| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
* g10/sign.c (update_keysig_packet): Bail out if we would need to long
for a new timestamp.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
| |
* g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
packets.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
print an asterisk for the chosen selfsig.
(check_all_keysigs): Add arg "only_selfsig"
(keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
--
Using "check selfsig" prints only the self-signatures and indicates
the chosen selfsig with an asterisk.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* common/stringhelp.c (strsplit): Fix arguments order.
|
| |
|
|
|
|
|
|
|
| |
* common/mkdir_p.c: New file.
* common/mkdir_p.h: New file.
* common/Makefile.am (common_sources): Add mkdir_p.c and mkdir_p.h.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
| |
* common/xmalloc.c: Remove file.
* common/xmalloc.h: Remove file.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
|
| |
* common/logging.h: Include <gpg-error.h>.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
logging.h uses estream_t and as such should directly include
<gpg-error.h>.
|
| |
|
|
|
|
|
| |
* g10/sig-check.c (struct cmp_help_context_s) Remove unused struct.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
| |
* g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
Instead, directly use the provided storage. If none is provided
allocate some.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
| |
* common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40.
* common/t-ssh-utils.c (sample_keys): Add a new key.
--
Also adding Ed25519 test key.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.
--
RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary. Newer libgcrypt does so. For older libgcrypt and
smartcards, gpg-agent does signature verification.
|
| |
|
|
|
|
| |
* common/util.h (GPG_ERR_FALSE, GPG_ERR_TRUE): Rew replcements.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New.
(GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the
numbers.
* common/exechelp.h (gnupg_spawn_process): Change function to not take
an optional stream for stdin but to return one.
* common/exechelp-posix.c (gnupg_spawn_process): Implement change.
(create_pipe_and_estream): Add args outbound and nonblock.
* common/exechelp-w32.c (gnupg_spawn_process): Implement change.
--
In 2.1 this function is only used at one place and the stdin parameter
is not used. Thus this change is trivial for the callers but along
with estream's new es_poll it is overall simpler to use.
Note that the Windows version has not been tested.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
| |
* scd/apdu.c (apdu_connect): Initialize variables and check an error
of apdu_get_status_internal.
|
| |
|
|
|
|
| |
* common/t-ssh-utils.c (sample_keys): Add 3 new keys.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/ssh-utils.c (get_fingerprint): Fix hashed string.
--
That was an obvious c+p bug which should have been caught by a test
case.
GnuPG-bug-id: 2075
Debian-bug-id: 795636
|
| |
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
parameters are stored as opaque.
(apply_protection): ARRAY members are all normal, non-opaque MPI.
(extract_private_key): Get public key as normal, non-opaque MPI.
Remove support of ECC key with '(flags param)'.
Remove support of "ecdsa" and "ecdh" keys of our experiment.
|
| |
|
|
|
| |
* scd/app-openpgp.c (ecc_writekey): Only public key can be native
format.
|
| |
|
|
|
|
|
| |
* common/strlist.c (strlist_length): New function.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (gc_component): Change printed name.
--
All network access is handled by Dirmngr so at least in the GUI
option dialog we should acknowledge that by changing the name to an
issuer to understand term.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.h (opt): Add field "use_tor".
* dirmngr/dirmngr.c (oUseTor): New.
(opts): Add --use-tor.
(parse_rereadable_options): Set option.
(main): Tell gpgconf about that option.
* dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
return an error if LDAP is used in TOR mode.
(ca_cert_fetch): Return an error in TOR mode.
(start_cert_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
http module.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the
http module.
* dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
(cmd_dns_cert): Return an error in TOR mode.
(cmd_getinfo): Add subcommand "tor"
* tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
--
More work is required to actually make --use-tor useful. For now it
returns an error for almost all network access but as soon as we have
added the TOR feature to the http module some parts will start to
work.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-dirmngr.c (create_context): Send option and print a verbose
error.
--
It is in general a bad idea to use honor-keyserver-url but if Dirmngr
is running in TOR mode we should not allow this option at all. We let
Dirmngr know about the use of this option and let Dirmngr tell use
whether TOR mode is active so that we can print a hint to disable that
keyserver option.
A future extension in gpgconf may disable that option directly but a
user may still override that and thus we better check.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/http.h (HTTP_FLAG_FORCE_TOR): New.
* common/http.c (http_raw_connect, send_request): Detect flag and
return an error for now.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
(ccid_transceive_apdu_level, ccid_transceive): Use.
--
It is reported that key generation causes timeout with OpenPGPcard
v2.1. Ideally, timeout value could be determined at run-time by
examining card's ATR. Compile-time fixed value is OK for internal
CCID driver.
|
| |
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (oPinentryInvisibleChar): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* agent/agent.h (opt): Add field pinentry_invisible_char.
* agent/call-pinentry.c (start_pinentry): Pass option to pinentry.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g13/g13-common.c, g13/g13-common.h: New.
* g13/Makefile.am (g13_SOURCES): Add new files.
* g13/g13.c (g13_errors_seen): Move to g13-common.c.
(cmdline_conttype): New.
(main): Use g13_init_signals and g13_install_emergency_cleanup.
(emergency_cleanup, g13_exit): Move to g13-common.c.
* g13/g13.h: Move OPT and some other code to g13-common.h.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/trustdb.c (search_skipfnc): Fix dummy argument
--
This is required due to the prototype change in
commit 9acbeac23668a1d0dabca27d7825430d76e095c2
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_menu): Do not print usage hints in expert
mode.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
must be selected, indicate what command to use to do this.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
data belonging to the public key when we encounter an attribute packet
or a subkey packet, not just a user id packet. When looking for
self-signed data belonging to a user id packet, stop when we see a
user attribute packet.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
| |
* g10/getkey.c (finish_lookup): Simplify logic.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
| |
* g10/getkey.c (skip_unusable): Also mark the key as unusable if it
has been revoked or has expired.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
| |
* g10/getkey.c (get_seckey): If the key doesn't have a secret key,
release *PK.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
| |
* g10/getkey.c: Improve documentation and comments for most
functions. Move documentation for public functions from here...
* g10/keydb.h: ... to here.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
| |
* g10/getkey.c (have_any_secret_key): Remove function.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
| |
* g10/getkey.c (get_pubkey_fast): When reading from the cache, only
consider primary keys.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (have_secret_key_with_kid): Once we find the relevent
key or subkey, stop searching.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
Only a single key or subkey will ever be selected per keyblock.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (lookup): Also don't skip legacy keys if the search
mode is KEYDB_SEARCH_MODE_NEXT.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
We currently don't skip keys if the search mode is
KEYDB_SEARCH_MODE_FIRST. Since we change KEYDB_SEARCH_MODE_FIRST to
KEYDB_SEARCH_MODE_NEXT (to avoid a reset), it only makes sense to have
the same semantics for KEYDB_SEARCH_MODE_NEXT.
|
| |
|
|
|
|
|
|
| |
* g10/keydb.h (get_seckeyblock_byfprint): Remove prototype.
* g10/getkey.c (get_seckeyblock_byfprint): Remove function.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
| |
* g10/keydb.h (get_seckey_byfprint): Remove prototype.
* g10/getkey.c (get_seckey_byfprint): Remove function.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this. Drop the parameter name. Update
users.
* g10/getkey.c (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this. Drop the parameter name. Drop the
code which assumed that NAME is not NULL.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
| |
* g10/keydb.h (get_keyblock_byfprint): Remove prototype. Replace use
of this function with get_pubkey_byfprint.
* g10/getkey.c (get_pubkey_byname): Remove function.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return
the keyblock in R_KEYBLOCK independent of whether PK is set or not.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
Currently, no caller invokes get_pubkey_byname with PK==NULL and
R_KEYBLOCK != NULL. Thus, this change does not change any behavior.
|
| |
|
|
|
|
|
|
| |
* g10/getkey.c (get_pubkey_byname): Remove function.
(lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
| |
* g10/keydb.h (get_pubkey_end): Remove declaration. Replace use of
function with getkey_end.
* g10/getkey.c (get_pubkey_byname): Remove function.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (get_pubkey_next): Remove prototype.
* g10/getkey.c (get_pubkey_next): Remove function.
* g10/keylist.c (locate_one): Use getkey_next instead of
get_pubkey_next.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change
third parameter to be the index of the user id packet in the keyblock
rather than the packet itself. Update users.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
The keybox code doesn't work directly with keyblocks. As such, the
matched user packet is not readily available to pass to
DESC[n].SKIPFNC. But, we do know the index of the user id packet that
matched. Thus, pass that instead. If the skip function needs the
user id packet, it can use the key id to look up the key block and
find the appropriate packet.
|
| |
|
|
|
|
|
| |
* g10/keydb.h (get_pubkey_byfpr): Remove unused prototype.
--
Signed-off-by: Neal H. Walfield <[email protected]>.
|
