From cvs at cvs.gnupg.org Mon Jun 2 12:29:54 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 02 Jun 2014 12:29:54 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.22-19-g88ac956 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 88ac9568364b399b896de2d6f2432b1cb73415a8 (commit) from b896fccaada0caf1987eb95ac99dd6b4ca609c4b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 88ac9568364b399b896de2d6f2432b1cb73415a8 Author: Werner Koch Date: Mon Jun 2 11:47:25 2014 +0200 gpg: Fix bug parsing a zero length user id. * g10/getkey.c (get_user_id): Do not call xmalloc with 0. * common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to pass 0 to the arguments. -- The problem did not occur in 1.x because over there the xmalloc makes sure to allocate at least one byte. With 2.x for most calls the xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead of silent allocating a byte. Thus gpg 2.x bailed out with an "Fatal: out of core while allocating 0 bytes". The extra code in xmalloc.c is for more robustness for the other xmalloc calls. (cherry picked from commit 99972bd6e9abea71f270284f49997de5f00208af) Resolved conflicts: g10/getkey.c - ignore whitespace changes. diff --git a/g10/getkey.c b/g10/getkey.c index 5e8c1c9..c0184c2 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3035,27 +3035,35 @@ get_long_user_id_string( u32 *keyid ) char* get_user_id( u32 *keyid, size_t *rn ) { - user_id_db_t r; - char *p; - int pass=0; + user_id_db_t r; + char *p; + int pass = 0; - /* try it two times; second pass reads from key resources */ - do { - for(r=user_id_db; r; r = r->next ) { - keyid_list_t a; - for (a=r->keyids; a; a= a->next ) { - if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] ) { - p = xmalloc( r->len ); - memcpy(p, r->name, r->len ); - *rn = r->len; - return p; - } - } - } - } while( ++pass < 2 && !get_pubkey( NULL, keyid ) ); - p = xstrdup( user_id_not_found_utf8 () ); - *rn = strlen(p); - return p; + /* Try it two times; second pass reads from key resources. */ + do + { + for (r = user_id_db; r; r = r->next) + { + keyid_list_t a; + for (a = r->keyids; a; a = a->next) + { + if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1]) + { + /* An empty string as user id is possible. Make + sure that the malloc allocates one byte and does + not bail out. */ + p = xmalloc (r->len? r->len : 1); + memcpy (p, r->name, r->len); + *rn = r->len; + return p; + } + } + } + } + while (++pass < 2 && !get_pubkey (NULL, keyid)); + p = xstrdup (user_id_not_found_utf8 ()); + *rn = strlen (p); + return p; } char* diff --git a/jnlib/xmalloc.c b/jnlib/xmalloc.c index eb6d5ab..244f764 100644 --- a/jnlib/xmalloc.c +++ b/jnlib/xmalloc.c @@ -36,7 +36,15 @@ out_of_core(void) void * xmalloc( size_t n ) { - void *p = malloc( n ); + void *p; + + /* Make sure that xmalloc (0) works. This is the same behaviour + has in gpg 2.x. Note that in contrast to this code, Libgcrypt + (and thus most xmallocs in gpg 2.x) detect the !n and bail out. */ + if (!n) + n = 1; + + p = malloc( n ); if( !p ) out_of_core(); return p; @@ -54,7 +62,14 @@ xrealloc( void *a, size_t n ) void * xcalloc( size_t n, size_t m ) { - void *p = calloc( n, m ); + void *p; + + if (!n) + n = 1; + if (!m) + m = 1; + + p = calloc( n, m ); if( !p ) out_of_core(); return p; ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 48 ++++++++++++++++++++++++++++-------------------- jnlib/xmalloc.c | 19 +++++++++++++++++-- 2 files changed, 45 insertions(+), 22 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 2 12:30:01 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 02 Jun 2014 12:30:01 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-426-g99972bd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 99972bd6e9abea71f270284f49997de5f00208af (commit) from 9e1c99f8009f056c39a7465b91912c136b248e8f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 99972bd6e9abea71f270284f49997de5f00208af Author: Werner Koch Date: Mon Jun 2 11:47:25 2014 +0200 gpg: Fix bug parsing a zero length user id. * g10/getkey.c (get_user_id): Do not call xmalloc with 0. * common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to pass 0 to the arguments. -- The problem did not occur in 1.x because over there the xmalloc makes sure to allocate at least one byte. With 2.x for most calls the xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead of silent allocating a byte. Thus gpg 2.x bailed out with an "Fatal: out of core while allocating 0 bytes". The extra code in xmalloc.c is for more robustness for the other xmalloc calls. diff --git a/common/xmalloc.c b/common/xmalloc.c index 999ec00..3378e48 100644 --- a/common/xmalloc.c +++ b/common/xmalloc.c @@ -47,7 +47,15 @@ out_of_core(void) void * xmalloc( size_t n ) { - void *p = malloc( n ); + void *p; + + /* Make sure that xmalloc (0) works. This is the same behaviour + has in gpg 2.x. Note that in contrast to this code, Libgcrypt + (and thus most xmallocs in gpg 2.x) detect the !n and bail out. */ + if (!n) + n = 1; + + p = malloc( n ); if( !p ) out_of_core(); return p; @@ -65,7 +73,14 @@ xrealloc( void *a, size_t n ) void * xcalloc( size_t n, size_t m ) { - void *p = calloc( n, m ); + void *p; + + if (!n) + n = 1; + if (!m) + m = 1; + + p = calloc( n, m ); if( !p ) out_of_core(); return p; diff --git a/g10/getkey.c b/g10/getkey.c index 458672a..707a106 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2775,7 +2775,10 @@ get_user_id (u32 * keyid, size_t * rn) { if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1]) { - p = xmalloc (r->len); + /* An empty string as user id is possible. Make + sure that the malloc allocates one byte and does + not bail out. */ + p = xmalloc (r->len? r->len : 1); memcpy (p, r->name, r->len); *rn = r->len; return p; ----------------------------------------------------------------------- Summary of changes: common/xmalloc.c | 19 +++++++++++++++++-- g10/getkey.c | 5 ++++- 2 files changed, 21 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 2 16:22:26 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 02 Jun 2014 16:22:26 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-428-g715285b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 715285bcbc12c024dbd9b633805189c09173e317 (commit) via 42c043a8ad542c131917879c9b458f234b4bb645 (commit) from 99972bd6e9abea71f270284f49997de5f00208af (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 715285bcbc12c024dbd9b633805189c09173e317 Author: Werner Koch Date: Mon Jun 2 16:02:30 2014 +0200 gpgsm: Handle re-issued CA certificates in a better way. * sm/certchain.c (find_up_search_by_keyid): Consider all matching certificates. (find_up): Add some debug messages. -- The DFN-Verein recently re-issued its CA certificates without generating new keys. Thus looking up the chain using the authority keyids works but may use still existing old certificates. This may break the CRL lookup in the Dirmngr. The hack to fix this is by using the latest issued certificate with the same subject key identifier. As usual Peter Gutman's X.509 style guide has some comments on that re-issuing. GnuPG-bug-id: 1644 diff --git a/sm/certchain.c b/sm/certchain.c index b51291d..5f5fd80 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -444,6 +444,8 @@ find_up_search_by_keyid (KEYDB_HANDLE kh, int rc; ksba_cert_t cert = NULL; ksba_sexp_t subj = NULL; + int anyfound = 0; + ksba_isotime_t not_before, last_not_before; keydb_search_reset (kh); while (!(rc = keydb_search_subject (kh, issuer))) @@ -460,10 +462,37 @@ find_up_search_by_keyid (KEYDB_HANDLE kh, if (!ksba_cert_get_subj_key_id (cert, NULL, &subj)) { if (!cmp_simple_canon_sexp (keyid, subj)) - break; /* Found matching cert. */ + { + /* Found matching cert. */ + rc = ksba_cert_get_validity (cert, 0, not_before); + if (rc) + { + log_error ("keydb_get_validity() failed: rc=%d\n", rc); + rc = -1; + break; + } + + if (!anyfound || strcmp (last_not_before, not_before) < 0) + { + /* This certificate is the first one found or newer + than the previous one. This copes with + re-issuing CA certificates while keeping the same + key information. */ + anyfound = 1; + gnupg_copy_time (last_not_before, not_before); + keydb_push_found_state (kh); + } + } } } + if (anyfound) + { + /* Take the last saved one. */ + keydb_pop_found_state (kh); + rc = 0; /* Ignore EOF or other error after the first cert. */ + } + ksba_cert_release (cert); xfree (subj); return rc? -1:0; @@ -606,6 +635,8 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, ksba_sexp_t keyid; int rc = -1; + if (DBG_X509) + log_debug ("looking for parent certificate\n"); if (!ksba_cert_get_auth_key_id (cert, &keyid, &authid, &authidno)) { const char *s = ksba_name_enum (authid, 0); @@ -615,6 +646,9 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, if (rc) keydb_search_reset (kh); + if (!rc && DBG_X509) + log_debug (" found via authid and sn+issuer\n"); + /* In case of an error, try to get the certificate from the dirmngr. That is done by trying to put that certifcate into the ephemeral DB and let the code below do the @@ -634,6 +668,9 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, rc = keydb_search_issuer_sn (kh, s, authidno); if (rc) keydb_search_reset (kh); + + if (!rc && DBG_X509) + log_debug (" found via authid and sn+issuer (ephem)\n"); } keydb_set_ephemeral (kh, old); } @@ -649,11 +686,15 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, subjectKeyIdentifier. */ /* Fixme: Should we also search in the dirmngr? */ rc = find_up_search_by_keyid (kh, issuer, keyid); + if (!rc && DBG_X509) + log_debug (" found via authid and keyid\n"); if (rc) { int old = keydb_set_ephemeral (kh, 1); if (!old) rc = find_up_search_by_keyid (kh, issuer, keyid); + if (!rc && DBG_X509) + log_debug (" found via authid and keyid (ephem)\n"); keydb_set_ephemeral (kh, old); } if (rc) @@ -678,11 +719,19 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, } if (rc) rc = -1; /* Need to make sure to have this error code. */ + + if (!rc && DBG_X509) + log_debug (" found via authid and issuer from dirmngr cache\n"); } /* If we still didn't found it, try an external lookup. */ if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next) - rc = find_up_external (ctrl, kh, issuer, keyid); + { + rc = find_up_external (ctrl, kh, issuer, keyid); + if (!rc && DBG_X509) + log_debug (" found via authid and external lookup\n"); + } + /* Print a note so that the user does not feel too helpless when an issuer certificate was found and gpgsm prints BAD @@ -733,11 +782,18 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, rc = keydb_search_subject (kh, issuer); } keydb_set_ephemeral (kh, old); + + if (!rc && DBG_X509) + log_debug (" found via issuer\n"); } /* Still not found. If enabled, try an external lookup. */ if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next) - rc = find_up_external (ctrl, kh, issuer, NULL); + { + rc = find_up_external (ctrl, kh, issuer, NULL); + if (!rc && DBG_X509) + log_debug (" found via issuer and external lookup\n"); + } return rc; } commit 42c043a8ad542c131917879c9b458f234b4bb645 Author: Werner Koch Date: Mon Jun 2 15:55:00 2014 +0200 gpgsm: Add a way to save a found state. * kbx/keybox-defs.h (keybox_found_s): New. (keybox_handle): Factor FOUND out to above. Add saved_found. * kbx/keybox-init.c (keybox_release): Release saved_found. (keybox_push_found_state, keybox_pop_found_state): New. * sm/keydb.c (keydb_handle): Add field saved_found. (keydb_new): Init it. (keydb_push_found_state, keydb_pop_found_state): New. diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h index f79c093..7bbcf83 100644 --- a/kbx/keybox-defs.h +++ b/kbx/keybox-defs.h @@ -85,6 +85,14 @@ struct keybox_name }; +struct keybox_found_s +{ + KEYBOXBLOB blob; + off_t offset; + size_t pk_no; + size_t uid_no; + unsigned int n_packets; /*used for delete and update*/ +}; struct keybox_handle { CONST_KB_NAME kb; @@ -93,13 +101,8 @@ struct keybox_handle { int eof; int error; int ephemeral; - struct { - KEYBOXBLOB blob; - off_t offset; - size_t pk_no; - size_t uid_no; - unsigned int n_packets; /*used for delete and update*/ - } found; + struct keybox_found_s found; + struct keybox_found_s saved_found; struct { char *name; char *pattern; diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index d329941..8ae3ec3 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -148,6 +148,7 @@ keybox_release (KEYBOX_HANDLE hd) hd->kb->handle_table[idx] = NULL; } _keybox_release_blob (hd->found.blob); + _keybox_release_blob (hd->saved_found.blob); if (hd->fp) { fclose (hd->fp); @@ -159,6 +160,35 @@ keybox_release (KEYBOX_HANDLE hd) } +/* Save the current found state in HD for later retrieval by + keybox_restore_found_state. Only one state may be saved. */ +void +keybox_push_found_state (KEYBOX_HANDLE hd) +{ + if (hd->saved_found.blob) + { + _keybox_release_blob (hd->saved_found.blob); + hd->saved_found.blob = NULL; + } + hd->saved_found = hd->found; + hd->found.blob = NULL; +} + + +/* Restore the saved found state in HD. */ +void +keybox_pop_found_state (KEYBOX_HANDLE hd) +{ + if (hd->found.blob) + { + _keybox_release_blob (hd->found.blob); + hd->found.blob = NULL; + } + hd->found = hd->saved_found; + hd->saved_found.blob = NULL; +} + + const char * keybox_get_resource_name (KEYBOX_HANDLE hd) { diff --git a/kbx/keybox.h b/kbx/keybox.h index 4c447a5..96c6db5 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -64,6 +64,8 @@ int keybox_is_writable (void *token); KEYBOX_HANDLE keybox_new (void *token, int secret); void keybox_release (KEYBOX_HANDLE hd); +void keybox_push_found_state (KEYBOX_HANDLE hd); +void keybox_pop_found_state (KEYBOX_HANDLE hd); const char *keybox_get_resource_name (KEYBOX_HANDLE hd); int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes); diff --git a/sm/keydb.c b/sm/keydb.c index 845ebba..d9eb2e0 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -56,6 +56,7 @@ static int used_resources; struct keydb_handle { int locked; int found; + int saved_found; int current; int is_ephemeral; int used; /* items in active */ @@ -265,6 +266,7 @@ keydb_new (int secret) hd = xcalloc (1, sizeof *hd); hd->found = -1; + hd->saved_found = -1; assert (used_resources <= MAX_KEYDB_RESOURCES); for (i=j=0; i < used_resources; i++) @@ -476,6 +478,58 @@ unlock_all (KEYDB_HANDLE hd) hd->locked = 0; } + + +/* Push the last found state if any. */ +void +keydb_push_found_state (KEYDB_HANDLE hd) +{ + if (!hd) + return; + + if (hd->found < 0 || hd->found >= hd->used) + { + hd->saved_found = -1; + return; + } + + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + keybox_push_found_state (hd->active[hd->found].u.kr); + break; + } + + hd->saved_found = hd->found; + hd->found = -1; +} + + +/* Pop the last found state. */ +void +keydb_pop_found_state (KEYDB_HANDLE hd) +{ + if (!hd) + return; + + hd->found = hd->saved_found; + hd->saved_found = -1; + if (hd->found < 0 || hd->found >= hd->used) + return; + + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + keybox_pop_found_state (hd->active[hd->found].u.kr); + break; + } +} + + /* Return the last found object. Caller must free it. The returned diff --git a/sm/keydb.h b/sm/keydb.h index 6e432f8..aec31c3 100644 --- a/sm/keydb.h +++ b/sm/keydb.h @@ -43,6 +43,8 @@ gpg_error_t keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value); gpg_error_t keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value); +void keydb_push_found_state (KEYDB_HANDLE hd); +void keydb_pop_found_state (KEYDB_HANDLE hd); int keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert); int keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert); int keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert); ----------------------------------------------------------------------- Summary of changes: kbx/keybox-defs.h | 17 +++++++++------ kbx/keybox-init.c | 30 ++++++++++++++++++++++++++ kbx/keybox.h | 2 ++ sm/certchain.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++--- sm/keydb.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++ sm/keydb.h | 2 ++ 6 files changed, 157 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 2 16:22:38 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 02 Jun 2014 16:22:38 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.22-21-g684b0bd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 684b0bd4bfb846d03a531385e2d1251391dee1f5 (commit) via 3121c4b6c17b19cbf2119d2658d69ce4cca908c6 (commit) from 88ac9568364b399b896de2d6f2432b1cb73415a8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 684b0bd4bfb846d03a531385e2d1251391dee1f5 Author: Werner Koch Date: Mon Jun 2 16:02:30 2014 +0200 gpgsm: Handle re-issued CA certificates in a better way. * sm/certchain.c (find_up_search_by_keyid): Consider all matching certificates. (find_up): Add some debug messages. -- The DFN-Verein recently re-issued its CA certificates without generating new keys. Thus looking up the chain using the authority keyids works but may use still existing old certificates. This may break the CRL lookup in the Dirmngr. The hack to fix this is by using the latest issued certificate with the same subject key identifier. As usual Peter Gutman's X.509 style guide has some comments on that re-issuing. GnuPG-bug-id: 1644 Resolved conflicts: sm/certchain.c - whitespace fixes. diff --git a/sm/certchain.c b/sm/certchain.c index 0023a98..1fbe9ca 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -23,7 +23,7 @@ #include #include #include -#include +#include #include #include #include @@ -193,7 +193,7 @@ has_validation_model_chain (ksba_cert_t cert, int listmode, estream_t listfp) if (opt.verbose) do_list (0, listmode, listfp, - _("validation model requested by certificate: %s"), + _("validation model requested by certificate: %s"), !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.1")? _("chain") : !strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.2")? _("shell") : /* */ oidbuf); @@ -274,9 +274,9 @@ unknown_criticals (ksba_cert_t cert, int listmode, estream_t fp) /* Check whether CERT is an allowed certificate. This requires that CERT matches all requirements for such a CA, i.e. the BasicConstraints extension. The function returns 0 on success and - the awlloed length of the chain at CHAINLEN. */ + the allowed length of the chain at CHAINLEN. */ static int -allowed_ca (ctrl_t ctrl, +allowed_ca (ctrl_t ctrl, ksba_cert_t cert, int *chainlen, int listmode, estream_t fp) { gpg_error_t err; @@ -327,7 +327,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) any_critical = !!strstr (policies, ":C"); if (!opt.policy_file) - { + { xfree (policies); if (any_critical) { @@ -358,7 +358,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) return gpg_error (GPG_ERR_NO_POLICY_MATCH); } - for (;;) + for (;;) { int c; char *p, line[256]; @@ -389,7 +389,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) fclose (fp); return tmperr; } - + if (!*line || line[strlen(line)-1] != '\n') { /* eat until end of line */ @@ -400,13 +400,13 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) return gpg_error (*line? GPG_ERR_LINE_TOO_LONG : GPG_ERR_INCOMPLETE_LINE); } - + /* Allow for empty lines and spaces */ for (p=line; spacep (p); p++) ; } while (!*p || *p == '\n' || *p == '#'); - + /* parse line */ for (allowed=line; spacep (allowed); allowed++) ; @@ -444,6 +444,8 @@ find_up_search_by_keyid (KEYDB_HANDLE kh, int rc; ksba_cert_t cert = NULL; ksba_sexp_t subj = NULL; + int anyfound = 0; + ksba_isotime_t not_before, last_not_before; keydb_search_reset (kh); while (!(rc = keydb_search_subject (kh, issuer))) @@ -460,10 +462,37 @@ find_up_search_by_keyid (KEYDB_HANDLE kh, if (!ksba_cert_get_subj_key_id (cert, NULL, &subj)) { if (!cmp_simple_canon_sexp (keyid, subj)) - break; /* Found matching cert. */ + { + /* Found matching cert. */ + rc = ksba_cert_get_validity (cert, 0, not_before); + if (rc) + { + log_error ("keydb_get_validity() failed: rc=%d\n", rc); + rc = -1; + break; + } + + if (!anyfound || strcmp (last_not_before, not_before) < 0) + { + /* This certificate is the first one found or newer + than the previous one. This copes with + re-issuing CA certificates while keeping the same + key information. */ + anyfound = 1; + gnupg_copy_time (last_not_before, not_before); + keydb_push_found_state (kh); + } + } } } - + + if (anyfound) + { + /* Take the last saved one. */ + keydb_pop_found_state (kh); + rc = 0; /* Ignore EOF or other error after the first cert. */ + } + ksba_cert_release (cert); xfree (subj); return rc? -1:0; @@ -493,7 +522,7 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh, int count = 0; char *pattern; const char *s; - + if (opt.verbose) log_info (_("looking up issuer at external location\n")); /* The Dirmngr process is confused about unknown attributes. As a @@ -515,7 +544,7 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh, if (opt.verbose) log_info (_("number of issuers matching: %d\n"), count); - if (rc) + if (rc) { log_error ("external key lookup failed: %s\n", gpg_strerror (rc)); rc = -1; @@ -556,7 +585,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh, char *pattern; (void)kh; - + if (opt.verbose) log_info (_("looking up issuer from the Dirmngr cache\n")); if (subject_mode) @@ -583,7 +612,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh, if (opt.verbose) log_info (_("number of matching certificates: %d\n"), count); - if (rc && !opt.quiet) + if (rc && !opt.quiet) log_info (_("dirmngr cache-only key lookup failed: %s\n"), gpg_strerror (rc)); return (!rc && count)? 0 : -1; @@ -598,7 +627,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh, keydb_get_cert on the keyDb context KH will return it. Returns 0 on success, -1 if not found or an error code. */ static int -find_up (ctrl_t ctrl, KEYDB_HANDLE kh, +find_up (ctrl_t ctrl, KEYDB_HANDLE kh, ksba_cert_t cert, const char *issuer, int find_next) { ksba_name_t authid; @@ -606,6 +635,8 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, ksba_sexp_t keyid; int rc = -1; + if (DBG_X509) + log_debug ("looking for parent certificate\n"); if (!ksba_cert_get_auth_key_id (cert, &keyid, &authid, &authidno)) { const char *s = ksba_name_enum (authid, 0); @@ -614,7 +645,10 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, rc = keydb_search_issuer_sn (kh, s, authidno); if (rc) keydb_search_reset (kh); - + + if (!rc && DBG_X509) + log_debug (" found via authid and sn+issuer\n"); + /* In case of an error, try to get the certificate from the dirmngr. That is done by trying to put that certifcate into the ephemeral DB and let the code below do the @@ -627,17 +661,20 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, that in find_next mode because we can't keep the search state then. */ if (rc == -1 && !find_next) - { + { int old = keydb_set_ephemeral (kh, 1); if (!old) { rc = keydb_search_issuer_sn (kh, s, authidno); if (rc) keydb_search_reset (kh); + + if (!rc && DBG_X509) + log_debug (" found via authid and sn+issuer (ephem)\n"); } keydb_set_ephemeral (kh, old); } - if (rc) + if (rc) rc = -1; /* Need to make sure to have this error code. */ } @@ -649,14 +686,18 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, subjectKeyIdentifier. */ /* Fixme: Should we also search in the dirmngr? */ rc = find_up_search_by_keyid (kh, issuer, keyid); + if (!rc && DBG_X509) + log_debug (" found via authid and keyid\n"); if (rc) { int old = keydb_set_ephemeral (kh, 1); if (!old) rc = find_up_search_by_keyid (kh, issuer, keyid); + if (!rc && DBG_X509) + log_debug (" found via authid and keyid (ephem)\n"); keydb_set_ephemeral (kh, old); } - if (rc) + if (rc) rc = -1; /* Need to make sure to have this error code. */ } @@ -676,13 +717,21 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, } keydb_set_ephemeral (kh, old); } - if (rc) + if (rc) rc = -1; /* Need to make sure to have this error code. */ + + if (!rc && DBG_X509) + log_debug (" found via authid and issuer from dirmngr cache\n"); } /* If we still didn't found it, try an external lookup. */ if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next) - rc = find_up_external (ctrl, kh, issuer, keyid); + { + rc = find_up_external (ctrl, kh, issuer, keyid); + if (!rc && DBG_X509) + log_debug (" found via authid and external lookup\n"); + } + /* Print a note so that the user does not feel too helpless when an issuer certificate was found and gpgsm prints BAD @@ -714,7 +763,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, ksba_name_release (authid); xfree (authidno); } - + if (rc) /* Not found via authorithyKeyIdentifier, try regular issuer name. */ rc = keydb_search_subject (kh, issuer); if (rc == -1 && !find_next) @@ -733,11 +782,18 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, rc = keydb_search_subject (kh, issuer); } keydb_set_ephemeral (kh, old); + + if (!rc && DBG_X509) + log_debug (" found via issuer\n"); } /* Still not found. If enabled, try an external lookup. */ if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next) - rc = find_up_external (ctrl, kh, issuer, NULL); + { + rc = find_up_external (ctrl, kh, issuer, NULL); + if (!rc && DBG_X509) + log_debug (" found via issuer and external lookup\n"); + } return rc; } @@ -748,7 +804,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh, int gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next) { - int rc = 0; + int rc = 0; char *issuer = NULL; char *subject = NULL; KEYDB_HANDLE kh = keydb_new (0); @@ -779,7 +835,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next) if (is_root_cert (start, issuer, subject)) { rc = -1; /* we are at the root */ - goto leave; + goto leave; } rc = find_up (ctrl, kh, start, issuer, 0); @@ -803,7 +859,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next) leave: xfree (issuer); xfree (subject); - keydb_release (kh); + keydb_release (kh); return rc; } @@ -850,20 +906,20 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn) that is the case this is a root certificate. */ ak_name_str = ksba_name_enum (ak_name, 0); if (ak_name_str - && !strcmp (ak_name_str, issuerdn) + && !strcmp (ak_name_str, issuerdn) && !cmp_simple_canon_sexp (ak_sn, serialno)) { result = 1; /* Right, CERT is self-signed. */ goto leave; - } - + } + /* Similar for the ak_keyid. */ if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid) && !cmp_simple_canon_sexp (ak_keyid, subj_keyid)) { result = 1; /* Right, CERT is self-signed. */ goto leave; - } + } leave: @@ -872,7 +928,7 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn) ksba_name_release (ak_name); ksba_free (ak_sn); ksba_free (serialno); - return result; + return result; } @@ -896,7 +952,7 @@ gpgsm_is_root_cert (ksba_cert_t cert) /* This is a helper for gpgsm_validate_chain. */ -static gpg_error_t +static gpg_error_t is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp, ksba_cert_t subject_cert, ksba_cert_t issuer_cert, int *any_revoked, int *any_no_crl, int *any_crl_too_old) @@ -905,13 +961,13 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp, if (opt.no_crl_check && !ctrl->use_ocsp) { - audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, + audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, gpg_error (GPG_ERR_NOT_ENABLED)); return 0; } err = gpgsm_dirmngr_isvalid (ctrl, - subject_cert, issuer_cert, + subject_cert, issuer_cert, force_ocsp? 2 : !!ctrl->use_ocsp); audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err); @@ -948,7 +1004,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp, "\"dirmngr\" is properly installed\n")); *any_crl_too_old = 1; break; - + default: do_list (1, lm, fp, _("checking the CRL failed: %s"), gpg_strerror (err)); @@ -963,7 +1019,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp, SUBJECT_CERT. The caller needs to pass EXPTIME which will be updated to the nearest expiration time seen. A DEPTH of 0 indicates the target certifciate, -1 the final root certificate and other - values intermediate certificates. */ + values intermediate certificates. */ static gpg_error_t check_validity_period (ksba_isotime_t current_time, ksba_cert_t subject_cert, @@ -993,7 +1049,7 @@ check_validity_period (ksba_isotime_t current_time, if (*not_before && strcmp (current_time, not_before) < 0 ) { - do_list (1, listmode, listfp, + do_list (1, listmode, listfp, depth == 0 ? _("certificate not yet valid") : depth == -1 ? _("root certificate not yet valid") : /* other */ _("intermediate certificate not yet valid")); @@ -1004,8 +1060,8 @@ check_validity_period (ksba_isotime_t current_time, log_printf (")\n"); } return gpg_error (GPG_ERR_CERT_TOO_YOUNG); - } - + } + if (*not_after && strcmp (current_time, not_after) > 0 ) { do_list (opt.ignore_expiration?0:1, listmode, listfp, @@ -1022,8 +1078,8 @@ check_validity_period (ksba_isotime_t current_time, log_info ("WARNING: ignoring expiration\n"); else return gpg_error (GPG_ERR_CERT_EXPIRED); - } - + } + return 0; } @@ -1070,7 +1126,7 @@ check_validity_period_cm (ksba_isotime_t current_time, log_printf (")\n"); return gpg_error (GPG_ERR_BAD_CERT); } - + if (!*exptime) gnupg_copy_time (exptime, not_after); else if (strcmp (not_after, exptime) < 0 ) @@ -1078,7 +1134,7 @@ check_validity_period_cm (ksba_isotime_t current_time, if (strcmp (current_time, not_before) < 0 ) { - do_list (1, listmode, listfp, + do_list (1, listmode, listfp, depth == 0 ? _("certificate not yet valid") : depth == -1 ? _("root certificate not yet valid") : /* other */ _("intermediate certificate not yet valid")); @@ -1089,16 +1145,16 @@ check_validity_period_cm (ksba_isotime_t current_time, log_printf (")\n"); } return gpg_error (GPG_ERR_CERT_TOO_YOUNG); - } + } if (*check_time - && (strcmp (check_time, not_before) < 0 + && (strcmp (check_time, not_before) < 0 || strcmp (check_time, not_after) > 0)) { /* Note that we don't need a case for the root certificate because its own consitency has already been checked. */ do_list(opt.ignore_expiration?0:1, listmode, listfp, - depth == 0 ? + depth == 0 ? _("signature not created during lifetime of certificate") : depth == 1 ? _("certificate not created during lifetime of issuer") : @@ -1135,7 +1191,7 @@ check_validity_period_cm (ksba_isotime_t current_time, static int ask_marktrusted (ctrl_t ctrl, ksba_cert_t cert, int listmode) { - static int no_more_questions; + static int no_more_questions; int rc; char *fpr; int success = 0; @@ -1143,7 +1199,7 @@ ask_marktrusted (ctrl_t ctrl, ksba_cert_t cert, int listmode) fpr = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA1); log_info (_("fingerprint=%s\n"), fpr? fpr : "?"); xfree (fpr); - + if (no_more_questions) rc = gpg_error (GPG_ERR_NOT_SUPPORTED); else @@ -1225,7 +1281,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, { if (!strcmp (checktime_arg, "19700101T000000")) { - do_list (1, listmode, listfp, + do_list (1, listmode, listfp, _("WARNING: creation time of signature not known - " "assuming current time")); gnupg_copy_time (check_time, current_time); @@ -1314,7 +1370,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, if (has_validation_model_chain (subject_cert, listmode, listfp)) rootca_flags->chain_model = 1; } - + /* Check the validity period. */ if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) ) @@ -1332,7 +1388,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, } else if (rc) goto leave; - + /* Assert that we understand all critical extensions. */ rc = unknown_criticals (subject_cert, listmode, listfp); @@ -1355,7 +1411,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, /* If this is the root certificate we are at the end of the chain. */ if (is_root) - { + { if (!istrusted_rc) ; /* No need to check the certificate for a trusted one. */ else if (gpgsm_check_cert_sig (subject_cert, subject_cert) ) @@ -1378,8 +1434,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, if (rc) goto leave; } - - + + /* Set the flag for qualified signatures. This flag is deduced from a list of root certificates allowed for qualified signatures. */ @@ -1388,15 +1444,15 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, gpg_error_t err; size_t buflen; char buf[1]; - - if (!ksba_cert_get_user_data (cert, "is_qualified", + + if (!ksba_cert_get_user_data (cert, "is_qualified", &buf, sizeof (buf), &buflen) && buflen) { /* We already checked this for this certificate, thus we simply take it from the user data. */ is_qualified = !!*buf; - } + } else { /* Need to consult the list of root certificates for @@ -1419,7 +1475,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, "is_qualified", buf, 1); if (err) log_error ("set_user_data(is_qualified) failed: %s\n", - gpg_strerror (err)); + gpg_strerror (err)); } } } @@ -1431,7 +1487,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, ; else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED) { - do_list (0, listmode, listfp, + do_list (0, listmode, listfp, _("root certificate is not marked trusted")); /* If we already figured out that the certificate is expired it does not make much sense to ask the user @@ -1443,12 +1499,12 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, && ask_marktrusted (ctrl, subject_cert, listmode) ) rc = 0; } - else + else { log_error (_("checking the trust list failed: %s\n"), gpg_strerror (rc)); } - + if (rc) goto leave; @@ -1456,9 +1512,9 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, if ((flags & VALIDATE_FLAG_NO_DIRMNGR)) ; else if (opt.no_trusted_cert_crl_check || rootca_flags->relax) - ; + ; else - rc = is_cert_still_valid (ctrl, + rc = is_cert_still_valid (ctrl, (flags & VALIDATE_FLAG_CHAIN_MODEL), listmode, listfp, subject_cert, subject_cert, @@ -1470,7 +1526,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, break; /* Okay: a self-signed certicate is an end-point. */ } /* End is_root. */ - + /* Take care that the chain does not get too long. */ if ((depth+1) > maxdepth) { @@ -1552,7 +1608,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, do_list (0, listmode, listfp, _("found another possible matching " "CA certificate - trying again")); - ksba_cert_release (issuer_cert); + ksba_cert_release (issuer_cert); issuer_cert = tmp_cert; goto try_another_cert; } @@ -1629,9 +1685,9 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, rc = 0; else if (is_root && (opt.no_trusted_cert_crl_check || (!istrusted_rc && rootca_flags->relax))) - rc = 0; + rc = 0; else - rc = is_cert_still_valid (ctrl, + rc = is_cert_still_valid (ctrl, (flags & VALIDATE_FLAG_CHAIN_MODEL), listmode, listfp, subject_cert, issuer_cert, @@ -1690,7 +1746,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, else if (any_no_policy_match) rc = gpg_error (GPG_ERR_NO_POLICY_MATCH); } - + leave: /* If we have traversed a complete chain up to the root we will reset the ephemeral flag for all these certificates. This is done @@ -1700,7 +1756,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, { gpg_error_t err; chain_item_t ci; - + for (ci = chain; ci; ci = ci->next) { /* Note that it is possible for the last certificate in the @@ -1714,7 +1770,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, ; else if (err) log_error ("clearing ephemeral flag failed: %s\n", - gpg_strerror (err)); + gpg_strerror (err)); } } @@ -1729,14 +1785,14 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, char buf[1]; buf[0] = !!is_qualified; - + for (ci = chain; ci; ci = ci->next) { err = ksba_cert_set_user_data (ci->cert, "is_qualified", buf, 1); if (err) { log_error ("set_user_data(is_qualified) failed: %s\n", - gpg_strerror (err)); + gpg_strerror (err)); if (!rc) rc = err; } @@ -1762,7 +1818,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, gnupg_copy_time (r_exptime, exptime); xfree (issuer); xfree (subject); - keydb_release (kh); + keydb_release (kh); while (chain) { chain_item_t ci_next = chain->next; @@ -1807,7 +1863,7 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime, *retflags = (flags & VALIDATE_FLAG_CHAIN_MODEL); memset (&rootca_flags, 0, sizeof rootca_flags); - rc = do_validate_chain (ctrl, cert, checktime, + rc = do_validate_chain (ctrl, cert, checktime, r_exptime, listmode, listfp, flags, &rootca_flags); if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED @@ -1816,17 +1872,17 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime, { do_list (0, listmode, listfp, _("switching to chain model")); rc = do_validate_chain (ctrl, cert, checktime, - r_exptime, listmode, listfp, + r_exptime, listmode, listfp, (flags |= VALIDATE_FLAG_CHAIN_MODEL), &rootca_flags); *retflags |= VALIDATE_FLAG_CHAIN_MODEL; } if (opt.verbose) - do_list (0, listmode, listfp, _("validation model used: %s"), + do_list (0, listmode, listfp, _("validation model used: %s"), (*retflags & VALIDATE_FLAG_CHAIN_MODEL)? _("chain"):_("shell")); - + return rc; } @@ -1843,7 +1899,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert) char *subject = NULL; KEYDB_HANDLE kh; ksba_cert_t issuer_cert = NULL; - + if (opt.no_chain_validation) { log_info ("WARNING: bypassing basic certificate checks\n"); @@ -1900,7 +1956,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert) rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT); goto leave; } - + ksba_cert_release (issuer_cert); issuer_cert = NULL; rc = keydb_get_cert (kh, &issuer_cert); if (rc) @@ -1930,7 +1986,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert) leave: xfree (issuer); xfree (subject); - keydb_release (kh); + keydb_release (kh); ksba_cert_release (issuer_cert); return rc; } @@ -1941,7 +1997,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert) authority for qualified signature. They do not set the basicConstraints and thus we need this workaround. It works by looking up the root certificate and checking whether that one is - listed as a qualified certificate for Germany. + listed as a qualified certificate for Germany. We also try to cache this data but as long as don't keep a reference to the certificate this won't be used. @@ -1967,7 +2023,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen) chainlen = &dummy_chainlen; *chainlen = 0; - err = ksba_cert_get_user_data (cert, "regtp_ca_chainlen", + err = ksba_cert_get_user_data (cert, "regtp_ca_chainlen", &buf, sizeof (buf), &buflen); if (!err) { @@ -2024,7 +2080,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen) "\x01\x00", 2); if (err) log_error ("ksba_set_user_data(%s) failed: %s\n", - "regtp_ca_chainlen", gpg_strerror (err)); + "regtp_ca_chainlen", gpg_strerror (err)); for (i=0; i < depth; i++) ksba_cert_release (array[i]); *chainlen = (depth>1? 0:1); @@ -2033,11 +2089,11 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen) leave: /* Nothing special with this certificate. Mark the target - certificate anyway to avoid duplicate lookups. */ + certificate anyway to avoid duplicate lookups. */ err = ksba_cert_set_user_data (cert, "regtp_ca_chainlen", "", 1); if (err) log_error ("ksba_set_user_data(%s) failed: %s\n", - "regtp_ca_chainlen", gpg_strerror (err)); + "regtp_ca_chainlen", gpg_strerror (err)); for (i=0; i < depth; i++) ksba_cert_release (array[i]); return 0; commit 3121c4b6c17b19cbf2119d2658d69ce4cca908c6 Author: Werner Koch Date: Mon Jun 2 15:55:00 2014 +0200 gpgsm: Add a way to save a found state. * kbx/keybox-defs.h (keybox_found_s): New. (keybox_handle): Factor FOUND out to above. Add saved_found. * kbx/keybox-init.c (keybox_release): Release saved_found. (keybox_push_found_state, keybox_pop_found_state): New. * sm/keydb.c (keydb_handle): Add field saved_found. (keydb_new): Init it. (keydb_push_found_state, keydb_pop_found_state): New. -- Resolved conflicts: kbx/keybox-defs.h - whitespace fixes. diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h index 626f3e5..728168d 100644 --- a/kbx/keybox-defs.h +++ b/kbx/keybox-defs.h @@ -54,7 +54,7 @@ typedef struct keyboxblob *KEYBOXBLOB; typedef struct keybox_name *KB_NAME; typedef struct keybox_name const *CONST_KB_NAME; -struct keybox_name +struct keybox_name { /* Link to the next resources, so that we can walk all resources. */ @@ -70,7 +70,7 @@ struct keybox_name entrues are set to NULL. HANDLE_TABLE may be NULL. */ KEYBOX_HANDLE *handle_table; size_t handle_table_size; - + /* Not yet used. */ int is_locked; @@ -82,6 +82,14 @@ struct keybox_name }; +struct keybox_found_s +{ + KEYBOXBLOB blob; + off_t offset; + size_t pk_no; + size_t uid_no; + unsigned int n_packets; /*used for delete and update*/ +}; struct keybox_handle { CONST_KB_NAME kb; @@ -89,14 +97,9 @@ struct keybox_handle { FILE *fp; int eof; int error; - int ephemeral; - struct { - KEYBOXBLOB blob; - off_t offset; - size_t pk_no; - size_t uid_no; - unsigned int n_packets; /*used for delete and update*/ - } found; + int ephemeral; + struct keybox_found_s found; + struct keybox_found_s saved_found; struct { char *name; char *pattern; @@ -215,7 +218,7 @@ void _keybox_free (void *p); #define STR2(v) STR(v) /* - a couple of handy macros + a couple of handy macros */ #define return_if_fail(expr) do { \ diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index e413864..53c1c50 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -148,6 +148,7 @@ keybox_release (KEYBOX_HANDLE hd) hd->kb->handle_table[idx] = NULL; } _keybox_release_blob (hd->found.blob); + _keybox_release_blob (hd->saved_found.blob); if (hd->fp) { fclose (hd->fp); @@ -159,6 +160,35 @@ keybox_release (KEYBOX_HANDLE hd) } +/* Save the current found state in HD for later retrieval by + keybox_restore_found_state. Only one state may be saved. */ +void +keybox_push_found_state (KEYBOX_HANDLE hd) +{ + if (hd->saved_found.blob) + { + _keybox_release_blob (hd->saved_found.blob); + hd->saved_found.blob = NULL; + } + hd->saved_found = hd->found; + hd->found.blob = NULL; +} + + +/* Restore the saved found state in HD. */ +void +keybox_pop_found_state (KEYBOX_HANDLE hd) +{ + if (hd->found.blob) + { + _keybox_release_blob (hd->found.blob); + hd->found.blob = NULL; + } + hd->found = hd->saved_found; + hd->saved_found.blob = NULL; +} + + const char * keybox_get_resource_name (KEYBOX_HANDLE hd) { diff --git a/kbx/keybox.h b/kbx/keybox.h index 4330694..e0d8c53 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -68,6 +68,8 @@ int keybox_is_writable (void *token); KEYBOX_HANDLE keybox_new (void *token, int secret); void keybox_release (KEYBOX_HANDLE hd); +void keybox_push_found_state (KEYBOX_HANDLE hd); +void keybox_pop_found_state (KEYBOX_HANDLE hd); const char *keybox_get_resource_name (KEYBOX_HANDLE hd); int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes); diff --git a/sm/keydb.c b/sm/keydb.c index 37f791e..5547405 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -56,6 +56,7 @@ static int used_resources; struct keydb_handle { int locked; int found; + int saved_found; int current; int is_ephemeral; int used; /* items in active */ @@ -265,6 +266,7 @@ keydb_new (int secret) hd = xcalloc (1, sizeof *hd); hd->found = -1; + hd->saved_found = -1; assert (used_resources <= MAX_KEYDB_RESOURCES); for (i=j=0; i < used_resources; i++) @@ -476,6 +478,58 @@ unlock_all (KEYDB_HANDLE hd) hd->locked = 0; } + + +/* Push the last found state if any. */ +void +keydb_push_found_state (KEYDB_HANDLE hd) +{ + if (!hd) + return; + + if (hd->found < 0 || hd->found >= hd->used) + { + hd->saved_found = -1; + return; + } + + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + keybox_push_found_state (hd->active[hd->found].u.kr); + break; + } + + hd->saved_found = hd->found; + hd->found = -1; +} + + +/* Pop the last found state. */ +void +keydb_pop_found_state (KEYDB_HANDLE hd) +{ + if (!hd) + return; + + hd->found = hd->saved_found; + hd->saved_found = -1; + if (hd->found < 0 || hd->found >= hd->used) + return; + + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + keybox_pop_found_state (hd->active[hd->found].u.kr); + break; + } +} + + #if 0 /* diff --git a/sm/keydb.h b/sm/keydb.h index a440c50..f51d79d 100644 --- a/sm/keydb.h +++ b/sm/keydb.h @@ -49,6 +49,8 @@ gpg_error_t keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value); gpg_error_t keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value); +void keydb_push_found_state (KEYDB_HANDLE hd); +void keydb_pop_found_state (KEYDB_HANDLE hd); int keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert); int keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert); int keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert); ----------------------------------------------------------------------- Summary of changes: kbx/keybox-defs.h | 25 +++--- kbx/keybox-init.c | 30 +++++++ kbx/keybox.h | 2 + sm/certchain.c | 228 +++++++++++++++++++++++++++++++++-------------------- sm/keydb.c | 54 +++++++++++++ sm/keydb.h | 2 + 6 files changed, 244 insertions(+), 97 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 2 17:36:17 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 02 Jun 2014 17:36:17 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.22-22-gce98935 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via ce989354fb7813022139838c26684a8db6d79ccf (commit) from 684b0bd4bfb846d03a531385e2d1251391dee1f5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ce989354fb7813022139838c26684a8db6d79ccf Author: Werner Koch Date: Mon Jun 2 17:33:18 2014 +0200 gpg: Simplify default key listing. * g10/mainproc.c (list_node): Rework. -- The old code still merged the first user id into the key packet line which resulted in all kind of complexity. --fixed-list-mode is meanwhile the default and thus we also change this part of the code. GnuPG-bug-id: 1640 diff --git a/g10/mainproc.c b/g10/mainproc.c index d399455..551ab58 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -917,7 +917,6 @@ print_userid( PACKET *pkt ) static void list_node( CTX c, KBNODE node ) { - int any=0; int mainkey; if( !node ) @@ -945,47 +944,55 @@ list_node( CTX c, KBNODE node ) if( mainkey && !opt.fast_list_mode ) putchar( get_ownertrust_info (pk) ); putchar(':'); - if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) { - putchar('\n'); any=1; - if( opt.fingerprint ) - print_fingerprint( pk, NULL, 0 ); - printf("rtv:1:%u:\n", - node->next->pkt->pkt.ring_trust->trustval ); - } - } + } else - printf("%s %4u%c/%s %s%s", - mainkey? "pub":"sub", nbits_from_pk( pk ), - pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ), - datestr_from_pk( pk ), mainkey?" ":""); + { + printf("%s %4u%c/%s %s", + mainkey? "pub":"sub", nbits_from_pk( pk ), + pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ), + datestr_from_pk (pk)); + } + + if (pk->is_revoked) + { + printf(" ["); + printf(_("revoked: %s"),revokestr_from_pk(pk)); + printf("]\n"); + } + else if (pk->expiredate && !opt.with_colons) + { + printf(" ["); + printf(_("expires: %s"),expirestr_from_pk(pk)); + printf("]\n"); + } + else + putchar ('\n'); + + if ((mainkey && opt.fingerprint) || opt.fingerprint > 1) + print_fingerprint (pk, NULL, 0); + + if (opt.with_colons) + { + if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST) + printf("rtv:1:%u:\n", node->next->pkt->pkt.ring_trust->trustval); + } if( mainkey ) { /* and now list all userids with their signatures */ for( node = node->next; node; node = node->next ) { if( node->pkt->pkttype == PKT_SIGNATURE ) { - if( !any ) { - if( node->pkt->pkt.signature->sig_class == 0x20 ) - puts("[revoked]"); - else - putchar('\n'); - any = 1; - } list_node(c, node ); } else if( node->pkt->pkttype == PKT_USER_ID ) { - if( any ) { - if( opt.with_colons ) - printf("%s:::::::::", - node->pkt->pkt.user_id->attrib_data?"uat":"uid"); - else - printf( "uid%*s", 28, "" ); - } + if( opt.with_colons ) + printf("%s:::::::::", + node->pkt->pkt.user_id->attrib_data?"uat":"uid"); + else + printf( "uid%*s", 28, "" ); print_userid( node->pkt ); if( opt.with_colons ) putchar(':'); putchar('\n'); - if( opt.fingerprint && !any ) - print_fingerprint( pk, NULL, 0 ); if( opt.with_colons && node->next && node->next->pkt->pkttype == PKT_RING_TRUST ) { @@ -993,38 +1000,12 @@ list_node( CTX c, KBNODE node ) node->next->pkt->pkt.ring_trust? node->next->pkt->pkt.ring_trust->trustval : 0); } - any=1; } else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { - if( !any ) { - putchar('\n'); - any = 1; - } - list_node(c, node ); + list_node(c, node ); } } } - else - { - /* of subkey */ - if( pk->is_revoked ) - { - printf(" ["); - printf(_("revoked: %s"),revokestr_from_pk(pk)); - printf("]"); - } - else if( pk->expiredate ) - { - printf(" ["); - printf(_("expires: %s"),expirestr_from_pk(pk)); - printf("]"); - } - } - - if( !any ) - putchar('\n'); - if( !mainkey && opt.fingerprint > 1 ) - print_fingerprint( pk, NULL, 0 ); } else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) ) || node->pkt->pkttype == PKT_SECRET_SUBKEY ) { @@ -1040,55 +1021,39 @@ list_node( CTX c, KBNODE node ) sk->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], colon_datestr_from_sk( sk ), - colon_strtime (sk->expiredate) - /* fixme: add LID */ ); + colon_strtime (sk->expiredate)); } else printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb", nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), keystr_from_sk( sk ), datestr_from_sk( sk )); + + putchar ('\n'); + if ((mainkey && opt.fingerprint) || opt.fingerprint > 1) + print_fingerprint (NULL, sk,0); + if( mainkey ) { /* and now list all userids with their signatures */ for( node = node->next; node; node = node->next ) { if( node->pkt->pkttype == PKT_SIGNATURE ) { - if( !any ) { - if( node->pkt->pkt.signature->sig_class == 0x20 ) - puts("[revoked]"); - else - putchar('\n'); - any = 1; - } list_node(c, node ); } else if( node->pkt->pkttype == PKT_USER_ID ) { - if( any ) { - if( opt.with_colons ) - printf("%s:::::::::", - node->pkt->pkt.user_id->attrib_data?"uat":"uid"); - else - printf( "uid%*s", 28, "" ); - } + if( opt.with_colons ) + printf("%s:::::::::", + node->pkt->pkt.user_id->attrib_data?"uat":"uid"); + else + printf( "uid%*s", 28, "" ); print_userid( node->pkt ); if( opt.with_colons ) putchar(':'); putchar('\n'); - if( opt.fingerprint && !any ) - print_fingerprint( NULL, sk, 0 ); - any=1; } else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { - if( !any ) { - putchar('\n'); - any = 1; - } - list_node(c, node ); + list_node(c, node ); } } } - if( !any ) - putchar('\n'); - if( !mainkey && opt.fingerprint > 1 ) - print_fingerprint( NULL, sk, 0 ); } else if( node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; ----------------------------------------------------------------------- Summary of changes: g10/mainproc.c | 133 +++++++++++++++++++++----------------------------------- 1 file changed, 49 insertions(+), 84 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 2 18:35:57 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 02 Jun 2014 18:35:57 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.22-23-g6af1940 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 6af194038aebac71d539b3aa40465c8110591829 (commit) from ce989354fb7813022139838c26684a8db6d79ccf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6af194038aebac71d539b3aa40465c8110591829 Author: Werner Koch Date: Mon Jun 2 18:38:04 2014 +0200 gpg: Graceful skip reading of corrupt MPIs. * g10/parse-packet.c (mpi_read): Change error message on overflow. -- This gets gpg 2.x in sync to what gpg 1.4 does. No need to die for a broken MPI. GnuPG-bug-id: 1593 diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 11480dd..ab4655d 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -111,24 +111,31 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure) /*FIXME: Needs to be synced with gnupg14/mpi/mpicoder.c*/ int c, c1, c2, i; + unsigned int nmax = *ret_nread; unsigned int nbits, nbytes; size_t nread = 0; gcry_mpi_t a = NULL; byte *buf = NULL; byte *p; + if (!nmax) + goto overflow; + if ( (c = c1 = iobuf_get (inp)) == -1 ) goto leave; + if (++nread == nmax) + goto overflow; nbits = c << 8; if ( (c = c2 = iobuf_get (inp)) == -1 ) goto leave; + ++nread; nbits |= c; if ( nbits > MAX_EXTERN_MPI_BITS ) { log_error("mpi too large (%u bits)\n", nbits); goto leave; } - nread = 2; + nbytes = (nbits+7) / 8; buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2); p = buf; @@ -137,6 +144,8 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure) for ( i=0 ; i < nbytes; i++ ) { p[i+2] = iobuf_get(inp) & 0xff; + if (nread == nmax) + goto overflow; nread++; } @@ -152,12 +161,15 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure) a = NULL; } + *ret_nread = nread; + gcry_free(buf); + return a; + + overflow: + log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax); leave: + *ret_nread = nread; gcry_free(buf); - if ( nread > *ret_nread ) - log_bug ("mpi larger than packet"); - else - *ret_nread = nread; return a; } ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 2 19:52:36 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 02 Jun 2014 19:52:36 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-431-g958e5f2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 958e5f292fa3f8e127f54bc088c56780c564dcae (commit) via f3249b1c4d0f2e9e0e8956042677e47fc9c6f6c0 (commit) via d9cde7ba7d4556b216f062d0cf92d60cbb204b00 (commit) from 715285bcbc12c024dbd9b633805189c09173e317 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 958e5f292fa3f8e127f54bc088c56780c564dcae Author: Werner Koch Date: Mon Jun 2 19:51:23 2014 +0200 gpg: Avoid NULL-deref in default key listing. * g10/keyid.c (hash_public_key): Take care of NULL keys. * g10/misc.c (pubkey_nbits): Ditto. -- This problem was mainly due to our ECC code while checking for opaque MPIs with the curve name. diff --git a/g10/keyid.c b/g10/keyid.c index 2883af1..9c94bd6 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -167,7 +167,15 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk) { for (i=0; i < npkey; i++ ) { - if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE)) + if (!pk->pkey[i]) + { + /* This case may only happen if the parsing of the MPI + failed but the key was anyway created. May happen + during "gpg KEYFILE". */ + pp[i] = NULL; + nn[i] = 0; + } + else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE)) { const void *p; diff --git a/g10/misc.c b/g10/misc.c index 54ddad2..e219d76 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1628,46 +1628,54 @@ pubkey_get_nenc (pubkey_algo_t algo) unsigned int pubkey_nbits( int algo, gcry_mpi_t *key ) { - int rc, nbits; - gcry_sexp_t sexp; + int rc, nbits; + gcry_sexp_t sexp; - if( algo == PUBKEY_ALGO_DSA ) { - rc = gcry_sexp_build ( &sexp, NULL, - "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", - key[0], key[1], key[2], key[3] ); + if (algo == PUBKEY_ALGO_DSA + && key[0] && key[1] && key[2] && key[3]) + { + rc = gcry_sexp_build (&sexp, NULL, + "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", + key[0], key[1], key[2], key[3] ); } - else if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E ) { - rc = gcry_sexp_build ( &sexp, NULL, - "(public-key(elg(p%m)(g%m)(y%m)))", - key[0], key[1], key[2] ); + else if ((algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E) + && key[0] && key[1] && key[2]) + { + rc = gcry_sexp_build (&sexp, NULL, + "(public-key(elg(p%m)(g%m)(y%m)))", + key[0], key[1], key[2] ); } - else if( is_RSA (algo) ) { - rc = gcry_sexp_build ( &sexp, NULL, - "(public-key(rsa(n%m)(e%m)))", - key[0], key[1] ); + else if (is_RSA (algo) + && key[0] && key[1]) + { + rc = gcry_sexp_build (&sexp, NULL, + "(public-key(rsa(n%m)(e%m)))", + key[0], key[1] ); } - else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH - || algo == PUBKEY_ALGO_EDDSA) { - char *curve = openpgp_oid_to_str (key[0]); - if (!curve) - rc = gpg_error_from_syserror (); - else - { - rc = gcry_sexp_build (&sexp, NULL, - "(public-key(ecc(curve%s)(q%m)))", - curve, key[1]); - xfree (curve); - } + else if ((algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH + || algo == PUBKEY_ALGO_EDDSA) + && key[0] && key[1]) + { + char *curve = openpgp_oid_to_str (key[0]); + if (!curve) + rc = gpg_error_from_syserror (); + else + { + rc = gcry_sexp_build (&sexp, NULL, + "(public-key(ecc(curve%s)(q%m)))", + curve, key[1]); + xfree (curve); + } } - else - return 0; + else + return 0; - if ( rc ) - BUG (); + if (rc) + BUG (); - nbits = gcry_pk_get_nbits( sexp ); - gcry_sexp_release( sexp ); - return nbits; + nbits = gcry_pk_get_nbits (sexp); + gcry_sexp_release (sexp); + return nbits; } commit f3249b1c4d0f2e9e0e8956042677e47fc9c6f6c0 Author: Werner Koch Date: Mon Jun 2 19:50:18 2014 +0200 gpg: Simplify default key listing. * g10/mainproc.c (list_node): Rework. -- GnuPG-bug-id: 1640 diff --git a/g10/mainproc.c b/g10/mainproc.c index 28bb05e..890c0a4 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -921,267 +921,203 @@ print_userid( PACKET *pkt ) static void list_node( CTX c, KBNODE node ) { - int any=0; - int mainkey; - char pkstrbuf[PUBKEY_STRING_SIZE]; + int mainkey; + char pkstrbuf[PUBKEY_STRING_SIZE]; - if( !node ) - ; - else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) ) - || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { - PKT_public_key *pk = node->pkt->pkt.public_key; + if (!node) + ; + else if ((mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY)) + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + { + PKT_public_key *pk = node->pkt->pkt.public_key; - if( opt.with_colons ) - { - u32 keyid[2]; - keyid_from_pk( pk, keyid ); - if( mainkey ) - c->trustletter = opt.fast_list_mode? - 0 : get_validity_info( pk, NULL ); - printf("%s:", mainkey? "pub":"sub" ); - if( c->trustletter ) - putchar( c->trustletter ); - printf(":%u:%d:%08lX%08lX:%s:%s::", - nbits_from_pk( pk ), - pk->pubkey_algo, - (ulong)keyid[0],(ulong)keyid[1], - colon_datestr_from_pk( pk ), - colon_strtime (pk->expiredate) ); - if( mainkey && !opt.fast_list_mode ) - putchar( get_ownertrust_info (pk) ); - putchar(':'); - if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) { - putchar('\n'); any=1; - if( opt.fingerprint ) - print_fingerprint (NULL, pk, 0); - printf("rtv:1:%u:\n", - node->next->pkt->pkt.ring_trust->trustval ); - } - } - else - printf("%s %s/%s %s%s", - mainkey? "pub":"sub", - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr_from_pk( pk ), - datestr_from_pk( pk ), mainkey?" ":""); - - if( mainkey ) { - /* and now list all userids with their signatures */ - for( node = node->next; node; node = node->next ) { - if( node->pkt->pkttype == PKT_SIGNATURE ) { - if( !any ) { - if( node->pkt->pkt.signature->sig_class == 0x20 ) - puts("[revoked]"); - else - putchar('\n'); - any = 1; - } - list_node(c, node ); - } - else if( node->pkt->pkttype == PKT_USER_ID ) { - if( any ) { - if( opt.with_colons ) - printf("%s:::::::::", - node->pkt->pkt.user_id->attrib_data?"uat":"uid"); - else - printf( "uid%*s", 28, "" ); - } - print_userid( node->pkt ); - if( opt.with_colons ) - putchar(':'); - putchar('\n'); - if( opt.fingerprint && !any ) - print_fingerprint (NULL, pk, 0 ); - if( opt.with_colons - && node->next - && node->next->pkt->pkttype == PKT_RING_TRUST ) { - printf("rtv:2:%u:\n", - node->next->pkt->pkt.ring_trust? - node->next->pkt->pkt.ring_trust->trustval : 0); - } - any=1; - } - else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { - if( !any ) { - putchar('\n'); - any = 1; - } - list_node(c, node ); - } - } - } - else - { - /* of subkey */ - if( pk->flags.revoked ) - { - printf(" ["); - printf(_("revoked: %s"),revokestr_from_pk(pk)); - printf("]"); - } - else if( pk->expiredate ) - { - printf(" ["); - printf(_("expires: %s"),expirestr_from_pk(pk)); - printf("]"); - } - } + if (opt.with_colons) + { + u32 keyid[2]; + + keyid_from_pk( pk, keyid ); + if (mainkey) + c->trustletter = (opt.fast_list_mode? + 0 : get_validity_info( pk, NULL)); + es_printf ("%s:", mainkey? "pub":"sub" ); + if (c->trustletter) + es_putc (c->trustletter, es_stdout); + es_printf (":%u:%d:%08lX%08lX:%s:%s::", + nbits_from_pk( pk ), + pk->pubkey_algo, + (ulong)keyid[0],(ulong)keyid[1], + colon_datestr_from_pk( pk ), + colon_strtime (pk->expiredate) ); + if (mainkey && !opt.fast_list_mode) + es_putc (get_ownertrust_info (pk), es_stdout); + es_putc (':', es_stdout); + } + else + es_printf ("%s %s/%s %s", + mainkey? "pub":"sub", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr_from_pk (pk), + datestr_from_pk (pk)); - if( !any ) - putchar('\n'); - if( !mainkey && opt.fingerprint > 1 ) - print_fingerprint (NULL, pk, 0); + if (pk->flags.revoked) + { + es_printf (" ["); + es_printf (_("revoked: %s"), revokestr_from_pk (pk)); + es_printf ("]\n"); + } + else if( pk->expiredate && !opt.with_colons) + { + es_printf (" ["); + es_printf (_("expires: %s"), expirestr_from_pk (pk)); + es_printf ("]\n"); + } + else + es_putc ('\n', es_stdout); + + if ((mainkey && opt.fingerprint) || opt.fingerprint > 1) + print_fingerprint (NULL, pk, 0); + + if (opt.with_colons) + { + if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST) + es_printf ("rtv:1:%u:\n", + node->next->pkt->pkt.ring_trust->trustval); + } + + if (mainkey) + { + /* Now list all userids with their signatures. */ + for (node = node->next; node; node = node->next) + { + if (node->pkt->pkttype == PKT_SIGNATURE) + { + list_node (c, node ); + } + else if (node->pkt->pkttype == PKT_USER_ID) + { + if (opt.with_colons) + es_printf ("%s:::::::::", + node->pkt->pkt.user_id->attrib_data?"uat":"uid"); + else + es_printf ("uid%*s", 28, "" ); + print_userid (node->pkt); + if (opt.with_colons) + es_putc (':', es_stdout); + es_putc ('\n', es_stdout); + if (opt.with_colons + && node->next + && node->next->pkt->pkttype == PKT_RING_TRUST) + { + es_printf ("rtv:2:%u:\n", + node->next->pkt->pkt.ring_trust? + node->next->pkt->pkt.ring_trust->trustval : 0); + } + } + else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + list_node(c, node ); + } + } + } } - else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) ) - || node->pkt->pkttype == PKT_SECRET_SUBKEY ) { + else if ((mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) ) + || node->pkt->pkttype == PKT_SECRET_SUBKEY) + { log_debug ("FIXME: No way to print secret key packets here\n"); - /* fixme: We may use a fucntion to trun a secret key packet into + /* fixme: We may use a fucntion to turn a secret key packet into a public key one and use that here. */ - /* PKT_secret_key *sk = node->pkt->pkt.secret_key; */ - - /* if( opt.with_colons ) */ - /* { */ - /* u32 keyid[2]; */ - /* keyid_from_sk( sk, keyid ); */ - /* printf("%s::%u:%d:%08lX%08lX:%s:%s:::", */ - /* mainkey? "sec":"ssb", */ - /* nbits_from_sk( sk ), */ - /* sk->pubkey_algo, */ - /* (ulong)keyid[0],(ulong)keyid[1], */ - /* colon_datestr_from_sk( sk ), */ - /* colon_strtime (sk->expiredate) */ - /* /\* fixme: add LID *\/ ); */ - /* } */ - /* else */ - /* printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb", */ - /* nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), */ - /* keystr_from_sk( sk ), datestr_from_sk( sk )); */ - /* if( mainkey ) { */ - /* /\* and now list all userids with their signatures *\/ */ - /* for( node = node->next; node; node = node->next ) { */ - /* if( node->pkt->pkttype == PKT_SIGNATURE ) { */ - /* if( !any ) { */ - /* if( node->pkt->pkt.signature->sig_class == 0x20 ) */ - /* puts("[revoked]"); */ - /* else */ - /* putchar('\n'); */ - /* any = 1; */ - /* } */ - /* list_node(c, node ); */ - /* } */ - /* else if( node->pkt->pkttype == PKT_USER_ID ) { */ - /* if( any ) { */ - /* if( opt.with_colons ) */ - /* printf("%s:::::::::", */ - /* node->pkt->pkt.user_id->attrib_data?"uat":"uid"); */ - /* else */ - /* printf( "uid%*s", 28, "" ); */ - /* } */ - /* print_userid( node->pkt ); */ - /* if( opt.with_colons ) */ - /* putchar(':'); */ - /* putchar('\n'); */ - /* if( opt.fingerprint && !any ) */ - /* print_fingerprint( NULL, sk, 0 ); */ - /* any=1; */ - /* } */ - /* else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { */ - /* if( !any ) { */ - /* putchar('\n'); */ - /* any = 1; */ - /* } */ - /* list_node(c, node ); */ - /* } */ - /* } */ - /* } */ - /* if( !any ) */ - /* putchar('\n'); */ - /* if( !mainkey && opt.fingerprint > 1 ) */ - /* print_fingerprint( NULL, sk, 0 ); */ } - else if( node->pkt->pkttype == PKT_SIGNATURE ) { - PKT_signature *sig = node->pkt->pkt.signature; - int is_selfsig = 0; - int rc2=0; - size_t n; - char *p; - int sigrc = ' '; + else if (node->pkt->pkttype == PKT_SIGNATURE) + { + PKT_signature *sig = node->pkt->pkt.signature; + int is_selfsig = 0; + int rc2 = 0; + size_t n; + char *p; + int sigrc = ' '; - if( !opt.verbose ) - return; + if (!opt.verbose) + return; - if( sig->sig_class == 0x20 || sig->sig_class == 0x30 ) - fputs("rev", stdout); - else - fputs("sig", stdout); - if( opt.check_sigs ) { - fflush(stdout); - rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL ); - switch (gpg_err_code (rc2)) { - case 0: sigrc = '!'; break; - case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break; - case GPG_ERR_NO_PUBKEY: - case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break; - default: sigrc = '%'; break; + if (sig->sig_class == 0x20 || sig->sig_class == 0x30) + es_fputs ("rev", es_stdout); + else + es_fputs ("sig", es_stdout); + if (opt.check_sigs) + { + fflush (stdout); + rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL); + switch (gpg_err_code (rc2)) + { + case 0: sigrc = '!'; break; + case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break; + case GPG_ERR_NO_PUBKEY: + case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break; + default: sigrc = '%'; break; } } - else { /* check whether this is a self signature */ - u32 keyid[2]; + else /* Check whether this is a self signature. */ + { + u32 keyid[2]; - if( c->list->pkt->pkttype == PKT_PUBLIC_KEY - || c->list->pkt->pkttype == PKT_SECRET_KEY ) - { - keyid_from_pk (c->list->pkt->pkt.public_key, keyid); + if (c->list->pkt->pkttype == PKT_PUBLIC_KEY + || c->list->pkt->pkttype == PKT_SECRET_KEY ) + { + keyid_from_pk (c->list->pkt->pkt.public_key, keyid); - if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) - is_selfsig = 1; - } + if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]) + is_selfsig = 1; + } } - if( opt.with_colons ) { - putchar(':'); - if( sigrc != ' ' ) - putchar(sigrc); - printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo, - (ulong)sig->keyid[0], (ulong)sig->keyid[1], - colon_datestr_from_sig(sig), - colon_expirestr_from_sig(sig)); - - if(sig->trust_depth || sig->trust_value) - printf("%d %d",sig->trust_depth,sig->trust_value); - printf(":"); - - if(sig->trust_regexp) - es_write_sanitized (es_stdout,sig->trust_regexp, - strlen(sig->trust_regexp), ":", NULL); - printf(":"); + + if (opt.with_colons) + { + es_putc (':', es_stdout); + if (sigrc != ' ') + es_putc (sigrc, es_stdout); + es_printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo, + (ulong)sig->keyid[0], (ulong)sig->keyid[1], + colon_datestr_from_sig (sig), + colon_expirestr_from_sig (sig)); + + if (sig->trust_depth || sig->trust_value) + es_printf ("%d %d",sig->trust_depth,sig->trust_value); + es_putc (':', es_stdout); + + if (sig->trust_regexp) + es_write_sanitized (es_stdout, sig->trust_regexp, + strlen (sig->trust_regexp), ":", NULL); + es_putc (':', es_stdout); } - else - printf("%c %s %s ", - sigrc, keystr(sig->keyid), datestr_from_sig(sig)); - if( sigrc == '%' ) - printf("[%s] ", g10_errstr(rc2) ); - else if( sigrc == '?' ) - ; - else if( is_selfsig ) { - if( opt.with_colons ) - putchar(':'); - fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout); - if( opt.with_colons ) - putchar(':'); + else + es_printf ("%c %s %s ", + sigrc, keystr (sig->keyid), datestr_from_sig(sig)); + if (sigrc == '%') + es_printf ("[%s] ", g10_errstr(rc2) ); + else if (sigrc == '?') + ; + else if (is_selfsig) + { + if (opt.with_colons) + es_putc (':', es_stdout); + es_fputs (sig->sig_class == 0x18? "[keybind]":"[selfsig]", es_stdout); + if (opt.with_colons) + es_putc (':', es_stdout); } - else if( !opt.fast_list_mode ) { - p = get_user_id( sig->keyid, &n ); - es_write_sanitized (es_stdout, p, n, - opt.with_colons?":":NULL, NULL ); - xfree(p); + else if (!opt.fast_list_mode) + { + p = get_user_id (sig->keyid, &n); + es_write_sanitized (es_stdout, p, n, + opt.with_colons?":":NULL, NULL ); + xfree (p); } - if( opt.with_colons ) - printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l'); - putchar('\n'); + if (opt.with_colons) + es_printf (":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l'); + es_putc ('\n', es_stdout); } - else - log_error("invalid node with packet of type %d\n", node->pkt->pkttype); + else + log_error ("invalid node with packet of type %d\n", node->pkt->pkttype); } commit d9cde7ba7d4556b216f062d0cf92d60cbb204b00 Author: Werner Koch Date: Mon Jun 2 18:38:04 2014 +0200 gpg: Graceful skip reading of corrupt MPIs. * g10/parse-packet.c (mpi_read): Change error message on overflow. -- This gets gpg 2.x in sync to what gpg 1.4 does. No need to die for a broken MPI. GnuPG-bug-id: 1593 Resolved conflicts: g10/parse-packet.c - whitespaces fixes. diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 424b052..26ca038 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -107,27 +107,32 @@ read_32 (IOBUF inp) static gcry_mpi_t mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure) { - /*FIXME: Needs to be synced with gnupg14/mpi/mpicoder.c */ - int c, c1, c2, i; + unsigned int nmax = *ret_nread; unsigned int nbits, nbytes; size_t nread = 0; gcry_mpi_t a = NULL; byte *buf = NULL; byte *p; + if (!nmax) + goto overflow; + if ((c = c1 = iobuf_get (inp)) == -1) goto leave; + if (++nread == nmax) + goto overflow; nbits = c << 8; if ((c = c2 = iobuf_get (inp)) == -1) goto leave; + ++nread; nbits |= c; if (nbits > MAX_EXTERN_MPI_BITS) { log_error ("mpi too large (%u bits)\n", nbits); goto leave; } - nread = 2; + nbytes = (nbits + 7) / 8; buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2); p = buf; @@ -136,18 +141,23 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure) for (i = 0; i < nbytes; i++) { p[i + 2] = iobuf_get (inp) & 0xff; + if (nread == nmax) + goto overflow; nread++; } if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread)) a = NULL; + *ret_nread = nread; + gcry_free(buf); + return a; + + overflow: + log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax); leave: - gcry_free (buf); - if (nread > *ret_nread) - log_bug ("mpi larger than packet (%zu/%u)", nread, *ret_nread); - else - *ret_nread = nread; + *ret_nread = nread; + gcry_free(buf); return a; } ----------------------------------------------------------------------- Summary of changes: g10/keyid.c | 10 +- g10/mainproc.c | 420 ++++++++++++++++++++++------------------------------ g10/misc.c | 74 ++++----- g10/parse-packet.c | 26 +++- 4 files changed, 246 insertions(+), 284 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 08:54:54 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 08:54:54 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-432-g50cd3d4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 50cd3d40aec3b94cfddec94361ed1aafc999d61b (commit) from 958e5f292fa3f8e127f54bc088c56780c564dcae (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 50cd3d40aec3b94cfddec94361ed1aafc999d61b Author: Werner Koch Date: Tue Jun 3 08:58:20 2014 +0200 doc: Minor texi updates. -- diff --git a/doc/gpg.texi b/doc/gpg.texi index bc12cbc..9463bb5 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1503,8 +1503,8 @@ mechanisms, in the order they are to be tried: required if @code{local} is also used. @item clear - Clear all defined mechanisms. This is usefule to override - mechanisms fiven in a config file. + Clear all defined mechanisms. This is useful to override + mechanisms given in a config file. @end table diff --git a/doc/tools.texi b/doc/tools.texi index 2a1d38f..32ab1e4 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -305,6 +305,7 @@ Reload all or the given component. This is basically the same as sending a SIGHUP to the component. Components which don't support reloading are ignored. + at ifset gpgtwoone @item --launch [@var{component}] @opindex launch If the @var{component} is not already running, start it. @@ -319,6 +320,7 @@ Kill the given component. Components which support killing are gpg-agent and scdaemon. Components which don't support reloading are ignored. Note that as of now reload and kill have the same effect for scdaemon. + at end ifset @end table ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 4 ++-- doc/tools.texi | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 11:00:07 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 11:00:07 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 6209c6d9ad00a17bef4780ff22f0e9f588343c00 (commit) via c18755a260ed9b261d4826650a3502a8e9317587 (commit) via 71b0cd534ba3843e1a56f5c1b0a34e45a008ae42 (commit) via d03df6885194a04f1e64967b45aaae60328ff009 (commit) via d7750a15d594f6d621e21d57fd5d45d6573870e0 (commit) via 2a415c47eaf65c47edbd98440f37b2c46354fd02 (commit) via 8a4bd132f73aaf1588fb03340392fe22dd8e18ed (commit) via 3d4a36c8c98a15a4c5237fe2d10475a14b4c170a (commit) via 3c3d1ab35d17bce46dac8f806a8ce2dc90ac06ee (commit) from 6af194038aebac71d539b3aa40465c8110591829 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6209c6d9ad00a17bef4780ff22f0e9f588343c00 Author: Werner Koch Date: Tue Jun 3 10:02:45 2014 +0200 Release 2.0.23 diff --git a/AUTHORS b/AUTHORS index c787c7c..17ef4bb 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,5 +1,5 @@ Program: GnuPG -Homepage: http://www.gnupg.org +Homepage: https://www.gnupg.org Maintainer: Werner Koch Bug reports: http://bugs.gnupg.org Security related bug reports: @@ -156,7 +156,7 @@ by Colin Tuckley and Daniel Leidert for the GNU/Debian distribution. Copyright ========= -GnuPG is distributed under the GNU General Public License, version 2 +GnuPG is distributed under the GNU General Public License, version 3 or later. A few files are under the Lesser General Public License, a few other files carry the all permissive license note as found at the bottom of this file. Certain files in keyserver/ allow one specific @@ -181,6 +181,7 @@ name gpg2keys_*. Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Free Software Foundation, Inc. + Copyright 1997, 1998, 2013, 2014 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/NEWS b/NEWS index 1388c5e..656f910 100644 --- a/NEWS +++ b/NEWS @@ -1,10 +1,30 @@ -Noteworthy changes in version 2.0.23 (unreleased) +Noteworthy changes in version 2.0.23 (2014-06-03) ------------------------------------------------- - * Do not create a trustdb file if --trust-model=always is used. + * gpg: Reject signatures made using the MD5 hash algorithm unless the + new option --allow-weak-digest-algos or --pgp2 are given. - * Only the major version number is by default included in the armored - output. + * gpg: Do not create a trustdb file if --trust-model=always is used. + + * gpg: Only the major version number is by default included in the + armored output. + + * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the + communication with the gpg-agent. + + * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more + aligned to the regular key listing ("gpg -k"). + + * gpg: The option--show-session-key prints its output now before the + decryption of the bulk message starts. + + * gpg: New %U expando for the photo viewer. + + * gpgsm: Improved handling of re-issued CA certificates. + + * scdaemon: Various fixes for pinpad equipped card readers. + + * Minor bug fixes. Noteworthy changes in version 2.0.22 (2013-10-04) diff --git a/README b/README index affb7da..7c4e906 100644 --- a/README +++ b/README @@ -1,10 +1,11 @@ - The GNU Privacy Guard 2 - ========================= - Version 2.0 + The GNU Privacy Guard + ======================= + Version 2.0 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Free Software Foundation, Inc. + Copyright 1997, 1998, 2013, 2014 Werner Koch INTRODUCTION @@ -108,7 +109,8 @@ dependency on other modules at run and build time. HOW TO GET MORE INFORMATION =========================== -The primary WWW page is "http://www.gnupg.org" +The primary WWW page is "https://www.gnupg.org" + or using TOR "http://ic6au7wa3f6naxjq.onion" The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" See http://www.gnupg.org/download/mirrors.html for a list of mirrors @@ -147,8 +149,12 @@ authors directly as we are busy working on improvements and bug fixes. The English and German mailing lists are watched by the authors and we try to answer questions when time allows us to do so. -Commercial grade support for GnuPG is available; please see -. +Commercial grade support for GnuPG is available; for a listing of +offers see https://www.gnupg.org/service.html . Maintaining and +improving GnuPG is costly. For more than a decade, g10 Code GmbH, a +German company owned and headed by GnuPG's principal author Werner +Koch, is bearing the majority of these costs. To help them carry on +this work, they need your support. See https://gnupg.org/donate/ . This file is Free Software; as a special exception the authors gives @@ -158,4 +164,3 @@ Commercial grade support for GnuPG is available; please see distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - commit c18755a260ed9b261d4826650a3502a8e9317587 Author: Werner Koch Date: Tue Jun 3 09:54:56 2014 +0200 po: Auto-update due to one new entry. -- diff --git a/po/be.po b/po/be.po index 960c598..b6b973c 100644 --- a/po/be.po +++ b/po/be.po @@ -4704,6 +4704,10 @@ msgstr "" msgid "NOTE: signature key %s has been revoked\n" msgstr "" +#, fuzzy, c-format +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "???????????????????? ??????-?????????????????? \"%s\"\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/ca.po b/po/ca.po index 8dd2ee4..06fb419 100644 --- a/po/ca.po +++ b/po/ca.po @@ -5153,6 +5153,11 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "NOTA: aquesta clau ha estat revocada!" #, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "signatura %s, algorisme de resum %s\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" "es supossa una signatura incorrecta de la clau %08lX a causa d'un bit cr??tic " diff --git a/po/cs.po b/po/cs.po index db44102..bdda65d 100644 --- a/po/cs.po +++ b/po/cs.po @@ -4808,6 +4808,11 @@ msgstr "POZN??MKA: podpisov??mu kl????i %s skon??ila platnost %s\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "POZN??MKA: podpisov?? kl???? %s byl odvol??n\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "podpis %s, hashovac?? algoritmus %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/da.po b/po/da.po index a9073c4..add5085 100644 --- a/po/da.po +++ b/po/da.po @@ -4803,6 +4803,11 @@ msgstr "BEM??RK: underskriftn??gle %s udl??b %s\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "BEM??RK: underskriftn??gle %s er blevet tilbagekaldt\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s underskrift, sammendragsalgoritme %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/de.po b/po/de.po index f9b4be7..515fd9e 100644 --- a/po/de.po +++ b/po/de.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.0.18\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2013-07-03 15:03+0200\n" +"PO-Revision-Date: 2014-06-03 09:53+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "Language: de\n" @@ -4904,6 +4904,10 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "Hinweis: Signaturschl??ssel %s wurde widerrufen\n" #, c-format +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "Hinweis: Signaturen mit dem %s Hashverfahren werden zur??ckgewiesen.\n" + +#, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" "Vermutlich eine FALSCHE Signatur von Schl??ssel %s, wegen unbekanntem " diff --git a/po/el.po b/po/el.po index 3035309..5a599ef 100644 --- a/po/el.po +++ b/po/el.po @@ -5036,6 +5036,11 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "????????: ?? ?????? ???? ?????????" #, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s ????????, ?????????? ????????? %s\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "??????? ????? ????????? ??? ?????? %08lX ???? ???????? ???????? bit\n" diff --git a/po/eo.po b/po/eo.po index c75f95b..9ef9625 100644 --- a/po/eo.po +++ b/po/eo.po @@ -4996,6 +4996,10 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "?losilo %08lX: ?losilo estas revokita!\n" #, fuzzy, c-format +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s-subskribo de: %s\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "supozas malbonan subskribon pro nekonata \"critical bit\"\n" diff --git a/po/es.po b/po/es.po index 2fcba6d..4457467 100644 --- a/po/es.po +++ b/po/es.po @@ -4833,6 +4833,11 @@ msgstr "NOTA: clave de la firma %s caducada el %s\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "NOTA: la clave de firmado %s ha sido revocada\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "firma %s, algoritmo de resumen %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/et.po b/po/et.po index 01d4496..9613faf 100644 --- a/po/et.po +++ b/po/et.po @@ -4961,6 +4961,11 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "M?RKUS: v?ti on t?histatud" #, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s allkiri, s?numil?hendi algoritm %s\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "eeldan tundmatu kriitilise biti t?ttu v?tmel %08lX vigast allkirja\n" diff --git a/po/fi.po b/po/fi.po index 05b0b17..19fe78c 100644 --- a/po/fi.po +++ b/po/fi.po @@ -5017,6 +5017,12 @@ msgstr "HUOM: allekirjoitusavain %08lX vanheni %s\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "HUOM: avain on mit??t??ity!" +# Ensimm??inen %s on binary, textmode tai unknown, ks. alla +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%sallekirjoitus, tiivistealgoritmi %s\n" + #, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/fr.po b/po/fr.po index 7a6d339..dd6c7bd 100644 --- a/po/fr.po +++ b/po/fr.po @@ -4932,6 +4932,11 @@ msgstr "Remarque??: la clef de signature %s a expir?? le %s\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "Remarque??: la clef de signature %s a ??t?? r??voqu??e\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "signature %s, algorithme de hachage %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/gl.po b/po/gl.po index 278ba8a..0df3729 100644 --- a/po/gl.po +++ b/po/gl.po @@ -5025,6 +5025,11 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "NOTA: a chave est? revocada" #, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "Sinatura %s, algoritmo de resumo %s\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" "asumindo unha sinatura incorrecta da chave %08lX debido a un bit cr?tico " diff --git a/po/hu.po b/po/hu.po index ddab0be..63ae157 100644 --- a/po/hu.po +++ b/po/hu.po @@ -4986,6 +4986,11 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "MEGJEGYZ?S: A kulcsot visszavont?k." #, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s al??r?s, %s kivonatol? algoritmus.\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" "Rossz al??r?st felt?telezek a %08lX kulcst?l egy ismeretlen\n" diff --git a/po/id.po b/po/id.po index 50e9c3a..5aadeeb 100644 --- a/po/id.po +++ b/po/id.po @@ -4986,6 +4986,11 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "CATATAN: kunci telah dibatalkan" #, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s signature, algoritma digest %s\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" "mengasumsikan signature buruk dari kunci %08lX karena ada bit kritik tidak " diff --git a/po/it.po b/po/it.po index 2335b60..8014132 100644 --- a/po/it.po +++ b/po/it.po @@ -5020,6 +5020,11 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "NOTA: la chiave ? stata revocata" #, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "Firma %s, algoritmo di digest %s\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" "si suppone una firma non valida della chiave %08lX a causa di un\n" diff --git a/po/ja.po b/po/ja.po index 9e454c7..c479e89 100644 --- a/po/ja.po +++ b/po/ja.po @@ -4713,6 +4713,11 @@ msgstr "*??????*: ?????????%s???%s??????????????????????????????\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "*??????*: ??? %s ?????????????????????\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s???????????????????????????????????????????????? %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "??????????????????????????????????????????????????????%s????????????????????????????????????\n" diff --git a/po/nb.po b/po/nb.po index a1d3778..8938541 100644 --- a/po/nb.po +++ b/po/nb.po @@ -4775,6 +4775,11 @@ msgstr "NOTIS: signaturn msgid "NOTE: signature key %s has been revoked\n" msgstr "NOTIS: signaturn?kkelen %s utgikk %s\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s signatur, digestalgoritme %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/pl.po b/po/pl.po index 6a87891..c38f573 100644 --- a/po/pl.po +++ b/po/pl.po @@ -4838,6 +4838,11 @@ msgstr "UWAGA: klucz podpisuj msgid "NOTE: signature key %s has been revoked\n" msgstr "UWAGA: klucz podpisuj?cy %s zosta? uniewa?niony\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "podpis %s, skr?t %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/pt.po b/po/pt.po index 1e0be48..54651b3 100644 --- a/po/pt.po +++ b/po/pt.po @@ -4994,6 +4994,10 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "NOTA: a chave foi revogada" #, fuzzy, c-format +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "assinatura %s de: \"%s\"\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" "assumindo assinatura incorrecta na chave %08lX devido a um bit cr?tico " diff --git a/po/pt_BR.po b/po/pt_BR.po index 34b9ead..f4f1b85 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -5009,6 +5009,10 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "chave %08lX: a chave foi revogada!\n" #, fuzzy, c-format +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "assinatura %s de: %s\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "assumindo assinatura incorreta devido a um bit cr?tico desconhecido\n" diff --git a/po/ro.po b/po/ro.po index 5038138..8128c50 100644 --- a/po/ro.po +++ b/po/ro.po @@ -4903,6 +4903,11 @@ msgstr "NOT msgid "NOTE: signature key %s has been revoked\n" msgstr "NOT?: cheia a fost revocat?" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "semn?tur? %s, algoritm rezumat %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/ru.po b/po/ru.po index 9f68512..5e4de97 100644 --- a/po/ru.po +++ b/po/ru.po @@ -4788,6 +4788,11 @@ msgstr "??????????????????: ?????????????????????? ???????? %s - ?????????????? msgid "NOTE: signature key %s has been revoked\n" msgstr "??????????????????: ???????? %s ?????????????? - ??????????????\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s ??????????????, ??????-?????????????? %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "?????????????? ???????????? ?????????????? ?????????? %s ?? ?????????????????????? ?????????????????????? ??????????\n" diff --git a/po/sk.po b/po/sk.po index a7ed64e..d897bbb 100644 --- a/po/sk.po +++ b/po/sk.po @@ -5002,6 +5002,11 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "POZN?MKA: k??? bol revokovan?" #, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s podpis, hashovac? algoritmus %s\n" + +#, fuzzy, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" "predpoklad?m neplatn? podpis k???om %08lX, preto?e je nastaven? nezn?my " diff --git a/po/sv.po b/po/sv.po index 5dbedf9..2eef3fc 100644 --- a/po/sv.po +++ b/po/sv.po @@ -4921,6 +4921,11 @@ msgstr "OBSERVERA: signaturnyckeln %s gick ut %s\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "OBSERVERA: signaturnyckeln %s har sp??rrats\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s signatur, sammandragsalgoritm %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/tr.po b/po/tr.po index 8453872..b94fb4c 100644 --- a/po/tr.po +++ b/po/tr.po @@ -4863,6 +4863,11 @@ msgstr "B??LG??: %s imza anahtar??n??n kullan??m s??resi %s sular??nda dolmu??\n msgid "NOTE: signature key %s has been revoked\n" msgstr "B??LG??: imza anahtar?? %s y??r??rl??kten kald??r??lm????t??\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s imzas??, %s ??zet algoritmas??\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/uk.po b/po/uk.po index d40d9b3..1ac4679 100644 --- a/po/uk.po +++ b/po/uk.po @@ -4877,6 +4877,11 @@ msgstr "????????????????????: ?????????? ?????? ?????????? ?????????????? %s ?? msgid "NOTE: signature key %s has been revoked\n" msgstr "????????????????????: ???????? ?????????????? %s ???????? ????????????????????\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s ????????????, ???????????????? ?????????????????????? ???????? %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" diff --git a/po/zh_CN.po b/po/zh_CN.po index ccc2189..9824489 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -4752,6 +4752,11 @@ msgstr "????????????????????? %s ?????? %s ??????\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "???????????????????????????" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s ????????????????????? %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "???????????? %s ??????????????????????????????????????????????????????\n" diff --git a/po/zh_TW.po b/po/zh_TW.po index 64c3302..611cf45 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -4684,6 +4684,11 @@ msgstr "?????????: ???????????? %s ?????? %s ??????\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "?????????: ???????????? %s ?????????\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s ??????, ??????????????? %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "???????????? %s ???????????????????????????????????????????????????\n" commit 71b0cd534ba3843e1a56f5c1b0a34e45a008ae42 Author: Werner Koch Date: Tue Jun 3 09:48:48 2014 +0200 doc: Adjust Makefile for fixed yat2m. * doc/Makefile.am (yat2m-stamp): Remove dirmngr-client hack. diff --git a/doc/Makefile.am b/doc/Makefile.am index c8d799b..252fc52 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -93,16 +93,13 @@ yat2m: yat2m.c .fig.pdf: fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@ -# Note that yatm --store has a bug in that the @ifset gpgtwoone still -# creates a dirmngr-client page from tools.texi. yat2m-stamp: $(myman_sources) - @rm -f yat2m-stamp.tmp - @touch yat2m-stamp.tmp + rm -f yat2m-stamp.tmp + touch yat2m-stamp.tmp for file in $(myman_sources) ; do \ ./yat2m $(YAT2M_OPTIONS) --store \ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done - @test -f dirmngr-client.1 && rm dirmngr-client.1 - @mv -f yat2m-stamp.tmp $@ + mv -f yat2m-stamp.tmp $@ yat2m-stamp: yat2m commit d03df6885194a04f1e64967b45aaae60328ff009 Author: Werner Koch Date: Tue Jun 3 09:02:00 2014 +0200 doc: Update from master -- diff --git a/doc/gpg.texi b/doc/gpg.texi index f1dee58..a263690 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -906,6 +906,24 @@ Signs a public key with your secret key but marks it as non-exportable. This is a shortcut version of the subcommand "lsign" from @option{--edit-key}. + at ifset gpgtwoone + at item --quick-sign-key @code{fpr} [@code{names}] + at itemx --quick-lsign-key @code{name} + at opindex quick-sign-key + at opindex quick-lsign-key +Directly sign a key from the passphrase without any further user +interaction. The @code{fpr} must be the verified primary fingerprint +of a key in the local keyring. If no @code{names} are given, all +useful user ids are signed; with given [@code{names}] only useful user +ids matching one of theses names are signed. The command + at option{--quick-lsign-key} marks the signatures as non-exportable. + +This command uses reasonable defaults and thus does not provide the +full flexibility of the "sign" subcommand from @option{--edit-key}. +Its intended use to help unattended signing using a list of verified +fingerprints. + at end ifset + @ifclear gpgone @item --passwd @var{user_id} @opindex passwd @@ -1431,7 +1449,9 @@ Set what trust model GnuPG should follow. The models are: trusted. You generally won't use this unless you are using some external validation scheme. This option also suppresses the "[uncertain]" tag printed with signature checks when there is no - evidence that the user ID is bound to the key. + evidence that the user ID is bound to the key. Note that this + trust model still does not allow the use of expired, revoked, or + disabled keys. @item auto @opindex trust-mode:auto @@ -1482,6 +1502,10 @@ mechanisms, in the order they are to be tried: position of this mechanism in the list does not matter. It is not required if @code{local} is also used. + @item clear + Clear all defined mechanisms. This is useful to override + mechanisms given in a config file. + @end table @item --keyid-format @code{short|0xshort|long|0xlong} @@ -1606,16 +1630,29 @@ are available for all keyserver types, some common options are: program uses internally (libcurl, openldap, etc). @item check-cert + at ifset gpgtwoone + This option has no more function since GnuPG 2.1. Use the + @code{dirmngr} configuration options instead. + at end ifset + at ifclear gpgtwoone Enable certificate checking if the keyserver presents one (for hkps or ldaps). Defaults to on. + at end ifclear @item ca-cert-file + at ifset gpgtwoone + This option has no more function since GnuPG 2.1. Use the + @code{dirmngr} configuration options instead. + at end ifset + at ifclear gpgtwoone Provide a certificate store to override the system default. Only necessary if check-cert is enabled, and the keyserver is using a certificate that is not present in a system default certificate list. Note that depending on the SSL library that the keyserver helper is built with, this may actually be a directory or a file. + at end ifclear + @end table @item --completes-needed @code{n} @@ -1696,6 +1733,25 @@ been given. Given that this option is not anymore used by @command{gpg2}, it should be avoided if possible. @end ifset + + at ifclear gpgone + at item --agent-program @var{file} + at opindex agent-program +Specify an agent program to be used for secret key operations. The +default value is the @file{/usr/bin/gpg-agent}. This is only used +as a fallback when the environment variable @code{GPG_AGENT_INFO} is not +set or a running agent cannot be connected. + at end ifclear + + at ifset gpgtwoone + at item --dirmngr-program @var{file} + at opindex dirmngr-program +Specify a dirmngr program to be used for keyserver access. The +default value is @file{/usr/sbin/dirmngr}. This is only used as a +fallback when the environment variable @code{DIRMNGR_INFO} is not set or +a running dirmngr cannot be connected. + at end ifset + @item --lock-once @opindex lock-once Lock the databases the first time a lock is requested @@ -2053,6 +2109,15 @@ Since GnuPG 2.0.10, this mode is always used and thus this option is obsolete; it does not harm to use it though. @end ifclear + at ifset gpgtwoone + at item --legacy-list-mode + at opindex legacy-list-mode +Revert to the pre-2.1 public key list mode. This only affects the +human readable output and not the machine interface +(i.e. @code{--with-colons}). Note that the legacy format does not +allow to convey suitable information for elliptic curves. + at end ifset + @item --with-fingerprint @opindex with-fingerprint Same as the command @option{--fingerprint} but changes only the format @@ -2245,8 +2310,8 @@ available, but the MIT release is a good common baseline. This option implies @option{--rfc1991 --disable-mdc --no-force-v4-certs --escape-from-lines --force-v3-sigs ---allow-weak-digest-algos --cipher-algo IDEA --digest-algo -MD5--compress-algo ZIP}. It also disables @option{--textmode} when +--allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5 +--compress-algo ZIP}. It also disables @option{--textmode} when encrypting. @item --pgp6 diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index f7cedaf..3d2594f 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -350,7 +350,7 @@ as a fallback when the environment variable @code{GPG_AGENT_INFO} is not set or a running agent cannot be connected. @item --dirmngr-program @var{file} - at opindex dirmnr-program + at opindex dirmngr-program Specify a dirmngr program to be used for @acronym{CRL} checks. The default value is @file{/usr/sbin/dirmngr}. This is only used as a fallback when the environment variable @code{DIRMNGR_INFO} is not set or diff --git a/doc/tools.texi b/doc/tools.texi index be1233b..32ab1e4 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -305,12 +305,22 @@ Reload all or the given component. This is basically the same as sending a SIGHUP to the component. Components which don't support reloading are ignored. + at ifset gpgtwoone + at item --launch [@var{component}] + at opindex launch +If the @var{component} is not already running, start it. + at command{component} must be a daemon. This is in general not required +because the system starts these daemons as needed. However, external +software making direct use of @command{gpg-agent} or @command{dirmngr} +may use this command to ensure that they are started. + @item --kill [@var{component}] @opindex kill Kill the given component. Components which support killing are gpg-agent and scdaemon. Components which don't support reloading are ignored. Note that as of now reload and kill have the same effect for scdaemon. + at end ifset @end table @@ -1190,6 +1200,18 @@ Try to be as quiet as possible. @opindex agent-program Specify the agent program to be started if none is running. + at ifset gpgtwoone + at item --dirmngr-program @var{file} + at opindex dirmngr-program +Specify the directory manager (keyserver client) program to be started +if none is running. This has only an effect if used together with the +option @option{--dirmngr}. + + at item --dirmngr + at opindex dirmngr +Connect to a running directory manager (keyserver client) instead of +to the gpg-agent. If a dirmngr is not running, start it. + at end ifset @item -S @itemx --raw-socket @var{name} diff --git a/doc/yat2m.c b/doc/yat2m.c index 5dc81bf..2ac4390 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005 g10 Code GmbH + * Copyright (C) 2005, 2013 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ */ /* - This is a simple textinfo to man page converter. It needs some + This is a simple texinfo to man page converter. It needs some special markup in th e texinfo and tries best to get a create man page. It has been designed for the GnuPG man pages and thus only a few texinfo commands are supported. @@ -107,6 +107,9 @@ character. */ #define LINESIZE 1024 +/* Number of allowed condition nestings. */ +#define MAX_CONDITION_NESTING 10 + /* Option flags. */ static int verbose; static int quiet; @@ -117,10 +120,6 @@ static const char *opt_select; static const char *opt_include; static int opt_store; -/* The only define we understand is -D gpgone. Thus we need a simple - boolean tro track it. */ -static int gpgone_defined; - /* Flag to keep track whether any error occurred. */ static int any_error; @@ -129,7 +128,7 @@ static int any_error; struct macro_s { struct macro_s *next; - char *value; /* Malloced value. */ + char *value; /* Malloced value. */ char name[1]; }; typedef struct macro_s *macro_t; @@ -137,6 +136,24 @@ typedef struct macro_s *macro_t; /* List of all defined macros. */ static macro_t macrolist; +/* List of global macro names. The value part is not used. */ +static macro_t predefinedmacrolist; + +/* Object to keep track of @isset and @ifclear. */ +struct condition_s +{ + int manverb; /* "manverb" needs special treatment. */ + int isset; /* This is an @isset condition. */ + char name[1]; /* Name of the condition macro. */ +}; +typedef struct condition_s *condition_t; + +/* The stack used to evaluate conditions. And the current states. */ +static condition_t condition_stack[MAX_CONDITION_NESTING]; +static int condition_stack_idx; +static int cond_is_active; /* State of ifset/ifclear */ +static int cond_in_verbatim; /* State of "manverb". */ + /* Object to store one line of content. */ struct line_buffer_s @@ -313,7 +330,158 @@ isodatestring (void) } +/* Add NAME to the list of predefined macros which are global for all + files. */ +static void +add_predefined_macro (const char *name) +{ + macro_t m; + + for (m=predefinedmacrolist; m; m = m->next) + if (!strcmp (m->name, name)) + break; + if (!m) + { + m = xcalloc (1, sizeof *m + strlen (name)); + strcpy (m->name, name); + m->next = predefinedmacrolist; + predefinedmacrolist = m; + } +} + + +/* Create or update a macro with name MACRONAME and set its values TO + MACROVALUE. Note that ownership of the macro value is transferred + to this function. */ +static void +set_macro (const char *macroname, char *macrovalue) +{ + macro_t m; + + for (m=macrolist; m; m = m->next) + if (!strcmp (m->name, macroname)) + break; + if (m) + free (m->value); + else + { + m = xcalloc (1, sizeof *m + strlen (macroname)); + strcpy (m->name, macroname); + m->next = macrolist; + macrolist = m; + } + m->value = macrovalue; + macrovalue = NULL; +} + + +/* Return true if the macro NAME is set, i.e. not the empty string and + not evaluating to 0. */ +static int +macro_set_p (const char *name) +{ + macro_t m; + + for (m = macrolist; m ; m = m->next) + if (!strcmp (m->name, name)) + break; + if (!m || !m->value || !*m->value) + return 0; + if ((*m->value & 0x80) || !isdigit (*m->value)) + return 1; /* Not a digit but some other string. */ + return !!atoi (m->value); +} + + +/* Evaluate the current conditions. */ +static void +evaluate_conditions (const char *fname, int lnr) +{ + int i; + + /* for (i=0; i < condition_stack_idx; i++) */ + /* inf ("%s:%d: stack[%d] %s %s %c", */ + /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */ + /* condition_stack[i]->name, */ + /* (macro_set_p (condition_stack[i]->name) */ + /* ^ !condition_stack[i]->isset)? 't':'f'); */ + + cond_is_active = 1; + cond_in_verbatim = 0; + if (condition_stack_idx) + { + for (i=0; i < condition_stack_idx; i++) + { + if (condition_stack[i]->manverb) + cond_in_verbatim = (macro_set_p (condition_stack[i]->name) + ^ !condition_stack[i]->isset); + else if (!(macro_set_p (condition_stack[i]->name) + ^ !condition_stack[i]->isset)) + { + cond_is_active = 0; + break; + } + } + } + + /* inf ("%s:%d: active=%d verbatim=%d", */ + /* fname, lnr, cond_is_active, cond_in_verbatim); */ +} + + +/* Push a condition with condition macro NAME onto the stack. If + ISSET is true, a @isset condition is pushed. */ +static void +push_condition (const char *name, int isset, const char *fname, int lnr) +{ + condition_t cond; + int manverb = 0; + if (condition_stack_idx >= MAX_CONDITION_NESTING) + { + err ("%s:%d: condition nested too deep", fname, lnr); + return; + } + + if (!strcmp (name, "manverb")) + { + if (!isset) + { + err ("%s:%d: using \"@ifclear manverb\" is not allowed", fname, lnr); + return; + } + manverb = 1; + } + + cond = xcalloc (1, sizeof *cond + strlen (name)); + cond->manverb = manverb; + cond->isset = isset; + strcpy (cond->name, name); + + condition_stack[condition_stack_idx++] = cond; + evaluate_conditions (fname, lnr); +} + + +/* Remove the last condition from the stack. ISSET is used for error + reporting. */ +static void +pop_condition (int isset, const char *fname, int lnr) +{ + if (!condition_stack_idx) + { + err ("%s:%d: unbalanced \"@end %s\"", + fname, lnr, isset?"isset":"isclear"); + return; + } + condition_stack_idx--; + free (condition_stack[condition_stack_idx]); + condition_stack[condition_stack_idx] = NULL; + evaluate_conditions (fname, lnr); +} + + + /* Return a section buffer for the section NAME. Allocate a new buffer if this is a new section. Keep track of the sections in THEPAGE. This function may reallocate the section array in THEPAGE. */ @@ -862,14 +1030,8 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) int lnr = 0; /* Fixme: The following state variables don't carry over to include files. */ - int in_verbatim = 0; int skip_to_end = 0; /* Used to skip over menu entries. */ int skip_sect_line = 0; /* Skip after @mansect. */ - int ifset_nesting = 0; /* How often a ifset has been seen. */ - int ifclear_nesting = 0; /* How often a ifclear has been seen. */ - int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */ - int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */ - int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */ int item_indent = 0; /* How far is the current @item indented. */ /* Helper to define a macro. */ @@ -883,7 +1045,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) { size_t n = strlen (line); int got_line = 0; - char *p; + char *p, *pend; lnr++; if (!n || line[n-1] != '\n') @@ -930,26 +1092,12 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "macro", 5) && (p[5]==' '||p[5]=='\t'||!p[5])) { - macro_t m; - if (macrovalueused) macrovalue[--macrovalueused] = 0; /* Kill the last LF. */ macrovalue[macrovalueused] = 0; /* Terminate macro. */ macrovalue = xrealloc (macrovalue, macrovalueused+1); - for (m= macrolist; m; m = m->next) - if (!strcmp (m->name, macroname)) - break; - if (m) - free (m->value); - else - { - m = xcalloc (1, sizeof *m + strlen (macroname)); - strcpy (m->name, macroname); - m->next = macrolist; - macrolist = m; - } - m->value = macrovalue; + set_macro (macroname, macrovalue); macrovalue = NULL; free (macroname); macroname = NULL; @@ -997,23 +1145,33 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) if (n == 6 && !memcmp (line, "@ifset", 6) && (line[6]==' '||line[6]=='\t')) { - ifset_nesting++; - - if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7])) + for (p=line+7; *p == ' ' || *p == '\t'; p++) + ; + if (!*p) { - if (in_verbatim) - err ("%s:%d: nested \"@ifset manverb\"", fname, lnr); - else - in_verbatim = ifset_nesting; + err ("%s:%d: name missing after \"@ifset\"", fname, lnr); + continue; } - else if (!strncmp (p, "gpgone", 6) - && (p[6]==' '||p[6]=='\t'||!p[6])) + for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++) + ; + *pend = 0; /* Ignore rest of the line. */ + push_condition (p, 1, fname, lnr); + continue; + } + else if (n == 8 && !memcmp (line, "@ifclear", 8) + && (line[8]==' '||line[8]=='\t')) + { + for (p=line+9; *p == ' ' || *p == '\t'; p++) + ; + if (!*p) { - if (in_gpgone) - err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr); - else - in_gpgone = ifset_nesting; + err ("%s:%d: name missing after \"@ifsclear\"", fname, lnr); + continue; } + for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++) + ; + *pend = 0; /* Ignore rest of the line. */ + push_condition (p, 0, fname, lnr); continue; } else if (n == 4 && !memcmp (line, "@end", 4) @@ -1021,40 +1179,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "ifset", 5) && (p[5]==' '||p[5]=='\t'||!p[5])) { - if (in_verbatim && ifset_nesting == in_verbatim) - in_verbatim = 0; - if (in_gpgone && ifset_nesting == in_gpgone) - in_gpgone = 0; - - if (ifset_nesting) - ifset_nesting--; - else - err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr); - continue; - } - else if (n == 8 && !memcmp (line, "@ifclear", 8) - && (line[8]==' '||line[8]=='\t')) - { - ifclear_nesting++; - - if (!strncmp (p, "gpgone", 6) - && (p[6]==' '||p[6]=='\t'||!p[6])) - { - if (not_in_gpgone) - err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr); - else - not_in_gpgone = ifclear_nesting; - } - - else if (!strncmp (p, "isman", 5) - && (p[5]==' '||p[5]=='\t'||!p[5])) - { - if (not_in_man) - err ("%s:%d: nested \"@ifclear isman\"", fname, lnr); - else - not_in_man = ifclear_nesting; - } - + pop_condition (1, fname, lnr); continue; } else if (n == 4 && !memcmp (line, "@end", 4) @@ -1062,23 +1187,13 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "ifclear", 7) && (p[7]==' '||p[7]=='\t'||!p[7])) { - if (not_in_gpgone && ifclear_nesting == not_in_gpgone) - not_in_gpgone = 0; - if (not_in_man && ifclear_nesting == not_in_man) - not_in_man = 0; - - if (ifclear_nesting) - ifclear_nesting--; - else - err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr); + pop_condition (0, fname, lnr); continue; } } /* Take action on ifset/ifclear. */ - if ( (in_gpgone && !gpgone_defined) - || (not_in_gpgone && gpgone_defined) - || not_in_man) + if (!cond_is_active) continue; /* Process commands. */ @@ -1090,7 +1205,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) { skip_to_end = 0; } - else if (in_verbatim) + else if (cond_in_verbatim) { got_line = 1; } @@ -1182,7 +1297,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) else if (!skip_to_end) got_line = 1; - if (got_line && in_verbatim) + if (got_line && cond_in_verbatim) add_content (*section_name, line, 1); else if (got_line && thepage.name && *section_name && !in_pause) add_content (*section_name, line, 0); @@ -1201,6 +1316,8 @@ top_parse_file (const char *fname, FILE *fp) { char *section_name = NULL; /* Name of the current section or NULL if not in a section. */ + macro_t m; + while (macrolist) { macro_t next = macrolist->next; @@ -1208,6 +1325,10 @@ top_parse_file (const char *fname, FILE *fp) free (macrolist); macrolist = next; } + for (m=predefinedmacrolist; m; m = m->next) + set_macro (m->name, xstrdup ("1")); + cond_is_active = 1; + cond_in_verbatim = 0; parse_file (fname, fp, §ion_name, 0); free (section_name); @@ -1223,6 +1344,12 @@ main (int argc, char **argv) opt_source = "GNU"; opt_release = ""; + /* Define default macros. The trick is that these macros are not + defined when using the actual texinfo renderer. */ + add_predefined_macro ("isman"); + add_predefined_macro ("manverb"); + + /* Option parsing. */ if (argc) { argc--; argv++; @@ -1327,8 +1454,7 @@ main (int argc, char **argv) argc--; argv++; if (argc) { - if (!strcmp (*argv, "gpgone")) - gpgone_defined = 1; + add_predefined_macro (*argv); argc--; argv++; } } commit d7750a15d594f6d621e21d57fd5d45d6573870e0 Author: Werner Koch Date: Tue Apr 15 16:40:48 2014 +0200 gpg: New %U expando for the photo viewer. * g10/photoid.c (show_photos): Set namehash. * g10/misc.c (pct_expando): Add "%U" expando. -- This makes is possible to extract all photos ids from a key to different files. (cherry picked from commit e184a11f94e2d41cd9266484542631bec23628b5) Resolved conflicts: g10/photoid.c - whitespaces diff --git a/doc/gpg.texi b/doc/gpg.texi index 7d314b6..f1dee58 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1177,7 +1177,7 @@ for the key fingerprint, "%t" for the extension of the image type (e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"), "%v" for the single-character calculated validity of the image being viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g. -"full"), +"full"), "%U" for a base32 encoded hash of the user ID, and "%%" for an actual percent sign. If neither %i or %I are present, then the photo will be supplied to the viewer on standard input. diff --git a/g10/main.h b/g10/main.h index 6876e0a..8d29071 100644 --- a/g10/main.h +++ b/g10/main.h @@ -109,6 +109,7 @@ struct expando_args byte imagetype; int validity_info; const char *validity_string; + const byte *namehash; }; char *pct_expando(const char *string,struct expando_args *args); diff --git a/g10/misc.c b/g10/misc.c index 82a13aa..43ea0d2 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -648,6 +648,23 @@ pct_expando(const char *string,struct expando_args *args) } break; + case 'U': /* z-base-32 encoded user id hash. */ + if (args->namehash) + { + char *tmp = zb32_encode (args->namehash, 8*20); + if (tmp) + { + if (idx + strlen (tmp) < maxlen) + { + strcpy (ret+idx, tmp); + idx += strlen (tmp); + } + xfree (tmp); + done = 1; + } + } + break; + case 'c': /* signature count from card, if any. */ if(idx+10namehash; if(pk) keyid_from_pk(pk,kid); commit 2a415c47eaf65c47edbd98440f37b2c46354fd02 Author: Werner Koch Date: Tue Apr 15 16:40:48 2014 +0200 common: Add z-base-32 encoder. * common/zb32.c: New. * common/t-zb32.c: New. * common/Makefile.am (common_sources): Add zb82.c -- (cherry picked from commit b8a91ebf46a927801866e99bb5a66ab00651424e) Resolved conflicts: common/Makefile.am diff --git a/common/Makefile.am b/common/Makefile.am index f2242b6..880b01b 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -52,6 +52,7 @@ common_sources = \ gettime.c \ yesno.c \ b64enc.c b64dec.c \ + zb32.c \ convert.c \ percent.c \ miscellaneous.c \ diff --git a/common/util.h b/common/util.h index becc9cf..48d02e0 100644 --- a/common/util.h +++ b/common/util.h @@ -182,6 +182,8 @@ gpg_error_t b64dec_proc (struct b64state *state, void *buffer, size_t length, gpg_error_t b64dec_finish (struct b64state *state); +/*-- zb32.c --*/ +char *zb32_encode (const void *data, unsigned int databits); /*-- sexputil.c */ diff --git a/common/zb32.c b/common/zb32.c new file mode 100644 index 0000000..05aa0ea --- /dev/null +++ b/common/zb32.c @@ -0,0 +1,120 @@ +/* zb32.c - z-base-32 functions + * Copyright (C) 2014 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of either + * + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include +#include + +#include "util.h" + + +/* Zooko's base32 variant. See RFC-6189 and + http://philzimmermann.com/docs/human-oriented-base-32-encoding.txt + Caller must xfree the returned string. Returns NULL and sets ERRNO + on error. To avoid integer overflow DATALEN is limited to 2^16 + bytes. Note, that DATABITS is measured in bits!. */ +char * +zb32_encode (const void *data, unsigned int databits) +{ + static char const zb32asc[32] = {'y','b','n','d','r','f','g','8', + 'e','j','k','m','c','p','q','x', + 'o','t','1','u','w','i','s','z', + 'a','3','4','5','h','7','6','9' }; + const unsigned char *s; + char *output, *d; + size_t datalen; + + datalen = (databits + 7) / 8; + if (datalen > (1 << 16)) + { + errno = EINVAL; + return NULL; + } + + d = output = xtrymalloc (8 * (datalen / 5) + + 2 * (datalen % 5) + - ((datalen%5)>2) + + 1); + if (!output) + return NULL; + + /* I use straightforward code. The compiler should be able to do a + better job on optimization than me and it is easier to read. */ + for (s = data; datalen >= 5; s += 5, datalen -= 5) + { + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ]; + *d++ = zb32asc[((s[1] & 63) >> 1) ]; + *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ]; + *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ]; + *d++ = zb32asc[((s[3] & 127) >> 2) ]; + *d++ = zb32asc[((s[3] & 3) << 3) | (s[4] >> 5) ]; + *d++ = zb32asc[((s[4] & 31) ) ]; + } + + switch (datalen) + { + case 4: + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ]; + *d++ = zb32asc[((s[1] & 63) >> 1) ]; + *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ]; + *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ]; + *d++ = zb32asc[((s[3] & 127) >> 2) ]; + *d++ = zb32asc[((s[3] & 3) << 3) ]; + break; + case 3: + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ]; + *d++ = zb32asc[((s[1] & 63) >> 1) ]; + *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ]; + *d++ = zb32asc[((s[2] & 15) << 1) ]; + break; + case 2: + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ]; + *d++ = zb32asc[((s[1] & 63) >> 1) ]; + *d++ = zb32asc[((s[1] & 1) << 4) ]; + break; + case 1: + *d++ = zb32asc[((s[0] ) >> 3) ]; + *d++ = zb32asc[((s[0] & 7) << 2) ]; + break; + default: + break; + } + *d = 0; + + /* Need to strip some bytes if not a multiple of 40. */ + output[(databits + 5 - 1) / 5] = 0; + return output; +} commit 8a4bd132f73aaf1588fb03340392fe22dd8e18ed Author: Werner Koch Date: Mon Mar 17 17:54:36 2014 +0100 gpg: Reject signatures made with MD5. * g10/gpg.c: Add option --allow-weak-digest-algos. (main): Set option also in PGP2 mode. * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. * g10/sig-check.c (do_check): Reject MD5 signatures. * tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos. -- (cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c) Resolved conflicts: g10/gpg.c - adjust. tests/openpgp/defs.inc - no changes diff --git a/doc/gpg.texi b/doc/gpg.texi index 26179bd..7d314b6 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2244,9 +2244,10 @@ a message that PGP 2.x will not be able to handle. Note that `PGP available, but the MIT release is a good common baseline. This option implies @option{--rfc1991 --disable-mdc ---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo -IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables - at option{--textmode} when encrypting. +--no-force-v4-certs --escape-from-lines --force-v3-sigs +--allow-weak-digest-algos --cipher-algo IDEA --digest-algo +MD5--compress-algo ZIP}. It also disables @option{--textmode} when +encrypting. @item --pgp6 @opindex pgp6 @@ -2702,6 +2703,13 @@ necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. + at item --allow-weak-digest-algos + at opindex allow-weak-digest-algos +Signatures made with the broken MD5 algorithm are normally rejected +with an ``invalid digest algorithm'' message. This option allows the +verification of signatures made with such weak algorithms. + + @item --no-default-keyring @opindex no-default-keyring Do not add the default keyrings to the list of keyrings. Note that diff --git a/g10/gpg.c b/g10/gpg.c index 35b62c1..87ffe54 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -367,6 +367,7 @@ enum cmd_and_opt_values oDisableDSA2, oAllowMultipleMessages, oNoAllowMultipleMessages, + oAllowWeakDigestAlgos, oNoop }; @@ -742,6 +743,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"), ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), + ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common @@ -2949,6 +2951,10 @@ main (int argc, char **argv) opt.flags.allow_multiple_messages=0; break; + case oAllowWeakDigestAlgos: + opt.flags.allow_weak_digest_algos = 1; + break; + case oNoop: break; default: @@ -3131,6 +3137,7 @@ main (int argc, char **argv) opt.pgp2_workarounds = 1; opt.ask_sig_expire = 0; opt.ask_cert_expire = 0; + opt.flags.allow_weak_digest_algos = 1; xfree(def_digest_string); def_digest_string = xstrdup("md5"); xfree(s2k_digest_string); diff --git a/g10/options.h b/g10/options.h index 3c5b2c5..1a13841 100644 --- a/g10/options.h +++ b/g10/options.h @@ -231,6 +231,7 @@ struct unsigned int utf8_filename:1; unsigned int dsa2:1; unsigned int allow_multiple_messages:1; + unsigned int allow_weak_digest_algos:1; } flags; /* Linked list of ways to find a key if the key isn't on the local diff --git a/g10/sig-check.c b/g10/sig-check.c index 07a9836..ed4fa89 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -269,6 +269,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest, if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) ) return rc; + if (sig->digest_algo == GCRY_MD_MD5 + && !opt.flags.allow_weak_digest_algos) + { + static int shown; + + if (!shown) + { + log_info + (_("Note: signatures using the %s algorithm are rejected\n"), + "MD5"); + shown = 1; + } + + return GPG_ERR_DIGEST_ALGO; + } + /* Make sure the digest algo is enabled (in case of a detached signature). */ gcry_md_enable (digest, sig->digest_algo); diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc index b011549..5d5e03d 100755 --- a/tests/openpgp/defs.inc +++ b/tests/openpgp/defs.inc @@ -68,7 +68,7 @@ error () { defs_error_seen=yes echo "$pgmname:" $* >&5 if [ x$defs_stop_on_error != xyes ]; then - exit 1 + exit 1 fi } @@ -189,7 +189,7 @@ pgmname=`basename $0` [ -z "$srcdir" ] && fatal "not called from make" # Make sure we have a valid option file even with VPATH builds. -for f in gpg.conf ; do +for f in gpg.conf ; do if [ -f ./$f ]; then : elif [ -f $srcdir/$f.tmpl ]; then diff --git a/tests/openpgp/gpg.conf.tmpl b/tests/openpgp/gpg.conf.tmpl index 7060a66..7db73be 100644 --- a/tests/openpgp/gpg.conf.tmpl +++ b/tests/openpgp/gpg.conf.tmpl @@ -3,3 +3,4 @@ no-secmem-warning no-permission-warning batch no-auto-check-trustdb +allow-weak-digest-algos commit 3d4a36c8c98a15a4c5237fe2d10475a14b4c170a Author: Werner Koch Date: Wed May 14 08:55:58 2014 +0200 gpg: Remove useless diagnostic in MDC verification. * g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad MDC packer header and a bad MDC. -- The separate diagnostic was introduced for debugging a problems. For explaining an MDC error a single error message is easier to understand. diff --git a/g10/encr-data.c b/g10/encr-data.c index 105b105..c5c3c19 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -240,14 +240,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) gcry_md_write (dfx->mdc_hash, dfx->defer, 2); gcry_md_final (dfx->mdc_hash); - if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' ) - { - log_error("mdc_packet with invalid encoding\n"); - rc = gpg_error (GPG_ERR_INV_PACKET); - } - else if (datalen != 20 - || memcmp (gcry_md_read (dfx->mdc_hash, 0), - dfx->defer+2,datalen )) + if ( dfx->defer[0] != '\xd3' + || dfx->defer[1] != '\x14' + || datalen != 20 + || memcmp (gcry_md_read (dfx->mdc_hash, 0), dfx->defer+2, datalen)) rc = gpg_error (GPG_ERR_BAD_SIGNATURE); /* log_printhex("MDC message:", dfx->defer, 22); */ /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */ commit 3c3d1ab35d17bce46dac8f806a8ce2dc90ac06ee Author: Werner Koch Date: Wed May 14 08:49:37 2014 +0200 gpg: Fix glitch entering a full expiration time. * g10/keygen.c (ask_expire_interval): Get the current time after the prompt. -- This almost avoid that an entered full ISO timestamp is not used as given but off by the time the user required to enter the timestamp. GnuPG-bug-id: 1639 diff --git a/g10/keygen.c b/g10/keygen.c index ad6bd73..a786beb 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1949,7 +1949,7 @@ ask_expire_interval(int object,const char *def_expire) answer = NULL; for(;;) { - u32 curtime=make_timestamp(); + u32 curtime; xfree(answer); if(object==0) @@ -1973,6 +1973,7 @@ ask_expire_interval(int object,const char *def_expire) } cpr_kill_prompt(); trim_spaces(answer); + curtime = make_timestamp (); interval = parse_expire_string( answer ); if( interval == (u32)-1 ) { ----------------------------------------------------------------------- Summary of changes: AUTHORS | 5 +- NEWS | 28 +++- README | 19 ++- common/Makefile.am | 1 + common/util.h | 2 + common/zb32.c | 120 +++++++++++++++++ doc/Makefile.am | 9 +- doc/gpg.texi | 83 +++++++++++- doc/gpgsm.texi | 2 +- doc/tools.texi | 22 +++ doc/yat2m.c | 310 ++++++++++++++++++++++++++++++------------- g10/encr-data.c | 12 +- g10/gpg.c | 7 + g10/keygen.c | 3 +- g10/main.h | 1 + g10/misc.c | 17 +++ g10/options.h | 1 + g10/photoid.c | 11 +- g10/sig-check.c | 16 +++ po/be.po | 4 + po/ca.po | 5 + po/cs.po | 5 + po/da.po | 5 + po/de.po | 6 +- po/el.po | 5 + po/eo.po | 4 + po/es.po | 5 + po/et.po | 5 + po/fi.po | 6 + po/fr.po | 5 + po/gl.po | 5 + po/hu.po | 5 + po/id.po | 5 + po/it.po | 5 + po/ja.po | 5 + po/nb.po | 5 + po/pl.po | 5 + po/pt.po | 4 + po/pt_BR.po | 4 + po/ro.po | 5 + po/ru.po | 5 + po/sk.po | 5 + po/sv.po | 5 + po/tr.po | 5 + po/uk.po | 5 + po/zh_CN.po | 5 + po/zh_TW.po | 5 + tests/openpgp/defs.inc | 4 +- tests/openpgp/gpg.conf.tmpl | 1 + 49 files changed, 678 insertions(+), 134 deletions(-) create mode 100644 common/zb32.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 11:22:48 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 11:22:48 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23-1-g6d41c9b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 6d41c9b9ea225c3abe8e2f9a6fc7fb969adc80bf (commit) from 6209c6d9ad00a17bef4780ff22f0e9f588343c00 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6d41c9b9ea225c3abe8e2f9a6fc7fb969adc80bf Author: Werner Koch Date: Tue Jun 3 11:25:04 2014 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index 656f910..aed90e6 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.0.24 (unreleased) +------------------------------------------------- + + Noteworthy changes in version 2.0.23 (2014-06-03) ------------------------------------------------- diff --git a/announce.txt b/announce.txt index 384f575..63e959f 100644 --- a/announce.txt +++ b/announce.txt @@ -5,9 +5,8 @@ Mail-Followup-To: gnupg-users at gnupg.org Hello! We are pleased to announce the availability of a new stable GnuPG-2 -release: Version 2.0.22. This is a *security fix* release and all -users are advised to updated to this version. See below for the -impact of the problem. +release: Version 2.0.23. This is a maintenace release with a few +new features. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital @@ -31,35 +30,33 @@ GnuPG is distributed under the terms of the GNU General Public License also available for other Unices, Microsoft Windows and Mac OS X. -What's New in 2.0.22 +What's New in 2.0.23 ==================== - * Fixed possible infinite recursion in the compressed packet - parser. [CVE-2013-4402] + * gpg: Reject signatures made using the MD5 hash algorithm unless the + new option --allow-weak-digest-algos or --pgp2 are given. - * Improved support for some card readers. + * gpg: Do not create a trustdb file if --trust-model=always is used. - * Prepared building with the forthcoming Libgcrypt 1.6. + * gpg: Only the major version number is by default included in the + armored output. - * Protect against rogue keyservers sending secret keys. + * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the + communication with the gpg-agent. + * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more + aligned to the regular key listing ("gpg -k"). -Impact of the security problem -============================== + * gpg: The option--show-session-key prints its output now before the + decryption of the bulk message starts. -Special crafted input data may be used to cause a denial of service -against GPG (GnuPG's OpenPGP part) and some other OpenPGP -implementations. All systems using GPG to process incoming data are -affected. + * gpg: New %U expando for the photo viewer. -Taylor R Campbell invented a neat trick to generate OpenPGP packages -to force GPG to recursively parse certain parts of OpenPGP messages ad -infinitum. As a workaround a tight "ulimit -v" setting may be used to -mitigate the problem. Sample input data to trigger this problem has -not yet been seen in the wild. Details of the attack will eventually -be published by its inventor. + * gpgsm: Improved handling of re-issued CA certificates. -A fixed release of the GnuPG 1.4 series will be releases soon. + * scdaemon: Various fixes for pinpad equipped card readers. + + * Minor bug fixes. @@ -69,25 +66,26 @@ Getting the Software Please follow the instructions found at http://www.gnupg.org/download/ or read on: -GnuPG 2.0.22 may be downloaded from one of the GnuPG mirror sites or +GnuPG 2.0.23 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors -can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG +can be found at http://www.gnupg.org/mirrors.html . Note that GnuPG is not available at ftp.gnu.org. On the FTP server and its mirrors you should find the following files in the gnupg/ directory: - gnupg-2.0.22.tar.bz2 (4200k) - gnupg-2.0.22.tar.bz2.sig + gnupg-2.0.23.tar.bz2 (4196k) + gnupg-2.0.23.tar.bz2.sig - GnuPG source compressed using BZIP2 and OpenPGP signature. + GnuPG source compressed using BZIP2 and its OpenPGP signature. - gnupg-2.0.20-2.0.22.diff.bz2 (39k) + gnupg-2.0.22-2.0.23.diff.bz2 (53k) - A patch file to upgrade a 2.0.20 GnuPG source tree. This patch + A patch file to upgrade a 2.0.22 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs for GnuPG-2. +A Windows version will eventually be released at https://gpg4win.org . Checking the Integrity @@ -99,9 +97,9 @@ the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the - signature of the file gnupg-2.0.22.tar.bz2 you would use this command: + signature of the file gnupg-2.0.23.tar.bz2 you would use this command: - gpg --verify gnupg-2.0.22.tar.bz2.sig + gpg --verify gnupg-2.0.23.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and @@ -124,15 +122,15 @@ the following ways: * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file - gnupg-2.0.22.tar.bz2, you would run the sha1sum command like this: + gnupg-2.0.23.tar.bz2, you would run the sha1sum command like this: - sha1sum gnupg-2.0.22.tar.bz2 + sha1sum gnupg-2.0.23.tar.bz2 and check that the output matches the first line from the following list: -9ba9ee288e9bf813e0f1e25cbe06b58d3072d8b8 gnupg-2.0.22.tar.bz2 -6cc51b14ed652fe7eadae25ec7cdaa6f63377525 gnupg-2.0.21-2.0.22.diff.bz2 +c90e47ab95a40dd070fd75faef0a05c7b679553b gnupg-2.0.23.tar.bz2 +e02cfab2bc046f9fac89eef098c34f58b5745d20 gnupg-2.0.22-2.0.23.diff.bz2 Documentation @@ -143,11 +141,11 @@ Separate man pages are included as well; however they have not all the details available in the manual. It is also possible to read the complete manual online in HTML format at - http://www.gnupg.org/documentation/manuals/gnupg/ + https://www.gnupg.org/documentation/manuals/gnupg/ or in Portable Document Format at - http://www.gnupg.org/documentation/manuals/gnupg.pdf . + https://www.gnupg.org/documentation/manuals/gnupg.pdf . The chapters on gpg-agent, gpg and gpgsm include information on how to set up the whole thing. You may also want search the GnuPG mailing @@ -170,7 +168,7 @@ We suggest to send bug reports for a new release to this list in favor of filing a bug at . We also have a dedicated service directory at: - http://www.gnupg.org/service.html + https://www.gnupg.org/service.html The driving force behind the development of GnuPG is the company of its principal author, Werner Koch. Maintenance and improvement of @@ -178,7 +176,12 @@ GnuPG and related software takes up most of their resources. To allow him to continue this work he kindly asks to either purchase a support contract, engage g10 Code for custom enhancements, or to donate money: - http://g10code.com/gnupg-donation.html +Maintaining and improving GnuPG is costly. For more than a decade, +g10 Code GmbH, a German company owned and headed by GnuPG's principal +author Werner Koch, is bearing the majority of these costs. To help +them carry on this work, they need your support. See + + https://gnupg.org/donate/ Thanks @@ -186,7 +189,7 @@ Thanks We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the -servers, spreading the word, or answering questions on the mailing +servers, spreading the word, and answering questions on the mailing lists. diff --git a/configure.ac b/configure.ac index ec7fae7..4ea6606 100644 --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,7 @@ min_automake_version="1.10" # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [2.0.23]) +m4_define([mym4_version], [2.0.24]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a ----------------------------------------------------------------------- Summary of changes: NEWS | 4 +++ announce.txt | 83 ++++++++++++++++++++++++++++++---------------------------- configure.ac | 2 +- 3 files changed, 48 insertions(+), 41 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 11:27:16 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 11:27:16 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23-2-g07f8a37 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 07f8a37637da310d176879d491f8df2a881b117e (commit) from 6d41c9b9ea225c3abe8e2f9a6fc7fb969adc80bf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 07f8a37637da310d176879d491f8df2a881b117e Author: Werner Koch Date: Tue Jun 3 11:29:34 2014 +0200 maint: Of course we only use https in the announcements. -- diff --git a/announce.txt b/announce.txt index 63e959f..f4d046d 100644 --- a/announce.txt +++ b/announce.txt @@ -63,12 +63,12 @@ What's New in 2.0.23 Getting the Software ==================== -Please follow the instructions found at http://www.gnupg.org/download/ +Please follow the instructions found at https://www.gnupg.org/download/ or read on: GnuPG 2.0.23 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors -can be found at http://www.gnupg.org/mirrors.html . Note that GnuPG +can be found at https://www.gnupg.org/mirrors.html . Note that GnuPG is not available at ftp.gnu.org. On the FTP server and its mirrors you should find the following files @@ -163,9 +163,9 @@ Support ======= Please consult the archive of the gnupg-users mailing list before -reporting a bug . +reporting a bug . We suggest to send bug reports for a new release to this list in favor -of filing a bug at . We also have a dedicated +of filing a bug at . We also have a dedicated service directory at: https://www.gnupg.org/service.html ----------------------------------------------------------------------- Summary of changes: announce.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 13:32:20 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 13:32:20 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23-3-g52b96ef Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 52b96ef6b81951ddacf146a74e88e5512efd03a0 (commit) from 07f8a37637da310d176879d491f8df2a881b117e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 52b96ef6b81951ddacf146a74e88e5512efd03a0 Author: Werner Koch Date: Tue Jun 3 13:34:24 2014 +0200 doc: Update for modern makeinfo. * doc/texi.css: Remove. * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref. diff --git a/doc/Makefile.am b/doc/Makefile.am index 252fc52..a1ca4ba 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -34,7 +34,7 @@ EXTRA_DIST = samplekeys.asc ChangeLog-2011 \ gnupg-card-architecture.pdf \ FAQ gnupg7.texi \ opt-homedir.texi see-also-note.texi specify-user-id.texi \ - gpgv.texi texi.css yat2m.c + gpgv.texi yat2m.c BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \ gnupg-card-architecture.pdf @@ -55,7 +55,7 @@ gnupg_TEXINFOS = \ DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips -AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css +AM_MAKEINFOFLAGS = -I $(srcdir) --css-ref=/share/site.css YAT2M_OPTIONS = -I $(srcdir) \ --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard" @@ -136,12 +136,12 @@ online: gnupg.html gnupg.pdf set -e; \ echo "Uploading current manuals to www.gnupg.org ..."; \ cp $(srcdir)/gnupg-logo.png gnupg.html/; \ - user=werner ; dashdevel="" ; \ + user=werner ; webhost=ftp.gnupg.org; dashdevel="" ; \ if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \ dashdevel="-devel" ; \ else \ - rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \ + rsync -v gnupg.pdf $${user}@{webhost}:webspace/manuals/ ; \ fi ; \ cd gnupg.html ; \ rsync -vr --exclude='.svn' . \ - $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/ + $${user}@{webhost}:webspace/manuals/gnupg$${dashdevel}/ diff --git a/doc/texi.css b/doc/texi.css deleted file mode 100644 index a369abc..0000000 --- a/doc/texi.css +++ /dev/null @@ -1,6 +0,0 @@ -/* The gnupg.org standard stylesheet. */ - @import url(/share/site.css); - - - - ----------------------------------------------------------------------- Summary of changes: doc/Makefile.am | 10 +++++----- doc/texi.css | 6 ------ 2 files changed, 5 insertions(+), 11 deletions(-) delete mode 100644 doc/texi.css hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 14:14:21 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 14:14:21 +0200 Subject: [git] gnupg-doc - branch, master, updated. 270fe958aebf689f04f0a624289dfbd515f3281c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 270fe958aebf689f04f0a624289dfbd515f3281c (commit) from ba19d489c45a28d8e143ac88fbf4a6d7fdc60c3a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 270fe958aebf689f04f0a624289dfbd515f3281c Author: Werner Koch Date: Tue Jun 3 14:01:57 2014 +0200 web: Fix Paypal button and publish 2.0.23 news. * cgi/procdonate.cgi (write_template): Add template var PUBLISH_NAME. * web/donate/checkout.org: Pass PUBLISH_NAME to Paypal. * web/index.org: Add news item * web/share/site.css: Add rules for makeinfo. diff --git a/cgi/procdonate.cgi b/cgi/procdonate.cgi index ad95369..61ecce2 100755 --- a/cgi/procdonate.cgi +++ b/cgi/procdonate.cgi @@ -70,6 +70,7 @@ sub write_template ($) { my $sel_gbp = ''; my $sel_jpy = ''; my $message_fmt; + my $publishname; # Avoid broken HTML attributes. $amount =~ s/\x22/\x27/g; @@ -102,6 +103,13 @@ sub write_template ($) { $sel_jpy = ' selected="selected"'; } + # Set var for the paypal button + if ( $name eq 'Anonymous' or $name eq '') { + $publishname = 'No'; + } else { + $publishname = 'Yes'; + } + # Build error strings. foreach (keys %errdict) { @@ -137,6 +145,7 @@ sub write_template ($) { || s/(/$sel_usd>/ || s/(/$sel_gbp>/ || s/(/$sel_jpy>/ + || s//$publishname/ || s//$errorstr/ || s//$err_amount/ || s//$err_name/ diff --git a/web/donate/checkout.org b/web/donate/checkout.org index 8f09b9d..ad69fcd 100644 --- a/web/donate/checkout.org +++ b/web/donate/checkout.org @@ -70,6 +70,8 @@ + +

#+END_HTML diff --git a/web/index.org b/web/index.org index d42c997..1e643c0 100644 --- a/web/index.org +++ b/web/index.org @@ -51,6 +51,14 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +2014q2/000342.html + +** GnuPG 2.0.23 released (2014-06-03) + +We are pleased to announce the availability of GnuPG 2.0.23. This is +a maintenance release with a few new features. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000342.html][{more}]] + + ** Goteo campaign: preliminary results (2014-05-12) The blog has a report on the current status of the campaign including diff --git a/web/share/site.css b/web/share/site.css index 37460d3..6f0e373 100644 --- a/web/share/site.css +++ b/web/share/site.css @@ -302,6 +302,41 @@ pre { overflow: auto; } +/* Classes used by makeinfo (manuals). */ + +pre.display { + font-family:inherit; +} +pre.format { + font-family:inherit; +} +pre.smalldisplay { + font-family:inherit; + font-size:smaller; +} +pre.smallformat { + font-family:inherit; + font-size:smaller; +} +pre.smallexample { + font-size:smaller; +} +pre.smalllisp { + font-size:smaller; +} + +span.sc { + font-variant:small-caps; +} +span.roman { + font-family:serif; + font-weight:normal; +} +span.sansserif { + font-family:sans-serif; + font-weight:normal; +} + /* Table stuff */ @@ -360,6 +395,8 @@ td.right { } +/* A box of logos. */ + .logobox p { margin-top: 20px; } diff --git a/web/swdb.mac b/web/swdb.mac index 522a4c6..b443bbf 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -8,10 +8,10 @@ # # GnuPG-2 # -#+macro: gnupg_ver 2.0.22 +#+macro: gnupg_ver 2.0.23 #+macro: gnupg_branch STABLE-BRANCH-2-0 -#+macro: gnupg_size 4177k -#+macro: gnupg_sha1 9ba9ee288e9bf813e0f1e25cbe06b58d3072d8b8 +#+macro: gnupg_size 4196k +#+macro: gnupg_sha1 c90e47ab95a40dd070fd75faef0a05c7b679553b # # GnuPG-1 ----------------------------------------------------------------------- Summary of changes: cgi/procdonate.cgi | 9 +++++++++ web/donate/checkout.org | 2 ++ web/index.org | 8 ++++++++ web/share/site.css | 37 +++++++++++++++++++++++++++++++++++++ web/swdb.mac | 6 +++--- 5 files changed, 59 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 14:15:22 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 14:15:22 +0200 Subject: [git] gnupg-doc - branch, master, updated. bccd13c3009550cc6e4689e468b004fe10afa6d3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via bccd13c3009550cc6e4689e468b004fe10afa6d3 (commit) from 270fe958aebf689f04f0a624289dfbd515f3281c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bccd13c3009550cc6e4689e468b004fe10afa6d3 Author: Werner Koch Date: Tue Jun 3 14:17:48 2014 +0200 web: Add a note for cronjob generated parts. diff --git a/web/donate/kudos-2011.org b/web/donate/kudos-2011.org index a00d751..6c9c1ab 100644 --- a/web/donate/kudos-2011.org +++ b/web/donate/kudos-2011.org @@ -6,6 +6,7 @@ #+HTML:

[please reload in a few minutes while the list is being updated] #+HTML: #+HTML:

diff --git a/web/donate/kudos-2012.org b/web/donate/kudos-2012.org index 6b30a87..d2bf44c 100644 --- a/web/donate/kudos-2012.org +++ b/web/donate/kudos-2012.org @@ -6,6 +6,7 @@ #+HTML:

[please reload in a few minutes while the list is being updated] #+HTML: #+HTML:

diff --git a/web/donate/kudos-2013.org b/web/donate/kudos-2013.org index 0365da6..0d8802d 100644 --- a/web/donate/kudos-2013.org +++ b/web/donate/kudos-2013.org @@ -6,6 +6,7 @@ #+HTML:

[please reload in a few minutes while the list is being updated] #+HTML: #+HTML:

diff --git a/web/donate/kudos-2014.org b/web/donate/kudos-2014.org index 9ccf628..ecf4ac9 100644 --- a/web/donate/kudos-2014.org +++ b/web/donate/kudos-2014.org @@ -6,6 +6,7 @@ #+HTML:

[please reload in a few minutes while the list is being updated] #+HTML: #+HTML:

@@ -22,6 +23,7 @@ #+HTML:

[please reload in a few minutes while the list is being updated] #+HTML: #+HTML:

diff --git a/web/donate/kudos.org b/web/donate/kudos.org index 1f1c103..4f7d9c6 100644 --- a/web/donate/kudos.org +++ b/web/donate/kudos.org @@ -6,6 +6,7 @@ #+HTML:

[please reload in a few minutes while the list is being updated] #+HTML: #+HTML:
your name

diff --git a/web/index.org b/web/index.org index 1e643c0..866e132 100644 --- a/web/index.org +++ b/web/index.org @@ -51,8 +51,6 @@ all [[file:news.org][news of previous years]] is also available. # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. -2014q2/000342.html - ** GnuPG 2.0.23 released (2014-06-03) We are pleased to announce the availability of GnuPG 2.0.23. This is ----------------------------------------------------------------------- Summary of changes: web/donate/kudos-2011.org | 1 + web/donate/kudos-2012.org | 1 + web/donate/kudos-2013.org | 1 + web/donate/kudos-2014.org | 2 ++ web/donate/kudos.org | 1 + web/index.org | 2 -- 6 files changed, 6 insertions(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 18:55:32 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 18:55:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-433-g0beec2f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0beec2f0f255a71f9d5a4a0729d0259f673e8838 (commit) from 50cd3d40aec3b94cfddec94361ed1aafc999d61b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0beec2f0f255a71f9d5a4a0729d0259f673e8838 Author: Werner Koch Date: Tue Jun 3 18:57:33 2014 +0200 gpgsm: New commands --export-secret-key-{p8,raw} * sm/gpgsm.c: Add new commands. * sm/minip12.c (build_key_sequence): Add arg mode. (p12_raw_build): New. * sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build. (gpgsm_p12_export): Ditto. (print_short_info): Print the keygrip. diff --git a/NEWS b/NEWS index da771f1..ba14079 100644 --- a/NEWS +++ b/NEWS @@ -42,6 +42,9 @@ Noteworthy changes in version 2.1.0-betaN (unreleased) * Protect against rogue keyservers sending secret keys. + * GPGSM can now be used to export a secret RSA key in PKCS#1 or + PKCS#8 format. + Noteworthy changes in version 2.1.0beta3 (2011-12-20) ----------------------------------------------------- diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 3d2594f..b38ad4d 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -259,13 +259,26 @@ certificate are only exported if all @var{pattern} are given as fingerprints or keygrips. @item --export-secret-key-p12 @var{key-id} - at opindex export + at opindex export-secret-key-p12 Export the private key and the certificate identified by @var{key-id} in -a PKCS#12 format. When using along with the @code{--armor} option a few +a PKCS#12 format. When used with the @code{--armor} option a few informational lines are prepended to the output. Note, that the PKCS#12 format is not very secure and this command is only provided if there is no other way to exchange the private key. (@pxref{option --p12-charset}) + at ifset gpgtwoone + at item --export-secret-key-p8 @var{key-id} + at itemx --export-secret-key-raw @var{key-id} + at opindex export-secret-key-p8 + at opindex export-secret-key-raw +Export the private key of the certificate identified by @var{key-id} +with any encryption stripped. The @code{...-raw} command exports in +PKCS#1 format; the @code{...-p8} command exports in PKCS#8 format. +When used with the @code{--armor} option a few informational lines are +prepended to the output. These commands are useful to prepare a key +for use on a TLS server. + at end ifset + @item --import [@var{files}] @opindex import Import the certificates from the PEM or binary encoded files as well as diff --git a/sm/export.c b/sm/export.c index 0403fe2..1dce106 100644 --- a/sm/export.c +++ b/sm/export.c @@ -60,6 +60,7 @@ static void print_short_info (ksba_cert_t cert, estream_t stream); static gpg_error_t export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen, const char *prompt, const char *keygrip, + int rawmode, void **r_result, size_t *r_resultlen); @@ -315,9 +316,14 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) } -/* Export a certificate and its private key. */ +/* Export a certificate and its private key. RAWMODE controls the + actual output: + 0 - Private key and certifciate in PKCS#12 format + 1 - Only unencrypted private key in PKCS#8 format + 2 - Only unencrypted private key in PKCS#1 format + */ void -gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream) +gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode) { gpg_error_t err = 0; KEYDB_HANDLE hd; @@ -416,13 +422,18 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream) es_putc ('\n', stream); } - if (opt.p12_charset && ctrl->create_pem) + if (opt.p12_charset && ctrl->create_pem && !rawmode) { es_fprintf (stream, "The passphrase is %s encoded.\n\n", opt.p12_charset); } - ctrl->pem_name = "PKCS12"; + if (rawmode == 0) + ctrl->pem_name = "PKCS12"; + else if (rawmode == 1) + ctrl->pem_name = "PRIVATE KEY"; + else + ctrl->pem_name = "RSA PRIVATE KEY"; err = gpgsm_create_writer (&b64writer, ctrl, stream, &writer); if (err) { @@ -431,7 +442,8 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream) } prompt = gpgsm_format_keydesc (cert); - err = export_p12 (ctrl, image, imagelen, prompt, keygrip, &data, &datalen); + err = export_p12 (ctrl, image, imagelen, prompt, keygrip, rawmode, + &data, &datalen); xfree (prompt); if (err) goto leave; @@ -513,12 +525,19 @@ print_short_info (ksba_cert_t cert, estream_t stream) xfree (p); } es_putc ('\n', stream); + + p = gpgsm_get_keygrip_hexstring (cert); + if (p) + { + es_fprintf (stream, "Keygrip ..: %s\n", p); + xfree (p); + } } -/* Parse a private key S-expression and retutn a malloced array with - the RSA paramaters in pkcs#12 order. The caller needs to +/* Parse a private key S-expression and return a malloced array with + the RSA parameters in pkcs#12 order. The caller needs to deep-release this array. */ static gcry_mpi_t * sexp_to_kparms (gcry_sexp_t sexp) @@ -587,7 +606,7 @@ sexp_to_kparms (gcry_sexp_t sexp) static gpg_error_t export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen, - const char *prompt, const char *keygrip, + const char *prompt, const char *keygrip, int rawmode, void **r_result, size_t *r_resultlen) { gpg_error_t err = 0; @@ -671,20 +690,30 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen, goto leave; } - err = gpgsm_agent_ask_passphrase - (ctrl, - i18n_utf8 ("Please enter the passphrase to protect the " - "new PKCS#12 object."), - 1, &passphrase); - if (err) - goto leave; + if (rawmode) + { + /* Export in raw mode, that is only the pkcs#1/#8 private key. */ + result = p12_raw_build (kparms, rawmode, &resultlen); + if (!result) + err = gpg_error (GPG_ERR_GENERAL); + } + else + { + err = gpgsm_agent_ask_passphrase + (ctrl, + i18n_utf8 ("Please enter the passphrase to protect the " + "new PKCS#12 object."), + 1, &passphrase); + if (err) + goto leave; - result = p12_build (kparms, certimg, certimglen, passphrase, - opt.p12_charset, &resultlen); - xfree (passphrase); - passphrase = NULL; - if (!result) - err = gpg_error (GPG_ERR_GENERAL); + result = p12_build (kparms, certimg, certimglen, passphrase, + opt.p12_charset, &resultlen); + xfree (passphrase); + passphrase = NULL; + if (!result) + err = gpg_error (GPG_ERR_GENERAL); + } leave: xfree (key); diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 3822717..01f33e3 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -74,6 +74,8 @@ enum cmd_and_opt_values { aRecvKeys, aExport, aExportSecretKeyP12, + aExportSecretKeyP8, + aExportSecretKeyRaw, aServer, aLearnCard, aCallDirmngr, @@ -208,7 +210,13 @@ static ARGPARSE_OPTS opts[] = { /*ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")),*/ ARGPARSE_c (aImport, "import", N_("import certificates")), ARGPARSE_c (aExport, "export", N_("export certificates")), + + /* We use -raw and not -p1 for pkcs#1 secret key export so that it + won't accidently be used in case -p12 was intended. */ ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"), + ARGPARSE_c (aExportSecretKeyP8, "export-secret-key-p8", "@"), + ARGPARSE_c (aExportSecretKeyRaw, "export-secret-key-raw", "@"), + ARGPARSE_c (aLearnCard, "learn-card", N_("register a smartcard")), ARGPARSE_c (aServer, "server", N_("run in server mode")), ARGPARSE_c (aCallDirmngr, "call-dirmngr", @@ -1084,6 +1092,8 @@ main ( int argc, char **argv) case aRecvKeys: case aExport: case aExportSecretKeyP12: + case aExportSecretKeyP8: + case aExportSecretKeyRaw: case aDumpKeys: case aDumpChain: case aDumpExternalKeys: @@ -1888,7 +1898,7 @@ main ( int argc, char **argv) estream_t fp = open_es_fwrite (opt.outfile?opt.outfile:"-"); if (argc == 1) - gpgsm_p12_export (&ctrl, *argv, fp); + gpgsm_p12_export (&ctrl, *argv, fp, 0); else wrong_args ("--export-secret-key-p12 KEY-ID"); if (fp != es_stdout) @@ -1896,6 +1906,32 @@ main ( int argc, char **argv) } break; + case aExportSecretKeyP8: + { + estream_t fp = open_es_fwrite (opt.outfile?opt.outfile:"-"); + + if (argc == 1) + gpgsm_p12_export (&ctrl, *argv, fp, 1); + else + wrong_args ("--export-secret-key-p8 KEY-ID"); + if (fp != es_stdout) + es_fclose (fp); + } + break; + + case aExportSecretKeyRaw: + { + estream_t fp = open_es_fwrite (opt.outfile?opt.outfile:"-"); + + if (argc == 1) + gpgsm_p12_export (&ctrl, *argv, fp, 2); + else + wrong_args ("--export-secret-key-raw KEY-ID"); + if (fp != es_stdout) + es_fclose (fp); + } + break; + case aSendKeys: case aRecvKeys: log_error ("this command has not yet been implemented\n"); diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 6c68af7..7c7ca7a 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -348,7 +348,8 @@ int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files, /*-- export.c --*/ void gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream); -void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream); +void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, + int rawmode); /*-- delete.c --*/ int gpgsm_delete (ctrl_t ctrl, strlist_t names); diff --git a/sm/minip12.c b/sm/minip12.c index c91ef22..01b91b7 100644 --- a/sm/minip12.c +++ b/sm/minip12.c @@ -1,5 +1,6 @@ /* minip12.c - A minimal pkcs-12 implementation. * Copyright (C) 2002, 2003, 2004, 2006, 2011 Free Software Foundation, Inc. + * Copyright (C) 2014 Werner Koch * * This file is part of GnuPG. * @@ -1891,10 +1892,15 @@ create_final (struct buffer_s *sequences, const char *pw, size_t *r_length) } } } + + MODE controls what is being generated: + 0 - As described above + 1 - Ditto but without the padding + 2 - Only the inner part (pkcs#1) */ static unsigned char * -build_key_sequence (gcry_mpi_t *kparms, size_t *r_length) +build_key_sequence (gcry_mpi_t *kparms, int mode, size_t *r_length) { int rc, i; size_t needed, n; @@ -1902,7 +1908,7 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length) size_t plainlen; size_t outseqlen, oidseqlen, octstrlen, inseqlen; - needed = 3; /* The version(?) integer of value 0. */ + needed = 3; /* The version integer with value 0. */ for (i=0; kparms[i]; i++) { n = 0; @@ -1929,23 +1935,27 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length) if (!n) return NULL; needed += n; - /* Encapsulate all into an octet string. */ - octstrlen = needed; - n = compute_tag_length (needed); - if (!n) - return NULL; - needed += n; - /* Prepend the object identifier sequence. */ - oidseqlen = 2 + DIM (oid_rsaEncryption) + 2; - needed += 2 + oidseqlen; - /* The version number. */ - needed += 3; - /* And finally put the whole thing into a sequence. */ - outseqlen = needed; - n = compute_tag_length (needed); - if (!n) - return NULL; - needed += n; + + if (mode != 2) + { + /* Encapsulate all into an octet string. */ + octstrlen = needed; + n = compute_tag_length (needed); + if (!n) + return NULL; + needed += n; + /* Prepend the object identifier sequence. */ + oidseqlen = 2 + DIM (oid_rsaEncryption) + 2; + needed += 2 + oidseqlen; + /* The version number. */ + needed += 3; + /* And finally put the whole thing into a sequence. */ + outseqlen = needed; + n = compute_tag_length (needed); + if (!n) + return NULL; + needed += n; + } /* allocate 8 extra bytes for padding */ plain = gcry_malloc_secure (needed+8); @@ -1957,20 +1967,24 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length) /* And now fill the plaintext buffer. */ p = plain; - p = store_tag_length (p, TAG_SEQUENCE, outseqlen); - /* Store version. */ - *p++ = TAG_INTEGER; - *p++ = 1; - *p++ = 0; - /* Store object identifier sequence. */ - p = store_tag_length (p, TAG_SEQUENCE, oidseqlen); - p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_rsaEncryption)); - memcpy (p, oid_rsaEncryption, DIM (oid_rsaEncryption)); - p += DIM (oid_rsaEncryption); - *p++ = TAG_NULL; - *p++ = 0; - /* Start with the octet string. */ - p = store_tag_length (p, TAG_OCTET_STRING, octstrlen); + if (mode != 2) + { + p = store_tag_length (p, TAG_SEQUENCE, outseqlen); + /* Store version. */ + *p++ = TAG_INTEGER; + *p++ = 1; + *p++ = 0; + /* Store object identifier sequence. */ + p = store_tag_length (p, TAG_SEQUENCE, oidseqlen); + p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_rsaEncryption)); + memcpy (p, oid_rsaEncryption, DIM (oid_rsaEncryption)); + p += DIM (oid_rsaEncryption); + *p++ = TAG_NULL; + *p++ = 0; + /* Start with the octet string. */ + p = store_tag_length (p, TAG_OCTET_STRING, octstrlen); + } + p = store_tag_length (p, TAG_SEQUENCE, inseqlen); /* Store the key parameters. */ *p++ = TAG_INTEGER; @@ -2003,10 +2017,14 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length) plainlen = p - plain; assert (needed == plainlen); - /* Append some pad characters; we already allocated extra space. */ - n = 8 - plainlen % 8; - for (i=0; i < n; i++, plainlen++) - *p++ = n; + + if (!mode) + { + /* Append some pad characters; we already allocated extra space. */ + n = 8 - plainlen % 8; + for (i=0; i < n; i++, plainlen++) + *p++ = n; + } *r_length = plainlen; return plain; @@ -2459,7 +2477,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen, if (kparms) { /* Encode the key. */ - buffer = build_key_sequence (kparms, &buflen); + buffer = build_key_sequence (kparms, 0, &buflen); if (!buffer) goto failure; @@ -2502,6 +2520,24 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen, } +/* This is actually not a pkcs#12 function but one which creates an + unencrypted a pkcs#1 private key. */ +unsigned char * +p12_raw_build (gcry_mpi_t *kparms, int rawmode, size_t *r_length) +{ + unsigned char *buffer; + size_t buflen; + + assert (rawmode == 1 || rawmode == 2); + buffer = build_key_sequence (kparms, rawmode, &buflen); + if (!buffer) + return NULL; + + *r_length = buflen; + return buffer; +} + + #ifdef TEST static void diff --git a/sm/minip12.h b/sm/minip12.h index 27f24f5..7a1950f 100644 --- a/sm/minip12.h +++ b/sm/minip12.h @@ -31,6 +31,9 @@ unsigned char *p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen, const char *pw, const char *charset, size_t *r_length); +unsigned char *p12_raw_build (gcry_mpi_t *kparms, + int rawmode, + size_t *r_length); #endif /*MINIP12_H*/ ----------------------------------------------------------------------- Summary of changes: NEWS | 3 ++ doc/gpgsm.texi | 17 ++++++++- sm/export.c | 71 ++++++++++++++++++++++++----------- sm/gpgsm.c | 38 ++++++++++++++++++- sm/gpgsm.h | 3 +- sm/minip12.c | 112 +++++++++++++++++++++++++++++++++++++------------------- sm/minip12.h | 3 ++ 7 files changed, 184 insertions(+), 63 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 18:56:15 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 18:56:15 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-434-gd89dc69 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d89dc6917ee31dcb8a80e8e9f20c595815ed7165 (commit) from 0beec2f0f255a71f9d5a4a0729d0259f673e8838 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d89dc6917ee31dcb8a80e8e9f20c595815ed7165 Author: Werner Koch Date: Tue Jun 3 18:58:35 2014 +0200 artwork: Add 128x128 variant of the logo. -- diff --git a/artwork/gnupg-badge-128x128.png b/artwork/gnupg-badge-128x128.png new file mode 100644 index 0000000..5116ec8 Binary files /dev/null and b/artwork/gnupg-badge-128x128.png differ ----------------------------------------------------------------------- Summary of changes: artwork/gnupg-badge-128x128.png | Bin 0 -> 8658 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 artwork/gnupg-badge-128x128.png hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 3 21:46:22 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Jun 2014 21:46:22 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-435-gbe07ed6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via be07ed65e169a7ec3fbecdb1abf988fc0245d9ff (commit) from d89dc6917ee31dcb8a80e8e9f20c595815ed7165 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit be07ed65e169a7ec3fbecdb1abf988fc0245d9ff Author: Werner Koch Date: Tue Jun 3 21:35:59 2014 +0200 Add new option --with-secret. * g10/gpg.c: Add option --with-secret. * g10/options.h (struct opt): Add field with_secret. * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all and list_one. (list_all, list_one): Add arg mark_secret. (list_keyblock_colon): Add arg has_secret. * sm/gpgsm.c: Add option --with-secret. * sm/server.c (option_handler): Add option "with-secret". * sm/gpgsm.h (server_control_s): Add field with_secret. * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move the token string from the wrong field 14 to 15. -- This option is useful for key managers which need to know whether a key has a secret key. This change allows to collect this information in one pass. diff --git a/NEWS b/NEWS index ba14079..38c5391 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,8 @@ Noteworthy changes in version 2.1.0-betaN (unreleased) * New option --enable-pinpad-varlen for scdaemon. + * New option --with-secret for GPG and GPGSM. + * Rename option --disable-pinpad for scdaemon (was: --disable-keypad). * Better support fo CCID readers. Now, internal CCID driver supports diff --git a/doc/DETAILS b/doc/DETAILS index 03c200e..17c417e 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -194,7 +194,8 @@ described here. Used in sec/sbb to print the serial number of a token (internal protect mode 1002) or a '#' if that key is a simple stub (internal - protect mode 1001) + protect mode 1001). If the option --with-secret is used and a + secret key is available for the public key, a '+' indicates this. *** Field 16 - Hash algorithm diff --git a/doc/gpg.texi b/doc/gpg.texi index 9463bb5..71a3107 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2127,6 +2127,12 @@ of the output and may be used together with another command. @item --with-keygrip @opindex with-keygrip Include the keygrip in the key listings. + + at item --with-secret + at opindex with-secret +Include info about the presence of a secret key in public key listings +done with @code{--with-colons}. + @end ifset @end table diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index b38ad4d..078d2ad 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -581,6 +581,13 @@ certificate. Include the keygrip in standard key listings. Note that the keygrip is always listed in --with-colons mode. + at ifset gpgtwoone + at item --with-secret + at opindex with-secret +Include info about the presence of a secret key in public key listings +done with @code{--with-colons}. + at end ifset + @end table @c ******************************************* diff --git a/g10/call-agent.c b/g10/call-agent.c index 42cc9ea..1b30b7f 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1475,7 +1475,7 @@ agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk) return err; } -/* Ask the agent whether a secret key is availabale for any of the +/* Ask the agent whether a secret key is available for any of the keys (primary or sub) in KEYBLOCK. Returns 0 if available. */ gpg_error_t agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock) diff --git a/g10/gpg.c b/g10/gpg.c index fa3e8c2..bd4ca40 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -176,6 +176,7 @@ enum cmd_and_opt_values oFingerprint, oWithFingerprint, oWithKeygrip, + oWithSecret, oAnswerYes, oAnswerNo, oKeyring, @@ -705,6 +706,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"), ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"), ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), + ARGPARSE_s_n (oWithSecret, "with-secret", "@"), ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"), ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"), ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"), @@ -2386,6 +2388,10 @@ main (int argc, char **argv) opt.with_keygrip = 1; break; + case oWithSecret: + opt.with_secret = 1; + break; + case oSecretKeyring: /* Ignore this old option. */ break; diff --git a/g10/keygen.c b/g10/keygen.c index 0c95435..5c898cc 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3974,7 +3974,7 @@ do_generate_keypair (struct para_data_s *para, { tty_printf (_("public and secret key created and signed.\n") ); tty_printf ("\n"); - list_keyblock (pub_root, 0, 1, NULL); + list_keyblock (pub_root, 0, 1, 1, NULL); } diff --git a/g10/keylist.c b/g10/keylist.c index 1ecfce9..7d9fe23 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -43,8 +43,8 @@ #include "status.h" #include "call-agent.h" -static void list_all (int); -static void list_one (strlist_t names, int secret); +static void list_all (int, int); +static void list_one (strlist_t names, int secret, int mark_secret); static void locate_one (ctrl_t ctrl, strlist_t names); static void print_card_serialno (const char *serialno); @@ -114,9 +114,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode) if (locate_mode) locate_one (ctrl, list); else if (!list) - list_all (0); + list_all (0, opt.with_secret); else - list_one (list, 0); + list_one (list, 0, opt.with_secret); } @@ -128,9 +128,9 @@ secret_key_list (ctrl_t ctrl, strlist_t list) check_trustdb_stale (); if (!list) - list_all (1); + list_all (1, 0); else /* List by user id */ - list_one (list, 1); + list_one (list, 1, 0); } void @@ -427,12 +427,17 @@ print_signature_stats (struct sig_stats *s) tty_printf (_("%d signatures not checked due to errors\n"), s->oth_err); } + +/* List all keys. If SECRET is true only secret keys are listed. If + MARK_SECRET is true secret keys are indicated in a public key + listing. */ static void -list_all (int secret) +list_all (int secret, int mark_secret) { KEYDB_HANDLE hd; KBNODE keyblock = NULL; int rc = 0; + int any_secret; const char *lastresname, *resname; struct sig_stats stats; @@ -459,7 +464,13 @@ list_all (int secret) log_error ("keydb_get_keyblock failed: %s\n", g10_errstr (rc)); goto leave; } - if (secret && agent_probe_any_secret_key (NULL, keyblock)) + + if (secret || mark_secret) + any_secret = !agent_probe_any_secret_key (NULL, keyblock); + else + any_secret = 0; + + if (secret && !any_secret) ; /* Secret key listing requested but this isn't one. */ else { @@ -478,7 +489,7 @@ list_all (int secret) } } merge_keys_and_selfsig (keyblock); - list_keyblock (keyblock, secret, opt.fingerprint, + list_keyblock (keyblock, secret, any_secret, opt.fingerprint, opt.check_sigs ? &stats : NULL); } release_kbnode (keyblock); @@ -498,7 +509,7 @@ leave: static void -list_one (strlist_t names, int secret) +list_one (strlist_t names, int secret, int mark_secret) { int rc = 0; KBNODE keyblock = NULL; @@ -537,7 +548,7 @@ list_one (strlist_t names, int secret) es_putc ('-', es_stdout); es_putc ('\n', es_stdout); } - list_keyblock (keyblock, secret, opt.fingerprint, + list_keyblock (keyblock, secret, mark_secret, opt.fingerprint, (!secret && opt.check_sigs)? &stats : NULL); release_kbnode (keyblock); } @@ -572,7 +583,7 @@ locate_one (ctrl_t ctrl, strlist_t names) { do { - list_keyblock (keyblock, 0, opt.fingerprint, + list_keyblock (keyblock, 0, 0, opt.fingerprint, opt.check_sigs ? &stats : NULL); release_kbnode (keyblock); } @@ -1128,8 +1139,12 @@ print_revokers (estream_t fp, PKT_public_key * pk) } } + +/* List a key in colon mode. If SECRET is true this is a secret key + record (i.e. requested via --list-secret-key). If HAS_SECRET a + secret key is available even if SECRET is not set. */ static void -list_keyblock_colon (KBNODE keyblock, int secret, int fpr) +list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr) { int rc; KBNODE kbctx; @@ -1154,14 +1169,14 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr) } pk = node->pkt->pkt.public_key; - if (secret || opt.with_keygrip || opt.with_key_data) + if (secret || has_secret || opt.with_keygrip || opt.with_key_data) { rc = hexkeygrip_from_pk (pk, &hexgrip); if (rc) log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); } stubkey = 0; - if (secret && agent_get_keyinfo (NULL, hexgrip, &serialno)) + if ((secret||has_secret) && agent_get_keyinfo (NULL, hexgrip, &serialno)) stubkey = 1; /* Key not found. */ keyid_from_pk (pk, keyid); @@ -1197,12 +1212,14 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr) print_capabilities (pk, keyblock); es_putc (':', es_stdout); /* End of field 13. */ es_putc (':', es_stdout); /* End of field 14. */ - if (secret) + if (secret || has_secret) { if (stubkey) es_putc ('#', es_stdout); else if (serialno) es_fputs (serialno, es_stdout); + else if (has_secret) + es_putc ('+', es_stdout); } es_putc (':', es_stdout); /* End of field 15. */ es_putc (':', es_stdout); /* End of field 16. */ @@ -1286,7 +1303,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr) pk2 = node->pkt->pkt.public_key; xfree (hexgrip); hexgrip = NULL; xfree (serialno); serialno = NULL; - if (secret || opt.with_keygrip || opt.with_key_data) + if (secret || has_secret || opt.with_keygrip || opt.with_key_data) { rc = hexkeygrip_from_pk (pk2, &hexgrip); if (rc) @@ -1294,7 +1311,8 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr) gpg_strerror (rc)); } stubkey = 0; - if (secret && agent_get_keyinfo (NULL, hexgrip, &serialno)) + if ((secret||has_secret) + && agent_get_keyinfo (NULL, hexgrip, &serialno)) stubkey = 1; /* Key not found. */ keyid_from_pk (pk2, keyid2); @@ -1323,12 +1341,14 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr) print_capabilities (pk2, NULL); es_putc (':', es_stdout); /* End of field 13. */ es_putc (':', es_stdout); /* End of field 14. */ - if (secret) + if (secret || has_secret) { if (stubkey) es_putc ('#', es_stdout); else if (serialno) es_fputs (serialno, es_stdout); + else if (has_secret) + es_putc ('+', es_stdout); } es_putc (':', es_stdout); /* End of field 15. */ es_putc (':', es_stdout); /* End of field 16. */ @@ -1529,11 +1549,12 @@ reorder_keyblock (KBNODE keyblock) } void -list_keyblock (KBNODE keyblock, int secret, int fpr, void *opaque) +list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr, + void *opaque) { reorder_keyblock (keyblock); if (opt.with_colons) - list_keyblock_colon (keyblock, secret, fpr); + list_keyblock_colon (keyblock, secret, has_secret, fpr); else list_keyblock_print (keyblock, secret, fpr, opaque); } diff --git a/g10/main.h b/g10/main.h index d8b9a4d..2802cb5 100644 --- a/g10/main.h +++ b/g10/main.h @@ -327,7 +327,8 @@ void public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode ); void secret_key_list (ctrl_t ctrl, strlist_t list ); void print_subpackets_colon(PKT_signature *sig); void reorder_keyblock (KBNODE keyblock); -void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque ); +void list_keyblock (kbnode_t keyblock, int secret, int has_secret, + int fpr, void *opaque); void print_fingerprint (estream_t fp, PKT_public_key *pk, int mode); void print_revokers (estream_t fp, PKT_public_key *pk); void show_policy_url(PKT_signature *sig,int indent,int mode); diff --git a/g10/options.h b/g10/options.h index c622a46..0a604f9 100644 --- a/g10/options.h +++ b/g10/options.h @@ -68,6 +68,7 @@ struct int with_key_data; int with_fingerprint; /* Option --with-fingerprint active. */ int with_keygrip; /* Option --with-keygrip active. */ + int with_secret; /* Option --with-secret active. */ int fingerprint; /* list fingerprints */ int list_sigs; /* list signatures */ int no_armor; diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 01f33e3..c813336 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -148,6 +148,7 @@ enum cmd_and_opt_values { oWithFingerprint, oWithMD5Fingerprint, oWithKeygrip, + oWithSecret, oAnswerYes, oAnswerNo, oKeyring, @@ -383,6 +384,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"), ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"), ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), + ARGPARSE_s_n (oWithSecret, "with-secret", "@"), ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"), ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"), ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"), @@ -1333,6 +1335,7 @@ main ( int argc, char **argv) case oWithKeyData: opt.with_key_data=1; /* fall thru */ case oWithColons: ctrl.with_colons = 1; break; + case oWithSecret: ctrl.with_secret = 1; break; case oWithValidation: ctrl.with_validation=1; break; case oWithEphemeralKeys: ctrl.with_ephemeral_keys=1; break; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 7c7ca7a..83918cc 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -177,6 +177,7 @@ struct server_control_s accessed. */ int with_colons; /* Use column delimited output format */ + int with_secret; /* Mark secret keys in a public key listing. */ int with_chain; /* Include the certifying certs in a listing */ int with_validation;/* Validate each key while listing. */ int with_ephemeral_keys; /* Include ephemeral flagged keys in the diff --git a/sm/keylist.c b/sm/keylist.c index f96c03f..dab1295 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -457,7 +457,6 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, algo = gpgsm_get_key_algo_info (cert, &nbits); es_fprintf (fp, ":%u:%d:%s:", nbits, algo, fpr+24); - /* We assume --fixed-list-mode for gpgsm */ ksba_cert_get_validity (cert, 0, t); print_time (t, fp); es_putc (':', fp); @@ -495,19 +494,24 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, es_putc (':', fp); /* Field 12, capabilities: */ print_capabilities (cert, fp); + es_putc (':', fp); /* Field 13, not used: */ es_putc (':', fp); - if (have_secret) + if (have_secret || ctrl->with_secret) { char *cardsn; p = gpgsm_get_keygrip_hexstring (cert); - if (!gpgsm_agent_keyinfo (ctrl, p, &cardsn) && cardsn) + if (!gpgsm_agent_keyinfo (ctrl, p, &cardsn) + && (cardsn || ctrl->with_secret)) { /* Field 14, not used: */ es_putc (':', fp); - /* Field 15: Token serial number. */ - es_fputs (cardsn, fp); + /* Field 15: Token serial number or secret key indicator. */ + if (cardsn) + es_fputs (cardsn, fp); + else if (ctrl->with_secret) + es_putc ('+', fp); es_putc (':', fp); } xfree (cardsn); diff --git a/sm/server.c b/sm/server.c index 201a34b..f399c8e 100644 --- a/sm/server.c +++ b/sm/server.c @@ -274,6 +274,11 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) int i = *value? atoi (value) : 0; ctrl->with_validation = i; } + else if (!strcmp (key, "with-validation")) + { + int i = *value? atoi (value) : 0; + ctrl->with_secret = i; + } else if (!strcmp (key, "validation-model")) { int i = gpgsm_parse_validation_model (value); ----------------------------------------------------------------------- Summary of changes: NEWS | 2 ++ doc/DETAILS | 3 ++- doc/gpg.texi | 6 ++++++ doc/gpgsm.texi | 7 ++++++ g10/call-agent.c | 2 +- g10/gpg.c | 6 ++++++ g10/keygen.c | 2 +- g10/keylist.c | 63 ++++++++++++++++++++++++++++++++++++------------------ g10/main.h | 3 ++- g10/options.h | 1 + sm/gpgsm.c | 3 +++ sm/gpgsm.h | 1 + sm/keylist.c | 14 +++++++----- sm/server.c | 5 +++++ 14 files changed, 88 insertions(+), 30 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 4 08:48:34 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 04 Jun 2014 08:48:34 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-436-g09a2d4e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 09a2d4ec74d352dcb4f006aab60b07bc4f5f1a37 (commit) from be07ed65e169a7ec3fbecdb1abf988fc0245d9ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 09a2d4ec74d352dcb4f006aab60b07bc4f5f1a37 Author: Werner Koch Date: Wed Jun 4 08:50:10 2014 +0200 gpgsm: Fix commit be07ed65. * sm/server.c (option_handler): Use "with-secret". diff --git a/sm/server.c b/sm/server.c index f399c8e..978e70a 100644 --- a/sm/server.c +++ b/sm/server.c @@ -274,7 +274,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) int i = *value? atoi (value) : 0; ctrl->with_validation = i; } - else if (!strcmp (key, "with-validation")) + else if (!strcmp (key, "with-secret")) { int i = *value? atoi (value) : 0; ctrl->with_secret = i; ----------------------------------------------------------------------- Summary of changes: sm/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 4 10:00:15 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 04 Jun 2014 10:00:15 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.0-2-g4dc9af2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 4dc9af24156b4fd52c7b76e7522b9b7a64e5386a (commit) from ee0f17736ec18074700ae83cdf6821e5f8c19c7c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4dc9af24156b4fd52c7b76e7522b9b7a64e5386a Author: Werner Koch Date: Wed Jun 4 09:57:54 2014 +0200 Add new keylist mode GPGME_KEYLIST_MODE_WITH_SECRET. * src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_SECRET): New. * src/engine-gpg.c (gpg_keylist_build_options): Handle new mode. * src/engine-gpgsm.c (gpgsm_keylist, gpgsm_keylist_ext): Ditto. * src/keylist.c (parse_sec_field15): Add arg key and take care of --with-secret output. * src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Add "with_secret". Print card info and and secret flag for subkeys. -- Note: This mode may only be used with GnuPG >= 2.1. diff --git a/NEWS b/NEWS index b7a6227..c6a8f52 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ Noteworthy changes in version 1.5.1 (unreleased) [C__/A__/R_] ------------------------------------------------------------- + * Add support for GnuPG 2.1's --with-secret option. + + * Interface changes relative to the 1.5.0 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GPGME_KEYLIST_MODE_WITH_SECRET NEW. + Noteworthy changes in version 1.5.0 (2014-05-21) [C23/A12/R0] ------------------------------------------------------------- diff --git a/doc/gpgme.texi b/doc/gpgme.texi index e326574..1f4a9e1 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -2472,6 +2472,13 @@ signature notations on key signatures should be included in the listed keys. This only works if @code{GPGME_KEYLIST_MODE_SIGS} is also enabled. + at item GPGME_KEYLIST_MODE_WITH_SECRET +The @code{GPGME_KEYLIST_MODE_WITH_SECRET} returns information about +the presence of a corresponding secret key in a public key listing. A +public key listing with this mode is slower than a standard listing +but can be used instead of a second run to list the secret keys. This +is only supported for GnuPG versions >= 2.1. + @item GPGME_KEYLIST_MODE_EPHEMERAL The @code{GPGME_KEYLIST_MODE_EPHEMERAL} symbol specifies that keys flagged as ephemeral are included in the listing. @@ -2712,9 +2719,11 @@ This is true if the subkey can be used for qualified signatures according to local government regulations. @item unsigned int secret : 1 -This is true if the subkey is a secret key. Note that it will be false -if the key is actually a stub key; i.e. a secret key operation is -currently not possible (offline-key). +This is true if the subkey is a secret key. Note that it will be +false if the key is actually a stub key; i.e. a secret key operation +is currently not possible (offline-key). This is only set if a +listing of secret keys has been requested or if + at code{GPGME_KEYLIST_MODE_WITH_SECRET} is active. @item gpgme_pubkey_algo_t pubkey_algo This is the public key algorithm supported by this subkey. @@ -2905,9 +2914,10 @@ This is true if the key can be used for qualified signatures according to local government regulations. @item unsigned int secret : 1 -This is true if the key is a secret key. Note, that this will always be -true even if the corresponding subkey flag may be false (offline/stub -keys). +This is true if the key is a secret key. Note, that this will always +be true even if the corresponding subkey flag may be false +(offline/stub keys). This is only set if a listing of secret keys has +been requested or if @code{GPGME_KEYLIST_MODE_WITH_SECRET} is active. @item gpgme_protocol_t protocol This is the protocol supported by this key. diff --git a/src/engine-gpg.c b/src/engine-gpg.c index ede098e..4df0f3e 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2194,6 +2194,8 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only, err = add_arg (gpg, "--with-fingerprint"); if (!err) err = add_arg (gpg, "--with-fingerprint"); + if (!err && (mode & GPGME_KEYLIST_MODE_WITH_SECRET)) + err = add_arg (gpg, "--with-secret"); if (!err && (mode & GPGME_KEYLIST_MODE_SIGS) && (mode & GPGME_KEYLIST_MODE_SIG_NOTATIONS)) diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 710bf14..8ec1598 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1551,7 +1551,7 @@ gpgsm_keylist (void *engine, const char *pattern, int secret_only, the agent. However on a fresh installation no public keys are available and thus there is no need for gpgsm to ask the agent whether a secret key exists for the public key. */ - if (secret_only) + if (secret_only || (mode & GPGME_KEYLIST_MODE_WITH_SECRET)) gpgsm_assuan_simple_command (gpgsm->assuan_ctx, "GETINFO agent-check", NULL, NULL); @@ -1580,6 +1580,11 @@ gpgsm_keylist (void *engine, const char *pattern, int secret_only, "OPTION with-ephemeral-keys=1": "OPTION with-ephemeral-keys=0" , NULL, NULL); + gpgsm_assuan_simple_command (gpgsm->assuan_ctx, + (mode & GPGME_KEYLIST_MODE_WITH_SECRET)? + "OPTION with-secret=1": + "OPTION with-secret=0" , + NULL, NULL); /* Length is "LISTSECRETKEYS " + p + '\0'. */ @@ -1645,6 +1650,11 @@ gpgsm_keylist_ext (void *engine, const char *pattern[], int secret_only, "OPTION with-validation=1": "OPTION with-validation=0" , NULL, NULL); + gpgsm_assuan_simple_command (gpgsm->assuan_ctx, + (mode & GPGME_KEYLIST_MODE_WITH_SECRET)? + "OPTION with-secret=1": + "OPTION with-secret=0" , + NULL, NULL); if (pattern && *pattern) diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index be8ed07..f02fffa 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -1861,6 +1861,8 @@ gt_get_keylist_mode (gpgme_tool_t gt) modes[idx++] = "sigs"; if (mode & GPGME_KEYLIST_MODE_SIG_NOTATIONS) modes[idx++] = "sig_notations"; + if (mode & GPGME_KEYLIST_MODE_WITH_SECRET) + modes[idx++] = "with_secret"; if (mode & GPGME_KEYLIST_MODE_EPHEMERAL) modes[idx++] = "ephemeral"; if (mode & GPGME_KEYLIST_MODE_VALIDATE) @@ -2591,6 +2593,8 @@ cmd_keylist_mode (assuan_context_t ctx, char *line) mode |= GPGME_KEYLIST_MODE_SIGS; if (strstr (line, "sig_notations")) mode |= GPGME_KEYLIST_MODE_SIG_NOTATIONS; + if (strstr (line, "with_secret")) + mode |= GPGME_KEYLIST_MODE_WITH_SECRET; if (strstr (line, "ephemeral")) mode |= GPGME_KEYLIST_MODE_EPHEMERAL; if (strstr (line, "validate")) @@ -3299,6 +3303,12 @@ cmd_keylist (assuan_context_t ctx, char *line) result_xml_tag_start (&state, "subkey", NULL); /* FIXME: more data */ result_add_fpr (&state, "fpr", subkey->fpr); + result_add_value (&state, "secret", subkey->secret); + result_add_value (&state, "is_cardkey", subkey->is_cardkey); + if (subkey->card_number) + result_add_string (&state, "card_number", subkey->card_number); + if (subkey->curve) + result_add_string (&state, "curve", subkey->curve); result_xml_tag_end (&state); /* subkey */ subkey = subkey->next; } diff --git a/src/gpgme.h.in b/src/gpgme.h.in index d47f4ba..15ed803 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -370,6 +370,7 @@ gpgme_protocol_t; #define GPGME_KEYLIST_MODE_EXTERN 2 #define GPGME_KEYLIST_MODE_SIGS 4 #define GPGME_KEYLIST_MODE_SIG_NOTATIONS 8 +#define GPGME_KEYLIST_MODE_WITH_SECRET 16 #define GPGME_KEYLIST_MODE_EPHEMERAL 128 #define GPGME_KEYLIST_MODE_VALIDATE 256 diff --git a/src/keylist.c b/src/keylist.c index 582b241..36ee3ea 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -367,7 +367,7 @@ set_ownertrust (gpgme_key_t key, const char *src) reference to smartcards. FIELD is the content of the field and we are allowed to modify it. */ static gpg_error_t -parse_sec_field15 (gpgme_subkey_t subkey, char *field) +parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field) { if (!*field) ; /* Empty. */ @@ -375,17 +375,25 @@ parse_sec_field15 (gpgme_subkey_t subkey, char *field) { /* This is a stub for an offline key. We reset the SECRET flag of the subkey here. Note that the secret flag of the entire - key will be true even then. */ + key will be true even then. We even explicitly set + key->secret to make it works for GPGME_KEYLIST_MODE_WITH_SECRET. */ subkey->secret = 0; + key->secret = 1; } else if (strchr ("01234567890ABCDEFabcdef", *field)) { /* Fields starts with a hex digit; thus it is a serial number. */ + key->secret = 1; subkey->is_cardkey = 1; subkey->card_number = strdup (field); if (!subkey->card_number) return gpg_error_from_syserror (); } + else if (*field == '+') + { + key->secret = 1; + subkey->secret = 1; + } else { /* RFU. */ @@ -578,9 +586,11 @@ keylist_colon_handler (void *priv, char *line) set_mainkey_capability (key, field[11]); /* Field 15 carries special flags of a secret key. */ - if (fields >= 15 && key->secret) + if (fields >= 15 + && (key->secret + || (ctx->keylist_mode & GPGME_KEYLIST_MODE_WITH_SECRET))) { - err = parse_sec_field15 (subkey, field[14]); + err = parse_sec_field15 (key, subkey, field[14]); if (err) return err; } @@ -649,9 +659,11 @@ keylist_colon_handler (void *priv, char *line) set_subkey_capability (subkey, field[11]); /* Field 15 carries special flags of a secret key. */ - if (fields >= 15 && key->secret) + if (fields >= 15 + && (key->secret + || (ctx->keylist_mode & GPGME_KEYLIST_MODE_WITH_SECRET))) { - err = parse_sec_field15 (subkey, field[14]); + err = parse_sec_field15 (key, subkey, field[14]); if (err) return err; } ----------------------------------------------------------------------- Summary of changes: NEWS | 6 ++++++ doc/gpgme.texi | 22 ++++++++++++++++------ src/engine-gpg.c | 2 ++ src/engine-gpgsm.c | 12 +++++++++++- src/gpgme-tool.c | 10 ++++++++++ src/gpgme.h.in | 1 + src/keylist.c | 24 ++++++++++++++++++------ 7 files changed, 64 insertions(+), 13 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 5 12:08:05 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 05 Jun 2014 12:08:05 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-438-g9c9e26d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9c9e26d41e7d65711da8dbf1afa452254749621c (commit) via 4f0625889b768eabdec52696bf15059a9e8d9c02 (commit) from 09a2d4ec74d352dcb4f006aab60b07bc4f5f1a37 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9c9e26d41e7d65711da8dbf1afa452254749621c Author: Werner Koch Date: Thu Jun 5 12:03:27 2014 +0200 gpg: Require confirmation for --gen-key with experimental curves. * g10/keygen.c (ask_curve): Add arg both. Require confirmation for Curve25519. diff --git a/g10/keygen.c b/g10/keygen.c index 5c898cc..af54c3f 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2088,9 +2088,9 @@ ask_keysize (int algo, unsigned int primary_keysize) /* Ask for the curve. ALGO is the selected algorithm which this function may adjust. Returns a malloced string with the name of - the curve. */ + the curve. BOTH tells that gpg creates a primary and subkey. */ static char * -ask_curve (int *algo) +ask_curve (int *algo, int both) { struct { const char *name; @@ -2119,6 +2119,7 @@ ask_curve (int *algo) tty_printf (_("Please select which elliptic curve you want:\n")); + again: keyparms = NULL; for (idx=0; idx < DIM(curves); idx++) { @@ -2140,6 +2141,19 @@ ask_curve (int *algo) continue; if (!gcry_pk_get_curve (keyparms, 0, NULL)) continue; + if (both && curves[idx].fix_curve) + { + /* Both Curve 25519 keys are to be created. Check that + Libgcrypt also supports the real Curve25519. */ + gcry_sexp_release (keyparms); + rc = gcry_sexp_build (&keyparms, NULL, + "(public-key(ecc(curve %s)))", + curves[idx].name); + if (rc) + continue; + if (!gcry_pk_get_curve (keyparms, 0, NULL)) + continue; + } curves[idx].available = 1; tty_printf (" (%d) %s\n", idx + 1, @@ -2178,10 +2192,16 @@ ask_curve (int *algo) else { if (curves[idx].fix_curve) - log_info ("WARNING: Curve25519 is an experimental algorithm and" - " not yet specified by OpenPGP. The current" - " implementation may change with the next GnuPG release" - " and thus rendering the key unusable!\n"); + { + log_info ("WARNING: Curve25519 is an experimental algorithm" + " and not yet standardized.\n"); + log_info (" The key format will eventually change" + " and render this key unusable!\n\n"); + + if (!cpr_get_answer_is_yes("experimental_curve.override", + "Use this curve anyway? (y/N) ") ) + goto again; + } /* If the user selected a signing algorithm and Curve25519 we need to update the algo and and the curve name. */ @@ -3485,7 +3505,7 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno, || algo == PUBKEY_ALGO_EDDSA || algo == PUBKEY_ALGO_ECDH) { - curve = ask_curve (&algo); + curve = ask_curve (&algo, both); r = xmalloc_clear( sizeof *r + 20 ); r->key = pKEYTYPE; sprintf( r->u.value, "%d", algo); @@ -3551,12 +3571,12 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno, else /* Create only a single key. */ { /* For ECC we need to ask for the curve before storing the - algo becuase ask_curve may change the algo. */ + algo because ask_curve may change the algo. */ if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA || algo == PUBKEY_ALGO_ECDH) { - curve = ask_curve (&algo); + curve = ask_curve (&algo, 0); nbits = 0; r = xmalloc_clear (sizeof *r + strlen (curve)); r->key = pKEYCURVE; @@ -4086,7 +4106,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock) else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA || algo == PUBKEY_ALGO_ECDH) - curve = ask_curve (&algo); + curve = ask_curve (&algo, 0); else nbits = ask_keysize (algo, 0); commit 4f0625889b768eabdec52696bf15059a9e8d9c02 Author: Werner Koch Date: Thu Jun 5 11:19:59 2014 +0200 gpg: Auto-migrate existing secring.gpg. * g10/migrate.c: New. * g10/import.c (import_old_secring): New. (import_one): Add arg silent. (transfer_secret_keys): Add arg batch. (import_secret_one): Add args batch and for_migration. * g10/gpg.c (main): Call migration function. diff --git a/README b/README index c64a14e..fd20d40 100644 --- a/README +++ b/README @@ -85,21 +85,10 @@ MIGRATION FROM 1.4 or 2.0 to 2.1 The major change in 2.1 is gpg-agent taking care of the OpenPGP secret keys (those managed by GPG). The former file "secring.gpg" will not be used anymore. Newly generated keys are stored in the agent's key -store directory "~/.gnupg/private-keys-v1.d/". - -To migrate your existing keys you need to run the command - - gpg2 --batch --import ~/.gnupg/secring.gpg - -Secret keys already imported are skipped by this command. It is -advisable to keep the secring.gpg for use with older versions of GPG. - -The use of "--batch" with "--import" is highly recommended. If you do -not use "--batch" the agent would ask for the passphrase of each key. -In this case you may use the Cancel button of the Pinentry to skip -importing this key. If you want to stop the enite import process and -you use a decent version of Pinentry, you should close the Pinentry -window instead of hitting the Cancel button. +store directory "~/.gnupg/private-keys-v1.d/". The first time gpg +needs a secret key it checks whether a "secring.gpg" exists and +copies them to the new store. The old secring.gpg is kept for use by +older versions of gpg. Note that gpg-agent now uses a fixed socket by default. All tools will start the gpg-agent as needed. In general there is no more need @@ -111,11 +100,11 @@ of the card related sub-commands of --edit-key are not yet fully supported. However, signing and decryption with a smartcard does work. -The Dirmngr is now part of GnuPG proper. Thus there is no more need -to install the separate dirmngr package. The directroy layout of -Dirmngr changed to make use of the GnuPG directories; for example you -use /etc/gnupg/trusted-certs and /var/lib/gnupg/extra-certs. Dirmngr -needs to be started as a system daemon. +The Dirmngr is now part of GnuPG proper and also used to access +OpenPGP keyservers. The directroy layout of Dirmngr changed to make +use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as +needed needed. There is no more need to install a separate dirmngr +package. diff --git a/doc/gpg.texi b/doc/gpg.texi index 71a3107..c8fae3a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3042,18 +3042,33 @@ files; They all live in in the current home directory (@pxref{option @table @file - @item ~/.gnupg/secring.gpg - The secret keyring. You should backup this file. - - @item ~/.gnupg/secring.gpg.lock - The lock file for the secret keyring. - @item ~/.gnupg/pubring.gpg The public keyring. You should backup this file. @item ~/.gnupg/pubring.gpg.lock The lock file for the public keyring. + at ifset gpgtwoone + @item ~/.gnupg/pubring.kbx + The public keyring using a different format. This file is sharred + with @command{gpgsm}. You should backup this file. + + @item ~/.gnupg/pubring.kbx.lock + The lock file for @file{pubring.kbx}. + at end ifset + + @item ~/.gnupg/secring.gpg + at ifclear gpgtwoone + The secret keyring. You should backup this file. + at end ifclear + at ifset gpgtwoone + A secret keyring as used by GnuPG versions before 2.1. It is not + used by GnuPG 2.1 and later. + + @item ~/.gnupg/.gpg-v21-migrated + File indicating that a migration to GnuPG 2.1 has taken place. + at end ifset + @item ~/.gnupg/trustdb.gpg The trust database. There is no need to backup this file; it is better to backup the ownertrust values (@pxref{option --export-ownertrust}). @@ -3064,6 +3079,9 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/random_seed A file used to preserve the state of the internal random pool. + @item ~/.gnupg/secring.gpg.lock + The lock file for the secret keyring. + @item /usr[/local]/share/gnupg/options.skel The skeleton options file. diff --git a/g10/Makefile.am b/g10/Makefile.am index ba68648..0ae4ef7 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -110,6 +110,7 @@ gpg2_SOURCES = gpg.c \ dearmor.c \ import.c \ export.c \ + migrate.c \ delkey.c \ keygen.c \ helptext.c \ diff --git a/g10/gpg.c b/g10/gpg.c index bd4ca40..47cc851 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3594,6 +3594,43 @@ main (int argc, char **argv) break; } + + /* Check for certain command whether we need to migrate a + secring.gpg to the gpg-agent. */ + switch (cmd) + { + case aListSecretKeys: + case aSign: + case aSignEncr: + case aSignEncrSym: + case aSignSym: + case aClearsign: + case aDecrypt: + case aSignKey: + case aLSignKey: + case aEditKey: + case aPasswd: + case aDeleteSecretKeys: + case aDeleteSecretAndPublicKeys: + case aKeygen: + case aImport: + case aExportSecret: + case aExportSecretSub: + case aGenRevoke: + case aDesigRevoke: + case aCardEdit: + case aChangePIN: + migrate_secring (ctrl); + break; + case aListKeys: + if (opt.with_secret) + migrate_secring (ctrl); + break; + default: + break; + } + + /* The command dispatcher. */ switch( cmd ) { case aServer: diff --git a/g10/import.c b/g10/import.c index 2b219a2..774a727 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1,6 +1,7 @@ /* import.c - import a key into our key storage. * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, * 2007, 2010, 2011 Free Software Foundation, Inc. + * Copyright (C) 2014 Werner Koch * * This file is part of GnuPG. * @@ -68,9 +69,10 @@ static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); static int import_one (ctrl_t ctrl, const char *fname, KBNODE keyblock,struct stats_s *stats, unsigned char **fpr,size_t *fpr_len, - unsigned int options,int from_sk); + unsigned int options,int from_sk, int silent); static int import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, - struct stats_s *stats, unsigned int options); + struct stats_s *stats, int batch, + unsigned int options, int for_migration); static int import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats); static int chk_self_sigs( const char *fname, KBNODE keyblock, @@ -227,6 +229,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, return rc; } + void import_keys (ctrl_t ctrl, char **fnames, int nnames, void *stats_handle, unsigned int options ) @@ -293,9 +296,10 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct stats_s *stats, while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) { if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) rc = import_one (ctrl, fname, keyblock, - stats, fpr, fpr_len, options, 0); + stats, fpr, fpr_len, options, 0, 0); else if( keyblock->pkt->pkttype == PKT_SECRET_KEY ) - rc = import_secret_one (ctrl, fname, keyblock, stats, options); + rc = import_secret_one (ctrl, fname, keyblock, stats, + opt.batch, options, 0); else if( keyblock->pkt->pkttype == PKT_SIGNATURE && keyblock->pkt->pkt.signature->sig_class == 0x20 ) rc = import_revoke_cert( fname, keyblock, stats ); @@ -320,6 +324,57 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct stats_s *stats, } +/* Helper to migrate secring.gpg to GnuPG 2.1. */ +gpg_error_t +import_old_secring (ctrl_t ctrl, const char *fname) +{ + gpg_error_t err; + iobuf_t inp; + PACKET *pending_pkt = NULL; + kbnode_t keyblock = NULL; /* Need to initialize because gcc can't + grasp the return semantics of + read_block. */ + struct stats_s *stats; + + inp = iobuf_open (fname); + if (inp && is_secured_file (iobuf_get_fd (inp))) + { + iobuf_close (inp); + inp = NULL; + gpg_err_set_errno (EPERM); + } + if (!inp) + { + err = gpg_error_from_syserror (); + log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err)); + return err; + } + + getkey_disable_caches(); + stats = import_new_stats_handle (); + while (!(err = read_block (inp, &pending_pkt, &keyblock))) + { + if (keyblock->pkt->pkttype == PKT_SECRET_KEY) + err = import_secret_one (ctrl, fname, keyblock, stats, 1, 0, 1); + release_kbnode (keyblock); + if (err) + break; + } + import_release_stats_handle (stats); + if (err == -1) + err = 0; + else if (err && gpg_err_code (err) != G10ERR_INV_KEYRING) + log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (err)); + else if (err) + log_error ("import from '%s' failed: %s\n", fname, gpg_strerror (err)); + + iobuf_close (inp); + iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname); + + return err; +} + + void import_print_stats (void *hd) { @@ -771,16 +826,17 @@ check_prefs (ctrl_t ctrl, kbnode_t keyblock) } /**************** - * Try to import one keyblock. Return an error only in serious cases, but - * never for an invalid keyblock. It uses log_error to increase the - * internal errorcount, so that invalid input can be detected by programs - * which called gpg. + * Try to import one keyblock. Return an error only in serious cases, + * but never for an invalid keyblock. It uses log_error to increase + * the internal errorcount, so that invalid input can be detected by + * programs which called gpg. If SILENT is no messages are printed - + * even most error messages are suppressed. */ static int import_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, struct stats_s *stats, unsigned char **fpr,size_t *fpr_len,unsigned int options, - int from_sk ) + int from_sk, int silent) { PKT_public_key *pk; PKT_public_key *pk_orig; @@ -804,7 +860,7 @@ import_one (ctrl_t ctrl, keyid_from_pk( pk, keyid ); uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); - if( opt.verbose && !opt.interactive ) + if (opt.verbose && !opt.interactive && !silent) { log_info( "pub %s/%s %s ", pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), @@ -819,11 +875,12 @@ import_one (ctrl_t ctrl, if( !uidnode ) { - log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); + if (!silent) + log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); return 0; } - if (opt.interactive) { + if (opt.interactive && !silent) { if(is_status_enabled()) print_import_check (pk, uidnode->pkt->pkt.user_id); merge_keys_and_selfsig (keyblock); @@ -856,7 +913,7 @@ import_one (ctrl_t ctrl, return rc== -1? 0:rc; /* If we allow such a thing, mark unsigned uids as valid */ - if( opt.allow_non_selfsigned_uid ) + if( opt.allow_non_selfsigned_uid) for( node=keyblock; node; node = node->next ) if( node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) ) { @@ -869,9 +926,11 @@ import_one (ctrl_t ctrl, } if( !delete_inv_parts( fname, keyblock, keyid, options ) ) { - log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); - if( !opt.quiet ) - log_info(_("this may be caused by a missing self-signature\n")); + if (!silent) { + log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); + if( !opt.quiet ) + log_info(_("this may be caused by a missing self-signature\n")); + } stats->no_user_id++; return 0; } @@ -881,12 +940,13 @@ import_one (ctrl_t ctrl, rc = get_pubkey_fast ( pk_orig, keyid ); if( rc && rc != G10ERR_NO_PUBKEY && rc != G10ERR_UNU_PUBKEY ) { - log_error( _("key %s: public key not found: %s\n"), - keystr(keyid), g10_errstr(rc)); + if (!silent) + log_error (_("key %s: public key not found: %s\n"), + keystr(keyid), g10_errstr(rc)); } else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) ) { - if( opt.verbose ) + if( opt.verbose && !silent ) log_info( _("key %s: new key - skipped\n"), keystr(keyid)); rc = 0; stats->skipped_new_keys++; @@ -896,7 +956,7 @@ import_one (ctrl_t ctrl, rc = keydb_locate_writable (hd, NULL); if (rc) { - log_error (_("no writable keyring found: %s\n"), g10_errstr (rc)); + log_error (_("no writable keyring found: %s\n"), g10_errstr (rc)); keydb_release (hd); return G10ERR_GENERAL; } @@ -921,7 +981,7 @@ import_one (ctrl_t ctrl, keydb_release (hd); /* we are ready */ - if( !opt.quiet ) + if( !opt.quiet && !silent) { char *p=get_user_id_native (keyid); log_info( _("key %s: public key \"%s\" imported\n"), @@ -948,7 +1008,8 @@ import_one (ctrl_t ctrl, * weird is going on */ if( cmp_public_keys( pk_orig, pk ) ) { - log_error( _("key %s: doesn't match our copy\n"),keystr(keyid)); + if (!silent) + log_error( _("key %s: doesn't match our copy\n"),keystr(keyid)); goto leave; } @@ -1011,7 +1072,7 @@ import_one (ctrl_t ctrl, revalidation_mark (); /* we are ready */ - if( !opt.quiet ) + if( !opt.quiet && !silent) { char *p=get_user_id_native(keyid); if( n_uids == 1 ) @@ -1053,7 +1114,7 @@ import_one (ctrl_t ctrl, stats->n_sigs_cleaned +=n_sigs_cleaned; stats->n_uids_cleaned +=n_uids_cleaned; - if (is_status_enabled ()) + if (is_status_enabled () && !silent) print_import_ok (pk, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0))); } else @@ -1062,7 +1123,7 @@ import_one (ctrl_t ctrl, if (is_status_enabled ()) print_import_ok (pk, 0); - if( !opt.quiet ) + if( !opt.quiet && !silent) { char *p=get_user_id_native(keyid); log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p); @@ -1129,9 +1190,12 @@ import_one (ctrl_t ctrl, /* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The - function prints diagnostics and returns an error code. */ + function prints diagnostics and returns an error code. If BATCH is + true the secret keys are stored by gpg-agent in the transfer format + (i.e. no re-protection and aksing for passphrases). */ static gpg_error_t -transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock) +transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock, + int batch) { gpg_error_t err = 0; void *kek = NULL; @@ -1358,7 +1422,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock) { char *desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_IMPORT, 1); err = agent_import_key (ctrl, desc, &cache_nonce, - wrappedkey, wrappedkeylen, opt.batch); + wrappedkey, wrappedkeylen, batch); xfree (desc); } if (!err) @@ -1454,7 +1518,8 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) */ static int import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, - struct stats_s *stats, unsigned int options) + struct stats_s *stats, int batch, unsigned int options, + int for_migration) { PKT_public_key *pk; struct seckey_info *ski; @@ -1475,7 +1540,7 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, keyid_from_pk (pk, keyid); uidnode = find_next_kbnode (keyblock, PKT_USER_ID); - if (opt.verbose) + if (opt.verbose && !for_migration) { log_info ("sec %s/%s %s ", pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), @@ -1489,13 +1554,15 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, if ((options & IMPORT_NO_SECKEY)) { - log_error (_("importing secret keys not allowed\n")); + if (!for_migration) + log_error (_("importing secret keys not allowed\n")); return 0; } if (!uidnode) { - log_error( _("key %s: no user ID\n"), keystr_from_pk (pk)); + if (!for_migration) + log_error( _("key %s: no user ID\n"), keystr_from_pk (pk)); return 0; } @@ -1511,8 +1578,9 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, cipher algorithm (only checks the primary key, though). */ if (ski->algo > 110) { - log_error (_("key %s: secret key with invalid cipher %d" - " - skipped\n"), keystr_from_pk (pk), ski->algo); + if (!for_migration) + log_error (_("key %s: secret key with invalid cipher %d" + " - skipped\n"), keystr_from_pk (pk), ski->algo); return 0; } @@ -1542,7 +1610,7 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, public key block, and below we will output another one for the secret keys. FIXME? */ import_one (ctrl, fname, pub_keyblock, stats, - NULL, NULL, options, 1); + NULL, NULL, options, 1, for_migration); /* Fixme: We should check for an invalid keyblock and cancel the secret key import in this case. */ @@ -1564,7 +1632,7 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, else { nr_prev = stats->secret_imported; - if (!transfer_secret_keys (ctrl, stats, keyblock)) + if (!transfer_secret_keys (ctrl, stats, keyblock, batch)) { int status = 16; if (!opt.quiet) diff --git a/g10/main.h b/g10/main.h index 2802cb5..97c6612 100644 --- a/g10/main.h +++ b/g10/main.h @@ -290,6 +290,7 @@ int import_keys_stream (ctrl_t ctrl, iobuf_t inp, void *stats_hd, int import_keys_es_stream (ctrl_t ctrl, estream_t fp, void *stats_handle, unsigned char **fpr, size_t *fpr_len, unsigned int options); +gpg_error_t import_old_secring (ctrl_t ctrl, const char *fname); void *import_new_stats_handle (void); void import_release_stats_handle (void *p); void import_print_stats (void *hd); @@ -379,4 +380,8 @@ int card_store_subkey (KBNODE node, int use); #define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6)) +/*-- migrate.c --*/ +void migrate_secring (ctrl_t ctrl); + + #endif /*G10_MAIN_H*/ diff --git a/g10/migrate.c b/g10/migrate.c new file mode 100644 index 0000000..9a21cfe --- /dev/null +++ b/g10/migrate.c @@ -0,0 +1,94 @@ +/* migrate.c - Migrate from earlier GnupG versions. + * Copyright (C) 2014 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include +#include + +#include "gpg.h" +#include "options.h" +#include "keydb.h" +#include "util.h" +#include "main.h" + + +#ifdef HAVE_DOSISH_SYSTEM +# define V21_MIGRATION_FNAME "gpg-v21-migrated" +#else +# define V21_MIGRATION_FNAME ".gpg-v21-migrated" +#endif + + +/* Check whether a default secring.gpg from GnuPG < 2.1 exists and + import it if not yet done. */ +void +migrate_secring (ctrl_t ctrl) +{ + dotlock_t lockhd = NULL; + char *secring = NULL; + char *flagfile = NULL; + + secring = make_filename (opt.homedir, "secring" EXTSEP_S "gpg", NULL); + if (access (secring, F_OK)) + goto leave; /* Does not exist or is not readable. */ + flagfile = make_filename (opt.homedir, V21_MIGRATION_FNAME, NULL); + if (!access (flagfile, F_OK)) + goto leave; /* Does exist - fine. */ + + log_info ("starting migration from earlier GnuPG versions\n"); + + lockhd = dotlock_create (flagfile, 0); + if (!lockhd) + { + log_error ("can't allocate lock for '%s': %s\n", + flagfile, gpg_strerror (gpg_error_from_syserror ())); + goto leave; + } + if (dotlock_take (lockhd, -1)) + { + log_error ("can't lock '%s': %s\n", + flagfile, gpg_strerror (gpg_error_from_syserror ())); + dotlock_destroy (lockhd); + lockhd = NULL; + goto leave; + } + + log_info ("porting secret keys from '%s' to gpg-agent\n", secring); + if (!import_old_secring (ctrl, secring)) + { + FILE *fp = fopen (flagfile, "w"); + if (!fp || fclose (fp)) + log_error ("error creating flag file '%s': %s\n", + flagfile, gpg_strerror (gpg_error_from_syserror ())); + else + log_info ("migration succeeded\n"); + } + + leave: + if (lockhd) + { + dotlock_release (lockhd); + dotlock_destroy (lockhd); + } + xfree (flagfile); + xfree (secring); +} ----------------------------------------------------------------------- Summary of changes: README | 29 ++++-------- doc/gpg.texi | 30 +++++++++--- g10/Makefile.am | 1 + g10/gpg.c | 37 +++++++++++++++ g10/import.c | 140 +++++++++++++++++++++++++++++++++++++++++-------------- g10/keygen.c | 40 ++++++++++++---- g10/main.h | 5 ++ g10/migrate.c | 94 +++++++++++++++++++++++++++++++++++++ 8 files changed, 304 insertions(+), 72 deletions(-) create mode 100644 g10/migrate.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 5 17:09:23 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 05 Jun 2014 17:09:23 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-443-g518d835 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 518d835380a2ae01d6a9cc19de92684baade96a4 (commit) via 27f4ce40e01b501eeaa311dc7a6eee593758548b (commit) via ab7d85be82b8add165a4ca6289fed2779fec8a41 (commit) via 533ff0ab56dd6dfcab4bb2ef5c7755b62d158007 (commit) via 23712e69d3f97df9d789325f1a2f2f61e7d5bbb4 (commit) from 9c9e26d41e7d65711da8dbf1afa452254749621c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 518d835380a2ae01d6a9cc19de92684baade96a4 Author: Werner Koch Date: Thu Jun 5 17:05:33 2014 +0200 Post beta release update. -- 656fef6454972cb91741c37a0fd19cd9ade9db9c gnupg-2.1.0-beta442.tar.bz2 diff --git a/NEWS b/NEWS index cc3e263..0f2e78f 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.0 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 2.1.0-beta442 (2014-06-05) -------------------------------------------------------- commit 27f4ce40e01b501eeaa311dc7a6eee593758548b Author: Werner Koch Date: Thu Jun 5 16:23:10 2014 +0200 Release 2.1.0-beta442. -- This beta is small contribution for today's Reset The Net campaign. It is a crying shame that the government of my country is not willing to offer Edward Snowden asylum and protect him from the evil institutions of those allies who once thankfully kicked out the most evil German powers. Back in these dark years, many people had to ask for asylum over there and it was granted. Now we have to fear their Blockwarts who are listening to the entire world. It would be more than justified for us to help that brave guy. diff --git a/NEWS b/NEWS index a5a0d53..cc3e263 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,5 @@ -Noteworthy changes in version 2.1.0-betaN (unreleased) ------------------------------------------------------ +Noteworthy changes in version 2.1.0-beta442 (2014-06-05) +-------------------------------------------------------- * gpg: Add experimental signature support using curve Ed25519 and with a patched Libgcrypt also encryption support with Curve25519. commit ab7d85be82b8add165a4ca6289fed2779fec8a41 Author: Werner Koch Date: Thu Jun 5 16:22:18 2014 +0200 po: Auto-update po files. -- diff --git a/po/de.po b/po/de.po index da0f13c..49a03c5 100644 --- a/po/de.po +++ b/po/de.po @@ -300,12 +300,12 @@ msgstr "" "@Optionen:\n" " " -msgid "run in server mode (foreground)" -msgstr "Im Server Modus ausf?hren" - msgid "run in daemon mode (background)" msgstr "Im Daemon Modus ausf?hren" +msgid "run in server mode (foreground)" +msgstr "Im Server Modus ausf?hren" + msgid "verbose" msgstr "Detaillierte Informationen" @@ -354,14 +354,19 @@ msgstr "|N|lasse PINs im Cache nach N Sekunden verfallen" msgid "do not use the PIN cache when signing" msgstr "benutze PINs im Cache nicht beim Signieren" -msgid "allow clients to mark keys as \"trusted\"" +#, fuzzy +#| msgid "allow clients to mark keys as \"trusted\"" +msgid "disallow clients to mark keys as \"trusted\"" msgstr "erlaube Aufrufern Schl?ssel als \"vertrauensw?rdig\" zu markieren" msgid "allow presetting passphrase" msgstr "erlaube ein \"preset\" von Passphrases" -msgid "enable ssh-agent emulation" -msgstr "Die ssh-agent-Emulation anschalten" +msgid "enable ssh support" +msgstr "" + +msgid "enable putty support" +msgstr "" msgid "|FILE|write environment settings also to FILE" msgstr "|DATEI|Schreibe die Umgebungsvariablen auf DATEI" @@ -665,6 +670,16 @@ msgstr "Die Passphrase ?ndern" msgid "I'll change it later" msgstr "Ich werde sie sp?ter ?ndern" +#, fuzzy +#| msgid "enable key" +msgid "Delete key" +msgstr "Schl?ssel anschalten" + +msgid "" +"Warning: This key is also listed for use with SSH!\n" +"Deleting the key will may remove your ability toaccess remote machines." +msgstr "" + msgid "DSA requires the hash length to be a multiple of 8 bits\n" msgstr "F?r DSA mu? die Hashl?nge ein Vielfaches von 8 Bit sein\n" @@ -724,13 +739,6 @@ msgstr "Fehler bei Ausf?hrung von `%s': beendet\n" msgid "error getting exit code of process %d: %s\n" msgstr "Fehler beim Holen des Exitwerte des Prozesses %d: %s\n" -#, c-format -msgid "error creating socket: %s\n" -msgstr "Fehler beim Erstellen des Sockets: %s\n" - -msgid "host not found" -msgstr "Host nicht gefunden" - msgid "gpg-agent is not available in this session\n" msgstr "GPG-Agent ist in dieser Sitzung nicht vorhanden\n" @@ -1030,14 +1038,6 @@ msgid "you found a bug ... (%s:%d)\n" msgstr "Sie haben einen Bug (Programmfehler) gefunden ... (%s:%d)\n" #, c-format -msgid "error loading '%s': %s\n" -msgstr "Fehler beim Laden von `%s': %s\n" - -#, c-format -msgid "please see %s for more information\n" -msgstr "Siehe %s f?r weitere Infos\n" - -#, c-format msgid "conversion from '%s' to '%s' not available\n" msgstr "Umwandlung von `%s' in `%s' ist nicht verf?gbar\n" @@ -1466,8 +1466,18 @@ msgstr "Diesen Schl?ssel aus dem Schl?sselbund l?schen? (j/N) " msgid "This is a secret key! - really delete? (y/N) " msgstr "Dies ist ein privater Schl?ssel! - Wirklich l?schen? (j/N) " -msgid "deleting secret key not implemented\n" -msgstr "L?schen des geheimen Schl?ssel ist nicht implementiert\n" +#, fuzzy, c-format +#| msgid "deleting certificate \"%s\" failed: %s\n" +msgid "deleting secret %s failed: %s\n" +msgstr "Fehler beim L?schen des Zertifikats \"%s\": %s\n" + +msgid "key" +msgstr "" + +#, fuzzy +#| msgid "Pubkey: " +msgid "subkey" +msgstr "?ff. Schl?ssel: " #, c-format msgid "deleting keyblock failed: %s\n" @@ -1723,6 +1733,16 @@ msgstr "Schl?ssel aus dem ?ff. Schl?sselbund entfernen" msgid "remove keys from the secret keyring" msgstr "Schl?ssel aus dem geh. Schl?sselbund entfernen" +#, fuzzy +#| msgid "sign a key" +msgid "quickly sign a key" +msgstr "Schl?ssel signieren" + +#, fuzzy +#| msgid "sign a key locally" +msgid "quickly sign a key locally" +msgstr "Schl?ssel nur f?r diesen Rechner signieren" + msgid "sign a key" msgstr "Schl?ssel signieren" @@ -2554,15 +2574,15 @@ msgstr "Schl?ssel %s: geheimer Schl?ssel bereits vorhanden\n" msgid "key %s: error sending to agent: %s\n" msgstr "Schl?ssel %s: Fehler beim Senden zum gpg-agent: %s\n" +msgid "importing secret keys not allowed\n" +msgstr "Importieren geheimer Schl?ssel ist nicht erlaubt\n" + #, c-format msgid "key %s: secret key with invalid cipher %d - skipped\n" msgstr "" "Schl?ssel %s: geheimer Schl?ssel mit ung?ltiger Verschl?sselung %d - " "?bersprungen\n" -msgid "importing secret keys not allowed\n" -msgstr "Importieren geheimer Schl?ssel ist nicht erlaubt\n" - #, c-format msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "" @@ -3186,6 +3206,26 @@ msgstr "?nderung fehlgeschlagen: %s\n" msgid "Key not changed so no update needed.\n" msgstr "Schl?ssel ist nicht ge?ndert worden, also ist kein Speichern n?tig.\n" +#, fuzzy, c-format +#| msgid "invalid fingerprint" +msgid "\"%s\" is not a fingerprint\n" +msgstr "ung?ltiger Fingerabdruck" + +#, fuzzy, c-format +#| msgid "failed to get the fingerprint\n" +msgid "\"%s\" is not the primary fingerprint\n" +msgstr "Kann den Fingerprint nicht ermitteln\n" + +#, fuzzy +#| msgid "No such user ID.\n" +msgid "No matching user IDs." +msgstr "Keine solche User-ID vorhanden.\n" + +#, fuzzy +#| msgid "Nothing to sign with key %s\n" +msgid "Nothing to sign.\n" +msgstr "Nichts zu beglaubigen f?r Schl?ssel %s\n" + msgid "Digest: " msgstr "Digest: " @@ -3615,20 +3655,24 @@ msgstr " (%d) DSA (Leistungsf?higkeit selber einstellbar)\n" msgid " (%d) RSA (set your own capabilities)\n" msgstr " (%d) RSA (Leistungsf?higkeit selber einstellbar)\n" -#, c-format -msgid " (%d) ECDSA and ECDH\n" -msgstr " (%d) ECDSA und ECDH\n" +#, fuzzy, c-format +#| msgid " (%d) %s\n" +msgid " (%d) ECC\n" +msgstr " (%d) signieren\n" -#, c-format -msgid " (%d) ECDSA (sign only)\n" +#, fuzzy, c-format +#| msgid " (%d) ECDSA (sign only)\n" +msgid " (%d) ECC (sign only)\n" msgstr " (%d) ECDSA (nur signieren/beglaubigen)\n" -#, c-format -msgid " (%d) ECDSA (set your own capabilities)\n" +#, fuzzy, c-format +#| msgid " (%d) ECDSA (set your own capabilities)\n" +msgid " (%d) ECC (set your own capabilities)\n" msgstr " (%d) ECDSA (Leistungsf?higkeit selber einstellbar)\n" -#, c-format -msgid " (%d) ECDH (encrypt only)\n" +#, fuzzy, c-format +#| msgid " (%d) ECDH (encrypt only)\n" +msgid " (%d) ECC (encrypt only)\n" msgstr " (%d) ECDH (nur verschl?sseln)\n" #, c-format @@ -4180,6 +4224,18 @@ msgstr "" msgid "no signature found\n" msgstr "Keine Signatur gefunden\n" +#, c-format +msgid "BAD signature from \"%s\"" +msgstr "FALSCHE Signatur von \"%s\"" + +#, c-format +msgid "Expired signature from \"%s\"" +msgstr "Verfallene Signatur von \"%s\"" + +#, c-format +msgid "Good signature from \"%s\"" +msgstr "Korrekte Signatur von \"%s\"" + msgid "signature verification suppressed\n" msgstr "Signatur?berpr?fung unterdr?ckt\n" @@ -4202,18 +4258,6 @@ msgstr "Signatur vom %s mittels %s-Schl?ssel ID %s\n" msgid "Key available at: " msgstr "Schl?ssel erh?ltlich bei: " -#, c-format -msgid "BAD signature from \"%s\"" -msgstr "FALSCHE Signatur von \"%s\"" - -#, c-format -msgid "Expired signature from \"%s\"" -msgstr "Verfallene Signatur von \"%s\"" - -#, c-format -msgid "Good signature from \"%s\"" -msgstr "Korrekte Signatur von \"%s\"" - msgid "[uncertain]" msgstr "[ungewi?] " @@ -4229,8 +4273,9 @@ msgstr "Diese Signatur ist seit %s verfallen.\n" msgid "Signature expires %s\n" msgstr "Diese Signatur verf?llt am %s.\n" -#, c-format -msgid "%s signature, digest algorithm %s\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "%s signature, digest algorithm %s%s%s\n" msgstr "%s Signatur, Hashmethode \"%s\"\n" msgid "binary" @@ -4428,26 +4473,64 @@ msgstr "%u-Bit %s Schl?ssel, ID %s, erzeugt %s" msgid " (subkey on main key ID %s)" msgstr " (Unterschl?ssel aus Hauptschl?ssel-ID %s)" -msgid "" -"Please enter the passphrase to unlock the secret key for the OpenPGP " -"certificate:" +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to unlock the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to unlock the OpenPGP secret key:" msgstr "" "Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu " "entsperren:" -msgid "" -"Please enter the passphrase to import the secret key for the OpenPGP " -"certificate:" +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to import the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to import the OpenPGP secret key:" msgstr "" "Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu " "importieren:" -#, c-format +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to import the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to export the OpenPGP secret subkey:" +msgstr "" +"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu " +"importieren:" + +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to import the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to export the OpenPGP secret key:" +msgstr "" +"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu " +"importieren:" + +#, fuzzy +#| msgid "Do you really want to delete the selected keys? (y/N) " +msgid "Do you really want to permanently delete the OpenPGP secret subkey key:" +msgstr "M?chten Sie die ausgew?hlten Schl?ssel wirklich entfernen? (j/N) " + +#, fuzzy +#| msgid "Do you really want to delete the selected keys? (y/N) " +msgid "Do you really want to permanently delete the OpenPGP secret key:" +msgstr "M?chten Sie die ausgew?hlten Schl?ssel wirklich entfernen? (j/N) " + +#, fuzzy, c-format +#| msgid "" +#| "%s\n" +#| "\"%.*s\"\n" +#| "%u-bit %s key, ID %s,\n" +#| "created %s%s.\n" msgid "" "%s\n" "\"%.*s\"\n" "%u-bit %s key, ID %s,\n" "created %s%s.\n" +"%s" msgstr "" "%s\n" "\"%.*s\"\n" @@ -4890,6 +4973,10 @@ msgid "WARNING: signing subkey %s is not cross-certified\n" msgstr "WARNUNG: Signaturunterschl?ssel %s hat keine R?cksignatur\n" #, c-format +msgid "please see %s for more information\n" +msgstr "Siehe %s f?r weitere Infos\n" + +#, c-format msgid "WARNING: signing subkey %s has an invalid cross-certification\n" msgstr "WARNUNG: Signaturunterschl?ssel %s hat eine ung?ltige R?cksignatur\n" @@ -4923,6 +5010,11 @@ msgstr "Hinweis: Signaturschl?ssel %s ist am %s verfallen\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "Hinweis: Signaturschl?ssel %s wurde widerrufen\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s Signatur, Hashmethode \"%s\"\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" @@ -5208,53 +5300,6 @@ msgstr "" msgid "using %s trust model\n" msgstr "verwende Vertrauensmodell %s\n" -#. TRANSLATORS: these strings are similar to those in -#. trust_value_to_string(), but are a fixed length. This is needed to -#. make attractive information listings where columns line up -#. properly. The value "10" should be the length of the strings you -#. choose to translate to. This is the length in printable columns. -#. It gets passed to atoi() so everything after the number is -#. essentially a comment and need not be translated. Either key and -#. uid are both NULL, or neither are NULL. -msgid "10 translator see trustdb.c:uid_trust_string_fixed" -msgstr "10" - -msgid "[ revoked]" -msgstr "[widerrufen]" - -msgid "[ expired]" -msgstr "[verfall.]" - -msgid "[ unknown]" -msgstr "[ unbek.]" - -msgid "[ undef ]" -msgstr "[ undef.]" - -msgid "[marginal]" -msgstr "[marginal]" - -msgid "[ full ]" -msgstr "[ vollst.]" - -msgid "[ultimate]" -msgstr "[ uneing.]" - -msgid "undefined" -msgstr "unbestimmt" - -msgid "never" -msgstr "niemals" - -msgid "marginal" -msgstr "marginal" - -msgid "full" -msgstr "vollst?ndig" - -msgid "ultimate" -msgstr "uneingeschr?nkt" - msgid "no need for a trustdb check\n" msgstr "\"Trust-DB\"-?berpr?fung nicht n?tig\n" @@ -7084,6 +7129,9 @@ msgstr "|FPR|OCSP Antwort ist durch FPR signiert" msgid "|N|do not return more than N items in one query" msgstr "|N|Nicht mehr als N Angaben in einer Anfrage zur?ckgeben" +msgid "|FILE|use the CA certifciates in FILE for HKP over TLS" +msgstr "" + msgid "" "@\n" "(See the \"info\" manual for a complete listing of all commands and " @@ -7587,6 +7635,11 @@ msgstr "Druckdaten hexkodiert ausgeben" msgid "decode received data lines" msgstr "Dekodiere empfangene Datenzeilen" +#, fuzzy +#| msgid "can't connect to the dirmngr: %s\n" +msgid "connect to the dirmngr" +msgstr "Verbindung zum Dirmngr nicht m?glich: %s\n" + msgid "|NAME|connect to Assuan socket NAME" msgstr "|NAME|Verbinde mit dem Assuan-Socket NAME" @@ -7758,6 +7811,11 @@ msgstr "Directory Manager" msgid "PIN and Passphrase Entry" msgstr "Falsche PIN oder Passphrase!" +#, fuzzy +#| msgid "Component not found" +msgid "Component not suitable for launching" +msgstr "Komponente nicht gefunden" + #, c-format msgid "External verification of component %s failed" msgstr "Die externe ?berpr?fung der Komponente %s war nicht erfolgreich" @@ -7783,7 +7841,9 @@ msgstr "|KOMPONENTE|Pr?fe die Optionen" msgid "apply global default values" msgstr "Wende die gobalen Voreinstellungen an" -msgid "get the configuration directories for gpgconf" +#, fuzzy +#| msgid "get the configuration directories for gpgconf" +msgid "get the configuration directories for @GPGCONF@" msgstr "Hole die Einstellungsverzeichnisse von gpgconf" msgid "list global configuration file" @@ -7795,6 +7855,11 @@ msgstr "Pr?fe die globale Konfigurationsdatei" msgid "reload all or a given component" msgstr "\"reload\" an alle oder eine Komponente senden" +#, fuzzy +#| msgid "kill a given component" +msgid "launch a given component" +msgstr "\"kill\" an eine Komponente senden" + msgid "kill a given component" msgstr "\"kill\" an eine Komponente senden" @@ -7814,9 +7879,6 @@ msgstr "" "Syntax: @GPGCONF@ {Optionen]\n" "Verwalte Konfigurationsoptionen f?r Programme des @GNUPG@ Systems\n" -msgid "usage: gpgconf [options] " -msgstr "Aufruf: gpgconf [Optionen] " - msgid "Need one component argument" msgstr "Ben?tige ein Komponentenargument" @@ -7970,15 +8032,72 @@ msgstr "" "Syntax: gpg-check-pattern [optionen] Musterdatei\n" "Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n" +#~ msgid "enable ssh-agent emulation" +#~ msgstr "Die ssh-agent-Emulation anschalten" + +#~ msgid "error creating socket: %s\n" +#~ msgstr "Fehler beim Erstellen des Sockets: %s\n" + +#~ msgid "host not found" +#~ msgstr "Host nicht gefunden" + +#~ msgid "error loading '%s': %s\n" +#~ msgstr "Fehler beim Laden von `%s': %s\n" + +#~ msgid "deleting secret key not implemented\n" +#~ msgstr "L?schen des geheimen Schl?ssel ist nicht implementiert\n" + +#~ msgid " (%d) ECDSA and ECDH\n" +#~ msgstr " (%d) ECDSA und ECDH\n" + +#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed" +#~ msgstr "10" + +#~ msgid "[ revoked]" +#~ msgstr "[widerrufen]" + +#~ msgid "[ expired]" +#~ msgstr "[verfall.]" + +#~ msgid "[ unknown]" +#~ msgstr "[ unbek.]" + +#~ msgid "[ undef ]" +#~ msgstr "[ undef.]" + +#~ msgid "[marginal]" +#~ msgstr "[marginal]" + +#~ msgid "[ full ]" +#~ msgstr "[ vollst.]" + +#~ msgid "[ultimate]" +#~ msgstr "[ uneing.]" + +#~ msgid "undefined" +#~ msgstr "unbestimmt" + +#~ msgid "never" +#~ msgstr "niemals" + +#~ msgid "marginal" +#~ msgstr "marginal" + +#~ msgid "full" +#~ msgstr "vollst?ndig" + +#~ msgid "ultimate" +#~ msgstr "uneingeschr?nkt" + +#~ msgid "usage: gpgconf [options] " +#~ msgstr "Aufruf: gpgconf [Optionen] " + #~ msgid "Usage: scdaemon [options] (-h for help)" #~ msgstr "Aufruf: scdaemon [Optionen] (-h f?r Hilfe)" #~ msgid "malformed GPG_AGENT_INFO environment variable\n" #~ msgstr "fehlerhaft aufgebaute GPG_AGENT_INFO - Umgebungsvariable\n" -#~ msgid " (%d) %s\n" -#~ msgstr " (%d) signieren\n" - #~ msgid "Usage: gpgsm [options] [files] (-h for help)" #~ msgstr "Aufruf: gpgsm [Optionen] [Dateien] (-h f?r Hilfe)" diff --git a/po/fr.po b/po/fr.po index 9e58e19..9293376 100644 --- a/po/fr.po +++ b/po/fr.po @@ -97,14 +97,12 @@ msgstr "Phrase de passe" msgid "ssh keys greater than %d bits are not supported\n" msgstr "les clefs SSH plus grandes que %d?bits ne sont pas prises en charge\n" -#, fuzzy, c-format -#| msgid "can't create '%s': %s\n" -msgid "can't create `%s': %s\n" +#, c-format +msgid "can't create '%s': %s\n" msgstr "impossible de cr?er ??%s???: %s\n" -#, fuzzy, c-format -#| msgid "can't open '%s': %s\n" -msgid "can't open `%s': %s\n" +#, c-format +msgid "can't open '%s': %s\n" msgstr "impossible d'ouvrir ??%s???: %s\n" #, c-format @@ -298,12 +296,12 @@ msgstr "" "@Options?:\n" " " -msgid "run in server mode (foreground)" -msgstr "ex?cuter en mode serveur (premier plan)" - msgid "run in daemon mode (background)" msgstr "ex?cuter en mode d?mon (arri?re-plan)" +msgid "run in server mode (foreground)" +msgstr "ex?cuter en mode serveur (premier plan)" + msgid "verbose" msgstr "bavard" @@ -352,14 +350,21 @@ msgstr "|N|oublier les codes personnels apr?s N?secondes" msgid "do not use the PIN cache when signing" msgstr "ne pas utiliser le cache de code pour signer" -msgid "allow clients to mark keys as \"trusted\"" +#, fuzzy +#| msgid "allow clients to mark keys as \"trusted\"" +msgid "disallow clients to mark keys as \"trusted\"" msgstr "permettre de marquer la confiance des clefs" msgid "allow presetting passphrase" msgstr "permettre de pr?configurer la phrase de passe" -msgid "enable ssh-agent emulation" -msgstr "activer l'?mulation de ssh-agent" +msgid "enable ssh support" +msgstr "" + +#, fuzzy +#| msgid "not supported" +msgid "enable putty support" +msgstr "non pris en charge" msgid "|FILE|write environment settings also to FILE" msgstr "|FICHIER|?crire aussi les r?glages d'env. dans FICHIER" @@ -373,12 +378,18 @@ msgstr "" "Veuillez signaler toutes anomalies sur <@EMAIL@> (en anglais)\n" "et tout probl?me de traduction ? .\n" -msgid "Usage: gpg-agent [options] (-h for help)" -msgstr "Utilisation?: gpg-agent [options] (-h pour l'aide)" +#, fuzzy +#| msgid "Usage: dirmngr [options] (-h for help)" +msgid "Usage: @GPG_AGENT@ [options] (-h for help)" +msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)" +#, fuzzy +#| msgid "" +#| "Syntax: gpg-agent [options] [command [args]]\n" +#| "Secret key management for GnuPG\n" msgid "" -"Syntax: gpg-agent [options] [command [args]]\n" -"Secret key management for GnuPG\n" +"Syntax: @GPG_AGENT@ [options] [command [args]]\n" +"Secret key management for @GNUPG@\n" msgstr "" "Syntaxe?: gpg-agent [options] [commande [arguments]]\n" "Gestionnaire de clefs secr?tes pour GnuPG\n" @@ -490,8 +501,10 @@ msgid "no gpg-agent running in this session\n" msgstr "" "aucune instance de gpg-agent n'est en cours d'ex?cution dans cette session\n" -msgid "malformed GPG_AGENT_INFO environment variable\n" -msgstr "la variable d'environnement GPG_AGENT_INFO est mal d?finie\n" +#, fuzzy, c-format +#| msgid "malformed DIRMNGR_INFO environment variable\n" +msgid "malformed %s environment variable\n" +msgstr "la variable d'environnement DIRMNGR_INFO est mal d?finie\n" #, c-format msgid "gpg-agent protocol version %d is not supported\n" @@ -663,6 +676,16 @@ msgstr "Modifier la phrase de passe" msgid "I'll change it later" msgstr "Je la modifierai plus tard" +#, fuzzy +#| msgid "enable key" +msgid "Delete key" +msgstr "activer la clef" + +msgid "" +"Warning: This key is also listed for use with SSH!\n" +"Deleting the key will may remove your ability toaccess remote machines." +msgstr "" + msgid "DSA requires the hash length to be a multiple of 8 bits\n" msgstr "DSA n?cessite que la longueur du hachage soit un multiple de 8?bits\n" @@ -723,13 +746,6 @@ msgstr "erreur d'ex?cution de ??%s???: termin?\n" msgid "error getting exit code of process %d: %s\n" msgstr "erreur de lecture du code de retour du processus?%d?: %s\n" -#, c-format -msgid "error creating socket: %s\n" -msgstr "erreur de cr?ation de socket?: %s\n" - -msgid "host not found" -msgstr "h?te introuvable" - msgid "gpg-agent is not available in this session\n" msgstr "gpg-agent n'est pas disponible dans cette session\n" @@ -968,10 +984,6 @@ msgstr "Dirmngr utilisable" msgid "No help available for '%s'." msgstr "Pas d'aide disponible pour ??%s??." -#, c-format -msgid "can't open '%s': %s\n" -msgstr "impossible d'ouvrir ??%s???: %s\n" - msgid "ignoring garbage line" msgstr "ligne inutile ignor?e" @@ -1034,14 +1046,6 @@ msgid "you found a bug ... (%s:%d)\n" msgstr "vous avez trouv? un bogue? (%s?: %d)\n" #, c-format -msgid "error loading '%s': %s\n" -msgstr "erreur de chargement de ??%s???: %s\n" - -#, c-format -msgid "please see %s for more information\n" -msgstr "veuillez consulter %s pour plus de renseignements\n" - -#, c-format msgid "conversion from '%s' to '%s' not available\n" msgstr "conversion de ??%s?? vers ??%s?? non disponible\n" @@ -1062,10 +1066,6 @@ msgid "error writing to '%s': %s\n" msgstr "erreur d'?criture sur ??%s???: %s\n" #, c-format -msgid "can't create '%s': %s\n" -msgstr "impossible de cr?er ??%s???: %s\n" - -#, c-format msgid "removing stale lockfile (created by %d)\n" msgstr "suppression du vieux fichier verrou (cr?? par %d)\n" @@ -1477,8 +1477,20 @@ msgstr "Faut-il supprimer cette clef du porte-clefs?? (o/N) " msgid "This is a secret key! - really delete? (y/N) " msgstr "C'est une clef secr?te ? faut-il vraiment la supprimer?? (o/N) " -msgid "deleting secret key not implemented\n" -msgstr "la suppression de clef secr?te n'est pas impl?ment?e\n" +#, fuzzy, c-format +#| msgid "deleting certificate \"%s\" failed: %s\n" +msgid "deleting secret %s failed: %s\n" +msgstr "?chec de suppression du certificat ??%s???: %s\n" + +#, fuzzy +#| msgid "bad key" +msgid "key" +msgstr "mauvaise clef" + +#, fuzzy +#| msgid "Pubkey: " +msgid "subkey" +msgstr "Clef publique?: " #, c-format msgid "deleting keyblock failed: %s\n" @@ -1736,6 +1748,16 @@ msgstr "supprimer les clefs du porte-clefs public" msgid "remove keys from the secret keyring" msgstr "supprimer les clefs du porte-clefs secret" +#, fuzzy +#| msgid "sign a key" +msgid "quickly sign a key" +msgstr "signer une clef" + +#, fuzzy +#| msgid "sign a key locally" +msgid "quickly sign a key locally" +msgstr "signer une clef localement" + msgid "sign a key" msgstr "signer une clef" @@ -1838,7 +1860,9 @@ msgstr "" " --list-keys [noms] montrer les clefs\n" " --fingerprint [noms] montrer les empreintes\n" -msgid "Usage: gpg [options] [files] (-h for help)" +#, fuzzy +#| msgid "Usage: gpg [options] [files] (-h for help)" +msgid "Usage: @GPG@ [options] [files] (-h for help)" msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)" #, fuzzy @@ -1847,7 +1871,7 @@ msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)" #| "sign, check, encrypt or decrypt\n" #| "default operation depends on the input data\n" msgid "" -"Syntax: gpg [options] [files]\n" +"Syntax: @GPG@ [options] [files]\n" "Sign, check, encrypt or decrypt\n" "Default operation depends on the input data\n" msgstr "" @@ -2578,13 +2602,13 @@ msgstr "clef %s?: la clef secr?te clef existe d?j?\n" msgid "key %s: error sending to agent: %s\n" msgstr "clef %s?: erreur d'envoi ? l'agent?: %s\n" +msgid "importing secret keys not allowed\n" +msgstr "impossible d'importer des clefs secr?tes\n" + #, c-format msgid "key %s: secret key with invalid cipher %d - skipped\n" msgstr "clef %s?: clef secr?te avec chiffrement %d incorrect ? ignor?e\n" -msgid "importing secret keys not allowed\n" -msgstr "impossible d'importer des clefs secr?tes\n" - #, c-format msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "" @@ -3202,6 +3226,26 @@ msgstr "?chec de la mise ? jour?: %s\n" msgid "Key not changed so no update needed.\n" msgstr "La clef n'a pas ?t? modifi?e donc la mise ? jour est inutile.\n" +#, fuzzy, c-format +#| msgid "invalid fingerprint" +msgid "\"%s\" is not a fingerprint\n" +msgstr "empreinte incorrecte" + +#, fuzzy, c-format +#| msgid "failed to get the fingerprint\n" +msgid "\"%s\" is not the primary fingerprint\n" +msgstr "impossible d'obtenir l'empreinte\n" + +#, fuzzy +#| msgid "No such user ID.\n" +msgid "No matching user IDs." +msgstr "Cette identit? n'existe pas.\n" + +#, fuzzy +#| msgid "Nothing to sign with key %s\n" +msgid "Nothing to sign.\n" +msgstr "Rien ? signer avec la clef %s\n" + msgid "Digest: " msgstr "Hachage?: " @@ -3634,20 +3678,24 @@ msgstr " (%d) DSA (indiquez vous-m?me les capacit?s)\n" msgid " (%d) RSA (set your own capabilities)\n" msgstr " (%d) RSA (indiquez vous-m?me les capacit?s)\n" -#, c-format -msgid " (%d) ECDSA and ECDH\n" -msgstr " (%d) ECDSA et ECDH\n" +#, fuzzy, c-format +#| msgid " (%d) RSA\n" +msgid " (%d) ECC\n" +msgstr " (%d) RSA\n" -#, c-format -msgid " (%d) ECDSA (sign only)\n" +#, fuzzy, c-format +#| msgid " (%d) ECDSA (sign only)\n" +msgid " (%d) ECC (sign only)\n" msgstr " (%d) ECDSA (signature seule)\n" -#, c-format -msgid " (%d) ECDSA (set your own capabilities)\n" +#, fuzzy, c-format +#| msgid " (%d) ECDSA (set your own capabilities)\n" +msgid " (%d) ECC (set your own capabilities)\n" msgstr " (%d) ECDSA (indiquez vous-m?me les capacit?s)\n" -#, c-format -msgid " (%d) ECDH (encrypt only)\n" +#, fuzzy, c-format +#| msgid " (%d) ECDH (encrypt only)\n" +msgid " (%d) ECC (encrypt only)\n" msgstr " (%d) ECDH (chiffrement seul)\n" #, c-format @@ -3683,6 +3731,11 @@ msgstr "La taille demand?e est %u?bits\n" msgid "rounded to %u bits\n" msgstr "arrondie ? %u?bits\n" +#, fuzzy +#| msgid "Please select what kind of key you want:\n" +msgid "Please select which elliptic curve you want:\n" +msgstr "S?lectionnez le type de clef d?sir??:\n" + msgid "" "Please specify how long the key should be valid.\n" " 0 = key does not expire\n" @@ -4208,6 +4261,18 @@ msgstr "r?vocation autonome ? utilisez ??gpg --import?? pour l'appliquer\ msgid "no signature found\n" msgstr "aucune signature trouv?e\n" +#, c-format +msgid "BAD signature from \"%s\"" +msgstr "MAUVAISE signature de ??%s??" + +#, c-format +msgid "Expired signature from \"%s\"" +msgstr "Signature expir?e de ??%s??" + +#, c-format +msgid "Good signature from \"%s\"" +msgstr "Bonne signature de ??%s??" + msgid "signature verification suppressed\n" msgstr "v?rification de signature supprim?e\n" @@ -4229,18 +4294,6 @@ msgstr "Signature faite le %s avec la clef %s d'identifiant %s\n" msgid "Key available at: " msgstr "Clef disponible sur?: " -#, c-format -msgid "BAD signature from \"%s\"" -msgstr "MAUVAISE signature de ??%s??" - -#, c-format -msgid "Expired signature from \"%s\"" -msgstr "Signature expir?e de ??%s??" - -#, c-format -msgid "Good signature from \"%s\"" -msgstr "Bonne signature de ??%s??" - msgid "[uncertain]" msgstr "[doute]" @@ -4256,8 +4309,9 @@ msgstr "La signature a expir? le %s\n" msgid "Signature expires %s\n" msgstr "La signature expire le %s\n" -#, c-format -msgid "%s signature, digest algorithm %s\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "%s signature, digest algorithm %s%s%s\n" msgstr "signature %s, algorithme de hachage %s\n" msgid "binary" @@ -4459,27 +4513,65 @@ msgstr "clef %2$s de %1$u?bits, identifiant %3$s, cr??e le %4$s" msgid " (subkey on main key ID %s)" msgstr " (sous-clef de la clef principale d'identifiant %s)" -msgid "" -"Please enter the passphrase to unlock the secret key for the OpenPGP " -"certificate:" +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to unlock the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to unlock the OpenPGP secret key:" msgstr "" "Veuillez entrer la phrase de passe pour d?verrouiller la clef secr?te pour " "le\n" "certificat OpenPGP?:" -msgid "" -"Please enter the passphrase to import the secret key for the OpenPGP " -"certificate:" +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to import the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to import the OpenPGP secret key:" msgstr "" "Veuillez entrer la phrase de passe pour importer la clef secr?te pour le\n" "certificat OpenPGP?:" -#, c-format +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to import the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to export the OpenPGP secret subkey:" +msgstr "" +"Veuillez entrer la phrase de passe pour importer la clef secr?te pour le\n" +"certificat OpenPGP?:" + +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to import the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to export the OpenPGP secret key:" +msgstr "" +"Veuillez entrer la phrase de passe pour importer la clef secr?te pour le\n" +"certificat OpenPGP?:" + +#, fuzzy +#| msgid "Do you really want to delete the selected keys? (y/N) " +msgid "Do you really want to permanently delete the OpenPGP secret subkey key:" +msgstr "Voulez-vous vraiment supprimer les clefs s?lectionn?es?? (o/N) " + +#, fuzzy +#| msgid "Do you really want to delete the selected keys? (y/N) " +msgid "Do you really want to permanently delete the OpenPGP secret key:" +msgstr "Voulez-vous vraiment supprimer les clefs s?lectionn?es?? (o/N) " + +#, fuzzy, c-format +#| msgid "" +#| "%s\n" +#| "\"%.*s\"\n" +#| "%u-bit %s key, ID %s,\n" +#| "created %s%s.\n" msgid "" "%s\n" "\"%.*s\"\n" "%u-bit %s key, ID %s,\n" "created %s%s.\n" +"%s" msgstr "" "%1$s\n" "? %3$.*2$s ?\n" @@ -4923,6 +5015,10 @@ msgstr "" "Attention?: la sous-clef de signature %s n'a pas de certificat crois?\n" #, c-format +msgid "please see %s for more information\n" +msgstr "veuillez consulter %s pour plus de renseignements\n" + +#, c-format msgid "WARNING: signing subkey %s has an invalid cross-certification\n" msgstr "" "Attention?: la sous-clef de signature %s a un certificat crois? incorrect\n" @@ -4958,6 +5054,11 @@ msgstr "Remarque?: la clef de signature %s a expir? le %s\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "Remarque?: la clef de signature %s a ?t? r?voqu?e\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "signature %s, algorithme de hachage %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" @@ -5242,53 +5343,6 @@ msgstr "" msgid "using %s trust model\n" msgstr "utilisation du mod?le de confiance %s\n" -#. TRANSLATORS: these strings are similar to those in -#. trust_value_to_string(), but are a fixed length. This is needed to -#. make attractive information listings where columns line up -#. properly. The value "10" should be the length of the strings you -#. choose to translate to. This is the length in printable columns. -#. It gets passed to atoi() so everything after the number is -#. essentially a comment and need not be translated. Either key and -#. uid are both NULL, or neither are NULL. -msgid "10 translator see trustdb.c:uid_trust_string_fixed" -msgstr "11 le traducteur a bien lu ce qu'il fallait :)" - -msgid "[ revoked]" -msgstr "[ r?voqu?e]" - -msgid "[ expired]" -msgstr "[ expir?e ]" - -msgid "[ unknown]" -msgstr "[ inconnue]" - -msgid "[ undef ]" -msgstr "[ind?finie]" - -msgid "[marginal]" -msgstr "[marginale]" - -msgid "[ full ]" -msgstr "[ totale ]" - -msgid "[ultimate]" -msgstr "[ ultime ]" - -msgid "undefined" -msgstr "ind?finie" - -msgid "never" -msgstr "jamais" - -msgid "marginal" -msgstr "marginale" - -msgid "full" -msgstr "totale" - -msgid "ultimate" -msgstr "ultime" - msgid "no need for a trustdb check\n" msgstr "inutile de v?rifier la base de confiance\n" @@ -5467,6 +5521,11 @@ msgstr "la r?ponse ne contient pas le module RSA\n" msgid "response does not contain the RSA public exponent\n" msgstr "la r?ponse ne contient pas l'exposant public RSA\n" +#, fuzzy +#| msgid "response does not contain the RSA public exponent\n" +msgid "response does not contain the EC public point\n" +msgstr "la r?ponse ne contient pas l'exposant public RSA\n" + #, c-format msgid "using default PIN as %s\n" msgstr "utilisation du code personnel par d?faut en tant que %s\n" @@ -5662,12 +5721,18 @@ msgstr "refus d'utiliser les commandes d'administration de la carte" msgid "use variable length input for pinpad" msgstr "" -msgid "Usage: scdaemon [options] (-h for help)" -msgstr "Utilisation?: scdaemon [options] (-h pour l'aide)" +#, fuzzy +#| msgid "Usage: dirmngr [options] (-h for help)" +msgid "Usage: @SCDAEMON@ [options] (-h for help)" +msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)" +#, fuzzy +#| msgid "" +#| "Syntax: scdaemon [options] [command [args]]\n" +#| "Smartcard daemon for GnuPG\n" msgid "" "Syntax: scdaemon [options] [command [args]]\n" -"Smartcard daemon for GnuPG\n" +"Smartcard daemon for @GNUPG@\n" msgstr "" "Syntaxe?: scdaemon [options] [commande [arguments]]\n" "D?mon de carte ? puce pour GnuPG\n" @@ -6242,8 +6307,10 @@ msgstr "|NOM|utiliser l'algorithme de chiffrement NOM" msgid "|NAME|use message digest algorithm NAME" msgstr "|NOM|utiliser l'algorithme de hachage NOM" -msgid "Usage: gpgsm [options] [files] (-h for help)" -msgstr "Utilisation?: gpgsm [options] [fichiers] (-h pour l'aide)" +#, fuzzy +#| msgid "Usage: gpg [options] [files] (-h for help)" +msgid "Usage: @GPGSM@ [options] [files] (-h for help)" +msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)" #, fuzzy #| msgid "" @@ -6251,7 +6318,7 @@ msgstr "Utilisation?: gpgsm [options] [fichiers] (-h pour l'aide)" #| "sign, check, encrypt or decrypt using the S/MIME protocol\n" #| "default operation depends on the input data\n" msgid "" -"Syntax: gpgsm [options] [files]\n" +"Syntax: @GPGSM@ [options] [files]\n" "Sign, check, encrypt or decrypt using the S/MIME protocol\n" "Default operation depends on the input data\n" msgstr "" @@ -7089,9 +7156,6 @@ msgstr "" "pas d'instance de dirmngr en cours d'ex?cution ?\n" "d?marrage d'une nouvelle instance\n" -msgid "malformed DIRMNGR_INFO environment variable\n" -msgstr "la variable d'environnement DIRMNGR_INFO est mal d?finie\n" - #, c-format msgid "dirmngr protocol version %d is not supported\n" msgstr "le protocole dirmngr version?%d n'est pas pris en charge\n" @@ -7196,6 +7260,9 @@ msgstr "|EMPR|r?ponse OCSP sign?e par EMPR" msgid "|N|do not return more than N items in one query" msgstr "|N|ne pas renvoyer plus de N??l?ments dans une requ?te" +msgid "|FILE|use the CA certifciates in FILE for HKP over TLS" +msgstr "" + msgid "" "@\n" "(See the \"info\" manual for a complete listing of all commands and " @@ -7205,12 +7272,18 @@ msgstr "" "(Consultez le manuel ??info?? pour obtenir une liste compl?te des commandes\n" "et options)\n" -msgid "Usage: dirmngr [options] (-h for help)" +#, fuzzy +#| msgid "Usage: dirmngr [options] (-h for help)" +msgid "Usage: @DIRMNGR@ [options] (-h for help)" msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)" +#, fuzzy +#| msgid "" +#| "Syntax: dirmngr [options] [command [args]]\n" +#| "LDAP and OCSP access for GnuPG\n" msgid "" -"Syntax: dirmngr [options] [command [args]]\n" -"LDAP and OCSP access for GnuPG\n" +"Syntax: @DIRMNGR@ [options] [command [args]]\n" +"LDAP and OCSP access for @GNUPG@\n" msgstr "" "Syntaxe?: dirmngr [options] [commande [arguments]]\n" "Acc?s LDAP et OCSP pour GnuPG\n" @@ -7219,8 +7292,10 @@ msgstr "" msgid "valid debug levels are: %s\n" msgstr "les niveaux de d?bogage possibles sont?: %s\n" -msgid "usage: dirmngr [options] " -msgstr "utilisation?: dirmngr [options] " +#, fuzzy, c-format +#| msgid "usage: gpgsm [options] " +msgid "usage: %s [options] " +msgstr "utilisation?: gpgsm [options] " msgid "colons are not allowed in the socket name\n" msgstr "les deux-points ne sont pas permis avec dans le nom de socket\n" @@ -7711,6 +7786,11 @@ msgstr "afficher les donn?es encod?es au format hexad?cimal" msgid "decode received data lines" msgstr "d?coder les lignes de donn?es re?ues" +#, fuzzy +#| msgid "can't connect to the dirmngr: %s\n" +msgid "connect to the dirmngr" +msgstr "impossible de se connecter au dirmngr?: %s\n" + msgid "|NAME|connect to Assuan socket NAME" msgstr "|NOM|se connecter ? la socket Assuan NOM" @@ -7729,11 +7809,17 @@ msgstr "|FICHIER|ex?cuter les commandes du FICHIER au d?marrage" msgid "run /subst on startup" msgstr "ex?cuter /subst au d?marrage" -msgid "Usage: gpg-connect-agent [options] (-h for help)" +#, fuzzy +#| msgid "Usage: gpg-connect-agent [options] (-h for help)" +msgid "Usage: @GPG at -connect-agent [options] (-h for help)" msgstr "Utilisation?: gpg-connect-agent [options] (-h pour l'aide)" +#, fuzzy +#| msgid "" +#| "Syntax: gpg-connect-agent [options]\n" +#| "Connect to a running agent and send commands\n" msgid "" -"Syntax: gpg-connect-agent [options]\n" +"Syntax: @GPG at -connect-agent [options]\n" "Connect to a running agent and send commands\n" msgstr "" "Syntaxe?: gpg-connect-agent [options]\n" @@ -7880,6 +7966,11 @@ msgstr "Gestionnaire de r?pertoires" msgid "PIN and Passphrase Entry" msgstr "Entr?e de code personnel et de phrase de passe" +#, fuzzy +#| msgid "Component not found" +msgid "Component not suitable for launching" +msgstr "Composant introuvable" + #, c-format msgid "External verification of component %s failed" msgstr "?chec de v?rification externe du composant %s" @@ -7905,7 +7996,9 @@ msgstr "|COMPOSANT|v?rifier les options" msgid "apply global default values" msgstr "appliquer les valeurs par d?faut globales" -msgid "get the configuration directories for gpgconf" +#, fuzzy +#| msgid "get the configuration directories for gpgconf" +msgid "get the configuration directories for @GPGCONF@" msgstr "aff. r?pertoires de configuration pour gpgconf" msgid "list global configuration file" @@ -7917,6 +8010,11 @@ msgstr "v?rifier le fichier de configuration globale" msgid "reload all or a given component" msgstr "recharger tous les composants ou celui donn?" +#, fuzzy +#| msgid "kill a given component" +msgid "launch a given component" +msgstr "tuer un composant donn?" + msgid "kill a given component" msgstr "tuer un composant donn?" @@ -7926,19 +8024,22 @@ msgstr "utiliser comme fichier de sortie" msgid "activate changes at runtime, if possible" msgstr "activer modif. pendant l'ex?cution si possible" -msgid "Usage: gpgconf [options] (-h for help)" -msgstr "Utilisation?: gpgconf [options] (-h pour l'aide)" +#, fuzzy +#| msgid "Usage: dirmngr [options] (-h for help)" +msgid "Usage: @GPGCONF@ [options] (-h for help)" +msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)" +#, fuzzy +#| msgid "" +#| "Syntax: gpgconf [options]\n" +#| "Manage configuration options for tools of the GnuPG system\n" msgid "" -"Syntax: gpgconf [options]\n" -"Manage configuration options for tools of the GnuPG system\n" +"Syntax: @GPGCONF@ [options]\n" +"Manage configuration options for tools of the @GNUPG@ system\n" msgstr "" "Syntaxe?: gpgconf [options]\n" "G?rer les options de configuration pour les outils du syst?me GnuPG\n" -msgid "usage: gpgconf [options] " -msgstr "utilisation?: gpgconf [options] " - msgid "Need one component argument" msgstr "Un argument de composant n?cessaire" @@ -8093,6 +8194,94 @@ msgstr "" "V?rifier une phrase de passe donn?e sur l'entr?e standard par rapport ? " "ficmotif\n" +#, fuzzy +#~| msgid "can't create '%s': %s\n" +#~ msgid "can't create `%s': %s\n" +#~ msgstr "impossible de cr?er ??%s???: %s\n" + +#, fuzzy +#~| msgid "can't open '%s': %s\n" +#~ msgid "can't open `%s': %s\n" +#~ msgstr "impossible d'ouvrir ??%s???: %s\n" + +#~ msgid "enable ssh-agent emulation" +#~ msgstr "activer l'?mulation de ssh-agent" + +#~ msgid "Usage: gpg-agent [options] (-h for help)" +#~ msgstr "Utilisation?: gpg-agent [options] (-h pour l'aide)" + +#~ msgid "malformed GPG_AGENT_INFO environment variable\n" +#~ msgstr "la variable d'environnement GPG_AGENT_INFO est mal d?finie\n" + +#~ msgid "error creating socket: %s\n" +#~ msgstr "erreur de cr?ation de socket?: %s\n" + +#~ msgid "host not found" +#~ msgstr "h?te introuvable" + +#~ msgid "error loading '%s': %s\n" +#~ msgstr "erreur de chargement de ??%s???: %s\n" + +#~ msgid "deleting secret key not implemented\n" +#~ msgstr "la suppression de clef secr?te n'est pas impl?ment?e\n" + +#~ msgid " (%d) ECDSA and ECDH\n" +#~ msgstr " (%d) ECDSA et ECDH\n" + +#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed" +#~ msgstr "11 le traducteur a bien lu ce qu'il fallait :)" + +#~ msgid "[ revoked]" +#~ msgstr "[ r?voqu?e]" + +#~ msgid "[ expired]" +#~ msgstr "[ expir?e ]" + +#~ msgid "[ unknown]" +#~ msgstr "[ inconnue]" + +#~ msgid "[ undef ]" +#~ msgstr "[ind?finie]" + +#~ msgid "[marginal]" +#~ msgstr "[marginale]" + +#~ msgid "[ full ]" +#~ msgstr "[ totale ]" + +#~ msgid "[ultimate]" +#~ msgstr "[ ultime ]" + +#~ msgid "undefined" +#~ msgstr "ind?finie" + +#~ msgid "never" +#~ msgstr "jamais" + +#~ msgid "marginal" +#~ msgstr "marginale" + +#~ msgid "full" +#~ msgstr "totale" + +#~ msgid "ultimate" +#~ msgstr "ultime" + +#~ msgid "Usage: scdaemon [options] (-h for help)" +#~ msgstr "Utilisation?: scdaemon [options] (-h pour l'aide)" + +#~ msgid "Usage: gpgsm [options] [files] (-h for help)" +#~ msgstr "Utilisation?: gpgsm [options] [fichiers] (-h pour l'aide)" + +#~ msgid "usage: dirmngr [options] " +#~ msgstr "utilisation?: dirmngr [options] " + +#~ msgid "Usage: gpgconf [options] (-h for help)" +#~ msgstr "Utilisation?: gpgconf [options] (-h pour l'aide)" + +#~ msgid "usage: gpgconf [options] " +#~ msgstr "utilisation?: gpgconf [options] " + #~ msgid "too many entries in pk cache - disabled\n" #~ msgstr "trop d'entr?es dans le cache de clefs publiques ? d?sactiv?\n" @@ -8782,12 +8971,6 @@ msgstr "" #~ msgid "wrong secret key used" #~ msgstr "mauvaise clef secr?te utilis?e" -#~ msgid "not supported" -#~ msgstr "non pris en charge" - -#~ msgid "bad key" -#~ msgstr "mauvaise clef" - #~ msgid "file write error" #~ msgstr "erreur d'?criture de fichier" diff --git a/po/ja.po b/po/ja.po index 86bd536..e0a984e 100644 --- a/po/ja.po +++ b/po/ja.po @@ -97,11 +97,11 @@ msgid "ssh keys greater than %d bits are not supported\n" msgstr "ssh??%d????????????????????\n" #, c-format -msgid "can't create `%s': %s\n" +msgid "can't create '%s': %s\n" msgstr "'%s'????????: %s\n" #, c-format -msgid "can't open `%s': %s\n" +msgid "can't open '%s': %s\n" msgstr "'%s'??????: %s\n" #, c-format @@ -282,12 +282,12 @@ msgstr "" "@?????:\n" " " -msgid "run in server mode (foreground)" -msgstr "?????????? (????????)" - msgid "run in daemon mode (background)" msgstr "??????????? (????????)" +msgid "run in server mode (foreground)" +msgstr "?????????? (????????)" + msgid "verbose" msgstr "??" @@ -336,14 +336,19 @@ msgstr "|N|N???????PIN??????" msgid "do not use the PIN cache when signing" msgstr "??????PIN????????" -msgid "allow clients to mark keys as \"trusted\"" +#, fuzzy +#| msgid "allow clients to mark keys as \"trusted\"" +msgid "disallow clients to mark keys as \"trusted\"" msgstr "?????????\"trusted\"?????????????" msgid "allow presetting passphrase" msgstr "???????????????" -msgid "enable ssh-agent emulation" -msgstr "ssh-agent??????????????" +msgid "enable ssh support" +msgstr "" + +msgid "enable putty support" +msgstr "" msgid "|FILE|write environment settings also to FILE" msgstr "|FILE|FILE?????????????" @@ -354,12 +359,18 @@ msgstr "|FILE|FILE?????????????" msgid "Please report bugs to <@EMAIL@>.\n" msgstr "??? <@EMAIL@> ??????????\n" -msgid "Usage: gpg-agent [options] (-h for help)" -msgstr "???: gpg-agent [?????] (???? -h)" +#, fuzzy +#| msgid "Usage: dirmngr [options] (-h for help)" +msgid "Usage: @GPG_AGENT@ [options] (-h for help)" +msgstr "???: dirmngr [?????] (???? -h)" +#, fuzzy +#| msgid "" +#| "Syntax: gpg-agent [options] [command [args]]\n" +#| "Secret key management for GnuPG\n" msgid "" -"Syntax: gpg-agent [options] [command [args]]\n" -"Secret key management for GnuPG\n" +"Syntax: @GPG_AGENT@ [options] [command [args]]\n" +"Secret key management for @GNUPG@\n" msgstr "" "??: gpg-agent [?????] [???? [??]]\n" "GnuPG???????\n" @@ -468,8 +479,10 @@ msgstr "%s %s ??????\n" msgid "no gpg-agent running in this session\n" msgstr "????????gpg-agent??????????\n" -msgid "malformed GPG_AGENT_INFO environment variable\n" -msgstr "GPG_AGENT_INFO???????????\n" +#, fuzzy, c-format +#| msgid "malformed DIRMNGR_INFO environment variable\n" +msgid "malformed %s environment variable\n" +msgstr "DIRMNGR_INFO?????????????\n" #, c-format msgid "gpg-agent protocol version %d is not supported\n" @@ -636,6 +649,16 @@ msgstr "???????????" msgid "I'll change it later" msgstr "??????" +#, fuzzy +#| msgid "enable key" +msgid "Delete key" +msgstr "???????" + +msgid "" +"Warning: This key is also listed for use with SSH!\n" +"Deleting the key will may remove your ability toaccess remote machines." +msgstr "" + msgid "DSA requires the hash length to be a multiple of 8 bits\n" msgstr "DSA?8???????????????????\n" @@ -694,13 +717,6 @@ msgstr "'%s'??????: ??????\n" msgid "error getting exit code of process %d: %s\n" msgstr "???? %d ?exit????????: %s\n" -#, c-format -msgid "error creating socket: %s\n" -msgstr "?????????: %s\n" - -msgid "host not found" -msgstr "???????????" - msgid "gpg-agent is not available in this session\n" msgstr "????????gpg-agent?????\n" @@ -937,10 +953,6 @@ msgstr "Dirmngr????" msgid "No help available for '%s'." msgstr "'%s'???????????" -#, c-format -msgid "can't open '%s': %s\n" -msgstr "'%s'??????: %s\n" - msgid "ignoring garbage line" msgstr "???????????" @@ -1003,14 +1015,6 @@ msgid "you found a bug ... (%s:%d)\n" msgstr "????????????? ... (%s:%d)\n" #, c-format -msgid "error loading '%s': %s\n" -msgstr "'%s'???????: %s\n" - -#, c-format -msgid "please see %s for more information\n" -msgstr "???%s???????\n" - -#, c-format msgid "conversion from '%s' to '%s' not available\n" msgstr "'%s'??'%s'????????????\n" @@ -1031,10 +1035,6 @@ msgid "error writing to '%s': %s\n" msgstr "'%s'????????: %s\n" #, c-format -msgid "can't create '%s': %s\n" -msgstr "'%s'????????: %s\n" - -#, c-format msgid "removing stale lockfile (created by %d)\n" msgstr "?? lockfile (%d ?????)??????\n" @@ -1338,6 +1338,16 @@ msgstr " (3) ???\n" msgid "Invalid selection.\n" msgstr "????????\n" +#, fuzzy +#| msgid "Please select the reason for the revocation:\n" +msgid "Please select where to store the key:\n" +msgstr "??????????????:\n" + +#, fuzzy, c-format +#| msgid "read failed: %s\n" +msgid "KEYTOCARD failed: %s\n" +msgstr "read ???????: %s\n" + msgid "quit this menu" msgstr "?????????" @@ -1428,8 +1438,18 @@ msgstr "????????????????? (y/N) " msgid "This is a secret key! - really delete? (y/N) " msgstr "????????! ?????????? (y/N) " -msgid "deleting secret key not implemented\n" -msgstr "????????????????\n" +#, fuzzy, c-format +#| msgid "deleting certificate \"%s\" failed: %s\n" +msgid "deleting secret %s failed: %s\n" +msgstr "???'%s'??????????: %s\n" + +msgid "key" +msgstr "" + +#, fuzzy +#| msgid "Pubkey: " +msgid "subkey" +msgstr "???: " #, c-format msgid "deleting keyblock failed: %s\n" @@ -1593,9 +1613,6 @@ msgstr " - ?????????" msgid "WARNING: nothing exported\n" msgstr "*??*: ??????????????\n" -msgid "too many entries in pk cache - disabled\n" -msgstr "pk????????????????? - ????\n" - msgid "[User ID not found]" msgstr "[???ID????????]" @@ -1670,6 +1687,16 @@ msgstr "????????????" msgid "remove keys from the secret keyring" msgstr "????????????" +#, fuzzy +#| msgid "sign a key" +msgid "quickly sign a key" +msgstr "????" + +#, fuzzy +#| msgid "sign a key locally" +msgid "quickly sign a key locally" +msgstr "????????" + msgid "sign a key" msgstr "????" @@ -1771,11 +1798,18 @@ msgstr "" " --list-keys [??] ????\n" " --fingerprint [??] ?????????????\n" -msgid "Usage: gpg [options] [files] (-h for help)" +#, fuzzy +#| msgid "Usage: gpg [options] [files] (-h for help)" +msgid "Usage: @GPG@ [options] [files] (-h for help)" msgstr "???: gpg [?????] [????] (???? -h)" +#, fuzzy +#| msgid "" +#| "Syntax: gpg [options] [files]\n" +#| "Sign, check, encrypt or decrypt\n" +#| "Default operation depends on the input data\n" msgid "" -"Syntax: gpg [options] [files]\n" +"Syntax: @GPG@ [options] [files]\n" "Sign, check, encrypt or decrypt\n" "Default operation depends on the input data\n" msgstr "" @@ -2470,13 +2504,13 @@ msgstr "? %s: ??????????\n" msgid "key %s: error sending to agent: %s\n" msgstr "? %s: ?????????????: %s\n" +msgid "importing secret keys not allowed\n" +msgstr "??????????????\n" + #, c-format msgid "key %s: secret key with invalid cipher %d - skipped\n" msgstr "?%s: ???????%d?????? - ???????\n" -msgid "importing secret keys not allowed\n" -msgstr "??????????????\n" - #, c-format msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "?%s: ????????? - ?????????????\n" @@ -2582,10 +2616,18 @@ msgid "key %s: direct key signature added\n" msgstr "?%s: ????????\n" #, c-format +msgid "error creating keybox '%s': %s\n" +msgstr "keybox'%s'??????: %s\n" + +#, c-format msgid "error creating keyring '%s': %s\n" msgstr "????'%s'??????: %s\n" #, c-format +msgid "keybox '%s' created\n" +msgstr "keybox'%s'????????\n" + +#, c-format msgid "keyring '%s' created\n" msgstr "????'%s'??????\n" @@ -3060,6 +3102,26 @@ msgstr "?????????: %s\n" msgid "Key not changed so no update needed.\n" msgstr "????????????????\n" +#, fuzzy, c-format +#| msgid "invalid fingerprint" +msgid "\"%s\" is not a fingerprint\n" +msgstr "?????????????" + +#, fuzzy, c-format +#| msgid "failed to get the fingerprint\n" +msgid "\"%s\" is not the primary fingerprint\n" +msgstr "????????????????????\n" + +#, fuzzy +#| msgid "No such user ID.\n" +msgid "No matching user IDs." +msgstr "?????ID???????\n" + +#, fuzzy +#| msgid "Nothing to sign with key %s\n" +msgid "Nothing to sign.\n" +msgstr "?%s??????????????\n" + msgid "Digest: " msgstr "??????: " @@ -3476,20 +3538,24 @@ msgstr " (%d) DSA (???????????)\n" msgid " (%d) RSA (set your own capabilities)\n" msgstr " (%d) RSA (???????????)\n" -#, c-format -msgid " (%d) ECDSA and ECDH\n" -msgstr " (%d) ECDSA ? ECDH\n" +#, fuzzy, c-format +#| msgid " (%d) RSA\n" +msgid " (%d) ECC\n" +msgstr " (%d) RSA\n" -#, c-format -msgid " (%d) ECDSA (sign only)\n" +#, fuzzy, c-format +#| msgid " (%d) ECDSA (sign only)\n" +msgid " (%d) ECC (sign only)\n" msgstr " (%d) ECDSA (????)\n" -#, c-format -msgid " (%d) ECDSA (set your own capabilities)\n" +#, fuzzy, c-format +#| msgid " (%d) ECDSA (set your own capabilities)\n" +msgid " (%d) ECC (set your own capabilities)\n" msgstr " (%d) ECDSA (???????????)\n" -#, c-format -msgid " (%d) ECDH (encrypt only)\n" +#, fuzzy, c-format +#| msgid " (%d) ECDH (encrypt only)\n" +msgid " (%d) ECC (encrypt only)\n" msgstr " (%d) ECDH (?????)\n" #, c-format @@ -3525,6 +3591,11 @@ msgstr "????????%u???\n" msgid "rounded to %u bits\n" msgstr "%u??????????\n" +#, fuzzy +#| msgid "Please select what kind of key you want:\n" +msgid "Please select which elliptic curve you want:\n" +msgstr "?????????????????:\n" + msgid "" "Please specify how long the key should be valid.\n" " 0 = key does not expire\n" @@ -4025,6 +4096,18 @@ msgstr "????????? - \"gpg --import\"???????? msgid "no signature found\n" msgstr "??????????\n" +#, c-format +msgid "BAD signature from \"%s\"" +msgstr "\"%s\"???*???*??" + +#, c-format +msgid "Expired signature from \"%s\"" +msgstr "\"%s\"??????????" + +#, c-format +msgid "Good signature from \"%s\"" +msgstr "\"%s\"????????" + msgid "signature verification suppressed\n" msgstr "????????\n" @@ -4046,18 +4129,6 @@ msgstr "%s?%s?ID %s???????\n" msgid "Key available at: " msgstr "?????????: " -#, c-format -msgid "BAD signature from \"%s\"" -msgstr "\"%s\"???*???*??" - -#, c-format -msgid "Expired signature from \"%s\"" -msgstr "\"%s\"??????????" - -#, c-format -msgid "Good signature from \"%s\"" -msgstr "\"%s\"????????" - msgid "[uncertain]" msgstr "[???]" @@ -4073,8 +4144,9 @@ msgstr "??????? %s\n" msgid "Signature expires %s\n" msgstr "?????%s??????????\n" -#, c-format -msgid "%s signature, digest algorithm %s\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "%s signature, digest algorithm %s%s%s\n" msgstr "%s???????????????? %s\n" msgid "binary" @@ -4266,24 +4338,60 @@ msgstr "%u???%s?, ID %s?????%s" msgid " (subkey on main key ID %s)" msgstr " (??ID %s ???)" -msgid "" -"Please enter the passphrase to unlock the secret key for the OpenPGP " -"certificate:" +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to unlock the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to unlock the OpenPGP secret key:" msgstr "" "OpenPGP??????????????????????????????????:" -msgid "" -"Please enter the passphrase to import the secret key for the OpenPGP " -"certificate:" +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to import the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to import the OpenPGP secret key:" msgstr "" "OpenPGP?????????????????????????????????:" -#, c-format +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to import the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to export the OpenPGP secret subkey:" +msgstr "" +"OpenPGP?????????????????????????????????:" + +#, fuzzy +#| msgid "" +#| "Please enter the passphrase to import the secret key for the OpenPGP " +#| "certificate:" +msgid "Please enter the passphrase to export the OpenPGP secret key:" +msgstr "" +"OpenPGP?????????????????????????????????:" + +#, fuzzy +#| msgid "Do you really want to delete the selected keys? (y/N) " +msgid "Do you really want to permanently delete the OpenPGP secret subkey key:" +msgstr "???????????????? (y/N) " + +#, fuzzy +#| msgid "Do you really want to delete the selected keys? (y/N) " +msgid "Do you really want to permanently delete the OpenPGP secret key:" +msgstr "???????????????? (y/N) " + +#, fuzzy, c-format +#| msgid "" +#| "%s\n" +#| "\"%.*s\"\n" +#| "%u-bit %s key, ID %s,\n" +#| "created %s%s.\n" msgid "" "%s\n" "\"%.*s\"\n" "%u-bit %s key, ID %s,\n" "created %s%s.\n" +"%s" msgstr "" "%s\n" "\"%.*s\"\n" @@ -4699,6 +4807,10 @@ msgid "WARNING: signing subkey %s is not cross-certified\n" msgstr "*??*: ????%s????????????\n" #, c-format +msgid "please see %s for more information\n" +msgstr "???%s???????\n" + +#, c-format msgid "WARNING: signing subkey %s has an invalid cross-certification\n" msgstr "*??*: ?????????????%s?????\n" @@ -4728,6 +4840,11 @@ msgstr "*??*: ???%s?%s??????????\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "*??*: ? %s ???????\n" +#, fuzzy, c-format +#| msgid "%s signature, digest algorithm %s\n" +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "%s???????????????? %s\n" + #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "??????????????????%s????????????\n" @@ -4989,53 +5106,6 @@ msgstr "???????? (%d) ?????? - %s?????? msgid "using %s trust model\n" msgstr "%s????????\n" -#. TRANSLATORS: these strings are similar to those in -#. trust_value_to_string(), but are a fixed length. This is needed to -#. make attractive information listings where columns line up -#. properly. The value "10" should be the length of the strings you -#. choose to translate to. This is the length in printable columns. -#. It gets passed to atoi() so everything after the number is -#. essentially a comment and need not be translated. Either key and -#. uid are both NULL, or neither are NULL. -msgid "10 translator see trustdb.c:uid_trust_string_fixed" -msgstr "10" - -msgid "[ revoked]" -msgstr "[ ?? ]" - -msgid "[ expired]" -msgstr "[????]" - -msgid "[ unknown]" -msgstr "[ ?? ]" - -msgid "[ undef ]" -msgstr "[ ??? ]" - -msgid "[marginal]" -msgstr "[????]" - -msgid "[ full ]" -msgstr "[ ?? ]" - -msgid "[ultimate]" -msgstr "[ ?? ]" - -msgid "undefined" -msgstr "???" - -msgid "never" -msgstr "???" - -msgid "marginal" -msgstr "????" - -msgid "full" -msgstr "??" - -msgid "ultimate" -msgstr "??" - msgid "no need for a trustdb check\n" msgstr "?????????????????\n" @@ -5190,6 +5260,11 @@ msgstr "???RSA??(modulus)?????????\n" msgid "response does not contain the RSA public exponent\n" msgstr "???RSA?????????????\n" +#, fuzzy +#| msgid "response does not contain the RSA public exponent\n" +msgid "response does not contain the EC public point\n" +msgstr "???RSA?????????????\n" + #, c-format msgid "using default PIN as %s\n" msgstr "?????PIN?%s???????\n" @@ -5365,12 +5440,18 @@ msgstr "????????????????" msgid "use variable length input for pinpad" msgstr "??????????????" -msgid "Usage: scdaemon [options] (-h for help)" -msgstr "???: scdaemon [?????] (???? -h)" +#, fuzzy +#| msgid "Usage: dirmngr [options] (-h for help)" +msgid "Usage: @SCDAEMON@ [options] (-h for help)" +msgstr "???: dirmngr [?????] (???? -h)" +#, fuzzy +#| msgid "" +#| "Syntax: scdaemon [options] [command [args]]\n" +#| "Smartcard daemon for GnuPG\n" msgid "" "Syntax: scdaemon [options] [command [args]]\n" -"Smartcard daemon for GnuPG\n" +"Smartcard daemon for @GNUPG@\n" msgstr "" "??: scdaemon [?????] [???? [??]]\n" "GnuPG?Smartcard????\n" @@ -5923,11 +6004,18 @@ msgstr "|NAME|?????????NAME???" msgid "|NAME|use message digest algorithm NAME" msgstr "|NAME|??????????????NAME???" -msgid "Usage: gpgsm [options] [files] (-h for help)" -msgstr "???: gpgsm [?????] [????] (???? -h)" +#, fuzzy +#| msgid "Usage: gpg [options] [files] (-h for help)" +msgid "Usage: @GPGSM@ [options] [files] (-h for help)" +msgstr "???: gpg [?????] [????] (???? -h)" +#, fuzzy +#| msgid "" +#| "Syntax: gpgsm [options] [files]\n" +#| "Sign, check, encrypt or decrypt using the S/MIME protocol\n" +#| "Default operation depends on the input data\n" msgid "" -"Syntax: gpgsm [options] [files]\n" +"Syntax: @GPGSM@ [options] [files]\n" "Sign, check, encrypt or decrypt using the S/MIME protocol\n" "Default operation depends on the input data\n" msgstr "" @@ -5994,17 +6082,9 @@ msgstr "?????????????: %s\n" msgid "error reading input: %s\n" msgstr "?????????: %s\n" -#, c-format -msgid "error creating keybox '%s': %s\n" -msgstr "keybox'%s'??????: %s\n" - msgid "you may want to start the gpg-agent first\n" msgstr "?? gpg-agent ??????????\n" -#, c-format -msgid "keybox '%s' created\n" -msgstr "keybox'%s'????????\n" - msgid "failed to get the fingerprint\n" msgstr "????????????????????\n" @@ -6333,7 +6413,8 @@ msgid "invalid formatted checksum for '%s'\n" msgstr "'%s'????????????????\n" msgid "too many open cache files; can't open anymore\n" -msgstr "????????????????????????????????????\n" +msgstr "" +"????????????????????????????????????\n" #, c-format msgid "opening cache file '%s'\n" @@ -6382,7 +6463,8 @@ msgstr "???ID%s?????????CRL????????\n" #, c-format msgid "cached CRL for issuer id %s tampered; we need to update\n" -msgstr "???ID%s????????????CRL?????????????????\n" +msgstr "" +"???ID%s????????????CRL?????????????????\n" msgid "WARNING: invalid cache record length for S/N " msgstr "**??**: S/N??????????????????" @@ -6494,7 +6576,9 @@ msgstr "????????????'%s'?????????: %s\ #, c-format msgid "WARNING: new CRL still too old; it expired on %s - loading anyway\n" -msgstr "**??**: ???CRL?????????%s????????? - ??????????\n" +msgstr "" +"**??**: ???CRL?????????%s????????? - ????????" +"??\n" #, c-format msgid "new CRL still too old; it expired on %s\n" @@ -6520,7 +6604,8 @@ msgid "" "updating the DIR file failed - cache entry will get lost with the next " "program start\n" msgstr "" -"DIR?????????? - ???????????????????????????\n" +"DIR?????????? - ?????????????????????????" +"??\n" #, c-format msgid "Begin CRL dump (retrieved via %s)\n" @@ -6529,13 +6614,11 @@ msgstr "CRL?????? (%s ????)\n" msgid "" " ERROR: The CRL will not be used because it was still too old after an " "update!\n" -msgstr "" -"*???*: CRL???????????????????????!\n" +msgstr "*???*: CRL???????????????????????!\n" msgid "" " ERROR: The CRL will not be used due to an unknown critical extension!\n" -msgstr "" -"*???*: CRL??????????????????????!\n" +msgstr "*???*: CRL??????????????????????!\n" msgid " ERROR: The CRL will not be used\n" msgstr "*???*: CRL????????\n" @@ -6708,9 +6791,6 @@ msgstr "?????dirmngr????????\n" msgid "no running dirmngr - starting one\n" msgstr "dirmngr???????? - ?????\n" -msgid "malformed DIRMNGR_INFO environment variable\n" -msgstr "DIRMNGR_INFO?????????????\n" - #, c-format msgid "dirmngr protocol version %d is not supported\n" msgstr "dirmngr???????????%d????????????\n" @@ -6805,6 +6885,9 @@ msgstr "|FPR|FPR??????OCSP?????" msgid "|N|do not return more than N items in one query" msgstr "|N|???????N??????????????" +msgid "|FILE|use the CA certifciates in FILE for HKP over TLS" +msgstr "" + msgid "" "@\n" "(See the \"info\" manual for a complete listing of all commands and " @@ -6813,12 +6896,18 @@ msgstr "" "@\n" "(?????????????????\"info\" ????????????)\n" -msgid "Usage: dirmngr [options] (-h for help)" +#, fuzzy +#| msgid "Usage: dirmngr [options] (-h for help)" +msgid "Usage: @DIRMNGR@ [options] (-h for help)" msgstr "???: dirmngr [?????] (???? -h)" +#, fuzzy +#| msgid "" +#| "Syntax: dirmngr [options] [command [args]]\n" +#| "LDAP and OCSP access for GnuPG\n" msgid "" -"Syntax: dirmngr [options] [command [args]]\n" -"LDAP and OCSP access for GnuPG\n" +"Syntax: @DIRMNGR@ [options] [command [args]]\n" +"LDAP and OCSP access for @GNUPG@\n" msgstr "" "??: dirmngr [?????] [???? [??]]\n" "GnuPG?LDAP?OCSP????\n" @@ -6827,8 +6916,10 @@ msgstr "" msgid "valid debug levels are: %s\n" msgstr "???debug????: %s\n" -msgid "usage: dirmngr [options] " -msgstr "???: dirmngr [?????] " +#, fuzzy, c-format +#| msgid "usage: gpgsm [options] " +msgid "usage: %s [options] " +msgstr "???: gpgsm [?????] " msgid "colons are not allowed in the socket name\n" msgstr "????????????????\n" @@ -7300,6 +7391,11 @@ msgstr "16???????????????????" msgid "decode received data lines" msgstr "???????????????" +#, fuzzy +#| msgid "can't connect to the dirmngr: %s\n" +msgid "connect to the dirmngr" +msgstr "dirmngr????????: %s\n" + msgid "|NAME|connect to Assuan socket NAME" msgstr "|NAME|Assuan??????NAME?????" @@ -7318,11 +7414,17 @@ msgstr "|FILE|????FILE???????????" msgid "run /subst on startup" msgstr "???? /subst ?????" -msgid "Usage: gpg-connect-agent [options] (-h for help)" +#, fuzzy +#| msgid "Usage: gpg-connect-agent [options] (-h for help)" +msgid "Usage: @GPG at -connect-agent [options] (-h for help)" msgstr "???: gpg-connect-agent [?????] (???? -h)" +#, fuzzy +#| msgid "" +#| "Syntax: gpg-connect-agent [options]\n" +#| "Connect to a running agent and send commands\n" msgid "" -"Syntax: gpg-connect-agent [options]\n" +"Syntax: @GPG at -connect-agent [options]\n" "Connect to a running agent and send commands\n" msgstr "" "??: gpg-connect-agent [?????]\n" @@ -7470,6 +7572,11 @@ msgstr "????????????" msgid "PIN and Passphrase Entry" msgstr "PIN??????????" +#, fuzzy +#| msgid "Component not found" +msgid "Component not suitable for launching" +msgstr "???????????????" + #, c-format msgid "External verification of component %s failed" msgstr "???????%s?????????????" @@ -7495,7 +7602,9 @@ msgstr "|COMPONENT|????????????" msgid "apply global default values" msgstr "?????????????????" -msgid "get the configuration directories for gpgconf" +#, fuzzy +#| msgid "get the configuration directories for gpgconf" +msgid "get the configuration directories for @GPGCONF@" msgstr "gpgconf??????????????????????????" msgid "list global configuration file" @@ -7507,6 +7616,11 @@ msgstr "???????????????????????? msgid "reload all or a given component" msgstr "???????????????????????????" +#, fuzzy +#| msgid "kill a given component" +msgid "launch a given component" +msgstr "?????????????kill??" + msgid "kill a given component" msgstr "?????????????kill??" @@ -7516,19 +7630,22 @@ msgstr "???????????" msgid "activate changes at runtime, if possible" msgstr "??????????????????" -msgid "Usage: gpgconf [options] (-h for help)" -msgstr "???: gpgconf [?????] (???? -h)" +#, fuzzy +#| msgid "Usage: dirmngr [options] (-h for help)" +msgid "Usage: @GPGCONF@ [options] (-h for help)" +msgstr "???: dirmngr [?????] (???? -h)" +#, fuzzy +#| msgid "" +#| "Syntax: gpgconf [options]\n" +#| "Manage configuration options for tools of the GnuPG system\n" msgid "" -"Syntax: gpgconf [options]\n" -"Manage configuration options for tools of the GnuPG system\n" +"Syntax: @GPGCONF@ [options]\n" +"Manage configuration options for tools of the @GNUPG@ system\n" msgstr "" "??: gpgconf [?????]\n" "GnuPG????????????????????????????????\n" -msgid "usage: gpgconf [options] " -msgstr "???: gpgconf [?????] " - msgid "Need one component argument" msgstr "????????????????" @@ -7681,3 +7798,90 @@ msgid "" msgstr "" "??: gpg-check-pattern [?????] ????????\n" "????????????????????????????\n" + +#~ msgid "can't create `%s': %s\n" +#~ msgstr "'%s'????????: %s\n" + +#~ msgid "can't open `%s': %s\n" +#~ msgstr "'%s'??????: %s\n" + +#~ msgid "enable ssh-agent emulation" +#~ msgstr "ssh-agent??????????????" + +#~ msgid "Usage: gpg-agent [options] (-h for help)" +#~ msgstr "???: gpg-agent [?????] (???? -h)" + +#~ msgid "malformed GPG_AGENT_INFO environment variable\n" +#~ msgstr "GPG_AGENT_INFO???????????\n" + +#~ msgid "error creating socket: %s\n" +#~ msgstr "?????????: %s\n" + +#~ msgid "host not found" +#~ msgstr "???????????" + +#~ msgid "error loading '%s': %s\n" +#~ msgstr "'%s'???????: %s\n" + +#~ msgid "deleting secret key not implemented\n" +#~ msgstr "????????????????\n" + +#~ msgid "too many entries in pk cache - disabled\n" +#~ msgstr "pk????????????????? - ????\n" + +#~ msgid " (%d) ECDSA and ECDH\n" +#~ msgstr " (%d) ECDSA ? ECDH\n" + +#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed" +#~ msgstr "10" + +#~ msgid "[ revoked]" +#~ msgstr "[ ?? ]" + +#~ msgid "[ expired]" +#~ msgstr "[????]" + +#~ msgid "[ unknown]" +#~ msgstr "[ ?? ]" + +#~ msgid "[ undef ]" +#~ msgstr "[ ??? ]" + +#~ msgid "[marginal]" +#~ msgstr "[????]" + +#~ msgid "[ full ]" +#~ msgstr "[ ?? ]" + +#~ msgid "[ultimate]" +#~ msgstr "[ ?? ]" + +#~ msgid "undefined" +#~ msgstr "???" + +#~ msgid "never" +#~ msgstr "???" + +#~ msgid "marginal" +#~ msgstr "????" + +#~ msgid "full" +#~ msgstr "??" + +#~ msgid "ultimate" +#~ msgstr "??" + +#~ msgid "Usage: scdaemon [options] (-h for help)" +#~ msgstr "???: scdaemon [?????] (???? -h)" + +#~ msgid "Usage: gpgsm [options] [files] (-h for help)" +#~ msgstr "???: gpgsm [?????] [????] (???? -h)" + +#~ msgid "usage: dirmngr [options] " +#~ msgstr "???: dirmngr [?????] " + +#~ msgid "Usage: gpgconf [options] (-h for help)" +#~ msgstr "???: gpgconf [?????] (???? -h)" + +#~ msgid "usage: gpgconf [options] " +#~ msgstr "???: gpgconf [?????] " commit 533ff0ab56dd6dfcab4bb2ef5c7755b62d158007 Author: Werner Koch Date: Thu Jun 5 16:20:44 2014 +0200 Update README file. -- The copyright list in AUTHORS as been compiled from a distribution tarball. diff --git a/AUTHORS b/AUTHORS index c9a0bc0..f64d17f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,10 +1,35 @@ Program: GnuPG -Homepage: http://www.gnupg.org +Homepage: https://www.gnupg.org Maintainer: Werner Koch Bug reports: http://bugs.gnupg.org Security related bug reports: License: GPLv3+ +GnuPG is free software. See the files COPYING for copying conditions. +License copyright years may be listed using range notation, e.g., +2000-2013, indicating that every year in the range, inclusive, is a +copyrightable year that would otherwise be listed individually. + +List of Copyright holders +========================= + + Copyright (C) 1997-1998, 2013-2014 Werner Koch + Copyright (C) 1994-2013 Free Software Foundation, Inc. + Copyright (C) 2003-2013 g10 Code GmbH + Copyright (C) 2002 Klar?lvdalens Datakonsult AB + Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper + Copyright (C) 1994 X Consortium + Copyright (C) 1998 by The Internet Society. + Copyright (C) 1998-2004 The OpenLDAP Foundation + Copyright (C) 1998-2004 Kurt D. Zeilenga. + Copyright (C) 1998-2004 Net Boolean Incorporated. + Copyright (C) 2001-2004 IBM Corporation. + Copyright (C) 1999-2003 Howard Y.H. Chu. + Copyright (C) 1999-2003 Symas Corporation. + Copyright (C) 1998-2003 Hallvard B. Furuseth. + Copyright (C) 1992-1996 Regents of the University of Michigan. + + Authors with a FSF copyright assignment ======================================= @@ -181,28 +206,15 @@ or later. Note that some files are under a combination of the GNU Lesser General Public License, version 3 and the GNU General Public License, version 2. A few other files carry the all permissive license note as found -at the bottom of this file. Certain files in keyserver/ allow one -specific exception: - - In addition, as a special exception, the Free Software Foundation - gives permission to link the code of the keyserver helper tools: - gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL - project's "OpenSSL" library (or with modified versions of it that - use the same license as the "OpenSSL" library), and distribute the - linked executables. You must obey the GNU General Public License - in all respects for all of the code used other than "OpenSSL". If - you modify this file, you may extend this exception to your version - of the file, but you are not obligated to do so. If you do not - wish to do so, delete this exception statement from your version. - -Note that the gpgkeys_* binaries are currently installed under the -name gpg2keys_*. +at the bottom of this file. + ========= Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Free Software Foundation, Inc. + Copyright 1997, 1998, 2013, 2014 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/NEWS b/NEWS index 38c5391..a5a0d53 100644 --- a/NEWS +++ b/NEWS @@ -1,51 +1,84 @@ Noteworthy changes in version 2.1.0-betaN (unreleased) ----------------------------------------------------- - * GPG now accepts a space separated fingerprint as a user ID. This + * gpg: Add experimental signature support using curve Ed25519 and + with a patched Libgcrypt also encryption support with Curve25519. + + * gpg: Allow use of Brainpool curves. + + * gpg: Accepts a space separated fingerprint as user ID. This allows to copy and paste the fingerprint from the key listing. - * The GNU Pth library has been replaced by the new nPth library. + * gpg: The hash algorithm is now printed for signature records in key + listings. - * By default the users are now asked via the Pinentry whether they - trust an X.509 root key. To prohibit interactive marking of such - keys, the new option --no-allow-mark-trusted may be used. + * gpg: Reject signatures made using the MD5 hash algorithm unless the + new option --allow-weak-digest-algos or --pgp2 are given. - * The included ssh agent does now support ECDSA keys. + * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the + communication with the gpg-agent. - * The new option --enable-putty-support allows gpg-agent on Windows - to act as a Pageant replacement with full smartcard support. + * gpg: Changed the format of key listings. To revert to the old + format the option --legacy-list-mode is available. - * Removed support for the original HKP keyserver which is not anymore - used by any site. + * gpg: New option --pinentry-mode. - * The hash algorithm is now printed for sig records in key listings. + * gpg: Fixed decryption using an OpenPGP card. - * New option --pinentry-mode for GPG. + * gpg: Fixed bug with deeply nested compressed packets. - * New option --enable-pinpad-varlen for scdaemon. + * gpg: Only the major version number is by default included in the + armored output. - * New option --with-secret for GPG and GPGSM. + * gpg: Do not create a trustdb file if --trust-model=always is used. - * Rename option --disable-pinpad for scdaemon (was: --disable-keypad). + * gpg: Protect against rogue keyservers sending secret keys. - * Better support fo CCID readers. Now, internal CCID driver supports - readers with no auto configuration feature. + * gpg: The format of the fallback key listing ("gpg KEYFILE") is now + more aligned to the regular key listing ("gpg -k"). - * Support installation as portable application under Windows. + * gpg: The option--show-session-key prints its output now before the + decryption of the bulk message starts. + + * gpg: New %U expando for the photo viewer. + + * gpg,gpgsm: New option --with-secret. + + * gpgsm: By default the users are now asked via the Pinentry whether + they trust an X.509 root key. To prohibit interactive marking of + such keys, the new option --no-allow-mark-trusted may be used. + + * gpgsm: New commands to export a secret RSA key in PKCS#1 or PKCS#8 + format. + + * gpgsm: Improved handling of re-issued CA certificates. - * Fixed GPG to decrypt using an OpenPGP card. + * agent: The included ssh agent does now support ECDSA keys. - * Fixed bug with deeply nested compressed packets. + * agent: New option --enable-putty-support to allow gpg-agent on + Windows to act as a Pageant replacement with full smartcard support. - * Only the major version number is by default included in the armored - output. + * scdaemon: New option --enable-pinpad-varlen. - * Do not create a trustdb file if --trust-model=always is used. + * scdaemon: Various fixes for pinpad equipped card readers. - * Protect against rogue keyservers sending secret keys. + * scdaemon: Rename option --disable-pinpad (was --disable-keypad). + + * scdaemon: Better support fo CCID readers. Now, internal CCID + driver supports readers with no auto configuration feature. + + * dirmngr: Removed support for the original HKP keyserver which is + not anymore used by any site. + + * dirmngr: Improved support for keyserver pools. + + * tools: New option --dirmngr for gpg-connect-agent. + + * The GNU Pth library has been replaced by the new nPth library. + + * Support installation as portable application under Windows. - * GPGSM can now be used to export a secret RSA key in PKCS#1 or - PKCS#8 format. + * All kind of other improvements - see the git log. Noteworthy changes in version 2.1.0beta3 (2011-12-20) @@ -53,7 +86,7 @@ Noteworthy changes in version 2.1.0beta3 (2011-12-20) * Fixed regression in GPG's secret key export function. - * Allow generation of card keys up to 4096 bit. + * Allowj generation of card keys up to 4096 bit. * Support the SSH confirm flag. diff --git a/README b/README index fd20d40..d5cd727 100644 --- a/README +++ b/README @@ -4,17 +4,16 @@ THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE. - Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - 2006, 2007, 2008, 2009, 2010, 2011, 2012, - 2013 Free Software Foundation, Inc. + Copyright 1997-1998, 2013-2014 Werner Koch + Copyright 1998-2013 Free Software Foundation, Inc. INTRODUCTION ============ -GnuPG is GNU's tool for secure communication and data storage. It can -be used to encrypt data and to create digital signatures. It includes -an advanced key management facility and is compliant with the proposed +GnuPG is a tool for secure communication and data storage. It can be +used to encrypt data and to create digital signatures. It includes an +advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC4880 and the S/MIME standard as described by several RFCs. @@ -23,9 +22,9 @@ License. See the file COPYING for details. GnuPG works best on GNU/Linux or *BSD systems. Most other Unices are also supported but are not as well tested as the Free Unices. -GnuPG 2.0 is the stable version of GnuPG integrating support for -OpenPGP and S/MIME. It does not conflict with an installed 1.4 -OpenPGP-only version. +GnuPG-2 is the stable version of GnuPG integrating support for OpenPGP +and S/MIME. It does not conflict with an installed 1.4 OpenPGP-only +version. BUILD INSTRUCTIONS @@ -42,6 +41,10 @@ GnuPG 2.1 depends on the following packages: You should get the latest versions of course, the GnuPG configure script complains if a version is not sufficient. +For some advanced features several other libraries are required. The +configure script prints diagnostic messages if one of these libraries +is not available and a feature will not be available.. + You also need the Pinentry package for most functions of GnuPG; however it is not a build requirement. Pinentry is available at ftp://ftp.gnupg.org/gcrypt/pinentry/ . @@ -60,12 +63,12 @@ As with all packages, you just have to do (Before doing install you might need to become root.) If everything succeeds, you have a working GnuPG with support for -S/MIME and smartcards. Note that there is no binary gpg but a gpg2 so -that this package won't conflict with a GnuPG 1.4 installation. gpg2 -behaves just like gpg. +OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no +binary gpg but a gpg2 so that this package won't conflict with a GnuPG +1.4 installation. gpg2 behaves just like gpg. -In case of problem please ask on gnupg-users at gnupg.org mailing list -for advise. +In case of problem please ask on the gnupg-users at gnupg.org mailing +list for advise. Note that the PKITS tests are always skipped unless you copy the PKITS test data file into the tests/pkits directory. There is no need to @@ -138,10 +141,11 @@ dependency on other modules at run and build time. HOW TO GET MORE INFORMATION =========================== -The primary WWW page is "http://www.gnupg.org" +The primary WWW page is "https://www.gnupg.org" + or using TOR "http://ic6au7wa3f6naxjq.onion" The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/" -See http://www.gnupg.org/download/mirrors.html for a list of mirrors +See https://www.gnupg.org/download/mirrors.html for a list of mirrors and use them if possible. You may also find GnuPG mirrored on some of the regular GNU mirrors. @@ -178,13 +182,11 @@ The English and German mailing lists are watched by the authors and we try to answer questions when time allows us to do so. Commercial grade support for GnuPG is available; for a listing of -offers see http://www.gnupg.org/service.html . The driving force -behind the development of GnuPG is the company of its principal -author, Werner Koch. Maintenance and improvement of GnuPG and related -software takes up most of their resources. To allow him to continue -his work he asks to either purchase a support contract, engage them -for custom enhancements, or to donate money. See http://g10code.com . - +offers see https://www.gnupg.org/service.html . Maintaining and +improving GnuPG is costly. Since 2001, g10 Code GmbH, a German +company owned and headed by GnuPG's principal author Werner Koch, is +bearing the majority of these costs. To help them carry on this work, +they need your support. See https://gnupg.org/donate/ . This file is Free Software; as a special exception the authors gives unlimited permission to copy and/or distribute it, with or without commit 23712e69d3f97df9d789325f1a2f2f61e7d5bbb4 Author: Werner Koch Date: Thu Jun 5 13:44:40 2014 +0200 Remove keyserver helper code. * configure.ac: Remove keyserver helper related stuff. * Makefile.am (SUBDIRS): Remove keyserver. * keyserver/Makefile.am: Remove. -- The dirmngr is used instead of the keyserver helpers. Thus there is more need to distribute the old code. We keep it in the repo for references, though. diff --git a/Makefile.am b/Makefile.am index 3b79226..2d07ad2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -40,12 +40,8 @@ endif if BUILD_GPG gpg = g10 -if !HAVE_W32CE_SYSTEM -keyserver = -endif else gpg = -keyserver = endif if BUILD_GPGSM sm = sm @@ -90,7 +86,7 @@ tests = endif SUBDIRS = m4 gl common ${kbx} \ - ${gpg} ${keyserver} ${sm} ${agent} ${scd} ${g13} ${dirmngr} \ + ${gpg} ${sm} ${agent} ${scd} ${g13} ${dirmngr} \ ${tools} po ${doc} ${tests} dist_doc_DATA = README diff --git a/configure.ac b/configure.ac index ae42f7e..2c613a7 100644 --- a/configure.ac +++ b/configure.ac @@ -90,7 +90,6 @@ use_zip=yes use_bzip2=yes use_exec=yes use_trust_models=yes -disable_keyserver_path=no card_support=yes use_ccid_driver=yes use_standard_socket=yes @@ -313,61 +312,6 @@ if test "$use_exec" = yes ; then fi],withval=no) AC_MSG_RESULT($withval) fi - - AC_MSG_CHECKING([whether to enable external keyserver helpers]) - AC_ARG_ENABLE(keyserver-helpers, - [ --disable-keyserver-helpers disable all external keyserver support], - [if test "$enableval" = no ; then - AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1, - [define to disable keyserver helpers]) - fi],enableval=yes) - gnupg_cv_enable_keyserver_helpers=$enableval - AC_MSG_RESULT($enableval) - - if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then - # LDAP is defined only after we confirm the library is available later - AC_MSG_CHECKING([whether LDAP keyserver support is requested]) - AC_ARG_ENABLE(ldap, - AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]), - try_ks_ldap=$enableval, try_ks_ldap=yes) - AC_MSG_RESULT($try_ks_ldap) - - AC_MSG_CHECKING([whether HKP keyserver support is requested]) - AC_ARG_ENABLE(hkp, - AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]), - try_hkp=$enableval, try_hkp=yes) - AC_MSG_RESULT($try_hkp) - - AC_MSG_CHECKING([whether finger key fetching support is requested]) - AC_ARG_ENABLE(finger, - AC_HELP_STRING([--disable-finger], - [disable finger key fetching interface only]), - try_finger=$enableval, try_finger=yes) - AC_MSG_RESULT($try_finger) - - AC_MSG_CHECKING([whether generic object key fetching support is requested]) - AC_ARG_ENABLE(generic, - AC_HELP_STRING([--disable-generic], - [disable generic object key fetching interface only]), - try_generic=$enableval, try_generic=yes) - AC_MSG_RESULT($try_generic) - - AC_MSG_CHECKING([whether email keyserver support is requested]) - AC_ARG_ENABLE(mailto, - AC_HELP_STRING([--enable-mailto], - [enable email keyserver interface only]), - try_mailto=$enableval, try_mailto=no) - AC_MSG_RESULT($try_mailto) - fi - - AC_MSG_CHECKING([whether keyserver exec-path is enabled]) - AC_ARG_ENABLE(keyserver-path, - AC_HELP_STRING([--disable-keyserver-path], - [disable the exec-path option for keyserver helpers]), - [if test "$enableval" = no ; then - disable_keyserver_path=yes - fi],enableval=yes) - AC_MSG_RESULT($enableval) fi @@ -655,7 +599,6 @@ case "${host}" in [Because the Unix gettext has too much overhead on MingW32 systems and these systems lack Posix functions, we use a simplified version of gettext]) - disable_keyserver_path=yes have_dosish_system=yes have_w32_system=yes run_tests=no @@ -758,10 +701,6 @@ if test "$use_ldapwrapper" = yes; then fi AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes) -if test "$disable_keyserver_path" = yes; then - AC_DEFINE(DISABLE_KEYSERVER_PATH,1, - [Defined to disable exec-path for keyserver helpers]) -fi # # Allows enabling the use of a standard socket by default This is @@ -1878,9 +1817,6 @@ tests/Makefile tests/openpgp/Makefile tests/pkits/Makefile ]) -#keyserver/Makefile -#keyserver/gpg2keys_mailto -#keyserver/gpg2keys_test AC_OUTPUT diff --git a/keyserver/Makefile.am b/keyserver/Makefile.am deleted file mode 100644 index 884b8eb..0000000 --- a/keyserver/Makefile.am +++ /dev/null @@ -1,86 +0,0 @@ -# Makefile.am - Makefile for keyservers -# Copyright (C) 2001, 2002, 2004, 2005, 2006, -# 2009 Free Software Foundation, Inc. -# -# This file is part of GnuPG. -# -# GnuPG is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# GnuPG is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . -## Process this file with automake to produce Makefile.in - -# Note that we have renamed the resulting binaries to from gpgkeys_foo -# to gpg2keys_foo to allow for a non-conflicting installation of -# gnupg1 and gnupg2. Having the same names for the helpers would -# otherwise lead to trouble when to uninstall one of them. -EXTRA_PROGRAMS = gpg2keys_ldap gpg2keys_hkp gpg2keys_finger gpg2keys_curl \ - gpg2keys_kdns -EXTRA_SCRIPTS = gpg2keys_mailto - -EXTRA_DIST = ChangeLog-2011 - -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl - -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) - -include $(top_srcdir)/am/cmacros.am - -libexec_PROGRAMS = $(GPGKEYS_LDAP) $(GPGKEYS_HKP) $(GPGKEYS_FINGER) \ - $(GPGKEYS_CURL) $(GPGKEYS_KDNS) -libexec_SCRIPTS = $(GPGKEYS_MAILTO) -noinst_SCRIPTS = gpg2keys_test - -common_libs = ../gl/libgnu.a ../common/libcommon.a -other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS) - -gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h no-libgcrypt.c -gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS) -gpg2keys_ldap_LDADD = $(common_libs) $(LDAPLIBS) $(GPG_ERROR_LIBS) \ - $(NETLIBS) $(other_libs) - -gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c -gpg2keys_finger_CPPFLAGS = $(AM_CPPFLAGS) -gpg2keys_finger_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \ - $(NETLIBS) $(other_libs) - -gpg2keys_kdns_SOURCES = gpgkeys_kdns.c ksutil.c ksutil.h no-libgcrypt.c -gpg2keys_kdns_CPPFLAGS = $(AM_CPPFLAGS) -gpg2keys_kdns_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \ - $(ADNSLIBS) $(NETLIBS) $(other_libs) - - -gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h no-libgcrypt.c -gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c -if FAKE_CURL -gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h -gpg2keys_curl_CPPFLAGS = $(AM_CPPFLAGS) -gpg2keys_curl_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \ - $(other_libs) -gpg2keys_hkp_SOURCES += curl-shim.c curl-shim.h -gpg2keys_hkp_CPPFLAGS = $(AM_CPPFLAGS) -gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \ - $(other_libs) -else -# Note that we need to include all other libs here as well because -# some compilers don't care about inline functions and insert -# references to symbols used in unused inline functions. -gpg2keys_curl_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS) -gpg2keys_curl_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \ - $(other_libs) $(LIBCURL) $(GETOPT) -gpg2keys_hkp_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS) -gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \ - $(other_libs) $(LIBCURL) $(GETOPT) -endif - -# Make sure that all libs are build before we use them. This is -# important for things like make -j2. -$(PROGRAMS): $(common_libs) ----------------------------------------------------------------------- Summary of changes: AUTHORS | 46 +++-- Makefile.am | 6 +- NEWS | 95 ++++++--- README | 48 ++--- configure.ac | 64 ------ keyserver/Makefile.am | 86 -------- po/de.po | 339 +++++++++++++++++++++---------- po/fr.po | 493 +++++++++++++++++++++++++++++++-------------- po/ja.po | 532 ++++++++++++++++++++++++++++++++++--------------- 9 files changed, 1056 insertions(+), 653 deletions(-) delete mode 100644 keyserver/Makefile.am hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 6 17:15:51 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 06 Jun 2014 17:15:51 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-2-gb67e4e5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b67e4e523e6d19d384e23c5bb03010caebd150e7 (commit) from 518d835380a2ae01d6a9cc19de92684baade96a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b67e4e523e6d19d384e23c5bb03010caebd150e7 Author: Werner Koch Date: Fri Jun 6 16:29:41 2014 +0200 Improve the beta number generation. * autogen.sh: Add option --find-version * configure.ac: Rework the setting of the mym4_ variables. -- The old system was not too well defined if no release for a series has yet been done. We now introduce a "PACKAGE-N.M-base" tag to solve this problem. To keep the M4 code readable the GIT parsing has been moved to ./autogen.sh. diff --git a/autogen.rc b/autogen.rc index 0f3d9d8..4860c38 100644 --- a/autogen.rc +++ b/autogen.rc @@ -1,5 +1,7 @@ # autogen.sh configuration for GnuPG -*- sh -*- +#version_parts=3 + case "$myhost:$myhostsub" in w32:ce) extraoptions="--enable-dirmngr-auto-start --disable-scdaemon " diff --git a/autogen.sh b/autogen.sh index 471193c..2b0a5dc 100755 --- a/autogen.sh +++ b/autogen.sh @@ -15,7 +15,7 @@ # configure it for the respective package. It is maintained as part of # GnuPG and source copied by other packages. # -# Version: 2014-01-10 +# Version: 2014-06-06 configure_ac="configure.ac" @@ -41,7 +41,7 @@ fatal () { info () { if [ -z "${SILENT}" ]; then - echo "autogen.sh:" "$*" + echo "autogen.sh:" "$*" >&2 fi } @@ -72,6 +72,7 @@ FORCE= SILENT= tmp=$(dirname "$0") tsdir=$(cd "${tmp}"; pwd) +version_parts=3 if [ -n "${AUTOGEN_SH_SILENT}" ]; then SILENT=" --silent" @@ -133,6 +134,11 @@ amd64_toolprefixes= myhost="" myhostsub="" case "$1" in + --find-version) + myhost="find-version" + SILENT=" --silent" + shift + ;; --build-w32) myhost="w32" shift @@ -172,6 +178,57 @@ if [ -f "$HOME/.gnupg-autogen.rc" ]; then . "$HOME/.gnupg-autogen.rc" fi + +# **** FIND VERSION **** +# This is a helper for the configure.ac M4 magic +# Called +# ./autogen.sh --find-version PACKAGE MAJOR MINOR [MICRO] +# returns a complete version string with automatic beta numbering. +if [ "$myhost" = "find-version" ]; then + package="$1" + major="$2" + minor="$3" + micro="$4" + + case "$version_parts" in + 2) + matchstr1="$package-$major.*[0-9]" + matchstr2="$package-$major-base" + vers="$major.$minor" + ;; + *) + matchstr1="$package-$major.$minor.*[0-9]" + matchstr2="$package-$major.$minor-base" + vers="$major.$minor.$micro" + ;; + esac + + beta=no + if [ -d .git ]; then + ingit=yes + tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null \ + | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}' ) + if [ -z "$tmp" ]; then + tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \ + | awk -F- '$4!=0{print"-beta"$4}') + fi + [ -n "$tmp" ] && beta=yes + rev=$(git rev-parse --short HEAD | tr -d '\n\r') + rvd=$((0x$(echo ${rev} | head -c 4))) + else + ingit=no + beta=yes + tmp="-unknown" + rev="0000000" + rvd="0" + fi + + echo "$package-$vers$tmp:$beta:$ingit:$vers$tmp:$vers:$tmp:$rev:$rvd:" + exit 0 +fi +# **** end FIND VERSION **** + + # ****************** # W32 build script # ****************** diff --git a/configure.ac b/configure.ac index 2c613a7..309b2bc 100644 --- a/configure.ac +++ b/configure.ac @@ -26,23 +26,29 @@ min_automake_version="1.10" # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [2.1.0]) +m4_define([mym4_package],[gnupg]) +m4_define([mym4_major], [2]) +m4_define([mym4_minor], [1]) +m4_define([mym4_micro], [0]) + +# To start a new development series, i.e a new major or minor number +# you need to mark an arbitrary commit before the first beta release +# with an annotated tag. For example the 2.1 branch starts off with +# the tag "gnupg-2.1-base". This is used as the base for counting +# beta numbers before the first release of a series. # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a -# flag indicating a development version (mym4_isgit). Note that the +# flag indicating a development version (mym4_isbeta). Note that the # m4 processing is done by autoconf and not during the configure run. -m4_define([mym4_revision], - m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r'])) -m4_define([mym4_revision_dec], - m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))])) -m4_define([mym4_betastring], - m4_esyscmd_s([git describe --match 'gnupg-2.[0-9].*[0-9]' --long|\ - awk -F- '$3!=0{print"-beta"$3}'])) -m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) -m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) - -AC_INIT([gnupg],[mym4_full_version], [http://bugs.gnupg.org]) +m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \ + mym4_package mym4_major mym4_minor mym4_micro),[:])) +m4_define([mym4_isbeta], m4_argn(2, mym4_verslist)) +m4_define([mym4_version], m4_argn(4, mym4_verslist)) +m4_define([mym4_revision], m4_argn(7, mym4_verslist)) +m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist)) + +AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) NEED_GPG_ERROR_VERSION=1.13 @@ -61,7 +67,7 @@ NEED_NPTH_VERSION=0.91 NEED_GNUTLS_VERSION=3.0 -development_version=mym4_isgit +development_version=mym4_isbeta PACKAGE=$PACKAGE_NAME PACKAGE_GT=${PACKAGE_NAME}2 VERSION=$PACKAGE_VERSION ----------------------------------------------------------------------- Summary of changes: autogen.rc | 2 ++ autogen.sh | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- configure.ac | 34 ++++++++++++++++++-------------- 3 files changed, 81 insertions(+), 16 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 10 14:46:18 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 10 Jun 2014 14:46:18 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.13-2-g3fada68 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 3fada688c0df6e3140e4fcaf59b9bcfcc7a70bf4 (commit) from 2f4e8c33b88d3492ed29903b0684428cc9d4281e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3fada688c0df6e3140e4fcaf59b9bcfcc7a70bf4 Author: Werner Koch Date: Tue Jun 10 14:47:33 2014 +0200 New error code GPG_ERR_KEY_DISABLED. diff --git a/NEWS b/NEWS index 20e50dc..fbd5dff 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,7 @@ Noteworthy changes in version 1.14 (unreleased) * Interface changes relative to the 1.13 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GPG_ERR_KEY_DISABLED NEW. Noteworthy changes in version 1.13 (2014-04-15) diff --git a/doc/errorref.txt b/doc/errorref.txt index 1feb930..8c32971 100644 --- a/doc/errorref.txt +++ b/doc/errorref.txt @@ -528,6 +528,11 @@ GPG_ERR_MAC_ALGO 199 GPG_ERR_UNFINISHED Operation not yet finished 200 GPG_ERR_BUFFER_TOO_SHORT Buffer too short + +GPG_ERR_KEY_DISABLED Key disabled + + GNUPG: - The key has been disabled by the user. + GPG_ERR_KEY_ON_CARD Not possible with a card based key GNUPG: - The gpg-agent returns this if a DELETE_KEY commands is diff --git a/src/err-codes.h.in b/src/err-codes.h.in index ee2db2e..3459a56 100644 --- a/src/err-codes.h.in +++ b/src/err-codes.h.in @@ -247,8 +247,9 @@ 212 GPG_ERR_SEXP_ODD_HEX_NUMBERS Odd hexadecimal numbers in S-expression 213 GPG_ERR_SEXP_BAD_OCT_CHAR Bad octal character in S-expression -# 214 to 252 are free to be used. +# 214 to 251 are free to be used. +252 GPG_ERR_KEY_DISABLED Key disabled 253 GPG_ERR_KEY_ON_CARD Not possible with a card based key 254 GPG_ERR_INV_LOCK_OBJ Invalid lock object ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + doc/errorref.txt | 5 +++++ src/err-codes.h.in | 3 ++- 3 files changed, 8 insertions(+), 1 deletion(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 10 14:49:38 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 10 Jun 2014 14:49:38 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.0-3-g86260b4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 86260b47c9e306e325103d1af767842357647e60 (commit) from 4dc9af24156b4fd52c7b76e7522b9b7a64e5386a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 86260b47c9e306e325103d1af767842357647e60 Author: Werner Koch Date: Tue Jun 10 14:52:06 2014 +0200 Add new reason codes to the INV_RECP status code. * src/op-support.c (_gpgme_parse_inv_recp): Add codes 13 and 14. diff --git a/src/op-support.c b/src/op-support.c index edd317d..2bcb3a3 100644 --- a/src/op-support.c +++ b/src/op-support.c @@ -266,6 +266,14 @@ _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key) case 12: inv_key->reason = gpg_error (GPG_ERR_MISSING_ISSUER_CERT); break; + + case 13: + inv_key->reason = gpg_error (252); /*GPG_ERR_KEY_DISABLED*/ + break; + + case 14: + inv_key->reason = gpg_error (GPG_ERR_INV_USER_ID); + break; } while (*tail && *tail == ' ') ----------------------------------------------------------------------- Summary of changes: src/op-support.c | 8 ++++++++ 1 file changed, 8 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 10 14:54:46 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 10 Jun 2014 14:54:46 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-3-g45ed901 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 45ed901c466bd72118c2844069f566e190d847d6 (commit) from b67e4e523e6d19d384e23c5bb03010caebd150e7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 45ed901c466bd72118c2844069f566e190d847d6 Author: Werner Koch Date: Tue Jun 10 14:54:55 2014 +0200 gpg: Use more specific reason codes for INV_RECP. * g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific reasons codes for INV_RECP. -- GnuPG-bug-id: 1650 diff --git a/doc/DETAILS b/doc/DETAILS index 17c417e..311dfe3 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -583,6 +583,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - 10 :: Key not trusted - 11 :: Missing certificate - 12 :: Missing issuer certificate + - 13 :: Key disabled + - 14 :: Syntax error in specification Note that for historical reasons the INV_RECP status is also used for gpgsm's SIGNER command where it relates to signer's of course. diff --git a/g10/pkclist.c b/g10/pkclist.c index 49cd309..e783ae4 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -802,9 +802,18 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, rc = get_pubkey_byname (ctrl, NULL, pk, name, NULL, NULL, 0, 0); if (rc) { + int code; + /* Key not found or other error. */ log_error (_("%s: skipped: %s\n"), name, g10_errstr(rc) ); - send_status_inv_recp (0, name); + switch (gpg_err_code (rc)) + { + case GPG_ERR_NO_SECKEY: + case GPG_ERR_NO_PUBKEY: code = 1; break; + case GPG_ERR_INV_USER_ID: code = 14; break; + default: code = 0; break; + } + send_status_inv_recp (code, name); free_public_key (pk); return rc; } @@ -813,7 +822,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, if (rc) { /* Key found but not usable for us (e.g. sign-only key). */ - send_status_inv_recp (0, name); + send_status_inv_recp (3, name); /* Wrong key usage */ log_error (_("%s: skipped: %s\n"), name, g10_errstr(rc) ); free_public_key (pk); return rc; @@ -824,7 +833,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use, if ( (trustlevel & TRUST_FLAG_DISABLED) ) { /* Key has been disabled. */ - send_status_inv_recp (0, name); + send_status_inv_recp (13, name); log_info (_("%s: skipped: public key is disabled\n"), name); free_public_key (pk); return G10ERR_UNU_PUBKEY; @@ -936,7 +945,7 @@ build_pk_list (ctrl_t ctrl, pk->req_usage = use; /* We explicitly allow encrypt-to to an disabled key; thus - we pass 1for the second last argument and 1 as the last + we pass 1 for the second last argument and 1 as the last argument to disable AKL. */ if ( (rc = get_pubkey_byname (ctrl, NULL, pk, rov->d, NULL, NULL, 1, 1)) ) @@ -981,11 +990,10 @@ build_pk_list (ctrl_t ctrl, } else { - /* The public key is not usable for encryption or not - available. */ + /* The public key is not usable for encryption. */ free_public_key( pk ); pk = NULL; log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) ); - send_status_inv_recp (0, rov->d); + send_status_inv_recp (3, rov->d); /* Wrong key usage */ goto fail; } } ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 2 ++ g10/pkclist.c | 22 +++++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 10 15:08:55 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 10 Jun 2014 15:08:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-4-g141d69c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 141d69cb2a94a752244e89f49611923a2f184dfd (commit) from 45ed901c466bd72118c2844069f566e190d847d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 141d69cb2a94a752244e89f49611923a2f184dfd Author: Werner Koch Date: Tue Jun 10 15:11:32 2014 +0200 w32: Fix build problem with dirmngr. * dirmngr/ks-engine-hkp.c (EAI_SYSTEM) [W32]: Add replacement constant. diff --git a/common/argparse.c b/common/argparse.c index f4180cf..c713bf6 100644 --- a/common/argparse.c +++ b/common/argparse.c @@ -1336,7 +1336,7 @@ strusage( int level ) break; case 11: p = "foo"; break; case 13: p = "0.0"; break; - case 14: p = "Copyright (C) 2012 Free Software Foundation, Inc."; break; + case 14: p = "Copyright (C) 2014 Free Software Foundation, Inc."; break; case 15: p = "This is free software: you are free to change and redistribute it.\n" "There is NO WARRANTY, to the extent permitted by law.\n"; diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 0f0baab..762ab4a 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -40,10 +40,17 @@ #include "userids.h" #include "ks-engine.h" -/* Substitute a missing Mingw macro. */ +/* Substitutes for missing Mingw macro. The EAI_SYSTEM mechanism + seems not to be available (probably because there is only one set + of error codes anyway). For now we use WSAEINVAL. */ #ifndef EAI_OVERFLOW # define EAI_OVERFLOW EAI_FAIL #endif +#ifdef HAVE_W32_SYSTEM +# ifndef EAI_SYSTEM +# define EAI_SYSTEM WSAEINVAL +# endif +#endif /* Number of seconds after a host is marked as resurrected. */ ----------------------------------------------------------------------- Summary of changes: common/argparse.c | 2 +- dirmngr/ks-engine-hkp.c | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 11 15:43:31 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 Jun 2014 15:43:31 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-7-g6eeb31a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6eeb31abee82cb2016bf054cd302af64f6dfdc2e (commit) from e06d5d1a3b4a5c446a27d64cd2da0e48ccec5601 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6eeb31abee82cb2016bf054cd302af64f6dfdc2e Author: Werner Koch Date: Wed Jun 11 15:45:29 2014 +0200 speedo: Improve building of the w32 installer. * build-aux/speedo.mk: Change name of build directory to PLAY. Improve the dist-source target. * build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank line (plus comment). * build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*. Install more tools. -- gdk-pixbuf-loaders.cache needs to end with an extra LF or the gdk-pixbuf is not able to read the last entry. The final comment is to make our git sanity checks happy. Running make -f build-aux/speedo.mk \ TARGETOS=w32 TARBALLS=~/tarballs installer does now create a working installer. After removing dirmngr from the installation GPA kind of works. There are remaining problems with dirmngr and scdaemon which will be fixed soon. Running make -f build-aux/speedo.mk \ TARGETOS=w32 TARBALLS=~/tarballs dist-source creates an xz compressed tarball with all the sources used to build the installer. Distributing this tarball along with the installer is sufficient to comply with the GPL. Well, some more instructions should be given in the readme files. diff --git a/.gitignore b/.gitignore index d4816a1..5fc934a 100644 --- a/.gitignore +++ b/.gitignore @@ -21,7 +21,7 @@ keyserver/gpg2keys_test tools/gpg-zip # Files created by make when not using a VPATH build -play/ +PLAY/ *.o po/en at boldquot.insert-header po/en at boldquot.po diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 34d5f98..1bebd8b 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -23,7 +23,7 @@ # or # make -f speedo.mk # -# Builds all packages and installs them under play/inst. At the end, +# Builds all packages and installs them under PLAY/inst. At the end, # speedo prints commands that can be executed in the local shell to # make use of the installed packages. # @@ -390,7 +390,7 @@ MAKENSIS=makensis BUILD_ISODATE=$(shell date -u +%Y-%m-%d) # These paths must be absolute, as we switch directories pretty often. -root := $(shell pwd)/play +root := $(shell pwd)/PLAY sdir := $(root)/src bdir := $(root)/build bdir6:= $(root)/build-w64 @@ -772,7 +772,7 @@ clean-stamps: $(RM) -fR $(stampdir) clean-speedo: - $(RM) -fR play + $(RM) -fR PLAY # @@ -780,10 +780,16 @@ clean-speedo: # dist-source: all - for i in 00 01 02 03; do sleep 1;touch play/stamps/stamp-*-${i}-*;done - tar -cvJf gnupg-$(INST_VERSION)_$(BUILD_ISODATE).tar.xz \ - --exclude-backups --exclude-vc \ - patches play/stamps/stamp-*-00-unpack play/src + for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done + (set -e;\ + tarname="gnupg-w32-$(INST_VERSION)_$(BUILD_ISODATE).tar" ;\ + [ -f "$$tarname" ] && rm "$$tarname" ;\ + tar -C $(topsrc) -cf "$$tarname" --exclude-backups --exclude-vc \ + --anchored --exclude './PLAY' . ;\ + tar --totals -rf "$$tarname" --exclude-backups --exclude-vc \ + PLAY/stamps/stamp-*-00-unpack PLAY/src ;\ + xz "$$tarname" ;\ + ) $(bdir)/NEWS.tmp: $(topsrc)/NEWS @@ -820,6 +826,7 @@ installer: all w32_insthelpers $(bdir)/inst-options.ini $(bdir)/README.txt -DVERSION=$(INST_VERSION) \ -DPROD_VERSION=$(INST_PROD_VERSION) \ $(w32src)/inst.nsi + @echo "Ready: $(idir)/gnupg-w32-$(INST_VERSION)" # # Mark phony targets diff --git a/build-aux/speedo/w32/gdk-pixbuf-loaders.cache b/build-aux/speedo/w32/gdk-pixbuf-loaders.cache index af51346..78bc18a 100755 --- a/build-aux/speedo/w32/gdk-pixbuf-loaders.cache +++ b/build-aux/speedo/w32/gdk-pixbuf-loaders.cache @@ -133,3 +133,6 @@ "image/x-xpixmap" "" "xpm" "" "/* XPM */" "" 100 + + +# eof # diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index cf627f6..30b3871 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -93,7 +93,7 @@ SetCompressor lzma Name "${PRETTY_PACKAGE}" # Set the output filename. -OutFile "${PACKAGE}-${VERSION}.exe" +OutFile "gnupg-w32-${VERSION}.exe" #Fixme: Do we need a logo #Icon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico" @@ -526,6 +526,7 @@ Section "-gnupginst" # If we are reinstalling, try to kill a possible running agent using # an already installed gpgconf. ifFileExists "$INSTDIR\bin\gpgconf.exe" 0 no_gpgconf + ExecWait '"$INSTDIR\bin\gpgconf" --kill dirmngr' ExecWait '"$INSTDIR\bin\gpgconf" --kill gpg-agent' no_gpgconf: @@ -542,9 +543,11 @@ Section "GnuPG" SEC_gnupg SetOutPath "$INSTDIR\bin" File /oname=gpg.exe "bin/gpg2.exe" + File /oname=gpgv.exe "bin/gpgv2.exe" File "bin/gpgsm.exe" File "bin/gpgconf.exe" File "bin/gpg-connect-agent.exe" + File "bin/gpgtar.exe" ClearErrors SetOverwrite try @@ -554,6 +557,22 @@ Section "GnuPG" SEC_gnupg File /oname=gpg-agent.exe.tmp "bin/gpg-agent.exe" Rename /REBOOTOK gpg-agent.exe.tmp gpg-agent.exe + ClearErrors + SetOverwrite try + File "libexec/scdaemon.exe" + SetOverwrite lastused + ifErrors 0 +3 + File /oname=scdaemon.exe.tmp "libexec/scdaemon.exe" + Rename /REBOOTOK scdaemon.exe.tmp scdaemon.exe + + ClearErrors + SetOverwrite try + File "bin/dirmngr.exe" + SetOverwrite lastused + ifErrors 0 +3 + File /oname=dirmngr.exe.tmp "bin/dirmngr.exe" + Rename /REBOOTOK dirmngr.exe.tmp dirmngr.exe + SetOutPath "$INSTDIR\share\gnupg" File "share/gnupg/gpg-conf.skel" SectionEnd @@ -995,10 +1014,14 @@ SectionEnd Section "-un.gnupg" Delete "$INSTDIR\bin\gpg.exe" + Delete "$INSTDIR\bin\gpgv.exe" Delete "$INSTDIR\bin\gpgsm.exe" Delete "$INSTDIR\bin\gpg-agent.exe" + Delete "$INSTDIR\bin\scdaemon.exe" + Delete "$INSTDIR\bin\dirmngr.exe" Delete "$INSTDIR\bin\gpgconf.exe" Delete "$INSTDIR\bin\gpg-connect-agent.exe" + Delete "$INSTDIR\bin\gpgtar.exe" Delete "$INSTDIR\share\gnupg\gpg-conf.skel" RMDir "$INSTDIR\share\gnupg" ----------------------------------------------------------------------- Summary of changes: .gitignore | 2 +- build-aux/speedo.mk | 21 ++++++++++++++------- build-aux/speedo/w32/gdk-pixbuf-loaders.cache | 3 +++ build-aux/speedo/w32/inst.nsi | 25 ++++++++++++++++++++++++- 4 files changed, 42 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 12 15:04:25 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 12 Jun 2014 15:04:25 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-8-gd8314e3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d8314e31c58ea0827d0e2361dabcdf869ab08fce (commit) from 6eeb31abee82cb2016bf054cd302af64f6dfdc2e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d8314e31c58ea0827d0e2361dabcdf869ab08fce Author: Werner Koch Date: Thu Jun 12 14:41:40 2014 +0200 gpg: Improve the output of --list-packets * g10/parse-packet.c (parse): Print packet meta info in list mode. -- In particular having the file offset of the packets is often useful. diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 26ca038..28f9016 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -403,11 +403,18 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, int hdrlen; int new_ctb = 0, partial = 0; int with_uid = (onlykeypkts == 2); + off_t pos; *skip = 0; assert (!pkt->pkt.generic); - if (retpos) - *retpos = iobuf_tell (inp); + if (retpos || list_mode) + { + pos = iobuf_tell (inp); + if (retpos) + *retpos = pos; + } + else + pos = 0; /* (silence compiler warning) */ if ((ctb = iobuf_get (inp)) == -1) { @@ -559,6 +566,12 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, #endif } + if (list_mode) + es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n", + (unsigned long)pos, ctb, pkttype, hdrlen, pktlen, + partial? " partial":"", + new_ctb? " new-ctb":""); + pkt->pkttype = pkttype; rc = G10ERR_UNKNOWN_PACKET; /* default error */ switch (pkttype) ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 13 19:37:26 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 13 Jun 2014 19:37:26 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-9-g5bf0452 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5bf04522e353675e4c3eda118fee2580756704a2 (commit) from d8314e31c58ea0827d0e2361dabcdf869ab08fce (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5bf04522e353675e4c3eda118fee2580756704a2 Author: Werner Koch Date: Fri Jun 13 19:39:48 2014 +0200 http: Print human readable GNUTLS status. * common/http.c (send_gnutls_bye): Take care of EAGAIN et al. (http_verify_server_credentials): Print a human readable status. diff --git a/common/http.c b/common/http.c index 4fc89d7..06461db 100644 --- a/common/http.c +++ b/common/http.c @@ -2419,8 +2419,21 @@ static void send_gnutls_bye (void *opaque) { gnutls_session_t tls_session = opaque; + int ret; - gnutls_bye (tls_session, GNUTLS_SHUT_RDWR); + again: + do + ret = gnutls_bye (tls_session, GNUTLS_SHUT_RDWR); + while (ret == GNUTLS_E_INTERRUPTED); + if (ret == GNUTLS_E_AGAIN) + { + struct timeval tv; + + tv.tv_sec = 0; + tv.tv_usec = 50000; + my_select (0, NULL, NULL, NULL, &tv); + goto again; + } } #endif /*HTTP_USE_GNUTLS*/ @@ -2486,6 +2499,19 @@ http_verify_server_credentials (http_session_t sess) else if (status) { log_error ("%s: status=0x%04x\n", errprefix, status); +#if GNUTLS_VERSION_NUMBER >= 0x030104 + { + gnutls_datum_t statusdat; + + if (!gnutls_certificate_verification_status_print + (status, GNUTLS_CRT_X509, &statusdat, 0)) + { + log_info ("%s: %s\n", errprefix, statusdat.data); + gnutls_free (statusdat.data); + } + } +#endif /*gnutls >= 3.1.4*/ + sess->verify.status = status; if (!err) err = gpg_error (GPG_ERR_GENERAL); ----------------------------------------------------------------------- Summary of changes: common/http.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 17 11:40:28 2014 From: cvs at cvs.gnupg.org (by Kristian Fiskerstrand) Date: Tue, 17 Jun 2014 11:40:28 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-11-g3f17b74 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3f17b74aa57ac1ea2f3aa93dec4889778a21afeb (commit) via 47e63dc00169030b6ff01ab67e73e52aec1395db (commit) from 5bf04522e353675e4c3eda118fee2580756704a2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3f17b74aa57ac1ea2f3aa93dec4889778a21afeb Author: Kristian Fiskerstrand Date: Thu Jun 12 16:12:28 2014 +0200 gpg: Fix a couple of spelling errors diff --git a/g10/call-agent.c b/g10/call-agent.c index 1b30b7f..cf1b96a 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -222,12 +222,12 @@ check_hijacking (assuan_context_t ctx) string = get_membuf (&mb, NULL); if (!string || !*string) { - /* Definitley hijacked - show a warning prompt. */ + /* Definitely hijacked - show a warning prompt. */ static int shown; const char warn1[] = "The GNOME keyring manager hijacked the GnuPG agent."; const char warn2[] = - "GnuPG will not work proberly - please configure that " + "GnuPG will not work properly - please configure that " "tool to not interfere with the GnuPG system!"; log_info ("WARNING: %s\n", warn1); log_info ("WARNING: %s\n", warn2); commit 47e63dc00169030b6ff01ab67e73e52aec1395db Author: Werner Koch Date: Mon Jun 16 23:25:44 2014 +0200 speedo: Support building from dist-source generated tarball. diff --git a/README b/README index d5cd727..da4c498 100644 --- a/README +++ b/README @@ -70,6 +70,10 @@ binary gpg but a gpg2 so that this package won't conflict with a GnuPG In case of problem please ask on the gnupg-users at gnupg.org mailing list for advise. +Instruction on how to build for Windows can be found in the file +doc/HACKING in the section "How to build an installer for Windows". +This requires some experience as developer. + Note that the PKITS tests are always skipped unless you copy the PKITS test data file into the tests/pkits directory. There is no need to run these test and some of them may even fail because the test scripts diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 1bebd8b..1ef1600 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -46,19 +46,24 @@ SPEEDO_MK := $(realpath $(lastword $(MAKEFILE_LIST))) -# Set this to "git" or "release". +# Set this to "git" to build from git, +# to "release" from tarballs, +# to "this" from the unpacked sources. WHAT=git # Set target to "native" or "w32" TARGETOS=w32 -# Set to the location of the directory with traballs of +# Set to the location of the directory with tarballs of # external packages. TARBALLS=$(shell pwd)/../tarballs # Number of parallel make jobs MAKE_J=3 +# Name to use for the w32 installer and sources +INST_NAME=gnupg-w32 + # =====BEGIN LIST OF PACKAGES===== # The packages that should be built. The order is also the build order. # Fixme: Do we need to build pkg-config for cross-building? @@ -172,7 +177,8 @@ pkg2rep = $(TARBALLS) # Note that you can override the defaults in this file in a local file # "config.mk" -ifeq ($(WHAT),git) +ifeq ($(WHAT),this) +else ifeq ($(WHAT),git) speedo_pkg_libgpg_error_git = $(gitrep)/libgpg-error speedo_pkg_libgpg_error_gitref = master speedo_pkg_npth_git = $(gitrep)/npth @@ -191,7 +197,7 @@ ifeq ($(WHAT),git) speedo_pkg_gpa_gitref = master speedo_pkg_gpgex_git = $(gitrep)/gpgex speedo_pkg_gpgex_gitref = master -else +else ifeq ($(WHAT),release) speedo_pkg_libgpg_error_tar = \ $(pkgrep)/libgpg-error/libgpg-error-$(libgpg_error_ver).tar.bz2 speedo_pkg_npth_tar = \ @@ -210,6 +216,8 @@ else $(pkgrep)/gpa/gpa-$(gpa_ver).tar.bz2 speedo_pkg_gpgex_tar = \ $(pkgrep)/gpex/gpgex-$(gpa_ver).tar.bz2 +else + $(error invalid value for WHAT (use on of: git release this)) endif speedo_pkg_pkg_config_tar = $(pkg2rep)/pkg-config-$(pkg_config_ver).tar.gz @@ -529,7 +537,9 @@ $(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories @echo "speedo: */" @(set -e; cd $(sdir); \ $(call SETVARS,$(1)); \ - if [ "$(1)" = "gnupg" ]; then \ + if [ "$(WHAT)" = "this" ]; then \ + echo "speedo: using included source"; \ + elif [ "$(1)" = "gnupg" ]; then \ cd $$$${pkgsdir}; \ if [ -f config.log ]; then \ echo "GnuPG has already been build in-source" >&2 ;\ @@ -782,11 +792,13 @@ clean-speedo: dist-source: all for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done (set -e;\ - tarname="gnupg-w32-$(INST_VERSION)_$(BUILD_ISODATE).tar" ;\ + tarname="$(INST_NAME)-$(INST_VERSION)_$(BUILD_ISODATE).tar" ;\ [ -f "$$tarname" ] && rm "$$tarname" ;\ tar -C $(topsrc) -cf "$$tarname" --exclude-backups --exclude-vc \ + --transform='s,^\./,$(INST_NAME)-$(INST_VERSION)/,' \ --anchored --exclude './PLAY' . ;\ tar --totals -rf "$$tarname" --exclude-backups --exclude-vc \ + --transform='s,^,$(INST_NAME)-$(INST_VERSION)/,' \ PLAY/stamps/stamp-*-00-unpack PLAY/src ;\ xz "$$tarname" ;\ ) @@ -823,10 +835,11 @@ installer: all w32_insthelpers $(bdir)/inst-options.ini $(bdir)/README.txt -DTOP_SRCDIR=$(topsrc) \ -DW32_SRCDIR=$(w32src) \ -DBUILD_ISODATE=$(BUILD_ISODATE) \ + -DNAME=$(INST_NAME) \ -DVERSION=$(INST_VERSION) \ -DPROD_VERSION=$(INST_PROD_VERSION) \ $(w32src)/inst.nsi - @echo "Ready: $(idir)/gnupg-w32-$(INST_VERSION)" + @echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)" # # Mark phony targets diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index 30b3871..5f8c55c 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -23,6 +23,7 @@ # TOP_SRCDIR # W32_SRCDIR # BUILD_ISODATE +# NAME # VERSION # PROD_VERSION @@ -93,7 +94,7 @@ SetCompressor lzma Name "${PRETTY_PACKAGE}" # Set the output filename. -OutFile "gnupg-w32-${VERSION}.exe" +OutFile "$(NAME)-${VERSION}.exe" #Fixme: Do we need a logo #Icon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico" diff --git a/doc/HACKING b/doc/HACKING index 8116c3f..252bc42 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -93,12 +93,47 @@ appear in the ChangeLog. need. If you really need to do it, use a separate commit for such a change. +* Windows +** How to build an installer for Windows + + Your best bet is to use a decent Debian System for development. + You need to install a long list of tools for building. This list + still needs to be compiled. However, the build process will stop + if a tool is missing. GNU make is required (on non GNU systems + often installed as "gmake"). The installer requires a couple of + extra software to be available either as tarballs or as local git + repositories. In case this file here is part of a gnupg-w32-2.*.xz + complete tarball as distributed from the same place as a binary + installer, all such tarballs are already included. + + Cd to the GnuPG source directory and use one of one of these + command: + + - If sources are included (gnupg-w32-*.tar.xz) + + make -f build-aux/speedo.mk WHAT=this installer + + - To build from tarballs + + make -f build-aux/speedo.mk WHAT=release TARBALLS=TARDIR installer + + - To build from local GIT repos + + make -f build-aux/speedo.mk WHAT=git TARBALLS=TARDIR installer + + Note that also you need to supply tarballs with supporting + libraries even if you build from git. The makefile expects only + the core GnuPG software to be available as local GIT repositories. + speedo.mk has the versions of the tarballs and the branch names of + the git repositories. In case of problems, don't hesitate to ask + on the gnupg-devel mailing for help. + + * Debug hints See the manual for some hints. * Standards - ** RFCs 1423 Privacy Enhancement for Internet Electronic Mail: @@ -120,6 +155,8 @@ appear in the ChangeLog. 4880 Current OpenPGP specification. +6337 Elliptic Curve Cryptography (ECC) in OpenPGP + * Various information ** Directory Layout ----------------------------------------------------------------------- Summary of changes: README | 4 ++++ build-aux/speedo.mk | 27 ++++++++++++++++++++------- build-aux/speedo/w32/inst.nsi | 3 ++- doc/HACKING | 39 ++++++++++++++++++++++++++++++++++++++- g10/call-agent.c | 4 ++-- 5 files changed, 66 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 23 13:13:35 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Jun 2014 13:13:35 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23-5-gceef556 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via ceef5568d53b286efe639c6fd1d37f154be133ef (commit) via 014b2103fcb12f261135e3954f26e9e07b39e342 (commit) from 52b96ef6b81951ddacf146a74e88e5512efd03a0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ceef5568d53b286efe639c6fd1d37f154be133ef Author: Werner Koch Date: Mon Jun 23 13:16:44 2014 +0200 ssh: Fix for newer Libgcrypt versions. * common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case. -- Reported-by: Anatol Pomozov diff --git a/common/ssh-utils.c b/common/ssh-utils.c index d8f057d..11ff0fb 100644 --- a/common/ssh-utils.c +++ b/common/ssh-utils.c @@ -89,6 +89,7 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, elems = "pqgy"; gcry_md_write (md, "\0\0\0\x07ssh-dss", 11); break; + case GCRY_PK_ECC: case GCRY_PK_ECDSA: /* We only support the 3 standard curves for now. It is just a quick hack. */ commit 014b2103fcb12f261135e3954f26e9e07b39e342 Author: Werner Koch Date: Fri Jun 20 10:39:26 2014 +0200 gpg: Avoid infinite loop in uncompressing garbled packets. * g10/compress.c (do_uncompress): Limit the number of extra FF bytes. -- A packet like (a3 01 5b ff) leads to an infinite loop. Using --max-output won't help if it is a partial packet. This patch actually fixes a regression introduced on 1999-05-31 (c34c6769). Actually it would be sufficient to stuff just one extra 0xff byte. Given that this problem popped up only after 15 years, I feel safer to allow for a very few FF bytes. Thanks to Olivier Levillain and Florian Maury for their detailed report. diff --git a/g10/compress.c b/g10/compress.c index a91dd23..6e151bc 100644 --- a/g10/compress.c +++ b/g10/compress.c @@ -161,7 +161,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs, IOBUF a, size_t *ret_len ) { int zrc; - int rc=0; + int rc = 0; + int leave = 0; size_t n; int nread, count; int refill = !zs->avail_in; @@ -179,13 +180,14 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs, nread = iobuf_read( a, zfx->inbuf + n, count ); if( nread == -1 ) nread = 0; n += nread; - /* If we use the undocumented feature to suppress - * the zlib header, we have to give inflate an - * extra dummy byte to read */ - if( nread < count && zfx->algo == 1 ) { - *(zfx->inbuf + n) = 0xFF; /* is it really needed ? */ - zfx->algo1hack = 1; + /* Algo 1 has no zlib header which requires us to to give + * inflate an extra dummy byte to read. To be on the safe + * side we allow for up to 4 ff bytes. */ + if( nread < count && zfx->algo == 1 && zfx->algo1hack < 4) { + *(zfx->inbuf + n) = 0xFF; + zfx->algo1hack++; n++; + leave = 1; } zs->avail_in = n; } @@ -205,7 +207,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs, else log_fatal("zlib inflate problem: rc=%d\n", zrc ); } - } while( zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR ); + } while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR + && !leave); *ret_len = zfx->outbufsize - zs->avail_out; if( DBG_FILTER ) ----------------------------------------------------------------------- Summary of changes: common/ssh-utils.c | 1 + g10/compress.c | 19 +++++++++++-------- 2 files changed, 12 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 23 17:39:11 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Jun 2014 17:39:11 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.16-17-gba50a00 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via ba50a006302cee62376f1c7bf11a08dad14f41ff (commit) via 297f2ac6451e638ed96926d06b01189076010823 (commit) via 8d5f493ba4e7ea410186e16b8927ad5683fb15f2 (commit) via bfc7893bdaf4dc674799ddddc0cae8f0af642b9d (commit) via 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe (commit) via 5230304349490f31aa64ee2b69a8a2bc06bf7816 (commit) via 8eab483a1c4817a2946624c7305f464089d1875e (commit) via 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd (commit) from ab644b1efffe7c36aff4a0612479ee1949830516 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ba50a006302cee62376f1c7bf11a08dad14f41ff Author: Werner Koch Date: Mon Jun 23 17:42:21 2014 +0200 Post release changes. -- diff --git a/NEWS b/NEWS index e935605..a78109b 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.4.18 (unreleased) +------------------------------------------------- + + Noteworthy changes in version 1.4.17 (2014-06-23) ------------------------------------------------- diff --git a/README b/README index 5d1edbd..4a07839 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ GnuPG - The GNU Privacy Guard ------------------------------- - Version 1.4.17 + Version 1.4.18 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, diff --git a/configure.ac b/configure.ac index 93527e9..96f09d7 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.9.3" # (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [1.4.17]) +m4_define([mym4_version], [1.4.18]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 297f2ac6451e638ed96926d06b01189076010823 Author: Werner Koch Date: Mon Jun 23 16:38:09 2014 +0200 Release 1.4.17 diff --git a/AUTHORS b/AUTHORS index 29f775f..8e59219 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,10 +1,16 @@ Program: GnuPG Version: 1.4 +Homepage: https://www.gnupg.org Maintainer: Werner Koch Bug reports: http://bugs.gnupg.org Security related bug reports: License: GPLv3+ +GnuPG is free software. See the files COPYING for copying conditions. +License copyright years may be listed using range notation, e.g., +2000-2013, indicating that every year in the range, inclusive, is a +copyrightable year that would otherwise be listed individually. + Authors with a FSF copyright assignment ======================================= @@ -129,7 +135,7 @@ Other authors ============= The need for copyright assignments to the FSF has been waived on -2013-03-29; The need for copyright disclaimers for translations has +2013-03-29; the need for copyright disclaimers for translations has been waived in December 2012. This program uses the zlib compression library written by @@ -161,13 +167,26 @@ was written by 1996-2010 Julian R Seward. See bzip/LICENSE for details. +Copyright +========= + +GnuPG is distributed under the GNU General Public License, version 3 +or later. + +Note that some files are under a combination of the GNU Lesser General +Public License, version 3 and the GNU General Public License, version +2. A few other files carry the all permissive license note as found +at the bottom of this file. + +==================== + Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. - Copyright 2013 Werner Koch + Copyright 2013, 2014 Werner Koch - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. + This file (AUTHORS) is free software; as a special exception the + author gives unlimited permission to copy and/or distribute it, with + or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the diff --git a/NEWS b/NEWS index 1dfb23f..e935605 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,20 @@ -Noteworthy changes in version 1.4.17 (unreleased) +Noteworthy changes in version 1.4.17 (2014-06-23) ------------------------------------------------- + * Avoid DoS due to garbled compressed data packets. + + * Screen keyserver reponses to avoid import of unwanted keys by rogue + servers. + + * Add hash algorithms to the "sig" records of the colon output. + + * More specific reason codes for INV_RECP status. + + * Fixes for PC/SC access on Apple. + + * Minor bug fixes. + + Noteworthy changes in version 1.4.16 (2013-12-18) ------------------------------------------------- diff --git a/README b/README index f025c51..5d1edbd 100644 --- a/README +++ b/README @@ -1,12 +1,12 @@ GnuPG - The GNU Privacy Guard ------------------------------- - Version 1.4.16 + Version 1.4.17 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012, 2013 Free Software Foundation, Inc. - Copyright 1997, 1998, 2013 Werner Koch + Copyright 1997, 1998, 2013, 2014 Werner Koch This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or @@ -783,10 +783,12 @@ How to Get More Information --------------------------- - The primary WWW page is http://www.gnupg.org + The primary WWW page is https://www.gnupg.org + or using TOR http://ic6au7wa3f6naxjq.onion + The primary FTP site is ftp://ftp.gnupg.org/gcrypt/ - See http://www.gnupg.org/download/mirrors.html for a list of + See https://www.gnupg.org/download/mirrors.html for a list of mirrors and use them if possible. You may also find GnuPG mirrored on some of the regular GNU mirrors. @@ -813,7 +815,7 @@ of "subscribe" to x-request at gnupg.org, where x is the name of the mailing list (gnupg-announce, gnupg-users, etc.). An archive of the mailing lists are available at - http://www.gnupg.org/documentation/mailing-lists.html + https://www.gnupg.org/documentation/mailing-lists.html Please direct bug reports to http://bugs.gnupg.org or post them direct to the mailing list . @@ -825,12 +827,9 @@ by the authors and we try to answer questions when time allows us to do so. - Commercial grade support for GnuPG is available; please see - http://www.gnupg.org/service.html . - - The driving force behind the development of GnuPG is the company - of its principal author, Werner Koch. Maintenance and improvement - of GnuPG and related software take up most of their resources. - To continue the work they ask to either donate money, purchase a - support contract, or engage them for custom enhancements. See - http://g10code.com/gnupg-donation.html + Commercial grade support for GnuPG is available; for a listing of + offers see https://www.gnupg.org/service.html . Maintaining and + improving GnuPG is costly. Since 2001, g10 Code GmbH, a German + company owned and headed by GnuPG's principal author Werner Koch, + is bearing the majority of these costs. To help them carry on + this work, they need your support. See https://gnupg.org/donate/ diff --git a/util/argparse.c b/util/argparse.c index a0579cb..267b6f1 100644 --- a/util/argparse.c +++ b/util/argparse.c @@ -1046,7 +1046,7 @@ default_strusage( int level ) break; case 11: p = "foo"; break; case 13: p = "0.0"; break; - case 14: p = "Copyright (C) 2013 Free Software Foundation, Inc."; break; + case 14: p = "Copyright (C) 2014 Free Software Foundation, Inc."; break; case 15: p = "This is free software: you are free to change and redistribute it.\n" "There is NO WARRANTY, to the extent permitted by law.\n"; commit 8d5f493ba4e7ea410186e16b8927ad5683fb15f2 Author: Werner Koch Date: Mon Jun 23 16:35:41 2014 +0200 po: Auto-update -- diff --git a/po/be.po b/po/be.po index 9add96e..2625282 100644 --- a/po/be.po +++ b/po/be.po @@ -1843,6 +1843,13 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "???????????????? ?????????? ???????????? ?? ID ????????????????????????????" +#, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "?????????????????? ???????? ???? ??????????????????" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "" @@ -1938,6 +1945,10 @@ msgstr "???????????????? ?????????? ???????????? ?? ????????????????" msgid "key %s: \"%s\" not changed\n" msgstr "" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "?????????????????? ???????? ???? ??????????????????" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "???????????????? ???????? ????????????????????" diff --git a/po/ca.po b/po/ca.po index bc6e6c6..3d08b48 100644 --- a/po/ca.po +++ b/po/ca.po @@ -2064,6 +2064,13 @@ msgid "key %s: no user ID\n" msgstr "clau %08lX: sense ID\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "es descarta ??%s??: %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "clau %08lX: corrupci?? de la subclau HKP reparada\n" @@ -2158,6 +2165,10 @@ msgstr "clau %08lX: ??%s?? %d ID d'usuari nous\n" msgid "key %s: \"%s\" not changed\n" msgstr "clau %08lX: ??%s?? no ha estat modificada\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "no s'ha trobat la clau secreta ??%s??: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "s'est?? escrivint la clau secreta a ??%s??\n" diff --git a/po/cs.po b/po/cs.po index 92198da..ec904ae 100644 --- a/po/cs.po +++ b/po/cs.po @@ -1978,6 +1978,14 @@ msgstr "nelze aktualizovat preference s: gpg --edit-key %s updpref save\n" msgid "key %s: no user ID\n" msgstr "kl?? %s: chyb? identifik?tor u?ivatele\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "p?esko?en \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "kl?? %s: PKS po?kozen? podkl??e opraveno\n" @@ -2075,6 +2083,11 @@ msgstr "kl msgid "key %s: \"%s\" not changed\n" msgstr "kl?? %s: \"%s\" beze zm?n\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "tajn? kl?? \"%s\" nenalezen: %s\n" + msgid "importing secret keys not allowed\n" msgstr "import tajn?ch kl??? nen? povolen\n" diff --git a/po/da.po b/po/da.po index edcd31b..6d871f6 100644 --- a/po/da.po +++ b/po/da.po @@ -1958,6 +1958,14 @@ msgstr "du kan opdatere dine pr??ferencer med: gpg --edit-key %s updpref save\n" msgid "key %s: no user ID\n" msgstr "n??gle %s: ingen bruger-id\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "udelod ??%s??: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "n??gle %s: korruption af PKS-undern??gle er repareret!\n" @@ -2053,6 +2061,11 @@ msgstr "n??gle %s: ??%s?? %d bruger-id'er renset\n" msgid "key %s: \"%s\" not changed\n" msgstr "n??gle %s: ??%s?? ikke ??ndret\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "hemmelig n??gle ??%s?? blev ikke fundet: %s\n" + msgid "importing secret keys not allowed\n" msgstr "import af hemmelige n??gler er ikke tilladt\n" diff --git a/po/de.po b/po/de.po index 0a02fb9..8b3ccd8 100644 --- a/po/de.po +++ b/po/de.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-1.4.8\n" "Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n" -"PO-Revision-Date: 2012-08-24 16:58+0200\n" +"PO-Revision-Date: 2014-06-23 16:34+0200\n" "Last-Translator: Walter Koch \n" "Language-Team: German \n" "Language: de\n" @@ -2011,6 +2011,13 @@ msgid "key %s: no user ID\n" msgstr "Schl??ssel %s: Keine User-ID\n" #, c-format +msgid "key %s: %s\n" +msgstr "Schl??ssel \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "durch Importfilter zur??ckgewiesen" + +#, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "Schl??ssel %s: PKS Unterschl??sseldefekt repariert\n" @@ -2105,6 +2112,10 @@ msgstr "Schl??ssel %s: \"%s\" %d User-IDs bereinigt\n" msgid "key %s: \"%s\" not changed\n" msgstr "Schl??ssel %s: \"%s\" nicht ge??ndert\n" +#, c-format +msgid "secret key %s: %s\n" +msgstr "Geheimer Schl??ssel \"%s\": %s\n" + msgid "importing secret keys not allowed\n" msgstr "Importieren geheimer Schl??ssel ist nicht erlaubt\n" diff --git a/po/el.po b/po/el.po index 4a15778..a6eb951 100644 --- a/po/el.po +++ b/po/el.po @@ -2016,6 +2016,13 @@ msgid "key %s: no user ID\n" msgstr "?????? %08lX: ??? ??????? ???? ?? user ID\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "???????????? `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "?????? %08lX: ??????????? ????????? ??????????? HKP\n" @@ -2110,6 +2117,10 @@ msgstr " msgid "key %s: \"%s\" not changed\n" msgstr "?????? %08lX: \"%s\" ??????????\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "?? ??????? ?????? `%s' ?? ???????: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "??????? ??? ???????? ???????? ??? `%s'\n" diff --git a/po/eo.po b/po/eo.po index e910584..21a54d7 100644 --- a/po/eo.po +++ b/po/eo.po @@ -1984,6 +1984,13 @@ msgid "key %s: no user ID\n" msgstr "?losilo %08lX: mankas uzantidentigilo\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "ignoris '%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "?losilo %08lX: mankas sub?losilo por ?losilbindado\n" @@ -2078,6 +2085,10 @@ msgstr " msgid "key %s: \"%s\" not changed\n" msgstr "?losilo %08lX: ne ?an?ita\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "?losilo '%s' ne trovita: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "skribas sekretan ?losilon al '%s'\n" diff --git a/po/es.po b/po/es.po index df0a502..7be33ec 100644 --- a/po/es.po +++ b/po/es.po @@ -1987,6 +1987,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "clave %s: sin identificador de usuario\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "omitido \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "clave %s: reparada la subclave PKS corrompida\n" @@ -2082,6 +2090,11 @@ msgstr "clave %s: \"%s\" %d nuevos identificadores de usuario\n" msgid "key %s: \"%s\" not changed\n" msgstr "clave %s: \"%s\" sin cambios\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "clave secreta \"%s\" no encontrada: %s\n" + msgid "importing secret keys not allowed\n" msgstr "no se permite importar claves secretas\n" diff --git a/po/et.po b/po/et.po index b635ce1..25a0e4a 100644 --- a/po/et.po +++ b/po/et.po @@ -1984,6 +1984,13 @@ msgid "key %s: no user ID\n" msgstr "v?ti %08lX: kasutaja ID puudub\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "`%s' j?tsin vahele: %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "v?ti %08lX: HKP alamv?tme rike parandatud\n" @@ -2079,6 +2086,10 @@ msgstr "v msgid "key %s: \"%s\" not changed\n" msgstr "v?ti %08lX: \"%s\" ei muudetud\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "salajast v?tit `%s' ei leitud: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "kirjutan salajase v?tme faili `%s'\n" diff --git a/po/fi.po b/po/fi.po index a180d81..9b52b14 100644 --- a/po/fi.po +++ b/po/fi.po @@ -2016,6 +2016,13 @@ msgid "key %s: no user ID\n" msgstr "avain %08lX: ei k??ytt??j??tunnusta\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "ohitetaan \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "avain %08lX: HKP-aliavainvirhe korjattu\n" @@ -2111,6 +2118,10 @@ msgstr "avain %08lX: \"%s\" %d uutta k??ytt??j??tunnusta\n" msgid "key %s: \"%s\" not changed\n" msgstr "avain %08lX: \"%s\" ei muutoksia\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "salaista avainta \"%s\" ei l??ydy: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n" diff --git a/po/fr.po b/po/fr.po index 57bc539..c2808d8 100644 --- a/po/fr.po +++ b/po/fr.po @@ -2008,6 +2008,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "clef %s??: pas d'identit??\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "????%s???? a ??t?? ignor??e??: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "clef %s??: corruption de sous-clef PKS r??par??e\n" @@ -2103,6 +2111,11 @@ msgstr "clef %s??: ????%s???? %d??identit??s nettoy??es\n" msgid "key %s: \"%s\" not changed\n" msgstr "clef %s??: ????%s???? n'est pas modifi??e\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "clef secr??te ????%s???? introuvable??: %s\n" + msgid "importing secret keys not allowed\n" msgstr "impossible d'importer des clefs secr??tes\n" diff --git a/po/gl.po b/po/gl.po index 3e94c4b..fe1eabc 100644 --- a/po/gl.po +++ b/po/gl.po @@ -2000,6 +2000,13 @@ msgid "key %s: no user ID\n" msgstr "chave %08lX: non hai ID de usuario\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "om?tese `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "chave %08lX: arranxouse a corrupci?n da sub-chave HKP\n" @@ -2098,6 +2105,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n" msgid "key %s: \"%s\" not changed\n" msgstr "chave %08lX: \"%s\" sen cambios\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "non se atopou a chave secreta `%s': %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "gravando a chave secreta en `%s'\n" diff --git a/po/hu.po b/po/hu.po index 4c76185..05e3b6a 100644 --- a/po/hu.po +++ b/po/hu.po @@ -1992,6 +1992,13 @@ msgid "key %s: no user ID\n" msgstr "%08lX kulcs: Nincs felhaszn?l?i azonos?t?.\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "Kihagytam \"%s\"-t: %s.\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "%08lX kulcs: HKP alkulcss?r?l?s kijav?tva.\n" @@ -2086,6 +2093,10 @@ msgstr "%08lX kulcs: \"%s\" %d msgid "key %s: \"%s\" not changed\n" msgstr "%08lX kulcs: \"%s\" nem v?ltozott.\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "\"%s\" titkos kulcs nem tal?lhat?: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "?rom a titkos kulcsot a %s ?llom?nyba.\n" diff --git a/po/id.po b/po/id.po index e24c85e..f17e4eb 100644 --- a/po/id.po +++ b/po/id.po @@ -2007,6 +2007,13 @@ msgid "key %s: no user ID\n" msgstr "kunci %08lX: tidak ada ID user\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "melewati `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "kunci %08lX: subkey HKP yang rusak diperbaiki\n" @@ -2101,6 +2108,10 @@ msgstr "kunci %08lX: \"%s\" %d user ID baru\n" msgid "key %s: \"%s\" not changed\n" msgstr "kunci %08lX: \"%s\" tidak berubah\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "kunci rahasia `%s' tidak ditemukan: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "menulis kunci rahasia ke `%s'\n" diff --git a/po/it.po b/po/it.po index fe4ef9d..0efc561 100644 --- a/po/it.po +++ b/po/it.po @@ -2015,6 +2015,13 @@ msgid "key %s: no user ID\n" msgstr "chiave %08lX: nessun user ID\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "saltata `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "chiave %08lX: riparati i danni di HKP alla subchiave\n" @@ -2109,6 +2116,10 @@ msgstr "chiave %08lX: \"%s\" %d nuovi user ID\n" msgid "key %s: \"%s\" not changed\n" msgstr "chiave %08lX: \"%s\" non cambiata\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "chiave segreta `%s' non trovata: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "scrittura della chiave segreta in `%s'\n" diff --git a/po/ja.po b/po/ja.po index 109e964..4b76e2a 100644 --- a/po/ja.po +++ b/po/ja.po @@ -1945,6 +1945,14 @@ msgstr " msgid "key %s: no user ID\n" msgstr "??%s: ????????ID????????????\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "??%s??????????????: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "??%s: PKS????????????????\n" @@ -2040,6 +2048,11 @@ msgstr " msgid "key %s: \"%s\" not changed\n" msgstr "??%s:??%s??????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "????????%s??????????????????: %s\n" + msgid "importing secret keys not allowed\n" msgstr "????????????????????????\n" diff --git a/po/nb.po b/po/nb.po index b18fb22..a242fce 100644 --- a/po/nb.po +++ b/po/nb.po @@ -1879,6 +1879,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "n?kkel %s: ingen brukerid\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "hoppet over ?%s?: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "n?kkel %s: PKS-undern?kkel reparert\n" @@ -1974,6 +1982,11 @@ msgstr "n msgid "key %s: \"%s\" not changed\n" msgstr "n?kkel %s: ?%s? ikke endret\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "hemmelig n?kkel ?%s? ble ikke funnet: %s\n" + msgid "importing secret keys not allowed\n" msgstr "import av hemmelig n?kkel er ikke tillatt\n" diff --git a/po/nl.po b/po/nl.po index 6b7d76c..b681cce 100644 --- a/po/nl.po +++ b/po/nl.po @@ -2013,6 +2013,14 @@ msgstr "Uw voorkeuren verbeteren met: gpg --edit-key %s updpref save\n" msgid "key %s: no user ID\n" msgstr "sleutel %s: geen Gebruiker ID\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "skipped ???%s???: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "sleutel %s: PKS sub-sleutel fouten verbeterd\n" @@ -2108,6 +2116,11 @@ msgstr "sleutel %s: ???%s??? %d gebruiker ID's opgeschoond\n" msgid "key %s: \"%s\" not changed\n" msgstr "sleutel %s: ???%s??? niet veranderd\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "secret key ???%s??? not found: %s\n" + msgid "importing secret keys not allowed\n" msgstr "importeren van geheime sleutels is niet toegestaan\n" diff --git a/po/pl.po b/po/pl.po index cfd9081..3696a0d 100644 --- a/po/pl.po +++ b/po/pl.po @@ -1955,6 +1955,14 @@ msgstr "ustawienia mo msgid "key %s: no user ID\n" msgstr "klucz %s: brak identyfikatora u?ytkownika\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "pomini?ty ,,%s'': %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "klucz %s: podklucz uszkodzony przez serwer PKS zosta? naprawiony\n" @@ -2050,6 +2058,11 @@ msgstr "klucz %s: ,,%s'' %d oczyszczonych identyfikator msgid "key %s: \"%s\" not changed\n" msgstr "klucz %s: ,,%s'' bez zmian\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "klucz prywatny ,,%s'' nie zosta? odnaleziony: %s\n" + msgid "importing secret keys not allowed\n" msgstr "wczytywanie kluczy tajnych nie jest dozwolone\n" diff --git a/po/pt.po b/po/pt.po index db037e0..9c95055 100644 --- a/po/pt.po +++ b/po/pt.po @@ -1996,6 +1996,13 @@ msgid "key %s: no user ID\n" msgstr "chave %08lX: sem ID de utilizador\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "ignorado `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "chave %08lX: subchave HKP corrompida foi reparada\n" @@ -2090,6 +2097,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n" msgid "key %s: \"%s\" not changed\n" msgstr "chave %08lX: \"%s\" n?o modificada\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "chave `%s' n?o encontrada: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "a escrever chave privada para `%s'\n" diff --git a/po/pt_BR.po b/po/pt_BR.po index 215ff45..0e2802c 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -1962,6 +1962,13 @@ msgid "key %s: no user ID\n" msgstr "chave %08lX: sem ID de usu?rio\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "ignorado `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "chave %08lX: sem subchave para liga??o de chaves\n" @@ -2056,6 +2063,10 @@ msgstr "chave %08lX: %d novos IDs de usu msgid "key %s: \"%s\" not changed\n" msgstr "chave %08lX: n?o modificada\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "usu?rio `%s' n?o encontrado: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "escrevendo certificado privado para `%s'\n" diff --git a/po/ro.po b/po/ro.po index bc7d8c3..a2c1c54 100644 --- a/po/ro.po +++ b/po/ro.po @@ -1975,6 +1975,14 @@ msgstr "v?? pute??i actualiza preferin??ele cu: gpg --edit-key %s updpref save\n msgid "key %s: no user ID\n" msgstr "cheia %s: nici un ID utilizator\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "s??rit?? \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "cheia %s: subcheia HPK corupt?? a fost reparat??\n" @@ -2070,6 +2078,11 @@ msgstr "cheia %s: \"%s\" %d ID-uri utilizator cur????ate\n" msgid "key %s: \"%s\" not changed\n" msgstr "cheia %s: \"%s\" nu a fost schimbat??\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "cheia secret?? \"%s\" nu a fost g??sit??: %s\n" + msgid "importing secret keys not allowed\n" msgstr "importul de chei secrete nu este permis\n" diff --git a/po/ru.po b/po/ru.po index 6e6ec64..ade0c81 100644 --- a/po/ru.po +++ b/po/ru.po @@ -1967,6 +1967,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "???????? %s: ???? ?????????? User ID\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "?????????????????? \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "???????? %s: PKS ?????????????????????? ?????????? ????????????????????\n" @@ -2062,6 +2070,11 @@ msgstr "???????? %s: \"%s\" %d ?????????????????? User ID\n" msgid "key %s: \"%s\" not changed\n" msgstr "???????? %s: \"%s\" ???? ??????????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "?????????????????? ???????? \"%s\" ???? ????????????: %s\n" + msgid "importing secret keys not allowed\n" msgstr "???????????????????????????? ???????????????????? ?????????? ???? ??????????????????\n" diff --git a/po/sk.po b/po/sk.po index daa8d69..05178c9 100644 --- a/po/sk.po +++ b/po/sk.po @@ -2003,6 +2003,13 @@ msgid "key %s: no user ID\n" msgstr "k??? %08lX: chyba identifik?tor u??vate?a\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "presko?en? `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "k??? %08lX: HKP po?kodenie podk???a opraven?\n" @@ -2099,6 +2106,10 @@ msgstr "k msgid "key %s: \"%s\" not changed\n" msgstr "k??? %08lX: \"%s\" bez zmeny\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "tajn? k??? `%s' nebol n?jden?: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "zapisujem tajn? k??? do `%s'\n" diff --git a/po/sv.po b/po/sv.po index acd7ad8..c58173a 100644 --- a/po/sv.po +++ b/po/sv.po @@ -2017,6 +2017,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "nyckel %s: ingen anv??ndaridentitet\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "hoppade ??ver \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + # Undernyckeln ??r skadad p?? HKP-servern. Vanligt fel vid m??nga undernycklar. #, c-format msgid "key %s: PKS subkey corruption repaired\n" @@ -2116,6 +2124,11 @@ msgstr "nyckel %s: \"%s\" %d anv??ndaridentiteter rensade\n" msgid "key %s: \"%s\" not changed\n" msgstr "nyckel %s: \"%s\" inte ??ndrad\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n" + msgid "importing secret keys not allowed\n" msgstr "import av hemliga nycklar till??ts inte\n" diff --git a/po/tr.po b/po/tr.po index cb9af54..6bec2c2 100644 --- a/po/tr.po +++ b/po/tr.po @@ -1950,6 +1950,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "anahtar %s: kullan??c?? kimli??i yok\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "\"%s\" atland??: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "anahtar %s: PKS yard??mc?? anahtar bozulmas?? giderildi\n" @@ -2045,6 +2053,11 @@ msgstr "anahtar %s: \"%s\" %d yeni kullan??c?? kimli??i\n" msgid "key %s: \"%s\" not changed\n" msgstr "anahtar %s: \"%s\" de??i??medi\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "gizli anahtar \"%s\" yok: %s\n" + msgid "importing secret keys not allowed\n" msgstr "gizli anahtar?? al??m??na izin verilmez\n" diff --git a/po/uk.po b/po/uk.po index 25ef39f..3916c26 100644 --- a/po/uk.po +++ b/po/uk.po @@ -2004,6 +2004,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "???????? %s: ?????????? ?????????????????????????? ??????????????????????\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "?????????????????? ??%s??: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "???????? %s: ???????????????????? ?????????????????????? ?????????????? PKS\n" @@ -2099,6 +2107,11 @@ msgstr "???????? %s: ??%s?? ???????????????????? %d ???????????????????????????? msgid "key %s: \"%s\" not changed\n" msgstr "???????? %s: ??%s?? ???? ??????????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "???????????????? ???????? ??%s?? ???? ????????????????: %s\n" + msgid "importing secret keys not allowed\n" msgstr "???????????????????????? ???????????????? ???????????? ????????????????????\n" diff --git a/po/zh_CN.po b/po/zh_CN.po index be8f292..08da3c1 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -1900,6 +1900,14 @@ msgstr "???????????????????????????????????????gpg --edit-key %s updpref save\n" msgid "key %s: no user ID\n" msgstr "?????? %s?????????????????????\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "???%s???????????????%s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "?????? %s???PKS ?????????????????????\n" @@ -1995,6 +2003,11 @@ msgstr "?????? %s??????%s???%d ????????????????????????\n" msgid "key %s: \"%s\" not changed\n" msgstr "?????? %s??????%s????????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "??????????????????%s??????%s\n" + msgid "importing secret keys not allowed\n" msgstr "?????????????????????\n" diff --git a/po/zh_TW.po b/po/zh_TW.po index 54a690a..7e5fa8f 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -1920,6 +1920,14 @@ msgstr "???????????????????????????????????????: gpg --edit-key %s updpref save\ msgid "key %s: no user ID\n" msgstr "?????? %s: ??????????????? ID\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "????????? \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "?????? %s: PKS ???????????????????????????\n" @@ -2015,6 +2023,11 @@ msgstr "?????? %s: \"%s\" ????????? %d ???????????? ID\n" msgid "key %s: \"%s\" not changed\n" msgstr "?????? %s: \"%s\" ?????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "??????????????? \"%s\": %s\n" + msgid "importing secret keys not allowed\n" msgstr "?????????????????????\n" commit bfc7893bdaf4dc674799ddddc0cae8f0af642b9d Author: Werner Koch Date: Mon Jun 23 16:09:34 2014 +0200 doc: Update from master. diff --git a/doc/gpg.texi b/doc/gpg.texi index 26179bd..8ea8199 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -906,6 +906,24 @@ Signs a public key with your secret key but marks it as non-exportable. This is a shortcut version of the subcommand "lsign" from @option{--edit-key}. + at ifset gpgtwoone + at item --quick-sign-key @code{fpr} [@code{names}] + at itemx --quick-lsign-key @code{name} + at opindex quick-sign-key + at opindex quick-lsign-key +Directly sign a key from the passphrase without any further user +interaction. The @code{fpr} must be the verified primary fingerprint +of a key in the local keyring. If no @code{names} are given, all +useful user ids are signed; with given [@code{names}] only useful user +ids matching one of theses names are signed. The command + at option{--quick-lsign-key} marks the signatures as non-exportable. + +This command uses reasonable defaults and thus does not provide the +full flexibility of the "sign" subcommand from @option{--edit-key}. +Its intended use to help unattended signing using a list of verified +fingerprints. + at end ifset + @ifclear gpgone @item --passwd @var{user_id} @opindex passwd @@ -1177,7 +1195,7 @@ for the key fingerprint, "%t" for the extension of the image type (e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"), "%v" for the single-character calculated validity of the image being viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g. -"full"), +"full"), "%U" for a base32 encoded hash of the user ID, and "%%" for an actual percent sign. If neither %i or %I are present, then the photo will be supplied to the viewer on standard input. @@ -1431,7 +1449,9 @@ Set what trust model GnuPG should follow. The models are: trusted. You generally won't use this unless you are using some external validation scheme. This option also suppresses the "[uncertain]" tag printed with signature checks when there is no - evidence that the user ID is bound to the key. + evidence that the user ID is bound to the key. Note that this + trust model still does not allow the use of expired, revoked, or + disabled keys. @item auto @opindex trust-mode:auto @@ -1482,6 +1502,10 @@ mechanisms, in the order they are to be tried: position of this mechanism in the list does not matter. It is not required if @code{local} is also used. + @item clear + Clear all defined mechanisms. This is useful to override + mechanisms given in a config file. + @end table @item --keyid-format @code{short|0xshort|long|0xlong} @@ -1606,16 +1630,29 @@ are available for all keyserver types, some common options are: program uses internally (libcurl, openldap, etc). @item check-cert + at ifset gpgtwoone + This option has no more function since GnuPG 2.1. Use the + @code{dirmngr} configuration options instead. + at end ifset + at ifclear gpgtwoone Enable certificate checking if the keyserver presents one (for hkps or ldaps). Defaults to on. + at end ifclear @item ca-cert-file + at ifset gpgtwoone + This option has no more function since GnuPG 2.1. Use the + @code{dirmngr} configuration options instead. + at end ifset + at ifclear gpgtwoone Provide a certificate store to override the system default. Only necessary if check-cert is enabled, and the keyserver is using a certificate that is not present in a system default certificate list. Note that depending on the SSL library that the keyserver helper is built with, this may actually be a directory or a file. + at end ifclear + @end table @item --completes-needed @code{n} @@ -1696,6 +1733,25 @@ been given. Given that this option is not anymore used by @command{gpg2}, it should be avoided if possible. @end ifset + + at ifclear gpgone + at item --agent-program @var{file} + at opindex agent-program +Specify an agent program to be used for secret key operations. The +default value is the @file{/usr/bin/gpg-agent}. This is only used +as a fallback when the environment variable @code{GPG_AGENT_INFO} is not +set or a running agent cannot be connected. + at end ifclear + + at ifset gpgtwoone + at item --dirmngr-program @var{file} + at opindex dirmngr-program +Specify a dirmngr program to be used for keyserver access. The +default value is @file{/usr/sbin/dirmngr}. This is only used as a +fallback when the environment variable @code{DIRMNGR_INFO} is not set or +a running dirmngr cannot be connected. + at end ifset + @item --lock-once @opindex lock-once Lock the databases the first time a lock is requested @@ -2053,6 +2109,15 @@ Since GnuPG 2.0.10, this mode is always used and thus this option is obsolete; it does not harm to use it though. @end ifclear + at ifset gpgtwoone + at item --legacy-list-mode + at opindex legacy-list-mode +Revert to the pre-2.1 public key list mode. This only affects the +human readable output and not the machine interface +(i.e. @code{--with-colons}). Note that the legacy format does not +allow to convey suitable information for elliptic curves. + at end ifset + @item --with-fingerprint @opindex with-fingerprint Same as the command @option{--fingerprint} but changes only the format @@ -2062,6 +2127,12 @@ of the output and may be used together with another command. @item --with-keygrip @opindex with-keygrip Include the keygrip in the key listings. + + at item --with-secret + at opindex with-secret +Include info about the presence of a secret key in public key listings +done with @code{--with-colons}. + @end ifset @end table @@ -2244,9 +2315,13 @@ a message that PGP 2.x will not be able to handle. Note that `PGP available, but the MIT release is a good common baseline. This option implies @option{--rfc1991 --disable-mdc ---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo -IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables - at option{--textmode} when encrypting. +--no-force-v4-certs --escape-from-lines --force-v3-sigs + at ifclear gpgone +--allow-weak-digest-algos + at end ifclear +--cipher-algo IDEA --digest-algo +MD5--compress-algo ZIP}. It also disables @option{--textmode} when +encrypting. @item --pgp6 @opindex pgp6 @@ -2702,6 +2777,14 @@ necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. + at ifclear gpgone + at item --allow-weak-digest-algos + at opindex allow-weak-digest-algos +Signatures made with the broken MD5 algorithm are normally rejected +with an ``invalid digest algorithm'' message. This option allows the +verification of signatures made with such weak algorithms. + at end ifclear + @item --no-default-keyring @opindex no-default-keyring Do not add the default keyrings to the list of keyrings. Note that @@ -2963,18 +3046,33 @@ files; They all live in in the current home directory (@pxref{option @table @file - @item ~/.gnupg/secring.gpg - The secret keyring. You should backup this file. - - @item ~/.gnupg/secring.gpg.lock - The lock file for the secret keyring. - @item ~/.gnupg/pubring.gpg The public keyring. You should backup this file. @item ~/.gnupg/pubring.gpg.lock The lock file for the public keyring. + at ifset gpgtwoone + @item ~/.gnupg/pubring.kbx + The public keyring using a different format. This file is sharred + with @command{gpgsm}. You should backup this file. + + @item ~/.gnupg/pubring.kbx.lock + The lock file for @file{pubring.kbx}. + at end ifset + + @item ~/.gnupg/secring.gpg + at ifclear gpgtwoone + The secret keyring. You should backup this file. + at end ifclear + at ifset gpgtwoone + A secret keyring as used by GnuPG versions before 2.1. It is not + used by GnuPG 2.1 and later. + + @item ~/.gnupg/.gpg-v21-migrated + File indicating that a migration to GnuPG 2.1 has taken place. + at end ifset + @item ~/.gnupg/trustdb.gpg The trust database. There is no need to backup this file; it is better to backup the ownertrust values (@pxref{option --export-ownertrust}). @@ -2985,6 +3083,9 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/random_seed A file used to preserve the state of the internal random pool. + @item ~/.gnupg/secring.gpg.lock + The lock file for the secret keyring. + @item /usr[/local]/share/gnupg/options.skel The skeleton options file. diff --git a/doc/yat2m.c b/doc/yat2m.c index 5dc81bf..2ac4390 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005 g10 Code GmbH + * Copyright (C) 2005, 2013 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ */ /* - This is a simple textinfo to man page converter. It needs some + This is a simple texinfo to man page converter. It needs some special markup in th e texinfo and tries best to get a create man page. It has been designed for the GnuPG man pages and thus only a few texinfo commands are supported. @@ -107,6 +107,9 @@ character. */ #define LINESIZE 1024 +/* Number of allowed condition nestings. */ +#define MAX_CONDITION_NESTING 10 + /* Option flags. */ static int verbose; static int quiet; @@ -117,10 +120,6 @@ static const char *opt_select; static const char *opt_include; static int opt_store; -/* The only define we understand is -D gpgone. Thus we need a simple - boolean tro track it. */ -static int gpgone_defined; - /* Flag to keep track whether any error occurred. */ static int any_error; @@ -129,7 +128,7 @@ static int any_error; struct macro_s { struct macro_s *next; - char *value; /* Malloced value. */ + char *value; /* Malloced value. */ char name[1]; }; typedef struct macro_s *macro_t; @@ -137,6 +136,24 @@ typedef struct macro_s *macro_t; /* List of all defined macros. */ static macro_t macrolist; +/* List of global macro names. The value part is not used. */ +static macro_t predefinedmacrolist; + +/* Object to keep track of @isset and @ifclear. */ +struct condition_s +{ + int manverb; /* "manverb" needs special treatment. */ + int isset; /* This is an @isset condition. */ + char name[1]; /* Name of the condition macro. */ +}; +typedef struct condition_s *condition_t; + +/* The stack used to evaluate conditions. And the current states. */ +static condition_t condition_stack[MAX_CONDITION_NESTING]; +static int condition_stack_idx; +static int cond_is_active; /* State of ifset/ifclear */ +static int cond_in_verbatim; /* State of "manverb". */ + /* Object to store one line of content. */ struct line_buffer_s @@ -313,7 +330,158 @@ isodatestring (void) } +/* Add NAME to the list of predefined macros which are global for all + files. */ +static void +add_predefined_macro (const char *name) +{ + macro_t m; + + for (m=predefinedmacrolist; m; m = m->next) + if (!strcmp (m->name, name)) + break; + if (!m) + { + m = xcalloc (1, sizeof *m + strlen (name)); + strcpy (m->name, name); + m->next = predefinedmacrolist; + predefinedmacrolist = m; + } +} + + +/* Create or update a macro with name MACRONAME and set its values TO + MACROVALUE. Note that ownership of the macro value is transferred + to this function. */ +static void +set_macro (const char *macroname, char *macrovalue) +{ + macro_t m; + + for (m=macrolist; m; m = m->next) + if (!strcmp (m->name, macroname)) + break; + if (m) + free (m->value); + else + { + m = xcalloc (1, sizeof *m + strlen (macroname)); + strcpy (m->name, macroname); + m->next = macrolist; + macrolist = m; + } + m->value = macrovalue; + macrovalue = NULL; +} + + +/* Return true if the macro NAME is set, i.e. not the empty string and + not evaluating to 0. */ +static int +macro_set_p (const char *name) +{ + macro_t m; + + for (m = macrolist; m ; m = m->next) + if (!strcmp (m->name, name)) + break; + if (!m || !m->value || !*m->value) + return 0; + if ((*m->value & 0x80) || !isdigit (*m->value)) + return 1; /* Not a digit but some other string. */ + return !!atoi (m->value); +} + + +/* Evaluate the current conditions. */ +static void +evaluate_conditions (const char *fname, int lnr) +{ + int i; + + /* for (i=0; i < condition_stack_idx; i++) */ + /* inf ("%s:%d: stack[%d] %s %s %c", */ + /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */ + /* condition_stack[i]->name, */ + /* (macro_set_p (condition_stack[i]->name) */ + /* ^ !condition_stack[i]->isset)? 't':'f'); */ + + cond_is_active = 1; + cond_in_verbatim = 0; + if (condition_stack_idx) + { + for (i=0; i < condition_stack_idx; i++) + { + if (condition_stack[i]->manverb) + cond_in_verbatim = (macro_set_p (condition_stack[i]->name) + ^ !condition_stack[i]->isset); + else if (!(macro_set_p (condition_stack[i]->name) + ^ !condition_stack[i]->isset)) + { + cond_is_active = 0; + break; + } + } + } + + /* inf ("%s:%d: active=%d verbatim=%d", */ + /* fname, lnr, cond_is_active, cond_in_verbatim); */ +} + + +/* Push a condition with condition macro NAME onto the stack. If + ISSET is true, a @isset condition is pushed. */ +static void +push_condition (const char *name, int isset, const char *fname, int lnr) +{ + condition_t cond; + int manverb = 0; + if (condition_stack_idx >= MAX_CONDITION_NESTING) + { + err ("%s:%d: condition nested too deep", fname, lnr); + return; + } + + if (!strcmp (name, "manverb")) + { + if (!isset) + { + err ("%s:%d: using \"@ifclear manverb\" is not allowed", fname, lnr); + return; + } + manverb = 1; + } + + cond = xcalloc (1, sizeof *cond + strlen (name)); + cond->manverb = manverb; + cond->isset = isset; + strcpy (cond->name, name); + + condition_stack[condition_stack_idx++] = cond; + evaluate_conditions (fname, lnr); +} + + +/* Remove the last condition from the stack. ISSET is used for error + reporting. */ +static void +pop_condition (int isset, const char *fname, int lnr) +{ + if (!condition_stack_idx) + { + err ("%s:%d: unbalanced \"@end %s\"", + fname, lnr, isset?"isset":"isclear"); + return; + } + condition_stack_idx--; + free (condition_stack[condition_stack_idx]); + condition_stack[condition_stack_idx] = NULL; + evaluate_conditions (fname, lnr); +} + + + /* Return a section buffer for the section NAME. Allocate a new buffer if this is a new section. Keep track of the sections in THEPAGE. This function may reallocate the section array in THEPAGE. */ @@ -862,14 +1030,8 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) int lnr = 0; /* Fixme: The following state variables don't carry over to include files. */ - int in_verbatim = 0; int skip_to_end = 0; /* Used to skip over menu entries. */ int skip_sect_line = 0; /* Skip after @mansect. */ - int ifset_nesting = 0; /* How often a ifset has been seen. */ - int ifclear_nesting = 0; /* How often a ifclear has been seen. */ - int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */ - int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */ - int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */ int item_indent = 0; /* How far is the current @item indented. */ /* Helper to define a macro. */ @@ -883,7 +1045,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) { size_t n = strlen (line); int got_line = 0; - char *p; + char *p, *pend; lnr++; if (!n || line[n-1] != '\n') @@ -930,26 +1092,12 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "macro", 5) && (p[5]==' '||p[5]=='\t'||!p[5])) { - macro_t m; - if (macrovalueused) macrovalue[--macrovalueused] = 0; /* Kill the last LF. */ macrovalue[macrovalueused] = 0; /* Terminate macro. */ macrovalue = xrealloc (macrovalue, macrovalueused+1); - for (m= macrolist; m; m = m->next) - if (!strcmp (m->name, macroname)) - break; - if (m) - free (m->value); - else - { - m = xcalloc (1, sizeof *m + strlen (macroname)); - strcpy (m->name, macroname); - m->next = macrolist; - macrolist = m; - } - m->value = macrovalue; + set_macro (macroname, macrovalue); macrovalue = NULL; free (macroname); macroname = NULL; @@ -997,23 +1145,33 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) if (n == 6 && !memcmp (line, "@ifset", 6) && (line[6]==' '||line[6]=='\t')) { - ifset_nesting++; - - if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7])) + for (p=line+7; *p == ' ' || *p == '\t'; p++) + ; + if (!*p) { - if (in_verbatim) - err ("%s:%d: nested \"@ifset manverb\"", fname, lnr); - else - in_verbatim = ifset_nesting; + err ("%s:%d: name missing after \"@ifset\"", fname, lnr); + continue; } - else if (!strncmp (p, "gpgone", 6) - && (p[6]==' '||p[6]=='\t'||!p[6])) + for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++) + ; + *pend = 0; /* Ignore rest of the line. */ + push_condition (p, 1, fname, lnr); + continue; + } + else if (n == 8 && !memcmp (line, "@ifclear", 8) + && (line[8]==' '||line[8]=='\t')) + { + for (p=line+9; *p == ' ' || *p == '\t'; p++) + ; + if (!*p) { - if (in_gpgone) - err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr); - else - in_gpgone = ifset_nesting; + err ("%s:%d: name missing after \"@ifsclear\"", fname, lnr); + continue; } + for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++) + ; + *pend = 0; /* Ignore rest of the line. */ + push_condition (p, 0, fname, lnr); continue; } else if (n == 4 && !memcmp (line, "@end", 4) @@ -1021,40 +1179,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "ifset", 5) && (p[5]==' '||p[5]=='\t'||!p[5])) { - if (in_verbatim && ifset_nesting == in_verbatim) - in_verbatim = 0; - if (in_gpgone && ifset_nesting == in_gpgone) - in_gpgone = 0; - - if (ifset_nesting) - ifset_nesting--; - else - err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr); - continue; - } - else if (n == 8 && !memcmp (line, "@ifclear", 8) - && (line[8]==' '||line[8]=='\t')) - { - ifclear_nesting++; - - if (!strncmp (p, "gpgone", 6) - && (p[6]==' '||p[6]=='\t'||!p[6])) - { - if (not_in_gpgone) - err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr); - else - not_in_gpgone = ifclear_nesting; - } - - else if (!strncmp (p, "isman", 5) - && (p[5]==' '||p[5]=='\t'||!p[5])) - { - if (not_in_man) - err ("%s:%d: nested \"@ifclear isman\"", fname, lnr); - else - not_in_man = ifclear_nesting; - } - + pop_condition (1, fname, lnr); continue; } else if (n == 4 && !memcmp (line, "@end", 4) @@ -1062,23 +1187,13 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) && !strncmp (p, "ifclear", 7) && (p[7]==' '||p[7]=='\t'||!p[7])) { - if (not_in_gpgone && ifclear_nesting == not_in_gpgone) - not_in_gpgone = 0; - if (not_in_man && ifclear_nesting == not_in_man) - not_in_man = 0; - - if (ifclear_nesting) - ifclear_nesting--; - else - err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr); + pop_condition (0, fname, lnr); continue; } } /* Take action on ifset/ifclear. */ - if ( (in_gpgone && !gpgone_defined) - || (not_in_gpgone && gpgone_defined) - || not_in_man) + if (!cond_is_active) continue; /* Process commands. */ @@ -1090,7 +1205,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) { skip_to_end = 0; } - else if (in_verbatim) + else if (cond_in_verbatim) { got_line = 1; } @@ -1182,7 +1297,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) else if (!skip_to_end) got_line = 1; - if (got_line && in_verbatim) + if (got_line && cond_in_verbatim) add_content (*section_name, line, 1); else if (got_line && thepage.name && *section_name && !in_pause) add_content (*section_name, line, 0); @@ -1201,6 +1316,8 @@ top_parse_file (const char *fname, FILE *fp) { char *section_name = NULL; /* Name of the current section or NULL if not in a section. */ + macro_t m; + while (macrolist) { macro_t next = macrolist->next; @@ -1208,6 +1325,10 @@ top_parse_file (const char *fname, FILE *fp) free (macrolist); macrolist = next; } + for (m=predefinedmacrolist; m; m = m->next) + set_macro (m->name, xstrdup ("1")); + cond_is_active = 1; + cond_in_verbatim = 0; parse_file (fname, fp, §ion_name, 0); free (section_name); @@ -1223,6 +1344,12 @@ main (int argc, char **argv) opt_source = "GNU"; opt_release = ""; + /* Define default macros. The trick is that these macros are not + defined when using the actual texinfo renderer. */ + add_predefined_macro ("isman"); + add_predefined_macro ("manverb"); + + /* Option parsing. */ if (argc) { argc--; argv++; @@ -1327,8 +1454,7 @@ main (int argc, char **argv) argc--; argv++; if (argc) { - if (!strcmp (*argv, "gpgone")) - gpgone_defined = 1; + add_predefined_macro (*argv); argc--; argv++; } } commit 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe Author: Werner Koch Date: Mon Jun 23 17:14:15 2014 +0200 Fix syntax error introduced with 60bd6488 * g10/apdu.c (pcsc_dword_t): Fix syntax error. diff --git a/g10/apdu.c b/g10/apdu.c index 6e7faf0..66cf30b 100644 --- a/g10/apdu.c +++ b/g10/apdu.c @@ -84,7 +84,7 @@ #endif #if defined(__APPLE__) || defined(_WIN32) || defined(__CYGWIN__) -typedef unsinged int pcsc_dword_t; +typedef unsigned int pcsc_dword_t; #else typedef unsigned long pcsc_dword_t; #endif @@ -1290,7 +1290,7 @@ connect_pcsc_card (int slot) { char reader[250]; pcsc_dword_t readerlen, atrlen; - long card_state, card_protocol; + pcsc_dword_t card_state, card_protocol; atrlen = DIM (reader_table[0].atr); readerlen = sizeof reader -1 ; @@ -1300,7 +1300,8 @@ connect_pcsc_card (int slot) reader_table[slot].atr, &atrlen); if (err) log_error ("pcsc_status failed: %s (0x%lx) %lu\n", - pcsc_error_string (err), err, readerlen); + pcsc_error_string (err), + (unsigned long)err, (unsigned long)readerlen); else { if (atrlen > DIM (reader_table[0].atr)) commit 5230304349490f31aa64ee2b69a8a2bc06bf7816 Author: Stefan Tomanek Date: Thu Jan 30 00:57:43 2014 +0100 Screen keyserver responses. * g10/main.h: Typedef import_filter for filter callbacks. * g10/import.c (import): Add filter callbacks to param list. (import_one): Ditto. (import_secret_one): Ditto. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_retrieval_filter): New. (keyserver_spawn): Pass filter to import_keys_stream() -- These changes introduces import functions that apply a constraining filter to imported keys. These filters can verify the fingerprints of the keys returned before importing them into the keyring, ensuring that the keys fetched from the keyserver are in fact those selected by the user beforehand. Signed-off-by: Stefan Tomanek Re-indention and minor changes by wk. diff --git a/g10/import.c b/g10/import.c index 441dcca..e40141e 100644 --- a/g10/import.c +++ b/g10/import.c @@ -59,14 +59,17 @@ struct stats_s { static int import( IOBUF inp, const char* fname,struct stats_s *stats, - unsigned char **fpr,size_t *fpr_len,unsigned int options ); + unsigned char **fpr,size_t *fpr_len,unsigned int options, + import_filter filter, void *filter_arg ); static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); static void revocation_present(KBNODE keyblock); static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats, unsigned char **fpr,size_t *fpr_len, - unsigned int options,int from_sk); + unsigned int options,int from_sk, + import_filter filter, void *filter_arg); static int import_secret_one( const char *fname, KBNODE keyblock, - struct stats_s *stats, unsigned int options); + struct stats_s *stats, unsigned int options, + import_filter filter, void *filter_arg); static int import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats); static int chk_self_sigs( const char *fname, KBNODE keyblock, @@ -163,7 +166,8 @@ import_release_stats_handle (void *p) static int import_keys_internal( IOBUF inp, char **fnames, int nnames, void *stats_handle, unsigned char **fpr, size_t *fpr_len, - unsigned int options ) + unsigned int options, + import_filter filter, void *filter_arg) { int i, rc = 0; struct stats_s *stats = stats_handle; @@ -172,7 +176,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, stats = import_new_stats_handle (); if (inp) { - rc = import( inp, "[stream]", stats, fpr, fpr_len, options); + rc = import (inp, "[stream]", stats, fpr, fpr_len, options, + filter, filter_arg); } else { int once = (!fnames && !nnames); @@ -192,7 +197,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); else { - rc = import( inp2, fname, stats, fpr, fpr_len, options ); + rc = import (inp2, fname, stats, fpr, fpr_len, options, + NULL, NULL); iobuf_close(inp2); /* Must invalidate that ugly cache to actually close it. */ iobuf_ioctl (NULL, 2, 0, (char*)fname); @@ -223,19 +229,23 @@ void import_keys( char **fnames, int nnames, void *stats_handle, unsigned int options ) { - import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options); + import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL, + options, NULL, NULL); } int import_keys_stream( IOBUF inp, void *stats_handle, - unsigned char **fpr, size_t *fpr_len,unsigned int options ) + unsigned char **fpr, size_t *fpr_len,unsigned int options, + import_filter filter, void *filter_arg ) { - return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options); + return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len, + options, filter, filter_arg); } static int import( IOBUF inp, const char* fname,struct stats_s *stats, - unsigned char **fpr,size_t *fpr_len,unsigned int options ) + unsigned char **fpr,size_t *fpr_len,unsigned int options, + import_filter filter, void *filter_arg) { PACKET *pending_pkt = NULL; KBNODE keyblock = NULL; @@ -252,9 +262,11 @@ import( IOBUF inp, const char* fname,struct stats_s *stats, while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) { if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) - rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0); - else if( keyblock->pkt->pkttype == PKT_SECRET_KEY ) - rc = import_secret_one( fname, keyblock, stats, options ); + rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0, + filter, filter_arg); + else if( keyblock->pkt->pkttype == PKT_SECRET_KEY ) + rc = import_secret_one (fname, keyblock, stats, options, + filter, filter_arg); else if( keyblock->pkt->pkttype == PKT_SIGNATURE && keyblock->pkt->pkt.signature->sig_class == 0x20 ) rc = import_revoke_cert( fname, keyblock, stats ); @@ -738,7 +750,7 @@ check_prefs(KBNODE keyblock) static int import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, unsigned char **fpr,size_t *fpr_len,unsigned int options, - int from_sk ) + int from_sk, import_filter filter, void *filter_arg) { PKT_public_key *pk; PKT_public_key *pk_orig; @@ -778,6 +790,13 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, return 0; } + if (filter && filter (pk, NULL, filter_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk(pk), + _("rejected by import filter")); + return 0; + } + if (opt.interactive) { if(is_status_enabled()) print_import_check (pk, uidnode->pkt->pkt.user_id); @@ -1146,7 +1165,8 @@ sec_to_pub_keyblock(KBNODE sec_keyblock) */ static int import_secret_one( const char *fname, KBNODE keyblock, - struct stats_s *stats, unsigned int options) + struct stats_s *stats, unsigned int options, + import_filter filter, void *filter_arg) { PKT_secret_key *sk; KBNODE node, uidnode; @@ -1162,6 +1182,12 @@ import_secret_one( const char *fname, KBNODE keyblock, keyid_from_sk( sk, keyid ); uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); + if (filter && filter (NULL, sk, filter_arg)) { + log_error (_("secret key %s: %s\n"), keystr_from_sk(sk), + _("rejected by import filter")); + return 0; + } + if( opt.verbose ) { log_info( "sec %4u%c/%s %s ", @@ -1240,8 +1266,9 @@ import_secret_one( const char *fname, KBNODE keyblock, KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock); if(pub_keyblock) { - import_one(fname,pub_keyblock,stats, - NULL,NULL,opt.import_options,1); + import_one (fname, pub_keyblock, stats, + NULL, NULL, opt.import_options, 1, + NULL, NULL); release_kbnode(pub_keyblock); } } diff --git a/g10/keyserver.c b/g10/keyserver.c index 7bf9830..dca5e18 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -656,7 +656,7 @@ parse_keyrec(char *keystring) case 'R': work->flags|=1; break; - + case 'd': case 'D': work->flags|=2; @@ -910,7 +910,7 @@ keyserver_search_prompt(IOBUF buffer,const char *searchstr) /* Leave this commented out or now, and perhaps for a very long time. All HKPish servers return HTML error messages for no-key-found. */ - /* + /* if(!started) log_info(_("keyserver does not support searching\n")); else @@ -959,7 +959,52 @@ direct_uri_map(const char *scheme,unsigned int is_direct) #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\"" #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" -static int + +/* Check whether a key matches the search description. The filter + returns 0 if the key shall be imported. Note that this kind of + filter is not related to the iobuf filters. */ +static int +keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) +{ + KEYDB_SEARCH_DESC *desc = arg; + u32 keyid[2]; + byte fpr[MAX_FINGERPRINT_LEN]; + size_t fpr_len = 0; + + /* Secret keys are not expected from a keyserver. Do not import. */ + if (sk) + return G10ERR_GENERAL; + + fingerprint_from_pk (pk, fpr, &fpr_len); + keyid_from_pk (pk, keyid); + + /* Compare requested and returned fingerprints if available. */ + if (desc->mode == KEYDB_SEARCH_MODE_FPR20) + { + if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20)) + return G10ERR_GENERAL; + } + else if (desc->mode == KEYDB_SEARCH_MODE_FPR16) + { + if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16)) + return G10ERR_GENERAL; + } + else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID) + { + if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1]) + return G10ERR_GENERAL; + } + else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID) + { + if (keyid[1] != desc->u.kid[1]) + return G10ERR_GENERAL; + } + + return 0; +} + + +static int keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, int count,int *prog,unsigned char **fpr,size_t *fpr_len, struct keyserver_spec *keyserver) @@ -999,7 +1044,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, the program of this process lives. Fortunately Windows provides a way to retrieve this and our get_libexecdir function has been modified to return just this. Setting the exec-path is not - anymore required. + anymore required. set_exec_path(libexecdir); */ #else @@ -1031,7 +1076,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, fetcher that can speak that protocol (this is a problem for LDAP). */ - strcat(command,GPGKEYS_PREFIX); + strcat(command,GPGKEYS_PREFIX); strcat(command,scheme); /* This "_uri" thing is in case we need to call a direct handler @@ -1061,7 +1106,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, { command=xrealloc(command,strlen(command)+ strlen(KEYSERVER_ARGS_NOKEEP)+1); - strcat(command,KEYSERVER_ARGS_NOKEEP); + strcat(command,KEYSERVER_ARGS_NOKEEP); } ret=exec_write(&spawn,NULL,command,NULL,0,0); @@ -1509,8 +1554,9 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, but we better protect against rogue keyservers. */ import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len, - (opt.keyserver_options.import_options - | IMPORT_NO_SECKEY)); + (opt.keyserver_options.import_options + | IMPORT_NO_SECKEY), + keyserver_retrieval_filter, desc); import_print_stats(stats_handle); import_release_stats_handle(stats_handle); @@ -1541,7 +1587,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, return ret; } -static int +static int keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, int count,unsigned char **fpr,size_t *fpr_len, struct keyserver_spec *keyserver) @@ -1611,7 +1657,7 @@ keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, #endif /* ! DISABLE_KEYSERVER_HELPERS*/ } -int +int keyserver_export(STRLIST users) { STRLIST sl=NULL; @@ -1643,7 +1689,7 @@ keyserver_export(STRLIST users) return rc; } -int +int keyserver_import(STRLIST users) { KEYDB_SEARCH_DESC *desc; @@ -1703,7 +1749,7 @@ keyserver_import_fprint(const byte *fprint,size_t fprint_len, return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver); } -int +int keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver) { KEYDB_SEARCH_DESC desc; @@ -1718,7 +1764,7 @@ keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver) } /* code mostly stolen from do_export_stream */ -static int +static int keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) { int rc=0,ndesc,num=100; @@ -1741,10 +1787,10 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) } else { - for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) + for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) ; desc = xmalloc ( ndesc * sizeof *desc); - + for (ndesc=0, sl=users; sl; sl = sl->next) { if(classify_user_id (sl->d, desc+ndesc)) @@ -1757,7 +1803,7 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) while (!(rc = keydb_search (kdbhd, desc, ndesc))) { - if (!users) + if (!users) desc[0].mode = KEYDB_SEARCH_MODE_NEXT; /* read the keyblock */ @@ -1860,7 +1906,7 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) if(rc==-1) rc=0; - + leave: if(rc) xfree(*klist); @@ -2043,7 +2089,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len) rc=import_keys_stream (key, NULL, fpr, fpr_len, (opt.keyserver_options.import_options - | IMPORT_NO_SECKEY)); + | IMPORT_NO_SECKEY), NULL, NULL); opt.no_armor=armor_status; @@ -2182,7 +2228,7 @@ keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len) snprintf(port,7,":%u",srvlist[i].port); strcat(keyserver->host,port); } - + strcat(keyserver->host," "); } @@ -2198,7 +2244,7 @@ keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len) strcat(keyserver->host,domain); append_to_strlist(&list,name); - + rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver); free_strlist(list); diff --git a/g10/main.h b/g10/main.h index 784ade0..e4c4385 100644 --- a/g10/main.h +++ b/g10/main.h @@ -207,11 +207,15 @@ MPI encode_md_value( PKT_public_key *pk, PKT_secret_key *sk, MD_HANDLE md, int hash_algo ); /*-- import.c --*/ + +typedef int (*import_filter)(PKT_public_key *pk, PKT_secret_key *sk, void *arg); + int parse_import_options(char *str,unsigned int *options,int noisy); void import_keys( char **fnames, int nnames, void *stats_hd, unsigned int options ); -int import_keys_stream( IOBUF inp,void *stats_hd,unsigned char **fpr, - size_t *fpr_len,unsigned int options ); +int import_keys_stream (IOBUF inp,void *stats_hd,unsigned char **fpr, + size_t *fpr_len,unsigned int options, + import_filter filter, void *filter_arg); void *import_new_stats_handle (void); void import_release_stats_handle (void *p); void import_print_stats (void *hd); commit 8eab483a1c4817a2946624c7305f464089d1875e Author: Werner Koch Date: Mon Jun 23 14:57:32 2014 +0200 Print hash algorithm in sig records * g10/keylist.c (list_keyblock_colon): Print field 16. -- We have this info already in gnupg-2 and it is easy to add it to 1.4. Debian-bug-id: 672658 Patch written and tested by Daniel Leidert. See above. diff --git a/g10/keylist.c b/g10/keylist.c index 6618a7f..2728308 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1370,19 +1370,15 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) print_string( stdout, p, n, ':' ); xfree(p); } - printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l'); + printf(":%02x%c::", sig->sig_class,sig->flags.exportable?'x':'l'); if(opt.no_sig_cache && opt.check_sigs && fprokay) { - printf(":"); - for (i=0; i < fplen ; i++ ) printf ("%02X", fparray[i] ); - - printf(":"); } - printf("\n"); + printf(":::%d:\n", sig->digest_algo); if(opt.show_subpackets) print_subpackets_colon(sig); commit 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd Author: Werner Koch Date: Mon Jun 23 13:24:43 2014 +0200 Remove useless diagnostic in MDC verification. * g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC packet header and a bad MDC. -- The separate diagnostic was introduced for debugging a problems. For explaining an MDC error a single error message is easier to understand. diff --git a/g10/encr-data.c b/g10/encr-data.c index 8d277ce..c65aa11 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -208,12 +208,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) cipher_decrypt ( dfx->cipher_hd, dfx->defer, dfx->defer, 22); md_write ( dfx->mdc_hash, dfx->defer, 2); md_final ( dfx->mdc_hash ); - if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' ) { - log_error("mdc_packet with invalid encoding\n"); - rc = G10ERR_INVALID_PACKET; - } - else if ( datalen != 20 - || memcmp(md_read( dfx->mdc_hash, 0 ), dfx->defer+2, datalen) ) + if ( dfx->defer[0] != '\xd3' + || dfx->defer[1] != '\x14' + || datalen != 20 + || memcmp (md_read (dfx->mdc_hash, 0 ), dfx->defer+2, datalen)) rc = G10ERR_BAD_SIGN; /*log_hexdump("MDC calculated:",md_read( dfx->mdc_hash, 0), datalen);*/ /*log_hexdump("MDC message :", dfx->defer, 20);*/ ----------------------------------------------------------------------- Summary of changes: AUTHORS | 29 +++++- NEWS | 20 +++- README | 27 +++-- configure.ac | 2 +- doc/gpg.texi | 123 ++++++++++++++++++++-- doc/yat2m.c | 310 ++++++++++++++++++++++++++++++++++++++----------------- g10/apdu.c | 7 +- g10/encr-data.c | 10 +- g10/import.c | 61 ++++++++--- g10/keylist.c | 8 +- g10/keyserver.c | 86 +++++++++++---- g10/main.h | 8 +- po/be.po | 11 ++ po/ca.po | 11 ++ po/cs.po | 13 +++ po/da.po | 13 +++ po/de.po | 13 ++- po/el.po | 11 ++ po/eo.po | 11 ++ po/es.po | 13 +++ po/et.po | 11 ++ po/fi.po | 11 ++ po/fr.po | 13 +++ po/gl.po | 11 ++ po/hu.po | 11 ++ po/id.po | 11 ++ po/it.po | 11 ++ po/ja.po | 13 +++ po/nb.po | 13 +++ po/nl.po | 13 +++ po/pl.po | 13 +++ po/pt.po | 11 ++ po/pt_BR.po | 11 ++ po/ro.po | 13 +++ po/ru.po | 13 +++ po/sk.po | 11 ++ po/sv.po | 13 +++ po/tr.po | 13 +++ po/uk.po | 13 +++ po/zh_CN.po | 13 +++ po/zh_TW.po | 13 +++ util/argparse.c | 2 +- 42 files changed, 864 insertions(+), 180 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 24 13:46:40 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Jun 2014 13:46:40 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-17-g74c7ab5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 74c7ab5fa636c7721dd7529d5bbfce70a47e5550 (commit) via 6295b6675ebd3385c6d173690fdab6df6c31d3d8 (commit) via dce1dad23dba1936e6b17bec548f4307e4f39cf1 (commit) via 2c8e00137a340d04f0836f75e138dd85f8c9eff7 (commit) via f4fcaa29367daacfe0ca209fa83dfa8640ace276 (commit) via d6ca407a27877174c10adfae9dc601bea996cf27 (commit) from 3f17b74aa57ac1ea2f3aa93dec4889778a21afeb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 74c7ab5fa636c7721dd7529d5bbfce70a47e5550 Author: Werner Koch Date: Tue Jun 24 13:46:52 2014 +0200 doc: Add note regarding gpg-preset-passphrase and --max-cache-ttl. -- GnuPG-bug-id: 1615 diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index bfb1d93..c3dfd82 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -372,13 +372,16 @@ seconds. The default is 1800 seconds. @opindex max-cache-ttl Set the maximum time a cache entry is valid to @var{n} seconds. After this time a cache entry will be expired even if it has been accessed -recently. The default is 2 hours (7200 seconds). +recently or has been set using @command{gpg-preset-passphrase}. The +default is 2 hours (7200 seconds). @item --max-cache-ttl-ssh @var{n} @opindex max-cache-ttl-ssh -Set the maximum time a cache entry used for SSH keys is valid to @var{n} -seconds. After this time a cache entry will be expired even if it has -been accessed recently. The default is 2 hours (7200 seconds). +Set the maximum time a cache entry used for SSH keys is valid to + at var{n} seconds. After this time a cache entry will be expired even +if it has been accessed recently or has been set using + at command{gpg-preset-passphrase}. The default is 2 hours (7200 +seconds). @item --enforce-passphrase-constraints @opindex enforce-passphrase-constraints diff --git a/doc/tools.texi b/doc/tools.texi index 32ab1e4..030f269 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1060,10 +1060,11 @@ may not be used and the passphrases for the to be used keys are given at machine startup. Passphrases set with this utility don't expire unless the - at option{--forget} option is used to explicitly clear them from the cache ---- or @command{gpg-agent} is either restarted or reloaded (by sending a -SIGHUP to it). It is necessary to allow this passphrase presetting by -starting @command{gpg-agent} with the + at option{--forget} option is used to explicitly clear them from the +cache --- or @command{gpg-agent} is either restarted or reloaded (by +sending a SIGHUP to it). Nite that the maximum cache time as set with + at option{--max-cache-ttl} is still honored. It is necessary to allow +this passphrase presetting by starting @command{gpg-agent} with the @option{--allow-preset-passphrase}. @menu commit 6295b6675ebd3385c6d173690fdab6df6c31d3d8 Author: Werner Koch Date: Tue Jun 24 12:21:54 2014 +0200 doc: Improve the description of gpg's --export commands. -- GnuPG-bug-id: 1655 diff --git a/doc/gpg.texi b/doc/gpg.texi index 101f51e..9a6782a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -408,8 +408,8 @@ removed first. In batch mode the key must be specified by fingerprint. @opindex export Either export all keys from all keyrings (default keyrings and those registered via option @option{--keyring}), or if at least one name is given, -those of the given name. The new keyring is written to STDOUT or to the -file given with option @option{--output}. Use together with +those of the given name. The exported keys are written to STDOUT or to the +file given with option @option{--output}. Use together with @option{--armor} to mail those keys. @item --send-keys @code{key IDs} @@ -424,14 +424,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing. @itemx --export-secret-subkeys @opindex export-secret-keys @opindex export-secret-subkeys -Same as @option{--export}, but exports the secret keys instead. This is -normally not very useful and a security risk. The second form of the -command has the special property to render the secret part of the -primary key useless; this is a GNU extension to OpenPGP and other -implementations can not be expected to successfully import such a key. +Same as @option{--export}, but exports the secret keys instead. The +exported keys are written to STDOUT or to the file given with option + at option{--output}. This command is often used along with the option + at option{--armor} to allow easy printing of the key for paper backup; +however the external tool @command{paperkey} does a better job for +creating backups on paper. Note that exporting a secret key can be a +security risk if the exported keys are send over an insecure channel. + +The second form of the command has the special property to render the +secret part of the primary key useless; this is a GNU extension to +OpenPGP and other implementations can not be expected to successfully +import such a key. Its intended use is to generated a full key with +an additional signing subkey on a dedicated machine and then using +this command to export the key without the primary key to the main +machine. + + at ifset gpgtwoone +GnuPG may ask you to enter the passphrase for the key. This is +required because the internal protection method of the secret key is +different from the one specified by the OpenPGP protocol. + at end ifset @ifclear gpgtwoone -See the option @option{--simple-sk-checksum} if you want to import such -an exported key with an older OpenPGP implementation. +See the option @option{--simple-sk-checksum} if you want to import an +exported secret key into ancient OpenPGP implementations. @end ifclear @item --import commit dce1dad23dba1936e6b17bec548f4307e4f39cf1 Author: Werner Koch Date: Tue Jun 24 11:47:51 2014 +0200 Register DCO for Stefan Tomanek. -- diff --git a/AUTHORS b/AUTHORS index f64d17f..8358faf 100644 --- a/AUTHORS +++ b/AUTHORS @@ -171,6 +171,9 @@ Jonas Borgstr?m Kyle Butt 2013-05-29:CAAODAYLbCtqOG6msLLL0UTdASKWT6u2ptxsgUQ1JpusBESBoNQ at mail.gmail.com: +Stefan Tomanek +2014-01-30:20140129234449.GY30808 at zirkel.wertarbyte.de: + Werner Koch 2013-03-29:87620ahchj.fsf at vigenere.g10code.de: commit 2c8e00137a340d04f0836f75e138dd85f8c9eff7 Author: Werner Koch Date: Mon Jun 23 16:09:34 2014 +0200 doc: Add conditionals for GnuPG-1 diff --git a/doc/gpg.texi b/doc/gpg.texi index c8fae3a..101f51e 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2316,9 +2316,11 @@ available, but the MIT release is a good common baseline. This option implies @option{--rfc1991 --disable-mdc --no-force-v4-certs --escape-from-lines --force-v3-sigs ---allow-weak-digest-algos --cipher-algo IDEA --digest-algo -MD5--compress-algo ZIP}. It also disables @option{--textmode} when -encrypting. + at ifclear gpgone +--allow-weak-digest-algos + at end ifclear +--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. +It also disables @option{--textmode} when encrypting. @item --pgp6 @opindex pgp6 @@ -2774,12 +2776,13 @@ necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. + at ifclear gpgone @item --allow-weak-digest-algos @opindex allow-weak-digest-algos Signatures made with the broken MD5 algorithm are normally rejected with an ``invalid digest algorithm'' message. This option allows the verification of signatures made with such weak algorithms. - + at end ifclear @item --no-default-keyring @opindex no-default-keyring commit f4fcaa29367daacfe0ca209fa83dfa8640ace276 Author: Werner Koch Date: Fri Jun 20 14:54:01 2014 +0200 gpg: Make export of ECC keys work again. * agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead of the curve parameters. * g10/export.c (canon_pubkey_algo): Rename to ... (canon_pk_algo): this. Support ECC. (transfer_format_to_openpgp): Expect curve name. diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 7f4afd4..1b4c9d5 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -1142,6 +1142,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, const char *algoname; int npkey, nskey; gcry_mpi_t array[10]; + gcry_sexp_t curve = NULL; char protect_iv[16]; char salt[8]; unsigned long s2k_count; @@ -1200,13 +1201,26 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, } else if (!strcmp (name, "ecc")) { - /* FIXME: We need to use the curve parameter. */ + gcry_buffer_t iob; + char iobbuf[32]; + algoname = "ecc"; /* Decide later by checking the usage. */ - npkey = 6; - nskey = 7; - err = gcry_sexp_extract_param (list, NULL, "pabgnqd", - array+0, array+1, array+2, array+3, - array+4, array+5, array+6, NULL); + npkey = 1; + nskey = 2; + iob.data = iobbuf; + iob.size = sizeof iobbuf - 1; + iob.off = 0; + iob.len = 0; + err = gcry_sexp_extract_param (list, NULL, "&'curve'/qd", + &iob, array+0, array+1, NULL); + if (!err) + { + assert (iob.len < sizeof iobbuf -1); + iobbuf[iob.len] = 0; + err = gcry_sexp_build (&curve, NULL, "(curve %s)", iobbuf); + + gcry_log_debugsxp ("at 1", curve); + } } else if (!strcmp (name, "ecdsa")) { @@ -1231,9 +1245,12 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, err = gpg_error (GPG_ERR_PUBKEY_ALGO); } xfree (name); - gcry_sexp_release (list); + gcry_sexp_release (list); list = NULL; if (err) - return err; + { + gcry_sexp_release (curve); + return err; + } gcry_create_nonce (protect_iv, sizeof protect_iv); gcry_create_nonce (salt, sizeof salt); @@ -1282,9 +1299,10 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, "(openpgp-private-key\n" " (version 1:4)\n" " (algo %s)\n" - " %S\n" + " %S%S\n" " (protection sha1 aes %b 1:3 sha1 %b %s))\n", algoname, + curve, tmpkey, (int)sizeof protect_iv, protect_iv, (int)sizeof salt, salt, @@ -1297,6 +1315,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase, for (i=0; i < DIM (array); i++) gcry_mpi_release (array[i]); + gcry_sexp_release (curve); return err; } diff --git a/g10/export.c b/g10/export.c index 9aa012e..acf38a7 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1,6 +1,7 @@ /* export.c - Export keys in the OpenPGP defined format. * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, * 2005, 2010 Free Software Foundation, Inc. + * Copyright (C) 2014 Werner Koch * * This file is part of GnuPG. * @@ -338,8 +339,8 @@ exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node) /* Return a canonicalized public key algoithms. This is used to compare different flavors of algorithms (e.g. ELG and ELG_E are considered the same). */ -static int -canon_pubkey_algo (int algo) +static enum gcry_pk_algos +canon_pk_algo (enum gcry_pk_algos algo) { switch (algo) { @@ -348,6 +349,9 @@ canon_pubkey_algo (int algo) case GCRY_PK_RSA_S: return GCRY_PK_RSA; case GCRY_PK_ELG: case GCRY_PK_ELG_E: return GCRY_PK_ELG; + case GCRY_PK_ECC: + case GCRY_PK_ECDSA: + case GCRY_PK_ECDH: return GCRY_PK_ECC; default: return algo; } } @@ -362,12 +366,13 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) gpg_error_t err; gcry_sexp_t top_list; gcry_sexp_t list = NULL; + char *curve = NULL; const char *value; size_t valuelen; char *string; int idx; int is_v4, is_protected; - int pubkey_algo; + enum gcry_pk_algos pk_algo; int protect_algo = 0; char iv[16]; int ivlen = 0; @@ -375,11 +380,13 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) int s2k_algo = 0; byte s2k_salt[8]; u32 s2k_count = 0; + int is_ecdh = 0; size_t npkey, nskey; gcry_mpi_t skey[10]; /* We support up to 9 parameters. */ int skeyidx = 0; struct seckey_info *ski; + /* gcry_log_debugsxp ("transferkey", s_pgp); */ top_list = gcry_sexp_find_token (s_pgp, "openpgp-private-key", 0); if (!top_list) goto bad_seckey; @@ -445,6 +452,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) xfree (string); } + /* Parse the gcrypt PK algo and check that it is okay. */ gcry_sexp_release (list); list = gcry_sexp_find_token (top_list, "algo", 0); if (!list) @@ -452,15 +460,52 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) string = gcry_sexp_nth_string (list, 1); if (!string) goto bad_seckey; - pubkey_algo = gcry_pk_map_name (string); - xfree (string); - - if (gcry_pk_algo_info (pubkey_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey) - || gcry_pk_algo_info (pubkey_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey) + pk_algo = gcry_pk_map_name (string); + xfree (string); string = NULL; + if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey) + || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey) || !npkey || npkey >= nskey || nskey > PUBKEY_MAX_NSKEY) goto bad_seckey; - pubkey_algo = map_pk_gcry_to_openpgp (pubkey_algo); + /* Check that the pubkey algo matches the one from the public key. */ + switch (canon_pk_algo (pk_algo)) + { + case GCRY_PK_RSA: + if (!is_RSA (pk->pubkey_algo)) + pk_algo = 0; /* Does not match. */ + break; + case GCRY_PK_DSA: + if (!is_DSA (pk->pubkey_algo)) + pk_algo = 0; /* Does not match. */ + break; + case GCRY_PK_ELG: + if (!is_ELGAMAL (pk->pubkey_algo)) + pk_algo = 0; /* Does not match. */ + break; + case GCRY_PK_ECC: + if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA) + ; + else if (pk->pubkey_algo == PUBKEY_ALGO_ECDH) + is_ecdh = 1; + else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA) + ; + else + pk_algo = 0; /* Does not match. */ + /* For ECC we do not have the domain parameters thus fix our info. */ + npkey = 1; + nskey = 2; + break; + default: + pk_algo = 0; /* Oops. */ + break; + } + if (!pk_algo) + { + err = gpg_error (GPG_ERR_PUBKEY_ALGO); + goto leave; + } + + /* Parse the key parameters. */ gcry_sexp_release (list); list = gcry_sexp_find_token (top_list, "skey", 0); if (!list) @@ -509,7 +554,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) gcry_sexp_release (list); list = NULL; - /* We have no need for the CSUM valuel thus we don't parse it. */ + /* We have no need for the CSUM value thus we don't parse it. */ /* list = gcry_sexp_find_token (top_list, "csum", 0); */ /* if (list) */ /* { */ @@ -523,6 +568,14 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) /* desired_csum = 0; */ /* gcry_sexp_release (list); list = NULL; */ + /* Get the curve name if any, */ + list = gcry_sexp_find_token (top_list, "curve", 0); + if (list) + { + curve = gcry_sexp_nth_string (list, 1); + gcry_sexp_release (list); list = NULL; + } + gcry_sexp_release (top_list); top_list = NULL; /* log_debug ("XXX is_v4=%d\n", is_v4); */ @@ -559,57 +612,49 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) } /* We need to change the received parameters for ECC algorithms. - The transfer format has all parameters but OpenPGP defines that - only the OID of the curve is to be used. */ - if (pubkey_algo == PUBKEY_ALGO_ECDSA - || pubkey_algo == PUBKEY_ALGO_EDDSA - || pubkey_algo == PUBKEY_ALGO_ECDH) + The transfer format has the curve name and the parameters + separate. We put them all into the SKEY array. */ + if (canon_pk_algo (pk_algo) == GCRY_PK_ECC) { - gcry_sexp_t s_pubkey; - const char *curvename, *curveoidstr; - gcry_mpi_t mpi; - - /* We build an S-expression with the public key parameters and - ask Libgcrypt to return the matching curve name. */ - if (npkey != 6 || !skey[0] || !skey[1] || !skey[2] - || !skey[3] || !skey[4] || !skey[5] - || !skey[6] || skey[7]) + const char *oidstr; + + /* Assert that all required parameters are available. We also + check that the array does not contain more parameters than + needed (this was used by some beta versions of 2.1. */ + if (!curve || !skey[0] || !skey[1] || skey[2]) { err = gpg_error (GPG_ERR_INTERNAL); goto leave; } - err = gcry_sexp_build (&s_pubkey, NULL, - "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)))", - skey[0], skey[1], skey[2], skey[3], skey[4]); - if (err) - goto leave; - curvename = gcry_pk_get_curve (s_pubkey, 0, NULL); - gcry_sexp_release (s_pubkey); - curveoidstr = openpgp_curve_to_oid (curvename, NULL); - if (!curveoidstr) + + oidstr = openpgp_curve_to_oid (curve, NULL); + if (!oidstr) { - log_error ("no OID known for curve '%s'\n", curvename); - err = gpg_error (GPG_ERR_UNKNOWN_NAME); + log_error ("no OID known for curve '%s'\n", curve); + err = gpg_error (GPG_ERR_UNKNOWN_CURVE); goto leave; } - err = openpgp_oid_from_str (curveoidstr, &mpi); + /* Put the curve's OID into into the MPI array. This requires + that we shift Q and D. For ECDH also insert the KDF parms. */ + if (is_ecdh) + { + skey[4] = NULL; + skey[3] = skey[1]; + skey[2] = gcry_mpi_copy (pk->pkey[2]); + } + else + { + skey[3] = NULL; + skey[2] = skey[1]; + } + skey[1] = skey[0]; + skey[0] = NULL; + err = openpgp_oid_from_str (oidstr, skey + 0); if (err) goto leave; - - /* Now replace the curve parameters by the OID and shift the - rest of the parameters. */ - gcry_mpi_release (skey[0]); - skey[0] = mpi; - for (idx=1; idx <= 4; idx++) - gcry_mpi_release (skey[idx]); - skey[1] = skey[5]; - skey[2] = skey[6]; - for (idx=3; idx <= 6; idx++) - skey[idx] = NULL; - /* Fixup the NPKEY and NSKEY to match OpenPGP reality. */ - npkey = 2; - nskey = 3; + npkey = 2 + is_ecdh; + nskey = 3 + is_ecdh; /* for (idx=0; skey[idx]; idx++) */ /* { */ @@ -634,11 +679,6 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) err = gpg_error (GPG_ERR_INV_DATA); goto leave; } - if (canon_pubkey_algo (pubkey_algo) != canon_pubkey_algo (pk->pubkey_algo)) - { - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - goto leave; - } err = openpgp_cipher_test_algo (protect_algo); if (err) goto leave; @@ -695,6 +735,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) /* That's it. */ leave: + gcry_free (curve); gcry_sexp_release (list); gcry_sexp_release (top_list); for (idx=0; idx < skeyidx; idx++) commit d6ca407a27877174c10adfae9dc601bea996cf27 Author: Werner Koch Date: Fri Jun 20 10:39:26 2014 +0200 gpg: Avoid infinite loop in uncompressing garbled packets. * g10/compress.c (do_uncompress): Limit the number of extra FF bytes. -- A packet like (a3 01 5b ff) leads to an infinite loop. Using --max-output won't help if it is a partial packet. This patch actually fixes a regression introduced on 1999-05-31 (c34c6769). Actually it would be sufficient to stuff just one extra 0xff byte. Given that this problem popped up only after 15 years, I feel safer to allow for a very few FF bytes. Thanks to Olivier Levillain and Florian Maury for their detailed report. diff --git a/g10/compress.c b/g10/compress.c index 6e412e9..0a6e09d 100644 --- a/g10/compress.c +++ b/g10/compress.c @@ -164,7 +164,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs, IOBUF a, size_t *ret_len ) { int zrc; - int rc=0; + int rc = 0; + int leave = 0; size_t n; int nread, count; int refill = !zs->avail_in; @@ -182,13 +183,14 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs, nread = iobuf_read( a, zfx->inbuf + n, count ); if( nread == -1 ) nread = 0; n += nread; - /* If we use the undocumented feature to suppress - * the zlib header, we have to give inflate an - * extra dummy byte to read */ - if( nread < count && zfx->algo == 1 ) { - *(zfx->inbuf + n) = 0xFF; /* is it really needed ? */ - zfx->algo1hack = 1; + /* Algo 1 has no zlib header which requires us to to give + * inflate an extra dummy byte to read. To be on the safe + * side we allow for up to 4 ff bytes. */ + if( nread < count && zfx->algo == 1 && zfx->algo1hack < 4) { + *(zfx->inbuf + n) = 0xFF; + zfx->algo1hack++; n++; + leave = 1; } zs->avail_in = n; } @@ -208,7 +210,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs, else log_fatal("zlib inflate problem: rc=%d\n", zrc ); } - } while( zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR ); + } while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR + && !leave); *ret_len = zfx->outbufsize - zs->avail_out; if( DBG_FILTER ) ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 + agent/cvt-openpgp.c | 37 ++++++++++--- doc/gpg-agent.texi | 11 ++-- doc/gpg.texi | 45 ++++++++++----- doc/tools.texi | 9 +-- g10/compress.c | 19 ++++--- g10/export.c | 151 ++++++++++++++++++++++++++++++++------------------- 7 files changed, 182 insertions(+), 93 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jun 24 15:40:57 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Jun 2014 15:40:57 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23-19-g6aa0464 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 6aa0464db9785a5f9d63b3ff826500b4e2dd7c0e (commit) via 41dcd32218b9baf0c417090e6968dd2d250e751b (commit) via 3b90ddde251b94a9d55e43d96fe4ccf340aa8620 (commit) via 1242a72923db810f7e5fd36269c72b14cb19f60f (commit) via 017c6f8fba9ae141a46084d6961ba60c4230f97a (commit) via 8e39fe810d951c2fef4c22246440a5944a89a18c (commit) via fb274a3cf3295dbd509494338bd6a16c8069176a (commit) via a37f63d7b86b467df82ac77cfa5a75bfb1c77b7c (commit) via aacb43a730a6f52c1ac91131afed73ae6ef25416 (commit) via 2daa112a7404bcbedcda9b84c5ebbe33fd7fabd8 (commit) via 76b0b076d0dfc1c0b011b9fd458a5158c189ebb4 (commit) via 9607bc0b9fce1f7853eee6591b44e35deed4a66c (commit) via 5e933008beffbeae7255ece02383606481f9c169 (commit) via e790671cb3a35f3042558224e915b6f74ebc2251 (commit) from ceef5568d53b286efe639c6fd1d37f154be133ef (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6aa0464db9785a5f9d63b3ff826500b4e2dd7c0e Author: Werner Koch Date: Tue Jun 24 15:43:46 2014 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 5e2de7f..3800c35 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Noteworthy changes in version 2.0.25 (unreleased) +------------------------------------------------- + Noteworthy changes in version 2.0.24 (2014-06-24) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index 4ea6606..2c92c31 100644 --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,7 @@ min_automake_version="1.10" # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [2.0.24]) +m4_define([mym4_version], [2.0.25]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a diff --git a/doc/Makefile.am b/doc/Makefile.am index a1ca4ba..376a8f3 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -140,8 +140,8 @@ online: gnupg.html gnupg.pdf if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \ dashdevel="-devel" ; \ else \ - rsync -v gnupg.pdf $${user}@{webhost}:webspace/manuals/ ; \ + rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/ ; \ fi ; \ cd gnupg.html ; \ - rsync -vr --exclude='.svn' . \ - $${user}@{webhost}:webspace/manuals/gnupg$${dashdevel}/ + rsync -vr --exclude='.git' . \ + $${user}@$${webhost}:webspace/manuals/gnupg$${dashdevel}/ commit 41dcd32218b9baf0c417090e6968dd2d250e751b Author: Werner Koch Date: Tue Jun 24 15:11:12 2014 +0200 Release 2.0.24 diff --git a/NEWS b/NEWS index aed90e6..5e2de7f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,20 @@ -Noteworthy changes in version 2.0.24 (unreleased) +Noteworthy changes in version 2.0.24 (2014-06-24) ------------------------------------------------- + * gpg: Avoid DoS due to garbled compressed data packets. + + * gpg: Screen keyserver responses to avoid importing unwanted keys + from rogue servers. + + * gpg: The validity of user ids is now shown by default. To revert + this add "list-options no-show-uid-validity" to gpg.conf. + + * gpg: Print more specific reason codes with the INV_RECP status. + + * gpg: Allow loading of a cert only key to an OpenPGP card. + + * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6. + Noteworthy changes in version 2.0.23 (2014-06-03) ------------------------------------------------- diff --git a/doc/gpg.texi b/doc/gpg.texi index 9a6782a..d66259e 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2330,12 +2330,17 @@ a message that PGP 2.x will not be able to handle. Note that `PGP 2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x available, but the MIT release is a good common baseline. -This option implies @option{--rfc1991 --disable-mdc ---no-force-v4-certs --escape-from-lines --force-v3-sigs +This option implies + at ifset gpgone + at option{--rfc1991 --disable-mdc --no-force-v4-certs +--escape-from-lines --force-v3-sigs +--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. + at end ifset @ifclear gpgone ---allow-weak-digest-algos - at end ifclear + at option{--rfc1991 --disable-mdc --no-force-v4-certs +--escape-from-lines --force-v3-sigs --allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. + at end ifclear It also disables @option{--textmode} when encrypting. @item --pgp6 commit 3b90ddde251b94a9d55e43d96fe4ccf340aa8620 Author: Werner Koch Date: Tue Jun 24 15:10:54 2014 +0200 po: Auto-update -- diff --git a/po/be.po b/po/be.po index b6b973c..2a110d4 100644 --- a/po/be.po +++ b/po/be.po @@ -2281,6 +2281,13 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "???????????????? ?????????? ???????????? ?? ID ????????????????????????????" +#, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "?????????????????? ???????? ???? ??????????????????" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "" @@ -2376,6 +2383,10 @@ msgstr "???????????????? ?????????? ???????????? ?? ????????????????" msgid "key %s: \"%s\" not changed\n" msgstr "" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "?????????????????? ???????? ???? ??????????????????" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "???????????????? ???????? ????????????????????" diff --git a/po/ca.po b/po/ca.po index 06fb419..73306c7 100644 --- a/po/ca.po +++ b/po/ca.po @@ -2445,6 +2445,13 @@ msgid "key %s: no user ID\n" msgstr "clau %08lX: sense ID\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "es descarta ??%s??: %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "clau %08lX: corrupci?? de la subclau HKP reparada\n" @@ -2539,6 +2546,10 @@ msgstr "clau %08lX: ??%s?? %d ID d'usuari nous\n" msgid "key %s: \"%s\" not changed\n" msgstr "clau %08lX: ??%s?? no ha estat modificada\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "no s'ha trobat la clau secreta ??%s??: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "s'est?? escrivint la clau secreta a ??%s??\n" diff --git a/po/cs.po b/po/cs.po index bdda65d..5e06ac7 100644 --- a/po/cs.po +++ b/po/cs.po @@ -2295,6 +2295,14 @@ msgstr "nelze aktualizovat p??edvolby s: gpg --edit-key %s updpref save\n" msgid "key %s: no user ID\n" msgstr "kl???? %s: chyb?? identifik??tor u??ivatele\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "p??esko??en ???%s???: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "kl???? %s: PKS po??kozen?? podkl????e opraveno\n" @@ -2392,6 +2400,11 @@ msgstr "kl???? %s: ???%s??? %d ID u??ivatele odstran??no\n" msgid "key %s: \"%s\" not changed\n" msgstr "kl???? %s: ???%s??? beze zm??n\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "tajn?? kl???? ???%s??? nenalezen: %s\n" + msgid "importing secret keys not allowed\n" msgstr "import tajn??ch kl?????? nen?? povolen\n" diff --git a/po/da.po b/po/da.po index add5085..cb70c36 100644 --- a/po/da.po +++ b/po/da.po @@ -2270,6 +2270,14 @@ msgstr "du kan opdatere dine pr??ferencer med: gpg --edit-key %s updpref save\n" msgid "key %s: no user ID\n" msgstr "n??gle %s: ingen bruger-id\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "udelod ??%s??: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "n??gle %s: korruption af PKS-undern??gle er repareret!\n" @@ -2365,6 +2373,11 @@ msgstr "n??gle %s: ??%s?? %d bruger-id'er renset\n" msgid "key %s: \"%s\" not changed\n" msgstr "n??gle %s: ??%s?? ikke ??ndret\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "hemmelig n??gle ??%s?? blev ikke fundet: %s\n" + msgid "importing secret keys not allowed\n" msgstr "import af hemmelige n??gler er ikke tilladt\n" diff --git a/po/el.po b/po/el.po index 5a599ef..54ccde4 100644 --- a/po/el.po +++ b/po/el.po @@ -2380,6 +2380,13 @@ msgid "key %s: no user ID\n" msgstr "?????? %08lX: ??? ??????? ???? ?? user ID\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "???????????? `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "?????? %08lX: ??????????? ????????? ??????????? HKP\n" @@ -2474,6 +2481,10 @@ msgstr " msgid "key %s: \"%s\" not changed\n" msgstr "?????? %08lX: \"%s\" ??????????\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "?? ??????? ?????? `%s' ?? ???????: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "??????? ??? ???????? ???????? ??? `%s'\n" diff --git a/po/eo.po b/po/eo.po index 9ef9625..639c60a 100644 --- a/po/eo.po +++ b/po/eo.po @@ -2363,6 +2363,13 @@ msgid "key %s: no user ID\n" msgstr "?losilo %08lX: mankas uzantidentigilo\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "ignoris '%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "?losilo %08lX: mankas sub?losilo por ?losilbindado\n" @@ -2457,6 +2464,10 @@ msgstr " msgid "key %s: \"%s\" not changed\n" msgstr "?losilo %08lX: ne ?an?ita\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "?losilo '%s' ne trovita: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "skribas sekretan ?losilon al '%s'\n" diff --git a/po/es.po b/po/es.po index 4457467..e45399a 100644 --- a/po/es.po +++ b/po/es.po @@ -2312,6 +2312,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "clave %s: sin identificador de usuario\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "omitido \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "clave %s: reparada la subclave PKS corrompida\n" @@ -2407,6 +2415,11 @@ msgstr "clave %s: \"%s\" %d identificadores de usuario limpiados\n" msgid "key %s: \"%s\" not changed\n" msgstr "clave %s: \"%s\" sin cambios\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "clave secreta \"%s\" no encontrada: %s\n" + msgid "importing secret keys not allowed\n" msgstr "no se permite importar claves secretas\n" diff --git a/po/et.po b/po/et.po index 9613faf..2cb42a1 100644 --- a/po/et.po +++ b/po/et.po @@ -2358,6 +2358,13 @@ msgid "key %s: no user ID\n" msgstr "v?ti %08lX: kasutaja ID puudub\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "`%s' j?tsin vahele: %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "v?ti %08lX: HKP alamv?tme rike parandatud\n" @@ -2453,6 +2460,10 @@ msgstr "v msgid "key %s: \"%s\" not changed\n" msgstr "v?ti %08lX: \"%s\" ei muudetud\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "salajast v?tit `%s' ei leitud: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "kirjutan salajase v?tme faili `%s'\n" diff --git a/po/fi.po b/po/fi.po index 19fe78c..39d22a7 100644 --- a/po/fi.po +++ b/po/fi.po @@ -2379,6 +2379,13 @@ msgid "key %s: no user ID\n" msgstr "avain %08lX: ei k??ytt??j??tunnusta\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "ohitetaan \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "avain %08lX: HKP-aliavainvirhe korjattu\n" @@ -2474,6 +2481,10 @@ msgstr "avain %08lX: \"%s\" %d uutta k??ytt??j??tunnusta\n" msgid "key %s: \"%s\" not changed\n" msgstr "avain %08lX: \"%s\" ei muutoksia\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "salaista avainta \"%s\" ei l??ydy: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n" diff --git a/po/fr.po b/po/fr.po index dd6c7bd..303d677 100644 --- a/po/fr.po +++ b/po/fr.po @@ -2333,6 +2333,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "clef %s??: pas d'identit??\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "????%s???? a ??t?? ignor??e??: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "clef %s??: corruption de sous-clef PKS r??par??e\n" @@ -2428,6 +2436,11 @@ msgstr "clef %s??: ????%s???? %d??identit??s nettoy??es\n" msgid "key %s: \"%s\" not changed\n" msgstr "clef %s??: ????%s???? n'est pas modifi??e\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "clef secr??te ????%s???? introuvable??: %s\n" + msgid "importing secret keys not allowed\n" msgstr "impossible d'importer des clefs secr??tes\n" diff --git a/po/gl.po b/po/gl.po index 0df3729..d6c493b 100644 --- a/po/gl.po +++ b/po/gl.po @@ -2373,6 +2373,13 @@ msgid "key %s: no user ID\n" msgstr "chave %08lX: non hai ID de usuario\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "om?tese `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "chave %08lX: arranxouse a corrupci?n da sub-chave HKP\n" @@ -2471,6 +2478,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n" msgid "key %s: \"%s\" not changed\n" msgstr "chave %08lX: \"%s\" sen cambios\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "non se atopou a chave secreta `%s': %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "gravando a chave secreta en `%s'\n" diff --git a/po/hu.po b/po/hu.po index 63ae157..af03be2 100644 --- a/po/hu.po +++ b/po/hu.po @@ -2356,6 +2356,13 @@ msgid "key %s: no user ID\n" msgstr "%08lX kulcs: Nincs felhaszn?l?i azonos?t?.\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "Kihagytam \"%s\"-t: %s.\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "%08lX kulcs: HKP alkulcss?r?l?s kijav?tva.\n" @@ -2450,6 +2457,10 @@ msgstr "%08lX kulcs: \"%s\" %d msgid "key %s: \"%s\" not changed\n" msgstr "%08lX kulcs: \"%s\" nem v?ltozott.\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "\"%s\" titkos kulcs nem tal?lhat?: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "?rom a titkos kulcsot a %s ?llom?nyba.\n" diff --git a/po/id.po b/po/id.po index 5aadeeb..b499b8c 100644 --- a/po/id.po +++ b/po/id.po @@ -2369,6 +2369,13 @@ msgid "key %s: no user ID\n" msgstr "kunci %08lX: tidak ada ID user\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "melewati `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "kunci %08lX: subkey HKP yang rusak diperbaiki\n" @@ -2463,6 +2470,10 @@ msgstr "kunci %08lX: \"%s\" %d user ID baru\n" msgid "key %s: \"%s\" not changed\n" msgstr "kunci %08lX: \"%s\" tidak berubah\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "kunci rahasia `%s' tidak ditemukan: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "menulis kunci rahasia ke `%s'\n" diff --git a/po/it.po b/po/it.po index 8014132..a89e1c3 100644 --- a/po/it.po +++ b/po/it.po @@ -2370,6 +2370,13 @@ msgid "key %s: no user ID\n" msgstr "chiave %08lX: nessun user ID\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "saltata `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "chiave %08lX: riparati i danni di HKP alla subchiave\n" @@ -2464,6 +2471,10 @@ msgstr "chiave %08lX: \"%s\" %d nuovi user ID\n" msgid "key %s: \"%s\" not changed\n" msgstr "chiave %08lX: \"%s\" non cambiata\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "chiave segreta `%s' non trovata: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "scrittura della chiave segreta in `%s'\n" diff --git a/po/ja.po b/po/ja.po index c479e89..24123fd 100644 --- a/po/ja.po +++ b/po/ja.po @@ -2234,6 +2234,14 @@ msgstr "?????????????????????????????????????????????: gpg --edit-key %s updpref msgid "key %s: no user ID\n" msgstr "???%s: ?????????ID??????????????????\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "\"%s\"???????????????????????????: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "???%s: PKS????????????????????????\n" @@ -2329,6 +2337,11 @@ msgstr "???%s: \"%s\" %d???????????????ID???????????????????????????\n" msgid "key %s: \"%s\" not changed\n" msgstr "???%s:\"%s\"????????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "?????????\"%s\"????????????????????????: %s\n" + msgid "importing secret keys not allowed\n" msgstr "??????????????????????????????????????????\n" diff --git a/po/nb.po b/po/nb.po index 8938541..56814fa 100644 --- a/po/nb.po +++ b/po/nb.po @@ -2302,6 +2302,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "n?kkel %s: ingen brukerid\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "hoppet over ?%s?: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "n?kkel %s: PKS-undern?kkel reparert\n" @@ -2397,6 +2405,11 @@ msgstr "n msgid "key %s: \"%s\" not changed\n" msgstr "n?kkel %s: ?%s? ikke endret\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "hemmelig n?kkel ?%s? ble ikke funnet: %s\n" + msgid "importing secret keys not allowed\n" msgstr "import av hemmelig n?kkel er ikke tillatt\n" diff --git a/po/pl.po b/po/pl.po index c38f573..0cd137d 100644 --- a/po/pl.po +++ b/po/pl.po @@ -2278,6 +2278,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "klucz %s: brak identyfikatora u?ytkownika\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "pomini?ty ,,%s'': %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "klucz %s: podklucz uszkodzony przez serwer zosta? naprawiony\n" @@ -2373,6 +2381,11 @@ msgstr "klucz %s: ,,%s'' %d identyfikator msgid "key %s: \"%s\" not changed\n" msgstr "klucz %s: ,,%s'' bez zmian\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "klucz prywatny ,,%s'' nie zosta? odnaleziony: %s\n" + msgid "importing secret keys not allowed\n" msgstr "wczytywanie kluczy tajnych nie jest dozwolone\n" diff --git a/po/pt.po b/po/pt.po index 54651b3..875f9f0 100644 --- a/po/pt.po +++ b/po/pt.po @@ -2365,6 +2365,13 @@ msgid "key %s: no user ID\n" msgstr "chave %08lX: sem ID de utilizador\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "ignorado `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "chave %08lX: subchave HKP corrompida foi reparada\n" @@ -2459,6 +2466,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n" msgid "key %s: \"%s\" not changed\n" msgstr "chave %08lX: \"%s\" n?o modificada\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "chave `%s' n?o encontrada: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "a escrever chave privada para `%s'\n" diff --git a/po/pt_BR.po b/po/pt_BR.po index f4f1b85..27812d9 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -2390,6 +2390,13 @@ msgid "key %s: no user ID\n" msgstr "chave %08lX: sem ID de usu?rio\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "ignorado `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "chave %08lX: sem subchave para liga??o de chaves\n" @@ -2484,6 +2491,10 @@ msgstr "chave %08lX: %d novos IDs de usu msgid "key %s: \"%s\" not changed\n" msgstr "chave %08lX: n?o modificada\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "usu?rio `%s' n?o encontrado: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "escrevendo certificado privado para `%s'\n" diff --git a/po/ro.po b/po/ro.po index 8128c50..92353e4 100644 --- a/po/ro.po +++ b/po/ro.po @@ -2355,6 +2355,14 @@ msgstr "v msgid "key %s: no user ID\n" msgstr "cheia %s: nici un ID utilizator\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "s?rit? \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "cheia %s: subcheia HPK corupt? a fost reparat?\n" @@ -2450,6 +2458,11 @@ msgstr "cheia %s: \"%s\" %d noi ID-uri utilizator\n" msgid "key %s: \"%s\" not changed\n" msgstr "cheia %s: \"%s\" nu a fost schimbat?\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "cheia secret? \"%s\" nu a fost g?sit?: %s\n" + msgid "importing secret keys not allowed\n" msgstr "importul de chei secrete nu este permis\n" diff --git a/po/ru.po b/po/ru.po index 5e4de97..6ccd36e 100644 --- a/po/ru.po +++ b/po/ru.po @@ -2283,6 +2283,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "???????? %s: ???? ?????????? User ID\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "?????????????????? \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "???????? %s: PKS ?????????????????????? ???????????????? ????????????????????\n" @@ -2378,6 +2386,11 @@ msgstr "???????? %s: \"%s\" %d ?????????????????? User ID\n" msgid "key %s: \"%s\" not changed\n" msgstr "???????? %s: \"%s\" ???? ??????????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "?????????????????? ???????? \"%s\" ???? ????????????: %s\n" + msgid "importing secret keys not allowed\n" msgstr "???????????????????????????? ???????????????????? ?????????? ???? ??????????????????\n" diff --git a/po/sk.po b/po/sk.po index d897bbb..e813126 100644 --- a/po/sk.po +++ b/po/sk.po @@ -2375,6 +2375,13 @@ msgid "key %s: no user ID\n" msgstr "k??? %08lX: chyba identifik?tor u??vate?a\n" #, fuzzy, c-format +msgid "key %s: %s\n" +msgstr "presko?en? `%s': %s\n" + +msgid "rejected by import filter" +msgstr "" + +#, fuzzy, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "k??? %08lX: HKP po?kodenie podk???a opraven?\n" @@ -2471,6 +2478,10 @@ msgstr "k msgid "key %s: \"%s\" not changed\n" msgstr "k??? %08lX: \"%s\" bez zmeny\n" +#, fuzzy, c-format +msgid "secret key %s: %s\n" +msgstr "tajn? k??? `%s' nebol n?jden?: %s\n" + #, fuzzy msgid "importing secret keys not allowed\n" msgstr "zapisujem tajn? k??? do `%s'\n" diff --git a/po/sv.po b/po/sv.po index 2eef3fc..b896570 100644 --- a/po/sv.po +++ b/po/sv.po @@ -2335,6 +2335,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "nyckel %s: ingen anv??ndaridentitet\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "hoppade ??ver \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + # Undernyckeln ??r skadad p?? HKP-servern. Vanligt fel vid m??nga undernycklar. #, c-format msgid "key %s: PKS subkey corruption repaired\n" @@ -2433,6 +2441,11 @@ msgstr "nyckel %s: \"%s\" %d anv??ndaridentiteter rensade\n" msgid "key %s: \"%s\" not changed\n" msgstr "nyckel %s: \"%s\" inte ??ndrad\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n" + msgid "importing secret keys not allowed\n" msgstr "import av hemliga nycklar till??ts inte\n" diff --git a/po/tr.po b/po/tr.po index b94fb4c..f6bfb37 100644 --- a/po/tr.po +++ b/po/tr.po @@ -2282,6 +2282,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "anahtar %s: kullan??c?? kimli??i yok\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "\"%s\" atland??: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "anahtar %s: PKS yard??mc?? anahtar bozulmas?? giderildi\n" @@ -2377,6 +2385,11 @@ msgstr "anahtar %s: \"%s\" %d kullan??c?? kimli??i temizlendi\n" msgid "key %s: \"%s\" not changed\n" msgstr "anahtar %s: \"%s\" de??i??medi\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "gizli anahtar \"%s\" yok: %s\n" + msgid "importing secret keys not allowed\n" msgstr "gizli anahtar?? al??m??na izin verilmez\n" diff --git a/po/uk.po b/po/uk.po index 1ac4679..bd50c6d 100644 --- a/po/uk.po +++ b/po/uk.po @@ -2322,6 +2322,14 @@ msgstr "" msgid "key %s: no user ID\n" msgstr "???????? %s: ?????????? ?????????????????????????? ??????????????????????\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "?????????????????? ??%s??: %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "???????? %s: ???????????????????? ?????????????????????? ?????????????? PKS\n" @@ -2417,6 +2425,11 @@ msgstr "???????? %s: ??%s?? ???????????????????? %d ???????????????????????????? msgid "key %s: \"%s\" not changed\n" msgstr "???????? %s: ??%s?? ???? ??????????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "???????????????? ???????? ??%s?? ???? ????????????????: %s\n" + msgid "importing secret keys not allowed\n" msgstr "???????????????????????? ???????????????? ???????????? ????????????????????\n" diff --git a/po/zh_CN.po b/po/zh_CN.po index 9824489..4615cf4 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -2293,6 +2293,14 @@ msgstr "???????????????????????????????????????gpg --edit-key %s updpref save\n" msgid "key %s: no user ID\n" msgstr "?????? %s?????????????????????\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "???%s???????????????%s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "?????? %s???PKS ?????????????????????\n" @@ -2388,6 +2396,11 @@ msgstr "?????? %s??????%s???%d ????????????????????????\n" msgid "key %s: \"%s\" not changed\n" msgstr "?????? %s??????%s????????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "??????????????????%s??????%s\n" + msgid "importing secret keys not allowed\n" msgstr "?????????????????????\n" diff --git a/po/zh_TW.po b/po/zh_TW.po index 611cf45..e1f58b3 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -2213,6 +2213,14 @@ msgstr "???????????????????????????????????????: gpg --edit-key %s updpref save\ msgid "key %s: no user ID\n" msgstr "?????? %s: ??????????????? ID\n" +#, fuzzy, c-format +#| msgid "skipped \"%s\": %s\n" +msgid "key %s: %s\n" +msgstr "????????? \"%s\": %s\n" + +msgid "rejected by import filter" +msgstr "" + #, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "?????? %s: PKS ???????????????????????????\n" @@ -2308,6 +2316,11 @@ msgstr "?????? %s: \"%s\" ????????? %d ???????????? ID\n" msgid "key %s: \"%s\" not changed\n" msgstr "?????? %s: \"%s\" ?????????\n" +#, fuzzy, c-format +#| msgid "secret key \"%s\" not found: %s\n" +msgid "secret key %s: %s\n" +msgstr "??????????????? \"%s\": %s\n" + msgid "importing secret keys not allowed\n" msgstr "?????????????????????\n" commit 1242a72923db810f7e5fd36269c72b14cb19f60f Author: Kristian Fiskerstrand Date: Thu Jun 12 16:12:28 2014 +0200 gpg: Fix a couple of spelling errors diff --git a/g10/call-agent.c b/g10/call-agent.c index 71bee61..5669e04 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -163,12 +163,12 @@ check_hijacking (assuan_context_t ctx) string = get_membuf (&mb, NULL); if (!string || !*string) { - /* Definitley hijacked - show a warning prompt. */ + /* Definitely hijacked - show a warning prompt. */ static int shown; const char warn1[] = "The GNOME keyring manager hijacked the GnuPG agent."; const char warn2[] = - "GnuPG will not work proberly - please configure that " + "GnuPG will not work properly - please configure that " "tool to not interfere with the GnuPG system!"; log_info ("WARNING: %s\n", warn1); log_info ("WARNING: %s\n", warn2); commit 017c6f8fba9ae141a46084d6961ba60c4230f97a Author: Werner Koch Date: Tue Jun 24 13:54:30 2014 +0200 doc: Update from master. -- diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index bfb1d93..c3dfd82 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -372,13 +372,16 @@ seconds. The default is 1800 seconds. @opindex max-cache-ttl Set the maximum time a cache entry is valid to @var{n} seconds. After this time a cache entry will be expired even if it has been accessed -recently. The default is 2 hours (7200 seconds). +recently or has been set using @command{gpg-preset-passphrase}. The +default is 2 hours (7200 seconds). @item --max-cache-ttl-ssh @var{n} @opindex max-cache-ttl-ssh -Set the maximum time a cache entry used for SSH keys is valid to @var{n} -seconds. After this time a cache entry will be expired even if it has -been accessed recently. The default is 2 hours (7200 seconds). +Set the maximum time a cache entry used for SSH keys is valid to + at var{n} seconds. After this time a cache entry will be expired even +if it has been accessed recently or has been set using + at command{gpg-preset-passphrase}. The default is 2 hours (7200 +seconds). @item --enforce-passphrase-constraints @opindex enforce-passphrase-constraints diff --git a/doc/gpg.texi b/doc/gpg.texi index a263690..9a6782a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -408,8 +408,8 @@ removed first. In batch mode the key must be specified by fingerprint. @opindex export Either export all keys from all keyrings (default keyrings and those registered via option @option{--keyring}), or if at least one name is given, -those of the given name. The new keyring is written to STDOUT or to the -file given with option @option{--output}. Use together with +those of the given name. The exported keys are written to STDOUT or to the +file given with option @option{--output}. Use together with @option{--armor} to mail those keys. @item --send-keys @code{key IDs} @@ -424,14 +424,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing. @itemx --export-secret-subkeys @opindex export-secret-keys @opindex export-secret-subkeys -Same as @option{--export}, but exports the secret keys instead. This is -normally not very useful and a security risk. The second form of the -command has the special property to render the secret part of the -primary key useless; this is a GNU extension to OpenPGP and other -implementations can not be expected to successfully import such a key. +Same as @option{--export}, but exports the secret keys instead. The +exported keys are written to STDOUT or to the file given with option + at option{--output}. This command is often used along with the option + at option{--armor} to allow easy printing of the key for paper backup; +however the external tool @command{paperkey} does a better job for +creating backups on paper. Note that exporting a secret key can be a +security risk if the exported keys are send over an insecure channel. + +The second form of the command has the special property to render the +secret part of the primary key useless; this is a GNU extension to +OpenPGP and other implementations can not be expected to successfully +import such a key. Its intended use is to generated a full key with +an additional signing subkey on a dedicated machine and then using +this command to export the key without the primary key to the main +machine. + + at ifset gpgtwoone +GnuPG may ask you to enter the passphrase for the key. This is +required because the internal protection method of the secret key is +different from the one specified by the OpenPGP protocol. + at end ifset @ifclear gpgtwoone -See the option @option{--simple-sk-checksum} if you want to import such -an exported key with an older OpenPGP implementation. +See the option @option{--simple-sk-checksum} if you want to import an +exported secret key into ancient OpenPGP implementations. @end ifclear @item --import @@ -2127,6 +2143,12 @@ of the output and may be used together with another command. @item --with-keygrip @opindex with-keygrip Include the keygrip in the key listings. + + at item --with-secret + at opindex with-secret +Include info about the presence of a secret key in public key listings +done with @code{--with-colons}. + @end ifset @end table @@ -2310,9 +2332,11 @@ available, but the MIT release is a good common baseline. This option implies @option{--rfc1991 --disable-mdc --no-force-v4-certs --escape-from-lines --force-v3-sigs ---allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5 ---compress-algo ZIP}. It also disables @option{--textmode} when -encrypting. + at ifclear gpgone +--allow-weak-digest-algos + at end ifclear +--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. +It also disables @option{--textmode} when encrypting. @item --pgp6 @opindex pgp6 @@ -2768,12 +2792,13 @@ necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. + at ifclear gpgone @item --allow-weak-digest-algos @opindex allow-weak-digest-algos Signatures made with the broken MD5 algorithm are normally rejected with an ``invalid digest algorithm'' message. This option allows the verification of signatures made with such weak algorithms. - + at end ifclear @item --no-default-keyring @opindex no-default-keyring @@ -3036,18 +3061,33 @@ files; They all live in in the current home directory (@pxref{option @table @file - @item ~/.gnupg/secring.gpg - The secret keyring. You should backup this file. - - @item ~/.gnupg/secring.gpg.lock - The lock file for the secret keyring. - @item ~/.gnupg/pubring.gpg The public keyring. You should backup this file. @item ~/.gnupg/pubring.gpg.lock The lock file for the public keyring. + at ifset gpgtwoone + @item ~/.gnupg/pubring.kbx + The public keyring using a different format. This file is sharred + with @command{gpgsm}. You should backup this file. + + @item ~/.gnupg/pubring.kbx.lock + The lock file for @file{pubring.kbx}. + at end ifset + + @item ~/.gnupg/secring.gpg + at ifclear gpgtwoone + The secret keyring. You should backup this file. + at end ifclear + at ifset gpgtwoone + A secret keyring as used by GnuPG versions before 2.1. It is not + used by GnuPG 2.1 and later. + + @item ~/.gnupg/.gpg-v21-migrated + File indicating that a migration to GnuPG 2.1 has taken place. + at end ifset + @item ~/.gnupg/trustdb.gpg The trust database. There is no need to backup this file; it is better to backup the ownertrust values (@pxref{option --export-ownertrust}). @@ -3058,6 +3098,9 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/random_seed A file used to preserve the state of the internal random pool. + @item ~/.gnupg/secring.gpg.lock + The lock file for the secret keyring. + @item /usr[/local]/share/gnupg/options.skel The skeleton options file. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 3d2594f..078d2ad 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -259,13 +259,26 @@ certificate are only exported if all @var{pattern} are given as fingerprints or keygrips. @item --export-secret-key-p12 @var{key-id} - at opindex export + at opindex export-secret-key-p12 Export the private key and the certificate identified by @var{key-id} in -a PKCS#12 format. When using along with the @code{--armor} option a few +a PKCS#12 format. When used with the @code{--armor} option a few informational lines are prepended to the output. Note, that the PKCS#12 format is not very secure and this command is only provided if there is no other way to exchange the private key. (@pxref{option --p12-charset}) + at ifset gpgtwoone + at item --export-secret-key-p8 @var{key-id} + at itemx --export-secret-key-raw @var{key-id} + at opindex export-secret-key-p8 + at opindex export-secret-key-raw +Export the private key of the certificate identified by @var{key-id} +with any encryption stripped. The @code{...-raw} command exports in +PKCS#1 format; the @code{...-p8} command exports in PKCS#8 format. +When used with the @code{--armor} option a few informational lines are +prepended to the output. These commands are useful to prepare a key +for use on a TLS server. + at end ifset + @item --import [@var{files}] @opindex import Import the certificates from the PEM or binary encoded files as well as @@ -568,6 +581,13 @@ certificate. Include the keygrip in standard key listings. Note that the keygrip is always listed in --with-colons mode. + at ifset gpgtwoone + at item --with-secret + at opindex with-secret +Include info about the presence of a secret key in public key listings +done with @code{--with-colons}. + at end ifset + @end table @c ******************************************* diff --git a/doc/tools.texi b/doc/tools.texi index 32ab1e4..030f269 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1060,10 +1060,11 @@ may not be used and the passphrases for the to be used keys are given at machine startup. Passphrases set with this utility don't expire unless the - at option{--forget} option is used to explicitly clear them from the cache ---- or @command{gpg-agent} is either restarted or reloaded (by sending a -SIGHUP to it). It is necessary to allow this passphrase presetting by -starting @command{gpg-agent} with the + at option{--forget} option is used to explicitly clear them from the +cache --- or @command{gpg-agent} is either restarted or reloaded (by +sending a SIGHUP to it). Nite that the maximum cache time as set with + at option{--max-cache-ttl} is still honored. It is necessary to allow +this passphrase presetting by starting @command{gpg-agent} with the @option{--allow-preset-passphrase}. @menu commit 8e39fe810d951c2fef4c22246440a5944a89a18c Author: Werner Koch Date: Tue Jun 24 13:52:02 2014 +0200 gpg: Do not link gpgv against libassuan. * g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS. -- This is not required. GnuPG-bug-id: 1533 diff --git a/g10/Makefile.am b/g10/Makefile.am index 00036c8..efa427d 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -124,7 +124,7 @@ LDADD = $(needed_libs) ../common/libgpgrl.a \ $(LIBINTL) $(CAPLIBS) $(NETLIBS) gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) $(resource_objs) -gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ +gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) $(resource_objs) t_common_ldadd = commit fb274a3cf3295dbd509494338bd6a16c8069176a Author: Werner Koch Date: Tue Jun 24 11:14:20 2014 +0200 po: Update de.po diff --git a/po/de.po b/po/de.po index 515fd9e..12abe70 100644 --- a/po/de.po +++ b/po/de.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.0.18\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-06-03 09:53+0200\n" +"PO-Revision-Date: 2014-06-24 11:13+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "Language: de\n" @@ -2321,6 +2321,13 @@ msgid "key %s: no user ID\n" msgstr "Schl??ssel %s: Keine User-ID\n" #, c-format +msgid "key %s: %s\n" +msgstr "Schl??ssel %s: %s\n" + +msgid "rejected by import filter" +msgstr "vom Importfilter zur??ckgewiesen" + +#, c-format msgid "key %s: PKS subkey corruption repaired\n" msgstr "Schl??ssel %s: PKS Unterschl??sseldefekt repariert\n" @@ -2415,6 +2422,10 @@ msgstr "Schl??ssel %s: \"%s\" %d User-IDs bereinigt\n" msgid "key %s: \"%s\" not changed\n" msgstr "Schl??ssel %s: \"%s\" nicht ge??ndert\n" +#, c-format +msgid "secret key %s: %s\n" +msgstr "Geheimer Schl??ssel %s: %s\n" + msgid "importing secret keys not allowed\n" msgstr "Importieren geheimer Schl??ssel ist nicht erlaubt\n" commit a37f63d7b86b467df82ac77cfa5a75bfb1c77b7c Author: Werner Koch Date: Tue Jun 24 11:06:32 2014 +0200 common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6 * common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if defined. diff --git a/common/ssh-utils.c b/common/ssh-utils.c index 11ff0fb..30cb451 100644 --- a/common/ssh-utils.c +++ b/common/ssh-utils.c @@ -89,7 +89,9 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, elems = "pqgy"; gcry_md_write (md, "\0\0\0\x07ssh-dss", 11); break; +#if GCRYPT_VERSION_NUMBER >= 0x010600 case GCRY_PK_ECC: +#endif case GCRY_PK_ECDSA: /* We only support the 3 standard curves for now. It is just a quick hack. */ commit aacb43a730a6f52c1ac91131afed73ae6ef25416 Author: Werner Koch Date: Tue Jun 24 10:56:19 2014 +0200 Remove thread callbacks for libgcrypt >= 1.6. * agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with libgcrypt >= 1.6. (main): Ditto. * scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto. (main): Ditto. -- This is not anymore needed but kept for compatibility with Libgcrypt < 1.6. diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 1f53a37..bf2a26d 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -308,6 +308,7 @@ static int check_for_running_agent (int silent, int mode); /* Pth wrapper function definitions. */ ASSUAN_SYSTEM_PTH_IMPL; +#if GCRYPT_VERSION_NUMBER < 0x010600 GCRY_THREAD_OPTION_PTH_IMPL; #if GCRY_THREAD_OPTION_VERSION < 1 static int fixed_gcry_pth_init (void) @@ -315,6 +316,7 @@ static int fixed_gcry_pth_init (void) return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; } #endif +#endif /*GCRYPT_VERSION_NUMBER < 0x10600*/ #ifndef PTH_HAVE_PTH_THREAD_ID static unsigned long pth_thread_id (void) @@ -625,7 +627,8 @@ main (int argc, char **argv ) init_common_subsystems (); - /* Libgcrypt requires us to register the threading model first. +#if GCRYPT_VERSION_NUMBER < 0x010600 + /* Libgcrypt < 1.6 requires us to register the threading model first. Note that this will also do the pth_init. */ #if GCRY_THREAD_OPTION_VERSION < 1 gcry_threads_pth.init = fixed_gcry_pth_init; @@ -636,6 +639,7 @@ main (int argc, char **argv ) log_fatal ("can't register GNU Pth with Libgcrypt: %s\n", gpg_strerror (err)); } +#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/ /* Check that the libraries are suitable. Do it here because diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 5f64521..e133ddc 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -212,6 +212,7 @@ static void handle_connections (int listen_fd); /* Pth wrapper function definitions. */ ASSUAN_SYSTEM_PTH_IMPL; +#if GCRYPT_VERSION_NUMBER < 0x010600 GCRY_THREAD_OPTION_PTH_IMPL; #if GCRY_THREAD_OPTION_VERSION < 1 static int fixed_gcry_pth_init (void) @@ -219,6 +220,7 @@ static int fixed_gcry_pth_init (void) return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; } #endif +#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/ static char * @@ -380,7 +382,6 @@ main (int argc, char **argv ) { ARGPARSE_ARGS pargs; int orig_argc; - gpg_error_t err; char **orig_argv; FILE *configfp = NULL; char *configname = NULL; @@ -415,17 +416,23 @@ main (int argc, char **argv ) init_common_subsystems (); - /* Libgcrypt requires us to register the threading model first. +#if GCRYPT_VERSION_NUMBER < 0x010600 + /* Libgcrypt < 1.6 requires us to register the threading model first. Note that this will also do the pth_init. */ + { + gpg_error_t err; #if GCRY_THREAD_OPTION_VERSION < 1 gcry_threads_pth.init = fixed_gcry_pth_init; #endif + err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); if (err) { log_fatal ("can't register GNU Pth with Libgcrypt: %s\n", gpg_strerror (err)); } + } +#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/ /* Check that the libraries are suitable. Do it here because the option parsing may need services of the library */ commit 2daa112a7404bcbedcda9b84c5ebbe33fd7fabd8 Author: Werner Koch Date: Tue Jun 24 10:36:15 2014 +0200 Improve configure option --with-libgpg-error-prefix -- GnuPG-bug-id: 1561 Note that this is not a complete solution. The libgpg-error include directory has now a higher preference but ld may not pick up the right library if another one is installed. The problem is that the -L option and the -l options are not emitted separately by gpg-error-config. diff --git a/agent/Makefile.am b/agent/Makefile.am index 5c2da2c..55c374c 100644 --- a/agent/Makefile.am +++ b/agent/Makefile.am @@ -31,7 +31,7 @@ if HAVE_W32_SYSTEM resource_objs += gpg-agent-w32info.o endif -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) +AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) gpg_agent_SOURCES = \ gpg-agent.c agent.h \ diff --git a/common/Makefile.am b/common/Makefile.am index 880b01b..337e246 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -32,7 +32,7 @@ MAINTAINERCLEANFILES = audit-events.h status-codes.h AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) +AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) include $(top_srcdir)/am/cmacros.am diff --git a/g10/Makefile.am b/g10/Makefile.am index c3e35f6..00036c8 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -25,7 +25,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \ include $(top_srcdir)/am/cmacros.am -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) +AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) needed_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a diff --git a/jnlib/Makefile.am b/jnlib/Makefile.am index b3e7d7d..2ba2fbf 100644 --- a/jnlib/Makefile.am +++ b/jnlib/Makefile.am @@ -27,7 +27,7 @@ TESTS = $(module_tests) AM_CPPFLAGS = -I$(top_srcdir)/intl # We need libgcrypt because libjnlib-config includes gcrypt.h -AM_CFLAGS = -DJNLIB_IN_JNLIB $(LIBGCRYPT_CFLAGS) +AM_CFLAGS = -DJNLIB_IN_JNLIB $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) noinst_LIBRARIES = libjnlib.a diff --git a/scd/Makefile.am b/scd/Makefile.am index 63a11dc..e883180 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -33,8 +33,8 @@ if HAVE_W32_SYSTEM resource_objs += scdaemon-w32info.o endif -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \ - $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS) +AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) \ + $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS) card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c diff --git a/sm/Makefile.am b/sm/Makefile.am index 01cf028..8e1dc97 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -22,7 +22,8 @@ bin_PROGRAMS = gpgsm EXTRA_DIST = ChangeLog-2011 gpgsm-w32info.rc -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) +AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) \ + $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl include $(top_srcdir)/am/cmacros.am diff --git a/tools/Makefile.am b/tools/Makefile.am index cc782a3..e5c16a2 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -30,7 +30,7 @@ if HAVE_W32_SYSTEM resource_objs += gpg-connect-agent-w32info.o endif -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) +AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) sbin_SCRIPTS = addgnupghome applygnupgdefaults @@ -97,16 +97,16 @@ gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \ $(resource_objs) gpgkey2ssh_SOURCES = gpgkey2ssh.c -gpgkey2ssh_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) +gpgkey2ssh_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) # common sucks in jnlib, via use of BUG() in an inline function, which # some compilers do not eliminate. gpgkey2ssh_LDADD = $(common_libs) \ - $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) + $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(LIBINTL) $(LIBICONV) if !DISABLE_REGEX gpg_check_pattern_SOURCES = gpg-check-pattern.c -gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) +gpg_check_pattern_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) gpg_check_pattern_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) endif commit 76b0b076d0dfc1c0b011b9fd458a5158c189ebb4 Author: Werner Koch Date: Tue Jun 10 14:54:55 2014 +0200 gpg: Use more specific reason codes for INV_RECP. * g10/pkclist.c (build_pk_list): Use more specific reasons codes for INV_RECP. -- GnuPG-bug-id: 1650 Note that this patch is a bit more limited than the one in 2.1. diff --git a/g10/pkclist.c b/g10/pkclist.c index 85a8eeb..1d0b2d2 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -831,7 +831,11 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use ) { free_public_key ( pk ); pk = NULL; log_error (_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) ); - write_status_text_and_buffer (STATUS_INV_RECP, "0 ", + write_status_text_and_buffer (STATUS_INV_RECP, + (rc == GPG_ERR_NO_PUBKEY + || rc == GPG_ERR_NO_SECKEY)? "1 ": + (rc == GPG_ERR_INV_USER_ID)? "14 ": + "0 ", rov->d, strlen (rov->d), -1); goto fail; } @@ -874,7 +878,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use ) available. */ free_public_key( pk ); pk = NULL; log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) ); - write_status_text_and_buffer (STATUS_INV_RECP, "0 ", + write_status_text_and_buffer (STATUS_INV_RECP, "3 ", rov->d, strlen (rov->d), -1); goto fail; } @@ -1086,7 +1090,11 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use ) /* Key not found or other error. */ free_public_key( pk ); pk = NULL; log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) ); - write_status_text_and_buffer (STATUS_INV_RECP, "0 ", + write_status_text_and_buffer (STATUS_INV_RECP, + (rc == G10ERR_NO_PUBKEY + || rc == G10ERR_NO_SECKEY)? "1 ": + (rc == G10ERR_INV_USER_ID)? "14 ": + "0 ", remusr->d, strlen (remusr->d), -1); goto fail; @@ -1103,7 +1111,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use ) free_public_key(pk); pk = NULL; log_info(_("%s: skipped: public key is disabled\n"), remusr->d); - write_status_text_and_buffer (STATUS_INV_RECP, "0 ", + write_status_text_and_buffer (STATUS_INV_RECP, "13 ", remusr->d, strlen (remusr->d), -1); @@ -1152,7 +1160,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use ) { /* Key found but not usable for us (e.g. sign-only key). */ free_public_key( pk ); pk = NULL; - write_status_text_and_buffer (STATUS_INV_RECP, "0 ", + write_status_text_and_buffer (STATUS_INV_RECP, "3 ", remusr->d, strlen (remusr->d), -1); commit 9607bc0b9fce1f7853eee6591b44e35deed4a66c Author: Werner Koch Date: Tue Jun 24 09:53:46 2014 +0200 gpg: Make show-uid-validity the default. diff --git a/g10/gpg.c b/g10/gpg.c index 87ffe54..1a8e6e7 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2004,6 +2004,8 @@ main (int argc, char **argv) opt.passphrase_repeat=1; opt.emit_version = 1; /* Limit to the major number. */ + opt.list_options |= LIST_SHOW_UID_VALIDITY; + opt.verify_options |= LIST_SHOW_UID_VALIDITY; /* Check whether we have a config file on the command line. */ orig_argc = argc; commit 5e933008beffbeae7255ece02383606481f9c169 Author: Stefan Tomanek Date: Thu Jan 30 00:57:43 2014 +0100 gpg: Screen keyserver responses. * g10/main.h (import_filter_t): New. * g10/import.c (import): Add filter callbacks to param list. (import_one): Ditto. (import_secret_one): Ditto. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_retrieval_filter): New. (keyserver_spawn): Pass filter to import_keys_stream() -- These changes introduces import functions that apply a constraining filter to imported keys. These filters can verify the fingerprints of the keys returned before importing them into the keyring, ensuring that the keys fetched from the keyserver are in fact those selected by the user beforehand. Signed-off-by: Stefan Tomanek Re-indention and minor changes by wk. Resolved conflicts: g10/import.c g10/keyserver.c g10/main.h diff --git a/g10/import.c b/g10/import.c index 540b24b..fbe6b37 100644 --- a/g10/import.c +++ b/g10/import.c @@ -59,14 +59,17 @@ struct stats_s { static int import( IOBUF inp, const char* fname,struct stats_s *stats, - unsigned char **fpr,size_t *fpr_len,unsigned int options ); + unsigned char **fpr,size_t *fpr_len,unsigned int options, + import_filter_t filter, void *filter_arg ); static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); static void revocation_present(KBNODE keyblock); static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats, unsigned char **fpr,size_t *fpr_len, - unsigned int options,int from_sk); + unsigned int options,int from_sk, + import_filter_t filter, void *filter_arg); static int import_secret_one( const char *fname, KBNODE keyblock, - struct stats_s *stats, unsigned int options); + struct stats_s *stats, unsigned int options, + import_filter_t filter, void *filter_arg); static int import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats); static int chk_self_sigs( const char *fname, KBNODE keyblock, @@ -163,7 +166,8 @@ import_release_stats_handle (void *p) static int import_keys_internal( IOBUF inp, char **fnames, int nnames, void *stats_handle, unsigned char **fpr, size_t *fpr_len, - unsigned int options ) + unsigned int options, + import_filter_t filter, void *filter_arg) { int i, rc = 0; struct stats_s *stats = stats_handle; @@ -172,7 +176,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, stats = import_new_stats_handle (); if (inp) { - rc = import( inp, "[stream]", stats, fpr, fpr_len, options); + rc = import (inp, "[stream]", stats, fpr, fpr_len, options, + filter, filter_arg); } else { int once = (!fnames && !nnames); @@ -192,7 +197,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames, log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); else { - rc = import( inp2, fname, stats, fpr, fpr_len, options ); + rc = import (inp2, fname, stats, fpr, fpr_len, options, + NULL, NULL); iobuf_close(inp2); /* Must invalidate that ugly cache to actually close it. */ iobuf_ioctl (NULL, 2, 0, (char*)fname); @@ -223,24 +229,27 @@ void import_keys( char **fnames, int nnames, void *stats_handle, unsigned int options ) { - import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options); + import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL, + options, NULL, NULL); } int import_keys_stream( IOBUF inp, void *stats_handle, - unsigned char **fpr, size_t *fpr_len,unsigned int options ) + unsigned char **fpr, size_t *fpr_len,unsigned int options, + import_filter_t filter, void *filter_arg) { - return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options); + return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len, + options, filter, filter_arg); } + static int -import( IOBUF inp, const char* fname,struct stats_s *stats, - unsigned char **fpr,size_t *fpr_len,unsigned int options ) +import (IOBUF inp, const char* fname,struct stats_s *stats, + unsigned char **fpr, size_t *fpr_len, unsigned int options, + import_filter_t filter, void *filter_arg) { PACKET *pending_pkt = NULL; - KBNODE keyblock = NULL; /* Need to initialize because gcc can't - grasp the return semantics of - read_block. */ + KBNODE keyblock = NULL; int rc = 0; getkey_disable_caches(); @@ -256,9 +265,11 @@ import( IOBUF inp, const char* fname,struct stats_s *stats, while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) { if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) - rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0); - else if( keyblock->pkt->pkttype == PKT_SECRET_KEY ) - rc = import_secret_one( fname, keyblock, stats, options ); + rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0, + filter, filter_arg); + else if( keyblock->pkt->pkttype == PKT_SECRET_KEY ) + rc = import_secret_one (fname, keyblock, stats, options, + filter, filter_arg); else if( keyblock->pkt->pkttype == PKT_SIGNATURE && keyblock->pkt->pkt.signature->sig_class == 0x20 ) rc = import_revoke_cert( fname, keyblock, stats ); @@ -634,7 +645,7 @@ check_prefs(KBNODE keyblock) KBNODE node; PKT_public_key *pk; int problem=0; - + merge_keys_and_selfsig(keyblock); pk=keyblock->pkt->pkt.public_key; @@ -659,9 +670,9 @@ check_prefs(KBNODE keyblock) { if (openpgp_cipher_test_algo (prefs->value)) { - const char *algo = + const char *algo = (openpgp_cipher_test_algo (prefs->value) - ? num + ? num : openpgp_cipher_algo_name (prefs->value)); if(!problem) check_prefs_warning(pk); @@ -676,7 +687,7 @@ check_prefs(KBNODE keyblock) { const char *algo = (gcry_md_test_algo (prefs->value) - ? num + ? num : gcry_md_algo_name (prefs->value)); if(!problem) check_prefs_warning(pk); @@ -745,7 +756,7 @@ check_prefs(KBNODE keyblock) static int import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, unsigned char **fpr,size_t *fpr_len,unsigned int options, - int from_sk ) + int from_sk, import_filter_t filter, void *filter_arg) { PKT_public_key *pk; PKT_public_key *pk_orig; @@ -787,7 +798,14 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); return 0; } - + + if (filter && filter (pk, NULL, filter_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk(pk), + _("rejected by import filter")); + return 0; + } + if (opt.interactive) { if(is_status_enabled()) print_import_check (pk, uidnode->pkt->pkt.user_id); @@ -924,7 +942,7 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, size_t an; fingerprint_from_pk (pk_orig, afp, &an); - while (an < MAX_FINGERPRINT_LEN) + while (an < MAX_FINGERPRINT_LEN) afp[an++] = 0; rc = keydb_search_fpr (hd, afp); } @@ -948,7 +966,7 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid); if (n_sigs_cleaned) commit_kbnode (&keyblock_orig); - + /* and try to merge the block */ clear_kbnode_flags( keyblock_orig ); clear_kbnode_flags( keyblock ); @@ -1018,14 +1036,14 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, stats->n_sigs_cleaned +=n_sigs_cleaned; stats->n_uids_cleaned +=n_uids_cleaned; - if (is_status_enabled ()) + if (is_status_enabled ()) print_import_ok (pk, NULL, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0))); } else { same_key = 1; - if (is_status_enabled ()) + if (is_status_enabled ()) print_import_ok (pk, NULL, 0); if( !opt.quiet ) @@ -1165,15 +1183,16 @@ sec_to_pub_keyblock(KBNODE sec_keyblock) * with the trust calculation. */ static int -import_secret_one( const char *fname, KBNODE keyblock, - struct stats_s *stats, unsigned int options) +import_secret_one (const char *fname, KBNODE keyblock, + struct stats_s *stats, unsigned int options, + import_filter_t filter, void *filter_arg) { PKT_secret_key *sk; KBNODE node, uidnode; u32 keyid[2]; int rc = 0; - /* get the key and print some info about it */ + /* Get the key and print some info about it. */ node = find_kbnode( keyblock, PKT_SECRET_KEY ); if( !node ) BUG(); @@ -1182,6 +1201,12 @@ import_secret_one( const char *fname, KBNODE keyblock, keyid_from_sk( sk, keyid ); uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); + if (filter && filter (NULL, sk, filter_arg)) { + log_error (_("secret key %s: %s\n"), keystr_from_sk(sk), + _("rejected by import filter")); + return 0; + } + if( opt.verbose ) { log_info( "sec %4u%c/%s %s ", @@ -1223,8 +1248,8 @@ import_secret_one( const char *fname, KBNODE keyblock, log_error (_("importing secret keys not allowed\n")); return 0; } -#endif - +#endif + clear_kbnode_flags( keyblock ); /* do we have this key already in one of our secrings ? */ @@ -1250,7 +1275,7 @@ import_secret_one( const char *fname, KBNODE keyblock, if( !opt.quiet ) log_info( _("key %s: secret key imported\n"), keystr_from_sk(sk)); stats->secret_imported++; - if (is_status_enabled ()) + if (is_status_enabled ()) print_import_ok (NULL, sk, 1|16); if(options&IMPORT_SK2PK) @@ -1260,8 +1285,9 @@ import_secret_one( const char *fname, KBNODE keyblock, KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock); if(pub_keyblock) { - import_one(fname,pub_keyblock,stats, - NULL,NULL,opt.import_options,1); + import_one (fname, pub_keyblock, stats, + NULL, NULL, opt.import_options, 1, + NULL, NULL); release_kbnode(pub_keyblock); } } @@ -1281,7 +1307,7 @@ import_secret_one( const char *fname, KBNODE keyblock, log_error( _("key %s: already in secret keyring\n"), keystr_from_sk(sk)); stats->secret_dups++; - if (is_status_enabled ()) + if (is_status_enabled ()) print_import_ok (NULL, sk, 16); /* TODO: if we ever do merge secret keys, make sure to handle @@ -1337,9 +1363,9 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats ) { byte afp[MAX_FINGERPRINT_LEN]; size_t an; - + fingerprint_from_pk (pk, afp, &an); - while (an < MAX_FINGERPRINT_LEN) + while (an < MAX_FINGERPRINT_LEN) afp[an++] = 0; rc = keydb_search_fpr (hd, afp); } @@ -1435,11 +1461,11 @@ chk_self_sigs( const char *fname, KBNODE keyblock, int rc; u32 bsdate=0,rsdate=0; KBNODE bsnode = NULL, rsnode = NULL; - + (void)fname; (void)pk; - for (n=keyblock; (n = find_next_kbnode (n, 0)); ) + for (n=keyblock; (n = find_next_kbnode (n, 0)); ) { if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY) { @@ -1453,7 +1479,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock, if ( n->pkt->pkttype != PKT_SIGNATURE ) continue; - + sig = n->pkt->pkt.signature; if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] ) { @@ -1465,7 +1491,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock, import a fully-cached key which speeds things up. */ if (!opt.no_sig_cache) check_key_signature (keyblock, n, NULL); - + if ( IS_UID_SIG(sig) || IS_UID_REV(sig) ) { KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID ); @@ -1475,16 +1501,16 @@ chk_self_sigs( const char *fname, KBNODE keyblock, keystr(keyid)); return -1; /* The complete keyblock is invalid. */ } - + /* If it hasn't been marked valid yet, keep trying. */ - if (!(unode->flag&1)) + if (!(unode->flag&1)) { rc = check_key_signature (keyblock, n, NULL); if ( rc ) { if ( opt.verbose ) { - char *p = utf8_to_native + char *p = utf8_to_native (unode->pkt->pkt.user_id->name, strlen (unode->pkt->pkt.user_id->name),0); log_info (gpg_err_code(rc) == G10ERR_PUBKEY_ALGO ? @@ -1513,7 +1539,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock, n->flag |= 4; } } - else if ( IS_SUBKEY_SIG (sig) ) + else if ( IS_SUBKEY_SIG (sig) ) { /* Note that this works based solely on the timestamps like the rest of gpg. If the standard gets revocation @@ -1542,19 +1568,19 @@ chk_self_sigs( const char *fname, KBNODE keyblock, else { /* It's valid, so is it newer? */ - if (sig->timestamp >= bsdate) + if (sig->timestamp >= bsdate) { knode->flag |= 1; /* The subkey is valid. */ if (bsnode) { /* Delete the last binding sig since this one is newer */ - bsnode->flag |= 4; + bsnode->flag |= 4; if (opt.verbose) log_info (_("key %s: removed multiple subkey" " binding\n"),keystr(keyid)); } - + bsnode = n; bsdate = sig->timestamp; } @@ -1599,12 +1625,12 @@ chk_self_sigs( const char *fname, KBNODE keyblock, { /* Delete the last revocation sig since this one is newer. */ - rsnode->flag |= 4; + rsnode->flag |= 4; if (opt.verbose) log_info (_("key %s: removed multiple subkey" " revocation\n"),keystr(keyid)); } - + rsnode = n; rsdate = sig->timestamp; } @@ -2345,35 +2371,35 @@ pub_to_sec_keyblock (KBNODE pub_keyblock) PACKET *pkt = xmalloc_clear (sizeof *pkt); PKT_secret_key *sk = xmalloc_clear (sizeof *sk); int i, n; - + if (pubnode->pkt->pkttype == PKT_PUBLIC_KEY) pkt->pkttype = PKT_SECRET_KEY; else pkt->pkttype = PKT_SECRET_SUBKEY; - + pkt->pkt.secret_key = sk; copy_public_parts_to_secret_key ( pk, sk ); sk->version = pk->version; sk->timestamp = pk->timestamp; - + n = pubkey_get_npkey (pk->pubkey_algo); if (!n) n = 1; /* Unknown number of parameters, however the data is stored in the first mpi. */ for (i=0; i < n; i++ ) sk->skey[i] = mpi_copy (pk->pkey[i]); - + sk->is_protected = 1; sk->protect.s2k.mode = 1001; - + secnode = new_kbnode (pkt); } else { secnode = clone_kbnode (pubnode); } - + if(!sec_keyblock) sec_keyblock = secnode; else @@ -2387,12 +2413,12 @@ pub_to_sec_keyblock (KBNODE pub_keyblock) /* Walk over the secret keyring SEC_KEYBLOCK and update any simple stub keys with the serial number SNNUM of the card if one of the fingerprints FPR1, FPR2 or FPR3 match. Print a note if the key is - a duplicate (may happen in case of backed uped keys). - + a duplicate (may happen in case of backed uped keys). + Returns: True if anything changed. */ static int -update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock, +update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock, const unsigned char *fpr1, const unsigned char *fpr2, const unsigned char *fpr3, @@ -2412,7 +2438,7 @@ update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock, && node->pkt->pkttype != PKT_SECRET_SUBKEY) continue; sk = node->pkt->pkt.secret_key; - + fingerprint_from_sk (sk, array, &n); if (n != 20) continue; /* Can't be a card key. */ @@ -2462,7 +2488,7 @@ update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock, exists, add appropriate subkey stubs and update the secring. Return 0 if the key could be created. */ int -auto_create_card_key_stub ( const char *serialnostr, +auto_create_card_key_stub ( const char *serialnostr, const unsigned char *fpr1, const unsigned char *fpr2, const unsigned char *fpr3) @@ -2473,7 +2499,7 @@ auto_create_card_key_stub ( const char *serialnostr, int rc; /* We only want to do this for an OpenPGP card. */ - if (!serialnostr || strncmp (serialnostr, "D27600012401", 12) + if (!serialnostr || strncmp (serialnostr, "D27600012401", 12) || strlen (serialnostr) != 32 ) return G10ERR_GENERAL; @@ -2484,7 +2510,7 @@ auto_create_card_key_stub ( const char *serialnostr, ; else return G10ERR_GENERAL; - + hd = keydb_new (1); /* Now check whether there is a secret keyring. */ @@ -2510,7 +2536,7 @@ auto_create_card_key_stub ( const char *serialnostr, else { merge_keys_and_selfsig (sec_keyblock); - + /* FIXME: We need to add new subkeys first. */ if (update_sec_keyblock_with_cardinfo (sec_keyblock, fpr1, fpr2, fpr3, @@ -2544,7 +2570,7 @@ auto_create_card_key_stub ( const char *serialnostr, keydb_get_resource_name (hd), g10_errstr(rc) ); } } - + release_kbnode (sec_keyblock); release_kbnode (pub_keyblock); keydb_release (hd); diff --git a/g10/keyserver.c b/g10/keyserver.c index 7164f67..83a4b95 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -981,10 +981,55 @@ direct_uri_map(const char *scheme,unsigned int is_direct) #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\"" #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" + +/* Check whether a key matches the search description. The filter + returns 0 if the key shall be imported. Note that this kind of + filter is not related to the iobuf filters. */ static int -keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc, - int count,int *prog,unsigned char **fpr,size_t *fpr_len, - struct keyserver_spec *keyserver) +keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) +{ + KEYDB_SEARCH_DESC *desc = arg; + u32 keyid[2]; + byte fpr[MAX_FINGERPRINT_LEN]; + size_t fpr_len = 0; + + /* Secret keys are not expected from a keyserver. Do not import. */ + if (sk) + return G10ERR_GENERAL; + + fingerprint_from_pk (pk, fpr, &fpr_len); + keyid_from_pk (pk, keyid); + + /* Compare requested and returned fingerprints if available. */ + if (desc->mode == KEYDB_SEARCH_MODE_FPR20) + { + if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20)) + return G10ERR_GENERAL; + } + else if (desc->mode == KEYDB_SEARCH_MODE_FPR16) + { + if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16)) + return G10ERR_GENERAL; + } + else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID) + { + if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1]) + return G10ERR_GENERAL; + } + else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID) + { + if (keyid[1] != desc->u.kid[1]) + return G10ERR_GENERAL; + } + + return 0; +} + + +static int +keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, + int count, int *prog, unsigned char **fpr, size_t *fpr_len, + struct keyserver_spec *keyserver) { int ret=0,i,gotversion=0,outofband=0; strlist_t temp; @@ -1504,8 +1549,9 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc, but we better protect against rogue keyservers. */ import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len, - (opt.keyserver_options.import_options - | IMPORT_NO_SECKEY)); + (opt.keyserver_options.import_options + | IMPORT_NO_SECKEY), + keyserver_retrieval_filter, desc); import_print_stats(stats_handle); import_release_stats_handle(stats_handle); @@ -1536,12 +1582,14 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc, return ret; } + static int -keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc, - int count,unsigned char **fpr,size_t *fpr_len, - struct keyserver_spec *keyserver) +keyserver_work (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, + int count, unsigned char **fpr, size_t *fpr_len, + struct keyserver_spec *keyserver) { - int rc=0,ret=0; + int rc = 0; + int ret = 0; if(!keyserver) { @@ -1606,6 +1654,7 @@ keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc, #endif /* ! DISABLE_KEYSERVER_HELPERS*/ } + int keyserver_export(strlist_t users) { @@ -1638,6 +1687,7 @@ keyserver_export(strlist_t users) return rc; } + int keyserver_import(strlist_t users) { @@ -1712,11 +1762,14 @@ keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver) return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver); } -/* code mostly stolen from do_export_stream */ + +/* Code mostly stolen from do_export_stream */ static int keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) { - int rc=0,ndesc,num=100; + int rc = 0; + int num = 100; + int ndesc; KBNODE keyblock=NULL,node; KEYDB_HANDLE kdbhd; KEYDB_SEARCH_DESC *desc; @@ -2045,7 +2098,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len) rc=import_keys_stream (key, NULL, fpr, fpr_len, (opt.keyserver_options.import_options - | IMPORT_NO_SECKEY)); + | IMPORT_NO_SECKEY), NULL, NULL); opt.no_armor=armor_status; diff --git a/g10/main.h b/g10/main.h index 8d29071..6a0de00 100644 --- a/g10/main.h +++ b/g10/main.h @@ -260,11 +260,16 @@ gcry_mpi_t encode_md_value( PKT_public_key *pk, PKT_secret_key *sk, gcry_md_hd_t md, int hash_algo ); /*-- import.c --*/ + +typedef int (*import_filter_t)(PKT_public_key *pk, PKT_secret_key *sk, + void *arg); + int parse_import_options(char *str,unsigned int *options,int noisy); void import_keys( char **fnames, int nnames, void *stats_hd, unsigned int options ); -int import_keys_stream( iobuf_t inp,void *stats_hd,unsigned char **fpr, - size_t *fpr_len,unsigned int options ); +int import_keys_stream (iobuf_t inp, void *stats_hd, unsigned char **fpr, + size_t *fpr_len, unsigned int options, + import_filter_t filter, void *filter_arg); void *import_new_stats_handle (void); void import_release_stats_handle (void *p); void import_print_stats (void *hd); commit e790671cb3a35f3042558224e915b6f74ebc2251 Author: Werner Koch Date: Tue Jun 24 09:13:38 2014 +0200 gpg: Allow key-to-card upload for cert-only keys * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0. -- Suggested-by: Dominik Heidler diff --git a/g10/card-util.c b/g10/card-util.c index 801de57..57f873f 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -86,7 +86,7 @@ change_pin (int unblock_v2, int allow_admin) gpg_strerror (rc)); return; } - + log_info (_("OpenPGP card no. %s detected\n"), info.serialno? info.serialno : "[none]"); @@ -180,7 +180,7 @@ change_pin (int unblock_v2, int allow_admin) rc = agent_scd_change_pin (102, info.serialno); write_sc_op_status (rc); if (rc) - tty_printf ("Error setting the Reset Code: %s\n", + tty_printf ("Error setting the Reset Code: %s\n", gpg_strerror (rc)); else tty_printf ("Reset Code set.\n"); @@ -382,7 +382,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen) else tty_fprintf (fp, "Application ID ...: %s\n", info.serialno? info.serialno : "[none]"); - if (!info.serialno || strncmp (info.serialno, "D27600012401", 12) + if (!info.serialno || strncmp (info.serialno, "D27600012401", 12) || strlen (info.serialno) != 32 ) { if (info.apptype && !strcmp (info.apptype, "NKS")) @@ -424,7 +424,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen) ; else if (strlen (serialno)+1 > serialnobuflen) log_error ("serial number longer than expected\n"); - else + else strcpy (serialno, info.serialno); if (opt.with_colons) @@ -437,7 +437,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen) uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18); fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval)); fprintf (fp, "serial:%.8s:\n", info.serialno+20); - + print_isoname (fp, "Name of cardholder: ", "name", info.disp_name); fputs ("lang:", fp); @@ -494,18 +494,18 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen) (unsigned long)info.fpr1time, (unsigned long)info.fpr2time, (unsigned long)info.fpr3time); } - else + else { tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n", info.serialno[12] == '0'?"":info.serialno+12, info.serialno[13], info.serialno[14] == '0'?"":info.serialno+14, info.serialno[15]); - tty_fprintf (fp, "Manufacturer .....: %s\n", + tty_fprintf (fp, "Manufacturer .....: %s\n", get_manufacturer (xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18))); tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20); - + print_isoname (fp, "Name of cardholder: ", "name", info.disp_name); print_name (fp, "Language prefs ...: ", info.disp_lang); tty_fprintf (fp, "Sex ..............: %s\n", @@ -568,13 +568,13 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen) if (info.fpr3valid && info.fpr3time) tty_fprintf (fp, " created ....: %s\n", isotimestamp (info.fpr3time)); - tty_fprintf (fp, "General key info..: "); + tty_fprintf (fp, "General key info..: "); - thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 : + thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 : info.fpr3valid? info.fpr3 : NULL); /* If the fingerprint is all 0xff, the key has no asssociated OpenPGP certificate. */ - if ( thefpr && !fpr_is_ff (thefpr) + if ( thefpr && !fpr_is_ff (thefpr) && !get_pubkey_byfprint (pk, thefpr, 20)) { KBNODE keyblock = NULL; @@ -587,7 +587,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen) { release_kbnode (keyblock); keyblock = NULL; - + if (!auto_create_card_key_stub (info.serialno, info.fpr1valid? info.fpr1:NULL, info.fpr2valid? info.fpr2:NULL, @@ -603,7 +603,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen) else tty_fprintf (fp, "[none]\n"); } - + free_public_key (pk); agent_release_card_info (&info); } @@ -632,7 +632,7 @@ get_one_name (const char *prompt1, const char *prompt2) else if (strchr (name, '<')) tty_printf (_("Error: The \"<\" character may not be used.\n")); else if (strstr (name, " ")) - tty_printf (_("Error: Double spaces are not allowed.\n")); + tty_printf (_("Error: Double spaces are not allowed.\n")); else return name; xfree (name); @@ -670,7 +670,7 @@ change_name (void) if (strlen (isoname) > 39 ) { tty_printf (_("Error: Combined name too long " - "(limit is %d characters).\n"), 39); + "(limit is %d characters).\n"), 39); xfree (isoname); return -1; } @@ -699,7 +699,7 @@ change_url (void) if (strlen (url) > 254 ) { tty_printf (_("Error: URL too long " - "(limit is %d characters).\n"), 254); + "(limit is %d characters).\n"), 254); xfree (url); return -1; } @@ -770,7 +770,7 @@ get_data_from_file (const char *fname, size_t maxlen, char **r_buffer) FILE *fp; char *data; int n; - + *r_buffer = NULL; fp = fopen (fname, "rb"); @@ -787,7 +787,7 @@ get_data_from_file (const char *fname, size_t maxlen, char **r_buffer) tty_printf (_("can't open `%s': %s\n"), fname, strerror (errno)); return -1; } - + data = xtrymalloc (maxlen? maxlen:1); if (!data) { @@ -818,7 +818,7 @@ static int put_data_to_file (const char *fname, const void *buffer, size_t length) { FILE *fp; - + fp = fopen (fname, "wb"); #if GNUPG_MAJOR_VERSION == 1 if (fp && is_secured_file (fileno (fp))) @@ -833,7 +833,7 @@ put_data_to_file (const char *fname, const void *buffer, size_t length) tty_printf (_("can't create `%s': %s\n"), fname, strerror (errno)); return -1; } - + if (length && fwrite (buffer, length, 1, fp) != 1) { tty_printf (_("error writing `%s': %s\n"), fname, strerror (errno)); @@ -874,7 +874,7 @@ change_login (const char *args) if (n > 254 ) { tty_printf (_("Error: Login data too long " - "(limit is %d characters).\n"), 254); + "(limit is %d characters).\n"), 254); xfree (data); return -1; } @@ -893,7 +893,7 @@ change_private_do (const char *args, int nr) char do_name[] = "PRIVATE-DO-X"; char *data; int n; - int rc; + int rc; assert (nr >= 1 && nr <= 4); do_name[11] = '0' + nr; @@ -920,7 +920,7 @@ change_private_do (const char *args, int nr) if (n > 254 ) { tty_printf (_("Error: Private DO too long " - "(limit is %d characters).\n"), 254); + "(limit is %d characters).\n"), 254); xfree (data); return -1; } @@ -1053,13 +1053,13 @@ change_sex (void) str = "1"; else if ((*data == 'F' || *data == 'f') && !data[1]) str = "2"; - else + else { tty_printf (_("Error: invalid response.\n")); xfree (data); return -1; } - + rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL ); if (rc) log_error ("error setting sex: %s\n", gpg_strerror (rc)); @@ -1147,7 +1147,7 @@ get_info_for_key_operation (struct agent_card_info_s *info) memset (info, 0, sizeof *info); rc = agent_scd_getattr ("SERIALNO", info); - if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12) + if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12) || strlen (info->serialno) != 32 ) { log_error (_("key operation not possible: %s\n"), @@ -1172,7 +1172,7 @@ get_info_for_key_operation (struct agent_card_info_s *info) /* Helper for the key generation/edit functions. */ static int check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1) -{ +{ int rc = 0; agent_clear_pin_cache (info->serialno); @@ -1206,7 +1206,7 @@ check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1) } /* Helper for the key generation/edit functions. */ -static void +static void restore_forced_chv1 (int *forced_chv1) { int rc; @@ -1290,7 +1290,7 @@ ask_card_keysize (int keyno, unsigned int nbits) for (;;) { - prompt = xasprintf + prompt = xasprintf (keyno == 0? _("What keysize do you want for the Signature key? (%u) "): keyno == 1? @@ -1302,16 +1302,16 @@ ask_card_keysize (int keyno, unsigned int nbits) req_nbits = *answer? atoi (answer): nbits; xfree (prompt); xfree (answer); - + if (req_nbits != nbits && (req_nbits % 32) ) { req_nbits = ((req_nbits + 31) / 32) * 32; tty_printf (_("rounded up to %u bits\n"), req_nbits); } - + if (req_nbits == nbits) return 0; /* Use default. */ - + if (req_nbits < min_nbits || req_nbits > max_nbits) { tty_printf (_("%s keysizes must be in the range %u-%u\n"), @@ -1331,19 +1331,19 @@ ask_card_keysize (int keyno, unsigned int nbits) /* Change the size of key KEYNO (0..2) to NBITS and show an error message if that fails. */ static gpg_error_t -do_change_keysize (int keyno, unsigned int nbits) +do_change_keysize (int keyno, unsigned int nbits) { gpg_error_t err; char args[100]; - + snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits); err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL); if (err) - log_error (_("error changing size of key %d to %u bits: %s\n"), + log_error (_("error changing size of key %d to %u bits: %s\n"), keyno+1, nbits, gpg_strerror (err)); return err; } - + static void generate_card_keys (void) @@ -1422,7 +1422,7 @@ generate_card_keys (void) /* Note that INFO has not be synced. However we will only use the serialnumber and thus it won't harm. */ } - + generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL); leave: @@ -1452,7 +1452,7 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock) tty_printf (_(" (2) Encryption key\n")); tty_printf (_(" (3) Authentication key\n")); - for (;;) + for (;;) { char *answer = cpr_get ("cardedit.genkeys.subkeytype", _("Your selection? ")); @@ -1509,7 +1509,7 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock) carry the serialno stuff instead of the actual secret key parameters. USE is the usage for that key; 0 means any usage. */ -int +int card_store_subkey (KBNODE node, int use) { struct agent_card_info_s info; @@ -1549,7 +1549,7 @@ card_store_subkey (KBNODE node, int use) goto leave; } - allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG))); + allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT))); allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC))); allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))); @@ -1562,7 +1562,7 @@ card_store_subkey (KBNODE node, int use) if (allow_keyno[2]) tty_printf (_(" (3) Authentication key\n")); - for (;;) + for (;;) { char *answer = cpr_get ("cardedit.genkeys.storekeytype", _("Your selection? ")); @@ -1576,7 +1576,7 @@ card_store_subkey (KBNODE node, int use) xfree(answer); if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1]) { - if (info.is_v2 && !info.extcap.aac + if (info.is_v2 && !info.extcap.aac && info.key_attr[keyno-1].nbits != nbits) { tty_printf ("Key does not match the card's capability.\n"); @@ -1628,7 +1628,7 @@ card_store_subkey (KBNODE node, int use) if (copied_sk) { free_secret_key (copied_sk); - copied_sk = NULL; + copied_sk = NULL; } sk = node->pkt->pkt.secret_key; @@ -1703,7 +1703,7 @@ static struct { "privatedo", cmdPRIVATEDO, 0, NULL }, { "readcert", cmdREADCERT, 0, NULL }, { "writecert", cmdWRITECERT, 1, NULL }, - { NULL, cmdINVCMD, 0, NULL } + { NULL, cmdINVCMD, 0, NULL } }; @@ -1782,7 +1782,7 @@ card_edit (strlist_t commands) char *p; int i; int cmd_admin_only; - + tty_printf("\n"); if (redisplay ) { @@ -1834,7 +1834,7 @@ card_edit (strlist_t commands) cmd = cmdLIST; /* Default to the list command */ else if (*answer == CONTROL_D) cmd = cmdQUIT; - else + else { if ((p=strchr (answer,' '))) { @@ -1849,7 +1849,7 @@ card_edit (strlist_t commands) while (spacep (arg_rest)) arg_rest++; } - + for (i=0; cmds[i].name; i++ ) if (!ascii_strcasecmp (answer, cmds[i].name )) break; ----------------------------------------------------------------------- Summary of changes: NEWS | 19 ++++++- agent/Makefile.am | 2 +- agent/gpg-agent.c | 6 +- common/Makefile.am | 2 +- common/ssh-utils.c | 2 + configure.ac | 2 +- doc/Makefile.am | 6 +- doc/gpg-agent.texi | 11 ++-- doc/gpg.texi | 90 +++++++++++++++++++++++------- doc/gpgsm.texi | 24 +++++++- doc/tools.texi | 9 +-- g10/Makefile.am | 4 +- g10/call-agent.c | 4 +- g10/card-util.c | 94 +++++++++++++++---------------- g10/gpg.c | 2 + g10/import.c | 158 ++++++++++++++++++++++++++++++---------------------- g10/keyserver.c | 77 +++++++++++++++++++++---- g10/main.h | 9 ++- g10/pkclist.c | 18 ++++-- jnlib/Makefile.am | 2 +- po/be.po | 11 ++++ po/ca.po | 11 ++++ po/cs.po | 13 +++++ po/da.po | 13 +++++ po/de.po | 13 ++++- po/el.po | 11 ++++ po/eo.po | 11 ++++ po/es.po | 13 +++++ po/et.po | 11 ++++ po/fi.po | 11 ++++ po/fr.po | 13 +++++ po/gl.po | 11 ++++ po/hu.po | 11 ++++ po/id.po | 11 ++++ po/it.po | 11 ++++ po/ja.po | 13 +++++ po/nb.po | 13 +++++ po/pl.po | 13 +++++ po/pt.po | 11 ++++ po/pt_BR.po | 11 ++++ po/ro.po | 13 +++++ po/ru.po | 13 +++++ po/sk.po | 11 ++++ po/sv.po | 13 +++++ po/tr.po | 13 +++++ po/uk.po | 13 +++++ po/zh_CN.po | 13 +++++ po/zh_TW.po | 13 +++++ scd/Makefile.am | 4 +- scd/scdaemon.c | 11 +++- sm/Makefile.am | 3 +- tools/Makefile.am | 8 +-- 52 files changed, 719 insertions(+), 186 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 25 08:26:39 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 25 Jun 2014 08:26:39 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.13-3-g51f9a81 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 51f9a8180ecbc24ed092bef5f2aa920a76769dcb (commit) from 3fada688c0df6e3140e4fcaf59b9bcfcc7a70bf4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 51f9a8180ecbc24ed092bef5f2aa920a76769dcb Author: Werner Koch Date: Wed Jun 25 08:29:32 2014 +0200 Add missing prototype for build tool. * src/gen-posix-lock-obj.c: Include string.h. -- string.h is required for strerror (). diff --git a/src/gen-posix-lock-obj.c b/src/gen-posix-lock-obj.c index de2c8bc..df732c3 100644 --- a/src/gen-posix-lock-obj.c +++ b/src/gen-posix-lock-obj.c @@ -26,6 +26,7 @@ #endif #include +#include #include #include #include ----------------------------------------------------------------------- Summary of changes: src/gen-posix-lock-obj.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 25 09:19:44 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 25 Jun 2014 09:19:44 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-18-gf171fd2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f171fd226e84311f92545ca0494771db07ba777d (commit) from 74c7ab5fa636c7721dd7529d5bbfce70a47e5550 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f171fd226e84311f92545ca0494771db07ba777d Author: Werner Koch Date: Tue Jun 24 09:13:38 2014 +0200 gpg: Allow key-to-card upload for cert-only keys * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0. -- Suggested-by: Dominik Heidler diff --git a/g10/card-util.c b/g10/card-util.c index 411a4d4..84752eb 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1570,7 +1570,7 @@ card_store_subkey (KBNODE node, int use) goto leave; } - allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG))); + allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT))); allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC))); allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))); ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 25 11:46:45 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 25 Jun 2014 11:46:45 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-20-gb5f95c1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b5f95c1b566f9530127f3f34e10d120a951cf428 (commit) via f149e05427a370f5985bc3fb142370b043f19924 (commit) from f171fd226e84311f92545ca0494771db07ba777d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b5f95c1b566f9530127f3f34e10d120a951cf428 Author: Werner Koch Date: Wed Jun 25 11:15:45 2014 +0200 doc: Improve the rendering of the manual diff --git a/artwork/gnupg-logo-420x135tr.png b/artwork/gnupg-logo-420x135tr.png new file mode 100644 index 0000000..a1556df Binary files /dev/null and b/artwork/gnupg-logo-420x135tr.png differ diff --git a/doc/debugging.texi b/doc/debugging.texi index c83ab1e..f26d1aa 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -177,10 +177,13 @@ you created the signing request. By running the command you get a listing of all private keys under control of @command{gpg-agent}. Pick the key which best matches the creation time and run the command - + + at cartouche @smallexample - /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12 + /usr/local/libexec/gpg-protect-tool --p12-export \ + ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12 @end smallexample + at end cartouche (Please adjust the path to @command{gpg-protect-tool} to the appropriate location). @var{foo} is the name of the key file you picked (it should @@ -188,11 +191,13 @@ have the suffix @file{.key}). A Pinentry box will pop up and ask you for the current passphrase of the key and a new passphrase to protect it in the pkcs#12 file. -To import the created file on the machine you use this command: +To import the created file on the machine you use this command: + at cartouche @smallexample /usr/local/libexec/gpg-protect-tool --p12-import --store @var{foo}.p12 @end smallexample + at end cartouche You will be asked for the pkcs#12 passphrase and a new passphrase to protect the imported private key at its new location. @@ -230,7 +235,7 @@ gpg: fatal: WriteConsole failed: Access denied @end smallexample @noindent -The solution is to use the command @command{wineconsole}. +The solution is to use the command @command{wineconsole}. Some operations like gen-key really want to talk to the console directly for increased security (for example to prevent the passphrase from diff --git a/doc/gnupg-logo.pdf b/doc/gnupg-logo.pdf deleted file mode 100644 index 84a3470..0000000 Binary files a/doc/gnupg-logo.pdf and /dev/null differ diff --git a/doc/gnupg-logo.png b/doc/gnupg-logo.png index 73cf00a..a1556df 100644 Binary files a/doc/gnupg-logo.png and b/doc/gnupg-logo.png differ diff --git a/doc/gnupg.texi b/doc/gnupg.texi index 1f0682b..875b8e4 100644 --- a/doc/gnupg.texi +++ b/doc/gnupg.texi @@ -29,12 +29,13 @@ This is the @cite{The GNU Privacy Guard Manual} (version @value{VERSION}, @value{UPDATED-MONTH}). @iftex -Published by the Free Software Foundation@* -51 Franklin St, Fifth Floor@* -Boston, MA 02110-1301 USA +Published by The GnuPG Project@* + at url{https://gnupg.org}@* +(or @url{http://ic6au7wa3f6naxjq.onion}) @end iftex -Copyright @copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc. + at copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.@* + at copyright{} 2013, 2014 Werner Koch. @quotation Permission is granted to copy, distribute and/or modify this document @@ -92,11 +93,11 @@ section entitled ``Copying''. @sp 3 - at image{gnupg-logo,16cm,,The GnuPG Logo} + at image{gnupg-logo,,,The GnuPG Logo} @sp 3 - at author Werner Koch (@email{wk@@gnupg.org}) + at author The GnuPG Project (@url{https://gnupg.org}) @page @vskip 0pt plus 1filll diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index c3dfd82..b42d353 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -597,7 +597,8 @@ agent. By default they may all be found in the current home directory Here is an example where two keys are marked as ultimately trusted and one as not trusted: - @example + @cartouche + @smallexample # CN=Wurzel ZS 3,O=Intevation GmbH,C=DE A6935DD34EF3087973C706FC311AA2CCF733765B S @@ -606,7 +607,8 @@ agent. By default they may all be found in the current home directory # CN=Root-CA/O=Schlapphuete/L=Pullach/C=DE !14:56:98:D3:FE:9C:CA:5A:31:6E:BC:81:D3:11:4E:00:90:A3:44:C2 S - @end example + @end smallexample + @end cartouche Before entering a key into this file, you need to ensure its authenticity. How to do this depends on your organisation; your @@ -669,11 +671,13 @@ The following example lists exactly one key. Note that keys available through a OpenPGP smartcard in the active smartcard reader are implicitly added to this list; i.e. there is no need to list them. - @example + @cartouche + @smallexample # Key added on: 2011-07-20 20:38:46 # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm - @end example + @end smallexample + @end cartouche @item private-keys-v1.d/ @@ -892,8 +896,8 @@ If the decryption was successful the decrypted data is returned by means of "D" lines. Here is an example session: - - at example + at cartouche + at smallexample C: PKDECRYPT S: INQUIRE CIPHERTEXT C: D (enc-val elg (a 349324324) @@ -903,7 +907,8 @@ Here is an example session: S: S PADDING 0 S: D (value 1234567890ABCDEF0) S: OK descryption successful - at end example + at end smallexample + at end cartouche The ?PADDING? status line is only send if gpg-agent can tell what kind of padding is used. As of now only the value 0 is used to indicate @@ -937,10 +942,15 @@ must be given. Valid names for are: @table @code @item sha1 +The SHA-1 hash algorithm @item sha256 +The SHA-256 hash algorithm @item rmd160 +The RIPE-MD160 hash algorithm @item md5 +The old and broken MD5 hash algorithm @item tls-md5sha1 +A combined hash algorithm as used by the TLS protocol. @end table @noindent @@ -977,8 +987,8 @@ caching. Here is an example session: - - at example + at cartouche + at smallexample C: SIGKEY S: OK key available C: SIGKEY @@ -992,8 +1002,8 @@ Here is an example session: S: # signature follows S: D (sig-val rsa (s 45435453654612121212)) S: OK - at end example - + at end smallexample + at end cartouche @node Agent GENKEY @subsection Generating a Key @@ -1043,8 +1053,8 @@ like S-Expression like this: @end example Here is an example session: - - at example + at cartouche + at smallexample C: GENKEY S: INQUIRE KEYPARM C: D (genkey (rsa (nbits 1024))) @@ -1052,7 +1062,8 @@ Here is an example session: S: D (public-key S: D (rsa (n 326487324683264) (e 10001))) S OK key created - at end example + at end smallexample + at end cartouche @ifset gpgtwoone The @option{--no-protection} option may be used to prevent prompting for a @@ -1170,7 +1181,9 @@ special handling of passphrases. This command uses a syntax which helps clients to use the agent with minimum effort. @example - GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--qualitybar] @var{cache_id} [@var{error_message} @var{prompt} @var{description}] + GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] \ + [--qualitybar] @var{cache_id} \ + [@var{error_message} @var{prompt} @var{description}] @end example @var{cache_id} is expected to be a string used to identify a cached diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 1a4b6d7..861c898 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -178,7 +178,8 @@ show memory statistics. @item 9 (512) write hashed data to files named @code{dbgmd-000*} @item 10 (1024) -trace Assuan protocol. See also option @option{--debug-assuan-log-cats}. +trace Assuan protocol. +See also option @option{--debug-assuan-log-cats}. @item 11 (2048) trace APDU I/O to the card. This may reveal sensitive data. @item 12 (4096) @@ -268,10 +269,12 @@ a list of available readers. The default is then the first reader found. To get a list of available CCID readers you may use this command: + at cartouche @smallexample -echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ @{print $2@}' + echo scd getinfo reader_list \ + | gpg-connect-agent --decode | awk '/^D/ @{print $2@}' @end smallexample - + at end cartouche @item --card-timeout @var{n} @opindex card-timeout @@ -347,8 +350,9 @@ This application is currently only used by @command{gpg} but may in future also be useful with @command{gpgsm}. Version 1 and version 2 of the card is supported. -The specifications for these cards are available at - at uref{http://g10code.com/docs/openpgp-card-1.0.pdf} and + at noindent +The specifications for these cards are available at@* + at uref{http://g10code.com/docs/openpgp-card-1.0.pdf} and@* @uref{http://g10code.com/docs/openpgp-card-2.0.pdf}. @node NKS Card commit f149e05427a370f5985bc3fb142370b043f19924 Author: Werner Koch Date: Tue Jun 3 13:34:24 2014 +0200 doc: Update for modern makeinfo. * doc/texi.css: Remove. * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref. diff --git a/doc/Makefile.am b/doc/Makefile.am index 4d6d475..43d69cd 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -34,7 +34,7 @@ EXTRA_DIST = samplekeys.asc mksamplekeys \ gnupg-card-architecture.pdf \ FAQ gnupg7.texi \ opt-homedir.texi see-also-note.texi specify-user-id.texi \ - gpgv.texi texi.css yat2m.c ChangeLog-2011 + gpgv.texi yat2m.c ChangeLog-2011 BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \ gnupg-card-architecture.pdf @@ -57,7 +57,7 @@ gnupg_TEXINFOS = \ DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips -AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css -D gpgtwoone +AM_MAKEINFOFLAGS = -I $(srcdir) --css-ref=/share/site.css -D gpgtwoone YAT2M_OPTIONS = -I $(srcdir) -D gpgtwoone \ --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard" @@ -130,15 +130,15 @@ online: gnupg.html gnupg.pdf set -e; \ echo "Uploading current manuals to www.gnupg.org ..."; \ cp $(srcdir)/gnupg-logo-tr.png gnupg.html/; \ - user=werner ; dashdevel="" ; \ + user=werner ; webhost="ftp.gnupg.org" ; dashdevel="" ; \ if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \ dashdevel="-devel" ; \ else \ - rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \ + rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/ ; \ fi ; \ cd gnupg.html ; \ - rsync -vr --exclude='.svn' . \ - $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/ + rsync -vr --exclude='.git' . \ + $${user}@$${webhost}:webspace/manuals/gnupg$${dashdevel}/ # Note that you need a recent version of emacs23 with org-mode 7.01h faq.txt faq.html: faq.org @@ -155,8 +155,8 @@ faq.txt faq.html: faq.org faq-online: faq.txt faq.html set -e; \ - user=werner ; \ + user=werner ; webhost="ftp.gnupg.org" ; ftphost="ftp.gnupg.org" ; \ echo "Uploading current FAQ to {www,ftp}.gnupg.org ..."; \ - scp faq.html $${user}@ftp.gnupg.org:webspace/manuals/GnuPG-FAQ.html ; \ - scp faq.txt $${user}@ftp.gnupg.org:gcrypt/gnupg/GnuPG-FAQ.txt ; \ + scp faq.html $${user}@$${webhost}:webspace/manuals/GnuPG-FAQ.html ; \ + scp faq.txt $${user}@$${ftphost}:gcrypt/gnupg/GnuPG-FAQ.txt ; \ echo "...ready" diff --git a/doc/gpg.texi b/doc/gpg.texi index 9a6782a..9c52282 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2330,12 +2330,17 @@ a message that PGP 2.x will not be able to handle. Note that `PGP 2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x available, but the MIT release is a good common baseline. -This option implies @option{--rfc1991 --disable-mdc ---no-force-v4-certs --escape-from-lines --force-v3-sigs +This option implies + at ifset gpgone + at option{--rfc1991 --disable-mdc --no-force-v4-certs + --escape-from-lines --force-v3-sigs + --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. + at end ifset @ifclear gpgone ---allow-weak-digest-algos + at option{--rfc1991 --disable-mdc --no-force-v4-certs + --escape-from-lines --force-v3-sigs --allow-weak-digest-algos + --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. @end ifclear ---cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables @option{--textmode} when encrypting. @item --pgp6 ----------------------------------------------------------------------- Summary of changes: artwork/gnupg-logo-420x135tr.png | Bin 0 -> 14471 bytes doc/Makefile.am | 18 ++++++++-------- doc/debugging.texi | 13 ++++++++---- doc/gnupg-logo.pdf | Bin 11736 -> 0 bytes doc/gnupg-logo.png | Bin 8988 -> 14471 bytes doc/gnupg.texi | 13 ++++++------ doc/gpg-agent.texi | 43 +++++++++++++++++++++++++------------- doc/gpg.texi | 13 ++++++++---- doc/scdaemon.texi | 14 ++++++++----- 9 files changed, 71 insertions(+), 43 deletions(-) create mode 100644 artwork/gnupg-logo-420x135tr.png delete mode 100644 doc/gnupg-logo.pdf hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jun 25 17:21:17 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 25 Jun 2014 17:21:17 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.24-4-g045c979 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 045c979a7673112bdb4e04f1bc7d3d4afbc775f8 (commit) via 044847a0e2013a2833605c1a9f80cfa6ef353309 (commit) via 616126530f92ab31abcbf3fad9a34532e378355d (commit) from 6aa0464db9785a5f9d63b3ff826500b4e2dd7c0e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 045c979a7673112bdb4e04f1bc7d3d4afbc775f8 Author: Werner Koch Date: Wed Jun 25 17:16:40 2014 +0200 agent: Let gpg-protect-tool pass envvars to pinentry. * agent/protect-tool.c (opt_session_env): New. (main): Pass session environment object to gnupg_prepare_get_passphrase. -- GnuPG-bug-id: 1402 The full story can be found at https://bugzilla.redhat.com/show_bug.cgi?id=548528 Sorry for the delay. diff --git a/agent/protect-tool.c b/agent/protect-tool.c index dc040f9..aff0abd 100644 --- a/agent/protect-tool.c +++ b/agent/protect-tool.c @@ -47,8 +47,8 @@ #include "estream.h" -enum cmd_and_opt_values -{ +enum cmd_and_opt_values +{ aNull = 0, oVerbose = 'v', oArmor = 'a', @@ -56,7 +56,7 @@ enum cmd_and_opt_values oProtect = 'p', oUnprotect = 'u', - + oNoVerbose = 500, oShadow, oShowShadowInfo, @@ -73,13 +73,13 @@ enum cmd_and_opt_values oNoFailOnExist, oHomedir, oPrompt, - oStatusMsg, + oStatusMsg, oAgentProgram }; -struct rsa_secret_key_s +struct rsa_secret_key_s { gcry_mpi_t n; /* public modulus */ gcry_mpi_t e; /* public exponent */ @@ -101,7 +101,8 @@ static const char *opt_passphrase; static char *opt_prompt; static int opt_status_msg; static const char *opt_p12_charset; -static const char *opt_agent_program; +static const char *opt_agent_program; +static session_env_t opt_session_env; static char *get_passphrase (int promptno); static void release_passphrase (char *pw); @@ -117,13 +118,13 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (oShadow, "shadow", "create a shadow entry for a public key"), ARGPARSE_c (oShowShadowInfo, "show-shadow-info", "return the shadow info"), ARGPARSE_c (oShowKeygrip, "show-keygrip", "show the \"keygrip\""), - ARGPARSE_c (oP12Import, "p12-import", + ARGPARSE_c (oP12Import, "p12-import", "import a pkcs#12 encoded private key"), ARGPARSE_c (oP12Export, "p12-export", "export a private key pkcs#12 encoded"), ARGPARSE_c (oS2Kcalibration, "s2k-calibration", "@"), - + ARGPARSE_group (301, N_("@\nOptions:\n ")), ARGPARSE_s_n (oVerbose, "verbose", "verbose"), @@ -135,14 +136,14 @@ static ARGPARSE_OPTS opts[] = { "|NAME|set charset for a new PKCS#12 passphrase to NAME"), ARGPARSE_s_n (oHaveCert, "have-cert", "certificate to export provided on STDIN"), - ARGPARSE_s_n (oStore, "store", + ARGPARSE_s_n (oStore, "store", "store the created key in the appropriate place"), - ARGPARSE_s_n (oForce, "force", + ARGPARSE_s_n (oForce, "force", "force overwriting"), ARGPARSE_s_n (oNoFailOnExist, "no-fail-on-exist", "@"), - ARGPARSE_s_s (oHomedir, "homedir", "@"), - ARGPARSE_s_s (oPrompt, "prompt", - "|ESCSTRING|use ESCSTRING as prompt in pinentry"), + ARGPARSE_s_s (oHomedir, "homedir", "@"), + ARGPARSE_s_s (oPrompt, "prompt", + "|ESCSTRING|use ESCSTRING as prompt in pinentry"), ARGPARSE_s_n (oStatusMsg, "enable-status-msg", "@"), ARGPARSE_s_s (oAgentProgram, "agent-program", "@"), @@ -168,7 +169,7 @@ my_strusage (int level) case 41: p = _("Syntax: gpg-protect-tool [options] [args]\n" "Secret key maintenance tool\n"); break; - + default: p = NULL; } return p; @@ -249,7 +250,7 @@ read_file (const char *fname, size_t *r_length) FILE *fp; char *buf; size_t buflen; - + if (!strcmp (fname, "-")) { size_t nread, bufsize = 0; @@ -261,7 +262,7 @@ read_file (const char *fname, size_t *r_length) buf = NULL; buflen = 0; #define NCHUNK 8192 - do + do { bufsize += NCHUNK; if (!buf) @@ -292,14 +293,14 @@ read_file (const char *fname, size_t *r_length) log_error ("can't open `%s': %s\n", fname, strerror (errno)); return NULL; } - + if (fstat (fileno(fp), &st)) { log_error ("can't stat `%s': %s\n", fname, strerror (errno)); fclose (fp); return NULL; } - + buflen = st.st_size; buf = xmalloc (buflen+1); if (fread (buf, buflen, 1, fp) != 1) @@ -323,7 +324,7 @@ read_key (const char *fname) char *buf; size_t buflen; unsigned char *key; - + buf = read_file (fname, &buflen); if (!buf) return NULL; @@ -342,7 +343,7 @@ read_and_protect (const char *fname) unsigned char *result; size_t resultlen; char *pw; - + key = read_key (fname); if (!key) return; @@ -356,7 +357,7 @@ read_and_protect (const char *fname) log_error ("protecting the key failed: %s\n", gpg_strerror (rc)); return; } - + if (opt_armor) { char *p = make_advanced (result, resultlen); @@ -386,7 +387,7 @@ read_and_unprotect (const char *fname) if (!key) return; - rc = agent_unprotect (key, (pw=get_passphrase (1)), + rc = agent_unprotect (key, (pw=get_passphrase (1)), protected_at, &result, &resultlen); release_passphrase (pw); xfree (key); @@ -427,7 +428,7 @@ read_and_shadow (const char *fname) unsigned char *result; size_t resultlen; unsigned char dummy_info[] = "(8:313233342:43)"; - + key = read_key (fname); if (!key) return; @@ -441,7 +442,7 @@ read_and_shadow (const char *fname) } resultlen = gcry_sexp_canon_len (result, 0, NULL,NULL); assert (resultlen); - + if (opt_armor) { char *p = make_advanced (result, resultlen); @@ -463,7 +464,7 @@ show_shadow_info (const char *fname) unsigned char *key; const unsigned char *info; size_t infolen; - + key = read_key (fname); if (!key) return; @@ -477,7 +478,7 @@ show_shadow_info (const char *fname) } infolen = gcry_sexp_canon_len (info, 0, NULL,NULL); assert (infolen); - + if (opt_armor) { char *p = make_advanced (info, infolen); @@ -497,14 +498,14 @@ show_file (const char *fname) unsigned char *key; size_t keylen; char *p; - + key = read_key (fname); if (!key) return; keylen = gcry_sexp_canon_len (key, 0, NULL,NULL); assert (keylen); - + if (opt_canonical) { fwrite (key, keylen, 1, stdout); @@ -528,7 +529,7 @@ show_keygrip (const char *fname) gcry_sexp_t private; unsigned char grip[20]; int i; - + key = read_key (fname); if (!key) return; @@ -537,7 +538,7 @@ show_keygrip (const char *fname) { log_error ("gcry_sexp_new failed\n"); return; - } + } xfree (key); if (!gcry_pk_get_keygrip (private, grip)) @@ -672,7 +673,7 @@ import_p12_file (const char *fname) char *pw; /* fixme: we should release some stuff on error */ - + buf = read_file (fname, &buflen); if (!buf) return; @@ -776,7 +777,7 @@ import_p12_file (const char *fname) log_error ("protecting the key failed: %s\n", gpg_strerror (rc)); return; } - + if (opt_armor) { char *p = make_advanced (result, resultlen); @@ -810,7 +811,7 @@ sexp_to_kparms (gcry_sexp_t sexp) list = gcry_sexp_find_token (sexp, "private-key", 0 ); if(!list) - return NULL; + return NULL; l2 = gcry_sexp_cadr (list); gcry_sexp_release (list); list = l2; @@ -824,7 +825,7 @@ sexp_to_kparms (gcry_sexp_t sexp) /* Parameter names used with RSA. */ elems = "nedpqu"; array = xcalloc (strlen(elems) + 1, sizeof *array); - for (idx=0, s=elems; *s; s++, idx++ ) + for (idx=0, s=elems; *s; s++, idx++ ) { l2 = gcry_sexp_find_token (list, s, 1); if (!l2) @@ -846,7 +847,7 @@ sexp_to_kparms (gcry_sexp_t sexp) return NULL; /* required parameter is invalid */ } } - + gcry_sexp_release (list); return array; } @@ -859,9 +860,9 @@ is_keygrip (const char *string) { int i; - for(i=0; string[i] && i < 41; i++) + for(i=0; string[i] && i < 41; i++) if (!strchr("01234567890ABCDEF", string[i])) - return 0; + return 0; return i == 40; } @@ -886,7 +887,7 @@ export_p12_file (const char *fname) { char hexgrip[40+4+1]; char *p; - + assert (strlen(fname) == 40); strcpy (stpcpy (hexgrip, fname), ".key"); @@ -960,7 +961,7 @@ export_p12_file (const char *fname) xfree (key); xfree (cert); return; - } + } wipememory (key, keylen_for_wipe); xfree (key); @@ -971,7 +972,7 @@ export_p12_file (const char *fname) log_error ("error converting key parameters\n"); xfree (cert); return; - } + } sk.n = kp[0]; sk.e = kp[1]; sk.d = kp[2]; @@ -980,7 +981,7 @@ export_p12_file (const char *fname) sk.u = kp[5]; xfree (kp); - + kparms[0] = sk.n; kparms[1] = sk.e; kparms[2] = sk.d; @@ -988,10 +989,10 @@ export_p12_file (const char *fname) kparms[4] = sk.p; kparms[5] = gcry_mpi_snew (0); /* compute d mod (p-1) */ gcry_mpi_sub_ui (kparms[5], kparms[3], 1); - gcry_mpi_mod (kparms[5], sk.d, kparms[5]); + gcry_mpi_mod (kparms[5], sk.d, kparms[5]); kparms[6] = gcry_mpi_snew (0); /* compute d mod (q-1) */ gcry_mpi_sub_ui (kparms[6], kparms[4], 1); - gcry_mpi_mod (kparms[6], sk.d, kparms[6]); + gcry_mpi_mod (kparms[6], sk.d, kparms[6]); kparms[7] = sk.u; kparms[8] = NULL; @@ -1003,7 +1004,7 @@ export_p12_file (const char *fname) gcry_mpi_release (kparms[i]); if (!key) return; - + #ifdef HAVE_DOSISH_SYSTEM setmode ( fileno (stdout) , O_BINARY ); #endif @@ -1022,7 +1023,7 @@ main (int argc, char **argv ) set_strusage (my_strusage); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); - log_set_prefix ("gpg-protect-tool", 1); + log_set_prefix ("gpg-protect-tool", 1); /* Make sure that our subsystems are ready. */ i18n_init (); @@ -1040,6 +1041,7 @@ main (int argc, char **argv ) opt_homedir = default_homedir (); + opt_session_env = session_env_new (); pargs.argc = &argc; pargs.argv = &argv; @@ -1073,7 +1075,7 @@ main (int argc, char **argv ) case oHaveCert: opt_have_cert = 1; break; case oPrompt: opt_prompt = pargs.r.ret_str; break; case oStatusMsg: opt_status_msg = 1; break; - + default: pargs.err = ARGPARSE_PRINT_ERROR; break; } } @@ -1091,7 +1093,7 @@ main (int argc, char **argv ) opt.verbose, opt_homedir, opt_agent_program, - NULL, NULL, NULL); + NULL, NULL, opt_session_env); if (opt_prompt) opt_prompt = percent_plus_unescape (opt_prompt, 0); @@ -1127,6 +1129,8 @@ void agent_exit (int rc) { rc = rc? rc : log_get_errorcount(0)? 2 : 0; + session_env_release (opt_session_env); + opt_session_env = NULL; exit (rc); } @@ -1147,7 +1151,7 @@ get_passphrase (int promptno) const char *desc; char *orig_codeset; int repeat = 0; - + if (opt_passphrase) return xstrdup (opt_passphrase); @@ -1214,7 +1218,7 @@ store_private_key (const unsigned char *grip, char *fname; estream_t fp; char hexgrip[40+4+1]; - + bin2hex (grip, 20, hexgrip); strcpy (hexgrip+40, ".key"); @@ -1236,11 +1240,11 @@ store_private_key (const unsigned char *grip, } /* FWIW: Under Windows Vista the standard fopen in the msvcrt fails if the "x" GNU extension is used. */ - fp = es_fopen (fname, "wbx"); + fp = es_fopen (fname, "wbx"); } - if (!fp) - { + if (!fp) + { log_error ("can't create `%s': %s\n", fname, strerror (errno)); xfree (fname); return -1; commit 044847a0e2013a2833605c1a9f80cfa6ef353309 Author: Werner Koch Date: Wed Jun 25 14:33:34 2014 +0200 gpg: Make screening of keyserver result work with multi-key commands. * g10/keyserver.c (ks_retrieval_filter_arg_s): new. (keyserver_retrieval_filter): Use new struct and check all descriptions. (keyserver_spawn): Pass filter arg suing the new struct. -- This is a fix for commit 5e933008. The old code did only work for a single key. It failed as soon as several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A B C"). diff --git a/g10/keyserver.c b/g10/keyserver.c index 83a4b95..aa41536 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -982,13 +982,25 @@ direct_uri_map(const char *scheme,unsigned int is_direct) #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" +/* Structure to convey the arg to keyserver_retrieval_filter. */ +struct ks_retrieval_filter_arg_s +{ + KEYDB_SEARCH_DESC *desc; + int ndesc; +}; + + /* Check whether a key matches the search description. The filter returns 0 if the key shall be imported. Note that this kind of filter is not related to the iobuf filters. */ static int -keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) +keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, + void *opaque) { - KEYDB_SEARCH_DESC *desc = arg; + struct ks_retrieval_filter_arg_s *arg = opaque; + KEYDB_SEARCH_DESC *desc = arg->desc; + int ndesc = arg->ndesc; + int n; u32 keyid[2]; byte fpr[MAX_FINGERPRINT_LEN]; size_t fpr_len = 0; @@ -997,32 +1009,40 @@ keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) if (sk) return G10ERR_GENERAL; + if (!ndesc) + return 0; /* Okay if no description given. */ + fingerprint_from_pk (pk, fpr, &fpr_len); keyid_from_pk (pk, keyid); /* Compare requested and returned fingerprints if available. */ - if (desc->mode == KEYDB_SEARCH_MODE_FPR20) - { - if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20)) - return G10ERR_GENERAL; - } - else if (desc->mode == KEYDB_SEARCH_MODE_FPR16) - { - if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16)) - return G10ERR_GENERAL; - } - else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID) - { - if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1]) - return G10ERR_GENERAL; - } - else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID) + for (n = 0; n < ndesc; n++) { - if (keyid[1] != desc->u.kid[1]) - return G10ERR_GENERAL; + if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20) + { + if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20)) + return 0; + } + else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16) + { + if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16)) + return 0; + } + else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) + { + if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1]) + return 0; + } + else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) + { + if (keyid[1] == desc[n].u.kid[1]) + return 0; + } + else + return 0; } - return 0; + return G10ERR_GENERAL; } @@ -1535,6 +1555,7 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, case KS_GETNAME: { void *stats_handle; + struct ks_retrieval_filter_arg_s filterarg; stats_handle=import_new_stats_handle(); @@ -1547,11 +1568,12 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, that we don't allow the import of secret keys from a keyserver. Keyservers should never accept or send them but we better protect against rogue keyservers. */ - + filterarg.desc = desc; + filterarg.ndesc = count; import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len, (opt.keyserver_options.import_options | IMPORT_NO_SECKEY), - keyserver_retrieval_filter, desc); + keyserver_retrieval_filter, &filterarg); import_print_stats(stats_handle); import_release_stats_handle(stats_handle); commit 616126530f92ab31abcbf3fad9a34532e378355d Author: Werner Koch Date: Tue Jun 24 20:12:26 2014 +0200 Add CVE number -- diff --git a/NEWS b/NEWS index 3800c35..cffc774 100644 --- a/NEWS +++ b/NEWS @@ -4,7 +4,7 @@ Noteworthy changes in version 2.0.25 (unreleased) Noteworthy changes in version 2.0.24 (2014-06-24) ------------------------------------------------- - * gpg: Avoid DoS due to garbled compressed data packets. + * gpg: Avoid DoS due to garbled compressed data packets. [CVE-2014-4617] * gpg: Screen keyserver responses to avoid importing unwanted keys from rogue servers. diff --git a/announce.txt b/announce.txt index f4d046d..61c6ee2 100644 --- a/announce.txt +++ b/announce.txt @@ -5,8 +5,9 @@ Mail-Followup-To: gnupg-users at gnupg.org Hello! We are pleased to announce the availability of a new stable GnuPG-2 -release: Version 2.0.23. This is a maintenace release with a few -new features. +release: Version 2.0.24. This release includes a *security fix* to +stop a possible DoS using garbled compressed data packets which can +be used to put gpg into an infinite loop. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital @@ -15,7 +16,7 @@ framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. -GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.14) in +GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.17) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as @@ -30,59 +31,50 @@ GnuPG is distributed under the terms of the GNU General Public License also available for other Unices, Microsoft Windows and Mac OS X. -What's New in 2.0.23 +What's New in 2.0.24 ==================== - * gpg: Reject signatures made using the MD5 hash algorithm unless the - new option --allow-weak-digest-algos or --pgp2 are given. + * gpg: Avoid DoS due to garbled compressed data packets. - * gpg: Do not create a trustdb file if --trust-model=always is used. + * gpg: Screen keyserver responses to avoid importing unwanted keys + from rogue servers. - * gpg: Only the major version number is by default included in the - armored output. + * gpg: The validity of user ids is now shown by default. To revert + this add "list-options no-show-uid-validity" to gpg.conf. - * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the - communication with the gpg-agent. + * gpg: Print more specific reason codes with the INV_RECP status. - * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more - aligned to the regular key listing ("gpg -k"). + * gpg: Allow loading of a cert only key to an OpenPGP card. - * gpg: The option--show-session-key prints its output now before the - decryption of the bulk message starts. - - * gpg: New %U expando for the photo viewer. - - * gpgsm: Improved handling of re-issued CA certificates. - - * scdaemon: Various fixes for pinpad equipped card readers. + * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6. * Minor bug fixes. - Getting the Software ==================== Please follow the instructions found at https://www.gnupg.org/download/ or read on: -GnuPG 2.0.23 may be downloaded from one of the GnuPG mirror sites or +GnuPG 2.0.24 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at https://www.gnupg.org/mirrors.html . Note that GnuPG is not available at ftp.gnu.org. -On the FTP server and its mirrors you should find the following files -in the gnupg/ directory: +On ftp.gnupg.org and on its mirrors you should find the following new +files in the gnupg/ directory: - gnupg-2.0.23.tar.bz2 (4196k) - gnupg-2.0.23.tar.bz2.sig + - The GnuPG-2 source code compressed using BZIP2 and its OpenPGP + signature: - GnuPG source compressed using BZIP2 and its OpenPGP signature. + gnupg-2.0.24.tar.bz2 (4201k) + gnupg-2.0.24.tar.bz2.sig - gnupg-2.0.22-2.0.23.diff.bz2 (53k) + - A patch file to upgrade a 2.0.23 GnuPG source tree. This patch does + not include updates of the language files. - A patch file to upgrade a 2.0.22 GnuPG source tree. This patch - does not include updates of the language files. + gnupg-2.0.23-2.0.24.diff.bz2 (20k) Note, that we don't distribute gzip compressed tarballs for GnuPG-2. A Windows version will eventually be released at https://gpg4win.org . @@ -97,9 +89,9 @@ the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the - signature of the file gnupg-2.0.23.tar.bz2 you would use this command: + signature of the file gnupg-2.0.24.tar.bz2 you would use this command: - gpg --verify gnupg-2.0.23.tar.bz2.sig + gpg --verify gnupg-2.0.24.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and @@ -122,15 +114,15 @@ the following ways: * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file - gnupg-2.0.23.tar.bz2, you would run the sha1sum command like this: + gnupg-2.0.24.tar.bz2, you would run the sha1sum command like this: - sha1sum gnupg-2.0.23.tar.bz2 + sha1sum gnupg-2.0.24.tar.bz2 and check that the output matches the first line from the following list: -c90e47ab95a40dd070fd75faef0a05c7b679553b gnupg-2.0.23.tar.bz2 -e02cfab2bc046f9fac89eef098c34f58b5745d20 gnupg-2.0.22-2.0.23.diff.bz2 +010e027d5f622778cadc4c124013fe515ed705cf gnupg-2.0.24.tar.bz2 +594d7f91ba4fc215345f18afee46c4aa9f2b3303 gnupg-2.0.23-2.0.24.diff.bz2 Documentation @@ -176,11 +168,6 @@ GnuPG and related software takes up most of their resources. To allow him to continue this work he kindly asks to either purchase a support contract, engage g10 Code for custom enhancements, or to donate money: -Maintaining and improving GnuPG is costly. For more than a decade, -g10 Code GmbH, a German company owned and headed by GnuPG's principal -author Werner Koch, is bearing the majority of these costs. To help -them carry on this work, they need your support. See - https://gnupg.org/donate/ ----------------------------------------------------------------------- Summary of changes: NEWS | 2 +- agent/protect-tool.c | 108 ++++++++++++++++++++++++++------------------------ announce.txt | 71 ++++++++++++++------------------- g10/keyserver.c | 68 ++++++++++++++++++++----------- 4 files changed, 131 insertions(+), 118 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 26 15:47:28 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Jun 2014 15:47:28 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.0-5-g68116fa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 68116fa5f67238a60bb8be375cc959262fa021d3 (commit) via efaf42205c5578c45bd1249cf777d893623eae35 (commit) from 86260b47c9e306e325103d1af767842357647e60 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 68116fa5f67238a60bb8be375cc959262fa021d3 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 w32: Get IOSPAWN flag back in sync with spawn helper. * src/gpgme-w32spawn.c: Include priv-io.h. diff --git a/src/gpgme-w32spawn.c b/src/gpgme-w32spawn.c index 8a4ab54..b510ba3 100644 --- a/src/gpgme-w32spawn.c +++ b/src/gpgme-w32spawn.c @@ -36,10 +36,8 @@ #endif #include #include -#include -/* Flag values as used by gpgme. */ -#define IOSPAWN_FLAG_ALLOW_SET_FG 1 +#include "priv-io.h" /* Name of this program. */ @@ -47,15 +45,6 @@ -struct spawn_fd_item_s -{ - int handle; - int dup_to; - int peer_name; - int arg_loc; -}; - - static char * build_commandline (char **argv) { @@ -160,7 +149,7 @@ my_spawn (char **argv, struct spawn_fd_item_s *fd_list, unsigned int flags) fprintf (stderr, PGM": spawning: %s\n", arg_string); - for (i = 0; fd_list[i].handle != -1; i++) + for (i = 0; fd_list[i].fd != -1; i++) { /* The handle already is inheritable. */ if (fd_list[i].dup_to == 0) @@ -240,8 +229,8 @@ my_spawn (char **argv, struct spawn_fd_item_s *fd_list, unsigned int flags) if (hnul != INVALID_HANDLE_VALUE) CloseHandle (hnul); - for (i = 0; fd_list[i].handle != -1; i++) - CloseHandle ((HANDLE) fd_list[i].handle); + for (i = 0; fd_list[i].fd != -1; i++) + CloseHandle ((HANDLE) fd_list[i].fd); if (flags & IOSPAWN_FLAG_ALLOW_SET_FG) { @@ -379,12 +368,12 @@ translate_get_from_file (const char *trans_file, break; linep = tail; - fd_list[idx].handle = from; + fd_list[idx].fd = from; fd_list[idx].dup_to = dup_to; fd_list[idx].peer_name = to; fd_list[idx].arg_loc = loc; } - fd_list[idx].handle = -1; + fd_list[idx].fd = -1; fd_list[idx].dup_to = -1; fd_list[idx].peer_name = -1; fd_list[idx].arg_loc = 0; @@ -420,7 +409,7 @@ translate_handles (const char *trans_file, const char * const *argv, args[idx] = NULL; n_args = idx; - for (idx = 0; fd_list[idx].handle != -1; idx++) + for (idx = 0; fd_list[idx].fd != -1; idx++) { char buf[25]; int aidx; diff --git a/src/priv-io.h b/src/priv-io.h index 583f06a..2306175 100644 --- a/src/priv-io.h +++ b/src/priv-io.h @@ -26,6 +26,7 @@ # ifdef HAVE_W32CE_SYSTEM # include "w32-ce.h" # endif +# include # include #else # include commit efaf42205c5578c45bd1249cf777d893623eae35 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 w32: Add comment about a compiler warning -- diff --git a/src/assuan-support.c b/src/assuan-support.c index 0a11d9f..745d2aa 100644 --- a/src/assuan-support.c +++ b/src/assuan-support.c @@ -238,6 +238,12 @@ my_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, } +/* Note for Windows: Ignore the incompatible pointer type warning for + my_read and my_write. Mingw has been changed to use int for + ssize_t on 32 bit systems while we use long. For 64 bit we use + int64_t while mingw uses __int64_t. It doe not matter at all + because under Windows long and int are both 32 bit even on 64 + bit. */ struct assuan_system_hooks _gpgme_assuan_system_hooks = { ASSUAN_SYSTEM_HOOKS_VERSION, ----------------------------------------------------------------------- Summary of changes: src/assuan-support.c | 6 ++++++ src/gpgme-w32spawn.c | 25 +++++++------------------ src/priv-io.h | 1 + 3 files changed, 14 insertions(+), 18 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 26 17:37:51 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Jun 2014 17:37:51 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-25-gc0d1e7f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c0d1e7fca95629e1cddd7d129fa51b9a6556cb70 (commit) via 9a034acf8ab6f85c65ccc75a4fd7b8dd47b73e3a (commit) via 572502bd2c0637429bca547ba882629640477495 (commit) via c029a184d6a1a96c6de234835fff97d4e946b19c (commit) via 2480b0253166712a2f20b92f34c8e4c2db0fc26f (commit) from b5f95c1b566f9530127f3f34e10d120a951cf428 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c0d1e7fca95629e1cddd7d129fa51b9a6556cb70 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 Enable DNS SRV records again. * configure.ac (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst. (use_dns_srv): Make test work. diff --git a/configure.ac b/configure.ac index 309b2bc..8b23179 100644 --- a/configure.ac +++ b/configure.ac @@ -735,15 +735,6 @@ fi # (These need to go after AC_PROG_CC so that $EXEEXT is defined) AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any]) -if test x"$try_hkp" = xyes ; then - AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT") -fi - -if test x"$try_finger" = xyes ; then - AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT") -fi - - # # Checks for libraries. @@ -925,12 +916,10 @@ AC_CHECK_FUNCS(adns_free) # # Now try for the resolver functions so we can use DNS for SRV, PA and CERT. # -if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then - AC_ARG_ENABLE(dns-srv, - AC_HELP_STRING([--disable-dns-srv], - [disable the use of DNS SRV in HKP and HTTP]), - use_dns_srv=$enableval,use_dns_srv=yes) -fi +AC_ARG_ENABLE(dns-srv, + AC_HELP_STRING([--disable-dns-srv], + [disable the use of DNS SRV in HKP and HTTP]), + use_dns_srv=$enableval,use_dns_srv=yes) AC_ARG_ENABLE(dns-pka, AC_HELP_STRING([--disable-dns-pka], commit 9a034acf8ab6f85c65ccc75a4fd7b8dd47b73e3a Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 agent: Fix export of RSA keys to OpenPGP. * agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format string. diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 1b4c9d5..58327c6 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -192,7 +192,7 @@ convert_transfer_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey, case GCRY_PK_RSA: err = gcry_sexp_build (&s_skey, NULL, - "(protected-private-key(rsa(n%m)(e%m)", + "(protected-private-key(rsa(n%m)(e%m)" "(protected openpgp-native%S)))", skey[0], skey[1], transfer_key ); break; commit 572502bd2c0637429bca547ba882629640477495 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 gpg,gpgsm: Simplify wrong_args function. diff --git a/g10/gpg.c b/g10/gpg.c index 47cc851..3614201 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1018,10 +1018,8 @@ build_list (const char *text, char letter, static void wrong_args( const char *text) { - fputs(_("usage: gpg [options] "),stderr); - fputs(text,stderr); - putc('\n',stderr); - g10_exit(2); + fprintf (stderr, _("usage: %s [options] %s\n"), GPG_NAME, text); + g10_exit(2); } diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 92bb806..ded3198 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -636,9 +636,7 @@ set_binary (FILE *fp) static void wrong_args (const char *text) { - fputs (_("usage: gpgsm [options] "), stderr); - fputs (text, stderr); - putc ('\n', stderr); + fprintf (stderr, _("usage: %s [options] %s\n"), GPGSM_NAME, text); gpgsm_exit (2); } commit c029a184d6a1a96c6de234835fff97d4e946b19c Author: Werner Koch Date: Wed Jun 25 19:44:28 2014 +0200 speedo: "make clean-gnupg" may not remove the source. * build-aux/speedo.mk (clean-$(1)): Take care of gnupg. -- I learned it the hard way and lost a bunch of stashed changes. diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 1ef1600..4f0751f 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -731,11 +731,15 @@ $(stampdir)/stamp-w64-final-$(1): $(stampdir)/stamp-w64-$(1)-03-install .PHONY : clean-$(1) clean-$(1): @echo "speedo: uninstalling $(1)" - @($(call SETVARS,$(1)); \ - (cd "$$$${pkgbdir}" 2>/dev/null && \ - $(MAKE) --no-print-directory \ - $$$${pkgmkargs_inst} uninstall V=0 ) || true;\ - rm -fR "$$$${pkgsdir}" "$$$${pkgbdir}" || true) + @($(call SETVARS,$(1)); \ + (cd "$$$${pkgbdir}" 2>/dev/null && \ + $(MAKE) --no-print-directory \ + $$$${pkgmkargs_inst} uninstall V=0 ) || true ;\ + if [ "$(1)" = "gnupg" ]; then \ + rm -fR "$$$${pkgbdir}" || true ;\ + else \ + rm -fR "$$$${pkgsdir}" "$$$${pkgbdir}" || true;\ + fi) -rm -f $(stampdir)/stamp-final-$(1) $(stampdir)/stamp-$(1)-* commit 2480b0253166712a2f20b92f34c8e4c2db0fc26f Author: Werner Koch Date: Wed Jun 25 19:26:33 2014 +0200 gpgsm: Fix default config name. diff --git a/sm/gpgsm.c b/sm/gpgsm.c index c813336..92bb806 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1435,7 +1435,8 @@ main ( int argc, char **argv) configname = NULL; if (!opt.config_filename) - opt.config_filename = make_filename (opt.homedir, GPG_NAME EXTSEP_S "conf", + opt.config_filename = make_filename (opt.homedir, + GPGSM_NAME EXTSEP_S "conf", NULL); if (log_get_errorcount(0)) ----------------------------------------------------------------------- Summary of changes: agent/cvt-openpgp.c | 2 +- build-aux/speedo.mk | 14 +++++++++----- configure.ac | 19 ++++--------------- g10/gpg.c | 6 ++---- sm/gpgsm.c | 7 +++---- 5 files changed, 19 insertions(+), 29 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 26 17:58:42 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Jun 2014 17:58:42 +0200 Subject: [git] GPA - branch, master, updated. gpa-0.9.4-38-g6e65e5c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via 6e65e5c676fcc8ba4035dbe9b97c0769e2d3eb40 (commit) via 19d034eb12437ac752db589f25a6355566bcddfd (commit) from 80dd3c0d4c3b11e2e84dcb55644643f22cbdd8d3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6e65e5c676fcc8ba4035dbe9b97c0769e2d3eb40 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 Use the gpgme spawn protocol to backup a key. * src/gpgmetools.c (gpa_backup_key): Rewrite. diff --git a/src/gpgmetools.c b/src/gpgmetools.c index 621ea23..3b2eba9 100644 --- a/src/gpgmetools.c +++ b/src/gpgmetools.c @@ -1,6 +1,6 @@ /* gpgmetools.h - Additional gpgme support functions for GPA. Copyright (C) 2002 Miguel Coca. - Copyright (C) 2005, 2008, 2009, 2012 g10 Code GmbH. + Copyright (C) 2005, 2008, 2009, 2012, 2014 g10 Code GmbH. This file is part of GPA @@ -528,48 +528,47 @@ get_gpg_connect_agent_path (void) gboolean gpa_backup_key (const gchar *fpr, const char *filename, int is_x509) { - gchar *header, *pub_key, *sec_key; - gchar *err; - FILE *file; - gint ret_code; - gchar *header_argv[] = + const char *header_argv[] = { - NULL, "--batch", "--no-tty", "--fingerprint", (gchar*) fpr, NULL + "", "--batch", "--no-tty", "--fingerprint", + (char*) fpr, NULL }; - gchar *pub_argv[] = + const char *pub_argv[] = { - NULL, "--batch", "--no-tty", "--armor", "--export", (gchar*) fpr, NULL + "", "--batch", "--no-tty", "--armor", "--export", + (char*) fpr, NULL }; - gchar *sec_argv[] = + const char *sec_argv[] = { - NULL, "--batch", "--no-tty", "--armor", "--export-secret-key", - (gchar*) fpr, NULL + "", "--batch", "--no-tty", "--armor", "--export-secret-key", + (char*) fpr, NULL }; - gchar *seccms_argv[] = + const char *seccms_argv[] = { - NULL, "--batch", "--no-tty", "--armor", "--export-secret-key-p12", - (gchar*) fpr, NULL + "", "--batch", "--no-tty", "--armor", "--export-secret-key-p12", + (char*) fpr, NULL }; - const gchar *path; - mode_t mask; + gpg_error_t err; + FILE *fp; + gpgme_data_t dfp = NULL; + const char *pgm; + gpgme_ctx_t ctx = NULL; + int result = FALSE; /* Get the gpg path. */ if (is_x509) - path = get_gpgsm_path (); + pgm = get_gpgsm_path (); else - path = get_gpg_path (); - g_return_val_if_fail (path && *path, FALSE); - - /* Add the executable to the arg arrays */ - header_argv[0] = (gchar*) path; - pub_argv[0] = (gchar*) path; - sec_argv[0] = (gchar*) path; - seccms_argv[0] = (gchar*) path; + pgm = get_gpg_path (); + g_return_val_if_fail (pgm && *pgm, FALSE); + /* Open the file */ - mask = umask (0077); - file = g_fopen (filename, "w"); - umask (mask); - if (!file) + { + mode_t mask = umask (0077); + fp = g_fopen (filename, "w"); + umask (mask); + } + if (!fp) { gchar message[256]; g_snprintf (message, sizeof(message), "%s: %s", @@ -577,48 +576,62 @@ gpa_backup_key (const gchar *fpr, const char *filename, int is_x509) gpa_window_error (message, NULL); return FALSE; } - /* Get the keys and write them into the file */ + fputs (_( "************************************************************************\n" "* WARNING: This file is a backup of your secret key. Please keep it in *\n" "* a safe place. *\n" "************************************************************************\n" - "\n"), file); + "\n"), fp); - fputs (_("The key backed up in this file is:\n\n"), file); - if( !g_spawn_sync (NULL, header_argv, NULL, 0, NULL, NULL, &header, - &err, &ret_code, NULL)) + fputs (_("The key backed up in this file is:\n\n"), fp); + fflush (fp); + + err = gpgme_data_new_from_stream (&dfp, fp); + if (err) { - return FALSE; + g_message ("error creating data object '%s': %s", + filename, gpg_strerror (err)); + goto leave; } - fputs (header, file); - g_free (err); - g_free (header); - fputs ("\n", file); - if( !g_spawn_sync (NULL, pub_argv, NULL, 0, NULL, NULL, &pub_key, - &err, &ret_code, NULL)) + + ctx = gpa_gpgme_new (); + gpgme_set_protocol (ctx, GPGME_PROTOCOL_SPAWN); + + err = gpgme_op_spawn (ctx, pgm, header_argv, NULL, dfp, NULL, + GPGME_SPAWN_DETACHED|GPGME_SPAWN_ALLOW_SET_FG); + if (err) { - fclose (file); - return FALSE; + g_message ("error running '%s' (1): %s", pgm, gpg_strerror (err)); + goto leave; } - fputs (pub_key, file); - g_free (err); - g_free (pub_key); - fputs ("\n", file); - if( !g_spawn_sync (NULL, - is_x509? seccms_argv : sec_argv, - NULL, 0, NULL, NULL, &sec_key, - &err, &ret_code, NULL)) + gpgme_data_write (dfp, "\n", 1); + + err = gpgme_op_spawn (ctx, pgm, pub_argv, NULL, dfp, NULL, + GPGME_SPAWN_DETACHED|GPGME_SPAWN_ALLOW_SET_FG); + if (err) { - fclose (file); - return FALSE; + g_message ("error running '%s' (2): %s", pgm, gpg_strerror (err)); + goto leave; } - fputs (sec_key, file); - g_free (err); - g_free (sec_key); + gpgme_data_write (dfp, "\n", 1); - fclose (file); - return TRUE; + err = gpgme_op_spawn (ctx, pgm, is_x509? seccms_argv : sec_argv, + NULL, dfp, NULL, + GPGME_SPAWN_DETACHED|GPGME_SPAWN_ALLOW_SET_FG); + if (err) + { + g_message ("error running '%s' (3): %s", pgm, gpg_strerror (err)); + goto leave; + } + + result = TRUE; + + leave: + gpgme_release (ctx); + gpgme_data_release (dfp); + fclose (fp); + return result; } commit 19d034eb12437ac752db589f25a6355566bcddfd Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 Make sure that a new secret key is shown without a restart. * src/keymanager.c (key_manager_refresh): Hack to show a new secret key. diff --git a/src/keymanager.c b/src/keymanager.c index 7b9fe97..d5c9f96 100644 --- a/src/keymanager.c +++ b/src/keymanager.c @@ -854,6 +854,10 @@ key_manager_refresh (GtkAction *action, gpointer param) { GpaKeyManager *self = param; + /* Hack: To force reloading of secret keys we claim that a secret + key has been imported. */ + gpa_keylist_imported_secret_key (self->keylist); + gpa_keylist_start_reload (self->keylist); } ----------------------------------------------------------------------- Summary of changes: src/gpgmetools.c | 131 ++++++++++++++++++++++++++++++------------------------ src/keymanager.c | 4 ++ 2 files changed, 76 insertions(+), 59 deletions(-) hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jun 26 22:01:21 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Jun 2014 22:01:21 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-26-g03f0b51 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 03f0b51fe454f8dbe77c302897f7a5899c4c5380 (commit) from c0d1e7fca95629e1cddd7d129fa51b9a6556cb70 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 03f0b51fe454f8dbe77c302897f7a5899c4c5380 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 gpg: Limit keysize for unattended key generation to useful values. * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096. (gen_rsa): Enforce keysize 1024 to 4096. (gen_dsa): Enforce keysize 768 to 3072. -- It was possible to create 16k RSA keys in batch mode. In addition to the silliness of such keys, they have the major drawback that under GnuPG and Libgcrypt, with their limited amount of specially secured memory areas, the use of such keys may lead to an "out of secure memory" condition. diff --git a/g10/keygen.c b/g10/keygen.c index af54c3f..54d37d0 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1378,11 +1378,16 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root, assert (is_ELGAMAL (algo)); - if (nbits < 512) + if (nbits < 1024) { nbits = 2048; log_info (_("keysize invalid; using %u bits\n"), nbits ); } + else if (nbits > 4096) + { + nbits = 4096; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } if ((nbits % 32)) { @@ -1428,7 +1433,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, char nbitsstr[35]; char qbitsstr[35]; - if ( nbits < 512) + if (nbits < 768) { nbits = 2048; log_info(_("keysize invalid; using %u bits\n"), nbits ); @@ -1562,6 +1567,11 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, nbits = 2048; log_info (_("keysize invalid; using %u bits\n"), nbits ); } + else if (nbits > 4096) + { + nbits = 4096; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } if ((nbits % 32)) { ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 27 09:44:49 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 27 Jun 2014 09:44:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-27-g24be0f2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 24be0f24d3a9325a04de10ae0e5e277bf28a74fe (commit) from 03f0b51fe454f8dbe77c302897f7a5899c4c5380 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 24be0f24d3a9325a04de10ae0e5e277bf28a74fe Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 scd: Support reader Gemalto IDBridge CT30 * scd/ccid-driver.h (GEMPC_CT30): New product id. * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that reader. -- GnuPG-bug-id: 1638 diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 60ac576..65c2037 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -963,6 +963,11 @@ parse_ccid_descriptor (ccid_driver_t handle, handle->max_ifsd = 48; } + if (handle->id_vendor == VENDOR_GEMPC && handle->id_product == GEMPC_CT30) + { + DEBUGOUT ("enabling product quirk: disable non-null NAD\n"); + handle->nonnull_nad = 0; + } return 0; } diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h index a2a6e16..3952cd7 100644 --- a/scd/ccid-driver.h +++ b/scd/ccid-driver.h @@ -80,6 +80,7 @@ enum { #define CHERRY_ST2000 0x003e #define VASCO_920 0x0920 #define GEMPC_PINPAD 0x3478 +#define GEMPC_CT30 0x3437 #define VEGA_ALPHA 0x0008 #endif /*CCID_DRIVER_INCLUDE_USB_IDS*/ ----------------------------------------------------------------------- Summary of changes: scd/ccid-driver.c | 5 +++++ scd/ccid-driver.h | 1 + 2 files changed, 6 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 27 10:14:46 2014 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 27 Jun 2014 10:14:46 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-28-g73ba75a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 73ba75ad8b933beddd2c3f4b66937b56faa0a2d8 (commit) from 24be0f24d3a9325a04de10ae0e5e277bf28a74fe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 73ba75ad8b933beddd2c3f4b66937b56faa0a2d8 Author: NIIBE Yutaka Date: Wed Apr 24 08:36:31 2013 +0900 scd: Add pinpad support for REINER SCT cyberJack go * scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New. * scd/ccid-driver.c (ccid_transceive_secure): Handle the case for VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change). -- This is revised version which adapts changes of ccid-driver and was later ported from branch-2.0 to master (2.1) diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 65c2037..7a91e09 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -3352,6 +3352,7 @@ ccid_transceive_secure (ccid_driver_t handle, pininfo->maxlen = 25; enable_varlen = 1; break; + case VENDOR_REINER:/* Tested with cyberJack go */ case VENDOR_VASCO: /* Tested with DIGIPASS 920 */ enable_varlen = 1; break; diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h index 3952cd7..e62ad5c 100644 --- a/scd/ccid-driver.h +++ b/scd/ccid-driver.h @@ -65,6 +65,7 @@ enum { VENDOR_OMNIKEY= 0x076b, VENDOR_GEMPC = 0x08e6, VENDOR_VEGA = 0x0982, + VENDOR_REINER = 0x0c4b, VENDOR_KAAN = 0x0d46, VENDOR_FSIJ = 0x234b, VENDOR_VASCO = 0x1a44 @@ -82,6 +83,7 @@ enum { #define GEMPC_PINPAD 0x3478 #define GEMPC_CT30 0x3437 #define VEGA_ALPHA 0x0008 +#define CYBERJACK_GO 0x0504 #endif /*CCID_DRIVER_INCLUDE_USB_IDS*/ ----------------------------------------------------------------------- Summary of changes: scd/ccid-driver.c | 1 + scd/ccid-driver.h | 2 ++ 2 files changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 27 10:17:23 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 27 Jun 2014 10:17:23 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.24-6-g505f0a6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 505f0a642f899ede411837ad69a442b0d4f427fa (commit) via 48d92bcc8870f5750fb66351f3623f9d874d08fa (commit) from 045c979a7673112bdb4e04f1bc7d3d4afbc775f8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 505f0a642f899ede411837ad69a442b0d4f427fa Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 scd: Support reader Gemalto IDBridge CT30 * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that reader. (GEMPC_CT30): New product id. -- GnuPG-bug-id: 1638 Resolved conflicts: scd/ccid-driver.h - Removed. product ids are in ccid-driver.c. diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 962128d..6e0bc55 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -227,6 +227,7 @@ enum { #define CHERRY_ST2000 0x003e #define VASCO_920 0x0920 #define GEMPC_PINPAD 0x3478 +#define GEMPC_CT30 0x3437 #define VEGA_ALPHA 0x0008 #define CYBERJACK_GO 0x0504 @@ -998,6 +999,11 @@ parse_ccid_descriptor (ccid_driver_t handle, handle->max_ifsd = 48; } + if (handle->id_vendor == VENDOR_GEMPC && handle->id_product == GEMPC_CT30) + { + DEBUGOUT ("enabling product quirk: disable non-null NAD\n"); + handle->nonnull_nad = 0; + } return 0; } commit 48d92bcc8870f5750fb66351f3623f9d874d08fa Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 gpg: Limit keysize for unattended key generation to useful values. * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096. (gen_rsa): Enforce keysize 1024 to 4096. (gen_dsa): Enforce keysize 768 to 3072. -- It was possible to create 16k RSA keys in batch mode. In addition to the silliness of such keys, they have the major drawback that under GnuPG and Libgcrypt, with their limited amount of specially secured memory areas, the use of such keys may lead to an "out of secure memory" condition. diff --git a/g10/keygen.c b/g10/keygen.c index a786beb..6d3dfa6 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1170,11 +1170,16 @@ gen_elg (int algo, unsigned int nbits, assert( is_ELGAMAL(algo) ); - if (nbits < 512) + if (nbits < 1024) { nbits = 2048; log_info (_("keysize invalid; using %u bits\n"), nbits ); } + else if (nbits > 4096) + { + nbits = 4096; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } if ((nbits % 32)) { @@ -1281,7 +1286,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, gcry_sexp_t misc_key_info; unsigned int qbits; - if ( nbits < 512) + if (nbits < 768) { nbits = 2048; log_info(_("keysize invalid; using %u bits\n"), nbits ); @@ -1437,6 +1442,11 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, nbits = 2048; log_info (_("keysize invalid; using %u bits\n"), nbits ); } + else if (nbits > 4096) + { + nbits = 4096; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } if ((nbits % 32)) { ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 14 ++++++++++++-- scd/ccid-driver.c | 6 ++++++ 2 files changed, 18 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 27 17:01:02 2014 From: cvs at cvs.gnupg.org (by Yuri Chornoivan) Date: Fri, 27 Jun 2014 17:01:02 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-31-g2c40255 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2c4025576105a9deb78e1cfb22c11af4af09c4fa (commit) via e56a2d6a56d95c0f169506a8dc74a845c22b699d (commit) via 2540a4b674a17b45ec33f43f26e830e74ff0afed (commit) from 73ba75ad8b933beddd2c3f4b66937b56faa0a2d8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2c4025576105a9deb78e1cfb22c11af4af09c4fa Author: Yuri Chornoivan Date: Fri Jun 27 15:42:27 2014 +0200 po: Update and enable Ukrainian (uk) translation. diff --git a/po/LINGUAS b/po/LINGUAS index 76ab343..686d277 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -25,6 +25,6 @@ ja #sk #sv #tr -#uk +uk #zh_TW #zh_CN diff --git a/po/uk.po b/po/uk.po index 2fe9d4e..e30452b 100644 --- a/po/uk.po +++ b/po/uk.po @@ -2,12 +2,12 @@ # Copyright (C) 2011 Free Software Foundation, Inc. # This file is distributed under the same license as the GnuPG package. # -# Yuri Chornoivan , 2011. +# Yuri Chornoivan , 2011, 2014. msgid "" msgstr "" "Project-Id-Version: GNU gnupg 2.1.0-gitfe8619d\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2011-08-28 10:48+0300\n" +"PO-Revision-Date: 2014-06-22 17:25+0300\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -16,7 +16,7 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11) ? 0 : ((n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20)) ? 1 : 2);\n" -"X-Generator: Lokalize 1.2\n" +"X-Generator: Lokalize 1.5\n" #, c-format msgid "failed to acquire the pinentry lock: %s\n" @@ -66,6 +66,9 @@ msgstr "" "???? ?????, ??????? ??? ??????, ??? ???? ????? ???? ???????????? ??? ????? " "??????" +#. TRANSLATORS: The string is appended to an error message in +#. the pinentry. The %s is the actual error message, the +#. two %d give the current and maximum number of tries. #, c-format msgid "SETERROR %s (try %d of %d)" msgstr "SETERROR %s (?????? %d ? %d)" @@ -113,9 +116,8 @@ msgid "detected card with S/N: %s\n" msgstr "???????? ?????? ? ???????? ???????: %s\n" #, c-format -msgid "error getting default authentication keyID of card: %s\n" -msgstr "" -"??????? ??? ??? ?????? ????????? ???????? ???????????????? keyID ??????: %s\n" +msgid "no authentication key for ssh on card: %s\n" +msgstr "?? ????? ????? ????? ????????????? ??? SSH: %s\n" #, c-format msgid "no suitable card key found: %s\n" @@ -183,7 +185,7 @@ msgid "Reset Code" msgstr "??? ????????" #, c-format -msgid "%s%%0A%%0AUse the reader's keypad for input." +msgid "%s%%0A%%0AUse the reader's pinpad for input." msgstr "%s%%0A%%0A????????????? ?????????? ??????????? ????????? ??? ????????." msgid "Repeat this Reset Code" @@ -281,7 +283,7 @@ msgid "Yes, protection is not needed" msgstr "???, ? ??????? ????? ???????" #, c-format -msgid "Please enter the passphrase to%0Ato protect your new key" +msgid "Please enter the passphrase to%0Aprotect your new key" msgstr "??????? ?????? ??%0A? ????? ??????? ?????? ?????? ?????" msgid "Please enter the new passphrase" @@ -294,12 +296,12 @@ msgstr "" "@?????????:\n" " " -msgid "run in server mode (foreground)" -msgstr "????????? ? ?????? ??????? (?????????)" - msgid "run in daemon mode (background)" msgstr "????????? ? ?????? ??????? ?????? (???????)" +msgid "run in server mode (foreground)" +msgstr "????????? ? ?????? ??????? (?????????)" + msgid "verbose" msgstr "????????? ?????" @@ -348,14 +350,17 @@ msgstr "??????? ???????? ??????? ?? ??????? ?? msgid "do not use the PIN cache when signing" msgstr "?? ??????????????? ??? ???-????? ??? ????????????" -msgid "allow clients to mark keys as \"trusted\"" -msgstr "????????? ???????? ????????? ????? ?? ???????" +msgid "disallow clients to mark keys as \"trusted\"" +msgstr "?????????? ???????? ????????? ????? ?? ???????" msgid "allow presetting passphrase" msgstr "????????? ????????? ???????????? ??????" -msgid "enable ssh-agent emulation" -msgstr "????????? ???????? ssh-??????" +msgid "enable ssh support" +msgstr "????????? ????????? ssh" + +msgid "enable putty support" +msgstr "????????? ????????? putty" msgid "|FILE|write environment settings also to FILE" msgstr "???????? ????????? ?????????? ? ?? ?????" @@ -366,15 +371,15 @@ msgstr "???????? ????????? ?????????? ? ?? ??? msgid "Please report bugs to <@EMAIL@>.\n" msgstr "???? ?????, ?????????? ???????????? ??? ??????? ?? <@EMAIL@>.\n" -msgid "Usage: gpg-agent [options] (-h for help)" -msgstr "????????????: gpg-agent [?????????] (-h ? ???????)" +msgid "Usage: @GPG_AGENT@ [options] (-h for help)" +msgstr "????????????: @GPG_AGENT@ [?????????] (-h ? ???????)" msgid "" -"Syntax: gpg-agent [options] [command [args]]\n" -"Secret key management for GnuPG\n" +"Syntax: @GPG_AGENT@ [options] [command [args]]\n" +"Secret key management for @GNUPG@\n" msgstr "" -"?????????: gpg-agent [?????????] [??????? [?????????]]\n" -"????????? ????????? ??????? ? GnuPG\n" +"?????????: @GPG_AGENT@ [?????????] [??????? [?????????]]\n" +"????????? ????????? ??????? ? @GNUPG@\n" #, c-format msgid "invalid debug-level '%s' given\n" @@ -397,6 +402,10 @@ msgid "reading options from '%s'\n" msgstr "????????? ????????? ? ?%s?\n" #, c-format +msgid "NOTE: '%s' is not considered an option\n" +msgstr "??????????: %s ?? ?????????? ??? ?????????? ????????????!\n" + +#, c-format msgid "error creating '%s': %s\n" msgstr "??????? ????????? ?%s?: %s.\n" @@ -468,7 +477,7 @@ msgid "ssh handler 0x%lx for fd %d terminated\n" msgstr "???????? ssh 0x%lx ??????????? ????? %d ???????? ??????\n" #, c-format -msgid "pth_select failed: %s - waiting 1s\n" +msgid "npth_pselect failed: %s - waiting 1s\n" msgstr "??????? pth_select: %s ? ?????????? ? 1 ?\n" #, c-format @@ -478,8 +487,9 @@ msgstr "%s %s ????????\n" msgid "no gpg-agent running in this session\n" msgstr "? ????? ?????? ?? ???????? gpg-agent\n" -msgid "malformed GPG_AGENT_INFO environment variable\n" -msgstr "????????? ???????????? ??????? ?????????? GPG_AGENT_INFO\n" +#, c-format +msgid "malformed %s environment variable\n" +msgstr "????????? ???????????? ??????? ?????????? %s\n" #, c-format msgid "gpg-agent protocol version %d is not supported\n" @@ -648,6 +658,17 @@ msgstr "??????? ??????" msgid "I'll change it later" msgstr "? ????? ???? ???????" +msgid "Delete key" +msgstr "???????? ????" + +msgid "" +"Warning: This key is also listed for use with SSH!\n" +"Deleting the key will may remove your ability to access remote machines." +msgstr "" +"????????????: ??? ???? ? ? ?????? ???????????? ??? SSH!\n" +"????????? ????? ????? ???? ????????? ?? ???????????? ???????? ?????? ?? " +"?????????? ???????????." + msgid "DSA requires the hash length to be a multiple of 8 bits\n" msgstr "??? DSA ??????? ???? ??? ???? ??????? ?? 8 ?????\n" @@ -708,13 +729,6 @@ msgstr "??????? ??? ??? ?????? ????????? ?%s?: ? msgid "error getting exit code of process %d: %s\n" msgstr "??????? ??? ??? ?????? ????????? ???? ?????? ??????? %d: %s\n" -#, c-format -msgid "error creating socket: %s\n" -msgstr "??????? ??? ??? ?????? ????????? ??????: %s\n" - -msgid "host not found" -msgstr "????? ?? ????????" - msgid "gpg-agent is not available in this session\n" msgstr "gpg-agent ??????????? ? ????? ??????\n" @@ -1015,14 +1029,6 @@ msgid "you found a bug ... (%s:%d)\n" msgstr "?? ??????? ????? (%s:%d)\n" #, c-format -msgid "error loading '%s': %s\n" -msgstr "??????? ??? ??? ?????? ???????????? ?%s?: %s\n" - -#, c-format -msgid "please see %s for more information\n" -msgstr "???? ?????, ??????????? ? %s, ??? ????????? ??????\n" - -#, c-format msgid "conversion from '%s' to '%s' not available\n" msgstr "???????????? ? ?%s? ? ?%s? ??????????\n" @@ -1046,9 +1052,6 @@ msgstr "??????? ??? ??? ?????? ?????? ?? ?%s?: %s\n msgid "removing stale lockfile (created by %d)\n" msgstr "????????? ??????????? ????? ?????????? (???????? %d)\n" -msgid " - probably dead - removing lock" -msgstr " ? ????????, ?? ???????????????? ? ???????? ??????????" - #, c-format msgid "waiting for lock (held by %d%s) %s...\n" msgstr "?????????? ?? ?????????? (??????? %d%s) %s...\n" @@ -1148,6 +1151,13 @@ msgid "not human readable" msgstr "???????? ??? ???????" #, c-format +msgid "failed to proxy %s inquiry to client\n" +msgstr "?? ??????? ?????????? ????? ?????? ????? %s ?? ???????\n" + +msgid "Enter passphrase: " +msgstr "??????? ??????: " + +#, c-format msgid "OpenPGP card not available: %s\n" msgstr "?? ??????? ???????? ?????? ?? ?????? OpenPGP: %s\n" @@ -1326,7 +1336,7 @@ msgstr "???????? ??? ???????? ?????? (y/N ??? ?/?) #, c-format msgid "" "Please note that the factory settings of the PINs are\n" -" PIN = `%s' Admin PIN = `%s'\n" +" PIN = '%s' Admin PIN = '%s'\n" "You should change them using the command --change-pin\n" msgstr "" "????????, ?? ???????? ??????????? ??????? ?\n" @@ -1348,6 +1358,13 @@ msgstr " (3) ???? ?????????????\n" msgid "Invalid selection.\n" msgstr "??????????? ?????.\n" +msgid "Please select where to store the key:\n" +msgstr "???????? ??????? ??? ?????????? ?????:\n" + +#, c-format +msgid "KEYTOCARD failed: %s\n" +msgstr "??????? KEYTOCARD: %s\n" + msgid "quit this menu" msgstr "????? ? ????? ????" @@ -1438,8 +1455,15 @@ msgstr "???????? ??? ???? ?? ???????? (y/N ??? ?/?) msgid "This is a secret key! - really delete? (y/N) " msgstr "??? ???? ? ????????! ???????? ????? (y/N ??? ?/?) " -msgid "deleting secret key not implemented\n" -msgstr "????????? ????????? ????? ?? ???????????\n" +#, c-format +msgid "deleting secret %s failed: %s\n" +msgstr "??????? ??? ??? ?????? ????????? ????????? %s: %s\n" + +msgid "key" +msgstr "????" + +msgid "subkey" +msgstr "???????" #, c-format msgid "deleting keyblock failed: %s\n" @@ -1617,9 +1641,6 @@ msgstr " - ?????????" msgid "WARNING: nothing exported\n" msgstr "?????: ?????? ?? ????????????\n" -msgid "too many entries in pk cache - disabled\n" -msgstr "??????? ?????? ??????? ? ???? pk ? ????????\n" - msgid "[User ID not found]" msgstr "[????????????? ?? ????????]" @@ -1696,6 +1717,12 @@ msgstr "???????? ????? ? ?????????? ??????? ?? msgid "remove keys from the secret keyring" msgstr "???????? ?????? ? ????????? ??????? ??????" +msgid "quickly sign a key" +msgstr "?????? ????????? ????" + +msgid "quickly sign a key locally" +msgstr "?????? ????????? ???? ????????" + msgid "sign a key" msgstr "????????? ????" @@ -1801,15 +1828,15 @@ msgstr "" " --list-keys [?????] ???????? ?????\n" " --fingerprint [?????] ???????? ????????\n" -msgid "Usage: gpg [options] [files] (-h for help)" -msgstr "????????????: gpg [?????????] [?????] (-h ? ???????)" +msgid "Usage: @GPG@ [options] [files] (-h for help)" +msgstr "????????????: @GPG@ [?????????] [?????] (-h ? ???????)" msgid "" -"Syntax: gpg [options] [files]\n" -"sign, check, encrypt or decrypt\n" -"default operation depends on the input data\n" +"Syntax: @GPG@ [options] [files]\n" +"Sign, check, encrypt or decrypt\n" +"Default operation depends on the input data\n" msgstr "" -"?????????: gpg [?????????] [?????]\n" +"?????????: @GPG@ [?????????] [?????]\n" "????????????, ????????? ????????, ?????????? ??? ?????????????\n" "?????? ??? ?????????? ??? ??????? ?????\n" @@ -1832,8 +1859,10 @@ msgstr "???: " msgid "Compression: " msgstr "?????????: " -msgid "usage: gpg [options] " -msgstr "????????????: gpg [?????????] " +#, fuzzy, c-format +#| msgid "usage: %s [options] " +msgid "usage: %s [options] %s\n" +msgstr "????????????: %s [?????????]" msgid "conflicting commands\n" msgstr "????????? ???????\n" @@ -1876,7 +1905,7 @@ msgstr "" #, c-format msgid "" -"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n" +"WARNING: unsafe enclosing directory ownership on configuration file '%s'\n" msgstr "" "?????: ?????????? ???????? ? ?????????? ????????, ??????????? ?????? " "??????????? ?%s?, ?? ? ?????????\n" @@ -1895,7 +1924,7 @@ msgstr "" #, c-format msgid "" -"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n" +"WARNING: unsafe enclosing directory permissions on configuration file '%s'\n" msgstr "" "?????: ?????????? ???? ??????? ?? ?????????? ????????, ??????????? ?????? " "??????????? ?%s?, ?? ? ?????????\n" @@ -1962,6 +1991,10 @@ msgid "'%s' is not a valid signature expiration\n" msgstr "?%s? ?? ? ????????? ??????? ?????????? ?????? ??? ???????\n" #, c-format +msgid "invalid pinentry mode '%s'\n" +msgstr "??????????? ????? ???????? pin ?%s?\n" + +#, c-format msgid "'%s' is not a valid character set\n" msgstr "?%s? ?? ? ????????? ??????? ????????\n" @@ -2534,13 +2567,13 @@ msgstr "???? %s: ???????? ???? ??? ?????\n" msgid "key %s: error sending to agent: %s\n" msgstr "???? %s: ??????? ??? ??? ?????? ?????????? ??????: %s\n" +msgid "importing secret keys not allowed\n" +msgstr "???????????? ???????? ?????? ??????????\n" + #, c-format msgid "key %s: secret key with invalid cipher %d - skipped\n" msgstr "???? %s: ???????? ???? ? ??????????? ?????? %d ? ?????????\n" -msgid "importing secret keys not allowed\n" -msgstr "???????????? ???????? ?????? ??????????\n" - #, c-format msgid "key %s: no public key - can't apply revocation certificate\n" msgstr "" @@ -2650,10 +2683,18 @@ msgid "key %s: direct key signature added\n" msgstr "???? %s: ?????? ????????????? ?????? ?????\n" #, c-format +msgid "error creating keybox '%s': %s\n" +msgstr "??????? ??? ??? ?????? ????????? ??????? ?????? ?%s?: %s\n" + +#, c-format msgid "error creating keyring '%s': %s\n" msgstr "??????? ??? ??? ?????? ????????? ??????? ?????? ?%s?: %s\n" #, c-format +msgid "keybox '%s' created\n" +msgstr "???????? ??????? ?????? ?%s?\n" + +#, c-format msgid "keyring '%s' created\n" msgstr "???????? ??????? ?????? ?%s?\n" @@ -3037,9 +3078,9 @@ msgid "Please use the command \"toggle\" first.\n" msgstr "????????????? ???????? ???????? ?toggle?.\n" msgid "" -"* The `sign' command may be prefixed with an `l' for local signatures " +"* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" -" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n" +" a 't' for trust signatures (tsign), an 'nr' for non-revocable signatures\n" " (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n" msgstr "" "* ?? ??????? ?sign? ????? ?????? ?l? ??? ????????? ???????? (lsign),\n" @@ -3146,6 +3187,20 @@ msgstr "??????? ?????????: %s\n" msgid "Key not changed so no update needed.\n" msgstr "???? ?? ???????, ???? ????????? ??????????.\n" +#, c-format +msgid "\"%s\" is not a fingerprint\n" +msgstr "?%s? ?? ? ?????????\n" + +#, c-format +msgid "\"%s\" is not the primary fingerprint\n" +msgstr "?%s? ?? ? ???????? ?????????\n" + +msgid "No matching user IDs." +msgstr "????? ??????????? ??????????????? ????????????." + +msgid "Nothing to sign.\n" +msgstr "?????? ???????????.\n" + msgid "Digest: " msgstr "?????????? ????: " @@ -3574,20 +3629,33 @@ msgid " (%d) RSA (set your own capabilities)\n" msgstr " (%d) RSA (?? ??????????? ??????????? ?????????)\n" #, c-format -msgid " (%d) ECDSA and ECDH\n" -msgstr " (%d) ECDSA ? ECDH\n" +msgid " (%d) ECC\n" +msgstr " (%d) ECC\n" #, c-format -msgid " (%d) ECDSA (sign only)\n" -msgstr " (%d) ECDSA (???? ????????????)\n" +msgid " (%d) ECC (sign only)\n" +msgstr " (%d) ECC (???? ????????????)\n" #, c-format -msgid " (%d) ECDSA (set your own capabilities)\n" -msgstr " (%d) ECDSA (?? ??????????? ??????????? ?????????)\n" +msgid " (%d) ECC (set your own capabilities)\n" +msgstr " (%d) ECC (?? ??????????? ??????????? ?????????)\n" #, c-format -msgid " (%d) ECDH (encrypt only)\n" -msgstr " (%d) ECDH (???? ??????????)\n" +msgid " (%d) ECC (encrypt only)\n" +msgstr " (%d) ECC (???? ??????????)\n" + +#, c-format +msgid " (%d) Existing key\n" +msgstr " (%d) ??? ????????? ????\n" + +msgid "Enter the keygrip: " +msgstr "??????? keygrip: " + +msgid "Not a valid keygrip (expecting 40 hex digits)\n" +msgstr "??????????? keygrip (???? ???? ??????? 40 ??????????????? ????)\n" + +msgid "No key with this keygrip\n" +msgstr "????? ?????? ? ????? ????????? keygrip\n" #, c-format msgid "%s keys may be between %u and %u bits long.\n" @@ -3609,6 +3677,9 @@ msgstr "???????? ??????? ????? ? %u ?????\n" msgid "rounded to %u bits\n" msgstr "????????? ?? %u ?????\n" +msgid "Please select which elliptic curve you want:\n" +msgstr "??????? ???????? ??? ????????? ?????:\n" + msgid "" "Please specify how long the key should be valid.\n" " 0 = key does not expire\n" @@ -4126,6 +4197,18 @@ msgstr "" msgid "no signature found\n" msgstr "??????? ?? ????????\n" +#, c-format +msgid "BAD signature from \"%s\"" +msgstr "?????????? ?????? ??? ?%s?" + +#, c-format +msgid "Expired signature from \"%s\"" +msgstr "???????????? ?????? ??? ?%s?" + +#, c-format +msgid "Good signature from \"%s\"" +msgstr "???????? ?????? ??? ?%s?" + msgid "signature verification suppressed\n" msgstr "????????? ???????? ?????????\n" @@ -4147,18 +4230,6 @@ msgstr "?????? ???????? %s ?????? %s ? ?????????? msgid "Key available at: " msgstr "???? ????????? ??: " -#, c-format -msgid "BAD signature from \"%s\"" -msgstr "?????????? ?????? ??? ?%s?" - -#, c-format -msgid "Expired signature from \"%s\"" -msgstr "???????????? ?????? ??? ?%s?" - -#, c-format -msgid "Good signature from \"%s\"" -msgstr "???????? ?????? ??? ?%s?" - msgid "[uncertain]" msgstr "[????????]" @@ -4175,8 +4246,8 @@ msgid "Signature expires %s\n" msgstr "?????? ??? ?? %s\n" #, c-format -msgid "%s signature, digest algorithm %s\n" -msgstr "%s ??????, ???????? ??????????? ???? %s\n" +msgid "%s signature, digest algorithm %s%s%s\n" +msgstr "%s ??????, ???????? ??????????? ???? %s%s%s\n" msgid "binary" msgstr "?????????" @@ -4240,9 +4311,6 @@ msgstr "" msgid "WARNING: digest algorithm %s is deprecated\n" msgstr "?????: ???????? ?????????? ??????????? ??? %s ?????????? ??????????\n" -msgid "the IDEA cipher plugin is not present\n" -msgstr "?? ???????? ??????? ?????????? IDEA\n" - #, c-format msgid "%s:%d: deprecated option \"%s\"\n" msgstr "%s:%d: ?????????? ???????? ?%s?\n" @@ -4375,17 +4443,23 @@ msgstr "%u-??????? ???? %s, ????????????? %s, ????? msgid " (subkey on main key ID %s)" msgstr " (??????? ? ?????????????? ????????? ????? %s)" -msgid "" -"Please enter the passphrase to unlock the secret key for the OpenPGP " -"certificate:" -msgstr "" -"??????? ?????? ??? ????????????? ????????? ????? ??? ??????????? OpenPGP " +msgid "Please enter the passphrase to unlock the OpenPGP secret key:" +msgstr "??????? ?????? ??? ????????????? ????????? ????? OpenPGP:" -msgid "" -"Please enter the passphrase to import the secret key for the OpenPGP " -"certificate:" -msgstr "" -"??????? ?????? ??? ???????????? ????????? ????? ??? ??????????? OpenPGP " +msgid "Please enter the passphrase to import the OpenPGP secret key:" +msgstr "??????? ?????? ??? ???????????? ????????? ????? OpenPGP:" + +msgid "Please enter the passphrase to export the OpenPGP secret subkey:" +msgstr "??????? ?????? ??? ????????????? ????????? ???????? OpenPGP:" + +msgid "Please enter the passphrase to export the OpenPGP secret key:" +msgstr "??????? ?????? ??? ????????????? ????????? ????? OpenPGP:" + +msgid "Do you really want to permanently delete the OpenPGP secret subkey key:" +msgstr "??????? ?????? ????????? ???????? ???????? ??????? OpenPGP:" + +msgid "Do you really want to permanently delete the OpenPGP secret key:" +msgstr "??????? ?????? ????????? ???????? ???????? ???? OpenPGP:" #, c-format msgid "" @@ -4393,11 +4467,13 @@ msgid "" "\"%.*s\"\n" "%u-bit %s key, ID %s,\n" "created %s%s.\n" +"%s" msgstr "" "%s\n" -"\"%.*s\"\n" -"%u-??????? ???? %s, ????????????? %s,\n" +"?%.*s?\n" +"%u-??????? ???? %s, ??. %s,\n" "???????? %s%s.\n" +"%s" msgid "" "\n" @@ -4458,6 +4534,16 @@ msgstr "??????? ???????????: " msgid "revocation comment: " msgstr "???????? ???? ???????????: " +#. TRANSLATORS: These are the allowed answers in lower and +#. uppercase. Below you will find the matching strings which +#. should be translated accordingly and the letter changed to +#. match the one in the answer string. +#. +#. i = please show me more information +#. m = back to the main menu +#. s = skip this key +#. q = quit +#. msgid "iImMqQsS" msgstr "iImMqQsS" @@ -4800,10 +4886,10 @@ msgid "%s key %s uses an unsafe (%zu bit) hash\n" msgstr "???? %s ???????????? %s ??????????? ?????? (%zu-???????) ???\n" #, c-format -msgid "%s key %s requires a %zu bit or larger hash (hash is %s\n" +msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n" msgstr "" "??? ???????????? %s ????? %s ???????? ??? ? %zu ??? ?????? ????? (????? ??? " -"%s\n" +"%s)\n" msgid "WARNING: signature digest conflict in message\n" msgstr "?????: ???????? ??????????? ??? ???????? ? ????????????\n" @@ -4813,6 +4899,10 @@ msgid "WARNING: signing subkey %s is not cross-certified\n" msgstr "?????: ???????????? ???????? %s ?? ? ?????????? ??????????????\n" #, c-format +msgid "please see %s for more information\n" +msgstr "???? ?????, ??????????? ? %s, ??? ????????? ??????\n" + +#, c-format msgid "WARNING: signing subkey %s has an invalid cross-certification\n" msgstr "" "?????: ???????????? ???????? %s ??????? ?????????? ?????????? ????????????\n" @@ -4848,6 +4938,10 @@ msgid "NOTE: signature key %s has been revoked\n" msgstr "??????????: ???? ??????? %s ???? ??????????\n" #, c-format +msgid "Note: signatures using the %s algorithm are rejected\n" +msgstr "??????????: ??????? ?? ????????? ????????? %s ?????????\n" + +#, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" "??????????? ?????????? ??????? ??? ????? %s ????? ????????? ????????? ???\n" @@ -5125,45 +5219,6 @@ msgstr "" msgid "using %s trust model\n" msgstr "?????????????? ?????? ?????? %s\n" -msgid "10 translator see trustdb.c:uid_trust_string_fixed" -msgstr "10 translator see trustdb.c:uid_trust_string_fixed" - -msgid "[ revoked]" -msgstr "[???????.]" - -msgid "[ expired]" -msgstr "[????????]" - -msgid "[ unknown]" -msgstr "[????????]" - -msgid "[ undef ]" -msgstr "[?? ????.]" - -msgid "[marginal]" -msgstr "[??????? ]" - -msgid "[ full ]" -msgstr "[ ????? ]" - -msgid "[ultimate]" -msgstr "[????????]" - -msgid "undefined" -msgstr "?? ?????????" - -msgid "never" -msgstr "??????" - -msgid "marginal" -msgstr "???????" - -msgid "full" -msgstr "?????" - -msgid "ultimate" -msgstr "????????" - msgid "no need for a trustdb check\n" msgstr "??????? ? ????????? trustdb ?????\n" @@ -5243,10 +5298,10 @@ msgstr "????????????: kbxutil [?????????] [?????] (-h msgid "" "Syntax: kbxutil [options] [files]\n" -"list, export, import Keybox data\n" +"List, export, import Keybox data\n" msgstr "" "?????????: kbxutil [?????????] [?????]\n" -"????????, ?????????????, ???????????? ????? Keybox\n" +"????????, ?????????????, ???????????? ????? Keybox\n" #, c-format msgid "RSA modulus missing or not of size %d bits\n" @@ -5332,6 +5387,9 @@ msgstr "????????? ?? ??????? ?????? ???????? RSA msgid "response does not contain the RSA public exponent\n" msgstr "????????? ?? ??????? ?????????? ????????? RSA\n" +msgid "response does not contain the EC public point\n" +msgstr "????????? ?? ??????? ????????? ????? ?????????? ??????\n" + #, c-format msgid "using default PIN as %s\n" msgstr "?????????????? ??????? ?????? ?? %s\n" @@ -5389,6 +5447,9 @@ msgstr "||??????? ??? ???????? ???? ??????" msgid "Reset Code is too short; minimum length is %d\n" msgstr "??????? ???????? ??? ????????; ?????????? ??????? ? %d\n" +#. TRANSLATORS: Do not translate the "|*|" prefixes but +#. keep it at the start of the string. We need this elsewhere +#. to get some infos on the string. msgid "|RN|New Reset Code" msgstr "|RN|????? ??? ????????" @@ -5398,6 +5459,12 @@ msgstr "|AN|????? ???????????????? ??????" msgid "|N|New PIN" msgstr "|N|????? ??????" +msgid "||Please enter the Admin PIN and New Admin PIN" +msgstr "||??????? ???????????????? ?????? ?? ????? ???????????????? ??????" + +msgid "||Please enter the PIN and New PIN" +msgstr "||??????? ?????? ?? ????? ??????" + msgid "error reading application data\n" msgstr "??????? ??????? ????? ????????\n" @@ -5460,7 +5527,7 @@ msgstr "????????? ????????????????? ??????? ? msgid "can't access %s - invalid OpenPGP card?\n" msgstr "?? ??????? ???????? ?????? ?? %s ? ?????????? ?????? OpenPGP?\n" -msgid "||Please enter your PIN at the reader's keypad" +msgid "||Please enter your PIN at the reader's pinpad" msgstr "||??????? ??? ?????? ?? ????????? ???????????? ?????? ?????????" #. TRANSLATORS: Do not translate the "|*|" prefixes but @@ -5493,21 +5560,24 @@ msgstr "?? ??????????????? ??????????? ?????? msgid "|N|disconnect the card after N seconds of inactivity" msgstr "|N|?????????? ?????????? ??????? ????????? ?????? ??????" -msgid "do not use a reader's keypad" +msgid "do not use a reader's pinpad" msgstr "?? ??????????????? ????????? ?????????? ?????????" msgid "deny the use of admin card commands" msgstr "?????????? ???????????? ?????? ? ??????????????? ??????" -msgid "Usage: scdaemon [options] (-h for help)" -msgstr "????????????: scdaemon [?????????] (-h ? ???????)" +msgid "use variable length input for pinpad" +msgstr "??????????????? ?????? ??????? ??????? ????? ??? ?????????" + +msgid "Usage: @SCDAEMON@ [options] (-h for help)" +msgstr "????????????: @SCDAEMON@ [?????????] (-h ? ???????)" msgid "" "Syntax: scdaemon [options] [command [args]]\n" -"Smartcard daemon for GnuPG\n" +"Smartcard daemon for @GNUPG@\n" msgstr "" "?????????: scdaemon [?????????] [??????? [?????????]]\n" -"?????? ?????? ?????? ??????? ??? GnuPG\n" +"?????? ?????? ?????? ??????? ??? @GNUPG@\n" msgid "please use the option '--daemon' to run the program in the background\n" msgstr "" @@ -5527,10 +5597,6 @@ msgid "invalid radix64 character %02x skipped\n" msgstr "????????? ??????????? ?????? radix64 %02x\n" #, c-format -msgid "failed to proxy %s inquiry to client\n" -msgstr "?? ??????? ?????????? ????? ?????? ????? %s ?? ???????\n" - -#, c-format msgid "validation model requested by certificate: %s" msgstr "?????? ?????????, ???????? ????????????: %s" @@ -5578,8 +5644,8 @@ msgstr "????????? ??????????? ????????????: %d\n msgid "dirmngr cache-only key lookup failed: %s\n" msgstr "??????? ?????? ?????? ???? ? dirmngr: %s\n" -msgid "failed to allocated keyDB handle\n" -msgstr "?? ??????? ?????????? ???????? keyDB\n" +msgid "failed to allocate keyDB handle\n" +msgstr "?? ??????? ?????????? ?????????? keyDB\n" msgid "certificate has been revoked" msgstr "?????????? ??????????" @@ -5750,16 +5816,16 @@ msgstr "?? ??????? ???????????? ????? ? ?????? msgid "error getting key usage information: %s\n" msgstr "??????? ??? ??? ?????? ????????? ????? ???? ???????????? ?????: %s\n" -msgid "certificate should have not been used for certification\n" +msgid "certificate should not have been used for certification\n" msgstr "?????????? ?? ??? ????????????????? ??? ????????????\n" -msgid "certificate should have not been used for OCSP response signing\n" +msgid "certificate should not have been used for OCSP response signing\n" msgstr "?????????? ?? ??? ????????????????? ??? ???????????? ?????????? OCSP\n" -msgid "certificate should have not been used for encryption\n" +msgid "certificate should not have been used for encryption\n" msgstr "?????????? ?? ??? ????????????????? ??? ??????????\n" -msgid "certificate should have not been used for signing\n" +msgid "certificate should not have been used for signing\n" msgstr "?????????? ?? ??? ????????????????? ??? ????????????\n" msgid "certificate is not usable for encryption\n" @@ -5820,6 +5886,18 @@ msgid "line %d: invalid hash algorithm given\n" msgstr "????? %d: ??????? ??????????? ???????? ?????????\n" #, c-format +msgid "line %d: invalid authority-key-id\n" +msgstr "????? %d: ??????????? authority-key-id\n" + +#, c-format +msgid "line %d: invalid subject-key-id\n" +msgstr "????? %d: ?????????? ???????? subject-key-id\n" + +#, c-format +msgid "line %d: invalid extension syntax\n" +msgstr "????? %d: ??????????? ????????? ??????????\n" + +#, c-format msgid "line %d: error reading key '%s' from card: %s\n" msgstr "????? %d: ??????? ??????? ????? ?%s? ? ??????: %s\n" @@ -5851,15 +5929,6 @@ msgstr " (%d) ??? ????????? ????\n" msgid " (%d) Existing key from card\n" msgstr " (%d) ??? ????????? ???? ? ??????\n" -msgid "Enter the keygrip: " -msgstr "??????? keygrip: " - -msgid "Not a valid keygrip (expecting 40 hex digits)\n" -msgstr "??????????? keygrip (???? ???? ??????? 40 ??????????????? ????)\n" - -msgid "No key with this keygrip\n" -msgstr "????? ?????? ? ????? ????????? keygrip\n" - #, c-format msgid "error reading the card: %s\n" msgstr "??????? ??????? ??????: %s\n" @@ -6066,22 +6135,19 @@ msgstr "" "|NAME|??????????????? ???????? ???????? ?????????? ??????????? ???? " "????????????" -msgid "Usage: gpgsm [options] [files] (-h for help)" -msgstr "????????????: gpgsm [?????????] [?????] (-h ? ???????)" +msgid "Usage: @GPGSM@ [options] [files] (-h for help)" +msgstr "????????????: @GPGSM@ [?????????] [?????] (-h ? ???????)" msgid "" -"Syntax: gpgsm [options] [files]\n" -"sign, check, encrypt or decrypt using the S/MIME protocol\n" -"default operation depends on the input data\n" +"Syntax: @GPGSM@ [options] [files]\n" +"Sign, check, encrypt or decrypt using the S/MIME protocol\n" +"Default operation depends on the input data\n" msgstr "" -"?????????: gpgsm [?????????] [?????]\n" +"?????????: @GPGSM@ [?????????] [?????]\n" "????????????, ????????? ????????, ?????????? ??? ????????????? ?? ????????? " "????????? S/MIME\n" "?????? ??? ?????????? ??? ??????? ?????\n" -msgid "usage: gpgsm [options] " -msgstr "????????????: gpgsm [?????????] " - #, c-format msgid "NOTE: won't be able to encrypt to '%s': %s\n" msgstr "??????????: ?? ???????? ??????????? ?? ?%s?: %s\n" @@ -6126,9 +6192,6 @@ msgstr "??????? ??? ??? ?????? ?????????? ???? msgid "basic certificate checks failed - not imported\n" msgstr "??????? ??? ??? ???????? ????????? ??????????? ? ?? ???????????\n" -msgid "failed to allocate keyDB handle\n" -msgstr "?? ??????? ?????????? ?????????? keyDB\n" - #, c-format msgid "error getting stored flags: %s\n" msgstr "??????? ??? ??? ?????? ????????? ?????????? ?????????: %s\n" @@ -6141,17 +6204,9 @@ msgstr "??????? ??? ??? ?????? ???????????? ?? msgid "error reading input: %s\n" msgstr "??????? ??? ??? ?????? ??????? ??????? ?????: %s\n" -#, c-format -msgid "error creating keybox '%s': %s\n" -msgstr "??????? ??? ??? ?????? ????????? ??????? ?????? ?%s?: %s\n" - msgid "you may want to start the gpg-agent first\n" msgstr "??? ????? ???????? ????????? gpg-agent\n" -#, c-format -msgid "keybox '%s' created\n" -msgstr "???????? ??????? ?????? ?%s?\n" - msgid "failed to get the fingerprint\n" msgstr "?? ??????? ???????? ????????\n" @@ -6703,7 +6758,7 @@ msgstr " ???????: CRL ?? ???? ??????????? ????? ? msgid " ERROR: The CRL will not be used\n" msgstr " ???????: CRL ?? ???? ???????????\n" -msgid " ERROR: This cached CRL may has been tampered with!\n" +msgid " ERROR: This cached CRL may have been tampered with!\n" msgstr " ???????: ??? ????????? CRL ??????? ???? ??????????!\n" msgid " WARNING: invalid cache record length\n" @@ -6796,7 +6851,7 @@ msgstr "??????????? CRL ?? dirmngr" msgid "special mode for use by Squid" msgstr "????????? ????? ??? ???????????? Squid" -msgid "certificates are expected in PEM format" +msgid "expect certificates in PEM format" msgstr "??????????? ???? ???? ??????? ? ??????? PEM" msgid "force the use of the default OCSP responder" @@ -6872,9 +6927,6 @@ msgstr "????????, dirmngr ?? ????????\n" msgid "no running dirmngr - starting one\n" msgstr "dirmngr ?? ???????? ? ??????????\n" -msgid "malformed DIRMNGR_INFO environment variable\n" -msgstr "????????? ???????????? ??????? ?????????? DIRMNGR_INFO\n" - #, c-format msgid "dirmngr protocol version %d is not supported\n" msgstr "????????? ????????? dirmngr ?????? %d ?? ???????????\n" @@ -6971,6 +7023,9 @@ msgstr "|FPR|????????? OCSP ????????? FPR" msgid "|N|do not return more than N items in one query" msgstr "|N|????????? ?? ?????? ?? ??????? ????????? ??????? ?? ?????" +msgid "|FILE|use the CA certificates in FILE for HKP over TLS" +msgstr "|????|??????????????? ??????????? CA ? ????? ???? ??? HKP ????? TLS" + msgid "" "@\n" "(See the \"info\" manual for a complete listing of all commands and " @@ -6980,22 +7035,23 @@ msgstr "" "(??? ???????????? ?? ??????? ?????? ? ??????????, ????????????? ????????? " "????????? (man) ?info?)\n" -msgid "Usage: dirmngr [options] (-h for help)" -msgstr "????????????: dirmngr [?????????] (-h ? ???????)" +msgid "Usage: @DIRMNGR@ [options] (-h for help)" +msgstr "????????????: @DIRMNGR@ [?????????] (-h ? ???????)" msgid "" -"Syntax: dirmngr [options] [command [args]]\n" -"LDAP and OCSP access for GnuPG\n" +"Syntax: @DIRMNGR@ [options] [command [args]]\n" +"LDAP and OCSP access for @GNUPG@\n" msgstr "" -"?????????: dirmngr [?????????] [??????? [?????????]]\n" -"?????? ?? LDAP ? OCSP ??? GnuPG\n" +"?????????: @DIRMNGR@ [?????????] [??????? [?????????]]\n" +"?????? ?? LDAP ? OCSP ??? @GNUPG@\n" #, c-format msgid "valid debug levels are: %s\n" msgstr "?????????? ??????? ????????????? ?: %s\n" -msgid "usage: dirmngr [options] " -msgstr "????????????: dirmngr [?????????] " +#, c-format +msgid "usage: %s [options] " +msgstr "????????????: %s [?????????]" msgid "colons are not allowed in the socket name\n" msgstr "?? ????? ??????????????? ????????? ? ????? ??????\n" @@ -7084,12 +7140,12 @@ msgstr "????????????: dirmngr_ldap [?????????] [????? msgid "" "Syntax: dirmngr_ldap [options] [URL]\n" -"Internal LDAP helper for Dirmngr.\n" -"Interface and options may change without notice.\n" +"Internal LDAP helper for Dirmngr\n" +"Interface and options may change without notice\n" msgstr "" "?????????: dirmngr_ldap [?????????] [??????]\n" -"?????????? ?????????? ?????????? LDAP ??? Dirmngr.\n" -"????????? ? ????????? ?????? ??????????? ??? ??????????? ??????????.\n" +"?????????? ?????????? ?????????? LDAP ??? Dirmngr\n" +"????????? ? ????????? ?????? ??????????? ??? ??????????? ??????????\n" #, c-format msgid "invalid port number %d\n" @@ -7191,12 +7247,8 @@ msgid "error reading log from ldap wrapper %d: %s\n" msgstr "??????? ??? ??? ?????? ??????? ??????? ? ???????? LDAP %d: %s\n" #, c-format -msgid "pth_event failed: %s\n" -msgstr "??????? pth_event: %s\n" - -#, c-format -msgid "pth_wait failed: %s\n" -msgstr "??????? pth_wait: %s\n" +msgid "npth_select failed: %s - waiting 1s\n" +msgstr "??????? npth_select: %s ? ?????????? ? 1 ?\n" #, c-format msgid "ldap wrapper %d ready" @@ -7463,7 +7515,7 @@ msgstr "????????? ???????? ????????????\n" msgid "DSA requires the use of a 160 bit hash algorithm\n" msgstr "DSA ???????? ???????????? 160-???????? ????????? ?????????\n" -msgid "certificate should have not been used for CRL signing\n" +msgid "certificate should not have been used for CRL signing\n" msgstr "?????????? ?? ??? ????????????????? ??? ???????????? CRL\n" msgid "quiet" @@ -7475,6 +7527,9 @@ msgstr "??????? ???? ? ???????????????? ?????? msgid "decode received data lines" msgstr "?????????? ???????? ????? ?????" +msgid "connect to the dirmngr" +msgstr "?????????? ? dirmngr" + msgid "|NAME|connect to Assuan socket NAME" msgstr "|NAME|?????????? ????????? ? ???????? ??????? Assuan" @@ -7493,14 +7548,14 @@ msgstr "|FILE|???????? ??????? ? ????????? ????? msgid "run /subst on startup" msgstr "???????? /subst ??? ??? ???????" -msgid "Usage: gpg-connect-agent [options] (-h for help)" -msgstr "????????????: gpg-connect-agent [?????????] (-h ? ???????)" +msgid "Usage: @GPG at -connect-agent [options] (-h for help)" +msgstr "????????????: @GPG at -connect-agent [?????????] (-h ? ???????)" msgid "" -"Syntax: gpg-connect-agent [options]\n" +"Syntax: @GPG at -connect-agent [options]\n" "Connect to a running agent and send commands\n" msgstr "" -"?????????: gpg-connect-agent [?????????]\n" +"?????????: @GPG at -connect-agent [?????????]\n" "?????????? ????????? ? ????????? ??????? ? ????????? ???????\n" #, c-format @@ -7644,10 +7699,12 @@ msgstr "GPG ??? S/MIME" msgid "Directory Manager" msgstr "????????? ?????????" -#| msgid "Bad Passphrase" msgid "PIN and Passphrase Entry" msgstr "???????? ???????? ? ???????" +msgid "Component not suitable for launching" +msgstr "????????? ?? ? ????????? ?? ???????" + #, c-format msgid "External verification of component %s failed" msgstr "??????? ?????????? ????????? ?????????? %s" @@ -7673,8 +7730,8 @@ msgstr "|COMPONENT|?????????? ?????????" msgid "apply global default values" msgstr "??????????? ???????? ?????? ????????" -msgid "get the configuration directories for gpgconf" -msgstr "???????? ????? ????????? ??????????? ??? gpgconf" +msgid "get the configuration directories for @GPGCONF@" +msgstr "???????? ????? ????????? ??????????? ??? @GPGCONF@" msgid "list global configuration file" msgstr "???????? ????????? ???? ???????????" @@ -7685,6 +7742,9 @@ msgstr "?????????? ????????? ???? ???????????" msgid "reload all or a given component" msgstr "??????????????? ??? ??? ???????? ?????????" +msgid "launch a given component" +msgstr "????????? ???????? ?????????" + msgid "kill a given component" msgstr "????????? ?????? ????????? ??????????" @@ -7694,18 +7754,15 @@ msgstr "??????????? ???? ??? ????????? ?????" msgid "activate changes at runtime, if possible" msgstr "???? ?????, ??????? ????? ? ??????????? ??????" -msgid "Usage: gpgconf [options] (-h for help)" -msgstr "????????????: gpgconf [?????????] (-h ? ???????)" +msgid "Usage: @GPGCONF@ [options] (-h for help)" +msgstr "????????????: @GPGCONF@ [?????????] (-h ? ???????)" msgid "" -"Syntax: gpgconf [options]\n" -"Manage configuration options for tools of the GnuPG system\n" +"Syntax: @GPGCONF@ [options]\n" +"Manage configuration options for tools of the @GNUPG@ system\n" msgstr "" -"?????????: gpgconf [?????????]\n" -"????????? ??????????? ???????????? ???????????? ??????? GnuPG\n" - -msgid "usage: gpgconf [options] " -msgstr "????????????: gpgconf [?????????] " +"?????????: @GPGCONF@ [?????????]\n" +"????????? ??????????? ???????????? ???????????? ??????? @GNUPG@\n" msgid "Need one component argument" msgstr "???? ??????? ???? ???????? ??????????" @@ -7860,3 +7917,105 @@ msgid "" msgstr "" "?????????: gpg-check-pattern [?????????] ????_????????\n" "?????????? ??????, ???????? ? stdin, ?? ????????? ?????_????????\n" + +#~ msgid "usage: gpg [options] " +#~ msgstr "????????????: gpg [?????????] " + +#~ msgid "usage: gpgsm [options] " +#~ msgstr "????????????: gpgsm [?????????] " + +#~ msgid "enable ssh-agent emulation" +#~ msgstr "????????? ???????? ssh-??????" + +#~ msgid "Usage: gpg-agent [options] (-h for help)" +#~ msgstr "????????????: gpg-agent [?????????] (-h ? ???????)" + +#~ msgid "malformed GPG_AGENT_INFO environment variable\n" +#~ msgstr "????????? ???????????? ??????? ?????????? GPG_AGENT_INFO\n" + +#~ msgid "error creating socket: %s\n" +#~ msgstr "??????? ??? ??? ?????? ????????? ??????: %s\n" + +#~ msgid "host not found" +#~ msgstr "????? ?? ????????" + +#~ msgid "error loading '%s': %s\n" +#~ msgstr "??????? ??? ??? ?????? ???????????? ?%s?: %s\n" + +#~ msgid " - probably dead - removing lock" +#~ msgstr " ? ????????, ?? ???????????????? ? ???????? ??????????" + +#~ msgid "deleting secret key not implemented\n" +#~ msgstr "????????? ????????? ????? ?? ???????????\n" + +#~ msgid "too many entries in pk cache - disabled\n" +#~ msgstr "??????? ?????? ??????? ? ???? pk ? ????????\n" + +#~ msgid " (%d) ECDSA and ECDH\n" +#~ msgstr " (%d) ECDSA ? ECDH\n" + +#~ msgid "the IDEA cipher plugin is not present\n" +#~ msgstr "?? ???????? ??????? ?????????? IDEA\n" + +#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed" +#~ msgstr "10 translator see trustdb.c:uid_trust_string_fixed" + +#~ msgid "[ revoked]" +#~ msgstr "[???????.]" + +#~ msgid "[ expired]" +#~ msgstr "[????????]" + +#~ msgid "[ unknown]" +#~ msgstr "[????????]" + +#~ msgid "[ undef ]" +#~ msgstr "[?? ????.]" + +#~ msgid "[marginal]" +#~ msgstr "[??????? ]" + +#~ msgid "[ full ]" +#~ msgstr "[ ????? ]" + +#~ msgid "[ultimate]" +#~ msgstr "[????????]" + +#~ msgid "undefined" +#~ msgstr "?? ?????????" + +#~ msgid "never" +#~ msgstr "??????" + +#~ msgid "marginal" +#~ msgstr "???????" + +#~ msgid "full" +#~ msgstr "?????" + +#~ msgid "ultimate" +#~ msgstr "????????" + +#~ msgid "Usage: scdaemon [options] (-h for help)" +#~ msgstr "????????????: scdaemon [?????????] (-h ? ???????)" + +#~ msgid "failed to allocated keyDB handle\n" +#~ msgstr "?? ??????? ?????????? ???????? keyDB\n" + +#~ msgid "Usage: gpgsm [options] [files] (-h for help)" +#~ msgstr "????????????: gpgsm [?????????] [?????] (-h ? ???????)" + +#~ msgid "usage: dirmngr [options] " +#~ msgstr "????????????: dirmngr [?????????] " + +#~ msgid "pth_event failed: %s\n" +#~ msgstr "??????? pth_event: %s\n" + +#~ msgid "pth_wait failed: %s\n" +#~ msgstr "??????? pth_wait: %s\n" + +#~ msgid "Usage: gpgconf [options] (-h for help)" +#~ msgstr "????????????: gpgconf [?????????] (-h ? ???????)" + +#~ msgid "usage: gpgconf [options] " +#~ msgstr "????????????: gpgconf [?????????] " commit e56a2d6a56d95c0f169506a8dc74a845c22b699d Author: Yuri Chornoivan Date: Sun Jun 22 17:33:04 2014 +0300 Fix typos in messages diff --git a/agent/findkey.c b/agent/findkey.c index e01c5c1..b842f9e 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1257,7 +1257,7 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text, err = agent_get_confirmation (ctrl, _("Warning: This key is also listed for use with SSH!\n" - "Deleting the key will may remove your ability to" + "Deleting the key will may remove your ability to " "access remote machines."), _("Delete key"), _("No"), 0); if (err) diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 8f85e48..48fa80b 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -201,7 +201,7 @@ static ARGPARSE_OPTS opts[] = { N_("|N|do not return more than N items in one query")), ARGPARSE_s_s (oHkpCaCert, "hkp-cacert", - N_("|FILE|use the CA certifciates in FILE for HKP over TLS")), + N_("|FILE|use the CA certificates in FILE for HKP over TLS")), ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */ commit 2540a4b674a17b45ec33f43f26e830e74ff0afed Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 build: Remove unused options. * configure.ac: Remove option --build-agent-only. (FAKE_CURL, GPGKEYS_CURL): Remove check for cURL (GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused SENDMAIL check. (GPGKEYS_KDNS): Remove ac_subst. * autogen.rc (final_info): Remove suggestion to use the removed option --enable-mailto. diff --git a/autogen.rc b/autogen.rc index 4860c38..3e0a9e9 100644 --- a/autogen.rc +++ b/autogen.rc @@ -42,4 +42,4 @@ esac extra_aclocal_flags="-I gl/m4" -final_info="./configure --sysconfdir=/etc --enable-maintainer-mode --enable-symcryptrun --enable-mailto --enable-gpgtar && make" +final_info="./configure --sysconfdir=/etc --enable-maintainer-mode --enable-symcryptrun --enable-gpgtar && make" diff --git a/configure.ac b/configure.ac index 8b23179..e26e51b 100644 --- a/configure.ac +++ b/configure.ac @@ -91,6 +91,7 @@ have_ksba=no have_npth=no have_libusb=no have_adns=no +gnupg_have_ldap="n/a" use_zip=yes use_bzip2=yes @@ -101,8 +102,6 @@ use_ccid_driver=yes use_standard_socket=yes dirmngr_auto_start=yes -try_ks_ldap=no - GNUPG_BUILD_PROGRAM(gpg, yes) GNUPG_BUILD_PROGRAM(gpgsm, yes) GNUPG_BUILD_PROGRAM(agent, yes) @@ -206,13 +205,6 @@ AC_DEFINE_UNQUOTED(NAME_OF_INSTALLED_GPG, "$name_of_installed_gpg", [The name of the installed GPG tool]) -# Some folks want to use only the agent from this packet. Make it -# easier for them by providing the configure option -# --enable-only-agent. -AC_ARG_ENABLE(agent-only, - AC_HELP_STRING([--enable-agent-only],[build only the gpg-agent]), - build_agent_only=$enableval) - # SELinux support includes tracking of sensitive files to avoid # leaking their contents through processing these files by gpg itself AC_MSG_CHECKING([whether SELinux support is requested]) @@ -1036,7 +1028,9 @@ AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes) # # Check for LDAP # -if test "$try_ks_ldap" = yes || test "$build_dirmngr" = "yes" ; then +# Note that running the check changes the variable +# gnupg_have_ldap from "n/a" to "no" or "yes". +if test "$build_dirmngr" = "yes" ; then GNUPG_CHECK_LDAP($NETLIBS) AC_CHECK_LIB(lber, ber_free, [ LBER_LIBS="$LBER_LIBS -llber" @@ -1048,44 +1042,23 @@ fi AC_SUBST(LBER_LIBS) # -# Check for curl. We fake the curl API if libcurl isn't installed. -# We require 7.10 or later as we use curl_version_info(). -# -LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes]) -AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes) - -# Generic, for us, means curl - -if test x"$try_generic" = xyes ; then - AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT") -fi - -# # Check for sendmail # # This isn't necessarily sendmail itself, but anything that gives a # sendmail-ish interface to the outside world. That includes Exim, # Postfix, etc. Basically, anything that can handle "sendmail -t". -if test "$try_mailto" = yes ; then - AC_ARG_WITH(mailprog, +AC_ARG_WITH(mailprog, AC_HELP_STRING([--with-mailprog=NAME], [use "NAME -t" for mail transport]), ,with_mailprog=yes) - - if test x"$with_mailprog" = xyes ; then +if test x"$with_mailprog" = xyes ; then AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib) - if test "$ac_cv_path_SENDMAIL" ; then - GPGKEYS_MAILTO="gpg2keys_mailto" - fi - elif test x"$with_mailprog" != xno ; then +elif test x"$with_mailprog" != xno ; then AC_MSG_CHECKING([for a mail transport program]) AC_SUBST(SENDMAIL,$with_mailprog) AC_MSG_RESULT($with_mailprog) - GPGKEYS_MAILTO="gpg2keys_mailto" - fi fi -AC_SUBST(GPGKEYS_MAILTO) # # Construct a printable name of the OS @@ -1552,10 +1525,6 @@ estream_INIT # # Decide what to build # -if test "$have_adns" = "yes"; then - AC_SUBST(GPGKEYS_KDNS, "gpg2keys_kdns$EXEEXT") -fi - build_scdaemon_extra="" if test "$build_scdaemon" = "yes"; then @@ -1568,14 +1537,6 @@ if test "$build_scdaemon" = "yes"; then fi -if test "$build_agent_only" = "yes" ; then - build_gpg=no - build_gpgsm=no - build_scdaemon=no - build_tools=no - build_doc=no -fi - # # Set variables for use by automake makefiles. # @@ -1743,7 +1704,7 @@ if test "$gnupg_have_ldap" = "no"; then die=yes AC_MSG_NOTICE([[ *** -*** You need a LDAP library to build this program. +*** The Dirmngr part requires an LDAP library *** Check out *** http://www.openldap.org *** for a suitable implementation. ----------------------------------------------------------------------- Summary of changes: agent/findkey.c | 2 +- autogen.rc | 2 +- configure.ac | 55 +---- dirmngr/dirmngr.c | 2 +- po/LINGUAS | 2 +- po/uk.po | 615 +++++++++++++++++++++++++++++++++-------------------- 6 files changed, 399 insertions(+), 279 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jun 27 20:20:04 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 27 Jun 2014 20:20:04 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-37-gadad187 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via adad1872b448593275d8cae06dffe376bee067b5 (commit) via c67d2701406d776094d871353dd422c802bf535b (commit) via 1ef7870fc96f6dd8137e9bfabf9b06787f75dffd (commit) via c2e3eb98884785e6794dc79c1a53d75945f4c1ab (commit) via a1dff86da8ebaab6e154360f538ca9d43a6c4934 (commit) via 5e1f9b5e1427688ac340f0829e02bece7f0caf9c (commit) from 2c4025576105a9deb78e1cfb22c11af4af09c4fa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit adad1872b448593275d8cae06dffe376bee067b5 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 speedo: Fix the w32 installer name diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index 5f8c55c..4d18d91 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -94,7 +94,7 @@ SetCompressor lzma Name "${PRETTY_PACKAGE}" # Set the output filename. -OutFile "$(NAME)-${VERSION}.exe" +OutFile "${NAME}-${VERSION}.exe" #Fixme: Do we need a logo #Icon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico" commit c67d2701406d776094d871353dd422c802bf535b Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 po: Auto-update -- diff --git a/po/ja.po b/po/ja.po index e0a984e..6cfaf34 100644 --- a/po/ja.po +++ b/po/ja.po @@ -656,7 +656,7 @@ msgstr "???????" msgid "" "Warning: This key is also listed for use with SSH!\n" -"Deleting the key will may remove your ability toaccess remote machines." +"Deleting the key will may remove your ability to access remote machines." msgstr "" msgid "DSA requires the hash length to be a multiple of 8 bits\n" @@ -1836,8 +1836,10 @@ msgstr "????: " msgid "Compression: " msgstr "??: " -msgid "usage: gpg [options] " -msgstr "???: gpg [?????] " +#, fuzzy, c-format +#| msgid "usage: gpgsm [options] " +msgid "usage: %s [options] %s\n" +msgstr "???: gpgsm [?????] " msgid "conflicting commands\n" msgstr "????????\n" @@ -4158,6 +4160,11 @@ msgstr "???????" msgid "unknown" msgstr "???" +#, fuzzy +#| msgid "algorithm: %s" +msgid ", key algorithm " +msgstr "??????: %s" + #, c-format msgid "Can't check signature: %s\n" msgstr "??????????: %s\n" @@ -6023,9 +6030,6 @@ msgstr "" "S/MIME???????????????????????????\n" "?????????????????????\n" -msgid "usage: gpgsm [options] " -msgstr "???: gpgsm [?????] " - #, c-format msgid "NOTE: won't be able to encrypt to '%s': %s\n" msgstr "*??*:'%s'????????????: %s\n" @@ -6885,7 +6889,7 @@ msgstr "|FPR|FPR??????OCSP?????" msgid "|N|do not return more than N items in one query" msgstr "|N|???????N??????????????" -msgid "|FILE|use the CA certifciates in FILE for HKP over TLS" +msgid "|FILE|use the CA certificates in FILE for HKP over TLS" msgstr "" msgid "" @@ -7799,6 +7803,12 @@ msgstr "" "??: gpg-check-pattern [?????] ????????\n" "????????????????????????????\n" +#~ msgid "usage: gpg [options] " +#~ msgstr "???: gpg [?????] " + +#~ msgid "usage: gpgsm [options] " +#~ msgstr "???: gpgsm [?????] " + #~ msgid "can't create `%s': %s\n" #~ msgstr "'%s'????????: %s\n" diff --git a/po/uk.po b/po/uk.po index e30452b..164d4b5 100644 --- a/po/uk.po +++ b/po/uk.po @@ -4258,6 +4258,11 @@ msgstr "?????????" msgid "unknown" msgstr "????????" +#, fuzzy +#| msgid "algorithm: %s" +msgid ", key algorithm " +msgstr "????????: %s" + #, c-format msgid "Can't check signature: %s\n" msgstr "?? ??????? ?????????? ??????: %s\n" commit 1ef7870fc96f6dd8137e9bfabf9b06787f75dffd Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 po: Update some strings of the French (fr) translation. diff --git a/po/fr.po b/po/fr.po index 9293376..1f06f43 100644 --- a/po/fr.po +++ b/po/fr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.1\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2012-08-21 15:44-0400\n" +"PO-Revision-Date: 2014-06-27 19:51+0200\n" "Last-Translator: David Pr?vot \n" "Language-Team: French \n" "Language: fr\n" @@ -182,8 +182,7 @@ msgstr "CDP" msgid "Reset Code" msgstr "Code de r?initialisation" -#, fuzzy, c-format -#| msgid "%s%%0A%%0AUse the reader's keypad for input." +#, c-format msgid "%s%%0A%%0AUse the reader's pinpad for input." msgstr "%s%%0A%%0AUtilisez le pav? num?rique du lecteur en entr?e." @@ -281,8 +280,7 @@ msgstr "" msgid "Yes, protection is not needed" msgstr "Oui, aucune protection n'est n?cessaire" -#, fuzzy, c-format -#| msgid "Please enter the passphrase to%0Ato protect your new key" +#, c-format msgid "Please enter the passphrase to%0Aprotect your new key" msgstr "Veuillez entrer la phrase de passe%0Apour prot?ger la nouvelle clef" @@ -378,21 +376,15 @@ msgstr "" "Veuillez signaler toutes anomalies sur <@EMAIL@> (en anglais)\n" "et tout probl?me de traduction ? .\n" -#, fuzzy -#| msgid "Usage: dirmngr [options] (-h for help)" msgid "Usage: @GPG_AGENT@ [options] (-h for help)" -msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)" +msgstr "Utilisation?: dirmngr @GPG_AGENT@ (-h pour l'aide)" -#, fuzzy -#| msgid "" -#| "Syntax: gpg-agent [options] [command [args]]\n" -#| "Secret key management for GnuPG\n" msgid "" "Syntax: @GPG_AGENT@ [options] [command [args]]\n" "Secret key management for @GNUPG@\n" msgstr "" -"Syntaxe?: gpg-agent [options] [commande [arguments]]\n" -"Gestionnaire de clefs secr?tes pour GnuPG\n" +"Syntaxe?: @GPG_AGENT@ [options] [commande [arguments]]\n" +"Gestionnaire de clefs secr?tes pour @GNUPG@\n" #, c-format msgid "invalid debug-level '%s' given\n" @@ -683,7 +675,7 @@ msgstr "activer la clef" msgid "" "Warning: This key is also listed for use with SSH!\n" -"Deleting the key will may remove your ability toaccess remote machines." +"Deleting the key will may remove your ability to access remote machines." msgstr "" msgid "DSA requires the hash length to be a multiple of 8 bits\n" @@ -1860,22 +1852,15 @@ msgstr "" " --list-keys [noms] montrer les clefs\n" " --fingerprint [noms] montrer les empreintes\n" -#, fuzzy -#| msgid "Usage: gpg [options] [files] (-h for help)" msgid "Usage: @GPG@ [options] [files] (-h for help)" -msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)" +msgstr "Utilisation?: @GPG@ [options] [fichiers] (-h pour l'aide)" -#, fuzzy -#| msgid "" -#| "Syntax: gpg [options] [files]\n" -#| "sign, check, encrypt or decrypt\n" -#| "default operation depends on the input data\n" msgid "" "Syntax: @GPG@ [options] [files]\n" "Sign, check, encrypt or decrypt\n" "Default operation depends on the input data\n" msgstr "" -"Syntaxe?: gpg [options] [fichiers]\n" +"Syntaxe?: @GPG@ [options] [fichiers]\n" "Signer, v?rifier, chiffrer ou d?chiffrer\n" "L'op?ration par d?faut d?pend des donn?es entr?es\n" @@ -1898,8 +1883,9 @@ msgstr "Hachage?: " msgid "Compression: " msgstr "Compression?: " -msgid "usage: gpg [options] " -msgstr "utilisation?: gpg [options] " +#, c-format +msgid "usage: %s [options] %s\n" +msgstr "utilisation?: %s [options] %s\n" msgid "conflicting commands\n" msgstr "commandes en conflit\n" @@ -4323,6 +4309,11 @@ msgstr "mode texte" msgid "unknown" msgstr "inconnu" +#, fuzzy +#| msgid "unknown pubkey algorithm" +msgid ", key algorithm " +msgstr "algorithme de clef publique inconnu" + #, c-format msgid "Can't check signature: %s\n" msgstr "Impossible de v?rifier la signature?: %s\n" @@ -5721,10 +5712,8 @@ msgstr "refus d'utiliser les commandes d'administration de la carte" msgid "use variable length input for pinpad" msgstr "" -#, fuzzy -#| msgid "Usage: dirmngr [options] (-h for help)" msgid "Usage: @SCDAEMON@ [options] (-h for help)" -msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)" +msgstr "Utilisation?: @SCDAEMON@ [options] (-h pour l'aide)" #, fuzzy #| msgid "" @@ -6307,28 +6296,18 @@ msgstr "|NOM|utiliser l'algorithme de chiffrement NOM" msgid "|NAME|use message digest algorithm NAME" msgstr "|NOM|utiliser l'algorithme de hachage NOM" -#, fuzzy -#| msgid "Usage: gpg [options] [files] (-h for help)" msgid "Usage: @GPGSM@ [options] [files] (-h for help)" -msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)" +msgstr "Utilisation?: @GPGSM@ [options] [fichiers] (-h pour l'aide)" -#, fuzzy -#| msgid "" -#| "Syntax: gpgsm [options] [files]\n" -#| "sign, check, encrypt or decrypt using the S/MIME protocol\n" -#| "default operation depends on the input data\n" msgid "" "Syntax: @GPGSM@ [options] [files]\n" "Sign, check, encrypt or decrypt using the S/MIME protocol\n" "Default operation depends on the input data\n" msgstr "" -"Syntaxe?: gpgsm [options] [fichiers]\n" +"Syntaxe?: @GPGSM@ [options] [fichiers]\n" "Signer, v?rifier, chiffrer ou d?chiffrer en utilisant le protocole S/MIME\n" "L'op?ration par d?faut d?pend des donn?es entr?es\n" -msgid "usage: gpgsm [options] " -msgstr "utilisation?: gpgsm [options] " - #, c-format msgid "NOTE: won't be able to encrypt to '%s': %s\n" msgstr "Remarque?: ne sera pas capable de chiffrer ? ??%s???: %s\n" @@ -7260,7 +7239,7 @@ msgstr "|EMPR|r?ponse OCSP sign?e par EMPR" msgid "|N|do not return more than N items in one query" msgstr "|N|ne pas renvoyer plus de N??l?ments dans une requ?te" -msgid "|FILE|use the CA certifciates in FILE for HKP over TLS" +msgid "|FILE|use the CA certificates in FILE for HKP over TLS" msgstr "" msgid "" @@ -7272,21 +7251,15 @@ msgstr "" "(Consultez le manuel ??info?? pour obtenir une liste compl?te des commandes\n" "et options)\n" -#, fuzzy -#| msgid "Usage: dirmngr [options] (-h for help)" msgid "Usage: @DIRMNGR@ [options] (-h for help)" -msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)" +msgstr "Utilisation?: @DIRMNGR@ [options] (-h pour l'aide)" -#, fuzzy -#| msgid "" -#| "Syntax: dirmngr [options] [command [args]]\n" -#| "LDAP and OCSP access for GnuPG\n" msgid "" "Syntax: @DIRMNGR@ [options] [command [args]]\n" "LDAP and OCSP access for @GNUPG@\n" msgstr "" -"Syntaxe?: dirmngr [options] [commande [arguments]]\n" -"Acc?s LDAP et OCSP pour GnuPG\n" +"Syntaxe?: @DIRMNGR@ [options] [commande [arguments]]\n" +"Acc?s LDAP et OCSP pour @GNUPG@\n" #, c-format msgid "valid debug levels are: %s\n" @@ -7809,20 +7782,14 @@ msgstr "|FICHIER|ex?cuter les commandes du FICHIER au d?marrage" msgid "run /subst on startup" msgstr "ex?cuter /subst au d?marrage" -#, fuzzy -#| msgid "Usage: gpg-connect-agent [options] (-h for help)" msgid "Usage: @GPG at -connect-agent [options] (-h for help)" -msgstr "Utilisation?: gpg-connect-agent [options] (-h pour l'aide)" +msgstr "Utilisation?: @GPG at -connect-agent [options] (-h pour l'aide)" -#, fuzzy -#| msgid "" -#| "Syntax: gpg-connect-agent [options]\n" -#| "Connect to a running agent and send commands\n" msgid "" "Syntax: @GPG at -connect-agent [options]\n" "Connect to a running agent and send commands\n" msgstr "" -"Syntaxe?: gpg-connect-agent [options]\n" +"Syntaxe?: @GPG at -connect-agent [options]\n" "Se connecter ? un agent en fonctionnement et envoyer des commandes\n" #, c-format @@ -7996,10 +7963,8 @@ msgstr "|COMPOSANT|v?rifier les options" msgid "apply global default values" msgstr "appliquer les valeurs par d?faut globales" -#, fuzzy -#| msgid "get the configuration directories for gpgconf" msgid "get the configuration directories for @GPGCONF@" -msgstr "aff. r?pertoires de configuration pour gpgconf" +msgstr "aff. r?pertoires de configuration pour @GPGCONF@" msgid "list global configuration file" msgstr "afficher le fichier de configuration globale" @@ -8024,21 +7989,16 @@ msgstr "utiliser comme fichier de sortie" msgid "activate changes at runtime, if possible" msgstr "activer modif. pendant l'ex?cution si possible" -#, fuzzy -#| msgid "Usage: dirmngr [options] (-h for help)" msgid "Usage: @GPGCONF@ [options] (-h for help)" -msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)" +msgstr "Utilisation?: @GPGCONF@ [options] (-h pour l'aide)" #, fuzzy -#| msgid "" -#| "Syntax: gpgconf [options]\n" -#| "Manage configuration options for tools of the GnuPG system\n" msgid "" "Syntax: @GPGCONF@ [options]\n" "Manage configuration options for tools of the @GNUPG@ system\n" msgstr "" -"Syntaxe?: gpgconf [options]\n" -"G?rer les options de configuration pour les outils du syst?me GnuPG\n" +"Syntaxe?: @GPGCONF@ [options]\n" +"G?rer les options de configuration pour les outils du syst?me @GNUPG@\n" msgid "Need one component argument" msgstr "Un argument de composant n?cessaire" @@ -8194,6 +8154,12 @@ msgstr "" "V?rifier une phrase de passe donn?e sur l'entr?e standard par rapport ? " "ficmotif\n" +#~ msgid "usage: gpg [options] " +#~ msgstr "utilisation?: gpg [options] " + +#~ msgid "usage: gpgsm [options] " +#~ msgstr "utilisation?: gpgsm [options] " + #, fuzzy #~| msgid "can't create '%s': %s\n" #~ msgid "can't create `%s': %s\n" @@ -8938,9 +8904,6 @@ msgstr "" #~ msgid "unknown packet type" #~ msgstr "type de paquet inconnu" -#~ msgid "unknown pubkey algorithm" -#~ msgstr "algorithme de clef publique inconnu" - #~ msgid "unknown digest algorithm" #~ msgstr "algorithme de hachage inconnu" commit c2e3eb98884785e6794dc79c1a53d75945f4c1ab Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 po: Update the German (de) translation diff --git a/g10/mainproc.c b/g10/mainproc.c index 890c0a4..51392e3 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1962,7 +1962,7 @@ check_sig_and_print (CTX c, KBNODE node) sig->sig_class==0x00?_("binary"): sig->sig_class==0x01?_("textmode"):_("unknown"), gcry_md_algo_name (sig->digest_algo), - *pkstrbuf?", key algorithm ":"", + *pkstrbuf?_(", key algorithm "):"", pkstrbuf); if (rc) diff --git a/po/de.po b/po/de.po index 49a03c5..6008229 100644 --- a/po/de.po +++ b/po/de.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.1.0\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2013-11-18 14:05+0100\n" +"PO-Revision-Date: 2014-06-27 20:13+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "Language: de\n" @@ -354,19 +354,17 @@ msgstr "|N|lasse PINs im Cache nach N Sekunden verfallen" msgid "do not use the PIN cache when signing" msgstr "benutze PINs im Cache nicht beim Signieren" -#, fuzzy -#| msgid "allow clients to mark keys as \"trusted\"" msgid "disallow clients to mark keys as \"trusted\"" -msgstr "erlaube Aufrufern Schl?ssel als \"vertrauensw?rdig\" zu markieren" +msgstr "verbiete Aufrufern Schl?ssel als \"vertrauensw?rdig\" zu markieren" msgid "allow presetting passphrase" msgstr "erlaube ein \"preset\" von Passphrases" msgid "enable ssh support" -msgstr "" +msgstr "SSH Unterst?tzung einschalten" msgid "enable putty support" -msgstr "" +msgstr "PuTTY Unterst?tzung einschalten" msgid "|FILE|write environment settings also to FILE" msgstr "|DATEI|Schreibe die Umgebungsvariablen auf DATEI" @@ -670,15 +668,16 @@ msgstr "Die Passphrase ?ndern" msgid "I'll change it later" msgstr "Ich werde sie sp?ter ?ndern" -#, fuzzy -#| msgid "enable key" msgid "Delete key" -msgstr "Schl?ssel anschalten" +msgstr "Schl?ssel l?schen" msgid "" "Warning: This key is also listed for use with SSH!\n" -"Deleting the key will may remove your ability toaccess remote machines." +"Deleting the key will may remove your ability to access remote machines." msgstr "" +"WARNUNG: Dieser Schl?ssel wird auch f?r SSH benutzt!\n" +"Das L?schen dieses Schl?ssels kann Ihren Zugriff auf entfernte Rechner\n" +"behindern." msgid "DSA requires the hash length to be a multiple of 8 bits\n" msgstr "F?r DSA mu? die Hashl?nge ein Vielfaches von 8 Bit sein\n" @@ -1466,18 +1465,15 @@ msgstr "Diesen Schl?ssel aus dem Schl?sselbund l?schen? (j/N) " msgid "This is a secret key! - really delete? (y/N) " msgstr "Dies ist ein privater Schl?ssel! - Wirklich l?schen? (j/N) " -#, fuzzy, c-format -#| msgid "deleting certificate \"%s\" failed: %s\n" +#, c-format msgid "deleting secret %s failed: %s\n" -msgstr "Fehler beim L?schen des Zertifikats \"%s\": %s\n" +msgstr "Fehler beim L?schen des privaten %ss: %s\n" msgid "key" -msgstr "" +msgstr "Schl?ssel" -#, fuzzy -#| msgid "Pubkey: " msgid "subkey" -msgstr "?ff. Schl?ssel: " +msgstr "Unterschl?ssel" #, c-format msgid "deleting keyblock failed: %s\n" @@ -1733,15 +1729,11 @@ msgstr "Schl?ssel aus dem ?ff. Schl?sselbund entfernen" msgid "remove keys from the secret keyring" msgstr "Schl?ssel aus dem geh. Schl?sselbund entfernen" -#, fuzzy -#| msgid "sign a key" msgid "quickly sign a key" -msgstr "Schl?ssel signieren" +msgstr "Schl?ssel schnell signieren" -#, fuzzy -#| msgid "sign a key locally" msgid "quickly sign a key locally" -msgstr "Schl?ssel nur f?r diesen Rechner signieren" +msgstr "Schl?ssel schnell nur f?r diesen Rechner signieren" msgid "sign a key" msgstr "Schl?ssel signieren" @@ -1876,8 +1868,9 @@ msgstr "Hash: " msgid "Compression: " msgstr "Komprimierung: " -msgid "usage: gpg [options] " -msgstr "Aufruf: gpg [Optionen] " +#, c-format +msgid "usage: %s [options] %s\n" +msgstr "Aufruf: %s [Optionen] %s\n" msgid "conflicting commands\n" msgstr "Widerspr?chliche Befehle\n" @@ -3206,25 +3199,19 @@ msgstr "?nderung fehlgeschlagen: %s\n" msgid "Key not changed so no update needed.\n" msgstr "Schl?ssel ist nicht ge?ndert worden, also ist kein Speichern n?tig.\n" -#, fuzzy, c-format -#| msgid "invalid fingerprint" +#, c-format msgid "\"%s\" is not a fingerprint\n" -msgstr "ung?ltiger Fingerabdruck" +msgstr "\"%s\" ist kein Fingerabdruck\n" -#, fuzzy, c-format -#| msgid "failed to get the fingerprint\n" +#, c-format msgid "\"%s\" is not the primary fingerprint\n" -msgstr "Kann den Fingerprint nicht ermitteln\n" +msgstr "\"%s\" ist nicht der Fingerabdruck des Hauptschl?ssels\n" -#, fuzzy -#| msgid "No such user ID.\n" msgid "No matching user IDs." -msgstr "Keine solche User-ID vorhanden.\n" +msgstr "Keine passende User-ID" -#, fuzzy -#| msgid "Nothing to sign with key %s\n" msgid "Nothing to sign.\n" -msgstr "Nichts zu beglaubigen f?r Schl?ssel %s\n" +msgstr "Nichts zu beglaubigen\n" msgid "Digest: " msgstr "Digest: " @@ -3655,25 +3642,21 @@ msgstr " (%d) DSA (Leistungsf?higkeit selber einstellbar)\n" msgid " (%d) RSA (set your own capabilities)\n" msgstr " (%d) RSA (Leistungsf?higkeit selber einstellbar)\n" -#, fuzzy, c-format -#| msgid " (%d) %s\n" +#, c-format msgid " (%d) ECC\n" -msgstr " (%d) signieren\n" +msgstr " (%d) ECC\n" -#, fuzzy, c-format -#| msgid " (%d) ECDSA (sign only)\n" +#, c-format msgid " (%d) ECC (sign only)\n" -msgstr " (%d) ECDSA (nur signieren/beglaubigen)\n" +msgstr " (%d) ECC (nur signieren)\n" -#, fuzzy, c-format -#| msgid " (%d) ECDSA (set your own capabilities)\n" +#, c-format msgid " (%d) ECC (set your own capabilities)\n" -msgstr " (%d) ECDSA (Leistungsf?higkeit selber einstellbar)\n" +msgstr " (%d) ECC (Leistungsf?higkeit selber einstellbar)\n" -#, fuzzy, c-format -#| msgid " (%d) ECDH (encrypt only)\n" +#, c-format msgid " (%d) ECC (encrypt only)\n" -msgstr " (%d) ECDH (nur verschl?sseln)\n" +msgstr " (%d) ECC (nur verschl?sseln)\n" #, c-format msgid " (%d) Existing key\n" @@ -4273,10 +4256,9 @@ msgstr "Diese Signatur ist seit %s verfallen.\n" msgid "Signature expires %s\n" msgstr "Diese Signatur verf?llt am %s.\n" -#, fuzzy, c-format -#| msgid "%s signature, digest algorithm %s\n" +#, c-format msgid "%s signature, digest algorithm %s%s%s\n" -msgstr "%s Signatur, Hashmethode \"%s\"\n" +msgstr "%s Signatur, Hashmethode %s%s%s\n" msgid "binary" msgstr "Bin?re" @@ -4287,6 +4269,9 @@ msgstr "Textmodus" msgid "unknown" msgstr "unbekannt" +msgid ", key algorithm " +msgstr ", Schl?sselverfahren " + #, c-format msgid "Can't check signature: %s\n" msgstr "Signatur kann nicht gepr?ft werden: %s\n" @@ -4473,58 +4458,37 @@ msgstr "%u-Bit %s Schl?ssel, ID %s, erzeugt %s" msgid " (subkey on main key ID %s)" msgstr " (Unterschl?ssel aus Hauptschl?ssel-ID %s)" -#, fuzzy -#| msgid "" -#| "Please enter the passphrase to unlock the secret key for the OpenPGP " -#| "certificate:" msgid "Please enter the passphrase to unlock the OpenPGP secret key:" msgstr "" "Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu " "entsperren:" -#, fuzzy -#| msgid "" -#| "Please enter the passphrase to import the secret key for the OpenPGP " -#| "certificate:" msgid "Please enter the passphrase to import the OpenPGP secret key:" msgstr "" "Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu " "importieren:" -#, fuzzy -#| msgid "" -#| "Please enter the passphrase to import the secret key for the OpenPGP " -#| "certificate:" msgid "Please enter the passphrase to export the OpenPGP secret subkey:" msgstr "" -"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu " -"importieren:" +"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Unterschl?ssel zu " +"exportieren:" -#, fuzzy -#| msgid "" -#| "Please enter the passphrase to import the secret key for the OpenPGP " -#| "certificate:" msgid "Please enter the passphrase to export the OpenPGP secret key:" msgstr "" "Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu " -"importieren:" +"exportieren:" -#, fuzzy -#| msgid "Do you really want to delete the selected keys? (y/N) " msgid "Do you really want to permanently delete the OpenPGP secret subkey key:" -msgstr "M?chten Sie die ausgew?hlten Schl?ssel wirklich entfernen? (j/N) " +msgstr "" +"M?chten Sie den ausgew?hlten geheimen OpenPGP Unterschl?ssel wirklich " +"dauerhaft entfernen? (j/N) " -#, fuzzy -#| msgid "Do you really want to delete the selected keys? (y/N) " msgid "Do you really want to permanently delete the OpenPGP secret key:" -msgstr "M?chten Sie die ausgew?hlten Schl?ssel wirklich entfernen? (j/N) " +msgstr "" +"M?chten Sie den ausgew?hlten geheimen OpenPGP Schl?ssel wirklich dauerhaft " +"entfernen? (j/N) " -#, fuzzy, c-format -#| msgid "" -#| "%s\n" -#| "\"%.*s\"\n" -#| "%u-bit %s key, ID %s,\n" -#| "created %s%s.\n" +#, c-format msgid "" "%s\n" "\"%.*s\"\n" @@ -4536,6 +4500,7 @@ msgstr "" "\"%.*s\"\n" "%u-Bit %s Schl?ssel, ID %s,\n" "erzeugt %s%s.\n" +"%s" # translated by wk msgid "" @@ -5010,10 +4975,9 @@ msgstr "Hinweis: Signaturschl?ssel %s ist am %s verfallen\n" msgid "NOTE: signature key %s has been revoked\n" msgstr "Hinweis: Signaturschl?ssel %s wurde widerrufen\n" -#, fuzzy, c-format -#| msgid "%s signature, digest algorithm %s\n" +#, c-format msgid "Note: signatures using the %s algorithm are rejected\n" -msgstr "%s Signatur, Hashmethode \"%s\"\n" +msgstr "Hinweis: %s basierte Signaturen werden zur?ckgewiesen.\n" #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" @@ -6230,9 +6194,6 @@ msgstr "" "Syntax: @GPGSM@ [Optionen] [Dateien]\n" "Signieren, pr?fen, ver- und entschl?sseln mittels S/MIME Protokoll\n" -msgid "usage: gpgsm [options] " -msgstr "Aufruf: gpgsm [Optionen] " - #, c-format msgid "NOTE: won't be able to encrypt to '%s': %s\n" msgstr "Hinweis: Verschl?sselung f?r `%s' wird nicht m?glich sein: %s\n" @@ -7129,8 +7090,8 @@ msgstr "|FPR|OCSP Antwort ist durch FPR signiert" msgid "|N|do not return more than N items in one query" msgstr "|N|Nicht mehr als N Angaben in einer Anfrage zur?ckgeben" -msgid "|FILE|use the CA certifciates in FILE for HKP over TLS" -msgstr "" +msgid "|FILE|use the CA certificates in FILE for HKP over TLS" +msgstr "|DATEI|Benutze die CA Zertifikate in DATEI f?r HKP ?ber TLS" msgid "" "@\n" @@ -7635,10 +7596,8 @@ msgstr "Druckdaten hexkodiert ausgeben" msgid "decode received data lines" msgstr "Dekodiere empfangene Datenzeilen" -#, fuzzy -#| msgid "can't connect to the dirmngr: %s\n" msgid "connect to the dirmngr" -msgstr "Verbindung zum Dirmngr nicht m?glich: %s\n" +msgstr "Mit dem Dirmngr verbinden" msgid "|NAME|connect to Assuan socket NAME" msgstr "|NAME|Verbinde mit dem Assuan-Socket NAME" @@ -7811,10 +7770,8 @@ msgstr "Directory Manager" msgid "PIN and Passphrase Entry" msgstr "Falsche PIN oder Passphrase!" -#, fuzzy -#| msgid "Component not found" msgid "Component not suitable for launching" -msgstr "Komponente nicht gefunden" +msgstr "Komponente unterst?tzt kein direktes starten" #, c-format msgid "External verification of component %s failed" @@ -7841,10 +7798,8 @@ msgstr "|KOMPONENTE|Pr?fe die Optionen" msgid "apply global default values" msgstr "Wende die gobalen Voreinstellungen an" -#, fuzzy -#| msgid "get the configuration directories for gpgconf" msgid "get the configuration directories for @GPGCONF@" -msgstr "Hole die Einstellungsverzeichnisse von gpgconf" +msgstr "Hole die Einstellungsverzeichnisse von @GPGCONF@" msgid "list global configuration file" msgstr "Zeige die globale Konfigurationsdatei an" @@ -7855,10 +7810,8 @@ msgstr "Pr?fe die globale Konfigurationsdatei" msgid "reload all or a given component" msgstr "\"reload\" an alle oder eine Komponente senden" -#, fuzzy -#| msgid "kill a given component" msgid "launch a given component" -msgstr "\"kill\" an eine Komponente senden" +msgstr "Die angegebene Komponente starten" msgid "kill a given component" msgstr "\"kill\" an eine Komponente senden" @@ -8032,6 +7985,12 @@ msgstr "" "Syntax: gpg-check-pattern [optionen] Musterdatei\n" "Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n" +#~ msgid "usage: gpg [options] " +#~ msgstr "Aufruf: gpg [Optionen] " + +#~ msgid "usage: gpgsm [options] " +#~ msgstr "Aufruf: gpgsm [Optionen] " + #~ msgid "enable ssh-agent emulation" #~ msgstr "Die ssh-agent-Emulation anschalten" commit a1dff86da8ebaab6e154360f538ca9d43a6c4934 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 agent: Adjust for changed npth_eselect under W32. * agent/gpg-agent.c (handle_connections) [W32]: Make events_set an unsigned int to match the changed prototype. diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 096d057..3febaf8 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -2120,7 +2120,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) struct timespec timeout; #ifdef HAVE_W32_SYSTEM HANDLE events[2]; - int events_set; + unsigned int events_set; #endif ret = npth_attr_init(&tattr); @@ -2219,7 +2219,6 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh) handle_signal (signo); } #else - events_set = 0; ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, events, &events_set); saved_errno = errno; commit 5e1f9b5e1427688ac340f0829e02bece7f0caf9c Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 dirmngr: Use the homedir based socket also under W32. * common/homedir.c (dirmngr_user_socket_name): Use same code for all platforms. diff --git a/common/homedir.c b/common/homedir.c index c50809f..7939841 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -605,15 +605,11 @@ dirmngr_sys_socket_name (void) const char * dirmngr_user_socket_name (void) { -#ifdef HAVE_W32_SYSTEM - return NULL; /* We support only a system service. */ -#else /*!HAVE_W32_SYSTEM*/ static char *name; if (!name) name = make_absfilename (default_homedir (), DIRMNGR_SOCK_NAME, NULL); return name; -#endif /*!HAVE_W32_SYSTEM*/ } ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 3 +- build-aux/speedo/w32/inst.nsi | 2 +- common/homedir.c | 4 - g10/mainproc.c | 2 +- po/de.po | 165 ++++++++++++++++------------------------- po/fr.po | 109 +++++++++------------------ po/ja.po | 24 ++++-- po/uk.po | 5 ++ 8 files changed, 123 insertions(+), 191 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jun 28 10:52:54 2014 From: cvs at cvs.gnupg.org (by Dmitry Eremin-Solenikov) Date: Sat, 28 Jun 2014 10:52:54 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-93-g066f068 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7 (commit) via 7aeba6c449169926076df83b01ddbfa6b41fe411 (commit) via b78d504fa8745b8b04589acbbcf7dd5fe9279d13 (commit) via 7533b2ad46f42e98d9dba52e88e79c0311d2d3b7 (commit) via 25d6af77e2336b5979ddbe8b90978fe5b61dfaf9 (commit) via 5ee35a04362c94e680ef3633fa83b72e0aee8626 (commit) via fb074d113fcbf66a5c20592625cb19051f3430f5 (commit) via 164738a0292b3f32c7747099ad9cadace58e5eda (commit) via 34a58010000288515636706811c3837f32957b2e (commit) via 8b221cf5ce233c8c49a4e4ecebb70d523fc37837 (commit) from f14fb5b427b5159fcd9603d2b3cde936889cf430 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7 Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:36 2014 +0400 gostr3411_94: rewrite to use u32 mathematic * cipher/gost28147.c (_gcry_gost_enc_data): New. * cipher/gostr3411-94.c: Rewrite implementation to use u32 mathematic internally. * cipher/gost28147.c (_gcry_gost_enc_one): Remove. -- On my box (Core2 Duo, i386) this highly improves GOST R 34.11-94 speed. Before: GOSTR3411_94 | 55.04 ns/B 17.33 MiB/s - c/B After: GOSTR3411_94 | 36.70 ns/B 25.99 MiB/s - c/B Signed-off-by: Dmitry Eremin-Solenikov diff --git a/cipher/gost.h b/cipher/gost.h index caaf34b..025119c 100644 --- a/cipher/gost.h +++ b/cipher/gost.h @@ -26,7 +26,7 @@ typedef struct { } GOST28147_context; /* This is a simple interface that will be used by GOST R 34.11-94 */ -extern unsigned int _gcry_gost_enc_one (GOST28147_context *c, const byte *key, - byte *out, byte *in, int cryptopro); +unsigned int _gcry_gost_enc_data (GOST28147_context *c, const u32 *key, + u32 *o1, u32 *o2, u32 n1, u32 n2, int cryptopro); #endif diff --git a/cipher/gost28147.c b/cipher/gost28147.c index af3911e..4ff80b4 100644 --- a/cipher/gost28147.c +++ b/cipher/gost28147.c @@ -69,13 +69,9 @@ gost_val (GOST28147_context *ctx, u32 cm1, int subkey) } static unsigned int -gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf) +_gost_encrypt_data (void *c, u32 *o1, u32 *o2, u32 n1, u32 n2) { GOST28147_context *ctx = c; - u32 n1, n2; - - n1 = buf_get_le32 (inbuf); - n2 = buf_get_le32 (inbuf+4); n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1); n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3); @@ -97,23 +93,41 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf) n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2); n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0); - buf_put_le32 (outbuf+0, n2); - buf_put_le32 (outbuf+4, n1); + *o1 = n2; + *o2 = n1; return /* burn_stack */ 4*sizeof(void*) /* func call */ + 3*sizeof(void*) /* stack */ + 4*sizeof(void*) /* gost_val call */; } -unsigned int _gcry_gost_enc_one (GOST28147_context *c, const byte *key, - byte *out, byte *in, int cryptopro) +static unsigned int +gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf) +{ + GOST28147_context *ctx = c; + u32 n1, n2; + unsigned int burn; + + n1 = buf_get_le32 (inbuf); + n2 = buf_get_le32 (inbuf+4); + + burn = _gost_encrypt_data(ctx, &n1, &n2, n1, n2); + + buf_put_le32 (outbuf+0, n1); + buf_put_le32 (outbuf+4, n2); + + return /* burn_stack */ burn + 6*sizeof(void*) /* func call */; +} + +unsigned int _gcry_gost_enc_data (GOST28147_context *c, const u32 *key, + u32 *o1, u32 *o2, u32 n1, u32 n2, int cryptopro) { if (cryptopro) c->sbox = sbox_CryptoPro_3411; else c->sbox = sbox_test_3411; - gost_setkey (c, key, 32); - return gost_encrypt_block (c, out, in) + 5 * sizeof(void *); + memcpy (c->key, key, 8*4); + return _gost_encrypt_data (c, o1, o2, n1, n2) + 7 * sizeof(void *); } static unsigned int diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c index 9d065fb..91e5b4c 100644 --- a/cipher/gostr3411-94.c +++ b/cipher/gostr3411-94.c @@ -25,6 +25,7 @@ #include "g10lib.h" #include "bithelp.h" +#include "bufhelp.h" #include "cipher.h" #include "hash-common.h" @@ -35,8 +36,11 @@ typedef struct { gcry_md_block_ctx_t bctx; GOST28147_context hd; - byte h[32]; - byte sigma[32]; + union { + u32 h[8]; + byte result[32]; + }; + u32 sigma[8]; u32 len; int cryptopro; } GOSTR3411_CONTEXT; @@ -71,102 +75,122 @@ gost3411_cp_init (void *context, unsigned int flags) } static void -do_p (unsigned char *p, unsigned char *u, unsigned char *v) +do_p (u32 *p, u32 *u, u32 *v) { - int i, k; + int k; + u32 t[8]; + for (k = 0; k < 8; k++) + t[k] = u[k] ^ v[k]; + + for (k = 0; k < 4; k++) { - for (i = 0; i < 4; i++) - { - p[i + 4 * k] = u[8 * i + k] ^ v[8 * i + k]; - } + p[k+0] = ((t[0] >> (8*k)) & 0xff) << 0 | + ((t[2] >> (8*k)) & 0xff) << 8 | + ((t[4] >> (8*k)) & 0xff) << 16 | + ((t[6] >> (8*k)) & 0xff) << 24; + p[k+4] = ((t[1] >> (8*k)) & 0xff) << 0 | + ((t[3] >> (8*k)) & 0xff) << 8 | + ((t[5] >> (8*k)) & 0xff) << 16 | + ((t[7] >> (8*k)) & 0xff) << 24; } } static void -do_a (unsigned char *u) +do_a (u32 *u) { - unsigned char temp[8]; + u32 t[2]; int i; - memcpy (temp, u, 8); - memmove (u, u+8, 24); - for (i = 0; i < 8; i++) - { - u[24 + i] = u[i] ^ temp[i]; - } + memcpy(t, u, 2*4); + for (i = 0; i < 6; i++) + u[i] = u[i+2]; + u[6] = u[0] ^ t[0]; + u[7] = u[1] ^ t[1]; } /* apply do_a twice: 1 2 3 4 -> 3 4 1^2 2^3 */ static void -do_a2 (unsigned char *u) +do_a2 (u32 *u) { - unsigned char temp[16]; + u32 t[4]; int i; - memcpy (temp, u, 16); - memcpy (u, u + 16, 16); - for (i = 0; i < 8; i++) + memcpy (t, u, 16); + memcpy (u, u + 4, 16); + for (i = 0; i < 2; i++) { - u[16 + i] = temp[i] ^ temp[8 + i]; - u[24 + i] = u[i] ^ temp[8 + i]; + u[4+i] = t[i] ^ t[i + 2]; + u[6+i] = u[i] ^ t[i + 2]; } } static void -do_apply_c2 (unsigned char *u) +do_apply_c2 (u32 *u) { - u[ 1] ^= 0xff; - u[ 3] ^= 0xff; - u[ 5] ^= 0xff; - u[ 7] ^= 0xff; - - u[ 8] ^= 0xff; - u[10] ^= 0xff; - u[12] ^= 0xff; - u[14] ^= 0xff; - - u[17] ^= 0xff; - u[18] ^= 0xff; - u[20] ^= 0xff; - u[23] ^= 0xff; - - u[24] ^= 0xff; - u[28] ^= 0xff; - u[29] ^= 0xff; - u[31] ^= 0xff; + u[ 0] ^= 0xff00ff00; + u[ 1] ^= 0xff00ff00; + u[ 2] ^= 0x00ff00ff; + u[ 3] ^= 0x00ff00ff; + u[ 4] ^= 0x00ffff00; + u[ 5] ^= 0xff0000ff; + u[ 6] ^= 0x000000ff; + u[ 7] ^= 0xff00ffff; } -#define do_phi_step(e, i) \ - e[(0 + 2*i) % 32] ^= e[(2 + 2*i) % 32] ^ e[(4 + 2*i) % 32] ^ e[(6 + 2*i) % 32] ^ e[(24 + 2*i) % 32] ^ e[(30 + 2*i) % 32]; \ - e[(1 + 2*i) % 32] ^= e[(3 + 2*i) % 32] ^ e[(5 + 2*i) % 32] ^ e[(7 + 2*i) % 32] ^ e[(25 + 2*i) % 32] ^ e[(31 + 2*i) % 32]; +#define do_chi_step12(e) \ + e[6] ^= ((e[6] >> 16) ^ e[7] ^ (e[7] >> 16) ^ e[4] ^ (e[5] >>16)) & 0xffff; + +#define do_chi_step13(e) \ + e[6] ^= ((e[7] ^ (e[7] >> 16) ^ e[0] ^ (e[4] >> 16) ^ e[6]) & 0xffff) << 16; + +#define do_chi_doublestep(e, i) \ + e[i] ^= (e[i] >> 16) ^ (e[(i+1)%8] << 16) ^ e[(i+1)%8] ^ (e[(i+1)%8] >> 16) ^ (e[(i+2)%8] << 16) ^ e[(i+6)%8] ^ (e[(i+7)%8] >> 16); \ + e[i] ^= (e[i] << 16); static void -do_phi_submix (unsigned char *e, unsigned char *x, int round) +do_chi_submix12 (u32 *e, u32 *x) { - int i; - round *= 2; - for (i = 0; i < 32; i++) - { - e[(i + round) % 32] ^= x[i]; - } + e[6] ^= x[0]; + e[7] ^= x[1]; + e[0] ^= x[2]; + e[1] ^= x[3]; + e[2] ^= x[4]; + e[3] ^= x[5]; + e[4] ^= x[6]; + e[5] ^= x[7]; +} + +static void +do_chi_submix13 (u32 *e, u32 *x) +{ + e[6] ^= (x[0] << 16) | (x[7] >> 16); + e[7] ^= (x[1] << 16) | (x[0] >> 16); + e[0] ^= (x[2] << 16) | (x[1] >> 16); + e[1] ^= (x[3] << 16) | (x[2] >> 16); + e[2] ^= (x[4] << 16) | (x[3] >> 16); + e[3] ^= (x[5] << 16) | (x[4] >> 16); + e[4] ^= (x[6] << 16) | (x[5] >> 16); + e[5] ^= (x[7] << 16) | (x[6] >> 16); } static void -do_add (unsigned char *s, unsigned char *a) +do_add (u32 *s, u32 *a) { - unsigned temp = 0; + u32 carry = 0; int i; - for (i = 0; i < 32; i++) + for (i = 0; i < 8; i++) { - temp = s[i] + a[i] + (temp >> 8); - s[i] = temp & 0xff; + u32 op = carry + a[i]; + s[i] += op; + carry = (a[i] > op) || (op > s[i]); } } static unsigned int -do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m) +do_hash_step (GOSTR3411_CONTEXT *hd, u32 *h, u32 *m) { - unsigned char u[32], v[32], s[32]; - unsigned char k[32]; + u32 u[8], v[8]; + u32 s[8]; + u32 k[8]; unsigned int burn; int i; @@ -176,7 +200,7 @@ do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m) for (i = 0; i < 4; i++) { do_p (k, u, v); - burn = _gcry_gost_enc_one (&hd->hd, k, s + i*8, h + i*8, hd->cryptopro); + burn = _gcry_gost_enc_data (&hd->hd, k, &s[2*i], &s[2*i+1], h[2*i], h[2*i+1], hd->cryptopro); do_a (u); if (i == 1) @@ -186,33 +210,26 @@ do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m) for (i = 0; i < 5; i++) { - do_phi_step (s, 0); - do_phi_step (s, 1); - do_phi_step (s, 2); - do_phi_step (s, 3); - do_phi_step (s, 4); - do_phi_step (s, 5); - do_phi_step (s, 6); - do_phi_step (s, 7); - do_phi_step (s, 8); - do_phi_step (s, 9); + do_chi_doublestep (s, 0); + do_chi_doublestep (s, 1); + do_chi_doublestep (s, 2); + do_chi_doublestep (s, 3); + do_chi_doublestep (s, 4); /* That is in total 12 + 1 + 61 = 74 = 16 * 4 + 10 rounds */ if (i == 4) break; - do_phi_step (s, 10); - do_phi_step (s, 11); + do_chi_doublestep (s, 5); if (i == 0) - do_phi_submix(s, m, 12); - do_phi_step (s, 12); + do_chi_submix12(s, m); + do_chi_step12 (s); if (i == 0) - do_phi_submix(s, h, 13); - do_phi_step (s, 13); - do_phi_step (s, 14); - do_phi_step (s, 15); + do_chi_submix13(s, h); + do_chi_step13 (s); + do_chi_doublestep (s, 7); } - memcpy (h, s+20, 12); - memcpy (h+12, s, 20); + memcpy (h, s+5, 12); + memcpy (h+3, s, 20); return /* burn_stack */ 4 * sizeof(void*) /* func call (ret addr + args) */ + 4 * 32 + 2 * sizeof(int) /* stack */ + @@ -221,15 +238,16 @@ do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m) 16 + sizeof(int) /* do_a2 stack */ ); } - static unsigned int transform_blk (void *ctx, const unsigned char *data) { GOSTR3411_CONTEXT *hd = ctx; - byte m[32]; + u32 m[8]; unsigned int burn; + int i; - memcpy (m, data, 32); + for (i = 0; i < 8; i++) + m[i] = buf_get_le32(data + i*4); burn = do_hash_step (hd, hd->h, m); do_add (hd->sigma, m); @@ -263,9 +281,9 @@ gost3411_final (void *context) { GOSTR3411_CONTEXT *hd = context; size_t padlen = 0; - byte l[32]; + u32 l[8]; int i; - u32 nblocks; + MD_NBLOCKS_TYPE nblocks; if (hd->bctx.count > 0) { @@ -286,15 +304,19 @@ gost3411_final (void *context) nblocks --; l[0] = 256 - padlen * 8; } + l[0] |= nblocks << 8; + nblocks >>= 24; for (i = 1; i < 32 && nblocks != 0; i++) { - l[i] = nblocks % 256; - nblocks /= 256; + l[i] = nblocks; + nblocks >>= 24; } do_hash_step (hd, hd->h, l); do_hash_step (hd, hd->h, hd->sigma); + for (i = 0; i < 8; i++) + hd->h[i] = le_bswap32(hd->h[i]); } static byte * @@ -302,7 +324,7 @@ gost3411_read (void *context) { GOSTR3411_CONTEXT *hd = context; - return hd->h; + return hd->result; } static unsigned char asn[6] = /* Object ID is 1.2.643.2.2.3 */ commit 7aeba6c449169926076df83b01ddbfa6b41fe411 Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:35 2014 +0400 gost28147: use bufhelp helpers * cipher/gost28147.c (gost_setkey, gost_encrypt_block, gost_decrypt_block): use buf_get_le32/buf_put_le32 helpers. -- On my box this boosts GOST 28147-89 speed from 36 MiB/s up to 44.5 MiB/s. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/cipher/gost28147.c b/cipher/gost28147.c index 5456053..af3911e 100644 --- a/cipher/gost28147.c +++ b/cipher/gost28147.c @@ -33,6 +33,7 @@ #include "types.h" #include "g10lib.h" #include "cipher.h" +#include "bufhelp.h" #include "gost.h" #include "gost-sb.h" @@ -51,10 +52,7 @@ gost_setkey (void *c, const byte *key, unsigned keylen) for (i = 0; i < 8; i++) { - ctx->key[i] = (key[4 * i + 3] << 24) | - (key[4 * i + 2] << 16) | - (key[4 * i + 1] << 8) | - (key[4 * i + 0] << 0); + ctx->key[i] = buf_get_le32(&key[4*i]); } return GPG_ERR_NO_ERROR; } @@ -76,14 +74,8 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf) GOST28147_context *ctx = c; u32 n1, n2; - n1 = (inbuf[0] << 0) | - (inbuf[1] << 8) | - (inbuf[2] << 16) | - (inbuf[3] << 24); - n2 = (inbuf[4] << 0) | - (inbuf[5] << 8) | - (inbuf[6] << 16) | - (inbuf[7] << 24); + n1 = buf_get_le32 (inbuf); + n2 = buf_get_le32 (inbuf+4); n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1); n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3); @@ -105,14 +97,8 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf) n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2); n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0); - outbuf[0 + 0] = (n2 >> (0 * 8)) & 0xff; - outbuf[1 + 0] = (n2 >> (1 * 8)) & 0xff; - outbuf[2 + 0] = (n2 >> (2 * 8)) & 0xff; - outbuf[3 + 0] = (n2 >> (3 * 8)) & 0xff; - outbuf[0 + 4] = (n1 >> (0 * 8)) & 0xff; - outbuf[1 + 4] = (n1 >> (1 * 8)) & 0xff; - outbuf[2 + 4] = (n1 >> (2 * 8)) & 0xff; - outbuf[3 + 4] = (n1 >> (3 * 8)) & 0xff; + buf_put_le32 (outbuf+0, n2); + buf_put_le32 (outbuf+4, n1); return /* burn_stack */ 4*sizeof(void*) /* func call */ + 3*sizeof(void*) /* stack */ + @@ -136,14 +122,8 @@ gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf) GOST28147_context *ctx = c; u32 n1, n2; - n1 = (inbuf[0] << 0) | - (inbuf[1] << 8) | - (inbuf[2] << 16) | - (inbuf[3] << 24); - n2 = (inbuf[4] << 0) | - (inbuf[5] << 8) | - (inbuf[6] << 16) | - (inbuf[7] << 24); + n1 = buf_get_le32 (inbuf); + n2 = buf_get_le32 (inbuf+4); n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1); n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3); @@ -165,14 +145,8 @@ gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf) n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2); n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0); - outbuf[0 + 0] = (n2 >> (0 * 8)) & 0xff; - outbuf[1 + 0] = (n2 >> (1 * 8)) & 0xff; - outbuf[2 + 0] = (n2 >> (2 * 8)) & 0xff; - outbuf[3 + 0] = (n2 >> (3 * 8)) & 0xff; - outbuf[0 + 4] = (n1 >> (0 * 8)) & 0xff; - outbuf[1 + 4] = (n1 >> (1 * 8)) & 0xff; - outbuf[2 + 4] = (n1 >> (2 * 8)) & 0xff; - outbuf[3 + 4] = (n1 >> (3 * 8)) & 0xff; + buf_put_le32 (outbuf+0, n2); + buf_put_le32 (outbuf+4, n1); return /* burn_stack */ 4*sizeof(void*) /* func call */ + 3*sizeof(void*) /* stack */ + commit b78d504fa8745b8b04589acbbcf7dd5fe9279d13 Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:34 2014 +0400 Fixup curve name in the GOST2012 test case * tests/basic.c (check_pubkey): fixup curve name in public key. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/tests/basic.c b/tests/basic.c index 875b36c..6d70cfd 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -6966,7 +6966,7 @@ check_pubkey (void) "(public-key\n" " (ecc\n" - " (curve GOST2001-test)\n" + " (curve GOST2012-test)\n" " (q #04115DC5BC96760C7B48598D8AB9E740D4C4A85A65BE33C1" " 815B5C320C854621DD5A515856D13314AF69BC5B924C8B" " 4DDFF75C45415C1D9DD9DD33612CD530EFE137C7C90CD4" commit 7533b2ad46f42e98d9dba52e88e79c0311d2d3b7 Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:33 2014 +0400 Update PBKDF2 tests with GOST R 34.11-94 test cases * tests/t-kdf.c (check_pbkdf2): Add MD_GOSTR3411_CP test cases. -- TC26 (Technical Comitee for standardization "Cryptography and security mechanisms") published a document with test vectors for PBKDF2 used with GOST R 34.11-94 message digest function. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/tests/t-kdf.c b/tests/t-kdf.c index adbe6cc..8e728d5 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -864,6 +864,7 @@ check_pbkdf2 (void) size_t plen; /* Length of P. */ const char *salt; size_t saltlen; + int hashalgo; unsigned long c; /* Iterations. */ int dklen; /* Requested key length. */ const char *dk; /* Derived key. */ @@ -872,6 +873,7 @@ check_pbkdf2 (void) { "password", 8, "salt", 4, + GCRY_MD_SHA1, 1, 20, "\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9" @@ -880,6 +882,7 @@ check_pbkdf2 (void) { "password", 8, "salt", 4, + GCRY_MD_SHA1, 2, 20, "\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e" @@ -888,6 +891,7 @@ check_pbkdf2 (void) { "password", 8, "salt", 4, + GCRY_MD_SHA1, 4096, 20, "\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad" @@ -896,6 +900,7 @@ check_pbkdf2 (void) { "password", 8, "salt", 4, + GCRY_MD_SHA1, 16777216, 20, "\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94" @@ -905,6 +910,7 @@ check_pbkdf2 (void) { "passwordPASSWORDpassword", 24, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, + GCRY_MD_SHA1, 4096, 25, "\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8" @@ -914,6 +920,7 @@ check_pbkdf2 (void) { "pass\0word", 9, "sa\0lt", 5, + GCRY_MD_SHA1, 4096, 16, "\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37" @@ -922,15 +929,71 @@ check_pbkdf2 (void) { /* empty password test, not in RFC-6070 */ "", 0, "salt", 4, + GCRY_MD_SHA1, 2, 20, "\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2" "\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97" + }, + { + "password", 8, + "salt", 4, + GCRY_MD_GOSTR3411_CP, + 1, + 32, + "\x73\x14\xe7\xc0\x4f\xb2\xe6\x62\xc5\x43\x67\x42\x53\xf6\x8b\xd0" + "\xb7\x34\x45\xd0\x7f\x24\x1b\xed\x87\x28\x82\xda\x21\x66\x2d\x58" + }, + { + "password", 8, + "salt", 4, + GCRY_MD_GOSTR3411_CP, + 2, + 32, + "\x99\x0d\xfa\x2b\xd9\x65\x63\x9b\xa4\x8b\x07\xb7\x92\x77\x5d\xf7" + "\x9f\x2d\xb3\x4f\xef\x25\xf2\x74\x37\x88\x72\xfe\xd7\xed\x1b\xb3" + }, + { + "password", 8, + "salt", 4, + GCRY_MD_GOSTR3411_CP, + 4096, + 32, + "\x1f\x18\x29\xa9\x4b\xdf\xf5\xbe\x10\xd0\xae\xb3\x6a\xf4\x98\xe7" + "\xa9\x74\x67\xf3\xb3\x11\x16\xa5\xa7\xc1\xaf\xff\x9d\xea\xda\xfe" + }, + /* { -- takes too long (4-5 min) to calculate + "password", 8, + "salt", 4, + GCRY_MD_GOSTR3411_CP, + 16777216, + 32, + "\xa5\x7a\xe5\xa6\x08\x83\x96\xd1\x20\x85\x0c\x5c\x09\xde\x0a\x52" + "\x51\x00\x93\x8a\x59\xb1\xb5\xc3\xf7\x81\x09\x10\xd0\x5f\xcd\x97" + }, */ + { + "passwordPASSWORDpassword", 24, + "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36, + GCRY_MD_GOSTR3411_CP, + 4096, + 40, + "\x78\x83\x58\xc6\x9c\xb2\xdb\xe2\x51\xa7\xbb\x17\xd5\xf4\x24\x1f" + "\x26\x5a\x79\x2a\x35\xbe\xcd\xe8\xd5\x6f\x32\x6b\x49\xc8\x50\x47" + "\xb7\x63\x8a\xcb\x47\x64\xb1\xfd" + }, + { + "pass\0word", 9, + "sa\0lt", 5, + GCRY_MD_GOSTR3411_CP, + 4096, + 20, + "\x43\xe0\x6c\x55\x90\xb0\x8c\x02\x25\x24" + "\x23\x73\x12\x7e\xdf\x9c\x8e\x9c\x32\x91" } }; int tvidx; gpg_error_t err; - unsigned char outbuf[32]; + unsigned char outbuf[40]; int i; for (tvidx=0; tvidx < DIM(tv); tvidx++) @@ -938,10 +1001,11 @@ check_pbkdf2 (void) if (tv[tvidx].disabled) continue; if (verbose) - fprintf (stderr, "checking PBKDF2 test vector %d\n", tvidx); + fprintf (stderr, "checking PBKDF2 test vector %d algo %d\n", tvidx, + tv[tvidx].hashalgo); assert (tv[tvidx].dklen <= sizeof outbuf); err = gcry_kdf_derive (tv[tvidx].p, tv[tvidx].plen, - GCRY_KDF_PBKDF2, GCRY_MD_SHA1, + GCRY_KDF_PBKDF2, tv[tvidx].hashalgo, tv[tvidx].salt, tv[tvidx].saltlen, tv[tvidx].c, tv[tvidx].dklen, outbuf); if (err) commit 25d6af77e2336b5979ddbe8b90978fe5b61dfaf9 Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:32 2014 +0400 Add GOST R 34.11-94 variant using id-GostR3411-94-CryptoProParamSet * src/gcrypt.h.in (GCRY_MD_GOSTR3411_CP): New. * src/cipher.h (_gcry_digest_spec_gost3411_cp): New. * cipher/gost28147.c (_gcry_gost_enc_one): Differentiate between CryptoPro and Test S-Boxes. * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_cp, gost3411_cp_init): New. * cipher/md.c (md_open): GCRY_MD_GOSTR3411_CP also uses B=32. -- RFC4357 defines only two S-Boxes that should be used together with GOST R 34.11-94 - a testing one (from standard itself, for testing only) and CryptoPro one. Instead of adding a separate gcry_md_ctrl() function just to switch s-boxes, add a separate MD algorithm using CryptoPro S-box. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/NEWS b/NEWS index 5eacf30..214c676 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,7 @@ Noteworthy changes in version 1.7.0 (unreleased) GCRY_MD_FLAG_BUGEMU1 NEW. GCRYCTL_SET_SBOX NEW. gcry_cipher_set_sbox NEW macro. + GCRY_MD_GOSTR3411_CP NEW. Noteworthy changes in version 1.6.0 (2013-12-16) diff --git a/cipher/gost.h b/cipher/gost.h index 3fbd9df..caaf34b 100644 --- a/cipher/gost.h +++ b/cipher/gost.h @@ -27,6 +27,6 @@ typedef struct { /* This is a simple interface that will be used by GOST R 34.11-94 */ extern unsigned int _gcry_gost_enc_one (GOST28147_context *c, const byte *key, - byte *out, byte *in); + byte *out, byte *in, int cryptopro); #endif diff --git a/cipher/gost28147.c b/cipher/gost28147.c index ae9e705..5456053 100644 --- a/cipher/gost28147.c +++ b/cipher/gost28147.c @@ -120,8 +120,12 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf) } unsigned int _gcry_gost_enc_one (GOST28147_context *c, const byte *key, - byte *out, byte *in) + byte *out, byte *in, int cryptopro) { + if (cryptopro) + c->sbox = sbox_CryptoPro_3411; + else + c->sbox = sbox_test_3411; gost_setkey (c, key, 32); return gost_encrypt_block (c, out, in) + 5 * sizeof(void *); } diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c index 73d570f..9d065fb 100644 --- a/cipher/gostr3411-94.c +++ b/cipher/gostr3411-94.c @@ -38,6 +38,7 @@ typedef struct { byte h[32]; byte sigma[32]; u32 len; + int cryptopro; } GOSTR3411_CONTEXT; static unsigned int @@ -58,6 +59,15 @@ gost3411_init (void *context, unsigned int flags) hd->bctx.count = 0; hd->bctx.blocksize = 32; hd->bctx.bwrite = transform; + hd->cryptopro = 0; +} + +static void +gost3411_cp_init (void *context, unsigned int flags) +{ + GOSTR3411_CONTEXT *hd = context; + gost3411_init (context, flags); + hd->cryptopro = 1; } static void @@ -153,7 +163,7 @@ do_add (unsigned char *s, unsigned char *a) } static unsigned int -do_hash_step (GOST28147_context *hd, unsigned char *h, unsigned char *m) +do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m) { unsigned char u[32], v[32], s[32]; unsigned char k[32]; @@ -166,7 +176,7 @@ do_hash_step (GOST28147_context *hd, unsigned char *h, unsigned char *m) for (i = 0; i < 4; i++) { do_p (k, u, v); - burn = _gcry_gost_enc_one (hd, k, s + i*8, h + i*8); + burn = _gcry_gost_enc_one (&hd->hd, k, s + i*8, h + i*8, hd->cryptopro); do_a (u); if (i == 1) @@ -220,7 +230,7 @@ transform_blk (void *ctx, const unsigned char *data) unsigned int burn; memcpy (m, data, 32); - burn = do_hash_step (&hd->hd, hd->h, m); + burn = do_hash_step (hd, hd->h, m); do_add (hd->sigma, m); return /* burn_stack */ burn + 3 * sizeof(void*) + 32 + 2 * sizeof(void*); @@ -283,8 +293,8 @@ gost3411_final (void *context) nblocks /= 256; } - do_hash_step (&hd->hd, hd->h, l); - do_hash_step (&hd->hd, hd->h, hd->sigma); + do_hash_step (hd, hd->h, l); + do_hash_step (hd, hd->h, hd->sigma); } static byte * @@ -310,7 +320,14 @@ static gcry_md_oid_spec_t oid_spec_gostr3411[] = gcry_md_spec_t _gcry_digest_spec_gost3411_94 = { GCRY_MD_GOSTR3411_94, {0, 0}, - "GOSTR3411_94", asn, DIM (asn), oid_spec_gostr3411, 32, + "GOSTR3411_94", NULL, 0, NULL, 32, gost3411_init, _gcry_md_block_write, gost3411_final, gost3411_read, sizeof (GOSTR3411_CONTEXT) }; +gcry_md_spec_t _gcry_digest_spec_gost3411_cp = + { + GCRY_MD_GOSTR3411_CP, {0, 0}, + "GOSTR3411_CP", asn, DIM (asn), oid_spec_gostr3411, 32, + gost3411_cp_init, _gcry_md_block_write, gost3411_final, gost3411_read, + sizeof (GOSTR3411_CONTEXT) + }; diff --git a/cipher/md.c b/cipher/md.c index 5ab89cb..a1e5859 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -53,6 +53,7 @@ static gcry_md_spec_t *digest_list[] = #endif #ifdef USE_GOST_R_3411_94 &_gcry_digest_spec_gost3411_94, + &_gcry_digest_spec_gost3411_cp, #endif #ifdef USE_GOST_R_3411_12 &_gcry_digest_spec_stribog_256, @@ -335,6 +336,7 @@ md_open (gcry_md_hd_t *h, int algo, unsigned int flags) ctx->macpads_Bsize = 128; break; case GCRY_MD_GOSTR3411_94: + case GCRY_MD_GOSTR3411_CP: ctx->macpads_Bsize = 32; break; default: diff --git a/src/cipher.h b/src/cipher.h index ed57d3c..f4f6cc4 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -258,6 +258,7 @@ extern gcry_md_spec_t _gcry_digest_spec_crc32; extern gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510; extern gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440; extern gcry_md_spec_t _gcry_digest_spec_gost3411_94; +extern gcry_md_spec_t _gcry_digest_spec_gost3411_cp; extern gcry_md_spec_t _gcry_digest_spec_stribog_256; extern gcry_md_spec_t _gcry_digest_spec_stribog_512; extern gcry_md_spec_t _gcry_digest_spec_md2; diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 95d324b..a5f8350 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1152,7 +1152,8 @@ enum gcry_md_algos GCRY_MD_TIGER2 = 307, /* TIGER2 variant. */ GCRY_MD_GOSTR3411_94 = 308, /* GOST R 34.11-94. */ GCRY_MD_STRIBOG256 = 309, /* GOST R 34.11-2012, 256 bit. */ - GCRY_MD_STRIBOG512 = 310 /* GOST R 34.11-2012, 512 bit. */ + GCRY_MD_STRIBOG512 = 310, /* GOST R 34.11-2012, 512 bit. */ + GCRY_MD_GOSTR3411_CP = 311 /* GOST R 34.11-94 with CryptoPro-A S-Box. */ }; /* Flags used with the open function. */ commit 5ee35a04362c94e680ef3633fa83b72e0aee8626 Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:31 2014 +0400 gost28147: support GCRYCTL_SET_SBOX cipher/gost28147.c (gost_set_extra_info, gost_set_sbox): New. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/cipher/gost28147.c b/cipher/gost28147.c index 1720f45..ae9e705 100644 --- a/cipher/gost28147.c +++ b/cipher/gost28147.c @@ -175,6 +175,44 @@ gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf) 4*sizeof(void*) /* gost_val call */; } +static gpg_err_code_t +gost_set_sbox (GOST28147_context *ctx, const char *oid) +{ + int i; + + for (i = 0; gost_oid_map[i].oid; i++) + { + if (!strcmp(gost_oid_map[i].oid, oid)) + { + ctx->sbox = gost_oid_map[i].sbox; + return 0; + } + } + return GPG_ERR_VALUE_NOT_FOUND; +} + +static gpg_err_code_t +gost_set_extra_info (void *c, int what, const void *buffer, size_t buflen) +{ + GOST28147_context *ctx = c; + gpg_err_code_t ec = 0; + + (void)buffer; + (void)buflen; + + switch (what) + { + case GCRYCTL_SET_SBOX: + ec = gost_set_sbox (ctx, buffer); + break; + + default: + ec = GPG_ERR_INV_OP; + break; + } + return ec; +} + static gcry_cipher_oid_spec_t oids_gost28147[] = { /* { "1.2.643.2.2.31.0", GCRY_CIPHER_MODE_CNTGOST }, */ @@ -193,4 +231,5 @@ gcry_cipher_spec_t _gcry_cipher_spec_gost28147 = gost_setkey, gost_encrypt_block, gost_decrypt_block, + NULL, NULL, NULL, gost_set_extra_info, }; commit fb074d113fcbf66a5c20592625cb19051f3430f5 Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:30 2014 +0400 Support setting s-box for the ciphers that require it * src/gcrypt.h.in (GCRYCTL_SET_SBOX, gcry_cipher_set_sbox): New. * cipher/cipher.c (_gcry_cipher_ctl): pass GCRYCTL_SET_SBOX to set_extra_info callback. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/NEWS b/NEWS index e1bb772..5eacf30 100644 --- a/NEWS +++ b/NEWS @@ -26,6 +26,8 @@ Noteworthy changes in version 1.7.0 (unreleased) gcry_mac_get_algo NEW. GCRY_MAC_HMAC_MD2 NEW. GCRY_MD_FLAG_BUGEMU1 NEW. + GCRYCTL_SET_SBOX NEW. + gcry_cipher_set_sbox NEW macro. Noteworthy changes in version 1.6.0 (2013-12-16) diff --git a/cipher/cipher.c b/cipher/cipher.c index da59061..5c44c0d 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -1264,6 +1264,13 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) } break; + case GCRYCTL_SET_SBOX: + if (h->spec->set_extra_info) + rc = h->spec->set_extra_info + (&h->context.c, GCRYCTL_SET_SBOX, buffer, buflen); + else + rc = GPG_ERR_NOT_SUPPORTED; + default: rc = GPG_ERR_INV_OP; } diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index bd38a24..95d324b 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -329,7 +329,8 @@ enum gcry_ctl_cmds GCRYCTL_SET_CCM_LENGTHS = 69, GCRYCTL_CLOSE_RANDOM_DEVICE = 70, GCRYCTL_INACTIVATE_FIPS_FLAG = 71, - GCRYCTL_REACTIVATE_FIPS_FLAG = 72 + GCRYCTL_REACTIVATE_FIPS_FLAG = 72, + GCRYCTL_SET_SBOX = 73 }; /* Perform various operations defined by CMD. */ @@ -1002,6 +1003,9 @@ gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, #define gcry_cipher_cts(h,on) gcry_cipher_ctl( (h), GCRYCTL_SET_CBC_CTS, \ NULL, on ) +#define gcry_cipher_set_sbox(h,oid) gcry_cipher_ctl( (h), GCRYCTL_SET_SBOX, \ + (oid), 0); + /* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of block size length, or (NULL,0) to set the CTR to the all-zero block. */ gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd, commit 164738a0292b3f32c7747099ad9cadace58e5eda Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:29 2014 +0400 cipher/gost28147: generate optimized s-boxes from compact ones * cipher/gost-s-box.c: New. Outputs optimized expanded representation of s-boxes (4x256) from compact 16x8 representation. * cipher/Makefile.am: Add gost-sb.h dependency to gost28147.lo * cipher/gost.h: Add sbox to the GOST28147_context structure. * cipher/gost28147.c (gost_setkey): Set default s-box to test s-box from GOST R 34.11 (this was the only one S-box before). * cipher/gost28147.c (gost_val): Use sbox from the context. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/.gitignore b/.gitignore index 8b235f9..3929e4d 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,8 @@ po/messages.mo /stamp-h1 /Makefile.in cipher/Makefile.in +cipher/gost-s-box +cipher/gost-sb.h compat/Makefile.in doc/Makefile.in m4/Makefile.in diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 8a3bd19..c165356 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -93,6 +93,11 @@ rfc2268.c \ camellia.c camellia.h camellia-glue.c camellia-aesni-avx-amd64.S \ camellia-aesni-avx2-amd64.S camellia-arm.S +noinst_PROGRAMS = gost-s-box +gost28147.lo: gost-sb.h +gost-sb.h: gost-s-box + $(builddir)/gost-s-box $@ + if ENABLE_O_FLAG_MUNGING o_flag_munging = sed -e 's/-O$[2-9s][2-9s]*$/-O1/' -e 's/-Ofast/-O1/g' else diff --git a/cipher/gost-s-box.c b/cipher/gost-s-box.c new file mode 100644 index 0000000..0094f65 --- /dev/null +++ b/cipher/gost-s-box.c @@ -0,0 +1,256 @@ +/* gost-s-box.c - GOST 28147-89 S-Box expander + * Copyright (C) 2013 Dmitry Eremin-Solenikov + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include +#include + +#define DIM(v) (sizeof(v)/sizeof((v)[0])) + +struct gost_sbox +{ + const char *name; + const char *oid; + unsigned char sbox[16*8]; +} gost_sboxes[] = { + { "test_3411", "1.2.643.2.2.30.0", { + 0x4, 0xE, 0x5, 0x7, 0x6, 0x4, 0xD, 0x1, + 0xA, 0xB, 0x8, 0xD, 0xC, 0xB, 0xB, 0xF, + 0x9, 0x4, 0x1, 0xA, 0x7, 0xA, 0x4, 0xD, + 0x2, 0xC, 0xD, 0x1, 0x1, 0x0, 0x1, 0x0, + + 0xD, 0x6, 0xA, 0x0, 0x5, 0x7, 0x3, 0x5, + 0x8, 0xD, 0x3, 0x8, 0xF, 0x2, 0xF, 0x7, + 0x0, 0xF, 0x4, 0x9, 0xD, 0x1, 0x5, 0xA, + 0xE, 0xA, 0x2, 0xF, 0x8, 0xD, 0x9, 0x4, + + 0x6, 0x2, 0xE, 0xE, 0x4, 0x3, 0x0, 0x9, + 0xB, 0x3, 0xF, 0x4, 0xA, 0x6, 0xA, 0x2, + 0x1, 0x8, 0xC, 0x6, 0x9, 0x8, 0xE, 0x3, + 0xC, 0x1, 0x7, 0xC, 0xE, 0x5, 0x7, 0xE, + + 0x7, 0x0, 0x6, 0xB, 0x0, 0x9, 0x6, 0x6, + 0xF, 0x7, 0x0, 0x2, 0x3, 0xC, 0x8, 0xB, + 0x5, 0x5, 0x9, 0x5, 0xB, 0xF, 0x2, 0x8, + 0x3, 0x9, 0xB, 0x3, 0x2, 0xE, 0xC, 0xC, + } + }, + { "CryptoPro_3411", "1.2.643.2.2.30.1", { + 0xA, 0x5, 0x7, 0x4, 0x7, 0x7, 0xD, 0x1, + 0x4, 0xF, 0xF, 0xA, 0x6, 0x6, 0xE, 0x3, + 0x5, 0x4, 0xC, 0x7, 0x4, 0x2, 0x4, 0xA, + 0x6, 0x0, 0xE, 0xC, 0xB, 0x4, 0x1, 0x9, + + 0x8, 0x2, 0x9, 0x0, 0x9, 0xD, 0x7, 0x5, + 0x1, 0xD, 0x4, 0xF, 0xC, 0x9, 0x0, 0xB, + 0x3, 0xB, 0x1, 0x2, 0x2, 0xF, 0x5, 0x4, + 0x7, 0x9, 0x0, 0x8, 0xA, 0x0, 0xA, 0xF, + + 0xD, 0x1, 0x3, 0xE, 0x1, 0xA, 0x3, 0x8, + 0xC, 0x7, 0xB, 0x1, 0x8, 0x1, 0xC, 0x6, + 0xE, 0x6, 0x5, 0x6, 0x0, 0x5, 0x8, 0x7, + 0x0, 0x3, 0x2, 0x5, 0xE, 0xB, 0xF, 0xE, + + 0x9, 0xC, 0x6, 0xD, 0xF, 0x8, 0x6, 0xD, + 0x2, 0xE, 0xA, 0xB, 0xD, 0xE, 0x2, 0x0, + 0xB, 0xA, 0x8, 0x9, 0x3, 0xC, 0x9, 0x2, + 0xF, 0x8, 0xD, 0x3, 0x5, 0x3, 0xB, 0xC, + } + }, + { "Test_89", "1.2.643.2.2.31.0", { + 0x4, 0xC, 0xD, 0xE, 0x3, 0x8, 0x9, 0xC, + 0x2, 0x9, 0x8, 0x9, 0xE, 0xF, 0xB, 0x6, + 0xF, 0xF, 0xE, 0xB, 0x5, 0x6, 0xC, 0x5, + 0x5, 0xE, 0xC, 0x2, 0x9, 0xB, 0x0, 0x2, + + 0x9, 0x8, 0x7, 0x5, 0x6, 0x1, 0x3, 0xB, + 0x1, 0x1, 0x3, 0xF, 0x8, 0x9, 0x6, 0x0, + 0x0, 0x3, 0x9, 0x7, 0x0, 0xC, 0x7, 0x9, + 0x8, 0xA, 0xA, 0x1, 0xD, 0x5, 0x5, 0xD, + + 0xE, 0x2, 0x1, 0x0, 0xA, 0xD, 0x4, 0x3, + 0x3, 0x7, 0x5, 0xD, 0xB, 0x3, 0x8, 0xE, + 0xB, 0x4, 0x2, 0xC, 0x7, 0x7, 0xE, 0x7, + 0xC, 0xD, 0x4, 0x6, 0xC, 0xA, 0xF, 0xA, + + 0xD, 0x6, 0x6, 0xA, 0x2, 0x0, 0x1, 0xF, + 0x7, 0x0, 0xF, 0x4, 0x1, 0xE, 0xA, 0x4, + 0xA, 0xB, 0x0, 0x3, 0xF, 0x2, 0x2, 0x1, + 0x6, 0x5, 0xB, 0x8, 0x4, 0x4, 0xD, 0x8, + } + }, + { "CryptoPro_A", "1.2.643.2.2.31.1", { + 0x9, 0x3, 0xE, 0xE, 0xB, 0x3, 0x1, 0xB, + 0x6, 0x7, 0x4, 0x7, 0x5, 0xA, 0xD, 0xA, + 0x3, 0xE, 0x6, 0xA, 0x1, 0xD, 0x2, 0xF, + 0x2, 0x9, 0x2, 0xC, 0x9, 0xC, 0x9, 0x5, + + 0x8, 0x8, 0xB, 0xD, 0x8, 0x1, 0x7, 0x0, + 0xB, 0xA, 0x3, 0x1, 0xD, 0x2, 0xA, 0xC, + 0x1, 0xF, 0xD, 0x3, 0xF, 0x0, 0x6, 0xE, + 0x7, 0x0, 0x8, 0x9, 0x0, 0xB, 0x0, 0x8, + + 0xA, 0x5, 0xC, 0x0, 0xE, 0x7, 0x8, 0x6, + 0x4, 0x2, 0xF, 0x2, 0x4, 0x5, 0xC, 0x2, + 0xE, 0x6, 0x5, 0xB, 0x2, 0x9, 0x4, 0x3, + 0xF, 0xC, 0xA, 0x4, 0x3, 0x4, 0x5, 0x9, + + 0xC, 0xB, 0x0, 0xF, 0xC, 0x8, 0xF, 0x1, + 0x0, 0x4, 0x7, 0x8, 0x7, 0xF, 0x3, 0x7, + 0xD, 0xD, 0x1, 0x5, 0xA, 0xE, 0xB, 0xD, + 0x5, 0x1, 0x9, 0x6, 0x6, 0x6, 0xE, 0x4, + } + }, + { "CryptoPro_B", "1.2.643.2.2.31.2", { + 0x8, 0x0, 0xE, 0x7, 0x2, 0x8, 0x5, 0x0, + 0x4, 0x1, 0xC, 0x5, 0x7, 0x3, 0x2, 0x4, + 0xB, 0x2, 0x0, 0x0, 0xC, 0x2, 0xA, 0xB, + 0x1, 0xA, 0xA, 0xD, 0xF, 0x6, 0xB, 0xE, + + 0x3, 0x4, 0x9, 0xB, 0x9, 0x4, 0x9, 0x8, + 0x5, 0xD, 0x2, 0x6, 0x5, 0xD, 0x1, 0x3, + 0x0, 0x5, 0xD, 0x1, 0xA, 0xE, 0xC, 0x7, + 0x9, 0xC, 0xB, 0x2, 0xB, 0xB, 0x3, 0x1, + + 0x2, 0x9, 0x7, 0x3, 0x1, 0xC, 0x7, 0xA, + 0xE, 0x7, 0x5, 0xA, 0x4, 0x1, 0x4, 0x2, + 0xA, 0x3, 0x8, 0xC, 0x0, 0x7, 0xD, 0x9, + 0xC, 0xF, 0xF, 0xF, 0xD, 0xF, 0x0, 0x6, + + 0x6, 0x8, 0x6, 0xE, 0x8, 0x0, 0xF, 0xD, + 0x7, 0x6, 0x1, 0x9, 0xE, 0x9, 0x8, 0x5, + 0xF, 0xE, 0x4, 0x8, 0x3, 0x5, 0xE, 0xC, + } + }, + { "CryptoPro_C", "1.2.643.2.2.31.3", { + 0x1, 0x0, 0x8, 0x3, 0x8, 0xC, 0xA, 0x7, + 0xB, 0x1, 0x2, 0x6, 0xD, 0x9, 0x9, 0x4, + 0xC, 0x7, 0x5, 0x0, 0xB, 0xB, 0x6, 0x0, + 0x2, 0xD, 0x0, 0x1, 0x0, 0x1, 0x8, 0x5, + + 0x9, 0xB, 0x4, 0x5, 0x4, 0x8, 0xD, 0xA, + 0xD, 0x4, 0x9, 0xD, 0x5, 0xE, 0xE, 0x2, + 0x0, 0x5, 0xF, 0xA, 0x1, 0x2, 0x2, 0xF, + 0xF, 0x2, 0xA, 0x8, 0x2, 0x4, 0x0, 0xE, + + 0x4, 0x8, 0x3, 0xB, 0x9, 0x7, 0xF, 0xC, + 0x5, 0xE, 0x7, 0x2, 0x3, 0x3, 0x3, 0x6, + 0x8, 0xF, 0xC, 0x9, 0xC, 0x6, 0x5, 0x1, + 0xE, 0xC, 0xD, 0x7, 0xE, 0x5, 0xB, 0xB, + + 0xA, 0x9, 0x6, 0xE, 0x6, 0xA, 0x4, 0xD, + 0x7, 0xA, 0xE, 0xF, 0xF, 0x0, 0x1, 0x9, + 0x6, 0x6, 0x1, 0xC, 0xA, 0xF, 0xC, 0x3, + 0x3, 0x3, 0xB, 0x4, 0x7, 0xD, 0x7, 0x8, + } + }, + { "CryptoPro_D", "1.2.643.2.2.31.4", { + 0xF, 0xB, 0x1, 0x1, 0x0, 0x8, 0x3, 0x1, + 0xC, 0x6, 0xC, 0x5, 0xC, 0x0, 0x0, 0xA, + 0x2, 0x3, 0xB, 0xE, 0x8, 0xF, 0x6, 0x6, + 0xA, 0x4, 0x0, 0xC, 0x9, 0x3, 0xF, 0x8, + + 0x6, 0xC, 0xF, 0xA, 0xD, 0x2, 0x1, 0xF, + 0x4, 0xF, 0xE, 0x7, 0x2, 0x5, 0xE, 0xB, + 0x5, 0xE, 0x6, 0x0, 0xA, 0xE, 0x9, 0x0, + 0x0, 0x2, 0x5, 0xD, 0xB, 0xB, 0x2, 0x4, + + 0x7, 0x7, 0xA, 0x6, 0x7, 0x1, 0xD, 0xC, + 0x9, 0xD, 0xD, 0x2, 0x3, 0xA, 0x8, 0x3, + 0xE, 0x8, 0x4, 0xB, 0x6, 0x4, 0xC, 0x5, + 0xD, 0x0, 0x8, 0x4, 0x5, 0x7, 0x4, 0x9, + + 0x1, 0x5, 0x9, 0x9, 0x4, 0xC, 0xB, 0x7, + 0xB, 0xA, 0x3, 0x3, 0xE, 0x9, 0xA, 0xD, + 0x8, 0x9, 0x7, 0xF, 0xF, 0xD, 0x5, 0x2, + 0x3, 0x1, 0x2, 0x8, 0x1, 0x6, 0x7, 0xE, + } + }, + { "TC26_A", "1.2.643.7.1.2.5.1.1", { + 0xc, 0x6, 0xb, 0xc, 0x7, 0x5, 0x8, 0x1, + 0x4, 0x8, 0x3, 0x8, 0xf, 0xd, 0xe, 0x7, + 0x6, 0x2, 0x5, 0x2, 0x5, 0xf, 0x2, 0xe, + 0x2, 0x3, 0x8, 0x1, 0xa, 0x6, 0x5, 0xd, + + 0xa, 0x9, 0x2, 0xd, 0x8, 0x9, 0x6, 0x0, + 0x5, 0xa, 0xf, 0x4, 0x1, 0x2, 0x9, 0x5, + 0xb, 0x5, 0xa, 0xf, 0x6, 0xc, 0x1, 0x8, + 0x9, 0xc, 0xd, 0x6, 0xd, 0xa, 0xc, 0x3, + + 0xe, 0x1, 0xe, 0x7, 0x0, 0xb, 0xf, 0x4, + 0x8, 0xe, 0x1, 0x0, 0x9, 0x7, 0x4, 0xf, + 0xd, 0x4, 0x7, 0xa, 0x3, 0x8, 0xb, 0xa, + 0x7, 0x7, 0x4, 0x5, 0xe, 0x1, 0x0, 0x6, + + 0x0, 0xb, 0xc, 0x3, 0xb, 0x4, 0xd, 0x9, + 0x3, 0xd, 0x9, 0xe, 0x4, 0x3, 0xa, 0xc, + 0xf, 0x0, 0x6, 0x9, 0x2, 0xe, 0x3, 0xb, + 0x1, 0xf, 0x0, 0xb, 0xc, 0x0, 0x7, 0x2, + } + }, +}; + +int main(int argc, char **argv) +{ + unsigned int i, j, s; + FILE *f; + + if (argc == 1) + f = stdin; + else + f = fopen(argv[1], "w"); + + if (!f) + { + perror("fopen"); + exit(1); + } + + for (s = 0; s < DIM(gost_sboxes); s++) + { + unsigned char *sbox = gost_sboxes[s].sbox; + fprintf (f, "static const u32 sbox_%s[4*256] =\n {", gost_sboxes[s].name); + for (i = 0; i < 4; i++) { + fprintf (f, "\n /* %d */\n ", i); + for (j = 0; j < 256; j++) { + unsigned int val; + if (j % 4 == 0 && j != 0) + fprintf (f, "\n "); + val = sbox[ (j & 0xf) * 8 + 2 * i + 0] | + (sbox[ (j >> 4) * 8 + 2 * i + 1] << 4); + val <<= (8*i); + val = (val << 11) | (val >> 21); + fprintf (f, " 0x%08x,", val); + } + } + fprintf (f, "\n };\n\n"); + } + + fprintf (f, "static struct\n{\n const char *oid;\n const u32 *sbox;\n} gost_oid_map[] = {\n"); + + for (s = 0; s < DIM(gost_sboxes); s++) + { + fprintf (f, " { \"%s\", sbox_%s },\n", gost_sboxes[s].oid, gost_sboxes[s].name ); + } + + fprintf(f, " { NULL, NULL }\n};\n"); + + fclose (f); + + return 0; +} diff --git a/cipher/gost.h b/cipher/gost.h index d058eb2..3fbd9df 100644 --- a/cipher/gost.h +++ b/cipher/gost.h @@ -22,6 +22,7 @@ typedef struct { u32 key[8]; + const u32 *sbox; } GOST28147_context; /* This is a simple interface that will be used by GOST R 34.11-94 */ diff --git a/cipher/gost28147.c b/cipher/gost28147.c index 1e48eb0..1720f45 100644 --- a/cipher/gost28147.c +++ b/cipher/gost28147.c @@ -34,277 +34,8 @@ #include "g10lib.h" #include "cipher.h" - -/* This is an s-box from RFC4357, named GostR3411-94-TestParamSet - * For now it is the only s-box supported, as libgcrypt lacks mechanism - * for passing parameters to cipher in a usefull way. - * S-boxes was modified from 4->4 to 8->8 bits unit with precalculated - * shift and rotation by optimisation reasons. - */ -static const u32 test_sbox[4][256] = { - /* 0 */ - { 0x00072000, 0x00075000, 0x00074800, 0x00071000, - 0x00076800, 0x00074000, 0x00070000, 0x00077000, - 0x00073000, 0x00075800, 0x00070800, 0x00076000, - 0x00073800, 0x00077800, 0x00072800, 0x00071800, - 0x0005a000, 0x0005d000, 0x0005c800, 0x00059000, - 0x0005e800, 0x0005c000, 0x00058000, 0x0005f000, - 0x0005b000, 0x0005d800, 0x00058800, 0x0005e000, - 0x0005b800, 0X0005F800, 0x0005a800, 0x00059800, - 0x00022000, 0x00025000, 0x00024800, 0x00021000, - 0x00026800, 0x00024000, 0x00020000, 0x00027000, - 0X00023000, 0x00025800, 0x00020800, 0x00026000, - 0x00023800, 0x00027800, 0x00022800, 0x00021800, - 0x00062000, 0x00065000, 0x00064800, 0x00061000, - 0x00066800, 0x00064000, 0x00060000, 0x00067000, - 0x00063000, 0x00065800, 0x00060800, 0x00066000, - 0x00063800, 0x00067800, 0x00062800, 0x00061800, - 0x00032000, 0x00035000, 0x00034800, 0x00031000, - 0x00036800, 0x00034000, 0x00030000, 0x00037000, - 0x00033000, 0x00035800, 0x00030800, 0x00036000, - 0x00033800, 0x00037800, 0x00032800, 0x00031800, - 0x0006a000, 0x0006d000, 0x0006c800, 0x00069000, - 0x0006e800, 0x0006c000, 0x00068000, 0x0006f000, - 0x0006b000, 0x0006d800, 0x00068800, 0x0006e000, - 0x0006b800, 0x0006f800, 0x0006a800, 0x00069800, - 0x0007a000, 0x0007d000, 0x0007c800, 0x00079000, - 0x0007e800, 0x0007c000, 0x00078000, 0x0007f000, - 0x0007b000, 0x0007d800, 0x00078800, 0x0007e000, - 0x0007b800, 0x0007f800, 0x0007a800, 0x00079800, - 0x00052000, 0x00055000, 0x00054800, 0x00051000, - 0x00056800, 0x00054000, 0x00050000, 0x00057000, - 0x00053000, 0x00055800, 0x00050800, 0x00056000, - 0x00053800, 0x00057800, 0x00052800, 0x00051800, - 0x00012000, 0x00015000, 0x00014800, 0x00011000, - 0x00016800, 0x00014000, 0x00010000, 0x00017000, - 0x00013000, 0x00015800, 0x00010800, 0x00016000, - 0x00013800, 0x00017800, 0x00012800, 0x00011800, - 0x0001a000, 0x0001d000, 0x0001c800, 0x00019000, - 0x0001e800, 0x0001c000, 0x00018000, 0x0001f000, - 0x0001b000, 0x0001d800, 0x00018800, 0x0001e000, - 0x0001b800, 0x0001f800, 0x0001a800, 0x00019800, - 0x00042000, 0x00045000, 0x00044800, 0x00041000, - 0x00046800, 0x00044000, 0x00040000, 0x00047000, - 0x00043000, 0x00045800, 0x00040800, 0x00046000, - 0x00043800, 0x00047800, 0x00042800, 0x00041800, - 0x0000a000, 0x0000d000, 0x0000c800, 0x00009000, - 0x0000e800, 0x0000c000, 0x00008000, 0x0000f000, - 0x0000b000, 0x0000d800, 0x00008800, 0x0000e000, - 0x0000b800, 0x0000f800, 0x0000a800, 0x00009800, - 0x00002000, 0x00005000, 0x00004800, 0x00001000, - 0x00006800, 0x00004000, 0x00000000, 0x00007000, - 0x00003000, 0x00005800, 0x00000800, 0x00006000, - 0x00003800, 0x00007800, 0x00002800, 0x00001800, - 0x0003a000, 0x0003d000, 0x0003c800, 0x00039000, - 0x0003e800, 0x0003c000, 0x00038000, 0x0003f000, - 0x0003b000, 0x0003d800, 0x00038800, 0x0003e000, - 0x0003b800, 0x0003f800, 0x0003a800, 0x00039800, - 0x0002a000, 0x0002d000, 0x0002c800, 0x00029000, - 0x0002e800, 0x0002c000, 0x00028000, 0x0002f000, - 0x0002b000, 0x0002d800, 0x00028800, 0x0002e000, - 0x0002b800, 0x0002f800, 0x0002a800, 0x00029800, - 0x0004a000, 0x0004d000, 0x0004c800, 0x00049000, - 0x0004e800, 0x0004c000, 0x00048000, 0x0004f000, - 0x0004b000, 0x0004d800, 0x00048800, 0x0004e000, - 0x0004b800, 0x0004f800, 0x0004a800, 0x00049800 }, - /* 1 */ - { 0x03a80000, 0x03c00000, 0x03880000, 0x03e80000, - 0x03d00000, 0x03980000, 0x03a00000, 0x03900000, - 0x03f00000, 0x03f80000, 0x03e00000, 0x03b80000, - 0x03b00000, 0x03800000, 0x03c80000, 0x03d80000, - 0x06a80000, 0x06c00000, 0x06880000, 0x06e80000, - 0x06d00000, 0x06980000, 0x06a00000, 0x06900000, - 0x06f00000, 0x06f80000, 0x06e00000, 0x06b80000, - 0x06b00000, 0x06800000, 0x06c80000, 0x06d80000, - 0x05280000, 0x05400000, 0x05080000, 0x05680000, - 0x05500000, 0x05180000, 0x05200000, 0x05100000, - 0x05700000, 0x05780000, 0x05600000, 0x05380000, - 0x05300000, 0x05000000, 0x05480000, 0x05580000, - 0x00a80000, 0x00c00000, 0x00880000, 0x00e80000, - 0x00d00000, 0x00980000, 0x00a00000, 0x00900000, - 0x00f00000, 0x00f80000, 0x00e00000, 0x00b80000, - 0x00b00000, 0x00800000, 0x00c80000, 0x00d80000, - 0x00280000, 0x00400000, 0x00080000, 0x00680000, - 0x00500000, 0x00180000, 0x00200000, 0x00100000, - 0x00700000, 0x00780000, 0x00600000, 0x00380000, - 0x00300000, 0x00000000, 0x00480000, 0x00580000, - 0x04280000, 0x04400000, 0x04080000, 0x04680000, - 0x04500000, 0x04180000, 0x04200000, 0x04100000, - 0x04700000, 0x04780000, 0x04600000, 0x04380000, - 0x04300000, 0x04000000, 0x04480000, 0x04580000, - 0x04a80000, 0x04c00000, 0x04880000, 0x04e80000, - 0x04d00000, 0x04980000, 0x04a00000, 0x04900000, - 0x04f00000, 0x04f80000, 0x04e00000, 0x04b80000, - 0x04b00000, 0x04800000, 0x04c80000, 0x04d80000, - 0x07a80000, 0x07c00000, 0x07880000, 0x07e80000, - 0x07d00000, 0x07980000, 0x07a00000, 0x07900000, - 0x07f00000, 0x07f80000, 0x07e00000, 0x07b80000, - 0x07b00000, 0x07800000, 0x07c80000, 0x07d80000, - 0x07280000, 0x07400000, 0x07080000, 0x07680000, - 0x07500000, 0x07180000, 0x07200000, 0x07100000, - 0x07700000, 0x07780000, 0x07600000, 0x07380000, - 0x07300000, 0x07000000, 0x07480000, 0x07580000, - 0x02280000, 0x02400000, 0x02080000, 0x02680000, - 0x02500000, 0x02180000, 0x02200000, 0x02100000, - 0x02700000, 0x02780000, 0x02600000, 0x02380000, - 0x02300000, 0x02000000, 0x02480000, 0x02580000, - 0x03280000, 0x03400000, 0x03080000, 0x03680000, - 0x03500000, 0x03180000, 0x03200000, 0x03100000, - 0x03700000, 0x03780000, 0x03600000, 0x03380000, - 0x03300000, 0x03000000, 0x03480000, 0x03580000, - 0x06280000, 0x06400000, 0x06080000, 0x06680000, - 0x06500000, 0x06180000, 0x06200000, 0x06100000, - 0x06700000, 0x06780000, 0x06600000, 0x06380000, - 0x06300000, 0x06000000, 0x06480000, 0x06580000, - 0x05a80000, 0x05c00000, 0x05880000, 0x05e80000, - 0x05d00000, 0x05980000, 0x05a00000, 0x05900000, - 0x05f00000, 0x05f80000, 0x05e00000, 0x05b80000, - 0x05b00000, 0x05800000, 0x05c80000, 0x05d80000, - 0x01280000, 0x01400000, 0x01080000, 0x01680000, - 0x01500000, 0x01180000, 0x01200000, 0x01100000, - 0x01700000, 0x01780000, 0x01600000, 0x01380000, - 0x01300000, 0x01000000, 0x01480000, 0x01580000, - 0x02a80000, 0x02c00000, 0x02880000, 0x02e80000, - 0x02d00000, 0x02980000, 0x02a00000, 0x02900000, - 0x02f00000, 0x02f80000, 0x02e00000, 0x02b80000, - 0x02b00000, 0x02800000, 0x02c80000, 0x02d80000, - 0x01a80000, 0x01c00000, 0x01880000, 0x01e80000, - 0x01d00000, 0x01980000, 0x01a00000, 0x01900000, - 0x01f00000, 0x01f80000, 0x01e00000, 0x01b80000, - 0x01b00000, 0x01800000, 0x01c80000, 0x01d80000 }, - /* 2 */ - { 0x30000002, 0x60000002, 0x38000002, 0x08000002, - 0x28000002, 0x78000002, 0x68000002, 0x40000002, - 0x20000002, 0x50000002, 0x48000002, 0x70000002, - 0x00000002, 0x18000002, 0x58000002, 0x10000002, - 0xb0000005, 0xe0000005, 0xb8000005, 0x88000005, - 0xa8000005, 0xf8000005, 0xe8000005, 0xc0000005, - 0xa0000005, 0xd0000005, 0xc8000005, 0xf0000005, - 0x80000005, 0x98000005, 0xd8000005, 0x90000005, - 0x30000005, 0x60000005, 0x38000005, 0x08000005, - 0x28000005, 0x78000005, 0x68000005, 0x40000005, - 0x20000005, 0x50000005, 0x48000005, 0x70000005, - 0x00000005, 0x18000005, 0x58000005, 0x10000005, - 0x30000000, 0x60000000, 0x38000000, 0x08000000, - 0x28000000, 0x78000000, 0x68000000, 0x40000000, - 0x20000000, 0x50000000, 0x48000000, 0x70000000, - 0x00000000, 0x18000000, 0x58000000, 0x10000000, - 0xb0000003, 0xe0000003, 0xb8000003, 0x88000003, - 0xa8000003, 0xf8000003, 0xe8000003, 0xc0000003, - 0xa0000003, 0xd0000003, 0xc8000003, 0xf0000003, - 0x80000003, 0x98000003, 0xd8000003, 0x90000003, - 0x30000001, 0x60000001, 0x38000001, 0x08000001, - 0x28000001, 0x78000001, 0x68000001, 0x40000001, - 0x20000001, 0x50000001, 0x48000001, 0x70000001, - 0x00000001, 0x18000001, 0x58000001, 0x10000001, - 0xb0000000, 0xe0000000, 0xb8000000, 0x88000000, - 0xa8000000, 0xf8000000, 0xe8000000, 0xc0000000, - 0xa0000000, 0xd0000000, 0xc8000000, 0xf0000000, - 0x80000000, 0x98000000, 0xd8000000, 0x90000000, - 0xb0000006, 0xe0000006, 0xb8000006, 0x88000006, - 0xa8000006, 0xf8000006, 0xe8000006, 0xc0000006, - 0xa0000006, 0xd0000006, 0xc8000006, 0xf0000006, - 0x80000006, 0x98000006, 0xd8000006, 0x90000006, - 0xb0000001, 0xe0000001, 0xb8000001, 0x88000001, - 0xa8000001, 0xf8000001, 0xe8000001, 0xc0000001, - 0xa0000001, 0xd0000001, 0xc8000001, 0xf0000001, - 0x80000001, 0x98000001, 0xd8000001, 0x90000001, - 0x30000003, 0x60000003, 0x38000003, 0x08000003, - 0x28000003, 0x78000003, 0x68000003, 0x40000003, - 0x20000003, 0x50000003, 0x48000003, 0x70000003, - 0x00000003, 0x18000003, 0x58000003, 0x10000003, - 0x30000004, 0x60000004, 0x38000004, 0x08000004, - 0x28000004, 0x78000004, 0x68000004, 0x40000004, - 0x20000004, 0x50000004, 0x48000004, 0x70000004, - 0x00000004, 0x18000004, 0x58000004, 0x10000004, - 0xb0000002, 0xe0000002, 0xb8000002, 0x88000002, - 0xa8000002, 0xf8000002, 0xe8000002, 0xc0000002, - 0xa0000002, 0xd0000002, 0xc8000002, 0xf0000002, - 0x80000002, 0x98000002, 0xd8000002, 0x90000002, - 0xb0000004, 0xe0000004, 0xb8000004, 0x88000004, - 0xa8000004, 0xf8000004, 0xe8000004, 0xc0000004, - 0xa0000004, 0xd0000004, 0xc8000004, 0xf0000004, - 0x80000004, 0x98000004, 0xd8000004, 0x90000004, - 0x30000006, 0x60000006, 0x38000006, 0x08000006, - 0x28000006, 0x78000006, 0x68000006, 0x40000006, - 0x20000006, 0x50000006, 0x48000006, 0x70000006, - 0x00000006, 0x18000006, 0x58000006, 0x10000006, - 0xb0000007, 0xe0000007, 0xb8000007, 0x88000007, - 0xa8000007, 0xf8000007, 0xe8000007, 0xc0000007, - 0xa0000007, 0xd0000007, 0xc8000007, 0xf0000007, - 0x80000007, 0x98000007, 0xd8000007, 0x90000007, - 0x30000007, 0x60000007, 0x38000007, 0x08000007, - 0x28000007, 0x78000007, 0x68000007, 0x40000007, - 0x20000007, 0x50000007, 0x48000007, 0x70000007, - 0x00000007, 0x18000007, 0x58000007, 0x10000007 }, - /* 3 */ - { 0x000000e8, 0x000000d8, 0x000000a0, 0x00000088, - 0x00000098, 0x000000f8, 0x000000a8, 0x000000c8, - 0x00000080, 0x000000d0, 0x000000f0, 0x000000b8, - 0x000000b0, 0x000000c0, 0x00000090, 0x000000e0, - 0x000007e8, 0x000007d8, 0x000007a0, 0x00000788, - 0x00000798, 0x000007f8, 0x000007a8, 0x000007c8, - 0x00000780, 0x000007d0, 0x000007f0, 0x000007b8, - 0x000007b0, 0x000007c0, 0x00000790, 0x000007e0, - 0x000006e8, 0x000006d8, 0x000006a0, 0x00000688, - 0x00000698, 0x000006f8, 0x000006a8, 0x000006c8, - 0x00000680, 0x000006d0, 0x000006f0, 0x000006b8, - 0x000006b0, 0x000006c0, 0x00000690, 0x000006e0, - 0x00000068, 0x00000058, 0x00000020, 0x00000008, - 0x00000018, 0x00000078, 0x00000028, 0x00000048, - 0x00000000, 0x00000050, 0x00000070, 0x00000038, - 0x00000030, 0x00000040, 0x00000010, 0x00000060, - 0x000002e8, 0x000002d8, 0x000002a0, 0x00000288, - 0x00000298, 0x000002f8, 0x000002a8, 0x000002c8, - 0x00000280, 0x000002d0, 0x000002f0, 0x000002b8, - 0x000002b0, 0x000002c0, 0x00000290, 0x000002e0, - 0x000003e8, 0x000003d8, 0x000003a0, 0x00000388, - 0x00000398, 0x000003f8, 0x000003a8, 0x000003c8, - 0x00000380, 0x000003d0, 0x000003f0, 0x000003b8, - 0x000003b0, 0x000003c0, 0x00000390, 0x000003e0, - 0x00000568, 0x00000558, 0x00000520, 0x00000508, - 0x00000518, 0x00000578, 0x00000528, 0x00000548, - 0x00000500, 0x00000550, 0x00000570, 0x00000538, - 0x00000530, 0x00000540, 0x00000510, 0x00000560, - 0x00000268, 0x00000258, 0x00000220, 0x00000208, - 0x00000218, 0x00000278, 0x00000228, 0x00000248, - 0x00000200, 0x00000250, 0x00000270, 0x00000238, - 0x00000230, 0x00000240, 0x00000210, 0x00000260, - 0x000004e8, 0x000004d8, 0x000004a0, 0x00000488, - 0x00000498, 0x000004f8, 0x000004a8, 0x000004c8, - 0x00000480, 0x000004d0, 0x000004f0, 0x000004b8, - 0x000004b0, 0x000004c0, 0x00000490, 0x000004e0, - 0x00000168, 0x00000158, 0x00000120, 0x00000108, - 0x00000118, 0x00000178, 0x00000128, 0x00000148, - 0x00000100, 0x00000150, 0x00000170, 0x00000138, - 0x00000130, 0x00000140, 0x00000110, 0x00000160, - 0x000001e8, 0x000001d8, 0x000001a0, 0x00000188, - 0x00000198, 0x000001f8, 0x000001a8, 0x000001c8, - 0x00000180, 0x000001d0, 0x000001f0, 0x000001b8, - 0x000001b0, 0x000001c0, 0x00000190, 0x000001e0, - 0x00000768, 0x00000758, 0x00000720, 0x00000708, - 0x00000718, 0x00000778, 0x00000728, 0x00000748, - 0x00000700, 0x00000750, 0x00000770, 0x00000738, - 0x00000730, 0x00000740, 0x00000710, 0x00000760, - 0x00000368, 0x00000358, 0x00000320, 0x00000308, - 0x00000318, 0x00000378, 0x00000328, 0x00000348, - 0x00000300, 0x00000350, 0x00000370, 0x00000338, - 0x00000330, 0x00000340, 0x00000310, 0x00000360, - 0x000005e8, 0x000005d8, 0x000005a0, 0x00000588, - 0x00000598, 0x000005f8, 0x000005a8, 0x000005c8, - 0x00000580, 0x000005d0, 0x000005f0, 0x000005b8, - 0x000005b0, 0x000005c0, 0x00000590, 0x000005e0, - 0x00000468, 0x00000458, 0x00000420, 0x00000408, - 0x00000418, 0x00000478, 0x00000428, 0x00000448, - 0x00000400, 0x00000450, 0x00000470, 0x00000438, - 0x00000430, 0x00000440, 0x00000410, 0x00000460, - 0x00000668, 0x00000658, 0x00000620, 0x00000608, - 0x00000618, 0x00000678, 0x00000628, 0x00000648, - 0x00000600, 0x00000650, 0x00000670, 0x00000638, - 0x00000630, 0x00000640, 0x00000610, 0x00000660 } -}; - #include "gost.h" +#include "gost-sb.h" static gcry_err_code_t gost_setkey (void *c, const byte *key, unsigned keylen) @@ -315,6 +46,9 @@ gost_setkey (void *c, const byte *key, unsigned keylen) if (keylen != 256 / 8) return GPG_ERR_INV_KEYLEN; + if (!ctx->sbox) + ctx->sbox = sbox_test_3411; + for (i = 0; i < 8; i++) { ctx->key[i] = (key[4 * i + 3] << 24) | @@ -329,10 +63,10 @@ static u32 gost_val (GOST28147_context *ctx, u32 cm1, int subkey) { cm1 += ctx->key[subkey]; - cm1 = test_sbox[0][ (cm1 >> 0) & 0xff] | - test_sbox[1][ (cm1 >> 8) & 0xff] | - test_sbox[2][ (cm1 >> 16) & 0xff] | - test_sbox[3][ (cm1 >> 24) & 0xff]; + cm1 = ctx->sbox[0*256 + ((cm1 >> 0) & 0xff)] | + ctx->sbox[1*256 + ((cm1 >> 8) & 0xff)] | + ctx->sbox[2*256 + ((cm1 >> 16) & 0xff)] | + ctx->sbox[3*256 + ((cm1 >> 24) & 0xff)]; return cm1; } commit 34a58010000288515636706811c3837f32957b2e Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:28 2014 +0400 gost28147: add OIDs used to define cipher mode * cipher/gost28147 (oids_gost28147): Add OID from RFC4357. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/cipher/gost28147.c b/cipher/gost28147.c index c094209..1e48eb0 100644 --- a/cipher/gost28147.c +++ b/cipher/gost28147.c @@ -441,10 +441,20 @@ gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf) 4*sizeof(void*) /* gost_val call */; } +static gcry_cipher_oid_spec_t oids_gost28147[] = + { + /* { "1.2.643.2.2.31.0", GCRY_CIPHER_MODE_CNTGOST }, */ + { "1.2.643.2.2.31.1", GCRY_CIPHER_MODE_CFB }, + { "1.2.643.2.2.31.2", GCRY_CIPHER_MODE_CFB }, + { "1.2.643.2.2.31.3", GCRY_CIPHER_MODE_CFB }, + { "1.2.643.2.2.31.4", GCRY_CIPHER_MODE_CFB }, + { NULL } + }; + gcry_cipher_spec_t _gcry_cipher_spec_gost28147 = { GCRY_CIPHER_GOST28147, {0, 0}, - "GOST28147", NULL, NULL, 8, 256, + "GOST28147", NULL, oids_gost28147, 8, 256, sizeof (GOST28147_context), gost_setkey, gost_encrypt_block, commit 8b221cf5ce233c8c49a4e4ecebb70d523fc37837 Author: Dmitry Eremin-Solenikov Date: Fri Jun 6 22:48:26 2014 +0400 GOST R 34.11-94 add OIDs * cipher/gostr3411-94.c: Add OIDs for GOST R 34.11-94 from RFC 4357. Signed-off-by: Dmitry Eremin-Solenikov diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c index 9a39733..73d570f 100644 --- a/cipher/gostr3411-94.c +++ b/cipher/gostr3411-94.c @@ -294,10 +294,23 @@ gost3411_read (void *context) return hd->h; } + +static unsigned char asn[6] = /* Object ID is 1.2.643.2.2.3 */ + { 0x2a, 0x85, 0x03, 0x02, 0x02, 0x03 }; + +static gcry_md_oid_spec_t oid_spec_gostr3411[] = + { + /* iso.member-body.ru.rans.cryptopro.3 (gostR3411-94-with-gostR3410-2001) */ + { "1.2.643.2.2.3" }, + /* iso.member-body.ru.rans.cryptopro.9 (gostR3411-94) */ + { "1.2.643.2.2.9" }, + {NULL}, + }; + gcry_md_spec_t _gcry_digest_spec_gost3411_94 = { GCRY_MD_GOSTR3411_94, {0, 0}, - "GOSTR3411_94", NULL, 0, NULL, 32, + "GOSTR3411_94", asn, DIM (asn), oid_spec_gostr3411, 32, gost3411_init, _gcry_md_block_write, gost3411_final, gost3411_read, sizeof (GOSTR3411_CONTEXT) }; ----------------------------------------------------------------------- Summary of changes: .gitignore | 2 + NEWS | 3 + cipher/Makefile.am | 5 + cipher/cipher.c | 7 + cipher/gost-s-box.c | 256 ++++++++++++++++++++++++++++++ cipher/gost.h | 5 +- cipher/gost28147.c | 411 +++++++++++-------------------------------------- cipher/gostr3411-94.c | 238 +++++++++++++++++----------- cipher/md.c | 2 + src/cipher.h | 1 + src/gcrypt.h.in | 9 +- tests/basic.c | 2 +- tests/t-kdf.c | 70 ++++++++- 13 files changed, 592 insertions(+), 419 deletions(-) create mode 100644 cipher/gost-s-box.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jun 29 16:45:42 2014 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 29 Jun 2014 16:45:42 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-94-g1b9b00b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 1b9b00bbe41bbed32563f1102049521e703e72bd (commit) from 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1b9b00bbe41bbed32563f1102049521e703e72bd Author: Jussi Kivilinna Date: Sun Jun 29 17:36:29 2014 +0300 Speed-up SHA-1 NEON assembly implementation * cipher/sha1-armv7-neon.S: Tweak implementation for speed-up. -- Benchmark on Cortex-A8 1008Mhz: New: | nanosecs/byte mebibytes/sec cycles/byte SHA1 | 7.04 ns/B 135.4 MiB/s 7.10 c/B Old: | nanosecs/byte mebibytes/sec cycles/byte SHA1 | 7.79 ns/B 122.4 MiB/s 7.85 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/sha1-armv7-neon.S b/cipher/sha1-armv7-neon.S index 95b677d..f314d8e 100644 --- a/cipher/sha1-armv7-neon.S +++ b/cipher/sha1-armv7-neon.S @@ -1,5 +1,5 @@ /* sha1-armv7-neon.S - ARM/NEON accelerated SHA-1 transform function - * Copyright (C) 2013 Jussi Kivilinna + * Copyright (C) 2013-2014 Jussi Kivilinna * * Based on sha1.c: * Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc. @@ -26,12 +26,12 @@ defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \ defined(HAVE_GCC_INLINE_ASM_NEON) && defined(USE_SHA1) -.data - .syntax unified .fpu neon .arm +.text + #ifdef __PIC__ # define GET_DATA_POINTER(reg, name, rtmp) \ ldr reg, 1f; \ @@ -69,16 +69,13 @@ gcry_sha1_armv7_neon_K_VEC: .LK4: .long K4, K4, K4, K4 -.text - /* Register macros */ #define RSTATE r0 #define RDATA r1 #define RNBLKS r2 #define ROLDSTACK r3 -#define RK lr -#define RWK r12 +#define RWK lr #define _a r4 #define _b r5 @@ -89,6 +86,7 @@ gcry_sha1_armv7_neon_K_VEC: #define RT0 r9 #define RT1 r10 #define RT2 r11 +#define RT3 r12 #define W0 q0 #define W1 q1 @@ -104,7 +102,10 @@ gcry_sha1_armv7_neon_K_VEC: #define tmp2 q10 #define tmp3 q11 -#define curK q12 +#define qK1 q12 +#define qK2 q13 +#define qK3 q14 +#define qK4 q15 /* Round function macros. */ @@ -112,43 +113,43 @@ gcry_sha1_armv7_neon_K_VEC: #define WK_offs(i) (((i) & 15) * 4) #define _R_F1(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \ - and RT0, c, b; \ + ldr RT3, [sp, WK_offs(i)]; \ pre1(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + bic RT0, d, b; \ add e, e, a, ror #(32 - 5); \ - ldr RT2, [sp, WK_offs(i)]; \ - bic RT1, d, b; \ - add e, RT2; \ + and RT1, c, b; \ pre2(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + add RT0, RT0, RT3; \ + add e, e, RT1; \ ror b, #(32 - 30); \ - eor RT0, RT1; \ pre3(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ - add e, RT0; + add e, e, RT0; #define _R_F2(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \ - eor RT0, c, b; \ + ldr RT3, [sp, WK_offs(i)]; \ pre1(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + eor RT0, d, b; \ add e, e, a, ror #(32 - 5); \ - ldr RT2, [sp, WK_offs(i)]; \ - eor RT0, d; \ + eor RT0, RT0, c; \ pre2(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ - add e, RT2; \ + add e, e, RT3; \ ror b, #(32 - 30); \ pre3(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ - add e, RT0; \ + add e, e, RT0; \ #define _R_F3(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \ - eor RT0, c, b; \ + ldr RT3, [sp, WK_offs(i)]; \ pre1(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + eor RT0, b, c; \ + and RT1, b, c; \ add e, e, a, ror #(32 - 5); \ - ldr RT2, [sp, WK_offs(i)]; \ - and RT1, c, b; \ - and RT0, d; \ - add e, RT2; \ pre2(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ + and RT0, RT0, d; \ + add RT1, RT1, RT3; \ + add e, e, RT0; \ ror b, #(32 - 30); \ - add e, RT1; \ pre3(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \ - add e, RT0; + add e, e, RT1; #define _R_F4(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \ _R_F2(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) @@ -183,10 +184,10 @@ gcry_sha1_armv7_neon_K_VEC: vst1.32 {tmp2, tmp3}, [RWK]; \ #define WPRECALC_00_15_0(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - add RWK, sp, #(WK_offs(0)); \ + vld1.32 {tmp0, tmp1}, [RDATA]!; \ #define WPRECALC_00_15_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - vld1.32 {tmp0, tmp1}, [RDATA]!; \ + add RWK, sp, #(WK_offs(0)); \ #define WPRECALC_00_15_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ vrev32.8 W0, tmp0; /* big => little */ \ @@ -225,25 +226,25 @@ gcry_sha1_armv7_neon_K_VEC: /********* Precalc macros for rounds 16-31 ************************************/ #define WPRECALC_16_31_0(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - add RWK, sp, #(WK_offs(i)); \ - -#define WPRECALC_16_31_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ veor tmp0, tmp0; \ vext.8 W, W_m16, W_m12, #8; \ -#define WPRECALC_16_31_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ +#define WPRECALC_16_31_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ + add RWK, sp, #(WK_offs(i)); \ vext.8 tmp0, W_m04, tmp0, #4; \ + +#define WPRECALC_16_31_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ + veor tmp0, tmp0, W_m16; \ veor.32 W, W, W_m08; \ #define WPRECALC_16_31_3(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - veor tmp0, tmp0, W_m16; \ veor tmp1, tmp1; \ + veor W, W, tmp0; \ #define WPRECALC_16_31_4(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - veor W, W, tmp0; \ + vshl.u32 tmp0, W, #1; \ #define WPRECALC_16_31_5(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - vshl.u32 tmp0, W, #1; \ vext.8 tmp1, tmp1, W, #(16-12); \ vshr.u32 W, W, #31; \ @@ -270,28 +271,28 @@ gcry_sha1_armv7_neon_K_VEC: /********* Precalc macros for rounds 32-79 ************************************/ #define WPRECALC_32_79_0(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - add RWK, sp, #(WK_offs(i&~3)); \ + veor W, W_m28; \ #define WPRECALC_32_79_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - veor W, W_m28; \ + vext.8 tmp0, W_m08, W_m04, #8; \ #define WPRECALC_32_79_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - vext.8 tmp0, W_m08, W_m04, #8; \ + veor W, W_m16; \ #define WPRECALC_32_79_3(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - veor W, W_m16; \ + veor W, tmp0; \ #define WPRECALC_32_79_4(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - veor W, tmp0; \ + add RWK, sp, #(WK_offs(i&~3)); \ #define WPRECALC_32_79_5(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - vshr.u32 tmp0, W, #30; \ + vshl.u32 tmp1, W, #2; \ #define WPRECALC_32_79_6(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - vshl.u32 W, W, #2; \ + vshr.u32 tmp0, W, #30; \ #define WPRECALC_32_79_7(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ - vorr W, tmp0, W; \ + vorr W, tmp0, tmp1; \ #define WPRECALC_32_79_8(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \ vadd.u32 tmp0, W, curK; \ @@ -326,20 +327,26 @@ _gcry_sha1_transform_armv7_neon: beq .Ldo_nothing; push {r4-r12, lr}; + + GET_DATA_POINTER(RT3, .LK_VEC, _a); vpush {q4-q7}; mov ROLDSTACK, sp; - GET_DATA_POINTER(RK, .LK_VEC, _a); /* Align stack. */ sub sp, #(16*4); and sp, #(~(16-1)); + vld1.32 {qK1-qK2}, [RT3]!; /* Load K1,K2 */ + /* Get the values of the chaining variables. */ ldm RSTATE, {_a-_e}; + vld1.32 {qK3-qK4}, [RT3]; /* Load K3,K4 */ + +#undef curK +#define curK qK1 /* Precalc 0-15. */ - vld1.32 {curK}, [RK]!; /* Load K1. */ W_PRECALC_00_15(); b .Loop; @@ -352,7 +359,8 @@ _gcry_sha1_transform_armv7_neon: _R( _d, _e, _a, _b, _c, F1, 2, WPRECALC_16_31_6, WPRECALC_16_31_7, WPRECALC_16_31_8, 16, W4, W5, W6, W7, W0, _, _, _ ); _R( _c, _d, _e, _a, _b, F1, 3, WPRECALC_16_31_9, WPRECALC_16_31_10,WPRECALC_16_31_11,16, W4, W5, W6, W7, W0, _, _, _ ); - vld1.32 {curK}, [RK]!; /* Load K2. */ +#undef curK +#define curK qK2 _R( _b, _c, _d, _e, _a, F1, 4, WPRECALC_16_31_0, WPRECALC_16_31_1, WPRECALC_16_31_2, 20, W3, W4, W5, W6, W7, _, _, _ ); _R( _a, _b, _c, _d, _e, F1, 5, WPRECALC_16_31_3, WPRECALC_16_31_4, WPRECALC_16_31_5, 20, W3, W4, W5, W6, W7, _, _, _ ); _R( _e, _a, _b, _c, _d, F1, 6, WPRECALC_16_31_6, WPRECALC_16_31_7, WPRECALC_16_31_8, 20, W3, W4, W5, W6, W7, _, _, _ ); @@ -371,72 +379,75 @@ _gcry_sha1_transform_armv7_neon: /* Transform 16-63 + Precalc 32-79. */ _R( _e, _a, _b, _c, _d, F1, 16, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 32, W0, W1, W2, W3, W4, W5, W6, W7); _R( _d, _e, _a, _b, _c, F1, 17, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 32, W0, W1, W2, W3, W4, W5, W6, W7); - _R( _c, _d, _e, _a, _b, F1, 18, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 32, W0, W1, W2, W3, W4, W5, W6, W7); + _R( _c, _d, _e, _a, _b, F1, 18, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 32, W0, W1, W2, W3, W4, W5, W6, W7); _R( _b, _c, _d, _e, _a, F1, 19, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 32, W0, W1, W2, W3, W4, W5, W6, W7); _R( _a, _b, _c, _d, _e, F2, 20, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 36, W7, W0, W1, W2, W3, W4, W5, W6); _R( _e, _a, _b, _c, _d, F2, 21, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 36, W7, W0, W1, W2, W3, W4, W5, W6); - _R( _d, _e, _a, _b, _c, F2, 22, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 36, W7, W0, W1, W2, W3, W4, W5, W6); + _R( _d, _e, _a, _b, _c, F2, 22, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 36, W7, W0, W1, W2, W3, W4, W5, W6); _R( _c, _d, _e, _a, _b, F2, 23, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 36, W7, W0, W1, W2, W3, W4, W5, W6); - vld1.32 {curK}, [RK]!; /* Load K3. */ +#undef curK +#define curK qK3 _R( _b, _c, _d, _e, _a, F2, 24, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 40, W6, W7, W0, W1, W2, W3, W4, W5); _R( _a, _b, _c, _d, _e, F2, 25, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 40, W6, W7, W0, W1, W2, W3, W4, W5); - _R( _e, _a, _b, _c, _d, F2, 26, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 40, W6, W7, W0, W1, W2, W3, W4, W5); + _R( _e, _a, _b, _c, _d, F2, 26, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 40, W6, W7, W0, W1, W2, W3, W4, W5); _R( _d, _e, _a, _b, _c, F2, 27, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 40, W6, W7, W0, W1, W2, W3, W4, W5); _R( _c, _d, _e, _a, _b, F2, 28, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 44, W5, W6, W7, W0, W1, W2, W3, W4); _R( _b, _c, _d, _e, _a, F2, 29, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 44, W5, W6, W7, W0, W1, W2, W3, W4); - _R( _a, _b, _c, _d, _e, F2, 30, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 44, W5, W6, W7, W0, W1, W2, W3, W4); + _R( _a, _b, _c, _d, _e, F2, 30, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 44, W5, W6, W7, W0, W1, W2, W3, W4); _R( _e, _a, _b, _c, _d, F2, 31, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 44, W5, W6, W7, W0, W1, W2, W3, W4); _R( _d, _e, _a, _b, _c, F2, 32, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 48, W4, W5, W6, W7, W0, W1, W2, W3); _R( _c, _d, _e, _a, _b, F2, 33, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 48, W4, W5, W6, W7, W0, W1, W2, W3); - _R( _b, _c, _d, _e, _a, F2, 34, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 48, W4, W5, W6, W7, W0, W1, W2, W3); + _R( _b, _c, _d, _e, _a, F2, 34, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 48, W4, W5, W6, W7, W0, W1, W2, W3); _R( _a, _b, _c, _d, _e, F2, 35, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 48, W4, W5, W6, W7, W0, W1, W2, W3); _R( _e, _a, _b, _c, _d, F2, 36, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 52, W3, W4, W5, W6, W7, W0, W1, W2); _R( _d, _e, _a, _b, _c, F2, 37, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 52, W3, W4, W5, W6, W7, W0, W1, W2); - _R( _c, _d, _e, _a, _b, F2, 38, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 52, W3, W4, W5, W6, W7, W0, W1, W2); + _R( _c, _d, _e, _a, _b, F2, 38, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 52, W3, W4, W5, W6, W7, W0, W1, W2); _R( _b, _c, _d, _e, _a, F2, 39, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 52, W3, W4, W5, W6, W7, W0, W1, W2); _R( _a, _b, _c, _d, _e, F3, 40, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 56, W2, W3, W4, W5, W6, W7, W0, W1); _R( _e, _a, _b, _c, _d, F3, 41, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 56, W2, W3, W4, W5, W6, W7, W0, W1); - _R( _d, _e, _a, _b, _c, F3, 42, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 56, W2, W3, W4, W5, W6, W7, W0, W1); + _R( _d, _e, _a, _b, _c, F3, 42, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 56, W2, W3, W4, W5, W6, W7, W0, W1); _R( _c, _d, _e, _a, _b, F3, 43, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 56, W2, W3, W4, W5, W6, W7, W0, W1); - vld1.32 {curK}, [RK]!; /* Load K4. */ +#undef curK +#define curK qK4 _R( _b, _c, _d, _e, _a, F3, 44, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 60, W1, W2, W3, W4, W5, W6, W7, W0); _R( _a, _b, _c, _d, _e, F3, 45, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 60, W1, W2, W3, W4, W5, W6, W7, W0); - _R( _e, _a, _b, _c, _d, F3, 46, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 60, W1, W2, W3, W4, W5, W6, W7, W0); + _R( _e, _a, _b, _c, _d, F3, 46, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 60, W1, W2, W3, W4, W5, W6, W7, W0); _R( _d, _e, _a, _b, _c, F3, 47, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 60, W1, W2, W3, W4, W5, W6, W7, W0); _R( _c, _d, _e, _a, _b, F3, 48, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 64, W0, W1, W2, W3, W4, W5, W6, W7); _R( _b, _c, _d, _e, _a, F3, 49, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 64, W0, W1, W2, W3, W4, W5, W6, W7); - _R( _a, _b, _c, _d, _e, F3, 50, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 64, W0, W1, W2, W3, W4, W5, W6, W7); + _R( _a, _b, _c, _d, _e, F3, 50, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 64, W0, W1, W2, W3, W4, W5, W6, W7); _R( _e, _a, _b, _c, _d, F3, 51, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 64, W0, W1, W2, W3, W4, W5, W6, W7); _R( _d, _e, _a, _b, _c, F3, 52, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 68, W7, W0, W1, W2, W3, W4, W5, W6); _R( _c, _d, _e, _a, _b, F3, 53, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 68, W7, W0, W1, W2, W3, W4, W5, W6); - _R( _b, _c, _d, _e, _a, F3, 54, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 68, W7, W0, W1, W2, W3, W4, W5, W6); + _R( _b, _c, _d, _e, _a, F3, 54, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 68, W7, W0, W1, W2, W3, W4, W5, W6); _R( _a, _b, _c, _d, _e, F3, 55, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 68, W7, W0, W1, W2, W3, W4, W5, W6); _R( _e, _a, _b, _c, _d, F3, 56, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 72, W6, W7, W0, W1, W2, W3, W4, W5); _R( _d, _e, _a, _b, _c, F3, 57, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 72, W6, W7, W0, W1, W2, W3, W4, W5); - _R( _c, _d, _e, _a, _b, F3, 58, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 72, W6, W7, W0, W1, W2, W3, W4, W5); + _R( _c, _d, _e, _a, _b, F3, 58, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 72, W6, W7, W0, W1, W2, W3, W4, W5); _R( _b, _c, _d, _e, _a, F3, 59, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 72, W6, W7, W0, W1, W2, W3, W4, W5); - sub RK, #64; + subs RNBLKS, #1; + _R( _a, _b, _c, _d, _e, F4, 60, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 76, W5, W6, W7, W0, W1, W2, W3, W4); _R( _e, _a, _b, _c, _d, F4, 61, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 76, W5, W6, W7, W0, W1, W2, W3, W4); - _R( _d, _e, _a, _b, _c, F4, 62, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 76, W5, W6, W7, W0, W1, W2, W3, W4); + _R( _d, _e, _a, _b, _c, F4, 62, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 76, W5, W6, W7, W0, W1, W2, W3, W4); _R( _c, _d, _e, _a, _b, F4, 63, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 76, W5, W6, W7, W0, W1, W2, W3, W4); - subs RNBLKS, #1; beq .Lend; /* Transform 64-79 + Precalc 0-15 of next block. */ - vld1.32 {curK}, [RK]!; /* Load K1. */ +#undef curK +#define curK qK1 _R( _b, _c, _d, _e, _a, F4, 64, WPRECALC_00_15_0, dummy, dummy, _, _, _, _, _, _, _, _, _ ); _R( _a, _b, _c, _d, _e, F4, 65, WPRECALC_00_15_1, dummy, dummy, _, _, _, _, _, _, _, _, _ ); _R( _e, _a, _b, _c, _d, F4, 66, WPRECALC_00_15_2, dummy, dummy, _, _, _, _, _, _, _, _, _ ); @@ -458,14 +469,13 @@ _gcry_sha1_transform_armv7_neon: _R( _b, _c, _d, _e, _a, F4, 79, WPRECALC_00_15_11, dummy, WPRECALC_00_15_12, _, _, _, _, _, _, _, _, _ ); /* Update the chaining variables. */ - ldm RSTATE, {RT0-RT2}; + ldm RSTATE, {RT0-RT3}; add _a, RT0; - ldr RT0, [RSTATE, #state_h3]; + ldr RT0, [RSTATE, #state_h4]; add _b, RT1; - ldr RT1, [RSTATE, #state_h4]; add _c, RT2; - add _d, RT0; - add _e, RT1; + add _d, RT3; + add _e, RT0; stm RSTATE, {_a-_e}; b .Loop; @@ -493,15 +503,14 @@ _gcry_sha1_transform_armv7_neon: mov sp, ROLDSTACK; /* Update the chaining variables. */ - ldm RSTATE, {RT0-RT2}; + ldm RSTATE, {RT0-RT3}; add _a, RT0; - ldr RT0, [RSTATE, #state_h3]; + ldr RT0, [RSTATE, #state_h4]; add _b, RT1; - ldr RT1, [RSTATE, #state_h4]; add _c, RT2; - add _d, RT0; + add _d, RT3; vpop {q4-q7}; - add _e, RT1; + add _e, RT0; stm RSTATE, {_a-_e}; /* burn_stack */ ----------------------------------------------------------------------- Summary of changes: cipher/sha1-armv7-neon.S | 155 ++++++++++++++++++++++++---------------------- 1 file changed, 82 insertions(+), 73 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 30 08:41:25 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 30 Jun 2014 08:41:25 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.13-5-g0735537 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 07355372db903e393fd0b7b22883ce4f71b6a67d (commit) via c7c41582574304974feac8bbd89b1460fbf6c92c (commit) from 51f9a8180ecbc24ed092bef5f2aa920a76769dcb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 07355372db903e393fd0b7b22883ce4f71b6a67d Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 doc update. -- diff --git a/doc/errorref.txt b/doc/errorref.txt index 8c32971..d3a65a1 100644 --- a/doc/errorref.txt +++ b/doc/errorref.txt @@ -417,7 +417,8 @@ GPG_ERR_INV_CERT_OBJ Invalid certificate object Used by GPG to indicate an unknown ECC curve name (may also indicate missing ECC support). It is also used to indicate an unsuported parameter name in functions which take a name and - value to update state. + value to update state. Note that GPG_ERR_UNKNOWN_CURVE is + used instead by newer code. 166 GPG_ERR_LOCALE_PROBLEM A locale function failed 167 GPG_ERR_NOT_LOCKED Not locked @@ -471,7 +472,10 @@ GPG_ERR_INV_CURVE Invalid elliptic curve example it is not possible to get affine coordinates for the public key. -188 GPG_ERR_UNKNOWN_CURVE Unknown elliptic curve +GPG_ERR_UNKNOWN_CURVE Unknown elliptic curve + + The curve is not known or not supported by the protocol. + GPG_ERR_DUP_KEY Duplicated key commit c7c41582574304974feac8bbd89b1460fbf6c92c Author: Daniel Kahn Gillmor Date: Tue Jun 24 17:46:58 2014 -0400 Improve logging in a test module. * tests/t-version.c (main): Print program name. diff --git a/tests/t-version.c b/tests/t-version.c index d6c6399..ce8f41b 100644 --- a/tests/t-version.c +++ b/tests/t-version.c @@ -82,7 +82,7 @@ main (int argc, char **argv) } if (gpg_error_check_version ("15")) { - fprintf (stderr, "gpg_error_check_version did not return an error" + fprintf (stderr, "%s: gpg_error_check_version did not return an error" " for a newer version\n", logpfx); errorcount++; } ----------------------------------------------------------------------- Summary of changes: doc/errorref.txt | 8 ++++++-- tests/t-version.c | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 30 09:15:26 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 30 Jun 2014 09:15:26 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-39-gc434de4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c434de4d83ccfaca8bde51de5c2ac8d9656e4e18 (commit) via 35fdfaa0b94342c53eb82eea155a37ad4009fa9f (commit) from adad1872b448593275d8cae06dffe376bee067b5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c434de4d83ccfaca8bde51de5c2ac8d9656e4e18 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 gpg: Create exported secret files and revocs with mode 700. * common/iobuf.c (direct_open): Add arg MODE700. (iobuf_create): Ditto. * g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call callers to pass 0 for it. * g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new arg. * g10/export.c (do_export): Pass true for new arg if SECRET is true. -- GnuPG-bug-id: 1653. Note that this works only if --output has been used. diff --git a/common/iobuf.c b/common/iobuf.c index d686210..3c68ce5 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -248,7 +248,7 @@ fd_cache_synchronize (const char *fname) static gnupg_fd_t -direct_open (const char *fname, const char *mode) +direct_open (const char *fname, const char *mode, int mode700) { #ifdef HAVE_W32_SYSTEM unsigned long da, cd, sm; @@ -303,7 +303,10 @@ direct_open (const char *fname, const char *mode) #else /*!HAVE_W32_SYSTEM*/ int oflag; - int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; + int cflag = S_IRUSR | S_IWUSR; + + if (!mode700) + cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; /* Note, that we do not handle all mode combinations */ if (strchr (mode, '+')) @@ -420,7 +423,7 @@ fd_cache_open (const char *fname, const char *mode) } if (DBG_IOBUF) log_debug ("fd_cache_open (%s) not cached\n", fname); - return direct_open (fname, mode); + return direct_open (fname, mode, 0); } @@ -1425,10 +1428,11 @@ iobuf_sockopen (int fd, const char *mode) } /**************** - * create an iobuf for writing to a file; the file will be created. + * Create an iobuf for writing to a file; the file will be created. + * With MODE700 set the file is created with that mode (Unix only). */ iobuf_t -iobuf_create (const char *fname) +iobuf_create (const char *fname, int mode700) { iobuf_t a; gnupg_fd_t fp; @@ -1445,7 +1449,7 @@ iobuf_create (const char *fname) } else if ((fd = check_special_filename (fname)) != -1) return iobuf_fdopen (translate_file_handle (fd, 1), "wb"); - else if ((fp = direct_open (fname, "wb")) == GNUPG_INVALID_FD) + else if ((fp = direct_open (fname, "wb", mode700)) == GNUPG_INVALID_FD) return NULL; a = iobuf_alloc (2, IOBUF_BUFFER_SIZE); fcx = xmalloc (sizeof *fcx + strlen (fname)); @@ -1476,7 +1480,7 @@ iobuf_openrw (const char *fname) if (!fname) return NULL; - else if ((fp = direct_open (fname, "r+b")) == GNUPG_INVALID_FD) + else if ((fp = direct_open (fname, "r+b", 0)) == GNUPG_INVALID_FD) return NULL; a = iobuf_alloc (2, IOBUF_BUFFER_SIZE); fcx = xmalloc (sizeof *fcx + strlen (fname)); diff --git a/common/iobuf.h b/common/iobuf.h index d3f5520..ef05547 100644 --- a/common/iobuf.h +++ b/common/iobuf.h @@ -115,7 +115,7 @@ iobuf_t iobuf_fdopen (int fd, const char *mode); iobuf_t iobuf_fdopen_nc (int fd, const char *mode); iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open); iobuf_t iobuf_sockopen (int fd, const char *mode); -iobuf_t iobuf_create (const char *fname); +iobuf_t iobuf_create (const char *fname, int mode700); iobuf_t iobuf_append (const char *fname); iobuf_t iobuf_openrw (const char *fname); int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval); diff --git a/g10/dearmor.c b/g10/dearmor.c index d84fb30..3fdd57d 100644 --- a/g10/dearmor.c +++ b/g10/dearmor.c @@ -64,7 +64,7 @@ dearmor_file( const char *fname ) push_armor_filter ( afx, inp ); - if( (rc = open_outfile (-1, fname, 0, &out )) ) + if( (rc = open_outfile (-1, fname, 0, 0, &out)) ) goto leave; while( (c = iobuf_get(inp)) != -1 ) @@ -110,7 +110,7 @@ enarmor_file( const char *fname ) } - if( (rc = open_outfile (-1, fname, 1, &out )) ) + if( (rc = open_outfile (-1, fname, 1, 0, &out )) ) goto leave; afx->what = 4; diff --git a/g10/encrypt.c b/g10/encrypt.c index c8e7962..5b10b73 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -264,7 +264,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) do_compress = 0; } - if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, &out ))) + if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out ))) { iobuf_cancel (inp); xfree (cfx.dek); @@ -567,7 +567,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, if (opt.textmode) iobuf_push_filter (inp, text_filter, &tfx); - rc = open_outfile (outputfd, filename, opt.armor? 1:0, &out); + rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out); if (rc) goto leave; diff --git a/g10/export.c b/g10/export.c index acf38a7..0aa44f3 100644 --- a/g10/export.c +++ b/g10/export.c @@ -201,7 +201,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options ) memset( &zfx, 0, sizeof zfx); - rc = open_outfile (-1, NULL, 0, &out ); + rc = open_outfile (-1, NULL, 0, !!secret, &out ); if (rc) return rc; diff --git a/g10/keydb.c b/g10/keydb.c index 688c24c..e735b4a 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -213,7 +213,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force) gpg_err_set_errno (EPERM); } else - iobuf = iobuf_create (filename); + iobuf = iobuf_create (filename, 0); umask (oldmask); if (!iobuf) { diff --git a/g10/keygen.c b/g10/keygen.c index 54d37d0..35c1460 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3814,7 +3814,7 @@ do_generate_keypair (struct para_data_s *para, gpg_err_set_errno (EPERM); } else - outctrl->pub.stream = iobuf_create( outctrl->pub.fname ); + outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0); if (!outctrl->pub.stream) { log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname, @@ -4442,6 +4442,9 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary, (ulong)sk->keyid[0], (ulong)sk->keyid[1]); fname = make_filename (backup_dir, name_buffer, NULL); + /* Note that the umask call is not anymore needed because + iobuf_create now takes care of it. However, it does not harm + and thus we keep it. */ oldmask = umask (077); if (is_secured_filename (fname)) { @@ -4449,7 +4452,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary, gpg_err_set_errno (EPERM); } else - fp = iobuf_create (fname); + fp = iobuf_create (fname, 1); umask (oldmask); if (!fp) { diff --git a/g10/keyring.c b/g10/keyring.c index 04f6eeb..6f75b6a 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -1197,7 +1197,9 @@ create_tmp_file (const char *template, strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp"); # endif /* Posix filename */ - /* Create the temp file with limited access */ + /* Create the temp file with limited access. Note that the umask + call is not anymore needed because iobuf_create now takes care + of it. However, it does not harm and thus we keep it. */ oldmask=umask(077); if (is_secured_filename (tmpfname)) { @@ -1205,7 +1207,7 @@ create_tmp_file (const char *template, gpg_err_set_errno (EPERM); } else - *r_fp = iobuf_create (tmpfname); + *r_fp = iobuf_create (tmpfname, 1); umask(oldmask); if (!*r_fp) { @@ -1513,7 +1515,7 @@ do_copy (int mode, const char *fname, KBNODE root, gpg_err_set_errno (EPERM); } else - newfp = iobuf_create (fname); + newfp = iobuf_create (fname, 1); umask(oldmask); if( !newfp ) { diff --git a/g10/main.h b/g10/main.h index 97c6612..ae0bc8c 100644 --- a/g10/main.h +++ b/g10/main.h @@ -270,7 +270,8 @@ int save_unprotected_key_to_card (PKT_public_key *sk, int keyno); int overwrite_filep( const char *fname ); char *make_outfile_name( const char *iname ); char *ask_outfile_name( const char *name, size_t namelen ); -int open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a); +int open_outfile (int inp_fd, const char *iname, int mode, + int restrictedperm, iobuf_t *a); iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx ); void try_make_homedir( const char *fname ); diff --git a/g10/openfile.c b/g10/openfile.c index 119c567..901387d 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -177,10 +177,12 @@ ask_outfile_name( const char *name, size_t namelen ) * * If INP_FD is not -1 the function simply creates an IOBUF for that * file descriptor and ignorea INAME and MODE. Note that INP_FD won't - * be closed if the returned IOBUF is closed. + * be closed if the returned IOBUF is closed. With RESTRICTEDPERM a + * file will be created with mode 700 if possible. */ int -open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a) +open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm, + iobuf_t *a) { int rc = 0; @@ -204,7 +206,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a) } else if (iobuf_is_pipe_filename (iname) && !opt.outfile) { - *a = iobuf_create(NULL); + *a = iobuf_create (NULL, 0); if ( !*a ) { rc = gpg_error_from_syserror (); @@ -284,7 +286,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a) gpg_err_set_errno (EPERM); } else - *a = iobuf_create (name); + *a = iobuf_create (name, restrictedperm); if (!*a) { rc = gpg_error_from_syserror (); diff --git a/g10/revoke.c b/g10/revoke.c index 46fa870..1c52dda 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -328,7 +328,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr ) if( !opt.armor ) tty_printf(_("ASCII armored output forced.\n")); - if( (rc = open_outfile (-1, NULL, 0, &out )) ) + if( (rc = open_outfile (-1, NULL, 0, 1, &out )) ) goto leave; afx->what = 1; @@ -518,7 +518,7 @@ gen_revoke (const char *uname) if (!opt.armor) tty_printf (_("ASCII armored output forced.\n")); - if ((rc = open_outfile (-1, NULL, 0, &out ))) + if ((rc = open_outfile (-1, NULL, 0, 1, &out ))) goto leave; afx->what = 1; diff --git a/g10/sign.c b/g10/sign.c index 8a87888..907d8c5 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -871,7 +871,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, gpg_err_set_errno (EPERM); } else - out = iobuf_create( outfile ); + out = iobuf_create (outfile, 0); if( !out ) { rc = gpg_error_from_syserror (); @@ -882,7 +882,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, log_info(_("writing to '%s'\n"), outfile ); } else if( (rc = open_outfile (-1, fname, - opt.armor? 1: detached? 2:0, &out ))) + opt.armor? 1: detached? 2:0, 0, &out))) goto leave; /* prepare to calculate the MD over the input */ @@ -1188,7 +1188,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) gpg_err_set_errno (EPERM); } else - out = iobuf_create( outfile ); + out = iobuf_create (outfile, 0); if( !out ) { rc = gpg_error_from_syserror (); @@ -1198,7 +1198,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) else if( opt.verbose ) log_info(_("writing to '%s'\n"), outfile ); } - else if( (rc = open_outfile (-1, fname, 1, &out )) ) + else if ((rc = open_outfile (-1, fname, 1, 0, &out))) goto leave; iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF ); @@ -1366,7 +1366,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) cfx.dek->use_mdc=1; /* now create the outfile */ - rc = open_outfile (-1, fname, opt.armor? 1:0, &out); + rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out); if (rc) goto leave; commit 35fdfaa0b94342c53eb82eea155a37ad4009fa9f Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 common: Minor code cleanup for a legacy OS. * common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals. diff --git a/common/iobuf.c b/common/iobuf.c index d78e5d2..d686210 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -299,7 +299,9 @@ direct_open (const char *fname, const char *mode) hfile = CreateFile (fname, da, sm, NULL, cd, FILE_ATTRIBUTE_NORMAL, NULL); #endif return hfile; + #else /*!HAVE_W32_SYSTEM*/ + int oflag; int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; @@ -324,21 +326,18 @@ direct_open (const char *fname, const char *mode) if (strchr (mode, 'b')) oflag |= O_BINARY; #endif - /* No we need to distinguish between POSIX and RISC OS. */ -#ifndef __riscos__ - return open (fname, oflag, cflag); -#else + +#ifdef __riscos__ { struct stat buf; - int rc = stat (fname, &buf); /* Don't allow iobufs on directories */ - if (!rc && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode)) + if (!stat (fname, &buf) && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode)) return __set_errno (EISDIR); - else - return open (fname, oflag, cflag); } #endif + return open (fname, oflag, cflag); + #endif /*!HAVE_W32_SYSTEM*/ } ----------------------------------------------------------------------- Summary of changes: common/iobuf.c | 33 ++++++++++++++++++--------------- common/iobuf.h | 2 +- g10/dearmor.c | 4 ++-- g10/encrypt.c | 4 ++-- g10/export.c | 2 +- g10/keydb.c | 2 +- g10/keygen.c | 7 +++++-- g10/keyring.c | 8 +++++--- g10/main.h | 3 ++- g10/openfile.c | 10 ++++++---- g10/revoke.c | 4 ++-- g10/sign.c | 10 +++++----- 12 files changed, 50 insertions(+), 39 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 30 10:14:40 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 30 Jun 2014 10:14:40 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.1.1-7-g134c045 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 134c045c7d1f93ce61f62193d33af8a6e8825543 (commit) from 326a2918d645dd3d38dbc928e4452c66cb9757f1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 134c045c7d1f93ce61f62193d33af8a6e8825543 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 Avoid a vasprintf call if tracing has not been enabled. * src/debug.c (_assuan_debug): Check wether CAT want to be logged. diff --git a/src/debug.c b/src/debug.c index 5ed4d4d..d6c3e80 100644 --- a/src/debug.c +++ b/src/debug.c @@ -1,22 +1,22 @@ /* debug.c - helpful output in desperate situations Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2009 g10 Code GmbH - + This file is part of Assuan. Assuan is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + Assuan is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ #if HAVE_CONFIG_H @@ -51,7 +51,11 @@ _assuan_debug (assuan_context_t ctx, unsigned int cat, const char *format, ...) char *msg; int res; - if (!ctx || !ctx->log_cb) + /* vasprintf is an expensive operation thus we first check whether + the callback has enabled CAT for logging. */ + if (!ctx + || !ctx->log_cb + || !(*ctx->log_cb) (ctx, ctx->log_cb_data, cat, NULL)) return; saved_errno = errno; @@ -77,11 +81,11 @@ _assuan_debug_begin (assuan_context_t ctx, *line = NULL; /* Probe if this wants to be logged based on category. */ - if (! ctx - || ! ctx->log_cb + if (! ctx + || ! ctx->log_cb || ! (*ctx->log_cb) (ctx, ctx->log_cb_data, cat, NULL)) return; - + va_start (arg_ptr, format); res = vasprintf ((char **) line, format, arg_ptr); va_end (arg_ptr); @@ -147,8 +151,8 @@ _assuan_debug_buffer (assuan_context_t ctx, unsigned int cat, int j; /* Probe if this wants to be logged based on category. */ - if (!ctx - || ! ctx->log_cb + if (!ctx + || ! ctx->log_cb || ! (*ctx->log_cb) (ctx, ctx->log_cb_data, cat, NULL)) return; @@ -157,7 +161,7 @@ _assuan_debug_buffer (assuan_context_t ctx, unsigned int cat, char str[51]; char *strp = str; char *strp2 = &str[34]; - + for (j = 0; j < 16; j++) { unsigned char val; @@ -179,7 +183,7 @@ _assuan_debug_buffer (assuan_context_t ctx, unsigned int cat, *(strp++) = ' '; *(strp2++) = '\n'; *(strp2) = '\0'; - + _assuan_debug (ctx, cat, fmt, func, tagname, tag, str); } } ----------------------------------------------------------------------- Summary of changes: src/debug.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 30 16:43:45 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 30 Jun 2014 16:43:45 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-42-g03018ef Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 03018ef9eec75e4d91ea53c95547a77dedef8f80 (commit) via aa5b4392aac99382d96be94782ae745e0a42484a (commit) via 3a01b220715b3d1a90d94353e4980ab5a1ea8f26 (commit) from c434de4d83ccfaca8bde51de5c2ac8d9656e4e18 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 03018ef9eec75e4d91ea53c95547a77dedef8f80 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 gpg: Auto-create revocation certificates. * configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define. * g10/revoke.c (create_revocation): Add arg "leadin". (gen_standard_revoke): New. * g10/openfile.c (get_openpgp_revocdir): New. (open_outfile): Add MODE value 3. * g10/keyid.c (hexfingerprint): New. * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke. -- GnuPG-bug-id: 1042 diff --git a/configure.ac b/configure.ac index e26e51b..02e02bb 100644 --- a/configure.ac +++ b/configure.ac @@ -444,7 +444,8 @@ AH_BOTTOM([ #else #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg" #endif -#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d" +#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d" +#define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d" /* For some systems (DOS currently), we hardcode the path here. For POSIX systems the values are constructed by the Makefiles, so that diff --git a/doc/gpg.texi b/doc/gpg.texi index 9c52282..5efc16e 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3106,6 +3106,15 @@ files; They all live in in the current home directory (@pxref{option @item ~/.gnupg/secring.gpg.lock The lock file for the secret keyring. + @item ~/.gnupg/openpgp-revocs.d/ + This is the directory where gpg stores pre-generated revocation + certificates. It is suggested to backup those certificates and if the + primary private key is not stored on the disk to move them to an + external storage device. Anyone who can access theses files is able to + revoke the corresponding key. You may want to print them out. You + should backup all files in this directory and take care to keep this + backup closed away. + @item /usr[/local]/share/gnupg/options.skel The skeleton options file. diff --git a/g10/keydb.h b/g10/keydb.h index b21d955..0cf6ca1 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -288,6 +288,7 @@ const char *colon_datestr_from_pk (PKT_public_key *pk); const char *colon_datestr_from_sig (PKT_signature *sig); const char *colon_expirestr_from_sig (PKT_signature *sig); byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len ); +char *hexfingerprint (PKT_public_key *pk); gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array); gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip); diff --git a/g10/keygen.c b/g10/keygen.c index 35c1460..4509231 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4000,6 +4000,8 @@ do_generate_keypair (struct para_data_s *para, update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK) | TRUST_ULTIMATE )); + gen_standard_revoke (pk); + if (!opt.batch) { tty_printf (_("public and secret key created and signed.\n") ); diff --git a/g10/keyid.c b/g10/keyid.c index 9c94bd6..6ce6f32 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -772,6 +772,20 @@ fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len) } +/* Return an allocated buffer with the fingerprint of PK formatted as + a plain hexstring. */ +char * +hexfingerprint (PKT_public_key *pk) +{ + unsigned char fpr[MAX_FINGERPRINT_LEN]; + size_t len; + char *result; + + fingerprint_from_pk (pk, fpr, &len); + result = xmalloc (2 * len + 1); + bin2hex (fpr, len, result); + return result; +} diff --git a/g10/main.h b/g10/main.h index ae0bc8c..e75f616 100644 --- a/g10/main.h +++ b/g10/main.h @@ -274,6 +274,7 @@ int open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm, iobuf_t *a); iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx ); void try_make_homedir( const char *fname ); +char *get_openpgp_revocdir (const char *home); /*-- seskey.c --*/ void make_session_key( DEK *dek ); @@ -317,6 +318,7 @@ int enarmor_file( const char *fname ); /*-- revoke.c --*/ struct revocation_reason_info; +int gen_standard_revoke (PKT_public_key *psk); int gen_revoke( const char *uname ); int gen_desig_revoke( const char *uname, strlist_t locusr); int revocation_reason_build_cb( PKT_signature *sig, void *opaque ); diff --git a/g10/openfile.c b/g10/openfile.c index 901387d..5a43648 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -174,9 +174,10 @@ ask_outfile_name( const char *name, size_t namelen ) * Mode 0 = use ".gpg" * 1 = use ".asc" * 2 = use ".sig" + * 3 = use ".rev" * * If INP_FD is not -1 the function simply creates an IOBUF for that - * file descriptor and ignorea INAME and MODE. Note that INP_FD won't + * file descriptor and ignore INAME and MODE. Note that INP_FD won't * be closed if the returned IOBUF is closed. With RESTRICTEDPERM a * file will be created with mode 700 if possible. */ @@ -239,7 +240,8 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm, const char *newsfx; newsfx = (mode==1 ? ".asc" : - mode==2 ? ".sig" : ".gpg"); + mode==2 ? ".sig" : + mode==3 ? ".rev" : ".gpg"); buf = xmalloc (strlen(iname)+4+1); strcpy (buf, iname); @@ -258,6 +260,7 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm, buf = xstrconcat (iname, (mode==1 ? EXTSEP_S "asc" : mode==2 ? EXTSEP_S "sig" : + mode==3 ? EXTSEP_S "rev" : /* */ EXTSEP_S GPGEXT_GPG), NULL); } @@ -451,3 +454,24 @@ try_make_homedir (const char *fname) copy_options_file( fname ); } } + + +/* Get and if needed create a string with the directory used to store + openpgp revocations. */ +char * +get_openpgp_revocdir (const char *home) +{ + char *fname; + struct stat statbuf; + + fname = make_filename (home, GNUPG_OPENPGP_REVOC_DIR, NULL); + if (stat (fname, &statbuf) && errno == ENOENT) + { + if (gnupg_mkdir (fname, "-rwx")) + log_error (_("can't create directory '%s': %s\n"), + fname, strerror (errno) ); + else if (!opt.quiet) + log_info (_("directory '%s' created\n"), fname); + } + return fname; +} diff --git a/g10/passphrase.c b/g10/passphrase.c index 280d8a9..9d3f497 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -633,7 +633,8 @@ emit_status_need_passphrase (u32 *keyid, u32 *mainkeyid, int pubkey_algo) /* Return an allocated utf-8 string describing the key PK. If ESCAPED is true spaces and control characters are percent or plus escaped. - MODE 0 is for the common prompt, MODE 1 for the import prompt. */ + MODE describes the use of the key description; use one of the + FORMAT_KEYDESC_ macros. */ char * gpg_format_keydesc (PKT_public_key *pk, int mode, int escaped) { diff --git a/g10/revoke.c b/g10/revoke.c index 069453e..bf5e33b 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -436,12 +436,14 @@ gen_desig_revoke( const char *uname, strlist_t locusr ) revocation reason. PSK is the public primary key - we expect that a corresponding secret key is available. KEYBLOCK is the entire KEYBLOCK which is used in PGP mode to write a a minimal key and not - just the naked revocation signature; it may be NULL. */ + just the naked revocation signature; it may be NULL. If LEADINTEXT + is not NULL, it is written right before the (armored) output.*/ static int create_revocation (const char *filename, struct revocation_reason_info *reason, PKT_public_key *psk, - kbnode_t keyblock) + kbnode_t keyblock, + const char *leadintext, int suffix) { int rc; iobuf_t out = NULL; @@ -451,9 +453,12 @@ create_revocation (const char *filename, afx = new_armor_context (); - if ((rc = open_outfile (-1, filename, 0, 1, &out))) + if ((rc = open_outfile (-1, filename, suffix, 1, &out))) goto leave; + if (leadintext ) + iobuf_writestr (out, leadintext); + afx->what = 1; afx->hdrlines = "Comment: This is a revocation certificate\n"; push_armor_filter (afx, out); @@ -502,6 +507,81 @@ create_revocation (const char *filename, } +/* This function is used to generate a standard revocation certificate + by gpg's interactive key generation function. The certificate is + stored at a dedicated place in a slightly modified form to avoid an + accidental import. PSK is the primary key; a corresponding secret + key must be available. */ +int +gen_standard_revoke (PKT_public_key *psk) +{ + int rc; + estream_t memfp; + struct revocation_reason_info reason; + char *dir, *tmpstr, *fname; + void *leadin; + size_t len; + u32 keyid[2]; + char pkstrbuf[PUBKEY_STRING_SIZE]; + char *orig_codeset; + + dir = get_openpgp_revocdir (opt.homedir); + tmpstr = hexfingerprint (psk); + fname = xstrconcat (dir, DIRSEP_S, tmpstr, NULL); + xfree (tmpstr); + xfree (dir); + + keyid_from_pk (psk, keyid); + + memfp = es_fopenmem (0, "r+"); + if (!memfp) + log_fatal ("error creating memory stream\n"); + + orig_codeset = i18n_switchto_utf8 (); + + es_fprintf (memfp, "%s\n\n", + _("This is a revocation certificate for the OpenPGP key:")); + + es_fprintf (memfp, "pub %s/%s %s\n", + pubkey_string (psk, pkstrbuf, sizeof pkstrbuf), + keystr (keyid), + datestr_from_pk (psk)); + + print_fingerprint (memfp, psk, 3); + + tmpstr = get_user_id (keyid, &len); + es_fprintf (memfp, "uid%*s%.*s\n\n", + (int)keystrlen () + 10, "", + (int)len, tmpstr); + xfree (tmpstr); + + es_fprintf (memfp, "%s\n\n%s\n\n:", + _("Use it to revoke this key in case of a compromise or loss of\n" + "the secret key. However, if the secret key is still accessible,\n" + "it is better to generate a new revocation certificate and give\n" + "a reason for the revocation."), + _("To avoid an accidental use of this file, a colon has been inserted\n" + "before the 5 dashes below. Remove this colon with a text editor\n" + "before making use of this revocation certificate.")); + + es_putc (0, memfp); + + i18n_switchback (orig_codeset); + + if (es_fclose_snatch (memfp, &leadin, NULL)) + log_fatal ("error snatching memory stream\n"); + + reason.code = 0x00; /* No particular reason. */ + reason.desc = NULL; + rc = create_revocation (fname, &reason, psk, NULL, leadin, 3); + xfree (leadin); + xfree (fname); + + return rc; +} + + + /**************** * Generate a revocation certificate for UNAME */ @@ -582,7 +662,7 @@ gen_revoke (const char *uname) if (!opt.armor) tty_printf (_("ASCII armored output forced.\n")); - rc = create_revocation (NULL, reason, psk, keyblock); + rc = create_revocation (NULL, reason, psk, keyblock, NULL, 0); if (rc) goto leave; diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index ea1d54f..4b1c219 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -77,7 +77,7 @@ CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ gnupg-test.stop pubring.gpg~ random_seed gpg-agent.log clean-local: - -rm -rf private-keys-v1.d + -rm -rf private-keys-v1.d openpgp-revocs.d # We need to depend on a couple of programs so that the tests don't commit aa5b4392aac99382d96be94782ae745e0a42484a Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 estream: Fix minor glitch in "%.*s" format. * common/estream-printf.c (pr_string): Take care of non-nul terminated strings. diff --git a/common/estream-printf.c b/common/estream-printf.c index 11e6d75..c03f70e 100644 --- a/common/estream-printf.c +++ b/common/estream-printf.c @@ -1209,7 +1209,9 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg, string = "(null)"; if (arg->precision >= 0) { - for (n=0,s=string; *s && n < arg->precision; s++) + /* Test for nul after N so that we can pass a non-nul terminated + string. */ + for (n=0,s=string; n < arg->precision && *s; s++) n++; } else commit 3a01b220715b3d1a90d94353e4980ab5a1ea8f26 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 gpg: Rearrange code in gen_revoke. * g10/revoke.c (gen_revoke): Factor some code out to ... (create_revocation): new. diff --git a/g10/revoke.c b/g10/revoke.c index 1c52dda..069453e 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -431,6 +431,77 @@ gen_desig_revoke( const char *uname, strlist_t locusr ) } +/* Common core to create the revocation. FILENAME may be NULL to write + to stdout or the filename given by --output. REASON describes the + revocation reason. PSK is the public primary key - we expect that + a corresponding secret key is available. KEYBLOCK is the entire + KEYBLOCK which is used in PGP mode to write a a minimal key and not + just the naked revocation signature; it may be NULL. */ +static int +create_revocation (const char *filename, + struct revocation_reason_info *reason, + PKT_public_key *psk, + kbnode_t keyblock) +{ + int rc; + iobuf_t out = NULL; + armor_filter_context_t *afx; + PKT_signature *sig = NULL; + PACKET pkt; + + afx = new_armor_context (); + + if ((rc = open_outfile (-1, filename, 0, 1, &out))) + goto leave; + + afx->what = 1; + afx->hdrlines = "Comment: This is a revocation certificate\n"; + push_armor_filter (afx, out); + + rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0, + opt.force_v4_certs? 4:0, + 0, 0, + revocation_reason_build_cb, reason, NULL); + if (rc) + { + log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc)); + goto leave; + } + + if (keyblock && (PGP2 || PGP6 || PGP7 || PGP8)) + { + /* Use a minimal pk for PGPx mode, since PGP can't import bare + revocation certificates. */ + rc = export_minimal_pk (out, keyblock, sig, NULL); + if (rc) + goto leave; + } + else + { + init_packet (&pkt); + pkt.pkttype = PKT_SIGNATURE; + pkt.pkt.signature = sig; + + rc = build_packet (out, &pkt); + if (rc) + { + log_error (_("build_packet failed: %s\n"), g10_errstr (rc)); + goto leave; + } + } + + leave: + if (sig) + free_seckey_enc (sig); + if (rc) + iobuf_cancel (out); + else + iobuf_close (out); + release_armor_context (afx); + return rc; +} + + /**************** * Generate a revocation certificate for UNAME */ @@ -438,12 +509,8 @@ int gen_revoke (const char *uname) { int rc = 0; - armor_filter_context_t *afx; - PACKET pkt; PKT_public_key *psk; - PKT_signature *sig = NULL; u32 keyid[2]; - iobuf_t out = NULL; kbnode_t keyblock = NULL; kbnode_t node; KEYDB_HANDLE kdbhd; @@ -456,9 +523,6 @@ gen_revoke (const char *uname) return G10ERR_GENERAL; } - afx = new_armor_context (); - init_packet( &pkt ); - /* Search the userid; we don't want the whole getkey stuff here. */ kdbhd = keydb_new (); rc = classify_user_id (uname, &desc, 1); @@ -518,44 +582,9 @@ gen_revoke (const char *uname) if (!opt.armor) tty_printf (_("ASCII armored output forced.\n")); - if ((rc = open_outfile (-1, NULL, 0, 1, &out ))) - goto leave; - - afx->what = 1; - afx->hdrlines = "Comment: A revocation certificate should follow\n"; - push_armor_filter (afx, out); - - /* create it */ - rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0, - opt.force_v4_certs?4:0, 0, 0, - revocation_reason_build_cb, reason, NULL); + rc = create_revocation (NULL, reason, psk, keyblock); if (rc) - { - log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc)); - goto leave; - } - - if (PGP2 || PGP6 || PGP7 || PGP8) - { - /* Use a minimal pk for PGPx mode, since PGP can't import bare - revocation certificates. */ - rc = export_minimal_pk (out, keyblock, sig, NULL); - if(rc) - goto leave; - } - else - { - init_packet( &pkt ); - pkt.pkttype = PKT_SIGNATURE; - pkt.pkt.signature = sig; - - rc = build_packet (out, &pkt); - if (rc) - { - log_error(_("build_packet failed: %s\n"), g10_errstr(rc) ); - goto leave; - } - } + goto leave; /* and issue a usage notice */ tty_printf (_( @@ -567,16 +596,9 @@ gen_revoke (const char *uname) "your machine might store the data and make it available to others!\n")); leave: - if (sig) - free_seckey_enc (sig); release_kbnode (keyblock); keydb_release (kdbhd); - if (rc) - iobuf_cancel(out); - else - iobuf_close(out); release_revocation_reason_info( reason ); - release_armor_context (afx); return rc; } ----------------------------------------------------------------------- Summary of changes: common/estream-printf.c | 4 +- configure.ac | 3 +- doc/gpg.texi | 9 ++ g10/keydb.h | 1 + g10/keygen.c | 2 + g10/keyid.c | 14 ++++ g10/main.h | 2 + g10/openfile.c | 28 ++++++- g10/passphrase.c | 3 +- g10/revoke.c | 204 +++++++++++++++++++++++++++++++++------------ tests/openpgp/Makefile.am | 2 +- 11 files changed, 215 insertions(+), 57 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 30 18:05:06 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 30 Jun 2014 18:05:06 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.24-9-g40215d8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 40215d8ecdb10d36c699aa66f6e35c43b31e4822 (commit) via 621aa6bb4887b479ca62ea6ed769f89b5346da39 (commit) via 998f08529775138ee081cc702ab12a92f74526a2 (commit) from 505f0a642f899ede411837ad69a442b0d4f427fa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40215d8ecdb10d36c699aa66f6e35c43b31e4822 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index 794773b..f523056 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,6 @@ +Noteworthy changes in version 2.0.26 (unreleased) +------------------------------------------------- + Noteworthy changes in version 2.0.25 (2014-06-30) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index 2c92c31..417cf25 100644 --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,7 @@ min_automake_version="1.10" # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [2.0.25]) +m4_define([mym4_version], [2.0.26]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 621aa6bb4887b479ca62ea6ed769f89b5346da39 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 Release 2.0.25 diff --git a/NEWS b/NEWS index cffc774..794773b 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,17 @@ -Noteworthy changes in version 2.0.25 (unreleased) +Noteworthy changes in version 2.0.25 (2014-06-30) ------------------------------------------------- + * gpg: Fix a regression in 2.0.24 if more than one keyid is given + to --recv-keys et al. + + * gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended + key generation. + + * gpgsm: Fix a DISPLAY related problem with --export-secret-key-p12. + + * scdaemon: Support reader Gemalto IDBridge CT30. + + Noteworthy changes in version 2.0.24 (2014-06-24) ------------------------------------------------- commit 998f08529775138ee081cc702ab12a92f74526a2 Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 estream: Fix minor glitch in "%.*s" format. * common/estream-printf.c (pr_string): Take care of non-nul terminated strings. -- Resolved conflicts: common/estream-printf.c - white spaces diff --git a/common/estream-printf.c b/common/estream-printf.c index a5f3a69..91917cf 100644 --- a/common/estream-printf.c +++ b/common/estream-printf.c @@ -52,7 +52,7 @@ #if defined(HAVE_INTMAX_T) || defined(HAVE_UINTMAX_T) # ifdef HAVE_STDINT_H # include -# endif +# endif #endif #ifdef HAVE_LANGINFO_THOUSANDS_SEP #include @@ -67,12 +67,12 @@ /* Allow redefinition of asprintf used malloc functions. */ #if defined(_ESTREAM_PRINTF_MALLOC) -#define my_printf_malloc(a) _ESTREAM_PRINTF_MALLOC((a)) +#define my_printf_malloc(a) _ESTREAM_PRINTF_MALLOC((a)) #else #define my_printf_malloc(a) malloc((a)) #endif #if defined(_ESTREAM_PRINTF_FREE) -#define my_printf_free(a) _ESTREAM_PRINTF_FREE((a)) +#define my_printf_free(a) _ESTREAM_PRINTF_FREE((a)) #else #define my_printf_free(a) free((a)) #endif @@ -182,7 +182,7 @@ typedef enum /* A union used to store the actual values. */ -typedef union +typedef union { char a_char; signed char a_schar; @@ -266,7 +266,7 @@ dump_argspecs (argspec_t arg, size_t argcount) int idx; for (idx=0; argcount; argcount--, arg++, idx++) - fprintf (stderr, + fprintf (stderr, "%2d: len=%u flags=%u width=%d prec=%d mod=%d " "con=%d vt=%d pos=%d-%d-%d\n", idx, @@ -290,8 +290,8 @@ compute_type (argspec_t arg) { switch (arg->conspec) { - case CONSPEC_UNKNOWN: - arg->vt = VALTYPE_UNSUPPORTED; + case CONSPEC_UNKNOWN: + arg->vt = VALTYPE_UNSUPPORTED; break; case CONSPEC_DECIMAL: @@ -302,7 +302,7 @@ compute_type (argspec_t arg) case LENMOD_LONG: arg->vt = VALTYPE_LONG; break; case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG; break; case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX; break; - case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break; + case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break; case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break; default: arg->vt = VALTYPE_INT; break; } @@ -319,12 +319,12 @@ compute_type (argspec_t arg) case LENMOD_LONG: arg->vt = VALTYPE_ULONG; break; case LENMOD_LONGLONG: arg->vt = VALTYPE_ULONGLONG; break; case LENMOD_INTMAX: arg->vt = VALTYPE_UINTMAX; break; - case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break; + case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break; case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break; default: arg->vt = VALTYPE_UINT; break; } break; - + case CONSPEC_FLOAT: case CONSPEC_FLOAT_UP: case CONSPEC_EXP: @@ -340,9 +340,9 @@ compute_type (argspec_t arg) default: arg->vt = VALTYPE_DOUBLE; break; } break; - + case CONSPEC_CHAR: - arg->vt = VALTYPE_INT; + arg->vt = VALTYPE_INT; break; case CONSPEC_STRING: @@ -365,12 +365,12 @@ compute_type (argspec_t arg) case LENMOD_LONG: arg->vt = VALTYPE_LONG_PTR; break; case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG_PTR; break; case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX_PTR; break; - case LENMOD_SIZET: arg->vt = VALTYPE_SIZE_PTR; break; + case LENMOD_SIZET: arg->vt = VALTYPE_SIZE_PTR; break; case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF_PTR; break; default: arg->vt = VALTYPE_INT_PTR; break; } break; - + } } @@ -395,7 +395,7 @@ parse_format (const char *format, if (!format) goto leave_einval; - + for (; *format; format++) { unsigned int flags; @@ -403,7 +403,7 @@ parse_format (const char *format, lenmod_t lenmod; conspec_t conspec; int arg_pos, width_pos, precision_pos; - + if (*format != '%') continue; s = ++format; @@ -417,7 +417,7 @@ parse_format (const char *format, if (*s >= '1' && *s <= '9') { const char *save_s = s; - + arg_pos = (*s++ - '0'); for (; *s >= '0' && *s <= '9'; s++) arg_pos = 10*arg_pos + (*s - '0'); @@ -431,7 +431,7 @@ parse_format (const char *format, s = save_s; } } - + /* Parse the flags. */ flags = 0; for ( ; *s; s++) @@ -449,7 +449,7 @@ parse_format (const char *format, } } flags_parsed: - + /* Parse the field width. */ width_pos = 0; if (*s == '*') @@ -532,11 +532,11 @@ parse_format (const char *format, if (ignore_value) precision = NO_FIELD_VALUE; } - + /* Parse the length modifiers. */ switch (*s) { - case 'h': + case 'h': if (s[1] == 'h') { lenmod = LENMOD_CHAR; @@ -562,7 +562,7 @@ parse_format (const char *format, case 'L': lenmod = LENMOD_LONGDBL; s++; break; default: lenmod = LENMOD_NONE; break; } - + /* Parse the conversion specifier. */ switch (*s) { @@ -632,7 +632,7 @@ parse_format (const char *format, *argspecs_addr = argspecs; *r_argspecs_count = argcount; return 0; /* Success. */ - + leave_einval: errno = EINVAL; leave: @@ -663,14 +663,14 @@ read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs) value->a_char_ptr = va_arg (vaargs, char *); break; case VALTYPE_SCHAR: value->a_schar = va_arg (vaargs, int); break; - case VALTYPE_SCHAR_PTR: - value->a_schar_ptr = va_arg (vaargs, signed char *); + case VALTYPE_SCHAR_PTR: + value->a_schar_ptr = va_arg (vaargs, signed char *); break; case VALTYPE_UCHAR: value->a_uchar = va_arg (vaargs, int); break; case VALTYPE_SHORT: value->a_short = va_arg (vaargs, int); break; case VALTYPE_USHORT: value->a_ushort = va_arg (vaargs, int); break; - case VALTYPE_SHORT_PTR: - value->a_short_ptr = va_arg (vaargs, short *); + case VALTYPE_SHORT_PTR: + value->a_short_ptr = va_arg (vaargs, short *); break; case VALTYPE_INT: value->a_int = va_arg (vaargs, int); @@ -684,20 +684,20 @@ read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs) case VALTYPE_LONG: value->a_long = va_arg (vaargs, long); break; - case VALTYPE_ULONG: + case VALTYPE_ULONG: value->a_ulong = va_arg (vaargs, unsigned long); break; - case VALTYPE_LONG_PTR: - value->a_long_ptr = va_arg (vaargs, long *); + case VALTYPE_LONG_PTR: + value->a_long_ptr = va_arg (vaargs, long *); break; #ifdef HAVE_LONG_LONG_INT case VALTYPE_LONGLONG: value->a_longlong = va_arg (vaargs, long long int); break; - case VALTYPE_ULONGLONG: - value->a_ulonglong = va_arg (vaargs, unsigned long long int); + case VALTYPE_ULONGLONG: + value->a_ulonglong = va_arg (vaargs, unsigned long long int); break; - case VALTYPE_LONGLONG_PTR: + case VALTYPE_LONGLONG_PTR: value->a_longlong_ptr = va_arg (vaargs, long long *); break; #endif @@ -712,31 +712,31 @@ read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs) case VALTYPE_STRING: value->a_string = va_arg (vaargs, const char *); break; - case VALTYPE_POINTER: + case VALTYPE_POINTER: value->a_void_ptr = va_arg (vaargs, void *); break; #ifdef HAVE_INTMAX_T case VALTYPE_INTMAX: value->a_intmax = va_arg (vaargs, intmax_t); break; - case VALTYPE_INTMAX_PTR: - value->a_intmax_ptr = va_arg (vaargs, intmax_t *); + case VALTYPE_INTMAX_PTR: + value->a_intmax_ptr = va_arg (vaargs, intmax_t *); break; #endif #ifdef HAVE_UINTMAX_T - case VALTYPE_UINTMAX: - value->a_uintmax = va_arg (vaargs, uintmax_t); + case VALTYPE_UINTMAX: + value->a_uintmax = va_arg (vaargs, uintmax_t); break; #endif case VALTYPE_SIZE: value->a_size = va_arg (vaargs, size_t); break; - case VALTYPE_SIZE_PTR: - value->a_size_ptr = va_arg (vaargs, size_t *); + case VALTYPE_SIZE_PTR: + value->a_size_ptr = va_arg (vaargs, size_t *); break; #ifdef HAVE_PTRDIFF_T case VALTYPE_PTRDIFF: - value->a_ptrdiff = va_arg (vaargs, ptrdiff_t); + value->a_ptrdiff = va_arg (vaargs, ptrdiff_t); break; case VALTYPE_PTRDIFF_PTR: value->a_ptrdiff_ptr = va_arg (vaargs, ptrdiff_t *); @@ -771,7 +771,7 @@ pad_out (estream_printf_out_t outfnc, void *outfncarg, *nbytes += n; count -= n; } - + return 0; } @@ -808,18 +808,18 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg, { case VALTYPE_SHORT: along = value.a_short; break; case VALTYPE_INT: along = value.a_int; break; - case VALTYPE_LONG: along = value.a_long; break; + case VALTYPE_LONG: along = value.a_long; break; #ifdef HAVE_LONG_LONG_INT - case VALTYPE_LONGLONG: along = value.a_longlong; break; - case VALTYPE_SIZE: along = value.a_size; break; + case VALTYPE_LONGLONG: along = value.a_longlong; break; + case VALTYPE_SIZE: along = value.a_size; break; # ifdef HAVE_INTMAX_T - case VALTYPE_INTMAX: along = value.a_intmax; break; + case VALTYPE_INTMAX: along = value.a_intmax; break; # endif # ifdef HAVE_PTRDIFF_T - case VALTYPE_PTRDIFF: along = value.a_ptrdiff; break; + case VALTYPE_PTRDIFF: along = value.a_ptrdiff; break; # endif #endif /*HAVE_LONG_LONG_INT*/ - default: + default: return -1; } if (along < 0) @@ -836,18 +836,18 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg, { case VALTYPE_USHORT: aulong = value.a_ushort; break; case VALTYPE_UINT: aulong = value.a_uint; break; - case VALTYPE_ULONG: aulong = value.a_ulong; break; + case VALTYPE_ULONG: aulong = value.a_ulong; break; #ifdef HAVE_LONG_LONG_INT - case VALTYPE_ULONGLONG: aulong = value.a_ulonglong; break; - case VALTYPE_SIZE: aulong = value.a_size; break; + case VALTYPE_ULONGLONG: aulong = value.a_ulonglong; break; + case VALTYPE_SIZE: aulong = value.a_size; break; # ifdef HAVE_UINTMAX_T - case VALTYPE_UINTMAX: aulong = value.a_uintmax; break; + case VALTYPE_UINTMAX: aulong = value.a_uintmax; break; # endif # ifdef HAVE_PTRDIFF_T - case VALTYPE_PTRDIFF: aulong = value.a_ptrdiff; break; + case VALTYPE_PTRDIFF: aulong = value.a_ptrdiff; break; # endif #endif /*HAVE_LONG_LONG_INT*/ - default: + default: return -1; } } @@ -878,7 +878,7 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg, do { - if ((arg->flags & FLAG_GROUPING) + if ((arg->flags & FLAG_GROUPING) && (++grouping == 3) && *grouping_string) { *--p = *grouping_string; @@ -913,7 +913,7 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg, if ((arg->flags & FLAG_ALT_CONV)) n_extra += 2; } - + n = pend - p; if ((arg->flags & FLAG_ZERO_PAD) @@ -958,7 +958,7 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg, if (rc) return rc; } - + rc = outfnc (outfncarg, p, pend - p); if (rc) return rc; @@ -1011,7 +1011,7 @@ pr_float (estream_printf_out_t outfnc, void *outfncarg, adblfloat = value.a_longdouble; use_dbl=1; break; #endif - default: + default: return -1; } @@ -1122,7 +1122,7 @@ pr_char (estream_printf_out_t outfnc, void *outfncarg, if(rc) return rc; *nbytes += 1; - + return 0; } @@ -1143,7 +1143,9 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg, string = "(null)"; if (arg->precision >= 0) { - for (n=0,s=string; *s && n < arg->precision; s++) + /* Test for nul after N so that we can pass a non-nul terminated + string. */ + for (n=0,s=string; n < arg->precision && *s; s++) n++; } else @@ -1169,7 +1171,7 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg, if (rc) return rc; } - + return 0; } @@ -1210,7 +1212,7 @@ pr_pointer (estream_printf_out_t outfnc, void *outfncarg, *--p = '0'; *--p = 'x'; *--p = '0'; - + rc = outfnc (outfncarg, p, pend - p); if (rc) return rc; @@ -1229,14 +1231,14 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg, switch (arg->vt) { - case VALTYPE_SCHAR_PTR: - *value.a_schar_ptr = (signed char)(unsigned int)(*nbytes); + case VALTYPE_SCHAR_PTR: + *value.a_schar_ptr = (signed char)(unsigned int)(*nbytes); break; - case VALTYPE_SHORT_PTR: + case VALTYPE_SHORT_PTR: *value.a_short_ptr = (short)(unsigned int)(*nbytes); break; - case VALTYPE_LONG_PTR: - *value.a_long_ptr = (long)(*nbytes); + case VALTYPE_LONG_PTR: + *value.a_long_ptr = (long)(*nbytes); break; #ifdef HAVE_LONG_LONG_INT case VALTYPE_LONGLONG_PTR: @@ -1244,12 +1246,12 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg, break; #endif #ifdef HAVE_INTMAX_T - case VALTYPE_INTMAX_PTR: + case VALTYPE_INTMAX_PTR: *value.a_intmax_ptr = (intmax_t)(*nbytes); break; #endif case VALTYPE_SIZE_PTR: - *value.a_size_ptr = (*nbytes); + *value.a_size_ptr = (*nbytes); break; #ifdef HAVE_PTRDIFF_T case VALTYPE_PTRDIFF_PTR: @@ -1274,8 +1276,8 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg, holds the values and may be directly addressed using the position arguments given by ARGSPECS. MYERRNO is used for the "%m" conversion. NBYTES well be updated to reflect the number of bytes - send to the output function. */ -static int + send to the output function. */ +static int do_format (estream_printf_out_t outfnc, void *outfncarg, const char *format, argspec_t argspecs, size_t argspecs_len, valueitem_t valuetable, int myerrno, size_t *nbytes) @@ -1319,7 +1321,7 @@ do_format (estream_printf_out_t outfnc, void *outfncarg, /* Save the next start. */ s += arg->length; format = s; - + assert (argidx < argspecs_len); argidx++; @@ -1387,9 +1389,9 @@ do_format (estream_printf_out_t outfnc, void *outfncarg, } if (rc) return rc; - arg++; + arg++; } - + /* Print out any trailing stuff. */ n = s - format; rc = n? outfnc (outfncarg, format, n) : 0; @@ -1407,7 +1409,7 @@ do_format (estream_printf_out_t outfnc, void *outfncarg, output of the formatted stuff. FORMAT is the format specification and VAARGS a variable argumemt list matching the arguments of FORMAT. */ -int +int estream_format (estream_printf_out_t outfnc, void *outfncarg, const char *format, va_list vaargs) @@ -1442,7 +1444,7 @@ estream_format (estream_printf_out_t outfnc, /* Check that all ARG_POS fields are set. */ for (argidx=0,max_pos=0; argidx < argspecs_len; argidx++) { - if (argspecs[argidx].arg_pos != -1 + if (argspecs[argidx].arg_pos != -1 && argspecs[argidx].arg_pos > max_pos) max_pos = argspecs[argidx].arg_pos; if (argspecs[argidx].width_pos > max_pos) @@ -1523,13 +1525,13 @@ estream_format (estream_printf_out_t outfnc, valuetable[validx].vt = VALTYPE_INT; } } - + /* Read all the arguments. This will error out for unsupported types and for not given positional arguments. */ rc = read_values (valuetable, max_pos, vaargs); if (rc) - goto leave_einval; - + goto leave_einval; + /* for (validx=0; validx < max_pos; validx++) */ /* fprintf (stderr, "%2d: vt=%d\n", validx, valuetable[validx].vt); */ @@ -1538,7 +1540,7 @@ estream_format (estream_printf_out_t outfnc, argspecs, argspecs_len, valuetable, myerrno, &nbytes); goto leave; - + leave_einval: errno = EINVAL; leave_error: @@ -1572,11 +1574,11 @@ estream_printf (const char *format, ...) { int rc; va_list arg_ptr; - + va_start (arg_ptr, format); rc = estream_format (plain_stdio_out, stderr, format, arg_ptr); va_end (arg_ptr); - + return rc; } @@ -1586,16 +1588,16 @@ estream_fprintf (FILE *fp, const char *format, ...) { int rc; va_list arg_ptr; - + va_start (arg_ptr, format); rc = estream_format (plain_stdio_out, fp, format, arg_ptr); va_end (arg_ptr); - + return rc; } /* A replacement for vfprintf. */ -int +int estream_vfprintf (FILE *fp, const char *format, va_list arg_ptr) { return estream_format (plain_stdio_out, fp, format, arg_ptr); @@ -1642,7 +1644,7 @@ fixed_buffer_out (void *outfncarg, const char *buf, size_t buflen) /* A replacement for vsnprintf. */ -int +int estream_vsnprintf (char *buf, size_t bufsize, const char *format, va_list arg_ptr) { @@ -1667,7 +1669,7 @@ estream_vsnprintf (char *buf, size_t bufsize, } /* A replacement for snprintf. */ -int +int estream_snprintf (char *buf, size_t bufsize, const char *format, ...) { int rc; @@ -1676,7 +1678,7 @@ estream_snprintf (char *buf, size_t bufsize, const char *format, ...) va_start (arg_ptr, format); rc = estream_vsnprintf (buf, bufsize, format, arg_ptr); va_end (arg_ptr); - + return rc; } @@ -1686,7 +1688,7 @@ estream_snprintf (char *buf, size_t bufsize, const char *format, ...) dynamic_buffer_out. */ struct dynamic_buffer_parm_s { - int error_flag; /* Internal helper. */ + int error_flag; /* Internal helper. */ size_t alloced; /* Allocated size of the buffer. */ size_t used; /* Used size of the buffer. */ char *buffer; /* Malloced buffer. */ @@ -1709,7 +1711,7 @@ dynamic_buffer_out (void *outfncarg, const char *buf, size_t buflen) if (parm->used + buflen >= parm->alloced) { char *p; - + parm->alloced += buflen + 512; p = realloc (parm->buffer, parm->alloced); if (!p) @@ -1732,7 +1734,7 @@ dynamic_buffer_out (void *outfncarg, const char *buf, size_t buflen) /* A replacement for vasprintf. As with the BSD of vasprintf version -1 will be returned on error and NULL stored at BUFP. On success the number of bytes printed will be returned. */ -int +int estream_vasprintf (char **bufp, const char *format, va_list arg_ptr) { struct dynamic_buffer_parm_s parm; @@ -1747,7 +1749,7 @@ estream_vasprintf (char **bufp, const char *format, va_list arg_ptr) *bufp = NULL; return -1; } - + rc = estream_format (dynamic_buffer_out, &parm, format, arg_ptr); if (!rc) rc = dynamic_buffer_out (&parm, "", 1); /* Print terminating Nul. */ @@ -1772,7 +1774,7 @@ estream_vasprintf (char **bufp, const char *format, va_list arg_ptr) /* A replacement for asprintf. As with the BSD of asprintf version -1 will be returned on error and NULL stored at BUFP. On success the number of bytes printed will be returned. */ -int +int estream_asprintf (char **bufp, const char *format, ...) { int rc; @@ -1781,7 +1783,7 @@ estream_asprintf (char **bufp, const char *format, ...) va_start (arg_ptr, format); rc = estream_vasprintf (bufp, format, arg_ptr); va_end (arg_ptr); - + return rc; } ----------------------------------------------------------------------- Summary of changes: NEWS | 16 +++- common/estream-printf.c | 190 ++++++++++++++++++++++++----------------------- configure.ac | 2 +- 3 files changed, 112 insertions(+), 96 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jun 30 20:26:54 2014 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 30 Jun 2014 20:26:54 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.17-6-gc05918c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via c05918c1b92bbf4f8cce0f18508014bfcf6332d8 (commit) via 6a7b763e05d352a08f639d5eef9d0bac01c5c456 (commit) via aae7ec516b79e20938c56fd48fc0bc9d2116426c (commit) via 955524f4359ba9e9de213f4067c38df9ae4808a8 (commit) via 574b9ed28d83a98b9c002b349de651236b86ac24 (commit) from ba50a006302cee62376f1c7bf11a08dad14f41ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c05918c1b92bbf4f8cce0f18508014bfcf6332d8 Author: Werner Koch Date: Wed Jun 25 14:33:34 2014 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 78de9ed..5e12a86 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.4.19 (unreleased) +------------------------------------------------- + + Noteworthy changes in version 1.4.18 (2014-06-30) ------------------------------------------------- diff --git a/README b/README index 4a07839..c1847a6 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ GnuPG - The GNU Privacy Guard ------------------------------- - Version 1.4.18 + Version 1.4.19 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, diff --git a/configure.ac b/configure.ac index 96f09d7..ae63a4a 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.9.3" # (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [1.4.18]) +m4_define([mym4_version], [1.4.19]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 6a7b763e05d352a08f639d5eef9d0bac01c5c456 Author: Werner Koch Date: Wed Jun 25 14:33:34 2014 +0200 Release 1.4.18 diff --git a/NEWS b/NEWS index 15154c3..78de9ed 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,12 @@ -Noteworthy changes in version 1.4.18 (unreleased) +Noteworthy changes in version 1.4.18 (2014-06-30) ------------------------------------------------- + * Fix a regression in 1.4.17 if more than one keyid is given + to --recv-keys et al. + + * Cap RSA and Elgamal keysize at 4096 bit also for unattended key + generation. + Noteworthy changes in version 1.4.17 (2014-06-23) ------------------------------------------------- commit aae7ec516b79e20938c56fd48fc0bc9d2116426c Author: Werner Koch Date: Wed Jun 25 20:25:28 2014 +0200 Limit keysize for unattended key generation to useful values. * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096. (gen_rsa): Enforce keysize 1024 to 4096. (gen_dsa): Enforce keysize 768 to 3072. -- It was possible to create 16k RSA keys in batch mode. In addition to the silliness of such keys, they have the major drawback that GnuPG, with its limited amount of specially secured memory areas, the use of such keys may lead to an "out of secure memory" condition. diff --git a/g10/keygen.c b/g10/keygen.c index b84dd0b..84f852f 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1039,10 +1039,14 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, assert( is_ELGAMAL(algo) ); - if( nbits < 512 ) { + if (nbits < 1024) { nbits = 2048; log_info(_("keysize invalid; using %u bits\n"), nbits ); } + else if (nbits > 4096) { + nbits = 4096; + log_info(_("keysize invalid; using %u bits\n"), nbits ); + } if( (nbits % 32) ) { nbits = ((nbits + 31) / 32) * 32; @@ -1121,7 +1125,7 @@ gen_dsa(unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, MPI *factors; unsigned int qbits; - if( nbits < 512) + if( nbits < 768) { nbits = 2048; log_info(_("keysize invalid; using %u bits\n"), nbits ); @@ -1256,6 +1260,10 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, nbits = 2048; log_info(_("keysize invalid; using %u bits\n"), nbits ); } + else if (nbits > 4096) { + nbits = 4096; + log_info(_("keysize invalid; using %u bits\n"), nbits ); + } if( (nbits % 32) ) { nbits = ((nbits + 31) / 32) * 32; commit 955524f4359ba9e9de213f4067c38df9ae4808a8 Author: Werner Koch Date: Wed Jun 25 14:33:34 2014 +0200 Make screening of keyserver result work with multi-key commands. * g10/keyserver.c (ks_retrieval_filter_arg_s): new. (keyserver_retrieval_filter): Use new struct and check all descriptions. (keyserver_spawn): Pass filter arg suing the new struct. -- This is a fix for commit 52303043. The old code did only work for a single key. It failed as soon as several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A B C"). diff --git a/g10/keyserver.c b/g10/keyserver.c index dca5e18..af174fb 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -960,13 +960,25 @@ direct_uri_map(const char *scheme,unsigned int is_direct) #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" +/* Structure to convey the arg to keyserver_retrieval_filter. */ +struct ks_retrieval_filter_arg_s +{ + KEYDB_SEARCH_DESC *desc; + int ndesc; +}; + + /* Check whether a key matches the search description. The filter returns 0 if the key shall be imported. Note that this kind of filter is not related to the iobuf filters. */ static int -keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) +keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, + void *opaque) { - KEYDB_SEARCH_DESC *desc = arg; + struct ks_retrieval_filter_arg_s *arg = opaque; + KEYDB_SEARCH_DESC *desc = arg->desc; + int ndesc = arg->ndesc; + int n; u32 keyid[2]; byte fpr[MAX_FINGERPRINT_LEN]; size_t fpr_len = 0; @@ -975,32 +987,40 @@ keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) if (sk) return G10ERR_GENERAL; + if (!ndesc) + return 0; /* Okay if no description given. */ + fingerprint_from_pk (pk, fpr, &fpr_len); keyid_from_pk (pk, keyid); /* Compare requested and returned fingerprints if available. */ - if (desc->mode == KEYDB_SEARCH_MODE_FPR20) - { - if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20)) - return G10ERR_GENERAL; - } - else if (desc->mode == KEYDB_SEARCH_MODE_FPR16) + for (n = 0; n < ndesc; n++) { - if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16)) - return G10ERR_GENERAL; - } - else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID) - { - if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1]) - return G10ERR_GENERAL; - } - else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID) - { - if (keyid[1] != desc->u.kid[1]) - return G10ERR_GENERAL; + if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20) + { + if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20)) + return 0; + } + else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16) + { + if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16)) + return 0; + } + else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) + { + if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1]) + return 0; + } + else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) + { + if (keyid[1] == desc[n].u.kid[1]) + return 0; + } + else + return 0; } - return 0; + return G10ERR_GENERAL; } @@ -1540,6 +1560,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, case KS_GETNAME: { void *stats_handle; + struct ks_retrieval_filter_arg_s filterarg; stats_handle=import_new_stats_handle(); @@ -1552,11 +1573,12 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, that we don't allow the import of secret keys from a keyserver. Keyservers should never accept or send them but we better protect against rogue keyservers. */ - + filterarg.desc = desc; + filterarg.ndesc = count; import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len, (opt.keyserver_options.import_options | IMPORT_NO_SECKEY), - keyserver_retrieval_filter, desc); + keyserver_retrieval_filter, &filterarg); import_print_stats(stats_handle); import_release_stats_handle(stats_handle); commit 574b9ed28d83a98b9c002b349de651236b86ac24 Author: Werner Koch Date: Tue Jun 24 20:12:26 2014 +0200 Add CVE number -- diff --git a/NEWS b/NEWS index a78109b..15154c3 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,7 @@ Noteworthy changes in version 1.4.18 (unreleased) Noteworthy changes in version 1.4.17 (2014-06-23) ------------------------------------------------- - * Avoid DoS due to garbled compressed data packets. + * Avoid DoS due to garbled compressed data packets. [CVE-2014-4617] * Screen keyserver reponses to avoid import of unwanted keys by rogue servers. ----------------------------------------------------------------------- Summary of changes: NEWS | 14 ++++++++++-- README | 2 +- configure.ac | 2 +- g10/keygen.c | 12 ++++++++-- g10/keyserver.c | 68 ++++++++++++++++++++++++++++++++++++------------------- 5 files changed, 69 insertions(+), 29 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org