| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (agent_probe_secret_key): Change semantics of
return value.
* g10/call-agent.h (agent_probe_secret_key): Change comment.
* g10/delkey.c (do_delete_key): Follow the change.
* g10/getkey.c (get_seckey, parse_def_secret_key): Likewise.
(finish_lookup, have_secret_key_with_kid): Likewise.
* g10/gpgv.c (agent_probe_secret_key): Likewise.
* g10/keyedit.c (keyedit_menu, quick_find_keyblock): Likewise.
(show_key_with_all_names_colon): Likewise.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Likewise
* g10/test-stubs.c (agent_probe_secret_key): Likewise.
--
Cherry picked from 2.4 branch of:
853d5b7677ea01f65c9bc5160cd8509b62f486f7
GnuPG-bug-id: 3416
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--
GnuPG-bug-id: 6559
|
| |
|
|
|
|
|
|
|
| |
* m4/libassuan.m4: Update from libassuan master.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit fa29c86582487880364b710fd9679c8e77c8dce6)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Do not use.
* acinclude.m4 (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Remove unused macro
defs.
(GNUPG_CHECK_FAQPROG): Ditto.
(GNUPG_CHECK_DOCBOOK_TO_TEXI): Ditto.
(GNUPG_CHECK_MLOCK): Ditto.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 6397cf5fbe3bbc1f616431b011f76e031a387d4c)
|
| |
|
|
|
|
|
|
|
| |
* common/types.h: Use HAVE_TYPE_BYTE, HAVE_USHORT_TYPEDEF,
HAVE_ULONG_TYPEDEF, HAVE_U16_TYPEDEF, and HAVE_TYPE_U32.
* configure.ac (byte, ushort, ulong, u16, u32): Use AC_CHECK_TYPES.
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit aeeb8e975dc740cb79954de7fec4fcfe902d3a42)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AC_PREREQ): Use >= 2.69.
(AC_CONFIG_HEADERS): Use it, instead of AC_CONFIG_HEADER.
(AC_HEADER_STDC, AC_HEADER_TIME): Remove obsolete macros.
(sys/time.h): Add the check of the header.
(time_t): Don't use TIME_WITH_SYS_TIME.
* acinclude.m4 (AC_HEADER_TIME): Don't require.
Don't use TIME_WITH_SYS_TIME.
* dirmngr/dns.c: Don't use TIME_WITH_SYS_TIME.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 6b4441a7de9d7090bb3b1570a12e1e8bce0554cb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* acinclude.m4 (GNUPG_CHECK_ENDIAN): Use AC_COMPILE_IFELSE instead of
AC_TRY_COMPILE. Use AC_RUN_IFELSE instead of AC_TRY_RUN.
(GNUPG_BUILD_PROGRAM): Use AS_HELP_STRING instead of AC_HELP_STRING.
* configure.ac: Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
Use AS_HELP_STRING instead of AC_HELP_STRING.
(AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
(AC_TYPE_SIGNAL): Remove.
* m4/isc-posix.m4: Remove.
* m4/codeset.m4: Update from gnulib.
* m4/gettext.m4: Update from gnulib.
* m4/lcmessage.m4: Update from gnulib.
* m4/socklen.m4: Update from gnulib.
* m4/ldap.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
Use AC_LINK_IFELSE instead of AC_TRY_LINK.
Use AC_RUN_IFELSE instead of AC_TRY_RUN.
* m4/gpg-error.m4: Update from libgpg-error.
* m4/readline.m4: Update from libgpg-error.
* m4/npth.m4: Update from npth.
* m4/libassuan.m4: Update from libassuan.
* m4/libgcrypt.m4: Update from libgcrypt.
* m4/ksba.m4: Update from libksba.
* m4/ntbtls.m4: Update from ntbtls.
* common/signal.c [!HAVE_DOSISH_SYSTEM] (init_one_signal): Replace
RETSIGTYPE to void.
[!HAVE_DOSISH_SYSTEM] (got_fatal_signal, got_usr_signal): Likewise.
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit d66fb3aa53a6c4a815fe35a15e3c61886c5df628)
Still a lot of warnings. Need to cherry pick more stuff.
|
| |
|
|
|
|
| |
* scd/Makefile.am (scdaemon_DEPENDENCIES): Fix.
--
Fixes-commit: 625fb548998fb4d48b23c6e4cfa5bfa72f1d74e2
|
| |
|
|
|
| |
* sm/decrypt.c (pwri_parse_pbkdf2): Use int instead of gcry_md_algos.
(pwri_decrypt): Ditto for gcry_cipher_algos.
|
| |
|
|
|
|
|
|
|
| |
* g10/keyid.c (format_keyid): Allocate buffer earlier.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit a9be9f4e6e6d451698afa3d4780a53ed3718b30b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/gettime.h (GNUPG_ISOTIME_NONE): New.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it.
* sm/certlist.c (gpgsm_add_to_certlist): Likewise.
* sm/import.c (check_and_store): Likewise.
* sm/keylist.c (list_cert_colon, list_cert_raw): Likewise.
(list_cert_std): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 05fdaa1737523fad72b6ffb9e7a90d5344ff64a5)
|
| |
|
|
|
|
|
|
|
| |
* g10/export.c (do_export_one_keyblock): Handle a cancel for the
primary key special.
--
GnuPG-bug-id: 6093
(cherry picked from commit 49d16f4f6edf872babf04ae383974d891871a33b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (cmd_ad_query): Add options --help and --subst.
(cmd_getinfo): Add sub-command "sid".
* dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New.
* dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New.
(getval_for_filter): New.
(map_rid_to_dn): New.
(ks_ldap_query): Support variables.
--
The new variables features makes it easier to write AD queries without
requiring domain specific expressions.
(cherry picked from commit 207c99567ced260aab04c471c77f179943d492f4)
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/stringhelp.c (substitute_envvars): Factor code out to
(substitute_vars): new.
(subst_getenv): New.
--
This is a generalized version of substitute_envvars.
(cherry picked from commit 7b7fdf45e5d8b3b066c5efbf6ec872e1249f3a24)
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/ldap-misc.c (rfc4517toisotime): Correct index.
--
Obviously the parser assumes the standard ISO format with the 'T'
before the hour. That is not correct here. We need this parser for
the modifyTimestamp thingy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (cmd_ks_get): Add option --newer.
(cmd_ad_query): Ditto.
* dirmngr/ldap-misc.c (isotime2rfc4517): New.
(rfc4517toisotime): New.
* dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on.
(ks_action_query): Ditto.
* dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record.
(ks_ldap_get): Add arg newer. Modify filter with newer arg.
(ks_ldap_search): Print the modifyTimestamp.
(ks_ldap_query): Add arg newer. Modify filter with newer arg.
--
Note that the modifyTimestamp is also available on Windows, where its
value is more commonly known as whenChanged. Both are constructed
attributes.
Note that the --newer option is a bit of a misnomer because LDAP has
only a greater-or-equal and no greater-than operator.
(cherry picked from commit 56d309133f0e54ac5e2f95871fb74f8cb97e2636)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.h: Include name-value.h
(struct server_control_s): Add rootdse and rootdse_tried.
* dirmngr/dirmngr.c (dirmngr_deinit_default_ctrl): Release them.
* dirmngr/ks-engine.h (KS_GET_FLAG_ROOTDSE): Add two new flags.
* dirmngr/ks-engine-ldap.c: Include ks-action.h
(SERVERINFO_GENERIC): New.
(struct ks_engine_ldap_local_s): Add scope.
(ks_ldap_new_state): Set a default scope.
(ks_ldap_clear_state): Ditto.
(my_ldap_connect): Add flag generic.
(return_all_attributes): New.
(fetch_rootdse): New.
(basedn_from_rootdse): New.
(ks_ldap_get): Move some code out to ...
(ks_ldap_prepare_my_state): New.
(ks_ldap_query): New.
* dirmngr/ks-action.c (ks_action_parse_uri): Factored out from server.c
(ks_action_query): New.
* dirmngr/server.c (make_keyserver_item): Factored most code out to
ks_action_parse_uri.
(cmd_ad_query): New.
* dirmngr/ks-engine-ldap.c (no_ldap_due_to_tor): New common error
printing. Now also with status line.
--
This command allows to query the Windows Active directory.
(cherry picked from commit 625aeb65b0e75192a414fdca5383cb67c996adee)
no_ldap_due_to_tor has been backported from 2.4
|
| |
|
|
|
| |
* g10/keyedit.c (keyedit_quick_sign): Return an error status line.
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/minip12.c: Reworked most of the parser.
(p12_set_verbosity): Add arg debug and change all callers.
* sm/t-minip12.c: New.
* sm/Makefile.am (module_maint): Add it.
* tests/samplekeys/Description-p12: New.
* tests/samplekeys/t5793-openssl.pfx: New from T5793.
* tests/samplekeys/t5793-test.pfx: Ditto.
* tests/samplekeys/Description-p12: Add them.
* tests/Makefile.am (EXTRA_DIST): Add samplekeys.
--
GnuPG-bug-id: 6536
Backported_from: 101433dfb42b333e48427baf9dd58ac4787c9786
Backported_from: 5f694dc0be994e8cd3bc009139d1349f3b1fcf62
|
| |
|
|
|
|
| |
* sm/minip12.c (struct tag_info): Change type of length and nhdr.
(dump_tag_info): Adjust.
(parse_tag): Re-implement using the parse_ber_header.
|
| |
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (opt): New option --no-add-revocs.
(main): Make --add-revocs the default.
(command_send): Rename to ...
(command_create): to match the command name.
|
| |
|
|
|
|
|
|
|
| |
* tools/wks-util.c (wks_get_key): Change from export-minimal to
export-clean
--
To properly work with tusted introducers et al. it is important to also
upload valid key signatures to the Web Key Directory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (oIgnoreCRLExtension): New.
(opts): Add --ignore-crl-extension.
(parse_rereadable_options): Add to list/
* dirmngr/dirmngr.h (opt): Add ignored_crl_extensions.
* dirmngr/crlcache.c (crl_cache_insert): Implement option.
--
This option is is useful for debugging problems with new CRL
extensions. It is similar to --ignore-cert-extension.
GnuPG-bug-id: 6545
|
| |
|
|
|
|
|
| |
* sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI.
* dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with
the unknown OID nortice.
|
| |
|
|
|
|
|
| |
* dirmngr/dirmngr.c (oCompatibilityFlags): New.
(opts): Add option --compatibility-flags.
(compatibility_flags): New.
(parse_rereadable_options): Parse them.
|
| |
|
|
|
|
|
|
|
| |
* tools/gpgtar.c: Add option --no-compress.
* tools/gpgtar.h (opt): Add field no_compress.
* tools/gpgtar-create.c (gpgtar_create): Pass -z0 to gpg.
--
This option is probably easier to remember than --gpg-args '-z0'.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oInputSizeHint): New.
(opts): Add "--input-size-hint".
(main): Set option.
* sm/server.c (option_handler): Add option "input-size-hint".
* sm/gpgsm.h (struct server_control_s): Add field input_size_hint.
* sm/encrypt.c (gpgsm_encrypt): Set the toatl file size.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
This option allows to set a value for the progress output line. Note
that as of now there is no other way to set the file size.
GnuPG-bug-id: 6534
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/ksba-io-support.c (struct writer_cb_parm_s): Add field
progress.
(struct gnupg_ksba_io_s): Add field is_writer.
(update_write_progress): New.
(base64_writer_cb, plain_writer_cb): Call update_write_progress.
(base64_finish_write): Ditto.
(gnupg_ksba_create_writer): Set is_writer.
(gnupg_ksba_set_progress_cb): New.
(gnupg_ksba_set_total): New.
* common/ksba-io-support.h (gnupg_ksba_progress_cb_t): New type.
* sm/server.c (gpgsm_status2): Return error from statusfp writes.
(gpgsm_progress_cb): New.
* sm/decrypt.c (gpgsm_decrypt): Set progress handler.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6534
Backported-from: c58067415fe93fbd5d3de2594ccca4761ad25103
Backported-from: a88aeee12990478c218abff7f38728e47ee824bc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/iobuf.c (iobuf_get_filelength): Change return type to
uint64_t and remove the overflow args. For Windows always use
GetFileSizeEx which is available since the long EOL-ed Windows XP.
* g10/sign.c (write_plaintext_packet): Adjust for changed
iobuf_get_filelength.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto.
* g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit.
* g10/filter.h (progress_filter_context_t): Change amount values to
use uint64_t.
* g10/progress.c (write_status_progress): Change accordingly.
--
GnuPG-bug-id: 6534
Backported-from: 808494b48577c2efb894a0877f59d9c4ed664f56
|
| |
|
|
|
|
|
|
|
| |
* common/iobuf.c (file_filter): Improve diagnostics.
* g10/build-packet.c (do_plaintext): Make sure to cache all error
cases.
--
GnuPG-bug-id: 6528
|
| |
|
|
|
|
|
| |
* common/sysutils.c (map_w32_to_errno): Add mapping.
--
We see this error sometimes when writing to an USB connected disk.
|
| |
|
|
|
|
|
|
| |
* g10/keygen.c (default_expiration_interval): Change.
--
This is a revision of
GnuPG-bug-id: 2701
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* kbx/keybox-dump.c (_keybox_dump_find_dups): Close FP on the error
paths.
--
GnuPG-bug-id: 6495
Signed-off-by: zhangguangzhi <[email protected]>
|
| |
|
|
|
|
|
| |
--
GnuPG-bug-id: 6482
Signed-off-by: zhangguangzhi <[email protected]>
|
| |
|
|
| |
* sm/gpgsm.c (main): Do it here.
|
| |
|
|
|
|
|
|
|
|
| |
* tools/gpgtar.c (main): Write status line before exit.
--
Due to the new way we support gpgtar in GPGME we need status lines to
detect a final error.
GnuPG-bug-id: 6497
|
| |
|
|
| |
* agent/findkey.c (agent_write_private_key): Fix error reporting.
|
| |
|
|
|
|
|
| |
* agent/call-scd.c (agent_scd_check_aliveness): Call assuan_set_flag
only for !HAVE_W32_SYSTEM.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK.
* g10/getkey.c (finish_lookup): Skip ADKS keys.
--
If a key is searched by fingerprint or keyid and it happens that this
is an ADSK (subkey with the RENC usage), we need to skip this key
because it is not the key we actually want to encrypt to. The actual
ADSK key is taken later by looking at all subkeys of the actual
selected key.
This is related to
GnuPG-bug-id: 6504
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--
This avoids the use of the VirtualStore uner Windows.
GnuPG-bug-id: 6503
Backported from 2.4; some manifest files already existed in 2.2 but
not in 2.4
|
| |
|
|
|
|
|
|
| |
* common/sexputil.c (get_ecc_q_from_canon_sexp): Initialize ECC_Q_LEN.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/command.c (cmd_apdu): Fix the code path on error.
--
GnuPG-bug-id: 6476
Reported-by: Robin Krahl
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* kbx/keybox-init.c (DEFAULT_LL_BUFFER_SIZE): New.
--
A simple gpg --check-sigs benchmark showed on Linux a small
performance peak at around 64k (5m52 vs. 6m8 for 128k and 6m33 for
system size).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k
(stream_buffers): New var.
(keybox_set_buffersize): New.
(_keybox_ll_open, _keybox_ll_close): Implement buffering.
* sm/gpgsm.c (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.
* g10/gpg.c: Include keybox.h.
* (oKbxBufferSize): New.
(opts): Add option --kbx-buffer-size.
(main): Call keybox_set_buffersize.
--
Commit message from 2.4:
Running a test on Windows using a pubring.kbx with
Total number of blobs: 2098
openpgp: 1294
x509: 803
and a size of 42MiB with
gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul
gives these performance figures using procmon
| N(k) | file events | time(s) |
|------+-------------+---------|
| 0 | 4900000 | 86 |
| 16 | 2456000 | 58 |
| 32 | 1233000 | 43 |
| 64 | 622000 | 37 |
| 128 | 317000 | 32 |
| 256 | 164000 | 31 |
| 512 | 88000 | 30 |
Using _open instead of CreateFile give the same number of file events
but increased the time slight by one second for the measured buffer
size of 64k and 128k. Benchmarks for gpg have not been conducted.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* kbx/keybox-defs.h (KEYBOX_LL_OPEN_READ)
(KEYBOX_LL_OPEN_UPDATE, KEYBOX_LL_OPEN_CREATE): New.
* kbx/keybox-init.c (_keybox_ll_open): New. Replace all keybox use of
es_fopen by this function.
(_keybox_ll_close): New. Replace all keybox use of es_fclose by this
function.
--
Note that this has not been done for the utilities and the backend-kbx
of keyboxd.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* kbx/keybox-search.c (open_file): Use sysopen and sequential.
* kbx/keybox-update.c (create_tmp_file): Ditto.
(blob_filecopy): Ditto.
(keybox_set_flags): Ditto.
(keybox_delete): Ditto.
(keybox_compress): Ditto.
--
Under Windows "sysopen" requests that direct API calls (CreateFile et
al.) are used instead of the libc wrappers. This may or may not
improve the performance.
Using "sequential" is a hint to Windows to assume that a file is in
general access in a sequential manner. This will have an affect only
with a future libgpg-error.
|
| |
|
|
|
|
|
|
|
| |
* sm/certchain.c (check_cert_policy): Add simple static cache.
--
It is quite common that a policy file does not exist. Thus we can
avoid the overhead of trying to open it over and over again just to
assert that it does not exists.
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
