| Commit message (Collapse) | Author | Files | Lines |
|
--
|
|
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
--
GnuPG-bug-id: 4229
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/call-agent.c (learn_status_cb): Parse "bt" flag.
* g10/call-agent.h: New member field "bt".
* g10/card-util.c (uif): Limit its access only when it is supported.
* scd/app-openpgp.c (do_setattr): Allow access to UIF objects only
when there is a button.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
--
GnuPG-bug-id: 4223
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* agent/command.c (cmd_genkey): Initialize 'value'.
--
GnuPG-bug-id: 4222
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
than EOF.
--
GnuPG-bug-id: 4221
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tools/gpg-connect-agent.c (do_open): dup the fileno and close the
stream.
GnuPG-bug-id: 4220
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* sm/gpgsm.c (main): Fix error message.
--
GnuPG-bug-id: 4219
|
|
* g10/parse-packet.c (parse_signature): Allow for v5 signatures.
* g10/sig-check.c (check_signature_end_simple): Support the 64bit v5
byte count.
* g10/sign.c (hash_sigversion_to_magic): Ditto.
(write_signature_packets): Request v5 sig for v5 keys. Remove useless
condition.
(make_keysig_packet): Request v5 sig for v5 keys.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
request.
--
We append the raw non-canonicalized local address part to the hash.
Servers who serve the requests from static files will ignore the
parameters and a test with posteo shows that also services using a
database ignore the parameter. The general idea is that service
providers may use their own canonicalization rules. The problem is
that we currently filter the returned key for the full mail address
and thus we will never see a key if the service did a different
canonicalization than we. So consider this to be an experiment.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* agent/command-ssh.c (get_client_info): Turn client_uid into an int.
Fix setting of it in case of a failed getsocketopt.
* agent/command.c (start_command_handler): Fix setting of the pid and
uid for Windows.
--
Fixes-commit: 28aa6890588cc108639951bb4bef03ac17743046
which obviously was only added to master.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from
mime-maker.c.
(rfc822_valid_header_name_p): New. Based on code from mime-maker.c.
(rfc822_capitalize_header_name): New. Copied from mime-maker.c.
(capitalize_header_name): Remove. Replace calls by new func.
(my_toupper, my_strcasecmp): New.
* tools/mime-maker.c: Include rfc822parse.h.
(HEADER_NAME_CHARS, capitalize_header_name): Remove.
(add_header): Replace check and capitalization by new functions.
--
This is a straightforward change with two minor chnages:
- In rfc822parse.c the capitalization handles MIME-Version special.
- The check in mime-maker bow detects a zero-length name as invalid.
my_toupper and my_strcasecmp are introduced to allow standalone use
of that file.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.
--
We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".
GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* agent/divert-scd.c (getpin_cb): Display correct message.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/apdu.c (set_prompt_cb): New member function.
(set_prompt_cb_ccid_reader): New function.
(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
(apdu_set_prompt_cb): New.
* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
* ccid-driver.c (ccid_set_prompt_cb): New.
(bulk_in): Call ->prompt_cb when timer extension.
* scd/command.c (popup_prompt): New.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* agent/divert-scd.c (getpin_cb): Support --ack option.
--
We are now introducing "acknowledge button" feature to scdaemon,
so that we can support OpenPGPcard User Interaction Flag.
We will (re)use the mechanism of POPUPPINPADPROMPT for this. Perhaps,
we will change the name of POPUPPINPADPROMPT, since it will be no
longer for PINPAD only.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--
This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb. This also requires that
the tofu trust model is requested on the command line. If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,
GnuPG-bug-id: 4134
|
|
* g10/sig-check.c (check_signature_end_simple):
--
Obviously we should not ignore a back signature here.
Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5
GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/pubkey-enc.c (get_session_key): Take care of
opt.skip_hidden_recipients.
--
This was lost due to
Fixes-commit: ce2f71760155b71a71418fe145a557c99bd52290
GnuPG-bug-id: 4169
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* g10/options.h (IMPORT_DROP_UIDS): New.
(EXPORT_DROP_UIDS): New.
* g10/import.c (parse_import_options): Add option "import-drop-uids".
(import_one): Don't bail out with that options and no uids found.
Also remove all uids.
(remove_all_uids): New.
* g10/export.c (parse_export_options): Add option "export-drop-uids".
(do_export_one_keyblock): Implement option.
--
These options are required for experiments with changes to the
keyserver infrastructure.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.
--
When gpg was invoked by a Perl web application on FreeBSD, fstat in
gnupg_reopen_std failed with EBADF. Using fcntl, which is considered
lighter than fstat, it works fine. Since uur purpose is to check if
file descriptor is valid or not, lighter operation is better.
Reported-by: Marcin Gryszkalis <mg@fork.pl>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/card-util.c (uif, cmdUIF): New.
(card_edit): Add call to uif by cmdUIF.
* scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3.
(do_setattr): Likewise.
(do_learn_status): Learn UIF-1, UIF-2, and UIF-3.
--
GnuPG-bug-id: 4158
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/card-util.c (card_status): Release memory of serial number.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t.
--
The use of pubkey_t was wrong. The use is just a list of keys, not
with keyblock. With SK_LIST, release_sk_list releases memory by
free_public_key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/skclist.c (enum_secret_keys): Free SERIALNO on update.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/skclist.c (enum_secret_keys): Don't forget to call
free_public_key in the error return paths.
--
Reported-by: Philippe Antoine
GnuPG-bug-id: 4140
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
This reverts commit 04b56eff118ec34432c368b87e724bce1ac683f9.
--
Now the access to hosttable is serialized correctly.
|
|
* dirmngr/dirmngr.h (ks_hkp_init): New.
* dirmngr/dirmngr.c (main): Call ks_hkp_init.
* dirmngr/ks-engine-hkp.c (ks_hkp_init): New.
(ks_hkp_mark_host): Serialize access to hosttable.
(ks_hkp_print_hosttable, make_host_part): Likewise.
(ks_hkp_housekeeping, ks_hkp_reload): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* common/iobuf.c (block_filter): Use iobuf_get_noeof.
--
When singed integer has negative value, left shift computation is
undefined in C.
GnuPG-bug-id: 4093
Reported-by: Philippe Antoine
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
error when npth_mutex_init returns non-zero.
--
Actually, initialize_module_call_pinentry is only called once from
main. So, this bug had no harm and having the static variable
INITIALIZED is not needed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--
If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
through the host table instead of risking out-of-bounds write.
--
Multiple threads may write to hosttable[x]->dead while
select_random_host() is running. For example, a housekeeping thread
might clear the ->dead bit on some entries, or another connection to
dirmngr might manually mark a host as alive.
If one or more hosts are resurrected between the two loops over a
given table in select_random_host(), then the allocation of tbl might
not be large enough, resulting in a write past the end of tbl on the
second loop.
This change collapses the two loops into a single loop to avoid this
discrepancy: each host's "dead" bit is now only checked once.
As Werner points out, this isn't currently strictly necessary, since
npth will not switch threads unless a blocking system call is made,
and no blocking system call is made in these two loops.
However, in a subsequent change in this series, we will call a
function in this loop, and that function may sometimes write(2), or
call other functions, which may themselves block. Keeping this as a
single-pass loop avoids the need to keep track of what might block and
what might not.
GnuPG-bug-id: 2836
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
|
* g10/import.c (read_block): Call free_packet to skip the packet.
--
Reported-by: Philippe Antoine
GnuPG-bug-id: 3916
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* tests/gpgscm/scheme.c (CASE): Use unused attribute for GCC > 6.
(FALLTHROUGH): New for fallthrough.
(Eval_Cycle): Use FALLTHROUGH. Remove not-needed comment of
fallthrough.
--
Since GCC combines C preprocessor macro expansion, the fallthrough
comment doesn't work well to suppress warnings for
-Wimplicit-fallthrough, near the macro CASE. To handle this
problem, we use GCC's extension of unused label and fallthrough
attributes.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
--
|
|
* g10/keygen.c (generate_keypair): Show more info.
--
GnuPG-bug-id: 3912
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
Includes a fix for
GnuPG-bug-id: 3906
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/getkey.c (get_pubkeys): Remove.
(pubkey_free): Remove and use code directly ...
(pubkeys_free): ... here.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
GnuPG-bug: 3353
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/gpg.c (oKnownNotation): New const.
(opts): Add option --known-notation.
(main): Set option.
* g10/parse-packet.c (known_notations_list): New local var.
(register_known_notation): New.
(can_handle_critical_notation): Rewrite to handle the new feature.
Also print the name of unknown notations in verbose mode.
--
GnuPG-bug-id: 4060
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
(get_pubkey_byname): Set it.
(only_expired_enc_subkeys): New.
(get_best_pubkey_byname): Add support to refresh expired keys from the
WKD.
--
A little drawback of that code is that if the WKD has no update for an
expired key each access of the key will trigger a WKD lookup (unless
cached by the dirmngr). To avoid this we need to record the last time
we have checked for an update but that would in turn require that we
update the keyring for each check. We defer this until we have a
better key database which allows for fast updates of meta data.
Testing the code is currently a bit cumbersome because it requires to
update a key in the WKD several times. Eventually we we need a
network emulation layer to provide sample data for the regression
tests.
GnuPG-bug-id: 2917
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
Change both callers.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to
"*len".
* g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to
return the actual length.
(agent_release_card_info): Adjust for these changes.
* g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add
arg FPRLEN. Change all callers to pass the length.
(print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg
FPRLEN. Change all callers to pass the length.
(fpr_is_zero): Add arg FPRLEN.
(fpr_is_ff): Ditto.
(show_card_key_info): Use the new functions.
* g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN.
--
This is not needed right now but we should get rid of all hard coded
fingerprint lengths. Thus this change.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns
fingerprint in binary, change it to hex string.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|