aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Enable the Issuer Fingerprint from rfc4880bisWerner Koch2016-10-282-12/+6
| | | | | | | | | | | | | | | | * g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new Issuer Fingerprint sub-packet. * g10/mainproc.c (check_sig_and_print): Always consider that sub-packet. -- The specs for this sub-packet have been pushed to the OpenPGP WG's repo today. See-also: https://mailarchive.ietf.org/arch/msg/\ openpgp/GvPo2eSL9GW9WcGhOocY7KBa9FY Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix signature checking.Werner Koch2016-10-271-25/+76
| | | | | | | | | | | | | | * dirmngr/server.c: Include cpparray.h. (verify_swdb_parm_s): New. (verify_swdb_status_cb): New. (cmd_versioncheck): Use gpgv to correclty verify the signature. Rename some variable to comply with GNU standards. -- Relying on the return code of gpg is not a robust way to check signatures. We better use our dedicated tool. Signed-off-by: Werner Koch <[email protected]>
* gpg: Verify multiple detached signatures with different hash algos.Werner Koch2016-10-271-5/+23
| | | | | | * g10/mainproc.c (proc_tree): Loose check. Enable all algos. Signed-off-by: Werner Koch <[email protected]>
* common: Add GNUPG_MODULE_NAME_GPGV.Werner Koch2016-10-272-0/+8
| | | | | | | * common/util.h (GNUPG_MODULE_NAME_GPGV): New. * common/homedir.c (gnupg_module_name): Implement. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix iteration over getkey results.Justus Winter2016-10-271-3/+6
| | | | | | | * g10/getkey.c (getkey_next): Return the public key in PK even if RET_KEYBLOCK is NULL. Signed-off-by: Justus Winter <[email protected]>
* Fix typos.Justus Winter2016-10-2713-14/+14
| | | | | -- Signed-off-by: Justus Winter <[email protected]>
* g10: Assert preconditions.Justus Winter2016-10-271-0/+3
| | | | | | * g10/getkey.c (get_pubkey_byname): Assert preconditions. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Do not implement --supervised in Windows.Werner Koch2016-10-272-4/+8
| | | | | | | * dirmngr/dirmngr.c (opts) [W32]: Remove --supervised. (main) [W32]: Ditto. Signed-off-by: Werner Koch <[email protected]>
* common: Remove debug output from gnupg_get_socket_name.Werner Koch2016-10-271-4/+4
| | | | | | | * common/sysutils.c (gnupg_get_socket_name): Remove debug message and use my_error_from_syserror. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: ADNS error handling fix.NIIBE Yutaka2016-10-271-4/+4
| | | | | | | | | | * dirmngr/dns-stuff.c (resolve_name_adns, get_dns_cert, get_dns_cname): Use gpg_error and gpg_err_code_from_errno to compose the error value. -- This fixes commits 6f1d8123d61b3efac94b4c61ee75bd947790ba42. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Convey --quick option to dirmngr for --auto-key-retrieve.Werner Koch2016-10-2710-48/+59
| | | | | | | | | | | | | | | | | | * g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'. (gpg_dirmngr_wkd_get): Ditto. * g10/keyserver.c (keyserver_get): Add arg 'quick'. (keyserver_get_chunk): Add arg 'quick'. (keyserver_import_fprint): Ditto. Change callers to pass 0 for it. (keyserver_import_keyid): Ditto. (keyserver_import_wkd): Ditto. * g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with QUICK set. -- Note that this option has not yet been implemented by dirmngr. Dirmngr will simply ignore it for now. Signed-off-by: Werner Koch <[email protected]>
* common: Fix gnupg_inotify_has_name, differently.NIIBE Yutaka2016-10-271-21/+15
| | | | | | | | | | | * common/sysutils.c (gnupg_inotify_has_name): Use void * to stop the warning. -- According to the man page of inotify(7), it is aligned by null bytes. So, bc28f320fa6f5b9fcdb73dba5e6c582daf7992c5 is reverted. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: More ADNS error fix.NIIBE Yutaka2016-10-271-4/+4
| | | | | | | | | * dirmngr/dns-stuff.c (get_dns_cert, getsrv, get_dns_cname): Fix return value. -- GnuPG-bug-id: 2745 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix error return for ADNS.NIIBE Yutaka2016-10-271-1/+1
| | | | | | | | | | | * dirmngr/dns-stuff.c (resolve_name_adns): Use RET for return value. -- There are cases where libadns returns an error without setting the variable ERRNO. GnuPG-bug-id: 2745 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix ECDH, clarifying the format.NIIBE Yutaka2016-10-271-18/+20
| | | | | | | | | | | * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when it's short. Clarify the format. Handle other prefixes correctly. -- With the scdaemon's change, there is no case NBYTES < SECRET_X_SIZE. This fixes the break of ECDH with X25519. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add 0x41 prefix for x-coordinate only result.NIIBE Yutaka2016-10-271-12/+21
| | | | | | | | | | | * scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the prefix 0x41. -- Card should return fixed size bytes, either in format of (04 || X || Y) or (X, x-coordinate only). Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: ECDH shared point format.Arnaud Fontaine2016-10-271-8/+24
| | | | | | | | | | * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of ECDH shared point format. -- This handles the case where the result comes from scdaemon. Signed-off-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
* dirmngr: Implement --supervised command (for systemd, etc).Daniel Kahn Gillmor2016-10-272-0/+47
| | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (main): Add new --supervised command, which is a mode designed for running under a process supervision system like systemd or runit. * doc/dirmngr.texi: document --supervised option. -- "dirmngr --supervised" is a way to invoke dirmngr such that a system supervisor like systemd can provide socket-activated startup, log management, and scheduled shutdown. When running in this mode, dirmngr: * Does not open its own listening socket; rather, it expects to be given a listening socket on file descriptor 3. * Does not detach from the invoking process, staying in the foreground instead. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* agent,common: move get_socket_name() into common.Daniel Kahn Gillmor2016-10-273-48/+52
| | | | | | | | | | * agent/gpg-agent.c (get_socket_name): move to ... * common/sysutils.c (gnupg_get_socket_name): ... here. -- This allows us to use the same functionality in dirmngr as well. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* dirmngr: report actual socket name.Daniel Kahn Gillmor2016-10-273-1/+11
| | | | | | | | | | | | | | * dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function to report known socket name. * dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name to report correct socket name. -- This fixes the output of 'getinfo socket_name' when dirmngr is invoked with --socket-name. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* common: Fix gnupg_inotify_has_name.NIIBE Yutaka2016-10-271-14/+22
| | | | | | | | | * common/sysutils.c (gnupg_inotify_has_name): Take care of the alignment. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix help string and argument.NIIBE Yutaka2016-10-271-2/+2
| | | | | | | | * dirmngr/server.c (hlp_versioncheck): Add a newline. (cmd_versioncheck): Fix argument. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix hang due to deferred thread initialization.Werner Koch2016-10-261-13/+12
| | | | | | | | | * dirmngr/dirmngr.c (main): Call ldap_wrapper_launch_thread after thread_init. -- Fixes-commit: eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d Signed-off-by: Werner Koch <[email protected]>
* agent: Avoid double error message.Werner Koch2016-10-261-4/+3
| | | | | | | | | | | * agent/gpg-agent.c (map_supervised_sockets): Shorten error message. Remove unneeded diagnostic. -- get_socket_name already prints error messages and thus there is not need to print another one. Signed-off-by: Werner Koch <[email protected]>
* common: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL.Werner Koch2016-10-261-1/+1
| | | | | | | | | | | | * common/sysutils.c (gnupg_inotify_watch_socket): Return GPG_ERR_INV_VALUE for a missing socket name and set proper error source. -- By using a different value we can easier see whether the error is due to a system call or from GnuPG code. Signed-off-by: Werner Koch <[email protected]>
* tests: Improve portability of fake-pinentry.Werner Koch2016-10-261-21/+28
| | | | | | | | | * tests/openpgp/fake-pinentry.c: Make all functions static. (get_passphrase): s/unlink/remove/ because that is standard C. (spacep): Rename to whitespace and change all callers. (main): Move macro out of if-then chain. Signed-off-by: Werner Koch <[email protected]>
* doc: Fix spelling of "internal".Daniel Kahn Gillmor2016-10-261-1/+1
| | | | | -- Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* agent: --supervised mode improvements.Daniel Kahn Gillmor2016-10-261-0/+7
| | | | | | | | * agent/gpg-agent.c (map_supervised_socket): if the agent is running in --supervised mode and is not actually given LISTEN_FDNAMES directives, require at least fd 3 to be open for listening. -- Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* common: avoid segfaultDaniel Kahn Gillmor2016-10-261-0/+3
| | | | | | | * common/sysutils.c (gnupg_inotify_watch_socket): return EINVAL if socket_name is NULL, rather than segfaulting -- Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* agent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry.Justus Winter2016-10-252-7/+71
| | | | | | | | | | | | | * agent/call-pinentry.c (start_pinentry): Also send the user data using an Assuan 'OPTION' command. * tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating passphrase file. (spacep): Include newline characters. (rstrip): New function. (main): Handle Windows line endings. Handle the userdata option, and restart with the new options. Signed-off-by: Justus Winter <[email protected]>
* tests: Do not autostart gpg-agents on teardown.Justus Winter2016-10-251-1/+2
| | | | | | | * tests/openpgp/defs.c (stop-agent): Use '--no-autostart' when calling gpg-connect-agent. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Allow command VERSIONCHECK to handle 3 part version numbers.Werner Koch2016-10-251-35/+83
| | | | | | | | | | * dirmngr/server.c (parse_version_string): Add arg MICRO and set it. (cmp_version): Extend to handle the MICRO part. (confucius_mktmpdir): Rename to my_mktmpdir. (my_mktmpdir): xstrconcat does not fail; use strconcat. (fetch_into_tmpdir): Improve error checking. Signed-off-by: Werner Koch <[email protected]>
* common: Use strconcat in gnupg_setenv.Werner Koch2016-10-251-22/+22
| | | | | | | | * common/sysutils.c (gnupg_setenv): Replace malloc+stpcpy by strconcat. Indent cpp conditionals. (gnupg_unsetenv): Indent cpp conditionals. Signed-off-by: Werner Koch <[email protected]>
* gpg: Replace two sprintf calls.Werner Koch2016-10-241-8/+3
| | | | | | | | | | | | | | | | | | | * g10/keygen.c (print_status_key_created): Use snprintf for now. (ask_expire_interval): Replace xmalloc and sprintf by xasprintf. -- Future updates: Replace code like r = xcalloc (1, sizeof *r + 20 ); r->key = pKEYLENGTH; sprintf( r->u.value, "%u", info.key_attr[0].nbits); by something like r = new_r_with_value ("%u", info.key_attr[0].nbits); r->key = pKEYLENGTH; Signed-off-by: Werner Koch <[email protected]>
* agent: Minor cleanup for recent change in findkey.cWerner Koch2016-10-241-6/+2
| | | | | | * agent/findkey.c (agent_write_private_key): Avoid label name error. Signed-off-by: Werner Koch <[email protected]>
* agent: Slightly change structure of cmd_readkey.Werner Koch2016-10-241-29/+31
| | | | | | | | | | | | | | | * agent/command.c (cmd_readkey): Avoid a leave label in the middle of the code. Remove the special return. -- This helps to get better debug output. The set_error macro which is used by parse_keygrip merely sets the error code into the Assuan context. It is thus no problem anymore to call leave_cmd after having used set_error. This might havve been diffferent in the past. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix segfault in VERSIONCHECK.Kai Michaelis2016-10-241-2/+2
| | | | | * dirmngr/server.c (cmd_versioncheck): The VERSIONCHECK command crashes when called without program version.
* scd: Use canonical curve name of libgcrypt.NIIBE Yutaka2016-10-243-41/+71
| | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (send_key_attr): Use curve instead of OID. (ecdh_params): New. (ecc_read_pubkey): Use ecdh_params. Use curve name. (ecc_writekey): Likewise. (ecc_curve): Rename from ecc_oid. (parse_algorithm_attribute): Use ecc_curve. * g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to intern the curve name string. * g10/card-util.c (card_status): Conver curve name to alias for print. -- Now, sdcaemon answer for KEY-ATTR is in the canonical curve name instead of the alias. Since it is used of key generation for card encryption key with backup, it should be canonical name. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix openpgp_is_curve_supported.NIIBE Yutaka2016-10-241-2/+2
| | | | | | | | | | * common/openpgp-oid.c (openpgp_is_curve_supported): Support both of canonical name of the curve and alias. -- Only alias (the name for print) was allowed before this change. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix card keygen for decryption.NIIBE Yutaka2016-10-231-2/+2
| | | | | | | | | * g10/keygen.c (do_generate_keypair): Fix arguments. -- Reported-by: Grumpy Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: More card key generation change.NIIBE Yutaka2016-10-211-39/+24
| | | | | | | | | | | | * g10/keygen.c (gen_card_key): Add back ALGO as the second argument. Don't get ALGO by KEY-ATTR by this function. It's caller to provide ALGO. Don't do that by both of caller and callee. (generate_keypair): Only put paramerters needed. Use parameters for ALGO to call gen_card_key. (generate_card_subkeypair): Get ALGO and call gen_card_key with it. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Write first keybox record in binary modeAndre Heinecke2016-10-211-1/+1
| | | | | | | | | * g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode. -- This fixes keybox corruption on windows. Signed-off-by: Andre Heinecke <[email protected]>
* g10,scd: Fix ECC keygen.NIIBE Yutaka2016-10-213-21/+70
| | | | | | | | | | | | * g10/keygen.c (generate_keypair): For card key generation, fill parameters by KEY-ATTR. * scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last, after its reference by OIDBUF is finished. (ecc_writekey): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix segfault changing key attr.NIIBE Yutaka2016-10-211-1/+1
| | | | | | | | * asc/app-openpgp.c (change_keyattr_from_string): Release after allocated. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Don't ask keysize for for non-RSA card.NIIBE Yutaka2016-10-211-22/+28
| | | | | | | | | | | | * g10/card-util.c (card_status): Bug fix for keyno. (ask_card_rsa_keysize, do_change_rsa_keysize): Rename. (generate_card_keys): Only ask keysize when RSA. (card_generate_subkey): Likewise. -- Co-authored-by: Arnaud Fontaine <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Support ECC for gen_card_key.NIIBE Yutaka2016-10-211-15/+17
| | | | | | | | | | | * g10/keygen.c (gen_card_key): Remove the first argument of ALGO. (do_generate_keypair, generate_card_subkeypair): Follow the change. -- ALGO is determined by the key attribute of the card. Co-authored-by: Arnaud Fontaine <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix use cases of snprintf.NIIBE Yutaka2016-10-2116-157/+97
| | | | | | | | | | | * agent/call-pinentry.c, agent/call-scd.c, agent/command.c, build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c, dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c, g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c, sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix saving with FORCE=1.NIIBE Yutaka2016-10-211-6/+19
| | | | | | | | * agent/findkey.c (agent_write_private_key): Recover from an error of GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+". -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Simplify test.Justus Winter2016-10-201-36/+31
| | | | | | | * tests/openpgp/quick-key-manipulation.scm: Avoid creating a temporary home directory, just make the uids unique. Signed-off-by: Justus Winter <[email protected]>
* tests: Flush stdout in the fake pinentry.Justus Winter2016-10-201-0/+1
| | | | | | | * tests/openpgp/fake-pinentry.c (reply): Flush stdout. Fixes-commit: 94504b3d5af126abb591dedda1ca0f0970822f55 Signed-off-by: Justus Winter <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-14 11:22:00 +0000