aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* w32: Replace libiconv DLL by iconv feature of libgpg-error.Werner Koch2016-04-214-16/+26
| | | | | | | | | | | * configure.ac: Do nor require libiconv for W32. * common/utf8conv.c [W32]: Do not incluce iconv.h. Request libgpg-error iconv macros. (jnlib_iconv): Use ICONV_CONST macro. * build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv. * build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise. Signed-off-by: Werner Koch <[email protected]>
* agent: Sanitize permissions of the private key directory.Justus Winter2016-04-204-24/+69
| | | | | | | | | | | | | * agent/gpg-agent.c (create_private_keys_directory): Set permissions. * common/sysutils.c (modestr_to_mode): New function. (gnupg_mkdir): Use new function. (gnupg_chmod): New function. * common/sysutils.h (gnupg_chmod): New prototype. * tests/migrations/from-classic.test: Test migration with existing directory. GnuPG-bug-id: 2312 Signed-off-by: Justus Winter <[email protected]>
* tests: Test the migration from a classic GnuPG home directory.Justus Winter2016-04-207-1/+258
| | | | | | | | | | | | * configure.ac: Add new directory. * tests/Makefile.am (SUBDIRS): Likewise. * tests/migrations/Makefile.am: New file. * tests/migrations/from-classic.gpghome/pubring.gpg.asc: Likewise. * tests/migrations/from-classic.gpghome/secring.gpg.asc: Likewise. * tests/migrations/from-classic.gpghome/trustdb.gpg.asc: Likewise. * tests/migrations/from-classic.test: Likewise. Signed-off-by: Justus Winter <[email protected]>
* speedo: Use swdb.lst to define the SQLite version.Werner Koch2016-04-203-9/+32
| | | | | | | | | * build-aux/speedo.mk: Change sqlite to use our mirror and the swdb.lst file. * build-aux/speedo/w32/inst.nsi: gpg is now build and installed as gpg. Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve UID selction of --quick-sign-key.Werner Koch2016-04-192-13/+60
| | | | | | | | * g10/keyedit.c (keyedit_quick_sign): Improve UID selection and print error for non-found userids. -- GnuPG-bug-id: 2315
* gpg: Avoid debug like output at start of --edit-key.Werner Koch2016-04-191-6/+12
| | | | | | | | * g10/keyedit.c (check_all_keysigs): Print info only after something has been modified. -- Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix https never reported in general helpAndre Heinecke2016-04-151-1/+7
| | | | | | | | * dirmngr/ks-engine-http.c (ks_hkp_help): Also print https when supported and no uri provided. -- Wrong reporting was pointed out by K_F, again.
* dirmngr: Fix https incorrectly reported in helpAndre Heinecke2016-04-151-0/+2
| | | | | | | | | * dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls is supported. -- Wrong reporting was pointed out by K_F. Check is the same as in ks-engine-hkp.c
* po: Fix a string in de.po.Werner Koch2016-04-151-3/+2
| | | | | | | | | | -- With commit b3378b3a56fc90ba8ae38e6298b23a378305af32 from July 2014 we use strconcat instead of sprintf for the string and thus we need to remove one level of percent escaping. Signed-off-by: Werner Koch <[email protected]>
* agent: Fix regression due to recent commit 4159567.Werner Koch2016-04-141-2/+4
| | | | | | | | | | | | | | * agent/protect.c (do_encryption): Fix CBC hashing. -- The buggy code included an extra closing parenthesis before the (protected-at) term in the CBC hashing. We now do it by explicitly hashing the protected stuff and append the rest of the expression instead of a fixed closing parenthesis. Note that the OCB hashing only differs that it does no include the protected part. Fixes-commit: 4159567f7ed7a1139fdc3a6c92988e1648ad84ab Signed-off-by: Werner Koch <[email protected]>
* agent: Allow gpg-protect-tool to handle openpgp-native protection.Werner Koch2016-04-142-14/+97
| | | | | | | | | | | | | | | * agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to agent_unprotect. (main): Allocate a simple CTRL object and pass it to read_and_unprotect. (convert_from_openpgp_native): Remove stub. (agent_key_available, agent_get_cache): New stubs. (agent_askpin): New emulation for the one in call-pinentry.c. (agent_write_private_key): New to dump key. * agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c -- Signed-off-by: Werner Koch <[email protected]>
* tests: Set fake-pinentry's stdout and stdin to _IOLBF.Werner Koch2016-04-141-2/+19
| | | | | | | | * tests/openpgp/fake-pinentry.c (main): Call setvbuf. Show passphrase at startup. Increase buffer. -- Signed-off-by: Werner Koch <[email protected]>
* agent: Implement new protection mode openpgp-s2k3-ocb-aes.Werner Koch2016-04-129-138/+374
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/protect.c (agent_protect): Add arg use_ocb. Change all caller to pass -1 for default. * agent/protect-tool.c: New option --debug-use-ocb. (oDebugUseOCB): New. (opt_debug_use_ocb): New. (main): Set option. (read_and_protect): Implement option. * agent/protect.c (OCB_MODE_SUPPORTED): New macro. (PROT_DEFAULT_TO_OCB): New macro. (do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp, and timestamp_exp_len. Implement OCB. (agent_protect): Change to support OCB. (do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len. Implement OCB. (merge_lists): Allow NULL for sha1hash. (agent_unprotect): Change to support OCB. (agent_private_key_type): Remove debug output. -- Instead of using the old OpenPGP way of appending a hash of the plaintext and encrypt that along with the plaintext, the new scheme uses a proper authenticated encryption mode. See keyformat.txt for a description. Libgcrypt 1.7 is required. This mode is not yet enabled because there would be no way to return to an older GnuPG version. To test the new scheme use gpg-protect-tool: ./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key ./gpg-protect-tool -av -P abc -u <prot.key Any key from the private key storage should work. Signed-off-by: Werner Koch <[email protected]>
* doc: Note that the persistant passphrase format is unimplemented.Werner Koch2016-04-122-1/+3
| | | | --
* indent: Help Emacs not to get confused by conditional compilation.Werner Koch2016-04-122-1/+4
| | | | | | | | * agent/protect.c (calibrate_get_time) [W32]: Use separate function calls for W32 and W32CE. -- Signed-off-by: Werner Koch <[email protected]>
* doc: Point to RFC-4880 for keyedit subcommand "tsign".Werner Koch2016-04-121-1/+2
| | | | | | -- GnuPG-bug-id: 2283
* g10: Fix exporting secret keys of certain sizes.Justus Winter2016-04-071-1/+1
| | | | | | | | | | | | | * g10/build-packet.c (do_key): Do not use the header length specified by the public key packet from the keyring, but let 'write_header2' compute the required length. -- Specifically exporting RSA keys of length 1024 failed, as the encoded public key packet requires 141 bytes a length that fits into one byte, but the secret key is significantly larger, making the export fail. GnuPG-bug-id: 2307 Signed-off-by: Justus Winter <[email protected]>
* g10: Fix typo.Justus Winter2016-04-071-1/+1
| | | | | -- Signed-off-by: Justus Winter <[email protected]>
* doc: Update help.ru.txtIneiev2016-04-061-107/+226
| | | | --
* Revert "g10: Support armored keyrings in gpgv."Justus Winter2016-04-066-137/+10
| | | | This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.
* dirmngr: Autodetect PEM format in dirmngr-client.Justus Winter2016-04-051-13/+30
| | | | | | | | | | | * dirmngr/dirmngr-client.c (init_asctobin): New function. (main): Move the initialization code to the new function. (read_pem_certificate): Initialize base64 table. (read_certificate): Try to decode certificates given in files as PEM first. GnuPG-bug-id: 1844 Signed-off-by: Justus Winter <[email protected]>
* build: Fix for: Build gpgcompose only in maintainer modeWerner Koch2016-04-051-1/+2
| | | | | | | * g10/Makefile.am (noinst_PROGRAMS): Always add module_tests. -- Fixes-commit: 4b5341d
* doc: Install gpg and gpgv man pages under the correct name.Werner Koch2016-04-054-31/+81
| | | | | | | | | | | | * doc/mkdefsinc.c (main): Add double include guard. Set variable gpgtwohack. Define macros gpgname and gpgvname. * doc/gpg.texi: Remove macro definition for gpgname. Use Texinfo var gpgtwohack to prepare the man pages. Use @gpgname everywhere. * doc/gpgv.texi: Likewise. * doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add them depending on USE_GPG2_HACK. Signed-off-by: Werner Koch <[email protected]>
* build: Build gpgcompose only in maintainer modeWerner Koch2016-04-052-1/+3
| | | | | | | * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose only in maintainer mode. Signed-off-by: Werner Koch <[email protected]>
* gpg: Replace use of "gpg2" by GPG_NAMEWerner Koch2016-04-053-15/+16
| | | | Signed-off-by: Werner Koch <[email protected]>
* Now build "gpg" binary but install as "gpg2"Werner Koch2016-04-0410-31/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac (USE_GPG2_HACK): New ac_define am_conditional. * common/homedir.c (gnupg_module_name): Replace use of macro NAME_OF_INSTALLED_GPG. * g10/keygen.c (generate_keypair): Ditto. * g10/Makefile.am (bin_PROGRAMS): Remove. (noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2. (gpg2_hack_list): New. (use_gpg2_hack): New. (gpg2_SOURCES): Rename to gpg_SOURCES. (gpgv2_SOURCES): Rename to gpgv_SOURCES. (gpg2_LDADD): Rename to gpg_LDADD. (gpgv2_LDADD): Rename to gpgv_LDADD. (gpg2_LDFLAGS): Rename to gpg_LDFLAGS. (gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS. (install-exec-hook): Remove WinCE specific rules and add new rules. (uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2. * tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/. * tests/openpgp/defs.inc: Ditto. * tests/openpgp/gpgtar.test: Ditto. * tests/openpgp/mkdemodirs: Ditto. * tests/openpgp/signdemokey: Ditto. * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete --enable-mailto, add --enable-gpg2-is-gpg. -- Although we need to duplicate some automake generated code this method allows to easily switch the name of the installed target using the configure option "--enable-gpg2-is-gpg". Signed-off-by: Werner Koch <[email protected]>
* tests: Add missing file.Werner Koch2016-04-041-0/+1
| | | | | | | * tests/openpgp/Makefile.am (TEST_FILES): Add plain-largeo.asc. -- Fixes-commit: 785a7f463ec4e937304ce1263c5e6a46e8079137
* g10: Support armored keyrings in gpgv.Justus Winter2016-04-046-10/+137
| | | | | | | | | | | | | * doc/gpgv.texi: Document the feature. * g10/Makefile.am (gpgv2_SOURCES): Add dearmor.c. * g10/dearmor.c (dearmor_file): Add sink argument. * g10/gpg.c (main): Adapt accordingly. * g10/gpgv.c (make_temp_dir): New function. (main): De-armor keyrings. * g10/main.h (dearmor_file): Adapt prototype. GnuPG-bug-id: 2290 Signed-off-by: Justus Winter <[email protected]>
* tests: Fix default key test.Justus Winter2016-04-041-2/+2
| | | | | | | * tests/openpgp/default-key.test: Avoid using the option '--trust-model' unconditionally. Signed-off-by: Justus Winter <[email protected]>
* po: Fix misleading german translation.Justus Winter2016-04-011-2/+1
| | | | | | -- GnuPG-bug-id: 2239 Signed-off-by: Justus Winter <[email protected]>
* build: Check for conflicting trust model options.Justus Winter2016-04-011-1/+4
| | | | | | | * configure.ac: Disable TOFU if configured without trust models, and check for conflicting options. Signed-off-by: Justus Winter <[email protected]>
* g10: Remove option --always-trust if compiled without trust models.Justus Winter2016-04-011-0/+2
| | | | | | | * g10/gpg.c (opts): Remove option --always-trust if compiled without trust models. Signed-off-by: Justus Winter <[email protected]>
* speedo,w32: Build libsqlite3.Justus Winter2016-03-311-1/+3
| | | | | | | | * build-aux/speedo.mk (speedo_spkgs): Add libsqlite3 on w32. (libsqlite3_ver): New variable. (speedo_pkg_libsqlite3_tar): Likewise. Signed-off-by: Justus Winter <[email protected]>
* g10: Use gpg-error abstraction of sched_yield.Justus Winter2016-03-311-2/+1
| | | | | | * g10/tofu.c (begin_transaction): Use 'gpgrt_yield'. Signed-off-by: Justus Winter <[email protected]>
* gpg: Fix NULL-segv for missing tofu DB.Werner Koch2016-03-291-1/+2
| | | | | | | | | | | * g10/tofu.c (opendb): Guard call to timeout function. -- GnuPG-bug-id: 2294 Fix not tested but is pretty obvious. Signed-off-by: Werner Koch <[email protected]>
* gpg: Improve message when asking for key capabilities.Werner Koch2016-03-221-5/+7
| | | | | | | | | | | | * g10/keygen.c (ask_key_flags): Improve message. -- Because the curve is only selected after the capabilities are queried we do not know whether ECDSA or EdDSA will eventually be used. When printing the possible capabilities we now use print "ECDSA/EdDSA" for the algorithm. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove the extra prompt for Curve25519.Werner Koch2016-03-221-34/+30
| | | | | | | | | | | | | | * g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve. (ask_curve): Use a fixed table of curve names and reserve a slot for Curve448. Simplify CurveNNNN/EdNNNN switching. (ask_curve): Remove the Curve25519 is non-standard prompt. -- Given that ECC generation is only available in export mode and that gpg will in any case support our current ed2559/cv25519 definition the extra prompt does not make anymore sense. Signed-off-by: Werner Koch <[email protected]>
* gpg: Silence trustdb computation with --quiet.Werner Koch2016-03-191-8/+11
| | | | | | | * g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet mode. Signed-off-by: Werner Koch <[email protected]>
* sm: Always create a keybox header when creating a new keybox.Werner Koch2016-03-171-0/+12
| | | | | | | | | | | | | * sm/keydb.c (maybe_create_keybox): Create the header blob. -- This is required so that g10/keydb.c can properly detect that a keybox file is actually there. Just writing a 0 zero length keybox file is not sufficient because a file with that name may also be an old-style OpenPGP keyring. GnuPG-bug-id: 2275 Signed-off-by: Werner Koch <[email protected]>
* doc: Improve documentation of --enable-large-rsa.Neal H. Walfield2016-03-171-4/+6
| | | | | | | | * doc/gpg.texi (--enable-large-rsa): Improve text. -- Signed-off-by: Neal H. Walfield <[email protected]> Suggested-by: Bernhard Reiter <[email protected]>
* agent: allow removal of the shadowed key.NIIBE Yutaka2016-03-161-1/+1
| | | | | | | | * agent/findkey.c (agent_delete_key): Remove the key when asked. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Add const qualifier.NIIBE Yutaka2016-03-161-2/+2
| | | | | | | | * g10/gpgcompose.c (show_help): Those are strings not to be modified. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Do not rely on a certain evaluation order.Werner Koch2016-03-151-1/+5
| | | | | | | | | * g10/keyedit.c (print_and_check_one_sig): Call check_key_signature before derefing IS_SELFSIG. -- Fixes-commit: 5fbd80579aea0f75ca1d2700515c5b8747a75c7d Signed-off-by: Werner Koch <[email protected]>
* scd: Add manufacturer id 0x000aWerner Koch2016-03-141-0/+1
| | | | | | * g10/card-util.c (get_manufacturer): Add it. Signed-off-by: Werner Koch <[email protected]>
* g10: Silence message if --quiet is given.Kevin J. McCarthy2016-03-101-1/+1
| | | | | | | * g10/getkey.c (parse_def_secret_key): Silence message if --quiet is given. Signed-off-by: Justus Winter <[email protected]>
* gpg: Add a new test.Neal H. Walfield2016-03-083-2/+616
| | | | | | | | | | | | | * g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc. (module_tests): Add t-stutter. (t_stutter_SOURCES): New variable. (t_stutter_LDADD): New variable. -- Signed-off-by: Neal H. Walfield <[email protected]> Add a test to check that the Mister and Zuccerato attack described in "An Attack on CFB Mode Encryption As Used by OpenPGP" works.
* sm: Implement pinentry loopback and reading passphrases from fd.Justus Winter2016-03-077-20/+237
| | | | | | | | | | | | | | | | | | * doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'. * sm/Makefile.am (gpgsm_SOURCES): Add new files * sm/call-agent.c (struct default_inq_parm_s): New definition. (start_agent): Pass in the pinentry mode. (default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries. Adapt all call sites to the new callback cookie. * sm/gpgsm.c (cmd_and_opt_values): Add new values. (opts): Add new options. (main): Handle new options. * sm/gpgsm.h (struct opt): Add field 'pinentry_mode'. * sm/passphrase.c: New file. * sm/passphrase.h: Likewise. GnuPG-bug-id: 1970 Signed-off-by: Justus Winter <[email protected]>
* sm: Remove unused argument '--fixed-passphrase'.Justus Winter2016-03-073-10/+0
| | | | | | | | | | * doc/gpgsm.texi: Drop description. * sm/gpgsm.c (cmd_and_opt_values): Drop enum value. (opts): Drop argument. (main): Drop argument handling. * sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'. Signed-off-by: Justus Winter <[email protected]>
* kbx: Avoid undefined behavior.Justus Winter2016-03-071-1/+1
| | | | | | | * kbx/keybox-file.c (_keybox_read_blob2): Cast to unsigned int before shifting. Signed-off-by: Justus Winter <[email protected]>
* scd: Bug fix for a device with multiple interfaces.NIIBE Yutaka2016-03-071-2/+3
| | | | | | | | * scd/ccid-driver.c (scan_or_find_usb_device): Use IFC_NO when accessing interface information. -- Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-14 22:44:50 +0000