| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/stringhelp.c (format_text): New function.
* common/t-stringhelp.c (stresc): New function.
(test_format_text): New function. Test format_text.
* g10/tofu.c (get_trust): Use format_text to reflow long texts.
(show_statistics): Likewise.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len. Process at most LEN bytes.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port.
--
Previously, sin_port was set to zero, making connect fail.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (getsrv): Fix error handling.
--
This fixes hkp server pools not using SRV records.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'.
(create_new_hostinfo): Initialize 'port'.
(add_host): Add host parameter and update the hosttable entry.
(map_host): Return port if known, adjust calls to 'add_host'.
(make_host_part): Let 'map_host' specify the port if known.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): Handle SRV records.
--
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1788
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (add_host): New function.
(map_host): Use the new function.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/ks-engine-hkp (arecords_is_pool): Fix counting IP addresses.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (arecords_is_pool): New function.
(map_host): Use the new function.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* common/asshelp.h: Include 'util.h'.
* dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect
to the dirmngr.
(start_dirmngr): Drop now unused declaration and function.
--
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1843
|
| |
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Define the automake conditional SQLITE3.
* tests/openpgp/Makefile.am (TESTS): Move the sqlite3 dependent tests
to...
(sqlite3_dependent_tests): ... this new variable. If SQLITE3 is not
defined, then clear this variable.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/keyedit.c (menu_expire): Allow updating the expiration time of
multiple subkeys at once.
--
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 1944
|
| |
|
|
|
|
|
| |
* g10/keyedit.c (menu_select_key): Don't crash if P is NULL.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/revoke.c (gen_revoke): Error out if the search description is
ambiguous.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/keylist.c (print_seckey_info): Break formatting functionality
into...
(format_seckey_info): ... this new function.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/revoke.c (gen_revoke): Provide a more descriptive error message
if searching for a key fails.
--
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 1987
|
| |
|
|
|
|
|
|
| |
* dirmngr/crlcache.c (crl_cache_cert_isvalid): Add missing break.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/ldap.c (start_cert_fetch_ldap): Avoid leaking all malloc'ed
arguments.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (istrusted_internal): Initialize 'err'.
--
There is a plausible path of execution so that a branch condition uses
the uninitialized value.
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* common/iobuf.c (iobuf_esopen): Initialize 'len' as 'file_es_filter'
will make use of it.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/trust.c (clean_one_uid): Avoid a computation involving an
uninitialized value.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* scd/app-openpgp.c (get_public_key): Improve error handling.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
| |
--
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (close_tls_session): New function.
(session_unref): Use the new function to close the TLS stream.
(cookie_read): If the stream terminated prematurely, close it and
return a short read.
--
With this patch, I was able to update all the keys in the Debian
keyring over hkps.
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1950
|
| |
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
Correctly set TAR when --tar is specified. Pass TAR_ARGS to tar.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Co-authored-by: Michael Mönch <[email protected]>
GnuPG-bug-id 1351
GnuPG-bug-id 1442
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (menu_select_key): Take an additional argument, p.
Update callers. If P is a hex string, then assume that P is a key id
or fingerprint and select subkeys with matching key ids or
fingerprints.
* doc/gpg.texi: Update documentation for the key subcommand.
--
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 1423
Debian-bug-id: 610336
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable'
entry instead of creating another one.
--
Previously, if a keyserver was given using its IP address
(e.g. 'hkp://127.0.0.1'), 'map_host' would create two entries in the
'hosttable', one with the name '127.0.0.1', and the second one with
the name 'localhost' and 'v4addr' being set to '127.0.0.1'. But the
first entry is the one being used for lookups, and since the 'v4' flag
is not set, the 'HTTP_FLAG_IGNORE_IPv4' is used when doing the http
request, making it fail.
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 2012
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
If set, skip any legacy keys. Update callers.
* g10/keydb.c (keydb_search): Skip any legacy keys.
(keydb_search_first): Don't skip legacy keys. Treat them
as an error.
(keydb_search_next): Likewise.
(keydb_search_fpr): Likewise.
* g10/export.c (do_export_stream): Likewise.
* g10/getkey.c (lookup): Likewise.
(have_secret_key_with_kid): Likewise.
* g10/keylist.c (list_all): Likewise.
(keyring_rebuild_cache): Likewise.
* g10/keyserver.c (keyidlist): Likewise.
* g10/trustdb.c (validate_key_list): Likewise.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/keyring.c (keyring_search): If a compare function returns an
error, treat it as an error.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyring.c (keyring_get_keyblock): If we encounter a legacy
packet after already having some non-legacy packets, then treat the
legacy packet as a keyblock boundary, not as part of the keyblock.
* g10/t-keydb-get-keyblock.c: New file.
* g10/t-keydb-get-keyblock.gpg: New file.
* g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg.
(module_tests): Add t-keydb-get-keyblock.
(t_keydb_get_keyblock_SOURCES): New variable.
(t_keydb_get_keyblock_LDADD): Likewise.
--
Signed-off-by: Neal H. Walfield
GnuPG-bug-id: 2151
|
| |
|
|
|
| |
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/keydb.c (dump_search_desc): Rename from this...
(keydb_search_desc_dump): ... to this. Only process a single search
descriptor. Improve output. Don't mark as static. Update callers.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/options.h (opt.keyid_format): Add new value KF_DEFAULT.
* g10/keyid.c (format_keyid): New function.
(keystr): Use it.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/gpg.c (check_user_ids): Return a more appropriate error code if
a user id is ambiguous.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (check_user_ids): Differentiate between a second result
and an error. If the key specification is ambiguous or an error
occurs, set RC appropriately.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Reported-by: Werner Koch <[email protected]>
Suggested-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New.
* g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN.
Change all callers.
(format_hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Change to use hexfingerprint.
* g10/tofu.c (fingerprint_format): Remove. Replace calls by
format_hexfingerprint.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (fingerprint_str): Remove.
(tofu_register): Take a public key instead of a fingerprint as arg.
Use hexfingerprint() to get a fpr from the PK.
(tofu_get_validity): Ditto.
(tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
* g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
instead of the fingerprint to the tofu functions.
--
This change has the advantage that we are not bound to a specific
fingerprint length and will thus helps us to implement rfc4880bis.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (get_trust): For the UTK check lookup the key by
fingerprint.
--
Extracting the keyid form the fingerprint is not a good idea because
that only works for v4 keys. It is also better to first read the key
and then extract the keyid from the actual available key.
The entire trusted-key stuff should be reworked to make use of
fingerprints.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (getkey_ctx_s): Add field "extra_list".
(get_pubkey_byname): Store strings in the context.
(getkey_end): Free EXTRA_LIST.
--
This fixes a use-after-free bug. It showed up with:
gpg --auto-key-locate local --locate-key [email protected]
The key was shown but also all other following keys in the keyring.
Bisecting showed d47e84946ee010917cfc3501062721b74afbb771 as culprit
but the actual cause was a part of:
Regression-due-to: b06f96ba4f57f55194efcd37a0e3a2aa5450b974
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/status.h (STATUS_EXPORTED): New.
* g10/export.c (print_status_exported): New.
(do_export_stream): Call that function.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/status.h (STATUS_EXPORT_RES): New.
* g10/main.h (export_stats_t): New.
* g10/export.c (export_stats_s): New.
(export_new_stats, export_release_stats): New.
(export_print_stats): New.
(export_pubkeys, export_seckeys, export_secsubkeys)
(export_pubkey_buffer, do_export): Add arg "stats".
(do_export_stream): Add arg stats and update it.
* g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create,
pass, and print a stats object to the export function calls.
* g10/export.c (export_pubkeys_stream): Remove unused function.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c: Include npth.h
(my_unprotect, my_protect): New wrapper.
(resolve_name_adns): Put unprotect/protect around adns calls.
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (oNameServer): New.
(opts): Add --nameserver.
(parse_rereadable_options): Act upon oNameServer.
* dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New.
(tor_nameserver): New.
(set_dns_nameserver): New.
(my_adns_init): Make name server configurable.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
g10/keyring.c (keyring_search): Only mark the cache as completely
filled if we start the scan from the beginning of the keyring.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Reported-by: NIIBE Yutaka <[email protected]>
A new feature (e8c53fc) turned up a bug whereby checking if a search
term matches multiple keys in the keyring causes the cache to be
inconsistent.
When we look for a key on the keyring, we iterate over each of the
keyblocks starting with the keyblock following the last result. For
each keyblock, we iterate over the public key and any subkeys. As we
iterate over each key, we first insert it into the cache and then
check if the key matches. If so, we are done.
In pseudo code:
for (i = last_result + 1; i < num_records; i ++)
keyblock = get_keyblock (i)
for (j = 1; j < len(keyblock); j ++)
key = keyblock[j]
update_cache (key)
if (compare (key, search_terms))
return ok
cache_filled = true
return ENOFOUND
When we look for the next match, we start with the following keyblock.
The result is that any subkeys following the key that matched are not
added to the cache (in other words, when a keyblock matches, the inner
loop did not necessarily complete and the subsequent search doesn't
resume it).
This patch includes a straightforward fix: only indicate the cache as
complete if we started the scan from the beginning of the keyring and
really didn't find anything.
|
| |
|
|
|
|
|
|
| |
* g10/trustdb.c (init_trustdb): If we can't read the trust model from
the trust DB, default to TM_PGP, not TM_TOFU_PGP.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there
is no TOFU DB, default to the flat format.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (tor_credentials): New.
(enable_dns_tormode): Add arg new_circuit and update tor_credentials.
(my_adns_init): Rework to set Tor mode using a config file options and
always use credentials.
* dirmngr/server.c (cmd_dns_cert): Improve error message.
* dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
--
Note that the option --new-circuit in t-dns-stuff is not really useful
because a new circuit is also used for the first call to the function.
Todo: We need to find a policy when to requrest a new curcuit and we
also need to add credentials to the assuan_sock_connect calls.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* configure.ac (HAVE_ADNS_FREE): New ac_define.
Signed-off-by: Werner Koch <[email protected]>
|
