| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/export.c (export_ssh_key): Also check the primary key.
--
If no suitable subkey was found for export, we now check whether the
primary key is suitable for export and export this one. Without this
change it was only possible to export the primary key by using the '!'
suffix in the key specification.
Also added a sample key for testing this.
GnuPG-bug-id: 2957
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (libdns_init): Do not print error message for a
missing nsswitch.conf. Make sure that tehre is a DNS entry.
--
GnuPG-bug-id: 2948
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (retrieve_options_from_program): Check ERRNO
before printing a warning.
--
It is common that a conf files does not exist - thus we should not
print a warning.
GnuPG-bug-id: 2944
BTW: The error messages in gpgconf should be reworked to match those
of the other components.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/gpg.c (main): Print in the default case.
--
GnuPG-bug-id: 2943
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* g13/Makefile.am (t_common_ldadd): Add iconv.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (apdu_open_reader): Add an argument APP_EMPTY.
When CCID driver fails to open, try PC/SC if APP is nothing.
* scd/app.c (select_application): Supply arg if APP is nothing.
--
After scanning available card readers by CCID driver, scdaemon should
try PC/SC service if no APP is registered yet. Also, when the slot
is allocated for PC/SC (ccid.handle==NULL), it should not call
ccid_compare_BAI, otherwise scdaemon crashes.
Debian-bug-id: 852702, 854005, 854595, 854616
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/sign.c (write_signature_packets): Free SIG. Also replace
xcalloc by xtrycalloc.
--
If do_sign fails SIG was not released. Note that in the good case SIG
is transferred to PKT and freed by free_packet.
Reported-by: Stephan Müller
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/logging.c: Add #include "sysutils.h".
--
Without this, we see:
logging.c:573:9: warning: implicit declaration of function \
‘gnupg_fd_valid’ [-Wimplicit-function-declaration]
if (! gnupg_fd_valid (fd))
^~~~~~~~~~~~~~
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.c (gnupg_fd_valid): New function.
* common/sysutils.h (gnupg_fd_valid): New declaration.
* common/logging.c (log_set_file): Use the new function.
* g10/cpr.c (set_status_fd): Likewise.
* g10/gpg.c (main): Likewise.
* g10/keylist.c (read_sessionkey_from_fd): Likewise.
* g10/passphrase.c (set_attrib_fd): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/issue2941.scm: New file.
--
Consider a situation where the user passes "--status-fd 3" but file
descriptor 3 is not open.
During the course of executing the rest of the commands, it's possible
that gpg itself will open some files, and file descriptor 3 will get
allocated.
In this situation, the status information will be appended directly to
whatever file happens to have landed on fd 3 (the trustdb? the
keyring?).
This is a potential data destruction issue for all writable file
descriptor options:
--status-fd
--attribute-fd
--logger-fd
It's also a potential issue for readable file descriptor options, but
the risk is merely weird behavior, and not data corruption:
--override-session-key-fd
--passphrase-fd
--command-fd
Fixes this by checking whether the fd is valid early on before using
it.
GnuPG-bug-id: 2941
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/openpgp/ssh-import.scm (path): New variable.
(ssh,ssh-keygen,ssh-version,ssh-supports?): Likewise.
--
Skip algorithms not supported by the OpenSSH in the ssh import test.
This notably fixes the test on macOS when the stock ssh version is
used.
GnuPG-bug-id: 2847
GnuPG-bug-id: 2947
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (send_confirmation_request): Add custom
header.
(send_congratulation_message): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* po/nl.po: Apply several minor manual cleanups to nl.po that were
previously applied to all the other localizations.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* po/nl.po: Copy from 2.0 branch.
--
It's not clear to me why this didn't get transferred in
329ece46bf83871f01eb833d5ebec6da36bfcce0.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (opts): Define commands with ARGPARSE_c
instead of ARGPARSE_s_n.
--
These three entries are commands, but they're being treated as a
string-based option for some reason. However, if you try to use them
concurrently with another command like --clearsign, you'll get "gpg:
conflicting commands".
Furthermore, because they're marked as options, their flags differ
from the commands that they alias, they cause ambiguity in
abbreviation (e.g. try "gpg --list-ke") which should have been fixed
by 7249ab0f95d1f6cb8ee61eefedc79801bb56398f.
Marking them explicitly as commands for argparse should be more
accurate and should resolve the abbreviation ambiguity issue.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
gpg: fix aliases --list-key, --list-sig, and --check-sig.
* g10/gpg.c: ARGPARSE_OPTS opts[]: define commands with ARGPARSE_c
instead of ARGPARSE_s_n.
--
These three entries are commands, but they're being treated as a
string-based option for some reason. However, if you try to use them
concurrently with another command like --clearsign, you'll get "gpg:
conflicting commands".
Furthermore, because they're marked as options, their flags differ
from the commands that they alias, they cause ambiguity in
abbreviation (e.g. try "gpg --list-ke") which should have been fixed
by 7249ab0f95d1f6cb8ee61eefedc79801bb56398f.
Marking them explicitly as commands for argparse should be more
accurate and should resolve the abbreviation ambiguity issue.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
| |
* doc/gpg.texi: clarify abbreviation of --help.
Debian-bug-id: 852979
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
| |
* agent/call-pinentry.c [!W32]: Incluse utsname.h
(start_pinentry): Pass nodename to OPTION/owner.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Check for SO_PEERCRED et al.
* agent/agent.h (server_control_s): Add field 'client_pid'.
* agent/command.c (start_command_handler): Set CLIENT_PID.
* agent/command-ssh.c (get_client_pid): New.
(start_command_handler_ssh): Set CLIENT_PID.
* agent/call-pinentry.c (start_pinentry): Tell Pinentry the client-pid.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
* g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
that we do not change the code when adding new fields to
PINENTRY_LAUNCHED.
--
This patch changes the --verbose output of gpg to show
for example
gpg: pinentry launched (5228 gtk2 1.0.1-beta10 \
/dev/pts/4 xterm localhost:10.0)
the used tty, its type, and the value of DISPLAY in addiion to the
pid, flavor, and version.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (show_statistics): If there are not records, return 0
instead of NULL.
--
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 2853
According to SUSv3:
If the subject sequence is empty or does not have the expected form,
no conversion is performed
...
If no conversion could be performed, 0 is returned and errno may be
set to [EINVAL].
http://pubs.opengroup.org/onlinepubs/007908799/xsh/strtol.html
It appears that MacOS X sets errno to EINVAL, but glibc doesn't.
Hence, we map NULL to 0 explicitly.
|
| |
|
|
|
|
| |
* tests/openpgp/issue2929.scm: Improve description of test.
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
| |
This reverts commit 59048b0f1aa77313573a1004cd3a9f02692a7521.
|
| |
|
|
|
|
|
|
|
| |
* g10/tofu.c (get_trust): Call get_policy before short-circuiting the
policy lookup for ultimately trusted keys to make sure the binding is
added to the bindings table, if necessary.
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 2929
|
| |
|
|
|
|
|
| |
* g10/tofu.c (tofu_get_validity): If there was a conflict, don't also
print out a warning about too few messages.
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP. If
they are not NULL, return the policy and conflict set (if there is
one), respectively. Update callers. If MAY_ASK is FALSE, don't print
out the statistics.
(tofu_register_encryption): If there is a conflict and we haven't yet
printed the statistics about the conflicting bindings, do so now.
(tofu_get_validity): Likewise.
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 2914
|
| |
|
|
|
|
| |
* g10/tofu.c (ask_about_binding): Add newline to output.
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/tofu.c (tofu_register_encryption): Remove period at end of
warning.
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (disable_dns_tormode): New.
* dirmngr/dirmngr.c (oNoUseTor): New const.
(opts): New option --no-use-tor.
(tor_mode): New var.
(parse_rereadable_options): Change to use TOR_MODE.
(dirmngr_use_tor): New.
(set_tor_mode): Call disable_dns_tormode. Implement oNoUseTor.
* dirmngr/dirmngr.h (opt): Remove field 'use_tor'. Replace all
references by a call to dirmngr_use_tor().
* dirmngr/server.c (cmd_getinfo): Distinguish between default and
enforced TOR_MODE.
--
This patch replaces the global variable opt.use_tar by a function
testing a file local mode flag. This patch prepares for a
use-tor-if-available mode.
GnuPG-bug-id: 2935
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/scdaemon.c (get_active_connection_count): New.
(start_connection_thread): Bump ACTIVE_CONNECTIONS up and down.
* scd/command.c (cmd_getinfo): Add subcommand "connections".
--
Apply gpg-agent change to scdaemon. See the commit in 2016-08-06:
40d16029ed8b334c371fa7f24ac762d47302826e
Then, add kicking the loop, so that main loop can notice the change of
the connection.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (oblist_initial_value): Increase the size of
the hash table based on the number of symbols used after initializing
the interpreter.
(new_frame_in_env): Increase the size of the hash table based on the
number of variables in the global environement.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (pointercmp): New function.
(new_slot_spec_in_env): Add and use slot for insertions.
(find_slot_spec_in_env): New variant of 'find_slot_in_env' that
returns the slot on failures.
(find_slot_in_env): Express using the new function.
(new_slot_in_env): Update callsite.
(opexe_0): Optimize lookup-or-insert.
(opexe_1): Likewise.
(scheme_define): Likewise.
--
Optimize environment lookups by keeping the lists in the hash table or
the list sorted. Optimize the insertions by passing the slot computed
by the lookup to the insertion.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (new_slot_spec_in_env): Provide preallocation
inforomation if USE_ALIST_ENV.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (oblist_find_by_name): Keep the list of
symbols sorted, return the slot where a new symbol must be inserted on
lookup failures.
(oblist_add_by_name): Add the new symbol at the given slot.
(mk_symbol): Adjust callsite.
(gensym): Likewise.
(assign_syntax): Likewise.
--
Optimize symbol lookups by keeping the lists in the hash table (or the
list if compiled with USE_OBJECT_LIST) sorted by the symbol names.
Optimize the insertions by passing the slot computed by the lookup to
the insertion.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (oblist_add_by_name): Provide preallocation
information if USE_OBJECT_LIST.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (check_cell_alloced): Remove function.
(check_range_alloced): Likewise.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/dirmngr.c (housekeeping_thread): Load swdb only if the
option is set.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/scdaemon.c (ticker_disabled): Remove.
(handle_tick, need_tick): Remove.
(handle_connections): Don't check ticker_disabled.
--
Now, removal of device/card is only done by the function
scd_update_reader_status_file, it should be called if needed.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (select_application): Fix the logic if periodical check is
needed. If it is needed for newly found device(s), kick the loop.
(scd_update_reader_status_file): Return value if select(2) should be
called with timeout.
* scd/ccid-driver.c (ccid_require_get_status): Don't return 0 for
token with no interrupt transfer for now.
* scd/command.c (open_card_with_request): Fix scan by SERIALNO.
* scd/scdaemon.c (update_usb): Remove.
(handle_connections): Evaluate need_tick after handle_tick.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/scheme-private.h (struct cell): Add a compact vector
representation.
* tests/gpgscm/scheme.c (vector_length): Use new representation.
(vector_size): New macro.
(get_vector_object): Use the new representation.
(fill_vector): Likewise.
(vector_elem): Likewise.
(set_vector_elem): Likewise.
(mark): Likewise.
(gc): Likewise. Be careful not to confuse immediate values for type
flags.
(finalize_cell): Vectors now require finalization.
--
Previously, vectors were represented using consecutive cons cells,
wasting one word per cell for the type information. Fix that by using
a flat array.
Previously, a vector of size N required 1 + (n + 1) / 2 cells. Now it
uses 1 + (n - 1 + 2) / 3 cells.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (IMMEDIATE_TAG): New macro.
({is,set,clr}_immediate): Likewise.
(enum scheme_types): Make type tags disjoint from immediate values.
(TYPE_BITS): We need one more bit now.
(ADJ,T_MASKTYPE): Compute values.
--
Immediate values are disjoint from all type tags and pointers,
allowing us to store immediate values in all memory locations.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
| |
* tests/gpgscm/scheme.c (_gc_disable): Negate guard.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/gpgscm/scheme.c (vector_length): New macro.
(get_vector_object): Use the new macro.
(oblist_add_by_name): Likewise.
(oblist_find_by_name): Likewise.
(oblist_all_symbols): Likewise.
(mk_vector): Likewise.
(mark): Likewise.
(new_slot_spec_in_env): Likewise.
(find_slot_spec_in_env): Likewise.
(opexe_2): Likewise.
(opexe_5): Likewise.
--
Introducing an abstraction reduces the coupling between code using
vectors and the implementation of vectors.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
| |
This reverts commit 5aafa56dffefe3fac55b9d0555c7c86e8a07f072.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (get_status_reader): Add ON_WIRE arg, here.
(ct_get_status, pcsc_get_status_direct, pcsc_get_status_wrapped)
(pcsc_get_status, get_status_ccid, my_rapdu_get_status): Likewise.
(reset_pcsc_reader_wrapped, open_pcsc_reader_wrapped): Follow the
change.
(apdu_get_status_internal): It's lower-level driver which judge
it's not needed. Otherwise, it can't detect the removal.
* scd/ccid-driver.c (ccid_slot_status): After the POWERED_OFF check,
we can skip sending GetSlotStatus packet on wire, when no need.
Signed-off-by: NIIBE Yutaka <[email protected]>
Fixes-commit: c8eee4d396a751d41fd1ee1e1b87b851fca172a
|
| |
|
|
|
|
|
|
|
| |
* scd/apdu.c (apdu_get_status_internal): Add ON_WIRE arg.
(apdu_connect): Call apdu_get_status_internal with ON_WIRE enabled.
(apdu_get_status): For periodical check, call apdu_get_status_internal
with ON_WIRE disabled.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* scd/ccid-driver.c (do_close_reader): Don't lock events, but check the
return value of libusb_cancel_transfer.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-common.h (struct app_ctx_s): Rename field to
periodical_check_needed.
* scd/scdaemon.c (update_usb): Rename from update_fdset_for_usb.
Don't use libusb_get_pollfds any more.
(scd_kick_the_loop): New.
(need_tick): Follow the rename.
(handle_connections): No libusb event handling here.
* scd/app.c (app_new_register): Follow the change of rename.
(select_application, scd_update_reader_status_file): Likewise.
* scd/ccid-driver.c (ccid_usb_thread_is_alive): New.
(intr_cb): Call scd_kick_the_loop.
(ccid_usb_thread): New. Thread to invoke INTERRUPT callback.
(ccid_open_usb_reader): Add thread invocation.
(ccid_require_get_status): Remove
LIBUSB_WORKS_EXPECTED_FOR_INTERRUPT_ENDP.
(do_close_reader): Carefully handle handle->transfer.
(get_escaped_usb_string): Insert npth_unprotect/npth_protect.
(do_close_reader, bulk_out, bulk_in, abort_cmd, ccid_slot_status)
(ccid_transceive, ccid_transceive_secure): Likewise.
--
It found that libusb_get_pollfds is not supported on Windows.
Besides, it's a bit difficult to use for the select loop.
Thus, we use the thread named ccid_usb_thread, instead.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* scd/ccid-driver.c (intr_cb): Handle LIBUSB_TRANSFER_CANCELLED.
(do_close_reader): When callback is active, call
libusb_cancel_transfer and wait callback is fired off.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c(struct reader_table_s): Add require_get_status.
(apdu_connect): Change return value meaning. Call apdu_reset here.
* scd/app.c (app_new_register): Add require_get_status.
(select_application): Use the return value of apdu_connect.
(scd_update_reader_status_file): Call update_fdset_for_usb with
checking all_have_intr_endp.
(app_list_start, app_list_finish): Remove.
* scd/ccid-driver.c (struct ccid_driver_s): Add transfer.
(intr_cb): Don't call libusb_transfer in this callback.
(ccid_require_get_status): New.
(do_close_reader): Call libusb_transfer here.
* scd/scdaemon.c (update_fdset_for_usb): Remove the first argument.
--
With Gnuk Token, it works fine as expected. With Gemalto reader,
intr_cb is not called when card is removed. So, the macro
LIBUSB_WORKS_EXPECTED_FOR_INTERRUPT_ENDP is not defined yet.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
