| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyid.c (parse_one_algo_string): New.
(compare_pubkey_string_part): New.
(compare_pubkey_string): New.
* g10/verify.c (check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo.
* g10/options.h (opt): Add field assert_pubkey_algos.
* g10/gpg.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false.
* common/status.h (ASSERT_PUBKEY_ALGOS): new.
* common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if
this macro is set.
* g10/gpgv.c (oAssertPubkeyAlgo): New.
(opts): Add "--assert-pubkey_algo".
(assert_pubkey_algo_false): New.
(main): Parse option.
(g10_exit): Check assert_pubkey_algo_false.
* g10/t-keyid.c: New.
* g10/Makefile.am: Add t-keyid.
* g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and
remove from other tests.
(check_assert_signer_list): Ditto.
(check_assert_pubkey_algo): Ditto.
--
GnuPG-bug-id: 6946
|
| |
|
|
|
|
| |
--
Reported-by: Andreas Metzler <ametzler@debian.org>
|
| |
|
|
|
|
|
|
| |
* common/exechelp-w32.c (gnupg_spawn_process): Fix macro.
--
Fixes-commit: 6d6438a361d25f3b269f702e017f5e39fd1f5c38
GnuPG-bug-id: 6961
|
| |
|
|
|
|
|
|
| |
* common/session-env.c: Add PINENTRY_GEOM_HINT to variables.
--
GnuPG-Bug-ID: 6930
|
| |
|
|
|
|
|
|
| |
* build-aux/speedo.mk: Remove GUI stuff. Add patchelf feature.
* Makefile.am (speedo): New target.
--
GnuPG-bug-id: 6710
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g13/g13.c (oNoMount): New.
(opts): Add --no-mount.
(main): Implement this.
* g13/g13-common.h (opt): Add field no_mount.
* common/status.h (STATUS_PLAINDEV): New.
* g13/sh-cmd.c (has_option): Uncomment.
(cmd_mount): Add option --no-mount and pass down.
* g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Add arg nomount and
emit PLAINDEV status line.
(sh_dmcrypt_umount_container): Rund findmnt before umount.
--
This option can be used to decrypt a device but not to mount it. For
example to run fsck first. A command or option to run fsck before a
mount will eventually be added.
The use of findmnt is needed so that we can easily remove a device
which has not been mounted.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (copy_dir_with_fixup) [W32]: Fold double
backslashes.
--
This is in general no problem but when we hash or compare the directory
to test whether tit is the standard home directory, we may use a
different socket file and thus a second instance of a daemon.
GnuPG-bug-id: 6833
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-common.h (CARDTYPE_SCE7): New.
* scd/app.c (strcardtype): Support it.
(atr_to_cardtype): New.
(app_new_register): Try to get the cardtype from atr_to_cardtype.
* scd/app-piv.c (app_select_piv): Tweak for SCE7. Add general method
to construct a S/N from the Card UUID.
--
The test cards I have are rsa2048 with X.509 certificates. I don't
have the entire chain but loading the certificates work. For testing
I created an OpenPGP key from the keys and tested signing and
decryption.
GnuPG-bug-id: 6919
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (enum wantdir_values): New enums.
(unix_rootdir): Change arg to use the enums. Adjust all callers. Add
support for the socketdir keyword.
(_gnupg_socketdir_internal): Take care of the socketdir keyword in
gpgconf.ctl.
* doc/tools.texi (Files used by gpgconf): Briefly explain the
gpgconf.ctl syntax.
|
| |
|
|
|
|
|
|
|
| |
* common/dotlock.c (dotlock_destroy): Clean up the temporary file
created when it fails.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* common/dotlock.c (dotlock_destroy): Keep the lock
when DOTLOCK_LOCK_BY_PARENT.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* common/dotlock.c (dotlock_destroy_unix): Don't release ->TNAME here.
(dotlock_destroy): Release the memory unconditionally.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* common/homedir.c (unix_rootdir): Simplify.
--
This also relaxes the syntax in that the equal sign may now be
surrounded by any number of spaces.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/dotlock.h (DOTLOCK_LOCK_BY_PARENT, DOTLOCK_LOCKED): New.
* common/dotlock.c [HAVE_POSIX_SYSTEM]: Include <dirent.h>.
(dotlock_get_process_id, dotlock_detect_tname): New.
(dotlock_create_unix): Handle the case when no_write option is
specified. Not creating the lock file, but detect the the file of
tname.
(dotlock_create) [HAVE_POSIX_SYSTEM]: Add support of
DOTLOCK_LOCK_BY_PARENT and DOTLOCK_LOCKED for dotlock CLI util.
(dotlock_take_unix): Support the case of DOTLOCK_LOCK_BY_PARENT.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/dotlock.h (enum dotlock_reasons): New.
(DOTLOCK_PREPARE_CREATE): New flag.
* common/dotlock.c (struct dotlock_handle): Add info_cb and
info_cb_value.
(dotlock_create): Support the new flag.
(dotlock_finish_create): New.
(read_lockfile): Silence in case of ENOENT.
(dotlock_set_info_cb): New. Use callback after all error and info
messages.
(dotlock_take_unix, dotlock_take_w32): Allow termination by callback.
|
| |
|
|
|
|
| |
* common/dotlock.c (dotlock_take_unix): Return a ETIMEDOUT insteaad of
EACCESS on timeout.
(dotlock_take_w32): Ditto.
|
| |
|
|
|
| |
* common/name-value.c (nvc_set): Factor code out to ...
(nve_set): here.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/name-value.c (struct name_value_container): Add flag
"modified".
(nvc_modified): New.
(nvc_new): Set flag.
(_nvc_add): Set flag.
(nvc_delete): Set flag.
(nvc_set): Set flag unless value did not change.
(nve_set): Add arg PK. Change the caller.
* agent/findkey.c (agent_write_private_key): Update only if modified.
--
This helps software which uses a file system watcher to track changes
to private keys. In particular smartcard triggered changes are a
problem for such software because this may at worst trigger another
smartcard read.
GnuPG-bug-id: 6829
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/miscellaneous.c (is_openpgp_compressed_packet)
(is_file_compressed): Moved to ...
* common/iobuf.c: ... in this file.
(is_file_compressed): Change the argument to INP, the iobuf.
* common/util.h (is_file_compressed): Remove.
* common/iobuf.h (is_file_compressed): Add.
* g10/cipher-aead.c (write_header): Don't call write_status_printf
here.
(cipher_filter_aead): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/cipher-cfb.c (write_header): Don't call write_status_printf
here.
(cipher_filter_cfb): Call write_status_printf when called with
IOBUFCTRL_INIT.
* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
after call of iobuf_push_filter.
(encrypt_crypt): Likewise.
* g10/sign.c (sign_file): Likewise.
--
Cherry-pick from master commit of:
2f872fa68c6576724b9dabee9fb0844266f55d0d
GnuPG-bug-id: 6481
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/compliance.h (PK_ALGO_FLAG_ECC18): New.
* common/compliance.c (gnupg_pk_is_allowed): Implement.
* sm/decrypt.c (gpgsm_decrypt): Pass new flag.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6802
|
| |
|
|
|
| |
* common/openpgpdefs.h (SIGSUBPKT_META_HASH): New.
(SIGSUBPKT_TRUST_ALIAS): New.
|
| |
|
|
|
|
|
|
| |
* common/gettime.c (asctimestamp) [W32]: Use ".UTF8" for the locale.
--
This has been suggested by the reporter of
GnuPG-bug-id: 6741
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/mischelp.c (timegm): Move to ...
* common/gettime.c (timegm): here. On Windows use timegm_u32.
(timegm_u32): New.
(isotime2epoch): Factor code out to ...
(isotime_make_tm): new helper.
(isotime2epoch_u64): New.
(_win32_timegm): Remove duplicated code.
(parse_timestamp): Use of timegm.
(scan_isodatestr): Fallback to isotime2epoch_u64.
--
This mainly helps on 32 bit Windows. For Unix we assume everyone is
using 64 bit or shall wait until the libc hackers finally provide a
time64_t.
GnuPG-bug-id: 6736
|
| |
|
|
|
|
|
|
|
| |
* sm/minip12.c: Factor parsing code out to ...
* common/tlv-parser.c: new. Extend function names and provide a few
extra functions.
* common/Makefile.am (common_sources): Add new file.
* sm/minip12.c: Adjust to use the new parser API.
|
| |
|
|
|
|
|
| |
* common/gettime.c (scan_secondsstr): New.
* common/t-gettime.c (test_scan_secondsstr):
(main): Call it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_change_pin): Use GPG_ERR_BAD_RESET_CODE where
appropriate.
* common/util.h: Add error codes missing in gpgrt 1.46.
* agent/call-pinentry.c (unlock_pinentry): Handle
GPG_ERR_BAD_RESET_CODE.
(agent_askpin): Ditlo. Also simply condition.
(agent_get_passphrase): Ditto.
* g10/call-agent.c (status_sc_op_failure): Handle
GPG_ERR_BAD_RESET_CODE.
* g10/card-util.c (write_sc_op_status): Ditto.
* tools/card-call-scd.c (status_sc_op_failure): Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/dotlock.c (next_wait_interval): New.
(dotlock_take_unix): Use new function.
(dotlock_take_w32): Ditto.
--
In particular when using a dotlock file for protecting the spawning
and several processes try to spawn the agent or another component, we
often run into long delays. The solution is to is to exponential
backoff and also to reduce the initial delay from 50ms to 4ms. We
further limit the maximum wait period to about 2 seconds and then
repeat at intervals of 512, 1024 and 2048ms. In the wait-forever case
we add a small random value to have different intervals per process.
GnuPG-bug-id: 3380
For testing this code snippet in the spawning function might be
useful:
const char *s;
if ((s=getenv("hold_gpg_file")))
while (!gnupg_access (s, F_OK))
gnupg_sleep (1);
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/b64dec.c (b64decode): New.
* common/t-b64.c: Change license to LGPL.
(oops): New macro.
(hex2buffer): New.
(test_b64decode): New.
(main): Default to run the new test.
* common/Makefile.am (module_maint_tests): Move t-b64 to ...
(module_tests): here.
--
Sometimes we have a short base64 encoded string we need todecode.
This function makes it simpler.
License change of the test module justified because I am the single
author of the code.
|
| |
|
|
|
|
|
|
| |
* common/stringhelp.c (gnupg_memstr): New.
* common/mbox-util.c (my_memstr): Remove.
(is_valid_mailbox_mem): Use gnupg_memstr.
* common/recsel.c (my_memstr): Remove.
(recsel_select): Use gnupg_memstr.
|
| |
|
|
|
|
|
| |
* common/sysutils.c (gnupg_remove): Detect /dev/null.
--
GnuPG-bug-id: 6556
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.c (gnupg_w32_set_errno): Return EC.
--
Cherry-pick master commit of:
4c6b759368bcf19a13df07c5c6080765ecac28ca
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* common/iobuf.c (file_filter, sock_filter): Add missing mapping.
--
GnuPG-bug-id: 6528
|
| |
|
|
|
|
| |
* sm/minip12.c (struct tag_info): Change type of length and nhdr.
(dump_tag_info): Adjust.
(parse_tag): Re-implement using the parse_ber_header.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/ksba-io-support.c (struct writer_cb_parm_s): Add field
progress.
(struct gnupg_ksba_io_s): Add field is_writer.
(update_write_progress): New.
(base64_writer_cb, plain_writer_cb): Call update_write_progress.
(base64_finish_write): Ditto.
(gnupg_ksba_create_writer): Set is_writer.
(gnupg_ksba_set_progress_cb): New.
(gnupg_ksba_set_total): New.
* common/ksba-io-support.h (gnupg_ksba_progress_cb_t): New type.
* sm/server.c (gpgsm_status2): Return error from statusfp writes.
(gpgsm_progress_cb): New.
* sm/decrypt.c (gpgsm_decrypt): Set progress handler.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6534
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/iobuf.c (iobuf_get_filelength): Change return type to
uint64_t and remove the overflow args. For Windows always use
GetFileSizeEx which is available since the long EOL-ed Windows XP.
* g10/sign.c (write_plaintext_packet): Adjust for changed
iobuf_get_filelength.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto.
* g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit.
* g10/filter.h (progress_filter_context_t): Change amount values to
use uint64_t.
* g10/progress.c (write_status_progress): Change accordingly.
--
GnuPG-bug-id: 6534
|
| |
|
|
|
|
|
|
|
| |
* common/iobuf.c (file_filter): Improve diagnostics.
* g10/build-packet.c (do_plaintext): Make sure to cache all error
cases.
--
GnuPG-bug-id: 6528
|
| |
|
|
|
|
|
| |
* common/sysutils.c (map_w32_to_errno): Add mapping.
--
We see this error sometimes when writing to an USB connected disk.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (cmd_ad_query): Add options --help and --subst.
(cmd_getinfo): Add sub-command "sid".
* dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New.
* dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New.
(getval_for_filter): New.
(map_rid_to_dn): New.
(ks_ldap_query): Support variables.
--
The new variables features makes it easier to write AD queries without
requiring domain specific expressions.
|
| |
|
|
|
|
|
|
|
| |
* common/stringhelp.c (substitute_envvars): Factor code out to
(substitute_vars): new.
(subst_getenv): New.
--
This is a generalized version of substitute_envvars.
|
| |
|
|
|
|
|
| |
* common/name-value.c (nve_set): New.
--
Taken from 2.2 commit 706adf669173ec604158e4a2f4337e3da6cb1e45
|
| |
|
|
|
|
| |
* common/iobuf.c (direct_open) [W32]: Set errno.
(fd_cache_open): Ditto.
--
|
| |
|
|
|
|
|
|
| |
* common/sexputil.c (get_ecc_q_from_canon_sexp): Initialize ECC_Q_LEN.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* common/homedir.c (gnupg_maybe_make_homedir): Factor some code out to
...
(create_common_conf): new.
(standard_homedir): Call it also from here.
--
Fixes-commit: d9e7488b17fdc617eec735e2c0485b69285ba511
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h (GNUPG_MODULE_NAME_GPGTAR): New.
* common/homedir.c (gnupg_module_name): Add it.
* tools/gpgtar.c: Include comopt.h.
(enum cmd_and_opt_values): Add oDebug.
(opts): Add --debug.
(any_debug): New.
(main): Parse common.conf.
--
Having a way to see the output of gpgtar is often useful for
debugging. The only effect of the debug option is to show whether
common.conf was read.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/openpgp-oid.c (openpgp_curve_to_oid): Repalce strmcp by
ascii_strcasecmp.
(openpgp_oid_or_name_to_curve): Ditto.
(openpgp_is_curve_supported): Ditto.
(get_keyalgo_string): Ditto.
--
It was just to hard to remember the correct capitalization of
names like brainpoolP512r1.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner.
(opts): Add "assert-signer".
(main): Set option.
(assert_signer_true): New var.
(g10_exit): Evaluate new var.
* g10/main.h (assert_signer_true): Declare new var.
* common/status.h (STATUS_ASSERT_SIGNER): New.
* g10/options.h (opt): Add field assert_signer_list.
* g10/verify.c (is_fingerprint): New.
(check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call that function. Clear
assert_signer_true on a warning.
* g10/gpgv.c: Add dummy function and vars.
* g10/t-keydb-get-keyblock.c: Ditto.
* g10/t-keydb.c: Ditto.
* g10/t-stutter.c: Ditto.
--
|
| |
|
|
|
|
| |
* common/comopt.h (struct gnupg_comopt_s): New.
* common/comopt.c (struct gnupg_comopt_s): Define here in the data
segment.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (gnupg_maybe_make_homedir): Also create a
common.conf.
* g10/keydb.c: Include comopt.h.
(maybe_create_keyring_or_box): Detect the creation of a common.conf.
* g10/gpg.c (main): Avoid adding more resources in this case.
* sm/keydb.c: Include comopt.h.
(maybe_create_keybox): Detect the creation of a common.conf.
* common/comopt.h (comopt): Remove the conditional "extern".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private
keys.
(pubkey_algo_string): Ditto.
* scd/app-openpgp.c (do_writekey): Switch key attributes
--
The scd WRITEKEY command for OpenPGP cards missed proper support to
aautomagically switch key attributes based on the new key. We had
this only in GENKEY.
GnuPG-bug-id: 6378
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New.
* dirmngr/crlcache.c (cache_isvalid): Set this status.
(crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
(crl_cache_reload_crl): Move diagnostic to ...
* dirmngr/crlfetch.c (crl_fetch): here.
* dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
* dirmngr/validate.c (check_revocations): Handle new status. Improve
diagnostics.
* common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ.
* common/audit.c (proc_type_verify): Ditto.
--
This avoids repeated loading of CRLs in case of untrusted root
certificates.
|
