gnupg.git
3 years agotests: Set fake-pinentry's stdout and stdin to _IOLBF.
Werner Koch [Thu, 14 Apr 2016 07:08:50 +0000 (09:08 +0200)]
tests: Set fake-pinentry's stdout and stdin to _IOLBF.

* tests/openpgp/fake-pinentry.c (main): Call setvbuf.  Show passphrase
at startup.  Increase buffer.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Implement new protection mode openpgp-s2k3-ocb-aes.
Werner Koch [Tue, 12 Apr 2016 12:37:26 +0000 (14:37 +0200)]
agent: Implement new protection mode openpgp-s2k3-ocb-aes.

* agent/protect.c (agent_protect): Add arg use_ocb.  Change all caller
to pass -1 for default.
* agent/protect-tool.c: New option --debug-use-ocb.
(oDebugUseOCB): New.
(opt_debug_use_ocb): New.
(main): Set option.
(read_and_protect): Implement option.

* agent/protect.c (OCB_MODE_SUPPORTED): New macro.
(PROT_DEFAULT_TO_OCB): New macro.
(do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
and timestamp_exp_len.  Implement OCB.
(agent_protect): Change to support OCB.
(do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
Implement OCB.
(merge_lists): Allow NULL for sha1hash.
(agent_unprotect): Change to support OCB.
(agent_private_key_type): Remove debug output.
--

Instead of using the old OpenPGP way of appending a hash of the
plaintext and encrypt that along with the plaintext, the new scheme
uses a proper authenticated encryption mode.  See keyformat.txt for a
description.  Libgcrypt 1.7 is required.

This mode is not yet enabled because there would be no way to return
to an older GnuPG version.  To test the new scheme use
gpg-protect-tool:

 ./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key
 ./gpg-protect-tool -av -P abc -u <prot.key

Any key from the private key storage should work.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Note that the persistant passphrase format is unimplemented.
Werner Koch [Tue, 12 Apr 2016 12:20:53 +0000 (14:20 +0200)]
doc: Note that the persistant passphrase format is unimplemented.

--

3 years agoindent: Help Emacs not to get confused by conditional compilation.
Werner Koch [Mon, 11 Apr 2016 08:24:15 +0000 (10:24 +0200)]
indent: Help Emacs not to get confused by conditional compilation.

* agent/protect.c (calibrate_get_time) [W32]: Use separate function
calls for W32 and W32CE.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Point to RFC-4880 for keyedit subcommand "tsign".
Werner Koch [Fri, 8 Apr 2016 07:49:15 +0000 (09:49 +0200)]
doc: Point to RFC-4880 for keyedit subcommand "tsign".

--

GnuPG-bug-id: 2283

3 years agog10: Fix exporting secret keys of certain sizes.
Justus Winter [Thu, 7 Apr 2016 11:55:42 +0000 (13:55 +0200)]
g10: Fix exporting secret keys of certain sizes.

* g10/build-packet.c (do_key): Do not use the header length specified
by the public key packet from the keyring, but let 'write_header2'
compute the required length.
--
Specifically exporting RSA keys of length 1024 failed, as the encoded
public key packet requires 141 bytes a length that fits into one byte,
but the secret key is significantly larger, making the export fail.

GnuPG-bug-id: 2307
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Fix typo.
Justus Winter [Thu, 7 Apr 2016 11:51:26 +0000 (13:51 +0200)]
g10: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agodoc: Update help.ru.txt
Ineiev [Wed, 6 Apr 2016 16:42:31 +0000 (18:42 +0200)]
doc: Update help.ru.txt

--

3 years agoRevert "g10: Support armored keyrings in gpgv."
Justus Winter [Wed, 6 Apr 2016 09:34:11 +0000 (11:34 +0200)]
Revert "g10: Support armored keyrings in gpgv."

This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.

3 years agodirmngr: Autodetect PEM format in dirmngr-client.
Justus Winter [Tue, 5 Apr 2016 14:01:05 +0000 (16:01 +0200)]
dirmngr: Autodetect PEM format in dirmngr-client.

* dirmngr/dirmngr-client.c (init_asctobin): New function.
(main): Move the initialization code to the new function.
(read_pem_certificate): Initialize base64 table.
(read_certificate): Try to decode certificates given in files as PEM
first.

GnuPG-bug-id: 1844
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agobuild: Fix for: Build gpgcompose only in maintainer mode
Werner Koch [Tue, 5 Apr 2016 13:24:56 +0000 (15:24 +0200)]
build: Fix for: Build gpgcompose only in maintainer mode

* g10/Makefile.am (noinst_PROGRAMS): Always add module_tests.
--

Fixes-commit: 4b5341d

3 years agodoc: Install gpg and gpgv man pages under the correct name.
Werner Koch [Tue, 5 Apr 2016 13:15:28 +0000 (15:15 +0200)]
doc: Install gpg and gpgv man pages under the correct name.

* doc/mkdefsinc.c (main): Add double include guard.  Set variable
gpgtwohack. Define macros gpgname and gpgvname.
* doc/gpg.texi: Remove macro definition for gpgname.  Use Texinfo var
gpgtwohack to prepare the man pages.  Use @gpgname everywhere.
* doc/gpgv.texi: Likewise.
* doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add
them depending on USE_GPG2_HACK.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agobuild: Build gpgcompose only in maintainer mode
Werner Koch [Tue, 5 Apr 2016 09:18:45 +0000 (11:18 +0200)]
build: Build gpgcompose only in maintainer mode

* g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose only in maintainer
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Replace use of "gpg2" by GPG_NAME
Werner Koch [Tue, 5 Apr 2016 09:10:09 +0000 (11:10 +0200)]
gpg: Replace use of "gpg2" by GPG_NAME

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoNow build "gpg" binary but install as "gpg2"
Werner Koch [Mon, 4 Apr 2016 15:42:24 +0000 (17:42 +0200)]
Now build "gpg" binary but install as "gpg2"

* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--

Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agotests: Add missing file.
Werner Koch [Mon, 4 Apr 2016 16:38:53 +0000 (18:38 +0200)]
tests: Add missing file.

* tests/openpgp/Makefile.am (TEST_FILES): Add plain-largeo.asc.
--

Fixes-commit: 785a7f463ec4e937304ce1263c5e6a46e8079137

3 years agog10: Support armored keyrings in gpgv.
Justus Winter [Mon, 4 Apr 2016 15:05:50 +0000 (17:05 +0200)]
g10: Support armored keyrings in gpgv.

* doc/gpgv.texi: Document the feature.
* g10/Makefile.am (gpgv2_SOURCES): Add dearmor.c.
* g10/dearmor.c (dearmor_file): Add sink argument.
* g10/gpg.c (main): Adapt accordingly.
* g10/gpgv.c (make_temp_dir): New function.
(main): De-armor keyrings.
* g10/main.h (dearmor_file): Adapt prototype.

GnuPG-bug-id: 2290
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Fix default key test.
Justus Winter [Mon, 4 Apr 2016 11:10:28 +0000 (13:10 +0200)]
tests: Fix default key test.

* tests/openpgp/default-key.test: Avoid using the option
'--trust-model' unconditionally.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agopo: Fix misleading german translation.
Justus Winter [Fri, 1 Apr 2016 14:38:24 +0000 (16:38 +0200)]
po: Fix misleading german translation.

--
GnuPG-bug-id: 2239
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agobuild: Check for conflicting trust model options.
Justus Winter [Fri, 1 Apr 2016 12:53:48 +0000 (14:53 +0200)]
build: Check for conflicting trust model options.

* configure.ac: Disable TOFU if configured without trust models, and
check for conflicting options.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Remove option --always-trust if compiled without trust models.
Justus Winter [Fri, 1 Apr 2016 12:51:56 +0000 (14:51 +0200)]
g10: Remove option --always-trust if compiled without trust models.

* g10/gpg.c (opts): Remove option --always-trust if compiled without
trust models.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agospeedo,w32: Build libsqlite3.
Justus Winter [Thu, 31 Mar 2016 15:51:39 +0000 (17:51 +0200)]
speedo,w32: Build libsqlite3.

* build-aux/speedo.mk (speedo_spkgs): Add libsqlite3 on w32.
(libsqlite3_ver): New variable.
(speedo_pkg_libsqlite3_tar): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Use gpg-error abstraction of sched_yield.
Justus Winter [Thu, 31 Mar 2016 15:23:31 +0000 (17:23 +0200)]
g10: Use gpg-error abstraction of sched_yield.

* g10/tofu.c (begin_transaction): Use 'gpgrt_yield'.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpg: Fix NULL-segv for missing tofu DB.
Werner Koch [Tue, 29 Mar 2016 11:30:19 +0000 (13:30 +0200)]
gpg: Fix NULL-segv for missing tofu DB.

* g10/tofu.c (opendb): Guard call to timeout function.
--

GnuPG-bug-id: 2294

Fix not tested but is pretty obvious.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Improve message when asking for key capabilities.
Werner Koch [Tue, 22 Mar 2016 19:24:52 +0000 (20:24 +0100)]
gpg: Improve message when asking for key capabilities.

* g10/keygen.c (ask_key_flags): Improve message.
--

Because the curve is only selected after the capabilities are queried
we do not know whether ECDSA or EdDSA will eventually be used.  When
printing the possible capabilities we now use print "ECDSA/EdDSA" for
the algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Remove the extra prompt for Curve25519.
Werner Koch [Tue, 22 Mar 2016 18:55:25 +0000 (19:55 +0100)]
gpg: Remove the extra prompt for Curve25519.

* g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
(ask_curve): Use a fixed table of curve names and reserve a slot for
Curve448.  Simplify CurveNNNN/EdNNNN switching.
(ask_curve): Remove the Curve25519 is non-standard prompt.
--

Given that ECC generation is only available in export mode and that
gpg will in any case support our current ed2559/cv25519 definition the
extra prompt does not make anymore sense.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Silence trustdb computation with --quiet.
Werner Koch [Sat, 19 Mar 2016 13:43:18 +0000 (14:43 +0100)]
gpg: Silence trustdb computation with --quiet.

* g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agosm: Always create a keybox header when creating a new keybox.
Werner Koch [Thu, 17 Mar 2016 14:15:48 +0000 (15:15 +0100)]
sm: Always create a keybox header when creating a new keybox.

* sm/keydb.c (maybe_create_keybox): Create the header blob.
--

This is required so that g10/keydb.c can properly detect that a keybox
file is actually there.  Just writing a 0 zero length keybox file is
not sufficient because a file with that name may also be an old-style
OpenPGP keyring.

GnuPG-bug-id: 2275
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Improve documentation of --enable-large-rsa.
Neal H. Walfield [Thu, 17 Mar 2016 10:13:57 +0000 (11:13 +0100)]
doc: Improve documentation of --enable-large-rsa.

* doc/gpg.texi (--enable-large-rsa): Improve text.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Bernhard Reiter <bernhard@intevation.de>
3 years agoagent: allow removal of the shadowed key.
NIIBE Yutaka [Wed, 16 Mar 2016 23:37:58 +0000 (08:37 +0900)]
agent: allow removal of the shadowed key.

* agent/findkey.c (agent_delete_key): Remove the key when asked.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agog10: Add const qualifier.
NIIBE Yutaka [Wed, 16 Mar 2016 02:52:41 +0000 (11:52 +0900)]
g10: Add const qualifier.

* g10/gpgcompose.c (show_help): Those are strings not to be modified.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agogpg: Do not rely on a certain evaluation order.
Werner Koch [Tue, 15 Mar 2016 08:22:24 +0000 (09:22 +0100)]
gpg: Do not rely on a certain evaluation order.

* g10/keyedit.c (print_and_check_one_sig): Call check_key_signature
before derefing IS_SELFSIG.
--

Fixes-commit: 5fbd80579aea0f75ca1d2700515c5b8747a75c7d
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Add manufacturer id 0x000a
Werner Koch [Mon, 14 Mar 2016 16:49:36 +0000 (17:49 +0100)]
scd: Add manufacturer id 0x000a

* g10/card-util.c (get_manufacturer): Add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Silence message if --quiet is given.
Kevin J. McCarthy [Thu, 10 Mar 2016 11:41:06 +0000 (12:41 +0100)]
g10: Silence message if --quiet is given.

* g10/getkey.c (parse_def_secret_key): Silence message if --quiet is
given.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpg: Add a new test.
Neal H. Walfield [Tue, 8 Mar 2016 13:08:15 +0000 (14:08 +0100)]
gpg: Add a new test.

* g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc.
(module_tests): Add t-stutter.
(t_stutter_SOURCES): New variable.
(t_stutter_LDADD): New variable.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Add a test to check that the Mister and Zuccerato attack described in
"An Attack on CFB Mode Encryption As Used by OpenPGP" works.

3 years agosm: Implement pinentry loopback and reading passphrases from fd.
Justus Winter [Mon, 7 Mar 2016 17:09:41 +0000 (18:09 +0100)]
sm: Implement pinentry loopback and reading passphrases from fd.

* doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'.
* sm/Makefile.am (gpgsm_SOURCES): Add new files
* sm/call-agent.c (struct default_inq_parm_s): New definition.
(start_agent): Pass in the pinentry mode.
(default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries.
Adapt all call sites to the new callback cookie.
* sm/gpgsm.c (cmd_and_opt_values): Add new values.
(opts): Add new options.
(main): Handle new options.
* sm/gpgsm.h (struct opt): Add field 'pinentry_mode'.
* sm/passphrase.c: New file.
* sm/passphrase.h: Likewise.

GnuPG-bug-id: 1970
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agosm: Remove unused argument '--fixed-passphrase'.
Justus Winter [Mon, 7 Mar 2016 12:32:35 +0000 (13:32 +0100)]
sm: Remove unused argument '--fixed-passphrase'.

* doc/gpgsm.texi: Drop description.
* sm/gpgsm.c (cmd_and_opt_values): Drop enum value.
(opts): Drop argument.
(main): Drop argument handling.
* sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agokbx: Avoid undefined behavior.
Justus Winter [Mon, 7 Mar 2016 13:25:38 +0000 (14:25 +0100)]
kbx: Avoid undefined behavior.

* kbx/keybox-file.c (_keybox_read_blob2): Cast to unsigned int before
shifting.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agoscd: Bug fix for a device with multiple interfaces.
NIIBE Yutaka [Mon, 7 Mar 2016 11:12:38 +0000 (20:12 +0900)]
scd: Bug fix for a device with multiple interfaces.

* scd/ccid-driver.c (scan_or_find_usb_device): Use IFC_NO when
accessing interface information.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agobuild: Make libusb a hard requirement if the ccid driver is requested.
Justus Winter [Fri, 4 Mar 2016 14:03:26 +0000 (15:03 +0100)]
build: Make libusb a hard requirement if the ccid driver is requested.

* configure.ac: Print an error message and die if the internal ccid
driver is requested but no suitable libusb is found.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Drop superfluous declaration.
Justus Winter [Fri, 4 Mar 2016 12:33:04 +0000 (13:33 +0100)]
g10: Drop superfluous declaration.

* g10/main.h (disable_core_dumps): Drop declaration.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Guard code against errors.
Justus Winter [Fri, 4 Mar 2016 12:29:45 +0000 (13:29 +0100)]
g10: Guard code against errors.

* g10/keygen.c (do_generate_keypair): Check for errors, in which case
'pri_psk' is NULL.

Fixes-commit: bf9d1248
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agodoc: Drop superfluous 'is'.
Justus Winter [Fri, 4 Mar 2016 12:09:11 +0000 (13:09 +0100)]
doc: Drop superfluous 'is'.

--
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agodirmngr: Add more missing CFLAGS.
Justus Winter [Thu, 3 Mar 2016 12:47:42 +0000 (13:47 +0100)]
dirmngr: Add more missing CFLAGS.

* dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add
'GCRYPT_CFLAGS'.
(t_dns_stuff_CFLAGS): Likewise.

GnuPG-bug-id: 2235
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests/openpgp: Skip gpgtar test if it has not been built.
Justus Winter [Thu, 3 Mar 2016 11:22:30 +0000 (12:22 +0100)]
tests/openpgp: Skip gpgtar test if it has not been built.

* tests/openpgp/gpgtar.test: Check if executable exists.

GnuPG-bug-id: 2261
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpg: Add new program gpgcompose.
Neal H. Walfield [Wed, 2 Mar 2016 15:00:44 +0000 (16:00 +0100)]
gpg: Add new program gpgcompose.

* g10/packet.h: Include "util.h".
* g10/encrypt.c (encrypt_seskey): Don't mark as static.
* g10/gpgcompose.c: New file.
* g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose.
(gpg2_SOURCES): Split everything but gpg.c into...
(gpg_sources): ... this new variable.
(gpgcompose_SOURCES): New variable.
(gpgcompose_LDADD): Likewise.
(gpgcompose_LDFLAGS): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: More robustly detect valid non-armored OpenPGP messages.
Neal H. Walfield [Wed, 2 Mar 2016 14:47:01 +0000 (15:47 +0100)]
gpg: More robustly detect valid non-armored OpenPGP messages.

* g10/armor.c (is_armored): More robustly detect valid non-armored
OpenPGP messages.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Provide a function for mapping packet types to strings.
Neal H. Walfield [Wed, 2 Mar 2016 14:45:39 +0000 (15:45 +0100)]
common: Provide a function for mapping packet types to strings.

* common/openpgpdefs.h (pkttype_str): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Rename pop_filter to iobuf_pop_filter and export it.
Neal H. Walfield [Wed, 2 Mar 2016 14:42:18 +0000 (15:42 +0100)]
gpg: Rename pop_filter to iobuf_pop_filter and export it.

* common/iobuf.c (pop_filter): Rename from this...
(iobuf_pop_filter): ... to this.  Don't mark it as static.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Split write_pubkey_enc_from_list.
Neal H. Walfield [Wed, 2 Mar 2016 14:38:16 +0000 (15:38 +0100)]
gpg: Split write_pubkey_enc_from_list.

* g10/encrypt.c (write_pubkey_enc_from_list): Split the body of this
function out into...
(write_pubkey_enc): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Allow the caller to write the contents of a plaintext packet.
Neal H. Walfield [Wed, 2 Mar 2016 14:35:39 +0000 (15:35 +0100)]
gpg: Allow the caller to write the contents of a plaintext packet.

* g10/build-packet.c (do_plaintext): Change the semantics such that if
PT->BUF is NULL, it is the caller's responsibility to write the
content (and disable partial body length mode, if appropriate).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Add a new function for creating binary notations.
Neal H. Walfield [Mon, 29 Feb 2016 13:12:57 +0000 (14:12 +0100)]
gpg: Add a new function for creating binary notations.

* g10/build-packet.c (blob_to_notation): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Refactor the printing of binary notations.
Neal H. Walfield [Mon, 29 Feb 2016 13:09:43 +0000 (14:09 +0100)]
gpg: Refactor the printing of binary notations.

* g10/build-packet.c (sig_to_notation): Break printing of binary
notations into...
(notation_value_to_human_readable_string): ... this new function.
Provide a small preview of the binary data substituting non-printable
characters with '?'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agotests/openpgp: Make tests more portable.
Uldis Anšmits [Wed, 2 Mar 2016 16:55:56 +0000 (17:55 +0100)]
tests/openpgp: Make tests more portable.

* tests/openpgp/default-key.test: Avoid 'grep -q'.
* tests/openpgp/gpgtar.test: Avoid 'grep -qe' and 'diff -q'.
* tests/openpgp/use-exact-key.test: Avoid 'grep -q'.

GnuPG-bug-id: 2262
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon: Update README.
Justus Winter [Wed, 2 Mar 2016 13:27:30 +0000 (14:27 +0100)]
common: Update README.

--
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon: Consolidate Assuan server argument handling.
Justus Winter [Wed, 2 Mar 2016 13:14:33 +0000 (14:14 +0100)]
common: Consolidate Assuan server argument handling.

* common/Makefile.am (common_sources): Add new files.
* common/server-help.c: New file.
* common/server-help.h: Likewise.
* agent/command.c: Drop argument handling primitives in favor of using
the consolidated ones.
* dirmngr/server.c: Likewise.
* g10/server.c: Likewise.
* g13/server.c: Likewise.
* scd/command.c: Likewise.
* sm/server.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agodirmngr: Add missing CFLAGS.
Justus Winter [Tue, 1 Mar 2016 14:07:29 +0000 (15:07 +0100)]
dirmngr: Add missing CFLAGS.

* dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add
'GPG_ERROR_CFLAGS'.
(t_dns_stuff_CFLAGS): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotools: Drop superfluous include.
Justus Winter [Tue, 1 Mar 2016 13:51:35 +0000 (14:51 +0100)]
tools: Drop superfluous include.

* tools/gpgtar.c: Do not include unused 'npth.h'.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpg: Prettify a 2 octet hex output.
Werner Koch [Fri, 26 Feb 2016 10:41:18 +0000 (11:41 +0100)]
gpg: Prettify a 2 octet hex output.

* g10/sig-check.c (check_key_signature2): Wrap line and use %02x.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Show debugging info if a sig with an unsupported sig class is used.
Neal H. Walfield [Thu, 25 Feb 2016 20:22:55 +0000 (21:22 +0100)]
gpg: Show debugging info if a sig with an unsupported sig class is used.

* g10/sig-check.c (check_key_signature2): If SIG->CLASS is
unsupported, show some debugging information.  Don't use BUG to fail.
Just return GPG_ERR_BAD_SIGNATURE.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: More carefully encode a packet's length.
Neal H. Walfield [Thu, 25 Feb 2016 20:20:32 +0000 (21:20 +0100)]
gpg: More carefully encode a packet's length.

* g10/build-packet.c (write_header2): Make sure the length bits are
cleared.  Fail if HDRLEN is set and the specified length can't be
encoded in the available space.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Avoid directly twiddling bits.
Neal H. Walfield [Thu, 25 Feb 2016 20:16:41 +0000 (21:16 +0100)]
gpg: Avoid directly twiddling bits.

* g10/build-packet.c (do_plaintext): Use ctb_new_format_p to check the
packet's format.
(write_header2): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Improve documentation and comments related to OpenPGP packets.
Neal H. Walfield [Thu, 25 Feb 2016 20:08:56 +0000 (21:08 +0100)]
gpg: Improve documentation and comments related to OpenPGP packets.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Add some asserts.
Neal H. Walfield [Thu, 25 Feb 2016 14:19:04 +0000 (15:19 +0100)]
gpg: Add some asserts.

* g10/build-packet.c (ctb_new_format_p): New function.
(ctb_pkttype): New function.
(do_user_id): Add some asserts.
(do_key): Likewise.
(do_symkey_enc): Likewise.
(do_pubkey_enc): Likewise.
(do_plaintext): Likewise.
(do_encrypted): Likewise.
(do_encrypted_mdc): Likewise.
(do_compressed): Likewise.
(do_signature): Likewise.
(do_signature): Likewise.
(write_header2): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Avoid an unnecessary copy.
Neal H. Walfield [Thu, 25 Feb 2016 13:51:55 +0000 (14:51 +0100)]
gpg: Avoid an unnecessary copy.

* g10/build-packet.c (sig_to_notation): Avoid an unnecessary copy of
the data: the size of the packet is fixed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Reduce buffer size.
Neal H. Walfield [Tue, 23 Feb 2016 21:39:58 +0000 (22:39 +0100)]
common: Reduce buffer size.

* common/iobuf.c (iobuf_copy): Change buffer size from 1 MB to 32 KB.

--
Change suggested by Werner based on the observation that other buffers
are of a similar size.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Improve a function's documentation and comments.
Neal H. Walfield [Tue, 23 Feb 2016 20:28:24 +0000 (21:28 +0100)]
common: Improve a function's documentation and comments.

* common/iobuf.c (iobuf_set_partial_body_length_mode): Fix
documentation and comment.  Add an assert.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Add log_assert.
Neal H. Walfield [Tue, 23 Feb 2016 20:14:21 +0000 (21:14 +0100)]
common: Add log_assert.

* common/logging.h (log_assert): New macro.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Use higher-level functions.
Neal H. Walfield [Tue, 23 Feb 2016 20:07:09 +0000 (21:07 +0100)]
gpg: Use higher-level functions.

* g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of
iobuf_put in a loop.  Use iobuf_copy instead of iobuf_read and
iobuf_write in a loop.  Move the memory wiping from here...
* common/iobuf.c (iobuf_copy): ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Check for an error before reading.
Neal H. Walfield [Tue, 23 Feb 2016 20:04:29 +0000 (21:04 +0100)]
common: Check for an error before reading.

* common/iobuf.c (iobuf_copy): If DEST has a pending error, don't
start copying.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: More accurately name function.
Neal H. Walfield [Tue, 23 Feb 2016 19:36:07 +0000 (20:36 +0100)]
common: More accurately name function.

* common/iobuf.c (iobuf_set_partial_block_mode): Rename from this...
(iobuf_set_partial_body_length_mode): ... to this.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agog13: Add commands --suspend and --remove.
Werner Koch [Tue, 23 Feb 2016 13:32:46 +0000 (14:32 +0100)]
g13: Add commands --suspend and --remove.

* g13/g13.c (aSuspend, aResume): New.
(opts): Add commands --suspend and --resume.
(main): Implement dummy command aUmount.  Implement commands aResume
and aSuspend.
* g13/sh-cmd.c (cmd_suspend): New.
(cmd_resume): New.
(register_commands): Add commands RESUME and SUSPEND.
* g13/server.c (cmd_suspend): New.
(cmd_resume): New.
(register_commands): Add commands RESUME and SUSPEND.
* g13/be-dmcrypt.c (be_dmcrypt_suspend_container): New.
(be_dmcrypt_resume_container): New.
* g13/backend.c (be_suspend_container): New.
(be_resume_container): New.
* g13/suspend.c, g13/suspend.h: New.
* g13/mount.c (parse_header, read_keyblob_prefix, read_keyblob)
(decrypt_keyblob, g13_is_container): Move to ...
* g13/keyblob.c: new file.
(keyblob_read): Rename to g13_keyblob_read and make global.
(keyblob_decrypt): Rename to g13_keyblob_decrypt and make global.
* g13/sh-dmcrypt.c (check_blockdev): Add arg expect_busy.
(sh_dmcrypt_suspend_container): New.
(sh_dmcrypt_resume_container): New.
* g13/call-syshelp.c (call_syshelp_run_suspend): New.
(call_syshelp_run_resume): New.
--

The --suspend command can be used before a hibernate operation to make
the encrypted partition inaccessible and wipe the key from the memory.
Before --suspend is called a sync(1) should be run to make sure that
their are no dirty buffers (dmsetup, as called by g13, actually does
this for you but it does not harm to do it anyway.  After the
partition has been suspended a

  echo 3 >proc/sys/vm/drop_caches

required to flush all caches which may still have content from the
encrypted partition.

The --resume command reverses the effect of the suspend but to do this
it needs to decrypt again.  Now, if the .gnupg directory lives on the
encrypted partition this will be problematic because due to the
suspend all processes accessing data on the encrypted partition will
be put into an uninterruptible sleep (ps(1) shows a state of 'D').
This needs to be avoided.  A workaround is to have a separate GnuPG
home directory (say, "~/.gnupg-fallback") with only the public keys
required to decrypt the partition along with a properly setup
conf files.  A

  GNUPGHOME=$(pwd)/.gnupg-fallback g13 --resume

should then be able to resume the encrypted partition using the
private key stored on a smartcard.

The implementation is pretty basic right now but useful to me.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog13: Run mount after dmsetup.
Werner Koch [Mon, 22 Feb 2016 09:56:27 +0000 (10:56 +0100)]
g13: Run mount after dmsetup.

* g13/g13-syshelp.c (main): Reject userids with a slash.
* g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Run mount if a
mountpoint is known.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agotests/openpgp: Qualify executables with extension.
Justus Winter [Tue, 12 Jan 2016 10:43:06 +0000 (11:43 +0100)]
tests/openpgp: Qualify executables with extension.

* tests/openpgp/Makefile.am (required_pgms): Qualify executables with
'$EXEEXT'.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests/openpgp: Reimplement 'pinentry.sh' in c.
Justus Winter [Fri, 22 Jan 2016 10:47:58 +0000 (11:47 +0100)]
tests/openpgp: Reimplement 'pinentry.sh' in c.

* tests/openpgp/Makefile.am: Build new program.
* tests/openpgp/defs.inc: Use the new program.
* tests/openpgp/fake-pinentry.c: New file.
--
Building an executable that does not require an interpreter makes it
easier to use on Windows.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests/openpgp: Avoid dependency on source files.
Justus Winter [Fri, 22 Jan 2016 11:10:57 +0000 (12:10 +0100)]
tests/openpgp: Avoid dependency on source files.

* tests/openpgp/plain-largeo.asc: New file.
* tests/openpgp/version.test: Dearmor the new file instead of relying
on the source being present.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests/openpgp: Fix file removal.
Justus Winter [Fri, 22 Jan 2016 11:06:06 +0000 (12:06 +0100)]
tests/openpgp: Fix file removal.

* tests/openpgp/version.test: Fix file removal.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon/exechelp: Provide a way to wait for multiple processes.
Justus Winter [Thu, 14 Jan 2016 17:20:14 +0000 (18:20 +0100)]
common/exechelp: Provide a way to wait for multiple processes.

* common/exechelp-posix.c (gnupg_wait_process): Generalize to
'gnupg_wait_processes'.
* common/exechelp-w32.c (gnupg_wait_process): Likewise.
* common/exechelp-w32ce.c (gnupg_wait_process): New function stub.
* common/exechelp.h (gnupg_wait_process): New prototype.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon/exechelp: Add general pipe function.
Justus Winter [Thu, 14 Jan 2016 13:14:25 +0000 (14:14 +0100)]
common/exechelp: Add general pipe function.

* common/exechelp-posix.c (gnupg_create_pipe): New function.
* common/exechelp-w32.c (INHERIT_{READ,WRITE,BOTH}): New macros.
(create_inheritable_pipe): Generalize so that both ends can be
inherited.
(do_create_pipe): Rename argument accordingly.
(gnupg_create_{in,out}bound_pipe): Use new flags.
(gnupg_create_pipe): New function.
(gnupg_spawn_process): Use new flags.
* common/exechelp-w32ce.c (gnupg_create_pipe): New stub.
* common/exechelp.h (gnupg_create_pipe): New prototype.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon/exechelp: Mute the Windows version.
Justus Winter [Thu, 4 Feb 2016 16:03:48 +0000 (17:03 +0100)]
common/exechelp: Mute the Windows version.

* common/exechelp-w32.c (gnupg_wait_process): Do not print an error if
the exit code can be returned.  This makes the Windows version behave
like the POSIX version.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon/exechelp: Avoid magic numbers.
Justus Winter [Mon, 25 Jan 2016 16:45:19 +0000 (17:45 +0100)]
common/exechelp: Avoid magic numbers.

* common/exechelp-w32.c (do_create_pipe): Use symbolic names.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon/exechelp: Disable debugging by default.
Justus Winter [Tue, 26 Jan 2016 11:43:40 +0000 (12:43 +0100)]
common/exechelp: Disable debugging by default.

* common/exechelp-w32.c (DEBUG_W32_SPAWN): Set to 0.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon/exechelp: Fix handle leak.
Justus Winter [Fri, 22 Jan 2016 10:11:55 +0000 (11:11 +0100)]
common/exechelp: Fix handle leak.

* common/exechelp-w32.c (gnupg_spawn_process_detached): Close process
handle.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon/exechelp: Fix opening the 'nul' device.
Justus Winter [Wed, 20 Jan 2016 11:13:35 +0000 (12:13 +0100)]
common/exechelp: Fix opening the 'nul' device.

* common/exechelp-w32.c (gnupg_spawn_process): Fix opening the 'nul'
device.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon/exechelp: Fix error handling.
Justus Winter [Tue, 19 Jan 2016 12:09:06 +0000 (13:09 +0100)]
common/exechelp: Fix error handling.

* common/exechelp-w32.c (gnupg_spawn_process): Close the right handle.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon/exechelp: Fix pipe creation.
Justus Winter [Tue, 19 Jan 2016 11:45:04 +0000 (12:45 +0100)]
common/exechelp: Fix pipe creation.

* common/exechelp-w32.c (gnupg_spawn_process): Fix the creation of the
input pipe.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotools/mk-tdata: Fix data generation on Windows.
Justus Winter [Fri, 22 Jan 2016 10:45:00 +0000 (11:45 +0100)]
tools/mk-tdata: Fix data generation on Windows.

* tools/mk-tdata.c (main): Set stdout to binary mode to avoid newline
conversion.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpg: Systematically detect and fix signatures that are out of order.
Neal H. Walfield [Fri, 19 Feb 2016 14:52:08 +0000 (15:52 +0100)]
gpg: Systematically detect and fix signatures that are out of order.

* g10/keyedit.c (sig_comparison): New function.
(fix_key_signature_order): Merge functionality into...
(check_all_keysigs): ... this function.  Rewrite to eliminate
duplicates and use a systematic approach to detecting and moving
signatures that are out of order instead of a heuristic.
(fix_keyblock): Don't call fix_key_signature_order.  Call
check_all_keysigs instead after collapsing the uids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2236

3 years agogpg: Split check_key_signature2.
Neal H. Walfield [Fri, 19 Feb 2016 14:30:03 +0000 (15:30 +0100)]
gpg: Split check_key_signature2.

* g10/sig-check.c (hash_uid_node): Rename from this...
(hash_uid_packet): ... to this.  Take a PKT_user_id instead of a
KBNODE.
(check_key_signature2): Split the basic signature checking
functionality into...
(check_signature_over_key_or_uid): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Split print_and_check_one_sig.
Neal H. Walfield [Fri, 19 Feb 2016 14:13:22 +0000 (15:13 +0100)]
gpg: Split print_and_check_one_sig.

* g10/keyedit.c (print_and_check_one_sig): Split the print
functionality into...
(print_one_sig): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Split the function check_signature_end.
Neal H. Walfield [Fri, 19 Feb 2016 13:10:09 +0000 (14:10 +0100)]
gpg: Split the function check_signature_end.

* g10/sig-check.c (check_signature_end): Break the basic signature
check into...
(check_signature_end_simple): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Use format_keyid rather than manually formatting the keyid.
Neal H. Walfield [Fri, 19 Feb 2016 13:59:19 +0000 (14:59 +0100)]
gpg: Use format_keyid rather than manually formatting the keyid.

* g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
manually formatting the keyid.
* g10/keygen.c (card_write_key_to_backup_file): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Initialize the primary key when generating a key.
Neal H. Walfield [Fri, 19 Feb 2016 13:53:29 +0000 (14:53 +0100)]
gpg: Initialize the primary key when generating a key.

* g10/keygen.c (do_generate_keypair): Initialize
pri_psk->flags.primary, pri_psk->keyid and pri_psk->main_keyid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Add accessor & utility functions for pk->keyid and pk->main_keyid.
Neal H. Walfield [Fri, 19 Feb 2016 13:48:56 +0000 (14:48 +0100)]
gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid.

* g10/keydb.h (keyid_cmp): New function.
* g10/keyid.c (pk_keyid): New function.
(pk_main_keyid): New function.
(keyid_copy): New function.
(pk_keyid_str): New function.
* g10/packet.h (PKT_public_key): Update comments for main_keyid and
keyid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk,
NULL) to ensure that pk->keyid is valid.  Because it is easy to forget
to do this, these accessor functions take care of it.

3 years agogpgparsemail: Allow weirdly-mixed pkcs7 signatures.
Daniel Kahn Gillmor [Mon, 8 Feb 2016 20:44:07 +0000 (15:44 -0500)]
gpgparsemail: Allow weirdly-mixed pkcs7 signatures.

* tools/gpgparsemail.c: Add and check info->signing_protocol_2.

--
Some mailers in the wild will generate messages that have the a weird
structure where they use the x- prefix in one part and drop it in
another.

For example, the main MIME part as a whole has:

Content-Type: multipart/signed;
   protocol="application/x-pkcs7-signature"

but the signature sub-part has:

  Content-Type: application/pkcs7-signature

(or vice versa, where the x- prefix is in the sub-part but not the
protocol= section on the main MIME object)

This change also avoids allocating strings for these comparisons,
since the const strings in question are already available in the built
executable, and no dynamic labels are needed.

===
- 2 lines reformatted to keep them below 90 cols. - wk

3 years agogpg: Clean up dangling agent_open and agent_closed declarations.
Daniel Kahn Gillmor [Thu, 11 Feb 2016 12:08:55 +0000 (07:08 -0500)]
gpg: Clean up dangling agent_open and agent_closed declarations.

* g10/keydb.h: Remove agent_open, agent_close declarations/
* g10/migrate.c: #include <unistd.h> for access()

--
agent_open() is only defined statically in common/simple-pw-query.c,
it is neither used nor referenced anywhere else.  agent_close doesn't
exist anywhere.  The removal of these declarations removes an
unecessary inclusion of libassuan.h.

migrate.c was relying on keydb.h -> libassuan.h -> unistd.h for the
declaration of access(), so we now handle that explicitly instead.

3 years agow32: Make scdaemon build again due to libusb problem.
Werner Koch [Tue, 16 Feb 2016 15:47:22 +0000 (16:47 +0100)]
w32: Make scdaemon build again due to libusb problem.

* configure.ac: Add hack to disable libusb for Windows.  Also use
$host instead of $target in the switch
 --

The new test for libusb does not support cross-compiling.  As a quick
workaround we disable libusb for Windows because we can't use it anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agow32: Do not error out if gpgconf is not installed.
Werner Koch [Tue, 16 Feb 2016 15:07:44 +0000 (16:07 +0100)]
w32: Do not error out if gpgconf is not installed.

* common/homedir.c (check_portable_app): Remove error message.
--

It is sometimes useful to install just gpgv and no other parts.  Our
test for a portable application returned an error if gpgconf is not
installed.  That error is not required but was merely a debug aid.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Make ASCII armor decoding more robust to encoding errors.
Neal H. Walfield [Sun, 14 Feb 2016 15:00:10 +0000 (16:00 +0100)]
gpg: Make ASCII armor decoding more robust to encoding errors.

* g10/armor.c (radix64_read): If the = is followed by the string "3D",
check if the following four characters are valid radix 64 and are
followed by a new line.  If so, warn and ignore the '3D'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2250

3 years agodoc: Add a gnupg-module-overview picture.
Werner Koch [Tue, 16 Feb 2016 11:58:53 +0000 (12:58 +0100)]
doc: Add a gnupg-module-overview picture.

* doc/gnupg-module-overview.svg: New.
* doc/debugging.texi (Component interaction): New.
* doc/Makefile.am (EXTRA_DIST): Add PNG and PDF versions of
gnupg-module-overview.svg.  Remove two eps files.
(BUILT_SOURCES): Add gnupg-module-overview.pdf and .png.  Remove
gnupg-card-architecture.epsl
(gnupg_TEXINFOS): Add gnupg-module-overview.svg
(gnupg.dvi): New.
(DISTCLEANFILES): Remove build eps files.
--

Many thanks to Emanuel Schütze for helping with the redesign of the
module overview.  The original file has been used by mere for years in
talks but was never a proper part of GnuPG.

The EPS files have been removed due to their size.  Thus to build the
"dvi" target the convert tool is required.

Signed-off-by: Werner Koch <wk@gnupg.org>