aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Emit status error for an invalid ADSK.Werner Koch2024-10-072-0/+3
| | | | | | | | | * g10/keygen.c (prepare_adsk): Emit status error. -- This is useful for GPGME. GnuPG-bug-id: 7322
* gpgsm: Add compatibility flag no-keyinfo-cacheWerner Koch2024-10-043-0/+9
| | | | | | | * sm/gpgsm.c (compatibility_flags): Add flag. * sm/gpgsm.h (COMPAT_NO_KEYINFO_CACHE): New. * sm/call-agent.c (gpgsm_agent_istrusted): Act upon it. (gpgsm_agent_keyinfo): Ditto.
* gpgsm: Implement a cache for the KEYINFO queries.Werner Koch2024-10-024-20/+154
| | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (struct keyinfo_cache_item_s): New. (struct server_control_s): Add keyinfo_cache and keyinfo_cache_valid. * sm/call-agent.c (keyinfo_cache_disabled): New flag. (release_a_keyinfo_cache): New. (gpgsm_flush_keyinfo_cache): New. (struct keyinfo_status_parm_s): New. (keyinfo_status_cb): Implement a fill mode. (gpgsm_agent_keyinfo): Implement a cache. * sm/server.c (reset_notify): Flush the cache. * sm/gpgsm.c (gpgsm_deinit_default_ctrl): Ditto. -- In almost all cases we have just a few private keys in the agent and thus it is better to fetch them early. This does not work in a restricted connection but we take care and disable the cache in this case. This cache gives a a minor speed up. GnuPG-bug-id: 7308
* gpgsm: Use a cache for ISTRUSTED queries.Werner Koch2024-10-021-19/+122
| | | | | | | | | | | | | | | | | * sm/call-agent.c (struct istrusted_cache_s): New. (istrusted_cache, istrusted_cache_valid): New. (istrusted_cache_disabled): New. (flush_istrusted_cache): New. (struct istrusted_status_parm_s): New. (istrusted_status_cb): Fill the cache. (gpgsm_agent_istrusted): Implement a cache. -- Not a really measurable performance improvements on Linux but maybe somewhat on Windows (not yet tested). However, it does not clutter the log files with IPC calls returning NOT_TRUSTED. GnuPG-bug-id: 7308
* agent: Add option --status to the LISTRUSTED command.Werner Koch2024-10-013-16/+60
| | | | | | | | | | | | | * agent/trustlist.c (istrusted_internal): Add arg listmode and print new status line in this mode. Adjust callers. (agent_listtrusted): Add new args ctrl and status_mode. Get all trusted keys and then call is_trusted_internal for all of them. * agent/command.c (cmd_listtrusted): Add new option --status. -- This allows in a non-restricted connection to list all trusted keys in one go.
* gpgsm: Possible improvement for some rare P12 files.Werner Koch2024-10-011-1/+1
| | | | | | | | | | | * sm/minip12.c (parse_shrouded_key_bag): Increase size of salt buffer. -- Reported on the mailing list. The change does not seem to have a big regression risk, thus applied. See below for the mail # ------------------------ >8 ------------------------ https://lists.gnupg.org/pipermail/gnupg-users/2024-September/067312.html
* gpgconf: Add list flag to trusted-key et al.Werner Koch2024-10-011-3/+3
| | | | | | | | * tools/gpgconf-comp.c (known_options_gpg): Add list flag to sume options. -- GnuPG-bug-id: 7313
* gpg: Robust error handling for SCD READKEY.NIIBE Yutaka2024-10-011-8/+10
| | | | | | | | | * g10/keygen.c (ask_algo): List the card key only when it's valid. -- GnuPG-bug-id: 7309 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgsm: Silence messages about dirmngr cache lookup failed.Werner Koch2024-09-301-2/+14
| | | | | * sm/certchain.c (find_up_dirmngr): Skip if we know that there is no dirmngr.
* gpgsm: Silence the fingerprint output in quiet mode.Werner Koch2024-09-301-5/+9
| | | | | | | | | * sm/certchain.c (ask_marktrusted): Avoid fingerprint printing in quiet mode -- And also don't print it anymore after the agent told us that the feature has been disabled.
* gpgsm: Use a cache to speed up parent certificate lookup.Werner Koch2024-09-303-8/+114
| | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New. (struct cert_cache_item_s, cert_cache_item_t): New. (struct server_control_s): Add parent_cert_cache. * sm/gpgsm.c (compatibility_flags): Add "no-chain-cache". (parent_cache_stats): New. (gpgsm_exit): Print the stats with --debug=memstat. (gpgsm_deinit_default_ctrl): Release the cache. * sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates. (do_validate_chain): Ditto. -- This gives another boost of 30% (from 6.5 to 4.0 seconds in the test environment with ~1000 certs). do_validate_chain actually brings us the speedup becuase the gpgsm_walk_cert_chain is not used during a key listing. For the latter we actually cache all certificates because that was easier. GnuPG-bug-id: 7308
* sm: Optmize clearing of the ephemeral flag.Werner Koch2024-09-272-0/+25
| | | | | | | | | | * kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the cert object. * sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral flag if we know that it is not set. -- GnuPG-bug-id: 7308
* agent: Replace hack for old Libgcrypt versions for auto-expand-secmem.Werner Koch2024-09-271-4/+1
| | | | * agent/gpg-agent.c (main) <oAutoExpandSecmem>: Use Libgcrypt const.
* agent: Better diagnostic for a failed key unprotection.Werner Koch2024-09-271-0/+2
| | | | | | | | * agent/findkey.c (unprotect): Print a diagnostic if unprotection failed. -- GnuPG-bug-id: 6375
* gpg: Exclude expired trusted keys from the key validation process.Werner Koch2024-09-251-14/+47
| | | | | | | | | | | | | | | * g10/trustdb.c (copy_key_item): New. (validate_keys): Use a stripped down UTK list w/o expired keys. -- This patch makes sure that an expired trusted key is not used for trust computation. The test case is to delete a trusted key from the keyring, import a copy of that key which has already expired, check that a signed key is not anymore fully trusted and finally import a prolonged version of the trusted key and check that the signed key is now again fully trusted. GnuPG-bug-id: 7200
* gpg: Validate the trustdb after the import of a trusted key.Werner Koch2024-09-251-4/+16
| | | | | | | | | | | | | * g10/import.c (import_one_real): Rename non_self to non_self_or_utk. If not set after chk_self_sigs check whether the imported key is an ultimately trusted key. -- The revalidation mark was only set if the imported key had a new key signature. This is in general correct but not if the imported key is a trusted key. GnuPG-bug-id: 7200
* gpg: Remove useless variable in validate_keys.Werner Koch2024-09-251-30/+34
| | | | | | | | | | | * g10/trustdb.c (store_validation_status): Remove arg 'stored'. (validate_keys): Remove keyhashtable 'stored' which was never used. -- This has been here since 2003. The variable was never evaluated - only stored. Also added some comments.
* po: Update Japanese Translation.NIIBE Yutaka2024-09-251-17/+11
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix gnupg_exec_tool_stream for INEXTRA==NULL.NIIBE Yutaka2024-09-251-1/+1
| | | | | | | | | * common/exectool.c (gnupg_exec_tool_stream): Initialize extrapipe. -- Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix --quick-set-expire for V5 subkey fingerprintsIngo Klöcker2024-09-241-1/+1
| | | | | | | | | | | | * g10/keyedit.c (keyedit_quick_set_expire): Use actual size of fingerprint. -- The size of the fingerprints is either 20 (V4) or 32 (V5). Using the actual size of the fingerprints fixes the lookup of subkeys with V5 fingerprint. GnuPG-bug-id: 7298
* common: Add debug code to gnupg_exec_tool_streamWerner Koch2024-09-241-0/+7
| | | | | | | * common/exectool.c (gnupg_exec_tool_stream): Add diagnostic. -- This should help if something is broken with poll.
* w32: Fix last commit to build on Windows.Werner Koch2024-09-201-1/+1
| | | | | | | | * scd/app.c (struct mrsw_lock): Move notify_watchers out of the system specific condition. -- Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
* scd: Fix DEVINFO, allowing no clients which watch the change.NIIBE Yutaka2024-09-201-3/+7
| | | | | | | | | | | * scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers. (card_list_signal): Only when watchers wait, kick by write(2). (card_list_wait): Increment/decrement notify_watchers field. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* speedo: Make use of wget more robustWerner Koch2024-09-192-5/+15
| | | | | | | * build-aux/getswdb.sh: Add option --wgetopt. * build-aux/speedo.mk (WGETOPT): New. (getswdb_options): Pass to getswdb. (unpack): Use wget with new options.
* po: Update Portuguese Translation.Daniel Cerqueira2024-09-191-27/+10
| | | | | | -- Signed-off-by: Daniel Cerqueira <[email protected]>
* gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.Werner Koch2024-09-192-5/+11
| | | | | | | | | | | | | | | | | | | | | | * g10/decrypt-data.c (struct decode_filter_context_s): Add flag checktag_failed. (aead_checktag): Set flag. (decrypt_data): Initially clear that flag and check the flag after the decryption. * g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based check. -- This fixes a bug where for an OCB encrypted and signed message with the signing key missing during decryption the DECRYPTION_FAILED status line was printed along with "WARNING: encrypted message has been manipulated". This was because we use log_error to show that the signature could not be verified due to the missing pubkey; the original fix looked at the error counter and thus triggered the decryption failed status. Fixes-commit: 50e81ad38d2b5a5028fa6815da358c0496aa927e GnuPG-bug-id: 7042
* agent: Fix detection of the trustflag de-vs.Werner Koch2024-09-191-1/+1
| | | | | | | | * agent/trustlist.c (read_one_trustfile): Fix comparison. -- Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f GnuPG-bug-Id: 5079
* kbx: Fix a race condition on DATABASE_HD.NIIBE Yutaka2024-09-191-3/+6
| | | | | | | | | | * kbx/backend-sqlite.c (create_or_open_database): Protect the access to DATABASE_HD. -- GnuPG-bug-id: 7294 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix DEVINFO to allow multiple clients.NIIBE Yutaka2024-09-181-0/+9
| | | | | | | | | * scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests:gpgscm: Raise an error correctly for process spawning.NIIBE Yutaka2024-09-131-3/+13
| | | | | | | | | | * tests/gpgscm/ffi.c (do_process_spawn_io): Handle ERR. (do_process_spawn_fd): Likewise. -- Reported-by: Marcel Telka <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2024-09-122-1/+9
| | | | --
* Release 2.5.1gnupg-2.5.1Werner Koch2024-09-121-1/+31
|
* tools: Fix recent regressions in gpg-authcode-sign.shWerner Koch2024-09-111-2/+2
| | | | | * tools/gpg-authcode-sign.sh (cleanup): Fix syntax error. (trap): Remove bashism.
* build: Fix make distclean for gnupg.7.htmlWerner Koch2024-09-111-3/+3
| | | | --
* po: msgmergeWerner Koch2024-09-1126-391/+983
| | | | --
* po: Update the German translationWerner Koch2024-09-111-17/+38
| | | | --
* gpgsm: New option --assert-signerWerner Koch2024-09-116-4/+184
| | | | | | | | | | | | | | | * sm/gpgsm.c (oAssertSigner, oNoop): New. (opts): Add option --assert-signer. (assert_signer_true): New var. (main): Set new option. (gpgsm_exit): Handle assert_signer_true. * sm/gpgsm.h (opt): Add field assert_signer_list. * sm/verify.c (is_x509_fingerprint): New. (check_assert_signer_list): New. (gpgsm_verify): Handle option. -- GnuPG-bug-id: 7286
* build: Remove configure option --enable-gpg-is-gpg2Werner Koch2024-09-117-156/+9
| | | | | | | | | | | | | | | | | * configure.ac (--enable-gpg-is-gpg2): Remove option. (USE_GPG2_HACK): Remove var. * common/homedir.c (gnupg_module_name): Remove code for gpg2 installation option. * g10/keygen.c (generate_keypair): Ditto. * g10/Makefile.am (noinst_PROGRAMS): Ditto. * doc/gpg.texi: Ditto. * doc/gpgv.texi: Ditto. -- This option and all its build stuff does not make anymore sense. gpg1 is way too old for anyone to use on a regualar base along with a standard gpg. It is better to rename that single gpg (1.4) binary to gpg1 and adjust any scripts.
* build: Also cleanup generated html file in a make distcheckWerner Koch2024-09-111-9/+14
| | | | | | | | * doc/Makefile.am (myman_pages): Add gpg and gpgv. (USE_GPG2_HACK): Remove conditional. (myhtmlman_pages): New. (DISTCLEANFILES): Add html pages. --
* tests: Updated PQC test data to the final Kyber algo id.Werner Koch2024-09-1110-342/+529
| | | | | | | | -- We actually reuse the private keys here by having deleted the subkey and crated a new one using the option "From existing key". Of course the encrypted data changed while the plaintext stayed the same.
* doc: Updated comments in speedo.mkWerner Koch2024-09-111-5/+6
| | | | --
* gpg: Fix getting key by IPGP.NIIBE Yutaka2024-09-111-1/+2
| | | | | | | | | | * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key. -- GnuPG-bug-id: 7288 Reported-by: Wilfried Teiken Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New commands --add-recipients and --change-recipients.Werner Koch2024-09-0911-66/+331
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aAddRecipients, aChangeRecipients): New consts. (opts): Add --add-recipients and --change-recipients. (main): Handle them. * g10/gpg.h (struct server_control_s): Add fields modify_recipients, clear_recipients, and last_read_ctb. * g10/armor.c (was_armored): New. * g10/decrypt.c (decrypt_message): Add optional arg 'remusr'. Handle re-encryption if desired. * g10/encrypt.c (write_pubkey_enc): Factor info printing out to ... (show_encrypted_for_user_info): new. (reencrypt_to_new_recipients): New. * g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc and last_ctb. (init_parse_packet): Clear them. * g10/parse-packet.c (parse): Store CTB in the context. Early return on pubkey_enc and symkey_enc packets if requested. * g10/mainproc.c (proc_encrypted): Allow for PKT being NULL. Return early in modify-recipients mode. (proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'. Adjust callers. Call do_proc_packets in modify-recipients mode depending on the optional args. (do_proc_packets): Add arg 'keep_dek_and_list'. Adjust callers. Save the last read CTB in CTRL and return after the last fooenc_enc packets. -- This basically works but does not yet handle symmetric encrypted packets (symkey_enc). GnuPG-bug-id: 1825 (Yes, this is an at least 9 year old feature request)
* gpg: Improve detection of input data read errors.Werner Koch2024-09-061-3/+10
| | | | | | | | | | | | * g10/build-packet.c (do_plaintext): Better error checking for iobuf_copy. -- Fixes-commit: 695cb04af5218cd7b42c7eaaefc186472b99a995 GnuPG-bug-id: 6528 The original fix handles only the disk full case but didn't bother about read errors (i.e. I/O problems on an external drive).
* gpg: Make --no-literal work again for -c and --store.Werner Koch2024-09-062-18/+29
| | | | | | | | | | | * g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy. (enarmor_file): Ditto. * g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy (encrypt_crypt): Use iobuf_copy. -- Fixes-commit: 756c0bd5d89bd0a773f844fbc2ec508c1a36c63d GnuPG-bug-id: 5852
* gpg: Simplify the pubkey_enc_list objectWerner Koch2024-09-064-62/+88
| | | | | | | | | | | | * g10/packet.h (struct pubkey_enc_list): Replace most by a PKT_pubkey_enc member. * g10/free-packet.c (free_pubkey_enc): Factor most stuff out to ... (release_pubkey_enc_parts): new. (copy_pubkey_enc_parts): New. * g10/mainproc.c (release_list): Adjust for above change. (proc_pubkey_enc): Ditto. (print_pkenc_list): Ditto. (proc_encrypted): Ditto.
* gpg: remove workaround for Libgcrypt < 1.8.6Werner Koch2024-09-061-29/+4
| | | | * g10/free-packet.c (is_mpi_copy_broken): Remove.
* scd:w32: Fix for setting an environment block with GNUPGHOME.NIIBE Yutaka2024-09-061-3/+2
| | | | | | | | | | * scd/app.c (report_change): It's ASCII or multi-byte encoded string. It's gpgrt's spawn function which converts it to wide char string internally if needed. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:w32: Export GNUPGHOME for scd-event.NIIBE Yutaka2024-09-051-12/+11
| | | | | | | | * scd/app.c (report_change): Set up GNUPGHOME. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: Add missing linefeed to the -X output.Werner Koch2024-09-031-1/+11
| | | | * tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.