gnupg.git
21 months agogpgscm: Clean sweeped cells.
Justus Winter [Wed, 23 Nov 2016 11:35:15 +0000 (12:35 +0100)]
gpgscm: Clean sweeped cells.

* tests/gpgscm/scheme.c (gc): Zero typeflag and car of free cells.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpgscm: Fix initialization of 'sink'.
Justus Winter [Tue, 22 Nov 2016 13:49:27 +0000 (14:49 +0100)]
gpgscm: Fix initialization of 'sink'.

* tests/gpgscm/scheme.c (scheme_init_custom_alloc): Also initialize
cdr.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agog10: Avoid gratuitously loading a keyblock when it is already available
Neal H. Walfield [Wed, 23 Nov 2016 11:29:22 +0000 (12:29 +0100)]
g10: Avoid gratuitously loading a keyblock when it is already available

* g10/trust.c (get_validity): Add new, optional parameter KB.  Only
load the keyblock if KB is NULL.  Update callers.
(get_validity): Likewise.
* g10/trustdb.c (tdb_get_validity_core): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2812

21 months agog10: Use es_fopen instead of open.
Neal H. Walfield [Tue, 22 Nov 2016 16:12:38 +0000 (17:12 +0100)]
g10: Use es_fopen instead of open.

* g10/tofu.c: Don't include <utime.h>, <fcntl.h> or <unistd.h>.
(busy_handler): Replace use of open with es_fopen.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Thanks for Werner for pointing this out: es_fopen is more portable
than open.

21 months agog10: If the set of UTKs changes, invalidate any changed policies.
Neal H. Walfield [Tue, 22 Nov 2016 14:05:59 +0000 (15:05 +0100)]
g10: If the set of UTKs changes, invalidate any changed policies.

* g10/trustdb.c (tdb_utks): New function.
* g10/tofu.c (check_utks): New function.
(initdb): Call it.
* tests/openpgp/tofu.scm: Modify test to check the effective policy of
keys whose effective policy changes when we change the set of UTKs.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
If the set of ultimately trusted keys changes, then it is possible
that a binding's effective policy changes.  To deal with this, we
detect when the set of ultimately trusted keys changes and invalidate
all cached policies.

21 months agoscd: Fix receive buffer size.
NIIBE Yutaka [Tue, 22 Nov 2016 11:53:57 +0000 (20:53 +0900)]
scd: Fix receive buffer size.

* scd/apdu.c (send_le): Fix the size, adding two for status
bytes to Le.

--

This is long standing bug.  So far, Le was not exact value.
Since forthcoming change will introduce exact value of expected length
of response data, this change is needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
21 months agogpgscm: Refactor.
Justus Winter [Fri, 18 Nov 2016 11:51:00 +0000 (12:51 +0100)]
gpgscm: Refactor.

* tests/gpgscm/scheme.c (opexe_0): Reduce code duplication.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpgscm: Fix property lists.
Justus Winter [Thu, 17 Nov 2016 17:03:22 +0000 (18:03 +0100)]
gpgscm: Fix property lists.

* tests/gpgscm/opdefines.h (put, get): Check arguments.  Also rename
to 'set-symbol-property' and 'symbol-property', the names used by
Guile, because put and get are too unspecific.
* tests/gpgscm/scheme.c (hasprop): Only symbols have property lists.
(get_property): New function.
(set_property): Likewise.
(opexe_4): Use the new functions.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpgscm: Fix installation of error handler.
Justus Winter [Thu, 17 Nov 2016 14:47:26 +0000 (15:47 +0100)]
gpgscm: Fix installation of error handler.

* tests/gpgscm/ffi.scm: Set '*error-hook*' again so that the
interpreter will use our function.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpgscm: Use a static pool of cells for small integers.
Justus Winter [Wed, 16 Nov 2016 10:29:34 +0000 (11:29 +0100)]
gpgscm: Use a static pool of cells for small integers.

* tests/gpgscm/scheme-private.h (struct scheme): New fields for the
static integer cells.
* tests/gpgscm/scheme.c (_alloc_cellseg): New function.
(alloc_cellseg): Use the new function.
(MAX_SMALL_INTEGER): New macro.
(initialize_small_integers): New function.
(mk_small_integer): Likewise.
(mk_integer): Return a small integer if possible.
(_s_return): Do not free 'op' if it is a small integer.
(s_save): Use a small integer to box the opcode.
(scheme_init_custom_alloc): Initialize small integers.
(scheme_deinit): Free chunk of small integers.
* tests/gpgscm/scheme.h (USE_SMALL_INTEGERS): New macro.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agotests: Delay querying the avaliable algorithms.
Justus Winter [Thu, 17 Nov 2016 10:48:38 +0000 (11:48 +0100)]
tests: Delay querying the avaliable algorithms.

* tests/openpgp/defs.scm: Set verbosity earlier, turn 'all-*-algos'
into promises.
* tests/openpgp/conventional-mdc.scm: Force the promises.
* tests/openpgp/conventional.scm: Likewise.
* tests/openpgp/encrypt-dsa.scm: Likewise.
* tests/openpgp/encrypt.scm: Likewise.
* tests/openpgp/gpgtar.scm: Likewise.
* tests/openpgp/sigs.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agog10: Fix memory leak.
Justus Winter [Tue, 22 Nov 2016 11:07:55 +0000 (12:07 +0100)]
g10: Fix memory leak.

* g10/tofu.c (tofu_notice_key_changed): Remove spurious duplicate call
to 'hexfingerprint'.

Fixes-commit: 037f9de09298a31026ea2ab5fbd4a599b11cc34f
Signed-off-by: Justus Winter <justus@g10code.com>
21 months agog10: Cache the effective policy. Recompute it when required.
Neal H. Walfield [Mon, 21 Nov 2016 21:47:30 +0000 (22:47 +0100)]
g10: Cache the effective policy.  Recompute it when required.

* g10/tofu.c (initdb): Add column effective_policy to the bindings
table.
(record_binding): New parameters effective_policy and set_conflict.
Save the effective policy.  If SET_CONFLICT is set, then set conflict
according to CONFLICT.  Otherwise, preserve the current value of
conflict.  Update callers.
(get_trust): Don't compute the effective policy here...
(get_policy): ... do it here, if it was not cached.  Take new
parameters, PK, the public key, and NOW, the time that the operation
started.  Update callers.
(show_statistics): New parameter PK.  Pass it to get_policy.  Update
callers.
(tofu_notice_key_changed): New function.
* g10/gpgv.c (tofu_notice_key_changed): New stub.
* g10/import.c (import_revoke_cert): Take additional argument CTRL.
Pass it to keydb_update_keyblock.
* g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL.
Update callers.
[USE_TOFU]: Call tofu_notice_key_changed.
* g10/test-stubs.c (tofu_notice_key_changed): New stub.
* tests/openpgp/tofu.scm: Assume that manually setting a binding's
policy to auto does not cause the tofu engine to forget about any
conflict.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
We now store the computed policy in the tofu DB (in the
effective_policy column of the bindings table) to avoid computing it
every time, which is expensive.  Further, policy is never overridden
in case of a conflict.  Instead, we detect a conflict if CONFLICT is
not empty.

This change is backwards compatible to existing DBs.  The only minor
incompatibility is that unresolved conflicts won't be automatically
resolved in case we import a direct signature, or cross signatures.

21 months agog10: Correctly parameterize ngettext.
Neal H. Walfield [Mon, 21 Nov 2016 20:22:02 +0000 (21:22 +0100)]
g10: Correctly parameterize ngettext.

* g10/tofu.c (ask_about_binding): Correctly parameterize ngettext.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
21 months agog10: Don't use the same variable for multiple SQL compiled statements
Neal H. Walfield [Mon, 21 Nov 2016 20:13:15 +0000 (21:13 +0100)]
g10: Don't use the same variable for multiple SQL compiled statements

* g10/tofu.c (struct tofu_dbs_s): Remove unused field
record_binding_update2.  Replace register_insert with
register_signature and register_encryption.
(tofu_register_signature): Don't use dbs->s.register_insert, but
dbs->s.register_signature.
(tofu_register_encryption): Don't use dbs->s.register_insert, but
dbs->s.register_encryption.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
21 months agog10: Add a convenience function for checking if a key is a primary key
Neal H. Walfield [Mon, 21 Nov 2016 15:19:32 +0000 (16:19 +0100)]
g10: Add a convenience function for checking if a key is a primary key

* g10/keydb.h (pk_is_primary): New function.
* g10/tofu.c (get_trust): Use it.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.
(tofu_set_policy): Likewise.
(tofu_get_policy): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
21 months agobuild: Add repo-only maintainer script append-signature.sh.
Werner Koch [Mon, 21 Nov 2016 10:51:00 +0000 (11:51 +0100)]
build: Add repo-only maintainer script append-signature.sh.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agodoc: Clarify dirmngr --homedir option.
Daniel Kahn Gillmor [Mon, 21 Nov 2016 02:35:13 +0000 (21:35 -0500)]
doc: Clarify dirmngr --homedir option.

--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
21 months agodoc: Ship example gpg-agent-browser.socket in examples/systemd-user/.
Daniel Kahn Gillmor [Mon, 21 Nov 2016 06:06:19 +0000 (01:06 -0500)]
doc: Ship example gpg-agent-browser.socket in examples/systemd-user/.

* doc/Makefile.am: Ship gpg-agent-browser.socket alongside the other
systemd user service example files.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
21 months agoagent: Fix npth + daemon mode problem.
NIIBE Yutaka [Mon, 21 Nov 2016 02:18:33 +0000 (11:18 +0900)]
agent: Fix npth + daemon mode problem.

* agent/gpg-agent.c (main): Remove duplicated initialization in daemon
mode.

--
The commit f57dc2b1e6f28d164f882373535dbcb0d632ca17 fixes a part of
problem (for missing initialization of supervised mode).  It was
actually put in wrong place.

Fixes-commit: 9f92b62a51d2d60f038fdbe01602865c5933fa95
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agoPost release updates.
Werner Koch [Fri, 18 Nov 2016 20:50:34 +0000 (21:50 +0100)]
Post release updates.

--

22 months agoRelease 2.1.16 gnupg-2.1.16
Werner Koch [Fri, 18 Nov 2016 15:52:04 +0000 (16:52 +0100)]
Release 2.1.16

22 months agopo: Auto-update
Werner Koch [Fri, 18 Nov 2016 14:45:05 +0000 (15:45 +0100)]
po: Auto-update

--

22 months agopo: Update the German translation
Werner Koch [Fri, 18 Nov 2016 14:42:43 +0000 (15:42 +0100)]
po: Update the German translation

--

Note that the TOFU related strings are updated because more changes
are expected after the next release.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agopo: Update Russian translation.
Ineiev [Wed, 16 Nov 2016 15:06:00 +0000 (15:06 +0000)]
po: Update Russian translation.

22 months agog10: Fix flags to open for lock of ToFU.
NIIBE Yutaka [Fri, 18 Nov 2016 11:32:22 +0000 (20:32 +0900)]
g10: Fix flags to open for lock of ToFU.

* g10/tofu.c (busy_handler): Fix the flags and utime is not needed.

--

The argument flags must include one of O_RDONLY, O_WRONLY, or O_RDWR.
Adding O_TRUNC, the file is updated.  So, utime is not needed.

Fixes-commit: b2e1b17efa952afcf7aeec8b15e9d0088dba587a
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agodirmngr: Use a longer timer tick interval.
Werner Koch [Fri, 18 Nov 2016 07:28:15 +0000 (08:28 +0100)]
dirmngr: Use a longer timer tick interval.

* dirmngr/dirmngr.c (TIMERTICK_INTERVAL): Always use 60 seconds like
we did for WindowsCE.
--

Given that the timer tick is only used for housekeeping tasks and
these are done every 10 minutes, it makes no sense to use 2 seconds.
The minor drawback is tha the housekeeping may be delayed by one
minute.

NB: For the purpose of power saving, we already make sure that the
process wakes up at the full second so that it is synchronized to the
wakeup time of other processes.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agodirmngr: More w32 system daemon cleanup
Daniel Kahn Gillmor [Tue, 1 Nov 2016 00:33:02 +0000 (20:33 -0400)]
dirmngr: More w32 system daemon cleanup

* dirmngr/dirmngr.c (handle_tick): Remove w32 tests for
shutdown_pending; no longer needed.

--

In d83ba4897bf217d1045c58d1b99e52bd31c58812, we removed the
Windows-specific system daemon features, where shutdown_pending was
set from w32_service_control().  shutdown_pending is now never
assigned outside of handle_signal() or within an inotify test, neither
of which are available on w32.

As a result, this stanza in handle_tick() should be dead code, and can
be removed to keep things simple.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
s/win32/w32/ to please RMS ;-)  -wk

22 months agog10: Fix creating a lock for ToFU.
NIIBE Yutaka [Fri, 18 Nov 2016 00:32:34 +0000 (09:32 +0900)]
g10: Fix creating a lock for ToFU.

* g10/tofu.c (busy_handler): Add third argument which is mandatory for
O_CREATE flag.

--

Reported-by: Kristian Fiskerstrand
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agoscd: Don't limit to ST-2xxx for PC/SC.
NIIBE Yutaka [Thu, 17 Nov 2016 23:54:04 +0000 (08:54 +0900)]
scd: Don't limit to ST-2xxx for PC/SC.

* scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.

--

Some other products by Cherry works with pinpad, although it only works
for smaller keys (RSA 1024).  TPDU support is good for larger keys.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agodirmngr: Use a default keyserver if none is explicitly set
Daniel Kahn Gillmor [Thu, 27 Oct 2016 22:30:59 +0000 (18:30 -0400)]
dirmngr: Use a default keyserver if none is explicitly set

* configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
* dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
* doc/dirmngr.texi: Document this behavior.

--

A user who doesn't specify a keyserver, but asks gnupg to fetch a key
currently just gets a simple error messages "No keyserver available".

If the user is asking to contact a keyserver, we should have a
reasonable default, and not require them to fiddle with settings when
they might not know what settings to choose.  This patch makes the
default hkps://hkps.pool.sks-keyservers.net.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
22 months agodirmngr: Add system CAs if no hkp-cacert is given
Daniel Kahn Gillmor [Thu, 27 Oct 2016 22:30:58 +0000 (18:30 -0400)]
dirmngr: Add system CAs if no hkp-cacert is given

* dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
the HKPS pool, and they have not specified any hkp-cacert, then we
should default to the system CAs, rather than nothing.
* doc/dirmngr.texi: Document choice of CAs.

--

Consider three possible classes of dirmngr configuration:

 a) no hkps:// keyserver URLs at all (communication with keyservers is
    entirely in the clear)

 b) hkps:// keyserver URLs, but no hkp-cacert directives

 c) hkps:// keyserver URLs, and at least one hkp-cacert directive

class (a) provides no confidentiality of requests.

class (b) currently will never work because the server certificate
cannot be validated.

class (c) is currently supported as intended.

This patch allows users with configurations in class (b) to work as
most users expect (relying on the system certificate authorities),
without affecting users in classes (a) or (c).

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
o minor indentation fix
  - wk

22 months agodirmngr: Register hkp-cacert even if the file doesn't exist yet
Daniel Kahn Gillmor [Thu, 27 Oct 2016 22:30:57 +0000 (18:30 -0400)]
dirmngr: Register hkp-cacert even if the file doesn't exist yet

* dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
an argument for hkp-cacert into an absolute filename, terminate
completely.
* dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
immediately accessible, but register it anyway.

--

Without this changeset, the condition of the filesystem when dirmngr
is initialized will have an effect on later activities of dirmngr.

For example, if a file identified by a hkp-cacert directive doesn't
exist when dirmngr starts, dirmngr will behave as though it simply
didn't have the hkp-cacert directive set at all, even if the file
should appear later.

dirmngr currently behaves differently if no hkp-cacert directives have
been set then it does when at least one hkp-cacert directive has been
set.  For example, its choice of CA cert for
hkps://hkps.pool.sks-keyservers.net depends on whether a TLS CA file
has been registered.  That behavior shouldn't additionally depend on
the state of the filesystem at the time of dirmngr launch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
22 months agodoc: Typo fixes.
Werner Koch [Thu, 17 Nov 2016 09:46:43 +0000 (10:46 +0100)]
doc: Typo fixes.

--

Reported-by: Nathan Musoke <nathan.musoke@gmail.com>
22 months agogpgscm: Re-enable the garbage collector in case of errors.
Justus Winter [Thu, 17 Nov 2016 10:58:34 +0000 (11:58 +0100)]
gpgscm: Re-enable the garbage collector in case of errors.

* tests/gpgscm/scheme.c (opexe_0): Enable gc before calling 'Error_1'.

Fixes-commit: 83c184a66b73f312425b01008f0495610e5329a4
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Fix string.
Justus Winter [Wed, 16 Nov 2016 08:26:37 +0000 (09:26 +0100)]
gpgscm: Fix string.

* tests/gpgscm/scheme.c (type_to_string): Fix string.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agodirmngr: Auto-sownload the swdb.lst
Werner Koch [Thu, 17 Nov 2016 09:14:14 +0000 (10:14 +0100)]
dirmngr: Auto-sownload the swdb.lst

* dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
* dirmngr/dirmngr.c (oAllowVersionCheck): New.
(opts): Add --allow-version-check.
(network_activity_seen): New variable.
(parse_rereadable_options): Set opt.allow_version_check.
(main) <aGPGConfList>: Do not anymore set the no change flag for
Windows.  Add allow-version-check.
(netactivity_action): Set network_activity_seen.
(housekeeping_thread): Call dirmngr_load_swdb.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
Make "use-tor" available at Basic level.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agodirmngr: Improve downloading of swdb.lst.
Werner Koch [Thu, 17 Nov 2016 09:07:11 +0000 (10:07 +0100)]
dirmngr: Improve downloading of swdb.lst.

* dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified"
timestamp.
(dirmngr_load_swdb): Avoid unnecessary disk or network access witout
FORCE.  Do not update swdb.lst if it did not change.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpgconf: Change the displayed names of the components.
Werner Koch [Thu, 17 Nov 2016 08:56:32 +0000 (09:56 +0100)]
gpgconf: Change the displayed names of the components.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agodirmngr: Add command to only load the swdb.
Werner Koch [Wed, 16 Nov 2016 20:22:39 +0000 (21:22 +0100)]
dirmngr: Add command to only load the swdb.

* dirmngr/loadswdb.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add that file.
* dirmngr/server.c: Remove includes cpparray.h and exectool.h.
(cmd_loadswdb): New.
(parse_version_number,parse_version_string): Remove.
(my_mktmpdir, cmp_version): Remove.
(fetch_into_tmpdir): Remove.
(struct verify_swdb_parm_s): Remove.
(verify_swdb_status_cb): Remove.
(cmd_versioncheck): Remove.
(register_commands): Register LOADSWDB.  Remove VERSIONCHECK.
--

This change is required to to the new design where gpgconf does the
version check w/o network access and only dirmngr is responsible for
getting the swdb.

In the next installment the loading will be triggered as needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agoscd,dirmngr: Keep the standard fds when daemonizing.
Werner Koch [Wed, 16 Nov 2016 20:17:47 +0000 (21:17 +0100)]
scd,dirmngr: Keep the standard fds when daemonizing.

* dirmngr/dirmngr.c (main): Before calling setsid do not close the
standard fds but connect them to /dev/null.
* scd/scdaemon.c (main): Ditto.  Noet that the old test for a log
stream was even reverted.

--

Note that this was fixed for gpg-agent 10 years ago on 2006-11-09.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agocommon: Rename keybox_file_rename to gnupg_rename_file.
Werner Koch [Wed, 16 Nov 2016 16:43:59 +0000 (17:43 +0100)]
common: Rename keybox_file_rename to gnupg_rename_file.

* kbx/keybox-util.c (keybox_file_rename): Rename to ...
* common/sysutils.c (gnupg_rename_file): this.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agowks: Always build gpg-wks-client.
Werner Koch [Wed, 16 Nov 2016 11:48:27 +0000 (12:48 +0100)]
wks: Always build gpg-wks-client.

* tools/Makefile.am (gpg_wks_client): Remove macro.
(libexec_PROGRAMS): Add gpg-wks-client.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpg: New option --override-session-key-fd.
Werner Koch [Wed, 16 Nov 2016 08:02:53 +0000 (09:02 +0100)]
gpg: New option --override-session-key-fd.

* g10/gpg.c (oOverrideSessionKeyFD): New.
(opts): Add option --override-session-key-fd.
(main): Handle that option.
(read_sessionkey_from_fd): New.
--

The override-session-key feature was designed to mitigate the effect
of the British RIP act by allowing to keep the private key private and
hand out only a session key.  For that use case the leaking of the
session key would not be a problem.  However there are other use
cases, for example fast re-decryption after an initial decryption,
which would benefit from concealing the session key from other users.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpgv: New option --enable-special-filenames.
Werner Koch [Tue, 15 Nov 2016 19:11:40 +0000 (20:11 +0100)]
gpgv: New option --enable-special-filenames.

* g10/gpgv.c (oEnableSpecialFilenames): New.
(opts): Add option --enable-special-filenames.
(main): Implement that option.
--

This is the same option we have in gpg.  It allows to use commands
like

 gpgv --enable-special-filenames -- '-&3' - <msg 3<msg.sig

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpg: Add new compliance mode "de-vs".
Werner Koch [Tue, 15 Nov 2016 16:50:03 +0000 (17:50 +0100)]
gpg: Add new compliance mode "de-vs".

* g10/options.h (CO_DE_VS): New.
(GNUPG): Also allow CO_DE_VS.
* g10/gpg.c (oDE_VS): New.
(parse_compliance_option): Add "de-vs".
(set_compliance_option): Set "de-vs".
* g10/misc.c (compliance_option_string): Return a description string.
(compliance_failure): Ditto.
* g10/keygen.c (ask_algo): Take care of CO_DE_VS.
(get_keysize_range): Ditto.
(ask_curve): Add new field to CURVES and trun flags into bit flags.
Allow only Brainpool curves in CO_DE_VS mode.
--

As of now this compliance mode only restricts the set of algorithms
and curves which can be created.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agodoc: Add comment to make clear that KBNODE is deprecated.
Werner Koch [Tue, 15 Nov 2016 15:29:08 +0000 (16:29 +0100)]
doc: Add comment to make clear that KBNODE is deprecated.

--

kbnode_t has replaced KBNODE for new code years ago, but that should
be documented.  No bulk changes please to keep git blame easy to read.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpg: Use usual free semantics for packet structure free functions.
Werner Koch [Tue, 15 Nov 2016 15:23:41 +0000 (16:23 +0100)]
gpg: Use usual free semantics for packet structure free functions.

* g10/free-packet.c (free_attributes): Turn function into a nop for a
NULL arg.
(free_user_id): Ditto.
(free_compressed): Ditto.
(free_encrypted): Ditto.
(free_plaintext): Ditto.
(release_public_key_parts): Avoid extra check for NULL.
* g10/getkey.c (get_best_pubkey_byname): Ditto.
--

This change avoid surprises because it is common that function named
like free and taking a pointer also have similar semantics.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agog10: Optimize key iteration.
Justus Winter [Tue, 15 Nov 2016 14:33:09 +0000 (15:33 +0100)]
g10: Optimize key iteration.

* g10/getkey.c (get_best_pubkey_byname): Use the node returned by
'getkey_next' instead of doing another lookup.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agog10: Fix memory leak.
Justus Winter [Tue, 15 Nov 2016 14:11:39 +0000 (15:11 +0100)]
g10: Fix memory leak.

* g10/getkey.c (finish_lookup): Clarify that we do not return a
reference.
(lookup): Clarify the relation between RET_KEYBLOCK and RET_FOUND_KEY.
Check arguments.  Actually release the node if it is not returned.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agog10: Fix iteration over getkey results.
Justus Winter [Tue, 15 Nov 2016 14:08:54 +0000 (15:08 +0100)]
g10: Fix iteration over getkey results.

* g10/getkey.c (getkey_next): Fix invocation of 'lookup'.  If we want
to use RET_FOUND_KEY, RET_KEYBLOCK must be valid.

Fixes-commit: 8ea72a776a88f3c851e812d258355be80caa1bc1
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agog10: Fix use-after-free.
Justus Winter [Tue, 15 Nov 2016 14:06:28 +0000 (15:06 +0100)]
g10: Fix use-after-free.

* g10/getkey.c (pubkey_cmp): Make a copy of the user id.
(get_best_pubkey_byname): Free the user ids.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agosm: New stub option --compliance.
Werner Koch [Tue, 15 Nov 2016 12:13:14 +0000 (13:13 +0100)]
sm: New stub option --compliance.

* sm/gpgsm.c (oCompliance): New.
(opts): Add "--compliance".
(main): Implement as stub.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agog10: Fix memory leak.
NIIBE Yutaka [Tue, 15 Nov 2016 12:10:51 +0000 (21:10 +0900)]
g10: Fix memory leak.

* g10/keyedit.c (menu_adduid): Don't copy 'sig'.

--

Fixes-commit: 809d67e74014cb563efd965744fd11f87bbae743
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agogpg: New option --compliance.
Werner Koch [Tue, 15 Nov 2016 12:03:29 +0000 (13:03 +0100)]
gpg: New option --compliance.

* g10/gpg.c (oCompliance): New.
(opts): Add "--compliance".
(parse_tofu_policy): Use a generic description string for "help".
(parse_compliance_option): New.
(main): Add option oCompliance.  Factor out code for compliance
setting to ...
(set_compliance_option): new.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agog10: Fix memory leak.
Justus Winter [Tue, 15 Nov 2016 10:46:40 +0000 (11:46 +0100)]
g10: Fix memory leak.

* g10/keyedit.c (menu_adduid): Deallocate 'sig'.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Mark cells requiring finalization.
Justus Winter [Tue, 15 Nov 2016 10:03:30 +0000 (11:03 +0100)]
gpgscm: Mark cells requiring finalization.

* tests/gpgscm/scheme.c (T_FINALIZE): New macro.
(mk_port): Use the new macro.
(mk_foreign_object): Likewise.
(mk_counted_string): Likewise.
(mk_empty_string): Likewise.
(gc): Only call 'finalize_cell' for cells with the new flag.
--

This speeds up the sweep phase of the garbage collector considerably
because most cells do not require finalization.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Recover more cells.
Justus Winter [Tue, 15 Nov 2016 10:07:57 +0000 (11:07 +0100)]
gpgscm: Recover more cells.

* tests/gpgscm/scheme.c (_s_return): Recover the cell holding the
opcode.

Fixes-commit: e0cbd3389e2dd6ec19ee3a4c7bad81fa0f1907f5
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agog10: Fix memory leak.
Justus Winter [Mon, 14 Nov 2016 16:33:18 +0000 (17:33 +0100)]
g10: Fix memory leak.

* g10/mainproc.c (check_sig_and_print): Free 'pk'.

Fixes-commit: 37e3c897252babc203447be9d2f286a4507875ad
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Avoid cell allocation overhead.
Justus Winter [Mon, 14 Nov 2016 11:37:36 +0000 (12:37 +0100)]
gpgscm: Avoid cell allocation overhead.

* tests/gpgscm/scheme-private.h (struct scheme): New fields
'inhibit_gc', 'reserved_cells', and 'reserved_lineno'.
* tests/gpgscm/scheme.c (GC_ENABLED): New macro.
(USE_GC_LOCKING): Likewise.
(gc_reservations): Likewise.
(gc_reservation_failure): New function.
(_gc_disable): Likewise.
(gc_disable): New macro.
(gc_enable): Likewise.
(gc_enabled): Likewise.
(gc_consume): Likewise.
(get_cell_x): Consume reserved cell if garbage collection is disabled.
(_get_cell): Assert that gc is enabled.
(get_cell): Only record cell in the list of recently allocated cells
if gc is enabled.
(get_vector_object): Likewise.
(gc): Assert that gc is enabled.
(s_return): Add comment, adjust call to '_s_return'.
(s_return_enable_gc): New macro.
(_s_return): Add flag 'enable_gc' and re-enable gc if set.
(oblist_add_by_name): Use the new facilities to protect the
allocations.
(new_frame_in_env): Likewise.
(new_slot_spec_in_env): Likewise.
(s_save): Likewise.
(opexe_0): Likewise.
(opexe_1): Likewise.
(opexe_2): Likewise.
(opexe_5): Likewise.
(opexe_6): Likewise.
(scheme_init_custom_alloc): Initialize the new fields.
--

Every time a cell is allocated, the interpreter may run out of free
cells and do a garbage collection.  This is problematic because it
might garbage collect objects that have been allocated, but are not
yet made available to the interpreter.

Previously, we would plug such newly allocated cells into the list of
newly allocated objects rooted at car(sc->sink), but that requires
allocating yet another cell increasing pressure on the memory
management system.

A faster alternative is to preallocate the cells needed for an
operation and make sure the garbage collection is not run until all
allocated objects are plugged in.  This can be done with gc_disable
and gc_enable.

This optimization can be applied incrementally.  This commit picks all
low-hanging fruits.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agoscd: Fix status info encoding.
NIIBE Yutaka [Mon, 14 Nov 2016 01:25:43 +0000 (10:25 +0900)]
scd: Fix status info encoding.

* scd/command.c (send_status_info): Do percent plus encoding correctly.

--

Reported-by: David Härdeman <david@hardeman.nu>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agoagent: Improve concurrency when Libgcrypt 1.8 is used.
Werner Koch [Sat, 12 Nov 2016 10:02:48 +0000 (11:02 +0100)]
agent: Improve concurrency when Libgcrypt 1.8 is used.

* agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
system call clamp.
(agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
enough.
--

This patch prepares for a feature comming with Libgcrypt 1.8.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agoagent: Kludge to mitigate blocking calls in Libgcrypt.
Werner Koch [Fri, 11 Nov 2016 19:35:36 +0000 (20:35 +0100)]
agent: Kludge to mitigate blocking calls in Libgcrypt.

* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
"need_entropy".
--

During key generation Libgrypt will read from /dev/random which may
block.  Libgcrypt is not nPth aware and thus the entire process will
block.  Fortunately there is also a select with a short timeout to run
the progress callback.  We detect this in gpg-agent and introduce a
short delay to give other threads (i.e. connections) an opportunity to
run.

This alone is not sufficient, an updated Libgpg-error is also required
to make the lock functions nPth aware.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agodirmngr: Prepare to trigger jobs by network activity.
Werner Koch [Fri, 11 Nov 2016 16:30:23 +0000 (17:30 +0100)]
dirmngr: Prepare to trigger jobs by network activity.

* dirmngr/http.c (netactivity_cb): New.
(http_register_netactivity_cb): New.
(notify_netactivity): New.
(connect_server): Call that function.
* dirmngr/dirmngr.c (main): Call http_register_netactivity_cb.
(netactivity_action): New stub handler.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agodoc: Include config examples for socket-activated user services.
Daniel Kahn Gillmor [Thu, 27 Oct 2016 18:19:18 +0000 (14:19 -0400)]
doc: Include config examples for socket-activated user services.

--

These configuration files and instructions enable clean and simple
daemon supervision on machines that run systemd.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Removed the detailed ChangeLog entry because that is not needed for
  doc changes.
- Added an entry to doc/examples/README.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agoagent: Clean up comments.
Daniel Kahn Gillmor [Thu, 10 Nov 2016 13:17:17 +0000 (07:17 -0600)]
agent: Clean up comments.

* agent/agent.h: Clean up comments.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
22 months agodoc: Clarify dirmngr option --daemon.
Werner Koch [Fri, 11 Nov 2016 07:25:04 +0000 (08:25 +0100)]
doc: Clarify dirmngr option --daemon.

--

With commit d83ba4897bf217d1045c58d1b99e52bd31c58812 all system daemon
features have been removed and thus this should be reflected in the
man page.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.
Werner Koch [Thu, 10 Nov 2016 16:01:19 +0000 (17:01 +0100)]
gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.

* g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
file-global.  Write a STATUS_ERROR.
(maybe_create_keyring_or_box): Check for non-accessible but existant
file.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.
* sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
and make file-global.  Write a STATUS_ERROR.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.  Also add new arg CTRL and change
all callers to pass it down.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agosm: Remove unused arg SECRET from keydb functions.
Werner Koch [Thu, 10 Nov 2016 14:38:14 +0000 (15:38 +0100)]
sm: Remove unused arg SECRET from keydb functions.

* sm/keydb.c (struct resource_item): Remove field 'secret'.
(keydb_add_resource): Remove arg 'secret' and change all callers.
(keydb_new): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpgscm: Recover cells from the list of recently allocated cells.
Justus Winter [Thu, 10 Nov 2016 13:47:00 +0000 (14:47 +0100)]
gpgscm: Recover cells from the list of recently allocated cells.

* tests/gpgscm/scheme.c (ok_to_freely_gc): Recover cells.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Recover cells used to maintain interpreter state.
Justus Winter [Thu, 10 Nov 2016 13:02:11 +0000 (14:02 +0100)]
gpgscm: Recover cells used to maintain interpreter state.

* tests/gpgscm/scheme.c (free_cell): New function.
(free_cons): Likewise.
(_s_return): Use the new function to recover cells used to save the
state of the interpreter in 's_save'.  This reduces the need to do a
garbage collection considerably.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Reduce opcode dispatch overhead.
Justus Winter [Thu, 10 Nov 2016 10:47:08 +0000 (11:47 +0100)]
gpgscm: Reduce opcode dispatch overhead.

* tests/gpgscm/scheme.c (s_thread_to): New macro.
(CASE): Likewise.
(opexe_[0-6]): Use 'CASE' instead of 'case' statements, replace
's_goto' with 's_thread_to' where applicable.
--

This is a straight-forward optimization that replaces 's_goto' in
certain cases.  Instead of returning to the calling function, and
dispatching the next opcode, we can jump to the opcode handler.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Make the compile-hook configurable.
Justus Winter [Wed, 9 Nov 2016 12:34:54 +0000 (13:34 +0100)]
gpgscm: Make the compile-hook configurable.

* tests/gpgscm/scheme-private.h (struct scheme): Make field
'COMPILE_HOOK' optional.
* tests/gpgscm/scheme.c (opexe_0): Fix guard.
(scheme_init_custom_alloc): Conditionally initialize 'COMPILE_HOOK'.
* tests/gpgscm/scheme.h (USE_COMPILE_HOOK): Define to 1 by default.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Drop obsolete commented-out code.
Justus Winter [Tue, 8 Nov 2016 17:35:42 +0000 (18:35 +0100)]
gpgscm: Drop obsolete commented-out code.

* tests/gpgscm/scheme.c (opexe_5): Drop obsolete code.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Remove dubious stack implementation.
Justus Winter [Tue, 8 Nov 2016 17:08:42 +0000 (18:08 +0100)]
gpgscm: Remove dubious stack implementation.

* tests/gpgscm/scheme-private.h (struct scheme): Remove related fields.
* tests/gpgscm/scheme.c: Drop all !USE_SCHEME_STACK code.
* tests/gpgscm/scheme.h (USE_SCHEME_STACK): Remove macro.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Improve error message for --quick-gen-key.
Werner Koch [Thu, 10 Nov 2016 11:18:33 +0000 (12:18 +0100)]
gpg: Improve error message for --quick-gen-key.

* g10/keygen.c (parse_algo_usage_expire): Use a different error
message for an unknown algorithm name.
--

GnuPG-bug-id: 2832
Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agodirmngr: Improve concurrency in the non-adns case.
Werner Koch [Thu, 10 Nov 2016 10:38:42 +0000 (11:38 +0100)]
dirmngr: Improve concurrency in the non-adns case.

* dirmngr/dns-stuff.c (map_adns_status_to_gpg_error): New.
(resolve_name_adns, get_dns_cert, get_dns_cname): Use that function.
(getsrv) [!USE_ADNS]: Call res_query outside of nPth.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agotests: Fix environment setup.
Justus Winter [Tue, 8 Nov 2016 15:15:32 +0000 (16:15 +0100)]
tests: Fix environment setup.

* tests/openpgp/defs.scm (setup-legacy-environment): Do not call
'setup-environment' because that will start the agent, and hence
register the atexit function twice.

Fixes: a55393cb5f4b331cb3a715c7d9a8b91f7606f337
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agotests: Log and display output from tests when run in parallel.
Justus Winter [Tue, 8 Nov 2016 14:54:56 +0000 (15:54 +0100)]
tests: Log and display output from tests when run in parallel.

* tests/openpgp/run-tests.scm (test): Add field 'logfd'.
(test::new, test::set-*): Adapt accordingly.
(test::set-logfd): New function.
(test::open-log-file): Likewise.
(test::run-sync): Use the new function.
(test::run-async): Likewise.
(test::report): Replay the log.
(run-tests-parallel): Reverse the results to restore the original
order.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agotests: Simplify test.
Justus Winter [Tue, 8 Nov 2016 14:38:17 +0000 (15:38 +0100)]
tests: Simplify test.

* tests/openpgp/issue2417.scm: Simplify.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Expose seek and associated constants.
Justus Winter [Tue, 8 Nov 2016 14:11:12 +0000 (15:11 +0100)]
gpgscm: Expose seek and associated constants.

* tests/gpgscm/ffi.c (do_seek): New function.
(ffi_init): Expose 'seek' and 'SEEK_{SET,CUR,END}'.
* tests/gpgscm/lib.scm: Document the new function.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Fix error message.
Justus Winter [Tue, 8 Nov 2016 13:47:43 +0000 (14:47 +0100)]
gpgscm: Fix error message.

* tests/gpgscm/ffi.c (do_wait_processes): Fix and improve error
messages.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agotests,w32: Make cleanup more robust.
Justus Winter [Tue, 8 Nov 2016 13:11:23 +0000 (14:11 +0100)]
tests,w32: Make cleanup more robust.

* tests/openpgp/run-tests.scm (run-tests-parallel): Catch errors when
removing the working directory.  On Windows this can fail if there is
still a process using one of the files there.
(run-tests-sequential): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agocommon,w32: Simplify locking.
Justus Winter [Tue, 8 Nov 2016 13:05:46 +0000 (14:05 +0100)]
common,w32: Simplify locking.

* common/asshelp.c (lock_spawning): Use the same code on Windows that
we use on all other platforms.
(unlock_spawning): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agotests: Write a log file for each test.
Justus Winter [Mon, 7 Nov 2016 16:44:34 +0000 (17:44 +0100)]
tests: Write a log file for each test.

* tests/openpgp/Makefile.am (CLEANFILES): Delete logs.
* tests/openpgp/run-tests.scm (test::run-sync): Write logs.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Generalize splice to write to multiple sinks.
Justus Winter [Mon, 7 Nov 2016 16:40:43 +0000 (17:40 +0100)]
gpgscm: Generalize splice to write to multiple sinks.

* tests/gpgscm/ffi.c (ordinal_suffix): New function.
(do_splice): Generalize splice to write to multiple sinks.
* tests/gpgscm/lib.scm (splice): Document this fact.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Drop 'len' argument from splice.
Justus Winter [Mon, 7 Nov 2016 15:59:15 +0000 (16:59 +0100)]
gpgscm: Drop 'len' argument from splice.

* tests/gpgscm/ffi.c (do_splice): Drop 'len' argument, no-one uses it.
* tests/gpgscm/lib.scm (splice): Document foreign function.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agotests: Move environment creation and teardown into each test.
Justus Winter [Mon, 7 Nov 2016 15:21:21 +0000 (16:21 +0100)]
tests: Move environment creation and teardown into each test.

* tests/gpgscm/tests.scm (log): New function.
* tests/openpgp/run-tests.scm (run-tests-parallel): Do not run the
startup and teardown scripts.
(run-tests-sequential): Likewise.
* tests/openpgp/setup.scm: Move all functions...
* tests/openpgp/defs.scm: ... here and make them less verbose.
(setup-environment): New function.
(setup-legacy-environment): Likewise.
(start-agent): Make less verbose, run 'stop-agent' at interpreter
exit.
(stop-agent): Make less verbose.
* tests/openpgp/finish.scm: Drop file.
* tests/openpgp/Makefile.am (EXTRA_DIST): Drop removed file.
* tests/openpgp/4gb-packet.scm: Use 'setup-environment' or
'setup-legacy-environment' as appropriate.
* tests/openpgp/armdetach.scm: Likewise.
* tests/openpgp/armdetachm.scm: Likewise.
* tests/openpgp/armencrypt.scm: Likewise.
* tests/openpgp/armencryptp.scm: Likewise.
* tests/openpgp/armor.scm: Likewise.
* tests/openpgp/armsignencrypt.scm: Likewise.
* tests/openpgp/armsigs.scm: Likewise.
* tests/openpgp/clearsig.scm: Likewise.
* tests/openpgp/conventional-mdc.scm: Likewise.
* tests/openpgp/conventional.scm: Likewise.
* tests/openpgp/decrypt-dsa.scm: Likewise.
* tests/openpgp/decrypt.scm: Likewise.
* tests/openpgp/default-key.scm: Likewise.
* tests/openpgp/detach.scm: Likewise.
* tests/openpgp/detachm.scm: Likewise.
* tests/openpgp/ecc.scm: Likewise.
* tests/openpgp/encrypt-dsa.scm: Likewise.
* tests/openpgp/encrypt.scm: Likewise.
* tests/openpgp/encryptp.scm: Likewise.
* tests/openpgp/export.scm: Likewise.
* tests/openpgp/finish.scm: Likewise.
* tests/openpgp/genkey1024.scm: Likewise.
* tests/openpgp/gpgtar.scm: Likewise.
* tests/openpgp/gpgv-forged-keyring.scm: Likewise.
* tests/openpgp/import.scm: Likewise.
* tests/openpgp/issue2015.scm: Likewise.
* tests/openpgp/issue2417.scm: Likewise.
* tests/openpgp/issue2419.scm: Likewise.
* tests/openpgp/key-selection.scm: Likewise.
* tests/openpgp/mds.scm: Likewise.
* tests/openpgp/multisig.scm: Likewise.
* tests/openpgp/quick-key-manipulation.scm: Likewise.
* tests/openpgp/seat.scm: Likewise.
* tests/openpgp/shell.scm: Likewise.
* tests/openpgp/signencrypt-dsa.scm: Likewise.
* tests/openpgp/signencrypt.scm: Likewise.
* tests/openpgp/sigs-dsa.scm: Likewise.
* tests/openpgp/sigs.scm: Likewise.
* tests/openpgp/ssh.scm: Likewise.
* tests/openpgp/tofu.scm: Likewise.
* tests/openpgp/use-exact-key.scm: Likewise.
* tests/openpgp/verify.scm: Likewise.
* tests/openpgp/version.scm: Likewise.
* tests/openpgp/issue2346.scm: Likewise and simplify.
--

The previous Bourne Shell-based test suite created the environment
before running all tests, and tore it down after executing them.  When
we created the Scheme-based test suite, we kept this design at first,
but introduced a way to run each test in its own environment to
prevent tests from interfering with each other.  Nevertheless, every
test started out with the same environment.

Move the creation of the test environment into each test.  This gives
us finer control over the environment each test is run in.  It also
makes it possible to run each test by simply executing it using gpgscm
without the use of the runner.  Furthermore, it has the neat
side-effect of speeding up the test suite if run in parallel.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agotests: Do not allow tests to be run in a shared environment.
Justus Winter [Mon, 7 Nov 2016 13:57:51 +0000 (14:57 +0100)]
tests: Do not allow tests to be run in a shared environment.

* tests/openpgp/README: Update.
* tests/openpgp/run-tests.scm (run-tests-parallel-shared): Drop
function.
(run-tests-parallel-isolated): Rename to 'run-tests-parallel'.
(run-tests-sequential-shared): Drop function.
(run-tests-sequential-isolated): Rename to 'run-tests-sequential'.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agotests: Fix build.
Justus Winter [Mon, 7 Nov 2016 13:09:07 +0000 (14:09 +0100)]
tests: Fix build.

* tests/openpgp/Makefile.am: Drop dependency on 'mk-tdata'.

Fixes: 70215ff470c82d144e872057dfa5a478cc9195f2
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agowks: Encrypt all client mails also the target key,
Werner Koch [Mon, 7 Nov 2016 13:04:47 +0000 (14:04 +0100)]
wks: Encrypt all client mails also the target key,

* tools/gpg-wks-client.c (encrypt_response): Add arg FINGERPRINT.
(send_confirmation_response): Ditto.
(process_confirmation_request): Parse out fingerprint and pass
send_confirmation_response.
--

This is useful for debugging the protocol and to avoid surprises when
the sender tries to open a message from the Sent folder.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agotests,tools: Reimplement 'mk-tdata' in Scheme.
Justus Winter [Mon, 7 Nov 2016 11:28:07 +0000 (12:28 +0100)]
tests,tools: Reimplement 'mk-tdata' in Scheme.

* tests/openpgp/defs.scm (tools): Drop 'mk-tdata'.
* tests/openpgp/setup.scm (make-test-data): New function.
* tests/openpgp/verify.scm: Avoid 'mk-tdata'.
* tools/Makefile.am (noinst_PROGRAMS): Drop 'mk-tdata'.
* tools/mk-tdata.c: Drop file.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm,w32: Provide schemish file handling for binary files.
Justus Winter [Mon, 7 Nov 2016 12:12:01 +0000 (13:12 +0100)]
gpgscm,w32: Provide schemish file handling for binary files.

* tests/gpgscm/lib.scm (call-with-binary-input-file): New function.
(call-with-binary-output-file): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Add support for pseudo-random numbers.
Justus Winter [Mon, 7 Nov 2016 11:21:26 +0000 (12:21 +0100)]
gpgscm: Add support for pseudo-random numbers.

* tests/gpgscm/ffi.c (do_getpid): New function.
(do_srandom): Likewise.
(random_scaled): Likewise.
(do_random): Likewise.
(do_make_random_string): Likewise.
(ffi_init): Expose the new functions.
* tests/gpgscm/lib.scm: Document the new functions.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agog10: Fix crash.
Justus Winter [Mon, 7 Nov 2016 11:53:17 +0000 (12:53 +0100)]
g10: Fix crash.

* g10/getkey.c (get_best_pubkey_byname): If 'get_pubkey_byname' does
not return a getkey context, then it can return at most one key,
therefore there is nothing to rank.  Also, always initialize '*retctx'
to be on the safe side.

GnuPG-bug-id: 2828
Fixes: ab89164be02012f1bf159c971853b8610e966301
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agoChange all http://www.gnu.org in license notices to https://
Werner Koch [Sat, 5 Nov 2016 11:02:19 +0000 (12:02 +0100)]
Change all gnu.org in license notices to https://

--

22 months agoindent: Move comments inside the block.
Werner Koch [Fri, 4 Nov 2016 13:51:19 +0000 (14:51 +0100)]
indent: Move comments inside the block.

--

This fixes a few

  if (foo)
    /* A comment
       with several
       lines.  */
    {
    }

Which has the problem that the block is visually not related to the
"if" and might thus falsely be considered a standalone block.

Also adds a asterisk on the left side of longer comments.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpgscm: Fix printing strings containing zero bytes.
Justus Winter [Fri, 4 Nov 2016 12:45:30 +0000 (13:45 +0100)]
gpgscm: Fix printing strings containing zero bytes.

* tests/gpgscm/scheme.c (atom2str): Fix computing the length of Scheme
strings.  Scheme strings can contain zero bytes.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpgscm: Implement 'atexit'.
Justus Winter [Fri, 4 Nov 2016 11:08:20 +0000 (12:08 +0100)]
gpgscm: Implement 'atexit'.

* tests/gpgscm/ffi.scm (throw): Run *run-atexit-handlers* when
terminating the interpreter.
(*atexit-handlers*): New variable.
(*run-atexit-handlers*): New function.
(atexit): Likewise.
* tests/gpgscm/main.c (main): Run *run-atexit-handlers* at normal
interpreter shutdown.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agoscd: Fix length error for READKEY.
NIIBE Yutaka [Fri, 4 Nov 2016 06:34:35 +0000 (15:34 +0900)]
scd: Fix length error for READKEY.

* scd/app-openpgp.c (do_readkey): Decrement the length.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>