aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpgsm: Support SENDCERT_SKI for --call-dirmngrWerner Koch2023-07-052-9/+37
| | | | | | | * sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI. * dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with the unknown OID nortice.
* dirmngr: New dummy option --compatibility-flags.Werner Koch2023-07-053-0/+34
| | | | | | | * dirmngr/dirmngr.c (oCompatibilityFlags): New. (opts): Add option --compatibility-flags. (compatibility_flags): New. (parse_rereadable_options): Parse them.
* gpgtar: New option --no-compress.Werner Koch2023-07-054-0/+12
| | | | | | | | | * tools/gpgtar.c: Add option --no-compress. * tools/gpgtar.h (opt): Add field no_compress. * tools/gpgtar-create.c (gpgtar_create): Pass -z0 to gpg. -- This option is probably easier to remember than --gpg-args '-z0'.
* gpg: New option --no-compress as alias for -z0.Werner Koch2023-07-053-7/+21
|
* gpgsm: New option --input-size-hint.Werner Koch2023-07-059-1/+35
| | | | | | | | | | | | | | | | | | * sm/gpgsm.c (oInputSizeHint): New. (opts): Add "--input-size-hint". (main): Set option. * sm/server.c (option_handler): Add option "input-size-hint". * sm/gpgsm.h (struct server_control_s): Add field input_size_hint. * sm/encrypt.c (gpgsm_encrypt): Set the toatl file size. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- This option allows to set a value for the progress output line. Note that as of now there is no other way to set the file size. GnuPG-bug-id: 6534
* gpgsm: Print PROGRESS status lines.Werner Koch2023-07-059-10/+161
| | | | | | | | | | | | | | | | | | | | | | | | | * common/ksba-io-support.c (struct writer_cb_parm_s): Add field progress. (struct gnupg_ksba_io_s): Add field is_writer. (update_write_progress): New. (base64_writer_cb, plain_writer_cb): Call update_write_progress. (base64_finish_write): Ditto. (gnupg_ksba_create_writer): Set is_writer. (gnupg_ksba_set_progress_cb): New. (gnupg_ksba_set_total): New. * common/ksba-io-support.h (gnupg_ksba_progress_cb_t): New type. * sm/server.c (gpgsm_status2): Return error from statusfp writes. (gpgsm_progress_cb): New. * sm/decrypt.c (gpgsm_decrypt): Set progress handler. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6534 Backported-from: c58067415fe93fbd5d3de2594ccca4761ad25103 Backported-from: a88aeee12990478c218abff7f38728e47ee824bc
* gpg: Make progress work for large files on Windows.Werner Koch2023-07-0510-91/+58
| | | | | | | | | | | | | | | | | | | | * common/iobuf.c (iobuf_get_filelength): Change return type to uint64_t and remove the overflow args. For Windows always use GetFileSizeEx which is available since the long EOL-ed Windows XP. * g10/sign.c (write_plaintext_packet): Adjust for changed iobuf_get_filelength. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto. * g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit. * g10/filter.h (progress_filter_context_t): Change amount values to use uint64_t. * g10/progress.c (write_status_progress): Change accordingly. -- GnuPG-bug-id: 6534 Backported-from: 808494b48577c2efb894a0877f59d9c4ed664f56
* gpg: Print status line and proper diagnostics for write errors.Werner Koch2023-07-053-6/+20
| | | | | | | | | * common/iobuf.c (file_filter): Improve diagnostics. * g10/build-packet.c (do_plaintext): Make sure to cache all error cases. -- GnuPG-bug-id: 6528
* w32: Map ERROR_FILE_INVALID to EIO.Werner Koch2023-07-051-0/+3
| | | | | | | * common/sysutils.c (map_w32_to_errno): Add mapping. -- We see this error sometimes when writing to an USB connected disk.
* gpg: Set default expiration date to 3 years.Werner Koch2023-07-052-1/+3
| | | | | | | | * g10/keygen.c (default_expiration_interval): Change. -- This is a revision of GnuPG-bug-id: 2701
* speedo: Do not fail if osslsigncode verify can't be run.Werner Koch2023-07-051-4/+2
| | | | --
* kbx: Close file handle when return.zhangguangzhi2023-06-201-0/+4
| | | | | | | | | | * kbx/keybox-dump.c (_keybox_dump_find_dups): Close FP on the error paths. -- GnuPG-bug-id: 6495 Signed-off-by: zhangguangzhi <[email protected]>
* delete redundant characterszhangguangzhi2023-06-203-3/+3
| | | | | | | -- GnuPG-bug-id: 6482 Signed-off-by: zhangguangzhi <[email protected]>
* sm: Emit STATUS_FAILURE for non-implemented commands.Werner Koch2023-05-262-5/+13
| | | | * sm/gpgsm.c (main): Do it here.
* gpgtar: Emit FAILURE status line.Werner Koch2023-05-261-0/+10
| | | | | | | | | | * tools/gpgtar.c (main): Write status line before exit. -- Due to the new way we support gpgtar in GPGME we need status lines to detect a final error. GnuPG-bug-id: 6497
* agent: Fix printed error in findkey.Werner Koch2023-05-261-2/+3
| | | | * agent/findkey.c (agent_write_private_key): Fix error reporting.
* agent,w32: Fix resource leak for a process.NIIBE Yutaka2023-05-261-0/+2
| | | | | | | * agent/call-scd.c (agent_scd_check_aliveness): Call assuan_set_flag only for !HAVE_W32_SYSTEM. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Skip keys found via ADSKs.Werner Koch2023-05-252-12/+28
| | | | | | | | | | | | | | | * g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK. * g10/getkey.c (finish_lookup): Skip ADKS keys. -- If a key is searched by fingerprint or keyid and it happens that this is an ADSK (subkey with the RENC usage), we need to skip this key because it is not the key we actually want to encrypt to. The actual ADSK key is taken later by looking at all subkeys of the actual selected key. This is related to GnuPG-bug-id: 6504
* w32: Add missing manifests and set a requestedExecutionLevel.Werner Koch2023-05-2524-69/+311
| | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.w32-manifest.in: New. * dirmngr/dirmngr-client-w32info.rc: New. * dirmngr/dirmngr-client.w32-manifest.in: New. * dirmngr/dirmngr-w32info.rc: New. * dirmngr/dirmngr.w32-manifest.in: New. * dirmngr/dirmngr_ldap-w32info.rc: New. * dirmngr/dirmngr_ldap.w32-manifest.in: New. * g10/gpgv-w32info.rc: New. * g10/gpgv.w32-manifest.in: New. * kbx/keyboxd.w32-manifest.in: New. * scd/scdaemon.w32-manifest.in: New. * sm/gpgsm.w32-manifest.in: New. -- This avoids the use of the VirtualStore uner Windows. GnuPG-bug-id: 6503 Backported from 2.4; some manifest files already existed in 2.2 but not in 2.4
* common: Fix parsing ECC key.NIIBE Yutaka2023-05-101-1/+1
| | | | | | | | * common/sexputil.c (get_ecc_q_from_canon_sexp): Initialize ECC_Q_LEN. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix cmd_apdu on error.NIIBE Yutaka2023-05-102-2/+5
| | | | | | | | | | * scd/command.c (cmd_apdu): Fix the code path on error. -- GnuPG-bug-id: 6476 Reported-by: Robin Krahl Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: For non-Windows use 64k buffers by default instead of 128k.Werner Koch2023-05-101-1/+7
| | | | | | | | | * kbx/keybox-init.c (DEFAULT_LL_BUFFER_SIZE): New. -- A simple gpg --check-sigs benchmark showed on Linux a small performance peak at around 64k (5m52 vs. 6m8 for 128k and 6m33 for system size).
* kbx: Use custom estream bufferingWerner Koch2023-05-104-3/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k (stream_buffers): New var. (keybox_set_buffersize): New. (_keybox_ll_open, _keybox_ll_close): Implement buffering. * sm/gpgsm.c (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. * g10/gpg.c: Include keybox.h. * (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. -- Commit message from 2.4: Running a test on Windows using a pubring.kbx with Total number of blobs: 2098 openpgp: 1294 x509: 803 and a size of 42MiB with gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul gives these performance figures using procmon | N(k) | file events | time(s) | |------+-------------+---------| | 0 | 4900000 | 86 | | 16 | 2456000 | 58 | | 32 | 1233000 | 43 | | 64 | 622000 | 37 | | 128 | 317000 | 32 | | 256 | 164000 | 31 | | 512 | 88000 | 30 | Using _open instead of CreateFile give the same number of file events but increased the time slight by one second for the measured buffer size of 64k and 128k. Benchmarks for gpg have not been conducted.
* kbx: Use wrapper functions for es_fclose and es_fopen.Werner Koch2023-05-104-90/+122
| | | | | | | | | | | | | * kbx/keybox-defs.h (KEYBOX_LL_OPEN_READ) (KEYBOX_LL_OPEN_UPDATE, KEYBOX_LL_OPEN_CREATE): New. * kbx/keybox-init.c (_keybox_ll_open): New. Replace all keybox use of es_fopen by this function. (_keybox_ll_close): New. Replace all keybox use of es_fclose by this function. -- Note that this has not been done for the utilities and the backend-kbx of keyboxd.
* kbx: Add extra flags to fopen for use by Windows.Werner Koch2023-05-102-7/+7
| | | | | | | | | | | | | | | | | | * kbx/keybox-search.c (open_file): Use sysopen and sequential. * kbx/keybox-update.c (create_tmp_file): Ditto. (blob_filecopy): Ditto. (keybox_set_flags): Ditto. (keybox_delete): Ditto. (keybox_compress): Ditto. -- Under Windows "sysopen" requests that direct API calls (CreateFile et al.) are used instead of the libc wrappers. This may or may not improve the performance. Using "sequential" is a hint to Windows to assume that a file is in general access in a sequential manner. This will have an affect only with a future libgpg-error.
* gpgsm: Cache the non-existence of the policy file.Werner Koch2023-05-101-2/+17
| | | | | | | | | * sm/certchain.c (check_cert_policy): Add simple static cache. -- It is quite common that a policy file does not exist. Thus we can avoid the overhead of trying to open it over and over again just to assert that it does not exists.
* po: Update Japanese Translation.NIIBE Yutaka2023-04-261-10/+21
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Incorporate upstream changes of regexp.NIIBE Yutaka2023-04-211-3/+6
| | | | | | | | | | | | | | * regexp/jimregexp.c (regatom): Raise REG_ERR_UNMATCHED_BRACKET when no matching end bracket. (regmatch): Fix the end of word check. -- Original changes: Signed-off-by: Steve Bennett <[email protected]> GnuPG-bug-id: 6455 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,p15: Enforce a min. PIN length for certain cards.Werner Koch2023-04-201-5/+10
| | | | * scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
* common: Fix minor bug in the jimregexp code.Werner Koch2023-04-201-2/+3
| | | | | | | | | | * regexp/jimregexp.c (regatom): Make error checking for stray backslash at end of the string work. Check that the pattern class is closed by a bracket. -- GnuPG-bug-id: 6455 Co-authored-by: Guldrelokk
* po: Fix in German translationEva Bolten2023-04-061-2/+2
| | | | --
* gpg: Take care not to encrypt with OCB in de-vs modeWerner Koch2023-04-061-0/+4
| | | | | * g10/encrypt.c (use_aead): In de-vs mode use OCB only if the compatibility flag ist set.
* speedo: Fix regression due to switching from gcc 8.3 to 10.2Werner Koch2023-03-281-1/+5
| | | | * build-aux/speedo.mk (speedo_pkg_zlib_make_args): Use -static-libgcc.
* build: Remove obsolete --with-regex from autogen.rcWerner Koch2023-03-271-1/+0
| | | | | | | -- We always use the included regex library. This patch avoids a warning when building for Windows.
* doc: Remove the obsolete VS-NfD.prfWerner Koch2023-03-274-30/+1
| | | | | | -- The apply-profile thing is not anymore used.
* gpg,gpgsm: Extend the use of allow-ecc-encr and vsd-allow-ocbWerner Koch2023-03-242-1/+6
| | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Set OCB only with VSD compatibility flag. * sm/certreqgen.c (proc_parameters): All ECC generation only with allow-ecc-encr. --
* gpgtar: Do not allow the use of stdout for --status-fdWerner Koch2023-03-151-2/+6
| | | | | | | | | | | * tools/gpgtar.c (main): Don't allow logging via the Registry. Forbid using stdout for status-fd in crypt mode. -- Without that check a status output would be mixed up with the input to the internal call of gpg. Using the Registry key to enable logging is very annoying.
* gpgtar: Print a result status with skipped files.Werner Koch2023-03-154-11/+70
| | | | | | | * tools/gpgtar.h (struct tarinfo_s): Add new fields. * tools/gpgtar-extract.c (check_suspicious_name): Add arg info. (extract_regular): Count files. (gpgtar_extract): Print stats.
* gpgtar: Emit progress status lines in create mode.Werner Koch2023-03-154-13/+142
| | | | | | | | | | | | | | | | | | * tools/gpgtar.h (opt): Add field status_stream. * tools/gpgtar.c (main): Set status_stream. * tools/gpgtar-create.c (global_header_count): Rename to global_total_files. (global_written_files): New. (global_total_data, global_written_data): New. (struct scanctrl_s): Add field file_count. (write_progress): New. (write_file): Add arg skipped_open. Don't bail out immediatly on open error. Write progress lines. (gpgtar_create): Write progress lines. Print info aout skipped files. -- GnuPG-bug-id: 6363 (cherry picked from commit f84264e8acf742793c73ce78491cab61fac37051)
* gpg: Delete secret key after "keytocard".Werner Koch2023-03-153-9/+48
| | | | | | | | | | | | | | * g10/card-util.c (card_store_subkey): Add arg processed_keys. * g10/keyedit.c (keyedit_menu): Delete secret key. -- This used to work using the gpg-agent: learn we called at "save" time. However, the recent change inhibited the creation of a shadow key by learn if a regular key still exists. Now we do an explicit delete key at save time. This syncs the behaviour with the description of the man page. GnuPG-bug-id: 6378
* scd,openpgp: Switch key attributes between RSA and ECC in writekey.Werner Koch2023-03-142-6/+32
| | | | | | | | | | | | | | * common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private keys. (pubkey_algo_string): Ditto. * scd/app-openpgp.c (do_writekey): Switch key attributes -- The scd WRITEKEY command for OpenPGP cards missed proper support to aautomagically switch key attributes based on the new key. We had this only in GENKEY. GnuPG-bug-id: 6378
* gpg: Allow no version information of YubikeyWerner Koch2023-03-141-1/+2
| | | | | | | | * g10/call-agent.c (learn_status_cb): Set is_v2 always for Yubikeys. -- GnuPG-bug-id: 5100, 6378 Backported-from-master: 1cd615afe3010d2c3919de489d7c9a78513c8694
* agent: Do not overwrite a key file by a shadow key file.Werner Koch2023-03-141-157/+126
| | | | | | | | | | | | | | | * agent/findkey.c: Remove assert.h and use log_assert all over the file. (fname_from_keygrip): Add arg for_new. (is_shadowed_key): New. (agent_write_private_key): Rewrite to use read, write to new file, rename pattern. Ignore attempts to overwrite a regular key file by a shadow key file. (read_key_file): Move all cleanup code to the end of the function. -- GnuPG-bug-id: 6386 I am not shure whether we should allow overwriting with FORCE set.
* agent: Make --disable-extended-key-format a dummy option.Werner Koch2023-03-1312-449/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/agent.h (opt): Remove enable_extended_key_format. * agent/gpg-agent.c (enum cmd_and_opt_values): Turn oDisableExtendedKeyFormat and oEnableExtendedKeyFormat into dummy options. * agent/protect.c (do_encryption): Remove arg use_ocb and corresponding code. (agent_protect): Ditto. Change all callers. * agent/command.c (cmd_readkey): Do not test for key availability here but defer that agent_write_shadow_key. * agent/findkey.c (agent_write_private_key): Simplify due to the removal of disable-extended-key-format. (write_extended_private_key): Fold into agent_write_private_key. Remove the maybe_update arg. (agent_write_shadow_key): Ditto. Simplify. -- GnuPG-bug-id: 6386 Backported-from-master: 6d792ae2eb46b3c411d36a87f0d08fbfc1b65cc9 But with large changes to get 2.2 more aligned with master again. This is not finished; in particular the bug is not fixed; this comes wit the next patch.
* gpgconf,w32: Also print a GnuPG Install Directory Registry entryWerner Koch2023-03-131-1/+2
| | | | * tools/gpgconf.c (show_other_registry_entries): Add another dir.
* scd: Fix checking memory allocation.NIIBE Yutaka2023-03-081-1/+1
| | | | | | | | * scd/app-openpgp.c (read_public_key): Fix the memory. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add translatable text for Caps Lock hintIngo Klöcker2023-03-071-0/+1
| | | | | | | | * agent/call-pinentry.c (start_pinentry): Add new default text. -- GnuPG-bug-id: 4950 (cherry picked from commit b2a6e5b5169602052ae87d38588bdd3bd76fddad)
* gpg: Implement encryption to ADSKs.Werner Koch2023-03-036-24/+54
| | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_fromfile): Add optional arg r_keyblock. * g10/pkclist.c (find_and_check_key): Also encrypt to RENC subkeys. * g10/getkey.c (parse_key_usage): Make public. * g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in account. * g10/packet.h (PKT_public_key): Change pubkey_usage from byte to u16. (PKT_user_id): Cosmetic fix: change help_key_usage from int to u16. * g10/sig-check.c (check_signature_metadata_validity): Handle time conflict for ADSKs. -- GnuPG-bug-id: 6395 This patch handles ADSK keys and encrypts to them. It does not yet allow the creation of them. We backport this from master early to get this part of the code out into the field.
* gpg: Get the signature keyid from the issuer fpr.Werner Koch2023-03-031-2/+15
| | | | | | | | | | | | * g10/parse-packet.c (parse_signature): Parse the ISSUER_FPR subpacket and use that to get the keyid. -- Because ADSKs are created w/o the issuer subpacket (despite that this is still a v4 signature) we need to get the key id from the issuer_fpr. This does not harm and we still fallback to the the issuer. Note that for ease of future backporting we also take v5 fingerprints into account.
* gpg: Support key flags for RENC, TIME, and GROUP.Werner Koch2023-03-037-3/+58
| | | | | | | | | | | | | | | | | | * g10/packet.h (PUBKEY_USAGE_RENC): New. (PUBKEY_USAGE_TIME): New. (PUBKEY_USAGE_GROUP): New. * g10/getkey.c (parse_key_usage): Set the new key flags. * g10/keyedit.c (show_key_with_all_names_colon): Show the new key flags. * g10/keyid.c (usagestr_from_pk): Ditto * g10/keylist.c (print_capabilities): Ditto. * g10/keygen.c (parse_usagestr): Parse line and set new flags. (quickgen_set_para): Show flags. -- See draft-koch-openpgp-2015-rfc4880bis-00 for the current version. Actually these flags have been in the draft for years now. This patch is a first step to make use of them.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 07:19:31 +0000