summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Prepare new development cyclegnupg-2.6-basegnupg-2.5-baseWerner Koch2023-05-103-5/+5
| | | | --
* gpg: New option --debug-ignore-expiration to help with testing.Werner Koch2023-05-095-9/+26
| | | | | | | | | | | | | * g10/gpg.c (oDebugIgnoreExpiration): New. (opts): Add option. (main): Set flag. * g10/options.h (opt): Add field ignore_expiration. * g10/pkclist.c (do_we_trust): Handle the option. * g10/getkey.c (skip_unusable): Ditto. (finish_lookup): Ditto. -- GnuPG-bug-id: 2703
* gpg: Print a warning if no more encryption subkey was left over.Werner Koch2023-05-083-0/+37
| | | | | | | * g10/keyedit.c (no_usable_encr_subkeys_warning): New. (keyedit_menu): Call it after running an expire command. * g10/import.c (import_one_real): Call it in the show_key case. --
* kbx: For non-Windows use 64k buffers by default instead of 128k.Werner Koch2023-05-081-1/+7
| | | | | | | | | * kbx/keybox-init.c (DEFAULT_LL_BUFFER_SIZE): New. -- A simple gpg --check-sigs benchmark showed on Linux a small performance peak at around 64k (5m52 vs. 6m8 for 128k and 6m33 for system size).
* kbx: Use custom estream bufferingWerner Koch2023-05-084-3/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k (stream_buffers): New var. (keybox_set_buffersize): New. (_keybox_ll_open, _keybox_ll_close): Implement buffering. * sm/gpgsm.c (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. * g10/gpg.c: Include keybox.h. * (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. -- Running a test on Windows using a pubring.kbx with Total number of blobs: 2098 openpgp: 1294 x509: 803 and a size of 42MiB with gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul gives these performance figures using procmon | N(k) | file events | time(s) | |------+-------------+---------| | 0 | 4900000 | 86 | | 16 | 2456000 | 58 | | 32 | 1233000 | 43 | | 64 | 622000 | 37 | | 128 | 317000 | 32 | | 256 | 164000 | 31 | | 512 | 88000 | 30 | Using _open instead of CreateFile give the same number of file events but increased the time slight by one second for the measured buffer size of 64k and 128k. Benchmarks for gpg have not been conducted.
* kbx: Use wrapper functions for es_fclose and es_fopen.Werner Koch2023-05-054-88/+120
| | | | | | | | | | | | | * kbx/keybox-defs.h (KEYBOX_LL_OPEN_READ) (KEYBOX_LL_OPEN_UPDATE, KEYBOX_LL_OPEN_CREATE): New. * kbx/keybox-init.c (_keybox_ll_open): New. Replace all keybox use of es_fopen by this function. (_keybox_ll_close): New. Replace all keybox use of es_fclose by this function. -- Note that this has not been done for the utilities and the backend-kbx of keyboxd.
* kbx: Add extra flags to fopen for use by Windows.Werner Koch2023-05-043-8/+8
| | | | | | | | | | | | | | | | | | * kbx/keybox-search.c (open_file): Use sysopen and sequential. * kbx/keybox-update.c (create_tmp_file): Ditto. (blob_filecopy): Ditto. (keybox_set_flags): Ditto. (keybox_delete): Ditto. (keybox_compress): Ditto. -- Under Windows "sysopen" requests that direct API calls (CreateFile et al.) are used instead of the libc wrappers. This may or may not improve the performance. Using "sequential" is a hint to Windows to assume that a file is in general access in a sequential manner. This will have an affect only with a future libgpg-error.
* gpgsm: Cache the non-existence of the policy file.Werner Koch2023-05-041-2/+17
| | | | | | | | | * sm/certchain.c (check_cert_policy): Add simple static cache. -- It is quite common that a policy file does not exist. Thus we can avoid the overhead of trying to open it over and over again just to assert that it does not exists.
* dirmngr: Fix API of functions wrt their error type.NIIBE Yutaka2023-05-012-10/+10
| | | | | | | | | | * dirmngr/crlcache.h (fakecrl_isvalid): Fix return type. * dirmngr/http.c (parse_response): Fix return type to gpg_error_t, modifying the function implementation. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common: Fix parsing ECC key.NIIBE Yutaka2023-05-011-1/+1
| | | | | | | | * common/sexputil.c (get_ecc_q_from_canon_sexp): Initialize ECC_Q_LEN. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd: Fix cmd_apdu on error.NIIBE Yutaka2023-05-012-2/+5
| | | | | | | | | | * scd/command.c (cmd_apdu): Fix the code path on error. -- GnuPG-bug-id: 6476 Reported-by: Robin Krahl Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Post release updatesWerner Koch2023-04-282-1/+5
| | | | --
* Release 2.4.1gnupg-2.4.1Werner Koch2023-04-281-4/+22
|
* po: msgmerge doneWerner Koch2023-04-2826-385/+1337
| | | | --
* po: Update German translationWerner Koch2023-04-281-17/+52
| | | | --
* regexp: Update UnicodeData for Unicode 15.0.0.NIIBE Yutaka2023-04-271-4/+1131
| | | | | | | | | | | | | * regexp/UnicodeData.txt: Update from upstream. -- https://www.unicode.org/Public/15.0.0/ucd/UnicodeData.txt See: https://www.unicode.org/versions/Unicode15.0.0/ https://www.unicode.org/reports/tr44/ Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* speedo,w32: Adjustments for the new Unicode NSIS plugins.Werner Koch2023-04-262-23/+25
| | | | | | | | | * build-aux/speedo/w32/inst.nsi: Convert to UTF-8. Add Unicode statement. * build-aux/speedo.mk (installer): Remove -INPUTCHARSET. -- GnuPG-bug-id: 6448
* speedo: Update NSIS helper DLL from Gpg4winWerner Koch2023-04-266-261/+724
| | | | | | | | | * build-aux/speedo/w32/inst.nsi: Re-enable run-once check. * build-aux/speedo/w32/exdll.c: New. * build-aux/speedo.mk (g4wihelp.dll): Change build commands. -- GnuPG-bug-id: 6448
* po: Update Japanese Translation.NIIBE Yutaka2023-04-261-23/+59
| | | | | | -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: Fix for overridden key import.NIIBE Yutaka2023-04-251-1/+1
| | | | | | | | | | | * g10/import.c (do_transfer): Force the overridden key import even when smartcard is available. -- Fixes-commit: 2c1297055041b4657ea1a927acac978c2b09a483 GnuPG-bug-id: 3456 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: Fix writing ECDH keys to OpenPGP smartcards.Werner Koch2023-04-218-37/+181
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_keytocard): Add new arg for ECDH params. * scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to compute the fingerprint. * g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str. * g10/keyid.c (ecdh_param_str_from_pk): New. * g10/card-util.c (card_store_subkey): Pass ECDH params to writekey. * g10/keygen.c (card_store_key_with_backup): Ditto. * scd/app-openpgp.c (store_fpr): Add arg update. (rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid writing the fingerprint back to the card if not set. (read_public_key): Also add arg meta_update. (get_public_key): Do not pass it as true here... (do_genkey): ... but here. (rsa_write_key, ecc_writekey): Force string the fingerprint. -- The problem showed up because in 2.4 we changed the standard ECDH parameter some years ago. Now when trying to write an ECDH key created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong fingerprint and thus gpg was not able to find the key again by fingerprint. The patch also avoids updating the stored fingerprint in certain situations. This fix is somewhat related to GnuPG-bug-id: 6378
* common: Incorporate upstream changes of regexp.NIIBE Yutaka2023-04-211-3/+6
| | | | | | | | | | | | | | * regexp/jimregexp.c (regatom): Raise REG_ERR_UNMATCHED_BRACKET when no matching end bracket. (regmatch): Fix the end of word check. -- Original changes: Signed-off-by: Steve Bennett <steveb@workware.net.au> GnuPG-bug-id: 6455 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd,p15: Enforce a min. PIN length for certain cards.Werner Koch2023-04-201-5/+10
| | | | * scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
* common: Fix minor bug in the jimregexp code.Werner Koch2023-04-201-2/+3
| | | | | | | | | | * regexp/jimregexp.c (regatom): Make error checking for stray backslash at end of the string work. Check that the pattern class is closed by a bracket. -- GnuPG-bug-id: 6455 Co-authored-by: Guldrelokk
* gpg: New command "openpgp" for --card-edit.Werner Koch2023-04-202-5/+22
| | | | | | | | | | | | | | | | | | * g10/card-util.c (current_card_status): Print a hint for fishy outputs. (enum cmdids): Add cmdOPENPGP. (cmds): Add "openpgp". (card_edit): Implement that command. -- If a Yubikey has been used in PIV mode the initial listing does not look correct. Although we explicitly switch to the OpenPGP app when needed, we don't want to do this in listing mode. Instead we offer a new command "openpgp" to force the openpgp mode. The ultimate goal will be to enhance the gpg-card tool to completely take over the --card-edit features. But we are not yet there. GnuPG-bug-id: 6462
* Use keyboxd on a fresh install also on Windows.Werner Koch2023-04-191-32/+40
| | | | | | | | | | * common/homedir.c (gnupg_maybe_make_homedir): Factor some code out to ... (create_common_conf): new. (standard_homedir): Call it also from here. -- Fixes-commit: d9e7488b17fdc617eec735e2c0485b69285ba511
* gpg: Make sure that we are not accidently working with the PIV app.Werner Koch2023-04-184-0/+30
| | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_switchapp): New. * g10/card-util.c (get_info_for_key_operation): Call it. -- It may happen that the active card was last used for PIV and in that case certain commands will fail because they assume the OpenPGP app. Fortunately we have a pretty central place to assure that the right app has been selected. The bug can be easily noticed on Windows. GnuPG-bug-id: 6378
* scd: On a Yubikey re-select the last app after the use of APDU.Werner Koch2023-04-183-2/+22
| | | | | | | | | | | | | * scd/app-common.h (struct card_ctx_s): Add maybe_check_aid flag. * scd/command.c (cmd_apdu): Set it. * scd/app.c (check_external_interference): Consult this flag. (maybe_switch_app): Do a re-select if this flag is set. -- After the gpg-card tool has issued a Yubikey specific command the current application is not anymore correctly selected. This then results in all kind of errors. We detect this now and try to re-select the last app.
* ssh: Allow to prefer on-disk keys over active card keys.Werner Koch2023-04-184-7/+61
| | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Redefine the order of keys. -- GnuPG-bug-id: 6212
* gpgtar: Read common.conf for the log-file option.Werner Koch2023-04-183-1/+21
| | | | | | | | | | | | | | | * common/util.h (GNUPG_MODULE_NAME_GPGTAR): New. * common/homedir.c (gnupg_module_name): Add it. * tools/gpgtar.c: Include comopt.h. (enum cmd_and_opt_values): Add oDebug. (opts): Add --debug. (any_debug): New. (main): Parse common.conf. -- Having a way to see the output of gpgtar is often useful for debugging. The only effect of the debug option is to show whether common.conf was read.
* gpg: Allow overridden key import when stub exists.NIIBE Yutaka2023-04-181-1/+11
| | | | | | | | | | * g10/import.c (do_transfer): Force importing when it's card reference. -- GnuPG-bug-id: 3456 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: Curvenames may now compared case insensitive.Werner Koch2023-04-121-9/+12
| | | | | | | | | | | | * common/openpgp-oid.c (openpgp_curve_to_oid): Repalce strmcp by ascii_strcasecmp. (openpgp_oid_or_name_to_curve): Ditto. (openpgp_is_curve_supported): Ditto. (get_keyalgo_string): Ditto. -- It was just to hard to remember the correct capitalization of names like brainpoolP512r1.
* po: Fix in German translationEva Bolten2023-04-061-2/+2
| | | | --
* gpg: Fix handling of importing cv25519 secret key.NIIBE Yutaka2023-04-061-0/+1
| | | | | | | | | | | * g10/import.c (transfer_secret_keys): Only emit a warning when secret key is not encrypted. -- Fixing-commit: dbfb7f809b89cfe05bdacafdb91a2d485b9fe2e0 GnuPG-bug-id: 6322 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpg: New option --assert-signer.Werner Koch2023-04-0513-15/+216
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner. (opts): Add "assert-signer". (main): Set option. (assert_signer_true): New var. (g10_exit): Evaluate new var. * g10/main.h (assert_signer_true): Declare new var. * common/status.h (STATUS_ASSERT_SIGNER): New. * g10/options.h (opt): Add field assert_signer_list. * g10/verify.c (is_fingerprint): New. (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call that function. Clear assert_signer_true on a warning. * g10/gpgv.c: Add dummy function and vars. * g10/t-keydb-get-keyblock.c: Ditto. * g10/t-keydb.c: Ditto. * g10/t-stutter.c: Ditto. --
* speedo,w32: Remove removed profiles and temporary disable runonce.Werner Koch2023-04-052-7/+2
| | | | --
* build: Update gpg-error.m4.NIIBE Yutaka2023-04-051-23/+36
| | | | | | | | * m4/gpg-error.m4: Update from libgpg-error master. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common: Change allocation of the comopt symbol.Werner Koch2023-04-042-2/+7
| | | | | | * common/comopt.h (struct gnupg_comopt_s): New. * common/comopt.c (struct gnupg_comopt_s): Define here in the data segment.
* Use the keyboxd for a fresh installWerner Koch2023-04-048-18/+110
| | | | | | | | | | | | * common/homedir.c (gnupg_maybe_make_homedir): Also create a common.conf. * g10/keydb.c: Include comopt.h. (maybe_create_keyring_or_box): Detect the creation of a common.conf. * g10/gpg.c (main): Avoid adding more resources in this case. * sm/keydb.c: Include comopt.h. (maybe_create_keybox): Detect the creation of a common.conf. * common/comopt.h (comopt): Remove the conditional "extern".
* speedo: Remove deleted prf files from the Windows installerWerner Koch2023-04-041-4/+0
| | | | --
* speedo: Fix regression due to switching from gcc 8.3 to 10.2Werner Koch2023-04-041-1/+5
| | | | | | * build-aux/speedo.mk (speedo_pkg_zlib_make_args): Use -static-libgcc. (cherry picked from commit 04f1d9649cfb9163907fe97d20821ddd1be44f82)
* gpg: Set the default digest algo for S2K to SHA256.Werner Koch2023-04-042-3/+9
| | | | | | | * g10/main.h (DEFAULT_S2K_DIGEST_ALGO): Alias to DEFAULT_DIGEST_ALGO. -- GnuPG-bug-id: 6367
* dirmngr: Return modifyTimestamp and add server option --newer.Werner Koch2023-04-047-27/+195
| | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ks_get): Add option --newer. (cmd_ad_query): Ditto. * dirmngr/ldap-misc.c (isotime2rfc4517): New. (rfc4517toisotime): New. * dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on. (ks_action_query): Ditto. * dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record. (ks_ldap_get): Add arg newer. Modify filter with newer arg. (ks_ldap_search): Print the modifyTimestamp. (ks_ldap_query): Add arg newer. Modify filter with newer arg. -- Note that the modifyTimestamp is also available on Windows, where its value is more commonly known as whenChanged. Both are constructed attributes. Note that the --newer option is a bit of a misnomer because LDAP has only a greater-or-equal and no greater-than operator.
* agent: Add trustlist flag "de-vs".Werner Koch2023-04-035-3/+19
| | | | | | | | | | | | | | | | * agent/trustlist.c (struct trustitem_s): Add field de_vs. (read_one_trustfile): Parse it. (istrusted_internal): Emit TRUSTLISTFLAG status line. * sm/gpgsm.h (struct rootca_flags_s): Add field de_vs. * sm/call-agent.c (istrusted_status_cb): Detect the flags. * sm/sign.c (write_detached_signature): Remove unused vars. -- Right now this flag has no effect; we first need to specify the exact behaviour. GnuPG-bug-id: 5079
* gpgsm: Create binary detached sigs with definite form length octets.Werner Koch2023-04-032-9/+262
| | | | | | | | | * sm/sign.c: Include tlv.h. (write_detached_signature): New, (gpgsm_sign): Fixup binary detached signatures. -- This helps some other software to verify detached signatures.
* gpgsm: Remove conditional compilation for older libksba versions.Werner Koch2023-03-314-19/+31
| | | | | | | | | * sm/sign.c (add_signed_attribute): Return an error because the option --attribute is not yet working. -- We require libskba 1.6 anyway.
* agent: New option --restricted for PRESET_PASSPHRASE.Werner Koch2023-03-272-3/+19
| | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_preset_passphrase): Add option. * agent/preset-passphrase.c (oRestricted): New. (opts): Add option --restricted. (main): Set option. (preset_passphrase): Use option. -- We use a different cache for connections from the extra-socket. However, with gpg-preset-passphrase is only able to preset a passphrase into the regular cache. Further, a restricted connection may not use PRESET_PASSPHRASE. To solve this we add an new option to preset the passphrase into the "restricted" cache. For the gpg-preset-passphrase tool we also add the option --restricted. Note that this does not yet work with gpg-preset-passphrase --forget.
* gpg: New command --quick-add-adskWerner Koch2023-03-214-14/+120
| | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add aQuickAddADSK. (opts): Add --quick-add-adsk. (main): Call the actual function. * g10/keyedit.c (keyedit_quick_addadsk): New. (menu_addadsk): Add arg adskfpr and change caller. -- GnuPG-bug-id: 6395
* po: Fix German translation regarding the caching of PINs.Werner Koch2023-03-211-6/+6
| | | | | | | -- We do not actually cache PINs (but the card does this). Thus we now use a more clear message.
* doc: Suggest the use of out-of-source builds.Werner Koch2023-03-212-14/+21
| | | | | | -- GnuPG-bug-id: 6313
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 15:48:49 +0100