aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Allow generating Ed25519 key from an existing key.Werner Koch2019-01-301-0/+1
| | | | | | | | | | * g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping. -- Due to this missing mapping a "gpg --export --full-gen-key" with selection "13 - Existing key" did not worked for an ed25519 key. Signed-off-by: Werner Koch <[email protected]>
* common: Provide some convenient OpenPGP related constants.Werner Koch2019-01-291-5/+5
| | | | | | | | | | * common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New. (OPENPGP_MAX_NSKEY): New. (OPENPGP_MAX_NSIG): New. (OPENPGP_MAX_NENC): New. * g10/packet.h: Define PUBKEY_MAX using the new consts. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix just changed agent_get_s2k_count.Werner Koch2019-01-261-2/+2
| | | | | | | | | | * g10/call-agent.c (agent_get_s2k_count): Actually return the count. -- The previous push was definitely a bit to hasty. Fixes-Commit: ec13b1c562e34c0fcbc7b848ab6dc187b79cf2c1 Signed-off-by: Werner Koch <[email protected]>
* gpg: Move S2K encoding function to a shared file.Werner Koch2019-01-267-67/+30
| | | | | | | | | | | | | | | | * g10/passphrase.c (encode_s2k_iterations): Move function to ... * common/openpgp-s2k.c: new file. Remove default intialization code. * common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy. * g10/call-agent.c (agent_get_s2k_count): Change to return the count and print an error. * agent/protect.c: Include openpgpdefs.h * g10/card-util.c (gen_kdf_data): Adjust for changes * g10/gpgcompose.c: Include call-agent.h. (sk_esk): Adjust for changes. * g10/passphrase (passphrase_to_dek): Adjust for changes. * g10/main.h (S2K_DECODE_COUNT): Remove macro. Signed-off-by: Werner Koch <[email protected]>
* gpg: Stop early when trying to create a primary Elgamal key.Werner Koch2019-01-221-0/+7
| | | | | | | | | | | | | * g10/misc.c (openpgp_pk_test_algo2): Add extra check. -- The problem is that --key-gen --batch with a parameter file didn't detect that Elgamal is not capable of signing and so an error was only triggered at the time the self-signature was created. See the code comment for details. GnuPG-bug-id: 4329 Signed-off-by: Werner Koch <[email protected]>
* gpg: Report STATUS_NO_SECKEY when it is examined.NIIBE Yutaka2019-01-163-15/+19
| | | | | | | | | | | | | | * g10/packet.h (struct pubkey_enc_list): Add result. * g10/mainproc.c (proc_pubkey_enc): Initialize ->result. (proc_encrypted): Report STATUS_NO_SECKEY status. * g10/pubkey-enc.c (get_session_key): Set ->result. -- This change is for GPGME compatibility. Before this change, gpgme/tests/json/t-json failed with t-decrypt-verify. Signed-off-by: NIIBE Yutaka <[email protected]>
* card: Suppress error message by agent_scd_cardlist.NIIBE Yutaka2018-12-121-1/+1
| | | | | | | * g10/call-agent.c (agent_scd_cardlist): Add FLAG_FOR_CARD_SUPPRESS_ERRORS. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: In search-keys return "Not found" instead of "No Data".Werner Koch2018-12-111-1/+3
| | | | | | | | * g10/keyserver.c (keyserver_search): Check for NO_DATA. -- GnuPG-bug-id: 3830 Signed-off-by: Werner Koch <[email protected]>
* g10: Fix print_pubkey_info new line output.NIIBE Yutaka2018-12-051-1/+1
| | | | | | | | | | | | | | * g10/keylist.c (print_pubkey_info): Reverse the condition. -- This mistakes were introduced when replacing by estream. It resulted 'gpg --card-status' from a process with no controlling terminal fails. Fixes-commit: fb2ba98963beea249474f5d6d7345cf9b4b7f570 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Prepare revocation keys for use with v5 keys.Werner Koch2018-12-0410-40/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/packet.h (struct revocation_key): Add field 'fprlen'. * g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5 keys. Also fix reading of unitialized data at place where MAX_FINGERPRINT_LEN is used. * g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen. Do an explicit compare to avoid reading unitialized data. * g10/sig-check.c (check_revocation_keys): Use the fprlen. * g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid reading unitialized data. * g10/import.c (revocation_present): Use fprlen. * g10/keyedit.c (show_key_with_all_names): Use fprlen. (menu_addrevoker): Use fprlen. Allow for v5 keys. * g10/keygen.c (keygen_add_revkey): Use fprlen. (parse_revocation_key): Allow for v5 keys. * g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys. Print a better error message in case of bogus fingerprints. * g10/keylist.c (print_revokers): Use fprlen. -- The reading of uninitialized data is harmless but we better fix it to make valgrind happy. More serious was that we always passed MAX_FINGERPRINT_LEN but we will need to support 20 and 32 octet fingerprints and MAX_FINGERPRINT_LEN would be too large for a v4. Signed-off-by: Werner Koch <[email protected]>
* gpg: New list-option "show-only-fpr-mbox".Werner Koch2018-12-043-1/+61
| | | | | | | | | | | * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox". * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New. * g10/keylist.c (list_keyblock_simple): New. (list_keyblock): Call it. (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX mode. Signed-off-by: Werner Koch <[email protected]>
* g10/mainproc: disable hash contexts when --skip-verify is usedJussi Kivilinna2018-12-011-3/+8
| | | | | | | | * g10/mainproc.c (proc_plaintext): Do not enable hash contexts when opt.skip_verify is set. -- Signed-off-by: Jussi Kivilinna <[email protected]>
* gpg: Improve error message about failed keygrip computation.Werner Koch2018-11-301-1/+6
| | | | | | * g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure. Signed-off-by: Werner Koch <[email protected]>
* doc: Clarify use of clear and nodefault in the AKL.Werner Koch2018-11-211-1/+1
| | | | --
* gpg: Start using OCB mode by default with Libgcrypt 1.9.Werner Koch2018-11-161-1/+3
| | | | | | | | * g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition. -- GnuPG-bug-id: 4259 Signed-off-by: Werner Koch <[email protected]>
* card: Display UIF setting.NIIBE Yutaka2018-11-153-1/+24
| | | | | | | | * g10/call-agent.h (agent_card_info_s): Add UIF fields. * g10/call-agent.c (learn_status_cb): Put UIF DOs info. * g10/card-util.c (current_card_status): Output for UIF. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Make "learn" report about KDF data object.NIIBE Yutaka2018-11-151-0/+4
| | | | | | | * scd/app-openpgp.c (do_learn_status): Report KDF attr. * g10/card-util.c (current_card_status): Output KDF for with_colons. Signed-off-by: NIIBE Yutaka <[email protected]>
* card: Display if KDF is enabled or not.NIIBE Yutaka2018-11-153-2/+12
| | | | | | | | * g10/call-agent.h (kdf_do_enabled): New field. * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available. * g10/card-util.c (current_card_status): Inform the availability. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Prepare for parsing mail sub-addresses.Werner Koch2018-11-129-9/+10
| | | | | | | | | | | | | | | | | | | | | | | | | * common/mbox-util.c (mailbox_from_userid): Add arg subaddress and implement. Change all callers to pass false for it. * common/t-mbox-util.c (run_mbox_no_sub_test): New. (run_filter): Add arg no_sub. (main): Call new test and add option --no-sub. -- Some stats: In the about 5300000 keys on the SKS servers we found 3055 unique mailboxes with a '+' in it. After removing leading and trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz") 2697 were left which seem to be valid sub-addresses. To filter mailboxes out from a line delimited list with user-ids (e.g. an SQL output), the command t-mbox-util --verbose --filter can be used; to output w/o sub-addresses add --no-sub. GnuPG-bug-id: 4200 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix format string in gpgcompose.cWerner Koch2018-11-111-1/+1
| | | | | | | | | -- For size_t use "%zu" For ssize_t use "%zd" Signed-off-by: Werner Koch <[email protected]>
* g10/mainproc: avoid extra hash contexts when decrypting AEAD inputJussi Kivilinna2018-11-091-2/+21
| | | | | | | | | | | | | * g10/mainproc.c (mainproc_context): New member 'seen_pkt_encrypted_aead'. (release_list): Clear 'seen_pkt_encrypted_aead'. (proc_encrypted): Set 'seen_pkt_encrypted_aead'. (have_seen_pkt_encrypted_aead): New. (proc_plaintext): Do not enable extra hash contexts when decryption AEAD input. -- Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/armor: optimize radix64 to binary conversionJussi Kivilinna2018-11-081-25/+141
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/armor.c (asctobin): Larger look-up table for fast path. (initialize): Update 'asctobin' initialization. (radix64_read): Add fast path for radix64 to binary conversion. -- This patch adds fast path for radix64 to binary conversion in armored decryption. Benchmark results below, tested on Intel Core i7-4790K (turbo off). Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt ramfs file out through pipe to /dev/null. before patch-set ---------------- gpg process armor: user time pipe transfer rate encrypt-aead: 13.8 140 MB/s decrypt-aead: 30.6 68 MB/s encrypt-cfb: 17.4 114 MB/s decrypt-cfb: 32.6 64 MB/s after (decrypt+iobuf+crc+radix64 opt) ------------------------------------- gpg process armor: user time pipe transfer rate decrypt-aead: 9.8 200 MB/s decrypt-cfb: 11.9 168 MB/s Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/armor: optimize binary to radix64 conversionJussi Kivilinna2018-11-081-36/+126
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/armor.c (bintoasc): Change to read-only. (initialize): Use const pointer for 'bintoasc'. (armor_output_buf_as_radix64): New function for faster binary to radix64 conversion. (armor_filter): Use new conversion function. -- This patch adds faster binary to radix64 conversion to speed up armored encryption. Benchmark results below, tested on Intel Core i7-4790K (turbo off). Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt ramfs file out through pipe to /dev/null. before patch-set ---------------- gpg process armor: user time pipe transfer rate encrypt-aead: 13.8 140 MB/s decrypt-aead: 30.6 68 MB/s encrypt-cfb: 17.4 114 MB/s decrypt-cfb: 32.6 64 MB/s after (decrypt+iobuf+crc+radix64 opt) ------------------------------------- gpg process armor: user time pipe transfer rate encrypt-aead: 2.7 523 MB/s encrypt-cfb: 6.7 264 MB/s Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/armor: use libgcrypt's CRC24 implementationJussi Kivilinna2018-11-082-48/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/armor.c (CRCINIT, CRCPOLY, CRCUPDATE, crc_table): Remove. (new_armor_context): Open libgcrypt CRC24 context. (release_armor_context): Close CRC24 context. (initialize): Remove CRC table generation. (get_afx_crc): New. (check_input, fake_packet, radix64_read, armor_filter): Update to use CRC24 context. * g10/filter.h (armor_filter_context_t): Replace crc intermediate value with libgcrypt md context pointer. -- This patch changes armor filter to use optimized CRC24 implementation from libgcrypt to speed up encryption and decryption. Benchmark results below, tested on Intel Core i7-4790K (turbo off). Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt ramfs file out through pipe to /dev/null. before patch-set ---------------- gpg process armor: user time pipe transfer rate encrypt-aead: 13.8 140 MB/s decrypt-aead: 30.6 68 MB/s encrypt-cfb: 17.4 114 MB/s decrypt-cfb: 32.6 64 MB/s after (decrypt+iobuf+crc opt) ----------------------------- gpg process armor: user time pipe transfer rate encrypt-aead: 8.7 211 MB/s decrypt-aead: 17.6 116 MB/s encrypt-cfb: 12.6 153 MB/s decrypt-cfb: 19.6 105 MB/s Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/armor: remove unused unarmor_pump codeJussi Kivilinna2018-11-082-223/+0
| | | | | | | | | | * g10/armor.c (unarmor_state_e, unarmor_pump_s, unarmor_pump_new) (unarmor_pump_release, unarmor_pump): Remove. * g10/filter.h (UnarmorPump, unarmor_pump_new, unarmor_pump_release) (unarmor_pump): Remove. -- Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/armor: fix eof checks in radix64_readJussi Kivilinna2018-11-081-3/+3
| | | | | | | | * g10/armor.c (radix64_read): Check EOF with '!afx->buffer_len' instead of 'c == -1', as 'c' is never set to this value. -- Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/decrypt-data: use iobuf_read for higher performanceJussi Kivilinna2018-11-081-8/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/decrypt-data.c (fill_buffer): Use iobuf_read instead of iobuf_get for reading data. -- This patch reduces iobuf_read per byte processing overhead and speeds up decryption. Benchmark results below, tested on Intel Core i7-4790K (turbo off). Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt ramfs file out through pipe to /dev/null. before patch-set ---------------- gpg process no-armor: user time pipe transfer rate encrypt-aead: 1.02 1.0 GB/s decrypt-aead: 10.8 185 MB/s encrypt-cfb: 4.8 342 MB/s decrypt-cfb: 12.7 157 MB/s gpg process armor: user time pipe transfer rate encrypt-aead: 13.8 140 MB/s decrypt-aead: 30.6 68 MB/s encrypt-cfb: 17.4 114 MB/s decrypt-cfb: 32.6 64 MB/s after (decrypt opt) ------------------- gpg process no-armor: user time pipe transfer rate decrypt-aead: 7.3 263 MB/s decrypt-cfb: 9.3 211 MB/s gpg process armor: user time pipe transfer rate decrypt-aead: 27.0 77 MB/s decrypt-cfb: 29.0 72 MB/s Note: decryption results are much slower than encryption because of extra SHA1 & RIPEMD160 hashing. GnuPG-bug-id: 3786 Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/decrypt-data: use fill_buffer in more placesJussi Kivilinna2018-11-081-77/+5
| | | | | | | | * g10/decrypt-data.c (mdc_decode_filter, decode_filter): Use fill_buffer. -- Signed-off-by: Jussi Kivilinna <[email protected]>
* gpgcompose: Fix --sk-esk.NIIBE Yutaka2018-11-081-3/+14
| | | | | | | | | | * g10/gpgcompose.c (sk_esk): Copy the result content correctly. Don't forget to free the result. -- Fixes-commit: 0131d4369a81a51bf7bb328cc81a3bb082ed1a94 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix log_debug formatting.NIIBE Yutaka2018-11-082-4/+4
| | | | | | | | * g10/cipher-aead.c (do_flush): No cast is correct. * g10/decrypt-data.c (aead_underflow): No cast needed. Use "%j" for uint64_t for chunklen. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix print_keygrip for smartcard.NIIBE Yutaka2018-11-061-1/+1
| | | | | | | | | * g10/card-util.c (print_keygrip): Use tty_fprintf. -- Reported-by: Joey Pabalinas <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* all: fix more spelling errorsDaniel Kahn Gillmor2018-10-251-1/+1
|
* headers: fix spellingDaniel Kahn Gillmor2018-10-252-2/+2
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* g10,scd: Improve UIF support.NIIBE Yutaka2018-10-253-0/+24
| | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse "bt" flag. * g10/call-agent.h: New member field "bt". * g10/card-util.c (uif): Limit its access only when it is supported. * scd/app-openpgp.c (do_setattr): Allow access to UIF objects only when there is a button. Signed-off-by: NIIBE Yutaka <[email protected]>
* all: fix spelling and typosDaniel Kahn Gillmor2018-10-2420-30/+30
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Unfinished support for v5 signatures.Werner Koch2018-10-244-40/+54
| | | | | | | | | | | | * g10/parse-packet.c (parse_signature): Allow for v5 signatures. * g10/sig-check.c (check_signature_end_simple): Support the 64bit v5 byte count. * g10/sign.c (hash_sigversion_to_magic): Ditto. (write_signature_packets): Request v5 sig for v5 keys. Remove useless condition. (make_keysig_packet): Request v5 sig for v5 keys. Signed-off-by: Werner Koch <[email protected]>
* indent: Modernize g10/sign.cWerner Koch2018-10-241-791/+829
| | | | --
* gpg: Don't take the a TOFU trust model from the trustdb,Werner Koch2018-10-101-4/+25
| | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. (create_version_record): Don't init as TOFU. (tdbio_db_matches_options): Don't indicate a change in case TOFU is stored in an old trustdb file. -- This change allows to switch between a tofu and pgp or tofu+pgp trust model without an auto rebuild of the trustdb. This also requires that the tofu trust model is requested on the command line. If TOFU will ever be the default we need to tweak the model detection via TM_AUTO by also looking into the TOFU data base, GnuPG-bug-id: 4134
* gpg: Fix extra check for sign usage of a data signature.Werner Koch2018-10-081-1/+2
| | | | | | | | | | | * g10/sig-check.c (check_signature_end_simple): -- Obviously we should not ignore a back signature here. Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5 GnuPG-bug-id: 4014 Signed-off-by: Werner Koch <[email protected]>
* gpg: Make --skip-hidden-recipients work again.Werner Koch2018-10-081-0/+13
| | | | | | | | | | | * g10/pubkey-enc.c (get_session_key): Take care of opt.skip_hidden_recipients. -- This was lost due to Fixes-commit: ce2f71760155b71a71418fe145a557c99bd52290 GnuPG-bug-id: 4169 Signed-off-by: Werner Koch <[email protected]>
* gpg: Add new card vendorWerner Koch2018-10-041-0/+1
| | | | --
* gpg: New options import-drop-uids and export-drop-uids.Werner Koch2018-10-024-9/+84
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_DROP_UIDS): New. (EXPORT_DROP_UIDS): New. * g10/import.c (parse_import_options): Add option "import-drop-uids". (import_one): Don't bail out with that options and no uids found. Also remove all uids. (remove_all_uids): New. * g10/export.c (parse_export_options): Add option "export-drop-uids". (do_export_one_keyblock): Implement option. -- These options are required for experiments with changes to the keyserver infrastructure. Signed-off-by: Werner Koch <[email protected]>
* g10,scd: Support UIF changing command.NIIBE Yutaka2018-09-271-2/+33
| | | | | | | | | | | | | * g10/card-util.c (uif, cmdUIF): New. (card_edit): Add call to uif by cmdUIF. * scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3. (do_setattr): Likewise. (do_learn_status): Learn UIF-1, UIF-2, and UIF-3. -- GnuPG-bug-id: 4158 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix memory leak for --card-status.NIIBE Yutaka2018-09-181-4/+3
| | | | | | * g10/card-util.c (card_status): Release memory of serial number. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix another memory leak.NIIBE Yutaka2018-09-131-4/+3
| | | | | | | | | | | | * g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t. -- The use of pubkey_t was wrong. The use is just a list of keys, not with keyblock. With SK_LIST, release_sk_list releases memory by free_public_key. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix memory leak (more).NIIBE Yutaka2018-09-131-5/+9
| | | | | | | | * g10/skclist.c (enum_secret_keys): Free SERIALNO on update. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix memory leak in enum_secret_keys.NIIBE Yutaka2018-09-131-2/+10
| | | | | | | | | | | * g10/skclist.c (enum_secret_keys): Don't forget to call free_public_key in the error return paths. -- Reported-by: Philippe Antoine GnuPG-bug-id: 4140 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Emit SOURCE status also on NO_DATA.Werner Koch2018-09-071-3/+10
| | | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on NO DATA error. (ks_hkp_get): Ditto. * g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info also on error. (gpg_dirmngr_ks_get): Ditto. -- If a keyserver does not return any data it can be useful to know which keyserver out of the pool answered. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix memory leak.NIIBE Yutaka2018-09-071-0/+2
| | | | | | | | | | * g10/import.c (read_block): Call free_packet to skip the packet. -- Reported-by: Philippe Antoine GnuPG-bug-id: 3916 Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix use of strncpy, which is actually good to use memcpy.NIIBE Yutaka2018-09-061-1/+1
| | | | | | | * common/ssh-utils.c (get_fingerprint): Use memcpy. * g10/build-packet.c (string_to_notation): Use memcpy. Signed-off-by: NIIBE Yutaka <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 21:39:08 +0000