1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

4575 Commits

Author SHA1 Message Date
Werner Koch
72137a4522 Register DCO for Andre Heinecke.
--
2014-09-20 11:59:25 +02:00
Werner Koch
34a3e458d0 Post beta release update.
--
2014-09-18 18:28:40 +02:00
Werner Koch
93f158df38 Release 2.1.0-beta834. gnupg-2.1.0-beta834 2014-09-18 17:57:09 +02:00
Werner Koch
72a16d80d4 speedo: Distribute needed files.
* Makefile.am (EXTRA_DIST): Add speedo stuff.
2014-09-18 17:55:40 +02:00
Werner Koch
345a8374f3 build: Enable gpgtar by default. 2014-09-18 17:32:36 +02:00
Werner Koch
927db789c1 common: Do not build maintainer modules in non-maintainer mode.
* common/Makefile.am (module_maint_tests): Use only in maintainer
mode.
(t_common_cflags): New.
2014-09-18 17:03:06 +02:00
Werner Koch
cad181b5ec common: Remove superfluous statements.
* common/exechelp-posix.c: Remove weak pragmas.
* common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
const.
--

We do not use Pth anymore and thus there is no more need for the weak
pragmas.
2014-09-18 16:01:11 +02:00
Werner Koch
6e7bcabd78 g13: Avoid segv after pipe creation failure.
* g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an
early error.
(gpg_decrypt_blob): Ditto.
2014-09-18 16:01:05 +02:00
Werner Koch
b17e8bbf20 scd: Fix int/short mismatch in format string of app-p15.c
* scd/app-p15.c (parse_certid): Use snprintf and cast value.
(send_certinfo): Ditto.
(send_keypairinfo): Ditto.
(do_getattr): Ditto.
2014-09-18 15:39:50 +02:00
Werner Koch
f82a6e0f08 agent: Init a local variable in the error case.
* agent/pksign.c (do_encode_md): Init HASH on error.
2014-09-18 15:32:17 +02:00
Werner Koch
4f35ef499a agent: Remove left over debug output.
* agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
output.
2014-09-18 15:28:40 +02:00
Werner Koch
ba6f8b3d9e agent: Silence compiler warning for a debug message.
* agent/call-pinentry.c (agent_query_dump_state): Use %p for
POPUP_TID.
2014-09-18 15:21:56 +02:00
Werner Koch
34b2e8c7dc sm: Silence compiler warnings.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I.
* sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler
warning.
2014-09-18 15:17:44 +02:00
Werner Koch
6a0c3fa19c gpg: Silence a compiler warning.
* g10/parse-packet.c (enum_sig_subpkt): Replace hack.
2014-09-18 15:09:10 +02:00
Werner Koch
327134934d gpg: Replace a hash algo test function.
* g10/gpg.c (print_mds): Replace openpgp_md_test_algo.
--

This is actually not required because as of now the used OpenPGP and
Gcrypt hash algorithm numbers are identical.  But that might change in
the future.

This changes the behavior of GnuPG in case it has been build with
some algorithms disabled: If those algorithms are available in
Libgcrypt, their results will be used printed anyway.
2014-09-18 14:56:39 +02:00
Werner Koch
0af533abd3 gpg: Re-indent a function.
--
2014-09-18 14:50:02 +02:00
Werner Koch
2f065d7ab6 speedo: Various fixes
* build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org.  Minor
other fixes.
2014-09-18 11:39:34 +02:00
Werner Koch
36125f9c30 speedo: Improve speedo Makefile.
--

Building for the native platform is now a mere

  make -f build-aux/speedo.mk native

You may also use "help" as target.
2014-09-17 22:16:53 +02:00
Werner Koch
3baf7a1652 po: Auto-update
--
2014-09-17 19:31:27 +02:00
Werner Koch
ae3d1bbb65 gpg: Print a warning if the subkey expiration may not be what you want.
* g10/keyedit.c (subkey_expire_warning): New.
(keyedit_menu): Call it when needed.
--
GnuPG-bug-id: 1715

The heuristic to detect a problem is not very advanced but it should
catch the most common cases.
2014-09-17 16:27:37 +02:00
Werner Koch
457bce5cd3 gpg: Improve passphrase caching.
* agent/cache.c (last_stored_cache_key): New.
(agent_get_cache): Allow NULL for KEY.
(agent_store_cache_hit): New.
* agent/findkey.c (unprotect): Call new function and try to use the
last stored key.

* g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
make_keysig_packet.
(gen_standard_revoke): Add arg CACHE_NONCE and pass to
create_revocation.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
cache nonce.
--

This patch adds two features:

1. The key for the last passphrase successfully used for unprotecting
a key is stored away.  On a cache miss the stored away passphrase is
tried as well.  This helps for the common GPG use case of having a
signing and encryption (sub)key with the same passphrase.  See the
code for more comments.

2. The now auto-generated revocation certificate does not anymore
popup a passphrase prompt.  Thus for standard key generation the
passphrase needs to be given only once (well, two with the
confirmation).
2014-09-17 15:12:08 +02:00
Werner Koch
83c2d2396c gpg: Use algorithm id 22 for EdDSA.
* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
--

In the hope that the IETF will eventually assign 22 for EdDSA using
the draft-koch-eddsa-for-openpgp-01 specs we start using this number.
2014-09-12 11:31:49 +02:00
Werner Koch
3a896db26d build: Require libgpg-error 1.15
--

1.14 had a problem in its ABI and was thus remove from the FTP Server
after 3 days. 1.15 fixes this.
2014-09-12 10:57:49 +02:00
Werner Koch
16ae4ca33e doc: Small grammar fix
--
2014-09-12 10:49:31 +02:00
Werner Koch
3d250d21d3 gpg: Stop early on bogus old style comment packets.
* g10/parse-packet.c (parse_key): Take care of too short packets for
old style commet packets.
--

GnuPG-bug-id: 1714
2014-09-11 16:40:45 +02:00
Werner Koch
84419f42da dirmngr: Support https for KS_FETCH.
* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
* dirmngr/misc.c (cert_log_cb): here.
* dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
and https.
--

Note that this requires that the root certificates are registered using
the --hkp-cacert option.  Eventually we may introduce a separate
option to allow using different CAs for KS_FETCH and keyserver based
requests.
2014-09-10 10:37:48 +02:00
Werner Koch
3b20cc21de dirmngr: Fix the ks_fetch command for the http scheme.
* common/http.c (http_session_ref): Allow for NULL arg.
--

We always test for a an existing session and thus passing NULL as
session object should be allowed.

Reported-by: Jens Lechtenboerger
2014-09-10 09:29:52 +02:00
Werner Koch
64329cce9a Merge branch 'wk/test-gpgrt-estream' 2014-09-08 19:26:02 +02:00
Werner Koch
98f65291d7 gpg: Fix memory leak in ECC encryption.
* g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
handling.
2014-09-08 18:25:06 +02:00
Werner Koch
a94674c54e doc: Remove some stuff for the very incomplete instguide.
--
2014-09-03 09:45:20 +02:00
Werner Koch
1449a22d2e doc: Typo fix
--
Debian-bug-id: 760273
2014-09-02 16:01:25 +02:00
Werner Koch
bf2fc12b83 gpg: Fix export of NIST ECC keys.
* common/openpgp-oid.c (struct oidtable): New.
(openpgp_curve_to_oid): Rewrite and allow OID as input.
(openpgp_oid_to_curve): Make use of the new table.
--

Due to the previous change we now usually store the OID with the
private key and not the name.  Thus during import we do not anymore
need to map the name to an oid but can use the oid directly.  We fix
that by extending openpgp_curve_to_oid to allow an oidstr as input.
2014-09-02 12:10:19 +02:00
Werner Koch
afe85582dd agent: Fix import of OpenPGP EdDSA keys.
* agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(apply_protection): Handle opaque MPIs.

(do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
unpacking an opaque mpi.
--

The key transfer protocol between gpg and gpg-agent uses gcrypt
algorithm numbers which merge all ECC algorithms into one.  Thus it is
not possible to use the algorithm number to determine the EdDSA
algorithm.  We need to known that because Libgcrypt requires the
"eddsa" flag with the curve "Ed25519" to actually use the Ed25519
signature specification.

The last fix is for correctness; the first case won't be used anyway.
2014-09-02 11:22:07 +02:00
Kyle Butt
4054d86abc gpg: Fix export of ecc secret keys by adjusting check ordering.
* g10/export.c (transfer_format_to_openpgp): Move the check against
PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of
parameters.
2014-09-01 10:20:17 +02:00
Werner Koch
c913e09ebd agent: Allow key unprotection using AES-256.
* agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for
clarity.
(do_decryption): Add args prot_cipher and prot_cipher_keylen.  USe
them instead of the hardwired values.
(agent_unprotect): Change to use a table of protection algorithms.
Add AES-256 variant.
--

This patch will make a possible future key protection algorithm
changes smoother.  AES-256 is also allowed although there is currently
no way to encrypt using it.
2014-09-01 10:15:21 +02:00
Werner Koch
b6386367ac speedo: Fix for non-Windows build of glib.
--
2014-09-01 10:10:30 +02:00
Werner Koch
be98b5960e gpg: Do not show "MD5" and triplicated "RSA" in --version.
* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.
2014-08-28 16:02:04 +02:00
Werner Koch
40ad42dbe3 gpg: Do not show "MD5" and triplicated "RSA" in --version.
* g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
(build_list_md_test_algo): Ignore MD5.
2014-08-28 16:01:22 +02:00
Werner Koch
15cfd9a3bc gpg: Remove CAST5 from the default prefs and order SHA-1 last.
* g10/keygen.c (keygen_set_std_prefs): Update prefs.
2014-08-26 23:20:07 +02:00
Werner Koch
519305feb8 Switch to the libgpg-error provided estream.
* configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
(GPGRT_ENABLE_ES_MACROS): Define.
(estream_INIT): Remove.
* m4/estream.m4: Remove.
* common/estream-printf.c, common/estream-printf.h: Remove.
* common/estream.c, common/estream.h: Remove.
* common/init.c (_init_common_subsystems): Call gpgrt initialization.
2014-08-26 17:47:54 +02:00
Werner Koch
a731c22952 gpg: Allow for positional parameters in the passphrase prompt.
* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
--

Without that at least the French translation does not always work
because it requires positional parameters.  Windows for example does
not support them as they are not defined by C99 but by POSIX.
2014-08-26 10:16:04 +02:00
Werner Koch
cb680c5ea5 gpg: Fix "can't handle public key algorithm" warning.
* g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign
capabilities.
2014-08-20 09:59:36 +02:00
Werner Koch
31649e72fd speedo: Get version numbers from online database.
* build-aux/getswdb.sh: New.
* build-aux/speedo.mk: Get release version numbers from swdb.lst.
--

This should make maintaining GnuPG installations easier.  Running

 make -f /foo/gnupg/build-aux/speedo.mk TARGETOS=native WHAT=release

downloads all GnuPG related packages and builds them.  The gnupg
directory may be a GIT checkout but in that case please run
./autogen.sh on it first.  Note that currently swdb.lst is always
downloaded from gnupg.org and thus monitoring the network or the gnupg
machine reveal information on who is currently building GnuPG.  If
there is an easy way to detect that TOR is enabled this can be changed
to directly download from the GnuPG hidden service.
2014-08-19 12:49:45 +02:00
Werner Koch
4fc1c712e9 build: Create VERSION file via autoconf.
* Makefile.am (dist-hook): Remove creation of VERSION.
(EXTRA_DIST): Add VERSION.
* configure.ac: Let autoconf create VERSION.
2014-08-19 11:12:26 +02:00
Werner Koch
e5da80bc18 gpg: Install the current release signing pubkey.
* g10/distsigkey.gpg: New.
--

This might be useful to help installing updates.
2014-08-18 16:38:13 +02:00
Werner Koch
3981ff15f3 agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.
* agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
* agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.
2014-08-18 15:42:54 +02:00
Werner Koch
3259862cb4 tests: Re-enable OpenPGP ecc test.
--
2014-08-18 12:55:54 +02:00
Werner Koch
e4aa006e48 kbx: Make user id and signature data optional for OpenPGP.
* kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction.
--

Although self-signature and key binding signatures are required by
OpenPGP, we should not enforce that in the storage backend.
2014-08-18 12:55:29 +02:00
Werner Koch
57df1121c1 gpg: Change default cipher for --symmetric from CAST5 to AES-128.
* g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES
depending on configure option.
* g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.
2014-08-18 11:45:00 +02:00
Werner Koch
425d075016 yat2m: Support @set and @value.
* doc/yat2m.c (variablelist): New.
(set_variable): New.
(macro_set_p): Also check the variables.
(proc_texi_cmd): Support the @value command.
(parse_file): Support the @set command.
(top_parse_file): Release variablelist.
2014-08-18 11:42:10 +02:00