| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
* tools/gpg-connect-agent.c (gnu_getcwd): Move to ...
* common/sysutils.c (gnupg_getcwd): .. here.
* tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.
--
Note that GUIs may use the gpg status line
[GNUPG:] ERROR check_hijacking 33554509
to detect this and print an appropriate warning.
|
| |
|
|
|
|
|
|
|
| |
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--
This makes is possible to extract all photos ids from a key to
different files.
|
| |
|
|
|
|
|
| |
* common/zb32.c: New.
* common/t-zb32.c: New.
* common/Makefile.am (common_sources): Add zb82.c
(module_tests): Add t-zb32.
|
| |
|
|
|
|
|
|
|
|
| |
* common/estream.c (es_freopen): Remove useless check for STREAM.
* kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
for BLOB.
* tools/sockprox.c (run_proxy): Do not fclose(NULL).
--
Found by Hans-Christoph Steiner with cppcheck.
|
| |
|
|
|
|
|
| |
* g10/call-agent.c (agent_delete_key): New.
* g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
* g10/passphrase.c (gpg_format_keydesc): Support new format.
* g10/delkey.c (do_delete_key): Add secret key deletion.
|
| |
|
|
|
| |
* g10/delkey.c: Re-indent.
(do_delete_key, delete_keys): Change return type top gpg_error_t.
|
| |
|
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (convert_to_openpgp): Fix use
gcry_sexp_extract_param.
* g10/export.c (do_export_stream): Provide a proper prompt to the
agent.
--
NB: The export needs more work, in particular the ECC algorithms.
|
| |
|
|
|
|
|
|
|
| |
* g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings.
* g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
(FORMAT_KEYDESC_EXPORT): New. Use them for clarity.
--
The use of the term "certificate" was more confusing than helpful.
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_delete_key): New.
* agent/findkey.c (modify_description): Add '%C' feature.
(remove_key_file): New.
(agent_delete_key): New.
* agent/command-ssh.c (search_control_file): Make arg R_DISABLE
optional.
* configure.ac: Require libgpg-error 1.13.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
(struct app_local_s): Add eddsa.
(get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
(get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
(send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
(build_ecc_privkey_template): Rename as it supports both of
ECDSA and EdDSA.
(ecc_writekey): Rename. Support CURVE_ED25519, too.
(do_writekey): Follow the change of ecc_writekey.
(do_auth): Support KEY_TYPE_EDDSA.
(parse_ecc_curve): Support CURVE_ED25519. Bug fix for other curves.
(parse_algorithm_attribute): Bug fix for ECDH. Support EdDSA.
|
| |
|
|
|
|
|
|
|
|
| |
* common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
* dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
(time_for_housekeeping_p): new.
--
I am not sure whether that y2038 hack is really useful but it might
make me smile in my retirement.
|
| |
|
|
|
|
|
| |
* tools/gpgconf.c: Add command --launch.
* tools/gpgconf-comp.c (gc_component_launch): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg.
(ecdh_writekey): Mark unused args.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* agent/pksign.c (agent_pksign_do): Handle EdDSA signature.
|
| |
|
|
|
|
| |
* g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key.
* g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA.
* common/openpgp-oid.c (oid_ed25519): Update.
|
| |
|
|
|
| |
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is
two 32-byte opaque data which should not be interpreted as number.
|
| |
|
|
|
|
|
|
| |
* g10/gpg.c (main): Add commands --quick-sign-key and
--quick-lsign-key.
* g10/keyedit.c (sign_uids): Add args FP and QUICK.
(keyedit_quick_sign): New.
(show_key_with_all_names): Add arg NOWARN.
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/ttyio.c (tty_print_string): Add optional arg FP. Change all
callers.
(tty_print_utf8_string2): Ditto.
* g10/keyedit.c (show_prefs): Ditto.
(show_key_with_all_names_colon): Ditto.
(show_names): Ditto.
* g10/keylist.c (print_revokers): Ditto.
(print_fingerprint): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_read_key_public_from_blob): Use
es_fopenmem.
(ssh_handler_request_identities): Ditto.
(ssh_request_process): Ditto.
--
es_fopenmem is easier to understand than the more general function
es_mopen. Thus we better use the former for clarity.
|
| |
|
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_key_type_spec): Add field name.
(ssh_key_types): Add human readable names.
(add_control_entry): Add arg SPEC and print key type as comment.
(ssh_identity_register): Add arg SPEC.
(ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New.
(ssh_key_types): Add entry for ssh-ed25519.
(ssh_identifier_from_curve_name): Move to the top.
(stream_read_skip): New.
(stream_read_blob): New.
(ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move
the s-exp parsing to here.
(ssh_signature_encoder_dsa): Ditto.
(ssh_signature_encoder_ecdsa): Ditto.
(ssh_signature_encoder_eddsa): New.
(sexp_key_construct): Rewrite.
(ssh_key_extract): Rename to ...
(ssh_key_to_blob): .. this and rewrite most of it.
(ssh_receive_key): Add case for EdDSA.
(ssh_convert_key_to_blob, key_secret_to_public): Remove.
(ssh_send_key_public): Rewrite.
(ssh_handler_request_identities): Simplify.
(data_sign): Add rename args. Add new args HASH and HASHLEN. Make
use of es_fopenmen and es_fclose_snatch. Remove parsing into MPIs
which is now doe in the sgnature encoder functions.
(ssh_handler_sign_request): Take care of Ed25519.
(ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string.
--
To make the code easier readable most of the Ed25591 work has been
done using a new explicit code path. Warning: Libgcrypt 1.6.1 uses a
non optimized implementation for Ed25519 and timing attacks might be
possible.
While working on the code I realized that it could need more rework;
it is at some places quite baroque and more complicated than needed.
Given that we require Libgcrypt 1.6 anyway, we should make more use of
modern Libgcrypt functions.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c: Remove.
(convert_to_openpgp): Use gcry_sexp_extract_param.
* agent/findkey.c (is_eddsa): New.
(agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA.
* agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and
OVERRIDEDATALEN.
* common/ssh-utils.c (is_eddsa): New.
(get_fingerprint): Take care or EdDSA.
|
| |
|
|
|
| |
* tools/gpg-connect-agent.c (handle_inquire): Do not pass NULL to
strlen.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New.
(housekeeping_thread): New.
(handle_tick): Call new function.
* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New.
(struct hostinfo_s): Add field died_at and set it along with the dead
flag.
(ks_hkp_print_hosttable): Print that info.
(ks_hkp_housekeeping): New.
--
The resurrection gives the host a chance to get back to life the next
time a new host is selected.
|
| |
|
|
| |
* common/gettime.c (elapsed_time_string): New.
|
| |
|
|
|
|
|
|
| |
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
* g10/keyserver.c (keyserver_import_name): Implement.
(keyserver_get): Use exact mode for name based import.
(keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers.
|
| |
|
|
| |
* g10/getkey.c (parse_auto_key_locate): Implement "clear".
|
| |
|
|
|
| |
* tools/gpg-connect-agent.c: Add options --dirmngr and
--dirmngr-program.
|
| |
|
|
|
|
|
|
|
| |
* common/http.c (connect_server): Handle the new flags.
* common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New.
* dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags.
(make_host_part): Ditto.
(send_request): Add arg httpflags.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.
|
| |
|
|
|
| |
* dirmngr/ks-engine-hkp.c (my_getnameinfo): Change args to take a
complete addrinfo. Bracket only v6 addresses. Change caller.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg. Adjust all users. Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.
--
It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key. This is helpful if
the keyserver is actually a pool of keyservers. This patch does this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (dirmngr_socket_name): Rename to
dirmngr_sys_socket_name.
(dirmngr_user_socket_name): New.
* common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr
socket.
* dirmngr/dirmngr.c (main): Ditto.
* dirmngr/server.c (cmd_getinfo): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* dirmngr/dirmngr-client.c (start_dirmngr): Likewise.
* tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs.
* configure.ac (USE_DIRMNGR_AUTO_START): Set by default.
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c: Add option --dirmngr-program.
* g10/options.h (struct opt): Add field dirmngr_program.
* g10/call-dirmngr.c (create_context): Use new var.
* dirmngr/dirmngr.c: Include gc-opt-flags.h.
(main): Remove GC_OPT_FLAG_*.
* tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
* common/gc-opt-flags.h: here.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity.
(ks_action_search, ks_action_put): Ditto.
(ks_action_get): Consult only the first server which retruned some
data.
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New.
(map_host): Add arg CTRL and call dirmngr_tick.
(make_host_part): Add arg CTRL.
(mark_host_dead): Allow the use of an URL.
(handle_send_request_error): New.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on
error.
|
| |
|
|
| |
--
|
| |
|
|
|
| |
* common/http.h (struct parsed_uri_t): Add field v6lit.
* common/http.c (do_parse_uri): Set v6lit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New.
(store_fpr): Support ECC keys with varargs.
(get_ecc_key_parameters, get_curve_name): Support secp256k1.
(parse_ecc_curve): Likewise.
(build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New.
(ecdh_writekey): New. Not implemented yet.
(do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey.
(do_genkey): Follow the change of store_fpr.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (EAI_OVERFLOW): Provide a substitute.
(my_getnameinfo): New.
(map_host): Use it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (cmd_killdirmngr): Factor some code out to ...
(check_owner_permission): here.
(cmd_keyserver): Add options --dead and --alive.
* dirmngr/ks-engine-hkp.c (host_in_pool_p): New.
(ks_hkp_mark_host): New.
--
Also removed the warning that the widnows part has not yet been done.
AFAICS, the current mingw supports the all used socket functions.
|
| |
|
|
|
| |
* dirmngr/server.c (data_line_cookie_write): Print shorter data lines
in verbose mode.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (cmd_keyserver): Add option --resolve and change
--print-hosttable to --hosttable.
* dirmngr/ks-action.c (ks_printf_help): New.
(ks_action_resolve): New.
* dirmngr/ks-engine-hkp.c (select_random_host): Fix selection.
(ks_hkp_print_hosttable): Print to assuan stream.
(map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric
IP addr if it can't be resolved.
(make_host_part): Add arg FORCE_SELECT; change callers to pass false.
(ks_hkp_resolve): New.
--
The new options for the keyserver command are useful for debugging.
For example:
$ tools/gpg-connect-agent -S /usr/local/var/run/gnupg/S.dirmngr \
'keyserver hkp://keys.gnupg.net' \
'keyserver http://http-keys.gnupg.net' \
'keyserver --resolve --hosttable' /bye
yields:
OK
OK
S # http://astrath.net:80
S # http://2001:41d0:1:e673::1:11371
S # hosttable (idx, ipv4, ipv6, dead, name):
S # 0 http-keys.gnupg.net
S # . --> 10 11 12 1 5 8 7 4* 2 9 6 3
S # 1 4 37.250.168.245.bredband.tre.se
S # 2 4 6 keys.exosphere.de
S # 3 4 6 poseidon.muc.drweb-av.de
S # 4 4 astrath.net
S # 5 4 79.143.214.216
S # 6 4 openpgp.andrew.kvalhe.im
S # 7 4 app.aaiedu.hr
S # 8 4 6 alita.karotte.org
S # 9 4 6 keyserver.bau5net.com
S # 10 4 194.94.127.122
S # 11 6 2001:4d88:1ffc:477::7
S # 12 6 2a00:1280:8000:2:1:8:0:1
S # 13 keys.gnupg.net
S # . --> 23 28* 30 17 22 8 7 27 25 14 21 20 19 29 [...]
S # 14 4 hufu.ki.iif.hu
S # 15 4 pks.ms.mff.cuni.cz
S # 16 4 pgpkeys.co.uk
S # 17 4 80-239-156-219.customer.teliacarrier.com
S # 18 4 srv01.secure-u.de
S # 19 4 mallos.xs4all.nl
S # 20 4 kronecker.scientia.net
S # 21 4 keyserver.ut.mephi.ru
S # 22 4 89-68-150-88.dynamic.chello.pl
S # 23 6 2001:1608:21:6:84:200:66:125
S # 24 6 sks.es.net
S # 25 6 gstueve-1-pt.tunnel.tserv13.ash1.ipv6.he.net
S # 26 6 sks.mrball.net
S # 27 6 gozer.rediris.es
S # 28 6 2001:41d0:1:e673::1
S # 29 6 oteiza.siccegge.de
S # 30 6 2403:4200:401:10::13
S # 31 6 statler.serviz.fr
OK
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* m4/readline.m4: Set gnupg_cv_have_readline.
* configure.ac: Add readline support to summary output.
--
Readline is an optional feature which is build if the readline
development files are available on the build systems. Too often they
are missing on a (new) build machine which at least makes debugging
inconvenient.
Backport useful code from fixes for bug 1447.
* configure.ac: Cehck for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
--
We do not have keyserver helpers anymore but this fixes may come handy
eventually.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (agent_key_from_file): Always return S-expression.
* agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO.
(cmd_export_key): Likewise. Free SHADOW_INFO.
(cmd_keytocard): Likewise. Release S_SKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Likewise.
* agent/pksign.c (agent_pksign_do): Likewise. Use the S-expression to
know the key type.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* configure.ac: Cehck for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
--
We do not have keyserver helpers anymore but this fixes may come handy
eventually.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (new_reader_slot): Acquire lock.
(open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, open_rapdu_reader): Release lock.
(lock_slot, trylock_slot, unlock_slot): Move more to the top.
--
Fixes a test case of:
No libpcsclite1 installed.
Run gpg-agent
Run command "gpg-connect-agent learn /bye" with no card/token
Sometimes it fails: ERR 100663356 Not supported <SCD>
While it should be always: ERR 100663404 Card error <SCD>
(cherry picked from commit 4f557cb9c2ebe274d6aacc60a09cd919055d01ed)
Resolved conflicts:
scd/apdu.c: pth/npth changes. Move lock helpers to the top.
Take care of removed pcsc_no_service.
|
| |
|
|
|
|
|
| |
--
Reported-by: Daniel Kahn Gillmor
(cherry picked from commit 7db5c81e3a40b60e146f29c6744a33fd1b88c090)
|
| |
|
|
|
| |
* configure.ac (require_iconv): New. Set to false for android.
(AM_ICONV): Run only if required.
|
| |
|
|
|
| |
* dirmngr/dirmngr_ldap.c [W32]: Include winber.h.
(my_ldap_timeval_t): New.
|
