aboutsummaryrefslogtreecommitdiffstats
path: root/g10 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Change the API for checksum to use const qualifier.NIIBE Yutaka2020-11-022-2/+2
| | | | | | | * g10/main.h (checksum): Use const. * g10/misc.c (checksum): Use const. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix counting buffer size in check_signature2.NIIBE Yutaka2020-11-021-1/+1
| | | | | | * g10/sig-check.c (check_signature2): Use GCRYMPI_FMT_PGP. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix SOS handling with libgcrypt version <= 1.8.NIIBE Yutaka2020-10-301-0/+19
| | | | | | | | | | * g10/misc.c (checksum_mpi): Don't depend new feature of gcry_mpi_print which supports opaque MPI. -- GnuPG-bug-id: 5116 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix first zero-byte case for SOS handling.NIIBE Yutaka2020-10-302-2/+2
| | | | | | | | | | * g10/export.c (transfer_format_to_openpgp): Check the first byte. * g10/pkglue.c (sexp_extract_param_sos): Likewise. -- GnuPG-bug-id: 5116 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New command --quick-revoke-sigWerner Koch2020-10-286-9/+277
| | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig. (opts): Add --quick-revoke-sig. (main): Implement. * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and adjust all callers. (keyedit_quick_revsig): new. * g10/revoke.c (get_default_sig_revocation_reason): New. * g10/keylist.c (cmp_signodes): Make global. -- GnuPG-bug-id: 5093
* gpg: Sort the signatures in standard key listings.Werner Koch2020-10-276-142/+239
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (parse_list_options): Add "sort-sigs". (main): Make it the default. * g10/options.h (LIST_SORT_SIGS): New. * g10/keylist.c (cmp_signodes): New. (list_keyblock_print): Sort signatures and factor signature printing code out to ... (list_signature_print): new. -- In particular together with --full-timestamps this makes it easier to see the history of key signatures and their revocations. The self-signatures are also printed first. To disable this --list-options no-sort-sigs can be used. Also don't print the annoying "no recocation reason specified" message. Signed-off-by: Werner Koch <[email protected]>
* g10: Make call to agent_scd_serialno more robust.Werner Koch2020-10-262-5/+6
| | | | | | | | | | | * g10/call-agent.c (agent_scd_serialno): Make sure that NULL is stored on error at r_serialno. * g10/card-util.c (card_status): Simplify freeing of seriaono. (factory_reset): Ditto. -- This pattern is what we use with other functions returning an allocated string and thus less surprising.
* g10,sm: Use gnupg_access at two more placesWerner Koch2020-10-261-1/+1
| | | | --
* gpg: Fix double free on error.NIIBE Yutaka2020-10-261-1/+2
| | | | | | * g10/card-util.c (card_status): Check an error return. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,tools: Fix detecting OpenPGP card by serialno.NIIBE Yutaka2020-10-261-4/+5
| | | | | | | | | | | | | * tools/gpg-card.c (list_openpgp): Use ->apptype to determine card's APP. * g10/card-util.c (get_info_for_key_operation): Likewise. (current_card_status): Even if its SERIALNO is not like OpenPGP card, it's OpenPGP card when app says so. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <[email protected]>
* Replace all calls to stat by gnupg_stat.Werner Koch2020-10-206-11/+11
| | | | | | | | | | | * common/sysutils.c (gnupg_stat): New. * common/sysutils.h: Include sys/stat.h. -- Yet another wrapper for Unicode support on Windows. GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <[email protected]>
* Replace most calls to open by a new wrapper.Werner Koch2020-10-202-6/+6
| | | | | | | | | | | | * common/sysutils.c (any8bitchar) [W32]: New. (gnupg_open): New. Replace most calls to open by this. * common/iobuf.c (any8bitchar) [W32]: New. (direct_open) [W32]: Use CreateFileW if needed. -- This is yet another step for full Unicode support on Windows. GnuPG-bug-id: 5098
* Replace most of the remaining stdio calls by estream calls.Werner Koch2020-10-204-11/+11
| | | | | | | | | | | | -- We need to use es_fopen on Windows to cope with non-ascii file names. This is quite a large but fortunately straightforward change. At a very few places we keep using stdio (for example due to the use of popen). GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <[email protected]>
* Replace all calls to access by gnupg_accessWerner Koch2020-10-206-20/+26
| | | | | | | | | | | | | | | | * common/sysutils.c (gnupg_access): New. Replace all calls to access by this wrapper. * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8 directory name. (standard_homedir): Adjust for change. (w32_commondir, gnupg_cachedir): Ditto. -- Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows. This is required to correctly handle non-ascii filenames on Windows. GnuPG-bug-id: 5098
* gpg,ecc: Fix SOS handling when receiving from agent.NIIBE Yutaka2020-10-091-1/+16
| | | | | | | | | | * g10/export.c (transfer_format_to_openpgp): It's not simple opaque MPI, but SOS. -- Fixes-commit: f5bc94555458123f93d8b07816a68fb7485421e1 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Switch to ed25519+cv25519 as default algo.Werner Koch2020-10-051-28/+29
| | | | | | | | | | * g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future default ago. (ask_algo): Change default and also the way we indicate the default algo in the list of algos. (ask_curve): Indicate the default curve. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix parameter parsing form ed448.Werner Koch2020-10-021-1/+1
| | | | | | * g10/keygen.c (parse_key_parameter_part): Set algo also for 448. -- Fixes-commit: a763bb2580b0d586a80b8ccd3654f41e49604f4f
* gpg: New experimental import option "bulk-import"Werner Koch2020-09-243-4/+40
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_BULK): New. * g10/import.c (parse_import_options): Add "bulk-import". * g10/call-keyboxd.c (in_transaction): New var. (gpg_keyboxd_deinit_session_data): Run a commit if in bulk import mode. (create_new_context): Run a begin transaction if in bulk import mode. -- Initial tests with this option are not very promising. Importing about 3000 real world keys with --use-keyboxd and full logging took: real 33m31.724s user 19m54.265s sys 2m49.662s With bulk-import this saves a mere 12%: real 29m36.542s user 19m3.391s sys 2m46.728s Signed-off-by: Werner Koch <[email protected]>
* keyboxd: Implement multiple search descriptions.Werner Koch2020-09-241-83/+103
| | | | | | | | | | | | * kbx/kbx-client-util.c (kbx_client_data_simple): New. * kbx/backend-sqlite.c (struct be_sqlite_local_s): Add field descidx. (be_sqlite_search): Use that. * g10/call-keyboxd.c (keydb_search): Implement multi mode. -- With that change the keyboxd is at par with the keybox code. Signed-off-by: Werner Koch <[email protected]>
* gpg: Set the found-by flags in the keyblock in keyboxd mode.Werner Koch2020-09-222-8/+34
| | | | | | | | | * g10/keydb-private.h (struct keydb_handle_s): Add fields to return the ordinals of the last found blob. * g10/call-keyboxd.c (keydb_get_keyblock): Pass them to the keyblock parser. Signed-off-by: Werner Koch <[email protected]>
* doc: Some documentation updates.Werner Koch2020-09-211-1/+1
| | | | | | -- Also fixed some typos and documented soon to be used OIDs
* common,agent,dirmngr,g10,tools: Fix split_fields API.NIIBE Yutaka2020-09-181-3/+3
| | | | | | | | | | | | | | | | | | | | | | | * common/stringhelp.h (split_fields): Use const * for the strings in the ARRAY. (split_fields_colon): Likewise. * common/stringhelp.c (split_fields, split_fields_colon): Fix the implementation. * agent/call-scd.c, agent/command.c: Follow the change. * common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise. * g10/call-agent.c, tools/card-call-scd.c: Likewise. * tools/card-yubikey.c, tools/gpg-card.c: Likewise. * tools/gpg-card.h, tools/gpg-wks-client.c: Likewise. * tools/gpgconf-comp.c, tools/gpgconf.c: Likewise. * tools/wks-util.c: Likewise. -- The strings in the ARRAY don't need to be released by caller, as those are references. It's easier to follow the code when it's explicitly const *. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,scd: Fix handling of KDF feature.NIIBE Yutaka2020-09-161-2/+2
| | | | | | | | * g10/card-util.c (kdf_setup): Fix the default value. * scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by Zeitcontrol. Make sure Gnuk and Yubikey work well. Signed-off-by: NIIBE Yutaka <[email protected]>
* keyboxd: Use D-lines instead of a separate thread.Werner Koch2020-09-101-1/+1
| | | | | | | | | | | | | | | * kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'. * g10/call-keyboxd.c (open_context): Set DLINES to true. * sm/keydb.c (open_context): Ditto. -- This allows to compile time switch between the D-line and the fd-passing data communication between gpg/gpgsm and keyboxd. A quick test with about 3000 OpenPGP keys showed that D-lines are only 10% slower than the fd-passing based implementation. Given that the thread adds extra complexity we go for now with the D-line approach. Signed-off-by: Werner Koch <[email protected]>
* keyboxd: Add options --openpgp and --x509 to SEARCH.Werner Koch2020-09-101-15/+15
| | | | | | | | | | | | | | | | | | | | | | | | * kbx/keyboxd.h (struct server_control_s): Replace the two request objects by just one. Add filter flags. * kbx/kbxserver.c (cmd_search): Add options --openpgp and --x509. (cmd_killkeyboxd): Do not return GPG_ERR_EOF. * kbx/frontend.c (kbxd_release_session_info): Adjust for the new request object. (kbxd_search, kbxd_store, kbxd_delete): Ditto. * kbx/backend-sqlite.c (struct be_sqlite_local_s): Add filter flags. (run_sql_prepare): Add optional arg 'extra'. Change callers. (run_sql_bind_ntext): New. (run_sql_bind_text): Just call run_sql_bind_ntext. (run_select_statement): Add ctrl arg. Implement the filter flags. * g10/call-keyboxd.c (keydb_search): Use the --openpgp option. -- As soon as we implement X.509 we need to have a way to return only openpgp or x.509 certificates. Gpg/gpgsm will then use the respective flag. Signed-off-by: Werner Koch <[email protected]>
* kbx: Change X.509 S/N search definition.Werner Koch2020-09-091-8/+4
| | | | | | | | | | | * kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload SNLLEN with a hex flag. Add SNHEX. * kbx/keybox-search.c (keybox_search): Adjust. * common/userids.c (classify_user_id): Adjust. * sm/keydb.c (keydb_search_desc_dump): Adjust. * g10/keydb.c (keydb_search_desc_dump): Adjust. Signed-off-by: Werner Koch <[email protected]>
* gpg,tools: Add handling of supported algorithms by a card.NIIBE Yutaka2020-09-082-0/+25
| | | | | | | | | | | * g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo. * g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO. (agent_release_card_info): Release supported_keyalgo. * tools/gpg-card.h (struct card_info_s): Add supported_keyalgo. * tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO. (release_card_info): Release supported_keyalgo. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Initialize a parameter to silence valgrind.Werner Koch2020-09-042-2/+3
| | | | | | | | | | | | | | | | | * g10/keygen.c (read_parameter_file): Initialize nline. * g10/textfilter.c (copy_clearsig_text): Initialize bufsize. -- In iobuf_read_line the parameter to pass and return the current buffer length is controlled by the buffer parameter. Thus there should be no problem because the assert call check s buffer first. For yet unknown reasons when using the standard GNU libc assert valgrind complains about an uninitialized variable. That does not happen with our log_assert. Tested with gnupg 2.2.23 with gcc 8.3.0 and valgrind 3.14.0. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix segv importing certain keys.Werner Koch2020-09-021-2/+5
| | | | | | | | | | * g10/key-check.c (key_check_all_keysigs): Initialize issuer. -- Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035 from 2017 Signed-off-by: Werner Koch <[email protected]>
* keyboxd: Restructure client access code.Werner Koch2020-09-023-436/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/kbx-client-util.c: New. * kbx/kbx-client-util.h: New. * kbx/Makefile.am (client_sources): New. * g10/keydb.c (parse_keyblock_image): Rename to keydb_parse_keyblock and make global. * g10/call-keyboxd.c: Include kbx-client-util.h. (struct keyboxd_local_s): Remove struct datastream. Add field kcd. Remove per_session_init_done. (lock_datastream, unlock_datastream): Remove. (prepare_data_pipe, datastream_thread): Remove. (keydb_get_keyblock_do_parse): Remove. (gpg_keyboxd_deinit_session_data): Release the KCD object. (open_context): Use of kbx_client_data_new. (keydb_get_keyblock): Simplify. (keydb_search): Use kbx_client_data_cmd and _wait. -- The data specific part of the code has been moved from gpg to a new module in kbx/ so that it can also be used by gpgsm. The OpenPGP parsing while reading the data has been replaced by storing the data in memory and parse it later. That makes a nice interface and abstracts the fd-passing/D-lines handling away. Signed-off-by: Werner Koch <[email protected]>
* Use only one copy of the warn_server_mismatch function.Werner Koch2020-09-015-103/+55
| | | | | | | | | | | | | | | | | * common/asshelp.c (warn_server_version_mismatch): New. Actually a slightly modified version of warn_version_mismatch found in other modules. * common/status.c (gnupg_status_strings): New. * g10/cpr.c (write_status_strings2): New. * g10/call-agent.c (warn_version_mismatch): Use the new unified warn_server_version_mismatch function. * g10/call-dirmngr.c (warn_version_mismatch): Ditto. * g10/call-keyboxd.c (warn_version_mismatch): Ditto. * sm/call-agent.c (warn_version_mismatch): Ditto. * sm/call-dirmngr.c (warn_version_mismatch): Ditto. * tools/card-call-scd.c (warn_version_mismatch): Ditto. Signed-off-by: Werner Koch <[email protected]>
* gpg: Remove left over debug output from recent change.Werner Koch2020-08-251-2/+0
| | | | | | * g10/import.c (collapse_subkeys): Remove debug out. Signed-off-by: Werner Koch <[email protected]>
* gpg: Collapse duplicate subkeys.Werner Koch2020-08-255-4/+133
| | | | | | | | | | | | | | | | | * g10/options.h (IMPORT_COLLAPSE_UIDS): New. (IMPORT_COLLAPSE_SUBKEYS): New. * g10/gpg.c (main): Make them the default. * g10/import.c (parse_import_options): New import options "no-collapse-uids" and "no-collapse_subkeys". (collapse_subkeys): New. (import_one_real): Collapse subkeys and allow disabling the collapsing using the new options. (read_key_from_file_or_buffer): Always collapse subkeys. * g10/keyedit.c (fix_keyblock): Call collapse_subkeys. -- GnuPG-bug-id: 4421 Signed-off-by: Werner Koch <[email protected]>
* Add a new dist signing keyWerner Koch2020-08-241-0/+0
| | | | | | | | | | -- This is pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA uid Werner Koch (dist signing 2020)
* build: New configure option --disable-testsWerner Koch2020-08-201-0/+4
| | | | | | | | * configure.ac: Add option --disable-tests. Print warnings in the summary. (DISABLE_TESTS): New am_conditional. -- GnuPG-bug-id: 4960
* gpg,gpgsm: Record the creation time of a private key.Werner Koch2020-08-194-9/+32
| | | | | | | | | | | | | | | | | * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option. (gpgsm_agent_import_key): Ditto. * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on. (agent_import_key): Ditto. * g10/import.c (transfer_secret_keys): Pass the creation date to the agent. * g10/keygen.c (common_gen): Ditto. -- Having the creation time in the private key file makes it a lot easier to re-create an OpenPGP public keyblock in case it was accidentally lost. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix condition of string_to_aead_algo.NIIBE Yutaka2020-08-191-1/+1
| | | | | | * g10/misc.c (string_to_aead_algo): Only compare if not NULL. Signed-off-by: NIIBE Yutaka <[email protected]>
* Add --chuid to gpg, gpg-card, and gpg-connect-agent.Werner Koch2020-08-141-2/+15
| | | | | | | | | | | | | | | | | | | * g10/gpg.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. Delay setting of homedir until the new chuid is done. * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is done. * tools/gpg-card.c (oChUid): New. (opts): Add --chuid. (changeuser): New helper var. (main): Implement --chuid. * tools/gpg-connect-agent.c (oChUid): New. (opts): Add --chuid. (main): Implement --chuid. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Ignore personal_digest_prefs for ECDSA keys.Werner Koch2020-08-131-3/+7
| | | | | | | | * g10/sign.c (hash_for): Simplify hash algo selection for ECDSA. -- GnuPG-bug-id: 5021 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix trustdb for v5key.NIIBE Yutaka2020-08-074-31/+89
| | | | | | | | | | | | | | | | | | | | | | | * g10/keydb.h (fpr20_from_pk): New. * g10/keyid.c (fpr20_from_pk): New. * g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk. * g10/trustdb.c (keyid_from_fpr20): New. (verify_own_keys): Use keyid_from_fpr20. (tdb_update_ownertrust): Use fpr20_from_pk. (update_min_ownertrust): Likewise. (update_validity): Likewise. -- For the compatibility of existing implementation, we keep the format of trustdb untouched. The format of trustdb uses 20-byte fingerprint for the trust record entry. To handle both of v4key (with 20-byte fingerprint) and v5 key (with 32-byte fingerprint), we introduce FPR20 fingerprint, internally. For v4key, FPR20 is as same as v4 fingerprint. For v5key, FPR20 is constructed from v5key fingerprint. GnuPG-bug-id: 5000 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix short key ID for v5key.NIIBE Yutaka2020-08-072-3/+8
| | | | | | | | | | * g10/keyid.c (keyid_from_pk): Return keyid[0] for v5key. * g10/keyring.c (keyring_search): Handle short key ID for v5key. -- GnuPG-bug-id: 5000 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Remove expired key of David Shaw from distsigkey.gpg.Werner Koch2020-08-061-0/+0
| | | | --
* gpg: Add level 16 to --gen-randomWerner Koch2020-08-051-32/+45
| | | | | | | | | | | * g10/gpg.c (main): Add that hack. -- This is an yet undocumented hack to allow printing hex encoded random number with gpg. The level is forced to be 1 which is is good for almost all uses. Note that --armor is ignored. Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not close stdout after --export-ssh-keyWerner Koch2020-07-161-2/+3
| | | | | | | | | * g10/export.c (export_ssh_key): Do not close stdout. -- stdout should never be closed; this fixes this minor bug. Signed-off-by: Werner Koch <[email protected]>
* gpg: Reword warning about decryption w/o using a non-encrypt key.Werner Koch2020-07-141-2/+3
| | | | --
* gpg: For decryption, support use of a key with no 'encrypt' usage.NIIBE Yutaka2020-07-101-5/+9
| | | | | | | | | | * g10/pubkey-enc.c (get_session_key): Don't skip at no PUBKEY_USAGE_ENC. Emit information the key has no 'encrypt' usage. -- GnuPG-bug-id: 4246 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Print a note if no args are given to --delete-keyWerner Koch2020-07-091-1/+4
| | | | | | | | | | | | -- It is a bit surprising that nothing happens if no key is specified to --delete-key et al. Although this is common Unix behaviour the use might have expected that it behaves like --export and deletes all keys. Sure we don't do the latter, so a short notice will help. GnuPG-bug-id: 4959 Signed-off-by: Werner Koch <[email protected]>
* Do not use the pinentry's qualitybarWerner Koch2020-07-081-1/+1
| | | | | | | | | | | | | | | | * agent/genkey.c (agent_ask_new_passphrase): No qualitybar. * g10/call-agent.c (agent_get_passphrase): Ditto. * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto. -- The concept of a passphrase quality indicator is anyway questionable because user are smart enough to trick them out and they also tend to limit the actually used entropy. Except for the red/green switching (to show whether constraints are fulfilled) our qualitybar is pretty bad and thus worse than none. Signed-off-by: Werner Koch <[email protected]>
* gpg: Use integrated passphrase repeat entry also for -c.Werner Koch2020-07-083-7/+33
| | | | | | | | * g10/call-agent.c (agent_get_passphrase): Add arg newsymkey. * g10/passphrase.c (passphrase_get): Add arg newsymkey. (passphrase_to_dek): Pass it on. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix flaw in symmetric algorithm selection in mixed mode.Werner Koch2020-07-073-18/+10
| | | | | | | | | | | | | | | | * g10/encrypt.c (setup_symkey): Use default_cipher_algo function instead of the fallback s2k_cipher_algo. Fix error code. (encrypt_simple): Use setup_symkey. -- Aside of removing code duplication this patch fixes the flaw that the S2K cipher algorithm was used when mixing public key and symmetric encryption or signatures with symmetric encrypion. The default_algorithm function should be used here so that the command line option --cipher-algo and --personal-cipher-preferences have an effect. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 05:57:49 +0000