aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* scd: Fix PK_AUTH with --challenge-response option.NIIBE Yutaka2022-03-042-3/+6
| | | | | | | | | | | * scd/app.c (app_auth): It's only APPTYPE_OPENPGP which supports the challenge response interaction. * scd/command.c (cmd_pkauth): It only wants if it works or not. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add --challenge-response option to PK_AUTH for OpenPGP card.NIIBE Yutaka2022-03-033-26/+201
| | | | | | | | | | | | | | * scd/app-openpgp.c (rmd160_prefix, sha1_prefix, sha224_prefix) (sha256_prefix, sha384_prefix, sha512_prefix): Move the scope up. (gen_challenge): New. (do_auth): Support challenge-response check if it signs correctly. * scd/app.c (app_auth): Remove the check INDATA and INDATALEN. * scd/command.c (cmd_pkauth): Support --challenge-response option. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10/encrypt: use iobuf_copy instead of manual iobuf_read/iobuf_writeJussi Kivilinna2022-03-021-9/+3
| | | | | | | | * g10/encrypt.c (encrypt_simple): Use 'iobuf_copy' for no-literal case. -- GnuPG-bug-id: T5852 Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/dearmor: use iobuf_copyJussi Kivilinna2022-03-021-7/+2
| | | | | | | | * g10/dearmor.c (dearmor_file, enarmor_file): Use 'iobuf_copy'. -- GnuPG-bug-id: T5852 Signed-off-by: Jussi Kivilinna <[email protected]>
* scd: Let READKEY support --format=ssh option.NIIBE Yutaka2022-03-023-16/+348
| | | | | | | | | | | | * scd/command.c (do_readkey): Support --format=ssh option. * common/ssh-utils.c (ssh_public_key_in_base64): New. * common/ssh-utils.h (ssh_public_key_in_base64): New declaration. -- Code duplication (agent/command-ssh.c) will be cleaned up later. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10/sign: sign_file: use iobuf_read for higher detached signing speedJussi Kivilinna2022-02-271-2/+2
| | | | | | | | | | | | | | | | | | | * g10/sign.c (sign_file): Use iobuf_read instead of iobuf_get for reading data from detached file. -- This patch reduces iobuf_read per byte processing overhead and speeds up detached signing. Detached signing speed on AMD Ryzen 5800X (4.3GiB file, SHA256): gpg process user time before: 3.951s after: 1.898s (2.0x faster) GnuPG-bug-id: T5826 Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/plaintext: do_hash: use iobuf_read for higher performanceJussi Kivilinna2022-02-271-2/+7
| | | | | | | | | | | | | | | | | | | * g10/plaintext.c (do_hash): Use iobuf_read instead of iobuf_get for reading data; Use gcry_md_write instead of gcry_md_putc for hash data. -- This patch reduces iobuf_read per byte processing overhead and speeds up detached signature verifying. Detached verifying speed on AMD Ryzen 5800X (4.3GiB file, SHA256): gpg process user time before: 9.410s after: 1.913s (4.9x faster) GnuPG-bug-id: T5826 Signed-off-by: Jussi Kivilinna <[email protected]>
* agent: Print the correct daemon name in presence of a --foo-program.Werner Koch2022-02-271-1/+2
| | | | | | | | * agent/call-daemon.c (wait_child_thread): Print the correct name. -- This makes sure that the log print the actual used name if for example --pinentry-program was used.
* agent: New flag "qual" for the trustlist.txt.Werner Koch2022-02-275-18/+33
| | | | | | | | | | * agent/trustlist.c (struct trustitem_s): Add flag "qual". (read_one_trustfile): Rename arg "allow_include" to "systrust" and change callers. Parse new flag "qual". (istrusted_internal): Print all flags. * sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag. * sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified". * sm/certchain.c (do_validate_chain): Take care of the qualified flag.
* dimngr: Do not check the self-signature of a root CA cert.Werner Koch2022-02-271-8/+8
| | | | * dirmngr/validate.c (validate_cert_chain): Comment out that code.
* dirmngr: Support ECDSA for CRLsWerner Koch2022-02-272-12/+92
| | | | | | * dirmngr/crlcache.c (finish_sig_check): Support ECDSA. * dirmngr/validate.c (check_cert_sig): Ditto. Remove the never used support for DSA.
* dirmngr: Support ECDSA for OCSP.Werner Koch2022-02-274-50/+108
| | | | | | | | | | | | * dirmngr/validate.c (pk_algo_from_sexp): Make public. Support ECC. * dirmngr/ocsp.c (check_signature): Remove hash preparation out to ... (check_signature_core): here. This changes the arg s_hash to md. Support ECDSA. -- The test was done with my qualified signature certificate from the Telesec and their responder http://tqrca1.ocsp.telesec.de/ocspr . See also libksba commit rK24992a4a7a61d93759e1dbd104b845903d4589bf
* gpg: Clarify a call of ask_for_detached_datafile.NIIBE Yutaka2022-02-251-1/+1
| | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_tree): Call ask_for_detached_datafile with MD2=NULL. -- Here, c->mfx.md2 is always NULL, in fact. But, text-wise (when searching the use of "mfx.md2"), before the change, it used mfx.md2, which is irrelevant in the handling of PKT_ONEPASS_SIG. Note that: One-Pass Signature is not available in PGP2. This fix removes (text-wise) unmatch of the calls of functions hash_datafile_by_fd hash_datafiles, and ask_for_detached_datafile. Fixes-commit: 88a916cdd40e43312ffcde6bb1c157fe1c122f74 Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix the previous commit.NIIBE Yutaka2022-02-231-1/+1
| | | | | | | -- Fixes-commit: 903c5fe369bc4948718a7d2a0e19b1acdb2406c4 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix generating AEAD packet.NIIBE Yutaka2022-02-221-1/+1
| | | | | | | | | * g10/cipher-aead.c (do_free): Fix the condition of the last chunk. -- GnuPG-bug-id: 5853 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,w32: Print code pages with --show-configsWerner Koch2022-02-211-0/+9
| | | | * tools/gpgconf.c (show_configs): Do it.
* scd:p15: Used extended mode already for RSA 2048Werner Koch2022-02-211-2/+2
| | | | | * scd/app-p15.c (do_sign, do_decipher): Replace GT by GE. --
* sm: Fix use of value NONE in gnupg_isotime_t type.NIIBE Yutaka2022-02-186-7/+18
| | | | | | | | | | | | | | * common/gettime.h (GNUPG_ISOTIME_NONE): New. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it. * sm/certlist.c (gpgsm_add_to_certlist): Likewise. * sm/import.c (check_and_store): Likewise. * sm/keylist.c (list_cert_colon, list_cert_raw): Likewise. (list_cert_std): Likewise. * sm/sign.c (gpgsm_sign): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix gender of pronoun in German translationIngo Klöcker2022-02-161-1/+1
| | | | | | | -- The phrase refers to an insecure "passphrase" which is translated as "(das) Passwort" (pronoun: "dieses") in German.
* g10/mainproc: avoid extra hash contexts when decrypting MDC inputJussi Kivilinna2022-02-081-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (mainproc_context): New member 'seen_pkt_encrypted_mdc'. (release_list): Clear 'seen_pkt_encrypted_mdc'. (proc_encrypted): Set 'seen_pkt_encrypted_mdc'. (have_seen_pkt_encrypted_aead): Rename to... (have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for 'seen_pkt_encrypted_mdc'. (proc_plaintext): Do not enable extra hash contexts when decrypting MDC input. -- Avoiding extra hash contexts speeds up CFB/MDC decryption quite a lot. For example, decrypting symmetric-key AES-256 encrypted 4 GiB file from RAM to /dev/null sees ~3.4x speed increase on AMD Ryzen 5800X: AES256.CFB encryption: 783 MB/s AES256.CFB decryption: 386 MB/s (before) AES256.CFB encryption: 1.3 GB/s (after patch) Note, AEAD is still significantly faster: AES256.OCB encryption: 2.2 GB/s AES256.OCB decryption: 3.0 GB/s GnuPG-bug-id: T5820 Signed-off-by: Jussi Kivilinna <[email protected]>
* sm: New option --ignore-cert-with-oid.Werner Koch2022-02-034-0/+54
| | | | | | | * sm/gpgsm.c (oIgnoreCertWithOID): New. (opts): Add option. (main): Store its value. * sm/call-agent.c (learn_cb): Test against that list.
* gpg: Fix for -Wformat when using uint64_t.NIIBE Yutaka2022-02-022-4/+5
| | | | | | | | | | | | | * g10/cipher-aead.c (do_flush): Use PRIu64. * g10/decrypt-data.c (aead_underflow): Likewise. -- Even among LP64 data model machines, uint64_t type may differ; unsigned long or unsigned long long. Only portable way is use of PRIu64. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Avoid initial delay on the first keyserver access.Werner Koch2022-02-014-3/+13
| | | | | | | | | | | | | | | * dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New. * dirmngr/server.c (ensure_keyserver): Don't even test for the Tor proxy in never-use-tor Mode. * tools/gpgtar-create.c: Include unistd.h to avoid a warning on Windows. -- This delay of 2 or 3 seconds is in particular annoying on Windows. This is now suppressed, as it should be, if --no-use-tor is used. The second patch is unrelated
* sm: Partly revert last commit.Werner Koch2022-02-011-6/+0
| | | | | | | | | * sm/gpgsm.c (set_debug): Remove doubled code. -- It was already there; sorry. Fixes-commit: 51edea995d352a7b557fb0315fa5091dc42065cb
* gpg,sm: Set --verbose and clear --quiet in debug mode.Werner Koch2022-02-012-0/+12
| | | | | * g10/gpg.c (set_debug): Tweak options. * sm/gpgsm.c (set_debug): Ditto.
* ssh: Fix adding an ed25519 key with a zero length comment.Werner Koch2022-01-281-4/+10
| | | | | | | | | | | | | | | | * agent/command-ssh.c (sexp_key_construct): Do not put an empty string into an S-expression. (stream_read_string): Do not not try to a read a zero length block. -- Actually we could handles this different by not putting a comment tag into the s-expression, however this requires more code and at other places we already return "(none)" instead of an empty comment. The second fix is more or less a cosmetic thing to get better error messages in case the underlying read system call returns an error. GnuPG-bug-id: 5794
* gpg: Allow --dearmor to decode all kinds of armor files.Werner Koch2022-01-284-8/+35
| | | | | | | | | | | * g10/filter.h (armor_filter_context_t): New fields dearmor_mode and dearmor_state. * g10/dearmor.c (dearmor_file): Set dearmor_mode. * g10/armor.c (is_armor_header): Magic to switch to generic dearmor mode. (parse_header_line): Treat non OpenPGP armor in a special way. (check_input): Ditto. (radix64_read): Detect non OpenPGP armor END lines.
* gpgsm: Retire the new --ldapserver.Werner Koch2022-01-272-10/+13
| | | | | | | | | | | * sm/gpgsm.c (oKeyServer_deprecated): New. (opts): Assign "ldapserver" to the new option and mark it as obsolete. -- We want to use "ldapserver" in dirmngr but need to keep using "keyserver" in gpgsm for existant versions of Kleopatra etc. GnuPG-bug-id: 5801
* gpgconf: Teach --show-config the legacy gpgconf.conf.Werner Koch2022-01-271-1/+21
| | | | * tools/gpgconf.c (show_configs): Print gpgconf.conf and a warning.
* gpgconf: Return again "keyserver" for gpgsm.Werner Koch2022-01-271-1/+1
| | | | | * tools/gpgconf-comp.c (known_options_gpgsm): Change "ldapserver" back to "keyserver".
* gpgconf: Fix --list-options for forced optionsWerner Koch2022-01-261-1/+6
| | | | | | | | | | | | * tools/gpgconf-comp.c (retrieve_options_from_program): Ignore to to ignored options. Add failsafe code to avoid calling percent_escape with NULL. -- Remember: When using ARGPARSE_FLAG_WITHATTR the ARGPARSE_OPT_IGNORE flags in the returned type needs to be considered. GnuPG-bug-id: 5800
* gpgconf: Return --ldapserver and --keyserver from dirmngr.Werner Koch2022-01-253-11/+11
| | | | | | | | | | | * dirmngr/dirmngr.c: Reorder two option groups. * tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to "ldapserver" and set level to invisible. (known_options_dirmngr): Add "ldapserver" at the basic level. * sm/gpgsm.c (opts): No more help text for "ldapserver". -- GnuPG-bug-id: 5800
* doc: Add comments on the legacy status of gpgconf.conf.Werner Koch2022-01-252-8/+19
| | | | --
* doc: Minor typo fixesWerner Koch2022-01-241-2/+2
| | | | --
* agent: always use hexgrip when storing key passwordJames Bottomley via Gnupg-devel2022-01-241-4/+15
| | | | | | | | | | | -- The current code uses the binary ctrl->keygrip, but all the passphrase storage engines expect this to be a string, so convert the binary keygrip to a hex one before passing it in as the keyid. This fixes a crash seen in some libsecret implementations where a non-ascii keyid isn't well handled. Signed-off-by: James Bottomley <[email protected]>
* gpg: Print Yubikey version correctly.Werner Koch2022-01-183-2/+38
| | | | | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse APPVERSION. * g10/call-agent.h (struct agent_card_info_s): Add field appversion. * g10/card-util.c (print_a_version): New. (current_card_status): Print version from appversion. -- This is a regression due to the PIV support. Note that the newer gpg-card worked correctly. GnuPG-bug-id: 5787
* gpgconf: Add command aliases -L -K -R.Werner Koch2022-01-122-4/+7
| | | | | | | * tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts. -- I have to type them to often ;-)
* gpg: Fix adding the list of ultimate trusted keys.NIIBE Yutaka2022-01-124-2/+48
| | | | | | | | | | | | | * g10/keygen.c (do_generate_keypair): Remove another call to update_ownertrust. * g10/trust.c (update_ownertrust): Add call to tdb_update_utk. * g10/trustdb.c (tdb_update_utk): New. * g10/trustdb.h (tdb_update_utk): New. -- GnuPG-bug-id: 5742 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Report failed generation of subkey pair via status interfaceIngo Klöcker2022-01-111-1/+5
| | | | | | | | | | | | * g10/keygen.c (generate_subkeypair): On error, write error and "key not created" message to status interface. -- This change allows users of the status/command interface to detect errors when adding a subkey to a key. Similar status messages are output by do_generate_keypair. GnuPG-bug-id: 5771
* gpg: Request keygrip of key to add via command interfaceIngo Klöcker2022-01-112-2/+11
| | | | | | | | | | | * g10/keygen.c (ask_algo): Request keygrip via cpr_get. * doc/help.txt (gpg.keygen.keygrip): New help text. -- This change makes it possible to add an existing (sub)key to another key via the status/command interface. GnuPG-bug-id: 5771
* dirmngr: Map all gnupg.net addresses to the Ubuntu keyserver.Werner Koch2022-01-101-4/+4
| | | | | | | | | | | * dirmngr/server.c (make_keyserver_item): Change mapping. -- It turned out that having the old surfnet keyserver for unencrypted connections is problematic because that server does not sync with the Ubuntu server. GnuPG-bug-id: 5751
* gpgtar: List and extract using extended headers.Werner Koch2022-01-094-62/+272
| | | | | | | | | | | | | | | | | | | | * tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New. * tools/gpgtar-list.c (parse_header): Set the new type flags. (parse_extended_header): New. (read_header): Add arg r_extheader and parse extended header. (print_header): Consult the extended header. (gpgtar_list): Pass an extended header object. (gpgtar_read_header): Ditto. (gpgtar_print_header): Ditto. * tools/gpgtar-extract.c (extract): New arg exthdr and factor name checking out to ... (check_suspicious_name): new. (extract_regular): Add arg exthdr and consult it. (extract_directory): Likewise. (gpgtar_extract): Provide extheader object. -- GnuPG-bug-id: 5754
* gpgtar: Create extended header for long file namesWerner Koch2022-01-091-18/+217
| | | | | | | | | | | | | | * tools/gpgtar-create.c (global_header_count): new. (myreadlink): New. (build_header): New arg r_exthdr. Detect and store long file and link names. Factor checkum computation out to ... (compute_checksum): new. (add_extended_header_record): New. (write_extended_header): New. (write_file): Write extended header. -- GnuPG-bug-id: 5754
* scd,pcsc: Fix error handling for a reader with reader-port.NIIBE Yutaka2022-01-041-5/+1
| | | | | | | | | | | * scd/apdu.c (apdu_open_reader): Make sure dl->idx is always incremented to handle error from open_pcsc_reader correctly. -- Reported-by: Anže Jenšterle GnuPG-bug-id: 5758 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Fix the title of the man pages to GnuPG 2.3Werner Koch2022-01-031-1/+1
| | | | --
* po: Fix German translationWerner Koch2021-12-301-6/+6
| | | | | | -- Option descriptions of --help should start with an uppercase letter.
* doc: Typo fixes.Werner Koch2021-12-302-3/+3
| | | | --
* gpgconf: Do not list ignored options and mark forced options as r/o.Werner Koch2021-12-301-7/+17
| | | | | | | | * tools/gpgconf-comp.c (list_one_option): Skip ignored options and set the no_change flag for forced options. (retrieve_options_from_program): Put the attributes into the option table. --
* build: Remove unused old m4 files.NIIBE Yutaka2021-12-2221-1179/+0
| | | | | | | | | | | | | | * m4/glibc2.m4, m4/glibc21.m4: Remove. * m4/intl.m4, m4/intldir.m4, m4/lock.m4: Remove. * m4/intdiv0.m4, m4/intmax.m4, m4/inttypes-pri.m4: Remove. * m4/inttypes.m4, m4/inttypes_h.m4, m4/longdouble.m4: Remove. * m4/printf-posix.m4, m4/signed.m4, m4/size_max.m4: Remove. * m4/stdint_h.m4, m4/sys_socket_h.m4, m4/uintmax_t.m4: Remove. * m4/visibility.m4, m4/wchar_t.m4, m4/wint_t.m4, m4/xsize.m4: Remove. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update for newer autoconf.NIIBE Yutaka2021-12-223-22/+9
| | | | | | | | | | | | | | | * configure.ac (AC_PREREQ): Use >= 2.69. (AC_CONFIG_HEADERS): Use it, instead of AC_CONFIG_HEADER. (AC_HEADER_STDC, AC_HEADER_TIME): Remove obsolete macros. (sys/time.h): Add the check of the header. (time_t): Don't use TIME_WITH_SYS_TIME. * acinclude.m4 (AC_HEADER_TIME): Don't require. Don't use TIME_WITH_SYS_TIME. * dirmngr/dns.c: Don't use TIME_WITH_SYS_TIME. -- Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 11:34:19 +0000