| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
--
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
| |
* doc/Makefile.am: Ship gpg-agent-browser.socket alongside the other
systemd user service example files.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (main): Remove duplicated initialization in daemon
mode.
--
The commit f57dc2b1e6f28d164f882373535dbcb0d632ca17 fixes a part of
problem (for missing initialization of supervised mode). It was
actually put in wrong place.
Fixes-commit: 9f92b62a51d2d60f038fdbe01602865c5933fa95
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
--
Note that the TOFU related strings are updated because more changes
are expected after the next release.
Signed-off-by: Werner Koch <[email protected]>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (busy_handler): Fix the flags and utime is not needed.
--
The argument flags must include one of O_RDONLY, O_WRONLY, or O_RDWR.
Adding O_TRUNC, the file is updated. So, utime is not needed.
Fixes-commit: b2e1b17efa952afcf7aeec8b15e9d0088dba587a
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (TIMERTICK_INTERVAL): Always use 60 seconds like
we did for WindowsCE.
--
Given that the timer tick is only used for housekeeping tasks and
these are done every 10 minutes, it makes no sense to use 2 seconds.
The minor drawback is tha the housekeeping may be delayed by one
minute.
NB: For the purpose of power saving, we already make sure that the
process wakes up at the full second so that it is synchronized to the
wakeup time of other processes.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (handle_tick): Remove w32 tests for
shutdown_pending; no longer needed.
--
In d83ba4897bf217d1045c58d1b99e52bd31c58812, we removed the
Windows-specific system daemon features, where shutdown_pending was
set from w32_service_control(). shutdown_pending is now never
assigned outside of handle_signal() or within an inotify test, neither
of which are available on w32.
As a result, this stanza in handle_tick() should be dead code, and can
be removed to keep things simple.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
s/win32/w32/ to please RMS ;-) -wk
|
| |
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (busy_handler): Add third argument which is mandatory for
O_CREATE flag.
--
Reported-by: Kristian Fiskerstrand
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.
--
Some other products by Cherry works with pinpad, although it only works
for smaller keys (RSA 1024). TPDU support is good for larger keys.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
* dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
* doc/dirmngr.texi: Document this behavior.
--
A user who doesn't specify a keyserver, but asks gnupg to fetch a key
currently just gets a simple error messages "No keyserver available".
If the user is asking to contact a keyserver, we should have a
reasonable default, and not require them to fiddle with settings when
they might not know what settings to choose. This patch makes the
default hkps://hkps.pool.sks-keyservers.net.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
the HKPS pool, and they have not specified any hkp-cacert, then we
should default to the system CAs, rather than nothing.
* doc/dirmngr.texi: Document choice of CAs.
--
Consider three possible classes of dirmngr configuration:
a) no hkps:// keyserver URLs at all (communication with keyservers is
entirely in the clear)
b) hkps:// keyserver URLs, but no hkp-cacert directives
c) hkps:// keyserver URLs, and at least one hkp-cacert directive
class (a) provides no confidentiality of requests.
class (b) currently will never work because the server certificate
cannot be validated.
class (c) is currently supported as intended.
This patch allows users with configurations in class (b) to work as
most users expect (relying on the system certificate authorities),
without affecting users in classes (a) or (c).
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
o minor indentation fix
- wk
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
an argument for hkp-cacert into an absolute filename, terminate
completely.
* dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
immediately accessible, but register it anyway.
--
Without this changeset, the condition of the filesystem when dirmngr
is initialized will have an effect on later activities of dirmngr.
For example, if a file identified by a hkp-cacert directive doesn't
exist when dirmngr starts, dirmngr will behave as though it simply
didn't have the hkp-cacert directive set at all, even if the file
should appear later.
dirmngr currently behaves differently if no hkp-cacert directives have
been set then it does when at least one hkp-cacert directive has been
set. For example, its choice of CA cert for
hkps://hkps.pool.sks-keyservers.net depends on whether a TLS CA file
has been registered. That behavior shouldn't additionally depend on
the state of the filesystem at the time of dirmngr launch.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
| |
--
Reported-by: Nathan Musoke <[email protected]>
|
| |
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (opexe_0): Enable gc before calling 'Error_1'.
Fixes-commit: 83c184a66b73f312425b01008f0495610e5329a4
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
| |
* tests/gpgscm/scheme.c (type_to_string): Fix string.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
* dirmngr/dirmngr.c (oAllowVersionCheck): New.
(opts): Add --allow-version-check.
(network_activity_seen): New variable.
(parse_rereadable_options): Set opt.allow_version_check.
(main) <aGPGConfList>: Do not anymore set the no change flag for
Windows. Add allow-version-check.
(netactivity_action): Set network_activity_seen.
(housekeeping_thread): Call dirmngr_load_swdb.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
Make "use-tor" available at Basic level.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified"
timestamp.
(dirmngr_load_swdb): Avoid unnecessary disk or network access witout
FORCE. Do not update swdb.lst if it did not change.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/loadswdb.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add that file.
* dirmngr/server.c: Remove includes cpparray.h and exectool.h.
(cmd_loadswdb): New.
(parse_version_number,parse_version_string): Remove.
(my_mktmpdir, cmp_version): Remove.
(fetch_into_tmpdir): Remove.
(struct verify_swdb_parm_s): Remove.
(verify_swdb_status_cb): Remove.
(cmd_versioncheck): Remove.
(register_commands): Register LOADSWDB. Remove VERSIONCHECK.
--
This change is required to to the new design where gpgconf does the
version check w/o network access and only dirmngr is responsible for
getting the swdb.
In the next installment the loading will be triggered as needed.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (main): Before calling setsid do not close the
standard fds but connect them to /dev/null.
* scd/scdaemon.c (main): Ditto. Noet that the old test for a log
stream was even reverted.
--
Note that this was fixed for gpg-agent 10 years ago on 2006-11-09.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* kbx/keybox-util.c (keybox_file_rename): Rename to ...
* common/sysutils.c (gnupg_rename_file): this. Change all callers.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* tools/Makefile.am (gpg_wks_client): Remove macro.
(libexec_PROGRAMS): Add gpg-wks-client.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oOverrideSessionKeyFD): New.
(opts): Add option --override-session-key-fd.
(main): Handle that option.
(read_sessionkey_from_fd): New.
--
The override-session-key feature was designed to mitigate the effect
of the British RIP act by allowing to keep the private key private and
hand out only a session key. For that use case the leaking of the
session key would not be a problem. However there are other use
cases, for example fast re-decryption after an initial decryption,
which would benefit from concealing the session key from other users.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpgv.c (oEnableSpecialFilenames): New.
(opts): Add option --enable-special-filenames.
(main): Implement that option.
--
This is the same option we have in gpg. It allows to use commands
like
gpgv --enable-special-filenames -- '-&3' - <msg 3<msg.sig
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (CO_DE_VS): New.
(GNUPG): Also allow CO_DE_VS.
* g10/gpg.c (oDE_VS): New.
(parse_compliance_option): Add "de-vs".
(set_compliance_option): Set "de-vs".
* g10/misc.c (compliance_option_string): Return a description string.
(compliance_failure): Ditto.
* g10/keygen.c (ask_algo): Take care of CO_DE_VS.
(get_keysize_range): Ditto.
(ask_curve): Add new field to CURVES and trun flags into bit flags.
Allow only Brainpool curves in CO_DE_VS mode.
--
As of now this compliance mode only restricts the set of algorithms
and curves which can be created.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
--
kbnode_t has replaced KBNODE for new code years ago, but that should
be documented. No bulk changes please to keep git blame easy to read.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/free-packet.c (free_attributes): Turn function into a nop for a
NULL arg.
(free_user_id): Ditto.
(free_compressed): Ditto.
(free_encrypted): Ditto.
(free_plaintext): Ditto.
(release_public_key_parts): Avoid extra check for NULL.
* g10/getkey.c (get_best_pubkey_byname): Ditto.
--
This change avoid surprises because it is common that function named
like free and taking a pointer also have similar semantics.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/getkey.c (get_best_pubkey_byname): Use the node returned by
'getkey_next' instead of doing another lookup.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/getkey.c (finish_lookup): Clarify that we do not return a
reference.
(lookup): Clarify the relation between RET_KEYBLOCK and RET_FOUND_KEY.
Check arguments. Actually release the node if it is not returned.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/getkey.c (getkey_next): Fix invocation of 'lookup'. If we want
to use RET_FOUND_KEY, RET_KEYBLOCK must be valid.
Fixes-commit: 8ea72a776a88f3c851e812d258355be80caa1bc1
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/getkey.c (pubkey_cmp): Make a copy of the user id.
(get_best_pubkey_byname): Free the user ids.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* sm/gpgsm.c (oCompliance): New.
(opts): Add "--compliance".
(main): Implement as stub.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/keyedit.c (menu_adduid): Don't copy 'sig'.
--
Fixes-commit: 809d67e74014cb563efd965744fd11f87bbae743
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oCompliance): New.
(opts): Add "--compliance".
(parse_tofu_policy): Use a generic description string for "help".
(parse_compliance_option): New.
(main): Add option oCompliance. Factor out code for compliance
setting to ...
(set_compliance_option): new.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* g10/keyedit.c (menu_adduid): Deallocate 'sig'.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (T_FINALIZE): New macro.
(mk_port): Use the new macro.
(mk_foreign_object): Likewise.
(mk_counted_string): Likewise.
(mk_empty_string): Likewise.
(gc): Only call 'finalize_cell' for cells with the new flag.
--
This speeds up the sweep phase of the garbage collector considerably
because most cells do not require finalization.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (_s_return): Recover the cell holding the
opcode.
Fixes-commit: e0cbd3389e2dd6ec19ee3a4c7bad81fa0f1907f5
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/mainproc.c (check_sig_and_print): Free 'pk'.
Fixes-commit: 37e3c897252babc203447be9d2f286a4507875ad
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/scheme-private.h (struct scheme): New fields
'inhibit_gc', 'reserved_cells', and 'reserved_lineno'.
* tests/gpgscm/scheme.c (GC_ENABLED): New macro.
(USE_GC_LOCKING): Likewise.
(gc_reservations): Likewise.
(gc_reservation_failure): New function.
(_gc_disable): Likewise.
(gc_disable): New macro.
(gc_enable): Likewise.
(gc_enabled): Likewise.
(gc_consume): Likewise.
(get_cell_x): Consume reserved cell if garbage collection is disabled.
(_get_cell): Assert that gc is enabled.
(get_cell): Only record cell in the list of recently allocated cells
if gc is enabled.
(get_vector_object): Likewise.
(gc): Assert that gc is enabled.
(s_return): Add comment, adjust call to '_s_return'.
(s_return_enable_gc): New macro.
(_s_return): Add flag 'enable_gc' and re-enable gc if set.
(oblist_add_by_name): Use the new facilities to protect the
allocations.
(new_frame_in_env): Likewise.
(new_slot_spec_in_env): Likewise.
(s_save): Likewise.
(opexe_0): Likewise.
(opexe_1): Likewise.
(opexe_2): Likewise.
(opexe_5): Likewise.
(opexe_6): Likewise.
(scheme_init_custom_alloc): Initialize the new fields.
--
Every time a cell is allocated, the interpreter may run out of free
cells and do a garbage collection. This is problematic because it
might garbage collect objects that have been allocated, but are not
yet made available to the interpreter.
Previously, we would plug such newly allocated cells into the list of
newly allocated objects rooted at car(sc->sink), but that requires
allocating yet another cell increasing pressure on the memory
management system.
A faster alternative is to preallocate the cells needed for an
operation and make sure the garbage collection is not run until all
allocated objects are plugged in. This can be done with gc_disable
and gc_enable.
This optimization can be applied incrementally. This commit picks all
low-hanging fruits.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/command.c (send_status_info): Do percent plus encoding correctly.
--
Reported-by: David Härdeman <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
system call clamp.
(agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
enough.
--
This patch prepares for a feature comming with Libgcrypt 1.8.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
"need_entropy".
--
During key generation Libgrypt will read from /dev/random which may
block. Libgcrypt is not nPth aware and thus the entire process will
block. Fortunately there is also a select with a short timeout to run
the progress callback. We detect this in gpg-agent and introduce a
short delay to give other threads (i.e. connections) an opportunity to
run.
This alone is not sufficient, an updated Libgpg-error is also required
to make the lock functions nPth aware.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (netactivity_cb): New.
(http_register_netactivity_cb): New.
(notify_netactivity): New.
(connect_server): Call that function.
* dirmngr/dirmngr.c (main): Call http_register_netactivity_cb.
(netactivity_action): New stub handler.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--
These configuration files and instructions enable clean and simple
daemon supervision on machines that run systemd.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
- Removed the detailed ChangeLog entry because that is not needed for
doc changes.
- Added an entry to doc/examples/README.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* agent/agent.h: Clean up comments.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
--
With commit d83ba4897bf217d1045c58d1b99e52bd31c58812 all system daemon
features have been removed and thus this should be reflected in the
man page.
Signed-off-by: Werner Koch <[email protected]>
|
