aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Support v5 signature generation (not fully working yet).gniibe/crypto-refreshNIIBE Yutaka2022-04-191-2/+31
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Support importing v5 key.NIIBE Yutaka2022-04-131-7/+14
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Output v5 signature.NIIBE Yutaka2022-04-131-2/+10
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Check v5 signature correctly.NIIBE Yutaka2022-04-132-1/+18
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* crypto-refresh secret key handling for v5 key.NIIBE Yutaka2022-04-121-1/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Allow secret key import with no uidnode for v5 key.NIIBE Yutaka2022-04-121-1/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Allow issuer fpr in unhashed area.NIIBE Yutaka2022-04-121-0/+2
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Allow no uidnode for v5 key.NIIBE Yutaka2022-04-121-2/+2
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Add v5 signature salt.NIIBE Yutaka2022-04-122-0/+17
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Parse v5 signature subpacket.NIIBE Yutaka2022-04-121-8/+24
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Parse Preferred AEAD cerphersuites subpacket.NIIBE Yutaka2022-04-122-1/+15
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Accept GCM and v5 AEAD with v2 SEIPD packet.NIIBE Yutaka2022-03-306-98/+151
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Accept SEIPDv2 packet.NIIBE Yutaka2022-02-252-23/+228
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix the semantics of memory_cost.NIIBE Yutaka2022-02-221-1/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix length of KEK, no additional data.NIIBE Yutaka2022-02-211-7/+3
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* experiment with Argon2id.NIIBE Yutaka2022-02-215-32/+213
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* accept Argon2 as S2K specifier.NIIBE Yutaka2022-02-211-4/+30
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* start experiment for newer S2K.NIIBE Yutaka2022-02-219-46/+61
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Fix use of value NONE in gnupg_isotime_t type.NIIBE Yutaka2022-02-186-7/+18
| | | | | | | | | | | | | | * common/gettime.h (GNUPG_ISOTIME_NONE): New. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it. * sm/certlist.c (gpgsm_add_to_certlist): Likewise. * sm/import.c (check_and_store): Likewise. * sm/keylist.c (list_cert_colon, list_cert_raw): Likewise. (list_cert_std): Likewise. * sm/sign.c (gpgsm_sign): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix gender of pronoun in German translationIngo Klöcker2022-02-161-1/+1
| | | | | | | -- The phrase refers to an insecure "passphrase" which is translated as "(das) Passwort" (pronoun: "dieses") in German.
* g10/mainproc: avoid extra hash contexts when decrypting MDC inputJussi Kivilinna2022-02-081-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (mainproc_context): New member 'seen_pkt_encrypted_mdc'. (release_list): Clear 'seen_pkt_encrypted_mdc'. (proc_encrypted): Set 'seen_pkt_encrypted_mdc'. (have_seen_pkt_encrypted_aead): Rename to... (have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for 'seen_pkt_encrypted_mdc'. (proc_plaintext): Do not enable extra hash contexts when decrypting MDC input. -- Avoiding extra hash contexts speeds up CFB/MDC decryption quite a lot. For example, decrypting symmetric-key AES-256 encrypted 4 GiB file from RAM to /dev/null sees ~3.4x speed increase on AMD Ryzen 5800X: AES256.CFB encryption: 783 MB/s AES256.CFB decryption: 386 MB/s (before) AES256.CFB encryption: 1.3 GB/s (after patch) Note, AEAD is still significantly faster: AES256.OCB encryption: 2.2 GB/s AES256.OCB decryption: 3.0 GB/s GnuPG-bug-id: T5820 Signed-off-by: Jussi Kivilinna <[email protected]>
* sm: New option --ignore-cert-with-oid.Werner Koch2022-02-034-0/+54
| | | | | | | * sm/gpgsm.c (oIgnoreCertWithOID): New. (opts): Add option. (main): Store its value. * sm/call-agent.c (learn_cb): Test against that list.
* gpg: Fix for -Wformat when using uint64_t.NIIBE Yutaka2022-02-022-4/+5
| | | | | | | | | | | | | * g10/cipher-aead.c (do_flush): Use PRIu64. * g10/decrypt-data.c (aead_underflow): Likewise. -- Even among LP64 data model machines, uint64_t type may differ; unsigned long or unsigned long long. Only portable way is use of PRIu64. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Avoid initial delay on the first keyserver access.Werner Koch2022-02-014-3/+13
| | | | | | | | | | | | | | | * dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New. * dirmngr/server.c (ensure_keyserver): Don't even test for the Tor proxy in never-use-tor Mode. * tools/gpgtar-create.c: Include unistd.h to avoid a warning on Windows. -- This delay of 2 or 3 seconds is in particular annoying on Windows. This is now suppressed, as it should be, if --no-use-tor is used. The second patch is unrelated
* sm: Partly revert last commit.Werner Koch2022-02-011-6/+0
| | | | | | | | | * sm/gpgsm.c (set_debug): Remove doubled code. -- It was already there; sorry. Fixes-commit: 51edea995d352a7b557fb0315fa5091dc42065cb
* gpg,sm: Set --verbose and clear --quiet in debug mode.Werner Koch2022-02-012-0/+12
| | | | | * g10/gpg.c (set_debug): Tweak options. * sm/gpgsm.c (set_debug): Ditto.
* ssh: Fix adding an ed25519 key with a zero length comment.Werner Koch2022-01-281-4/+10
| | | | | | | | | | | | | | | | * agent/command-ssh.c (sexp_key_construct): Do not put an empty string into an S-expression. (stream_read_string): Do not not try to a read a zero length block. -- Actually we could handles this different by not putting a comment tag into the s-expression, however this requires more code and at other places we already return "(none)" instead of an empty comment. The second fix is more or less a cosmetic thing to get better error messages in case the underlying read system call returns an error. GnuPG-bug-id: 5794
* gpg: Allow --dearmor to decode all kinds of armor files.Werner Koch2022-01-284-8/+35
| | | | | | | | | | | * g10/filter.h (armor_filter_context_t): New fields dearmor_mode and dearmor_state. * g10/dearmor.c (dearmor_file): Set dearmor_mode. * g10/armor.c (is_armor_header): Magic to switch to generic dearmor mode. (parse_header_line): Treat non OpenPGP armor in a special way. (check_input): Ditto. (radix64_read): Detect non OpenPGP armor END lines.
* gpgsm: Retire the new --ldapserver.Werner Koch2022-01-272-10/+13
| | | | | | | | | | | * sm/gpgsm.c (oKeyServer_deprecated): New. (opts): Assign "ldapserver" to the new option and mark it as obsolete. -- We want to use "ldapserver" in dirmngr but need to keep using "keyserver" in gpgsm for existant versions of Kleopatra etc. GnuPG-bug-id: 5801
* gpgconf: Teach --show-config the legacy gpgconf.conf.Werner Koch2022-01-271-1/+21
| | | | * tools/gpgconf.c (show_configs): Print gpgconf.conf and a warning.
* gpgconf: Return again "keyserver" for gpgsm.Werner Koch2022-01-271-1/+1
| | | | | * tools/gpgconf-comp.c (known_options_gpgsm): Change "ldapserver" back to "keyserver".
* gpgconf: Fix --list-options for forced optionsWerner Koch2022-01-261-1/+6
| | | | | | | | | | | | * tools/gpgconf-comp.c (retrieve_options_from_program): Ignore to to ignored options. Add failsafe code to avoid calling percent_escape with NULL. -- Remember: When using ARGPARSE_FLAG_WITHATTR the ARGPARSE_OPT_IGNORE flags in the returned type needs to be considered. GnuPG-bug-id: 5800
* gpgconf: Return --ldapserver and --keyserver from dirmngr.Werner Koch2022-01-253-11/+11
| | | | | | | | | | | * dirmngr/dirmngr.c: Reorder two option groups. * tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to "ldapserver" and set level to invisible. (known_options_dirmngr): Add "ldapserver" at the basic level. * sm/gpgsm.c (opts): No more help text for "ldapserver". -- GnuPG-bug-id: 5800
* doc: Add comments on the legacy status of gpgconf.conf.Werner Koch2022-01-252-8/+19
| | | | --
* doc: Minor typo fixesWerner Koch2022-01-241-2/+2
| | | | --
* agent: always use hexgrip when storing key passwordJames Bottomley via Gnupg-devel2022-01-241-4/+15
| | | | | | | | | | | -- The current code uses the binary ctrl->keygrip, but all the passphrase storage engines expect this to be a string, so convert the binary keygrip to a hex one before passing it in as the keyid. This fixes a crash seen in some libsecret implementations where a non-ascii keyid isn't well handled. Signed-off-by: James Bottomley <[email protected]>
* gpg: Print Yubikey version correctly.Werner Koch2022-01-183-2/+38
| | | | | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse APPVERSION. * g10/call-agent.h (struct agent_card_info_s): Add field appversion. * g10/card-util.c (print_a_version): New. (current_card_status): Print version from appversion. -- This is a regression due to the PIV support. Note that the newer gpg-card worked correctly. GnuPG-bug-id: 5787
* gpgconf: Add command aliases -L -K -R.Werner Koch2022-01-122-4/+7
| | | | | | | * tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts. -- I have to type them to often ;-)
* gpg: Fix adding the list of ultimate trusted keys.NIIBE Yutaka2022-01-124-2/+48
| | | | | | | | | | | | | * g10/keygen.c (do_generate_keypair): Remove another call to update_ownertrust. * g10/trust.c (update_ownertrust): Add call to tdb_update_utk. * g10/trustdb.c (tdb_update_utk): New. * g10/trustdb.h (tdb_update_utk): New. -- GnuPG-bug-id: 5742 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Report failed generation of subkey pair via status interfaceIngo Klöcker2022-01-111-1/+5
| | | | | | | | | | | | * g10/keygen.c (generate_subkeypair): On error, write error and "key not created" message to status interface. -- This change allows users of the status/command interface to detect errors when adding a subkey to a key. Similar status messages are output by do_generate_keypair. GnuPG-bug-id: 5771
* gpg: Request keygrip of key to add via command interfaceIngo Klöcker2022-01-112-2/+11
| | | | | | | | | | | * g10/keygen.c (ask_algo): Request keygrip via cpr_get. * doc/help.txt (gpg.keygen.keygrip): New help text. -- This change makes it possible to add an existing (sub)key to another key via the status/command interface. GnuPG-bug-id: 5771
* dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver.Werner Koch2022-01-101-4/+4
| | | | | | | | | | | * dirmngr/server.c (make_keyserver_item): Change mapping. -- It turned out that having the old surfnet keyserver for unencrypted connections is problematic because that server does not sync with the Ubuntu server. GnuPG-bug-id: 5751
* gpgtar: List and extract using extended headers.Werner Koch2022-01-094-62/+272
| | | | | | | | | | | | | | | | | | | | * tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New. * tools/gpgtar-list.c (parse_header): Set the new type flags. (parse_extended_header): New. (read_header): Add arg r_extheader and parse extended header. (print_header): Consult the extended header. (gpgtar_list): Pass an extended header object. (gpgtar_read_header): Ditto. (gpgtar_print_header): Ditto. * tools/gpgtar-extract.c (extract): New arg exthdr and factor name checking out to ... (check_suspicious_name): new. (extract_regular): Add arg exthdr and consult it. (extract_directory): Likewise. (gpgtar_extract): Provide extheader object. -- GnuPG-bug-id: 5754
* gpgtar: Create extended header for long file namesWerner Koch2022-01-091-18/+217
| | | | | | | | | | | | | | * tools/gpgtar-create.c (global_header_count): new. (myreadlink): New. (build_header): New arg r_exthdr. Detect and store long file and link names. Factor checkum computation out to ... (compute_checksum): new. (add_extended_header_record): New. (write_extended_header): New. (write_file): Write extended header. -- GnuPG-bug-id: 5754
* scd,pcsc: Fix error handling for a reader with reader-port.NIIBE Yutaka2022-01-041-5/+1
| | | | | | | | | | | * scd/apdu.c (apdu_open_reader): Make sure dl->idx is always incremented to handle error from open_pcsc_reader correctly. -- Reported-by: Anže Jenšterle GnuPG-bug-id: 5758 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix the title of the man pages to GnuPG 2.3Werner Koch2022-01-031-1/+1
| | | | --
* po: Fix German translationWerner Koch2021-12-301-6/+6
| | | | | | -- Option descriptions of --help should start with an uppercase letter.
* doc: Typo fixes.Werner Koch2021-12-302-3/+3
| | | | --
* gpgconf: Do not list ignored options and mark forced options as r/o.Werner Koch2021-12-301-7/+17
| | | | | | | | * tools/gpgconf-comp.c (list_one_option): Skip ignored options and set the no_change flag for forced options. (retrieve_options_from_program): Put the attributes into the option table. --
* build: Remove unused old m4 files.NIIBE Yutaka2021-12-2221-1179/+0
| | | | | | | | | | | | | | * m4/glibc2.m4, m4/glibc21.m4: Remove. * m4/intl.m4, m4/intldir.m4, m4/lock.m4: Remove. * m4/intdiv0.m4, m4/intmax.m4, m4/inttypes-pri.m4: Remove. * m4/inttypes.m4, m4/inttypes_h.m4, m4/longdouble.m4: Remove. * m4/printf-posix.m4, m4/signed.m4, m4/size_max.m4: Remove. * m4/stdint_h.m4, m4/sys_socket_h.m4, m4/uintmax_t.m4: Remove. * m4/visibility.m4, m4/wchar_t.m4, m4/wint_t.m4, m4/xsize.m4: Remove. -- Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 13:31:12 +0000