| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
* g10/keydb.h (rt_UNKNOWN, rt_RING): Remove constants.
(keyblock_pos_struct, KBPOS): Remove struct and type.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (app_get_serial_and_stamp): Remove.
(app_get_serialno): New.
(app_write_learn_status): Use send_status_direct.
(app_getattr): Use app_get_serialno for SERIALNO and
send with send_status_direct.
* scd/app-openpgp.c (do_getattr): Likewise.
* scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0.
(cmd_learn): Likewise. Don't inquire with TIMESTAMP of 0.
--
In the SERIALNO protocol, timestamp used to be considered, but had never
used at all. In the new implementation, removed card/token is always
detected and connection becomes invalid, no timestamp is required any
more. Examined scute and poldi as well for this protocol change.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* scd/app.c (app_send_card_list): New.
* scd/command.c (cmd_getinfo): Fix "status" sub command.
Add "card_list" sub command.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* autogen.sh (--find-version): Improve version extraction.
* (--help): Extend.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/trust.c (clean_key): Also clean bogus subkey bindings.
--
GnuPG-bug-id: 2922
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (show_policy_url): Implement MODE -1.
(show_keyserver_url): Ditto.
(show_notation): Ditto.
* g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and
notation data to the tty.
--
With this change the listing of signatures in the key edit menu does
now include policy URLs et al in order and not possible after leaving
the menu (it used to go to stdout and not the tty).
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/ttyio.c (tty_print_string): Rename to ...
(do_print_string): this. Make local. Simplify FP case by using
print_utf8_buffer. Change caller.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets.
(clean_sigs_from_uid): Ditto.
(clean_uid_from_key): Ditto.
(clean_one_uid): Ditto.
(clean_key): Ditto.
--
Since 2.1 secret keys and public keys use identical data structure and
thus we should not restrict those key cleaning functions to work only
with public key packets. This change has no immediate effect but may
come handy in the future.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): For literal addresses do a
reverse lookup.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file.
(resolve_addr_libdns): New.
(resolve_dns_addr): Divert to resolve_dns_addr.
--
In the old code reverse lookups where disabled in Tor mode. By
implementing the reverse lookups via libdns it is now possible to do
them also in Tor mode.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST
for literal IP addresses.
(resolve_name_standard): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on
the address family.
* dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to
R_HTTPHOST because that is its purpose. Note that the former
behaviour of storing a NULL to indicate that it is not a pool has not
been used.
(make_host_part): Ditto.
(make_host_part): Make sure that literal v6 addresses are correclty
marked in the constructed URL.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tests/openpgp/defs.scm (GPGHOME): New variable.
* tests/openpgp/ssh-import.scm: Remove redundant code, use 'path-join'.
* tests/openpgp/tofu.scm: Likewise.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/call-scd.c (agent_card_serialno): Add DEMAND argument.
* agent/command-ssh.c (card_key_available): Follow the change.
* agent/learncard.c (agent_handle_learn): Likewise.
* agent/divert-scd.c (ask_for_card): Use DEMAND argument.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (select_application): Add SERIALNO_BIN and SERIALNO_BIN_LEN
arguments. Return matched APP with a serial number when specified.
* scd/command.c (open_card): Modify for the implicit open only.
(open_card_with_request): New for explicit open and support match with a
serial number.
(cmd_serialno): Support --demand option.
(cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkauth)
(cmd_pkdecrypt, cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_apdu): Follow
the change of open_card.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* autogen.sh: Fix dd count to 5.
--
Fixes-commit: 3c00b52f7cb0fbd756c0bbe5134b8f2d69c60dd1
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/keygen.c (keygen_set_std_prefs): Rename variable.
--
I consider it better not to use the name of a commonly used function.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AC_CHECK_HEADERS): Add stdint.h.
* common/t-gettime.c: Include stdint.h.
(UINTMAX_C): Define replacement.
(test_isotime2epoch): Use UINTMAX_C for the >32 bit constants.
--
This is for example the case on 32 bit OpenBSD.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* autogen.sh: Replace non POSIX "cp -a" and "head -c".
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/dns.c (dns_rrtype): Ignore -Wstrict-prototypes warning.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
--
This is the same replacement we use in Libassuan
(commit 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e) to make it work on
OpenBSD and may other BSD based OSes.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Check whether
Tor is running.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of
ENETDOWN.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (use_socks): New.
(my_sock_new_for_addr): New.
(connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
--
Libassuan always uses 127.0.0.1 to connect to the local Tor proxy.
https.c used to create a socket for the actual address family and thus
the connect call in Libassuan fails when it tries to connect to a v6
address using a v4 socket.
It would be cleaner to have the my_sock_new_for_addr function as a
public interface in Libassuan; for now we need to duplicate some code.
from Libassuan.
GnuPG-bug-id: 2902
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/crlcache.c (oidstr_issuingDistributionPoint): Comment.
* dirmngr/ocsp.c (oidstr_certHash): Comment.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (opt_verbose, opt_debug): New vars.
(http_set_verbose): New function.
(_my_socket_new): Add debug output.
(_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
OPT_DEBUG has ben set to 2 in a debugger.
(http_session_new, http_session_ref): Ditto.
(send_request, http_start_data): Print debug output for the request.
(parse_response): Change to use log_debug_string for the response.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/logging.c (do_logv): Factor some code out to ...
(print_prefix): new.
(log_logv): Add arg EXTRASTRING and print it. Change all callers to
pass NULL for it.
(log_debug_with_string): New. Uses EXTRASTRING.
--
This function can be used to print a human readable buffer in addition
to a log message to the log stream. This function will keep all lines
together and prefix them with ">> ".
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/argparse.c (find_long_option): Avoid unnecessary ambiguity.
--
If two struct ARGPARSE_OPTS share a prefix in their long_opt name, but
have the exact same short_opt and flags, they are aliases and not
distinct options. Avoid reporting this as an ambiguity, so that (for
example) both --clearsign and --clear-sign can be invoked as --clear.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Debian-Bug-Id: 850475
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* doc/examples/systemd-user/*.service: Add ExecReload directives to
indicate the canonical way to reload the services.
GnuPG recommends reloading the agent and dirmngr with "gpgconf
--reload". if anyone is running them as systemd user services, they
might ask them to reload in the systemd way, so teach systemd the
right thing to do.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tests/openpgp/defs.scm (valgrind): New variable.
(gpg-config): Fix clearing an option.
* tests/openpgp/gpgconf.scm: Also toggle 'quiet'.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (gc_option_free): New function.
(gc_components_free): Likewise.
(gc_components_init): Likewise.
(retrieve_options_from_program): Use 'xfree', fix memory leak.
(change_options_program): Improve error handling.
(gc_component_change_options): Fix memory leaks.
* tools/gpgconf.c (main): Initialize components.
* tools/gpgconf.h (gc_components_init): New prototype.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/defs.scm (percent-encode): New function.
(gpg-conf): Generalize so that we can feed stdin.
(gpg-config): New function.
* tests/openpgp/gpgconf.scm: New file.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/logging.c (_log_assert): Fix the variant for compilers that
do not support __FUNCTION__.
* common/logging.h (_log_assert): Likewise.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
(make_host_part): Rewrite.
--
This fixes a regression from 2.0 and 1.4 where these tags have been in
used since 2009. For whatever reason this was not ported to 2.1 and
"hkp" was always used.
GnuPG-bug-id: 2451
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
* dirmngr/http.c (do_parse_uri): That it.
* dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
(make_host_part): Ditto.
(ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
(ks_hkp_search): Ditto.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--
This implements the behaviour of the keyserver helpers from 1.4 and
2.0.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (cmd_wkd_get): Support SRV records.
--
This patch changes the way a WKD query is done. Now we first look for
a SRV record for service "openpgpkey" and port "tcp" under the
to-be-queried domain. If such a record was found and the target host
matches the to-be-queried domain or is a suffix to that domain, that
target host is used instead of the domain name. The SRV record also
allows to change the port and obviously can be used for
load-balancing.
For example a query for the submission address of example.org with the
SRV record specification
_openpgpkey._tcp IN SRV 0 0 0 wkd.foo.org.
IN SRV 0 0 0 wkd.example.net.
IN SRV 0 0 4711 wkd.example.org.
(queried using the name "_openpgpkey._tcp.example.org") would fetch
from this URL:
https://wkd.example.org:4711/.well-known/openpgpkey/submission-address
Note that the first two SRV records won't be used because foo.org and
example.net do not match example.org. We require that the target host
is identical to the domain or be a subdomain of it. This is so that
an attacker modifying the SRV records needs to setup a server in a
sub-domain of the actual domain and can't use an arbitrary domain.
Whether this is a sufficient requirement is not clear and needs
further discussion.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/misc.c (dump_cert): Also print SubjectAltNames.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
* dirmngr/http.c (connect_server): Simplify SRV lookup.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
--
This new API is more convenient because it includes commonly used
code. Note that right now http.c's SRV record code is not used.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (getsrv_libdns): Strip trailing dot from the
target.
--
See-also: b200e636ab20d2aa93d9f71f3789db5a04af0a56
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (startup_fd_list): Do not define for W32.
(main) [W32]: Do not call get_all_open_fds.
--
GnuPG-bug-id: 2267
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Andre Heinecke <[email protected]>
|
| |
|
|
|
|
|
|
| |
* scd/apdu.c (apdu_dev_list_finish): Don't call ccid_dev_scan_finish
with no table.
(apdu_open_reader): Only increment when it's zero.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* scd/apdu.c [HAVE_LIBUSB] (apdu_dev_list_start): Conditionalize.
[HAVE_LIBUSB] (apdu_dev_list_finish, apdu_open_reader): Likewise.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (new_reader_slot): Lock is now in apdu_dev_list_start.
(close_pcsc_reader_direct, close_ccid_reader): RDRNAME is handled...
(apdu_close_reader): ... by this function now.
(apdu_prepare_exit): Likewise.
(open_ccid_reader): Open with dev_list.
(apdu_dev_list_start, apdu_dev_list_finish): New.
(apdu_open_one_reader): New.
(apdu_open_reader): Support multiple readers.
* scd/app.c (select_application): With SCAN, opening all readers
available, and register as new APP.
(app_write_learn_status): app->ref_count == 0 is valid for APP which is
not yet used.
(app_list_start, app_list_finish): New.
* scd/ccid-driver.c (struct ccid_driver_s): Remove RID and BCD_DEVICE.
Add BAI.
(parse_ccid_descriptor): BCD_DEVICE is now on the arguments.
(ccid_dev_scan, ccid_dev_scan_finish): New.
(ccid_get_BAI, ccid_compare_BAI, ccid_open_usb_reader): New.
(ccid_open_reader): Support multiple readers.
(ccid_set_progress_cb, ccid_close_reader): No RID any more.
--
With this change, multiple readers/tokens are supported by the internal
CCID driver of GnuPG. Until the changes of upper layers (scdaemon,
gpg-agent, and gpg front end), only a single reader is used, though.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/tlv.c (parse_ber_header): Avoid compiler warning about a
duplicate condition.
* tools/gpgtar-create.c (pattern_valid_p): Likewise.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/decrypt-session-key.scm: New file.
Signed-off-by: Justus Winter <[email protected]>
|
