5 years agogpg: Spelling error
Kristian Fiskerstrand [Wed, 2 Jul 2014 11:32:23 +0000 (13:32 +0200)]
gpg: Spelling error

5 years agospeedo: Update w32 installer
Werner Koch [Wed, 25 Jun 2014 12:33:34 +0000 (14:33 +0200)]
speedo: Update w32 installer


5 years agodoc: Add gnupg-logo.pdf
Werner Koch [Wed, 25 Jun 2014 12:33:34 +0000 (14:33 +0200)]
doc: Add gnupg-logo.pdf


5 years agogpg: Auto-create revocation certificates.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg: Auto-create revocation certificates.

* (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.

GnuPG-bug-id: 1042

5 years agoestream: Fix minor glitch in "%.*s" format.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
estream: Fix minor glitch in "%.*s" format.

* common/estream-printf.c (pr_string): Take care of non-nul terminated

5 years agogpg: Rearrange code in gen_revoke.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg: Rearrange code in gen_revoke.

* g10/revoke.c (gen_revoke): Factor some code out to ...
(create_revocation): new.

5 years agogpg: Create exported secret files and revocs with mode 700.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg: Create exported secret files and revocs with mode 700.

* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM.  Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
* g10/export.c (do_export): Pass true for new arg if SECRET is true.

GnuPG-bug-id: 1653.

Note that this works only if --output has been used.

5 years agocommon: Minor code cleanup for a legacy OS.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
common: Minor code cleanup for a legacy OS.

* common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals.

5 years agospeedo: Fix the w32 installer name
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
speedo: Fix the w32 installer name

5 years agopo: Auto-update
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
po: Auto-update


5 years agopo: Update some strings of the French (fr) translation.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
po: Update some strings of the French (fr) translation.

5 years agopo: Update the German (de) translation
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
po: Update the German (de) translation

5 years agoagent: Adjust for changed npth_eselect under W32.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
agent: Adjust for changed npth_eselect under W32.

* agent/gpg-agent.c (handle_connections) [W32]: Make events_set an
unsigned int to match the changed prototype.

5 years agodirmngr: Use the homedir based socket also under W32.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
dirmngr: Use the homedir based socket also under W32.

* common/homedir.c (dirmngr_user_socket_name): Use same code for all

5 years agopo: Update and enable Ukrainian (uk) translation.
Yuri Chornoivan [Fri, 27 Jun 2014 13:42:27 +0000 (15:42 +0200)]
po: Update and enable Ukrainian (uk) translation.

5 years agoFix typos in messages
Yuri Chornoivan [Sun, 22 Jun 2014 14:33:04 +0000 (17:33 +0300)]
Fix typos in messages

5 years agobuild: Remove unused options.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
build: Remove unused options.

* Remove option --build-agent-only.
(FAKE_CURL, GPGKEYS_CURL): Remove check for cURL
(GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused
(GPGKEYS_KDNS): Remove ac_subst.
* autogen.rc (final_info): Remove suggestion to use the removed option

5 years agoscd: Add pinpad support for REINER SCT cyberJack go
NIIBE Yutaka [Tue, 23 Apr 2013 23:36:31 +0000 (08:36 +0900)]
scd: Add pinpad support for REINER SCT cyberJack go

* scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New.
* scd/ccid-driver.c (ccid_transceive_secure): Handle the case for
VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change).

This is revised version which adapts changes of ccid-driver and was
later ported from branch-2.0 to master (2.1)

5 years agoscd: Support reader Gemalto IDBridge CT30
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
scd: Support reader Gemalto IDBridge CT30

* scd/ccid-driver.h (GEMPC_CT30): New product id.
* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that

GnuPG-bug-id: 1638

5 years agogpg: Limit keysize for unattended key generation to useful values.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg: Limit keysize for unattended key generation to useful values.

* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.

It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"

5 years agoEnable DNS SRV records again.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
Enable DNS SRV records again.

* (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst.
(use_dns_srv): Make test work.

5 years agoagent: Fix export of RSA keys to OpenPGP.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
agent: Fix export of RSA keys to OpenPGP.

* agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format

5 years agogpg,gpgsm: Simplify wrong_args function.
Werner Koch [Wed, 25 Jun 2014 18:25:28 +0000 (20:25 +0200)]
gpg,gpgsm: Simplify wrong_args function.

5 years agospeedo: "make clean-gnupg" may not remove the source.
Werner Koch [Wed, 25 Jun 2014 17:44:28 +0000 (19:44 +0200)]
speedo: "make clean-gnupg" may not remove the source.

* build-aux/ (clean-$(1)): Take care of gnupg.

I learned it the hard way and lost a bunch of stashed changes.

5 years agogpgsm: Fix default config name.
Werner Koch [Wed, 25 Jun 2014 17:26:33 +0000 (19:26 +0200)]
gpgsm: Fix default config name.

5 years agodoc: Improve the rendering of the manual
Werner Koch [Wed, 25 Jun 2014 09:15:45 +0000 (11:15 +0200)]
doc: Improve the rendering of the manual

5 years agodoc: Update for modern makeinfo.
Werner Koch [Tue, 3 Jun 2014 11:34:24 +0000 (13:34 +0200)]
doc: Update for modern makeinfo.

* doc/texi.css: Remove.
* doc/ (AM_MAKEINFOFLAGS): Use --css-ref.

5 years agogpg: Allow key-to-card upload for cert-only keys
Werner Koch [Tue, 24 Jun 2014 07:13:38 +0000 (09:13 +0200)]
gpg: Allow key-to-card upload for cert-only keys

* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.

Suggested-by: Dominik Heidler <>
5 years agodoc: Add note regarding gpg-preset-passphrase and --max-cache-ttl.
Werner Koch [Tue, 24 Jun 2014 11:46:52 +0000 (13:46 +0200)]
doc: Add note regarding gpg-preset-passphrase and --max-cache-ttl.

GnuPG-bug-id: 1615

5 years agodoc: Improve the description of gpg's --export commands.
Werner Koch [Tue, 24 Jun 2014 10:21:54 +0000 (12:21 +0200)]
doc: Improve the description of gpg's --export commands.

GnuPG-bug-id: 1655

5 years agoRegister DCO for Stefan Tomanek.
Werner Koch [Tue, 24 Jun 2014 09:47:51 +0000 (11:47 +0200)]
Register DCO for Stefan Tomanek.


5 years agodoc: Add conditionals for GnuPG-1
Werner Koch [Mon, 23 Jun 2014 14:09:34 +0000 (16:09 +0200)]
doc: Add conditionals for GnuPG-1

5 years agogpg: Make export of ECC keys work again.
Werner Koch [Fri, 20 Jun 2014 12:54:01 +0000 (14:54 +0200)]
gpg: Make export of ECC keys work again.

* agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
of the curve parameters.
* g10/export.c (canon_pubkey_algo): Rename to ...
(canon_pk_algo): this.  Support ECC.
(transfer_format_to_openpgp): Expect curve name.

5 years agogpg: Avoid infinite loop in uncompressing garbled packets.
Werner Koch [Fri, 20 Jun 2014 08:39:26 +0000 (10:39 +0200)]
gpg: Avoid infinite loop in uncompressing garbled packets.

* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

A packet like (a3 01 5b ff) leads to an infinite loop.  Using
--max-output won't help if it is a partial packet.  This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.

Thanks to Olivier Levillain and Florian Maury for their detailed

5 years agogpg: Fix a couple of spelling errors
Kristian Fiskerstrand [Thu, 12 Jun 2014 14:12:28 +0000 (16:12 +0200)]
gpg: Fix a couple of spelling errors

5 years agospeedo: Support building from dist-source generated tarball.
Werner Koch [Mon, 16 Jun 2014 21:25:44 +0000 (23:25 +0200)]
speedo: Support building from dist-source generated tarball.

5 years agohttp: Print human readable GNUTLS status.
Werner Koch [Fri, 13 Jun 2014 17:39:48 +0000 (19:39 +0200)]
http: Print human readable GNUTLS status.

* common/http.c (send_gnutls_bye): Take care of EAGAIN et al.
(http_verify_server_credentials): Print a human readable status.

5 years agogpg: Improve the output of --list-packets
Werner Koch [Thu, 12 Jun 2014 12:41:40 +0000 (14:41 +0200)]
gpg: Improve the output of --list-packets

* g10/parse-packet.c (parse): Print packet meta info in list mode.

In particular having the file offset of the packets is often useful.

5 years agospeedo: Improve building of the w32 installer.
Werner Koch [Wed, 11 Jun 2014 13:45:29 +0000 (15:45 +0200)]
speedo: Improve building of the w32 installer.

* build-aux/ Change name of build directory to PLAY.
Improve the dist-source target.
* build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank
line (plus comment).
* build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*.
Install more tools.

gdk-pixbuf-loaders.cache needs to end with an extra LF or the
gdk-pixbuf is not able to read the last entry.  The final comment is
to make our git sanity checks happy.


 make -f build-aux/ \
      TARGETOS=w32 TARBALLS=~/tarballs installer

does now create a working installer.  After removing dirmngr from the
installation GPA kind of works.  There are remaining problems with
dirmngr and scdaemon which will be fixed soon.


 make -f build-aux/ \
      TARGETOS=w32 TARBALLS=~/tarballs dist-source

creates an xz compressed tarball with all the sources used to build
the installer.  Distributing this tarball along with the installer is
sufficient to comply with the GPL.  Well, some more instructions
should be given in the readme files.

5 years agospeedo: Revamped speedo and include a w32 installer.
Werner Koch [Tue, 10 Jun 2014 17:42:34 +0000 (19:42 +0200)]
speedo: Revamped speedo and include a w32 installer.

* build-aux/speedo/: New.
* build-aux/speedo/w32/: New.

The new installer uses some code from Gpg4win but is much smaller and
easier to maintain.  To build an installer, unpack GnuPG and then run

  make -f build-aux/  TARBALLS=~/mytarballs installer

~/mytarballs is a directory with tarballs of external libraries.  See for a list of them.

WARNING: The installed W32 version does not correctly work right now.

5 years agobuild: Add more options to
Werner Koch [Tue, 10 Jun 2014 14:21:00 +0000 (16:21 +0200)]
build: Add more options to

* Add options --print-host and --print-build.

Being able to know the build system and the host as used by GnuPG is
useful to build other packages.

5 years agow32: Fix build problem with dirmngr.
Werner Koch [Tue, 10 Jun 2014 13:11:32 +0000 (15:11 +0200)]
w32: Fix build problem with dirmngr.

* dirmngr/ks-engine-hkp.c (EAI_SYSTEM) [W32]: Add replacement

5 years agogpg: Use more specific reason codes for INV_RECP.
Werner Koch [Tue, 10 Jun 2014 12:54:55 +0000 (14:54 +0200)]
gpg: Use more specific reason codes for INV_RECP.

* g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific
reasons codes for INV_RECP.

GnuPG-bug-id: 1650

5 years agoImprove the beta number generation.
Werner Koch [Fri, 6 Jun 2014 14:29:41 +0000 (16:29 +0200)]
Improve the beta number generation.

* Add option --find-version
* Rework the setting of the mym4_ variables.

The old system was not too well defined if no release for a series has
yet been done.  We now introduce a "PACKAGE-N.M-base" tag to solve
this problem.  To keep the M4 code readable the GIT parsing has been
moved to ./

5 years agoPost beta release update.
Werner Koch [Thu, 5 Jun 2014 15:05:33 +0000 (17:05 +0200)]
Post beta release update.


656fef6454972cb91741c37a0fd19cd9ade9db9c  gnupg-2.1.0-beta442.tar.bz2

5 years agoRelease 2.1.0-beta442. gnupg-2.1.0-beta442
Werner Koch [Thu, 5 Jun 2014 14:23:10 +0000 (16:23 +0200)]
Release 2.1.0-beta442.


This beta is small contribution for today's Reset The Net campaign.

  It is a crying shame that the government of my country is not
  willing to offer Edward Snowden asylum and protect him from the evil
  institutions of those allies who once thankfully kicked out the most
  evil German powers.  Back in these dark years, many people had to
  ask for asylum over there and it was granted.  Now we have to fear
  their Blockwarts who are listening to the entire world.  It would be
  more than justified for us to help that brave guy.

5 years agopo: Auto-update po files.
Werner Koch [Thu, 5 Jun 2014 14:22:18 +0000 (16:22 +0200)]
po: Auto-update po files.


5 years agoUpdate README file.
Werner Koch [Thu, 5 Jun 2014 14:20:44 +0000 (16:20 +0200)]
Update README file.


The copyright list in AUTHORS as been compiled from a distribution

5 years agoRemove keyserver helper code.
Werner Koch [Thu, 5 Jun 2014 11:44:40 +0000 (13:44 +0200)]
Remove keyserver helper code.

* Remove keyserver helper related stuff.
* (SUBDIRS): Remove keyserver.
* keyserver/ Remove.

The dirmngr is used instead of the keyserver helpers.  Thus there is
more need to distribute the old code.  We keep it in the repo for
references, though.

5 years agogpg: Require confirmation for --gen-key with experimental curves.
Werner Koch [Thu, 5 Jun 2014 10:03:27 +0000 (12:03 +0200)]
gpg: Require confirmation for --gen-key with experimental curves.

* g10/keygen.c (ask_curve): Add arg both.  Require confirmation for

5 years agogpg: Auto-migrate existing secring.gpg.
Werner Koch [Thu, 5 Jun 2014 09:19:59 +0000 (11:19 +0200)]
gpg: Auto-migrate existing secring.gpg.

* g10/migrate.c: New.
* g10/import.c (import_old_secring): New.
(import_one): Add arg silent.
(transfer_secret_keys): Add arg batch.
(import_secret_one): Add args batch and for_migration.
* g10/gpg.c (main): Call migration function.

5 years agogpgsm: Fix commit be07ed65.
Werner Koch [Wed, 4 Jun 2014 06:50:10 +0000 (08:50 +0200)]
gpgsm: Fix commit be07ed65.

* sm/server.c (option_handler): Use "with-secret".

5 years agoAdd new option --with-secret.
Werner Koch [Tue, 3 Jun 2014 19:35:59 +0000 (21:35 +0200)]
Add new option --with-secret.

* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret.  Also move
the token string from the wrong field 14 to 15.

This option is useful for key managers which need to know whether a
key has a secret key.  This change allows to collect this information
in one pass.

5 years agoartwork: Add 128x128 variant of the logo.
Werner Koch [Tue, 3 Jun 2014 16:58:35 +0000 (18:58 +0200)]
artwork: Add 128x128 variant of the logo.


5 years agogpgsm: New commands --export-secret-key-{p8,raw}
Werner Koch [Tue, 3 Jun 2014 16:57:33 +0000 (18:57 +0200)]
gpgsm: New commands --export-secret-key-{p8,raw}

* sm/gpgsm.c: Add new commands.
* sm/minip12.c (build_key_sequence): Add arg mode.
(p12_raw_build): New.
* sm/export.c (export_p12): Add arg rawmode.  Call p12_raw_build.
(gpgsm_p12_export): Ditto.
(print_short_info): Print the keygrip.

5 years agodoc: Minor texi updates.
Werner Koch [Tue, 3 Jun 2014 06:58:20 +0000 (08:58 +0200)]
doc: Minor texi updates.


5 years agogpg: Avoid NULL-deref in default key listing.
Werner Koch [Mon, 2 Jun 2014 17:51:23 +0000 (19:51 +0200)]
gpg: Avoid NULL-deref in default key listing.

* g10/keyid.c (hash_public_key): Take care of NULL keys.
* g10/misc.c (pubkey_nbits): Ditto.

This problem was mainly due to our ECC code while checking for opaque
MPIs with the curve name.

5 years agogpg: Simplify default key listing.
Werner Koch [Mon, 2 Jun 2014 17:50:18 +0000 (19:50 +0200)]
gpg: Simplify default key listing.

* g10/mainproc.c (list_node): Rework.

GnuPG-bug-id: 1640

5 years agogpg: Graceful skip reading of corrupt MPIs.
Werner Koch [Mon, 2 Jun 2014 16:38:04 +0000 (18:38 +0200)]
gpg: Graceful skip reading of corrupt MPIs.

* g10/parse-packet.c (mpi_read): Change error message on overflow.

This gets gpg 2.x in sync to what gpg 1.4 does.  No need to die for a
broken MPI.

GnuPG-bug-id: 1593

Resolved conflicts:
g10/parse-packet.c - whitespaces fixes.

5 years agogpgsm: Handle re-issued CA certificates in a better way.
Werner Koch [Mon, 2 Jun 2014 14:02:30 +0000 (16:02 +0200)]
gpgsm: Handle re-issued CA certificates in a better way.

* sm/certchain.c (find_up_search_by_keyid): Consider all matching
(find_up): Add some debug messages.

The DFN-Verein recently re-issued its CA certificates without
generating new keys.  Thus looking up the chain using the authority
keyids works but may use still existing old certificates.  This may
break the CRL lookup in the Dirmngr.  The hack to fix this is by using
the latest issued certificate with the same subject key identifier.

As usual Peter Gutman's X.509 style guide has some comments on that

GnuPG-bug-id: 1644

5 years agogpgsm: Add a way to save a found state.
Werner Koch [Mon, 2 Jun 2014 13:55:00 +0000 (15:55 +0200)]
gpgsm: Add a way to save a found state.

* kbx/keybox-defs.h (keybox_found_s): New.
(keybox_handle): Factor FOUND out to above.  Add saved_found.
* kbx/keybox-init.c (keybox_release): Release saved_found.
(keybox_push_found_state, keybox_pop_found_state): New.

* sm/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init it.
(keydb_push_found_state, keydb_pop_found_state): New.

5 years agogpg: Fix bug parsing a zero length user id.
Werner Koch [Mon, 2 Jun 2014 09:47:25 +0000 (11:47 +0200)]
gpg: Fix bug parsing a zero length user id.

* g10/getkey.c (get_user_id): Do not call xmalloc with 0.

* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.

The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte.  With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte.  Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".

The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.

5 years agodirmngr: Print certificates on failed TLS verification.
Werner Koch [Mon, 19 May 2014 07:48:42 +0000 (09:48 +0200)]
dirmngr: Print certificates on failed TLS verification.

* dirmngr/ks-engine-hkp.c (cert_log_cb): New.
(send_request): Set callback.

We use the KSBA functions here because we have them anyway in Dirmngr.

5 years agohttp: Add callback to help logging of server certificates.
Werner Koch [Mon, 19 May 2014 07:47:18 +0000 (09:47 +0200)]
http: Add callback to help logging of server certificates.

* common/http.c (http_session_s): Add field cert_log_cb.
(http_session_set_log_cb): New.
(http_verify_server_credentials): Call callback.

5 years agokeyserver: Improve support for hkps pools.
Werner Koch [Fri, 16 May 2014 19:14:03 +0000 (21:14 +0200)]
keyserver: Improve support for hkps pools.

* dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and
(create_new_hostinfo): Clear them.
(my_getnameinfo): Add args numeric and r_isnumeric.
(is_ip_address): New.
(map_host): Add arg r_host.  Rewrite the code to handle pools in a
special way.
(ks_hkp_print_hosttable): Change format of help info output.
(make_host_part): Add arg optional r_httphost.
(send_request): Add arg httphost.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to

This changes quite some things on how the hostinfo is maintained.
However, it might be better to rework the data structures and have one
entry per IP address instead of this clumsy patch.

5 years agohttp: Allow overriding of the Host header.
Werner Koch [Fri, 16 May 2014 18:58:58 +0000 (20:58 +0200)]
http: Allow overriding of the Host header.

* common/http.c (http_open): Add arg httphost.
(http_open_document): Pass NULL for httphost.
(send_request): Add arg httphost.  If given, use HTTPHOST instead of
SERVER.  Use https with a proxy if requested.
(http_verify_server_credentials): Do not stop at the first error
* dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
* keyserver/curl-shim.c (curl_easy_perform): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.

5 years agogpg: Fix uninitialized access to search descindex with gpg keyboxes.
Werner Koch [Wed, 14 May 2014 14:32:49 +0000 (16:32 +0200)]
gpg: Fix uninitialized access to search descindex with gpg keyboxes.

* kbx/keybox-search.c (keybox_search): Add arg  R_DESCINDEX.  Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.

This only affects the new keybox for OpenPGP keys in 2.1.  The bug
exhibited itself by running GPA's backup command on Windows.

5 years agow32: Make make_absfilename work with drive letters.
Werner Koch [Wed, 14 May 2014 08:26:30 +0000 (10:26 +0200)]
w32: Make make_absfilename work with drive letters.

* common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix.

5 years agogpg: Remove useless diagnostic in MDC verification.
Werner Koch [Wed, 14 May 2014 06:55:58 +0000 (08:55 +0200)]
gpg: Remove useless diagnostic in MDC verification.

* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.

The separate diagnostic was introduced for debugging a problems.  For
explaining an MDC error a single error message is easier to

5 years agogpg: Fix glitch entering a full expiration time.
Werner Koch [Wed, 14 May 2014 06:49:37 +0000 (08:49 +0200)]
gpg: Fix glitch entering a full expiration time.

* g10/keygen.c (ask_expire_interval): Get the current time after the

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639

5 years agoagent: Fix import of non-protected gpg keys.
Werner Koch [Thu, 8 May 2014 08:24:36 +0000 (10:24 +0200)]
agent: Fix import of non-protected gpg keys.

* agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for
non-protected keys.
(convert_from_openpgp_main): Do not call agent_askpin for a
non-protected key.

5 years agoMake more use of *_NAME macros.
Werner Koch [Wed, 7 May 2014 16:18:27 +0000 (18:18 +0200)]
Make more use of *_NAME macros.

* common/argparse.c (show_help): Map description string.

5 years agoagent: Fix auth key comment handling.
NIIBE Yutaka [Thu, 8 May 2014 02:46:38 +0000 (11:46 +0900)]
agent: Fix auth key comment handling.

* agent/command-ssh.c (ssh_send_key_public): Handle the case with no

5 years agoMake -jN work again.
Werner Koch [Wed, 7 May 2014 14:37:15 +0000 (16:37 +0200)]
Make -jN work again.

* common/ ($(PROGRAMS)): New rule
(t_http_LDADD): Use libcommontls.a without directory prefix.
* dirmngr/ ($(PROGRAMS)): New rule.

5 years agogpg: Print the key algorithm/curve with signature info.
Werner Koch [Wed, 7 May 2014 13:05:34 +0000 (15:05 +0200)]
gpg: Print the key algorithm/curve with signature info.

* g10/mainproc.c (check_sig_and_print): Print the name and curve.

5 years agogpg: Fix memleak in signature verification of bogus keys.
Werner Koch [Wed, 7 May 2014 12:36:34 +0000 (14:36 +0200)]
gpg: Fix memleak in signature verification of bogus keys.

* g10/mainproc.c (check_sig_and_print): Factor common code out to ...
(print_good_bad_signature): here.

P was not released if the key had no user id.

5 years agogpg: Fix indendation of check_sig_and_print.
Werner Koch [Wed, 7 May 2014 12:08:16 +0000 (14:08 +0200)]
gpg: Fix indendation of check_sig_and_print.


5 years agogpg: Mark experimental algorithms in the key listing.
Werner Koch [Wed, 7 May 2014 11:39:28 +0000 (13:39 +0200)]
gpg: Mark experimental algorithms in the key listing.

* g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
Print a note for experimental algorithms.
* g10/misc.c (print_pubkey_algo_note): Fix warning message.

5 years agogpg: Finish experimental support for Ed25519.
Werner Koch [Wed, 7 May 2014 11:16:32 +0000 (13:16 +0200)]
gpg: Finish experimental support for Ed25519.

* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey.  Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp):  Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.

* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
 "NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.

* tests/openpgp/ecc.test: Provide the "ecc" passphrase.

5 years agokbx: Add experimental support for EDDSA.
Werner Koch [Wed, 7 May 2014 10:39:43 +0000 (12:39 +0200)]
kbx: Add experimental support for EDDSA.

* kbx/keybox-openpgp.c (parse_key): Use algo constants and add
experimental support for EdDSA.

5 years agoagent: Remove greeting message.
Werner Koch [Wed, 7 May 2014 06:51:11 +0000 (08:51 +0200)]
agent: Remove greeting message.

* agent/gpg-agent.c (main): Remove greeting.  Make --no-greeting a

5 years agoUse "samethread" mode keyword for some es_fopenmem.
Werner Koch [Tue, 6 May 2014 07:49:26 +0000 (09:49 +0200)]
Use "samethread" mode keyword for some es_fopenmem.

* dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* scd/atr.c (atr_dump): Ditto.

5 years agodirmngr: Add support for hkps keyservers.
Werner Koch [Mon, 5 May 2014 14:09:45 +0000 (16:09 +0200)]
dirmngr: Add support for hkps keyservers.

* dirmngr/dirmngr.c: Include gnutls.h.
(opts): Add --gnutls-debug and --hkp-cacert.
(opt_gnutls_debug, my_gnutls_log): New.
(set_debug): Set gnutls log level.
(parse_rereadable_options): Register a CA file.
(main): Init GNUTLS.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
(send_request): Ditto.

5 years agohttp: Add reference counting to the session object.
Werner Koch [Mon, 5 May 2014 14:06:42 +0000 (16:06 +0200)]
http: Add reference counting to the session object.

* common/http.c (http_session_t): Add field "refcount".
(_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
(send_request, my_npth_read, my_npth_write): Use SOCK object for the
transport ptr.
(http_session_release): Factor all code out to ...
(session_unref): here.  Deref SOCK.
(http_session_new): Init refcount and transport ptr.
(http_session_ref): New.  Ref and unref all assignments.

Having the reference counted session objects makes it easier for the
application to pass around only an estream.  Without that the
application would need to implement an es_onclose machinery for the
session object.

5 years agohttp: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info.
Werner Koch [Fri, 2 May 2014 13:37:02 +0000 (15:37 +0200)]
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info.

* common/http.c (http_parse_uri): Factor code out to ...
(parse_uri): here.  Add arg FORCE_TLS.
(do_parse_uri): Ditto.  Implement flag.
(http_get_tls_info): New.
(http_register_tls_ca): Allow clearing of the list.
(send_request): Use a default verification function.
* common/http.h (HTTP_FLAG_FORCE_TLS): New.
* common/t-http.c (main): Add several command line options.

5 years agocommon: Fix test for openpgp_oid_is_ed25519.
Werner Koch [Fri, 2 May 2014 12:07:03 +0000 (14:07 +0200)]
common: Fix test for openpgp_oid_is_ed25519.

* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct

5 years agohttp: Revamp TLS API.
Werner Koch [Fri, 2 May 2014 08:33:19 +0000 (10:33 +0200)]
http: Revamp TLS API.


* common/http.h (http_session_t): New.
* common/http.c: Remove compatibility for gnutls < 3.0.
(http_session_s): New.
(cookie_s): Replace gnutls_session_t by http_session_t.
(tls_callback, tls_ca_certlist): New variables.
(my_socket_unref): Add preclose args.
(my_npth_read, my_npth_write): New.
(make_header_line): Fix bug using int* instead of char*.
(http_register_tls_callback): New.
(http_register_tls_ca): New.
(http_session_new): New.
(http_session_release): New.
(http_get_header_names): New.
(escape_data): Add hack to escape in forms mode.
(send_request) [HTTP_USE_GNUTLS]: Support SNI.
(send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
(send_gnutls_bye): New.
(cookie_close): Make use of preclose feature.
(http_verify_server_credentials): New.
(main) [TEST]: Remove test code.
* common/t-http.c: New.
* common/tls-ca.pem: New.
* common/ (tls_sources): New. Move http code to here.
(libcommontls_a_SOURCES): New.
(libcommontlsnpth_a_SOURCES): New.
(EXTRA_DIST): Add tls-ca.pem
(module_maint_tests): Add t-http.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.

* dirmngr/ (dirmngr_LDADD): Add libcommontlsnpth.

This new TLS API for http.c is much more flexible than the crude old

5 years agocommon: Cleanup the use of USE_NPTH and HAVE_NPTH macros.
Werner Koch [Fri, 2 May 2014 06:06:10 +0000 (08:06 +0200)]
common: Cleanup the use of USE_NPTH and HAVE_NPTH macros.

* (HAVE_NPTH): New ac_define.
* common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
* common/http.c: Ditto.  Replace remaining calls to pth by npth calls.
(connect_server): Remove useless _().
* common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
* common/init.c (_init_common_subsystems): Remove call to pth_init.
* common/sysutils.c (gnupg_sleep): Use npth_sleep.
* scd/ccid-driver.c (my_sleep): Ditto.

USE_NPTH is used in case were we may build with and without nPth.  The
missing definition HAVE_NPTH didn't allowed us to build outher sources
with nPTh support.

5 years agoestream: Implement "samethread" mode keyword.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Implement "samethread" mode keyword.

* src/estream.c (estream_internal): Add field SAMETHREAD.
(init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it.
(parse_mode): Add arg SAMETHREAD and parse that keyword.
(es_initialize): Rename to ...
(init_stream_obj): this.  Add arg SAMETHREAD.
(es_create): Add arg SAMETHREAD.  Call init_stream_lock after
(doreadline): Call es_create with samethread flag.
(es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen)
(do_fpopen, do_w32open): Implement "samethread" keyword.
(es_freopen): Take samthread flag from old stream.
(es_tmpfile): Call es)_create w/o samethread.

Note: Unfortunately es_tmpfile has no mode arg so that we can't use

5 years agoestream: Fix deadlock in es_fileno.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Fix deadlock in es_fileno.

* src/estream.c (es_fileno_unlocked): Call the unlocked functions.

5 years agoestream: Add debug code to the lock functions.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Add debug code to the lock functions.

* common/estream.c (dbg_lock_0, dbg_lock_1, dbg_lock_1): New.

5 years agoestream: Replace locking macros by functions.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Replace locking macros by functions.

* common/estream.c: Replace most macros.

The macros were too hard to read and actually blew up the source.

5 years agoestream: Migrate from Pth to nPth.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Migrate from Pth to nPth.


Actually the mutex stuff was never used since we switched to nPth.

5 years agogpg: Minor doc enhancement
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Minor doc enhancement


5 years agoECC Fixes.
NIIBE Yutaka [Mon, 28 Apr 2014 01:36:16 +0000 (10:36 +0900)]
ECC Fixes.

* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
does not distinguish the detail.
(do_unprotect, convert_from_openpgp_main): Don't call
map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
not the value defined by OpenPGP.
(convert_to_openpgp): It's "ecc".
* agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
* g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
* g10/pubkey-enc.c (get_it): Fix swapping the fields error.

5 years agogpg: Pass --homedir to gpg-agent.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Pass --homedir to gpg-agent.

* agent/gpg-agent.c (main): Make sure homedir is absolute.
* common/asshelp.c (lock_spawning): Create lock file with an absolute
(start_new_gpg_agent): Use an absolute name for the socket and pass
option --homedir to the agent.
(start_new_dirmngr): Use an absolute name for the --homedir.

This patch makes gpg's --homedir option behave again like in older
versions.  This is done by starting a new agent for each different
home directory.  Note that this assumes --use-standard-socket is used
which is the default for 2.1.

5 years agocommon: Add functions make_absfilename and make_absfilename_try.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
common: Add functions make_absfilename and make_absfilename_try.

* common/stringhelp.c (do_make_filename): Add modes 2 and 3.
(make_absfilename): New.
(make_absfilename_try): New.

5 years agocommon: Add function gnupg_getcwd.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
common: Add function gnupg_getcwd.

* tools/gpg-connect-agent.c (gnu_getcwd): Move to ...
* common/sysutils.c (gnupg_getcwd): .. here.
* tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd.

5 years agogpg: Print a warning if GKR has hijacked gpg-agent.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Print a warning if GKR has hijacked gpg-agent.

* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.

Note that GUIs may use the gpg status line

[GNUPG:] ERROR check_hijacking 33554509

to detect this and print an appropriate warning.

5 years agogpg: New %U expando for the photo viewer.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: New %U expando for the photo viewer.

* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.

This makes is possible to extract all photos ids from a key to
different files.