aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* dirmngr: Fix specifying keyservers by IP address.justus/issue2012Justus Winter2015-11-171-1/+5
| | | | | | | | | | | | | | | | Previously, if a keyserver was given using its IP address (e.g. 'hkp://127.0.0.1'), 'map_host' would create two entries in the 'hosttable', one with the name '127.0.0.1', and the second one with the name 'localhost' and 'v4addr' being set to '127.0.0.1'. But the first entry is the one being used for lookups, and since the 'v4' flag is not set, the 'HTTP_FLAG_IGNORE_IPv4' is used when doing the http request, making it fail. * dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable' entry instead of creating another one. Signed-off-by: Justus Winter <[email protected]> GnuPG-bug-id: 2012
* gpg: Fix error checking and improve error reporting.Neal H. Walfield2015-11-161-2/+14
| | | | | | | | | | | * g10/gpg.c (check_user_ids): Differentiate between a second result and an error. If the key specification is ambiguous or an error occurs, set RC appropriately. -- Signed-off-by: Neal H. Walfield <[email protected]> Reported-by: Werner Koch <[email protected]> Suggested-by: NIIBE Yutaka <[email protected]>
* gpg: Use only one fingerprint formatting function.Werner Koch2015-11-147-86/+103
| | | | | | | | | | | | * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New. * g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN. Change all callers. (format_hexfingerprint): New. * g10/keylist.c (print_fingerprint): Change to use hexfingerprint. * g10/tofu.c (fingerprint_format): Remove. Replace calls by format_hexfingerprint. Signed-off-by: Werner Koch <[email protected]>
* gpg: Simplify the tofu interface by using the public key packet.Werner Koch2015-11-134-42/+18
| | | | | | | | | | | | | | | | * g10/tofu.c (fingerprint_str): Remove. (tofu_register): Take a public key instead of a fingerprint as arg. Use hexfingerprint() to get a fpr from the PK. (tofu_get_validity): Ditto. (tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint. * g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to instead of the fingerprint to the tofu functions. -- This change has the advantage that we are not bound to a specific fingerprint length and will thus helps us to implement rfc4880bis. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make trusted-key override for Tofu robust against swapped tofu.db.Werner Koch2015-11-131-19/+31
| | | | | | | | | | | | | | | * g10/tofu.c (get_trust): For the UTK check lookup the key by fingerprint. -- Extracting the keyid form the fingerprint is not a good idea because that only works for v4 keys. It is also better to first read the key and then extract the keyid from the actual available key. The entire trusted-key stuff should be reworked to make use of fingerprints. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix regression in --locate-keys (in 2.1.9).Werner Koch2015-11-131-1/+13
| | | | | | | | | | | | | | | | | | * g10/getkey.c (getkey_ctx_s): Add field "extra_list". (get_pubkey_byname): Store strings in the context. (getkey_end): Free EXTRA_LIST. -- This fixes a use-after-free bug. It showed up with: gpg --auto-key-locate local --locate-key [email protected] The key was shown but also all other following keys in the keyring. Bisecting showed d47e84946ee010917cfc3501062721b74afbb771 as culprit but the actual cause was a part of: Regression-due-to: b06f96ba4f57f55194efcd37a0e3a2aa5450b974 Signed-off-by: Werner Koch <[email protected]>
* gpg: Print a new EXPORTED status line.Werner Koch2015-11-123-3/+34
| | | | | | | | * common/status.h (STATUS_EXPORTED): New. * g10/export.c (print_status_exported): New. (do_export_stream): Call that function. Signed-off-by: Werner Koch <[email protected]>
* gpg: Print export statistics to the status-fd.Werner Koch2015-11-129-47/+168
| | | | | | | | | | | | | | | | | * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Do not block during ADNS calls.Werner Koch2015-11-122-8/+36
| | | | | | | | | | | * dirmngr/dns-stuff.c: Include npth.h (my_unprotect, my_protect): New wrapper. (resolve_name_adns): Put unprotect/protect around adns calls. (get_dns_cert): Ditto. (getsrv): Ditto. (get_dns_cname): Ditto. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: New option --nameserver.Werner Koch2015-11-124-5/+53
| | | | | | | | | | | | * dirmngr/dirmngr.c (oNameServer): New. (opts): Add --nameserver. (parse_rereadable_options): Act upon oNameServer. * dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New. (tor_nameserver): New. (set_dns_nameserver): New. (my_adns_init): Make name server configurable. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix cache consistency problem.Neal H. Walfield2015-11-111-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | g10/keyring.c (keyring_search): Only mark the cache as completely filled if we start the scan from the beginning of the keyring. -- Signed-off-by: Neal H. Walfield <[email protected]> Reported-by: NIIBE Yutaka <[email protected]> A new feature (e8c53fc) turned up a bug whereby checking if a search term matches multiple keys in the keyring causes the cache to be inconsistent. When we look for a key on the keyring, we iterate over each of the keyblocks starting with the keyblock following the last result. For each keyblock, we iterate over the public key and any subkeys. As we iterate over each key, we first insert it into the cache and then check if the key matches. If so, we are done. In pseudo code: for (i = last_result + 1; i < num_records; i ++) keyblock = get_keyblock (i) for (j = 1; j < len(keyblock); j ++) key = keyblock[j] update_cache (key) if (compare (key, search_terms)) return ok cache_filled = true return ENOFOUND When we look for the next match, we start with the following keyblock. The result is that any subkeys following the key that matched are not added to the cache (in other words, when a keyblock matches, the inner loop did not necessarily complete and the subsequent search doesn't resume it). This patch includes a straightforward fix: only indicate the cache as complete if we started the scan from the beginning of the keyring and really didn't find anything.
* gpg: Default to the the PGP trust model.Neal H. Walfield2015-11-101-2/+2
| | | | | | | | * g10/trustdb.c (init_trustdb): If we can't read the trust model from the trust DB, default to TM_PGP, not TM_TOFU_PGP. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Default to the flat TOFU DB format.Neal H. Walfield2015-11-101-2/+2
| | | | | | | | * g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there is no TOFU DB, default to the flat format. -- Signed-off-by: Neal H. Walfield <[email protected]>
* dirmngr: Change to new ADNS Tor mode init scheme.Werner Koch2015-11-094-11/+57
| | | | | | | | | | | | | | | | | | * dirmngr/dns-stuff.c (tor_credentials): New. (enable_dns_tormode): Add arg new_circuit and update tor_credentials. (my_adns_init): Rework to set Tor mode using a config file options and always use credentials. * dirmngr/server.c (cmd_dns_cert): Improve error message. * dirmngr/t-dns-stuff.c (main): Add option --new-circuit. -- Note that the option --new-circuit in t-dns-stuff is not really useful because a new circuit is also used for the first call to the function. Todo: We need to find a policy when to requrest a new curcuit and we also need to add credentials to the assuan_sock_connect calls. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Improve detection of ADNS.Werner Koch2015-11-092-6/+9
| | | | | | * configure.ac (HAVE_ADNS_FREE): New ac_define. Signed-off-by: Werner Koch <[email protected]>
* scd: Add reder information to --card-status.NIIBE Yutaka2015-11-098-6/+41
| | | | | | | | | * g10/call-agent.h, g10/call-agent.c (agent_release_card_info) g10/card-util.c (card_status): Add READER. * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME. (apdu_get_reader_name): New. * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P. * scd/command.c (cmd_learn): Return READER information.
* gpg: Avoid new strings.Werner Koch2015-11-061-2/+2
| | | | | | * g10/decrypt-data.c (decrypt_data): Use already translated strings. Signed-off-by: Werner Koch <[email protected]>
* common: Fix commit f99830b.Werner Koch2015-11-061-4/+8
| | | | | | | | | | | | | * common/userids.c (classify_user_id): Avoid underflow. Use spacep to also trim tabs. -- This is actually not fully consistent because the now used trim_trailing_spaces uses the locale dependent isspace and not spacep. Given that the use of isspace is anyway problematic we should check whether we can chnage trim_trailing_spaces. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix formatting string.Neal H. Walfield2015-11-061-1/+1
| | | | | | | * g10/decrypt-data.c (decrypt_data): Fix formatting string. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Add new option --only-sign-text-ids.Neal H. Walfield2015-11-064-16/+46
| | | | | | | | | | | | | | | | | * g10/options.h (opt): Add field only_sign_text_ids. * g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs. (opts): Handle oOnlySignTextIDs. (main): Likewise. * g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't select non-text based IDs automatically. (keyedit_menu): Adapt the prompt asking to sign all user ids according to OPT.ONLY_SIGN_TEXT_IDS. * doc/gpg.texi: Document the new option --only-sign-text-ids. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 1241 Debian-bug-id: 569702
* common: When classifying keyids and fingerprints, reject trailing junk.Neal H. Walfield2015-11-061-19/+66
| | | | | | | | | | | * common/userids.c (classify_user_id): Trim any trailing whitespace. Before assuming that a hexstring corresponds to a key id or fingerprint, make sure that it is NUL terminated. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 1206 Debian-bug-id: 575084
* gpg: Check for ambiguous or non-matching key specs.Neal H. Walfield2015-11-062-28/+189
| | | | | | | | | | | | | | | | | * g10/gpg.c (check_user_ids): New function. (main): Check that any user id specifications passed to --local-user and --remote-user correspond to exactly 1 user. Check that any user id specifications passed to --default-key correspond to at most 1 user. Warn if any user id specifications passed to --local-user or --default-user are possible ambiguous (are not specified by long keyid or fingerprint). * g10/getkey.c (parse_def_secret_key): Don't warn about possible ambiguous key descriptions here. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 1128 Debian-debug-id: 544490
* common: Add new function strlist_rev.Neal H. Walfield2015-11-064-2/+106
| | | | | | | | | | | * common/strlist.c (strlist_rev): New function. * common/t-strlist.c: New file. * common/Makefile.am (common_sources): Add strlist.c and strlist.h. (module_tests): Add t-strlist. (t_strlist_LDADD): New variable. -- Signed-off-by: Neal H. Walfield <[email protected]>
* common: Include required, but not included headers in t-support.h.Neal H. Walfield2015-11-061-0/+3
| | | | | | | * common/t-support.h: Include <stdlib.h> and <stdio.h>. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Indicate which characters are invalid.Neal H. Walfield2015-11-051-0/+3
| | | | | | | | * g10/keygen.c (ask_user_id): Indicate which characters are invalid. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 1143
* gpg: Add support for unwrapping the outer level of encryption.Neal H. Walfield2015-11-055-48/+130
| | | | | | | | | | | | | | | | | * g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set, copy the data to the output file instead of continuing to process it. * g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap. (opts): Handle oUnwrap. (main): Likewise. * g10/options.h (opt): Add field unwrap_encryption. * g10/plaintext.c (handle_plaintext): Break the output file selection functionality into ... (get_output_file): ... this new function. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 1060 Debian-bug-id: 282061
* common: Add a function for copying data from one iobuf to another.Neal H. Walfield2015-11-052-0/+43
| | | | | | | * common/iobuf.c (iobuf_copy): New function. -- Signed-off-by: Neal H. Walfield <[email protected]>
* doc: Note that gpgkey2ssh is deprecated.Neal H. Walfield2015-11-051-0/+2
| | | | | | | * doc/tools.texi (gpgkey2ssh): Note that gpgkey2ssh is deprecated. -- Signed-off-by: Neal H. Walfield <[email protected]>
* tools: Fix gpgkey2ssh's most gratuitous errors. Use gpg2, not gpg.Neal H. Walfield2015-11-051-9/+38
| | | | | | | | | * tools/gpgkey2ssh.c (main): Add support for --help. Replace the most gratuitous asserts with error messages. Invoke gpg2, not gpg. -- Signed-off-by: Neal H. Walfield <[email protected]> Debian-bug-id: 380241
* doc: Add documentation for gpgkey2ssh.Neal H. Walfield2015-11-051-0/+71
| | | | | | | | | | * doc/tools.texi: Add documentation for gpgkey2ssh. -- Signed-off-by: Neal H. Walfield <[email protected]> Co-authored-by: Daniel Kahn Gillmor <[email protected]> GnuPG-bug-id: 1067 Debian-bug-id 380241
* gpg: Print a better error message for --multifile --sign --encrypt.Neal H. Walfield2015-11-041-0/+3
| | | | | | | | | * g10/gpg.c (main): Print a better error message for --multifile --sign --encrypt. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 1009
* gpg: Add --encrypt-to-default-key.Neal H. Walfield2015-11-045-1/+30
| | | | | | | | | | | | | * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and export the function. * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey. (opts): Handle oEncryptToDefaultKey. (main): Likewise. * g10/options.h (opt): Add field encrypt_to_default_key. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 807
* gpg: Allow multiple --default-key options. Take the last available key.Neal H. Walfield2015-11-0416-53/+145
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <[email protected]> GnuPG-bug-id: 806
* scd: Fix error handling with libusb-compat library.NIIBE Yutaka2015-11-041-7/+12
| | | | | | | | | * scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE. -- With libusb-compat library, the error is different than original libusb. (The libusb-compat library is used by Fedora.)
* scd: fix change_keyattr.NIIBE Yutaka2015-11-041-2/+2
| | | | * scd/app-openpgp.c (change_keyattr_from_string): Fix parsing.
* gpg: Change out of core error message.Werner Koch2015-11-031-19/+28
| | | | | | | | | | | | | | | * g10/tofu.c (fingerprint_str): Die with the error code returned by the failed function. (time_ago_str): Ditto. Do not make a comma translatable. (fingerprint_format): Use "%zu" for a size_t. -- Also wrapped some long strings. In general we should not use log_fatal or use xmalloc functions but properly return an error code and use xtrymalloc like functions. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make translation easier.Werner Koch2015-11-031-3/+3
| | | | | | | * g10/import.c (import_secret_one): Split info string for easier translation. Signed-off-by: Werner Koch <[email protected]>
* gpg: Also show when the most recently signed message was observed.Neal H. Walfield2015-11-031-1/+23
| | | | | | | | | * g10/tofu.c (show_statistics): Also show when the most recently signed message was observed. -- Signed-off-by: Neal H. Walfield <[email protected]>. Suggested-by: MFPA <[email protected]>
* gpg: Split a utility function out of a large function.Neal H. Walfield2015-11-031-134/+157
| | | | | | | | | * g10/tofu.c (show_statistics): Break the time delta to string code into... (time_ago_str): ... this new function. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Fix message formatting.Neal H. Walfield2015-11-031-2/+2
| | | | | | | * g10/tofu.c (get_trust): Fix message formatting. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Don't store formatting fingerprints in the TOFU DB.Neal H. Walfield2015-11-031-77/+100
| | | | | | | | | | | | | | | | | * g10/tofu.c (fingerprint_pp): Split this function into... (fingerprint_str): ... this function... (fingerprint_format): ... and this function. (record_binding): Store the unformatted fingerprint in the DB. Only use the formatting fingerprint when displaying a message to the user. (get_trust): Likewise. (show_statistics): Likewise. (tofu_register): Likewise. (tofu_get_validity): Likewise. (tofu_set_policy): Likewise. (tofu_get_policy): Likewise. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: notify a user when importing stub is skipped.NIIBE Yutaka2015-11-021-2/+29
| | | | | | | | | | | | | | | * g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED when stub_key_skipped. (import_secret_one): Notify a user, suggesting --card-status. -- Migration to 2.1 might be confusing with smartcard. With this patch, a user can learn to run gpg ---card-status. Thanks to intrigeri for the report. Debian-bug-id: 795881
* gpg: Consider newlines to be whitespace in an SQL statement.Neal H. Walfield2015-10-311-1/+1
| | | | | | | | * g10/sqlite.c (sqlite3_stepx): When making sure that there is no second SQL statement, ignore newlines. -- Signed-off-by: Neal H. Walfield <[email protected]>
* common: Improve t-zb32 to be used for manual encoding.Werner Koch2015-10-303-12/+214
| | | | | | | | * common/t-support.h (no_exit_on_fail, errcount): New. (fail): Bump errcount. * common/t-zb32.c (main): Add options to allow manual use. Signed-off-by: Werner Koch <[email protected]>
* common: Add separate header for zb32.c.Werner Koch2015-10-306-6/+42
| | | | | | | * common/util.h (zb32_encode): Move prototype to ... * common/zb32.h: new. Include this for all callers of zb32_encode. Signed-off-by: Werner Koch <[email protected]>
* Use of some C99 features is now permitted.Werner Koch2015-10-291-1/+41
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Display the correct error message.Neal H. Walfield2015-10-291-4/+7
| | | | | | | | | * g10/trustdb.c (validate_keys): If tdbio_update_version_record fails, RC does not contain the error code. Save the error code in rc2 and use that. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Eliminate a memory leak.Neal H. Walfield2015-10-291-7/+9
| | | | | | | | * g10/trustdb.c (validate_key_list): Don't leak the keyblocks on failure. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Remove unused prototype.Neal H. Walfield2015-10-291-1/+0
| | | | | | | g10/keyring.h (keyring_locate_writable): Remove unused prototype. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Eliminate a memory leak.Neal H. Walfield2015-10-291-1/+4
| | | | | | | * g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT. -- Signed-off-by: Neal H. Walfield <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 08:16:46 +0000