1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

5400 Commits

Author SHA1 Message Date
Werner Koch
5bf04522e3 http: Print human readable GNUTLS status.
* common/http.c (send_gnutls_bye): Take care of EAGAIN et al.
(http_verify_server_credentials): Print a human readable status.
2014-06-13 19:39:48 +02:00
Werner Koch
d8314e31c5 gpg: Improve the output of --list-packets
* g10/parse-packet.c (parse): Print packet meta info in list mode.
--

In particular having the file offset of the packets is often useful.
2014-06-12 14:41:40 +02:00
Werner Koch
6eeb31abee speedo: Improve building of the w32 installer.
* build-aux/speedo.mk: Change name of build directory to PLAY.
Improve the dist-source target.
* build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank
line (plus comment).
* build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*.
Install more tools.
--

gdk-pixbuf-loaders.cache needs to end with an extra LF or the
gdk-pixbuf is not able to read the last entry.  The final comment is
to make our git sanity checks happy.

Running

 make -f build-aux/speedo.mk \
      TARGETOS=w32 TARBALLS=~/tarballs installer

does now create a working installer.  After removing dirmngr from the
installation GPA kind of works.  There are remaining problems with
dirmngr and scdaemon which will be fixed soon.

Running

 make -f build-aux/speedo.mk \
      TARGETOS=w32 TARBALLS=~/tarballs dist-source

creates an xz compressed tarball with all the sources used to build
the installer.  Distributing this tarball along with the installer is
sufficient to comply with the GPL.  Well, some more instructions
should be given in the readme files.
2014-06-11 15:45:29 +02:00
Werner Koch
e06d5d1a3b speedo: Revamped speedo and include a w32 installer.
* build-aux/speedo/: New.
* build-aux/speedo/w32/: New.
--

The new installer uses some code from Gpg4win but is much smaller and
easier to maintain.  To build an installer, unpack GnuPG and then run

  make -f build-aux/speedo.mk  TARBALLS=~/mytarballs installer

~/mytarballs is a directory with tarballs of external libraries.  See
speedo.mk for a list of them.

WARNING: The installed W32 version does not correctly work right now.
2014-06-10 21:34:39 +02:00
Werner Koch
0399d87f7a build: Add more options to autogen.sh.
* autogen.sh: Add options --print-host and --print-build.
--

Being able to know the build system and the host as used by GnuPG is
useful to build other packages.
2014-06-10 16:45:54 +02:00
Werner Koch
141d69cb2a w32: Fix build problem with dirmngr.
* dirmngr/ks-engine-hkp.c (EAI_SYSTEM) [W32]: Add replacement
constant.
2014-06-10 15:11:32 +02:00
Werner Koch
45ed901c46 gpg: Use more specific reason codes for INV_RECP.
* g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific
reasons codes for INV_RECP.
--

GnuPG-bug-id: 1650
2014-06-10 14:54:55 +02:00
Werner Koch
b67e4e523e Improve the beta number generation.
* autogen.sh: Add option --find-version
* configure.ac: Rework the setting of the mym4_ variables.
--

The old system was not too well defined if no release for a series has
yet been done.  We now introduce a "PACKAGE-N.M-base" tag to solve
this problem.  To keep the M4 code readable the GIT parsing has been
moved to ./autogen.sh.
2014-06-06 17:16:37 +02:00
Werner Koch
518d835380 Post beta release update.
--

656fef6454972cb91741c37a0fd19cd9ade9db9c  gnupg-2.1.0-beta442.tar.bz2
2014-06-05 17:05:33 +02:00
Werner Koch
27f4ce40e0 Release 2.1.0-beta442.
--

This beta is small contribution for today's Reset The Net campaign.

  It is a crying shame that the government of my country is not
  willing to offer Edward Snowden asylum and protect him from the evil
  institutions of those allies who once thankfully kicked out the most
  evil German powers.  Back in these dark years, many people had to
  ask for asylum over there and it was granted.  Now we have to fear
  their Blockwarts who are listening to the entire world.  It would be
  more than justified for us to help that brave guy.
2014-06-05 16:47:19 +02:00
Werner Koch
ab7d85be82 po: Auto-update po files.
--
2014-06-05 16:22:18 +02:00
Werner Koch
533ff0ab56 Update README file.
--

The copyright list in AUTHORS as been compiled from a distribution
tarball.
2014-06-05 16:20:44 +02:00
Werner Koch
23712e69d3 Remove keyserver helper code.
* configure.ac: Remove keyserver helper related stuff.
* Makefile.am (SUBDIRS): Remove keyserver.
* keyserver/Makefile.am: Remove.
--

The dirmngr is used instead of the keyserver helpers.  Thus there is
more need to distribute the old code.  We keep it in the repo for
references, though.
2014-06-05 13:44:40 +02:00
Werner Koch
9c9e26d41e gpg: Require confirmation for --gen-key with experimental curves.
* g10/keygen.c (ask_curve): Add arg both.  Require confirmation for
Curve25519.
2014-06-05 12:03:27 +02:00
Werner Koch
4f0625889b gpg: Auto-migrate existing secring.gpg.
* g10/migrate.c: New.
* g10/import.c (import_old_secring): New.
(import_one): Add arg silent.
(transfer_secret_keys): Add arg batch.
(import_secret_one): Add args batch and for_migration.
* g10/gpg.c (main): Call migration function.
2014-06-05 11:19:59 +02:00
Werner Koch
09a2d4ec74 gpgsm: Fix commit be07ed65.
* sm/server.c (option_handler): Use "with-secret".
2014-06-04 08:50:10 +02:00
Werner Koch
be07ed65e1 Add new option --with-secret.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret.  Also move
the token string from the wrong field 14 to 15.
--

This option is useful for key managers which need to know whether a
key has a secret key.  This change allows to collect this information
in one pass.
2014-06-03 21:35:59 +02:00
Werner Koch
d89dc6917e artwork: Add 128x128 variant of the logo.
--
2014-06-03 18:58:35 +02:00
Werner Koch
0beec2f0f2 gpgsm: New commands --export-secret-key-{p8,raw}
* sm/gpgsm.c: Add new commands.
* sm/minip12.c (build_key_sequence): Add arg mode.
(p12_raw_build): New.
* sm/export.c (export_p12): Add arg rawmode.  Call p12_raw_build.
(gpgsm_p12_export): Ditto.
(print_short_info): Print the keygrip.
2014-06-03 18:57:33 +02:00
Werner Koch
50cd3d40ae doc: Minor texi updates.
--
2014-06-03 08:58:20 +02:00
Werner Koch
958e5f292f gpg: Avoid NULL-deref in default key listing.
* g10/keyid.c (hash_public_key): Take care of NULL keys.
* g10/misc.c (pubkey_nbits): Ditto.
--

This problem was mainly due to our ECC code while checking for opaque
MPIs with the curve name.
2014-06-02 19:54:22 +02:00
Werner Koch
f3249b1c4d gpg: Simplify default key listing.
* g10/mainproc.c (list_node): Rework.
--

GnuPG-bug-id: 1640
2014-06-02 19:50:18 +02:00
Werner Koch
d9cde7ba7d gpg: Graceful skip reading of corrupt MPIs.
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--

This gets gpg 2.x in sync to what gpg 1.4 does.  No need to die for a
broken MPI.

GnuPG-bug-id: 1593

Resolved conflicts:
	g10/parse-packet.c - whitespaces fixes.
2014-06-02 18:42:45 +02:00
Werner Koch
715285bcbc gpgsm: Handle re-issued CA certificates in a better way.
* sm/certchain.c (find_up_search_by_keyid): Consider all matching
certificates.
(find_up): Add some debug messages.
--

The DFN-Verein recently re-issued its CA certificates without
generating new keys.  Thus looking up the chain using the authority
keyids works but may use still existing old certificates.  This may
break the CRL lookup in the Dirmngr.  The hack to fix this is by using
the latest issued certificate with the same subject key identifier.

As usual Peter Gutman's X.509 style guide has some comments on that
re-issuing.

GnuPG-bug-id: 1644
2014-06-02 16:02:30 +02:00
Werner Koch
42c043a8ad gpgsm: Add a way to save a found state.
* kbx/keybox-defs.h (keybox_found_s): New.
(keybox_handle): Factor FOUND out to above.  Add saved_found.
* kbx/keybox-init.c (keybox_release): Release saved_found.
(keybox_push_found_state, keybox_pop_found_state): New.

* sm/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init it.
(keydb_push_found_state, keydb_pop_found_state): New.
2014-06-02 15:55:00 +02:00
Werner Koch
99972bd6e9 gpg: Fix bug parsing a zero length user id.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.

* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--

The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte.  With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte.  Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".

The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
2014-06-02 11:47:25 +02:00
Werner Koch
9e1c99f800 dirmngr: Print certificates on failed TLS verification.
* dirmngr/ks-engine-hkp.c (cert_log_cb): New.
(send_request): Set callback.
--

We use the KSBA functions here because we have them anyway in Dirmngr.
2014-05-19 09:48:42 +02:00
Werner Koch
45f15b2d76 http: Add callback to help logging of server certificates.
* common/http.c (http_session_s): Add field cert_log_cb.
(http_session_set_log_cb): New.
(http_verify_server_credentials): Call callback.
2014-05-19 09:47:18 +02:00
Werner Koch
d2d9d4fb60 keyserver: Improve support for hkps pools.
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and
v6addr.
(create_new_hostinfo): Clear them.
(my_getnameinfo): Add args numeric and r_isnumeric.
(is_ip_address): New.
(map_host): Add arg r_host.  Rewrite the code to handle pools in a
special way.
(ks_hkp_print_hosttable): Change format of help info output.
(make_host_part): Add arg optional r_httphost.
(send_request): Add arg httphost.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to
send_request.
--

This changes quite some things on how the hostinfo is maintained.
However, it might be better to rework the data structures and have one
entry per IP address instead of this clumsy patch.
2014-05-16 21:15:40 +02:00
Werner Koch
8b90d79818 http: Allow overriding of the Host header.
* common/http.c (http_open): Add arg httphost.
(http_open_document): Pass NULL for httphost.
(send_request): Add arg httphost.  If given, use HTTPHOST instead of
SERVER.  Use https with a proxy if requested.
(http_verify_server_credentials): Do not stop at the first error
message.
* dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
* keyserver/curl-shim.c (curl_easy_perform): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
2014-05-16 21:01:08 +02:00
Werner Koch
25036ec6ab gpg: Fix uninitialized access to search descindex with gpg keyboxes.
* kbx/keybox-search.c (keybox_search): Add arg  R_DESCINDEX.  Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.
--

This only affects the new keybox for OpenPGP keys in 2.1.  The bug
exhibited itself by running GPA's backup command on Windows.
2014-05-14 18:13:11 +02:00
Werner Koch
71fa6a3510 w32: Make make_absfilename work with drive letters.
* common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix.
2014-05-14 18:13:07 +02:00
Werner Koch
455a4a2212 gpg: Remove useless diagnostic in MDC verification.
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--

The separate diagnostic was introduced for debugging a problems.  For
explaining an MDC error a single error message is easier to
understand.
2014-05-14 08:56:39 +02:00
Werner Koch
b2945c451d gpg: Fix glitch entering a full expiration time.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639
2014-05-14 08:56:36 +02:00
Werner Koch
4aeb02562c agent: Fix import of non-protected gpg keys.
* agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for
non-protected keys.
(convert_from_openpgp_main): Do not call agent_askpin for a
non-protected key.
2014-05-08 10:28:24 +02:00
Werner Koch
cb2aeb4e11 Make more use of *_NAME macros.
* configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New.
(GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New.
(DIRMNGR_DISP_NAME, G13_DISP_NAME): New.
(GPGCONF_DISP_NAME): New.
(SCDAEMON_SOCK_NAME): New.
* common/argparse.c (show_help): Map description string.
2014-05-08 10:28:23 +02:00
NIIBE Yutaka
fb24808db9 agent: Fix auth key comment handling.
* agent/command-ssh.c (ssh_send_key_public): Handle the case with no
comment.
2014-05-08 11:46:38 +09:00
Werner Koch
57011da53e Make -jN work again.
* common/Makefile.am ($(PROGRAMS)): New rule
(t_http_LDADD): Use libcommontls.a without directory prefix.
* dirmngr/Makefile.am ($(PROGRAMS)): New rule.
2014-05-07 16:37:15 +02:00
Werner Koch
359c643d74 gpg: Print the key algorithm/curve with signature info.
* g10/mainproc.c (check_sig_and_print): Print the name and curve.
2014-05-07 15:05:34 +02:00
Werner Koch
e73edfb175 gpg: Fix memleak in signature verification of bogus keys.
* g10/mainproc.c (check_sig_and_print): Factor common code out to ...
(print_good_bad_signature): here.
--

P was not released if the key had no user id.
2014-05-07 14:36:34 +02:00
Werner Koch
e5279c85a0 gpg: Fix indendation of check_sig_and_print.
--
2014-05-07 14:08:42 +02:00
Werner Koch
09055aa0f7 gpg: Mark experimental algorithms in the key listing.
* g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
Print a note for experimental algorithms.
* g10/misc.c (print_pubkey_algo_note): Fix warning message.
2014-05-07 13:50:00 +02:00
Werner Koch
8fee6c1ce6 gpg: Finish experimental support for Ed25519.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey.  Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp):  Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.

* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
 "NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.

* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
2014-05-07 13:27:43 +02:00
Werner Koch
bdb9c2b314 kbx: Add experimental support for EDDSA.
* kbx/keybox-openpgp.c (parse_key): Use algo constants and add
experimental support for EdDSA.
2014-05-07 12:39:43 +02:00
Werner Koch
a63ed98758 agent: Remove greeting message.
* agent/gpg-agent.c (main): Remove greeting.  Make --no-greeting a
dummy.
2014-05-07 08:51:11 +02:00
Werner Koch
6477e51919 Use "samethread" mode keyword for some es_fopenmem.
* dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* scd/atr.c (atr_dump): Ditto.
2014-05-06 09:49:26 +02:00
Werner Koch
60e2fc7d38 dirmngr: Add support for hkps keyservers.
* dirmngr/dirmngr.c: Include gnutls.h.
(opts): Add --gnutls-debug and --hkp-cacert.
(opt_gnutls_debug, my_gnutls_log): New.
(set_debug): Set gnutls log level.
(parse_rereadable_options): Register a CA file.
(main): Init GNUTLS.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
(send_request): Ditto.
2014-05-05 16:23:37 +02:00
Werner Koch
ea0f5481f0 http: Add reference counting to the session object.
* common/http.c (http_session_t): Add field "refcount".
(_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
(send_request, my_npth_read, my_npth_write): Use SOCK object for the
transport ptr.
(http_session_release): Factor all code out to ...
(session_unref): here.  Deref SOCK.
(http_session_new): Init refcount and transport ptr.
(http_session_ref): New.  Ref and unref all assignments.
--

Having the reference counted session objects makes it easier for the
application to pass around only an estream.  Without that the
application would need to implement an es_onclose machinery for the
session object.
2014-05-05 16:06:42 +02:00
Werner Koch
0e59195642 http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info.
* common/http.c (http_parse_uri): Factor code out to ...
(parse_uri): here.  Add arg FORCE_TLS.
(do_parse_uri): Ditto.  Implement flag.
(http_get_tls_info): New.
(http_register_tls_ca): Allow clearing of the list.
(send_request): Use a default verification function.
* common/http.h (HTTP_FLAG_FORCE_TLS): New.
* common/t-http.c (main): Add several command line options.
2014-05-02 17:28:02 +02:00
Werner Koch
2def230231 common: Fix test for openpgp_oid_is_ed25519.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct
value.
2014-05-02 14:07:03 +02:00