security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Merge branch 'STABLE-BRANCH-2-2' into master 

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-01-25 16:48:07 +01:00
parent db7661b5a2 91a3d15cee
commit 149369a92b
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
48 changed files with 1221 additions and 1090 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
NEWS
View File

@ -47,6 +47,9 @@ Noteworthy changes in version 2.3.0 (unreleased)
* agent: Improve robustness of the shutdown pending
state. [Git#7ffedfab89]
See-also: gnupg-announce/2017q4/000417.html
Changes also found in 2.2.2:
* gpg: Avoid duplicate key imports by concurrently running gpg
@ -88,6 +91,8 @@ Noteworthy changes in version 2.3.0 (unreleased)
* Add configure option --enable-werror. [#2423]
See-also: gnupg-announce/2017q4/000416.html
Changes also found in 2.2.1:
* gpg: Fix formatting of the user id in batch mode key generation

2
common/homedir.c
View File

@ -554,7 +554,7 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
};
int i;
struct stat sb;
char prefix[13 + 1 + 20 + 6 + 1];
char prefix[19 + 1 + 20 + 6 + 1];
const char *s;
char *name = NULL;

27
common/logging.h
View File

@ -150,4 +150,31 @@ void log_printhex (const void *buffer, size_t length, const char *text);
void log_clock (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2);
#endif /* Use gnupg internal logging functions. */
/* Some handy assertion macros which don't abort. */
#define return_if_fail(expr) do { \
if (!(expr)) { \
log_debug ("%s:%d: assertion '%s' failed\n", \
__FILE__, __LINE__, #expr ); \
return; \
} } while (0)
#define return_null_if_fail(expr) do { \
if (!(expr)) { \
log_debug ("%s:%d: assertion '%s' failed\n", \
__FILE__, __LINE__, #expr ); \
return NULL; \
} } while (0)
#define return_val_if_fail(expr,val) do { \
if (!(expr)) { \
log_debug ("%s:%d: assertion '%s' failed\n", \
__FILE__, __LINE__, #expr ); \
return (val); \
} } while (0)
#define never_reached() do { \
log_debug ("%s:%d: oops - should never get here\n", \
__FILE__, __LINE__ ); \
} while (0)
#endif /*GNUPG_COMMON_LOGGING_H*/

2
configure.ac
View File

@ -59,7 +59,7 @@ NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.7.0
NEED_LIBASSUAN_API=2
NEED_LIBASSUAN_VERSION=2.4.3
NEED_LIBASSUAN_VERSION=2.5.0
NEED_KSBA_API=1
NEED_KSBA_VERSION=1.3.4

19
doc/gpg.texi
View File

@ -622,7 +622,9 @@ This section explains the main commands for key management.
@table @gnupgtabopt
@item --quick-generate-key @var{user-id} [@var{algo} [@var{usage} [@var{expire}]]]
@itemx --quick-gen-key
@opindex quick-generate-key
@opindex quick-gen-key
This is a simple command to generate a standard key with one user id.
In contrast to @option{--generate-key} the key is generated directly
without the need to answer a bunch of prompts. Unless the option
@ -3130,8 +3132,9 @@ will be read from file descriptor @var{n}. If you use 0 for @var{n},
the passphrase will be read from STDIN. This can only be used if only
one passphrase is supplied.
Note that this passphrase is only used if the option @option{--batch}
has also been given. This is different from GnuPG version 1.x.
Note that since Version 2.0 this passphrase is only used if the
option @option{--batch} has also been given. Since Version 2.1
the @option{--pinentry-mode} also needs to be set to @code{loopback}.
@item --passphrase-file @var{file}
@opindex passphrase-file
@ -3140,8 +3143,10 @@ be read from file @var{file}. This can only be used if only one
passphrase is supplied. Obviously, a passphrase stored in a file is
of questionable security if other users can read this file. Don't use
this option if you can avoid it.
Note that this passphrase is only used if the option @option{--batch}
has also been given. This is different from GnuPG version 1.x.
Note that since Version 2.0 this passphrase is only used if the
option @option{--batch} has also been given. Since Version 2.1
the @option{--pinentry-mode} also needs to be set to @code{loopback}.
@item --passphrase @var{string}
@opindex passphrase
@ -3149,8 +3154,10 @@ Use @var{string} as the passphrase. This can only be used if only one
passphrase is supplied. Obviously, this is of very questionable
security on a multi-user system. Don't use this option if you can
avoid it.
Note that this passphrase is only used if the option @option{--batch}
has also been given. This is different from GnuPG version 1.x.
Note that since Version 2.0 this passphrase is only used if the
option @option{--batch} has also been given. Since Version 2.1
the @option{--pinentry-mode} also needs to be set to @code{loopback}.
@item --pinentry-mode @var{mode}
@opindex pinentry-mode

8
doc/tools.texi
View File

@ -407,6 +407,14 @@ changing.
This means that the changes will take effect at run-time, as far as
this is possible. Otherwise, they will take effect at the next start
of the respective backend programs.
@item --status-fd @var{n}
@opindex status-fd
Write special status strings to the file descriptor @var{n}. This
program returns the status messages SUCCESS or FAILURE which are
helpful when the caller uses a double fork approach and can't easily
get the return code of the process.
@manpause
@end table

37
doc/wks.texi
View File

@ -174,18 +174,23 @@ Display a brief help page and exit.
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-check-key
.I user-id
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-install-key
.I file
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-remove-key
.I mailaddr
.I user-id
.br
.B gpg-wks-server
.RI [ options ]
.B \-\-revoke-key
.I mailaddr
.I user-id
@end ifset
@mansect description
@ -208,8 +213,22 @@ The command @option{--list-domains} prints all configured domains.
Further it creates missing directories for the configuration and
prints warnings pertaining to problems in the configuration.
The commands @option{--install-key}, @option{--remove-key}, and
@option{--revoke-key} are not yet functional.
The command @option{--check-key} (or just @option{--check}) checks
whether a key with the given user-id is installed. The process return
success in this case; to also print a diagnostic, use option
@option{-v}. If the key is not installed a diagnostics is printed and
the process returns failure; to suppress the diagnostic, use option
@option{-q}. More than one user-id can be given; see also option
@option{with-file}.
The command @option{--remove-key} uninstalls a key from the WKD. The
process return success in this case; to also print a diagnostic, use
option @option{-v}. If the key is not installed a diagnostics is
printed and the process returns failure; to suppress the diagnostic,
use option @option{-q}.
The commands @option{--install-key} and @option{--revoke-key} are not
yet functional.
@mansect options
@ -237,6 +256,16 @@ Requires installation of that command.
Write the created mail also to @var{file}. Note that the value
@code{-} for @var{file} would write it to stdout.
@item --with-dir
@opindex with-dir
Also print the directory name for each domain listed by command
@option{--list-domains}.
@item --with-file
@opindex with-file
With command @option{--check-key} print for each user-id, the address,
'i' for installed key or 'n' for not installed key, and the filename.
@item --verbose
@opindex verbose
Enable extra informational output.

67
g10/keygen.c
View File

@ -1684,6 +1684,13 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
if (!curve || !*curve)
return gpg_error (GPG_ERR_UNKNOWN_CURVE);
/* Map the displayed short forms of some curves to their canonical
* names. */
if (!ascii_strcasecmp (curve, "cv25519"))
curve = "Curve25519";
else if (!ascii_strcasecmp (curve, "ed25519"))
curve = "Ed25519";
/* Note that we use the "comp" flag with EdDSA to request the use of
a 0x40 compression prefix octet. */
if (algo == PUBKEY_ALGO_EDDSA)
@ -2991,9 +2998,11 @@ generate_user_id (KBNODE keyblock, const char *uidstr)
* success is returned. On error an error code is returned. Note
* that STRING may be modified by this function. NULL may be passed
* for any parameter. FOR_SUBKEY shall be true if this is used as a
* subkey. If CLEAR_CERT is set a default CERT usage will be cleared;
* this is useful if for example the default algorithm is used for a
* subkey. */
static gpg_error_t
parse_key_parameter_part (char *string, int for_subkey,
parse_key_parameter_part (char *string, int for_subkey, int clear_cert,
int *r_algo, unsigned int *r_size,
unsigned int *r_keyuse,
char const **r_curve)
@ -3144,6 +3153,10 @@ parse_key_parameter_part (char *string, int for_subkey,
if (!for_subkey)
keyuse |= PUBKEY_USAGE_CERT;
/* But if requested remove th cert usage. */
if (clear_cert)
keyuse &= ~PUBKEY_USAGE_CERT;
/* Check that usage is actually possible. */
if (/**/((keyuse & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
&& !pubkey_get_nsig (algo))
@ -3215,14 +3228,16 @@ parse_key_parameter_part (char *string, int for_subkey,
* -1 := Both parts
* 0 := Only the part of the primary key
* 1 := If there is one part parse that one, if there are
* two parts parse the second part. Always return
* in the args for the primary key (R_ALGO,....).
* two parts parse the part which best matches the
* SUGGESTED_USE or in case that can't be evaluated the second part.
* Always return using the args for the primary key (R_ALGO,....).
*
*/
gpg_error_t
parse_key_parameter_string (const char *string, int part,
unsigned int suggested_use,
int *r_algo, unsigned int *r_size,
unsigned *r_keyuse,
unsigned int *r_keyuse,
char const **r_curve,
int *r_subalgo, unsigned int *r_subsize,
unsigned *r_subkeyuse,
@ -3249,9 +3264,10 @@ parse_key_parameter_string (const char *string, int part,
*r_subcurve = NULL;
if (!string || !*string
|| !strcmp (string, "default") || !strcmp (string, "-"))
|| !ascii_strcasecmp (string, "default") || !strcmp (string, "-"))
string = get_default_pubkey_algo ();
else if (!strcmp (string, "future-default"))
else if (!ascii_strcasecmp (string, "future-default")
|| !ascii_strcasecmp (string, "futuredefault"))
string = FUTURE_STD_KEY_PARAM;
primary = xstrdup (string);
@ -3260,18 +3276,31 @@ parse_key_parameter_string (const char *string, int part,
*secondary++ = 0;
if (part == -1 || part == 0)
{
err = parse_key_parameter_part (primary, 0, r_algo, r_size,
err = parse_key_parameter_part (primary, 0, 0, r_algo, r_size,
r_keyuse, r_curve);
if (!err && part == -1)
err = parse_key_parameter_part (secondary, 1, r_subalgo, r_subsize,
err = parse_key_parameter_part (secondary, 1, 0, r_subalgo, r_subsize,
r_subkeyuse, r_subcurve);
}
else if (part == 1)
{
/* If we have SECONDARY, use that part. If there is only one
* part consider this to be the subkey algo. */
err = parse_key_parameter_part (secondary? secondary : primary, 1,
r_algo, r_size, r_keyuse, r_curve);
* part consider this to be the subkey algo. In case a
* SUGGESTED_USE has been given and the usage of the secondary
* part does not match SUGGESTED_USE try again using the primary
* part. Noet thar when falling back to the primary key we need
* to force clearing the cert usage. */
if (secondary)
{
err = parse_key_parameter_part (secondary, 1, 0,
r_algo, r_size, r_keyuse, r_curve);
if (!err && suggested_use && r_keyuse && !(suggested_use & *r_keyuse))
err = parse_key_parameter_part (primary, 1, 1 /*(clear cert)*/,
r_algo, r_size, r_keyuse, r_curve);
}
else
err = parse_key_parameter_part (primary, 1, 0,
r_algo, r_size, r_keyuse, r_curve);
}
xfree (primary);
@ -3358,7 +3387,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key,
* for the curve etc. That is a ugly but demanded for backward
* compatibility with the batch key generation. It would be
* better to make full use of parse_key_parameter_string. */
parse_key_parameter_string (NULL, 0,
parse_key_parameter_string (NULL, 0, 0,
&i, NULL, NULL, NULL,
NULL, NULL, NULL, NULL);
@ -4080,9 +4109,10 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
if (!*expirestr || strcmp (expirestr, "-") == 0)
expirestr = default_expiration_interval;
if ((!*algostr || !strcmp (algostr, "default")
|| !strcmp (algostr, "future-default"))
&& (!*usagestr || !strcmp (usagestr, "default")
if ((!*algostr || !ascii_strcasecmp (algostr, "default")
|| !ascii_strcasecmp (algostr, "future-default")
|| !ascii_strcasecmp (algostr, "futuredefault"))
&& (!*usagestr || !ascii_strcasecmp (usagestr, "default")
|| !strcmp (usagestr, "-")))
{
/* Use default key parameters. */
@ -4091,7 +4121,7 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
unsigned int keyuse, subkeyuse;
const char *curve, *subcurve;
err = parse_key_parameter_string (algostr, -1,
err = parse_key_parameter_string (algostr, -1, 0,
&algo, &size, &keyuse, &curve,
&subalgo, &subsize, &subkeyuse,
&subcurve);
@ -4470,7 +4500,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname,
#endif
, "--full-generate-key" );
err = parse_key_parameter_string (NULL, -1,
err = parse_key_parameter_string (NULL, -1, 0,
&algo, &size, &keyuse, &curve,
&subalgo, &subsize,
&subkeyuse, &subcurve);
@ -5017,6 +5047,7 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
}
err = parse_key_parameter_string (algostr, for_subkey? 1 : 0,
usagestr? parse_usagestr (usagestr):0,
&algo, &nbits, &use, &curve,
NULL, NULL, NULL, NULL);
if (err)
@ -5024,7 +5055,7 @@ parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
/* Parse the usage string. */
if (!usagestr || !*usagestr
|| !strcmp (usagestr, "default") || !strcmp (usagestr, "-"))
|| !ascii_strcasecmp (usagestr, "default") || !strcmp (usagestr, "-"))
; /* Keep usage from parse_key_parameter_string. */
else if ((wantuse = parse_usagestr (usagestr)) != -1)
use = wantuse;

10
g10/mainproc.c
View File

@ -495,7 +495,7 @@ proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
|| have_secret_key_with_kid (enc->keyid)))
{
if(opt.list_only)
result = -1;
result = GPG_ERR_MISSING_ACTION; /* fixme: Use better error code. */
else
{
c->dek = xmalloc_secure_clear (sizeof *c->dek);
@ -513,9 +513,7 @@ proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
else
result = GPG_ERR_PUBKEY_ALGO;
if (result == -1)
;
else
if (1)
{
/* Store it for later display. */
struct kidlist_item *x = xmalloc (sizeof *x);
@ -583,6 +581,10 @@ print_pkenc_list (ctrl_t ctrl, struct kidlist_item *list, int failed)
write_status_text (STATUS_NO_SECKEY, buf);
}
}
else if (gpg_err_code (list->reason) == GPG_ERR_MISSING_ACTION)
{
/* Not tested for secret key due to --list-only mode. */
}
else if (list->reason)
{
log_info (_("public key decryption failed: %s\n"),

1
kbx/kbxutil.c
View File

@ -464,7 +464,6 @@ main( int argc, char **argv )
/*create_dotlock(NULL); register locking cleanup */
/* We need to use the gcry malloc function because jnlib uses them. */
keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );

69
kbx/keybox-defs.h
View File

@ -33,16 +33,7 @@
#include <sys/types.h> /* off_t */
/* We include the type definitions from jnlib instead of defining our
owns here. This will not allow us build KBX in a standalone way
but there is currently no need for it anyway. Same goes for
stringhelp.h which for example provides a replacement for stpcpy -
fixme: Better use the LIBOBJ mechnism. */
#include "../common/types.h"
#include "../common/stringhelp.h"
#include "../common/dotlock.h"
#include "../common/logging.h"
#include "../common/util.h"
#include "keybox.h"
@ -209,64 +200,10 @@ int _keybox_dump_cut_records (const char *filename, unsigned long from,
/*-- keybox-util.c --*/
void *_keybox_malloc (size_t n);
void *_keybox_calloc (size_t n, size_t m);
void *_keybox_realloc (void *p, size_t n);
void _keybox_free (void *p);
#define xtrymalloc(a) _keybox_malloc ((a))
#define xtrycalloc(a,b) _keybox_calloc ((a),(b))
#define xtryrealloc(a,b) _keybox_realloc((a),(b))
#define xfree(a) _keybox_free ((a))
#define DIM(v) (sizeof(v)/sizeof((v)[0]))
#define DIMof(type,member) DIM(((type *)0)->member)
#ifndef STR
# define STR(v) #v
#endif
#define STR2(v) STR(v)
/*
a couple of handy macros
*/
#define return_if_fail(expr) do { \
if (!(expr)) { \
fprintf (stderr, "%s:%d: assertion '%s' failed\n", \
__FILE__, __LINE__, #expr ); \
return; \
} } while (0)
#define return_null_if_fail(expr) do { \
if (!(expr)) { \
fprintf (stderr, "%s:%d: assertion '%s' failed\n", \
__FILE__, __LINE__, #expr ); \
return NULL; \
} } while (0)
#define return_val_if_fail(expr,val) do { \
if (!(expr)) { \
fprintf (stderr, "%s:%d: assertion '%s' failed\n", \
__FILE__, __LINE__, #expr ); \
return (val); \
} } while (0)
#define never_reached() do { \
fprintf (stderr, "%s:%d: oops; should never get here\n", \
__FILE__, __LINE__ ); \
} while (0)
/* some macros to replace ctype ones and avoid locale problems */
#define digitp(p) (*(p) >= '0' && *(p) <= '9')
#define hexdigitp(a) (digitp (a) \
|| (*(a) >= 'A' && *(a) <= 'F') \
|| (*(a) >= 'a' && *(a) <= 'f'))
/* the atoi macros assume that the buffer has only valid digits */
#define atoi_1(p) (*(p) - '0' )
#define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1))
#define atoi_4(p) ((atoi_2(p) * 100) + atoi_2((p)+2))
#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
*(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
* A couple of handy macros
*/
#endif /*KEYBOX_DEFS_H*/

53
kbx/keybox-util.c
View File

@ -27,52 +27,6 @@
#endif
#include "keybox-defs.h"
#include "../common/utilproto.h"
static void *(*alloc_func)(size_t n) = malloc;
static void *(*realloc_func)(void *p, size_t n) = realloc;
static void (*free_func)(void*) = free;
void
keybox_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
void *(*new_realloc_func)(void *p, size_t n),
void (*new_free_func)(void*) )
{
alloc_func = new_alloc_func;
realloc_func = new_realloc_func;
free_func = new_free_func;
}
void *
_keybox_malloc (size_t n)
{
return alloc_func (n);
}
void *
_keybox_realloc (void *a, size_t n)
{
return realloc_func (a, n);
}
void *
_keybox_calloc (size_t n, size_t m)
{
void *p = _keybox_malloc (n*m);
if (p)
memset (p, 0, n* m);
return p;
}
void
_keybox_free (void *p)
{
if (p)
free_func (p);
}
/* Store the two malloced temporary file names used for keybox updates
@ -146,10 +100,3 @@ keybox_tmp_names (const char *filename, int for_keyring,
*r_tmpname = tmp_name;
return 0;
}
gpg_error_t
keybox_file_rename (const char *oldname, const char *newname,
int *block_signals)
{
return gnupg_rename_file (oldname, newname, block_signals);
}

4
kbx/keybox.h
View File

@ -127,10 +127,6 @@ int keybox_rebuild_cache (void *);
/*-- keybox-util.c --*/
void keybox_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
void *(*new_realloc_func)(void *p, size_t n),
void (*new_free_func)(void*) );
gpg_error_t keybox_tmp_names (const char *filename, int for_keyring,
char **r_bakname, char **r_tmpname);

8
po/ca.po
View File

@ -495,10 +495,6 @@ msgstr "error mentre s'enviava a «%s»: %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "AVÍS: els permissos són insegurs en %s «%s»\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "ha fallat l'actualització: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "s'està escrivint la clau secreta a «%s»\n"
@ -9153,6 +9149,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "ha fallat l'actualització: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

1315
po/cs.po
View File

File diff suppressed because it is too large Load Diff

7
po/da.po
View File

@ -505,10 +505,6 @@ msgstr "fejl ved binding af sokkel til »%s«: %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "Advarsel: usikre rettigheder på %s »%s«\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "listen() mislykkedes: %s\n"
#, fuzzy, c-format
#| msgid "listening on socket `%s'\n"
msgid "listening on socket '%s'\n"
@ -9213,6 +9209,9 @@ msgstr ""
"Syntaks: gpg-check-pattern [tilvalg] mønsterfil\n"
"Kontroller en adgangsfrase angivet på stdin mod mønsterfilen\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "listen() mislykkedes: %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "fang ikke tastatur og mus"

11
po/de.po
View File

@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2017-11-02 17:36+0100\n"
"PO-Revision-Date: 2017-12-19 12:28+0100\n"
"Last-Translator: Werner Koch <wk@gnupg.org>\n"
"Language-Team: German <de@li.org>\n"
"Language: de\n"
@ -452,10 +452,6 @@ msgstr "Der Socket kann nicht an `%s' gebunden werden: %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "Zugriffsrechte für '%s' können nicht gesetzt werden: %s\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "Der listen()-Aufruf ist fehlgeschlagen: %s\n"
#, c-format
msgid "listening on socket '%s'\n"
msgstr "Es wird auf Socket `%s' gehört\n"
@ -955,7 +951,7 @@ msgid "Data decryption succeeded"
msgstr "Entschlüsselung der Daten erfolgreich"
msgid "Encryption algorithm supported"
msgstr "Verschlüsselungsverfahren %d%s wird nicht unterstützt"
msgstr "Verschlüsselungsverfahren wird unterstützt"
msgid "Data verification succeeded"
msgstr "Prüfung der Signatur erfolgreich"
@ -8759,6 +8755,9 @@ msgstr ""
"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
"Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "Der listen()-Aufruf ist fehlgeschlagen: %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "Tastatur und Maus nicht \"grabben\""

8
po/el.po
View File

@ -466,10 +466,6 @@ msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: μη ασφαλείς άδειες στο %s \"%s\"\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "η ενημέρωση απέτυχε: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "εγγραφή του μυστικού κλειδιού στο `%s'\n"
@ -8979,6 +8975,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "η ενημέρωση απέτυχε: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

8
po/eo.po
View File

@ -466,10 +466,6 @@ msgstr "eraro dum sendo al '%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "Averto: malsekuraj permesoj sur %s \"%s\"\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "aktualigo malsukcesis: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "skribas sekretan ŝlosilon al '%s'\n"
@ -8920,6 +8916,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "aktualigo malsukcesis: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

7
po/es.po
View File

@ -521,10 +521,6 @@ msgstr "error enlazando el socket con `%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "Aviso: permisos inseguros en %s \"%s\"\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "listen() falló: %s\n"
#, fuzzy, c-format
#| msgid "listening on socket `%s'\n"
msgid "listening on socket '%s'\n"
@ -9252,6 +9248,9 @@ msgstr ""
"Compara frase contraseña dada en entrada estándar con un fichero de "
"patrones\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "listen() falló: %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "no acaparar teclado y ratón"

8
po/et.po
View File

@ -463,10 +463,6 @@ msgstr "viga teate saatmisel serverile `%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "HOIATUS: ebaturvalised õigused %s \"%s\"\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "uuendamine ebaõnnestus: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "kirjutan salajase võtme faili `%s'\n"
@ -8895,6 +8891,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "uuendamine ebaõnnestus: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

8
po/fi.po
View File

@ -480,10 +480,6 @@ msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "VAROITUS: oikeudet kohteessa %s \"%s\" eivät ole turvallisia\"\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "päivitys epäonnistui: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
@ -8957,6 +8953,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "päivitys epäonnistui: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

7
po/fr.po
View File

@ -467,10 +467,6 @@ msgstr "erreur de lien de la socket à « %s » : %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "Avertissement : les droits de %s ne sont pas sûrs « %s »\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "échec de listen() : %s\n"
#, c-format
msgid "listening on socket '%s'\n"
msgstr "écoute sur la socket « %s »\n"
@ -8935,6 +8931,9 @@ msgstr ""
"Vérifier une phrase secrète donnée sur l'entrée standard par rapport à "
"ficmotif\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "échec de listen() : %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "ne pas capturer le clavier et la souris"

8
po/gl.po
View File

@ -467,10 +467,6 @@ msgstr "erro ao enviar a `%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "AVISO: permisos inseguros en %s \"%s\"\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "a actualización fallou: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "gravando a chave secreta en `%s'\n"
@ -8986,6 +8982,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "a actualización fallou: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

8
po/hu.po
View File

@ -463,10 +463,6 @@ msgstr "Hiba %s-ra/-re küldéskor: %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "FIGYELEM: nem biztonságos engedélyek: %s \"%s\"\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "Frissítés sikertelen: %s.\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "Írom a titkos kulcsot a %s állományba.\n"
@ -8925,6 +8921,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "Frissítés sikertelen: %s.\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

8
po/id.po
View File

@ -468,10 +468,6 @@ msgstr "kesalahan mengirim ke `%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "Peringatan: permisi tidak aman pada %s \"%s\"\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "gagal memperbarui: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "menulis kunci rahasia ke `%s'\n"
@ -8918,6 +8914,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "gagal memperbarui: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

8
po/it.po
View File

@ -463,10 +463,6 @@ msgstr "errore leggendo `%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "ATTENZIONE: i permessi \"%s\" di %s sono insicuri\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "aggiornamento fallito: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "scrittura della chiave segreta in `%s'\n"
@ -8959,6 +8955,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "aggiornamento fallito: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

10
po/ja.po
View File

@ -433,10 +433,6 @@ msgstr "'%s'でソケットのバインドのエラー: %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "'%s'の許可が設定できません: %s\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "listen() に失敗しました: %s\n"
#, c-format
msgid "listening on socket '%s'\n"
msgstr "ソケット'%s'でlisten\n"
@ -1342,7 +1338,8 @@ msgstr "認証鍵の鍵長は? (%u) "
#, c-format
msgid "The card will now be re-configured to generate a key of type: %s\n"
msgstr "カードは、今、こちらのタイプの鍵を生成するように再コンフィグされました: %s\n"
msgstr ""
"カードは、今、こちらのタイプの鍵を生成するように再コンフィグされました: %s\n"
#, c-format
msgid "rounded up to %u bits\n"
@ -8322,6 +8319,9 @@ msgstr ""
"形式: gpg-check-pattern [オプション] パターンファイル\n"
"パターンファイルに対して標準入力のパスフレーズを確認する\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "listen() に失敗しました: %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "キーボードとマウスを占有しない"

7
po/nb.po
View File

@ -437,10 +437,6 @@ msgstr "feil under knytning av sokkel til «%s»: %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "klarte ikke å endre tillatelser til «%s»: %s\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "listen() mislyktes: %s\n"
#, c-format
msgid "listening on socket '%s'\n"
msgstr "lytter på sokkel «%s»\n"
@ -8440,6 +8436,9 @@ msgstr ""
"Syntaks: gpg-check-pattern [valg] mønsterfil\n"
"Kontroller passordfrase oppgitt på standard innkanal mot valgt mønsterfil\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "listen() mislyktes: %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "ikke bruk tastatur og mus"

4
po/nl.po
View File

@ -30,7 +30,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 2.0.28\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2015-06-07 16:56+0200\n"
"PO-Revision-Date: 2017-12-19 12:28+0100\n"
"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
"Language: nl\n"
@ -6501,7 +6501,7 @@ msgid "keybox `%s' created\n"
msgstr "sleuteldoosje `%s' is aangemaakt\n"
msgid "failed to get the fingerprint\n"
msgstr "opvragen van de vingerafdruk is mislukt: %s\n"
msgstr "opvragen van de vingerafdruk is mislukt\n"
#, c-format
msgid "problem looking for existing certificate: %s\n"

7
po/pl.po
View File

@ -494,10 +494,6 @@ msgstr "błąd podczas przypisywania gniazda do ,,%s'': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "Ostrzeżenie: niebezpieczne prawa dostępu do %s ,,%s''\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "listen() nie powiodło się: %s\n"
#, fuzzy, c-format
#| msgid "listening on socket `%s'\n"
msgid "listening on socket '%s'\n"
@ -9281,6 +9277,9 @@ msgstr ""
"Składnia: gpg-check-pattern [opcje] plik-wzorców\n"
"Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "listen() nie powiodło się: %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "nie przechwytywanie klawiatury i myszy"

8
po/pt.po
View File

@ -468,10 +468,6 @@ msgstr "erro ao enviar para `%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "AVISO: permissões pouco seguras em %s \"%s\"\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "actualização falhou: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "a escrever chave privada para `%s'\n"
@ -8927,6 +8923,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "actualização falhou: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

13
po/ro.po
View File

@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.4.2rc1\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2005-05-31 22:00-0500\n"
"PO-Revision-Date: 2017-12-19 12:30+0100\n"
"Last-Translator: Laurentiu Buzdugan <lbuz@rolix.org>\n"
"Language-Team: Romanian <translation-team-ro@lists.sourceforge.net>\n"
"Language: ro\n"
@ -478,10 +478,6 @@ msgstr "eroare trimitere la `%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "AVERTISMENT: permisiuni nesigure (unsafe) pentru extensia `%s'\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "actualizarea a eşuat: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "scriu cheia secretă în `%s'\n"
@ -3078,8 +3074,9 @@ msgstr ""
msgid "User ID \"%s\" is revoked."
msgstr "ID utilizator \"%s\" a fost revocat."
#, fuzzy
msgid "Are you sure you still want to sign it? (y/N) "
msgstr "Sunteţi sigur(ă) că doriţi să ştergeţi permanent \"%s\"? (d/N)"
msgstr "Sunteţi sigur(ă) că doriţi să ştergeţi permanent? (d/N)"
msgid " Unable to sign.\n"
msgstr " Nu pot semna.\n"
@ -9002,6 +8999,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "actualizarea a eşuat: %s\n"
#~ msgid "Error: URL too long (limit is %d characters).\n"
#~ msgstr "Eroare: URL prea lung (limita este de %d caractere).\n"

14
po/ru.po
View File

@ -11,7 +11,7 @@ msgid ""
msgstr ""
"Project-Id-Version: GnuPG 2.2.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2017-11-02 17:41+0100\n"
"PO-Revision-Date: 2017-12-13 17:41+0100\n"
"Last-Translator: Ineiev <ineiev@gnu.org>\n"
"Language-Team: Russian <gnupg-ru@gnupg.org>\n"
"Language: ru\n"
@ -444,10 +444,6 @@ msgstr "ошибка связывания сокета с '%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "не удалось задать права доступа для '%s': %s\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "сбой listen(): %s\n"
#, c-format
msgid "listening on socket '%s'\n"
msgstr "слушаем сокет '%s'\n"
@ -1349,10 +1345,9 @@ msgstr "Какой Вам нужен размер ключа для шифров
msgid "What keysize do you want for the Authentication key? (%u) "
msgstr "Какой Вам нужен размер ключа для удостоверения личности? (%u) "
#, fuzzy, c-format
#| msgid "The card will now be re-configured to generate a key of %u bits\n"
#, c-format
msgid "The card will now be re-configured to generate a key of type: %s\n"
msgstr "Теперь карта будет перенастроена на генерацию ключа длиной %u бит\n"
msgstr "Теперь карта будет перенастроена на генерацию ключа типа %s\n"
#, c-format
msgid "rounded up to %u bits\n"
@ -8583,6 +8578,9 @@ msgstr ""
"Синтаксис: gpg-check-pattern [параметры] файл_образцов\n"
"Проверить фразу-пароль, поступающую из stdin, по файлу образцов\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "сбой listen(): %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "не захватывать клавиатуру и мышь"

9
po/sk.po
View File

@ -468,10 +468,6 @@ msgstr "chyba pri posielaní na `%s': %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "VAROVANIE: prístupové práva pre %s nie sú nastavené bezpečne \"%s\"\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "aktualizácia zlyhala: %s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "zapisujem tajný kľúč do `%s'\n"
@ -4951,6 +4947,7 @@ msgstr "\"%s\" nie je súbor JPEG\n"
msgid "Is this photo correct (y/N/q)? "
msgstr "Je táto fotografia správna (a/N/u)? "
#, fuzzy
msgid "unable to display photo ID!\n"
msgstr "nemožno nastaviť exec-path na %s\n"
@ -8949,6 +8946,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "aktualizácia zlyhala: %s\n"
#, fuzzy
#~ msgid ""
#~ "can't check signature with unsupported public-key algorithm (%d): %s.\n"

7
po/sv.po
View File

@ -523,10 +523,6 @@ msgstr "fel när \"%s\" bands till uttag: %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "Varning: osäkra rättigheter på %s \"%s\"\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "listen() misslyckades: %s\n"
#, fuzzy, c-format
#| msgid "listening on socket `%s'\n"
msgid "listening on socket '%s'\n"
@ -9359,6 +9355,9 @@ msgstr ""
"Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
"Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "listen() misslyckades: %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "fånga inte tangentbord och mus"

7
po/tr.po
View File

@ -489,10 +489,6 @@ msgstr "soket `%s'e bağlanırken hata: %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "UYARI: %s üzerinde izinler güvensiz: \"%s\"\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "soket dinleme başarısız: %s\n"
#, fuzzy, c-format
#| msgid "listening on socket `%s'\n"
msgid "listening on socket '%s'\n"
@ -9265,6 +9261,9 @@ msgstr ""
"Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
"karşılaştırır\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "soket dinleme başarısız: %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "klavye ve fare gaspedilmez"

7
po/uk.po
View File

@ -439,10 +439,6 @@ msgstr "помилка під час спроби прив’язування с
msgid "can't set permissions of '%s': %s\n"
msgstr "не вдалося встановити права доступу до «%s»: %s\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "помилка listen(): %s\n"
#, c-format
msgid "listening on socket '%s'\n"
msgstr "очікування даних на сокеті «%s»\n"
@ -8693,6 +8689,9 @@ msgstr ""
"Синтаксис: gpg-check-pattern [параметри] файл_шаблонів\n"
"Перевірити пароль, вказаний у stdin, за допомогою файлааблонів\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "помилка listen(): %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "не захоплювати керування клавіатурою і мишею"

8
po/zh_CN.po
View File

@ -476,10 +476,6 @@ msgstr "在‘%s中寻找信任度记录时出错%s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "警告:扩展模块‘%s权限不安全\n"
#, fuzzy, c-format
msgid "listen() failed: %s\n"
msgstr "更新失败:%s\n"
#, fuzzy, c-format
msgid "listening on socket '%s'\n"
msgstr "正在将私钥写至`%s'\n"
@ -8826,6 +8822,10 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "listen() failed: %s\n"
#~ msgstr "更新失败:%s\n"
#~ msgid "Error: URL too long (limit is %d characters).\n"
#~ msgstr "错误URL 太长(至多 %d 个字符)\n"

7
po/zh_TW.po
View File

@ -446,10 +446,6 @@ msgstr "綁定 socket 至 '%s' 時出錯: %s\n"
msgid "can't set permissions of '%s': %s\n"
msgstr "警告: %s 的權限 \"%s\" 並不安全\n"
#, c-format
msgid "listen() failed: %s\n"
msgstr "listen() 失敗: %s\n"
#, c-format
msgid "listening on socket '%s'\n"
msgstr "正在候聽 socket '%s'\n"
@ -8476,6 +8472,9 @@ msgstr ""
"語法: gpg-check-pattern [選項] 樣式檔案\n"
"用樣式檔案來檢查由標準輸入給定的密語\n"
#~ msgid "listen() failed: %s\n"
#~ msgstr "listen() 失敗: %s\n"
#~ msgid "do not grab keyboard and mouse"
#~ msgstr "不要奪取鍵盤及滑鼠"

119
scd/app-openpgp.c
View File

@ -121,6 +121,7 @@ static struct {
/* V3.0 */
{ 0x7F74, 0, 0, 1, 0, 0, 0, 0, "General Feature Management"},
{ 0x00D5, 0, 0, 1, 0, 0, 0, 0, "AES key data"},
{ 0x00F9, 0, 0, 1, 0, 0, 0, 0, "KDF data object"},
{ 0 }
};
@ -199,7 +200,7 @@ struct app_local_s {
unsigned int private_dos:1;
unsigned int algo_attr_change:1; /* Algorithm attributes changeable. */
unsigned int has_decrypt:1; /* Support symmetric decryption. */
unsigned int kdf_do:1; /* Support KDF DOs. */
unsigned int kdf_do:1; /* Support KDF DO. */
unsigned int sm_algo:2; /* Symmetric crypto algo for SM. */
unsigned int pin_blk2:1; /* PIN block 2 format supported. */
@ -980,6 +981,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
{ "PRIVATE-DO-4", 0x0104 },
{ "$AUTHKEYID", 0x0000, -3 },
{ "$DISPSERIALNO",0x0000, -4 },
{ "KDF", 0x00F9 },
{ NULL, 0 }
};
int idx, i, rc;
@ -2054,6 +2056,47 @@ get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
return result;
}
/* Compute hash if KDF-DO is available. CHVNO must be 0 for reset
code, 1 or 2 for user pin and 3 for admin pin.
*/
static gpg_error_t
pin2hash_if_kdf (app_t app, int chvno, char *pinvalue, int *r_pinlen)
{
gpg_error_t err = 0;
void *relptr;
unsigned char *buffer;
size_t buflen;
if (app->app_local->extcap.kdf_do
&& (relptr = get_one_do (app, 0x00F9, &buffer, &buflen, NULL)))
{
char *salt;
unsigned long s2k_count;
char dek[32];
salt = &buffer[(chvno==3 ? 34 : (chvno==0 ? 24 : 14))];
s2k_count = (((unsigned int)buffer[8] << 24)
| (buffer[9] << 16) | (buffer[10] << 8) | buffer[11]);
err = gcry_kdf_derive (pinvalue, strlen (pinvalue),
GCRY_KDF_ITERSALTED_S2K,
DIGEST_ALGO_SHA256, salt, 8,
s2k_count, sizeof (dek), dek);
if (!err)
{
/* pinvalue has a buffer of MAXLEN_PIN+1, 32 is OK. */
*r_pinlen = 32;
memcpy (pinvalue, dek, *r_pinlen);
wipememory (dek, *r_pinlen);
}
xfree (relptr);
}
else
*r_pinlen = strlen (pinvalue);
return err;
}
/* Verify a CHV either using the pinentry or if possible by
using a pinpad. PINCB and PINCB_ARG describe the usual callback
@ -2068,8 +2111,8 @@ get_prompt_info (app_t app, int chvno, unsigned long sigcount, int remaining)
static gpg_error_t
verify_a_chv (app_t app,
gpg_error_t (*pincb)(void*, const char *, char **),
void *pincb_arg,
int chvno, unsigned long sigcount, char **pinvalue)
void *pincb_arg, int chvno, unsigned long sigcount,
char **pinvalue, int *pinlen)
{
int rc = 0;
char *prompt_buffer = NULL;
@ -2081,6 +2124,7 @@ verify_a_chv (app_t app,
log_assert (chvno == 1 || chvno == 2);
*pinvalue = NULL;
*pinlen = 0;
remaining = get_remaining_tries (app, 0);
if (remaining == -1)
@ -2169,8 +2213,9 @@ verify_a_chv (app_t app,
return gpg_error (GPG_ERR_BAD_PIN);
}
rc = iso7816_verify (app->slot, 0x80+chvno,
*pinvalue, strlen (*pinvalue));
rc = pin2hash_if_kdf (app, chvno, *pinvalue, pinlen);
if (!rc)
rc = iso7816_verify (app->slot, 0x80+chvno, *pinvalue, *pinlen);
}
if (rc)
@ -2194,11 +2239,12 @@ verify_chv2 (app_t app,
{
int rc;
char *pinvalue;
int pinlen;
if (app->did_chv2)
return 0; /* We already verified CHV2. */
rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue);
rc = verify_a_chv (app, pincb, pincb_arg, 2, 0, &pinvalue, &pinlen);
if (rc)
return rc;
app->did_chv2 = 1;
@ -2209,7 +2255,7 @@ verify_chv2 (app_t app,
the card is not configured to require a verification before
each CHV1 controlled operation (force_chv1) and if we are not
using the pinpad (PINVALUE == NULL). */
rc = iso7816_verify (app->slot, 0x81, pinvalue, strlen (pinvalue));
rc = iso7816_verify (app->slot, 0x81, pinvalue, pinlen);
if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
if (rc)
@ -2319,6 +2365,7 @@ verify_chv3 (app_t app,
else
{
char *pinvalue;
int pinlen;
rc = pincb (pincb_arg, prompt, &pinvalue);
xfree (prompt);
@ -2338,7 +2385,9 @@ verify_chv3 (app_t app,
return gpg_error (GPG_ERR_BAD_PIN);
}
rc = iso7816_verify (app->slot, 0x83, pinvalue, strlen (pinvalue));
rc = pin2hash_if_kdf (app, 3, pinvalue, &pinlen);
if (!rc)
rc = iso7816_verify (app->slot, 0x83, pinvalue, pinlen);
xfree (pinvalue);
}
@ -2389,6 +2438,7 @@ do_setattr (app_t app, const char *name,
{ "SM-KEY-MAC", 0x00D2, 3, 0, 1 },
{ "KEY-ATTR", 0, 0, 3, 1 },
{ "AESKEY", 0x00D5, 3, 0, 1 },
{ "KDF", 0x00F9, 3, 0, 1 },
{ NULL, 0 }
};
int exmode;
@ -2501,6 +2551,8 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
pininfo_t pininfo;
int use_pinpad = 0;
int minlen = 6;
int pinlen0 = 0;
int pinlen = 0;
(void)ctrl;
memset (&pininfo, 0, sizeof pininfo);
@ -2685,10 +2737,17 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
rc = gpg_error_from_syserror ();
else
{
strcpy (stpcpy (buffer, resetcode), pinvalue);
rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
buffer, strlen (buffer));
wipememory (buffer, strlen (buffer));
strcpy (buffer, resetcode);
rc = pin2hash_if_kdf (app, 0, buffer, &pinlen0);
if (!rc)
{
strcpy (buffer+pinlen0, pinvalue);
rc = pin2hash_if_kdf (app, 0, buffer+pinlen0, &pinlen);
}
if (!rc)
rc = iso7816_reset_retry_counter_with_rc (app->slot, 0x81,
buffer, pinlen0+pinlen);
wipememory (buffer, pinlen0 + pinlen);
xfree (buffer);
}
}
@ -2700,16 +2759,19 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
rc = gpg_error (GPG_ERR_BAD_PIN);
}
else
rc = iso7816_put_data (app->slot, 0, 0xD3,
pinvalue, strlen (pinvalue));
{
rc = pin2hash_if_kdf (app, 0, pinvalue, &pinlen);
if (!rc)
rc = iso7816_put_data (app->slot, 0, 0xD3, pinvalue, pinlen);
}
}
else if (reset_mode)
{
rc = iso7816_reset_retry_counter (app->slot, 0x81,
pinvalue, strlen (pinvalue));
rc = pin2hash_if_kdf (app, 1, pinvalue, &pinlen);
if (!rc)
rc = iso7816_reset_retry_counter (app->slot, 0x81, pinvalue, pinlen);
if (!rc && !app->app_local->extcap.is_v2)
rc = iso7816_reset_retry_counter (app->slot, 0x82,
pinvalue, strlen (pinvalue));
rc = iso7816_reset_retry_counter (app->slot, 0x82, pinvalue, pinlen);
}
else if (!app->app_local->extcap.is_v2)
{
@ -2750,14 +2812,20 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
pincb (pincb_arg, NULL, NULL); /* Dismiss the prompt. */
}
else
rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
oldpinvalue, strlen (oldpinvalue),
pinvalue, strlen (pinvalue));
{
rc = pin2hash_if_kdf (app, chvno, oldpinvalue, &pinlen0);
if (!rc)
rc = pin2hash_if_kdf (app, chvno, pinvalue, &pinlen);
if (!rc)
rc = iso7816_change_reference_data (app->slot, 0x80 + chvno,
oldpinvalue, pinlen0,
pinvalue, pinlen);
}
}
if (pinvalue)
{
wipememory (pinvalue, strlen (pinvalue));
wipememory (pinvalue, pinlen);
xfree (pinvalue);
}
if (rc)
@ -2771,7 +2839,7 @@ do_change_pin (app_t app, ctrl_t ctrl, const char *chvnostr,
}
if (oldpinvalue)
{
wipememory (oldpinvalue, strlen (oldpinvalue));
wipememory (oldpinvalue, pinlen0);
xfree (oldpinvalue);
}
return rc;
@ -4277,8 +4345,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
if (!app->did_chv1 || app->force_chv1 )
{
char *pinvalue;
int pinlen;
rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue);
rc = verify_a_chv (app, pincb, pincb_arg, 1, sigcount, &pinvalue, &pinlen);
if (rc)
return rc;
@ -4291,7 +4360,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
pinpad has been used. */
if (!app->did_chv2 && pinvalue && !app->app_local->extcap.is_v2)
{
rc = iso7816_verify (app->slot, 0x82, pinvalue, strlen (pinvalue));
rc = iso7816_verify (app->slot, 0x82, pinvalue, pinlen);
if (gpg_err_code (rc) == GPG_ERR_BAD_PIN)
rc = gpg_error (GPG_ERR_PIN_NOT_SYNCED);
if (rc)

17
scd/ccid-driver.c
View File

@ -1778,6 +1778,7 @@ do_close_reader (ccid_driver_t handle)
}
libusb_free_transfer (handle->transfer);
handle->transfer = NULL;
}
libusb_release_interface (handle->idev, handle->ifc_no);
--ccid_usb_thread_is_alive;
@ -2038,10 +2039,14 @@ bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
/*
* Communication failure by device side.
* Possibly, it was forcibly suspended and resumed.
*
* Only detect this kind of failure when interrupt transfer is
* not supported. For card reader with interrupt transfer
* support removal is detected by intr_cb.
*/
DEBUGOUT ("CCID: card inactive/removed\n");
if (handle->transfer == NULL)
if (handle->ep_intr < 0)
{
DEBUGOUT ("CCID: card inactive/removed\n");
handle->powered_off = 1;
scd_kick_the_loop ();
}
@ -2539,6 +2544,14 @@ ccid_get_atr (ccid_driver_t handle,
if (statusbits == 2)
return CCID_DRIVER_ERR_NO_CARD;
/*
* In the first invocation of ccid_slot_status, card reader may
* return CCID_DRIVER_ERR_CARD_INACTIVE and handle->powered_off may
* become 1. Because inactive card is no problem (we are turning it
* ON here), clear the flag.
*/
handle->powered_off = 0;
/* For an inactive and also for an active card, issue the PowerOn
command to get the ATR. */
again:

2
sm/gpgsm.c
View File

@ -1009,8 +1009,6 @@ main ( int argc, char **argv)
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
setup_libassuan_logging (&opt.debug, NULL);
keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
/* Setup a default control structure for command line mode */
memset (&ctrl, 0, sizeof ctrl);
gpgsm_init_default_ctrl (&ctrl);

2
tools/applygnupgdefaults
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Apply defaults from /etc/gnupg/gpg.conf to all users -*- sh -*-
# Apply defaults from /etc/gnupg/gpgconf.conf to all users -*- sh -*-
#
# Copyright 2007 Free Software Foundation, Inc.
#

195
tools/gpg-wks-server.c
View File

@ -66,11 +66,14 @@ enum cmd_and_opt_values
aInstallKey,
aRevokeKey,
aRemoveKey,
aCheck,
oGpgProgram,
oSend,
oFrom,
oHeader,
oWithDir,
oWithFile,
oDummy
};
@ -86,12 +89,15 @@ static ARGPARSE_OPTS opts[] = {
("run regular jobs")),
ARGPARSE_c (aListDomains, "list-domains",
("list configured domains")),
ARGPARSE_c (aCheck, "check",
("check whether a key is installed")),
ARGPARSE_c (aCheck, "check-key", "@"),
ARGPARSE_c (aInstallKey, "install-key",
"|FILE|install a key from FILE into the WKD"),
"install a key from FILE into the WKD"),
ARGPARSE_c (aRemoveKey, "remove-key",
"|ADDR|remove the key ADDR from the WKD"),
"remove a key from the WKD"),
ARGPARSE_c (aRevokeKey, "revoke-key",
"|ADDR|mark the key ADDR in the WKD as revoked"),
"mark a key as revoked"),
ARGPARSE_group (301, ("@\nOptions:\n ")),
@ -104,6 +110,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oFrom, "from", "|ADDR|use ADDR as the default sender"),
ARGPARSE_s_s (oHeader, "header" ,
"|NAME=VALUE|add \"NAME: VALUE\" as header to all mails"),
ARGPARSE_s_n (oWithDir, "with-dir", "@"),
ARGPARSE_s_n (oWithFile, "with-file", "@"),
ARGPARSE_end ()
};
@ -132,6 +140,13 @@ struct server_ctx_s
};
typedef struct server_ctx_s *server_ctx_t;
/* Flag for --with-dir. */
static int opt_with_dir;
/* Flag for --with-file. */
static int opt_with_file;
/* Prototypes. */
static gpg_error_t get_domain_list (strlist_t *r_list);
@ -142,6 +157,7 @@ static gpg_error_t command_list_domains (void);
static gpg_error_t command_install_key (const char *fname);
static gpg_error_t command_remove_key (const char *mailaddr);
static gpg_error_t command_revoke_key (const char *mailaddr);
static gpg_error_t command_check_key (const char *mailaddr);
static gpg_error_t command_cron (void);
@ -220,10 +236,17 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
case oOutput:
opt.output = pargs->r.ret_str;
break;
case oWithDir:
opt_with_dir = 1;
break;
case oWithFile:
opt_with_file = 1;
break;
case aReceive:
case aCron:
case aListDomains:
case aCheck:
case aInstallKey:
case aRemoveKey:
case aRevokeKey:
@ -243,7 +266,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts)
int
main (int argc, char **argv)
{
gpg_error_t err;
gpg_error_t err, firsterr;
ARGPARSE_ARGS pargs;
enum cmd_and_opt_values cmd;
@ -360,16 +383,29 @@ main (int argc, char **argv)
case aRemoveKey:
if (argc != 1)
wrong_args ("--remove-key MAILADDR");
wrong_args ("--remove-key USER-ID");
err = command_remove_key (*argv);
break;
case aRevokeKey:
if (argc != 1)
wrong_args ("--revoke-key MAILADDR");
wrong_args ("--revoke-key USER-ID");
err = command_revoke_key (*argv);
break;
case aCheck:
if (!argc)
wrong_args ("--check USER-IDs");
firsterr = 0;
for (; argc; argc--, argv++)
{
err = command_check_key (*argv);
if (!firsterr)
firsterr = err;
}
err = firsterr;
break;
default:
usage (1);
err = gpg_error (GPG_ERR_BUG);
@ -1776,7 +1812,11 @@ command_list_domains (void)
domain = strrchr (sl->d, '/');
log_assert (domain);
domain++;
es_printf ("%s\n", domain);
if (opt_with_dir)
es_printf ("%s %s\n", domain, sl->d);
else
es_printf ("%s\n", domain);
/* Check that the required directories are there. */
for (i=0; i < DIM (requireddirs); i++)
@ -1900,12 +1940,140 @@ command_install_key (const char *fname)
}
/* Remove the key with mail address MAILADDR. */
/* Return the filename and optioanlly the addrspec for USERID at
* R_FNAME and R_ADDRSPEC. R_ADDRSPEC might also be set on error. */
static gpg_error_t
command_remove_key (const char *mailaddr)
fname_from_userid (const char *userid, char **r_fname, char **r_addrspec)
{
(void)mailaddr;
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
gpg_error_t err;
char *addrspec = NULL;
const char *domain;
char *hash = NULL;
const char *s;
char shaxbuf[32]; /* Used for SHA-1 and SHA-256 */
*r_fname = NULL;
if (r_addrspec)
*r_addrspec = NULL;
addrspec = mailbox_from_userid (userid);
if (!addrspec)
{
if (opt.verbose)
log_info ("\"%s\" is not a proper mail address\n", userid);
err = gpg_error (GPG_ERR_INV_USER_ID);
goto leave;
}
domain = strchr (addrspec, '@');
log_assert (domain);
domain++;
/* Hash user ID and create filename. */
s = strchr (addrspec, '@');
log_assert (s);
gcry_md_hash_buffer (GCRY_MD_SHA1, shaxbuf, addrspec, s - addrspec);
hash = zb32_encode (shaxbuf, 8*20);
if (!hash)
{
err = gpg_error_from_syserror ();
goto leave;
}
*r_fname = make_filename_try (opt.directory, domain, "hu", hash, NULL);
if (!*r_fname)
err = gpg_error_from_syserror ();
else
err = 0;
leave:
if (r_addrspec && addrspec)
*r_addrspec = addrspec;
else
xfree (addrspec);
xfree (hash);
return err;
}
/* Check whether the key with USER_ID is installed. */
static gpg_error_t
command_check_key (const char *userid)
{
gpg_error_t err;
char *addrspec = NULL;
char *fname = NULL;
err = fname_from_userid (userid, &fname, &addrspec);
if (err)
goto leave;
if (access (fname, R_OK))
{
err = gpg_error_from_syserror ();
if (opt_with_file)
es_printf ("%s n %s\n", addrspec, fname);
if (gpg_err_code (err) == GPG_ERR_ENOENT)
{
if (!opt.quiet)
log_info ("key for '%s' is NOT installed\n", addrspec);
log_inc_errorcount ();
err = 0;
}
else
log_error ("error stating '%s': %s\n", fname, gpg_strerror (err));
goto leave;
}
if (opt_with_file)
es_printf ("%s i %s\n", addrspec, fname);
if (opt.verbose)
log_info ("key for '%s' is installed\n", addrspec);
err = 0;
leave:
xfree (fname);
xfree (addrspec);
return err;
}
/* Remove the key with mail address in USERID. */
static gpg_error_t
command_remove_key (const char *userid)
{
gpg_error_t err;
char *addrspec = NULL;
char *fname = NULL;
err = fname_from_userid (userid, &fname, &addrspec);
if (err)
goto leave;
if (gnupg_remove (fname))
{
err = gpg_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_ENOENT)
{
if (!opt.quiet)
log_info ("key for '%s' is not installed\n", addrspec);
log_inc_errorcount ();
err = 0;
}
else
log_error ("error removing '%s': %s\n", fname, gpg_strerror (err));
goto leave;
}
if (opt.verbose)
log_info ("key for '%s' removed\n", addrspec);
err = 0;
leave:
xfree (fname);
xfree (addrspec);
return err;
}
@ -1913,6 +2081,7 @@ command_remove_key (const char *mailaddr)
static gpg_error_t
command_revoke_key (const char *mailaddr)
{
(void)mailaddr;
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
/* Remove should be different from removing but we have not yet
* defined a suitable way to do this. */
return command_remove_key (mailaddr);
}

29
tools/gpgconf-comp.c
View File

@ -48,6 +48,7 @@
#include "../common/i18n.h"
#include "../common/exechelp.h"
#include "../common/sysutils.h"
#include "../common/status.h"
#include "../common/gc-opt-flags.h"
#include "gpgconf.h"
@ -99,7 +100,7 @@ gc_error (int status, int errnum, const char *fmt, ...)
{
log_printf (NULL);
log_printf ("fatal error (exit status %i)\n", status);
exit (status);
gpgconf_failure (gpg_error_from_errno (errnum));
}
}
@ -1310,7 +1311,7 @@ gc_component_launch (int component)
{
es_fputs (_("Component not suitable for launching"), es_stderr);
es_putc ('\n', es_stderr);
exit (1);
gpgconf_failure (0);
}
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
@ -3757,6 +3758,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
{
gc_error (0, 0, "missing rule at '%s', line %d", fname, lineno);
result = -1;
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"missing rule",
GPG_ERR_SYNTAX, fname, lineno);
continue;
}
*p++ = 0;
@ -3786,6 +3791,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
{
gc_error (0, 0, "missing component at '%s', line %d",
fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
" missing component",
GPG_ERR_NO_NAME, fname, lineno);
result = -1;
continue;
}
@ -3797,6 +3806,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
{
gc_error (0, 0, "unknown component at '%s', line %d",
fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"unknown component",
GPG_ERR_UNKNOWN_NAME, fname, lineno);
result = -1;
}
@ -3809,6 +3822,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
{
gc_error (0, 0, "missing option at '%s', line %d",
fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"missing option",
GPG_ERR_INV_NAME, fname, lineno);
result = -1;
continue;
}
@ -3821,6 +3838,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
{
gc_error (0, 0, "unknown option at '%s', line %d",
fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"unknown option",
GPG_ERR_UNKNOWN_OPTION, fname, lineno);
result = -1;
}
}
@ -3837,6 +3858,10 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
{
gc_error (0, 0, "syntax error in rule at '%s', line %d",
fname, lineno);
gpgconf_write_status (STATUS_WARNING,
"gpgconf.conf %d file '%s' line %d "
"syntax error in rule",
GPG_ERR_SYNTAX, fname, lineno);
result = -1;
continue;
}

112
tools/gpgconf.c
View File

@ -29,6 +29,7 @@
#include "../common/i18n.h"
#include "../common/sysutils.h"
#include "../common/init.h"
#include "../common/status.h"
/* Constants to identify the commands and options. */
@ -45,6 +46,7 @@ enum cmd_and_opt_values
oNoVerbose = 500,
oHomedir,
oBuilddir,
oStatusFD,
aListComponents,
aCheckPrograms,
@ -100,6 +102,7 @@ static ARGPARSE_OPTS opts[] =
{ oQuiet, "quiet", 0, N_("quiet") },
{ oDryRun, "dry-run", 0, N_("do not make any changes") },
{ oRuntime, "runtime", 0, N_("activate changes at runtime, if possible") },
ARGPARSE_s_i (oStatusFD, "status-fd", N_("|FD|write status info to this FD")),
/* hidden options */
{ oHomedir, "homedir", 2, "@" },
{ oBuilddir, "build-prefix", 2, "@" },
@ -110,6 +113,11 @@ static ARGPARSE_OPTS opts[] =
};
/* The stream to output the status information. Status Output is disabled if
* this is NULL. */
static estream_t statusfp;
/* Print usage information and provide strings for help. */
static const char *
my_strusage( int level )
@ -159,6 +167,60 @@ get_outfp (estream_t *fp)
}
/* Set the status FD. */
static void
set_status_fd (int fd)
{
static int last_fd = -1;
if (fd != -1 && last_fd == fd)
return;
if (statusfp && statusfp != es_stdout && statusfp != es_stderr)
es_fclose (statusfp);
statusfp = NULL;
if (fd == -1)
return;
if (fd == 1)
statusfp = es_stdout;
else if (fd == 2)
statusfp = es_stderr;
else
statusfp = es_fdopen (fd, "w");
if (!statusfp)
{
log_fatal ("can't open fd %d for status output: %s\n",
fd, gpg_strerror (gpg_error_from_syserror ()));
}
last_fd = fd;
}
/* Write a status line with code NO followed by the output of the
* printf style FORMAT. The caller needs to make sure that LFs and
* CRs are not printed. */
void
gpgconf_write_status (int no, const char *format, ...)
{
va_list arg_ptr;
if (!statusfp)
return; /* Not enabled. */
es_fputs ("[GNUPG:] ", statusfp);
es_fputs (get_status_string (no), statusfp);
if (format)
{
es_putc (' ', statusfp);
va_start (arg_ptr, format);
es_vfprintf (statusfp, format, arg_ptr);
va_end (arg_ptr);
}
es_putc ('\n', statusfp);
}
static void
list_dirs (estream_t fp, char **names)
{
@ -493,6 +555,9 @@ main (int argc, char **argv)
case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
case oBuilddir: gnupg_set_builddir (pargs.r.ret_str); break;
case oNull: opt.null = 1; break;
case oStatusFD:
set_status_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
break;
case aListDirs:
case aListComponents:
@ -518,7 +583,7 @@ main (int argc, char **argv)
}
if (log_get_errorcount (0))
exit (2);
gpgconf_failure (GPG_ERR_USER_2);
/* Print a warning if an argument looks like an option. */
if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
@ -554,7 +619,7 @@ main (int argc, char **argv)
es_putc ('\n', es_stderr);
es_fputs (_("Need one component argument"), es_stderr);
es_putc ('\n', es_stderr);
exit (2);
gpgconf_failure (GPG_ERR_USER_2);
}
else
{
@ -563,7 +628,7 @@ main (int argc, char **argv)
{
es_fputs (_("Component not found"), es_stderr);
es_putc ('\n', es_stderr);
exit (1);
gpgconf_failure (0);
}
if (cmd == aCheckOptions)
gc_component_check_options (idx, get_outfp (&outfp), NULL);
@ -571,7 +636,7 @@ main (int argc, char **argv)
{
gc_component_retrieve_options (idx);
if (gc_process_gpgconf_conf (NULL, 1, 0, NULL))
exit (1);
gpgconf_failure (0);
if (cmd == aListOptions)
gc_component_list_options (idx, get_outfp (&outfp));
else if (cmd == aChangeOptions)
@ -589,14 +654,14 @@ main (int argc, char **argv)
es_putc ('\n', es_stderr);
es_fputs (_("Need one component argument"), es_stderr);
es_putc ('\n', es_stderr);
exit (2);
gpgconf_failure (GPG_ERR_USER_2);
}
else if (!strcmp (fname, "all"))
{
if (cmd == aLaunch)
{
if (gc_component_launch (-1))
exit (1);
gpgconf_failure (0);
}
else
{
@ -613,12 +678,12 @@ main (int argc, char **argv)
{
es_fputs (_("Component not found"), es_stderr);
es_putc ('\n', es_stderr);
exit (1);
gpgconf_failure (0);
}
else if (cmd == aLaunch)
{
if (gc_component_launch (idx))
exit (1);
gpgconf_failure (0);
}
else
{
@ -646,7 +711,7 @@ main (int argc, char **argv)
{
es_fputs (_("Component not found"), es_stderr);
es_putc ('\n', es_stderr);
exit (1);
gpgconf_failure (0);
}
else
{
@ -657,12 +722,12 @@ main (int argc, char **argv)
case aListConfig:
if (gc_process_gpgconf_conf (fname, 0, 0, get_outfp (&outfp)))
exit (1);
gpgconf_failure (0);
break;
case aCheckConfig:
if (gc_process_gpgconf_conf (fname, 0, 0, NULL))
exit (1);
gpgconf_failure (0);
break;
case aApplyDefaults:
@ -672,17 +737,17 @@ main (int argc, char **argv)
es_putc ('\n', es_stderr);
es_fputs (_("No argument allowed"), es_stderr);
es_putc ('\n', es_stderr);
exit (2);
gpgconf_failure (GPG_ERR_USER_2);
}
gc_component_retrieve_options (-1);
if (gc_process_gpgconf_conf (NULL, 1, 1, NULL))
exit (1);
gpgconf_failure (0);
break;
case aApplyProfile:
gc_component_retrieve_options (-1);
if (gc_apply_profile (fname))
exit (1);
gpgconf_failure (0);
break;
case aListDirs:
@ -697,7 +762,7 @@ main (int argc, char **argv)
{
es_fprintf (es_stderr, "usage: %s --query-swdb NAME [VERSION]\n",
GPGCONF_NAME);
exit (2);
gpgconf_failure (GPG_ERR_USER_2);
}
get_outfp (&outfp);
query_swdb (outfp, fname, argc > 1? argv[1] : NULL);
@ -804,5 +869,22 @@ main (int argc, char **argv)
if (es_fclose (outfp))
gc_error (1, errno, "error closing '%s'", opt.outfile);
if (log_get_errorcount (0))
gpgconf_failure (0);
else
gpgconf_write_status (STATUS_SUCCESS, NULL);
return 0;
}
void
gpgconf_failure (gpg_error_t err)
{
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
gpgconf_write_status
(STATUS_FAILURE, "- %u",
gpg_err_code (err) == GPG_ERR_USER_2? GPG_ERR_EINVAL : err);
exit (gpg_err_code (err) == GPG_ERR_USER_2? 2 : 1);
}

4
tools/gpgconf.h
View File

@ -36,6 +36,10 @@ struct
} opt;
/*-- gpgconf.c --*/
void gpgconf_write_status (int no, const char *format,
...) GPGRT_ATTR_PRINTF(2,3);
void gpgconf_failure (gpg_error_t err) GPGRT_ATTR_NORETURN;
/*-- gpgconf-comp.c --*/