aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Avoid output to the tty during import.Werner Koch2017-07-277-74/+96
| | | | | | | | | | | | | | | | * g10/key-check.c (key_check_all_keysigs): Add arg mode and change all output calls to use it. * g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all output calls to use it. (keyedit_menu): Adjust for changes. * g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp. * g10/import.c (import_one): Call key_check_all_keysigs with output to the log stream. -- Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035 GnuPG-bug-id: 3288 Signed-off-by: Werner Koch <[email protected]>
* g10: Make sure exactly one fingerprint is output with --quick-gen-key.Marcus Brinkmann2017-07-261-1/+2
| | | | | | | | | * g10/keygen.c (do_generate_keypair): Only set fpr in list_keyblock_direct invocation if neither --fingerprint nor --with-fingerprints are given. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2741
* gpg: Update key origin info during import merge.Werner Koch2017-07-251-4/+97
| | | | | | | | | | | | * g10/import.c (update_key_origin): New. (merge_blocks): Add arg curtime. (import_one): Pass curtime to merge_blocks. Call update_key_origin. -- We probably need to refine the rules on how this is done. But it is a start. Signed-off-by: Werner Koch <[email protected]>
* gpg: Store key origin for new userids during import merge.Werner Koch2017-07-251-107/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/import.c (apply_meta_data): Rename to ... (insert_key_origin): this. Factor code out to ... (insert_key_origin_pk, insert_key_origin_uid): new funcs. (import_one): Move insert_key_origin behind clean_key. (merge_blocks): Add args options, origin, and url. (append_uid): Rename to ... (append_new_uid): this. Add args options, curtime, origin, and url. Call insert_key_origin_uid for new UIDs. -- This is a straightforward change to handle new user ids. How to test: With an empty keyring run gpg --with-key-origin --locate-key \ --auto-key-locate clear,nodefault,wkd [email protected] and then append a new keyid using gpg --with-key-origin --locate-key \ --auto-key-locate clear,nodefault,wkd [email protected] Works with my current key 80615870F5BAD690333686D0F2AD85AC1E42B367. Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend --key-origin to take an optional URL arg.Werner Koch2017-07-245-2/+44
| | | | | | | | | | | | | | | | * g10/getkey.c (parse_key_origin): Parse appended URL. * g10/options.h (struct opt): Add field 'key_origin_url'. * g10/gpg.c (main) <aImport>: Pass that option to import_keys. * g10/import.c (apply_meta_data): Extend for file and url. * g10/keyserver.c (keyserver_fetch): Pass the url to import_keys_es_stream. -- Example: gpg --key-origin url,myscheme://bla --import FILE Signed-off-by: Werner Koch <[email protected]>
* gpg: Store key origin info for new keys from a keyserverWerner Koch2017-07-242-29/+66
| | | | | | | | * g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was done by fingerprint. * g10/import.c (apply_meta_data): Implement that. Signed-off-by: Werner Koch <[email protected]>
* gpg: Store key origin info for new DANE and WKD retrieved keys.Werner Koch2017-07-247-38/+101
| | | | | | | | | | | | | | | | | | | | * g10/import.c (apply_meta_data): Remove arg 'merge'. Add arg 'url'. Implement WKD and DANE key origin. (import_keys_internal): Add arg 'url' and change all callers. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. * g10/keylist.c (list_keyblock_print): Fix update URL printing. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return the SOURCE. Pass ks_status_cb to assuan_transact. * g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to the import function. -- Note that this only for new keys. Merging this info will be added soon. Signed-off-by: Werner Koch <[email protected]>
* gpg: Filter keys received via DANEWerner Koch2017-07-241-5/+27
| | | | | | | | | | | | * g10/keyserver.c (keyserver_import_cert): Use an import filter in DANE mode. -- We only want to see the user ids requested via DANE and not any additional ids. This filter enables this in the same way we do this in WKD. Signed-off-by: Werner Koch <[email protected]>
* g10: Make sure to emit NEED_PASSPHRASE on --import of secret key.Marcus Brinkmann2017-07-243-3/+9
| | | | | | | | | * call-agent.h (agent_import_key): Add keyid parameters. * call-agent.c (agent_import_key): Set keyid parameters. * import.c (transfer_secret_keys): Pass keyid parameters. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2667
* g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.Marcus Brinkmann2017-07-243-3/+9
| | | | | | | | | * call-agent.h (agent_export_key): Add keyid parameters. * call-agent.c (agent_export_key): Set keyid parameters. * export.c (receive_seckey_from_agent): Pass keyid parameters. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2667
* g10: Avoid caching passphrase for failed symmetric encryption.Marcus Brinkmann2017-07-211-1/+2
| | | | | | | | * g10/mainproc.c (proc_encrypted): If error code is GPG_ERR_CIPHER_ALGO, assume the symmetric passphrase was wrong and invalidate the cache. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2270
* gpg: Extend --quick-set-expire to allow subkey expiration setting.Werner Koch2017-07-213-26/+108
| | | | | | | | | * g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs. (menu_expire): Rename arg force_mainkey to unattended and allow unattended changing of subkey expiration. * g10/gpg.c (main): Extend --quick-set-expire. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix possible double free of the card serialno.Werner Koch2017-07-211-0/+6
| | | | | | | | | | | | | | | * g10/free-packet.c (copy_public_key): Copy fields serialno and updateurl. -- The PK->serialno is used to get the version of the card to decide whether it does support other algorithms than SHA-1. This value is cached but no deep copy was done when calling copy_public_key. Bug detected by importing some public keys and then importing a secret key which led to a double free. Signed-off-by: Werner Koch <[email protected]>
* gpg: Use macros to check the signature class.Werner Koch2017-07-211-24/+24
| | | | | | * g10/import.c: Use the extistin macros for better readability. Signed-off-by: Werner Koch <[email protected]>
* g10: Clean keyblock on initial commit.Marcus Brinkmann2017-07-211-0/+5
| | | | | | | | * g10/import.c (import_one): If option import-clean is set, also clean on initial import, not only for merge. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2401
* g10: Don't limit at the frontend side for card capability.NIIBE Yutaka2017-07-211-37/+12
| | | | | | | | | | | | | * g10/card-util.c (MAX_GET_DATA_FROM_FILE): New. (get_data_from_file): Use MAX_GET_DATA_FROM_FILE. (change_url, change_login, change_private_do): Don't limit. -- V3.3 card support longer data for URL, Login and Private DOs. It's scdaemon which knows that. Signed-off-by: NIIBE Yutaka <[email protected]>
* indent: Improve readability of some comments in getkey.cWerner Koch2017-07-201-165/+168
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --with-key-origin.Werner Koch2017-07-205-10/+82
| | | | | | | | | | | | * g10/getkey.c (parse_key_origin): Factor list out as ... (key_origin_list): new struct. (key_origin_string): New. * g10/gpg.c (oWithKeyOrigin): New const. (opts): New option --with-key-origin. (main): Implement option. * g10/options.h (struct opt): New flag with_key_origin. * g10/keylist.c (list_keyblock_print): Print key origin info. (list_keyblock_colon): Ditto.
* doc: Comment fixes and one trailing comma fix.Werner Koch2017-07-203-6/+6
| | | | --
* gpg: Make function mk_datestr public.Werner Koch2017-07-202-22/+25
| | | | | | | | | | | | | | | | | | | * g10/keydb.h (MK_DATESTR_SIZE): New. * g10/keyid.c (mk_datestr): Make public. Add arg bufsize and use snprintf. Change arg atime to u32. (datestr_from_pk): Simplify. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. -- Note that this also reduces the size of the static buffers from 16 to 11 which is sufficient for the string. In the past we added the 5 extra bytes to cope for bugs in gmtime which is now handles by snprintf. Signed-off-by: Werner Koch <[email protected]>
* g10: Return proper error when gpg-agent fails to start during probe.Marcus Brinkmann2017-07-201-2/+8
| | | | | | | | * g10/getkey.c (lookup): Return immediately on any other error than GPG_ERR_NO_SECKEY from agent_probe_any_secret_key. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2204
* gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.Werner Koch2017-07-191-0/+4
| | | | | | | | | | | | | | * g10/mainproc.c (check_sig_and_print): Track key server request via fingerprint. -- New signatures carry the fingerprint and thus --auto-key-retrieve tries to lookup the key by fingerprint. If that failed it used to also ask the same thing by KEYID - but the keyid is part of the fingerprint and thus it will either get no response or the wrong key back. We can easily avoid this. Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: Check compliance of the RNG.Werner Koch2017-07-173-0/+48
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_rng_is_compliant): New. * g10/call-agent.c (start_agent) [W32]: Check rng compliance. * sm/call-agent.c (start_agent) [W32]: Ditto. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * g10/sign.c (do_sign): Ditto. * sm/sign.c (gpgsm_sign): Ditto. -- Under Windows we need to check that the Jitter RNG is active in de-vs mode. Under Linux this is not necessary because /dev/random can be scrutinized and is believed to provide enough entropy. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix importing keys.Justus Winter2017-07-141-3/+6
| | | | | | | * g10/import.c (import_one): Fix error handling. Fixes-commit: 330212efb927c119bb5135856f8582c0e4e2e6b7 Signed-off-by: Justus Winter <[email protected]>
* gpg: Pass key origin values to import functions.Werner Koch2017-07-136-37/+55
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/import.c (import_keys_stream): Remove this unused function. (import_keys_internal): Add arg origin. (import_keys): Ditto. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. (apply_meta_data): New stub. (import_secret_one): Pass 0 for ORIGIN. * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN. (keyserver_fetch): Add arg origin. (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN. (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN. * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and keyserver_fetch. * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN. -- This is just the framework; applying the meta data will be done in another commit. GnuPG-bug-id: 3252 Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --key-origin.Werner Koch2017-07-138-21/+70
| | | | | | | | | | | | | | | * g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <[email protected]>
* tofu: Compare squares instead of square roots.Marcus Brinkmann2017-07-104-269/+9
| | | | | | | | | | | | | * g10/Makefile.am (tofu_source) [USE_TOFU]: Remove sqrtu32.h and sqrtu32.c. * g10/sqrtu32.h, g10/sqrtu32.c: Removed files. * g10/tofu.c: Compare squares instead of square roots. -- The original code is a factor 11.5 slower than using libm's sqrt(), which in turn is a factor 3.5 slower than using one multiplication on the other side of the comparison. Also, it's much simpler now. Signed-off-by: Marcus Brinkmann <[email protected]>
* gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.Werner Koch2017-06-231-3/+20
| | | | | | | | | | | | * common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New. * g10/encrypt.c (encrypt_crypt): Emit new status code. * sm/encrypt.c (gpgsm_encrypt): Ditto. -- This status code allows to report whether an encryption operation was compliant to de-vs. Signed-off-by: Werner Koch <[email protected]>
* indent,i18n: Make some new strings translatable. Wrap too long lines.Werner Koch2017-06-234-13/+20
| | | | --
* gpg: Close cached keydb handle in gpgv.Justus Winter2017-06-211-0/+1
| | | | | | | * g10/gpgv.c (main): Close cached handle. Fixes-commit: 5556eca5acd46983bff0b38a1ffbc2f07fbaba9f Signed-off-by: Justus Winter <[email protected]>
* gpg: Fix printing keyserver URLs and notation data.Justus Winter2017-06-211-2/+2
| | | | | | | | | | | | * g10/keylist.c (show_keyserver_url): Print to 'fp', not to 'stdout'. (show_notation): Likewise. -- Fixes the fact that if mode == -1, all text except for the labels is written to the tty, but the label is written to stdout, which is buffered. Signed-off-by: Justus Winter <[email protected]>
* gpg: Fix error handling.Justus Winter2017-06-201-0/+2
| | | | | | | | | | | | | | * g10/keygen.c (generate_subkeypair): Handle errors from pinentry. -- Previously, when generating a subkey, gpg would ask for the passphrase of the primary key. If that dialog is canceled, gpg would ask a second time for a passphrase to protect the new subkey. Fix this by handling the error. GnuPG-bug-id: 3212 Signed-off-by: Justus Winter <[email protected]>
* gpg,gpgsm: Fix compliance check for DSA and avoid an assert.Werner Koch2017-06-191-6/+7
| | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA check. Explicitly check for allowed ECC algos. (gnupg_pk_is_allowed): Swap P and Q for DSA check. * g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace assert by debug message. -- Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0 condition is surprising because it leads to the assumption SYMKEYS could be negative. Better use a boolean test. The assert could have lead to a regression for no good reason. Not being compliant is better than breaking existing users. Signed-off-by: Werner Koch <[email protected]>
* indent: Always use "_(" and not "_ (" to mark translatable strings.Werner Koch2017-06-195-12/+12
| | | | | | | | -- This makes greping much easier and we have done that since ever. Signed-off-by: Werner Koch <[email protected]>
* gpg: Check and fix keys on import.Justus Winter2017-06-143-2/+11
| | | | | | | | | | | * doc/gpg.texi: Document the new import option. * g10/gpg.c (main): Make the new option default to yes. * g10/import.c (parse_import_options): Parse the new option. (import_one): Act on the new option. * g10/options.h (IMPORT_REPAIR_KEYS): New macro. GnuPG-bug-id: 2236 Signed-off-by: Justus Winter <[email protected]>
* gpg: Refactor key checking and fixing.Justus Winter2017-06-145-614/+693
| | | | | | | | | | | | | | * g10/Makefile.am (gpg_sources): Add new files. * g10/gpgcompose.c (keyedit_print_one_sig): New stub. * g10/keyedit.c (sig_comparison): Move to new module. (check_all_keysigs): Likewise. (fix_keyblock): Adapt callsite. (keyedit_menu): Likewise. * g10/key-check.c: New file. * g10/key-check.h: Likewise. GnuPG-bug-id: 2236 Signed-off-by: Justus Winter <[email protected]>
* gpg: Refactor keyedit module.Justus Winter2017-06-134-39/+70
| | | | | | | | | | | | | * g10/Makefile.am (gpg_SOURCES): Add new file. * g10/keyedit.c (NODFLG_*): Move flags to the new header file. (print_one_sig): Export symbol and rename accordingly. (print_and_check_one_sig): Adapt accordingly. (check_all_keysigs): Likewise. * g10/keyedit.h: New file. * g10/main.h: Drop declarations, include new header. GnuPG-bug-id: 2236 Signed-off-by: Justus Winter <[email protected]>
* gpg: Disable keydb handle caching only for W32Werner Koch2017-06-131-10/+17
| | | | | | | | | | | * g10/getkey.c (getkey_end) [!W32]: Re-enable caching. -- This change limits of the effects of commit d3d640b9cc98dd0d06b49a2e4d46eb67af96fe29 to W32 system. GnuPG-bug-id: 3097 Signed-off-by: Werner Koch <[email protected]>
* po: Make a string translatable.Werner Koch2017-06-131-3/+6
| | | | --
* gpg: Send gpgcompose --help output to stdout, not stderr.Neal H. Walfield2017-06-111-7/+7
| | | | | | | * g10/gpgcompose.c (show_help): Send gpgcompose --help output to stdout, not stderr. Reported-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Improve some output of gpgcompose.Neal H. Walfield2017-06-111-2/+5
|
* gpg: Support 'gpgcompose --encrypted-pop --help'Neal H. Walfield2017-06-111-3/+21
| | | | | | | * g10/gpgcompose.c (encrypted_pop_options): New variable. (encrypted_pop): Support the --help option. Reported-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Remove dead code.Neal H. Walfield2017-06-111-7/+1
| | | | | | * g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be PKT_ENCRYPTED_MDC. (encrypted_pop): Likewise and there is no option --encrypted-mdc-pop.
* common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.Justus Winter2017-06-086-1/+147
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): New function. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * common/compliance.h (enum pk_use_case): New definition. (gnupg_pk_is_allowed): New prototype. (gnupg_cipher_is_allowed): Likewise. (gnupg_digest_is_allowed): Likewise. * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using the new predicates. * g10/encrypt.c (encrypt_crypt): Likewise. * g10/gpg.c (main): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sig-check.c (check_signature2): Likewise. * g10/sign.c (do_sign): Likewise. * sm/decrypt.c (gpgsm_decrypt): Likewise. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (main): Likewise. * sm/sign.c (gpgsm_sign): Likewise. * sm/verify.c (gpgsm_verify): Likewise. -- With this change, policies can effectively restrict what algorithms are used for different purposes. The algorithm policy for CO_DE_VS is implemented. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* gpg: Fix computation of compliance with CO_DE_VS.Justus Winter2017-06-081-3/+4
| | | | | | | | * g10/mainproc.c (proc_encrypted): Symmetric encryption is also in compliance with CO_DE_VS. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <[email protected]>
* gpg: Avoid failure exit when scdaemon is disabled but not needed.Werner Koch2017-06-081-2/+4
| | | | | | | | | | | | * g10/call-agent.c (warn_version_mismatch): Use log_info if error is "not supported". -- This fix may make the fix for GnuPG-bug-id: 3192 even more robust. Signed-off-by: Werner Koch <[email protected]>
* common: Add cipher mode to compliance predicate.Justus Winter2017-06-071-1/+1
| | | | | | | | | | * common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter. * common/compliance.h (gnupg_cipher_is_compliant): Likewise. * g10/mainproc.c (proc_encrypted): Adapt callsite. * sm/decrypt.c (gpgsm_decrypt): Likewise. GnuPG-bug-id: 3059 Signed-off-by: Justus Winter <[email protected]>
* common,gpg,sm: Initialize compliance module.Justus Winter2017-06-071-0/+3
| | | | | | | | | | * common/compliance.c (gnupg_initialize_compliance): New function. * common/compliance.h (gnupg_initialize_compliance): New prototype. * g10/gpg.c (main): Use the new function. * sm/gpgsm.c (main): Likewise. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* common,gpg: Move the compliance option printer.Justus Winter2017-06-076-28/+11
| | | | | | | | | | | | | | * common/compliance.c (gnupg_compliance_option_string): New function. * common/compliance.h (gnupg_compliance_option_string): New prototype. * g10/encrypt.c (write_pubkey_enc_from_list): Update callsite. * g10/gpg.c (main): Likewise. * g10/keyedit.c (keyedit_menu): Likewise. * g10/pkclist.c (build_pk_list): Likewise. * g10/main.h (compliance_option_string): Remove prototype. * g10/misc.c (compliance_option_string): Remove function. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
* common,gpg,sm: Move the compliance option parser.Justus Winter2017-06-071-26/+11
| | | | | | | | | | | | | | * common/compliance.c (gnupg_parse_compliance_option): New function. * common/compliance.h (struct gnupg_compliance_option): New type. (gnupg_parse_compliance_option): New prototype. * g10/gpg.c (parse_compliance_option): Remove function. (compliance_options): New variable. (main): Adapt callsite. * sm/gpgsm.c (main): Use the new common function. * sm/gpgsm.h (opt): New field 'compliance'. GnuPG-bug-id: 3191 Signed-off-by: Justus Winter <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 08:37:20 +0000