aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Support ECDSA keys with --export-ssh-key.Werner Koch2016-01-081-0/+6
| | | | | | * g10/export.c (key_to_sshblob): Add hack for ECDSA. Signed-off-by: Werner Koch <[email protected]>
* gpg: New command --export-ssh-keyWerner Koch2016-01-083-2/+312
| | | | | | | | | | | | | | | | | | * g10/export.c: Include membuf.h and host2net.h. (key_to_sshblob): New. (export_ssh_key): New. * g10/gpg.c (aExportSshKey): New. (opts): Add command. (main): Implement that command. -- GnuPG-bug-id: 2212 I have done only a few tests rights now and the ECDSA curves do not yet work. However ssh-keygen -l accept RSA and ed25519 keys exported using this command. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add an exact search flag to the PK struct.Werner Koch2016-01-082-4/+7
| | | | | | | | | * g10/getkey.c (merge_selfsigs_subkey): Clear exact flag. (finish_lookup): Set exact flag. * g10/packet.h (PKT_public_key): Add field flags.exact. -- Signed-off-by: Werner Koch <[email protected]>
* Print warnings if old daemon versions are used.Werner Koch2016-01-086-7/+164
| | | | | | | | | | | | | | | | | | | | | | * common/status.h (STATUS_WARNING): New. * g10/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. * g10/call-dirmngr.c: Include status.h. (warn_version_mismatch): New. (create_context): Call warn function. * sm/call-agent.c (warn_version_mismatch): New. (start_agent): Call warn function. (gpgsm_agent_learn): Call warn function. * sm/call-dirmngr.c (warn_version_mismatch): New. (prepare_dirmngr): Call warn function. -- We have seen too often bug reports which are due to still running old versions of the daemons. To catch this problematic use we now print warning messages and also provide the warning via the status interface. Signed-off-by: Werner Koch <[email protected]>
* common: New function compare_version_strings.Werner Koch2016-01-083-1/+150
| | | | | | | | | | | | | | | * common/stringhelp.c (parse_version_number): New. (parse_version_string): New. (compare_version_strings): New. * common/t-stringhelp.c (test_compare_version_strings): New. (main): Call test. Return ERRCOUNT instead of 0. -- The code for that function is based on code from libgcrypt. Similar code is in all GnuPG related libraries this function is a candidates for inclusion in libgpg-error. Signed-off-by: Werner Koch <[email protected]>
* common: New function get_assuan_server_version.Werner Koch2016-01-083-17/+43
| | | | | | | | | * common/asshelp.c: Include membuf.h. (get_assuan_server_version): New. * g10/call-agent.c (agent_get_version): Use new function. -- Signed-off-by: Werner Koch <[email protected]>
* common: New put_membuf_cb to replace static membuf_data_cb.Werner Koch2016-01-086-73/+41
| | | | | | | | | | | | * common/membuf.c (put_membuf_cb): New. * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use put_membuf_cb. * common/get-passphrase.c (membuf_data_cb): Ditto. * g10/call-agent.c (membuf_data_cb): Ditto. * sm/call-agent.c (membuf_data_cb): Ditto. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Return an error code from keygrip_from_pk.Werner Koch2016-01-071-1/+1
| | | | | | | | | | * g10/keyid.c (keygrip_from_pk): Return an error code. -- The error was show but the function did not return it. This change should improve error messages for unknown algorithms. Signed-off-by: Werner Koch <[email protected]>
* gpg: Avoid warnings about possible NULL deref.Werner Koch2016-01-074-3/+8
| | | | | | | | | | | | | * g10/getkey.c (cache_public_key): Protect deref of CE which actually can't happen. * g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/. * g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for DB. * g10/trustdb.c (update_min_ownertrust): Remove useless clearling of ERR. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix warnings about useless assignments.Werner Koch2016-01-0710-30/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | * g10/armor.c (parse_hash_header): Remove duplicate var assignment. * g10/getkey.c (cache_user_id): Ditto. * g10/keygen.c (ask_curve): Ditto. This also fixes a small memory leak. * g10/keygen.c (proc_parameter_file): Remove useless assignment or pointer increment. (generate_keypair): Ditto. * g10/getkey.c (finish_lookup, lookup): Ditto. * g10/card-util.c (change_pin): Ditto. * g10/gpg.c (main) <aVerify>: Ditto. * g10/import.c (import): Ditto. (print_import_check): Ditto * g10/keyring.c (do_copy): Ditto. * g10/tdbio.c (tdbio_read_record): Ditto. * g10/trustdb.c (tdb_update_ownertrust): Ditto. (update_validity): Ditto. * g10/server.c (cmd_passwd): Remove useless call to skip_options. -- Signed-off-by: Werner Koch <[email protected]>
* sm: Avoid warnings about useless assignments.Werner Koch2016-01-076-19/+15
| | | | | | | | | | | | | * sm/call-dirmngr.c (prepare_dirmngr): Remove setting of ERR. (unhexify_fpr): Remove useless computation on N. * sm/certchain.c (do_validate_chain): Remove clearing of RC. Remove useless setting of RC. * sm/fingerprint.c (gpgsm_get_keygrip): Remove setting of RC. * sm/gpgsm.c (build_list): Replace final stpcpy by strcpy. * sm/keydb.c (keydb_clear_some_cert_flags): Remove clearing of RC. * sm/server.c (cmd_getauditlog): Comment unused skip_options. Signed-off-by: Werner Koch <[email protected]>
* kbx: Avoid warnings about useless assignments.Werner Koch2016-01-071-8/+8
| | | | | | | | * kbx/keybox-dump.c (_keybox_dump_blob): Remove setting of IN_RANGE and the last increment of P. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix DNS cert lookup returning an URL.Werner Koch2016-01-071-3/+1
| | | | | | | | | * g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL param. The old code was entirely buggy (c+p error). -- Fixes-commit: 154f3ed2 Signed-off-by: Werner Koch <[email protected]>
* Fix keystrlen to work when OPT.KEYID_FORMAT is KF_DEFAULT.Daniel Kahn Gillmor2016-01-061-2/+6
| | | | | | | | | | | | | | * g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset, default to KF_SHORT. (format_keyid): Default to KF_SHORT, not KF_0xLONG. -- Without this fix, gpgv2 fails with: gpgv: Ohhhh jeeee: ... this is a bug (keyid.c:342:keystrlen) Signed-off-by: Daniel Kahn Gillmor <[email protected]> Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Silence some regression tests.Werner Koch2016-01-061-5/+6
| | | | | | * g10/test.c (TEST): Print diagnostics only in verbose mode. Signed-off-by: Werner Koch <[email protected]>
* gpg: Avoid using an uninitialized SALT on premature EOF.Werner Koch2016-01-061-0/+5
| | | | | | | | | | * g10/parse-packet.c (parse_key): Check for premature end of salt. -- This has no security implications because an arbitrary salt could have also been inset by an attacker. Signed-off-by: Werner Koch <[email protected]>
* gpg: Silence warnings found by static analyzer.Werner Koch2016-01-062-4/+3
| | | | | | | | | | * g10/keyedit.c (change_passphrase): Remove useless init of ANY. (keyedit_quick_adduid): Remove useless setting of ERR. * g10/parse-packet.c (parse_key): Remove PKTLEN from condition because it has been checked before the loop. (parse_plaintext): Remove useless init of PKTLEN. Signed-off-by: Werner Koch <[email protected]>
* gpg: Comment on false positives by static analyzers.Werner Koch2016-01-064-1/+18
| | | | --
* kbx: Avoid faulty fclose in an error case.Werner Koch2016-01-062-3/+1
| | | | | | | | | * kbx/keybox-update.c (blob_filecopy): Do not close an uninitialized file pointer after a failure to create a temp file. * kbx/keybox-openpgp.c (next_packet): Remove duplicate assignment of PKTLEN. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Silence one regression test.Werner Koch2016-01-061-2/+4
| | | | | | | * dirmngr/t-dns-stuff.c (main): Do not print info during standard "make check". Signed-off-by: Werner Koch <[email protected]>
* common: Avoid warnings about useless assignments.Werner Koch2016-01-064-5/+0
| | | | | | | | | | * common/b64enc.c (b64enc_finish): Remove var assignment which is not used later. * common/iobuf.c (file_filter): Ditto. * common/tlv.c (do_find_tlv): Ditto. * common/userids.c (classify_user_id): Ditto. Signed-off-by: Werner Koch <[email protected]>
* tests: Use info and error instead of a plain echo.Werner Koch2016-01-061-4/+2
| | | | | | * tests/openpgp/4gb-packet.test: Use error and info. Signed-off-by: Werner Koch <[email protected]>
* common: Do not deref vars in tests after a fail().Werner Koch2016-01-064-38/+41
| | | | | | | | | | | | | | | | * common/t-convert.c (test_bin2hex): Turn if conditions into if-else chains to avoid accessing unchecked data. (test_bin2hexcolon): Ditto. * common/t-mapstrings.c (test_map_static_macro_string): Ditto. * common/t-stringhelp.c (test_percent_escape): Ditto. (test_make_filename_try): Ditto. (test_make_absfilename_try): Ditto. * common/t-timestuff.c (test_timegm): Ditto. -- Note that these dereference only occur after failed regression tests. Signed-off-by: Werner Koch <[email protected]>
* gpg: Align notes about minimal keysize with actual checks.Werner Koch2016-01-051-10/+6
| | | | | | | | | * g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in export mode. Improve readability. -- GnuPG-bug-id: 2209 Signed-off-by: Werner Koch <[email protected]>
* agent: Typo fix for help text.Werner Koch2016-01-051-1/+1
| | | | --
* agent: Fix RSA verification for card.NIIBE Yutaka2016-01-051-6/+5
| | | | | | | | | | * agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead of shadowed key. -- Reported-by: Justus Winter Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix double free.Neal H. Walfield2016-01-041-9/+1
| | | | | | | | | | | * g10/getkey.c (get_pubkeys): Fix double free. -- Signed-off-by: Neal H. Walfield <[email protected]> Fixes-commit: 7195b943 Note: this error is not a security problem, because this code path is currently never executed.
* Revert commit 4654384fe7a4dcee113dacf27c398b13dea5d0be.Neal H. Walfield2016-01-041-1/+1
| | | | | | | | | -- Signed-off-by: Neal H. Walfield <[email protected]> Werner pointed out that a special error message is not needed: the error code (as displayed by gpg_strerror) will indicate what went wrong.
* agent: IMPORT_KEY with --force option fix.NIIBE Yutaka2015-12-243-6/+7
| | | | | | | | | * agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not to check existing key. (convert_from_openpgp): Ditto. (convert_from_openpgp_native): Call convert_from_openpgp_main with dontcare_exist=0. * agent/command.c (cmd_import_key): Call with dontcare_exist=force.
* g10: Use --force when importing key for bkuptocard.NIIBE Yutaka2015-12-245-10/+11
| | | | | | | * g10/call-agent.c (agent_import_key): Add an argument FORCE. * g10/import.c (transfer_secret_keys): Likewise. (import_secret_one): Call transfer_secret_keys with FORCE=0. * g10/keyedit.c (keyedit_menu): Call with FORCE=1.
* g10: Remove subcommand checkbkupkey for --key-edit.NIIBE Yutaka2015-12-241-40/+12
| | | | | | | | | | | | | * g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support. -- GnuPG-bug-id: 2169 It was introduced by the commit 9e834047 in 2009. Then, we moved private key handling to gpg-agent which broke this subcommand. Note: This subcommand was not supported in 1.4 and 2.0.
* g10: Allow relative path for specifying the file for bkuptocard.NIIBE Yutaka2015-12-241-17/+27
| | | | | * g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME. Also support tilda expansion.
* g10: fix regression of bkuptocard subcommand in --edit-key.NIIBE Yutaka2015-12-243-14/+28
| | | | | | | | | | * g10/keyedit.c (keyedit_menu): Call transfer_secret_keys. * g10/import.c (transfer_secret_keys): Make it global function. Allow stats==NULL. -- GnuPG-bug-id: 2169
* agent: Support --force option for IMPORT_KEY.NIIBE Yutaka2015-12-241-5/+7
| | | | * agent/command.c (cmd_keywrap_key): New option --force.
* dirmngr: Change the Onion keyserver in the conf template.Werner Koch2015-12-231-3/+3
| | | | | | | | | | | -- I must have mixed the up during testing. The old one is just one keyserver and the new one is the OnionBalance hidden service. See https://sks-keyservers.net/overview-of-pools.php Signed-off-by: Werner Koch <[email protected]>
* gpg: Rename struct pubkey to pukey_s and add pubkey_t.Werner Koch2015-12-232-16/+17
| | | | | | | | | | | | | | | | | * g10/keydb.h (struct pubkey): Rename to pubkey_s. (pubkey_t): New. Change all struct pubkey_s to use this type. * g10/getkey.c (get_pubkeys): Rename arg keys to r_keys. -- It is common in GnuPG to use a suffix of _s for struct names. There is no technical need for this (actually this pattern comes from pre ANSI C compilers which had no separate namespaces) but it avoid surprises when reading the code. Adding the pubkey_t type is mainly to improve font locking by using the common suffix _t for a typedefed type. Signed-off-by: Werner Koch <[email protected]>
* gpg: Simplify status message code from commit b30c15bf.Werner Koch2015-12-231-17/+2
| | | | | | | | | | | | * g10/keygen.c (card_write_key_to_backup_file): Simplify by using hexfingerprint. -- Note that the extra blank added to FPRBUF in the old code was not needed because write_status_text_and_buffer already ensures that there will be a space. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add standard free() semantic to pubkey_free.Werner Koch2015-12-231-3/+6
| | | | | | | | | * g10/getkey.c (pubkey_free): Check for NULL arg. -- We don't like surprises ;-) Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix use of assert from commit dc417bf0.Werner Koch2015-12-231-2/+3
| | | | | | | * g10/keydb.c (keydb_update_keyblock): De-ref after the assert. Use %zu for size_t. Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not translate debug output.Werner Koch2015-12-231-3/+3
| | | | | | | | | * g10/getkey.c (parse_def_secret_key): Do not make strings passed to log_debug translatable. -- Debug output is intended to be used along with the source or to be send to the developers. Thus translations are at best not helpful.
* scd: Fix commit b30c15bf (again).NIIBE Yutaka2015-12-231-0/+1
| | | | | | | | * g10/keygen.c (do_generate_keypair): Clear the variable S. -- GnuPG-bug-id: 2201
* gpg: Fix type.Neal H. Walfield2015-12-221-1/+1
| | | | | | | * g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Fix error message.Neal H. Walfield2015-12-221-1/+1
| | | | | | | * g10/getkey.c (parse_def_secret_key): Fix error message. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Don't check for ambiguous keys.Neal H. Walfield2015-12-226-512/+316
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (struct result): Move from here... * g10/keydb.h (struct pubkey): ... to here. Update users. * g10/gpg.c (check_user_ids): Move from here... * g10/getkey.c (get_pubkeys): ... to here. Update users. Use get_pubkey_byname to look up the keys (this also prunes invalid keys). (pubkey_free): New function. (pubkeys_free): New function. * g10/gpg.c (main): Don't check for ambiguous key specifications. -- Signed-off-by: Neal H. Walfield <[email protected]> Regression-due-to: e8c53fc This change not only moves the checks for ambiguous key specifications from gpg.c to getkey.c, it also disables the checks. The old code was too divorced from the actual key lookups and, as such, it reproduced the logic. Unfortunately, the reproduction was a poor one: despite fixing some inconsistencies (e.g., 10cca02), it still didn't deal with group expansion or the auto key lookup functionality. Given the amount of instability introduced by this change, we (Neal & Werner) decided it is better to defer introducing this functionality until 2.3.
* gpg: Lazily evaluate --default-key.Neal H. Walfield2015-12-224-22/+121
| | | | | | | | | | | * g10/gpg.c (main): If --encrypt-to-default-key is specified, don't add --default-key's value to REMUSR here... * g10/pkclist.c (build_pk_list): ... do it here. * tests/openpgp/Makefile.am (TESTS): Add default-key.test. * tests/openpgp/default-key.test: New file. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Remove unused parameter.Neal H. Walfield2015-12-224-18/+17
| | | | | | | | * g10/pkclist.c (build_pk_list): Remove parameter use, which is always called set to PUBKEY_USAGE_ENC. Update callers. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Improve check for ambiguous keys.Neal H. Walfield2015-12-221-94/+143
| | | | | | | | * g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore encryption-only keys when a signing key is needed and vice-versa. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Fix TOCTTOU when updating keyblocks.Neal H. Walfield2015-12-222-6/+31
| | | | | | | | | | | | | | | | | | | * g10/keydb.c (keydb_update_keyblock): Don't replace the record at the current offset. After taking the lock, extract the fingerprint from the keyblock, find it and then replace it. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 2193 Between locating the record to update and actually updating the keyblock, it is possible that another process modifies the keyring, which causes the update to corrupt the keyring. This is due to a time of check to time of use bug. The fix is straightforward: both operations must be done while holding the lock. This changes the semantics of the function slightly, but no callers need to be modified. Further, it now becomes impossible to replace key A with B; this function will only ever update B.
* Only add the user supplied CFLAGS after running any autoconf tests.Neal H. Walfield2015-12-221-0/+12
| | | | | | | | | | | | * configure.ac: Only add the user supplied CFLAGS after running any autoconf tests. -- Signed-off-by: Neal H. Walfield <[email protected]> If the user's CFLAGS include -Werror, then some configure tests fail. To avoid this, we only add the user's CFLAGS after all of the configure tests have run.
* gpg: Suppress a warning.Neal H. Walfield2015-12-221-0/+2
| | | | | | | | * dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to avoid a warning when ADNS is not available. -- Signed-off-by: Neal H. Walfield <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-13 11:12:36 +0000