| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_best_pubkey_byname): After the call of
get_pubkey_byname, set up CTX with KEYDB_SEARCH_MODE_LONG_KID to enter
the loop.
--
Fixes-commit: 7535f1d47a35e30f736f0e842844555f7a4a9841
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_best_pubkey_byname): Handle the first key
as the initial candidate for the selection.
--
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* g10/getkey.c (get_best_pubkey_byname): Free the public key parts.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date
and remove debug output.
--
With 2.2 we do not not support SHA-1 key signatures anymore even if
that means that the WoT shrinks.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
SHA-1 based signatures.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keydb-private.h (struct keydb_handle_s): Add fields for UBID.
* g10/call-keyboxd.c (search_status_cb): New.
(keydb_search): Set new UBID fields.
--
The UBID is not yet used but may come handy later.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keyserver.c (keyserver_retrieval_screener): Compare against
actual length.
--
This was a long standing and annoying regression due to changes
for v5 keys. Really simple to fix :-).
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/expand-group.c (expand_group): Add arg prepend_input.
* g10/pkclist.c (build_pk_list): Adjust for it.
* g10/getkey.c (key_byname): Keep the expanded names in the CTX and
don't premature free them.
(get_pubkey_byname): Append the namelist to the extra_list.
--
The original patch didn't kept the expanded list in the context and
also would duplicate names which are not group names. The latter does
not really harm but the former lead to a use after free. Original
patch was applied just a few weeks ago.
Fixes-commit: e825aea2ba3529c333d7ec2c76e63998cb83d999
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* g10/parse-packet.c (dump_sig_subpkt): Fix format error.
Signed-off-by: Werner Koch <[email protected]>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Resolved Conflicts:
* common/asshelp.c: Keep the new code in master for spawing under
Windows.
* g10/Makefile.am: Keep all new file.
* g10/photoid.c: Pass CTRL to pct_expando.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/userids.c (classify_user_id): Detect UBIDs.
* kbx/backend-cache.c (blob_table_put): Store the public key type.
(be_cache_search): Add search mode for UBIDs.
* kbx/backend.h (struct db_request_part_s): Add cache.seqno_ubid.
* g10/keydb.c (keydb_search_desc_dump): Fix printing of keygrip. Add
ubid printing.
* g10/call-keyboxd.c (keydb_search): Support search by UBID.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| | |
--
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/Makefile.am: Add nPth flags.
* g10/gpg.c: Include npth.h.
(gpg_deinit_default_ctrl): Deinit call-keyboxd local data.
(main): Init nPth.
* g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and
remove the search result and the assuan context.
* g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields.
(lock_datastream, unlock_datastream): New.
(gpg_keyboxd_deinit_session_data): Adjust for changed data structures.
(prepare_data_pipe): New.
(open_context): Return kbl instead of an Assuan context. Init mutexes
etc.
(close_context): Merge into ...
(keydb_release): here. Adjust for changed data structures.
(datastream_thread): New.
(keydb_get_keyblock): Implement datastream stuff.
(keydb_search): Ditto.
* common/asshelp.c (wait_for_sock): Add arg connect_flags.
(start_new_service): Set FDPASSING flag for the keyboxd.
--
This code as a lot of rough edges, in particular it relies on a well
behaving keyboxd. We need to add code to shutdown the datastream
reader thread in case of errors and to properly get it up again. We
also need to make really sure that both threads run in lockstep so
that the datastream thread is only active while we are sending a
command to the keyboxd.
We should also see whether we can depend nPth initialization on the
--use-keyboxd option to avoid any problems with nPth.
And we need to test on Windows.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/iobuf.c (file_es_filter_ctx_t): Add fields use_readlimit and
readlimit.
(file_es_filter): Implement them.
(iobuf_esopen): Add new arg readlimit.
* g10/decrypt-data.c (decrypt_data): Adjust for change.
* g10/import.c (import_keys_es_stream): Ditto.
--
This comes handy for (length,datablob) style streams.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts.
(opts): New options --use-keyboxd and --keyboxd-program.
(main): Implement them.
* g10/keydb.c: Move some defs out to ...
* g10/keydb-private.h: new file.
* g10/keydb.c: prefix function names with "internal" and move original
functions to ...
* g10/call-keyboxd.c: new file. Divert to the internal fucntion if
--use-keyboxd is used. Add a CTRL arg to most fucntions and change
all callers.
* g10/Makefile.am (common_source): Add new files.
(noinst_PROGRAMS): Do bot build gpgcompose.
--
Note that this is just the framework with only a basic implementation
of searching via keyboxd.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| | |
* kbx/keybox-file.c (_keybox_write_header_blob): New optional arg
stream. Change callers.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/expand-group.c: New
* g10/pkclist.c: Extract expand_group and expand_id into expand-group.c.
* g10/keydb.h: Add prototypes of expand_id and expand_group.
* g10/getkey.c: Use expand_group before resolving key references.
* g10/Makefile.am: Compile expand-group.c.
--
When searching a key by its name, try to expand the provided name in
case it is a GPG group reference. This GPG group resolution is performed
before the individual keys are verified.
This allows key listing using a GPG group reference. In particular, this
modification fixes the encryption to group support in KDE's Kmail which
is broken since version 18.04.
Signed-off-by: Stephan Mueller <[email protected]>
- Changed new filename to use a dash instead of an underscore.
- Indendation changes.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* g10/keyserver.c (keyserver_put): Act upon --quiet.
--
Suggested-by: Robin H. Johnson <[email protected]>
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New.
* g10/keydb.h (IS_ATTST_SIGS): New.
(IS_CERT): Include the new one.
* g10/sign.c (mk_notation_policy_etc): Do not put notations into
attestation key signatures.
* g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo.
Print the attestation sigs.
(parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS.
(can_handle_critical): Ditto.
(enum_sig_subpkt): Pass digest algo to dump_sig_subpkt.
--
This change allows to list the new subpacket with --list-packets.
Example output:
:signature packet: algo 22, keyid C694723A1370EAB1
version 4, created 1567097576, md5len 0, sigclass 0x16
digest algo 8, begin of digest ff 0c
hashed subpkt 2 len 4 (sig created 2019-08-29)
hashed subpkt 37 len 32 (attst-sigs: 1
A794C6E9CCFE2F34C67E07[...])
hashed subpkt 33 len 21 (issuer fpr v4 156A3872[...])
subpkt 16 len 8 (issuer key ID C694723A1370EAB1)
data: [256 bits]
data: [256 bits]
GnuPG-bug-id: 4694
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args
so that the entire signature packet is available. Change all callers.
(parse_sig_subpkt): Ditto.
--
This patch is a prerequisite to support the new attestation key
signatures.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keydb.c (keydb_add_resource): Call keybox_compress.
* sm/keydb.c (keydb_add_resource): Release the lock after a compress.
--
Note that in gpgsm we already did the compress run but we didn't
released the lock on the file. This might have been a reason for some
strange hangs.
GnuPG-bug-id: 4644
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/getkey.c (akl_empty_or_only_local): New.
* g10/gpg.c (DEFAULT_AKL_LIST): New.
(main): Use it here.
(main) <aLocateExtKeys>: Set default AKL if none is set.
--
This better matches the expectations of the user. The used list in
this case is the default list ("local,wkd") with local ignored by the
command anyway.
GnuPG-bug-id: 4662
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/options.h (glo_ctrl): Add flag silence_parse_warnings.
* g10/keylist.c (list_all): Set that during secret key listsings.
* g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do
not print info message normally emitted inh verbose mode.
(can_handle_critical_notation, enum_sig_subpkt): Ditto.
(parse_signature, parse_key, parse_attribute_subpkts): Ditto.
--
Those messages are annoying because they might be emitted due to
parsing public keys which are latter not shows because the secret part
is missing. No functional regressions are expected because --verbose
should not change anything.
Note that this suppression is only done if no arguments are given to
the command; that is if a listing of the entire keyring is requested.
Thus to see the earnings anyway, a listing of a single or group of
keys can be requested.
GnuPG-bug-id: 4627
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/trustdb.c (verify_own_keys): Silence informational diagnostic.
--
This silences these notes with --quiet
gpg: Note: RFC4880bis features are enabled.
gpg: key EE65E8C75D41FD1D marked as ultimately trusted
GnuPG-bug-id: 4634
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
support the special algo "card".
(parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
Handle the "card" algo. Adjust callers.
(parse_algo_usage_expire): Add arg R_KEYGRIP.
(quickgen_set_para): Add arg KEYGRIP and put it into the parameter
list.
(quick_generate_keypair): Handle algo "card".
(generate_keypair): Also handle the keygrips as returned by
parse_key_parameter_string.
(ask_algo): Support ed25519 from a card.
--
Note that this allows to create a new OpenPGP key from an initialized
OpenPGP card or from any other supported cards. It has been tested
with the TCOS Netkey card. Right now a stub file for the cards might
be needed; this can be achieved by running "gpgsm --learn" with the
card plugged in.
Example:
gpg --quick-gen-key [email protected] card
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| | |
--
GnuPG-bug-id: 4682
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| | |
* g10/export.c (export_one_ssh_key): Factor out.
(export_ssh_key): Use export_one_ssh_key.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/keygen.c (ask_algo): Identify the standard keys.
--
The asterisks mark the usages of a key as retruned by scd via the
$AUTHKEYID et al. attributes.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/gpg.c (opts): Add option.
(main): Set flag.
* g10/options.h: Add flags.use_only_openpgp_card.
* g10/call-agent.c (start_agent): Implement option.
--
With the previous patch we switch to autoselect an application
instead of requesting an openpgp card. This option allows to revert
this in case of use use cases which expected the former behaviour.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit c185f6dfbd1bfd809369da789239a371e9d1610e)
This was first added to the 2.2 branch.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/mainproc.c (proc_encrypted): Report status of STATUS_NO_SECKEY
only when some error occurred.
--
Fixes-commit: 6cc4119ec03be61c78189a0bec99372035289b91
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
GnuPG-bug-id: 4652
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/photoid.c (exec_write, exec_read, exec_finish): Remove.
(setup_input_file): Rename from make_tempdir.
(expand_args): Drop support of 'o' and 'O'.
(fill_command_argv, run_with_pipe, create_temp_file) New.
(show_photo): New with gnupg_spawn_process_fd and gnupg_wait_process.
(show_photos): Call show_photo.
GnuPG-bug-id: 4362
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* g10/exec.c (w32_system): Expose to public.
(exec_write, exec_read, exec_finish, make_tempdir, expand_args): Move
to photoid.c.
* g10/exec.h: Likewise.
* g10/photoid.c (exec_write, exec_read, exec_finish, make_tempdir)
(expand_args): Move here.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* g10/keyserver.c: Don't include exec.h.
* g10/photoid.c (image_type_to_string): It's constant.
* g10/photoid.h (image_type_to_string): Likewise.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow
empty string.
GnuPG-bug-id: 4633
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| |
| | |
* g10/call-agent.c (learn_status_cb): Parse the KDF DO.
* g10/card-util.c (current_card_status): Show it correctly.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| | |
| |
| |
| |
| |
| | |
* g10/card-util.c (kdf_setup): Can be "off".
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |/
|
|
|
|
|
| |
* g10/dek.h (DEK): Use debugger friendly type of unsigned int.
* g10/mainproc.c (symkey_decrypt_seskey): Add another check.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/mainproc.c (proc_encrypted): Only call get_session_key when
PKENC_LIST is not NULL.
Return GPG_ERR_BAD_KEY, instead of GPG_ERR_NO_SECKEY, when
it's encrypted only by symmetric key.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (user_id_db): Remove, as no use anymore.
(get_user_id_string): Use cache_get_uid_bykid.
(get_user_id_byfpr): Use cache_get_uid_byfpr.
* g10/objcache.c (cache_get_uid_byfpr): New.
* g10/objcache.h (cache_get_uid_byfpr): New.
Fixes-commit: 64a5fd37271a3e454c0d59ac3500e1a1b232e4f7
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/import.c (read_block): Avoid O(N^2) append.
(sec_to_pub_keyblock): Likewise.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append.
GnuPG-bug-id: 4592
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
* g10/import.c (import_one): Check options.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
--
Reported-by: Phil Pennock
Fixes-commit: 2e349bb6173789e0e9e42c32873d89c7bc36cea4
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver. Remove keyserver lookup just by the
keyid. Try a WKD lookup before a keyserver lookup.
--
The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.
GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/mainproc.c (proc_encrypted): Check ->result against -1.
When c->dek == NULL, put GPG_ERR_NO_SECKEY only when not set.
* g10/pubkey-enc.c (get_session_key): Set k->result by the result of
get_it.
When no secret key is available for some reasons, return the last
specific error, if any.
GnuPG-bug-id: 4561
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (main): Change default.
--
Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures. That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.
To revert to the old behavior add
keyserver-optiions no-self-sigs-only,no-import-clean
to gpg.conf.
GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
and skipped-local.
--
This change avoids error message like
gpg: error retrieving '[email protected]' via None: No public key
A 'None' mechanism is something internal.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
(get_best_pubkey_byname): Add arg 'mode' and pass on to
get_pubkey_byname. Change callers.
* g10/keylist.c (public_key_list): Add arg 'no_local'.
(locate_one): Ditto. Pass on to get_best_pubkey_byname.
--
This new command is a shortcut for
--auto-key-locate nodefault,clear,wkd,... --locate-key
and uses the default or configured AKL list but does so without local.
See also
GnuPG-bug-id: 4599
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (enum get_pubkey_modes): New.
* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
change all callers.
--
This change prepares the implementation of GET_PUBKEY_NO_LOCAL.
Signed-off-by: Werner Koch <[email protected]>
|
