1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

3893 Commits

Author SHA1 Message Date
Werner Koch
7d68c6b0ec Add question "What are DH/DSS keys?"
... and the answer of course.
2011-06-27 15:56:47 +02:00
Werner Koch
37228cfa05 Allow generation of card keys up to 4096 bit.
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.

Note: the card key generation in gpg is currently broken.  The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card.  We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card.  Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.
2011-06-16 14:27:33 +02:00
Werner Koch
328ac58962 Fix for latest fix in Libgcrypt. 2011-06-13 14:54:40 +02:00
Werner Koch
070df4ea58 Revert latest po add-line-number patch.
To avoid this in the future, everyone should really use the clean-po
filter as installed with ./autogen.sh .  Thanks.
2011-06-13 14:49:37 +02:00
Marcus Brinkmann
1c684df5b8 Fix size_t vs int issues. 2011-06-01 21:43:30 +02:00
Marcus Brinkmann
9cb6557121 po 2011-06-01 15:47:41 +02:00
Marcus Brinkmann
35491a1793 dd 2011-06-01 15:45:24 +02:00
Marcus Brinkmann
bb0de520c1 Add missing LIBGCRYPT_CFLAGS for dirmngr_ldap. 2011-06-01 15:44:52 +02:00
Marcus Brinkmann
3a686a11d3 Add LIBICONV to LDFLAGS. 2011-06-01 15:43:22 +02:00
Werner Koch
79d59e8c09 Merge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg 2011-05-20 10:30:36 +02:00
Werner Koch
d679b4d642 Require libgpg-error 1.10
This allows to remove some error code substitutes.
Fixed a typo in gpg.text.
2011-05-20 10:27:50 +02:00
Marcus Brinkmann
de7cfc0c9b Merge dirmgr cs.po into gnupg cs.po. 2011-05-12 01:34:04 +02:00
Werner Koch
f8285f9b00 Add fixme note regarding pth_kill 2011-04-29 16:44:28 +02:00
Werner Koch
c36deeea8b Merge branch 'wk-gpg-keybox' 2011-04-29 15:10:36 +02:00
Werner Koch
afe5c1a370 Re-indentation of keydb.c and error code changes.
Returning -1 as an error code is not very clean given that gpg error
has more descriptive error codes.  Thus we now return
GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.
2011-04-29 15:07:11 +02:00
Marcus Brinkmann
10cccd45af Fix import stat counter and abort secret key import on merge-only error case. 2011-04-29 12:02:46 +02:00
Marcus Brinkmann
a286e95f3a Give sensible error messages when trying to delete secret key. 2011-04-29 12:01:52 +02:00
Werner Koch
740629de00 Update OpenPGP parser to support ECC 2011-04-28 20:21:14 +02:00
Werner Koch
25f292ed89 Removed memory leak in the ECDH code. 2011-04-28 10:51:14 +02:00
Werner Koch
817f07173c Fixed regression in OpenPGP secret key export.
The protection used in the exported key used a different iteration
count than given in the S2K field.  Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again.  Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.
2011-04-26 20:39:09 +02:00
Werner Koch
5da12674ea Fix regression in gpg's mail address parsing.
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'.  This happened when I merged the user id
classification code of gpgsm and gpg.
2011-04-25 23:59:25 +02:00
Werner Koch
4caa768f1d Add OPTION:cache-ttl-opt-preset to gpg-agent.
This option may be used to change the default ttl values use with the
--preset option of GENKEY and PASSWD.
2011-04-21 15:40:48 +02:00
Marcus Brinkmann
dd491d290a 2011-04-20 Marcus Brinkmann <mb@g10code.com>
* keylist.c (list_keyblock_colon): Use get_ownertrust_info, not
        get_ownertrust (which lead to binary zeroes in the output!).
2011-04-20 22:41:22 +02:00
Marcus Brinkmann
70b871abbc Fix gpg-agent secure memory leak in OpenPGP private key import.
2011-04-20  Marcus Brinkmann  <mb@g10code.com>

        * command.c (cmd_import_key): Release key from failed import
        before converting openpgp private key in the openpgp-private-key
        case.
2011-04-20 11:33:09 +02:00
Ben Kibbey
b5f585f7d7 Another PASSWD --preset fix.
Check for an error before presetting the passphrase.
2011-04-18 10:20:36 +02:00
Ben Kibbey
b3c71eb26b Fixed PASSWD --preset.
The previous patch required that the keygrip be cached before adding the
new passphrase to the cache. No more.
2011-04-13 14:15:21 +02:00
Werner Koch
f8c5395fbd Use macros for the 120 and 900s cache TTLs. 2011-04-12 18:20:46 +02:00
Ben Kibbey
a9edbfb3a3 Added PASSWD --preset. 2011-04-12 18:04:53 +02:00
Ben Kibbey
944bf8f5b5 Added GENKEY --preset to add the passphrase of the generated key to the cache. 2011-04-12 18:00:59 +02:00
Ben Kibbey
893b455a3d Added KEYINFO field to show the protection type of a key. This differs from the second field which shows the location of the key. 2011-04-12 17:59:27 +02:00
Werner Koch
f1e9f510ec Add code for explicit selection of pooled A records.
To better cope with round robin pooled A records like keys.gnupg.net
we need to keep some information on unresponsive hosts etc.  What we
do now is to resolve the hostnames, remember them and select a random
one.  If a host is dead it will be marked and a different one
selected.  This is intended to solve the problem of long timeouts due
to unresponsive hosts.

The code is not yet finished but selection works.
2011-04-12 16:30:08 +02:00
Werner Koch
4206a2bd48 Detect premature EOF while parsing corrupted key packets.
This helps in the case of an unknown key algorithm with a corrupted
packet which claims a longer packet length.  This used to allocate the
announced packet length and then tried to fill it up without detecting
an EOF, thus taking quite some time.  IT is easy to fix, thus we do
it.  However, there are many other ways to force gpg to use large
amount of resources; thus as before it is strongly suggested that the
sysadm uses ulimit do assign suitable resource limits to the gpg
process.  Suggested by Timo Schulz.
2011-03-28 11:08:03 +02:00
Werner Koch
b9bcc77d6c Make use of gcry_kdf_derive.
Factoring common code out is always a Good Thing.  Also added a
configure test to print an error if gcry_kdf_derive is missing in
Libgcrypt.
2011-03-10 18:39:34 +01:00
Werner Koch
35c731d889 Support pkcs#12 import of PBES2 encoded data.
This is so that we read compatible with gnutls's certtool.  Only
AES-128 is supported.  The latest Libgcrypt from git is required.

Fixes bug#1321.
2011-03-10 15:30:40 +01:00
Werner Koch
87a6a1c3fe Post beta release updates 2011-03-08 14:00:04 +01:00
Werner Koch
444f2fe1cd Prepare for 1.5.0beta2 2011-03-08 12:56:45 +01:00
Werner Koch
327af90594 Require libgcrypt 1.5
Without Libgcrypt 1.5 is was not possible to use ECC keys.  ECC is
major new feature and thus it does not make sense to allow building
with an older Libgcrypt without supporting ECC.

Also fixed a few missing prototypes.
2011-03-08 12:23:59 +01:00
Ben Kibbey
3582e2efa4 Added option --inquire to PRESET_PASSPHRASE. Note that the inquired passphrase will be truncated to the first encountered null byte. 2011-03-04 09:39:39 +01:00
Werner Koch
b786f0e12b New agent option pinentry-mode.
This provides the framework and implements the ask, cancel and error.
loopback will be implemented later.
2011-03-03 18:35:08 +01:00
Werner Koch
35205e1300 Print the secret keyinfo stuff with --card-status again. 2011-03-03 16:16:24 +01:00
Werner Koch
aeb324273a Minor code cleanups.
* keyid.c (hash_public_key): Remove shadowing NBITS.

	* misc.c (pubkey_nbits): Replace GCRY_PK_ by PUBKEY_ALGO_.
	(get_signature_count): Remove warning.
2011-03-03 13:01:03 +01:00
Werner Koch
ea41f5b4c1 Fix faulty gcc warnings 2011-03-03 12:40:54 +01:00
Werner Koch
892793888e Simplify the management of the stream list in estream.c 2011-03-03 11:51:04 +01:00
NIIBE Yutaka
682da55aa9 fix wLangId in ccid-driver.c
This is not a part of pin pad support series of mine.

As I found the bug while I am preparing the patches, I report this.

As CCID protocol is little endian, wLangId of US English = 0x0409
is represented as two bytes of 0x09 then 0x04.

It is really confusing that the code like following is floating
around:
	pin_verify -> wLangId = HOST_TO_CCID_16(0x0904);

But, it is 0x0409 (not 0x0904).  It is defined in the documentation:

    http://www.usb.org/developers/docs/USB_LANGIDs.pdf

and origin of this table is Microsoft.  We can see it at:

    http://msdn.microsoft.com/en-us/library/bb165625%28VS.80%29.aspx

Yes, it would be better not to hard-code 0x0409.  It would be better
to try current locale of the user, or to use the first entry of string
descriptor.  I don't have time to implement such a thing...
2011-03-02 16:52:27 +01:00
Werner Koch
1c09def22d Fix usage of SHA-2 algorithm with OpenPGP cards.
This was a regression in 2.1 introduced due to having the agent do the
signing in contrast to the old "SCD PKSIGN" command which accesses the
scdaemon directly and passed the hash algorithm.  The hash algorithm
is used by app-openpgp.c only for a sanity check.
2011-03-02 15:35:10 +01:00
Werner Koch
b7f74f5b46 Add comment to last patch. 2011-03-02 09:54:18 +01:00
Ben Kibbey
cb803a4b27 Added option --data to KEYINFO to return the result with a data response. 2011-03-02 09:45:31 +01:00
Ben Kibbey
fa58a834ff Let KEYINFO show the cached status of a key grip. 2011-03-02 09:32:35 +01:00
Werner Koch
528d77a0cc Rename Ben's new option. 2011-03-02 09:11:40 +01:00
Ben Kibbey
0706511b6d Added CLEAR_PASSPHRASE option --agent to search the cache for a cacheid with a mode of CACHE_MODE_NORMAL. These cache modes are created with PKDECRYPT. 2011-03-02 09:08:00 +01:00