| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
* g10/keygen.c (prepare_adsk): Emit status error.
--
This is useful for GPGME.
GnuPG-bug-id: 7322
|
| |
|
|
|
|
|
| |
* sm/gpgsm.c (compatibility_flags): Add flag.
* sm/gpgsm.h (COMPAT_NO_KEYINFO_CACHE): New.
* sm/call-agent.c (gpgsm_agent_istrusted): Act upon it.
(gpgsm_agent_keyinfo): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.h (struct keyinfo_cache_item_s): New.
(struct server_control_s): Add keyinfo_cache and keyinfo_cache_valid.
* sm/call-agent.c (keyinfo_cache_disabled): New flag.
(release_a_keyinfo_cache): New.
(gpgsm_flush_keyinfo_cache): New.
(struct keyinfo_status_parm_s): New.
(keyinfo_status_cb): Implement a fill mode.
(gpgsm_agent_keyinfo): Implement a cache.
* sm/server.c (reset_notify): Flush the cache.
* sm/gpgsm.c (gpgsm_deinit_default_ctrl): Ditto.
--
In almost all cases we have just a few private keys in the agent and
thus it is better to fetch them early. This does not work in a
restricted connection but we take care and disable the cache in this
case.
This cache gives a a minor speed up.
GnuPG-bug-id: 7308
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/call-agent.c (struct istrusted_cache_s): New.
(istrusted_cache, istrusted_cache_valid): New.
(istrusted_cache_disabled): New.
(flush_istrusted_cache): New.
(struct istrusted_status_parm_s): New.
(istrusted_status_cb): Fill the cache.
(gpgsm_agent_istrusted): Implement a cache.
--
Not a really measurable performance improvements on Linux but maybe
somewhat on Windows (not yet tested). However, it does not clutter
the log files with IPC calls returning NOT_TRUSTED.
GnuPG-bug-id: 7308
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/trustlist.c (istrusted_internal): Add arg listmode and print
new status line in this mode. Adjust callers.
(agent_listtrusted): Add new args ctrl and status_mode. Get all
trusted keys and then call is_trusted_internal for all of them.
* agent/command.c (cmd_listtrusted): Add new option --status.
--
This allows in a non-restricted connection to list all trusted keys in
one go.
|
| |
|
|
|
|
|
|
|
|
|
| |
* sm/minip12.c (parse_shrouded_key_bag): Increase size of salt buffer.
--
Reported on the mailing list. The change does not seem to have a big
regression risk, thus applied. See below for the mail
# ------------------------ >8 ------------------------
https://lists.gnupg.org/pipermail/gnupg-users/2024-September/067312.html
|
| |
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (known_options_gpg): Add list flag to sume
options.
--
GnuPG-bug-id: 7313
|
| |
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_algo): List the card key only when it's valid.
--
GnuPG-bug-id: 7309
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
| |
* sm/certchain.c (find_up_dirmngr): Skip if we know that there is no
dirmngr.
|
| |
|
|
|
|
|
|
|
| |
* sm/certchain.c (ask_marktrusted): Avoid fingerprint printing in
quiet mode
--
And also don't print it anymore after the agent told us that the
feature has been disabled.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New.
(struct cert_cache_item_s, cert_cache_item_t): New.
(struct server_control_s): Add parent_cert_cache.
* sm/gpgsm.c (compatibility_flags): Add "no-chain-cache".
(parent_cache_stats): New.
(gpgsm_exit): Print the stats with --debug=memstat.
(gpgsm_deinit_default_ctrl): Release the cache.
* sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates.
(do_validate_chain): Ditto.
--
This gives another boost of 30% (from 6.5 to 4.0 seconds in the test
environment with ~1000 certs). do_validate_chain actually brings us
the speedup becuase the gpgsm_walk_cert_chain is not used during a key
listing. For the latter we actually cache all certificates because
that was easier.
GnuPG-bug-id: 7308
|
| |
|
|
|
|
|
|
|
|
| |
* kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the
cert object.
* sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral
flag if we know that it is not set.
--
GnuPG-bug-id: 7308
|
| |
|
|
| |
* agent/gpg-agent.c (main) <oAutoExpandSecmem>: Use Libgcrypt const.
|
| |
|
|
|
|
|
|
| |
* agent/findkey.c (unprotect): Print a diagnostic if unprotection
failed.
--
GnuPG-bug-id: 6375
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/trustdb.c (copy_key_item): New.
(validate_keys): Use a stripped down UTK list w/o expired keys.
--
This patch makes sure that an expired trusted key is not used for
trust computation. The test case is to delete a trusted key from the
keyring, import a copy of that key which has already expired, check
that a signed key is not anymore fully trusted and finally import a
prolonged version of the trusted key and check that the signed key is
now again fully trusted.
GnuPG-bug-id: 7200
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--
The revalidation mark was only set if the imported key had a new key
signature. This is in general correct but not if the imported key is
a trusted key.
GnuPG-bug-id: 7200
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/trustdb.c (store_validation_status): Remove arg 'stored'.
(validate_keys): Remove keyhashtable 'stored' which was never used.
--
This has been here since 2003. The variable was never evaluated -
only stored.
Also added some comments.
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* common/exectool.c (gnupg_exec_tool_stream): Initialize extrapipe.
--
Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--
The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.
GnuPG-bug-id: 7298
|
| |
|
|
|
|
|
| |
* common/exectool.c (gnupg_exec_tool_stream): Add diagnostic.
--
This should help if something is broken with poll.
|
| |
|
|
|
|
|
|
| |
* scd/app.c (struct mrsw_lock): Move notify_watchers out of the system
specific condition.
--
Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers.
(card_list_signal): Only when watchers wait, kick by write(2).
(card_list_wait): Increment/decrement notify_watchers field.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* build-aux/getswdb.sh: Add option --wgetopt.
* build-aux/speedo.mk (WGETOPT): New.
(getswdb_options): Pass to getswdb.
(unpack): Use wget with new options.
|
| |
|
|
|
|
| |
--
Signed-off-by: Daniel Cerqueira <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--
This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.
Fixes-commit: 50e81ad38d2b5a5028fa6815da358c0496aa927e
GnuPG-bug-id: 7042
|
| |
|
|
|
|
|
|
| |
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--
Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f
GnuPG-bug-Id: 5079
|
| |
|
|
|
|
|
|
|
|
| |
* kbx/backend-sqlite.c (create_or_open_database): Protect
the access to DATABASE_HD.
--
GnuPG-bug-id: 7294
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/ffi.c (do_process_spawn_io): Handle ERR.
(do_process_spawn_fd): Likewise.
--
Reported-by: Marcel Telka <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
| |
* tools/gpg-authcode-sign.sh (cleanup): Fix syntax error.
(trap): Remove bashism.
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--
GnuPG-bug-id: 7286
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (--enable-gpg-is-gpg2): Remove option.
(USE_GPG2_HACK): Remove var.
* common/homedir.c (gnupg_module_name): Remove code for gpg2
installation option.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (noinst_PROGRAMS): Ditto.
* doc/gpg.texi: Ditto.
* doc/gpgv.texi: Ditto.
--
This option and all its build stuff does not make anymore sense. gpg1
is way too old for anyone to use on a regualar base along with a
standard gpg. It is better to rename that single gpg (1.4) binary to
gpg1 and adjust any scripts.
|
| |
|
|
|
|
|
|
| |
* doc/Makefile.am (myman_pages): Add gpg and gpgv.
(USE_GPG2_HACK): Remove conditional.
(myhtmlman_pages): New.
(DISTCLEANFILES): Add html pages.
--
|
| |
|
|
|
|
|
|
| |
--
We actually reuse the private keys here by having deleted the subkey
and crated a new one using the option "From existing key". Of course
the encrypted data changed while the plaintext stayed the same.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key.
--
GnuPG-bug-id: 7288
Reported-by: Wilfried Teiken
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (aAddRecipients, aChangeRecipients): New consts.
(opts): Add --add-recipients and --change-recipients.
(main): Handle them.
* g10/gpg.h (struct server_control_s): Add fields modify_recipients,
clear_recipients, and last_read_ctb.
* g10/armor.c (was_armored): New.
* g10/decrypt.c (decrypt_message): Add optional arg 'remusr'. Handle
re-encryption if desired.
* g10/encrypt.c (write_pubkey_enc): Factor info printing out to ...
(show_encrypted_for_user_info): new.
(reencrypt_to_new_recipients): New.
* g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc
and last_ctb.
(init_parse_packet): Clear them.
* g10/parse-packet.c (parse): Store CTB in the context. Early return
on pubkey_enc and symkey_enc packets if requested.
* g10/mainproc.c (proc_encrypted): Allow for PKT being NULL. Return
early in modify-recipients mode.
(proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'.
Adjust callers. Call do_proc_packets in modify-recipients mode
depending on the optional args.
(do_proc_packets): Add arg 'keep_dek_and_list'. Adjust callers. Save
the last read CTB in CTRL and return after the last fooenc_enc
packets.
--
This basically works but does not yet handle symmetric encrypted
packets (symkey_enc).
GnuPG-bug-id: 1825
(Yes, this is an at least 9 year old feature request)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--
Fixes-commit: 695cb04af5218cd7b42c7eaaefc186472b99a995
GnuPG-bug-id: 6528
The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy.
(enarmor_file): Ditto.
* g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy
(encrypt_crypt): Use iobuf_copy.
--
Fixes-commit: 756c0bd5d89bd0a773f844fbc2ec508c1a36c63d
GnuPG-bug-id: 5852
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/packet.h (struct pubkey_enc_list): Replace most by a
PKT_pubkey_enc member.
* g10/free-packet.c (free_pubkey_enc): Factor most stuff out to ...
(release_pubkey_enc_parts): new.
(copy_pubkey_enc_parts): New.
* g10/mainproc.c (release_list): Adjust for above change.
(proc_pubkey_enc): Ditto.
(print_pkenc_list): Ditto.
(proc_encrypted): Ditto.
|
| |
|
|
| |
* g10/free-packet.c (is_mpi_copy_broken): Remove.
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app.c (report_change): It's ASCII or multi-byte encoded string.
It's gpgrt's spawn function which converts it to wide char string
internally if needed.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* scd/app.c (report_change): Set up GNUPGHOME.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
* tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.
|
