287b7
+ * sm/Makefile.am (AM_CFLAGS): Add npth flags.
+ (common_libs): Use npth version of the lib.
+ (gpgsm_LDADD): Add npth libs.
+ * sm/gpgsm.c (oUseKeyboxd, oKeyboxdProgram): New.
+ (opts): New options --use-keyboxd and --keyboxd-program.
+ (main): Set them.
+ (gpgsm_deinit_default_ctrl): New.
+ (main): Call it.
+ * sm/server.c (gpgsm_server): Ditto.
+ * sm/gpgsm.h (opt): Add fields use_keyboxd and keyboxd_program.
+ (keydb_local_s): New type.
+ (struct server_control_s): Add field keybd_local.
+ * sm/keydb.c: Include assuan.h, asshelp.h, and kbx-client-util.h.
+ (struct keydb_local_s): New.
+ (struct keydb_handle): Add fields for keyboxd use.
+ (gpgsm_keydb_deinit_session_data): New.
+ (warn_version_mismatch): New.
+ (create_new_context): New.
+ (open_context): New.
+ (keydb_new): Implement keyboxd mode.
+ (keydb_release): Ditto.
+ (keydb_get_resource_name): Ditto.
+
+ * sm/keydb.c: Add stub support for all other functions.
+ sm: Add arg ctrl to keydb_new.
+ + commit a7d006293ec84532cc1972cd2f990198eadf1a1a
+ * sm/keydb.c (keydb_new): Add arg and change all callers.
- gpg: Fix AEAD preference list overflow.
- + commit aeb8272ca8aad403a4baac33b8d5673719cfd8f0
- * g10/getkey.c (fixup_uidnode): Increase size of prefs array.
+2020-09-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add handling of "Algorithm Information" DO.
+ + commit 90d0072165cc5c6888f14462392a211de0c4b232
+ * cd/app-openpgp.c (data_objects): Add 0x00FA.
+ (do_getattr): Add KEY-ATTR-INFO.
2020-09-02 Werner Koch <wk@gnupg.org>
gpg: Fix segv importing certain keys.
- + commit 896c528ba0555443cca81b3f091f761e70c698cd
+ + commit 8ec9573e57866dda5efb4677d4454161517484bc
* g10/key-check.c (key_check_all_keysigs): Initialize issuer.
-2020-09-01 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix a regression for OpenPGP card.
- + commit 0a9665187a7cbf68933b7162fb5f974177684a50
- * scd/app-openpgp.c (verify_chv2): Make sure loading keys.
+ keyboxd: Restructure client access code.
+ + commit 497db0b5bcd688c4e2144ba167bd2ac485069d1b
+ * kbx/kbx-client-util.c: New.
+ * kbx/kbx-client-util.h: New.
+ * kbx/Makefile.am (client_sources): New.
+ * g10/keydb.c (parse_keyblock_image): Rename to keydb_parse_keyblock
+ and make global.
+ * g10/call-keyboxd.c: Include kbx-client-util.h.
+ (struct keyboxd_local_s): Remove struct datastream. Add field kcd.
+ Remove per_session_init_done.
+ (lock_datastream, unlock_datastream): Remove.
+ (prepare_data_pipe, datastream_thread): Remove.
+ (keydb_get_keyblock_do_parse): Remove.
+ (gpg_keyboxd_deinit_session_data): Release the KCD object.
+ (open_context): Use of kbx_client_data_new.
+ (keydb_get_keyblock): Simplify.
+ (keydb_search): Use kbx_client_data_cmd and _wait.
+
+ keyboxd: Fix user id based queries.
+ + commit 4d839f5a8083e1ddd4767c838f56a4079f846c6d
+ * kbx/backend-sqlite.c (run_select_statement): Add the missing join
+ for user id bases queries.
+
+ common: New helper function gnupg_close_pipe.
+ + commit 2042f5a4641f4e43137b7683077b4d733d216417
+ * common/exechelp-posix.c (gnupg_close_pipe): New.
+ * common/exechelp-w32.c (gnupg_close_pipe): New.
+
+2020-09-01 Werner Koch <wk@gnupg.org>
+
+ Use only one copy of the warn_server_mismatch function.
+ + commit 2cd8bae23d7382588cf096df3eed83e02331a2bf
+ * common/asshelp.c (warn_server_version_mismatch): New. Actually a
+ slightly modified version of warn_version_mismatch found in other
+ modules.
+ * common/status.c (gnupg_status_strings): New.
+ * g10/cpr.c (write_status_strings2): New.
+ * g10/call-agent.c (warn_version_mismatch): Use the new unified
+ warn_server_version_mismatch function.
+ * g10/call-dirmngr.c (warn_version_mismatch): Ditto.
+ * g10/call-keyboxd.c (warn_version_mismatch): Ditto.
+ * sm/call-agent.c (warn_version_mismatch): Ditto.
+ * sm/call-dirmngr.c (warn_version_mismatch): Ditto.
+ * tools/card-call-scd.c (warn_version_mismatch): Ditto.
2020-08-28 Werner Koch <wk@gnupg.org>
sm: Fix a bug in the rfc2253 parser.
- + commit d2fe2ffd753706d07b26fbe22b17a561a2e535fc
+ + commit 16c1d8a14e98894408f30349cab68ff17ef6b35e
* sm/certdump.c (parse_dn_part): Fix parser flaw.
+2020-08-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix fallback handling to utf-8.
+ + commit 393dcdd61c3b2da00a97176c647d9bd1c908ceba
+ * common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.
+
2020-08-27 Werner Koch <wk@gnupg.org>
- Release 2.2.22.
- + commit f9c120a29986e82d1179b38167ef2696dd0cc10a
+ scd: New option to APDU command to return the ATR as data.
+ + commit a0a4744bd0640e587b33ec3dae819ec4054f0472
+ * scd/command.c (cmd_apdu): Add new option --data-atr.
+ * tools/gpg-card.c (cmd_apdu): Use that here. Also fix the --exlen
+ option and do not print the statusword in atr mode.
+ * tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a
+ status word.
+ scd: Fix reading of the ATR for card type detection.
+ + commit 95b5a852e269e602ade6a07ed468e9072c247b8c
+ * scd/app.c (app_new_register): Do not use apdu_get_slot.
dirmngr: Print the last alert message returned by NTBTLS.
- + commit 45499b2ca3e8f3466e725dbc381757c89a7c39bf
+ + commit 05358d73841149f64dc5d620f4b8855255e7f4da
* dirmngr/http.c (send_request): Print the last TLS alert.
2020-08-27 NIIBE Yutaka <gniibe@fsij.org>
+ scd: Add heuristics to identify cardtype.
+ + commit 9f148360a2bf04672b43ef7cec48e21d44b06ae1
+ * scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and
+ CARDTYPE_ZEITCONTROL.
+ * scd/app.c (strcardtype): Handle CARDTYPE_GNUK and
+ CARDTYPE_ZEITCONTROL.
+ (app_new_register): Detect Gnuk and Zeit Control implementation
+ by examining its ATR string.
+
scd: Add condition for VERIFY with 0x82.
- + commit d2f1a0a791db3eb03c003365cbcd010bd8066edb
+ + commit af189be481df02a77e088aa0a60a1fc02dfa12bf
* scd/app-openpgp.c (verify_chv2): Check availability of keys in
question.
2020-08-26 Werner Koch <wk@gnupg.org>
build: Silence gcc warning -Wformat-zero-length.
- + commit 0be5decc097286e3502b6a12e019d40b8caf27b4
+ + commit 90a87d96eaf5b97cd53cb0ee0495b646be7b84bb
* configure.ac: Avoid useless gcc warning. We use an empty string
quite often, for example in log_printhex.
-2020-08-26 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Allow TERM="".
- + commit 4c8d5eb0bdd380c412c5f5fbc2b92fe6bcea825d
- * agent/call-pinentry.c (start_pinentry): When TERM is none,
- don't send OPTION ttytype to pinentry.
-
-2020-08-25 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 00ac538e928076e1879366cdce0e57be41f6c8fb
-
-
2020-08-25 Werner Koch <wk@gnupg.org>
- gpg: Set default keysize to rsa3072.
- + commit 60f08969e13b2bb7f194eff80c3a275d444dc6b7
- * g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
- (gen_rsa): Set fallback to 3072.
- (get_keysize_range): Set default to 3072.
- * doc/examples/vsnfd.prf: No more need for default-new-key-algo.
+ gpg: Remove left over debug output from recent change.
+ + commit fc1a1857551c05135d54e2e620e609fda59d5bca
+ * g10/import.c (collapse_subkeys): Remove debug out.
+
+ examples: Simplify vsnfd.prf.
+ + commit 40acc5ef3ef73494e67d88ea310503e5bf08bc36
+ * doc/examples/vsnfd.prf: Remove default-new-key-algo option.
sm: Do not require a default keyring for --gpgconf-list.
- + commit 0847133e4cafa214c8129c245194d97c1e192cd5
+ + commit e7677da479c4fb5abd0339de807b27c0f487d2e0
* sm/gpgsm.c (main): No default keyring for gpgconf mode.
+ gpgconf: Silence warnings from parsing the options files.
+ + commit ad1254b59d41e127879fc9f495d392316135b4a5
+ * tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
+ flag for the arg parser only in --verbose mode.
+
agent: Allow using --gogconf-list even if HOME does not exist.
- + commit adea5ba7e75261705ba6e9c2456207e9455677f3
+ + commit b17846e4fd02f65b24ada306855fb110c56c5e73
* agent/gpg-agent.c (main): Do not create directories in gpgconf mode.
-2020-08-23 Werner Koch <wk@gnupg.org>
-
- gpg,gpgsm: Record the creation time of a private key.
- + commit 5ac0cf1b8198dcaac7e7abaf05c28dd413f38cad
- * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
- (gpgsm_agent_import_key): Ditto.
- * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
- (agent_import_key): Ditto.
- * g10/import.c (transfer_secret_keys): Pass the creation date to the
- agent.
- * g10/keygen.c (common_gen): Ditto.
-
- agent: Allow to pass a timestamp to genkey and import.
- + commit 051830d7b4862b6eca6c18c9fd53b51fa1158c34
- * agent/command.c (cmd_genkey): Add option --timestamp.
- (cmd_import_key): Ditto.
- * agent/genkey.c (store_key): Add arg timestamp and change callers.
- (agent_genkey): Ditto.
- * agent/findkey.c (write_extended_private_key): Add args timestamp and
- newkey to write a Created line.
- (agent_write_private_key): Add arg timestamp.
- (agent_write_shadow_key): Ditto.
- * agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
-
-2020-08-22 Werner Koch <wk@gnupg.org>
-
- agent: Default to extended key format.
- + commit 5b927b7b27bddc8ee70176414690d8ca8d879b54
- * agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
- (opts): Make --enable-extended-key-format a dummy option. Add
- disable-extended-key-format.
- (parse_rereadable_options): Implement oDisableExtendedKeyFormat.
- * agent/protect.c (agent_protect): Be safe and set use_ocb either to
- to 1 or 0.
+ gpgconf,w32: New debug command --show-codepages.
+ + commit 32021dfa5bcaa056c18e4ec40fdcd0f8b7de382b
+ * tools/gpgconf.c (aShowCodepages): New.
+ (opts): New command --show-codepages.
+ (main) [W32]: Implement
+
+ gpg: Collapse duplicate subkeys.
+ + commit 633c1fea5f0dc4cb270c22ee41c24e1ec0706204
+ * g10/options.h (IMPORT_COLLAPSE_UIDS): New.
+ (IMPORT_COLLAPSE_SUBKEYS): New.
+ * g10/gpg.c (main): Make them the default.
+ * g10/import.c (parse_import_options): New import options
+ "no-collapse-uids" and "no-collapse_subkeys".
+ (collapse_subkeys): New.
+ (import_one_real): Collapse subkeys and allow disabling the collapsing
+ using the new options.
+ (read_key_from_file_or_buffer): Always collapse subkeys.
+ * g10/keyedit.c (fix_keyblock): Call collapse_subkeys.
+
+2020-08-21 Werner Koch <wk@gnupg.org>
gpgtar,w32: Handle Unicode file names.
- + commit 843890663b6c68b4361ccfbeb11a50b02d5cc13f
+ + commit 34e7703a962809921e83770f20f3eb66599265d1
* tools/gpgtar.c (oUtf8Strings): New.
(opts): Add option --utf8-strings.
(parse_arguments): Set option.
(scan_directory) [W32]: Convert file name to utf8.
(gpgtar_create): Convert pattern.
- common: Use gpgrt functions for mkdir and chdir if available.
- + commit 364cef997c0ac5632152acfb7ab2330c4f289a9a
+ common: Use gpgrt functions for mkdir and chdir.
+ + commit eec70e539e44c288068f26f190d52a5718fd3a10
* common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
(gnupg_chdir): Divert to gpgrt_chdir
- common,w32: Do not assume the ANSI codepage during string conversion.
- + commit bef68efd8da92115142005d22e9336ff798dcf4b
+ common,w32: Do not assume the ANSI code during string conversion.
+ + commit 5305ce17ff7a68ecc88c5ae8c4bec5897df6322f
* common/utf8conv.c (get_w32_codepage): New.
(wchar_to_native): Use instead oc CP_ACP.
(native_to_wchar): Ditto.
common: Strip trailing CR,LF from w32_strerror.
- + commit 73b0fdabdb108880034b7730d04614d8a7cf943a
+ + commit 33fd55ca6f3efc50c260469179788e9f725ddc58
* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
arg to w32_strerror.
2020-08-20 Werner Koch <wk@gnupg.org>
gpgtar: Make --files-from and --null work as described.
- + commit 1efe99f3d9e3c6d5733cf512b7e494284a445bfa
+ + commit e276f63e4a80e8d1cb1ba5621cedaeb0ccda956d
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names. Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
Pass option variables to gpgtar_create.
build: New configure option --disable-tests.
- + commit 829bc3bc60da134841705f7d701b0870e1629b38
+ + commit 32aac55875f324f8c3d85dad8483604eae65e3e8
* configure.ac: Add option --disable-tests. Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
gpg: Fix regression for non-default --passphrase-repeat option.
- + commit a4d73b1c8e2a312e78831843aa04364d7d3c8e6f
+ + commit b8c4dd902df34faa4d23efb2bb4ac222c8bbdbdb
* agent/command.c (cmd_get_passphrase): Take care of --repeat with
--newsymkey.
+2020-08-19 Werner Koch <wk@gnupg.org>
+
+ gpg,gpgsm: Record the creation time of a private key.
+ + commit 4031c42bfd0135874a5b362df175de93a19f1b51
+ * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
+ (gpgsm_agent_import_key): Ditto.
+ * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
+ (agent_import_key): Ditto.
+ * g10/import.c (transfer_secret_keys): Pass the creation date to the
+ agent.
+ * g10/keygen.c (common_gen): Ditto.
+
+2020-08-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix condition of string_to_aead_algo.
+ + commit 1d66b518ca83e8d315283682b1e504f1e171a0b1
+ * g10/misc.c (string_to_aead_algo): Only compare if not NULL.
+
+ dns: Fix memory use-after-free.
+ + commit cc0d53905ce9306b51bace2682ae3d1d122c7881
+ * dirmngr/dns.c (dns_res_stub): Fix RESCONF usage.
+
+ common: Fix iobuf.c.
+ + commit f58d441bee7e93e6344f833acc1412b3be2f6818
+ * common/iobuf.c (iobuf_cancel): Initialize DUMMY.
+ (do_iobuf_fdopen): Initialize LEN.
+ (iobuf_read_line): Fix the loop condition.
+
+ Silence compiler warnings.
+ + commit f3e424d4e7273e60e69747ca4936149af7b6482a
+ * common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum
+ conversion.
+ * dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from
+ int to float.
+ * sm/gpgsm.c (parse_keyserver_line): Initialize ERR.
+
+ scd: Fix possible uninitialized variables.
+ + commit 4fa0a65676a29cb53ee242caf13c393f7573c9a3
+ * scd/app-openpgp.c (do_change_pin): Initialize resultlen2.
+ (do_change_pin): Don't call wipe_and_free on the error path.
+ Initialize bufferlen2.
+
+2020-08-17 Werner Koch <wk@gnupg.org>
+
+ agent: Allow to pass a timestamp to genkey and import.
+ + commit 0da923a1240ac78d60c92cdd8488c4e405c3243b
+ * agent/command.c (cmd_genkey): Add option --timestamp.
+ (cmd_import_key): Ditto.
+ * agent/genkey.c (store_key): Add arg timestamp and change callers.
+ (agent_genkey): Ditto.
+ * agent/findkey.c (write_extended_private_key): Add args timestamp and
+ new key to write a Created line.
+ (agent_write_private_key): Add arg timestamp.
+ (agent_write_shadow_key): Ditto.
+ agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
+
+2020-08-14 Werner Koch <wk@gnupg.org>
+
+ Add --chuid to gpg, gpg-card, and gpg-connect-agent.
+ + commit 6bcb609e1b2a507caa2e1a078178709d808b590b
+ * g10/gpg.c (oChUid): New.
+ (opts): Add --chuid.
+ (main): Implement --chuid. Delay setting of homedir until the new
+ chuid is done.
+ * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
+ done.
+ * tools/gpg-card.c (oChUid): New.
+ (opts): Add --chuid.
+ (changeuser): New helper var.
+ (main): Implement --chuid.
+ * tools/gpg-connect-agent.c (oChUid): New.
+ (opts): Add --chuid.
+ (main): Implement --chuid.
+
2020-08-13 Werner Koch <wk@gnupg.org>
gpg: Ignore personal_digest_prefs for ECDSA keys.
- + commit f0f8b124f0d2332e1c0b496df5e5f9c4b3db6bc3
+ + commit 53d84f98157070f24dc861f1a75980474d074ddb
* g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
2020-08-12 Werner Koch <wk@gnupg.org>
+ scd: Log info about CCIDs with permission problems.
+ + commit 2af884c64354182b1903d7a77df07e877f5ed7ba
+ * scd/apdu.c (open_ccid_reader): Add arg r_cciderr.
+ (apdu_open_reader): Print a note on EPERM of the USB device.
+
+ scd: Map some error codes from libusb to ccid-driver error codes.
+ + commit 9a8d7e41bba1926158a21ebdda542241493ef983
+ * scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
+ * scd/apdu.h: New SW_HOST error codes.
+ * scd/apdu.c (host_sw_string): Print them
+ * scd/ccid-driver.c (map_libusb_error): New.
+ (ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
+ * scd/iso7816.c (map_sw): Map new codes to gpg-error.
+
common: Pass the WAYLAND_DISPLAY envvar along.
- + commit 3cf920a1e353ceec7a3d854d5b509be417e4c801
+ + commit 3944430ffeaa032719fd82f8eaa118b3f326b8ed
* common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.
+2020-08-10 Werner Koch <wk@gnupg.org>
+
+ scd:piv: Allow signing using PSS.
+ + commit cbf203801e021e0f4d4143ecc92296ae7d0f0dd7
+ * scd/app-piv.c (do_sign): Allow for PSS.
+
+ agent: Add option --pss to pksign to be used by smartcards.
+ + commit bb096905b9ee1f5175efee1ab6c98045a26a2678
+ * agent/command.c (cmd_sethash): Add option --pss and allow for
+ --hash=null.
+ * agent/agent.h (struct server_control_s): Add digest.is_pss and
+ zero where needed.
+ * agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
+ * scd/command.c (cmd_pksign): Add for --hash=none.
+
+2020-08-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix trustdb for v5key.
+ + commit 373c975859a55f942276d6078f27ee33570bf2d5
+ * g10/keydb.h (fpr20_from_pk): New.
+ * g10/keyid.c (fpr20_from_pk): New.
+ * g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk.
+ * g10/trustdb.c (keyid_from_fpr20): New.
+ (verify_own_keys): Use keyid_from_fpr20.
+ (tdb_update_ownertrust): Use fpr20_from_pk.
+ (update_min_ownertrust): Likewise.
+ (update_validity): Likewise.
+
+ gpg: Fix short key ID for v5key.
+ + commit 20982bbd7539d2032f4d6249a2654c245445521d
+ * g10/keyid.c (keyid_from_pk): Return keyid[0] for v5key.
+ * g10/keyring.c (keyring_search): Handle short key ID for v5key.
+
+2020-08-06 Werner Koch <wk@gnupg.org>
+
+ gpgsm: New option --chuid.
+ + commit 646a30fd394a739ef653556b1a7b2eeebda95951
+ * sm/gpgsm.c (oChUid, opts): New option --chuid.
+ (main): Implement option.
+
+ gpgconf: New option --chuid.
+ + commit d10f45184c4482036c41f4818c84c0725a0c2c94
+ * tools/gpgconf.c (oChUid, opts): New option --chuid.
+ (main): Implement.
+
+ common: New helper function gnupg_chuid.
+ + commit 8ff00ef0de871ca43076b00df4871c3165ced001
+ * common/sysutils.c (try_set_envvar): New.
+ (gnupg_chuid): New.
+
+2020-08-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ kbx: Support v5key for short kid and long kid.
+ + commit df531848a9618131921d584baba81c128f94de68
+ * kbx/keybox-search.c (has_short_kid): Support v5key.
+ (has_long_kid): Likewise.
+
+2020-08-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Add level 16 to --gen-random.
+ + commit d847f0651ab4304129145b55353501636b4e4728
+ * g10/gpg.c (main): Add that hack.
+
2020-08-04 Werner Koch <wk@gnupg.org>
sm: Also show the SHA-256 fingerprint.
- + commit 9c57de75cf36cfcf408eda1b59a0362a061517ce
+ + commit e7d70923901eeb6a2c26445aee9db7e78f6f7f3a
* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
(list_cert_raw): Print the SHA2 fingerprint.
(list_cert_std): Ditto.
+2020-08-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ w32: Fix cast from intptr_t of _get_osfhandle.
+ + commit 8e04cf969e95ccaa31bbaa7333938af1ea7476c6
+ * common/exectool.c (gnupg_exec_tool_stream): Cast to unsigned long.
+
+2020-07-31 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix coercion for pinentry_pid handling.
+ + commit da3a4c54a8ce8a7dc442c70bda9b7eda22d43e57
+ * agent/call-pinentry.c (start_pinentry): Don't use pid_t.
+
+ scd: Silence compiler warning.
+ + commit 2a34a2afea5fcb5f4ed206afa110650db3dd7ef0
+ * scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size.
+
2020-07-30 NIIBE Yutaka <gniibe@fsij.org>
+ w32: Add NETLIBS for sm/t-minip12.
+ + commit c1f81eb9fc2544a417ebc2ce19b04541525da684
+ * sm/Makefile.am (t_minip12_LDADD): Add NETLIBS.
+
w32: More adding NETLIBS.
- + commit 8d9ce32c30db2bba5736fff5f56b7c145aaec42c
+ + commit 5fa4427419c875e46d051ae6ed376d5ad6037401
* common/Makefile.am (t_common_ldadd): Add $(NETLIBS).
w32: Add link to $(NETLIB) for -lws2_32.
- + commit f95d923090e119a7a05eef13bbbc108ed98e513a
+ + commit d69f5570ee5e1b099e39fdf64e18add23ff5c815
* dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS).
* sm/Makefile.am (gpgsm_LDADD): Ditto.
* tools/Makefile.am (gpg_wks_client_LDADD): Ditto.
+2020-07-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ kbx: Fix short KID and long KID handling for FPR32.
+ + commit fa4a2bd7a1ba8d4bda5f9cec0826104f50142d4f
+ * kbx/keybox-search.c (blob_cmp_fpr_part): For FPR32, it's
+ the first part in the fingerprint.
+
+2020-07-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix closing reader and reeleasing context in PC/SC.
+ + commit daa2cec6a543f06a2e408d97a80a5041027f16a9
+ * scd/apdu.c (close_pcsc_reader): Unlock the reader_table_lock.
+ (apdu_dev_list_finish): Release the context when no readers.
+
+ Use gpgrt's new option parser for symcryptrun.
+ + commit f484ac2b2d2ea176db1a70d961a778180147d9b2
+ * tools/symcryptrun.c: Follow API change of the new option parser.
+
+ scd: PC/SC: Don't release the context when it's in use.
+ + commit 46d185f60397f68830bfdfb99627b29aea5016f1
+ * scd/apdu.c (close_pcsc_reader): Check if it's not in the loop.
+
+ gpg-card: Fix type of historyname.
+ + commit 43000b0434b47a72608b41d67054ba42db21b699
+ * tools/gpg-card.c (interactive_loop): Remove const qualifier.
+
2020-07-16 Werner Koch <wk@gnupg.org>
gpg: Do not close stdout after --export-ssh-key.
- + commit 970e43130506186c82d528d0a4fe34725e3c8e6b
+ + commit 5c514a274ca8ac6be875818237e2e1bbc0c6a2a5
* g10/export.c (export_ssh_key): Do not close stdout.
-2020-07-15 NIIBE Yutaka <gniibe@fsij.org>
+2020-07-16 NIIBE Yutaka <gniibe@fsij.org>
- tools: Use internal regexp routines.
- + commit b4cbb5f58a00fa5ac9f1282664c0adb7ecfa9e57
- * tools/gpg-check-pattern.c: Use jimregexp.h.
+ common: Avoid undefined behavior of left shift operator.
+ + commit 8abf065307ff4a7ea873fe59f76173bf17dac241
+ * common/iobuf.c (block_filter): Handle an error earlier.
+ Make sure it's unsigned.
+
+2020-07-15 NIIBE Yutaka <gniibe@fsij.org>
regexp: Import change from JimTcl.
- + commit 1d1f2aa94370dcb715f6ae02ea5e14eb7ec5fa98
+ + commit 91cb46d948db234be1ea8092f5db9e14294f1b79
* regexp/jimregexp.h, regexp/jimregexp.c: Fix from JimTcl.
- regexp: Fix generation of _unicode_mapping.c.
- + commit 8904b18822fc2203ed667844cc3885dc459dbfef
- * configure.ac (AWK_HEX_NUMBER_OPTION): Detect GNU Awk.
- * regexp/Makefile.am: Use AWK_HEX_NUMBER_OPTION.
- * regexp/parse-unidata.awk: Don't use strtonum.
-
- gpg: Add regular expression support.
- + commit 199309190a0b9966445bc386747c433949d3b81e
- * AUTHORS, COPYING.other: Update.
- * Makefile.am (SUBDIRS): Add regexp sub directory.
- * configure.ac (DISABLE_REGEX): Remove.
- * g10/Makefile.am (needed_libs): Add libregexp.a.
- * g10/trustdb.c: Remove DISABLE_REGEX support.
- * regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
- regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
- * regexp/UnicodeData.txt: New from Unicode.
- * regexp/Makefile.am, regexp/parse-unidata.awk: New.
- * tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
- * tools/Makefile.am: Remove DISABLE_REGEX support.
-
-2020-07-13 Werner Koch <wk@gnupg.org>
+2020-07-14 Werner Koch <wk@gnupg.org>
agent: Fix regression with --newsymkey in loopback mode.
- + commit d9ea47f702840c87431df984b9b3f7e60c9ea815
+ + commit 0a6af6dc12998ef7b19673ad05d11e82f826de9d
* agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
same as with !OPT_NEWSYMKEY.
2020-07-13 NIIBE Yutaka <gniibe@fsij.org>
dirmngr: Handle EAFNOSUPPORT at connect_server.
- + commit ce793fc2f838a97cb1e92b3060337b8052f3dc3a
+ + commit 109d16e8f644da97ed9c00e6f9010a53097f587a
* dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
-2020-07-09 Werner Koch <wk@gnupg.org>
-
- Release 2.2.21.
- + commit be6fc39ed9b4ffd56d960e20499599c851c17b44
+2020-07-10 NIIBE Yutaka <gniibe@fsij.org>
+ gpg: For decryption, support use of a key with no 'encrypt' usage.
+ + commit 31ae0718ba10c3b1b670ba6131b4995de24aa7a1
+ * g10/pubkey-enc.c (get_session_key): Don't skip at no PUBKEY_USAGE_ENC.
+ Emit information the key has no 'encrypt' usage.
2020-07-08 Werner Koch <wk@gnupg.org>
Do not use the pinentry's qualitybar.
- + commit b451c4f5ea672c9915e28d8dde30abc675060f06
+ + commit 999d25d47d45a0f594c84d51c041da0b24d68c5d
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
gpg: Use integrated passphrase repeat entry also for -c.
- + commit ae8b88c635424ef36f024d0016949d11187dc21e
+ + commit a6a4bbf6debd925a23c22eea86a562f061fdfe6c
* g10/call-agent.c (agent_get_passphrase): Add arg newsymkey.
* g10/passphrase.c (passphrase_get): Add arg newsymkey.
(passphrase_to_dek): Pass it on.
agent: New option --newsymkey for GET_PASSPHRASE.
- + commit d9e2dfa4c585de7c261fde13c18bd0f82415d6c3
- * agent/call-pinentry.c (do_getpin): New.
- (agent_askpin): Use do_getpin.
- (agent_get_passphrase): Add arg pininfo. Use do_getpin.
+ + commit eace4bbe1ded8b01f9ad52ebc1871f2fd13c3a08
+ * agent/call-pinentry.c (agent_get_passphrase): Add arg pininfo.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
2020-07-07 Werner Koch <wk@gnupg.org>
gpg: Fix flaw in symmetric algorithm selection in mixed mode.
- + commit 7b6071a45fbf14219b6aca4fff8fa0eaf6c6dd8e
+ + commit 6864bba78e76a1ff72aec140ae9f4e752454c463
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo. Fix error code.
(encrypt_simple): Use setup_symkey.
2020-07-03 Werner Koch <wk@gnupg.org>
sm: Exclude rsaPSS from de-vs compliance mode.
- + commit 4a36adaa64311a42eb78d9e52390df489454cafb
+ + commit 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS. Adjust all callers.
- * common/util.c (pubkey_algo_to_string): New.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
- also get the algo flags. Pass algo flags along. Change some of the
- info output to be more like current master.
+ also get the algo flags. Pass algo flags along.
2020-07-02 Werner Koch <wk@gnupg.org>
+ scd:nks: Implement writecert for the Signature card v2.
+ + commit c1663c690b29d2dea8bc782c42de5eca08a24cc9
+ * scd/iso7816.c (CMD_UPDATE_BINARY): New.
+ (iso7816_update_binary): New.
+ * scd/app-nks.c (do_deinit): Factor some code out to...
+ (flush_fid_cache): new.
+ (do_writecert): New.
+ (app_select_nks): Register new handler.
+
dirmngr: Silence annoying warning for missing default ldap server file.
- + commit daca1a011b0e4ae888fd6b11253993cb3537990f
+ + commit f55a05a69ba07eb2ed354a9275e71e94c5e362aa
* dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent.
(main): Use that arg for the default file.
- dirmngr: Fix case handling of "ldapi" scheme.
- + commit 0795ab1c8f95831c15d4ae36d197805a26f8c899
- * dirmngr/ldap-parse-uri.c (ldap_uri_p): s/'i'/'I'.
+ Support a history file in gpg-card and gpg-connect-agent.
+ + commit d70b8769c888f42896ae3ef4972bf82e9b5a0c32
+ * common/gpgrlhelp.c (read_write_history): New.
+ (gnupg_rl_initialize): Register new function.
+ * common/ttyio.c (my_rl_rw_history): New var.
+ (tty_private_set_rl_hooks): Add arg read_write_history.
+ (tty_read_history): New.
+ (tty_write_history): New.
+ * tools/gpg-card.c (HISTORYNAME): New.
+ (oNoHistory): New enum value.
+ (opts): New option --no-history.
+ (cmd_history): New.
+ (cmds): New command "history".
+ (interactive_loop): Read and save the history.
+ * tools/gpg-connect-agent.c (HISTORYNAME): New.
+ (opts): New option --no-history.
+ (main): Read and save the history. New command /history.
+
+2020-06-30 Werner Koch <wk@gnupg.org>
+
+ scd:nks: Fix certificate read problem with TCOS signature card v2.
+ + commit 07aef873ebc77241e9a2be225537319f6fc15a41
+ * scd/app-nks.c (filelist): Add a dedicated key entry for ESIGN.
+ (do_readcert): Test for the app_id.
+
+ scd: Change how the removed card flag is set.
+ + commit 58b091df831f61c8d3551114f2480d36e73de2da
+ * scd/command.c (cmd_serialno): Set/clear card removed flags for all
+ connections using the current card.
+
+ card: Better detect removed cards. Add TCOS PIN menu.
+ + commit fb10b6cba43f4ed8675093ac25f461de4dacdce9
+ * tools/card-call-scd.c (scd_change_pin): Add arg 'nullpin'.
+ * tools/gpg-card.h (struct card_info_s): Add field 'card_removed'.
+ * tools/gpg-card.c (fixup_scd_errors): New.
+ (maybe_set_card_removed): New.
+ (list_one_kinfo): Change type of first arg to get access to INFO. Set
+ card_removed flag.
+ (list_all_kinfo): Improve label alignment.
+ (cmd_list): Check that the current card is still available.
+ (cmd_passwd): Add option --nullpin and menu to chnage TCOS PINs.
+ (dispatch_command): Handle card_removed flag.
+ (interactive_loop): Ditto.
+
+2020-06-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Support Ed448/X448 key generation.
+ + commit 45398518fb76e2b859d2d48cf4cdbc11fbbda4fa
+ * g10/keygen.c (ask_curve): Support Ed448/X448 keys.
+ (generate_keypair): Support switch to X448 key.
+
+2020-06-29 Werner Koch <wk@gnupg.org>
+
+ scd: Shorten cardio debug output for all zeroes.
+ + commit 9b6f574928546e6905a92c3e74d72478f1585c66
+ * scd/apdu.c (all_zero_p): New.
+ (send_le): Use it.
+
+ sm: Fix regression in Friday's commit.
+ + commit 4f1c257c03667497d642930884b65c4f2245adbd
+ * sm/gpgsm.c (main): Set ERR also for encrypt.
2020-06-26 Werner Koch <wk@gnupg.org>
+ sm: Try not to output a partial new message after an error.
+ + commit ccbb0cfeefed096a9841b6557d10eef12d55b721
+ * sm/gpgsm.c (main) <aSign,aEncr>: Uses gpgrt_fcancel on error.
+
sm: Print the serial number of a cert also in decimal.
- + commit ad6bf5d67f58dcdd76b621e77b81efa7b41ca885
+ + commit 208a90197317fb9746ecf54a1d14acbeeddfbd18
* sm/certdump.c: Include membuf.h.
(gpgsm_print_serial_decimal): New.
* sm/keylist.c (list_cert_raw): Print s/n also in decimal
(list_cert_std): Ditto.
+2020-06-25 Werner Koch <wk@gnupg.org>
+
+ scd:nks: Fix remaining tries warning in --reset mode.
+ + commit 2429e8559844e27de478d7e90834a714b3748834
+ * scd/app-nks.c (do_change_pin): Chnage computaion of 'remaining'.
+
+ card: Add password change menu for NKS cards.
+ + commit 28c069db3bb5a1065de69bcc0435c8415df87e5b
+ * tools/gpg-card.c (cmd_passwd): Add menu for NKS. Add option
+ --reset.
+
+ sm: Fix support verification of nistp521 signatures.
+ + commit 17a25c14f1ed1199898ad618c17204eafd5524c1
+ * sm/certcheck.c (do_encode_md): Fix obvious bug.
+
+2020-06-24 James Bottomley <James.Bottomley@HansenPartnership.com>
+ Werner Koch <wk@gnupg.org>
+
+ agent: separate out daemon handling infrastructure for reuse.
+ + commit f541e1d95a91d4764c7ed0df10c293bfd493dd41
+ * agent/call-scd.c: Factor re-usable code out to ...
+ * agent/call-daemon.c: new. Store infos in an array to allow for
+ other backend daemons.
+ * agent/Makefile.am (gpg_agent_SOURCES): Add new file.
+ * agent/agent.h: Include assuan.h.
+ (enum daemon_type): New.
+ (opt): Replace scdaemon_program by daemon_program array. Replace
+ scd_local by a array d_local. Change users accordingly.
+
+2020-06-24 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Fix regression in --launch and --kill from March.
+ + commit 2d8f060679bafed27909a5ad54b7f74a9f8dd51b
+ * tools/gpgconf.h (gc_component_id_t): Align order with gc_component
+ array.
+
+2020-06-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg,agent: Support Ed448 signing.
+ + commit a763bb2580b0d586a80b8ccd3654f41e49604f4f
+ * agent/pksign.c (do_encode_eddsa): First argument is NBITs,
+ so that it can support Ed448, as well as Ed25519.
+ (agent_pksign_do): Follow the change.
+ * agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
+ for Ed448, it's only for classic curves.
+ * common/openpgp-oid.c (oidtable): Add Ed448.
+ * common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
+ * g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
+ * g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
+ (ask_algo, parse_key_parameter_part): Handle "ed448".
+ * g10/pkglue.c (pk_verify): Support Ed448.
+ (pk_check_secret_key): Support Ed448.
+ * g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
+ (make_keysig_packet): Likewise.
+
+2020-06-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ ecc: Use "cv448" to specify key using X448.
+ + commit c94eea15d6847c08d2d9ff1c7608953f25fea67d
+ * common/openpgp-oid.c (oidtable): Use "cv448".
+ (oid_cv448): Rename from oid_x448.
+ (openpgp_oidbuf_is_cv448, openpgp_oid_is_cv448): Likewise.
+ * common/util.h (openpgp_oid_is_cv448): Follow the change.
+ * g10/ecdh.c (pk_ecdh_generate_ephemeral_key): Likewise.
+ * g10/keygen.c (gen_ecc, ask_algo): Use "cv448".
+ (parse_key_parameter_part): Likewise.
+ * g10/pkglue.c (get_data_from_sexp): Fix for debug output.
+
+2020-06-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Use get_pk_algo_from_key.
+ + commit 4bdade5b0bea1816a2479c73abc71b41f09ba727
+ * agent/findkey.c (key_parms_from_sexp, is_eddsa): Remove.
+ (agent_pk_get_algo): Remove.
+ * agent/pksign.c (agent_pksign_do): Use get_pk_algo_from_key.
+
+ agent: Clean up for getting info from SEXP.
+ + commit d2e4aa5ee4c5128547cc45c2e1ac35fdc5c00f45
+ * agent/agent.h (agent_is_dsa_key, agent_is_eddsa_key): Remove.
+ (agent_pk_get_algo): New.
+ * agent/findkey.c (agent_pk_get_algo): New.
+ * agent/pksign.c (do_encode_dsa): Use generic GCRY_PK_ECC.
+ (agent_pksign_do): Use agent_pk_get_algo.
+
+ agent: A little clean up.
+ + commit abc6a3100a33122ba3673b578a2b364a6b45d252
+ * agent/findkey.c (agent_is_eddsa_key): Remove dead case.
+
+2020-06-17 Werner Koch <wk@gnupg.org>
+
+ agent: Fix regression in 'd' fixup code for shadowed keys.
+ + commit d1e1c622d55e783ae5bf601249598f0da8d5e688
+ * agent/sexp-secret.c (fixup_when_ecc_private_key): Ignore shadowed
+ keys.
+
+ sm: Support verification of nistp521 signatures.
+ + commit 596212e71abf33b30608348b782c093dace83110
+ * sm/certcheck.c (do_encode_md): Take care of nistp521.
+
+2020-06-09 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix for new SOS changes when used with Libgcrypt < 1.8.6.
+ + commit eeb599c9e261586a664430058b7cfad7025a503f
+ * g10/free-packet.c (is_mpi_copy_broken): New.
+ (my_mpi_copy): Mix gcry_mpi_copy.
+
+ gpg: Extend the TRUST_ status lines.
+ + commit 96f1ed5468002330ea21d9ad32ac3b464bb40b1a
+ * g10/pkclist.c (write_trust_status): Add arg mbox.
+ (check_signatures_trust): Appenmd mbox to the status lines.
+
+2020-06-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Use bytes for ECDH.
+ + commit da5e0bc31b4c6f16ed5ff9b35063f3b03eb7ff16
+ * g10/ecdh.c (extract_secret_x): Use byte * instead of MPI.
+ (prepare_ecdh_with_shared_point): Use char * instead of MPI.
+ (pk_ecdh_encrypt_with_shared_point): Likewise.
+ (pk_ecdh_decrypt): Likewise.
+ * g10/pkglue.h (pk_ecdh_encrypt_with_shared_point, pk_ecdh_decrypt):
+ Change declaration.
+ * g10/pkglue.c (get_data_from_sexp): New.
+ (pk_encrypt): Use get_data_from_sexp instead of get_mpi_from_sexp.
+ Follow the change of pk_ecdh_encrypt_with_shared_point.
+ * g10/pubkey-enc.c (get_it): Follow the change of pk_ecdh_decrypt.
+
+ gpg: Add X448 support.
+ + commit e9760eb9e70b9804c988dafe01851f6600869d9e
+ * common/openpgp-oid.c (oidtable): Add X448.
+ (oid_x448,openpgp_oidbuf_is_x448,openpgp_oid_is_x448): New.
+ * common/util.h (openpgp_oid_is_x448): New.
+ * g10/ecdh.c (gen_k): Add handling of opaque MPI and support
+ endianness.
+ (pk_ecdh_generate_ephemeral_key): X448 requires opaque MPI.
+ * g10/keygen.c (gen_ecc): Add support for X448.
+ (ask_algo, parse_key_parameter_part): Likewise.
+
+ gpg,ecc: Handle external representation as SOS with opaque MPI.
+ + commit f5bc94555458123f93d8b07816a68fb7485421e1
+ * g10/pkglue.h (sexp_extract_param_sos): New.
+ * g10/build-packet.c (sos_write): New.
+ (do_key, do_pubkey_enc, do_signature): Use sos_write for ECC.
+ * g10/export.c (cleartext_secret_key_to_openpgp): Use
+ sexp_extract_param_sos.
+ (transfer_format_to_openpgp): Use opaque MPI for ECC.
+ * g10/keygen.c (ecckey_from_sexp): Use sexp_extract_param_sos.
+ * g10/keyid.c (hash_public_key): Handle opaque MPI for SOS.
+ * g10/parse-packet.c (sos_read): New.
+ (parse_pubkeyenc,parse_signature,parse_key): Use sos_read for ECC.
+ * g10/pkglue.c (sexp_extract_param_sos): New.
+ (pk_verify): Handle opaque MPI for SOS.
+ (pk_encrypt): Use sexp_extract_param_sos.
+ * g10/seskey.c (encode_session_key): Use opaque MPI.
+ * g10/sign.c (do_sign): Use sexp_extract_param_sos.
+
+2020-06-08 Werner Koch <wk@gnupg.org>
+
+ gpg: If possible TRUST values now depend on signer's UID or --sender.
+ + commit 5c2080f4670a768787f5cb4ed5c32e0946837883
+ * g10/mainproc.c (check_sig_and_print): Add failsafe check for PK.
+ Pass KEYBLOCK down do check_signatures_trust. Protect existsing error
+ ocde in case the signature expired.
+ * g10/pkclist.c (is_in_sender_list): New.
+ (check_signatures_trust): Add args keyblock and pk. Add new uid based
+ checking code.
+ * g10/test-stubs.c, g10/gpgv.c: Adjust stubs.
+
+2020-06-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix the condition to detect leading 0x00 problem.
+ + commit e2e5736842299ebfb8263b674d5cbfb9b784d70f
+ * agent/sexp-secret.c (fixup_when_ecc_private_key): Use curve name
+ to identify the issue.
+
+2020-06-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent,ecc: Use of opaque MPI for ECC, fixup 'd'.
+ + commit 47c1c329ed823a562185f86e98ac903605104f11
+ * agent/Makefile.am: Add sexp-secret.c.
+ * agent/agent.h: New function declarations.
+ * agent/sexp-secret.c: New.
+ * agent/findkey.c (agent_key_from_file): Use sexp_sscan_private_key.
+ * agent/protect-tool.c (read_and_unprotect): Fix up private part,
+ calling fixup_when_ecc_private_key.
+
+ agent: For ECC, use opaque MPI for key representation.
+ + commit 2b118516240b4bddd34c68c23a99bea56682a509
+ * agent/cvt-openpgp.c (scan_pgp_format): New with SOS support.
+ (do_unprotect): Use scan_pgp_format, handle opaque MPI for ECC.
+ (convert_from_openpgp_main): Use opaque MPI for ECC.
+ (apply_protection): Set GCRYMPI_FLAG_USER1 flag for encrypted secret.
+ (extract_private_key): Use "/qd" for ECC, opaque MPI.
+
+ agent,ssh: Tighten condition for EdDSA.
+ + commit a7d46c78e242e72f6ff681f6fe56ffc4dcb74a18
+ * agent/command-ssh.c (ssh_key_to_blob): Prepare for non-prefixed
+ point representation of EdDSA.
+
+ agent: Remove duplicated code for EdDSA.
+ + commit 2e988546c59ba25bf9e63521112c0c3c73b012f1
+ * agent/command-ssh.c (ssh_receive_key): Curve is "Ed25519".
+ Use sexp_key_construct always.
+
+ agent: Clean up do_encode_md.
+ + commit 4c0b12f817f15862111a01493aaadce943410ee9
+ * agent/pksign.c (do_encode_md): Directly use sexp_build.
+
2020-06-03 Werner Koch <wk@gnupg.org>
doc: Minor enhancement for reproducibility.
- + commit 5ade2b68db231c78d8ecca0eb21db2153da958d2
+ + commit 074ab108e768b2f946d789c1f3a7f14a65e07c52
* doc/Makefile.am (defsincdate): In no repo mode and with
SOURCE_DATE_EPOCH set, use that instead of blanking the date.
- common: Add missing error code GPG_ERR_WRONG_NAME.
- + commit 381c54179c2adefd558035f573a2029de2e1a2f7
- * configure.ac: Require libgpg-error 1.25.
- * common/util.h: Define some extra error codes.
+ card: Improve openpgp key writing in "writecert".
+ + commit 4f6e0e12cbd3444b9e6ea5e4b92ea5b3072a3e17
+ * tools/card-keys.c (struct export_key_status_parm_s): New.
+ (export_key_status_cb): New.
+ (get_minimal_openpgp_key): New.
+ * tools/gpg-card.c (cmd_writecert): Allow writing a keyblock directly
+ from an existing gpg key.
+
+ gpg: Improve generation of keys stored on card (brainpool,cv25519).
+ + commit 48251cf9a7d3776667342f4705ac3de89bd75534
+ * g10/keygen.c (ask_key_flags_with_mask): Allow more than ECDH for
+ legacy curves.
+ (ask_algo): Tweak mapping of ECC to OpenPGP algos
+ (parse_key_parameter_part): Ditto.
+ (generate_subkeypair): Create the subkey with the time stored on the
+ card.
+
+ sm: Fix recently introduced regression in CSR creation.
+ + commit 7558128e16d7fc20b9c40bf7e150ca08bbb4467f
+ * sm/certreqgen.c (create_request): Also set SIGKEYLEN.
2020-05-29 NIIBE Yutaka <gniibe@fsij.org>
scd: Fix condition for C5 data object for newer Yubikey.
- + commit e285b1197b93e5114679b2ece9f10743abc715ef
+ + commit f3df8dbb696fed192501fa7f741c2e0e0936a3d5
* scd/app-openpgp.c (compare_fingerprint): Relax the condition.
-2020-05-21 NIIBE Yutaka <gniibe@fsij.org>
+2020-05-28 Werner Koch <wk@gnupg.org>
+
+ card: Allow to store and retrieve keyblocks in OpenPGP cards.
+ + commit 2d9592e78f4978307e378e07d6c170a28000a494
+ * tools/gpg-card.c: Include tlv.h.
+ (cmd_writecert): Add option --openpgp.
+ (cmd_readcert): Ditto.
+
+ card: New command "apdu"
+ + commit ed0759f39be04dd6108237f5ed03c7cfd1cb4642
+ * tools/card-call-scd.c (scd_apdu): Add optional arg 'options'.
+ * tools/gpg-card.c (cmd_apdu): New.
+ (enum cmdids): Add cmdAPDU.
+ (dispatch_command): Add command "apdu".
+ (interactive_loop): Ditto.
+
+2020-05-27 Werner Koch <wk@gnupg.org>
+
+ card: Update card info after "generate".
+ + commit 94d31660c6db22c3b539f440994d286f687c273f
+ * tools/gpg-card.c (cmd_generate): Re-read the card on success.
+
+ scd:openpgp: New KEY-STATUS attribute.
+ + commit 21496761226c1020a98e3ec7dd2b9dd013d4386b
+ * scd/app-openpgp.c (do_getattr): Return KEY-STATUS
+
+ card: Add command "bye"
+ + commit 08310849a28071fbca761fa4ca18702b39092947
+ * tools/gpg-card.c: Add command "bye" as alias for "quit".
+ * tools/gpg-connect-agent.c (main): Add "/quit" as alias for "/bye"
+
+ card: Take care of removed and re-inserted cards.
+ + commit 46a3de4b5acb37274ddd132499a3243e1f92b506
+ * tools/gpg-card.c (cmd_list): Take care of the need_sn_cmd flag.
+ (cmd_factoryreset): Clear that flag.
+ (dispatch_command): Set flag after a reset and after a
+ CARD_NOT_PRESENT error.
+
+2020-05-26 Werner Koch <wk@gnupg.org>
+
+ card: Implement UID command and print capabilities.
+ + commit c2a47475ba0f6bd1de80e92dd91949501256025e
+ * tools/card-call-scd.c (learn_status_cb): Return the full value for
+ UIF. Add info about SM, MCL3, and PD.
+ * tools/gpg-card.h (struct card_info_s): Add corresponding fields.
+ * tools/gpg-card.c (list_openpgp): Print capabilities. Print the
+ permanent flag for UIF.
+ (cmd_uif): Implement.
+
+ scd:openpgp: Add attribute "UIF" for convenience.
+ + commit 11f0700282c1eeaee8db6686c38aca0900271351
+ * scd/app-openpgp.c (do_getattr): New attrubute "UIF".
+ (do_learn_status): Use that.
+
+ scd: Fix Yubikey app switching problem.
+ + commit 20090886706e2af6723ca11e292272fc00cffe07
+ * scd/app.c (select_all_additional_applications_internal): Re-select
+ first app. Add arg 'ctrl'.
+
+2020-05-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Clean up ECDH code path (5).
+ + commit 510bda7d3754801be18a592694578589fe503fb8
+ * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Now, it's only for
+ encrytion.
+ (pk_ecdh_decrypt): Use prepare_ecdh_with_shared_point and move decrypt
+ code path in original pk_ecdh_encrypt_with_shared_point here.
+ * g10/pkglue.h (pk_ecdh_encrypt_with_shared_point): Change API.
+ * g10/pkglue.c (pk_encrypt): Follow the change.
+
+ gpg: Clean up ECDH code path (4).
+ + commit 64d93271bfce1968ebe61324b900875dbd6dd2eb
+ * g10/ecdh.c (prepare_ecdh_with_shared_point): New.
+ (pk_ecdh_encrypt_with_shared_point): Fixing error paths for closing
+ the cipher handle, use prepare_ecdh_with_shared_point.
+
+ gpg: Clean up ECDH code path (3).
+ + commit 80c02d13d9994abae9e67c3554528352c621cd9b
+ * g10/ecdh.c (derive_kek): New.
+ (pk_ecdh_encrypt_with_shared_point): Use derive_kek.
+
+ gpg: Clean up ECDH code path (2).
+ + commit a973d9113840282468015eb26f07f2b32f977d70
+ * g10/ecdh.c (build_kdf_params): New.
+ (pk_ecdh_encrypt_with_shared_point): Use build_kdf_params, and check
+ things before extract_secret_x.
+
+ gpg: Clean up ECDH code path (1).
+ + commit 960d37644cbbe2a234352d0bc58095e2b0371eec
+ * g10/ecdh.c (extract_secret_x): New.
+ (pk_ecdh_encrypt_with_shared_point): Use extract_secret_x.
+
+2020-05-20 NIIBE Yutaka <gniibe@fsij.org>
dirmngr: dns: Fix allocation of string buffer in stack.
- + commit ab724d3206c8d3500ab2d982c98bad93ee550e42
+ + commit 30eef28bc0f5deaa1b4b7f04293a6527524280a9
* dirmngr/dns.h (dns_strsection, dns_strclass)
(dns_strtype): Change APIs.
* dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
(iclass): Use __dst for dns_strclass.
(itype): Use __dst for dns_strtype.
-2020-05-12 Werner Koch <wk@gnupg.org>
+2020-05-19 Werner Koch <wk@gnupg.org>
+
+ sm: Create ECC certificates with AKI and SKI by default.
+ + commit 44676819f2873705b78849e7b2fd22214b691642
+ * sm/certreqgen.c (create_request): Create AKI and SKI by default.
+
+ common: New function to extract Q from an ECC key.
+ + commit 3cd9dac7e0976643c6e4b6537cf363b2b12d422f
+ * common/sexputil.c (get_ecc_q_from_canon_sexp): New.
+
+2020-05-18 Werner Koch <wk@gnupg.org>
+
+ sm: Support creation of EdDSA certificates.
+ + commit 6dc3846d78192e393be73c16c72750734a9174d1
+ * sm/misc.c (transform_sigval): Support EdDSA.
+ * sm/certreqgen.c (create_request): Support EdDSA cert creation.
+ * sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to
+ hash algos.
+ * sm/call-agent.c (struct sethash_inq_parm_s): New.
+ (sethash_inq_cb): New.
+ (gpgsm_agent_pksign): Add mode to pass plain data for EdDSA.
+
+ agent: Allow to use SETHASH for arbitrary data.
+ + commit b18fb0264abdb6cb0a99ba0ba941dc9a6e35f74a
+ * agent/agent.h (struct server_control_s): Add field digest.data.
+ * agent/gpg-agent.c (agent_deinit_default_ctrl): Free that field.
+ * agent/command.c (reset_notify): Ditto.
+ (start_command_handler): ditto.
+ (cmd_sethash): Add new option --inquire.
+ * agent/call-scd.c (agent_card_pksign): For now return an error if
+ inquire mode was used.
+ * agent/command-ssh.c (ssh_handler_sign_request): Make sure
+ digest.data is cleared.
+ * agent/divert-scd.c (divert_pksign): Implement inquire mode.
+ * agent/pksign.c (agent_pksign_do): Ditto.
+
+2020-05-13 Werner Koch <wk@gnupg.org>
+
+ sm: Support import and verification of EdDSA certificates.
+ + commit b1694987bb6484405d41d34046a5290176feadd0
+ * sm/certdump.c (gpgsm_get_serial): New.
+ * sm/certcheck.c (gpgsm_check_cert_sig): Support EdDSA signatures.
+
+2020-05-11 Werner Koch <wk@gnupg.org>
+
+ sm: Support signing using ECDSA.
+ + commit f44d395bdfec464b1e2a0a1aef39561e6e48a45c
+ * sm/gpgsm.h (struct certlist_s): Add helper field pk_algo.
+ * sm/sign.c (gpgsm_sign): Store the public key algo. Take the hash
+ algo from the curve. Improve diagnostic output in verbose mode.
+
+2020-05-08 Werner Koch <wk@gnupg.org>
+
+ sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.
+ + commit 68b857df13c8a4e6cae5e3a29fd065bf90764547
+ * sm/decrypt.c (ecdh_decrypt): Support
+ dhSinglePass-stdDH-sha1kdf-scheme. Factor key derive code out to ...
+ (ecdh_derive_kek): new global function. Allow for hashs shorter than
+ the key.
+ (hash_ecc_cms_shared_info): Make file-only.
+ * sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the
+ new ecdh_derive_kek. Add test code to create data using
+ dhSinglePass-stdDH-sha1kdf-scheme.
+ * sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf.
+ * sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf.
+
+ sm: Print algorithm infos in data decryption mode.
+ + commit 439c9b5cb55044f13d4af6563f4e791093d510b0
+ * common/sexputil.c (cipher_mode_to_string): New.
+ * sm/decrypt.c (prepare_decryption): Show cipher algo and mode.
+ (gpgsm_decrypt): Show key algo and fingerprint
+
+ sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.
+ + commit 34b628db4618a8712536aea695f934b0286e7b18
+ * common/sexputil.c (pubkey_algo_to_string): New.
+ * sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
+ * sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
+ * sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
+ * sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA. Use new pubkey
+ algo name function
+
+ sm: Improve readability of the data verification output.
+ + commit a759fa963a42e0652134130029217270b6d5d00b
+ * sm/verify.c (gpgsm_verify): Print the used algorithms.
+
+2020-05-07 Werner Koch <wk@gnupg.org>
+
+ card: Allow listing of NKS cards.
+ + commit 94966347452632f8140fae70f7fcbadcc2b81071
+ * tools/card-call-scd.c (learn_status_cb): Always fill chvinfo.
+ * tools/gpg-card.h (struct card_info_s): Increase size of chvinfo and
+ chvmaxlen.
+ * tools/gpg-card.c (list_nks): New.
+ (print_a_version): Support single part version numbers.
+ (list_card): Call list_nks.
+
+ scd:nks: Add framework to support IDKey cards.
+ + commit 1f6a39092fe4b5f02bc4741a0a23d102d30f4063
+ * scd/app-nks.c (NKS_APP_IDLM): New.
+ (struct app_local_s): Replace NKS_VERSION by the global APPVERSION.
+ (do_learn_status): Always send CHV-STATUS.
+ (find_fid_by_keyref): Basic support for IDLM only use.
+ (do_learn_status_core): Ditto.
+ (do_readcert): Ditto.
+ (verify_pin): Ditto.
+ (parse_pwidstr): Ditto.
+ (do_with_keygrip): Ditto.
+ (switch_application): Ditto.
+ (app_select_nks): Fallback to IDLM.
+
+ scd:nks: Get the PIN prompts right for the Signature Card.
+ + commit aecc008acb64ebbb6c667c4a128af4e61da57f84
+ * scd/app-nks.c (get_dispserialno): Move more to the top.
+ (do_getattr): Add $DISPSERIALNO and SERIALNO. Make CHV-STATUS work
+ with NKS15.
+ (verify_pin): Use dedicated min. PIN lengths.
+ (parse_pwidstr): Support NKS15
+
+ sm: Print the key types as standard key algorithm strings.
+ + commit 5c29d25e6c7c0a5a63ab4c46d4624217307adb78
+ * sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
+ (gpgsm_get_key_algo_info2): new.
+ (gpgsm_pubkey_algo_string): New.
+ * sm/keylist.c (list_cert_colon): Put curve into field 17
+ (list_cert_raw): Print the unified key algotithm string instead of the
+ algo and size.
+ (list_cert_std): Ditto.
+
+ scd:nks: Support decryption using ECDH.
+ + commit af45d884aa1c3eccbc6972a2e5197ece3fd1987a
+ * scd/app-nks.c (struct fid_cache_s): Add field 'algo'.
+ (keygripstr_from_pk_file): Add arg 'r_algo' to return the algo.
+ (find_fid_by_keyref): Ditto.
+ (get_dispserialno): New.
+ (make_prompt): New.
+ (verify_pin): Provide better prompts.
+ (do_decipher): Support ECDH.
+ (parse_pwidstr): Add hack tospecify any pwid..
+ (do_change_pin): Support Signature Card V2.0 (NKS15) style NullPIN.
+ Provide a better prompt.
+
+ sm: Support decryption of ECDH data using a smartcard.
+ + commit ee6d29f1797e06977ae3d2edae9edc1165c6f144
+ * sm/decrypt.c (ecdh_decrypt): Add arg nbits and detect bare secret.
+ (prepare_decryption): Add arg nbits and pass on.
+ (gpgsm_decrypt): Pass size of curve to prepare_decryption.
+
+2020-05-05 Werner Koch <wk@gnupg.org>
+
+ scd: Extend an internal function to also return the algo.
+ + commit 314859d7e7de5010ca1e9d90b83acf3bc8493631
+ * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
+ r_algo. Change all callers.
+ (app_help_get_keygrip_string): Ditto.
+
+2020-05-04 Werner Koch <wk@gnupg.org>
+
+ scd:nks: Add do_with_keygrip and implement a cache.
+ + commit 1e72a1a218490c0fc07811a02ddad6cc38913f77
+ * scd/app-nks.c (struct fid_cache_s): New.
+ (struct app_local_s): Add field 'fid_cache'.
+ (do_deinit): Release the cache.
+ (keygripstr_from_pk_file): Implement the cache.
+ (find_fid_by_keyref): New
+ (do_sign, do_decipher): Use new function.
+ (do_with_keygrip): New.
+
+ sm: Support encryption using ECDH keys.
+ + commit d5051e31a8fc07c339253c6b82426e0d0115a20a
+ * sm/decrypt.c (hash_ecc_cms_shared_info): Make global.
+ * sm/encrypt.c (ecdh_encrypt): New.
+ (encrypt_dek): Add arg PK_ALGO and support ECDH.
+ (gpgsm_encrypt): Pass PK_ALGO.
+
+2020-04-27 Werner Koch <wk@gnupg.org>
+
+ sm: Add support to export ECC private keys.
+ + commit 5da6925a334c68d736804d8f19a684a678409d99
+ * sm/minip12.c [TEST]: Remove test code. Include util.h, tlv.h. and
+ openpgpdefs.h. Remove the class and tag constants and replace them by
+ those from tlv.h.
+ (builder_add_oid, builder_add_mpi): New.
+ (build_key_sequence): Rename to ...
+ (build_rsa_key_sequence): this.
+ (build_ecc_key_sequence): New.
+ (p12_build): Call RSA or ECC builder.
+ (p12_raw_build): Ditto.
+ * sm/export.c (gpgsm_p12_export): Use correct armor header for ECC.
+ (sexp_to_kparms): Support ECC.
+
+ * sm/t-minip12.c: New to replace the former TEST code in minip12.h.
+
+2020-04-24 Werner Koch <wk@gnupg.org>
+
+ common: Add an easy to use DER builder.
+ + commit 5ea878274ef51c819368f021c69c518b9aef6f82
+ * common/tlv-builder.c: New.
+ * common/tlv.c: Remove stuff only used by GnuPG 1.
+ (put_tlv_to_membuf, get_tlv_length): Move to ...
+ * common/tlv-builder.c: here.
+ * common/tlv.h (tlv_builder_t): New.
+
+2020-04-23 Werner Koch <wk@gnupg.org>
+
+ sm: Support decryption of ECDH data.
+ + commit 95d83cf906177fe9f00e88ae42d4c118c7db4371
+ * sm/decrypt.c: Include tlv.h.
+ (string_from_gcry_buffer): New.
+ (hash_ecc_cms_shared_info): New.
+ (ecdh_decrypt): New.
+ (prepare_decryption): Support ECDH. Add arg pk_algo.
+ (gpgsm_decrypt): Lift some variables from an inner code block.
+
+ common: Add functions to help create DER objects.
+ + commit 5d015b38eb9f828acf522fa89e4944f3b343678c
+ * common/tlv.c (put_tlv_to_membuf): New.
+ (get_tlv_length): New.
+ * common/tlv.h: Include membuf.h.
+
+2020-04-21 Werner Koch <wk@gnupg.org>
+
+ sm: Support import of PKCS#12 encoded ECC private keys.
+ + commit 8dfef5197af9f655697e0095c6613137d51c91e7
+ * sm/minip12.c: Include ksba.h.
+ (oid_pcPublicKey): New const.
+ (parse_bag_data): Add arg 'r-curve'. Support parsing of ECC private
+ keys.
+ (p12_parse): Add arg 'r_curve'.
+ * sm/import.c (parse_p12): Support ECC import.
+
+2020-04-17 Werner Koch <wk@gnupg.org>
+
+ scd:nks: Allow retrieving certificates from a Signature Card v.20.
+ + commit f05a32e5c9db7d0840c74fccc350a9e0ff5fb819
+ * scd/app-nks.c: Major rework to support non-RSA cards.
- common: Change argument order of log_printhex.
- + commit c6324ee07a9ff2a626d6dfcc094a67b62628d42e
- * common/logging.c (log_printhex): Chnage order of args. Make it
- printf alike. Change all callers.
- * configure.ac: Add -Wno-format-zero-length
+ scd: Detect missing card in "getinfo all_active_apps".
+ + commit 3633ca6e21f7feb97b6690025614575bb6909f8b
+ * scd/app.c (send_card_and_app_list): Detect no app case.
2020-04-16 Werner Koch <wk@gnupg.org>
sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.
- + commit aec7d136e4bdfd53709dc04e3e92f4c50135d368
+ + commit bbb7edb8807b7d3c8bb5284d8fdf21adb67cd87d
* sm/certchain.c (find_up): Disable external lookups in offline mode.
Always allow AKI lookup if CRLs are also enabled.
sm: Lookup missing issuers first using authorityInfoAccess.
- + commit d57209553da7da85a369cd362aabeaef07e0bc26
+ + commit f5efbd5a1169ca7700f430a4a26ba086e603c887
* sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and
adjust all callers.
* sm/certchain.c (oidstr_caIssuers): New.
(find_up): Try the AIA URI first.
dirmngr: Allow http URLs with "LOOKUP --url"
- + commit 3b27c26241ee25cf75555e11d9bb463faac8237d
+ + commit 7f1be1ea524ee53d8c7b628e0305b61ebad4ab25
* dirmngr/crlfetch.c (read_cert_via_http): New.
(fetch_cert_by_url): Implement http scheme.
- gpg: Add missing options --no-include-key-block.
- + commit 7dbfd92b3e231cfe111c8832ff1048305c8d2d92
- * g10/gpg.c (opts): Add it.
-
gpg: Make AEAD modes subject to compliance checks.
- + commit 37b116db20080f6e1c6ca1dec79014fecf2c3248
+ + commit cec397e00240829495de2b487fe60d997d810c03
* g10/decrypt-data.c (decrypt_data): Move aead algo detection up.
- gpg: Show AEAD preferences.
- + commit ab7a0b07024c432233e691b5e4be7e32baf8d80f
- * g10/packet.h (preftype_t): Add PREFTYPE_AEAD.
- * g10/keyedit.c (show_prefs): Print AEAD preferences.
- * g10/getkey.c (fixup_uidnode): Set AEAD flags.
- (merge_selfsigs): Ditto.
-
- gpg: Support decryption of the new AEAD packet.
- + commit 1dfe71c62b184c84723c5f926f2596f46ee967cf
- * common/openpgpdefs.h (aead_algo_t): New.
- (pkttype_t): Add PKT_ENCRYPTED_AEAD.
- * g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
- AEAD.
- (aead_set_nonce_and_ad): New.
- (aead_checktag): New.
- (decrypt_data): Support AEAD.
- (aead_underflow): New.
- (aead_decode_filter): New.
- * g10/dek.h (DEK): Add field use_aead. Turn use_mdc,
- algo_info_printed, and symmetric into bit flags.
- * g10/mainproc.c (struct mainproc_context): Add field
- seen_pkt_encrypted_aead.
- (release_list): Clear it.
- (have_seen_pkt_encrypted_aead): New.
- (symkey_decrypt_seskey): Support AEAD.
- (proc_symkey_enc): Ditto.
- (proc_encrypted): Ditto.
- (proc_plaintext): Ditto.
- * g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
- (openpgp_aead_test_algo): New.
- (openpgp_aead_algo_name): New.
- (openpgp_aead_algo_info): New.
- * g10/packet.h (PKT_symkey_enc): Add field use_aead.
- (PKT_user_id): Add field flags.aead
- (PKT_public_key): Ditto.
- (PKT_encrypted): Add fields for AEAD.
- * g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
- (parse_symkeyenc): Support AEAD.
- (parse_encrypted): Ditto.
- (dump_sig_subpkt): Dump AEAD preference packet.
- (parse_encrypted_aead): New.
-
2020-04-15 Werner Koch <wk@gnupg.org>
- gpg: Improve symmetric decryption speed by about 25%
- + commit 144b95cc9d0f03a2fe5d91120f6b4b30f4bb8f71
- * g10/decrypt-data.c (mdc_decode_filter, decode_filter): Fatcor buffer
- filling code out to ...
- (fill_buffer): new.
-
- gpg: Reformat parts of decrypt-data.c.
- + commit 2f39e00b6b7d2aa57cd268c579127947042a0fcf
- * g10/decrypt-data.c (struct decode_filter_context_s): Rename 'defer'
- to 'holdback' and 'defer_filled' to 'holdbacklen'. Increase size of
- holdback to allow for future AEAD decryption. Turn 'partial' and
- 'eof_seen' into bit fields.
- (decrypt_data): Replace write_status_text by write_Status_printf.
- Indent parts of the code.
+ gpg: Fix broken setting of AEAD algo.
+ + commit df0edaf91a220f8c6dffbfd1f795e229858b096b
+ * g10/main.h (DEFAULT_AEAD_ALGO): Set to OCB.
sm,dirmngr: Restrict allowed parameters used with rsaPSS.
- + commit ddc74f50d42370421b4802dc13df88f0ca2fcee5
+ + commit c0d5c673542b3d517c33fe1a9ab26bcda1a5a95f
* sm/certcheck.c (extract_pss_params): Check the used PSS params.
* dirmngr/crlcache.c (finish_sig_check): Ditto.
* dirmngr/validate.c (check_cert_sig): Ditto.
+2020-04-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ regexp: Fix generation of _unicode_mapping.c.
+ + commit 50b320952e99ea20f9b77c6c501280fe37fd2598
+ * configure.ac (AWK_HEX_NUMBER_OPTION): Detect GNU Awk.
+ * regexp/Makefile.am: Use AWK_HEX_NUMBER_OPTION.
+ * regexp/parse-unidata.awk: Don't use strtonum.
+
+2020-04-14 Werner Koch <wk@gnupg.org>
+
sm: Support rsaPSS verification also for CMS signatures.
- + commit 24d563749f50f51841b3fd00eb615a871e45bb28
+ + commit 6c28d9343ea6df9cda1b69e77751a9e958eb3d70
* sm/certcheck.c (gpgsm_check_cert_sig): Factor PSS parsing out to ...
(extract_pss_params): new.
(gpgsm_check_cms_signature): Implement PSS.
+2020-04-09 Werner Koch <wk@gnupg.org>
+
dirmngr: Support rsaPSS also in the general validate module.
- + commit 8bf17eb94d0d85f34477ec0c2c0514000b6aa045
+ + commit ba34f1415366d91d1831d717ec310ddda33f9cc4
* dirmngr/validate.c (hash_algo_from_buffer): New.
(uint_from_buffer): New.
(check_cert_sig): Support rsaPSS.
error.
sm,dirmngr: Support rsaPSS signature verification.
- + commit 0626cc8fed340deb36f0c10e7a68afc287d0f626
+ + commit b45ab0ca08f8d6f9831192210b9ab141f4e450cf
* sm/certcheck.c (hash_algo_from_buffer): New.
(uint_from_buffer): New.
(gpgsm_check_cert_sig): Handle PSS.
(crl_parse_insert): Pass use_pss flag along.
common: New function to map hash algo names.
- + commit 4d37cc72b83f601118c2c6c79d9d96c85e250f7e
+ + commit 5d5b70ae0f515290a3d64daa1d687fe8c8477f76
* common/sexputil.c (hash_algo_to_string): New.
scd:p15: Return a display S/N via Assuan.
- + commit 39e2260d7e05ef2fd6ff94a1bc538cf0d640193c
+ + commit bfedc760efdcf606da7c214e84d12a10ee4cbcc0
* scd/app-p15.c (make_pin_prompt): Factor some code out to ...
(get_dispserialno): this.
(do_getattr): Use new fucntion for a $DISPSERIALNO.
+2020-04-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: ECDH: Accept longer padding.
+ + commit fd79cadf7ba5ce45dfb5e266975f58bf5c7ce145
+ * g10/pubkey-enc.c (get_it): Remove check which mandates shorter
+ padding.
+
+2020-04-07 Werner Koch <wk@gnupg.org>
+
scd:p15: Show a pretty PIN prompt.
- + commit beaa2cbb7f039c6ebfcfff483cfe6002a858993d
+ + commit 9ec8d984be4676126843d5aa7dfd0b7d71eff13c
* scd/app-p15.c (struct prkdf_object_s): New fields common_name and
serial_number.
(release_prkdflist): Free them.
(do_sign): Remove debug output.
scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word.
- + commit 9e6a3290dad1b19144a2b413902e9918094a2cea
+ + commit f28795b615c3042f6eb7c9d941e232d0da50efbc
* scd/iso7816.c (map_sw): Detect 0x63Cn status code.
scd: Factor common PIN status check out.
- + commit 9497d25c567d4fb8b6be603b102a149060e7aa56
+ + commit 60d018f6a91c4c90b8ecf13f88ac4256699f4007
* scd/iso7816.h (ISO7816_VERIFY_ERROR): New.
(ISO7816_VERIFY_NO_PIN): New.
(ISO7816_VERIFY_BLOCKED): New.
(ISO7816_VERIFY_NOT_NEEDED): New.
* scd/iso7816.c (iso7816_verify_status): New.
* scd/app-nks.c (get_chv_status): Use new function.
+ * scd/app-piv.c (get_chv_status): Ditto.
+ (verify_chv): Ditto.
scd:p15: Fix decrypt followed by sign problem for D-Trust cards.
- + commit 471b06e91b6ae47e1f71cd7a698763cd9d32ff12
+ + commit 42ddcc87f4bca40d605d133b6cdb4e761a49a1c9
* scd/iso7816.c (iso7816_select_mf): New.
* scd/app-p15.c (card_product_t): New.
(struct app_local_s): Add field 'card_product'.
(read_ef_tokeninfo): Detect D-Trust card.
(prepare_verify_pin): Switch to D-Trust AID.
- (do_decipher): Restore a SE for D-TRust cards. Change the padding
+ (do_decipher): Restore a SE for D-TRust cards. Chnage the passing
indicator to 0x81.
- * common/percent.c (percent_data_escape): new. Taken from master.
+2020-04-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ tools: Use internal regexp routines.
+ + commit 7ee2a9687da9560a5d17c7046c87c2f7a6733d5c
+ * tools/gpg-check-pattern.c: Use jimregexp.h.
+
+2020-04-03 Werner Koch <wk@gnupg.org>
scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID.
- + commit 4148976841d154c94e6d1d4dcc1720908582086b
+ + commit aa60645b997d23ac2958f75fd349c1cd7b8af902
* scd/app-p15.c (read_ef_tokeninfo): Store manufacturer_id.
(do_getattr): Implement MANUFACTURER, $ENCRKEYID and $SIGNKEYID.
(send_keypairinfo): Also print usage flags.
- gpg: Use the new MANUFACTURER attribute.
- + commit 88b456bdf4e4763e8f1b718f5597d4d075d989cd
+ gpg,card: Use the new MANUFACTURER attribute.
+ + commit 15352b0eac335e7993fcd7720106a3a7d22caae1
+ * tools/gpg-card.h (struct card_info_s): Add manufacturer fields.
+ * tools/card-call-scd.c (release_card_info): Release them.
+ (learn_status_cb): Parse MANUFACTURER attribute.
+ * tools/gpg-card.c (get_manufacturer): Remove.
+ (list_card): Use the new attribute.
* g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields.
* g10/call-agent.c (agent_release_card_info): Release them.
(learn_status_cb): Parse MANUFACTURER attribute.
(current_card_status): Use new attribute.
scd:openpgp: New attribute "MANUFACTURER".
- + commit 431b3e68e071d2bdc22b2c845ca929182830ddbd
+ + commit 541a6a903e79c9146a379f5c6c0fb34e6c2b42c4
* scd/app-openpgp.c (get_manufacturer): New..
(do_getattr): Add new attribute "MANUFACTURER".
(do_learn_status): Always print it.
+2020-04-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Add regular expression support.
+ + commit ba247a114c75a84473c11c1484013b09fbb9bcd1
+ * AUTHORS, COPYING.other: Update.
+ * Makefile.am (SUBDIRS): Add regexp sub directory.
+ * configure.ac (DISABLE_REGEX): Remove.
+ * g10/Makefile.am (needed_libs): Add libregexp.a.
+ * g10/trustdb.c: Remove DISABLE_REGEX support.
+ * regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
+ regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
+ * regexp/UnicodeData.txt: New from Unicode.
+ * regexp/Makefile.am, regexp/parse-unidata.awk: New.
+ * tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
+ * tools/Makefile.am: Remove DISABLE_REGEX support.
+
+2020-04-02 Werner Koch <wk@gnupg.org>
+
+ scd:p15: Implement do_with_keygrip and capabilities.
+ + commit 61c5b0767fac4c2d7fe95cdbc6d0f0a94878c813
+ * scd/app-p15.c (prepare_verify_pin): Allow use without an AODF.
+ (verify_pin): Ditto.
+ (do_with_keygrip): Implement capability restrictions.
+
scd:p15: Rename some variables and functions for clarity.
- + commit b0cb2c2ab8c71738167785564698c43b50c15fee
+ + commit 8149742ddfea6c76898786cb7de7c92bbf8aab0a
* scd/app-p15.c: Rename keyinfo to prkdf.
+ scd: Use Gcrypt usage constants for the do_with_keygrip capabilities.
+ + commit 5b7b42e2b2b7ba7b88f89ff4b4ee7baf0eef2a04
+ * scd/command.c (cmd_keyinfo): Use Gcrypt constants for CAP.
+ * scd/app-openpgp.c (do_with_keygrip): Adjust for them.
+ * scd/app-piv.c (do_with_keygrip): Ditto.
+
+2020-04-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: New command DEVINFO.
+ + commit 2ccbcfec121f768574a59aa2ecff22d8b422d61b
+ * scd/app.c (notify_cond): New condition variable.
+ (app_send_devinfo, app_wait): New.
+ (scd_update_reader_status_file): Kick NOTIFY_COND.
+ (initialize_module_command): Initialize NOTIFY_COND.
+ * scd/command.c (struct server_local_s): Add watching_status.
+ (cmd_devinfo): New.
+ (register_commands): Add DEVINFO command.
+ (send_client_notifications): Write status change to DEVINFO channel.
+ * scd/scdaemon.h (app_wait, app_send_devinfo): New.
- Backported from master. Removed the do_with_keygrip related parts
- because that function is not available.
+2020-04-01 Werner Koch <wk@gnupg.org>
scd:p15: Cache the PIN.
- + commit 133b6ff8cd0c938abbf55ba6dc50299240d247f6
+ + commit 29f8f52bf8161c238c26389ab178caa98801234e
* scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified.
(verify_pin): Make use of it.
-2020-04-08 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: ECDH: Accept longer padding.
- + commit 2f08a4f25df7d1cbf037bdf0d7f5c1ef5859fa1e
- * g10/pubkey-enc.c (get_it): Remove check which mandates shorter
- padding.
-
-2020-04-01 Werner Koch <wk@gnupg.org>
-
- scd:p15: Add missing keygrip retrieval for decryption.
- + commit b95a0bfbba75025761aa163eca74c7653d76981a
- * scd/app-p15.c (do_decipher): Get the keygrip.
+ scd:p15: Run a keygrip_from_prkdf before verify_pin.
+ + commit 132d82c1582009013af5c7bdb17cbaaa8807c70e
+ * scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN
+ verification.
+ (do_decipher): Add keygrip_from_prkdf.
scd:p15: Support decryption with CardOS 5 cards.
- + commit 4af38ea5e450b3eb79af98b9876b2b968110a459
+ + commit ca4391399c690a45270cca30f03ac564c394c1f6
* scd/app-p15.c (do_decipher): New.
scd:p15: Factor PIN verification out to a new function.
- + commit ce9406ca370b482c05c859d963949ae75c99cb6f
+ + commit 375b1454875ff079efc122e33b1216b412eecfaf
* scd/app-p15.c (do_sign): Factor code out to ...
(prepare_verify_pin, verify_pin): new functions.
+ sm: Fix a warning in an es_fopencooie function.
+ + commit c7ff8c59b9252f8f27cabee3fea503f06c7d46ff
+ * sm/certdump.c (format_name_writer): Take care of a flush request.
+
+2020-03-31 Werner Koch <wk@gnupg.org>
+
scd:p15: Support signing with CardOS 5 cards.
- + commit e730444e7b7502b935bbe343935f68f764b95b96
+ + commit 103c1576b73ed75b771a8ffd1c97628651b99797
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_pkey and change all callers.
(app_help_get_keygrip_string): Ditto.
the algo and length of the key ion the object.
(keyref_from_keyinfo): New. Factored out code.
(do_sign): Support SHA-256 and >2048 bit RSA keys.
- common/scd:p15: Support signing with CardOS 5 cards.
- * common/util.h (KEYGRIP_LEN): New.
+ (do_with_keygrip): New.
+ (app_select_p15): Register new function.
scd:p15: Read certificates in extended mode.
- + commit 368f006a2840cd6b37caf7b4b98a16b818ac2289
+ + commit 2bdd4fc7b6cfd9ac5410d20f1cee66567a6b24c5
* scd/app-p15.c (readcert_by_cdf): Allow reading in extended mode.
- * scd/app-common.h (app_get_slot): New.
scd: Add function for binary read in extended mode.
- + commit 64142caafe5c89ad4db36b47c2dc917a9ac66a8e
+ + commit c9ad81070a2bb1116d3f096a440c43e57e6f933a
* scd/iso7816.c (iso7816_read_binary): Factor code out to ...
(iso7816_read_binary_ext): new function. Add arg extended_mode.
+2020-03-30 Werner Koch <wk@gnupg.org>
+
scd:p15: Detect CardOS 5 cards and print some basic infos.
- + commit 60b0aa7e57e787cbeca22adf77b330f753553d87
+ + commit 8a68d497f1dd0b124318eb47db9da0c4b64c8b8b
* scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly. Silence
the garbage warning for null bytes.
(print_tokeninfo_tokenflags): New.
(CARD_TYPE_CARDOS_50): New const.
(card_atr_list): Detect CardOS 5.0
-2020-03-30 Werner Koch <wk@gnupg.org>
-
- wks: Take name of sendmail from configure.
- + commit 76d2a02dfe8f923c0d4d8ef86ca71a9ac47c243d
- * configure.ac (NAME_OF_SENDMAIL): New ac_define.
- * tools/send-mail.c (run_sendmail): Use it.
-
agent: Print an error if gpg-protect reads the extended key format.
- + commit 011a2f5fb77c7963f25550e423160507818f7a91
+ + commit c5c21a064671dc8e461434d19cbde67b89df25e2
* agent/protect-tool.c (read_key): Detect simple extended key format.
sm: Fix possible NULL deref in error messages of --gen-key.
- + commit 2b4b0b1223aab955aafa2a150fe2dbc04c210bcd
- * sm/certreqgen.c: Protect printing the line numbers in case of !R.
+ + commit 9c5c7c6f602c84589cd5c93a85a27b416e744338
+ * sm/certreqgen.c: Protect printing the liniernur in case of !R.
2020-03-27 Werner Koch <wk@gnupg.org>
sm: Consider certificates w/o CRL DP as valid.
- + commit 1424c12e4c7164990797a0a1daa3db6f3329aed4
+ + commit 0b583a555e75fbb9140310390a267febd3329a12
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
-2020-03-20 Werner Koch <wk@gnupg.org>
+ scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3.
+ + commit 4c4999b8185ace55eb5f3a6fa7d3dc0a77267b63
+ * scd/app-openpgp.c (check_keyidstr): Add optional arg r_use_auth to
+ test also for OpenPGP.3.
+ (do_sign): Enable that new mode.
- Release 2.2.20.
- + commit 5094bb08edd48087a5aa89494fc361f0ce4f34aa
- * build-aux/speedo.mk (sign-installer): Fix syntax error.
+2020-03-27 NIIBE Yutaka <gniibe@fsij.org>
-2020-03-19 Werner Koch <wk@gnupg.org>
+ gpgsm: Fix the previous commit.
+ + commit e06a8e3e87f044a5bf6ee06f92cc4fd2a0914863
- gpgconf: Take care of --homedir when reading/updating options.
- + commit b92860a8b9d253661de0060623e920b3f58e4443
- * tools/gpgconf-comp.c (gc_component_check_options): Take care of
- --homedir.
- (retrieve_options_from_program): Ditto.
-2020-03-18 NIIBE Yutaka <gniibe@fsij.org>
+2020-03-26 NIIBE Yutaka <gniibe@fsij.org>
- scd: Fix pinpad handling when KDF enabled.
- + commit 133248b297a1d72897f280d8bd21081cd6ebd66c
- * scd/app-openpgp.c (do_getattr): Send the KDF DO information.
+ gpgsm: Support key generation with ECC.
+ + commit 49ea53b755f0fef468055a1493e790735908f865
+ * sm/certreqgen.c (pKEYCURVE): New.
+ (read_parameters): Add pKEYCURVE handling.
+ (proc_parameters): Support ECC key generation.
- scd: Disable pinpad if it's impossible by KDF DO.
- + commit b27e20a95cb7af59dcaa6e59aacf52ed766be1f3
- * scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field.
- (do_getattr): Set pinpad.disabled field.
- (check_pinpad_request): Use the pinpad.disabled field.
- (do_setattr): Update pinpad.disabled field.
+ gpgsm: Remove restriction of key generation (only RSA).
+ + commit 238707db8b05a385af5419e606ea5110ace31d2b
+ * sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA.
-2020-03-18 Werner Koch <wk@gnupg.org>
+2020-03-19 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Take care of --homedir when reading/updating options.
+ + commit c1844ca7520f9a67bff85ee4fbf49c6725668289
+ * tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
+ (scdaemon_runtime_change): Ditto.
+ (dirmngr_runtime_change): Ditto.
+ (gc_component_check_options): Pass --homedir if needed.
+ (retrieve_options_from_program): Take care of --homedir.
- gpg: Print a hint for --batch mode and --delete-secret-key.
- + commit fbe318475236166b54e19d228bf9b24e442e0fa5
- * g10/delkey.c: Include shareddefs.h.
- (delete_keys): Print a hint.
+2020-03-18 Werner Koch <wk@gnupg.org>
- dirmngr: Improve finding OCSP cert.
- + commit 25dc0e5b1eb02f79946a86c799c7720001a296bc
- * dirmngr/certcache.c (find_cert_bysubject): Add better debug output
- and try to locate by keyid.
+ gpg: Also allow a v5 fingerprint for --trusted-key.
+ + commit 4287f89557b3bc9ab2876331e1bcb143d759fb47
+ * g10/trustdb.c (tdb_register_trusted_key): Add case for 32 octet
+ fingerprints.
2020-03-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gpg: Update --trusted-key to accept fingerprint as well as long key id.
- + commit b6d89d1944c55f302fb797cce0e007f59aabaf54
+ + commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb
* g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
as long key ID.
* doc/gpg.texi: document that --trusted-key can accept a fingerprint.
gniibe@fsij.org
gpg: Fix key expiration and usage for keys created at the Epoch.
- + commit e77f332b01f13af606ae0158dabcd644c274e456
+ + commit 161a098be6f9d50fb5f7e120baee81e75d6eb5ad
* g10/getkey.c (merge_selfsigs_main): Take a zero key creation time in
account.
2020-03-14 Werner Koch <wk@gnupg.org>
- gpg: New option --auto-key-import.
- + commit 95b42278cafe7520d87168fb993ba715699e6bb6
- * g10/gpg.c (opts): New options --auto-key-import,
- --no-auto-key-import, and --no-include-key-block.
- (gpgconf_list): Add them.
- * g10/options.h (opt): Add field flags.auto_key_import.
- * g10/mainproc.c (check_sig_and_print): Use flag to enable that
- feature.
- * tools/gpgconf-comp.c: Give the new options a Basic config level.
+ gpgconf: Further simplify the gpgconf option processing.
+ + commit 451cd1b3928172b312ca2597c3318e6e9e8be97d
+ * common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
+ * tools/gpgconf-comp.c: here.
+ (known_options_scdaemon): Remove "options".
+ (known_options_dirmngr): Remove "options".
+ (known_options_gpgsm): Remove "options".
+ (known_options_gpg): Remove "options" and "keyserver".
+ (struct gc_option_s): Rename active t gpgconf_list.
+ (gc_component_list_options): Do not act upon active.
+ (option_check_validity): Ditto.
+ (is_known_option): Make it work correctly for unknown options.
+ (retrieve_options_from_program): Use renamed flag gpgconf_list only to
+ detect duplicated items from --gpgconf-list. Do not set runtime.
+ Only e set the options if set by --gpgconf-list; never clear them.
+ * agent/gpg-agent.c: Simplify the --gpgconf-list output.
+ * dirmngr/dirmngr.c: Ditto.
+ * g10/gpg.c: Ditto.
+ * kbx/keyboxd.c: Ditto.
+ * scd/scdaemon.c: Ditto.
+ * sm/gpgsm.c: Ditto.
+ * tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
+ for the string arg test.
+
+ gpg: New option --auto-key-import.
+ + commit 6b306f45f4fbe36b90cec4685aabb267a61e283f
+ * g10/gpg.c (opts): New options --auto-key-import,
+ --no-auto-key-import, and --no-include-key-block.
+ (gpgconf_list): Add them.
+ * g10/options.h (opt): Add field flags.auto_key_import.
+ * g10/mainproc.c (check_sig_and_print): Use flag to enable that
+ feature.
+ * tools/gpgconf-comp.c: Give the new options a Basic config level.
+
+2020-03-13 Werner Koch <wk@gnupg.org>
+
+ gpg: Make use of the included key block in a signature.
+ + commit 6a4443c8425fd548020553b22d5a16ffad98371f
+ * g10/import.c (read_key_from_file): Rename to ...
+ (read_key_from_file_or_buffer): this and add new parameters. Adjust
+ callers.
+ (import_included_key_block): New.
+ * g10/packet.h (PKT_signature): Add field flags.key_block.
+ * g10/parse-packet.c (parse_signature): Set that flags.
+ * g10/sig-check.c (check_signature2): Add parm forced_pk and change
+ all callers.
+ * g10/mainproc.c (do_check_sig): Ditto.
+ (check_sig_and_print): Try the included key block if no key is
+ available.
+
+ gpg: New option --include-key-block.
+ + commit 865d485180240369a20d3be14d0c6499783df2b5
+ * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
+ * g10/gpg.c (oIncludeKeyBlock): New.
+ (opts): New option --include-key-block.
+ (main): Implement.
+ * g10/options.h (opt): New flag include_key_block.
+ * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
+ (parse_one_sig_subpkt): Ditto.
+ (can_handle_critical): Ditto.
+ * g10/sign.c (mk_sig_subpkt_key_block): New.
+ (write_signature_packets): Call it for data signatures.
+
+ gpg: Add property "fpr" for use by --export-filter.
+ + commit 32493ce50ad880de7b548d7870c6040a8233a8f5
+ * g10/export.c (push_export_filters): New.
+ (pop_export_filters): New.
+ (export_pubkey_buffer): Add args prefix and prefixlen. Adjust
+ callers.
+ * g10/import.c (impex_filter_getval): Add property "fpr".
+ * g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
+
+2020-03-12 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Rewrite the gpgconf-comp module.
+ + commit b4f1159a5bd7b2799d7d35e883e0632ebf3339c8
+ * tools/gpgconf.h (gc_component_t): Change type to ...
+ (gc_component_id_t): this.
+ (GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
+ directly.
+ * tools/gpgconf-comp.c: Major rework.
+
+2020-03-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Re-group the options in the --help output.
+ + commit 41eb5108ce59244d961df43bbf73b8aa6e95e9cd
+ * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
+ use ARGPARSE_ignore and remove the code in the option switch.
+
+ agent: Re-group the options in the --help output.
+ + commit c693b7f4ade97357c33b410728bb741674255487
+ * agent/gpg-agent.c (oGreeting): Remove non existant dummy option.
+
+ gpgconf: Support reading global options (part 2).
+ + commit 4423e9dcde5e1a8d73ff7386942fe3c0c4b917fc
+ * tools/gpgconf-comp.c: Remove all regular option descriptions. They
+ are now read in from the component. Also remove a few meanwhile
+ obsolete options.
+ * agent/gpg-agent.c: Add option description which were only set in
+ gpgconf-comp.c.
+ * dirmngr/dirmngr.c: Ditto.
+ * scd/scdaemon.c: Ditto.
+ * sm/gpgsm.c: Ditto.
+ * g10/gpg.c: Ditto.
+
+2020-03-05 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Support reading global options (part 1).
+ + commit d2425d1495f4fe4f5c3a79d7dc5571fda00849d8
+ * tools/gpgconf.c (main): Set the coinfig directories.
+ * tools/gpgconf-comp.c (gc_backend): Change the name of the config
+ files.
+ (struct gc_option): Add new field 'attr'.
+ (retrieve_options_from_program): Rewrite to use gpgrt_argparser.
+
+2020-03-04 Werner Koch <wk@gnupg.org>
+
+ common: Add xreallocarray function.
+ + commit 6fa1808cb7639f0f3745b78c4b7ce902e42b228c
+ * common/miscellaneous.c (xreallocarray): New func.
+ * common/util.h (xtryreallocarray): New macro.
+
+2020-03-03 Werner Koch <wk@gnupg.org>
+
+ gpgconf: Always use xmalloc.
+ + commit 178b3772ff79148b496715da1b8ca5ba86caf2bc
+ * tools/gpgconf-comp.c: Fix spelling of "cannot". Use log_assert
+ instead of a plain assert.
+ (gc_percent_escape, percent_deescape): Fail on malloc error.
+
+2020-02-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix the previous commit.
+ + commit 19f70b5072b2ef80759ced83fe0dac9cf4dde830
+ * scd/app-openpgp.c (do_setattr): Flush the KDF DO just before setting.
+
+ scd: Improve setattr for KDF.
+ + commit 3ba7c9bcf7f19b0a308499fcf3dbbb15da38799a
+ * scd/app-openpgp.c (do_setattr): For setting KDF DO, support standard
+ OpenPGP card, which needs to update PIN.
+
+ scd: Fix pinpad handling when KDF enabled.
+ + commit 11da441016222337284c519ff56aca34e3042373
+ * scd/app-openpgp.c (do_getattr): Send the KDF DO information.
+
+2020-02-25 Werner Koch <wk@gnupg.org>
+
+ gpg: Re-enable versioned config files.
+ + commit 79f2318aa5c54c57220aa73251635d21cee0ccfa
+ * g10/gpg.c (main): Use ARGPARSE_FLAG_USERVERS.
+
+ gpg: Re-add checking of config file permissions.
+ + commit 7e8f28653c1b4305758a61c064d793e32ba633d5
+ * g10/gpg.c (main): Re-add permission checking of the user config
+ file. Re-add code to check against the SE-Linux secured file list.
+ (get_default_configname): Remove unused func.
+ * configure.ac (SAFE_VERSION, SAFE_VERSION_DOT)
+ (SAFE_VERSION_DASH): Remove.
+
+2020-02-22 Werner Koch <wk@gnupg.org>
+
+ Use gpgrt's new option parser for the new keyboxd.
+ + commit 833c04334a53530bd40d7dd815b6a0f1ffef296d
+ * kbx/keyboxd.c: Switch to the new option parser and enable a global
+ conf file.
+
+ agent,dirmngr: Re-read the user specified config file.
+ + commit 941a48f9b12b4c470686321bf4fd58c23b6cf86d
+ * agent/gpg-agent.c (reread_configuration): Use a two-part config
+ file.
+ * dirmngr/dirmngr.c (reread_configuration): Ditto.
+
+ Remove the now obsolete argparse code.
+ + commit cdbe10b762f38449b86da69076209324b0c99982
+ * tests/gpgscm/main.c: Switch to the new option parser.
+ * common/argparse.c, common/argparse.h: Remove.
+ * common/init.c (_init_common_subsystems): Do not call obsolete func.
+ * common/Makefile.am (common_sources): Remove those files.
+
+2020-02-21 Werner Koch <wk@gnupg.org>
+
+ Use gpgrt's new option parser for the remaining daemons.
+ + commit ba463128ce65a0f347643f7246a8e097c5be19f1
+ * scd/scdaemon.c: Switch to the new option parser and enable a global
+ conf file.
+ * dirmngr/dirmngr.c: Ditto.
+ * g13/g13.c: Ditto.
+ * g13/g13-syshelp.c: Ditto. Do not force verbose mode.
+ * dirmngr/dirmngr_ldap.c: Switch to the new option parser.
+ * dirmngr/dirmngr-client.c: Switch to the new option parser.
+
+ Use gpgrt's new option parser for the tools.
+ + commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
+ * agent/preset-passphrase.c: Switch to the new option parser.
+ * agent/protect-tool.c: Ditto.
+ * kbx/kbxutil.c: Ditto.
+ * tools/gpg-card.c: Ditto.
+ * tools/gpg-check-pattern.c: Ditto.
+ * tools/gpg-connect-agent.c: Ditto.
+ * tools/gpg-pair-tool.c: Ditto.
+ * tools/gpg-wks-client.c: Ditto.
+ * tools/gpg-wks-server.c: Ditto.
+ * tools/gpgconf.c: Ditto.
+ * tools/gpgsplit.c: Ditto.
+ * tools/gpgtar.c: Ditto.
+
+2020-02-20 Werner Koch <wk@gnupg.org>
+
+ Use gpgrt's new option parser for gpgc, gpgsm, and gpg-agent.
+ + commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
+ * g10/gpgv.c: Use new option parser.
+ * sm/gpgsm.c: Ditto.
+ * agent/gpg-agent.c: Ditto.
+ (opts): Add option --no-options.
+
+ gpg: Use gpgrt's new option parser to provide a global conf file.
+ + commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59
+ * common/util.h: Remove argparse.h.
+ * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
+ * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
+ * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
+ argparse.h. Do this also for all main modules which use our option
+ parser except for gpg. Replace calls to strusage by calls to
+ gpgrt_strusage everywhere.
- gpg: Make use of the included key block in a signature.
- + commit b42d9f540c7484e45cfc997f77e360d0f0ec4bb9
- * g10/import.c (read_key_from_file): Rename to ...
- (read_key_from_file_or_buffer): this and add new parameters. Adjust
- callers.
- (import_included_key_block): New.
- * g10/packet.h (PKT_signature): Add field flags.key_block.
- * g10/parse-packet.c (parse_signature): Set that flags.
- * g10/sig-check.c (check_signature2): Add parm forced_pk and change
- all callers.
- * g10/mainproc.c (do_check_sig): Ditto.
- (check_sig_and_print): Try the included key block if no key is
- available.
+ * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
+ oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
+ (main): Change type of pargs to gpgrt_argparse_t. Rework the option
+ parser to make use of the new gpgrt_argparser.
- gpg: New option --include-key-block.
- + commit d79ebee64ea582da3c3be69cc23e146e2db3738b
- * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
- * g10/gpg.c (oIncludeKeyBlock): New.
- (opts): New option --include-key-block.
- (main): Implement.
- * g10/options.h (opt): New flag include_key_block.
- * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
- (parse_one_sig_subpkt): Ditto.
- (can_handle_critical): Ditto.
- * g10/sign.c (mk_sig_subpkt_key_block): New.
- (write_signature_packets): Call it for data signatures.
+2020-02-19 Werner Koch <wk@gnupg.org>
- gpg: Add property "fpr" for use by --export-filter.
- + commit 2baa00ea186359f758fea5cb61aff99b09fec821
- * g10/export.c (push_export_filters): New.
- (pop_export_filters): New.
- (export_pubkey_buffer): Add args prefix and prefixlen. Adjust
- callers.
- * g10/import.c (impex_filter_getval): Add property "fpr".
- * g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
+ card: New option --info for command list and select by s/n.
+ + commit ee911df979e9b53787162367865ca24682adae6e
+ * tools/gpg-card.c (cmd_list): add option --info. Factor soem code
+ out to ...
+ (print_card_list): new.
2020-02-19 NIIBE Yutaka <gniibe@fsij.org>
gpg: Fix default-key selection when card is available.
- + commit 1cdd9e57f701f0d99d118d32adffe5216a94b0b2
+ + commit 41913d76f7db4a7dabab26c1bc439c96ad86712f
* g10/getkey.c (get_seckey_default_or_card): Handle the case
when card key is not suitable for requested usage.
+2020-02-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ Spelling cleanup.
+ + commit 0904b8ef348a52335c378bee6dc90a978885d66f
+ No functional changes, just fixing minor spelling issues.
+
+ ---
+
+ Most of these were identified from the command line by running:
+
+ codespell \
+ --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
+ --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
+ doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
+ NEWS README README.maint TODO
+
2020-02-19 Nick Piper <nick.piper@cgi.com>
doc: Correction of typo in documentation of KEY_CONSIDERED.
- + commit 60dbe082949b13635f3f31aa03d12aa9f671c941
- (cherry picked from commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f)
+ + commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f
+
+
+2020-02-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Disable pinpad if it's impossible by KDF DO.
+ + commit 95c7498b76231d3297541172d878f6a26702539b
+ * scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field.
+ (do_getattr): Set pinpad.disabled field.
+ (check_pinpad_request): Use the pinpad.disabled field.
+ (do_setattr): Update pinpad.disabled field.
2020-02-15 Werner Koch <wk@gnupg.org>
gpgsm: Fix import of some CR,LF ternminated certificates.
- + commit 38f819bd6d77d068d8626bf7f5b968ff03c263af
+ + commit 6248739799fd4a877529089375e2a4103d33e6f4
* common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
don't just rely on the padding chars. This could happen only with
CR+LF termnmated PEM files. Also move the detection into the invalid
character detection branch for a minor parser speedup.
+2020-02-13 Werner Koch <wk@gnupg.org>
+
+ build: New configure option --disable-keyboxd.
+ + commit 6cac2bd0382eb7ed0d249f077522516e64fc1d8f
+ * configure.ac: Add option --dsiable-keyboxd
+ * kbx/Makefile.am: Do not build keyboxd in that case.
+
+ scd: Print the main app name also for not fully supported cards.
+ + commit 11d917c7796dc748e2d798d327a045ba295994f4
+ * scd/app.c (send_serialno_and_app_status): Add fallback.
+
+ card: Fix openpgp subkey listing.
+ + commit e582d8f5b2c1bac8b6ccdfd6412b621a2584eb7f
+ * tools/gpg-card.c (list_one_kinfo): Fix printing of the subkeys.
+
+ gpg: New option --full-timestrings.
+ + commit 86312b920a1d5817903d7175e9c2109bcf521b7c
+ * g10/options.h (opt): Add flags.full_timestrings.
+ * g10/gpg.c (oFullTimestrings): New.
+ (opts): New option.
+ (main): Set new flag.
+ * g10/keyid.c (dateonlystr_from_pk): New.
+ (dateonlystr_from_sig): New.
+ (datestr_from_pk): Divert to isotimestamp if requested.
+ (datestr_from_sig): Ditto.
+ (expirestr_from_pk): Ditto.
+ (expirestr_from_sig): Ditto.
+ (revokestr_from_pk): Ditto.
+ * g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and
+ dateonlystr_from_pk.
+
+ gpg: Changes to allow direct key generation from an OpenPGP card.
+ + commit 14ac350f868ca71492c20c7b682d0b55b4893c9c
+ * g10/call-agent.h (struct keypair_info_s): Add fields keytime and
+ usage.
+ * g10/call-agent.c (struct keypairinfo_cb_parm_s): New.
+ (scd_keypairinfo_status_cb): Rework to store parsed KEYPAIRINFO data.
+ (agent_scd_keypairinfo): Change accordingly.
+ (agent_scd_readkey): Add arg ctrl and change callers. Change return
+ arg from an strlist_t to a keypair_info_t.
+ (readkey_status_cb): Use KEYPAIRINFO instead of KEY-TIME.
+ * g10/keygen.c (pSUBKEYCREATIONDATE): New.
+ (pAUTHKEYCREATIONDATE): New.
+ (get_parameter_u32): Allow for new parameters.
+ (do_create_from_keygrip): For card keys use direct scd call which does
+ not create a stub file.
+ (ask_algo): Rework to use the new keypair_info_t as return from
+ agent_scd_keypairinfo.
+ (parse_key_parameter_part): Likewise. Also get and return the key
+ creation time using a arg.
+ (parse_key_parameter_string): New args r_keytime and r_subkeytime.
+ (parse_algo_usage_expire): New arg r_keytime.
+ (proc_parameter_file): Ignore the explict pCREATIONDATE for card keys.
+ (quickgen_set_para): New arg keytime.
+ (quick_generate_keypair): Get the keytimes and set the pCARDKEY flag.
+ (generate_keypair): Likewise.
+ (do_generate_keypair): Implement the cardkey with keytime thingy.
+ (generate_subkeypair): Use the keytime parameters.
+ * g10/keygen.c (pAUTHKEYCREATIONDATE): New. Not yet set but may come
+ handy later.
+ (get_parameter_u32): Take care of that.
+ (do_generate_keypair): For cardkeys sign with the current time.
+
+ card: Take the key creation time from the KEYPAIRINFO.
+ + commit e63f8bee4044e0cc9ebc1f9c0f9f6b63660d45e8
+ * tools/card-call-scd.c (learn_status_cb): Adjust for recent change.
+
+ scd:openpgp: Return key creation time as part of KEYPARIINFO.
+ + commit 1ad84aabb410e56bea074b82a06fe32b2897b660
+ * scd/app-openpgp.c (send_keypair_info): Reaturn the key creation time
+ as part of a KEYPAIRINFO.
+ (do_readkey): Do not return the KEY-TIME anymore.
+
+ agent: Allow signing with card key even without a stub key.
+ + commit 638526d37fee0a1febac9d29fab384b913819fc9
+ * agent/call-scd.c (agent_card_serialno): Allow NULL for R_SERIAL.
+ (struct readkey_status_parm_s): New.
+ (readkey_status_cb): New.
+ (agent_card_readkey): Add optional arg R_KEYREF and change all
+ callers.
+ * agent/findkey.c (key_parms_from_sexp): Allow also a "public-key".
+ * agent/divert-scd.c (ask_for_card): Allow for SHADOW_INFO being NULL.
+ * agent/pksign.c (agent_pksign_do): Fallback to sign with an on-card
+ if there is no stub key yet. Create the stub key. Also fixed a
+ misnaming between s_pkey and s_skey.
+
+2020-02-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Rename the struct card_key_info_s.
+ + commit 8c63430d1a40a70ff8b4ddf1ed0fcabf9c0afbcc
+ * g10/call-agent.h (struct card_key_info_s): Rename to ...
+ (struct keypair_info_s): this.
+ (keypair_info_t): New. Use this everywhere instead of
+ card_key_info_s.
+ * g10/call-agent.c (agent_scd_free_keyinfo): Rename to ..
+ (free_keypair_info): this. Change all callers.
+
+ card: Fix parsing of the received card_list.
+ + commit 125c959677d55a8cf663c2dc248a3fc6f9be50bb
+ * tools/card-call-scd.c (scd_cardlist): Allow for SERIALNO without any
+ apps.
+
+ card: List more info for an OpenPGP key.
+ + commit 1abfce82bd525de2976c31b83bb0e67e33364e58
+ * tools/gpg-card.h (struct pubkey_s): Add field created.
+ * tools/card-keys.c (parse_key_record): Set that field.
+ * tools/gpg-card.c (print_shax_fpr): Print the fingerprint without
+ spaces for easier c+p.
+ (list_one_kinfo): Print the actual used fingerprint and creation date
+ from the keyblock.
+
+ card: New option --no-key-lookup.
+ + commit 2c6092bc5d794ae36cbf2f6b62337dc23f57bf3e
+ * tools/gpg-card.h (opt): Add var no_key_lookup.
+ * tools/gpg-card.c (oNoKeyLookup): New const.
+ (opts): New option --no-key-lookup.
+ (list_one_kinfo): Add arg no_key_lookup and implement.
+ (list_all_kinfo): Add arg no_key_lookup.
+ (list_openpgp, list_piv, list_card): Ditto.
+ (cmd_list): New option --no-key-lookup.
+
+2020-02-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve key creation direct from the card.
+ + commit 9c719c9c1ff34cc06a0fef2bfe29cfd7182753eb
+ * g10/call-agent.c (readkey_status_cb): New.
+ (agent_scd_readkey): Add new arg r_keytime and allow NULL for
+ r_result. Change all callers.
+ (agent_readkey): Minor code reformatting.
+ * g10/keygen.c (pCARDKEY): New.
+ (struct para_data_s): Add u.bool.
+ (get_parameter_bool): New.
+ (do_create_from_keygrip): Add arg cardkey and make use of it.
+ (ask_algo): Add args r_cardkey and r_keytime. Read the keytime of the
+ selected card key and return it.
+ (generate_keypair): Store CARDKEY and KEYTIME.
+ (do_generate_keypair): Pass CARDKEY to do_create_from_keygrip.
+ (generate_subkeypair): Ditto.
+
+ scd:openpgp: Send a KEY-TIME status with READKEY.
+ + commit 77ea916533c5ca918b17ce83f6cc1b1afbd31e55
+ * scd/app-openpgp.c (retrieve_fprtime_from_card): New.
+ (do_readkey): Send a KEY_TIME status.
+
+ card: First code to actually create openpgp keys.
+ + commit 6bc7318ef55017e1aca6e52899fd0b223da7cfc1
+ * tools/gpg-card.c (generate_all_openpgp_card_keys): Add demo key
+ generation.
+ (generate_key): Allow generatiing one OpenPGP key.
+
+ scd:openpgp: Optional allow for lowercase keyrefs.
+ + commit 323548acd9defde0a8ea7d74c18cd4a1b339ff2e
+ * scd/app-openpgp.c (do_readkey): Use case insensitive match of the
+ keyref.
+ (do_writekey, do_sign, do_auth, do_decipher): Ditto.
+
+ scd:openpgp: Allow auto-changing of the key attributes in genkey.
+ + commit d7d75da50543bc7259c5a6e6367b58cbca7f1b7b
+ * scd/app-openpgp.c (struct app_local_s): Add field keyalgo.
+ (parse_algorithm_attribute): Store the new keyalgo field.
+ (change_keyattr): Change info message.
+ (change_keyattr_from_string): Rewrite to also accept a keyref and a
+ keyalgo string.
+ (do_genkey): Change the keyattr if a keyalgo string is given.
+
+ common: Extend the openpgp_curve_to_oid function.
+ + commit 24095101a5069f15a9aea7512498ac436a76814a
+ * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
+ Change all callers.
+
2020-02-10 Werner Koch <wk@gnupg.org>
doc: Improve the warning section of the gpg man page.
- + commit 146dacd3b13bf5d917978313092c022641305a27
- * doc/gpg.texi: Update return value and warning sections.
-
- (cherry picked from commit 113a8288b85725f7726bb2952431deea745997d8)
+ + commit 113a8288b85725f7726bb2952431deea745997d8
+ * doc/gpg.texi: Update return valeu and warning sections.
2020-02-10 Werner Koch <wk@gnupg.org>
Tomáš Mráz
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
- + commit 21d9bd8b87a9f793a106095e3838eb71825189d7
+ + commit 6aff8a132815a84bab69401c1e7de96ec549fbf2
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C. Change all other places where it
gets defined.
2020-02-10 Werner Koch <wk@gnupg.org>
gpg: Make really sure that --verify-files always returns an error.
- + commit 49151255f3b1decf2e394a58bc0ac412bda2b214
+ + commit 5681b8eaa44005afdd30211b47e5fb1a799583dd
* g10/verify.c (verify_files): Track the first error code.
- common: Also protect log_inc_errorcount against counter overflow.
- + commit 47f514fde6e29137d660c19e6eea0b842d2b03f5
- * common/logging.c (log_inc_errorcount): Also protect against
- overflow.
- (log_error): Call log_inc_errorcount instead of directly bumping the
- counter.
+ card: Remove command "key-attr" and hack on "generate".
+ + commit 438b7881ba0bf4e5fd8e5d5212601e5691f2aafe
+ * tools/gpg-card.h (struct key_attr): Remove.
+ (struct key_info_s): Remove key_attr. Add keyalgo and keyalgo_id.
+ * tools/card-call-scd.c (learn_status_cb): Rework the key-attr info.
+ * tools/gpg-card.c (list_one_kinfo): Always show the algorithm; if
+ there is no key show the key attributes instead.
+ (list_openpgp): Do not print the "Key attributes".
+ (generate_key): Factor the repalce key pormpt out to ...
+ (ask_replace_keys): new.
+ (generate_openpgp): Rename to generate_all_openpgp_card_keys and add
+ an algo parameter.
+ (generate_generic): Rename to generate_key. Prepare generation of a
+ single OpenPGP key.
+ (cmd_generate): Revamp.
+ (ask_card_rsa_keysize): Remove.
+ (ask_card_keyattr): Remove.
+ (do_change_keyattr): Remove.
+ (cmd_keyattr): Remove.
+ (enum cmdids): Remove cmdKEYATTR.
+ (cmds): Ditto.
+ (dispatch_command): Ditto.
+ (interactive_loop): Ditto.
+
+ scd:openpgp: Let the genkey function also accept a full keyref.
+ + commit fb6ff7ead7dff33541b595f3e8d5342f9c7a6d6c
+ * scd/app-openpgp.c (send_key_attr): Use log_assert.
+ (do_genkey): Allow prefix.
+
+ common: Extend the new get_keyalgo_string function.
+ + commit 332a72f7340895e7db1e9c5f89046f722bb7465b
+ * common/openpgp-oid.c (openpgp_oid_or_name_to_curve): New.
+ (get_keyalgo_string): Use it.
+
+2020-02-09 Werner Koch <wk@gnupg.org>
+
+ common: Remove duplicated call to a function.
+ + commit d1c518cdc9330c2dd4034efc544de0dd6ec73ea1
+ * common/openpgp-oid.c (openpgp_oid_to_str): Remove duplicated call.
+
+ common: New function get_keyalgo_string.
+ + commit 3a1fa13eedb969b561bae18cd3d7c2fb0b63d6ab
+ * common/openpgp-oid.c (struct keyalgo_string_s): New.
+ (keyalgo_strings): New.
+ (keyalgo_strings_size, keyalgo_strings_used): New.
+ (get_keyalgo_string): New.
+
+ common: Add OpenPGP<->Gcrypt pubkey id mapping functions.
+ + commit 49c891a9bfac24a1d95e76d33d44a49426247777
+ * g10/misc.c (map_pk_gcry_to_openpgp): Move to ...
+ * common/openpgp-oid.c (map_gcry_pk_to_openpgp): here and rename.
+ Change all 4 callers.
+ (map_openpgp_pk_to_gcry): New.
+
+ card: Support brainpool curves in the generate command.
+ + commit 9df9996b415ee671a0f22b6936745f829884eda2
+ * tools/gpg-card.c (cmd_generate): Add brainpool curves and dummy name
+ "help".
+
+2020-02-03 Werner Koch <wk@gnupg.org>
+
+ sm: New option --issuer-der for the listkey commands.
+ + commit 2e5ab34496fe7e1b9bd2194ab59a58cf44ca9d1e
+ * sm/server.c (do_listkeys): Implement new option.
+
+2020-01-21 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Fix building w/o LDAP support.
+ + commit d8973975e7636ec0f007575a0bede92147d835f8
+ * dirmngr/Makefile.am: Conditionally build dirmngr_ldap.
+
+ gpg: Fix printing of keyring name (regression in master)
+ + commit bf931299e846fa47bcabe3716ec82af7c3290ce5
+ * g10/keydb.c (keydb_get_resource_name):
+
+2020-01-20 Werner Koch <wk@gnupg.org>
+
+ tools: Let watchgnupg determine the socket name via gpgconf.
+ + commit e0d9181ad11aaf7e68231db4b3708978a9a52fd6
+ * tools/watchgnupg.c: Include sys/wait.h.
+ (GNUPG_DEF_COPYRIGHT_LINE): Add a default value for standalone
+ building.
+ (get_logname): New.
+ (main): Use a default socket name and add option --homedir.
2020-01-17 Werner Koch <wk@gnupg.org>
gpgconf,w32: Print a warning for a suspicious homedir.
- + commit a265d3997a9120cb607c2d9b843bf9ee9e944378
+ + commit 7f12fb55f9757cd68147eca8f162c85378538405
* tools/gpgconf.c (list_dirs): Check whether the homedir has been
taken from the registry.
-2020-01-16 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: default-key: Simply don't limit by capability.
- + commit a7840777e4277039482ce3ea3e6fc919526be2f1
- * g10/getkey.c (parse_def_secret_key): Remove the check.
-
-2019-12-23 Werner Koch <wk@gnupg.org>
-
- gpg: Fix output of --with-secret if a pattern is given.
- + commit def1ceccf05baf187b9313e6e37171709ab44225
- * g10/keylist.c (list_one): Probe for a secret key in --with-secret
- mode.
+2020-01-17 NIIBE Yutaka <gniibe@fsij.org>
-2019-12-19 Andre Heinecke <aheinecke@gnupg.org>
+ gpg: Prefer card key on use in multiple subkeys situation.
+ + commit 8748c50bfaa8df2b1e59c301d15fd6b9ddbd9c47
+ * g10/call-agent.c (keyinfo_status_cb): Parse more fields.
+ (agent_probe_secret_key): Use KEYINFO and returns bigger value
+ representing the preference.
+ * g10/getkey.c (finish_lookup): For subkeys, select one
+ by using value of agent_probe_secret_key.
- speedo: Make signing optional for w32-release.
- + commit a56c591f9063d895544d681e25bda2ffb22f7ca0
- * build-aux/speedo.mk (AUTHENTICODE_sign): Check if
- certificates are available.
+ gpg: Prepare enhancement of agent_probe_secret_key.
+ + commit 853d5b7677ea01f65c9bc5160cd8509b62f486f7
+ * g10/call-agent.c (agent_probe_secret_key): Change semantics of
+ return value.
+ * g10/call-agent.h (agent_probe_secret_key): Change comment.
+ * g10/delkey.c (do_delete_key): Follow the change.
+ * g10/getkey.c (get_seckey, parse_def_secret_key): Likewise.
+ (finish_lookup, have_secret_key_with_kid): Likewise.
+ * g10/gpgv.c (agent_probe_secret_key): Likewise.
+ * g10/keyedit.c (keyedit_menu, quick_find_keyblock): Likewise.
+ (show_key_with_all_names_colon): Likewise.
+ * g10/revoke.c (gen_desig_revoke, gen_revoke): Likewise
+ * g10/test-stubs.c (agent_probe_secret_key): Likewise.
+
+2020-01-16 Werner Koch <wk@gnupg.org>
+
+ card: Allow switching of cards and applications.
+ + commit bd85f9232ad639d4acba443272147c4fc01b1b65
+ * tools/card-call-scd.c (struct card_cardlist_parm_s): Add field
+ with_apps.
+ (card_cardlist_cb): Handle the new with_apps flag.
+ (scd_switchcard): New.
+ (scd_switchapp): New.
+ (scd_applist): New.
+ (scd_serialno): Pass --all also in --demand mode.
+
+ * tools/gpg-card.c (cmd_list): Simplify switching of cards. Add
+ switching of alls. Print a list of apps per card.
+
+ scd: New commands SWITCHCARD and SWITCHAPP.
+ + commit 718555874efcbad502112449c7d15025cb193628
+ * scd/app.c: Include membuf.h.
+ (app_switch_current_card): New.
+ (send_card_and_app_list): Factor code out to ...
+ (send_serialno_and_app_status): new.
+ (app_send_card_list): New.
+ (app_send_active_apps): New.
+ (app_switch_active_app): New.
+ * scd/command.c (cmd_switchcard): New.
+ (cmd_switchapp): New.
+ (register_commands): Register new commands.
+ (cmd_getinfo): New sub-commands "active_apps" and "all_active_apps".
+
+ scd:piv: Remove debug code from a recent commit.
+ + commit dd61164410ee185750d1aa55ee0e33dcab8f4542
+ * scd/app-piv.c (ask_and_prepare_chv): here.
+
+ gpg: Print better debug info in case of broken sig subpackets.
+ + commit 3ccad75d76b9c17b9495c48df8dd4be46d3b3105
+ * g10/parse-packet.c (enum_sig_subpkt): Print a hexdump.
- speedo: Use multithreaded xz for w32 source.
- + commit 28403cb5fe4eea2ac1ad514fdfcfa282e795c69f
- * build-aux/speedo.mk (dist-source): Add -T0 parameter to xz.
+2020-01-16 NIIBE Yutaka <gniibe@fsij.org>
- speedo: Improve and document wixlib build.
- + commit 4d9b262584fb15e7965d579fad9a149e26849c18
- * Makefile.am (sign-release): Add handling for wixlib.
- * build-aux/speedo.mk: Add help-wixlib and improve handling.
+ gpg: Use "SCD KEYINFO" to get available card keys.
+ + commit 8edd4b8b8cdcbdcf1986214d6d17cadb604ddf54
+ * g10/skclist.c (enum_secret_keys): Don't use agent_scd_cardlist and
+ agent_scd_serialno, but agent_scd_keyinfo.
-2019-12-17 Andre Heinecke <aheinecke@intevation.de>
+ gpg: Add agent_scd_keyinfo to retrieve available card keys.
+ + commit 8240a70c31a8e1617de64c42168cf3299b85b39e
+ * g10/call-agent.c (card_keyinfo_cb, agent_scd_free_keyinfo)
+ (agent_scd_keyinfo): New.
+ * g10/call-agent.h: Define new functions.
- speedo, w32: Add w32-wixlib target for MSI package.
- + commit c461de93f44efaa6a1d9669eb9d4033943368431
- * Makefile.am (EXTRA_DIST): Add wixlib.wxs
- * build-aux/speedo.mk (w32-wixlib): New target.
- (w32-release): Build wixlib if WIXPREFIX is set.
- (help): Add documentation.
- * build-aux/speedo/w32/wixlib.wxs
+ gpg: default-key: Simply don't limit by capability.
+ + commit 1aa2a0a46dc19e108b79dc129a3b0c5576d14671
+ * g10/getkey.c (parse_def_secret_key): Remove the check.
-2019-12-07 Werner Koch <wk@gnupg.org>
+2020-01-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Cert only key should be usable with --default-key.
+ + commit 9287f9e87b215e79fdb7fb9dfdf2b47666e6ea2f
+ * g10/getkey.c (parse_def_secret_key): Allow cert-only key.
+
+2020-01-13 Werner Koch <wk@gnupg.org>
+
+ scd: Make the PIN cache robust against wrongdoing of gpg-agent.
+ + commit 2dd6b4b998dd6e156e2e75ede0f40fb768c69f40
+ * scd/app-openpgp.c (struct app_local_s): New field pincache.
+ (cache_pin): Set it.
+ (pin_from_cache): Consult it.
+ * scd/app-piv.c (struct app_local_s): New field pincache.
+ (cache_pin): Set it.
+ (pin_from_cache): Consult it.
+
+ scd:piv: Implement PIN cache.
+ + commit 60502c3606ee425d07c84b175ab310368c12b0ad
+ * scd/command.c (pincache_put): Add arg pinlen and change all callers
+ to provide it.
+ * scd/app-piv.c (cache_pin): New.
+ (pin_from_cache): New.
+ (ask_and_prepare_chv): Add args no_cache and r_unpaddedpinlen. Take
+ PIN from the cache. Return the unpadded length.
+ (verify_chv): Add arg ctrl. Cache the PIN.
+ (do_change_chv): Clear PIN cache.
+
+ agent: Avoid multiple calls to scd for KEYINFO.
+ + commit 2e86cca7f4181310bebfd795c059369ba03a8d8b
+ * agent/command.c (struct server_local_s): Add last_card_keyinfo.
+ (eventcounter): Add maybe_key_change.
+ (cmd_genkey, cmd_scd, cmd_import_key, cmd_delete_key): Bump new
+ counter.
+ (cmd_keyinfo): Cache the keyinfo from the card.
+ (start_command_handler): Release the cache.
+
+ agent: Replace free by xfree in recently added code.
+ + commit aaef0fc3a743d06012c4a7fd8caa80d969863cc9
+ * agent/call-scd.c (agent_card_free_keyinfo): Use xfree.
+
+ gpg,sm: Avoid useless ASFW diagnostic in loopback mode.
+ + commit 14aa797bb8f3f7d3f4ef66b8fcdac7439000b49a
+ * common/sysutils.c (inhibit_set_foregound_window): New var.
+ (gnupg_inhibit_set_foregound_window): New func.
+ (gnupg_allow_set_foregound_window): Use var.
+ * g10/gpg.c (main): Inhibit in loopback mode.
+ * sm/gpgsm.c (main): Ditto.
- Release 2.2.19.
- + commit 1c841c8389fb9640762822395b988e0d1584c9ae
+ scd: Fix memory leak in command READKEY.
+ + commit 2b843be5ac9f37c9faf2d9ab720eafceb3d534ad
+ * scd/command.c (cmd_readcert): Replace xstrdup by xtrystrdup.
+ (cmd_readkey): Ditto. Fix memory leak.
+
+ scd: Make SERIALNO --all work correctly and use it.
+ + commit 0e48aa084921c77944d4802c86ac33c607c519af
+ * scd/app.c (maybe_switch_app): Factor reselect code out to ...
+ (run_reselect): new.
+ (app_write_learn_status): Tweak diagnostics.
+ (app_do_with_keygrip): Run reselect if a card has more than one
+ switchable application.
+
+ * agent/call-scd.c (agent_card_serialno): Ditto.
+ * tools/card-call-scd.c (start_agent): Use option --all with SERIALNO.
+ (scd_serialno): Ditto.
+
+2020-01-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: handle SSH operation by KEYGRIP.
+ + commit 15028627a1655b7ad1835fbd0a32cf30debe807a
+ * agent/command-ssh.c (card_key_available): Supply KEYINFO argument.
+ Call agent_card_readkey by KEYGRIP of KEYINFO.
+ Don't use $AUTHKEYID, but IDSTR of KEYINFO.
+ (ssh_handler_request_identities): Follow the change of
+ card_key_available.
+
+ agent: Extend agent_card_getattr with KEYGRIP.
+ + commit c31266716dd69fee7bd64cf1e33d7631cd328e72
+ * agent/agent.h (struct card_key_info_s): KEYGRIP null terminated.
+ (agent_card_getattr): Add KEYGRIP argument.
+ * agent/call-scd.c (agent_card_getattr): Handle KEYGRIP argument.
+ (card_keyinfo_cb): Make KEYGRIP null terminated.
+ * agent/command.c (cmd_readkey): Follow the change.
+
+2020-01-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Implement direct access by KEYGRIP for GETATTR and READKEY.
+ + commit 0cfded4bb1484366c785c268f2fb1061c7be5fdb
+ * scd/app-openpgp.c (do_readkey): Handle KEYGRIP access.
+ * scd/command.c (do_readkey): New.
+ (cmd_readkey): Use do_readkey supporting KEYGRIP access.
+ (cmd_getattr): Supporting KEYGRIP access.
+
+2020-01-09 Werner Koch <wk@gnupg.org>
+
+ scd:openpgp: Implement PIN cache.
+ + commit 63bda3aad8ec4163b0241f64e8b587d665d650c3
+ * scd/app-openpgp.c (wipe_and_free, wipe_and_free_string): Use them
+ everywere where we do a wipememory followed by a free.
+ (pin2hash_if_kdf): Change interface. The input PIN is not anymore
+ changed. Further there are no more assumptions about the length of
+ the provided buffer.
+ (cache_pin): Restructure.
+ (chvno_to_keyref): New.
+ (pin_from_cache): New.
+ (verify_a_chv): Add arg CTRL. Adjust for changed pin2hash_if_kdf.
+ Chache and retrieve the PIN here.
+ (verify_chv2): Do not cache the PIN here.
+ (build_enter_admin_pin_prompt): Add arg 'r_remaining'.
+ (verify_chv3): Adjust for changed pin2hash_if_kdf. Implement the PIN
+ cache.
+ (do_change_pin): Clear the PIN cache. Do not change the PIN here.
+ Lots of adjustments to cope with the chnaged pin2hash_if_kdf.
+ (do_sign): Do not cache the PIN here.
+
+ scd: Use a scdaemon internal key to protect the PIN cache IPC.
+ + commit ce5a7fb72b599de592a087867768ac1f81fd2989
+ * agent/call-scd.c (handle_pincache_put): Do not decrypt.
+ (handle_pincache_get): New.
+ (inq_needpin): Call it.
+ * scd/command.c (set_key_for_pincache): New.
+ (pincache_put): Restructure and set key.
+ (pincache_get): Ditto.
+
+2020-01-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: SSH: SCD KEYINFO to list available keys.
+ + commit 57b8ed61ab93dd5aa73159f6db8adeb83d54b85f
+ * agent/agent.h (agent_card_cardlist): Remove.
+ (agent_card_keyinfo): Add CAP argument.
+ * agent/call-scd.c (card_cardlist_cb): Remove.
+ (agent_card_cardlist): Remove.
+ (agent_card_keyinfo): Support CAP constraint.
+ * agent/command-ssh.c (card_key_list): Remove.
+ (ssh_handler_request_identities): Use SCD KEYINFO command.
+ * agent/command.c (cmd_keyinfo): Follow the API change.
+ * agent/divert-scd.c (ask_for_card): Likewise.
+
+2020-01-07 Werner Koch <wk@gnupg.org>
+
+ scd: First changes to implement a PIN cache.
+ + commit fbf97a7856bd2f80a1714f63417c59d6c604d333
+ * scd/command.c (pincache_put): New. Uses a dummy key for now.
+ (pincache_get): New.
+ * scd/app.c (select_application): Flush the PIN cache.
+ (scd_update_reader_status_file): Ditto.
+ (maybe_switch_app): Call the new prep_reselect function.
+ (app_write_learn_status): Ditto.
+ * scd/app-openpgp.c (cache_pin): New helper to cache a PIN.
+ (verify_chv2): Call it.
+ (verify_chv3): Call it.
+ (clear_chv_status): Call it.
+ (do_change_pin): Call it.
+
+ * scd/app-common.h (struct app_ctx_s): Add function 'prep_select'.
+ * scd/app-openpgp.c (do_prep_reselect): New stub function.
+ (app_select_openpgp): Set new stub function.
+ * scd/app-piv.c (do_prep_reselect): New stub function.
+ (app_select_piv): Set new stub function.
+
+ * scd/app-common.h (struct app_ctx_s): Add parameter ctrl to setattr,
+ sign, auth, decipher, and check_pin. Change all implementations and
+ callers to pass such a parameter.
+
+ agent: First changes to support a PIN cache for scdaemon.
+ + commit d5c00354bb02ae6cb2e3a72136a1a95cb2db7f3f
+ * agent/agent.h (CACHE_MODE_PIN): New.
+ * agent/cache.c (housekeeping): Special handling of new new mode.
+ (agent_flush_cache): Ditto. Add arg 'pincache_only' and change
+ caller.
+ (agent_put_cache): Support new mode.
+ (agent_get_cache): Ditto.
+ * agent/call-scd.c (wait_child_thread): Flush the entire PIN cache.
+ (start_scd): Ditto.
+ (agent_card_killscd): Ditto.
+ (handle_pincache_put): New. Uses a dummy encryption key for now.
+ (pincache_put_cb): New.
+ (inq_needpin): Prepare for PINCACHE_GET inquiry.
+ (learn_status_cb): Handle the PINENTRY_PUT status line.
+ (get_serialno_cb): Ditto
+ (agent_card_pksign): Ditto.
+ (padding_info_cb): Ditto.
+ (agent_card_readcert): Ditto.
+ (agent_card_readkey): Ditto.
+ (agent_card_writekey): Ditto.
+ (card_getattr_cb): Ditto.
+ (card_cardlist_cb): Ditto.
+ (card_keyinfo_cb): Ditto.
+ (pass_status_thru): Ditto.
+
+ kbx: Make sure the tables are joined in a select.
+ + commit 41a882443622fe08ebaa75bf358e83630bbb8631
+ * kbx/backend-sqlite.c (run_select_statement): Join the tables.
+
+2020-01-03 Werner Koch <wk@gnupg.org>
+
+ scd: Minor fix for readibility.
+ + commit c0625c15c1fb6d06202669eb8caff2710377952d
+ * scd/command.c (open_card_with_request): Use NULL instead of
+ APPTYPE_NULL.
+
+2020-01-02 Werner Koch <wk@gnupg.org>
+
+ kbx: Initial support for an SQLite backend.
+ + commit f4da1455c7ab858ea9007d0813774c6d04cd4576
+ * kbx/backend-sqlite.c: New.
+ * kbx/Makefile.am (keyboxd_SOURCES): Add it.
+ (keyboxd_CFLAGS, keyboxd_LDADD): Add SQLite flags.
+ * kbx/backend.h (enum database_types): Add DB_TYPE_SQLITE.
+ (be_sqlite_local_t): New typedef.
+ (struct db_request_part_s): Add field besqlite.
+ * kbx/backend-support.c (strdbtype): Add string for DB_TYPE_SQLITE.
+ (be_generic_release_backend): Support SQLite.
+ (be_release_request): Ditto.
+ (be_find_request_part): Ditto.
+ (is_x509_blob): Rename to ...
+ (be_is_x509_blob): this and make global.
+ * kbx/frontend.c (kbxd_set_database): Detect ".db" suffix and use that
+ for SQLite.
+ (kbxd_search): Support SQLite
+ (kbxd_store): Ditto.
+ (kbxd_delete): Ditto.
+ * kbx/frontend.h (kbxd_store_modes): Move to ...
+ * kbx/keyboxd.h (enum kbxd_store_modes): here.
+ * kbx/keyboxd.c (main): USe pubring.db for now. This is a temporary
+ hack.
+
+ * kbx/backend-kbx.c (be_kbx_delete): Remove unused var cert.
+2019-12-23 Werner Koch <wk@gnupg.org>
- po: Make g10/call-dirmngr.c translatable.
- + commit 03983711b3376a5dff518a99adf5fb3a5bd8be4a
- * po/POTFILES.in: Add g10/call-dirmngr.c
- * g10/call-dirmngr.c (create_context): Change an i18n sting for easier
- reuse.
+ gpg: Fix output of --with-secret if a pattern is given.
+ + commit 59d49e4a0ac2ed27803507cb7d2c6af166527bd5
+ * g10/keylist.c (list_one): Probe for a secret key in --with-secret
+ mode.
- dirmngr: Tell gpg about WKD lookups resulting from a cache.
- + commit 438a1ec2978c64ecfe6b5ddaa61f214c2dcae88f
- * dirmngr/server.c (proc_wkd_get): Print new NOTE status
- "wkd_cached_result".
- * g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
- verbose mode.
+ kbx: Change keyboxd to work only with one database.
+ + commit 8a556c23a29776b2b5aa1d563e779b6ae0139dff
+ * kbx/frontend.c (the_database): New var.
+ (db_desc_t): Remove.
+ (kbxd_add_resource): Renamed to ...
+ (kbxd_set_database): this. Simplify.
+ (kbxd_search): Change to use only one database.
+ (kbxd_store): Ditto.
+ (kbxd_delete): Ditto.
+
+2019-12-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Enhance KEYINFO command to limit listing with capability.
+ + commit b2a2df174b216881387ae849770d875cd74984c2
+ * scd/app-common.h: Add CAPABILITY argument to the WITH_KEYGRIP.
+ (app_do_with_keygrip): Likewise.
+ * scd/app-openpgp.c (send_keyinfo_if_available): New.
+ (do_with_keygrip): Support listing with CAPABILITY.
+ * scd/app-piv.c (do_with_keygrip): Likewise.
+ * scd/app.c (maybe_switch_app): Supply the argument.
+ (app_do_with_keygrip): Add CAPABILITY argument.
+ * scd/command.c (cmd_pksign, cmd_pkauth): Supply the argument.
+ (cmd_pkdecrypt): Likewise.
+ (cmd_keyinfo): Support listing with CAPABILITY.
2019-12-06 Werner Koch <wk@gnupg.org>
sm: Add special case for expired intermediate certificates.
- + commit 8c167febc0abc00be281a9dc8c2544b8d048a002
+ + commit d246f317c04862cacfefc899c98da182ee2805a5
* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
Also simplify by using ref-ed cert objects in place of an anyfound
var.
+ dirmngr: Tell gpg about WKD looks resulting from a cache.
+ + commit 8a6ecc6ff52b9ec045e200cc200977707278f89c
+ * dirmngr/server.c (proc_wkd_get): Print new NOTE status
+ "wkd_cached_result".
+ * g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
+ verbose mode.
+
2019-12-04 Werner Koch <wk@gnupg.org>
gpg: Use AKL for angle bracketed mail address with -r.
- + commit 78bb81e9deeca264f6a516630496470341e78fa9
+ + commit 1abb39fdaf44c2477719fbea43ef8042d8b9033e
* g10/getkey.c (get_pubkey_byname): Extend is_mbox checking.
(get_best_pubkey_byname): Ditto.
-2019-11-29 Werner Koch <wk@gnupg.org>
-
- gpg: Fix double free with anonymous recipients.
- + commit 9ac182f376abf910a7b737b0e1ebd447eaa582f1
- * g10/pubkey-enc.c (get_session_key): Do not release SK.
-
-2019-11-25 Werner Koch <wk@gnupg.org>
+2019-11-28 Werner Koch <wk@gnupg.org>
- Release 2.2.18.
- + commit 82b9e1bdbdd756290b8873b3e244dcc8d1f840fb
+ gpg: Change the way v5 fingerprints are printed.
+ + commit d2ff62dbdf891319e6db5850c6077c85e5eb784e
+ * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): Increase by one.
+ * g10/keyid.c (format_hexfingerprint): Change v5 key formatting.
+ gpg: Implement insert, update, and delete via keyboxd.
+ + commit 7244666926929f3b2475d8cab50db3ff620cdbe3
+ * g10/call-keyboxd.c (struct store_parm_s): New.
+ (store_inq_cb): New.
+ (keydb_update_keyblock): Implement the keyboxd part.
+ (keydb_insert_keyblock): Ditto.
+ (keydb_delete_keyblock): Ditto.
+ (keydb_search_reset): Clear ubid flag. Also use the correct union
+ member for building the search string.
+
+ kbx: Add new command DELETE.
+ + commit 490e0cd0bab8d8d06ffdc5b8977964d5a76a8df0
+ * kbx/kbxserver.c (cmd_delete): New.
+ * kbx/frontend.c (kbxd_delete): New.
+ * kbx/backend-kbx.c (be_kbx_delete): New.
+
+ kbx: Redefine the UBID which is now the primary fingerprint.
+ + commit 915297705af6f1db74dacf0d6665b83eb0a58459
+ * common/util.h (UBID_LEN): New. Use it at all places.
+ * kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item.
+ * kbx/keybox-dump.c (print_ubib): Remove.
+ (_keybox_dump_blob): Do not print the now removed ubid flag.
+ * kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants
+ for the size of the ubid and grip.
+ * kbx/keybox-search.c (blob_cmp_ubid): New.
+ (has_ubid): Make it a simple wrapper around blob_cmp_ubid.
+ (keybox_get_data): Add arg 'r_ubid'.
+
+ * kbx/frontend.h (enum kbxd_store_modes): New.
+ * kbx/kbxserver.c (cmd_store): Add new option --insert.
+
+ * kbx/backend-cache.c (be_cache_initialize): New.
+ (be_cache_add_resource): Call it here.
+ * kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'.
+ (be_kbx_search): Get the UBID from keybox_get_data.
+ * kbx/backend-support.c (be_fingerprint_from_blob): Replace by ...
+ (be_ubid_from_blob): new. Change all callers.
+
+ * kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but
+ use the new cache init function.
+ (kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the
+ ubid. Take care of the mode.
+
+2019-11-27 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Replace no-strict-overflow pragma by wrapv pragma.
+ + commit f59455d054a79068ebf480cd28f02993c1facf3b
+ * dirmngr/dirmngr.c (time_for_housekeeping_p): Build with --fwrapv.
+ Replace protecting macro.
+
+ gpg: Move a keydb function to another file.
+ + commit 61f41cdce5b60b9df05d6531ab1b7aab84ada659
+ * g10/keydb.c (build_keyblock_image): Move to ...
+ * g10/build-packet.c (build_keyblock_image): here.
+
+2019-11-26 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Rework of the LDAP code, part 1.
+ + commit 264c15c72fe050f5e8d2f1cb2444a459df6fe99f
+ * dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap.
+ * dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a
+ missing slashes in an http scheme if NO_SCHEME_CHECK is active.
+ * dirmngr/t-http.c (main): Print new flag.
+ * dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of
+ checking the scheme.
+ * dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using
+ http_parse_uri.
+ * dirmngr/t-ldap-parse-uri.c (main): Add option --verbose.
+
+ dirmngr: Make building with a TLS library mandatory.
+ + commit 1009e4e5f71347a1fe194e59a9d88c8034a67016
+ * configure.ac: Do not build dirmngr if no TLS is available.
+ * dirmngr/http.c: Remove all uses of the USE_TLS macro.
+
+ doc: Fixed variable naming.
+ + commit 8fb14d3b3f9c5c27ff8b9f0e7e7207ec388687ff
+ * kbx/keybox.h: Fix naming of arguments.
+ * scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note
+ that this is anyway an impossible case.
- tests: Adjust for now invalid SHA-1 key signatures.
- + commit 8e49fc7f43ecfe44dac57d97c555e2cbc7eb8e9a
- * tests/openpgp/defs.scm (create-gpghome): Add
- allow-weak-key-signatures.
+2019-11-25 Werner Koch <wk@gnupg.org>
agent: Improve --debug-pinentry diagnostics.
- + commit 96c4943a5bd070772d8be7bb7db8548840af5f8f
+ + commit c8783b3a204b371d44b8953429652101cf2e4d1b
* agent/call-pinentry.c (atfork_cb): Factor code out to ...
(atfork_core): new.
2019-11-23 Werner Koch <wk@gnupg.org>
wkd: Let --install-key write a template policy file.
- + commit 6e893061b54ddd38e83531f5513e3168d0002e41
+ + commit 50cd1a58f3a612704a0056386e1d5cd7cb28d57d
* tools/wks-util.c (ensure_policy_file): New.
(wks_cmd_install_key): Call it.
+2019-11-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Apply removal of dirmngr/ldap-wrapper-ce.c.
+ + commit 116dfb20013b73b950bbcee1d1f6c2a5d1d7ffdd
+ * po/POTFILES.in: Update.
+
2019-11-18 Werner Koch <wk@gnupg.org>
dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
- + commit 3efc94f1eb17eb5c5950c2fab9f701518352ae19
+ + commit d9c7935188483dae381c12e7eef19072bbade4b3
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
dirmngr: Forward http redirect warnings to gpg.
- + commit 4dd50991252409eb2023ab8ad11f36a050f421af
+ + commit ae9acb8745c1654b446b3cd5b9322b235723d9cb
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
- dirmngr: Factor some prototypes out to dirmngr-status.h.
- + commit 466bdf7c07f4ebfc69d503f85b9423f2f6440682
- * dirmngr/dirmngr-status.h: New.
- * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
- to that file.
- * dirmngr/t-support.c: New.
- * dirmngr/Makefile.am (t_common_src): Add new file.
-
2019-11-15 NIIBE Yutaka <gniibe@fsij.org>
- scd,ccid: Add support of GEMPC_EZIO.
- + commit 9b41f58c8a549055fa6bf7e21e2931b86f4da776
- * scd/ccid-driver.h (GEMPC_EZIO): New.
- * scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO.
+ scd,ccid: Fix detection of supported readers with pinpad.
+ + commit 1cb9a831f6eedfa4c8950b8a7706ea77b74693f7
+ * scd/ccid-driver.c (ccid_transceive_secure): When not supported,
+ return CCID_DRIVER_ERR_NOT_SUPPORTED.
2019-11-12 Werner Koch <wk@gnupg.org>
dirmngr: Use IPv4 or IPv6 interface only if available.
- + commit 392e068e9f143d41f6350345619543cbcd47380f
+ + commit 12def3a84e0358528347107dc88cfe740a54941f
* dirmngr/dns-stuff.c (cached_inet_support): New variable.
(dns_stuff_housekeeping): New.
(check_inet_support): New.
* dirmngr/http.c (connect_server): Use only detected interfaces.
* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
+2019-11-12 Andre Heinecke <aheinecke@gnupg.org>
+
+ dirmngr: Tune down err on missing ldapservers file.
+ + commit 40daa0bc0bc87a521713d7dd1568f3874759a143
+ * dirmngr/dirmngr.c (parse_ldapservers_file): Tune down error
+ in case no such file exists.
+
2019-11-11 Werner Koch <wk@gnupg.org>
+ dirmngr: Remove cruft from dirmngr_ldap.
+ + commit 4c295646ba0e175743e6be13457308c1e6d21dd3
+ * configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
+ * dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
+ * dirmngr/ldap-wrapper-ce.c: Remove.
+ * dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
+ to debug output.
+ * dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff. Remove
+ my_ldap macros.
+ (fetch_ldap) [W32]: Use ldap_sslinit.
+
gpg: Forbid the creation of SHA-1 third-party key signatures.
- + commit 754a03f5a279964af62025d11d92391e650fddb7
+ + commit dd18be979e138dd3712315ee390463e8ee1fe8c1
* g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New.
(do_sign): Add arg signhints and inhibit SHA-1 signatures. Change
callers to pass 0.
(complete_sig): Add arg signhints and pass on.
(make_keysig_packet, update_keysig_packet): Set signhints.
+ dirmngr: Rename an enum value for clarity.
+ + commit eebd43d5b688e99131fcbf8f8292a485b91402a2
+ * dirmngr/ldapserver.h: Rename LDAPSERVER_OPT.
+
+2019-11-09 Werner Koch <wk@gnupg.org>
+
+ gpgsm: Allow sepcification of ldaps servers.
+ + commit 6e1c99bc397382f1ea2ba9d61a64328410adc95f
+ * sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
+ * sm/gpgsm.c (parse_keyserver_line): Parse flags.
+ * sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.
+
+ * dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
+ * dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
+ * dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.
+
+ * dirmngr/dirmngr_ldap.c: New option --tls.
+ (fetch_ldap): Make use of that option.
+
+2019-11-07 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix a potential loss of key sigs during import with self-sigs-only.
+ + commit 6701a38f8e4a35ba715ad37743b8505bfd089541
+ * g10/import.c (import_one_real): Don't do the final clean in the
+ merge case.
+
gpg: Add option --allow-weak-key-signatures.
- + commit 3b1fcf65239d9c73cc54760ea52a5749e024fa76
+ + commit e624c41dbafd33af82c1153188d14de72fcc7cd8
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.
-2019-11-07 Werner Koch <wk@gnupg.org>
+ gpg: Print rfc4880bis note only in verbose mode.
+ + commit f4047f56058cf9be2aa362fc439846ce930da8c7
+ * g10/gpg.c (main): Change condition for an info diagnostic.
- gpg: Fix a potential loss of key sigs during import with self-sigs-only.
- + commit 2975868ede40ce8b8a0d20e7f0e4cd687772f9d0
- * g10/import.c (import_one_real): Don't do the final clean in the
- merge case.
+2019-11-06 Werner Koch <wk@gnupg.org>
-2019-10-15 Werner Koch <wk@gnupg.org>
+ gpg: Remove an unused variable.
+ + commit fd88b8847a371a2927f52afceeeb457b64cce162
+ * g10/delkey.c (do_delete_key): here.
- gpg: Also delete key-binding signature when deleting a subkey.
- + commit d8052db74a0d2e6a55cf104e0ecb1868936bd09c
- * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
+ gpg: Do not require --batch when using --log-file.
+ + commit 584b65ad7e937710a4fc6db42d6849bb3449d6ef
+ * g10/gpg.c (main): Remove a long standing FIXME.
-2019-10-15 NIIBE Yutaka <gniibe@fsij.org>
+2019-10-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd,ccid: Fix GEMPC_EZIO handling.
+ + commit c6702d77d936b3e9d91b34d8fdee9599ab94ee1b
+ * scd/ccid-driver.c (ccid_transceive_secure): Fix for 08e6:34c2.
+
+2019-10-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: More fix of get_best_pubkey_byname.
+ + commit e2c2b0fb2d9b31fa1b61803d04919645a9149996
+ * g10/getkey.c (get_best_pubkey_byname): Remove useless req_usage
+ setting of CTX.
+
+ gpg: Fix two other cases in get_best_pubkey_byname.
+ + commit 286d4c607574e91f590512a1385bb3320cf8da77
+ * g10/getkey.c (pubkey_cmp): Handle a primary key with
+ PUBKEY_USAGE_ENC, and make sure new key is for encryption.
+ (get_best_pubkey_byname): Add comment for ranking.
- Revert "gpg: The first key should be in candidates."
- + commit 2906636b929f08fdf342560834d920e8e8153458
- This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578.
+ doc: Fix documentation about --locate-keys.
+ + commit 627a990f8e306d4f34bc503b303dc8b13616029e
+ * doc/gpg.texi (--locate-keys): Remove mentioning signing keys.
+
+2019-10-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Fix get_best_pubkey_byname to consider the first match.
+ + commit f2734381ae1431e395a0bed16df2f4d5d13aa2c5
+ * g10/getkey.c (get_best_pubkey_byname): Always use PK0 to search
+ by get_pubkey_byname. Add initial call to pubkey_cmp to fill
+ BEST at first before the loop.
2019-10-15 Werner Koch <wk@gnupg.org>
- gpg: Extend --quick-gen-key for creating keys from a card.
- + commit 652ca4b2bf985546baa70754f66eab3840cf2820
- * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
- support the special algo "card".
- (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
- Handle the "card" algo. Adjust callers.
- (parse_algo_usage_expire): Add arg R_KEYGRIP.
- (quickgen_set_para): Add arg KEYGRIP and put it into the parameter
- list.
- (quick_generate_keypair): Handle algo "card".
- (generate_keypair): Also handle the keygrips as returned by
- parse_key_parameter_string.
- (ask_algo): Support ed25519 from a card.
+ gpg: Also delete key-binding signature when deleting a subkey.
+ + commit d1bc12d1b66e0657969a8eb846bdcd9bee717a7c
+ * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
2019-10-15 NIIBE Yutaka <gniibe@fsij.org>
- po: Update Japanese translation.
- + commit fe02709ffd3c41fe84b90cda96edd12e6b836741
+ gpg: Put the first key in candidates correctly.
+ + commit 44604209c1cfe18532d13eda63d8c1f86a6e12ec
+ * g10/getkey.c (get_best_pubkey_byname): After the call of
+ get_pubkey_byname, set up CTX with KEYDB_SEARCH_MODE_LONG_KID to enter
+ the loop.
+
+ scd,ccid: Add 08e6:34c2 (GEMPC_EZIO).
+ + commit c933c15d587a1c0df3f4b3bf37d8d15164dd318f
+ * scd/ccid-driver.c (ccid_transceive_secure): Add pinpad support
+ for 08e6:34c2 which supports extended APDU exchange.
+2019-10-09 NIIBE Yutaka <gniibe@fsij.org>
gpg: The first key should be in candidates.
- + commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578
+ + commit 7535f1d47a35e30f736f0e842844555f7a4a9841
* g10/getkey.c (get_best_pubkey_byname): Handle the first key
as the initial candidate for the selection.
+2019-10-07 Werner Koch <wk@gnupg.org>
+
+ kbx: Implement update for the STORE command.
+ + commit f4bdf8e590877e9bfddfd19a4e4167f6531c9fb1
+ * kbx/backend-kbx.c (be_kbx_update): New.
+ * kbx/frontend.c (kbxd_store): Call it.
+
+2019-10-07 NIIBE Yutaka <gniibe@fsij.org>
+
gpg: Fix a memory leak in get_best_pubkey_byname.
- + commit 2924ac374eb8cbf87ed6c9fbbb72c0b8d1d37fa3
+ + commit e28572116fe4c586ba9d1e8f27389bf3f06e036b
* g10/getkey.c (get_best_pubkey_byname): Free the public key parts.
2019-10-03 Werner Koch <wk@gnupg.org>
+ gpg: Ignore all SHA-1 signatures in 3rd party key signatures.
+ + commit 7d9aad63c4f1aefe97da61baf5acd96c12c0278e
+ * g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date
+ and remove debug output.
+
gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
- + commit edc36f59fcfcb4b896a53530345d586f7e5df560
+ + commit c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
SHA-1 based signatures.
+2019-10-01 Werner Koch <wk@gnupg.org>
+
+ gpg: Read the UBID from the keybox and detect wrong blob type.
+ + commit 63dbc817e7dcc6edc757281f09e1ca80500ab2d1
+ * g10/keydb-private.h (struct keydb_handle_s): Add fields for UBID.
+ * g10/call-keyboxd.c (search_status_cb): New.
+ (keydb_search): Set new UBID fields.
+
+ kbx: Add first version of STORE command to keyboxd.
+ + commit c7293a4d125c4675c86ecdee0f2f3186fc4bdaf7
+ * kbx/Makefile.am (keyboxd_CFLAGS): -DKEYBOX_WITH_X509.
+ (keyboxd_LDADD): Add libksba.
+ * kbx/kbxserver.c (cmd_store): New.
+ * kbx/frontend.c (kbxd_store): New.
+ * kbx/backend-support.c (is_x509_blob): New.
+ (be_fingerprint_from_blob): New.
+ * kbx/backend-kbx.c (be_kbx_seek): Add args FPR and FPRLEN.
+ (be_kbx_insert): New.
+
+ common: New function hex2fixedbuf.
+ + commit 61765136cf92be2884603bc3fac020a1c6ed91f4
+ * common/convert.c (hex2fixedbuf): New.
+
+2019-09-30 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix --recv-key in case of a given fingerprint.
+ + commit a605dbb430b1f73ef974ad54f74679dfc0eefb18
+ * g10/keyserver.c (keyserver_retrieval_screener): Compare against
+ actual length.
+
+ gpg: Fix expand GPG groups when resolving a key.
+ + commit ec81c437e71b4c630a799ed29447cc5e3db162cd
+ * g10/expand-group.c (expand_group): Add arg prepend_input.
+ * g10/pkclist.c (build_pk_list): Adjust for it.
+ * g10/getkey.c (key_byname): Keep the expanded names in the CTX and
+ don't premature free them.
+ (get_pubkey_byname): Append the namelist to the extra_list.
+
+2019-09-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix a recently introduced printf format buglet.
+ + commit b966a7c142ab6341f4149d55e2609dbb9914acec
+ * g10/parse-packet.c (dump_sig_subpkt): Fix format error.
+
+ kbx: Fix error code return in keyboxd.
+ + commit 8e574130482167dc7d2e2888cc80ad6584345e3d
+ * kbx/frontend.c (kbxd_add_resource): Print a diagnostic on error.
+ * kbx/backend-kbx.c (be_kbx_add_resource): Acttually returh the error
+ code.
+
+ kbx: Store the UBIB in the blob.
+ + commit 0af1c6447dc0f981ab7306e3bef520f37aded167
+ * kbx/keybox-blob.c (create_blob_header): New blob flag UBIB.
+ (create_blob_finish): Write the UBIB.
+ * kbx/keybox-dump.c (print_ubib): New.
+ (_keybox_dump_blob): Print UBIB flag.
+ * kbx/keybox-search.c (has_ubid): Compare the stored UBIB if
+ available.
+
+ kbx,gpg: Allow lookup using a UBID.
+ + commit 4be79b5abeae82b9840e6aa93874f743e13c6df7
+ * common/userids.c (classify_user_id): Detect UBIDs.
+ * kbx/backend-cache.c (blob_table_put): Store the public key type.
+ (be_cache_search): Add search mode for UBIDs.
+ * kbx/backend.h (struct db_request_part_s): Add cache.seqno_ubid.
+ * g10/keydb.c (keydb_search_desc_dump): Fix printing of keygrip. Add
+ ubid printing.
+ * g10/call-keyboxd.c (keydb_search): Support search by UBID.
+
+ kbx: First take on a cache for the keyboxd.
+ + commit 280e9c9cfac31ae5ac874c928eee063cc922e27e
+ * kbx/backend.h (enum database_types): Add DB_TYPE_CACHE.
+ (struct db_request_part_s): Add seqno fields.
+ (struct db_request_s): Add infos for the cache backend.
+ * kbx/backend-support.c (struct backend_handle_s): Add 'backend_id'.
+ (strdbtype): Support DB_TYPE_CACHE.
+ (be_generic_release_backend): Ditto.
+ (be_find_request_part): New.
+ (be_return_pubkey): New arg UBID and chnage status name.
+ * kbx/backend-cache.c: New.
+ * kbx/backend-kbx.c (be_kbx_init_request_part): New.
+ (be_kbx_search): Factor some code out to a support function.
+ (be_kbx_seek): New.
+ * kbx/frontend.c (kbxd_add_resource): Support DB_TYPE_CACHE.
+ (kbxd_search): Support the NEXR operation with the cache.
+ * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_UBID): New.
+ (struct keydb_search_desc): Add field u.ubid.
+ * kbx/keybox-search.c (has_ubid): New.
+ (keybox_search): Support the UBID search.
+
+2019-09-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Build gpg-pair-tool only when there is newer libgcrypt.
+ + commit bb5ed9fe1abfcbb6128325508366bc802eb576c5
+ * configure.ac (HAVE_NEWER_LIBGCRYPT): New.
+ * tools/Makefile.am: Conditionalize build of gpg-pair-tool.
+
+2019-09-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ tools: Fix gpg-pair-tool to follow new API.
+ + commit 7c81e5cb97c77244be164daf7a80e29f6b6e437b
+
+
+ tools: Don't prepare G in gpg-pair-tool.
+ + commit b928de70e072fce15d7bba39f370d32dd8b74095
+ * tools/gpg-pair-tool.c (create_dh_keypair): Use NULL for G.
+
+ tools: Use new API of libgcrypt for gpg-pair-tool.
+ + commit f22a00416149448172bf8110d466d65c87962cae
+ * tools/gpg-pair-tool.c (create_dh_keypair): Just use
+ gcry_random_bytes for secret. Call gcry_ecc_mul_point
+ with G to get the public key.
+ (compute_master_secret): Use gcry_ecc_mul_point.
+
+2019-09-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd,pcsc: Use HANDLE for context and card.
+ + commit 49671b76eae2c7d1edb13ed927654d0c11d879f1
+ * scd/apdu.c (HANDLE): New.
+
+2019-09-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Remove old fallback logic from CCID to PC/SC.
+ + commit 980d0234d31699e51051e0cc6002ad177b6e7136
+ * scd/apdu.c (apdu_dev_list_start): Return an error on failure.
+
+ scd,pcsc: Support "reader-port" option for PC/SC reader.
+ + commit 6d750fe7fc4224924f13ef578010a26cdbe0a67b
+ * scd/apdu.c (apdu_open_reader): Skip use of a reader if it's not the
+ one specified when it is specified.
+
+ scd,pcsc: Remove the restriction of no-scanning in PC/SC.
+ + commit c569e49d1764d2573aec5684f9cee397bdd8ccb1
+ * scd/apdu.h (app_open_reader): Remove the last argument.
+ * scd/apdu.c (app_open_reader): Ditto.
+ * scd/app.c (select_application): Don't supply APP_EMPTY.
+
+2019-09-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd,pcsc: Fix examining the list of readers.
+ + commit 92be4e87eec984a3f3737339c311761d2650c55a
+ * scd/apdu.c (apdu_dev_list_start): Traverse the string+NUL carefully.
+
+ scd,pcsc: Fix for initializing PC/SC.
+ + commit 441106cdf0fdd310e3b36370186849167db11345
+ * scd/apdu.c (pcsc_init): Load it at first.
+ (apdu_open_reader): Check for the CCID internal driver.
+
+ scd,pcsc: Support multiple card readers.
+ + commit e8534f899915a039610973a84042cbe25a5e7ce2
+ * scd/apdu.c (close_pcsc_reader, apdu_init): Clear pcsc.rdrname.
+ (pcsc_init): Load of PC/SC module moved from ...
+ (open_pcsc_reader): ... here.
+ (apdu_dev_list_start): Add support for PC/SC.
+ (apdu_dev_list_finish): Likewise.
+ (apdu_open_reader): Likewise.
+
+ scd,pcsc: Use a single context.
+ + commit 1080e91efd60cb41c2d6dbafaee810e5967a3161
+ * scd/apdu.c (pcsc): New variable.
+ (struct reader_table_s): Remove pcsc.context from member.
+ (pcsc_get_status, connect_pcsc_card): Use pcsc.context.
+ (close_pcsc_reader): Release pcsc.context here with reference count.
+ (pcsc_init): New.
+ (open_pcsc_reader): Don't call pcsc_establish_context here. Call
+ close_pcsc_reader instead of pcsc_release_context.
+ (apdu_open_reader): Call pcsc_init if needed.
+ (apdu_init): Initialize pcsc.count and pcsc.context.
+
+ scd: Clean up the structure for future fix of PC/SC.
+ + commit f44aa290c1368a3119b2323664c0f356195c4206
+ * scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
+ (open_ccid_reader): Follow the change.
+ (apdu_dev_list_start, apdu_dev_list_finish): Likewise.
+ (apdu_open_reader): Likewise.
+ * scd/ccid-driver.c (ccid_dev_scan): Use void *.
+ (ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
+ * scd/ccid-driver.h: Change the APIs.
+
+2019-09-10 Werner Koch <wk@gnupg.org>
+
+ gpg: First rough implementation of keyboxd access for key lookup.
+ + commit ce9906b008c94c2aa4ac770a981d1e1e0b8aea47
+ * g10/Makefile.am: Add nPth flags.
+ * g10/gpg.c: Include npth.h.
+ (gpg_deinit_default_ctrl): Deinit call-keyboxd local data.
+ (main): Init nPth.
+ * g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and
+ remove the search result and the assuan context.
+ * g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields.
+ (lock_datastream, unlock_datastream): New.
+ (gpg_keyboxd_deinit_session_data): Adjust for changed data structures.
+ (prepare_data_pipe): New.
+ (open_context): Return kbl instead of an Assuan context. Init mutexes
+ etc.
+ (close_context): Merge into ...
+ (keydb_release): here. Adjust for changed data structures.
+ (datastream_thread): New.
+ (keydb_get_keyblock): Implement datastream stuff.
+ (keydb_search): Ditto.
+
+ * common/asshelp.c (wait_for_sock): Add arg connect_flags.
+ (start_new_service): Set FDPASSING flag for the keyboxd.
+
+ kbx: Allow fd-passing for the keyboxd.
+ + commit 6c327b4dd6d8041b84f856ffc2a7d82b352d273f
+ * kbx/kbxserver.c: Include host2net.h
+ (struct server_local_s): Add field outstream.
+ (prepare_outstream): New.
+ (kbxd_writen): New.
+ (kbxd_write_data_line): Write to file descrptor. Disable the slow
+ human reader friendly data line formatting.
+ (cmd_search, cmd_next): Disable data logging.
+ (kbxd_start_command_handler): Add OUTPUT command.
+ * kbx/keyboxd.c (main): Enable log monitor.
+
+ common: Allow a readlimit for iobuf_esopen.
+ + commit 2f0fdab8aabdf408495163ef99b2d4d111f74692
+ * common/iobuf.c (file_es_filter_ctx_t): Add fields use_readlimit and
+ readlimit.
+ (file_es_filter): Implement them.
+ (iobuf_esopen): Add new arg readlimit.
+ * g10/decrypt-data.c (decrypt_data): Adjust for change.
+ * g10/import.c (import_keys_es_stream): Ditto.
+
+2019-09-10 Andre Heinecke <aheinecke@gnupg.org>
+
+ doc: Fix distchek for generated eps file.
+ + commit c69a37dcbdc8db47489fbf744f58bb61399d223f
+ * doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Add
+ gnupg-module-overview.eps, gnupg-card-architecture.eps
+ (DISTCLEANFILES): Remove them.
+
+2019-09-09 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --use-keyboxd.
+ + commit aba82684fe14289cf62b4694bc398f3a274b4762
+ * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts.
+ (opts): New options --use-keyboxd and --keyboxd-program.
+ (main): Implement them.
+ * g10/keydb.c: Move some defs out to ...
+ * g10/keydb-private.h: new file.
+ * g10/keydb.c: prefix function names with "internal" and move original
+ functions to ...
+ * g10/call-keyboxd.c: new file. Divert to the internal fucntion if
+ --use-keyboxd is used. Add a CTRL arg to most fucntions and change
+ all callers.
+ * g10/Makefile.am (common_source): Add new files.
+ (noinst_PROGRAMS): Do bot build gpgcompose.
+
+ kbx: Fix keyboxd search first.
+ + commit 5e00c1773d8fd44ba95b39a48e12b0ec94ac8cbe
+ * kbx/kbxserver.c (cmd_next): Switch to mode next if needed.
+
+ kbx: Allow searching from start.
+ + commit 1545b948e1c8e8fa4873d434fb790a88ed96091c
+ * kbx/kbxserver.c (cmd_search): Detect empty pattern.
+
+2019-09-06 Stephan Mueller <smueller@chronox.de>
+
+ gpg: expand GPG groups when resolving a key.
+ + commit e825aea2ba3529c333d7ec2c76e63998cb83d999
+ * g10/expand-group.c: New
+ * g10/pkclist.c: Extract expand_group and expand_id into expand-group.c.
+ * g10/keydb.h: Add prototypes of expand_id and expand_group.
+ * g10/getkey.c: Use expand_group before resolving key references.
+ * g10/Makefile.am: Compile expand-group.c.
+
2019-09-06 Werner Koch <wk@gnupg.org>
gpg: Make --quiet work on --send-keys.
- + commit de57b5bf91d64f8843a68d1950bd12aecc82f8c1
+ + commit d9c4c3776b8ec3261e13693e230dd480b1127b18
* g10/keyserver.c (keyserver_put): Act upon --quiet.
+2019-09-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Prepare parser for the new attestation certificates.
+ + commit 209caaff66fbe96df144e6b1474435992e087fa4
+ * common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New.
+ * g10/keydb.h (IS_ATTST_SIGS): New.
+ (IS_CERT): Include the new one.
+ * g10/sign.c (mk_notation_policy_etc): Do not put notations into
+ attestation key signatures.
+ * g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo.
+ Print the attestation sigs.
+ (parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS.
+ (can_handle_critical): Ditto.
+ (enum_sig_subpkt): Pass digest algo to dump_sig_subpkt.
+
+ gpg: Rework the signature subpacket iteration function.
+ + commit e1d9be730ca07e10a20df5ef60d7562030f10676
+ * g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args
+ so that the entire signature packet is available. Change all callers.
+ (parse_sig_subpkt): Ditto.
+
+ scd: Implement auto-switching between Yubikey apps.
+ + commit 7febb4f2476742936b829424ad23df662b37f4b4
+ * scd/app.c (apptype_from_keyref): New.
+ (maybe_switch_app): Add arg 'keyref' and use this also for switching.
+ Change all callers to pass a keyref if needed.
+
+ scd:openpgp: Avoid PIN caching issues after re-select.
+ + commit 5d9eb060b764d45152edb266cd8a08f5724ad709
+ * scd/app-openpgp.c (do_reselect): Clear PIN cache flags.
+
+ scd:piv: Allow the keygrip as alternative to a keyref.
+ + commit 947b44e835dec5967d400a9391d8746fb3f759df
+ * scd/app-piv.c (find_dobj_by_keyref): Allow the keygrip as input.
+
+ scd: Improve locking of app_do_with_keygrip.
+ + commit c8d739a356d3dacdf63fa2d722d117401cf52caf
+ * scd/app.c (app_do_with_keygrip): Lock once per card.
+
+ scd: New debug flag "app".
+ + commit 4e701953fec6efb10aaf34373e648b1dcafba054
+ * scd/scdaemon.h (DBG_APP_VALUE, DBG_APP): New.
+ * scd/scdaemon.c (debug_flags): Add "app".
+ * scd/app.c (xstrapptype): New.
+ (app_readcert, app_readkey, app_getattr): Add debug output.
+ (app_setattr, app_sign, app_auth): Ditto.
+ (app_writecert, app_writekey, app_change_pin): Ditto.
+ (app_check_pin): Ditto.
+
+2019-09-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix ask_for_card to allow a key on multiple cards.
+ + commit 9f39e0167d0642bcfb9bcabcbc7f8160b39a20ee
+ * agent/divert-scd.c (ask_for_card): Don't use SERIALNO to select
+ card, but use KEYGRIP.
+
+2019-09-04 Werner Koch <wk@gnupg.org>
+
+ scd: New sub-command cmd_has_option for GETINFO.
+ + commit fed9c93e05af4aeeb2fe9af81200fc7a745f2dec
+ * scd/command.c (cmd_getinfo): Add cmd_has_option sub-command.
+
+ scd: Add option --all to the SERIALNO command.
+ + commit 9a0d8f2d8906d2f37c2755c4695b91c27c8acc2f
+ * scd/command.c (cmd_serialno): Add option --all.
+ (open_card_with_request): Implement that option.
+ * scd/app.c (select_all_additional_applications_internal): New.
+ (select_additional_application): Add mode to call new function.
+
+ scd: Fix Error checking in additioal app selection.
+ + commit fa258379424c6d48538b054b8dc7c1ab5c2d4290
+ * scd/app.c (select_additional_application): Return error for unknown
+ NAME.
+
+ scd: Add option --multi to the LEARN command.
+ + commit 5cf5a04bae03d622a42753735c60dfab3b24ade8
+ * scd/app-common.h (APP_LEARN_FLAG_MULTI): New.
+ * scd/command.c (cmd_learn): Add option --multi.
+ * scd/app.c (app_write_learn_status): Factor some code out to ...
+ (write_learn_status_core): new.
+ (app_write_learn_status): Implement flag --multi.
+
+ scd: Use a macro for the flag parameter of learn_status.
+ + commit 2cdea776cd6db13c8f4ff45c89bd3292f216b186
+ * scd/app-common.h (APP_LEARN_FLAG_KEYPAIRINFO): New flag macro..
+ * scd/command.c (cmd_learn): Pass that flag instead of a plain number.
+ * scd/app-nks.c (do_learn_status_core): Use new flag.
+ * scd/app-p15.c (do_learn_status): Ditto.
+ * scd/app-piv.c (do_learn_status): Ditto.
+ * scd/app-sc-hsm.c (do_learn_status): Ditto.
+ * scd/app.c (app_write_learn_status): Ditto.
+
2019-08-23 Werner Koch <wk@gnupg.org>
- gpg: Implement keybox compression run.
- + commit b5f7ac6c368a07b3d35191bf56fdf58145c4e44b
- * kbx/keybox-init.c (keybox_lock): Add arg TIMEOUT and change all
- callers to pass -1.
+ gpg,sm: Implement keybox compression run and release lock in gpgsm.
+ + commit e64f0dfd72de548837f630bccd249a87451b89c5
* g10/keydb.c (keydb_add_resource): Call keybox_compress.
+ * sm/keydb.c (keydb_add_resource): Release the lock after a compress.
kbx: Include deleted records into the --stats output.
- + commit 34f55c5e348d4bf9894c24988e6856b411ba05de
+ + commit 5ef0d7a795cf2462314ea0cb72c7efa7243ab405
* kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in
account.
- kbx: Allow "gpgsm --faked-system-time" to kick off a compression run.
- + commit e854580fa562c423f3d977318b515fb4d186f99a
- * kbx/keybox-update.c (keybox_compress): Use make_timestamp.
+ kbx: Fix regression in compression trigger from July 18.
+ + commit 30aaa4ba007210aa043c3d524415495a4d9fd17f
+ * kbx/keybox-update.c (keybox_compress): Change condition back.
+ Also use make_timestamp for CUT_TIME.
gpg: Allow --locate-external-key even with --no-auto-key-locate.
- + commit df6cff8233aa281d150861a26cd262a8a15c73e7
+ + commit d058d80ed0d5edeff6d85108054b1dfd45ddad7d
* g10/getkey.c (akl_empty_or_only_local): New.
* g10/gpg.c (DEFAULT_AKL_LIST): New.
(main): Use it here.
(main) <aLocateExtKeys>: Set default AKL if none is set.
gpg: Silence some warning messages during -Kv.
- + commit 589f1187137cb14da1d16be1fdaf8f1ac2c2d436
+ + commit d7aca1bef68589134b36395901b92496a7a37392
* g10/options.h (glo_ctrl): Add flag silence_parse_warnings.
* g10/keylist.c (list_all): Set that during secret key listsings.
* g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do
(can_handle_critical_notation, enum_sig_subpkt): Ditto.
(parse_signature, parse_key, parse_attribute_subpkts): Ditto.
- gpg: Do not show an informational diagnostics with quiet.
- + commit 215858aba342e6f2b9a7c93f579638279af3a561
+ gpg: Do not show two informational diagnostics with quiet.
+ + commit f14ddeb89c4519cd7ccf52c4595b93ab11ccbda1
* g10/trustdb.c (verify_own_keys): Silence informational diagnostic.
gpgconf: Suggest the use of --gpgconf-test on --launch problems.
- + commit 7c386c5fb5aebbbb36daf61c25d20e6888123994
+ + commit 2a45800b2f8043d2533403eaadf8736d15ad7017
* tools/gpgconf-comp.c (gc_component_launch): Change suggestion.
-2019-08-21 Werner Koch <wk@gnupg.org>
-
- scd:nks: Extend keypairinfo with usage flags.
- + commit 0a9053eff0406c6799ee201013194200c0ed3487
- * scd/app-nks.c (do_learn_status_core): Return usage.
+2019-08-22 Werner Koch <wk@gnupg.org>
- scd:openpgp: Extend keypairinfo with usage flags.
- + commit 6f67abcc0339b42a181285b3416959c39a2d7808
- * scd/app-openpgp.c (send_keypair_info): Return usage.
+ gpg: Extend --quick-gen-key for creating keys from a card.
+ + commit d3f5d8544fdb43082ff34b106122bbf0619a0ead
+ * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
+ support the special algo "card".
+ (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
+ Handle the "card" algo. Adjust callers.
+ (parse_algo_usage_expire): Add arg R_KEYGRIP.
+ (quickgen_set_para): Add arg KEYGRIP and put it into the parameter
+ list.
+ (quick_generate_keypair): Handle algo "card".
+ (generate_keypair): Also handle the keygrips as returned by
+ parse_key_parameter_string.
+ (ask_algo): Support ed25519 from a card.
- sm: Show the usage flags when generating a key from a card.
- + commit a8aacaf2042a72760e6eaf35e65bfd6d42e642f0
- * g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
- flags.
- * sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
- * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.
+2019-08-22 NIIBE Yutaka <gniibe@fsij.org>
- (cherry picked from commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7)
+ gpg: Factor export_ssh_key.
+ + commit 6f760e6eb0e8820d386b33c28cb14210adfc6aef
+ * g10/export.c (export_one_ssh_key): Factor out.
+ (export_ssh_key): Use export_one_ssh_key.
- gpg: Allow decryption using non-OpenPGP cards.
- + commit 9a317557c58d2bdcc504b70c366b77f4cac71df7
- * g10/call-agent.c (struct getattr_one_parm_s): New.
- (getattr_one_status_cb): New.
- (agent_scd_getattr_one): New.
- * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
- pkcs#1.
- * g10/getkey.c (enum_secret_keys): Move to...
- * g10/skclist.c (enum_secret_keys): here and handle non-OpenPGP cards.
+ dns: Fix irrelevant use of tmpfile.
+ + commit e00e68135c01351ed66fed3c4453a1b13c8d522f
+ * dirmngr/dns.c (dns_trace_open): Don't use tmpfile.
- scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
- + commit 23784f8bf0ac6d6c52cb2de2f99f46017a92c11a
- * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
- * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
- * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
- "$SIGNKEYID".
- * scd/app-nks.c (do_getattr): Add attributes too.
+2019-08-21 Werner Koch <wk@gnupg.org>
- gpg: Allow direct key generation from card with --full-gen-key.
- + commit fbed618a3699bea131ce36949387af0fa3cf13f9
- * g10/call-agent.c (agent_scd_readkey): New.
- * g10/keygen.c (ask_key_flags): Factor code out to ..
- (ask_key_flags_with_mask): new.
- (ask_algo): New mode 14.
+ gpg: In a list of card keys show the standard keys.
+ + commit ce403c74dbc9c027b823910f22338269e625f76f
+ * g10/keygen.c (ask_algo): Identify the standard keys.
- common: Extend function pubkey_algo_string.
- + commit 0353cb0a5edeef07330da1688b7801c073959185
- * common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
- * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
+ scd:nks: Extend keypairinfo with usage flags.
+ + commit 0d2c9ef29c1741845df2d56f0024f87eab42efb3
+ * scd/app-nks.c (do_learn_status_core): Return usage.
- (cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8)
+ (cherry picked from commit 0a9053eff0406c6799ee201013194200c0ed3487)
- Removed the changes in gpg-card which is not part of 2.2
+ scd:nks: Support attributes $ENCRKEYID and $SIGNKEYID.
+ + commit 671e54d62c39a9e196d13714cb67c2f3c38f2fa0
+ * scd/app-nks.c (do_getattr): Add new attributes.
gpg: New option --use-only-openpgp-card.
- + commit c185f6dfbd1bfd809369da789239a371e9d1610e
+ + commit c97c2e578dd173ef5e7916a3aa539b3a65a7d86d
* g10/gpg.c (opts): Add option.
(main): Set flag.
* g10/options.h: Add flags.use_only_openpgp_card.
* g10/call-agent.c (start_agent): Implement option.
- gpg: Prepare card code to allow other than OpenPGP cards.
- + commit fe5c8de862885c51d27c2dc9ea237846c5e57e8a
- * g10/call-agent.c (start_agent): Use card app auto selection.
- * g10/card-util.c (current_card_status): Print the Application type.
- (card_status): Put empty line between card listings.
+2019-08-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix check_application_conflict.
+ + commit 6fae96094c973be880919f3a7798ca69d9365b69
+ * scd/scd/app.c (check_application_conflict): Compare APPTYPE.
+
+ scd: Fix selecting additional APP.
+ + commit 8dc19d35e854264cfe503cdbb9e5ccafa9bc97d0
+ * scd/app.c (select_additional_application_internal): Factor out.
+ (select_additional_application): Getting the lock and call
+ select_additional_application_internal, set current_apptype, then.
+ (select_application): Call select_additional_application_internal
+ for Yubikey.
- (cherry picked from commit e47524c34a2a9f53c2507f67a0b41b460cee78b7)
+ scd: Fix how select_additional_application is called.
+ + commit 4781c4a86608b57f9d1daf55b9b2970130fe6120
+ * scd/app.c (check_application_conflict): Check against current APP.
+ (select_additional_application): Update current_apptype of CTRL.
- gpg: New card function agent_scd_keypairinfo.
- + commit 768cb6402f2941781262b9cb0a2aeecc89941f0f
- * g10/call-agent.c (scd_keypairinfo_status_cb)
- (agent_scd_keypairinfo): New. Taken from gpgsm.
+ scd: Fix resetting CARD_CTX.
+ + commit 09d000babb71990ef1b3f42017a67516bb994388
+ * scd/app.c (deallocate_card): Don't call scd_clear_current_app.
+ (card_reset): Reset ctrl->current_apptype.
+ * scd/command.c (open_card_with_request): Likewise.
+ (send_client_notifications): Likewise.
+ (scd_clear_current_app): Remove.
- (cherry picked from commit 0fad61de159acf39e38a04f28f162f0beb0e77d6)
+ scd: Fix switching to another APP.
+ + commit d4f135c34b332f1f833617a7f1ef0bdbff5eb589
+ * scd/app.c (select_additional_application): Initialize card of APP.
+ Break after the selection.
+ Don't free APP if success.
- gpg: Remove two unused card related functions.
- + commit c2f87a936afb7eba288d7e6558c24509cd6ab045
- * g10/call-agent.c (inq_writekey_parms): Remove.
- (agent_scd_writekey): Remove.
- (agent_clear_pin_cache): Remove this stub.
+2019-08-20 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- (cherry picked from commit 334b16b868e771b983263ed20c200869e7e51198)
+ doc: fix minor spelling and tense errors.
+ + commit b7793c3af32b2d99359022f805636953a50d8c68
+ * doc/{gpg,gpgsm,wks}.texi: minor orthographic cleanup.
- gpg: Repurpose the ISO defined DO "sex" to "salutation".
- + commit d410b5f9309607599c9ff45061fd1f02638a9a88
- * g10/card-util.c (current_card_status): String changes.
- (change_sex): Description change.
- (cmds): Add "salutation"; keep "sex" as an alias.
+ doc: clarify CARD event counter.
+ + commit cba6e1bd7242e8b8c6822f4e93368cb315b5524b
+ * doc/gpg-agent.texi: improve documentation of CARD entry in
+ GETEVENTCOUNTER description.
- gpg: Remove unused arg in a card related function.
- + commit c66a2cc8d306e7d9d0b4450311f230f182762f93
- * g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.
+2019-08-08 Andre Heinecke <aheinecke@intevation.de>
+
+ speedo, w32: Add w32-wixlib target for MSI package.
+ + commit 0b7088dc8035e8d5832c89085eea3b288de67710
+ * Makefile.am (EXTRA_DIST): Add wixlib.wxs
+ * build-aux/speedo.mk (w32-wixlib): New target.
+ (w32-release): Build wixlib if WIXPREFIX is set.
+ (help): Add documentation.
+ * build-aux/speedo/w32/wixlib.wxs
- (cherry picked from commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e)
+2019-08-08 Werner Koch <wk@gnupg.org>
+
+ build: Sign all Windows binaries.
+ + commit 4964691861796ad6e7bd59dd553a617f68676b2b
+ * build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
+ (AUTHENTICODE_TOOL): New.
+ (AUTHENTICODE_FILES): New.
+ (installer): Sign listed files.
+ (AUTHENTICODE_SIGNHOST): New macro.
+ (sign-installer): Use that macro instead of direct use of osslsigncode.
-2019-08-12 NIIBE Yutaka <gniibe@fsij.org>
+2019-08-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Remove fallback mechanism to PC/SC.
+ + commit 100642e776964219936e493315eb8b7c99742f41
+ * scd/apdu.c [HAVE_LIBUSB] (apdu_open_reader): Simply let it fail.
+
+2019-08-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix an error path of agent_get_confirmation.
+ + commit bb82ad018a7bf93bd704cf44e51cd086e41a4ad5
+ * agent/call-pinentry.c (agent_get_confirmation): Make sure
+ unlock_pinentry is always called.
+
+2019-08-06 Werner Koch <wk@gnupg.org>
+
+ kbx: Add framework for the SEARCH command.
+ + commit 5ea6250cc5761612d17ca4fb34eed096f26e2826
+ * kbx/backend-kbx.c: New.
+ * kbx/backend-support.c: New.
+ * kbx/backend.h: New.
+ * kbx/frontend.c: New.
+ * kbx/frontend.h: New.
+ * kbx/kbxserver.c: Implement SEARCH and NEXT command.
+ * kbx/keybox-search-desc.h (enum pubkey_types): New.
+ * kbx/keybox-search.c (keybox_get_data): New.
+ * kbx/keyboxd.c (main): Add a standard resource.
+
+ kbx: Allow writing using a estream.
+ + commit 1f980d23af8b818ed8246ec6bf13b9c61b963ec0
+ * kbx/keybox-file.c (_keybox_write_header_blob): New optional arg
+ stream. Change callers.
+
+ tools: New option --keyboxd for gpg-connect-agent.
+ + commit 0611f548bcd3c772084d6c3111dc88a09a67f65a
+ * configure.ac: New option --keyboxd-pgm.
+ (KEYBOXD_NAME, KEYBOXD_DISP_NAME): New ac_defines.
+ * common/util.h: Add substitutes for new error codes.
+ (GNUPG_MODULE_NAME_KEYBOXD): New.
+ * common/homedir.c (gnupg_module_name): Support
+ GNUPG_MODULE_NAME_KEYBOXD.
+ * common/asshelp.c (SECS_TO_WAIT_FOR_KEYBOXD): New.
+ (wait_for_sock): Support keyboxd.
+ (start_new_service): Ditto.
+ (start_new_keyboxd): New.
+ * tools/gpg-connect-agent.c: New options --keyboxd and
+ --keyboxd-program.
+ (start_agent): Implement new option.
+
+2019-08-06 NIIBE Yutaka <gniibe@fsij.org>
common: Fix line break handling, finding a space.
- + commit 6e6078c8d0d4a2947e2a34f1367e4472f6ae483b
+ + commit f588dd8d1766de48c90a5501cf2d537f256d003e
* common/name-value.c (assert_raw_value): Correctly find a space.
+ gpg: Don't report NO_SECKEY for valid key.
+ + commit d8a49bbcd1b1d40ab0ddadac0dbb16a5d75c626e
+ * g10/mainproc.c (proc_encrypted): Report status of STATUS_NO_SECKEY
+ only when some error occurred.
+
+2019-08-05 Werner Koch <wk@gnupg.org>
+
+ common: Remove code duplication for service starting.
+ + commit e22ebf357050f98558b428502a565fc3dc256932
+ * common/homedir.c (gpg_agent_socket_name): New.
+ * common/asshelp.c (start_new_service): New. Based on
+ start_new_gpg_agent.
+ (start_new_gpg_agent): Divert to start_new_service.
+ (start_new_dirmngr): Ditto.
+
+2019-08-05 NIIBE Yutaka <gniibe@fsij.org>
+
sm: Support AES-256 key.
- + commit a9816d5fb13edb30c5d12cf85ae3e1a114fcc2c1
+ + commit ef2424144a070c9199e40424ec8d9b5a9919aa72
* sm/decrypt.c (prepare_decryption): Handle a case for AES-256.
+2019-08-02 Werner Koch <wk@gnupg.org>
+
+ common: Change yet unused status_printf function.
+ + commit d8a84594abe4be933756db07b987dc8bcd79c8b9
+ * common/asshelp2.c (status_printf): Rename to status_no_printf.
+ (status_printf): New.
+
+2019-07-26 NIIBE Yutaka <gniibe@fsij.org>
+
sm: Fix error checking of decryption result.
- + commit ccf5cc8b0b6cee562f7d5598149abcde17440ed4
+ + commit 15fe78184cc66ce6e657a6e949a522d7821f8a1c
* sm/call-agent.c (gpgsm_agent_pkdecrypt): Fix condition.
-2019-08-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+2019-07-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators.
- + commit 64500e7f6dd63c793734e52e270b1ea23cfd1928
+ + commit 3ba091ab8c93c87741a451f579d63dd500d7621d
* g10/call-agent.c (agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
-2019-08-12 NIIBE Yutaka <gniibe@fsij.org>
+2019-07-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: photoid: Use standard spawn API.
+ + commit fd9e6ae22eb93aa5140b56e1b0fa14e6402d6099
+ * g10/photoid.c (exec_write, exec_read, exec_finish): Remove.
+ (setup_input_file): Rename from make_tempdir.
+ (expand_args): Drop support of 'o' and 'O'.
+ (fill_command_argv, run_with_pipe, create_temp_file) New.
+ (show_photo): New with gnupg_spawn_process_fd and gnupg_wait_process.
+ (show_photos): Call show_photo.
+
+ gpg: photoid: Move functions from exec.c.
+ + commit c57c5004ec6cc7dc7b7a4f250516199a8a1e31fc
+ * g10/exec.c (w32_system): Expose to public.
+ (exec_write, exec_read, exec_finish, make_tempdir, expand_args): Move
+ to photoid.c.
+ * g10/exec.h: Likewise.
+ * g10/photoid.c (exec_write, exec_read, exec_finish, make_tempdir)
+ (expand_args): Move here.
scd: Handle CCID bwi of time extension.
- + commit 879660bf4581d902cc1d1244091873c6c0225fa2
+ + commit 996c497a864d820af06333014b2c5f74d1054866
* scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
value as defined section 6.2.6 in CCID specification.
scd: Fix bBWI value.
- + commit f8961a576d3b5d69bb0e600a64553659ebef8ee7
+ + commit 858dc9564326e65e6d8771af160d4513aea1e4eb
* scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
level transfer.
(ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
level transfer.
- card: Fix showing KDF object attribute.
- + commit 8e01676981206c209c0bfcb92633d9d2f06a2d90
- * g10/call-agent.c (learn_status_cb): Parse the KDF DO.
- * g10/card-util.c (current_card_status): Show it correctly.
+2019-07-24 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix the previous commit.
+ + commit 044379772fc5b0f39c6a36809722e702808b6ec3
+ * common/asshelp.c [HAVE_W32_SYSTEM] (start_new_gpg_agent): Use
+ gnupg_spawn_process_detached.
+ (start_new_dirmngr): Likewise.
+
+ common: Use gnupg_spawn_process_fd to invoke gpg-agent/dirmngr.
+ + commit b1c56cf9e2bb51abfd47747128bd2a6285ed1623
+ * common/asshelp.c (start_new_gpg_agent): Call gnupg_spawn_process_fd
+ and gnupg_wait_process.
+ (start_new_dirmngr): Likewise.
+
+ common,w32: Fix cast from gnupg_fd_t to call _open_osfhandle.
+ + commit a64411c607d5450e786c3207b9023394574c979b
+ * common/sysutils.c (translate_sys2libc_fd): Use intptr_t.
+ (gnupg_tmpfile): Likewise.
+
+2019-07-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: A little clean up.
+ + commit 7bfbb9fa7e7693cd7f19a8d130aa0a9a82825d5d
+ * g10/keyserver.c: Don't include exec.h.
+ * g10/photoid.c (image_type_to_string): It's constant.
+ * g10/photoid.h (image_type_to_string): Likewise.
2019-07-22 NIIBE Yutaka <gniibe@fsij.org>
+ scd: Error code map fix for older Yubikey.
+ + commit 13bc0431ff1ce51246694208df611cc4561fb4b3
+ * scd/iso7816.c (map_sw): Recognize 6A86.
+
+2019-07-19 NIIBE Yutaka <gniibe@fsij.org>
+
gpg: The option --passphrase= can be empty.
- + commit b21133ba80f21ce93d5a4afe48027172d9fc1999
+ + commit fcd766719a6e8f18f4be4c0f91e12aa157ca5506
* g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow
empty string.
+ card: Fix showing KDF object attribute.
+ + commit 98f4eff7ffde106ae4f60739d1104282430ac14f
+ * g10/call-agent.c (learn_status_cb): Parse the KDF DO.
+ * g10/card-util.c (current_card_status): Show it correctly.
+
+ scd: Support "[CHV3]" attribute for keyid string.
+ + commit 57565d5f975d3c00853bb49678d63ee8b896b741
+ * scd/app-openpgp.c (check_keyidstr0: Relax the check.
+
+ card: Support disabling KDF functionality.
+ + commit 9c0cd9d07546698ab66cedd06c503e6b698593f9
+ * g10/card-util.c (kdf_setup): Can be "off".
+
+2019-07-18 Werner Koch <wk@gnupg.org>
+
+ kbx: Allow "gpgsm --faked-system-time" to kick off a compression run.
+ + commit 824ca6f042dc69edaf67bf9d4e875be75babab00
+ * kbx/keybox-update.c (keybox_compress): Use make_timestamp.
+
+2019-07-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: More check for symmetric key encryption.
+ + commit 44be675b759d27bac310c2de8bae1b7882a26b65
+ * g10/dek.h (DEK): Use debugger friendly type of unsigned int.
+ * g10/mainproc.c (symkey_decrypt_seskey): Add another check.
+
2019-07-16 NIIBE Yutaka <gniibe@fsij.org>
+ doc: Fix description of the field 11.
+ + commit 4195ce15f4942245a29ef20ace42ad0f27e82ffd
+ * doc/DETAILS: Fix.
+
dirmngr: Don't add system CAs for SKS HKPS pool.
- + commit 58e234fbeb6cc5908b69a73e50428f02e584e504
+ + commit 75e0ec65170b7053743406e3f3b605febcf7312a
* dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear
add_system_cas.
- gpg: Improve import slowness.
- + commit eb00a14f6d2de7c53487f39494c5cb9c0598fc96
- * g10/import.c (read_block): Avoid O(N^2) append.
- (sec_to_pub_keyblock): Likewise.
+2019-07-12 Werner Koch <wk@gnupg.org>
- gpg: Fix keyring retrieval.
- + commit b7df72d3074b72cf8b537ac87416b6b719c1b1b7
- * g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append.
+ scd: Remove useless GNUPG_SCD_MAIN_HEADER macro.
+ + commit fb1c8978f57b8f92e2ea9d10afc1d133656c9706
+ * scd/apdu.c (): Remove never set and useless macro.
+ * scd/ccid-driver.c: Ditto.
+ * scd/iso7816.c: Ditto.
-2019-07-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+2019-07-12 NIIBE Yutaka <gniibe@fsij.org>
- doc: fix spelling.
- + commit d10bb027e481b518e4bf13ba72d14933d6cbb8cb
- * doc/tools.texi: fix a handful of minor spelling errors.
+ doc: Dependencies for figures are only for maintainers.
+ + commit 58bab1a8784b0dbae70b5d74757cd56484292d1c
+ * doc/Makefile.am [MAINTAINER_MODE] (.svg.eps, etc.): Enable only
+ when maintainer-mode.
-2019-07-09 Werner Koch <wk@gnupg.org>
+ Fix a reference in comment.
+ + commit 4e601c7643fcfa3d8babcce58daa4c6c6a42d338
+ * common/openpgp-s2k.c: Fix.
- Release 2.2.17.
- + commit 591523ec94b6279b8b39a01501d78cf980de8722
+ gpg: Don't try decryption by session key when NULL.
+ + commit 89303b9998ea30d87b4c60dd48097dbe5e986a89
+ * g10/mainproc.c (proc_encrypted): Only call get_session_key when
+ PKENC_LIST is not NULL.
+ Return GPG_ERR_BAD_KEY, instead of GPG_ERR_NO_SECKEY, when
+ it's encrypted only by symmetric key.
+2019-07-11 NIIBE Yutaka <gniibe@fsij.org>
-2019-07-09 Ineiev <ineiev@gnu.org>
+ agent: Relax the handling of pinentry error for keyboard grab.
+ + commit 02d8b383833bac0382e910a2058b11b127acfd4d
+ * agent/call-pinentry.c (start_pinentry): It's not fatal when
+ pinentry doesn't support no-grab/grab option.
- po: Update Russian translation.
- + commit ad0c61972a413987d2cc8ac8deb6a646b954ae05
+ scd: Fix internal CCID driver, so that -DTEST works.
+ + commit b31060425226b45deb21915bf5cd8b6ba62bd098
+ * scd/ccid-driver.c: Support a test program by ccid-driver.
+
+ scd: Fix debug logging of the internal CCID driver.
+ + commit 2536bf276189a474a3a1ca9716368cf5d991b0d6
+ * scd/ccid-driver.c [GNUPG_MAJOR_VERSION] (DEBUGOUT): Use log_debug.
+
+ gpg: Fix getting User ID.
+ + commit 29c7fb4053d207c163802642babbdbb6f885727e
+ * g10/getkey.c (user_id_db): Remove, as no use anymore.
+ (get_user_id_string): Use cache_get_uid_bykid.
+ (get_user_id_byfpr): Use cache_get_uid_byfpr.
+ * g10/objcache.c (cache_get_uid_byfpr): New.
+ * g10/objcache.h (cache_get_uid_byfpr): New.
+
+2019-07-10 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Improve import slowness.
+ + commit 33c17a8008c3ba3bb740069f9f97c7467f156b54
+ * g10/import.c (read_block): Avoid O(N^2) append.
+ (sec_to_pub_keyblock): Likewise.
+ gpg: Fix keyring retrieval.
+ + commit a7a043e82555a9da984c6fb01bfec4990d904690
+ * g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append.
2019-07-09 Werner Koch <wk@gnupg.org>
gpg: Do not try the import fallback if the options are already used.
- + commit 3c2cf5ea952015a441ee5701c41dadc63be60d87
+ + commit a29156d5a650702ad79fe11f45782bc4bc159c13
* g10/import.c (import_one): Check options.
gpg: Fix regression in option "self-sigs-only".
- + commit b6effaf4669b2c3707932e3c5f2f57df886d759e
+ + commit eec150eca78a053193a0994a96482791b5da36be
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
+2019-07-09 NIIBE Yutaka <gniibe@fsij.org>
+
+ sm: Fix card access.
+ + commit 37d758e5f2b5d07dc937098cf48096cf35ea61e4
+ * sm/call-agent.c (gpgsm_scd_pksign): Cast to integer for %b.
+
+ scd: ccid-driver: Initial getting ATR more robustly.
+ + commit c51a5685554a06e00ae1e99070b44613b2f8d417
+ * scd/ccid-driver.c (send_power_off): New.
+ (do_close_reader): Use send_power_off.
+ (ccid_get_atr): Add error recovery.
+
+2019-07-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix keygrip search.
+ + commit 39c40e572c5632f836d089dce49224f947244bf2
+ * scd/app.c (app_do_with_keygrip): Break the entire loop.
+
2019-07-05 Werner Koch <wk@gnupg.org>
gpg: With --auto-key-retrieve prefer WKD over keyservers.
- + commit 3242837d203a7b90b92952e63ee160a5a41764c0
+ + commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver. Remove keyserver lookup just by the
keyid. Try a WKD lookup before a keyserver lookup.
wkd: Change client/server limit back to 64 KiB.
- + commit 6396f8d115f21ae15571b683e9ac9d1d7e3f44f4
+ + commit b0e8724b102535c27a8c973ec038d340858a8eb8
* tools/wks-receive.c (decrypt_data): Change limit.
+2019-07-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ sm: Return the last error for pubkey decryption.
+ + commit 38b9da7de3350b1e56b85a058cdb1fdded78cf6d
+ * sm/decrypt.c: Use TMP_RC for ksba_cms_get_issuer_serial,
+ and return the last error when no key is available.
+ Fix the error report with TMP_RC for second call of
+ ksba_cms_get_issuer_serial.
+
+ gpg: Return the last error for pubkey decryption.
+ + commit 6cc4119ec03be61c78189a0bec99372035289b91
+ * g10/mainproc.c (proc_encrypted): Check ->result against -1.
+ When c->dek == NULL, put GPG_ERR_NO_SECKEY only when not set.
+ * g10/pubkey-enc.c (get_session_key): Set k->result by the result of
+ get_it.
+ When no secret key is available for some reasons, return the last
+ specific error, if any.
+
2019-07-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
dirmngr: fix handling of HTTPS redirections during HKP.
- + commit efb6e08ea2ca1cf2d39135d94195802cd69b9ea6
+ + commit 064aeb14c9b869e114e9ec789526fad8da657230
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.
2019-07-04 Werner Koch <wk@gnupg.org>
gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
- + commit 2b7151b0a57f5fe7d67fd76dfa1ba7a8731642c6
+ + commit 23c978640812d123eaffd4108744bdfcf48f7c93
* g10/gpg.c (main): Change default.
gpg: Avoid printing false AKL error message.
- + commit 4cbd058a3da9aae74aadab7f260952b9ebb5becf
+ + commit 91a6ba32347a21c9029728eec96b8ff80f944629
* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
and skipped-local.
gpg: New command --locate-external-key.
- + commit 46f3283b345e1cabca4b0320cf98274ade8ec162
+ + commit d00c8024e58822e0623b3fad99248ce68a8b7725
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
(locate_one): Ditto. Pass on to get_best_pubkey_byname.
gpg: Make the get_pubkey_byname interface easier to understand.
- + commit 11871433436b5b9b9aca46579dd185a9a77674cd
+ + commit 9980f81da765f88a65604ab083563bf15ccdb425
* g10/keydb.h (enum get_pubkey_modes): New.
* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
change all callers.
2019-07-03 Werner Koch <wk@gnupg.org>
dirmngr: Avoid endless loop in case of HTTP error 503.
- + commit d2e8d71251813e61b15a07637497fabe823b822c
+ + commit 8b113bb148f273524682252233b3c65954e1419e
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
(handle_send_request_error): Use it for 503 and 504.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
extra_tries.
dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
- + commit c9b133a54e93b7f2365b5d6b1c39ec2cc6dac8f9
+ + commit 37f0c55c7be3fc4912237f2bc72466aef6f8aa36
* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
same.
-2019-07-03 Peter Lebbing <peter@digitalbrains.com>
+2019-07-02 Peter Lebbing <peter@digitalbrains.com>
Mention --sender in documentation.
- + commit 37b549dfe0acd362399debd7c93794eb75937402
-
-
-2019-07-03 Werner Koch <wk@gnupg.org>
+ + commit cf92f7d96f83e5af7d2c232c8450c2c7d900ade8
- dirmngr: Support the new WKD draft with the openpgpkey subdomain.
- + commit 458973f502b9a43ecf29e804a2c0c86e78f5927a
- * dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
- method.
-2019-07-02 Werner Koch <wk@gnupg.org>
+2019-07-01 Werner Koch <wk@gnupg.org>
gpg: Fallback to import with self-sigs-only on too large keyblocks.
- + commit a1f2f38dfb2ba5ed66d3aef66fc3be9b67f9b800
+ + commit 3a403ab04eeb45f12b34f9d9c421dac93eaf2160
* g10/import.c (import_one): Rename to ...
(import_one_real): this. Do not print and update stats on keyring
write errors.
(import_one): New. Add fallback code.
-2019-07-01 Werner Koch <wk@gnupg.org>
-
gpg: New import and keyserver option "self-sigs-only"
- + commit adb120e663fc5e78f714976c6e42ae233c1990b0
+ + commit 2e349bb6173789e0e9e42c32873d89c7bc36cea4
* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
* g10/import.c (parse_import_options): Add option "self-sigs-only".
(read_block): Handle that option.
gpg: Make read_block in import.c more flexible.
- + commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0
+ + commit 894b72d796c826b1c7e1df788e16874cd051e672
* g10/import.c: Change arg 'with_meta' to 'options'. Change callers.
2019-07-01 NIIBE Yutaka <gniibe@fsij.org>
tools: gpgconf: Killing order is children-first.
- + commit 526714806da4e50c8e683b25d76460916d58ff41
+ + commit 7c877f942a344e7778005840ed7f3e20ace12f4a
* tools/gpgconf-comp.c (gc_component_kill): Reverse the order.
+2019-06-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Close a dialog cleanly when gpg/ssh is killed for CONFIRM.
+ + commit 374a0775546b6241ca2dd10836202c50300d8e91
+ * agent/call-pinentry.c (watch_sock_start): Factor out
+ from do_getpin.
+ (watch_sock_end): Likewise.
+ (do_getpin): Use those functions.
+ (agent_get_confirmation): Likewise.
+ (popup_message_thread): Likewise.
+
+2019-06-25 Werner Koch <wk@gnupg.org>
+
+ scd: Do not conflict if a card with another serialno is demanded.
+ + commit 92ba831758cff0262504ac51e5df7a439844327c
+ * scd/app.c (check_application_conflict): Add args to pass a serialno.
+ * scd/command.c (open_card_with_request): Pass the serialno to
+ check_application_conflict.
+
+ scd: Return a stable list with "getinfo card_list".
+ + commit c8e62965bc90eabff5c4b7cb349bd8e41584c01b
+ * scd/app.c (compare_card_list_items): New.
+ (app_send_card_list): Sort the card objects by slot.
+
+ scd: Add an re-select mechanism to switch apps.
+ + commit d803b3bb3c084b6bce4d2bd161db50dc45442e5b
+ * scd/app-common.h (struct app_ctx_s): Add func ptr 'reselect'.
+ * scd/app-piv.c (do_reselect): New.
+ (app_select_piv): Move AID constant to file scope.
+ * scd/app-openpgp.c (do_reselect): New.
+ (app_select_openpgp): Move AID constant to file scope.
+ * scd/app.c (apptype_from_name): New.
+ (check_application_conflict): Check against all apps of the card.
+ Always set current_apptype.
+ (select_additional_application): New.
+ (maybe_switch_app): New.
+ (app_write_learn_status, app_readcert, app_readkey, app_getattr)
+ (app_setattr, app_sign, app_auth, app_decipher, app_writecert)
+ (app_writekey, app_genkey, app_change_pin, app_check_pin): Use it here.
+ (app_do_with_keygrip): Force reselect on success.
+ (app_new_register): Move setting of CURRENT_APPTYPE to ...
+ (select_application): here so that it will be set to the requested
+ card.
+ * scd/command.c (open_card_with_request): Select additional
+ application if possible.
+
2019-06-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
spelling: Fix "synchronize"
- + commit 520f5d70e4128b61c30da2a463f6c34ca24b628e
+ + commit d7d1ff45574ed935d07642964a529a358b11a1a7
+
+
+2019-06-21 Werner Koch <wk@gnupg.org>
+
+ scd: Take the card look while running app->with_keygrip.
+ + commit b304c006a3c9ba186fb2510859df7f02a0acad25
+ * scd/app.c (app_do_with_keygrip): Lock the card.
+
+ scd: Take the lock earlier in the function dispatchers.
+ + commit 0400a4eb1782e7a4aea5b04492c93939c6b9799a
+ * scd/app.c: Chnage all function dispatcher.
+
+ scd: Add code to check whether app switching is possible.
+ + commit 1b78e4951ed7a66ec71ca036e7680148a63143be
+ * scd/app.c (check_conflict): Fold into ...
+ (check_application_conflict): this and adjust callers. Return a
+ different error code if it is possible to switch apps.
+
+ scd: Track the currently selected app.
+ + commit 91e2931caac9b914efa0a4524effaaa5948ebd00
+ * scd/scdaemon.h (struct server_control_s): Add 'current_apptype'.
+ * scd/command.c (scd_clear_current_app): New.
+ * scd/app.c (app_new_register): Set it.
+ (deallocate_card): Clear it.
+
+ scd: Simplify inclusion of app-common.h.
+ + commit 43dcf93407d6d2b87b6e7db74fd05fd237495bfe
+ * scd/scdaemon.h: Include app-common.h. Remove inclusion of that
+ header from all other files.
+ (card_t, app_t): Move typedef to ...
+ * scd/app-common.h: here. Use them in the defs.
+
+ gpg: Very minor code cleanup.
+ + commit 4256e9f0f1bf27ed2e93ca3890003ead208ef6df
+ * g10/decrypt-data.c (decrypt_data): Remove superfluous test.
+
+ scd: Use enums for cardtype and apptype.
+ + commit 9551275857c1f9a75fee5736fa6c3cf361364f22
+ * scd/app-common.h (cardtype_t): New.
+ (apptype_t): New.
+ (struct card_ctx_s): Change type of cardtype.
+ (struct app_ctx_s): Change type of apptype. Adjust all users.
+ * scd/app.c (struct app_priority_list_s): Add field apptype.
+ (strcardtype): New. Use as needed.
+ (strapptype): New. Use as needed.
+
+2019-06-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ po: Update Japanese Translation.
+ + commit 0ccb5ddef18f04b86855530838af4cbb9b8aa30b
+
+
+ tools: Fix error handling for gpg-pair-tool.
+ + commit d5287f43fd4def68901519a4c1d471b81ee86ed0
+ * tools/gpg-pair-tool.c (read_message): Initialize ERR.
+
+2019-06-19 Werner Koch <wk@gnupg.org>
+
+ scd: Split data structures into app and card related objects.
+ + commit 5a5288d051a551a1a8f169225e62572f6ee8cb10
+ * scd/app-common.h (struct card_ctx_s): New.
+ (struct app_ctx_s): Factor card specific fields out to card_ctx_s.
+ (app_get_slot): New.
+ * scd/scdaemon.h (card_t): New.
+ (struct server_control_s): Rename field app_ctx to card_ctx and change
+ all users.
+ * scd/app-dinsig.c: Use app_get_slot and adjust for chang in card
+ related fields.
+ * scd/app-geldkarte.c: Ditto.
+ * scd/app-nks.c: Ditto.
+ * scd/app-openpgp.c: Ditto.
+ * scd/app-p15.c: Ditto.
+ * scd/app-sc-hsm.c: Ditto.
+ * scd/app.c: Lost of changes to adjust for the changed data
+ structures. Change all callers.
+ (app_list_lock): Rename to card_list_lock.
+ (app_top): Remove.
+ (card_top): New.
+ (lock_app): Rename to lock_card and change arg type.
+ (unlock_app): Rename to unlock_card.
+ (app_dump_state): Print card and app info.
+ (app_reset): Rename to card_reset.
+ (app_new_register): Change for the new data structure.
+ (deallocate_card): Dealloc card and all apps.
+ (app_ref): Rename to card_ref.
+ (app_unref): Rename to card_unref.
+ (app_unref_locked): Rename to card_unref_locked.
+ (card_get_serialno): New.
+ * scd/command.c (cmd_pkdecrypt): Actually use the looked up card and
+ former app object and not the standard one from the context.
+
+2019-06-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: KEYINFO: Send LF for --data.
+ + commit c3dd53a65dc9ea2c4814e24079f0270c2fef14c6
+ * scd/command.c (send_keyinfo): Send LF for --data.
+
+2019-06-17 Werner Koch <wk@gnupg.org>
+
+ scd:piv: Add the do_with_keygrip feature.
+ + commit e900bf29737b3f7a09f749a271f2c5d7b59c49eb
+ * scd/app-piv.c (do_with_keygrip): New.
+ (app_select_piv): Register function.
+
+ scd: Add explict functions for 'app' reference counting.
+ + commit c594dcfc93486cd26e193aa5c82bb8a8f30ab57b
+ * scd/app.c (app_ref): New.
+ (app_unref): New.
+ (release_application): Renamed to ...
+ (app_unref_locked): this and remove arg locked_already. Change
+ callers to use this or app_ref.
+ * scd/command.c (open_card_with_request):
+ (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): Use app_ref and app_unref
+ instead of accessing the counter directly.
+
+ scd: Slight change to app->fnc.do_with_keygrip.
+ + commit 70f7b262877b1e751d8557dc04a09a420e9d8a8f
+ * scd/app-openpgp.c (do_with_keygrip): Return a real error code to
+ avoid misinterpretation of the result. Also fix the case for a too
+ small buffer.
+
+ scd: Use the correct gpg for the v1.0 OpenPGP card hack.
+ + commit 479c2775d5df64432c1bf64faae7f9abd3042850
+ * scd/app-openpgp.c (get_public_key): Use gnupg_module_name instead of
+ just "gpg".
+
+2019-06-14 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ fix up 6562de7475b21cd03c7b1a83a591fa563c589f5b.
+ + commit 6e46862abd2c2e82f245e381c3f08c5829fb61e6
+
+
+2019-06-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc/gpgsm: explain what "policy-file" refers to.
+ + commit 6562de7475b21cd03c7b1a83a591fa563c589f5b
+ A new user who sees "policy-file" and searches naively through the
+ documentation to find it again won't be able to tell what this refers
+ to, since "policies.txt" doesn't otherwise match the search string
+ "policy". This gives them a fighting chance at finding the
+ documentation.
+
+2019-06-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpgparsemail: Die on parse error, printing errno thing.
+ + commit 1e9d61fb95e4813225a40f720231196abdb83992
+ * tools/gpgparsemail.c (parse_message): Revert the change.
+ * tools/rfc822parse.c (transition_to_body): Set ERRNO.
+ (transition_to_header, insert_header): Likewise.
+
+2019-06-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Bring back --card-timeout option as deprecated.
+ + commit 72fe8d652fce6cb9104bb07ef0fb811cbab3303a
+ * doc/scdaemon.texi (card-timeout): Add.
+ * scd/scdaemon.c (main): Revert the change.
+
+ gpgparsemail: Die on parse error (not abort).
+ + commit c13e459ffeffb8c5387c44b3c04bb92b7111a75b
+ * tools/gpgparsemail.c (parse_message): Don't use ERRNO.
+ * tools/rfc822parse.c (transition_to_body): Return -1.
+ (transition_to_header, insert_header): Likewise.
+
+2019-06-04 Werner Koch <wk@gnupg.org>
+
+ sm: Print a better diagnostic for encryption certificate selection.
+ + commit 9bf650db022b6b65bbfa74c311cdc3e6b73d3b44
+ * sm/certlist.c (gpgsm_add_to_certlist): Add diagnostic and fold two
+ similar branches.
+
+2019-06-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Block signals in g10_exit.
+ + commit 537fbe13af6a70e105982c4b69c1bcc3908ffb08
+ * g10/gpg.c (g10_exit): Block all signals before calling
+ emergency_cleanup.
+ agent: Allow TERM="".
+ + commit 0076bef2026a87c4c0e05bad7d322638b1de3f37
+ * agent/call-pinentry.c (start_pinentry): When TERM is none,
+ don't send OPTION ttytype to pinentry.
+
+ agent: Add pinentry_loopback_confirm declaration.
+ + commit 3a1bb0081087c0604ed681642114934ffe607fa1
+ * agent/agent.h (pinentry_loopback_confirm): New.
+
+ scd: Remove unsupported --card-timeout option.
+ + commit 4262933ef6f7530b4ad55646250a6763de9bf103
+ * doc/scdaemon.texi (card-timeout): Remove.
+ * scd/scdaemon.c (main): Remove oCardTimeout handling.
+
+ g10,agent: Support CONFIRM for --delete-key.
+ + commit 20acc7c0226550530085a674ef1bb41ebfa39408
+ * agent/call-pinentry.c (agent_get_confirmation): Add call of
+ pinentry_loopback_confirm.
+ (agent_popup_message_start): Likewise.
+ (agent_popup_message_stop): Return if it's loopback mode.
+ * agent/command.c (pinentry_loopback_confirm): New.
+
+ * g10/call-agent.c (default_inq_cb): Support "CONFIRM" inquery
+ when PINENTRY_MODE_LOOPBACK mode.
+ (confirm_status_cb): New.
+ (agent_delete_key): Supply confirm_status_cb to set the description
+ string for confirmation.
+
+ doc: Add a section for gpg-check-pattern.
+ + commit eaf3b89d11156cc055644fc50761e1692e791e84
+ * doc/Makefile.am: Add gpg-check-pattern.1.
+ * doc/tools.texi (GPG-CHECK-PATTERN): New.
2019-06-03 Werner Koch <wk@gnupg.org>
Return better error code for some getinfo IPC commands.
- + commit f3251023750d6bd9023dbb8373c804d7d4540a56
+ + commit f2ac6742d403a5a95d84ac7cdcf8913c39297bcb
* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
* g13/server.c (cmd_getinfo): Ditto.
* sm/server.c (cmd_getinfo): Ditto.
-2019-05-29 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc/wks.texi: fix typo.
- + commit 175d194b5d6063895ecfcfed6ed2154e4a0d1421
+2019-05-29 NIIBE Yutaka <gniibe@fsij.org>
+ agent: Add A-flag for KEYINFO output for card.
+ + commit 6790eaf9529209e36099d9520821a3b8ad02ccef
+ * agent/command.c (do_one_keyinfo): Add ON_CARD argument to put
+ A-flag.
+ (cmd_keyinfo): Call agent_card_keyinfo to offer additional information
+ if it's on card.
2019-05-28 Werner Koch <wk@gnupg.org>
- Release GnuPG 2.2.16.
- + commit 3f2b7a53ddc43b3a349451d28691aaaa116786dc
-
-
dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
- + commit 5281ecbe3ae8364407d9831243b81d664b040805
+ + commit 405f41007c35ef52bf85c7c2686dab01fdf2c950
* dirmngr/ocsp.c (do_ocsp_request): Remove arg md. Add args r_sigval,
r_produced_at, and r_md. Get the hash algo from the signature and
create the context here.
(check_signature): Allow any hash algo. Print a diagnostic if the
signature does not verify.
+ dirmngr: Improve finding OCSP cert.
+ + commit 4699e294cc9e59f35262adca26ca291927acca9e
+ * dirmngr/certcache.c (find_cert_bysubject): Add better debug output
+ and try to locate by keyid.
+
+ agent: Make an MD encoding function more robust.
+ + commit a2a90717466a88756bbdc6b11577cfee061fc1a8
+ * agent/pksign.c (do_encode_md): Use ascii_tolower and avoid
+ uninitalized TMP in the error case.
+
+2019-05-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Remove unused agent_show_message.
+ + commit 19415a265253a5ab72e79493d2f40c7e4441d81e
+ * agent/call-pinentry.c (agent_show_message): Remove.
+ * agent/genkey.c (take_this_one_anyway): Rename from
+ take_this_one_anyway2. Remove a dead path calling agent_show_message.
+ (check_passphrase_constraints): Use take_this_one_anyway.
+
2019-05-27 Werner Koch <wk@gnupg.org>
sm: Avoid confusing diagnostic for the default key.
- + commit 32210e855c460ed60505bf9be9adea33d05c40eb
+ + commit 521e7d4644ed365ab2de3dfaa6c3728ca10ba79b
* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
callers.
(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
gpgsm_cert_use_sign_p
gpg: Fixed i18n markup of some strings.
- + commit ab5d7142a79e92819f5551cfc424a8ceaf0885fa
+ + commit b6289af9738ddbc533defba0aefd950a9ca21ff1
* g10/tofu.c: Removed some translation markups which either make no
sense or are not possble.
gpg: Allow deletion of subkeys with --delete-[secret-]key.
- + commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a
+ + commit cc6069ac6ecd57dcbb808f28d54fd9f89dc55014
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
-2019-05-27 NIIBE Yutaka <gniibe@fsij.org>
+2019-05-23 NIIBE Yutaka <gniibe@fsij.org>
agent: Stop scdaemon after reload when disable_scdaemon.
- + commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd
+ + commit 7158a5696dc84e1ebd2b523ab83a43a32423181d
* agent/call-scd.c (agent_card_killscd): New.
* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.
+ g10: Copy expiredate from primary key when marked expired.
+ + commit 265e6d670682e661cec89657c3330b0b388ca0a7
+ * g10/getkey.c (merge_selfsigs): Update ->expiredate of subkey.
+
2019-05-21 Werner Koch <wk@gnupg.org>
gpg: Do not bail on an invalid packet in the local keyring.
- + commit 30f44957ccd1433846709911798af3da4e437900
+ + commit 4c7d63cd5b02ebfd09933bebd1312e01958b3e20
* g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
gpg: Do not allow creation of user ids larger than our parser allows.
- + commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651
+ + commit 156788a43c20e38cd52f4f725395aff2c72142ff
* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
+ gpg: Unify the the use of the print_pubkey_info functions.
+ + commit 126caa34bbdb36f40514643b9d6f5ead3240c735
+ * g10/keylist.c (format_seckey_info): Remove.
+ (print_pubkey_info, print_seckey_info): Remove.
+ (format_key_info): New.
+ (print_key_info): New.
+ (print_key_info_log): New.
+ * g10/card-util.c (current_card_status): Use print_key_info and remove
+ the useless condition on KEYBLOCK.
+ * g10/delkey.c (do_delete_key): Replace print_pubkey_info and
+ print_seckey_info by print_key_info.
+ * g10/keyedit.c (menu_addrevoker): Replace print_pubkey_info by
+ print_key_info.
+ * g10/pkclist.c (do_we_trust_pre): Ditto.
+ * g10/revoke.c (gen_desig_revoke): Ditto.
+ (gen_revoke): Ditto. Also use print_key_info_log instead of separate
+ functions.
+
2019-05-21 NIIBE Yutaka <gniibe@fsij.org>
+ scd: Fix for SCARD_IO_REQUEST structure.
+ + commit 1eb93d9229c54baa5f1b7ccf7d105d3692c51a4d
+ * scd/apdu.c (struct pcsc_io_request_s): Use pcsc_dword_t for Windows.
+
agent: For SSH key, don't put NUL-byte at the end.
- + commit 6e39541f4f488fe59eac399bad18c465f373a784
+ + commit 479f7bf31ce405e558d844c3eb576b463a8697e5
* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
the length by the second call of gcry_sexp_sprint.
Matheus Afonso Martins Moreira
gpg: Do not delete any keys if --dry-run is passed.
- + commit 5c46c5f74540ad753b925b74593332ca92de47fa
+ + commit 110a4550179fd1faeee8d2f17a33ed7807a397ae
* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
Do not clear the ownertrust. Do not let the agent delete the key.
2019-05-17 Werner Koch <wk@gnupg.org>
gpg: Fix using --decrypt along with --use-embedded-filename.
- + commit 1702179d91b7136661af084d7dab2e50a2857491
+ + commit 386bacd9741639d7f5e83c81628d3cad78407197
* g10/options.h (opt): Add flags.dummy_outfile.
* g10/decrypt.c (decrypt_message): Set this global flag instead of the
fucntion local flag.
used as a dummy option aslong with --use-embedded-filename.
gpg: Improve the photo image viewer selection.
- + commit cd5f040a5389944dd8a05bc9c938f888581dfc8a
+ + commit 7e5847da0f3d715cb59d05adcd9107b460b6411b
* g10/exec.c (w32_system): Add "!ShellExecute" special.
* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
under Windows and fallbac to 'display' and 'xdg-open' in the Unix
2019-05-16 Werner Koch <wk@gnupg.org>
kbx: Fix an endless loop under Windows due to an incomplete fix.
- + commit 0fff927889b075442ed7130f376118c31fda1f32
+ + commit 6fc5df1e10129f3171d80cf731f310b9e8d97c26
* kbx/keybox-search.c (keybox_search): We need to seek to the last
position in all cases not just when doing a NEXT.
- kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
- + commit 6f72aa821407e47ad3963e72e139f2ca2c69d9dd
- * kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
- instead of fclose so that a close is done if the file is opened by
- another handle.
- * kbx/keybox-search.c (keybox_search): Remember the last offset and
- use that in NEXT search mode if we had to re-open the file.
-
gpgconf: Before --launch check that the config file is fine.
- + commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5
+ + commit 50c2f76ae65d4ee793876865011fa97c85f38ac2
* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
* tools/gpgconf.c (gpgconf_failure): Call log_flush.
+ scd: Remove unused cruft from GnuPG 1.x.
+ + commit 79c99921e35921140c83d7c101829d95f038f3da
+ * scd/apdu.c: Remove code used only by GnuPG 1.
+ * scd/app-openpgp.c: Ditto.
+ * scd/ccid-driver.c: Ditto.
+ * scd/iso7816.c: Ditto.
+
+2019-05-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent,scd: Scan and load all public keys for availability.
+ + commit dc35b25195e564affdea7969a7c4ea4e200ab45f
+ * agent/divert-scd.c (ask_for_card): Scan by SERIALNO command.
+ * scd/app-openpgp.c (do_with_keygrip): Make sure to load pubkey.
+
+2019-05-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Support scdaemon operation using KEYGRIP.
+ + commit 1091f22511e1a8259eb5c998f5c207ee95723a4a
+ * agent/agent.h (struct card_key_info_s): New.
+ (divert_pksign, divert_pkdecrypt): New API.
+ * agent/call-scd.c (card_keyinfo_cb): New.
+ (agent_card_free_keyinfo, agent_card_keyinfo): New.
+ * agent/divert-scd.c (ask_for_card): Having GRIP argument,
+ ask scdaemon with agent_card_keyinfo.
+ (divert_pksign, divert_pkdecrypt): Ditto.
+ * agent/pkdecrypt.c (agent_pkdecrypt): Supply GRIP.
+ * agent/pksign.c (agent_pksign_do): Ditto.
+
+ scd: Don't put newline at the end of status.
+ + commit 01730529f20882cd98882a61408e9bee960c86f1
+ * scd/command.c (send_keyinfo): Remove newline.
+
2019-05-15 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gpg: enable OpenPGP export of cleartext keys with comments.
- + commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec
+ + commit 392e59a3d487e174edcea570e69a0f946c55a19a
* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
sublists in private-key S-expression.
2019-05-15 Werner Koch <wk@gnupg.org>
gpgconf: Support --homedir for --launch.
- + commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6
+ + commit a4be077abdbf286e3dcdeb0553ba0e74b7e2df5f
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
gnupg_homedir already returns abd absolute name.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
(gc_component_launch): Support --homedir.
+ sm: Add a couple of debug calls to the keydb module.
+ + commit 6e041b7b356c3adba714e98f4ecf0dd007375390
+ * sm/gpgsm.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
+ (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
+ * sm/gpgsm.c: new debug flags "lookup" and "clock"
+ * sm/keydb.c: Add log_clock calls to most functions.
+ (keydb_search_desc_dump): New.
+ (keydb_search) [DBG_LOOKUP]: Print descrh decription.
+ * sm/keylist.c (list_cert_std): Flush FP in debug mode to better
+ syncronize the output with the debug output
+
+2019-05-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix return value for KEYINFO command.
+ + commit 62c29af63203400947569c5965a8cf05a22fcd4c
+ * scd/command.c (cmd_keyinfo): Return GPG_ERR_NOT_FOUND if none.
+
+2019-05-14 Werner Koch <wk@gnupg.org>
+
+ kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
+ + commit 49b236af0ecbb6df67513feb4b63851f2e159ea2
+ * kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
+ instead of fclose so that a close is done if the file is opened by
+ another handle.
+ * kbx/keybox-search.c (keybox_search): Remember the last offset and
+ use that in NEXT search mode if we had to re-open the file.
+
+ sm: Change keydb code to use the keybox locking.
+ + commit 22e274f839f9a6c9a511648f29cae497f6492c97
+ * kbx/keybox-init.c (keybox_lock): New arg TIMEOUT. Change all
+ callers to pass -1 when locking.
+ * sm/keydb.c (struct resource_item): Remove LOCKANDLE.
+ (struct keydb_handle): Add KEEP_LOCK.
+ (keydb_add_resource): Use keybox locking instead of a separate dotlock
+ for testing whether we can run a compress.
+ (keydb_release): Reset KEEP_LOCK.
+ (keydb_lock): Set KEEP_LOCK.
+ (unlock_all): Take care of KEEP_LOCK.
+ (lock_all): Use keybox_lock instead of dotlock fucntions.
+ (keydb_delete): Remove arg UNLOCK.
+ * sm/delete.c (delete_one): Adjust keydb_delete. Due to the KEEP_LOCK
+ the keydb_release takes care of unlocking.
+
2019-05-14 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
agent: correct length for uri and comment on 64-bit big-endian platforms
- + commit 110932925ba8e0169da18d7774440f8d1fd8a344
+ + commit 5651b2c460a7898027c1765c2063c302606b5f85
* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
gcry_sexp_build_array's %b.
2019-05-14 Werner Koch <wk@gnupg.org>
gpg: Do not print a hint to use the deprecated --keyserver option.
- + commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846
+ + commit 7102d9b798b0985412007d3bf8b954959e4adec7
* g10/keyserver.c (keyserver_search): Remove a specialized error
message.
2019-05-14 NIIBE Yutaka <gniibe@fsij.org>
g10: Fix possible null dereference.
- + commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3
+ + commit 802a2aa300bad3d4385d17a2deeb0966da4e737d
* g10/armor.c (armor_filter): Access ->d in the internal loop.
- build: Update m4/iconv.m4.
- + commit cf73c82e95f999bd35636b0cf4e80ed5c33fa7a8
- * m4/iconv.m4: Update from gettext 0.20.1.
-
2019-05-13 Werner Koch <wk@gnupg.org>
gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
- + commit c1dc7a832921fdf5686d377f33db78707c0345e2
+ + commit 484d6ba5896acfa3dcf73d9536bcf5e006579b5f
* g10/sign.c (update_keysig_packet): Convert digest algo when needed.
-2019-05-12 Werner Koch <wk@gnupg.org>
+ gpg: Cleanup use of make_keysig_packet.
+ + commit d07666412d4317460c6f03b3ffd03edf4a715ef7
+ * g10/sign.c (make_keysig_packet): Remove obsolete arg diegst_algo
+ which was always passed as 0. Change all callers.
- sm: Fix a warning in an es_fopencooie function.
- + commit 8d0d61aca3d2713df8a33444af3658b859d72be8
- * sm/certdump.c (format_name_writer): Take care of a flush request.
+ * g10/gpgcompose.c (signature): Warn when trying to set a digest algo.
+
+2019-05-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update m4/iconv.m4.
+ + commit 1cd2aca03b8807c6f8e4929ace462bb606dcd53f
+ * m4/iconv.m4: Update from gettext 0.20.1.
2019-05-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
doc: correct documentation for gpgconf --kill.
- + commit be116f871dbf14dd44d3a7909c2a052f8979c480
+ + commit 9662538be6afc8beee0f2654f9a8f234c5dac016
* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.
- (cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)
+2019-05-07 Werner Koch <wk@gnupg.org>
-2019-05-09 Werner Koch <wk@gnupg.org>
+ agent: If a Label is make sure that label is part of the prompt.
+ + commit 69e0b080f06b66eee96327617c6fbffe8a88d586
+ * agent/findkey.c (has_comment_expando): New.
+ (agent_key_from_file): Modify DESC_TEXT.
- build: Sign all Windows binaries.
- + commit e6901c2bc802996c24335bcb35012ccb74b4ced0
- * build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
- (AUTHENTICODE_TOOL): New.
- (AUTHENTICODE_FILES): New.
- (installer): Sign listed files.
- (AUTHENTICODE_SIGNHOST): New macro.
- (sign-installer): Use that macro instead of direct use of osslsigncode.
+ agent: Allow the use of "Label:" in a key file.
+ + commit 5388537806411c19ea84db8c4419f410be9ac616
+ * agent/findkey.c (linefeed_to_percent0A): New.
+ (read_key_file): Add optional arg 'keymeta' and change all callers.
+ (agent_key_from_file): Prefer "Label:" over the comment for protected
+ keys.
+
+ common: New functions nvc_delete_named and nvc_get_string.
+ + commit b5985d0ca21ca376f22c050857bfda05592cebef
+ * common/name-value.c (nvc_delete_named): New.
+ (nvc_get_string): New.
+
+2019-05-07 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Support direct use of app with PKSIGN/PKAUTH/PKDECRYPT.
+ + commit c856ee7312c9eeb7d79a30189a49f70986420364
+ * scd/command.c (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): When length
+ of keyidstr is 40, it is considered as a keygrip for direct use.
2019-05-03 Werner Koch <wk@gnupg.org>
+ agent: Put Token lines into the key files.
+ + commit bdf252e76ada0056bec2ee7940255f32552328c5
+ * agent/findkey.c (write_extended_private_key): Add args serialno and
+ keyref. Write a Token line if that does not yet exist.
+ (agent_write_private_key): Add args serialno and keyref and change all
+ callers.
+ (agent_write_shadow_key): Skip leading spaces.
+ * agent/keyformat.txt: Improve extended key format docs.
+
+ common: In private key mode write "Key:" always last in name-value.
+ + commit c9fa28bfad297b17e76341ffb40383ce92da5d44
+ * common/name-value.c (nvc_write): Take care of Key. Factor some code
+ out to ...
+ (write_one_entry): new.
+
gpg: Use just the addrspec from the Signer's UID.
- + commit 05204b72497db093f5d2da4a2446c0264a946296
- * g10/parse-packet.c (parse_signature): Take only the addrspec from a
+ + commit bd6ecbb8f8e92fe4a7fed40fcf470eb83bda0927
+ * g10/parse-packet.c (parse_signature): Take only rthe addrspec from a
Signer's UID subpacket.
+2019-04-30 Werner Koch <wk@gnupg.org>
+
+ sm: Add yet inactive options to support authenticode.
+ + commit 5f3864fb647237f862bbe7e26763dffa0e945202
+ * sm/gpgsm.c (opts): New options --authenticode and --attribute.
+ * sm/gpgsm.h (opt): Add vars authenticode and attribute_list.
+ * sm/sign.c (add_signed_attribute): New but inactive.
+ (gpgsm_sign): Use new options.
+
+2019-04-29 Andre Heinecke <aheinecke@gnupg.org>
+
+ common,w32: Breakaway detached childs when in job.
+ + commit 03df28b18b92b3fd3d2ba1000903c088dc5b0fcf
+ * common/exechelp-w32.c (gnupg_spawn_process_detached): Add
+ CREATE_BREAKAWAY_FROM_JOB creation flag if required.
+
+2019-04-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Add new command: KEYINFO.
+ + commit 874bc970ba6ec243ff474ef090242e0f7be6a7bc
+ * scd/app-common.h (struct app_ctx_s): Add with_keygrip function.
+ * scd/app-openpgp.c (do_with_keygrip): New.
+ * scd/app.c (app_do_with_keygrip): New.
+ * scd/command.c (cmd_keyinfo): New.
+ (send_keyinfo): New.
+
2019-04-23 NIIBE Yutaka <gniibe@fsij.org>
po: Update Japanese Translation.
- + commit caa61fb7da6b858f038dde948d36fce5c0a85ee5
+ + commit d5443b918dd3b8ccb3c4fdd8fe9d70d84aa312ff
+
+
+ scd: Allow KEYGRIP as KEYIDSTR.
+ + commit e769609cd3c12d2e26955538399172016f78d2d4
+ * scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
+ (store_keygrip): New.
+ (read_public_key): Call store_keygrip to hold keygrip.
+ (get_public_key): Likewise.
+ (send_keypair_info): Use stored keygrip_str.
+ (check_keyidstr): Allow use of KEYGRIP.
+ (do_check_pin): Allow use of KEYGRIP of signing slot.
+
+2019-04-22 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Factor out a function to check keyidstr.
+ + commit b0f0791e4ade845b2a0e2a94dbda4f3bf1ceb039
+ * scd/app-openpgp.c (check_keyidstr): New.
+ (do_sign, do_auth, do_decipher, do_check_pin): Use check_keyidstr.
+
+2019-04-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ gpgconf: correct capitalization of "Tor"
+ + commit ea7d85ff658c000f5f469e0a869af0e512e8c59f
+ * tools/gpgconf-comp.cb (gc_options_dirmngr): correct capitalization
+ of Tor.
+
+2019-04-18 Andre Heinecke <aheinecke@intevation.de>
+
+ g10: Fix double free when locating by mbox.
+ + commit e57954ed278cb5e6e725005b1ecaf7ce70006ce0
+ * g10/getkey.c (get_best_pubkey_byname): Set new.uid always
+ to NULL after use.
+
+2019-04-17 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix a memory leak.
+ + commit a861f9343d6e6d18064e4e54aeb914c5a10b2095
+ * g10/import.c (import): Care PNDING_PKT on error.
+
+2019-04-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix AWK portability.
+ + commit b6f0b0efa19e0434024bc16e246032b613fd448a
+ * common/Makefile.am: Use pkg_namespace.
+ * common/mkstrtable.awk: Use pkg_namespace. Regexp fix.
+
+2019-04-13 Werner Koch <wk@gnupg.org>
+
+ gpg: New caching functions.
+ + commit 64a5fd37271a3e454c0d59ac3500e1a1b232e4f7
+ * g10/objcache.c: New.
+ * g10/objcache.h: New.
+ * g10/Makefile.am (common_source): Add them.
+ * g10/gpg.c: Include objcache.h.
+ (g10_exit): Call objcache_dump_stats.
+ * g10/getkey.c: Include objcache.h.
+ (get_primary_uid, release_keyid_list): Remove.
+ (cache_user_id): Remove.
+ (finish_lookup): Call the new cache_put_keyblock instead of
+ cache_user_id.
+ (get_user_id_string): Remove code for mode 2.
+ (get_user_id): Implement using cache_get_uid_bykid.
+
+2019-04-12 Werner Koch <wk@gnupg.org>
+
+ gpg: Cache a once computed fingerprint in PKT_public_key.
+ + commit 60f384592144de53c9a5f5e11d7f73ce863aa94f
+ * g10/packet.h (PKT_public_key): Add fields fpr and fprlen.
+ * g10/keyid.c (do_fingerprint_md): Remove.
+ (compute_fingerprint): New.
+ (keyid_from_pk): Simplify.
+ (fingerprint_from_pk): Simplify.
+ (hexfingerprint): Avoid using extra array.
+
+2019-04-11 Werner Koch <wk@gnupg.org>
+
+ gpg: Accept also armored data from the WKD.
+ + commit 1b1f649deaeba963ed7240b27f848004db0b051f
+ * g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
+
+ gpg: Set a limit of 5 to the number of keys imported from the WKD.
+ + commit 40595b57936e39ee2a4d58b1dd19edea7537a471
+ * g10/import.c (import): Limit the number of considered keys to 5.
+ (import_one): Return the first fingerprint in case of WKD.
+
+2019-04-11 Andre Heinecke <aheinecke@gnupg.org>
+
+ speedo,w32: Install gpg-card.exe.
+ + commit b30351496dd3056462c8db25c03fed6d2aa00e9b
+ * build-aux/speedo/w32/inst.nsi: Install gpg-card.exe
+
+2019-04-05 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix printing of the user id during import.
+ + commit ea32842d5c2e2d262d32791130d7eae5c8c3edcf
+ * g10/getkey.c (struct keyid_list): Add field fprlen.
+ (cache_user_id): Set and test it.
+ (get_user_id_byfpr): Make static, add arg fprlen and use it.
+ (get_user_id_byfpr_native): Add arg fprlen and change all callers.
+
+2019-04-04 Werner Koch <wk@gnupg.org>
+ scd:piv: Fix RSA decryption.
+ + commit 958172cc3acb7172bc5e1fa76efafe26695ed402
+ * scd/app-piv.c (do_decipher): Fixup leading zero byte.
+
+2019-04-04 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Better handling of timeout and time extension.
+ + commit f1cf799a37f320d33cae445c74f3fc1936dd9995
+ * scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
+ (ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
+ determined value. Use value from variable wait_more for bulk_in.
+ Set wait_more by the value of time extension request.
+
+2019-04-03 Werner Koch <wk@gnupg.org>
+
+ gpg: Improve the code to decrypt using PIV cards.
+ + commit 2c9b68f28de1ce9a6a18d091caba01ddd4707774
+ * g10/call-agent.c (agent_scd_keypairinfo): Add arg 'keyref'.
+ * g10/keygen.c (ask_algo): Adjust.
+ * g10/skclist.c (enum_secret_keys): Request the keyref directly.
+
+ scd: New options --info and --info-only for READKEY.
+ + commit 679b8f1c045476bd6e0a1f1565379263143994ee
+ * scd/command.c (cmd_readkey): New options --info and --info-only.
+ * scd/app.c (app_readkey): New arg 'flags'.
+ * scd/app-common.h (APP_READKEY_FLAG_INFO): New.
+ (struct app_ctx_s): New args 'ctrl' and 'flags' for member readkey.
+ Change all implementers.
+ * scd/app-nks.c (do_readkey): Stub implementation of
+ APP_READKEY_FLAG_INFO.
+ * scd/app-openpgp.c (do_readkey): Implement APP_READKEY_FLAG_INFO.
+ * scd/app-piv.c (do_readkey): Ditto.
+
+ gpg: Allow decryption using PIV cards.
+ + commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4
+ * g10/call-agent.c (struct getattr_one_parm_s): New.
+ (getattr_one_status_cb): New.
+ (agent_scd_getattr_one): New.
+ * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
+ pkcs#1.
+ * g10/skclist.c (enum_secret_keys): Handle non-OpenPGP cards.
+
+ scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
+ + commit 2b1135cf920cf3d863813d60f032d476dcccfb58
+ * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
+ * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
+ * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
+ "$SIGNKEYID".
+ * scd/app-piv.c (do_getattr): Ditto.
+
+ gpg: Avoid endless loop if a card's serial number can't be read.
+ + commit 1f688e0d1dba4dd7a311d416d06d654ed7b4290d
+ * g10/skclist.c (enum_secret_keys): Move list forward on error.
+
+ card: Allow card selection with LIST.
+ + commit bcca3acb87c36213fef9311236ea949d006f759c
+ * tools/card-call-scd.c (start_agent): Request serialno only whean
+ started.
+ (scd_serialno): Allow NULL for r_serialno.
+ * tools/gpg-card.c (cmd_factoryreset): Use changed scd_serialno.
+ (cmd_list): New.
+ (dispatch_command): Use cmd_list for cmdLIST.
+ (interactive_loop): Ditto.
+
+ gpg: Print modern style key info for non-decryptable keys.
+ + commit 2d3392c147a24e49ee4658d4a50fafd68599fba3
+ * g10/mainproc.c (print_pkenc_list): Simplify.
-2019-04-18 Andre Heinecke <aheinecke@intevation.de>
+2019-04-02 Werner Koch <wk@gnupg.org>
- g10: Fix double free when locating by mbox.
- + commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1
- * g10/getkey.c (get_best_pubkey_byname): Set new.uid always
- to NULL after use.
+ gpg: Allow direct key generation from card with --full-gen-key.
+ + commit a480182f9d7ec316648cb64248f7a0cc8f681bc3
+ * g10/call-agent.c (agent_scd_readkey): New.
+ * g10/keygen.c (ask_key_flags): Factor code out to ..
+ (ask_key_flags_with_mask): new.
+ (ask_algo): New mode 14.
-2019-04-16 NIIBE Yutaka <gniibe@fsij.org>
+ common: Extend function pubkey_algo_string.
+ + commit f952226043824cbbeb8517126b5266926121c4e8
+ * common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
+ * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
+ * tools/gpg-card.c (list_one_kinfo): Ditto.
- common: Fix AWK portability.
- + commit ee766b2b5d646643d66d23eae478f71c0a01a343
- * common/Makefile.am: Use pkg_namespace.
- * common/mkstrtable.awk: Use pkg_namespace. Regexp fix.
+ dirmngr: Improve domaininfo cache update algorithm.
+ + commit e100ace7f8a729bbe30d9f4ed157a7a229a04eb0
+ * dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
+ (insert_or_update): Implement new update algorithm.
-2019-04-11 Werner Koch <wk@gnupg.org>
+2019-04-01 Werner Koch <wk@gnupg.org>
- gpg: Accept also armored data from the WKD.
- + commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455
- * g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
+ sm: Show the usage flags when generating a key from a card.
+ + commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7
+ * g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
+ flags.
+ * sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
+ * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.
- gpg: Set a limit of 5 to the number of keys imported from the WKD.
- + commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2
- * g10/import.c (import): Limit the number of considered keys to 5.
- (import_one): Return the first fingerprint in case of WKD.
+ gpg: Prepare card code to allow other than OpenPGP cards.
+ + commit e47524c34a2a9f53c2507f67a0b41b460cee78b7
+ * g10/call-agent.c (start_agent): Use card app auto selection.
+ * g10/card-util.c (current_card_status): Print the Application type.
+ (card_status): Put empty line between card listings.
-2019-04-02 Werner Koch <wk@gnupg.org>
+ gpg: New card function agent_scd_keypairinfo.
+ + commit 0fad61de159acf39e38a04f28f162f0beb0e77d6
+ * g10/call-agent.c (scd_keypairinfo_status_cb)
+ (agent_scd_keypairinfo): New. Taken from gpgsm.
- scd: Add dummy option --application-priority.
- + commit cb2065967465939f82cc585254cae0244ed94eac
+ gpg: Remove two unused card related functions.
+ + commit 334b16b868e771b983263ed20c200869e7e51198
+ * g10/call-agent.c (inq_writekey_parms): Remove.
+ (agent_scd_writekey): Remove.
+ (agent_clear_pin_cache): Remove this stub.
+ gpg: Remove unused arg in a card related function.
+ + commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e
+ * g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.
- dirmngr: Improve domaininfo cache update algorithm.
- + commit 48e7977709b6a56e8fd8e9f5abb9dba5ea617c33
- * dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
- (insert_or_update): Implement new update algorithm.
+2019-03-29 Werner Koch <wk@gnupg.org>
- dirmngr: Better error code for http status 413.
- + commit 0a30ce036a615bc95382e0640d185b031f8c6a63
+ dirmngr: Better for error code for http status 413.
+ + commit 21b674097442a54ae889a90d708639b257ba43db
* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
-2019-04-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+2019-03-28 Werner Koch <wk@gnupg.org>
- NEWS: correct typo in header.
- + commit 5b1b5be65f343d252c865d705d23b55982718f2d
+ scd: New option --application-priority.
+ + commit 97feef8ee94a5e1cb9daba82f108eb62122c7910
+ * scd/scdaemon.c (oApplicationPriority): New.
+ (opts): Add "application_priority".
+ (main): Process option.
+ * scd/app.c (app_update_priority_list): New.
+ (get_supported_applications): Take apps from global list.
+ * tools/gpgconf-comp.c (gc_options_scdaemon): Add option.
-2019-03-27 NIIBE Yutaka <gniibe@fsij.org>
+ card: For passwd add a PIV menu and make the OpenPGP menu optional.
+ + commit 80c069b5e1ad6fbd547de59f332eb3fabb68c572
+ * tools/gpg-card.c (get_selection): New.
+ (cmd_passwd): Reworked.
- g10: Fix symmetric cipher algo constant for ECDH.
- + commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e
- * g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
- ECC strength 384, according to RFC-6637.
+ card: Allow "yubikey disable" only for Yubikey-5 and later.
+ + commit 2f761251c5730a9ad113fa58466addc9c2372da8
+ * tools/card-yubikey.c (yubikey_commands): Add new arg INFO and test
+ for Yubikey-5.
+ * tools/gpg-card.c (cmd_yubikey): Pass info to yubikey_commands.
+
+2019-03-27 Werner Koch <wk@gnupg.org>
+
+ scd: Support reading the Yubikey 4 firmware version.
+ + commit 5a3055eb722e61126748e83564e1bba42807d722
+ * scd/app.c (app_new_register): Detect yk4 version numbers.
2019-03-27 Trevor Bentley <trevor@yubico.com>
gpg: Don't use EdDSA algo ID for ECDSA curves.
- + commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf
+ + commit 4324560b2c0bb76a1769535c383424a042e505ae
* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
an EdDSA curve.
2019-03-26 Werner Koch <wk@gnupg.org>
- Release 2.2.15.
- + commit dc93e57226db32d5b90884dcf768d271baa6628a
-
-
sm: Allow decryption even if expired other keys are configured.
- + commit 30972d21824264aef2088d30b4f2e5ce3aca889e
+ + commit aa58d2a49b3d416d9d6a0691a89f2bc8bc8649ad
* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
mode.
agent: Allow other ssh fingerprint algos in KEYINFO.
- + commit 1c2fa8b6d747aa171bfef35a50754893aa80a562
+ + commit 3c7a1f3aea7f6e8137a93ef2166ff329688f5445
* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO. Default to
the standard algo.
2019-03-25 Werner Koch <wk@gnupg.org>
wkd: New command --print-wkd-url for gpg-wks-client.
- + commit 2f3eebf1865a85f8c09a1c052513260ed55acec6
+ + commit 70c97a862aa586c314a64190d1e489a272e552ea
* tools/gpg-wks-client.c (aPrintWKDURL): New.
(opts): Add option.
(main): Implement.
* tools/wks-util.c (wks_cmd_print_wkd_url): New.
+2019-03-25 Andre Heinecke <aheinecke@gnupg.org>
+
+ sm, w32: Translate logger and status fd to handles.
+ + commit e4e0804ed123516fa00f8a876a862b2c6d34ba5c
+ * sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
+ convert the FDs.
+
2019-03-25 NIIBE Yutaka <gniibe@fsij.org>
libdns: Don't use _[A-Z] which are reserved names.
- + commit a975fd127a5d58bbbb3c585e610a54daeb423af6
+ + commit 8d1b5982138c104f3c50663738892fa110193059
* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
reserved "_[A-Z]".
-2019-03-25 Werner Koch <wk@gnupg.org>
+2019-03-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ doc: fix formatting error.
+ + commit b30528f48780c9917ec8ba3b3d163fba5c740d92
+
+
+2019-03-22 Werner Koch <wk@gnupg.org>
wkd: New command --print-wkd-hash for gpg-wks-client.
- + commit 64621f1f40c31c7f453da98efb860ff8cf11edbc
+ + commit e847cf1df7aa55ac2af7efd39ca05882258acbfe
* tools/gpg-wks-client.c (aPrintWKDHash): New.
(opts) : Add "--print-wkd-hash".
(main): Implement that command.
* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
(wks_cmd_print_wkd_hash): New.
-2019-03-25 Andre Heinecke <aheinecke@gnupg.org>
-
- sm, w32: Translate logger and status fd to handles.
- + commit b9d2759da19cb70c1f6243498480bea1d7ecaa46
- * sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
- convert the FDs.
-
-2019-03-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc: fix formatting error.
- + commit 93782de23fe45e7f7f86140fda6de39395c3a9d8
-
+ scd: Refactor the app selection code.
+ + commit 393269948c883afb770bb536f03045254d13b911
+ * scd/app.c (app_priority_list): New.
-2019-03-19 Werner Koch <wk@gnupg.org>
-
- Release 2.2.14.
- + commit 813de13e73b01409fabff9859f24c4f23b808796
-
-
-2019-03-18 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit dc00947b21dcd4417a35da711c884cef5cc9fc7d
+2019-03-18 Andre Heinecke <aheinecke@gnupg.org>
+ speedo: Fix installer build with NSIS-3.
+ + commit b98799ce964df1743478dc3d0cc503f51c4b6733
+ * build-aux/speedo.mk: Add charset for nsis 3.
2019-03-18 Werner Koch <wk@gnupg.org>
- gpg: Do not bail out on v5 keys in the local keyring.
- + commit de70a2f377c1647417fb8a2b6476c3744a901296
- * g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
- instead of invalid packet.
- * g10/keydb.c (parse_keyblock_image): Do not map the unknown version
- error to invalid keyring.
- (keydb_search): Skip unknown version errors simlar to legacy keys.
- * g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
- versions.
- * g10/import.c (read_block): Handle unknown version.
-
gpg: Allow import of PGP desktop exported secret keys.
- + commit 0e73214dd208fca4df26ac796416c6f25b3ae50d
+ + commit 5205512fc092c53c0a52c8379ef2a129ce6e58a9
* g10/import.c (NODE_TRANSFER_SECKEY): New.
(import): Add attic kludge.
(transfer_secret_keys): Add arg only_marked.
(do_transfer): New.
(import_matching_seckeys): New.
+2019-03-15 Werner Koch <wk@gnupg.org>
+
gpg: Avoid importing secret keys if the keyblock is not valid.
- + commit 43b23aa82be7e02414398af506986b812e2b9349
+ + commit f799e9728bcadb3d4148a47848c78c5647860ea4
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
error code if sec_to_pub_keyblock failed. Resync secret keyblock.
gpg: During secret key import print "sec" instead of "pub".
- + commit db2d75f1ffede2ea77163b487a15e60249daffa0
+ + commit f64477db86568bdc28c313bfeb8b95d8edf05a3c
* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'. Remove
useless code for "sub" and "ssb".
* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info. Do
printing.
gpg: Simplify an interactive import status line.
- + commit 184fbf014ae537554d6939a47f07977ef0b0fe9f
+ + commit f06b6fe47f56a15ac426665c3d9661d4b104696f
* g10/cpr.c (write_status_printf): Escape CR and LF.
* g10/import.c (print_import_check): Simplify by using
write_status_printf and hexfingerprint.
+ gpg: Fix recently introduced use after free.
+ + commit 3e1f3df6183b2ed2cadf2af2383063891e2c53bd
+ * g10/mainproc.c (proc_plaintext): Do not use freed memory.
+
+2019-03-14 Werner Koch <wk@gnupg.org>
+
+ kbx: Unify the fingerprint search modes.
+ + commit bdda31a26bc69b6ee72e964510db113645de76ef
+ * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
+ (KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch
+ all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
+
+ gpg: Make rfc4880bis the default.
+ + commit caf4b3fc16e97eb175c46f45f5770d02becb862d
+ * g10/gpg.c (set_compliance_option, main): Change CO_GNUPG to include
+ rfc4880bis features.
+ (main): Change rfc4880bis warning to a note.
+
+ gpg: Implement v5 keys and v5 signatures.
+ + commit 01c87d4ce23bc9fc44ec5301c2c6bf2ce615c375
+ * g10/build-packet.c (gpg_mpi_write): New optional arg
+ R_NWRITTEN. Allow NULL for OUT. Change all callers.
+ (do_key): Support v5 keys.
+ (build_sig_subpkt_from_sig): Support 32 byte fingerprints.
+ * g10/parse-packet.c (parse_signature): First try to set the keyid
+ from the issuer fingerprint.
+ (parse_key): Support v5 keys.
+ (create_gpg_control): Better make sure to always allocate the static
+ size of the struct in case future compilers print warnings.
+ * g10/keyid.c (hash_public_key): Add v5 support.
+ (keyid_from_pk): Ditto.
+ (keyid_from_fingerprint): Ditto.
+ (fingerprint_from_pk): Ditto.
+ * g10/keygen.c (KEYGEN_FLAG_CREATE_V5_KEY): New.
+ (pVERSION, pSUBVERSION): New.
+ (add_feature_v5): New.
+ (keygen_upd_std_prefs): Call it.
+ (do_create_from_keygrip): Add arg keygen_flags and support the v5
+ flag.
+ (common_gen): Support the v5 flag.
+ (parse_key_parameter_part): New flags v4 and v5.
+ (parse_key_parameter_string): Add args for version and subversion.
+ (read_parameter_file): New keywords "Key-Version" and
+ "Subkey-Version".
+ (quickgen_set_para): Add arg 'version'.
+ (quick_generate_keypair, generate_keypair): Support version parms.
+ (do_generate_keypair): Support v5 key flag.
+ (generate_subkeypair): Ditto.
+ (generate_card_subkeypair): Preparse for keyflags.
+ (gen_card_key): Ditto.
+ * g10/sig-check.c (check_signature2): Add args extrahash and
+ extrahashlen.
+ (check_signature_end): Ditto.
+ (check_signature_end_simple): Ditto. Use them.
+ * g10/mainproc.c (proc_plaintext): Put extra hash infor into the
+ control packet.
+ (do_check_sig): Add args extrahas and extrahashlen and pass them on.
+ (issuer_fpr_raw): Support 32 byte fingerprint.
+ (check_sig_and_print): get extra hash data and pass it on.
+
+ kbx: Add support for 32 byte fingerprints.
+ + commit f40e9d6a528521d12795e1a6cc15c849b216be92
+ * common/userids.c (classify_user_id): Support 32 byte fingerprints.
+ * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New.
+ (struct keydb_search_desc): Add field fprlen.
+ * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field
+ version and increase size of fpr to 32.
+ * kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs.
+ (struct keyboxblob_key): Add field fprlen and increase size of fpr.
+ (pgp_create_key_part_single): Allow larger fingerprints.
+ (create_blob_header): Implement blob version 2 and add arg want_fpr32.
+ (_keybox_create_openpgp_blob): Detect the need for blob version 2.
+ * kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte
+ fingerprints.
+ (blob_cmp_fpr): Ditto.
+ (blob_cmp_fpr_part): Ditto.
+ (has_fingerprint): Add arg fprlen and pass on.
+ (keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for
+ changed has_fingerprint.
+ * kbx/keybox-openpgp.c (parse_key): Support version 5 keys.
+ * kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2.
+
+ * g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32.
+ * g10/export.c (exact_subkey_match_p): Ditto.
+ * g10/gpg.c (main): Ditto.
+ * g10/getkey.c (get_pubkey_byfprint): Adjust for changed
+ KEYDB_SEARCH_MODE_FPR.
+ * g10/keydb.c (keydb_search_desc_dump): Support
+ KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR.
+ (keydb_search): Add new arg fprlen and change all callers.
+ * g10/keyedit.c (find_by_primary_fpr): Ditto.
+ * g10/keyid.c (keystr_from_desc): Ditto.
+ * g10/keyring.c (keyring_search): Ditto.
+ * g10/keyserver.c (print_keyrec): Ditto.
+ (parse_keyrec): Ditto.
+ (keyserver_export): Ditto.
+ (keyserver_retrieval_screener): Ditto.
+ (keyserver_import): Ditto.
+ (keyserver_import_fprint): Ditto.
+ (keyidlist): Ditto.
+ (keyserver_get_chunk): Ditto.
+
+ * g10/keydb.c (keydb_search): Add new arg fprlen and change all
+ callers.
- Fixed one conlict in a comment.
-
-2019-03-07 NIIBE Yutaka <gniibe@fsij.org>
-
- libdns: Avoid using compound literals (8).
- + commit ee08a15e31284d32fb59774fc15e39107a727072
- * dirmngr/dns.h (dns_quietinit): Remove.
- (dns_hints_i_new): Remove.
+ * sm/keydb.c (keydb_search_fpr): Adjust for changed
+ KEYDB_SEARCH_MODE_FPR.
+
+ gpg: Implemented latest rfc4880bis version 5 packet hashing.
+ + commit a21ca3a1eff4722dea778cca4abe14a873ccebdf
+ * configure.ac (AC_CHECK_SIZEOF): Test size_t.
+ * g10/sig-check.c (check_signature_end_simple): Support v5 signatures
+ as per current rfc4880bis. For correctness also allow for N > 2^32.
+ * g10/sign.c (pt_extra_hash_data_t): New.
+ (hash_sigversion_to_magic): New arg EXTRAHASH.
+ (write_plaintext_packet): New arg R_EXTRAHASH.
+ (write_signature_packets): Pass EXTRAHASH.
+ (sign_file): Ditto.
+ (sign_symencrypt_file): Ditto.
- libdns: Avoid using compound literals (7).
- + commit 4ab0fef5dc856d1f2747efab584182aa880f631c
- * dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
- * dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
- automatic variable for opts.
- * dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
- Likewise.
+2019-03-14 NIIBE Yutaka <gniibe@fsij.org>
- libdns: Avoid using compound literals (6).
- + commit f3af1707690b070b4cbf6d761a9e5dbddbf681e9
- * dirmngr/dns.h (dns_rr_i_new): Remove.
- (dns_rr_i_init): Remove unused second argument.
- * dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
- (parse_packet): Use automatic variable for struct dns_rr_i.
- (dns_d_cname): No need to call dns_rr_i_init after memset 0.
- (dns_rr_i_init): Remove unused second argument. Return nothing.
- * dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
- (getsrv_libdns): Follow the change of dns_rr_i_init.
+ Fix the previous commit.
+ + commit f199b627ce512c8495af5c9bd1c81127ccde3ca0
+ * g10/ecdh.c (kek_params_table): Revert the change.
+ * scd/app-openpgp.c (ecdh_params): Use CIPHER_ALGO_AES256
+ for 384-bit key.
- (cherry picked from commit 6501e59d3685bb58753c9caea729a4b0eca3942a)
+2019-03-13 NIIBE Yutaka <gniibe@fsij.org>
- libdns: Avoid using compound literals (5).
- + commit 500151e6daf5fc4d6ea382b83aab3cca72b27881
- * dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
- Call dns_rr_grep with NULL.
- * dirmngr/dns.c (dns_rr_grep): Support NULL for error_.
+ g10: Fix symmetric cipher algo constant for ECDH.
+ + commit af3efd149f555d36a455cb2ea311ff81caf5124c
+ * g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
+ ECC strength 384, according to RFC-6637.
- libdns: Avoid using compound literals (4).
- + commit 229302aecf8deea0349e79ca0cc05f32665391b7
- * dirmngr/dns.h (dns_d_new*): Remove.
- * dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
- variable.
- (parse_domain): Likewise.
+2019-03-11 Werner Koch <wk@gnupg.org>
- (cherry picked from commit 7313a112f9c7ada61d24285313d2e2d069a672e8)
+ dirmngr: Avoid testing for Tor with --gpgconf-list.
+ + commit 9f37e93dd741a5436ff412955628806ae84725ca
+ * dirmngr/dirmngr.c (post_option_parsing): Do not call set_tor_mode.
+ (dirmngr_sighup_action): Call it here.
+ (main): Call it here unless in --gpgconf-list mode.
- libdns: Avoid using compound literals (3).
- + commit f0de4fc990767ae5d120a523be51616b0f35f4f6
- * dirmngr/dns.h (dns_p_new): Remove.
- * dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
- variable.
- (dns_hints_query, dns_res_glue, parse_packet, query_hosts)
- (send_query, show_hints, echo_port): Likewise.
+2019-03-07 Werner Koch <wk@gnupg.org>
- libdns: Avoid using compound literals (2).
- + commit ff7d01fc6d396fc3b8d37baa9bd4cdebc8853648
- * dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
- (dns_strclass1, dns_strclass3): Remove.
- (dns_strtype1, dns_strtype3): Remove.
- (dns_strsection, dns_strclass, dns_strtype): Directly use the
- function.
- * dirmngr/dns.c (dns_strsection): Use automatic variable.
- (dns_strclass, dns_strtype): Likewise.
+ common: Minor rework of tty_get.
+ + commit b7de105e0a836bd4d7bd558f8e699d88ab0cafec
+ * common/ttyio.c (do_get): Re-indent and remove the checking for char
+ values larger than 0xa0. Use explicy control character checking.
- (cherry picked from commit 455ef62d29a112de05897139716265d07e4c6ae3)
+ dirmngr: Add CSRF protection exception for protonmail.
+ + commit 134c3c16523b1a267ebdd2df6339240fd9e1e3b3
+ * dirmngr/http.c (same_host_p): Add exception table.
- libdns: Avoid using compound literals.
- + commit 1318d1e2d50989c66f496ede906a846859f0cf9f
- * dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
- variables.
- (dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
+2019-03-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-2019-03-07 Werner Koch <wk@gnupg.org>
+ gpgv: Improve documentation for keyring choices.
+ + commit 096c2aa705f85289ff8b610da1dd9181e4c904fd
+ * doc/gpgv.texi: Improve documentation for keyring choices
- dirmngr: Add CSRF protection exception for protonmail.
- + commit 557c721e787e7e6d311ccb48d8aa677123061cf5
- * dirmngr/http.c (same_host_p): Add exception table.
+2019-03-06 Werner Koch <wk@gnupg.org>
gpgtar: Make option -C work for archive creation.
- + commit 5d73c231e4f2d5994eb3be48b36517e39d66be96
+ + commit b3a7a5140784b5a015107b5c5c73b15ae44e71dc
* tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
+ agent: Re-introduce --enable-extended-key-format.
+ + commit 91ae3e7fb66271691f6fe507262a62fc7e2663a3
+ * agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce.
+ (parse_rereadable_options): Handle it in a special way.
+ * agent/protect.c (agent_protect): Be safe and set use_ocb only to 1
+ or 0.
+ * tools/gpgconf-comp.c: Add --enable-extended-key-format again.
+
gpgtar: Improve error messages.
- + commit 2e4151a3412c3fc553fbb7ad070dfffc68a04b35
+ + commit 72feb8fa8280aba674573a1afc955a92e8065242
* tools/gpgtar.h (struct tarinfo_s): New.
* tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
global vars more to the top.
* tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
(extract_regular): Add arg 'info' and update counter.
+ agent: Default to extended key format.
+ + commit 05eff1f6623c272fcabd4e238842afc832710324
+ * agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
+ (oEnableExtendedKeyFormat): Remove.
+ (opts): Make --enable-extended-key-format a dummy option. Add
+ disable-extended-key-format.
+ (parse_rereadable_options): Implement oDisableExtendedKeyFormat.
+
+ card: Allow PEM encoded certificates in "writecert".
+ + commit 4e1f04a4cd30859507218395e630e886801ae2b7
+ * tools/gpg-card.c (cmd_writecert): Convert from base64.
+
+ card: Print the keyref also for non-initialized slots.
+ + commit 772bba34ea089b3a00f0b1ea5138ba7422c95180
+ * tools/gpg-card.c (list_one_kinfo): Add arg label_keyref and change
+ callers.
+
+2019-03-06 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix detection of exit of scdaemon.
+ + commit 2abad7585a004586e27ead6ab8c9c57ce5ed1326
+ * agent/call-scd.c (start_scd): Acquire START_SCD_LOCK for
+ SCD_LOCAL_LIST. Move common case code to fast path.
+ Release START_SCD_LOCK before calling unlock_scd.
+ When new CTX is allocated, clear INVALID flag.
+ (agent_reset_scd): Serialize the access to SCD_LOCAL_LIST by
+ START_SCD_LOCK.
+
+2019-03-05 Werner Koch <wk@gnupg.org>
+
+ card: Print card version. Check for bad Yubikeys.
+ + commit 8d4af54ddd039d47e9c4803559193fcca97f0a46
+ * scd/app.c (app_new_register): Set card version for Yubikeys.
+ (app_write_learn_status): Print CARDVERSION and APPVERSION.
+ * tools/card-call-scd.c (learn_status_cb): Detect them.
+ * tools/gpg-card.h (struct card_info_s): Add appversion and
+ cardversion.
+ * tools/gpg-card.c (list_openpgp): Remove version printing from serial
+ number.
+ (print_a_version): New.
+ (list_card): Print card and app version.
+ (cmd_generate): Do not allow broken Yubikeys.
+
+ scd: Rename a shared info field name.
+ + commit 64caa6a08298119b10dc36ddd27b357cb47825b5
+ * scd/app-piv.c (app_select_piv):
+ * scd/app-common.h (struct app_ctx_s): Rename 'card_version' to
+ 'cardversion'. Rename all users. Add 'appversion'.
+
+ scd:piv: Implement import of private keys for Yubikeys.
+ + commit e897e1e255ef9870dfd1639d6f4e97bdf4e83b34
+ * scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
+ callers.
+ (writekey_rsa, writekey_ecc): New.
+ (do_writekey): New.
+ (do_writecert): Provide a better error message for an empty cert.
+ (app_select_piv): Register do_writekey.
+ * scd/iso7816.c (iso7816_send_apdu): New.
+ * scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
+ * agent/command.c (cmd_keytocard): Make the timestamp optional.
+ * tools/card-call-scd.c (inq_writekey_parms): Remove.
+ (scd_writekey): Rewrite.
+ * tools/gpg-card.c (cmd_writekey): New.
+ (enum cmdids): Add cmdWRITEKEY.
+ (dispatch_command, interactive_loop): Call cmd_writekey.
+
gpg: Make invalid primary key algos obvious in key listings.
- + commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d
+ + commit db87132b10664718b7db6ec1dad584b54d1fb265
* g10/keylist.c (print_key_line): Print a warning for invalid algos.
+ agent: Minor change to the KEYTOCARD command.
+ + commit bcc89a6df24c79690436340f65c7ab13c65c2c45
+ * agent/command.c (cmd_keytocard): Make timestamp optional. Use
+ modern parser function.
+ * agent/call-scd.c (agent_card_writekey): Rename an arg and for
+ clarity return gpg_error_t instead of int.
+ * agent/divert-scd.c (divert_writekey): Ditto.
+
+2019-03-01 Werner Koch <wk@gnupg.org>
+
sm: Print Yubikey attestation extensions with --dump-cert.
- + commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a
+ + commit 86c241a8c9a952ea8007066b70b04f435e2e483e
* sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
(OID_FLAG_HEX): New.
(print_hex_extn): New.
(list_cert_raw): Make use of that flag.
- (cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e)
-
-2019-03-07 NIIBE Yutaka <gniibe@fsij.org>
-
- tests: Add "disable-scdaemon" in gpg-agent.conf.
- + commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203
- * tests/openpgp/defs.scm: Add "disable-scdaemon". Remove
- "scdaemon-program".
- * tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
- * tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
-
-2019-03-07 Werner Koch <wk@gnupg.org>
-
- scd: Fix flushing of CA-FPR data objects.
- + commit e7eafe10197557ce874db2f049d683f90f26e0bc
- * scd/app-openpgp.c (do_setattr): Add new table item to flush a
- different tag.
-
-2019-03-07 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
- + commit 77a285a0a94994ee9b42289897f9bf3075c7192d
- * agent/command.c (cmd_clear_passphrase): Add support for SSH.
-
-2019-03-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpgv: Improve documentation for keyring choices.
- + commit a7b2a87f940dba078867c44f1f50d46211d51719
- * doc/gpgv.texi: Improve documentation for keyring choices
+ scd:piv: Add feature to read Yubikey attestation certificates.
+ + commit 51df13d9ec8e89c4236e2f4a9ae3647963c30783
+ * scd/app-piv.c (do_readcert): Add hack to read Yubikey attestaions.
+
+ scd:piv: Allow writecert to only write matching certs.
+ + commit 696d4c290dd4945b693263721f606b5049b9569d
+ * scd/app-piv.c (do_readkey): Read the key from the cert here instead
+ of letting the upper layer do this.
+ (do_writecert): Check that the cert matches the key and that a key has
+ already been generated.
+
+ card: Remove the "admin" command.
+ + commit 280baee72dcb0ca54ce99b524bc2125cbc38e0e4
+ * tools/gpg-card.c (cmd_passwd): Remove arg allow_admin.
+ (enum cmdids): Rename cmdAUTHENTICATE to cmdAUTH and cmdFACTORYRESET
+ to cmdFACTRST.
+ (cmds): Remove column 'admin_only'.
+ (interactive_loop): Remove admin_only stuff.
2019-02-28 Werner Koch <wk@gnupg.org>
sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.
- + commit be69bf0cbd11cb8c0d452e07066669aacc6caafa
- * sm/keylist.c (print_compliance_flags): Also check the digest_algo.
- Add new arg 'cert'.
+ + commit 2c75af9f65d15653ed1bc191f1098ae316607041
+ * sm/keylist.c (print_compliance_flags): Also check the diges_also.
-2019-02-28 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+2019-02-27 NIIBE Yutaka <gniibe@fsij.org>
- gpgsm: default to 3072-bit keys.
- + commit 121286d9d1506dbaad9ba33bae2e459814fe5849
- * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
- default to 3072 bits.
- * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
- 3072 bits.
- * sm/certreqgen.c (proc_parameters): update default to 3072 bits.
- * sm/gpgsm.c (main): print correct default_pubkey_algo.
+ agent: PKSIGN should return signature in same format for card.
+ + commit 0173b249cfb7f02f94911ec759630d81f312e0bd
+ * agent/pksign.c (agent_pksign_do):
2019-02-26 Werner Koch <wk@gnupg.org>
+ scd: Simplify the app_readkey parameters.
+ + commit c2235d994dbb1d7ddba20f89a7c02f4a27b0610c
+ * scd/app-help.c (app_help_pubkey_from_cert): New.
+ * scd/command.c (cmd_readkey): Refactor to use that new function and
+ handle the --advanced flag only here.
+ * scd/app.c (app_readkey): Remove parm advanced.
+ * scd/app-common.h (struct app_ctx_s): Remove parm advanced from the
+ readkey member.
+ * scd/app-nks.c (do_readkey): Adjust for removed parm.
+ * scd/app-piv.c (do_readkey): Ditto.
+ * scd/app-openpgp.c (do_readkey): Ditto.
+
conf: New option --show-socket.
- + commit 92e26ade5c0d52f2e50eaf338a0bb8006e75711c
+ + commit ac485b4f253ad6bbd2bc648650b56d60fc82f89d
* tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
* tools/gpgconf.h: here.
* tools/gpgconf.c (oShowSocket): New.
(opts): Add new option.
(main): Implement new option.
-2019-02-25 Werner Koch <wk@gnupg.org>
+2019-02-26 NIIBE Yutaka <gniibe@fsij.org>
- scd: Don't let the "undefined" app cause a conflict error.
- + commit 0eb8095626be71160dfa66284a7b0a6a57cb03e3
- * scd/app.c (check_conflict): Ignore "undefined".
+ libdns: Avoid using compound literals (8).
+ + commit 371ae25f8f6f2d1ac030bf984bca479393a5ed43
+ * dirmngr/dns.h (dns_quietinit): Remove.
+ (dns_hints_i_new): Remove.
+
+ libdns: Avoid using compound literals (7).
+ + commit d661acd483236d34720a4959fc816d05f89c2cb7
+ * dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
+ * dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
+ automatic variable for opts.
+ * dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
+ Likewise.
+
+ libdns: Avoid using compound literals (6).
+ + commit 6501e59d3685bb58753c9caea729a4b0eca3942a
+ * dirmngr/dns.h (dns_rr_i_new): Remove.
+ (dns_rr_i_init): Remove unused second argument.
+ * dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
+ (parse_packet): Use automatic variable for struct dns_rr_i.
+ (dns_d_cname): No need to call dns_rr_i_init after memset 0.
+ (dns_rr_i_init): Remove unused second argument. Return nothing.
+ * dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
+ (getsrv_libdns): Follow the change of dns_rr_i_init.
+
+ libdns: Avoid using compound literals (5).
+ + commit a1ccfe2b37847cce0db2fb94a7365c9fa501eda4
+ * dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
+ Call dns_rr_grep with NULL.
+ * dirmngr/dns.c (dns_rr_grep): Support NULL for error_.
+
+ libdns: Avoid using compound literals (4).
+ + commit 7313a112f9c7ada61d24285313d2e2d069a672e8
+ * dirmngr/dns.h (dns_d_new*): Remove.
+ * dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
+ variable.
+ (parse_domain): Likewise.
+
+ libdns: Avoid using compound literals (3).
+ + commit 72efb7840258808cd892b90d871ea1cc1c31d7f5
+ * dirmngr/dns.h (dns_p_new): Remove.
+ * dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
+ variable.
+ (dns_hints_query, dns_res_glue, parse_packet, query_hosts)
+ (send_query, show_hints, echo_port): Likewise.
+
+ libdns: Avoid using compound literals (2).
+ + commit 455ef62d29a112de05897139716265d07e4c6ae3
+ * dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
+ (dns_strclass1, dns_strclass3): Remove.
+ (dns_strtype1, dns_strtype3): Remove.
+ (dns_strsection, dns_strclass, dns_strtype): Directly use the
+ function.
+ * dirmngr/dns.c (dns_strsection): Use automatic variable.
+ (dns_strclass, dns_strtype): Likewise.
+
+ libdns: Avoid using compound literals.
+ + commit 1c405499388fd5bed0968ab5c6c5d1b3373537b9
+ * dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
+ variables.
+ (dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
+
+2019-02-25 Werner Koch <wk@gnupg.org>
- (cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)
+ scd: PIV: Always require a PIN for signing with 9C.
+ + commit a481d17432bf7cca19ca71b6aa5ccd9aee2b3baa
+ * scd/app-piv.c (verify_chv): Add arg 'force'.
+ (do_sign): Use force for 0x9c.
- sm: Fix certificate creation with key on card.
- + commit 54c56230e305a38d6fd0c3bf1262172fd5fbcb87
- * sm/certreqgen.c (create_request): Fix for certmode.
+ card: Rename gpg-card-tool to gpg-card.
+ + commit 28de5c0ea53373c56a4405fe6b08d194682dd1de
+ * tools/card-tool-keys.c: Rename to card-keys.c.
+ * tools/card-tool-misc.c: Rename to card-misc.c.
+ * tools/card-tool-yubikey.c: Rename to card-yubikey.c.
+ * tools/card-tool.h: Rename to gpg-card.h.
+ * tools/gpg-card-tool-w32info.rc: Rename to gpg-card-w32info.rc
+ * doc/card-tool.texi: Rename top gpg-card.texi
agent: Fix for suggested Libgcrypt use.
- + commit 0a95b153811f36739d1b20f23920bad0bb07c68b
+ + commit a12c3a566e2e4b10bc02976a2819070877ee895c
* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
2019-02-25 NIIBE Yutaka <gniibe@fsij.org>
gpgscm: Build well even if NDEBUG defined.
- + commit 8161afb9dddaba839be92fbe9d85c05235eda825
+ + commit e140c6d4f581be1a60a34b67b16430452f3987e8
* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.
-2019-02-19 Neal H. Walfield <neal@g10code.com>
+2019-02-22 NIIBE Yutaka <gniibe@fsij.org>
- gpg: Fix comparison.
- + commit 14e5435afb50dc9a9243ff3e0aed5030beba2914
- * g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
- not one or fewer.
+ scd: internal driver: Submit SET_INTERFACE control transfer.
+ + commit 611faf1579a56925994d53eb08e1290a4b3958cf
+ * scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
+ control transfer.
+
+2019-02-21 Werner Koch <wk@gnupg.org>
+
+ sm: Fix certificate creation with key on card.
+ + commit c1000c673814e552923cf1361346d7dfeee55608
+ * sm/certreqgen.c (create_request): Fix for certmode.
+
+ card: Print usage info for each key.
+ + commit 7317aeb3f448c98dcfa9c04f49b9a69d81c26776
+ * tools/card-call-scd.c (learn_status_cb): Handle extended
+ KEYPARIRINFO.
+ * tools/card-tool.h (struct key_info_s): Add field 'usage'.
+ * tools/gpg-card-tool.c (list_one_kinfo): Show usage flags.
+
+ scd: Extend KEYPAIRINFO by key usage info.
+ + commit 5e21ef2d556ca65b7869bf16ab465f3511601e1e
+ * scd/app-openpgp.c (send_keypair_info): Append usage string.
+ * scd/app-piv.c (struct data_object_s): Remove column 'binary'. Add
+ column 'usage'.
+ (dump_all_do): Adjust for removed 'binary'.
+ (send_keypair_and_cert_info): Append usage string.
+
+ card: Print the keyref in the listing.
+ + commit 3384ba6c1c421cfa674dbd8294dc655d7320534e
+ * tools/gpg-card-tool.c (list_one_kinfo): Print the keyref.
+
+ scd: Don't let the "undefined" app cause a conflict error.
+ + commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a
+ * scd/app.c (check_conflict): Ignore "undefined".
+
+ sm: Prepare algo mapping to handle values > 255.
+ + commit d7a54ca461ad75e4fab77a2f1b25986c7637762a
+ * sm/misc.c (transform_sigval): Allow for larger values of MDALGO and
+ PKALGO.
+
+2019-02-21 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Clear CHV status on timeout error.
+ + commit 2013cb5ee667610de35f8b92c2f979f5caa09d4c
+ * scd/app-openpgp.c (clear_chv_status): New.
+ (do_change_pin): Use clear_chv_status.
+ (do_sign): Call clear_chv_status on GPG_ERR_TIMEOUT.
+ (do_auth, do_decipher): Likewise.
+
+ scd: Handle ack button timeout as GPG_ERR_TIMEOUT.
+ + commit bd15aa34ab8ad10adbb7540a8845b4a2600437b6
+ * scd/apdu.h (SW_ACK_TIMEOUT): New.
+ * scd/iso7816.c (map_sw): Return GPG_ERR_TIMEOUT for SW_ACK_TIMEOUT.
+
+ tests: Add "disable-scdaemon" in gpg-agent.conf.
+ + commit 64b7c6fd1945bc206cf56979633dfca8a7494374
+ * tests/openpgp/defs.scm: Add "disable-scdaemon". Remove
+ "scdaemon-program".
+ * tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
+ * tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
2019-02-19 NIIBE Yutaka <gniibe@fsij.org>
- agent: Fix cancellation handling for scdaemon.
- + commit 005e951714ff62087b8c8802e05d14b7998826f3
- * agent/call-scd.c (cancel_inquire): Remove.
- (agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
- (agent_card_scd): Don't call cancel_inquire.
+ agent: Terminate pinentry process gracefully, by watching socket.
+ + commit c395f8315362793409be54aca630ce6e903ea984
+ * agent/call-pinentry.c (watch_sock): New.
+ (do_getpin): Spawn the watching thread.
- scd: Distinguish cancel by user and protocol error.
- + commit 90e5f49b6a2e002d3c67a041a076f07aeb7a7f54
- * scd/apdu.h (SW_HOST_CANCELLED): New.
- * scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
- (pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
- * scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
- SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
+ agent: Minor change for pinentry status handling.
+ + commit 99aa54323f97937613e02d8c2da91544e1fe7bcf
+ * agent/call-pinentry.c (struct entry_parm_s): Add status.
+ (do_getpin): Use param->status.
+ (agent_askpin): Copy param->status. to pininfo.
- common: Fix gnupg_wait_processes.
- + commit 6e422b5135c71f8fa859a3f4de51bf89e3ff5ac6
- * common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
- even if we already see an error.
+ agent: Factor out the getpin interaction.
+ + commit ada797f477f923bee36d67c8e49f728ae7adb9e9
+ * agent/call-pinentry.c (do_getpin): New.
+ (agent_askpin, agent_get_passphrase): Use do_getpin.
+
+2019-02-18 Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>
+
+ sm: Support generation of card-based ed25519 CSR.
+ + commit 3cbdf896e6919333b5423001ab58c01a04363386
+ * sm/call-agent.c (gpgsm_scd_pksign): Allow SHA512. Create proper
+ S-expression for EdDSA signature.
+ * sm/certreqgen.c (create_request): Force use of SHA512 when
+ using a ed25519 key.
+ * sm/misc.c (transform_sigval): Insert OID for ed25519.
+
+2019-02-15 Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>
+
+ sm: Support generation of card-based ECDSA CSR.
+ + commit 74e9b579ca273fc07be090bb5fb7800a97b1b452
+ * sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key
+ and format resulting S-expression accordingly.
+ * sm/misc.c (transform_sigval): Support ECDSA signatures.
2019-02-14 Ingvar Hagelund <ingvar@redpill-linpro.com>
po: Correct a simple typo in the Norwegian translation.
- + commit a09bba976d2f5694011a9291189a70a0f3c4caae
+ + commit b89f1790e0b9f3196a2382a9b9ff5f461c58a449
-2019-02-12 Werner Koch <wk@gnupg.org>
+2019-02-13 Werner Koch <wk@gnupg.org>
- Release 2.2.13.
- + commit 7922e2dd1c7eee48a8a2cf4799827942489ddd0f
+ card: New command "yubikey".
+ + commit 7e1cd2cd416f852fc039af310e3df1ce395d89a9
+ * tools/card-tool-yubikey.c: New.
+ * tools/Makefile.am (gpg_card_tool_SOURCES): Add it.
+ * tools/card-call-scd.c (scd_apdu): Allow returning data.
+ * tools/card-tool-misc.c (send_apdu): New. Move from gpg-card-tool.c
+ and let it return data. Change all callers.
+ * tools/gpg-card-tool.c (cmd_writecert): Prepend the certref with the
+ current application type.
+ (cmd_yubikey): New.
2019-02-11 Werner Koch <wk@gnupg.org>
+ scd: Implement decryption for PIV cards.
+ + commit 43b14b4cc227311aa77b1fc1d9577c5f7d3eda86
+ * scd/app-piv.c (do_decipher): New.
+
+ scd: For PIV cards used NO_AUTH instead of BAD_PIN.
+ + commit b2838694402ce0cfc2ef70451bf0e6677b875ca9
+ * common/util.h (GPG_ERR_NO_AUTH, GPG_ERR_BAD_AUTH): Add replacement
+ codes for gpgrt < 1.36.
+ * scd/app-piv.c (auth_adm_key):
+ (do_genkey, do_writecert): Use better error codes.
+
+2019-02-08 Werner Koch <wk@gnupg.org>
+
+ scd: Implement RSA signing for PIV cards.
+ + commit 53beea56afecde76f0f4ca93fc50ca59298a093e
+ * scd/app-piv.c (concat_tlv_list): New.
+ (get_key_algorithm_by_dobj): Rename args for clarity.
+ (do_auth): factor all code out to ...
+ (do_sign): new. Implement RSA signing.
+
sm: In --gen-key with "key from card" show also the algorithm.
- + commit d1bee9d1efa28fa9d35b7eed1e616c6362fd044e
+ + commit 0328976c94adc2c518c7a7763a35319a0000c5e2
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.
common: Provide function to get public key algo names in our format.
- + commit d29d73264f607642281fb701a17015306c8fc4d7
- * common/sexputil.c (pubkey_algo_string): New.
+ + commit 03bf8e967adb2dd13329ba1089deb419d49e55c0
+ * tools/card-tool-misc.c (pubkey_algo_string): Move to ...
+ * common/sexputil.c (pubkey_algo_string): here.
+
+ card: Make "generate" work for PIV cards.
+ + commit a1cb4a940f308ba21ecc002b044efccf0c547784
+ * tools/card-call-scd.c (scd_genkey_cb): Make createtime optional.
+ (scd_genkey_cb): Ditto. Add arg algo.
+ * tools/gpg-card-tool.c (cmd_generate): Add options and factor card
+ specific code out to ...
+ (generate_openpgp, generate_generic): new functions.
+
+ scd: Allow generating ECC curves on PIV cards.
+ + commit b349adc5c0d00d2fc405a45bd078f1580b5610cc
+ * scd/app-piv.c (genkey_parse_ecc): New.
+ (get_keygrip_by_tag): Call that one.
+ (do_readkey): Call that one.
+ * scd/command.c (cmd_genkey): Add option --algo.
common: New functions get_option_value and ascii_strupr.
- + commit ee8d1a9e6c09b3ecc4b46f47b79358f78d458916
+ + commit e2f18023b3b3b7e55b35218f65e37448d1011172
* common/server-help.c (get_option_value): New.
* common/stringhelp.c (ascii_strupr): New.
+2019-02-07 Werner Koch <wk@gnupg.org>
+
+ card: Print the used algorithm of all keys.
+ + commit b79bc877f2ad4d08e7de377cf4bf616b981b3c5f
+ * tools/card-call-scd.c (scd_readkey): New.
+ * tools/card-tool-misc.c (pubkey_algo_string): New.
+ * tools/gpg-card-tool.c (list_one_kinfo): Print the algo.
+
+ card: Fix a NULL-ptr deref in key listings.
+ + commit df6ba6dfd235fddb7645bc16573da1a6a7e6b49d
+ * tools/card-tool-keys.c (get_matching_keys): Fix segv.
+ * tools/gpg-card-tool.c (main): Init info.
+
+ scd: Store a new PIV public key in the certificate DO.
+ + commit 5bf1212000f48243642ace0f708fd27446879b9e
+ * scd/app-piv.c (struct genkey_result_s): Remove type and all users.
+ (send_keypair_and_cert_info): Print certinfo only if we got a cert..
+ (readcert_by_tag): Add arg r_mechanism and implement reading of public
+ keys.
+ (get_keygrip_by_tag): Use a public key to compute the keygrip.
+ (do_readcert): Make sure to only return a certificate.
+ (do_readkey): Read public key from the DO if a certificate is missing.
+ (get_key_algorithm_by_dobj): Get the algorithm also from a public key.
+ (does_key_exist): String changes.
+ (do_genkey): Remove result caching and store public key in the DO.
+
+ card: Support reading and writing PIV certificates.
+ + commit fcec5b40e589b2ef201efb89f22a952feb4a9069
+ * scd/app-piv.c (add_tlv): New.
+ (put_data): New.
+ (do_writecert): New.
+ (do_setattr): Remove usused special mode 0.
+ * tools/gpg-card-tool.c (cmd_writecert): Allow other cards than
+ OPENPGP.
+ (cmd_readcert): Ditto.
+
+2019-02-06 Werner Koch <wk@gnupg.org>
+
+ scd: Add genkey command to app-piv (rsa-only)
+ + commit b5b1f721582df9d0379cb68b4faeceed32a56e49
+ * scd/app-piv.c (struct genkey_result_s): new.
+ (struct app_local_s): add member genkey_results.
+ (do_deinit): Free that one.
+ (flush_cached_data): Extend to delete all items.
+ (keyref_from_dobj): New.
+ (do_readkey): New.
+ (do_auth): Use keyref_from_dobj.
+ (does_key_exist): New.
+ (genkey_parse_rsa): New.
+ (do_genkey): New.
+
scd: Make app_genkey and supporting ISO function more flexible.
- + commit 14816c798099925e47908e7ce415412d72fbe28e
+ + commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c
* scd/app.c (app_genkey): Add arg keytype.
* scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
* scd/command.c (cmd_genkey): Adjust for change.
* scd/app-openpgp.c (do_genkey): Adjust for changes.
scd: Fix parameter name of app_change_key.
- + commit c075274aac0ffd388df638548b75a7d90e7e929d
+ + commit c26af8ac263ea006ed32e110a09271e4bfbf1f37
* scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
* scd/app.c (app_change_pin): Rename arg reset_mode to flags and
change from int to unsigned int.
+ scd: Implement PIN changing and unblocking for PIV cards.
+ + commit e9e876cb5572670322aa1d3462d64c75c03974d9
+ * scd/app-piv.c: Some refactoring
+ (do_change_chv): Implement.
+
+2019-02-05 Werner Koch <wk@gnupg.org>
+
scd: Allow standard keyref scheme for app-openpgp.
- + commit 6651a0640d0f1b4dd161210dc55974d9b93b7253
+ + commit 3231ecdafd71ac47b734469b07170756979ede72
* scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
"OPENPGP."
+ * tools/card-call-scd.c (scd_change_pin): Change API to use strings.
+ * tools/gpg-card-tool.c (cmd_passwd): Adjust for change.
+ (cmd_unblock): Ditto.
+
+2019-01-31 Werner Koch <wk@gnupg.org>
+
+ card: Implement non-interactive mode.
+ + commit 1c0fa3e6f74692d5e9b5f08cda523f0fcec305eb
+ * tools/card-tool.h (opt): Add field 'initialized'.
+ * tools/card-call-scd.c (scd_learn): Set it.
+ * tools/gpg-card-tool.c (main): Reworked.
+ (dispatch_command): New.
+
+ card: New command 'authenticate'.
+ + commit da383257404cde9689bc58259ef3f46e9903bf34
+ * tools/card-tool-misc.c (hex_to_buffer): New.
+ * tools/gpg-card-tool.c (get_data_from_file): Change to allow returning
+ a string.
+ (cmd_authenticate): New.
+ (cmds): Add command "authenticate".
+
+ scd: Add DES authentication for PIV card.
+ + commit 1d57450f3e71b198e66e155a8ebbfab452f58ffc
+ * scd/app-piv.c (flush_cached_data): New.
+ (auth_adm_key): New.
+ (set_adm_key): New.
+ (do_setattr): New.
+ * scd/command.c (MAXLEN_SETATTRDATA): New.
+ (cmd_setattr): Add an inquire option.
- gpg: Emit an ERROR status if no key was found with --list-keys.
- + commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b
- * g10/keylist.c (list_one): Emit status line.
-
-2019-02-06 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit c16685b2f5021105ef0560cb3db68ef43bcdb9c1
-
+2019-01-30 Werner Koch <wk@gnupg.org>
- agent: Clear bogus pinentry cache, when it causes an error.
- + commit 9109bb9919f84d5472b7e62e84b961414a79d3c2
- * agent/agent.h (PINENTRY_STATUS_*): Expose to public.
- (struct pin_entry_info_s): Add status.
- * agent/call-pinentry.c (agent_askpin): Clearing the ->status
- before the loop, let the assuan_transact set ->status. When
- failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
- soon.
- * agent/findkey.c (unprotect): Clear the pinentry cache,
- when it causes an error.
+ card: Cache the results from gpg and gpgsm.
+ + commit 0107984f9f55f84e4842642bceefd2181ec09dab
+ * tools/card-tool-keys.c (keyblock_cache): New var.
+ (release_keyblock): Factor code out to a new do_release_keyblock. Add
+ a cache.
+ (flush_keyblock_cache): New.
+ (get_matching_keys): Use the cache.
+ * tools/gpg-card-tool.c (cmds): Add command "reset".
+ (interactive_loop): Implement reset.
+
+ card: Print matching OpenPGP and X.509 data.
+ + commit 833f27a6a7e059e38bccaf360f05e72e4403545a
+ * tools/card-tool-keys.c: New.
+ * tools/Makefile.am (gpg_card_tool_SOURCES): Add file.
+ * tools/card-tool.h (struct pubkey_s, pubkey_t): New.
+ (struct userid_s, userid_t): New.
+ (struct keyblock_s, keyblock_t): New.
+ * common/util.h (GNUPG_PROTOCOL_): New const
+ * tools/gpg-card-tool.c (aTest): Add temporary command.
+ (list_one_kinfo): Print info from gpg and gpgsm.
- dirmngr: Fix initialization of assuan's nPth hook.
- + commit 7f4c3eb0a039621c564b6095ab5f810524843157
- * dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
- (thread_init): ... here.
+ gpg: Emit an ERROR status if no key was found with --list-keys.
+ + commit 140fda8c61422ec055c3f7e214cc35706c4320dd
+ * g10/keylist.c (list_one): Emit status line.
-2019-01-30 Werner Koch <wk@gnupg.org>
+ common: Add kludge to allow silencing gnupg_exec_tool_stream.
+ + commit 1fd3d864b4eceaf45b33e754e5d832b7ccc0d17f
+ * common/exectool.c (read_and_log_buffer_t): Take care of a --quiet
+ argument.
+ (gnupg_exec_tool_stream): Ditto.
gpg: Allow generating Ed25519 key from an existing key.
- + commit 31d2a1eecaee766919b18bc42b918d9168f601f8
+ + commit 346a98fabe03adf2e202e36fc2aa24b1c2571154
* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.
+ common: New function decode_c_string.
+ + commit 6ecedd0b25b6b1a33be63b99f2a8256370000521
+ * common/miscellaneous.c (decode_c_string): New.
+
2019-01-29 Werner Koch <wk@gnupg.org>
gpg: Implement searching keys via keygrip.
- + commit 5e5f3ca0c2e08185a236b4d04b318f81004e3223
+ + commit c128667b3cba749dd14262e032d4c260a2b0acd3
* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip.
* kbx/keybox-openpgp.c (struct keyparm_s): New.
(keygrip_from_keyparm): New.
(has_keygrip): Call it.
common: Provide some convenient OpenPGP related constants.
- + commit b78f293cf06f447d1d0a5c416ac129a4e1cf9f8c
+ + commit f382984966a31a4cbe572bce5370590c5490ed1e
* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
(OPENPGP_MAX_NSKEY): New.
(OPENPGP_MAX_NSIG): New.
(OPENPGP_MAX_NENC): New.
* g10/packet.h: Define PUBKEY_MAX using the new consts.
- (cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)
-
common: New helper functions for OpenPGP curve OIDs.
- + commit dddbb26155f292fde2909ecc84b62b693b6dea49
+ + commit 4a1558d0c7190cf13d35385e47291a7aa121be3e
* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
to ...
(openpgp_oidbuf_to_str): new.
(openpgp_oidbuf_is_ed25519): New.
(openpgp_oidbuf_is_cv25519): New.
+ card: Support factory reset for Yubikey PIV application.
+ + commit 79bed504e51034d960fcb858fb643901cad85913
+ * scd/app-common.h (struct app_ctx_s): Add field cardtype.
+ * scd/app.c (app_new_register): Set cardtype for yubikey.
+ (app_getattr): Add CARDTYPE.
+ (app_write_learn_status): Emit new attribute.
+ * scd/app-piv.c (do_getattr): Add CHV-USAGE.
+ (do_learn_status): Emit it.
+ * tools/card-tool.h (struct card_info_s): Add field cardtype.
+ * tools/card-call-scd.c (learn_status_cb): Parse "CARDTYPE".
+
+ * tools/gpg-card-tool.c (list_piv): Print PIN usage policy.
+ (list_card): Print card type.
+ (cmd_factoryreset): Implement for Yubikey with PIV.
+
+ card: Print keyinfo for PIV cards.
+ + commit 9325c92284bb346d11c3591bb2ea88095989361a
+ * scd/app-piv.c (do_learn_status): Print CHV-STATUS.
+ * tools/card-tool.h (struct card_info_s): Rename chvretry to chvinfo.
+ * tools/card-call-scd.c (learn_status_cb): Depend CHV-STATUS on app
+ type.
+ * tools/gpg-card-tool.c (list_piv): New.
+
+ card: Make printing of key information more flexible.
+ + commit 237880175f59d372011cd2e20bb49726eeccf058
+ * tools/card-tool-misc.c: New.
+ * tools/card-tool.h: Rewored data structures for key infos.
+ * tools/gpg-card-tool.c: Ditto.
+ * tools/card-call-scd.c: Ditto.
+
+2019-01-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Clear bogus pinentry cache, when it causes an error.
+ + commit 02a2633a7f0b7d91aa48ea615fb3a0edfd6ed6bb
+ * agent/agent.h (PINENTRY_STATUS_*): Expose to public.
+ (struct pin_entry_info_s): Add status.
+ * agent/call-pinentry.c (agent_askpin): Clearing the ->status
+ before the loop, let the assuan_transact set ->status. When
+ failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
+ soon.
+ * agent/findkey.c (unprotect): Clear the pinentry cache,
+ when it causes an error.
+
+2019-01-27 Werner Koch <wk@gnupg.org>
+
+ card: Implement the bulk of OpenPGP stuff into gpg-card-tool.
+ + commit 1c9251004592415b27988064ae20504dd1c37f57
+ * tools/card-call-scd.c: New.
+ * tools/card-tool.h: new.
+ * tools/gpg-card-tool.c: Largely extended.
+
+2019-01-26 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix just changed agent_get_s2k_count.
+ + commit 54f88afba4564e62e51fe6e22beabbdee75f91ac
+ * g10/call-agent.c (agent_get_s2k_count): Actually return the count.
+
+ gpg: Move S2K encoding function to a shared file.
+ + commit ec13b1c562e34c0fcbc7b848ab6dc187b79cf2c1
+ * g10/passphrase.c (encode_s2k_iterations): Move function to ...
+ * common/openpgp-s2k.c: new file. Remove default intialization code.
+ * common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
+ * g10/call-agent.c (agent_get_s2k_count): Change to return the count
+ and print an error.
+ * agent/protect.c: Include openpgpdefs.h
+ * g10/card-util.c (gen_kdf_data): Adjust for changes
+ * g10/gpgcompose.c: Include call-agent.h.
+ (sk_esk): Adjust for changes.
+ * g10/passphrase (passphrase_to_dek): Adjust for changes.
+ * g10/main.h (S2K_DECODE_COUNT): Remove macro.
+
+2019-01-25 Werner Koch <wk@gnupg.org>
+
+ scd: Improve app selection for app "undefined".
+ + commit 0415b80227c52620bece3ae7502f38f24a23e59d
+ * scd/app.c (app_new_register): Don't bail out early in undefined
+ mode.
+
+ scd: Fix flushing of CA-FPR data objects.
+ + commit c9f4c1f0de06672c6ae2b793d86cc001d131f9a6
+ * scd/app-openpgp.c (do_setattr): Add new table item to flush a
+ different tag.
+
+2019-01-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
+ + commit ae966bbe9b16ed68a51391afdde615339755e22d
+ * agent/command.c (cmd_clear_passphrase): Add support for SSH.
+
+ dirmngr: Fix initialization of assuan's nPth hook.
+ + commit 1f8817475f59ede3f28f57edc10ba56bbdd08b49
+ * dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
+ (thread_init): ... here.
+
+2019-01-24 Werner Koch <wk@gnupg.org>
+
+ common: Extend function percent_data_escape.
+ + commit 055f8854d3f49b8d06105d20f344f5ac10e4f6a6
+ * common/percent.c (percent_data_escape): Add new args prefix and
+ plus_escape.
+ * agent/command.c (cmd_put_secret): Adjust for changed function
+
+ * common/t-percent.c (test_percent_data_escape): Extend test for the
+ prefix.
+ (test_percent_data_escape_plus): new test for the plus escaping.
+
+2019-01-23 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Support PASSWD --clear for OpenPGP card.
+ + commit fec75a3868da72196f76aca95c7ab07debb7dc04
+ * scd/app-openpgp.c (do_change_pin): Implement handling
+ APP_CHANGE_FLAG_CLEAR.
+
2019-01-22 Werner Koch <wk@gnupg.org>
+ gpg: Stop early when trying to create a primary Elgamal key.
+ + commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8
+ * g10/misc.c (openpgp_pk_test_algo2): Add extra check.
+
+ card-tool: Add skeleton for new tool.
+ + commit e6d613711a327d63511601dd42aeff34e09ec95a
+ * tools/gpg-card-tool.c: New.
+ * tools/gpg-card-tool-w32info.rc: New.
+ * tools/Makefile.am: Add new tool.
+
+ common: Add generic status print function.
+ + commit 03cf23b43ec5fea8a355d3ba2200e86a8efc589b
+ * common/status.c (gnupg_set_status_fd): New.
+ (gnupg_status_printf): New.
+ * po/Makevars (XGETTEXT_OPTIONS): Add gnupg-status_printf.
+
+2019-01-21 Werner Koch <wk@gnupg.org>
+
+ scd: Support CHV-STATUS and CHECKPIN for PIV.
+ + commit fa9d703de5c70ae925e8ca6604073506f24d641a
+ * scd/app-piv.c (parse_pin_keyref): New.
+ (get_chv_status): New.
+ (do_getattr): Add name CHV-STATUS.
+ (verify_pin): Add arg keyref to support other PINs.
+ (do_change_pin): New. Right now limited to --clear.
+ (do_check_pin): New.
+ (app_select_piv): Register new commands.
+
scd: Add option --clear to PASSWD.
- + commit d4082ff430afe670510d2c1c7ea66ee9ddcbe505
+ + commit 29929e65521279eabc98a67c766fe485057405a9
* scd/command.c (cmd_passwd): Add option --clear.
(send_status_printf): New.
* scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
used.
* scd/app-openpgp.c (do_change_pin): Ditto.
+2019-01-20 Werner Koch <wk@gnupg.org>
+
+ scd: Add very basic support for PIV cards.
+ + commit ec56996029d95d4bd26e1badfe207232270c6247
+ * scd/app-piv.c: New.
+ * scd/Makefile.am (card_apps): Add app-piv.c
+ * scd/app.c (app_new_register): Try to get a Yubikey serial number.
+ Detect the PIV application.
+ (get_supported_applications): Add "piv".
+
scd: One new and one improved 7816 function.
- + commit 9309175de8c76de44021c25c7885355ff1a9b67b
+ + commit 70bb5c7931598590b1acfae90bf4657f5911d2d3
* scd/apdu.c (apdu_send_direct): New arg R_SW.
* scd/command.c (cmd_apdu): Ditto.
* scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
* scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
arg.
+2019-01-17 Werner Koch <wk@gnupg.org>
+
ssh: Simplify the curve name lookup.
- + commit 11a65159f997ccd69ecb9d867c1f3d0c4d8837d6
+ + commit d93797c8a7892fe26672c551017468e9f8099ef6
* agent/command-ssh.c (struct ssh_key_type_spec): Add field
alt_curve_name.
(ssh_key_types): Add some alternate curve names.
GnuPG-2.2 Libgcrypt 1.7 is required.
(ssh_handler_request_identities): Log an error message.
- gpg: Stop early when trying to create a primary Elgamal key.
- + commit f5d3b982e44c5cfc60e9936020102a598b635187
- * g10/misc.c (openpgp_pk_test_algo2): Add extra check.
+2019-01-16 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpg: Report STATUS_NO_SECKEY when it is examined.
+ + commit dafffa95b2317bcb80fff1fd6d2bc7b4e6b1e206
+ * g10/packet.h (struct pubkey_enc_list): Add result.
+ * g10/mainproc.c (proc_pubkey_enc): Initialize ->result.
+ (proc_encrypted): Report STATUS_NO_SECKEY status.
+ * g10/pubkey-enc.c (get_session_key): Set ->result.
-2019-01-17 NIIBE Yutaka <gniibe@fsij.org>
+2019-01-07 NIIBE Yutaka <gniibe@fsij.org>
scd: Fix for USB INTERRUPT transfer.
- + commit 9dc76d599cd4c86d3c187d078daad1144a92564c
+ + commit 5ab3bc422a5cc1a646c168b547f2b6538b3a4ffa
* scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
just handle this event as failure.
-2018-12-19 NIIBE Yutaka <gniibe@fsij.org>
+2019-01-03 Werner Koch <wk@gnupg.org>
- agent: Fix message for ACK button.
- + commit 80a08b655f8f5e7a7d78b766f1770fd474081a48
- * agent/divert-scd.c (getpin_cb): Display correct message.
+ scd: Add two variants to the set of ISO7816 functions.
+ + commit 405feca2bdeeb620dc406667a702035a123ae848
+ * scd/iso7816.c (iso7816_select_application_ext): New.
+ (iso7816_get_data_odd): New.
-2018-12-18 Werner Koch <wk@gnupg.org>
+ scd: Support "READKEY --advanced" for all cards.
+ + commit cca2b87e79cda212a33c13efdd2b2830295d2efe
+ * scd/command.c (cmd_readkey): Reformat for advanced mode.
- Silence compiler warnings new with gcc 8.
- + commit 21fc089148678f59edb02e0e16bed65b709fb972
- * dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc.
- * tests/gpgscm/scheme.c: Include gpgrt.h.
- (Eval_Cycle): Ignore -Wimplicit-fallthrough.
+2018-12-18 Werner Koch <wk@gnupg.org>
wks: Do not use compression for the encrypted data.
- + commit 16424d8a34c7f6af1071fd19dfc180cb7d17c052
+ + commit 70a8db0333e3c22403b3647f8b5f924f6dace719
* tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
* tools/gpg-wks-server.c (encrypt_stream): Ditto.
2018-12-18 NIIBE Yutaka <gniibe@fsij.org>
- po: Update Japanese translation.
- + commit ae9159e0685098ee97d6f526666524423f4a0fff
-
-
- scd: Support "acknowledge button" feature.
- + commit ffe31f405f9b5e4929e95c3d66c613052cb7727e
- * scd/apdu.c (set_prompt_cb): New member function.
- (set_prompt_cb_ccid_reader): New function.
- (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
- (apdu_set_prompt_cb): New.
- * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
- * ccid-driver.c (ccid_set_prompt_cb): New.
- (bulk_in): Call ->prompt_cb when timer extension.
- * scd/command.c (popup_prompt): New.
+ scd: Fix description string.
+ + commit e6b7e0ff9990813ac9f11b2d9d92596d6379ebfe
+ * scd/app-openpgp.c (data_objects): Capitalize the word for usage.
- agent: Support --ack option for POPUPPINPADPROMPT.
- + commit e6be36ee8854dc343a5e0f914991da3da360b513
- * agent/divert-scd.c (getpin_cb): Support --ack option.
+2018-12-17 Werner Koch <wk@gnupg.org>
-2018-12-14 Werner Koch <wk@gnupg.org>
+ Silence a few compiler warnings new with gcc 8.
+ + commit 40c307fa8d0e813f2aa57806f25b8b0063cc2be3
+ * dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc.
+ * tools/gpg-pair-tool.c (command_respond): Init two vars to silence
+ gcc.
- Release 2.2.12.
- + commit 7d8f4ee7cf56eda988acdc909160cbac71bff18a
+2018-12-12 NIIBE Yutaka <gniibe@fsij.org>
+ card: Suppress error message by agent_scd_cardlist.
+ + commit ebf775eb16fef27bd1f27319a5483d04dcf95a9a
+ * g10/call-agent.c (agent_scd_cardlist): Add
+ FLAG_FOR_CARD_SUPPRESS_ERRORS.
2018-12-11 Werner Koch <wk@gnupg.org>
- agent: Make the S2K calibration time runtime configurable.
- + commit de29a50e7c8a779ac0832a149bcf3eb2c4191dc9
+ agent: Make the S2K calibration time runtime configurabe.
+ + commit cbcc8c19541fe8407f3b6588fce1535c64cf6b25
* agent/protect.c (s2k_calibration_time): New file global var.
(calibrate_s2k_count): Use it here.
(get_calibrated_s2k_count): Replace function static var by ...
(opts): New option --s2k-calibration.
(parse_rereadable_options): Parse that option.
-2018-12-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: compile-time configuration of s2k calibration.
- + commit 0cf0f3aaf835d29848f1485df357606254ba6fad
- * configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
- AGENT_S2K_CALIBRATION (measured in milliseconds)
- * agent/protect.c (calibrate_s2k_count): Calibrate based on
- AGENT_S2K_CALIBRATION.
-
- (cherry picked from commit 926d07c5fa05de05caef3a72b6fe156606ac0549)
-
-2018-12-11 Werner Koch <wk@gnupg.org>
-
dirmngr: Retry another server from the pool on 502, 503, 504.
- + commit e5abdb6da7fa7cd4d146c7285b160277511bc230
+ + commit 05ef6282784495a77f4faf76c0de5bc85dfecf06
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
http_status and handle it.
(ks_hkp_search): Get http_status froms end_request and pass on to
(ks_hkp_put): Ditto.
dirmngr: New function http_status2string.
- + commit b9d71ea64a694582739c18cfef9621b36d5371e9
+ + commit dc61f4ecea5c9815cb00aeb25439978337c1fd64
* dirmngr/http.c (http_status2string): New.
gpg: In search-keys return "Not found" instead of "No Data".
- + commit f7ff25edadd474f83fccba6fd3c410eb8358bb22
+ + commit e7252ae57f3c9da557f23295268f74dd25fee3a1
* g10/keyserver.c (keyserver_search): Check for NO_DATA.
2018-12-11 Tomi Leppänen <tomi.leppanen@jolla.com>
tools: Use POSIX compatible arguments for find.
- + commit dfcc5e6d3ec91f547feb78e442946e729b49878c
+ + commit 2c35e67e3475ec38ff49953d79bd0f734d6db542
* tools/addgnupghome (filelist): Remove bashism.
-2018-12-06 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Make "learn" report about KDF data object.
- + commit d4bc8051525a33b28b1e33daf35d79c1d6cd9c41
- * scd/app-openpgp.c (do_learn_status): Report KDF attr.
- * g10/card-util.c (current_card_status): Output KDF for with_colons.
-
- card: Display if KDF is enabled or not.
- + commit 751ff784e5316470f266750d299ae857ad7840d8
- * g10/call-agent.h (kdf_do_enabled): New field.
- * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
- * g10/card-util.c (current_card_status): Inform the availability.
-
- g10: Fix memory leak for --card-status.
- + commit 293001e2c6f0e228ff7f1b6a3e2606ae1370a5d5
- * g10/card-util.c (card_status): Release memory of serial number.
-
2018-12-05 NIIBE Yutaka <gniibe@fsij.org>
g10: Fix print_pubkey_info new line output.
- + commit c5aba093b86e7d69b34ddcf55130f8f21e889b5c
+ + commit e154fba30ba0d5f29040a33f5c1b5c25b441b69f
* g10/keylist.c (print_pubkey_info): Reverse the condition.
-2018-12-05 Werner Koch <wk@gnupg.org>
-
- gpg: New list-option "show-only-fpr-mbox".
- + commit 9b538451682c704b4036c0ecdb7e6b0ef8570016
- * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
- * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
- * g10/keylist.c (list_keyblock_simple): New.
- (list_keyblock): Call it.
- (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
- mode.
+2018-12-04 Werner Koch <wk@gnupg.org>
wks: Fix filter expression syntax flaw.
- + commit 80bf1f8901dcbbb2cb6cacc11cca98705ce8f59d
+ + commit 0c36ec241d285545f286069843de4f663cd274a3
* tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
expression needs a space before the value.
(install_key_from_spec_file): Replace es_getline by es_read_line and
remove debug output.
+ gpg: Prepare revocation keys for use with v5 keys.
+ + commit c6e2ee020784de63edfa83c76095e086eae49eef
+ * g10/packet.h (struct revocation_key): Add field 'fprlen'.
+ * g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5
+ keys. Also fix reading of unitialized data at place where
+ MAX_FINGERPRINT_LEN is used.
+ * g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen.
+ Do an explicit compare to avoid reading unitialized data.
+ * g10/sig-check.c (check_revocation_keys): Use the fprlen.
+ * g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid
+ reading unitialized data.
+ * g10/import.c (revocation_present): Use fprlen.
+ * g10/keyedit.c (show_key_with_all_names): Use fprlen.
+ (menu_addrevoker): Use fprlen. Allow for v5 keys.
+ * g10/keygen.c (keygen_add_revkey): Use fprlen.
+ (parse_revocation_key): Allow for v5 keys.
+ * g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys. Print a
+ better error message in case of bogus fingerprints.
+ * g10/keylist.c (print_revokers): Use fprlen.
+
wks: Allow reading of --install-key arguments from stdin.
- + commit b6fd60dfa1709f162c25eb72cf8c45d0ab9bf34f
+ + commit ba46a359b9d6549b74ec8401ea39bad434d87564
* tools/wks-util.c (install_key_from_spec_file): New.
(wks_cmd_install_key): Call it.
* tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
* tools/gpg-wks-server.c (main): Ditto.
- (cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
+ gpg: New list-option "show-only-fpr-mbox".
+ + commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49
+ * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
+ * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
+ * g10/keylist.c (list_keyblock_simple): New.
+ (list_keyblock): Call it.
+ (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
+ mode.
wks: Create sub-directories.
- + commit bf29d7c822264a40f1469c7b5024d93b955a3a1e
+ + commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0
* tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
if needed.
- (cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0)
-
wks: Add new commands --install-key and --remove-key to the client.
- + commit 5b4aa8c6d4abfa3135ec3ab23decf9bdd624df3e
+ + commit 602b1909632925d5a2e0778c102d66109795c627
* tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
(opts): Add "--install-key", "--remove-key" and "-C".
(parse_arguments): Parse them.
commands.
wks: Move a few server functions to wks-util.
- + commit 51b722c6f57b80a3b9caa417b7a74e7fab80043f
+ + commit 99094c992c20dd22971beb3527cfda109cd1df89
* tools/gpg-wks-server.c (write_to_file): Move to ...
* tools/wks-util.c: here.
* tools/gpg-wks-server.c (compute_hu_fname): Move to ...
* tools/gpg-wks-server.c (command_remove_key): Move to ...
* tools/wks-util.c (wks_cmd_remove_key): here and change callers.
- (cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)
+2018-12-04 NIIBE Yutaka <gniibe@fsij.org>
-2018-12-05 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+ build: Remove --with-*-prefix from configure_opts.
+ + commit 802b23289cc9b43a56e5032c2681eb21d4014784
+ * autogen.rc (configure_opts): Remove --with-*-prefix.
+
+2018-12-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
g10/mainproc: disable hash contexts when --skip-verify is used.
- + commit 6008410e512cb74a4a2ad3f6e3fce4669e4f7e2c
+ + commit 73e74de0e33bbb76300f96a4174024779047df06
* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
opt.skip_verify is set.
common/iobuf: fix memory wiping in iobuf_copy.
- + commit ebd434a45eefd34bd9d9f875f22a74a47b88dd5f
+ + commit 654e353d9b20f10fa275e7ae10cc50480654f079
* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
first sizeof(char*) bytes.
- common: Use platform memory zeroing function for wipememory.
- + commit 21fdef6963539680a16b68b7536378bdaa8dea85
+ common/mischelp: use platform memory zeroing function for wipememory.
+ + commit 2a650772b4e1c78a4fd20bc88433930e5551fe9c
* common/mischelp.h (wipememory): Replace macro with function
prototype.
(wipememory2): Remove.
* common/mischelp.c (wipememory): New.
- * configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
- remove duplicated checks.
+ * configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero'.
+
+2018-11-30 Werner Koch <wk@gnupg.org>
-2018-12-05 Werner Koch <wk@gnupg.org>
+ scd: Add strerror to new error message.
+ + commit 3a90efb7cf13532cc82b45c11a7abdadfe0c81f1
+ * agent/call-scd.c (wait_child_thread): Add %s.
gpg: Improve error message about failed keygrip computation.
- + commit edeebe0a6b9a49d2291d6351d52c5bc688d24cff
+ + commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc
* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.
- (cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc)
+2018-11-28 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Serialize opening device by select_application.
+ + commit 47106ac435e891ced67f0ad9bb6b2ee12098c880
+ * scd/app.c (app_new_register): Don't lock APP_LIST_LOCK here.
+ (select_application): Lock with APP_LIST_LOCK earlier.
+
+2018-11-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Better serialization for scdaemon access.
+ + commit 483e63f9b5faead819ddd28308902ef43bf298ab
+ * agent/call-scd.c (unlock_scd): Move lock before accessing IN_USE.
+ (wait_child_thread): Add log_info for Windows, and fixed log_error
+ message.
+
+2018-11-26 Andre Heinecke <aheinecke@intevation.de>
+
+ w32: Fix linkage of gpg-pair-tool.
+ + commit f12fcd907903742bde3ebb7ffef244c92d6d1611
+ * tools/Makefile.am (gpg_pair_tool_LDADD): Add W32SOCKLIBS.
+
+2018-11-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Have a thread to wait for the child process of scdaemon.
+ + commit 40c7923ea881881a48de8f303b0870ec5910e13d
+ * agent/call-scd.c (wait_child_thread): New.
+ (start_scd): Create a thread for wait_child_thread.
+ (agent_scd_check_aliveness): Remove.
-2018-11-23 Werner Koch <wk@gnupg.org>
+ agent: Defer calling assuan_release when it's still in use.
+ + commit 9fb3f0f3f79e74166cce8e0781e97043f25890cc
+ * agent/call-scd.c (struct scd_local_s): Remove LOCK, introduce IN_USE
+ and INVALID flags.
+ (unlock_scd): Call assuan_release when CTX is invalid.
+ (start_scd): Set IN_USE.
+ (agent_scd_check_aliveness): Don't call assuan_release when it's in use.
+
+ agent: Clean up SCDaemon management.
+ + commit f45d6124696cc92ccdec09841b8182679c377997
+ * agent/call-scd.c (struct scd_local_s): Remove ctrl_backlink.
+ (start_scd): Don't assign to the field.
+ (agent_scd_check_aliveness): Fix typo in comment.
+
+2018-11-22 Werner Koch <wk@gnupg.org>
dirmngr: Avoid possible CSRF attacks via http redirects.
- + commit 4a4bb874f63741026bd26264c43bb32b1099f060
+ + commit fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
+2018-11-16 Werner Koch <wk@gnupg.org>
+
+ gpg: Start using OCB mode by default with Libgcrypt 1.9.
+ + commit 1e700961ddf4c54ec5a03a697fe00d7eb606fdff
+ * g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition.
+
+2018-11-15 NIIBE Yutaka <gniibe@fsij.org>
+
+ card: Display UIF setting.
+ + commit e955ca245ea08e68ae2397f1583c8728d72acbd8
+ * g10/call-agent.h (agent_card_info_s): Add UIF fields.
+ * g10/call-agent.c (learn_status_cb): Put UIF DOs info.
+ * g10/card-util.c (current_card_status): Output for UIF.
+
+ scd: Make "learn" report about KDF data object.
+ + commit 05d163aebc04db109ec5e004eb04a4b3796f6421
+ * scd/app-openpgp.c (do_learn_status): Report KDF attr.
+ * g10/card-util.c (current_card_status): Output KDF for with_colons.
+
+ card: Display if KDF is enabled or not.
+ + commit a5542a4a702c2210facf58a98bc8d3d16089b6ab
+ * g10/call-agent.h (kdf_do_enabled): New field.
+ * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
+ * g10/card-util.c (current_card_status): Inform the availability.
+
+2018-11-14 Werner Koch <wk@gnupg.org>
+
+ Remove the gpg-zip script.
+ + commit 8b8ea802ca071c911158cab0203245a16a69125c
+ * tools/gpg-zip.in: Remove.
+ * m4/tar-ustar.m4: Remove.
+
+2018-11-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Simplify agent_popup_message_stop.
+ + commit 804a77edd9472d44606641b7772550521e1ba271
+ * agent/call-pinentry.c (agent_popup_message_stop): Just kill it.
+
+2018-11-13 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Support the new WKD draft with the openpgpkey subdomain.
+ + commit 914fa3be22bf8848a97a7dd405a040d6ef31e2fd
+ * dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
+ method.
+
+2018-11-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update libgcrypt.m4 and ntbtls.m4.
+ + commit d58fe697acefd435ec01503dae574d6c99dfedae
+ * m4/libgcrypt.m4: Update from master.
+ * m4/ntbtls.m4: Update from master.
+
2018-11-12 Andre Heinecke <aheinecke@intevation.de>
dirmngr: Add FLUSHCRLs command.
- + commit 00321a025f90990a71b60b4689ede1f38fbde347
+ + commit 678e4706ee614a6b7e543e2a80072d75405dd4db
Summary:
* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
(register_commands): Add FLUSHCRLS.
-2018-11-06 Werner Koch <wk@gnupg.org>
+2018-11-12 Werner Koch <wk@gnupg.org>
- Release 2.1.11.
- + commit cb46b787571ef149856be03b8c3481bb79871698
+ common: Prepare for parsing mail sub-addresses.
+ + commit 6b9f772914624cc673ba26d49b6e3adc32dd7e0a
+ * common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
+ implement. Change all callers to pass false for it.
+
+ * common/t-mbox-util.c (run_mbox_no_sub_test): New.
+ (run_filter): Add arg no_sub.
+ (main): Call new test and add option --no-sub.
+2018-11-11 Werner Koch <wk@gnupg.org>
+
+ common: Add --filter option to t-mbox-util.
+ + commit b3095c95ef9d2d76b49a6ad1b946fca590380dc9
+ * common/t-mbox-util.c (run_filter): New.
+ (main): Add option parser.
+
+2018-11-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ g10/mainproc: avoid extra hash contexts when decrypting AEAD input.
+ + commit b46382dd47731231ff49b59c486110a25e08e985
+ * g10/mainproc.c (mainproc_context): New member
+ 'seen_pkt_encrypted_aead'.
+ (release_list): Clear 'seen_pkt_encrypted_aead'.
+ (proc_encrypted): Set 'seen_pkt_encrypted_aead'.
+ (have_seen_pkt_encrypted_aead): New.
+ (proc_plaintext): Do not enable extra hash contexts when decryption
+ AEAD input.
+
+2018-11-08 Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+ g10/armor: optimize radix64 to binary conversion.
+ + commit 643ec7c642dc75191e712963d2bb460ac247e09b
+ * g10/armor.c (asctobin): Larger look-up table for fast path.
+ (initialize): Update 'asctobin' initialization.
+ (radix64_read): Add fast path for radix64 to binary conversion.
+
+ g10/armor: optimize binary to radix64 conversion.
+ + commit e8142cc69a2ae5a5d0a238bc9f88841067359af8
+ * g10/armor.c (bintoasc): Change to read-only.
+ (initialize): Use const pointer for 'bintoasc'.
+ (armor_output_buf_as_radix64): New function for faster binary to
+ radix64 conversion.
+ (armor_filter): Use new conversion function.
+
+ g10/armor: use libgcrypt's CRC24 implementation.
+ + commit e486d4f0259f27906d2c2869cc01b3aa31aaa0a6
+ * g10/armor.c (CRCINIT, CRCPOLY, CRCUPDATE, crc_table): Remove.
+ (new_armor_context): Open libgcrypt CRC24 context.
+ (release_armor_context): Close CRC24 context.
+ (initialize): Remove CRC table generation.
+ (get_afx_crc): New.
+ (check_input, fake_packet, radix64_read, armor_filter): Update to use
+ CRC24 context.
+ * g10/filter.h (armor_filter_context_t): Replace crc intermediate value
+ with libgcrypt md context pointer.
+
+ common/iobuf: optimize iobuf_read_line.
+ + commit 2b5718c1f76851160115f455c3a9383b04521347
+ * common/iobuf.c (iobuf_read_line): Add fast path for finding '\n'
+ character in buffer.
+
+ g10/armor: remove unused unarmor_pump code.
+ + commit 47424881b27d4b3bae2925265b2008cda0c2933f
+ * g10/armor.c (unarmor_state_e, unarmor_pump_s, unarmor_pump_new)
+ (unarmor_pump_release, unarmor_pump): Remove.
+ * g10/filter.h (UnarmorPump, unarmor_pump_new, unarmor_pump_release)
+ (unarmor_pump): Remove.
+
+ g10/armor: fix eof checks in radix64_read.
+ + commit a571bb8df52d6f2727876e086790dd037c9948ad
+ * g10/armor.c (radix64_read): Check EOF with '!afx->buffer_len' instead
+ of 'c == -1', as 'c' is never set to this value.
+
+ g10/decrypt-data: use iobuf_read for higher performance.
+ + commit 5d6c080522e1666943b75c99124fb69b985b6941
+ * g10/decrypt-data.c (fill_buffer): Use iobuf_read instead of iobuf_get
+ for reading data.
+
+ g10/decrypt-data: use fill_buffer in more places.
+ + commit e2b9095de35ac4d402b077d5484b4131700a9925
+ * g10/decrypt-data.c (mdc_decode_filter, decode_filter): Use
+ fill_buffer.
+
+2018-11-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ gpgcompose: Fix --sk-esk.
+ + commit 69930f6884a934207f7aa523cf6d2b8e22dfe666
+ * g10/gpgcompose.c (sk_esk): Copy the result content correctly.
+ Don't forget to free the result.
+
+ g10: Fix log_debug formatting.
+ + commit 7fc3decc2e038be905d47701c7ce196ed86a725b
+ * g10/cipher-aead.c (do_flush): No cast is correct.
+ * g10/decrypt-data.c (aead_underflow): No cast needed.
+ Use "%j" for uint64_t for chunklen.
2018-11-06 NIIBE Yutaka <gniibe@fsij.org>
g10: Fix print_keygrip for smartcard.
- + commit 627839ea88da11a9e8d033e3c91bdf5a048b15c3
+ + commit 01b77ebbb71d47ba276d3a1af9595fdcd9b48f5f
* g10/card-util.c (print_keygrip): Use tty_fprintf.
2018-11-05 Werner Koch <wk@gnupg.org>
wks: New option --with-colons for gpg-wks-client.
- + commit 66e0bd37ee3dd5ab534b2664493576ef6ad15a08
+ + commit e3a1e80d13487c9336640a99b2f6d385d7d6f55c
* tools/gpg-wks.h (opt): Add field with_colons.
* tools/gpg-wks-client.c (oWithColons): New const.
(opts, parse_arguments): Add option --with-colons.
(get_policy_and_sa): New function.
(command_supported): Make use of new function.
- speedo: Remove obsolete configure option of gpgme.
- + commit 593895a5e495c4647efa7db164356f3cae3d5759
- * build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
- --disable-w32-qt option.
-
- dirmngr: In verbose mode print the OCSP responder id.
- + commit 50756927ce6247abc2fadefbc76c58b75c8a7586
- * dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
-
- (cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209)
-
- tools: Replace duplicated code in mime-maker.
- + commit d5f540e7a9b3a723ba787e3a587fcd1b0948f105
- * tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from
- mime-maker.c.
- (rfc822_valid_header_name_p): New. Based on code from mime-maker.c.
- (rfc822_capitalize_header_name): New. Copied from mime-maker.c.
- (capitalize_header_name): Remove. Replace calls by new func.
- (my_toupper, my_strcasecmp): New.
- * tools/mime-maker.c: Include rfc822parse.h.
- (HEADER_NAME_CHARS, capitalize_header_name): Remove.
- (add_header): Replace check and capitalization by new functions.
-
- gpg: Don't take the a TOFU trust model from the trustdb,
- + commit 82cd7556fdce989aaacf91e0d369a62e4652f224
- * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
- (create_version_record): Don't init as TOFU.
- (tdbio_db_matches_options): Don't indicate a change in case TOFU is
- stored in an old trustdb file.
-
- dirmngr: Emit SOURCE status also on NO_DATA.
- + commit ab7a907a184f37ddafaa0dc7200c76b735ba4853
- * dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
- NO DATA error.
- (ks_hkp_get): Ditto.
- * g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
- also on error.
- (gpg_dirmngr_ks_get): Ditto.
+ speedo: Remove obsolete configure option of gpgme.
+ + commit d7323bb2d957fbeb8192c0ecbd99b1d14d302912
+ * build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
+ --disable-w32-qt option.
dirmngr: Fix LDAP port parsing.
- + commit 5ab58d3001b0342aecaf691b1af70b1f76426f55
+ + commit a3a5a2451924640588e5ecc03a1d4ba6a6ba94a5
* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
segv for a missing slash after the host name.
+2018-11-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update *.m4 from libraries.
+ + commit 8e84efbe35633275e260712ba38a505e3f9d0898
+ * m4/gpg-error.m4: Update from master.
+ * m4/ksba.m4: Ditto.
+ * m4/libassuan.m4: Ditto.
+ * m4/libgcrypt.m4: Ditto.
+ * m4/npth.m4: Ditto.
+ * m4/ntbtls.m4: Ditto.
+
+2018-10-31 NIIBE Yutaka <gniibe@fsij.org>
+
+ build: Update *.m4 from libraries.
+ + commit fd7aee6a97134fdf48a496841241f8ae25736e61
+ * m4/gpg-error.m4: Update from master.
+ * m4/ksba.m4: Ditto.
+ * m4/libassuan.m4: Ditto.
+ * m4/libgcrypt.m4: Ditto.
+ * m4/npth.m4: Ditto.
+ * m4/ntbtls.m4: Ditto.
+
2018-10-26 Werner Koch <wk@gnupg.org>
build: By default build wks-tools on all Unix platforms.
- + commit 8a33d5c9c699d2145d39b362d580df67571c5f36
- (cherry picked from commit b83fed64f8051279a8f36e024c1f12f7f13c4716)
+ + commit b83fed64f8051279a8f36e024c1f12f7f13c4716
+
wkd: Add option --directory to the server.
- + commit 839426104a0c829f0182b22048fdc51cf295beb7
+ + commit f248416bc9792e80bb0785302058131de49d7639
* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
+2018-10-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ kbx: Increase size of field for fingerprint.
+ + commit 4249e9a2bf028f007d1ddaac730f636e5c6da20f
+ * kbx/keybox-search-desc.h (fpr): Increase the size.
+
+2018-10-25 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ all: fix more spelling errors.
+ + commit a7c5d65eb50355274c1b5b047c02c653f518900a
+
+
+ headers: fix spelling.
+ + commit b39ece7d35401302879062d9d4bec25b1249ae7e
+
+
2018-10-25 Werner Koch <wk@gnupg.org>
dirmngr: Fix out of scope use of a var in the keyserver LDAP code.
- + commit 26ebb15bec897a105b248680c1ddf1806592b1eb
+ + commit 2b57a8159cdc3b212a4efc68787b40cafcd91ebe
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
+2018-10-25 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10,scd: Improve UIF support.
+ + commit 0240345728a84d8f235ce05889e83963e52742eb
+ * g10/call-agent.c (learn_status_cb): Parse "bt" flag.
+ * g10/call-agent.h: New member field "bt".
+ * g10/card-util.c (uif): Limit its access only when it is supported.
+ * scd/app-openpgp.c (do_setattr): Allow access to UIF objects only
+ when there is a button.
+
+2018-10-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ all: fix spelling and typos.
+ + commit 54eb375ff14e2a93cea70eab35719be4d25f51ca
+
+
+ doc: fix spelling mistakes.
+ + commit ef540d1af0649ebf1add190d0ab095e957658b7e
+
+
2018-10-24 Werner Koch <wk@gnupg.org>
agent: Fix possible uninitalized use of CTX in simple_pwquery.
- + commit e53253485cd7ceb7012505a629d2cd997167ccab
+ + commit bafcf7095159493a656382997f8b0d0bb11a20e8
* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
agent: Fix possible release of unitialize var in a genkey error case.
- + commit 62c75271173f83c5770576aae7b84f55a9ccbc16
+ + commit 2bdc4b6ed97770ed15ec6c5afa02c2e44568a3bc
* agent/command.c (cmd_genkey): Initialize 'value'.
ssh: Fix possible infinite loop in case of an read error.
- + commit 147e59b7815daafb32b570a96f1d1925d0f37008
+ + commit 7385e1babf6eef586c79ad23f8e541aaf608c4e5
* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
than EOF.
tools: Fix FILE memory leak in gpg-connect-agent.
- + commit f1561e5196e54f11b18050eeaeda50e786d188c2
+ + commit 378719f25fe00d46393541f4a4f79e04484c3000
* tools/gpg-connect-agent.c (do_open): dup the fileno and close the
stream.
- (cherry picked from commit 378719f25fe00d46393541f4a4f79e04484c3000)
-
sm: Use the correct string in an error message.
- + commit 1b9b0fc54b9bcd5eb1e63816bd3222d7ac7572a7
+ + commit 793fd8d876777c24c4d5072301fa530333d6e1d9
* sm/gpgsm.c (main): Fix error message.
-2018-10-24 Andre Heinecke <aheinecke@intevation.de>
-
- dirmngr: Only print info for no ldapserver file.
- + commit 01baee2b0ef4f81ac6ffa55480e91168dd27b430
- * dirmngr/dirmngr.c (parse_ldapserver_file): Only print info
- for ENOENT.
-
-2018-10-23 Andre Heinecke <aheinecke@intevation.de>
-
- sm: Fix dirmngr loadcrl for intermediate certs.
- + commit 6b36c16f77722d17f4f317c788701cbc1e9552b2
- * sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
- (inq_certificate): Distinguish unsupported inquiry error.
+ gpg: Unfinished support for v5 signatures.
+ + commit 64a1e86fc06d89c980a196c61d2b6d77d167565e
+ * g10/parse-packet.c (parse_signature): Allow for v5 signatures.
+ * g10/sig-check.c (check_signature_end_simple): Support the 64bit v5
+ byte count.
+ * g10/sign.c (hash_sigversion_to_magic): Ditto.
+ (write_signature_packets): Request v5 sig for v5 keys. Remove useless
+ condition.
+ (make_keysig_packet): Request v5 sig for v5 keys.
2018-10-22 Werner Koch <wk@gnupg.org>
dirmngr: Prepare for updated WKD specs with ?l= param.
- + commit a2bd4a64e5b057f291a60a9499f881dd47745e2f
+ + commit 256a280c51f9ea862e4bfb0bb530c2a96f9088f9
* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
request.
- gpg: Fix extra check for sign usage of a data signature.
- + commit b0d6e26bf3c8decaa568c9e4a5b2451d9af0b25b
- * g10/sig-check.c (check_signature_end_simple):
+ agent: Fix build regression for Windows.
+ + commit 68b8096b6617cdad09c99d7eda2035176807e78f
+ * agent/command-ssh.c (get_client_info): Turn client_uid into an int.
+ Fix setting of it in case of a failed getsocketopt.
+ * agent/command.c (start_command_handler): Fix setting of the pid and
+ uid for Windows.
+
+ dirmngr: In verbose mode print the OCSP responder id.
+ + commit 0a7f446c189201ca6e527af08b44da756b343209
+ * dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
+
+2018-10-15 Werner Koch <wk@gnupg.org>
+
+ tools: Replace duplicated code in mime-maker.
+ + commit f03928b16c4fb00077d22d8ec141575ef6d26913
+ * tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from
+ mime-maker.c.
+ (rfc822_valid_header_name_p): New. Based on code from mime-maker.c.
+ (rfc822_capitalize_header_name): New. Copied from mime-maker.c.
+ (capitalize_header_name): Remove. Replace calls by new func.
+ (my_toupper, my_strcasecmp): New.
+ * tools/mime-maker.c: Include rfc822parse.h.
+ (HEADER_NAME_CHARS, capitalize_header_name): Remove.
+ (add_header): Replace check and capitalization by new functions.
2018-10-15 NIIBE Yutaka <gniibe@fsij.org>
scd: Fix signing authentication status.
- + commit 7e2b0488d13561be2b754e28801de654747a8dcc
+ + commit 78f542e1f4495195db2e668f9cd41657fb1afc77
* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.
+2018-10-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix message for ACK button.
+ + commit 4ed941ff26783c4fabfe2079029f8e436eb7e340
+ * agent/divert-scd.c (getpin_cb): Display correct message.
+
+2018-10-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Support "acknowledge button" feature.
+ + commit 7a5a4c4cac8709f7c413e94cd0b40f4123baa1e5
+ * scd/apdu.c (set_prompt_cb): New member function.
+ (set_prompt_cb_ccid_reader): New function.
+ (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
+ (apdu_set_prompt_cb): New.
+ * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
+ * ccid-driver.c (ccid_set_prompt_cb): New.
+ (bulk_in): Call ->prompt_cb when timer extension.
+ * scd/command.c (popup_prompt): New.
+
+ agent: Support --ack option for POPUPPINPADPROMPT.
+ + commit 827529339a4854886dbb5625238e7e01013efdcd
+ * agent/divert-scd.c (getpin_cb): Support --ack option.
+
+2018-10-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Don't take the a TOFU trust model from the trustdb,
+ + commit 150a33df41944d764621f037038683f3d605aa3f
+ * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
+ (create_version_record): Don't init as TOFU.
+ (tdbio_db_matches_options): Don't indicate a change in case TOFU is
+ stored in an old trustdb file.
+
+2018-10-08 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix extra check for sign usage of a data signature.
+ + commit b6275f3bda8edff34274c5b921508567f491ab9c
+ * g10/sig-check.c (check_signature_end_simple):
+
+ gpg: Make --skip-hidden-recipients work again.
+ + commit 79f165d7a8bcc26972712bb0f0cc554d5c3d4e42
+ * g10/pubkey-enc.c (get_session_key): Take care of
+ opt.skip_hidden_recipients.
+
+2018-10-02 Werner Koch <wk@gnupg.org>
+
+ gpg: New options import-drop-uids and export-drop-uids.
+ + commit 8e83493dae426fe36a0e0081198b10db1e103ff1
+ * g10/options.h (IMPORT_DROP_UIDS): New.
+ (EXPORT_DROP_UIDS): New.
+ * g10/import.c (parse_import_options): Add option "import-drop-uids".
+ (import_one): Don't bail out with that options and no uids found.
+ Also remove all uids.
+ (remove_all_uids): New.
+ * g10/export.c (parse_export_options): Add option "export-drop-uids".
+ (do_export_one_keyblock): Implement option.
+
2018-10-02 NIIBE Yutaka <gniibe@fsij.org>
common: Fix gnupg_reopen_std.
- + commit 8f844ae1cd16e27ad07d45784b1f0ff2917da2b8
+ + commit 50b02dba2060a8969da47b18d9c0ecdccbd30db4
* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.
+2018-09-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10,scd: Support UIF changing command.
+ + commit 0cb65564e022fface5ada4de8e0c2c4c3d0ac8ad
+ * g10/card-util.c (uif, cmdUIF): New.
+ (card_edit): Add call to uif by cmdUIF.
+ * scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3.
+ (do_setattr): Likewise.
+ (do_learn_status): Learn UIF-1, UIF-2, and UIF-3.
+
+2018-09-18 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix memory leak for --card-status.
+ + commit fe8b6339542f3b1228b5fd56fc710ea3b07a3a2b
+ * g10/card-util.c (card_status): Release memory of serial number.
+
+2018-09-14 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix another memory leak.
+ + commit 60c880bda5c9b821fd2968cf89c38c37be3c1a7b
+ * g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t.
+
+ g10: Fix memory leak (more).
+ + commit 2eb481e8cc1c37378cf68a06557c4a7a625d315c
+ * g10/skclist.c (enum_secret_keys): Free SERIALNO on update.
+
+ g10: Fix memory leak in enum_secret_keys.
+ + commit 64c5c45e2aa4a12d939680b9d51c8b26d61c5e9d
+ * g10/skclist.c (enum_secret_keys): Don't forget to call
+ free_public_key in the error return paths.
+
+2018-09-11 NIIBE Yutaka <gniibe@fsij.org>
+
+ Revert "dirmngr: hkp: Avoid potential race condition when some hosts die."
+ + commit 69bab1cba07a8259b85a7911c2824724667803a4
+ This reverts commit 04b56eff118ec34432c368b87e724bce1ac683f9.
+
+ dirmngr: Serialize access to hosttable.
+ + commit 995aded58724a1a07704493b311be5222b3f82a2
+ * dirmngr/dirmngr.h (ks_hkp_init): New.
+ * dirmngr/dirmngr.c (main): Call ks_hkp_init.
+ * dirmngr/ks-engine-hkp.c (ks_hkp_init): New.
+ (ks_hkp_mark_host): Serialize access to hosttable.
+ (ks_hkp_print_hosttable, make_host_part): Likewise.
+ (ks_hkp_housekeeping, ks_hkp_reload): Likewise.
+
2018-09-10 NIIBE Yutaka <gniibe@fsij.org>
common: Use iobuf_get_noeof to avoid undefined behaviors.
- + commit 0383e7fed7b2a45c7f0ae4c11415c6a9a3a3ddb7
+ + commit f80346f42df4bdc7d0a9741c3922129aceae4f81
* common/iobuf.c (block_filter): Use iobuf_get_noeof.
agent: Fix error code check from npth_mutex_init.
- + commit 213379debe5591dad6339aa95aa7282e0de620f9
+ + commit adce73b86fd49d5bbb8884231a26cc7533d400e2
* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
error when npth_mutex_init returns non-zero.
+2018-09-07 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Emit SOURCE status also on NO_DATA.
+ + commit bee65edfbc8cc2c369e5941cc9d1a01a0519b388
+ * dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
+ NO DATA error.
+ (ks_hkp_get): Ditto.
+ * g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
+ also on error.
+ (gpg_dirmngr_ks_get): Ditto.
+
+2018-09-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ dirmngr: hkp: Avoid potential race condition when some hosts die.
+ + commit 04b56eff118ec34432c368b87e724bce1ac683f9
+ * dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
+ through the host table instead of risking out-of-bounds write.
+
2018-09-07 NIIBE Yutaka <gniibe@fsij.org>
g10: Fix memory leak.
- + commit 91f8a9b33a1282cbf00cb4b71b177088f0d923d7
+ + commit 7c96cc67e108f3a9514a4222ffac2f9f9a2ab19e
* g10/import.c (read_block): Call free_packet to skip the packet.
2018-09-06 NIIBE Yutaka <gniibe@fsij.org>
+ gpgscm: Suppress warnings for GCC > 6.
+ + commit 99c17b970bc0ca7e0cff7fe031c6f9feb05af3ff
+ * tests/gpgscm/scheme.c (CASE): Use unused attribute for GCC > 6.
+ (FALLTHROUGH): New for fallthrough.
+ (Eval_Cycle): Use FALLTHROUGH. Remove not-needed comment of
+ fallthrough.
+
Fix use of strncpy, which is actually good to use memcpy.
- + commit f0fdee2e24a25f57a84e1684984ce3921d923e0a
+ + commit 625ced6e672daa892d334323cce6b3d42a6f929f
* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.
-2018-08-30 Werner Koch <wk@gnupg.org>
-
- Release 2.2.10.
- + commit 24697074f44c18eeeedbc1e09d35f56504c57a1f
-
-
-2018-08-30 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 2f5ba3a6c19b7a514488be01b7683287d74545d3
-
+2018-09-05 Werner Koch <wk@gnupg.org>
+
+ kbx: Add framework for a public key daemon.
+ + commit 512be1d04b98a9d6a9067bd34c16513089a0db9f
+ * kbx/keyboxd.c: New.
+ * kbx/keyboxd.h: New.
+ * kbx/kbxserver.c: New.
+ * kbx/keyboxd-w32info.rc: New.
+ * kbx/Makefile.am (EXTRA_DIST): Add new rc file.
+ (resource_objs): Ditto.
+ (libexec_PROGRAMS): New.
+ (common_libs, commonpth_libs): New.
+ (kbxutil_LDADD): Use here.
+ (keyboxd_SOURCES): New.
+ (keyboxd_CFLAGS): New.
+ (keyboxd_LDADD): New.
+ (keyboxd_LDFLAGS): New.
+ (keyboxd_DEPENDENCIES): new.
+ ($(PROGRAMS)): Extend.
+
+ common: New function status_printf.
+ + commit d4489be467e7229e17fb17a0489bf711d6ce66d6
+ * common/asshelp2.c (set_assuan_context_func): New.
+ (status_printf): New.
+ * po/Makevars (XGETTEXT_OPTIONS): Add status_printf
2018-08-29 Werner Koch <wk@gnupg.org>
gpg: Explain error message in key generation with --batch.
- + commit a9931b3c052ee9025705a8ef1f0cdd5f20aeda70
+ + commit 1bfe766bcf3959135333900934f1a15c9b96c3cf
* g10/keygen.c (generate_keypair): Show more info.
gpg: Remove unused function get_pubkeys.
- + commit 719fc941b6eceb75c2326335d9d73011823ff3f9
+ + commit ed8fe21e6612401846fc4af8631f0136dc633c67
* g10/getkey.c (get_pubkeys): Remove.
(pubkey_free): Remove and use code directly ...
(pubkeys_free): ... here.
- (cherry picked from commit ed8fe21e6612401846fc4af8631f0136dc633c67)
-
gpg: New option --known-notation.
- + commit a59a9962f48f828ea7d22362dfa6d82841551110
+ + commit 3da835713fb6220112d988e1953f3d84beabbf6a
* g10/gpg.c (oKnownNotation): New const.
(opts): Add option --known-notation.
(main): Set option.
(can_handle_critical_notation): Rewrite to handle the new feature.
Also print the name of unknown notations in verbose mode.
-2018-08-28 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit b02ad56a9041273df58ded4cc70cf5ffa9e58c16
-
-
-2018-08-28 Werner Koch <wk@gnupg.org>
-
- assuan: Fix exponential decay for first second.
- + commit 38eb7c360bc4867cbaf37e3c2c0865bc6452ba4a
- * common/asshelp.c (wait_for_sock): Round SECSLEFT.
- * dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
- mode.
- * common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
-
-2018-08-28 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- assuan: Use exponential decay for first 1s of spinlock.
- + commit 1189df2cd7d4b6896ba22aa204c159ff2a425ead
- * common/asshelp.c (wait_for_sock): instead of checking the socket
- every second, we check 10 times in the first second (with exponential
- decay).
-
- assuan: Reorganize waiting for socket.
- + commit a22a55b994e06dd06157fbdabf5a402d8daf69c2
- * common/asshelp.c (wait_for_sock): New function, collecting
- codepaths from...
- (start_new_gpg_agent) here and...
- (start_new_dirmngr) here.
-
2018-08-28 Werner Koch <wk@gnupg.org>
gpg: Refresh expired keys originating from the WKD.
- + commit 0709f358cd13abc82e0f97f055fcaa712f0fd44f
+ + commit 7f172404bfcf719b9b1af4a182d4803525ebff7c
* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
(get_pubkey_byname): Set it.
(only_expired_enc_subkeys): New.
WKD.
gpg: Remove unused arg from a function.
- + commit 11a9fe1c5820b97d7e0f4b3e91f016df9dc466a9
+ + commit db67ccb759426c1173761574b14bdfe6a76394c2
* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
Change both callers.
- (cherry picked from commit db67ccb759426c1173761574b14bdfe6a76394c2)
+2018-08-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Prepare for longer card fingerprints.
+ + commit 108702ccae8ff1e5fec3b8e710f06a03637244c7
+ * g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to
+ "*len".
+ * g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to
+ return the actual length.
+ (agent_release_card_info): Adjust for these changes.
+ * g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add
+ arg FPRLEN. Change all callers to pass the length.
+ (print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg
+ FPRLEN. Change all callers to pass the length.
+ (fpr_is_zero): Add arg FPRLEN.
+ (fpr_is_ff): Ditto.
+ (show_card_key_info): Use the new functions.
+ * g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN.
+
+2018-08-27 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix enum_secret_keys for card keys.
+ + commit b823788d200902f34c632026934cf0e43152b73e
+ * g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns
+ fingerprint in binary, change it to hex string.
+
+ g10: Prefer to available card keys for decryption.
+ + commit 84cc55880a5815155328229beb309326472bfd82
+ * g10/skclist.c (enum_secret_keys): Add logic to prefer
+ decryption keys on cards.
+
+ g10: Move enum_secret_keys to skclist.c.
+ + commit 03a8de7def4195b9accde47c1dcb84279361936d
+ * g10/getkey.c (enum_secret_keys): Move to...
+ * g10/skclist.c (enum_secret_keys): ... here.
+
+ g10: Fix comment of enum_secret_keys.
+ + commit 6bb93fc295e712ddf9b461dfe650211caf16a844
+ * g10/getkey.c (enum_secret_keys): Fix comment for usage of
+ enum_secret_keys, following the previous change.
+
+ g10: Enumerated keys for decryption should be unique.
+ + commit 30153c65f0875f9a62838f6347bcdcedd6114d35
+ * g10/getkey.c (enum_secret_keys): Collecting keys in the context,
+ check duplicate to make sure returning only unique keys.
+ * g10/pubkey-enc.c (get_session_key): Now, it's the responsibility of
+ enum_secret_keys to free keys.
+
+ g10: Change decryption key selection for public key encryption.
+ + commit ce2f71760155b71a71418fe145a557c99bd52290
+ * g10/mainproc.c (struct mainproc_context): It's now pubkey_enc_list.
+ (do_proc_packets): Remove the first arg CTRL. Fix call of
+ proc_pubkey_enc.
+ (release_list): Handle pubkey_enc_list.
+ (proc_pubkey_enc): Remove the first arg CTRL. Simply put the packet
+ to pubkey_enc_list.
+ (print_pkenc_list): Remove the last arg FAILED.
+ (proc_encrypted): Only call print_pkenc_list once.
+ Handle DEK here.
+ (proc_packets, proc_signature_packets, proc_signature_packets_by_fd)
+ (proc_encryption_packets): Fix call of do_proc_packets.
+ * g10/packet.h (struct pubkey_enc_list): Define.
+ * g10/pubkey-enc.c (get_it): Change the second argument K.
+ (get_session_key): Select session key by LIST, using enum_secret_keys.
+ * g10/gpgv.c (get_session_key): Change the second argument K.
+ * g10/test-stubs.c (get_session_key): Likewise.
2018-08-10 NIIBE Yutaka <gniibe@fsij.org>
g10: Fix undefined behavior when EOF in parsing packet for S2K.
- + commit 822c633845066756b6442ca67b93b4b5c4316ca0
+ + commit 1b309d9f6199a91caa0ca0b97b92d599e00b736e
* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
(parse_key): Likewise.
-2018-07-29 Werner Koch <wk@gnupg.org>
+2018-07-27 Werner Koch <wk@gnupg.org>
gpg: Set a limit for a WKD import of 256 KiB.
- + commit f1c0d9bb6506eee6a3ad93ef432fe6aa5b72aabd
+ + commit e88f56f1937ac92f6a3b94e50b6db2649ec0be41
* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
(gpg_dirmngr_wkd_get): Use it.
dirmngr: Validate SRV records in WKD queries.
- + commit 8a98aa25bb4bdbfe53afd4534f6624454ca01ab0
+ + commit ebe727ef596eefebb5eff7d03a98649ffc7ae3ee
* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
to mitigate rogue DNS servers.
common: New function to validate domain names.
- + commit 4f59187a17f16d559e37a375501a0add1ca7eee8
+ + commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72
* common/mbox-util.c (is_valid_domain_name): New.
* common/t-mbox-util.c (run_dns_test): New test.
- (cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72)
-
-2018-07-29 Jiřà Keresteš <jiri.kerestes@trustica.cz>
+2018-07-26 Jiřà Keresteš <jiri.kerestes@trustica.cz>
scd: Add support for Trustica Cryptoucan.
- + commit d43248af9242d30e95f58285e4f2a2e927aae937
- (cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)
+ + commit 967d3649d24aba623133808e8d01675dff389fbb
-2018-07-12 Werner Koch <wk@gnupg.org>
- Release 2.2.9.
- + commit 2b82db61ccfe57d077dff43e0d732b51c73e1a45
+2018-07-25 Werner Koch <wk@gnupg.org>
+ dirmngr: Print a WARNING status for DNS config problems.
+ + commit bd4048c533165fd82340354d7229fcc2220db5a5
+ * dirmngr/dirmngr-status.h: New.
+ * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
+ to that file.
+ * dirmngr/t-support.c: New.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h.
+ (t_common_src): Add t-support.c.
+ * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL.
+ * dirmngr/dns-stuff.c: Include dirmngr-status.h.
+ (libdns_init): Print WARNING status line. Change call callers to take
+ and pass a CTRL argument.
+ * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING
+ status.
+
+2018-07-24 Werner Koch <wk@gnupg.org>
+
+ gpg: Use 128 MiB as default AEAD chunk size.
+ + commit 9aa1b368efd4edf51b6d056339bffb726de5162b
+ * g10/gpg.c (oDebugAllowLargeChunks): New.
+ (opts): New option --debug-allow-large-chunks.
+ (main): Implement that option.
2018-07-09 Werner Koch <wk@gnupg.org>
gpg: Remove multiple subkey bindings during export-clean.
- + commit 61562fe00027a4263f53661ad279072bd0b0133e
+ + commit 76989d5bd89ed11f5b3656dc4748fcfc939a46dc
* g10/key-clean.c (clean_one_subkey_dupsigs): New.
(clean_all_subkeys): Call it.
gpg: Let export-clean remove expired subkeys.
- + commit 8055f186a32e628028de897b7ee4705cd8e999b7
+ + commit c2fd65ec8498a08ee36ca52d99b6b014f6db8d93
* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
* g10/key-clean.c (clean_one_subkey): New.
the export clean options.
gpg: Split key cleaning function for clarity.
- + commit 046276db3a04f1907ddcf77c3771832613918226
+ + commit 6c3567196f7e72552f326ce07dccbcce31926e5d
* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
subkey cleaning into ...
(clean_all_subkeys): new. Call that always after the former clean_key
invocations.
+2018-07-06 Werner Koch <wk@gnupg.org>
+
gpg: Move key cleaning functions to a separate file.
- + commit 40bf383f72b5629de739e30c9c35bbcb628273e8
+ + commit 135e46ea480d749b8a9692f71d4d0bfdadd8ee2f
* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
-2018-07-06 Werner Koch <wk@gnupg.org>
-
- gpg: Allow decryption using several passphrases in may cases.
- + commit b4599a0449ead7dc5c0d922aa78b6168e625e15e
- * g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm.
- (proc_symkey_enc): Clear passpharse on error from above function.
-
2018-07-05 Werner Koch <wk@gnupg.org>
po: Add flag options for xgettext.
- + commit 833738a316977ee774399bd658d535216dff22e9
+ + commit cb71573f376235036c98143155e964a15cfcb250
* po/Makevars (XGETTEXT_OPTIONS): Add --flag options.
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
- + commit 221af19351addcdc28a1cd533c8628cfa3841671
+ + commit f7526c7bc754acf68bde0b79c785e875a9365d60
* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
-2018-07-04 Andre Heinecke <aheinecke@intevation.de>
-
- po: Fix bug in german translation.
- + commit 063cf45c142f33815bc0f31d0fb3e1b25ca57b8c
- * po/de.po (decryption forced to fail!): Fix translation.
+ tools: Add experimental code for a pairing protocol.
+ + commit faf3c70c7715ba86eb56fdccc6cf831bf87b2ee0
+ * configure.ac (GNUPG_CACHE_DIR): New const.
+ * tools/Makefile.am (libexec_PROGRAMS): Add gpg-pair-tool.
+ (gpg_pair_tool_SOURCES, gpg_pair_tool_CFLAGS)
+ (gpg_pair_tool_LDADD): New.
+ * tools/gpg-pair-tool.c: New.
2018-07-04 Werner Koch <wk@gnupg.org>
gpg: Ignore too large user ids during import.
- + commit cb6b925f94b42c91fe8a7ed8bb22d98984538efc
+ + commit 01cd66f9faf1623833e6afac84164de5a136ecff
* g10/import.c (read_block): Add special treatment for bad user ids
and comment packets.
gpg: Extra check for sign usage when verifying a data signature.
- + commit ef50fdf82a459894ed3da7b9be83f89658f1eaba
+ + commit 214b0077264e35c079e854a8b6374704aea45cd5
* g10/sig-check.c (check_signature_end_simple): Check sign usage.
-2018-07-03 Werner Koch <wk@gnupg.org>
+2018-07-03 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix memory leak for PKT_signature.
+ + commit 996febbab21eb9283b0634e51303a36b318734a6
+ * g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
+ * g10/gpgcompose.c (signature): Likewise.
+ * g10/sign.c (write_signature_packets): Likewise.
+
+2018-07-02 Werner Koch <wk@gnupg.org>
+
+ agent: New commands PUT_SECRET and GET_SECRET.
+ + commit 8a915cd9faf052b4faa3c415f2ac5aa8d6ea1efe
+ * agent/agent.h (CACHE_MODE_DATA): New const.
+ * agent/cache.c (DEF_CACHE_TTL_DATA): new.
+ (housekeeping): Tweak for CACHE_MODE_DATA.
+ (cache_mode_equal): Ditto.
+ (agent_get_cache): Ditto.
+ (agent_put_cache): Implement CACHE_MODE_DATA.
+ * agent/command.c (MAXLEN_PUT_SECRET): New.
+ (parse_ttl): New.
+ (cmd_get_secret): New.
+ (cmd_put_secret): New.
+ (register_commands): Register new commands.
+
+ common: New function percent_data_escape.
+ + commit 58baf40af641f8cbf597e508a292e85ae94688f1
+ * common/percent.c (percent_data_escape): New.
+ * common/t-percent.c (test_percent_data_escape): New.
+
+ agent: Fix segv running in --server mode.
+ + commit 3978df943dc7a4781a23382be2d3b4a96a04f71f
+ * agent/command.c (start_command_handler): Do not write to
+ CLIENT_CREDS after an error.
+
+2018-07-02 NIIBE Yutaka <gniibe@fsij.org>
+
+ libdns: For SOCKS connection, just fails.
+ + commit 1aacd12471935a354cfd85ee1805edc7eb16e6c5
+ * dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
+ iterate to other server, but return the error immediately.
+
+2018-06-21 Werner Koch <wk@gnupg.org>
gpg: Print revocation reason for "rev" records.
- + commit 04fb76684d8b2c9cda2e5c35bad6edec521cffa5
+ + commit 592deeddb9bf4ae9b3e236b439e2f39644eb6d46
* g10/main.h: Add prototype.
* g10/keylist.c (list_keyblock_print): Print revocation info.
(list_keyblock_colon): Ditto.
* g10/gpgv.c (get_revocation_reason): New stub.
gpg: Print revocation reason for "rvs" records.
- + commit a8e24addcc4e0fdff7d07acdd7e13bf6febf97d2
+ + commit b7cd2c2093ae1b47645be50fa1d431a028187cad
* g10/import.c (get_revocation_reason): New.
(list_standalone_revocation): Extend function.
gpg: Let --show-keys print revocation certificates.
- + commit 5c67ee160d4969b1ef94642ac602e1aed4d9a6d7
+ + commit 386b9c4f25b28fd769d7563f2d86ac3a19cc3011
* g10/import.c (list_standalone_revocation): New.
(import_revoke_cert): Call new function.
-2018-07-03 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix memory leak for PKT_signature.
- + commit 2809be1f97a447171a9e8b40079851740b15341a
- * g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
- * g10/gpgcompose.c (signature): Likewise.
- * g10/sign.c (write_signature_packets): Likewise.
-
-2018-07-02 NIIBE Yutaka <gniibe@fsij.org>
-
- libdns: For SOCKS connection, just fails.
- + commit cca92ca5348999a3564dd54d7b0a103cc9e7640c
- * dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
- iterate to other server, but return the error immediately.
+ build: Remove duplicates from AC_CHECK_FUNCS.
+ + commit 7e9aa307f76cdf2f624d43a35a8266e8b4e473f9
+ * configure.ac (AC_CHECK_FUNCS): Fold most calls into one.
2018-06-20 NIIBE Yutaka <gniibe@fsij.org>
libdns: Let kernel to decide the local port.
- + commit 72a35ffee022f1bf180d02250c5be6a4edb599e7
+ + commit 861f1da0731bf29dcb9221c4f22c76b40ec15a78
* dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
(dns_socket): Don't select ephemeral port in user space.
+2018-06-19 Werner Koch <wk@gnupg.org>
+
+ wks: Take name of sendmail from configure.
+ + commit 08147f8bbdca40c98c2a094fa48fab15b8339c80
+ * configure.ac (NAME_OF_SENDMAIL): New ac_define.
+ * tools/send-mail.c (run_sendmail): Use it.
+
2018-06-18 NIIBE Yutaka <gniibe@fsij.org>
libdns: Fix for non-FQDN hostname.
- + commit 87d0ecf8a1b80139a6cab2a79f1ca6e287207999
+ + commit a4a054bf14fa855715faee01a152755c4e2a74f7
* dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN
hostname.
+2018-06-15 NIIBE Yutaka <gniibe@fsij.org>
+
libdns: Fix connect and try next nameserver when ECONNREFUSED.
- + commit 699fe4b36f62b0f4d4e21a85ee7c9ae13377d6cb
+ + commit bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93
* dirmngr/dns.c (dns_so_check): When EINVAL, release the association
by connect with AF_UNSPEC and try again. Also try again for
ECONNREFUSED.
(dns_res_exec): Try next nameserver when ECONNREFUSED.
libdns: Clear struct sockaddr_storage by zero.
- + commit 0c05b08e8b5c1f120fe5f3ed5c061f034f7496a0
+ + commit 1c0b6681e4f322b88ac35d1f21c03d3cfc35fc23
* dirmngr/dns.c (dns_resconf_pton): Clear SS.
(dns_resconf_setiface): Clear ->IFACE.
(dns_hints_root, send_query): Clear SS.
+2018-06-14 NIIBE Yutaka <gniibe@fsij.org>
+
libdns: Sync to upstream.
- + commit 20c289606f89803929948ddd18910acff2acc9eb
+ + commit 3e6ad302eaf3a4a9f3e60379133b3dfdbe0e1b2d
* dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark.
dirmngr: Fix recursive resolver mode.
- + commit 13320db678675246f4bb5a3fb6ece143f37c34a4
+ + commit 5b40338f12762cd74238c2d2b3101c33dd2d0ed3
* dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.
2018-06-12 Werner Koch <wk@gnupg.org>
+ Some preparations to eventuallt use gpgrt_argparse.
+ + commit cb52eb76b3ba0269742c5322e10a2b5151dafaf2
+ * configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New.
+ * tools/watchgnupg.c (print_version): USe this macro.
+ * common/init.c (_init_common_subsystems): Register argparse
+ functions.
+
+ Require libgpg-error 1.29 and remove internal logging functions.
+ + commit 440472663d608660343c54f09172c851f5127c9c
+ * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.29
+ * common/util.h: Remove replacement error codes.
+ * common/logging.h: Remove fallback to internal logging functions.
+ * common/logging.c: Remove.
+ * common/Makefile.am (common_sources): Remove logging.c
+
gpg: Do not import revocations with --show-keys.
- + commit e8f439e0547463c24f3c10008fee73e6c4259f52
+ + commit fe621cc64b13b00914633630f28b4b417892d629
* g10/import.c (import_revoke_cert): Add arg 'options'. Take care of
IMPORT_DRY_RUN.
+2018-06-12 NIIBE Yutaka <gniibe@fsij.org>
+
+ card: Fix memory leak for fetch-url sub command.
+ + commit 8f99299a54a0ac09f9c90c1085b704db78973fda
+ * g10/card-util.c (fetch_url): Release INFO.
+
2018-06-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
gpg: Add new usage option for drop-subkey filters.
- + commit 86b64876bef0d8c4be8e309fcf3e2ce21e65a947
+ + commit 2ddfb5bef920919443309ece9fa2930282bbce85
* g10/import.c (impex_filter_getval): Add new "usage" property for
drop-subkey filter.
2018-06-11 Werner Koch <wk@gnupg.org>
gpg: Set some list options with --show-keys.
- + commit cbb84b3361263504dcb958208bc20177cb97cebd
+ + commit d2bc66f241a66cc95140cbb3a07555f6301290ed
* g10/gpg.c (main): Set some list options.
2018-06-08 Werner Koch <wk@gnupg.org>
- gpg: Allow building with older libgpg-error.
- + commit 18274db32b5dea7fe8db67043a787578c975de4d
- * g10/mainproc.c (proc_encrypted): Use constant from logging.h
-
- Release 2.2.8.
- + commit cd9aaa7862955846f8adf819cd89d0db33e9c08c
-
-
-2018-06-08 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 77ab99f80a5b0fbc60e05230185a54cd200d5e65
-
-
-2018-06-08 Werner Koch <wk@gnupg.org>
-
gpg: Sanitize diagnostic with the original file name.
- + commit 210e402acd3e284b32db1901e43bf1470e659e49
+ + commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
2018-06-07 Werner Koch <wk@gnupg.org>
gpg: Improve import's repair-key duplicate signature detection.
- + commit 6a87a0bd2501d82f4a6263608e4856e841305caf
+ + commit 26746fe65d14a00773473c2d0d271406a5105bca
* g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
(remove_duplicate_sigs): new.
(key_check_all_keysigs): Call remove_duplicate_sigs again after
reordering.
gpg: Fix import's repair-key duplicate signature detection.
- + commit cedd754fcb03f6dad6e462efc3d347bcef4ec83a
+ + commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba
* g10/packet.h (PKG_siganture): Add field 'help_counter'.
* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
(key_check_all_keysigs): De-duplicate on a per-block base.
gpg: Improve verbose output during import.
- + commit 36cc730fa516b3a197f3bb1eb6f3881dd128fbb7
+ + commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20
* g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
keyid.
(delete_inv_parts): Ditto.
- (cherry picked from commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20)
-
2018-06-06 Werner Koch <wk@gnupg.org>
agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
- + commit c5c8fb1ec7c8690495de6189ec2c3a322db4e881
+ + commit 7ffc1ac7dd95d4cc1897a4c36d5cd628741c12f2
* agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list
with the standard list.
gpg: Also detect a plaintext packet before an encrypted packet.
- + commit 054a187f24b19313cec59414fa924640e1b8c79c
+ + commit 344b548dc71657d0285d93f78f17a2663b5e586f
* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
gpg: New command --show-keys.
- + commit dc87a3341f28ddac1113e90a3861d062be2610e2
+ + commit 257661d6ae0ca376df758c38fabab2316d10e3a9
* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
mode.
(import_one): Be silent in show-only mode.
+2018-06-05 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Remove bogus comment.
+ + commit d2e6b3ea1d70db1039a828fb3a978a4504f8f0c5
+ * g10/mainproc.c (proc_pubkey_enc): Remove a comment.
+
2018-05-31 Werner Koch <wk@gnupg.org>
gpg: Print a hint on how to decrypt a non-mdc message anyway.
- + commit 825909e9cd5f344ece6c0b0ea3a9475df1d643de
+ + commit 874e391665405fc413a69f2ffacdb94bb08da7ff
* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
MDC. Also print a dedicated status error code
- (cherry picked from commit 874e391665405fc413a69f2ffacdb94bb08da7ff)
+2018-05-30 Werner Koch <wk@gnupg.org>
+
+ gpg: Ignore the multiple message override options.
+ + commit d3d41146b33040eb65eaaaffcfc7b4211e60bd95
+ * g10/gpg.c (oAllowMultisigVerification)
+ (oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
+ (opts): Turn --allow-multisig-verification, --allow-multiple-messages
+ and --no-allow-multiple-messages into NOPs
+ * g10/options.h (struct opt): Remove flags.allow_multiple_messages.
+ * g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
+ false.
gpg: Detect multiple literal plaintext packets more reliable.
- + commit 2f2b1d1da949e8fce28d3c4a934b4097d6f24295
+ + commit 97183b5c0fae05fcda942caa7df14ee6a133d846
* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
+2018-05-29 Werner Koch <wk@gnupg.org>
+
+ gpg: Remove PGP6 compliance mode.
+ + commit b2c05d691247a79fb46f75b653cbc4bf518c1c2a
+ * g10/gpg.c: Make --pgp6 an alias for --pgp7.
+ * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
+ * g10/options.h (PGP6): Remove. Adjust all users.
+
gpg: Remove MDC options.
- + commit 866667765f38bf65b612191209d0f0a87fb16393
- * g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
+ + commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709
+ * g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
- * g10/cipher.c (write_header): Include extra hint and make
- translatable.
- * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.
+ (use_aead): Ignore MDC options. Print warning for missing MDC feature
+ flags.
+ * g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
+ (warn_missing_aead_from_pklist): this and adjust.
+
+ gpg: Fix detection of the AEAD feature flag.
+ + commit af4a5dbe575f304838db358aaeb45741f149d0a7
+ * g10/getkey.c (fixup_uidnode): Use bitmask 0x02.
+
+2018-05-15 Werner Koch <wk@gnupg.org>
gpg: Hard fail on a missing MDC even for legacy algorithms.
- + commit 3db1b48a2da42942cb5a57281441167901bdcdc8
+ + commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
gpg: Turn --no-mdc-warn into a NOP.
- + commit 26c0d3a3fc903c1a0de644ebcc99d3e665a80941
+ + commit 96350c5d5afcbc7f66c535e38b9fcc7355622855
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
the type octet. Print diagnostic.
+ Change license of argparse.c back to LGPLv2.1.
+ + commit fa0ed1c7e2eee7c559026696e6b21acc882a97aa
+ * common/argparse.c, common/argparse.h: Change license
+
2018-03-19 NIIBE Yutaka <gniibe@fsij.org>
scd: signal mask should be set just after npth_init.
+ commit e43844c3b0b9ec93b7f2a88752bcd6b6244aacfb
* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.
+2018-02-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Avoid writing a zero length last chunk in AEAD mode.
+ + commit f2c09203b98b83669a460dc8161283de96022536
+ * g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
+ (write_final_chunk): Do not increase chunkindex.
+ (do_flush): Call set_nonce_and_ad immediately before the first
+ encryption of a chunk. Bump up the chunkindex after writing the tag.
+ (do_free): Do not insert a zero length last chunk.
+ * g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
+
+ gpg: Merge two functions in cipher-aead.c.
+ + commit 047506a03d21739b5b922f6b3fd9f059b0b137c5
+ * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ...
+ (set_nonce_and_ad): new function.
+ (write_auth_tag): Print error message here.
+ (do_flush): Rename var newchunk to finalize.
+
+2018-02-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Simplify the AEAD decryption function.
+ + commit 618b86325f776f7250ad2bb09680e4bb427d7e50
+ * g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ...
+ (aead_set_nonce_and_ad): new single function. Change callers.
+ (decrypt_data): Do not set the nonce and ad here.
+ (aead_underflow): Get rid of the LAST_CHUNK_DONE hack.
+
+ gpg: Factor common code out of the AEAD decryption function.
+ + commit ad989373f1a46139ed0fbc4d4a91069b78617ad9
+ * g10/decrypt-data.c (aead_underflow): Factor reading and checking
+ code code out to ...
+ (fill_buffer, aead_checktag): new functions.
+
+ gpg: Rename cipher.c to cipher-cfb.c.
+ + commit b703ba725dadca8298a0c69365225f9a7ff60ae2
+ * g10/cipher.c: Rename to ...
+ * g10/cipher-cfb.c: this.
+
+ gpg: Fix corner cases in AEAD encryption.
+ + commit ebb0fcf6e0bd6997eff4097ddda94955134212af
+ * g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
+ index if the previous chunk was empty.
+ * g10/decrypt-data.c (aead_underflow): Likewise. Also handle a other
+ corner cases. Add more debug output.
+
+2018-02-23 Werner Koch <wk@gnupg.org>
+
+ gpg: Try to mitigate the problem of wrong CFB symkey passphrases.
+ + commit cbc7bacf2ff95aebb427bb244c719143a9001f3c
+ * g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo.
+
2018-02-22 Michał Górny <mgorny@gentoo.org>
dirmngr: Handle failures related to missing IPv6 gracefully.
2018-02-22 Werner Koch <wk@gnupg.org>
+ build: Update swdb tags and include release info from 2.2.5.
+ + commit 7853190cfe2953fdac066b4f3256edc206896144
+
+
Release 2.2.5.
+ commit 9581a65ccc10daededc05c55391a04022f794a4a
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.
+2018-02-06 Werner Koch <wk@gnupg.org>
+
+ gpg: Fix packet length checking in symkeyenc parser.
+ + commit 8305739fe857ed3378f885bb43777fd518dd1060
+ * g10/parse-packet.c (parse_symkeyenc): Move error printing to the
+ end. Add additional check to cope for the 0je extra bytes needed for
+ AEAD.
+
2018-01-29 NIIBE Yutaka <gniibe@fsij.org>
tests: Fix for NetBSD with __func__.
+ commit 64aa98c8a05513d9c00f53a2b880d80f9035333e
* tests/asschk.c: Don't define __func__ if available.
+2018-01-28 Werner Koch <wk@gnupg.org>
+
+ gpg: Rename a misnomed arg in open_outfile.
+ + commit 303310d05e708dd58dcf7b7d8e8634cd5085bc7e
+ * g10/openfile.c (open_outfile): Rename inp_fd to out_fd.
+
2018-01-27 Werner Koch <wk@gnupg.org>
dirmngr: Improve assuan error comment for cmd keyserver.
2018-01-26 NIIBE Yutaka <gniibe@fsij.org>
+ agent: Fix sending connecting process uid to pinentry.
+ + commit 660eafa3a9f68e116e9b0597edc317d8ff90f9b2
+ * agent/command-ssh.c (get_client_info): Use LOCAL_PEERCRED.
+
agent: Fix last commit.
+ commit d7207b39b71d1b07c4cddac602f29ec583f6d1ad
* configure.ac: Check ucred.h as well as sys/ucred.h.
* configure.ac: Check sys/ucred.h instead of ucred.h.
* agent/command-ssh.c: Include sys/ucred.h.
+2018-01-24 Werner Koch <wk@gnupg.org>
+
+ gpg: New maintainer option --debug-set-iobuf-size.
+ + commit db7661b5a297a58c95fa9873d43f31d697b8feb3
+ * g10/gpg.c (opts): Add new option.
+ (opt_set_iobuf_size): New var.
+ (set_debug): Set the option.
+ * tests/openpgp/armor.scm: Use this option to revert the buffer size
+ to the one which used to exhibit the tested bugs.
+
+ iobuf: Increase the size of the buffer. Add iobuf_set_buffer_size.
+ + commit bfc11816444512b4ebcc6617d3c3b5988e753de3
+ * common/iobuf.c (IOBUF_BUFFER_SIZE): Rename to
+ DEFAULT_IOBUF_BUFFER_SIZE and increase to 64k.
+ (iobuf_buffer_size): New var. Always use this instead of the macro.
+ (iobuf_set_buffer_size): New.
+ (struct file_filter_ctx_t): Add field delayed_rc.
+ (file_filter) [!W32]: Try to fill the supplied buffer.
+
+ gpg: Fix AEAD encryption for chunk sizes other than 64 KiB.
+ + commit ff1bdc23d9f1693c1add7c1fe8d218b7bf743e31
+ * g10/cipher-aead.c (do_flush): Init ERR. Fix remaining chunklen
+ computation.
+ (do_free): Add dummy encryption. Close the cipher handle.
+ * g10/decrypt-data.c (aead_underflow): Rewrite.
+
+ gpg: Rename a variable in decrypt-data for clarity.
+ + commit 83a15fa88e91d277811b6d030c4aa40c4fb3e6ad
+ * g10/decrypt-data.c (decode_filter_context_s): Rename field 'defer'
+ to 'holdback' and replace 'defer_filled' flag into 'holdbacklen'.
+ Change all users.
+
+2018-01-23 Werner Koch <wk@gnupg.org>
+
+ gpg: New option --chunk-size.
+ + commit f3ef8b0dcaede1c85da0dff8eeceda6a994f0b28
+ * g10/gpg.c (opts): New option --chunk-size.
+ (oChunkSize): New const.
+ (build_list_aead_test_algo, build_list_aead_algo_name): New.
+ (my_strusage): List AEAD algos.
+ (main): Implement --chunk-size..
+ * g10/options.h (struct opt): Add field 'chunk_size'.
+ (DBG_IPC): Remove duplicated macro.
+ * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version.
+ * g10/misc.c (openpgp_aead_test_algo): Ditto.
+
+ * g10/cipher-aead.c: Silence if not in debug mode.
+ * g10/decrypt-data.c: Ditto.
+
+ gpg: Copy the AEAD prefs to the user ID struct.
+ + commit 112e02ee89b78369c1c50e672873e726cbfeb994
+ * g10/getkey.c (fixup_uidnode): Copy the AEAD prefs.
+
+ gpg: Clear the symmetric passphrase cache for encrypted session keys.
+ + commit 278d87465685e0aa415e0333de1d27e79d1608f0
+ * g10/mainproc.c (proc_symkey_enc): Clear the symmetric key cache on
+ error.
+ (proc_encrypted): Need to take are of the checksum error.
+
+ gpg: Implement AEAD for SKESK packets.
+ + commit 9aab9167bca38323973e853845ca95ae8e9b6871
+ * g10/packet.h (PKT_symkey_enc): Add field aead_algo.
+ * g10/build-packet.c (do_symkey_enc): Support version 5 packets.
+ * g10/parse-packet.c (parse_symkeyenc): Ditto.
+ * g10/encrypt.c (encrypt_symmetric): Force using a random session
+ key in AEAD mode.
+ (encrypt_seskey): Add and support arg aead_algo.
+ (write_symkey_enc): Ditto.
+ (encrypt_simple): Adjust accordingly.
+ (encrypt_filter): Ditto.
+ * g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
+ support.
+ * g10/mainproc.c (symkey_decrypt_seskey): Support AEAD. Nver call BUG
+ but return an error.
+ (proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.
+
+ * g10/import.c (check_prefs): Check AEAD preferences.
+ * g10/keyedit.c (show_prefs): Print AEAD preferences.
+
+2018-01-22 Werner Koch <wk@gnupg.org>
+
+ gpg: Unify AEAD parameter retrieval.
+ + commit da3015e3c05030fe709c8f922486e73d06d1d16a
+ * g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
+ * g10/encrypt.c (use_aead): Return the AEAD algo.
+ (encrypt_simple): Adjust for this change.
+ (encrypt_crypt): Ditto.
+ (encrypt_filter): Ditto.
+ * g10/sign.c (sign_symencrypt_file): Ditto.
+
+ * g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
+ (openpgp_aead_algo_info): New.
+ * g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
+ (write_header): Use new fucntion.
+ * g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
+ (decrypt_data): Use new function. Also allow for chunkbytes other
+ than 10.
+
+ gpg: Refactor function encrypt_seskey.
+ + commit 0131d4369a81a51bf7bb328cc81a3bb082ed1a94
+ * g10/encrypt.c (encrypt_seskey): Allocate the buffer for the
+ encrypted key and returns that buffer and its length.
+ (encrypt_simple): Adjust for above change.
+ (write_symkey_enc): Ditto.
+
2018-01-22 NIIBE Yutaka <gniibe@fsij.org>
scd: Support KDF Data Object of OpenPGPcard V3.3.
(verify_chv2, do_sign): Follow the change of verify_a_chv.
(verify_chv3, do_change_pin): Use pin2hash_if_kdf.
+2018-01-21 Werner Koch <wk@gnupg.org>
+
+ gpg: Support EAX if for latest Libgcrypt.
+ + commit 7356d6ec50ea24bc9449187e1c2b3ecd717b789f
+ * g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): New.
+ (write_header): Use it.
+ * g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): New.
+ (decrypt_data): Use it.
+ * g10/misc.c (openpgp_aead_test_algo): Allow EAX.
+
+ gpg: First take on PKT_ENCRYPTED_AEAD.
+ + commit 3f4ca85cb0cf58006417f4f7faafaa9a1f1bdf22
+ * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const.
+ * g10/dek.h (DEK): Increase size of use_aead to 4 bits.
+ * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD.
+ * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and
+ chunkbyte.
+ * g10/build-packet.c (do_encrypted_aead): New.
+ (build_packet): Call it.
+ * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD.
+ (parse_one_sig_subpkt, can_handle_critical): Ditto.
+ (parse_encrypted): Clear new PKT_ENCRYPTED fields.
+ (parse_encrypted_aead): New.
+ (parse): Call it.
+ * g10/gpg.c (main): Take care of --rfc4880bis option when checking
+ compliance.
+ * g10/cipher-aead.c: Replace the stub by real code.
+ * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with
+ AEAD.
+ (aead_set_nonce): New.
+ (aead_set_ad): New.
+ (decrypt_data): Support AEAD.
+ (aead_underflow): New.
+ (aead_decode_filter): New.
+ * g10/encrypt.c (use_aead): Make that new fucntion work.
+ (encrypt_simple): Use default_aead_algo() instead of EAX.
+ * g10/mainproc.c (proc_encrypted): Support AEAD.
+ (do_proc_packets): Support PKT_ENCRYPTED_AEAD.
+
2018-01-18 Werner Koch <wk@gnupg.org>
gpg: Fix the use of future-default with --quick-add-key.
parse_key_parameter_string so that it can use it in case a subkey is
to be created.
+2018-01-10 Werner Koch <wk@gnupg.org>
+
+ gpg: Add stub function for encrypting AEAD.
+ + commit 81d71818d054a5faa9153fd52a4b79bbbb71e9d5
+ * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb.
+ * g10/cipher-aead.c: New. Right now only with a stub function.
+ * g10/Makefile.am (gpg_sources): Add file.
+ * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or
+ cipher_filter_aead.
+ (encrypt_crypt): Ditto.
+ (encrypt_filter): Ditto.
+ * g10/sign.c (sign_symencrypt_file): Ditto.
+
+ gpg: New option --force-aead.
+ + commit 4e2ba546cdccbbc6d3e29867ee5671fd44d74e67
+ * g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric
+ into single bit vars. Make sure they are always set to 1 or 0.
+ (DEK): New field use_aead.
+ * g10/options.h (struct opt): New field force_aead.
+ * g10/pkclist.c (select_aead_from_pklist): New.
+ * g10/gpg.c (oForceAEAD): New const.
+ (opts): New options "--force-aead".
+ (main): Set new option.
+ * g10/encrypt.c (use_aead): New.
+ (encrypt_simple): Implement new flags DEK.use_aead.
+ (encrypt_crypt): Ditto.
+ (encrypt_filter): Ditto.
+ * g10/sign.c (sign_symencrypt_file): Ditto.
+
+ gpg: Add option and preference framework for AEAD.
+ + commit 8217cd49364b9f81b390f7ca6a608dd946f93efc
+ * common/openpgpdefs.h (aead_algo_t): New.
+ (SIGSUBPKT_PREF_AEAD): New.
+ * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New.
+ (opts): New options --aead-algo and --personal-aead-preferences.
+ (set_compliance_option): Clar aead algo.
+ (main): Parse and check the new options
+ * g10/options.h (struct opt): Add fields def_aead_algo and
+ personal_aead_prefs.
+ * g10/packet.h (PREFTYPE_AEAD): New enum value.
+ (PKT_user_id): Add field flags.aead.
+ (PKT_public_key): Add field flags.aead.
+ * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD.
+ * g10/getkey.c (fixup_uidnode): Set AEAD flag.
+ (merge_selfsigs): Ditto.
+ * g10/kbnode.c (dump_kbnode): Show aead flag.
+ * g10/keyedit.c (show_prefs): Ditto.
+ (show_key_with_all_names_colon): Ditto.
+ * g10/keygen.c (aead_presf, n_aead_prefs): New vars.
+ (set_one_pref): Suppport PREFTYPE_AEAD.
+ (keygen_set_std_prefs): Parse AEAD preferences.
+ (keygen_get_std_prefs): Ditto.
+ (add_feature_aead): New.
+ (keygen_upd_std_prefs): Call that and build AEAD pref packet.
+ * g10/main.h (DEFAULT_AEAD_ALGO): New const.
+ * g10/misc.c (openpgp_aead_test_algo): New.
+ (openpgp_aead_algo_name): New.
+ (string_to_aead_algo): New.
+ (default_aead_algo): New.
+
2018-01-09 Andre Heinecke <aheinecke@intevation.de>
doc: Note pinentry-mode for passphrase opts.
+ commit e3ddeff66e8c08a37ddf8b6510d69579c245e192
* po/ja.po: Fix message with no "%s".
+ po: Update Japanese translation.
+ + commit 77e2fcb4ffbad8577a2cf41f17bf92dec6a93ad8
+ * po/ja.po: Fix message with no "%s".
+
2017-12-13 Werner Koch <wk@gnupg.org>
gpg: Print a warning for too much data encrypted with 3DES et al.
* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
known and tell domaininfo about the results.
+ Adjust for changed macro names in libgpg-error master.
+ + commit 34defc9bce91d66fa8c9481ebe6e78b612e570dc
+ * common/logging.h (GPGRT_LOGLVL_): New replacement macros for older
+ libgpg-error versions.
+
2017-12-08 NIIBE Yutaka <gniibe@fsij.org>
agent: Fix description of shadow format.
+ commit 0d0b9eb0d4f99e8d293a4ce4b90921a879905115
* g10/trustdb.c (sanitize_regexp): Only escape operators.
+2017-11-27 Werner Koch <wk@gnupg.org>
+
+ Use the gpgrt log functions if possible.
+ + commit b56dfdfc1865ceb7c3c025d79996e049faee7fdf
+ * common/logging.c: Do not build any code if we can use the gpgrt_log
+ functions.
+ (log_logv_with_prefix): Rename to log_logv_prefix and change order of
+ args so that this function matches its printf like counterpart
+ gpgrt_logv_prefix. Change all callers.
+ (log_debug_with_string): Rename to log_debug_string. Change all
+ callers.
+ (log_printhex): Move first arg to end so that this function matches
+ its printf like counterpart gpgrt_log_printhex. Change all callers.
+ * common/logging.h: Divert to gpgrt/libgpg-error if we can use the
+ gpgrt_log functions.
+ (bug_at): Add inline versions if we can use the gpgrt_log functions.
+ * configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
+ (mycflags): Add -Wno-format-zero-length.
+
2017-11-26 Werner Koch <wk@gnupg.org>
gpg: Do not read from uninitialized memory with --list-packets.
(crl_parse_insert): Immediately set MD to NULL. Remove check for md
before a calling abort_sig_check.
+2017-11-15 Werner Koch <wk@gnupg.org>
+
+ assuan: Fix exponential decay for first second.
+ + commit 0cfdd3b57d592fb6baa7dafe8fde124e8a6c7798
+ * common/asshelp.c (wait_for_sock): Round SECSLEFT.
+ * dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
+ mode.
+ * common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
+
+ common: Change log_clock to printf style.
+ + commit 8704304699bcbc1c10d0315ec7d25a1ae05c9905
+ * common/logging.c (log_clock): Use do_logv.
+
+ common: Tweak new code to keep already translated strings.
+ + commit 4a7fe9a596b639a0edb08502f20cb293129e5a33
+ * common/asshelp.c (wait_for_sock): Replace NAME by WHICH and adjust
+ caller. Revert to use the former strings.
+
2017-11-15 Andre Heinecke <aheinecke@intevation.de>
w32: Fix default registry path.
+ commit 4f5afaf1fdb5cb13859aca390ccb5a1ba1dba00c
* configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash.
+2017-11-15 Werner Koch <wk@gnupg.org>
+
+ gpg: Repurpose the ISO defined DO "sex" to "salutation".
+ + commit 166f3f9ec40888e10cb0c51017944bfc57503fc1
+ * g10/card-util.c (current_card_status): String changes.
+ (change_sex): Description change.
+ (cmds): Add "salutation"; keep "sex" as an alias.
+
+2017-11-15 Andre Heinecke <aheinecke@intevation.de>
+
gpgtar: Prefer --set-filename over implicit name.
+ commit 878b8bfdcc3a8becfc46b9287a2d14cd3c875f28
* tools/gpgtar-extract.c: Prefer opt.filename over filename
+ commit b062ea5bc25157c942047b3fe7f5182a06106340
* g10/getkey.c (get_pubkey_byname): Print info only in verbose mode.
+2017-11-14 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Check for WKD support at session end.
+ + commit d4e2302d8f4a1ff52d56da4f8e3a5d1c6303822d
+ * dirmngr/domaininfo.c (insert_or_update): Copy the name.
+ * dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
+ * dirmngr/server.c (set_error): Protect CTX.
+ (dirmngr_status): Protect against missing ASSUAN_CTX.
+ (dirmngr_status_help): Ditto.
+ (dirmngr_status_printf): Ditto.
+ (cmd_wkd_get): Factor code out to ...
+ (proc_wkd_get): new func. Support silent operation with no CTX.
+ (task_check_wkd_support): New.
+
+ dirmngr: Add a background task framework.
+ + commit 96a4fbecd1acf946dcde20bef4752c539dae196b
+ * dirmngr/workqueue.c: New.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
+ * dirmngr/server.c (server_local_s): New field session_id.
+ (cmd_wkd_get): Add a task.
+ (task_check_wkd_support): New stub function.
+ (cmd_getinfo): New sub-commands "session_id" and "workqueue".
+ (start_command_handler): Add arg session_id and store it in
+ SERVER_LOCAL.
+ (dirmngr_status_helpf): New.
+ * dirmngr/dirmngr.h (wqtask_t): New type.
+ * dirmngr/dirmngr.c (main): Pass 0 as session_id to
+ start_command_handler.
+ (start_connection_thread): Introduce a session_id and pass it to
+ start_command_handler. Run post session tasks.
+ (housekeeping_thread): Run global workqueue tasks.
+
2017-11-14 Andre Heinecke <aheinecke@intevation.de>
sm, w32: Fix initial keybox creation.
+ commit 5ecef193bc2144e6d51a6bd5727bfd08a0d28b66
* sm/keydb.c (maybe_create_keybox): Open new keybox in bin mode.
+2017-11-14 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Limit the number of cached domains for WKD.
+ + commit 26f08343fbccdbaa177c3507a3c5e24a5cf94a2d
+ * dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
+ (insert_or_update): Limit the length of a bucket chain.
+ (domaininfo_print_stats): Print just one summary line.
+
+2017-11-13 Werner Koch <wk@gnupg.org>
+
+ dirmngr: Keep track of domains used for WKD queries.
+ + commit 65038e6852185c20413d8f6602218ee636413b77
+ * dirmngr/domaininfo.c: New file.
+ * dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
+ * dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
+ known and tell domaininfo about the results.
+
+ gpg-agent: Avoid getting stuck in shutdown pending state.
+ + commit 5d83eb9226c0ce608ec284d8c9bc22ce84a00c25
+ * agent/gpg-agent.c (handle_connections): Always check inotify fds.
+
+2017-11-13 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Handle the case with DISABLE_REGEX.
+ + commit 80b904543486a2f12087bc34a6049ede4eb75940
+ * tests/openpgp/Makefile.am [DISABLE_REGEX] (EXTRA_DIST, XTESTS):
+ Conditionalize.
+ * tests/openpgp/all-tests.scm (all-tests): Input file is Makefile.
+
+2017-11-13 Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ tests: Run the trust-pgp-4 test again.
+ + commit a1fe3708d0894c138f6dd75d2a6bd22c64359172
+ * tests/openpgp/Makefile.am (XTESTS): Add trust-pgp-4.scm.
+ (EXTRA_DIST): Remove the test file from EXTRA_DIST.
+
+2017-11-09 NIIBE Yutaka <gniibe@fsij.org>
+ Damien Goutte-Gattat <dgouttegattat@incenp.org>
+
+ g10: Fix regexp sanitization.
+ + commit ccf3ba92087e79abdeaa0208795829b431c6f201
+ * g10/trustdb.c (sanitize_regexp): Only escape operators.
+
+2017-11-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ assuan: Use exponential decay for first 1s of spinlock.
+ + commit 149041b0b917f4298239fe18b5ebd5ead71584a6
+ * common/asshelp.c (wait_for_sock): instead of checking the socket
+ every second, we check 10 times in the first second (with exponential
+ decay).
+
+ assuan: Reorganize waiting for socket.
+ + commit 0471ff9d3bf8d6b9a359f3c426d70d0935066907
+ * common/asshelp.c (wait_for_sock): New function, collecting
+ codepaths from...
+ (start_new_gpg_agent) here and...
+ (start_new_dirmngr) here.
+
2017-11-07 Werner Koch <wk@gnupg.org>
Release 2.2.2.
(cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f)
+ dirmngr: Reduce default LDAP timeout to 15 seconds.
+ + commit ab7ac827041b5cd97bbca7a75b0930072dd6611f
+ * dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
+ * dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.
+
speedo: Include software versions in the W32 README.
+ commit 23bfac6d1a8bd2d0af5a6fac3ba3a6e986d6c9e8
(cherry picked from commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407)
+ commit 1941287c9d2c9e666bad1bd330db169f0e3d6b6c
+2017-11-07 Werner Koch <wk@gnupg.org>
+
+ speedo: Include software versions in the W32 README.
+ + commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407
+
+
2017-11-07 NIIBE Yutaka <gniibe@fsij.org>
po: Update Japanese translation.
+ commit 96d441b315ec5c9f329596cfda28ac13a8bfa21a
+ agent: Use clock or clock_gettime for calibration.
+ + commit 380bce13d94ff03c96e39ac1d834f382c5c730a1
+ * agent/protect.c (calibrate_get_time): Use clock or clock_gettime.
+
2017-11-06 Werner Koch <wk@gnupg.org>
+ tests: Minor imporvement in agent invocation.
+ + commit 42308224d1fce64c666aed2be5eb4ef42e8aced4
+ * tests/openpgp/defs.scm (create-gpghome): Add s2k-count.
+
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
+ commit 3607ab2cf382296cb398a92d5ec792239960bf7b
* agent/command.c (cmd_getinfo): New sub-commands.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
+ agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
+ + commit 52d41c8b0f4af6278d18d8935399ddad16a26856
+ * agent/command.c (cmd_getinfo): New sub-commands.
+ * agent/protect.c (get_standard_s2k_count): Factor some code out to ...
+ (get_calibrated_s2k_count): new.
+ (get_standard_s2k_time): New.
+
+ agent: New option --s2k-count.
+ + commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e
+ * agent/agent.h (opt): New field 's2k_count'.
+ * agent/gpg-agent.c (oS2KCount): New enum value.
+ (opts): New option --s2k-count.
+ (parse_rereadable_options): Set opt.s2k_count.
+
2017-11-06 NIIBE Yutaka <gniibe@fsij.org>
g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
(do_change_rsa_keysize): Rename to do_change_keyattr.
+ gpg: Unifiy the message for re-configuring cards.
+ + commit 922bae8082f2f8d696ea0e7d7e9e4d986789bdfc
+ * g10/card-util.c (ask_card_keyattr): Print "rsaNNNN".
+
+ gpg: Introduce magic value 25519 to switch a card to ECC.
+ + commit ea09b6cded9d31a8ebd91878553c3eaa2b76e817
+ * g10/card-util.c (show_keysize_warning): Slightly change the text.
+ (ask_card_keyattr): Handle special value 25519.
+ (do_change_keyattr): Allow changing to cv25519/ed25519.
+ (generate_card_keys): Ditto.
+ (card_generate_subkey): Ditto.
+
2017-11-02 NIIBE Yutaka <gniibe@fsij.org>
agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
+ commit 3da47d19df89d302c0ea25921f4bd8ce55705afe
* agent/learncard.c (agent_handle_learn): Find SERIALNO.
+ agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
+ + commit 5e96fe72e477d09e35ccee48af0fd9ab2b3ae409
+ * agent/learncard.c (agent_handle_learn): Find SERIALNO.
+
2017-11-01 NIIBE Yutaka <gniibe@fsij.org>
common: Accept the Z-suffix for yymmddThhmmssZ format.
+ commit 0e5bd473a07f188615c4fce26b73bb452d689d68
* common/gettime.c (isotime_p): Accept the Z suffix.
+2017-11-01 Werner Koch <wk@gnupg.org>
+
+ gpg: Rename two card related functions in card-util.
+ + commit f795f4529d8ab5a05db1cc1960abd34390bfae1b
+ * g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
+ (do_change_rsa_keysize): Rename to do_change_keyattr.
+
+2017-11-01 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
+ + commit 6c63a04569c07c9c2817c7c530a92ccfa58155cc
+ * g10/keygen.c (pSUBKEYGRIP): New.
+ (read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
+ (do_generate_keypair): Support pSUBKEYGRIP.
+
+2017-10-30 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Simplify "factory-reset" procedure.
+ + commit d63b7966cdd72548c60466c620de5cd6104a779e
+ * g10/card-util.c (factory_reset): Simplify.
+
2017-10-27 NIIBE Yutaka <gniibe@fsij.org>
agent: Clean up pinentry access locking.
(unlock_pinentry): Handle recursion. Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.
+ agent: Clean up pinentry access locking.
+ + commit fb7828676cc2c01047498898378711e049f73fee
+ * agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
+ * agent/call-pinentry.c (entry_owner): Remove.
+ (agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
+ (unlock_pinentry): Add CTRL to arguments to access thread private.
+ Check and decrement PINENTRY_ACTIVE for recursive use.
+ (start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
+ (agent_askpin): Follow the change of unlock_pinentry API.
+ (agent_get_passphrase, agent_get_confirmation): Likewise.
+ (agent_show_message, agent_popup_message_start): Likewise.
+ (agent_popup_message_stop, agent_clear_passphrase): Likewise.
+
2017-10-26 NIIBE Yutaka <gniibe@fsij.org>
+ agent: Allow recursive use of pinentry.
+ + commit 3b66a256e3760e88066ca11b7b49d924e42aa46b
+ * agent/agent.h (struct server_control_s): Add pinentry_level.
+ * agent/call-pinentry.c (agent_popup_message_stop): Not clear
+ ENTRY_CTX here.
+ (unlock_pinentry): Handle recursion. Clear ENTRY_CTX here.
+ (start_pinentry): Allow recursive use.
+
agent, tests: Support --disable-scdaemon build case.
+ commit 05cb87276c21c3a47226c75026fa46a955553dd9
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
+ commit b13972dfbf7224478652038725ab0d2cb41b7303
* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
+ agent, tests: Support --disable-scdaemon build case.
+ + commit bf26c08b95389718ba07f12789d372c6f438134f
+ * agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
+ * tests/openpgp/defs.scm (create-gpghome): Likewise.
+ * tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.
+
+ Fix comment of configure.
+ + commit 3549dce4f5a726f5350ac2f20d83ba9f84cc23b4
+ * configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
+
2017-10-24 Werner Koch <wk@gnupg.org>
gpg: Avoid superfluous sig check info during import.
* sm/keylist.c (print_capabilities): Move colon printing ...
(list_cert_colon): to here.
+2017-10-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: Send pinentry the uid of connecting process where possible.
+ + commit 28aa6890588cc108639951bb4bef03ac17743046
+ * agent/agent.h (server_control_s): Add field 'client_uid'.
+ * agent/call-pinentry.c (start_pinentry): Add uid field to assuan
+ option "owner" sent to pinentry.
+ * agent/command-ssh.c (peer_info_s): New static struct.
+ (get_client_pid): Rename to...
+ (get_client_info): Here, and extract uid in addition to pid.
+ (start_command_handler_ssh): Use get_client_info() instead of
+ get_client_pid().
+ * agent/command.c (start_command_handler): Try assuan_get_peercred,
+ and only fall back to assuan_get_pid when assuan_get_peercred fails.
+
+2017-10-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Fix find_and_check_key for multiple keyrings.
+ + commit 995c46ea77cff5b99b2fca17b547d6525a4f227e
+ * g10/pkclist.c (find_and_check_key): Call get_validity on a specific
+ keyblock.
+
+2017-10-18 Werner Koch <wk@gnupg.org>
+
+ gpg: Keep a lock during the read-update/insert cycle in import.
+ + commit 645f30ad310a518a863eb7bd3e11251a7e7f2eca
+ * g10/keydb.c (keydb_handle): New field 'keep_lock'.
+ (keydb_release): Clear that flag.
+ (keydb_lock): New function.
+ (unlock_all): Skip if KEEP_LOCK is set.
+ * g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
+ requested.
+
+ gpg: Improve keydb handling in the main import function.
+ + commit 3bb06531d38b85be295308e826a50a1a7ba935ec
+ * g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
+ (get_keyblock_byfprint_fast): .. new function.
+ * g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
+ (import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
+ handle. Remove the now surplus keyblock fetch in the merge branch.
+
+ gpg: Simplify keydb handling of the main import function.
+ + commit d353287f721ffb56627d55bef04cc770ff0a8681
+ * g10/import.c (import_keys_internal): Return gpg_error_t instead of
+ int. Change var names.
+ (import_keys_es_stream): Ditto.
+ (import_one): Ditto. Use a single keydb_new and simplify the use of
+ of keydb_release.
+
+ gpg: Fix wrong Tofu DB consistency check.
+ + commit 18e5946aef458cd95fdce4a04e144747b52b0472
+ * g10/tofu.c (build_conflict_set): Do not assume MAX_FINGERPRINT_LEN
+ is the size of the fingerprint.
+
+2017-10-17 Werner Koch <wk@gnupg.org>
+
+ gpg,sm: New option --with-key-screening.
+ + commit 825abec0e7f38667a34dce3025fc2f3a05001dde
+ * common/pkscreening.c: New.
+ * common/pkscreening.h: New.
+ * common/Makefile.am (common_sources): Add them.
+ * g10/gpg.c (opts): New option --with-key-screening.
+ * g10/options.h (struct opt): New field with_key_screening.
+ * g10/keylist.c: Include pkscreening.h.
+ (print_pk_screening): New.
+ (list_keyblock_print): Call it.
+ (print_compliance_flags): Call it.
+ * sm/gpgsm.c (opts): New option --with-key-screening.
+ * sm/gpgsm.h (scruct opt): New field with_key_screening.
+ * sm/keylist.c: Include pkscreening.h.
+ (print_pk_screening): New.
+ (print_compliance_flags): Call it. Add new arg cert.
+ (list_cert_colon): Pass arg cert
+ (list_cert_std): Call print_pk_screening.
+ * sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
+
+ sm: Fix colon listing of fields > 12 in crt records.
+ + commit 69e579d78545aee5096a5d170e1cb9e511a09a90
+ * sm/keylist.c (print_capabilities): Move colon printing ...
+ (list_cert_colon): to here.
+
+2017-10-06 Neal H. Walfield <neal@g10code.com>
+
+ gpg: Fix comparison.
+ + commit 1ed21eee79749b976b4a935f2279b162634e9c5e
+ * g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
+ not one or fewer.
+
2017-09-28 Werner Koch <wk@gnupg.org>
gpg: Workaround for junk after --trusted-key.
* g10/trust.c (register_trusted_key): Cut off everthing starting as a
hash sign.
+2017-09-27 Werner Koch <wk@gnupg.org>
+
+ gpg: Prepare for a longer fingerprint.
+ + commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38
+ * g10/card-util.c (change_cafpr): Use MAX_FINGERPRINT_LEN.
+ * g10/cipher.c (write_header): Use snprintf.
+ * g10/gpg.h (MAX_FINGERPRINT_LEN): Change to 32.
+ (MAX_FORMATTED_FINGERPRINT_LEN): Change to 59
+ * g10/keyid.c (format_hexfingerprint): Add v5 fingerprint format.
+ * g10/tofu.c (get_policy): Use MAX_FINGERPRINT_LEN for the buffer but
+ keep the raw length for now.
+
+ common: Add constant KEYGRIP_LEN.
+ + commit 76c80021d4da0755dbb04bd5d42f32015cba0b9a
+ * common/util.h (KEYGRIP_LEN): New.
+ * g10/call-agent.c (agent_probe_any_secret_key): Use that constant.
+ * g10/keyid.c (keygrip_from_pk): Ditto.
+
+ gpg: Let --debug clock time sign and verify.
+ + commit 6aa4478c78cb34cf3d0ae5c752525110947bd247
+ * configure.ac (ENABLE_LOG_CLOCK): New ac_define and option.
+ * common/logging.c (log_clock): Use ENABLE_LOG_CLOCK to enable
+ timestamp printing.
+ * g10/call-agent.c (agent_pksign): Time signing.
+ * g10/sig-check.c (check_signature_end_simple): Time verification.
+
+2017-09-26 NIIBE Yutaka <gniibe@fsij.org>
+
+ g10: Select a secret key by checking availability under gpg-agent.
+ + commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6
+ * g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
+ by agent_probe_secret_key.
+ (get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.
+
+2017-09-20 NIIBE Yutaka <gniibe@fsij.org>
+
+ agent: Fix cancellation handling for scdaemon.
+ + commit 9f5e50e7c85aa8b847d38010241ed570ac114fc3
+ * agent/call-scd.c (cancel_inquire): Remove.
+ (agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
+ (agent_card_scd): Don't call cancel_inquire.
+
+ scd: Distinguish cancel by user and protocol error.
+ + commit 2396055c096884d521c26b76f26263a146207c24
+ * scd/apdu.h (SW_HOST_CANCELLED): New.
+ * scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
+ (pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
+ * scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
+ SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
+
+2017-09-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Accept the Z-suffix for yymmddThhmmssZ format.
+ + commit ba8afc4966cca1f6aaf9b2a9bfc3220782306c2b
+ * common/gettime.c (isotime_p): Accept the Z suffix.
+
2017-09-19 Werner Koch <wk@gnupg.org>
Release 2.2.1.
+ commit 355ca9e9498740fb6294eec451507b4891ae01ec
+2017-09-19 NIIBE Yutaka <gniibe@fsij.org>
+
+ common: Fix gnupg_wait_processes.
+ + commit eeb3da6eb717ed6a1a1069a7611eb37503e8672d
+ * common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
+ even if we already see an error.
+
2017-09-18 Werner Koch <wk@gnupg.org>
dirmngr: Use system certs if --hkp-cacert is not used.
+ commit 7d15ee88980f88ca62fc7de9492dd08e54d0f0f1
* tools/mime-maker.c (mime_maker_add_body_data): New.
+2017-09-11 Alon Bar-Lev <alon.barlev@gmail.com>
+
+ sm: Move qualified.txt from datadir into sysconfdir.
+ + commit 384a3748d9022b7ae3f629c13f92e204565fea3d
+ * doc/Makefile.am: Move qualified.txt into examples.
+ * doc/qualified.txt: Move into examples, remove trailing spaces.
+ * doc/examples/README: Document qualified.txt.
+ * doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
+ * sm/qualified.c (read_list): Move qualified.txt from datadir into
+ sysconfdir.
+
2017-09-11 NIIBE Yutaka <gniibe@fsij.org>
tests: Fix a test which specifies expiration date.
* g10/keygen.c (proc_parameter_file): Special case the email only
case.
+2017-09-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ agent: compile-time configuration of s2k calibration.
+ + commit 926d07c5fa05de05caef3a72b6fe156606ac0549
+ * configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
+ AGENT_S2K_CALIBRATION (measured in milliseconds)
+ * agent/protect.c (calibrate_s2k_count): Calibrate based on
+ AGENT_S2K_CALIBRATION.
+
+ gpg: default to AES-256.
+ + commit 73ff075204df09db5248170a049f06498cdbb7aa
+ * g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.
+
+ gpg: default to 3072-bit RSA keys.
+ + commit 909fbca19678e6e36968607e8a2348381da39d8c
+ * agent/command.c (hlp_genkey): update help text to suggest the use of
+ 3072 bits.
+ * doc/wks.texi: Make example match default generation.
+ * g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
+ rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
+ (gen_rsa, get_keysize_range): update default from 2048 to 3072).
+ * g10/keyid.c (pubkey_string): update comment so that first example
+ is the default 3072-bit RSA.
+
+ gpgsm: default to 3072-bit keys.
+ + commit 7955262151a5c755814dd23414e6804f79125355
+ * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
+ default to 3072 bits.
+ * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
+ 3072 bits.
+ * sm/certreqgen.c (proc_parameters): update default to 3072 bits.
+ * sm/gpgsm.c (main): print correct default_pubkey_algo.
+
+2017-09-08 NIIBE Yutaka <gniibe@fsij.org>
+
+ tests: Fix a test which specifies expiration date.
+ + commit 17f764dd4972a063fe09c4b9d2846e8efcb25c7a
+ * tests/openpgp/quick-key-manipulation.scm: Fix expiration time
+ comparison.
+
+2017-08-29 NIIBE Yutaka <gniibe@fsij.org>
+
+ scd: Fix for large ECC keys.
+ + commit ff7ccd284c327a5b1c89603f157089177dac9d13
+ * scd/app-openpgp.c (do_decipher): Support larger length.
+
2017-08-28 Werner Koch <wk@gnupg.org>
Release 2.2.0.