1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Commit Graph

778 Commits

Author SHA1 Message Date
Werner Koch
96dc146fa1 Avoid possible double free in export.c.
* g10/export.c (transfer_format_to_openpgp): Avoid possible double
  free of LIST.  Reported by NIIBE Yutaka.
2011-12-02 17:04:58 +01:00
Werner Koch
2336b09779 Generate the ChangeLog from commit logs.
* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.

Rename all ChangeLog files to ChangeLog-2011.
2011-12-01 11:09:02 +01:00
Werner Koch
31f548a18a Rewrite dns-cert.c to not use the gpg-only iobuf stuff.
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert.  Remove MAX_SIZE arg.  Change
iobuf arg to a estream-t.  Rewrite function to make use of estream
instead of iobuf.  Require all parameters.  Return an gpg_error_t
error instead of the type.  Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
2011-11-30 17:34:49 +01:00
Werner Koch
f95cb909ba Increase the default buffer size for DNS certificates.
* common/t-dns-cert.c (main): Increase MAX_SIZE to 64k.
* g10/keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k.
2011-11-30 17:34:49 +01:00
Werner Koch
ea9df94ec8 Don't print anonymous recipient messages in quiet mode.
This is bug#1378.
2011-11-22 15:30:26 +01:00
Werner Koch
958f29d225 Allow creating subkeys using an existing key
This works by specifying the keygrip instead of an algorithm (section
number 13) and requires that the option -expert has been used.  It
will be easy to extend this to the primary key.
2011-11-06 17:01:31 +01:00
Werner Koch
ed8e267859 Add a flag parameter to dotlock_create.
This allows us to extend this function in the future.
2011-09-28 15:41:58 +02:00
Werner Koch
b73ae3ca36 Renamed the lock functions.
Also cleaned up the dotlock code for easier readability.
2011-09-23 14:43:58 +02:00
Werner Koch
6cf8890dc1 Allow NULL for free_public_key. 2011-09-20 19:24:52 +02:00
Jim Meyering
b8b4d5c9e5 avoid use of freed pointer
Without this patch, pk2 would be freed twice.

>From 2a18a4b757e0896e738fefbbaa8ff8c23a9edf89 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Tue, 20 Sep 2011 16:20:39 +0200
Subject: [PATCH] avoid use of freed pointer

If we free pk2 at the top of the for-loop, set it to NULL
so that we don't free it again just before returning.
* revoke.c (gen_desig_revoke): Don't use pk2 after freeing it.
2011-09-20 18:12:07 +02:00
Werner Koch
7c000f18de Replace gcry_md_start_debug by gcry_md_debug.
This is to allow building with Libgcrypt master (1.6) which has some
cleanups in the API/ABI.
2011-09-20 09:54:27 +02:00
Werner Koch
816bee1fa0 Fixed set but unused variable bugs 2011-08-10 14:11:30 +02:00
Werner Koch
fe8619d29c Do not print read-only trustdb warning with --quiet.
This is only a warning and gpg would anyway print an error message if
it tries to write to the trustdb.
2011-07-29 09:58:34 +02:00
Werner Koch
a74d5e3550 Print decoded S2K count in --list-packets mode.
Fixes bug#1355.
2011-07-18 10:57:33 +02:00
Werner Koch
37228cfa05 Allow generation of card keys up to 4096 bit.
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.

Note: the card key generation in gpg is currently broken.  The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card.  We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card.  Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.
2011-06-16 14:27:33 +02:00
Werner Koch
328ac58962 Fix for latest fix in Libgcrypt. 2011-06-13 14:54:40 +02:00
Marcus Brinkmann
1c684df5b8 Fix size_t vs int issues. 2011-06-01 21:43:30 +02:00
Werner Koch
c36deeea8b Merge branch 'wk-gpg-keybox' 2011-04-29 15:10:36 +02:00
Werner Koch
afe5c1a370 Re-indentation of keydb.c and error code changes.
Returning -1 as an error code is not very clean given that gpg error
has more descriptive error codes.  Thus we now return
GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.
2011-04-29 15:07:11 +02:00
Marcus Brinkmann
10cccd45af Fix import stat counter and abort secret key import on merge-only error case. 2011-04-29 12:02:46 +02:00
Marcus Brinkmann
a286e95f3a Give sensible error messages when trying to delete secret key. 2011-04-29 12:01:52 +02:00
Werner Koch
25f292ed89 Removed memory leak in the ECDH code. 2011-04-28 10:51:14 +02:00
Werner Koch
817f07173c Fixed regression in OpenPGP secret key export.
The protection used in the exported key used a different iteration
count than given in the S2K field.  Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again.  Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
2011-04-26 20:39:09 +02:00
Werner Koch
5da12674ea Fix regression in gpg's mail address parsing.
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'.  This happened when I merged the user id
classification code of gpgsm and gpg.
2011-04-25 23:59:25 +02:00
Marcus Brinkmann
dd491d290a 2011-04-20 Marcus Brinkmann <mb@g10code.com>
* keylist.c (list_keyblock_colon): Use get_ownertrust_info, not
        get_ownertrust (which lead to binary zeroes in the output!).
2011-04-20 22:41:22 +02:00
Werner Koch
4206a2bd48 Detect premature EOF while parsing corrupted key packets.
This helps in the case of an unknown key algorithm with a corrupted
packet which claims a longer packet length.  This used to allocate the
announced packet length and then tried to fill it up without detecting
an EOF, thus taking quite some time.  IT is easy to fix, thus we do
it.  However, there are many other ways to force gpg to use large
amount of resources; thus as before it is strongly suggested that the
sysadm uses ulimit do assign suitable resource limits to the gpg
process.  Suggested by Timo Schulz.
2011-03-28 11:08:03 +02:00
Werner Koch
b9bcc77d6c Make use of gcry_kdf_derive.
Factoring common code out is always a Good Thing.  Also added a
configure test to print an error if gcry_kdf_derive is missing in
Libgcrypt.
2011-03-10 18:39:34 +01:00
Werner Koch
327af90594 Require libgcrypt 1.5
Without Libgcrypt 1.5 is was not possible to use ECC keys.  ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.

Also fixed a few missing prototypes.
2011-03-08 12:23:59 +01:00
Werner Koch
35205e1300 Print the secret keyinfo stuff with --card-status again. 2011-03-03 16:16:24 +01:00
Werner Koch
aeb324273a Minor code cleanups.
* keyid.c (hash_public_key): Remove shadowing NBITS.

	* misc.c (pubkey_nbits): Replace GCRY_PK_ by PUBKEY_ALGO_.
	(get_signature_count): Remove warning.
2011-03-03 13:01:03 +01:00
Werner Koch
ea41f5b4c1 Fix faulty gcc warnings 2011-03-03 12:40:54 +01:00
Werner Koch
1c09def22d Fix usage of SHA-2 algorithm with OpenPGP cards.
This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm.  The hash algorithm
is used by app-openpgp.c only for a sanity check.
2011-03-02 15:35:10 +01:00
Werner Koch
d290f2914a Add ECC import regression tests and fixed a regression.
The import test imports the keys as needed and because they are
passphrase protected we now need a pinentry script to convey the
passphrase to gpg-agent.
2011-02-10 20:45:37 +01:00
Werner Koch
ba23e88faa Replace printf by es_printf in keyserver.c
This is similar to the change in keylist.c and elsewhere.
2011-02-09 19:46:00 +01:00
Werner Koch
2c79a2832c Add finger support to dirmngr.
The basic network code from http.c is used for finger.  This keeps the
network related code at one place and we are able to use the somewhat
matured code form http.c.  Unfortunately I had to enhance the http
code for more robustness and probably introduced new bugs.

Test this code using

  gpg --fetch-key finger:wk@g10code.com

(I might be the last user of finger ;-)
2011-02-08 21:11:19 +01:00
Werner Koch
8a7336e0bf Fix ECDSA 521 bit signing.
This fix also allows the creation and use of an 521 bit ECDH key which
used to fail while creating the binding signature.
2011-02-07 14:38:39 +01:00
Werner Koch
b008274afd Nuked almost all trailing white space.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Werner Koch
cd9614b81b Removed deprecated SIGEXPIRED status line. 2011-02-04 10:28:28 +01:00
Werner Koch
9f38f3918a Fix test for gcry_pk_get_curve.
Add a compatibility fixes for the non-curve case.
Remove -lber from the dirmngr link line.
2011-02-03 22:04:31 +01:00
Werner Koch
5667e33290 Add a DECRYPTION_INFO status.
DECRYPTION_INFO <mdc_method> <sym_algo>
        Print information about the symmetric encryption algorithm and
        the MDC method.  This will be emitted even if the decryption
        fails.
2011-02-03 20:59:01 +01:00
Werner Koch
71e7a1644e Relax mailbox name checking. Fixes bug#1315. 2011-02-03 18:05:56 +01:00
Werner Koch
d9e2dcc1a9 Extend algo selection menu.
This allows to add an ECC key and to set the capabilities of an ECDSA
key.

Fix printing of the ECC algorithm when creating a signature.
2011-02-03 17:40:43 +01:00
Werner Koch
0b5bcb40cf Finished ECC integration.
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week.  Adjusted my own ChangeLog
entries to be consistent with that entry.

Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future.  "git diff -b" is useful
to read the actual changes ;-).

The ECC-INTEGRATION-2-1 branch can be closed now.
2011-02-03 16:35:33 +01:00
Werner Koch
20f429f735 Compute the fingerprint for ECDH only on demand.
This also fixes a failed assertion when using a v3 key where the
fingerprint size is not 20.
2011-02-02 17:40:32 +01:00
Werner Koch
4659c923a0 Sample ECC keys and message do now work.
Import and export of secret keys does now work.  Encryption has been
fixed to be compatible with the sample messages.

This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
2011-02-02 15:48:54 +01:00
Werner Koch
e0d4139e19 Move OpenPGP OID helpers to common/.
This is needed so that the agent will be able to export and import
OpenPGP secret keys.  Add test case.

Removed unused function.
2011-01-31 18:19:14 +01:00
Werner Koch
328a642aa5 Fixed the ECC interface to Libgcrypt to be ABI compatible with the previous version.
Quite some changes were needed but in the end we have less code than
before.  Instead of trying to do everything with MPIs and pass them
back and forth between Libgcrypt and GnuPG, we know use the
S-expression based interface and make heavy use of our opaque MPI
feature.

Encryption, decryption, signing and verification work with
self-generared keys.

Import and export does not yet work; thus it was not possible to check
the test keys at https://sites.google.com/site/brainhub/pgpecckeys .
2011-01-31 15:44:24 +01:00
Werner Koch
0fb0bb8d9a Reworked the ECC changes to better fit into the Libgcrypt API.
See ChangeLog for details.  Key generation, signing and verification works.
Encryption does not yet work.  Requires latest Libgcrypt changes.
2011-01-31 09:27:06 +01:00
Werner Koch
358afc0dc8 Function name cleanups
Also nuked some trailing spaces.
2011-01-26 17:17:43 +01:00
Werner Koch
d879c287ac Started with some code cleanups in ECDH.
The goal is to have the ECDH code more uniform with the other
algorithms.  Also make error messages and variable names more similar
to other places.
2011-01-25 20:28:25 +01:00