gnupg.git
18 months agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Mon, 20 Nov 2017 13:54:44 +0000 (14:54 +0100)]
Merge branch 'STABLE-BRANCH-2-2' into master

18 months agoPost release updates
Werner Koch [Mon, 20 Nov 2017 12:35:36 +0000 (13:35 +0100)]
Post release updates

--

18 months agoRelease 2.2.3 gnupg-2.2.3
Werner Koch [Mon, 20 Nov 2017 11:39:16 +0000 (12:39 +0100)]
Release 2.2.3

18 months agobuild: Use -Werror only for the check.
Werner Koch [Mon, 20 Nov 2017 11:32:31 +0000 (12:32 +0100)]
build: Use -Werror only for the check.

* configure.ac: Do not add -Werror to mycflags.
--

On Windows and possible also on other platforms we expect to a get a
few errors or warnins.  Thus we can't use -Werror by default.  This is
why we have a separate configure options --enable-werror ;-).

Fixes-commit: 3ecd1a41be7c880976987d13e88342c98f37e064
Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agogpg-agent: Avoid getting stuck in shutdown pending state.
Werner Koch [Mon, 13 Nov 2017 09:52:36 +0000 (10:52 +0100)]
gpg-agent: Avoid getting stuck in shutdown pending state.

* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--

I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds.  The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again.  Actually that should not
hanppen because the

          if (active_connections == 0)
            break; /* ready */

should have terminated the loop.  For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5d83eb9226c0ce608ec284d8c9bc22ce84a00c25)

18 months agoagent: Use clock or clock_gettime for calibration.
NIIBE Yutaka [Tue, 7 Nov 2017 01:49:36 +0000 (10:49 +0900)]
agent: Use clock or clock_gettime for calibration.

* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.

--

For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.

Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC;  The old code with times(3) is not 100% correct,
in terms of POSIX.  It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC.  CLOCKS_PER_SEC is specifically for clock(3).

GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 380bce13d94ff03c96e39ac1d834f382c5c730a1)

18 months agobuild: Check -Wlogical-op flag availability with -Werror.
NIIBE Yutaka [Mon, 20 Nov 2017 03:01:31 +0000 (12:01 +0900)]
build: Check -Wlogical-op flag availability with -Werror.

* configure.ac: Use -Werror.

--

Using clang, -Wlogical-op doesn't fail but generates warning.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agobuild: BSD make support for yat2m.
NIIBE Yutaka [Mon, 20 Nov 2017 02:33:26 +0000 (11:33 +0900)]
build: BSD make support for yat2m.

* configure.ac (YAT2M): Only define when found.
* doc/Makefile.am: Portability fix.

--

This is not intended to apply to master, but 2.2 branch only.  When
new libgpg-error is required, installation of yat2m can be assumed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agodirmngr: Fix double free of a hash context in the error case.
Werner Koch [Fri, 17 Nov 2017 09:34:40 +0000 (10:34 +0100)]
dirmngr: Fix double free of a hash context in the error case.

* dirmngr/crlcache.c: Clearly document that this fucntions takes
ownership of MD.
(abort_sig_check): Allow NULL for MD.
(crl_parse_insert): Immediately set MD to NULL.  Remove check for md
before a calling abort_sig_check.
--

GnuPG-bug-id: 3510
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoassuan: Fix exponential decay for first second.
Werner Koch [Wed, 15 Nov 2017 14:30:21 +0000 (15:30 +0100)]
assuan: Fix exponential decay for first second.

* common/asshelp.c (wait_for_sock): Round SECSLEFT.
* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
mode.
* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
--

Without the rounding we saw in verbose mose

 [...]to come up ... (5s)
 [...]to come up ... (4s)

immediately without the expected one second delay.  Waiting for the
next seconds did not work if nanosleep was used due to improper passed
parameters in gnupg_usleep.

Adding --debug-wait for dirmngr in daemon mode is required to test
this change.

GnuPG-bug-id: 3490
Fixes-commit: 149041b0b917f4298239fe18b5ebd5ead71584a6
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agocommon: Change log_clock to printf style.
Werner Koch [Wed, 15 Nov 2017 13:46:14 +0000 (14:46 +0100)]
common: Change log_clock to printf style.

* common/logging.c (log_clock): Use do_logv.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoi18n: Add an article to "agent" and lowercase "dirmngr" in one file.
Werner Koch [Wed, 15 Nov 2017 12:46:40 +0000 (13:46 +0100)]
i18n: Add an article to "agent" and lowercase "dirmngr" in one file.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agocommon: Tweak new code to keep already translated strings.
Werner Koch [Wed, 15 Nov 2017 12:47:48 +0000 (13:47 +0100)]
common: Tweak new code to keep already translated strings.

* common/asshelp.c (wait_for_sock): Replace NAME by WHICH and adjust
caller.  Revert to use the former strings.
--

Note that the second of these strings

  "waiting for the agent to come up ... (%ds)\n"
  "connection to agent established\n"

does not use a proper article.  This should be fixed but would
introduce a string change so that it is better done in a separate
commit.

Fixes-commit: 0471ff9d3bf8d6b9a359f3c426d70d0935066907
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoMerge T3490-proposal1 into master
Werner Koch [Wed, 15 Nov 2017 12:10:19 +0000 (13:10 +0100)]
Merge T3490-proposal1 into master

--

19 months agow32: Fix default registry path
Andre Heinecke [Wed, 15 Nov 2017 10:41:54 +0000 (11:41 +0100)]
w32: Fix default registry path

* configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash.

--
Windows does not like the leading backslash and won't read
the key.
Problem reported in the Gpg4win Message boards.

This bug was introduced by rev. 75ba215e

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
19 months agogpg: Repurpose the ISO defined DO "sex" to "salutation".
Werner Koch [Wed, 15 Nov 2017 10:34:30 +0000 (11:34 +0100)]
gpg: Repurpose the ISO defined DO "sex" to "salutation".

* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--

Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoMerge branch 'STABLE-BRANCH-2-2'
Werner Koch [Wed, 15 Nov 2017 10:01:10 +0000 (11:01 +0100)]
Merge branch 'STABLE-BRANCH-2-2'

--
Kept our AUTHORS and README

19 months agodoc: Add man page for gpgtar
Werner Koch [Wed, 15 Nov 2017 09:17:17 +0000 (10:17 +0100)]
doc: Add man page for gpgtar

--

This also removes the documentation for gpg-zip which is not
distributed anymore.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpgtar: Prefer --set-filename over implicit name
Andre Heinecke [Wed, 15 Nov 2017 08:54:05 +0000 (09:54 +0100)]
gpgtar: Prefer --set-filename over implicit name

* tools/gpgtar-extract.c: Prefer opt.filename over filename
for the directory prefix.

--
If you would extract from stdin (filename -) and use set-filename
to provide a real filename the "-" would be used for the directory
name. With this change an explicit filename is prefered.

GnuPG-Bug-Id: T3500
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
19 months agodoc: fix NEWSIG documentation
Will Thompson [Tue, 14 Nov 2017 15:34:34 +0000 (15:34 +0000)]
doc: fix NEWSIG documentation

--
08c82b1 introduced one optional argument for this status message. Due to
an apparent editing error, the sentence fragment "arguments are
currently defined." was left in the documentation.

Signed-off-by: Will Thompson <wjt@endlessm.com>
19 months agodoc: expand documentation of PROGRESS message
Will Thompson [Tue, 14 Nov 2017 15:30:34 +0000 (15:30 +0000)]
doc: expand documentation of PROGRESS message

--
This answers two questions that I was only able to answer by examining
each site where PROGRESS messages are emitted, and fixes a typo.

Signed-off-by: Will Thompson <wjt@endlessm.com>
19 months agogpg: Print AKL info only in verbose mode.
Werner Koch [Wed, 15 Nov 2017 07:47:32 +0000 (08:47 +0100)]
gpg: Print AKL info only in verbose mode.

* g10/getkey.c (get_pubkey_byname): Print info only in verbose mode.
--

GnuPG-bug-id: 3504
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agodirmngr: Check for WKD support at session end
Werner Koch [Tue, 14 Nov 2017 15:24:12 +0000 (16:24 +0100)]
dirmngr: Check for WKD support at session end

* dirmngr/domaininfo.c (insert_or_update): Copy the name.
* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
* dirmngr/server.c (set_error): Protect CTX.
(dirmngr_status): Protect against missing ASSUAN_CTX.
(dirmngr_status_help): Ditto.
(dirmngr_status_printf): Ditto.
(cmd_wkd_get): Factor code out to ...
(proc_wkd_get): new func.  Support silent operation with no CTX.
(task_check_wkd_support): New.
--

This finalizes the feature to efficiently cache WKD checks.  If a
standard WKD query returns no data, we queue a test to be run after
the end of the session (so that we do not delay the calling client).
This check tests whether the server responsible for the queried
address has WKD at all enabled.  The test is done by checking whether
the "policy" file exists.  We do not check the "submission-address"
file because that is not necessary for the web key operation.  The
policy file is now required.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agodirmngr: Add a background task framework.
Werner Koch [Tue, 14 Nov 2017 12:42:18 +0000 (13:42 +0100)]
dirmngr: Add a background task framework.

* dirmngr/workqueue.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
* dirmngr/server.c (server_local_s): New field session_id.
(cmd_wkd_get): Add a task.
(task_check_wkd_support): New stub function.
(cmd_getinfo): New sub-commands "session_id" and "workqueue".
(start_command_handler): Add arg session_id and store it in
SERVER_LOCAL.
(dirmngr_status_helpf): New.
* dirmngr/dirmngr.h (wqtask_t): New type.
* dirmngr/dirmngr.c (main): Pass 0 as session_id to
start_command_handler.
(start_connection_thread): Introduce a session_id and pass it to
start_command_handler.  Run post session tasks.
(housekeeping_thread): Run global workqueue tasks.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agosm, w32: Fix initial keybox creation
Andre Heinecke [Tue, 14 Nov 2017 11:24:52 +0000 (12:24 +0100)]
sm, w32: Fix initial keybox creation

* sm/keydb.c (maybe_create_keybox): Open new keybox in bin mode.

--
As the header contains a timestamp we will have the conversion
problems if the keybox is not opened in binary mode.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
19 months agodirmngr: Limit the number of cached domains for WKD.
Werner Koch [Tue, 14 Nov 2017 07:37:27 +0000 (08:37 +0100)]
dirmngr: Limit the number of cached domains for WKD.

* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
(insert_or_update): Limit the length of a bucket chain.
(domaininfo_print_stats): Print just one summary line.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agodirmngr: Keep track of domains used for WKD queries
Werner Koch [Mon, 13 Nov 2017 15:09:32 +0000 (16:09 +0100)]
dirmngr: Keep track of domains used for WKD queries

* dirmngr/domaininfo.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
known and tell domaininfo about the results.
--

This adds a registry for domain information to eventually avoid
useless queries for domains which do not support WKD.  The missing
part is a background task to check whether a queried domain supports
WKD at all and to expire old entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg-agent: Avoid getting stuck in shutdown pending state.
Werner Koch [Mon, 13 Nov 2017 09:52:36 +0000 (10:52 +0100)]
gpg-agent: Avoid getting stuck in shutdown pending state.

* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--

I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds.  The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again.  Actually that should not
hanppen because the

          if (active_connections == 0)
            break; /* ready */

should have terminated the loop.  For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agotests: Handle the case with DISABLE_REGEX.
NIIBE Yutaka [Mon, 13 Nov 2017 09:50:30 +0000 (18:50 +0900)]
tests: Handle the case with DISABLE_REGEX.

* tests/openpgp/Makefile.am [DISABLE_REGEX] (EXTRA_DIST, XTESTS):
  Conditionalize.
* tests/openpgp/all-tests.scm (all-tests): Input file is Makefile.

--

The feature is only valid with !DISABLE_REGEX.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agotests: Run the trust-pgp-4 test again.
Damien Goutte-Gattat [Fri, 10 Nov 2017 10:38:32 +0000 (10:38 +0000)]
tests: Run the trust-pgp-4 test again.

* tests/openpgp/Makefile.am (XTESTS): Add trust-pgp-4.scm.
(EXTRA_DIST): Remove the test file from EXTRA_DIST.
--

Now that issue 2923 is fixed, the trust-pgp-4 test passes as
expected and we can enable it again. That should help prevent
a future regression on this issue.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
19 months agopo/da: Fix Danish confusion between "compressed" and "compromised"
Daniel Kahn Gillmor [Sat, 11 Nov 2017 10:42:06 +0000 (18:42 +0800)]
po/da: Fix Danish confusion between "compressed" and "compromised"

--
In https://bugs.debian.org/881393 , Jonas Smedegaard reports:

> In option number 1, the word "komprimeret" means "compressed".
>
> I am pretty sure it should say "kompromitteret" instead, which means
> "compromised".

Debian-Bug-Id: 881393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
19 months agopo/da: Fix Danish confusion between "compressed" and "compromised"
Daniel Kahn Gillmor [Sat, 11 Nov 2017 10:42:06 +0000 (18:42 +0800)]
po/da: Fix Danish confusion between "compressed" and "compromised"

--
In https://bugs.debian.org/881393 , Jonas Smedegaard reports:

> In option number 1, the word "komprimeret" means "compressed".
>
> I am pretty sure it should say "kompromitteret" instead, which means
> "compromised".

Debian-Bug-Id: 881393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
19 months agog10: Fix regexp sanitization.
NIIBE Yutaka [Thu, 9 Nov 2017 05:03:22 +0000 (14:03 +0900)]
g10: Fix regexp sanitization.

* g10/trustdb.c (sanitize_regexp): Only escape operators.

--

To sanitize a regular expression, quoting by backslash should be only
done for defined characters.  POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library.  Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agoassuan: Use exponential decay for first 1s of spinlock.
Daniel Kahn Gillmor [Wed, 8 Nov 2017 15:26:40 +0000 (16:26 +0100)]
assuan: Use exponential decay for first 1s of spinlock.

* common/asshelp.c (wait_for_sock): instead of checking the socket
every second, we check 10 times in the first second (with exponential
decay).
--

This cuts the wall clock time for the standard test suite roughly by
half.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
19 months agoassuan: Reorganize waiting for socket.
Daniel Kahn Gillmor [Wed, 8 Nov 2017 15:15:30 +0000 (16:15 +0100)]
assuan: Reorganize waiting for socket.

* common/asshelp.c (wait_for_sock): New function, collecting
codepaths from...
(start_new_gpg_agent) here and...
(start_new_dirmngr) here.
--

This has no functional change, but makes it easier to make this
function more efficient.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
19 months agodoc: Include NEWS from the 2.2.2 release
Werner Koch [Tue, 7 Nov 2017 10:20:00 +0000 (11:20 +0100)]
doc: Include NEWS from the 2.2.2 release

--

19 months agoPost release updates.
Werner Koch [Tue, 7 Nov 2017 10:04:44 +0000 (11:04 +0100)]
Post release updates.

--

19 months agoRelease 2.2.2 gnupg-2.2.2
Werner Koch [Tue, 7 Nov 2017 09:23:01 +0000 (10:23 +0100)]
Release 2.2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agodirmngr: Reduce default LDAP timeout to 15 seconds.
Werner Koch [Tue, 7 Nov 2017 09:02:53 +0000 (10:02 +0100)]
dirmngr: Reduce default LDAP timeout to 15 seconds.

* dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
* dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f)
GnuPG-bug-id: 3487

19 months agodirmngr: Reduce default LDAP timeout to 15 seconds.
Werner Koch [Tue, 7 Nov 2017 09:02:53 +0000 (10:02 +0100)]
dirmngr: Reduce default LDAP timeout to 15 seconds.

* dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
* dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agospeedo: Include software versions in the W32 README
Werner Koch [Tue, 7 Nov 2017 08:21:10 +0000 (09:21 +0100)]
speedo: Include software versions in the W32 README

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407)

19 months agopo: Update Russian translation
Ineiev [Tue, 7 Nov 2017 08:28:04 +0000 (09:28 +0100)]
po: Update Russian translation

19 months agospeedo: Include software versions in the W32 README
Werner Koch [Tue, 7 Nov 2017 08:21:10 +0000 (09:21 +0100)]
speedo: Include software versions in the W32 README

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agopo: Update Japanese translation
NIIBE Yutaka [Tue, 7 Nov 2017 02:16:02 +0000 (11:16 +0900)]
po: Update Japanese translation

19 months agoagent: Use clock or clock_gettime for calibration.
NIIBE Yutaka [Tue, 7 Nov 2017 01:49:36 +0000 (10:49 +0900)]
agent: Use clock or clock_gettime for calibration.

* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.

--

For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.

Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC;  The old code with times(3) is not 100% correct,
in terms of POSIX.  It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC.  CLOCKS_PER_SEC is specifically for clock(3).

GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agotests: Minor imporvement in agent invocation
Werner Koch [Mon, 6 Nov 2017 15:49:07 +0000 (16:49 +0100)]
tests: Minor imporvement in agent invocation

* tests/openpgp/defs.scm (create-gpghome): Add s2k-count.
--

My tests show only 2.5% improvement, but as we have that option now
let's use it.

real    9m12.604s
user    2m20.720s
sys     0m11.452s

real    8m3.815s
user    2m16.700s
sys     0m11.544s

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoagent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
Werner Koch [Mon, 6 Nov 2017 13:20:03 +0000 (14:20 +0100)]
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".

* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)

19 months agoagent: New option --s2k-count.
Werner Koch [Mon, 6 Nov 2017 12:57:30 +0000 (13:57 +0100)]
agent: New option --s2k-count.

* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--

This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e)

19 months agoagent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
Werner Koch [Mon, 6 Nov 2017 13:20:03 +0000 (14:20 +0100)]
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".

* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoagent: New option --s2k-count.
Werner Koch [Mon, 6 Nov 2017 12:57:30 +0000 (13:57 +0100)]
agent: New option --s2k-count.

* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--

This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agog10: Unattended key generation "Key-Grip" and "Subkey-Grip".
NIIBE Yutaka [Wed, 1 Nov 2017 01:19:35 +0000 (10:19 +0900)]
g10: Unattended key generation "Key-Grip" and "Subkey-Grip".

* g10/keygen.c (pSUBKEYGRIP): New.
(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
(do_generate_keypair): Support pSUBKEYGRIP.

--

In the manual, it says "Key-Grip".  gpgsm also supports "Key-Grip".
Adding "Subkey-Grip" now, adding "Key-Grip" makes sense.

GnuPG-bug-id: 3478
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 6c63a04569c07c9c2817c7c530a92ccfa58155cc)

19 months agog10: Simplify "factory-reset" procedure.
NIIBE Yutaka [Mon, 30 Oct 2017 02:59:11 +0000 (11:59 +0900)]
g10: Simplify "factory-reset" procedure.

* g10/card-util.c (factory_reset): Simplify.

--

In this summer, I got report about old code before this change didn't
work with newer Yubikey.  I got another report test version of OpenPGP
card V3.3 implementation didn't work, either.  Then, I confirmed that
according to the OpenPGP card specification, the procedure of old code
is not expected by its author.

This change simplify "factory-reset" as simple.

Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this
change.  That's because the factory-reset feature of Gnuk was
introduced by reading the implementation of GnuPG, instead of reading
the specification.  Gnuk 1.2.5 and later works well.  All OpenPGPcard
implementations I have work well (2.0, 2.1, 2.2, test version of 3).

GnuPG-bug-id: 3286
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d63b7966cdd72548c60466c620de5cd6104a779e)

19 months agopo: Update Russian translation
Ineiev [Tue, 31 Oct 2017 11:22:51 +0000 (14:22 +0300)]
po: Update Russian translation

19 months agopo: Fixed one string wrongly marked as fuzzy.
Werner Koch [Thu, 2 Nov 2017 16:43:21 +0000 (17:43 +0100)]
po: Fixed one string wrongly marked as fuzzy.

--

These seems to a a small gettext bug which claimed that
 "NOTE: There is no guarantee that the card supports[...]"
was changed.  Also committed changes due to msgmerge.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agopo: Update German translation
Werner Koch [Thu, 2 Nov 2017 16:38:02 +0000 (17:38 +0100)]
po: Update German translation

--

19 months agogpg: Introduce magic value 25519 to switch a card to ECC.
Werner Koch [Thu, 2 Nov 2017 16:11:03 +0000 (17:11 +0100)]
gpg: Introduce magic value 25519 to switch a card to ECC.

* g10/card-util.c (ask_card_keyattr): Handle special value 25519.
(do_change_keyattr): Allow changing to cv25519/ed25519.
(generate_card_keys): Ditto.
(card_generate_subkey): Ditto.
--

This is kludge to make it easier for gnuk to be switched into ECC
mode.  This is basically the same change as
commit ea09b6cded9d31a8ebd91878553c3eaa2b76e817
but without the string change in show_keysize_warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Rename two card related functions in card-util.
Werner Koch [Fri, 27 Oct 2017 12:44:53 +0000 (14:44 +0200)]
gpg: Rename two card related functions in card-util.

* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
(do_change_rsa_keysize): Rename to do_change_keyattr.
--

We want to support other algos than RSA and thus we need a better name
for the functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f795f4529d8ab5a05db1cc1960abd34390bfae1b)

19 months agogpg: Unifiy the message for re-configuring cards.
Werner Koch [Thu, 2 Nov 2017 16:20:13 +0000 (17:20 +0100)]
gpg: Unifiy the message for re-configuring cards.

* g10/card-util.c (ask_card_keyattr): Print "rsaNNNN".
--

This is a separate patch from the previous to avoid string changes
when backporting the other patch to 2.2.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Introduce magic value 25519 to switch a card to ECC.
Werner Koch [Thu, 2 Nov 2017 16:11:03 +0000 (17:11 +0100)]
gpg: Introduce magic value 25519 to switch a card to ECC.

* g10/card-util.c (show_keysize_warning): Slightly change the text.
(ask_card_keyattr): Handle special value 25519.
(do_change_keyattr): Allow changing to cv25519/ed25519.
(generate_card_keys): Ditto.
(card_generate_subkey): Ditto.
--

This is kludge to make it easier for gnuk to be switched into ECC
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoagent: Fix returning GPG_ERR_NOT_FOUND wrongly.
NIIBE Yutaka [Thu, 2 Nov 2017 07:23:10 +0000 (16:23 +0900)]
agent: Fix returning GPG_ERR_NOT_FOUND wrongly.

* agent/learncard.c (agent_handle_learn): Find SERIALNO.

--

Bug is: "gpg-connect-agent learn /bye" just fails wrongly.

Fixes-commit: 8c8ce8711d9c938fcb982b0341e6b052742cb887
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 5e96fe72e477d09e35ccee48af0fd9ab2b3ae409)

19 months agobuild: Remove configure options --disable-gpg
Werner Koch [Thu, 2 Nov 2017 15:51:37 +0000 (16:51 +0100)]
build: Remove configure options --disable-gpg

--

gpg is used by several other components as well as from the test
suite.  We need it.

GnuPG-bug-id: 3479
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoagent: Fix returning GPG_ERR_NOT_FOUND wrongly.
NIIBE Yutaka [Thu, 2 Nov 2017 07:23:10 +0000 (16:23 +0900)]
agent: Fix returning GPG_ERR_NOT_FOUND wrongly.

* agent/learncard.c (agent_handle_learn): Find SERIALNO.

--

Bug is: "gpg-connect-agent learn /bye" just fails wrongly.

Fixes-commit: 8c8ce8711d9c938fcb982b0341e6b052742cb887
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agocommon: Accept the Z-suffix for yymmddThhmmssZ format.
NIIBE Yutaka [Tue, 19 Sep 2017 07:09:05 +0000 (16:09 +0900)]
common: Accept the Z-suffix for yymmddThhmmssZ format.

* common/gettime.c (isotime_p): Accept the Z suffix.

--

The intention is use for human interface.

GnuPG-bug-id: 3278
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit ba8afc4966cca1f6aaf9b2a9bfc3220782306c2b)

19 months agoRegister another OpenPGP card vendor.
Werner Koch [Wed, 1 Nov 2017 17:17:44 +0000 (18:17 +0100)]
Register another OpenPGP card vendor.

--

19 months agogpg: Remove trailing comma in an enum.
Werner Koch [Wed, 1 Nov 2017 17:14:26 +0000 (18:14 +0100)]
gpg: Remove trailing comma in an enum.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Rename two card related functions in card-util.
Werner Koch [Fri, 27 Oct 2017 12:44:53 +0000 (14:44 +0200)]
gpg: Rename two card related functions in card-util.

* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
(do_change_rsa_keysize): Rename to do_change_keyattr.
--

We want to support other algos than RSA and thus we need a better name
for the functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agog10: Unattended key generation "Key-Grip" and "Subkey-Grip".
NIIBE Yutaka [Wed, 1 Nov 2017 01:19:35 +0000 (10:19 +0900)]
g10: Unattended key generation "Key-Grip" and "Subkey-Grip".

* g10/keygen.c (pSUBKEYGRIP): New.
(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
(do_generate_keypair): Support pSUBKEYGRIP.

--

In the manual, it says "Key-Grip".  gpgsm also supports "Key-Grip".
Adding "Subkey-Grip" now, adding "Key-Grip" makes sense.

GnuPG-bug-id: 3478
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agog10: Simplify "factory-reset" procedure.
NIIBE Yutaka [Mon, 30 Oct 2017 02:59:11 +0000 (11:59 +0900)]
g10: Simplify "factory-reset" procedure.

* g10/card-util.c (factory_reset): Simplify.

--

In this summer, I got report about old code before this change didn't
work with newer Yubikey.  I got another report test version of OpenPGP
card V3.3 implementation didn't work, either.  Then, I confirmed that
according to the OpenPGP card specification, the procedure of old code
is not expected by its author.

This change simplify "factory-reset" as simple.

Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this
change.  That's because the factory-reset feature of Gnuk was
introduced by reading the implementation of GnuPG, instead of reading
the specification.  Gnuk 1.2.5 and later works well.  All OpenPGPcard
implementations I have work well (2.0, 2.1, 2.2, test version of 3).

GnuPG-bug-id: 3286
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agoagent: Clean up pinentry access locking.
NIIBE Yutaka [Fri, 27 Oct 2017 00:54:48 +0000 (09:54 +0900)]
agent: Clean up pinentry access locking.

* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit fb7828676cc2c01047498898378711e049f73fee)

19 months agoagent: Allow recursive use of pinentry.
NIIBE Yutaka [Thu, 26 Oct 2017 05:40:38 +0000 (14:40 +0900)]
agent: Allow recursive use of pinentry.

* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 3b66a256e3760e88066ca11b7b49d924e42aa46b)

19 months agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Fri, 27 Oct 2017 11:56:15 +0000 (13:56 +0200)]
Merge branch 'STABLE-BRANCH-2-2' into master

--
Resolved Conflicts:
configure.ac - Adjust due to new log_clock otions

19 months agoagent: Clean up pinentry access locking.
NIIBE Yutaka [Fri, 27 Oct 2017 00:54:48 +0000 (09:54 +0900)]
agent: Clean up pinentry access locking.

* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agoagent: Allow recursive use of pinentry.
NIIBE Yutaka [Thu, 26 Oct 2017 05:40:38 +0000 (14:40 +0900)]
agent: Allow recursive use of pinentry.

* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agoagent, tests: Support --disable-scdaemon build case.
NIIBE Yutaka [Thu, 26 Oct 2017 02:24:39 +0000 (11:24 +0900)]
agent, tests: Support --disable-scdaemon build case.

* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agoFix comment of configure.
NIIBE Yutaka [Thu, 26 Oct 2017 02:19:45 +0000 (11:19 +0900)]
Fix comment of configure.

* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agoagent, tests: Support --disable-scdaemon build case.
NIIBE Yutaka [Thu, 26 Oct 2017 02:24:39 +0000 (11:24 +0900)]
agent, tests: Support --disable-scdaemon build case.

* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agoFix comment of configure.
NIIBE Yutaka [Thu, 26 Oct 2017 02:19:45 +0000 (11:19 +0900)]
Fix comment of configure.

* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agogpg: Avoid superfluous sig check info during import.
Werner Koch [Tue, 24 Oct 2017 19:11:38 +0000 (21:11 +0200)]
gpg: Avoid superfluous sig check info during import.

* g10/key-check.c (print_info): New.
(key_check_all_keysigs): Print sig checking results only in debug
mode.  Prettify the stats info and suppress them in quiet mode.

--

This also makes usable stats by prefixing them with the key and the
program name.

GnuPG-bug-id: 3397
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agobuild: New configure option --enable-werror
Werner Koch [Tue, 24 Oct 2017 16:42:37 +0000 (18:42 +0200)]
build: New configure option --enable-werror

* configure.ac: Implement that option.
--

This can be used as a workaround in case of bogus autoconf tests.

GnuPG-bug-id: 2423
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agobuild: Do not mess with CFLAGS in configure.
Werner Koch [Tue, 24 Oct 2017 16:34:28 +0000 (18:34 +0200)]
build: Do not mess with CFLAGS in configure.

* configure.ac: Do not mess with the user provided CFLAGS.
--

A problem was claimed with some configure tests if the user provided
CFLAGS=-Werror.  The commit introducing this

Fixes-commit: 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8

does not mention a concrete case.  Anyway, messing with CFLAGS is a
bad idea because configure tests will then test something different
than what is used later (cf. autoconf manual).  Tests which depend on
the whether -Werror is used needsto be fixed.

Note that in certain cases we modify CFLAGS.  This is only done for
some configure options or if the platform requires the use of special
compiler flags (e.g. on HP/UX).

GnuPG-bug-id: 2423

19 months agosm: Do not expect X.509 keyids to be unique
Rainer Perske [Tue, 24 Oct 2017 15:29:04 +0000 (17:29 +0200)]
sm: Do not expect X.509 keyids to be unique

* sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
* sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
(run_command_inq_cb): Ditto.
* sm/gpgsm.c (main): Pass false.
* sm/server.c (cmd_passwd): Pass false.

--

As described in my report T1644, it is possible that multiple
certificates exist with the same Distinguished Name and the same key.
In this case, verifying S/MIME signatures and other actions fail with
"certificate not found: Ambiguous name". For details see the bug
report.

To circumvent the problem, I am patching GnuPG since 2014 so that in
this case the newest of the ambiguous certificates is used.

This is not an ultimate solution of the problem: You should try every
certificate with the same DN until verification succeeds or until all
certificates fail, and if multiple certificates of a chain are
ambiguous you even have to check every combination. You may even
consider checking the keyUsage attributes of the ambiguous certificates
to reduce the number of combinations.

But in the existing case of the certificates in the German Research
Network (DFN) PKI where the newest one is the valid one and all
ambiguous certificates have the same keyUsage attributes, this patch
has proven to be sufficient over the last three years.

With every GnuPG update, I have adapted the patch, luckily I never
needed to change anything except line numbers.

GnuPG-bug-id: 1644

ChangeLog log written by wk, comment taken from mail.  Signed-off line
was missing in the plain diff.  However the mail with the patch and
the DCO posted as reply to that mail were both signed.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoRegister DCO for Rainer Perske
Werner Koch [Tue, 24 Oct 2017 15:14:56 +0000 (17:14 +0200)]
Register DCO for Rainer Perske

--

19 months agogpgconf: Ignore non-installed components with --apply-profile.
Werner Koch [Tue, 24 Oct 2017 10:01:07 +0000 (12:01 +0200)]
gpgconf: Ignore non-installed components with --apply-profile.

* tools/gpgconf-comp.c (retrieve_options_from_program): Add arg
only_installed.
(gc_component_retrieve_options): Use this if we want to process all
components.
--

Note that this also also ignores them in --with-defaults.  This is
useful for systems which come without scdaemon.

GnuPG-bug-id: 3313
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Improve the "secret key available" notice in keyedit.c
Werner Koch [Tue, 24 Oct 2017 08:56:13 +0000 (10:56 +0200)]
gpg: Improve the "secret key available" notice in keyedit.c

* g10/keyedit.c (KEYEDIT_NEED_SUBSK): New.
(cmds): Add this flag to keytocard, bkuptocard, expire, and passwd.
(keyedit_menu): Check whether only subkeys are available and take care
of that in the command check and in the HELP listing.  Also print a
different notice if only subkeys are available.
--

Print "Secret key is available" and the bailing out in all commands
which require the _primary_ secret key was surprising.  Now we print
another notice and adjust the checks.

GnuPG-bug-id: 3463
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Remove unused flags from keyedit.c.
Werner Koch [Tue, 24 Oct 2017 07:31:49 +0000 (09:31 +0200)]
gpg: Remove unused flags from keyedit.c.

* g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove.
(cmds): Remove them.
--

These flags were cruft from the time we had to switch between secret
and public key view.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agodoc: Fix "SEE ALSO" section of gpgv.
Werner Koch [Fri, 20 Oct 2017 06:56:39 +0000 (08:56 +0200)]
doc: Fix "SEE ALSO" section of gpgv.

--

19 months agogpg: Fix creating on-disk subkey with on-card primary key.
Werner Koch [Thu, 19 Oct 2017 16:10:37 +0000 (18:10 +0200)]
gpg: Fix creating on-disk subkey with on-card primary key.

* g10/keygen.c (generate_subkeypair): Ignore error code issued for
trying to verify a card based key.
--

We try to verify the primary key and thus seed the passphrase cache
before generating the subkey.  However, the verification does not yet
work for on-card keys and thus the PASSWD --verify send to the agent
returns an error.  This patch detects this error and continues without
a seeded passphrase cache.  After all that pre-seeding is just a
convenience.

GnuPG-bug-id: 3280
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Print sec/sbb with --import-option import-show or show-only.
Werner Koch [Thu, 19 Oct 2017 15:12:36 +0000 (17:12 +0200)]
gpg: Print sec/sbb with --import-option import-show or show-only.

* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--

Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported.  If the secret key
already exists locally another suffix might be printed.  The upshot is
that the suffix has no usefulness.

GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Make --dry-run and show-only work for secret keys.
Werner Koch [Thu, 19 Oct 2017 15:05:39 +0000 (17:05 +0200)]
gpg: Make --dry-run and show-only work for secret keys.

* g10/import.c (import_secret_one): Check for dry-run before
transferring keys.
--

The use of --dry-run or --import-option show-only had no effect when
importing a secret key and the public key already existed.  If the
public key did not exist an error message inhibited the import of the
secret key.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agodirmngr: Do not follow https-to-http redirects.
Damien Goutte-Gattat [Sun, 8 Oct 2017 16:30:52 +0000 (17:30 +0100)]
dirmngr: Do not follow https-to-http redirects.

* dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from
a https URI to a http URI.
--

GnuPG-bug-id: 3436
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
19 months agog10: Fix find_and_check_key for multiple keyrings.
NIIBE Yutaka [Thu, 19 Oct 2017 02:08:24 +0000 (11:08 +0900)]
g10: Fix find_and_check_key for multiple keyrings.

* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.

--

When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring.  Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.

Thanks to Guido Günther for the use case and the log.

Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agogpg: Keep a lock during the read-update/insert cycle in import.
Werner Koch [Wed, 18 Oct 2017 16:28:52 +0000 (18:28 +0200)]
gpg: Keep a lock during the read-update/insert cycle in import.

* g10/keydb.c (keydb_handle): New field 'keep_lock'.
(keydb_release): Clear that flag.
(keydb_lock): New function.
(unlock_all): Skip if KEEP_LOCK is set.
* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
requested.
--

That change is straightforward.  It helps to avoid the race condition
that another gpg process inserts a key while the first process is
between the search and the insert.

A similar change is due for gpgsm.

Note that the key edit operations may still suffer from a race.

GnuPG-bug-id: 3446

19 months agogpg: Improve keydb handling in the main import function.
Werner Koch [Wed, 18 Oct 2017 15:52:41 +0000 (17:52 +0200)]
gpg: Improve keydb handling in the main import function.

* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
(get_keyblock_byfprint_fast): .. new function.
* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
handle.  Remove the now surplus keyblock fetch in the merge branch.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Simplify keydb handling of the main import function.
Werner Koch [Wed, 18 Oct 2017 11:09:47 +0000 (13:09 +0200)]
gpg: Simplify keydb handling of the main import function.

* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int.  Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto.  Use a single keydb_new and simplify the use of
of keydb_release.
--

Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use.  Note that we also
disable the keydb caching for the insert case.

The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agosm: Fix colon listing of fields > 12 in crt records.
Werner Koch [Tue, 17 Oct 2017 18:56:55 +0000 (20:56 +0200)]
sm: Fix colon listing of fields > 12 in crt records.

* sm/keylist.c (print_capabilities): Move colon printing ...
(list_cert_colon): to here.
--

Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoagent: Send pinentry the uid of connecting process where possible.
Daniel Kahn Gillmor [Sun, 5 Feb 2017 07:12:25 +0000 (02:12 -0500)]
agent: Send pinentry the uid of connecting process where possible.

* agent/agent.h (server_control_s): Add field 'client_uid'.
* agent/call-pinentry.c (start_pinentry): Add uid field to assuan
option "owner" sent to pinentry.
* agent/command-ssh.c (peer_info_s): New static struct.
(get_client_pid): Rename to...
(get_client_info): Here, and extract uid in addition to pid.
(start_command_handler_ssh): Use get_client_info() instead of
get_client_pid().
* agent/command.c (start_command_handler): Try assuan_get_peercred,
and only fall back to assuan_get_pid when assuan_get_peercred fails.

--

This also requires an update to pinentry to handle the new uid field.
Distributing the uid as well as the pid makes it harder for a
different user on the same machine to take advantage of any race
conditions between when a requesting process might ask for something
that needs pinentry, and when pinentry gets around to inspecting the
state of that process.

We put the uid before the nodename because the uid is guaranteed to be
a integer (represented in decimal), which makes it much simpler to
parse past than the potentially arbitrarily structured nodename.

Use a / instead of whitespace to delimit pid/uid at Werner's request.

If we were willing to depend on the nodename being
whitespace-delimited (as the current, unreleased pinentry code does),
then we could add the uid after the nodename.  But since no released
pinentry depends on this option anyway, i think we should make the
more conservative, easily-parseable choice and put the user ID first.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
19 months agog10: Fix find_and_check_key for multiple keyrings.
NIIBE Yutaka [Thu, 19 Oct 2017 02:08:24 +0000 (11:08 +0900)]
g10: Fix find_and_check_key for multiple keyrings.

* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.

--

When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring.  Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.

Thanks to Guido Günther for the use case and the log.

Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
20 months agogpg: Keep a lock during the read-update/insert cycle in import.
Werner Koch [Wed, 18 Oct 2017 16:28:52 +0000 (18:28 +0200)]
gpg: Keep a lock during the read-update/insert cycle in import.

* g10/keydb.c (keydb_handle): New field 'keep_lock'.
(keydb_release): Clear that flag.
(keydb_lock): New function.
(unlock_all): Skip if KEEP_LOCK is set.
* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
requested.
--

That change is straightforward.  It helps to avoid the race condition
that another gpg process inserts a key while the first process is
between the search and the insert.

A similar change is due for gpgsm.

Note that the key edit operations may still suffer from a race.

GnuPG-bug-id: 3446

20 months agogpg: Improve keydb handling in the main import function.
Werner Koch [Wed, 18 Oct 2017 15:52:41 +0000 (17:52 +0200)]
gpg: Improve keydb handling in the main import function.

* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
(get_keyblock_byfprint_fast): .. new function.
* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
handle.  Remove the now surplus keyblock fetch in the merge branch.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agogpg: Simplify keydb handling of the main import function.
Werner Koch [Wed, 18 Oct 2017 11:09:47 +0000 (13:09 +0200)]
gpg: Simplify keydb handling of the main import function.

* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int.  Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto.  Use a single keydb_new and simplify the use of
of keydb_release.
--

Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use.  Note that we also
disable the keydb caching for the insert case.

The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.

Signed-off-by: Werner Koch <wk@gnupg.org>