gnupg

mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00

Author	SHA1	Message	Date
Werner Koch	32493ce50a	gpg: Add property "fpr" for use by --export-filter. * g10/export.c (push_export_filters): New. (pop_export_filters): New. (export_pubkey_buffer): Add args prefix and prefixlen. Adjust callers. * g10/import.c (impex_filter_getval): Add property "fpr". * g10/main.h (struct impex_filter_parm_s): Add field hexfpr. -- The push and pop feature will help us to use the export filter internally in gpg. Same for the export_pubkey_buffer change. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>	2020-03-13 13:19:31 +01:00
Werner Koch	a605dbb430	gpg: Fix --recv-key in case of a given fingerprint. * g10/keyserver.c (keyserver_retrieval_screener): Compare against actual length. -- This was a long standing and annoying regression due to changes for v5 keys. Really simple to fix :-). Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-30 18:03:31 +02:00
Werner Koch	9698761933	Merge branch 'switch-to-gpgk' into master -- Resolved Conflicts: * common/asshelp.c: Keep the new code in master for spawing under Windows. * g10/Makefile.am: Keep all new file. * g10/photoid.c: Pass CTRL to pct_expando. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-27 15:44:23 +02:00
Werner Koch	aba82684fe	gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-09 15:01:47 +02:00
Werner Koch	d9c4c3776b	gpg: Make --quiet work on --send-keys. * g10/keyserver.c (keyserver_put): Act upon --quiet. -- Suggested-by: Robin H. Johnson <robbat2@gentoo.org> Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-06 16:48:53 +02:00
Werner Koch	e1d9be730c	gpg: Rework the signature subpacket iteration function. * g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args so that the entire signature packet is available. Change all callers. (parse_sig_subpkt): Ditto. -- This patch is a prerequisite to support the new attestation key signatures. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-05 20:38:23 +02:00
NIIBE Yutaka	7bfbb9fa7e	gpg: A little clean up. * g10/keyserver.c: Don't include exec.h. * g10/photoid.c (image_type_to_string): It's constant. * g10/photoid.h (image_type_to_string): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2019-07-23 12:04:21 +09:00
Werner Koch	96bf8f4778	gpg: With --auto-key-retrieve prefer WKD over keyservers. * g10/mainproc.c (check_sig_and_print): Print a hint on how to make use of the preferred keyserver. Remove keyserver lookup just by the keyid. Try a WKD lookup before a keyserver lookup. -- The use of the the keyid for lookups does not make much sense anymore since for quite some time we do have the fingerprint as part of the signature. GnuPG-bug-id: 4595 Signed-off-by: Werner Koch <wk@gnupg.org>	2019-07-05 10:33:13 +02:00
Werner Koch	7102d9b798	gpg: Do not print a hint to use the deprecated --keyserver option. * g10/keyserver.c (keyserver_search): Remove a specialized error message. -- Dirmngr comes with a default keyserver and the suggestion to use gpg --keyserver is not good because that option is deprecated. An error message "No keyserver available" is sufficient. GnuPG-bug-id: 4512 Signed-off-by: Werner Koch <wk@gnupg.org>	2019-05-14 07:56:10 +02:00
Werner Koch	1b1f649dea	gpg: Accept also armored data from the WKD. * g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR. -- We may even adjust the specs to allow that. It should not be a problem for any OpenPGP implementation because armored keys are very common and de-armoring code is de-facto a mandatory feature. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-04-11 09:55:27 +02:00
Werner Koch	bdda31a26b	kbx: Unify the fingerprint search modes. * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16) (KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value. -- These search modes were added over time and there has until recently be no incentive to remove the cruft. With the change for v5 keys I finally went over all places and allowed the generic fingerprint mode along with a given length of the fingerprint at all places. Consequently the other modes can now be removed. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-03-14 14:55:06 +01:00
Werner Koch	f40e9d6a52	kbx: Add support for 32 byte fingerprints. * common/userids.c (classify_user_id): Support 32 byte fingerprints. * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New. (struct keydb_search_desc): Add field fprlen. * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field version and increase size of fpr to 32. * kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs. (struct keyboxblob_key): Add field fprlen and increase size of fpr. (pgp_create_key_part_single): Allow larger fingerprints. (create_blob_header): Implement blob version 2 and add arg want_fpr32. (_keybox_create_openpgp_blob): Detect the need for blob version 2. * kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte fingerprints. (blob_cmp_fpr): Ditto. (blob_cmp_fpr_part): Ditto. (has_fingerprint): Add arg fprlen and pass on. (keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for changed has_fingerprint. * kbx/keybox-openpgp.c (parse_key): Support version 5 keys. * kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2. * g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32. * g10/export.c (exact_subkey_match_p): Ditto. * g10/gpg.c (main): Ditto. * g10/getkey.c (get_pubkey_byfprint): Adjust for changed KEYDB_SEARCH_MODE_FPR. * g10/keydb.c (keydb_search_desc_dump): Support KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR. (keydb_search): Add new arg fprlen and change all callers. * g10/keyedit.c (find_by_primary_fpr): Ditto. * g10/keyid.c (keystr_from_desc): Ditto. * g10/keyring.c (keyring_search): Ditto. * g10/keyserver.c (print_keyrec): Ditto. (parse_keyrec): Ditto. (keyserver_export): Ditto. (keyserver_retrieval_screener): Ditto. (keyserver_import): Ditto. (keyserver_import_fprint): Ditto. (keyidlist): Ditto. (keyserver_get_chunk): Ditto. * g10/keydb.c (keydb_search): Add new arg fprlen and change all callers. * sm/keydb.c (keydb_search_fpr): Adjust for changed KEYDB_SEARCH_MODE_FPR. -- This prepares the support for OpenPGP v5 keys. The new version 2 blob format is needed for the longer fingerprints and we also use this opportunity to prepare for storing the keygrip in the blob for faster lookup by keygrip. Right now this is not yet functional. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-03-14 11:26:54 +01:00
Werner Koch	e7252ae57f	gpg: In search-keys return "Not found" instead of "No Data". * g10/keyserver.c (keyserver_search): Check for NO_DATA. -- GnuPG-bug-id: 3830 Signed-off-by: Werner Koch <wk@gnupg.org>	2018-12-11 12:29:58 +01:00
Werner Koch	6b9f772914	common: Prepare for parsing mail sub-addresses. * common/mbox-util.c (mailbox_from_userid): Add arg subaddress and implement. Change all callers to pass false for it. * common/t-mbox-util.c (run_mbox_no_sub_test): New. (run_filter): Add arg no_sub. (main): Call new test and add option --no-sub. -- Some stats: In the about 5300000 keys on the SKS servers we found 3055 unique mailboxes with a '+' in it. After removing leading and trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz") 2697 were left which seem to be valid sub-addresses. To filter mailboxes out from a line delimited list with user-ids (e.g. an SQL output), the command t-mbox-util --verbose --filter can be used; to output w/o sub-addresses add --no-sub. GnuPG-bug-id: 4200 Signed-off-by: Werner Koch <wk@gnupg.org>	2018-11-12 07:44:33 +01:00
Werner Koch	87b5421ca8	gpg: Extend --key-origin to take an optional URL arg. * g10/getkey.c (parse_key_origin): Parse appended URL. * g10/options.h (struct opt): Add field 'key_origin_url'. * g10/gpg.c (main) <aImport>: Pass that option to import_keys. * g10/import.c (apply_meta_data): Extend for file and url. * g10/keyserver.c (keyserver_fetch): Pass the url to import_keys_es_stream. -- Example: gpg --key-origin url,myscheme://bla --import FILE Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 21:10:58 +02:00
Werner Koch	2ca0381d07	gpg: Store key origin info for new keys from a keyserver * g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was done by fingerprint. * g10/import.c (apply_meta_data): Implement that. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 20:47:41 +02:00
Werner Koch	e7068bf92e	gpg: Store key origin info for new DANE and WKD retrieved keys. * g10/import.c (apply_meta_data): Remove arg 'merge'. Add arg 'url'. Implement WKD and DANE key origin. (import_keys_internal): Add arg 'url' and change all callers. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. * g10/keylist.c (list_keyblock_print): Fix update URL printing. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return the SOURCE. Pass ks_status_cb to assuan_transact. * g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to the import function. -- Note that this only for new keys. Merging this info will be added soon. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 20:09:52 +02:00
Werner Koch	f6f0dd4d5e	gpg: Filter keys received via DANE * g10/keyserver.c (keyserver_import_cert): Use an import filter in DANE mode. -- We only want to see the user ids requested via DANE and not any additional ids. This filter enables this in the same way we do this in WKD. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 20:09:52 +02:00
Werner Koch	330212efb9	gpg: Pass key origin values to import functions. * g10/import.c (import_keys_stream): Remove this unused function. (import_keys_internal): Add arg origin. (import_keys): Ditto. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. (apply_meta_data): New stub. (import_secret_one): Pass 0 for ORIGIN. * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN. (keyserver_fetch): Add arg origin. (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN. (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN. * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and keyserver_fetch. * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN. -- This is just the framework; applying the meta data will be done in another commit. GnuPG-bug-id: 3252 Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-13 18:29:01 +02:00
Werner Koch	8f2671d2cc	gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-03-31 20:07:20 +02:00
Justus Winter	2649fdfff5	g10: Move more flags into the flag bitfield. * g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and 'is_expired' into the flags bitfield, and drop the prefix. * g10/call-dirmngr.c: Adapt accordingly. * g10/export.c: Likewise. * g10/getkey.c: Likewise. * g10/import.c: Likewise. * g10/kbnode.c: Likewise. * g10/keyedit.c: Likewise. * g10/keylist.c: Likewise. * g10/keyserver.c: Likewise. * g10/mainproc.c: Likewise. * g10/pkclist.c: Likewise. * g10/pubkey-enc.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. -- This patch has been created by applying the following semantic patch: @@ expression E; @@ -E->is_expired +E->flags.expired @@ expression E; @@ -E->is_primary +E->flags.primary @@ expression E; @@ -E->is_revoked +E->flags.revoked Signed-off-by: Justus Winter <justus@g10code.com>	2017-03-08 13:31:10 +01:00
NIIBE Yutaka	70aca95d68	Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2017-03-07 20:25:54 +09:00
Werner Koch	86efc3ee53	gpg: Let only Dirmngr decide whether CERT is supported. * g10/getkey.c (parse_auto_key_locate): Do not build parts depending on USE_DNS_CERT. -- This also removes USE_DNS_SRV from commented code. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-12-01 16:40:32 +01:00
Werner Koch	4d7dc432b5	Change all http://www.gnu.org in license notices to https:// --	2016-11-05 12:02:19 +01:00
Werner Koch	a15ed5a1fd	gpg: Convey --quick option to dirmngr for --auto-key-retrieve. * g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'. (gpg_dirmngr_wkd_get): Ditto. * g10/keyserver.c (keyserver_get): Add arg 'quick'. (keyserver_get_chunk): Add arg 'quick'. (keyserver_import_fprint): Ditto. Change callers to pass 0 for it. (keyserver_import_keyid): Ditto. (keyserver_import_wkd): Ditto. * g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with QUICK set. -- Note that this option has not yet been implemented by dirmngr. Dirmngr will simply ignore it for now. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-10-27 09:06:10 +02:00
Werner Koch	cbf2ac6669	gpg: Improve WKD by importing only the requested UID. * g10/keyserver.c: Include mbox-util.h. (keyserver_import_wkd): Do not use the global import options but employ an import filter. -- We also make sure that an mbox has been passed to keyserver_import_wkd so it may also be called with a complete user id (which is currently not the case). Signed-off-by: Werner Koch <wk@gnupg.org>	2016-09-28 15:35:31 +02:00
Justus Winter	78aeb236fe	g10: Fix memory leak. * g10/keyserver.c (parse_keyserver_uri): Free URI. Signed-off-by: Justus Winter <justus@g10code.com>	2016-07-01 14:16:18 +02:00
Werner Koch	5ddccf4fc6	doc: Consistently use 'keyserver'. -- GnuPG-bug-id: 2383 Signed-off-by: Werner Koch <wk@gnupg.org>	2016-06-14 09:06:44 +02:00
Werner Koch	027c4e5552	gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>	2016-05-21 11:41:49 +02:00
Werner Koch	64bfeafa52	gpg: Remove all assert.h and s/assert/log_assert/. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-04-29 11:05:24 +02:00
Werner Koch	87de9e19ed	gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for Joe.Doe@Example.ORG is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address wk@gnupg.org can be used for testing. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-04-27 08:34:29 +02:00
Werner Koch	09117e769a	gpg: Make --auto-key-retrieve work with dirmngr configured server. * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional. * g10/keyserver.c (keyserver_any_configured): New. (keyserver_put): Remove arg keyserver because this will always receive opt.keyserver which is anyway used when connecting dirmngr. Do not check opt.keyserver. (keyserver_import_cert): Replace opt.keyserver by keyserver_any_configured. * g10/mainproc.c (check_sig_and_print): Ditto. * g10/import.c (revocation_present): Ditto. * g10/getkey.c (get_pubkey_byname): Ditto. * g10/gpgv.c (keyserver_any_configured): Add stub. * g10/test-stubs.c (keyserver_any_configured): Add stub. -- The keyserver should be configured in dirmngr.conf and thus we can't use opt.keyserver in gpg to decide whether a keyserver has been configured. GnuPG-bug-id: 2147 Signed-off-by: Werner Koch <wk@gnupg.org>	2016-01-21 11:49:27 +01:00
Werner Koch	437965e562	Use ngettext for some strings. * scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for some diagnostics. (do_genkey): Ditto. * g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto. * g10/keylist.c (print_signature_stats): Ditto. * g10/keyserver.c (keyserver_refresh): Ditto. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/sign.c (do_sign): Ditto. * g10/trustdb.c (reset_trust_records): Ditto. (validate_keys): Use a table like diagnostic output. -- Suggested-by: Ineiev <ineiev@gnu.org> Signed-off-by: Werner Koch <wk@gnupg.org>	2016-01-18 11:20:15 +01:00
Werner Koch	4d3395ef1f	gpg: Use a regular type instead of a void* for import stats. * g10/import.c (struct stats_s): Rename to import_stats_s. Change all users. * g10/main.h (import_stats_t): New. Change fucntions to use this instead of a void pointer. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-12-12 18:19:35 +01:00
Werner Koch	50a568e738	gpg: Make keyidlist more robust in case of errors. * g10/keyserver.c (keyidlist): Clear *KLIST on error. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-12-03 12:19:30 +01:00
Werner Koch	a28ac99efe	gpg: Take care of keydb_new returning NULL. * g10/keydb.c (keydb_new): Print an error message if needed. Also use xtrycalloc because we return an error anyway. * g10/delkey.c (do_delete_key): Handle error retruned by keydb_new. * g10/export.c (do_export_stream): Ditto. * g10/getkey.c (get_pubkey): Ditto. (get_pubkey_fast): Ditto. (get_pubkeyblock): Ditto. (get_seckey): Ditto. (key_byname): Ditto. (get_pubkey_byfprint): Ditto. (get_pubkey_byfprint_fast): Ditto. (parse_def_secret_key): Ditto. (have_secret_key_with_kid): Ditto. * g10/import.c (import_one): Ditto. (import_revoke_cert): Ditto. * g10/keyedit.c (keyedit_quick_adduid): Ditto. * g10/keygen.c (quick_generate_keypair): Ditto. (do_generate_keypair): Ditto. * g10/trustdb.c (validate_keys): Ditto. * g10/keyserver.c (keyidlist): Ditto. * g10/revoke.c (gen_desig_revoke): Ditto. (gen_revoke): Ditto. * g10/gpg.c (check_user_ids): Ditto. (main): Do not print an error message for keydb_new error. * g10/keylist.c (list_all): Use actual error code returned by keydb_new. * g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error. * g10/t-keydb.c (do_test): Ditto. * g10/keyring.c (keyring_new): Actually return an error so that the existing keydb_new error checking makes sense for a keyring resource. (keyring_rebuild_cache): Take care of keyring_new returning an error. -- Commit `04a6b903` changed keydb_new to return an error. However the error was not checked at most places which we fix with this patch. To make things easier keydb_new prints an error message itself. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-12-03 12:18:32 +01:00
Neal H. Walfield	58e4a492e2	gpg: Change keydb_search to not return legacy keys. * g10/keyring.c (keyring_search): Take new argument, ignore_legacy. If set, skip any legacy keys. Update callers. * g10/keydb.c (keydb_search): Skip any legacy keys. (keydb_search_first): Don't skip legacy keys. Treat them as an error. (keydb_search_next): Likewise. (keydb_search_fpr): Likewise. * g10/export.c (do_export_stream): Likewise. * g10/getkey.c (lookup): Likewise. (have_secret_key_with_kid): Likewise. * g10/keylist.c (list_all): Likewise. (keyring_rebuild_cache): Likewise. * g10/keyserver.c (keyidlist): Likewise. * g10/trustdb.c (validate_key_list): Likewise. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>	2015-11-17 14:53:05 +01:00
Werner Koch	e3c48335f9	gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-11-12 16:44:00 +01:00
Werner Koch	41bb01ae79	Move SRV RR code from common/ to dirmngr/. * common/srv.c: Merge into dirmngr/dns-stuff.c. Delete file. * common/srv.h: Merge into dirmngr/dns-stuff.h. Delete file. * common/Makefile.am (common_sources): Remove srv.c and srv.h. * g10/keyserver.c: Do not include srv.h. The code using it is anyway disabled. * dirmngr/http.c: Remove header srv.h and stubs. * dirmngr/t-dns-stuff.c: Add option --srv. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-10-22 09:22:41 +02:00
Werner Koch	9ac31f91b1	gpg: Add new --auto-key-locate mechanism "dane". * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE. * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode". * g10/options.h (AKL_DANE): New. * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE. (parse_auto_key_locate): Ditto. -- To test this use gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org Signed-off-by: Werner Koch <wk@gnupg.org>	2015-10-06 20:31:43 +02:00
Werner Koch	ae471fa978	gpg: Deprecate the --keyserver option. * g10/keyserver.c (keyserver_refresh): Change return type to gpg_error_t. Use gpg_dirmngr_ks_list to print the name of the keyserver to use. (keyserver_search): Do not print the "no keyserver" error message. The same error is anyway returned from dirmngr. * g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword". (ks_status_cb): Handle other status keywords. (gpg_dirmngr_ks_list): New. * tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver". (gc_options_dirmngr): Add "Keyserver" group and "keyserver". -- Along with the corresponding dirmngr change this option allows to configure the keyserver only in dirmngr.conf. Existing configurations will continue to work. However, GUIs using gpgconf now the keyserver option under the dirmngr (aka Key Acquirer) tab unless they are in export mode in which the keyserver option is also show for gpg. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-10-05 17:52:28 +02:00
Werner Koch	154f3ed2bf	gpg: Move all DNS access to Dirmngr. * common/dns-cert.h: Move to ../dirmngr/. * common/dns-cert.c: Move to ../dirmngr/. Change args to return the key as a buffer. * common/t-dns-cert.c: Move to ../dirmngr/. * common/pka.c, common/pka.h, common/t-pka.c: Remove. * dirmngr/server.c (data_line_cookie_write): Factor code out to data_line_write and make it a wrapper for that. (data_line_write): New. (cmd_dns_cert): New. (register_commands): Register new command. * g10/Makefile.am (LDADD): Remove DNSLIBS. * g10/call-dirmngr.c (dns_cert_parm_s): New. (dns_cert_data_cb, dns_cert_status_cb): New. (gpg_dirmngr_dns_cert): New. (gpg_dirmngr_get_pka): New. * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function. * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by gpg_dirmngr_dns_cert. (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka. * g10/mainproc.c: Include call-dirmngr.h. (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by gpg_dirmngr_get_pka. -- With this patch gpg does not do any network access itself but uses dirmngr for that. Note that we need to keep linking to NETLIBS due to the logging code and because we need TCP for our socket emulation under Windows. Probably also required for Solaris etc. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-04-23 15:52:39 +02:00
Werner Koch	c4d98734c5	gpg: Make keyserver-option http_proxy work. * g10/options.h (opt): Add field keyserver_options.http_proxy. * g10/keyserver.c (warn_kshelper_option): Add arg noisy. (parse_keyserver_options): Parse into new http_proxy field. * g10/call-dirmngr.c (create_context): Send the http-proxy option.	2015-04-21 19:29:53 +02:00
Werner Koch	ae0d65f864	gpg: Make preferred keyservers work. * g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done. (create_context): Move keyserver setting to ... (open_context): here. (clear_context_flags): New. (gpg_dirmngr_ks_get): Add arg override_keyserver. * g10/keyserver.c (keyserver_refresh): Improve diagnostics. (keyserver_get_chunk): Ditto. Pass OVERRIDE_KEYSERVER to ks_get. -- It used to ignore the given server but showed a diagnostics that it will be used.	2015-04-21 15:36:30 +02:00
Werner Koch	da1990bac7	gpg: Update sub-options of --keyserver-options * g10/options.h (KEYSERVER_HTTP_PROXY): New. (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove. (KEYSERVER_TIMEOUT): New. * common/keyserver.h (KEYSERVER_TIMEOUT): Remove. * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files" and "keep-temp-files". Add "http-proxy" and "timeout". (parse_keyserver_options): Remove 1.2 compatibility option "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files" code. -- Note that many of these options where implicitly used by passing any unknown option down to the former keyserver helpers. The don't exist anymore thus we need to make them explicit. Another patch will convey them to dirmngr. Temp files are not anymore used thus they can be removed and will be ignored when used. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-04-21 10:15:04 +02:00
Werner Koch	91baea2dcd	gpg: Fix memory leak due to PKA lookup. * g10/keyserver.c (keyserver_import_pka): Move the xfree.	2015-02-26 18:01:13 +01:00
Werner Koch	2fc27c8696	gpg: Switch to a hash and CERT record based PKA system. * common/dns-cert.c (get_dns_cert): Make r_key optional. * common/pka.c: Rewrite for the new hash based lookup. * common/t-pka.c: New. * configure.ac: Remove option --disable-dns-pka. (USE_DNS_PKA): Remove ac_define. * g10/getkey.c (parse_auto_key_locate): Always include PKA. -- Note that although PKA is now always build, it will only work if support for looking up via DNS has not been disabled. The new PKA only works with the IPGP DNS certtype and shall be used only to retrieve the fingerprint and optional the key for the first time. Due to the security problems with DNSSEC the former assumption to validate the key using DNSSEC is not anymore justified. Instead an additional layer (e.g. Trust-On-First-Use) needs to be implemented to track change to the key. Having a solid way of getting a key matching a mail address is however a must have. More work needs to go into a redefinition of the --verify-options pka-lookups and pka-trust-increase. The auto-key-locate mechanism should also be able to continue key fetching with another methods once the fingerprint has been retrieved with PKA. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-02-25 16:34:19 +01:00
Werner Koch	af60152a46	common: Allow requesting a specific certtype with get_dns_cert() * common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all callers. (CERTTYPE_): Move constants to ... * common/dns-cert.h: here as DNS_CERTTYPE_. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-02-25 12:03:21 +01:00
Werner Koch	d2a70fd834	gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-02-19 17:22:27 +01:00
Werner Koch	09e8f35d38	gpg: Improve skipping of PGP-2 keys. * g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy keys. * g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY. (prepare_search): Ditto. (keyring_rebuild_cache): Skip legacy keys. * g10/keyserver.c (keyidlist): Ditto. * g10/trustdb.c (validate_key_list): Ditto. -- This is not the most elegant way to handle it but it reduces the chance for unwanted side effects. GnuPG-bug-id: 1816 Signed-off-by: Werner Koch <wk@gnupg.org>	2015-01-22 16:36:28 +01:00

1 2 3

128 Commits