| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8.
--
For the de-vs compliance of gpg we need to check whether the Jitter
RNG is used on Windows. This change allows to test this for
gpg-agent.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/stringhelp.c (split_fields_colon): New.
* common/t-stringhelp.c (test_split_fields_colon): New test.
(main): Call that test.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* tests/openpgp/defs.scm (create-file): Unlink file first.
* tests/openpgp/shell.scm: Ask whether to import legacy test keys or
not, and whether to drop 'batch' from the configuration. Add paths to
all the programs to 'PATH'.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* tests/gpgscm/repl.scm (prompt-yes-no?): New function.
* tests/gpgscm/tests.scm (pathsep-split): Likewise.
(pathsep-join): Likewise.
(with-path): Use the new function.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* tests/gpgscm/tests.scm (make-environment-cache): Check status code
of setup script.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/import.c (import_one): Fix error handling.
Fixes-commit: 330212efb927c119bb5135856f8582c0e4e2e6b7
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_keys_stream): Remove this unused function.
(import_keys_internal): Add arg origin.
(import_keys): Ditto.
(import_keys_es_stream): Ditto.
(import): Ditto.
(import_one): Ditto.
(apply_meta_data): New stub.
(import_secret_one): Pass 0 for ORIGIN.
* g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN.
(keyserver_fetch): Add arg origin.
(keyserver_import_cert): Pass KEYORG_DANE for ORIGIN.
(keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN.
* g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and
keyserver_fetch.
* g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN.
--
This is just the framework; applying the meta data will be done in
another commit.
GnuPG-bug-id: 3252
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (KEYORG_): Rename to KEYORG_.
* g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust
users.
(PKT_public_key): Ditto.
(PKT_ring_trust): Ditto.
* g10/options.h (struct opt): Add field key_origin.
* g10/getkey.c (parse_key_origin): New.
* g10/gpg.c (oKeyOrigin): New.
(opts): Add "keys-origin".
(main): Set option.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
| |
Signed-off-by: Marcus Brinkmann <[email protected]>
GnuPG-bug-id: 2331
|
| |
|
|
|
|
| |
* tests/gpgscm/main.c (load): Increase logging threshold.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tests/gpgscm/init.scm (throw'): Make it impossible to catch
'*interpreter-exit*'. This fixes 'exit' (and with it 'fail') inside
'catch' statements.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
--
This double license note was accidentally added while only wanting to
add another copyright line.
Fixes-commit: 3419a339d9c4e800bf30e9021e05982d8c1021c1
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/Makefile.am (tofu_source) [USE_TOFU]: Remove sqrtu32.h and
sqrtu32.c.
* g10/sqrtu32.h, g10/sqrtu32.c: Removed files.
* g10/tofu.c: Compare squares instead of square roots.
--
The original code is a factor 11.5 slower than using libm's sqrt(),
which in turn is a factor 3.5 slower than using one multiplication
on the other side of the comparison. Also, it's much simpler now.
Signed-off-by: Marcus Brinkmann <[email protected]>
|
| |
|
|
|
|
| |
* build-aux/Vagrantfile: New file.
Signed-off-by: Marcus Brinkmann <[email protected]>
|
| |
|
|
|
|
|
| |
* doc/gpg.texi: Improve TOFU documentation.
Signed-off-by: Neal H. Walfield <[email protected]>
Suggested-by: Teemu Likonen <[email protected]>
|
| |
|
|
|
| |
--
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
| |
---
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
* agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
--
Note that in genkey() max_length is set to MAX_PASSPHRASE_LEN + 1
because in agent_askpin() decrements that value before conveying it to
the loopback.
GnuPG-bug-id: 3254
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* doc/yat2m.c (main): Set a default for OPT_DATE.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* configure.ac (YAT2M): Check for tool.
* doc/Makefile.am (yat2m-stamp): Use installed tool if possible.
--
|
| |
|
|
|
|
|
| |
* doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete.
Signed-off-by: Marcus Brinkmann <[email protected]>
GnuPG-bug-id: 2231
|
| |
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (opts): Typo fix.
--
Regression-due-to: ccee34736b57a42ec4bdcb0d3181bdc6a08b0fff
GnuPG-bug-id: 3225
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty
passphrase is supplied, do not protect the key.
GnuPG-bug-id: 2856
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
| |
* tests/openpgp/ssh-export.scm: Split output at any whitespace.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--
GnuPG-bug-id: 3218
Note that we should add this also to dirmngr. And for non-Linux
systems a stat in ticker should be implemented.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/Makefile.am (t_http_CFLAGS): Add LIBASSUAN_CFLAGS.
(t_ldap_parse_uri_CFLAGS): Ditto.
(t_dns_stuff_CFLAGS): Ditto.
--
GnuPG-bug-id: 2424
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
This status code allows to report whether an encryption operation was
compliant to de-vs.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* g10/gpgv.c (main): Close cached handle.
Fixes-commit: 5556eca5acd46983bff0b38a1ffbc2f07fbaba9f
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/gpgv.scm: New file.
* tests/openpgp/signed-messages.scm: Likewise.
* tests/openpgp/verify.scm: Move the signed messages to the new file
and load it.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (show_keyserver_url): Print to 'fp', not to 'stdout'.
(show_notation): Likewise.
--
Fixes the fact that if mode == -1, all text except for the labels is
written to the tty, but the label is written to stdout, which is
buffered.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (enum ks_protocol): New type.
(struct hostinfo_s): New flags indicating whether we already did a
A lookup, or a SRV lookup per protocol. Turn 'port' into an array.
(create_new_hostinfo): Initialize new fields.
(add_host): Update the port for the given protocol.
(map_host): Simplify hosttable lookup misses. Check the SRV records
for both protocols on demand, do the A lookup just once. Return the
correct port.
--
Previously, if a host had both a SRV record for hkp and hkps, the
wrong port was used for the protocol that was used second, because the
hostinfo did not store a port per protocol, and the hosttable does not
discriminate between hosts using the protocol.
Fix this by querying the SRV records on demand, storing a port per
protocol, and returning the right port.
GnuPG-bug-id: 3033
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (struct hostinfo_s): Add explicit length and
size fields.
(MAX_POOL_SIZE): New macro.
(create_new_hostinfo): Initialize new fields.
(host_in_pool_p): Adapt.
(select_random_host): Likewise.
(add_host): Likewise. Move the resizing logic here.
(hostinfo_sort_pool): New function.
(map_host): Simplify. Move the resizing logic away from here.
(ks_hkp_mark_host): Adapt.
(ks_hkp_print_hosttable): Likewise.
--
The current code assumes that the pool array is only filled when the
hostinfo object is created. This patch removes that limitation.
GnuPG-bug-id: 3033
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
| |
--
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (generate_subkeypair): Handle errors from pinentry.
--
Previously, when generating a subkey, gpg would ask for the passphrase
of the primary key. If that dialog is canceled, gpg would ask a
second time for a passphrase to protect the new subkey.
Fix this by handling the error.
GnuPG-bug-id: 3212
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check. Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace
assert by debug message.
--
Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative. Better use a boolean test.
The assert could have lead to a regression for no good reason. Not
being compliant is better than breaking existing users.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
--
This makes greping much easier and we have done that since ever.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ffi.c (do_wait_processes): Suppress the timeout error.
* tests.scm (semaphore): New definition.
(test-pool): Only run a bounded number of tests in parallel.
(test::started?): New function.
(run-tests-parallel): Do not report results, do not start the tests.
(run-tests-sequential): Adapt.
(run-tests): Parse the number of parallel jobs.
--
This change limits the number of tests that are run in parallel. This
way we do not overwhelm the operating systems' scheduler. As a
side-effect, we also get more accurate runtime information, and it
will be easy to implement timeouts on top of this.
Use TESTFLAGS to limit the number of jobs:
$ make check-all TESTFLAGS=--parallel=16
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* tests/gpgscm/tests.scm (flag): Accept arguments of the form
'--foo=bar'.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* tests/gpgscm/ffi.scm (ffi-fail): Do not needlessly join the error
message.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tests/gpgscm/init.scm (throw'): Guard against 'args' being atomic.
* tests/gpgscm/scheme.c (Eval_Cycle): Remove any superfluous colons in
error messages.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* tests/openpgp/all-tests.scm: Generalize a bit, and also add a
variant that uses the new extended key format.
* tests/openpgp/defs.scm (create-gpghome): Conditionally enable the
new extended key format.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* COPYING.LIB: Rename to COPYING.LGPL3.
* COPYING.LGPL21: New.
* COPYING.GPL2: New.
* Makefile.am: Distribute them.
* AUTHORS: Update license pointers. Add BSI as copyright holder.
* common/compliance.c, common/compliance.h: Add BSI copyright notice.
Break overlong lines.
* dirmngr/loadswdb.c: Add BSI copyright notices.
* dirmngr/server.c: Ditto.
* tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI
copyright notice.
* tools/call-dirmngr.h: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpg-wks.h: Ditto.
* tools/mime-maker.c: Ditto.
* tools/mime-maker.h: Ditto.
* tools/mime-parser.c: Ditto.
* tools/mime-parser.h: Ditto.
* tools/send-mail.c: Ditto.
* tools/send-mail.h: Ditto.
* tools/wks-receive.c: Ditto.
* tools/wks-util.c: Ditto.
* tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
--
For better deployment it seems to be better to make the Web Key
Directory code more easily available.
Some code was been developed under contract of the BSI.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
false if the module is not initialized.
(gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
not initialized.
(gnupg_status_compliance_flag): Do not assert that the module is
initialized.
(gnupg_parse_compliance_option): Likewise.
(gnupg_compliance_option_string): Likewise.
--
This implements a default policy for modules not explicitly using the
compliance module. The default policy is to allow all algorithms, but
mark none of them as compliant.
Fixes gpgv.
GnuPG-bug-id: 3210
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* doc/gpg.texi: Document the new import option.
* g10/gpg.c (main): Make the new option default to yes.
* g10/import.c (parse_import_options): Parse the new option.
(import_one): Act on the new option.
* g10/options.h (IMPORT_REPAIR_KEYS): New macro.
GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/Makefile.am (gpg_sources): Add new files.
* g10/gpgcompose.c (keyedit_print_one_sig): New stub.
* g10/keyedit.c (sig_comparison): Move to new module.
(check_all_keysigs): Likewise.
(fix_keyblock): Adapt callsite.
(keyedit_menu): Likewise.
* g10/key-check.c: New file.
* g10/key-check.h: Likewise.
GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/Makefile.am (gpg_SOURCES): Add new file.
* g10/keyedit.c (NODFLG_*): Move flags to the new header file.
(print_one_sig): Export symbol and rename accordingly.
(print_and_check_one_sig): Adapt accordingly.
(check_all_keysigs): Likewise.
* g10/keyedit.h: New file.
* g10/main.h: Drop declarations, include new header.
GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family
mismatch.
(enum dns_res_state): New states for querying over IPv6.
(dns_res_exec): Implement the new states by copying and modifying the
IPv4 variants. Branch to their respective counterparts if the current
list of resolvers using the current address family is exhausted.
--
This allows dirmngr to resolve names on systems where the nameservers
are only reachable via IPv6.
GnuPG-bug-id: 2990
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (getkey_end) [!W32]: Re-enable caching.
--
This change limits of the effects of commit
d3d640b9cc98dd0d06b49a2e4d46eb67af96fe29 to W32 system.
GnuPG-bug-id: 3097
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
