gnupg.git
4 years agopo: Auto update translations.
Werner Koch [Fri, 3 Oct 2014 10:13:25 +0000 (12:13 +0200)]
po: Auto update translations.

--

4 years agopo: Update German translation.
Werner Koch [Fri, 3 Oct 2014 10:13:05 +0000 (12:13 +0200)]
po: Update German translation.

4 years agoRemove support for the GPG_AGENT_INFO envvar.
Werner Koch [Fri, 3 Oct 2014 09:58:58 +0000 (11:58 +0200)]
Remove support for the GPG_AGENT_INFO envvar.

* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options.  Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--

The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.

4 years agogpg: Fix regression removing SHA256.
Werner Koch [Thu, 2 Oct 2014 17:17:34 +0000 (19:17 +0200)]
gpg: Fix regression removing SHA256.

* g10/misc.c (map_md_openpgp_to_gcry): Always use SHA256.
--

Regression due to commit d33246700578cddd1cb8ed8164cfbba50aba4ef3

GnuPG-bug-id: 1733.

4 years agoFirst changes for future use of NTBTLS.
Werner Koch [Thu, 2 Oct 2014 15:33:57 +0000 (17:33 +0200)]
First changes for future use of NTBTLS.

* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New.  Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--

This is only the configure stuff.  If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.

4 years agobuild: Update m4 scripts
Werner Koch [Thu, 2 Oct 2014 14:17:45 +0000 (16:17 +0200)]
build: Update m4 scripts

* m4/gpg-error.m4: Update from Libgpg-error git master.
* m4/libgcrypt.m4: Update from Libgcrypt git master.
* configure.ac: Declare SYSROOT a precious variable.  Add extra error
message for library configuration mismatches.

4 years agodoc: Remove GnuPG-1 related parts from gpg.texi.
Werner Koch [Mon, 29 Sep 2014 09:49:50 +0000 (11:49 +0200)]
doc: Remove GnuPG-1 related parts from gpg.texi.

* doc/Makefile.am (YAT2M_OPTIONS): Add 2.1 to the source info.
* doc/gpg.texi: Remove gpg1 related texts.

4 years agogpg: Default to SHA-256 for all signature types on RSA keys.
Werner Koch [Sat, 27 Sep 2014 13:21:02 +0000 (15:21 +0200)]
gpg: Default to SHA-256 for all signature types on RSA keys.

* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
* configure.ac: Do not allow to disable sha256.

4 years agogpg: Simplify command --gen-key and add --full-gen-key.
Werner Koch [Sat, 27 Sep 2014 13:14:13 +0000 (15:14 +0200)]
gpg: Simplify command --gen-key and add --full-gen-key.

* g10/gpg.c (aFullKeygen): New.
(opts): Add command --full-key-gen.
(main): Implement it.
* g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
the value is identical.
(DEFAULT_STD_CURVE): New.
(DEFAULT_STD_SUBALGO): New.
(DEFAULT_STD_SUBKEYSIZE): New.
(DEFAULT_STD_SUBCURVE): New.
(quick_generate_keypair): Use new macros here.
(generate_keypair): Add arg "full" and fix call callers. Do not ask
for keysize in non-full node.
(ask_user_id): Add arg "full" and simplify for non-full mode.

4 years agodoc: Update the file OpenPGP
Werner Koch [Sat, 27 Sep 2014 09:17:07 +0000 (11:17 +0200)]
doc: Update the file OpenPGP

--

It should actually be completey reworked but for now I added just a
few notes.

4 years agogpg: Add shortcut for setting key capabilities.
Werner Koch [Fri, 26 Sep 2014 12:43:48 +0000 (14:43 +0200)]
gpg: Add shortcut for setting key capabilities.

* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.

4 years agogpg: Do not always print dashes in obsolete_option.
Werner Koch [Thu, 25 Sep 2014 20:13:03 +0000 (22:13 +0200)]
gpg: Do not always print dashes in obsolete_option.

* g10/gpg.c (main): Pass option names to obsolete_option without
double dash.
* g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double
dash only for command line options.

4 years agogpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
Daniel Kahn Gillmor [Thu, 25 Sep 2014 18:45:37 +0000 (14:45 -0400)]
gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.

* g10/gpg.c: Add config options that should belong in scdaemon.conf
* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.

--

In gpg2, the following options are only relevant for scdaemon:

 reader-port
 ctapi-driver
 pcsc-driver
 disable-ccid

but in gpg1, they are options for gpg itself.

Some users of gpg1 might have these options in their
~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that
config file.

gpg2 should not fail hard, though giving a warning (and suggesting a
move to scdaemon.conf) seems OK.

This patch does *not* reintroduce any documentation for these options
in gpg.texi, even to indicate that they are "dummy" options, since
scdaemon.texi contains the appropriate documentation.

Debian-bug-id: 762844

- Program names factored out from obsolete_scdaemon_option to make
  reuse without new translations easier. -wk

4 years agobuild: Change urlbase of getswdb.sh.
Werner Koch [Thu, 25 Sep 2014 06:44:57 +0000 (08:44 +0200)]
build: Change urlbase of getswdb.sh.

--

4 years agoReformat README and minor gpg.texi improvement.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
Reformat README and minor gpg.texi improvement.

--

The second thing is to explain the file names below under
~/.gnupg/openpgp-revocs.d/.

4 years agoRegister DCO for Daniel Kahn Gillmor.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
Register DCO for Daniel Kahn Gillmor.

--

4 years agospeedo: Check that wget and gpgv are installed.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
speedo: Check that wget and gpgv are installed.

* build-aux/getswdb.sh: Check for required tools.

4 years agospeedo: Autodetect sha1sum tools.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
speedo: Autodetect sha1sum tools.

* build-aux/getswdb.sh: Add option --find-sha1sum.
* build-aux/speedo.mk (check-tools): New phony target.  Not yet used.
(SHA1SUM): New var.  Use it instead of sha1sum.

4 years agogpg: Create default keyring with .kbx suffix.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
gpg: Create default keyring with .kbx suffix.

* g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity.
(keydb_add_resource): Fix order of args to maybe_create_keyring_or_box
and check and create .kbx.

4 years agodoc: Fix --secret-keyring option for 2.1
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
doc: Fix --secret-keyring option for 2.1

--

4 years agogpg: --delete-secret-key - check that a secret key exists.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
gpg: --delete-secret-key - check that a secret key exists.

* g10/delkey.c (do_delete_key): Check availibility of a secret key.
--

Actually we check that at least one secret subkey exists.

4 years agogpg: Make algorithm selection prompt for ECC more clear.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
gpg: Make algorithm selection prompt for ECC more clear.

* g10/keygen.c (ask_algo): Change 9 to "ECC and ECC".

4 years agoRegister DCO for Andre Heinecke.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
Register DCO for Andre Heinecke.

--

4 years agoPost beta release update.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
Post beta release update.

--

4 years agoRelease 2.1.0-beta834. gnupg-2.1.0-beta834
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
Release 2.1.0-beta834.

4 years agospeedo: Distribute needed files.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
speedo: Distribute needed files.

* Makefile.am (EXTRA_DIST): Add speedo stuff.

4 years agobuild: Enable gpgtar by default.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
build: Enable gpgtar by default.

4 years agocommon: Do not build maintainer modules in non-maintainer mode.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
common: Do not build maintainer modules in non-maintainer mode.

* common/Makefile.am (module_maint_tests): Use only in maintainer
mode.
(t_common_cflags): New.

4 years agocommon: Remove superfluous statements.
Werner Koch [Thu, 18 Sep 2014 13:49:44 +0000 (15:49 +0200)]
common: Remove superfluous statements.

* common/exechelp-posix.c: Remove weak pragmas.
* common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
const.
--

We do not use Pth anymore and thus there is no more need for the weak
pragmas.

4 years agog13: Avoid segv after pipe creation failure.
Werner Koch [Thu, 18 Sep 2014 14:00:34 +0000 (16:00 +0200)]
g13: Avoid segv after pipe creation failure.

* g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an
early error.
(gpg_decrypt_blob): Ditto.

4 years agoscd: Fix int/short mismatch in format string of app-p15.c
Werner Koch [Thu, 18 Sep 2014 13:39:50 +0000 (15:39 +0200)]
scd: Fix int/short mismatch in format string of app-p15.c

* scd/app-p15.c (parse_certid): Use snprintf and cast value.
(send_certinfo): Ditto.
(send_keypairinfo): Ditto.
(do_getattr): Ditto.

4 years agoagent: Init a local variable in the error case.
Werner Koch [Thu, 18 Sep 2014 13:32:17 +0000 (15:32 +0200)]
agent: Init a local variable in the error case.

* agent/pksign.c (do_encode_md): Init HASH on error.

4 years agoagent: Remove left over debug output.
Werner Koch [Thu, 18 Sep 2014 13:28:40 +0000 (15:28 +0200)]
agent: Remove left over debug output.

* agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
output.

4 years agoagent: Silence compiler warning for a debug message.
Werner Koch [Thu, 18 Sep 2014 13:21:56 +0000 (15:21 +0200)]
agent: Silence compiler warning for a debug message.

* agent/call-pinentry.c (agent_query_dump_state): Use %p for
POPUP_TID.

4 years agosm: Silence compiler warnings.
Werner Koch [Thu, 18 Sep 2014 13:17:44 +0000 (15:17 +0200)]
sm: Silence compiler warnings.

* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I.
* sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler
warning.

4 years agogpg: Silence a compiler warning.
Werner Koch [Thu, 18 Sep 2014 13:08:51 +0000 (15:08 +0200)]
gpg: Silence a compiler warning.

* g10/parse-packet.c (enum_sig_subpkt): Replace hack.

4 years agogpg: Replace a hash algo test function.
Werner Koch [Thu, 18 Sep 2014 12:56:39 +0000 (14:56 +0200)]
gpg: Replace a hash algo test function.

* g10/gpg.c (print_mds): Replace openpgp_md_test_algo.
--

This is actually not required because as of now the used OpenPGP and
Gcrypt hash algorithm numbers are identical.  But that might change in
the future.

This changes the behavior of GnuPG in case it has been build with
some algorithms disabled: If those algorithms are available in
Libgcrypt, their results will be used printed anyway.

4 years agogpg: Re-indent a function.
Werner Koch [Thu, 18 Sep 2014 12:50:02 +0000 (14:50 +0200)]
gpg: Re-indent a function.

--

4 years agospeedo: Various fixes
Werner Koch [Thu, 18 Sep 2014 09:08:45 +0000 (11:08 +0200)]
speedo: Various fixes

* build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org.  Minor
other fixes.

4 years agospeedo: Improve speedo Makefile.
Werner Koch [Wed, 17 Sep 2014 19:33:32 +0000 (21:33 +0200)]
speedo: Improve speedo Makefile.

--

Building for the native platform is now a mere

  make -f build-aux/speedo.mk native

You may also use "help" as target.

4 years agopo: Auto-update
Werner Koch [Wed, 17 Sep 2014 17:31:27 +0000 (19:31 +0200)]
po: Auto-update

--

4 years agogpg: Print a warning if the subkey expiration may not be what you want.
Werner Koch [Wed, 17 Sep 2014 14:27:37 +0000 (16:27 +0200)]
gpg: Print a warning if the subkey expiration may not be what you want.

* g10/keyedit.c (subkey_expire_warning): New.
(keyedit_menu): Call it when needed.
--
GnuPG-bug-id: 1715

The heuristic to detect a problem is not very advanced but it should
catch the most common cases.

4 years agogpg: Improve passphrase caching.
Werner Koch [Wed, 17 Sep 2014 13:12:08 +0000 (15:12 +0200)]
gpg: Improve passphrase caching.

* agent/cache.c (last_stored_cache_key): New.
(agent_get_cache): Allow NULL for KEY.
(agent_store_cache_hit): New.
* agent/findkey.c (unprotect): Call new function and try to use the
last stored key.

* g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
make_keysig_packet.
(gen_standard_revoke): Add arg CACHE_NONCE and pass to
create_revocation.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
cache nonce.
--

This patch adds two features:

1. The key for the last passphrase successfully used for unprotecting
a key is stored away.  On a cache miss the stored away passphrase is
tried as well.  This helps for the common GPG use case of having a
signing and encryption (sub)key with the same passphrase.  See the
code for more comments.

2. The now auto-generated revocation certificate does not anymore
popup a passphrase prompt.  Thus for standard key generation the
passphrase needs to be given only once (well, two with the
confirmation).

4 years agogpg: Use algorithm id 22 for EdDSA.
Werner Koch [Fri, 12 Sep 2014 09:31:49 +0000 (11:31 +0200)]
gpg: Use algorithm id 22 for EdDSA.

* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
--

In the hope that the IETF will eventually assign 22 for EdDSA using
the draft-koch-eddsa-for-openpgp-01 specs we start using this number.

4 years agobuild: Require libgpg-error 1.15
Werner Koch [Fri, 12 Sep 2014 08:57:49 +0000 (10:57 +0200)]
build: Require libgpg-error 1.15

--

1.14 had a problem in its ABI and was thus remove from the FTP Server
after 3 days. 1.15 fixes this.

4 years agodoc: Small grammar fix
Werner Koch [Fri, 12 Sep 2014 08:49:31 +0000 (10:49 +0200)]
doc: Small grammar fix

--

4 years agogpg: Stop early on bogus old style comment packets.
Werner Koch [Thu, 11 Sep 2014 14:40:45 +0000 (16:40 +0200)]
gpg: Stop early on bogus old style comment packets.

* g10/parse-packet.c (parse_key): Take care of too short packets for
old style commet packets.
--

GnuPG-bug-id: 1714

4 years agodirmngr: Support https for KS_FETCH.
Werner Koch [Wed, 10 Sep 2014 08:37:48 +0000 (10:37 +0200)]
dirmngr: Support https for KS_FETCH.

* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
* dirmngr/misc.c (cert_log_cb): here.
* dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
and https.
--

Note that this requires that the root certificates are registered using
the --hkp-cacert option.  Eventually we may introduce a separate
option to allow using different CAs for KS_FETCH and keyserver based
requests.

4 years agodirmngr: Fix the ks_fetch command for the http scheme.
Werner Koch [Wed, 10 Sep 2014 07:15:57 +0000 (09:15 +0200)]
dirmngr: Fix the ks_fetch command for the http scheme.

* common/http.c (http_session_ref): Allow for NULL arg.
--

We always test for a an existing session and thus passing NULL as
session object should be allowed.

Reported-by: Jens Lechtenboerger
4 years agoMerge branch 'wk/test-gpgrt-estream'
Werner Koch [Mon, 8 Sep 2014 17:26:02 +0000 (19:26 +0200)]
Merge branch 'wk/test-gpgrt-estream'

4 years agogpg: Fix memory leak in ECC encryption.
Werner Koch [Mon, 8 Sep 2014 16:25:06 +0000 (18:25 +0200)]
gpg: Fix memory leak in ECC encryption.

* g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
handling.

4 years agodoc: Remove some stuff for the very incomplete instguide.
Werner Koch [Wed, 3 Sep 2014 07:45:20 +0000 (09:45 +0200)]
doc: Remove some stuff for the very incomplete instguide.

--

4 years agodoc: Typo fix
Werner Koch [Tue, 2 Sep 2014 14:01:25 +0000 (16:01 +0200)]
doc: Typo fix

--
Debian-bug-id: 760273

4 years agogpg: Fix export of NIST ECC keys.
Werner Koch [Tue, 2 Sep 2014 10:10:19 +0000 (12:10 +0200)]
gpg: Fix export of NIST ECC keys.

* common/openpgp-oid.c (struct oidtable): New.
(openpgp_curve_to_oid): Rewrite and allow OID as input.
(openpgp_oid_to_curve): Make use of the new table.
--

Due to the previous change we now usually store the OID with the
private key and not the name.  Thus during import we do not anymore
need to map the name to an oid but can use the oid directly.  We fix
that by extending openpgp_curve_to_oid to allow an oidstr as input.

4 years agoagent: Fix import of OpenPGP EdDSA keys.
Werner Koch [Tue, 2 Sep 2014 09:22:07 +0000 (11:22 +0200)]
agent: Fix import of OpenPGP EdDSA keys.

* agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(apply_protection): Handle opaque MPIs.

(do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
unpacking an opaque mpi.
--

The key transfer protocol between gpg and gpg-agent uses gcrypt
algorithm numbers which merge all ECC algorithms into one.  Thus it is
not possible to use the algorithm number to determine the EdDSA
algorithm.  We need to known that because Libgcrypt requires the
"eddsa" flag with the curve "Ed25519" to actually use the Ed25519
signature specification.

The last fix is for correctness; the first case won't be used anyway.

4 years agogpg: Fix export of ecc secret keys by adjusting check ordering.
Kyle Butt [Tue, 26 Aug 2014 21:11:47 +0000 (14:11 -0700)]
gpg: Fix export of ecc secret keys by adjusting check ordering.

* g10/export.c (transfer_format_to_openpgp): Move the check against
PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of
parameters.

4 years agoagent: Allow key unprotection using AES-256.
Werner Koch [Mon, 1 Sep 2014 08:15:21 +0000 (10:15 +0200)]
agent: Allow key unprotection using AES-256.

* agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for
clarity.
(do_decryption): Add args prot_cipher and prot_cipher_keylen.  USe
them instead of the hardwired values.
(agent_unprotect): Change to use a table of protection algorithms.
Add AES-256 variant.
--

This patch will make a possible future key protection algorithm
changes smoother.  AES-256 is also allowed although there is currently
no way to encrypt using it.

4 years agospeedo: Fix for non-Windows build of glib.
Werner Koch [Mon, 1 Sep 2014 08:10:30 +0000 (10:10 +0200)]
speedo: Fix for non-Windows build of glib.

--

4 years agogpg: Do not show "MD5" and triplicated "RSA" in --version.
Werner Koch [Thu, 28 Aug 2014 14:01:22 +0000 (16:01 +0200)]
gpg: Do not show "MD5" and triplicated "RSA" in --version.

* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.

4 years agogpg: Do not show "MD5" and triplicated "RSA" in --version.
Werner Koch [Thu, 28 Aug 2014 14:01:22 +0000 (16:01 +0200)]
gpg: Do not show "MD5" and triplicated "RSA" in --version.

* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.

4 years agogpg: Remove CAST5 from the default prefs and order SHA-1 last.
Werner Koch [Tue, 26 Aug 2014 21:20:07 +0000 (23:20 +0200)]
gpg: Remove CAST5 from the default prefs and order SHA-1 last.

* g10/keygen.c (keygen_set_std_prefs): Update prefs.

4 years agoSwitch to the libgpg-error provided estream.
Werner Koch [Tue, 26 Aug 2014 15:47:22 +0000 (17:47 +0200)]
Switch to the libgpg-error provided estream.

* configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
(GPGRT_ENABLE_ES_MACROS): Define.
(estream_INIT): Remove.
* m4/estream.m4: Remove.
* common/estream-printf.c, common/estream-printf.h: Remove.
* common/estream.c, common/estream.h: Remove.
* common/init.c (_init_common_subsystems): Call gpgrt initialization.

4 years agogpg: Allow for positional parameters in the passphrase prompt.
Werner Koch [Tue, 26 Aug 2014 08:16:04 +0000 (10:16 +0200)]
gpg: Allow for positional parameters in the passphrase prompt.

* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
--

Without that at least the French translation does not always work
because it requires positional parameters.  Windows for example does
not support them as they are not defined by C99 but by POSIX.

4 years agogpg: Fix "can't handle public key algorithm" warning.
Werner Koch [Wed, 20 Aug 2014 07:59:36 +0000 (09:59 +0200)]
gpg: Fix "can't handle public key algorithm" warning.

* g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign
capabilities.

4 years agospeedo: Get version numbers from online database.
Werner Koch [Tue, 19 Aug 2014 10:49:45 +0000 (12:49 +0200)]
speedo: Get version numbers from online database.

* build-aux/getswdb.sh: New.
* build-aux/speedo.mk: Get release version numbers from swdb.lst.
--

This should make maintaining GnuPG installations easier.  Running

 make -f /foo/gnupg/build-aux/speedo.mk TARGETOS=native WHAT=release

downloads all GnuPG related packages and builds them.  The gnupg
directory may be a GIT checkout but in that case please run
./autogen.sh on it first.  Note that currently swdb.lst is always
downloaded from gnupg.org and thus monitoring the network or the gnupg
machine reveal information on who is currently building GnuPG.  If
there is an easy way to detect that TOR is enabled this can be changed
to directly download from the GnuPG hidden service.

4 years agobuild: Create VERSION file via autoconf.
Werner Koch [Tue, 19 Aug 2014 09:12:26 +0000 (11:12 +0200)]
build: Create VERSION file via autoconf.

* Makefile.am (dist-hook): Remove creation of VERSION.
(EXTRA_DIST): Add VERSION.
* configure.ac: Let autoconf create VERSION.

4 years agogpg: Install the current release signing pubkey.
Werner Koch [Mon, 18 Aug 2014 14:38:13 +0000 (16:38 +0200)]
gpg: Install the current release signing pubkey.

* g10/distsigkey.gpg: New.
--

This might be useful to help installing updates.

4 years agoagent: Return NO_SECKEY instead of ENONET for PKSIGN and others.
Werner Koch [Mon, 18 Aug 2014 13:42:54 +0000 (15:42 +0200)]
agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.

* agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
* agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.

4 years agotests: Re-enable OpenPGP ecc test.
Werner Koch [Mon, 18 Aug 2014 10:55:54 +0000 (12:55 +0200)]
tests: Re-enable OpenPGP ecc test.

--

4 years agokbx: Make user id and signature data optional for OpenPGP.
Werner Koch [Mon, 18 Aug 2014 10:55:29 +0000 (12:55 +0200)]
kbx: Make user id and signature data optional for OpenPGP.

* kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction.
--

Although self-signature and key binding signatures are required by
OpenPGP, we should not enforce that in the storage backend.

4 years agogpg: Change default cipher for --symmetric from CAST5 to AES-128.
Werner Koch [Mon, 18 Aug 2014 09:45:00 +0000 (11:45 +0200)]
gpg: Change default cipher for --symmetric from CAST5 to AES-128.

* g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES
depending on configure option.
* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.

4 years agoyat2m: Support @set and @value.
Werner Koch [Mon, 18 Aug 2014 09:42:10 +0000 (11:42 +0200)]
yat2m: Support @set and @value.

* doc/yat2m.c (variablelist): New.
(set_variable): New.
(macro_set_p): Also check the variables.
(proc_texi_cmd): Support the @value command.
(parse_file): Support the @set command.
(top_parse_file): Release variablelist.

4 years agoyat2m: Support the $* command for man page rendering.
Werner Koch [Mon, 18 Aug 2014 09:39:57 +0000 (11:39 +0200)]
yat2m: Support the $* command for man page rendering.

4 years agoestream: Change license from GPL to LPGL.
Werner Koch [Sun, 17 Aug 2014 13:24:48 +0000 (15:24 +0200)]
estream: Change license from GPL to LPGL.

* common/estream-printf.c, common/estream-printf.h: Change license.
* common/estream.c, common/estream.h: Ditto.
--

g10 Code is the sole copyright holder of Libestream and thus as CEO I
have the rights to to change the license.  This copy here in GnuPG is
currently the most current one thus the change is recorded in this
repository.  This change is also deemed valid for all older versions.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoPost beta release update.
Werner Koch [Thu, 14 Aug 2014 15:15:04 +0000 (17:15 +0200)]
Post beta release update.

--

4 years agoRelease 2.1.0-beta783 gnupg-2.1.0-beta783
Werner Koch [Thu, 14 Aug 2014 15:08:03 +0000 (17:08 +0200)]
Release 2.1.0-beta783

4 years agopo: Update the German (de) translation
Werner Koch [Thu, 14 Aug 2014 15:15:04 +0000 (17:15 +0200)]
po: Update the German (de) translation

4 years agosm: Create homedir and lock empty keybox creation.
Werner Koch [Thu, 14 Aug 2014 15:14:21 +0000 (17:14 +0200)]
sm: Create homedir and lock empty keybox creation.

* sm/gpgsm.h (opt): Add field "no_homedir_creation".
* sm/gpgsm.c (main): Set it if --no-options is used.
* sm/keydb.c (try_make_homedir): New.  Similar to the one from
g10/openfile.c.
(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
(keydb_add_resource): Replace some code by maybe_create_keybox.

4 years agobuild: Yet another autogen.sh --find-version change.
Werner Koch [Thu, 14 Aug 2014 15:07:38 +0000 (17:07 +0200)]
build: Yet another autogen.sh --find-version change.

--

4 years agogpg: Screen keyserver responses.
Werner Koch [Thu, 14 Aug 2014 13:20:53 +0000 (15:20 +0200)]
gpg: Screen keyserver responses.

* g10/main.h (import_screener_t): New.
* g10/import.c (import): Add screener callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (struct ks_retrieval_screener_arg_s): New.
(keyserver_retrieval_screener): New.
(keyserver_get): Pass screener to import_keys_es_stream().
--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring
that the keys fetched from the keyserver are in fact those selected by
the user beforehand.

Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de>
This is an extended and fixed versions of Stefan's patch.  In addition
to the changes done in gnupg 2.0, namely the commits

  5e933008beffbeae7255ece02383606481f9c169
  044847a0e2013a2833605c1a9f80cfa6ef353309
  088f82c0b5e39687f70e44d3ab719854e808eeb6

the symbol names have been changed to "screener" to void mixing them
up with the iobuf filter feature and it has been changed to be used
with the dirmngr based keyserver lookup.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoscd: Minor changes to app-sc-hsm.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
scd: Minor changes to app-sc-hsm.

* scd/app-sc-hsm.c: Re-indendet some parts and set some vars to NULL
after xfree for improbed robustness.
(read_ef_prkd): Replace serial operator by blocks for better
readability.
(apply_PKCS_padding): Rewrite for easier auditing.
(strip_PKCS15_padding): Ditto.  Add stricter check on SRCLEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Disable an MD5 workaround for pgp2 by default.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Disable an MD5 workaround for pgp2 by default.

* g10/sig-check.c (do_check): Move some code to ...
* g10/misc.c (print_md5_rejected_note): new function.
* g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround
only if option --allow-weak-digest-algos is used.

4 years agogpg: Remove options --pgp2 and --rfc1991.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Remove options --pgp2 and --rfc1991.

* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.

4 years agobuild: Fix autogen.sh base version hack.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
build: Fix autogen.sh base version hack.

* autogen.sh <find-version>: Fix.

4 years agogpg: Remove --compress-keys and --compress-sigs feature.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Remove --compress-keys and --compress-sigs feature.

* g10/gpg.c (oCompressKeys, oCompressSigs): Remove.
(opts): Turn --compress-keys and --compress-signs in NOPs.
* g10/options.h (opt): Remove fields compress_keys and compress_sigs.
* g10/export.c (do_export): Remove compress_keys feature.
* g10/sign.c (sign_file): Remove compress_sigs feature.
--

These features are disabled in GnuPG since the very early days and
they fulfill no real purpose.  For now we keep the command line
options as dummys.

4 years agogpg: Add list-option "show-usage".
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Add list-option "show-usage".

* g10/gpg.c (parse_list_options): Add "show-usage".
* g10/options.h (LIST_SHOW_USAGE): New.
* g10/keyid.c (usagestr_from_pk): Add arg FILL.  Change caller.
* g10/keylist.c (list_keyblock_print): Print usage info.

4 years agopo: Remove extra LF from ja.po
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
po: Remove extra LF from ja.po

--

4 years agogpg: Make --with-colons work again for --search-keys.
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
gpg: Make --with-colons work again for --search-keys.

* g10/keyserver.c (search_line_handler): Replace log_debug by
es_printf.

4 years agospeedo: Comment typo fix
Werner Koch [Tue, 12 Aug 2014 08:36:30 +0000 (10:36 +0200)]
speedo: Comment typo fix

--

4 years agocommon: Fix typo in header inclusion protection macro.
Werner Koch [Mon, 11 Aug 2014 15:21:07 +0000 (17:21 +0200)]
common: Fix typo in header inclusion protection macro.

--
GnuPG-bug-id: 1669

4 years agopo: Update Japanese translation.
NIIBE Yutaka [Fri, 8 Aug 2014 01:00:46 +0000 (10:00 +0900)]
po: Update Japanese translation.

4 years agoscd: Minor and editorial changes to app-sc-hsm.c
Werner Koch [Thu, 24 Jul 2014 14:16:53 +0000 (16:16 +0200)]
scd: Minor and editorial changes to app-sc-hsm.c

* scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro.
(parse_certid): Remove useless test.
(send_certinfo, send_keypairinfo): Shrink malloc to the needed size.
(do_getattr): Ditto.
(verify_pin): Use SW_ macro.
(do_decipher): Replace OFS variable and extend comment.
--

Code parts which have not been audited are marked with a warning
pragma.

4 years agoscd: Add a new status word code.
Werner Koch [Thu, 24 Jul 2014 14:16:53 +0000 (16:16 +0200)]
scd: Add a new status word code.

* scd/apdu.h (SW_REF_DATA_INV): New.
* scd/apdu.c (apdu_strerror): Add string.

4 years agoscd: Comment typo fixes.
Werner Koch [Thu, 24 Jul 2014 14:16:53 +0000 (16:16 +0200)]
scd: Comment typo fixes.

--

4 years agoscd: Support for SmartCard-HSM
Andreas Schwier [Fri, 18 Jul 2014 14:20:59 +0000 (16:20 +0200)]
scd: Support for SmartCard-HSM

* scd/app-sc-hsm.c: New.
* scd/app.c (select_application, get_supported_applications): Register
new app.

--
Add a read/only driver for scdaemon that provides access to keys and
certificates on a SmartCard-HSM (www.smartcard-hsm.com).

The driver supports RSA and ECC keys on SmartCard-HSM cards and
USB-Sticks.

The driver does not yet support the MicroSD edition.

--
ChangeLog and FSF copyright year fix by wk.

4 years agogpg: Switch to an EdDSA format with prefix byte.
Werner Koch [Thu, 24 Jul 2014 14:16:53 +0000 (16:16 +0200)]
gpg: Switch to an EdDSA format with prefix byte.

* g10/keygen.c (gen_ecc): USe "comp" for EdDSA.

4 years agopo: Update the German (de) translation
Werner Koch [Wed, 23 Jul 2014 19:12:10 +0000 (21:12 +0200)]
po: Update the German (de) translation

--

4 years agoagent: Show just one warning with all failed passphrase constraints.
Werner Koch [Wed, 23 Jul 2014 17:51:52 +0000 (19:51 +0200)]
agent: Show just one warning with all failed passphrase constraints.

* agent/genkey.c (check_passphrase_constraints): Build a final warning
after all checks.

4 years agoagent: Only one confirmation prompt for an empty passphrase.
Werner Koch [Wed, 23 Jul 2014 17:16:51 +0000 (19:16 +0200)]
agent: Only one confirmation prompt for an empty passphrase.

* agent/genkey.c (check_passphrase_constraints): Moev empty passphrase
check to the front.

4 years agogpg: Add command --quick-gen-key
Werner Koch [Wed, 23 Jul 2014 13:12:43 +0000 (15:12 +0200)]
gpg: Add command --quick-gen-key

* g10/gpg.c (aQuickKeygen): New.
* g10/misc.c (is_valid_user_id): New stub.
* g10/keygen.c (quickgen_set_para): New.
(quick_generate_keypair): New.
--

Note that the validation of the specified user id has not yet been
implemented.