| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level
* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
pending_check_trustdb is true (set when we detect a trustdb
parameter has changed).
* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
listing for min_cert_level not matching.
* g10/tdbio.c (tdbio_update_version_record, create_version_record,
tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
tdbio_write_record): Add a byte for min_cert_level in the tdbio
version record.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/misc.c (pubkey_get_npkey, pubkey_get_nskey)
(pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to
GCRY_PK_RSA.
--
The problem is that Libgcrypt has no more support for the alternate
RSA ids and thus if asking for the number of parameters, they will
return zero. Now, this leads to packing the key parameters into an
opaque MPI but because the algorithm id is actually known to GPG, it
assumes valid RSA parameters.
An example key with RSA_S is 0x5434509D.
|
| |
|
|
|
| |
* photoid.c (generate_photo_id): Check for the JPEG magic numbers
instead of JFIF since some programs generate an EXIF header first.
|
| |
|
|
|
| |
* g10/export.c (transfer_format_to_openpgp): Avoid possible double
free of LIST. Reported by NIIBE Yutaka.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert. Remove MAX_SIZE arg. Change
iobuf arg to a estream-t. Rewrite function to make use of estream
instead of iobuf. Require all parameters. Return an gpg_error_t
error instead of the type. Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
|
| |
|
|
|
| |
* common/t-dns-cert.c (main): Increase MAX_SIZE to 64k.
* g10/keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k.
|
| |
|
|
| |
This is bug#1378.
|
| |
|
|
|
|
| |
This works by specifying the keygrip instead of an algorithm (section
number 13) and requires that the option -expert has been used. It
will be easy to extend this to the primary key.
|
| |
|
|
| |
This allows us to extend this function in the future.
|
| |
|
|
| |
Also cleaned up the dotlock code for easier readability.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Without this patch, pk2 would be freed twice.
>From 2a18a4b757e0896e738fefbbaa8ff8c23a9edf89 Mon Sep 17 00:00:00 2001
From: Jim Meyering <[email protected]>
Date: Tue, 20 Sep 2011 16:20:39 +0200
Subject: [PATCH] avoid use of freed pointer
If we free pk2 at the top of the for-loop, set it to NULL
so that we don't free it again just before returning.
* revoke.c (gen_desig_revoke): Don't use pk2 after freeing it.
|
| |
|
|
|
| |
This is to allow building with Libgcrypt master (1.6) which has some
cleanups in the API/ABI.
|
| | |
|
| |
|
|
|
| |
This is only a warning and gpg would anyway print an error message if
it tries to write to the trustdb.
|
| |
|
|
| |
Fixes bug#1355.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg. This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.
Note: the card key generation in gpg is currently broken. The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card. We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card. Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Returning -1 as an error code is not very clean given that gpg error
has more descriptive error codes. Thus we now return
GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
|
| |
The protection used in the exported key used a different iteration
count than given in the S2K field. Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again. Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
|
| |
|
|
|
|
| |
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'. This happened when I merged the user id
classification code of gpgsm and gpg.
|
| |
|
|
|
| |
* keylist.c (list_keyblock_colon): Use get_ownertrust_info, not
get_ownertrust (which lead to binary zeroes in the output!).
|
| |
|
|
|
|
|
|
|
|
|
| |
This helps in the case of an unknown key algorithm with a corrupted
packet which claims a longer packet length. This used to allocate the
announced packet length and then tried to fill it up without detecting
an EOF, thus taking quite some time. IT is easy to fix, thus we do
it. However, there are many other ways to force gpg to use large
amount of resources; thus as before it is strongly suggested that the
sysadm uses ulimit do assign suitable resource limits to the gpg
process. Suggested by Timo Schulz.
|
| |
|
|
|
|
| |
Factoring common code out is always a Good Thing. Also added a
configure test to print an error if gcry_kdf_derive is missing in
Libgcrypt.
|
| |
|
|
|
|
|
|
| |
Without Libgcrypt 1.5 is was not possible to use ECC keys. ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.
Also fixed a few missing prototypes.
|
| | |
|
| |
|
|
|
|
|
| |
* keyid.c (hash_public_key): Remove shadowing NBITS.
* misc.c (pubkey_nbits): Replace GCRY_PK_ by PUBKEY_ALGO_.
(get_signature_count): Remove warning.
|
| | |
|
| |
|
|
|
|
|
| |
This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm. The hash algorithm
is used by app-openpgp.c only for a sanity check.
|
| |
|
|
|
|
| |
The import test imports the keys as needed and because they are
passphrase protected we now need a pinentry script to convey the
passphrase to gpg-agent.
|
| |
|
|
| |
This is similar to the change in keylist.c and elsewhere.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The basic network code from http.c is used for finger. This keeps the
network related code at one place and we are able to use the somewhat
matured code form http.c. Unfortunately I had to enhance the http
code for more robustness and probably introduced new bugs.
Test this code using
gpg --fetch-key finger:[email protected]
(I might be the last user of finger ;-)
|
| |
|
|
|
| |
This fix also allows the creation and use of an 521 bit ECDH key which
used to fail while creating the binding signature.
|
| |
|
|
|
|
|
|
| |
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
|
| | |
|
| |
|
|
|
| |
Add a compatibility fixes for the non-curve case.
Remove -lber from the dirmngr link line.
|
| |
|
|
|
|
|
| |
DECRYPTION_INFO <mdc_method> <sym_algo>
Print information about the symmetric encryption algorithm and
the MDC method. This will be emitted even if the decryption
fails.
|
| | |
|
| |
|
|
|
|
|
| |
This allows to add an ECC key and to set the capabilities of an ECDSA
key.
Fix printing of the ECC algorithm when creating a signature.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week. Adjusted my own ChangeLog
entries to be consistent with that entry.
Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future. "git diff -b" is useful
to read the actual changes ;-).
The ECC-INTEGRATION-2-1 branch can be closed now.
|
| |
|
|
|
| |
This also fixes a failed assertion when using a v3 key where the
fingerprint size is not 20.
|
| |
|
|
|
|
|
|
| |
Import and export of secret keys does now work. Encryption has been
fixed to be compatible with the sample messages.
This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
|
| |
|
|
|
|
|
| |
This is needed so that the agent will be able to export and import
OpenPGP secret keys. Add test case.
Removed unused function.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
version.
Quite some changes were needed but in the end we have less code than
before. Instead of trying to do everything with MPIs and pass them
back and forth between Libgcrypt and GnuPG, we know use the
S-expression based interface and make heavy use of our opaque MPI
feature.
Encryption, decryption, signing and verification work with
self-generared keys.
Import and export does not yet work; thus it was not possible to check
the test keys at https://sites.google.com/site/brainhub/pgpecckeys .
|
