* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
--
Note that in the --encrypt and --verify cased other checks may kick in
earlier than this new --require-compliance controlled one.
* g10/Makefile.am (AM_CFLAGS): Reorder.
--
The more specific CLFAGS should come first so these are picked up
first. We really should improve the build system to enforce this
rule. In particular /usr/local/include should come after any more
specific location.
* tools/gpgtar.c: Replace assert by log_assert.
* tools/gpgtar-extract.c: Ditto.
(extract_regular): Create files with sysopen flag.
* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.
--
Note that for this change libgpg-error 1.45 is required for Windows.
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
--
Avoiding extra hash contexts speeds up CFB/MDC decryption quite
a lot. For example, decrypting symmetric-key AES-256 encrypted
4 GiB file from RAM to /dev/null sees ~3.4x speed increase on
AMD Ryzen 5800X:
AES256.CFB encryption: 783 MB/s
AES256.CFB decryption: 386 MB/s (before)
AES256.CFB encryption: 1.3 GB/s (after patch)
Note, AEAD is still significantly faster:
AES256.OCB encryption: 2.2 GB/s
AES256.OCB decryption: 3.0 GB/s
GnuPG-bug-id: T5820
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit ab177eed51)
Even 2.2 with the older Libgcrypt 1.8 gets a threefold speedup; see
https://dev.gnupg.org/T5820#155447 (AES-128 vs. AES-256 does not make
a substanial difference)
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (apdu_send_direct): Use lock_slot.
--
Cherry-pick the master commit of:
f808012ac2
With trylock_slot, it may return SW_HOST_BUSY. This may occur when
apdu_get_status is called by scd_update_reader_status_file.
Simply using lock_slot is much easier for user of apdu_send_direct.
GnuPG-bug-id: 5831
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpgconf-comp.c: Remove "quiet" and two unsupported options
--
The --quiet option is not intended for config files and thus should
not be displayed by config dialogs.
--
Note that for this LTS version we now print g10 Code as the first
copyright holder with --version. This is to avoid confusion at our
customers, now that we also provide a Linux^WGNU/Linux version of
GnuPG VS-Desktop and the Windows version has always shown g10 Code.
* tools/gpgconf.h (gc_component_id_t): Fix the order.
--
The order has not been adjusted here in 2.2 after we have changed the
order of the gc_components array to have a more logical layout of the
tabs in Gpa and Kleopatra's setting dialogs. In 2.3 everything is
correct, probably because we have another component (keyboxd) there.
* common/homedir.c (w32_try_mkdir): Remove.
(standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
(_gnupg_socketdir_internal): Ditto.
--
The w32_try_mkdir was once introduced for WindowsCE and unfortunately
at a too brief inspection it looks like it does the utf8->wchar
conversion. Which it does not. Thus I obviously never tested the
switch to from APPDATA to LOCAL_APPDATA with a non-ascii account name.
That might have been due to the use of the very same code for the
homedir - but there is other code in gpg to create the homedir; thus a
failure here is mostly fixed later.
The missing error diagnostic was - and is - on purpose to avoid such
error messages due to a race between several running gpg instances.
GnuPG-bug-id: 5537
* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
proxy in never-use-tor Mode.
* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
Windows.
--
This delay of 2 or 3 seconds is in particular annoying on Windows.
This is now suppressed, as it should be, if --no-use-tor is used.
The second patch is unrelated
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--
Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.
The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.
GnuPG-bug-id: 5794
* tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
invisible.
(known_options_dirmngr): Add "ldapserver".
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and makr it as obsolete.
--
We want to use "ldapserver" in dirmngr but need to keep using
"keyserver" in gpgsm for existant versions of Kleopatra etc.
GnuPG-bug-id: 5801
* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
have a default. Remove runtime flag.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
(known_options_gpg_agent): Add a few missing runtime flags. Remove
"options". Add "check-sym-passphrase-pattern".
(known_options_scdaemon, known_options_gpgsm): Remove "options".
(dirmngr): Ditto.
* tools/gpgconf-comp.c (is_known_option): Return only options having a
value for name. Thus we list list options from the known_options
tables.
* tools/gpgconf-comp.c: Remove assert.h and replace all assert calls
by log_assert.
(known_options_gpg): Add "keyserver" as invisible. Remove "options".
(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
(gc_component): Add field known_pseudo_options.
(struct read_line_wrapper_parm_s): New.
(read_line_wrapper): New.
(retrieve_options_from_program): Use read_line_wrapper to handle
pseudo options.
(retrieve_options_from_program): Ignore to be ignored options. Add
failsafe code to avoid calling percent_escape with NULL.
--
GnuPG-bug-id: 5341,5800
Due to reading the list of options from the argparser of the
component, we had no more information about the pseudo options and
thus could not emit them. Well, there is just one pseudo option right
now, but with this change we have a generalized concept for them:
Pseudo options are used to convey information from a component to
gpgconf; for example build-in values.
This is a combined backport of patches to master.
* common/argparse.c (gnupg_argparse): Set attribute flags
--
GnuPG-bug-id: 5799
This is a backport from the fix in libgpg-error in case gnupg 2.2 is
build against an older version of libgpg-error.
--
This fixes fatal errors reported by msgfmt which made the build fail.
Note: The other translation of "Please re-enter this passphrase" uses
"das Passwort" instead of "die Passphrase". I chose to keep the
translation using "das Passwort" which seems to be the preferred
translation of "passphrase" used in almost all German strings.
Fixes-commit: c54f7e154f
Cherry picking translations is dangerous. Sorting messages by msgid
should make it less dangerous and would make it much easier to spot
duplicates.
--
GnuPG-bug-id: 4777
This also fixes a bad fuzzy translation which accidently had been
commited without realizing that there was indeed a change (from
"... GnuPG" to "... %s").
(cherry picked from commit 5ed1567e7c)
* common/w32-reg.c (read_w32_registry_string): Add another fallback.
--
We use the same method in gpgme and libgpg-error since 2017 - should
be done here as well. Thus the fallback also happens if the key
exists but not the actual entry.
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--
GnuPG-bug-id: 5754
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr. Detect and store long file and link
names. Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--
GnuPG-bug-id: 5754
* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
the no_change flag for forced options.
(retrieve_options_from_program): Put the attributes into the option
table.
--
(cherry picked from commit 42785d7c8a)
This commit also marks the end of the back port as requested by
GnuPG-bug-id: 5732
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4c43fabbb0)
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9bc3e7ec03)
* g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
use ARGPARSE_ignore and remove the code in the option switch.
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 41eb5108ce)
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit daf5f4355d)
NIIBE Yutaka