aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* g10/armor: fix eof checks in radix64_readJussi Kivilinna2018-11-081-3/+3
| | | | | | | | * g10/armor.c (radix64_read): Check EOF with '!afx->buffer_len' instead of 'c == -1', as 'c' is never set to this value. -- Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/decrypt-data: use iobuf_read for higher performanceJussi Kivilinna2018-11-081-8/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/decrypt-data.c (fill_buffer): Use iobuf_read instead of iobuf_get for reading data. -- This patch reduces iobuf_read per byte processing overhead and speeds up decryption. Benchmark results below, tested on Intel Core i7-4790K (turbo off). Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt ramfs file out through pipe to /dev/null. before patch-set ---------------- gpg process no-armor: user time pipe transfer rate encrypt-aead: 1.02 1.0 GB/s decrypt-aead: 10.8 185 MB/s encrypt-cfb: 4.8 342 MB/s decrypt-cfb: 12.7 157 MB/s gpg process armor: user time pipe transfer rate encrypt-aead: 13.8 140 MB/s decrypt-aead: 30.6 68 MB/s encrypt-cfb: 17.4 114 MB/s decrypt-cfb: 32.6 64 MB/s after (decrypt opt) ------------------- gpg process no-armor: user time pipe transfer rate decrypt-aead: 7.3 263 MB/s decrypt-cfb: 9.3 211 MB/s gpg process armor: user time pipe transfer rate decrypt-aead: 27.0 77 MB/s decrypt-cfb: 29.0 72 MB/s Note: decryption results are much slower than encryption because of extra SHA1 & RIPEMD160 hashing. GnuPG-bug-id: 3786 Signed-off-by: Jussi Kivilinna <[email protected]>
* g10/decrypt-data: use fill_buffer in more placesJussi Kivilinna2018-11-081-77/+5
| | | | | | | | * g10/decrypt-data.c (mdc_decode_filter, decode_filter): Use fill_buffer. -- Signed-off-by: Jussi Kivilinna <[email protected]>
* gpgcompose: Fix --sk-esk.NIIBE Yutaka2018-11-081-3/+14
| | | | | | | | | | * g10/gpgcompose.c (sk_esk): Copy the result content correctly. Don't forget to free the result. -- Fixes-commit: 0131d4369a81a51bf7bb328cc81a3bb082ed1a94 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix log_debug formatting.NIIBE Yutaka2018-11-082-4/+4
| | | | | | | | * g10/cipher-aead.c (do_flush): No cast is correct. * g10/decrypt-data.c (aead_underflow): No cast needed. Use "%j" for uint64_t for chunklen. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix print_keygrip for smartcard.NIIBE Yutaka2018-11-061-1/+1
| | | | | | | | | * g10/card-util.c (print_keygrip): Use tty_fprintf. -- Reported-by: Joey Pabalinas <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* all: fix more spelling errorsDaniel Kahn Gillmor2018-10-251-1/+1
|
* headers: fix spellingDaniel Kahn Gillmor2018-10-252-2/+2
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* g10,scd: Improve UIF support.NIIBE Yutaka2018-10-253-0/+24
| | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse "bt" flag. * g10/call-agent.h: New member field "bt". * g10/card-util.c (uif): Limit its access only when it is supported. * scd/app-openpgp.c (do_setattr): Allow access to UIF objects only when there is a button. Signed-off-by: NIIBE Yutaka <[email protected]>
* all: fix spelling and typosDaniel Kahn Gillmor2018-10-2420-30/+30
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Unfinished support for v5 signatures.Werner Koch2018-10-244-40/+54
| | | | | | | | | | | | * g10/parse-packet.c (parse_signature): Allow for v5 signatures. * g10/sig-check.c (check_signature_end_simple): Support the 64bit v5 byte count. * g10/sign.c (hash_sigversion_to_magic): Ditto. (write_signature_packets): Request v5 sig for v5 keys. Remove useless condition. (make_keysig_packet): Request v5 sig for v5 keys. Signed-off-by: Werner Koch <[email protected]>
* indent: Modernize g10/sign.cWerner Koch2018-10-241-791/+829
| | | | --
* gpg: Don't take the a TOFU trust model from the trustdb,Werner Koch2018-10-101-4/+25
| | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. (create_version_record): Don't init as TOFU. (tdbio_db_matches_options): Don't indicate a change in case TOFU is stored in an old trustdb file. -- This change allows to switch between a tofu and pgp or tofu+pgp trust model without an auto rebuild of the trustdb. This also requires that the tofu trust model is requested on the command line. If TOFU will ever be the default we need to tweak the model detection via TM_AUTO by also looking into the TOFU data base, GnuPG-bug-id: 4134
* gpg: Fix extra check for sign usage of a data signature.Werner Koch2018-10-081-1/+2
| | | | | | | | | | | * g10/sig-check.c (check_signature_end_simple): -- Obviously we should not ignore a back signature here. Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5 GnuPG-bug-id: 4014 Signed-off-by: Werner Koch <[email protected]>
* gpg: Make --skip-hidden-recipients work again.Werner Koch2018-10-081-0/+13
| | | | | | | | | | | * g10/pubkey-enc.c (get_session_key): Take care of opt.skip_hidden_recipients. -- This was lost due to Fixes-commit: ce2f71760155b71a71418fe145a557c99bd52290 GnuPG-bug-id: 4169 Signed-off-by: Werner Koch <[email protected]>
* gpg: Add new card vendorWerner Koch2018-10-041-0/+1
| | | | --
* gpg: New options import-drop-uids and export-drop-uids.Werner Koch2018-10-024-9/+84
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_DROP_UIDS): New. (EXPORT_DROP_UIDS): New. * g10/import.c (parse_import_options): Add option "import-drop-uids". (import_one): Don't bail out with that options and no uids found. Also remove all uids. (remove_all_uids): New. * g10/export.c (parse_export_options): Add option "export-drop-uids". (do_export_one_keyblock): Implement option. -- These options are required for experiments with changes to the keyserver infrastructure. Signed-off-by: Werner Koch <[email protected]>
* g10,scd: Support UIF changing command.NIIBE Yutaka2018-09-271-2/+33
| | | | | | | | | | | | | * g10/card-util.c (uif, cmdUIF): New. (card_edit): Add call to uif by cmdUIF. * scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3. (do_setattr): Likewise. (do_learn_status): Learn UIF-1, UIF-2, and UIF-3. -- GnuPG-bug-id: 4158 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix memory leak for --card-status.NIIBE Yutaka2018-09-181-4/+3
| | | | | | * g10/card-util.c (card_status): Release memory of serial number. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix another memory leak.NIIBE Yutaka2018-09-131-4/+3
| | | | | | | | | | | | * g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t. -- The use of pubkey_t was wrong. The use is just a list of keys, not with keyblock. With SK_LIST, release_sk_list releases memory by free_public_key. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix memory leak (more).NIIBE Yutaka2018-09-131-5/+9
| | | | | | | | * g10/skclist.c (enum_secret_keys): Free SERIALNO on update. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix memory leak in enum_secret_keys.NIIBE Yutaka2018-09-131-2/+10
| | | | | | | | | | | * g10/skclist.c (enum_secret_keys): Don't forget to call free_public_key in the error return paths. -- Reported-by: Philippe Antoine GnuPG-bug-id: 4140 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Emit SOURCE status also on NO_DATA.Werner Koch2018-09-071-3/+10
| | | | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on NO DATA error. (ks_hkp_get): Ditto. * g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info also on error. (gpg_dirmngr_ks_get): Ditto. -- If a keyserver does not return any data it can be useful to know which keyserver out of the pool answered. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix memory leak.NIIBE Yutaka2018-09-071-0/+2
| | | | | | | | | | * g10/import.c (read_block): Call free_packet to skip the packet. -- Reported-by: Philippe Antoine GnuPG-bug-id: 3916 Signed-off-by: NIIBE Yutaka <[email protected]>
* Fix use of strncpy, which is actually good to use memcpy.NIIBE Yutaka2018-09-061-1/+1
| | | | | | | * common/ssh-utils.c (get_fingerprint): Use memcpy. * g10/build-packet.c (string_to_notation): Use memcpy. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Explain error message in key generation with --batchWerner Koch2018-08-291-1/+3
| | | | | | | | * g10/keygen.c (generate_keypair): Show more info. -- GnuPG-bug-id: 3912 Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove unused function get_pubkeys.Werner Koch2018-08-292-274/+4
| | | | | | | | * g10/getkey.c (get_pubkeys): Remove. (pubkey_free): Remove and use code directly ... (pubkeys_free): ... here. Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --known-notation.Werner Koch2018-08-293-7/+57
| | | | | | | | | | | | | | * g10/gpg.c (oKnownNotation): New const. (opts): Add option --known-notation. (main): Set option. * g10/parse-packet.c (known_notations_list): New local var. (register_known_notation): New. (can_handle_critical_notation): Rewrite to handle the new feature. Also print the name of unknown notations in verbose mode. -- GnuPG-bug-id: 4060 Signed-off-by: Werner Koch <[email protected]>
* gpg: Refresh expired keys originating from the WKD.Werner Koch2018-08-282-17/+99
| | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (getkey_ctx_s): New field found_via_akl. (get_pubkey_byname): Set it. (only_expired_enc_subkeys): New. (get_best_pubkey_byname): Add support to refresh expired keys from the WKD. -- A little drawback of that code is that if the WKD has no update for an expired key each access of the key will trigger a WKD lookup (unless cached by the dirmngr). To avoid this we need to record the last time we have checked for an update but that would in turn require that we update the keyring for each check. We defer this until we have a better key database which allows for fast updates of meta data. Testing the code is currently a bit cumbersome because it requires to update a key in the WKD several times. Eventually we we need a network emulation layer to provide sample data for the regression tests. GnuPG-bug-id: 2917 Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove unused arg from a function.Werner Koch2018-08-284-5/+5
| | | | | | | * g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'. Change both callers. Signed-off-by: Werner Koch <[email protected]>
* gpg: Prepare for longer card fingerprints.Werner Koch2018-08-274-76/+89
| | | | | | | | | | | | | | | | | | | | | | * g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to "*len". * g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to return the actual length. (agent_release_card_info): Adjust for these changes. * g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add arg FPRLEN. Change all callers to pass the length. (print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg FPRLEN. Change all callers to pass the length. (fpr_is_zero): Add arg FPRLEN. (fpr_is_ff): Ditto. (show_card_key_info): Use the new functions. * g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN. -- This is not needed right now but we should get rid of all hard coded fingerprint lengths. Thus this change. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix enum_secret_keys for card keys.NIIBE Yutaka2018-08-271-3/+8
| | | | | | | * g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns fingerprint in binary, change it to hex string. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Prefer to available card keys for decryption.NIIBE Yutaka2018-08-271-9/+57
| | | | | | | * g10/skclist.c (enum_secret_keys): Add logic to prefer decryption keys on cards. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Move enum_secret_keys to skclist.c.NIIBE Yutaka2018-08-272-197/+198
| | | | | | | | | | | | | * g10/getkey.c (enum_secret_keys): Move to... * g10/skclist.c (enum_secret_keys): ... here. -- The function enum_secret_keys is not used by gpgv.c, but it is in getkey.c. Extending enum_secret_keys will require change of gpgv.c, so moving the function to the file for gpg is better. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix comment of enum_secret_keys.NIIBE Yutaka2018-08-271-2/+0
| | | | | | | | | * g10/getkey.c (enum_secret_keys): Fix comment for usage of enum_secret_keys, following the previous change. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Enumerated keys for decryption should be unique.NIIBE Yutaka2018-08-272-2/+25
| | | | | | | | | | | * g10/getkey.c (enum_secret_keys): Collecting keys in the context, check duplicate to make sure returning only unique keys. * g10/pubkey-enc.c (get_session_key): Now, it's the responsibility of enum_secret_keys to free keys. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Change decryption key selection for public key encryption.NIIBE Yutaka2018-08-275-179/+155
| | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (struct mainproc_context): It's now pubkey_enc_list. (do_proc_packets): Remove the first arg CTRL. Fix call of proc_pubkey_enc. (release_list): Handle pubkey_enc_list. (proc_pubkey_enc): Remove the first arg CTRL. Simply put the packet to pubkey_enc_list. (print_pkenc_list): Remove the last arg FAILED. (proc_encrypted): Only call print_pkenc_list once. Handle DEK here. (proc_packets, proc_signature_packets, proc_signature_packets_by_fd) (proc_encryption_packets): Fix call of do_proc_packets. * g10/packet.h (struct pubkey_enc_list): Define. * g10/pubkey-enc.c (get_it): Change the second argument K. (get_session_key): Select session key by LIST, using enum_secret_keys. * g10/gpgv.c (get_session_key): Change the second argument K. * g10/test-stubs.c (get_session_key): Likewise. -- Collect all PKT_PUBKEY_ENC packets, and then, process the PKT_ENCRYPTED* packet. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix undefined behavior when EOF in parsing packet for S2K.NIIBE Yutaka2018-08-101-2/+2
| | | | | | | | | | | | | | | * g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof. (parse_key): Likewise. -- When EOF comes at parsing s2k.count, it is possible the value will be (unsigned long)-1. Then, the result of S2K_DECODE_COUNT will be undefined. This patch fixes undefined behavior. Reported-by: Philippe Antoine GnuPG-bug-id: 4093 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Set a limit for a WKD import of 256 KiB.Werner Koch2018-07-271-1/+9
| | | | | | | | | | | | * g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New. (gpg_dirmngr_wkd_get): Use it. -- WKD should return only a single key with just one UID. For key rollover 2 keys may be send. A total of 256 KiB seems to be a generous limit here. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Print a WARNING status for DNS config problems.Werner Koch2018-07-251-0/+2
| | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h. (t_common_src): Add t-support.c. * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL. * dirmngr/dns-stuff.c: Include dirmngr-status.h. (libdns_init): Print WARNING status line. Change call callers to take and pass a CTRL argument. * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING status. -- To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run gpg --recv-key -v SOMETHING. Signed-off-by: Werner Koch <[email protected]>
* gpg: Use 128 MiB as default AEAD chunk size.Werner Koch2018-07-241-3/+10
| | | | | | | | | * g10/gpg.c (oDebugAllowLargeChunks): New. (opts): New option --debug-allow-large-chunks. (main): Implement that option. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove multiple subkey bindings during export-clean.Werner Koch2018-07-091-5/+84
| | | | | | | | | * g10/key-clean.c (clean_one_subkey_dupsigs): New. (clean_all_subkeys): Call it. -- GnuPG-bug-id: 3804 Signed-off-by: Werner Koch <[email protected]>
* gpg: Let export-clean remove expired subkeys.Werner Koch2018-07-094-12/+125
| | | | | | | | | | | | | | | * g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID) (KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New. * g10/key-clean.c (clean_one_subkey): New. (clean_all_subkeys): Add arg CLEAN_LEVEL. * g10/import.c (import_one): Call clean_all_subkeys with KEY_CLEAN_NONE. * g10/export.c (do_export_stream): Call clean_all_subkeys depedning on the export clean options. -- GnuPG-bug-id: 3622 Signed-off-by: Werner Koch <[email protected]>
* gpg: Split key cleaning function for clarity.Werner Koch2018-07-094-16/+54
| | | | | | | | | | | | * g10/key-clean.c (clean_key): Rename to clean_all_uids and split subkey cleaning into ... (clean_all_subkeys): new. Call that always after the former clean_key invocations. -- Note that the clean_all_subkeys function will later be extended. Signed-off-by: Werner Koch <[email protected]>
* gpg: Move key cleaning functions to a separate file.Werner Koch2018-07-0610-429/+495
| | | | | | | | | | | | | | | * g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid) (clean_uid_from_key, clean_one_uid, clean_key): Move to ... * g10/key-clean.c: new file. * g10/key-clean.h: New. * g10/Makefile.am (gpg_sources): Add new files. * g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include new header. * g10/trustdb.h (struct key_item, is_in_klist): Move to ... * g10/keydb.h: here. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.Werner Koch2018-07-056-8/+60
| | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_for_sig): New. (get_pubkeyblock_for_sig): New. * g10/mainproc.c (issuer_fpr_raw): Give global scope. (check_sig_and_print): Use get_pubkeyblock_for_sig. * g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig. * g10/sig-check.c (check_signature2): Ditto. (check_signature_over_key_or_uid): Ditto. -- GnuPG-bug-id: 4046 The whole getkey stuff is still a mess with way to much duplication and missing caching of already fetched data. Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fix in a comment.Werner Koch2018-07-051-1/+1
| | | | --
* gpg: Ignore too large user ids during import.Werner Koch2018-07-041-1/+30
| | | | | | | | | | | | * g10/import.c (read_block): Add special treatment for bad user ids and comment packets. -- See GnuPG-bug-id: 4022 for an example of a bogus user id. Signed-off-by: Werner Koch <[email protected]>
* indent: Fix indentation of read_block in g10/import.cWerner Koch2018-07-041-66/+67
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Extra check for sign usage when verifying a data signature.Werner Koch2018-07-041-2/+11
| | | | | | | | | | | * g10/sig-check.c (check_signature_end_simple): Check sign usage. -- Without this patch the signature verification fails only due to the missing back signature. This check better explains what went wrong. GnuPG-bug-id: 4014 Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 05:11:39 +0000