aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix the previous commit.NIIBE Yutaka2022-02-231-1/+1
| | | | | | | -- Fixes-commit: 903c5fe369bc4948718a7d2a0e19b1acdb2406c4 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix generating AEAD packet.NIIBE Yutaka2022-02-221-1/+1
| | | | | | | | | * g10/cipher-aead.c (do_free): Fix the condition of the last chunk. -- GnuPG-bug-id: 5853 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10/mainproc: avoid extra hash contexts when decrypting MDC inputJussi Kivilinna2022-02-081-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (mainproc_context): New member 'seen_pkt_encrypted_mdc'. (release_list): Clear 'seen_pkt_encrypted_mdc'. (proc_encrypted): Set 'seen_pkt_encrypted_mdc'. (have_seen_pkt_encrypted_aead): Rename to... (have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for 'seen_pkt_encrypted_mdc'. (proc_plaintext): Do not enable extra hash contexts when decrypting MDC input. -- Avoiding extra hash contexts speeds up CFB/MDC decryption quite a lot. For example, decrypting symmetric-key AES-256 encrypted 4 GiB file from RAM to /dev/null sees ~3.4x speed increase on AMD Ryzen 5800X: AES256.CFB encryption: 783 MB/s AES256.CFB decryption: 386 MB/s (before) AES256.CFB encryption: 1.3 GB/s (after patch) Note, AEAD is still significantly faster: AES256.OCB encryption: 2.2 GB/s AES256.OCB decryption: 3.0 GB/s GnuPG-bug-id: T5820 Signed-off-by: Jussi Kivilinna <[email protected]>
* gpg: Fix for -Wformat when using uint64_t.NIIBE Yutaka2022-02-022-4/+5
| | | | | | | | | | | | | * g10/cipher-aead.c (do_flush): Use PRIu64. * g10/decrypt-data.c (aead_underflow): Likewise. -- Even among LP64 data model machines, uint64_t type may differ; unsigned long or unsigned long long. Only portable way is use of PRIu64. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,sm: Set --verbose and clear --quiet in debug mode.Werner Koch2022-02-011-0/+6
| | | | | * g10/gpg.c (set_debug): Tweak options. * sm/gpgsm.c (set_debug): Ditto.
* gpg: Allow --dearmor to decode all kinds of armor files.Werner Koch2022-01-283-8/+34
| | | | | | | | | | | * g10/filter.h (armor_filter_context_t): New fields dearmor_mode and dearmor_state. * g10/dearmor.c (dearmor_file): Set dearmor_mode. * g10/armor.c (is_armor_header): Magic to switch to generic dearmor mode. (parse_header_line): Treat non OpenPGP armor in a special way. (check_input): Ditto. (radix64_read): Detect non OpenPGP armor END lines.
* gpg: Print Yubikey version correctly.Werner Koch2022-01-183-2/+38
| | | | | | | | | | | | | * g10/call-agent.c (learn_status_cb): Parse APPVERSION. * g10/call-agent.h (struct agent_card_info_s): Add field appversion. * g10/card-util.c (print_a_version): New. (current_card_status): Print version from appversion. -- This is a regression due to the PIV support. Note that the newer gpg-card worked correctly. GnuPG-bug-id: 5787
* gpg: Fix adding the list of ultimate trusted keys.NIIBE Yutaka2022-01-124-2/+48
| | | | | | | | | | | | | * g10/keygen.c (do_generate_keypair): Remove another call to update_ownertrust. * g10/trust.c (update_ownertrust): Add call to tdb_update_utk. * g10/trustdb.c (tdb_update_utk): New. * g10/trustdb.h (tdb_update_utk): New. -- GnuPG-bug-id: 5742 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Report failed generation of subkey pair via status interfaceIngo Klöcker2022-01-111-1/+5
| | | | | | | | | | | | * g10/keygen.c (generate_subkeypair): On error, write error and "key not created" message to status interface. -- This change allows users of the status/command interface to detect errors when adding a subkey to a key. Similar status messages are output by do_generate_keypair. GnuPG-bug-id: 5771
* gpg: Request keygrip of key to add via command interfaceIngo Klöcker2022-01-111-2/+2
| | | | | | | | | | | * g10/keygen.c (ask_algo): Request keygrip via cpr_get. * doc/help.txt (gpg.keygen.keygrip): New help text. -- This change makes it possible to add an existing (sub)key to another key via the status/command interface. GnuPG-bug-id: 5771
* gpg: Correctly set the ownertrust for a new key.Werner Koch2021-12-201-3/+1
| | | | | | | * g10/keygen.c (do_generate_keypair): Use update_ownertrust. -- GnuPG-bug-id: 5742
* gpg: Add unfinished code for --export-secret-ssh-key.Werner Koch2021-12-203-35/+449
| | | | | | | | | | | | | | | | * g10/gpg.c (exportSecretSshKey): New. (opts): Add --export-secret-ssh-key. (main): Implement option. * g10/export.c (do_export_stream): Factor keywrap key code out to ... (get_keywrap_key): new. (mb_write_uint32, mb_write_uint8) (mb_write_data, mb_write_cstring) (mb_write_string, mb_write_mpi): New. (receive_raw_seckey_from_agent): New. (export_secret_ssh_key): New. -- Due to time constraints the code is not yet ready.
* gpg: Allow passing a keygrip as description to pinentry.Werner Koch2021-12-202-15/+37
| | | | | | | * g10/keydb.h (FORMAT_KEYDESC_KEYGRIP): New. * g10/passphrase.c (gpg_format_keydesc): Add new mode. Signed-off-by: Werner Koch <[email protected]>
* gpg: Emit compatible Ed25519 signature.NIIBE Yutaka2021-12-103-1/+87
| | | | | | | | | | | | | * g10/pkglue.c (sexp_extract_param_sos_nlz): New. * g10/pkglue.h: Add the declaration. * g10/sign.c (do_sign): Use sexp_extract_param_sos_nlz for Ed25519. -- Ed25519 signature in GnuPG 2.2 has no leading zeros. GnuPG-bug-id: 5331 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix function prototype to match declaration.Jakub Jelen2021-11-241-3/+7
| | | | | | | | * g10/test-stubs.c (keyserver_import_mbox): Fix prototype -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* gpg: Fix format_keyid.NIIBE Yutaka2021-11-241-5/+4
| | | | | | | | * g10/keyid.c (format_keyid): Allocate buffer earlier. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix key conversion for SSH.NIIBE Yutaka2021-11-241-5/+6
| | | | | | | | | | * g10/export.c (key_to_sshblob): Use put_membuf with length counted beforehand, and use memcmp instead of strncmp. -- GnuPG-bug-id: 5393 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New option --forbid-gen-key.Werner Koch2021-11-221-9/+40
| | | | | | | | | | | | * g10/gpg.c (oForbidGenKey, opts): New option. (mopt): New local struct (gen_key_forbidden): New. (main): Set and handle the option. -- In large system installation it is sometimes useful to make it a bit harder for users to generate their own keys. An example is a policy to not use on-disk keys.
* gpg,gpgsm: Add option --min-rsa-length.Werner Koch2021-11-182-0/+6
| | | | | | | | | | | | | | | * common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
* Update release signing keysWerner Koch2021-11-131-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- The last key is new. As usual the key is on a dedicated card with the Admin PIN accessible to a few core hackers. # ------------------------ >8 ------------------------ pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15] 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) uid Andre Heinecke (Release Signing Key) sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <[email protected]> pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid Werner Koch (dist signing 2020) sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020) sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig) sig 63113AE866587D0A 2020-08-24 [email protected] sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing) sig F2AD85AC1E42B367 2020-08-24 Werner Koch <[email protected]> pub ed25519 2021-05-19 [SC] [expires: 2027-04-04] AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD uid Niibe Yutaka (GnuPG Release Key) sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key) sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <[email protected]> sig E267B052364F028D 2021-09-14 NIIBE Yutaka <[email protected]> pub brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31] 02F38DFF731FF97CB039A1DA549E695E905BA208 uid GnuPG.com (Release Signing Key 2021) sig 3 549E695E905BA208 2021-10-15 GnuPG.com (Release Signing Key 2021) sig 528897B826403ADA 2021-10-15 Werner Koch (dist signing 2020) sig E3FDFF218E45B72B 2021-10-15 Werner Koch (wheatstone commit signing)
* gpg: Remove stale ultimately trusted keys from the trustdb.Werner Koch2021-11-136-17/+72
| | | | | | | | | | | | | | | | * g10/tdbdump.c (export_ownertrust): Skip records marked with the option --trusted-key. (import_ownertrust): Clear the trusted-key flag. * g10/tdbio.h (struct trust_record): Add field flags. * g10/tdbio.c (tdbio_dump_record): Improve output. (tdbio_read_record, tdbio_write_record): Handle flags. * g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set the flag for new --trusted-keys. (tdb_update_ownertrust): Add arg as_trusted_key. Update callers. -- GnuPG-bug-id: 5685 Signed-off-by: Werner Koch <[email protected]>
* gpg: Don't use malloc for kek_params.NIIBE Yutaka2021-11-121-8/+5
| | | | | | | | | * g10/ecdh.c (pk_ecdh_default_params): Use stack for kek_params. -- GnuPG-bug-id: 5393 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Avoid uninitialized revkey.fprlen.Jakub Jelen2021-11-121-0/+2
| | | | | | | | | | * g10/keygen.c (parse_revocation_key): Store the fingerprint length in created structure. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* gpg: Fix indentation of --print-mds and --print-md sha512.Werner Koch2021-11-041-4/+4
| | | | | | | * g10/gpg.c (print_hex): Fix indentation. -- GnuPG-bug-id: 5679
* gpg: Fix printing of binary notations.Werner Koch2021-10-221-2/+6
| | | | | | | * g10/keylist.c (show_notation): Print binary notation from BDAT. -- GnuPG-bug-id: 5667
* gpg: New option --override-compliance-checkWerner Koch2021-10-133-12/+47
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oOverrideComplianceCheck): New. (opts): Add new option. (main): Set option and add check for batch mode. * g10/options.h (opt): Add flags.override_compliance_check. * g10/sig-check.c (check_signature2): Factor complaince checking out to ... (check_key_verify_compliance): this. Turn error into a warning in override mode. -- There is one important use case for this: For systems configured globally to use de-vs mode, Ed25519 and other key types are not allowed because they are not listred in the BSI algorithm catalog. Now, our release signing keys happen to be Ed25519 and thus we need to offer a way for users to check new versions even if the system is in de-vs mode. This does on purpose not work in --batch mode so that scripted solutions won't accidently pass a signature check. GnuPG-bug-id: 5655
* gpg: Handle backsig for v5 signature.NIIBE Yutaka2021-09-291-6/+8
| | | | | | | | | * g10/getkey.c (merge_selfsigs_subkey): Check v5 signature correctly. -- GnuPG-bug-id: 5628 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Ed448 and X448 are only for v5 (for subkey).NIIBE Yutaka2021-09-291-1/+6
| | | | | | | | | | | | * g10/keygen.c (generate_subkeypair): Specify KEYGEN_FLAG_CREATE_V5_KEY for Ed448 or X448 key. -- Reported-by: William Holmes Fixes-commit: 36355394d865f5760075e62267d70f7a7d5dd671 GnuPG-bug-id: 5609 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Skip the packet when not used for AEAD.NIIBE Yutaka2021-09-281-0/+1
| | | | | | | | | | * g10/free-packet.c (free_packet): Add the case for case PKT_ENCRYPTED_AEAD. -- GnuPG-bug-id: 5464 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Print a warning when importing a bad cv25519 secret key.Werner Koch2021-09-141-1/+17
| | | | | | | | * g10/import.c (transfer_secret_keys): Add simple check. -- Note that the requirement for a set high bit is not yet checked. GnuPG-bug-id: 5464
* Update release signing keys.Werner Koch2021-09-141-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- These are now # ------------------------ >8 ------------------------ pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15] 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) uid Andre Heinecke (Release Signing Key) sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <[email protected]> pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid Werner Koch (dist signing 2020) sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020) sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig) sig 63113AE866587D0A 2020-08-24 [email protected] sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing) sig F2AD85AC1E42B367 2020-08-24 Werner Koch <[email protected]> pub ed25519 2021-05-19 [SC] [expires: 2027-04-04] AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD uid Niibe Yutaka (GnuPG Release Key) sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key) sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <[email protected]> sig E267B052364F028D 2021-09-14 NIIBE Yutaka <[email protected]>
* gpg: Print a note about the obsolete option --secret-keyring.Werner Koch2021-08-281-1/+1
| | | | | | -- GnuPG-bug-id: 2749
* gpg: Change default and max AEAD chunk size to 4 MiBWerner Koch2021-08-271-3/+3
| | | | | | | | | -- This is per OpenPGP WG design team decision from 2021-08-13 (raising a new wall after exactly 60 years ;-) Signed-off-by: Werner Koch <[email protected]>
* gpg: Report the status of NO_SECKEY for decryption.NIIBE Yutaka2021-08-241-2/+2
| | | | | | | | | | * g10/mainproc.c (proc_encrypted): Fix the condition to report NO_SECKEY even when the key was not considered by get_session_key. -- GnuPG-bug-id: 5562 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Return SUCCESS/FAILURE status also for --card-edit/name.Werner Koch2021-08-191-3/+8
| | | | | | | * g10/card-util.c (change_name): Call write_sc_op_status. -- Reported-by: Joey Berkovitz
* gpg: Let --fetch-key return an exit code on failure.Werner Koch2021-06-252-4/+20
| | | | | | | | * g10/keyserver.c (keyserver_fetch): Return an error code. * g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data. -- GnuPG-bug-id: 5376
* gpg,sm: Simplify keyserver spec parsing.Werner Koch2021-06-164-276/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | * common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <[email protected]> Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
* gpg: Support KEYGRIP search with traditional keyring.NIIBE Yutaka2021-06-031-3/+13
| | | | | | | | | * g10/keyring.c (keyring_search): Handle KEYDB_SEARCH_MODE_KEYGRIP. -- GnuPG-bug-id: 5469 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Ed448 and X448 are only for v5 for --full-gen-key.NIIBE Yutaka2021-05-271-1/+24
| | | | | | | | | | * g10/keygen.c (generate_keypair): Set pVERSION = 5, pSUBVERSION = 5, when it's Ed448 or X448. -- Fixes-commit: 36355394d865f5760075e62267d70f7a7d5dd671 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Partial fix for Unicode problem in output files.Werner Koch2021-05-251-1/+1
| | | | | | | | | | * g10/openfile.c (overwrite_filep): Use gnupg_access. -- As said, this is just an obvious but partial fix. We need to review things for the output module. Signed-off-by: Werner Koch <[email protected]>
* common: Annotate leaked memory in homedir.cWerner Koch2021-05-211-1/+1
| | | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (how_to_fix_the_trustdb): Use gnupg_homedir. * common/homedir.c (standard_homedir): Annotate leaked memory. (gnupg_daemon_rootdir): Ditto. (gnupg_socketdir): Ditto. (gnupg_sysconfdir): Ditto. (gnupg_bindir): Ditto. (gnupg_libdir): Ditto. (gnupg_datadir): Ditto. (gnupg_localedir): Ditto. (gnupg_cachedir): Ditto. (gpg_agent_socket_name): Ditto. (dirmngr_socket_name): Ditto. (keyboxd_socket_name): Ditto. (get_default_pinentry_name): Ditto. (gnupg_module_name): Ditto. (default_homedir): Ditto. Make static. Signed-off-by: Werner Koch <[email protected]>
* g10: Avoid memory leaksJakub Jelen2021-05-203-18/+30
| | | | | | | | | | | | | | | | | * g10/call-agent.c (card_keyinfo_cb): free keyinfo. Restructure to avoid backward gotos. * g10/keyedit.c (menu_set_keyserver_url): properly enclose the block * g10/keygen.c (gen_card_key): free pk and pkt -- Signed-off-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5393 Additional changes: - Restructure to avoid backward gotos. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix memory leaksJakub Jelen2021-05-2010-12/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/card-util.c (change_pin): free answer on errors (ask_card_keyattr): free answer on error * g10/cpr.c (do_get_from_fd): free string * g10/gpg.c (check_permissions): free dir on weird error * g10/import.c (append_new_uid): release knode * g10/keyedit.c (menu_set_keyserver_url): free answer (menu_set_keyserver_url): free user * g10/keygen.c (print_status_key_not_created): move allocation after sanity check (ask_expire_interval): free answer (card_store_key_with_backup): goto leave instaed of return * g10/keyserver.c (parse_keyserver_uri): goto fail instead of return * g10/revoke.c (gen_desig_revoke): release kdbhd (gen_desig_revoke): free answer * g10/tofu.c (ask_about_binding): free sqerr and response * g10/trustdb.c (ask_ownertrust): free pk -- Signed-off-by: Jakub Jelen <[email protected]> Further changes: * g10/card-util.c (change_pin): Do not set answer to NULL. * g10/keyedit.c(menu_set_keyserver_url): Use !func() pattern. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 5393
* gpg: Improve speed of secret key listing.Werner Koch2021-05-195-19/+101
| | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_keyinfo): Factor some code out to ... (get_keyinfo_on_cards): ... new. (cmd_havekey): Add --list mode. * g10/gpg.h (struct server_control_s): Add new caching vars. * g10/gpg.c (gpg_deinit_default_ctrl): Release cache. * g10/call-agent.c (agent_probe_any_secret_key): Init and try to use the keygrip cache. (agent_genkey): Clear the cache. (agent_import_key): Ditto. * g10/keylist.c (list_all, list_one): Pass ctrl to agent_probe_any_secret_key. * g10/getkey.c (lookup): Ditto. -- With this change we first ask the agent for a list of all secret keygrips and use that list instead of asking the agent for each public key. Speeds up my "gpg -K" with a lot of secret and public keys by more than 25%. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.Werner Koch2021-05-181-75/+21
| | | | | | | | | | * g10/call-dirmngr.c (record_output): Rewrite. -- Thou shalt not percent-escape for C-unescaping. Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7 Signed-off-by: Werner Koch <[email protected]>
* gpg: Use a more descriptive prompt for symmetric decryption.Werner Koch2021-05-177-17/+33
| | | | | | | | | | | | | | | | | | | | | * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New. (passphrase_to_dek_ext): Remove this obsolete prototype. * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag value. (passphrase_to_dek): Add arg flags and pass it on. * g10/mainproc.c (proc_symkey_enc): Use new flag. * sm/decrypt.c (pwri_decrypt): Use "passphrase". -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b) Note that we keep on using the term "passphrase" although "password" would be better. There are however so many occurance of this and given it is a bike shedding topic we fix that in the PO files. Signed-off-by: Werner Koch <[email protected]>
* A few minor code cleanups and typo fixes.Werner Koch2021-05-112-2/+6
| | | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Remove double check of ERR. * g10/getkey.c (get_pubkey_byname): Remove double use of break. * g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to failed malloc. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix allocation for EXTRAHASH.NIIBE Yutaka2021-05-111-1/+1
| | | | | | | | | * g10/sign.c (clearsign_file): Fix the size to allocate. -- GnuPG-bug-id: 5430 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix mailbox based search via AKL keyserver method.Werner Koch2021-04-265-13/+11
| | | | | | | | | | | | | | | | | * g10/keyserver.c (keyserver_import_name): Rename to ... (keyserver_import_mbox): this. And use mail search mode. * g10/getkey.c (get_pubkey_byname): Change the two callers. -- In contrast to a search via keyserver_import_ntds the older keyserver_import_name used a full match of the provided name despite that it is only called with an addr-spec (mbox). Due to the mode the pattern send to dirmngr was prefixed with a '=' and thus dirmngr used an exact search;. This did only work for provided user ids like "[email protected]" but not for "<[email protected]>" or "Foo <[email protected]>". The old code dates back to 2010. Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not use import-clean for LDAP keyserver imports.Werner Koch2021-04-263-8/+23
| | | | | | | | | | | | | | | * g10/options.h (opts): New field expl_import_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we don't clean the key anymore so that key certifications are kept even if the public key has not yet been imported. See-commit: 6c26e593df51475921410ac97e9227df6b258618 GnuPG-bug-id: 5387
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 08:35:34 +0000