| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
* sm/gpgsm.c: Add new commands.
* sm/minip12.c (build_key_sequence): Add arg mode.
(p12_raw_build): New.
* sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build.
(gpgsm_p12_export): Ditto.
(print_short_info): Print the keygrip.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
* g10/keyid.c (hash_public_key): Take care of NULL keys.
* g10/misc.c (pubkey_nbits): Ditto.
--
This problem was mainly due to our ECC code while checking for opaque
MPIs with the curve name.
|
| |
|
|
|
|
|
| |
* g10/mainproc.c (list_node): Rework.
--
GnuPG-bug-id: 1640
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--
This gets gpg 2.x in sync to what gpg 1.4 does. No need to die for a
broken MPI.
GnuPG-bug-id: 1593
Resolved conflicts:
g10/parse-packet.c - whitespaces fixes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/certchain.c (find_up_search_by_keyid): Consider all matching
certificates.
(find_up): Add some debug messages.
--
The DFN-Verein recently re-issued its CA certificates without
generating new keys. Thus looking up the chain using the authority
keyids works but may use still existing old certificates. This may
break the CRL lookup in the Dirmngr. The hack to fix this is by using
the latest issued certificate with the same subject key identifier.
As usual Peter Gutman's X.509 style guide has some comments on that
re-issuing.
GnuPG-bug-id: 1644
|
| |
|
|
|
|
|
|
|
|
|
| |
* kbx/keybox-defs.h (keybox_found_s): New.
(keybox_handle): Factor FOUND out to above. Add saved_found.
* kbx/keybox-init.c (keybox_release): Release saved_found.
(keybox_push_found_state, keybox_pop_found_state): New.
* sm/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init it.
(keydb_push_found_state, keydb_pop_found_state): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.
* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--
The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte. With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte. Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".
The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
|
| |
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (cert_log_cb): New.
(send_request): Set callback.
--
We use the KSBA functions here because we have them anyway in Dirmngr.
|
| |
|
|
|
|
| |
* common/http.c (http_session_s): Add field cert_log_cb.
(http_session_set_log_cb): New.
(http_verify_server_credentials): Call callback.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and
v6addr.
(create_new_hostinfo): Clear them.
(my_getnameinfo): Add args numeric and r_isnumeric.
(is_ip_address): New.
(map_host): Add arg r_host. Rewrite the code to handle pools in a
special way.
(ks_hkp_print_hosttable): Change format of help info output.
(make_host_part): Add arg optional r_httphost.
(send_request): Add arg httphost.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to
send_request.
--
This changes quite some things on how the hostinfo is maintained.
However, it might be better to rework the data structures and have one
entry per IP address instead of this clumsy patch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (http_open): Add arg httphost.
(http_open_document): Pass NULL for httphost.
(send_request): Add arg httphost. If given, use HTTPHOST instead of
SERVER. Use https with a proxy if requested.
(http_verify_server_credentials): Do not stop at the first error
message.
* dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
* keyserver/curl-shim.c (curl_easy_perform): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
|
| |
|
|
|
|
|
|
|
|
| |
* kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.
--
This only affects the new keybox for OpenPGP keys in 2.1. The bug
exhibited itself by running GPA's backup command on Windows.
|
| |
|
|
| |
* common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--
The separate diagnostic was introduced for debugging a problems. For
explaining an MDC error a single error message is easier to
understand.
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--
This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.
GnuPG-bug-id: 1639
|
| |
|
|
|
|
|
| |
* agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for
non-protected keys.
(convert_from_openpgp_main): Do not call agent_askpin for a
non-protected key.
|
| |
|
|
|
|
|
|
|
| |
* configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New.
(GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New.
(DIRMNGR_DISP_NAME, G13_DISP_NAME): New.
(GPGCONF_DISP_NAME): New.
(SCDAEMON_SOCK_NAME): New.
* common/argparse.c (show_help): Map description string.
|
| |
|
|
|
| |
* agent/command-ssh.c (ssh_send_key_public): Handle the case with no
comment.
|
| |
|
|
|
|
| |
* common/Makefile.am ($(PROGRAMS)): New rule
(t_http_LDADD): Use libcommontls.a without directory prefix.
* dirmngr/Makefile.am ($(PROGRAMS)): New rule.
|
| |
|
|
| |
* g10/mainproc.c (check_sig_and_print): Print the name and curve.
|
| |
|
|
|
|
|
|
| |
* g10/mainproc.c (check_sig_and_print): Factor common code out to ...
(print_good_bad_signature): here.
--
P was not released if the key had no user id.
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
* g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
Print a note for experimental algorithms.
* g10/misc.c (print_pubkey_algo_note): Fix warning message.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey. Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp): Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
"NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.
* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
|
| |
|
|
|
| |
* kbx/keybox-openpgp.c (parse_key): Use algo constants and add
experimental support for EdDSA.
|
| |
|
|
|
| |
* agent/gpg-agent.c (main): Remove greeting. Make --no-greeting a
dummy.
|
| |
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* scd/atr.c (atr_dump): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c: Include gnutls.h.
(opts): Add --gnutls-debug and --hkp-cacert.
(opt_gnutls_debug, my_gnutls_log): New.
(set_debug): Set gnutls log level.
(parse_rereadable_options): Register a CA file.
(main): Init GNUTLS.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
(send_request): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (http_session_t): Add field "refcount".
(_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
(send_request, my_npth_read, my_npth_write): Use SOCK object for the
transport ptr.
(http_session_release): Factor all code out to ...
(session_unref): here. Deref SOCK.
(http_session_new): Init refcount and transport ptr.
(http_session_ref): New. Ref and unref all assignments.
--
Having the reference counted session objects makes it easier for the
application to pass around only an estream. Without that the
application would need to implement an es_onclose machinery for the
session object.
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/http.c (http_parse_uri): Factor code out to ...
(parse_uri): here. Add arg FORCE_TLS.
(do_parse_uri): Ditto. Implement flag.
(http_get_tls_info): New.
(http_register_tls_ca): Allow clearing of the list.
(send_request): Use a default verification function.
* common/http.h (HTTP_FLAG_FORCE_TLS): New.
* common/t-http.c (main): Add several command line options.
|
| |
|
|
|
| |
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct
value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (NEED_GNUTLS_VERSION): New.
(HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst.
* common/http.h (http_session_t): New.
* common/http.c: Remove compatibility for gnutls < 3.0.
(http_session_s): New.
(cookie_s): Replace gnutls_session_t by http_session_t.
(tls_callback, tls_ca_certlist): New variables.
(my_socket_unref): Add preclose args.
(my_npth_read, my_npth_write): New.
(make_header_line): Fix bug using int* instead of char*.
(http_register_tls_callback): New.
(http_register_tls_ca): New.
(http_session_new): New.
(http_session_release): New.
(http_get_header_names): New.
(escape_data): Add hack to escape in forms mode.
(send_request) [HTTP_USE_GNUTLS]: Support SNI.
(send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
(send_gnutls_bye): New.
(cookie_close): Make use of preclose feature.
(http_verify_server_credentials): New.
(main) [TEST]: Remove test code.
* common/t-http.c: New.
* common/tls-ca.pem: New.
* common/Makefile.am (tls_sources): New. Move http code to here.
(libcommontls_a_SOURCES): New.
(libcommontlsnpth_a_SOURCES): New.
(EXTRA_DIST): Add tls-ca.pem
(module_maint_tests): Add t-http.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
* dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth.
--
This new TLS API for http.c is much more flexible than the crude old
hack.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (HAVE_NPTH): New ac_define.
* common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
* common/http.c: Ditto. Replace remaining calls to pth by npth calls.
(connect_server): Remove useless _().
* common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
* common/init.c (_init_common_subsystems): Remove call to pth_init.
* common/sysutils.c (gnupg_sleep): Use npth_sleep.
* scd/ccid-driver.c (my_sleep): Ditto.
--
USE_NPTH is used in case were we may build with and without nPth. The
missing definition HAVE_NPTH didn't allowed us to build outher sources
with nPTh support.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/estream.c (estream_internal): Add field SAMETHREAD.
(init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it.
(parse_mode): Add arg SAMETHREAD and parse that keyword.
(es_initialize): Rename to ...
(init_stream_obj): this. Add arg SAMETHREAD.
(es_create): Add arg SAMETHREAD. Call init_stream_lock after
init_stream_obj.
(doreadline): Call es_create with samethread flag.
(es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen)
(do_fpopen, do_w32open): Implement "samethread" keyword.
(es_freopen): Take samthread flag from old stream.
(es_tmpfile): Call es)_create w/o samethread.
--
Note: Unfortunately es_tmpfile has no mode arg so that we can't use
samethread.
|
| |
|
|
| |
* src/estream.c (es_fileno_unlocked): Call the unlocked functions.
|
| |
|
|
| |
* common/estream.c (dbg_lock_0, dbg_lock_1, dbg_lock_1): New.
|
| |
|
|
|
|
|
| |
* common/estream.c: Replace most macros.
--
The macros were too hard to read and actually blew up the source.
|
| |
|
|
|
|
| |
--
Actually the mutex stuff was never used since we switched to nPth.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
does not distinguish the detail.
(do_unprotect, convert_from_openpgp_main): Don't call
map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
not the value defined by OpenPGP.
(convert_to_openpgp): It's "ecc".
* agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
* g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
* g10/pubkey-enc.c (get_it): Fix swapping the fields error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (main): Make sure homedir is absolute.
* common/asshelp.c (lock_spawning): Create lock file with an absolute
name.
(start_new_gpg_agent): Use an absolute name for the socket and pass
option --homedir to the agent.
(start_new_dirmngr): Use an absolute name for the --homedir.
--
This patch makes gpg's --homedir option behave again like in older
versions. This is done by starting a new agent for each different
home directory. Note that this assumes --use-standard-socket is used
which is the default for 2.1.
|
| |
|
|
|
|
| |
* common/stringhelp.c (do_make_filename): Add modes 2 and 3.
(make_absfilename): New.
(make_absfilename_try): New.
|
| |
|
|
|
|
| |
* tools/gpg-connect-agent.c (gnu_getcwd): Move to ...
* common/sysutils.c (gnupg_getcwd): .. here.
* tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.
--
Note that GUIs may use the gpg status line
[GNUPG:] ERROR check_hijacking 33554509
to detect this and print an appropriate warning.
|
| |
|
|
|
|
|
|
|
| |
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--
This makes is possible to extract all photos ids from a key to
different files.
|
| |
|
|
|
|
|
| |
* common/zb32.c: New.
* common/t-zb32.c: New.
* common/Makefile.am (common_sources): Add zb82.c
(module_tests): Add t-zb32.
|
| |
|
|
|
|
|
|
|
|
| |
* common/estream.c (es_freopen): Remove useless check for STREAM.
* kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
for BLOB.
* tools/sockprox.c (run_proxy): Do not fclose(NULL).
--
Found by Hans-Christoph Steiner with cppcheck.
|
| |
|
|
|
|
|
| |
* g10/call-agent.c (agent_delete_key): New.
* g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
* g10/passphrase.c (gpg_format_keydesc): Support new format.
* g10/delkey.c (do_delete_key): Add secret key deletion.
|
