1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-30 11:31:32 +01:00

5486 Commits

Author SHA1 Message Date
NIIBE Yutaka
9c731bbedf agent: Fix agent_is_eddsa_key.
* agent/findkey.c (agent_is_eddsa_key): Implemented.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-01-16 09:07:11 +09:00
NIIBE Yutaka
c5e41f539b Add secp256k1.
* common/openpgp-oid.c (openpgp_curve_to_oid): Add secp256k1.
(openpgp_oid_to_curve): Likewise.

* g10/keygen.c (ask_curve): Add secp256k1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-01-15 15:00:24 +09:00
Werner Koch
927377bc91 speedo: Add support for gpgex.
--
Speedo is now able to build gpgex for Windows.  Building gpa for
Windows does not yet work due to a bunch of other dependencies.
2014-01-10 19:01:41 +01:00
Werner Koch
1dbf4a7573 speedo: Minor improvements.
--
2014-01-10 15:17:22 +01:00
Werner Koch
aedfa95bcc autogen.sh: Add rule for 64 bit windows. 2014-01-10 15:16:45 +01:00
Werner Koch
e7973d36d8 Turn autogen.sh into a generic script.
* autogen.sh: Revamp.
* autogen.rc: New.
* Makefile.am (EXTRA_DIST): Add autogen.rc.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-10 12:53:40 +01:00
Werner Koch
99a48b2fcd Rename scripts/ to build-aux/
* scripts/: Rename to build-aux/
* Makefile.am: Adjust accordingly.
* configure.ac (AC_CONFIG_AUX_DIR): Change to build-aux.
2014-01-10 11:11:13 +01:00
Werner Koch
a55ffb9da9 Improve the speedo make script.
* scripts/gpg-w32-dev/README: Remove
* scripts/gpg-w32-dev/GNUmakefile, scripts/gpg-w32-dev/speedo.mk:
Merge into ..
* scripts/speedo.mk: this.
--

Speedo may now be used to build from GIT or tarballs and has a couple
of other improvements as well.  For best results the autogen.sh files
of all source package should be updated to the one used in gnupg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-09 20:10:36 +01:00
Werner Koch
5be8454480 autogen.sh: Add envvar AUTOGEN_SH_SILENT
--
2014-01-09 19:51:55 +01:00
Werner Koch
00d5d2204c gpgsplit: Allow building without zlib support.
* tools/gpgsplit.c [!HAVE_ZLIB]: Do not include zlib.h.
(handle_zlib): Build only if HAVE_ZLIB is defined.
(write_part): Support zlib and zip only if HAVE_ZLIB is defined.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-09 19:51:35 +01:00
Werner Koch
fa318406c9 w32: Fix backslash quoting in registry name.
* configure.ac (GNUPG_REGISTRY_DIR): Double backslashes.
2014-01-09 17:51:46 +01:00
Werner Koch
477aabaf75 Fix test for zlib.
* configure.ac (HAVE_ZLIB): Define only if found.
2014-01-09 15:36:35 +01:00
Werner Koch
aba53e9f96 Add --enable-silent-rules stuff.
* configure.ac: Add AM_SILENT_RULES.
2014-01-09 15:22:06 +01:00
Werner Koch
161ea8c822 Add i686-w64-mingw32 as w32 toolchain to autogen.sh.
--
2014-01-08 17:03:21 +01:00
Werner Koch
75ba215ebd w32: Add macro for the registry key.
* configure.ac (GNUPG_REGISTRY_DIR) [W32]: New ac-define.
* common/homedir.c (default_homedir): Use it.
* common/logging.c (do_logv): Use it.
2014-01-08 11:47:07 +01:00
Werner Koch
101a54add3 gpg: Change --show-session-key to print the session key earlier.
* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
--

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-12-11 10:20:15 +01:00
Werner Koch
59207a86e5 gpg: Change OID of Ed25519 and add Brainpool oids.
* common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for
Ed25519.  Add brainpool OIDs.
(openpgp_oid_to_curve): Ditto.
--

This change is required to the change in Libgcrypt.  Note that we will
likely use a different OpenPGP algorithm ID for EdDSA and thus the
current Ed25519 implementation will not stay with us.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-12-05 13:50:35 +01:00
Werner Koch
159d42ee6a common: Add put_membuf_printf.
* common/membuf.c (put_membuf_printf): New.
--

This is just a convenience function for easier code readability.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-29 15:37:23 +01:00
Werner Koch
2c9613f326 Add rendered versions of the gnupg logo to artwork.
--
2013-11-29 13:37:40 +01:00
Werner Koch
e951782e93 gpg: Change armor Version header to emit only the major version.
* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version
values.
--

GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-27 09:20:02 +01:00
Werner Koch
cc9a0b69b6 Make use of the *_NAME etc macros.
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.

* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
Werner Koch
798daaa1dd Add strusage macro replacement feature.
* common/argparse.c (writechar): New.
(writestrings): Add macro replacement feature.
(show_help): Remove specialized @EMAIL@ replacement.
* configure.ac (GNUPG_NAME, GPG_NAME, GPGSM_NAME): Define.
(GPG_AGENT_NAME, DIRMNGR_NAME, G13_NAME, GPGCONF_NAME): Define.
(GPGTAR_NAME, GPG_AGENT_INFO_NAME, GPG_AGENT_SOCK_NAME): Define.
(GPG_AGENT_SSH_SOCK_NAME, DIRMNGR_INFO_NAME): Define.
(DIRMNGR_SOCK_NAME): Define.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-18 13:46:52 +01:00
Werner Koch
5499942571 kbx: Implement update operation for OpenPGP keyblocks.
* kbx/keybox-update.c (keybox_update_keyblock): Implement.
* kbx/keybox-search.c (get_blob_flags): Move to ...
* kbx/keybox-defs.h (blob_get_type): here.
* kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB.
* g10/keydb.c (build_keyblock_image): Allow calling without
R_SIGSTATUS.
(keydb_update_keyblock): Implement for keybox.

* kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed
size.  Print "does not expire" also on 64 bit platforms.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-15 15:54:31 +01:00
Werner Koch
a0102a548d Fix minor compiler warnings.
--
2013-11-15 15:49:34 +01:00
Werner Koch
402aa0f948 gpg: Rework ECC support and add experimental support for Ed25519.
* agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
(agent_is_dsa_key): Ditto.
(agent_is_eddsa_key): New.  Not finished, though.
* agent/pksign.c (do_encode_eddsa): New.
(agent_pksign_do): Use gcry_log_debug functions.
* agent/protect.c (agent_protect): Parse a flags parameter.
* g10/keygen.c (gpg_curve_to_oid): Move to ...
* common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
(oid_ed25519): New.
(openpgp_oid_is_ed25519): New.
(openpgp_oid_to_curve): New.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
* g10/build-packet.c (gpg_mpi_write): Write the length header also for
opaque MPIs.
(gpg_mpi_write_nohdr): New.
(do_key): Use gpg_mpi_write_nohdr depending on algorithm.
(do_pubkey_enc): Ditto.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
gpg_mpi_write_nohdr.
* g10/export.c (transfer_format_to_openpgp):
* g10/keygen.c (ecckey_from_sexp): Return the error.
(gen_ecc): Repalce arg NBITS by CURVE.
(read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
(ask_curve): New.
(generate_keypair, generate_subkeypair): Use ask_curve.
(do_generate_keypair): Also pass curve name.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
curve name.
* g10/parse-packet.c (mpi_read): Remove workaround for
Libcgrypt < 1.5.
(parse_key): Fix ECC case.  Print the curve name.
* g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
(pk_verify, pk_check_secret_key): Add special case for Ed25519.
* g10/seskey.c (encode_md_value): Ditto.
* g10/sign.c (do_sign, hash_for, sign_file): Ditto.
--

Be warned that this code is subject to further changes and that the
format will very likely change before a release.  There are also known
bugs and missing code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-15 09:01:11 +01:00
Werner Koch
9ae48b173c kbx: Fix possible segv in kbxdump.
* kbx/keybox-dump.c (_keybox_dump_blob): Check length before get32.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-15 09:01:11 +01:00
Werner Koch
b27161cd0c Require Libgcrypt 1.6
* agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check
--

Now that we have decided on a release plan for Libgcrypt 1.6 and given
all the improvements it makes more sense to make use of these
improvements than to clutter the GnuPG code with workarounds for older
Libgcrypt versions.
2013-11-15 09:01:11 +01:00
NIIBE Yutaka
abd922e79b scd: more pinpad input fix for PC/SC.
* scd/apdu.c (check_pcsc_pinpad): Set default values here.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
values, as it's too late.

--

GnuPG-bug-id: 1549
2013-11-13 16:43:26 +09:00
NIIBE Yutaka
037dea9dd5 scd: more pinpad fix.
* scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
those are specified.
(pcsc_pinpad_modify): Remove old check code.

--

GnuPG-bug-id: 1549
2013-11-11 16:41:43 +09:00
NIIBE Yutaka
32989ad2b1 scd: pinpad fix for PC/SC on Windows.
* scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.
2013-10-29 09:07:05 +09:00
Werner Koch
a15c35f37e doc: Change yat2m to allow arbitrary condition names.
* doc/yat2m.c (MAX_CONDITION_NESTING): New.
(gpgone_defined): Remove.
(condition_s, condition_stack, condition_stack_idx): New.
(cond_is_active, cond_in_verbatim): New.
(add_predefined_macro, set_macro, macro_set_p): New.
(evaluate_conditions, push_condition, pop_condition): New.
(parse_file): Rewrite to use the condition stack.
(top_parse_file): Set prefined macros.
(main): Change -D to define arbitrary macros.
--

This change allows the use of other conditionals than "gpgone" and
thus make "gpgtwoone" et al. actually work.  It does now also track
conditionals over included files.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-28 07:26:05 +01:00
NIIBE Yutaka
de7e15c6b8 scd: fix pinpad input on Windows.
* scd/apdu.c (open_pcsc_reader_direct): Don't call
pcsc_vendor_specific_init here, but...
(connect_pcsc_card): Call it here.

--

Thanks to Martin Wolters for the bug report.
2013-10-25 09:57:31 +09:00
NIIBE Yutaka
b66158cac7 po: Update Japanese translation. 2013-10-23 14:44:27 +09:00
NIIBE Yutaka
5efcc2b8fe scd: add pinpad readers information for PC/SC service.
* scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN
Advance.

--
2013-10-16 09:52:18 +09:00
NIIBE Yutaka
e0ab665a79 scd: remove pin length check.
* scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin
length.

--
GnuPG-bug-id: 1549
2013-10-15 10:44:51 +09:00
Werner Koch
7c5d2909dd doc: Some gpg and gpgv clarifications.
--
GnuPG-bug-id: 1486, 1537
2013-10-04 14:31:35 +02:00
Werner Koch
e6175055fb gpg: Limit the nesting level of I/O filters.
* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.

* g10/mainproc.c (mainproc_context): New field ANY.  Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY.  Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--

This is a more general fix for the nested compression packet bug.  In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream.  This patch also reduces the
number of error messages for the non-import case.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 35e40e2d514223c950c2f6d1214e02e92d87e997)

Resolved conflicts:
	common/iobuf.c
	g10/mainproc.c
2013-10-04 14:05:59 +02:00
Werner Koch
0899f6d4be gpg: Fix bug with deeply nested compressed packets.
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-02 09:11:43 +02:00
Werner Koch
daba481fe7 Register DCO for Kyle Butt.
--
2013-10-01 14:40:46 +02:00
Werner Koch
6466db10fb Switch to deterministic DSA.
* agent/pksign.c (rfc6979_hash_algo_string): New.
(do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979.
--

Now that we have a good (and not NSA/NIST demanded ;-) specification
on how to use DSA without a random nonce, we take advantage of it and
thus avoid pitfalls related to a misbehaving RNG during signature
creation.

Note that OpenPGP has the option of using a longer hash algorithm but
truncated to what is suitable for the used DSA key size.  The hash
used as input to RFC-6979 will also be one with an appropriate digest
length but not a truncated one.  This is allowed by RFC-6979.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-09-08 11:25:58 +02:00
Werner Koch
244587ea41 scd: Suppress gcc warning about possible uninitialized use.
* scd/app-nks.c (parse_pwidstr): Always init r_pwid.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:28:26 +02:00
Werner Koch
4c3b35b067 gpg: Use 2048 as the default keysize in batch mode.
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:27:21 +02:00
Werner Koch
12990efb45 gpgtar: Fix building for systems with a separate libintl.
* tools/Makefile.am (gpgtar_LDADD): Add LIBINTL and LIBICONV.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:05:08 +02:00
Werner Koch
fc31d730d8 scd: Use vendor and product id macros also in apdu.c
* scd/ccid-driver.c: Move vendor and product ids to ...
* scd/ccid-driver.h: here.
* scd/apdu.c (CCID_DRIVER_INCLUDE_USB_IDS): Define to include ids.
(pcsc_vendor_specific_init): Use vendor and product id macros.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 09:28:17 +02:00
NIIBE Yutaka
95a3bffeaf scd: PC/SC pinpad input improvement.
* scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
PINPAD_VERLEN_SUPPORTED.
(CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
PCSCv2_PART10_PROPERTY_*): New.
(new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
(pcsc_vendor_specific_init): New.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
pcsc_vendor_specific_init.
(check_pcsc_pinpad): Not detect here but use the result of
pcsc_vendor_specific_init.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.

--

Signed-off-by: NIIBE Yutaka

--
2013-08-30 11:06:50 +09:00
Jonas Borgström
cc67918c08 scd: add support for RSA_CRT and RSA_CRT_N key import.
* scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.

--

Updates of original patch by wk:

  -      unsigned char *rsa_u, *rsa_dp, rsa_dq;
  +      unsigned char *rsa_u, *rsa_dp, *rsa_dq;

and AUTHORS.  Missing signed-off-by assumed due to DCO send the other
day.
2013-08-29 17:53:14 +02:00
Werner Koch
3adfaa9bee kbx: Add a few macros for easier readability.
* kbx/keybox-update.c (FILECOPY_INSERT)
(FILECOPY_DELETE, FILECOPY_UPDATE): New macros.  Replace numbers by
them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-29 17:39:35 +02:00
Werner Koch
fdbf76eee6 Fix commit 04e2c83f.
* agent/command-ssh.c (stream_read_string): Do not assign to a NULL
ptr.
2013-08-28 17:58:43 +02:00
Werner Koch
780ba32336 gpg: Make decryption with the OpenPGP card work.
* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt):  Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--

Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available.  Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 17:40:32 +02:00
Werner Koch
04e2c83f18 agent: Fix two compiler warnings.
* agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu
in format string.
* scd/ccid-driver.c (ccid_get_atr): Ditto.
* agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to
avoid maybe_unitialized warning.
--

Actually the first one might have been a problem on big endian
machines.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 13:04:31 +02:00