gnupg.git
5 years agogpg: Silent more compiler warnings due to some configure options.
Werner Koch [Mon, 10 Feb 2014 22:12:28 +0000 (23:12 +0100)]
gpg: Silent more compiler warnings due to some configure options.

* g10/keygen.c (generate_keypair, gen_card_key)
(gen_card_key_with_backup) [!ENABLE_CARD_SUPPORT]: Mark unused args.

5 years agotests: Avoid segv if dns cert lookup is not configured.
Werner Koch [Mon, 10 Feb 2014 19:14:14 +0000 (20:14 +0100)]
tests: Avoid segv if dns cert lookup is not configured.

* common/dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Reset return args.

5 years agogpg: Cleanup compiler warnings due to some configure options.
Werner Koch [Mon, 10 Feb 2014 18:48:42 +0000 (19:48 +0100)]
gpg: Cleanup compiler warnings due to some configure options.

* g10/photoid.c (show_photos) [DISABLE_PHOTO_VIEWER]: Mark args as
unused.
* tools/gpgconf-comp.c (my_dgettext): Mark DOMAIN as unused if NLS is
not configured.

5 years agogpg: Allow building without any trust model support.
Werner Koch [Mon, 10 Feb 2014 16:05:54 +0000 (17:05 +0100)]
gpg: Allow building without any trust model support.

* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above.  Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.

* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.

* tests/openpgp/defs.inc (opt_always): New.  Use in all tests instead
of --always-trust.

5 years agotests: Handle disabled algorithms.
Werner Koch [Mon, 10 Feb 2014 09:41:48 +0000 (10:41 +0100)]
tests: Handle disabled algorithms.

* tests/openpgp/mds.test: Skip disabled algorithms.
* tests/openpgp/signencrypt-dsa.test: Ditto.
* tests/openpgp/sigs-dsa.test: Ditto.

5 years agoSilence annoying ABI change warning.
Werner Koch [Wed, 27 Nov 2013 17:38:20 +0000 (18:38 +0100)]
Silence annoying ABI change warning.

* configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6.  Avoid some gcc
option tests for gcc >= 4.6
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d04399a6a8b36a7fea92c304aa7309956a2e352b)

Resolved Conflicts:
configure.ac: merged.

5 years agoAllow disabling of card support.
Werner Koch [Fri, 7 Feb 2014 12:46:36 +0000 (13:46 +0100)]
Allow disabling of card support.

* configure.ac: Add option --disable-card-support.  Also add
am_conditional and do not build scd if card support is enabled.

5 years agogpg: List only available algos in --gen-key.
Werner Koch [Fri, 7 Feb 2014 12:45:11 +0000 (13:45 +0100)]
gpg: List only available algos in --gen-key.

* g10/keygen.c (ask_algo, ask_curve): Take care of GPG_USE_<algo>.

5 years agogpg: Change --print-mds to output enabled OpenPGP algos.
Werner Koch [Fri, 7 Feb 2014 12:43:39 +0000 (13:43 +0100)]
gpg: Change --print-mds to output enabled OpenPGP algos.

* g10/gpg.c (print_mds): Use opengpg_md_test_algo.  Test also for MD5
availibility.

5 years agogpg: Avoid compiler warnings for disabled algos.
Werner Koch [Fri, 7 Feb 2014 08:24:52 +0000 (09:24 +0100)]
gpg: Avoid compiler warnings for disabled algos.

* g10/misc.c (map_cipher_openpgp_to_gcry): Add case for disabled algo.
(openpgp_pk_test_algo2): Ditto.
(map_md_openpgp_to_gcry): Ditto.

5 years agogpg: Change format for the key size in --list-key and --edit-key.
Werner Koch [Wed, 5 Feb 2014 09:37:59 +0000 (10:37 +0100)]
gpg: Change format for the key size in --list-key and --edit-key.

* g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode.
* g10/options.h (struct opt): Add field legacy_list_mode.
* g10/keydb.h (PUBKEY_STRING_SIZE): New.
* g10/keyid.c (pubkey_string): New.
* g10/import.c (import_one, import_secret_one): Use pubkey_string.
* g10/keylist.c (print_seckey_info): Ditto.
(print_pubkey_info, print_card_key_info): Ditto.
(list_keyblock_print): Ditto.
* g10/mainproc.c (list_node): Ditto.
* g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto.
* g10/keyedit.c (show_key_with_all_names): Ditto.  Also change the
format.
(show_basic_key_info): Ditto.
* common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519".
(openpgp_oid_to_curve): Downcase "ed25519"
--

For ECC it seems to be better to show the name of the curve and not
just the size of the prime field.  The curve name does not anymore fit
into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length
format does not work either.  Thus the new format uses

   "rsa2048"    - RSA with 2048 bit
   "elg1024"    - Elgamal with 1024 bit
   "ed25519"    - ECC using the curve Ed25519.
   "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".

unless --legacy-list-mode is given.  In does not anymore line up
nicely in columns thus I expect further changes to this new format.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agogpg: Add configure options to disable algorithms
Werner Koch [Fri, 31 Jan 2014 21:47:11 +0000 (22:47 +0100)]
gpg: Add configure options to disable algorithms

* acinclude.m4 (GNUPG_GPG_DISABLE_ALGO): New.
* configure.ac: Add --enable-gpg-* options to disable non MUS
algorithms.
* g10/misc.c (map_cipher_openpgp_to_gcry): Implement these options.
(openpgp_pk_test_algo2): Ditto.
(map_md_openpgp_to_gcry): Ditto.
(openpgp_cipher_test_algo, openpgp_md_test_algo): Simplify.
--

We have a similar feature in GnuPG-1.  Although we don't shrink the
size of the gpg binary by disabling algorithms (they are implemented
in Libgcrypt), this feature may still be useful for inerop testing.

5 years agogpg: Improve --version algo info output.
Werner Koch [Fri, 31 Jan 2014 14:55:04 +0000 (15:55 +0100)]
gpg: Improve --version algo info output.

* g10/misc.c (openpgp_pk_algo_name): Return a different string for
each ECC algorithm.
* g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the
different algo type enums.
(build_list_pk_algo_name): Ditto.
(build_list_cipher_test_algo): Ditto.
(build_list_cipher_algo_name): Ditto.
(build_list_md_test_algo): Ditto.
(build_list_md_algo_name): Ditto.
(my_strusage): Use them.
(list_config): Ditto. Add "pubkeyname".
(build_list): Add letter==1 hack.

5 years agogpg: Start using OpenPGP digest algo ids.
Werner Koch [Fri, 31 Jan 2014 14:33:03 +0000 (15:33 +0100)]
gpg: Start using OpenPGP digest algo ids.

* g10/misc.c (print_pubkey_algo_note): Use enum typedef for the arg.
(print_cipher_algo_note): Ditto.
(print_digest_algo_note): Ditto.
(map_md_openpgp_to_gcry): New.
(openpgp_md_test_algo): Rewrite.
(openpgp_md_algo_name): Rewrite to do without Libgcrypt.
* g10/cpr.c (write_status_begin_signing): Remove hardwired list of
algo ranges.

5 years agogpg: Use only OpenPGP cipher algo ids.
Werner Koch [Fri, 31 Jan 2014 13:35:49 +0000 (14:35 +0100)]
gpg: Use only OpenPGP cipher algo ids.

* g10/misc.c (map_cipher_openpgp_to_gcry): Use explicit mapping and
use enums for the arg and return value.
(map_cipher_gcry_to_openpgp): Ditto.
(openpgp_cipher_blocklen): Use constant macros.
(openpgp_cipher_test_algo): Use mapping function and prepare to
disable algorithms.
(openpgp_cipher_algo_name): Do not use Libgcrypt.

* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Replace
CGRY_CIPHER_* by CIPHER_ALGO_*.

* common/openpgpdefs.h (cipher_algo_t): Remove unused
CIPHER_ALGO_DUMMY.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agogpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
Werner Koch [Thu, 30 Jan 2014 17:48:37 +0000 (18:48 +0100)]
gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.

* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.

* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.

* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip):  Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--

This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones.  This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.

This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA.  As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF.  Note that EdDSA (Ed25519)
does not yet work and that more changes are required.

The ECC support is still broken right now.  Needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agogpg: Remove cipher.h and put algo ids into a common file.
Werner Koch [Wed, 29 Jan 2014 19:35:05 +0000 (20:35 +0100)]
gpg: Remove cipher.h and put algo ids into a common file.

* common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t)
(compress_algo_t): New.
* agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h.
* g10/cipher.h (DEK): Move to ...
* g10/dek.h: new file.
* g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA)
(PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC)
(PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT)
(PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to
* g10/packet.h: here.
* g10/cipher.h: Remove.  Remove from all files.
* g10/filter.h, g10/packet.h:  Include dek.h.
* g10/Makefile.am (common_source): Remove cipher.h.  Add dek.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoinclude: Remove this directory.
Werner Koch [Wed, 29 Jan 2014 16:39:22 +0000 (17:39 +0100)]
include: Remove this directory.

* include/cipher.h: Move to ...
* g10/cipher.h: here.
* agent/gpg-agent.c: Adjust header file name.

* include/host2net.h: Move to ...
* common/host2net.h: here.  Change license to LGPLv3/GPLv2.  Adjust
notices to reflect that only me worked on that file.

* include/types.h: Remove.
* common/types.h: Include inttypes.h.  Add byte typedef and comments
for __riscos__.
* common/iobuf.h: Adjust header file name.

* include/_regex.h: Remove this unused file.

* include/Makefile.am: Remove.
* Makefile.am (SUBDIRS): Remove "include".
* configure.ac (AC_CONFIG_FILES): Remove include/Makefile.
* include/ChangeLog-2011: Move to ...
* common/ChangeLog-2011.include: here.
* common/Makefile.am (EXTRA_DIST): Add file.

* include/zlib-riscos.h: Move this repo only file to ...
* g10/zlib-riscos.h: here.

* include/: Remove.
--

include/ was a leftover from GnuPG 1.x times.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agogpg: Add another card vendor id.
Werner Koch [Wed, 29 Jan 2014 14:19:20 +0000 (15:19 +0100)]
gpg: Add another card vendor id.

--

5 years agoRemove unused u64 type definitions.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Remove unused u64 type definitions.

* configure.ac: Remove check for uint64 and UINT64_C.
* include/types.h: Remove u64 stuff.
* common/types.h: Ditto.
--

There have been relicts from GnuPG-1.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoagent: Not remove SSH socket when already running.
NIIBE Yutaka [Thu, 16 Jan 2014 01:00:17 +0000 (10:00 +0900)]
agent: Not remove SSH socket when already running.

* agent/gpg-agent.c (main): Defer setting of socket_name_ssh to avoid
removal of the socket when it will die in create_server_socket for
socket_name.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 years agoagent: Fix agent_is_eddsa_key.
NIIBE Yutaka [Thu, 16 Jan 2014 00:07:11 +0000 (09:07 +0900)]
agent: Fix agent_is_eddsa_key.

* agent/findkey.c (agent_is_eddsa_key): Implemented.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 years agoAdd secp256k1.
NIIBE Yutaka [Wed, 15 Jan 2014 06:00:24 +0000 (15:00 +0900)]
Add secp256k1.

* common/openpgp-oid.c (openpgp_curve_to_oid): Add secp256k1.
(openpgp_oid_to_curve): Likewise.

* g10/keygen.c (ask_curve): Add secp256k1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 years agospeedo: Add support for gpgex.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
speedo: Add support for gpgex.

--
Speedo is now able to build gpgex for Windows.  Building gpa for
Windows does not yet work due to a bunch of other dependencies.

5 years agospeedo: Minor improvements.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
speedo: Minor improvements.

--

5 years agoautogen.sh: Add rule for 64 bit windows.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
autogen.sh: Add rule for 64 bit windows.

5 years agoTurn autogen.sh into a generic script.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Turn autogen.sh into a generic script.

* autogen.sh: Revamp.
* autogen.rc: New.
* Makefile.am (EXTRA_DIST): Add autogen.rc.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoRename scripts/ to build-aux/
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Rename scripts/ to build-aux/

* scripts/: Rename to build-aux/
* Makefile.am: Adjust accordingly.
* configure.ac (AC_CONFIG_AUX_DIR): Change to build-aux.

5 years agoImprove the speedo make script.
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
Improve the speedo make script.

* scripts/gpg-w32-dev/README: Remove
* scripts/gpg-w32-dev/GNUmakefile, scripts/gpg-w32-dev/speedo.mk:
Merge into ..
* scripts/speedo.mk: this.
--

Speedo may now be used to build from GIT or tarballs and has a couple
of other improvements as well.  For best results the autogen.sh files
of all source package should be updated to the one used in gnupg.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoautogen.sh: Add envvar AUTOGEN_SH_SILENT
Werner Koch [Thu, 9 Jan 2014 18:14:09 +0000 (19:14 +0100)]
autogen.sh: Add envvar AUTOGEN_SH_SILENT

--

5 years agogpgsplit: Allow building without zlib support.
Werner Koch [Thu, 9 Jan 2014 18:05:07 +0000 (19:05 +0100)]
gpgsplit: Allow building without zlib support.

* tools/gpgsplit.c [!HAVE_ZLIB]: Do not include zlib.h.
(handle_zlib): Build only if HAVE_ZLIB is defined.
(write_part): Support zlib and zip only if HAVE_ZLIB is defined.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agow32: Fix backslash quoting in registry name.
Werner Koch [Thu, 9 Jan 2014 16:51:46 +0000 (17:51 +0100)]
w32: Fix backslash quoting in registry name.

* configure.ac (GNUPG_REGISTRY_DIR): Double backslashes.

5 years agoFix test for zlib.
Werner Koch [Thu, 9 Jan 2014 14:36:35 +0000 (15:36 +0100)]
Fix test for zlib.

* configure.ac (HAVE_ZLIB): Define only if found.

5 years agoAdd --enable-silent-rules stuff.
Werner Koch [Wed, 8 Jan 2014 15:47:46 +0000 (16:47 +0100)]
Add --enable-silent-rules stuff.

* configure.ac: Add AM_SILENT_RULES.

5 years agoAdd i686-w64-mingw32 as w32 toolchain to autogen.sh.
Werner Koch [Wed, 8 Jan 2014 16:03:21 +0000 (17:03 +0100)]
Add i686-w64-mingw32 as w32 toolchain to autogen.sh.

--

5 years agow32: Add macro for the registry key.
Werner Koch [Wed, 8 Jan 2014 10:47:07 +0000 (11:47 +0100)]
w32: Add macro for the registry key.

* configure.ac (GNUPG_REGISTRY_DIR) [W32]: New ac-define.
* common/homedir.c (default_homedir): Use it.
* common/logging.c (do_logv): Use it.

5 years agogpg: Change --show-session-key to print the session key earlier.
Werner Koch [Wed, 11 Dec 2013 09:20:15 +0000 (10:20 +0100)]
gpg: Change --show-session-key to print the session key earlier.

* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
--

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agogpg: Change OID of Ed25519 and add Brainpool oids.
Werner Koch [Tue, 22 Oct 2013 12:26:53 +0000 (14:26 +0200)]
gpg: Change OID of Ed25519 and add Brainpool oids.

* common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for
Ed25519.  Add brainpool OIDs.
(openpgp_oid_to_curve): Ditto.
--

This change is required to the change in Libgcrypt.  Note that we will
likely use a different OpenPGP algorithm ID for EdDSA and thus the
current Ed25519 implementation will not stay with us.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agocommon: Add put_membuf_printf.
Werner Koch [Fri, 29 Nov 2013 14:37:23 +0000 (15:37 +0100)]
common: Add put_membuf_printf.

* common/membuf.c (put_membuf_printf): New.
--

This is just a convenience function for easier code readability.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoAdd rendered versions of the gnupg logo to artwork.
Werner Koch [Fri, 29 Nov 2013 12:37:40 +0000 (13:37 +0100)]
Add rendered versions of the gnupg logo to artwork.

--

5 years agogpg: Change armor Version header to emit only the major version.
Werner Koch [Wed, 27 Nov 2013 08:20:02 +0000 (09:20 +0100)]
gpg: Change armor Version header to emit only the major version.

* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version
values.
--

GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoMake use of the *_NAME etc macros.
Werner Koch [Mon, 18 Nov 2013 13:09:47 +0000 (14:09 +0100)]
Make use of the *_NAME etc macros.

Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.

* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.

5 years agoAdd strusage macro replacement feature.
Werner Koch [Mon, 18 Nov 2013 12:46:52 +0000 (13:46 +0100)]
Add strusage macro replacement feature.

* common/argparse.c (writechar): New.
(writestrings): Add macro replacement feature.
(show_help): Remove specialized @EMAIL@ replacement.
* configure.ac (GNUPG_NAME, GPG_NAME, GPGSM_NAME): Define.
(GPG_AGENT_NAME, DIRMNGR_NAME, G13_NAME, GPGCONF_NAME): Define.
(GPGTAR_NAME, GPG_AGENT_INFO_NAME, GPG_AGENT_SOCK_NAME): Define.
(GPG_AGENT_SSH_SOCK_NAME, DIRMNGR_INFO_NAME): Define.
(DIRMNGR_SOCK_NAME): Define.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agokbx: Implement update operation for OpenPGP keyblocks.
Werner Koch [Fri, 15 Nov 2013 14:54:31 +0000 (15:54 +0100)]
kbx: Implement update operation for OpenPGP keyblocks.

* kbx/keybox-update.c (keybox_update_keyblock): Implement.
* kbx/keybox-search.c (get_blob_flags): Move to ...
* kbx/keybox-defs.h (blob_get_type): here.
* kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB.
* g10/keydb.c (build_keyblock_image): Allow calling without
R_SIGSTATUS.
(keydb_update_keyblock): Implement for keybox.

* kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed
size.  Print "does not expire" also on 64 bit platforms.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoFix minor compiler warnings.
Werner Koch [Fri, 15 Nov 2013 08:23:40 +0000 (09:23 +0100)]
Fix minor compiler warnings.

--

5 years agogpg: Rework ECC support and add experimental support for Ed25519.
Werner Koch [Fri, 15 Nov 2013 07:59:45 +0000 (08:59 +0100)]
gpg: Rework ECC support and add experimental support for Ed25519.

* agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
(agent_is_dsa_key): Ditto.
(agent_is_eddsa_key): New.  Not finished, though.
* agent/pksign.c (do_encode_eddsa): New.
(agent_pksign_do): Use gcry_log_debug functions.
* agent/protect.c (agent_protect): Parse a flags parameter.
* g10/keygen.c (gpg_curve_to_oid): Move to ...
* common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
(oid_ed25519): New.
(openpgp_oid_is_ed25519): New.
(openpgp_oid_to_curve): New.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
* g10/build-packet.c (gpg_mpi_write): Write the length header also for
opaque MPIs.
(gpg_mpi_write_nohdr): New.
(do_key): Use gpg_mpi_write_nohdr depending on algorithm.
(do_pubkey_enc): Ditto.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
gpg_mpi_write_nohdr.
* g10/export.c (transfer_format_to_openpgp):
* g10/keygen.c (ecckey_from_sexp): Return the error.
(gen_ecc): Repalce arg NBITS by CURVE.
(read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
(ask_curve): New.
(generate_keypair, generate_subkeypair): Use ask_curve.
(do_generate_keypair): Also pass curve name.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
curve name.
* g10/parse-packet.c (mpi_read): Remove workaround for
Libcgrypt < 1.5.
(parse_key): Fix ECC case.  Print the curve name.
* g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
(pk_verify, pk_check_secret_key): Add special case for Ed25519.
* g10/seskey.c (encode_md_value): Ditto.
* g10/sign.c (do_sign, hash_for, sign_file): Ditto.
--

Be warned that this code is subject to further changes and that the
format will very likely change before a release.  There are also known
bugs and missing code.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agokbx: Fix possible segv in kbxdump.
Werner Koch [Fri, 15 Nov 2013 07:36:39 +0000 (08:36 +0100)]
kbx: Fix possible segv in kbxdump.

* kbx/keybox-dump.c (_keybox_dump_blob): Check length before get32.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoRequire Libgcrypt 1.6
Werner Koch [Mon, 11 Nov 2013 10:33:14 +0000 (11:33 +0100)]
Require Libgcrypt 1.6

* agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check
--

Now that we have decided on a release plan for Libgcrypt 1.6 and given
all the improvements it makes more sense to make use of these
improvements than to clutter the GnuPG code with workarounds for older
Libgcrypt versions.

5 years agoscd: more pinpad input fix for PC/SC.
NIIBE Yutaka [Wed, 13 Nov 2013 07:43:26 +0000 (16:43 +0900)]
scd: more pinpad input fix for PC/SC.

* scd/apdu.c (check_pcsc_pinpad): Set default values here.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
values, as it's too late.

--

GnuPG-bug-id: 1549

5 years agoscd: more pinpad fix.
NIIBE Yutaka [Mon, 11 Nov 2013 07:41:43 +0000 (16:41 +0900)]
scd: more pinpad fix.

* scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
those are specified.
(pcsc_pinpad_modify): Remove old check code.

--

GnuPG-bug-id: 1549

5 years agoscd: pinpad fix for PC/SC on Windows.
NIIBE Yutaka [Tue, 29 Oct 2013 00:07:05 +0000 (09:07 +0900)]
scd: pinpad fix for PC/SC on Windows.

* scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.

5 years agodoc: Change yat2m to allow arbitrary condition names.
Werner Koch [Mon, 28 Oct 2013 06:05:41 +0000 (07:05 +0100)]
doc: Change yat2m to allow arbitrary condition names.

* doc/yat2m.c (MAX_CONDITION_NESTING): New.
(gpgone_defined): Remove.
(condition_s, condition_stack, condition_stack_idx): New.
(cond_is_active, cond_in_verbatim): New.
(add_predefined_macro, set_macro, macro_set_p): New.
(evaluate_conditions, push_condition, pop_condition): New.
(parse_file): Rewrite to use the condition stack.
(top_parse_file): Set prefined macros.
(main): Change -D to define arbitrary macros.
--

This change allows the use of other conditionals than "gpgone" and
thus make "gpgtwoone" et al. actually work.  It does now also track
conditionals over included files.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoscd: fix pinpad input on Windows.
NIIBE Yutaka [Fri, 25 Oct 2013 00:57:31 +0000 (09:57 +0900)]
scd: fix pinpad input on Windows.

* scd/apdu.c (open_pcsc_reader_direct): Don't call
pcsc_vendor_specific_init here, but...
(connect_pcsc_card): Call it here.

--

Thanks to Martin Wolters for the bug report.

5 years agopo: Update Japanese translation.
NIIBE Yutaka [Wed, 23 Oct 2013 05:44:27 +0000 (14:44 +0900)]
po: Update Japanese translation.

5 years agoscd: add pinpad readers information for PC/SC service.
NIIBE Yutaka [Wed, 16 Oct 2013 00:52:18 +0000 (09:52 +0900)]
scd: add pinpad readers information for PC/SC service.

* scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN
Advance.

--

5 years agoscd: remove pin length check.
NIIBE Yutaka [Tue, 15 Oct 2013 01:44:51 +0000 (10:44 +0900)]
scd: remove pin length check.

* scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin
length.

--
GnuPG-bug-id: 1549

5 years agodoc: Some gpg and gpgv clarifications.
Werner Koch [Fri, 4 Oct 2013 12:31:35 +0000 (14:31 +0200)]
doc: Some gpg and gpgv clarifications.

--
GnuPG-bug-id: 1486, 1537

5 years agogpg: Limit the nesting level of I/O filters.
Werner Koch [Fri, 4 Oct 2013 06:20:49 +0000 (08:20 +0200)]
gpg: Limit the nesting level of I/O filters.

* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.

* g10/mainproc.c (mainproc_context): New field ANY.  Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY.  Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--

This is a more general fix for the nested compression packet bug.  In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream.  This patch also reduces the
number of error messages for the non-import case.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 35e40e2d514223c950c2f6d1214e02e92d87e997)

Resolved conflicts:
common/iobuf.c
g10/mainproc.c

5 years agogpg: Fix bug with deeply nested compressed packets.
Werner Koch [Wed, 2 Oct 2013 07:11:43 +0000 (09:11 +0200)]
gpg: Fix bug with deeply nested compressed packets.

* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoRegister DCO for Kyle Butt.
Werner Koch [Tue, 1 Oct 2013 12:40:46 +0000 (14:40 +0200)]
Register DCO for Kyle Butt.

--

5 years agoSwitch to deterministic DSA.
Werner Koch [Sat, 7 Sep 2013 08:06:46 +0000 (10:06 +0200)]
Switch to deterministic DSA.

* agent/pksign.c (rfc6979_hash_algo_string): New.
(do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979.
--

Now that we have a good (and not NSA/NIST demanded ;-) specification
on how to use DSA without a random nonce, we take advantage of it and
thus avoid pitfalls related to a misbehaving RNG during signature
creation.

Note that OpenPGP has the option of using a longer hash algorithm but
truncated to what is suitable for the used DSA key size.  The hash
used as input to RFC-6979 will also be one with an appropriate digest
length but not a truncated one.  This is allowed by RFC-6979.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoscd: Suppress gcc warning about possible uninitialized use.
Werner Koch [Fri, 30 Aug 2013 08:28:26 +0000 (10:28 +0200)]
scd: Suppress gcc warning about possible uninitialized use.

* scd/app-nks.c (parse_pwidstr): Always init r_pwid.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agogpg: Use 2048 as the default keysize in batch mode.
Werner Koch [Fri, 30 Aug 2013 08:27:21 +0000 (10:27 +0200)]
gpg: Use 2048 as the default keysize in batch mode.

* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agogpgtar: Fix building for systems with a separate libintl.
Werner Koch [Fri, 30 Aug 2013 08:05:08 +0000 (10:05 +0200)]
gpgtar: Fix building for systems with a separate libintl.

* tools/Makefile.am (gpgtar_LDADD): Add LIBINTL and LIBICONV.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoscd: Use vendor and product id macros also in apdu.c
Werner Koch [Fri, 30 Aug 2013 07:28:17 +0000 (09:28 +0200)]
scd: Use vendor and product id macros also in apdu.c

* scd/ccid-driver.c: Move vendor and product ids to ...
* scd/ccid-driver.h: here.
* scd/apdu.c (CCID_DRIVER_INCLUDE_USB_IDS): Define to include ids.
(pcsc_vendor_specific_init): Use vendor and product id macros.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoscd: PC/SC pinpad input improvement.
NIIBE Yutaka [Fri, 30 Aug 2013 02:06:50 +0000 (11:06 +0900)]
scd: PC/SC pinpad input improvement.

* scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
PINPAD_VERLEN_SUPPORTED.
(CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
PCSCv2_PART10_PROPERTY_*): New.
(new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
(pcsc_vendor_specific_init): New.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
pcsc_vendor_specific_init.
(check_pcsc_pinpad): Not detect here but use the result of
pcsc_vendor_specific_init.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.

--

Signed-off-by: NIIBE Yutaka
--

5 years agoscd: add support for RSA_CRT and RSA_CRT_N key import.
Jonas Borgström [Wed, 28 Aug 2013 09:21:10 +0000 (11:21 +0200)]
scd: add support for RSA_CRT and RSA_CRT_N key import.

* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.

--

Updates of original patch by wk:

  -      unsigned char *rsa_u, *rsa_dp, rsa_dq;
  +      unsigned char *rsa_u, *rsa_dp, *rsa_dq;

and AUTHORS.  Missing signed-off-by assumed due to DCO send the other
day.

5 years agokbx: Add a few macros for easier readability.
Werner Koch [Thu, 29 Aug 2013 15:39:35 +0000 (17:39 +0200)]
kbx: Add a few macros for easier readability.

* kbx/keybox-update.c (FILECOPY_INSERT)
(FILECOPY_DELETE, FILECOPY_UPDATE): New macros.  Replace numbers by
them.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoFix commit 04e2c83f.
Werner Koch [Wed, 28 Aug 2013 15:58:43 +0000 (17:58 +0200)]
Fix commit 04e2c83f.

* agent/command-ssh.c (stream_read_string): Do not assign to a NULL
ptr.

5 years agogpg: Make decryption with the OpenPGP card work.
Werner Koch [Mon, 26 Aug 2013 15:29:54 +0000 (17:29 +0200)]
gpg: Make decryption with the OpenPGP card work.

* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt):  Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--

Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available.  Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoagent: Fix two compiler warnings.
Werner Koch [Thu, 22 Aug 2013 07:35:21 +0000 (09:35 +0200)]
agent: Fix two compiler warnings.

* agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu
in format string.
* scd/ccid-driver.c (ccid_get_atr): Ditto.
* agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to
avoid maybe_unitialized warning.
--

Actually the first one might have been a problem on big endian
machines.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 years agoscd: fix parsing login-data DO.
NIIBE Yutaka [Tue, 27 Aug 2013 01:23:09 +0000 (10:23 +0900)]
scd: fix parsing login-data DO.

* scd/app-openpgp.c (parse_login_data): Release RELPTR.  Fix parsing.

--

Signed-off-by: NIIBE Yutaka
5 years agoscd: fix Vega for Alpha reader.
NIIBE Yutaka [Tue, 27 Aug 2013 01:15:46 +0000 (10:15 +0900)]
scd: fix Vega for Alpha reader.

* scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
and size of command.

--

Signed-off-by: NIIBE Yutaka
6 years agoscd: Make SPRx32 pinpad work with PC/SC on Windows.
Werner Koch [Wed, 21 Aug 2013 14:45:48 +0000 (16:45 +0200)]
scd: Make SPRx32 pinpad work with PC/SC on Windows.

* scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
(SCARD_CTL_CODE): Define if not defined.
(reader_table_s): Add is_spr532.
(new_reader_slot): Clear it.
(check_pcsc_pinpad): Set it.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoscd: Improve --enable-pinpad-varlen.
Werner Koch [Wed, 21 Aug 2013 13:44:52 +0000 (15:44 +0200)]
scd: Improve --enable-pinpad-varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Add
enable-pinpad-varlen.
* scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoagent: Extend cmd KEYINFO to return data from sshcontrol.
Werner Koch [Thu, 8 Aug 2013 19:22:38 +0000 (21:22 +0200)]
agent: Extend cmd KEYINFO to return data from sshcontrol.

* agent/command-ssh.c (struct control_file_s): Rename to
ssh_control_file_s.
(ssh_open_control_file, ssh_close_control_file)
(ssh_read_control_file, ssh_search_control_file): New.
(control_file_t):  Rename and move to ...
* agent/agent.h (ssh_control_file_t): here.
* agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
and confirm. Rename unknown keytype indicator from '-' to 'X'.  Extend
output.
(cmd_keyinfo): Add options --ssh-list and --with-ssh.
--

This extension allows the development of frontends to manage the
sshcontrol file.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agogpg: No need to create a trustdb when encrypting with --always-trust.
Werner Koch [Fri, 2 Aug 2013 07:10:17 +0000 (09:10 +0200)]
gpg: No need to create a trustdb when encrypting with --always-trust.

* g10/gpg.c (main): Special case setup_trustdb for --encrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agow32: Fix recent patch 9ff72e4.
Werner Koch [Thu, 1 Aug 2013 17:54:11 +0000 (19:54 +0200)]
w32: Fix recent patch 9ff72e4.

* common/homedir.c (check_portable_app): Fix the name of the control
file.

6 years agoagent: Include missing prototype.
Werner Koch [Thu, 1 Aug 2013 09:32:05 +0000 (11:32 +0200)]
agent: Include missing prototype.

* agent/protect.c: Include cvt-openpgp.h.

6 years agow32: Add code to support a portable use of GnuPG.
Werner Koch [Thu, 1 Aug 2013 09:20:48 +0000 (11:20 +0200)]
w32: Add code to support a portable use of GnuPG.

* common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
(check_portable_app) [W32]: New.
(standard_homedir, default_homedir) [W32]: Support the portable flag.
(w32_rootdir, w32_commondir) [W32]: Ditto.
(gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto.
* common/logging.h (JNLIB_LOG_NO_REGISTRY): New.
* common/logging.c (no_registry): New variable.
(log_set_prefix, log_get_prefix): Set/get that variable.
(do_logv): Do not check the registry if that variable is set.
--

Beware: This code has not been tested because it is not yet possible
to build GnuPG 2.1 for Windows.  However, the code will be the base
for an implementation in 2.0.

A portable use of GnuPG under Windows means that GnuPG uses a home
directory depending on the location of the actual binary.  No registry
variables are considered.  The portable mode is enabled if in the
installation directory of the the binary "gpgconf.exe" and a
file "gpgconf.ctl" are found.  The latter file is empty or consists
only of empty or '#' comment lines.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoSilence compiler warning about deprecated Libgcrypt symbols
Werner Koch [Thu, 1 Aug 2013 09:06:22 +0000 (11:06 +0200)]
Silence compiler warning about deprecated Libgcrypt symbols

* configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
--

Some gcc versions emit deprecated warning for such flagged Libgcrypt
symbols; even if they are not used.

6 years agow32: Change autogen.sh to use npth.
Werner Koch [Thu, 1 Aug 2013 09:03:24 +0000 (11:03 +0200)]
w32: Change autogen.sh to use npth.

--

6 years agodirmngr: Define missing LDAP constant
Werner Koch [Thu, 1 Aug 2013 09:02:03 +0000 (11:02 +0200)]
dirmngr: Define missing LDAP constant

* dirmngr/ldap-url.c (LDAP_SCOPE_DEFAULT): Define if missing.

6 years agoscd: Fix a syntax error for Apple and Windows.
Werner Koch [Thu, 1 Aug 2013 09:01:01 +0000 (11:01 +0200)]
scd: Fix a syntax error for Apple and Windows.

* scd/apdu.c (pcsc_dword_t) [W32]: Fix syntax error.

6 years agocommon: Fix a build error when using adns.
Werner Koch [Thu, 1 Aug 2013 08:30:27 +0000 (10:30 +0200)]
common: Fix a build error when using adns.

* common/dns-cert.c (get_dns_cert) [USE_ADNS]: Fix synatx error.
--

(fixes commit 31f548a18aed729c05ea367f2d8a8104480430d5)

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agocommon: Comment out unused code.
Werner Koch [Wed, 31 Jul 2013 14:15:01 +0000 (16:15 +0200)]
common: Comment out unused code.

* common/w32-reg.c (write_w32_registry_string): Comment out.

6 years agodirmngr: Remove unused file.
Werner Koch [Wed, 31 Jul 2013 14:14:00 +0000 (16:14 +0200)]
dirmngr: Remove unused file.

* dirmngr/get-path.c: Remove.

6 years agosm: Remove cruft from source files.
Werner Koch [Thu, 27 Jun 2013 09:40:12 +0000 (11:40 +0200)]
sm: Remove cruft from source files.

* sm/keydb.c, sm/keydb.h: Remove disabled code parts.

6 years agoModernize two format string file name quotes.
Werner Koch [Thu, 27 Jun 2013 07:28:43 +0000 (09:28 +0200)]
Modernize two format string file name quotes.

--

6 years agoPrepare for newer automake versions.
Werner Koch [Thu, 27 Jun 2013 07:22:00 +0000 (09:22 +0200)]
Prepare for newer automake versions.

* configure.ac (AM_INIT_AUTOMAKE): Replace 2 argument form by the
option form.  Add options from the top Makefile.
(AM_CONFIG_HEADER): Rename to AC_CONFIG_HEADER.
* Makefile.am (AUTOMAKE_OPTIONS): Remove.

* kbx/Makefile.am: Remove INCLUDES.  Include cmacros.am.  FActor some
AM_CPPFLAGS options to  AM_CFLAGS.

6 years agoUpdate AUTHORS.
Werner Koch [Wed, 26 Jun 2013 21:37:40 +0000 (23:37 +0200)]
Update AUTHORS.

--

6 years agoFix Makefile regression.
Werner Koch [Wed, 26 Jun 2013 21:23:18 +0000 (23:23 +0200)]
Fix Makefile regression.

* agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong
resolve conflict 2013-04-25.
(gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps
(gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags.
--

This fixes 88e24341e57c96e31a25e92e09d67989e64cc1c1.  Thanks to
Christian Aistleitner for pinpointing this bug.  Am sorry for accusing
automake to have introduced this bug; I should have washed my own eyes.

GnuPG-bug-id: 1511

6 years agoImplement unattended OpenPGP secret key import.
Werner Koch [Wed, 22 May 2013 08:50:12 +0000 (09:50 +0100)]
Implement unattended OpenPGP secret key import.

* agent/command.c (cmd_import_key): Add option --unattended.
* agent/cvt-openpgp.c (convert_transfer_key): New.
(do_unprotect): Factor some code out to ...
(prepare_unprotect): new function.
(convert_from_openpgp): Factor all code out to ...
(convert_from_openpgp_main): this.  Add arg 'passphrase'.  Implement
openpgp-native protection modes.
(convert_from_openpgp_native): New.
* agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion
* agent/protect-tool.c (convert_from_openpgp_native): Ditto.
* agent/protect.c (agent_unprotect): Add arg CTRL.  Adjust all
callers.  Support openpgp-native protection.
* g10/call-agent.c (agent_import_key): Add arg 'unattended'.
* g10/import.c (transfer_secret_keys): Use unattended in batch mode.
--

With the gpg-agent taking care of the secret keys, the user needs to
migrate existing keys from secring.gpg to the agent.  This and also
the standard import of secret keys required the user to unprotect the
secret keys first, so that gpg-agent was able to re-protected them
using its own scheme.  With many secret keys this is quite some
usability hurdle.  In particular if a passphrase is not instantly
available.

To make this migration smoother, this patch implements an unattended
key import/migration which delays the conversion to the gpg-agent
format until the key is actually used.  For example:

   gpg2 --batch --import mysecretkey.gpg

works without any user interaction due to the use of --batch.  Now if
a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent
has to ask for the passphrase anyway, converts the key from the
openpgp format to the internal format, signs, re-encrypts the key and
tries to store it in the gpg-agent format to the disk.  The next time,
the internal format of the key is used.

This patch has only been tested with the old demo keys, more tests
with other protection formats and no protection are needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoNew debug functions log_printcanon and log_printsexp.
Werner Koch [Tue, 21 May 2013 13:00:00 +0000 (14:00 +0100)]
New debug functions log_printcanon and log_printsexp.

* common/sexputil.c (sexp_to_string, canon_sexp_to_string): New.
(log_printcanon, log_printsexp): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoagent: Fix length detection of canonical formatted openpgp keys.
Werner Koch [Tue, 21 May 2013 12:00:16 +0000 (13:00 +0100)]
agent: Fix length detection of canonical formatted openpgp keys.

* agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to
gcry_sexp_canon_len.
--

We used to pass KEYLEN to the gcry_sexp_canon_len for no good reason:
convert_from_openpgp is guaranteed to return a valid canonical
S-expression and KEYLEN would thus act only as an upper limit.  This
is not a problem because usually the original input key is longer than
the returned unprotected key.  A future patch may change this
assertion and thus we better fix this bug now.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoagent: New option --disable-check-own-socket.
Werner Koch [Tue, 21 May 2013 11:10:00 +0000 (12:10 +0100)]
agent: New option --disable-check-own-socket.

* agent/gpg-agent.c (oDisableCheckOwnSocket): New.
(disable_check_own_socket): New.
(parse_rereadable_options): Set new option.
(check_own_socket): Implement new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agow32: Add icons and version information.
Werner Koch [Thu, 25 Apr 2013 11:00:16 +0000 (12:00 +0100)]
w32: Add icons and version information.

* common/gnupg.ico: New.  Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 049b3d9ca0285d15c00c215ac9b533c994196ca4)

Solved conflicts in:

agent/Makefile.am
common/Makefile.am
g10/Makefile.am
scd/Makefile.am
sm/Makefile.am
tools/Makefile.am

6 years agodoc: fix some Texinfo warnings.
Ian Abbott [Thu, 25 Apr 2013 11:00:16 +0000 (12:00 +0100)]
doc: fix some Texinfo warnings.

* doc/gpg.texi: Fix syntax and add missing menu entries.
* doc/gpgsm.texi: Fix subsectioning.
--

These five patches fix some warnings from Texinfo 5 by adding some
missing nodes and changing some sections to subsections, and moving an
'@end ifset' to the start of a line.  I also noticed the 'Deprecated
options' subsection didn't appear in the GPG options menu, so I added
it.  (Texinfo never warned about it because it was after the last node
in the menu.)

1) doc/gpg.texi: move '@end ifset' to start of line
2) doc/gpg.texi: Add missing node for 'Compliance options' section.
3) doc/gpg.texi: add node for 'Deprecated options' subsection.
4) doc/gpg.texi: make 'Unattended key generation' a subsection
5) doc/gpgsm.texi: fix subsectioning for Unattended Usage

(all 5 merged into one patch by wk)

(cherry picked from commit 4d67f59a336bfa0ff19fc23209940724196fd886)

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoFix potential heap corruption in "gpg -v --version".
Werner Koch [Sat, 15 Dec 2012 10:28:00 +0000 (11:28 +0100)]
Fix potential heap corruption in "gpg -v --version".

* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
(cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1)

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agogpgsm: Remove non-implemented commands from --help.
Werner Koch [Thu, 18 Apr 2013 12:40:43 +0000 (14:40 +0200)]
gpgsm: Remove non-implemented commands from --help.

* sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric,
--send-keys, and --recv-keys.

--

GnuPG-bug-id: 1064
Signed-off-by: Werner Koch <wk@gnupg.org>