| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
* agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not
to check existing key.
(convert_from_openpgp): Ditto.
(convert_from_openpgp_native): Call convert_from_openpgp_main with
dontcare_exist=0.
* agent/command.c (cmd_import_key): Call with dontcare_exist=force.
|
| |
|
|
|
|
|
| |
* g10/call-agent.c (agent_import_key): Add an argument FORCE.
* g10/import.c (transfer_secret_keys): Likewise.
(import_secret_one): Call transfer_secret_keys with FORCE=0.
* g10/keyedit.c (keyedit_menu): Call with FORCE=1.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.
--
GnuPG-bug-id: 2169
It was introduced by the commit 9e834047 in 2009. Then, we moved
private key handling to gpg-agent which broke this subcommand.
Note: This subcommand was not supported in 1.4 and 2.0.
|
| |
|
|
|
| |
* g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME.
Also support tilda expansion.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_menu): Call transfer_secret_keys.
* g10/import.c (transfer_secret_keys): Make it global function.
Allow stats==NULL.
--
GnuPG-bug-id: 2169
|
| |
|
|
| |
* agent/command.c (cmd_keywrap_key): New option --force.
|
| |
|
|
|
|
|
|
|
|
|
| |
--
I must have mixed the up during testing. The old one is just one
keyserver and the new one is the OnionBalance hidden service. See
https://sks-keyservers.net/overview-of-pools.php
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (struct pubkey): Rename to pubkey_s.
(pubkey_t): New. Change all struct pubkey_s to use this type.
* g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
--
It is common in GnuPG to use a suffix of _s for struct names. There
is no technical need for this (actually this pattern comes from pre
ANSI C compilers which had no separate namespaces) but it avoid
surprises when reading the code.
Adding the pubkey_t type is mainly to improve font locking by using
the common suffix _t for a typedefed type.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (card_write_key_to_backup_file): Simplify by using
hexfingerprint.
--
Note that the extra blank added to FPRBUF in the old code was not
needed because write_status_text_and_buffer already ensures that
there will be a space.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/getkey.c (pubkey_free): Check for NULL arg.
--
We don't like surprises ;-)
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/keydb.c (keydb_update_keyblock): De-ref after the assert. Use
%zu for size_t.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/getkey.c (parse_def_secret_key): Do not make strings passed to
log_debug translatable.
--
Debug output is intended to be used along with the source or to be
send to the developers. Thus translations are at best not helpful.
|
| |
|
|
|
|
|
|
| |
* g10/keygen.c (do_generate_keypair): Clear the variable S.
--
GnuPG-bug-id: 2201
|
| |
|
|
|
|
|
| |
* g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/getkey.c (parse_def_secret_key): Fix error message.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here. Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here. Update users. Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Regression-due-to: e8c53fc
This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks. The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic. Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality. Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/pkclist.c (build_pk_list): Remove parameter use, which is always
called set to PUBKEY_USAGE_ENC. Update callers.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
encryption-only keys when a signing key is needed and vice-versa.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
current offset. After taking the lock, extract the fingerprint from
the keyblock, find it and then replace it.
--
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 2193
Between locating the record to update and actually updating the
keyblock, it is possible that another process modifies the keyring,
which causes the update to corrupt the keyring. This is due to a time
of check to time of use bug. The fix is straightforward: both
operations must be done while holding the lock. This changes the
semantics of the function slightly, but no callers need to be
modified. Further, it now becomes impossible to replace key A with B;
this function will only ever update B.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Only add the user supplied CFLAGS after running any
autoconf tests.
--
Signed-off-by: Neal H. Walfield <[email protected]>
If the user's CFLAGS include -Werror, then some configure tests fail.
To avoid this, we only add the user's CFLAGS after all of the
configure tests have run.
|
| |
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to
avoid a warning when ADNS is not available.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* kbx/keybox-defs.h (struct keybox_found_s): Remove unused fields
offset and n_packets.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/getkey.c (parse_def_secret_key): Display the key that is
invalid, not the search description.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
taken from the config file, note this.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Regression-due-to: 28311d1
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
(PK_LIST_HIDDEN): Likewise.
(PK_LIST_CONFIG): Likewise.
(PK_LIST_SHIFT): Likewise.n
--
Signed-off-by: Neal H. Walfield <[email protected]>
Using an enum has the advantage that the symbol can be used in gdb.
|
| | |
|
| |
|
|
|
| |
* g10/main.h (save_unprotected_key_to_card): Remove.
* g10/options.h (ctapi_driver, pcsc_driver, disable_ccid): Remove.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (server_control_s, ctrl_t): Move to ...
* common/fwddecl.h: New file.
* common/call-gpg.h: Replace typedef by fwddecl.h. Change include
protection macro name.
* common/Makefile.am (common_sources): Add fwddecl.h.
--
It seems some compilers do not grok a re-declaration. Thus we factor
it out into a separate file and use the include protection macro to
protect against re-declaration.
GnuPG-bug-id: 2200
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* configure.ac (PKG_PROG_PKG_CONFIG): New.
--
GnuPG-bug-id: 2197
|
| |
|
|
|
|
| |
--
Remove the backup file g10/keygen.c.~HEAD~
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (do_ask_passphrase, generate_raw_key)
(gen_card_key_with_backup, save_unprotected_key_to_card): Remove.
--
Now, key generation is done by gpg-agent. Asking passphrase is done
through pinentry invoked by gpg-agent. It is done by
new internal function of card_store_key_with_backup.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/main.h (receive_seckey_from_agent): Declare.
* g10/keygen.c (card_write_key_to_backup_file): New.
(card_store_key_with_backup): New.
(do_generate_keypair): Create a key on host for encryption key when
backup is requested. Then, call card_store_key_with_backup.
--
GnuPG-bug-id: 2169
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/export.c (receive_seckey_from_agent): New.
(do_export_stream): Use it.
--
Also fixed a memory leak of WRAPPEDKEY on a successful path of
build_packet.
In the log message, key is now by a hexgrip instead of a format by
keystr_with_sub.
|
| |
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
disabled, revoked and expired keys (if appropriate for the provided
option).
--
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 2186
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/call-gpg.c (my_error_from_syserror, my_error_from_errno): New.
Use these wrappers.
* common/exectool.c (my_error_from_syserror): New. Use these
wrappers.
--
Function in common should use the error source of the component which
links them. The global variable DEFAULT_ERRSOURCE is set early by
each component to make this possible.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (parse_def_secret_key): Do not make debug messages
translatable. Make use of print_reported_error.
--
This patch also passes all required arguments to log_debug ;-).
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/misc.c (print_reported_error): New.
--
Often the user is only interested in a catch all error code like "not
found" but sometimes it is useful to also see the real reason. By
this function this can easily be achieved. Example:
err = search_for_key (keyid)
if (err)
{
log_info ("error locating key '%s': %s\n",
keyid, gpg_strerror (GPG_ERR_NOT_FOUND));
print_reported_error (err, GPG_ERR_NOT_FOUND);
}
results in
gpg: error locating key 'foobar': not found
gpg: (reported error: no keyring <keybox>)
where the second line is only printed in verbose mode and if ERR is
not GPG_ERR_NOT_FOUND.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* kbx/keybox-search.c (keybox_seek): New function.
* g10/keydb.c (keydb_search): When reading from the cache, seek to
just after the cached record.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* kbx/keybox-search.c (keybox_offset): New function.
* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
HD->KEYBLOCK_CACHE.OFFSET.
(keydb_search): Don't use the cached result if it comes before the
current file position. When caching an entry, also record the
position at which it was found.
--
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 2187
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyring.c (KR_NAME): Rename this...
(KR_RESOURCE): ... to this. Update users.
(struct keyring_name): Rename this...
(struct keyring_resource): ... to this. Update users.
(struct off_item): Rename this...
(struct key_present): ... to this. Update users.
(OffsetHashTable): Rename this...
(key_present_hash_t): ... to this. Update users.
(kr_offtbl): Rename this...
(key_present_hash): ... to this. Update users.
(kr_offtbl_ready): Rename this...
(key_present_hash_ready): ... to this. Update users.
(KEY_PRESENT_HASH_BUCKETS): New define. Replace use of literals
with this.
(new_offset_item): Rename this...
(key_present_value_new): ... to this. Update users.
(release_offset_items): Drop dead code.
(new_offset_hash_table): Rename this...
(key_present_hash_new): ... to this. Update users.
(release_offset_hash_table): Drop dead code.
(lookup_offset_hash_table): Rename this...
(key_present_hash_lookup): ... to this. Update users.
(update_offset_hash_table): Rename this...
(key_present_hash_update): ... to this. Drop unused parameter off.
Update users.
(update_offset_hash_table_from_kb): Rename this...
(key_present_hash_update_from_kb): ... to this. Drop unused parameter
off. Update users.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt.
--
Thanks to Sami Farin.
GnuPG-bug-id: 2154
|
| |
|
|
|
|
|
| |
* common/isascii.c: Change.
--
Actually this code is too trivial to claim any copyright at all.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/status.c: Change from GPLv3 to LGPLv3+/GPLv2+.
* common/status.h: Ditto.
* common/yesno.c: Ditto.
* common/common-defs.h: Ditto.
* common/gettime.h: Ditto.
* common/keyserver.h: Ditto.
--
This is shared code and trivial enough to allow use under GPLv2+ so to
allow use by GPLv2only software. Some of the headers are simply
adjusted to the license of their implementation.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* common/exectool.c, common/exectool.h: Change license.
--
We always try to use this license for shared code.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/sh-exectool.c: Rename to exectool.c.
* common/sh-exectool.h: Rename to exectool.h.
* common/Makefile.am (common_sources): Adjust for rename.
* common/exectool.c (sh_exec_tool_stream): Rename to
gnupg_exec-tool-stream.
(sh_exec_tool): Rename to gnupg_exec_tool.
* tools/gpgtar-create.c (gpgtar_create): Adjust for changes.
* tools/gpgtar-extract.c: Adjust for changes.
* tools/gpgtar-list.c: Adjust for changes.
--
The "sh-" presifx is used by g13 for system helpers which are used by
processes created via userv. A generic function in common/ should
also have a generic name.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
--
The key editor currently prints out the ownertrust value assigned
to a key only when using the classic or PGP trust models; but
that value is also meaningful in the recently introduced TOFU+PGP
combined model.
Signed-off-by: Damien Goutte-Gattat <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (parse_def_secret_key): Don't just check if a secret
key is available for the public key, also consider subkeys. Also
check that the key has the signing capability, is not revoked, is not
expired and is not disabled. Print a warning if there was a least one
value passed to --default-key and all were ignored.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Regression-due-to: e16d7168
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_genkey): Strip leading zeros for fingerprint
computation.
--
This bug is difficult to reproduce because the probability is 1/256,
and key generation takes long time. The regression was introduced
when we add the support for ECC.
GnuPG-bug-id: 2150
|
| |
|
|
|
|
|
|
|
| |
* g10/import.c (struct stats_s): Rename to import_stats_s. Change all
users.
* g10/main.h (import_stats_t): New. Change fucntions to use this
instead of a void pointer.
Signed-off-by: Werner Koch <[email protected]>
|
