aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Assert that an opaque parameter is really what we expect.Werner Koch2017-03-313-1/+12
| | | | | | | | | * g10/gpg.h (SERVER_CONTROL_MAGIC): New const. (server_control_s): Add field 'magic'. * g10/gpg.c (gpg_init_default_ctrl): Init MAGIC. * g10/import.c (impex_filter_getval): Assert MAGIC. Signed-off-by: Werner Koch <[email protected]>
* gpg: Pass CTRL to many more functions.Werner Koch2017-03-3138-751/+885
| | | | | | | | | | -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <[email protected]>
* gpg: Consistent use of preprocessor conditionals.Justus Winter2017-03-301-8/+8
| | | | | | | | * g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking DEBUG_PARSE_PACKET. This fixes the build with '#define DEBUG_PARSE_PACKET 0'. Signed-off-by: Justus Winter <[email protected]>
* gpg: Remove the use of the signature information from a KBX.Werner Koch2017-03-301-106/+9
| | | | | | | | | | | | | | | | | | | | | | | * g10/keydb.c (keyblock_cache): Remove field SIGSTATUS. (keyblock_cache_clear): Adjust for that removal. (parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature cache setting; this is now done in the parser. (keydb_get_keyblock): Do not set SIGSTATUS. (build_keyblock_image): Remove arg SIGSTATUS and simplify. Change caller. * kbx/keybox-blob.c: Explain that the signature information is not anymore used. (_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change callers. * kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS and change callers. * kbx/keybox-update.c (keybox_insert_keyblock): Likewise. -- This thing was too complicated and has been replaced by the new ring trust packet code. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix actual leak and possible leaks in the packet parser.Werner Koch2017-03-305-19/+26
| | | | | | | | | | | | | | | * g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a pointer to its struct. (init_parse_packet): Adjust for LAST_PKT not being a pointer. * g10/parse-packet.c (parse): Ditto. Free the last packet before storing a new one in case of a deep link. (parse_ring_trust): Adjust for LAST_PKT not being a pointer. * g10/free-packet.c (free_packet): Ditto. * g10/t-keydb-get-keyblock.c (do_test): Release keyblock. -- Fixes-commit: afa86809087909a8ba2f9356588bf90cc923529c Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix export porting of zero length user ID packets.Werner Koch2017-03-301-2/+10
| | | | | | | | | | | * g10/build-packet.c (do_user_id): Avoid indeterminate length header. -- We are able to import such user ids but when exporting them the exported data could not be imported again because the parser bails out on invalid keyrings. This is now fixed and should be backported. Signed-off-by: Werner Koch <[email protected]>
* gpg: Revamp reading and writing of ring trust packets.Werner Koch2017-03-3010-137/+340
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/parse-packet.c (parse_trust): Rename to ... (parse_ring_trust): this. Change args and implement new ring trust packet format. (parse): Add special ring trust packet handling. * g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and KEYSRC. (PKT_public_key): Ditto. (RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts. (PKT_ring_trust): New. (struct packet_struct): Remove member RING_TRUST. (strcu parse_packet_ctx_s): Add field SKIP_META. (init_parse_packet): Init SKIPT_META. * g10/free-packet.c (release_public_key_parts): Free UDPATEURL. (free_user_id): Ditto. * g10/mainproc.c (list_node): Remove printing of non-documented "rtv" lines. * g10/build-packet.c (build_packet_and_meta): New. (do_ring_trust): New. * g10/export.c (write_keyblock_to_output): Use build_packet_and_meta in backup mode. (do_export_one_keyblock): Ditto. * g10/import.c (read_block): Add arg WITH_META. Skip ring trust packets if that ism not set. (import): Call read_block WITH_META in restore mode. * g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS) (KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not yet used, though. * g10/keydb.c (parse_keyblock_image): Allow ring trust packets. (build_keyblock_image): Ditto. Use build_packet_and_meta. * g10/keyring.c (keyring_get_keyblock): Remove specila treatment of ring trust packets. (write_keyblock): Use build_packet_and_meta. Remove special treatment of ring trust packets and initialization of the signature caches. -- This patch introduced the framework to store meta data for keys and user ids in the keyrings/keyboxes. Ring trust packets are implementation defined and have always been used in gpg to cache the signature verification status. Ring trust packets are only exported with the export option "backup" and only imported with the import option "restore". The new code uses a cleaner way to handle the ring trust packets: When the parser reads a ring trust packet and the previously read packet matches the type of that ring trust packet, the information is stored in that previously read packet (signature, user id, or primary key) and the next packet is read immediately. Thus only the parser sees the ring trust packets. Ring trust packets are written by using the new function build_packet_and_meta instead of build_packet. That function writes a ring trust packet when the needed information is available. As a side-effect of this patch the signature status cache works again and "gpg --check-sigs" is thus much faster. Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend free_packet to handle a packet parser context.Werner Koch2017-03-2912-53/+124
| | | | | | | | | | | | | | | * g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and FREE_LAST_PKT. (init_parse_packet): Clear them. (deinit_parse_packet): New macro. Change all users if init_parse_packet to also call this macro. * g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow packet copies in the context. Change all callers. * g10/parse-packet.c (parse): Store certain packets in the parse context. -- Signed-off-by: Werner Koch <[email protected]>
* indent: Re-indent function free-packet.Werner Koch2017-03-291-44/+47
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Change parse_packet to take a context.Werner Koch2017-03-297-77/+137
| | | | | | | | | | | | | | | | | | * g10/packet.h (struct parse_packet_ctx_s): New. (parse_packet_ctx_t): New type. (init_parse_packet): New macro. * g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take a parse context. Change all callers to provide a context instead of directly supplying the input stream. (search_packet, dbg_search_packet): Ditto. (copy_all_packets, dbg_copy_all_packets): Init an use a parse context. (copy_some_packets, dbg_copy_some_packets): Ditto. (skip_some_packets, dbg_skip_some_packets): Ditto. -- We will need this change to handle ring packets inside the parser. Signed-off-by: Werner Koch <[email protected]>
* gpg: Export ring trust packets in backup mode.Werner Koch2017-03-291-1/+4
| | | | | | * g10/export.c (write_keyblock_to_output): Export ring trust packets. Signed-off-by: Werner Koch <[email protected]>
* indent: Re-indent parts of build-packet.cWerner Koch2017-03-291-146/+152
| | | | --
* gpg: Prepare for listing last_update and key origin data.Werner Koch2017-03-281-2/+6
| | | | | | | | | | | * g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20. -- We add them now to early catch error in parsers which arbitrary limit the number of fields in --with-colon listings. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix memory leak.Justus Winter2017-03-281-1/+2
| | | | | | * g10/decrypt-data.c (decrypt_data): Free 'filename'. Signed-off-by: Justus Winter <[email protected]>
* g10: Support specifying SERIALNO for --card-status.NIIBE Yutaka2017-03-273-9/+76
| | | | | | | | | * g10/gpg.c (main): Allow an argument for --card-status. * g10/card-util.c (current_card_status): Rename from card_status. (card_status): New, which supports multiple cards. (get_one_name): Use current_card_status. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New command --quick-set-primary-uid.Werner Koch2017-03-213-88/+159
| | | | | | | | | | | | * g10/gpg.c (aQuickSetPrimaryUid): New const. (opts): New command --quick-set-primary-uid. (main): Implement it. * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ... (quick_find_keyblock): new func. (keyedit_quick_revuid): Use quick_find_keyblock. (keyedit_quick_set_primary): New. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add new field no 18 to the colon listing.Werner Koch2017-03-203-22/+144
| | | | | | | | | | | | | | | * g10/misc.c (gnupg_pk_is_compliant): New. * g10/keylist.c (print_compliance_flags): New. (list_keyblock_colon): Call it here. * sm/keylist.c (print_compliance_flags): New. (list_cert_colon): Call it here. -- This patch is to convey information about DE_VS compliant keys to the caller. The double digit value is used so that parsers do the right thing and don't just look for a single digit. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove unused stuff.Werner Koch2017-03-202-25/+0
| | | | | | | * g10/OPTIONS: Remove. * g10/options.h (struct opt): Remove 'shm_coprocess'. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make sure the conflict set includes the current key.Neal H. Walfield2017-03-171-3/+25
| | | | | | | | | | | | | * g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling get_policy. If POLICY is 'auto' and the default policy is 'ask', make sure CONFLICT_SET includes the current key. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 2959 Debian-bug-id: 854829 Signed-off-by: Neal H. Walfield <[email protected]>
* agent,g10: Remove redundant SERIALNO request.NIIBE Yutaka2017-03-162-12/+98
| | | | | | | | | | * agent/learncard.c (agent_handle_learn): Don't call agent_card_serialno. Get the serialno in status response. * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO". (agent_scd_serialno): New. (card_cardlist_cb, agent_scd_cardlist): New. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix check of serialno.NIIBE Yutaka2017-03-151-1/+1
| | | | | | * g10/card-util.c (card_status): Fix. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Remove unused function.NIIBE Yutaka2017-03-151-92/+0
| | | | | | | | | | | * g10/call-agent.c (select_openpgp): Remove. -- By this change, the function get_serialno_cb will be also unused. But please don't remove the function, because it will be soon used. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Flush stdout before printing stats with --check-sigs.Werner Koch2017-03-131-1/+5
| | | | | | | * g10/keylist.c (print_signature_stats): Flush stdout. (list_keyblock_colon): Use es_flush instead of fflush. Signed-off-by: Werner Koch <[email protected]>
* g10: Move more flags into the flag bitfield.Justus Winter2017-03-0815-92/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and 'is_expired' into the flags bitfield, and drop the prefix. * g10/call-dirmngr.c: Adapt accordingly. * g10/export.c: Likewise. * g10/getkey.c: Likewise. * g10/import.c: Likewise. * g10/kbnode.c: Likewise. * g10/keyedit.c: Likewise. * g10/keylist.c: Likewise. * g10/keyserver.c: Likewise. * g10/mainproc.c: Likewise. * g10/pkclist.c: Likewise. * g10/pubkey-enc.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. -- This patch has been created by applying the following semantic patch: @@ expression E; @@ -E->is_expired +E->flags.expired @@ expression E; @@ -E->is_primary +E->flags.primary @@ expression E; @@ -E->is_revoked +E->flags.revoked Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Do not put a keyserver into a new dirmngr.confWerner Koch2017-03-081-7/+11
| | | | | * g10/dirmngr-conf.skel: Do not define keyservers. --
* gpg: Do not allow the user to revoke the last valid UID.Justus Winter2017-03-071-1/+40
| | | | | | | | | | | * g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then make sure that we do not revoke the last valid UID. (menu_revuid): Make sure that we do not revoke the last valid UID. * tests/openpgp/quick-key-manipulation.scm: Demonstrate that '--quick-revoke-uid' can not be used to revoke the last valid UID. GnuPG-bug-id: 2960 Signed-off-by: Justus Winter <[email protected]>
* More change for common.NIIBE Yutaka2017-03-071-3/+3
| | | | | | * g10, scd, test, tools: Follow the change of removal of -Icommon. Signed-off-by: NIIBE Yutaka <[email protected]>
* Remove -I option to common.NIIBE Yutaka2017-03-0768-267/+262
| | | | | | | | | | | | | * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix attempt to double free an UID structure.Werner Koch2017-03-061-2/+7
| | | | | | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL. -- Phil Pennock reported an assertion failure when doing % gpg --auto-key-locate dane --locate-keys someone gpg: Ohhhh jeeee: Assertion "uid->ref > 0" in \ free_user_id failed (free-packet.c:310) on his keyring. This patch is not tested but a good guess. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix possible segv when attribute packets are filtered.Werner Koch2017-03-031-6/+6
| | | | | | | | | | | | * g10/import.c (impex_filter_getval): Handle PKT_ATTRIBUTE the same as PKT_USER_ID (apply_drop_sig_filter): Ditto. -- The old code was plainly wrong in that it considered PKT_ATTRIBUTE to use a PKT_signature object. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add new variables to the import and export filters.Werner Koch2017-03-032-8/+35
| | | | | | | * g10/import.c (impex_filter_getval): Add new variables "expired", "revoked", and "disabled". Signed-off-by: Werner Koch <[email protected]>
* gpg: Always initialize the trust db when generating keys.Justus Winter2017-03-022-3/+7
| | | | | | | | | | | | | * g10/gpg.c (main): Always initialize the trust db when generating keys. * g10/keygen.c (do_generate_keypair): We can now assume that there is a trust db. -- It is important to mark keys we create as ultimately trusted. Fixes-commit: 4735ab96aa5577d40ba7b3f72d863057198cc6a7 GnuPG-bug-id: 2695 Signed-off-by: Justus Winter <[email protected]>
* gpg: Fix (quick) key generation with --always-trust.Justus Winter2017-03-023-2/+14
| | | | | | | | | | | * g10/keygen.c (do_generate_keypair): Only update the ownertrust if we do have a trust database. * g10/trustdb.c (have_trustdb): New function. * g10/trustdb.h (have_trustdb): New prototype. * tests/openpgp/quick-key-manipulation.scm: Remove workaround. GnuPG-bug-id: 2695 Signed-off-by: Justus Winter <[email protected]>
* g10: Signal an error when trying to revoke non-existant UID.Justus Winter2017-03-021-0/+2
| | | | | | | | | * g10/keyedit.c (keyedit_quick_revuid): Signal an error when trying to revoke non-existant UID. * tests/openpgp/quick-key-manipulation.scm: Test that. GnuPG-bug-id: 2962 Signed-off-by: Justus Winter <[email protected]>
* gpg: Make --export-options work with --export-secret-keys.Werner Koch2017-03-013-19/+22
| | | | | | | | | | | | | | | | | * g10/export.c (export_seckeys): Add arg OPTIONS and pass it to do_export. (export_secsubkeys): Ditto. * g10/gpg.c (main): Pass opt.export_options to export_seckeys and export_secsubkeys -- Back in the old days we did not used the export options for secret keys export because of a lot of duplicated code and that the old secring.gpg was anyway smaller that the pubring.gpg. With 2.1 it was pretty easy to enable it. Reported-by: Peter Lebbing GnuPG-bug-id: 2973
* gpg: Allow creating keys using an existing ECC key.Werner Koch2017-03-011-19/+3
| | | | | | | | | | | * common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO. Change to return the algo id. Reimplement using get_pk_algo_from_key. * g10/keygen.c (check_keygrip): Adjust for change. * sm/certreqgen-ui.c (check_keygrip): Ditto. -- GnuPG-bug-id: 2976 Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not require a trustdb for decryption.Werner Koch2017-02-2811-54/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE. Change to return an error code. Change all callers to to pass False for NO_CREATE. (tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test for a non-existing trustdb. Change all callers to to pass False for NO_CREATE. (tdb_get_min_ownertrust): Ditto. * g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call init_trustdb for a quick check. (get_ownertrust_info): Add arg NO_CREATE. (get_ownertrust_string): Ditto. * g10/gpgv.c (get_ownertrust_info): Adjust stub. * g10/test-stubs.c (get_ownertrust_info): Ditto. * g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE set. * g10/pubkey-enc.c (get_it): Ditto. -- Fixes-commit: effa80e0b5fd8cf9e31a984afe391c2406edee8b For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to gnupg-devel 'test failure on git master with decrypt-session-key.scm (and: continuous integration?)' Signed-off-by: Werner Koch <[email protected]>
* gpg,tools: Make auto-key-retrieve configurable via gpgconf.Justus Winter2017-02-281-0/+1
| | | | | | | | * g10/gpg.c (gpgconf_list): Add 'auto-key-retrieve'. * tools/gpgconf-comp.c (gc_options_gpg): Likewise. GnuPG-bug-id: 2381 Signed-off-by: Justus Winter <[email protected]>
* gpg,tools: Make trust-model configurable via gpgconf.Justus Winter2017-02-281-0/+1
| | | | | | | | * g10/gpg.c (gpgconf_list): Add 'trust-model'. * tools/gpgconf-comp.c (gc_options_gpg): Likewise. GnuPG-bug-id: 2381 Signed-off-by: Justus Winter <[email protected]>
* gpgv,w32: Fix --status-fd.Werner Koch2017-02-281-1/+3
| | | | | | * g10/gpgv.c (main): Use translate_sys2libc_fd_int for --status-fd. Signed-off-by: Werner Koch <[email protected]>
* trustdb: Respect --quiet during --import-ownertrust.Daniel Kahn Gillmor2017-02-261-6/+10
| | | | | | | * g10/tdbdump.c (import_ownertrust): If opt.quiet is set, do not send log_info messages. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* g10: fix typoManish Goregaokar2017-02-261-1/+1
| | | | | | | I already have copyright assignment with the FSF for GDB. I don't think I'll need to do the DCO thing. Signed-off-by: Manish Goregaokar <[email protected]>
* gpgv: New options --log-file and --debugWerner Koch2017-02-241-0/+37
| | | | | | | | * g10/gpgv.c (oLoggerFile, oDebug): New consts. (opts): Add options --log-file and --debug. (main): Implement options. Signed-off-by: Werner Koch <[email protected]>
* gpg: Emit new status DECRYPTION_KEYWerner Koch2017-02-231-3/+26
| | | | | | | * common/status.h (STATUS_DECRYPTION_KEY): New. * g10/pubkey-enc.c (get_it): Emit that status. Signed-off-by: Werner Koch <[email protected]>
* Fix spelling.Daniel Kahn Gillmor2017-02-211-1/+1
| | | | | | | | | -- Clean up several other misspellings noticed while reviewing Yuri's de-duplication patch. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Clean up word replication.Yuri Chornoivan2017-02-2123-27/+27
| | | | | | | | | -- This fixes extra word repetitions (like "the the" or "is is") in the code and docs. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* g10: Support primary key generation by keygrip.NIIBE Yutaka2017-02-201-109/+149
| | | | | | | | | | | | | | * g10/keygen.c (para_name): Add pKEYGRIP. (generate_keypair): Use pKEYGRIP for key generation. (do_generate_keypair): Call do_create_from_keygrip with pKEYGRIP. -- https://lists.gnupg.org/pipermail/gnupg-devel/2017-February/032591.html Reported-by: Alon Bar-Lev <[email protected]> Suggested-by: Peter Lebbing <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Make --export-ssh-key work for the primary key.Werner Koch2017-02-141-0/+42
| | | | | | | | | | | | | | | * g10/export.c (export_ssh_key): Also check the primary key. -- If no suitable subkey was found for export, we now check whether the primary key is suitable for export and export this one. Without this change it was only possible to export the primary key by using the '!' suffix in the key specification. Also added a sample key for testing this. GnuPG-bug-id: 2957 Signed-off-by: Werner Koch <[email protected]>
* gpg: Print a warning if no command has been given.Werner Koch2017-02-131-1/+5
| | | | | | | | * g10/gpg.c (main): Print in the default case. -- GnuPG-bug-id: 2943 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix memory leak in the error case of signature creation.Werner Koch2017-02-101-2/+9
| | | | | | | | | | | | * g10/sign.c (write_signature_packets): Free SIG. Also replace xcalloc by xtrycalloc. -- If do_sign fails SIG was not released. Note that in the good case SIG is transferred to PKT and freed by free_packet. Reported-by: Stephan Müller Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 03:14:52 +0000