gnupg.git
7 years agodns-cert.c: Use constants for better readability.
Werner Koch [Tue, 29 Nov 2011 12:17:20 +0000 (13:17 +0100)]
dns-cert.c: Use constants for better readability.

7 years agoActually increase buffer size of t-dns-cert.c.
Werner Koch [Mon, 28 Nov 2011 17:36:21 +0000 (18:36 +0100)]
Actually increase buffer size of t-dns-cert.c.

7 years agoRe-indented dns-cert.c
Werner Koch [Mon, 28 Nov 2011 17:35:19 +0000 (18:35 +0100)]
Re-indented dns-cert.c

7 years agoIncrease the default buffer size for DNS certificates.
Werner Koch [Mon, 28 Nov 2011 17:18:12 +0000 (18:18 +0100)]
Increase the default buffer size for DNS certificates.

* common/t-dns-cert.c (main): Increase MAX_SIZE to 64k.
* g10/keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k.

7 years agoUse separate test module for dns-cert.c.
Werner Koch [Mon, 28 Nov 2011 17:11:59 +0000 (18:11 +0100)]
Use separate test module for dns-cert.c.

* dns-cert.c (get_dns_cert): Factor test code out to ...
* t-dns-cert.c: new file.

7 years agoMerge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg
NIIBE Yutaka [Tue, 29 Nov 2011 08:59:56 +0000 (17:59 +0900)]
Merge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg

7 years agoPC/SC pinpad support (pinpad input for modify pass phrase with resetcode, by admin).
NIIBE Yutaka [Tue, 29 Nov 2011 08:56:22 +0000 (17:56 +0900)]
PC/SC pinpad support (pinpad input for modify pass phrase with resetcode, by admin).

7 years agoMake sure HOME et al have no unsafe characters.
Werner Koch [Tue, 29 Nov 2011 07:52:12 +0000 (08:52 +0100)]
Make sure HOME et al have no unsafe characters.

7 years agoPC/SC pinpad support (pinpad input for modify pass phrase).
NIIBE Yutaka [Tue, 29 Nov 2011 02:59:32 +0000 (11:59 +0900)]
PC/SC pinpad support (pinpad input for modify pass phrase).

7 years agoAdd build script to build all components in one run.
Werner Koch [Mon, 28 Nov 2011 19:28:10 +0000 (20:28 +0100)]
Add build script to build all components in one run.

Run this script in the parent directory of the working copies.  It
does a VPATH build in ~/tmp/gpg-tmp/b in the right order and installs
everything below ~/tmp/gpg-tmp/.

Based on a script by Jim Meyering.

7 years agoaccept --with-libgpg-error-prefix as well as --with-gpg-error-prefix
Jim Meyering [Mon, 28 Nov 2011 12:47:08 +0000 (13:47 +0100)]
accept --with-libgpg-error-prefix as well as --with-gpg-error-prefix

* m4/gpg-error.m4: Update from git master.

7 years agoImprove ssh card key diagnostic message.
Werner Koch [Mon, 28 Nov 2011 09:39:36 +0000 (10:39 +0100)]
Improve ssh card key diagnostic message.

* command-ssh.c (card_key_available): Change wording of no key
diagnostic.
(ssh_handler_request_identities): Do not call card_key_available
if the scdaemon is disabled.

7 years agoPC/SC pinpad support.
NIIBE Yutaka [Mon, 28 Nov 2011 07:16:38 +0000 (16:16 +0900)]
PC/SC pinpad support.

Before this change, it is layered like following:

iso7816_verify
        iso7816_verify_kp
apdu_send_simple, apdu_send_simple_kp
...

After this change, it will be layered like:

iso7816_verify      iso7816_verify_kp
        apdu_send_simple    apdu_keypad_verify
...

and apdu_send_simple_kp will be deprecated.

For PC/SC API, we use:
  SCardControl API to compose CCID PC_to_RDR_Secure message
  SCardTransmit API to compose CCID PC_to_RDR_XfrBlock message

Considering the support of PC/SC, we have nothing to share between _kp
version of iso7816_* and no _kp version.

7 years agoMerge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg
Werner Koch [Thu, 24 Nov 2011 15:16:43 +0000 (16:16 +0100)]
Merge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg

7 years agoMake HKP keyserver engine work again.
Werner Koch [Thu, 24 Nov 2011 14:48:24 +0000 (15:48 +0100)]
Make HKP keyserver engine work again.

We had some debug code here which prevented it from working.
The host selection code still needs a review!

* ks-engine-http.c (ks_http_help): Do not print help for hkp.
* ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
(send_request): Remove test code.
(map_host): Use xtrymalloc.

* certcache.c (classify_pattern): Remove unused variable and make
explicit substring search work.

7 years agoMake HKP kyeserver engine work again.
Werner Koch [Thu, 24 Nov 2011 14:48:24 +0000 (15:48 +0100)]
Make HKP kyeserver engine work again.

We had some debug code here which prevented it from working.
The host selection code still needs a review!

* ks-engine-http.c (ks_http_help): Do not print help for hkp.
* ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
(send_request): Remove test code.
(map_host): Use xtrymalloc.

* certcache.c (classify_pattern): Remove unused variable and make
explicit substring search work.

7 years agoUpdated the German translation.
Werner Koch [Thu, 24 Nov 2011 13:16:22 +0000 (14:16 +0100)]
Updated the German translation.

* po/de.po: Update.

7 years agoDon't print anonymous recipient messages in quiet mode.
Werner Koch [Tue, 22 Nov 2011 14:30:26 +0000 (15:30 +0100)]
Don't print anonymous recipient messages in quiet mode.

This is bug#1378.

7 years agoAllow creating subkeys using an existing key
Werner Koch [Sun, 6 Nov 2011 16:01:31 +0000 (17:01 +0100)]
Allow creating subkeys using an existing key

This works by specifying the keygrip instead of an algorithm (section
number 13) and requires that the option -expert has been used.  It
will be easy to extend this to the primary key.

7 years agotypo fixes
Werner Koch [Wed, 2 Nov 2011 17:29:47 +0000 (18:29 +0100)]
typo fixes

7 years agoAllow distribution of dotlock.* also under a modified BSD license
Werner Koch [Mon, 24 Oct 2011 09:38:17 +0000 (11:38 +0200)]
Allow distribution of dotlock.* also under a modified BSD license

7 years agoTypo fix and remove of some colloquial terms
Werner Koch [Tue, 18 Oct 2011 12:18:36 +0000 (14:18 +0200)]
Typo fix and remove of some colloquial terms

7 years agoPut more options into the options index
Werner Koch [Wed, 12 Oct 2011 15:36:56 +0000 (17:36 +0200)]
Put more options into the options index

Also removed the single letter options from the index.

7 years agoExtend yat2m to allow indented tables.
Werner Koch [Wed, 12 Oct 2011 13:52:13 +0000 (15:52 +0200)]
Extend yat2m to allow indented tables.

Current makeinfo versions allow to indent the texinfo source.  However
yat2m had no support for this.  With this patch it is now possible to
use a simple indentation style while keeping man pages readable.

7 years agoChange JNLIB license to LGPLv3+ or GPLv2+.
Werner Koch [Fri, 30 Sep 2011 10:52:11 +0000 (12:52 +0200)]
Change JNLIB license to LGPLv3+ or GPLv2+.

This is to allow the use of this code with code under GPLv2(only).

7 years agoAdd prefix macro for dotlock functions.
Werner Koch [Fri, 30 Sep 2011 07:45:21 +0000 (09:45 +0200)]
Add prefix macro for dotlock functions.

Also fixed a type in the GLIB version.

7 years agoAdd dotlock_get_fd and dotlock_set_fd.
Werner Koch [Thu, 29 Sep 2011 14:51:48 +0000 (16:51 +0200)]
Add dotlock_get_fd and dotlock_set_fd.

7 years agoMake dotlock.c thread-safe on pthread systems.
Werner Koch [Thu, 29 Sep 2011 13:27:01 +0000 (15:27 +0200)]
Make dotlock.c thread-safe on pthread systems.

This is achieved by passing the define DOTLOCK_USE_PTHREAD.

7 years agoAdd a flag parameter to dotlock_create.
Werner Koch [Wed, 28 Sep 2011 13:41:58 +0000 (15:41 +0200)]
Add a flag parameter to dotlock_create.

This allows us to extend this function in the future.

7 years agoAllow arbitrary timeouts with dotlock.
Werner Koch [Wed, 28 Sep 2011 09:47:40 +0000 (11:47 +0200)]
Allow arbitrary timeouts with dotlock.

7 years agoImproved the dotlock module.
Werner Koch [Tue, 27 Sep 2011 15:18:56 +0000 (17:18 +0200)]
Improved the dotlock module.

- It is now more portable and may be used outside of GnuPG
- vfat file systems are now supported.
- The use of link(2) is more robust.
- Wrote extensive documentation.

7 years agoRemove check for gcry_kdf_derive
Werner Koch [Tue, 27 Sep 2011 15:17:06 +0000 (17:17 +0200)]
Remove check for gcry_kdf_derive

This is not anymore required because we require Libgcrypt 1.5.0 which
features this function.

7 years agoRenamed the lock functions.
Werner Koch [Fri, 23 Sep 2011 12:43:58 +0000 (14:43 +0200)]
Renamed the lock functions.

Also cleaned up the dotlock code for easier readability.

7 years agoRemove support for RISCOS from dotlock.c
Werner Koch [Thu, 22 Sep 2011 12:27:32 +0000 (14:27 +0200)]
Remove support for RISCOS from dotlock.c

7 years agoAllow NULL for free_public_key.
Werner Koch [Tue, 20 Sep 2011 17:24:52 +0000 (19:24 +0200)]
Allow NULL for free_public_key.

7 years agotests: avoid use of freed pointer
Jim Meyering [Tue, 20 Sep 2011 14:35:30 +0000 (16:35 +0200)]
tests: avoid use of freed pointer

[spotted by coverity]

This is only in tests/, but easy to fix, so...
I've included extra context so you can see how var->value would
be used in the following atoi call.

>From cf9ae83fd2da8d7a289b048ef0feed4096f6d263 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Tue, 20 Sep 2011 16:32:59 +0200
Subject: [PATCH] avoid use of free'd pointer

* asschk.c (set_type_var): Set var->value to NULL after freeing it,
to avoid subsequent use of freed pointer.

7 years agoavoid use of freed pointer
Jim Meyering [Tue, 20 Sep 2011 14:26:37 +0000 (16:26 +0200)]
avoid use of freed pointer

Without this patch, pk2 would be freed twice.

>From 2a18a4b757e0896e738fefbbaa8ff8c23a9edf89 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Tue, 20 Sep 2011 16:20:39 +0200
Subject: [PATCH] avoid use of freed pointer

If we free pk2 at the top of the for-loop, set it to NULL
so that we don't free it again just before returning.
* revoke.c (gen_desig_revoke): Don't use pk2 after freeing it.

7 years agoReplace gcry_md_start_debug by gcry_md_debug.
Werner Koch [Tue, 20 Sep 2011 07:54:27 +0000 (09:54 +0200)]
Replace gcry_md_start_debug by gcry_md_debug.

This is to allow building with Libgcrypt master (1.6) which has some
cleanups in the API/ABI.

7 years agoAllow no protection in pinentry-mode=loopback.
Ben Kibbey [Tue, 13 Sep 2011 00:13:19 +0000 (20:13 -0400)]
Allow no protection in pinentry-mode=loopback.

When the inquired passphrase has a 0 length then treat it as no
protection.

7 years agoFixed invalid free.
Ben Kibbey [Tue, 13 Sep 2011 00:13:18 +0000 (20:13 -0400)]
Fixed invalid free.

7 years agoFixed regression in libcurl.m4
Werner Koch [Mon, 12 Sep 2011 13:36:27 +0000 (15:36 +0200)]
Fixed regression in libcurl.m4

Fixed lost hash sign introduced by previous change (2011-04-08).
Reported by John Marshall.

7 years agoHandle pinentry-mode=loopback.
Ben Kibbey [Sun, 11 Sep 2011 20:55:34 +0000 (16:55 -0400)]
Handle pinentry-mode=loopback.

When this mode is set an inquire will be sent to the client to retrieve
the passphrase. This adds a new inquire keyword "NEW_PASSPHRASE" that the
GENKEY and PASSWD commands use when generating a new key.

7 years agoMark component descriptions for translation.
Werner Koch [Fri, 26 Aug 2011 13:20:41 +0000 (15:20 +0200)]
Mark component descriptions for translation.

8 years agoBeautified the online html manual
Werner Koch [Fri, 12 Aug 2011 12:40:47 +0000 (14:40 +0200)]
Beautified the online html manual

8 years agoFixed set but unused variable bugs
Werner Koch [Wed, 10 Aug 2011 12:11:30 +0000 (14:11 +0200)]
Fixed set but unused variable bugs

8 years agoFix autoconf warnings and update config.* files.
Werner Koch [Wed, 10 Aug 2011 11:39:38 +0000 (13:39 +0200)]
Fix autoconf warnings and update config.* files.

8 years agoTypo fix
Werner Koch [Wed, 10 Aug 2011 11:26:17 +0000 (13:26 +0200)]
Typo fix

8 years agoUpdate option s2k-count to match the documentation.
Ben Kibbey [Tue, 9 Aug 2011 22:56:16 +0000 (18:56 -0400)]
Update option s2k-count to match the documentation.

The option would previously return an error if its value was < 65536.

8 years agoMade the KILLAGENT and KILLSCD commands working again.
Werner Koch [Wed, 10 Aug 2011 09:47:04 +0000 (11:47 +0200)]
Made the KILLAGENT and KILLSCD commands working again.

This requires that GnuPG is build with a newer version of Libassuan
(2.0.3).

8 years agoAdjust for signed integer passed to OpenPGP card decrypt.
Werner Koch [Mon, 8 Aug 2011 08:44:03 +0000 (10:44 +0200)]
Adjust for signed integer passed to OpenPGP card decrypt.

8 years agoMinor doc updates v2.0 vs. v2.1)
Werner Koch [Mon, 8 Aug 2011 08:17:33 +0000 (10:17 +0200)]
Minor doc updates v2.0 vs. v2.1)

8 years agoDo not print read-only trustdb warning with --quiet.
Werner Koch [Fri, 29 Jul 2011 07:58:34 +0000 (09:58 +0200)]
Do not print read-only trustdb warning with --quiet.

This is only a warning and gpg would anyway print an error message if
it tries to write to the trustdb.

8 years agoMake the inquire cancel fix a little bit more robust.
Werner Koch [Wed, 27 Jul 2011 09:10:15 +0000 (11:10 +0200)]
Make the inquire cancel fix a little bit more robust.

8 years agoFixed gpg-agent SCD inquire command cancellation.
Ben Kibbey [Sat, 9 Jul 2011 12:25:22 +0000 (08:25 -0400)]
Fixed gpg-agent SCD inquire command cancellation.

Need to send the CANCEL command back to scdaemon otherwise the next SCD
command will fail.

8 years agoFix crash while reading unsupported ssh keys.
Werner Koch [Fri, 22 Jul 2011 07:29:40 +0000 (09:29 +0200)]
Fix crash while reading unsupported ssh keys.

This bug was found by n-roeser at gmx.net
(gnupg-devel@, msgid 4DFC7298.4040509@gmx.net).

8 years agoTry to get the only-valid-if-cert-valid cert from the dirmngr first.
Werner Koch [Thu, 21 Jul 2011 08:24:03 +0000 (10:24 +0200)]
Try to get the only-valid-if-cert-valid cert from the dirmngr first.

This should always work because the dirmngr asked us to validate the
given certificate.  This should make OCSP configuration easier because
there is less requirement to install all certificates for Dirmngr and
gpgsm.

CAUTION:  This code has not yet been tested.

8 years agoAllow listing of ssh fingerprint with the agent's KEYINFO command.
Werner Koch [Wed, 20 Jul 2011 19:13:24 +0000 (21:13 +0200)]
Allow listing of ssh fingerprint with the agent's KEYINFO command.

8 years agoSupport a confirm flag for ssh.
Werner Koch [Wed, 20 Jul 2011 18:49:41 +0000 (20:49 +0200)]
Support a confirm flag for ssh.

This implements the suggestion from bug#1349.  With this change the
fingerprint of the ssh key is also displayed in the pinentry prompts.

8 years agoNew functions to compute an ssh style fingerprint.
Werner Koch [Wed, 20 Jul 2011 14:40:29 +0000 (16:40 +0200)]
New functions to compute an ssh style fingerprint.

8 years agoPrint decoded S2K count in --list-packets mode.
Werner Koch [Mon, 18 Jul 2011 08:57:33 +0000 (10:57 +0200)]
Print decoded S2K count in --list-packets mode.

Fixes bug#1355.

8 years agoClarify documentation of --keyid-format.
Werner Koch [Mon, 18 Jul 2011 08:38:14 +0000 (10:38 +0200)]
Clarify documentation of --keyid-format.

Fixes bug#1354.

8 years agoDocument OPTION s2k-count
Werner Koch [Wed, 29 Jun 2011 11:23:41 +0000 (13:23 +0200)]
Document OPTION s2k-count

8 years agoAdded gpg-agent OPTION "s2k-count".
Ben Kibbey [Wed, 29 Jun 2011 00:35:13 +0000 (20:35 -0400)]
Added gpg-agent OPTION "s2k-count".

When unset or 0, the calibrated count will be used.

8 years agoFixed an URL typo in the FAQ.
Werner Koch [Tue, 28 Jun 2011 08:32:46 +0000 (10:32 +0200)]
Fixed an URL typo in the FAQ.

8 years agodoc/gpgsm.texi com-certs.pem mini-fix
Bernhard Reiter [Wed, 22 Jun 2011 10:18:50 +0000 (12:18 +0200)]
doc/gpgsm.texi com-certs.pem mini-fix

[[PGP Signed Part:Undecided]]
[1. text/plain]

Example path for com-certs.pem corrected.
[2. text/x-diff; doc.diff]

8 years agoAdd question "What are DH/DSS keys?"
Werner Koch [Mon, 27 Jun 2011 13:56:47 +0000 (15:56 +0200)]
Add question "What are DH/DSS keys?"

... and the answer of course.

8 years agoAllow generation of card keys up to 4096 bit.
Werner Koch [Thu, 16 Jun 2011 12:27:33 +0000 (14:27 +0200)]
Allow generation of card keys up to 4096 bit.

This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg.  This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.

Note: the card key generation in gpg is currently broken.  The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card.  We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card.  Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.

8 years agoFix for latest fix in Libgcrypt.
Werner Koch [Mon, 13 Jun 2011 12:54:40 +0000 (14:54 +0200)]
Fix for latest fix in Libgcrypt.

8 years agoRevert latest po add-line-number patch.
Werner Koch [Mon, 13 Jun 2011 12:49:37 +0000 (14:49 +0200)]
Revert latest po add-line-number patch.

To avoid this in the future, everyone should really use the clean-po
filter as installed with ./autogen.sh .  Thanks.

8 years agoFix size_t vs int issues.
Marcus Brinkmann [Wed, 1 Jun 2011 19:43:30 +0000 (21:43 +0200)]
Fix size_t vs int issues.

8 years agopo
Marcus Brinkmann [Wed, 1 Jun 2011 13:47:41 +0000 (15:47 +0200)]
po

8 years agodd
Marcus Brinkmann [Wed, 1 Jun 2011 13:45:24 +0000 (15:45 +0200)]
dd

8 years agoAdd missing LIBGCRYPT_CFLAGS for dirmngr_ldap.
Marcus Brinkmann [Wed, 1 Jun 2011 13:44:52 +0000 (15:44 +0200)]
Add missing LIBGCRYPT_CFLAGS for dirmngr_ldap.

8 years agoAdd LIBICONV to LDFLAGS.
Marcus Brinkmann [Wed, 1 Jun 2011 13:43:22 +0000 (15:43 +0200)]
Add LIBICONV to LDFLAGS.

8 years agoMerge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg
Werner Koch [Fri, 20 May 2011 08:30:36 +0000 (10:30 +0200)]
Merge branch 'master' of git+ssh://playfair.gnupg.org/git/gnupg

8 years agoRequire libgpg-error 1.10
Werner Koch [Fri, 20 May 2011 08:14:21 +0000 (10:14 +0200)]
Require libgpg-error 1.10

This allows to remove some error code substitutes.
Fixed a typo in gpg.text.

8 years agoMerge dirmgr cs.po into gnupg cs.po.
Marcus Brinkmann [Wed, 11 May 2011 23:34:04 +0000 (01:34 +0200)]
Merge dirmgr cs.po into gnupg cs.po.

8 years agoAdd fixme note regarding pth_kill
Werner Koch [Fri, 29 Apr 2011 14:44:28 +0000 (16:44 +0200)]
Add fixme note regarding pth_kill

8 years agoMerge branch 'wk-gpg-keybox'
Werner Koch [Fri, 29 Apr 2011 13:10:36 +0000 (15:10 +0200)]
Merge branch 'wk-gpg-keybox'

8 years agoRe-indentation of keydb.c and error code changes.
Werner Koch [Fri, 29 Apr 2011 13:07:11 +0000 (15:07 +0200)]
Re-indentation of keydb.c and error code changes.

Returning -1 as an error code is not very clean given that gpg error
has more descriptive error codes.  Thus we now return
GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.

8 years agoFix import stat counter and abort secret key import on merge-only error case.
Marcus Brinkmann [Fri, 29 Apr 2011 10:02:46 +0000 (12:02 +0200)]
Fix import stat counter and abort secret key import on merge-only error case.

8 years agoGive sensible error messages when trying to delete secret key.
Marcus Brinkmann [Fri, 29 Apr 2011 10:01:52 +0000 (12:01 +0200)]
Give sensible error messages when trying to delete secret key.

8 years agoUpdate OpenPGP parser to support ECC
Werner Koch [Thu, 28 Apr 2011 18:21:14 +0000 (20:21 +0200)]
Update OpenPGP parser to support ECC

8 years agoRemoved memory leak in the ECDH code.
Werner Koch [Thu, 28 Apr 2011 08:51:14 +0000 (10:51 +0200)]
Removed memory leak in the ECDH code.

8 years agoFixed regression in OpenPGP secret key export.
Werner Koch [Tue, 26 Apr 2011 18:33:46 +0000 (20:33 +0200)]
Fixed regression in OpenPGP secret key export.

The protection used in the exported key used a different iteration
count than given in the S2K field.  Thus all OpenPGP keys exported
from GnuPG 2.1-beta can't be imported again.  Given that the actual
secret key material is kept in private-keys-v1.d/ the can be
re-exported with this fixed version.

8 years agoFix regression in gpg's mail address parsing.
Werner Koch [Mon, 25 Apr 2011 21:56:47 +0000 (23:56 +0200)]
Fix regression in gpg's mail address parsing.

Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'.  This happened when I merged the user id
classification code of gpgsm and gpg.

8 years agoAdd OPTION:cache-ttl-opt-preset to gpg-agent.
Werner Koch [Thu, 21 Apr 2011 13:40:48 +0000 (15:40 +0200)]
Add OPTION:cache-ttl-opt-preset to gpg-agent.

This option may be used to change the default ttl values use with the
--preset option of GENKEY and PASSWD.

8 years ago2011-04-20 Marcus Brinkmann <mb@g10code.com>
Marcus Brinkmann [Wed, 20 Apr 2011 20:41:22 +0000 (22:41 +0200)]
2011-04-20  Marcus Brinkmann  <mb@g10code.com>

        * keylist.c (list_keyblock_colon): Use get_ownertrust_info, not
        get_ownertrust (which lead to binary zeroes in the output!).

8 years agoFix gpg-agent secure memory leak in OpenPGP private key import.
Marcus Brinkmann [Wed, 20 Apr 2011 09:33:09 +0000 (11:33 +0200)]
Fix gpg-agent secure memory leak in OpenPGP private key import.

2011-04-20  Marcus Brinkmann  <mb@g10code.com>

        * command.c (cmd_import_key): Release key from failed import
        before converting openpgp private key in the openpgp-private-key
        case.

8 years agoAnother PASSWD --preset fix.
Ben Kibbey [Sun, 17 Apr 2011 20:48:44 +0000 (16:48 -0400)]
Another PASSWD --preset fix.

Check for an error before presetting the passphrase.

8 years agoFixed PASSWD --preset.
Ben Kibbey [Wed, 13 Apr 2011 00:02:05 +0000 (20:02 -0400)]
Fixed PASSWD --preset.

The previous patch required that the keygrip be cached before adding the
new passphrase to the cache. No more.

8 years agoUse macros for the 120 and 900s cache TTLs.
Werner Koch [Tue, 12 Apr 2011 16:20:46 +0000 (18:20 +0200)]
Use macros for the 120 and 900s cache TTLs.

8 years agoAdded PASSWD --preset.
Ben Kibbey [Sun, 10 Apr 2011 20:06:18 +0000 (16:06 -0400)]
Added PASSWD --preset.

8 years agoAdded GENKEY --preset to add the passphrase of the generated key to the cache.
Ben Kibbey [Sun, 10 Apr 2011 13:37:18 +0000 (09:37 -0400)]
Added GENKEY --preset to add the passphrase of the generated key to the cache.

8 years agoAdded KEYINFO field to show the protection type of a key. This differs from the secon...
Ben Kibbey [Wed, 6 Apr 2011 23:23:05 +0000 (19:23 -0400)]
Added KEYINFO field to show the protection type of a key. This differs from the second field which shows the location of the key.

8 years agoAdd code for explicit selection of pooled A records.
Werner Koch [Tue, 12 Apr 2011 14:30:08 +0000 (16:30 +0200)]
Add code for explicit selection of pooled A records.

To better cope with round robin pooled A records like keys.gnupg.net
we need to keep some information on unresponsive hosts etc.  What we
do now is to resolve the hostnames, remember them and select a random
one.  If a host is dead it will be marked and a different one
selected.  This is intended to solve the problem of long timeouts due
to unresponsive hosts.

The code is not yet finished but selection works.

8 years agoDetect premature EOF while parsing corrupted key packets.
Werner Koch [Wed, 23 Mar 2011 09:07:59 +0000 (10:07 +0100)]
Detect premature EOF while parsing corrupted key packets.

This helps in the case of an unknown key algorithm with a corrupted
packet which claims a longer packet length.  This used to allocate the
announced packet length and then tried to fill it up without detecting
an EOF, thus taking quite some time.  IT is easy to fix, thus we do
it.  However, there are many other ways to force gpg to use large
amount of resources; thus as before it is strongly suggested that the
sysadm uses ulimit do assign suitable resource limits to the gpg
process.  Suggested by Timo Schulz.

8 years agoMake use of gcry_kdf_derive.
Werner Koch [Thu, 10 Mar 2011 17:39:34 +0000 (18:39 +0100)]
Make use of gcry_kdf_derive.

Factoring common code out is always a Good Thing.  Also added a
configure test to print an error if gcry_kdf_derive is missing in
Libgcrypt.

8 years agoSupport pkcs#12 import of PBES2 encoded data.
Werner Koch [Thu, 10 Mar 2011 14:27:10 +0000 (15:27 +0100)]
Support pkcs#12 import of PBES2 encoded data.

This is so that we read compatible with gnutls's certtool.  Only
AES-128 is supported.  The latest Libgcrypt from git is required.

Fixes bug#1321.

8 years agoPost beta release updates
Werner Koch [Tue, 8 Mar 2011 13:00:04 +0000 (14:00 +0100)]
Post beta release updates