aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* sm: Fix use of value NONE in gnupg_isotime_t type.NIIBE Yutaka2023-08-286-7/+18
| | | | | | | | | | | | | | | * common/gettime.h (GNUPG_ISOTIME_NONE): New. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it. * sm/certlist.c (gpgsm_add_to_certlist): Likewise. * sm/import.c (check_and_store): Likewise. * sm/keylist.c (list_cert_colon, list_cert_raw): Likewise. (list_cert_std): Likewise. * sm/sign.c (gpgsm_sign): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 05fdaa1737523fad72b6ffb9e7a90d5344ff64a5)
* gpg: Do not continue the export after a cancel for the primary key.Werner Koch2023-08-251-1/+10
| | | | | | | | | * g10/export.c (do_export_one_keyblock): Handle a cancel for the primary key special. -- GnuPG-bug-id: 6093 (cherry picked from commit 49d16f4f6edf872babf04ae383974d891871a33b)
* dirmngr: Extend the AD_QUERY command.Werner Koch2023-08-254-8/+253
| | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ad_query): Add options --help and --subst. (cmd_getinfo): Add sub-command "sid". * dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New. * dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New. (getval_for_filter): New. (map_rid_to_dn): New. (ks_ldap_query): Support variables. -- The new variables features makes it easier to write AD queries without requiring domain specific expressions. (cherry picked from commit 207c99567ced260aab04c471c77f179943d492f4)
* common: New function substitute_vars.Werner Koch2023-08-252-7/+42
| | | | | | | | | | | * common/stringhelp.c (substitute_envvars): Factor code out to (substitute_vars): new. (subst_getenv): New. -- This is a generalized version of substitute_envvars. (cherry picked from commit 7b7fdf45e5d8b3b066c5efbf6ec872e1249f3a24)
* dirmngr: Fix LDAP time parser.Werner Koch2023-08-251-1/+2
| | | | | | | | | * dirmngr/ldap-misc.c (rfc4517toisotime): Correct index. -- Obviously the parser assumes the standard ISO format with the 'T' before the hour. That is not correct here. We need this parser for the modifyTimestamp thingy.
* dirmngr: Return modifyTimestamp and add server option --newer.Werner Koch2023-08-257-27/+195
| | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ks_get): Add option --newer. (cmd_ad_query): Ditto. * dirmngr/ldap-misc.c (isotime2rfc4517): New. (rfc4517toisotime): New. * dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on. (ks_action_query): Ditto. * dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record. (ks_ldap_get): Add arg newer. Modify filter with newer arg. (ks_ldap_search): Print the modifyTimestamp. (ks_ldap_query): Add arg newer. Modify filter with newer arg. -- Note that the modifyTimestamp is also available on Windows, where its value is more commonly known as whenChanged. Both are constructed attributes. Note that the --newer option is a bit of a misnomer because LDAP has only a greater-or-equal and no greater-than operator. (cherry picked from commit 56d309133f0e54ac5e2f95871fb74f8cb97e2636)
* dirmngr: New command AD_QUERY.Werner Koch2023-08-258-150/+774
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h: Include name-value.h (struct server_control_s): Add rootdse and rootdse_tried. * dirmngr/dirmngr.c (dirmngr_deinit_default_ctrl): Release them. * dirmngr/ks-engine.h (KS_GET_FLAG_ROOTDSE): Add two new flags. * dirmngr/ks-engine-ldap.c: Include ks-action.h (SERVERINFO_GENERIC): New. (struct ks_engine_ldap_local_s): Add scope. (ks_ldap_new_state): Set a default scope. (ks_ldap_clear_state): Ditto. (my_ldap_connect): Add flag generic. (return_all_attributes): New. (fetch_rootdse): New. (basedn_from_rootdse): New. (ks_ldap_get): Move some code out to ... (ks_ldap_prepare_my_state): New. (ks_ldap_query): New. * dirmngr/ks-action.c (ks_action_parse_uri): Factored out from server.c (ks_action_query): New. * dirmngr/server.c (make_keyserver_item): Factored most code out to ks_action_parse_uri. (cmd_ad_query): New. * dirmngr/ks-engine-ldap.c (no_ldap_due_to_tor): New common error printing. Now also with status line. -- This command allows to query the Windows Active directory. (cherry picked from commit 625aeb65b0e75192a414fdca5383cb67c996adee) no_ldap_due_to_tor has been backported from 2.4
* gpg: Return ERROR status for --quick-sign-key.Werner Koch2023-07-051-3/+6
| | | | | * g10/keyedit.c (keyedit_quick_sign): Return an error status line. --
* sm: Complete rewrite of the PKCS#12 parserWerner Koch2023-07-0511-781/+2156
| | | | | | | | | | | | | | | | | | | * sm/minip12.c: Reworked most of the parser. (p12_set_verbosity): Add arg debug and change all callers. * sm/t-minip12.c: New. * sm/Makefile.am (module_maint): Add it. * tests/samplekeys/Description-p12: New. * tests/samplekeys/t5793-openssl.pfx: New from T5793. * tests/samplekeys/t5793-test.pfx: Ditto. * tests/samplekeys/Description-p12: Add them. * tests/Makefile.am (EXTRA_DIST): Add samplekeys. -- GnuPG-bug-id: 6536 Backported_from: 101433dfb42b333e48427baf9dd58ac4787c9786 Backported_from: 5f694dc0be994e8cd3bc009139d1349f3b1fcf62
* sm: Remove duplicated code.Werner Koch2023-07-052-83/+32
| | | | | | * sm/minip12.c (struct tag_info): Change type of length and nhdr. (dump_tag_info): Adjust. (parse_tag): Re-implement using the parse_ber_header.
* wks: Make --add-revocs the default.Werner Koch2023-07-052-4/+13
| | | | | | | | * tools/gpg-wks-client.c (opt): New option --no-add-revocs. (main): Make --add-revocs the default. (command_send): Rename to ... (command_create): to match the command name.
* wks: Use export-clean for --mirror and --create.Werner Koch2023-07-051-1/+1
| | | | | | | | | * tools/wks-util.c (wks_get_key): Change from export-minimal to export-clean -- To properly work with tusted introducers et al. it is important to also upload valid key signatures to the Web Key Directory.
* dirmngr: New option --ignore-crl-extensions.Werner Koch2023-07-055-0/+32
| | | | | | | | | | | | | | * dirmngr/dirmngr.c (oIgnoreCRLExtension): New. (opts): Add --ignore-crl-extension. (parse_rereadable_options): Add to list/ * dirmngr/dirmngr.h (opt): Add ignored_crl_extensions. * dirmngr/crlcache.c (crl_cache_insert): Implement option. -- This option is is useful for debugging problems with new CRL extensions. It is similar to --ignore-cert-extension. GnuPG-bug-id: 6545
* gpgsm: Support SENDCERT_SKI for --call-dirmngrWerner Koch2023-07-052-9/+37
| | | | | | | * sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI. * dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with the unknown OID nortice.
* dirmngr: New dummy option --compatibility-flags.Werner Koch2023-07-053-0/+34
| | | | | | | * dirmngr/dirmngr.c (oCompatibilityFlags): New. (opts): Add option --compatibility-flags. (compatibility_flags): New. (parse_rereadable_options): Parse them.
* gpgtar: New option --no-compress.Werner Koch2023-07-054-0/+12
| | | | | | | | | * tools/gpgtar.c: Add option --no-compress. * tools/gpgtar.h (opt): Add field no_compress. * tools/gpgtar-create.c (gpgtar_create): Pass -z0 to gpg. -- This option is probably easier to remember than --gpg-args '-z0'.
* gpg: New option --no-compress as alias for -z0.Werner Koch2023-07-053-7/+21
|
* gpgsm: New option --input-size-hint.Werner Koch2023-07-059-1/+35
| | | | | | | | | | | | | | | | | | * sm/gpgsm.c (oInputSizeHint): New. (opts): Add "--input-size-hint". (main): Set option. * sm/server.c (option_handler): Add option "input-size-hint". * sm/gpgsm.h (struct server_control_s): Add field input_size_hint. * sm/encrypt.c (gpgsm_encrypt): Set the toatl file size. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- This option allows to set a value for the progress output line. Note that as of now there is no other way to set the file size. GnuPG-bug-id: 6534
* gpgsm: Print PROGRESS status lines.Werner Koch2023-07-059-10/+161
| | | | | | | | | | | | | | | | | | | | | | | | | * common/ksba-io-support.c (struct writer_cb_parm_s): Add field progress. (struct gnupg_ksba_io_s): Add field is_writer. (update_write_progress): New. (base64_writer_cb, plain_writer_cb): Call update_write_progress. (base64_finish_write): Ditto. (gnupg_ksba_create_writer): Set is_writer. (gnupg_ksba_set_progress_cb): New. (gnupg_ksba_set_total): New. * common/ksba-io-support.h (gnupg_ksba_progress_cb_t): New type. * sm/server.c (gpgsm_status2): Return error from statusfp writes. (gpgsm_progress_cb): New. * sm/decrypt.c (gpgsm_decrypt): Set progress handler. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6534 Backported-from: c58067415fe93fbd5d3de2594ccca4761ad25103 Backported-from: a88aeee12990478c218abff7f38728e47ee824bc
* gpg: Make progress work for large files on Windows.Werner Koch2023-07-0510-91/+58
| | | | | | | | | | | | | | | | | | | | * common/iobuf.c (iobuf_get_filelength): Change return type to uint64_t and remove the overflow args. For Windows always use GetFileSizeEx which is available since the long EOL-ed Windows XP. * g10/sign.c (write_plaintext_packet): Adjust for changed iobuf_get_filelength. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto. * g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit. * g10/filter.h (progress_filter_context_t): Change amount values to use uint64_t. * g10/progress.c (write_status_progress): Change accordingly. -- GnuPG-bug-id: 6534 Backported-from: 808494b48577c2efb894a0877f59d9c4ed664f56
* gpg: Print status line and proper diagnostics for write errors.Werner Koch2023-07-053-6/+20
| | | | | | | | | * common/iobuf.c (file_filter): Improve diagnostics. * g10/build-packet.c (do_plaintext): Make sure to cache all error cases. -- GnuPG-bug-id: 6528
* w32: Map ERROR_FILE_INVALID to EIO.Werner Koch2023-07-051-0/+3
| | | | | | | * common/sysutils.c (map_w32_to_errno): Add mapping. -- We see this error sometimes when writing to an USB connected disk.
* gpg: Set default expiration date to 3 years.Werner Koch2023-07-052-1/+3
| | | | | | | | * g10/keygen.c (default_expiration_interval): Change. -- This is a revision of GnuPG-bug-id: 2701
* speedo: Do not fail if osslsigncode verify can't be run.Werner Koch2023-07-051-4/+2
| | | | --
* kbx: Close file handle when return.zhangguangzhi2023-06-201-0/+4
| | | | | | | | | | * kbx/keybox-dump.c (_keybox_dump_find_dups): Close FP on the error paths. -- GnuPG-bug-id: 6495 Signed-off-by: zhangguangzhi <[email protected]>
* delete redundant characterszhangguangzhi2023-06-203-3/+3
| | | | | | | -- GnuPG-bug-id: 6482 Signed-off-by: zhangguangzhi <[email protected]>
* sm: Emit STATUS_FAILURE for non-implemented commands.Werner Koch2023-05-262-5/+13
| | | | * sm/gpgsm.c (main): Do it here.
* gpgtar: Emit FAILURE status line.Werner Koch2023-05-261-0/+10
| | | | | | | | | | * tools/gpgtar.c (main): Write status line before exit. -- Due to the new way we support gpgtar in GPGME we need status lines to detect a final error. GnuPG-bug-id: 6497
* agent: Fix printed error in findkey.Werner Koch2023-05-261-2/+3
| | | | * agent/findkey.c (agent_write_private_key): Fix error reporting.
* agent,w32: Fix resource leak for a process.NIIBE Yutaka2023-05-261-0/+2
| | | | | | | * agent/call-scd.c (agent_scd_check_aliveness): Call assuan_set_flag only for !HAVE_W32_SYSTEM. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Skip keys found via ADSKs.Werner Koch2023-05-252-12/+28
| | | | | | | | | | | | | | | * g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK. * g10/getkey.c (finish_lookup): Skip ADKS keys. -- If a key is searched by fingerprint or keyid and it happens that this is an ADSK (subkey with the RENC usage), we need to skip this key because it is not the key we actually want to encrypt to. The actual ADSK key is taken later by looking at all subkeys of the actual selected key. This is related to GnuPG-bug-id: 6504
* w32: Add missing manifests and set a requestedExecutionLevel.Werner Koch2023-05-2524-69/+311
| | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.w32-manifest.in: New. * dirmngr/dirmngr-client-w32info.rc: New. * dirmngr/dirmngr-client.w32-manifest.in: New. * dirmngr/dirmngr-w32info.rc: New. * dirmngr/dirmngr.w32-manifest.in: New. * dirmngr/dirmngr_ldap-w32info.rc: New. * dirmngr/dirmngr_ldap.w32-manifest.in: New. * g10/gpgv-w32info.rc: New. * g10/gpgv.w32-manifest.in: New. * kbx/keyboxd.w32-manifest.in: New. * scd/scdaemon.w32-manifest.in: New. * sm/gpgsm.w32-manifest.in: New. -- This avoids the use of the VirtualStore uner Windows. GnuPG-bug-id: 6503 Backported from 2.4; some manifest files already existed in 2.2 but not in 2.4
* common: Fix parsing ECC key.NIIBE Yutaka2023-05-101-1/+1
| | | | | | | | * common/sexputil.c (get_ecc_q_from_canon_sexp): Initialize ECC_Q_LEN. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix cmd_apdu on error.NIIBE Yutaka2023-05-102-2/+5
| | | | | | | | | | * scd/command.c (cmd_apdu): Fix the code path on error. -- GnuPG-bug-id: 6476 Reported-by: Robin Krahl Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: For non-Windows use 64k buffers by default instead of 128k.Werner Koch2023-05-101-1/+7
| | | | | | | | | * kbx/keybox-init.c (DEFAULT_LL_BUFFER_SIZE): New. -- A simple gpg --check-sigs benchmark showed on Linux a small performance peak at around 64k (5m52 vs. 6m8 for 128k and 6m33 for system size).
* kbx: Use custom estream bufferingWerner Koch2023-05-104-3/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k (stream_buffers): New var. (keybox_set_buffersize): New. (_keybox_ll_open, _keybox_ll_close): Implement buffering. * sm/gpgsm.c (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. * g10/gpg.c: Include keybox.h. * (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. -- Commit message from 2.4: Running a test on Windows using a pubring.kbx with Total number of blobs: 2098 openpgp: 1294 x509: 803 and a size of 42MiB with gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul gives these performance figures using procmon | N(k) | file events | time(s) | |------+-------------+---------| | 0 | 4900000 | 86 | | 16 | 2456000 | 58 | | 32 | 1233000 | 43 | | 64 | 622000 | 37 | | 128 | 317000 | 32 | | 256 | 164000 | 31 | | 512 | 88000 | 30 | Using _open instead of CreateFile give the same number of file events but increased the time slight by one second for the measured buffer size of 64k and 128k. Benchmarks for gpg have not been conducted.
* kbx: Use wrapper functions for es_fclose and es_fopen.Werner Koch2023-05-104-90/+122
| | | | | | | | | | | | | * kbx/keybox-defs.h (KEYBOX_LL_OPEN_READ) (KEYBOX_LL_OPEN_UPDATE, KEYBOX_LL_OPEN_CREATE): New. * kbx/keybox-init.c (_keybox_ll_open): New. Replace all keybox use of es_fopen by this function. (_keybox_ll_close): New. Replace all keybox use of es_fclose by this function. -- Note that this has not been done for the utilities and the backend-kbx of keyboxd.
* kbx: Add extra flags to fopen for use by Windows.Werner Koch2023-05-102-7/+7
| | | | | | | | | | | | | | | | | | * kbx/keybox-search.c (open_file): Use sysopen and sequential. * kbx/keybox-update.c (create_tmp_file): Ditto. (blob_filecopy): Ditto. (keybox_set_flags): Ditto. (keybox_delete): Ditto. (keybox_compress): Ditto. -- Under Windows "sysopen" requests that direct API calls (CreateFile et al.) are used instead of the libc wrappers. This may or may not improve the performance. Using "sequential" is a hint to Windows to assume that a file is in general access in a sequential manner. This will have an affect only with a future libgpg-error.
* gpgsm: Cache the non-existence of the policy file.Werner Koch2023-05-101-2/+17
| | | | | | | | | * sm/certchain.c (check_cert_policy): Add simple static cache. -- It is quite common that a policy file does not exist. Thus we can avoid the overhead of trying to open it over and over again just to assert that it does not exists.
* po: Update Japanese Translation.NIIBE Yutaka2023-04-261-10/+21
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Incorporate upstream changes of regexp.NIIBE Yutaka2023-04-211-3/+6
| | | | | | | | | | | | | | * regexp/jimregexp.c (regatom): Raise REG_ERR_UNMATCHED_BRACKET when no matching end bracket. (regmatch): Fix the end of word check. -- Original changes: Signed-off-by: Steve Bennett <[email protected]> GnuPG-bug-id: 6455 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,p15: Enforce a min. PIN length for certain cards.Werner Koch2023-04-201-5/+10
| | | | * scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
* common: Fix minor bug in the jimregexp code.Werner Koch2023-04-201-2/+3
| | | | | | | | | | * regexp/jimregexp.c (regatom): Make error checking for stray backslash at end of the string work. Check that the pattern class is closed by a bracket. -- GnuPG-bug-id: 6455 Co-authored-by: Guldrelokk
* po: Fix in German translationEva Bolten2023-04-061-2/+2
| | | | --
* gpg: Take care not to encrypt with OCB in de-vs modeWerner Koch2023-04-061-0/+4
| | | | | * g10/encrypt.c (use_aead): In de-vs mode use OCB only if the compatibility flag ist set.
* speedo: Fix regression due to switching from gcc 8.3 to 10.2Werner Koch2023-03-281-1/+5
| | | | * build-aux/speedo.mk (speedo_pkg_zlib_make_args): Use -static-libgcc.
* build: Remove obsolete --with-regex from autogen.rcWerner Koch2023-03-271-1/+0
| | | | | | | -- We always use the included regex library. This patch avoids a warning when building for Windows.
* doc: Remove the obsolete VS-NfD.prfWerner Koch2023-03-274-30/+1
| | | | | | -- The apply-profile thing is not anymore used.
* gpg,gpgsm: Extend the use of allow-ecc-encr and vsd-allow-ocbWerner Koch2023-03-242-1/+6
| | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Set OCB only with VSD compatibility flag. * sm/certreqgen.c (proc_parameters): All ECC generation only with allow-ecc-encr. --
* gpgtar: Do not allow the use of stdout for --status-fdWerner Koch2023-03-151-2/+6
| | | | | | | | | | | * tools/gpgtar.c (main): Don't allow logging via the Registry. Forbid using stdout for status-fd in crypt mode. -- Without that check a status output would be mixed up with the input to the internal call of gpg. Using the Registry key to enable logging is very annoying.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 18:32:00 +0000