5 years agoPost release updates
Werner Koch [Tue, 24 Jun 2014 13:43:46 +0000 (15:43 +0200)]
Post release updates


5 years agoRelease 2.0.24 gnupg-2.0.24
Werner Koch [Tue, 24 Jun 2014 13:11:12 +0000 (15:11 +0200)]
Release 2.0.24

5 years agopo: Auto-update
Werner Koch [Tue, 24 Jun 2014 13:10:54 +0000 (15:10 +0200)]
po: Auto-update


5 years agogpg: Fix a couple of spelling errors
Kristian Fiskerstrand [Thu, 12 Jun 2014 14:12:28 +0000 (16:12 +0200)]
gpg: Fix a couple of spelling errors

5 years agodoc: Update from master.
Werner Koch [Tue, 24 Jun 2014 11:54:30 +0000 (13:54 +0200)]
doc: Update from master.


5 years agogpg: Do not link gpgv against libassuan.
Werner Koch [Tue, 24 Jun 2014 11:52:02 +0000 (13:52 +0200)]
gpg: Do not link gpgv against libassuan.

* g10/ (gpgv2_LDADD): Remove LIBASSUAN_LIBS.

This is not required.

GnuPG-bug-id: 1533

5 years agopo: Update de.po
Werner Koch [Tue, 24 Jun 2014 09:14:20 +0000 (11:14 +0200)]
po: Update de.po

5 years agocommon: Fix commit ceef5568 so that it builds with libgcrypt < 1.6
Werner Koch [Tue, 24 Jun 2014 09:06:32 +0000 (11:06 +0200)]
common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6

* common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if

5 years agoRemove thread callbacks for libgcrypt >= 1.6.
Werner Koch [Tue, 24 Jun 2014 08:56:19 +0000 (10:56 +0200)]
Remove thread callbacks for libgcrypt >= 1.6.

* agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
libgcrypt >= 1.6.
(main): Ditto.
* scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
(main): Ditto.

This is not anymore needed but kept for compatibility with Libgcrypt <

5 years agoImprove configure option --with-libgpg-error-prefix
Werner Koch [Tue, 24 Jun 2014 08:36:15 +0000 (10:36 +0200)]
Improve configure option --with-libgpg-error-prefix

GnuPG-bug-id: 1561

Note that this is not a complete solution.  The libgpg-error include
directory has now a higher preference but ld may not pick up the right
library if another one is installed.  The problem is that the -L
option and the -l options are not emitted separately by

5 years agogpg: Use more specific reason codes for INV_RECP.
Werner Koch [Tue, 10 Jun 2014 12:54:55 +0000 (14:54 +0200)]
gpg: Use more specific reason codes for INV_RECP.

* g10/pkclist.c (build_pk_list): Use more specific reasons codes for

GnuPG-bug-id: 1650

Note that this patch is a bit more limited than the one in 2.1.

5 years agogpg: Make show-uid-validity the default.
Werner Koch [Tue, 24 Jun 2014 07:53:46 +0000 (09:53 +0200)]
gpg: Make show-uid-validity the default.

5 years agogpg: Screen keyserver responses.
Stefan Tomanek [Wed, 29 Jan 2014 23:57:43 +0000 (00:57 +0100)]
gpg: Screen keyserver responses.

* g10/main.h (import_filter_t): New.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()

These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.

Signed-off-by: Stefan Tomanek <>
Re-indention and minor changes by wk.

Resolved conflicts:

5 years agogpg: Allow key-to-card upload for cert-only keys
Werner Koch [Tue, 24 Jun 2014 07:13:38 +0000 (09:13 +0200)]
gpg: Allow key-to-card upload for cert-only keys

* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.

Suggested-by: Dominik Heidler <>
5 years agossh: Fix for newer Libgcrypt versions.
Werner Koch [Mon, 23 Jun 2014 11:16:44 +0000 (13:16 +0200)]
ssh: Fix for newer Libgcrypt versions.

* common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case.

Reported-by: Anatol Pomozov
5 years agogpg: Avoid infinite loop in uncompressing garbled packets.
Werner Koch [Fri, 20 Jun 2014 08:39:26 +0000 (10:39 +0200)]
gpg: Avoid infinite loop in uncompressing garbled packets.

* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.

A packet like (a3 01 5b ff) leads to an infinite loop.  Using
--max-output won't help if it is a partial packet.  This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.

Thanks to Olivier Levillain and Florian Maury for their detailed

5 years agodoc: Update for modern makeinfo.
Werner Koch [Tue, 3 Jun 2014 11:34:24 +0000 (13:34 +0200)]
doc: Update for modern makeinfo.

* doc/texi.css: Remove.
* doc/ (AM_MAKEINFOFLAGS): Use --css-ref.

5 years agomaint: Of course we only use https in the announcements.
Werner Koch [Tue, 3 Jun 2014 09:29:34 +0000 (11:29 +0200)]
maint: Of course we only use https in the announcements.


5 years agoPost release updates.
Werner Koch [Tue, 3 Jun 2014 09:25:04 +0000 (11:25 +0200)]
Post release updates.


5 years agoRelease 2.0.23 gnupg-2.0.23
Werner Koch [Tue, 3 Jun 2014 08:02:45 +0000 (10:02 +0200)]
Release 2.0.23

5 years agopo: Auto-update due to one new entry.
Werner Koch [Tue, 3 Jun 2014 07:54:56 +0000 (09:54 +0200)]
po: Auto-update due to one new entry.


5 years agodoc: Adjust Makefile for fixed yat2m.
Werner Koch [Tue, 3 Jun 2014 07:48:48 +0000 (09:48 +0200)]
doc: Adjust Makefile for fixed yat2m.

* doc/ (yat2m-stamp): Remove dirmngr-client hack.

5 years agodoc: Update from master
Werner Koch [Tue, 3 Jun 2014 07:02:00 +0000 (09:02 +0200)]
doc: Update from master


5 years agogpg: New %U expando for the photo viewer.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: New %U expando for the photo viewer.

* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.

This makes is possible to extract all photos ids from a key to
different files.

(cherry picked from commit e184a11f94e2d41cd9266484542631bec23628b5)

Resolved conflicts:
g10/photoid.c - whitespaces

5 years agocommon: Add z-base-32 encoder.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
common: Add z-base-32 encoder.

* common/zb32.c: New.
* common/t-zb32.c: New.
* common/ (common_sources): Add zb82.c
(cherry picked from commit b8a91ebf46a927801866e99bb5a66ab00651424e)

Resolved conflicts:

5 years agogpg: Reject signatures made with MD5.
Werner Koch [Mon, 17 Mar 2014 16:54:36 +0000 (17:54 +0100)]
gpg: Reject signatures made with MD5.

* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.
(cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c)

Resolved conflicts:
g10/gpg.c - adjust.
tests/openpgp/ - no changes

5 years agogpg: Remove useless diagnostic in MDC verification.
Werner Koch [Wed, 14 May 2014 06:55:58 +0000 (08:55 +0200)]
gpg: Remove useless diagnostic in MDC verification.

* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.

The separate diagnostic was introduced for debugging a problems.  For
explaining an MDC error a single error message is easier to

5 years agogpg: Fix glitch entering a full expiration time.
Werner Koch [Wed, 14 May 2014 06:49:37 +0000 (08:49 +0200)]
gpg: Fix glitch entering a full expiration time.

* g10/keygen.c (ask_expire_interval): Get the current time after the

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639

5 years agogpg: Graceful skip reading of corrupt MPIs.
Werner Koch [Mon, 2 Jun 2014 16:38:04 +0000 (18:38 +0200)]
gpg: Graceful skip reading of corrupt MPIs.

* g10/parse-packet.c (mpi_read): Change error message on overflow.

This gets gpg 2.x in sync to what gpg 1.4 does.  No need to die for a
broken MPI.

GnuPG-bug-id: 1593

5 years agogpg: Simplify default key listing.
Werner Koch [Mon, 2 Jun 2014 15:33:18 +0000 (17:33 +0200)]
gpg: Simplify default key listing.

* g10/mainproc.c (list_node): Rework.

The old code still merged the first user id into the key packet line
which resulted in all kind of complexity.  --fixed-list-mode is
meanwhile the default and thus we also change this part of the code.

GnuPG-bug-id: 1640

5 years agogpgsm: Handle re-issued CA certificates in a better way.
Werner Koch [Mon, 2 Jun 2014 14:02:30 +0000 (16:02 +0200)]
gpgsm: Handle re-issued CA certificates in a better way.

* sm/certchain.c (find_up_search_by_keyid): Consider all matching
(find_up): Add some debug messages.

The DFN-Verein recently re-issued its CA certificates without
generating new keys.  Thus looking up the chain using the authority
keyids works but may use still existing old certificates.  This may
break the CRL lookup in the Dirmngr.  The hack to fix this is by using
the latest issued certificate with the same subject key identifier.

As usual Peter Gutman's X.509 style guide has some comments on that

GnuPG-bug-id: 1644

Resolved conflicts:
sm/certchain.c  - whitespace fixes.

5 years agogpgsm: Add a way to save a found state.
Werner Koch [Mon, 2 Jun 2014 13:55:00 +0000 (15:55 +0200)]
gpgsm: Add a way to save a found state.

* kbx/keybox-defs.h (keybox_found_s): New.
(keybox_handle): Factor FOUND out to above.  Add saved_found.
* kbx/keybox-init.c (keybox_release): Release saved_found.
(keybox_push_found_state, keybox_pop_found_state): New.

* sm/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init it.
(keydb_push_found_state, keydb_pop_found_state): New.

Resolved conflicts:
kbx/keybox-defs.h - whitespace fixes.

5 years agogpg: Fix bug parsing a zero length user id.
Werner Koch [Mon, 2 Jun 2014 09:47:25 +0000 (11:47 +0200)]
gpg: Fix bug parsing a zero length user id.

* g10/getkey.c (get_user_id): Do not call xmalloc with 0.

* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.

The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte.  With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte.  Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".

The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.

(cherry picked from commit 99972bd6e9abea71f270284f49997de5f00208af)

Resolved conflicts:
g10/getkey.c - ignore whitespace changes.

5 years agogpg: Print a warning if GKR has hijacked gpg-agent.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Print a warning if GKR has hijacked gpg-agent.

* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.

Note that GUIs may use the gpg status line

[GNUPG:] ERROR check_hijacking 33554509

to detect this and print an appropriate warning.

5 years agogpg: Fix use of deprecated RSA_E and RSA_E with newer libgcrypts.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Fix use of deprecated RSA_E and RSA_E with newer libgcrypts.

* g10/misc.c (pubkey_get_npkey): Map RSA_E and RSA_S to RSA.
(pubkey_get_nskey): Ditto.
(pubkey_get_nsig): Ditto.
(pubkey_get_nenc): Ditto.
(pubkey_nbits): Take care of RSA_E and RSA_S.

The problem was that parse_key did not know about RSA_S and thus used
an opaque MPI which later crashed Libgcrypt. It is possible to fix
that also in Libgcrypt but we better do it here as well.

A test key using RSA_S is 0x98EEB6F7D87171CF.

Reported-by: Hanno Böck
5 years agoscd: Skip S/N reading for the "undefined" application.
Werner Koch [Wed, 14 Dec 2011 17:56:10 +0000 (18:56 +0100)]
scd: Skip S/N reading for the "undefined" application.

* scd/app.c (select_application): Skip serial number reading.
(cherry picked from commit 792e137ec7997a0ff5c54ff970611238d28d4ba8)

Resolved conflicts:

scd/app.c: Take care of already changed geldkarte/dinsig

5 years agogpg: Change --show-session-key to print the session key earlier.
Werner Koch [Wed, 11 Dec 2013 09:20:15 +0000 (10:20 +0100)]
gpg: Change --show-session-key to print the session key earlier.

* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <>
(cherry picked from commit 101a54add351ff62793cbfbf3877787c4791f833)

Resolved Conflicts:
doc/DETAILS    - removed
g10/cpr.c      - replace estream fucntion by stdio.
g10/mainproc.c - Adjust for changed calling convention.

5 years agoSilence annoying ABI change warning.
Werner Koch [Wed, 27 Nov 2013 17:38:20 +0000 (18:38 +0100)]
Silence annoying ABI change warning.

* [GCC]: Pass -Wno-psabi for gcc >= 4.6.  Avoid some gcc
option tests for gcc >= 4.6

Signed-off-by: Werner Koch <>
5 years agoscd: Fix two compiler warnings.
Werner Koch [Wed, 27 Nov 2013 08:33:50 +0000 (09:33 +0100)]
scd: Fix two compiler warnings.

* scd/apdu.c (pcsc_vendor_specific_init): Add suggested parens.
* scd/ccid-driver.c (ccid_get_atr): Cast DEBUGOUT_1 arg to int.

5 years agogpg: Change armor Version header to emit only the major version.
Werner Koch [Wed, 27 Nov 2013 08:20:02 +0000 (09:20 +0100)]
gpg: Change armor Version header to emit only the major version.

* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version

GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <>
(cherry picked from commit e951782e937ce290be0d89d83e84b3daea997587)

Resolved conflicts:

5 years agocommon: Fix build problem with Sun Studio compiler.
Werner Koch [Fri, 15 Nov 2013 08:08:58 +0000 (09:08 +0100)]
common: Fix build problem with Sun Studio compiler.

* common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy

GnuPG-bug-id: 1566
Signed-off-by: Werner Koch <>
5 years agoscd: more pinpad input fix for PC/SC.
NIIBE Yutaka [Wed, 13 Nov 2013 07:43:26 +0000 (16:43 +0900)]
scd: more pinpad input fix for PC/SC.

* scd/apdu.c (check_pcsc_pinpad): Set default values here.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
values, as it's too late.


cherry picked from master.

5 years agoscd: more pinpad fix.
NIIBE Yutaka [Mon, 11 Nov 2013 07:41:43 +0000 (16:41 +0900)]
scd: more pinpad fix.

* scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
those are specified.
(pcsc_pinpad_modify): Remove old check code.


cherry picked from master.

5 years agoscd: pinpad fix for PC/SC on Windows.
NIIBE Yutaka [Tue, 29 Oct 2013 00:07:05 +0000 (09:07 +0900)]
scd: pinpad fix for PC/SC on Windows.

* scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.


cherry picked from master.

5 years agoscd: fix pinpad input on Windows.
NIIBE Yutaka [Fri, 25 Oct 2013 00:57:31 +0000 (09:57 +0900)]
scd: fix pinpad input on Windows.

* scd/apdu.c (open_pcsc_reader_direct): Don't call
pcsc_vendor_specific_init here, but...
(connect_pcsc_card): Call it here.


Thanks to Martin Wolters for the bug report (backport from master).

5 years agopo: Update Japanese translation.
NIIBE Yutaka [Wed, 23 Oct 2013 05:41:54 +0000 (14:41 +0900)]
po: Update Japanese translation.

5 years agoscd: add pinpad readers information for PC/SC service.
NIIBE Yutaka [Wed, 16 Oct 2013 00:52:18 +0000 (09:52 +0900)]
scd: add pinpad readers information for PC/SC service.

* scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN


Cherry pick from master.

5 years agoscd: remove pin length check.
NIIBE Yutaka [Tue, 15 Oct 2013 01:44:51 +0000 (10:44 +0900)]
scd: remove pin length check.

* scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin

GnuPG-bug-id: 1549
Cherry pick from master.

5 years agogpg: Do not require a trustdb with --always-trust.
Werner Koch [Fri, 11 Oct 2013 07:25:58 +0000 (09:25 +0200)]
gpg: Do not require a trustdb with --always-trust.

* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <>
5 years agogpg: Fix --version output and explicitly disable ECC.
Werner Koch [Tue, 8 Oct 2013 13:29:36 +0000 (15:29 +0200)]
gpg: Fix --version output and explicitly disable ECC.

* g10/misc.c (openpgp_pk_algo_name): New.  Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E.  Return an error for ECC algos.
(openpgp_pk_test_algo2):  Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.

Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks.  This patches fixes that and
also make sure that gpg does advertise any ECC features.  The patch in
build_list is not really needed.

Signed-off-by: Werner Koch <>
5 years agoPost release updates.
Werner Koch [Fri, 4 Oct 2013 18:33:14 +0000 (20:33 +0200)]
Post release updates.


5 years agoRelease 2.0.22. gnupg-2.0.22
Werner Koch [Fri, 4 Oct 2013 17:39:33 +0000 (19:39 +0200)]
Release 2.0.22.

5 years agodoc: Update from master
Werner Koch [Fri, 4 Oct 2013 17:09:36 +0000 (19:09 +0200)]
doc: Update from master

5 years agogpg: Print a "not found" message for an unknown key in --key-edit.
Werner Koch [Fri, 4 Oct 2013 16:34:56 +0000 (18:34 +0200)]
gpg: Print a "not found" message for an unknown key in --key-edit.

* g10/keyedit.c (keyedit_menu): Print message.

GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <>
5 years agogpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6.
Werner Koch [Fri, 4 Oct 2013 16:01:40 +0000 (18:01 +0200)]
gpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6.

* g10/misc.c (print_pubkey_algo_note): Map the algo.
(openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto.
(pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig)
(pubkey_get_nenc): Return 0 for ECC algorithms.

Libgcrypt 1.6 features algorithm 18 (generic ECC).  Because of the
missing mapping and no real support for the OpenPGP ECC format, this
led to parsing errors of ECC packets.  We better better explicitly
tell gpg that we ECC is not supported.

Signed-off-by: Werner Koch <>
5 years agopo: Update Czech translation.
Werner Koch [Fri, 4 Oct 2013 11:56:51 +0000 (13:56 +0200)]
po: Update Czech translation.

5 years agopo: Autoupdate due to changed order of strings.
Werner Koch [Fri, 4 Oct 2013 11:46:17 +0000 (13:46 +0200)]
po: Autoupdate due to changed order of strings.


5 years agogpg: Protect against rogue keyservers sending secret keys.
Werner Koch [Fri, 4 Oct 2013 11:44:39 +0000 (13:44 +0200)]
gpg: Protect against rogue keyservers sending secret keys.

* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
* g10/import.c (import_secret_one): Deny import if flag is set.

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <>
5 years agogpg: Allow setting of all zero key flags
Daniel Kahn Gillmor [Tue, 19 Mar 2013 15:25:25 +0000 (11:25 -0400)]
gpg: Allow setting of all zero key flags

* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)

5 years agogpg: Distinguish between missing and cleared key flags.
Werner Koch [Fri, 15 Mar 2013 14:46:03 +0000 (15:46 +0100)]
gpg: Distinguish between missing and cleared key flags.

* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.
(cherry picked from commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf)

5 years agoRemove trailing white space from some files.
Daniel Kahn Gillmor [Tue, 19 Mar 2013 15:25:25 +0000 (11:25 -0400)]
Remove trailing white space from some files.


5 years agokeyserver: Allow use of cURL's default CA store.
Werner Koch [Fri, 4 Oct 2013 06:28:12 +0000 (08:28 +0200)]
keyserver: Allow use of cURL's default CA store.

* keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file
has been given.
* keyserver/gpgkeys_hkp.c (main): Ditto.

GnuPG-bug-id: 1542
Signed-off-by: Werner Koch <>
5 years agogpg: Limit the nesting level of I/O filters.
Werner Koch [Fri, 4 Oct 2013 06:20:49 +0000 (08:20 +0200)]
gpg: Limit the nesting level of I/O filters.

* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.

* g10/mainproc.c (mainproc_context): New field ANY.  Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY.  Add bit field
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.

This is a more general fix for the nested compression packet bug.  In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream.  This patch also reduces the
number of error messages for the non-import case.

Signed-off-by: Werner Koch <>
5 years agogpg: Fix bug with deeply nested compressed packets.
Werner Koch [Wed, 2 Oct 2013 07:11:43 +0000 (09:11 +0200)]
gpg: Fix bug with deeply nested compressed packets.

* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from

Signed-off-by: Werner Koch <>
5 years ago2009-11-10 Marcus Brinkmann <>
Marcus Brinkmann [Tue, 10 Nov 2009 09:04:17 +0000 (09:04 +0000)]
2009-11-10  Marcus Brinkmann  <>

* server.c (cmd_getauditlog): Don't dup FD for es_fdopen_nc as
this leaks the FD here.

(cherry picked from commit b3cda3f45cdbf3c66538589c7e108cbf73adc850)

Resolved Conflicts:
sm/ChangeLog-2011 - Removed.

GnuPG-bug-id: 1535

5 years agogpg: Use 2048 as the default keysize in batch mode.
Werner Koch [Fri, 30 Aug 2013 08:19:47 +0000 (10:19 +0200)]
gpg: Use 2048 as the default keysize in batch mode.

* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to

Signed-off-by: Werner Koch <>
5 years agogpgtar: Fix building for systems with a separate libintl.
Werner Koch [Fri, 30 Aug 2013 08:05:08 +0000 (10:05 +0200)]
gpgtar: Fix building for systems with a separate libintl.

* tools/ (gpgtar_LDADD): Add LIBINTL.
Signed-off-by: Werner Koch <>
(cherry picked from commit 12990efb45ee7c425167aad19fe759d5609c5182)

Resolved conflicts:
tools/ => Libiconv was already there.

5 years agoscd: PC/SC pinpad input improvement.
NIIBE Yutaka [Fri, 30 Aug 2013 02:06:50 +0000 (11:06 +0900)]
scd: PC/SC pinpad input improvement.

* scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
(new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
(pcsc_vendor_specific_init): New.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
(check_pcsc_pinpad): Not detect here but use the result of
(pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.


(cherry picked from commit 95a3bffeaf07e8bf9487d4b165c336d166236fc1)

Signed-off-by: NIIBE Yutaka

5 years agoscd: add support for RSA_CRT and RSA_CRT_N key import.
Jonas Borgström [Wed, 28 Aug 2013 09:21:10 +0000 (11:21 +0200)]
scd: add support for RSA_CRT and RSA_CRT_N key import.

* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.


Updates of original patch by wk:

  -      unsigned char *rsa_u, *rsa_dp, rsa_dq;
  +      unsigned char *rsa_u, *rsa_dp, *rsa_dq;

and AUTHORS.  Missing signed-off-by assumed due to DCO send the other

(cherry picked from commit cc67918c088e90c1d9a507af5f6288e8faa93d87)

Solved conflicts:
AUTHORS => Removed
scd/app-openpgp.c => s/.rsa.format/.format/.

5 years agoscd: fix parsing login-data DO.
NIIBE Yutaka [Tue, 27 Aug 2013 01:23:09 +0000 (10:23 +0900)]
scd: fix parsing login-data DO.

* scd/app-openpgp.c (parse_login_data): Release RELPTR.  Fix parsing.


Signed-off-by: NIIBE Yutaka
5 years agoscd: fix Vega for Alpha reader.
NIIBE Yutaka [Tue, 27 Aug 2013 01:15:46 +0000 (10:15 +0900)]
scd: fix Vega for Alpha reader.

* scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
and size of command.


Signed-off-by: NIIBE Yutaka
5 years agoscd: Make SPRx32 pinpad work with PC/SC on Windows.
Werner Koch [Wed, 21 Aug 2013 14:45:48 +0000 (16:45 +0200)]
scd: Make SPRx32 pinpad work with PC/SC on Windows.

(SCARD_CTL_CODE): Define if not defined.
(reader_table_s): Add is_spr532.
(new_reader_slot): Clear it.
(check_pcsc_pinpad): Set it.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.

Signed-off-by: Werner Koch <>
(cherry picked from commit 5c5e52df4b92e23045ac87abac09357de58920d4)

5 years agoscd: Improve --enable-pinpad-varlen.
Werner Koch [Wed, 21 Aug 2013 13:44:52 +0000 (15:44 +0200)]
scd: Improve --enable-pinpad-varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Add
* scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.

Signed-off-by: Werner Koch <>
(cherry picked from commit 7bde2bf3b0ddb5d3515a44879e1a7ddb581a5c0b)

5 years agoPost release updates.
Werner Koch [Mon, 19 Aug 2013 12:32:51 +0000 (14:32 +0200)]
Post release updates.


5 years agoRelease 2.0.21 gnupg-2.0.21
Werner Koch [Mon, 19 Aug 2013 11:09:07 +0000 (13:09 +0200)]
Release 2.0.21

5 years agoRequire libgpg-error 1.11.
Werner Koch [Mon, 19 Aug 2013 11:08:37 +0000 (13:08 +0200)]
Require libgpg-error 1.11.

* (NEED_GPG_ERROR_VERSION): Set to 1.11.
* common/util.h: Remove GPG_ERR_ replacements.

The replacement macros actually never worked because gog-error.h uses
enums and not macros.  libgpg-error 1.11 is 6 months old and thus it
should not be a problem to require that version.

Future replacement macros may then use the new
GPG_ERROR_VERSION_NUMBER to detect missing error codes.

Signed-off-by: Werner Koch <>
5 years agopo: Auto updates.
Werner Koch [Mon, 19 Aug 2013 09:59:15 +0000 (11:59 +0200)]
po: Auto updates.


5 years agoUpdate the Polish translation
Jakub Bogusz [Mon, 19 Aug 2013 09:51:38 +0000 (11:51 +0200)]
Update the Polish translation

5 years agoagent: Fix UPDATESTARTUPTTY for ssh.
Werner Koch [Mon, 19 Aug 2013 09:44:59 +0000 (11:44 +0200)]
agent: Fix UPDATESTARTUPTTY for ssh.

* agent/command-ssh.c (setup_ssh_env): Fix env setting.

gniibe reported this to gnupg-devel on 2012-07-04:

  (2) UPDATESTARTUPTTY doesn't work to switch TTY for pinentry for


  Current implementation:

      In the function start_command_handler_ssh, the logic puts
      priority on ctrl->session_env which is initialized by
      agent_init_default_ctrl.  There are always GPG_TTY and TERM
      defined, because lines around 968 in gpg-agent.c, it says:

   /* Make sure that we have a default ttyname. */

      While UPDATESTARTUPTTY updates opt.startup_env, it doesn't
      affect at all.

  Here is a patch to point the issue.  Tested and works for me.

Signed-off-by: Werner Koch <>
5 years agotests: Make sure not to create files outside the build directory.
Werner Koch [Mon, 19 Aug 2013 09:35:06 +0000 (11:35 +0200)]
tests: Make sure not to create files outside the build directory.

* tests/openpgp/ (./gpg_dearmor): Add option --homedir.


The dearmor code might create files in the source directory during a
test run.  Adding "--homedir ." should solve this.

GnuPG-bug-id: 1498.
Signed-off-by: Werner Koch <>
5 years agogpgv: Init Libgcrypt to avoid syslog warning.
Werner Koch [Mon, 19 Aug 2013 09:22:11 +0000 (11:22 +0200)]
gpgv: Init Libgcrypt to avoid syslog warning.

* g10/gpgv.c (main): Check libgcrypt version and disable secure

GnuPG-bug-id: 1376
Signed-off-by: Werner Koch <>
5 years agoagent: Extend cmd KEYINFO to return data from sshcontrol.
Werner Koch [Thu, 8 Aug 2013 19:22:38 +0000 (21:22 +0200)]
agent: Extend cmd KEYINFO to return data from sshcontrol.

* agent/command-ssh.c (struct control_file_s): Rename to
(ssh_open_control_file, ssh_close_control_file)
(ssh_read_control_file, ssh_search_control_file): New.
(control_file_t):  Rename and move to ...
* agent/agent.h (ssh_control_file_t): here.
* agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
and confirm. Rename unknown keytype indicator from '-' to 'X'.  Extend
(cmd_keyinfo): Add options --ssh-list and --with-ssh.

This extension allows the development of frontends to manage the
sshcontrol file.

Signed-off-by: Werner Koch <>
(cherry picked from commit 50c98c7ed6b542857ee2f902eca36cda37407737)

Conflicts in agent/command.c (due to less information printed by
keyinfo) solved.

5 years agoImprove libcurl detection.
Werner Koch [Tue, 6 Aug 2013 08:31:54 +0000 (10:31 +0200)]
Improve libcurl detection.

* m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been
given.  Suggested by John Marshall.

GnuPG-bug-id: 1510

5 years agogpg: Remove legacy keyserver examples from the template conf file.
Werner Koch [Tue, 6 Aug 2013 08:04:12 +0000 (10:04 +0200)]
gpg: Remove legacy keyserver examples from the template conf file.

* g10/options.skel: Update.

5 years agogpg: No need to create a trustdb when encrypting with --always-trust.
Werner Koch [Fri, 2 Aug 2013 07:10:17 +0000 (09:10 +0200)]
gpg: No need to create a trustdb when encrypting with --always-trust.

* g10/gpg.c (main): Special case setup_trustdb for --encrypt.

Signed-off-by: Werner Koch <>
(cherry picked from commit 498b9a95dc65c43240835d64cc92d8fb43014d53)

5 years agow32: Add code to support a portable use of GnuPG.
Werner Koch [Thu, 1 Aug 2013 17:50:52 +0000 (19:50 +0200)]
w32: Add code to support a portable use of GnuPG.

* common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
(check_portable_app) [W32]: New.
(standard_homedir, default_homedir) [W32]: Support the portable flag.
(w32_rootdir, w32_commondir) [W32]: Ditto.
(gnupg_bindir) [W32]: Ditto.

A portable use of GnuPG under Windows means that GnuPG uses a home
directory depending on the location of the actual binary.  No registry
variables are considered.  The portable mode is enabled if in the
installation directory of the the binary "gpgconf.exe" and a file
"gpgconf.ctl" are found.  The latter file shall be empty or consist
only of empty or '#'-style comment lines.

Signed-off-by: Werner Koch <>
5 years agow32: Always require libiconv.
Werner Koch [Thu, 1 Aug 2013 17:48:00 +0000 (19:48 +0200)]
w32: Always require libiconv.

* (missing_iconv): Set and die if we have no libiconv.
* m4/iconv.m4: Update from libiconv 1.14.
* tools/ (gpgtar_LDADD): Add LIBICONV.
* jnlib/utf8conv.c: Always include iconv.h
(load_libiconv): Remove this w32 only function.
(iconv_open, iconv, iconv_close): Remove W32 function pointer.
(set_native_charset): Do not call load_libiconv.
(jnlib_iconv_open, jnlib_iconv, jnlib_iconv_close): Ditto.

This patch removes the on-demand-loading of libiconv which we did for
13 years or so.  The rationale back then was that libiconv is too
large and often not used.  Nowadays all kind of Unix software has been
ported to Windows and many of them require libiconv.  Thus in the end
there is no saving from not requiring it.  It also remove a common
source of trouble with awrong or missing iconv.dll.

Signed-off-by: Werner Koch <>
5 years agow32: Remove unused code.
Werner Koch [Thu, 1 Aug 2013 12:02:50 +0000 (14:02 +0200)]
w32: Remove unused code.

* jnlib/w32-reg.c (write_w32_registry_string): Remove.

5 years agopo: Auto updates.
Werner Koch [Wed, 3 Jul 2013 13:22:00 +0000 (15:22 +0200)]
po: Auto updates.


5 years agoUpdate the German translation.
Werner Koch [Wed, 3 Jul 2013 13:21:33 +0000 (15:21 +0200)]
Update the German translation.

5 years agoagent: Make --allow-mark-trusted the default.
Werner Koch [Wed, 3 Jul 2013 13:20:25 +0000 (15:20 +0200)]
agent: Make --allow-mark-trusted the default.

* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
Put this option into the gpgconf-list.
(main): Enable opt.allow_mark_trusted by default.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
allow-mark-trusted by no-allow-mark-trusted.

* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.


These changes have been in effect for the Gpg4win Windows version
since 2011-01-24 and thus first released with Gpg4win 2.1.0.  Given
the current state of PKIX it does not make any sense to lure the Unix
user into false security by making it harder to trust self-signed or
CAcert certificates.

Signed-off-by: Werner Koch <>
5 years agopo: Auto updates.
Werner Koch [Wed, 3 Jul 2013 11:40:16 +0000 (13:40 +0200)]
po: Auto updates.


5 years agoUpdate the German translation.
Werner Koch [Wed, 3 Jul 2013 11:32:52 +0000 (13:32 +0200)]
Update the German translation.

5 years agossh: Add support for Putty.
Werner Koch [Wed, 3 Jul 2013 11:29:47 +0000 (13:29 +0200)]
ssh: Add support for Putty.

* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support.  Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.

This patch enables support for Putty.  It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file.  It
also works with a smartcard key.

May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.

Signed-off-by: Werner Koch <>
5 years agoagent: Fix binary vs. text mode problem in ssh.
Werner Koch [Wed, 3 Jul 2013 11:10:29 +0000 (13:10 +0200)]
agent: Fix binary vs. text mode problem in ssh.

* agent/command-ssh.c (file_to_buffer)
(ssh_handler_request_identities): Open streams in binary mode.
(start_command_handler_ssh): Factor some code out to ..
(setup_ssh_env): new function.

This is for now a theoretical fix because there is no ssh client yet
which uses the GnuPG style IPC.  OpenSSL for Cygwin uses only a quite
similar one.  gniibe suggested to implement that IPC style in
Libassuan so that a Cygwin version of OpenSSL may be used with GnuPG.

Signed-off-by: Werner Koch <>
5 years agoSilence deprecated warnings from gcc 4.6.3.
Werner Koch [Wed, 3 Jul 2013 10:59:56 +0000 (12:59 +0200)]
Silence deprecated warnings from gcc 4.6.3.


Frankly, I don't understand why gcc prints them.  We don't use them.

Signed-off-by: Werner Koch <>
5 years agoestream: Backport es_fopemem_init from master.
Werner Koch [Wed, 3 Jul 2013 07:30:22 +0000 (09:30 +0200)]
estream: Backport es_fopemem_init from master.

* common/estream.c (es_fopenmem_init): New.

Signed-off-by: Werner Koch <>
5 years agoUpdate NEWS.
Werner Koch [Mon, 1 Jul 2013 18:49:50 +0000 (20:49 +0200)]
Update NEWS.


5 years agossh: Mark unused arg.
Werner Koch [Mon, 1 Jul 2013 18:34:55 +0000 (20:34 +0200)]
ssh: Mark unused arg.

* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Cast spec to

5 years agossh: Support ECDSA keys.
Werner Koch [Wed, 12 Dec 2012 17:47:21 +0000 (18:47 +0100)]
ssh: Support ECDSA keys.

* agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
(struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
(ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
(ssh_signature_encoder_t): Add arg spec and adjust all callers.
(ssh_signature_encoder_ecdsa): New.
(sexp_key_construct, sexp_key_extract, ssh_receive_key)
(ssh_convert_key_to_blob): Support ecdsa.
(ssh_identifier_from_curve_name): New.
(ssh_send_key_public): Retrieve and pass the curve_name.
(key_secret_to_public): Ditto.
(data_sign): Add arg SPEC and change callers to pass it.
(ssh_handler_sign_request): Get the hash algo from SPEC.
* common/ssh-utils.c (get_fingerprint): Support ecdsa.

* agent/protect.c (protect_info): Add flag ECC_HACK.
(agent_protect): Allow the use of the "curve" parameter.
* agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.

* agent/command-ssh.c (ssh_key_grip): Print a better error code.

The 3 standard curves are now supported in gpg-agent's ssh-agent
protocol implementation.  I tested this with all 3 curves and keys
generated by OpenSSH 5.9p1.

Using existing non-ssh generated keys will likely fail for now. To fix
this, the code should first undergo some more cleanup; then the fixes
are pretty straightforward.  And yes, the data structures are way too

(cherry picked from commit 649b31c663b8674bc874b4ef283d714a13dc8cfe)

Solved conflicts:

        common/ssh-utils.c (different variabale name)