| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (cert_log_cb): New.
(send_request): Set callback.
--
We use the KSBA functions here because we have them anyway in Dirmngr.
|
| |
|
|
|
|
| |
* common/http.c (http_session_s): Add field cert_log_cb.
(http_session_set_log_cb): New.
(http_verify_server_credentials): Call callback.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and
v6addr.
(create_new_hostinfo): Clear them.
(my_getnameinfo): Add args numeric and r_isnumeric.
(is_ip_address): New.
(map_host): Add arg r_host. Rewrite the code to handle pools in a
special way.
(ks_hkp_print_hosttable): Change format of help info output.
(make_host_part): Add arg optional r_httphost.
(send_request): Add arg httphost.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to
send_request.
--
This changes quite some things on how the hostinfo is maintained.
However, it might be better to rework the data structures and have one
entry per IP address instead of this clumsy patch.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (http_open): Add arg httphost.
(http_open_document): Pass NULL for httphost.
(send_request): Add arg httphost. If given, use HTTPHOST instead of
SERVER. Use https with a proxy if requested.
(http_verify_server_credentials): Do not stop at the first error
message.
* dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
* keyserver/curl-shim.c (curl_easy_perform): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
|
| |
|
|
|
|
|
|
|
|
| |
* kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.
--
This only affects the new keybox for OpenPGP keys in 2.1. The bug
exhibited itself by running GPA's backup command on Windows.
|
| |
|
|
| |
* common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--
The separate diagnostic was introduced for debugging a problems. For
explaining an MDC error a single error message is easier to
understand.
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--
This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.
GnuPG-bug-id: 1639
|
| |
|
|
|
|
|
| |
* agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for
non-protected keys.
(convert_from_openpgp_main): Do not call agent_askpin for a
non-protected key.
|
| |
|
|
|
|
|
|
|
| |
* configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New.
(GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New.
(DIRMNGR_DISP_NAME, G13_DISP_NAME): New.
(GPGCONF_DISP_NAME): New.
(SCDAEMON_SOCK_NAME): New.
* common/argparse.c (show_help): Map description string.
|
| |
|
|
|
| |
* agent/command-ssh.c (ssh_send_key_public): Handle the case with no
comment.
|
| |
|
|
|
|
| |
* common/Makefile.am ($(PROGRAMS)): New rule
(t_http_LDADD): Use libcommontls.a without directory prefix.
* dirmngr/Makefile.am ($(PROGRAMS)): New rule.
|
| |
|
|
| |
* g10/mainproc.c (check_sig_and_print): Print the name and curve.
|
| |
|
|
|
|
|
|
| |
* g10/mainproc.c (check_sig_and_print): Factor common code out to ...
(print_good_bad_signature): here.
--
P was not released if the key had no user id.
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
* g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
Print a note for experimental algorithms.
* g10/misc.c (print_pubkey_algo_note): Fix warning message.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey. Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp): Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
"NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.
* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
|
| |
|
|
|
| |
* kbx/keybox-openpgp.c (parse_key): Use algo constants and add
experimental support for EdDSA.
|
| |
|
|
|
| |
* agent/gpg-agent.c (main): Remove greeting. Make --no-greeting a
dummy.
|
| |
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* scd/atr.c (atr_dump): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c: Include gnutls.h.
(opts): Add --gnutls-debug and --hkp-cacert.
(opt_gnutls_debug, my_gnutls_log): New.
(set_debug): Set gnutls log level.
(parse_rereadable_options): Register a CA file.
(main): Init GNUTLS.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
(send_request): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (http_session_t): Add field "refcount".
(_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
(send_request, my_npth_read, my_npth_write): Use SOCK object for the
transport ptr.
(http_session_release): Factor all code out to ...
(session_unref): here. Deref SOCK.
(http_session_new): Init refcount and transport ptr.
(http_session_ref): New. Ref and unref all assignments.
--
Having the reference counted session objects makes it easier for the
application to pass around only an estream. Without that the
application would need to implement an es_onclose machinery for the
session object.
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/http.c (http_parse_uri): Factor code out to ...
(parse_uri): here. Add arg FORCE_TLS.
(do_parse_uri): Ditto. Implement flag.
(http_get_tls_info): New.
(http_register_tls_ca): Allow clearing of the list.
(send_request): Use a default verification function.
* common/http.h (HTTP_FLAG_FORCE_TLS): New.
* common/t-http.c (main): Add several command line options.
|
| |
|
|
|
| |
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct
value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (NEED_GNUTLS_VERSION): New.
(HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst.
* common/http.h (http_session_t): New.
* common/http.c: Remove compatibility for gnutls < 3.0.
(http_session_s): New.
(cookie_s): Replace gnutls_session_t by http_session_t.
(tls_callback, tls_ca_certlist): New variables.
(my_socket_unref): Add preclose args.
(my_npth_read, my_npth_write): New.
(make_header_line): Fix bug using int* instead of char*.
(http_register_tls_callback): New.
(http_register_tls_ca): New.
(http_session_new): New.
(http_session_release): New.
(http_get_header_names): New.
(escape_data): Add hack to escape in forms mode.
(send_request) [HTTP_USE_GNUTLS]: Support SNI.
(send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
(send_gnutls_bye): New.
(cookie_close): Make use of preclose feature.
(http_verify_server_credentials): New.
(main) [TEST]: Remove test code.
* common/t-http.c: New.
* common/tls-ca.pem: New.
* common/Makefile.am (tls_sources): New. Move http code to here.
(libcommontls_a_SOURCES): New.
(libcommontlsnpth_a_SOURCES): New.
(EXTRA_DIST): Add tls-ca.pem
(module_maint_tests): Add t-http.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
* dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth.
--
This new TLS API for http.c is much more flexible than the crude old
hack.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (HAVE_NPTH): New ac_define.
* common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
* common/http.c: Ditto. Replace remaining calls to pth by npth calls.
(connect_server): Remove useless _().
* common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
* common/init.c (_init_common_subsystems): Remove call to pth_init.
* common/sysutils.c (gnupg_sleep): Use npth_sleep.
* scd/ccid-driver.c (my_sleep): Ditto.
--
USE_NPTH is used in case were we may build with and without nPth. The
missing definition HAVE_NPTH didn't allowed us to build outher sources
with nPTh support.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/estream.c (estream_internal): Add field SAMETHREAD.
(init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it.
(parse_mode): Add arg SAMETHREAD and parse that keyword.
(es_initialize): Rename to ...
(init_stream_obj): this. Add arg SAMETHREAD.
(es_create): Add arg SAMETHREAD. Call init_stream_lock after
init_stream_obj.
(doreadline): Call es_create with samethread flag.
(es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen)
(do_fpopen, do_w32open): Implement "samethread" keyword.
(es_freopen): Take samthread flag from old stream.
(es_tmpfile): Call es)_create w/o samethread.
--
Note: Unfortunately es_tmpfile has no mode arg so that we can't use
samethread.
|
| |
|
|
| |
* src/estream.c (es_fileno_unlocked): Call the unlocked functions.
|
| |
|
|
| |
* common/estream.c (dbg_lock_0, dbg_lock_1, dbg_lock_1): New.
|
| |
|
|
|
|
|
| |
* common/estream.c: Replace most macros.
--
The macros were too hard to read and actually blew up the source.
|
| |
|
|
|
|
| |
--
Actually the mutex stuff was never used since we switched to nPth.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
does not distinguish the detail.
(do_unprotect, convert_from_openpgp_main): Don't call
map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
not the value defined by OpenPGP.
(convert_to_openpgp): It's "ecc".
* agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
* g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
* g10/pubkey-enc.c (get_it): Fix swapping the fields error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (main): Make sure homedir is absolute.
* common/asshelp.c (lock_spawning): Create lock file with an absolute
name.
(start_new_gpg_agent): Use an absolute name for the socket and pass
option --homedir to the agent.
(start_new_dirmngr): Use an absolute name for the --homedir.
--
This patch makes gpg's --homedir option behave again like in older
versions. This is done by starting a new agent for each different
home directory. Note that this assumes --use-standard-socket is used
which is the default for 2.1.
|
| |
|
|
|
|
| |
* common/stringhelp.c (do_make_filename): Add modes 2 and 3.
(make_absfilename): New.
(make_absfilename_try): New.
|
| |
|
|
|
|
| |
* tools/gpg-connect-agent.c (gnu_getcwd): Move to ...
* common/sysutils.c (gnupg_getcwd): .. here.
* tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.
--
Note that GUIs may use the gpg status line
[GNUPG:] ERROR check_hijacking 33554509
to detect this and print an appropriate warning.
|
| |
|
|
|
|
|
|
|
| |
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--
This makes is possible to extract all photos ids from a key to
different files.
|
| |
|
|
|
|
|
| |
* common/zb32.c: New.
* common/t-zb32.c: New.
* common/Makefile.am (common_sources): Add zb82.c
(module_tests): Add t-zb32.
|
| |
|
|
|
|
|
|
|
|
| |
* common/estream.c (es_freopen): Remove useless check for STREAM.
* kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
for BLOB.
* tools/sockprox.c (run_proxy): Do not fclose(NULL).
--
Found by Hans-Christoph Steiner with cppcheck.
|
| |
|
|
|
|
|
| |
* g10/call-agent.c (agent_delete_key): New.
* g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
* g10/passphrase.c (gpg_format_keydesc): Support new format.
* g10/delkey.c (do_delete_key): Add secret key deletion.
|
| |
|
|
|
| |
* g10/delkey.c: Re-indent.
(do_delete_key, delete_keys): Change return type top gpg_error_t.
|
| |
|
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (convert_to_openpgp): Fix use
gcry_sexp_extract_param.
* g10/export.c (do_export_stream): Provide a proper prompt to the
agent.
--
NB: The export needs more work, in particular the ECC algorithms.
|
| |
|
|
|
|
|
|
|
| |
* g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings.
* g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
(FORMAT_KEYDESC_EXPORT): New. Use them for clarity.
--
The use of the term "certificate" was more confusing than helpful.
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_delete_key): New.
* agent/findkey.c (modify_description): Add '%C' feature.
(remove_key_file): New.
(agent_delete_key): New.
* agent/command-ssh.c (search_control_file): Make arg R_DISABLE
optional.
* configure.ac: Require libgpg-error 1.13.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
(struct app_local_s): Add eddsa.
(get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
(get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
(send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
(build_ecc_privkey_template): Rename as it supports both of
ECDSA and EdDSA.
(ecc_writekey): Rename. Support CURVE_ED25519, too.
(do_writekey): Follow the change of ecc_writekey.
(do_auth): Support KEY_TYPE_EDDSA.
(parse_ecc_curve): Support CURVE_ED25519. Bug fix for other curves.
(parse_algorithm_attribute): Bug fix for ECDH. Support EdDSA.
|
| |
|
|
|
|
|
|
|
|
| |
* common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
* dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
(time_for_housekeeping_p): new.
--
I am not sure whether that y2038 hack is really useful but it might
make me smile in my retirement.
|
| |
|
|
|
|
|
| |
* tools/gpgconf.c: Add command --launch.
* tools/gpgconf-comp.c (gc_component_launch): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg.
(ecdh_writekey): Mark unused args.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* agent/pksign.c (agent_pksign_do): Handle EdDSA signature.
|
