gnupg.git
2 years agogpg: Avoid malloc failure due to no key signatures
Werner Koch [Mon, 19 Sep 2016 06:27:23 +0000 (08:27 +0200)]
gpg: Avoid malloc failure due to no key signatures

* g10/keyedit.c (check_all_keysigs): Check early for no key
signatures.  Use xtrycalloc.
--

GnuPG-bug-id: 2690
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Clarify forward-compatible expectations
Daniel Kahn Gillmor [Sat, 17 Sep 2016 15:34:35 +0000 (11:34 -0400)]
doc: Clarify forward-compatible expectations

--
Encourage better parsers/interpreters of with-colons
and status-fd output.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoFix comment and format.
NIIBE Yutaka [Sat, 17 Sep 2016 07:16:41 +0000 (16:16 +0900)]
Fix comment and format.

* agent/protect-tool.c (main): Fix comment.
* doc/DETAILS (colon listings): Fix list.
* tests/openpgp/multisig.test: Fix comment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoFix more spelling
Daniel Kahn Gillmor [Thu, 15 Sep 2016 18:21:15 +0000 (14:21 -0400)]
Fix more spelling

* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
  tests/pkits/README, tools/applygnupgdefaults,
  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
  minor spelling cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agomove some file encodings to UTF-8
Daniel Kahn Gillmor [Thu, 15 Sep 2016 17:34:10 +0000 (13:34 -0400)]
move some file encodings to UTF-8

* dirmgnr/cdblib.c: comment used unnecesary hyphenation
* dirmngr/crlcache.h: comment was iso-8859-1
* doc/contrib.text: list contributors using UTF-8 (now we can
  acknowledge many more people using their preferred orthography)

At least one other files remains in a non-UTF-8 encoding, which i'm
not sure what to do with:

 - build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs
   it that way?

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agog10: On failure, propagate the return code.
Neal H. Walfield [Fri, 16 Sep 2016 13:32:03 +0000 (15:32 +0200)]
g10: On failure, propagate the return code.

* g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Improve some comments and a string.
Neal H. Walfield [Fri, 16 Sep 2016 13:31:10 +0000 (15:31 +0200)]
g10: Improve some comments and a string.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Don't ignore failure. On failure, rollback.
Neal H. Walfield [Fri, 16 Sep 2016 13:18:56 +0000 (15:18 +0200)]
g10: Don't ignore failure.  On failure, rollback.

* g10/tofu.c (tofu_set_policy): If record_binding fails, fail.  If the
function fails, rollback the transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Load the key block if the supplied user id list is NULL.
Neal H. Walfield [Fri, 16 Sep 2016 13:17:51 +0000 (15:17 +0200)]
g10: Load the key block if the supplied user id list is NULL.

* g10/tofu.c (tofu_register_encryption): Load the key block if
USER_ID_LIST is NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Use the accessor functions for accessing and comparing key ids
Neal H. Walfield [Fri, 16 Sep 2016 13:10:11 +0000 (15:10 +0200)]
g10: Use the accessor functions for accessing and comparing key ids

* g10/tofu.c (get_trust): Use the pk_main_keyid accessor function.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.
(tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agopo: convert localizations to UTF-8
Daniel Kahn Gillmor [Thu, 15 Sep 2016 17:49:05 +0000 (13:49 -0400)]
po: convert localizations to UTF-8

* po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po: convert to UTF-8

This was an automated conversion process, using:

   for x in po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po; do
       cs=$(grep charset= $x | cut -f2 -d= | cut -f1 -d\\)
       iconv -f $cs -t UTF-8 < $x >$x.tmp
       sed "s/$cs/UTF-8/" < $x.tmp > $x
       rm -f $x.tmp
   done

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoscd: Add support of ECC pubkey attribute.
NIIBE Yutaka [Fri, 16 Sep 2016 06:20:32 +0000 (15:20 +0900)]
scd: Add support of ECC pubkey attribute.

* scd/app-openpgp.c (ECC_FLAG_PUBKEY): New.
(send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher)
(parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK.
(build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN.
Support offering public key when ECC_FLAG_PUBKEY sets.
(ecc_writekey): Supply ECC_Q and ECC_Q_LEN.
(parse_algorithm_attribute): Parse pubkey-required byte.

--

OpenPGPcard protocol specification version 3.2 supports algorithm
attributes for ECC key which specifies public key data is required for
"keytocard" command.  This change supports the feature.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Add missing header.
Justus Winter [Thu, 15 Sep 2016 12:46:06 +0000 (14:46 +0200)]
g10: Add missing header.

* g10/trustdb.c: Include 'mbox-util.h'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog10: Only consider bindings matching the signer's user id.
Neal H. Walfield [Thu, 15 Sep 2016 10:21:15 +0000 (12:21 +0200)]
g10: Only consider bindings matching the signer's user id.

* g10/trustdb.c (tdb_get_validity_core): If the signer's user id
subpacket is present, only consider matching user ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Don't include the signature when printing a binding's validity.
Neal H. Walfield [Thu, 15 Sep 2016 10:19:29 +0000 (12:19 +0200)]
g10: Don't include the signature when printing a binding's validity.

* g10/mainproc.c (check_sig_and_print): When printing information
about a binding don't include the current signature.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests/fake-pinentries: fake pinentries for downstream developers.
Daniel Kahn Gillmor [Wed, 14 Sep 2016 19:55:13 +0000 (15:55 -0400)]
tests/fake-pinentries: fake pinentries for downstream developers.

* tests/fake-pinentries/README.txt and
  tests/fake-pinentries/fake-pinentry.{sh,py,pl,php}}: New public
  domain (CC0) files to encourage better test suite practices from
  downstream developers.
* tests/fake-pinentries/COPYING (new): a copy of
  https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agospelling: conenction should be connection
Daniel Kahn Gillmor [Wed, 14 Sep 2016 21:21:19 +0000 (17:21 -0400)]
spelling: conenction should be connection

* dirmngr/server.c, sm/server.c: s/conenction/connection/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agospelling: correct achived to achieved
Daniel Kahn Gillmor [Wed, 14 Sep 2016 21:23:09 +0000 (17:23 -0400)]
spelling: correct achived to achieved

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agotests/gpgscm: Fix use of pointer.
NIIBE Yutaka [Thu, 15 Sep 2016 00:17:59 +0000 (09:17 +0900)]
tests/gpgscm: Fix use of pointer.

* tests/gpgscm/scheme-private.h (struct scheme): Use (void *) for
alloc_seg.
* tests/gpgscm/scheme.c (alloc_cellseg): Use (void *) for cp.  Use
(void *) for coercion of address calculation.

--

In old C language, (char *) means an address.  In modern C, it's
specifically an address with alignment=1.  It's good to use (void *) for
an address, because newer compiler emits warnings.  Note: in this
particular case, it is just a warning and the code is safe against
invalid alignment, though.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Fix whitespace.
Neal H. Walfield [Wed, 14 Sep 2016 13:21:14 +0000 (15:21 +0200)]
g10: Fix whitespace.

* g10/tofu.c (show_statistics): Fix whitespace.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Correctly compute the euclidean distance.
Neal H. Walfield [Wed, 14 Sep 2016 13:20:33 +0000 (15:20 +0200)]
g10: Correctly compute the euclidean distance.

* g10/tofu.c (write_stats_status): Correctly compute the euclidean
distance.
(show_statistics): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Change the default TOFU policy for UTKs to good.
Neal H. Walfield [Wed, 14 Sep 2016 13:19:18 +0000 (15:19 +0200)]
g10: Change the default TOFU policy for UTKs to good.

* g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to
good.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Add missing static qualifier.
Neal H. Walfield [Wed, 14 Sep 2016 13:18:25 +0000 (15:18 +0200)]
g10: Add missing static qualifier.

* g10/tofu.c (cross_sigs): Add missing static qualifier.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Default to the "good" TOFU policy for keys signed by a UTK.
Neal H. Walfield [Wed, 14 Sep 2016 13:17:27 +0000 (15:17 +0200)]
g10: Default to the "good" TOFU policy for keys signed by a UTK.

* g10/tofu.c (signed_by_utk): New function.
(get_trust): If a key is signed by an ultimately trusted key, then
set any bindings to good.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agogpg: Emit a new error status line in --quick-adduid.
Werner Koch [Wed, 14 Sep 2016 08:59:18 +0000 (10:59 +0200)]
gpg: Emit a new error status line in --quick-adduid.

* g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing
user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Allow use of "default" algo for--quick-addkey.
Werner Koch [Wed, 14 Sep 2016 07:46:10 +0000 (09:46 +0200)]
gpg: Allow use of "default" algo for--quick-addkey.

* g10/keygen.c (quick_generate_keypair): Write a status error.
(parse_algo_usage_expire): Set a default curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Improve usability of --quick-gen-key.
Werner Koch [Tue, 13 Sep 2016 09:30:54 +0000 (11:30 +0200)]
gpg: Improve usability of --quick-gen-key.

* g10/keygen.c (FUTURE_STD_): New constants.
(parse_expire_string): Handle special keywords.
(parse_algo_usage_expire): Allow "future-default".  Simplify call to
parse_expire_string.
(quick_generate_keypair): Always allow an expiration date.  Replace
former "test-default" by "future-default".
--

Using an expiration date is pretty common, thus we now allow the
creation of a standard key with expiration date.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Minor fix to the usbmon debugging tool.
Werner Koch [Tue, 13 Sep 2016 06:26:56 +0000 (08:26 +0200)]
tools: Minor fix to the usbmon debugging tool.

--
* tools/ccidmon.c (GNUPG_NAME): Define if not defined.
(digitp, hexdigitp): Change to our common semantics.

--
Note that this tool only exists in the repo.

GnuPG-bug-id: 2678
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Avoid mixing up status and colon line output.
Werner Koch [Mon, 12 Sep 2016 15:42:50 +0000 (17:42 +0200)]
gpg: Avoid mixing up status and colon line output.

* g10/keylist.c (list_keyblock_colon): Avoid calling functions which
trigger a status line output before having printed a LF.
--

Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the
colons output, like here:

  pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...]

Reported-by: Andreas Stieger <astieger@suse.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Simplify tofu test.
Justus Winter [Mon, 12 Sep 2016 09:07:48 +0000 (11:07 +0200)]
tests: Simplify tofu test.

* tests/openpgp/tofu.scm: Simplify now that we only have one db
format.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoPortability build fix.
Ben Kibbey [Sat, 10 Sep 2016 17:42:09 +0000 (13:42 -0400)]
Portability build fix.

* kbx/Makefile.am: Add NETLIBS.
* dirmngr/Makefile.am: Ditto for dirmngr_ldap.
--

Fixes OpenIndiana (Solaris) builds.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2 years agoFix symbol conflict.
Ben Kibbey [Sat, 10 Sep 2016 17:42:09 +0000 (13:42 -0400)]
Fix symbol conflict.

* g10/gpgcompose.c: Rename struct siginfo to signinfo.
--

Fixes android-ndk and OpenIndiana (Solaris) builds.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2 years agogpg: print fingerprint regardless of keyid-format
Daniel Kahn Gillmor [Thu, 8 Sep 2016 12:47:04 +0000 (14:47 +0200)]
gpg: print fingerprint regardless of keyid-format

* g10/keylist.c (print_fingerprint): use compact format independent of
  keyid-format; (print_key_line): always print the fingerprint

--

The choice of fingerprint display should be independent of the
keyid-format.

Currently, the representation of the fingerprint changes depending on
whether the user has specified --keyid-format to anything besides
"none".  (this is common, for example, if someone happens to have
"keyid-format long" in their gpg.conf for interoperability with older
versions of gpg)

With this changeset, keyid-format governs only the format of the
displayed keyID, while the fingerprint display is governed only by the
fingerprint options:

 [default]::
    compact fpr of pubkey only
 --with-fingerprint::
    human-readable form of fpr of pubkey only
 --with-fingerprint --with-fingerprint::
    human-readable form of pubkey and subkey
 --with-subkey-fingerprint:
    compact fpr for pubkey and subkeys

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agogpg: Remove option --yes from gpgv
Werner Koch [Thu, 8 Sep 2016 12:34:07 +0000 (14:34 +0200)]
gpg: Remove option --yes from gpgv

* g10/gpgv.c (opts): Remove --yes.
(main): Always set opt.ANSWER_YES.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Add options --output and --yes to gpgv.
Werner Koch [Thu, 8 Sep 2016 08:50:51 +0000 (10:50 +0200)]
gpg: Add options --output and --yes to gpgv.

* g10/gpgv.c (oOutput, oAnswerYes): New.
(opts): Add --output and --yes.
(main): Implement options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Make --output work with --verify.
Werner Koch [Wed, 7 Sep 2016 22:45:45 +0000 (00:45 +0200)]
gpg: Make --output work with --verify.

* g10/mainproc.c (proc_plaintext): Handle opt.output.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Terminate on deletion of the socket file (Linux only).
Werner Koch [Wed, 7 Sep 2016 10:36:48 +0000 (12:36 +0200)]
dirmngr: Terminate on deletion of the socket file (Linux only).

* dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
(oDisableCheckOwnSocket): New.
(opts): Add --disable-check-own-socket.
(disable_check_own_socket): New var.
(parse_rereadable_options): Set that var.
(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
(handle_connections) [HAVE_INOTIFY_INIT]: New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Use the time a signature was seen, not the embedded time, for stats
Neal H. Walfield [Wed, 7 Sep 2016 09:17:47 +0000 (11:17 +0200)]
g10: Use the time a signature was seen, not the embedded time, for stats

* g10/tofu.c (ask_about_binding): Use the time that a signature was
seen, not allegedly generated, when generating statistics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests: Don't use --tofu-db-format.
Neal H. Walfield [Wed, 7 Sep 2016 09:02:51 +0000 (11:02 +0200)]
tests: Don't use --tofu-db-format.

* tests/openpgp/tofu.scm: Remove use of --tofu-db-format, which is
deprecated.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Check for a new binding a bit later.
Neal H. Walfield [Wed, 7 Sep 2016 08:53:28 +0000 (10:53 +0200)]
g10: Check for a new binding a bit later.

* g10/tofu.c (build_conflict_set): Check for the current key after
looking for conflicts and removing any '!'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 1f1f56e6

2 years agog10: Change TOFU code to respect --faked-system-time.
Neal H. Walfield [Wed, 7 Sep 2016 08:28:39 +0000 (10:28 +0200)]
g10: Change TOFU code to respect --faked-system-time.

* g10/tofu.c (record_binding): New parameter now.  Update callers.
Don't use SQLite's strftime('%s','now') to get the current time, use
NOW.
(ask_about_binding): Likewise.
(get_trust): New parameter now.  Update callers.
(show_statistics): Likewise.
(tofu_register_signature): Don't use SQLite's strftime('%s','now') to
get the current time, use gnupg_get_time().
(tofu_register_encryption): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Use the correct conversion function.
Neal H. Walfield [Wed, 7 Sep 2016 08:06:58 +0000 (10:06 +0200)]
g10: Use the correct conversion function.

* g10/tofu.c (show_statistics): Use string_to_ulong, not
string_to_long.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 875ac921

2 years agog10: Add missing sqrtu32.h and sqrtu32.c.
Neal H. Walfield [Wed, 7 Sep 2016 06:55:17 +0000 (08:55 +0200)]
g10: Add missing sqrtu32.h and sqrtu32.c.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 875ac92.

2 years agogpg: Fix format string issues in tofu.
Werner Koch [Wed, 7 Sep 2016 06:41:48 +0000 (08:41 +0200)]
gpg: Fix format string issues in tofu.

* g10/tofu.c (write_stats_status): Use ulong for MESSSAGES.  Fix
format strings.  Simplify by using the new write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Temporary hack to repalce missing sqrtu32.
Werner Koch [Wed, 7 Sep 2016 06:40:18 +0000 (08:40 +0200)]
g10: Temporary hack to repalce missing sqrtu32.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Make sure some functions are passed a primary key.
Neal H. Walfield [Tue, 6 Sep 2016 20:40:59 +0000 (22:40 +0200)]
g10: Make sure some functions are passed a primary key.

* g10/tofu.c (get_trust): Make sure the caller provides a primary key.
(tofu_register_signature): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Tweak TOFU's verbosity.
Neal H. Walfield [Tue, 6 Sep 2016 20:27:40 +0000 (22:27 +0200)]
g10: Tweak TOFU's verbosity.

* g10/tofu.c (time_ago_str): Only show the most significant unit.
* g10/tofu.c (show_statistics): Tweak the output.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Only show the TOFU warning once per key.
Neal H. Walfield [Tue, 6 Sep 2016 20:10:57 +0000 (22:10 +0200)]
g10: Only show the TOFU warning once per key.

* g10/tofu.c (show_statistics): Return whether to call show_warning.
Move the warning from here...
(show_warning): ... to this new function.
(tofu_get_validity): If show_statistics returns a non-zero value, call
show_warning.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Record and show statistics for encrypted messages when using TOFU
Neal H. Walfield [Tue, 6 Sep 2016 13:45:38 +0000 (15:45 +0200)]
g10: Record and show statistics for encrypted messages when using TOFU

* g10/tofu.c: Include "sqrtu32.h".
(struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
get_trust_gather_signature_stats.  Add new field
get_trust_gather_encryption_stats.
(initdb): Create the encryptions table.
(ask_about_binding): Show the encryption statistics too.
(tofu_register): Rename from this...
(tofu_register_signature): ... to this and update callers.
(tofu_register_encryption): New function.
(write_stats_status): Add parameters encryption_count,
encryption_first_done and encryption_most_recent.  Update callers.
Compute the trust using the euclidean distance of the signature and
signature count.  Compare with twice the threshold.  Include
encryption count information in the TFS and TOFU_STATS lines.
(show_statistics): Also get information about the encrypted messages.
* g10/trustdb.c (tdb_get_validity_core): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Simplify the binding statistics shown for a TOFU conflict.
Neal H. Walfield [Tue, 6 Sep 2016 12:49:14 +0000 (14:49 +0200)]
g10: Simplify the binding statistics shown for a TOFU conflict.

* g10/tofu.c (ask_about_binding): Simplify binding statistics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agogpgscm: Fix detection of unbalanced parenthesis.
Justus Winter [Tue, 6 Sep 2016 14:35:40 +0000 (16:35 +0200)]
gpgscm: Fix detection of unbalanced parenthesis.

* tests/gpgscm/main.c (load): Print error message.
* tests/gpgscm/scheme.c (opexe_0): Correctly report nesting level when
loading files.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Fix test.
Justus Winter [Tue, 6 Sep 2016 14:45:56 +0000 (16:45 +0200)]
tests: Fix test.

* tests/openpgp/multisig.scm: Add missing parenthesis.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent: Terminate on deletion of the socket file (Linux only).
Werner Koch [Tue, 6 Sep 2016 08:53:45 +0000 (10:53 +0200)]
agent: Terminate on deletion of the socket file (Linux only).

* configure.ac (AC_CHECK_FUNCS): Chec for inotify_init.
* agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
(handle_connections) [HAVE_INOTIFY_INIT]: New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Speed up the test suite.
Justus Winter [Mon, 5 Sep 2016 15:17:24 +0000 (17:17 +0200)]
tests: Speed up the test suite.

* tests/openpgp/run-tests.scm (test::run-sync): Pass additional
arguments to the test.
(test::run-sync-quiet): Likewise.
(test::run-async): Likewise.
(run-tests-{parallel,sequential}-isolated): Create a tarball of the
gnupghome, then extract it for each test.
* tests/openpgp/setup.scm: Refactor into functions, add an interface
to tar-up the created environment, and untar it multiple times.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Restore a simpler variant of 'gnupg_wait_process'.
Justus Winter [Mon, 5 Sep 2016 13:34:44 +0000 (15:34 +0200)]
common: Restore a simpler variant of 'gnupg_wait_process'.

* common/exechelp-posix.c (gnupg_wait_process): Use the code prior to
5ba4f604.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Fix error handling.
Justus Winter [Mon, 5 Sep 2016 13:33:51 +0000 (15:33 +0200)]
common: Fix error handling.

* common/exechelp-posix.c (store_result): Use xtrymalloc.
(gnupg_wait_processes): Likewise, and check result.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog10: Don't add user attributes to the TOFU DB.
Neal H. Walfield [Mon, 5 Sep 2016 14:44:09 +0000 (16:44 +0200)]
g10: Don't add user attributes to the TOFU DB.

* g10/trustdb.c (tdb_get_validity_core): Skip user attributes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agoagent: Silence --debug IPC output for connections from self.
Werner Koch [Mon, 5 Sep 2016 14:13:41 +0000 (16:13 +0200)]
agent: Silence --debug IPC output for connections from self.

* agent/command.c (server_local_s): Add fields 'greeting_seen' and
'connect_from_self'.
(io_monitor): Do not log connections from self.
(start_command_handler): Set flag 'connect_from_self'.
* agent/gpg-agent.c (check_own_socket_thread): Disable logging.
(do_start_connection_thread): Do not log conection start and
termination if IPC debugging is enabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Small improvement of the server's local state.
Werner Koch [Mon, 5 Sep 2016 12:43:42 +0000 (14:43 +0200)]
agent: Small improvement of the server's local state.

* agent/command.c (sserver_local_s): Change flags to use only one bit.
(option_handler): Make an atoi return 1 or 0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Refactor cross sig check code.
Neal H. Walfield [Fri, 2 Sep 2016 20:33:47 +0000 (22:33 +0200)]
g10: Refactor cross sig check code.

* g10/tofu.c (BINDING_NEW): New enum value.
(BINDING_CONFLICT): Likewise.
(BINDING_EXPIRED): Likewise.
(BINDING_REVOKED): Likewise.
(ask_about_binding): Move cross sig check from here...
(get_trust): ... and the conflict set building from here...
(build_conflict_set): ... to this new function.
(format_conflict_msg_part1): Replace parameter conflict with
conflict_set.  Drop parameter fingerprint.  Update callers.
(ask_about_binding): Drop unused parameter conflict and redundant
parameter bindings_with_this_email_count.  Rename parameter
bindings_with_this_email to conflict_set.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests: Update README.
Justus Winter [Mon, 5 Sep 2016 11:59:29 +0000 (13:59 +0200)]
tests: Update README.

* tests/openpgp/README: Update.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Pass flags to test driver.
Justus Winter [Mon, 5 Sep 2016 11:58:37 +0000 (13:58 +0200)]
tests: Pass flags to test driver.

* tests/openpgp/Makefile.am (xcheck): Pass flags to 'run-tests.scm'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Improve waiting for processes on POSIX.
Justus Winter [Mon, 5 Sep 2016 11:50:17 +0000 (13:50 +0200)]
common: Improve waiting for processes on POSIX.

* common/exechelp-posix.c (struct terminated_child): New definition.
(terminated_children): New variable.
(store_result): New function.
(get_result): Likewise.
(gnupg_wait_process): Store results that were not requested and
consider previously stored results.

waitpid(2) may return information about terminated children that we
did not yet request, and there is no portable way to wait for a
specific set of children.  As a workaround, we store the results of
children for later use.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Fix typo.
Justus Winter [Mon, 5 Sep 2016 09:22:10 +0000 (11:22 +0200)]
common: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodirmngr: Exclude D lines from the IPC debug output.
Werner Koch [Mon, 5 Sep 2016 10:50:35 +0000 (12:50 +0200)]
dirmngr: Exclude D lines from the IPC debug output.

* dirmngr/dirmngr.h: Include asshelp.h.
* dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields.
(data_line_write): Implement logging inhibit.
(data_line_cookie_close): Print non-logged D lines.
(cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines.
(dirmngr_assuan_log_monitor): New.
* dirmngr/dirmngr.c (main): Register monitor function.
--

In particular with large keys the D lines clutter the log output and
make it unusable.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Add an assuan logging monitor.
Werner Koch [Mon, 5 Sep 2016 08:55:10 +0000 (10:55 +0200)]
common: Add an assuan logging monitor.

* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: New export filter drop-subkey.
Werner Koch [Mon, 5 Sep 2016 07:51:16 +0000 (09:51 +0200)]
gpg: New export filter drop-subkey.

* g10/import.c (impex_filter_getval): Add properties for key packets.
* g10/export.c (export_drop_subkey): New var.
(cleanup_export_globals): Release that var.
(parse_and_set_export_filter): Add filter "drop-subkey".
(apply_drop_subkey_filter): New.
(do_export_stream): Run that filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Add string operator gt,ge,le,lt to recsel.
Werner Koch [Mon, 5 Sep 2016 07:49:06 +0000 (09:49 +0200)]
common: Add string operator gt,ge,le,lt to recsel.

* common/recsel.c (recsel_parse_expr): Add them.
(recsel_dump): Print them.
(recsel_select): Evaluate them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Use a common filter_getval for import and export.
Werner Koch [Mon, 5 Sep 2016 06:31:25 +0000 (08:31 +0200)]
gpg: Use a common filter_getval for import and export.

* g10/import.c (filter_getval): Rename to ...
(impex_filter_getval): this.  Make global.
(apply_keep_uid_filter, apply_drop_sig_filter): Adjust.
* g10/export.c (filter_getval): Remove.
(apply_drop_sig_filter): Use impex_filter_getval.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoscd: Fix an action after card removal.
NIIBE Yutaka [Sat, 3 Sep 2016 06:27:30 +0000 (15:27 +0900)]
scd: Fix an action after card removal.

* scd/command.c (update_card_removed): Call apdu_close_reader here.

--

This is update of the commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3
It is better apdu_close_reader is called in update_card_removed.

The commit 1598a4476466822e7e9c757ac471089d3db4b545 introduced a
regression, it doesn't close the reader after removal of the card, while
the code before the commit call apdu_close_reader in do_reset.
So, this fix.

GnuPG-bug-id: 2449
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agopo: Fix line ending mismatch in Japanese translation.
Werner Koch [Fri, 2 Sep 2016 14:59:49 +0000 (16:59 +0200)]
po: Fix line ending mismatch in Japanese translation.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Add framework for policy flags.
Werner Koch [Fri, 2 Sep 2016 14:54:42 +0000 (16:54 +0200)]
wks: Add framework for policy flags.

* tools/call-dirmngr.c (wkd_get_policy_flags): New.
* tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New.
* tools/wks-util.c (wks_parse_policy): New.
* tools/gpg-wks-client.c (command_send): Get the policy flags to show
a new info line.
* tools/gpg-wks-server.c (get_policy_flags): New.
(process_new_key): get policy flag and add a stub for "auth-submit".
(command_list_domains): Check policy flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Add --policy-flags option to WKD_GET.
Werner Koch [Fri, 2 Sep 2016 14:52:17 +0000 (16:52 +0200)]
dirmngr: Add --policy-flags option to WKD_GET.

* dirmngr/server.c (cmd_wkd_get): Add new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Check read errors in name-value.c
Werner Koch [Fri, 2 Sep 2016 13:33:34 +0000 (15:33 +0200)]
common: Check read errors in name-value.c

* common/name-value.c: Check for read errors.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoscd: Release the card reader after card removal.
NIIBE Yutaka [Fri, 2 Sep 2016 05:45:26 +0000 (14:45 +0900)]
scd: Release the card reader after card removal.

* scd/command.c (update_reader_status_file): Call apdu_close_reader.

--

GnuPG-bug-id: 2651
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Clean up unused shutdown method.
NIIBE Yutaka [Fri, 2 Sep 2016 04:58:33 +0000 (13:58 +0900)]
scd: Clean up unused shutdown method.

* scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
(reset_ccid_reader): Don't set shutdown_reader.
* scd/ccid-driver.c (ccid_shutdown_reader): Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoagent: invoke scdaemon with --homedir.
NIIBE Yutaka [Fri, 2 Sep 2016 04:41:19 +0000 (13:41 +0900)]
agent: invoke scdaemon with --homedir.

* agent/call-scd.c (start_scd): Supply --homedir option when it's not
default homedir.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agopo: Update Japanese translation.
NIIBE Yutaka [Fri, 2 Sep 2016 01:08:02 +0000 (10:08 +0900)]
po: Update Japanese translation.

2 years agog10: End transaction earlier.
Neal H. Walfield [Thu, 1 Sep 2016 21:31:53 +0000 (23:31 +0200)]
g10: End transaction earlier.

* g10/tofu.c (ask_about_binding): End the transaction earlier.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Don't consider cross-signed keys to be in conflict.
Neal H. Walfield [Thu, 1 Sep 2016 21:31:18 +0000 (23:31 +0200)]
g10: Don't consider cross-signed keys to be in conflict.

* g10/tofu.c (cross_sigs): New function.
(ask_about_binding): If apparently conflicting keys are cross signed,
then don't mark them as conflicting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
If two keys are cross signed, then the same person (probably)
controlled them both.  In this case, don't raise a TOFU conflict.
This usually occurs when someone transitions to a new key.  When that
person rotates to a third key, she will typically only cross sign it
with the second key.  As such, we check this transitively to avoid
declaring a conflict between the 1st and 3rd key.

2 years agogpg: Avoid homedir creation by --list-config
Werner Koch [Thu, 1 Sep 2016 17:22:48 +0000 (19:22 +0200)]
gpg: Avoid homedir creation by --list-config

* g10/gpg.c (main): Do not register a key for the list config
commands.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Simplify code to print VALIDSIG.
Werner Koch [Thu, 1 Sep 2016 14:34:08 +0000 (16:34 +0200)]
gpg: Simplify code to print VALIDSIG.

* g10/mainproc.c (check_sig_and_print): Use hexfingerprint and
write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Add new function write_status_printf.
Werner Koch [Thu, 1 Sep 2016 14:33:21 +0000 (16:33 +0200)]
gpg: Add new function write_status_printf.

* g10/cpr.c (write_status_printf): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Fix printing of pubkey algo in --verbose signature verify.
Werner Koch [Thu, 1 Sep 2016 14:00:06 +0000 (16:00 +0200)]
gpg: Fix printing of pubkey algo in --verbose signature verify.

* g10/sig-check.c (check_signature2): Replace arg PK by R_PK and
change the semantics.  Also clear the other R_ args on function entry,
use gpg_error() and change retturn type to gpg_error_t.
* g10/mainproc.c (do_check_sig): Add arg R_PK.
(list_node): Pass NULL for new arg.
(check_sig_and_print): Rework to make use of the returned PK.
--

The output

gpg: textmode signature, digest algorithm SHA256, key algorithm rsa2048

showed the pubkey algo of the primary key which was surprising.
Changed to print the algo of the subkey used for verification.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Fix typo.
Neal H. Walfield [Thu, 1 Sep 2016 12:31:55 +0000 (14:31 +0200)]
g10: Fix typo.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: When asking about a TOFU binding conflict, default to unknown.
Neal H. Walfield [Thu, 1 Sep 2016 12:31:31 +0000 (14:31 +0200)]
g10: When asking about a TOFU binding conflict, default to unknown.

* g10/tofu.c (ask_about_binding): Default to unknown.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Add support for TRUST_NEVER.
Neal H. Walfield [Thu, 1 Sep 2016 11:29:56 +0000 (13:29 +0200)]
g10: Add support for TRUST_NEVER.

* g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
returned by the TOFU trust model.
(do_we_trust_pre): Print a different message if TRUSTLEVEL is
TRUST_NEVER.
(check_signatures_trust): Improve comment.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Improve text.
Neal H. Walfield [Thu, 1 Sep 2016 11:17:54 +0000 (13:17 +0200)]
g10: Improve text.

* g10/tofu.c (show_statistics): Improve the text (key and user id, not
just key).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Remove unused parameter.
Neal H. Walfield [Thu, 1 Sep 2016 11:17:06 +0000 (13:17 +0200)]
g10: Remove unused parameter.

* g10/tofu.c (show_statistics): Remove unused parameter sig_exclude.
Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agogpg: Copy the correct digest for use by TOFU.
Werner Koch [Thu, 1 Sep 2016 10:41:27 +0000 (12:41 +0200)]
gpg: Copy the correct digest for use by TOFU.

* g10/mainproc.c (do_check_sig): Use the current digest algo.
--

Note that the digest context may have several algos enabled, which is
is case if keys with different hash preferences signed the data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Be careful to not be in a transaction during long operations
Neal H. Walfield [Thu, 1 Sep 2016 10:42:44 +0000 (12:42 +0200)]
g10: Be careful to not be in a transaction during long operations

* g10/tofu.c (begin_transaction): New parameter only_batch.  If set,
only start a batch transaction if there is none and one has been
requested.  Update callers.
(tofu_suspend_batch_transaction): New function.
(tofu_resume_batch_transaction): Likewise.
(ask_about_binding): Take a ctrl_t, not a tofu_dbs_t.  Update
callers.  Gather statistics within a transaction.  Suspend any batch
transaction when getting user input.
(get_trust): Take a ctrl_t, not a tofu_dbs_t.  Update callers.
Enclose in a transaction.
(tofu_get_validity): Use a batch transaction, not a normal
transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests: Run test requiring the network only in maintainer-mode.
Werner Koch [Thu, 1 Sep 2016 09:18:10 +0000 (11:18 +0200)]
tests: Run test requiring the network only in maintainer-mode.

* dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests.
(module_tests): Move t-dns-test to ...
(module_net_tests): here.
--

Debian-bug-id: 836259
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Send a final message to the user.
Werner Koch [Wed, 31 Aug 2016 16:54:09 +0000 (18:54 +0200)]
wks: Send a final message to the user.

* tools/gpg-wks-server.c (send_congratulation_message): New.
(check_and_publish): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Relax permission check for the top directory.
Werner Koch [Wed, 31 Aug 2016 14:39:55 +0000 (16:39 +0200)]
wks: Relax permission check for the top directory.

* tools/gpg-wks-server.c: Allow S_IXOTH for the top directory.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: On a TOFU conflict, show whether the uids are expired or revoked
Neal H. Walfield [Wed, 31 Aug 2016 15:52:50 +0000 (17:52 +0200)]
g10: On a TOFU conflict, show whether the uids are expired or revoked

* g10/tofu.c (struct signature_stats): Add fields is_expired and
is_revoked.
(signature_stats_prepend): Clear *stats when allocating it.
(ask_about_binding): Also show whether the user ids are expired or
revoked.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agodoc: Add a help text for tofu.conflict.
Neal H. Walfield [Wed, 31 Aug 2016 12:17:13 +0000 (14:17 +0200)]
doc: Add a help text for tofu.conflict.

* doc/help.txt (.gpg.tofu.conflict): New help text.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Always trust ultimately trusted keys.
Neal H. Walfield [Wed, 31 Aug 2016 11:53:36 +0000 (13:53 +0200)]
g10: Always trust ultimately trusted keys.

* g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately
trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Fix error detection.
Neal H. Walfield [Wed, 31 Aug 2016 10:11:58 +0000 (12:11 +0200)]
g10: Fix error detection.

* g10/tofu.c: first_seen == 0 is not an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 0f1f02ac
Regression-due-to: 45bb9a2a

2 years agog10: Update a key's TOFU policy in a transaction.
Neal H. Walfield [Wed, 31 Aug 2016 09:40:33 +0000 (11:40 +0200)]
g10: Update a key's TOFU policy in a transaction.

* g10/tofu.c (tofu_set_policy): Do the update in a transaction.
* g10/gpg.c (main): Do a TOFU policy update in a batch transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Fix the show old policy functionality when changing a TOFU policy.
Neal H. Walfield [Wed, 31 Aug 2016 09:39:35 +0000 (11:39 +0200)]
g10: Fix the show old policy functionality when changing a TOFU policy.

* g10/tofu.c (record_binding): Fix the show old policy functionality.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>