aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* common: Fix a race condition in creating socketdir.NIIBE Yutaka2024-10-161-4/+14
| | | | | | | | | | * common/homedir.c (_gnupg_socketdir_internal): Check return code of gnupg_mkdir and handle the case of GPG_ERR_EEXIST. -- GnuPG-bug-id: 7332 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgsm: Fix cached istrusted lookup.Werner Koch2024-10-151-0/+2
| | | | | | | | * sm/call-agent.c (gpgsm_agent_istrusted): Actually set istrusted list. -- Fixes-commit: 9087c1d3637cf1c61744ece0002dc0dc5675d7c9
* dirmngr: Print a brief list of URLs with LISTCRLS.Werner Koch2024-10-143-0/+9
| | | | | | | | | | * dirmngr/crlcache.c (crl_cache_list): Print a summary of URLs. * sm/call-dirmngr.c (gpgsm_dirmngr_run_command): Print a notice to stdout if the dirmngr has been disabled. -- GnuPG-bug-id: 7337
* build: Use AC_C_BIGENDIAN for detecting endian.NIIBE Yutaka2024-10-112-83/+4
| | | | | | | | | | | * acinclude.m4 (GNUPG_CHECK_ENDIAN): Remove. * configure.ac (BIG_ENDIAN_HOST): Use AC_C_BIGENDIAN to detect endian and set BIG_ENDIAN_HOST. -- Reported-by: Alan Coopersmith <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* common,gpg,scd,sm: Fix for Curve25519 OID supporting new and old.NIIBE Yutaka2024-10-089-19/+28
| | | | | | | | | | | | | | | | | | | | | | | | * common/util.h (openpgp_curve_to_oid): Add new argument to select OID by OpenPGP version. * common/openpgp-oid.c (openpgp_curve_to_oid): Implement returning selected OID for Curve25519. * common/openpgp-fpr.c (compute_openpgp_fpr_ecc): Follow the change, selecting by the version. * g10/export.c (match_curve_skey_pk): Likewise. (transfer_format_to_openpgp): Likewise. * g10/gpg.c (list_config): Likewise, print new OID. * g10/keygen.c (ecckey_from_sexp): Likewise, selecting by the version. * sm/encrypt.c (ecdh_encrypt): Likewise, don't care. * sm/minip12.c (build_ecc_key_sequence): Likewise, new OID. * scd/app-openpgp.c (ecdh_params, gen_challenge): Likewise, don't care. (ecc_read_pubkey, change_keyattr_from_string, ecc_writekey): Likewise, old OID. -- GnuPG-bug-id: 7316 Signed-off-by: NIIBE Yutaka <[email protected]>
* common,gpg,scd,sm: Use openpgp_oid_or_name_to_curve to get curve.NIIBE Yutaka2024-10-084-16/+5
| | | | | | | | | | | | * common/sexputil.c (pubkey_algo_string): Use openpgp_oid_or_name_to_curve. * g10/card-util.c (current_card_status, ask_card_keyattr): Likewise. * scd/app-piv.c (writekey_ecc): Likewise. * sm/fingerprint.c (gpgsm_get_key_algo_info): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Implement GNUPG_ASSUME_COMPLIANCE envvar for testingWerner Koch2024-10-074-5/+33
| | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (assumed_de_vs_compliance): New. (get_compliance_cache): Check envvar and fake compliance. (gnupg_status_compliance_flag): Return 2023 for de-vs if in faked mode. * g10/gpg.c (gpgconf_list): For compliance_de_vs return 23 or 2023. -- The user visible changes are that GNUPG_ASSUME_COMPLIANCE=de-vs gpgconf --list-options gpg \ | awk -F: '$1=="compliance_de_vs" {print $8}' returns 2023 if "compliance de-vs" is found in gpg.conf. If eventually the software is arpproved the returned value will be 23 and not 1 as it was before. Consumers should check whether they see value of true (Kleopatra does this right now) and also check whether the value is > 2000 and in this case print a beta/non-approved warning. The envvar is currently used to assume that the underlying libgcrypt is compliant and approved. This is not yet the case but eventually libgcrypt will announce this itself and from then on the envvar is not anymore required for testing.
* gpg: Emit status error for an invalid ADSK.Werner Koch2024-10-072-0/+3
| | | | | | | | | * g10/keygen.c (prepare_adsk): Emit status error. -- This is useful for GPGME. GnuPG-bug-id: 7322
* gpgsm: Add compatibility flag no-keyinfo-cacheWerner Koch2024-10-043-0/+9
| | | | | | | * sm/gpgsm.c (compatibility_flags): Add flag. * sm/gpgsm.h (COMPAT_NO_KEYINFO_CACHE): New. * sm/call-agent.c (gpgsm_agent_istrusted): Act upon it. (gpgsm_agent_keyinfo): Ditto.
* gpgsm: Implement a cache for the KEYINFO queries.Werner Koch2024-10-024-20/+154
| | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (struct keyinfo_cache_item_s): New. (struct server_control_s): Add keyinfo_cache and keyinfo_cache_valid. * sm/call-agent.c (keyinfo_cache_disabled): New flag. (release_a_keyinfo_cache): New. (gpgsm_flush_keyinfo_cache): New. (struct keyinfo_status_parm_s): New. (keyinfo_status_cb): Implement a fill mode. (gpgsm_agent_keyinfo): Implement a cache. * sm/server.c (reset_notify): Flush the cache. * sm/gpgsm.c (gpgsm_deinit_default_ctrl): Ditto. -- In almost all cases we have just a few private keys in the agent and thus it is better to fetch them early. This does not work in a restricted connection but we take care and disable the cache in this case. This cache gives a a minor speed up. GnuPG-bug-id: 7308
* gpgsm: Use a cache for ISTRUSTED queries.Werner Koch2024-10-021-19/+122
| | | | | | | | | | | | | | | | | * sm/call-agent.c (struct istrusted_cache_s): New. (istrusted_cache, istrusted_cache_valid): New. (istrusted_cache_disabled): New. (flush_istrusted_cache): New. (struct istrusted_status_parm_s): New. (istrusted_status_cb): Fill the cache. (gpgsm_agent_istrusted): Implement a cache. -- Not a really measurable performance improvements on Linux but maybe somewhat on Windows (not yet tested). However, it does not clutter the log files with IPC calls returning NOT_TRUSTED. GnuPG-bug-id: 7308
* agent: Add option --status to the LISTRUSTED command.Werner Koch2024-10-013-16/+60
| | | | | | | | | | | | | * agent/trustlist.c (istrusted_internal): Add arg listmode and print new status line in this mode. Adjust callers. (agent_listtrusted): Add new args ctrl and status_mode. Get all trusted keys and then call is_trusted_internal for all of them. * agent/command.c (cmd_listtrusted): Add new option --status. -- This allows in a non-restricted connection to list all trusted keys in one go.
* gpgsm: Possible improvement for some rare P12 files.Werner Koch2024-10-011-1/+1
| | | | | | | | | | | * sm/minip12.c (parse_shrouded_key_bag): Increase size of salt buffer. -- Reported on the mailing list. The change does not seem to have a big regression risk, thus applied. See below for the mail # ------------------------ >8 ------------------------ https://lists.gnupg.org/pipermail/gnupg-users/2024-September/067312.html
* gpgconf: Add list flag to trusted-key et al.Werner Koch2024-10-011-3/+3
| | | | | | | | * tools/gpgconf-comp.c (known_options_gpg): Add list flag to sume options. -- GnuPG-bug-id: 7313
* gpg: Robust error handling for SCD READKEY.NIIBE Yutaka2024-10-011-8/+10
| | | | | | | | | * g10/keygen.c (ask_algo): List the card key only when it's valid. -- GnuPG-bug-id: 7309 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgsm: Silence messages about dirmngr cache lookup failed.Werner Koch2024-09-301-2/+14
| | | | | * sm/certchain.c (find_up_dirmngr): Skip if we know that there is no dirmngr.
* gpgsm: Silence the fingerprint output in quiet mode.Werner Koch2024-09-301-5/+9
| | | | | | | | | * sm/certchain.c (ask_marktrusted): Avoid fingerprint printing in quiet mode -- And also don't print it anymore after the agent told us that the feature has been disabled.
* gpgsm: Use a cache to speed up parent certificate lookup.Werner Koch2024-09-303-8/+114
| | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New. (struct cert_cache_item_s, cert_cache_item_t): New. (struct server_control_s): Add parent_cert_cache. * sm/gpgsm.c (compatibility_flags): Add "no-chain-cache". (parent_cache_stats): New. (gpgsm_exit): Print the stats with --debug=memstat. (gpgsm_deinit_default_ctrl): Release the cache. * sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates. (do_validate_chain): Ditto. -- This gives another boost of 30% (from 6.5 to 4.0 seconds in the test environment with ~1000 certs). do_validate_chain actually brings us the speedup becuase the gpgsm_walk_cert_chain is not used during a key listing. For the latter we actually cache all certificates because that was easier. GnuPG-bug-id: 7308
* sm: Optmize clearing of the ephemeral flag.Werner Koch2024-09-272-0/+25
| | | | | | | | | | * kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the cert object. * sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral flag if we know that it is not set. -- GnuPG-bug-id: 7308
* agent: Replace hack for old Libgcrypt versions for auto-expand-secmem.Werner Koch2024-09-271-4/+1
| | | | * agent/gpg-agent.c (main) <oAutoExpandSecmem>: Use Libgcrypt const.
* agent: Better diagnostic for a failed key unprotection.Werner Koch2024-09-271-0/+2
| | | | | | | | * agent/findkey.c (unprotect): Print a diagnostic if unprotection failed. -- GnuPG-bug-id: 6375
* gpg: Exclude expired trusted keys from the key validation process.Werner Koch2024-09-251-14/+47
| | | | | | | | | | | | | | | * g10/trustdb.c (copy_key_item): New. (validate_keys): Use a stripped down UTK list w/o expired keys. -- This patch makes sure that an expired trusted key is not used for trust computation. The test case is to delete a trusted key from the keyring, import a copy of that key which has already expired, check that a signed key is not anymore fully trusted and finally import a prolonged version of the trusted key and check that the signed key is now again fully trusted. GnuPG-bug-id: 7200
* gpg: Validate the trustdb after the import of a trusted key.Werner Koch2024-09-251-4/+16
| | | | | | | | | | | | | * g10/import.c (import_one_real): Rename non_self to non_self_or_utk. If not set after chk_self_sigs check whether the imported key is an ultimately trusted key. -- The revalidation mark was only set if the imported key had a new key signature. This is in general correct but not if the imported key is a trusted key. GnuPG-bug-id: 7200
* gpg: Remove useless variable in validate_keys.Werner Koch2024-09-251-30/+34
| | | | | | | | | | | * g10/trustdb.c (store_validation_status): Remove arg 'stored'. (validate_keys): Remove keyhashtable 'stored' which was never used. -- This has been here since 2003. The variable was never evaluated - only stored. Also added some comments.
* po: Update Japanese Translation.NIIBE Yutaka2024-09-251-17/+11
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix gnupg_exec_tool_stream for INEXTRA==NULL.NIIBE Yutaka2024-09-251-1/+1
| | | | | | | | | * common/exectool.c (gnupg_exec_tool_stream): Initialize extrapipe. -- Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix --quick-set-expire for V5 subkey fingerprintsIngo Klöcker2024-09-241-1/+1
| | | | | | | | | | | | * g10/keyedit.c (keyedit_quick_set_expire): Use actual size of fingerprint. -- The size of the fingerprints is either 20 (V4) or 32 (V5). Using the actual size of the fingerprints fixes the lookup of subkeys with V5 fingerprint. GnuPG-bug-id: 7298
* common: Add debug code to gnupg_exec_tool_streamWerner Koch2024-09-241-0/+7
| | | | | | | * common/exectool.c (gnupg_exec_tool_stream): Add diagnostic. -- This should help if something is broken with poll.
* w32: Fix last commit to build on Windows.Werner Koch2024-09-201-1/+1
| | | | | | | | * scd/app.c (struct mrsw_lock): Move notify_watchers out of the system specific condition. -- Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
* scd: Fix DEVINFO, allowing no clients which watch the change.NIIBE Yutaka2024-09-201-3/+7
| | | | | | | | | | | * scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers. (card_list_signal): Only when watchers wait, kick by write(2). (card_list_wait): Increment/decrement notify_watchers field. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* speedo: Make use of wget more robustWerner Koch2024-09-192-5/+15
| | | | | | | * build-aux/getswdb.sh: Add option --wgetopt. * build-aux/speedo.mk (WGETOPT): New. (getswdb_options): Pass to getswdb. (unpack): Use wget with new options.
* po: Update Portuguese Translation.Daniel Cerqueira2024-09-191-27/+10
| | | | | | -- Signed-off-by: Daniel Cerqueira <[email protected]>
* gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.Werner Koch2024-09-192-5/+11
| | | | | | | | | | | | | | | | | | | | | | * g10/decrypt-data.c (struct decode_filter_context_s): Add flag checktag_failed. (aead_checktag): Set flag. (decrypt_data): Initially clear that flag and check the flag after the decryption. * g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based check. -- This fixes a bug where for an OCB encrypted and signed message with the signing key missing during decryption the DECRYPTION_FAILED status line was printed along with "WARNING: encrypted message has been manipulated". This was because we use log_error to show that the signature could not be verified due to the missing pubkey; the original fix looked at the error counter and thus triggered the decryption failed status. Fixes-commit: 50e81ad38d2b5a5028fa6815da358c0496aa927e GnuPG-bug-id: 7042
* agent: Fix detection of the trustflag de-vs.Werner Koch2024-09-191-1/+1
| | | | | | | | * agent/trustlist.c (read_one_trustfile): Fix comparison. -- Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f GnuPG-bug-Id: 5079
* kbx: Fix a race condition on DATABASE_HD.NIIBE Yutaka2024-09-191-3/+6
| | | | | | | | | | * kbx/backend-sqlite.c (create_or_open_database): Protect the access to DATABASE_HD. -- GnuPG-bug-id: 7294 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix DEVINFO to allow multiple clients.NIIBE Yutaka2024-09-181-0/+9
| | | | | | | | | * scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests:gpgscm: Raise an error correctly for process spawning.NIIBE Yutaka2024-09-131-3/+13
| | | | | | | | | | * tests/gpgscm/ffi.c (do_process_spawn_io): Handle ERR. (do_process_spawn_fd): Likewise. -- Reported-by: Marcel Telka <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2024-09-122-1/+9
| | | | --
* Release 2.5.1gnupg-2.5.1Werner Koch2024-09-121-1/+31
|
* tools: Fix recent regressions in gpg-authcode-sign.shWerner Koch2024-09-111-2/+2
| | | | | * tools/gpg-authcode-sign.sh (cleanup): Fix syntax error. (trap): Remove bashism.
* build: Fix make distclean for gnupg.7.htmlWerner Koch2024-09-111-3/+3
| | | | --
* po: msgmergeWerner Koch2024-09-1126-391/+983
| | | | --
* po: Update the German translationWerner Koch2024-09-111-17/+38
| | | | --
* gpgsm: New option --assert-signerWerner Koch2024-09-116-4/+184
| | | | | | | | | | | | | | | * sm/gpgsm.c (oAssertSigner, oNoop): New. (opts): Add option --assert-signer. (assert_signer_true): New var. (main): Set new option. (gpgsm_exit): Handle assert_signer_true. * sm/gpgsm.h (opt): Add field assert_signer_list. * sm/verify.c (is_x509_fingerprint): New. (check_assert_signer_list): New. (gpgsm_verify): Handle option. -- GnuPG-bug-id: 7286
* build: Remove configure option --enable-gpg-is-gpg2Werner Koch2024-09-117-156/+9
| | | | | | | | | | | | | | | | | * configure.ac (--enable-gpg-is-gpg2): Remove option. (USE_GPG2_HACK): Remove var. * common/homedir.c (gnupg_module_name): Remove code for gpg2 installation option. * g10/keygen.c (generate_keypair): Ditto. * g10/Makefile.am (noinst_PROGRAMS): Ditto. * doc/gpg.texi: Ditto. * doc/gpgv.texi: Ditto. -- This option and all its build stuff does not make anymore sense. gpg1 is way too old for anyone to use on a regualar base along with a standard gpg. It is better to rename that single gpg (1.4) binary to gpg1 and adjust any scripts.
* build: Also cleanup generated html file in a make distcheckWerner Koch2024-09-111-9/+14
| | | | | | | | * doc/Makefile.am (myman_pages): Add gpg and gpgv. (USE_GPG2_HACK): Remove conditional. (myhtmlman_pages): New. (DISTCLEANFILES): Add html pages. --
* tests: Updated PQC test data to the final Kyber algo id.Werner Koch2024-09-1110-342/+529
| | | | | | | | -- We actually reuse the private keys here by having deleted the subkey and crated a new one using the option "From existing key". Of course the encrypted data changed while the plaintext stayed the same.
* doc: Updated comments in speedo.mkWerner Koch2024-09-111-5/+6
| | | | --
* gpg: Fix getting key by IPGP.NIIBE Yutaka2024-09-111-1/+2
| | | | | | | | | | * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key. -- GnuPG-bug-id: 7288 Reported-by: Wilfried Teiken Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New commands --add-recipients and --change-recipients.Werner Koch2024-09-0911-66/+331
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aAddRecipients, aChangeRecipients): New consts. (opts): Add --add-recipients and --change-recipients. (main): Handle them. * g10/gpg.h (struct server_control_s): Add fields modify_recipients, clear_recipients, and last_read_ctb. * g10/armor.c (was_armored): New. * g10/decrypt.c (decrypt_message): Add optional arg 'remusr'. Handle re-encryption if desired. * g10/encrypt.c (write_pubkey_enc): Factor info printing out to ... (show_encrypted_for_user_info): new. (reencrypt_to_new_recipients): New. * g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc and last_ctb. (init_parse_packet): Clear them. * g10/parse-packet.c (parse): Store CTB in the context. Early return on pubkey_enc and symkey_enc packets if requested. * g10/mainproc.c (proc_encrypted): Allow for PKT being NULL. Return early in modify-recipients mode. (proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'. Adjust callers. Call do_proc_packets in modify-recipients mode depending on the optional args. (do_proc_packets): Add arg 'keep_dek_and_list'. Adjust callers. Save the last read CTB in CTRL and return after the last fooenc_enc packets. -- This basically works but does not yet handle symmetric encrypted packets (symkey_enc). GnuPG-bug-id: 1825 (Yes, this is an at least 9 year old feature request)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 10:43:04 +0000