aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* * import.c (import_one): Add a flag (from_sk) so we don't check prefsDavid Shaw2006-06-122-6/+13
| | | | | | on an autoconverted public key. The check should only happen on the sk size. Noted by Dirk Traulsen.
* * keygen.c (gen_card_key): Add optional argument to return a pointerDavid Shaw2006-06-102-8/+20
| | | | | | | | (not a copy) of the stub secret key for the secret key we just generated on the card. (generate_card_subkeypair): Use it here so that the signing key on the card can use the card to generate the 0x19 backsig on the primary key. Noted by Janko Heilgeist and Jonas Oberg.
* * parse-packet.c (parse_user_id): Cap the user ID size at 2048 bytes. David Shaw2006-06-092-0/+22
| | | | | | | This prevents a memory allocation attack with a very large user ID. A very large packet length could even cause the allocation (a u32) to wrap around to a small number. Noted by Evgeny Legerov on full-disclosure.
* Revert last. It is still wrong.David Shaw2006-05-272-17/+7
|
* * exec.c (make_tempdir) [_WIN32]: Modified to properly handleDavid Shaw2006-05-272-7/+17
| | | | | arbitrarily long temporary directory paths.
* * keygen.c (gen_dsa): Allow generating DSA2 keys (allow specifying sizes >David Shaw2006-05-253-21/+73
| | | | | | | 1024 when --enable-dsa2 is set). The size of q is set automatically based on the key size. (ask_keysize, generate_keypair): Ask for DSA size when --enable-dsa2 is set.
* Added backsig to my keyWerner Koch2006-05-251-432/+437
|
* * exec.c (make_tempdir): Fix bug with a temporary directory on Win32David Shaw2006-05-252-2/+10
| | | | | that is over 256 bytes long. Noted by Israel G. Lugo.
* * mksamplekeys: Incorporate new package signature key and minimize keysDavid Shaw2006-05-232-2/+7
| | | | | when generating samplekeys.asc.
* * gpg.c (reopen_std): New function to reopen fd 0, 1, or 2 if we areDavid Shaw2006-05-232-0/+72
| | | | | | | | called with them closed. This is to protect our keyring/trustdb files from corruption if they get attached to one of the standard fds. Print a warning if possible that this has happened, and fail completely if we cannot reopen (should never happen). (main): Call it here.
* * configure.ac: Add --disable-optimization. This is handy for debuggingDavid Shaw2006-05-232-0/+15
| | | | | so the compiler doesn't rearrange things and eliminate variables.
* * parse-packet.c (dump_sig_subpkt, parse_signature), build-packet.cDavid Shaw2006-05-236-19/+34
| | | | | | | | | (build_sig_subpkt_from_sig), getkey.c (fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey), keygen.c (keygen_add_key_expire): Fix meaning of key expiration and sig expiration subpackets - zero means "never expire" according to 2440, not "expire instantly".
* * import.c (import_one): Fix bug when importing a new key from a file.David Shaw2006-05-222-7/+8
|
* 2006-05-22 Marcus Brinkmann <[email protected]>Marcus Brinkmann2006-05-224-18/+65
| | | | | | | | | | | * configure.ac: Remove check for noexecstack and invoke CL_AS_NOEXECSTACK instead. m4/ 2006-05-22 Marcus Brinkmann <[email protected]> * noexecstack.m4: New file.
* * getkey.c (get_pubkey_byname), import.c (import_one): Fix key selectionDavid Shaw2006-05-223-4/+19
| | | | | | problem when auto-key-locate returns a list of keys, not all of which are usable (revoked, expired, etc). Noted by Simon Josefsson.
* Updated keysWerner Koch2006-05-172-1880/+368
|
* Forgot to save the actual fixWerner Koch2006-05-161-2/+2
|
* Fixed OSF5 warning suppression.Werner Koch2006-05-162-5/+7
|
* * libcurl.m4: Fix mistaken AC_SUBST when curl is not found.David Shaw2006-05-102-1/+8
|
* * NEWS: Note SHA-224 and DSA2.David Shaw2006-04-273-24/+40
| | | | | | * configure.ac: Remove --enable-old-keyserver-helpers. Comment out --enable-m-guard for now.
* (keyserver_import_cert): Show warning if there is a CERT fingerprint,David Shaw2006-04-272-1/+9
| | | | | but no --keyserver set.
* * keyserver.c (path_makes_direct): New. (keyserver_spawn): Used hereDavid Shaw2006-04-272-32/+29
| | | | | | to add "_uri" to certain gpgkeys_xxx helpers when the meaning is different if a path is provided (i.e. ldap).
* * gpgkeys_http.c, gpgkeys_oldhkp.c: Removed.David Shaw2006-04-263-1567/+2
|
* * Makefile.am: Don't build gpgkeys_http or gpgkeys_(old)hkp any longer asDavid Shaw2006-04-266-30/+21
| | | | | | | | this is done via curl or fake-curl. * ksutil.h, ksutil.c, gpgkeys_hkp.c, gpgkeys_curl.c: Minor #include tweaks as FAKE_CURL is no longer meaningful.
* * keyserver.c: Fix build problem with platforms that stick libcurl inDavid Shaw2006-04-222-3/+5
| | | | | a place not in the regular include search path.
* * make-dns-cert.c (main): Small exit code tweak from Peter Palfrader.David Shaw2006-04-202-1/+6
|
* * options.h, gpg.c (main): Add --enable-dsa2 and --disable-dsa2. DefaultsDavid Shaw2006-04-205-34/+145
| | | | | | | | | | | | | | | | to disable. * pkclist.c (algo_available): If --enable-dsa2 is set, we're allowed to truncate hashes to fit DSA keys. * sign.c (match_dsa_hash): New. Return the best match hash for a given q size. (do_sign, hash_for, sign_file): When signing with a DSA key, if it has q==160, assume it is an old DSA key and don't allow truncation unless --enable-dsa2 is also set. q!=160 always allows truncation since they must be DSA2 keys. (make_keysig_packet): If the user doesn't specify a --cert-digest-algo, use match_dsa_hash to pick the best hash for key signatures.
* (generate): Tweak to allow keys larger than 1024 bits. Enforce that the qDavid Shaw2006-04-202-1/+4
| | | | | size doesn't end between byte boundaries.
* The plumbing necessary to create DSA keys with variable sized q.David Shaw2006-04-204-9/+34
| | | | | Not yet used (q==160).
* * gpg.c (print_mds), armor.c (armor_filter, parse_hash_header): AddDavid Shaw2006-04-208-50/+98
| | | | | | | | | | | | | | SHA-224. * sign.c (write_plaintext_packet), encode.c (encode_simple): Factor common literal packet setup code from here, to... * main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure the literal packet filename field is UTF-8 encoded. * options.h, gpg.c (main): Make sure --set-filename is UTF-8 encoded and note when filenames are already UTF-8.
* * sigs.test, mds.test: Add tests for SHA-224, SHA-384, and SHA-512.David Shaw2006-04-203-0/+23
|
* Add SHA-224 supportDavid Shaw2006-04-206-7/+90
|
* * keyedit.c (menu_backsign): Give some more verbose errors when weDavid Shaw2006-04-192-6/+26
| | | | | have no need to backsign.
* * gpg.sgml: Reminders that --cipher-algo, --digest-algo, andDavid Shaw2006-04-192-6/+20
| | | | | --compress-algo should be avoided.
* * miscutil.c (make_printable_string): Fix bug where some controlDavid Shaw2006-04-172-1/+6
| | | | | characters lose part of their ASCII representation.
* use minimal posix sed Werner Koch2006-04-124-8/+20
|
* * memory.c (realloc): Revert m_guard fix and stick an #error in there toDavid Shaw2006-04-112-4/+10
| | | | | inform people not to use it.
* * options.skel, photoid.c (get_default_photo_command): Find an imageDavid Shaw2006-04-113-6/+24
| | | | | viewer at runtime. Seems FC5 doesn't have xloadimage.
* .Werner Koch2006-04-111-0/+0
|
* Add new regression testWerner Koch2006-04-115-9/+204
|
* * gpgkeys_ldap.c (ldap_quote, get_name, search_key): LDAP-quoteDavid Shaw2006-04-112-47/+13
| | | | | directly into place rather than mallocing temporary buffers.
* * gpgkeys_ldap.c (get_name): Build strings with strcat rather thanDavid Shaw2006-04-112-8/+22
| | | | | using sprintf which is harder to read and modify.
* * ksutil.h, ksutil.c (classify_ks_search): Add KS_SEARCH_KEYID_SHORTDavid Shaw2006-04-114-15/+108
| | | | | | | | and KS_SEARCH_KEYID_LONG to search for a key ID. * gpgkeys_ldap.c (search_key): Use it here to flip from pgpUserID searches to pgpKeyID or pgpCertID.
* * gpg.sgml: Some typo fixes. This is Debian 361324.David Shaw2006-04-092-6/+10
|
* * getkey.c (parse_auto_key_locate): Fix dupe-removal code.David Shaw2006-04-095-20/+41
| | | | | | | | | | | | | * keyedit.c (menu_backsign): Allow backsigning even if the secret subkey doesn't have a binding signature. * armor.c (radix64_read): Don't report EOF when reading only a pad (=) character. The EOF actually starts after the pad. * gpg.c (main): Make --export, --send-keys, --recv-keys, --refresh-keys, and --fetch-keys follow their arguments from left to right. Suggested by Peter Palfrader.
* Fixed segvWerner Koch2006-04-082-2/+9
|
* See ChangeLogWerner Koch2006-04-087-35/+83
|
* * memory.c (realloc): Fix compile problem with --enable-m-guard.David Shaw2006-04-062-5/+9
|
* * make-dns-cert.c: Some changes from Peter Palfrader to send errors toDavid Shaw2006-04-052-20/+53
| | | | | | | stderr and allow spaces in a fingerprint. Also warn when a key is over 16k (as that is the default max-cert-size) and fail when a key is over 64k as that is the DNS limit in many places.
* * make-dns-cert.c: New program to generate properly formatted CERT recordsDavid Shaw2006-04-043-1/+220
| | | | | so people don't have to do it manually.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 19:17:51 +0000