* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--
With this change a http query will not follow a redirect unless the
Location header gives the same host. If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-zip.in: Remove.
* m4/tar-ustar.m4: Remove.
--
Note that the script was even not anymore installed. See also
GnuPG-bug-id: 4252
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (agent_popup_message_stop): Just kill it.
--
By checking if it's alive or not, we can lower a risk of sending
SIGINT to a wrong process on unusual condition when PID is re-used to
a different process.
That's true, however, since it's alive usually, simply sending SIGINT
is enough here.
Note that here is a race condition for detecting if process is active
or not; A process can die just after being detected alive.
Moreover, when the process of pinentry accidentally died already, it
should have caused return of assuan_transact and the thread of
popup_message_thread likely already set popup_finished=1.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Summary:
* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
(register_commands): Add FLUSHCRLS.
--
This allows it to flush the CRL cache of a running dirmngr
server. This can be useful to debug / analyze CRL issues.
GnuPG-Bug-Id: T3967
Differential Revision: https://dev.gnupg.org/D469
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
(cherry picked from commit 00321a025f90990a71b60b4689ede1f38fbde347)
* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement. Change all callers to pass false for it.
* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--
Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it. After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.
To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command
t-mbox-util --verbose --filter
can be used; to output w/o sub-addresses add --no-sub.
GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_aead'.
(release_list): Clear 'seen_pkt_encrypted_aead'.
(proc_encrypted): Set 'seen_pkt_encrypted_aead'.
(have_seen_pkt_encrypted_aead): New.
(proc_plaintext): Do not enable extra hash contexts when decryption
AEAD input.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/armor.c (asctobin): Larger look-up table for fast path.
(initialize): Update 'asctobin' initialization.
(radix64_read): Add fast path for radix64 to binary conversion.
--
This patch adds fast path for radix64 to binary conversion in
armored decryption.
Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.
before patch-set
----------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 13.8 140 MB/s
decrypt-aead: 30.6 68 MB/s
encrypt-cfb: 17.4 114 MB/s
decrypt-cfb: 32.6 64 MB/s
after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
gpg process
armor: user time pipe transfer rate
decrypt-aead: 9.8 200 MB/s
decrypt-cfb: 11.9 168 MB/s
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/armor.c (bintoasc): Change to read-only.
(initialize): Use const pointer for 'bintoasc'.
(armor_output_buf_as_radix64): New function for faster binary to
radix64 conversion.
(armor_filter): Use new conversion function.
--
This patch adds faster binary to radix64 conversion to speed up
armored encryption.
Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.
before patch-set
----------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 13.8 140 MB/s
decrypt-aead: 30.6 68 MB/s
encrypt-cfb: 17.4 114 MB/s
decrypt-cfb: 32.6 64 MB/s
after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 2.7 523 MB/s
encrypt-cfb: 6.7 264 MB/s
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/armor.c (CRCINIT, CRCPOLY, CRCUPDATE, crc_table): Remove.
(new_armor_context): Open libgcrypt CRC24 context.
(release_armor_context): Close CRC24 context.
(initialize): Remove CRC table generation.
(get_afx_crc): New.
(check_input, fake_packet, radix64_read, armor_filter): Update to use
CRC24 context.
* g10/filter.h (armor_filter_context_t): Replace crc intermediate value
with libgcrypt md context pointer.
--
This patch changes armor filter to use optimized CRC24 implementation
from libgcrypt to speed up encryption and decryption.
Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.
before patch-set
----------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 13.8 140 MB/s
decrypt-aead: 30.6 68 MB/s
encrypt-cfb: 17.4 114 MB/s
decrypt-cfb: 32.6 64 MB/s
after (decrypt+iobuf+crc opt)
-----------------------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 8.7 211 MB/s
decrypt-aead: 17.6 116 MB/s
encrypt-cfb: 12.6 153 MB/s
decrypt-cfb: 19.6 105 MB/s
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* common/iobuf.c (iobuf_read_line): Add fast path for finding '\n'
character in buffer.
--
This patch reduce per byte overhead in iobuf_read_line by avoiding
using iobuf_get when possible and use memchr to find '\n'. This
speeds armored decryption.
Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.
before patch-set
----------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 13.8 140 MB/s
decrypt-aead: 30.6 68 MB/s
encrypt-cfb: 17.4 114 MB/s
decrypt-cfb: 32.6 64 MB/s
after (decrypt+iobuf opt)
-------------------------
gpg process
armor: user time pipe transfer rate
decrypt-aead: 22.5 92 MB/s
decrypt-cfb: 24.4 85 MB/s
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/armor.c (radix64_read): Check EOF with '!afx->buffer_len' instead
of 'c == -1', as 'c' is never set to this value.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/decrypt-data.c (fill_buffer): Use iobuf_read instead of iobuf_get
for reading data.
--
This patch reduces iobuf_read per byte processing overhead and speeds
up decryption.
Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.
before patch-set
----------------
gpg process
no-armor: user time pipe transfer rate
encrypt-aead: 1.02 1.0 GB/s
decrypt-aead: 10.8 185 MB/s
encrypt-cfb: 4.8 342 MB/s
decrypt-cfb: 12.7 157 MB/s
gpg process
armor: user time pipe transfer rate
encrypt-aead: 13.8 140 MB/s
decrypt-aead: 30.6 68 MB/s
encrypt-cfb: 17.4 114 MB/s
decrypt-cfb: 32.6 64 MB/s
after (decrypt opt)
-------------------
gpg process
no-armor: user time pipe transfer rate
decrypt-aead: 7.3 263 MB/s
decrypt-cfb: 9.3 211 MB/s
gpg process
armor: user time pipe transfer rate
decrypt-aead: 27.0 77 MB/s
decrypt-cfb: 29.0 72 MB/s
Note: decryption results are much slower than encryption because of
extra SHA1 & RIPEMD160 hashing.
GnuPG-bug-id: 3786
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
* g10/cipher-aead.c (do_flush): No cast is correct.
* g10/decrypt-data.c (aead_underflow): No cast needed.
Use "%j" for uint64_t for chunklen.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-wks.h (opt): Add field with_colons.
* tools/gpg-wks-client.c (oWithColons): New const.
(opts, parse_arguments): Add option --with-colons.
(main): Change aSupported to take several domains in --with-colons
mode.
(command_send): Factor policy getting code out to ...
(get_policy_and_sa): New function.
(command_supported): Make use of new function.
--
In addition to this the --create command now also supports a
submission address only in the policy file. That means the
submission-address file is not anymore required and can be replaced by
the policy file.
Signed-off-by: Werner Koch <wk@gnupg.org>
* build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
--disable-w32-qt option.
--
This option is obsolete since GPGME 1.7 (in 2016)
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
segv for a missing slash after the host name.
--
Reportted-by: Tomas Mraz
GnuPG-bug-id: 4230
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
--
Note that a policy file is meanwhile required and thus is is useful to
create it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-search-desc.h (fpr): Increase the size.
--
In the function keydb_search_fpr in g10/keydb.c, it is copied using
MAX_FINGERPRINT_LEN. So, more size is required.
Fixes-commit: ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
--
GnuPG-bug-id: 4229
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.c (learn_status_cb): Parse "bt" flag.
* g10/call-agent.h: New member field "bt".
* g10/card-util.c (uif): Limit its access only when it is supported.
* scd/app-openpgp.c (do_setattr): Allow access to UIF objects only
when there is a button.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>