summaryrefslogtreecommitdiffstats
path: root/po (unfollow)
Commit message (Collapse)AuthorFilesLines
2017-07-21gpg: Fix possible double free of the card serialno.Werner Koch1-0/+6
* g10/free-packet.c (copy_public_key): Copy fields serialno and updateurl. -- The PK->serialno is used to get the version of the card to decide whether it does support other algorithms than SHA-1. This value is cached but no deep copy was done when calling copy_public_key. Bug detected by importing some public keys and then importing a secret key which led to a double free. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-21gpg: Use macros to check the signature class.Werner Koch1-24/+24
* g10/import.c: Use the extistin macros for better readability. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-21g10: Clean keyblock on initial commit.Marcus Brinkmann1-0/+5
* g10/import.c (import_one): If option import-clean is set, also clean on initial import, not only for merge. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2401
2017-07-21scd: Fix SEGV in CCID driver.NIIBE Yutaka1-4/+7
* scd/ccid-driver.c (intr_cb): Only kick the loop for removal. (bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-21g10: Don't limit at the frontend side for card capability.NIIBE Yutaka1-37/+12
* g10/card-util.c (MAX_GET_DATA_FROM_FILE): New. (get_data_from_file): Use MAX_GET_DATA_FROM_FILE. (change_url, change_login, change_private_do): Don't limit. -- V3.3 card support longer data for URL, Login and Private DOs. It's scdaemon which knows that. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-21scd: Add debug message for v3 card.NIIBE Yutaka1-8/+17
* scd/app-openpgp.c (show_caps): Output more messages. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-20doc: Clarify wording of export-attributes.Marcus Brinkmann1-3/+4
* doc/gpg.texi: Clarify wording of export-attributes. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2228
2017-07-20indent: Improve readability of some comments in getkey.cWerner Koch1-165/+168
-- Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-20gpg: New option --with-key-origin.Werner Koch7-12/+90
* g10/getkey.c (parse_key_origin): Factor list out as ... (key_origin_list): new struct. (key_origin_string): New. * g10/gpg.c (oWithKeyOrigin): New const. (opts): New option --with-key-origin. (main): Implement option. * g10/options.h (struct opt): New flag with_key_origin. * g10/keylist.c (list_keyblock_print): Print key origin info. (list_keyblock_colon): Ditto.
2017-07-20common: New function print_utf9_string.Werner Koch2-0/+11
* common/miscellaneous.c (print_utf8_string): New. -- This is a simple convenience function. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-20doc: Comment fixes and one trailing comma fix.Werner Koch4-8/+8
--
2017-07-20gpg: Make function mk_datestr public.Werner Koch2-22/+25
* g10/keydb.h (MK_DATESTR_SIZE): New. * g10/keyid.c (mk_datestr): Make public. Add arg bufsize and use snprintf. Change arg atime to u32. (datestr_from_pk): Simplify. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. -- Note that this also reduces the size of the static buffers from 16 to 11 which is sufficient for the string. In the past we added the 5 extra bytes to cope for bugs in gmtime which is now handles by snprintf. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-20g10: Return proper error when gpg-agent fails to start during probe.Marcus Brinkmann1-2/+8
* g10/getkey.c (lookup): Return immediately on any other error than GPG_ERR_NO_SECKEY from agent_probe_any_secret_key. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2204
2017-07-20scd: Support longer data length for special DOs for v3 card.NIIBE Yutaka1-16/+45
* scd/app-openpgp.c (data_objects): Special DOs like "Login Data", "URL", "Private DO N" can be longer size >= 256. (struct app_local_s): Define bits for v3 card. (get_cached_data): Use extcap.max_special_do for special DOs. (app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits. -- GnuPG-bug-id: 3262 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-20common: logstream fix.NIIBE Yutaka1-1/+2
* common/logging.c (set_file_fd): Don't close es_stderr. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-20dnsmngr: Fix use of CPP.NIIBE Yutaka1-5/+23
* dirmngr/dns.c (HAVE_STATIC_ASSERT, HAVE___ATOMIC_FETCH_ADD) (DNS_HAVE_SOCKADDR_UN, HAVE_SOCK_NONBLOCK): Don't use defined to be expanded for expression evaluation. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-19dirmngr: Forbid redirects from .onion to clearnet URIs.Justus Winter2-0/+50
* dirmngr/ks-engine-hkp.c (send_request): Forbid redirects from .onion to clearnet URIs. * dirmngr/ks-engine-http.c (ks_http_fetch): Likewise. -- This protects users from misconfigured .onion services. GnuPG-bug-id: 3087 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.Werner Koch1-0/+4
* g10/mainproc.c (check_sig_and_print): Track key server request via fingerprint. -- New signatures carry the fingerprint and thus --auto-key-retrieve tries to lookup the key by fingerprint. If that failed it used to also ask the same thing by KEYID - but the keyid is part of the fingerprint and thus it will either get no response or the wrong key back. We can easily avoid this. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-19dirmngr: Implement TLS over http proxies.Justus Winter1-1/+90
* dirmngr/http.c (send_request): If a http proxy is to be used, and we want to use TLS, try to use the CONNECT method to get a connection to the target server. GnuPG-bug-id: 2940 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19dirmngr: Log http response in debug mode.Justus Winter1-2/+2
* dirmngr/http.c (parse_response): Log http response in debug mode. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19dirmngr: Amend TLS handling.Justus Winter1-1/+3
* dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the write cookie, not from the URI. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19dirmngr: Fix connecting to http proxies.Justus Winter1-1/+1
* dirmngr/http.c (send_request): Do not use the 'srvtag' intended for the target host to connect to the http proxy. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19dirmngr: Fix handling of proxy URIs.Justus Winter1-2/+3
* dirmngr/http.c (send_request): We do not support socks4. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-19gpgconf: Make vars read-only explicitly.NIIBE Yutaka1-5/+5
* tools/gpgconf-comp.c (gc_backend, gc_arg_type, gc_level, gc_flag) (gc_component): Add const qualifier. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-19Fix usage of ARGPARSE_OPTS.NIIBE Yutaka9-9/+13
* agent/gpg-agent.c, agent/preset-passphrase.c, dirmngr/dirmngr-client.c, dirmngr/dirmngr_ldap.c, kbx/kbxutil.c, tools/gpg-check-pattern.c, tools/gpgconf.c, tools/gpgsplit.c, tools/symcryptrun.c: Use ARGPARSE_end. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-18common: Allow abbreviations of standard options.Marcus Brinkmann2-7/+52
* argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION, ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New macros. (ARGPARSE_end): Add some placeholders for standard options. * argparse.c (arg_parse): Fill in missing standard options so default machinery works. Check for standard options in new way. Do not write out standard options for --dump-options. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 1747
2017-07-18gpgscm,w32: Fix testing for absolute paths.Justus Winter1-2/+15
* tests/gpgscm/main.c (path_absolute_p): New function. (load): Use new function. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18dirmngr: Honor http keyserver URLs.Justus Winter3-6/+15
* dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI. * dirmngr/http.h (struct parsed_uri_s): New field 'original'. * dirmngr/ks-action.c (ks_action_get): Properly handle http and https URLs. -- If a key has a http or https URL as preferred keyserver, fetch the key from there. Previously, dirmngr unconditionally interpreted these URLs as hkp servers. GnuPG-bug-id: 2924 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18dirmngr: Fix memory leak.Justus Winter1-1/+1
* dirmngr/http.c (parse_uri): Properly free partial results. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-18dirmngr: Fix memory leak.Justus Winter1-0/+5
* dirmngr/http.c (http_release_parsed_uri): Free 'params'. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-17gpg,sm: Check compliance of the RNG.Werner Koch8-0/+131
* common/compliance.c (gnupg_rng_is_compliant): New. * g10/call-agent.c (start_agent) [W32]: Check rng compliance. * sm/call-agent.c (start_agent) [W32]: Ditto. * g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is compliant. * sm/encrypt.c (gpgsm_encrypt): Ditto. * g10/sign.c (do_sign): Ditto. * sm/sign.c (gpgsm_sign): Ditto. -- Under Windows we need to check that the Jitter RNG is active in de-vs mode. Under Linux this is not necessary because /dev/random can be scrutinized and is believed to provide enough entropy. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-17agent: New GETINFO sub-command jent_active.Werner Koch1-0/+19
* agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8. -- For the de-vs compliance of gpg we need to check whether the Jitter RNG is used on Windows. This change allows to test this for gpg-agent. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-17common: New function split_fields_colon.Werner Koch3-0/+116
* common/stringhelp.c (split_fields_colon): New. * common/t-stringhelp.c (test_split_fields_colon): New test. (main): Call that test. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-14tests: Improve 'shell.scm' script.Justus Winter2-4/+25
* tests/openpgp/defs.scm (create-file): Unlink file first. * tests/openpgp/shell.scm: Ask whether to import legacy test keys or not, and whether to drop 'batch' from the configuration. Add paths to all the programs to 'PATH'. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-14gpgscm: Library improvements.Justus Winter2-1/+23
* tests/gpgscm/repl.scm (prompt-yes-no?): New function. * tests/gpgscm/tests.scm (pathsep-split): Likewise. (pathsep-join): Likewise. (with-path): Use the new function. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-14gpgscm: Fail early if the test setup fails.Justus Winter1-0/+2
* tests/gpgscm/tests.scm (make-environment-cache): Check status code of setup script. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-14gpg: Fix importing keys.Justus Winter1-3/+6
* g10/import.c (import_one): Fix error handling. Fixes-commit: 330212efb927c119bb5135856f8582c0e4e2e6b7 Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-13gpg: Pass key origin values to import functions.Werner Koch6-37/+55
* g10/import.c (import_keys_stream): Remove this unused function. (import_keys_internal): Add arg origin. (import_keys): Ditto. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. (apply_meta_data): New stub. (import_secret_one): Pass 0 for ORIGIN. * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN. (keyserver_fetch): Add arg origin. (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN. (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN. * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and keyserver_fetch. * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN. -- This is just the framework; applying the meta data will be done in another commit. GnuPG-bug-id: 3252 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13gpg: New option --key-origin.Werner Koch10-26/+83
* g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13doc: Document gnupg version requirement for gpg-preset-passphrase.Marcus Brinkmann1-0/+2
Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2331
2017-07-13gpgscm: Make loading of modules less verbose.Justus Winter1-1/+1
* tests/gpgscm/main.c (load): Increase logging threshold. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-13gpgscm: Make it impossible to catch '*interpreter-exit*'.Justus Winter1-2/+2
* tests/gpgscm/init.scm (throw'): Make it impossible to catch '*interpreter-exit*'. This fixes 'exit' (and with it 'fail') inside 'catch' statements. Signed-off-by: Justus Winter <justus@g10code.com>
2017-07-12dirmngr: Fix license note in server.cWerner Koch1-15/+0
-- This double license note was accidentally added while only wanting to add another copyright line. Fixes-commit: 3419a339d9c4e800bf30e9021e05982d8c1021c1 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-10tofu: Compare squares instead of square roots.Marcus Brinkmann4-269/+9
* g10/Makefile.am (tofu_source) [USE_TOFU]: Remove sqrtu32.h and sqrtu32.c. * g10/sqrtu32.h, g10/sqrtu32.c: Removed files. * g10/tofu.c: Compare squares instead of square roots. -- The original code is a factor 11.5 slower than using libm's sqrt(), which in turn is a factor 3.5 slower than using one multiplication on the other side of the comparison. Also, it's much simpler now. Signed-off-by: Marcus Brinkmann <mb@g10code.com>