| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/crlfetch.c (fetch_cert_by_url): Use es_free.
* g10/revoke.c (gen_standard_revoke): Likewise.
* g10/tofu.c (ask_about_binding): Likewise.
* scd/command.c (cmd_readkey): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* tools/gpg-wks-client.c (command_create): Likewise.
* tools/call-dirmngr.c (wkd_get_policy_flags): Clean up no use of
BUFFER.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_menu): Factor some code out ...
(maybe_upload_key): New.
(keyedit_quick_adduid): Call it here.
(keyedit_quick_revuid): Ditto.
(keyedit_quick_set_primary): Ditto.
(keyedit_quick_update_pref): Ditto.
(keyedit_quick_sign): Ditto.
(keyedit_quick_revsig): Ditto.
(keyedit_quick_addkey): Ditto.
(keyedit_quick_addadsk): Ditto.
(keyedit_quick_set_expire): Ditto.
--
This should be the final part of
GnuPG-bug-id: 7333
|
| |
|
|
|
|
| |
* g10/gpg.c (oNoAutoKeyUpload): New.
(opts): Add "no-auto-key-upload".
(main): Clear the flag.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_menu): Add an upload flag and set it as
needed. On save upload to the keyserver.
--
That is the second part of
GnuPG-bug-id: 7333
and the next part will be to implement this for the quick commands.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (opt.flags): Add member auto_key_upload.
(EXPORT_NO_STATUS): New.
(KEYSERVER_LDAP_ONLY): New.
(KEYSERVER_WARN_ONLY): New.
* g10/gpg.c (oAutoKeyUpload): New.
(opts): New option --auto-key-upload.
(main): Set option.
* g10/keyserver.c (keyserver_export_pubkey): New.
(keyserver_put): Take care of the WARN_ONLY and LDAP_ONLY options.
Delay printing of the EXPORTED status.
* g10/keygen.c (do_generate_keypair): Export new key if option is set.
* g10/export.c (do_export_one_keyblock): Take care of the NO_STATUS
option.
(print_status_exported): Move function to ...
* g10/cpr.c (write_status_warning): here and make public.
--
This change also fixes a bug with --send-key which used to emit an
EXPORTED line before actually sending the key to the dirmngr. Thus if
the upload failed a EXPORTED status has already been emitted.
GnuPG-bug-id: 7333
This is the first part which handles the new key case. We also need
to implement an upload after key modifications.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (append_adsk_to_key): Add arg sigtimestamp and pass
that as signing time to make_keysig_packet.
* g10/keygen.c (append_all_default_adsks): Likewise.
(do_generate_keypair): Likewise.
--
For not anymore known reasons or maybe because I mixed up creation and
binding time the creation date of the ADSK was also used as the time
for the key binding signature. This works but is a bit surprising.
Now we use either the current time or, on key creation, the time
creation time of the primary key as we also do with the other
self-signatures.
GnuPG-bug-id: 6882
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (append_adsk_to_key): Add arg cache_nonce and pass on
to make_keysig_packet.
* g10/keygen.c (do_generate_keypair): Pass cache_nonce to
append_adsk_to_key.
--
GnuPG-bug-id: 7491
|
| |
|
|
|
|
|
| |
* g10/keygen.c (generate_subkeypair): Ask for Kyber variant.
--
GnuPG-bug-id: 7792
|
| |
|
|
|
|
|
| |
* g10/keygen.c (ask_algo): Do not show algo 16 in addmode.
--
GnuPG-bug-id: 7788
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (map_supervised_sockets): Fix spelling of
--deprecated-supervised.
* g10/gpg.c (main): Fix spelling of --quick-set-expire.
* scd/command.c (hlp_checkpin): Fix spelling of modifying.
* g10/decrypt.c (decrypt_message): Fix spelling of mutually.
--
Signed-off-by: Collin Funk <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/pkglue.c (do_encrypt_kem): Length of shared secret is the hash
length in this case, not the scalar length.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
| |
* g10/misc.c (parse_options): Also allow option "fullhelp". Print
current status of the option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (KEYSERVER_UPDATE_BEFORE_SEND): New.
* g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_SILENT): New.
(KEYSERVER_IMPORT_FLAG_ONLYFPR): New.
(KEYSERVER_IMPORT_FLAG_UPDSEND): New.
* g10/gpg.c (main): Set default keyserver_options to
update-before-send.
* g10/keyserver.c (keyserver_opts): Add option "update-before-send".
(keyserver_export): Add optional arg assume_new_key.
(keyserver_import): Add arg flags. Act upon the new
KEYSERVER_IMPORT_FLAG_xxx values and pass flags on.
(keyserver_get_chunk): Ditto.
(keyserver_put): Add optional arg assume_new_key. Implement
update-before-send feature.
* g10/import.c (import_one_real): Take care of IMPORT_MERGE_ONLY when
passes in the option arg. Required for the update-before-send
feature.
--
This featureis enabled by default bu can be disabled using
--keyserver-flags no-update-before-send .
GnuPG-bug-id: 7730
|
| |
|
|
|
|
|
|
| |
* g10/sign.c (mk_notation_policy_etc): Do not free ndmanu if not used.
--
GnuPG-bug-id: 7754
Fixes-commit: 11d3a83b04786c74fdbbbcdc99074c75666bd722
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-action.c (ks_action_del): Change some variable names and
comments.
* dirmngr/ks-engine-ldap.c (ks_ldap_del): Implement.
--
GnuPG-bug-id: 5447
Tested using OpenLDAP on Linux and with an LDS and AD on Windows.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (print_matching_notations): New.
* g10/mainproc.c (check_sig_and_print): Call this.
* g10/options.h (opt): Add field print_notations.
* g10/gpgv.c (oPrintNotation): New.
(opts): Add "print-notation".
(main): Implement.
--
I had the code floating around but can't remember what triggered me to
write this. But it might eventually be useful, so better apply it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compliance.c (gnupg_manu_notation_value): New.
* g10/build-packet.c (name_value_to_notation): New.
* g10/options.h (COMPAT_NO_MANU): New.
(LIST_SHOW_HIDDEN_NOTATIONS): New.
(VERIFY_SHOW_HIDDEN_NOTATIONS): New.
* g10/gpg.c (compatibility_flags): Add "no-manu".
(parse_list_options): Add "show-hidden-notations".
(main): Ditto for verify-options.
* g10/import.c (list_standalone_revocation): Implement new list option.
* g10/mainproc.c (check_sig_and_print):Ditto
* g10/keyedit.c (keyedit_print_one_sig): Ditto.
* g10/keylist.c (list_signature_print): Ditto.
(show_notation): Handle hidden notation.
* sm/keylist.c (oidtranstbl): Add OID for manu.
* g10/sign.c (mk_notation_policy_etc): Add arg with_manu and insert
extra notation.
(write_signature_packets): Request manu notation in certain cases.
(make_keysig_packet): Ditto.
--
See DETAILS for a description of the format. Obviously this leaks the
version of the used GnuPG version (major and minor only) and the fact
that it was generated by GnuPG. However, by close inspection of the
order of packets and and other meta data similar information can be
found. We include this information to help the support desk to figure
out problems. Sometimes users have very very old versions and the
help desk needs to employ core developers to figure the cause. Having
this information may eventually allow for better user support. This
feature can be disabled unless certain compliance modes are enabled.
|
| |
|
|
|
|
|
|
| |
* g10/sign.c (make_keysig_packet): Use signature class constants.
--
Having macros for the signature classes should make the code easier
to understand for newbies.
|
| |
|
|
|
| |
* g10/packet.h (SIGCLASS_): New constants.
* g10/keydb.h (IS_SUBKEY_SIG): Use them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/card-util.c (do_change_keyattr): Replace gcry_pk_algo_name by
openpgp_pk_algo_name.
* g10/keyedit.c (show_key_with_all_names): Ditto.
--
For RSA and and DSA the Libgcrypt and the OpenPGP identifiers are the
same. But for ECC they are different and thus we need to use the
respective function to avoid printing a ? for example EdDSA designated
revocation keys.
Updates-commit: b7f8dec6325f1c80640f878ed3080bbc194fbc78
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/pkglue.c (do_encrypt_kem): From ECC_OID, determine the CURVE by
openpgp_oid_to_curve, and then use gnupg_get_ecc_params to get ECC
parameters.
(do_encrypt_ecdh): Likewise.
--
GnuPG-bug-id: 7698
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (struct gnupg_ecc_params, gnupg_get_ecc_params): New.
(ECC_SCALAR_LEN_MAX, ECC_POINT_LEN_MAX, ECC_HASH_LEN_MAX): New.
* agent/pkdecrypt.c (ecc_extract_pk_from_key, ecc_extract_sk_from_key):
Follow the change of gnupg_get_ecc_params.
(ecc_raw_kem, ecc_pgp_kem_decap, composite_pgp_kem_decrypt): Likewise.
(ecc_kem_decrypt): Likewise.
(get_ecc_params): Move to...
* common/kem.c (gnupg_get_ecc_params): ... here
* g10/pkglue.c (ECC_POINT_LEN_MAX, ECC_HASH_LEN_MAX): Remove duplicates.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_curve): Add a curve aparemter to no list a curbe in
the menu.
--
This is non-standard curve and thus has severe interop problems. To
avoid accidental selection of this curve, it may now only be given by
its name.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (get_revocation_reason): Fix setting of r_reason.
--
Note that gpgme has not yet support for parsing the revocation reason.
Due to the split of gpgme it was not tested with gpgmeqt which has its
own parser in its regression tests which kicked it when building
debian packages.
GnuPG-bug-id: 7083
Fixes-commit: 3f825b044b2f1db8773f27a96034c925177fe9f0
|
| |
|
|
|
|
|
|
| |
* g10/keylist.c (list_keyblock_colon): Print the revocation reasons in
the pub record's comment field.
--
GnuPG-bug-id: 7083
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/packet.h (struct revoke_info): Extend to carry the recocation
reason.
* g10/getkey.c (sig_to_revoke_info): Extend to strore the reason.
(merge_selfsigs): Extend to also store the reason in the public key.
* g10/keylist.c (list_signature_print): Factor some code out to ...
(print_revocation_reason_comment): new function.
(print_revocation_reason): New.
(print_key_line): Call new function to print the reason.
* g10/import.c (get_revocation_reason): Use
print_revocation_reason_comment and factor some code out to ...
(revocation_reason_code_to_str): new function.
* g10/gpgv.c (revocation_reason_code_to_str): Add stub.
* g10/test-stubs.c (revocation_reason_code_to_str): Ditto.
--
With this change the revocation reason of a revoked key (but not for a
revoked uid or subkey) is now displayed in "gpg -k" listing right
below the primary key fingerprint. Before that "gpg --checks-sigs"
was required to do show this info.
GnuPG-bug-id: 7083
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/Makefile.am (AM_CPPFLAGS): Add -DREGEXP_PREFIX=gnupg_
* regexp/Makefile.am (AM_CPPFLAGS): Likewise.
* regexp/jimregexp.h (ADD_PREFIX): New.
(regcomp, regexec, regerror, regfree): Use ADD_PREFIX.
--
GnuPG-bug-id: 7668
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/keyedit.c (sign_uids): Add a case for this.
--
GnuPG-bug-id: 7663
|
| |
|
|
|
|
|
|
|
|
| |
* g10/pkglue.c (ECC_POINT_LEN_MAX): NIST P-521 is large.
--
GnuPG-bug-id: 7664
Reported-by: Collin Funk
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (gnupg_ecc_kem_kdf): Change the last two args.
* common/kem.c (gnupg_ecc_kem_kdf): The last arguments are KDF_PARAMS
and its length.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Follow the change.
* g10/pkglue.c (do_encrypt_kem): Follow the change.
* g10/ecdh.c (extract_secret_x, derive_kek): Remove.
(gnupg_ecc_6637_kdf): Remove.
(ecc_build_kdf_params): Rename from build_kdf_params, changing
arguments.
* g10/pkglue.c (do_encrypt_ecdh): Refactor by ecc_build_kdf_params and
gnupg_ecc_kem_kdf.
* g10/pkglue.h (pk_ecdh_decrypt, gnupg_ecc_6637_kdf): Remove.
(ecc_build_kdf_params): New.
* g10/pubkey-enc.c (ecdh_sexp_build): Use ecc_build_kdf_params.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (agent_pkdecrypt): Use --kem=PGP for
PUBKEY_ALGO_ECDH.
* g10/pubkey-enc.c (ecdh_sexp_build): New.
(get_it): Use ecdh_sexp_build for PUBKEY_ALGO_ECDH. And don't use
pk_ecdh_decrypt since it's done by agent.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/kem.c (gnupg_ecc_kem_kdf): Support traditional KDF of RFC
6637.
* common/util.h (gnupg_ecc_kem_kdf): Add FIXED_INFO argument.
* g10/pkglue.c (do_encrypt_kem): Follow the change.
* agent/pkdecrypt.c (ecc_pgp_kem_decap): Return ECC parameters.
(composite_pgp_kem_decrypt): Follow the changes.
(ecc_kem_decrypt): New.
(agent_kem_decrypt): Support ECC KEM.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/ecdh.c (gnupg_ecc_6637_kdf): New.
(pk_ecdh_encrypt_with_shared_point, gen_k): Remove.
(pk_ecdh_generate_ephemeral_key): Remove.
* g10/pkglue.c (get_data_from_sexp): Remove.
(do_encrypt_ecdh): Use gcry_kem_encap of the KEM API,
gnupg_ecc_6637_kdf, and AESWRAP.
* g10/pkglue.h (gnupg_ecc_6637_kdf): New.
(pk_ecdh_encrypt_with_shared_point): Remove.
(pk_ecdh_generate_ephemeral_key, pk_ecdh_encrypt): Remove.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
* g10/export.c (do_export): Remove zfx.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_block): Bail out on compressed packets.
* g10/options.h (COMPAT_COMPR_KEYS): New.
* g10/gpg.c (compatibility_flags): Add "compr-keys".
* common/util.h: Remove replacement code not any longer needed.
(GPG_ERR_UNEXPECTED_PACKET): Add a new replacement code.
--
Compressed key packets do not make much sense but historically they
were supported. Thus we also add a compatibility flag.
GnuPG-bug-id: 7014
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (list_keyblock_simple): Take care of
show-unusable-uids.
--
This allows to upload revoked keys to a WKD.
Suggested-by: Uwe Kleine-König
|
| |
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (merge_selfsigs_main): Do not mask out the group bit.
(merge_selfsigs_subkey): Ditto/
* g10/keygen.c (ask_key_flags_with_mask): Ditto.
(proc_parameter_file): Ditto.
--
Updates-commit: 0988e49c45d0fb73d0b536aa027bd114f9dc65a7
|
| |
|
|
|
|
| |
--
Added Alexander. Removed Andre.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_pubkey_for_sig): Keep a requested
PUBKEY_USAGE_CERT.
(finish_lookup): For correctness in future use cases allow
PUBKEY_USAGE_CERT to also trigger verify mode.
--
The case here was that a cert-only primary key was removed with
export-clean.
GnuPG-bug-id: 7583
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c: Include recsel.h.
(debug_flags): New flag "recsel".
(set_debug): Set it.
* g10/options.h (DBG_RECSEL_VALUE, DBG_RECSEL): New.
* g10/import.c (impex_filter_getval): Add debug diagnostics.
* g10/keylist.c (parse_and_set_list_filter): Dump the record filter.
* common/recsel.c (recsel_debug): New variable.
(recsel_set_debug): New function.
(recsel_select): Add debug output if requested.
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (aQuickTSignKey): New.
(opts): Add new command.
(main): Parse args for it.
* g10/keyedit.c: Include mbox-util.h.
(parse_trustsig_string): New.
(sign_uids): Add arg trustsig for use in quick mode.
(keyedit_quick_sign): Also add arg trustsig and print a diagnostic on
error.
|
| |
|
|
|
|
|
|
|
| |
* g10/keyedit.c (SIGN_UIDS_LOCAL): New.
(SIGN_UIDS_NONREVOCABLE): New.
(SIGN_UIDS_TRUSTSIG): New.
(SIGN_UIDS_INTERACTIVE): New.
(SIGN_UIDS_QUICK): New.
(sign_uids): Replace several boolean args by flags arg.
|
| |
|
|
|
|
|
| |
* g10/options.h (LIST_SHOW_TRUSTSIG): New.
* g10/gpg.c (parse_list_options): Add "show-trustsig".
* g10/keylist.c (parse_trust_name): New.
(list_signature_print): Print trust signature info.
|
| |
|
|
| |
* g10/keygen.c (read_parameter_file): Add keyword "User-Id".
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
* g10/sig-check.c (check_signature_over_key_or_uid): Do not free in
no-sig-cache mode if allocated by caller.
--
GnuPG-bug-id: 7547
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/packet.h (PUBKEY_USAGE_VERIFY): New.
* g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested
usage.
(finish_lookup): Introduce a verify_mode.
--
Fixes-commit: 48978ccb4e20866472ef18436a32744350a65158
GnuPG-bug-id: 7547
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_pubkey): Factor code out to ...
(get_pubkey_bykid): new. Add feature to return the keyblock.
(get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock.
Request a signing usage.
(get_pubkeyblock_for_sig): Remove.
(finish_lookup): Improve debug output.
* g10/sig-check.c (check_signature): Add arg r_keyblock and pass it
down.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Use the keyblock returned by do_check_sig to
show further information instead of looking it up again with
get_pubkeyblock_for_sig. Also re-check the signature after the import
of an included keyblock.
--
The problem here is that it is possible to import a key from someone
who added a signature subkey from another public key and thus inhibits
that a good signature good be verified.
Such a malicious key signature subkey must have been created w/o the
mandatory backsig which bind a signature subkey to its primary key.
For encryption subkeys this is not an issue because the existence of a
decryption private key is all you need to decrypt something and then
it does not matter if the public subkey or its binding signature has
been put below another primary key; in fact we do the latter for
ADSKs.
GnuPG-bug-id: 7527
|
